#ubuntu-server 2006-01-23
<jjesse> good morning i have downloaded the latest daily and when i try to install it i get "invalid release file: no entry for main/binary-i386 packages" during install
<tepsipakki> what the heck happened to cdimages.ubuntu.com?
<tepsipakki> duh, meant that for #u-d
<jjesse> is there a reason that an apt-get update of a dapper box breaks mysql-server
#ubuntu-server 2006-01-24
* #ubuntu-server  [freenode-info]  if you need to send private messages, please register: http://freenode.net/faq.shtml#privmsg
<ubijtsa> *yawn*
<allee> hi, 1) what's the fstype one needs to loopmount initrd image?  cramfs does not work anymore?
<allee> 2) to add mptsas and depent modules to initrd.  Is it enough to add mptsas to /etc/modules and dpkg-reconfigure linux-image-x.y...
<allee> +?
<allee> background: sun galaxy X4100 install fine but doesn't find it's root disk on reboot  (dapper server AMD64 CDROM from today)
#ubuntu-server 2006-01-25
<spike> 'morning
<ubijtsa2> lo folks
<spike> hey ubijtsa2 , how u doin?
<spike> I just installed my first apache2, used apache1.3 so far, and I'm a bit, umh, perplexed about default config
<spike> based on http://httpd.apache.org/docs/2.0/mod/core.html.en#allowoverride, default is AllowOverride All
<spike> and apache2.conf has no AllowOverride directive but for icons/errors and public_html Directory statements
<spike> wouldnt it be safer to define a global AllowOverride None?
<spike> same goes for "Options" directive. default is All and I cant see anything about it, and would consider only "Indexes" a saner default
<spike> is there a place to send this comments? ubuntu-devel? or is this just server related? wiki?
<spike> oh, np, it's in default vhost...
<ghe> hi everyone
<Pygi> hello ghe
<Pygi> and welcome
<spike> bah, I dont really like the default solution, tho
<spike> eer, wrong win
<Pygi> :)
<spike> well, not that wrong, tho, it's about apache2 default
<spike> I was complaining about default Options/AllowOverride, then found out they're placed in the default vhost. so the settings are done, but imho that's not very clean
<spike> a Directory statement for / containing allowoverride none and options none should be place in apache2.conf, not in the default vhost
<Pygi> wb spikey
<spike> where do u guys deploy rcs repositories?
<spike>  /var/lib/rcs-app ?
<juliux> i has somebody a howto how to install qmail on ubuntu-server?
#ubuntu-server 2006-01-26
* lamont reads scrollback, notes that qmail has never successfully built on ubuntu.
<lamont> such a pity.
<lamont> or not.
#ubuntu-server 2006-01-27
<hazmat> i have a server that seems to be flaking out an update...
<hazmat> it was giving this error message W: Couldn't stat source package list http://archive.ubuntu.com breezy/main Packages (/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_breezy_main_binary-i386_Packages) - stat (2 No such file or directory)
<hazmat> i've copied over that file from another server which operates fine.. however now apt-get update .. returns Get:4 http://archive.ubuntu.com breezy/main Packages [769kB] 
<hazmat> 99% [4 Packages gzip 0] 
<hazmat> gzip: stdin: not in gzip format
<hazmat> Err http://archive.ubuntu.com breezy/main Packages
<hazmat>   Sub-process gzip returned an error code (1)
<hazmat> Fetched 4B in 1s (4B/s)
<hazmat> Failed to fetch http://archive.ubuntu.com/ubuntu/dists/breezy/main/binary-i386/Packages.gz  Sub-process gzip returned an error code (1)
<hazmat> Reading package lists... Done
<hazmat> E: Some index files failed to download, they have been ignored, or old ones used instead.
<hazmat> never mind.. removing main from the sources.list, running apt-update.. and then adding it back in.. seems to have fixed the problem
<pfp> hi, all
<pfp> after some hours of semi-fruitful googling... what's the status on SATA and hot-plugging?
<ealden> MarioMeyer_: ping
<MarioMeyer_> pong
<irvin> MarioMeyer_, you still there?
<MarioMeyer_> yep
<MarioMeyer_> but leaving
<irvin> one quick question: there's no mysqli compiled with php5?
<MarioMeyer_> whats the OS?
<irvin> breezy. i've got php5-mysql installed, php5-cgi, and lighttpd
<MarioMeyer_> irvin, then u gotta use dotdeb.org repositories
<MarioMeyer_> ;P
<MarioMeyer_> it hasnt been added to breezy yet.. maybe dapper..
<irvin> umm... i see... i've got it running on windows though :-P, but how do you administer the feeds?
<MarioMeyer_> via mysql
<MarioMeyer_> just add them to the authors table
<irvin> i'll try playing with it and see if i can use flat files instead. thanks a bunch!
<Xoritor> i think i may bite the bullet and install ubuntu on the server
<Xoritor> not that its going to be bad, just that its going to take some time... time i will be down etc...
<Xoritor> any suggestions, tips, hints, or tricks anyone can offer?
<Xoritor> its my home server that will be doing httpd (apache2), maybe squid, and possibly some other things
<Xoritor> i am thinking maybe nagios (2x
<Xoritor> )
<Xoritor> but since thats not in the repo.... ill get it from cvs
<Xoritor> anyone have a good snort -> iptables interface?  or any recommendations on a "small" iptables script?
<Xoritor> i may just write my own
<Xoritor> i am fairly good with iptables
<Xoritor> not a guru or anything ;-)
<MikeN> anyone an idea why, by default, my breezy /etc/aliases only contained the "root: user" alias and no postmaster etc.?
<Xoritor> MikeN, thats odd... i didnt even see that
<Xoritor> MikeN, thank you for pointing that out
<MikeN> np, i think it falls in the category "bug", doesn't it?
<Xoritor> i would say so yes
<Xoritor> but i am new... so i dunno
<MikeN> hehe
<Xoritor> it sure does break the way MTAs work though
<Xoritor> especially postfix
<Xoritor> and anything else that sends to postmaster@
<Xoritor> or any other thing
<Xoritor> MikeN, have you been running ubuntu on servers for long?
<MikeN> nop, some weeks now
<Xoritor> hmm
<Xoritor> i have not yet installed it on my server
<Xoritor> any tips?
<MikeN> have it on 1 dev/toy server now and 1 production server, will see how it works out, can't get that bad i think, other servers are running gentoo :p
<Xoritor> that /etc/aliases will definately help me
<Xoritor> heh
<Xoritor> i ran that for a wile
<Xoritor> and FC
<Xoritor> and RHEL
<Xoritor> and...
<Xoritor> and...
<Xoritor> gotta know how they all work
<Xoritor> ;-)
<MikeN> hehe, well, i'm not such a fan of rpm based distro's, always like debian, but with debian you never know when an update will be released, kinda annoying
<Xoritor> right
<Xoritor> i worked for Red Hat for 3 years, so i am much more famiilar with rpm based distros
<Xoritor> but i do like .debs
<Xoritor> and i like them more and more as i go on
<Xoritor> easier...
<Xoritor> cleaner
<Xoritor> faster
<Xoritor> etc...
<nsilva> I am looking for a backup utility similar to FreeBSD's dump
<nsilva> is there something used on Ubuntu systems that can do incremental backups from the command-line?
<morrow> apt-get install dump
<nsilva> okay no prob... since that is in universe i thought maybe there was an equivalent command that was built-in or in the main repository
<morrow> well not that i know of, but i was used to dump/restore before so i didn't looked for anything else. :)
<nsilva> thanks! :-)
<pivi> big questione, why ubuntu server com with default useless package? (alsa, for example ..)
<pivi> I can remove them removing ubuntu-minimal or ubuntu-something, but I don't wont to get trouble when upgrading the distro ..
<MikeN> pivi, you can remove them ignoring the deps, which will probably cause you no trouble with upgrading, but the extra packages don't really matter imho, they only waste some diskspace
<pivi> yes, I know
#ubuntu-server 2006-01-28
<Xoritor> one thing is really starting to piss me off here
<Xoritor> something keeps overwriting my resolv.conf file
<Xoritor> freakin ppp stuff!!!
<Xoritor> dpkg -P ppp pppconfig pppoeconf got rid of all of it for me i think
<ubijtsa> lo spike
<spike> hey ubijtsa
<spike> ubijtsa: how do you do?
<ubijtsa> spike: not bad, but rather a lot on at work :)
<ubijtsa> have (more or less) completed a desktop migration today
<spike> migration from->to?
<ubijtsa> from old dual P3-1GHz to shiny new Dell GX280 Optiplex
<ubijtsa> Kubuntu Breezy picked up all hardware and just worked. :)
<fabbione> ubijtsa: no wonder :) i have the same machine for testing ;)
<fabbione> it would have been the same on plain Ubuntu tho
<ubijtsa> aye :)
<ubijtsa> fabbione: the people in the office laughed when I relayed that bit :)
<fabbione> ehhee
<ubijtsa> all ten of us have just had a new GX280 to replace old desktops with, and from what I gather, there will be at least four of us with kubuntu on them..
<fabbione> minie is actually a 260
<fabbione> but there is almost no difference
<ubijtsa> which is not bad as they had not heard of ubuntu when I started a year ago
<fabbione> even if my machine is slightly overloaded :)
<spike> hey fabbione
<fabbione> hey spike
<spike> will I get flamed for crossposting on -devel and -server? :)
<spike> I'd like to discuss some issues with default apache configs, so both lists sound appropriate
<fabbione> spike: it depends what default you are talking about
<fabbione> <- is an apache maintainer
<fabbione> i can tell you that the team is quite conservative about the actual defaults
<spike> fabbione: the way Options and AllowOverride default is dealt with, using the default vhost rather than apache2.conf (talking of apache2).
<spike> to me, using a vhost to deny access to everything on / isnt correct
<spike> same goes for NameVirtualHost directive actually
<spike> with all the nice job done splitting things like ports.conf that doesnt right
<GheRivero> res
<fabbione> spike: i think that's kind of a grey area too, since you might want to remove the default host completly and allow / access
<fabbione> spike: try to mail, but get ready to be flamed :D
<spike> fabbione: do you think I make some sense at least?
<fabbione> spike: i would need to see the details of what you mean...
<fabbione> from how things are now to how do you think they should be
<fabbione> including a little diff would help
<spike> ok, I'll post on -devel and -server and see what happes, gonna fetch an helmet and some pizza, brb ;)
<spike> k, I'll include a diff, no prob
<dac_adc> hi spike :)
<cecilkorik> I'm having trouble getting my RAID1+0 working, where's a good place to ask for help?
<derekS> is there an ubuntu-server roadmap?
<spike> derekS: not that I know of, at least, not a properly formed one, ie. gantt schema. atm specs are available (see topic) and there you have ETAs for listed features
<spike> references to dapper or dapper+1 are made, that means april and ~ october iirc
<derekS> spike: ok thanks
<derekS> hey, if you guys haven't seen it, http://www.freenas.org/
<derekS> pretty cool little program
<derekS> err
<derekS> os
<derekS> maybe something in the vision of u-s
<JulienH> derekS: freenas seems to be a pretty coool utility for offices ! Thanks for the link
#ubuntu-server 2006-01-29
<derekS> JulienH: np
* #ubuntu-server  [freenode-info]  please register your nickname...don't forget to auto-identify! http://freenode.net/faq.shtml#nicksetup
* ubijtsa swears loudly over fakeraid cards 
<ubijtsa> fabbione: who looks after the network base stuff in dapper?
<ubijtsa> fabbione: no worry, I see the guy got an answer in the end..
<spike> hi there
<ubijtsa> lo spike
* ubijtsa makes mental note to check the irc window more often
<spike> ubijtsa: do you know much about wifi networks?
<ubijtsa> spike: some.. only what I have figured out myself when messing with it, why?
<spike> ubijtsa: trying to figure out a few things to implement a network I've been asked to design
<ubijtsa> go ahead
<fabbione> spike: explain the problem :)
<fabbione> the worst case you will have no solution
<spike> the thing is I cant really find something in between WPA+PSK and WPA+EAP(EAP-TLS/PEAP)+Radius
<spike> for them it would be enough WPA2+randomized keys
<spike> but I'm not sure how to implement that
<ubijtsa> spike: new enough hardware has WPA2 capabilities
<spike> another solution would be a vpn, with openvpn maybe
<ubijtsa> best solution would be to not use encryption in the networking infrastructure if possible..
<spike> ubijtsa: uhm, for what I've read, I cant see how WPA2 helps with random keys
<ubijtsa> frees/wan should be better
<spike> ubijtsa: ipsec?
<spike> oh, k, I c
<ubijtsa> yes, ipsec. problem is, Windows require 3DES if you run ipsec
<spike> that's why I mentioned openswan above
<ubijtsa> unless very recent versions of windows finally got AES support
<spike> eer
<spike> s/openswan/opnevpn
<ubijtsa> if you need to use 3DES, you will require a fairly hefty server
<ubijtsa> AES is less heavy on the old cpu :)
<spike> anyway, this was already a known solution, but what about alternatives?
<spike> isnt there anything to have random keys with WPA without implementing EAP/radius stuff?
<spike> I couldnt find much around
<spike> ubijtsa: and why would you advise the use of ipsec/vpn? WPA2 appears to be failry secure (I've read about wpa cracking attempts)
<ubijtsa> personal preference I guess
<ubijtsa> with frees/wan, you have security that you know works
<ubijtsa> with the stuff in the wireless kit, you don't know if there are backdoors
<ubijtsa> depends what you are trying to do, if you want it bulletproof or not
<spike> wireless kit? you mean the sw coming with the AP?
<spike> s/coming with/on
<ubijtsa> aye
<spike> ubijtsa: I'm just reading up and analyzing solutions. yet I have no answer for the WPA2+random keys solution... I'm wondering if anything like that actually exists
<spike> everybody seems to go either with vpn or WPA+EAP+RADIUS
<spike> instead of basic WPA+PSK of course
<ubijtsa> 802.1x is probably good enough
<spike> yeah, but it sounds a bit overkill for this scenario
<ubijtsa> if it leaves room to grow... ;)
<spike> yeah, but assuming something like WPA + random keys exists it'd be easier to implement.. I'm not gonna do the two for the same price :)
<spike> and since it'd be enough for 'em, proposing both solutions sounds like the best thing to do
<ubijtsa> draft a proposal for an easy, a medium and a large solution...
<ubijtsa> let them pick what they want. :)
<spike> eeer, that's what I said, yes, and the point of my whole question is exactly the intermediate solution I cant find (excluding the vpn one)
<ubijtsa> I see..
<spike> compared to WPA2+PSK and WPA2+EAP+RADIUS the obvious intermediate solution to me seems WPA2+Random keys, but cant really find anything about it
<ubijtsa> I thought the PSK stuff was the random key solution.
* spike is a bit confused
<spike> a "bit" :)
<spike> I'm gonna grab some pizza to help the thinking, brb
<ubijtsa> :)
<spike> eheh, I love to read rants like this while eating ;)
<spike> http://www.joelonsoftware.com/articles/ThePerilsofJavaSchools.html
<ubijtsa> grin
<spike> said is, none of my employer ever spoken like that to me... :/
<spike> so it seems there' s a real shortage on both sides
<spike> s/said/sad/
<spike> eeh, wait, employer is the one that gets employed or the one employing someone, ie doing recruiting?
<tepsipakki> employer employs employees ;)
<spike> tepsipakki: tnx :)
<spike> brb, moving to another site
<ealden> MarioMeyer: ping
<MarioMeyer> ealden, pong
<E0x> the forum is down ?
<E0x> ( again )
<paul_> hi all!
<paul_> i am running ubuntu for quite a while now and am very happy with it's server performance. right now i am looking to replace an M$ streamingserver for an opensource server.
<paul_> does anyone know about a streamingserver (deamon) for ubuntu?
<segfault> vai levando com naturalidade
<segfault> ops
#ubuntu-server 2007-01-22
<phaidros> any hints on how get a vserver enabled xen-domU kernel for edgy?
<phaidros> hm, ok. found on in debian unstable ..
<phaidros> lets see if it works
<[miles] > good morning gentlemen
<lionel> Hi [miles] 
<[miles] > yo lionel 
<[miles] > how's france 2 day?
<lionel> fine
<lionel> a bit cold
<lionel> what about spain ? :)
<[miles] > fucking freezing :)
<[miles] > dark
<[miles] > and about to rain I think
<[miles] > ok, I'm very impressed by the Apache2 configuration structure 
<^robertj> where does /etc/iftab come from?
<\sh> udev?
<^robertj> is it put there by the installer though?
<^robertj> ends up renaming en0 to en1 every time I create a new vmware instance based off an existing install because of mac address
<[miles] > anyone know of somewhere I can get the latest amavisd-new for Ubuntu 6.06LTS?
<[miles] > or is it a compile from source jobby
<Shane-S> what is the simplest way to install Postfix just so php is able to send mail, the basic tutorial in the docs? (goes to get link)
<Shane-S> https://help.ubuntu.com/community/Postfix or this method https://help.ubuntu.com/community/PostfixBasicSetupHowto
<Christopher> Hello
<Shane-S> can I get help for 6.10 server here or just in #ubuntu?
<mralphabet> Shane-S: any of the server versions
<mralphabet> Shane-S: I'm going to wager that if you had followed any of the install docs you would have had postfix working by now, if that is still your question.
<Shane-S> postfix is running fine
<Shane-S> this was gonna be about samba, but it is running fine too, so it in my domain, troubleshooting that now
<Shane-S> I was thinking it was rejecting my login, but it was going to a windows box
<Shane-S> put the IP in and it worked fine
<Shane-S> would anyone have a clue why \\IP works with samba, but \\hostname give a login that does not work?
<mralphabet> what's the time differential on the two machines?
<mralphabet> I want to say I've seen that before on machines that were >5 minutes apart
<Shane-S> hmm...not sure let me check
<Shane-S> time to the minute is the same
<Shane-S> seconds I am sure vary
<Shane-S> both are 15:45
<Shane-S> I checked my wins entries on the Windows 2003 DC's and they map webserver to the right IP
<Shane-S> and I have DNS entries as wel
<Shane-S> network does not use NetBios, I saw in the tutorial to enable that, but I can't imagine a need in the modern age of DNS
<Shane-S> plus I can not restart are server through the week, so if I need NetBios I will have to wait till the weekend
<Shane-S> not sure if I should say can not :P I CAN, I shouldn't :D
<mralphabet> Shane-S: I've seen that before, and it was something odd . . . let me look through log files
<Shane-S> mralphabet: thank I have to run out and pick my brother up, will you be around tomorrow?
<rance1> I seem to be having a problem with the rndc portion of bind.  I have editied the named.conf to add a control directive and I have an "include path/to/rndc.key" statement, and there is an rndc instance listening on my localhost interface, but rndc the client keeps failing with an error 'rndc: connection to remote host closed' I've googled for it and I have tried several hints, but nothing yet, it it a ubuntu thing I'm not aware of yet?
<rich__> Does anyone know what the status of the ubuntu small business server is or where I could get more info on it's development? I found a few pages on the wiki and forums and would like to help out.
<Burgwork> rich__: mostly it is just ideas right now
<Burgwork> what sort of things would like you to help out with?
<rich__> I could really use it now so I'm pretty much willing to help with everything
<rich__> I'm basically going through the process of working out which packages to add to the server install and how to configure them at the moment
#ubuntu-server 2007-01-23
<Burgwork> right
<Burgwork> so the major issue is the lack of nice configuration interface
<rich__> Yep. I looked at webmin and ran. It's too complicated for your average small business owner.
<rich__> I might try to start by building a howto based on what I've done.
<Burgwork> yes
<Burgwork> a better platform I have been looking at is ebox, but is fairly immature at this point
<Burgwork> so if we can get solid howtos, that is great
<Burgwork> I keep meaning to rewrite the LDAP one
<Burgwork> do you know where the documentation wiki s?
<rich__> I only know of two wiki pages on wiki.ubuntu.com
<Burgwork> right
<Burgwork> the documentation stuff is help.ubuntu.com/community/
<rich__> Thanks. I'm still finding my way around with Ubuntu (ex-Fedora Core user)
#ubuntu-server 2007-01-25
* Starting logfile irclogs/ubuntu-server.log
<DogWater> Howdy, anyone know specifically why the kickstart installer for the server cd looks for files that dont exist?
<DogWater> https://launchpad.net/ubuntu/+bug/79562
<DogWater> that bug is very real, please fix it
<mralphabet> DogWater: just so I understand . .. you are using the mini installer which downloads things to install during the install, right?
<mralphabet> I guess I don't understand why an apt-get update isn't good enough at the moment
<DogWater> mralphabet: I'm booting via PXE, using a kickstart file to install...
<DogWater> the install goes fine until it realizes that it is missing old files which have been replaced
<DogWater> but whatever 'tells the installer' to look for certain files was never updated
<mralphabet> ahhh so the installer chokes because it can't get the old file
<DogWater> yeah i've tried cp'ing the new file to the old but the md5 doesnt match so it bites it
<mralphabet> gotcha
<DogWater> is that list stored in the initrd somewhere i could update it?
<mralphabet> I'm not actually sure where that list is
<DogWater> i tried using the regular installer but that wont work because it doesnt obtain a network address until the second phase of the installation (after the initrd-kickseed)
<DogWater> i think i'll try getting the old files from "someplace"
<DogWater> so far im up to like 25 files :D
<DogWater> I guess it works if i point it at mirrors.kernel.org/ubuntu as the location of the files
<DogWater> but i would've really liked to do it all locally over our gig-e
<rance> I've having some trouble with setting up ddns options in dhcp, it seems that any ddns related option is listed in the error log as "unrecognized", but the syntax and spelling is right off the isc documentation? any ideas, like is dhcp configured to ignore that?
#ubuntu-server 2007-01-26
<lullabud> i just noticed that my /etc/hosts file has "127.0.1.1  hostname" as an entry...  anybody know what's up with 127.0.1.1 ?
<lullabud> it also has 127.0.0.1 localhost
<lullabud> i've just never see the 127.0.1.1 entry before..
<mralphabet> there are several mailing list discussions about it on google
<mralphabet> just search for 127.0.1.1 and it will come up
<lullabud> mralphabet:  yeah, i found a bunch of "bug #" type of posts.  i guess i was hoping for a technical explanation of exactly why they chose to do that...
<mralphabet> the best explanation that I could see was "localhost should be the only thing that resolves to 127.0.01, everything else should move through xyz"
<mralphabet> in this case, xyz = 127.0.1.1
<lullabud> huh... interesting.  that seems like it's a good idea, actually.
<lullabud> thanks mralphabet 
<coNP> why is it a good idea?
<coNP> I mean I think I missed the point
<mralphabet> I believe, and others would be more qualified to answer then I, that if you have a machine that is on any sort of network, you do not want the machine name to resolve to 127.0.0.1 because the secondary machine may get the wrong answer and try to connect to 127.0.0.1, which would be . . . itself . . . it's preventing the snowball effect
<lullabud> another thing is that it offers a way to locally test network changes, specifically firewall changes.
<lullabud> if you allow connections from localhost as 127.0.0.1 but want to deny others, you could connect to localhost to test your lo, and [hostname]  to test outside access
<lullabud> i know solaris uses one hostname per physical interface, so it would make sense that logical interfaces would also use that scheme.  but this is linux...
<coNP> thanks
<Spritz> anyone using ubuntu/sparc?
#ubuntu-server 2007-01-28
<okaratas> hmm
<okaratas> /usr/sbin/invoke-rc.d: line 274: /sbin/runlevel: No such file or directory
<okaratas> what is problem ?
<coNP> okaratas: what do you run?
<okaratas> apt-get install bind9
<okaratas> Setting up bind9 (9.3.2-2ubuntu3) ...
<okaratas> wrote key file "/etc/bind/rndc.key"
<okaratas> /usr/sbin/invoke-rc.d: line 274: /sbin/runlevel: No such file or directory
<okaratas>  * Starting domain name service...                
<coNP> okaratas: is there really no /sbin/runlevel for you?
<okaratas> root@ozgur:/etc# ls -la /sbin/runlevel
<okaratas> ls: /sbin/runlevel: No such file or directory
<okaratas> root@ozgur:/etc# locate runlevel
<okaratas> /usr/share/doc/sysv-rc/README.runlevels.gz
<okaratas> root@ozgur:/etc# 
<coNP> okaratas: do you use upstart or sysvinit?
<okaratas> what is dependencies package for runlevel?
<coNP> either sysvinit or upstart-compat-sysv should be installed
<okaratas> hmm
<okaratas> apt-get install sysvinit
<coNP> okaratas: what does ps axu| grep init say?
<okaratas> root@ozgur:/etc# ls -la /sbin/runlevel
<okaratas> -rwxr-xr-x 1 root root 24836 2006-10-10 13:42 /sbin/runlevel
<okaratas> root@ozgur:/etc# ps aux|grep init
<okaratas> root         1  0.0  0.1   1632   572 ?        Ss   Jan27   0:00 /sbin/init --restart
<okaratas> root     21218  0.0  0.1   2800   764 pts/1    S+   03:08   0:00 grep init
<coNP> and init --version
<okaratas> root@ozgur:/etc# init --version
<okaratas> init (upstart 0.2.7)
<okaratas> Copyright (C) 2006 Canonical Ltd.
<coNP> okay, then it is upstart
<okaratas> hm okey thank you very much
<coNP> you should install upstart-compat-sysv
<coNP> instead of sysvinit
<okaratas> hm ok thanks.
<okaratas> i open ubuntu networking channel > #ubuntu-network 
<okaratas> my channel registered.
<coNP> sorry Mez, what do you mean by joining spam?
<Mez> coNP,  ... ?
<Mez> coNP, I mean as soon as I joined -devel I got this message
<Mez> <okaratas> mruiz, Mez join channel > #ubuntu-network please :)
<Mez> which is join spamming
<coNP> Mez: oh, okay I see; thanks
<okaratas> Mez, sorry
<okaratas>  I listen carefully what you say, and i respect your suggestions. Be sure that i will make this through. But please help me to help ubuntu. ok ?
<Mez> okaratas, if you want to help, there are routes to go down
<lionel> okaratas: what #ubuntu-network is about ?
#ubuntu-server 2008-01-21
<thomas_newbie__> If I want to create a webserver with pages that users can create an account and such what server and how should i do it? I have a plain apache server now. Can I use asp pages?
<zul> no you will have to configure apache to use asp pages check google
<kgoetz> thomas_newbie__: anyone witha shell account can have their own web page if you enable apache mod_userdir
<kgoetz> as for asp - avoid it
<thomas_newbie__> zul: but whats the best way to do it. Internet sites as facebook are using .php extension pages on Apache servers
<zul> thomas_newbie__: you will have to install php5 then
<zul> !php
<ubotu> LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<kgoetz> php is not asp
<zul> yes but if he wants to use php like facebook then he will have to install php if he wants to use asp then he will have to configure apache to use php
<zul> er..asp
<kgoetz> zul: yes, thats kind of what i was trying to say.
<thomas_newbie__> I know I just don't know how to go about this. Using a page where people can go on a website create and account and login aftewards. I"LL BE BACK, DINNER is READY
<kgoetz> talking about sites with php is irrelevent if he wants asp (or vica versa)
<thomas_newbie__> Dinner
<thomas_newbie__> kgoetz: hey i'm back, so do I need asp, or should I just use html forms on its own?
<kgoetz> thomas_newbie__: if you need server side scripting, use php
<kgoetz> or python, for more hardcore uses
<thomas_newbie__> kgoetz: So for the purposes I described to you...you connect to my page..you create account...submit..and then you can login to your own page....What should I use?
<kgoetz> thomas_newbie__: dont know, i havent setup a login system like that, unless you use something like wordpress/plone perhaps
<thomas_newbie__> kgoetz: what the heck is that. You don't understnad what I mean? As an example you create a hotmail account
<kgoetz> thomas_newbie__: what the heck is what? how did email get into this?
<thomas_newbie__> kgoetz: hehe i dont know what wordpress is. No not email just any forum/email/facebook, any site that you can enter your: Username and Password and then you can login with it. I would like to do that
<kgoetz> thomas_newbie__: go have a look at wordpress and come back and tell us if its what your thinking
<thomas_newbie__> kgoetz: wordpress is a blog thing
<kgoetz> yes it is.
<thomas_newbie__> kgoetz: I guess it could be a blog it don't matter. First I want the user to establish their own account.
<zul> so you want facebook the equivalent?
<thomas_newbie__> kgoetz: I don't know if I need to use IIS or Apache for my page. That's the debate right now. I can execute asp scripts without IIS?
<kgoetz> thomas_newbie__: apache can run asp.
<zul> thomas_newbie__: its probably the out of the scope of this channel
<thomas_newbie__> zul: no. Ok forget the examples. I just want a user to login to my first page. Enter their name. Enter a password. Then submit to me
 * kgoetz giggles
<ajmitch> kgoetz: behave
<kgoetz> ajmitch: sorry
<zul> thomas_newbie__: google is usually good for finding things like that or freshmeat.net
<thomas_newbie__> zul: google is my friend i know....but google didn't give me any best answers
<zul> but look at zope,plone,django..
<thomas_newbie__> www.mysite.com/~thomas/ works for my webserver. Is that a good thing? Correct?
<kgoetz> yes
<thomas_newbie__> kgoetz: i don't understand why it works though
<thomas_newbie__> kgoetz: i have documentroot set to /thomas/public_html/
<kgoetz> thomas_newbie__: why? leave document_root at /var/www
<kgoetz> the userdir module is what gives you access to $HOME/public_html via the /~username directory
<thomas_newbie__> kgoetz: omg i dont' understand this..I have document_root set to /var/www and yet mysite.com/~thomas/ still redirects me to a page in my home folder
<kgoetz> yes.
<kgoetz> thats
<kgoetz> what
<kgoetz> it
<kgoetz> does
<kgoetz> !!!
<kgoetz> thats the point of the ~/yourname
<kgoetz> * /~yourname
<thomas_newbie__> kgoetz: i have another problem, I can't stop my webserver: sudo /etc/init.d/apache2 stop
<thomas_newbie__> It says the server stopped BUT IT DOESNT!
<kgoetz> thomas_newbie__: what do the logs say?
<thomas_newbie__> kgoetz: these logs? /var/log/apache2
<kgoetz> thomas_newbie__: yes.
<kgoetz> and posably syslog
<thomas_newbie__> kgoetz: not sure which file
<kgoetz> thomas_newbie__: /var/log/syslog and /var/log/apache2/*log
<thomas_newbie__> kgoetz: well in the access logs
<thomas_newbie__> kgoetz: you're looking for a shutdown thing?
<kgoetz> thomas_newbie__: yes
<thomas_newbie__> I'm just seeing what i accessed
<thomas_newbie__> access.log
<thomas_newbie__> kgoetz: I don't know if I may have screwed something...I installed php5 and MySQL
<thomas_newbie__> hmmm
<thomas_newbie__> lol wtf i wanna stop it
<kgoetz> did you isntall them using apt?
<thomas_newbie__> adept package
<thomas_newbie__> kgoetz:  * Stopping web server (apache2)...                                                                                                           httpd (no pid file) not running
<kgoetz> but you can still visit your local web server?
<thomas_newbie__> yea
<kgoetz> hm
<thomas_newbie__> kgoetz: even through external ip....i installed mysql-server
<kgoetz> is apache the only httpd you have installed?
<thomas_newbie__> is it possible to have 2 apache's installed?
<kgoetz> run `ps aux |grep -e httpd -e apache` and pastebin the output
<kgoetz> apache1 and apache2 potentially, but iirc not on ubuntu
<thomas_newbie__> kgoetz: http://paste.ubuntu-nl.org/52863/
<kgoetz> thomas_newbie__: what version of buntu?
<thomas_newbie__> kgoetz: not sure but i think feisty
<thomas_newbie__> hmm
<thomas_newbie__> lol
<kgoetz> http://packages.ubuntu.com/cgi-bin/search_contents.pl?word=%2Fusr%2Fsbin%2Fapache&searchmode=searchfiles&case=insensitive&version=feisty&arch=i386
<thomas_newbie__> kgoetz: how do i check console :D?
<kgoetz> thomas_newbie__: `ls_release -a`
<thomas_newbie__> kgoetz: that dont work
<thomas_newbie__> kgoetz: you want me to install apache webserver?
 * kgoetz is heading afk
<thomas_newbie__> anyone there?
<thomas_newbie__> kgoetz: hello?
<thomas_newbie__> I Found the solution. SHOULD I use APache2 or Apache?
<kgoetz> apache2
<kgoetz> heading off. good luck :)
<thomas_newbie__> kgoetz: yoasd
<thomas_newbie__> kgoetz: :(
<thomas_newbie__> last question?
<thomas_newbie__> kgoetz: apache has took over apache2...I used apache2 before
<thomas_newbie__> so Now only apache 1.3 works. How do I change? Uninstall. Any clue why?
<kraut> moin
<kraut> hi
<kraut> i am using rdesktop on an ubuntu-server via ssh -X and having problems with the graphics on the remote-windows-box. does anybody know, how i could fix this?
<kraut> the ubuntu-server is a dapper.
<kraut> no backports or multiverse packages are installed
<_ruben> kraut: im not sure what it is you're trying to do, nor what those "problems" actually are
<kraut> i am using rdesktop on an ubuntu-server and having graphi-problems
<_ruben> thats even less information than the first time
<kraut> _ruben: http://exodus.packetloss.biz/~kraut/temp/rdesktop.png
<kraut> with rdesktop 1.5.0 on gutsy it's working fine
<_ruben> rdesktop has various ways to deal with screen updates afaik, might need some tweaking in that area
<_ruben> even when i started using rdesktop years ago, i never had issues like these
<kraut> the window of rdesktop itself is broken as you could see above the title-bar
<kraut> any other application like konqueror is working fine
<_ruben> i dont see any title bar
<kraut> ah, sorry. it wasn't captured by import
<kraut> but it's also broken
<_ruben> that sounds like a bigger problem, like with the window decorator/widget set/etc
<kraut> don't think so, because konqueror for example is working fine
<kraut> and when i use rdesktop without window-decorations, i'll get the same errors in the windows-screen
<_ruben> well .. rdesktop isnt drawing its own titlebar afaik ... then again, im far from knowledgeable in the X details
<kraut> me, too.
<kraut> i only want to get it fixed :P
<_ruben> the only other thing i can think of is that dapper's rdesktop version isnt (fully) compatible with the newer rdp protocols used by xp/2k3 (which seems to be what you're connecting to)
<kraut> ok, i've compiled now in a dapper32-chroot my own 1.5.0 rdesktop version and everythin runs fine
<kraut> yes, it's windows 2003 server
<_ruben> the rdp protocol evolved over time, might be related
<kraut> i think i should open a bug-report
<zul> for the apache modules in universe should the maintainers be set to the server-team?
<mathiaz_> zul: for bug 182256, I wouldn't confirm it yet.
<ubotu> Launchpad bug 182256 in apache2 "error while apache start" [Low,Confirmed] https://launchpad.net/bugs/182256
<mathiaz_> zul: it seems that it may be related to a wrong configuration on the system
<zul> yeah I get that as well but apache starts but it starts as normal
<mathiaz> zul: not sure it's related to apache
<sommer> ScottK: around?
<ScottK> Yeah
<sommer> I just wanted to comment on avscan... is it really needed?
<sommer> with clamtk, and klamav it seems redundent
<sommer> after looking through the code, in the dapper version, it seems more like a learning project than a serious project
<sommer> I could definitely be wrong about that though
<ScottK> I got avscan working
<ScottK> Agreed it's redundant, but it's in the repos, so we're stuck with it.
<ScottK> The Dapper version was a very early one.  I probably shouldn't have even been packaged yet.
<sommer> ah, gotcha... just wanted to complain a little I guess
<ScottK> Sure
<ScottK> I really appreciate all your testing help.
<sommer> np
<ScottK> Have you got Edgy?
<sommer> not currently, but I can probably get it setup today or sometime this week
<ScottK> If at all possible, I'd like to actually execute the backport in Edgy first as a test.
<sommer> sounds reasonable
<sommer> I'll try and work on that this evening
<ScottK> Looks like I used the wrong version of sylpheed-claws-gtk2.  Gotta test that again.
<sommer> okay, I can do that... are you updating the ppa?
<greg-g> I am trying to install Ubuntu server 6.06.2 in virtualbox.  It installed with no errors, on boot it sits and does nothing (other than use a whole cpu core) after "uncompressing linux... Ok, booting the kernel."
<greg-g> suggestions?
<imaginaryboy> hi, I'm setting up an ubuntu server 7.10, with no GUI. I need something like bum but that doesn't need gui, need suggestions :D
<zul> bum?
<leonel> bum bum ?
<imaginaryboy> boot up manager
<imaginaryboy> tequila bum bum yes :D
<imaginaryboy> I am building up a very simple edonkey server
<imaginaryboy> and I want to disable all the services that are useless
<imaginaryboy> at startup
<leonel> sudo update-rc.d -f   SERVICE  remove
<imaginaryboy> I have not so much experience with command line...I use ubuntu desktop since 6.10, but I do quiet all with GUI programs
<imaginaryboy> tnx... and how can I see services list?
<imaginaryboy> leonel, ?
<leonel> the default server installation   has no services running
<leonel> if there's a service running
<leonel> you can remove with
<leonel> sudo update-rc.d -f   SERVICE  remove
<leonel> this way the server won't start at boot
<imaginaryboy> tnx...but in future with which command can I see the running services?
<leonel> ps aux
<leonel> you see all the process in your machine
<leonel> or more  visual
<leonel>  
<leonel> pstree
<arthur_kalm> Hi everyone, I'm trying to get tomcat set up on a development machine but every time I launch it it dies instantly with no error messages whatsoever
<arthur_kalm> I installed tomcat from the repo hoping that it would work with the defaults
<arthur_kalm> Here is what happens:
<arthur_kalm> arthur@mshlindev02:/etc/tomcat5$ sudo /etc/init.d/tomcat5 start
<arthur_kalm> Starting Tomcat 5 servlet engine using Java from /usr/bin/java: arthur@mshlindev02:/etc/tomcat5$
<leonel> arthur_kalm: did you installed  sun-java6 ?
<leonel> arthur_kalm: and make the default java
<arthur_kalm> sun-kava6
<arthur_kalm> *java
<arthur_kalm> and I switched to it using update-alternatives
<arthur_kalm> I uncommented some of the things in /etc/defaults/tomcat5
<arthur_kalm> ah
<arthur_kalm> hmmm
<arthur_kalm> could it be a permissions thing?
<arthur_kalm> leonel, do you know which folders should be owned by tomcat5?
<leonel> arthur_kalm: not really
<arthur_kalm> leonel, :( OK...
<leonel> arthur_kalm: http://ubuntuforums.org/showthread.php?t=614584&highlight=tomcat   maybe can  help
<arthur_kalm> leonel, hrm, I did that :(.. grr I tried setting the permission and it didn't help...
<arthur_kalm> JAVA_HOME is set...
<leonel> ok
 * leonel sudo apt-get install sun-java6-jdk tomcat5.5   
<leonel> let see ..
<leonel> mirrors are slow
<levander> Has anyone else noticed no development work has been done on dovecot in the last two months?
<arthur_kalm> leonel, it's OK don't worry about it
<arthur_kalm> leonel, I'll ask around in the tomcat channel. Thanks for your help :)
<chapium> for some reason my terminal is in all caps..  what could be the cause of this?
<leonel> caps lock  ?
<leonel> arthur_kalm: ok
<chapium> leonel: even the output is caps
<chapium> like man pages
<leonel>  do a  reset to your terminal
<leonel> on the terminal  type :
<leonel>   reset
<leonel>  
<leonel> that should reset the terminal setings
<chapium> leonel: thanks.  This is  a fresh install.. why would it do that?
<leonel> well when  I do a  cat to a file   the terminal gets the settings wrong  then with   reset  gets  solved
<arthur_kalm> leonel, well I figure it out finally :P
<arthur_kalm> leonel, it was because I had JAVA_HOME as the java executable instead of the actual folder :P
<arthur_kalm> leonel, it should have really said something...
<ScottK> sommer: ubuntu-clamav PPA is updated
#ubuntu-server 2008-01-22
<sommer> ScottK: sylpheed-claws-gtk2 still good to go :-)
<ScottK> somerville32: Great.
<thomas_newbie__> can someone help me I can't get My apache2 server to work on localhost
<thomas_newbie__> whenever i do mysite.com/~username It takes me to a page but localhost doesn't work
<kgoetz> anyone here buy sun gear? should i go for a Sun Fire or Sun SPARC Enterprise? both are T1000 units, both seem to be the same exept for the cpu, and i'm not srue of the difference :/
<thomas_newbie__> I removed and purged apache2 and yet I can still use sudo apache2ctl restart to start the server. The normal init script doesnt work
<ScottK> sommer and leonel: clamav backport for dapper is uploaded.  Now I need to get an archive admin to accept it.
<sommer> ScottK: sweet... working on installing Edgy
<ScottK> Great.  I'll make a bug for that then.
<ScottK> sommer: Bug #184994
<ubotu> Launchpad bug 184994 in edgy-backports "Please backport clamav-0.92.dfsg-2 from Hardy to Edgy" [Undecided,New] https://launchpad.net/bugs/184994
<leonel> ScottK:  sweet !
<leonel> ScottK: do you need more testing ?
<ScottK> leonel: With Dapper we are done.  We need testing with Edgy/Feisty/Gutsy
<leonel> ScottK: ok I go with gutsy feisty tomorrow morning
<ScottK> leonel: Great
<leonel> and edgy if time allow me to
<ScottK> sommer is going to start on Edgy, so having you work on the later ones will be good.
<leonel>  perfect
<sommer> sounds like a plan to me
<leonel> ScottK: the packages to be tested are the PPA ?
<ScottK> leonel: Yes
<leonel> ok
<leonel> ScottK:  see you tomorrow
<leonel> apt-get remove leonel
<thomas_newbie__> when I do : 'sudo apache2ctl restart' I get the following ERROR: [warn] NameVirtualHost *:0 has no VirtualHosts httpd not running, trying to start
<thomas_newbie__> how do YOu indicate to apache what is the default config file?
<thomas_newbie__>  i installed php5 but I can't get PHP files to execute in browser with my APACHe server
<kraut> moin
<pschulz01> Anyone here going to Linux.Conf.Au?
<soren> mok0: You're running your kvm's on hardy, right?
<mok0> no, gutsy
<soren> Oh!
<soren> That explains :)
<mok0> soren: aha
<mok0> You are referring to my bug report?
<soren> I was just wondering about a few of the things you put in the wiki page that don't apply anymore in hardy.
<soren> mok0: which bug report?
<mok0> bug 184514
<ubotu> Launchpad bug 184514 in kvm "kvm hangs when installing dapper guest" [Undecided,New] https://launchpad.net/bugs/184514
<mok0> soren, please send me fixes to the howto, or edit it yourself. Perhaps it would be good to have a section on Hardy?
<mok0> soren, I wanted the howto to be very plain and simple with instructions for just the current distribution, but soon people will need to do the same under hardy.
<soren> mok0: Well, some of it, yes :)
<soren> Sorry, had a coke all over the floor sort of incident I needed to take care of :)
<mok0> soren: Is it very different?
<mok0> (under hardy)
<soren> mok0: Well, for one thing, the modules get loaded automatically.
<soren> mok0: The other stuff is pretty much the same.
<mok0> soren: Ah, so I can just put in a comment to that effect
<soren> Right.
<mok0> soren, we have not been able to create a virtual machine that uses SMP
<soren> About the bug report, it's cool that it's reported, but don't expect a lot to be done about it :(
<soren> mok0: kvm in gutsy is soooo old.
<mok0> soren: I know. It develops really fast
<mok0> soren: we tried backporting from hardy
<mok0> soren: it doesn't solve the -smp problem
<soren> mok0: Even with the matching kernel modules?
<mok0> soren: It is my collaborator Jesper who has been playing with it. I will try it myself later this week and report it. I don't have a lot of detail
<soren> mok0: Ok, cool.
<mok0> soren: I only know that the virtual machine does not use more than 1 cpu no matter what you tell it
<mok0> soren: ... and as far as I know it crashes unless you use -no-kvm
<soren> "it"?
<mok0> soren: the virtual machine :-)
<soren> kvm altogether or just when you try to use more than one cpu?
<mok0> soren: If you attempt to start kvm with the smp switch, the virtual machine crashes
<mok0> soren: you can start it with both smp switch and no-kvm, then it starts, but only uses 1 cpu
<mok0> soren: ... but as I said, I will triage this myself in a couple of days time, when I am getting a new quadcore desktop :->
<mok0> atm I am working from my Powerbook with ssh connections to the server and it makes life a bit more difficult...
<mok0> soren: I should repeat my dapper experiment with 6.06.2 :-)
<soren> You could, but I doubt it would help very much.
<mok0> soren: can you make a SRU of kvm 59 for gutsy, or put it in backports? If there are lots of bugs in version 29, it does make sense
<zul> morning
<mok0> morning, zul
<mok0> soren, last bit of news is that we got the -smp option to work under gutsy, with version 59 from hardy.
<mok0> soren: I think this is a good enough reason to make a SRU
<soren> mok0: That's not quite how SRU's work. At best, a backport could be done.
<mok0> soren: OK, I've misunderstood something.
<mok0> soren: I thought you could update a package if it has serious regressions
<soren> mok0: I can fix serious regressions and bugs and such.
<soren> mok0: I cannot, however, just upload a new version.
<mok0> soren: even if that is the fix?
<soren> mok0: So I need to find the smallest patch that fixes the particular issue and apply that.
<soren> mok0: Even if it that fixes it, yes.
<soren> mok0: It's not impossible that there are regressions from the gutsy version to the hardy one.
<mok0> soren: so I guess backport is the only option. It compiles out of the box
<soren> mok0: And we consider people's working setups more precious than pretty much anything else.
<mok0> soren: true
<mok0> I always forget that :-)
<soren> mok0: Personally, I doubt it's actually a problem in this particular case, but I think the policy is sound.
<mok0> soren: yes, it is. Otherwise, you may as well use Fedora
<soren> *G*
<mok0> hehe
<mok0> soren, do you have info on whether qcow2 or raw are the most efficient virtual media ?
<soren> I don't have any benchmarks, I'm afraid.
<soren> I think it depends on the host's filesystem, too.
<mok0> soren: sure
<mok0> soren: but we use ext3 only
<soren> mok0: Ok.
<soren> mok0: Well, there are a number of different things that affect it: Whether you're using sparse files or not, how the host's filesystem fills in sparse files if you're using that, how the I/O scheduler inside the guest deals with various things..
<mok0> soren: ok, of course it's complicated.
<soren> off the top of my head, I'd guess raw images to be more efficient.
<mok0> soren: I've read that somewhere. I just don't know if it's still true
<mok0> qcow2 files are much smaller
<mok0> ... and you can store them easily on a DVD :-P
<soren> mok0: They are indeed.
<soren> mok0: raw images compress really well, though :)
<mok0> soren: I guess they are mostly filled with zero bytes
<soren> Well, if you're using qcow images, it's kvm's job to know where the block that the client thinks is at sector foo is stored in the image and send that to the client. In case of raw images, this is a no brainer, and it's up the the host's kernel to find the right place on the disk to find the block.
<mok0> soren: I see. So there's some overhead associated with the qcow2 format
<soren> if you're not using sparse files, it's likely that your raw image will not be fragmented, which helps the client's I/O scheduler make the right guesses.
<mok0> soren: Good point
<soren> The I/O scheduler in the client might very well try to batch up read requests so that it will read them in the order it thinks they're stored on the disk, but it might be the completely backwards on the actual physical disk, so you get the worst performance imaginable.
<soren> Yeah, thinking about this some more, I'd say that until we get virtio block devices (should happen real soon), non-sparse raw images should be the best way to go if you're worried about disk I/O.
<mok0> soren: It sound very reasonable
<mok0> s/sound/sounds
<juliux> hi TeTeT
<TeTeT> juliux: Hi Julius,wie geht's?
<mok0> soren, writing in qcow2 is 60% of the writing speed in raw. Reading is app. the same
<thomas_newbie__> I installed PHP and enabled it to work with Apache but whenever I go to open an php page it asks me to download it. I resarted Apache and reloaded browser cache by exiting, still no luck.
<mok0> thomas_newbie__: you must restart apache
<thomas_newbie__> mok0: i mentioned i did restart it
<mok0> thomas_newbie__: and you enabled it in /etc/apache2/...
<thomas_newbie__> mok0: uea a2enmod php5
<thomas_newbie__> *yea
<mok0> thomas_newbie__: is the link there in /etc/apache2/mods-enabled?
<thomas_newbie__> mok0: yes, php5.conf and php5.load
<mok0> thomas_newbie__: hmmm weird
<mok0> thomas_newbie__: paste this into a file in public_html:
<mok0> <?php phpinfo(); ?>
<mok0> thomas_newbie__: file must have .php extention
<mok0> thomas_newbie__: yikes I have to run, hope it was _some_ help...
<thomas_newbie__> mok0: yea so
<thomas_newbie__> mok0: it worked
<mok0> thomas_newbie__: cool
<thomas_newbie__> but that doesn't fix it right
<thomas_newbie__> mok0: so if I put a php file int hat folder it will work? i need to put files into /var/www
<mok0> thomas_newbie__
<mok0> thomas_newbie__: you have to put it somewhere that apache is allowed to read. Normally it can be in ~/public_html but perhaps also in /var/www
<thomas_newbie__> i have a php file in /var/www
<mok0> It MUST have extension .php
<mok0> copy phpinfo.php to /var/www
<mok0> it will not work if you open the file through the browser
<mok0> you have to open the proper http://blah url
<mok0> Gotta go, I have someone waiting for me...
<thomas_newbie__> mok0: ty
<leonel> ScottK:   tested on GUTSY   clamtk clamav-getfiles python-clamav  php5-clamavlib   all worked
<coffeedude> dendrobates: ping
<rotini> hello all.  A dot file (like .dotfile) in cron.hourly or whatever won't be run, correct?
 * coffeedude  heads for more coffee....
<qhartman> rotini: I don't believe it will be, not sure though. I've never had any reason to put a dotfile in there
<qhartman> the samba package in Gutsy does not seem to contain mount.cifs . Which package provides it? I haven't been able to find it
<rotini> qhartman: yeah, me either.  I'm preparing a machine to take over if (when) a server fails, so...
<rotini> I commented out the file's contents anyway, should be ok
<qhartman> I'd just create a one-liner script in a dotfile that does something dumb, like toucha file somewhere, and see if it gets fired.
<rotini> good idea
<thomas_newbie__> Should I delete the Apache2-default directory from /var/www ?
<ScottK> leonel: Great.  Dapper backport is in progress.
<jetole> hey guys, can someone suggest a addon card that is linux compatible that will not only allow kvm but will also allow virtual media and bios access etc
<jetole> ?
<jetole> I have one that just came with Dell servers and it is frankly broken, won't work with Linux or Windows appearently
<jetole> I forgot to mention, ip based for remote admin
<nxvl_work> zul: ping
<zul> nxvl_work: yep?
<nxvl_work> zul: is there any reason why you change the name of the changelog entry on Bug #182567
<nxvl_work> ?
<ubotu> Launchpad bug 182567 in samba "smb.conf example: Configuration Directive Inconsistencies" [Wishlist,Fix released] https://launchpad.net/bugs/182567
<zul> nxvl_work: because Ive added more things to it.
<nxvl_work> zul: in that case you should make something like Bug #130836
<ubotu> Launchpad bug 130836 in apache2 "Specify OpenDocument icon(s) in Apache2 configuration" [Wishlist,Fix released] https://launchpad.net/bugs/130836
<nxvl_work> so it's clearer
<nxvl_work> it's the best way to do that kind of thing
<nxvl_work> things
<nxvl_work> so it's clear who to point when we need to ask for some changes
<leonel> ScottK:  tested  php5-clamavlib python-clamav clamtk clamav-getfiles  on FEISTY
<leonel> ScottK:  gurlchecker   pulls   libclamav2   in gutsy and feisty
<ScottK> leonel: Great.
<ScottK> leonel: On dapper, clamav is published and we're doing all the depends now.
<leonel> Good !
<leonel> ScottK:  klamav on  feisty is  ok  too
<ScottK> Great.
<leonel> ScottK:  avscan on  feisty   OK
<ScottK> So far everything that's compiled has worked.
<leonel> the remaining packages  requires  more  time to setup and test ..
<leonel> and  I need to do other   things today  as soon I clear my  todo list  I'll resume testing
<ScottK> leonel: Great work.  I appreciate all your testing
<leonel> no .. thank you for  those packages ..
<thomas_newbie__> I'm just starting off learning how to run my Apache server. I want to do something with it and I was thinking of using phpBB as a forum where people can make accounts and stuff. Do I have a big chance of screwing up and having a lot of security problems?
<pteague> i'd suggest using apache2 & something other than phpbb ... phpbb seems to have a bunch of security issues that keep cropping up
<thomas_newbie__> pteague: anything else in mind other than phpbb? I just installed phpBB2. Should I store my php files in /var/www where i store my html forms and such
<pteague> i've not needed to set up forum software in a while so not sure... maybe google for it...  i just know that phpbb, being 1 of the most popular is unfortunately not coded very well...  i think phpnuke has some issues as well
<pteague> as to where to store it, i tend to store stuff in /home/username/workspace/sites/com.example.www & use apache vhosts to point to where it's at
<WaVeR> Sorry for the ping
<thomas_newbie__> For my phpBB2 Server do I want to link /var/www/phpb to /usr/share/phpbb2/site ??
<ScottK> lamont: Would you be up for uploading some source backports for me (just need to re-sign and upload)?
<ScottK> On the off chance you show up while I'm afk...
<ScottK> http://www.kitterman.com/clamav/sylpheed-claws-gtk2_2.6.0-1.1ubuntu1.1~dapper1.dsc
<ScottK> http://www.kitterman.com/clamav/sylpheed-claws_1.0.5-5.1ubuntu0.1~dapper1.dsc
<ScottK> http://www.kitterman.com/clamav/php-clamavlib_0.12a-4~dapper1.dsc
<CygnusX1> Hello.  I have compiled snort with inline on US7.10; I am trying to modify the /etc/init.d/snort startup script from the offical deb to start this service, without luck.
<lamont> ScottK: later tonight, sure.
<lamont> they work, yes?
<ScottK> lamont: Yes
<ScottK> lamont: All test run here first: https://launchpad.net/~ubuntu-clamav/+archive with test results here: https://wiki.ubuntu.com/MOTU/Clamav?action=show
<ScottK> The clamav piece has already been started, so I want to get all the rdepends uploads ASAP.
<ScottK> lamont: Thanks.
<pierreth> hello
<pierreth> I am unable to make my php work
<foo> What do the logs say?
<pierreth> my php files are like txt files for apache2
<pierreth> I don't think I have errors
<pierreth> look at my config: http://pastebin.com/d245a5cb1
<pierreth> do I need something more?
<pierreth> no recent errors in the log
<foo> pierreth: recent apache + no errors. So your PHP isn't being parced?
<pierreth> foo: I think so
<pierreth> the php module is loaded
<pierreth> but it does not parce
<pierreth> foo: it seems to be a config problem
<pierreth> foo: http://pastebin.com/d245a5cb1
<foo> hmmm
<pierreth> foo: do I need something more?
<foo> pierreth: hm, grep /etc/apache2/ for PHP and see if something is commented
<pierreth> foo: no lines countains PHP
<pierreth> in apache2.conf
<foo> grep -iR php /etc/apache2/
<pierreth> http://pastebin.com/d42cdf1c8
<leonel> a2enmod php5
<leonel> pierreth: you need to enable php5
<pierreth> leonel: how can I do that?
<leonel> a2enmod php5
<leonel> as I see on the las  pastebin  there's no enabled php5   is just  available
<soren> Not true.
<soren> #
<soren> /etc/apache2/conf.d/php5.conf:LoadModule php5_module /usr/lib/apache2/modules/libphp5.so
<soren> Did you restart apache2 since installing libapache2-mod-php5 ?
<soren> foo: ^
<leonel> soren:  you are right  I was looking for the  mods-enabled/php5.load  and .conf
<pierreth> where I should add a2enmod php5
<foo> soren: err, sorry, kind of tied up right now
<soren> No worries. It's not my webserver that's not working :)
<leonel> pierreth:   sudo a2enmod php5
<soren> foo: Ah, sorry, I thought you were the one with the problem :)
<pierreth> leonel: OK
<soren> pierreth: Did you restart apache2 since installing libapache2-mod-php5 ?
<pierreth> soren: yes I did, it does nothing
<soren> pierreth: What are you using for testing?
<pierreth> it says that the php5 module was already loaded
<soren> pierreth: And what exactly is happening?
<foo> soren: oh, no problem, /me points to pierreth
<pierreth> soren: firefox
<soren> "my php files are like txt files for apache2" isn't a very exact error description.
<pierreth> soren: firefox asks if I want to download the file
<soren> pierreth: Stop using firefox and use something else.
#ubuntu-server 2008-01-23
<pierreth> soren: Opera?
<soren> firefox has an annyoing habit of caching the mimetype of a the response of a given url and doesn't really want to forget it.
<pierreth> OK
<soren> ...so it's quite likely that it's working, but firefox is tricking you into thinking that that's not the case.
 * soren kicks firefox
<soren> Use wget.
<pierreth> OK firefox was the problem!!
<pierreth> Everything was OK!
<pierreth> thank you
<leonel> soren: thats wierd
<soren> leonel: Quite.
<soren> pierreth: np
<lamont> ScottK: around?
<pierreth> soren: Opera refresh with the same page when the server is down
<pierreth> it does not want to load the page, so the old page stay at the screen intead of giving an error
<soren> pierreth: I remember IE at one point cached 404 responses. That cost me most of a day of pointless debugging.
<pierreth> soren: very smart!!!
<soren> Yes, I'm sure the idiot who implemented it thought so.
 * antdedyet has been going through a redhat horror story today
<pierreth> I had to delete the cache to make my php script work
<pierreth> a restart is not enough
<pierreth> it seems that php work without my config
 * lamont goes digging in irc logs to find where ScottK's stuff is
<leonel> lamont:  clamav ?
<lamont> yeah
<leonel> lamont:  https://launchpad.net/~ubuntu-clamav/+archive
<leonel> and the results  are in  https://wiki.ubuntu.com/MOTU/Clamav
<lamont> leonel: ah, I was just gonna grab them from ScottK's url
<lamont> ScottK: feh.  W: sylpheed-claws-gtk2 source: configure-generated-file-in-source config.log
<lamont> I know, not your fault
<lamont> W: sylpheed-claws source: package-has-a-duplicate-build-relation libaspell-dev, libaspell-dev (>= 0.50.3)
<lamont> W: sylpheed-claws source: configure-generated-file-in-source config.log
<lamont> looks reasonable. :-)
<ScottK> lamont: It's a straight backport from what's in the Feisty repository.
<lamont> yeah
<ScottK> lamont: Grab my .dsc's - Ther PPA version numbering will screw you if you grab them from here.
<ScottK> here/there
<ScottK> Urgh.
<lamont> yeah - I grabbed yours.
<ScottK> lamont: I gather you got the urls?
<lamont> And we're gonna see if my sig on a .changes and your sig on a .dsc is good enough for  poppy
<lamont> yeah
<ScottK> Cool.
<lamont> it was in the log file, just not in xchat scrollback...
 * ScottK runs off to play Daddy again for a while.
 * lamont does a testbuild
<lamont>  /build/lamont/php-clamavlib-0.12a/clamav.c:147: error: 'CL_DB_STDOPT' undeclared (first use in this function)
<lamont> so what does it need beyond what's in dapper{,-security,-updates}
<lamont> ScottK: these better build in LP-land.
<lamont>  OK: php-clamavlib_0.12a-4~dapper1.dsc
<lamont>      -> Component: universe Section: web
<lamont> This upload awaits approval by a distro manager
<lamont> Maintainer: Jonas Genannt <jonas.genannt@capi2name.de>
<lamont> Changed-By: Scott Kitterman <scott@kitterman.com>
<lamont> hrm.. I hope no one gets annoyed by ScottK not changing the Maintainer addr...
<ScottK> lamont: Not for Dapper.
<ScottK> lamont: Thanks.
<lamont> heh
<lamont> it's uploaded.  fwiw, it's your sig on the .dsc, so it'll be interesting to see what LP says.
<lamont> once $DISTROMANAGER says "OK"
<stiv2k> help
<stiv2k> this mysqld_safe script is running is consuming 100% CPU its been like this for a few days now
<stiv2k> even with mysql service stopped, the script continues to use up CPU time
<owh> I'm doing a backup with rsync and I want to exclude /proc /dev /sys /tmp, but if I use --exclude /tmp, then any path that has those four characters in it, say /home/bob/tmp/ will also be excluded, will it not?
<owh> OOh, I just RTFM'd for a fifth time. I was wrong. The / in the exclude pattern matches against the beginning of the path.
<kriel> Okay. Here's a new one on me. Two seperate ubuntu 7.10 CD's, And this same error comes up if I try to install to hard disk or if I try to check CD for errors.
<kriel> [##.######] ata1.00: cmd c8/00:08:00:00:00/00:00:00:00:00/e0 tag 0 cdb 0x0 data 4096 in [##.######] ata 1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x2 frozen
<kriel> rinse, repeat. several times.
<kriel> any suggestions?
<owh> kriel: Can you run the memcheck tool from the CD?
<kriel> owh: didn't try yet. both the install and the check cd options came up with the error, though.
<kriel> i kind of just let it sit and think it through, and it's going through the install... painfully slow, but at least it's going. currently it's stalled at the detecting hardware for CDroms.
<owh> Here is a description of some thoughts that others are having: http://www.perry-nelson.com/blog/2007/10/21/gutsy-gibbon-live-cd-boot-problem/
<kriel> ill check it out... it just failed to find my CD rom drive, so that could very well be it.
<kriel> Thanks.
<owh> kriel: Based on the suggested blacklist options on that page, you could probably boot your CD with some kernel blacklist options as suggested at point 5.2.1.3 on this page: http://d-i.alioth.debian.org/manual/en.sparc/ch05s02.html
<ScottK> I'd try the alternate CD.  I seem to have more luck with that as a rule.
<owh> kriel: Also, you can try booting in rescue mode, it may not load the same modules.
<owh> ScottK: The first URL I showed and other google hits seem to indicate that this doesn't work for that error, but I do agree, it's not a bad suggestion.
<ScottK> That's the first thing I always do when I hit a problem.
<owh> If you have bandwidth to spare, or if you already have the CD, then fair enough.
<kriel> owh: but I'm trying to install server. since when does server have an alternate CD?
<kriel> and you read my mind about those blacklist options..
<lamont> alternate is the other CD...
<lamont> server cd differs from alternate in what packages are on the CD or not...
<kriel> alternate, being, the ubuntu-desktop alternate CD?
<lamont> (alternate will let you install ubuntu-desktop, et al; server has server-ish bits, and less -desktop bits)
<kriel> and not the ubuntu-server CD?
<ScottK> But if you can get the alternate to install, you can turn your install into a server after it's installed.
<lamont> there are 3 CDs: desktop, alternate, server.
<kriel> ScottK: well, originally it had ubuntu-desktop on it. (6.06, I think, but it was fully upgraded afaik. but I think I nuked that a little while ago, so I don't know... I'll attempt it with the alternate CD.
<owh> kriel: You could also attach a USB cd drive if that helps.
<kriel> owh: if only i had one.
<owh> :)
<owh> You could network boot it.
<kriel> owh: that link you gave me suggested adding all_generic_ide at the end of the boot options..
<owh> Sounds like a sensible option.
<owh> I gotta go, leave a message here if you need more.
<kriel> owh: haven't worked with netboots yet. still a nooblet in the ways of the linux. not to mention the ways of the networking..
<kriel> mkay. Seeya later.
<milestone_> hi all
<milestone_> i am writing a network documentation about our server farm. And i am wondering what is the best way to document hdd partitions, so that both human and machine can easily understand how big the partitions are. I have been using fdisk -l hoping that the blocks printed there can be inserted in case of a desaster recovery and we have to recover from bare metal
<milestone_> but it turns out that the blocks stand in relation to the cylinders
<milestone_> and the test person was not able to do a bare metal recovery
<milestone_> is it better to document such things with sfdisk?
<Gargoyle> morning all
<Gargoyle> Anyone know if it is safe to rsync the entire /etc/apache directory to another host?
<soren> Gargoyle: I don't see a problem with that.
<soren> Well, unless you've done "interesting" things to it.
<Gargoyle> nahh
<Gargoyle> jsut 2 bog standard installs, 1 live and 1 on a 15 min rsync backup
<rotini> any of you guys using postfix?  My instance of it is trying, every 5 minutes, to email something to root@localhost.  I suspect i should make it stop that.  Any suggestions?  I can't figure out what it's doing, nor what triggers it every 5
<lamont> rotini: generally the content of such mail is a big clue
<rotini> heheh
<ubuntunut> Hey guys. Just curious as to how a cli handles network connections if /etc/network/interfaces is bare
<ivoks> it doesn't
<ubuntunut> It... doesn't.
<ubuntunut> Fair enough.
<ubuntunut> I'm guessing my install of wpa_supplicant is what gets me connected currently, yes?
<ivoks> if you don't have /etc/network/interfaces, you don't get network connection
<ivoks> unless you set it up manualy with ifconfig/iwconfig/wpa_supplicant/something_else
<ubuntunut> ivoks: Alrighty. wpa_supplicant explains it then
<ivoks> iirc, wpa_supplicant alone can't get you connected
<ubuntunut> I was able to get on after running this install script written by some very clever UP students: http://www.pittgeeks.org/projects/files/new_install.py
<ubuntunut> I did no more, no less.
<ivoks> that script does a lot
<ivoks> it starts dhcp client
<ivoks> and lots of other things...
<ivoks> after running this script, it's kind of funny to say 'i did just this' :)
<ubuntunut> ivoks: I see. I apologize for bothering you then. was just curious how I'd initialize network connectivity when I got out of the dorm and back home.
<ubuntunut> I'm not fluent in python if you couldn't tell :)
<coffeedude> dendrobates: Just sent you updated files for likewise-open packages.
<dendrobates> coffeedude: thanks, I'll check them out.
<ivoks> hi guys
<coffeedude> dendrobates: Built on gutsy,  testing latest version of hardy now.
<dendrobates> ivoks: hi
<soren> &win 158
<soren> gah..
<soren> frickin us keyboard
<mathiaz> hi ivoks
<zul> meeting in 45 minutes?
<foo> zul: for?
<zul> server-team
 * ajmitch will just lurk again
<foo> zul: what is the meeting about?
<ajmitch> server stuff :)
<zul> foo: check the wiki
<foo> :) cool. link?
 * foo debates lurking 
<zul> check the topic
<foo> in #server-team or here
<foo> ahhh, doh, ok.
<foo> cool
<rotini> hello all.  I'm looking at sysv-rc-conf here, and I see that udev and udev-finish aren't run at any runlevels.  That must be right, because I didn't screw around with this, but it seems strange.
<foo> hm, speaking of which, I think I broke my laptop.
<ajmitch> rotini: /etc/rcS.d, but it's initially started in initramfs, iirc
<foo> 37 seconds for ubuntu with xdm, not bad, I don't think.
<rotini> ajmitch: so I shouldn't be seeing it in that list?  The system is working, so...
<ajmitch> no, you should see it there
<Gargoyle> greetings
<ivoks> zul: that drbd patch is 17830 lines long
<zul> ivoks: sen me a url so i can look
<ivoks> zul: http://www.grad.hr/~ivoks/patch-linux-2.6.24-drbd-8.0.7
<zul> ivoks: thanks
<thomas_newbie__> Hi. Can someone help me. Whenever I log in to my phpBB form it redirects me to a "server not found". But when I press the Back button, I am in fact now logged in
<luckyone> hello all
<luckyone> can anyone help me with network bridging?
<luckyone> I need to connect a device to my eth0, then I need that device to use eth0 to connect to my network via ath0
<luckyone> is this possible?
 * lamont wanders offline for a while
<dho_ragus> luckyone: brctl is the bridge control tool
<luckyone> dho_ragus: right - I have created a bridge, added the two interfaces, but nothing works...
<dho_ragus> try `sudo brctl addbr br1` then `sudo brctl addif br1 eth0` and `sudo brctl addif br1 ath0`
<dho_ragus> oh
<dho_ragus> really?
<dho_ragus> can you sniff traffic from across the bridge?
<dho_ragus> does the bridged system still have internet access?
<soren> ...turns out I was wrong. the LSI driver *is* in the hardy virtual kernel image.
#ubuntu-server 2008-01-24
<antdedyet> Sweet, Ubuntu is offered by Hostway now
<antdedyet> Finally, I have some push to move a big client of mine over from RedHat.
<Gargoyle> goodnight all
<ScottK> Who was the ebox guy?
<ScottK> I commented on your libtree-perl package on REVU.
 * emgent night.
<Icehawk78> Is there a way to kill a process (a Ruby script, specifically) and then start it again every x hours through SSH?
<milestone_> hi all i am running ubuntu on both server and desktop. Now i have a question when there comes a new ubuntu release say from feisty to gutsy, my update-notifier tells me, "hey there i s new release. Do you want to upgrade? " Is there something similar for the server? Or do I need to edit the sources.list by hand?
<pteague> i think you'll have to change the sources.list, but i'm not sure... there's a url around somewhere that has info on upgrading versions, but i don't remember... let me see if i can find it
<pteague> https://help.ubuntu.com/community/UpgradeNotes
<pteague> go into whichever version you need & there should be a network upgrade for ubuntu servers section
<milestone_> ok thx
<pteague> np, if you have a software raid array you may have issues with that...  i had to re-add 1 of the drives & let it rebuild the backup
<_ruben> to upgrade a server use: sudo do-release-upgrade
<milestone_> question about locale configuration on gutsy
<milestone_> it says install locales reconifugre locales install localeconf reconfigure localeconf
<milestone_> but i remember a nice dialog where i could choose which locales i can generate with locale-gen
<milestone_> is that gone?
<kgoetz> yes. iirc two releases ago
<milestone_> i want more than one locale because i am running squirrelmail and it is working with compiled locales
<milestone_> kgoetz: why? does it really make sense?
<milestone_> so i run locale-gen with the locales i need, correct?
<kgoetz> milestone_: dont remember. just remember it got pulled
<milestone_> kgoetz: yeah no worries
<milestone_> i see that reconfigre locales will re-generate even those locales i generated with locale-gen
<Gargoyle> Morning
<kraut> moin
<zul> morning
<AnRkey> i am having problems with my nfs server
<AnRkey> I can create and delete dir's and files
<AnRkey> can't edit them
<AnRkey> output from nano:  Error writing new file: Invalid argument
<AnRkey> gedit, openoffice and others give more or less the same error
<AnRkey> any help would be cool
<CarlFK> gutsy - Package `locale' is not installed and no info is available.
<CarlFK> E: Couldn't find package locale
<CarlFK> apt-cache search locale = about 1 million hits
<coffeedude> CarlFK: Its "apt-get install locales".
<CarlFK> coffeedude: just found that on http://ubuntuforums.org/showthread.php?t=397005
<CarlFK> which is the real problem, and folloing all of those sugestions didn't help
<coffeedude> CarlFK: ahhh....ok.
<zul> does anyone have an opinnon on https://bugs.launchpad.net/bugs/182086?
<ubotu> Launchpad bug 182086 in dovecot "dovecot-common postinst fails for multiple ssl certs" [Medium,Triaged]
<nxvl_work> zul: the grep is only checking if there is any ssl cert
<nxvl_work> zul: not using it
<nxvl_work> if there is one it uses it, if not, it creates one
<nxvl_work> so the solution is a good one
<nxvl_work> IMHO
<zul> ok good
<CarlFK> what is the #u-doc  chan name?
<CarlFK> or is there one?
<sommer> CarlFK: #ubuntu-doc
<CarlFK> huh - must have misspelled it. thanks
<reya276> having a bit of an issue, for some reson postfix stopped sending and receiving emails, any ideas why that might happen, nothing has changed except for some normal updates to Ubuntu yesterday
<reya276> this is the only thing in my mail error log "Jan 24 14:31:49 krusty postfix/sendmail[9858]: fatal: usage: sendmail [options]"
<Goosemoose> hi guys, has the addon for hardy been finished to enable the simple authentication against an AD domain?
<dho_ragus> reya276: whenever i have to troubleshoot mail problems i use `tcpflow port 25`, send mail, then dig through the output of the dump.
<dho_ragus> reya276: another thing to do is to do dpkg-reconfigure on your mail package
<dho_ragus> i've had mail problems that have been resolved by both of those.
<reya276> thanks, but the issue seems to be fixed as It was an update from yesterday that was left unattended and BIND was going to change a script so it was waiting for someone to give the ok
<sommer> soren: hello, is there a way to use virt-manager from the cli?
<Goosemoose2> Sincerely,
<Goosemoose2> Dominic Maricic
<Goosemoose2> Home Inspector Pro
<Goosemoose2> http://www.HomeInspectorPro.com
<Goosemoose2> Toll Free: 1-888-750-4777
<Goosemoose2> oops, wrong window, sorry
<Goosemoose2> hate it when that hapens. does anyone know if the new module to connect ubuntu to an AD server via hardy is ready
<jetole_> hey guys, some tech at our company, probably me but thats besides the point, just did a rm -rf /usr/lib on a server, is there a way using a CD I can fix this? I was able to do a dpkg --get-selections before ssh dropped me but using apt-get --reinstall failed with missing libs
<zul> i think you might be screwed
<zul> but then again you might not
<infinity> debootstrap a base system to a chroot, copy over enough libs to make dpkg and apt happy again, then do the --reinstall dance.
<jetole_> infinity: thanks
<jetole_> infinity: you want to do that for me?
<jetole_> j/k
#ubuntu-server 2008-01-25
<CarlFK> how do I figure out what package contains dig?
<CrummyGummy> Hi all, my reiserfs is borked. How do I force a fsck on boot?
<CrummyGummy> Which server fs do you guys use. (that is if there is anyone out there)
<kgoetz> ext3
<CrummyGummy> I'm going that way.
<CrummyGummy> Reiserfs is crap and xfs has already borked on my desktop workstation.
<CrummyGummy> Definitly back to old faithful
<kgoetz> heh
<CrummyGummy> Its almost 4 am and I'm deciding whether or not to visit the server room. I want to put it all on lvm too.
 * CrummyGummy is converted.
 * kgoetz wouldnt be making that sort of change at 4am
<kgoetz> i'm not entirely sold on lvm
<CrummyGummy> hehe
<CrummyGummy> kgoetz: Bad experiences?
<kgoetz> CrummyGummy: it seems like an extra level of complexity and potential failure, for no real benefit on small servers/workstations
 * CrummyGummy has already slept at least 2 hours :)
<CrummyGummy> I mainly want it so that I can make snapshots of live data like mysql, save on a few mornings like this.
<kgoetz> mmm. i'd just use mysqls dump tool for that
<kgoetz> but i get the 'like' bit too
<CrummyGummy> It locks tables.
<CrummyGummy> hehe
<CrummyGummy> Have you tried evms?
<kgoetz> nope
<CrummyGummy> another level of complexity...
<kgoetz> hehe
<cybermad> i want to move all of company documents that shared with Microsoft Windows 2003 Server to linux invorenment, does Ubuntu Server with SAMBA is the best choice? or should i choose like FreeNAS or OpenFiler ?
<`6og> cybermad, depends how the files are shared
<cybermad> `6og what do you mean?
<`6og> cybermad, depends how people expect to access the files. if its just as a shared drive, samba will probably be fine
<cybermad> just shared drive, maybe later i will improve it, so can access the files from FTP or Web
<cybermad> does SAMBA support inherintance permission?
<`6og> dont know
<`6og> ftp is not an improved method to access it, btw
<cybermad> sorry, i mean just give addtional feature to access the files
<cybermad> my last question, you answer don't know? sorry..
<kgoetz> re permissions? no i dont know
<AMDbox> Server Installation - hangs after hostname - Dell PowerEdge R200
<kgoetz> after hostname?
<AMDbox> after inputing hostname
<kgoetz> which installer are you using?
<AMDbox> 6.06 dapper server
<kgoetz> try pressing alt+f4 and look at the information on the console
<AMDbox> on the hang screen?
<kgoetz> yes
<AMDbox> ok, let me try that. thanks
<mikubuntu> hey guys.  i bought a couple of old dell optiplex boxes, hoping one will do as local server to start building a site with magento.  can anyone tell me if there is any one particular operating system that works well with magento?  i'm thinking of downloading ubuntu server, is this a good choice?
<kgoetz> never heard of magento before
<mikubuntu> i guess it is fairly new ecommerce solution, but the foundation 'sounds' good, according to community
<AMDbox> kgoetz, the msg i got is "no volume group found"
<AMDbox> i guess i will have find a way to setup the hdd first
<kgoetz> mikubuntu: you might have to ask teh community what they recomend
<mikubuntu> i've never worked with any server, or any ecommerce, so i'm jumping off a cliff pretty much
<AMDbox> mikubuntu, try OScommerce
<mikubuntu> can you recommend another ecommerce open source that works well with ubuntu server?  downloading 6.06 now
<AMDbox> OScommerce on 6.06. tested
<mikubuntu> there is no reason why i couldn't try more than one on the same server is there?
<mikubuntu> AMDbox: ahhhhh....
<mikubuntu> so i should definitely try oscommerce then
<mikubuntu> but, about my question, is there any reason i couldn't try several on the same server?  what other besides oscommerce might you recommend?
<kgoetz> depends how they run, but you should be able to run several
<mikubuntu> just to see what works well with my limited gray cells
<mikubuntu> since the lobotomy, everythings a mission, y'know
<mikubuntu> oh, my.  download complete.  must burn. brb.
<mikubuntu> ok, nother question.  since 606 has been around quite awhile, are there likely to be lots of updates if i connect that box online, or is it pretty much stable?  just wondering cause  spacewise i can get the machine close enough to my ethernet right now... is this critical?
<kgoetz> mikubuntu: did you download in hte last week? you should have 6.06.2, which is up to date as of a month ago
<mikubuntu> just downloaded tonite from ubuntu.com, server edition, alt install.
<kgoetz> should be .2
<mikubuntu> 433.9 mb
<mikubuntu> ok, ya, lookd on download mgr, is .2
<kgoetz> :)
<mikubuntu> so i'm all up to date for the moment?  i'll have to reaarange the desk to get that box online in a few days.
<mikubuntu> damn, except that i've got to get the ecomms on there ...
<mikubuntu> can oscommerce be burned to disk and introduced that way?
<kgoetz> basically up to date
<mikubuntu> or do i have to net download it directly to box?
<kgoetz> net would be eaiser (for dependancies)
<mikubuntu> dang it
<mikubuntu> oh, well, i go install 606 anyways for now.   thanks a lot for your help.
<kgoetz> np.
<mikubuntu> back again.  do i want to 'install to the hard disk'? or 'install lamp server'?  i thought ubuntu server WAS lamp?
<kgoetz> lamp probably
<kgoetz> the server has other options too
<mikubuntu> hmmmm.  but lamp is what i want for oscommerce you think?
<_ruben> ubuntu servers dont necesarily have lamp stuff .. like when you want it as a dns server, you dont need lamp stuff
<_ruben> oscommerce sounds lamp'ish
<mikubuntu> dns, means like domain name server?  so for like actually serving to the internet, as opposed to just building a site locally that i will upload to commercial host later?
<kgoetz> no, not exactly
<mikubuntu> :(
 * mikubuntu began to sweat like a working girl in church
 * kgoetz doesnt get the metaphore, but reminds mikubuntu about teh !CoC if required
<mikubuntu> all right, i guess i go lamp for now.  got 4 more boxes if this not be the right one for the job.
<mikubuntu> kgoetz: do i want to use LVM?  or just guided install entire disk?
<kgoetz> mikubuntu: just used guided entire disk
<mikubuntu> k, thanks
<kgoetz> np
<kraut> moin
<kgoetz> ello
<mikubuntu> omg.  i got lots to learn.  i know how to use 'n' and the 'spacebar' now tho.  lol. cya guys.
<soren> sommer: Er.. no. You might be interested in virsh? it's in libvirt-bin.
<AMDbox2> hello, installation hang, 6.06 dapper server, hangs after inputing hostname, - error msg - " no volume group found"
<AMDbox2> hardware - Dell PowerEdge R200 - Xeon X3220, 4 GB Ram, 160 HDD x2(SATA).
<AMDbox2> anyone?
<avatar_> maybe the sata controller isnt recognized by the installer?
<_ruben> AMDbox2: 6.06 or 6.06.2 ?
<AMDbox2> i try both
<AMDbox2> 6.06.1 and 6.06.2
<avatar_> AMDbox2: my guess is that the sata controller isnt supported by the kernel in 6.06. Can you try it with a Gutsy server install cd?
<avatar_> see http://www.clarkconnect.com/forums/showflat.php?Number=103390
<AMDbox2> ok, thanks, let me try
<AMDbox2> check with you guys, ubuntu-6.06.2-amd64.iso vs ubuntu-6.06.2-server-i386.iso
<AMDbox2> for Xeon Quad-core,
<AMDbox2> both will work?
<Gargoyle> Good morning freenoders
<_ruben> morning
<zul> morning
<_ruben> g'day
<mok0> soren: ping
<mok0> hi jelka
<soren> mok0: Yes?
<mok0> soren, I just want to ask you about kvm
<soren> Shoot
<mok0> Although we can now start several virtual machines, we can only access one machine at a time
<mok0> soren: when one machine f.ex. answers ping, the others are just waiting
<mok0> soren: if the blocked machine wakes up, the first one is then blocked
<soren> You're still running on gutsy?
<mok0> soren: yes, but we have kvm 59 installed
<soren> Oh, ok.
<soren> New kernel modules as well?
<soren> ..or the ones from 2.6.22?
<mok0> jelka: ?
<mok0> soren: jelka will answer
<soren> if you don't know, then you're using the ones from 2.6.22 :)
<jelka> yes, new modules as well
<soren> You're sure? dmesg says that it's version 59?
<soren> or is it just silent?
 * soren -> coffee brb
<mok0> soren: it is version 59
<soren> Ok, great.
 * mok0 grabs a cup coffee
<mok0> soren: looking at dmesg output, it seems the tap ports are entering and leaving listening state
<soren> Are they running vnc or -nographic?
<soren> mok0: Oh. Erm...
<soren> That's odd. Can I see?
<mok0> soren: I'll pastebin it
<soren> mkay
<mok0> soren: http://paste.ubuntu.com/3865/
<mok0> soren: this is a section where we were running with 2 vm's
<soren> Interesting. Let me check something.
<soren> You're running this at the university, right?
<mok0> soren: yes
<mok0> soren: please let me know if you don't have time for this "consulting" work, it's only in case you can learn something that you should spend time on it
<soren> mok0: Oh, this is very useful. No worries!
<soren> mok0: Could you toss me the output of "sudo brctl showstp <name of your bridge interface>"?
<mok0> soren: ok good, I just dont want to abuse your friendliness
<mok0> soren, http://paste.ubuntu.com/3866/
<soren> mok0: I wonder what this looks like from the client's perspective. Anything interesting in its dmesg?
 * mok0 looks
 * mok0 is in the vm now
<mok0> soren, Ubuntu Pastebin <http://paste.ubuntu.com/3867/>
<mok0> soren: the dmesg from one guest
<soren> That was remarkably uninteresting.
<mok0> soren: yeah there is nothing really unusual in there for my eyes
<mok0> But something is making the two servers step on each others toes when communicating with the network
<soren> Yeah.. STP madness, it seems.
<mok0> soren: perhaps it is some timer issue? perhaps we can set some parameters?
<soren> No, I think it's purely a networking (stp) related problem.
<mok0> soren: what is stp, exactly?
<avatar_> spanning tree protocol
<soren> Yeah.
<avatar_> preventing loops on your network
<mok0> soren: we tried setting "bridge_stp on" on the host, but it did not make a difference
<soren> mok0: I'm not all the experienced with stp, unfortunately.
<soren> I know that disabling it altogether might fix it, but could potentially cause other problems.
<mok0> soren: we don't have other bridges on the network
<soren> You could try... :) brctl stp <bridge name> off
<soren> mok0: Sure?
<mok0> soren: not entirely :-)
<mok0> soren: a great time to kill the network, here friday at 15:04, don't you think :-)
<mok0> soren: it didn't change anything
<mok0> only one machine at the time will answer the ping
<mok0> they take turns every 30-60 seconds or so
<soren> This is very interesting indeed.
<soren> I've not heard of or seen this before.
<soren> What does the host dmesg say now?
<mok0> soren: The installation is gutsy, with a hardy kvm + module. Could be a strange interaction with the kernel?
<soren> I doubt it.
<mok0> soren: I will pastebin the last few minutes of dmesg
<soren> cool.
<mok0> soren: http://paste.ubuntu.com/3869/
<mok0> soren, the first couple of lines overlap with the first part http://paste.ubuntu.com/3865
<soren> Right.
<soren> Can I see brctl show?
<mok0> Ubuntu Pastebin <http://paste.ubuntu.com/3870/>
<zul> ivoks: crud i forgot what I was going to ask
<ivoks> hi
<ivoks> drbd?
<ivoks> zul: think hard :)
<zul> ivoks: does the patch you sent me work?
<zul> ie the kernel has been rebuilt and tested?
<ivoks> zul: no, that patch was generated by drbd it self
<ivoks> zul: i didn't test it on hardy yet
<zul> if possible can you?
<ivoks> but i can :)
<ivoks> consider it done
<zul> thank you
<ivoks> zul: there's drbd8-source package in hardy
<zul> ill generate a generic flavour linux-ubuntu-modules for you soon
<ivoks> zul: it creates drbd8 module which should work (it works in previous versions of ubuntu), but i'll test it
<soren> mok0: Sorry, suddenly had a meeting pop up.
<mok0> soren: np
<soren> mok0: Erm.. Well, it sure would be cool if you were running hardy so that we could rule out kernel stuff, libvirt, etc..
<mok0> soren: I can do that on another host
<mok0> soren: Just setting up my new quad core with hardy :-P
<mok0> still a bit rough around the edges
<soren> mok0: That's the way I like it.
<soren> mok0: It's tough love.
<mok0> soren: Yeah, hardy's a touch bitch
<mok0> s/touch/tough
<kriel> I've been working with ubuntu-server 7.10, and been having some problems. It seems (from reading the forums, among other things) that the ubuntu-server disk dosen't like sony disk drives. However, the two moderately functional CDROM's I have in my apartment are both made by sony. Any suggestions?
<soren> mok0: :)
<soren> kriel: What are "some problems"?
<kriel> soren: namely, that when it goes to detect CD-rom's, it finds none. (regardless of the fact that it booted off the dang thing.) There are also some errors when it first boots, but it manages to work past those into the install. Digging through my CD stack for the server CD to reproduce those.
<soren> kriel: You claim this is an issue with the server cd only?
<kriel> main menu > 'install to hard disk' > ata1.00: cmd c8/00:08:00:00:00/00:00:00:00:00/e0 tag 0 cdb 0x0 data 4096 in
<kriel> ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x2 frozen
<kriel> yup. It also happens when I use the 'check cd for errors' option. I know it's only with server, because I've installed ubuntu desktop to this machine before.
<kriel> this http://www.perry-nelson.com/blog/2007/10/21/gutsy-gibbon-live-cd-boot-problem/ blog has some info on it, starting especially with #6
<Gamekiller> any server support guys here the main channel is to fast for me
<zul> yes
<Gamekiller> i am very worried that i have somthing very wrong with my LAMP server
<zul> Gamekiller: just ask your question
<Gamekiller> at ssh or local screen
<Gamekiller> the interface works very slow
<Gamekiller> and at the local level all the text out put is in caps and what it type is in cap but it dose not go to the system in caps
<Gamekiller> i remeber 8 years ago that being a rootkit hack tell tail
<Gamekiller> top shows nothing running on the cpu
<soren> Gamekiller: What's your username on the machine? (Upper/lower-case is important)
<Gamekiller> i have what is called Moodle running on the server it is a CMS but is stands for Classroom Managment System
<Gamekiller> lower case
<Gamekiller> and it take it as the upcase that i see
<Gamekiller> the only port that go public is the 80 the rest is behind my firewall in the dmz
<soren> If you use uppercase at login, your console will assume that your terminal only supports uppercase characters.
<soren> the logs will be fine, though.
<Gamekiller> i had this on my othere server that runs nogios and zenoss and it was going the same now it reverted back it just odd and hte repose time on all termninal ssh or local is super slow very little load and this is a dual zeon 2.8 or so with 2 gigs or ram
<Gamekiller> of*
<Gamekiller> right now i not so worried about the client speed as it only on a bounded T1 but next month it will go to a DS3 and i need it to work full tilt as it host media files for the classes on it
<Gamekiller> would mysql make a differnance
<Gamekiller> also i see mysql-safe that bad right
<soren> No, mysqld_safe is fine.
<Gamekiller> i wonder if i need to run something to clean the db up a bit
<soren> Could you try running "pidof pidof", wait a few seconds, and then the same command again?
<oly-> if you connect to your database using mysql-admin it prints a little graph showing if your db is under any strain, might be worth a try
<Gamekiller> do i just log in or is there a command for the graph
<spiekey> maybe someone can help me with my Samba-LDAP domain controller problem here?!
<oly-> its a gui program that connects to mysql
<spiekey> After producing a power supply failure (stopping my Ubuntu and windows client by the stop button in vmware) and starting them up again i can see a delta in my ldap database.
<spiekey> the uidNumber, sambaSID, sambaPwdChange, sambaNTPassword and samabaPwdLastSet get changed after that power failure and i dont know why.
<Gamekiller> oly-:  what plateforms dose that support
<Gamekiller> that form the mysql site right
<oly-> most platforms and yes the mysql site, there is also mysql-querey-browser for modifying the data
<oly-> but soren knows his stuff better than me :)
<Gamekiller> yah now i remeber that was on my old desktop and when i had tiger i need to down load that for my lepard build of osx ok
<Gamekiller> btw is this ok to have for mem load got this from proc meminfo MemTotal:      2075904 kB
<Gamekiller> MemFree:        959612 kB
<oly-> i know mysql also has a slow query log but not sure its located of top of my head :p
<Gamekiller> ok
<Gamekiller> that site i have has query timeing on it
<Gamekiller> and it get it stuff pretty fast
<Gamekiller> when is the next big release going to happen any clue
<oly-> could look on the moodle site for performance problems
<Gamekiller> yah i going to do that next the forums are just full of noob admins that remote host the site
<Gamekiller> so sometimes it hard to get good sysadmin support
<oly-> true, i used to use moodle ages ago on a ubuntu server but never had any performance problems, but it was used on an internal lan as well
<soren> Gamekiller: Next release of what?
<soren> Gamekiller: Ubuntu?
<Gamekiller> yes
<soren> April 24th.
<soren> Did you run those commands?
<soren> 17:09:00 < soren> Could you try running "pidof pidof", wait a few seconds, and then the same command again?
<Gamekiller> going to now for mysql dling the client
<soren> Er... Don't bother.
<soren> Gamekiller: You said "nothings' running on the cpu".
<soren> Gamekiller: Unless you left out "except for mysql" ?
<Gamekiller> what do you mean
<soren> You said "nothing is running on the cpu", right?
<Gamekiller> see it was working fine for a long time
<Gamekiller> well from top yah
<soren> 17:01:55 < ~Gamekiller> top shows nothing running on the cpu
<soren> Good.
<coNP[uni]> Good afternoon!
<soren> hey
<coNP[uni]> Does anyone know if Gutsy slapd supports SSL (and why does it not :)?
<soren> Gamekiller: Then there's not much point in checking if mysql is causing a lot of load.
<Gamekiller> ok
<soren> Gamekiller: Did you run the commands I told you?
<Gamekiller> soren:  witch ?
<Gamekiller> one
<soren> 17:09:00 < soren> Could you try running "pidof pidof", wait a few seconds, and then the same command again?
<Gamekiller> ok
<Gamekiller> done
<Gamekiller> 12645 and incroment each time i run this
<Gamekiller> soren:  the above line is what i got on the output
<soren> Ok.
<rotini> hello all.  are scsi-connected tape drives just treated like hard drives?  can I do mkfs.ext3 /dev/whatever?  Or should I be thinking about it in a different way?
<soren> no
<soren> You don't want to put a file system on a tape.
<Gamekiller> soren:  what dose that command do just so i know
<soren> Gamekiller: If you had something fork()ing like mad, that number would increase by a *lot* more than 1 each time.
<Gamekiller> rotini:  i have not tired but most admins i talk to use amanda for tape drive not sure ubuntu supports it
<Gamekiller> ok good to know
<rotini> Gamekiller: yeah, I've seen that app mentioned once or twice.  I'll check it out
<Gamekiller> my brother inlaw uses it at Fatsmanual where he works as a DBA
<Goosemoose2> does anyone know if the new module to connect ubuntu to an AD server via hardy is ready
<mathiaz> Goosemoose2: not yet - it may be uploaded next week
<todd_> anyone here running ubuntu server 64-bit on AMD64? If so.. are there any issues I should be aware of?
<nijaba> todd_: I am and don't have any issue
<todd_> nijaba, excellent. are you using cool'n'quiet??
<nijaba> todd_: nope
<todd_> nijaba, oh, ok. mine is just going to be a small, personal web server... so... I think I'll run it just to save power a little.
<nijaba> todd_: yep, that should be fine
<todd_> nijaba, thanks for your help. I can't wait to get this thing rolling out. Have a good deay.
<todd_> *day
<nijaba> you too
<rotini> so, with backup tapes, it doesn't have a directory structure like a disk?  I'm looking at how to back up to one, and it makes me think that I can put only one big .tar on the tape at one time.  Anyone up on this stuff?
<sommer> rotini: you should just be able to send the files to tape using tar
<sommer> rotini: tar czvf /dev/st0 /etc
<sommer> for example, should put the /etc/ directory on the tape
<sommer> I think you may be wanting to use the file system utilities to manipulate the tape, but I don't think it works that way
<rotini> sommer: yeah, i've just read a little more about it.  Still a bit different than what I'm used to (hard drives).
<sommer> yep, once you get the utilities down it's really not too big an issue
<sommer> the big one is tar, or whatever archive utility, and the command to rewind the tape
<sommer> I forget that one though
<rotini> mt -f /dev/whatever rewind
<sommer> boom
<qman> I was wondering, does anyone know which ports apache uses when sending pages back? I want to limit the bandwidth it uses with tc, and if that's configurable, it would be easiest
<ivoks> 80?
<qman> not the listen port, the ports it sends the data on, like when you download images on a web page
<ivoks> well, it's communication in both directions
<ivoks> it's 80
<qman> then how does it handle multiple simultaneous connections? I thought 80 was just for the requests
<qman> if so, that's easy
<ivoks> one could write a encyclopedia about how does apache handle multiple connections :)
<Weasel[DK]> 80 is for listen port (server)  and clients are > 1024
<qman> hehe
<ivoks> for start, there are couple of different mpms
<ivoks> each of them works different
<ivoks> bottom line, it's 80 :)
<qman> It's just, I know how ftp works
<qman> and ftp needs both 21 to connect on, and a high port range to communicate with
<ivoks> qman: not higher, but 20
<qman> I thought apache worked similarly, but couldn't find any info on which port range it uses
<ivoks> 20 is for data, 21 for communication
<qman> yeah, but passive ftp also requires a high port range
<Weasel[DK]> use tcpdump. and you will see
<qman> good idea
<qman> oh boy, too much garbage, time for wireshark
<ivoks> tcpdump src your_webserver
<Weasel[DK]> tcpdump -nn src your_webserve
<qman> huh, it does run on one port
<qman> my server is https, and everything is coming back from 443
<qman> thanks for the help
#ubuntu-server 2008-01-26
<pubo> Hi
<pubo> anybody using ldap?
<`6og> !tell pubo about ask
<c1|freaky> hi all. does anyone tell me which hdd encryption tutorial in the wiki.ubuntu.com is best for a server?
<c1|freaky> i want to only encrypt the 3nd HDD.
<qwerty123452> Intel Core 2 Duo processor, trying to install ubuntu-7.10-server-amd64.iso -- I get a reboot on any option from the initial menu.  Any ideas?
<ScottK> Are you set on running the 64bit?  What chipset on the motherboard?
<qwerty123452> No, I'm not set, but I figured I might as well.  P35
<qwerty123452> Gigabyte GA-P35-DS3L
<marcin_ant> Hi all
<marcin_ant> guys - today I'm not so annoyed as yesterday
<marcin_ant> but I still need to say some bad words about so called "ubuntu-server"
<marcin_ant> why?
<marcin_ant> because I had to ride 120km to my server only because your 'do-release upgrade' from feisty to gutsy i BROKEN
<marcin_ant> because it renamed eth0 to eth2 and eth2 become eth0 and guess what - I lost my ssh session
<marcin_ant> it sooo unbelievable that you could release product that has bug so critical for sysadmins :(
<marcin_ant> and more - I had more troubles with this upgrade - after release upgrade my /etc/network/interfaces was BROKEN too
<marcin_ant> because I had some virtual ethernet interfaces eth2:0 eth2:1 etc. - and ubuntu failed to run these interfaces too... :(
<marcin_ant> unbelievable...
<marcin_ant> and so f(*&(*& annoying while you work on remote machine :(
<kraut> moin
<Gamekiller>  when i was in gentoo there was a harding guide for admins do the ubuntu community have something like that for server admins
<Nafallo> Gamekiller: yes
<Gamekiller> were abouts should i endever my search so i find it the fastest
<Nafallo> http://www.debian.org/doc/manuals/securing-debian-howto/
<Gamekiller> thanks you so much Nafallo
<Nafallo> also in the package harden-doc
<Gamekiller> cool i want to bone up i have a inbound webserver project and i need to make sure it all ready to go by feb 12
<Gamekiller> did not know they had a package called that nice to know
<Nafallo> it's a bit silly really.
<Nafallo> it should be called debian-security-doc or something :-P
<Gamekiller> time to see if i piss off any users i just rebooted a server hehe
<Gamekiller> i want to see if the new kernel udpate i just got helps with some funny problems i been haveing on my webserver for online classes we offer
<Gamekiller> o nuts server not coming back up i jsut going to have go in tomorrow morning
<Gargoyle> greetings freenoders
<cybermad> i work at medium size company (about 50 people). I just need sugestion from you guys, where is the best to store the company's files/documents? I need that hardware/software support ACL,inheritance permission, and must reliable. Please any sugestion?
<Gargoyle> time for dinner before archivist wrecks the place! ;)
<fishor> soren: hi! i was looking in to your bug... " security = share  for smb.conf"  what du you think about "map to guest = Bad  User" ?
<fishor> soren: it will solve win_xp issue and make the same like nautilus do
<fishor> this question is actually for every one
<fishor> im tolking about Bug 32067
<ubotu> Launchpad bug 32067 in samba "the security parameter must be set to share, not user, in smb.conf - Smb/Gnome sharing broken" [High,In progress] https://launchpad.net/bugs/32067
<LinuxGrasshopper> anyone on?
<LinuxGrasshopper> hey
<LinuxGrasshopper> pumpernni3kle hey
<LinuxGrasshopper> hello anyone there?
<LinuxGrasshopper> hello?
<LinuxGrasshopper> anyone there?
<Gargoyle> yup
<hubuntu> sort of...
<hubuntu> ;)
<LinuxGrasshopper> hi
<LinuxGrasshopper> anyone there?
<LinuxGrasshopper> hello?
<LinuxGrasshopper> anyone?
<hubuntu> LinuxGrasshopper what do you need?
<LinuxGrasshopper> oh i was wondering if anyone was on cause my friend needs some help with his server ans he will be on in about 30 mins to and hour. also i was wondering who we or he could ask about his server problems.
<Gargoyle> LinuxGrasshopper: Start by reading some of the links in the topic. Specifically the ones about asking good questions.
#ubuntu-server 2008-01-27
<LinuxGrasshopper> ok so my freind was trying to set up a ubuntu server with xampp and he finished but we cant connect tried alot of stuuf including ping and tracert to see if we could actually reach the servers ip and it work so we think his ports are being block for some reason
<Gargoyle> xampp?
<LinuxGrasshopper> yea
<LinuxGrasshopper> it has apache, mysql, and some other stuff
<Gargoyle> as apposed to ubuntu's own Apache, MySQL and PHP packages?
<LinuxGrasshopper> yea i think so
<LinuxGrasshopper> he found a tutorial on how to set it up
<LinuxGrasshopper> i will get him on when he gets on so he can explane in more detail
<LinuxGrasshopper> home*
<Gargoyle> OK, I have seen XAMPP running under Windows because some of the stuff can be a pain in the ass. But you are aare that the recent versions of the server distro actually have an optioin to setup a LAMP server during installation?
<Gargoyle> s/aare/aware
<LinuxGrasshopper> i dont know much about linux
<LinuxGrasshopper> my friend is the one doing it not me
<jetole> hey guys, I don't know where to ask this but since it is on ubuntu server I thought I would ask here...
<jetole> I am setting up pptpd / poptop and I want it to act as a primary router since some of our internet services are firewalled to only allow access to certain things like sql to our office only
<jetole> so basically if anyone pptpd into our office and then connects to our remote sql I want it to be allowed into the firewall
<jetole> ...
<jetole> right now if I ping out to an external address from out test computer which is connected to cdma modem and to our pptpd, and I monitor the office ids / bridge, I see a ping go out, a ping reply return but the pptpd client never sees the return
<sean_R> hey man
<eyeball> howdy
<sean_R> ok so i dont know why but these guys dont talk much
<eyeball> good timing, i'm about to eat dinner so we'll get started in a few
<sean_R> ok man
<jetole> well at least there is more noise in here then in #tcpip
<sean_R> lol
<sean_R> i think they are all private chatting
<antdedyet> win 5
<antdedyet> lose 6. :)
<CarlFK> how can I change an account pw to something random?  guessing usermod -p foo
<CarlFK> just not sure what foo is
<methods> wow nobody hangs out in #ubuntu-jeos ?
<methods> nobody awake ?
<methods> i can't believe jeos doesn't have my nic driver
<methods> so it's customized for vmware
<methods> i thought it was just ubuntu-server but super trimmed down just for the sake of being trimmed
<methods> i wonder if i can just use the server cd to upgrade this jeos to a regular server instead of redoing the entire install
<methods> why still run apparmor ?
<faulkes-> morning
<faulkes-> or <time of day> for those of you where appropriate
<mok0> Anyone here using NIS?
<faulkes-> not I
<faulkes-> at least not currently and not for quite some time
<mok0> I trying to set up a NIS slave server on Ubuntu, but the damn thing insists on distributing its own /etc/hosts file instead of the master's
<faulkes-> sorry, wish I could be of more help, I just got up on this side of the pond and only on my first cup of coffee
<mok0> faulkes-: no problem, I have some ideas to test
<mok0> faulkes-: I might have accidentally run "make" in /var/yp, which would screw things up
<mok0> I see what the problem is now: yphelper does not return all the master's maps...
<mok0> Got it now. Bugs reported:  #186367 and #186363
<mok0> ach! bug 186367
<ubotu> Launchpad bug 186367 in nis "yphelper does not list all of master's maps" [Undecided,New] https://launchpad.net/bugs/186367
<mok0> bug 86363
<ubotu> Launchpad bug 86363 in linux-source-2.6.20 "Feisty: When switching users the touchpad won't work (dup-of: 68370)" [Undecided,Confirmed] https://launchpad.net/bugs/86363
<ubotu> Launchpad bug 68370 in xserver-xorg-input-synaptics "Synaptics touchpad not enabled for second X display" [High,Fix released] https://launchpad.net/bugs/68370
<mok0> bug 186363
<ubotu> Launchpad bug 186363 in nis "nis init.d script should start ypxfrd on slave, not master" [Undecided,New] https://launchpad.net/bugs/186363
<mok0> grrrr
<mok0> ubotu, I hate you
<ubotu> Sorry, I don't know anything about i hate you - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<faulkes-> heh
<AnRkey> is anyone here a scripter?
<faulkes-> any particular type of script
<AnRkey> i wanna replace all instances of VAR001 in a file with the contents of an import file, something like this
<AnRkey> sed -e s/VAR001/`cat importfile'/ output.html
<AnRkey> bash
<faulkes-> how big is importfile?
<AnRkey> i am getting this from sed sed: -e expression #1, char 16: unterminated `s' command
<AnRkey> it's 12 or so bytes
<faulkes-> I would probably use something like perl
<AnRkey> i am writing a backup script that emails results to me and my buddy
<AnRkey> don't know perl or python just yet
<AnRkey> just getting to know bash
<faulkes-> well, it would appear you are not completing the actual sed command
<AnRkey> i have tried almost everything
<AnRkey> driving me nuts
<AnRkey> almost there
<faulkes-> sed -e s/VAR001/`cat importfile`/g output.html
<faulkes-> iirc
<faulkes-> I havent worked with sed in quite some time
<AnRkey> nope
<faulkes-> cat myfile | sed -e s/VAR001/`cat importfile`/g > output.html
<AnRkey> i think i am going to create a variable and fill it with the data fromt he file
<faulkes-> that works
<AnRkey> then use the var in place of the 'cat import'
<faulkes-> myfile contains the VAR001 information
<faulkes-> importfile contains the text you wish to replace
<faulkes->  >output.html generates the new file with the replaced content
<AnRkey> the import file containts the data that the text VAR001 must be replaced with
<AnRkey> in the output.html
<AnRkey> brb
<faulkes-> yes
<faulkes-> you have a file that has a bunch of VAR001's in it
<faulkes-> you have an importfile in which you have data you wish to replace VAR001 with
<faulkes-> you wish the final output file to be named output.html
<AnRkey> http://paste.ubuntu-nl.org/53800/
<AnRkey> it works
<AnRkey> thanks for the help
<AnRkey> I am creating a spiffy template for our backup scripts email
<AnRkey> so it looks nicer when you read it
<AnRkey> so the sed part is to inject the data from log files
<AnRkey> it's really working well now
<AnRkey> shweet
<mok0> AnRkey: this is cleaner imho: http://paste.ubuntu-nl.org/53809/
<mok0> AnRkey: because your script will be in trouble if there's a slash in the file
<faulkes-> mok: come on, what are the chances his script would *ever* encounter a \ in a unix environment?
 * faulkes- whistles innocently
<mok0> faulkes-: ever heard of Murphy's law? :-)
<faulkes-> no, perhaps they should bring it up in the next ubuntu newsletter, to which I might subscribe
 * faulkes- smiles
 * mok0 smiles back
<MatBoy> hi, I'm having a problem on a ubuntu server that mysql_safe is running on 100% when I restart it.. it are 2 both running on 50%
<faulkes-> eh now?
<mok0> MatBoy:  Don't you think it's supposed to? It may be running some housekeeping tasks
 * mok0 know close to nothing about mysql
 * mok0 knows ... etc
<faulkes-> MatBoy: mysql_safe is a startup script which invokes mysqld properly
<faulkes-> however
<faulkes-> are you saying that both the safe process and the mysqld process are each using 50% of the cpu?
<MatBoy> mok0, for 24 hours ?
<MatBoy> faulkes-, yes and if it's one... itÅ on 100%
<mok0> MatBoy: Errh, no not likely :-)
<MatBoy> mok0, didn't think so indeed :D
<faulkes-> which version of mysql
<faulkes-> first thing I would do is connect using the mysql cli client and issue a "show processlist;" command
<MatBoy> mysql  Ver 14.12 Distrib 5.0.45,
<faulkes-> any particular engine type? myisam? innodb?
<MatBoy> faulkes-, all are sleeping
<faulkes-> and I'd check the /var/lib/mysql directory for the error log contained there
<MatBoy> ow
<MatBoy> command is sleeping :)
<MatBoy> yes that is strange,... notthing there
<MatBoy> -t
<faulkes-> are you running myisam based tables?
<MatBoy> faulkes-, have to check... it's an application that is running it
<faulkes-> what application?
<MatBoy> faulkes-, restore-backup
<MatBoy> I have already reported it at their bug system
<faulkes-> then I would check the application specific information rather than mysql itself to start with
<MatBoy> faulkes-, indeed, but after googeling I have seen that it happened before that it was a bug
#ubuntu-server 2009-01-19
<MianoSM> Nice is process scheduling.
<soulresin> no sense of humor.
<maxbaldwin> soulresin: I have a sense of humor
<soulresin> i noticed that.
<soulresin> maxbaldwin: i like the cut of your jib.
<maxbaldwin> thank you.
<the_squircle> Does anybody know how to change the mirror from the command line (apt-config something?)?
<MatBoy> how stable is ubuntu-server comparing to Debian stable ? OK, stable has very old packages
<maxb> It's hard to quantify that sort of thing, really. but given I happily run Debian *testing* on a server, I'd wouldn't have concerns about using Ubuntu on a server
<MatBoy> maxb: I have used sarge for years when it was in testing.. really great !
<MatBoy> maxb: I have some issues with the sarge packages... too old (again)
<p_quarles> MatBoy: I run 8.04 on a VPS - it hasn't had any stability problems since I first booted
<p_quarles> MatBoy: but it is hard to quantify; use cases vary so dramatically
<p_quarles> hence why "works for me!" is usually not a good answer :)
<MatBoy> p_quarles: I have a server running about 2 years now with Ubuntu and without any problems
<MatBoy> so
<MatBoy> Ubuntu is well documented
<MatBoy> Debian isn't
<MatBoy> and old
<MatBoy> and politics
<MatBoy> and no support when you barely need it
<MatBoy> so
<MatBoy> ubuntu all the way ;)
<MatBoy> (but I need to change the root-pass ;))
<p_quarles> whatever, Debian's great too
<p_quarles> and Lenny is on the verge of release, and I understand has fewer outstanding bugs at this point than Etch does
<p_quarles> perfectly reasonable to use that for a high availability esrver
<p_quarles> server, even
<MatBoy> p_quarles: yes true
<MatBoy> but the question if if they will make it with the release
<Ying>  hi. i am looking for the drive to my ZTE modem, model MF622 HSDPA USB MODEM.
<Ying> where can i find it?
<uvirtbot`> New bug: #318649 in mysql-dfsg-5.0 (main) "not sure was loading update and system reported a bug" [Undecided,New] https://launchpad.net/bugs/318649
<smultron> anyone in here set up mailgraph?
<smultron> i'm just getting broken images on the cgi webpage
<kraut> moin
<[gnubie]> i don't have a gui and i am running ubuntu server 8.04 lts.. is there a detailed documentation about the upstart since sysv initscript is gone?
<uvirtbot`> New bug: #318703 in nagios-plugins (universe) "nagios check_smtp expects integer instead of double" [Undecided,New] https://launchpad.net/bugs/318703
<c64zottel> hello, i have running an opvpn server, and now i am wondering why there are 2 ip's in the tunnel, my server is 10.23.0.1, but what is 10.23.0.2 good for?
<c64zottel> ï»¿tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
<c64zottel> ï»¿ï»¿inet addr:10.23.0.1  P-t-P:10.23.0.2  Mask:255.255.255.255
<Nafallo> endpoint
<c64zottel> Nafallo: there is no connection, and the endpoint gets an ip address from a pool like 10.23.0.2 - 10.23.0.254, and also, there could be much more connections as just one
<Deeps> c64zottel: because you're using a point to point tunnel, which needs each endpoint defined
<Deeps> if it makes you uncomfortable or you experience any oddities, you can switch to using tap devices instead
<c64zottel> Deeps: i guess i am reading it right now in opvpn FAQ: ifconfig-pool option use a /30 subnet, cause of some window-stuff
<c64zottel> i am right?
<Deeps> on point to point tunnels, yep
<c64zottel> so, it is a connection between linux and the real endpoint
<c64zottel> Deeps: thank you
<Deeps> all i did was expand on what Nafallo said
<c64zottel> Deeps: no offense, but just endpoint gives me nothing, ok, i didn't ask that much details, but i expected a bit more.
<Jeeves_> Q: If I use ubuntu-vm-builder, how do I log in?
<yann2> Jeeves_ > you can specify a login and password
<Jeeves_> How>
<Jeeves_> ?
<Jeeves_> Where?
<yann2> ah its in the arguments somewhere :)
<Jeeves_> !canonical-- # No manual entry for ubuntu-vm-builder
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<yann2> just run it without arguments
<Jeeves_> You cannot enter a password
<yann2> well I use --user and --ssh-user-key
<yann2> but I think there is a password argument too
<Jeeves_> It's really great that canonical writes all these scripts
<yann2> and my version isn't the default one in hardy
<Jeeves_> But *SO* annoying that there is no documentation
<Jeeves_> I'm running Jaunty
<yann2> then it should be fine
<yann2> give #ubuntu-virt a try you may get better support
<yann2> if you run it without argument is should display the documentation though
<Jeeves_> Thanks
<Jeeves_> didn't know that was around
<Jeeves_> yann2: 'man' should always work :)
<yann2> I didn't say there wasn't any problem :)
<frippz> I'm looking for a suitable FTP-server along with a web interface to administer FTP-users
<frippz> any suggestions?
<yann2> cant remember :x
<yann2> oups wrong windows :)
<Deeps> hmm
<Deeps> upgraded my 8.04.1 server to .2, new kernel etc
<Deeps> now on reboot it hangs configuring network interfaces
<_ruben> .2 is out? must've missed that announcement
<Deeps> i didnt realise it was either til the machine didnt come back from reboot and i saw it in grub
<Deeps> appears to be sendmail hanging
<Deeps> indeed, at boot time, it brings up eth0, which in turn tries to bring up sendmail, which attempts to do a host on eth0's ip, which hangs
<ivoks> bringing eth0 up, brings sendmail?
<ivoks> what did you do to your /etc/network/interfaces?
<Deeps> indeed, it's in if-up.d
<Deeps> no idea why
<ivoks> why?
<Deeps> # This script is called when a network device comes up.
<Deeps> #
<Deeps> # Here is where we'll start sendmail if needed.
<Deeps> #
<Deeps> # Written By Richard Nelson <cowboy@debian.org>
<ivoks> hehe
<ivoks> you are wrong, ubuntu doesn't provide that in that file
<ivoks> that was a custom made change
<Deeps> i certainly didnt!
<ivoks> oh, sendmail
<Deeps> it's in if-down.d too
<Deeps> post-down even
<ivoks> ah, directory?
<Deeps> hmm?
<ivoks> i thought it's in your /etc/network/interfaces file
<Deeps> nope, certainly not
<ivoks> so, sendmail fails to start?
<Deeps> root@router:/etc/network# find /etc/network| grep sendmail
<Deeps> /etc/network/if-down.d/sendmail
<Deeps> /etc/network/if-up.d/sendmail
<Deeps> /etc/network/if-post-down.d/sendmail
<Deeps> eth0 ip 192.168.1.254, at boot time it tries to bring up sendmail, which in turn tries to host 192.168.1.254, and it hangs there
<Deeps> well, it tries to birng up eth0, wihch in turn prompts the sendmail in if-up.d
<ivoks> what's in /etc/hosts?
<Deeps> 127.0.0.1       localhost
<Deeps> 127.0.1.1       router.truman.lan       router
<Deeps> 192.168.1.254   router.truman.lan       router
<ivoks> ?
<ivoks> that doesn't look good
<ivoks> remove the middle line
<Deeps> i added the 3rd line just before reboot attempt number 12
<ivoks> remove the second line
<ivoks> leave the 3rd
<Deeps> removed
<Deeps> killed bind, host still hangs
<ivoks> now reboot
<Deeps> brb then, this machine doubles as my adsl router
<ivoks> :)
<Deeps> nope, still hangs
<Deeps> commented out auto eth0 from interfaces, rebooted, got a shell prompt, tried to birng it up and it works
<Deeps> take it down, kill bind, do it again, it hangs
<Deeps> watching ps ax indicates that when host times out, it tries again
<ivoks> so, network starts before bind
<ivoks> and sendmail script tries to find a hostname of that ip
<Deeps> yep
<ivoks> that shouldn't hang if everything is ok in /etc/nsswitch.conf
 * Deeps looks
<mathiaz> hello ivoks !
<ivoks> mathiaz: hi
<ivoks> Deeps: grep ^hosts /etc/nsswitch.conf
<Deeps> hosts:          files dns
<ivoks> egrep even :)
<Deeps> line above you
<ivoks> Deeps: and your /etc/resolv.conf?
<Deeps> search truman.lan
<Deeps> nameserver 127.0.0.1
<Deeps> nameserver 192.168.1.254
<Deeps> middle i added recently
<Deeps> in an attempt to fix (which clearly didnt work)
<alaz> hey. anyone thats good with routing between two subnets?
<Deeps> i figured lo would be up by then, and connect refuse host, and cause it to carry on, didnt account for sendmail to loop host til it succeeded
<ivoks> Deeps: how about removing those nameservers?
<ivoks> Deeps: that's a bug in sendmail script
<Deeps> pretty sure this behaviour is new, just dist-upgraded to .2
<ivoks> Deeps: sendmail didn't change in 8.04
<Deeps> :> /etc/resolv.conf; host 192.168.1.254; times out
<alaz> I got two subnets connected. 10.0.0.0 net is where the gateway for internet is located. 10.0.1.0 net has internet access but cant connect to other comps on the network. is there a way to route traffic between pcs on the two nets?
<ivoks> Deeps: does 'host localhost' works?
<Deeps> ah
<Deeps> found the problem
<Deeps> i'm using bind9-host
<Deeps> switched to normal host and it works properly
<ivoks> well, bind9-host is default
<ivoks> and that shouldn't be a problem
<Deeps> it wasn't on here
<Deeps> i dont think it was, anyway
<Deeps> might have been the ovh box it wasn't
<Deeps> killing bind, using bind9-host, it times out looking up 192.168.1.254
<Deeps> killing bind, using host, it successfully looks up
<ivoks> dnsutils depends on bind9-host | host
<ivoks> bind9-host works on my machine without bind with no problems
<Deeps> without any reachable nameservers?
<Deeps> for resolution of ips in your hosts file?
<ivoks> right, it doesn't
<Deeps> there's the problem then i think
<ivoks> not even for hosts in /etc/hosts
<ivoks> hm
<ivoks> Deeps: you shouldn't use localhost|local ip as a DNS, anyway
<ivoks> :)
<ivoks> but that doesn't change a thing
<Deeps> well it's the local caching nameserver for the lan
<ivoks> host should read /etc/hosts first
<Deeps> bind9-host appears to ignore it
<ivoks> it doesn't work as expected, it ignores /etc/nsswitch.conf
<ivoks> that's a bug
<Deeps> so i've found two bugs in one go? nice
<ivoks> only one :)
<Deeps> sendmail looping host isnt a bug?
<ivoks> no, it relays on a working functionality
<ivoks> could be a whishlist bug
<Deeps> wont let me file a bug against it
<Deeps> https://launchpad.net/ubuntu/hardy/+package/bind9-host
<ivoks> it's a bind9, not bind9-host
<Deeps> alrighty
<ivoks> https://bugs.edge.launchpad.net/ubuntu/hardy/+source/bind9
<ivoks> Deeps: good catch
<ivoks> zul: ping
<zul> ivoks: yo homie
<Deeps> ivoks: can you confirm? https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/318828
<uvirtbot`> Launchpad bug 318828 in bind9 "bind9-host does not respect /etc/nsswitch.conf" [Undecided,New]
<ivoks> zul: bug #227410
<uvirtbot`> Launchpad bug 227410 in bacula "[SRU] catalog Backup fails because .my.cnf is not read" [Medium,In progress] https://launchpad.net/bugs/227410
<maswan> host has alwasy just asked dns, "getent hosts" is a much better way of going through ns
<ivoks> zul: that's fixed in hardy proposed, and it's fixed on native upload in intrepid and jaunty
<zul> ivoks: ok
<ivoks> zul: SRU is requested, and people reported that proposed version works for them
<ivoks> zul: what else do we need to get this into updates? :)
<maswan> I frequently use host vs getent hosts to determine differences between dns and hosts in case of trouble..
<zul> ivoks: people reporting it in the bug report saying that it works? ;)
<ivoks> zul: it worked for one guy and me
<ivoks> zul: no one else said anything :)
<zul> ivoks: please update the bug repot then
<Deeps> maswan: either host needs to respect nsswitch.conf, or the sendmail startup script needs to use getent hosts or whatever instead; there's a bug somewhere though
<maswan> Deeps: I'd say sendmail fix is needed, documentation for host say that it is a DNS lookup utility, not a generic name lookup utility
<Deeps> maswan: please comment on bug 318828 then!
<uvirtbot`> Launchpad bug 318828 in bind9 "bind9-host does not respect /etc/nsswitch.conf" [Undecided,New] https://launchpad.net/bugs/318828
<maswan> More of a user friendly dig than a good way of determining how hosts resolve
<maswan> Sure
<Deeps> what purposes does the hosts line in nsswitch serve then?
<maswan> Deeps: For everything that resolves through libc, those rules apply.
<Deeps> ok
 * Deeps reboots now with host instead of bind9 host in the hopes it works
<maswan> since host is for diagnosing dns etc, it has it's own resolving logic
<ivoks> i would expect it to read /etc/nsswitch.conf, or, at least, my /etc/hosts
<Deeps> back to normal
 * Deeps files a bug against sendmail too then
<maswan> ivoks: Well, it'd still differ in some corner cases I'd expect, since it doesn't use the libc resolver.
<Deeps> i wonder if apt and v6 will play nice again now too
<maswan> ivoks: hosts in ldap, nis, etc are very unlikely to be queried and parsed by host
<ivoks> true
<ivoks> this is a sendmail bug
<Deeps> :P
<ivoks> Deeps: sorry for misleading you
<Deeps> that was my first instinct too
<ivoks> Deeps: i'll close your bug :)
<Deeps> ta
<Deeps> "sendmail uses 'host' instead of 'getent hosts' to determine local ip resolution"?
<maswan> yeah
<ivoks> Deeps: right; you really love sendmail?
<Deeps> not really, it was installed by default
<ivoks> by default?
<ivoks> sendmail?
<maswan> I'll not comment on the bug then
<ivoks> maswan: you can, sure
<Deeps> i assume so, i cant see any reason why i'd have installe... oh
<Deeps> probably installed it for a website i was developing for a friend
<maswan> Actually, I just had it all typed out. So "comment", then head off for dinner. :)
<ivoks> Deeps: we install postfix by default, and there could be an error where exim could get installed, but no, not sendmail
<ivoks> we love our users :D
<Deeps> postfix isn't installed, nor was it by default (mail-server task wasn't requested)
<ivoks> Deeps: if you install any app that requires MTA, you'll get postfix or, in some strange cases, exim
<Deeps> wasn't a packaged app, i just needed an MTA for the oscommerce site i was customising
<Deeps> sendmail was what i'd used in the past without fuss
<ivoks> ok
<ivoks> i've just heard people complaining on debian's packaging of sendmail, which we include in ubuntu too (in universe)
 * Deeps removes
<uvirtbot`> New bug: #318828 in bind9 (main) "bind9-host does not respect /etc/nsswitch.conf" [Undecided,Won't fix] https://launchpad.net/bugs/318828
<alaz> One question about routing: I got two subnets connected. 10.0.0.0 net is where the gateway for internet is located. 10.0.1.0 net has internet access but cant connect to other comps on the network. is there a way to route traffic between pcs on the two nets?
<alaz> not just internet from the router on 10.0.0.1
<simplexio> alaz: do you mean that 10.0.0.0/24 is on eth0 and 10.0.1.0/24 is behind eth1. and you wat acces from that computer to both subnets or what
<Deeps> alaz: the default router for clients on the 10.0.0.0/24 subnet needs to know to route 10.0.1.0/24 to the ip address of the machine in hte middle of both subnets
<Deeps> alaz: likewise the default router of the machines in 10.0.1.0/24 needs to know to route 10.0.0.0/24 to that same machine
<alaz> Deeps: the router is connected to 10.0.0.3. so i should create a route 10.0.1.0 - 10.0.0.3?
<Deeps> alaz: i dont understand your network layout, if you could draw a diagram it'd be easier to explain to you
<alaz> Deeps: og give me a few minutes
<frippz> I'm looking for a suitable FTP-server along with a web interface to administer FTP-users, any suggestions?
<Deeps> ebox with whatever ftpd's included in main?
<frippz> Deeps: right, forgot about ebox. will check it out! thanks
<spiekey> hello!
<spiekey> any idea how to fix this? http://pastebin.com/m3516281a
<spiekey> anyone?
<henriquelm> hello there
<yann2> looks painful spiekey
<yann2> I had the same issue once.. very painful
<yann2> can't remember how I fixed it
<yann2> doesnt work with aptitude neither?
<henriquelm> Can anyone tell me how can I setup ubuntu's vnc to start running since the logon screen?
<spiekey> whats the command line command? i dont like the gui
<alaz> Deeps: http://jabrahamsen.com/Drawing4.jpg
<z10dej> Please, give me some link for quick gid. (for dummer):-D
<Deeps> alaz: is 10.0.1.1 also on the 10.0.0.0/24 network?
<alaz> yep
<Deeps> alaz: what's its 10.0.0.0/24 ip?
<alaz> eth0: 10.0.0.3 eth1: 10.0.1.1
<alaz> has its own dhcpd
<Deeps> 10.0.0.3 is assigned to another pc according to your diagram
<alaz> Deeps: its just a typing error.
<Deeps> ok
<Deeps> on 10.0.0.1, add a route to 10.0.1.0/28 via 10.0.0.3
<z10dej> Please, give me some link for quick gid for server configurations. (for dummer):-D
<Deeps> z10dej: http://doc.ubuntu.com/ubuntu/serverguide/C/
<henriquelm> Can anyone tell me how can I make Ubuntu's VNC to work on the logon screen?
<z10dej> Deeps: thenks.  Russian server ha
<z10dej> Deeps: Rassian server is clear in this qastion:)
<zoopster> spiekey: not sure why yann2 thinks it's painful...dpkg is the right tool to use, but you need to find out why nagios is complaining...need more detail than what you are showing
<MatBoy> sre there any package disadvanatges on the 64 bits version ?
<MatBoy> *disadvantages
<Deeps> anyone here knowledgeable with ipv6 and apt?
<yann2> zoopster > basically when a package's uninstall script doesnt work (breaks, return 1) the script doesnt get removed
<zoopster> yann2: understood, but that doesn't mean its painful...there is always a reason for it
<yann2> yes but well it took me quite a while to figure it out last time :)
<yann2> and last time I think the reason was a bug
<zoopster> yann2: ah...painful to YOU. Ok.
<yann2> zoopster > well I'm all listening :) how do you do when a package refuses to uninstall? but thanks for the nice hint that I'm stupid :)
<zoopster> yann2: wow...wrong side of the bed today?
<yann2> or bad english, I must have misunderstood :)
<zoopster> yann2: I only said that it's painful to you. I have had the same problem and quite recently...I dug through to figure out what caused it and fixed it...turns out that my problem was a bug as well, but the remedy was rather simple...install again and remove correctly
<yann2> how do you reinstall if its already installed? dpkg-reconfigure?
<zoopster> yann2: sorry...too much to write there...the package was partially removed...or I guess partially installed.
<Deeps> alaz: what tool did you use to draw your network map?
<frippz> Deeps: are you sure that there even exists modules for any kind of ftp-server for ebox?
<Deeps> frippz: well pro and pureftpd both use system user accounts for their authentication by default
<Deeps> frippz: as does vsftpd
<Deeps> frippz: so once you've installed it, all you need to do is add users without shell access
<frippz> Deeps: ah well, that's true. I used that method before but with webmin
<Deeps> i'm sure ebox has user management in it, which is what you originally asked for iirc
<Deeps> !webmin | frippz
<ubottu> frippz: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<Deeps> ^^ that would be why i recommended ebox
<uvirtbot`> Deeps: Error: "^" is not a valid command.
<frippz> ah :D
<frippz> damn... I better remove those install that are already present then :)
<frippz> *webmin installs
 * frippz purges webmin from five servers at once ^^
<frippz> Deeps: I was actually thinking about using MySQL auth or something like that
<Deeps> frippz: proftpd has a mysql auth module
<dinsdale07> Does this line mean that the httpd process is started by init? It's a line from ps -ef:        www-data 13833     1  0 13:56 ?        00:00:01 /usr/sbin/httpd
<Deeps> frippz: vsftpd might too
<yann2> dinsdale07 > try pstree
<yann2> but yes
<frippz> this will be a server where clients uploads stuff to us, but they should all have their own home dir, so maybe system accounts will be better suited for this
<dinsdale07> yann2 - with pstree the same process shows up as perl: "  |-perl,13833     ". I don't understand how to find out about how this process was started.
<dinsdale07> htop on the other hand shows /sbin/init as the PID
<frippz> Deeps: are there any alternatives to ebox?
<Deeps> frippz: sure, loads, none of wihch are supported by ubuntu though
<DawnLight1> hello. i've followed https://help.ubuntu.com/community/Exim4 after that I couldn't use SMTP from my home e-mail client so i've changed dc_relay_domains from '' to '*' and now it seems that my exim is not asking for any authentication. why isn't it asking for authentication?
<frippz> Deeps: yeah, I read up a bit on it just now
<frippz> Deeps: I find ebox a bit lacking. I'll have to check it a bit more before I pass any real judgment though :)
<ivoks> zul: i don't understand pitti's comment :)
<zul> ivoks: bug # again?
<ivoks> sorry, wasn't here :)
<albertico> hi
<albertico> has anybody tried zfs on ubuntu?
<uvirtbot`> New bug: #318915 in mysql-dfsg-5.0 (main) "max_connections fixed to 886" [Undecided,Confirmed] https://launchpad.net/bugs/318915
<p_quarles> albertico: since it doesn't exist, no
<albertico> hmm... what about the zfs-fuse?
<p_quarles> did that ever go anywhere?
<albertico> p_quarles, I have read about issues on performance
<albertico> p_quarles, then, any suggestions on a filesystem with snapshot/copy-on-write capabilites?
<p_quarles> right, but is that proejct still even in active development? haven't heard anything frmo zfs-fuse in a while
<p_quarles> btrfs is in the newest kernels
<albertico> p_quarles, everything I have found so far points only to experimental use of btrfs for now
<albertico> p_quarles, have you tried it?
<p_quarles> no, I have not, and yes, it is still experimental'
<p_quarles> but unlike zfs-fuse, it is actually still being actively developed
<albertico> p_quarles, ok... so I read...
<p_quarles> in any event, I think a need for those features would mean using Solaris at this point
<albertico> p_quarles, how about ext3cow... any advice you can give?
<p_quarles> not something I'm familiar with
<p_quarles> but, it sounds like a workaround, and I prefer to avoid those if possible
<p_quarles> particularly since there is a free version of Solaris now
<albertico> p_quarles, well, there is someone marketing win 2003 shadow copy on my work...
<p_quarles> I don't follow
<albertico> p_quarles, so I am looking for a similar functionality
<p_quarles> Oh, I see what you mean
<albertico> p_quarles, it's a windows "feature" that creates snapshots of files
<p_quarles> like I said, OpenSolaris gives you ZFS -- Ubuntu doesn't, and won't have that until btrfs is here
<albertico> p_quarles, ok... I will stick to my strategy of using vfs plugins for samba... or maybe switching to freebsd for my file servers...
<ivoks> albertico: then't you'll move back when brtfs goes stable :D
<albertico> ivoks, yep ;)
<albertico> p_quarles, thanks for your feedback
<p_quarles> sure
<uvirtbot`> New bug: #318954 in krb5 (main) "Please sync krb5 1.6.dfsg.4~beta1-5 (main) from Debian unstable (main)." [Wishlist,Confirmed] https://launchpad.net/bugs/318954
<jetole> hey guys
<jetole> I am looking for a cheap data center to host a DNS server for me. This will be a tertiary DNS server running TinyDNS simply to make sure all of our DNS are not hosted on the same subnet/AS/datacenter
<uvirtbot`> New bug: #318975 in kerberos-configs (universe) "Please sync kerberos-configs 1.22 (main) from Debian unstable (main)." [Wishlist,Confirmed] https://launchpad.net/bugs/318975
<jetole> can anyone recommend a trustworthy company that will be fairly cheap?
<uvirtbot`> New bug: #296719 in kerberos-configs (universe) "kerberos-configs fails to configure if dnsdomainname fails" [Undecided,Fix committed] https://launchpad.net/bugs/296719
<uvirtbot`> New bug: #318994 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.0.67-0ubuntu6 failed to install/upgrade: subprocess post-installation script returned error exit status 1, server cannot bind to port" [Undecided,New] https://launchpad.net/bugs/318994
<knottyer> Sendmail ques re Ubuntu 8.04: Sendmail is running on my sendmail.server box. As seen from there, port 25 is open (nmap -p25 localhost), but closed when viewed from other Ubuntu 8.04 boxes on local network (nmap -p25 sendmail.server). On sendmail.server, firewall is off, TCPwrappers allows all traffic from local network, and there are no errors in mail.log.  /etc/pam.d/ holds no sendmail modules.  Local network is a subdom
<knottyer> ain of 192.168, and sendmail's access file set to "192.168   RELAY".  Any ideas on what could be causing this weird behavior?
<knottyer> Additional info: All firewalling takes place at the gateway, not between boxes on my domain.
#ubuntu-server 2009-01-20
<altf2o> quick question: I'm on Ubuntu Server 8.10 and i've gotten SSH, Apache, NFS etc... working just fine. However when wanting to use NIS or LDAP to make NFS easier to work with\manage, i keep getting ALL sorts of stupid headaches. I believe it's got everything to do w/ the 'domain' i'm choosing (/etc/resolv.conf) anyone have tutorials on how to use those services WITHOUT having a DNS registered name?
<altf2o> i'm also running DNS on this box just as a cacheing nameserver for my entire intranet. I manually added an entry for a 'testnet.com' which 'dig' shows perfectly, still doesn't work though. I think that's just heading in the wrong direction.
 * [gnubie] waves
<[gnubie]> i have a running ubuntu-server 8.04 lts and now it's using upstart.. how can i customize it?
 * jmedina waves back
<jmedina> [gnubie]: what you mean with customize it?
<jmarsden|work> [gnubie]: For general "make the server use different software" type 'customization', read the Server Guide, see /topic
<[gnubie]> jmedina: not sure though but for other distro, there is a /etc/inittab
<jmarsden|work> [gnubie]: What specifically do you want the server to do? After you customize it, how will it behave?
<jmedina> well there is a lot of documentatio about upstart and the sysv compatibility (inittab /etc/init.d/ and /etc/rcX)
<jmedina> most of the config is in /etc/event.d/
<jmedina> cat rc2
<[gnubie]> if i want to execute a certain command during bootup, where shall i put it then? i don't want to put it inside the /etc/rc.local
<jmedina> yeap
<jmedina> but it will be executed at the end
<[gnubie]> jmedina: that's why i don't want to add a script inside the /etc/rc.local
<jmedina> [gnubie]: and do you want to do?
<[gnubie]> any other place i can put a simple script to execute during bootup?
<jmarsden|work> [gnubie]: So what is the "certain command", and when in the boot process *do* you want it to execute?
<jmedina> well as with another distro you can write your own rc script, add it to /etc/init.d/ and then configure it to start at aspecific run level
<jmedina> you can do it with a symlink to the /etc/rcX.d/directory or usiing update-rc.d
<[gnubie]> jmarsden|work: i can't think of for now.. maybe an example will be a script to update a dynamic dns probably
<jmedina> like ddclient?
<jmedina> ddclient has its own rc script and is activated on boot time
<[gnubie]> jmedina: it's just an example.. i can't think a particular job of that script.. that script may just contain a one-liner script
<jmarsden|work> [gnubie]: When you have a real example, so we know what its requirements are, come back here and ask again :)
<jmedina> [gnubie]: yeap, for example the /etc/init.d/hostname it doesnt requiere a argument
<[gnubie]> jmarsden|work: my real requirement is to where is the similar /etc/inittab file in ubuntu-8.04
<jmarsden|work> [gnubie]: There is no exact equivalent.
<[gnubie]> and to where is the best place to put a custom script (not an rc one) and execute it during bootup
<jmedina> rc.local
<[gnubie]> jmedina: /etc/rc.local will be called right after all the rc scripts were executed
<jmedina> [gnubie]: yeap, unless you know exactly at what stage you want to execute your script
<Deeps> you can change that behaviour if you want, as the invocation of rc.local is defined like any other rc script
<jmedina> [gnubie]: I recommen you create your rc script based in a simple one /etc/init.d/hostname and then add it with update-rc.d
<Deeps> seconded
<jmedina> read the man page for the priority options or edit the header of the script to specify the default start and default stop
<jmedina> Im not sure if update-rc.d honors the BEGIN INIT INFO (lsb compatible)?
<[gnubie]> ok, let's say i want to execute a command "/sbin/ztcfg" right after asterisk has enabled during bootup and after that, a series of daemons will be turned on.. what shall i do then?
<Deeps> as jmedina already stated, use a simple rc script as your base
<Deeps> like /etc/init.d/hostname.sh
<[gnubie]> Deeps: i have to create an rc script for a single command only?
<jmedina> [gnubie]: you need to check when is asterisk started probably the script is /etc/rc2.d/S93asterisk
<jmedina> so you need to start it before create /etc/rc2.d/S92ztcfg
<Deeps> alternatively you could modify the asterisk script, but that probably isn't recomended
<Deeps> [gnubie]: if the other scripts that run after asterisk loads depend on /sbin/ztcfg having been run, then yeah. if not, then no, just stick it in rc.local
<[gnubie]> let's say, the command that i want to be executed is not related to asterisk but i just want it to be executed right after asterisk.. what shall i do then? remember, this is just one command with 5 characters perhaps
<Deeps> [gnubie]: if the other scripts that run after asterisk loads depend on /sbin/ztcfg having been run, then yeah. if not, then no, just stick it in rc.local
 * jmedina thinks /me is ignored
<[gnubie]> jmedina: so, the ultimate solution is to create an rc script even for this simple purpose and a single command?
<Deeps> [gnubie]: if you need applications and commands loaded in a particular order, you need init scripts. if the order doesn't matter as much, and your extra commands can be run at the end, then you dont need an init script and can just use rc.local
<[gnubie]> ok
<Deeps> [gnubie]: and the init script can be rediculously simple. hell, rc.local is called as an init script, and all that runs by default is 'exit 0'
<jmedina> that is what I always do, I have a template rc script based on hostname, when I need to start something I modify it and add the line I want and configure with update-rc.d
<jmedina> ist not that hard
<[gnubie]> ok
<jmedina> this reminds me to suse :S
<[gnubie]> thanks.. ;)
<Deeps> glad it only took 20mins of repetition
<jmedina> Deeps: practice makes perfect
<[gnubie]> next, any tips on how to squeeze the ubuntu-server setup?
<jmedina> o_O
<[gnubie]> let's say, i want to have a base ubuntu-server setup with a 128mb to 256mb?
<andol> [gnubie]: Yes? What do you intend to use it for?
<[gnubie]> andol: as a server.. maybe run a simple wiki box
<[gnubie]> the /var will be on a separate hard disk
<andol> [gnubie]: a server can be lots of things :) but since you mention a wiki I guess you'r think about a webbserver?
<[gnubie]> the 128mb to 256mb size is only for the os, configs and the binaries
<[gnubie]> andol: yes, for example
<[gnubie]> to add it, maybe the whole filesystem will be on a cf card or ide flash module and the /var will be on a hdd, /tmp and /var/tmp will be on a ramdisk
<andol> Still think 256mb will be a be tight. You might make it, but there won't be much room if you decide you need to install a few more packages.
<hads> Check out the JeOS install and flashybrid for hybrid flash/ram/disk
<VolVE> hey all, any ideas why running a simple shell script that tars up a couple directories works fine as sudo from the command line, but when I add it to root's crontab, the tar files end-up only being like, 20 bytes ? :/
<[gnubie]> andol and hads: thanks..
<[gnubie]> i have to go now.. thanks for the help..  ;)
 * [gnubie] waves to all..
<TimR> hey guys could a Trigem Florida-TG/TGA Mainboard with max memory of 512mb would work for FTP server?
 * maxbaldwin waves to [gnubie]
<jmedina> have you seen lately your bind dns logs?
<jmedina> these new dns cache snopping is flooding a lot of servers, it uses open relay dns servers
<jmedina> There is some info in the dns queries issue here: http://www.dshield.org/indexd.html
<|dthacker|> Hello,  due to a bad power supply, I had to move a hard disk to another machine.  How can I restart the network config part of the install to detect and configure the new NIC?
<MianoSM> Can you log into the machine?
<|dthacker|> yes
<MianoSM> What does: cat /etc/network/interfaces look like?
<MianoSM> It should be pnp on restart*
<agentk> It may be the new machine has a nic with a difference MAC and it has given the new nic a name like eth1 instead of eth0
<MianoSM> The only issues that I've seen is that you might have to look at: ifconfig -a to see if it labeled it eth2 or something of that sort
<MianoSM> So you'd have to add it to your /etc/network/interfaces
<|dthacker|> MianoSM: The old machine was working on eth1,  this machine only has eth0.  I edited the interfaces file, but ithe new nic is not found.
<MianoSM> agentk: exactly.
<agentk> MianoSM: :-)
<|dthacker|> where is the mac referenced?
<agentk> /etc/udev/rules.d/70-persistent-net.rules
<agentk> Just remove the two lines referring to the old nic and restart the machine
<agentk> (two lines is actuall one comment line and one SUBSYSTEM line)
<|dthacker|> this is an old install.  6.10 to be precise.   I don't see that file in /etc/udev
<agentk> Oh. Ok. Not sure then. I was still a debian user in 06 :-). What interfaces does ifconfig -a list?
<|dthacker|> agentk: eth2, lo, and sit0
 * |dthacker| suspects eth2
 * MianoSM agrees
<agentk> What was before udev? hal?
<|dthacker|> that did it.  I see TX and RX packets
<|dthacker|> tha
<agentk> |dthacker|: rename eth0 to eth2 in /etc/networking/interfaces?
<MianoSM> agentk: I don't remember to be honest - I never changed it, just ifconfig -a, and edit interfaces.
<MianoSM> |dthacker|: nice job
<|dthacker|> agentk: I did that and it works.  Thanks to both of you.
<agentk> Sounds like you guys had it under control before i went off on a udev tangent. My bad :-)
<MianoSM> I'm sure you could grep for eth and die under the results.
<hacknperl> I am looking for a software suite(preferable web based so i can access from my truck anywhere on a laptop) that is pretty simple for small businesses... it needs to do invoicing(main thing) and service call scheduling(bonus) and manage customers and estimates.  I have found several open sources projects such as OpenCRM, nolaPro, vtiger and they are all way too complicated.  Does anyone know of anything that is much simpler?
<Thorsten11> are you looking for GUI software?
<PC_Nerd> How can I set the locale for my server?
<andol> PC_Nerd: /etc/default/locale
<PC_Nerd> that file doesnt exist.
<andol> PC_Nerd: Then you create it :) If nothing else you probably have it on your desktop-computer.
<PC_Nerd> *afk* bbs
<PC_Nerd> * thanks! (and i currently run windowsxp on desktop - but slowely migratign across) thnks
<andol> PC_Nerd: well, mine looks like this:
<andol> LANG="sv_SE.UTF-8"
<andol> PC_Nerd: I'm sure you can figure out what to change :)
<kraut> moin
<PC_Nerd> ok, the /etc/default/locale file contains one line: 'LANG="en_AU.UTF-8"'.  the output of "locale" after a reboot has everything LC_*="POSIX",exc ept for LANG= and LC_ALL= which are both empty..... any ideas?
<Deeps> fiddle /etc/environment as well i think
<PC_Nerd> same variable to set?
<Deeps> yep
<Deeps> shouldn't need to reboot, just log out and back in again
<PC_Nerd> testing- can you read this?
<PC_Nerd>  the /etc/environment has: LANG="en_AU"    and LANGUAGE="en_AU:en"       ++ the PATH variable
<Deeps> yep
<PC_Nerd> there we go :P... i didnt have "the" at the beginning so it read /etc/ as a command ;)
<Deeps> LANG="en_AU.UTF-8" may be what you want in /etc/environment
<PC_Nerd> ty - ill change and reboot
<Deeps> shouldn't need to reboot, just log out and back in again
<PC_Nerd> * im in as root atm... its actually easier for me to reboot since ive got to restart a few other things.
<Deeps> you should almost never need to reboot
<PC_Nerd> Unable to set System Clock to: Tue Jan 20 09:07:32 UTC 2009            is that an issue?
<Deeps> probably
<PC_Nerd> any idea on fixing it? / diagnosing it... it displays on startup.
<PC_Nerd> locale displays the POSIX values again.
<Deeps> as root, try ntpdate -v au.pool.ntp.org
<PC_Nerd> * i gtg - bbs.
<PC_Nerd> will do thanks
<agentk> PC_Nerd: I use `locale-gen en_AU.UTF-8` on most of my VM's to set the locale as it is normally missing too.
<AnRkey> can some1 take a look at this http://ubuntu.pastebin.com/m7a8ea973 I cant get my .htaccess to allow access to 192.* range. VPN ip is 192.168.1.1
<AnRkey> if i declare the whole ip then it works
<AnRkey> i need to allow 10.* 192.* 172.*
<agentk> AnRkey: Try Allow from 192.168 10 172.16
<agentk> AnRkey: or put them one each line too.
<AnRkey> agentk, shweet, it's working... changed it to 192 172 and 10
<AnRkey> each on a new line
<AnRkey> working now
<AnRkey> where do i send the beer to
<AnRkey> ?
<AnRkey> :P
<agentk> No problem.
<agentk> AnRkey: Apache can be a bit sensitive when your first trying new things.
<AnRkey> the funny thing is on my 8.04.1 server the same thing works fine
<AnRkey> it had me really stumped there
<_ruben> allowing 10.0.0.0/8, 172.0.0.0/8 and 192.0.0.0/8 doesnt really make much sense though
<agentk> It would if you had an intranet specific application that you wanted to restrict access on, except the fact that 192 and 172 should be 192.168 and 172.16
<frippz> ebox-loggerd keeps using up 25-100% CPU. is that normal?
<hads> Should definitly be 192.168.* etc. otherwise you're giving out access to people on the Internets
<maswan> the "172.16" stretches all the way up to 172.23
<agentk> maswan: 172.16.0.0/15?
<Deeps> /13
<agentk> Haha. Just worked it out too.
<maswan> hm. wait, it should be a /12, that'd put it at .31.255.255
<maswan> IIRC
<frippz> Deeps: is ebox supposed to be a resource hog, or have I perhaps misconfigured something?
<Deeps> frippz: no idea, i've never used it
<hads> Yeah, whatever the correct ones are (I can never remember 172) AnRkey you need to get it specific enough otherwise you are allowing random people on the 'net access to services.
<AnRkey> hads, well thats what this is for, we are redirecting non local subnets away when they get blocked with a 301 redirect. It's working well now. Gonna work on the redirect now.
<Deeps> AnRkey: if you allow 192.*.*.*, you're allowing non-local subnets
<AnRkey> Deeps, how so?
<AnRkey> 192 is private is it not
<Deeps> 192.168/16 is
<AnRkey> ahh of course
<Deeps> 172/8 also isn't purely local
<AnRkey> ok changed, checking if it still works
<Deeps> if you read up, discussion shows its 172.16/12
<Deeps> 10/8 is though, so you're ok there
<AnRkey> and 10/8
<AnRkey> shweet
<AnRkey> thanks deeps
<Deeps> thank agentk, he already told you
<Deeps> and maswan
<AnRkey> thanks all :)
<AnRkey> now apache is fewked again
<Deeps> it may not take cidr masks
<Deeps> so you'd need to list 172.12 172.13... and so on
<AnRkey> trying to see what it does
<AnRkey> searching apache.org
<agentk> Allof from 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 should be fine too
<agentk> s/Allof/Allow/
<AnRkey> now on to bigger fish, i have a client that has no firewall running on his dedicated mail server and a public ip, can u freakin believe it
<AnRkey> his box is an open relay too
<AnRkey> i used the full cidr like agentk showed too
<agentk> AnRkey: Did it work?
<AnRkey> perfectly, u surprised? :D
<agentk> AnRkey: No..... Of course not ....
<AnRkey> this #'s kunfu is strong
<AnRkey> or kungfu
<agentk> I just enjoy tinkering.
<rdw200169> wow, a open mail server...
<rdw200169> i did that once, a couple years ago by accident.  i forgot i installed the stuff trying to learn.  turned out my ISP killed my internet due to my relaying spam via an open proxy server.  took me a couple hours to finally figure out why they did it.
<rdw200169> when they told me i was a source of spam and they killed me for security reasons i was both shocked and relieved.
<rdw200169> i explained to a *very* knowledgeable network person way up the tier at embarq, at which time it dawned on me that i had that stupid proxy running somewhere in the background.
<rdw200169> i promised to remove the proxy, and they turned on my internet within an hour.  to this day, I will always have a secret love affair with embarq.  by far the best provider i have ever worked with.
<rdw200169> now i'm stuck with Time Warner for the moment.  unhappiness ensues.
<ivarss1> hi there. could anyone help me with vmbuilder and xen (domU) ?
<nadley_> hi
<nadley_> I would like help to install an openvpn server
<MianoSM> sudo apt-get install openvpn && sudo apt-get install openvpn-blacklist ?
<MianoSM> if you have ebox, there is also a module that can assist you in setting it up. ;)
<nadley_> MianoSM: ebox ?
<nadley_> what is the module to assist me ?
<MianoSM> ebox-openvpn - eBox - OpenVPN server module
<kixx> i'm an admin at a small biz and would like to switch our server to ubuntu from windows server.  I use ubuntu on my desktops, as well as my servers, but for my customer Quickbooks is standing in my way.
<kixx> Has the linux Quickbooks server been used on Ubuntu servers?
<kixx> And if so, what is the experience like?
<lunix> Hi ubuntu folks:) anyone can help me connect to my wireless network from ubuntu 8.10 server edition  (no GUI) The wireless adapter is found and drivers seem to work flawlessly.Tthis is what I have done so far:  ifconfig wlan0 down  &   iwconfig wlan mode ad-hoc  (hmm ad-hoc??)  &   iwconfig wlan0 "network name"     then...  iwconfig wlan enc a1b2c3d4e5     then ifconfig wlan0 up    ..  the adapter goes grazy blinking,, but no internet
<lunix>  connection :|
<lunix> could it be the firewall thats blocking??  or am I just completely lost?  maybe im even using the wrong tools?
<Deeps> lunix: you dont want ad-hoc unless you're connecting to another computer's wireless card. if you're connecting to an access point, you want mode managed
<lunix> ohh :) thanks
<lunix> is  "iwconfig wlan enc a1b2c3d4e5" correct??  im not sure if its wep or wap   but ive got the password and its a 10 digit hex code
<Deeps> i'm not sure if 10 digit hex is wep
<Deeps> you kinda need to know what encryption protocol your wap is using, iwlist should be able to tell you i think
<lunix> i googled it: looks like wep 64 is a 10 digit hex number :)    so that must be what wpa is using that
<lunix> *so that must be what wpa is using then
<nijaba> kirkland: would be nice if we could have a chat about your merge comment at some point.
<kirkland> nijaba: yes, please, i wanted to walk through it with you
<kirkland> nijaba: let me catch up on the morning's messages
<nijaba> kirkland: let me know when.   Can wait til the end of your day
<kirkland> nijaba: cool, i'll ping you after my lunch some time, in that case
<nijaba> kirkland: I'll be away between 17 and 19 UTC
<kirkland> nijaba: cool, let's shoot for after that, then
<Nikon> hi all,
<Nikon> have a quick question.  trying to mount a cdrom in ubuntu server without succes
<Nikon> mount /dev/cdrom returns me no medium found
<lunix> anyone can help me connect to a wireless network from console (no GUI)??  my wirelessadapter works and drivers seem to work too. Problem is knowing what to write to get connected..
<lunix> with ubuntu desktop edition it took me only seconds to get connected.. but that was with GUI...
<nijaba> lunix: long time I have not played with that, but I wrote a script a while ago to deal with this, it might still work: http://nicolas.barcet.com/drupal/node/25
<lunix> thanks nijaba:)  ill check it out
<heath|work> how do you repopulate /dev/disk/by-uuid/  I installed and formatted a new drive, but I can't mount it by it's UUID
<heath|work> nevermind:  partprobe
<orudie> how do i add a user in terminal ?
<gcleric> useradd or adduser
<maxb> useradd is the lower level tool. adduser is the higher level more user friendly one
<cody-somerville> Is ebox broken in hardy or intrepid?
<sommer> cody-somerville: intrepid
<cody-somerville> Who was poking me about the SRUs to fix that?
<ScottK> It was me for server team.
<sommer> I uploaded some patches to the bugs, but foolano is working on updating the jaunty packages
<ScottK> I think it was sommer.
 * sommer thinks is was foolano
<sommer> cody-somerville: at this point we're waiting to get the updates into jaunty, then someone will likely re-poke for intrepid srus
<cody-somerville> Whats taking so long?
<sommer> I believe they're still doing some testing on the jaunty packages
<sommer> I get the feeling that they'll be updated this week though
<kaje> I followed the kerberos guide at https://help.ubuntu.com/8.10/serverguide/C/kerberos.html and now my client machine won't let me log in... can someone help please!?
<kaje> everything was going great until the last step: sudo auth-client-config -a -p kerberos_example
<kaje> After firing that, I can't ssh in or login at the workstation
<Deeps> reboot, select recovery mode from grub boot list, it should let you login as root locally
<Deeps> hmm, heh. what happens to systems that dont have a root password set? heh
<kaje> it doesn't prompt for password in recovery mode... I can then set the root password and reboot
<sommer> kaje: after booting into single user mode, you can try the pam-auth-update utlity to enable kerberos
<kaje> but, I'd like to know what didn't work?
<sommer> kaje: I think the kerberos_example profile may have some issues
<kaje> sommer: oh, was I supposed to run that during the client installation of kerberos?
<kaje> ahh
<kaje> where is that profile located?
<sommer> kaje: /etc/auth-client-config/profile.d
<kaje> ok, thanks for the help guys =)
<sommer> kaje: you can also check /var/log/auth.log for the specific error
<sommer> kaje: it may also be a good idea to setup ssh-keys for at least one user on the machine so that if your pam config isn't 100% you can still login
<sommer> at least that's what I do
<EtienneG_mibbit> wow, web-to-IRC
<EtienneG_mibbit> it work
<cody-somerville> Following https://help.ubuntu.com/8.10/serverguide/C/moinmoin.html, I've installed moinmoin but my new wiki has no theme.
<kaje> what can I use on the command line to resolve DNS names to IP's and back again... nslookup works, but it prints out a bunch of extra crap. I'm using this for a script and just want IP in DNS name out (and the reverse)
<Deeps> host
<kaje> thanks!
<robertj> hey all, anyone wanna recommend an IP KVM that does not suck?
<ajmitch> ScottK-desktop: given your knowledge of mail, do you know if DKIM support is part of exim in ubuntu, or just supported with postfix?
<ScottK> ajmitch: I know nothing about Exim DKIM support.
<ajmitch> ok
<ScottK> Amavisd-new with the Perl DKIM lib (which is recommends) can both sign and verify DKIM.
<ScottK> I think Exim can use transparent SMTP filters like amavisd-new.
<ajmitch> I'll take a look at that, thanks
<ScottK> So that would likely be one (heavy weight) way to do it.
<ScottK> That's also all in Main.
 * ScottK uses dkim-milter, but clealrly that's not for Exim.
<ajmitch> it'd possibly take a bit of configuration to switch away from exim, so I've been hesitant to do so
 * ScottK would hestitate to push anyone away from their MTA of choice (unless it's Echange), but is very happy with Postfix.
<ajmitch> by the way, your site even showed up on top of google when I searched for 'SPF record check'
<ScottK> ;-)
<ScottK> It's not the prettiest, but AFAIK it's the most accurate.
<ScottK> accurate/correct.
<ajmitch> and quite useful
<ScottK> Thanks.
<uvirtbot`> New bug: #319391 in migrationtools (universe) "migrate_common.ph missing" [Undecided,New] https://launchpad.net/bugs/319391
 * andol has just started looking into ubuntu-server-triage and wonders if he can get some feedback on a bugg-report.
<andol> https://bugs.launchpad.net/ubuntu/+source/php5/+bug/305254
<uvirtbot`> Launchpad bug 305254 in php5 "PHP Warning:  Module 'mcrypt' already loaded in Unknown on line 0" [Undecided,Incomplete]
<andol> I'm rather sure I know what the problem is. I just don't know whatever it really is a bug or not, whatever to mark it as confirmed or invalid.
<actionshrimp> hey guys, which administration control panelly-type software (e.g. ISPConfig) would you recommend?
<Deeps> !ebox | actionshrimp
<ubottu> actionshrimp: ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<cody-somerville> Its broken in Intrepid though
<actionshrimp> Deeps: thanks, havent heard of that one. Will give it a read
<actionshrimp> im using hardy on my server actually so shouldnt be a problem
<actionshrimp> would you recommend putting it on a 'clean slate' setup though?
<actionshrimp> i have a manual configuration at the minute, but im getting a few more users and its getting a bit harder to manage
<Deeps> i have no idea i'm afraid
<actionshrimp> ok, thanks for your help
<mathiaz> andol: ready quickly - it's an bug in the upgrade
<mathiaz> andol: *reading*
<mathiaz> andol: as we support upgrades it shouldn't be marked as invalid
<mathiaz> andol: hm well - if the user choose to keep it's old configuration, that I'd mark it as wont'fix explaining how to fix the message (edit php.ini)
<solifugus> When you select virtual-machine-host during installation, what virtualization engine does ubuntu server install?
<andol> mathiaz: ok, thank you.
<Deeps> solifugus: i'd imagine kvm
<solifugus> I'd imagine virtualbox
<solifugus> kvm has very little of any kind of tools around it (yet)
<solifugus> or.. zen
<mathiaz> solifugus: kvm and libvirt
<solifugus> mathiaz: do you know where I can find the documentation for this, on ubuntu-server?
<mathiaz> !serverguide | solifugus
<ubottu> solifugus: The Ubuntu server guide may be found at http://help.ubuntu.com/8.04/serverguide/C/
<mathiaz> solifugus: there is a section about virtualization
<mathiaz> solifugus: make sure you're looking at the server guide corresponding to the version you're running
<mathiaz> solifugus: the virtualization section has been updated between 8.04 and 8.10.
<solifugus> yes.. just switched it to 8.10.  I am installing in virtualbox now, to test.. I want to install on a more powerful machine at home specifically to run VMs for my own various uses...
<mathiaz> solifugus: I'm not sure you can run kvm+libvirt inside virtualbox.
<jmedina> what about running virtualbox under xen domain0?
<solifugus> mathiaz:  it shoudl work.. just not with paravirtualization
<solifugus> mathiaz: virtualbox, in settings->advanced, can be set to simulate a cpu with paravirtualization features..
<solifugus> nice..
<theczar> I was wondering where exactly I need to input my virtual host tags in my httpd.conf file for Apache (LAMPP setup)
<kaje> I've worked through the SingleSignOn how-to and I have everything working! WOOT! Now, there is one last little section that is just titled, "Cached Credentials" with three sudo commands but no description... Can anyone tell me what that section is about?
<kaje> theczar: You should put them in separate files in /etc/apache2/site-available/
<andol> mathiaz: The "won't fix" is an importance-setting, isn't it? Note sure if I have the permissions to set that.
<Deeps> sites-available*
<kaje> theczar: Then go into the /etc/apache2/sites-enabled directory and do an ln -s ../myVhostConfig
<kaje> then restart apache
<kaje> makes it so you can disable and enable vhosts by just adding or removing links in the sites-enabled directory
<kaje> Yep, Deeps is right, should be sites-available (plural)
<theczar> kaje ok, so I should make some plain-text files there and name them what?
<kaje> I always copy the form of the default file that should already be in that directory
<kaje> name them whatever you want
<theczar> cool
<kaje> the apache configuration basically includes anything in the sites-enabled directory
<kaje> but put the real files in the sites-available directory and just link them to the sites-enabled directory
<Deeps> unless you've installed the LAMPP distribution that installs itself into /opt
<Deeps> which doesn't come packaged in ubuntu
<kaje> oh, whoops, just saw the LAMPP mention... sorry not too familiar with them
<Deeps> in which case you'd need to ask them for support
<kaje> Oh, is the cached credentials section about how to setup the client to cache the credentials in case the kdc is down?
<kaje> that way users can still temporarily log in if they are in the cache?
<theczar> Kaje, Deeps, yeah I don't have a sites-enabled or sites-available directory since I use LAMPP, but do either of you know how to add the virtual host configs to the httpd.conf?
<kaje> I think you can add them to the end of the httpd.conf file... but like I said, I'm not to familiar with that product
<Deeps> just shove them in at the end
<kaje> =)
<Deeps> it might work, if it doesn't, ask the guys who made LAMPP
<chris_cf> how to I list the running services in ubuntu ? (somthing like: rc-status from gentoo, or service --list-all from fedora)
<Deeps> good question
<kaje> chris_cf: I always just look at ps -a
<mathiaz> andol: wontfix is a status state.
<mathiaz> andol: you should be able to set it.
<kaje> chris_cf: that should have been ps -A
<Deeps> output of ps -A isn't comparable to what you'd get from service --list-all and rc-status
<chris_cf> hmm
<chris_cf> no it's not
<SmokeyD> hey people. If I want to setup a pop3 and imap mail server for a couple of domains (not too many though) and some users (+/-20) who use a diverse range of mail clients. Would you recommend dovecot or courier
<Deeps> chris_cf: if you do find out, hilight me and let me know wouldya!
<Deeps> SmokeyD: dovecot
<SmokeyD> Deeps: why?
<Deeps> SmokeyD: because it's in main, and officially supported by ubuntu, while courier isn't
<SmokeyD> Deeps: ok, definitely a good reason, but that isn't good enough for me :)
<SmokeyD> why is it in main and supported, and why isn't courier
<Deeps> SmokeyD: thats the best you'll get from me. i'm sure there are discussions archived on the interwebs from when this was decided
<SmokeyD> Deeps: :)
<SmokeyD> ok, thanks
<SmokeyD> I'll continue browsing
<Deeps> but if you're gonna use ubuntu and either of those through apt, you'd be best served using something thats actually supported by the ubuntu team
<andol> mathiaz: No, my only status choices are: new, incomplete, invalid, confirmed, in progress, fix commited and fix released
<SmokeyD> Deeps: yeah that is right
<SmokeyD> I was already leaning towards dovecot, but I wanted some input from others :)
<Deeps> SmokeyD: so yeah, as for the rationale, there'll be meeting discussion logs online somewhere; or if the reason is "cuz thats what debian do", you'll need to hound debian peeps instead ;)
<SmokeyD> :D
<mathiaz> andol: ok. Are you part of the ubuntu-bug-control team?
<SmokeyD> I won't hound people.
<andol> mathiaz: no
<SmokeyD> I'll just read article
<SmokeyD> s
<mathiaz> bdmurray: is a member of the ubuntu-bug-control team allowed to use wontfix for bug status?
<bdmurray> mathiaz: yes
<mathiaz> bdmurray: what does it take to be a member of this team?
<bdmurray> https://wiki.ubuntu.com/UbuntuBugControl
<mathiaz> andol: ^^ - may be worth reading it
<andol> mathiaz: read it
<andol> (well at least the requirements)
 * andol is pretty sure he is not yet ready for ubuntu-bug-control.
<mathiaz> andol: you may be ready sooner than you think if you keep triagging ubuntu-server bugs ;)
<andol> mathiaz: might be true, but so far I have only been at it for a couple of days :)
<andol> mathiaz: Well, thanks for the help anyway.
<mathiaz> andol: I've marked the bug as won't fix.
<andol> great
#ubuntu-server 2009-01-21
<ScottK> mathiaz: Did you see the Debian RFH on openldap?
<ScottK> I think it would be good if someone from the Ubuntu Server community stood up and volunteered to help.
<mathiaz> ScottK: I saw it. I heard about it during Intrepid uds last may.
<ScottK> OK.  Well I know about zip about openldap, but I think it's important ....
<slangasek> dendrobates: there are several server install tests not done yet for 8.04.2; can someone from the team take care of the default+crypted LVM, tomcat server, and virtualization host tests?
<mathiaz> slangasek: tomcat server and virtualization host don't exist in 8.04.
<slangasek> oh, that helps then
<slangasek> dendrobates: also, I haven't rolled new JeOS images because I haven't seen any changes in 8.04.2 that are particularly relevant to virtualization installs; is this reasonable, or do you think I should roll those in?
<timholum> hello i am wondering if anyone could help me in routing with ubuntu server 8.04, cat /proc/sys/net/ipv4/ip_forward returns 0, and ufw is disabled but i can not ping through my router ( i am using it just as a network to network router, no nat )
<timholum> iptables -L lists no rules
<timholum> any idea's
<mathiaz> timholum: you probably need to turn ipforwarding on
<mathiaz> timholum: /proc/sys/net/ipv4/ip_forward should be 1 not 0
<slangasek> precisely
<timholum> ok :) that would probably do it :)
<timholum> I had it as 1 before but then it still was not working, I think i just figured it out :) the host that i am trying to ping does not know the route back. I feel rilly dumb now :)
<timholum> Thanks for your help
<slangasek> heh, if you had that realization on your own you're clearly ahead of the curve ;)
<rdw200169> yes, networking 101 is *essential* to running a server or a network
<rdw200169> solves 99% of crazy problems ;)
<altf2o> So i've been trying (unsuccessfully) to get LDAP or NIS working. Got NFS ok. However i JUST read SAMBA is capable of basically doing EVERYTHING I want from file sharing, to authentication. So my goal is to have a single folder for ALL users to share from. Any ideas how i might set that up on the filesystem to be exported for use in SAMBA?
<altf2o> i've got 1 user: altf2o , for which i created a samba PW for, and i access m /home/altf2o from XP no problem. But since i want a single folder i was thinking of creating a partition, mounting it say /mnt/globalshare/ , and seeing if i can restrict the access to it?
<jmedina> altf2o: yes you can
<jmedina> you can restrict with basic unix permisions
<jmedina> but you can also use ACL, just mount your partition with the acl option, and then you can use setfacl to get ACL a la windows
<jmedina> and with samba compiled with acl, you can set those advanced permisions from windows
<jmedina> altf2o: this is a good howto, Im writting a book about samba and centrilized auth for linux and windows based on hardy
<jmedina> but is in spanish
<jmedina> altf2o: http://www.djatlantic.net/?p=253
<altf2o> ahh, cool! That's exactly what i need! I have several Windows workstations & Linux workstations, plus a couple Mac workstations. I need 1 central login + shared location. Will your book be translated to English?
<jmedina> altf2o: I dont think so, Im not so good writing in english :S
<jmedina> but the howto is written in a way that you can deploy it with copy and paste :D
<jmedina> let me upload the last version
<altf2o> awesome thanks! Makes me wish i wouldn't have forgotten all my spanish :)
<jmedina> http://tuxjm.net/docs/cursos/Samba+OpenLDAP+PAM+NSS-4Ubuntu/html/
<jmedina> altf2o: http://tuxjm.net/docs/cursos/Samba+OpenLDAP+PAM+NSS-4Ubuntu/html/
<altf2o> oddly enough Google translator appears to have done a decent job with it :). Thanks i'll have to give this a look. I'm very new to all this networking stuff, so it's becoming a bit overwhelming at times.
<jmedina> altf2o: that is what I just check
<jmedina> :D
<altf2o> awesome!
<jmedina> altf2o: if you want, I can help you with the setup
<jmedina> I'd like to get feedback, till now, only 3 people replyd me with success
<altf2o> for sure! I will most likely not get enough free time to go through all this setup until this weekend, but if you'll be around then, i'll be more than happy to sit and get through as much as i can & let you know how it goes? And if you're available for assistance, that'd be great!
<jmedina> altf2o: if im not online, you can contact me by email
<jmedina> it is on the frontpage
<altf2o> cool! I've got it on the top of the front page, i'll be sure to do so! Thanks again for the help, i appreciate it.
<jmedina> you are welcom
<jmedina> altf2o: if you find errors please let me know
<altf2o> will do. It's definitely gonna be a big project to get this all working, there's a lot of information here.
<liquid>  Is there any way to limit cpu/memory consumption on a process basis, rather than a user (which I would use ulimit for) ?
<genii> When ssh in and use sudo a few times... then logout and back in shortly after... sudo does not prompt for password first time out. Any way to set sudo timout to expire/reset when logout occurs?
<jmedina> man sudo
<jmedina> :D
<jmedina> sudo -k
<jmedina> the token expires in 15 minutes
<genii> jmedina: Hm. Now just need to edit logout script then to do equiv of sudo -k
<jmedina> yeap
<jmedina> echo "sudo -k" >> ~/.bash_logout
<genii> more like echo "sudo -k" | sudo tee -a /etc/skel/.bash_logout
<genii> jmedina: Thanks
<jmedina> :)
<jmedina> this is for the FAQ
<uvirtbot`> New bug: #319472 in likewise-open (main) "I am so beginer I don't even know what went wrong!! (dup-of: 277492)" [Undecided,New] https://launchpad.net/bugs/319472
<liquid> lol
<ziggles1> at least he logged it
<liquid> I guess!
<ziggles1> wow already flagged as a dupe too! lol
<ziggles1> Bug has been alive for 12 min :)
<liquid> Yeah, that;s why I lol'd
<SmokeyD> anybody have any thoughts on ispconfig versus dtc?
<kraut> moin
<uvirtbot`> New bug: #292791 in samba (main) "silent login/gdm failures and sudo segfaults with smbpasswd enabled" [High,Confirmed] https://launchpad.net/bugs/292791
<ivoks> anyone interested in seeing hylafax in main?
<ivoks> heh... looks like development ended in 2007 :/
<ivoks> or not :D
<sprobe> hello mates.. is anyone familiar with virtualization on ubuntu server? I've just seen that RHEL5 limits its academic version to 4 guest os which pisses me off frankly.. and looking for alternatives, stumbled across ubuntu server
<ivoks> sprobe: atm i'm running 4 ubuntu guests on my ubuntu 8.10
<ivoks> sprobe: there are no limitations on number of guests, except your hardware resources
<sprobe> ivoks: nice thx
<sprobe> I've seen that ubuntu is derived from debian.. now I've got a specific question.. my server system is a HP ML370 G5 and comes with various drivers of course.. and there are binaries for debian 4.0.. does anyone know if I will be able to install those drivers on ubunutu server? are the cahnces rather high, low? impossible?
<ivoks> drivers for what?
<sprobe> lemme get it for you
<ivoks> drivers aren't binary compatibile between ubuntu and debian
<ivoks> but you shouldn't need any driver for most of the servers
<ivoks> heh
<sprobe> yea, I am just getting into detail here.. seems to be only daemons no drivers
<ivoks> i have one of those servers
<ivoks>     description: Computer
<ivoks>     product: ProLiant ML370 G5
<sprobe> ye, that's it, HP
<ivoks> and i'm runnning ubuntu on it; no problems
<sprobe> ah alright, so installing those management tools on it did work fine as well? you know, if a HDD fails, you get an email and that kinda stuff
<ivoks> i didn't install those
<ivoks> i've installed additional hardware in that machine
<sprobe> that's what I was talkinga bout.. http://tinyurl.com/7jmesu
<sprobe> well alright, might work, might no ^
<ivoks> if it's not related to kernel, it should work
<ivoks> i'll try installing
<sprobe> yea, sorry for my questions.. but I am using RHEL4, RHEL5 up to now, and I never had any troubles with hackers and stuff (sticking to the original packages). moving to another system is always quite a large step.
<sprobe> I do use it for web applications, so security is a #1 issue
<ivoks> well, most of the packages installed :)
<sprobe> :)
<sprobe> what would you say, stick with RHEL5 or move over to ubuntu server? It's not a migration, I am getting a new server and could choose upon installing
<ivoks> sprobe: ubuntu
<sprobe> ivoks: just because ? ;)
<_ruben> because this is an ubuntu channel probably
<sprobe> na it seems to support virtualization well enough and I am getting more and more angry at RH politics
<axisys> after I did a aptitude full-upgrade as requested by apticron I get this message ..
<axisys> Current status: 0 updates [-2].
<axisys> what is that mean?
<ivoks> axisys: 0 updates?
<axisys> ivoks: yep.. that was the exact message I got
<ivoks> axisys: it means '0 updates'
<ivoks> no updates
<ivoks> like, nothing to do
<axisys> Here is another one.. it did upgrade but gave -13 at the end, http://pastebin.com/f230a0c70
<ivoks> axisys: after it installed 13 packages
<axisys> ivoks: ok.. now i understand..
<axisys> ivoks: thnx
<ivoks> axisys: np
<ivoks> sprobe: i would (i did, and i always do) go with ubuntu
<ivoks> sprobe: those management tool are usefull, but not something you can't live without
<sprobe> ivoks: I am seriously considering it.The tools aren't my #1 concern.  My #1 concern  is that packages are always up to date and fixed ASAP once an overflow has been found. I have very good experiences there with RHEL, none with Ubuntu.
<ivoks> sprobe: recent Croatian's CERT report said Ubuntu was faster than RedHat with security updates
<sprobe> ivoks: good resource, that'd be a very good argument once I start discussing a switch over to Ubuntu internally
<sprobe> ivoks: could you provide me a link to that report perhaps? I am just searching
<ivoks> sprobe: it's in croatian
<ivoks> sprobe: http://www.cert.hr/documents.php?id=357
<ivoks> sprobe: but it has nice charts :)
<ivoks> sprobe: s/red hat/fedora, though
<sprobe> ivoks: yea, just looking through the pdf atm
<ivoks> sprobe: page 16, table 2: bugs (very critical, critical, moderate, low risk, harmless)
<sprobe> ivoks: thanks, looks understandable :)
<ivoks> sprobe: anyway, there are studies in english too, just search on werb
<ivoks> web
<ivoks> sprobe: failed disks in compaq controler can be seen in syslog
<sprobe> ivoks: thanks a lot - I am currently looking for some studies .. perhaps I find one in English like the one you found in Croatian.
<MianoSM> So....reading the logs from the meeting yesterday screen-profiles is going to become a dependancy for anyone installing Screen from the repositories?
<ivoks> MianoSM: i guess ti will be recommended package (installed by default with screen, but still possible to remove it while keeping screen)
<MianoSM> Sad.
<ivoks> why?
<MianoSM> I don't think many of the server administrators is going to want that.
<ivoks> installed doesn't mean used
<MianoSM> I can't get it at the moment because I don't have the most recent bzr, but I'd imagine if it's installing a .screenrc for me - that's an annoyance that I'm going to have to over write with my current profile that I prefer.
<Deeps> it doesn't overwrite your .screenrc by default
<Deeps> by default it does nothing
<MianoSM> I'll have to update the bzr and look at it.
<Deeps> ..which confused me when i first installed it, heh, since it came with no documentation
<MianoSM> I'm a minimalist, and this seems like excess on server installs.
<Deeps> ubuntu-server isn't exactly minimal, heh
<fauxhawk> Deeps: how do you use screen-profiles then if it does nothing by default?
<MianoSM> Understood, but I normally do a minimal install, and then sudo apt-get install a few packages that aren't too bad.
<Deeps> speaking of which, is there a more minimal install than the jeos install? since that comes with the -virtual kernel rather than -server or -generic. something like debian's minimal, which really is minimal
<Deeps> fauxhawk: you run select-screen-profile, and enable one of the provided profiles
<ivoks> brb
<MianoSM> Deeps: if you want, you can do a Jeos install and then add your own custom compiled kernel.
<Deeps> ..or just apt-get the -server install
<Deeps> urr, the -server kernel
<Deeps> anyway bbl
<MianoSM> If you're going for a minimal install you don't want the server-kernel.
<MianoSM> You'll want to custom compile your own anyway.
<_ruben> the difference in disk footprint between jeos and server is minimal .. and you lose stuff like proper auto completion and the likes
<_ruben> hence i gave up on using jeos
<fauxhawk> _ruben: what
<fauxhawk> i think the point that mianosm is making is not the disk footprint; but instead additional packages that are not needed for a server install
<frippz> auto-completion and other stuff can easily be added afterwards anyway
<hads> Can't you select a kernel flavour when installing JeOS?
<yann2> mmh  - I need help for launchpad - where should I go?
<persia> yann2, #launchpad
<yann2> thanks
<kaushal> hi
<kaushal> I have written a bash script
<kaushal> http://rafb.net/p/nfFgtE67.html
<kaushal> it does not start as tomcat user
<kaushal> I am using Ubuntu 8.04
<kaushal> I am doubting on line 14
<zul> kirkland: ping
<zul> kirkland: unping
<kaushal> zul, hi
<zul> kaushal: hi
<kaushal> can i disuss with you about my bash script?
<kaushal> which is running on ubuntu 8.04
<zul> kaushal: im a bit busy right now but try running it with set -x
<kaushal> i did that
<kaushal> it does not seem to work :(
<kaushal> it works fine as root but not as tomcat
<kaushal> Starting tomcat: + su -c /usr/local/apache-tomcat-5.5.27/bin/startup.sh tomcat
<kaushal> + echo done.
<kaushal> done.
<kaushal> but it does not show up in ps status
<cjwatson> could some folks test the 8.04.2 candidate server images on iso.qa.ubuntu.com, please?
<cjwatson> we had to respin them this morning owing to a bug affecting upgrades from un-upgraded 8.04 systems; the release is due tomorrow
<ocz> ftp://hackers.myftp.biz
<ocz> ftp://gnone.myvnc.com
<ocz> ftp://tecnica.serveftp.com
<ocz> ftp://descargas.serveblog.net
<ocz> usuario tecnica
<ocz> password tecnica
<ocz> para los cuantro link , que los disfruten :P
<andol> cjwatson: How much testing are we talkinga bout? I should be able to do a plain install, but I'm not sure how much more time i have right now.
<slangasek> mathiaz: hi, there's been a server CD reroll for server 8.04.2 because of a Package index bug; time to test today? http://iso.qa.ubuntu.com/qatracker/build/all
<cjwatson> iso.qa.ubuntu.com has links to the procedures; single installs would make up one test case each, basically
<cjwatson> so that would certainly be a worthwhile contribution
<mathiaz> slangasek: yes - I'll queue these test now
<andol> Ok, I'll see what I can manage.
<mathiaz> slangasek: results should be available in a few hours
<slangasek> mathiaz: cheers
<cjwatson> andol: thanks
<andol> cjwatson: the download links seems broken.
<cjwatson> hmm?
<mathiaz> apachelogger: hi - re your mysql 5.1 patch: I haven't looked at them but wait before doing an upload
<mathiaz> apachelogger: seems are not as easy as it seems if we want to keep both 5.0 and 5.1 usable with the standard mysql server.
<cjwatson> andol: yes, they are - should be ubuntu-server/hardy/daily not ubuntu-server/daily
<mathiaz> apachelogger: I've been looking into this issue for a few days now
<mathiaz> Riddell: ^^ - I haven't forgotten your mysql email. I've just been investigating the issue.
<cjwatson> andol: I've brought it up with the maintainer of that site
<andol> cjwatson: found it, downloading
<Riddell> mathiaz: from our side we don't care about the 5.1 server, only the libs and the few data files
<mathiaz> Riddell: right. And akonadi requires a full server running (ie mysqld)
<mathiaz> Riddell: which means that both mysql-5.0 and mysql-5.1 should installable at the same time on the same system
<Riddell> mathiaz: it requires mysqld which is runs as the user for a local database
<mathiaz> Riddell: and as of now amarok still depends on mysql-server-5.1
<Riddell> mathiaz: mysql-server-core-5.0 for akonadi and mysql-server-data-5.1 for amarok
<Riddell> they install together fine with the changes we've made
<mathiaz> Riddell: right - I'm not sure if they both run fine (in standalone mode) with the latest 5.1 changes.
<mathiaz> Riddell: but Kde doesn't require that
<Riddell> exactly
<nijaba> kirkland: saw your merge.  You did not like the keybinding preset handling or did not have time to merge that?
<apachelogger> Riddell: actually, I was wondering... does amarok not also depend on libmysqlclient16?
<Riddell> apachelogger: yes it does
<mathiaz> apachelogger: mysql client library aren't a problem
<apachelogger> ah, that doesn't conflict anyway
<mathiaz> apachelogger: libmysqlient1{56} can coexist
<apachelogger> aye
<mathiaz> apachelogger: the issue is with the servers and MySQL scripts that run them
<mathiaz> apachelogger: they're not designed to support multiple instance of MySQL
<apachelogger> yeah, the debdiff only resolves the KDE use case :)
<mathiaz> apachelogger: for ex mysqld_safe looks at /usr/bin/mysqld
<apachelogger> mathiaz: well, if you are ok with it, we should upload the debdiff ASAP
<apachelogger> currently we have two essential KDE packages conflict due to the mysql conflict
<mathiaz> apachelogger: I know. I'm subscribed to the mysql-dfsg-5.{01} bugs and I see them coming in.
<mathiaz> apachelogger: I still need to investigate the issue. While it makes to fix it just for KDE, MySQL is a key package in the server team
<mathiaz> apachelogger: and we need to properly support running mysql-5.0 and mysql-5.1
<apachelogger> *nod*
<kirkland> nijaba: a little of both
<apachelogger> good with me, I have fixed packages installed now :P
<kirkland> nijaba: that's separate functionality
<kirkland> nijaba: should be committed separately
<mathiaz> apachelogger: so for now, there is a workaround in LP about the issue with amarok and mysql-5.1
<kirkland> nijaba: i wanted to test the escape sequence parts thoroughly
<kirkland> nijaba: there were a few things that needed fixing there
<mathiaz> apachelogger: and I'm looking into the big picture.
<nijaba> kirkland: ok, fine, just wanted to know
<kirkland> nijaba: for instance, the create-and-name-new-window involves a bindkey
<apachelogger> mathiaz: ok :)
<ScottK> mathiaz: What bug has the workaround?
<mathiaz> apachelogger: I'll have a look at your patch and may ask further questions on what is exactly required by amarok for 5.1
<kirkland> nijaba: that, too, has to be formed and written out with the escape bit
<kirkland> nijaba: sorry, "register" bits
<mathiaz> ScottK: bug 316849
<uvirtbot`> Launchpad bug 316849 in mysql-dfsg-5.1 "mysql-server-5.1 doesn't start - skip-bdb option unsupported" [High,Confirmed] https://launchpad.net/bugs/316849
<kirkland> nijaba: also, numbers don't work as escape keys
<mathiaz> ScottK: the workaround is to remove the skip-bdb option from /etc/mysql/my.cnf
<mathiaz> ScottK: this option is supported by 5.0 but not by 5.1
<nijaba> kirkland: same for any non alpha char then
<kirkland> nijaba: needed to add some code to keep those from being set
<kirkland> nijaba: not true...  i could use ~ and @ just fine
<nijaba> kirkland: yep, I did notice that
<nijaba> kirkland: really?  I did not know
<mathiaz> ScottK: the reason it's in my.cnf from 5.0 is because it's no longer supported in 5.1 and we want to warn the user about it.
<ScottK> mathiaz: I see.  Thanks.
<kirkland> nijaba: so this code, i think, should get some testing first
<ScottK> mathiaz: The co-installability issue is a pressing one for Kubuntu, do you think we might go ahead with apachelogger's current proposed upload and sort the rest after?
<nijaba> kirkland: right.  b
<mathiaz> ScottK: give me a few days to look into that.
<mathiaz> ScottK: If I don't come up with something by Friday, you can upload it.
<andol> cjwatson: Well, the tests are going good so far :)
<ScottK> mathiaz: Thanks.
<cjwatson> andol: glad to hear it
<kinley> hello, it is possible to use mysql 5.1 in prod env now ? are there any minor bugs in current relaese ?
<cjwatson> I can answer the second question very easily with no knowledge of mysql
<cjwatson> "yes" :-)
<cjwatson> (all software has bugs)
<kinley> lol, thats true ;)
<kinley> but the answer is not very helpfully
<ScottK> I can answer the first in an Ubuntu context with no knowledge of mysql.  Since we only offer 5.1 in a development release, no.  Not suitable for production in Ubuntu.
<interested> Hi,  I'd like to know if there are ways to run some sort of script or program on an ubuntu system which will list the security issues for whichever programs currently installed may have had a USN
<interested> Case in point, I have a ubuntu server thats quite old which has a few exposed services and I'd like to check which are effected without having to upgrade the entire system right away
<jmarsden|work> interested: You could run sudo apt-get update && sudo apt-get -s upgrade and note what it wants to upgrade, then read the changelogs for those packages to see why?
<jmedina> inyou can use apticron
<interested> jmarsden|work: sure, ill give that a shot then...maybe only looking at the security feed
<interested> was more interested in something like desecan for ubuntu
<jmedina> apticron automatically runs apt-get update and send you a mail about new upgrades and security updates
<jmedina> and a little review about security updates including the CVE number
<jmedina> jmarsden|work: I think that is what apticron does
<interested> Ah, thanks jmedina
<jmedina> and you can also use a nagios plugin for apt
<jmedina> :D
<asomething> hi all, any one know if if the new samba4~alpha6 from Debian experimental will be synced for Jaunty?
<Mohammad[B]> how to i can resize the swap partition in command line ?
<jmedina> I dont know a tool to resize a swap
<jmedina> I better create another swap
<cjwatson> it's faster to just create it from scratch anyway
<jmedina> you can mountit with the another priority, so is used only when first swap is filled, or you can mount it with the same priority, the both swaps are used in a round robin fashin
<cjwatson> you can use your favourite partitioning tool to resize the partition itself, and then just mkswap over the top
<cjwatson> if you don't want to have two adjacent swap partitions, which some might feel to be untidy
<tbielawa> Greetings all. I'd love to see screen in main. Though I'm not certain about the screen-profiles being a dependency. What are the current arguments for adding that dependency?
<ScottK> I'd say recommends at most.
<tbielawa> I agree with that
<Deeps> there are actually many major bugs still outstanding in mysql 5.1
<Deeps> or at least, there was at the time of release, odds are many of them are still there; http://monty-says.blogspot.com/2008/11/oops-we-did-it-again-mysql-51-released.html
<cjwatson> screen has been in main for years
<cjwatson> in fact, it was there in warty
<MianoSM> tbielawa: I agree.
<fauxhawk> tbielawa: I concur
<MianoSM> cjwatson: The issue isn't with screen, it's with adding extraneous packages that are nice to have, but not something many of the older ornery admins are most likely going to embrace.
<cjwatson> MianoSM: sure, but tbielawa said "I'd love to see screen in main".
<tbielawa> My mistake there, misread the blog post.
<MianoSM> cjwatson: He was talking about the screen-profiles maybe?
<tbielawa> Yes
<cjwatson> I assumed it was probably a typo or thinko, but wanted to nip confusion in the bud
<tbielawa> :)
<tbielawa> I ought to check the mailing list.
<fauxhawk> told to me by our IT dept: "what is this putty thing?" me: "an opensource program to access a remote shell" ITguy:"if it is open source, why does it ask you for a password when you run it?"
<tbielawa> ...
<genii> fauxhawk: Hopefully he's not one of the head IT guys.
<fauxhawk> genii: thank god no
<MianoSM> fauxhawk: I'd bet 1,000,000 he's bald, amirite?
<fauxhawk> MianoSM: HOW DID YOU KNOW
<MianoSM> if he knew the loonixes he'd have tons o hair like RMS
<tbielawa> I took a picture of myself the other day and realized I looked like an RMS like looney some times
<uvirtbot`> New bug: #319718 in mysql-dfsg-5.1 (universe) "package mysql-server-5.1 5.1.30-2ubuntu3 failed to install/upgrade: aliprosessi post-installation script palautti virhetilakoodin 1" [Undecided,New] https://launchpad.net/bugs/319718
<DogWater> Does anyone here use kickstart to install Ubuntu? is there any way to issue a command that will just wipe out the filesystems completely before it gets to the disk partitioner? mainly to avoid problems with LVM?
<kaje> The settings in /etc/resolv.conf keep changing on me... I think it is being caused by a DHCP renew or something. How can I stop it?
<jmarsden|work> kaje: Edit /etc/dhcp3/dhclient.conf so it doesn't get DNS info from DHCP -- if that is what you want?  Or just configure the server with a static IP and don't use DHCP.
<kaje> do I configure it with a static ip in /etc/networking/interfaces?
<user___> y
<jmarsden|work> Yes, see https://help.ubuntu.com/8.10/serverguide/C/network-configuration.html
<jmarsden|work> Reading that whole guide is worthwhile if you are running Ubuntu Server, by the way.
<kaje> thanks!
<jmarsden|work> You're welcome.
<orudie> how can i go to a specific line number in nano ?
<jmarsden|work> orudie: nano +1234 filename.txt
<genii> orudie: nano +1234 filename          goes to line 1234
<jmarsden|work> We used the same example line number :)
<genii> hehe
<DogWater> oh man what did they do to kickstart  in 8.10
<DogWater> its totally broken
<ziggles> I just finished the following tutorial: https://help.ubuntu.com/community/JeOSVMBuilder , VM started ok but i cannot ping it... is there any way to debug?
<jmedina> just like any other system
<jmedina> check your interface is up and with link (ethtool), run a sniffer and see if you have incoming traffic
<jmedina> tcpdump -i ethX
<ziggles> thanks jmedina
<smgoller_> Hi, I'm planning on doing an install of ubuntu server under vmware server 2 and I was curious as to if it would be that much better to do a JeOS install instead of the normal server version.
<smgoller_> This would just be a one off, not packaging an appliance for distribution
<jtaji> smgoller_: I would stick with server
<smgoller_> ok, I was curious since JeOS claims to remove a lot of the things a kernel would need for a physical computer but not a virtual one
<P4C0> hello, when I installed ubuntu server, it asked for the way to install updates, i choose automatic, however I can't see any cronttab or similar for that... how are automatic updates done in ubuntu server?
<smgoller_> thanks for the opinion, jtaji :)
<Slart> P4C0: did you get an answer for your apt-update question?
<P4C0> Slart: no
<Slart> P4C0: have you checked in /etc/cron.daily/  ?
<P4C0> i don't have the box right now, but I think i checked them... is there were it's supposed to be?
<Slart> P4C0: I'm not sure.. but I have a script in there called apt that does a lot of things.. that might be it
<P4C0> Slart: thanks I will give it a try when I get home
<Slart> P4C0: you're welcome
<Blaenk> hey guys I'm running lightttpd on my ubuntu server and I can't figure out how to install memcached for php5
<andol> cjwatson: Should there be a Tomcat-test for hardy 8.04.2 server?
<mathiaz> andol: no
<mathiaz> andol: tomcat5 is only available starting from intrepid
<mathiaz> andol: same for the host virtualization use case
<kaje> I've set up a SingleSignOn configuration using the how-to on ubuntu's wikis. When a user ssh's into a machine with a password, it gets a kerberos ticket for them. However, when they ssh in with a public key, it does not get a ticket. How do I set it up to grant them a ticket?
<Gargoyle> Greetings. Anyone alive? I am remotely reconfiguring IP addresses of servers and was wondering if anyone would double check my configs as I will be screwed if I get them wrong! :o)
<Gargoyle> if I am multi homing an interface should I keep eth0 and then add eth0:0, eth0:1 etc, or change eth0 to become eth0:0?
<jmarsden|work> Gargoyle: Keep eth0, add the alias(es) you need.
<andol> mathiaz: ok, thanks.
<Gargoyle> This look OK?
<Gargoyle> http://pastebin.ubuntu-uk.org/46401
<Gargoyle> And can I use ifconfig eth0:0 up to bring the extra one online, or do I need to fully restart networking?
<vigo> Is there a script available to start UFW on boot?
<jdstrand> vigo: 'sudo ufw enable' is all you need to do
<vigo> Thank you
<Blaenk> hey guys I installed php5-memcache and it added the appropriate conf file but looking at phpinfo, it won't read/parse it
<Fishscene> How do I re-detect my network adapters? I am using Ubuntu 8.10
<Fishscene> UBuntu Server 8.10*
<Gargoyle> I am trying to pring up eth0:0 and I am getting "SIOCSIFFLAGS: Cannot assign requested address". Any ideas?
<Gargoyle> OK, a bit odd. ifup eth0:0 gave me the same error, but it did actually bring up the interface!
<Deeps> Gargoyle: that approach is deprecated in favour of using ip addr add ip/32 dev eth0
<Deeps> Gargoyle: unfortauntely there's no nice way to do it beyond having a for loop or multiple up lines in your eth0 definition in interfaces
<Fishscene> Using Ubuntu Server, the adapters seemingly refuse to get a DHCP IP address during install. However, when using the desktop cd, the same computer gets a DHCP ip address without any problems. Since Ubuntu Server won't install my ethernet adapters during the OS install, I still need to install them. How do I go about doing this?
<Gargoyle> Deeps: Soo you don't define eth0:0, etc  entries in interfaces anymore?
#ubuntu-server 2009-01-22
<Gargoyle> If I "ifdown eth0" does eth0:0 stay up?
<Deeps> Gargoyle: nope
<Deeps> Gargoyle: urr, dunno
<Gargoyle> I think it's a no! :)
<Gargoyle> What are the concequences of rebooting the server if it's eth0 ip address will knowingly conflict with another server?
<Gargoyle> will eth0:0 come up?
<Gargoyle> Ahh, balls to it... I'll just change them one at a time... worst case is that it sets off the alarms at the hosting co and some poor sys admin has to come and check what is going on!
<Deeps> it'll come up, cached arp records be damned
<Deeps> and your router will get confused if it doesn't have static arp mappings
<Deeps> and your hosts will hate you
<Gargoyle> :)
<Gargoyle> I am just gonna do em one at a time. so one address will disappear from the network for a min or two!
<Gargoyle> awww, poo
<Gargoyle> ssh has not come back up!
<Gargoyle> Don't you just hate remote managing servers!
<Deeps> dont tend to manage many locally
<Deeps> so i guess not, heh.
 * Gargoyle wipes his brow...
<Gargoyle> It was just on a go slow!
<cjwatson> andol: I don't know, I'm afraid - mathiaz might
<cjwatson> DogWater: I'd very much like to work with you to debug your Kickstart problems, but I'm just about to go to bed. Could you please (a) file a bug on https://launchpad.net/ubuntu/+source/kickseed/+filebug with as much detail as you can (at least a copy of your Kickstart file, and the installer's syslog file if you can), and hop onto #ubuntu-installer sometime tomorrow?
<cjwatson> DogWater: (I wrote our Kickstart implementation and if it broke it's probably my fault.)
<Fishscene> I have created a directory called, "/vmfiles/vm" However, if I go into the vmfiles directory and run "ls" it does not display the vm directory. But I can still navigate to /vmfiles/vm. Any ideas why vm does not show up in ls?
<uvirtbot`> New bug: #319843 in mysql-dfsg-5.1 (universe) "root password is not asked during default install" [High,Triaged] https://launchpad.net/bugs/319843
<techsupport>  hi, in ubuntu , how can i make a user owner of a directory and all its sub directories, i'm trying with chown
<p_quarles> chown -R user:group /path/to/dir
<techsupport> thanx
<pascualcm> hi
<pascualcm> can someone help me with an issue am having concernin ia31 lib please
<IcemanV9> is there a specific solution for slow response from 8.10 server?? there is like 2-5 seconds delay before it respond ... in ssh session, webpage, wordpress. i have exhausted the resources on looking into dns, resolv.conf, hdparm. i'm at loss to resolve it.
<vertx> Does anyone uses nagios? I could really use a helping hand here. I tried to compile nagios-plugins-1.4.13 but the make command returns  undefined reference to `np_net_ssl_read'
<Koon> vertx: users of nagios usually don't compile their plugins by hand :)
<vertx> I tried googling it. The only suggestion I could find is that I have to install ssl-dev package, for which I have already done using libssl-dev package. Did I do anything wrong in between?
<vertx> @Koon: thanks for your reply. But I can only see nagios2 available on the repo. I'm using Ubuntu Server 8.04, btw. What do you suggest?
<Scix> Good morning from norway :)
<Scix> I can't get this guide: https://help.ubuntu.com/community/PamCcredsHowto to work with intrepid. What am I missing?
<Scix> when i try to use getent passwd, whe user is found, but when i try to log in, i'm getting authentication failed
<Koon> vertx: the plugins are there somewhere, let me see
<Koon> nagios-plugins (1.4.11-1ubuntu5) [universe]
<Koon> splitted into nagios-plugins-basic nagios-plugins-extra and nagios-plugins-standard
<spiekey> Hello!
<spiekey> when i try to start my xen instance i get this error: Error: Device 51713 (vbd) could not be connected. Backend device not found.
<spiekey> <spiekey> with this config file: http://pastebin.com/m4692ce62
<spiekey> any idea why?
<Koon> spiekey: maybe #ubuntu-virt can help you.
<spiekey> thanks
<kraut> moin
<frippz> I've got a Dell PowerEdge 1950 that I'd like to read temps from. anyone who knows what software is supported for this?
<kraut> what are temps!?
<frippz> temperatures
<frippz> not temporaries :)
<barduck> I need help - I tried to remove sendmail using apt-get and it somehow failed. Now anything I triy to do with apt-get or dpkg starts sendmail config ("Setting up sendmail-bin (8.14.3-4) ...") and then fails again with "E: Sub-process /usr/bin/dpkg returned an error code (1)" - what to do ?
<barduck> anyone ?
<agentk> barduck: apt-get -f install ??
<barduck> tried "apt-get -f install sendmail" and "apt-get -f remove sendmail", same result
<agentk> dpkg -a configure
<cjwatson> that is a syntax error
<agentk> Hmmm. I cant remember what it's ment to be come to think of it.
<cjwatson> barduck: is there any other message between "Setting up ..." and "E:"?
<cjwatson> agentk: you meant dpkg --configure -a, but it won't help here
<barduck> cjwatson: yeah, there is tons of stuff sendmail config trying to do until it finally gives some errors and quits
<barduck> I dont want sendmail
<cjwatson> barduck: try 'dpkg --remove sendmail-bin'
<barduck> I want to completely get rid of it
<barduck> cjwatson: same result
<barduck> it says sendmail is not installed
<barduck> then runs the sendmail config
<cjwatson> surely not, it can't possibly begin with "Setting up sendmail-bin" for starters
<cjwatson> barduck: could you put a transcript on paste.ubuntu.com, please?
<barduck> cjwatson: of course
<barduck> cjwatson: this is when I run dpkg --configure -a : http://paste.ubuntu.com/108205/
<cjwatson> it seems that /etc/init.d/sendmail has been removed but sendmail-bin still expects it to be there. Personally I would create /etc/init.d/sendmail that just reads like this:
<cjwatson> #! /bin/sh
<cjwatson> exit 0
<cjwatson> chmod +x that file, and then try again
<barduck> I will try that
<cjwatson> you can remove that file later
<cjwatson> this is of course a bug that we'd appreciate you reporting on LP
<barduck> I think I also removed /var/cache/apt when I tried to fix the above problem so now I get "E: Could not open lock file /var/cache/apt/archives/lock" from apt-get
<barduck> should I just create the dir ?
<ivoks> yes
<barduck> cjwatson: ok, that fixed the dpkg --configure . But now I have sendmail in a zombie state. The package is not installed but I have traces of it all over my system. Any way to completely remove it
<barduck> ?
<cjwatson> you removed /var/cache/apt ??
<cjwatson> what else did you mess about with? ;-)
<cjwatson> barduck: put the output of   dpkg -l "sendmail*"   on paste.ubuntu.com please?
<barduck> cjwatson: alot ! :) sendmail is stuck all over my system and it completely gets on my nerves...and I am not known for my patience :)
<barduck> cjwatson: coming right up
<cjwatson> you may have interfered with dpkg's own cleanup and made your problems worse
<barduck> it couldn't have been worse
<barduck> or could it ?
<barduck> cjwatson: http://paste.ubuntu.com/108206/
<Koon> frippz: dmidecode might get you the info you need
<Koon> frippz: see http://www.thegeekstuff.com/2008/11/how-to-get-hardware-information-on-linux-using-dmidecode-command/
<frippz> Koon: thanks. will look into it
<cjwatson> barduck: ok, 'dpkg --purge sendmail-base sendmail-bin sendmail-cf'
<barduck> holy cows ! It is gone! I am free at last!
<barduck> cjwatson: thanks a lot
<barduck> and I know better now what to do if this happens again
 * barduck runs to install postfix
<cjwatson> barduck: (and remember to remove the /etc/init.d/sendmail hack you put in place)
<barduck> cjwatson: it is gone...
<barduck> from the purge, I guess
<cjwatson> ok
<cjwatson> barduck: apt-get purge "sendmail*"   would probably have done it in the first place
<cjwatson> or use aptitude to mark all sendmail-related packages as purged, and then tell it to go
<barduck> cjwatson: what I initially did that screwed it all is "apt-get purse sendmail"
<barduck> *purge
<cjwatson> I suspect sendmail*'s dependencies are subtly broken in some way that affects purge, and thus you need to get the order right :-/
<cjwatson> hence suggesting purging them all at once
<barduck> that won't happen again...
<barduck> but thats only because sendmail got on my nerves and I will never install it again
<barduck> :)
<barduck> ok, I think my system is in serenity again...
<barduck> many thanks, cjwatson
<cjwatson> no problem
<DogWater> So is anyone working on fixing the kickstart system in 8.10?
<ivoks> what's wrong with it?
<cjwatson> DogWater: I replied to you last night, but maybe you missed it?
<cjwatson> 00:21 <cjwatson> DogWater: I'd very much like to work with you to debug your Kickstart problems, but I'm just about to go to bed. Could you please (a) file a bug on
<cjwatson>                  https://launchpad.net/ubuntu/+source/kickseed/+filebug with as much detail as you can (at least a copy of your Kickstart file, and the installer's syslog file if you can), and hop onto
<cjwatson>                  #ubuntu-installer sometime tomorrow?
<cjwatson> 00:21 <cjwatson> DogWater: (I wrote our Kickstart implementation and if it broke it's probably my fault.)
<heath|work> Is anyone using rdiff for backups?
<Mohammad[B]> hi all
<Mohammad[B]> how to i can resolve it --> http://paste.ubuntu.com/108240/ ? please help me :( very important
<DogWater> cjwatson: sure I can post it for you, it is just kind of strange really the 8.04 install with the same ks file works fine (except it still asks me to partition which i need to eliminate) but the same file on 8.10 is just insaneoflex
<cjwatson> DogWater: kickseed is sometimes sensitive to other changes in the installer, so it can happen that we change something else and then if we forget to update kickseed it all breaks
<cjwatson> DogWater: (remember to remove passwords from the Kickstart file before posting it, obviously!)
<kj4> hello all
<kj4> anyone here taken the LPI tests?
<uvirtbot`> New bug: #292293 in openvpn (universe) "udev rules for tun device have wrong permisisons" [Undecided,Invalid] https://launchpad.net/bugs/292293
<incidence> How did I set a new IP for eth0:X?
<Authority> What is the proper way to manage the /etc/inetd.conf file?  I keep deleting the #<off># string from the services I need but something keeps putting it back
<ogra> soren, do you happen to be around ?
 * ogra needs some qemu advice
<frippz> does anyone know by what means Landscape receives temperature info from a server?
<henkjan> frippz: lmsensors?
<frippz> henkjan: you sure?
<henkjan> frippz: no, just a guess
<ogra> more likely acpi through sysfs
<ogra> or /proc
<frippz> I'm on a trial here and just noticed that the temperature info was empty. would like to fix that :)
<ogra> or it installs a little dwarf inside your server case that put his fingertips at the neuralgic temperature points
<frippz> ogra: :P
<frippz> better be a damn small dwarf for a 1U server :D
<ogra> yeah, dont forget to feed him little sandwiches ... else he wont measure :)
<ogra> "gnome inside"
<cjwatson> Authority: update-inetd
<Authority> cjwatson: thanks, i'll give that a try
<Authority> cjwatson: does it make sense that if I'd previously just used vim to edit the file that something else would be disabling the service again though?
<cjwatson> Authority: it sounds odd, but it's a while since I looked into update-inetd
<cjwatson> Authority: you might want to file a bug
<Authority> cjwatson: well I'm going to watch the file for a few days and see if it happens again before I do something like that.  might be good to check though to see if someone else has already filed a similar bug.  thanks for the assistance
<ogra> well, if you have i.e. openbsd-inetd installed and its set to start standalone in /etc/default, and you run apt-get upgrade, debconf might listen to the /etc/default setting and take it out on inetd.conf
<ogra> err
<ogra> s/openbsd-inetd/tftpd-hpa/
<ogra> s/on/of/
<cjwatson> s/debconf/some maintainer script that uses debconf/
<ogra> right
<cjwatson> however, any such action is a bug
<ogra> but in this case /etc/default counts ...
<cjwatson> and should be reported and fixed
<cjwatson> if you're really crazy enough to have two configuration files with potentially conflicting files and try to sync one to the other, you should at least check which is newer. Better still, don't do such a silly and confusing thing.
<cjwatson> (where "you" = package maintainer)
<ogra> well, its how tftd-hpa comes from debian ...
<ogra> i always found that behavior odd
<colonelqubit> When I run apt-get upgrade, new kernels are being held back. What's the best way for me to tell what security fixes (if any) are included in the new kernels?
<jmedina> colonelqubit: reading the changelog?
<jmedina> I like apticron because it sends a email with that info, the security update, the changelog, and even the CVE report
<colonelqubit> jmedina: okay, but 'linux-server' is a metapackage, so while dpkg -l tells me what kernel rev I'm on now, how can I tell what version I will be upgraded to?
<cjwatson> colonelqubit: dist-upgrade would install the new kernels
<jmedina> mmm I think you never upgrade to a major kernel version, only some patch to your current kernel
<cjwatson> (see the apt-get manual page for the difference between upgrade and dist-upgrade)
<jmedina> someting like
<jmedina>  * Kernel ABI bump for linux-source-2.6.15 version 2.6.15-52.
<jmedina>    Security update.
<cjwatson> colonelqubit: if you install apt-listchanges and configure it appropriately, it'll show you all the changelogs for everything you're upgrading, and prompt you before going ahead and upgrading
<cjwatson> it sounds like what you want
<colonelqubit> cjwatson: hmm. I'd prefer to not have to install any new packages, but that does look promising.
<jmedina> in fact, apticron uses apt-listchanges
<cjwatson> colonelqubit: you will have to install new packages any time the kernel ABI changes, I'm afraid, and that is sometimes necessary
<cjwatson> you can always say no to apt-listchanges and then be more selective, if you like
<colonelqubit> cjwatson: oh, I just meant that I wish I didn't have to install the 'apt-listchanges' package, hoping that apt-get or dpkg already had enouch functionality...
<cjwatson> oh, right
<colonelqubit> cjwatson: what about 'apt-get install linux-server -s' ?
<cjwatson> you can in principle pick the changelog out of a package with just dpkg but it's annoying.
<colonelqubit> (maybe the -s goes before the package name)
<cjwatson> colonelqubit: that will tell you what new packages will be installed as a result, but will not show the changelog
<cjwatson> nor anything about security fixes, etc.
<colonelqubit> cjwatson: sure, but if I can get the version # of the kernel, I can then just look online at the changelog
<cjwatson> in that case why not just 'apt-cache show linux-server', look at the highest version number paragraph there, and check the dependency
<cjwatson> or indeed, why not just https://launchpad.net/ubuntu/+source/linux and look for the highest one targeted at your release :-)
<colonelqubit> cjwatson: good point -- I should be resonably certain that upgrading linux-server will give me the latest and greatest in the package repository?
<cjwatson> generally, though sometimes linux-meta updates lag a little bit behind
<jmedina> I always recommend to suscribe to the USN list
<colonelqubit> jmedina: oh, yes, I subscribe to USN, but I usually only glance at it.  The current sysadmin is out with a new baby, so I'm taking over duties temporarily... :-)
<kaje> Does anyone know if there is a way to force the settings of a ufw command? I'm trying to run a script to enable ssh commands across several hundred machines and each time it asks for a y|n confirmation because my setting "may disrupt ssh communications"
<jdstrand> kaje: no. the version of ufw in jaunty will have preseeding/debconf ability though
<jdstrand> kaje: for your current situation, you can do:
<jdstrand> ufw allow ...
<jdstrand> sed the /etc/ufw/ufw.conf file
<jdstrand> /etc/init.d/ufw start
<kaje> right, but when I do ufw enable it asks me if I'm sure I want to do that... I'm not looking forward to hitting y hundreds of times
<jdstrand> kaje: notice we bypassed 'ufw enable' there
<kaje> ahh
<kaje> so I could just copy the ufw.conf file over and then start it?
<jdstrand> kaje: sure. that also goes for /var/lib/ufw/*rules files too
<jdstrand> kaje: and really anything in /etc/ufw/*
<jdstrand> kaje: but you can add rules (eg ufw allow 22/tcp) without it being enabled
<kaje> I see
<jdstrand> kaje: and then just turn it on at the end eith 'enable' or with what I suggested a moment ago
<jmedina> kaje: if you are scripting then use expect to automatically answers...
<kaje> expect, I'll take a look at that
<kaje> Thanks for all the help guys =)
 * jdstrand considers adding 'force-enable'
<ziggles> hi guys, i have a server that is unable to ping fqdn (ie google.com)... it's setup as DHCP and /etc/resolv.conf looks the same as other ubuntu boxes that are OK.  Any ideas?
<vertx> ziggles: I presume you meant it is setup as a DHCP server right? could it ping any other IIPs (private or pulic)?
<ziggles> hi vertx.  It's actually a client at this point.  I had it set on a manual/static IP but then noticed this problem.  I then switched it to DHCP to make sure i was not screwing up any configs
<Faust-C> would anyone have info on making wifi better, as in VNC on my lan is beyond slow how do i improve it
<vertx> ziggles: try pinging upstream, to your modem/router's ip address, then do a tracepath to google or something, see what happens. Does ping to google returns with an ip address?
<Faust-C> vertx: what seems to be ziggles problem
<vertx> Faust-C: he could not ping FQDN (ie google)
<ziggles> Faust-C: i cannot ping fqdn from one host on my lan.
<ziggles> oh oops :X  thanks vertx
<ziggles> vertx: i can ping the router, and tracepath results in No Reply after the router
<ziggles> i wonder if its the router that's blocking me out... but it's just a cheap dlink home router... no real configs.  strangely enough this host was able to ping out last night
<uvirtbot`> New bug: #319848 in mysql-dfsg-5.1 (universe) "upgrading from mysql-server-5.0 to mysql-server-5.1 doesn't work" [Undecided,Confirmed] https://launchpad.net/bugs/319848
<Faust-C> ziggles: i just had that issue
<Faust-C> ziggles: do you have DNS on your lan
<ziggles> i do not
<Faust-C> ziggles: ill give you a example of my setup
<ziggles> this really isnt a fancy setup lol...  i just have a few ubuntu boxes on a home network one being a server.  I'm trying to config this box before i bring it out
<ziggles> Faust-C: awesome, thank you.
<Faust-C> att wwan (internet) <- (NAT using arno-iptables) -> eth0 (lan)
<Faust-C> eth0 runs DNS and DHCP
<Faust-C> once i installed bind inet for wireless clients works
<ziggles> was it working at all before you installed bind?
<Faust-C> only for local wired clients
<Faust-C> but laptop wasnt getting inet
<Faust-C> ziggles: logs have any info?
<ziggles> the only error i have really is this: Jan 22 10:17:01 lucca console-kit-daemon[5161]: CRITICAL: cannot initialize libpolkit
<ziggles> but i dont think it has anything to do with the network
<Faust-C> ziggles: what about the following logs
<Faust-C> daemon, syslog,
<Faust-C> abd debug
<Faust-C> and*
<ziggles> Faust-C: i THINK it looks ok?  http://pastie.org/367939
<ziggles> i have two bridges
<Faust-C> sec lemme look, ill make my setup more clear too
<ziggles> bridging eth0 and eth1 to br0 and br1... (they appear in the logs)
<ziggles> I've also tried setting them to manual and no luck
<ziggles> thanks Faust-C
<Faust-C> i dont think you can make 2 bridges out of 2 devices
<Faust-C> but lets see
 * Faust-C gets his config
<ziggles> really?
<ziggles> my goal was to have virtual machines running through different nics to avoid a bottle neck
<ziggles> and it was working... for a few hours lol
<Faust-C> ziggles: heh im doing the same thing
<Faust-C> but ill show you a diff way
<ziggles> awesome thanky ou
<vertx> Faust-C: I have a question. How can one determine that bind cache(s) domain name look-ups? Where should I look for them? Isn't it supposed to be cached in /var/cache/bind? That directory seems always to be empty, and streams of name look-up keeps being requested directly to my ISP.
<Faust-C> vertx: it depends on  your setup
<Faust-C> for instance w/ mine it uses *itself* when it actually uses ISP
<Faust-C> so its a forwarding DNS server
<Faust-C> ziggles: http://pastie.org/367943
<Faust-C> vertx: you can also set it up to be a caching server
<Faust-C> which i need to do considering my inet is just above dial-up speed
<vertx> Faust-C: the clients are set to request to local dns server, The DNS server is setup as bot forwarding and caching. Is that possible?
<Faust-C> yep, thats exactly what im doing
<Faust-C> sometimes i dont understand how i get stuff to work .....
<vertx> But how do I know whether the server is caching those domains or not. Would it keep those caches as a file?
<jmedina> vertx: you can enable logging
<jmedina> or try
<jmedina> sudo rndc querylog
<jmedina> and watch your logs
<jmedina> that will log every query request
<jmedina> you can disable it againt with rndc querylog
<vertx> jmedina: thanks I'll try that. where does the log ends-up in? syslog?
<jmedina> yeap
<vertx> jmedina: great. thanks again.
<jmedina> vertx: is that what you want?
<jmedina> vertx: and you can also use dig externaldomain.tld and then check the response time
<jmedina> you will notice that the second request gets faster because is already cached
<vertx> jmedina: isn't there a physical evidence of those chaches?
<vertx> *cache
<vertx> jmedina: I mean shouldn't be there one file or a series of files that shows the name look-up caches?
<jmedina> vertx: the cache is in memory, you can dump that cache to a file with "rndc dumpdb"
<jmedina> by default stored in /var/cache/bind/named_dump.db
<jmedina> XD
<vertx> jmedina: apt-get rndc returns with "ï»¿Couldn't find package rndc" :(
<jmedina> rndc is part of bind9
<jmedina> dpkg -S `which rndc`
<jmedina> bind9: /usr/sbin/rndc
<vertx> jmedina: i see. thanks.
<ziggles> damn faust-c is gone and i didnt get a chance to thank him.
<vertx> does anyone have successfully compiled nagios-plugins-1.4.13 on ubuntu server 8.04? or is there an alternative, like a pre-compiled .deb package? I can only find a nagios2 on the repo.
<vertx> ï»¿nagios-plugins-1.4.13 compiles perfectly on my ubuntu 8.04 client, but not on the server. any ideas?
<adonm> whats the compile failing on?
<adonm> not that ive ever tried compiling nagios ;P
<adonm> personally am using zabbix, coz its a bit easier to work with
<vertx> adonm: is zabbix good? is it also free?
<adonm> vertx: yeah its pretty nice
<adonm> vertx: takes a bit to setup but for monitoring and email alerts id say its my favourite free tool
<adonm> it does snmp monitoring + agent monitoring
<adonm> and the agent is available for windows & linux & solaris
<vertx> adonm: that sound great. i'll look it up :)
<adonm> i think 1.4something is in the ubuntu repos, and 1.61 is available in a ppa somewhere (zabbix that is)
<vertx> adonm: is there a major difference between the 1.4 and 1.6 version?
<vertx> adonm: i mean performance or feature wise?
<adonm> i think the maps stuff in 1.6 is a fair bit better
<adonm> thats the network diagram style dispaly of faults across the network
<vertx> adonm: their screenshots looks great. thanks. downloading now :)
<MianoSM> login as: mianosm
<MianoSM> mianosm@miano.us's password:
<MianoSM> Keep it gangster, and let me know what's up.
<MianoSM> Last login: Thu Jan 22 14:13:27 2009 from tbgw10.mybrighthouse.com
<MianoSM> mianosm@miano:~$ sudo htop
<MianoSM> mianosm@miano:~$ clear
<MianoSM> mianosm@miano:~$
<MianoSM> Is there a fix for this issue yet?
<jmedina> what issue?
<MianoSM> No request for a password as a sudo user?
<MianoSM> Is it cool to just run sudo without prompting for a password?
<jmedina> did you log in before? probably password is cached
<fauxhawk> his log has the motd
<MianoSM> fauxhawk: wat
<jmedina> yeap, but we are all over the world with different time zones :D
<fauxhawk> jmedina: it is when he logs in
<jpds> MianoSM: "sudo -K" - resets the sudo timeout
<MianoSM> It should be clearing the cache on logout then I'd imagine....
<jmedina> echo "sudo -k" >> ~/.bash_logout
<jpds> Big K that is.
<fauxhawk> jmedina: any idea why this isn't the default?
<jmedina> fauxhawk: I dont know, have you read the manpage?
<jmedina> you can set the timeout in sudoers
<Koon> vertx: apt-get install nagios-plugins ?
<vertx> Koon: Thanks. I'll try that later. Right now the update manager is downloading 36 updates. Darn, it takes such a long time :( BTW, what version is it?
<Koon> 1.4.11
<vertx> Koon: Nice, that should do it. Thanks. Sorry, my inet connection was such a bummer earlier today, so I was repeatedly disconnected automagically, and could not thank you for your help before.
<Koon> vertx: you're welcome ;)
<Gargoyle> Anyone got any recommendations for a simple rrdtool setup that can give me cpu/mem/net graphs? I was looking at cacti, but it seems a bit much for 3 simple graphs
<P4C0> hello guys, I have an entry for my host of 127.0.1.1 in /etc/hosts is that normal??
<P4C0> shouldn't it be 127.0.0.1 ?
<andol> P4C0: Well, actually the entire 127.0.0.0/8 points towards the loopback interface.
<P4C0> ok
<P4C0> but it comes like that by default? or i modified it? ... can't remember :(
<cjwatson> P4C0: yes, it's normal and intentional
<P4C0> ok :) thanks cjwatson
<cjwatson> P4C0: the point is to have each IP address having only one canonical hostname, to have each hostname having only one IP address, and to have both 'localhost' and the hostname chosen for your box defined as distinct hostnames
<cjwatson> if your box doesn't have a static IP, then the best way to do that is to give it another IP address in 127/8
<cjwatson> see comment 30 on bug 8980
<uvirtbot`> Launchpad bug 8980 in network-manager "hostname -f does not return a proper FQDN" [Medium,Confirmed] https://launchpad.net/bugs/8980
<uvirtbot`> New bug: #320212 in samba (main) "cannot access samba share after mount.cifs" [Undecided,New] https://launchpad.net/bugs/320212
<ziggles1> dang.... i was in here earlier but still cant figure out why one of my hosts is unable to reach fqdns past my router
<ziggles1> anyone have a pointer as to where i can start to debug?
<orudie> i have a problem, i did chown -R 'username' www , now i cant change anything in my drupal admin web interface :(
<ziggles1> orudie: not sure if this helps, but does the group that username is have an impact?
<jmedina> orudie: could you show the output from : ls -ld www
<orudie> jmedina, hold on
<orudie> paul@linode:/var$ ls -ld www
<orudie> drwxr-xr-x 12 paul root 4096 Jan 22 16:46 www
<orudie> paul@linode:/var$
<orudie> jmedina, ^
<jmedina> well you need to give www-data write permisions to some files,which insecure in my opinion
<orudie> FUCK !
<orudie> oops sorry
<orudie> everything was running smooth
<orudie> before
<jmedina> fuck where are the backups.....
<jmedina> :D
<jussi01> !ohmy
<ubottu> Please watch your language, attitude, and topic to help keep this channel friendly and helpful. Remember, there are kids here!
<jmedina> sorry
<orudie> dude i had no idea lol
<jmedina> kids administering servers?
<orudie> why would i backup before chmod ?
<jmedina> that is new
<orudie> i mean
<orudie> chown
<Deeps> jmedina: they gotta learn sometime...
<orudie> i always use chown command, but never did it with a www dir. , so i guess this will be something that i had to find out sooner or later
<jmedina> orudie: orudie why wont you chown to the last owner?
<orudie> jmedina, can you help me with that ?
<jmedina> orudie: you remember the last owner?
<orudie> jmedina, no, like i said i never messed with the www dir.
<orudie> jmedina, isnt it apache2 server ?
<orudie> or
<jmedina> orudie: scroll up in your terminal, probably you can see the last pems
<orudie> but i havent changed em
<orudie> this is the first time
<orudie> maybe there is an undo command for the chown -R ?
<orudie> jmedina, ^
<kaje> What is the prefered way to share disk space from a ubuntu server to many ubuntu clients?
<Deeps> normally www-data owns /var/www/
<orudie> Deeps, so should i try chown -R ww-data /var/www ?
<orudie> w
<jmedina> Deeps: yeap the problem is that drupal needs to write in some files, and if ehe chown -R I think is insecure
<jmedina> orudie: you should read the drupal manual and check the perms you need
<Deeps> orudie: could try, yep
<jmedina> they have a list with the files need write permision for the apache user
<Deeps> jmedina: yep, and if drupal scripts are running as 'www-data', which they will be if he's using apache2 + libapache-mod-php5
<jmedina> Deeps: by default /var/www is owned by root not www-data
<Deeps> good point, the contents within are www-data though
<Deeps> especially if it's generated or edited by apache
<orudie> Deeps, thanx :) let me try
<Deeps> (unless he uses suexec or suphp, which is unlikely)
<jmedina> Deeps: I agree
<jmedina> I would run chmod 755 for every dir and 644 for every file, and then read drupal howto, check which files needs write perms..
<orudie> thanx guys, time to leave work :)
<orudie> its 5
<orudie> ttyl
<P4C0> what's the best way to: having unsigned int a=275; end up with unsigned int b=02; unsigned int c=75; ?
<P4C0> ups wrong channel...
<kaje> Can someone recommend a good how-to for setting up an openafs server on a ubuntu box?
<ziggles1> hi guys, is it possible to have two bridged networks?
<ziggles1> on diff eth ports of course
#ubuntu-server 2009-01-23
<ziggles1> Anyone know what this error means? libvir: QEMU error : internal error QEMU quit during monitor startup
<ziggles1> cant find anything useful in my logs :/
<kansan> how do i set the sudo password?
<mathiaz> kansan: it's your normal user password.
<mathiaz> kansan: there isn't such thing as a sudo password.
<kansan> ok
<kansan> how do i change a user's password?
<mathiaz> kansan: using the passwd command
<kansan> say i want to change user 'admin'
<kansan> if i'm logged in from 'root'
<mathiaz> kansan: passwd admin
<kansan> can i make it so that the admin user doesnt need to type a password when doing sudo tasks
<kansan> how do i list all user accounts enabled?
<jmarsden|work> kansan: users]
<kansan> if i log in from a private key... what user will i be
<kansan> when i log in?
<jmarsden|work> Type   who am i               to find out who you are.
<kansan> hahahah
<kansan> oh it actually works
<jmarsden|work> Of course!
<kansan> i thoguth you were jokin
<kansan> didnt seem to be a unix command
<jmarsden|work> I wouldn't do that to a newcomer to Linux/Unix.
<jmarsden|work> You can type    man who   to find out more about the who command
<PC_Nerd> Hi,  I dont have an 8.04LTS iso, but I have 8.10 and 7.10.  Can I downgrade/upgrade to 8.04 from those easily.  does 7.10 upgrade defualt to the most recent (8.10) etc, and will 8.10 let me downgrade. ?
<storrgie> hey quick question, i have a server setup on a T1 currently using A records for my domain to point to the servers address.... would it be better to figure out
<jmarsden|work> kansan: To make the admin user be able to use sudo without every typing a pw you *can* edit /etc/sudoers to do that... but it's probably a bad idea.
<jmarsden|work> storrgie: You never really finished your question, I think, or it was truncated?  Last words you posted were "would it be better to figure out" -- were there more?
<storrgie> DNS i meant
<jmarsden|work> Figure out DNS how?  If you have A records you already have DNS, A records are one kind of DNS record...?
<storrgie> well ok I am very new to this idea
<storrgie> from what I understand it might be better for me to do a reverse lookup from my server
<storrgie> because right now if i tracerout my domain
<storrgie> it gets stuck at the reverse dns that my ISP has in place
<storrgie> it doesnt go all the way home to my webserver
<cjwatson> PC_Nerd: downgrading between releases isn't supported (you can downgrade individual packages if you know what you're doing, but I've been working with Debian-based systems for ten years and I wouldn't attempt a downgrade across releases ...)
<storrgie> but since the A-record is set to hit the IP the webserver is on... my website works
<cjwatson> PC_Nerd: you can upgrade from 7.10 to 8.04 easily
<cjwatson> PC_Nerd: the upgrader should default to 8.04, since it would have to go via that to upgrade to 8.10 anyway
<PC_Nerd> ok - and ( Im about to put the 7.10 iso on my usb for booting)   do I have to make any specific changes... ?
<PC_Nerd> sorry:  any changes in order to stop it from upgrading to 8.10
<PC_Nerd> ?
<cjwatson> no
<cjwatson> it'll tell you what it's about to upgrade to, anyway
<cjwatson> so you can check to make sure
<storrgie> jmarsden|work: get what I am saying?
<jmarsden|work> storrgie: So your real question is "how can I make traceroute work all the way to my server?"
<PC_Nerd> ok fantastic. - thats cleared up that.. jsut in time for me to finally ( and right at the most inopportune time:P)  to find the 8.04 DVD for server edition      :P     thanks!
<storrgie> jmarsden|work: yes that would be the question... because right now apache says that it doesnt know its full domain name and just says its listening on 127.0.0.1
<jmarsden|work> That may actually be a totally different thing from traceroute...!
<storrgie> jmarsden|work: want me to get the exact thing?
<jmarsden|work> storrgie: To get the apache warning to go away... you may need to edit /etc/hosts file... can you pastebin that file for me?
<storrgie> jmarsden|work: yes I can, one moment. And thank you for the assistance
<storrgie> jmarsden|work: one issue, just checked my logs and i am seeing CRITICAL: cannont initialize libpolkit
<kansan> jmarsden, how would i i change it so that admin user can do anything without typing passwd?
<jmarsden|work> storrgie: That's probably a different issue (are you trying to use selinux?)
<storrgie> jmarsden|work: nope, i am not
<jmarsden|work> kansan: read the file, the info is in there, also man sudoers
<kansan> admin   ALL=(ALL) NOPASSWD: ALL
<jmarsden|work> kansan: Looks right; did it work?
<storrgie> jmarsden|work: check PM
<cjwatson> storrgie: I'd like to see that /etc/hosts as well, since I'm currently working on the bug on that subject
<storrgie> cjwatson: sure
<cjwatson> and more data wouldn't hurt
<jmarsden|work> storrgie: OK, let's get the Apache/ hosts file/DNS thing sorted first and then look at libpolkit.
<storrgie> cjwatson: do you have a bug filed in launchpad?
<storrgie> jmarsden|work: sure thing
<kansan> its frankly ridiculous:  sudo -p 'sudo password: ' cp /tmp/roles.yml /etc/ec2onrails .... doesnt require a passwd when i do it on the box; but when i use capistrano, it prompts me for a password
<cjwatson> storrgie: bug 8980
<uvirtbot`> Launchpad bug 8980 in network-manager "hostname -f does not return a proper FQDN" [Medium,Confirmed] https://launchpad.net/bugs/8980
<jmarsden|work> storrgie: I'd suggest you remove lines 3 and 4 from that file, and also it might be good to pick ONE domain name and only have one entry for 192.168.0.4 in there?
<cjwatson> so far I've identified a definite bug in network-manager (but not active with current code) and a confusing UI in netcfg that still remain
<cjwatson> oh, that /etc/hosts was clearly written by hand?
<cjwatson> the installer definitely never writes anything like that
<cjwatson> yes, you should only have any given name in one line of /etc/hosts. I agree with jmarsden|work
<jmarsden|work> cjwatson: Agreed.  I am glad to see this getting fixed at that level though; I'd given up on the tools long ago and just always edit /etc/hosts!
<storrgie> jmarsden|work: i have blacklisted ipv6 so should I also just comment all the ipv6 info out?
<cjwatson> jmarsden|work: if you know of anything more than the network-manager bug and the confusing UI in netcfg (i.e. it isn't clear that you can give it a FQDN when it asks for a hostname), I'd like to hear it
<cjwatson> storrgie: shouldn't matter
<jmarsden|work> storrgie: Not necessary.  See http://pastebin.com/d40a64e4b for my suggested fix
<jmarsden|work> cjwatson: I'm not sure exactly how it gets there, but I see the 127.0.1.1 line in there when I have a static IP far too often.  I've not tried to dupliocate the bug, always jsut edited the file and moved on.
<cjwatson> jmarsden|work: 127.0.1.1 is intentional and not a bug
<cjwatson> oh, but when you have a static IP?
<cjwatson> hmm, that is a bit odd
<jmarsden|work> Well, it is when you use DHCP, but not for static IP machines... right?
<storrgie> jmarsden|work: change anything in apache? or just do a reboot now?
<cjwatson> right, sorry, I have a knee-jerk reaction to people complaining about 127.0.1.1 :-)
<cjwatson> storrgie: shouldn't need to do anything more than restart apache, at most
<jmarsden|work> storrgie: Now just restart apache
<kansan> what would: /etc/sudoers.full_access  do?
<storrgie> restarted, no issues it seems.
<jmarsden|work> storrgie: Good, so that's that taken care of.
<cjwatson> jmarsden|work: if you *can* reproduce that, I'd like to get copies of: /etc/hosts /etc/resolv.conf /var/log/installer/syslog /var/log/installer/cdebconf/questions.dat
<jmarsden|work> kansan: Nothing unless you move it to /etc/sudoers as far as I know!
<storrgie> jmarsden|work: i believe so, thank you and cjwatson. now for my question about the tracert... and there is one more after that :D
<jmarsden|work> cjwatson: Ok, I'll let you know if I can reproduce it.
<cjwatson> I don't see any way in the current code in which you could get 127.0.1.1 for a static-IP setup, although I believe you when you say you've seen it
<jmarsden|work> cjwatson: Is it possible for a machine that was initial DHCP and then changed to static to accidentally keep that entry, maybe??
<cjwatson> jmarsden|work: changed when?
<jmarsden|work> storrgie: OK, can you pastebin me traceroute output from somewhere else to your server that shows the problem?
<jmarsden|work> cjwatson: By an admin configuring the machine a few hours later?
<cjwatson> jmarsden|work: depends how it was done, and would be entirely up to the admin, so certainly possible
<jmarsden|work> OK, that might be it.
<cjwatson> if they just edited a bunch of files by hand, entirely plausible
<cjwatson> I thought you meant it was a machine you'd installed yourself
<PC_Nerd> does ubuntu server have a basic graphic output (terminal to a vga screen?)   Im wanting to install it instead of desktop to mirror my VDS setup, but I also want ot be able to sit in front of it and use the terminal instead of ssh through another computer (its a tower server) ?
<jmarsden|work> But using the tools it shouldn't happen?  OK.
<cjwatson> jmarsden|work: well, we don't provide any server-oriented tools to make that change, as far as I'm aware
<cjwatson> on the desktop, goodness knows what gnome-system-tools and/or network-manager do
<cjwatson> PC_Nerd: yes, text-only consoles by default
<jmarsden|work> cjwatson: Yes... those may have been desktop installs now I think about it.
<PC_Nerd> fantastic thanks (didnt want to install just to find i have to do the other :))     thanks!
<jmarsden|work> storrgie: Ok, so you would like the last entry to read aether.storrgie.net or something like that?
<storrgie> jmarsden|work: yea that would be ideal... instead it just keeps going and going with * *
<jmarsden|work> Ah, you didn't show me any of those :)  That is because a router is blocking the traceroute packets, not much you can do to change that unless you are the admin of that router.  So 66.178.250.113 is *not* your server's public IP address?
<storrgie> nope, thats the DNS
<storrgie> i am admin of the router
<PC_Nerd> ok..... unetbootin to create a bootable USB drive with ubuntu 8.04 server.  It wont install because it cant find a CD drive, however the server has no CD drive.  How can I install ubuntu server from a USB?
<storrgie> 113 is the DNS
<jmarsden|work> You admin the computer/router/box that has IP address 66.178.250.113?  Is it a Ubuntu box?
<storrgie> nope the machine that is 113 is the DNS controlled by my ISP... im sure I could request something... what should I be asking for?
<storrgie> wait, let me explain
<storrgie> 113 is the DNS
<storrgie> however, the IP i am using is 114
<jmarsden|work> I'm confused... what traceroute command did you type to get the output you pastebinned?
<storrgie> tracerout storrgie.net
<jmarsden|work> OK, let me try that from here...
<storrgie> the A-record is pointing towards 66.178.250.114
<storrgie> the router that I control has that IP assigned to it
<storrgie> and the webserver, this ubuntu box is behind that router
<jmarsden|work> OK.  You would need to ask the admin of 66.178.250.113 to configure it to that traceroute packets for .114 are allowed through it; then you would need to ask whoever manages DNS for 250.178.66.in-addr.arpa. to set the PTR record for .114 to say storrgie.net
<jmarsden|work> s/to that/so that/
<storrgie> why? 250.178.66.in-addr.arpa.
<jmarsden|work> That is now reverse DNS works, basically.  dig -x 1.2.3.4 looks up the PTR record for 4.3.2.1.in-addr.arpa.
<storrgie> so how do I make contact there? I can get ahold of my ISP... but the in-addr.arpa i am confused about
<jmarsden|work> It is probably your ISP who controls that part of the address space.
<storrgie> ok my last question for the night is this, when I ssh into this machine there is a 30-40 second wait until I get the prompt
<storrgie> if i ping the address, its like 30-40ms, so its not high latency
<jmarsden|work> It is doing some sort of lookup that is failing and timing out.  Possibly a DNS lookup of some sort.
<jmarsden|work> What is in /etc/resolv.conf and does whatever is there do the right thing for the hostname of your server?
<jmarsden|work> OK, I would change domain and search to have sane values, perhaps both storrgie.net in your case.
<jmarsden|work> Then I would check that the DNS servers at 192.168.0.1 and 192.168.1.1 are both reachable and can resolve storrgie.net
<storrgie> so like
<storrgie> storrgie.net.invalid
<jmarsden|work> No, just domain storrgie.net   and search storrgie.net
<storrgie> ok, doing a reboot after all the settings
<jmarsden|work> No need.
<jmarsden|work> Reboots are for Windows :)
<storrgie> jmarsden|work: :D i know, its just such old habit
<storrgie> jmarsden|work: ever use webmin?
<jmarsden|work> Yes... amd I now going to another whole set of questions? :)
<kansan> why in the world does: sudo -p 'sudo password: ' cp /tmp/roles.yml /etc/ec2onrails .... via capistrano prompt me for a password when its simply not needed?  /etc/sudoers file:  admin   ALL=(ALL) NOPASSWD: ALL
<storrgie> just one
<jmarsden|work> But webmin on Ubuntu is officially not recommended any more.
<jmarsden|work> OK.
<storrgie> jmarsden|work: would u suggest anything else?
<jmarsden|work> The official Ubuntu equivalent is ebox but I have not used that.  I use webmin/virtualmin on some non-Ubuntu servers.
<storrgie> question: i noticed when i was doing a netstat -tlup that the port my webmin was running on was taking a long time to check. So i went into the webmin interface and told it not to listen to UDB 10000 anymore.... and now as you can guess I have no webmin
<jmarsden|work> Yes, port 10000 is where it runs the admin UI by default.
<storrgie> yeppers, i just didnt want it to be on UDP anymore so i set it to listen on tcp 192.168.0.4
<storrgie> however, that would be the box its running on... so i was wondering if there is a config file some place i can fix
<jmarsden|work> UDP?  It shouldn't be listening on a UDP port, as far as I know...
<storrgie> i could rip it out and try ebox
<jmarsden|work> There is, let me check on a RHEL server I have that runs webmin...
<storrgie> i have ben cat'ing files for about 10 minutes with no luck
<jmarsden|work> Try /etc/webmin/miniserv.conf
<jmarsden|work> First line in mine is port=10000
<storrgie> whats the bind parameter set to?
<storrgie> ok its back up, thanks!
<jmarsden|work> I don't see a bind param, I probably just listen on all interfaces. ... Good!  No problem.
<storrgie> should I try ebox?
<jmarsden|work> Sure, if you are in a position to switch now (when the server is new) is a good time to do so.  You'll find more Ubuntu folks who can help with ebox than with webmin.
<jmarsden|work> Did the ssh delay issue go away too?
<storrgie> yes it did, which is great
<rdw200169> storrgie, if you really want webmin, you can still install it from the sources on their website
<storrgie> i have been using it, i dont mind it.... i just would like to see if ebox is nicer
<rdw200169> storrgie, personally, i dislike ebox, it does too much to the inner workings of a system, but that's just me, i like control ;)
<jmarsden|work> storrgie: OK, well I think we've answered all your questions... I'm going home to eat :)
<storrgie> jmarsden|work: thanks bud, I will start sticking around here and helping people out too
<rdw200169> storrgie, just keep in mind that even if you uninstall it, there's still a little left: it doesn't quite get rid of all the changes it makes, i.e. there's cruft left in the ifup / ifdown scripts (grr...)
<storrgie> rdw200169: talking about ebox?
<rdw200169> yes
<storrgie> rdw200169: i wouldnt mind it really, as long as things work OK
<storrgie> webmin is fine
<storrgie> i really only use webmin for apache stuff anyway
<rdw200169> it is very good at setting up the virtual servers!
<storrgie> rdw200169: should i try it? im kinda scared... haha
<rdw200169> ebox or webmin?
<storrgie> im runnng webmin now
<storrgie> i was talking about trying ebox
<storrgie> im not sure how i installed webmin
<storrgie> it was a month or so ago
<rdw200169> well, it should't cause any major issues
<storrgie> does it do apache well
<rdw200169> but it's been a while since i tried it
<rdw200169> i don'
<rdw200169> 't think so
<rdw200169> my initial impression of it was: "this does everything i want it to do, if i don't want to do anything my way"
<rdw200169> but that's just *my* impression ;)
<storrgie> so maybe stick with webmin
<rdw200169> you can check out ebox-platform.com to learn more about it
<PC_Nerd> Hi,  attempted to use unbootin to create a bootable usb for server 8.04.  but it refuses to run without a CD drive (and pressumably the CD).  the server doesnt have an optical drive.  Ive also tried the "create bootable usb" from teh system adminstration menu on desktop 8.10 (using the 8.04 server iso).   any ideas on installing ubuntu server via usb without an optical drive?
<philsf> I'd like some suggestions on what to use for backing up a live system to a removable  HD
<philsf>  I eliminated rsync because I'd like the backups to be encrypted
<philsf>           (afraid of HD theft). I'm currently using dar manually, and am in the process of making a
<rdw200169> i just didn't care to much for the fact that it uses *so* many services to do it's job...
<philsf>           personalized script for automation of differential encrypted backups with dar, but maybe there are
<philsf>           similar stuff already done out there
<philsf> what are people here using?
<storrgie> philsf: i would like to know too, thats something interesting to do
<rdw200169> philsf, well, you could try something like etckeeper, or a version control system, like bzr, svn, cvs, etc...
<rdw200169> etckeeper is a tool for easily backing up /etc using a version control system, using either mercurial or bzr
 * hads uses rdiff-backup
<rdw200169> b/c you don't need to back up *everything*, just your configurations, and personal directories, like /var/www
<philsf> rdw200169: no, I'm asking for a backup solution of files of a whole system, including user files
<hads> If you want it encrypted, encrypt the disk.
<rdw200169> philsf, again, a comprehensive svn setup, for example, could make that very easy
<rdw200169> philsf, this is what i prefer anyway
<rdw200169> philsf, just have the svn repo (for example) exist on the external source, whatever that may be
<storrgie> rdw200169: question regarding virtual servers... Do i need to create a virtual server for TEST.net and www.TEST.net
<storrgie> if i want them both to resolve to the same place on my machine
<hads> Apache?
<rdw200169> PC_Nerd, did you make sure your BIOS supports booting via USB
<rdw200169> storrgie, well, i'm not *great* with apache, but i use a couple virtual servers, mostly for my 2 domains, randywallace.com and greamin.com which run on the same IP
<storrgie> so if i type in randywallace.com
<storrgie> it will go there
<rdw200169> storrgie, yes
<storrgie> but what if i type www.randywallace.com
<rdw200169> storrgie, of course
<hads> ServerAlias
<rdw200169> storrgie, the same,
<rdw200169> storrgie, i use a ServerAlias like hads suggests
<storrgie> rdw200169: did u have to add a virtual server for both of those names, www.randywallace.com and randywallace.com?
<storrgie> hads: hows that work?
<rdw200169> storrgie, no, just a Server Aliasw
<rdw200169> for example, here's my entry
<PC_Nerd> it supports booting usb, goes through detecting keyboard (all from after booting usb in bios.... running the serve rinstallation)   and the next step after keyboard and language is to detect a CD drive.... from there it wont work because of a lack of optical drive :P
<rdw200169> DocumentRoot /var/www/randywallace.com
<rdw200169> 	ServerName www.randywallace.com
<rdw200169> 	ServerAlias randywallace.com
<rdw200169> PC_Nerd, oh, i see!
<hads> ServerAlias *.example.com
<rdw200169> yeah, that'll do it too, i didn't want to do that, so i can have ldap.example.com for other things, etc... etc...
<rdw200169> storrgie, if you didn't know, you can use zoneedit.com to manage your DNS, it's really powerful and has ALL the DNS related features you want, for free!@
<rdw200169> storrgie, that, and they support 'dynamic dns' for changing the IP address for those out there (like me) that recieve dhcp from their internet provider
<storrgie> i have my domains through register.com
<storrgie> they have great services
<storrgie> what i was wasking about was
<storrgie> at register.com
<PC_Nerd> rdw200169:  so any suggestions on getting around the "required" optical drive?
<rdw200169> just throwing that out there ;) i really like it
<storrgie> i setup A-records to point to my servers IP
<rdw200169> PC_Nerd, Well, you can try skipping that step, by using debconf in expert mode
<storrgie> but my server needs to know what to do with those requests when they come in, thats wuat virtual servers are for right?
<philsf>  I was thinking if I encrypted through gpg, I could automate the backup without
<rdw200169> PC_Nerd, well, the debian-installer
<philsf> entering a password into config files, comments?
<hads> Encrypt the disk
<rdw200169> PC_Nerd, that, and i don't know if you're aware of this, it's pretty obscure, but when that step presents it self, you can actually switch TTY's to see the actual console output from the installation
<rdw200169> PC_Nerd, i think it's tty4 so Ctrl+alt+f4
<PC_Nerd> tty's ?
<philsf> hads: do you have any personal recommendation on wether to use ecrypt, or encfs (or something else)?
<rdw200169> PC_Nerd, the debian installer actually uses several tty's during the installation
<philsf> *ecryptfs
<rdw200169> PC_Nerd, you can get a console from a couple of them i believe while it's installing.
<PC_Nerd> tty's?  Im aware they exist in /dev but I havent a clue on what they do.
<storrgie> rdw200169: are you running 5 nics in your server? hahaha awesome
<rdw200169> PC_Nerd, i generally switch tty's during the package update to make sure there aren't any timeouts (i've had some very bad internet over the years)
<rdw200169> storrgie, actually, 6
<storrgie> rdw200169: why so many?
<rdw200169> storrgie, they were cheap, 15$ per gig-ethernet card
<rdw200169> storrgie, and the application required 4 internet connections
<hads> philsf: I've used dm-crypt
<storrgie> rdw200169: what is it used for?
<rdw200169> storrgie, instead of using a switch, and dealing with that routing problem, i built the server w/several nics so routing would be easy and reliable
<rdw200169> storrgie, the situation was: i deployed to iraq about a 2 years ago, and we planned on setting up a ISP using satellite connections
<storrgie> oh really
<storrgie> wait, your own ISP? through sat cons?
<rdw200169> storrgie, we needed to figure out how to provide internet to ONE network using several internet connections
<rdw200169> storrgie, yes, HughesNet, it was hell ;)
<storrgie> so load balance between several
<storrgie> that box sat there and mitigated multiple satelite connections?
<rdw200169> storrgie, we decided against that because of the https problem
<PC_Nerd> ok.... ive "skipped" the cd part to  "Load debconf preconfiguration file"     "The file needed for preconfiguration could not be retreived from file:///cdrom/pressed/ubuntu-server.seed The installation will procceed in non-automated mode. "  how can i make that select it from the usb drive?
<rdw200169> that file doesn't do anything except install the package linux-server, the kernel for the server
<storrgie> rdw200169: well i bookmaked your notes, ill check this out... its pretty awesome
<rdw200169> so, you may want to just install that post-installation
<rdw200169> storrgie, from greamin.com/server, you may want to check the file for the UbuntuGateway project
<rdw200169> storrgie, that's where all the routing, firewalling, and traffic shaping took place
<storrgie> awesome
<cjwatson> PC_Nerd: you could try putting the netboot installer image on a USB stick and booting it
<rdw200169> the logfile is most useful, for understanding how i did it
<storrgie> rdw200169: what do you use to draw your topology diagrams?
<rdw200169> from RichNet?
<cjwatson> PC_Nerd: 8.04 didn't have the necessary bits to support the stuff you're trying to do properly, I'm afraid
<PC_Nerd> netboot?  is that to boot over a network?
<rdw200169> i used inkscape, and i've also used OmniGraffle
<rdw200169> i love OmniGraffle, it's the best outliner, but it requires me to use MacOS, which I *rarely* do
<storrgie> inkscape for linux?
<PC_Nerd> the server bios ( i think its the bios?) has a boot PXE option... and I know the network settings like the back of my hand.... so can I "boot" the server from a live CD or live USB on a laptop on the network? (basic 3 computer network) ?
<cjwatson> PC_Nerd: normally, but you can boot the same images by any method you like - the key is that they'll fetch all their bits over the network later rather than relying on local storage like CD or USB
<rdw200169> storrgie, yup, it's there
<cjwatson> PC_Nerd: you don't need to pxeboot in order to use the netboot images; you just need to be able to tell a bootloader to boot them
<rdw200169> PC_Nerd, seriously, there's not a problem skipping the ubuntu.seed file
<PC_Nerd> ok.... ill skipp it.
<storrgie> was this:http://greamin.com/server/_images/RichNet6.png done in inkscape?
<cjwatson> rdw200169: sure, but it isn't going to get much further if it doesn't have /cdrom
<PC_Nerd> hang on ill continue on.
<rdw200169> storrgie, yes
<cjwatson> it'll just fail again
<storrgie> rdw200169: awsome,
<rdw200169> cjwatson, i don't know, i've never tried...
<cjwatson> rdw200169: I know
<rdw200169> cjwatson, seems like that's a major problem with the installer!
<cjwatson> what, that the CD installer needs a CD?
<cjwatson> hardly.
<rdw200169> cjwatson, if only they would enable serial access *by default*
<rdw200169> cjwatson, i find it *so* irritating having to rebuild the CD just for Serial Access
<rdw200169> cjwatson, for headless setups
<rdw200169> cjwatson, that, or build and ISO for usb
<rdw200169> cjwatson, *an
<cjwatson> err, surely you just need to pass the right console= for serial access?
<storrgie> rdw200169: quick question, how do u draw out the switches hubs etc... did u have to go get those images or are they in the software?
<cjwatson> rdw200169: yes, that's improved in 8.10, but in the meantime he can use the netboot images
<PC_Nerd> ok.... so i need to look up a netboot tutorial then... ok
<rdw200169> cjwatson, yes, change the special line in the grub file to add serial access, then there's the
<rdw200169> cjwatson, upstart file that also needs to start the serial tty
<cjwatson> the installer ought to do that already
<rdw200169> cjwatson, nope
<cjwatson> I definitely remember writing a deal of code for that
<rdw200169> cjwatson, in 8.10, which i've recently rebuilt, does not do serial, at all, post installation
<cjwatson> my changelog says April 2007
<PC_Nerd> urgh :P why does it have to be so complicated. lol    ill look up a tutorial/discussion online.  bbs
<cjwatson> rdw200169: I would like you to file a bug report about that with full details and logs. It's meant to work.
<rdw200169> cjwatson, i also have had to change the bootloader for the cd to allow serial access
<cjwatson> That would be a lot more helpful than quietly rebuilding the CD for yourself!
<rdw200169> cjwatson, here, i've got what i did here: http://greamin.com/server/server_guide.html
<cjwatson> also, the CD bootloader is supposed to fall back to something serial-friendly on serial console. If that isn't working, I need a bug report.
<cjwatson> bug report, please
<cjwatson> it's 3:20am here, I'm not going to remember something you tell me on IRC
<rdw200169> cjwatson, i posted a bug report on upstart not having a serial access, but i don't think anything has come about from it
<storrgie> rdw200169: where did u get the images for these diagrams?
<cjwatson> finish-install has had code to deal with upstart's event files for nearly two years
<rdw200169> cjwatson, it's not that big of a deal for me, i do a lot of other stuff from rebuilding too, like installing a bunch of packages post-install
<cjwatson> rdw200169: please. file a bug. I need to know.;
<cjwatson> don't just quietly sit and suffer (even if it isn't that big a deal)
<rdw200169> cjwatson, for what? upstart?
<cjwatson> debian-installer
<cjwatson> launchpad.net/ubuntu/+source/debian-installer, that is
<rdw200169> cjwatson, ah, but the problem is 4-fold
<cjwatson> then file four bugs
<rdw200169> cjwatson, well, 1/4 !
<cjwatson> I'll send them off to the right places as appropriate
<cjwatson> the only bug I can find about serial console handling not working right now is ia64-specific
<rdw200169> cjwatson, i'm talking about adding it to isolinux.txt, so it will boot headless
<rdw200169> cjwatson, debian-installer never had a problem running serial, it's getting isolinux to do it from the start
<cjwatson> you made comments above about e.g. grub/upstart configuration that are supposed to be handled by debian-installer. If those aren't working out of the box then they're d-i bugs.
<cjwatson> isolinux configuration is obviously trickier since it needs to work headful as well
<rdw200169> cjwatson, exactly
<rdw200169> the debian-installer things can be fixed post-installation, but isolinux, obviously, cannot
<cjwatson> I'm not so worried about that (there's always the netboot option), but I *do* need and want to know about the d-i bugs. I maintain d-i in Ubuntu.
<rdw200169> cjwatson, OH!
<cjwatson> why did you think I was repeatedly asking for bug reports? :-)
<rdw200169> cjwatson, is there any way you can also add an option for SSH post boot?, i.e. after a timeout?
<cjwatson> ok, so not attempting to think about feature requests at 3:25am ;-)
<rdw200169> i'm just curious... would that be a launchpad blueprint?
<cjwatson> wishlist bug
<rdw200169> cjwatson, ah, ok, i will do these things you suggest
<cjwatson> blueprints are heavyweight things and are design documents to be created by developers only
<rdw200169> i can't write one?
<cjwatson> you generally shouldn't
<rdw200169> hence, the 'wishlist but'
<cjwatson> you *can* - but it is unlikely to be more helpful than filing a wishlist bug
<rdw200169> right.
<cjwatson> the point of blueprints is to be software design documents, and those need to be written by software designers
<rdw200169> sounds good, thank you for the help!
<cjwatson> no problem, it'll be worth it to get it working better out of the box
<cjwatson> even though it's thoroughly weird that it doesn't already
<cjwatson> ('apt-get source finish-install' and poke around there and you'll see the code)
<cjwatson> I'm not sure what an option for SSH post-boot would be. Surely that's just installing the openssh-server package, having configured a user?
<rdw200169> cjwatson, it's an obscure debian-installer feature i found from some obscure place in the debian dungeon
<cjwatson> I know what you're talking about before the first reboot (network-console)
<storrgie> rdw200169: hey, where did u get those images for your diagrams?
<cjwatson> but I interpreted "post boot" to mean "after the first reboot, once the installer is done"
<rdw200169> cjwatson, it was really difficult to get right, but i was pretty proud when i did
<cjwatson> you know it's documented in the Ubuntu installation guide?
<rdw200169> cjwatson, what it does, is start a ssh server really early in the debian-installer, so you can continue installation over ssh
<rdw200169> cjwatson, this works really well for headless setup
<cjwatson> yes, I know about it and have contributed to it
<rdw200169> ppend file=/cdrom/preseed/ssh.seed initrd=/install/initrd.gz
<rdw200169>     console=tty0 console=ttyS0,38400n1 priority=critical quiet -- console-setup/ask-detect=false console-setup/layoutcode=en_US.UTF-8 auto-install/enable=true
<cjwatson> auto-install is not supported on Ubuntu
<cjwatson> by that I mean the auto-install/enable bit, not automatic installation in general
<rdw200169> but it requires something like this, in isolinux.txt
<rdw200169> then the seed file sets up some really basic things, including netcfg, then anna sets up network-console
<rdw200169> and gives it a password,
<rdw200169> cjwatson, well, it's always worked for me, incl. 8.10
<cjwatson> you just aren't in fact using auto-install :-P
<rdw200169> yes, i am!
<cjwatson> it's in universe, it can't possibly be used by the installer
<cjwatson> I don't believe you, unless you're rebuilding the installer initrd
<rdw200169> nope, it works
<cjwatson> auto-install is not even in our installer initrds
<rdw200169> i've tested it about 1000 times in virtual box
<rdw200169> i stopped unpacking init.rd when i figured out how to do preseed/late_command for all the other crazy stuff, like adding ttyS0 to upstart
<cjwatson> auto-install/enable does have some effect on localechooser and possibly other components, but the guts of it are not present and I will not deal with bug reports from people attempting to use the half-broken bits that exist
<cjwatson> I tried to make sure to rip out all the documentation of it from the Ubuntu installation guide until such time as we support it properly
<rdw200169> cjwatson, that's understandable
<cjwatson> (which involves figuring out how to make it work properly with console-setup and the like - I'm not just being capricious here)
<rdw200169> oh no, i understand completely
<rdw200169> *for me* it works, i use all the defaults for console-setup, so i never run into issues
<cjwatson> therefore, I recommend *removing* auto-install/enable=true and finding out whether your problems with serial console access are still reproducible without it
<cjwatson> because other people have told me that that stuff works
<cjwatson> (I don't own the relevant hardware myself)
<rdw200169> auto-install is only for SSH installation
<cjwatson> false
<cjwatson> anna/choose_modules=network-console is the key thing to enable SSH installation
<rdw200169> it get's past all the locale stuff, so it will run the ssh server for debian-installer *without user intervention over serial*
<cjwatson> yes, I am aware of that, but that doesn't make it only for SSH installation
<rdw200169> that option, still necessary, does not get you past the locale stuff
<cjwatson> you could just preseed the locale stuff
<cjwatson> you don't need auto-install to do that
<rdw200169> i tried that desperately, but i could never get it right
<cjwatson> I am happy to help with that, as it is not hard
<rdw200169> the installer was stubborn about asking those questions no matter what
<cjwatson> your console-setup/layoutcode is wrong above, to start with
<rdw200169> and documentation on writing preseed files is...
<cjwatson> in the Ubuntu installation guide
<rdw200169> when i started all this, it was with 7.10
<cjwatson> you probably just need 'locale=en_US console-setup/layoutcode=us' on the kernel command line
<cjwatson> the 7.10 installation guide documented preseeding too
<rdw200169> i've tried that, and it still insisted on asking those question
<cjwatson> perhaps you would be better off starting from what the d-i maintainer in Ubuntu tells you is right and debugging from there, rather than starting from somewhere else, though? ;-)
<rdw200169> it was *very* frustrating
<rdw200169> well, i'll try it again
<cjwatson> note that you MUST put this on the kernel command line
<cjwatson> in your web page, you recommend putting locale/keyboard configuration in a preseed file on the CD, which is totally useless
<rdw200169> that may have been where i failed ;)
<cjwatson> the preseed file is read from the CD well after locale/keyboard configuration takes place in the installer
<rdw200169> yeah...
<cjwatson> the installation guide documents this problem
<rdw200169> hey, it works, right? (yes! amazing!)
<rdw200169> i'm still very proud that I even got it to work!
<cjwatson> you've managed to make a number of mistakes cancel each other out somewhat ;-)
<cjwatson> however, it's still better to do it properly
<rdw200169> of couse
<rdw200169> *course
<cjwatson> documentation of preseed ordering> https://help.ubuntu.com/8.04/installation-guide/i386/preseed-contents.html
<cjwatson> (to be read in context of the rest of that chapter)
<storrgie> later guys, thanks for the help tonight
<cjwatson> given proper preseeding, auto-install isn't necessary; the thing that auto-install is good for is deferring questions until after ssh is up, but if you didn't want the questions asked in the first place then that's kind of the long way round
<cjwatson> well, one thing that auto-install is good for, anyway
<cjwatson> it's actually a much more complex autoinstallation system
<cjwatson> and its behaviour with respect to ssh is really just a side-effect of the way it handles configuration in general
<rdw200169> cjwatson, yes, i much preferred having the questions asked later!
<cjwatson> noted, but there is a good reason those come first
<cjwatson> we ask for locale first so that we can display questions the user will understand; we ask for keyboard after that so that the user can type responses that the installer will understand
<rdw200169> cjwatson, yes, for international setup, i wonder how you could do that with SSH...
<rdw200169> cjwatson, personally, i find this to an incredibly useful feature, considering the applications of a server in a headless environment; for me, the people i help run linux server(s) don't have monitors (they're deployed overseas)
<cjwatson> network-console should pick up the locale from previous configuration, although of course keyboard interpretation is handled at the far end
<cjwatson> oh, certainly, it's great. but it really isn't that hard to set up with the default images :)
<cjwatson> locale=en_US console-setup/layoutcode=us anna/choose_modules=network-console and you should be set, possibly with a bit of network preseeding thrown in there
<cjwatson> anyway, well past bedtime
<rdw200169> alright, goodnight my friend, and thank you for the help!
<cjwatson> thanks in advance for the bug reports :)
<rdw200169> you have NO IDEA how much I've wanted to actually communicate with someone who knows *something* about debian-installer!
<cjwatson> #ubuntu-installer is happy to take queries
<PC_Nerd> im trying to install the server edition via netboot....  I get to custom DHCP details, and it says "bad archive mirror".  im running apache2 from my computer, can access it via the same details.  the iso was unzipped to that directory.   any suggestions on getting netboot working?
<kansan> how do i run mkfs.xfs on ubuntu hardy server?
<sommer> kansan: do you have the xfsprogs package installed?  it should be part of that package
<scunizi> I just loaded 8.10 server into a vm in vbox.. on boot it says that the kernel is wrong and needs pae.. or something like that.. It won't boot into recovery mode either.. Any suggested solutions?
<rdw200169> scunizi, well, virtualbox won't boot the server build of the kernel, i.e. linux-server
<rdw200169> scunizi, reluctantly, it requires a really pain-in-the-butt method of post-install linux-generic
<rdw200169> scunizi, *before* restart
<rdw200169> scunizi, so, post install, before restart, go to the option to open a shell in the debian-installer menu; then, in the shell, chroot to the /target directory
<rdw200169> scunizi, then, you have to *readd* the ubuntu-server cd, i.e. apt-cdrom add
<rdw200169> scunizi, then, if there isn't internet access, you have to comment the internet related lines in /etc/apt/sources.list so you can perform *another* apt-get update
<rdw200169> scunizi, then, you can apt-get install linux-generic
<rdw200169> scunizi, that, or you can just mount the cd, copy the .deb from the cd to the /target directory somewhere, then dpkg -i after you chroot
<scunizi> rdw200169, wow.. first thing.. how do I get to the option to open a shell in the debian installer menu?  and by chroot you mean to change directories to /target which would be ??
<rdw200169> scunizi, well, in the installer, you have the main menu, right, for example, the options are 'Partition disks' etc...
<rdw200169> scunizi, there's an option on the very bottom, related to openning a shell
<rdw200169> scunizi, really close to the bottom anyway, *after* Finish the installation
<scunizi> ah.. in the actual installer.. I had missed tha.
<scunizi> *that
<scunizi> so.. can I get there without reinstalling?
<scunizi> rdw200169, perhaps via "Rescue a broken system?"
<rdw200169> try it
<rdw200169> scunizi, if i remember correctly, that gives the option to open a shell
<scunizi> rdw200169, haven't seen it yet but I'll go through the options and look.. thanks for the tips..
<rdw200169> scunizi, you may have to change the debconf priority to a higher level, i can't remember
<scunizi> rdw200169, that's beyond my level of expertise.. not sure what a debconf priority level is..
<rdw200169> scunizi, there's an option to change it in the menu
<scunizi> rdw200169, I'm at a place to choose "Execute a shell in /dev/sda1" (my choice for root) or "Execute a shell in the installer environment".. shall I throw a dart or pick #1
<rdw200169> yes! the first one
<scunizi> rdw200169, should I be able to initiate apt from here?  it's giving me root access
<rdw200169> yes, after a 'chroot /target'
<scunizi> rdw200169, so I want linux-generic?
<rdw200169> yes, do you have internet access already?
<scunizi> yes
<scunizi> used apt-cache search kernel
<rdw200169> scunizi, yes, then apt-get install linux-generic
<scunizi> cool.
<scunizi> should the other kernel be uninstalled?
<rdw200169> scunizi, it already is
<scunizi> ah
<rdw200169> scunizi, linux-server is the default, and it's the one that causes the problems
<scunizi> rdw200169, you'd think that there would be an option on install to let the installer know that it's going into a vm.. :/
<rdw200169> scunizi, it's more of a virtualbox problem than a linux problem
<scunizi> rdw200169, I wonder if they are only peripherally aware of it..
<rdw200169> scunizi, i don't know
<dieselz> hello all - I am trying to figure out why i am getting loads of iptables tracking: any idea of what a call from sport=51879 to dport=22 from my computer to my server is?
<dieselz> i've done a search on google, cant find much of anything
<dieselz> i have an ssh connection up if that helps
<ScottK> Is if from your IP address?
<dieselz> yes
<ScottK> That's your ssh connection.
<ScottK> If it's a modern kernel it uses source port randomization.  That's what sport is.
<dieselz> if i have a log entry as the first entry in iptables' INPUT, will that log everything, whether its blocked or not?
<ScottK> It's way too late at night here for me to be thinking about iptables rules.
<dieselz> haha sorry
<dieselz> i think i'm just an idiot and I am logging everything instead of just dropped packets
<dieselz> N00bling things
<rdw200169>                                                                                                                                                                                                                                                                                                                                                                                                                                                  
<rdw200169>                                                                                                                                                                                                                                                                                                                                                                                                                                                  
<rdw200169>                                                                                                                                                                                                                                                                                                                                                                                                                                                  
<ScottK> No problem.
<rdw200169>                                                                                                                                                                                                                                                                                                                                                                                                                                                  
<rdw200169>                                                                                                                                                                                                                                                                                                                             
<rdw200169> whoops, dieselz i can help
<dieselz> bueno
<scunizi> rdw200169, worked like a champ .. thanks for the advice.. :)
<dieselz> got this: LOG        all  --  anywhere             anywhere            limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '
<rdw200169> scunizi, hey, no problem
<dieselz> i feel like i shouldn't
<dieselz> i want to only track dropped packets
<rdw200169> dieselz, then, right before your DROP target, put the LOG target
<rdw200169> dieselz, that's the way most firewalls do it, namely firestarter
<dieselz> what about -j LOGDROP ?
<rdw200169> dieselz, yeah, you can do that too i suppose, i prefer the basic targets to prevent me any crazy iptables problems, i used to run into a lot of them when i would add features not in the ubuntu version ;)
<dieselz> hmm, so if i just move that line down to before my DROP line, that'll have the same effect?
<dieselz> (sorry)
<rdw200169> dieselz, yes, if the packet is routed to another chain before the LOG target, it won't get logged
<rdw200169> dieselz, iptables runs step by step, and leaves any particular chain once the packet is matched
<rdw200169> dieselz, if its matched before reaching the LOG target, it won't get logged
<dieselz> ah, great explanation - thanks.
<rdw200169> dieselz, there's a great chart out there of how iptables works, i've got a copy here:
<rdw200169> ftp://greamin.com/Documents/Linux%20Networking/Firewalling/ipTables%20and%20EbTables%20Packet%20Flow%20in%20Linux.png
<rdw200169> dieselz, this helps make the 'packet flow' make a *LOT* more sense, you kinda have to stare at it for a while, but if you really think about it, it makes brilliant sense
<rdw200169> dieselz, and clears up a lot of confusion about the tables and chains
<dieselz> great - its taking a bit to download, but ill look it over
<dieselz> another question (i'm just getting into server security btw) =>
<rdw200169> shot
<dieselz> i have iptables dropping all except what i need, i have chkrootkit running once daily
<dieselz> and i am trying to setup AIDE
<dieselz> anything im missing without going nuts on security?
<rdw200169> AIDE?
<dieselz> Advanced Intrusion Detection Environment
<rdw200169> ah, yes, i was gonna suggest snort
<dieselz> its not an NSA server, but I do collect Credit Cards, so I don't wanna be an easy target
<rdw200169> i see, its good that you're being careful then!
<dieselz> snort as a replacement to AIDE/chkrootkit? or in addition?
<rdw200169> it's another IDS
<dieselz> okay, i see it is also rule based
<rdw200169> snort.org
<rdw200169> ah, you also found it ;)
<dieselz> reading now, looks like i have some hw to do
<rdw200169> i assume, then, that you're also using https with a real certificate, etc...
<dieselz> btw, check it out: mtooter.com
<rdw200169> how are you managing account information, for your credit card people?
<dieselz> i dont store it at all, it goes through paypal
<rdw200169> oh, nevermind then!
<rdw200169> then, you're not storing credit information at all?
<dieselz> right, just going right through
<dieselz> but if someone were to gain access to my php script, then they could send the data
<dieselz> my server sees the CC info, my hard drive does not
<rdw200169> but isn't paypal a full https redirection?
<dieselz> not paypal pro
<dieselz> https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Marketing/general/PaymentSolutions-outside
<rdw200169> you've baffled me then, you just said you only use paypal!
<rdw200169> oh, i see
<dieselz> paypal processes the CCs, but i take the information on my website
<rdw200169> i didn't know that
<dieselz> yea, its a nice, clean way to do it
<dieselz> more risky, but much more professional
<rdw200169> so, you're storing this information for your clients?
<dieselz> no, i dont store anything =>
<dieselz> user inputs CC info => server send CURL request to Paypal server => paypal server responds YAY or NAY => server shows user success or error message
<rdw200169> well, i suggest that the best way to protect yourself, is by making sure there's not a ssh server (or telnet for that matter) to the outside world
<rdw200169> https only would be the best
<rdw200169> then, make absolute sure that your Apache configuration is rock-solid
<dieselz> i agree, but i need to access my server through ssh
<dieselz> know of any resources on hardening apache?
<rdw200169> dieselz, alright, then make sure there's no root accounts
<rdw200169> dieselz, and that your password is HUGE
<hads> Nothing wrong with having ssh access open
<rdw200169> hads, there is if the password is weak ;)
<rdw200169> hads, on a root account...
<hads> So, don't enable root and have a decent password.
<rdw200169> yes
<rdw200169> which is what i just said ;)
<hads> That's just standard practice.
<rdw200169> thanks for telling me i'm not blowing smoke out my hindquarter ;)
<rdw200169> dieselz, most of that information requires buying a book, for the best explanations, regardless, i did find this: http://xianshield.org/guides/apache2.0guide.html
<rdw200169> dieselz, as far as i know, apache2 is pretty touch on ubuntu already, but you may want to read the section from that link on the configuration
<dieselz> hmmm... looks like it comes down to disabled all unused mods
<rdw200169> that's a good idea
<dieselz> should be fun
<rdw200169> dieselz, there's also some new security features, like selinux
<rdw200169> dieselz, http://www.google.com/url?sa=t&source=web&ct=res&cd=1&url=https%3A%2F%2Fwiki.ubuntu.com%2FSELinux&ei=k1V5SdDsKIH8tgerr_SgDg&usg=AFQjCNEcCgFO0Qa8x5_35mMmLWhRrTae3w&sig2=q53vj7VOgySrljwYGxwUsA
<rdw200169> dieselz, whoops
<rdw200169> dieselz, https://wiki.ubuntu.com/SELinux
<dieselz> reading the NSA page.... very interesting
<dieselz> i wonder if obama's blackberry will have that on it
<dieselz> im willing to go far, but im stickin with ubuntu for now
<rdw200169> dieselz, i think 8.10 has it
<rdw200169> dieselz, i can't remember
<rdw200169> dieselz, there's also PolicyKit
<dieselz> gee
<dieselz> z
<dieselz> lots of stuff to checkout
<rdw200169> dieselz, but i think that requires a GUI
<dieselz> good stuff
<rdw200169> dieselz, regardless, a strong firewall with https/ssh will rectify most of your fears ;)
<dieselz> yea, im not too worried, i just want to learn slowly so that I really understand whats going on as opposed to just through a mote around my back door with my front door unlocked
<rdw200169> dieselz, from there, it's all apache2 vulnerabilities
<dieselz> is lighttpd more secure?
<p_quarles> no, it is not
<p_quarles> and the idea that software X is innately more secure than software Y is an attitude that creates security risks; avoid it
<dieselz> windows vs linux?
<dieselz> :)
<dieselz> okay - well im off, thats for the help all
<p_quarles> lulz
<PC_Nerd> for some reason after I added an iptables restore script to /etc/network/if-pre-up.d/ I can no longer get a DHCP IP address from my router.....  etho0 (correct) 255.255.255.255 (the subnet should be 255.255.255.0) port 67 (thats correct isnt it)
<PC_Nerd> any ideas on how to get it working again?
<PC_Nerd> nothing?
<jmarsden> PC_Nerd: Check /var/log/messages to see what the iptables stuff is blocking that is relevant, and adjust your iptables ruleset accordingly?
<kraut> moin
<dnperfors> kraut: moin
<kraut> aloha dnperfors
<dnperfors> You are from a german speaking country?
<PC_Nerd> any ideas?
<slestak> hey guys, I have a 8.04.1 server install that I am trying to setup for our web developers.  initially i had apache2 + mod-jk + tomcat5.5 installed (all from repos) and it was 80% functional for them
<slestak> to try to get back to basics, i was asked to remove apache and mod-jk and just serve up jsp with tomcat (using the internal coyote server)
<slestak> that has been done, used aptitude to purge apache and tomcat5.5.  reinstalled tomcat5.5, started service, but I cannot see anything listening on 8180 with netstat
<slestak> ps shows tomcat running
<spiekey> hey zul :) you there?
<Koon> slestak: anything in the logs ? I think it might log to syslog
<slestak> nothing in /var/log/tomcat5.5, let me sheck syslog
<spiekey> zul: i have some non-trivial question related to xen :)
<ScottK> Now you've made him hide.
<zul> spiekey: yep im here
<slestak> Koon: interesting, just service stop and startup messages as I restarted tomcat, but do see sth interesting in netstat now, lemm pastebin it
<slestak> Koon: check out http://pastebin.com/m42d39a50
<slestak> Koon: the ports 8009 and 8180  are listening to what looks liek "null" addresses
<Koon> slestak: those are ipv6 localhost addresses
<Koon> slestak: did you try accessing it using a browser ?
<slestak> duh, i see the tcp6 now
<slestak> yes, and I get a 404 trying to get to context /manager
<slestak> nothing is logged when I try to go to /manager
<Koon> sounds better :)
<spiekey> zul: i am trying to build xen frm source with the 2.6.27-xen.hg image: http://pastebin.com/d4378b3cb
<spiekey> any idea why it fails?
<Koon> slestak: anything in syslog now ?
<spiekey> line 98 seems to be intresting :)
<slestak> Koon: just tomcat startup messages from 10 minutes ago.  nothing new on the failed access
<zul> spiekey: no idea
<Koon> and nothing in /var/log/tomcat5.5 ?
<spiekey>  i wonder why i get: select-linux-arch: x86, since i have 64Bit
<slestak> Koon: same thing in syslog is repeated in catalina-01-23*
<slestak> maybe change the logging level to highher than INFO
<slestak> checked firewall, its not blocking ports, the machine is inside our lan
<Koon> slestak: (stupid question) is the manager webapp installed ?
<Koon> (you need to install tomcat5.5-admin separately)
<slestak> i will double and triple check
<slestak> yeah, http://pastebin.com/d5f38d23c
<slestak> i will reinstall -admin
<Koon> or maybe...
<slestak> after reinstall -admin, still no listener on 8180 for tcpv4
 * Koon fires up a hardy VM to check something
<slestak> i setup the tomcat users so someone has the manager role
<Koon> slestak: what JVM are you using ?
<slestak> sun jdk 1.6.0_07
<slestak> i had all of this almost working with apache2 mod-jk, all of it
<slestak> thee devs just couldnt get their webapp to run,
<slestak> javac -version finds the jdk
<slestak> let me check /etc/defaults
<Koon> I'm installing in parallel
<slestak> i have JAVA_HOME=/usr/lib/jvm/java-6-sun-1.6.0.07
<Koon> what URL are you trying to access exactly ? /manager ?
<slestak> yes, fqdn:8180/manager
<slestak> i do not have X on this machine, so I have been accessing it from my desktop
<Koon> just a sec
<slestak> i did not uninstall-reinstall libtomcat5.5-java,
<slestak> that package is still from the original attempt
<slestak> i also have tomcat5.5-webapps installed just to get the hello world stuff
<Koon> you might need to call a slightly different url, sth like /manager/html, I'm installing to tell you exactly what
<slestak> good point
<slestak> looking at ps, I see the /usr/bin/jsvc processes are being run as root.  that is surprising
<Koon> slestak: try http://fqdn:8180/manager/html
<Koon> there is also http://fqdn:8180/admin/ but it seems to suck
<slestak> ok, i see the manager page, whew
<Koon> slestak: tomcat support improved in intrepid, with support for tomcat6
<slestak> i dont understand why netstat -an doesnt show a listener on 8180
<Koon> it does. you get a ipv6 *:8180 there afaict
<slestak> the ipv6 handles ipv4 as well?
<slestak> i am still ramping up ipv6 facts
<Koon> yes, look at the :::22 line, it's the same for ssh
<slestak> ok, last question, promise :)
<slestak> tomcat5.5 webapps is installed, but they are not listed in teh Applications
<Koon> in the manager ? you don't have a "examples" or something ?
<slestak> nope, I have three webapps for our product, admin and manager
<slestak> i am going to look for where they are installed and just deploy that context by directory url
<Koon> might need reinstallation to deploy the contexts, yes
<Koon> sleepingyoyo: good luck ;)
<Koon> slestak, even
<slestak> reinstall of the webapps?
<slestak> i have already done that more than once
<Koon> then no ;)
<Koon> got to go, sorry
<slestak> tyvm for your help
<Koon> np
<Hellsheep> Hello, i have been trying to set up my Ubuntu server, i have installed everything fine, during the install i pulled the network cable as it kept on hanging on Configuring APT, once i did that, it didn't set up DHCP obviously. Now when i am running ubuntu server, it cannot connect to the net, when i run sudo lshw -C Network it shows: *-Network DISABLED
<Hellsheep> How do i configure my network to connect to the internet now?
<Hellsheep> Or more correctly, how do i configure Ubuntu to connect to my network?
<soren> the configuration file is /etc/network/interfaces
<soren> It's documented in the interfaces(5) man page.
<Hellsheep> Thank you, i found it in: http://tinyurl.com/65jzxw
<Hellsheep> It seems all i need to add is this: auto eth0
<Hellsheep> iface eth0 inet dhcp
<soren> If you want dhcp on eth0, then yes.
<Davedan> can anyone recommend a VPS hosting for ubuntu?
<Hellsheep> soren, how do i open the file?
<soren> Hellsheep: With your favourite editor?
<Hellsheep> I am not familiar how to open files using Ubuntu server
<Hellsheep> First time setting up a server
<Hellsheep> Especially a Linux one
<henkjan> Davedan: slicehost.com, ghandi.net. xlshosting.nl
<Davedan> henkjan: thanks, I'll have a look at thouse
<soren> Heh... I don't know what the suggested editor for beginners is.
<cjwatson> just say 'editor' and it'll use the default
<soren> Good point.
<soren> Hellsheep: sudo editor /etc/network/interfaces
<erichammond> Davedan: Amazon EC2 :)
<Hellsheep> i just used pico /etc/network/interfaces
<cjwatson> nano replaces pico and is (a) free (b) better
<Hellsheep> ah kk
<cjwatson> (free as in free software; pico wasn't quite for various reasons)
<cjwatson> actually, when you run pico on Ubuntu you get nano. But still.
<Hellsheep> I used nano instead
<DogWater> when you use debmirror to create a mirror do you have to use archive.ubuntu ? it seems really slow
<Hellsheep> How do i save the file?
<soren> DogWater: You can use any mirror.
<soren> DogWater: archive.ubuntu.com should be quite fast this time of year, though.
<Hellsheep> cjwatson, how do i save a file in nano?
<Davedan> erichammond: I'm using EC2 for customers but need a small one for demo. 74$ is too much
<soren> Hellsheep: There's some help at the bottom of the screen.
<soren> ^ means CTRL.
<uvirtbot`> soren: Error: "means" is not a valid command.
<soren> uvirtbot`: nick uvirtbot
<Hellsheep> I figured it out.
<Hellsheep> Although i still have a problem
<Hellsheep> When i do sudo lshw -C Network
<Hellsheep> It still says *-Network DISABLED
<Hellsheep> How do i fix that?
<soren> Not sure what that means. Maybe you just need to set up the interface? "sudo ifup eth0"
<orudie> instead of using chown , can i use a command to add another owner instead of changing it ?
<Hellsheep> soren, that fixed it. Thank you.
<uvirtbot> New bug: #320145 in samba4 (universe) "Please sync samba4 4.0.0~alpha6-1 (universe) from Debian experimental (main)." [Wishlist,Fix released] https://launchpad.net/bugs/320145
<dnperfors> orudie: no, unless you add the new owner to the same group
<cjwatson> orudie: it is actually possible to have multiple owner-like rights, but it gets complicated; you can use setfacl to do it
<cjwatson> orudie: you're better off using groups if you can, since they're simpler; however they may be fiddly if you have lots of special cases
<dnperfors> hmm, didn't know that :P
<orudie> thanx
<fauxhawk> [C
<heath|work> how do I view user info like current home dir
<cjwatson> heath|work: 'getent passwd USERNAME'
<heath|work> cjwatson, thanks
<Max007> Hi
<Max007> Can someone help me with resizing a software raid partition ?
<jmedina> Max007: what is the problem?
<jmedina> Max007: what kind of raid?
<uvirtbot> New bug: #320509 in samba (main) "winbind crash winbindd_async_request" [Undecided,New] https://launchpad.net/bugs/320509
<MadChopr> i have 4 320GB SATA drives configured with the intel raid bios as one raid0+1 partition that's around 570GB; i think dmraid sees it as two seperate partitions that are 640GB each, can someone help me to get the dmraid to see what the BIOS software raid is trying to do?  i'm on ubuntu 8.10
<MadChopr> my boot drive is an 80gb drive that has nothing tod o with the raid arraym, but it's on the same sata contrller
<jmedina> MadChopr: and why are you using dmraid, when raid is already done?
<MadChopr> jmedina: yea, it's very confusing to me
<MadChopr> jmedina: i was reading that i have fakeraid or software raid... even though it's through the BIOS
<jmedina> MadChopr: you did the raid in the bios, right? then you dont need to use dmraid
<jmedina> just format the device
<MadChopr> well, i've read differently on several places... one was even in the ubuntu wiki
<jmedina> well, probably, there are some fakeraid chipsets
<MadChopr> https://help.ubuntu.com/community/FakeRaidHowto
<jmedina> its been years since I had those problems
<jmedina> but you need to verify you have one o thoses chipsets
<MadChopr> i have ICH7 this FAQ says it's software raid --> http://linux-ata.org/faq-sata-raid.html
<Max007> how can i choose apt mirror from the console ?
<maxb> Max007: Besides "vim /etc/apt/sources.list" ?
<andol> Max007: It will work even better if you use Emacs :-)
<Max007> maxb: yeah I know that but I don't know all mirrors
<maxb> https://launchpad.net/ubuntu/+archivemirrors
<crackintosh> Hello, A web application hosted on my ubuntu machine requires me to run a cron job. It doesnt seem to work all the time.
<crackintosh> Is it possible that it is not executing properly because it is not run by www-data
<crackintosh> here is the cron job: * * * * * cd /var/www/sugarcrm; php -f cron.php > /dev/null 2>&1 being run by root
<GreenCult> hi all
<GreenCult> somebody here speak spanish??
<jmarsden|work> GreenCult: Try #ubuntu-es
<nurmi> yep, this is indeed Dan from eucalyptus-land
<kansan> um i'm about to deploy a LAMP stack over ubuntu + ec2.... we develop on 32 bit ubuntu at work... should i select a 64/32bit ubuntu ami from http://alestic.com/ as my base?
<erichammond> kansan: I build the AMIs listed on http://alestic.com and many folks (including my company) use them in production servers on EC2.
<kansan> what about the 32/64 bit question?
<erichammond> kansan: There are also some official Ubuntu AMIs which are currently in beta. You can join the beta program here: http://ubuntu.com/ec2
<erichammond> kansan: It depends what type of EC2 instance you want to run (32-bit or 64-bit)
<erichammond> kansan: I would also encourage you to join the Ubuntu on EC2 community: http://ec2ubuntu-group.notlong.com
<kansan> anyone know how to solve this:  Client.InvalidKeyPair.NotFound: The key pair '/home/david/.ec2/id_rsa-gsg-keypair' does not exist
<kansan> it does though!
<erichammond> Other channels which might be more appropriate for asking EC2 questions: #ubuntu-ec2 ##aws
<kansan> ah cool!
<erichammond> #ubuntu-ec2 has the folks who build the official Ubuntu beta images.  ##aws has more general EC2 experts (like the Q you just asked)
<kansan> thanks
<erichammond> kansan: answering over on ##aws
<kansan> mk thx!
<kaje> is there a way to tell ufw to ignore all broadcast packets and do NOT log them? I have a printer server at work that is cluttering up my logs with its broadcast traffic...
<jdstrand> kaje: just explictly DENY them. 'sudo ufw deny 631'
<jdstrand> kaje: or give the broadcast address: 'sudo ufw deny to <broadcast address> 631'
<jdstrand> oops
<jdstrand> sudo ufw deny to <broadcast address> port 631
<kaje> and that will keep them out of the log?
<jdstrand> kaje: yes. logging is not enabled on a per rule basis (yet), so adding a deny or allow rules means they won't get logged. if you don't like this solution, you may update /etc/ufw/after*.rules
<kaje> no, that solution is fine with me
<ziggles1> hi guys, is it possible to do something similar to NAT port forwarding but based on the hostname?
<andol> ziggles1: In most cases no. The hostname isn't really used on a network level. The only time you can do magic based on hostname is if you use a protocol which sends and listens to the hostname. If I'm not totaly misstaken http is the only one of the major protocolls which handles hostnames.
<kansan> is there a way of searching which packages are avaialble on 8.04 LTS server?
<andol> kansan: http://packages.ubuntu.com/
<andol> kansan: or do you want to know how to do the search on an 8.04?
<kansan> i guess i already have an ec2 instance up
<kansan> running 8.04 lts server
<kansan> so i can just search via it
<andol> kansan: I usually use "apt-cache search foo"
<andol> kansan: Another option might be to start "aptitude"
<ziggles1> andol:  that is what i was thinking
<ziggles1> andol: so does this mean that most commonly webservers should be assigned an external facing IP?  ie dont do nat before?
<ziggles1> or i should say, not behind nat
<andol> ziggles1: Well, somewhere along the line there has to be a public facing IP if nothing else. Still, that can be a router, which forwards all http(s) trafik to an internal ip.
<andol> ziggles1: The actual web server can be behind the NAT.
<ziggles1> andol: could you possbily have two webservers behind the nat?
<andol> andol: Kind of
<andol> ziggles1: Kind of
<ziggles1> andol: seems impossible to have 2 unless you have them running on diff ports and forward the ports?
<Nafallo> depends on how configurable the NAT device is.
<andol> ziggles1: You can have a frontend webbserver on the public IP, then you can have it proxy to the other webbservers in the NAT, based on hostname for example
<ziggles1> Nafallo: what do you mean?
<ziggles1> andol: ah that's interesting!
<Nafallo> some could probably send it to the correct internal server based on destination URL.
<Nafallo> another variant would be anycasting, in case both serves the same material.
<andol> ziggles1: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
<Nafallo> but yea... I should sleep rather than trying to act clever :-)
<andol> ziggles1: reverse proxy
<andol> Nafallo: don't worry, I have the acting clever all covered :)
<ziggles1> Nafallo: thanks for offering your advice man.
<ziggles1> sleeep! :)
<Nafallo> no worries :-)
<ziggles1> hmmm so the issue is that i have 2 VMs setup as webservers
<Nafallo> actually pack bag, shower, sleep 1h 30mins, run around to catch buses so I won't miss the plane :-(
<Nafallo> but thanks ziggles1 :-)
<ziggles1> lol sounds horrible man
<ziggles1> with these two webservers we are trying to figure out how to route traffic to them via one nic... and not expose the whole box
<ziggles1> but i suppose that a webserver should pretty much be exposed..
<genii> ziggles1: You could also create an alias to hae 2 IP running on same adapter
<ziggles1> genii: an alias? like a bridge?
<genii> ziggles1: N o, adapters can have as many IP addresses as you want. Then you bring them up with ifup or ifconfig with names like eth0:0 eth0:1   and so on, each with it's own settings,IP, etc. Then if a name resolves to a specific IP it goes there still
<genii> ziggles1: The thing is you can use the aliased adapters in a vm as well
<jmedina> or, you can simple add for IP address to a single interface without having more alias interfaces like eth0:1
<jmedina> I prefer this way
<jmedina> if you want to do filtering or routing, you only specify the interface with a destination address
<Deeps> aliasing is deprecated
<genii> Deeps: Ah, was not aware. Been a while since I used it
<Deeps> i learnt today that even ifconfig can add multiple addresses to an interface
<jmedina> :D
<Deeps> ifconfig <dev> add <ip>
<genii> Can you add even if on different ranges/segments with different gateways, etc?
<jmedina> genii: yeap
<genii> Cool
<jmedina> it is only a address to a interface, there is no routing, classing involved
<jmedina> after that, routing is your job :D
<ziggles1> thats pretty cool
<jmedina> for example, there is people running one interface connected to two different WAN (ISPs)
<jmedina> with differente classes, different gateways, and so on
#ubuntu-server 2009-01-24
<kansan> how do i get by this in the future without having to type stuff: sun-dlj-v1-1 license could not be presented;  try 'dpkg-reconfigure debconf' to select a frontend other than noninteractive ...
<VoiDeT> hey there, i just upgraded from 8.04 to 8.10. When i boot up i get "ALERT! /dev/mapper/my-root does not exist. Dropping to shell!" however my-root does exist. Any ideas?
<ScottK> kansan: For that package you don't.  It's a legal requirement you accept the license.
<kansan> ScottK, booh hiss
<kansan> i should be able to automatically select it
<ScottK> VoiDeT: Wait a minute or two and then type exit.  If that fixes it, I'll help you with a workaround.
<ScottK> kansan: You should use Free software then.
<kansan> ScottK, i mean i accept it;  but i should be able to pass ina  command line arg that says i agree
<ScottK> kansan: That's a function of the license and the upstream requirements.
<ScottK> I guarantee you it wouldn't do that if we didn't have to.
<VoiDeT> ScottK: this is from busybox right? which is the shell that it dropped me to
<ScottK> VoiDeT: Yes.
<ScottK> If it's what I think it is, it'll pick up and continue booting from there.
<VoiDeT> ScottK: ok its booting
<ScottK> Congratulations.  You and I hit the same kernel bug.
<VoiDeT> :D YAY
<VoiDeT> so how did you manage to get around this?
<ScottK> VoiDeT: Look at http://www.ubuntu.com/getubuntu/releasenotes/810
<ScottK> VoiDeT: Specifically "Boot failures on systems with Intel D945 motherboards"
<VoiDeT> oh god thats dodgy
<ScottK> At release time we only knew it was D945
<ScottK> Now it's clear it's much more.
<ScottK> Yeah, well it's a work around.  It's not a fix.
<ScottK> I have one server still running Hardy because of this.
<ScottK> Good luck.
<VoiDeT> im running 2650's
<VoiDeT> lucky it was only production server
<ScottK> VoiDeT: You may need to adjust the rootdelay for your box.  90 worked for me when I was doing pre-release testing, but some have needed more.
<VoiDeT> 90 worked fine
<VoiDeT> long boot time but >_<
<ScottK> Boot slow is better than no boot at all.
<kansan__> adduser: Warning: The home directory `/home/app' does not belong to the user you are currently creating.
<kansan__> what does that maen?
<kansan__> how do i: Adding new user `app' (1000) with group `app' ...
<[gnubie]> is there a way i can install ubuntu-server 8.04 lts amd64 on top of an ubuntu 8.10 i386 laptop? currently, i don't have an amd64 machine at home but i want to prepare configs in advance so that once the amd64 arrives, it will be easy and fast for me to deploy.. any advice?
<uzair> hey all. what is the best solution people have for running linux servers while having to deal with windows-only apps??
<uzair> anyone?
<_Cid> uzair:  I dont understand the question? :)
<_Cid> uzair:  you mean ..linux on the server, windows on the desktops?
<uzair> i was hoping to setup a domain based on a linux server, however i'm having to deal with a couple of windows-only apps. what do most of these mid-large sized companies do for a solution?
<uzair> clients could be either windows or linux. apparently samba can handle the windows computers and domains. problem is having to deal with win-only apps
<_Cid> wouldnt the win apps..be installed on a windows box?
<_Cid> if not ..maybe use vmware?
<uzair> if i use vmware, then how would clients access it?
<_Cid> vmwares can run as virtual servers
<uzair> if say the vmware is on the server -- we're trying to ensure things are centralized
<_Cid> so they could have hostname and IP etc. etc
<_Cid> as far as the client is concerned, its a seperate box
<uzair> and can multiple clients connect to it simultaneously?
<_Cid> sure
<uzair> what os would you run on the vm?
<_Cid> well...for windows only apps...I would run windows :)
<uzair> would you need a win server or could you get away with a xp pro or something
<uzair> lol
<uzair> funny ;P
<_Cid> hehe, it depends on the apps
<uzair> well, if i need to get a win server, then it is pointless setting up a linux server (except maybe the reliability and security part)
<uzair> i was tyring to avoid costs
<uzair> small business = small budget o_O
<_Cid> couldnt the windows only apps, run on the desktops only
<_Cid> perhaps using a database or storage on the linux box?
<[gnubie]> uzair: have a dedicated windows server serving the win32 apps and have it accessible via rdesktop
<[gnubie]> uzair: convert the desktops to ltsp so that you will have a centralized software management
<uzair> would that dedicated win machine be able to take simultaneous connections?
<[gnubie]> uzair: afaik, yes
<uzair> hmm. that's what i worry won't happen. no one seems to have a how-to that shows that for some reason :S
<[gnubie]> uzair: but afaik also, you need to pay for the connection license.. but that will still be cheaper compared of installing it to each and every workstation
<uzair> connection license?
<[gnubie]> uzair: there are lots of them.. try digging more
<uzair> terminal server cals?? isn't that only on server 2003/2008?
<[gnubie]> uzair: http://wiki.ltsp.org/
<uzair> hmm. seems interesting. one other thing. it seems using samba as a pdc is still quite tempermental with win clients huh?
<[gnubie]> uzair: at the bare minimum, you will need at least 2 servers... one for the windows server who will be serving the win32 apps via rdesktop and the other one is for the ltsp where all the thin clients are directly connected to it..
<[gnubie]> uzair: the third box will serve the openldap+samba as your pdc
<uzair> that's what i expected. i was hoping to pull it off w/ vms. only issue is that i can't figure out how win xp computer will be able to handlie multiple connections
<[gnubie]> if you also want, have a 4th server that will serve the dhcp, (internal) dns, tftp and xfs services
<uzair> um, soho -- lol, only dealing with maybe 5 - 10 clients
<uzair> i think 4 servers may  be overkill
<[gnubie]> then all your thin clients may be a resurrected legacy pentium 1 with at least 16mb of ram without any secondary storage (diskless)
<[gnubie]> ah..
<[gnubie]> uzair: if you only have 4 clients to connect, why bother having a pdc?
<uzair> centralizes things, plus can keep certain employees on lock-down on what they have access to and stuff
<[gnubie]> uzair: having only 4 users, don't give much time and complexity to your life, imho
<[gnubie]> uzair: but if you want, install an ltsp server and all your desktops will be diskless.. no need of having a pdf
<[gnubie]> s/pdf/pdc
<uzair> [gnubie]: no i hear you. only thing is that we want to make sure company data stays safe if an employee gets up and goes. since employees are often on the move, laptops work
<uzair> better than desktops
<uzair> so they'll use their own laptops
<[gnubie]> uzair: with a centralized computing concept like ltsp, all the data are stored on your server.. since all the clients are diskless, they cannot easily upload/download data to/from your server
<[gnubie]> uzair: if you are only concerned with your documents, better have a document tracking and management system
<[gnubie]> where you can monitor who did who
<uzair> lol "who did who" ;)
<[gnubie]> i mean, who did what
<[gnubie]> ;)
<uzair> lol i know
<uzair> just funny ;P
<[gnubie]> but it's not a guarantee that your employees cannot have their own copy of your files even if they check-in the files they checked out
<uzair> [gnubie]: thx for your help. i'll keep this in mind
<uzair> btw
<uzair> check this out: http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1238129,00.html
<uzair> i was aiming for this
<[gnubie]> uzair: the best thing that you may want to consider is to include an NDA on their employment contract
<uzair> yeah, ceo will be dealing with that aspect :) -- i just do computer work
<[gnubie]> uzair: other alternative is to setup a linux server with xen or virtualbox
<[gnubie]> and host your windows apps
<uzair> xen does that? specific apps only or the whole os like VB or VMware?
<[gnubie]> uzair: whole OS
<uzair> ic
<uzair> and multi connections is supported huh?
<[gnubie]> uzair: do you want that all users will use the win32 apps centraly?
<uzair> yes, a number of them
<[gnubie]> uzair: what applications do you have in mind?
<uzair> quickbooks (accounting software) & goldmine (crm)
<[gnubie]> uzair: if that is the case, just install a windows server and install those win32 apps and let your users connect and use those apps over rdesktop
<uzair> i was trying to see if you could just host the db on a linux file server & run it off win clients. however i like the functionality of having a domain
<[gnubie]> uzair: for me, i won't bother setting up a pdc just to cater 4 employees
<uzair> yeah, i'll give it a go at it and see how it turns out. i was trying to do the 2x thing (the link i sent earlier) and see how it works out
<uzair> just run a centralized file server huh?
<[gnubie]> vmware is an OS emulator
<uzair> [gnubie]: if it was u, you'd only have a centralized file server?
<[gnubie]> you need to have a linux box as a host, buy and install a vmware server (esx?), buy and install windows server on one vmware image, buy and install all the win32 apps on your windows server inside vmware
<uzair> hmm. okay. i'll try some of these ideas out. thanks a lot for your help
<[gnubie]> if those applications are the bread and butter of the company and there are only 4 employees, i will not install linux and buy a license from vmware.. instead, i will just buy a license and install a windows server and from there, install the win32 apps.. then, let the 4 employees connect to the windows server via rdesktop
<[gnubie]> the idea there is "practicality"
<uzair> yea
<[gnubie]> good luck
<uzair> ty
<[gnubie]> yw
<PlaneCrazy1> hello
<[gnubie]> is there a way i can install ubuntu-server 8.04 lts amd64 on top of an ubuntu 8.10 i386 laptop? currently, i don't have an amd64 machine at home but i want to prepare configs in advance so that once the amd64 arrives, it will be easy and fast for me to deploy.. any advice?
<[gnubie]> do you think debootstrap is good enough?
<[gnubie]> please advice
<PlaneCrazy1> sorry can't help u...would if I could
<[gnubie]> PlaneCrazy1: no worries.. ;)
<PlaneCrazy1> :)
<PlaneCrazy1> I just tried upgrading my 8.04 server to 8.10 and it crashed half way thru the upgrade...:-P
<PlaneCrazy1> don't know what to do!
<uzair> wouldn't a vm do that for you? not sure if you can configure the cpu of the vm to emulate a particular one
<uvirtbot> New bug: #320777 in samba (main) "package samba-common 2:3.2.3-1ubuntu3.5 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/320777
<uvirtbot> New bug: #310211 in mysql-dfsg-5.0 (main) "MySQL table check fails in ANSI mode" [Undecided,Confirmed] https://launchpad.net/bugs/310211
<domas> hi!
<uvirtbot> New bug: #320785 in amavisd-new (universe) "amavisd-new missing dependency (libmail-dkim-perl)" [Undecided,New] https://launchpad.net/bugs/320785
<andol> domas: Hi
<Hellsheep> If i install Ubuntu server, but during the set up fail to install the packages like mail server and what not. Can i install them later? Or should i re-install all together
<andol> Hellsheep: you can easily install the afterwards.
<andol> Hellsheep: Besides installing on a single package basis there is also a program called tasksel which basicly gives you the same grouped options as during the install
<persia> Actually, the install uses tasksel to present that interface
<uvirtbot> New bug: #319911 in ubuntu "package mysql-server-5.1 5.1.30-2ubuntu3 failed to install/upgrade: subprocess post-installation script returned error exit status 1 (dup-of: 316849)" [Undecided,New] https://launchpad.net/bugs/319911
<Hellsheep> andol, how do i install them then?
<andol> Hellsheep: on a package basis or by using tasksel?
<Hellsheep> tasksel
<Hellsheep> or even package
<Hellsheep> The way where i have to download the least amount of things
<andol> Hellsheep: Just run the command "sudo tasksel" and it will give you about the same menu (actually with a few more options) as during the install.
<Hellsheep> Thank you.
<andol> Hellsheep: Of course, you might also have to do some configuration :)
<Hellsheep> I figured that, i'll slowly work it out hopefully.
<andol> See https://help.ubuntu.com/8.10/serverguide/C/email-services.html and/or https://help.ubuntu.com/community/MailServer
<Hellsheep> Oh, it's not jut the mail server i want. :)
<andol> Hellsheep: Well, if you look in that general direction you'll find all kinds of useful documentation :)
<Hellsheep> :) ty
<Hellsheep> andol, could you suggest a few things for me possibly?
<Hellsheep> I'm planning on using my Ubuntu server as a file sharing sort of server. Also hoping to use it as a firewall/router. I was planning on having the net going through to modem to the server then to a switch then out to all the computers.
<Hellsheep> Is there any specific packages i should install for that?
<Hellsheep> Other than file sharing
<Hellsheep> Also planning on hosting a ventrillo server on it.
<ivoks> get rp-pppoe from the internet
<domas> hi! I'm getting various kswapd deadlocks on our machines, like this one: http://p.defau.lt/?AftWGQnCtD1G80ZjIr7cyg - it seems any VFS pressure can cause this...
<domas> any ideas?
<ivoks> 'CPU#0 stuck for 11s!' doesn't sound good
<domas> should I just try using 2.6.28 anywhere?
<Hellsheep>  When using sudo tasksel, do i need the Live CD in the drive?
<Hellsheep> Or does it download it off the internet?
<domas> it will download off the internet
<Hellsheep> Darn
<Hellsheep> That's going to take forever
<Hellsheep> Ll
<Hellsheep> Lol*
<Hellsheep> On dialup
<domas> well, if you have cdrom, it will work too
<Hellsheep> If i put the CD in will it read from there first?
<domas> yes, if there are no updates
<Hellsheep> kk
<Hellsheep> ty
<domas> if there are updates, it will download them off the intertubes
<domas> GODDAMNIT
<uvirtbot> New bug: #320810 in mysql-dfsg-5.1 (universe) "package mysql-server-5.1 None [modified: /var/lib/dpkg/info/mysql-server-5.1.list] failed to install/upgrade: prÃ¸ver Ã¥ skrive over Â«/usr/sbin/mysqldÂ», som ogsÃ¥ finnes i pakken mysql-server-core-5.0" [Undecided,New] https://launchpad.net/bugs/320810
<[gnubie]> is there a way i can install ubuntu-server 8.04 lts amd64 on top of an ubuntu 8.10 i386 laptop? currently, i don't have an amd64 machine at home but i want to prepare configs in advance so that once the amd64 arrives, it will be easy and fast for me to deploy.. any advice?
<maxb> [gnubie]: You cannot run amd64 binaries unless both your CPU and your running kernel support it. So, I'm fairly sure the answer is an outright "no"
<maxb> However, will the configs really be all that different?
<ivoks> configuration will be the same
<ivoks> mostly
<andol> [gnubie]: Well, if nothing else Virtualbox 2.1 has experimental support to run 64-bits guests on a 32-bit hostsystem.
<maxb> ooh, how does it manage that? Very slowly, I imagine?
<andol> maxb: No idea, I didn't even know it was possible.
<andol> [gnubie]: Still, as maxb says, almost all configuration should be the same.
<andol> ohh, I guess it was ivoks who said that, sorry :)
<uvirtbot> New bug: #320831 in drbd8 (universe) "[jaunty] Update drbd8 to 8.3.0" [Undecided,New] https://launchpad.net/bugs/320831
<ivoks> drbd8 is in universe?
<ivoks> it's not... uvirtbot explain your self :D
<domas> argh, another deadlock: http://p.defau.lt/?XpVljy4JCy1aPECnBv7ilw
<domas> can such deadlocks in multiple places be some motherboard chip bugs? like memory management, etc?
<domas> or CPU barrier bug?
<domas> other deadlock at similar time on another machine: http://p.defau.lt/?A_FG4J__2fq_IXyXWWOXyQ
<andol> ScottK-desktop: Regarding the result of bug #311277 (amavisd-new). Is there some kind of explicit standard regarding whatever a purge should remove the packages user or not?
<uvirtbot> Launchpad bug 311277 in amavisd-new "amavisd-new broken user (again) Intrepid" [Undecided,Triaged] https://launchpad.net/bugs/311277
<[gnubie]> maxb: thanks.. sorry for the late reply.. ;)
<[gnubie]> andol: ok.. thanks.. sorry for the late reply..  ;)
<ScottK> andol: Debian/Ubuntu policy describes what purge should do.  It talks about purging config files, not users.
<ScottK> andol: The general case it worries about is if more than one package uses the same user and then one package removes the user, pain ensues.
<andol> ScottK: Ok, thanks.
 * andol really should start reading up on those policies.
<maxb> Would you not normally expect a purge to leave the system in a state as if the package had never been installed, though?
<ScottK> andol: Amavisd-new has it's legacy in amavis, amavisd, and finally amavisd-new.
<ScottK> maxb: If you expect that you haven't read policy.
<ScottK> All those packages used the same user.
<andol> ScottK: Yeah, then I guess the extra install-precations makes/made sense.
<ScottK> So there's an assumption built in to the current package (now obsolete) that it can't assume which was around before.
<ScottK> At this point you'd have had to cross grade from Sarge to Dapper, upgraded to Hardy and not switched for it to be a problem.
<ScottK> I'm going to have a look at seeing about ripping it out for Jaunty, but I don't think it's SRU worthy for Intrepid and I'm not comfortable with it for Hardy.
<ScottK> andol: ^^
<andol> ScottK: got it
<[gnubie]> gtg now.. thanks..
<andol> ScottK: How busy are you right now? Do you mind if I ask about the reasoning behind bug #320785? It's really not that important to me, but I would be nice to understand some more :)
<uvirtbot> Launchpad bug 320785 in amavisd-new "amavisd-new missing dependency (libmail-dkim-perl)" [Undecided,Invalid] https://launchpad.net/bugs/320785
<ScottK> andol: Shoot.
<ScottK> I thought I was clear in the bug, but go ahead...
<andol> ScottK: Regarding you answer. What's the diffrence between kind having DKIM in the default config, since recommends is used by default, but not supporting it as a "hard dependency"?
<ScottK> If you don't want DKIM, with it as a recommends, you can remove it and change the config.
<domas> after 6 years of not compiling kernels I'm back doing it again :(
<ScottK> If it's a hard depends, then you can't remove it without removing amavisd-new.
<ScottK> andol: In Debian it's a Suggests and not enabled by default.
<andol> ScottK: True. Just not used to Recommends being used by default I guess. Thanks for taking your time.
<ScottK> No problem.
<ScottK> It's really the way it should have been all along, but it takes some getting used to.
<domas> ScottK: how to get minor bugs like https://bugs.launchpad.net/ubuntu/+source/oprofile/+bug/251290 fixed? :) should I just suggest to merge in some patches?
<uvirtbot> Launchpad bug 251290 in oprofile "Oprofile fails to load vmlinux image if binutils is not installed" [Undecided,Confirmed]
<andol> ScottK: Well, my very personal opinion is that it makes kind of sense on Desktops but that I would prefer not to have it on servers.
<ScottK> domas: If you want to get that fixed, make is easy for a sponsor by making a debdiff, attaching it to the bug and then subscribing ubuntu-universe-sponsors to the bug.
<domas> mhmmm
<domas> ergh, I just had another ubuntu kernel deadlock
<domas> sucks to use greatest and nicest hardware :)
<domas> nc/kswapd deadlocked
<domas> nc doesn't do any file i/o ;(
<domas> what kind of VFS pressure could it have?
<domas> we have canonical support contract, but they want to install some magic system management tool
<domas> which we're hesitant to do :(
<andol> domas: kind of understand that feeling :)
<domas> it seems I'm hitting every possible edge case in VM code
<domas> hehe, maybe I'm hitting some gcc-4.2.3 bug %) it inlined some of mysql code incorrectly in -O3 too!
<domas> I'd love to know this stuff, rather than speculate
<domas> btw, UUIDs for filesystems on servers suck
<ScottK> Not if you have more than one drive in the box.
<ScottK> Without is you end up with the BIOS, GRUB, and the OS disagreeing about what drive is which.
<domas> servers have RAID controllers!
<domas> I have a habit to reformat filesystems whenever I can
<domas> this ends up changing UUIDs
<domas> (it is much nicer to start with empty filesystem that doesn't have any cruft in internal structures ;-)
<Mechill-enginia> hi
<Mechill-enginia> may i ask some question?
<Mechill-enginia> if the ubuntu provide their own server?
<Mechill-enginia> sori i'm a newnies in linux
<domas> server distribution? yes
<Mechill-enginia> sorry
<Mechill-enginia> the server is for education or for business?
<Mechill-enginia> what the meaning of server distribution'
<Mechill-enginia> what the meaning of server distribution?
<domas> ghmmm
<domas> it is software you run on your hardware, to have a server!
<Mechill-enginia> oh...
<Mechill-enginia> sorry
<Mechill-enginia> don't be mad
<Mechill-enginia> hehe
<Mechill-enginia> :P
<Mechill-enginia> can i have my own server with ubuntu?
<domas> yes, you can download and install it.
<Mechill-enginia> and use my computer as a server?
<domas> if you want
<domas> you can use desktop distribution as a server too
<domas> :)
<domas> then you will be able to use your computer for other work too!
<Mechill-enginia> i think my computer performance can slow down if i make them to server
<Mechill-enginia> huhu
<domas> yes!
<domas> it may!
<Mechill-enginia> so another solution?
<domas> what do you want to do?
<Mechill-enginia> i want to have my own website hosting
<Mechill-enginia> hehe
<Mechill-enginia> i want to learn how to make it
<Mechill-enginia> but, it is okay?
<Mechill-enginia> because now my laptop use fedora 10
<Mechill-enginia> not ubuntu..
<domas> ghm
<Mechill-enginia> :D
 * domas kicks dpkg-deb for being slowass
<cjwatson> domas: we know that UUIDs have their downsides, but the alternative is many systems (yes, including many servers) being unbootable after upgrades or even just on reboots when SCSI devices appear in a different order, which is much worse
<domas> devices, not filesystems!
<cjwatson> domas: you are entirely free to use filesystem labels if you prefer, which would be more stable; we can't assign those by default though
<domas> *nod*
<domas> I know it is me being lazy
<domas> I guess preseed doesn't support labels, or something like that
<cjwatson> devices, not filesystems> what's your point? there's no way in general for Ubuntu to tell which filesystem is which
<domas> cause we'd do them otherwise
<domas> ergh, devices, not partitions
<domas> but I guess thats the downside of sda/sdb/sdc/... alphabetic naming
<cjwatson> all the schemes have their downsides
<cjwatson> I posted a summary of all the problems on debian-boot not that long ago
<domas> for me all it takes is getting to mgmt, starting serial console and fixing it, whenever I mess it up
<cjwatson> http://lists.debian.org/debian-boot/2008/12/msg00338.html
<domas> though on all our servers data filesystem ends up being /dev/sda6 (or something in LVM)
<cjwatson> preseeding actually does support filesystem labels
<cjwatson> however, we don't use them for /etc/fstab when available; this is a bug
<cjwatson> i.e. you can say label{ foo } in a partman recipe
<domas> mhm, right
<domas> I'm too lazy to change partman recipe to switch from jfs to xfs (why I actually end up breaking UUIDs quite often :)
<domas> thanks for hint though
<cjwatson> oddly, there was no bug about the fact that we don't use labels in /etc/fstab when they're available
<cjwatson> I've filed bug 320871 for that
<uvirtbot> Launchpad bug 320871 in partman-target "should use labels rather than UUIDs if they exist" [Undecided,New] https://launchpad.net/bugs/320871
<domas> thanks!
<domas> both labels and UUIDs are awesome if you have same data seen via multiple layers (e.g. DRBD)
<ivoks> domas: you use drbd?
<Ryder> Hey
<Ryder> I have installed the openssh package
<Ryder> How do i use putty or telnet to ssh into my server from a windows machine?
<ivoks> did you install openssh-server?
<Ryder> Yes, i forgot one thing first, what is the command to configure DHCP first?
<ivoks> dhcp server?
<Hellsheep> Sorry, no.
<Hellsheep> When i installed Ubuntu server
<ivoks> or just to pick up an IP from existing dhcp server
<Hellsheep> I had to unplug the lan cable
<Hellsheep> So the network was set to disabled
<Hellsheep> i fixed that, except yesterday someone gave me a command to "configure" the dhcp
<ivoks> dhclient eth0
<ivoks> sudo dhclient eth0
<ivoks> but that will work only untill you reboot that server
<Hellsheep> Ah okay
<Hellsheep> That's okay though.
<Hellsheep> I added the text into the /etc/network/interface
<Hellsheep> auth eth0
<Hellsheep> etc....
<ivoks> then you should already have an IP
<Hellsheep> yeah
<Hellsheep> i forgot to plug in the ethernet cable
<Hellsheep> rofl
<Hellsheep> ssh magically worked once i plugged that in too =P
<ivoks> it's pure magic
<Hellsheep> I feel dumb now.
<Hellsheep> Oh one question i do have.
<Hellsheep> Is i re-installed Ubuntu
<Hellsheep> But it didn't over right the old one like i expected.
<Hellsheep> Now grub boot loader has 2 OS's i can load.
<Hellsheep> How do i remove the old install?
<ivoks> it didn't overwrite the old one?
<ivoks> are you sure?
<Hellsheep> It seems not.
<Hellsheep> Because the boot loader shows 2 installs
<Hellsheep> I haven't tried loading the old one.
<ivoks> there are multiple operating systems or two kernels?
<Hellsheep> But it's there apparently
<Hellsheep> To be honest, i am not sure. I haven't tried loading the old one.
<Hellsheep> I don't think the whole operating system would still be there.
<Hellsheep> But who knows
<ivoks> paste your /boot/grub/menu.lst on paste.ubuntu.com
<Hellsheep> Ah okay, how do i do multiple things at once on ubuntu via ssh without actually cancelling the other things it's doing?
<Hellsheep> Is it the same as being on the server computer?
<Hellsheep> ctrl+alt+F2 etc
<ivoks> start another ssh client/putty
<Hellsheep> ah kk
<persia> Or run screen in your ssh session ...
<Hellsheep> On the new install of Ubuntu, menu.lst has nothing in it
<Hellsheep> at all
<ivoks> how is that possible? :)
<Hellsheep> It could be using grub from the old install?
<Hellsheep> Could it*
<ivoks> it could, but you would be very lucky guy if that's actually working
<Hellsheep> Well, i did notice the second time around, the ubuntu install didn't seem to install grub
<Hellsheep> it just seemed to ask me if i wanted to add the new install to the mbr and allow grub boot loader to ask you which os to boot into
<ivoks> why didn't you reinstall on the same disk/partition?
<Hellsheep> That's a good question.
<Hellsheep> The explanation is probably because its 4am
<Hellsheep> Any way i can fix this without a total reinstall again?
<ivoks> yes, you can
<ivoks> but it might require some knowledge of grub :)
<Hellsheep> Which i don't have. =P
<ivoks> :)
<Hellsheep> ivoks, would you be willing to help me if you have the knowledge?
<ivoks> Hellsheep: i would, but don't have time at the moment
<Hellsheep> Okay, no problem.
<Hellsheep> Just a question
<Hellsheep> Could ConfigServer and Security be overkill for a home linux server?
<Hellsheep> Would*
<Hellsheep> Configserver Security and Firewall*
<didrocks> jdstrand: around? :)
<uvirtbot> New bug: #287256 in openssh (main) "hardy ppc (ports.ubuntu.com) includes broken (old) openssh-client package which only generates comprimized keys." [Undecided,New] https://launchpad.net/bugs/287256
<techsupport> hi , can i use a cp command with visible files being compied ?
<kobrien> techsupport, please explain
<techsupport> kobrien, i think what i need is cp -v
<techsupport> to observe whats being done
<kobrien> do you just want the names of the files printed as you copy or do you want a progress bar?
<kobrien> cp -v will list the names as they're copied
<tonyyarusso> I keep getting connection refused errors from the bacula director when trying to connect to the file or storage daemons (same machine).  Could someone help troubleshoot that?
<ivoks> i could
<ivoks> first of all, which version of ubuntu?
<tonyyarusso> 8.04
<tonyyarusso> My errors look like this: "24-Jan 13:45 flamtap.com-dir JobId 0: Fatal error: bsock.c:129 Unable to connect to Storage daemon on flamtap.com:9103. ERR=Connection refused"
<ivoks> connection refused
<ivoks> iirc, by default, storage daemon listens on localhost
<ivoks> look for SDAddress variable in bacula-sd.conf
<ivoks> sd is on the same machine as dir?
<tonyyarusso> "bacula-sd.conf:  SDAddress = 127.0.0.1"
<tonyyarusso> Yes, all components are on the same machine so far.
<ivoks> comment out that SDAddress
<tonyyarusso> (Fresh installation of bacula - just getting going)
<ivoks> and restart bacula-sd
<tonyyarusso> I got a connection now "status storage" in bconsole gives job info.
<ivoks> so, it works
<tonyyarusso> appears to, on that front at least
<tonyyarusso> Having a similar issue with the FD
<ivoks> 'status all'
<ivoks> if everything scrolls down, then everything is ok
<tonyyarusso> Connecting to Client flamtap.com-fd at flamtap.com:9102
<tonyyarusso> Failed to connect to Client flamtap.com-fd.
<ivoks> FDAddress
<ivoks> in bacula-fd.conf
<tonyyarusso> comment it out as before?
<ivoks> right
<tonyyarusso> Still failed.  (and yes, I restarted -fd)
<ivoks> in 8.10 and 9.04 those variables are left out
<tonyyarusso> 24-Jan 13:54 flamtap.com-dir JobId 0: Fatal error: bsock.c:129 Unable to connect to Client: flamtap.com-fd on flamtap.com:9102. ERR=Connection refused
<ivoks> try telnet flamtap.com:9102 9102
<ivoks> bah
<ivoks> try telnet flamtap.com 9102
<tonyyarusso> connection refused
<ivoks> then you didn't comment out FDAddress
<ivoks> or you have firewall
<tonyyarusso> Well, there's the built in firewall on Ubuntu, plus we do have a firewall between this and the outside (although I wouldn't think that would matter when connecting to itself)
<ivoks> ufw by default isn't on
<ivoks> netstat -nlt | grep 9102
<tonyyarusso> tcp        0      0 127.0.0.1:9102          0.0.0.0:*               LISTEN
<ivoks> there you go, it still listens on 127.0.0.1
<tonyyarusso> Well, the file reads "#  FDAddress = 127.0.0.1"
<ivoks> paste your bacula-fd.conf on paste.ubuntu.com
<ivoks> hide passwords
<ivoks> and IPs
<tonyyarusso> http://paste.ubuntu.com/109094/
<ivoks> this looks ok
<tonyyarusso> hang on a sec, lemme try restarting everything without bconsole running
<ivoks> stop everything
<ivoks> and check if there is bacula-fd running
<tonyyarusso> AHA - root     16131  0.0  0.0  43784   968 ?        Ssl   2008   0:00 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
<tonyyarusso> Should I just kill that?
<ivoks> yes :)
<tonyyarusso> yippee, the netstat output went away
<tonyyarusso> Now it's happy in 'status all'.
<ivoks> :)
<ivoks> you have used bacula before?
<tonyyarusso> Nope.  We're just getting started.
<ivoks> i see
<ivoks> bacula is very powerfull tool
<ivoks> maybe a bit complex to set up
<ivoks> be sure to install bacula packages from proposed repository for hardy
<ivoks> there are some fixes
<tonyyarusso> eep, proposed?  Any idea how long until they make it to updates?
<ivoks> i hope during next month
<ivoks> but those are really important fixes
<ivoks> so i would suggest pulling bacula from that repo
<tonyyarusso> Will it kill me to wait until then to get those fixes?  (It's a production system)
<ivoks> trust my, i do bacula packaging :)
<tonyyarusso> aaah
<tonyyarusso> Now you're testing my apt config skills :P
<ivoks> dpkg -l | grep bacula
<ivoks> enable proposed
<ivoks> update, and apt-get install packages from dpkg -l |grep bacula
<ivoks> :)
<tonyyarusso> That's so unelegant though!  (but functional, I'll grant you that)
<tonyyarusso> What I'd like to do is get them pinned so it always does that while leaving the rest alone
<ivoks> well, install bacula and disable proposed
<tonyyarusso> The backports wiki page seems to have the info I need to accomplish that for the long run.
<ivoks> tonyyarusso: which backend do you use? mysql? pgsql?
<tonyyarusso> mysql
<ivoks> i think 4 or 5 bugs are fixed in proposed
<ivoks> most of them in mysql backend
<ivoks> actually, most of them are in pgsql, but there are some 'generic' problems
<tonyyarusso> Installed.
<tonyyarusso> ivoks: oh, btw - in bacula-sd.conf, within a device definition of Media Type = File, what is Archive Device supposed to be?
<ivoks> partition?
<ivoks> err... directory
<tonyyarusso> Oh.  Duh.
<tonyyarusso> It came blank by default and was yapping about that.
<MatBoy> does someone know a bashscript ot set a static address for network ?
<ivoks> ifconfig eth0 192.168.1.1 netmask 255.255.255.0 up
<ivoks> route add default gw 192.168.1.254
<ivoks> oh...
<ivoks> echo "nameserver 192.168.1.254" > /etc/resolv.conf
<MatBoy> ivoks: ok, I need to put that in a bash with some questions than :)
<MatBoy> thanks
<ivoks> well, that depends on what you want :D
<MatBoy> I want to change hostnames and ipstuff for servers that I clone
<MatBoy> so, I have a simple setup
<cjwatson> would be more usual to use /etc/network/interfaces; see the interfaces(5) manual page
<MatBoy> just basic one
<MatBoy> cjwatson: yes possible too, but what ivoks says is easier to put in a script
<ivoks> cjwatson: of course
<cjwatson> MatBoy: you can perfectly well edit /etc/network/interfaces from a script
<ivoks> MatBoy: but interfaces are 'the right way'
<cjwatson> MatBoy: and it will probably save you a good deal of other effort further down the line
<MatBoy> ivoks: what is "right" in life :(
<ivoks> MatBoy: Ubuntu ;)
<MatBoy> yes, that is true !
<MatBoy> debian is not nice for servers anymore :(
<MatBoy> or you need to run testing
<ivoks> hm?
<MatBoy> as I did before sarge beacme stable
<MatBoy> *became
<MatBoy> ivoks: actually because it's older, it has some unfixed bugs in packages
<MatBoy> cjwatson: but is the interfaces file not changed using the way ivoks told ?
<ivoks> no
<MatBoy> ivoks: indeed, that is odd
<ivoks> it's not
<ivoks> ifupdown is debian tool
<ivoks> ifconfig is... unix tool
<MatBoy> yep true
<MatBoy> but I wasn't sure
<ivoks> maybe integrating network manager into server...
<cjwatson> ifupdown (inc. interfaces) is a layer over ifconfig and friends that deals with bringing network interfaces up and down at appropriate times during boot
<cjwatson> you can of course try to do it yourself, but you will find that you have to deal with quite a bit of tedious boot ordering stuff
<cjwatson> its manual page should help you to understand
<MatBoy> cjwatson: I know how to set a static ip address in the file, but I want to fully automate it... so I'm investigating what'sthe best way
<MatBoy> cjwatson: does ifconfig need to set every item, like subnet/gateway and so on, per item or can you add them all in one line ?
<ivoks> ifconfig can't set up gateway
<ivoks> there's route for that
<MatBoy> yes true
<MatBoy> but I ask myself also if itÅ wise to use route and not set a gatewat like you can do in interfaces
<ivoks> i think iproute would be better for those thinks, if you don't want to use /etc/network/interfaces
<ivoks> things
<MatBoy> why not ?
<dalegribble> hi, can anyone tell me which repository to use to obtain an apache 1.x version in 8.04?
<dalegribble> found it here, thansk https://launchpad.net/ubuntu/+source/apache
<_identity> hey, I'm thinking of setting up a home server to store media and backup information on as well as using it to access files over the internet, would Ubuntu server be the best choice for me?
<_identity> Well I guess you don't really know what's best for me, but is it suitable for my needs? Are there any other recommendations?
<p_quarles> _identity: it will do that job fine; but so will just about any Linux distro or even OS; that is very basic stuff
<_identity> p_quarles: thanks :) I think I'll use ubuntu. Are there any guides or walkthroughs to help me through the installation and setup processes?
<_identity> just found the server support documentation :)
<p_quarles> _identity: you're probably going to want to set up Samba
<p_quarles> that will give you a file server compatible with any OS
<_identity> yes I thought so. Will i need an FTP server for interenet access?
<p_quarles> well, that's one way; no reason you can't access SMB shares over the internet, though
<_identity> p_quarles: ok, well I'll read through the documentation and see if I have anymore questions. Thanks :)
#ubuntu-server 2009-01-25
<pteague> is there any way i can fix the fact that i seem to keep getting error messages about stale nfs file handles?
<uvirtbot> New bug: #320988 in samba (main) "error in libnss_wins.so causes NetBeans 6.5 to crash" [Undecided,New] https://launchpad.net/bugs/320988
<Hellsheep> Hey
<Hellsheep> How do i use the Samba file server?
<methods> how do i install vim without adding gnome support etc... ?
<rdw200169> methods, i think it's vim-nox package
<rdw200169> methods, i.e. vim No X
<methods> cool
<rdw200169> methods, so it doesn't require ubuntu-desktop, etc...
<methods> yea i was about to say....
<methods> so basically instead of having diff repos etc.. they just have diff packages ?
<rdw200169> what do you mean?
<ScottK> The vim package doesn't require X
<methods> i mean like in gentoo you have diff profiles
<methods> but here you simply have diff versions of packages
<rdw200169> methods, ah, yes, debian package management is different
<rdw200169> methods, while vim-full has gvim, and X Server dependencies, vim-nox does not
<ScottK> Neither does the vim package.
<ScottK> sudo apt-get install vim is all you need to do.
<rdw200169> ah yeah, i missed that, there is a 'just vim' package
<methods> why would "swapon /swap" tell me it's not permitted ?
<ScottK> Because your doing it with insufficient permissions maybe?
<methods> no
<diggernet> anyone around with RAID experience?
<domas> ghm
<domas> yeah
<domas> depends on what kind of RAID
<domas> right
 * [gnubie] waves..
<[gnubie]> is the sysklogd and klogd == syslogd ?
<domas> no
<domas> klogd intercepts kernel messages and logs them somewhere (probably to syslog then)
<[gnubie]> domas: i installed a base ubuntu-server 8.0.4.2 lts and there is no syslogd but there was klogd and sysklogd.. what happened to syslogd?
<domas> ergh, sorry, sysklogd package provides you syslogd
<domas> klogd package provides you klogd
<[gnubie]> domas: if i am going to replace the old syslog way with syslog-ng, does it mean that i only have to remove the sysklogd?
<domas> try installing it
<domas> :)
<[gnubie]> any cares to package the latest syslog-ng <http://www.balabit.com/downloads/files/syslog-ng/sources/3.0.1/source/> to ubuntu 8.0.4.2?
<domas> well, 2.0 is packaged
<[gnubie]> yes
<domas> \o/ I FOUND MY PROBLEM
<domas> "Under sustained, heavy disk and network I/O, Sun Fire X4140/X4240 servers might fail with a âsoft lockupâ displayed on the console or by hanging. The root cause is traced to the Nvidia âforcedethâ Ethernet driver. This problem might occur with the LSI HBA controller, but could also affect other disk controllers. This problem might occur with Red Hat Enterprise Linux version 5, but might also affect other implementations and vers
<domas> ions of Linux."
<Nafallo> sunfail
<domas> these boxes are awesome, if not this problem
<domas> now that I know at least two workarounds...
<domas> heh, product notes are awesome
<domas> "Sun Fire X4240/X4440 Quad-Core Systems Have Hypertransport Sync Flood Error Under High IO Load "
<maswan> has anyone ever had anything nice to say about forcedeth? :)
<domas> hehehe
 * domas is all ecstatic atm
<quizme> hey can somebody go to www.fuseme.com?  What do you see?  "Please come back soon? "  Or an apache error page ?
<hads> atelnet: Unable to connect to remote host: Connection refused
<domas> <3 cutting branch you're sitting on: http://p.defau.lt/?iznLpg0WfyDqq_BxsQ4BNw
<kraut> moin
<domas> moinmoin
<DawnLight> LVM on intrepid question: i'm on a custom kernel that my xen host provided me with that has dm_mod as a module which i load via /etc/modules. the /dev/{volume group} files don't get created. help?
<JessicaParker> if it an easy job to make the ubutu server secure ?
<Deeps> from a fresh install it is secure
<Deeps> it's what you do afterwards that makes it potentially insecure
<JessicaParker> ok ive got a few books on this topic as well so if i follow through these procedures i should be ok ?
<JessicaParker> im neither a linux nor apache expert
<ivoks> JessicaParker: define 'secure'
<domas> JessicaParker: read up on AppArmor, you can make your server really really secure within a days work or so
<domas> =)
<JessicaParker> dont have credit card information on the server nor any personal damaging personal details
<Jeeves_> you can turn it off, that's secure :)
<ivoks> JessicaParker: that depends on application
<ivoks> not the server
<domas> I find AppArmor incredibly useful for running any untrusted code
<ivoks> i agree
<ivoks> there's also mod_security for apache
<ivoks> (not in ubuntu; license issues)
<domas> there's mod_apparmor too
<JessicaParker> im going to be running drupal
<JessicaParker> which is relatively secure
<ivoks> mod_apparmor?
<domas> run mediawiki!
<domas> ivoks: ye, it allows changing hats based on URIs, etc
<ivoks> didn't know about that one
<JessicaParker> im the only one that is going to have access to the server remotely
<JessicaParker> and i was going to block all eastern block ips as well
<domas> ghm
<ivoks> JessicaParker: take a look at denyhosts for securing ssh
<ivoks> eastern?
<domas> would you block me too?
<ivoks> what's eastern?
<domas> this is a bit harsh
<ivoks> i'm on the europe's east
<JessicaParker> former eastern european countries including russina, romania,
<domas> 'former eastern european countries'
<domas> lol
<domas> they're still in eastern europe, doh
<JessicaParker> well now they are europe ?
<domas> or do you think tectonic shift happened and they moved west?
<ivoks> domas: maybe JessicaParker moved west :)
<ivoks> or east
<domas> moved east
<domas> so countries became western!
<ivoks> so, once west, now they are east :D
<JessicaParker> i think i mean former ussr
<JessicaParker> excluding romania
<ivoks> JessicaParker: you won't achive anything with that
<domas> what is wrong with former ussr?
<JessicaParker> i though a lot of hacking dos attacks came from there
<domas> have you ever seen how Estonia or Lithuania looks like nowadays? :)
<JessicaParker> https://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=16849
<JessicaParker> it happened to our payment provider
<domas> well, you can block RBN if you want ;-)
<JessicaParker> im in europe
<rdw200169> at least they kept the mongols at bay ;)
<JessicaParker> not been there but told its ok
<JessicaParker> but corruption is very high
<domas> corruption very high?
<JessicaParker> the amount of
<domas> *shrug*
<JessicaParker> and they arent very developed because half of them are now in london
<domas> well, I for one am in Lithuania
<JessicaParker> no offence dude, very hard working cultures
<JessicaParker> we have a lot of Eastern Europeans in london
<JessicaParker> any way about making secure ubuntu server
<ivoks> interesting
<ivoks> i'm from croatia
<JessicaParker> ok
<ivoks> will i get baned too? :)
<JessicaParker> well it was just a thought
<domas> *shrug*, quite a few of my friends did their masters in LSE
<domas> are they ones you're talking about? :)
<ivoks> JessicaParker: anyway, this article is about spam
<JessicaParker> given there are a lot of underemployed intelligent people over in EE  (the ones that dont make it to London! ) and higher wages to be earned from illegal stuff
<ivoks> JessicaParker: more spam comes from USA then all eastern european countries :)
<JessicaParker> no it was a DOS attach
<ivoks> "We'd received loads of emails like this"...
<JessicaParker> they had to re-route the traffic
<domas> 155mbps is nothing %)
<domas> that is minor news item for us :)
<ivoks> one i was ddoes from israel
<ivoks> of course, i didn't block whole israel
<domas> it is not that distributed, if you can identify a country ;-)
<ivoks> i blocked only the attacker :)
<ivoks> right
<ivoks> it was dos
<JessicaParker> owever, during that time Malik contacted his ISP Pipex who were already threatening to "black hole" his website as the attack was impacting the whole Pipex network and asked them to implement a Cisco Guard solution which effectively rerouted all traffic and cleaned it of the malicious traffic being generated by the crippling denial of service
<domas> I used to run 25k sized IRC network once, damn, pissing off any child could have resulted in DDoS :)
<domas> once one guy managed to DDoS my 1mbps dsl with few hundred megabits of traffic
<ivoks> ubuntu-hr.org is under ddos whole time
<ivoks> it just has nice iptables rules :)
<JessicaParker> about securing the server though
<JessicaParker> it should be a relatively simple task ? just follow the instructions
<domas> depends on level of security you want to achieve
<JessicaParker> in the books / web
<domas> best solutions are always custom-tailored :)
<JessicaParker> just enough that no-one uses the email for spam
<ivoks> JessicaParker: if you want secure server, you have to understand security
<ivoks> and then follow howtos
<JessicaParker> i understand some stuff
<JessicaParker> like ip tables
<JessicaParker> root access
<ivoks> otherwise, you just render you server unusfull
<domas> we used to get lots of security consultants telling our website CMS was broken and they could edit pages.
<domas> they offered their services to fix our CMS.
<ivoks> you want to block lots of countires, that's a fact that tells me that you are very week on understanding the security
<domas> should I tell the site name? :)
<JessicaParker> it was just a first line of defence
<ivoks> that's not a line
<JessicaParker> i read a list of stuff somewhere like disabling wget, hiding the apache edition, changing ports on remote connection
<ivoks> what stops attacker from russia to take over a server in london and crack you down?
<JessicaParker> opening only the ports that are required
<JessicaParker> that i cant do anything about
<ivoks> that's obsecurity, not security
<JessicaParker> i understand that
<JessicaParker> any particular areas i should be looking at more ?
<JessicaParker> disabling unessary services
<ivoks> by default, ubuntu doesn't open any ports
<domas> put anything network-talking into apparmor jails, easy
<ivoks> it's up to you to decide what you'll open
<JessicaParker> Configuring Host-Based Access Restrictions . .
<rdw200169> a strong iptables firewall is still the best defense
<ivoks> right
<domas> lies
<JessicaParker> ok that im reading more around and in detail so i understand what is going on ?
<domas> firewalls are useless ;-)
<rdw200169> why do you say that?
<domas> just don't run anything exposed to outside and you won't need a firewall! :)
<ivoks> domas: not true
<ivoks> domas: syn flood attacks?
<JessicaParker> even u experts seem to be debating the basic security set up
<JessicaParker> what hope is there
<domas> I'd just go and have a cup of coffee in case of those ;-)
<rdw200169> i've always run a firewall, no matter what
<rdw200169> even if i'm behind a NAT
<rdw200169> security aside, -j LOG targets are waay to useful to give up
<domas> *shrug*, I still believe, that packets aren't as threatening as payload ;-)
<rdw200169> can we 'agree to disagree', though, that security is daemon specific in 99% of the situations
<domas> :)
<domas> so true
<rdw200169> for example, security goes up 10-fold with a secure SSH server, i.e., strong authentication
<rdw200169> as does using sudo instead of root
<rdw200169> /192.168.0.201/PUBLIC/ /media/music cifs      rw,mand,noexec,nosuid,nodev,user=randy,uid=randy,password=######,user 0 0
<rdw200169> whoops, wront one
<rdw200169> wrong#
<ivoks> haha
<ivoks> and all the security goes down the toilet :D
<domas> anyway, most of attacks will be via insecure PHP code anyway :)
<rdw200169> that's why i use only http for 99% of what i do ;)
<rdw200169> html i mean
<rdw200169> that and wiki spamming
<ivoks> domas: and weak passwords
<domas> once I ran email service for ~500k users, and more than 10% of passwords were 1234... sequences :)
<ivoks> biggest security hole comes from social hacking :)
<JessicaParker> ok weak passwords and insecure php will go on my list
<ivoks> lol
<rdw200169> and just give up on setting up a mail server; for small applications google-apps can do it for you for free
<ivoks> one can set up a really good mail server on ubuntu
<rdw200169> you can get a pseudo google mail account linked to a domain
<JessicaParker> i need an outbound smtp
<JessicaParker> and the host does not provide mail relay servers
<JessicaParker> i did not want to use mail at all
<JessicaParker> but my options seemed to be limited - i know mail configuration is tricky to say the least
<JessicaParker> it is just for outbound
<ivoks> that's easy
<rdw200169> gods, for what?
<ivoks> postfix with disabled smtp
<rdw200169> what's the difference b/w using a local mail server and a smtp server out there on the internet?
<JessicaParker> can i use any smtp server ? do you have to pay to use one ?
<rdw200169> that's what I was driving at, google apps provides smtp services
<JessicaParker> as there is like automatic password reset, notification emails for the customers, etc
<domas> JessicaParker: local postfix instance would do just fine
<JessicaParker> ok thank you - that would solve the problems
<JessicaParker> but arent google worried about spammers using it ?
<domas> you'd have to configure SMTP authentication for your applications, what may be quite painful :)
<domas> though of course, you can do that with postfix yet again
<rdw200169> true, that's the only drawback
<domas> feed emails to local postfix queue, and have postfix use google as smarthost
<JessicaParker> i think drupal comes with options to add a smtp connection so as long as i can use that, it will be fine
<rdw200169> domas, but what what about reverse dns problems?
<rdw200169> domas, my provider won't do reverse dns for me
<domas> rdw200169: so I say, use postfix to feed emails into google ;-)
<rdw200169> domas, then, i didn't know you could do that
<rdw200169> domas, i always used the sendemail package
<JessicaParker> thanks guys that has really resolved a major headache " port 587 with tls"
<JessicaParker> and there is a smtp module for drupal
<domas>        smtp_sasl_auth_enable (no)
<domas>               Enable SASL authentication in the Postfix SMTP client.
<domas> :)
<domas> rdw200169: you can do pretty much everything with postfix %)
<ivoks> postfix rulez
<domas> once I had a server that was listening on multiple IPs, masquerading as multiple servers, etc - and the guy who was taking over asked why it was done that way
<domas> the answer was very simple - so that other SMTP servers would think there're multiple servers and process queues much faster
<domas> there were certain other mailhubs that were feeding with hundreds of emails a second :)
<rdw200169> yeah, a while back i really gave up on setting up a mail server; i got tired of the mail i sent either being mis-routed or ending up in spam because of the lack of SRV records and reverse DNS resolution, etc...
<rdw200169> real pain.
<rdw200169> i think i'll stick with trying to get Unicode + LaTeX working the way i want ;)
<ivoks> what's so hard with that?
<rdw200169> Korean Unicode + Ascii Unicode + Koma-Scripts
<ivoks> oh, korean...
<rdw200169> i finally got it recently
<rdw200169> my problem, was that i didn't want to write LaTeX, i wanted to use the LaTeX output form sphinx or docutils; because I write in reStructured Tex
<rdw200169> *Text
<rdw200169> xetex + explicit font declarations (mainfont sansfont and monofont) finally worked
<rdw200169> now i can use all the document classes i want, i.e. KOMA, article, python, etc...
<orogor> hi here , anyone know<s what sthe default setting for the ubuntu memory split ?  becaus ei do have 4Gb of ram and i see a commitlimit of 2GB ?
<domas> orogor: actually, depends on kernel, with server kernel you'd be able to address 2.5G
<domas> PAE lowers the amount a bit
<orogor> shouldn t i use the 1/3gb memory split ?
<domas> well, there's difference between how much userland can use in total, and how much can one program address
<orogor> domas, as i understand first step is anyway to install linux sqerver to better take advantage of the 4gb
<domas> ubuntu server kernel uses PAE
<uvirtbot> New bug: #321091 in bacula (universe) "Probleme de dependance" [Undecided,Confirmed] https://launchpad.net/bugs/321091
<orogor> domas, not sure i need that , i run an amd64
<domas> orogor: then you don't need to care about memory split?
<orogor> the commit limit is the total adressable limit when is because i currently use a 2/2 split , no ?
<domas> you can address as much as you want on amd64
<domas> see, you're no longer bound by 32-bit constraints, are you? :)
<orogor> well , no
<orogor> domas, http://rafb.net/p/mgZBeH18.html
<domas> CommitLimit is only adhered to if strict overcommit accounting is enabled..
<domas> it is calclated by vm.overcommit_ratio * physical ram
<orogor> hooo, didn t knew that
<domas> it is in meminfo documentation
<domas> \o/ CommitLimit:  17487052 kB
<orogor> hehe
<domas> doesn't make sense though
<orogor> well sometime strict overcommit is good
<domas> I don't get the reasoning here
<domas> CommitLimit:  17487016 kB
<domas> machine has 32GB of memory, and isn't running anything
<rdw200169> wow, that's a lot of ram!
<domas> check http://p.defau.lt/?bnzeja85kFZQ5c6uvZN_Yw
<domas> heh, can try looking at busy server
<domas> here: busy box: http://p.defau.lt/?gPpiBwTBBzP4s7ymi_qlwQ
<domas> so, CommitLimit means nada
<domas> rdw200169: recently I was working on a box with 320GB of memory
<orogor> it does, it prevent process to run crazy
<domas> orogor: well, my processes are 31GB sized on 32GB boxes ;-)
<rdw200169> yay 64 bit, then!
<domas> indeed
<domas> I was very very happy when first opterons arrived
<rdw200169> bollocks to intel...
<domas> well, indeed, AMD was kickass at that time
<rdw200169> they still are!
<domas> mmm, intel was ahead with quadcores
<ivoks> still?
<rdw200169> yes, of course, but for me, AMD is cheaper
<ivoks> amd is inferior to intels
<orogor> i need to buy 2x32gb system for the office
<orogor> need server consolidation with vmware
<ivoks> iirc, intel lowered prices ~50% for quad core
<domas> woodcrest was ahead
<rdw200169> only b/c AMD exists
<ivoks> of course
<rdw200169> if there's no market competition...
<domas> though our new boxes are AMDs
<domas> not that I care too much about CPU performance
<domas> it is all mostly I/O and RAM and such :)
<rdw200169> 6 months ago, you could build a quad-core AMD desktop for under $900, fantastic
<rdw200169> well... a lot less if you wanted to e-bay and newegg yourself to death...
<orogor> trying reboot with server kernel
<uvirtbot> New bug: #321185 in mysql-dfsg-5.1 (universe) "Package mysql-server-5.1 failed to install: tried to ovewrite `/usr/sbin/mysqld', witch is already in package mysql-server-core-5.0" [Undecided,New] https://launchpad.net/bugs/321185
<notez> Yo, How do I reset video effects back off? I enabled it and now I can't see nothing on the screen but white
<notez> but I can click stuff and see the mouse icon
<ivoks> wrong channel, goto #ubuntu
<notez> on serve
<notez> server
<ivoks> there are no video effects on server
<notez> well
<ivoks> there is no graphic interface on server
<notez> I got gui inatLLEED
<notez> gnome
<notez> or w/e it's called
<ivoks> then you have ubuntu desktop, not server
<andol> Anyone feel like taking a look at my suggested solution to bug #296952?
<uvirtbot> Launchpad bug 296952 in mysql-dfsg-5.0 "mysqlhotcopy failed on table with hyphen in name" [Undecided,Confirmed] https://launchpad.net/bugs/296952
<uvirtbot> New bug: #321233 in bind9 (main) "Failed to install upgrade package" [Undecided,New] https://launchpad.net/bugs/321233
<RainCT> Hi
<RainCT> I've setup a Hardy box to authenticate through LDAP (on another Hardy box) and sudo/su/etc work fine, but GDM lets the users login even if the password is wrong.
<RainCT> Any idea?
<RainCT> yeha, nvm, got it :)
<andol> RainCT: What was the problem?
<RainCT> I had "auth sufficient pam_unix.so nullok_secure    auth sufficient pam_ldap.so use_first_pass" in /etc/pam.d/common-auth
<RainCT> andol: changing that to "auth sufficient pam_ldap.so nullok_secure     auth requried pam_unix.so use_first_pass" fixed it
<andol> yes, I can see how two sufficient and no required can cause trouble :)
<RainCT> hehe
 * RainCT doesn't know how all this PAM stuff works :P
<andol> RainCT: Well, once get friendly with PAM it allows you to do all kinds of creative and useful stuff :)
<JessicaParker> how do i open up port 465
<RainCT> JessicaParker: Open it where? On a firewall, router..?
<JessicaParker> firewall but i dont think ive configured one
<JessicaParker> i will also need to look at the router - thanks for that i will do that........so need help with firewall
<RainCT> you could check if there's some unwanted iptables rule.. not sure how that's done, though (perhaps  man iptables  will help)
<JessicaParker> at the moment on the firewall i have 3306 , 80 631 and 25 open
<andol> JessicaParker: what firewall do you use?
<JessicaParker> not sure
<JessicaParker> :)
<JessicaParker> it came as standar
<JessicaParker> standard
<JessicaParker> if any
<RainCT> afaik there is no firewall by default
<JessicaParker> ok then no firewall but......i thought that controlled the ports that are open ?
<JessicaParker> it could be the router then ?
<RainCT> ports are "open" if something is listening on them and they are not blocked
<andol> JessicaParker: Is your computer/server directly on a public IP or is behind some kind of router on a NAT, using an internal ip-address?
<JessicaParker> router
<JessicaParker> internal ip
<JessicaParker> so when i do a netstat i get a few open ports
<JessicaParker> not everything is open
<JessicaParker> still getting the following SMTP Error: Could not connect to SMTP host.
<JessicaParker> ok opened all the ports
<JessicaParker> still get the same problem
<JessicaParker> can anyone assist ?
<kansan__> sudo: unable to resolve host ec2-174-129-X.compute-1.amazonaws.com
<kansan__> what does that mean, and should i be worried?
<brundlefliege> hi guys - running ubuntu 8.10 - can i use the /etc/ssl/private/ssl-cert-snakeoil.key for my server cert needs? or should i generate my own (if I am wrong and the said key is not automatically generated upon my individual installation that is)?
<jtaji> brundlefliege: there's nothing wrong with using the snakeoil cert
<brundlefliege> ok thanks
<brundlefliege> why is it named "snakeoil" - is it because i am "lame" because i didn't generate it myself?
<brundlefliege> lol
<jtaji> it's a dumb name really :p
<brundlefliege> good to know ;) i thought it would be related to this http://www.faqs.org/faqs/cryptography-faq/snake-oil/
<jtaji> no not at all
<brundlefliege> yeah thanks again :)
#ubuntu-server 2010-01-25
<internalkernel> ok, I've managed to get a static quota set... but the goal is to have user quotas set through mysql...
<internalkernel> my mysql sucks too, the query is returning the correct value to overide the static quota but dovecot doesn't apply it...
<twb> internalkernel: wouldn't that be dovecot's fault, then?
<internalkernel> that's the line I'm following... has to be a config problem...
<internalkernel> more correctly, my fault.. :)
<internalkernel> I don't think I've told dovecot where to find the user override values... and this whole thing is not well documented...
<internalkernel> Im learning by breaking...
<internalkernel> Hallelujah...
<twb> internalkernel: you should patch the docs
<internalkernel> I was setting maildir:storage="value" is quota - when it should have been *:bytes="value" is quota_rule
<internalkernel> docs? they have those?
<internalkernel> :)
<internalkernel> I've been documenting... so a proper wiki is in the works...
<twb> internalkernel: the docs are linked from /topic
<uvirtbot`> New bug: #512167 in apache2 (main) "apache overriding php's error_log setting" [Undecided,New] https://launchpad.net/bugs/512167
<Xpistos> Is it possible to move more than one folder at a time with rsync
<internalkernel> I don't think so, I think it's like cp in that sense - you can start multiple instances but only source => destination
<Xpistos> I got it
<Xpistos> internalkernel: I wanted to go mulitple folders backed up to a single
<Xpistos> rsync source1 source2 source3 ... target
<internalkernel> Xpistos: is this local?
<internalkernel> I don't think you can do multiple sources, but you could test it...
<uvirtbot`> New bug: #512110 in krb5 (main) "gssd regression, "Program lacks support for encryption type"" [Undecided,New] https://launchpad.net/bugs/512110
<twb> Grr
<twb> Doesn't anyone use (and document) how to manage cups without resorting to some goddamn web UI?
<jasonb> twb: I am unaware of a way to manage cups without using the web UI.. but the web UI has worked alright for me.  I'm not sure if they offer another way to manage it other than the web UI.
<twb> jasonb: all the web UI does is write to files in /etc/cups
<twb> But rather than making a snapshot, using the web UI, then diffing, I'd rather just bloody well know how to edit the files directly
<jasonb> twb: Yeah, it's possible it works that way.  I haven't seen any tutorials about editing files in /etc/cups.
<twb> Thanks anyway
<jumbers> I'm having problems troubleshooting a hard locking situation. My server will hard lock after about 10 minutes of being up after a reboot. I've looked through logs and I can't find anything indicative of a problem. I also had the datacenter swap out the hardware because I assumed it was a hardware issue, but it still happens
<jumbers> Also, according the datacenter staff, once it was hardlocked there was no video display and the keyboard and mouse would not respond at all
<jumbers> Er, no mouse :p
<jumbers> It actually looks as if it's almost exactly 10 minutes after booting that it will hard lock
<jiboumans> good morning
<twb> jumbers: is the klog still available after you reboot?
<twb> jiboumans: if you're still using HDDs, run smartctl on them?  (That's a long shot, though.)
<jiboumans> twb: i guess that was meant for someone else
<twb> Sorry, yes.  Bad completion.
<jumbers> twb: I think I fixed it
<twb> jumbers: what was it?
<jumbers> I tried this and it worked: http://serverfault.com/questions/80520/ubuntu-server-9-10-freezes-up-after-10-minutes/91344#91344
<jumbers> twb: ^
<entrooo> How do I have my server recognized over my lan as its hostname rather than its IP address?
<JimiDini> entrooo: you have 2 options: 1) usual DNS 2) zeroconf/bonjour/rendezvous (aka multicast-dns)
<entrooo> do I need a separate DNS server or can I try and setup up bind on my server to broadcast itself?
<jiboumans> ttx: ping?
<ttx> jiboumans: pong
<jiboumans> hey, can i give you a quick call? i have a few UEC questions from sg i'd like to answer
<ttx> jiboumans: sure, 5min, I'll fetch a coffee first
<jiboumans> ttx: sure, ping when ready
<martin-> anyone here use gdisk (gpt fdisk)?
<ttx> jiboumans: shoot
 * jiboumans aims
<twb> !anyone > martin-
<ubottu> martin-, please see my private message
<twb> I always get mdns and whatever avahi provides mixed up.
<twb> Hmm, apparently avahi *is* mdns
<twb> The other thing is the one that gives a route for a useless private address range on IPv4.
<martin-> is it possible to resize gpt partitions with gdisk (gpt fdisk)?
<twb> martin-: why don't you use parted?
<twb> And partitions generally aren't resized ever -- they're simply deleted and re-created
<martin-> parted won't resize the partition because it has a ext4 filesystem
<twb> That's parted being an arse.
<martin-> I thought it was possible to let parted resize the actual partition, and use resize2fs for the filesystem, but parted won't let me do that
<martin-> probably
<twb> martin-: yes, that's what I mean by "being an arse"
<martin-> yep
<martin-> that's why I'm trying gdisk
<twb> Sorry, I misread.  I meant parted's idea of a resize is to resize BOTH the filesystem and rewrite the partition table.
<twb> What you should do is (if shrinking) resize2fs -M, then (always) use parted to delete the partition and create a new one with the same start point but a different endpoint, then (if growing) resize2fs.
<twb> Oh, and next time, bloody well use LVM
<martin-> so I can delete and recreate the same partition at the same start point, just like good old fdisk?
<martin-> and without loosing data?
<twb> If the partition isn't in use, sure.
<twb> Well, let me qualify that
<twb> I haven't actually TRIED that on gpt, but I'm not aware of any reason it should fail.
<twb> Of course, since you've been taking backups every day since you were given the privilege of your very own workstation, and you verify their accuracy with a test restore every month, it will be no problem at all even if you blat the entire disk.
<martin-> hehe, of course
<martin-> so I can't blame you or your cat? :P
<twb> You can blame whoever you damn well please.
<twb> To be honest, I'd be inclined to blow away the disk anyway and restore it, using LVM this time.
<martin-> twb: your suggestion seemed to work, thank you
<martin-> managed to recreate the partition without destroying the data
<martin-> oh, and yes, I will use LVM next time :-)
<martin-> that being said, I hope the parted developers decide to remove the filesystem functionality in the future
<martin-> blending filesystem and partition functions kind of breaks the UNIX philosophy of one tool per job
<uvirtbot`> New bug: #512271 in krb5 (main) "kinit crash" [Undecided,New] https://launchpad.net/bugs/512271
<zul> mornig
<pmatulis> morning
<uvirtbot`> New bug: #512317 in mysql-dfsg-5.1 (main) "Database crashes when running "create as select" with no schema specified" [Undecided,New] https://launchpad.net/bugs/512317
<sommer> mornings
<zul> ttx: it looks like we might have problems with virtio again in lucid
<zul> bug #511620
<uvirtbot`> Launchpad bug 511620 in qemu-kvm "write errors on virtual disc during install" [Undecided,New] https://launchpad.net/bugs/511620
<ttx> that would be the recently-updated qemu-kvm
<aubre> about to start Deploying Ubuntu Enterprise Cloud training
<ttx> aubre: sounds cool :)
<aubre> yeah, I'm pumped :)
<uvirtbot`> New bug: #510587 in bind9 (main) "Bind/named does not initialize on boot due to missing IPv6 address" [Low,Incomplete] https://launchpad.net/bugs/510587
<uvirtbot`> New bug: #512209 in clamav (main) "clamscan crashes if started with umask u=rw,go= on x64" [Low,Confirmed] https://launchpad.net/bugs/512209
<acalvo> Hi! Is there any tool to manage a Postfix queue?
<ScottK> acalvo: postqueue
<ScottK> Mostly if you think you need to manage a postfix queue, you probably need to reconsider.  It's usually not needed.
<ScottK> There is also postsuper
<soren> mdeslaur, jdstrand: Have any of you succesfully run the fetchmail test thing from q-r-t recently?
<jdstrand> soren: not recently
<jdstrand> soren: is it busted on lucid?
<soren> jdstrand: I'm running it on Karmic at the moment. It fails.
<mdeslaur> soren: last update we did to fetchmail was aug 2009, that's probably the last time it was run/tested
<jdstrand> hmmm...
<soren> jdstrand: It tries to access dovecot's auth socket, but it's not configured.
<jdstrand> let me try
<acalvo> thank you ScottK, it seems what i was looking for
<jdstrand> soren: did you install 'netbase dovecot-imapd dovecot-pop3d python-openssl ssl-cert'? I don't see those as listed in QRT-Packages, which may be why it is failing
<uvirtbot`> New bug: #375490 in spamassassin (main) "Spamassassin fails to escape backslashes for latest postgres input syntax" [Undecided,Incomplete] https://launchpad.net/bugs/375490
<soren> jdstrand: I did not have python-openssl, but installing it didn't help.
<soren> jdstrand: I think I understand the failure. I do not completely understand how I'm supposed to fix it. I've never touched these scripts before.
<soren> jdstrand: It fails because it calls into testlib_dovecot, which spends a lot of time trying to access dovecot's auth_socket, but dovecot is not configured to have an auth socket by default, so naturally, this fails miserably.
<jdstrand> soren: hrmm.. kees added those tests, maybe he didn't commit the changes to testlib_dovecot.py?
<soren> Conceivably.
<jdstrand> soren: we could spend a lot of time trying to figure it out, or ask kees when he comes online, since it apparently worked for him at some point
<jdstrand> I opt for the latter
<soren> jdstrand: /me too :)
<jdstrand> :)
<soren> jdstrand: I expects kees' name has been mentioned enough in this conversation to pique his interest.
<jdstrand> soren: probably so. kees is generally pretty good at reading backscroll
 * jdstrand waves to kees :)
<jdstrand> (had to get two more references to kees in :P )
<soren> jdstrand: Yeah, you can't mention kees too often. :)
<jdstrand> hehe
 * soren sort of calls it a day (been at it since 6 AM), but will be back to see what kees has to say about the those things of kees' that we talked about we would get kees' input on
 * soren wanders off
<uvirtbot`> New bug: #498632 in clamav (main) "package clamav-freshclam 0.95.3+dfsg-1ubuntu0.09.10 failed to install/upgrade: problÃ©m se zÃ¡vislostmi - nechÃ¡vÃ¡m nezkonfigurovanÃ©" [Undecided,Incomplete] https://launchpad.net/bugs/498632
<ttx> smoser: around ?
<smoser> here
<ttx> smoser: just to let you know, I played with the boothooks stuff thios morning
<ttx> smoser: mostly worked :)
<smoser> well, thats better than "fell all over the floor"
<smoser> i'm very interested in feedback, and i realize that the first bit is "examples"
<smoser> :)
<ttx> smoser: right. Looking into the code to know how to write the stuff isn't exactly lowering the barrier of entry
<ttx> smoser: only issue I found is that there is a window where the hostkeys aren't replaced yet
<smoser> really?
<ttx> smoser: On UEC I got a hostkey warning
<ttx> yes, I know the IP in advance, so I can ssh as soon as it says "running"
<smoser> so the reason for that is that i'm not starting early enough, and not blocking ssh
<ttx> usually will pick up ssh as soon as it's run
<smoser> so the normal ssh starts up
<ttx> yes.
<ttx> then keys are changed and ssh restarted
<smoser> i can easily work around that by removing the keys in the build process
<smoser> then the first ssh will fail
<ttx> smoser: that would be better, yes
<smoser> i hadn't seen the issue, but knew it was possible.
<ttx> smoser: want a bug ?
<smoser> sure.
<ttx> against ec2-init, I suppose.
<smoser> ther is no better place for the ec2-automated-builds where it will actually go in
<ttx> smoser: didn't try "include" yet, was missing some syntax and got lazy
<smoser> so for an include file:
<smoser> #include
<smoser> http://some.url
<smoser> http://some.other.url
<smoser> one per line. simple.
<ttx> smoser: bug 512377
<uvirtbot`> Launchpad bug 512377 in ec2-init "ssh is started before hostkey is installed/regenerated" [Undecided,New] https://launchpad.net/bugs/512377
<ivoks> grr nickserv
<kees> I feel like you guys were maybe talking about me.
<kees> jdstrand, soren: ^^   :)
<jdstrand> heh
<jiboumans> mathiaz: ping?
<mathiaz> jiboumans: pong
<mathiaz> jiboumans: but this game is out-dated dude!
<jiboumans> mathiaz: best game ever
<jiboumans> mathiaz: so, pdx sprint. we have some puppet stuff on the agenda
<jiboumans> mathiaz: pdx is also the hometown of the puppet guys; how useful would be some facetime, how useful would be some hacking time?
<mathiaz> jiboumans: right - I don't see any puppet item on the Server agenda though. But some face time with Luke would be useful
<mathiaz> jiboumans: I've got some ideas to ask him
<mathiaz> jiboumans: I've got some ideas to *discuss* with him
<jiboumans> mathiaz: the agenda is what we make of it
<jiboumans> in fact, i think ttx sent around a mail askign for input :)
<mathiaz> jiboumans: which are actually related to the puppet specs
<jiboumans> mathiaz: so i can get luke for a beer (already asked) but he's out of town most of it. we can get some of the minions though if i ask nicely
<mathiaz> jiboumans: right - I've added some things already - I plan to add more :)
<mathiaz> jiboumans: hm - a beer with luke should be enough to discuss what I have in mind
<jiboumans> ok; monday or tuesday evening then
<mathiaz> jiboumans: works for me
<jiboumans> mathiaz: awesome
<mathiaz> jiboumans: there is one specific feature we've asked for
<mathiaz> jiboumans: that should be part of 0.25.4
<mathiaz> jiboumans: so depending on how integrating 0.25.4 moves forward it may be worth having access to some puppet devs
<jiboumans> .. but?
<jiboumans> alright
<mathiaz> jiboumans: this is part of the puppet-etckeeper integration spec
<mathiaz> jiboumans: and soren is currently assigned for that
<jiboumans> the root-thing?
<mathiaz> jiboumans: hm - the hooks integration
<mathiaz> jiboumans: making sure that the puppet client calls etckeeper before and after its runs
<mathiaz> jiboumans: upstream puppet should have provided the hooks to do that
<mathiaz> jiboumans: we need to right the actual calls to etckeeper
<jiboumans> ok, is that actually a topic that'd need discussing with them?
<mathiaz> jiboumans: depending on how this works out, it may be useful to have access to some puppet devs
<mathiaz> jiboumans: at first glance I don't think so
<mathiaz> jiboumans: having someone "on-call" may be useful ;)
<jiboumans> alright
<mathiaz> jiboumans: if we run into some issues
<jiboumans> do we know if the hooks have landed already?
<mathiaz> jiboumans: they should be part of 0.25.4 which is what upstream would like to be included in LTS
<mathiaz> jiboumans: http://projects.reductivelabs.com/issues/2914
<jiboumans> ie'fixed'
<mathiaz> jiboumans: it should be part of 0.25.4
<entrooo> How can I connect to my ubuntu server with its hostname rather than its IP on my LAN without having a separate DNS server?
<Jeeves_> entrooo: install avahi, I think
<entrooo> thank you, I will look into it
<mathiaz> zul: hi!
<zul> mathiaz: hey how goes it?
<mathiaz> zul: is the mysql upstart job available somewhere?
<mathiaz> zul: (the one supposed to replace mysqld_safe)
<zul> mathiaz: yep its in lucid right now
<mathiaz> zul: great - thanks
<zul> mathiaz: np
<soren> kees: Maybe. :)
<soren> kees: Any idea what's going on there (with the fetchmail test)?
<jiboumans> mathiaz, possibly soren, we have a date for tuesday afternoon going into the evening
<soren> A... date?
<jiboumans> soren: yeah, wear something pretty, i'll pick you up at 8
<mathiaz> soren: with a puppet!
 * soren looks around for candid cameras
<jiboumans> soren: 'strue i'm afraid
<jiboumans> soren: i asked luke kanies to join us at the sprint in pdx for some puppet related stuff
<soren> Oh, *next* Tuesday.
<jiboumans> he + 1 or 2 will drop by tuesday afternoon, then we have some beers
 * soren is up for beer
<jiboumans> soren: yeah right, like *that* would have explained everything :)
<soren> I have a presentation Wednesday morning, though..
<soren> Meh, I'll wing it.
<jiboumans> soren: i dont expect this to be an all night drinky thing
<soren> Aw.
<jiboumans> soren: basically this is pay geeks in beer ;)
<jiboumans> well, you *can*, but that's not what i'm *making* you do :)
<soren> That's not what my activity report will say, but ok.
<jiboumans> soren: i expect your activity report will be reproducable by closely connecting keyboard + face repeatedly
<soren> Not so much face as horns on our helmets.
<soren> Close, though.
<jiboumans> vikings++
 * RoyK throws a snowball in soren's direction
<tdn> Can I use evolution-server with Outlook?
<tdn> For sharing contacts and calendar?
<tdn> Or MUST everyone switch to Evolution at the same time?
<soren> Er..
<tdn> Can I have an environment with both Outlook and Evolution users using the same evolution server?
<soren> I think you mean to ask this in #ubuntu.
<soren> There's no such thing as evolution-server
<tdn> soren, evolution-data-server - evolution database backend server
<soren> There's evolution-data-server, which is just a service evolution uses as it's backend. It's not shared among users.
<ScottK> Does evolution have anything to sync contacts via Google?
<tdn> Ok.
<soren> ...and it's not really on-topic in here.
<ScottK> Sorry
<soren> ScottK: :)
<tdn> Ok. So I probably need to set up an OpenLDAP server for this instead, right? Can I get help with that here then?
<soren> tdn: It's on-topic, certainly.
<soren> Whether anyone can/will answer your questions: Only time will tell.
<tdn> I have been trying to set up an OpenLDAP server a few times. I have read some guides/howtos, but either I just can't wrap my mind around how it works, or I am doing something wrong, because I cannot get it to work. I thought it might be fairly simple to set up an LDAP server for contacts.
 * RoyK informs the world that  this is off topic, but far too seriously hilarious to be left out http://www.guardian.co.uk/books/2010/jan/25/oral-sex-dictionary-ban-us-schools?DSF
<tdn> Where do I start? Will someone guide me a little?
<guntbert> RoyK: ara you certain you want to post an external url - *these days* ?
<guntbert> *are
<jiboumans> most surprising is that it's *not* the onion
<RoyK> guntbert: huh?
<guntbert> RoyK: we had a lot of spam on freenode lately - mostly from users who couldn't resist clicking on a link in IRC - and getting klined promptly
<RoyK> hehe
<RoyK> seen it
<zul> mathiaz: is you udw thing soon?
<mathiaz> zul: yes - now
<RoyK> I guess maybe, perhaps, something, people might find guardian.co.uk familiar
<zul> mathiaz: wohoo...let the party begin
<guntbert> RoyK: I'll never know :)
<jjohansen> smoser: virt config patch has been applied to Lucid it will show up in the next kernel upload
<smoser> good deal, thanks jjohansen
<mealstrom> hi, how to check preseed file for openoffice or something like this after system install ?
<guntbert> mealstrom: on server? would surprise me wildly
<mealstrom> guntbert: change package openoffce for vsftpd or sshd, (I've got about 20 servers and 160 desktops) and want some basic autodeployment.
<guntbert> mealstrom: ok sorry - no autodeployment experience here :)
<entrooo> I've been researching avahi, but cannot figure out how to make my server be recognized on my LAN by its hostname rather than just its IP address, any suggestions of what software I should use?
<jcastro> mathiaz: who from our team talks to the bacula folks the most?
<cemc> just installed lucid alpha2 server in a kvm, but it doesn't want to start up. any hints?
<cemc> after restarting from install, just two lines appear in the vnc, fsck from util-linux-ng, then /dev/sda1 clean, and that's it
<cemc> hm, never mind. seems like it doesn't clean up after itself. it booted ok, but I didn't get the login screen
<cemc> only after going to alt+f2 I noticed
<mathiaz> jcastro: hm - zul
<jcastro> cool
<mathiaz> jcastro: upstream attended UDS jaunty as well
<mathiaz> jcastro: so I meet him there
<jcastro> ok
<jcastro> zul: I've pinged him about application indicators
<jcastro> which as it turns out has nothing to do with the server bits.
<jcastro> however it would be cool if the little tray thing was using the app indicators for lucid, so I've asked him if he needed anything
<jcastro> unsurprisingly no one was screaming with joy over a panel icon for a server product. :p
<pquerna> i was looking at the 'Canonical' ubuntu  9.10 for ec2.  Do they execute the data in UserData on startup like the older alestic images (?)
<jiboumans> smoser: ^
<ruben23> hi, anyone can suggest an opensource ticketing system..
<ruben23> for support or anything request on the company.
#ubuntu-server 2010-01-26
<PatrickDK> erichammond, as response to your blog post :)
<PatrickDK> I had issue with ubuntu ami not having ext4 support, but it did include mkfs.ext4 :)
<erichammond> pquerna: Yes, The Canonical Ubuntu AMIs do run user-data as root on first boot if it starts with #! just like the Alestic AMIs. http://alestic.com/2009/06/ec2-user-data-scripts
<pquerna> erichammond: sweet.
<erichammond> PatrickDK: Which blog post? What AMI id?
<PatrickDK> let me see if I can find the ami number
<ruben23> hi, anyone can suggest an opensource ticketing system..
<PatrickDK> I had deleted the instanse I was testing with, and ext4 was just something I tried for the hell of it, and found /proc/filesystems didn't list support, and mount wouldn't mount it
<PatrickDK> so I assume there wasn't a module for it build either
<PatrickDK> I've been reading all your ec2 posts :) most informative posts in planet.ubuntu
<sbeattie> ruben23: request-tracker (aka rt) and roundup are the two I've seen used; IIRC trac can also be used as a ticketing system.
<ruben23> sbeattie: thanks ill check thid
<PatrickDK> ami-1515f67c
<smoser> pquerna, yes
<genii> ruben23: ticgit looks interesting, haven't used it tho
<erichammond> PatrickDK:  ami-1515f67c is out of date.  You might want to upgrade to ami-bb709dd2.  Bug 428692 talks about ext4 support on EC2 kernels.
<uvirtbot`> Launchpad bug 428692 in linux-ec2 "ec2 kernel needs CONFIG_BLK_DEV_LOOP=y and other config changes" [Medium,Triaged] https://launchpad.net/bugs/428692
<patdk-lap> I had installed that ami, and ran apt-get to update it
<patdk-lap> maybe it needed a reboot :(
<erichammond> patdk-lap: It's not clear to me that ext4 is supported, even in the most recent EC2 AMI.  In any case, apt-get upgrade and reboot will not upgrade a kernel in EC2.
<uvirtbot`> New bug: #512633 in eucalyptus (main) "CLC+Walrus+SC+CC installed even if node is preseeded" [Undecided,New] https://launchpad.net/bugs/512633
<kees> soren: I've updated the fetchmail/dovecot tests a bit more.  they work fine on karmic, so if dovecot changed for lucid, please update the tests.
<jiboumans> good mornig
<error404notfound> can i hide ssh signature from apppearing in portscan?
<_ruben> probably not
<error404notfound> _ruben: i guess i would need to recompile ssh from code to do that, right?
<error404notfound> i wonder why didn't ubutnu-server team did this, its better to  hide what runs where and which version.
<error404notfound> do this*
 * error404notfound super drunk:(
<_ruben> hiding != security
<error404notfound> _ruben: more layers, more time to breach, more secure
<error404notfound> the less i show you, the more secure i am
<_ruben> lets agree to disagree on that one
<error404notfound> thats the whole purpose of SSL, hiding via encryption
<error404notfound> hmm, okay :)
<jpds> error404notfound: Do you mean the host key fingerprint?
<error404notfound> jpds: nope, version signatures printed in portscan
<jpds> error404notfound: re: version> I believe the client software depends on this to know which protocol of SSH to abide to.
<error404notfound> jpds: hmmm, may be, can't say. will check into it..
<soren> I've never believed it makes any difference. Assuming that people actually look at this string before they toss their arsenal of exploit at you (another assumption I find questionable), and assuming that their check will go "Oh, I don't know which exact version of SSH this is. I might as well not try anything and just be on my merry way"
<soren> ...rather than "Oh, I don't know what version this is. I'll just try ALL my SSH exploits rather than just the ones meant for version X."...
<soren> ..then yes, it might make a tiny bit of a difference.
<jpds> error404notfound: https://bugzilla.mindrot.org/show_bug.cgi?id=764#c1
<error404notfound> soren: yes, but it makes a difference, of probably seconds...
<soren> What will make a /massive/ difference, though, is whether you are diligent in applying security updates when we publish them.
<uvirtbot`> bugzilla.mindrot.org bug 764 in sshd "fully remove product and version information" [Enhancement,Closed: wontfix]
<soren> That will make more of a differnce than /anything/ else.
<jpds> error404notfound: Security through obscurity, not the answer.
<soren> error404notfound: If you're vulnerable, it doesn't matter whether you get broken into right now or in two seconds. Fix the problem rather than hiding it.
<error404notfound> hmm, guess i would go with the second option of running a VPN server on the machine and bind ssh to vpn ip, that way outside world won't even see it..
<uvirtbot`> New bug: #512732 in libvirt (main) "package libvirt-bin 0.7.5-5ubuntu3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/512732
<mealstrom> I've got problem with permissions, I want to mount samba share (smb://server/share) (cifs from fstab) but only get read permission and w for created files (but not create or delete) . Windows user can mount it as network disk with rw. Also I have rw permission on smb://server/share . Where can be the problem ?
<zul> wtf i l have to log on to nickserv in order to join the channel?
<zul> morning anyways
<laen> May be a weird question, but we're wondering (production environment) if we really need deb-src in the sources list?
<laen> Or, if maybe, is there a way to check? We don't develop, we don't build from source.
<uvirtbot`> New bug: #512777 in samba (main) "first login fails when NIC is managed by NM-wicd" [Undecided,New] https://launchpad.net/bugs/512777
<laen> Anyone?
<soren> zul: Yeah, there's been a lot of problems lately with bots joining channels, posting links to sites that will turn your browser into a bot as well, etc. Or something.
<soren> zul: ...so I +R'ed the channel (as per advice from Freenode staff)
<soren> laen: then you don't need it.
<zul> soren: ah ok
<laen> soren: thanks, awesome. The system itself doesn't install stuff from deb-src'es either?
<soren> laen: Never.
<laen> Cool.
<EtienneG> hey soren!
<EtienneG> soren, is this a good place for vmbuilder qustions?
<soren> laen: I belive it's configured by default to really deliver on the promise to make source available "right next to" the binary packages.
<soren> EtienneG: Everywhere is a good place to ask vmbuilder questions :)
<EtienneG> soren, I am having a problem with vmbuilder, and I think it might be due to the fact that I am trying to build a 32 bits on a 64 bits host
<soren> EtienneG: Time will tell if it's a good place to ge tanswers.
<soren> EtienneG: That should work.
<soren> EtienneG: what's the difficulty?
<laen> soren: and you're a member of the ubuntu team, developer, or any special rank besides user?
<EtienneG> soren, well, I get a debootstrap error
<EtienneG> lemme pastebin it
<soren> laen: Something like that.
<soren> laen: I work for Canonical on the Ubuntu server team.
<EtienneG> soren, http://ubuntu.pastebin.com/m288dcae0
<laen> soren: Just asking cause i need to report back to the rest of my team with reasons :) thanks!
<EtienneG> soren, this is an esxi vm i am trying to build, using an ISO
<EtienneG> brb
<soren> EtienneG: You can't install from a desktop ISO.
<soren> EtienneG: Desktop ISO's do not contain .deb's. You can install from server or alternate, but not desktop.
<soren> laen: Any time.
 * EtienneG bang head
<EtienneG> soren, thanks a bunch, my bad!
<soren> EtienneG: No worries.
<EtienneG> oh boy ...
<kwork> does anyone use some like keeppass but what would have distribute password saving
<kwork> like somekind of "password server"
<kwork> where multiple users could hold passwords securely
<patdk-wk> damn, even the nightly build doesn't contain ext4 support :(
<patdk-wk> tested ami-bb709dd2 and ami-495ab720
<Omahn> Anyone in here fancy having a look at why Puppet is broken in Lucid? https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/509625
<uvirtbot`> Launchpad bug 509625 in puppet "Puppet client is broken on Lucid Alpha 2" [Undecided,New]
<Omahn> EtienneG: Another support case heading your way I suspect :-)
<EtienneG> Omahn, hey Paul!
<Omahn> Hi :-)
<EtienneG> fortunately, you have the whois info set to your real name, otherwise I would have been completely puzzled!
<Omahn> ;-)
<EtienneG> Omahn, I am oversea for the next two weeks, on-site consulting
<Omahn> I go by Omahn in IRC and on launchpad
<EtienneG> Omahn, I doubt I will be handling your case this time :(
<Omahn> Aha, you might get a rest from this one then
<EtienneG> Omahn, i am confident the gys at the support center can deal!  :)
<Omahn> I'm sure they can. Any idea what the policy is for support cases on unreleased releases? I suspect the relevant devs might want to pay attention to this bug as puppet is due to go into main for lucid and it's currently broken.
<EtienneG> Omahn, that's a big one
<EtienneG> it is central to many blueprints, so I would expect it to get fixed indeed
<EtienneG> no harm in filing a support case, it is going to be tracked in two places!
<EtienneG> Omahn, just fyi, we are usually pretty reluctant to deal with cases on unreleased release (ouf, tautology!)
<Omahn> EtienneG: I can appreciate that :-)
<EtienneG> Omahn, reason being that stuff are actually expected to break from time to time, and it is hard to keep track
<Omahn> I just thought the developers would have picked up on my bug report a bit sooner with it going to main.
<Omahn> EtienneG: Understood.
<Omahn> I've had a quick look at it myself but it's going to involve someone with ruby experience to fix.
<EtienneG> Omahn, mathiaz is the ne who spent the most time on Puppet.  I guess you may poke him gently, especially yif you are colunterring to test a fix ;)
<EtienneG> (ouch, so may typos, damn caffeine!)
<Omahn> ;-) I'll keep an eye out for mathiaz then and give him a gentle prod next time I see him online.
<EtienneG> Omahn, no harm in filing a support case nonetheless
<EtienneG> we can track that on two fronts
<Omahn> I'll do that, thanks.
<ttx> zul: looking at eucalyptus apport hooks code, I think there is a typo on line 13 @ http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/lucid/eucalyptus/lucid/annotate/head%3A/debian/source_eucalyptus.py
<zul> ttx: looking
<ttx> also "Eucalytptus" on line 42
<ttx> rsponse on line 48
<EtienneG> I always spells it eucalytpus
<EtienneG> damn annoying
<ttx> benefial on line 58
<ttx> EtienneG: yes, I do the same
<zul> ttx: ok ill fix
<twb> EtienneG: you need to get hippie-expand completion in your IRC client, then ;-)
<EtienneG> twb, what's that?
<EtienneG> shang, is pmatulis in the office today?
<EtienneG> shang, wrong channel, plese ignore
<twb> hippie-expand is an interactive autoloaded Lisp function.  It is bound to M-/.  Try to expand text before point, using multiple methods.  The expansion functions in `hippie-expand-try-functions-list' are tried in order, until a possible expansion is found.  Repeated application of `hippie-expand' inserts successively possible expansions.
<EtienneG> twb, interesting
<twb> EtienneG: you type, say, euc M-/, and it sees "eucalyptus" earlier in the scrollback and autocompletes on it
<EtienneG> twb, that is pretty useful inded
<soren> vim has the same thing.
<Elad> when I type: ls -al /var/mail/root it shows "total 8" but only 2 items are listed. So I am assuming that I have mail, but when I run mutt, at the bottom of the page is shows "/var/mail/root is not a mailbox"
<Elad> anyone else ever had a similar problem?
<soren> Elad: How does "ls" show "total 8"?
<zul> ttx: fixed
<soren> Elad: Oh, it's a Maildir?
<Elad> It should be my mail dir
<soren> Elad: Then you probably want to refer to it as /var/mail/root/ (note the slash at the end)
<ttx> mathiaz: I'd be interested in getting some more explanation on your gPXE setup, so that I can use it / base my own setup on it
<Elad> soren: note, taken :)
<mathiaz> ttx: yeah - I plan to blog about it real soon now
<mathiaz> ttx: do you have a deadline?
<ttx> mathiaz: I would have loved playing with it now, but I can wait until tomorrow :)
<mathiaz> ttx: ok - I'll write something up later today then
<Elad> soren: when you run ls -a it displays "total x" where x is the number of items in the directory, well at least normally. So it says 8, but only 2 things are displayed. [1] . [2] ..
<Elad> which is expected for an empty directory
<Elad> I don't know how the mail stuff works - which is why I'm a little confuse
<Elad> confused
<ttx> mathiaz: don't let that prevent you from burning WIs, you're quite low :)
<Elad> all I am really trying to do, is see what messages the machine has for the root user
<patdk-wk> heh, both of you are wrong
<patdk-wk> when doing ls -al
<patdk-wk> total is the amount of space used
<patdk-wk> not total files
<patdk-wk> and that would be correct, what elad said
<patdk-wk> 8, 8kbytes used, 4kbits for each file, . and ..
<Elad> patdk-wk: thanks for the info
<Elad> patdk-wk: I can see it now that you mentino it
<patdk-wk> so that would be, NO MAIL :)
<_ruben> 4kbits + 4kbits != 8kbytes
<patdk-wk> heh :)
<patdk-wk> so used to typing in bits lately
<patdk-wk> 8kbytes used, 16kbits for each file :)
<_ruben> so your bytes are 4 bits ?
<patdk-wk> yep, they where cercumsized
<Elad> lol
<mealstrom> I've got trouble with dhcpd.leases -- no leases at all :( .
<mealstrom> ps ax | grep dhcpd -- /usr/sbin/dhcpd3 -q -pf /var/run/dhcp3-server/dhcpd.pid -cf /etc/dhcp3/dhcpd.conf eth1 eth3
<mealstrom> and there is no -cl flag (for leases) .. any idea why?
<patdk-wk> heh, mine is running without any flags
<mealstrom> sr. no -lf flag (lease file , and it should be /var/lib/dhcp3/dhcpd.leases)
<mealstrom> lucky one ). and how you know if someone gets it IP or not?
<mealstrom> please check /var/lib/dhcp3/dhcpd.leases
<Jeeves_> less /var/log/daemon.log
<patdk-wk> hmm, you don't need to use -lf -pf and -cf if you want to OVERRIDE the defaults
<mealstrom> Jeeves: only warning dhcpd: WARNING: Host declarations are global.  They are not limited to the scope you declared them in.  But its ok.
<patdk-wk> by default, in 8.04 atleast, /var/state/dhcp/dhcpd.leases is where it is
<Jeeves_> mealstrom: Do you see a DCHPDISCOVER, DHCPOFFER, DHCPREQUEST and DHCPACK >
<Jeeves_> ?
<uvirtbot`> New bug: #512459 in samba (main) "Winbind failed to connect to AD: Program lacks support for encryption type" [High,Confirmed] https://launchpad.net/bugs/512459
<mealstrom> patdk-wk:  im using 9.10 now, but with 8.04 were the same
<mealstrom> I don't specify  any flags. -cf -pf takes from default
<patdk-wk> let me check my dhcpd on 9.10
<mealstrom> Jeeves: in my dhcplient  Jan 26 17:20:01 skywalker dhclient: DHCPREQUEST of 192.168.1.20 on eth0 to 192.168.1.1 port 67
<mealstrom> Jan 26 17:20:01 skywalker dhclient: DHCPACK of 192.168.1.20 from 192.168.1.1
<mealstrom> Jan 26 17:20:01 skywalker dhclient: bound to 192.168.1.20 -- renewal in 3471 seconds.
<Jeeves_> mealstrom: Than you have a lease, 192.168.1.20 to be exact
<mealstrom> nope. I've got client lease on client side
<patdk-wk> yep, on 9.10, it's using /var/lib/dhcp3/dhcpd.leases
<mealstrom> and no lease from dhcpd
<patdk-wk> mine is working no issues on 9.10 :)
<mealstrom> patdk-wk: ps ax | grep dhcpd please
<patdk-wk> /usr/sbin/dhcpd3 -q -pf /var/run/dhcp3-server/dhcpd.pid -cf /etc/dhcp3/dhcpd.conf eth0 eth0.4 eth0.5
<mealstrom> you don't have -lf either
<patdk-wk> ya, cause it uses the default
<Jeeves_> mealstrom: So where did you client get the ip from, if it's not from the dhcpd? :)
<patdk-wk> why do you need to override a default?
<mealstrom> I don't need to override them
<patdk-wk> there is no need for -lf :)
<mealstrom> I just need dhcpd.leases to work
<mealstrom> Jeeves: client takes and client side have got dhcplient.leases , and my server who gave it -- didn't
<patdk-wk> where is the log info from the server?
<mealstrom> and I don't know why
<patdk-wk> I see you posted dhclient, but not dhcpd
<patdk-wk> is 192.168.1.1 the ip of your server running dhcpd?
<mealstrom> my server messages.log
<mealstrom> Jan 26 17:26:01 dreamguard dhcpd: DHCPACK on 192.168.2.25 to 00:21:91:2d:ef:7a via eth3
<mealstrom> Jan 26 17:40:12 dreamguard dhcpd: DHCPREQUEST for 192.168.1.20 from 00:19:5b:38:c9:5a via eth1
<mealstrom> Jan 26 17:40:12 dreamguard dhcpd: DHCPACK on 192.168.1.20 to 00:19:5b:38:c9:5a via eth1
<patdk-wk> directory permissions on /var/lib/dhcp3?
<mealstrom> hmm..
<mealstrom> drwxr-xr-x  2 dhcpd     dhcpd    4096 2010-01-26 15:24 dhcp3
<patdk-wk> and dhcpd.leases doesn't exists?
<mealstrom> -rw-r--r--  1 dhcpd dhcpd  126 2010-01-26 15:24 dhcpd.leases
<mealstrom> dhcpd    23787  0.0  0.0  15408  1136 ?        Ss   15:24   0:00 /usr/sbin/dhcpd3 -q -pf /var/run/dhcp3-server/dhcpd.pid -cf /etc/dhcp3/dhcpd.conf eth1 eth3
<mealstrom> permissions looks fine for me
<mealstrom> ill try dirty hack with init.d
<_ruben> mealstrom: i guess you do use dynamic leases and not static ones?
<Jeeves_> mealstrom: init.d?
<Jeeves_> /etc/default would be to efficient? :)
<patdk-wk> did you specify lease-file-name in dhcpd.conf?
<mealstrom> patdk-wk: what it shoud be ?
<patdk-wk> personally? I dont have it in my files :)
<patdk-wk> but if you use it, it will override you leases file
<mealstrom> Jeeves_: hm, there is no -lf parameter in init.d
<mealstrom> I don't use it either
<mealstrom> maybe its because global host declaration ?
<Jeeves_> maybe it's in /etc/default/dhcp3-server?
<patdk-wk> ya, you defently have a bad config
<patdk-wk> dunno if that can cause the leases file problem, but I think it might
<mealstrom> Jeeves_: there is only interfaces are declared
<patdk-wk> cause dhcp doesn't know what ip goes with what interface
<mealstrom> it should know
<mealstrom> cos I've got 2 subnets on 2 different nics
<mealstrom> with static ip on them
<patdk-wk> ya, but the purposes of the leases file is for cross boot
<patdk-wk> and things could change
<mealstrom> I've put declared hosts in subnets
<mealstrom> for "fixed-address"
<patdk-wk> where do you get that warning?
<uvirtbot`> New bug: #507616 in apache2 (main) "CustomLog directive in apache2.conf makes it impossible to change default logging without editing the global config." [Wishlist,Confirmed] https://launchpad.net/bugs/507616
<patdk-wk> hmm, I am not getting that warning
<patdk-wk> and I have hosts outside subnet sections
<mealstrom> patdk-wk: dhcpd: WARNING: Host declarations are global.  They are not limited to the scope you declared them in.
<patdk-wk> oh, you put the hosts INSIDE a subnet
<patdk-wk> instead of outside, when you wanted them to work with both subnets?
<mealstrom> they are already inside subnets
<patdk-wk> the fixed ip's on them don't match the subnet they are in is what it's saying
<mealstrom> 192.168.1.0/24 with 192.168.1.20 host
<mealstrom> they match
<patdk-wk> guess I am going have to see your config file to figure out what is wrong
<patdk-wk> never had issues with dhcp, it's always worked fine, and I don't have a simple setup
<patdk-wk> only problem I had with dhcpd was ping-check was on :( making pxe boots take forever
<mealstrom> I've managed with pxe
<mealstrom> its ok )
<mealstrom> now working on preseed configuration
<mealstrom> and I habent try options.preseed or something like this in dhcpd
<_ruben> 16:45 < _ruben> mealstrom: i guess you do use dynamic leases and not static ones?
<_ruben> static leases (defined in dhcpd.conf) arent added to the leases file
<_ruben> only dynamic ones are
<mealstrom> hehehe...
<mealstrom> where you was 2 hours ago?
<_ruben> here :)
<mealstrom> "you are so cruel "  :)
<_ruben> only you didnt ask here 2 hrs ago ;)
<_ruben> anyway .. time to head home
<mealstrom> ). ok . lets check with dynamic ...
<uvirtbot`> New bug: #512833 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3ubuntu0.2 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/512833
<incorrect> is anyone putting together a ubuntu based firewall product like pfsense?
<jjohansen> smoser: ec2 kernel update is being obnoxious, hopefully we will have something today but it has been a mess so far
<smoser> patches rebase ?
<zul> incorrect: have use used ufw?
<zul> jjohansen: hah hah ;)
<jjohansen> zul: you sadist
<zul> jjohansen: who me?
<jjohansen> zul: yeah you :)
<zul> hehe
<jjohansen> zul: perhaps sadist is the wrong word, its not so much that you love others peoples misery its that you love that its not your misery
<zul> jjohansen: yeah thats more true
<incorrect> zul, nope i will have a look
<incorrect> zul, can i build a NAT box with it?
<zul> incorrect: you should be able to i think
<zul> jdstrand: ^^^
<jpds> I don't think ufw supports NAT.
<patdk-wk> use shorewall then
<patdk-wk> or is this an attempt to use a pretty gui? :(
<jdstrand> the ufw cli command does not support NAT. the ufw framework does (see 'man ufw-framework' and/or https://wiki.ubuntu.com/UncomplicatedFirewall for details)
<jdstrand> incorrect: ^
<incorrect> thanks
<incorrect> i just found the same info
<mealstrom> during ubuntu-server instalattion there is a lot of "Fail to download" files with *.udeb . Are they critical ? (I've make local mirror with apt-mirror) and there is no udeb files
<patdk-wk> hmm, I have a whole crapload of udeb files in my mirror
<mealstrom> oem-config-check_2.0.6_all.udeb ?
<jpds> Omahn: Puppet is all fixed. :)
<incorrect> ok so is there anything more powerful than ufw?
<incorrect> other than directly using iptables
<incorrect> not used iptables since 05
<patdk-wk> /pool/main/u/ubiquity/oem-config-check_2.0.6_all.udeb
<mealstrom> you've got it?
<patdk-wk> yep
<patdk-wk> and 2.0.10, 2.1.7 and 2.1.8
<patdk-wk> your mirror is screwed :)
<jdstrand> incorrect: if by more powerful you mean supports NAT without having to know iptables syntax, you might look at shorewall
<incorrect> jdstrand, ok i will just remind myself about iptables
 * patdk-wk just stopped using iptables manually about 6 months ago, and switched to shorewall
<incorrect> i want to use ubuntu so i can move ldap, munin, tftp and a bunch of other services off my kvm box
<mealstrom> patdk-wk: what mirror you are using for sync ?
<patdk-wk> us.archive.ubuntu.com
<mealstrom> ...hm ..
<patdk-wk> I don't use apt-mirror, I found that a worthless attempt
<mealstrom> it didn't copy *.udeb files
<patdk-wk> I use rsync
<jcastro> those are for the installer
<jcastro> if you're just mirroring for updates and all that you don't need them
<patdk-wk> I pxe boot the installer
<patdk-wk> so I guess I need them
<mealstrom> I need em too
<mealstrom> you ve made full mirror with rsync , right?
<jcastro> grab a 2-stage rsync script from the wiki, that would work better I bet
<patdk-wk> I make an almost complete mirror
<mealstrom> I've only need mirror for karmic
<patdk-wk> well, rsync can't do that
<patdk-wk> it will sync all versions
<patdk-wk> you would have to read the toc's to do just the ones needed, that is what apt-mirror does
<patdk-wk> but only updates, not for installations
<patdk-wk> the next solution is to use squid :)
<patdk-wk> and the just use a normal default mirror
<mealstrom> im using archive.ubuntu.com
<mealstrom> to use rsync for karmic only - a need a package parser
<patdk-wk> na, rsync wouldn't be usefull that way either
<patdk-wk> would probably just have to wget each file
<uvirtbot`> New bug: #512462 in bacula (main) "bacula-console-qt missing config file crash" [Undecided,New] https://launchpad.net/bugs/512462
<uvirtbot`> New bug: #512863 in mysql-dfsg-5.0 (universe) "mysqld.sock not found after restart" [Undecided,New] https://launchpad.net/bugs/512863
<patdk-wk> rsync is really for groups of files, I guess you could feed it a list, :(
<patdk-wk> just gets ugly fast
<mealstrom> package.gz has md5 sums for each package
<mealstrom> crap... all missing files are from http://archive.ubuntu.com/ubuntu/dists/karmic/main/debian-installer
<patdk-wk> well, that is easy then
<patdk-wk> zcat Packages.gz | awk '/^Filename: / { print $2; }'
<patdk-wk> download all those files
<patdk-wk> or feed that into a rsync list to download
<mealstrom> there should be something easier
 * patdk-wk doesn't know how that is *hard*
<mealstrom> patdk-wk: deb-XXX http://archive.ubuntu.com/ubuntu karmicXXXXXX main restricted universe multiverse main/debian-installer (+ univerce/debian and so on)
<mealstrom> that's easier )
<patdk-wk> that doesn't download udeb files
<patdk-wk> or will it?
<ScottK> SpamAssassin 3.3.0 released!
<mealstrom> it downloafs
<ScottK> \o/
<ScottK> Daviey: ^^^
<mealstrom> apt-mirror gets package.gz parse it and downloads . all those *.udeb were in /debian-installer/i386(amd)/package.gz.
<mealstrom> so I've addet debian-installer to be mirrored localy
<patdk-wk> just got the email :)
<mealstrom> so it was karmic /main    and I've added karmic /main/debian-installer and that's all
<Daviey> ScottK: \o/
<Daviey> ScottK: I emailed the debian maintainer a while ago who pretty much said he had it in hand, but patches welcome
<smoser> erichammond, would you mind if i took runurl and added to ec2init ?
<smoser> and is http://run.alestic.com/runurl the right runurl ? and any reason why it is #!/bin/bash not #!/bin/sh
<koolhead17> hi all
<koolhead17> hello kees
 * koolhead17 waves propagandist
<zul> smoser: you'll have to update the debian/copyright file if you do that just an fyi
<smoser> yeah, i have other udpates there too
 * soren just had a rockin' idea for Lucid+1
<ajmitch> soren: demoting most of main?
<soren> No, but also sounds like fun :)
 * ajmitch was just reading kees' suggestions about web apps
<kees> mmmm profiles
<ajmitch> I know some people who use moodle, but not sure if it's hosted on ubuntu or debian
<soren> kees: Has anyone ever done a profile for a webapp?
<kees> soren: in a published package? not that I know of.  but I've personally profiled squirrelmail, wordpress, cacti, and awstats.
<ajmitch> and for a PHP web app at that? Are apache modules still needed for that?
<kees> oh, and mailman
<soren> kees: How?
<soren> kees: I mean... It's all run by Apache.
<ajmitch> changing hats?
<kees> ajmitch: yeah
<kees> soren: mod_apparmor
<soren> kees: What if you have something that doesn't have a profile?
<soren> kees: Oh.
 * soren was not aware of such a thing
 * ajmitch found the spec for it for karmic
<jdstrand> I've got moin
<kees> soren: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/annotate/head%3A/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
<jdstrand> kees: mdeslaur did phpsysinfo (but not really a big app)
<kees> jdstrand: right, true.
<jdstrand> it's hard to ship a profile in these webapps cause of the traditional issues with webapps in Debian/Ubuntu-- they can put stuff all over the place (including for virtual hosts)
<myk_robinson> evening, all
<jdstrand> ship an *enforcing* profile that is-- we can ship complain mode or disabled profiles
<kees> jdstrand: I think it still might be possible in some cases.
<myk_robinson> I have a system we just built with 8*1.5TB hard drives. We have built a hardware raid and we are trying to partition the drives.
<myk_robinson> we are having an issue creating a 9TB partition, any ideas?
<jdstrand> oh I am not saying it is impossible, just difficult
<soren> myk_robinson: What is the issue?
<patdk-wk> myk_robinson, using 64bit I hope
<mdeslaur> well, it may not be so bad for webapps
<mdeslaur> depending on what they do, they are usually restricted to their own directory anyway
<mdeslaur> ie: not many of them want to mess with system stuff
<ajmitch> jdstrand: those problems exist just for trying to package web apps, especially those that have their own installer pages that want to write all over the filesystem to mode 777 files
<jdstrand> mdeslaur: not for a default install-- but as soon as you go beyond it or have virtual hosts somewhere, then you get in trouble
<jdstrand> ajmitch: yeah :(
<mdeslaur> jdstrand: yes, it's only good for default installations
<myk_robinson> soren: partition length of 17500327425 secotrs exceeds the ms-dos-partition-table-imposed maximum of #########
<jdstrand> eg, moin has a farmconfig
<soren> myk_robinson: Yes. Don't use MS-DOS partition tables.
<mdeslaur> if you're not using a default install, you're probably not using packages anyway
<jdstrand> where do the non-default 'farmed' files go?
<myk_robinson> soren: perhaps we missed a step, we'd like to format it to ext4, but never get the option
<soren> myk_robinson: You want to use GPT. If you use parted for partitioning, it will sort all of this out for you.
 * patdk-wk just doesn't use partition tables at all
<patdk-wk> just format /dev/sda :)
<jdstrand> mdeslaur: oh I don't know about that... moin is quite useful with farmconfig
<jdstrand> mdeslaur: though you are surely right for some
<smoser> jjohansen, ping
<patdk-wk> myk_robinson, think about just formatting ext4 right to the device, no partitions
<patdk-wk> or if you do need them, put lvm right on it
<smoser> https://bugs.launchpad.net/ubuntu/+bug/428692 any thoughts on possibly SRU-ing the minor changes to build in ext4 and loop ?
<uvirtbot`> Launchpad bug 428692 in linux-ec2 "ec2 kernel needs CONFIG_BLK_DEV_LOOP=y and other config changes" [Medium,Triaged]
<myk_robinson> just a sec, Jeremy is gonna take my place, he speaks the language better..
<jjohansen> smoser: loop and ext4 should be builtin
<myk_robinson> soren: patdk-wk: Ok...I have a total of 9.0TB available after a raid 6 configuration.  I want to partition using ext4.  I am using the ubuntu alternate install, and it is erroring out saying max msdox-partition-table-imposed maximum error
<jjohansen> smoser: oh oops, SRU
<myk_robinson> how do i get a new partition table and format this thing
<patdk-wk> do you need to boot from that drive?
<jjohansen> smoser: I think that might be SRUable
<soren> Session on server testing in 5 seconds in #ubuntu-classroom
<myk_robinson> yes..well it is one logical volume, and i want a swap, a root, and a storage partition
<smoser> could we move toward that? those changes would be extremely low likelyhood for regression as they're built in everywhere else
<jjohansen> smoser: yeah, I will request an SRU for that
<patdk-wk> myk_robinson, hmm, boot partition causes in issue with how I would do it :(
<patdk-wk> can you select a different partition layout? maybe bsd?
<myk_robinson> won't be a boot partition, will be in mbr
<smoser> can you put a comment in that bug? someone is asking on ec2ubuntu and i'd liek to have some status there.
<patdk-wk> I dunno the installer very good, never use it really
<patdk-wk> you have to have a boot partition, in your case, your boot partition would be / (root)
<myk_robinson> one second
<myk_robinson> might have it
<myk_robinson> i gave the drive a new partition table and it is working
<myk_robinson> must have been something goofed by suse when i tried installing using ext3
<myk_robinson> cause ext3 has a max size of 4TB
<patdk-wk> heh :) maybe it put the msdos table on there
<patdk-wk> and ubuntu tried to reuse it
<myk_robinson> don't know..but it works
<myk_robinson> thanks for the help
<patdk-wk> hmm, ext3 should be able to do 16tb
<myk_robinson> ok..thought it said 4TB but may be wrong
<patdk-wk> 4tb is the max if using dunno
<myk_robinson> suse crapped out on trying to do the 8.15TB parition
<patdk-wk> 2tb max using 1k blocks
<patdk-wk> 8tb max using 2k blocks
<patdk-wk> maybe you forgot to tell it to use 4k blocks :)
<patdk-wk> ext4 has same limits
<myk_robinson> could be...it is now formatting the parition..should be a while so i will hopefully not have anymore problems
<myk_robinson> thanks for your help
<patdk-wk> oh wait, no it doesn't, my bad :)
<patdk-wk> it's filesize max out at 16tb :)
<myk_robinson> it can go to 1,000 TB
<myk_robinson> filesize is 16tb yeah
 * ajmitch just saw the regression test ppa mentioned in the developer week session, how often is that meant to be updated?
<mealstrom> what should look like preseed user encrypted password ?
<mealstrom> d-i passwd/user-password-crypted password (what's next) [md5hashpass] or just md5hash pass ?
<genii> mealstrom: I'm pretty sure just: d-i passwd/user-password-crypted password md5hash-here
<mealstrom> doesn't work :)
<mealstrom> md5sum is right for that ?
<mealstrom> oops :( wrong hash
<kees> soren: the dovecot issue appears to be a real regression in dovecot.  I've filed: https://bugs.edge.launchpad.net/ubuntu/+source/dovecot/+bug/512975
<uvirtbot`> Launchpad bug 512975 in dovecot "mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/USERNAME" [Undecided,New]
<mrayzenoss> Is it possible to use the Live Desktop CD to kickoff a server install?  The Live CD handles the EFI weirdness on my Mac, but I just want to use it as a server
<zul> kees: i broke dovecot?
<mdeslaur> mathiaz: fyi: upstream mysql bug for certs expiring in 2 days: http://bugs.mysql.com/bug.php?id=50642
<mathiaz> mdeslaur: great thanks
<patdk-wk> mdeslaur, hehe, thanks, I have one expiring today :( luckly it's not critical :)
<kees> zul: I think dovecot broke dovecot.  *shrug*  I don't have time to investigate today
<maxfiles> can you run a desktop on the server environment/
<maxfiles> ?
<patdk-wk> heh?
<patdk-wk> you mean, run ubuntu desktop on a server? sure
<maxfiles> would it run slower or faster
<maxfiles> I'm having an issue with my current desktop version
<maxfiles> where I did an update
<patdk-wk> not much slower, shouldn't be noticable
<maxfiles> and now none of my services will start
<patdk-wk> it just installs all the gui stuff that server doesn't
<mealstrom> you can run vnc server on it
<maxfiles> cant get apache, mysql, pureftpd to start at boot
<maxfiles> have tried everything so far that I can think of
<maxfiles> so I figured a fresh start would be useful
<patdk-wk> did you ever figure out why they wouldn't start?
<maxfiles> no
<maxfiles> I have tried every bit of software that I can think of after reading
<maxfiles> asking for help and getting nowhere
<patdk-wk> the only reason for me, besides syntax errors
<patdk-wk> is if the network ip's didn't come up correctly
<maxfiles> then it would be an ubuntu update that did that
<patdk-wk> dunno
<patdk-wk> I have never seen an ubuntu update kill something like that
<patdk-wk> but then, I dunno what all you have, that I might not
<maxfiles> well I run irc, crons, ftp, apache, mysql for the most part
<maxfiles> hddtemp for temp monitoring
<maxfiles> and I cant even get that to start
<maxfiles> runlevel says unknown when I use that
<maxfiles> so I have no idea what run level I'm on
<patdk-wk> I don't believe runlevels have been used for a long time
<patdk-wk> but have been imitated
<maxfiles> ok then why are they related to boot up rc0.d et el
<maxfiles> or are they not
<mealstrom> who used preseed file with password-crypt ?
<mealstrom> d-i passwd/user-password-crypted password md5    -- I've got problem after system install with this password. it doesn't match
<mealstrom> I've used htpasswd (from apache2) to create md5 hash and now don't know what password to put :(
<erichammond> mealstrom: I recommend generating a new password and saving it this time.
<Italian_Plumber> Hello.  I am trying to add a new hard drive to my server, 804.  The BIOS correctly identifies the drive, but I can't mount it because I can't find it in the /dev directory.  I have a /dev/sda and /dev/sdb, but no /dev/sdc.  The machine already had a primary master and slave, and a secondary master.  I have added the new drive as the secondary slave.
<mealstrom> erichammond: I've generate md5 from text file. I've checked md5 for that file and command line input. they were the same
<erichammond> mealstrom: Ah, I misunderstood and thought you had lost the password.
<tarski> so i got my ubuntu server to be my router, it's doing fine, im wondering if i use a switch connecting two laptops to the switch and the switch to the router/server, if i assign those laptops static IP's in the range i specified on my server, will i get internet on both?
<mealstrom> internet *** router *** swich ** N-laptops  --- yes
<erichammond> mealstrom: You might try generating the encrypted password using this command: openssl passwd -l file:$PASSWORDFILE
<mealstrom> erichammond: thanks for advise
<erichammond> er, that option should be -1 (one), so: openssl passwd -1 file:$PASSWORDFILE
<erichammond> argh, with no space after "file:"
<erichammond> Actually tested this one: openssl passwd -1 file:$PASSWORDFILE
<mealstrom> how to arg md5 ?
<erichammond> The -1 means "md5"
<erichammond> To see other options: openssl passwd -help
<erichammond> (where -help is not a valid option)
<erichammond> Also, for other info: man htpasswd
<erichammond> er, man openssl
<erichammond> can't type today
<mealstrom> yes, I've got it
<erichammond> or think
<erichammond> Odd, looks like TMTOWTDO, so this also works: openssl passwd -1 -in $PASSWORDFILE
<erichammond> but nobody ever accused Unix/Linux command lines of being consistent.
<mealstrom> ill try to remap hdd in system to see what password there was actually stored
<RoyK> erichammond: erm, what's wrong with the unix commandline?
#ubuntu-server 2010-01-27
<erichammond> RoyK: I've lived with and loved it since 1985, but every command line program writer comes up with their own sets of options and there are a number of different ways to specify them (single dash, double dash, single letter, word, space between option and arg, "=" between option and arg, some programs even use the DOS "/" to prefix options or no prefix at all, ...)
<RoyK> well, true
<erichammond> , does "-v" mean "verbose" or "version", does it process stdin by default or do I need to specify "-" or "-stdin", etc
<RoyK> haven't seen the DOS prefix, though
<RoyK> gnu seems to standardise most of their stuff pretty well, though
<erichammond> I'm not even saying it's bad.  The flexibility and chaos have helped let great things thrive.
<erichammond> I've "heard" (ahem) that the VAX VMS command line was very consistent, but not much fun to use.
<twb> erichammond: that might be because it was written by a company instead of by hundreds of grad students at a bunch of different universities
<erichammond> In the "testdisk" package on Ubuntu, there is an effective utility named "photorec" which uses /d as an option specifier.
<RoyK> erichammond: heh - we still have two VMS boxes at the office :)
<RoyK> alpha stuff
<twb> And dd and wodim still use IBM-style
<uvirtbot`> New bug: #506771 in clamav (main) "I can't download anything " [Undecided,New] https://launchpad.net/bugs/506771
<erichammond> smoser: Thanks for the symlink on http://uec-images.ubuntu.com/releases/karmic/
<erichammond> smoser: Could we also get one on http://uec-images.ubuntu.com/releases/hardy/
<smoser> yeah. i'll do that. i might get hassled about it though.
<smoser> i did ask slangasek if it was ok to keep the old releases
<smoser> and he said what i was doing was reasonable. i think this is reasonable too, but possibly others dont.
<smoser> it should be possible for us to make the bundle downloadable from s3, right?
<erichammond> smoser: what bundle?
<erichammond> smoser: but yes, it's possible to make almost anything downloadable from S3 :)
<erichammond> and anything on S3 is automatically available through torrent.
<smoser> hardy link should be there.
<smoser> the published amis
<smoser> ie, so people can get the from s3 rather than uec-images.u.c
<erichammond> Sure, then it would be faster and free as long as they were inside EC2.
<smoser> its free right now for the consumer when it comes from uec-images.u.c
<smoser> until june or something
<erichammond> No, the EC2 instance is paying for incoming network traffic.
<erichammond> oh
<erichammond> yah
<smoser> and i could definitely see that being almost indefinite. makes sense for "move in special"
<erichammond> It's not that big of an issue for me, anyway.
<smoser> yeah, its pennies anyway you look at it. but faster would be nicer.
<smoser> and not taking canonical bandwidth too
<smoser> anyway
<smoser> hardy link should be there now
<erichammond> When I ran the script to generate the 12 EBS boot AMIs, it only took about 4 minutes each from start to finish.
<erichammond> Of course there were instances in each region, so I should have parallelized it.
<erichammond> next time...
<smoser> lftp rocks. just in case you werent aware. i saw large increases using 'pget'
<maxfiles> how do I change to a static ip in this thing
<patdk-lap> on what thing?
<tonyyarusso> maxfiles: edit /etc/network/interfaces, change dhcp to static, and fill in the other fields.
<tonyyarusso> maxfiles: 'man interfaces' for syntax details.
<maxfiles> I switched to 8.0.4 lts server with desktop installed
<patdk-lap> interesting issue I had on reboot :(
<patdk-lap> if I specify dhcp for the network interface, it ignores the mtu setting
<MTecknology> I put MAILTO="" in my crontab file; but I'm still getting mail from the output....
<MTecknology> any ideas why?
<erichammond> MTecknology: It's in the manpage: "If MAILTO is defined (and non-empty), mail is sent to the user so named."
<MTecknology> erichammond: then how do I have it discarded?
<sbeattie> MTecknology: redirect the output of whatever it is your running from cron to/dev/null.
<sbeattie> It may be useful to just send stdout to /dev/null and have stderr still get sent to you, so that you're aware of errors in your cronjob.
<MTecknology> sbeattie: I was doing that and it got ugly. I was told that should work.. so crap doesn't get sent through it
<MTecknology> It's mostly all ssh login messages; I had a few megs of just that
<sbeattie> err, what cronjobis sending you that?
<sbeattie> err, what cronjob is sending you that?
<sbeattie> is it something that sends mail directly, a la logwatch or logcheck?
<MTecknology> some backup scripts I have
<MTecknology> some sync scripts
<MTecknology> I guess I can tack on ' > /dev/null' to about 50 jobs; I just didn't want to
<sbeattie> hrm, if it's actual cron output, that seems to be a bug, or lying documentation.
<twb> MTecknology: your problem is too many ssh attempts in your logs?
<MTecknology> twb: no..
<MTecknology> twb: the cron events do a lot of ssh work, the text that you see when you log into the server winds up in /var/mail/..
<twb> MTecknology: consider control master, then
<MTecknology> twb: hm?
<twb> (It's a feature of OpenSSH to run multiple commands over a single shared SSH connection)
<twb> Or maybe investigate something like puppet, depending on what you're doing.
<MTecknology> I'd still get the junk
<twb> MTecknology: you'd get one connection per <period> instead of one per ssh command
<sbeattie> is anacron or some other alternate cron involved?
<twb> Where <period> might be the extent of the cron job, or the extent of the uptime
<jmarsden> MTecknology: Where exactly is the "junk" coming from?  A Banner statement in sshd_config? /etc/issue.net ?  Other?  Can you tackle this by preventing the generation of that banner info when the logon is not interactive?
<MTecknology> jmarsden: that's part of the junk, put there's other output from other tasks like that which I don't want to get
<jmarsden> MTecknology: Well, if you'd reduce the volume by 50% by killing the login banners, that would be a start :)
<MTecknology> I have MAILTO="admin@domain.com" now too... at least it'll show up where I'll actually read it
<twb> MTecknology: it would be better to alias root to admin in /etc/aliases
<MTecknology> twb: so the top of that I do root: mail@domain.com ?
<MTecknology> or, the end
<twb> Sure
<twb> Then run newaliases
<MTecknology> twb: interesting - thanks
<MTecknology> jmarsden: thanks for that idea; how can I do that?
<jmarsden> MTecknology: Well, that depends where the banners are coming from, hence my earlier question... I'm not 100% sure how but once we know what generates the text we can look at ways to stop it being generated for your cron jobs...
<MTecknology> jmarsden: /etc/issue.net
<jmarsden> OK.  Is there a statement Banner /etc/issue.net in sshd_config, or is something else causing that file to be output?
<jmarsden> If it is a Banner statement I'm wondering about making that conditional on a Match in there... not sure if it will work, but worth a shot...
<MTecknology> jmarsden: that's the line
<jmarsden> OK, so now you need to find what is different about the ssh connections being made by your cron jobs compared to those being made by interactive users, and then create a Match block with the Banner inside it for the interactive users.
<jmarsden> man sshd_config for more on Match blocks...
<MTecknology> alrighty, thanks
<jmarsden> You're welcome.
<cyphase> If i have a RAID 1 array on one computer, and i take out a drive and stick it into another computer (non-RAID), will the second computer be able to read it correctly?
<twb> cyphase: RAID-1 is a mirror.
<cyphase> twb: i know, i'm just making sure
<twb> cyphase: at least traditionally, that meant that both drives are directly mountable
<twb> You'll want to mount -oro to avoid getting the array out of sync, though
<cyphase> twb: right, that's what i thought.. thanks :)
<twb> This is assuming you're talking about md RAID
<cyphase> twb: i don't know what kind of RAID it is yet
<cyphase> doubtful it's linux though
<twb> I can't comment on fakeraid or hardware raid
<cyphase> twb: okay, thanks for the info
<erichammond> MTecknology: You could also send the email to "devnull@yourdomain.com" and then add an alias for "devnull: /dev/null"
<erichammond> though I didn't quite follow why you couldn't redirect everything to /dev/null in the cron job itself.
<toyol> hello, i need help, i install linux server 9.04 x64bit and i want to change block size 4096 to 512 . how can i do this ?
<mealstrom> you need partman I suppose
<toyol> so all data lose ?
<toyol> if i change block size to 512 ?
<mealstrom> don't really know
<tsimpson> you'll have to reformat to change the block size
<alkisg> Is it possible to use dpkg-divert for a whole directory? I want to divert /usr/share/wine/fonts/ to /usr/share/wine/english-only-fonts/...
<jiboumans> good mornign
<error404notfound> I have a server with one NIC and a vpn interface. This server hosts about 14 sites, out of which i want 10 to be available only on vpn network and 4 to public. I need a combination of IP and Name based vhosts in apache, any ideas?
<psteyn> Hi, running Ubuntu Server 9.10, kacpid is using a LOT of cpu.  How can I stop it safely?  I see no /etc/init.d/acpid
<_ruben> error404notfound: NameVirtualHost directive takes an ip address as parameter which can be used to make the distinction between vpn and public .. then servername/serveralias for the actual vhosting
<_ruben> psteyn: its a kernel process, the only way to stop it (probably) is to disable acpi at boot time
<error404notfound> _ruben, yup. got it, thanks to SpiceMan on #httpd
<FireCrotch> psteyn: You can disable acpi by appending acpi=off to your GRUB kernel line and rebooting. Be warned however that you'll lose features such as CPU throttling, fan control, etc
<psteyn> Meh.  :( I don't really mind losing that, but I've also read that acpi=off will disable SMP
<psteyn> I do mind that..
<maxagaz> how to uninstall a program installed with "make ; make install" ?
<_ruben> depends on the program
<_ruben> some offer the option of running make uninstall
<_ruben> otherwise you might have to delete all installed files by hand
<maxagaz> _ruben, but how do you know the list of files installed ?
<maxagaz> _ruben, and what if an existing file has been changed by make install ?
<_ruben> analyze the Makefile is one way .. there's also (wrapper)scripts that do that for you (and possibly even offer uninstall functionality)
<st_iron> martin-: dpkg -l
<st_iron> sorry
<_ruben> if files are overwritten (without being backed up), you wont get them back (easily)
<st_iron> maxagaz: dpkg -l
<st_iron> oh, and sorry again, I just read back
<st_iron> now I put a lock on my mouth
<dayo> i'm trying to keep a static IP on my eth1,which is also the interface from which the dhcp3-server gives out IPs,but the static IP keeps getting overwritten by dhcp,thereby messing up my lan: http://dpaste.com/151096/
<screen-x> do I need dbus  on an 8.04 apache server?
<mealstrom> dayo: dhclient.conf supersede options
<mealstrom> and what with dhcp server?  dhcpd eth1 and dhclient eth1 ? oO
<error404notfound> i have port 113 closed on my ubuntu server, what if i want to put it under stealth/reject all connection on this? would it effect any running services?
<dayo> mealstrom: what do u mean?
<uvirtbot`> New bug: #513151 in mysql-dfsg-5.0 (universe) "package mysql-server-5.0 (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,Incomplete] https://launchpad.net/bugs/513151
<_ruben> error404notfound: not making much sense (atleast not to me)
<error404notfound> _ruben, port 113 on my server appears to be closed if i do portscan. Okay? what if i explicitly configure iptables to "reject" any connections on this, that way it won't even appear in portscan. Will rejecting any connection on this effect any running services?
<_ruben> closed and reject are or more or less the same thing (one results in the other)
<acalvo> hi
<_ruben> drop -> filtered ... reject -> closed .. accept -> open
<error404notfound> _ruben,hmmm
<acalvo> I've grown the volume of a virtual disk in a virtual machine, and I need to grow also the LVM partition. How can I do that? lvextend? (it's the physical disk, I guess)
<_ruben> acalvo: increase pv, vg, lv and then fs
<acalvo> _ruben: ok, I'll try it
<acalvo> and thanks, you're always here to help :)
<_ruben> just dont tell my boss, he thinks im working ;)
<error404notfound> hmmm, okay, have filtered that as well, now i am wondering what next should i do with this server. :P
<acalvo> quite confused: I've this
<acalvo> Disposit. Inicio    Comienzo      Fin      Bloques  Id  Sistema
<acalvo> /dev/sda1   *           1         621     4988151   8e  Linux LVM
<acalvo> /dev/sda2             622         652      249007+   5  Extendida
<acalvo> /dev/sda5             622         652      248976   83  Linux
<acalvo> I've increased the vmdk 1G
<acalvo> how do I apply that?
<acalvo> I mean... the pvresize applies only to a partition
<acalvo> while is the whole disk whichs is bigger
<acalvo> I just want to make /dev/sda1 1G bigger
<error404notfound> acalvo, !pastebin
<acalvo> error404notfound: mmm ok
<_ruben> acalvo: you cant make sda1 bigger (easily)
<_ruben> however, you could use the benefits of lvm
<_ruben> the extra 1G can become a new partition, which will be a pv, which you can add to a vg, which allows you to create extra lvs or extend one or more lvs
<acalvo> _ruben: I know, and it's quite useful
<acalvo> however, I'd like to extend the sda1
<soren> acalvo: Why?
<soren> acalvo: You can create a new pv at the end, add it to the same vg as sda1 and the you will be able to allocate the space in there with lvcreate just like you normally would.
<acalvo> soren: ok, that makes sense, however, I'm not that into LVM to understand everything. If I get it right, I just have to: first, add new size to the vmdisk of my virtual machine; create a new pv, add it to the same vg as the other lv, and then it'll be as if the /dev/sda1 (in my example) were bigger?
<soren> Umm..
<soren> Well, apart from the bit about /dev/sda1 being bigger..
<soren> You vg will be bigger.
<acalvo> aha, ok, so I'll be able to create more partition (in a traditional way)
<soren> Right.
<acalvo> but not extend the current partitions (again, traditional way)
<soren> Right.
<soren> You add a new partition that takes up the newly allocated space.
<soren> pvcreate it
<soren> vgextend your vg with the new pv
<incd> Which virtual server implementation would be good for Sparc?
<incd> I've tried vserver etc
<soren> ..and that's it. Your vg will be bigger, and you will not need to worry about it being split across multiple partitions.
<soren> acalvo: It's probably easier, though...
<soren> acalvo: ..if you just add another virtual disk.
<acalvo> soren: don't worry, you've clarified lots of things
<soren> acalvo: Instead of bothering with extending the existing one.
<acalvo> right!
<soren> acalvo: The effect will be the exact same. That's part of why LVM is so awesome :)
<acalvo> I understand
<soren> Great.
<acalvo> thanks soren! I'll try that!
<soren> Just shout if you stumble.
 * soren heads to lunch
<acalvo> soren: I've managed to do it by extending the vmdisk (however having a new virtual disk seems fine)
<acalvo> so now my /dev/vg/lvname has more space
<acalvo> I didn't get it the first time
<Weasel[DK]> Kerberos with OpenLDAP backend config ? - I know some about both kerberos and LDAP, but how to tell kerberos to user LDAP as backend. ??
 * soren curses the launchpad UI for copying packages between PPA's
<Italian_Plumber> I am trying to run fsck on a remote machine.  The disk I am trying to check is not the boot disk.  It tells me it is busy, but is not mounted:  http://pastebin.com/m43085014 What can I do?
<NCommander> Is there a test suite for likewise? I'm working on porting it to ARM, and would love to make sure I can test everything off it
<soren> Italian_Plumber: Can you pastebin the output of mount, please?
<Italian_Plumber> http://pastebin.com/m7a468855
<pmatulis> Italian_Plumber: and what version of e2fsprogs are you running?
<pmatulis> (dpkg-query -W e2fsprogs)
<soren> Italian_Plumber: /dev/sdb1 is mounted
<Italian_Plumber> but when I try to unmount it, it says it's already unmounted.
<soren> Italian_Plumber: No.
<soren> Italian_Plumber: When you try to unmount /dev/sdb, it does.
<soren> Not /dev/sdb1.
<Italian_Plumber> ah.
<Italian_Plumber> david@warthog:~$ sudo umount /dev/sdb1
<Italian_Plumber> umount: /media/data: device is busy
<Determinist> hey guys. I'm using the 9.10 EC2 AMI (32bit =  ami-bb709dd2). I've noticed that sources.list (/etc/apt) does not include multiverse by default. is there a simple way to add multiverse to apt without having to edit the sources.list file manually?
<pmatulis> Italian_Plumber: sudo lsof /media/data
<pmatulis> also make sure you're not in the mount point
<pmatulis> when unmounting
 * Determinist blinks
<Determinist> is there no simple way to add multiverse to the repos aside from editing sources.list directly?
<Italian_Plumber> OKay, I apparently have successfully unmounted it now, but now I get this: http://pastebin.com/m15218c40
<pmatulis> Italian_Plumber: pastebin output to 'sudo fdisk -l' i guess
<pmatulis> Italian_Plumber: or just 'sudo fdisk -l /dev/sdb'
<Italian_Plumber> here is the output to several of the commands: http://pastebin.com/m33bc1a41
<pmatulis> Italian_Plumber: why are you tring to check this filesystem anyway?
<pmatulis> *trying
<soren> Determinist: You're making it sound like that's super complicated?
<Italian_Plumber> I get the "superblock" erro when starting the machine, which means the machine won't start up without interaction.
<soren> Determinist: You open the file, add multiverse at the end of the line, done.
<pmatulis> Italian_Plumber: could be that the superblock is corrupted.  you may need to specify a backup one (with the fsck command)
<pmatulis> Italian_Plumber: you see an example of doing so in the output to your fsck command
<pmatulis> Italian_Plumber: but you should research where the backup superblocks are found in my opinion
<Italian_Plumber> with the fsck command, Iget this: http://pastebin.com/m5c15f459
<uvirtbot`> New bug: #512646 in postfix (main) "Could not install postfix - postinst failed to properly create postfix user" [Medium,Incomplete] https://launchpad.net/bugs/512646
<Italian_Plumber> sorry I thought I included that in one of my pastes, but I guess I didn't.
<pmatulis> Italian_Plumber: again, you're not using the proper device name
<Italian_Plumber> I get the same output with "sdb1"
<pmatulis> Italian_Plumber: pastebin that ouput along with mount output again
<Italian_Plumber> sure... thanks.. http://pastebin.com/m3ffd48ff
<Determinist> soren: yeah, that's fine when you have 1 machine. but when you have a load of them on EC2, things get more complicated. i'm looking for a way to automate this. if there's no simple way, i'll just write a script to do it.
<TeTeT> smoser: thanks for the uec-tools for bundling and uploading a complete image tarball, will rock my UEC training today :)
<smoser> good. i hope to have it packaged in lucid.
<pmatulis> Italian_Plumber: maybe specify the block size with e2fsck
<mathiaz> kirkland: are you able to complete a fully automated install with today installer?
<kirkland> mathiaz: will get back with you once i try
<mathiaz> kirkland: context -bug 512632
<uvirtbot`> Launchpad bug 512632 in debian-installer "Network component not activated on a fully automated installation" [Undecided,New] https://launchpad.net/bugs/512632
<mealstrom> mathiaz: preesid
<mealstrom> this bug is easily fix with apt mirror 512632
<pati> hey!!
<pati> I've setup a webserver with ubuntu 8.04 server edition
<mealstrom> deb-amd64 http://archive.ubuntu.com/ubuntu karmic main/debian-installer restricted/debian-installer universe/debian-installer multiverse/debian-installer
<pati> but after I leave it idle for a long time it becomes inaccessible by ssh
<pati> apache is also not accessible...though i am able to ping it
<pati> does anyone have a clue what might be the issue
<mathiaz> mealstrom: what do you mean?
<pati> anyone?
<unimatrix> hello, would anyone know why my ubuntu server often decides to suddenly switch from static to dynamic IP?
<mealstrom> mathiaz: when you are using local mirror (apt-mirror) for network installation -- there files from debian-installer aren't mirrored and you've got errors with *.udeb files
<mathiaz> mealstrom: well - I'm not using a local mirror
<mealstrom> try to add netcfg/get_hostname=ubuntu
<MTecknology> How do I make sudo update the environment? It seems like sudo -u www-data command from the crontab doesn't update that.
<pmatulis> MTecknology: i believe the sudoers file contains stuff for that (man sudoers)
<MTecknology> pmatulis: I looked through that already
<MTecknology> it runs the command as the user; it just doesn't update environment
<alvin> Is there a method to know when an lvm snapshot was created? (I want to search for the oldest snapshots)
<smoser> jjohansen, where do i get the ec2 kernel source? there are no tags in git://kernel.ubuntu.com/ubuntu/ubuntu-karmic.git for 2.6.31.302.2 (which is the current version of linux-ec2 package in karmic)
<jjohansen> smoser: the import last time dropped the reference.  I try to put it in the commit log and under debian.ec2/patches.xen
<jjohansen> the update I am working on pulled in fresh yesterday
<smoser> where do i get debian.ec2/patches.xen ?
<smoser> oh. on that branch
<jjohansen> yeah ec2 branch
<smoser> jjohansen, where do i get the ec2 branch?
<jjohansen> smoser grab the git tree
<smoser> got it
<smoser> at least i have the one i pointed at above
<jjohansen> then do a git checkout --track origin/ec2 -b ec2
<smoser> ah. its been a while, too much bzr
<smoser> forgot about remote branches
<kirkland> soren: have you used the new kvm in lucid much yet?
<kirkland> soren: the 0.12 one?
<soren> kirkland: Some.
<soren> kirkland: Not much.
<kirkland> soren: any major breakage?
<smoser> jjohansen, now, where do i see/get -302.2 ?
<soren> kirkland: Not that I've seen, no :)
<kirkland> soren: minor breakage, then?  :-)
<jjohansen> smoser: git log, find the commit that mentions bump to -302.2
<jjohansen> the git checkout the hash for the commit
<soren> kirkland: Nothing that I really can attribute to kvm, no. :)
<jjohansen> there is no tag
<kirkland> soren: nice
<smoser> the only 302.2 htat i see is in checksums
<jjohansen> smoser: give me a sec
<jjohansen> smoser: where did you get a 302.2 from?
<smoser> $ dpkg-query --show linux-ec2
<smoser> linux-ec2       2.6.31.302.2
<jjohansen> right, but is this a local vm, an ami on ec2?
<jjohansen> I am wondering if it is one of my test kernels
<smoser> offiical released
 * jjohansen is baffled
<jjohansen> so we have lost some history
<jjohansen> that shouldn't happen but it is possible to do when rebasing
<jjohansen> the ec2 kernel, gets rebased against the master kernel branch
<jjohansen> we are supposed to keep all commit info but I could see that getting dropped
<jjohansen> I can tell you that the version of xen patches hasn't changed since earlier than that
<jjohansen> smoser: what do you want to know about the patches?
<jjohansen> smoser: it looks like we are using the patches from 20090902
<smoser> mostly i was just interested in config changes. i'm tryiing to buidl a ext4 kernel module.
<smoser> and also just wanting to walk through this once
<jiboumans> smoser: you appear to not be on the team call...
<jjohansen> ah
<jiboumans> 2 penalty laps around the court yard!
<MTecknology> I still can't figure out how to ignore the SSH banner for non-interactive logins..
<smoser> jjohansen, easiest way to build kernel modules ? without building entire thing
<jjohansen> assuming the directory has a Makefile that can do it,
<jjohansen> cd into the directory
<jjohansen> make -C <kernel source> -M=`pwd`
<mdeslaur> zul, mathiaz: who takes care of mysql among you?
<zul> mdeslaur: mathiaz and me
<zul> mdeslaur: whats wrong?
<mdeslaur> zul, mathiaz: could you two come to #mysql-ndb
<mdeslaur> apparently the clustering in 5.1 that we ship is old and deprecated
<zul> yeah we are shipping mysql-cluster 7 in lucid
<uvirtbot`> New bug: #511180 in samba (main) "File sharing failed" [Undecided,Invalid] https://launchpad.net/bugs/511180
<zul> mathiaz: can you join #mysql-ndb please?
<ivoks> here's first papercut: kill php's error display by default, put them in apache's error logs
<ivoks> :)
<incorrect> hmm, i wonder what search engine i should use
<Omahn> ivoks: Your pacemaker/apache/vsftpd test cases work perfectly on my test machines. 3 node/ESX.
<ivoks> Omahn: that's awesome
<ivoks> Omahn: could you add comments to wiki page?
<ivoks> https://wiki.ubuntu.com/ClusterStack/LucidTesting#Test results
<Omahn> Indeed. I'm just testing the drbd test case. The resync is taking a while :-)
<ivoks> hehe
<ivoks> there might be some issues with that test
<ivoks> drbd upstream said they'll send me modifications for it
<acalvo> hi
<acalvo> when setting up a master-slave relation with bind
<acalvo> does the slave has to have its own zone files with the @ set up to it sip address?
<acalvo> or it has to have the same as the primary?
<ivoks> it should pull everything from master
<acalvo> *everything*?
<ivoks> domain records
<acalvo> even this? @               IN      SOA     mars.esci.es. root.esci.es. (
<ivoks> of course
<acalvo> ok
<acalvo> and this too? @               IN      NS      mars.esci.es.
<ivoks> yes, imo
<acalvo> I've thought it was poiting to the machine runnig the dns server
<ivoks> wait, i'll check
<acalvo> ok!
<ivoks> yep
<ivoks> it creates zone file
<acalvo> ok, it points to the primary master
<acalvo> (authority)
<Omahn> ivoks: DRBD test case works fine for me too. Was issue was you expecting?
<Omahn> *What
<ivoks> i had no issues
<kirkland> mathiaz: "<cjwatson> kirkland: not enough there to be sure, but there's an outstanding console-setup bug that multiple people are running into and that ev's looking at, so if it's lucid then that's a possibility"
<ivoks> but upstream said they have some comments
<ivoks> i don't know what exactly
<Omahn> Ah I see. Anyway, works fine for me :-)
<Omahn> I'll update the wiki page.
<ivoks> great
<mathiaz> kirkland: are the preseed install also failing for you?
<mathiaz> kirkland: I've asked cr3 to do a test install and it works well for him
<kirkland> mathiaz: they're hanging at a screen asking me to select the next step in the process
<kirkland> mathiaz: if i select "configure the keyboard", nothing happens, i just loop on that step
<mathiaz> kirkland: right
<kirkland> mathiaz: if i push it to the next step, detect nw hardware, it continues
<mathiaz> kirkland: and then if you select configure network, it works
<mathiaz> kirkland: awesome - that's what I see as well
<kirkland> mathiaz: sounds like cjwatson and ev are aware of the issue
<mathiaz> kirkland: great - and that wasn't case before you left for LCA?
<kirkland> mathiaz: bug #512592
<uvirtbot`> Launchpad bug 512592 in debian-installer "console-setup-udeb succeeded but requested to be left unconfigured" [Undecided,New] https://launchpad.net/bugs/512592
<kirkland> mathiaz: correct
<kirkland> mathiaz: this worked liked a champ before I left
<ivoks> Omahn: you had only two servers in drbd test?
<Omahn> ivoks: Only 2 taking part, I had a 3rd running with corosync up but not involved in drbd.
<ivoks> right
<ivoks> that's the test i wanted to see :)
<Omahn> I think I tried initially with 2 only, and then realised my earlier quorum setting required at least 2 nodes to be up.
<ivoks> so, we can say that we have good replacement for rhcs
<Omahn> So I did it again with 3.
<ivoks> yes, it won't work with 2
<ivoks> 2 node clusters are pointless
<ivoks> they do more harm than good
<Omahn> I've never tried RHCS but Pacemaker/corosync seems to work really well for us so far in testing. Just a bit tricky to integrate with Puppet but i'm getting there :-)
<Omahn> Actually our new LVS clusters will be 2 node.
<ivoks> and what happens when they lose interconnection?
<ivoks> :)
<ivoks> they both thing other one is dead
<ivoks> think
<ivoks> and then you have big mess
<ivoks> 3 is minimum
<Omahn> 2 + stonith should be ok presumably? (And as these are routing packets, if they lose connectivity then we have much bigger problems)
<ivoks> 2 + 1 something to keep track which one is really dead
<ivoks> it could be nokia n900 :D
<Omahn> Ok I'll have a look at running 3 nodes.
<ivoks> so, we now just have to write MIRs for that stack
<ivoks> jiboumans: do we have a green light for corosync/pacemaker cluster in main? :)
<Omahn> Fingers crossed :-)
<ivoks> Omahn: http://clusterlabs.org/wiki/DRBD_HowTo_1.0
<Omahn> ivoks: Thanks
<ivoks> i'll merge latest drbd and pacemaker parts now
<Omahn> ivoks: Good stuff. I'm building an LVS cluster tomorrow on real tin so that would be fantastic.
<BeardedChimp> When an interface is brought up is any device created to check for its existance in a script or is the only way by parsing ifconfig output
<BeardedChimp> My grammar was shocking there
<BeardedChimp> Is any device created that allows me to check for its existance with a script
<ivoks> BeardedChimp: which ubuntu version?
<ttx> mathiaz: around ?
<mathiaz> ttx: yes
<mathiaz> ttx: are you?
<mathiaz> ttx: is it your bot I'm talking to?
<ttx> mathiaz: reading your install-srv readme
<ttx> mathiaz: you still need tftp for the gPXE chaining, right
<ttx> so it's not fully without tftp
<mathiaz> ttx: yes
<ttx> ok
<mathiaz> ttx: well in my setup it is :)
<mathiaz> ttx: however you can just ship one static file
<ttx> mathiaz: I dare you to start an instance with *your* setup
<ttx> :P
<mathiaz> ttx: otherwise you have to add/delete files in the tftpboot directory from the cgi-script
<ttx> mathiaz: ok :)
<mathiaz> ttx: at least there is only one file in the tftp directory
<mathiaz> ttx: and that all
<mathiaz> ttx: that's all
<ttx> right, the issue is, will my flimsy router support that
<mathiaz> ttx: that == http server?
<mathiaz> ttx: or that == dhcp+tftp server?
<mathiaz> ttx: if your router runs dnsmasq, then you should be ok
<mathiaz> ttx: you can enable dnsmasq tftp server
<ttx> mathiaz: right. I just need to figure out how to place a static file on there now :)
<mathiaz> ttx: well - you could run the tftp server on the same machine as the http server
<ttx> and make sure it doesn't get wiped on reboot
<mathiaz> ttx: and then use the next-boot option
<mathiaz> ttx: as you can tell the dhcp client to use a *different* IP for the tftp server
<ttx> mathiaz: ah, that sounds better
<mathiaz> ttx: the tftp server doesn't need to be on the same machine as the dhcp server
<mathiaz> ttx: you could even bring a second dhcp server
<mathiaz> ttx: on the network
<ttx> ok, I'll look deeper... tomorrow.
<mathiaz> ttx: and configure your router dhcp server to *not* answer dhcp request from PXE clients
<mathiaz> ttx: and configure the second dhcp server to *only* answer dhcp request from PXE clients
<ttx> thanks for those precisions
 * jiboumans sees unhappy signals from UEC testing :(
<mathiaz> jiboumans: what do you mean?
<mathiaz> kirkland: how about adding a default name to the cluster name in UEC?
<jiboumans> mathiaz: you being blocked
<kirkland> mathiaz: static, or generated?
<mathiaz> jiboumans: I'm trying to move forward anyway
<mathiaz> kirkland: well - not sure
<kirkland> mathiaz: my preseed sets it to "CanyonEdge" :-)
<jiboumans> mathiaz: i know you are. if there's something i can do to unstuck you, let me know
<mathiaz> kirkland: right - I'd like to avoid preseeding anything that is not necessary
<jiboumans> kirkland: *cough* MangyMinx!
<mathiaz> kirkland: db_input high eucalyptus/cluster-name
<mathiaz> kirkland: is it worth asking for the cluster name by default in the install?
<mathiaz> kirkland: well - that's a different topic
<mathiaz> kirkland: I'd suggest we add a default value to the cluster-name template
<kirkland> mathiaz: and lower to medium
<kirkland> mathiaz: okay ... do you have a name proposal?
<mathiaz> kirkland: UEC_CLUSTER?
 * kirkland winces at ALL_CAPS_AND_UNDERSCORE
<mathiaz> kirkland: the main goal is to get rid of a preseed answer
<mathiaz> kirkland: UEC-Cluster
<mathiaz> kirkland: UEC is the official acronym
<kirkland> mathiaz: i think if we put the word "Cluster" in there, it should be Cluster1
<mathiaz> kirkland: fair enough
<mathiaz> kirkland: UEC-Cluster1
<kirkland> mathiaz: but i'm wondering if -Cluster1 is necessary?
<mathiaz> kirkland: UEC1?
<kirkland> mathiaz: I like the concise-ness
<kirkland> mathiaz: would like to have ttx's opinion, though
<kirkland> mathiaz: it can be changed, of course
<mathiaz> kirkland: I'll file a bug then
<kirkland> mathiaz: other than the noted install bug, my preseed install worked perfectly
<kirkland> mathiaz: all euca services are running on the controller
<kirkland> mathiaz: i'm simultaneously installing 4 nodes now
<mathiaz> kirkland: great - I'm preparing preseeds for the UEC Network installation
<mathiaz> kirkland: UEC Network Integration
<kirkland> mathiaz: uec1 might be easier to read/type
<kirkland> mathiaz: but I'm not strongly of that opinion
<kirkland> mathiaz: i do like 4 chars, versus a-lot-more though :-)
<ivoks> Omahn: new drbd is uploaded to my ppa; should be available tomorrow
<ivoks> Omahn: rest of the stuff will go to ppa tomorrow
<BeardedChimp> ivoks: Sorry was called away, 9.10
<ivoks> 9.10 has issues with networking :/
<ivoks> bunch of network services are started before network is up
<ivoks> it's a known problem and is fixed in lucid
<ivoks> backporting fix requires touching upstart, which is core of the system
<ivoks> it's not that easy :/
<Italian_Plumber> Hello.  I have a drive with a "bad superblock"... is that a temporary problem that can be fixed, or a sign that the drive is getting old or about to die?
<BeardedChimp> ivoks: Oh wait I was thinking of the wrong computer, the one Im dealing with is 9.04
<BeardedChimp> Lucky me
<ivoks> Italian_Plumber: warranty on most disks mentions number of bad blocks with number of reads/writes or age of the disk
<ivoks> oh, sorry
<ivoks> superblock
<ivoks> that's a filesystem issue
<Italian_Plumber> this is the converstation from earlier: http://pastebin.com/m56fb42f7
<Italian_Plumber> so if I just blew away that filesystem and created a new one, I'd be fine?
<ivoks> Italian_Plumber: you are mounting sdb1, right?
<ivoks> Italian_Plumber: not sdb
<Italian_Plumber> yes
<ivoks> eh
<Italian_Plumber> I was somewhat confused on the difference at first.  I guess I kinda still am
<ivoks> do you have output of mkfs when you formated filesystem?
<ivoks> Italian_Plumber: sdb is disk, sdb1 is first partition on that disk
<Italian_Plumber> I have not formatted it, recently.
<ivoks> Italian_Plumber: did you format it during install time?
<Italian_Plumber> I don't recall.  I set up this box ~2 years ago.  Probably not -- this disk was added to the machine later.
<ivoks> there are couple of backup superblocks on disk
<ivoks> mkfs prints all of them
<ivoks> you'll have to fsck disk with one of those backup superblocks
<ruben23>  hi anyone can help setup a simple ticket support system..
<ivoks> if you don't know which they are, you could use the tool called testdisk
<ivoks> it should find superblocks
<ivoks> and then run e2fsck -b <one of those superblocks> /dev/sdb1
<ivoks> good news is that your data is still there
<ivoks> :D
<zul> ivoks: hey! got a question for you what do you think of bacula 5 for lts?
<ivoks> zul: it's 2 days old
<ivoks> zul: expect bugs :D
<zul> heh
<ivoks> but it is probably better option than older version
<Italian_Plumber> yes the data is still there.  In fact I've already moved the important stuff off of the disk -- at this point it could just be formatted/repartitioned.  woudl that be easeir?
<zul> wait for the .1 release?
<ivoks> Italian_Plumber: if you don't care about data, then yes, format is easiest way out
<ivoks> zul: wouldn't that be a big change for SRU?
<zul> ivoks: probably
<ivoks> i wouldn't like to see that change during release (and i do like big changes)
<zul> *sigh* maybe stick it in backports
<Italian_Plumber> well I'd like to try to repair it.  is it "sudo apt-get install testdisk" ?
<ivoks> zul: i'd rather go with 5.0 in 10.04 and then fix it during lucid lifetime
<ivoks> Italian_Plumber: yes
<zul> ivoks: sounds like a plan to me
<ivoks> zul: notice that 5.0 is released, while firefox wasn't and we didn't care :D
<ruben23> anyone..?
<ivoks> ruben23: best practice
<ivoks> eh, best practical
<ruben23>  ivoks: what you mean..
<ivoks> ruben23: http://bestpractical.com/
<ivoks> software is called RT
<spowers> i used to use RT
<spowers> at a previous job
<spowers> it can go anywhere from simple to insanely detailed
<ivoks> yeah
<spowers> scales pretty well
<ivoks> it's very flexibile and powerfull
<spowers> some people like OTRS but i've never used it before
<spowers> if you're doing software bugs, i've used mantis before and liked it
<spowers> also, a friend of mine wrote one called loom (loomapp.com)
<ivoks> well, take care
<ivoks> see you tomorrow
<ruben23> ivoks:..?
<Italian_Plumber> testdisk says this about the superblocks: http://pastebin.com/m11aae223
<patdk-lap> anyone know why du -shx / would report 2.8G
<patdk-lap> but df -h, reports 3.9G?
<jennie> is it necessary to learn ubuntu desktop first to learn ubuntu server ???
<jennie> please guide me I want to learn LAMPP
<Italian_Plumber> still,when I try to run e2fsck, it says it's busy even though it's not mounted: http://pastebin.com/m22f7da7d
<Italian_Plumber> du is disk usage, df is disk free.  You have 2.8G in use and 3.9G free.
<Italian_Plumber> du only does the directory that your'e in, or specify
<patdk-lap> Italian_Plumber, please read then first :)
<patdk-lap> I gave you the du command, it clearly shows I did the root directory
<patdk-lap> Filesystem            Size  Used Avail Use% Mounted on
<patdk-lap> /dev/mapper/VolGroup00-LogVol00
<patdk-lap>                       5.3G  3.9G  1.2G  77% /
 * patdk-lap wonders where that 3.9G free is
<patdk-lap> and I ran du as root
<qman__> patdk-lap, I suppose it's possible that you have files on your root filesystem that have been mounted over
<patdk-lap> hmm, that I would believe
<patdk-lap> but the system mout hasn't changed in 6months, unmount/mount/reboot
<patdk-lap> but the disk usage just keeps going up
<patdk-lap> umounted everything, and mountpoints are all empty
<Italian_Plumber> that's nothing... look what I can do... http://pastebin.com/m3ab9ccf8
<Italian_Plumber> I can still access data on an unmounted filesystem. :)
<Italian_Plumber> what filesystem is it that can't do files over 4GB?
<genii> FAT
<patdk-lap> fat stops at 2gb
<patdk-lap> ntfs goes over
<genii> Ok, VFAT
<patdk-lap> vfat stops at 2gb
<patdk-lap> all FAT32 based :)
<patdk-lap> I havent seen fat64
<patdk-lap> ntfs goes >4gb
<patdk-lap> ext2+ goes 16tb min
<genii> As I understood 2Gb was limit with 512 byte sectors but with 1024 could be up to 4Gb
<patdk-lap> when did they start making 1024byte sectors?
<patdk-lap> some mo drives have 2k sectors
<patdk-lap> you are talking cluster size
<patdk-lap> and that just matters how much harddrive space you can use, not file space
<patdk-lap> Max file size: 	4 GB minus 1 byte (or block size if smaller)
<patdk-lap> max drive size is 2tb, (8tb using 32k blocks, 16tb using 64k blocks)
<patdk-lap> I guess it does get close to 4tb
<patdk-lap> I always had bad results going >2gb on fat
<patdk-lap> ah, exfat = fat64
<kirkland> mathiaz: yo, my ubu-dev-week session is over
<mathiaz> kirkland: mine too! (well that was 2 days ago)
<kjele> Hi kirkland
<kjele> I tried kvm but my mouse scrolling does not work. using the testdrive command. Do you know how to enable it?
<kjele> kirkland: Are you there?
<kirkland> kjele: mostly here, on the phone atm
<uvirtbot`> New bug: #513135 in mysql-dfsg-5.1 (main) "MySQL logrotate script returns with error when server isn't running" [Low,Confirmed] https://launchpad.net/bugs/513135
<kirkland> mathiaz: hrm, i'm not able to get to my CLC on 8443 from today's package
<kirkland> mathiaz: can you confirm that you are able to?
<mathiaz> kirkland: I haven't got that far yet
<magic_1> hi guys, any one here with experiencing in getting dansgaurdian working
<uvirtbot`> New bug: #513509 in ntp (main) "ntp help manual should mention time slewing" [Undecided,Confirmed] https://launchpad.net/bugs/513509
<kirkland> zul: howdy
<kirkland> zul: i can't get the patch in https://bugs.edge.launchpad.net/ubuntu/+source/linux/+bug/496661 to open
<uvirtbot`> Launchpad bug 496661 in linux "Kaspersky AV does not install under qemu-kvm windows installation" [Undecided,New]
<kirkland> zul: hrm, looks like it might be a bug in my firefox
<uvirtbot`> New bug: #512259 in qemu-kvm (main) "lucid qemu: could not open disk image" [Low,Incomplete] https://launchpad.net/bugs/512259
#ubuntu-server 2010-01-28
<nat2610> hey I have this box that I installed like 2 yrs ago, at that time I gues that was 8.4 ... at that time libbost was coming in 1.35 which is perfect for what I needed, now I want to test on the same box to upgrade to 1,40 but I checked and 1.35 is not packaged anymore some very old libs installed from
<nat2610> oups .. I was editing my sentence when I hit enter...
<nat2610> let me rephrase it
<nat2610> hey I have this box that I installed like 2 yrs ago, at that time I gues that was 8.4 ... at that time libbost was coming in 1.35 which is perfect for what I needed, now I want to test on the same box to upgrade to 1,40 but I checked and 1.35 is not packaged anymore. If I want to upgrade to 1.40, apt want to remove 1.35 which make sense but will I be able to then put back 1.35 if something doesn't go well ?
<nat2610> is there a way to save the current deb ?
<nat2610> or something like that?
<uvirtbot`> New bug: #513544 in libvirt (main) "libvirt 0.7.5 crashed on first virt-manager connection" [Undecided,New] https://launchpad.net/bugs/513544
<error404notfound> I have 3 machines at home, i need to put redirect of say *.domain.com to my private IP say 192.168.1.1 instead of public, i don't want to edit /etc/hosts as i want it to be one time "*.domain.com" redirect,do i need a basic dns setup here or what?
<uvirtbot`> New bug: #513562 in samba (main) "Windows 7 Pro machines trust relationship fails" [Undecided,New] https://launchpad.net/bugs/513562
<bendj> Hi.  I'm setting up a 1st mai server, using ubuntu-server.  I'm planning on using exim, and integrating spamassassin.  Iiuc, I can either use spamassassin directly integrated into exim, or via amavisd-new.  Each community seems to recommend their own solution.  What do "server folks" in here use -- and Why?
<unnotused> why would my virtual copy of ubuntu server have an ip address of 192.168.56.101 ?
<unnotused> zomg, is anyone here ?
<twb> no
<unnotused> figures
<unnotused> nothing but bots
<twb> I imagine 192.168/16 is used because that's a private address range.
<unnotused> nothing but bots/
<unnotused> GRRR
<unnotused> stupid chat
<unnotused> idk
<unnotused> why 56.101?
<unnotused> idk
<unnotused> i just wish i could get it to connect to the interwebs
<unnotused> so i could apt-get
<unnotused> and be all good
<unnotused> i give up for now
<unnotused> night
<jmarsden> unnotused: The issue is more with your virtualization setup than with ubuntu-server... what are you using?
<unnotused> sun virtualbox
<jmarsden> And you set Networking to ... what when you created the VM?
<jmarsden> I'm guessing NAT, and you really want Bridged
<unnotused> no
<unnotused> bridged to my wireless adapter emulated as w/e their default is
<jmarsden> I've not tried bridging to wireless... can you bridge to your wired adapter instead?
<unnotused> lol
<unnotused> if i had a wired network
<unnotused> maybe
<unnotused> ive got both enabled
<jmarsden> Well, IMO that's probably where the issue lies.
<unnotused> prob
<unnotused> one way to find out
<jmarsden> Actually for apt-get access, NAT might be fine... did you try it?
<unnotused> nope
<unnotused> didnt figure it would work
<jmarsden> A server you can't access from anywhere except itself is a fairly useless server, but to get outbound access, try NAT.
<jmarsden> Or run a cable to your nearest switch :)
<unnotused> kks
<unnotused> ima try both
<unnotused> i wanna get ebox working
<unnotused> the college i work at just got a 1/4 million dollar blade center and it doesnt work b/c the SQL is fubar
<unnotused> i thought "HEY virtbox exported ubuntu/mysql server with ebox admin so even my boss can use it"
<unnotused> idk
<unnotused>  .. . .
<unnotused> its more of a pain then i expected
<jmarsden> Why the virtualization?  Just run MySQL on your host OS, if that is all you need to export to the world?
<unnotused> bladecenter needs the sql server virtualized anywa
<unnotused> anyway
<unnotused> the exchange is running on the card
<unnotused> :P
<unnotused> i installed ubuntu server, got mysql set up, got the databases/users running got apache configured and even got the obdc driver working . . .
<unnotused> now i just need a way for my boss to be like (web browser to ip address, change network settings)
<jmarsden> Wait... so you have a blade with only a wireless network connection???
<unnotused> no
<unnotused> im building the virtual image from home
<unnotused> that would be
<unnotused> sad at the verry least
<unnotused> i almost have everything i need done
<unnotused> i just need access to apt-get
<unnotused> :P
<jmarsden> Plug in the wire, bridge to eth0, and if your wired network has working DHCP, you should be all set when you restart the Ubuntu server VM.
<unnotused> imma try it tomm :P be lazy and such
<jmarsden> I have Ubuntu and Debian server VMs under VirtualBox here on my home desktop machine... so it definitely works for me :)
<jmarsden> OK...
<unnotused> kk
<unnotused> its past my bed time
<unnotused> lol
<jmarsden> Only 9:35pm here in California, not my bedtime yet :)
<unnotused> im starting to get tired and i can do it fairly quckly in the morning from the office
<unnotused> i just wanted to know if it was a virtual ubuntuserver problem
<unnotused> and its not
<unnotused> so im good
<jmarsden> It really doesn't sound like one to me.
<unnotused> im hopeing ebox will work ok
<unnotused> ive never used it
<jmarsden> If it manages the things you need to tweak with it, it will work.  It's not always as featureful as you might like if you have used webmin
<unnotused> just so long as my boss can log in and change the network settings
<unnotused> he isnt the CLI type
<unnotused> if it doesnt have a GUI its too old
<unnotused> lol
<jmarsden> Why not just leave it using DHCP so he never has to change the network settings??
<unnotused> idk
<unnotused> he asked to be able to change the network
<unnotused> and he is my boss
<unnotused> one of those deals
<jmarsden> OK...
<unnotused> (they dont trust me)
<unnotused> <<< student worker
<jmarsden> If they don't trust you, they shouldn't use a server image you create... :)
<unnotused> <<<< student work that does his boss's job and gets paid min wage for it . . .  whos the only reason his boss is still working
<unnotused> and jmarsden, the only reason they are letting me do it is b/c im the only one who knows how to set up mysql and they are too cheep to pay for MS SQL server
<jmarsden> Maybe you should find another minimum wage job, wait for boss to be fired, and then apply for his job :)
<unnotused> or wait till i get done with classes and move to california and get a job
<unnotused> :D
<unnotused> i live in WV
<unnotused> the middle of nowhere
<jmarsden> OK, well, I should let you sleep... have fun with Ubuntu and vbox in the morning :)
<unnotused> lol
<unnotused> thats
<unnotused> not funny
<unnotused> XD
<unnotused> night
<jmarsden> Goodnight
<uvirtbot`> New bug: #513622 in squid (main) "package squid 2.7.STABLE7-1ubuntu3 failed to install/upgrade: ??? ???? post-installation ?? ?????? 1" [Undecided,New] https://launchpad.net/bugs/513622
<jiboumans> morning
<acalvo> how can I change the default language?
<jmarsden> acalvo: At what level?  For the whole server, or for one user, or one shell session, or one command?
<acalvo> whole server
<acalvo> or shell session
<acalvo> whatever is easier
<jmarsden> Install the appropriate language pack, then edit /etc/default/locale to what you want, then log in.
<jmarsden> For a single shell session, you can just do something like export LANG=de_DE.utf8   # as the first command in the session.
<acalvo> thank you!
<jmarsden> You're welcome.
<faileas> I'm running ubuntu karmic server, and using a go6 ipv6 tunnel for ipv6 connectivity. I need to start a client for the ipv6 tunnel - this is at /usr/local/gw6c/bin/gw6c before apache starts, but i'm not clear on how to set the order of how scripts in /ect/init.d start
<JimiDini> faileas: /etc/init.d does not define order. order is defined by /etc/rcX.d where X is a digit from 0 to 6, corresponding to run-level
<faileas> JimiDini: and within it, there's scripts starting with two numbers, a letter (either k or s) and the script name...
<JimiDini> k=kill, s=start
<JimiDini> number defines order
<faileas> ok
<JimiDini> S20 will start before S30 for example
<faileas> now i just need to work out why this app won't start unless i'm in its directory
<twb> By now sysvinit should be deprecated :-/
<faileas> lol
<faileas> well i think my current issues arn't with that
<freewillie> Heey
<freewillie> Could someone help me out with my sound problem?
<freewillie> I have installed ubuntu server, and i want to use it as a jukebox but i hear no sound
<freewillie> Is there someone who can help me ?
<faileas> twb: What else should i be using? ;p
<twb> upstart
<faileas> freewillie: got alsa installed?
<twb> Or in my fantasy land, metainit
<freewillie> faileas: yes
<faileas> freewillie: go to alsamixer and see if your volume is turned up
<freewillie> faileas: but not configured because i dont know how
<faileas> (its not a joke. its happened to me before)
<freewillie> faileas: how can i put the volume up
<faileas> freewillie: in general you shouldn't really need to. try going to alsamixer (in cli)
<faileas> (i'm assuming you're running cli. else it depends on your setup)
<freewillie> i run from the commandline
<freewillie> faileas: This is the error: alsamixer: function snd_ctl_open failed for default: No such file or directory
<incorrect> strongswan or openswan?
<faileas> freewillie: http://ubuntuforums.org/showthread.php?t=1094196 might be a server kernel issue
<faileas> freewillie: mind installing a generic kernel, and seeing if that works?
<freewillie> ok
<freewillie> thanks
<freewillie> faileas: I will try, but now i have to go
<uvirtbot`> New bug: #513427 in samba (main) "'net usershare' returned error 255: net usershare add: cannot convert name "Everyone" to a SID. Invalid parameter." [Low,Incomplete] https://launchpad.net/bugs/513427
<nakamuka> scp a.c host:welcome , and it should copy to   /myscps/project/welcome directory in to the server. instead of /home/username/welcome .
<nakamuka> is it possible to change the prefix directory in the server ?
<nakamuka> could someone help me ?
<_ruben> incorrect: openswan here, but that was a decision made quite some time ago .. both have their pros and cons
<_ruben> nakamuka: change the users homedir, or specify full path in your scp command
<incorrect> _ruben, i went with openswan too
<nakamuka> _ruben,  but are there any way to specifiy like in ftp we specificy vsftp.conf anon_root = prefixdir, ?
<_ruben> nakamuka: doubt that, check the manual to be sure :)
<twb> nakamuka: what are you actually trying to achieve?
<nakamuka> twb, Ok, i need to copy some file to server through scp. by default if destination directory is relative path, then it is prefixed with the home directory to make absolute.  But for me i dont want home directory to be prefixed but some other directory lets say /myscps/projects1
<twb> nakamuka: why?
<nakamuka> twb, the present code scenario is like that. :)
<nakamuka> twb, reason behind is the destination directory can be changed quickley just by chaning a small configuration file , ie. changing prefix.
<jmarsden> nakamuka: ssh user@example.com "ln -s scp /myscps/projects1"  # then scp -p foo user@example.com:scp/  puts the files where you want them.
<jmarsden> To change where they go, change the scp symlink .
<twb> Or even just ssh fs 'ln -s /myscps/*'
<jmarsden> twb: Maybe.  That could be a lot of symlinks to change for every user concerned, if the whole idea is to allow rapid switching of where stuff goes?
<twb> jmarsden: I was assuming he was only doing it for his own silly user
<twb> It certainly will make a mess of $HOME
<nakamuka> twb, that is true, but  it could be nice if there is one option like we see in ftp,  In   vsftp.conf  anon_root parameter holds the prefix directory.
<twb> nakamuka: file a feature request with upstream
<nakamuka> twb, where do i have to file. link ?.. sorry to ask basic questions.!
<twb> Try #openssh, if you're using the default implementation.
<mobi-sheep> You too could throw in the aliases for SCP commands in the mix!
<nakamuka> mobi-sheep,  means ?
<mobi-sheep> nakamuka: That wouldn't work, I think. Because of specific parameters.  Scripts would though.
<nakamuka> mobi-sheep, ok. any idea about ChrootDirectory in sshd_conf directory ?
<mobi-sheep> nakamuka: I mean like this "scp-project2 <file>" would act like "scp <file> <hostname>@<ip>:<path>"
<mobi-sheep> Assuming you're doing this for yourself, not many users.
<mobi-sheep> nakamuka: I know nothing about that ChrootDirectory.
<Italian_Plumber> good morning.  I just put a 100GB hard drive in my machine.  It shows 93GiB size, and 88GiB free.  I know that 100GB is actually 93GiB -- I totally get that.  And I know that the filesystem needs some room to do its thing.  But does it really need 5GiB out of 93?
<Italian_Plumber> I'm farily sure that I used all availiable space for the partition.
<Italian_Plumber> the drive is not the OS drive.
<_ruben> Italian_Plumber:
<_ruben>        -m reserved-blocks-percentage
<_ruben>               Specify  the  percentage of the filesystem blocks reserved for the super-user.  This avoids fragmentation, and allows root-owned daemons, such as syslogd(8), to continue to function correctly after
<_ruben>               non-privileged processes are prevented from writing to the filesystem.  The default percentage is 5%.
<_ruben> 5% of 100G is 5G ;)
<Italian_Plumber> ah.  well avoiding fragmentation will be good -- this drive will be written to and deleted from a lot.  Thanks!
<zul> morning
<zul> jiboumans: ping
<jiboumans> zul: hi
<zul> jiboumans: 1:1?
<jiboumans> was just about to hit 'call' :)
<zul> its my psychic powers
<jiboumans> kirkland: ping?
<MTecknology> You guys have any idea how to make a cron job that runs every hour except midnight?
<MTecknology> * 1-23 * * * ; hrm.. I think that'll work :)
<Pici> MTecknology: That will run every minute of every hour except 0:xx
<Pici> MTecknology: 0 1-23 * * * would be what you're looking for
<MTecknology> Pici: thanks, I spaced when I typed it out here
<smoser> EtienneG, per -server mailing list
<smoser> ii'm certainly not under the impression that -virtual is being phased out
<EtienneG> smoser, ok, sorry for implying that then
<smoser> the wierd thing about that snippit of the 'earth computing' thread is that -virtual *is* -generic-pae or -server
<EtienneG> smoser, I see
<smoser> its just that kernel, those modules, with some pruning of the module list
<smoser> it makes no sense that there woudl be a performance difference
<EtienneG> indeed
<smoser> tha tis the case in karmic and lucid. i can't knowledgably speak for before that.
<EtienneG> i am perplexed too
<beniwtv> Hey all.... My newly installed server on RAID 1 wants to install LILO. How can I install GRUB instead? On 8.04.3. I read somewhere this is only grub-installl /dev/md0 but on the alternate installer in live mode I can't find this command :(
<_ruben> beniwtv: is /boot on a lvm by any chance?
<beniwtv> _ruben: no, only RAID1
<beniwtv> _ruben: The problem with LILO is, it won't boot and it stalls on freeing initrd
<_ruben> hmm .. wonder it thinks lilo is needed in that case, plain software raid is no reason to ditch grub
<beniwtv> _ruben: Yeah, now I'm going to do this: boot in rescue mode from the alternate CD, activate LVM (if not active), and mount the /root partition (which is on LVM). Then I chroot, apt-get grub and install grub. Sounds possible right?
<_ruben> i'd say so yeah
<beniwtv> _ruben: I have someone there that will be able to follow some instructions, but it's difficult over the phone. I have ping to the server. Would is be possible to access it via ssh?
<_ruben> the alternate cd probably wont have sshd running, but it can be installed manually (done similar stuff with the live desktop cd for recovery)
<beniwtv> _ruben: how can it be installed? anna-install?
<_ruben> not sure about the possibilities offered by the alternate cd, in my case i could just apt-get it
<beniwtv> apt-get seems to be not there, though
<_ruben> perhaps the network-console module could do the job
<_ruben> anna/choose_modules network-console
<_ruben> not sure if that works for recovery purposes though
<beniwtv> probably I should do a ls /bin and see what's there ot use
<beniwtv> s/ot/to
<uvirtbot`> New bug: #513811 in bacula (main) "package bacula-director-mysql 3.0.2-3ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/513811
<incorrect> damn setting up L2TP/ipsec is a pain in the arse
<beniwtv> how does someone use grub-installer manually? is it possible?
<smoser> kirkland, mathiaz, ttx you have a euca instance up you can do something for me ?
<smoser> python -c 'import boto.utils, pprint; pprint.pprint(boto.utils.get_instance_metadata())'
<mathiaz> smoser: not for now sorry
<ttx> smoser: ack
<ttx> smoser: that seems to hang
<ttx> smoser: you need an instance running ?
<smoser> it shoudln't hang
<smoser> yeah, in an instance do that.
<smoser> sorry
<ttx> ah
<smoser> it will hang for a couple days if you didn't have a web server on 169.254.169.254
<ttx> right, just a sec, then
<ttx> smoser: good presentation yesterday, btw
<ttx> raed the logs
<smoser> why thank you.
<ttx> smoser: http://pastebin.ubuntu.com/364633/
<smoser>  'block-device-mapping': {'emi': 'sda1',
<smoser>                           'ephemeral': 'sda2',
<smoser>                           'root': '/dev/sda1',
<smoser>                           'swap': 'sda3'}
<smoser> gah
<smoser> should i open a bug on that
<smoser> ec2 has
<smoser> 'ephemeral0': 'sda2'
<smoser> (same other than '0' in ephemeral)
<uvirtbot`> New bug: #513749 in dhcp3 (main) "dhcp3-server automatically starts ignoring startup rules on package update" [Low,Incomplete] https://launchpad.net/bugs/513749
<ttx> smoser: yes, file one
<smoser> hm... could you run 'ubuntu-bug eucalyptus' for me and pass me the link ?
<smoser> that way we'll get the euc versions
<smoser> apport hoosk
<smoser> ttx,
<ttx> 1.6.2~bzr1136-0ubuntu1
<ttx> (don't have apport on that box, sorry)
<ttx> (I know, I should)
<ttx> smoser: let me know the bug number when filed
<smoser> ttx, you can get it pretty easily: apt-get install apport-cli
<smoser> :)
<ttx> meh, kinda busy right now, trying to scrub 60 bugs in 4 min
<smoser> fair.
 * patdk-lap watchings the bugs scurry away from ttx, hoping to live
<ahasenack> mathiaz: hey
<ahasenack> mathiaz: when using puppet with ec2, how do you manage the certificates to bootstrap puppet in a script?
<ahasenack> mathiaz: do you use autosign on the puppet master?
<mathiaz> ahasenack: aha - good question
<mathiaz> ahasenack: I'm about to investigate that issue
<mathiaz> ahasenack: current plan is to allow autosigning
<ahasenack> mathiaz: there are some alternatives, not all extremely scriptable
<ahasenack> mathiaz: like pre-generating the certs on the master, or actually doing all this work in a script talking to two hosts
<mathiaz> ahasenack: alternative is to provide the private key and publick key in the user data
<ahasenack> mhm
<mathiaz> ahasenack: IMO autosigning is the best option
<mathiaz> ahasenack: what I need to check if wether the autosigning process can have hooks
<ttx> mathiaz: I've been struggling with the pxe setup today :)
<ttx> mathiaz: now I know that lighttpd cgi module doesn't pass PATH_INFO.
<mathiaz> ahasenack: with the idea that before signing a cert request, it calls an external script to check wether the certname requested should be accepted
<ttx> mathiaz: and I have patches for boot.py error reporting
<smoser> ttx bug 513842
<uvirtbot`> Launchpad bug 513842 in eucalyptus "block-device-mapping in metadata has 'ephemeral' not 'ephemeral0'" [Medium,New] https://launchpad.net/bugs/513842
<ahasenack> mathiaz: I don't remember seeing that feature, but it might be deep inside the ruby things
<ttx> since it fails quite badly when something happens
<mathiaz> ttx: hm - I did my test with apache2 - I though that PATH_INFO was a standard CGI variable
<ttx> mathiaz: it is in my book too
<mathiaz> ahasenack: yeah -  I'm not sure if puppetca supports that
<mathiaz> ahasenack: If not, I'll talk to upstream about implementing it
<ahasenack> mathiaz: the idea about using user data sounds interesting
<ttx> mathiaz: I'll switch to apache2, no big deal
<ahasenack> mathiaz: I was hoping I could come up with a more general solution that didn't leverage on ec2, but it does sound nice
<mathiaz> ahasenack: one of the hook is to verify if a node has already been allocated
<mathiaz> ahasenack: ie if the puppet knows about the client and the requested name
<mathiaz> ahasenack: if there isn't any hook available in the signing process, then I'd suggest auto signing
<ahasenack> mathiaz: for ec2 that doesn't sound too bad, since the network setup will only allow machines you specify to reach the master
<mathiaz> ahasenack: yop
<ttx> mathiaz: pxe chaining is a little tricky to debug... especially running dnsmasq on a linksys router.
<mathiaz> ahasenack: the next problem is about node allocation
<ahasenack> mathiaz: I have thought about that yesterday
<ahasenack> mathiaz: you mean how to tell which node will become what?
<mathiaz> ttx: don't you see the tftp request in the log?
<mathiaz> ahasenack: yes
<ahasenack> mathiaz: I think I have a solution
<mathiaz> ahasenack: I've got *plenty* of solutions ;)
<ahasenack> mathiaz: if you export a shell var like FACTER_something in the node
<ahasenack> mathiaz: you can use $something on the master as the contents of that var
<mathiaz> ahasenack: right - that's an option
<ttx> mathiaz: tftp is alright... it's the chaining that fails (get the gpxe option, point to http://)
<ahasenack> mathiaz: so I was planing in using that in the node statement on the master
<mathiaz> ahasenack: another on is to the hostname
<mathiaz> ahasenack: actually the certname
<mathiaz> ahasenack: webserver.test1.
<ahasenack> mathiaz: what is the certname?
<mathiaz> ahasenack: ^^ I'm a webserver in test1
<ahasenack> isn't that just derived from the hostname?
<mathiaz> ahasenack: not necessarly :)
<mathiaz> ahasenack: you can set a specific certname when starting puppet
<mathiaz> ahasenack: that helps in EC2 since ec2-init sets the hostname of the machine to what dhcp/metadata says
<ahasenack> mathiaz: ok, but I suppose you can only have one certname in all your nodes
<mathiaz> ttx: hm - what do you mean? what fails on the client?
<ahasenack> mathiaz: I mean, it should be unique among the nodes
<mathiaz> ahasenack: yes - hence the following trick: webserver.test1.%InstanceID
<ttx> mathiaz: on a call
<ahasenack> mathiaz: ok
<mathiaz> ahasenack: and then you match on webserver.test1 in your puppet recipe
<ttx> mathiaz: bbl
<ahasenack> mathiaz: I was thinking about the node just saying "hey, I'm a node of type <foo>"
<mathiaz> ttx: ok
<mathiaz> ahasenack: right - that's what you're aiming for
<ahasenack> mathiaz: then on the server I wouldn't need to include all the hostnames (or certnames) in the configuration
<ahasenack> mathiaz: like, FACTER_role="ldap-slave"
<mathiaz> ahasenack: yes - that's what a good way to do it
<ahasenack> makes it easier if I can have several machines with the same role
<mathiaz> ahasenack: yop - I'd try that - I know some puppet user are exactly doing that
<ahasenack> mathiaz: you said "match on webserver.test1", I suppose that requires puppet with regexp support, right?
<mathiaz> ahasenack: they don't have any nodes defined, just use facts
<ahasenack> mathiaz: I read somewhere that  only newer versions have that regexp support (i.e., not the one from hardy )
<ahasenack> mathiaz: interesting
<mathiaz> ahasenack: yeah - probably something like that - I'm not sure if it actually works
<ahasenack> the one from hardy can't even check for variable contents in the if/else statements
<ahasenack> I had to resort to a case statement for that
<mathiaz> ahasenack: the idea is to use the dns naming scheme to state the role of the machine
<mathiaz> ahasenack: yeah - hardy is probably very old :)
<mathiaz> ahasenack: you should try the one in lucid
<mathiaz> ahasenack: :)
<ahasenack> indeed
<mathiaz> ahasenack: using something like: webserver.pool1.prod
<mathiaz> ahasenack: to state that this is a webserver in pool1 in production
<ahasenack> right
<mathiaz> ahasenack: that being said you could also use facts
<ahasenack> poor dns
<mathiaz> ahasenack: but you need to get the complete role description into the node somehow
<ahasenack> I try to avoid messing with dns when certificates are in place
<ahasenack> mathiaz: right, if I can match on just "webserver.pool", that works just fine
<ahasenack> otherwise I will have to list all poolN possibilities if I want to grow
<mathiaz> ahasenack: well - the problem with using the hostname in ec2 is that there may be a chance that the hostname will be reused
<mathiaz> ahasenack: overtime
<ahasenack> mathiaz: what do you mean?
<mathiaz> ahasenack: thus the idea of including the InstanceId in the certificate name
<mathiaz> ahasenack: well if you start/stop a lot of instances, you may get the same IP address again
<mathiaz> ahasenack: in which case you'd end up with the same hostname
<ahasenack> hmm
<mathiaz> ahasenack: so you can't get the same hostname in *running* instances
<mathiaz> ahasenack: but you could get the same hostname over a long period of time
<mathiaz> ahasenack: that's why you need to have a real unique ID for each machine
<mathiaz> ahasenack: InstanceID can play that role
<ahasenack> mathiaz: do you plan to have two types of AMIs perhaps? One for the master and the other being a sort of generic one for whatever you want, just enough to bootstrap puppet and then let it configure the rest?
<mathiaz> smoser: what's a standard hostname in an ec2 machine?
<ahasenack> ec2-foo-bar-bla.internal?
<ryker> is there any way at all to get to an instance that is stuck in startup because of a typo in /etc/fstab for an unimportant mount point?
<mathiaz> ahasenack: hm - I don't think we should two AMIs. My current plan is to document how to bootstrap a puppetmaster (via a puppet recipe)
<smoser> $ hostname
<smoser> domU-12-31-38-00-45-05
<mathiaz> ahasenack: may be provide a package in >lucid
<ahasenack> mathiaz: create a puppetmaster with puppet?
<mathiaz> smoser: is the hostname unique in ec2 overtime?
<mathiaz> ahasenack: yes :)
<smoser> no
<ahasenack> mathiaz: so it starts as a puppet node and then becomes a master?
<smoser> external fqdn: ec2-72-44-32-161.compute-1.amazonaws.com
<mathiaz> ahasenack: you can run puppet in a standalone mode
<smoser> internal: domU-12-31-38-00-45-05.compute-1.internal
<mathiaz> ahasenack: yes - you can ship complete puppet recipe and ask puppet to apply to the local system
<mathiaz> ahasenack: that's how I would bootstrap a master
<smoser> i guess i dont know for certain that the hostname is not globally unique.
<mathiaz> smoser: ok - so to make the instance name unique, including it's IntanceID is enough?
<mathiaz> smoser: what matters here is wether the hostname is unique *overtime*
<mathiaz> smoser: over time
<smoser> instance-id is enough
<smoser> after i pated that internal, i checked. the mac on that machine is
<smoser> 12:31:38:00:45:05
<mathiaz> ahasenack: ^^ so using the instance-id is enough
<smoser> so they're just using that.
<ahasenack> mathiaz: if your master is not long-running, this uniqueness should not be too much of a problem, right?
<mathiaz> ahasenack: and then with a hook in puppetca you can check wether the instance id does actually exist before signing the certificate
<smoser> the obvious fact is that i-5e222c36 cannot be eternally globally unique
<mathiaz> ahasenack: agreed
<smoser> it is probably not cross-region unique
<mathiaz> ahasenack: for test environement it's ok
<ahasenack> mathiaz: hmm, we do something similar in landscape
<mathiaz> ahasenack: as you can also purge certificates on the master
<ahasenack> mathiaz: the client can auto-register when in cloud mode
<mathiaz> ahasenack: basically the puppet master will *not* sign a request for a cert that has already been issued
<ahasenack> mathiaz: because the server is able to verify it via the ec2 api
<ahasenack> so
<ahasenack> I was planning in just launching an instance with a user data script. One for a puppet master, one for puppet nodes
<patdk-lap> ttx, how did you test lighttpd that you say it doesn't do path_info? cause mine do
<ahasenack> then the certs gave me that headache
<ahasenack> but in ec2 autosign sounds reasonable
<mathiaz> ahasenack: yes - especially in test environement
<mathiaz> ahasenack: I'd argue to use the autosign in production env as well
<mathiaz> ahasenack: especially if you use things like AutoScaling
<ahasenack> it's a policy decision, it's good to have the option
<mathiaz> ahasenack: but you'd need a hook to verify that the instance actually exists
<ahasenack> certainly when managing hundreds of machines you can't have manual signing
<ttx> patdk-lap: enabled cgi mod, ran a python script, os.environ["PATH_INFO"] triggers KeyError
<mathiaz> ttx: did you try to dump of os.environ?
<patdk-lap> http://mx1.grsi.com/test.pl/test :)
<mathiaz> ttx: that's usually how I check what's in there
<ahasenack> mathiaz: when landscape starts an instance, it gives it an OTP via user data
<patdk-lap> it shows path_info for me
<ahasenack> mathiaz: so when the client later gets back to the server with that otp, we can verify it
<ahasenack> (one time password)
<mathiaz> ahasenack: yop - that standard keybased process - with a timestamp it's even better
<mathiaz> ahasenack: and then you sign everything with a server key
<mathiaz> ahasenack: so that you don't have to keep track of issued tokens
<mathiaz> ahasenack: on the server
<ahasenack> timestamp + replay detection for the duration of the timestamp, that's how kerberos detects these attacks, right?
<mathiaz> ahasenack: yop - I think so
<ttx> patdk-lap: I'll give it another try :)
<ahasenack> mathiaz: ok, thanks for the discussion! :)
<patdk-lap> sorry, lighttpd is my baby :)
<patdk-lap> well, not mine, but I have been helping with it for awhile
<mathiaz> ahasenack: you're welcome - let me know what you find out
<mathiaz> ahasenack: I'm about to right an upstart job to include in ec2-init to enable puppet integration
<mathiaz> ahasenack: so that you don't have to use a user script anymore
<ahasenack> mathiaz: ec2-init fires other initscripts ("upstart jobs") then?
<mathiaz> ahasenack: kind of
<mathiaz> ahasenack: ec2-init will emit a cloud-config upstart event
<ahasenack> mathiaz: or is it just another job and ec2-init depends on it to complete?
<ahasenack> ok
<mathiaz> ahasenack: and then the puppet upstart job starts on cloud-config
<mathiaz> ahasenack: the key part is how to pass the role information to instance via user-data
<ahasenack> mathiaz: so your job will take that information out of user-data and apply it to its local puppet client configuration, mangling, say, the certname?
<mathiaz> ahasenack: hm I don't know yet
<mathiaz> ahasenack: I'm leaning toward the following:
<mathiaz> ahasenack: 1. you can specify a puppet certname in the userdata (ex: webserv.%i.%h.%d)
<mathiaz> ahasenack: with %i substituted with InstanceID
<ahasenack> ok
<mathiaz> ahasenack: %h for the hostname, and %d for the domain name
<mathiaz> ahasenack: if it's there
<mathiaz> ahasenack: 2. pass facts in the user data
<mathiaz> ahasenack: and these facts would then be availabe
<mathiaz> ahasenack: in that case, the certname would default to the InstanceID
<ahasenack> mathiaz: can you "take over" user-data like that? I suppose yes, since the instance will be launched by you
<ahasenack> mathiaz: just wondering if other scripts elsewhere don't expect to have their own stuff in user-data
<mathiaz> ahasenack: yes - we already have a specific format for doing that
<ahasenack> mathiaz: the bit from eric hammond or has it evolved?
<mathiaz> ahasenack: it has eveloved
<ahasenack> mathiaz: #!/ in first line versus plain data?
<ahasenack> mathiaz: ah, interesting
<mathiaz> ahasenack: yes - it's based on that
<mathiaz> ahasenack: IIRC if user-data starts with #cloud-config then you'll trigger the ec2-init simplified configuration
<mathiaz> smoser: ^^?
<mathiaz> ahasenack: and then one option of the simplified configuration will be to use puppet
<mathiaz> ahasenack: see https://wiki.ubuntu.com/ServerLucidCloudConfig for a sample configuration file
<ahasenack> mathiaz: where do these discussions take place? ubuntu-server? I don't remember seeing them, and they are very interesting
<smoser> this is correct.
<ahasenack> maybe just uds?
<mathiaz> ahasenack: we talked about them at UDS
<ahasenack> ah, ok
<mathiaz> ahasenack: and then refined them in #ubuntu-server in december
<mathiaz> ahasenack: and I also made an RFC on planet and ubuntu-server@
<mathiaz> ahasenack: so the #cloud-config file format will be extend to support puppet specific options
<mathiaz> ahasenack: such as puppet certname and puppet facts
<mathiaz> ahasenack: to support both 1. and 2. use cases outlined above
<squidly> with the UCE cloud how have I tell if my nodes are connecting to my main server?
<mathiaz> ahasenack: this is part of https://blueprints.launchpad.net/ubuntu/+spec/server-lucid-puppet-uec-ec2-integration
<ahasenack> sounds very interesting
<ttx> patdk-lap: alright, path_info works... something else is borking it
<ttx> mathiaz: gpxe doesn't seem too happy with the pxelinux.0 it gets a 302 for
<ttx> mathiaz: i'll spend more time on it tomorrow
<ttx> mathiaz: PXE input/output error when going through boot.py/pxelinux.0 302, works when loading /pxelinux.0 directly
<kirkland> smoser: monkeying with the uec image names again?
 * kirkland goes update the wiki pages
<smoser> no
<kirkland> smoser: looks like -uec- was added in there
<smoser> yeah.
<smoser> that happened prior to alpha2
<smoser> as i ahd removed the -uec-
<smoser> and that caused pain for people as it name-collided with 'ubuntu-desktop'
<smoser> so this is hopefully more final
<smoser> sorry
<kirkland> smoser: i have a euca instance running now
<kirkland> smoser: what would you like
<smoser> ttx got it for me. thanks though.
<beniwtv> hey anyone has a problem where the recovery menu appears on shutdown?
<beniwtv> (server edition, that is)
<Elad> I just added an alias onto my server so that it forwards all root mail to my e-mail, and I am getting this e-mail every 20 minutes but don't see a cron for it under the root user .. /usr/share/sendmail/sendmail: 1248: /usr/sbin/sendmail-msp: not found
<Elad> as some background, I had originally set up the server to use sendmail, but then switched to postfix - Can I just use apt to remove sendmail or do I risk breaking postfix in some strange way
<lamont> see also /etc/cron*/*?
<lamont> what does 'dpkg -S /usr/share/sendmail/sendmail' say?
<RoyK> wtf. it's 2010 and people are still using sendmail???
<mjeanson> kirkland: is it possible to have plymouth working ina kvm guest?
<ryker> hate to ask a simple question like this, but what I've found online doesn't work for me.  How do I make a new hostname stick after a reboot?  Putting the name in /etc/hostname doesn't work.
<Elad> lamont: sendmail-base: /usr/share/sendmail/sendmail
<lamont> so something in that depends: sendmail, and fails to do so in the package, it would appear.
<lamont> since sendmail-msp isn't in sendmail-base...
<skot> Hi all
<skot> I'm looking for a little help with a failed soft-raid array (ubuntu-9.10 -2.6.31-17 kernel- raid5 5-disks). I have got a replacement drive (A) but on adding it, another drive (B) is failing during the sync. It gets about 60% and then the new drive (B) gets marked faulty and the sync stops. Any suggestions?
<bogeyd6> skot, is the drive faulty?
<skot> yes. it seems to be. smartctl reports errors in the log.
<skot> bogeyd6, the only thing I can think to do is try to make a byte-by-byte copy of the failing drive (B) to (A) (minus any corrupt data; if the disk will stay online long enough) and then try to recreate the array with (A) substituted in for (B). Can you think of another solution?
<bogeyd6> I dont think so
<bogeyd6> The drive has errors and you are trying to use it
<Elad> lamont: think I should just be able to remove sendmail, and if it breaks something just put it back? I don't think anything relies on it . . .but could be wrong
<uvirtbot`> New bug: #509734 in libnss-ldap (main) "initgroups() fails when using libnss-ldap (but not nscd)" [Medium,Triaged] https://launchpad.net/bugs/509734
<incorrect> damn phpldapadmin is b0rk3d
<skot> Yeah, unfortunately I have had a failure of 2 drive in a raid5 set. I don't what else to do but try to recover as many bytes as I can.
<incorrect> skot, you sound kinda screwed
<skot> incorrect, that is not so funny cause that is what I feel like.
<skot> ;(
<incorrect> backups!
<incorrect> saying that i need to make backups
<skot> I hear you, I have backups (mostly) but putting them together is no fun; and I will never be sure I have it all back the way it was...
<incorrect> skot, these days i virtualise everything
<skot> For the most part, that raid array was my backup of many other sources.
<zul> yay samba has an apport hook
<skot> incorrect, how do you virtualize disks? Somewhere there are going to be real drives. If you lose enough, you lose data.
<incorrect> virtual disks, you snap shot those somewhere else
<incorrect> ok it can take a bit of space
<skot> incorrect, I should mention that this is my home system. I know is just a matter of money, I should have thrown N + 1 + 1 drives at the situation but I thought the odds on two disks going in the same week was low enough.
<incorrect> this is my home system too
<skot> incorrect, well, I got bit this time. Thanks for listening. I will go off and recover what I can.
<incorrect> good luck
<kirkland> mjeanson: sorry, I don't know anything about Plymouth
<mjeanson> kirkland: I'm interrested in the boot messages and plymouth seems to be mandatory in lucid to display them
<kirkland> mjeanson: why would plymouth not work in KVM?
<kirkland> mjeanson: how can I tell if plymouth is working?
<mjeanson> kirkland: never seen it working in any of my kvm, but you should get a graphical bootsplash and service startup messages
<erichammond> mathiaz, smoser: The EC2 instance id is unique over all time.  Amazon will be changing the format/length of the instance ids before they run out.  I'm pretty sure instance ids are unique across regions, but have not confirmed this.  Host names are not unique over time.
<smoser> hm.. i thought that instance ids would not be unique over regions
<erichammond> smoser: I suspect that the id includes an id or range assigned to the authority giving it out so that even a single region does not have a single source.  I'm not positive about this.  There was an article which took apart instance ids in an attempt to figure out how many were being started each day.
<erichammond> smoser, mathiaz: domU-12-31-38-00-45-05 is only one of a couple possible formats for internal hostnames for EC2 instances.  There is a different format based on the internal IP address.  Each instance only gets one of these, but it is somewhat arbitrary which one.
<erichammond> EC2 also does not make any promises about hostname formats, internal or external.
<mjeanson> kirkland: you're my kvm guru, I thought you may of ran into that but thanks anyway
<patdk-lap> skot, make sure you try dd_rescue :)
<incorrect> stupid installer created my extended partition the same size as a single parition
<incorrect> urg
<incorrect> what is the easiest way to scale a partition from the command prompt?
<incorrect> ok that was easy
<incorrect> how can i refresh /dev i am missing a disk
<incorrect> err partition
<kirkland> mjeanson: hmm, i just boot a lucid vm
<kirkland> mjeanson: i didn't see any boot messages
<kirkland> mjeanson: but it booted in about 4 seconds though
<smoser> incorrect, try udevadm trigger
<incorrect> didn't do it
<incorrect> reboot ftw
<RoyK> incorrect: as in reboot For The Windows-user?
<squidly> how does a UCE system determine if there a enough resources for the vm?
<lamont> Elad: if you have postfix installed, you don't need any of sendmail (and it shouldn't need any of itself either)
<Italian_Plumber> I have this motherboard: http://tinyurl.com/ydtdjg6 running hardy server.  I have bought this PCI card: http://tinyurl.com/ydv29tc and this hard drive: http://tinyurl.com/yknn23p ... will I be able to put in the card and drive, and have Ubuntu recognize the device, or will it be likely that I'll need to install drivers?
<patdk-lap> it will be fine
<mathiaz> jjohansen: hi - is the cciss compiled in the -generic kernel?
<mathiaz> jjohansen: I'm trying to install lucid on an HP server - these machines usually use the cciss module
<MTecknology> This is irritating... I have a WinXP 64bit key but I can't use it in a VM beecause my BIOS won;t let me
<mathiaz> jjohansen: but the installer is not able to detect any drive
<patdk-lap> MTecknology, then you don't have a real xp key, but an oem key
<MTecknology> patdk-lap: i have the real key on the pressed cd in my posession
<patdk-lap> that doesn't matter
<patdk-lap> where did the cd come from? bought at the store in a windows xp box?
<patdk-lap> or did it come with a computer?
<MTecknology> patdk-lap: yup
<patdk-lap> with a computer, it's no good
<MTecknology> store
<jjohansen> mathiaz: cciss? I am not familiar with it but I don't find it as an option
<MTecknology> you don't seem to know what you're talking about..
<patdk-lap> I don't?
<Italian_Plumber> sorry I had to get up from my desk.  patdk-lap: was your "it will be fine" directed at me?
<mathiaz> jjohansen: http://cciss.sourceforge.net/
<patdk-lap> Italian_Plumber, yep, you shouldn't have any issues at all
<jjohansen> mathiaz: we have CONFIG_BLK_CPQ_CISS_DA=m
<jjohansen> CONFIG_CISS_SCSI_TAPE=y
<Italian_Plumber> ok... I"m going to to hold you to that. :)
<patdk-lap> unless that card only supports sata 150, then make sure the drive is set to 150 only
<jjohansen> but I don't see a cciss
<Italian_Plumber> My controller card arrives tomorrow -- just in time for the weekend.
<jjohansen> mathiaz: I'll poke around and see if I can figure out why
<Italian_Plumber> 150, 300... I don't care.  Space is my biggest issue.
<mathiaz> jjohansen: hmm - is it there on the karmic kernel?
<patdk-lap> Italian_Plumber, ya card is only 150, so make sure you install the jumper on the drive to limit it to 150
<Italian_Plumber> ok I'll check.  Thanks!
<patdk-lap> cciss                  97481  3
<patdk-lap> it's a module on my redhat system
<jjohansen> mathiaz: karmic is the same thing
<patdk-lap> cciss module exists in karmic desktop
<mathiaz> jjohansen: ok - I'm still tracking down which module should be used for the controller
<patdk-lap> it's in -generic
<patdk-lap> /lib/modules/2.6.31-17-generic/kernel/drivers/block/cciss.ko
<patdk-lap> dunno about the install cd though
<mathiaz> patdk-lap: that's on karmic?
<patdk-lap> yep
<patdk-lap> want me to check hoary?
<patdk-lap> it's in hoary also
<patdk-lap> maybe it's just missing from the install cd initrd?
<MTecknology> patdk-lap: what does the key I'm using have to do with wether or not I can run the 64bit os?
<patdk-lap> MTecknology, microsoft is completely nuts about their stuff
<patdk-lap> you have to have the cd and key that go together
<patdk-lap> and some cd's you even have to have the right computer that goes with it
<patdk-lap> you can't just use any win xp key with any win xp cd
<patdk-lap> now, running a 64bit os in a vm is totally different, normally your computer must support VT extentions on the cpu to do that
<MTecknology> patdk-lap: yup... now your on my page :P - proc supports that; bios doesn't allow me to enable that support
<patdk-lap> what vm you using?
<MTecknology> vbox
<patdk-lap> bios upgrade? :)
<MTecknology> none available
<patdk-lap> your completely screwed, it's not a win xp 64 or key issue
<MTecknology> coreboot - can't do that on this system
<techsupport> i'm having trouble locating the download for ubuntu server 32 bit 9.10
<MTecknology> I never said it was
<patdk-lap> it's just your bois won't let you
<MTecknology> which is what I already stated
<MTecknology> :P
<patdk-lap> you said your bios has issues with your win xp 64 key :)
<patdk-lap> not that your bios has issues turning on vm support
<patdk-lap> vt support
<MTecknology> techsupport: updatedb; locate *.iso
<MTecknology> patdk-lap: 14:59 < MTecknology> This is irritating... I have a WinXP 64bit key but I can't use it in a VM beecause my BIOS won;t let me
<MTecknology> bios won't let me
<techsupport> i didn't download it yet
<techsupport> i'm trying to download it
<techsupport> lol
<techsupport> from ubuntu.com or something
<MTecknology> techsupport: http://www.ubuntu.com/getubuntu/download
<techsupport> it says desktop
<techsupport> begin download desktop
<MTecknology> Alternative download options, including Ubuntu installer for Windows
<techsupport> and this one says 64 bit
<techsupport> what the hell
<techsupport> http://www.ubuntu.com/getubuntu/download-server
<techsupport> where is the 32 bit server ?
<MTecknology> techsupport: Alternative download options
<MTecknology> techsupport: read the page
<techsupport> sorry too much work lately
<mathiaz> jjohansen: ok - so cciss.ko is available in the lucid generic kernel as well: /lib/modules/2.6.32-11-generic/kernel/drivers/block/cciss.ko
<MTecknology> techsupport: I know the feeling
<dthacker> Hello, I'm having problems coming up with the correct /etc/sudoers syntax for this scenario.   Users hans, bob, and fred should be be able to run any command that can be run by username "produser"
<dthacker> Ah, I misread the record format.  This works     hans, bob, fred       ALL=(produser)   ALL
<MTecknology> dthacker: you can make groups as well
<MTecknology> dthacker: I think man sudoers explains it pretty nicely
<dthacker> MTecknology: yes, one step at a time.  I'm still not getting the correct config.   I now get: "/usr/bin/ksh produser as root on my.local.host"
<dthacker> argh
<MTecknology> dthacker: I'd make a group called produser and add the users to that group; then give that group access
<MTecknology> dthacker: not system group; sudoers group
<dthacker> MTecknology: would that be "User_Alias     PRODUSERS= hans,bob,fred
<hsn> how to disable mysql from autostarting on boot?
<patdk-lap> correct way? something with up init or something
<MTecknology> dthacker: I thought the syntax was closer to -  User_Alias ::= NAME '=' User_List
<patdk-lap> personally I just do a chmod -x /etc/init.d/mysql
<MTecknology> dthacker: could have changed though
<dthacker> MTecknology: will re-read man pages
<dthacker> didn'nt see any double colons
<MTecknology> dthacker: I'd also make an alias 'Cmnd_Alias' then just link the two down below
<patdk-lap> hmm, update-rc.d
<jjohansen> mathiaz: yep, ccisss == cpq_ciss
<patdk-lap> oh? cciss is gone in lucid? and replaced with cpq_ciss?
<MTecknology> I'm gone for 1/2hr - windows is still at the "preparing to dload sp3"
 * dthacker decides to build a test case for this at home on his server farmlet
<hsn> patdk-lap: yes, update-rc.d did it
<MTecknology> hsn: check out rcconf sometime; handy little tool
<stickystyle> hsn: I second rcconf, I have it on all my servers.
<glen1> you know when you buy a song off amazon, how if gives you a link that works for that time buy expires
<glen1> what is that called?
<hggdh> ripoff?
<glen1> haha
<hggdh> sorry. Long time I don't by a song off amazon, don't remember...
<glen1> well if gives you a link but that link expires
<glen1> so you can download it once but never again using the same url
<glen1> how does it do that? does the actual location of the file move with each purchase?
<hggdh> yes. I dimly remember you call contact them to reinstate it (if you have not yet downloaded the songs).
<hggdh> I do not know. I would expect the location would be calculated based on the data on the HTTP headers
<glen1> its not really to do with amazon, its just the concept. How do they give out a link that can expire
<patdk-lap> gen1, on lighttpd it's call, secdownload
<glen1> ohhh thats the money
<patdk-lap> and there are many ways to do it
<patdk-lap> entry in database that expires
<patdk-lap> or many many other ways
<glen1> i always wondered how, it interested me. thanks for pointing it out to me :D
<glen1> so I guess it's used alot in ecommerce
<patdk-lap> and other things
<patdk-lap> like if you want to keep people from hotlinking files
<patdk-lap> but still want to let people download it
<patdk-lap> my company would use it, if they can get their act together, to give new employees their benifits and other documents
<glen1> could you explain how it would be used in a company?
<patdk-lap> heh?
<patdk-lap> you don't use it, just cause you can
<patdk-lap> you need a purpose for it
<glen1> im looking through it, how does it authenticate the user?
<patdk-lap> in my case, it would be so only that one user can download the info, without the problems of using authenication
<glen1> I may try to run this on my own home server to learn
<patdk-lap> that is up to you
<glen1> are there any other things similiar to this?
<patdk-lap> in this example, nothing is authenicated, once you get that one time use url
<patdk-lap> getting that url normally requires somekind of authenication
<patdk-lap> but that is up to you to handle
<glen1> ahh cool thanks
<Roxyhart0> Hi I just installed ubuntu 9.10 for my server, but i had some problems to install openldap...somebody have good experience or bad experience with this ubuntu version?
<RoyK> Roxyhart0: if you have problems with openldap, please explain them and someone might know. I and probably several others are running 9.10 for servers
<Roxyhart0> Thanks..9.10 is no comming with slapd.conf and I dont know how to configurate manualy my Domain Name
<Roxyhart0> somebody know how to configurate manually openldap on ubuntu 9.10 (is doesn't have slapd.conf file)
<Roxyhart0> configure (sorry)
#ubuntu-server 2010-01-29
<stimble> Has anyone here tried launching the UEC images directly with kvm?
<stimble> Im trying but missing somethign, not sure what
<stimble> kvm  -kernel karmic-server-uec-amd64-vmlinuz-virtual -initrd karmic-server-uec-amd64-initrd-virtual -m 256  -drive file=karmic-server-uec-amd64.img,if=scsi,media=disk
<stimble> thats what i've tried, if anyone has any hits, greatly apprecitated
<ruben23> hi anyone tried load balancing 2 apache web server on prodcution..
<patdk-lap> yep
<stimble> ruben23: haproxy works
<stimble> or if your in ec2, elastic load balancers
<patdk-lap> there are hundreds of ways to do it :)
<ruben23>  stimble: any how to from ubuntu-server on it..?
<stimble> yes
<stimble> ruben23: nothing special that i know of, but im sure there are a lot
<patdk-lap> will you need to balance https?
<ruben23> stimble: i have tried googling but not fine a clearer one..
<patdk-lap> the main issue with loadbalancing is https and sessions
<ruben23>  patdk-lap: i think im using http only..
<stimble> ruben23: how about http://www.howtoforge.com/high-availability-load-balancer-haproxy-heartbeat-debian-etch
<stimble> debian is similar enough to ubuntu in this case i think
<patdk-lap> what kind of app is it?
<Roxyhart0> hi somebody know a manual how to configurate step by step openldap in ubuntu 9.10...tha changes are really anoying and very different than before
<patdk-lap> can't talk about openldap in 9.10
<patdk-lap> but I have done openldap several times
<Roxyhart0> without sldap.conf file?
<patdk-lap> slapd.conf? hmm, normally it doesn't come with one
<ruben23>  patdk-lap:are you asking about what kind of apps im suing..?
<patdk-lap> ruben, kind of to get an idea what kind of issues you might have :)
<patdk-lap> like is it static, dynamic, user logins, ...
<ruben23> patdk-lap: i have a webs erevr used only for local now, its single server but as the users increases i need to add up another web server load balance them to carry all the load it needs.
<Roxyhart0> the new versions maybe ...but i dont know how configurate without sldap.conf i tryed to follow a manual, but doesn't work ...i dont know where configure the name of my domain and details...do you know about that?
<ruben23> stimble: i got a problem with HAproxy, i need like for server to run it..? wow...are there no solution using only my 2 web server.
<stimble> you can run haproxy on one of your webserver boxes
<patdk-lap> ruben23, you can do it on 1 server with haproxy if you want :)
<stimble> just add localhost and remotehost1 to the pool
<patdk-lap> it's really recommended not to, cause if one server goes down, haproxy would go down with it
<patdk-lap> and your other server would be useless then
<stimble> but, if its load balancing you are looking for, and not HA, it is fine
<patdk-lap> yep
<stimble> not ideal, but not awful
<ruben23> patdk-lap: i dotn get the idea..can you explain it  alittle bit more
<ruben23> you mean i can used my 2 web server only..
<stimble> yes
<patdk-lap> in your case you want to balance 3 ip's
<ruben23> without adding another nodes
<patdk-lap> one ip for haproxy and 2 for servers
<patdk-lap> in the example they show it as 3 computers, instead of ip's
<ruben23> how many nodes for it..?
<stimble> haproxy get a public ip, and localhost plus another private ip = 3
<stimble> 2
<stimble> 2 nodes
<stimble> 3 processes
<stimble> node1 = haproxy+first_apache
<stimble> node2=second_haproxy
<ruben23> thats all..?
<patdk-lap> yep
<patdk-lap> if node2 where to die, your would be fine
<patdk-lap> if node1 would to die, you have issues
<ruben23> how about my second apache..
<patdk-lap> he meant scond apache, not haproxy :)
<patdk-lap> I would do haproxy and apache on both though
<patdk-lap> then if node1 was to die, just do a dns change to point it at haproxy2
<stimble> oops
<stimble> yeah i did mean second_apache
<stimble> sorry bout that
<ruben23> i can follow the hot o you give me right but i will not used another nodes.ill install itself to my apache servers
<ruben23> i can follow the how to you give me right but i will not used another nodes.ill install itself to my apache servers
<ruben23>  stimble: patdk-lap: ill try to follow it and test it hope your always here so ican ask if any problem arise during the setup..
<ruben23> stimble: patdk-lap:but thanks so much guys for the idea
<stimble> sure, good luck
<patdk-lap> ruben, just for the example
<patdk-lap> use your public ip's for node1 and node2 on haproxy public ip
<patdk-lap> and for apache, I would probaby use your public ip, but alt port, (8080?)
<patdk-lap> then your haproxy config will remain portable
<patdk-lap> and if you need to see what apache was having issues, you could directly connect to it
<ruben23> patdk-lap: im not using public IP for my 2 web server..
<patdk-lap> nothing like having php configured wrong on one box, and attempting to figure out the issue
<ruben23> its mainly for local service
<patdk-lap> well, the ip you normally access the box using :)
<patdk-lap> when your not on the box itself :)
<ruben23> so ill be having for local IP for the setup..right..?
<ruben23> i mean 4 local IP
<patdk-lap> if you want, you only need 2
<patdk-lap> but if you don't want to put apache on an alternate port, then yes, 4
<ruben23> patdk-lap:ok ill try this..hope this would be a success.. thanks
<cohonen> UGHR ,m a lot inhere
<cohonen> is there like a suggestion box for ubuntu server ?
<patdk-lap> oh, you mean /dev/null? :)
<Roxyhart0> pleae, somebody can explain me why the new ubuntu bersion doesn't come with slapd.conf and where is this configuration now? Please
<cohonen> patdk-lap: yeah something like that
<cohonen> patdk-lap: maybe a few good suggestion would come up,, like try to unfuck services
<cohonen> dont default to emt kernel
<cohonen> use sane ulimit defaults
<patdk-lap> emt kernel?
<cohonen> ehm
<cohonen> aghh forgot the name
<cohonen> the 36 bit mem support
<patdk-lap> pae?
<cohonen> yeaaap
<cohonen> that one
<patdk-lap> heh, I wonder what limits are on freebsd these days
<patdk-lap> I remember having to recompile the kernel cause it limited any single user program to 512megs of ram
<cohonen> can imagine a lot of people like me wanting to install is on an older box for a small toy server og home server and reusing outdated box
<cohonen> but not with pae kernel you can
<patdk-lap> all you have to do is load the -generic kernel, instead of -server
<cohonen> patdk-lap: hehehe,, well you could find a happy medium with ulimit im sure
<cohonen> patdk-lap: is that a install time option ...
<patdk-lap> is what?
<cohonen> a install time option
<cohonen> like when you boot the disc
<patdk-lap> is what an install time option?
<cohonen> the generic kernel vs the pae one
<patdk-lap> I have no idea
<patdk-lap> I haven't installed server since 8.04 came out
<cohonen> i seem to remeber instant nasty screen telling me that my old box didnt have pae support
<patdk-lap> these days I pxe boot install, so it just installs -generic all the time, and I swap it for -server
<cohonen> mnnn pretty nifty
<cohonen> i dont have boxes enough to justify a setup like that
<patdk-lap> ya, I have edited many init.d scripts to adjust ulimit for open files
<patdk-lap> but that is normally the only thing I have issue with
<cohonen> i mostly wold just like to see one that disallows for normal users to crash the system
<patdk-lap> that's pretty easy
<patdk-lap> just delete /etc/passwd
<cohonen> it should just be a default
<cohonen> hahahaha
<cohonen> i meant fork bombs among other
<cohonen> but point taken
<patdk-lap> I have that on my user http server
<patdk-lap> but I set those manually in suexec
<cohonen> who about defaulting to locking each new user into a jail or a kvm instance
<cohonen> going all openbsd on it ;)
<patdk-lap> that has been around for a long time
<cohonen> how even, hmm its getting late here
<cohonen> typo time
<patdk-lap> usermode linux would be bsd's jail
<cohonen> but still not a default ;)
<patdk-lap> it's not a default in bsd either
<cohonen> i know
<patdk-lap> cause it is damned annoying
<cohonen> that was more like a joke really
 * patdk-lap doesn't attempt to solve jokes
<cohonen> the pae thing and then cleaning up the daemon conf would be my more serious suggestions
<cohonen> ohh yea and working resonable ulimit out of the box
<cohonen> patdk-lap: one should think you were a sysprog
<ruben23> hi guys how do i install linux-source on my ubuntu server coz im having problem installing an applcation saying this error--->http://pastebin.com/m1fad1e6a
<ruben23> anyone can help and have idea
<ruben23> i have this ---> Linux ubuntu 2.6.24-24-server #1 SMP Fri Sep 18 17:24:10 UTC 2009 i686 GNU/Linux
<cohonen> well
<cohonen> have you read the error messsage =
<cohonen> ??
<cohonen> in specific ,, point 7
<cohonen> just because you have the compiled kernel doesnt mean you have the source for the kernel you use
<cohonen> in fact thats not the default  on any debian derived distro
<cohonen> thats more a gentooish thing
<ruben23> cohonen: so how do i workaround this thing
<cohonen> you find the src package for your kernel in synaptics or whatever and get it
<cohonen> sudo apt-get install <your kernel>-SRC
<patdk-lap> I thought it was, apt-get install linux-source-(version)
<cohonen> its was an example
<cohonen> psuedocode
<cohonen> cant be bothered with specific semantics
<patdk-lap> hell, apt-get install linux-source, will get the most recent kernel
<cohonen> sorry ,, syntax
<cohonen> now its really getting late
<ruben23>  patdk-lap: tried apt-get linux-source.. but still got same error
<cohonen> patdk-lap: i didnt want to assume he ran the newest although its very likely
<patdk-lap> ruben23, you missed the *install* command
<cohonen> ruben23: you need to read the messages your console gives you
<cohonen> apt.get  randomsource wouldnt have worked
<ruben23> linux-source is already the newest version.
<cohonen> ruben23: whats in usr/src ?
<ruben23> that the output upon installing..
<cohonen> /usr/src/
<ruben23> http://pastebin.com/m6fa43a3d
<cohonen> ls /usr/src     for me
<ruben23> thats the one
<patdk-lap> heh, you have -26 probably
<patdk-lap> not sure about -24
<cohonen> yea
<ruben23> what i will do now
<cohonen> plus,, you might need a symlink
<cohonen> but im not sure
<patdk-lap> maybe do a ls -la /usr/src
<patdk-lap> this time :)
<cohonen> ;)
<ruben23> http://pastebin.com/m593ff2e2
<patdk-lap> and a uname -a
<ruben23> Linux ubuntu 2.6.24-24-server #1 SMP Fri Sep 18 17:24:10 UTC 2009 i686 GNU/Linux
<ajmitch> minor version difference there, you have headers for 2.6.24-26-server installed
<cohonen> ruben23: you got the linux-source-2.6.24 from ubuntus mirrors ?
<cohonen> you didnt cheat and got a vanilla kernel ?
<ruben23> cohonen: yes
<cohonen> ok
<ruben23> cohonen:what i do is install linux-source
<cohonen> ok
<ruben23> ans install linux headers
<ruben23> thats all
<patdk-lap> I think you need to upgrade everything
<patdk-lap> so you don't have a mismatch
<patdk-lap> of -24 and -26 stuff
<ruben23> patdk-lap:already done
<cohonen> it looks like a very generic kernel by the name
<patdk-lap> apt-get dist-upgrade
<patdk-lap> you don't have -26 though
<Roxyhart0> hi, is ubuntu 9.10 better than LTS version?
<patdk-lap> except for the headers
<cohonen> Roxyhart0: better ?
<patdk-lap> Roxyhart0, depends what you call *better*
<Roxyhart0> bo bugs easy to configurate and more security
<cohonen> Roxyhart0: it will help you score with chicks
<ruben23>  patdk-lap:im running it now
<patdk-lap> uname says you are using -24, not -26
<ruben23> hoep this would correct the issue
<cohonen> ruben23: linux-headers-2.6.24-26-server <-- you need the sources corrsponding to THOSE headers
<Roxyhart0> I mean is 9.10 better: less bugs, more secutiry and easier to configurate?
<patdk-lap> cohonen, ya but it still wouldn't work :)
<patdk-lap> he would compile it
<patdk-lap> but couldn't use it, cause he is on 2.6.24-24 and not -26
<cohonen> ahh shit
<cohonen> i turned it upside
<cohonen> sorry
<ruben23> cohonen:im upgrading now
<patdk-lap> you will need a reboot
<cohonen> dont listen to me,, im in a sleep deprived state
<ruben23>  cohonen:why..?
<cohonen> working on some poor app server
<cohonen> not really getting much done
 * patdk-lap takes sleep pills
<ruben23>  cohonen: yoga
<cohonen> so noone ever just answers ,, GO TO BED , for this issue ?
<ruben23> cohonen::-D after yoga
<ruben23> patdk-lap after i reboot, ill do update..?
<cohonen> ruben23: you can do it now
<ruben23> cohonen:i laready compile some application before..it will be lost, need to compile an d install again..?
<cohonen> ehmm , depends on if you mean a normal app og a module for the kernel
<cohonen> normal app no,,
<cohonen> the kernel part,, yea,, it failed anyway
<ruben23> cohonen: like php, mysql, lame
<cohonen> no no no man,, keep that
<cohonen> why did you compile all that yourself
<cohonen> you should be using gentoo for this  :D
<ruben23> yes i need to install thos things for a bigger application.
<ruben23> i mean i install it with ubuntu package, sorry
<cohonen> well,, whats wrong with getting them from the package mirrors
<cohonen> ahh okey
<cohonen> thats fine
<cohonen> a kernel change doesnt affect user space compatibility
<cohonen> mario ?
<ruben23> doing good so far..
<cohonen> awesome
<cohonen> installing new kernel is easy peasy
<cohonen> or well it would have if it wasnt for initrd
<ruben23> yes finally succes, thanks guys--it was not on my mind running my application with this new server verison..:)
<cohonen> ruben23: just remeber to read the output carefully
<ruben23> im up to 8 LTS but i guess i need to test some upgrade on this..
<ruben23> yeah thansk
<cohonen> another time,, someone put it there with intent
<cohonen> :)
<ruben23>  cohonen: one more thing, how do i start application automatically on ubuntu..
<cohonen> a daemon or a user script
<cohonen> well i cant remeber specifics but for a user command you put it in .bashrc in your homedir
<ruben23> hmm..
 * patdk-lap is lasy, and adds it to /etc/rc.local
<cohonen> for a daemon you /etc/rc.local
<cohonen> add shit to that
<cohonen> or you make your own rc file and pu tin the appropiate runlevel
<ruben23> ok the shit is added..:)
<cohonen> which is sorta messy
<cohonen> hehe sorry about the language
<ruben23> centos have chkconfig..a litte bit simpler..
<ruben23> hope ubuntu would also have like that
<cohonen> hmmm
<cohonen> like i mentioned to patdk-lap the deamon setup is not as elegant as it could be
<cohonen> but gentoo and redhatish distros beat debian here
<cohonen> and likely also the BSD's
<ruben23> yeah but still i love ubuntu even though..
<cohonen> yea,, its got its own strongpoints
 * cohonen checks out chkconfig
<patdk-lap> ya, I love bsd's init scripts
<cohonen> ahh now i see
<cohonen> chkconfig is like rc-update in gentoo
<cohonen> patdk-lap: doesnt BSD also have conf.d ?
<cohonen> or is that a gentoo invention =
<cohonen> ?
<patdk-lap> not that I know of, unless it's new
<patdk-lap> I'm still on v6
<cohonen> its like this, /etc/init.d/junk for starting stopping deamon s etc
<cohonen> /etc/conf.d/junk for telling them which ports to listen too etc
<cohonen> as i recall it its a bit more chaotic on the debian front
<cohonen> patdk-lap: also have a look at the service command on redhatish systems
<patdk-lap> I use it all the time
<patdk-lap> but it just makes init.d more tollatable
<patdk-lap> doesn't make init.d scripts easier to make
<cohonen> hmm actually that was for ruben23
<cohonen> patdk-lap: nope there really needs to be a standard or some novel ideas here
<ball> Does Ubuntu Server have any convenient way for two servers to share a filesystem?
<ball> (or a directory)?
<Roxyhart0> please somebody can tell me which is the best ubuntu version for server...i mean less bugs and more security?
<cohonen> security isnt a product
<ball> I'll have a pint of security please.
<ball> ...make sure there's a wee brolly in it.
<cohonen> ball: do you mean like nfs or cifs ?
<Roxyhart0> ok, but which version is better ...no much problems?
<ball> cohonen: No, that won't give me two synched copies of the same filesystem
<cohonen> are you looking for a distributed filesystem
<ball> Yes, something like that.
<cohonen> og simple file mirroring
<ball> mirroring I suppose
<cohonen> rsync for mirroring
<ball> I'm not sure rsync will be able to keep up.
<cohonen> dist filesystems are more complex to setup
<cohonen> keep up with ?
<ball> I'm trying to lash together two servers, with each server having a complete copy of the shared directory or partition
<ball> When one server fails, I need the other to have full access to the filesystem
<cohonen> hmmmm
<patdk-lap> for that you have two ways to do it
<patdk-lap> use unison (ugly, but works for a few things)
<cohonen> these sortha thing can get really really complex
<patdk-lap> or drbd
<cohonen> yea,, i would get the simplest solution if possible
<patdk-lap> drbd is simple (as simple as it can get)
<patdk-lap> just has latency issues, but well, you wanted reliable :)
<patdk-lap> I did unison between 3 server for years
<patdk-lap> for handling 26gigs of maildir :)
 * ball goes away to look that up.
<cohonen> it looks pretty good
<patdk-lap> ball, you probably want drbd :)
<patdk-lap> unless you really want to maintain it all the time
<ball> I want something that's going to work reliably.  I imagine we'll have to pay for a software support contract anyway.
<patdk-lap> drbd will work reliably
<cohonen> as i said these things get get very very complex
<cohonen> banks uses hw assisted SAN on several SAN boxes
<ball> cohonen: shouldn't be all /that/ complex... surely we aren't the only people doing this?!
<cohonen> depends a lot of your requirements
<cohonen> the DRBD looks okey for a small-medium setup
<ball> Okay, I'll bark up that tree for a few days, see what happens.
<ball> Thanks.
<patdk-lap> drbd is the best way to do it without mirrored san arrays :)
<patdk-lap> but it's defently not the quickest or fastest
<patdk-lap> but it will work for *anything* though
<Roxyhart0> Hi is phpldapadmin  running on ubuntu 9.10? im having problems
<patdk-lap> I hated phpldapadmin and tossed it in the trash :)
<patdk-lap> and for me to giveup on something, is defently saying something
<cohonen> later guys
<Roxyhart0> I hate the new versions...nothing running like before
<Roxyhart0> poor documentation
<jongbergs> hi, im considering to setup a proxy server using squid with dansguardian web content filtering..i have seen many great howto's but does this setup require 2 NICs?
<patdk-lap> it doesn't have to
<patdk-lap> just normally when you do it, it's on the same server that nat/firewalls your internal to external network
<patdk-lap> so it does
<jongbergs> patdk-lap: ok this is our current setup..our Linksys router does the NAT with IP 192.168.1.1..How would I setup a server using this IP 192.168.1.253 to act as proxy
<jongbergs> patdk-lap: should i set our clients gateway to point to our proxy say 192.168.1.253?
<jongbergs> !hello
<ubottu> Hi! Welcome to #ubuntu-server! Feel free to ask questions and help people out. The channel guidelines are at https://wiki.ubuntu.com/IRC/Guidelines . Enjoy your stay!
<jongbergs> patdk-lap: will this setup http://www.lesismore.co.za/squid3.html work in my situation?
<jongbergs> patdk-lap: hello are you still there?
<jongbergs> hello, anybody here please...
 * ball waves
<garymc> hi, anyone tell me how easy or hard it is to setup email stuff so all my emails are sent from my server?
<ball> quite hard I imagine
<ball> ...to do it right, anyway.
<ejat> hi ..
<ejat> anyone wanna comment about this http://is.gd/7geaE
<garymc> hi ball
<ball> hello garymc
<garymc> i was doing a walk thru with you sometime back
<jmarsden> garymc: Setting up a simple one domain postfix + dovecot email server is pretty trivial in Karmic... sudo apt-get install dovecot-postfix  and answer the debconf questions, and you are done.
<garymc> on adding a hard drive space to my rack server
<ball> Really?  How did that go?
<garymc> yeah im looking on ubuntu site it says Postfix and dovecot
<garymc> but what about spammassasin? do i need that?
<garymc> what are debconf questions what would it ask. what would i need to know?
<jmarsden> garymc: It depends how much spam protection at the server level you want/need.  If thsi is just for you and your family, try without it and add "nice extra stuff" later when you are more familiar with the setup.
<Roxyhart0> hi sorry what about clamd?
<jmarsden> The questions are very simple, basically about how your server will connect to the Internet (send email via a smart host or be a full blown server sending mail out directly, etc)...
<garymc> jmarsden : as its for work and its already a working webserver i dont want to mess anything up so just need as much knowledge before i plunge in
<ball> garymc: try it in a VM?
<jmarsden> garymc: Then set one up for fun on a test virtual machine  first (ball beat me to it!)
<garymc> hmmm i havnt got a virtual machine i dont think?
<garymc> i need to get one i suppose
<jmarsden> garymc: You have a server.  You have free virtualization software.  Use them and you end up with virtual machines :)
<jongbergs> patdk-lap: ok this is our current setup..our Linksys router does the NAT with IP 192.168.1.1..How would I setup a server using this IP 192.168.1.253 to act as proxy?
<garymc> ok i can do that stuff? I need a test server to test setting up a virtual server then lol
<jongbergs> hi, im considering to setup a proxy server using squid with dansguardian web content filtering..i have seen many great howto's but does this setup require 2 NICs?
<jmarsden> On a Ubuntu desktop, virtualbox-ose is trivial to set up and use.  I did a talk about it for a LUG recently... slides at... http://crosswire.org/~jmarsden/talks/virtualbox/virtualbox.html
<jmarsden> garymc: Or you can even run virtualbox on a Windows PC if that is all you have available for testing.
<garymc> hmm ok, didnt know i could do all this stuff
<jmarsden> garymc: My talk was subtitled "turning one computer into many" :)
<garymc> yes i m looking at it
<garymc> thanks :)
<jmarsden> You're welcome.
<garymc> ok so all i need to do is install postfix and dovecot follow onscreen instructions and bingo
<jmarsden> To get yourself a working basic email server, yes.
<garymc> and i could add as many email addresses or users as i wanted?
<jmarsden> garymc: Don't install postfix and dovecot separately, install the dovecot-postfix package.     Yes, as long as they are all in one domain.  Multidomain setup would need more work and more understanding of how things work.
<garymc> or do i then need squirrel mail etc
<garymc> im going to need multi domain i know it
<garymc> for other websites i need to host
<garymc> got any bummf on multi domain stuff?
<garymc> ok so the command to instal postfix and dovecot in ubuntu is? Ill do it now before bed :) as its 3:30am here
<jongbergs> hi, im considering to setup a proxy server using squid with dansguardian web content filtering..i have seen many great howto's but does this setup require 2 NICs?
<jmarsden> Adding a webmail server like squirrelmail would be pretty easy.  Going multi-domain... not really.  There is a lack of good free "pretty" config tools for that.  There are some "HOWTO" docs on various random web sites, but I've yet to find one I really like, and following one without understanding it has got several newcomers int over their heads.
<garymc> it defo wont mess naything up?
<garymc> ok ill leave it out for now then
<garymc> sudo apt-get dovecot-postfix
<jmarsden> garymc: I gave the command earlier.  sudo apt-get install dovecot-postfix  .  Don't run that on a production server if you don't know what you are doing, but it really shouldn't mess up anything unless there is another mail setup already there, or something!
<garymc> ^^ is that the command?
<uvirtbot`> garymc: Error: "^" is not a valid command.
<garymc> ok its UBUNTU LTSP
<garymc> i dotn think any mail stuff wa son it how would i know?
<jmarsden> garymc: The LTSP part won't be an issue.  But it is Karmic (9.10) based, not 8.04 LTS, right?
<jmarsden> The dovecot-postfix "do everything for you" package is new in Karmic...
<garymc> I thought it was Juanty 9.10
<jmarsden> Jaunty is 9.04 :)
<garymc> ok im jaunty
 * ball has a nice big doorstop thanks to Jaunty
<jmarsden> garymc: Then you can't use the dovecot-postfix package.
<garymc> shit
<garymc> is jaunty bad?
<garymc> in the GUI it says upgrade to latest version but i havnt cos was scared it would mess all my stuff up
<garymc> will it?
<garymc> i think it says upgrade to 10. something
<jmarsden> garymc: Not unless your "stuff" was pretty unusual, hand installed, weirdly configured, etc.
<jmarsden> Don't upgrade to 10.4 yet, that is Lucid which is still in Alpha :)
<garymc> like my Mysql LAMP stuff?
<ball> I can't fix my Ubuntu box without physically swapping disks around or building a PXE-boot server
<ball> ...moving disks around will be easier.
<garymc> so why would my GUI be advising me to upgrade to an unstable version?
<jmarsden> garymc: As long as the LAMP stuff was installed conventionally using Ubuntu packages and you left the Mysql data in its default location, the upgrade should be fine.
<jmarsden> garymc: It shouldn't be advising you to upgrade to 10.4 yet.
<garymc> ok i did
<garymc> so what version do you think it is advising?
<garymc> im not at the office right now im at home
<jmarsden> You are the one who can see it :)
<jmarsden> SSH in :)
<garymc> I dont know how to ssh into the gui
<jmarsden> I need to go pick up my wife soon, no time right now for teaching ... and Ubutnu desktops/GUIs are technically out of scope for this channel anyway...
<garymc> ok
<garymc> i got a ssh software winscp32 is that any good for it?
<garymc> i got putty too
<ball> putty isn't bad.
<ball> Did I mention that it's British? ;-)
<garymc> is there a command to get into the gui
<garymc> iam british ;)
 * ball <- British
<jmarsden> I suspect it is saying you could upgrade to 9.10.  Putty is OK.  But running Ubuntu in virtualbox-ose on your Windows box would be more fun than using Putty :)
<garymc> I know :)
 * jmarsden admits to being British too, although currently living in California.
 * ball <- Illinois
<jmarsden> I need to go... probably back later on.
<garymc> ok so i upgrade to 9.10 2morow and install postfix-dovecot
<garymc> ok bye bye me too bed time
<garymc> thanks for the help
<jmarsden> You're welcome.
<ball> I need to drag some PCs around.
<Roxyhart0> Hi, one question there are any documentation how to configurate a openldap as backup domain ldap with ubutnu 9.10?
<twb> Roxyhart0: did you read the ubuntu server guide?
<Roxyhart0> yes i did, but i dont undestand...also the domain controles is a old gentoo ..i am changing it by ubuntu in a new server, but must to be gradually..so i need to configurate a new bakup domain controler with samba in a ubuntu but connecting with a gentoo domain controler
<Roxyhart0> do you know if it is possible?
<Roxyhart0> hi question, im installin openldap and there are a section that said dn: olcDatabase=hdb,cn=config
<Roxyhart0> ...what mean hdb is the kind of database, can I change by dbd?
<jmarsden> Roxyhart0: I think hdb is a "new, improved" variant of bdb.  There is no "dbd" backend for LDAP than I know of.  I don't think changing backends would be as simply as just changing that DN...
<Roxyhart0> thanks jmarsen, so do you think should be ok if i keep hdb?
<jmarsden> Yes, I think it is the current/new "standard" for OpenLDAP backends.
<Roxyhart08> sorry i my netowork was down...so which is better to use on ldap DBD or HDB?
<twb> Roxyhart08: ask #openldap
<twb> Oh, 16:45 <jmarsden> Roxyhart0: I think hdb is a "new, improved" variant of bdb.  There is no "dbd" backend for LDAP than I know of.  I don't think changing backends would be as simply as just changing that DN...
<jmarsden> Roxyhart08: See http://www.openldap.org/faq/data/cache/1166.html for one sentence that confirms this.
<Roxyhart08> thanks
<jmarsden> You're welcome.
<acalvo> godd morning
<acalvo> s/godd/good/
<uvirtbot`> New bug: #514196 in samba (main) "package libsmbclient 2:3.3.2-1ubuntu3.3 failed to install/upgrade: read error in `/var/lib/dpkg/triggers/update-initramfs': Invalid argument" [Undecided,New] https://launchpad.net/bugs/514196
<uvirtbot`> New bug: #514198 in eucalyptus (main) "SSH key stopped working" [Undecided,New] https://launchpad.net/bugs/514198
<maxagaz> how to get the list of dependences  of a package ?
<_ruben> maxagaz: many ways .. apt-cache show packagename is one way
<TeTeT> has anybody lately tried euca-bundle-vol? I get a No Space left on device error on Ubuntu 9.10
<TeTeT> my mistake, specified wrong size
<uvirtbot`> New bug: #514220 in samba (main) "package samba-common-bin 2:3.4.0-3ubuntu5.4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/514220
<garymc> Hi Im upgrading to Karmic, its asking me "Replace the customised configuration file /etc/cups/cupsd.conf ?" Do i keep or replace this file?
<garymc> fudge it i pressed replace
<BeardedChimp> I have some hsdpa modems that I have created a udev rule for that calls a script to dial them when they are detected. The script after dialing creates iptables rules that varies depending upon how many modems have been connected. However I can't create the iptables rules until all modems have been dialed and so I tried created a lock file ie /etc/modem.lock, but when I first boot up the udev rules run for more than one modem so fast that they 
<uvirtbot`> New bug: #514252 in qemu-kvm (main) "[arm] (might) need porting to thumb2" [High,Triaged] https://launchpad.net/bugs/514252
<garymc> anyone here help me with my postfix-dovecot setup?
<patdk-lap> garymc, no idea
<zul> morning
<pmatulis> morning
<uvirtbot`> New bug: #514278 in authbind (main) "Bind to 0.0.0.0/0 fails on 32 bit Ubuntu 9.10" [Undecided,New] https://launchpad.net/bugs/514278
<garymc> anyone here help me get my basic email server up and running?
<zul> fuuuuu....someone is actually using authbind?
<tdn> I would like to have shared contacts on a server. The clients are using Thunderbird and Outlook. How can I accomplish this? Can I do it *without* LDAP?
<ttx> zul: we are moving tomcat6 to dump jsvc and use authbind instead... anything against it ?
<zul> ttx: nope
<zul> its just that I havent really seen any new bugs with it
<ttx> right, that's good, not bad :)
<zul> ttx: agreed :)
<_ruben> unless its because its so buggy that nobody uses it anyway :)
<zul> ttx: im updating samba today for your edification
<ttx> thanks for edifying me
<ttx> zul: please also advance some of the remaining MIR bugs, looks like the ball is on your side of the field
<zul> ttx: yep did some of that yesterday
<zul> ttx: ctdb is a bit more problematic since there needs alot of changes in order for it to get to main
<smoser> where is the correct place to write routes that you want to be persistent (across reboots) ?
<patdk-wk> in interfaces?
<patdk-wk> using the up option
<zul> smoser: i would just do it in rc.local
<smoser> i think /etc/network/if-up.d/ seems right.
<smoser> no?
<patdk-wk> if-up.d?
<patdk-wk> I just use /etc/network/interfaces
<patdk-wk> and add like, 'up route add ....' to the interface
<patdk-wk> if you are really want it good, and a down command to remove it also
<patdk-wk> then ifup/ifdown will work completely
<patdk-wk> I would say do that, or use quagga :)
<patdk-wk> now if only I could make networkmanager work :(
<ttx> mathiaz: re:UEC test infra -- good news indeed ! Please reflect progress on the spec, in a way that allows it to be > 0% completion :)
<ttx> mathiaz: let me know when you'll be available for quick call
<ttx> mathiaz: thx
<lau> hello, i am trying to deploy a webdav solution on my hardy server
<lau> using the webbrowser interface I can see and follow the symlinks
<lau> using cadaver or nautilus i can't see them, any idea plz ?
<zul> soren: i would like to sit down with you and learn more about the automated server testing next week i want to learn more things about it if you dont mind
<uvirtbot`> New bug: #514362 in samba (main) "package samba-common-bin 2:3.4.0-3ubuntu5.4 failed to install/upgrade: problemas de dependencias - se deja sin configurar" [Undecided,New] https://launchpad.net/bugs/514362
<orkun> hi i am using ubuntu-mid with hal installed. things get mounted with iso8859 (vfat /dev/sdb1 to be specific) - i want it to be mounted with utf8 encoding. how can i change hal settings? (i hope the question would still be sort of supported, i don't want to use fstab or hal alternatives for another 4 months. please ignore if not supported)
<ttx> mathiaz: <cjwatson> bug 512592 - believed to be fixed as of last night's debian-installer upload (and ev has closed this now); please report recurrences
<uvirtbot`> Launchpad bug 512592 in debian-installer "[Lucid] console-setup-udeb succeeded but requested to be left unconfigured" [High,Fix released] https://launchpad.net/bugs/512592
<MTecknology> you guys know generally how much more a rackmount server costs than the desktop style servers?
<zul> MTecknology: depends where you get it from but usually more
<MTecknology> zul: I know they're more - I was just curious how much more
<patdk-wk>  hmm, normally about 50% more
<Elad> how do I find a cron and disable it? I ran crontab - but don't see the cron in question
<Elad> crontab -l
<patdk-wk> but I guess it also depends what rackmount vs desktop
<patdk-wk> 2u vs midtower, midtower is about 150% the cost of the 2u
<patdk-wk> elad, check /etc/cron.* directories
<Elad> looks like it is there
<Elad> do I just rm the file?
<MTecknology> patdk-wk: really? 2u would probably work perfect for what I need it for; hopefully
<patdk-wk> the place I'm at, 1u and 2u is same price
<patdk-wk> 3u, 4u, midtower, same price
<bogeyd6> Elad, sometimes they are in the /etc/cron.* directories
<Elad> bogeyd6: I found it in the directories, can I just rm file_name or will that break stuff?
<patdk-wk> elad, you could, I normally just commened stuff out inside the file, so it's there as a reminder, if I want it back
<MTecknology> patdk-wk: how much can you fit into a 4u or 2u ?
<bogeyd6> Elad, just mv it to another directory in case you need it later
<bogeyd6> commenting every line takes a while and a simple cp script /root/script.backup is just fine
<bogeyd6> sorry sorry i meant /home/user/script.backup
<bogeyd6> !noroot
<ubottu> We do not support having a root password set. See !root and !wfm for more information.
<MTecknology> bogeyd6: what about just toss exit up top?
<patdk-wk> MTecknology, depends, normally more than enough :)
<patdk-wk> 3u/4u is a normal computer
<bogeyd6> MTecknology, as a matter of opinion only i find it easier to just let newbs be newbs than to try to school them
<patdk-wk> 2u you get 6 to 8 drives, 2 to 6 pci/pcie cards
<patdk-wk> heh? put a # on every line is simple with vi :)
<MTecknology> awesome :) - 6 drives should be perfect
<patdk-wk> 2u will cost you more money than a midtower computer
<patdk-wk> but normally it pays itself back within 1year of colo costs
<MTecknology> colo ?
<MTecknology> patdk-wk: right now everything is under steps; when we get these servers they'll still be under steps stacked up - until we can afford moving them to a data center
<patdk-wk> move to datacenter = colocation
<MTecknology> oh
<MTecknology> but datacenters around here you host your own server in it
<patdk-wk> yes, when you host your own equipment, it's colocation
<MTecknology> where do we save money?
<patdk-wk> if you don't have your own equipment, it's just, dedicated server rental :)
<patdk-wk> a 2u server costs more than a midtower server
<patdk-wk> a 2u server costs less to put in a datacenter than a midtower
<patdk-wk> so the longer the 2u is at the datacenter, the more money you will save
<MTecknology> oh
<patdk-wk> I would also say, a 2u has better cooling than a midtower, so less problems
<MTecknology> and generally more expansion
<patdk-wk> hmm, not really
<patdk-wk> both do dual cpu's, and same drives
<patdk-wk> difference would be on the 2u you pick, if it has 2 slots, or more for cards, where the midtower would have 6 or 7
<MTecknology> http://www.newegg.com/Product/Product.aspx?Item=N82E16816152101
<patdk-wk> 2u's can come with 6 low profile slots, or 3 low, and 3 normal slots, max
<patdk-wk> that's a 1u
<MTecknology> Why does it look like I can put 8 drives in there
<patdk-wk> cause it's not 2u :)
<MTecknology> hu?
<patdk-wk> oh, you can :)
<patdk-wk> 8 laptop drives
<MTecknology> OH!
<MTecknology> I missed that :P
<patdk-wk> I only use 2.5" sas drives now
<patdk-wk> cause 2.5" drives are faster than 3.5" drives
<patdk-wk> just less storage space
<MTecknology> I didn't know that
<patdk-wk> ya, a 10k rpm 2.5" drive will be equiv to a 15krpm 3.5" drive
<patdk-wk> I crunched those numbers awhile back
<MTecknology> thanks :)
<patdk-wk> drive is smaller, it doesn't have to move as much to find what it needs :)
<MTecknology> makes sense
<patdk-wk> but I wouldn't say that holds true for sata drives though
<patdk-wk> but it did for the sas drives I check the specs on
<patdk-wk> heh
<patdk-wk> I was looking at something like that
<patdk-wk> but it was an hp system, 2u, that you could plug upto 4 servers in
<patdk-wk> was planning on doing 3 servers and 1 harddrive module
<MTecknology> hm?
<MTecknology> 4 servers on a 2u system?
<patdk-wk> yep
<MTecknology> how do you do that?
<MTecknology> brb - gotta go to class?
<MTecknology> s/?//
<patdk-wk> http://h71016.www7.hp.com/dstore/ctoBases.asp?ProductLineId=431&FamilyId=3043&jumpid=re_R2515_store/enProdCat/DL100/DL170hG6
<MTecknology> patdk-wk: 4 servers running on a single server.. Never heard of that without needing virtualization
<patdk-wk> why?
<patdk-wk> that box you where looking at was 2 servers, in a single case
<MTecknology> oh- I didn't know that either
<patdk-wk> think of it like a blade system :)
<MTecknology> lost me at blade :P
<MTecknology> patdk-wk: how do you manage something like that?
<patdk-wk> using the blade center stuff
<patdk-wk> hell, on my blade center, I I can remap network ports, turn off/on/reboot, connect fiber drives, ...
<MTecknology> right now we have 3 servers running on linode; I'd liketo change to running those plus one other server on rackmount systems
<patdk-wk> http://www.brentozar.com/archive/2008/01/hp-c-class-blade-chassis-review/
<patdk-wk> that is what I have
<MTecknology> ........
<MTecknology> so do you have two boards in there to do that?
<patdk-wk> boards?
<patdk-wk> each blade is a full computer
<patdk-wk> just instead of having normal ports on the back, for power, network, ...
<MTecknology> I meant motherboard
<patdk-wk> it has a single plug that plugs into that case
<patdk-wk> the motherboard is inside the blade
<MTecknology> oh
<patdk-wk> heh, he so doesn't have the netowrk connected for that blade right :)
<patdk-wk> in that pic, he has 14 blades :)
<patdk-wk> 6 power supplies
<patdk-wk> 2 ilo management units (that control the blade, turn on/off everything, and map network ports and stuff)
<patdk-wk> 2 fiber switchs (hba's)
<patdk-wk> and 4 network switchs
<uvirtbot`> New bug: #513727 in samba (main) "Samba 3.4 member server in domain fails to authenticate users" [Undecided,Fix released] https://launchpad.net/bugs/513727
<MTecknology> patdk-wk: I bet that was extremely expensive
<patdk-wk> around 40k for the one I have
<patdk-wk> just don't buy a new car :)
<MTecknology> Right now my budget is ~1k
<MTecknology> we don't have that money yet either
<MTecknology> patdk-wk: any suggestions there?
<patdk-wk> ya, getting a nice server for <1k isn't going to happen
<patdk-wk> your going have to cut corners
<patdk-wk> so you need to figure out exactly what you need
<patdk-wk> cpu power? or harddrive speed?
<MTecknology> so far it looks like everything I'm seeing only gives 4GB memory
<MTecknology> max
<patdk-wk> heh?
<MTecknology> I'd like 32GB max memory; we can start with only using 4GB RAM but that's something I need to be able to expand
<MTecknology> drive speed isn't as big of a deal
<MTecknology> cpu power.. not as big of a deal
<MTecknology> # drives is a big deal either; nor is drive space
<MTecknology> I'm not putting drives in that price, or ram
<uvirtbot`> New bug: #506865 in net-snmp (main) "snmp-net not working with lm-sensors" [Low,Incomplete] https://launchpad.net/bugs/506865
<MTecknology> patdk-wk: we've had this company going for about 3mo now; we're hitting our server limits but we're not making much money
<MTecknology> patdk-wk: finding available money sucks.. there's too many pretty shiny servers too
<patdk-wk> what is your servers currently doing? that is causing it to need more resources?
<MTecknology> we have a dev server that takes ~5 sec to load a simple page; production server that hosts websites; production server that hosts different crap
<MTecknology> we need a coding server
<MTecknology> the productino servers don't have enough memory
<patdk-wk> what language is your stuff written in?
<patdk-wk> what is the site? if I can ask
<MTecknology> they're linodes though - we can't bump up the memory very much
<MTecknology> which site?
<patdk-wk> that the production stuff runs
<MTecknology> It's mostly all php
<patdk-wk> apache?
<MTecknology> ya
<patdk-wk> how many hits per second?
<MTecknology> the server itself; about 10/min
<patdk-wk> serving large files?
<MTecknology> we're very low traffic atm
<patdk-wk> guess large would be >1mb for this :)
<MTecknology> our dev server is
<MTecknology> oh, then ya
<patdk-wk> but not >50megs
<MTecknology> no
<MTecknology> It's ram and hd space we're out of on the production systems
<patdk-wk> you have lots of room for optimization it soulds like
<MTecknology> 16GB HD space & 360MB RAM
<DrNick_> which processes are using all the RAM on your production machines?  app servers?
<patdk-wk> apache+php will suck ram quick :)
<patdk-wk> I've switched all my stuff to lighttpd+php to handle php better
<MTecknology> how much does that help?
<patdk-wk> depends, apache will attempt to autoadjust
<DrNick_> still, i was only asking to check what was using the RAM.  tomcat, for example, is a huge memory hog
<patdk-wk> lighttpd doesn't auto anything, so you have to watch and change it yourself
<patdk-wk> lighttpd does cache the crap out of stuff though, why I was wondering how large the files where
<MTecknology> I meant how much did it save for you
<MTecknology> I'd say for the most part they're pretty small files
<MTecknology> maybe 6 files over 10MB
<patdk-wk> well, apache + mod_php, I could only serve 110 pages per second
<patdk-wk> apache + fastcgi php, I was doing around 130
<patdk-wk> lighttpd + fastcgi php, I got 145
<patdk-wk> I went with lighttpd, also cause it of how it loadbalanced php
<patdk-wk> it made php better load the database, over how random apache used php
<MTecknology> what's your opinion about mysql vs pgsql
<patdk-wk> I know all there is to know about mysql
<patdk-wk> I have attempting to play with pgsql some, but never seem to have enough time to figure enough of it out to actually do anything with it
<patdk-wk> I have mysql easily doing >5k commands per second
<MTecknology> what changes between fastcgi php vs mod_php ?
<patdk-wk> my syslog mysql does >2k inserts per second
<patdk-wk> everything :)
<patdk-wk> mod_php is in all ways evil
<patdk-wk> it's simple though
<MTecknology> does source code need to change?
<patdk-wk> yes
<patdk-wk> but normally you just install it
<patdk-wk> php_cli, mod_php, php_cgi
<patdk-wk> those are the 3 php versions
<patdk-wk> you use php_cgi for fastcgi and cgi
<MTecknology> I guess I'll have to look into the feasibility of changing source code
<patdk-wk> you guys actually hacked the php base code?
<MTecknology> I thought you said code needs to change
<patdk-wk> and did it so badly that you can't just say, compile cgi
<MTecknology> 11:43 < MTecknology> does source code need to change?
<MTecknology> 11:44 < patdk-wk> yes
<patdk-wk> yes, the same source for mod_php doesn't for work for cgi/fastcgi
<MTecknology> I was referring to the php code we wrote
<patdk-wk> that is why you get the mod_php binary, and the php_cgi binary
<patdk-wk> no
<patdk-wk> your php programs don't need change (normally)
<MTecknology> ok
<MTecknology> When I start deploying a new server I'll use that and see how it works out
<patdk-wk> I've gotten extreemly good at optimizing php and mysql
<MTecknology> I wish I had some startup capital..
<MTecknology> How do you optimize mysql?
<patdk-wk> hundreds of ways :)
<MTecknology> you compile it yourself then?
<patdk-wk> I do, but that isn't how I optimize it
<patdk-wk> and once I update to 5.1  Iwon't have to compile it myself anymore
<MTecknology> I'll have to ask you for tips later then
<MTecknology> I gotta run.. :(
<MTecknology> last question - what do you think a decent price is to host a 1u / 2u server in a datacenter?
<patdk-wk> it all comes down to how good the internet is :)
<patdk-wk> for crappy internet, your talking $70-100
<patdk-wk> for good internet, $150+
<patdk-wk> I don't think you need good internet
<patdk-wk> the different is latency
<MTecknology> oh
<MTecknology> that's goin to be out of our price range for a long while
<MTecknology> by that probably - at least 6mo
<MTecknology> thanks for all the help
<MTecknology> gotta run - ttyl
<uvirtbot`> New bug: #456099 in axis2c "axis2c.log is full of spurious errors" [Low,Triaged] https://launchpad.net/bugs/456099
<uvirtbot`> New bug: #492235 in eucalyptus (main) "mDNS for CC hostname is only available while eucalyptus-cc is running" [Low,Incomplete] https://launchpad.net/bugs/492235
<uvirtbot`> New bug: #424648 in openssh (main) ""Error: ssh program unexpectedly exited" when trying to browse files on router" [Low,New] https://launchpad.net/bugs/424648
<smoser> mathiaz, you have a minute?
<mathiaz> smoser: sure
<mathiaz> smoser: a few minutes
<smoser> https://bugs.launchpad.net/ubuntu/+source/ec2-init/+bug/506960
<uvirtbot`> Launchpad bug 506960 in ec2-init "investigate ec2 kernel/ramdisk and apt-upgrade" [Medium,Confirmed]
<mathiaz> smoser: I'm going to board soon
<smoser> i'm looking at/ thinking about that.
<smoser> oh. headed to pdx already.
<smoser> ok
<smoser> well i'll be fast
<smoser> basically, i boot an ec2 instance
<smoser> its out of date with the archive
<smoser> apt-get update && apt-get dist-upgrade
<smoser> wants a new kernel
<smoser> it makes no sense to get a new kernel
<smoser> should i dpkg pin those versions that the image is built with ?
<mathiaz> smoser: is ther kernel package installed on a ec2 image?
<smoser> yes.
<mathiaz> smoser: IMO it should not
<smoser> it should not what
<mathiaz> smoser: because of the modules?
<smoser> right.
<smoser> (actually, there are 2 , both ec2 kernel and uec kernel)
<mathiaz> smoser: well - you don't control which kernel is booted from the instance
<mathiaz> smoser: IMO we should bundle the modules in a different package
<mathiaz> smoser: and then update that package only when we publish a new kernel in EC2
<smoser> wouldn't matter.
<smoser> you'd still (in an old image) be told to upgrade
<smoser> or unless the other package didn't appear as an upgrade
<mathiaz> smoser: yop
<smoser> what would be wrong with pinning the version ?
<mathiaz> smoser: what is kernel related in the EC2 image?
<smoser> i dont understand the question. i think you're missing a word
<mathiaz> smoser: what do you need to change in the EC2 image when the external kernel changes?
<smoser> you need new kernel modules.
<smoser> so i just realized that this fixes the problem:
<smoser> sudo apt-get --purge remove linux-image-virtual linux-virtual
<mathiaz> smoser: yes - as mentionned in the google groups, there's no need to have a kernel package installed on the EC2 image
<mathiaz> smoser: neither grub
<mathiaz> smoser: they should be removed
<mathiaz> smoser: what you need is the kernel modules though
<smoser> i disagree with "there's no need to have a kernel package installed on the EC2 image"
<smoser> completely
<mathiaz> smoser: we could have an linux-ec2-kernel-modules that would depend on linux-ec2-kernel-modules-X.Y.Z packages
<smoser> i dont see the value in that to be greater than the pain to maintain it.
<mathiaz> smoser: and linux-ec2-kernel-modules-X.Y.Z packages would just provide the relevant kernel modules for published ec2 kernels
<mathiaz> smoser: right - what you need in each EC2 image is the kernel modules for the running kernel right?
<smoser> correct.
<mathiaz> smoser: however the running kernel is outside of the control of the image
<mathiaz> smoser: but we control all the published kernel
<smoser> a.) for now that is the case
<mathiaz> smoser: so we can publish packages that have the relevant kernel modules for every published kernels in EC2
<smoser> b.) no, but the "supported kernel" with that image *is* 'controlled' in that it is the one registered.
<mathiaz> smoser: if we push a new kernel in EC2, we publish/update the linux-ec2-kernel-modules to have the new kernel modules
<smoser> but see thats exactly what we're doing now
<smoser> except for, when the image is built, it requests 'linux-virtual' and 'linux-ec2'
<smoser> which end up getting updated, and then updgrade says "hey you need new versions"
<mathiaz> smoser: does linux-ec2 have a kernel or only kernel modules?
<smoser> but if we didn't have those 2 packages, but rather only the kernel packages then it would not prompt for update
<smoser> who cares if there is a kernel
<smoser> really
<smoser> yes, its a waste of 3M
<mathiaz> smoser: right - what matters is to have the kernel modules corresponding to the running kernel
<smoser> i'm confused.
<mathiaz> smoser: one related idea I had for some time is how we can notify instances that there is a new kernel available
<mathiaz> smoser: hm - me too.
<mathiaz> smoser: so what's the current problem?
<MTecknology> patdk-wk: I think you should donate a spare server + hosting to us :D
<smoser> the problem is that on an ec2  instance (or UEC) running an 'apt-get upgrade'
<smoser> suggests that you install new kernel packages
<smoser> which it doesn't need to
<smoser> so you waste the bandwidth and IO
<smoser> but the old image package is not removed, everything still works.
<smoser> its just confusing and a waste of resources
<smoser> while talking to you, i realized that
<mathiaz> smoser: ok
<mathiaz> smoser: right - so don't install the normal linux-ec2 kernel package
<mathiaz> smoser: rather a specific linux-ec2-kernel-modules
<smoser> right. that can all be fixed by: sudo apt-get remove linux-image-virtual linux-virtual linux-image-ec2 linux-ec2
<MTecknology> I should look into the cost of ec2
<zul> mdeslaur: ping
<mathiaz> smoser: that will only be updated if there is a new kernel available in EC2
<smoser> the reason i install the meta packages is that they automatically resolve to "latest in archive" for me.
<mdeslaur> zul: yessir
<patdk-wk> ec2 is much more expensive than linode
<zul> so explain why again?
<smoser> ec2 is not really a linode replacement. they're almost completely different things.
<smoser> but if what you want is a VPS, linode is cheaper
<mdeslaur> we ship mount.cifs with the setuid bit set, because debian does it. Other distros don't. Upstream samba doesn't want the bit set, as the code hasn't been audited for that. They've even added code in the latest release to bail out if the setuid bit is set.
<mathiaz> smoser: right - what you really wanna install in your ec2 image are the kernel modules for which there is a corresponding kernel published in ec2
<mdeslaur> so I wonder what tools we have that _need_ the setuid bit
<smoser> well, yes, but the way it works now is that is all in one process
<MTecknology> so what si ec2 best used for?
<mdeslaur> zul: ie: does nautilus need it?
<smoser> image is built, kernel is extracted, if the kernel is not published, it is published, then image is published.
<zul> mdeslaur: have you tried using it out with the setuid bit?
<mdeslaur> zul: well, if you remove the bit, regular users can't mount samba shares
<smoser> basically when publishing an image, you publish the kernel it needs
<zul> mdeslaur: i dont think so but I dont use nautilus that much
<mdeslaur> zul: let me investigate more next week
<patdk-wk> MTecknology, could probably do something
<zul> mdeslaur: sure
<mdeslaur> it's a bit early
<mathiaz> smoser: right - so I think what you need to install in EC2 images is the linux-ec2 package
<mathiaz> smoser: since if there is a new linux-ec2 package available in the archive, corresponding modules should be available for ec2 images and the kernel is automatically published in ec2?
<MTecknology> patdk-wk: the way I'm looking at it now is I should just try to build a VM to test out what you mentioned; then try to push that to the dev server, then push it live; I should also try to manage in linode as long as I possibly can - $20/mo for each system
<smoser> mathiaz, i dont follow that last part.
<mathiaz> smoser: if there is a new linux-ec2 kernel, is it automatically published in EC2?
<mathiaz> smoser: ie can the new kernel be used to boot new images?
<smoser> mathiaz, basically, yes.
<smoser> afer a nightly build takes place
<uvirtbot`> New bug: #455294 in eucalyptus (main) "UEC Installer should point to management interface" [Wishlist,Incomplete] https://launchpad.net/bugs/455294
<mathiaz> smoser: right
<MTecknology> patdk-wk: I looked into it more and it could be potentially over a year before we can consider a datacenter
<mathiaz> smoser: I think the problem mentionned in the google group thread is that when there is security update published, dist-upgrade in an instance will pull it down
<mathiaz> smoser: that's something we wanna avoid - right?
<smoser> well, sort of.
<smoser> i just posted a comment there, please read
<smoser> in the bug
<mathiaz> smoser: if so, don't install linux-ec2, but the actual package - like linux-image-2.6.32-301-ec2
<smoser> i actually think it all fixes itself we dont have the metapackages.
<smoser> right.
<smoser> and that gets updates *someimtes* (within the abi)
<mathiaz> smoser: yop
<smoser> and you would likely want those changes
<smoser> so, fo me, the easiest way to do this is to simply purge the metapackages after image build
<mathiaz> smoser: well - in EC2 you'd have to rebundle the image no?
<smoser> because right now i select my kernel with them
<smoser> and that is easy
<smoser> rather than figuring out which version is current.
<smoser> mathiaz, well now. inside of a single ABI, the kernel modules will be good
<smoser> ie:
<smoser> linux-image-2.6.32-301-ec2 is version 2.6.32-301.4
<mathiaz> smoser: right - I'd discuss that with the kernel team though
<smoser> there at times are updates for that
<smoser> and they have the same package name
<mathiaz> smoser: as you'd just update the modules, not the kernel
<smoser> different version
<smoser> that is what ABI compatibility is
<smoser> :)
<smoser> thats the reason there is that number
<mathiaz> smoser: right - so just having the package name, without pinning the version should be enough
<smoser> the '301' or '11' in linux-image-2.6.32-301-ec2 or linux-image-2.6.32-11-virtual
<mathiaz> smoser: if you don't have the metapackage installed, you won't be asked for an upgrade
<smoser> thanks mathiaz . i think i'm fine now.
<smoser> right.
<smoser> for  now i think i'm just going to remove the packages after they're included
<smoser> so that i get them at build time to help me figure out "what is the current package"
<smoser> but then dont need them after that.
<mathiaz> smoser: right - you may wanna investigate the grub removal as well
<mathiaz> smoser: right
<smoser> right.
<mathiaz> smoser: and then we can brainstorm about how to notify of new kernel available in running instances
<mathiaz> smoser: as hey there is a security update for the kernel - you rebundle/restart your EMI
<mathiaz> smoser: as hey there is a security update for the kernel - you *should* rebundle/restart your EMI
<smoser> is there any thing different there than in mnormal '-server' ?
<mathiaz> smoser: for the kernel upgrade notification?
<smoser> right.
<smoser> or would i be breaking that by removing meta packages
<mathiaz> smoser: that's one of the reason for having the meta-package installed
<smoser> y
<mathiaz> smoser: that's how you'd be notified that there is a new kernel available
<mathiaz> smoser: that's why I'd suggest to have a specific -kernel-modules packages, that only ships the kernel
<mathiaz> smoser: it would be smaller and you'd still be notified about new kernel being available
<smoser> just maintainence
<smoser> i have lots of things to maintain
<mathiaz> smoser: if that happens, you'd get the new kernel modules and you could rebundle your emi with the new kernel
<smoser> i guess i'm missing something
<mathiaz> smoser: right - it's a tricky situation
<mathiaz> smoser: I'm about to board
<smoser> later.
<mathiaz> smoser: we can discuss that later then
<uvirtbot`> New bug: #514304 in samba (main) "Samba failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Incomplete] https://launchpad.net/bugs/514304
<Italian_Plumber> I looking through a user's DNS queries a good way of telling what web surfing they're doing?
<erichammond> mathiaz, smoser: I didn't quite follow all of that EC2 kernel/modules/package conversation.  However, I wanted to point out that you don't have to rebundle/build a new AMI to upgrade the kernel.  There are currently two options:
<erichammond> (1) start a new instance with the same AMI, but specify an override of the newer kernel.
<erichammond> (2) Stop a running EBS boot instance (not terminate), ec2-modify-attributes to change the kernel+ramdisk, and start the instance again.
<smoser> 2 actually gives a supportable path for kernel upgrades.
<erichammond> It should be easy to install and keep multiple kernel module versions on an instance so that it can be tested back and forth with different kernels.
<erichammond> smoser: but (2) is only available for EBS boot instances.
<smoser> in both cases you have to get the modules into the instance
<smoser> although it will boot successfully you wont have all modules
<erichammond> Which begs the term of "successfully" if you're running an application on it :)
<smoser> well, you can get them with 'apt-get install linux-ec2-$(uname -r)
<smoser> '
<smoser> if you're using package dkenerls.
<smoser> so, that is intersting, for ebs, it seems like the value of the package "upgrade" is there.
<smoser> thanks for your input.
<erichammond> sure, but this being Ubuntu, I'm guessing you're going to try to find the simplest, easiest way to do this for users so they don't have to know things like $(uname -r) :)
<smoser> so heres where this started
<smoser> in an ec2 instance (non EBS), when there is an new kernel available, your 'apt-get upgrade' will pull it and install it
<erichammond> smoser: Sorry to interrupt, but I'm leaving now and trust you to work it out.  Let me know if you need my input and I'll study the issue further.
<smoser> (it will also pull linux-virtual, which is completley pointless for you).
<smoser> but because without ebs you cannot change that instance's kernel, theres no point in that upgrade
<smoser> its wasted IO
<smoser> with ebs, that upgrade actually does make sense though, as you oculd hten tell the user: you should stop this instance and modify its kernel"
<ruben23> can i setup my linux server to used nas as storage..
<ruben23> is it possible
<patdk-wk> sure
<patdk-wk> use nfs or cifs
<Maleko> why exactly is user "irc" created by default in vanilla ubuntu setup?
<Disconnect> so without trying to be snarky i'm really beginning to think that UEC has a -wildly- different definition of "enterprise" than the rest of us.
<ruben23> thanks im planning to buy Qnap a Nas hardware..to be used for file server and storage for my servers..
<erichammond> smoser, mathiaz: Without ebs boot installing the new kernel modules could still help because the user can rebundle the running instance and run the resulting new AMI with the new kernel.  There a number of different paths for using AMIs on EC2 depending on the architecture.  Downloading a few extra MB of kernel modules seems like a small price to pay for the potential benefits, simplicity of your implementation, and to reduce the el
<genii> Maleko: I imagine it's a standard reserved name and uid for a service, like others such as mail, news,syslog, saned and so on
<Maleko> is there any way to know if those accounts are being used?
<Maleko> i need to use the account name for my own use but i fear removing it will break something
<guntbert> Maleko: I advice against that: irc is  a system account (uid=39), and cannot be accessed normally (look with sudo grep irc /etc/shadow)
<Maleko> ah okay.
<cihan253> hi all I have an amazon ec2 and using ubuntu but I have some problems. I cant install ec2-ami-tools to the machine. so I cant save the modified ami file in S3
<MTecknology> !info nginx
<ubottu> nginx (source: nginx): small, but very powerful and efficient web server and mail proxy. In component universe, is optional. Version 0.7.62-4ubuntu1 (karmic), package size 320 kB, installed size 784 kB
<MTecknology> !info nginx lenny
<ubottu> 'lenny' is not a valid distribution: hardy, hardy-backports, intrepid, intrepid-backports, jaunty, jaunty-backports, karmic, karmic-backports, karmic-proposed, kubuntu-backports, kubuntu-experimental, kubuntu-updates, lucid, lucid-backports, lucid-proposed, medibuntu, partner
<MTecknology> !info nginx lucid
<ubottu> nginx (source: nginx): small, but very powerful and efficient web server and mail proxy. In component universe, is optional. Version 0.7.63-1ubuntu1 (lucid), package size 323 kB, installed size 792 kB
<Italian_Plumber> hello.   I've installed a PCI SATA controller card in a Pentium III machine running hardy.  when I start up the machine, I get a "kernel panic". What could be the problem?
<PatrickDK> hmm, maybe something on that motherboard doesn't like that pci card at all
<Italian_Plumber> yes... with this hard drive in, the machine won't even boot up into the live CD.
<android60> How can I tell which disk grub installed to? Also, I am getting a black screen and no prompt after boot, I can ssh just fine, just no prompt at the machine
<MTecknology> patdk-lap: I think I might wind up using nginx and lighthttpd inside a vm to see which I Like better
#ubuntu-server 2010-01-30
<uvirtbot`> New bug: #514570 in samba (main) "package winbind 2:3.4.0-3ubuntu5.4 failed to install/upgrade: podproces installed post-installation script zwrÃ³ciÅ kod bÅÄdu 139" [Undecided,New] https://launchpad.net/bugs/514570
<simmerz> Hi. I'm trying to upgrade an Intrepid server install to Jaunty, and I'm getting this: The package 'ubuntu-minimal' is marked for removal but it is in the removal blacklist.
<jmarsden> simmerz: Seems odd.  If you    sudo apt-get -f install     # does it show any errors, or fix anything?  I'm guessing that in some way or other the apt package database in Intrepid is unhappy/confused, and that leads to the error you are seeing.  if I'm right the fix is ti clean up the package database, and only then attempt the upgrade.
<simmerz> no errors. nothing fixed
<simmerz> the only thing i'm using is a custom kernel from my hosting provider's repository
<simmerz> everything else is straight ubuntu
<jmarsden> Hmmm... so maybe I guessed wrong :)  Can you go back to a real Ubuntu kernel, reboot, and then try the upgrade?
<simmerz> I don't have another one installed. what is the right package to install? I'm thinking some virtual one or something?
<simmerz> ah, additional thing: it's a kvm host
<simmerz> in which case it's between linux-image-server and linux-image-virtual
<jmarsden> simmerz: Do you own/rent the entire physical machine, or just a virtual machine within it?  if the latter you ned to check with your provider that a normal kernel will even boot at all in their system...
<simmerz> rent the entire machine
<simmerz> and i'm upgrading the host, not the guests
<jmarsden> OK, then linux-image-server should be the one.
<simmerz> ok
<simmerz> wonder if just by having it installed, the upgrade might work..
<simmerz> that'll be a no
<jmarsden> I'd really doubt that would do anything useful.
<simmerz> so i'll need to reboot into this kernel now and try that?
<jmarsden> I'm not even sure running that kernel will fix your issue, to be honest, but it's worth a try if you can afford a server reboot.
<jmarsden> Yes.
<simmerz> wondering if running it and then uninstalling the custom one might do it?
<simmerz> given it suggests that one of the causes of that problem is using software not from ubuntu.
<jmarsden> simmerz: Make very sure your sevrer runs fine with the default one before trying that :)
<simmerz> i intend to!
<simmerz> there are 4 client guests on the box that i have no intention of buggering up!
<jmarsden> Do you know why the hosting provider created their own kernel, and what exactly they did to it?
<simmerz> jmarsden: mostly to support some legacy hardware, and they've stuck with it. but generally they appear to be moving to stock kernels now
<simmerz> mostly because they also do vps with their custom kernel too...
<jmarsden> OK.  Then as long as your server doesn't have that legacy hardware, you should be fine.
<simmerz> it's Bytemark if you're wondering (UK hosting provider)
<simmerz> hmm. installing didn't add the kernel to grub
<simmerz> update-grub seems to not have been run
<simmerz> done it now
<jmarsden> That may be some side effect of the earlier kernel being a custom one?  Anyway... the big question now is... does it boot from the stock Ubuntu kernel? :)
<simmerz> yes
<simmerz> now I can't get the vm's started again though. incl. on the old kernel :D
<jmarsden> Hmmm, that's not nice. Do you need to do anything to load a KVM module by hand or by customizing a config file??
<simmerz> i'm back on the old kernel atm. just to work out what i'm doing wrong
<simmerz> shouldn't need to load it. kvm_amd and kvm are loaded
<simmerz> joyfully, I get naff all by way of bug reporting
<jmarsden> So you try to start a VM and it just returns as though it succeeded?  Strange.
<simmerz> but without it running. I'm using kvmctl
<simmerz> what an idiot. could not aquire pidfile. istr having to create a directory in /var/run :D
<android6011> I setup a samba share on ubuntu server and when I try to connect from win7 it isnt accepting my username and pass for the server. I notice it adds the name of the windows machine to the username so i tried doing \\ubuntuserver\username as the format but no go.
<simmerz> how can i automate that?
<jmarsden> simmerz: Automate creating /var/run/somedirectory?  Stick  an mkdir /var/run/somedirectory command in /etc/rc.local ?
<simmerz> will test that shortly
<simmerz> just making sure kvm runs on the stock kernel nicely
<simmerz> i'm aiming at upgrading as far as karmic and getting libvirt running again
<jmarsden> Sounds doable...
<simmerz> jmarsden: all guests running happily on the stock kernel now
<jmarsden> You are well on your way.  Good.  I'm off to transport a bunch of kids around, will probably be back here later.
<simmerz> still no joy :( even after removing the kernel and the deb line in /etc/apt
<jmarsden> simmerz: So it's something else... nothing obvious comes to mind, I'd google a bit and hope someone else documented a solution.
<simmerz> yeah that's what I've been doing :(
<simmerz> jmarsden: you won't believe this. It worked when I changed the deb sources to use the official mirror instead of my hosting provider's one
<simmerz> why would grub not automatically update? my machine thinks it's dealing with lilo
<twb> d-i will install lilo if you don't put /boot somewhere grub can find it
<twb> You might also want to check /etc/kernel-img.conf
<twb> Note that (at least with GRUB Legacy) "updating grub" means updating /boot/grub/menu.lst, NOT re-writing the MBR.
<jumbers> Is it possible to configure Ubuntu Server to do a clean shutdown on power button press?
<twb> jumbers: aptitude install acpid
<twb> It annoys me that this isn't in the default install.
<twb> Last time I brought it up, I was told that "most servers are in a rack, you are unlikely to shut it down directly, and you might accidentally bump the button"
<jumbers> Right, because you're likely to bump into the power button on a rack mounted server
<twb> jumbers: well, everyone has kicked out the UPS at least once :-)
<simmerz> jmarsden: all happy now :)
<jmarsden> Cool!  Happy and running Karmic?  Or still Jaunty? :)
<jumbers> twb: At least that was super easy
<twb> Yeah
<twb> It's slightly bizarre, but the acpid breakdown has one package for "base support + power button --> shutdown" and then a second package "every other damn thing"
<twb> s/base support/the daemon itself/
<twb> I guess people like you and me are a big enough minority that splitting powerbtn.sh out of the "everything else" package made sense
<jumbers> Because it's stupid to not support that
<jumbers> I put it on my home server, though I wouldn't put it on my server in the data center
<twb> jumbers: but why is the power button more special than, say, the CPU fan?
<jumbers> :iiam:
<simmerz> jmarsden: Jaunty for now. It's 3.30am so going to sleep and doing the karmic upgrade in the morning
<jmarsden> twb: Maybe because the cpu fan does something useful (spins, cools) without acpid; the power button *needs* acpid to do its job? :)
<jmarsden> simmerz: OK; sleep well :)
<twb> jmarsden: I guess...
<twb> Technically the power button does work without acpid -- hold it down and it'll do a hard halt
<simmerz> jmarsden: thanks for the pointers. sort of guided me into trying more stuff
<jmarsden> simmerz: You're welcome.
<jumbers> twb: But that's at hardware level
<jumbers> Not kernel
<jmarsden> jumbers: So is the cpu fan :)
<jumbers> The kernel doesn't monitor and adjust the fan accordingly?
<jmarsden> Without acpid?  I don't think so.  Too many different thermal sensors and fan control approaches for that to be all directly in the kernel, I would think.
<uvirtbot`> New bug: #514629 in samba (main) "package samba 2:3.3.2-1ubuntu3.2 failed to install/upgrade: podproces nov? post-removal script vr?til chybov? k?d 1" [Undecided,New] https://launchpad.net/bugs/514629
<MTecknology> lilzeus-web: hi
<lilzeus-web> hello
<lilzeus-web> wow, that was fast
<lilzeus-web> sleeping
<MTecknology> I'm always in here
<MTecknology> anyway - ya - most are US timezone
<MTecknology> so let's get started
<MTecknology> where is your server?
<MTecknology> physical location according to where you are
<lilzeus-web> OK, so, my DNS service points to my router(I use zoneedit.com), my router is port forwarding(80) to my local server's IP but webpages are not loading when requested
<lilzeus-web> I am in Cali
<lilzeus-web> err, its at my feet and I am on it now
 * jmarsden does not recommend standing on servers :)
<MTecknology> what's the ip?
<MTecknology> jmarsden: I've done it :P
<MTecknology> they're warm
<lilzeus-web> don't hack me
<lilzeus-web> 173.58.165.11
<lilzeus-web> hopefully you get 'It works!!'
<MTecknology> yup
<MTecknology> !loopback
<ubottu> To mount an ISO disc image, type Â« sudo mount -o loop <ISO-filename> <mountpoint> Â» - There is a list of useful cd image conversion tools at http://wiki.linuxquestions.org/wiki/CD_Image_Conversion - Always verify the ISO using !MD5 before !burning.
<lilzeus-web> hell, I got nothing worth hacking...lol
<MTecknology> that's not it...
<MTecknology> lilzeus-web: language.. gotta watch it outside of -offtopic ;)
<MTecknology> lemme find a link....
<MTecknology> meh - I'll explain
<MTecknology> lilzeus-web: what is the local IP of your server
<jmarsden> MTecknology: Since you see "It works!", it works... the server is alive and visible.
<MTecknology> 192.168.1.5 ?
<lilzeus-web> 192.168.1.5
<MTecknology> :P
<lilzeus-web> how did you know?
<MTecknology> type that in your web browser
<MTecknology> just a guess
<lilzeus-web> seriously?
<lilzeus-web> you guessed?
<MTecknology> it's a common one
<lilzeus-web> hmm, I just picked it randomly
<lilzeus-web> lol
<MTecknology> anyway - go there in your browser
<lilzeus-web> It works!
<MTecknology> yup
<MTecknology> now try your public IP
<lilzeus-web> same
<MTecknology> that shouldn't work
<MTecknology> it should time out
<jmarsden> MTecknology: It would work if his router is smart enough to do loopback routing :)
<MTecknology> nice router you have then i guess...
<MTecknology> jmarsden: first router I've ever heard of being that smart :P
<lilzeus-web> oh yeah, its one of the smartest
<lilzeus-web> trained it myself
<jmarsden> Really?  Plenty do it, mostly the higher end ones.  Sonicwalls do it, for example.
<lilzeus-web> it can sit, stay...roll over is tough though
<MTecknology> my servers roll over - and die
<lilzeus-web> its a one turn trick, huh
<lilzeus-web> my router is a Verizon
<jmarsden> lilzeus-web: So when you said <lilzeus-web> ... webpages are not loading when requested      what did you mean?  Is that still the case?
<lilzeus-web> err Westell Ultraline
<MTecknology> lilzeus-web: basically traffic goes one way; source -> dest ; you're trying to make your source the same as the dest is it's source -> source. When you go to through DNS; icky things happen
<lilzeus-web> jmarsden: sort of...I have two websites actually...everything was hunky dory a few days ago
<jmarsden> So which one has the issue -- sounds like MTecknology just tested the working one :)
<lilzeus-web> strange, cuz I didnt really change anything
<MTecknology> lilzeus-web: give us links to go check out
<lilzeus-web> I tried installing PHPBB...ubuntu updated...the router got a new IP...thats about it
<lilzeus-web> www.lilzeus.net
<lilzeus-web> try that 1990's html, if you dare!
<MTecknology> that's a lot of changing
<MTecknology> lilzeus-web: that page loads fine
<lilzeus-web> ???
<qman__> yes, works here too
<lilzeus-web> before I go too far, where is the 'hosts' folder?
<MTecknology> I see that resolves to 64.158.56.58 and 63.251.179.58
<patdk-lap> hmm
<MTecknology> /etc/hosts
<lilzeus-web> errr what????
<lilzeus-web> you see a website at www.lilzeus.net???
<qman__> yes
<jmarsden> lilzeus-web: Me too.
<MTecknology> not very eye appealing
<lilzeus-web> easy....
<lilzeus-web> :)
<patdk-lap> it's probably cause lilzeus is hosting it on his firewall
<lilzeus-web> I did that way back in the 90's
<patdk-lap> and doesn't have his firewalls setup for local access to it :)
<MTecknology> "Welcome friends to my Suzuki Samurai website. Here you will find information about and"
<MTecknology> patdk-lap: yuppers
<MTecknology> lilzeus-web: read that loopback part again
<MTecknology> lilzeus-web: in your router setup dns forwarding from lilzeus.net -> 64.158.56.58
<MTecknology> lilzeus-web: they were right in #httpd; it's your DNS that needs fixing; not external DNS hosting - but your internal DNS
<lilzeus-web> fine, but they were a$$holes for the 95% of the time until the figured it out...and still didn't offer help
<lilzeus-web> lol
<patdk-lap> heh?
<patdk-lap> irc exists to solve your issues?
<patdk-lap> no wonder you didn't get help
<MTecknology> I'll agree there; they could have explained things better :P
<MTecknology> lilzeus-web: The logs they wanted were to check to see what was happening to the server to see if you were even getting there and if you were how and why it was breaking
<lilzeus-web> hey pat, nice straw man/nonsquitur there
<patdk-lap> heh?
<lilzeus-web> so, were you there in #httpd?
<patdk-lap> nope
<patdk-lap> I'm just going by how your acting in here :)
<lilzeus-web> sorry pat, that question was for MT
<MTecknology> patdk-lap: I think they both handled things poorly in there; nothing wrong with how he's acting here
<lilzeus-web> pat: #httpd says it is supposed to help you, was I expecting to much when I went there for help?
<MTecknology> lilzeus-web: I'm everywhere
<lilzeus-web> MT: so it would seem...
<lilzeus-web> ;)
<lilzeus-web> so, I can remove that entry into the hosts file
<MTecknology> It's how I caught one person and caused them to be pretty much banished from the web entirely :P
<lilzeus-web> that they had me put in...it was for the other website anyways
<MTecknology> lilzeus-web: probably; just put it in your router
<lilzeus-web> I can't find this entry you mentioned in my router
<lilzeus-web> where were you getting that 65.x.x.x??
<lilzeus-web> errr 64.x.x.x?
<lilzeus-web> all the port forwarding was set up correctly before...I didn't change any settings in my router before all of this...
<MTecknology> you'll want to use the most direct IP you can to get to it. This isn't port forwarding
<patdk-lap> the router is port forwarding EXTERNAL connections inside :)
<patdk-lap> your are already inside
<patdk-lap> so it won't forward it inside to your webserver
<lilzeus-web> ok, so it works for you guys but not me
<patdk-lap> yes
<MTecknology> example; if your server and you and your router are in the same builing and you can access the server via 192.168.1.5 (this seems to be the case); setup the router DNS to forward yoursite.com -> 192.168.1.5
<lilzeus-web> MT: ah
<patdk-lap> if your router lets you
<jmarsden> MTecknology: inappropriate use of "forward".  I think you mean "resolve" ?
<patdk-lap> you can also forward connections going to the routers internal ip to your webserver, to make that work
<MTecknology> jmarsden: ya, that one
<patdk-lap> but most won't let you
<MTecknology> jmarsden: in my defense I should be sleeping :P
<patdk-lap> mt, I thought you where on the west coast :)
<MTecknology> CST
<MTecknology> -0600
<lilzeus-web> well, shouldn't any computer on my network, when you put in www.lilzeus.net into a browser go out to DNS and resolve back to my webserver anyways?
<patdk-lap> EST here :)
<patdk-lap> lilzeus-web, yes
<patdk-lap> but when you do that, your using the external ip
<patdk-lap> and your router won't let internal ip's be redirected to internal servers
<patdk-lap> now if you use split dns
<patdk-lap> one result for external people
<patdk-lap> and your internal ip for internal hosts, it will work fine
<patdk-lap> just a pain to manage somewhat
<lilzeus-web> hmm
<MTecknology> pfsense lets you do it very easily
<patdk-lap> ya, I have shorewall solve that issue for me
<lilzeus-web> so, if I am using external ip then why aren't my pages loading?
<patdk-lap> cause your internal
<lilzeus-web> omfg
<lilzeus-web> it just worked
<lilzeus-web> I have done nothing
<patdk-lap> heh?
<lilzeus-web> lets try the other site
<MTecknology> I wish there was a pretty picture for this loopback issue. It's so common and it's beginners that need to understand it..
<lilzeus-web> bam...now IT works too
<lilzeus-web> what in the world
<patdk-lap> what does nslookup say for it?
<lilzeus-web> one minute my laptop would not resolve either address...now, it does
<lilzeus-web> I didn't change anything in my router either
<MTecknology> ok.... I'm gonna forget this and go to sleep
<patdk-lap> but it's only 2am for you :)
<lilzeus-web> MT: sounds like a good idea
<MTecknology> patdk-lap: look up split dns
<MTecknology> patdk-lap: I get up early
<MTecknology> ~6
<patdk-lap> why look up split dns?
<patdk-lap> I just recommened he use split dns
<lilzeus-web> thanks for the actual help, MT
<lilzeus-web> ;)
<MTecknology> patdk-lap: just so he understands the loopback
<MTecknology> lilzeus-web: gotta thank the other two guys too :)
<lilzeus-web> well, only one of them actually helped and started to troubleshoot
<MTecknology> lilzeus-web: I mean patdk-lap and jmarsden
<lilzeus-web> the other was just being an a$$...purposefully I think
<lilzeus-web> oh
<lilzeus-web> lol
<lilzeus-web> thought you meant the jerks in #httpd
<MTecknology> just drop that
<lilzeus-web> thanks pat and jmarsden
<MTecknology> lilzeus-web: lookup and research why you can't normally resolve and connect to a local site if your inside the network; then also look into solutions
<MTecknology> it'll blow your mind; and help you a lot later on
<jmarsden> lilzeus-web: You're welcome.
<patdk-lap> yay for cisco docs : http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml
<patdk-lap> nat loopback :)
<lilzeus-web> uh, just looking at that address, I am not touching it
<patdk-lap> cisco is the only place I could find with pictures
<lilzeus-web> pictures? really, then maybe I will...lol
<patdk-lap> ya, just ignore all the cisco commands :)
<MTecknology> patdk-lap: that's awsome
<MTecknology> lilzeus-web: you need to read that
<patdk-lap> lets talk about my issues
<patdk-lap> nat loopback with a loadbalancer in between :)
<lilzeus-web> lets not
<patdk-lap> that really made things fun :)
<lilzeus-web> ;)
<lilzeus-web> so really, my problem was my router got a new IP address
<MTecknology> patdk-lap: my mind can't handle non-trivial
<patdk-lap> hehe :)
<patdk-lap> or my cisco router that ignores routes :)
<patdk-lap> so I have to push arp packets to it to direct traffic :)
<patdk-lap> nothing like cron'ing arp pings every min :)
<MTecknology> anyway - because I don't run my own datacenter for cisco..... I'm turning the rest of my mind off now
<MTecknology> I can't handle any more learning today
<patdk-lap> oh, but it's fun :)
<lilzeus-web> it is
<lilzeus-web> now I just need to set up PHPBB
<MTecknology> I'm learning to do debian packaging; physics; other college classes; grow my itty bitty company.....
<MTecknology> that's what I worked on today
<lilzeus-web> physics of the impossible
<MTecknology> also had to recompile my kernel and touch it up a little
<patdk-lap> I got nothing done at all today
<MTecknology> and fixed up an issue on my servers; another issue to deal with tomorrow
<patdk-lap> besides explain blades/server/... to MTecknology
<MTecknology> oh - also applied for a PT job
<MTecknology> patdk-lap: and teaching me what I can do if I ever have some realy money rolling in
<patdk-lap> hmm, no
<MTecknology> I wonder what it costs per month to run that massive beast
<patdk-lap> hire someone to deal with it for you :)
<patdk-lap> fully loaded?
<patdk-lap> almost 2k in electricity a month
<MTecknology> wow
<patdk-lap> add 1k for a place to put it
<MTecknology> plus rack space
<patdk-lap> and whatever for bandwidth
<MTecknology> that's insane
<MTecknology> If I can ever afford something like that - :D
<MTecknology> then I'll know we did something right
<MTecknology> until then..... it's sleepy time
<patdk-lap> at that point is normally when things start going the other way :(
<MTecknology> why's that?
<patdk-lap> you feel that you have *made it*
<patdk-lap> and stop paying attention or caring as much
<patdk-lap> and things just happen, and starts to go down
<lilzeus-web> live in a sunny area? go solar
<patdk-lap> heh
<patdk-lap> solar takes 25years to pay for itself
<patdk-lap> and only lasts for 30years :(
<patdk-lap> without goverment aid atleast
<lilzeus-web> pat: you couldn't be more wrong
<patdk-lap> only cause the goverment gives you all kinds of writeoffs for it
<lilzeus-web> so, take the aid
<patdk-lap> ya, but that isn't real
<patdk-lap> it's hardly *profitable*
<patdk-lap> wind is so much more profitable
<patdk-lap> and more abundent
<lilzeus-web> so, the state isn't 'really' giving me a $9100+ rebate?
<MTecknology> patdk-lap: to be honest; I don't ever want to feel like I 'made it'; I jsut want to feel like I'm not scraping barrels to find the pennies to pay the $40/mo operating costs
<patdk-lap> lilzeus-web, but where did that 9k come from? your taxes last year :)
<lilzeus-web> so
<lilzeus-web> :)
<lilzeus-web> better that I get my tax money back and put to a good use
<patdk-lap> one way or another it evens out
<patdk-lap> so it's still the goverment attempting to make it look good
<lilzeus-web> we are way off-topic, I am just waiting to get booted
 * patdk-lap will only ever support using solar in a remote, offgrid, purpose :)
<lilzeus-web> it is good, people are just not smart enough to crunch the numbers...we want instant gradification
<MTecknology> lilzeus-web: maybe during the day when most people here are awake
<patdk-lap> heh, it seems to be pretty dead during the day also
<lilzeus-web> we can't stand to wait a few years for an investment to mature
<MTecknology> This probably is pretty far off topic though :P
<lilzeus-web> but either way, you could be cash positive in the first month, depending on the size of the system
<patdk-lap> I can still drag it a few miles :)
<MTecknology> personally - I can't afford soalr technology - so it doesn't matter to me
<lilzeus-web> and I am not salesman, I am just the kind of person who researches these kinds of things to death
<patdk-lap> for me, it uses way too much space
<patdk-lap> using solar heating is much more cost effective
<lilzeus-web> too much space?  you are using your roof for something?
 * patdk-lap solarheats mtecks servers :)
<patdk-lap> lilzeus-web, using high capacity solar panels, I would cover 100% of my roof, and not create enough power
<lilzeus-web> oh, for your servers or home?
<patdk-lap> no servers
<patdk-lap> just home
<patdk-lap> really, just wife
<patdk-lap> leaving 4+ tv's on all day :(
<lilzeus-web> you have a small home?
<patdk-lap> pretty small
<lilzeus-web> well, it certainly isn't going to hurt either
<MTecknology> g'night all
<lilzeus-web> we have a decent sized home but very little that faces south...when we switch to net metering we may end up paying a couple hundred a year for power
<lilzeus-web> g'night MT!
<lilzeus-web> and thanks for being friendly
<lilzeus-web> in August, we had a bill that came close to $500
<patdk-lap> I pay <1k a year for electricity
<patdk-lap> my highest runs around 145
<lilzeus-web> that's great!
<patdk-lap> and that is with a 26year old a/c unit :)
<patdk-lap> 8seer I think, maybe 6
<patdk-lap> this house is so energy non-efficitent, it's sick
<lilzeus-web> ours may be that old...we have 2 actually
<patdk-lap> but the bills are so low
<lilzeus-web> where do you live?
<patdk-lap> maryland
<lilzeus-web> I live in Cali
<lilzeus-web> power is expensive
<patdk-lap> ya, much much more
<patdk-lap> does make solar like 3x more attractive
<patdk-lap> then it would me
<lilzeus-web> we actually have a tiered system out here...like taxes
<lilzeus-web> the more you consume, the higher the rate
<lilzeus-web> to top bracket is like ~0.31/kwh
<patdk-lap> hmm
<patdk-lap> I'm paying .12 per kwh, including all fees and taxes
<lilzeus-web> yep
<lilzeus-web> we may have a bracket that gets that low or lower...but its so small
<patdk-lap> my usage runs around 800kwh per month
<lilzeus-web> that is pretty high
<patdk-lap> 400-500 during winter
<patdk-lap> 1200 or so during summer
<lilzeus-web> we had a high of about 1800 during the summer
<patdk-lap> dunno, everyone complains at how expensive there electric bill is around here, and mine is so much lower
<patdk-lap> and I use craploads more power
<lilzeus-web> and we have only been here about 7-8 months
<patdk-lap> I dunno if they just don't manage their a/c correctly or what
<lilzeus-web> 6-7
<lilzeus-web> you don't seem to be using all that much power
<lilzeus-web> could be worse!
<patdk-lap> oh, could be half of what it is
<patdk-lap> should be by next winter
<lilzeus-web> why is that?
<patdk-lap> have orig siding, windows, ...
<patdk-lap> getting everything replaced
<lilzeus-web> nice
<lilzeus-web> get the windows with argon in them
<patdk-lap> single pane glass windows :)
<patdk-lap> yep, triple
<lilzeus-web> wow, triple
<patdk-lap> know a guy with tripple argon sliding door, it is really good
<patdk-lap> touch the glass and it's warm inside
<patdk-lap> outside it's <20f
<guntbert> I know the channel is quiet - but I do get some "off topic" feelings .... :)
<lilzeus-web> we have 5 sliding doors...a couple are jumbo sized
<patdk-lap> we are talking about saving power to run our servers :)
<lilzeus-web> well, of course
<patdk-lap> can't let the channel die of bitrot :)
<lilzeus-web> bitrot?
<patdk-lap> bit-rot
<lilzeus-web> do I gotta look that up or can I take your word for it?
<patdk-lap> byte rot?
<lilzeus-web> yeah
<patdk-lap> hmm
<patdk-lap> can't think of the easy way to explain that
<patdk-lap> guess it would be easy to compare it to food
<patdk-lap> you let it sit, it spoils
<jmarsden> http://www.jargon.net/jargonfile/b/bitrot.html
<patdk-lap> so you have to use it
 * patdk-lap wonders if he is showing his age
<lilzeus-web> ah, the wiki was more technical
<patdk-lap> oh, I would of gotten into memory refreshing :)
<lilzeus-web> as far as I can tell, you are fully clothed, no worries
<patdk-lap> from the 8086 days :)
<lilzeus-web> just saw a movie that made reverence to vacuum tubes
<patdk-lap> damn, we scared him away :(
<lilzeus-web> first computer etc
<patdk-lap> heh :)
<lilzeus-web> REvolutionary Road?
<patdk-lap> haven't seen it yet
<patdk-lap> wife has
 * patdk-lap keeps going back to wargames
<lilzeus-web> its not bad
<lilzeus-web> I like Tron
<patdk-lap> tron was an odd one for me
<patdk-lap> I saw it when it came out
<patdk-lap> didn't understand a thing about it, other than the motorcycles where cool
<patdk-lap> I think I was 4
<lilzeus-web> it was more technical...interesting to watch and catch all the jargon
<lilzeus-web> uh oh, now you maybe to showing your age!
<patdk-lap> hehe
<lilzeus-web> woah
<patdk-lap> irc servers finally updates I guess
<lilzeus-web> btw, I am older than you are, I think
<lilzeus-web> :)
<lilzeus-web> if you were 4 when Tron came out, anyways
<patdk-lap> guess I need to lookup when it came out
<lilzeus-web> '82
<patdk-lap> na, 5
<patdk-lap> close guess
<lilzeus-web> Indeed, I am older
<lilzeus-web> :)
<lilzeus-web> so pat, where do you think I could get help setting up PHPBB on ubuntu?
<patdk-lap> heh, phpbb
<patdk-lap> I offically dislike that :)
<patdk-lap> it's not hard to setup at all
<patdk-lap> but I'm having endless issues upgrading a phpbb2 to phpbb3 :(
<lilzeus-web> well, I have tried, and I think I failed
<patdk-lap> well, you should just unpack it into your /var/www directory
<patdk-lap> create a db user and db
<patdk-lap> and run the setup
<lilzeus-web> hmm
<patdk-lap> not sure on the *ubuntu* way
<lilzeus-web> I have this thing called turnkey phpbb
<patdk-lap> cause I generally do stuff that like that manually
<patdk-lap> oh, it's a vm built already
<patdk-lap> you should just have to use the webinterfaces then
<lilzeus-web> I mean, I see it in synaptic
<patdk-lap> hmm, turnkey phpbb is a virtual machine
<patdk-lap> that means you need something to run it on, not sure what it was built for or anything myself
<patdk-lap> but normally that means, vmware, virtualbox, kvm, ...
<patdk-lap> if you just want phpbb on that machine, and not inside a virtual machine, you want to load phpbb3 from synaptic
<lilzeus-web> well, I am trying to install it from synaptic, it seems caught in a loop
<patdk-lap> it should bring in everything it needs, mysql, apache, php, ...
<lilzeus-web> hmm
<patdk-lap> you actually see turnkey phpbb in synamtic?
<lilzeus-web> its stuck at Debconf
<lilzeus-web> no
<patdk-lap> I don't in 9.10 atleast
<patdk-lap> heh?
<lilzeus-web> I am just installing phpbb from synaptic
<patdk-lap> what does debconf say?
<lilzeus-web> installation failed
<lilzeus-web> I can try again
<patdk-lap> of what package?
<patdk-lap> if you didn't have anything else on that system yet
<patdk-lap> it's going bring in like 10+ other things
<patdk-lap> and it could be any one of those that failed
<patdk-lap> can't really help you at all unless I know what one
<lilzeus-web> you are almost certainly correct
<lilzeus-web> cant connect to MYSQL
<patdk-lap> so mysql isn't starting
<lilzeus-web> heck, I can't even fully remove phpbb now either
<lilzeus-web> lol
<patdk-lap> I wonder if it attempting to upgrade you from mysql 5.0 to 5.1
<patdk-lap> I know when it did that on my system it has issues
<lilzeus-web> how do I know if I even have mysql?
<patdk-lap> try, /etc/init.d/mysql stop
<lilzeus-web> ok
<lilzeus-web> it stopped it
<patdk-lap> well, you have it
<lilzeus-web> that is, no errors
<patdk-lap> or it would of said, mysql not found :)
<patdk-lap> try, /etc/init.d/mysql start
<lilzeus-web> fail
<lilzeus-web> lol
<patdk-lap> probably need to check the log files and see what it says about mysql
<patdk-lap> forget what ones, I will see if I can find out
<lilzeus-web> it failed to start
<patdk-lap> look in /var/log/daemon.log
 * patdk-lap notes I am totally way too on topic
<lilzeus-web> what am I looking for?
<patdk-lap> end of file
<patdk-lap> anything that says mysql
<patdk-lap> hopefully something about a problem :)
<lilzeus-web> plenty about mysql
<lilzeus-web> lol
<patdk-lap> pastebin it?
<lilzeus-web> http://pastebin.com/m1fa294bf
<patdk-lap> hmm, does /etc/mysql/debian.cnf exists?
<lilzeus-web> lets find out
<lilzeus-web> yes, but it says unknown file type
<lilzeus-web> it has an X in top right corner
<patdk-lap> that is all that is in it?
<patdk-lap> should have like
<patdk-lap> username=, password=, ...
<lilzeus-web> in it?
<patdk-lap> ya
<lilzeus-web> debeian.cnf?
<patdk-lap> in /etc/mysql/debian.cnf
<lilzeus-web> there is no 'in it'...it won't open...it says 'unknown file type'
<patdk-lap> oh, your using gui stuff :)
<patdk-lap> tell it to use gedit or something
<lilzeus-web> "Could not display "/etc/mysql/debian.cnf"."
<patdk-lap> I only use cli
<lilzeus-web> so, what do you want me to do?
<patdk-lap> open it with gedit
<patdk-lap> well, guess you can't do that either, without being root
<lilzeus-web> no permissions
<patdk-lap> filesize?
<jmarsden> Was /etc/init.d/mysql start done as root?  if not, that would explain many of the errors you got ...
<lilzeus-web> 333 bytes
<patdk-lap> sounds good
<patdk-lap> sudo /etc/init.d/mysql start
<patdk-lap> :)
 * patdk-lap forgets about that, I assume root :)
<jmarsden> Bad idea, Ubuntu has no root login by default... :)
<lilzeus-web> ok
<lilzeus-web> I think it started
<patdk-lap> jmarsden, well, I normally help people that know that :)
<jmarsden> OK... I need to sleep, but at least you now have a running mysql server :)
<jmarsden> Goodnight all.
<lilzeus-web> indeed!
<lilzeus-web> g'night
<patdk-lap> check the logs for errors, again, just incase :)
<lilzeus-web> the daemon thing?
<patdk-lap> ya
<lilzeus-web> looks good as far as I can tell
<patdk-lap> try install again?
<lilzeus-web> looks like version 5.1
<lilzeus-web> from synaptics?
<patdk-lap> I think that might of been my issue also
<patdk-lap> yep
<patdk-lap> the upgrade fails, cause mysql isn't running
<patdk-lap> but if you start it manually, it upgrades properly and is fine
<lilzeus-web> mark for re-installation, complete removal???
<patdk-lap> has issues when I went from hoary to karmic
<patdk-lap> removal?
<lilzeus-web> mark for re-installation, mark for removal, mark for complete removal are my choices
<patdk-lap> reinstallation
<lilzeus-web> password for database admin user?
<patdk-lap> dunno, you should of set one when mysql was installed
<lilzeus-web> ok
<lilzeus-web> hmm
<lilzeus-web> it just quit
<lilzeus-web> it won't run now
<lilzeus-web> weird
<lilzeus-web> as soon as I put in the password, it just quit the install and I am back to synaptic
<patdk-lap> wrong password?
<lilzeus-web> phpbb does not show a check that it is installed, its a green box
<lilzeus-web> maybe
<patdk-lap> at the command line
<lilzeus-web> I only use one though
<patdk-lap> or in terminal
<patdk-lap> or whatever you want to call it :)
<lilzeus-web> uh
<lilzeus-web> neither
<patdk-lap> try: mysqladmin -p status
<patdk-lap> and keep trying, till you guess your correct password :)
<patdk-lap> could probably reset it, but I really don't want to get into that :(
<lilzeus-web> hmm
<patdk-lap> try: mysqladmin -uroot -p status
<patdk-lap> that might work better
<patdk-lap> cause your not doing this as root
<patdk-lap> should give you something like:
<patdk-lap> Uptime: 433174  Threads: 19  Questions: 9995924  Slow queries: 156  Opens: 1499  Flush tables: 1  Open tables: 280  Queries per second avg: 23.76
<lilzeus-web> yep
<lilzeus-web> it did
<patdk-lap> so that is the good password
<lilzeus-web> uptime 826
<patdk-lap> same one you tried for the phpbb install?
<lilzeus-web> yes
<patdk-lap> odd
<patdk-lap> not sure I can help with that
<patdk-lap> I haven't had to diagnose a package install issue before
<patdk-lap> if I did, I normally just install it manually :)
<cemc> is there any nice graphical network monitoring too, but not the server type, more like a graphical ping or something
<cemc> in which I can add multiple IP addresses and it pings them and shows the loss, rtt, etc
<patdk-lap> dunno, I just use mtr
<lilzeus-web> now its asking for the MYSQL application password for phpbb
<lilzeus-web> and a confirmation...so I guess I am creating a password this time
<patdk-lap> hmm
<patdk-lap> oh, so it is creating the user this time, that is good
<patdk-lap> maybe you accidentally types it wrong the other time
<lilzeus-web> nah, I have been this far before
<lilzeus-web> its at the DEbconf on ubuntu-webserver window now
<lilzeus-web> "configuring phphbb3
<lilzeus-web> Next step for database installation:
<lilzeus-web> my choices are: abort, retry, retry (skip questions) ignore
<lilzeus-web> ah, there are errors
<lilzeus-web> everything already exists
<patdk-lap> ignore?
<lilzeus-web> just tried that
<lilzeus-web> I am back at synaptic again
<lilzeus-web> phpbb3 has a green box
<lilzeus-web> ok, I did a complete removal
<lilzeus-web> marking for installation
<lilzeus-web> applying
<lilzeus-web> so, I think its installed
<lilzeus-web> isn't that what the green box means?
<patdk-lap> yep
<lilzeus-web> ok, its installed then
<lilzeus-web> now what?
<lilzeus-web> where the heck is it?
<patdk-lap> try it?
<lilzeus-web> lol
<patdk-lap> on the website
<lilzeus-web> where??
<patdk-lap> I dunno :)
<patdk-lap> maybe localhost/phpbb/
<quentusrex> Is there a reason it seems that ubuntu breaks openldap?
<lilzeus-web> no dice
<lilzeus-web> /usr/share/phpbb3/www/
<Maleko> does ubuntu server iso comes with gparted tool?
<twb> Yes
<Maleko> how do i boot into gparted, through rescue mode?
<Maleko> twb: i meant the livecd mode
<twb> Maleko: the server CD isn't a live CD.
<Maleko> opps
<simmerz> anyone know why i'd get this with the stock karmic kernel? http://pastie.org/801619
<jongbergs> hi, planning to setup squid proxy server for our company network..should i go to transparent or non-transparent proxy?
<KurtKraut> jongbergs, using non-transparent proxy will require you to configure every little program on every computer to use the proxy. If it is achiveable for you, use it.
<jongbergs> KurtKraut: i have read a considerable amount of posts regarding transparent proxying most are not working..in my situation i use squid3 on non-transparent..which do you think is preferable option?
<KurtKraut> jongbergs, if you are a single IT guy and you have like 50 or more computers that will use this proxy, I'd go transparent. Because non-transparent you'll have to use each computer and configure them one by one manually.
<mrp> is it possible to log ufw to its own file?
<jdstrand> mrp: the logs are generated by the kernel
<jdstrand> mrp: if you are using rsyslog, you can, but regular syslog, no
<mrp> can you push them to firewall.log or something
<mrp> yeah im running rsyslog :)
<jdstrand> 10.04 will ship an rsyslog file
<mrp> 9.10 has rsyslogd by default.
<mrp> well the jeos install on my vps did.
<jdstrand> I mean ufw in 10.04 will ship a fil
<jdstrand> e
<twb> jdstrand: why can't "traditional" syslog file kernel.<whatever level> to ufw.log?
<jongbergs> KurtKraut: i have thought of that also..but i think non-transparent gives your more control on whom can surf the web..
<mrp> jdstrand: is it hard to setup for now?
<jdstrand> twb: you can of course redirect them, but cause it's the kernel that is generating them, they have the 'kern' facility, so it is hard to get just the ufw bits out
<twb> jdstrand: how does rsyslog do it, then?
<twb> Does it do regexp matching or something?
<twb> (I've only played with rsyslog enough to make it do what normal syslog could.)
<jdstrand> ufw just uses whatever the priority of the kernel (ufw could use an extrememly low priority, and then you could do kern.debug, but it doesn't
<jdstrand> twb: regexp-- yeah
 * twb grumbles about "when all you have is a regexp..."
<mrp> jdstrand: know of something particularly floating around the net about this?
<jdstrand> mrp: this is probably what will end up in 10.04: http://paste.ubuntu.com/365704/
<jdstrand> mrp: drop in /etc/rsyslog.d/20-ufw.conf
<mrp> jdstrand: ooo champ :-)
<jdstrand> twb: rsyslog is pretty flexible-- it does all the standard syslog stuff, so you don't have to worry about regexp if you don't want to. but then it has a bunch of other neat stuff. tbh, I only know enough about it to generate the above file :)
<jdstrand> twb: it is worth checking out though
<mrp> what is the 20 infront of the file name?
<jdstrand> mrp: rsyslog process files in /etc/rsyslog.d in order-- the 20 makes sure it is in the right spot
<twb> jdstrand: obviously I'll be using rsyslog when I migrate to 10.04 and Debian 6
<mrp> jdstrand: sweet thanks
<mrp> <3 ufw frontend
<jdstrand> mrp: glad you like it :)
<mrp> the limit action is like failban eh?
<mrp> fail2ban sorry
<jdstrand> mrp: sorta
<mrp> it will do for ssh on my VPS
<jdstrand> iirc, fail2ban can do more, but the basic idea is the same: limit brute-force attacks
<mrp> jdstrand: yeah it can do more with other apps but i just need sshd bruteforce protection cheers
<garymc> Hi anyone help me get my dovecot and postfix working?
<Jeniczek> hi there
<Jeniczek> anybody skilled around?
<bogeyd6> yes
<Jeniczek> I am lookin for a guy, that know a lot about ubuntuserver optimizing. I need to optimize the box - or at least take a look into it. The problem is, that when I have more than 2k connections, the server applications diff time measurement are becomin high. Am offering a money for it ofcourse..
<bogeyd6> support here is free
<Jeniczek> Am guessing, that it is gonna be somethin bad with network subsystem.. but am not sure
<Jeniczek> yeah
<Jeniczek> here...
<bogeyd6> 2k http connections?
<Jeniczek> But I think that I will have to pay somebody who will get access to my screenusing TeamViewer and work with me givim commands to type in
<Jeniczek> no
<Jeniczek> TCP conenctions
<Jeniczek> on different port
<bogeyd6> please be much more specific about what the server is doing
<Jeniczek> its a game server with realy high population
<bogeyd6> erp
<bogeyd6> by difftime do you mean lag time?
<Jeniczek> yeah
<Jeniczek> but not lag as latency but diff as delay
<Jeniczek> the time how much the application recalulates all functions
<Jeniczek> so the more diff time is, the more time the game needs to recalculate and the less its playable
<bogeyd6> if you run a free command are you using swap space?
<Jeniczek> for example you type some chat, and with diff 500 you have to wat 0.5sec unitl other saw it
<Jeniczek> Swap: 2570360 0 2570360
<Jeniczek> the rig got 2x 5430 latest Xeons and 24gig ram
<Jeniczek> 2x 15k SAS HDDs
<Jeniczek> the CPU load is less than 5
<Jeniczek> so it must be somethin in the OS
<Jeniczek> the appliaction has been profiled as well... so its not the app either
<bogeyd6> kk
<Jeniczek> I thin it must be somethin with networkin
<Jeniczek> anyway today I treid to pgrade the kernel
<bogeyd6> you using verizon fios?
<Jeniczek> the OS runnin in there is ubuntu server x64 8.10
<Jeniczek> 2.6.27-16-server #1 SMP Tue Dec 1 20:06:14 UTC 2009 x86_64 GNU/Linux
<bogeyd6> oh.....
<bogeyd6> why not 8.0.4.3 LTS?
<Jeniczek> verizon?
<Jeniczek> its an Fujitsu Siemens RX300S4 server
<bogeyd6> can you pastebin mii-tool -v
<Jeniczek> sure, mmt
<Jeniczek> http://www.pastebin.cz/f52114801ee2e0
<bogeyd6> Jeniczek, now do ethtool eth0
<Jeniczek> hmm seems i have to install this package
<bogeyd6> well check out the dependencies and make a choice
<Jeniczek> http://www.pastebin.cz/dd9fdc7ed630ed
<bogeyd6> well jeni everything seems fine, you are running full speed full duplex
<Jeniczek> well, so maybe some TCP settings are not fine...
<Jeniczek> I knwo that am runnin full duplex
<Jeniczek> but somethin is bad... the high diff starts with 2.1k connections
<Jeniczek> I have tuned MySQL as well, so theres really nothin left except the OS itself
<bogeyd6> Jeniczek, maybe changing the mtu to a small number would result in more packets but less fragmentation?
<Jeniczek> dunno
<Jeniczek> I think some IPv4 settings should be the importantones
<Jeniczek> but am not a nix networkin guy :(
<bogeyd6> Jeniczek, ok then go with an "ifconfig -v"
<Jeniczek> one think that I should mention, If i lost the connection to the box
<Jeniczek> than am fcked up a lot ;)
<bogeyd6> ifconfig -v only displays things
<Jeniczek> yeah, I just wanted to mention
<Jeniczek> i know ifconfig -v
<Jeniczek> http://www.pastebin.cz/0f63b2718b17f1
<bogeyd6> Jeniczek, http://www.ubuntu.com/support/services   << go there before you pay someone on IRC
<bogeyd6> everything is checking out, there are no problems with your networking
<Jeniczek> hm
<Jeniczek> I know there must be somethin wrong
<Jeniczek> but anyway thanks a lot for your time
<bogeyd6> Jeniczek, not settings wise. the last thing you could do is reconfigure the kernel and change some of your network settings in the kernel of the server. or go to a real time kernel https://wiki.ubuntu.com/RealTime
<bogeyd6> might could interuppt your remote access to the bawx
<Jeniczek> hmmm
<Jeniczek> the wiki for the REalTime is empty
<Jeniczek> what is that used for?
<bogeyd6> !rt
<ubottu> The RT kernel is the Ubuntu kernel with a realtime preemption patch applied. It is included in Ubuntu Studio by default. For more information please see: https://wiki.ubuntu.com/RealTime/
<bogeyd6> and Jeniczek a quick google came up with http://wiki.fragaholics.de/index.php/EN:Linux_Kernel_Optimization
<bogeyd6> they also suggest going to a real time kernel for a game server
<Jeniczek> hm
<Jeniczek> but am not that hardcore nixer to compile myself a kernel
<Jeniczek> I will try to google for a page, where is some command by command guide how to switch to RT
<bogeyd6> the package is linux-rt
<bogeyd6> linux-headers-rt
<bogeyd6> and you can go here for the part on installing that kernel
<bogeyd6> https://help.ubuntu.com/community/UbuntuStudioPreparation
<bogeyd6> that should give you a good run Jeniczek
<Jeniczek> ok
<Jeniczek> am goin to read it all
<Jeniczek> last question
<Jeniczek> if I want to backup actual kernel
<Jeniczek> and if anything goes wrong
<Jeniczek> do you know the commands for backin it up and restoring it?
<bogeyd6> the kernel will be there you will just need to change your boot loader to use the other kernel
<Jeniczek> okok, I will investigate more
<Jeniczek> thanks a lot
<bogeyd6> like uhm
<Jeniczek> Am not sure if RT is for WoW as well, because it seems that the guide is for CS server, but anyway, why not to give it a try
<bogeyd6> you edit menu.lst and change the default= option to change to the other kernel
<bogeyd6> so installing the kernel is no harm no foul if you dont like it. but trust me, you have to use the real time kernel for time sensitive options
<Jeniczek> wheres that menu.lst located:
<bogeyd6> it is in /boot/grub
<bogeyd6> first option is default
<Jeniczek> oh i see
<Jeniczek> title, uuid, kernel, initrd, quiet
<bogeyd6> when you install linux-rt you will get that in the menu.lst and it will be default, reboot, if it helps great, if not then change default = say like 1 and then reboot again
<Jeniczek> yeah, got it that
<Jeniczek> so you think that goin with that guide is a not good go?
<Jeniczek> http://wiki.fragaholics.de/index.php/EN:Linux_Kernel_Optimization
<Jeniczek> theres the whole process some way described
<Jeniczek> its not like doin apt-get install linuxt-rt
<twb> What, an MMO server needs RTOS?
<Jeniczek> I dunno, bogeyd6 says that
<Jeniczek> I have never heard about RT on MMO
<twb> 04:05 <Jeniczek> Am not sure if RT is for WoW as well, because it seems that the guide is for CS server, but anyway, why not to give it a try
<Jeniczek> so?
<Jeniczek> you think it will be even worse?
<Jeniczek> Am just desperate cause I know a guy who is on Debian, ane he hasnt optimized anything and he says hes got more then 3x times better results than me
<Jeniczek> but hes russians
<Jeniczek> russians are good nixers ;)
<twb> Jeniczek: "better results" at what?
<Jeniczek> at the diff
<Jeniczek> my diff with 2700 conections is around 600
<Jeniczek> he got 150
<twb> What is a "diff"?
<Jeniczek> so in my case the game is really no well playable, and with less than 200 its really perfect game
<Jeniczek> [17:34:02] <Jeniczek> the time how much the application recalulates all functions
<Jeniczek> [17:34:38] <Jeniczek> so the more diff time is, the more time the game needs to recalculate and the less its playable
<Jeniczek> [17:35:01] <bogeyd6> if you run a free command are you using swap space?
<Jeniczek> [17:35:02] <Jeniczek> for example you type some chat, and with diff 500 you have to wat 0.5sec unitl other saw it
<twb> That sounds more like latency.
<Jeniczek> no, the diff is not dependant on your network
<Jeniczek> even with dialup connection you can have diff 50
<Jeniczek> its the application measurement
<Jeniczek> not the network connection one
<Jeniczek> thats the latency - also called lags
<garymc> Hi guys
<garymc> ive installed postfix and dovecot. Now when i run the command 'telnet mail.mydomain.com 25' it says connected then says connection closed by foriegn host. Why is this?
<Jeniczek> like my develpoer said
<Jeniczek> diff is
<Jeniczek> slow update cycles
<twb> garymc: have you told those services to bind to non-loopback interfaces?
<garymc> twb im a noob
<garymc> Im trying to setup a mail server
<garymc> at work
<twb> garymc: I don't know about postfix or dovecot specifically, but it's common on Ubuntu for services to only accept local connections by default.
<twb> garymc: OK, have you gone through the relevant sections of the server admin guide?
<garymc> yes
<twb> garymc: are the daemons running?
<Jeniczek> so twb, you think that the RT is not a good go for MMO?
<guntbert> garymc: please don't setup a *public* mail server if you are not pretty sure what you are doing
<garymc> hmm ok
<twb> guntbert: that's a good point.
<garymc> i need one though
<twb> Jeniczek: running a kernel with RTOS extensions will not magically make normal applications faster.
<guntbert> garymc: the world is full of open mail relays because "they needed it" and that get you into deep troubles with your employer too
<guntbert> *that can get ...
<garymc> guntbert : it wont get me into trouble with my employeer as iam my employer
<garymc> anyone fancy doing it for me?
<twb> Even worse!  *Management* is setting up the mail server
<garymc> im self employed and trying to get stuff done
<guntbert> garymc: then it will get you into trouble with your ISP - please play with one in a secure environment first until you are comfortable with it
<garymc> i just need some help
<Jeniczek> twb hmmmm
<Jeniczek> twb and do you have any idea what could my OS have set wrong?
<garymc> well im playing with it now.
<garymc> so will anyone help me out?
<garymc> i just want to host my own emails
<garymc> for me and my partners
<garymc> on our server
<guntbert> garymc: you yourself said "im a noob" - mail servers are nothing for "noobs"
<garymc> We already host our own website
<garymc> well im noobish
<garymc> have been using ubuntu for about 6 months
<twb> Hosting your own mailserver is even more dangerous than hosting your own webserver.
<garymc> and just thought i would try and get this installed. Figured i need some help when trying to do this
<guntbert> garymc: a web server is an entirely different beast - it doesn't matter how much linux experience you have
<guntbert> garymc: I won't say anything more - just don't!!!
<garymc> ok so you recommend i just keep paying fasthosts money to host my email accounts even thought they are always down and tech is in the phillipeenes now
<garymc> ok how easy would it be for someone with experiance to set up?
<guntbert> garymc: no, get yourself a decent mail provider - or get yourself someone with the know how
<garymc> guntbert can you set them up?
<guntbert> garymc: yes, I did several times and it was *not fun*
<Jeniczek> twb strange is, that until I have less than cca 1800 connections, the diff is awesome nice, then until 2200 is average and then, it goes up to 800 at 2800 connections
<twb> Jeniczek: I think the best thing for you to do would be to go get a book on performance analysis.
<Jeniczek> ;)
<Jeniczek> Well, then I will keep searchin for a guy, who read such a book and will take a look whats wrong witht the fact, that hell be paid for it...
<garymc> ok so anyway why would my connection be closing when i telnet to the mail.mydomain.com 25?
<twb> I don't think this is the right place to be looking for contractors.
<Jeniczek> I got 3 employments and am doin this in me free time.. I really dont have free time to read such a book, even I would love to do that
<Jeniczek> I wasnt lookin for contarctor, I was just searchin for a guy, who will likely earn some bucks for a work that he likes...
<twb> garymc: 04:24 <twb> garymc: are the daemons running?
<twb> Jeniczek: doing a specific job for money is contract work.
<garymc> twb what daemons?
<twb> garymc: postfix and dovecot
<garymc> yes
<Jeniczek> WEll maybe I will give a try to the RT kernel. twb when i use new kernel, do I have to recompile all the stuff around?
<garymc> they restart fine
<twb> Jeniczek: you must recompile any third-party kernel modules, but the userspace doesn't change.
<Jeniczek> 3rd party modules? If I have not installed any, just the ones included with the installation, then am fine?
<Jeniczek> or the bundled ones are needed to be recompiled as wel?
<Jeniczek> anyway I have just bought VMware workstation few minutes ago and am goin to try it virtually
<garymc> twb : heres what i get when i run the telnet command. http://pastebin.ca/1772130
<garymc> im just trying to test To see if SMTP-AUTH and TLS work properly
<twb> garymc: are the daemons binding to the IP you're connecting to?
<garymc> how could i tell?
<twb> netstat lists active bindings
<twb> Incidentally, you should use nc (netcat) or socat, rather than telnet.
<garymc> just type netstat
<garymc> i cnat see anything to do with ip adress in netstat
<garymc> *cant
<twb> You probably want netstat --listening
<garymc> ok
<twb> I usually just do "sudo netstat -nap" because I'm too lazy to learn ss properly.
<garymc> heres my output http://pastebin.ca/1772142
<garymc> Ill give that one a try too
<twb> garymc: so you can see that processes are bound to *:imaps and *:smtp
<twb> That means they're listening on all interfaces, not just loopback.
<garymc> so that means?
<twb> Cf. the mysql binding, which is loopback-only.
<twb> So the next thing to check is the firewall.
<garymc> how do i check the firewall?
<twb> Well, the one that's in Ubuntu you'd check by running "iptables-save"
<twb> If it prints anything, you have a firewall, and it might be blocking your smtp connection test.
<garymc> ok i know the ports i need to open
<twb> Incidentally, we (this channel) discourage running a GUI on servers.
<garymc> http://pastebin.ca/1772150
<garymc> thats my iptables output
<garymc> Im running a LTSP server
<twb> You don't have a firewall.
<twb> garymc: ah, OK
<garymc> any other ideas?
<twb> Does "nc localhost smtp" work?
<garymc> something is happening
<twb> garymc: do you know how to speak SMTP?
<garymc> lol no
<garymc> you?
<twb> Type "HELO example.net"
<twb> You should get a 2xx response back.
<twb> If you get that far, it means the smtp service is at least listening to you, though it might not accept any mail you give it.
<twb> I guess you should also check /etc/hosts.{allow,deny}, but those are rarely used these days.
<garymc> yes it wokrs
<garymc> works
<garymc> Now it says on the ubuntu site if it gives that response i got that dovecot and postfix are configured fine
<twb> dovecot isn't involve in the smtp connection.
<garymc> actually sorry
<garymc> SMTP-AUTH and TLS
<garymc> so now how do i add a email address and connect to it with outlook express or something?
<twb> I'm going to bed.  Good luck.
<garymc> ok so apparently ive got dovecot and postfix installed correctly. What else do i need to do to get emails to work?
<garymc> ok good night
<garymc> anyone?
<garymc> Hey guys ive apparently installed dovecot and postfix correctly. Now what do i need to do to add an email account like gary@mydomain.com and do some test emailing?
<bogeyd6> Jeniczek, how is the RT kernel treating you?
<Jeniczek> am waitin till the VMware will download
<Jeniczek> got slow connection here :(
<Jeniczek> but accordin to what twb said, it wont help me
<Jeniczek> but why not to give it a try
<bogeyd6> Jeniczek, i was reading your earlier stuff about diff time
<Jeniczek> well I asked one of my developers to explain what diff time is in egnlish
<Jeniczek> he said
<Jeniczek> it is slow update cycles
<bogeyd6> you know, the regular kernel in ubuntu is going to have an inherent delay in processing, multiplied by 50000 and you get your delays youa re seeing
<Jeniczek> and the regular kernel in debian is not doin this?
<bogeyd6> The standard kernel has a disadvantage in that it has a higher latency (~ 11 ms) compared to other kernels. The shorter the delay, the more you can do at once with a system (e.g. update cycles)
<Jeniczek> si why is the RT not turned on as default?
<bogeyd6> because not all things need RT
<jmarsden> bogeyd6: No, the more quickly you can switch between processes.  WHich is not the same thing as "doing more" if your app does all of its work in one process, or if the real bottleneck is disk i/o, etc etc...!
<bogeyd6> things needing rt include video, audio, and etc...
<Jeniczek> and what is the disadvantage of RT?
<bogeyd6> game servers, they need RT
<Jeniczek> there bust be any
<jmarsden> The "latency" you are talkingh about is process switching latency, there are many other kinds...
<bogeyd6> jmarsden, please excuse yourself from entering the middle of a conversation
<jmarsden> Indeed.  I did read the scrollback, though.
<bogeyd6> jmarsden, how many processes you think a game server with 2000 people on it need?
<jmarsden> Welcome to IRC :)
<jmarsden> It depends how the app is structured :)
<Jeniczek> not many
<bogeyd6> whatever, stay on the RT topic or go privmsg
<bogeyd6> *insert blah blah blah*
<jmarsden> This is #ubuntu server.  If someone is asking for performance profiling help and all you look at one small aspect of that, you may not realy be helping them out.  RT and process switching latencey is one small aspect of overall performance.
<Jeniczek> well jmarsden is right, that it depends on the structure of app
<jmarsden> bogeyd6: You have no right or reason to try and restrict discussion in this channel to RT.
<Jeniczek> and trinitycore, which is the application name, doesnt need so many process to be dependant of
<Jeniczek> the main communication layer is ACE
<Jeniczek> but am not an developer, but as guys told me, the problem is in OS
<bogeyd6> awesome :) good luck Jeniczek, sounds like you and jmarsden gonna get that thing solved :)
<Jeniczek> we have also profiled the whole core
<Jeniczek> well, I dunno, maybe jmarsden will got some idea
<Jeniczek> anyway I will try the RT kernel as you adviced me
<jmarsden> Jeniczek: So are you seeing high user CPU use, hit interrupt rates, too much I/O waiting... what is the bottleneck?
<Jeniczek> jmarsden well thats the point... we dont see any bottleneck
<Jeniczek> as we got two most modern Intel Xeon 4core processors
<Jeniczek> and the load is nearly at 5 in the peak, with no thread goin for 100% usage
<Jeniczek> the disk I/O is also pretty fair, just mysqld / which does make sense/ but nothin big
<Jeniczek> the SQL DB itself is larger then 3GB atm, but its tuned also perfectly by a DB pro
<Jeniczek> So all of us are tryin to say that it must be somethin with networkin, but i dunno
<Jeniczek> like some TCP/IP or some stuff like this
<Jeniczek> As I said before. One of the ressuin guyz I have spoked 3days ago, is runnin such a server, on pure Debain, with no modifications, and hes got 5times less diff then us with more ppl
<Jeniczek> * russain
<Jeniczek> russian ;)
<Jeniczek> geez, that laptop keyboard
<jmarsden> There used to be some issues with very large numbers of connections in Linux and the "thundering herd" problem, but I thought that was all fixed up a few years back... and the Debian and Ubuntu stock kernel's shouldn;t *that* different.
<Jeniczek> So accordin to oprofilation, the neck is not in the sources
<Jeniczek> I dunno if am victim ot that problem
<jmarsden> I somewhat doubt it, it's a stretch... but here's a paper describing it if you want to do a bit more research.
<jmarsden> http://www.citi.umich.edu/projects/linux-scalability/reports/accept.html
<jmarsden> But as you can see, that paper is 10 years old... the issue was supposed to have been fixed by now :)
<bogeyd6> thats for the 2.2 kernel
<Jeniczek> well this seems realy old
<jmarsden> I have been a Linux system and network admin longer than that... so I must be *REALLY* old then :)
<Jeniczek> ;)
<bogeyd6> that actually explains alot
<Jeniczek> Well, if you are that pro with nix, maybe you can give me some nasty command to explain whats goin on in there ;)
<Jeniczek> we have really really powerful rig, and we cant get the power from it ecause of some bottleneck we dont know
<jmarsden> I doubt there is one command that will magically reveal all; if you had a simple issue you'd already have discovered the issue.
<Jeniczek> ok, so more than one ;)
<Jeniczek> or do you think, that changing actual OS ( 8.10ubuntu x64server) for 5.00 Debian as the russian is using will solve the issue?
<jmarsden> You've done all the usual things with sar and vmstat and iostat already, looking at the basics, right?
<Jeniczek> is the difference between those OSes so big?
<Jeniczek> no I did not
<Jeniczek> we did everything except the OS itself
<Jeniczek> we tuned MySQL
<Jeniczek> we tuned the source of application
<jmarsden> Jeniczek: It isn't normally that big, unless some "small" difference in the kernels happens to make a big difference on your particular machine for some reason.
<Jeniczek> but it seems its not the problematic part
<lavin> i can see the wireless device in the pop down menu for netmanager but theres no ap's being detected is the driver installed if the name of device is there and how can i fix this
<Jeniczek> Because none of us is really Linux expert, so we dont know what to look for
<jmarsden> If you are comfortable with the usual tools for looking at Linux/unix system performance (sar, vmstat, etc) then try using them to get an overview of the issue.
<Jeniczek> so jmarsden, whats sar, vmstat and iostat?
<Jeniczek> hm
<Jeniczek> sar
<Jeniczek> Cannot open /var/log/sysstat/sa30: No such file or directory
<Jeniczek> :P
<jmarsden> They are tools that give you a "look" into what the machine is doing in different ways.  Try   vmstat 5 20 and pastebin the resulting output.
<Jeniczek> here you ahve iostat
<Jeniczek> and now its the peak
<Jeniczek> 2650connections
<Jeniczek> we have set the limit of the app to 2650 because it already ,,laggs,, a lot
<Jeniczek> http://www.pastebin.cz/21c51904ae80a6
<Jeniczek> ok waitin for vmstat till it ends
<jmarsden> Will take 100 seconds (5 times 20) :)
<Jeniczek> oh, ok ;)
<Jeniczek> did that iostat tell you somethin usefull?
<Jeniczek> we got 15k RPM SAS HDDs and 24Gigs of FB DDR2 ECC mem
<Jeniczek> to be precise 2HDDs in Mirror
<jmarsden> Then do iostat 5 20 and pastebin that, too.  You need a bit bigger sample than what you gave me.  It doesn't look from what you did that io is terrible...
<Jeniczek> here you go
<Jeniczek> http://www.pastebin.cz/1abd23ba72181e
<jmarsden> at first glance, interrupt load and context switches are pretty high.
<jmarsden> How many NICs are involved in handling the network connections?
<Jeniczek> here goes the iostat
<Jeniczek> http://www.pastebin.cz/2e3109adab7daa
<Jeniczek> one nic
<Jeniczek> 100mbit full duplex
<Jeniczek> I have the server in server housing company having one Cat5e cable with 100/100 connectivity
<jmarsden> Gut feeling, it might be worth playing with cpu affinity to see if it helps... basically ensuring the interrupts from the NIC are all handled by one CPU... I'd need to google and read man pages to tell you exactly how to go about doing that, but I know the principle...
<Jeniczek> Physically the server has 2NICs and one iRMPC NIC ( or somethin like that, which should be for some managament use, but havent tried to use it yet as am not using supported os)
<Jeniczek> huh
<Jeniczek> that sounds interestin
<Jeniczek> Well i can tell you, that we tried to do renice on the group of process that belongs to the application, and the diff was still the same
<Jeniczek> but we tried to renice just the process and its threads.. nothin more
<Jeniczek> It was just a try ;)
<jmarsden> I'm an old timer, so the CPU/NIC affinity stuff may already be done well "automatically", but at one time that sometimes slowed things down under large network loads.  Right, my guess is that it's not the application processes CPU use that seems to be the issue.
<jmarsden> As you can probably tell, I've not had to mess with "big" servers under serious load for a while, so I'm out of date on this stuff!
<Jeniczek> Well the thing is, that If I/we/anybody wont find the problem, then am goin more than 200kilometres to that server farm and I will have to reinstall whole OS and try to put there a Debian 5.00 if it helps...
<Jeniczek> jmarsden well this kiddo is under big load of 15years kids ;)
<jmarsden> :)
<Jeniczek> 2650connected online and more than 400waitin in a queue
<jmarsden> For a server on this size, your data center should give you remote console access so you can reinstall and reboot remotely, surely!
<jmarsden> If you have to drive 200km to do that they are not giving you the kind of service you need.
<Jeniczek> Hm, but this fact involves me a thought, that it is not a network related problem, Because event theres a 2650 connected , those 400 in queue count as well. They are just not online, but the connection to the server is estabilished anyway
<Jeniczek> jmarsden you mean KVM?
<jmarsden> Jeniczek: Or some other solution, like a serial console.
<Jeniczek> Well, goin there and reinstall the OS is not that big if it will solve my problem...
<Jeniczek> I havent been there almost whole year...
<Jeniczek> ;)
<jmarsden> But there is no guarantee that it will solve the issue, because at this point the issue is not understood.
<Jeniczek> yeah
<jmarsden> Would they set you up a temporary second server to do a test install on??  So you can keep the current one running and keep all those kids happy, while you test to see if similar hardware running Debian is any better?
<Jeniczek> well thats not possible, the hardware is mine.. they just do host
<jmarsden> Ah, you're colocating.  OK.
<Jeniczek> all they do provide is a rack space, air conditionined and dust free evnironment and wan connectivity
<Jeniczek> thats all
<Jeniczek> Yeah, sorry for my english, am not a native one :(
<jmarsden> OK.  Ideally, you want someone "a bit like me, but more up to date" to check out the server and make recommendations to you...
<jmarsden> Does the colo provider have serious linux experts you can hire by the hour for that kind of thing?
<Jeniczek> Well the rpoblem is, that we never thought that we willl grow the community that big.. and now... its more than we can handle with our knowledge
<Jeniczek> no, I dont think so
<Jeniczek> but am not sure
<jmarsden> It would be worth asking them, at least.
<Jeniczek> Yeah, anyway , have you got any idea what should be the bottleneck?
<Jeniczek> Anyway am ready to set up for Debain mission... :P
<Jeniczek> and I feel that it will end it up that way
<jmarsden> You can try it.  It's a lot of downtime for a guess, though.  I'd try the cpu affinity idea first since you should be able to tweak that (maybe with taskset) on the currently running server.
<jmarsden> And maybe downtime isn't as much of a deal in the world of 15-year-olds as it would be in business, anyway :)
<Jeniczek> yeah
<Jeniczek> but anyeay they got holidays on monday
<Jeniczek> so a lot of them will be breathing on my back ;)
<bogeyd6> you can rt kernel in like 15 minutes and back to the old kernel
<Jeniczek> jmarsden have you found out how to try to tune that cpu affinity?
<Jeniczek> bogeyd6 installin vmware right now
<bogeyd6> 15 mins is worth trying vs reinstall
<jmarsden> Jeniczek: Well, the basic utility is taskset.  man taskset for info on that,
<Jeniczek> anyway, I have found, that I can do apt-get install linux-rt
<Jeniczek> but it seems that it will isntall some old rt kernel
<bogeyd6> with 8.10 they will all be old
<Jeniczek> well I can download a newer one one the page the wiki is refering to
<Jeniczek> Jeniczek: It isn't normally that big, unless some "small" difference in the kernels happens to make a big difference on your particular machine for some reason.
<Jeniczek> http://kernel.org/pub/linux/kernel/v2.6/
<Jeniczek> sorry pad paste
<Jeniczek> I was just pastin what jmarsden thought about the switch do Debian to my guys ;)
<Jeniczek> and heres a list of kernel patches for 2.6 kernels
<Jeniczek> http://kernel.org/pub/linux/kernel/projects/rt/
<Jeniczek> so I dont think that this depends on the age of the distro
<bogeyd6> you should get 2.6.27.3.4
<bogeyd6> 2.6.27-7 is the most up2date i think
<Jeniczek> hmm, why this one? I can see 2.6.31.12-rt20 here
<Jeniczek> http://kernel.org/pub/linux/kernel/projects/rt/patch-2.6.31.12-rt20.gz
<Jeniczek> heres a patch
<Jeniczek> http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.31.12.tar.gz
<Jeniczek> heres the kernel
<bogeyd6> going off the reservation a little bit
<bogeyd6> turning a 15 minute project into so much more
<Jeniczek> whattya mean?
<Jeniczek> so you think that I should just give a try to apt-get install linux-rt ?
<Jeniczek> not to do stuff like compilin own rt kernel?
<bogeyd6> correct
<bogeyd6> give it a shot, you get an improvement, you compile your own
<Jeniczek> bcuz this guide gives some optimization options before compilation as well
<Jeniczek> http://wiki.fragaholics.de/index.php/EN:Linux_Kernel_Optimization
<Jeniczek> hmm
<Jeniczek> well, thats also an option
<bogeyd6> trying to minimize your down time
<jmarsden> trying the sudo apt-get install linux-rt    sounds reasonable to me at this point.
<bogeyd6> jmarsden, but you had so many other ideas!!!
<bogeyd6> <coolface>
<jmarsden> which are also worth a try...
<Jeniczek> hmmmm
<bogeyd6> i know, some people have to check everything and other people connect the dots quicker
<Jeniczek> ok, why not to give that a try
<Jeniczek> does the server needs to be rebooted for that?
<Jeniczek> I guess it does
<bogeyd6> i wonder what happens to ubuntu when they finally make it to Z
<patdk-wk> heh? I thought they already did
<Jeniczek> btw dont you know, if ACE ( http://www.cs.wustl.edu/~schmidt/ACE.html ) needs to be fully recompiled after the kernel switch?
<bogeyd6> does it include kernel modules like vmware?
<Jeniczek> I really dont know
<bogeyd6> generally you dont need to recompile for the linux-rt
<Jeniczek> mmkay
<Jeniczek> but the server reboot is requested for kernel change, right? ;)
<bogeyd6> http://rt.wiki.kernel.org/index.php/Frequently_Asked_Questions#Do_I_need_to_recompile_my_applications_to_get_realtime_performance.3F
<bogeyd6> Jeniczek, yes
<Jeniczek> maybe stupid question.. but its 21st century.. so everythin is possible
<Jeniczek> okok
<garymc> yep im totally lost with this email server stuff, maybe time to jack it in
<bogeyd6> garymc, you using zimbra?
<garymc> bogey no, just installed and configured dovecot and postfix. Just cant seem to get my head around it
<garymc> bogeyd6 :^
<bogeyd6> oh yeah it can be puzzling
<garymc> like i want to make accounts so when im at home and stuff my outlook express can send and recieve emails through my server
<garymc> once ive installed dovecot and postfix how do i go about sending an email?
<bogeyd6> you are in luck
<bogeyd6> !mailserver
<ubottu> Ubuntu supports the Simple Mail Transfer Protocol (SMTP) and provides mail server software of many kinds. You can install a basic email handling configuration with the "Mail server" task during installation, or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/9.04/serverguide/C/email-services.html
<garymc> iam?
<bogeyd6> https://help.ubuntu.com/community/MailServer
<bogeyd6> someone did all the work for you and put it into a handy guide :)
<garymc> bogeyd6 : Ive been following this guide and done the postfix one and dovecot one. I dotn really want webmail just yet. I want to use Outlook to send and recieve emails
<bogeyd6> kk
<garymc> it doesnt tell me how to do that
<bogeyd6> so you need to know how to setup outlook express?
<garymc> well just outlook
<garymc> i know how i normally do it when i use a hosted service
<bogeyd6> go to tools, accounts, make a new account
<Jeniczek> oh
<Jeniczek> got DCed
<Jeniczek> vmware installation in progress ;)
<ruben23> hi
<garymc> yeah i know that, but how do I create a new email like john@mydomain.com and gary@mydomain.com etc etc
<bogeyd6> you mean make a dovecot user?
<garymc> yes
<bogeyd6> users get dovecot access
<jmarsden> just create unix user accounts john and gary
<garymc> right?
<jmarsden> yes.
<bogeyd6> ala sudo adduser blah blah blah
<bogeyd6> !adduser
<ubottu> To add new users to your Ubuntu system, follow the instructions at https://help.ubuntu.com/community/AddUsersHowto - For administrative privileges, users need to be made members of the group "admin" - See !sudo
<garymc> ok well im already there gary
<bogeyd6> mbox or maildir?
<garymc> so how do i connect to my server with outlook.
<garymc> maildir
<bogeyd6> create a new account with he information but choose the manual option, dont let it do it automatically
<bogeyd6> (checkbox at bottom of wizard allows manual)
<garymc> yep
<bogeyd6> otherwise outlook like to try to figure out everything but typically fails unless it is an exchange server
<garymc> yeah. Ive put settings in and its not working
<bogeyd6> uncomment the listen line in /etc/dovecot/dovecot.conf
<garymc> the listen line is uncommented
<bogeyd6> restart the dovecot server
<bogeyd6> sudo /etc/init.d/dovecot restart
<garymc> done all that
<bogeyd6> if outlook still wont connect then you need to login ssh style into the server and issue a command such as "telnet localhost 143"
<garymc> you talking about the 'socket listen' part of dovecot.conf
<garymc> ?
<bogeyd6> it should be #listen = *  and you change it to listen = *
<garymc> ive just done telnet localhost 143 . it says * Dovecot ready
<garymc> ok still not working
<bogeyd6> hmm
<bogeyd6> you at the same place the server is?
<garymc> no im ssh ing to it
<bogeyd6> sudo ufw status
<bogeyd6> so wait, there is a very good chance there is a firewall between you and the server?
<garymc> staus inactive
<garymc> have i got to open port 25 to the server?
<garymc> in the firewall router?
<bogeyd6> 25 for smtp, and then 143, 993, 110, 995
<garymc> i got to open them in the router?
<bogeyd6> 143 = imap, 993 = imaps, 110 = pop3, 995 = pop3s
<bogeyd6> yes
<bogeyd6> and then your ISP has to allow you to be able to send email, such as roadrunner blocks them
<bogeyd6> Some ISP's do not allow their users to use a third party mail server to send outgoing mail
<jmarsden> You can set postfix to listen on port 587 for mail submissions to work around that, if necessary
<garymc> yeah i could do that
<garymc> instead of port 25
<Jeniczek> 0:20:09] <jmarsden> trying the sudo apt-get install linux-rt sounds reasonable to me at this point.
<Jeniczek> guyz i have just turned the server app off
<Jeniczek> so keep fingers crossed
<Jeniczek> apt-get install linux-rt is goin to be real ;)
<jmarsden> Jeniczek: Or keep fingers in ears, so you don't hear all those 15-year-olds screaming at you :)
<Jeniczek> well
<Jeniczek> Dont imagine the chat after the server restart has been initiated
<Jeniczek> jmarsden if the apt-get install linux-rt wont be succesful
<Jeniczek> apt-get uninstall linux-rt
<Jeniczek> is the solution how to get back to original state?
<Jeniczek> btw
<Jeniczek> bogeyd6
<Jeniczek> The following extra packages will be installed:
<Jeniczek> linux-image-2.6.27-3-rt linux-image-rt linux-restricted-modules-2.6.27-3-rt linux-restricted-modules-rt
<Jeniczek> its goin to install this stuff
<bogeyd6> yah thats normal
<Jeniczek> hm
<Jeniczek> it updated the menu.lst
<Jeniczek> but theres
<Jeniczek> default 0
<jmarsden> Re the uninstall, it may be unnecessary.  installing linux-rt should install the rt kernel in parallel with the original linux-image-server one, so you should just be able to boot into either kernel from the grub screen, if you have a way to access that screen (see my point re remote console access earlier!).  If not you can switch which kernel grub will use by default in /boot/grub/menu.lst
<Jeniczek> btw why it is called just
<Jeniczek> Ubuntu 8.10, kernel 2.6.27-3-rt
<Jeniczek> and no server string in it?
<jmarsden> Probably it is not a server-specific kernel.
<jmarsden> RT stuff is useful for (for example) low latency audio recording... which is often done on desktop machines as much as server machines...
<Jeniczek> hmm
<Jeniczek> well the things in menu list
<Jeniczek> default 0
<Jeniczek> the first entry in the end is 0?
<Jeniczek> i mean the first kernel
<jmarsden> The first entry (nearest the top of the file) is 0.
<Jeniczek> so i should edit it to 8 then
<Jeniczek> ok
<Jeniczek> well I hope it will boot
<Jeniczek> if not
<Jeniczek> then am fucked up a lot
<Jeniczek> reboot in progress
<jmarsden> That's why you need the colo provider to give you some form of remote console access and remote reboot capability!
<jmarsden> A 200km drive to edit an 8 into a 0 and reboot a machine seems a little awkward :)
<bogeyd6> i dont know of a colo that doesnt give remote kvm access
<garymc> bogeyd6 ok i opened the ports and now outlook is asking for username passwaord
<garymc> is my username gary or gary@mydomain.com
<jmarsden> garymc: well, you know what those are :)
<bogeyd6> the username is just "gary" and the password is the password you use to login
<garymc> yeah its not having it? :S
<Jeniczek> hmm
<Jeniczek> server still not up...
<garymc> emails arnt
<Jeniczek> ok server up xD
<Jeniczek> ufff
<garymc> when i do telnet mail.mydomain.com 25 it closes str8 away saying closed by foriegn host
<Jeniczek> uname -a
<Jeniczek> Linux twinstar 2.6.27-3-rt #1 PREEMPT RT Mon Oct 27 03:02:33 UTC 2008 x86_64 GNU/Linux
<Jeniczek> sounds good
<Jeniczek> but 2y old xD
<jmarsden> OK... start the game server and see how things go :)
<bogeyd6> Jeniczek, 8.10 was released 2 yrs ago
<Jeniczek> well am still thinkin if ACE needs to be reconfigured and recompiled
<Jeniczek> maybe at this stage it doesnt use the power of RT
<garymc> so any ideas how i can get my mail server working?
<garymc> or do some tests?
<jmarsden> Jeniczek: Very unlikely IMO, unless it has kernel modules it loads.
<jmarsden> garymc: nc to port 143 and play with IMAP login there, and then check your server logs for relevant log entries.
<bogeyd6> garymc, it didnt like your u/p?
<garymc> u/p ?
<jmarsden> username/password
<garymc> nope
<garymc> it didnt
<jmarsden> nc to server port 143, then type IMAP commands at it... such as   * login gary YOURPASSWORD
<jmarsden> and see what it does... troubleshoot.
<jmarsden> Make that   . login gary YOURPASSWORD
<jmarsden> * is an invalid IMAP tag.
<garymc> sorry to sound stupid but what is "nc to server" ?
<garymc> hey here is something
<garymc> if i type "telnet mail.mydomain.com 25" I get connection closed by foriegn host.
<garymc> If I do "telnet mail.mydomain.com 143"
<garymc> I get dovecot ready
<jmarsden> It's better to use nc than telnet, but whatever.  So now test it with imap commands, as I already said.
<Jeniczek> GUYZ
<Jeniczek> what the fuck
<jpds> !ohmy | Jeniczek
<ubottu> Jeniczek: Please remember that all Ubuntu IRC channels share the same attitude of providing friendly and polite interaction with all users of all ages and cultures. Basically, this means no foul language and no abuse towards others.
<Jeniczek> it doesnt support multiple Cores?
<Jeniczek> why do I see my CPUs as one?
<Jeniczek> is that normal?
<Jeniczek> jmarsden bogeyd6 ?
<jmarsden> Jeniczek: cat /proc/cpuinfo    # how many do you see?
<Jeniczek> one
<bogeyd6> oh lol!!!!!!
<bogeyd6> 8.10 probably isnt SMP
<jmarsden> I think this experiment needs to end :)
<bogeyd6> The real-time kernel variant included in Ubuntu 8.10 does not include SMP support. Users of UbuntuStudio 8.04 who need real-time kernel support for dual-core, dual-processor, or more complex SMP configurations are advised not to upgrade to UbuntuStudio 8.10 at this time.
<bogeyd6> out of curiosity Jeniczek , did it fix the issue?
<Jeniczek> you think I will run it with one CPU?
<Jeniczek> oh man
<Jeniczek> it doesnt even recognieze its multicore
<jmarsden> Trading possibly better scheduling latency for 3 CPU cores (or 7 CPu cores, if you have a dual socket server) seems like a poor tradeoff in most circumstances.  But you could test it and see :)
<MrZhi> wordpress has now become my white whale
<garymc> jmarsden I get an error BAD when i try to login with my name and password
<bogeyd6> garymc, you sure you using right username and password?
<garymc> yes
<Jeniczek> no
<Jeniczek> it is unusable
<jmarsden> garymc: Sounds like dovecot is not set up corectly or saslauthd is not running or something along those lines.  Time to check your log files.
<garymc> saslauth
<garymc> hmm ok
<garymc> ill take another look
<bogeyd6> Jeniczek, just change your default to the next kernel and reboot
<jmarsden> Jeniczek: OK, then switch back to the default kernel.
<Jeniczek> yeah
<Jeniczek> did
<Jeniczek> its actually rebooting
<Jeniczek> and I g2g
<Jeniczek> a friend of mine will compelte this
<Jeniczek> my gf will kill me anyway
<garymc> where would my password directory be for saslauth as the location im told to add doesnt exist
<Jeniczek> thanks a lot for your support huys
<Jeniczek> on mondey debian will show us the truth
<bogeyd6> kk
<garymc> PWDIR="/var/spool/postfix/var/run/saslauthd"
<jmarsden> Jeniczek|afk: You're welcome.
<garymc> that location doesnt exist
<bogeyd6> garymc, you said you followed the setup
<garymc> yes i did. And that doesnt exist
<garymc> that folder
<jmarsden> That's the default??
<garymc> oh yes ubuntu wouldnt add this program libsasl2-2
<bogeyd6> https://help.ubuntu.com/community/Dovecot#Authentication
<jmarsden> garymc: Which version of Ubuntu Server (and so which version of the server guide) are you following?
<garymc> when i done sudo apt-get install libsasl2-2 it didnt install anything
<garymc> im using karmic koala
<jmarsden> Then all you needed to do was sudo apt-get install dovecot-postfix
<garymc> https://help.ubuntu.com/community/Postfix#Configuration
<garymc> Yeah I did that
<garymc> but the guide above tells about saslauthd stuff
<garymc> so was just looking at that now
<jmarsden> You apparently made a bunch of other changes too, which I suspect broke something.  Just simply doing   sudo apt-get install dovecot-postfix   # and answering the questions, is sufficient to get a working basic email server on karmic.
<MrZhi> fyi, the wordpress package is not for noobs to wordpress
<garymc> ok well i done that. Im now guessing that A.) im using LTSP ubuntu
<garymc> i installed the Jaunty Edition last year. and upgraded to Karmic 2 days ago in the LTSP GUI
<garymc> so im guessing that done something or never done something and now im having problems
<jmarsden> Guessing what version you are running???  You don't *know* ?  What does    lsb_release -d    output?
<garymc> Ubuntu 9.10
<jmarsden> OK.  Now try     dpkg-query -W dovecot-postfix    and tell me what that outputs
<garymc> dovecot-postfix
<jmarsden> There should be a version number too ... ?
<garymc> no there isnt
<garymc> :S
<garymc> if i do sudo apt-get install dovecot-postfix again what would that do?
<jmarsden> Then you probably didn't install that package.  I'd suggest you purge dovecot and postfix and then install it.  So    sudo apt-get purge dovecot postfix dovecot-postfix && sudo apt-get install dovecot-postfix
<garymc> dpkg-query -W dovecot-postfix (output) dovecot-postfix . Nothing else :S
<garymc> ok im going through it nopw
<garymc> *now
<garymc> it is saying what would i like to do with dovecot-postfix.conf
<garymc> replace, keep
<jmarsden> replace.  Start over.
<garymc> ok
<garymc> its just sitting there now
<garymc> :S
<jmarsden> Sitting where?  back to a shell prompt?
<garymc> at a shell prompt but i cant do anyting there now?
<garymc> ok its done
<garymc> but now i get fail
<jmarsden> Pastebin the output so we can see it "fail" is too vague :)
<garymc> http://pastebin.ca/1772348
<garymc> ^ fail
<uvirtbot> garymc: Error: "fail" is not a valid command.
<garymc> Fails output ^
<garymc> address already in use
<jmarsden> You seem to have something else listening on port 2000.  Do you know what that is?
<garymc> nope
<garymc> i dont know why its there
<garymc> and i dont know how to change dovecot-postfix to listen on a differnt port
<jmarsden> sudo netstat -ntlp | grep 2000    # and see what is there.
<garymc> http://pastebin.ca/1772354
<garymc> tcp or something dont know what it is?
<jmarsden> inetd!  How did that get to be listening on port 2000?
<garymc> ???
<jmarsden> pastebin the contents of /etc/inetd.conf
<garymc> What is inetd
<jmarsden> A "superserver" daemon that starts up some other services under it as needed.
<garymc> im running this server as an ltsp one
<garymc> that anything to do with it?
<jmarsden> Maybe ltsp uses port 2000 for something else... pastebin me the /etc/inetd.conf so I can find out :)
<garymc> http://pastebin.ca/1772356
<garymc> I see port 2000 there at the bottom
<jmarsden> Yes.  So that's your problem.  Two apps trying to use the same port.
<garymc> so how do i change the dovecot-postfix to use a free port?
<garymc> ??
<jmarsden> I've not had to do that, but it's likely to be an edit to /etc/dovecot/dovecot-postfix.conf
<garymc> yeah i looked in there and cant see a mention of port 2000 at all
<jmarsden> Ah, port 2000 is sieve.  I wonder why LTSP reused that port...
<garymc> that i dont know
<jmarsden> As an experiment (this may not be a final answer) edit the line starting with protocols =  by removing the word managesieve from it.  Then restart dovecot.
<garymc> is that in dovecot.conf?
<jmarsden> In /etc/dovecot/dovecot-postfix.conf
<garymc> ok done that
<garymc> restarted it and says ok
<jmarsden> OK.  Now telnet (or nc) to port 143 and test again.
<garymc> doesnt let me connect now lol
<jmarsden> even from the server shell?  does telnet localhost 143    connect ?
<garymc> connection refused
<garymc> ill try nc
<jmarsden> Strange.  What does    sudo /etc/init.d/dovecot status     output?
<garymc> could not acces PID file for dovecot
<jmarsden> You forgot the sudo ?
<garymc> nope
<garymc> * could not access PID file for dovecot
<ruben23> hi guys any support oh Hig definition audio..? coz lately im facing problem using ubuntu desktop latest version on using softphones for voip calls, voice quality is not good at all.
<jmarsden> Either there is junk from your earlier config still around somehow, or that makes no sense to me...  what does   ps axwu | grep dovecot    output (hopefully several lines, in which case pastebin it)?
<jmarsden> ruben23: For desktop issues ask in #ubuntu, this is #ubuntu-server :)
<ruben23> ow sorry
<ruben23> i will now
<garymc> jmarsden ok it seems to be working now
<jmarsden> OK... :)
<garymc> i can telnet " telnet mail.mydomain.com 25
<garymc> so how would i test if my email can connect?
<jmarsden> But that's not dovecot, that's postfix...
<garymc> how do i test dovecot then?
<garymc> port 143
<garymc> ?
<jmarsden> Yes,
<garymc> ok says dovecot ready
<garymc> what now
<garymc> .login thingy
<jmarsden> We went through this earlier... yes.
<uvirtbot> New bug: #514883 in kvm (main) "dialog-based applications seem sluggish" [Undecided,New] https://launchpad.net/bugs/514883
<garymc> .login BAD Error in IMAP command received by server.
<garymc> thats my output
<jmarsden> What command did you type (don't tell me your password if you included it) ?
<garymc> ok
<garymc> .login gary password
<jmarsden> You are missing a space between the . and the login
<jmarsden> <jmarsden> Make that   . login gary YOURPASSWORD
<jmarsden> That's what I said earlier...
<garymc> sorry ok i give it ago now
<garymc> :) logged in
<garymc> :)
<jmarsden> OK.  So now test by sending yourself a short email.     date |mail -s test gary@yourdomain.com
<jmarsden> Oh, first do . logout
<garymc> i do that command out of telent?
<garymc> or in telnet?
<jmarsden> . logout     # to exit the telnet session.
<jmarsden>  date |mail -s test gary@yourdomain.com   # at the shell prompt
<garymc> damn how do i quit telnet
<jmarsden> . logout
<garymc> ah ha
<jmarsden> logs out of IMAP and so closes the session.
<garymc> the program "Mail" can not be found
<jmarsden> Should be "mail" not "Mail" but anyway...    sudo apt-get install bsd-mailx      # and then try the   date |mail -s test gary@yourdomain.com
<garymc> i didnt realise it would be so hard to install this email server stuff
<jmarsden> if you think this is hard, you've not much experience with administering servers :)
<garymc> ok that seems to work. no output though
<jmarsden> Good.  Now let's see if it was delivered... back to telnet to port 143 again.
<ruben23> hi i have install dnsmasq on my ubuntu- server do i need to setup my resolv.conf to start with 127..0.0.1 before the dns forward to my ISP..?
<garymc> jmarsden : do i login again?
<jmarsden> . login gary PASSWORD
<garymc> logged in
<jmarsden> and then list the contents of the INBOX... let me find the command...
<garymc> ok
<jmarsden> . select INBOX
<jmarsden> . status (MESSAGES)
<jmarsden> Does it say you have a message?
<as1965> ruben23: no - not unless you want the dnsmasq server to use dnsmasq as well.
<as1965> The dnsmasq man page is worth a read (+ FAQ)
<jmarsden> garymc: Talk to me... did those commands work and show that you have a message in the INBOX ?
<jmarsden> garymc: I need to go out for lunch soon, BTW...
<garymc> sorry had to take a wazzz
<garymc> i just doen the inbox one
<garymc> 0 exists
<garymc> 0 recent
<garymc> OK UADVALIDITY
<jmarsden> 0 exists seems... not quite what we need.  Looks like the test email did not get delivered.
<garymc> hmm
<garymc> should i try the messages one?
<jmarsden> My mailbox has  * 1769 EXISTS   :)
<garymc> lol nice
<jmarsden> Sure, you can try it.  I doubt it will help though.
<garymc> didnt work
<jmarsden> OK.   . logout        and then you'll need to look at the logs under /var/log to see what happened to that test email.
<jmarsden> But I need to go eat lunch, I expect I will be back here later on.
<garymc> ok have a nice lunch
<jmarsden> Thanks.
<garymc> what log file am i looking for there are all sorts
<jmarsden> /var/log/maillog and /var/log/messages woudl be good places to start with.
<garymc> ok
<jmarsden> Check  /var/log/mail*  (whatever files you have in there starting with mail) ...
<garymc> have a nice lunch i may still be here but thanks for all your help
<jmarsden> Bye for now... you're welcome.  You are definitely closer than you were to a working mailserver.
<garymc> :)
<Timreichhart> is anybody running freeside?
<ruben23>  i have a ubuntu server having ipatbles as firewall on my network, now, i have application who are going to used http and https service, how do i open it on my firewall by inputing firewall rules
<dvheumen> you might want to look at 'ufw' instead of trying to configure iptables directly
<garymc> jmarsden you back?
<ruben23> what happend guys..?
<garymc> i think freenode closed down
<ruben23> upgrade..?
<jmarsden> garymc: I'm back now.
<garymc> cool
<ruben23> yeah..nice
<ruben23> we need experts here..
<jmarsden> for more on "what happened" see http://blog.freenode.net/
<garymc> just to let you know, i sudo ap-get purge bsd-mailx
<jmarsden> ruben23: Re firewall rules, are the http/https daemons running on the same Ubuntu server machine that is your firewall, or on some other machine?
<jmarsden> garymc: OK, but why?
<garymc> and installed heirloom-mailx
<ruben23> yes
<garymc> cos i didnt think you was coming back so thought id try the ones ubuntu was recommending
<ruben23> its running on the same server
<jmarsden> garymc: Oh... no big difference between those in practice, but OK.
<garymc> oh
<garymc> i should have left it now
<garymc> :(
<garymc> Just got to do something for the missus be back in 2 mins
<jmarsden> ruben23: So you can use ufw and add rules like    sudo ufw allow 80/tcp
<jmarsden> and sudo ufw allow 443/tcp
<ruben23> ok, are there no editing of rules directly to the Iptables..?
<jmarsden> ruben23: You can do it that way if you prefer, it's your server :)
<dvheumen> ruben23, I'm curious, why would you want to manipulate iptables directly?
<ruben23> dvheumen: learning...how to used the different rules..
<jmarsden> ruben23: On a production server/firewall, wouldn't it make more sense to learn by using ufw and then looking at the rulesets it creates? :)
<dvheumen> yeah, that was my thought :)
<ruben23> ok, i can go with that also
<dvheumen> and ... iptables is quite lowlevel, ufw does some additional rules automatically for allowing existing connections through and such. If you only use iptables rules, you need to set these rules manually
<ruben23> dvheumen:ok noted.
<garymc> jmarsden im back
<jmarsden> garymc: OK, so other than swapping out mail/mailx, what was in your logs? :)
<jmarsden> Did you see where the test email either was delivered, or why it was not delivered?
<garymc> ok
<garymc> right i dont know what any of it means :S
<garymc> ill pastebin
<garymc> jmarsden http://pastebin.ca/1772530
<jmarsden> OK... but what kind of server admin are you -- you run an LTSP server but have never learned to read log files??  Time to learn!
<jmarsden> The big clue is line 10, mail loops back to myself.
<jmarsden> It means you didn't answer debconf questions about your domain correctly when you installed dovecot-postfix, I suspect.
<garymc> hmm ok
<garymc> what parts have i got wrong do you reckon
<garymc> is it cos it says mail.mydomain.com?
<jmarsden> on phone...
<garymc> root@mail.mydomain.com ?]
<dvheumen> I think the following is interesting: from-mail-domain: mail.thefinancefacility.com, to-mail-domain: thefinancefacility.com
<jmarsden> garymc: OK... phone was from paid consulting client... so they get priority :)
<dvheumen> does this server know it should also accept/process mail from thefinancefacility.com
<dvheumen> and not only mail.thefinancefacility.com
<jmarsden> dvheumen: Probably not.  You're right.
<garymc> jmarsden : of coarse they do :)
<jmarsden> garymc: When you told debconf what the local domains were, how did you answer that question?
<garymc> i put mail.thefinancefacility.com and there where a few others let me get them up
<dvheumen> it seems to me that (probably based on DNS resolve) it derives that it must handle the mail locally, but it's not programmed to handle that domain locally
<garymc> ok first off. system mail name. thefinancefacility.com
<jmarsden> garymc: Try    postconf -n | grep mydestination
<garymc> mail.thefinancefacility.com, ubuntu.gateway.2wire.net, localhost.gateway.2wire.net, localhost_
<garymc> that is for ^^ postfix config
<jmarsden> Right.  We need to add thefinancefacility.com to that.
<garymc> i only put the financefacility bit
<jmarsden> Or you needed to test by sending date |mail -s test gary@mail.thefinancefacility.com     # if you really prefer that.
<garymc> no i want it without the mail
<jmarsden> OK, so do   sudo postconf -e "mydestination = mail.thefinancefacility.com, ubuntu.gateway.2wire.net, localhost.gateway.2wire.net, localhost, thefinancefacility.com"
<jmarsden> and then restart postfix
<garymc> ok done that
<garymc> do test mail again
<jmarsden> OK, now retest sending ... yes.
<garymc> ok
<garymc> sent mail
<jmarsden> OK, now see if it was delivered; either test with telnet localhost 143, or however else you want to look for the received email.
<garymc> ok
<garymc> Oooohohh we got action
<garymc> 1 exists
<dvheumen> hehe
<garymc> 1 recent
<jmarsden> OK, now go test your real email client (Outlook or whatever you prefer).  I think we've finally got you a working mail server :)
<garymc> ok in outlook i add pop3 account?
<jmarsden> garymc: Well, if that is what you want.  IMAP might be better, depends on how you use email and where you want the user's email to be stored/backed up from/etc.
<jmarsden> That's not a Ubuntu server question :)
<garymc> well i tried doing an imap one then and no joy
<jmarsden> Be specific... what do you mean by "no joy"?  What happened when you tested the newly configured account?
<garymc> incoming and outgoing mailserver be
<garymc> mail.thefinancefacility.com
<jmarsden> garymc: sure, if that resolves to the IP address of your server.
<garymc> it didnt work just got error
<jmarsden> No, Outlook is a lot more informative that "it didn't work" or "error".  I work with hundreds of small businesses and thousands of email users, trust me, I know this :)
<garymc> hmm ok that failed
<jmarsden> "failed" is not specific.
<garymc> maybe it isnt mail.thefinancefacility.com ?
<jmarsden> You are *guessing* and your domain and server names???
#ubuntu-server 2010-01-31
<garymc> Log onto incoming mail server (POP3): Your e-mail server rejected your login. Verify your user name and password in your account properties. Under Tools, click E-mail accounts.  The server responded: -ERR Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
<jmarsden> That's *way* better.  Set Outlook to use SSL (under More Settings, the Advanced tab) and retry
<jmarsden> SSL for POP3, that is, not SSL for SMTP, since you almost certainly do not have that set up at this point)
<garymc> ok looking for that option now
<jmarsden> Is this Outlook 2000, XP, 2003 or 2007 ?  Microsoft keeps moving stuff around ...
<jmarsden> alternatively, use a free email client such as Thunderbird instead :)
<dvheumen> It's probably not 2007, I think it defaults to secure connections
<garymc> 2007 it is
<garymc> cant find it :S
<dvheumen> :| okay, my bad :P
<jmarsden> It's there somewhere... I don't have 2007 here at home, let me see if I can remote to an office PC with it on ... but really, this is Microsoft support now, not ubuntu server support...
<garymc> lol ok
<dvheumen> a might be able to give a rough direction
<dvheumen> Tools -> Emailaccounts -> properties of this particular email account
<jmarsden> garymc: http://support.tigertech.net/outlook-2007-ssl
<dvheumen> and then you should go to something like "More settings" or so
<jmarsden> Someone out there provided us a nice web page with pretty graphics in it :)
<garymc> ahh ok
<garymc> found it
<jmarsden> OK, so check the box and watch the port change from 110 to 995, save the change, OK, Test Account...
<garymc> ok doing it. said about certificate
<jmarsden> Can you ignore the warnings and continue anyway?
<garymc> now i got a synatec message pop up LOL an encrytped email connection has been detected
<garymc> Send test e-mail message: Establishing an encrypted connection to your outgoing (SMTP) server failed. If this problem continues, contact your server administrator or Internet service provider (ISP).
<jmarsden> OK, but did the receive part work, the POP3 part?
<dvheumen> Did you use the test email function? ... Then you're making it more difficult for yourself, because that one also tests outgoing mail.
<garymc> ahh ok
<garymc> well i got 3 test email messages and the one we generated in the terminal
<garymc> but outlook did say we failed
<dvheumen> you probably failed in sending (test) messages
<garymc> ahh ok
<jmarsden> garymc: OK, so we're done for the receiving part.  If you set the port for SMTP in that Advanced dialog to be 25 instead of 587 will it then test cleanly?
<garymc> jmarsden it must have worked cos I got some messages in my inbox
<dvheumen> jmarsden, I'm planning a new Ubuntu Server installation as an additional server in an otherwise Windows-only-network :P and I've got some questions regarding AD integration. Would you mind a few questions?
<jmarsden> Or is your ISP blocking port 25?
<garymc> i wouldnt know
<jmarsden> dvheumen: That's not exactly an area of strength for me, but go ahead and ask.
<jmarsden> garymc: Can you telnet mail.thefinancefacility.com 25    from your Windows PC ?
<garymc> i just open run then type that in yes?
<garymc> yes im there
<dvheumen> 1. I've seen approaches of connecting to AD using likewise-open and without using it. Is there a favorite? 2. Can/Does a Samba printserver publish the printers to AD? (And I especially mean publish, so that a user can easily find it.)
<jmarsden> dvheumen: Have you read/tried the stuff from https://help.ubuntu.com/9.10/serverguide/C/likewise-open.html
<dvheumen> I have seen that server guide and it's going to be a lot of help to me :)
<jmarsden> 1. I think likewise open makes things way easier.  2. I don't know but I'd hope so.
<dvheumen> okay
<garymc> i could telnet it said ubunt postfix etc but i couldnt login like i can in ssh
<jmarsden> garymc: OK, so you're not being blocked.  So set that port to 25 in the Outlook Advanced dialog, and retest sending and receiving.
<jmarsden> The port probably says 587 right now, change it to 25.  Leave the POP3 port set to 995, that is already fine :)
<garymc> which one the incoming or outgoing. incoming is set to 993 and out is set on 25
<garymc> sorry *995
<jmarsden> Interesting... try the Outlook test button again?
<jmarsden> I think this means you really will want to set up STARTTLS stuff for Postfix...
<garymc> no joy
<garymc> Send test e-mail message: Establishing an encrypted connection to your outgoing (SMTP) server failed. If this problem continues, contact your server administrator or Internet service provider (ISP).
<dvheumen> Keep in mind that by just changing the port number, the secure connection is probably still active (combobox TLS), maybe you want to change the combobox to unencrypted or something.
<dvheumen> (at least that's how it looks on the fancy graphics website :P)
<garymc> it is set to auto. The choices are SSL TLS AUTO NONE
<jmarsden> dvheumen: Ah, could be.
<jmarsden> garymc: Try NONE
<garymc> Tried none and got this error : Send test e-mail message: None of the authentication methods supported by this client are supported by your server.
<garymc> so im recieving emails great
<garymc> just cant send now?
<jmarsden> Right.  There's a fix for that... a postfix config fix... it's an outlook oddity if I remember rightly... but I forget what teh fix is... let me try and find out...
<jmarsden> garymc: What does    postconf -n | grep broken     output   ?
<garymc> i get a symnatec Email proxy warning too in outlook. A yellow box pops up. Let me do that now
<jmarsden> Oh man... try killing the symantec thing from getting in between Outlook and your mail server, and test again!
<garymc> broken_sasl_auth_clients = yes
<dvheumen> or you can just right-click and disable it ;)
<jmarsden> That's as it should be.
<garymc> OMG this synatec stuff sucks
<dvheumen> what's wrong?
<garymc> it weont turn off
<dvheumen> what did you try?
<jmarsden> "<jmarsden> Oh man... try killing the symantec thing ..."    -- there was a reason I said that :)  Close Outlook, log out of Windows, log back in, try disabling it.  That may work better (I think it's hard to disable when it is already acting as an email proxy, but that's from a rather vague memory)...
<garymc> so if i log out will this chat room stay open? or am i gonna have to load up again?
<jmarsden> You'll have to restart your IRC client and reconnect here, if your IRC client is on the same WIndows PC you are testing from.
<Jeniczek|afk> well
<Jeniczek|afk> just returned from ciname
<Jeniczek|afk> cinema ;)
<Jeniczek|afk> awesome movie, Avatar is ;)
<garymc> yeah its good. You see it in 3d?
<Jeniczek|afk> yupp
<garymc> ok brb
<Jeniczek|afk> Dolbi Digital 3D
<Jeniczek|afk> Dolby
<jmarsden> Jeniczek|afk: Hint: you are no longer |afk , or else we are all talking to a bot :)
<Jeniczek|afk> oh
<dvheumen> you know, I can't find any information on ACL (setfacl/getfacl) on the serverguide for karmic. Is this not important?
<jmarsden> dvheumen: Almost nothing uses ACLs on Unix/POSIX filesystems.
<jmarsden> everyone just sticks with normal Unix permissions.
<dvheumen> ah okay, so that me thinking too much in Windows-mode :P good to know
<garymc> Hi
<garymc> well that didnt work
<jmarsden> welcome back... you still can't disable symantec from interfering with your email connections?
<garymc> i dont think it has any bearing on the emails though. its just like a warning message to say it an encrypted email
<jmarsden> It may not be the problem, but it may be... hard to know until you disable it, really.
<dvheumen> Maybe I missed this, but is postfix configured to or not to use encryption for SMTP communication?
<jmarsden> I suspect by default it is not.  We could try adding STARTTLS support to it, but it would be nice to know the issue isn't Symantec tryinmg to hard to protect garymc from himself...
<jmarsden> *trying too hard ....
<garymc> yeah im trying to suss out this symnatec crap
<dvheumen> garymc, what version of symantec is running?
<jmarsden> You really should be able to disable it temporarily.
<dvheumen> is it Symantec Corporate, or Symantec Endpoint Protection?
<dvheumen> 'cause I know for sure you can right click a Symantec Endpoint Protection client and choose 'disable ...'
<dvheumen> or you could just start the client and configure it differently (if the configuration options aren't locked)
<garymc> its built into norton isnt it?
<garymc> Ive disabled all of norton and cant find the symnatec stuff
<dvheumen> garymc, Norton is the consumer version, Symantec is the corporate version
<jmarsden> Hmm, looks like postfix actually does get configuredto accept STARTTLS by default when you use the dovecot-postfix package... nice :)
<garymc> so thats good?
<dvheumen> jmarsden, okay, so 'TLS' should be selected in the combobox of the account security settings
<jmarsden> Yes, except it means the message from Outlook makes less sense... I'll try sending gary a test msg from a server I run that I know does TLS by default and see what happens...
<garymc> i just sent myself a message from my yahoo account. it went to my junk mail folder
<mrp> 0there's no man on my ubunutu server install?!?
<jmarsden> mrp: what happens when you type    man man
<jmarsden> garymc: Your mail server has working STARTTLS, so the issue is with SMTP authentication somewhere...
<garymc> ok
<garymc> is that on my server
<jmarsden> Yes... testing...
<garymc> got your email
<garymc> so what can i do to test it?
<jmarsden> Yes... and if I connect to your server using openssl s_client and play around, it shows me 250-AUTH PLAIN LOGIN   and 250-AUTH=PLAIN LOGIN   so that part looks OK to me...
<dvheumen> try thunderbird maybe?
<jmarsden> garymc: Well, you can use openssl s_client -connect thefinancefacilityc,om:25 --starttls smtp     # but then you have to know what to do to authenticate using SMTP by hand ... so yes, dvheumen's idea is probably reasonable.
<garymc> prob is all the people who work with me use outlook. I dont think they will want to chage to thunderbird
<dvheumen> garymc, it's just for testing
<dvheumen> if it works, then you can probably conclude that Symantec isn't interfering
<dvheumen> and you can continue searching for Outlook settings
<garymc> oh ok
<garymc> thunderbird
<garymc> is it a firefox add on?
<dvheumen> no, a separate app, you can find it at mozilla.com
<dvheumen> jmarsden, that command 'openssl s_client' is nice, didn't know that one, might come in handy some day :P
<jmarsden> garymc: I need to do some other work related computing, but will stay online here and catch up from time to time...
<garymc> ok im in the uk where are you?
<jmarsden> dvheumen: It's a handy test tool, yes.
<garymc> its 1 am here
<jmarsden> garymc: California.  I'm from the UK, though.
<garymc> What part of the UK
<jmarsden> Born in Bristol, but family is in Yorkshire.
<garymc> cool
<garymc> just installing thunderbird
<dvheumen> okay, I'm gonna tell you in advanced. I don't have any experience with thunderbird and secure SMTP connections. But the idea is to set up the connection just as we would (and tried) in Outlook. And test it. If you can't get it to work at all, then Symantec might be interfering
<dvheumen> If you can get it to work, then it must be something in Outlook.
<garymc> Hey thunderbird found the settings itself
<dvheumen> This way you can narrow down the search
<garymc> incoming mail server : imap.thefinancefacility.com
<garymc> outgoing : smtp.thefinancefacility.com
<garymc> hmmm
<dvheumen> what?
<garymc> outgoing was amber not green
<dvheumen> did it say anything about the meaning of the color?
<dvheumen> or some warning or error message or something?
<garymc> ok sending an email in thunderbird heres my error message: Sending of message failed.
<garymc> An error occurred sending mail: Unable to authenticate to SMTP server mail.thefinancefacility.com. The server does not support authentication (SMTP-AUTH) but you have chosen to use authentication. Untick 'Use name and password' for that server or contact your service provider.
<dvheumen> oh, yeah right, that's probably also the problem in Outlook.
<dvheumen> Try disabling authentication in thunderbird
<dvheumen> (better to continue testing in thunderbird at first)
<dvheumen> so it seems that TLS is accepted, you just doesn't need to authenticate ... (or maybe I'm too hasty in my conclusion)
<dvheumen> *don't
<garymc> now trying to find that in thunder bird :P
<dvheumen> try to find the account settings. I'm not familiar with Thunderbird 3 yet, but I've seen a separate section for "Outgoing Mail" in Thunderbird 2, so you might be looking for that in T3 too
<garymc> it says secure authentication none in thunderbird
<dvheumen> none? okay ... just keep it like that for now
<dvheumen> ow w8
<dvheumen> sorry, misunderstood uhhh....
<uvirtbot> New bug: #514963 in samba (main) "package samba-common-bin 2:3.4.0-3ubuntu5.4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/514963
<dvheumen> so are there a username and password entered for SMTP?
<dvheumen> because you probably don't want those to be used
<garymc> yes i disabled them
<garymc> still not working
<dvheumen> is the error the same?
<garymc> boo hoo :(
<garymc> i really need to get something working by monday or im screwed
<dvheumen> then what is the error message?
<jmarsden> garymc: Then you shouldn't be attempting this, given your level of experience with installing and testing email servers!
<garymc> lol i know
<jmarsden> Gicven " The server does not support authentication (SMTP-AUTH)", something is weird, because my openssl s_client test shows that it *is* accepting AUTH over STARTTLS connections.
<garymc> but if i can just get sending and recieving wokring then ill get the rest of it up eventually
<garymc> yeah its prob just something stupid thats stopping it
<jmarsden> If a mail server sends and receives, what else do you want it to do?  Make coffee?
<garymc> if it could ;P
<garymc> No i mean AntiVirus and spamassassin etc
<garymc> and webmail
<dvheumen> I think you should try again with a clear head, not at 1 in the night :P
<jmarsden> garymc: Sleep for six hours, then come back here. I
<jmarsden> will probably still be here :)
<garymc> so no other tests i can make?
<garymc> before bed
<jmarsden> And I may be somewhat freer to focus on helping you than I am now... there are things I could test, but that I can't teach you to do quickly.
<jmarsden> So ... you can test brushing your teeth before bed, if you like :) :)
<garymc> lol ok
<garymc> thanks for all your help
<garymc> hopefully speak 2moro
<garymc> night night
<jmarsden> You're welcome.  Sleep well.
<dvheumen> garymc, good luck tomorrow
<garymc> one last error message in thunderbird
<garymc> Sending of message failed.
<garymc> The message could not be sent because the connection to SMTP server mail.thefinancefacility.com timed out. Try again or contact your network administrator.
<dvheumen> dream about it tonight :P
<dvheumen> and you'll have the answer in the morning ;)
<garymc> i doubt it
<garymc> but oh well  catch you laters
<dvheumen> jmarsden, well I hope I can get the same patient support when I stumble upon a problem with Ubuntu Server, 'cause this was pretty impressive ;)
<dvheumen> (next week or so ...)
<jmarsden> Thanks :)  I'm often here, and help when I can...
<dvheumen> okay, that's good to know
<garymc> Hi again, having trouble sleeping
<garymc> :P
<garymc> just sent a test message from gary@thefinancefacility.com to gary@thefinancefacility.com and it sent it
<garymc> but tried to send one to my yahoo account and get this message
<garymc> An error occurred while sending mail. The mail server responded:  5.7.1 <gmckla@yahoo.co.uk>: Relay access denied. Please check the message recipient gmckla@yahoo.co.uk and try again.
<garymc> is that any better of help?
<dvheumen> garymc, that's another kind of problem
<garymc> it is?
<garymc> i havnt changed no settings?
<dvheumen> this has to do with relay settings on the mailserver, should be completely separate from the authentication problem
<dvheumen> ow w8, you send from thunderbird?
<garymc> yes
<dvheumen> hmmm, interesting
<garymc> so how do you fix relay settings?
<dvheumen> i don't have a clue on that one, I'm not at all familiar with postfix
<jmarsden> garymc: Fixing the auth will fix that, the server will relay for you if you authebticate to it to prove you are really a user of it.  Now go to sleep :)
<garymc> ARRRR..... missus is in bed and neice is in my speck so dont look like im gonna get any sleep
<garymc> :S
<jmarsden> postconf -n |grep smtpd_recipient_restrictions   # to see why this works, it will have a permit_sasl_authenticated in there...
<jmarsden> I need to work on other things right now...
<garymc> ok jmarsden no worries
<garymc> http://pastebin.ca/1772645
<garymc> lol
<dvheumen> garymc, so this essentially says, if the client is an authenticated user, then relaying is allowed, otherwise only mail to locally managed domains is allowed
<dvheumen> so you're back at the authentication problem (sorry :P)
<garymc> i take it you dont know how to sort that?
<garymc>  causing it?
<garymc>  causing it? is it postfix or dovecot
<dvheumen> garymc, well, actually I'm now at a point where I have some ideas, but it's difficult to help you via text
<dvheumen> its a sending problem, your communicating with postfix
<dvheumen> so I suspect postfix
<dvheumen> (or thunderbird of course)
<garymc> ill pastbin my postfix /main.cf
<garymc> will that help?
<dvheumen> the authentication problem occurs in this communication I think: client (currently thunderbird) --- (Symantec, transparently proxying, maybe interfering, maybe not) ---> Postfix
<dvheumen> it won't help, because I have never worked with postfix
<dvheumen> :P
<garymc> ok
<garymc> im going to bed
<garymc> bye bye thanks for the help
<altf2o> not sure if this is the appropriate room, however i'm running Ubuntu 8.04 LTS & OpenVPN is running fine. Have the server and a Windows XP client and Ubuntu 9.10 (NBR) connected just fine. Both clients see all Samba shares etc... Issue is they can't ping eachother, anyone know if there's a way to get them to see eachother?
<altf2o> n/m, i got it folks.  /etc/openvpn/server.conf , uncomment:  client-to-client  , incase anyone needs it.
<MTecknology> altf2o: this was the right channel - just many people gone for the weekend
<altf2o> MTecknology: good to know. I've always wanted remote access to my local Samba shares\printers, good to know OpenVPN made it very simple
<MTecknology> altf2o: glad it's working for you
<jiko_> I need help, i got stuck at this place I am getting this same page again and again - http://i47.tinypic.com/2zqdkx2.jpg
<MTecknology> Anybody have any idea what happened here?  http://paste.ubuntu.com/366029/
<patdk-lap> sounds like all your memory was locked or something, dunno
<patdk-lap> why are you running pae kernel? you have >4gigs ram in a non-64bit system?
<MTecknology> patdk-lap: that's just the -server kernel
<MTecknology> patdk-lap: I'm going to go to sleep; hilight me with anything you wanna say or msg; thanks much
 * MTecknology passes out from physical and mental exhaustion
<simmerz> jmarsden: got the second server upgraded. that had even more problems! ended up migrating it from Xen to KVM to alleviate them
<uvirtbot> New bug: #389763 in kvm (main) "ERROR: Missing kernel headers  Kosmic" [Undecided,New] https://launchpad.net/bugs/389763
<alexxx`> hello, can someone help me to install Kloxo Lxadmin to in Hyper VM (VPS) ?
<twb> Neither of those things sounds like Ubuntu
<uvirtbot> New bug: #515099 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/515099
<error404notfound> [from #bind] i have this http://pastebin.com/m4f4fc7db setup on my local server, just practicing, and its not working, as you can see i can't open any urls and even the ping response comes from multiple subdomains
<garymc> Hi, anyone know how i sort my relay for my email server in postfix and dovecot? I can send emails to the same domain but not any outside it
<garymc> Hey jmarsden you still up?
<garymc> everyone must be a sleep
<kervel> garymc: relayhost in /etc/postfix/main.cf ?
<garymc> yeah
<garymc> kervel : relayhost =
<garymc> there is nothing there
<kervel> garymc: where is the machine ? is it a server or is it at home
<garymc> its a server at my office
<kervel> ah
<kervel> and if you try to send an email, is there anything in /var/log/mail.log ?
<kervel> it is possible the ISP you are using blocks port 25 outgoing (mine does)
<kervel> in that case you need to configure relayhost to relay all mail to the smtp server of your ISP
<garymc> hold on
<garymc> im checking the logs
<kervel> eg "relayhost = smtp.btcentralplus.com"
<kervel> or something like that. no idea if thats the right server
<garymc> but why would i do that. I thought my server would have sent the mail?
<kervel> well the mailserver sends mail by contacting the mailserver of the recipient
<kervel> eg if you send to somebody@gmail.com, the mailserver will try to contact the mailserver of gmail.com to deliver the email
<kervel> that will not work if your isp blocks this kind of traffic (which is common)
<kervel> so instead of doing your mailserver -> gmail.com mailserver
<kervel> you do your mailserver -> isp mailserver -> gmail.com mailserver
<kervel> which is less likely to be blocked
<kervel> probably your mail.log will give you more information
<garymc> heres my mail log http://pastebin.ca/1773016
<kervel> ah this is another proble
<kervel> m
<garymc> what?
<kervel> your mailserver refuses to relay mail for 86-158-86-203
<kervel> i guess the program you use to send mail with and your mailserver are on a different machine
<garymc> yeah thats my home ip, but its a dynamic ip
<kervel> program = thunderbird / ...
<garymc> on windows xp
<kervel> ok, now probably its a good thing
<kervel> home ip -- office ip are not in the same network
<garymc> nope
<garymc> im 10 miles from my office on my home internet
<kervel> if your mailserver would accept mail from every possible IP and relay it, it would be used as a spam gateway in no time
<garymc> yes i understand. but how do the likes of an email provider do it?
<kervel> so mailservers are configured to relay mail for their own network only
<kervel> well
<kervel> an ISP will always relay mail for all its customers
<kervel> for the ISP, all their customers are in "their network"
<kervel> so thats easy
<kervel> to check if somebody is a customer or not (by ip address)
<kervel> your mailserver has no way to know if it is you who sends mail or a spammer
<garymc> ok i have email for my other sites held at fasthosts.com but my ISP is BT
<garymc> so im a little confused
<garymc> i thought maybe username password match and it would le tme send?
<kervel> well let me tell you what is "relaying" mail
<kervel> tell me which mail domain is configured on your server
<kervel> or give me an example if you dont want to disclose
<garymc> thefinancefacility.com
<kervel> ok
<kervel> well
<garymc> mail.thefinancefacility.com
<garymc> ??
<kervel> if i use your mailserver to send to thefinancefacility.com then it will always accept the mail
<kervel> because then your mailserver acts as endpoint not as relay
<garymc> yes cos its internal
<garymc> i can recieve outside emails fine, just cant send
<garymc> :S
<kervel> receive and send are completely different
<kervel> receive is dovecot, username and password
<garymc> ok
<kervel> your postfix is using for sending mails and doesnt use password
<kervel> so it uses ip authentication
<kervel> eg in your main.cf you will find this line:
<kervel> mynetworks = blablabla
<garymc> yes
<kervel> a mailserver will RELAY a mail if the ip address where the mail comes from is in the mynetworks
<kervel> otherwise it wont
<garymc> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 81.138.225.161
<kervel> so you could add the whole bt network to mynetworks and then it will work, but thats a great spam risk
<garymc> but im on a dynamic ip at home so my ip always changes
<kervel> and you also risk being blocked by your isp because of open relay
<kervel> yes
<kervel> now there are some solutions for this, but not easy
<garymc> ok
<kervel> first of all , why don4t u use the smtp server of your home isp to send email
<kervel> that one will always work
<kervel> eg relay
<kervel> eg in your thunderbird, specify your dovecot as INCOMING server just like now but specify outgoing server the one of your isp
<kervel> thats the easy solution
<kervel> the difficult solutions are:
<garymc> ok but no good
<kervel> why not ?
<garymc> im gonna need the difficult one
<kervel> ah
<garymc> Cos i have a couple employees who need to access their email from home and possibly send them, they are all differnt ISPS
<garymc> they all use outlook
<twb> kervel: we already tried to talk garymc out of accidentally running an open relay
<kervel> http://wiki.dovecot.org/HowTo/PopBSMTPAndDovecot
<garymc> twb im not going to accidently run an open relay
<kervel> see the section POP3 (imap) before SMTP
<kervel> thats one solution
<kervel> the other solution is SMTP authentication, where your postfix also uses username and password
<garymc> the second sounds better
<kervel> http://www.linuxmail.info/postfix-smtp-auth-dovecot-sasl/
<kervel> garymc: as already told you its a nonstandard setup and it will require some digging and googline
<kervel> googling
<twb> kervel: you mean exposing smtp/ssl to the internet on the submission port, and requiring autentication for relaying?
<kervel> twb: yes
<twb> Yeah, that's the least worst approach if you have end users outside your network, who are too dumb to use ssh + mutt :-)
<kervel> reason why this is difficult : you want it to use the same auth as your imap/pop server so you will need to have a matching configuration on incoming and outgoing
<kervel> eg for cyrus its different than for dovecot
<twb> kervel: can't you just use pam?
<kervel> twb: maybe. the auth plugin framework for these things is called SASL iirc
<twb> kervel: that's for the client to talk to the daemon, surely?
<kervel> http://www.postfix.org/SASL_README.html
<kervel> yes ...
<twb> The daemon talking to an SSO user database (ldap, flat files, whatever) is pam
<kervel> twb: check the link i just sent ... sasl is apparently more than just a protocol
<kervel> twb: postfix can be configured using cyrus sasl and also dovecot protocol whatever that may be
<kervel> twb: pam and sasl use different password encryption afaik
<kervel> twb so that means if you use pam+sasl you can only do cleartext passwords
<twb> pam doesn't use encryption at all.
<twb> pam is just an API that defines how applications can ask questions like "is this user who they say they are?"
<garymc> yeah i need to implement this.
<kervel> twb: you are probably right, but in the end passwords are encrypted in /etc/shadow and this has some effects
<kervel> anyway, not related to pam probably indeed
<garymc> See if im at the office I can use this email to send and recieve great. I see the problem when leaving the office network
<kervel> but still there
<kervel> garymc: i would suggest checking the urls i just pasted here
<garymc> so i prob need this postfix SASL implemeted
<kervel> garymc: looks like it
<garymc> or is it SASL auth
<garymc> cos i thought i had SASL auth implemented but obviously not
<kervel> garymc: you need to have it implemented AND you need to have your clients configured so that they use username/password for smtp
<kervel> which is not the default
<garymc> ok
<kervel> Dovecot SASL configuration for the Postfix SMTP server in http://www.postfix.org/SASL_README.html
<garymc> i understand that its just doing it im having probs with
<garymc> ill read through thatkervel, i have actully done what it says here but it doesnt work
<garymc> kervel : i have actully done what it says here but it doesnt work
<kervel> garymc: there is a big part about troubleshooting too in the howto .. i suggest looking at it
<garymc> ok
<garymc> thanks
<kervel> btw one more thing garymc i stopped doing this running my own mailserver long ago
<kervel> its too much pain .. every single mistake you make can result in a disaster
<kervel> eg lost mail
<garymc> yeah i understand
<kervel> now i use a professional mail host who can do it much better than me ..
<garymc> im prob gonna just go back to my provider but they are soo bad
<garymc> emails down all the time etc etc
<kervel> yeah ... then find another one
<kervel> take into account that running your own mailserver means backups and restores, user support, calling to administrators of other companies to ask why they block your mailserver , ...
<kervel> its a hard job
<kervel> people will call you to ask why they cant send 40meg attachments
<kervel> and things like that
<garymc> :S
<garymc> nigthmare
<error404notfound>  i have setup bind to be authoritative for only domain.com, i still see /var/log/syslog saying named[14880]: client 192.168.50.6#33870: query (cache) 'twitter.com/A/IN' denied, why?
<error404notfound> how can i configure bind to only answer for domain.com instead of listening every request and denying it then?
<bogeyd6> error404notfound, its called forwarders
<bogeyd6> it will answer only the domains it carries and forwards all other requests
<error404notfound> bogeyd6, but i don't want it to forward requests, won't it consume bandwidth?
<bogeyd6> so you want to deny everything but the domains it has zones for?
<bogeyd6> and the bandwidth it consumes is completely minimal
<bogeyd6> https://help.ubuntu.com/8.04/serverguide/C/dns.html
<error404notfound> bogeyd6, hmmm, well if its minimal, i can live with that :P
<kijo> please help me in installing forum
<kijo> I uploaded all the files through FTP but unable to open the install.php file
<mealstrom> check permissions
<bogeyd6> kijo, if you uploaded as your username you need to sudo chown www-data /directory/to/files
<bogeyd6> or you can chgrp it
<bogeyd6> then sudo chmod g+r /directory to files
<error404notfound> bogeyd6, i have http://pastebin.com/m4f4fc7db except that now i have uncommented forwarders and restarted bind.
<error404notfound> but i still can't resolve any urls, get same deny error
<error404notfound> http://pastebin.com/m76bae9b9 contains my bind configuration, my syslog on server, dig response on client and resolv.conf on client, u am unable to browse any site...
<cyphermox> error404notfound, what happens if you do a request on the client for example.com?
<error404notfound> cyphermox, i can't connect, no response.
<cyphermox> no response, or refused?
<error404notfound> cyphermox, i think refused, can't check right now...
<cyphermox> ah
<error404notfound> cyphermox, lemme check now :)
<cyphermox> error404notfound, if what you're trying to achieve is an internal, caching nameserver only, I'd check two things: making sure the root server hints are in place (zone .), and I'd remove "recursion no;" and replace it with "allow-recursion{192.168.50.0/24;};  allow-query {192.168.50.0/24;};"
<error404notfound> cyphermox, yup, doing that :)
<error404notfound> i instead created an acl and using that
<cyphermox> yup
<error404notfound> followed http://support.menandmice.com/jforum/posts/list/25.page and created an acl named trusted, using that in allow-query allow-query-cache allow-recursion etc
<error404notfound> cyphermox, that fixed it :)
<error404notfound> thanks man :)
<cyphermox> cool
<error404notfound> that was my first experience combining openvpn and bind to serve private services only to vpn machines
<garymc> can anyone actually help me get my email server accepting me when im away from the network?
<garymc> im reading everything and just dont understand what i need to impement and how
<lenios> garymc, do you have smtp auth on the email server?
<garymc> i thought i did, but now im not so sure
<garymc> how can i tell?
<garymc> all emails work fine when im in the office network. I can send out recieve etc
<garymc> but when i come home and try to send an email from gary@mydomain.com to jack@yahoo.co.uk it wont work
<lenios> smtp auth means you'll have to authenticate to send mails
<garymc> could you help me with this?
<garymc> I know ive set the postfix/main.cf
<garymc> smtpd_sasl_auth_enable = yes
<lenios> http://linuxgazette.net/142/pfeiffer.html
<garymc> ok sasl auth is installed and running
<lenios> you just need inbound mail relay in your case
<garymc> lenios : so how do i go about doing this?
<lenios> just follow the instructions on the page i linked
<garymc> lenios followed that link you provided and still no joy.
<garymc> When i telnet mydomain.com 25
<garymc> then run command "ehlo mydomain.com" the 250-AUTH DIGEST-MD5 CRAM-MD5 doesnt show up ? :S
<dvheumen> garymc, do you want me to check?
<error404notfound> bogeyd6, can you help with http://ubuntuforums.org/showthread.php?t=1395050 ?
<garymc> dvheumen yes if you could please :)
<dvheumen> garymc, what was the domain name again. I should be able to get the same info when I connect
<garymc> thefinancefacility.com
<dvheumen> okay, i'll have a look
<garymc> the TTLS is there but no AUTH
<android60> I have a home server that isnt used much so I would like to spin down data drives when not in use for 3 hours. I am looked at hdparm but I am not sure if using hdparm -S permanantly sets the standby time for the drive (even after reboot) or if this is the best way
<dvheumen> okay, so I did also not see AUTH, but that might be because 'telnet ... 25' creates a plaintext connection, not a secure one
<dvheumen> so I'm now trying to figure out how to set up a secure connection :P
<garymc> ok but the guides say otherwise
<dvheumen> hmmm okay, that's good to know
<dvheumen> in that case it would seem that it is not accepted as a valid option
<dvheumen> hmmm... when I enter 'AUTH' as a command (was just a guess) it gives me '503 5.5.1 Error: authentication not enabled'
<dvheumen> this gives me the impression that a postfix config options is incorrect ... remember, I haven't done anything with postfix yet, so I'm guessing here
<garymc> yes
<garymc> thats what im saying i just cant work it out
<dvheumen> okay, I've scanned through the linuxgazette article that was posted here earlier. That seemed to be a good guide, and if you've followed/checked your configuration according to the linuxgazette article, I'm afraid I am out of ideas
<garymc> ok thanks for trying
<garymc> :S
<android60> is spindown the same as standby for a hard drive?
<garymc> Anyone else help me get my mail server working?
<cemc> garymc: maybe AUTH is available only after STARTTLS ?
<cemc> man 5 postconf, and search for smtpd_tls_auth_only
<cemc> how is that set up in main.cf ?
<garymc> hold on
<garymc> smtpd_tls_auth_only = yes
<garymc> thats 3rd line from bottom of file
<cemc> if I understand correctly, that means it you need to TLS first, then AUTH
<garymc> ?
<cemc> so it won't work over unencrypted connection
<cemc> [01/31-195919] <cemc> man 5 postconf, and search for smtpd_tls_auth_only
<garymc> i dont understan man 5 postconf
<dvheumen> that's what I suspected :P
<garymc> :S
<cemc> garymc: you mean you don't know how to use 'man' or you don't understand what it says for that option?
<dvheumen> cemc, is there any way to start an interactive terminal after TLS is established. I've seen a command 'openssl s_client -connect host:port -starttls smtp' but this exits after tls info is displayed
<dvheumen> cert and such
<garymc> ive never used man
<cemc> garymc: uh, wrong answer :)
<dvheumen> hehe
<cemc> how can you not know about man ? try it and see. just type 'man 5 postconf' in a terminal
<cemc> that should bring up the manpage for all the postfix config options
<cemc> it's kinda like F1 :-)
<cemc> garymc: it's more basic than 'googleing it', you really should know about it when trying to set anything up on a linux server
<cemc> dvheumen: hm good question
<dvheumen> tnx :P
<dvheumen> learned the other command yesterday ... I'm in shape :)
<cemc> hm, it doesn't exit for me, that openssl command
<dvheumen> hmmm... then it maybe is something else, I'll give it another try
<dvheumen> 'read:errno=0' is what I get, the other stuff is just information
<cemc> dvheumen: what server, let me see
<dvheumen> I'm trying the server garymc is trying to configure, in order to see whether AUTH options are available
<dvheumen> mail.thefinancefacility.com
<garymc> thats it
<cemc> yeah, same for me too, errno=0, weird
<cemc> garymc: anything in the logs?
<garymc> nothing that i understand
<garymc> just denied stuff
<cemc> garymc: try this: tail -f /var/log/mail.log, then in another terminal:  openssl s_client -connect thefinancefacility.com:25 -starttls smtp
<cemc> and see what appears in the logs after you do that
<garymc> so open the mail.log now and see what it says?
<dudko> hi. I'd like to ask you if is possible to run as root in this PHP Shell Commander http://sourceforge.net/projects/shcmd/
<cemc> garymc: open a terminal, type sudo tail -f /var/log/mail.log
<cemc> garymc: then open another terminal and type: openssl s_client -connect thefinancefacility.com:25 -starttls smtp
<garymc> done that
<cemc> when you press enter, see what appears on the other terminal. anything?
<garymc> yes heres a pastebin
<garymc> http://pastebin.ca/1773307
<cemc> just what I thought, something's not set up right, and after you connect it craps out, and ends the connection
<cemc> see that fatal error? :)
<garymc> yes
<garymc> dont know what is set wrong though?
<cemc> what do you have for smtpd_sasl_type= ?
<garymc> in postfix/main.cf?
<cemc> yes
<garymc> smtpd_sasl_type= dovecot
<cemc> https://help.ubuntu.com/community/PostfixDovecotSASL - maybe you should read this
<garymc> pretty sure ive done all that
<garymc> ill look through it again now
<cemc> garymc: don't just look, try to understand it. don't just copy-paste options from the page to your config files... try to see which option does what. and 'man' is your friend ;) and read the comments in the config files
<garymc> ok
<ghostlines> is it a big deal if your powersupply doesn't fit in the mobo's powerslot?
<ghostlines> mines fits, but 4 slots still need to be connected but this old powersupply has different fittings
<ghostlines> seems like an old atx powersupply
<ghostlines> what I'm really asking is can a 20pin atx connector work in 24 pin slot
<dvheumen> I think there are converters available
<ghostlines> ahh k thaks
<ghostlines> *thanks
<garymc> cemc how can i find out the correct path for my postfix que directory?
<garymc> at the minute it is this : smtpd_sasl_path = private/auth-client
<garymc> thats what it is set to in my /postfix main.cf
<garymc> cemc I followed that guide to the tee and still no change :(
<garymc> jmarsden : are you about?
<cemc> garymc: the default postfix queue dir is /var/spool/postfix
<garymc> yeah i just found the path but still not working
<garymc> ahh its such a bummer
<cemc> garymc: is dovecot running ok?
<garymc> it says it is
<cemc> garymc: could you pastebin dovecot.conf and main.cf ?
<garymc> yep
<garymc> http://pastebin.ca/1773372 dovecot.conf
<garymc> http://pastebin.ca/1773377 main.cf
<bogeyd6> garymc, :))))
<bogeyd6> again with the authentication
<bogeyd6> you do realize if you follow the online guide it WILL work
<garymc> yes
<cemc> garymc: do you have a dovecot-postfix.conf ?
<garymc> well it all seems to be a shambkes now
<garymc> yes
<cemc> garymc: did you see what it says in dovecot.conf at the top ?
<bogeyd6> prob the best thing you can do gary is purge all the package and start fresh with the online guide
<garymc> cemc whoops ;)
<bogeyd6> !dovecot
<ubottu> IMAP and POP are protocols for fetching email. The officially-supported server in Ubuntu is Dovecot (packages "dovecot-imapd" for IMAP, and "dovecot-pop3d" for POP) - See also !MailServer for information on the SMTP protocol
<bogeyd6> !mailserver | garymc
<ubottu> garymc: Ubuntu supports the Simple Mail Transfer Protocol (SMTP) and provides mail server software of many kinds. You can install a basic email handling configuration with the "Mail server" task during installation, or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/9.04/serverguide/C/email-services.html
<bogeyd6> fo shizzle garymc
<garymc> ??
<garymc> fo shizzle?
<cemc> ;-)
<garymc> cemc : dovecot-postfix.conf is set correctly according to the documentation
<qman__> which is the correct file in /etc/apt.conf.d/ to place apt proxy directives?
<qman__> ah, just created a new one, works fine
<uffiole> hi. I want to run a few guests on a VM , mostly ubuntu desktop
<uffiole> so i setup the server 9.-10 and experimented with QEMU a bit
<uffiole> but i am confused if it would be easier to have X (and SDL) and a management interface on the box
<uffiole> just found JeOS. Is it a special server edition , right?
<uffiole> and the docs say it's for guest (too?)
<kiko__> i got stuck at a step in installation of forum software , could someone please help me out
<dvheumen> uffiole, if I remember correctly, JeOS is a slimmed down kernel for guest installations, because they all have the same simple virtualized hardware
<dvheumen> kiko__, I don't think I can help, but what software is it?
<kiko__> its SMF and i am at 80% done but getting a problem :-(
<dvheumen> is it a PHP problem?
<dvheumen> PHP error message or something
<kiko__> no not php
<dvheumen> okay, let's give it a try
<dvheumen> what is the problem?
<dvheumen> okay, that one works, plz continue here
<kiko__> ok
<kiko__> after entering all the details in that step i am getting this page all the time - http://i47.tinypic.com/2yovkad.jpg
<dvheumen> so that happens when you click continue?
<dvheumen> does the URL in the address bar change?
<dvheumen> well, it's clear that the URL in the last screenshot is not correct
<dvheumen> so you might want to find out why the URL changes and why this new URL doesn't work
<kiko__> is it URL ?
<dvheumen> what do you mean?
<kiko__> is it coz the url contains '  _ '  ?
<dvheumen> I don't know, because I don't know what the correct URL is. But you might want to compare the URLs of the two steps (the working one and the failing one) and see if there's a difference
<kiko__> URL are same
<dvheumen> exactly? or is the 'step' at the end different?
<wizzy_> hello people
<wizzy_> i am installing ubuntu server on my new system
<wizzy_> i got 2 hard drivves
<wizzy_> 80gb and 40 gb
<wizzy_> can i install it on raid?
<wizzy_> so noones here
<wizzy_> i will be using it for 2 x phpbb web sites
<kiko__> yes the url are exactly same
<wizzy_> can i install os and everything on 40gb and www and mysql data on 80?
<guntbert> wizzy_: then it is 2 disks - not raid
<wizzy_> well i am thinking
<wizzy_> raid is for backing
<wizzy_> but i might have some traffic so probably ill use 2 disks
<wizzy_> so /var should be on 80 gb
<wizzy_> and os on 40 gbs right?
<wizzy_> i will be only user of linux
<wizzy_> it will be 1 www and 2 forums sites (phpbb
<uffiole> dvheumen, ok thx.  i continue another day.... bye
<wizzy_> so now i got 2gb SWAP , 500mb /boot 15gb / . 23gb /home
<wizzy_> am i good?
<wizzy_> and /var and /tmp are on 80gb with 20gb free space
<uvirtbot> New bug: #514989 in php5 (main) "PHP process output (?) that breaks bash completion" [Undecided,New] https://launchpad.net/bugs/514989
<Timreichhart> could anybody tell me how I would update the mysql from root to user?
<wizzy_> www files are in /etc/apache right?
<qman__> wizzy_, no, apache configuration is in /etc/apache2, website files are in /var/www
<wizzy_> ok so its good that i will put /var on 80gb disk
<TDJACR> Anyone here use Exim with /etc/aliases (*: /var/www/scripts/maildaemon.php)
<wizzy_> ../var has 55gb / enough for 1 web site and 2 myslq databases?
<qman__> far more than enough
<wizzy_> ok thank you
<qman__> 1GB would probably be enough
<Timreichhart> I know there is a simple code but I forgot what to use
<uvirtbot> New bug: #515269 in samba (main) "Samba server starts before cups does" [Undecided,New] https://launchpad.net/bugs/515269
<wizzy_> on 40gb i got /boot,/,swap and /home
<wizzy_> on 80 gb i got /tmp and /var
<wizzy_> am i missing something?
<wizzy_> or should i just continue
<wizzy_> ?
<qman__>  /usr will have a significant amount of data in it, so make sure / is big enough
<Timreichhart> can anybody tell me how to update user in mysql like from root to user?
<qman__> at least 4GB
<wizzy_> ../ is 15gb
<qman__> that's plenty
<wizzy_> ok so i will continue
<wizzy_> then i will have one more question
<wizzy_> i got 2 routers
<wizzy_> wireless which is connected to modem and i got another one which is connected with wireless
<wizzy_> so i gotta open port 80 and 22 in both of them for server ip
<wizzy_> what if i will want to connect with ssh from my other pc on lan
<qman__> probably not, but you need to be more specific
<wizzy_> ok ok
<qman__> is the second router connected to the first via wireless?
<wizzy_> ill do sceme and ill post you link
<qman__> ok
<wizzy_> give me a min
<wizzy_> gman --- http://lh4.ggpht.com/_cXxRH_xn2yM/S2X6lEdyZsI/AAAAAAAAArA/VHj4PcHh75c/s640/sceme.JPG
<wizzy_> 1 is modem
<wizzy_> 2 is wireless/wired router
<wizzy_> 3 is router in my room
<wizzy_> 4 is ubuntu server box
<qman__> ok, is 3 connected to 2 via wireless, and is it in wireless bridging mode, or is it routing
<wizzy_> no via ethernet cable
<qman__> ok
<qman__> on 3, is it connected to 2 on the WAN port, or the switch
<qman__> as in, 3's WAN, or 3's switch
<wizzy_> 3 is connected normally into 4 ports
<wizzy_> like you would connect pc to is
<qman__> that's not what I meant
<qman__> 3 is plugged into 2's switch
<qman__> but on 3, is that cord in the WAN port or the switch
<wizzy_> WAN
<qman__> ok
<wizzy_> it works cause on 3 i got laptop from which i am chatting now
<qman__> in that case, yes, you need forwarding on both routers, and the only way to access the web server from computers connected to 2 is via 3's IP address
<qman__> on 2, forward ports 80 and 22 to 3's address
<wizzy_> ok so 2 has 192.168.1.1   3 has 192.168.0.1 and router has 192.168.1.100
<qman__> and on 3, forward 80 and 22 to server's address
<wizzy_> ok
<wizzy_> thank you
<wizzy_> but still if i want to access ssh from laptop on LAN i will have to write servers IP
<qman__> from behind router 3, yes
<qman__> from router 2, use router 3's IP
<wizzy_> ok
<wizzy_> laptop on wireless i will put 3s router ip
<wizzy_> ok i got some kind of problem
<wizzy_> "ubuntu login : one or more of the mounts listed in /etc/fstab cannot yet be mounted (esc for recovery shell ) swap:waiting for /dev/mapper/cryptswap1"
<wizzy_> ok i clicked enter and it went to login
<wizzy_> lol
<wizzy__> ok kinda weird when i type free is shows my RAM and in swap it shows 0 on total 0 on used and 0 on free
<wizzy__> ??
<Timreichhart> can anybody tell me how to update user in mysql like from root to user?
<bogeyd6> !noroot
<ubottu> We do not support having a root password set. See !root and !wfm for more information.
<Ninjix__> !root
<ubottu> Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
#ubuntu-server 2011-01-24
<sparc> Does anyone here host a local ubuntu ubuntu repository, to install from?
<sparc> s/ubuntu//; # :)
<sparc> if so, i'm curious if you provided preseed options to the installer through a preseed file, or as boot options
<sparc> it seems like there are two ways to do it
<sparc> boot options seem better, since then the installer doesn't have to depend on the Internet being available
<sparc> alas, the installer continues to look for archive.ubuntu.com, even when mirror/http/mirror and apt-setup/security_host are provided
<sparc> must be more, to do...
<jzacsh> hi, i'm about to file a bug in launchpad, `apport-bug php5` -- but its just a guess, and I'd like to hash how some details to pick the correct package. my problem is with less, or readline, or ubuntu, or php... not sure: http://ubuntuforums.org/showthread.php?p=10359461#post10359461
<jzacsh> if anyone has any thoughts could they hilight me, or post to that thread? thanks a ton :)
<jmarsden> jzacsh: re your "CLI ISSUE #2": I cannot duplicate this in Ubuntu 10.04.1 here, using Esc and then j or k works for command history in mysql for me, when using your .inputrc .
<jzacsh> jmarsden: thanks for taking the time to try.
<jzacsh> i'm on 10.04. what is the extra point version? (10.04.1?)
<jmarsden> Just a minor update, you probably have it too, do  lsb_release -d    to check
<jzacsh> jmarsden: yes, i have .1 as well. (sorry -- in another channel need hilights sometimes)
<jzacsh> jmarsden: i know its not _just_ me -- as i had people in the drupal.org issue queu (linked in my issue) say they also experience this in ubuntu (only)
<jzacsh> jmarsden: rr... nvm, i'm thinking of CLI ISSUE #1 -- (its late here)
<jmarsden> OK.  And your mysql is linked against libreadline as usual, right?  What does     ldd `which mysql` |grep readline    output?
<jzacsh> jmarsden: ahahah, lol.. wow. now i don't have the issue in mysql either
<jzacsh> mayb eit was a recent update (has to be -- i've bene chasing this for months)
<jmarsden> OK... I'll stop trying to duplicate it :)
 * jzacsh checks python
<jzacsh> very very strange.
<jzacsh> oy.
<jzacsh> jmarsden: so ISSUE #1 is reproducable for you, then?
<jmarsden> I'm not sure, I found #2 easier to understand how to duplicate so I went for that one first. Trying #1 now.
<jmarsden> Doing php -r 'print_r(get_defined_constants());' |less    seems to work as I would expect it to, so no, #1 I can't yet duplicate either.
<jmarsden> jzacsh: ^^
 * jzacsh makes sure that hasn't fixed it self either
<jzacsh> jmarsden: okay, that's still an issue for me -- i have: `php --version`: http://dpaste.de/fqgy/raw/
<jmarsden> Um.  In 10.04.1 ???  In Lucid you should have 5.3.2-1ubuntu4.7 not 5.3.5 .
<jmarsden> jzacsh: ^^ I keep forgetting to highlight you...
<jzacsh> jmarsden: i may have upgraded (very possible) -- i work as PHP dev as my day job, -- but I don't honestly remember for this laptop-- I rarely use it.
<jmarsden> OK... not sure if that matters or not.  What does    php -r 'print_r(get_defined_constants());' |cat -e -v |tail -1    output for you?
 * jzacsh tries
<jzacsh> jmarsden: )$
<jzacsh> (without the preceding: "jmarsden: "
<jmarsden> Ok, same here... so there is no unwanted ^M in there on your machine... at least not one that is visible to cat -e -v ... so what is less seeing?
<jzacsh> jmarsden: hmm.. very strange, php -r 'print_r(get_defined_constants());' |cat -e -v |tail -1
<jzacsh> wh00ps
<jzacsh> jmarsden: php -r 'print_r(get_defined_constants());' |cat -e -v | less  has the same issue
<jmarsden> That starts to suggest that #1 is more to do with less than with php output??
<jzacsh> jmarsden: that's what was also suggestd in php.net bug i posted.
<jzacsh> i've heard a lot about this possibly being related to how ubuntu packages less
<jmarsden> If you do    php -r 'print_r(get_defined_constants());' >somefile     you can then hexdump -c somefile   and less somefile and prove it is independent of php, perhaps?
<jzacsh> jmarsden: nope, its fine when read back from a file..
<jmarsden> OK.  does lv have the same issue?
<jzacsh> php -r 'print_r(get_defined_constants());' > ~/tmp/buggy; cat /home/jzacsh/tmp/buggy  | less
<jzacsh> jmarsden: lv?
<jmarsden> sudo apt-get lv   # another viewer
<jmarsden> sudo apt-get install lv   # I mean.
<jzacsh> jmarsden: sorry, i was just running those test on my archlinux box. oy (ssh confusion) -- sorry
<jmarsden> Ah... not so useful, that.   Also, check what     set |grep LESS   outputs, you can radically alter less behaviour with lesspipe stuff...
<jzacsh> so, yes, the above ^ command runs without any issue (to file, then to less) on my Ubuntu system as well.
<jmarsden> OK.  I think I have some custom stuff in my .bashrc for lessopen/lessclose, now I think about it...
<jzacsh> jmarsden: LESS=' XFRr '
<jmarsden> Just for fun, try   export LESS=MMich4    and then retest
<jzacsh> jmarsden: yes, same behavior with the options you requested.
<jmarsden> Hmm, OK.  That's what I use... I was hoping the rR might be what was causing less to behave poorly for you.
<jzacsh> not okay when passed directly through pipes (eg.: ` ...  | cat -e -v | less`) and okay when passed to a file (eg.: `... > ~/tmp/buggy ; less < ~/tmp/buggy)
<jzacsh> so, is still suspicious that things are not okay when passed directly along through the pipe
<jzacsh> jmarsden: i have to go soon, but if you could either comment on the ubuntu-forum post, or just start a launchpad.net/ubuntu bug, that would really be very awesome.
<jzacsh> thakn you for all the help so far. this machine i'm chatting from shouldn't get disconnected, so i should See hilights should you hav emore to say. i'm off to bed for now :)
<jzacsh> jmarsden: ^
<jmarsden> jzacsh: I'll see what I can do.  I need to duplicate the issue first, really... will try in a new default user without all my customizations and see what happens.
<jzacsh> jmarsden: whatever you can find or can _not_ find, if you'd post to that forum thread at the least, that'd be aewsome :)
<jzacsh> ciao
<jmarsden> Bye
<elkingrey> Hello, I have recently installed the Postfix and Dovecot package on my Linode server. My problem right now is setting it up in my Evolution client so that I can access that email account. Can anybody point me to a guide that will walk me through the specs I have to put into Evolution for the new account?
<Datz> is there a download for the -virtual kernel?
<twb> Datz: apt-get install it
<Datz> ah, thanks
<Datz> If I'm on 10.04 install, do I have to sick with a certain kernel version? I'm on 2.6.32 now, but aptitude search shows linux-image-2.6.35-22-virtual
<bluefrog> exit
<twb> Datz: you probably screwed up, then
<twb> Ah, that kernel has been backported to lucid-updates.
<twb> IMO you should stick to .32 unless you have a really good reason not to
<awanti> thanks
<Adman65> hey guys. Is there some way I can configure the fastest mirror?
<twb> deb mirror://mirrors.ubuntu.com/mirrors.txt lucid main universe
<Adman65> ty
<jpds> Not exactly fastest, but random country mirrors.
<Adman65> well atm im getting <200kB
<twb> jpds: the "mirror" method will always pick the first entry returned by the smart server
<jpds> Adman65: As you're in the US, try mirror.anl.gov.
<jpds> twb: "smart".
<twb> I'm told it returns based on geoip, but I don't know how granular that gets
<twb> jpds: right, "smart" as in it violates the spirit of HTTP by not returning static, stateless content :-(
<jpds> It's cached.
 * twb thinks the whole "web app" think should FOAD and go back to Display PostScript.
<twb> s/think /thing /
<jpds> Still, if you want to find the fastest mirror, you're better off looking at routes and seeing which mirrors you have peering with or something.
<jpds> http://mirror.{a,p}nl.gov/ happen to be the two 10Gbps US mirrors there are.
<kerozene> aptitude seems to assume --purge-unused.. how can I reconfigure that?
<lauris> hi, how to make service starting automatically on 10.04 ?
<\sh> lauris: check /etc/default/<service>
<lauris> and if there's no such file ?
<twb> kerozene: run its gui and hit f10, then wander through the options
<twb> kerozene: it's in there somewhere
<kerozene> I've no gui
<lauris> creating empty file didn't helped
<twb> kerozene: yes, you do.
<twb> kerozene: you may not have a *raster* GUI, but you are very unlikely to be ssh'ing from a printer
<kerozene> gotcha
<twb> Just run "aptitude" without arguments
<kerozene> yeah
<lauris> \sh, service --status-all shows [ ? ]  mysql
<kerozene> twb: I only found gui options
<twb> Sigh
<twb> Dependency handling >     [X] Remove unused packages automatically
<kerozene> under Options?
<twb> F10 > Preferences, IIRC
<twb> F10 > Options > Preference
<kerozene> yeah, it's not there. this is 8.04
<kerozene> good call tho
<twb> Grmph
 * twb wanders over to amc.prisonpc.com
<twb>     [X] Remove unused packages automatically
<twb> ...it's there in 8.04
<twb> That's aptitude 0.4.9-2ubuntu5
<kerozene> beautiful. works
<kerozene> not used to that ui: scrolling, split screen etc.
<\sh> lauris: mysql should come up by default when you don't have any bugs in your config
<lauris> i can start it manually with service mysql start
<lauris> so i assume there are no bugs in the config
<twb> lauris: 10.04?
<twb> As at 10.04, mysql is started from upstart, not sysvinit
<lauris> yes, 10.04
<\sh> lauris: when you check the upstart script, it says start on (net-device-up and local-filesystem and runlevel [2345]) so this works as expected, or you have something missing from the start on events
<lauris> how can i check this ?
<\sh> eventually your net-device is not up, or your local filesystem isn't mounted
<twb> lauris: with great difficulty :-/
<twb> \sh: looks like the mysql upstart job has some stinky spinlocks and things, I suppose they could be borking
<lauris> \sh, this might be the case since i use openvz guest for running mysql
<twb> \sh: did you check his /var/log/auth.log and syslog?
<\sh> lauris: http://upstart.ubuntu.com/wiki/Debugging
<twb> lauris: that's why
<twb> lauris: openvz and lxc do not generate the lo event that upstart expects
<twb> lauris: here's what I do: http://paste.debian.net/105515/
<\sh> twb: hmm...lo up is triggered by udev, right? so it should run with any udev events regarding a NIC coming up
<twb> \sh: he's running a container
<\sh> twb: ah no udev then
<twb> \sh: the kernel events are consumed by the dom0; the domUs don't see them
<twb> He probably has udev within the container, but it just sits there on its ass
<twb> The ifupdown NMU 0.6.8ubuntu29.1 "fixed" a bug where the lo up event was raised twice
 * \sh hoorays for bare-metal ;)
<twb> So you (or at least *I*) get the case where an update from lucid-updates suddenly causes all containers to stop booting
<twb> Now, openvz is a little different from lxc, but I expect he's running into basically the same issue -- it might be a slightly different event
<lauris> host is running on debian
<twb> FWIW, OpenVZ isn't supported by Ubuntu anymore
<lauris> which is supported.
<twb> They dropped it in favour of LXC, which isn't really production-ready as at 10.04 :-(
<lauris> and then i run ubuntu guests on top of it
<lauris> ok, i assume i'd better workaround it
<iclebyte-work> we are looking for a solution with which we can monitor network traffic at various points across our network i.e. by protocol like for example a network tap. Does anyone know of any existing software for this?
<SockPants> hi all
<SockPants> i'm installing ubuntu server 10.10, but the partitioner isnt working properly
<SockPants> i'm trying to set up software raid on 2 disks
<SockPants> i succeed in creating the software raid setup, but i can't subsequently partition the raid disk
<JamesPage> SockPants: is there any particular error message you are getting?
<SockPants> JamesPage: no errors. right now i see the raid disk with an ext4 partition (i created that earlier for a lack of alteratives). selecting the disk and hitting enter does nothing but flash the screen, i can't delete the partition so i can't create swap space
<SockPants> i've restarted the server and tried again but nothing changed
<JamesPage> SockPants: just reminding myself of how the installer works for RAID (did one a few months back)
<JamesPage> SockPants: are you selecting the partition or the disk?
<soren> smoser: Where can I find some info on the desktop cloud images?
<SockPants> selecting the disk just flashes the screen, selecting the partition leads to the 'use as, copy, erase, done' menu
<JamesPage> SockPants: OK so if you configure the use as 'do not use this partition'
<SockPants> JamesPage: that's how it's configured now
<JamesPage> right - and then delete the software raid partition using the 'Configure software RAID' option at the top of the partition disks screen
<SockPants> JamesPage: that works, it deletes the raid disk
<JamesPage> SockPants: does that get you to where you need to be?
<SockPants> JamesPage: no, i'm trying to get a root partition and a swap partition on the raid disk i just removed
<JamesPage> SockPants: OK - and do you want to use LVM on top of the RAID-1 configuration?
<SockPants> not necessarily
<mrroth> oh
<JamesPage> SockPants: you will need to setup a RAID device per partition you want to create if you don't use LVM
<SockPants> ah in that case i misunderstood
<SockPants> how come i can't partition the raid disk as if it were a physical one
<JamesPage> SockPants: or you can configure the RAID device as an LVM physical device and then create LVM volumes within it.
<JamesPage> SockPants: good question - I'm not sure
 * JamesPage looks to see if there are any reasons why this can't happen.
<smoser> soren, uec-images.ubuntu.com
<smoser> they're basically just images with ubuntu-desktop in them.
<soren> smoser: Ah, no NX or anything like that?
<smoser> well...
<smoser> it looks like they currently all have a lucid-built nx from http://bazaar.launchpad.net/~ubuntu-on-ec2/vmbuilder/automated-ec2-builds/view/head:/vmbuilder-uec-ec2-fixes
<smoser> woops. from http://ppa.launchpad.net/freenx-team/ppa/ubuntu . the previous url has details
<smoser> i thikn i'll probably yank that or deal with it some other way in natty for alpha3
<RoAkSoAx> morning all!
<JamesPage> RoAkSoAx: morning
<smoser> yo
<RoAkSoAx> how's it going ?
<JamesPage> SockPants: Software RAID disks can be partitioned - but this has not always been the case;
<JamesPage> SockPants: so this is probably a hangover from the days before Software RAID devices could be partitioned.
<SockPants> JamesPage: i believe then i'm missing some option in the partitioner
<SockPants> actually i'm pretty sure i was able to remove the partition on the software raid disk once before and then choose to partition the free space into 2 partitions
<SockPants> but i can't reproduce it
<JamesPage> SockPants: :-) always the trick....
<SockPants> there's no option to remove the partition or create a new partition table anywhere
<JamesPage> SockPants: looks that way - the only workaround I can suggest is to use LVM ontop of the RAID device
<SockPants> i see. thanks for the help!
<JamesPage> SockPants: it would be a nice feature of the installer as it would make setting up RAID much quicker
<jdstrand> shauno: rules added via the ufw cli command are sotred in /var/lib/ufw or /lib/ufw depending on the version of ufw your are using. also, (again, depending on the version of ufw you are using), you can use the /usr/share/ufw/check-requirements to see if your kernel has everything needed to use ufw
<kaushal> hi
<kaushal> can someone please suggest me about running the query in Oracle ?
<uvirtbot> New bug: #706945 in php5 (main) "php5-fpm package does not include a logrotate file" [Undecided,New] https://launchpad.net/bugs/706945
<JamesPage> SockPants: I raised this feature under bug 706949
<uvirtbot> Launchpad bug 706949 in partman-md "Partitioning of RAID devices is not possible through installer" [Undecided,New] https://launchpad.net/bugs/706949
<SockPants> JamesPage: great, thanks for the effort!
<SockPants> i hope it gets fixed
<JamesPage> SockPants: if you want to add any more information to be bug report/and or confirm it that would be great.
<SockPants> JamesPage: i'll have a look
<JamesPage> zul: remember our brief conversation about Samba 4 in main last week?
<zul> JamesPage: yeah and its still not going to happen
<JamesPage> zul: I know; but its been pointed out to me that only the Preferred dependency has to be in main.
<soren> JamesPage: Yes, that's correct.
<JamesPage> zul, soren: so could we not support existing samba4-client installs using smbclient | samba4-clients ?
<JamesPage> smbclient: in main
<zul> why again?
<soren> JamesPage: Sorry, what?
 * soren is completely missing context
<JamesPage> Context:
<JamesPage> bug 704377
<uvirtbot> Launchpad bug 704377 in nagios3 "nagios3 requires smbclient, tries to uninstall samba4-clients" [Low,Triaged] https://launchpad.net/bugs/704377
<JamesPage> smbclient conflicts with samba4-clients so if you install nagios3, samba4 gets un-installed in preference to the smbclient dependency
 * JamesPage forgets that soren is not a mind reader
<zul> JamesPage: nack
<soren> JamesPage: Sure, if nagios is happy to use the samba4 equivalent of smbclient, just add it as an alternative in the Depends.
<soren> zul: Why not?
<hallyn> bug 525287
<uvirtbot> Launchpad bug 525287 in lvm2 "Add support for corosync based clusters in clvm" [High,Confirmed] https://launchpad.net/bugs/525287
<zul> soren: because i can just see this causing headaches down the road
<soren> There's a bajillion examples of this in the archive.
<soren> Roughly.
<zul> soren: name one
<soren> I didn't actually count them.
<zul> soren: i assumed you didnt ;)
<soren> We have eleventy billion mta's, for intance.
<soren> Only two are in main, yet a lot of packages specify a dependency on mail-transport-agent.
<soren> It's less direct, since it's a virtual packages, but that causes more headaches, not less.
<soren> But sure, I'll find an example.
<soren> Heck, we even have dependencies that don't exist at all!
<soren> adduesr depends on debconf | debconf-2.0. debconf-2.0 doesn't exist.
<soren> alsa-utils depends on whiptail | dialog. dialog is in universe.
<zul> rght you made your point
<soren> ...and I've only made it alsa-utils (going alphabetically).
<soren> Ah, debconf provides debconf-2.0. My bad.
<soren> Apache depends on any MPM. The itk one isn't in main, yet validly fulfills the requirement.
<suman> how to connect to internet any one???
<suman> i mean my server
<suman> anyone here
<suman> ??
<suman> have a small problemo
<suman> hullo can anyone help
<Pici> !details | suman
<ubottu> suman: Please give us full details. For example: "I have a problem with ..., I'm running Ubuntu version .... When I try to do ..., I get the following output: ..., but I expected it to do ..."
<suman> ok sorry ..pls wait
<suman> I am running ubuntu server edition which is not connected to internet ..i jus need a command which connct it to the internet...sorry for my english
<suman> actually i installed server edition first but now want to switch to desktop edition ..am trying sudo apt_get install ubuntu_desktop
<suman> its not working syaing that cannot locate the package
<Pici> suman: The package name is ubuntu-desktop not ubuntu_desktop
<suman> yeah i did that by mistake i typed that
<Pici> suman: There is no 'one command' that connects a server to the internet.  Do you see your network connection in   ifconfig
<suman> one coulumn is lo
<suman> and other isvirbr0
<suman> its showing my ip n stuff
<Pici> Can you ping 8.8.8.8 ?
<suman> wait will do that
<suman> network is unreachable
<suman> output:network is unreachable
<suman> can i come back some one knocking my door
<Pici> Sure
<SockPants> i now seem to be in a situation where i can't partition at all
<SockPants> is there any way i can manually force-delete / ignore all the info it thinks it has?
<leprechau> sure
<SockPants> .. in the installer?
<leprechau> dd if=/dev/zero of=/dev/sdx bs=512 count=32 ... that will completely wipe your partition table
<SockPants> leprechau: how do i get to a cli
<leprechau> where sdx is the drive you want to wipe
<leprechau> boot cd into 'rescue a broken instalation' mode from the first menu
<hggdh> smoser: there?
<smoser> here
<smoser> hggdh,
<suman> Pici:i am back ..can u please guide me to connect to internet
<suman> pici:r u there
<suman> ??
<suman> can anyone help me connectiing my ubuntu servr edition to internet
<suman> ???
<SockPants> is there any way to switch to a cli in the middle of installation
<genii-around> SockPants: You can togle consoles with the usual combos like alt-f1 thru alt-f4
<genii-around> If memory serves 4th console is where all the output messages are appearing
<Pici> suman: I got called away to work on something, are you still having issues?
<suman> yeah
<SockPants> hm ok
<SockPants> how can i manually make a partition table on /dev/md0 during install? it cant find parted
<suman> rusty149:yeah
<JamesPage> SockPants: use fdisk /dev/md0
<Pici> suman: Is this a virtualized server?
<SockPants> JamesPage: thanks, that seemed to work, but then there was an error anyway. what's the command for setting up software raid manually?
<netzi> hi @ all
<netzi> brÃ¤uchte hilfe beim Compilern
<zul> RoAkSoAx: there is a newer drbd8 in debian
<RoAkSoAx> zul: yeah! upstream is releasing a newer version though
<zul> RoAkSoAx: cool
<RoAkSoAx> zul: but I'll take care within this or next week...
<RoAkSoAx> zul: btw... what kernel is natty gonna ship?
<zul> .38 i think
<RoAkSoAx> zul: ok, thanks! Then I guess Debian version should be enough for us!
<uvirtbot> New bug: #706988 in mysql-5.1 (main) "Major Bug in MySQL 5.1.49 up to 5.1.52" [Undecided,New] https://launchpad.net/bugs/706988
<SpamapS> Goooood morning u-bun-tuuu
<SockPants> good evening:)
<JamesPage> Hey SpamapS
<mrothhh> how do you sys admin manage emails
<SpamapS> When I was a sysadmin (now an OS developer) I viciously attacked anything that caused email to arrive in my inbox, and never used filtering
<SpamapS> now I do the same actually ;)
<aljosa> which version of ubuntu works with/has ibm db2 express-c in partner repository?
<zul> Hey SpamapS good weekend?
<uvirtbot> New bug: #706995 in cobbler (universe) "Cobbler references init scripts in /etc/rc.d/init.d" [Undecided,New] https://launchpad.net/bugs/706995
<hootenanny> hey, does anyone know whether symbols in passwords can mess with IMAP over SSL?
<[diablo]> anyone noticed problems booting min. virtual guests that are 10.10?
<[diablo]> I sometimes get hangs, and have to restart em via virsh (triggers the ACPI)
<JamesPage> SockPants: I'm not sure what tools are available in the installer environment but here is a good place to start http://tldp.org/HOWTO/Software-RAID-HOWTO.html
<SpamapS> zul: great weekend thanks... yours?
<zul> SpamapS: a whee bit too cold
<SpamapS> zul: I know when you say that, it means it was unbelievably cold
<zul> SpamapS, -23C right now
<SpamapS> thats quite a bit colder than my current 17C ;)
<RoAkSoAx> I'm at 23C
 * SpamapS wonders how long before somebody throws RoAkSoAx and he in a freezing swimming pool at an ubuntu event.
<SpamapS> s/he/him/ :-P
<RoAkSoAx> hahaha
<aliverius> hi. i found my server powered off. it wouldnt power on. in the end it did. now i want to take a look at the logs in case i find what happened before the shutsdown. nut which log?
<aliverius> http://pastebin.com/kcLk9MVg
<aliverius> what does the above tell us?
<e_t_> Does the connection function?
<aliverius> now yes
<aliverius> and no kernel msgs
<e_t_> It looks to me like eth0 and eth1 are being disabled as independent interfaces and then brought up as part of the bridge.
<aliverius> it is just that the above where its last words :p
<aliverius> now such msgs appear now. and the server is full functional
<aliverius> in fact i am speaking to you through that bridge
<e_t_> There's that famous saying "If it ain't broke, don't fix it."
<aliverius> i must prevent the next failure
<aliverius> so there may be something to fix
<uvirtbot> New bug: #652312 in cloud-init "apt cache not up to date on first boot" [Low,Incomplete] https://launchpad.net/bugs/652312
<zul> SpamapS: for that cobbler i was thinking of combining the cobbler_web.conf and the cobbler.conf into one
<SpamapS> zul: that would mean combining cobbler-web and cobbler again.
<lynxman> oh hey zul o/
<zul> SpamapS: yeah maybe not a good idea :)
<SpamapS> zul: the whole point of the cobbler-web package was that you install it and get the web interface.. no install.. no web interface..
<SpamapS> zul: I'm wondering if we should push to have our version included upstream as like, cobbler_web_debian.conf
<SpamapS> zul: the two philosophies are somewhat different
<zul> SpamapS: probably
<SpamapS> zul: and we can always include the common bits
<SpamapS> zul: but I was thinking that would be in the "make the web interface better" effort next cycle
<zul> SpamapS: meh...i dont want to step on people's toes
<zul> hey lynxman
<zul> SpamapS: thats more landscapish
<uvirtbot> New bug: #603329 in cloud-init "mounts option to cloud-config skips devices not starting with /" [Medium,Fix released] https://launchpad.net/bugs/603329
<SpamapS> zul: landscape is so many lightyears ahead of it.. I don't want to do any work on making the interface itself better... I just want to make it easier to install. ;)
<zul> SpamapS: ah sure
<SpamapS> zul: I do think that landscape should be able to be plugged into it similar to spacewalk.
<zul> SpamapS: well the base is there its up to them if they want to use it or not
<SockPants> has anyone here ever used ubuntu on an ibm server?
<zul> SpamapS: does this look sane to you?
<zul> http://people.canonical.com/~chucks/05_fix_init_paths.patch
<SpamapS> zul: reading
<RoAkSoAx> zul: error in ""%s/named restart", % which_init_path"  (and dnsmasq, dhcpd) , should be ""%s/named restart" % which_init_path", note the ","
<zul> RoAkSoAx: right
<SpamapS> zul: I'm not sure I like the approach of looking in /etc/init.d for a file...
<SpamapS> zul: service kind of already has this logic.. but a bit misplaced
<Datz> !seen twb
<ubottu> I have no seen command
<zul> SpamapS: does fedora have service?
<zul> SpamapS: because that would be more distro agnostic
<Datz> I "sudo aptitude install linux-image-2.6.32-27-virtual" but when I restarted I still see 2.6.32-27-server.  Is there something more I need to do?
<RoAkSoAx> zul: YES it does have service blablabal start etc etc
<zul> RoAkSoAx: win
<RoAkSoAx> zul: though, as it is expected, the name of some services might different
<SpamapS> zul: yes, I believe we took it from fedora
<RoyK> Datz: iirc -server is equal to -virtual now
<uvirtbot> New bug: #707050 in nut (main) "Lost patches0004-netvision-improvements-lp-600950.patch" [Medium,New] https://launchpad.net/bugs/707050
<Datz> RoyK: interesting.. why would there be -server and -virtual then?
<Datz> I guess I should have tried another kernel version, then I'd know if there was a switch :P
<pmatulis> Datz: the virtual kernel does not need physical h/w drivers?
<Datz> pmatulis: that was my impression
<RoyK> Doonz: did you try manually booting into the virtual kernel?
<RoyK> just press shift during boot
<m_tadeu> hi...when I dmesg, I get an error from SMBus complaining about the buffer lenght...aparentely it needs 42 and only has 20...where is this configured?
<Datz> RoyK: you mean Datz right :P
<Datz> I will try though
<Datz> thanks
<RoyK> Datz: I did, wrong nick :P
<kaushal> Shall i pastebin the impdb logs ?
<kaushal> I have exported DB on EE and trying to import it to SE on Oracle 11g R2 DB Server
<kaushal> I get lot of errors
<kaushal> Please suggest/guide
<kaushal> I am not getting help at #oracle or ##oracledb
<RoyK> kaushal: I don't think this is an oracle channel, so you may dump it to /dev/null - less hassle
<oCean> you not getting answers does not make it an ubuntu issue, right?
<RoAkSoAx> zul: btw.. still don't wanna sponsor lvm ? :)
<zul> RoAkSoAx: not really
<RoyK> linux needs a good filesystem that can mirror zfs' work
<RoyK> btrfs may be the one, but the current progress isn't showing much potential
<sparc> yeah :(
<sparc> btrfs is on the way...
<sparc> we installed FreeBSD for our NAS just for ZFS
<oCean> it btrfs different from drbd?
<mdeslaur> RoAkSoAx: you haven't found anyone to sponsor it yet?
<RoAkSoAx> mdeslaur: nope :( apparently nobody want's to touch that package :)
<mdeslaur> RoAkSoAx: what's the bug # again?
<RoAkSoAx> bug #525287
<uvirtbot> Launchpad bug 525287 in lvm2 "Add support for corosync based clusters in clvm" [Wishlist,Confirmed] https://launchpad.net/bugs/525287
<RoyK> oCean: btrfs has some of the stuff zfs has, like block-level checksumming and raid-1, but it isn't ready, and hasn't been worked on very heavily for a couple of years
<oCean> and what about DRBD?
<RoyK> oCean: drbd isn't a filesystem, it's a block-level replication mechanism
<oCean> Ah, ok
<oCean> And glusterfs? That's enitrely different thing?
<oCean> *entirely
<mdeslaur> RoAkSoAx: I'll sponsor it...I'll upload it once I take a look, build, and test lvm2
<RoyK> glusterfs is an overlay over filesystems for clustering
<RoAkSoAx> mdeslaur: awesome! Thanks!
<RoyK> oCean: if you're looking for a filesystem that can handle bad drives, use zfs
<RoyK> preferably on openindiana or something - the current zfs-fuse code is quite bad in terms of write speed
<mdeslaur> RoAkSoAx: welcome
<oCean> RoyK: ok! thx for the info, have to look into that some more.
 * RoyK has two 100TB boxes running openindiana for bacula storage - owrks well
<RoyK> s/owrks/works/
<m_tadeu> my ACPI is complaining that SMBus needs a buffer length of 42 and only has 20...how do I solve this?
<Datz> RoyK: grub menu shows -server as well
<genii-around> m_tadeu: Looks like https://bugs.launchpad.net/ubuntu/+source/acpi/+bug/606999
<uvirtbot> Launchpad bug 606999 in acpi "buffer length error in syslog" [Undecided,New]
<m_tadeu> in deed...what are the implications of this error?
<genii-around> m_tadeu: Looks like vendor acpi extensions may not work
<wizardslovak> hello people
<wizardslovak> i installed wordpress
<wizardslovak> but i cant get it to work
<wizardslovak> i mean i used apt-get install
<wizardslovak> and then i got to ip/wp-admin and it shows that there is no folder like that
<genii-around> wizardslovak: sudo ln -s /usr/share/doc/wordpress/examples/apache.conf /etc/apache2/conf.d/wordpress.conf                   then restart apache
<mdeslaur> RoAkSoAx: lvm2 uploaded
<Datz> RoyK: well, aptitude search shows that -virtual but -server shows "c" meaning that some configuration files remain.
<Datz> virtual is installed*
<RoAkSoAx> mdeslaur: thanks ;)
<mdeslaur> RoAkSoAx: np
<wizardslovak> genii-around, http://pastebin.com/ek9kgzYA
<Henry1> I changed my ssh conf on my new vps, added my own username, set PermitRootLogin to no and AllowUsers <onlyme> and everything worked for a while when connecting via ssh with my new username and after installing LAMP I changed my network (moved to another place with my laptop) and after that I only get Permission denied, please try again. â¦ any advice?
<uvirtbot> New bug: #707098 in openssh (main) ""oom" change in 1:5.3p1-3ubuntu5 causes "operation not permitted"" [Undecided,New] https://launchpad.net/bugs/707098
<uvirtbot> New bug: #707099 in munin (main) "Hostname case mismatch" [Undecided,New] https://launchpad.net/bugs/707099
<wizardslovak> genii-around,  well it didnt work , how to i reverse it?
<Datz> humm, well I removed configuration files for all linux-image*-server, aptitude showed that Linux-image*-vitual was installed, restarted. Now, Kernel panic :|
<genii-around> wizardslovak: Apologies on lag, work required me. For the moment, just to remove the symbolic link, eg: sudo rm /etc/apache2/conf.d/wordpress.conf
<Datz> can I update grub which in kernel panic?
<wizardslovak> genii-around,  ;) thank you for help , i understand u gotta work ;) hihih
<Datz> update-grub*
<genii-around> wizardslovak: The idea would be to make an apache alias for /usr/share/wordpress and place it in /etc/apache2/conf.d with appropriate name
<wizardslovak> genii-around, ah , gotta google that one ;)
 * Datz reverts to previous snapshot..
<genii-around> wizardslovak: Something like http://pastebin.com/YMr3BJF5
<wizardslovak> genii-around, thank you ;) so i should just copy it to apache2/conf.d
<genii-around> wizardslovak: To inside that directory, yes, but in a file named perhaps like wordpress.conf
<Pici> And make sure that www-data can read it
<wizardslovak> genii-around, sorry i am noob at this , so make file named "wordpress.conf" and just write allias u wrote me , i just use correct folder i got wordpress installed in
<wizardslovak> i am sorry people , the only think i know is how to simple settup apache
<wizardslovak> and i need help with wordpress
<genii-around> wizardslovak: Basically if you do something like: sudo nano /etc/apache2/conf.d/wordpress.conf                and then add the lines from the pastebin, exit with saving, then restart apache
<wizardslovak> genii-around,  let me try it
<wizardslovak> ok that conf is empty
<wizardslovak> blank
<genii-around> wizardslovak: Then http://localhost/wordpress        takes you there
<genii-around> wizardslovak: Yes, it will be blank at first since it is a new file just made
<Datz> looks like I need the configuration files for -server to run -virtual kernel?
<wizardslovak> genii-around,  i got this http://pastebin.com/8gyydqLJ
<wizardslovak> i mean i tried server lan ip and still same think
<genii-around> wizardslovak: You might want to try first: http://localhost/worpress/wp-admin
<wizardslovak> genii-around, "The requested URL /wordpress/wp-admin was not found on this server."
<genii-around> wizardslovak: perhaps  http://localhost/worpress/wp-admin/index.php
<wizardslovak> nope same think
<genii-around> oops typo, forgot a "d" in wordpress there
<wizardslovak> genii-around,  hehe i didnt , and still aint working
<wizardslovak> btw i change allias to my requirements , maybe mistake in there? http://pastebin.com/yVnqMShq
<wizardslovak> genii-around, and i am getting this "/etc/wordpress/config-192.168.1.106.php could not be found. The file is either not readable by this process or does not exist.
<wizardslovak> Please check if /etc/wordpress/config-192.168.1.106.php exists and contains the right password/username."
<genii-around> wizardslovak: The files should not be in /var/www/anywhere but in /usr/share
<genii-around> Since that is where the package puts them
<wizardslovak> genii-around,  oh i moved folder from /usr/share to /var/www
<wizardslovak> ok i moved everything back
<genii-around> wizardslovak: You should not do that. The package manager for instance will not be able to track manual moving of files if it needs to uninstall. Also then it defeats the purpose of an alias to it
<wizardslovak> ok
<genii-around> When you spontaneously improvise it makes it difficult to assist...
<wizardslovak> genii-around,  i moved them back
<mrmist> I'd just install the various bits rather than use a package for wordpress.
<wizardslovak> grrr i used apt-get
<_UsUrPeR_> hey all. I am having a heck of a time installing software RAID with LVM in Ubuntu 10.04 Server x64. Check out this pastebin: http://pastebin.com/4rDmyjyM . Is software RAID + LVM capable of being installed? If so, is having a /boot partition on a software RAID possible?
<_UsUrPeR_> the pastebin details my partition layout
<SpamapS> _UsUrPeR_: we test RAID1 and LVM independently during our release cycles, but I don't know if we test the two together
<mrmist> I mean you may have success with the package method, but wordpress has its own support base that's fairly large and a lot of the folk wouldn't necessarily know a package install
<SpamapS> _UsUrPeR_: I assume you mean GRUB not GRUP ?
<_UsUrPeR_> oh yeah. sorry, GRUB2
<_UsUrPeR_> :)
<_UsUrPeR_> SpamapS: For the record, it appears that the grub/LVM partitions are created correctly. I just can't figure out where to put the grub installation
<SpamapS> _UsUrPeR_: RAID1 should actually be causing grub to install on both devices.
<SpamapS> _UsUrPeR_: *you* shouldn't be installing grub yourself.. the installer takes care of it.
<SpamapS> and it should in fact be putting it on sda and sdb
<SpamapS> I think
<SpamapS> I've never actually been in that code :p
<_UsUrPeR_> I understand. I am using the software RAID configuration tool in the Partition editing portion of 10.04 server install disk
<genii-around> wizardslovak: Work needs me for an extended period, apologies. I should be back at computer in 10-15 minutes
<wizardslovak> genii-around, i will behere ;)
<_UsUrPeR_> and it is, indeed, my intention to have all this information RAIDed across both hard drives
<_UsUrPeR_> I also understand that LVM cannot store boot partitions, which is why I created a separate RAID device specifically for that purpose
<toddc> that is what I am trying to do also raid 1 with LVM and having a hard time the setup is different that older versions
<SpamapS> _UsUrPeR_: so it succeeds in partitioning/creating filesystems, copying files, but then grub installation fails?
 * SpamapS should probably fire up a VM and test this out
<_UsUrPeR_> SpamapS: that is correct. I am stymied only during the GRUB2 installation process. Up to that point, everything appears to be moving along normally.
<_UsUrPeR_> SpamapS: I am seeing something of a bug pertaining to this here: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/527401  I am reading through it right now. It appears this has vacillated between "fixed" and "broken" a couple times now.
<uvirtbot> Launchpad bug 527401 in partman-base "grub-installer fails to install on a raid1 array" [High,Fix released]
<_UsUrPeR_> jynx :)
<uvirtbot> New bug: #707113 in cobbler (universe) "Koan should not have dependency on cobbler" [Undecided,New] https://launchpad.net/bugs/707113
<_UsUrPeR_> oh dammit, that's just a bot.
<_UsUrPeR_> lol
 * _UsUrPeR_ buys a beer for his new robot friend.
<arkonova> If i deleted a user and group and now want it back, can i just restore /etc/passwd, /etc/group and /etc/shadow from /etc/passwd-, /etc/group- and /etc/shadow-. Or is that a silly idea?
<wizardslovak> hmm
<wizardslovak> how do i change persmissions on folder?
<wizardslovak> Unable to create directory /usr/share/wordpress/wp-content/uploads/2011/01. Is its parent directory writable by the server?
<SpamapS> arkonova: you may also need to restore the user's home dir if it was deleted
<arkonova> SpamapS, this one was not deleted. So that all there is to users and groups files. Nothing else elsewhere?
<uvirtbot> New bug: #707117 in drbd8 (main) "Resync drbd8 8.3.9-1 (main) from debian unstable (main)" [Medium,In progress] https://launchpad.net/bugs/707117
<wizardslovak> anyone of u ever used ssmtp?
<RoAkSoAx> zul: drbd should be ready in a bit for you to sponsor ;)
<zul> RoAkSoAx: eod...kirkland can probably sponsor it as well
<zul> SpamapS: i still have to read your application as well
<kirkland> zul: sure
<kirkland> RoAkSoAx: let me know what you need
<RoAkSoAx> kirkland: will do ;)
<SpamapS> zul:  take your time next DMB meeting is 1/31
<hggdh> smoser: there?
<smoser> here
<hggdh> smoser: after adding -proposed, apt-get update & dist-upgrade, and rebooting, uname -a still shows 2.6.32-311-ec2
<hggdh> smoser: grub.cfg has the correct kernel as default
<smoser> you didn't launch with the pv-grub kernel
<smoser> can you pastebin euca-run-instances output ?
<smoser> err...
<smoser> euca-describe-instances or ec2-describe-instances
<hggdh> smoser: http://pastebin.ubuntu.com/557850/
<smoser> hm..
<smoser> hggdh, i'm looking at it. just a minute
<hggdh> smoser: np
<smoser> hggdh, there is no linux-ec2 in -proposed
<smoser> the -virutal is (explicitly) ignored via update-grub-legacy-ec2, and /boot/grub/menu.lst is the config file used, not /boot/grub/grub.cfg on EC2
<smoser> (its not my fault, all that we have available on EC2 -- and in xen anywhere -- is grub 0.97 like loader, not grub2)
<hggdh> oh
<smoser> something is busted maybe in us-east-1 archive
<smoser> according to https://launchpad.net/ubuntu/+source/linux-ec2 though, there should be a new linux-ec2 in the archive
<smoser> at least newer than 2.6.32.311.12
<hggdh> so... what to do? There is no 312.24 in the archives
<smoser> sudo apt-get install linux-image-2.6.32-312-ec2
<smoser> hggdh,
<smoser> the meta package isn't there, but the actual binary is
<hggdh> smoser: installed, rebooting now
<resno> ive got multiple users who need to upload large files, are there any inventive methods to allow this?
<Patrickdk> scp, ftp, http, email, ...
<Patrickdk> dunno that email is very practical, but hell
<Patrickdk> hell, bittorrent?
<RoAkSoAx> kirkland: bug #707117
<uvirtbot> Launchpad bug 707117 in drbd8 "Resync drbd8 8.3.9-1 (main) from debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/707117
<smw> Anyone know why apache would not start on ubuntu but when you run the init script manually it works? I am using the official ami for amazon ec2. Apache is in my rc2.d
<smw> the boot does not even mention it
<smw> boot log* (/var/log/boot.log)
<arkonova> Some folks using etckeeper with git here?
<arkonova> Was wondering if using a nested repo to manage apache's sites is a good idea. I can't foresee any issue with that...
<RoAkSoAx> kirkland: ok so I was reviewing powernapd again, and the get_interrupts function is used by the get_console_activity to get interrupts of PS2 mouse/keyboard, and also examines the most recently touched (os.stat) device in /dev.
 * genii-around sips
<genii-around> wizardslovak: Still struggling with Wordpress?
<RoAkSoAx> kirkland: the combination of that is used to grab the "Console" activity in general to be able to cancel the attempt to perform an action
<genii-around> wizardslovak: I just went through the install process here on a spare box for it, I agree that it's not so straight forward as it should be
<wizardslovak> yea i ve done it
<wizardslovak> genii-around,  u have to edit wp-config
<wizardslovak> genii-around, then copy example to orginal
<wizardslovak> it works
<wizardslovak> now i am trying to figure out how to work with it
<genii-around> wizardslovak: No, there was a file to run /usr/share/doc/wordpress/examples/setup-mysql
<wizardslovak> not really
<wizardslovak> in config file u gotta write sql database name , username and password
<wizardslovak> after that it worked perfectly
<wizardslovak> now i have different problem
<wizardslovak> as my friend from other pc aross the town cant reply for blogs
<wizardslovak> it throws him into my servers LAN  ip
<genii-around> wizardslovak: Do you have apache rewrite module enabled?
<genii-around> wizardslovak: I do not prefer to talk by personal message
<wizardslovak> genii-around,  nope
<wizardslovak> genii-around,  ok understand
<wizardslovak> genii-around,  how do i check it out ?
<genii-around> wizardslovak: sudo a2enmod rewrite
<wizardslovak> "enabling module rewrite
<kirkland> RoAkSoAx: okay, drbd8 uploaded
<kirkland> RoAkSoAx: okay, so how about powernap?
<RoAkSoAx> kirkland: thanks for the upload!!
<RoAkSoAx> kirkland: I'm on it, I was thinking that instead of PS2 monitor, should just be a ConsoleMonitor?
<kirkland> RoAkSoAx: yes
<kirkland> RoAkSoAx: i agree
<kirkland> RoAkSoAx: good idea
<wizardslovak> genii-around,  its rewritten
<RoAkSoAx> kirkland: that's how it is working now. Once that code is separated from powernapd the loop itself will change dramatically to also allow running the monitors when on PowerSave
<genii-around> wizardslovak: I am testing my current setup to see if outside ip can respond, etc
<wizardslovak> ok sure
<wizardslovak> genii-around,  take your time , i dont rush ;)
<RoAkSoAx> kirkland: I already separated the WoL monitor into its own Monitor, though I'm still using the old code till I get the ConsoleMonitor up and running. Then I'll allow the monitors to run at all times. I expect that to be done by tomorrow
<RoAkSoAx> kirkland: btw.. u forgot to debuild -S -sa for drbd :)
<kirkland> RoAkSoAx: i know, i'm redoing now :-/
 * SpamapS hates when that happens
<kirkland> RoAkSoAx: re-uploaded
<kirkland> RoAkSoAx: sweet!  you're the man
<genii-around> wizardslovak: External access works for mine. I'm just port-forwarding to the internal lan IP, but the box has a name assigned
<wizardslovak> genii-around,  well i did forward 80 and 22
<RoAkSoAx> kirkland: thanks for the upload ;)
<wizardslovak> what ports does wordpress uses?
<RoAkSoAx> kirkland: btw.. did you finish the TCPMonitor?
<kirkland> RoAkSoAx: nearly
<kirkland> RoAkSoAx: got distracted;  thanks for the reminder
<genii-around> wizardslovak: As far as I can tell just http and possibly https ( 80, possibly 443 )
<wizardslovak> hmm
<wizardslovak> done it and still
<wizardslovak> genii-around,  in general settings by "site address url" do you have lan ip?
<RoAkSoAx> kirkland: oh!! btw!! I was also thinking that while in PowerSave mode, the monitors could run as "event" based monitors, while during ABSENT_SECONDS, we can just poll every INTERVAL_SECONDS, instead of transforming everything to event based
<RoAkSoAx> so that we have a combination of behaviors
<kirkland> RoAkSoAx: hmm, okay ....
<kirkland> RoAkSoAx: what does that give us?
<RoAkSoAx> kirkland: while in Powersave, makes no sense to be polling every INTERVAL_SECONDS. but while running ABSENT_SECONDS, we don't really care cause we are running in full power.
<kirkland> RoAkSoAx: hmm, yeah, that sounds really good
<genii-around> wizardslovak: I have by fqdn
<RoAkSoAx> kirkland: so for example, during ABSENT, if INTERVAL=10, and we receive a TCPMonitor (ssh) and every 10 seconds it will check if it received it, so that it allows the daemon to sleep every 10 secs. But when on PowerSave the TCPMonitor, can just send an event to the daemon to take a recover action and we "stop" powernapd from polling
<wizardslovak> hmmm
<wizardslovak> genii-around, let me try that
<kirkland> lifeless: howdy, around?
<kirkland> lifeless: squid question(s) for you when you are
<wizardslovak> genii-around,  if ill send you address can you register and post comment?
<wizardslovak> genii-around,  nevermind , got it to work ,
<kirkland> lifeless: i think i figured it out, though i wouldn't mind vetting my config by you ;-)
<kirkland> RoAkSoAx: http://pastebin.ubuntu.com/557885/
<kirkland> RoAkSoAx: i think you're going need a breaks/replaces since you moved a file from one binary package to another
<lifeless> kirkland: hi
<lifeless> kirkland: 'sup?
<kirkland> lifeless: okay, I'm working squid-deb-proxy -- you familiar?
<lifeless> yes
<lifeless> not yet gotten around to reading the impl details
<kirkland> lifeless: we're trying to push that as a sane, default, preferred deb caching solution
<kirkland> lifeless: i'm looking for the best practice in a usecase that may well be common in some of the enterprises we're targeting, and i've reproduced that environment here
<kirkland> lifeless: okay, so the network setup looks like this ...  an open, outer network, with a secure, inner network inside of it, separate subnets
<kirkland> lifeless: clients of the secure, inner network can, of course, initiate connections to servers in the open, outer network, but not vice versa
<kirkland> lifeless: the squid deb proxy is running in the open, outer network
<kirkland> lifeless: i can't find any way to get the avahi/zeroconf/mdns broadcast messages from the outer network to the inner network
<kirkland> lifeless: i played around with a little bit of firewalling and port forwarding, but it just doesn't look like it's possible
<lifeless> mmm
<kirkland> lifeless: i could use a confirmation of that,  but in the mean time, i think i have a workable solution
<kirkland> lifeless: mmm means you're thinking, or affirming?
<lifeless> kirkland: well, in corporates you may find mdns firewalled (possibly host as well as routers)
<lifeless> e.g. http://www.net.princeton.edu/filters/mdns.html
<kirkland> lifeless: right, good point
<lifeless> 'Our measurements in Fall 2006 indicate that this filter reduced multicast/broadcast traffic by 52-63% (measured by packet rates) on the largest campus networks.
<RoAkSoAx> kirkland: do you think it would really be necessary given that 1.12 was only on natty?
<lifeless> '
<lifeless> 'We filter the mDNS traffic at the wireless access points or wireless controllers. '
<kirkland> lifeless: okay, in any case, my "solution" to the two subnet problem is to run a second squid-deb-proxy in the inner, secure network, and "chain" it to the "real" one in the outer network
<SpamapS> kirkland: I don't think s-d-p was designed with that use case in mind.
<kirkland> RoAkSoAx: perhaps not
<lifeless> RoAkSoAx: its always useful to reduce problems
<SpamapS> kirkland: I think it assumes you're on a shared LAN w/ the clients
<kirkland> SpamapS: lifeless: okay, well, here's what I added to squid-deb-proxy.conf:
<lifeless> kirkland: so I have an alternative
<kirkland> cache_peer 10.1.1.11 parent 8000 3130 no-query no-digest no-netdb-exchange
<lifeless> kirkland: fixup s-d-p to use SRV records as well as mdns
<SpamapS> ooo good plan
<SpamapS> the corporate alternative
<kirkland> hrm
<kirkland> interesting
<lifeless> kirkland: you can of course chain squids
<SpamapS> kirkland: it would be cool to have another avahi mdns service going to that let the s-d-p's find eachother for ICP
<kirkland> lifeless: right, so that was my immediate question ... is this config "valid" to your eyes?
 * SpamapS will re-type that in english.. :p
<lifeless> but if they are both in the same lanish area there's no particular advantage to chaining, and you'll add latency
<SpamapS> kirkland: it would be cool to have another avahi mdns service going so that multiple s-d-p's find eachother for ICP
<lifeless> kirkland: as far as the config goes
<lifeless> cache_peer $upstream-hostname-or-up parent $port 0 no-query no-digest no-netdb-exchange, if you want to disable all that
<lifeless> but there isn't any particular reason to disable everything
<lifeless> kirkland: the big thing you want though is to tweak the hierarchy and direct rules
<SpamapS> lifeless: one reason to chain would be to traverse a restrictive firewall
<lifeless> specifically you want the child proxy to never go direct
<lifeless> SpamapS: sure; OTOH if you're opening a port to a specific outside proxy that is locked down, few admins would object to opening that to all the clients.
<kirkland> lifeless: right, all i'm really going for is to ensure that the inner proxy, which is the only one that the inner clients sees, pull deb's from the outer proxy's cache when available, rather than pull all the way from archive.ubuntu.com, while there are live cache hits available on the outer LAN
<lifeless> kirkland: I would tell it to always use the outer proxy, otherwise the outer proxy will grab stuff the inner already has
<lifeless> *or*
<lifeless> make the inner and outer peers
<lifeless> but the corp scenario makes peering less ok
<SpamapS> I kind of think once you start dealing w/ corporate networks s-d-p becomes less about the avahi, and more about a consistent port that only allows deb/apt downloads.
<kirkland> lifeless: hmm, what are the directives to do that?
<lifeless> http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#How_do_I_configure_Squid_to_work_behind_a_firewall.3F
<kirkland> lifeless: http://wiki.squid-cache.org/Features/CacheHierarchy seems to be what I want, no?
<kirkland> SpamapS: hmm, yeah, a protocol by which squid-deb-proxies cooperate would be cool
<kirkland> SpamapS: kinda torrenty :-)
<lifeless> kirkland: was answering the specific bit of your query :)
<kirkland> lifeless: ah
<SpamapS> kirkland: screw it lets just hack bittorent support into d-i
<SpamapS> install 1000 servers in under 5 minutes
<kirkland> SpamapS: what a plan
<SpamapS> kirkland: its not all that far fetched.. system imager had bittorent support
<SpamapS> kirkland: but s-d-p is far simpler. :)
<kirkland> SpamapS: heh
<binaryhat> im not seeing check_sensors plugin installed, nagios-plugins-standard doesnt include it?
<SpamapS> binaryhat: maybe try nagios-plugins-extra ?
<binaryhat> nope
#ubuntu-server 2011-01-25
<binaryhat> no .cfg in /etc/nagios-plugins/config/
<lifeless> kirkland: squid can do multicast cooperation already, FWIW
<kirkland> lifeless: sounds nice;  what does that mean?
<lifeless> http://eu.squid-cache.org/Features/MultiCast
<lifeless> kirkland: it means you can use a single config, across subnets (or even wans) and have squids autodiscover each other
<tigreton> hi
<tigreton> could u send me a tutorial for balancing servers pls?
<SpamapS> tigreton: there are a lot of things to consider in load balancing
<tigreton> i want to create a simple balance, it isn't for a company or a real case, i will study a simple web with balance
<SpamapS> tigreton: perhaps the simplest way to do it is with lvs .. http://www.austintek.com/LVS/LVS-HOWTO/
<tigreton> and one more thing, 3 vps of 3$ eachone so... jeje
<tigreton> lvs i readed it before, ok
<tigreton> i see that tutorial
<tigreton> could spamamps resume what it does please?
<tigreton> An LVS is a group of servers that appear to the client as one large, fast, reliable (highly available) server. The core of the project is the ip_vs code, which runs on the LVS director...
<tigreton> i will try lvs and piranha spamaps
<tigreton> lvs tutorial is so large, so it isn't simply :( jaja
<tigreton> thanks everyone see you tomorrow! ;)
<RoAkSoAx> kirkland: for the ConsoleMonitor it is enough to examine time of last modification of /dev/ptmx and interrupts if any right?
<kirkland> RoAkSoAx: i think that's what it does now, right?
<RoAkSoAx> kirkland: mostly yes
<RoAkSoAx> kirkland: first it does a dev = commands.getoutput("ls -t /dev").split('\n') and then a for over that /dev
<RoAkSoAx> kirkland: but I don't think that's necessary, is it?
<kirkland> RoAkSoAx: the -t sorts by timestamp
<kirkland> RoAkSoAx: so the most recently touched files in /dev/ are listed first
<kirkland> RoAkSoAx: which makes the for loop faster
<andreserl> kirkland, yeah, but many times it shows /dev/shm.. which I don't think would be necessary
<kirkland> andreserl: interesting, yeah
<kirkland> andreserl: you're right
<andreserl> kirkland, ok then ;)
<kirkland> andreserl: are your changes pushed yet?
<andreserl> lol
<kirkland> andreserl: i'm going to grab a beer and hack the tcp monitor :-)
<andreserl> kirkland, Today's changes nope
<andreserl> i'll push them in a bit as soon as I finish this monitor
<andreserl> kirkland, ok :). I'll hack on TestDrive after this.. I';m finally gonna improve the use experience with VirtualBox
<binaryhat> SpamapS, no sensors.cfg in /etc/nagios-plugins/config/ after installing  nagios-plugins-extra
<kirkland> andreserl: sounds like a plan
<andreserl> kirkland, done! Just pushed todays changes. WoL Monitor and Console Monitor are added, supported, but not yet enabled in the config file
<jeeves_moss> is there a benchmark tool to figure out how many users my FreeRADIUS server can support?
<twb> jeeves_moss: not that I know of.
<twb> I don't think radius itself is a very resource-intensive protocol
<twb> What are your auth nodes?  modems?
<jeeves_moss> twb, it'll be an auth/payment server for hotspots.  the auth nodes are MikroTik routers.
<jeeves_moss> twb, the routers are doing the splash page serving, etc.  the server is just the RADIUS box with a LAMP system on it
<twb> You don't need LAMP for RADIUS AFAIK
<patdk-lap> lamp could make pulling reports from radius easier :)
<patdk-lap> assuming he is using mysql backend for radius
<twb> If you say so
<jeeves_moss> LAMP is to be used for the SugarCRM, and payment systems.
<jeeves_moss> it's a dual PIII 1Ghz Xenon system, dual 36.6Gb 10K SCSI 320 drives (raid 1), and 2.5Gb of RAM
<patdk-lap> so probably 1000/s
<twb> patdk-lap: depends how broken the LAMP load is :P
<patdk-lap> heh, it all comes down to the drives :)
<jeeves_moss> we're just looking to support ~2,000 users under peak load.  We'll be paying attention to it, so if the load gets bigger, we'll put a bigger box in.  right now, we can only afford a 1U space
<patdk-lap> 2,000 users isn't the issue
<jeeves_moss> patdk-lap, they're 10K, 36.6Gb Ultra320 drives.
<patdk-lap> how aften your users change, does
<twb> radius won't give a shit about your drives
<jeeves_moss> if they get botlenecked, I'll either put in 15K drives
<patdk-lap> twb, writing logging info
<twb> patdk-lap: meh
<patdk-lap> recording logins, bandwidth usage, logouts, ....
<patdk-lap> I use all that info for my radius setup, great for vpn usage tracking :)
<twb> patdk-lap: if it can't do that on any old PATA drive, it's badly written
<jeeves_moss> so, it should be stable enough for some serious user load?  (keep in mind, all of the login splash screens are served locally from the router/APs)
<patdk-lap> jeeves, the radius part will be fine, it can easily do 300-500 LOGIN's per second
<patdk-lap> it's the sugarcrm that could be slow
<patdk-lap> mainly cause of php, and slow cpu's
<patdk-lap> atleast I assume sugarcrm is php, dunno :)
<jeeves_moss> sugar will ONLY be used by admin staff to update contact info, bill tracking, etc.  the public will have NO access to it
<patdk-lap> then you should be fine
<patdk-lap> as long as you tune the backend for radius, reasonably
<jeeves_moss> the only dynamic data I can see being used is if a user checks their account standing (usage, billing, etc)
<patdk-lap> the more info you get in it, the more the tuning will matter, or purging old info
<jeeves_moss> true.
<jeeves_moss> I'm look @ mid range 64bit servers with quad drives, and I think after we can afford it, we'll move to a "beast" to handle everything
<jeeves_moss> I just don't want to get into a situation where it chokes
<jeeves_moss> I just don't want to get into a situation where it chokes
<patdk-lap> intel motherboard?
<jeeves_moss> I'm trying to throw as much "hardware" @ the problem as I can that we can afford right now so the programmers can have a little bit of time to tune it.  We're close to going live with it.
<jeeves_moss> yes, it's an IBM x330
<patdk-lap> oh, it's like a little verson of my p3 systems
<jeeves_moss> lol.
<jeeves_moss> yea.
<jeeves_moss> I only paied $20 for it
<jeeves_moss> so, the price was right
<patdk-lap> 7k for mine
<patdk-lap> but that was 12years ago? or so
<jeeves_moss> yea.  well, I'm thinking that if she'll support what I need for now, then we'll be good
<patdk-lap> whoa, that motherboard doesn't use solid caps?
<patdk-lap> I would inspect it carefully, and make sure all the tops of the caps are flat, and none are pushing up
<jeeves_moss> went over it with a mag glass.
<jeeves_moss> (my background is electronic repair and engineering)
<jeeves_moss> this one was the top pic out of a stack of ~12
<patdk-lap> I have a stack of reject computers
<patdk-lap> replaced anywhere from 6 to 30 caps in each
<patdk-lap> all work fine now
<patdk-lap> all of them support wol too
<patdk-lap> so I use them to lab different things, all remote power on/off
<jeeves_moss> cool.
<jeeves_moss> I think one of the "scrap" servers has a IBM monitor card in it, so if there is a problem, it'll scream
<jeeves_moss> i'll be worth the second IP untill I can get a better box
<jeeves_moss> well, as I said, my biggest concern is to get the thing as stable as possible so the programmers can do their thing.
<jeeves_moss> has anyone got the IBM RAID monitor to work on a CLI only server?
<jeeves_moss> has anyone got the IBM RAID monitor to work on a CLI only server?
<patdk-lap> what kind of raid card is it?
<jeeves_moss> I think it's the ServeRAID 3L
<patdk-lap> adaptec or megaraid?
<patdk-lap> I dunno ibm's naming
<jeeves_moss> I followed the googled "howto", and it looks like it installs, the service is there, but I can't connect to it remotley from a windows box to admin it (ie. to set up e-mail alerts, fix defunc drives, etc).  It's the Adaptec
<patdk-lap> that looks odd
<patdk-lap> know what kind of adaptec?
<patdk-lap> I would assume the old raidtool one
<jeeves_moss> there is a tool that comes on the IBM ServeRAID setup disk
<patdk-lap> dpt-i2o-raidutils
<patdk-lap> that would be my guess
<jeeves_moss> http://ubuntuforums.org/showthread.php?t=597256
<patdk-lap> that page is all about sata, nothing at all to do with scsi
<jeeves_moss> frack.  one sec.  brb
<resno> if i dont to use kvm for virtualization whats the next best option vmware?
<patdk-lap> first, that is a pointless question
<patdk-lap> you need to know what you want out of it
<resno> im looking to run another os
<resno> i want to run an asterisk server
<patdk-lap> I dunno about put asterisk in a vm as been very good
<patdk-lap> cause vm's screw with timing, ans asterisk is time sensitive
<resno> patdk-lap: ah... is there a "better" option or will i need to get another machine running
<patdk-lap> dunno, depending on what all you have asterisk doing, it might not matter
<patdk-lap> but if it's handling audio, it will
<patdk-lap> but then, that will also greatly be affected by whatelse the box is doing (or not doing)
<resno> ive got it running in virtualbox now, but virtualbox seems to get out of hand
<jeeves_moss> patdk-lap, ok, I found the link.  http://art.ubuntuforums.org/showthread.php?t=597256
<patdk-lap> that is the same link
<jeeves_moss> crap.  grrr
<jeeves_moss> patdk-lap, http://www.allquests.com/question/1801099/Monitoring-utility-for-IBM-ServeRAID.html
<patdk-lap> heh, same deal again :)
<jeeves_moss> ugh
<patdk-lap> except for the guy asking about the x330 :)
<jeeves_moss> yep
<patdk-lap> but all that info is for sata version
<patdk-lap> I dunno anything about the ibm rebrands
<jeeves_moss> basically, I need to know how to use the control software so it will mark a replaced drive as good ans start the rebuild
<patdk-lap> I have a bunch of adaptec cards, and just manage them using one of two utilities, depending on if it's i2o based or not
<jeeves_moss> hummmm, how can I found out, and what 2 utilities?  my biggest issue is that I had one of the 36.6Gb drives in the mirror fail.  so, I replaced it, and now the dumb card won't rebuild the set.  And I'd like to set up auto mailing so it'll scream if something happens
<jeeves_moss> patdk-lap,  what programs do you use?
<patdk-lap> dpt-i2o-raidutils
<patdk-lap> I can't find the other one, but I haven't ever managed the newer one in linux before (aac based)
<jeeves_moss> ahhh,  well, I'm going to try to figure out what's going on with the IBM branded one first.
<wizardslovak> hello people
<wizardslovak> what kind of requirements would server need to run wordpress, phpbb and website
<patdk-lap> 200mhz? 128megs ram? a serial port
<wizardslovak> i got ubuntu on virtual
<wizardslovak> from system 3.2ghz single core 64bit , 1gb ram , and 40gbs hard drive in raid1
<wizardslovak> thats just for server
<twb> wizardslovak: to run wordpress your computer should be disconnected from the network
<wizardslovak> twb, why ?
<twb> wizardslovak: because wordpress has a shitty security record
<wizardslovak> ohhh
<wizardslovak> twb, so whats good blogging software?
<jeeves_moss> patdk-lap, it all depends on if he wants it to run well!
<wizardslovak> well yea id love it to run well
<twb> wizardslovak: I dunno... ikiwiki?
<wizardslovak> i mean it will be for my friends
<patdk-lap> run well is relative :)
<twb> wizardslovak: something that has a compile process and the HTTP emits static content
<patdk-lap> how much user load?
<jeeves_moss> wizardslovak, is this a personal one or one you're going to put into production?
<wizardslovak> no more then 20-30 ppl
<wizardslovak> just personal
<wizardslovak> no more then 40 ppl
<jeeves_moss> well, Asus makes a small embedded board with a 2Ghz atom on it that's smaller than a PSU
<jeeves_moss> we've got one running as a NAS @ the house
<wizardslovak> i got quad machine as home server and on it i got vbox with ubuntu server
<wizardslovak> and thats how i run it
<jeeves_moss> lol, then why are you asking?
<jeeves_moss> I'm from the world of "broke as a Mo-Fo".
<wizardslovak> just curious if i need
<wizardslovak> more for it
<jeeves_moss> lol, naaa
<wizardslovak> and now twb made me think twice about wordpress
<jeeves_moss> yea man.  what are you using it for?
<wizardslovak> just personal blogging for me and friends about fishing
<wizardslovak> i am curious if it will be good idea to run wordpress and phpbb on same server
<jeeves_moss> what are the specs of your current box?
<twb> Did you know that every year in the past six years, PHP issues accounted for one quarter to one third of ALL security issues?
<twb> http://en.wikipedia.org/wiki/Php#cite_ref-45
<wizardslovak> twb,  is there any way  i can secure it?
<twb> wizardslovak: don't run it
<jeeves_moss> wizardslovak, I'll give you an idea.  my little Asus board with a single P4 (3Ghz) on it with 1.5Gb RAM (266) runs 10 domains, e-mail, mysql, FTP, and has VMWare server running on it with 2 Windows VMs running
<wizardslovak> twb, no other way?
<twb> wizardslovak: IMO no
<wizardslovak> Jeepbeats, oh ok , my mainboard is asus
<wizardslovak> but thats for ps3 media server ;)
<wizardslovak> twb,  so why people run it then ?
<twb> wizardslovak: because they don't care about security, or they don't know it's insecure.
<twb> wizardslovak: you might as well as "why do people get computer viruses?"
<wizardslovak> twb,  so u dont run any php software?
<wizardslovak> Jeeves_moss, i tried email but gave it up
<jeeves_moss> wizardslovak, lol, why?  it only hurts once
<wizardslovak> Jeeves_moss, yea i couldnt figure out so i left it
<wizardslovak> and still i am getting used to apache settings
<jeeves_moss> wizardslovak, we've all been there @ one point or another, and we still all run to google when we can't figure something out
<wizardslovak> well i run first here then to google
<wizardslovak> ;)
<wizardslovak> and still how many times i read iptables that many times i dont get it
<Datz> twb: do you know much about the -virtual kernel package?
<jeeves_moss> wizardslovak, do it the other way around.  you piss fewer people off
<wizardslovak> if i can ask what kind of security u use?
<jeeves_moss> for myself?
<wizardslovak> Jeeves_moss, yeap , with those services i am curious what security
<jeeves_moss> a large guy named Vinny....
<jeeves_moss> ohhhh, you meant on my server.  it's a Cisco PIX535
<jeeves_moss> only the required ports are open, and I VPN in @ 128bit encrypt
<wizardslovak> oh ok
<wizardslovak> i got ufw
<wizardslovak> with 3 ports open
<wizardslovak> thats all i need
<kirkland> RoAkSoAx: still around?
<kirkland> RoAkSoAx: tcp monitor done
<kirkland> RoAkSoAx: wol monitor not waking system up, though
<jeeves_moss> open only as much as you need.  and for everything you open, ask yourself, why am I opening them
<wizardslovak> one for apache second for ssh
<wizardslovak> thats it
<jeeves_moss> well, do you have root login for SSH dissabled?
<wizardslovak> nope
<jeeves_moss> might want to do that
<wizardslovak> good idea
<jeeves_moss> also, might want to install fail2ban
<wizardslovak> whats that?
<jeeves_moss> and set the failed logins low.
<jeeves_moss> http://en.wikipedia.org/wiki/Fail2ban
<wizardslovak> ok looks good
<jeeves_moss> then, as you open new ports....  enable the modules in fail2ban.
<wizardslovak> ok
<wizardslovak> sounds good
<wizardslovak> btw
<jeeves_moss> and look @ the logs to see what's going on from time to time
<wizardslovak> if i dissable root login in ssh ,
<wizardslovak> i wont be able to do maintenance from time to time usind my laptop
<twb> Datz: -virtual is just a .config with no real hardware in it
<twb> That is, with drivers disabled
<jeeves_moss> wizardslovak, why won't you be able to do maint?
<twb> Datz: it's meant for use in domUs
<wizardslovak> well lets say install  use apt-get
<jeeves_moss> what about it?  if you can SSH into it, then what's the problem?
<wizardslovak> if i loggin into system as user
<wizardslovak> i still will be able to use sudo command?
<jmarsden> wizardslovak: Yes.  PermitRootLogin: no means you cannot *log* *in* as root over ssh, not that you can't sudo once you log in as a normal user.
<wizardslovak> ok thank you
<jeeves_moss> it makes sure that only a select set of users have root control.
<wizardslovak> i am only one user
<jeeves_moss> and it's a lot harder to guess other non standard user names.  Root is the defacto standard super user (hence why it's called root), dissable it, and you've taken an "easy shot" out of a hackers attack
<wizardslovak> ok dissabled
<wizardslovak> ;)
<jeeves_moss> good
<jeeves_moss> fail2ban installed?
<wizardslovak> nah getting into it now
<wizardslovak> installed
<jeeves_moss> good.
<jeeves_moss> now check your firewalls
<jeeves_moss> http://www.t1shopper.com/tools/port-scan/
<wizardslovak> what range of ports should i scan?
<RoyK> ops - reboot..
<wizardslovak> got only one responding on port 80
<wizardslovak> and ssh port
 * RoyK wonders why he is at #ubuntu-server when all the people here are noobs
<wizardslovak> ok weird
<wizardslovak> after i installed fali2ban i cant loggind to my system
<wizardslovak> i am gettting  no route to host
<wizardslovak> ok got it
<jeeves_moss> lol, see,that was easy
<wizardslovak> yea but somehow i lost internet access for my ps3 now
<jeeves_moss> lol!!!
<bcessa> hi there, I have a remote server using 10.04, today I update openssh and now I can't access the server, the last error msg I get while trying to start ssh was: "Failed to spawn ssh pre-start process: unable to set oom adjustment: Operation not permitted" any ideas on what may the problem be?
<twb> bcessa: are you running in openvz or xen or lxc?
<twb> bcessa: did you update to a post-.32 kernel?
<bcessa> yep, openvz, and no, I to update the kernel itself, I also try this but is not working so far https://secure.intovps.com/knowledgebase/16/How-to-Upgrade-from-Ubuntu-910-to-Ubuntu-1004-LTS.html
<twb> bcessa: OK, that's why
<twb> bcessa: your VE doesn't have permission to make ssh processes harder to OOM-kill (oom = out of memory)
<twb> bcessa: go into /etc/init/ssh.conf and comment out the oom line
<bcessa> ok, I try that but is still not working
<twb> bcessa: then I can't help you
<twb> bcessa: unless you can provide some new information about what's failing now?
<bcessa> ok, thnx anyway, information like what? I can provide with any details that will help to fix this, the thing is I don't really know what's the problem, I update 2 servers today and the one in AWS is still working without any problems
<twb> bcessa: I don't know
<twb> http://upstart.ubuntu.com/wiki/Debugging ?
<RoAkSoAx> kirkland: cool you mean WOLMonitor or the function within the powernapd daemon?
<bcessa> ok, thnx anyway, I'll keep looking at this
<kirkland> RoAkSoAx: hmm, well, i get:
<kirkland> 2011-01-24_20:44:11 DEBUG    <UDPMonitor(Thread-1, started 139796353148672)> - data packet received
<kirkland> RoAkSoAx: but that does not exit the napping sequence
<RoAkSoAx> kirkland let me see
<RoAkSoAx> kirkland: what config are you using?
<kirkland> RoAkSoAx: good question ...
<kirkland> RoAkSoAx: hmm
<kirkland> RoAkSoAx: when i restart powernap, i get
<kirkland> 2011-01-24_22:30:42 ERROR    <UDPMonitor(Thread-2, started 140171986507520)> - failed to config socket [e=[Errno 98] Address already in use]
<kirkland> RoAkSoAx: something funny going on
<kirkland> RoAkSoAx: hmm, cool, it resets the absent time
<kirkland> RoAkSoAx: while not sleeping
<kirkland> RoAkSoAx: that's good
<RoAkSoAx> kirkland: uhmmm  UDPMonitor should not be 7 or 9 :)
<kirkland> RoAkSoAx: let's talk about that tomorrow :-)
<kirkland> RoAkSoAx: i think it should
<kirkland> RoAkSoAx: and should be set to that by default
<kirkland> RoAkSoAx: by the config file
<RoAkSoAx> kirkland: that's WOLMonitor(.py)
<kirkland> RoAkSoAx: and then we can disable the WoL monitor
<kirkland> RoAkSoAx: maybe, let's chat tomorrow
<RoAkSoAx> kirkland: the UDP monitor will only listen for *any* packet, while the WoLMonitor will compare that the data received matches the Network Interface
<kirkland> RoAkSoAx: ah, right
<kirkland> RoAkSoAx: good point
<RoAkSoAx> kirkland: but, yeah, that's still a bug, UDPMonitor shoulod not even try to bind 7 or 9 anyways. Will look it tomorrow
<RoAkSoAx> and yeah, let's review stuff tomorrow ;)
<kirkland> RoAkSoAx: k
<kirkland> RoAkSoAx: TCPMonitor is working well
<kirkland> RoAkSoAx: powernap not sleeping while i have an ssh connection open
<kirkland> RoAkSoAx: but it's not awaking when a new session comes
<kirkland> RoAkSoAx: doesn't look like the monitors are running when sleeping
<RoAkSoAx> kirkland: that's cool!! and yeah, will not awake till I rework the event based thingy
<kirkland> RoAkSoAx: okay, my changes are pushed
<RoAkSoAx> kirkland: they are not just yet. I'm gonna look into that tomorrow though
<kirkland> RoAkSoAx: cool
<kirkland> RoAkSoAx: i'm going write LoadMonitor tomorrow
<RoAkSoAx> kirkland: cool :)
<kirkland> RoAkSoAx: i gotta crash
<kirkland> RoAkSoAx: g'night
<RoAkSoAx> yeah me too. gnight too ;)
<Datz> twb: I see. Should -virtual be used in a virtual machine?
<twb> Datz: -virtual show NOT be used on non-virtual machiens.
<twb> Datz: it doesn't matter if you use a different kernel on a VM
<Datz> Ok, well I installed -virtual kernel package for my VM. When I purged other -server kernel packages, I got kernel panic
<twb> Shrug
<Datz> seems like -server config was needed for -virtual to funtion
<twb> More likely you fucked up somehow
<Datz> ok, just wondering..
<Datz> humm
<twb> Datz: like forgetting to update the bootloader
<Datz> update-grub?
<twb> Shrug
<twb> It depends on your VM solution
<Datz> VMware..
<sbeattie> Datz: was this maverick? It's claimed that bug 570542 has resurrected itself.
<uvirtbot> Launchpad bug 570542 in linux "linux-image-virtual does not include ahci module, prevents virtualbox from booting an Ubuntu guest" [Medium,Fix released] https://launchpad.net/bugs/570542
<Datz> 10.04
<Datz> interesting though
<Datz> if I purge linux-image-2.6.32-27-server I'll get kernel panic: linux-image-2.6.32-27-server
<Datz> so.. idk :P
<Datz> er
<Datz> http://pastebin.com/qHFY4gN8
<Datz> didn't mean to paste package twice
<uvirtbot> New bug: #664529 in cloud-init (main) "cloud-init hangs with url error 'Network is unreachable'" [Wishlist,Confirmed] https://launchpad.net/bugs/664529
<Johnux> Hello all
<Johnux> does anyone have any preferences for splunk over landscape? or visa-versa?
<mroth_> hello
<mroth_> a virtual server is where you run multiple websites or other services out of one box, right?
<shauno> that tends to be vhosts or virtual hosts.
<shauno> a virtual server tends to refer to virtualization specifically; having entire copies of the OS (or other OSes) running compartmentalized within one physical system
<mroth_> i see.
<mroth_> ah.
<mroth_> what scenario would aperson want to run several OSes on a headless server?
<shauno> good question.  I just find it nifty.
<mroth_> well, yes, i do too
<mroth_> but i read online about KVM
<mroth_> is that for running virtual servers or virutal hosts?
<shauno> I know at work we have vmware hooked up to our UPSes management software, so we can migrate running (virtual) machines from one rack to another if one rack is going down
<shauno> it does open up a whole bunch of options that physical machines don't have
<shauno> kvm is for virtualization
<mroth_> virtuzliation of servers or hosts
<mroth_> heh
<shauno> vhosts tend to be specific to server software (eg, the web server, the mailserver, etc) rather than the OS itself
<mroth_> right. well i'm asking because i have this old HP laptop i yanked out of its happy, dusty retirement
<mroth_> and its now running ubuntu server
<mroth_> and i've been playing with web apps and stuff
<mroth_> i wanted to know if i could have two websites coming out of the same server
<shauno> ah; that'd be vhosts
<shauno> do you know what web server it's running?  (eg, apache, nginx, etc)
<mroth_> apache
<mroth_> i really didn't do much research about the options, is that worth looking into ?
<shauno> if it's just something you're using at home, or for a small number of people, apache's a pretty sensible default
<shauno> the difference between them tends to come into play a lot more when you're serving huge numbers of requests; you're more likely to hit the limitations of your old laptop first
<mroth_> sounds like apache will do fine then
<mroth_> does apache have some kind of builtin vhost function?
<shauno> it does :)
<shauno> https://help.ubuntu.com/8.04/serverguide/C/httpd.html   has a small bit on it under 'basic settings', and a link to more docs at apache.org
<mroth_> is this as simple as telling ender.com to point at my IP address x.x.x.x and then having ender2.com point at x.x.x.x.:8080?
<shauno> it can be even easier.  the normal way to do it is with name-based hosts
<mroth_> telling vhost1 to pick up requests on port 80 and vhost2 on port 8080
<mroth_> i see
<mroth_> i will read. thank you.
<shauno> see http://httpd.apache.org/docs/2.0/vhosts/examples.html
<shauno> the 'servername' lines let you have configuration that's specific to that name
<shauno> hm, that's maybe not the best way to explain it, because they're putting them all in one file there
<mroth_> erm...
<shauno> http://www.debian-administration.org/articles/412   is a pretty good crash course (and there's nothing there that isn't equally applicable on ubuntu-server)
<mroth_> do you know of any good free domain name sites?
<shauno> I think dot.tk is the only one that springs to mind as being free.   you may find dyndns.com as being more applicable if it's being run from home tho
<shauno> they won't give you terribly 'pretty' domains (eg, you're not going to get a dotcom), but you get what you pay for
<mroth_> will the domain site have any effect on the responsiveness of the site?
<mroth_> like, if i registered with dot.tk, would it be slower than if i paid $11 for a yearly godaddy  *.com site?
<shauno> who's hosting the dns will have some effect on the first connection (typically in the order of miliseconds).  not the name / domain itself tho
<shauno> and nothing that's going to affect it more than running the sites off a laptop :)
<mroth_> yeah, fair enough, to be sure
<mroth_> but i've learned soooo much from configuring this thing
<mroth_> it's crazy
<mroth_> i just got my friend's ubuntu server set up
<mroth_> it took me days and hours reading
<mroth_> we got his set up in hours
<mroth_> it was awesome
<shauno> I think if you're not learning anything, you're doing it wrong :)
<mroth_> if i'm trying to build a timesheet databse application and i want to use mysql as the backend. how do i make the frontend?
<shauno> either roll up your sleeves and learn to program, or hit google and start looking for one someone's already made
<mroth_> lets say i opt for the former.
<mroth_> i want to use python.
<mroth_> do i literally just grab a python-for-dummies book and i can make an interface for the database that way?
<mroth_> i mean, not so simply
<mroth_> but is that it? i don't need a tool to create the graphical part?
<shauno> typically, python would do that job too
<shauno> eg, if you're planning to do this as a web app, you'd have python (or pretty much any other language) creating the html that's sent to the user's browser.  and then understand the form submissions that the browser is sending back
<mroth_> i see.
<mroth_> i know html
<mroth_> but i'd be hard pressed to code any kind of a reasonable site in html
<mroth_> instead i might use a cms like joomla or drupal, or a WYSIWYG editor like screem to make a site
<mroth_> are there tools like that for python?
<shauno> sort of.  there's things like django, where you create a template that's mostly html.  and then have python use that template to output things
<mroth_> the reason i'm talking about python is because there's a free MIT course on it available online
<mroth_> thorugh freecourseware
<mroth_> but i'm not married to it. do you think it's a good(isH) starter language?
<mroth_> scratch that. do you think it's the best starter language? if not, what is?
<shauno> I'm not much of a programmer, so not sure I'm the best to judge there.  but I hear good things about it
<twb> mroth_: no; you should start with Scheme, and CISC assembly (or C).
<mroth_> twb why
<shauno> there's quite a few resources tho.  I think that's where python would get my vote at the moment.  you won't be hard pressed to find things
<twb> mroth_: and MIT has offered video lectures on first-year Scheme (course 6.001) since the 70s
<mroth_> nice
<twb> mroth_: because Scheme (or more specifically, the lambda calculus) gives you the pure mathematical/linguistic grounding for language design, and assembly/C gives you a grounding in the pragmatic low-level turing/von neumann hardware.
<twb> Unless, of course, you're studying in order to make money -- in which case you should study Python, then Java and C++.
<mroth_> what if i was more of a dilletente, and didn't feel the need to know the fundamentals
<mroth_> oh yes and you asnwered it before i asked
<twb> Those are poorly-designed languages that promote 80s computational ideologies to the exclusion of pedagogy.
<mroth_> you sound like a programming teacher yourself
<mroth_> and something of a difficult one, at that
<mroth_> (:
<twb> If by "difficult" you mean I want to fail 80% of first years because *they won't learn*, rather than dumbing down the course so that $university can milk four years of tuition fees out of them -- yes, I am.
<mroth_> well i'm considering going back to school for some real computer knowledge
<twb> Then I recommend you take either electrical engineering, or pure math
<twb> The CS classes are now thoroughly vocational -- even at places like MIT.
<mroth_> to be honest, vocational learning doesn't so much bother me
<mroth_> as being unable to accomplish my goal due to a lack of preparedness
<twb> If you want vocational training you should go to a poly and pay 1/10th the fees
<twb> I don't have a problem with that; I have a problem with academic institutions charging for academic training and supplying vocational training.
<mroth_> is that to say that a poly school and MIT have the same quality of training supply?
<twb> Well, I daresay you get a better class of vocational training at MIT :-)
<twb> And there are probably a few of the old guard left out there
<mroth_> one would hope.
<mroth_> i'm 23. is it too late to learn programming?
<mroth_> i went to middle school with kids who dreamt code.
<twb> IIRC there's an inverse correlation between age and learning ability.
<mroth_> i feel like i may have missed my critical period for programming
<twb> I doubt a sufficiently determined 23yo is "too old"
<mroth_> very true.
<mroth_> see, i hadn't developed a sufficient understanding of the open source world, and its possibilities, until after i had pretty much cemented in my field of study during my undergrad degree
<mroth_> now that i'm learning more about it, i find i have a very strong desire to contribute
<twb> Most places won't stop you taking a second undergrad course
<mroth_> but i feel more than a little useless to a society based on open CODE when i can't create it in the first place
<mroth_> no, i know that
<mroth_> i can go back, i know that
<mroth_> but if i could use the skills i have now, and still be of use
<twb> Skills in what field?
<mroth_> my degree is in psycology. i have some accounting background.
<mroth_> i have sales experience.
<mroth_> i'm good in groups. i'm good with people.
<mroth_> i'm good with computers, but only insofar as troubleshooting, really.
<kerozene> a lot of os projects have woeful ux design
<mroth_> quite true.
<mroth_> woeful is a well chosen word, in fact
<mroth_> in so many ways, too
<mroth_> woeful that the ux is bad, yes, but also that it matters as much to the eu as it does
<kerozene> that's psychology for you
<twb> You could look into cognitive psychology.
<twb> That's interdisciplinary
<mroth_> what is an open source evangelist
<kerozene> more woeful that the devs think their project would be more popular if people 'just gave it a chance'
<twb> mroth_: google.com/search?q=define:evangelism
<mroth_> it was rhetorical
<mroth_> i mean, can i pay my rent evangelizing ubuntu?
<twb> kerozene: you may wish to read producingoss.com
<twb> mroth_: I doubt it.
<twb> mroth_: you might indirectly, as part of a sales team of a company that leans towards FOSS solutions.
<mroth_> damn it all, why can't i just work for canonical as a salesman?
<twb> e.g. when my boss goes out to DoJ and says "hey, we have a wicked solution for remand centres, and btw it's open source"
<twb> mroth_: have you asked them?
<mroth_> and there, be taken under wing by some wizened old guard programmer
<mroth_> to be taught all the great script-judo
<mroth_> well not so directly
<mroth_> i have done some quiet googling
<mroth_> and alas, those positions are relatively few and far inbetween
<twb> http://www.canonical.com/about-canonical/careers
<mroth_> and usually require CS DEGREES
<mroth_> which brings me back to my original track, sorta
<twb> Most places I know don't require a CS degree.
<mroth_> EE at MIT
<mroth_> there we go
<twb> They might require *a* degree, because that demonstrates your ability to follow through on a long-term project
<twb> But it's easier to teach CS to an intelligent, enthusiastic person than to teach intelligence and enthusiasm to a CS graduate
<twb> That's my view, anyway.
<mroth_> nicely put.
<mroth_> to say the least.
<twb> It also helps if the hiring committee can go "oh, hey, I recognize that guy from <mailing list>.  He posted a few <interesting things>."
<mroth_> a forlorn hope in today's world of multiblogging
<mroth_> but a chance nonetheless
<mroth_> anyway
<mroth_> shauno, twb, kerozene, thank you
<mroth_> for your time and your willingness to hear me out, and answer me so well
<twb> Shrug.
<twb> It's that or do work
<mroth_> ha! the truth is out.
<mroth_> ok, goodnight.
<kerozene> gn mrmist
<kerozene> jesus.
<kerozene> gn mroth_
<mrmist> tab fail :)
<twb> I didn't know jesus was even in the channel
<shauno> he's everywhere maaaan
<twb> Like jedgar
<kerozene> jesus and telstra
<twb> ha
<kerozene> thanks for the link. I did a quick skim; looks interesting
<shauno> oh boy.  I really am up too late if you're all australian
<kerozene> though I wish it said something about ux :)
<twb> Yeah, 7am is bed time
<shauno> 9 ;)
<twb> Hence: you are up too late
<shauno> altho the sun never quite comes out in ireland, so it's difficult to tell sometimes
<kerozene> shauno: that's a vicious slur. I'm not australian.. yet
<shauno> you have syd in your hostname.  that's australian enough for me.  next step is to admit it to yourself :)
<shauno> altho you may want to practice in a mirror before you tell your parents
<kerozene> not till they come for my irish passport
<shauno> I'm not sure those mean anything anymore.  they're pretty much giving them away
<kerozene> hehe
<shauno> my wife got one.  5 years ago she couldn't point at ireland on a map.
<shauno> (plot twist.  I'm not irish.  moved here by accident)
<kerozene> what, you get shipwrecked?
<shauno> near enough
<shauno> short version: came here for 3 months, stayed for 6, then got told I wasn't welcome back in the US.
<kerozene> they tell everyone that though
<shauno> heh
<shauno> well, apparently I'll be able to visit as a tourist as soon as 2016. until then, I'm just sorta sat here trying to figure out where I'm meant to be
<shauno> no, 2026
<soren> shauno: Because you stayed away for too long?
<kerozene> maybe he was drinking in the wrong pubs
<shauno> soren: yeah.  I apparently wasn't familiar enough with greencard restrictions
<soren> shauno: Oh, you're not a US citizen?
<shauno> nope
<soren> ah.
<twb> lucky break
<shauno> the catch that makes it awkward is that my parents & siblings are naturalized, but I can't go back
<shauno> they stayed long enough to be assimilated into the collective.  my wanderlust made me a proper black sheep
 * soren thinks the concept of citizenship is bogus anyway
 * twb thinks the concept of nation-states is bogus, too
<shauno> I technically agree.  But I've found them very difficult to debate with.
<kerozene> divide and conquer
<sjbnz> VMware tools - what's the recommeded approach?
<sjbnz> This is on a production ESXi 4.1 with 10.04 guests...
<sjbnz> (in the past I've done "install tools" from ESX, then the script, and had to compile...
<soren> twb: Completely agreed.
<kerozene> shauno: apparently Green Light immi. consultants in Galway are good, if you were ever interested in pursuing it
<kerozene> getting cut off like that doesn't sound right
<shauno> we have a plan :)  stay here until I'm eligible for a passport myself, and then restart the whole process from scratch as a K1
<kerozene> cool
<shauno> see I'm not eligible for my original visa anymore, because it was k3 .. child/dependent of immigrant spouse.  apparently living in another country for 5 years, turning 30, etc kinda nix the dependent bit.
<kerozene> turning 30...how arbitrary
<shauno> but my wife is a bona fides yank, so we can re-file on those grounds
<twb> shauno: my sympathy
<shauno> she's not that bad :)  she's had 5 years in europe too now
<shauno> kerozene: indulge my paranoia a moment, how'd you know I'm in galway?
<twb> geoip
<shauno> my irssi lives in london
<sjbnz> VMWare tools? apt-getting open-vm-tools sounds attractive, but VMware say they don't support the version in Ubuntu repos (!?)...
<kerozene> shauno: I didn't, I just have some acquaintance with the guy who runs that outfit. pure coincidence :)
<kerozene> muaha.
<kerozene> sjbnz: what versions, respectively?
<ttx> soren: can you flip the switch on https://code.launchpad.net/~ed-leafe/nova/lp703041/+merge/46823 again ?
<uvirtbot> New bug: #707348 in tomcat6 (main) "tomcat6 doesn't configure  cleanly with JAVA_OPTS having values with slashes " [Undecided,New] https://launchpad.net/bugs/707348
<ttx> oops
<kerozene> charming.
<\sh> ttx: oops for the bug? ;)
<ttx> nah, that one is a dupe anyway :P
<\sh> bah
<ttx> and fixed in Natty ;)
<\sh> but there is a debdiff for maverick attached ;)
<\sh> ttx: it bugged me this morning with latest security update...
<\sh> and it will bug me on lucid too ;) production series ;)
<ttx> hah!
<\sh> and now I'm bugfixing live-boot ;)
<uvirtbot> New bug: #707365 in awstats (main) "syntax error in /usr/share/awstats/tools/buildstatic.sh" [Undecided,New] https://launchpad.net/bugs/707365
<tigreton> hi
<tigreton> could someone send me a how-to set up a load balancer please?
<\sh> tigreton: http://www.howtoforge.com/set-up-a-loadbalanced-ha-apache-cluster-ubuntu8.04-p3
<\sh> tigreton: google for pacemaker + ldirectord gives you more hints on how to setup a ipvs loadbalancer on e.g. lucid
<tigreton> sorry was phone
<tigreton> \sh but it simply? i only want to study it
<tigreton> not to create a high web
<\sh> tigreton: then you should read something about ipvs: http://www.linuxvirtualserver.org/software/ipvs.html
<tigreton> i'm there
<tigreton> and the other in progress
<tigreton> ktcpvs
<tigreton> but isn't too much simply... haha
<tigreton> i was expecting \sh something like a simple iptables :(
<tigreton> but well, i will read all u said
<\sh> tigreton: loadbalancers are not simple...
<tigreton> i saw something that programming with php
<tigreton> asking the status of eachserver
<tigreton> and redirecting...
<\sh> tigreton: ipvs is what you need...not iptables...and ipvsadm is an easy tool when you know how to use it and understanding what ipvs does
<tigreton> but they say it's about 2 secs
<tigreton> aaaa
<tigreton> so i must understand first what it does...
<tigreton> ok
<tigreton> in linuxvirtualserver explain it nice?
<tigreton> foolano esp?
<jamey_uk_> I'm using halevt to automount a LUKS-encrypted disk, but it doesn't have permission to mount devices. What do I have to do to allow the halevt user permission to mount?
<tigreton> could u put privileges on the user?
<jamey_uk_> tigreton, yeah thanks, I ended up sudo-ing the command it was executing
<tigreton> oO i helped someone!!! how could be possible?
<tigreton> must go thanks \sh
<tigreton> bye
<uvirtbot> New bug: #707402 in openssh (main) "connection refused on port 22 after upgrade" [Undecided,New] https://launchpad.net/bugs/707402
<uvirtbot> New bug: #707405 in tomcat6 (main) "tomcat6-instance-create should allow -c -1" [Undecided,New] https://launchpad.net/bugs/707405
<tsarles> I have a static IP set on an interface. After a few hours it quits responding, and I find that it has changed it's IP address to something the DHCP server would have gave it. I issue an '/etc/init.d/networking restart' , and it takes it's normal static IP again, but I can't figure out why it is doing this
<_ruben> tsarles: you switched from dhcp to static, without rebooting or killing dhclient3?
<tsarles> possable
<tsarles> hasn't been rebooted in a while i think
<tsarles> your saying I have to kill some DHCP daemon or something?
<_ruben> you probably have a "rogue" dhclient3 still running around
<_ruben> quite likely
<tsarles> ok...... willl it show up in top? or how would you reccomend i check for this?
<_ruben> it should
<tsarles> k...
<aljosa> anybody knows if there is a repository with check_postgres package for ubuntu maverick or maybe just deb package?
<tsarles> i have a dhclient running.... guess that must be it
<tsarles> and it's dead... thanks... hope that does it
<Daviey> zul, Are you working on bug https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/697105 soon?
<uvirtbot> Launchpad bug 697105 in apache2 "Segfault on POST" [High,Confirmed]
<zul> Daviey: its on my todo list
<Daviey> zul, ok, great!
<SpamapS> Daviey: thats a nasty one. :-P
<Daviey> SpamapS, Ahh, sent you a mail as i thought you wouldn't be online yet!
<SpamapS> Daviey: I *shouldn't* be online yet
<SpamapS> :-P
<Daviey> heh
<SpamapS> Daviey: re bug #653405 ... I believe this one can only be "fixed" upstream. :-P
<uvirtbot> Launchpad bug 653405 in rabbitmq-server "rabbitmq-server fails to start if hostname is unresolvable or has changed since first starting" [High,Confirmed] https://launchpad.net/bugs/653405
<SpamapS> Daviey: so really, next logical step is to upstream that bug.
<Daviey> SpamapS, Do you want to handle that?
<SpamapS> Daviey: yes, on it
<Daviey> SpamapS, \o/
<zul> SpamapS: 5.1.54 building right now
<SpamapS> Oh lovely..
<SpamapS> rbabit has no bug tracker
<SpamapS> zul: cool. :) sorry that I've completely dropped the ball on merging my favorite packages. :-/
<\sh> SpamapS:
<\sh> Bug reports
<\sh> To report a bug or problem email legitimategrievance@rabbitmq.com!
<SpamapS> zul: I have been working on mysql 5.5 tho :)
<zul> SpamapS: heh
<zul> SpamapS: thats ok thats what im here for :)
<SpamapS> \sh: private bug trackers mean we have to waste upstream's time every time we want to see if something is already reported, already fixed, or being avoided for a good reason. :-/
<SpamapS> But I digress, that is their issue not ours.
<\sh> SpamapS: complain to springsource ;)
<RoAkSoAx> morning all
<Daviey> I'm really quite surprised rabbitmq doesn't have a bug tracker. :/
<Daviey> hallyn, is bug #705395, a regression or a change; do you know?
<uvirtbot> Launchpad bug 705395 in vm-builder "$domain is not available in libvirtxml.tmpl" [Undecided,New] https://launchpad.net/bugs/705395
<SpamapS> Daviey: they have one, but its private
<Daviey> tht
<Daviey> that is above awesome
<uvirtbot> New bug: #707436 in postfix (main) "package postfix 2.5.5-1.1 failed to install/upgrade: subprocess pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/707436
<patdk-wk> reading their website, I still have no clue what rabbitmq does
<SpamapS> RabbitMQ provides robust messaging for applications.
<SpamapS> ??
<patdk-wk> so it's smtp for programs to talk to each other? basically
<patdk-wk> instead of say, doing a tcp connection themselfs
<zul> SpamapS: unless you dont change the underlying os its running from ;)
<\sh> patdk-wk: it's like activemq but written in erlang and not java, and has amqp support instead of openwire
<SpamapS> patdk-wk: right, it sits between programs and brokers messages between them
<SpamapS> ActiveMQ is so good at being slow.. I had to read the manual twice to make sure it wasn't designed to be a bottleneck. :-P
<RoAkSoAx> Daviey: ping
<Daviey> RoAkSoAx, pong
<hallyn> Daviey: sorry, dunno
<hallyn> Daviey: can  look later, not right now
<Daviey> hallyn, groovy, thanks!
<RoAkSoAx> One thing btw... we do not care about bugs that are caused because, i.e. Virtuozzo, made a tweak to a package upstart job to be able to run it, right?
<wizardslovak> hello people
<zul> RoAkSoAx: eh?
<thiebaude> hey Wizards
<RoAkSoAx> zul: bug #707098
<uvirtbot> Launchpad bug 707098 in openssh ""oom" change in 1:5.3p1-3ubuntu5 causes "operation not permitted"" [Undecided,New] https://launchpad.net/bugs/707098
<wizardslovak> i got Wordpress installed , but i walso want to run phpbb on same server
<RoAkSoAx> zul: VPS provider tweaked the upstart job to allow openssh run in Virtuozzo. After upgrade and replacing the upstart job with the one shipped in the package, ssh no longer starts
<wizardslovak> what would i have to modify in apache config?
<zul> RoAkSoAx: not really
<RoAkSoAx> zul: so it is a wontfix?
<zul> RoAkSoAx: im not sure i think they should take it up with their vps
<RoAkSoAx> zul: so it is
<RoAkSoAx> invalid for us
<wizardslovak> anyone of you have experience with phpbb?
<Daviey> SpamapS, meeting?
<Daviey> SpamapS, are you chairing?
<SpamapS> yes coming
<lapsusbrutus> HP Color LaserJet 2600n foomatic/foo2hp    I need this driver for my cups on a 10.10 server,  anyone knows what to install to get it?
<axisys> what am I doing wrong here? http://pastebin.com/gYZNF309
<axisys> i need to install this to use megacli
<axisys> added the script option -c .. still seeing the error
<axisys> http://pastebin.com/Q8Tbsxz0
<iclebyte-work> i'm having big troubles with mod_perl. I have an app in /var/www/myapp/cgi - that is the root. The CGI is executing however I get "Can't locate Monitor/Devices.pm in @INC". in /var/www/myapp/cgi/Monitor/ exists a file called 'Devices.pm' - in the apache error log i can also see that /var/www/myapp/cgi/Monitor is listed in @INC
<iclebyte-work> any ideas? driving me mad..
<RoyK> axisys: why don't you just extract the files from the rpm archive?
<RoyK> iclebyte-work: no chrooting messing up?
<iclebyte-work> no chrooting in place, this is a plain install
<axisys> RoyK: using alien .. which option to extract ?
<axisys> this is the rpm file
<axisys> file Lib_Utils2-1.00-01.noarch.rpm
<axisys> Lib_Utils2-1.00-01.noarch.rpm: RPM v3 bin Lib_Utils2-1.00-01
<RoyK> axisys: rpm2cpio somefile.rpm | cpio -id
<RoyK> iirc
<RoyK> make a tmp dir first and cd into that
<axisys> RoyK: ok
<axisys> RoyK: it created etc usr and var dir in tmp and tons of files in those dirs
<axisys> looks like I can just go to / and extract it again
<axisys> would be nice if I could use rpm to install them
<uvirtbot> New bug: #707535 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.7 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/707535
<RoyK> axisys: the problem with using rpm on debuntu systems is that the config files end up the wrong place and may even damange the system
<aliverius> how long is a non-lts supported for?
 * zul odes a cobbler update
<axisys> RoyK: ok.. with alien it should put it in the write place.. but the `error: incorrect format: unknown tag' is what I need to fix
<axisys> I downloaded the rpm for ubuntu from here
<axisys> http://www.lsi.com/storage_home/products_home/internal_raid/megaraid_sas/6gb_s_value_line/sas9260-8i/
<axisys> megaraid_sas is already comes with ubuntu 10.04 .. but it is older version than what is in lsi sight
<axisys> site
<axisys> also lsi site has the megacli which is needed to check the status of the raid
<RoyK> axisys: it won't install it anywhere else than what's given in the package
<RoyK> how should it guess where?
<hallyn> cmagina: finally working on that mp merge, btw.  hoping to have something you can test later today.
<cmagina> hallyn: alright, sounds good
<hallyn> cmagina: do you remember which file needed the 's/\/lib\//\/lib*\// ?
<hallyn> was it all of the debian/*.install ones?
<hallyn> dannf: ^
<axisys> RoyK: sorry i don't follow
<axisys> RoyK: are you referring to `error: incorrect format: unknown tag' ?
<cmagina> hallyn: there were two
<dannf> hallyn: ooh.. don't remember for sure - i *think* that's all it was
<hallyn> cmagina: right, two of the three (not the kpartx one)
<hallyn> cmagina: dannf: thx :)
<RoyK> axisys: no, I was referring to alien - it just installs whereever given in the rpm file
<RoyK> axisys: about the error message, google it
<cmagina> hallyn: yep
<cmagina> hallyn: multipath-tools and multipath-udeb
<axisys> RoyK: check this out.. i got the src code..  but it is failing to make
 * RoAkSoAx goes to lunch
<axisys> RoyK: http://pastebin.com/tQ2u1V6u
<RoyK> axisys: no idea, sorry - are you sure the driver doesn't exist in a newer kernel?
<axisys> RoyK: driver does exist..
<axisys> RoyK: but older version..
<RoyK> axisys: erm - I don't get it - card unsupported in old driver?
<axisys> RoyK: so I guess I could just live with that..
<uvirtbot> New bug: #707546 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/707546
<axisys> RoyK: no it does support
<axisys> RoyK: i can see the disk .. my raid10 shows up as sda1
<RoyK> then why upgrade?
<axisys> RoyK: true.. i should not worry about the upgrade.. but!
<axisys> RoyK: i still need a way to find out if a disk is offline underneath.. that is where megacli rpm comes to play
<RoyK> axisys: those source files were just for the driver
<axisys> RoyK: right.. i should just forget about them.. and concentrate on making the megacli rpm to work
<RoyK> axisys: can you email me the rpm, so I can take a look?
<axisys> RoyK: address ?
<RoyK> roy@karlsbakk.net
<axisys> RoyK: http://www.lsi.com/support/sun/sg_x_sas6-r-int-z.html
<axisys> RoyK: MegaCli - Linux  8.00.2308-13-2010
<axisys> RoyK: under utility software
<axisys> I will email you this
<axisys> RoyK: sent.. thanks
<RoyK> axisys: 32 or 64 bit?
<axisys> RoyK: 64bit.. I got it working
<axisys> RoyK: i can run the binary and check the raid controller status from the OS
<RoyK> ok
<axisys> RoyK: but.. it is not complete installation of MSM (megaraid manager) .. just megacli..
<uvirtbot> New bug: #707563 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/707563
<RoyK> axisys: that should do
<RoyK> axisys: add a nagios/icinga check and you're done :)
<uvirtbot> New bug: #690640 in debhelper (main) "dh_installinit upstart support start a job in postinst script regardless of previous status" [High,Fix released] https://launchpad.net/bugs/690640
<zul> SpamapS: what do you think of ^^^?
<zul> kirkland: why did you approve Davieys branch but not merge it?
<SpamapS> zul: reading
<aliverius> can someone help me with a pair of 4k sector hdds?
<zul> SpamapS: obviously its too late for 10.04.2
<SpamapS> zul: seing as its dh_installinit ... its too late for lucid unless we want to rebuild everything that has an upstart job. ;)
<zul> SpamapS: my gut says no
<SpamapS> zul: though it would be good to backport it to lucid so that any future SRU's we do build with this fix.
<zul> SpamapS: yeah but that would be half empty or half full
<cemc> o/ where can I find a daily lucid cd image with enabled -proposed ?
<SpamapS> cemc: http://cdimage.ubuntu.com/lucid/daily/current/
<SpamapS> hmm thats only the alternate CD
<cemc> SpamapS: nvr mind, I used mini.iso. thanks anyway.
<SpamapS> cemc: yeah that should work too :)
<sbeattie> http://cdimage.ubuntu.com/ubuntu-server/lucid/daily/current/ has the server images.
<cemc> sbeattie: right, that one I didn't find ;) thanks
<SpamapS> sbeattie: oh.. DUH ;) ty
<hallyn> cmagina: dannf: multipath-tools with debian/experimental merged in is built at ppa:serge-hallyn/multipath for natty.  d'oh.  i guess i'll compile one for lucid, for you to test with?  or do you have a natty install you can try it on?
<cmagina> hallyn: i have a natty install, but nothing that uses multipath
<hallyn> cmagina: ok, lucid version pushed, should hopefully be built in 30 ins
<hallyn> mins
<cmagina> hallyn: ok, i'll give it a spin
<hallyn> cool
<uvirtbot> New bug: #707561 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/707561
<uvirtbot> New bug: #707581 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/707581
<aliverius> i am installing the lts server and i finished partitioning with raid and lvm
<aliverius> but i am not confident my hdds perform at their best because they use 4kb sectors
<aliverius> how can i find out if it was done ok?
<uvirtbot> New bug: #707631 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/707631
<Daughain> Can eomsone here help me with an SASL issue?
<Daughain> SOmeone, even.
<Pici> Daughain: An issue connecting to freenode? or other some other SASL thing?
<Pici> Daughain: If freenode, your best bet would be to ask first in #freenode
<Daughain> COnnecting to freenode. Via Xchat
<Daughain> Thanks.
<chovynz> How do I upload a website to my private server via command line?
<chovynz> nevermind. I'll ask again at a later date when I have more time.
<Roasted> has anybody installed freeradius on ubuntu?
<Thirtysixway> How can i configure munin plugins apache_* to track both http traffic on port 80 and https (SSL) traffic on 443?
<deadsmith> hey all --- can anyone point me toward reading or advice for Linux ioschedulers with a 32TB RAID 50 setup?
<aliverius> i installed ubuntu server on a system with a part raid 1 and inside the ride some lvm, plus one big regular partition on each disk
<aliverius> now it refuses to install grub
<aliverius> what's going on?
<RoAkSoAx> kirkland: howdy!!
<RoAkSoAx> kirkland: so I reworked the powernapd loop today and now the GRACE period approach has changed, as well as it keeps tracking while in PowerSave. I'm testing it now. When you have the time to discuss it further, let me know
<hallyn> aliverius: if you are using multipath, then it's a knwon bug in grub (being worked, with proposed fixposted)
<aliverius> hallyn: first of all what do you mean with multipath, second how do i circumvent this?
<SAM__> hi guys i know an issue with my webserver on 10.04 and im not sure what is causing it....if someone could take a quick look id be most greatful http://unrealkillers.com/forum.php
<hallyn> aliverius: if you don't knwo what multipath is, then it probably isn't your problem.
<aliverius> as i said before it is one raid, one normal partition and a number of logical volumes inside the raid partition
<genii-around> SAM__: www.wherever.com   is not the same as wherever.com
<SAM__> I have this as my config
<SAM__> http://paste.ubuntu.com/558297/
<uvirtbot> New bug: #707663 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 (dup-of: 707563)" [Undecided,New] https://launchpad.net/bugs/707663
<genii-around> SAM__: Did you recently change the nameserver info?
<micahg> hi, is there a reason that /usr/share/php isn't on by default?
<kirkland> RoAkSoAx: okay, give me a bit
<kirkland> RoAkSoAx: i have the LoadMonitor working well
<glenp> test
<RoAkSoAx> kirkland: sure thing. take your time :)
<glenp> Got a question and its a newbie server question.   1. whats the best way to set up partitions on a server.   2  whats the best filesystem
<kirkland> RoAkSoAx: cool
<smoser> glenp, if it were up to me, and I didn't want to become an expert on such things, I would take the defaults (which is what I do)
<smoser> there is definitely a whole lot of tuning and smarts that you could have to do better, but the intent of the defaults is that they're chosen by people who generally know what they're doing.
<aliverius> how do i get parted during install?
<glenp> k  I have heard of putting your home directories in a seperate partition.  and there are other ways I have heard.
<aliverius> i was told i need to do some special stuff for a bios boot  partition and parted is needed for that
<Mip5> Hi - I'm building a transparent proxy using squid 3.1.10, on ubuntu server 10.04, using 2.6.37 kernel. There were a few config options necessary for squid to install in ubuntu (eg, --prefix=/usr). I'm looking for the proper config options to install iptables 1.4.10 in ubuntu. Thanks.
<Mip5> I ask this because I just ran updates on the server, and there was a python script as part of a firmware upgrade package that failed. It looked like it failed to find my install of iptables.
<SAM__> can anyone help me with OS hardening and where to start please? maybe a tutorial?
<uvirtbot> New bug: #707691 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: post-installation script returned errorcode 1" [Undecided,New] https://launchpad.net/bugs/707691
<aliverius> SAM__: hardened linux from scratch?
<SAM__> aliverius, yes
<deadsmith> can anyone point me toward reading or advice for Linux ioschedulers with a 32TB RAID 50 setup?
<RoAkSoAx> RoAkSo/win 2
<kirkland> RoAkSoAx: yo
<kirkland> RoAkSoAx: okay, man, i have time for you now
<andreserl> kirkland, can't access my vps let's do it through here, or should we chat?
<Italian_Plumber> Hello.  My system is running a disk check on startup.  it's running it right now.  Is there a way to stop the disk check?  I'm troubleshooting a different problem and I can run a disk check later.
<SpamapS> kirkland: hey have you ever had issues using approx for boot strapping hardy?
<uvirtbot> New bug: #707722 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/707722
#ubuntu-server 2011-01-26
<SpamapS> deadsmith: re your 32TB RAID 50 ... the io schedule would be more dependent on the workload and the physical hardware.
<SpamapS> deadsmith: the size/RAID type are only a smart part of the decision
<deadsmith> SpamapS:  Thanks for the reply... The work will be a lot of high-memory processes running on large files... but there will be some large files generated too...
<deadsmith> SpamapS:  what else should I be considering?
<SpamapS> deadsmith: if the hardware has a smart enough raid controller, then you want the noop scheduler (just throws io at the disk controller blindly)...
<deadsmith> SpamapS:  okay, I think the big array has a smart controller... there's another machine that's more like 10TB; more active file copying, less longterm storage... do you feel the same way about that one?
<deadsmith> SpamapS:  and, I'm happy to read, I just had a hard time finding relevant info...
<SpamapS> deadsmith: this one is actually pretty good, despite its critical tone, it spells them out quite well http://blogs.sybase.com/database/2010/03/io-schedulers-is-linux-really-an-enterprise-os/
<deadsmith> thanks a bunch!
<SpamapS> a bit dated at kernel 2.6.18 and RHEL 5.4
<Thirtysixway> how do i get matlab
<Thirtysixway> ...oops wrong channel >.<
<Error404NotFound> I just configured chrooted SFTP on a lucid box, problem is that it takes way long to connect, even on shell it takes like 5 minutes
<pmatulis> strange
<pmatulis> local accounts?
<patdk-lap> dns lookup timeouts?
<kirkland> SpamapS: hmm, i haven't tried that, actually
<kirkland> SpamapS: i switched to squid-deb-proxy yesterday...  still working around its, um, differences
<jongbergs> hi, i just setup an ubuntu server, now i am planning to setup a mail server usin postfix..domain is working fine now..my question is: do i still need to set the hostname in order for this to work?
<SpamapS> kirkland: I haven't found squid-deb-proxy to be the right solution for chroots/vms ..
<amiralul> I'm kinda newbie in the server-land. Can I install a virtual Windows Server guest on my ubuntu box without any GUI? I'm thinking about KVM, but other options are welcomed as well.
<SpamapS> amiralul: https://help.ubuntu.com/community/WindowsXPUnderQemuHowTo
<SpamapS> a bit out of date.. hrm.. 8.04
<SpamapS> https://help.ubuntu.com/community/SeamlessVirtualization
<SpamapS> amiralul: that might be better :)
<amiralul> SpamapS: thanks, I'll have a look
<amiralul> I have to choose between virtualising Windows Server inside Ubuntu or make a goddam apsx website run on apache
<SpamapS> amiralul: http://www.mono-project.com/ASP.NET
<amiralul> thanks again, I'm still struggling with that :)
<uvirtbot> New bug: #707843 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: aliprosessi installed post-installation script palautti virhetilakoodin 1" [Undecided,New] https://launchpad.net/bugs/707843
<ttx> Daviey: typo on "peices" in http://ubuntuserver.wordpress.com/ new look
<MTecknology> time to bump my servers up to Ubuntu 11.04
<popey> the ubuntuserver.wordpress.com meeting minutes are unreadable because < nicnkname> is stripped out when posted, so you can't see who said what.
<popey> http://ubuntuserver.wordpress.com/2011/01/21/ubuntu-server-meeting-minutes-from-2011-01-18/ for example
<Daviey> ttx, ooo, well caught!
<Daviey> popey, and you.
<ttx> Daviey: I have the curse of ultimate noticing
<jpds> Daviey: "bits and p*ei*ces".
<Daviey> "sack of nuts and bolts"
<jpds> Daviey: Blood, sweat and toil.
<Daviey> and cloud.
<Daviey> or is that equally split between those three, jpds ?
<jpds> I think the preferred term nowadays is 'claude'.
<JamesPage> Daviey: would that Apache 2 POST segfault bug be impacting my cobbler installation by any chance?
<Daviey> JamesPage, hmm, perhaps
<Daviey> JamesPage, are you seeing Segfaults? :)
<Daviey> JamesPage, zul said he found a fix for it yesterday, i image he uploaded it.
<amiralul> brb
<amiralul> brb
<JamesPage> Daviey: I'll update and see if it still fails
<JamesPage> Daviey: it was failing on cobbler check - the POST to apache hung and with a segfault in the Apache error log
<JamesPage> Daviey: new version of apache2 -> cobbler working fine :-)
<Daviey> JamesPage, \o/
<aliverius> can upstart start stop daemons?
<aliverius> if yes how? is it true that starting them with /etc/init.d/blah start makes them start at boot without taking advantage of upstart's speeedup features
<aliverius> ?
<jpds> aliverius: sudo service <service> stop|start
<aliverius> i have two nics and i want to swap their if names, so that eth0 becomes eth1 and vice versa
<aliverius> how do i do that?
<aliverius> i remember that i could remove the current eth0 nic, erase some file and then eth 1 becomes eth0
<jpds> aliverius: Edit: /etc/udev/rules.d/70-persistent-net.rules
<aliverius> oooooooook
<aliverius> i did udevadm trigger
<aliverius> what else do i have to do, restart some network service?
<aliverius> i could reboot but i wanted to do it the cool way :p
<jpds> I'm not sure - I usually reboot after editing that file.
<aliverius> ok i will do so too
<aliverius> thanks for your help
<jpds> Well, I only edit it when I want to change the MAC address of an interface.
<phaidros> is there a know stable xen setup with recent ubuntu server version? ($kernel, $xen) ?
<g0bl1n> is there a channel for AWS Ubuntu AMI's ?
<g0bl1n> I'm trying to find ami-7e5c690a AMI but can't find it in AWS. This is the Ubuntu 10.10 Server 32Bit AMI
<soren> g0bl1n: http://uec-images.ubuntu.com/server/releases/maverick/release/
<g0bl1n> soren, yes, but the ID for 32b europe AMI can't be found in Amazon "Request Instances Wizard" in Management Console
<g0bl1n> soren, that is  ami-7e5c690a
<Devo-Kun> soren: I don't see 7e5c690a in the list on http://uec-images.ubuntu.com/releases/10.10/release/, I think you want ami-339ca947
<g0bl1n> Devo-Kun, if you press the shown AMI, you'll see the AMI's for severall zones
<g0bl1n> Devo-Kun,  ami-339ca947 can't seem to be found in AWS too :-(
<Devo-Kun> g0bl1n: I've had problems with the AWS web manager before. What happens if you try to start the instance from the command line?
<soren> g0bl1n: $ ec2-describe-images ami-339ca947 --region eu-west-1
<soren> IMAGE	ami-339ca947	099720109477/ubuntu-images/ubuntu-maverick-10.10-i386-server-20101225	099720109477	available	public		i386	machine	aki-4deec439			instance-store	paravirtual
<g0bl1n> ah ok, let me try Devo-Kun soren
<uvirtbot> New bug: #707940 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subproces installed post-installation script gaf een foutwaarde 1 terug" [Undecided,New] https://launchpad.net/bugs/707940
<g0bl1n> got it
<yann2> hello
<yann2> how would you characterize the state of btrfs in 11.4? usable? or "wow be careful"?
<yann2> am interested in its snapshot features
<uvirtbot> New bug: #707952 in samba (main) "package winbind 2:3.4.7~dfsg-1ubuntu3.2 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/707952
<hXm> hello
<hXm> i have configured a webdav directory on /var/www that works fine from mac and linux, but windows is not able to connect them
<hXm> it asks for an user that is never validated
<hXm> where can i read information aboout this issue?
<caution> how do I check disk performance and how heavy the disk activity is?
<pmatulis> caution: bonnie++ and iostat
<caution> thanks
<plm> Hi all
<RoyK> http://wimp.com/twocellos/ ftw!
<plm> people, anyone know how to raise the open file limit in Ubuntu?
<shauno> plm: sysctl -w fs.file-max=integer.  'sysctl fs.file-max' alone will give you the current value
<pmatulis> plm: http://tinyurl.com/6ym9sb3
<shauno> hm, they're all using ulimit.  I tend to change things system-wide instead.  not sure what the tradeoffs are there
<RoAkSoAx> morning all
<RoAkSoAx> ping Daviey:
<smoser> good morning mr RoAkSoAx
<RoAkSoAx> smoser: hi there mr smoser ;)
<RoAkSoAx> how;s it going today
<zul_> *grumble* mysql testsuite *grumble*
<Daviey> RoAkSoAx, o/
<Roasted> hey guys. anybody here set up freeradius before?
<Krhome> Hi
<Krhome> I've got a problem with my network card. I've put my HD with ubuntu-server in another PC, and the new Network card is not recognized. However, when I make a lspci, the netword card is present
<Krhome> Any idea?
<pmatulis> Krhome: pci id?
<sergevn> Roasted: yes me
<sergevn> Roasted: while ago though
<Roasted> sergevn, did you set it up on ubuntu by cahnce?
<zul> Daviey: http://en.wikipedia.org/wiki/Products_produced_from_The_Simpsons#Tomacco
<zul> Daviey: doh! https://code.launchpad.net/~devcamcar/openstack-dashboard/trunk
<sergevn> yes
<Roasted> sergevn, what exactly do you do after you install it?
<Daviey> zul, oooo
<Roasted> sergevn, I was told not to change anything because its default config is supposed to handle almost everything.
<zul> Daviey: git er done
<Roasted> sergevn, but I'm just kind of lost on how to get things started.
<Krhome> thanks pmautils for your help
<Krhome> but i've format everything
<sergevn> Roasted: by default freeradius authenticates againts local system users
<Krhome> next time ;-)
<Daviey> zul, I am so pleased it's Django :)
<Krhome> Have a good day
<Roasted> sergevn, so therefore, local users cannot get on wireless. you need to be a domain user. correct?
<zul> Daviey: tickled pink?
<sergevn> Roasted: have you configured your AP to autheticate via freeradius, you configured that correctly already?
<Daviey> zul, aye
<Roasted> sergevn, no, I'm not that far yet. I'm remoted into the server (it's running on VMWare) trying to finish the server setup.
<zul> Daviey: so what do you want to do about it?
<Roasted> sergevn, I found a guide on the official site with some "tests" to run.
<Roasted> sergevn, it unfortunately failed when I tried to launch the server in debug mode. It just said command not found.
<sergevn> Roasted: could you give me the url?
<Roasted> sergevn, surely.
<Roasted> http://freeradius.org/doc/?
<zul> Daviey: i was thinking putting it in the WI tracker for alpha-3
<sergevn> Roasted: doesnt freeradius start?
<Roasted> They noted to change as little as possible, and if you do change things, make 1 change, save, test, to make sure its okay.
<Roasted> sergevn, because of that I wanted to run it in debug mode sicne that was the first step-test to do.
<Roasted> sergevn, I have no idea how to check. It is an active process that should be running>
<Roasted> ?
<sergevn> first stop freeradius
<sergevn> service freeradius stop
<sergevn> as root ofcourse
<Roasted> done
<Roasted> completed fine
<sergevn> now do:  radiusd -X
<sergevn> and keep that terminal open.
<Roasted> okay, snag.
<Roasted> if I run that as root, command not found
<sergevn> now it's in debug mode
<Roasted> if I run without root, it says...
<sergevn> did you install via apt-get?
<Roasted> The program 'radiusd' can be found in the following packages. and it lists 3 packages.
<Roasted> am I to install them?
<sergevn> in your terminal
<RoAkSoAx> kirkland: howdy!! Sorry about last night!! anyways, when free... let me know
<sergevn> sec
<sergevn> did you install via apt-get or from source?
<Roasted> sergevn, what, freeradius?
<sergevn> yes
<Roasted> apt-get
<sergevn> i think radiusd is called different in ubuntu/debian
<sergevn> try freeradiusd or something
<Roasted> nada
<Roasted> :(
<sergevn> meh
<sergevn> sec m8
<Roasted> thanks bro. your help is mucho appreciated.
<Roasted> in fact Im going to step away from the keyboard for a minute, brb.
<sergevn> Roasted: you have luced?
<sergevn> *lucid
<Roasted> yes. 10.04.1
<Roasted> sergevn
<sergevn> the prodigy is perfect debug music
<sergevn> it's freeradius -X
<Roasted> bingo
<sergevn> on CentOS it's radiusd....
<Roasted> accepting requests now
<Roasted> sergevn, yeah I couldnt find any distro specific guides. just these general guidelines.
<Roasted> that's one thing I hate about linux. one can be so different from the other.
<sergevn> yeah, freeradius lacked that also 2 years back when I configured it also for 802.1x wireless network
<Roasted> lacked what?
<sergevn> debian docs
<Roasted> ah I gotcha
<sergevn> but that was only for testing back then, production went to CentOS
<Roasted> I see.
<Roasted> so if I can go into debug mode, I'm good, right? Do I need to tinker with anything in here?
<sergevn> in debug mode you can watch some text scroll by ;)
<sergevn> and check your config file for errors
<Roasted> my config file should be default. I haven't touched it.
<sergevn> also if someone authenticates, in debug mode you see that
<Roasted> I know I haven't touched it beeeecause I don't even know where it is...
<Roasted> :P
<sergevn> so now you have to add a user, and then configure your AP
<Roasted> so debug mode is handy for me to hang out in when I get another client laptop and AP that's hooked up to this server.
<sergevn> yes
<sergevn> watch out for plaintext password going by..
<Roasted> unfortunately I don't have an AP, and I won't be able to get one today because of bad weather. But I'll take notes here to do that.
<Roasted> How do I configure the AP to look at this radius server? Is it just IP based?
<sergevn> yes, ip based
<andho_busy> hi
<andho_busy> is it necessary to give a class C ip to the cluster
<sergevn> BUT, for encrypted network traffic you will need certificates and such
<plm> Ho change this limit: ulimit -n
<plm> 1024
<Roasted> sergevn, so wait... if I get into the config, put in the IP of this ubuntu server in the radius section of the AP config, and then try to connect, I'll see these entries passing through debug mode?
<andho_busy> regarding eucalyptus that is
<plm> how change that?
<sergevn> Roasted: yes
<RoyK> plm: man ulimit? google?
<Roasted> sergevn, do I need to set my wireless adapter on the laptop to have specific settings in order to connect? Or do I simply just need to be logged into a domain account?
<hallyn> soren: awesome, about qemu-nbd.  I was pretty sure the lock_kernel removal was to blame, but I was thinking that BKL was a mutex, not semaphore, so was looking for a more blatant error
<hallyn> soren: thanks for finding it
<Roasted> sergevn, speaking of whcih, how does the linux radius server even know to authenticate domain accounts by now?
<sergevn> it doesnt
<sergevn> it only knows the users you configure in the configfile
<sergevn> check the docs you posted to me, in the Initial Tests section
<Roasted> sergevn, so I would just have to set up a local test user for testing purposes on this.
<Roasted> sergevn, then when completed, THEN domain users come after.
<Roasted> am I right?
<sergevn> yes
<Roasted> okay, okay. this is making sense now.
<sergevn> then you have to install the ldap module etc..
<sergevn> that's the hard part
<sergevn> are you using Windows Active Directory?
<Roasted> yes
<Roasted> is there a way to get out of debug mode, or do I just close terminal?
<sergevn> ctrl c
<sergevn> to quit command in unix/linux use ctrl+c
<Roasted> ah yeah, I know that. I just wasnt sure if there was a command to disable it or if ctrl c was okay
<uvirtbot> New bug: #708080 in facter (main) "facter does not recognize KVM VMs as 'virtual'" [Undecided,New] https://launchpad.net/bugs/708080
<uvirtbot> New bug: #708068 in setserial (main) "usbserial problems" [Undecided,New] https://launchpad.net/bugs/708068
<zul> robbiew: i know you probably dont know this but is the desktop team suppose to be still handling likewise-open
<zul> robbiew: or am i going to be stuck with these two merge requests with my name beside them
 * patdk-wk likes you name better
<robbiew> zul: I have no idea...sorry...try asking pitti
<kirkland> RoAkSoAx: hey
<RoAkSoAx> kirkland: yo
<kirkland> RoAkSoAx: hey man -- powernap?
<RoAkSoAx> kirkland: sure!
<RoAkSoAx> kirkland: so anyways, saw the load monitor!! pretty cool
<kirkland> RoAkSoAx: ;-)  did you try it?
<kirkland> RoAkSoAx: i like it
<zul> robbiew: k
<RoAkSoAx> kirkland: it's pretty cool
<RoAkSoAx> kirkland: anyways, I refactored the powernapd_loop
<RoAkSoAx> kirkland: do you wanna chat to make it faster?
<kirkland> RoAkSoAx: sure, let me finish my current email
<RoAkSoAx> kirkland: ok ;)
<uvirtbot> New bug: #708092 in openldap (main) "package slapd 2.4.21-0ubuntu5.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/708092
<uvirtbot> New bug: #708100 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/708100
<kirkland> RoAkSoAx: okay
<kirkland> RoAkSoAx: skype?
<Bipul`> well i have a domain and i have installed apache on ubuntu
<Bipul`> now what shud i do /
<RoAkSoAx> kirkland: usre
<zul> Bipul`: umm...create a webpage maybe?
<Bipul`> zul,  check this http://113.19.130.140/
<Bipul`> and now i have register a domain on.tk but dont know the next step
<compdoc> you have a static ip address?>
<Bipul`> no
<compdoc> you are going to host the site at your location?
<Bipul`> dyanmic
<Bipul`> yes
<compdoc> you'll need a service like dyndns.com
<Bipul`> well
<Bipul`> i know
<Bipul`> dyndns but i dont found any option
<Bipul`> there t
<compdoc> they have a free version, but you have to use their domain name. Or, a pay for version, where you can use your own domain name
<compdoc> they can also register your domain name
<Bipul`> well i have my domain
<Bipul`> but whear to fix my domain i dont have any idea
<compdoc> a dns provider will point it to you
<compdoc> who did you register with?
<Bipul`> l33t-life.tk
<Bipul`> is mine domain
<compdoc> heh
<Bipul`> and i have made an account in dyndns
<Bipul`> now whear to fix this domain name
<patdk-wk> what is dyndns?
<patdk-wk> you need to find their ns servers, and update your domain with them
<patdk-wk> looks like you registered it via dot.tk
<compdoc> DynDNS Custom: Managed DNS Hosting Solution
<patdk-wk> there are hundreds of dyndns companies
<compdoc> if dot.tk has a dns hosting service, that would be the way to start
<skrite> hey all
<Daviey> zul, I noticed you added the Dashboard work item... Do you especially want to do that?
<SpamapS> zul: I haven't looked yet. When you merged mysql cluster 7.1, did you drop the libmysqlclient packages?
<zul> SpamapS: yeah
<zul> Daviey: i think so
<zul> SpamapS: mysql-cluster was never part of debian though
<SpamapS> zul: oh right
<SpamapS> "imported the latest"
<zul> SpamapS: yeah
<zul> 5.1.54 has been uploaded as well
<SpamapS> zul: sweet. I plan to spend a couple hours figuring out how to make pic builds of 5.5 go
<SpamapS> zul: I wonder if we couldn't just disable them initially to get something uploaded
<zul> SpamapS: okies...i created a PPA to get people testing for SRU fixes as well
<zul> SpamapS: i still have to sit down and look at your packaging
<SpamapS> hmm?
<SpamapS> zul: the cmake transition is maddening
<zul> SpamapS: i spent some time this morning closing mysql bugs asking people to test a backported 5.1.54 and we can go from there
<zul> kirkland: where are we in the mcollective stuff?
<kirkland> zul: uploading today
<kirkland> zul: right after lunch ;-)
<zul> kirkland: k cool
<kirkland> zul: i have one in my ppa, i just wanted to do a little sniff testing of the binaries
<zul> url?
<kirkland> zul: i was waiting on elmo or someone from Canonical IS to give me some testing feedback
<kirkland> zul: i haven't heard from them yet, so i figured i'd just upload a clean source package that builds and installs well
<kirkland> zul: and deal with everything else as bugs later
<kirkland> zul: that okay by you?
<zul> kk
<kirkland> zul: rock
<kirkland> zul: url coming ...
<zul> you might want to talk to lynxman as well
<kirkland> zul: my first cut is in https://launchpad.net/~kirkland/+archive/ppa
<kirkland> zul: i have a few minor changes since that
<kirkland> zul: anyway, it'll be in the NEW queue today
<zul> kirkland: do you want me to review it after you upload it?
<kirkland> zul: you looking for release team highlights?
<zul> kirkland: nope not today
<kirkland> zul: ah
<lynxman> hey kirkland o/
<kirkland> zul: also, i'll upload orchestra today too
<kirkland> lynxman: howdy
<kirkland> lynxman: you're familiar with mcollective?
<lynxman> kirkland: yes, playing with it right now :)
<kirkland> lynxman: cool, let me get you a fresh binary package built, and if you can test it and provide some feedback, that would be great ;-)
<lynxman> I actually backported your mcollective natty packages to maverick
<lynxman> kirkland: sure!
<lynxman> I already have some dependency thingies you might want to talk about
<kirkland> lynxman: oh?  cool ... what are they?
<lynxman> just gimme 5 mins since I'm in the middle of a mumble session
<kirkland> zul: oh, one thing ....
<kirkland> zul: i talked to the puppet guys and they want me to package 1.0.0 instead of 1.1.0
<uvirtbot> New bug: #708174 in php5 (main) "Upgrade to latest php 5.3 version" [Undecided,New] https://launchpad.net/bugs/708174
<kirkland> lynxman: i don't know if ^ matters to you
<kirkland> > 1.1.x is our development branch so I'd want to avoid getting that included.
<kirkland> >
<kirkland> > My commitment to the community is to only do bugs and packaging changes in
<kirkland> > 1.0.x which should be in line with your needs.
<kirkland> zul: ^ is what I got from PuppetLabs
<zul> kirkland: ok well lemme look and i think it makes more sense doing 1.1 if that is upstream recommends
<kirkland> zul: upstream recommends 1.0
<kirkland> zul: not 1.1
<zul> kirkland: yeah i got that mixed up
<kirkland> zul: cool
<Ubuntufanatic> join #ubuntu-offtopic
<lynxman> kirkland: the thing I was missing mostly is that the mcollective package (per se) doesn't have any plugins so it's mostly useless except for low level RPC calls
<lynxman> kirkland: I did some PPA's in launchpad with what I needed at https://launchpad.net/~lynxman/+archive/mcollective-maverick
<lynxman> kirkland: it's work in progress so I'm completely ignoring the deb packaging standards so far
<JamesPage> SpamapS: remind me again how I get stats on PPA downloads?
<SpamapS> JamesPage: there's a tool.. I'll push it up to a bzr branch
<JamesPage> SpamapS: ta
<lynxman> SpamapS: howdy, you're also SpamapS on serverfault right?
<SpamapS> lynxman: yes!
<lynxman> SpamapS: so you were giving me grief about encryption bloatiness :P
<SpamapS> lynxman: Indeed I was. 40% is really, really a lot more than I've ever seen.
<kirkland> lynxman: zul: okay, so i think there should be a dependency on rabbitmq and rabbit-stomp, right?
<lynxman> SpamapS: yeah, I was talking about IPSEC 4k vs 1k and stuff, I had a quite long discussion with my boss 1+ years ago about it
<kirkland> lynxman: zul: which of the binary packages need to depend on that?
<lynxman> kirkland: hmm kinda since mcollective is also the one that runs on the clients so making it depend on rabbitmq (which is just in one machine) would be confusing, I've thought about that though
<RoAkSoAx> kirkland: so what does the LoadMonitor do when you set the threshold to "n" again?
<lynxman> SpamapS: the problem is that I read OpenVPN like 5 posts too late :D
<kirkland> RoAkSoAx: it scales it to however many CPUs you have online
<SpamapS> lynxman: IPSec's encryption re-keys at around the same rate as openvpn IIRC .. public keys are just too big and too unwieldy to be using for more than initial startup and forward secrecy.
<kirkland> RoAkSoAx:         if config['threshold'] == "n":
<kirkland>             self._threshold = commands.getoutput("getconf _NPROCESSORS_ONLN")
<patdk-wk> using public/private keys to encrypt data?
<lynxman> SpamapS: yeah but my data was showing that
<kirkland> RoAkSoAx: if there's a way to do that getconf without forking a shell, that would be great ;-)
<patdk-wk> that has to be cpu taxing
<lynxman> SpamapS: in special, bandwidth usage on scp over an IPSEC link vs same bandwidth usage out of the tunnel
<kirkland> RoAkSoAx: i couldn't find a getconf() builtin
<lynxman> patdk-wk: could be, but in this case the CPU wasn't topping up
<RoAkSoAx> kirkland: so if there's 2 processors, then if the loadavg is more than 2, then it will detect activity, otherwise it won;t?
<SpamapS> lynxman: I will say that the enc algorithm and the packet profile matters a lot. For his tiny packets of key presses, there is at least one block of overhead .. so for AES256 .. that would at least be enough to make the IP packet take a little longer to build/transmit.
<SpamapS> lynxman: right, so enc+enc means double overhead
<lynxman> SpamapS: yeah fair enough, was just trying to explain my case here :)
<kirkland> lynxman: hmm, i'm confused about your statement on rabbit/stomp?
<SpamapS> lynxman: so in a way you're right .. but 40% still seems way too high. :)
<lynxman> kirkland: mcollective needs to be installed on every single node whereas rabbitmq just needs to sit in one machine
<lynxman> SpamapS: I was shocked as well believe me
<SpamapS> lynxman: This is why its always important to compress first, then encrypt. :)
<lynxman> SpamapS: hear hear, completely agreed
<lynxman> kirkland: so in this case there's no dependency between mcollective and any stomp server
<lynxman> kirkland: maybe a Suggests?
<lynxman> kirkland: or do a metapackage mcollective-server in which installs mcollective and adds the dependency for a stomp server (like rabbitmq or activemq)
<SpamapS> JamesPage: lp:~clint-fewbar/+junk/lptools
<kirkland> lynxman: yeah, i like the latter
<lynxman> kirkland: me too :)
<kirkland> lynxman: mcollective-server meta package it is!
<lynxman> wohoo \o/
<SpamapS> kirkland: btw, thank you for errno. I've always used mysql's 'perror' .. but this is much better. :)
<kirkland> SpamapS: \o/
<kirkland> SpamapS: it's been moved from ubuntu-dev-tools to its own package, errno, FYI
<SpamapS> kirkland: yeah I just saw that fly by and I'm waiting for it to hit my mirror. :)
<kirkland> SpamapS: you'll need to apt-get install errno next time you upgrade your ubuntu-dev-tools ;-)
<kirkland> SpamapS: :-)  anyway, thanks for your 'thanks';  i wrote that in 2003, when I was doing some systems level development
<kirkland> SpamapS: and found myself digging through manpages and *.h files
<SpamapS> kirkland: IIRC, Replaces: can be used to get apt to do that during transition.
<kirkland> SpamapS: understood
<RoAkSoAx> kirkland: and yeah was the eval() thingy so I'm gonna remove the quotes from the config
<kirkland> SpamapS: well, actually, ubuntu-dev-tools would have to recommend errno
<RoAkSoAx> kirkland: and the eval for the LoadMonitor
<kirkland> SpamapS: which ain't gonna happen, given my talks with the maintainer of that package
<kirkland> RoAkSoAx: \./
 * kirkland grew *really* long arms
 * RoAkSoAx loves kirkland's LoadMonitor for PowerNap
 * kirkland highfives RoAkSoAx 
<SpamapS> kirkland: yeah you can actually doo  Replaces: ubuntu-dev-tools (<< xxxx) Breaks: ubuntu-dev-tools (<< xxxx) ..
<kirkland> SpamapS: bzr branch lp:errno
<kirkland> SpamapS: and you'll that
<kirkland> SpamapS: and you'll see that
<SpamapS> kirkland: ahh ok, then yeah, as long as ubuntu-dev-tools recommends it.. should work. Or is there some suggestion that we don't want to do that?
<RoAkSoAx> Fedora Servers compromised http://is.gd/qr1rlr
<lynxman> RoAkSoAx: again?!
<RoAkSoAx> lynxman: that's yesterdays news, so yeah I guess that again
<kirkland> lynxman: http://paste.ubuntu.com/558652/ ?
<lynxman> kirkland: oh libstomp-ruby adds the rabbitmq server stomp functionality? cool
<lynxman> kirkland: looks beautiful
<kirkland> lynxman: SpamapS showed me that :-)
<lynxman> SpamapS kudos for that one
<lynxman> and here I was making a new package for that
<kirkland> lynxman: i didn't know about it either;  i had asked SpamapS to look at packaging it
<kirkland> lynxman: hah, i started the same thing
<lynxman> kirkland: heh :)
<lynxman> RoAkSoAx: yeah they were compromised as well like a year and scratch ago
<kirkland> zul: okay, last thing now ... init -> upstart
<kirkland> zul: were you working on that?  or should i?
<zul> go ahead
<kirkland> zul: cool, looks easy
<zul> kirkland: the makefile patch looks a bit overkill to me couldnt you just make the directories and copy the approiate files in the debian/rules
<SpamapS> zul: how does upstream do installs?
<SpamapS> kirkland: ^^ ?
<kirkland> SpamapS: dunno
<kirkland> zul: only one of those patches is getting applied
<kirkland> zul: see the series file
<zul> kirkland: then get rid of it ;)
<kirkland> zul: well, i haven't looked at what they do and don't do yet :-)
<zul> kirkland: ok
<kirkland> zul: okay, upstart done
<kirkland> zul: initlsb.dpatch  and makefile.dpatch should definitely go away
<kirkland> zul: not sure about conffile.dpatch
<uvirtbot> New bug: #708211 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: ErrorMessage: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,New] https://launchpad.net/bugs/708211
<kirkland> RoAkSoAx: i think i see why powernapd is not starting ....
<kirkland> RoAkSoAx:         dh_installinit --noscripts --error-handler=true
<kirkland> RoAkSoAx: we need to drop --noscripts
<kirkland> zul: lynxman: okay http://people.canonical.com/~kirkland/mcollective
<kirkland> zul: upstart script now
<lynxman> great, this one is for natty right?
<kirkland> zul: lynxman: let me know if there's anything else
<kirkland> lynxman: yes
<kirkland> lynxman: should (?) install on maverick
<zul> kirkland: thanks also why is it a native package?
<kirkland> mcollective (1.0.0-0ubuntu1) unreleased; urgency=low
<kirkland> zul: ?
<lynxman> kirkland: yeah, it works right away, just need to build my plugin packages on top of that then
<kirkland> zul: it's a -0ubuntu1
<zul> kirkland: there is not *.orig.tar.gz
<kirkland> zul: [ ]	mcollective_1.0.0.orig.tar.gz	11-Dec-2010 17:07 	158K	
<zul> kk
<kirkland> zul: were those trick questions?
<kirkland> :-)
<kirkland> "just checking"
 * kirkland goes for lunch finally
<kirkland> lynxman: zul: let me know if there's anything else
<uvirtbot> New bug: #708116 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: podproces zainstalowany skrypt post-installation zwrÃ³ciÅ kod bÅÄdu 1" [Undecided,New] https://launchpad.net/bugs/708116
<lynxman> kirkland: can't think of anything right now, have a good one, I'll afk for the evening in a few mins as well
<uvirtbot> New bug: #707813 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/707813
<uvirtbot> New bug: #708005 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,New] https://launchpad.net/bugs/708005
<uvirtbot> New bug: #707795 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/707795
<uvirtbot> New bug: #707803 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/707803
<uvirtbot> New bug: #707787 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/707787
<Pici> Ah, natty.
<gobbe> ah, natty <3
<genii-around> Interesting how there is the same report in like 4-5 languages
<uvirtbot> New bug: #707711 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/707711
<uvirtbot> New bug: #707724 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: underprocess installerade post-installation-skript gav felkod 1" [Undecided,New] https://launchpad.net/bugs/707724
<uvirtbot> New bug: #707781 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/707781
<uvirtbot> New bug: #707644 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/707644
<uvirtbot> New bug: #707652 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/707652
<RoAkSoAx> kirkland: Just pushed my changes!! It works beatifully for me with 1 monitor of each type!! It actually doesn't seem to add much load
<RoAkSoAx> kirkland: and ConsoleMonitor and WoLMonitor (ports 7 and 9) are enabled by default
<RoAkSoAx> kirkland: the only thing left is to update the manpages
<kirkland> RoAkSoAx: rock
<patdk-wk> fix the wol detection?
<uvirtbot> New bug: #565018 in cloud-init (main) "instance is not reachable via ssh" [High,Won't fix] https://launchpad.net/bugs/565018
<uvirtbot> New bug: #567334 in linux (main) "blocked tasks delay cloud-init for 240 seconds" [Medium,Triaged] https://launchpad.net/bugs/567334
<uvirtbot> New bug: #645458 in cloud-init (main) "add timezone setting to cloud-config" [Low,Triaged] https://launchpad.net/bugs/645458
<kirkland> RoAkSoAx: let me know when you have the manpages updated
<kirkland> RoAkSoAx: i'm testing now
<Mip5> Hi - what is the preferred way to have a script run at boot in ubuntu server 10.04? The script will issue "ip rule add .." and "ip route add..."
<RoyK> Mip5: /etc/network/interfaces
<RoyK> Mip5: just add 'up ip rule ...' in the interface block
<Mip5> RoyK: Really? I thought about that.
<Mip5> RoyK: So I need it to be indented (and below the rest of my interface description).
<RoyK> the 'up' keyword in front will run that commmand when the interfaces is upped
<RoyK> 'down' works the same way
<RoyK> Mip5: I don't know if indentation is needed, but it looks better that way :P
<Mip5> RoyK: Excellent - thanks very much!
<RoyK> np :)
<SpamapS> JamesPage: were you able to use that get-ppa-stats script btw?
<uvirtbot> New bug: #708263 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/708263
<uvirtbot> New bug: #708264 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/708264
<hggdh> anyone knows what happened to the AMD64 ISO image for today?
<genii-around> Maybe because apache2 failed to build from source
<RoyK> For those interested in disk lifetimes etc, this is good reading  http://www.cs.cmu.edu/~bianca/fast07.pdf
<RoAkSoAx> kirkland: will have them finished by the end of the day... I'm on my way out for lunch right now
<kirkland> RoAkSoAx: cool
<RoAkSoAx> kirkland: if your testing goes well I think we can release right after getting the manpages finished
<kirkland> RoAkSoAx: ack
 * RoAkSoAx lunch finally!! (starving)
<JamesPage1> SpamapS: with a couple of local tweaks - works great - whats the update interval on stats? or is it live....
<SpamapS> JamesPage: no it lags a lot
<JamesPage> SpamapS: thought so :-)
<SpamapS> JamesPage: I'd guess.. by about a day
<SpamapS> maybe 2
<kirkland> SpamapS: hmm, lintian/upstart question for you
<kirkland> W: powernap: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/powernap
<kirkland> SpamapS: looks like a bullshit warning to me
<kirkland> SpamapS: its seeing the symlink installed by upstart
<kirkland> actually .... i thought i fixed this in lintian itself
 * kirkland checks
<SpamapS> kirkland: yeah thats b.s. if its the symlink to upstart-job
<kirkland> SpamapS: http://paste.ubuntu.com/558704/
<SpamapS> kirkland: lintian should be patched already to not complain in that case
<SpamapS> kirkland: if not.. definitely needs a bug report
<kirkland> SpamapS: yeah, i sponsored a related fix from jiboumans
<kirkland> http://pastebin.ubuntu.com/558705/
<SpamapS> kirkland: maybe it got lost in a recent merge
<kirkland> SpamapS: hmm, last merge was  -- Benjamin Drung <bdrung@ubuntu.com>  Mon, 26 Jul 2010 10:26:45 +0200
<kirkland> SpamapS: looks like the maintainer modified jiboumans' *working* patch
<kirkland> SpamapS: with something that don't worky
<kirkland>     + [RA] Exclude symlinks to upstart-job from init script syntax checks.
<kirkland>       Based on a patch by Jos Boumans.  (Closes: #569492)
<SpamapS> DOh!
<SpamapS> kirkland: and really, that has a whole other approach in debian.. I'm surprised there was even an attempt made to handle it there.
<kirkland> SpamapS: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569492
<uvirtbot> Debian bug 569492 in lintian "lintian: Avoid checking upstart jobs linked from /etc/init.d" [Normal,Fixed]
<kirkland> SpamapS: aggravating, frustrating, disappointing
<SpamapS> kirkland: well either way, the merge should not have used the debian patch. Their policy on upstart jobs is *completely* different.
<kirkland> SpamapS: yeah, i'm going to re-introduce our patch
<kirkland> SpamapS: or part of it, at least
<SpamapS> kirkland: indeed, Russ Allbery's description is spot on.. the policies are different and ubuntu will have to maintain delta. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569492#36
<uvirtbot> Debian bug 569492 in lintian "lintian: Avoid checking upstart jobs linked from /etc/init.d" [Normal,Fixed]
<SpamapS> kirkland: note that Steve Langasek is working on changing that... and I've promised to help him with that where I can.
<SpamapS> I believe the policy now has been changed to allow packages to carry a .init and a .upstart file ..and install both.
<kirkland> SpamapS: agreed;  the person who did the merge should have carried or ported the ubuntu specific change and he did not
<uvirtbot> New bug: #708292 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.9 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/708292
<RoAkSoAx> kirkland: anything that you'd like to see in the manpage?
<kirkland> SpamapS: http://paste.ubuntu.com/558735/
<kirkland> SpamapS: diff works for me
<kirkland> SpamapS: wanna eyeball that for me?
<SockPants> hi, i need to test my server for heat problems. i've downloaded cpuburn but it only runs on one of the processors, even if i run 2 instances.
<SpamapS> kirkland: I see nothing wrong off hand, but I have to run to an appointment unfortunately.. so I can't give it my full attention right at the moment. Will look at it in a couple hours.
<kirkland> SpamapS: cool;  i'm uploading now
<kirkland> SpamapS: i'm happy with it
<markit> hi, I've a problem with ACL setup. I need, for a school, a dir RW for (group) teachers and (group) students. I've setup ACL so if a teacher creates a file there, everything is ok. But if teacher creates a file in his home and then copies it there (dolphin), the file uses the original permission and it ends up with "effective r--". How can I do?
<markit> I want teachers to be free to create content on their home and then copy/paste in the shared dir
<RoAkSoAx> kirkland: is the threshold monitor gonna be shipped by default?
<kirkland> RoAkSoAx: you mean the LoadMonitor?
<RoAkSoAx> s/threshold/Load
<RoAkSoAx> kirkland: yep :)
<kirkland> RoAkSoAx: yes, and was going to make threshold = "n" in the default config
<kirkland> RoAkSoAx: also, i want to disable the process monitor by default
<RoAkSoAx> kirkland: now is threshold = n
<kirkland> RoAkSoAx: currently, it always matches init
<kirkland> RoAkSoAx: cool
<RoAkSoAx> kirkland: ok, anything else that comes into your mind?
<kirkland> RoAkSoAx: hmm
<kirkland> RoAkSoAx: well, i kinda wanted to revisit besteffort = 0
<kirkland> RoAkSoAx: i kinda thinking powersave = 0 makes the most sense
<RoAkSoAx> kirkland: sure, and leave best effort as 4 or change to 2, then pm-suspend 3, etc
<kirkland> RoAkSoAx: do we need a "best effort" ?
<kirkland> RoAkSoAx: default to 0 -> powersave
<kirkland> RoAkSoAx: if someone wants to be more aggressive then they can
<markit> (btw, if someone can suggest me a better place where ask, is welcomed. I've been told to ask here but could be wrong)
<StrangeCharm> how can i, as a user, disable ssh password or keyboard-interactive logins via ssh (for my account, obviously)?
<RoAkSoAx> kirkland: we don't really need best-effor, though it first test if /etc/powernap/action is executable, if not it evaluates pm-suspend, pm-hibernate, poweroff
<kirkland> RoAkSoAx: right
<mathiaz> kirkland: hey!
<mathiaz> kirkland: who is looking after hadoop and (java) testing this cycle?
<kirkland> mathiaz: very likely one mister JamesPage
<RoAkSoAx> kirkland: i'll just swap and put powersave -> 0, besteffort -> 4
<mathiaz> kirkland: great - thanks!
<kirkland> mathiaz: you bet ;-)
<kirkland> RoAkSoAx: sounds good
<Brdavs> Hello! I have a freshly updated install of maverick and missing /dev/disk/by-uuid... Anyone know the problem?
<RoAkSoAx> kirkland: btw.. how were your tests?
<kirkland> RoAkSoAx: haven't gotten to it yet;  got pulled over to mcollective stuff
<RoAkSoAx> kirkland: ok ;)
<MTecknology> rsyslog is killing my CPU; any ideas what I can do to figure out why. It seems to only do it now that I'm on 11.04 and it's not eating up the Disk IO any..
<MTecknology> none of my logs are growing abnormally either
<uvirtbot> New bug: #648905 in cloud-init (main) "cloud-config syntax should not require rsa_public given rsa_private" [Low,Triaged] https://launchpad.net/bugs/648905
<uvirtbot> New bug: #653271 in cloud-init (main) "cloud-init should give an "All the way up" message" [Low,Fix released] https://launchpad.net/bugs/653271
<Brdavs> 11.04 is very beta.
<Brdavs> Missing /dev/disk-by-uuid in 10.10, latest update. Anyone seen that?
<RoAkSoAx> Brdavs: try "/dev/disk/by-uuid/"
<RoAkSoAx> Brdavs: /win 4
<RoAkSoAx> lol
<RoAkSoAx> sry
<StrangeCharm> how can i, as a user, disable ssh password or keyboard-interactive logins via ssh (for my account only)?
<MTecknology> StrangeCharm: I don't know that you can do it per user..
<RoAkSoAx> StrangeCharm: "man sshd_config" will tell you
<StrangeCharm> RoAkSoAx, doe that give settings for the ssh server administrator, or settings that an individual user can put in ~/.ssh ?
<MTecknology> DANGIT!
<MTecknology> I'm getting sick of spam!
<RoAkSoAx> StrangeCharm: http://ubuntuforums.org/showthread.php?t=1487425
<yann2> btw if anyone could review bug #705648 it'd be much appreciated
<uvirtbot> Launchpad bug 705648 in linux-meta "Bug with extended attributes in reiserfs leads to FS corruption" [Undecided,New] https://launchpad.net/bugs/705648
<yann2> reported it a week ago, hasn't seen much attention, though it is quite important (dealing with fs corruption)
<yann2> happy to provide more infos if needed
<StrangeCharm> RoAkSoAx, that doesn't resove the problem, because i'm a user, not an administrator
<RoAkSoAx> StrangeCharm: uhmm not sure then, sorry
<realmatt> having difficulty getting an nfs share to mount at boot time.
<Brdavs> disk-by-uuid disappearing is because of LXC containers screwing up badly
<Brdavs> this LXC will be the death of me it seems.
<bobobo> hello everyone
<bobobo> is someone able to tell me how to set a different background color for the tty1? like white background and black fonts?
<bobobo> it's just to have a better readibility
<Brdavs> use ascii color codes in .bashrc?
<Brdavs> i mean ansi
<bobobo> I've read and tried a lot.....but I don't know HOW
<bobobo> like I can change the color of the command line, but not the background
<Brdavs> how about running "xterm -fg red -bg green"
<geekbri> is there an official ubuntu doc for creating custom AMI's with 10.04 LTS ?
<bobobo> xterm Xt error: Can't open display:
<bobobo> xterm:  DISPLAY is not set
<Brdavs> nope xterm is in X, not tty1
<bobobo> ....I'm in text-only mode
<Brdavs> yup I gather that now
<bobobo> hehe, you know, when you want to read something in the night i feel white background is better
<Brdavs> http://www.linuxselfhelp.com/howtos/Bash-Prompt/Bash-Prompt-HOWTO-6.html
<Brdavs> try something alon this line.
<bobobo> thx
<bobobo> waw I've been googling it for 1 hour
<bobobo> :D that's nice
<RoAkSoAx> kirkland: just pushed manpage updates. So if your testing goes well, and you will what I added to powernapd.8, feel free to upload
<bobobo> not working :(
<bobobo> time to code now
<bobobo> byebye
<uvirtbot> New bug: #708395 in clamav (main) "clamdscan can't scan anything" [Undecided,New] https://launchpad.net/bugs/708395
#ubuntu-server 2011-01-27
<RoyK> MCE is quite nice
<RoyK> got some reboots from a server and MCE told me it was memory fault.......
<binaryhat> i want to connect to my virtualized o/s on my server using virt-viewer w/o ssh. how do i do it?
<binaryhat> virt-viewer -c qemu://192.168.1.101:50001/system win_ult7 does not work
<sascha_> hi, I could really use your help: hp storageworks is linked via fibrechannel to two dl380 running ubuntu. I can mount the nas without problems (multipath) but copying files etc. the fs on the nas (ext3) is corrupted. Any ideas?
<SpamapS> sascha_: corrupted in content only, or metadata problems too?
<binaryhat> ?
<RoyK> sascha_: are you trying to mount an ext3 filesystem from two different machines?
<sascha_> SpamapS: fsck.ext3 has to repair lots of inodes :-(
<binaryhat> how do i use virt-viewer w/o ssh?
<sascha_> RoyK: yes
<SpamapS> binaryhat: what is virt-viewer?
<RoyK> sascha_: that's asking for trouble
<RoyK> ext3 doesn't support that
<binaryhat> https://help.ubuntu.com/10.04/serverguide/C/libvirt.html
<sascha_> RoyK: why? should not the controller of the storageworks prevent simultaneous write operations?
<SpamapS> sascha_: You may want to look into CLVM if you want to create volumes that can be mounted on one server at a time
<SpamapS> sascha_: haha no
<RoyK> sascha_: the filesystem is cached locally - use something like GPS
<SpamapS> sascha_: GFS is also an option.
<RoyK> sorry, GFS
<SpamapS> sascha_: but first ask yourself why you want to do this. :)
<sascha_> spamaps: f..ck
<yann2> sascha_, you need some sort of cluster filesystem for that, like SpamapS suggests, be very careful about mounting an ext3 fs on several filesystem
<yann2> yu might want to use NFS
<sascha_> spamaps: I want to store our virtual machines on the nas. In case of hardware failure I can quickly switch over
<RoyK> sascha_: shared storage filesystems are complex, and not very well tested in the linux world
<RoyK> sascha_: NFS would work well with that
<SpamapS> CLVM too ..
<RoyK> OCFS might work as well
<yann2> interesting SpamapS  I didnt know about that, is it commonly used for virtualisation?
<SpamapS> yann2: It works just like lvm .. but it has cluster awareness so you don't botch up your metadata by messing with it on two machines
<RoyK> I'd recommend something like GFS or OCFS
<RoyK> SpamapS: but not very stable and not very supported?
<sascha_> spamaps, royk: thx, I will check on the recommended file systems at once
<SpamapS> I use CLVM once about 5 years ago and it was simple and worked. Not sure if it has been maintained since
<SpamapS> sascha_: I think if your NAS supports NFS, you should use NFS
<SpamapS> its the simplest solution
<sascha_> royk: ocfs the experimental mark hast been removed in recent kernels
<RoyK> ok - didn't  know that
<RoyK> still, using ext3 for shared storage is a little like russian roulette
<SpamapS> its more like kamikaze warfare
 * SpamapS disappears again
<RoyK> well, russian roulette with all six chambers filled :P
<sascha_> spamaps: I am already browsing the manual
<RoyK> sascha_: about he "not very stable" comment, that went to CLVM, not OCFS
<sascha_> spamaps, royk: it was so easy, install multipathd, format the virtualdisk, mount it, finish. I should have known it was too easy :-)
<RoyK> just use a filesystem that supports multiple mounts
<RoyK> ext3 certainly does not support that
<sascha_> spamaps, royk: thank you very very much. I really appreciate your help. Have nice day. I will at once begin working on the problem.
<RoyK> good luck :)
<Angryfurby> hey guys i have having issues trying to host multiple websites with ubuntu 10.04 can anyone offer some help
<ChmEarl> Angryfurby, grep or locate the vhost examples under /usr/share/apache2
<Angryfurby> ok let me take a look
<Angryfurby> because i think i messed up up on creating virtual.conf
<Angryfurby> don't have vhost examples i just looked
<ChmEarl> Angryfurby,  what you want is a vhost.conf example, whereever it turns out to be
<ChmEarl> /usr/share/doc/apache2.2-common/examples/apache2/extra/httpd-vhosts.conf
<ChmEarl> Angryfurby, I had to start my Xen server to look for it
<RoyK> Angryfurby: create new /etc/apache2/sites-available/whatever.conf files
<Angryfurby> i already did
<RoyK> symlink them to /etc/apache2/sites-enabled
<Angryfurby> let me pastbin the configs
<RoyK> reload apache
<Angryfurby> did it also
<Angryfurby> but it just doesn't load them
 * RoyK mumbles rtfm
<sascha_> angryfurby: does your apache load one site at least?
<Angryfurby> yes the default
<Angryfurby> but not the others
<sascha_> angryfurby: for all your domain names the default page is loaded, right?
<Angryfurby> http://pastebin.com/1chVknCj
<Angryfurby> at one point yes
<Angryfurby> atm they only load the default page
<sascha_> angryfurby:sry, it took some time: try this. it is a VERY basic httpd.conf http://pastebin.com/9H4xWRvL
<Angryfurby> i see now i will try it
<Angryfurby> success !
<Angryfurby> you have to assign the virtual host
<Angryfurby> to a ip address correct
<charas> I am getting "ssh connection refused" :( sshd is running so I guess firewall it is then. How can I fix it?
<compengprof> is anyone available to provide some help with kvm and virsh?
<compengprof> hello?
<compengprof> I'm looking for some help with kvm and virsh. I followed the insructionsw in http://doc.ubuntu.com/ubuntu/serverguide/C/virtualization.html to create the bridge and vmbuilder to create the vm, but it keeps getting stuck as Grub stage 2
<wizardslovak> i disabled root in ssh , but if ill add user to sudoers file i should do without sudo right?
<fluvvell> is there a way of telling what speed the net if is operating at apart from transferring some data? ie is it operating at gigabit or just 100Mb
<gobbe> wizardslovak: yep
<gobbe> wizardslovak: ah sorry, you add user to sudoers with sudo/root
<gobbe> wizardslovak: but you login with normal user and then elevate to root using sudo
<wizardslovak> gobbe, yeap
<wizardslovak> yea but lets say i want to transfer file from laptop to server with filezilla
<gobbe> fluvvell: ethtool
<wizardslovak> i cant do that as i am logged as user and root is dissabled
<gobbe> wizardslovak: well, if you know root's password you can
<gobbe> wizardslovak: su -
<wizardslovak> yes
<wizardslovak> but i dissabled root in ssh_conf
<gobbe> the ssh-option only makes root-user not to login
<gobbe> yep, it means jsut that you cannot login with root-user
<gobbe> it doesn't prevent user to become root with sudo or su
<fluvvell> gobbe, thanks - have just been trying ethtool out - seems a bit reluctant to give meaningful output from my r8169 based card
<wizardslovak> in filezilla you cant write in command
<gobbe> of course cannot
<wizardslovak> once you loggin as user i cant use sudo or su
<gobbe> you need to ssh in
<gobbe> if you want to move files with filezilla add correct rights to your user
<wizardslovak> aha
<wizardslovak> so just adding user to sudoers wont do that
<gobbe> no
<gobbe> it allows user to run commands as root
<gobbe> !sudo
<ubottu> sudo is a command to run command-line programs with superuser privileges ("root") (also see !cli). Look at https://help.ubuntu.com/community/RootSudo for more information. For graphical applications see !gksu (GNOME, Xfce), or !kdesudo (KDE). If you're unable to execute commands with sudo see: http://www.psychocats.net/ubuntu/fixsudo
<wizardslovak> ok
<wizardslovak> so to transfer file to root owner folder it should work
<wizardslovak> weird
<wizardslovak> i got wordpress and phpbb using same port for email
<wizardslovak> but when i sent emails from both i get them on my gmail
<wizardslovak> but my friend only gets from phpbb
<wizardslovak> not the blog
<wizardslovak> should i change ports?
<twb> Technically it's for switching users, not necessarily for *escalating* privileges
<gobbe> twb: well, technically it's switching user, true
<gobbe> wizardslovak: what is your smtp-server?
<twb> e.g. sudo -u www-data debmirror
<gobbe> yep
<wizardslovak> smt.gmail.com
<gobbe> if you use gmails smtp it will change from address to your gmail-address
<twb> gobbe: in the envelope?
<gobbe> yep
<gobbe> so that you cannot use googles smtp to send something that is not googles account
<twb> Meh, normal users do not look at the envelope
<gobbe> i noticed that once when i sent one job mail from mobile phone, using googles smtp
<gobbe> twb: well, it changes reply-to also
<gobbe> so it looks like it was from gmail
<twb> No, it doesn't.
<twb> I just checked.
<gobbe> well, at least it did that ~6 months ago
<gobbe> when i used it on my mobile phone
<gobbe> maybe they have changed it
<twb> Probably that was your MUA
<gobbe> no it wasnt
<gobbe> i have only one account in my mobile phone, and it's email-settings have nothing to do with my gmail, only gmail related was smtp.gmail.com
<twb> http://paste.debian.net/105788/
<twb> That's sent via smtp.google.com
<twb> It sets the *Sender* -- that's not the same as Reply-To.
<gobbe> ok, so they have changed it
<gobbe> it used to be that reply-to was also changed
<gobbe> that was the reason why i then did my own smtp-server
<twb> Having said that, I have seen the occasional paranoid MTA reject such mail
<twb> What I normally do is tell msmtp to pick the smarthost based on the From
<gobbe> yep
<twb> Also, I highly recommend msmtp for satellites.
<twb> And for debugging MTAs :-)
<sascha__> good morning, is here someone in this channel who can answer me some questions regarding the oracle database file system (running under ubuntu server)?
<twb> !ask > sascha__
<ubottu> sascha__, please see my private message
<sascha__> is the oracle database filesystem capable of managing simulanious r/w access (nas) from two attached servers (fibre channel)?
<gobbe> ocfs(2)?
<gobbe> /dev/drbd1 on /j0 type ocfs2 (rw,_netdev,noatime,nodiratime,heartbeat=local)
<gobbe> and it's mounted on two machines with r/w, so answer is, it is
<gobbe> :)
<twb> Hang on, drbd â  ocfs
<gobbe> well, filesystem is ocfs
<twb> Oh, I see
<gobbe> and i'm using it also with FC
<gobbe> on other machine
<twb> ocfs on top of drbd
<gobbe> yep
<gobbe> drbd just handles mirror
<gobbe> it needs also filesystem :)
<twb> The output format was weird
<gobbe> yea, sorry
<twb> I set up drbd once
<twb> I lost interest when the work to make the root filesystem a DRBD node turned out to be nontrivial
<twb> I think we went with md on top of aoe instead
<\sh> drbd as rootdevice? sounds evil
<gobbe> it's not root device
<gobbe> aah
<gobbe> sorry, you talked about other :)
<sascha__> twb. gobbe: sorry, lack of sleep ocfs2
<gobbe> sascha__: yep, it's capable of dual r/w
<gobbe> sascha__: i would go with it, especially if you have only two nodes
<gobbe> sascha__: gfs2 is better if you have several nodes and fencing device, but without those i would go with ocfs2
<sascha__> 2nd question regarding ocfs2 can I disable the bail-out function if heartbeat stops responding?
<sascha__> I only have two nodes attached via fc to a hp san
<sascha__> on the san I store virtual machines for vmware
<sascha__> the idea is (until we have money for vmware vcenter) that even if one server dies I can start (manually) the virtual machine on the second server
 * twb grumbles about proprietary solutions
<sascha__> twb: do you mean my solution or the vsphere center?
<twb> sascha__: anything
<twb> specifically it's a kneejerk reaction to "vmware"
<twb> I'm rolling out a new mailserver (postfix+dovecot+mailman).  The current plan is to use postgrey and spamassassin against UCE.  Anyone want to sell me on an alternative?
<sascha__> twb: :-), why, they were the ones who brought virtualisation to market and I feel more comfortable with them than with M$
<twb> sascha__: if by "the market" you mean 80x86, I guess...
<sascha__> twb: no good solution, well tested
<sascha__> twb: of cource x86
<twb> s/390, sparc and power had stuff before vmware IIRC
<sascha__> twb: sparc does still exist? the last sparc I know of was installed in university 15 years ago
<twb> sascha__: right, that's when it had virtualization
<twb> x86 not having hardware virtuzalition from the start was really a symptom of being designed for washing machines
<twb> "Hardware-assisted virtualization was first introduced on the IBM System/370 in 1972, for use with VM/370, the first virtual machine operating system."
<sascha__> twb: that was before I was born :-)
<twb> And apparently SPARC only grew true hardware virtuzalition at the same time as x86 -- I guess I was thinking of its fine-grained SMT
<sascha__> twb: sry, I really enjoy chatting with you, but I have to answer some calls. I will be back online later, cu
<twb> Whatever, man
<sascha__> twb: I really mean it to hear from an "oldster" about the old ages ;-)
<sascha__> twb: bye
<twb> I'm twenty-five!
<twb> http://en.wikipedia.org/wiki/Popek_and_Goldberg_virtualization_requirements is the paper I was thinking of.
<aliverius> can someone help me with smartctl?
<twb> !ask > aliverius
<ubottu> aliverius, please see my private message
<aliverius> twb: why this?
<twb> No comment.
<aliverius> do you want me to pastebin the output?
<aliverius> directly?
<twb> aliverius: you have not stated the problem yet.
<aliverius> i want to open a discussion sorry
<aliverius> i have a problem with a hdd obviously and i am testing it with smartctl
<aliverius> `sudo smartctl --attributes --log=selftest --quietmode=errorsonly /dev/sdb` gives no output
<aliverius> does this mean the disk is ok?
<twb> I don't know.
<twb> I use smartctl -t short /dev/sda
<twb> Then inspect it with smartctl -a /dev/sda
<aliverius> also
<aliverius> i copied a 47gb file to the problematic disk
<aliverius> md5sum is ok
<aliverius> no errors in dmesg either
<twb> That is not a useful test.
<aliverius> (before i changed cable, io would create many errors)
<Brdavs> Hellols
<WinnerOK> ÃÃ®Ã¤Ã±ÃªÃ Ã¦Ã¨Ã²Ã¥ Ã£Ã¤Ã¥ Ã¬Ã®Ã¦Ã­Ã® Ã­Ã Ã©Ã²Ã¨ Ã¬Ã Ã­Ã³Ã Ã« Ã¯Ã® Ã³Ã±Ã²Ã Ã­Ã®Ã¢ÃªÃ¥ Ã¨ Ã­Ã Ã±Ã²Ã°Ã®Ã©ÃªÃ¥ IRC SERVER ?
<twb> WinnerOK: UTF-8, please.
<twb> !ru
<ubottu> ÐÐ¾Ð¶Ð°Ð»ÑÐ¹ÑÑÐ° Ð¿Ð¾ÑÐµÑÐ¸ÑÐµ #ubuntu-ru Ð´Ð»Ñ Ð¿Ð¾Ð»ÑÑÐµÐ½Ð¸Ñ Ð¿Ð¾Ð¼Ð¾ÑÐ¸ Ð½Ð° ÑÑÑÑÐºÐ¾Ð¼ ÑÐ·ÑÐºÐµ  / Pozhalujsta posetite /join #ubuntu-ru dlya polucheniya pomoshi na russkom yazyke
<WinnerOK> OK
<WinnerOK> !ru
<ubottu> ÐÐ¾Ð¶Ð°Ð»ÑÐ¹ÑÑÐ° Ð¿Ð¾ÑÐµÑÐ¸ÑÐµ #ubuntu-ru Ð´Ð»Ñ Ð¿Ð¾Ð»ÑÑÐµÐ½Ð¸Ñ Ð¿Ð¾Ð¼Ð¾ÑÐ¸ Ð½Ð° ÑÑÑÑÐºÐ¾Ð¼ ÑÐ·ÑÐºÐµ  / Pozhalujsta posetite /join #ubuntu-ru dlya polucheniya pomoshi na russkom yazyke
<WinnerOK> In Russian is not nobody: (
<twb> WinnerOK: sorry.
<WinnerOK> I'm looking for a manual for installing and configuring the IRC SERVERA on ubuntu 10.04 at manul suitable for any version!
<twb> ubottu: apt-get install ircd-irc2
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<twb> Oops
<uvirtbot> New bug: #708493 in openssh (main) "cannot login anymore: Read from socket failed: Connection reset by peer" [Undecided,New] https://launchpad.net/bugs/708493
<aliverius> twb: is this serious?
<aliverius> # 1  Short offline       Completed: read failure       90%        18         491864576
<aliverius> # 2  Short offline       Completed: read failure       70%        18         491864560
<aliverius> # 3  Extended offline    Completed: read failure       80%        11         491866296
<j0nr> morning
<j0nr> sigh, cannot get (have rarely had) the ability to send mail from a remote device. always get these errors:
<j0nr> Jan 27 08:42:20 jcrdevelopments postfix/smtpd[6151]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
<j0nr> Jan 27 08:42:20 jcrdevelopments postfix/smtpd[6151]: warning: unknown[109.181.95.213]: SASL LOGIN authentication failed: generic failure
<j0nr> I set up my mail server as per the 'perfect server' for  8,04 LTS.
<j0nr> it worked on day 1 but then since something has happened and its stopped
<j0nr> I can recieve mail no problem (on my imap client on my phone) but cannt send
<twb> aliverius: yes, it's seroius
<twb> aliverius: it says that the last third of your disk is buggered
<aliverius> it is strange because i run a long test yesterday and it didnt catch any errors
<twb> Shrug
 * aliverius shrugs too
<twb> IMO you should go buy new disk(s) and restore from backup ASAP
<twb> Preferably set up an md RAID1 or RAID5 while you're at it.
<uvirtbot> New bug: #708504 in php5 (main) "PHP 5.3.5 is available." [Undecided,New] https://launchpad.net/bugs/708504
<aliverius> twb: they are on raid already
<twb> Then you're in luck -- you only have to replace the dead disk and resync
<aliverius> twb: do you know how i can distinguish which hard disk is the faulty one?
<twb> Uh, it's the one you ran smartctl on
<aliverius> ... it is /dev/sdb but which one is sdb?
<aliverius> which physical unit
<twb> You can use hdparm or sdaparm to get its serial number
<huats> morning
<aliverius> now it wont boot
<aliverius> and my raid is bad
<aliverius> there must be a problem with gpt and the special grub partition
<aliverius> should i have put it in the raid partition?
<uvirtbot> New bug: #708537 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.9 failed to install/upgrade: subprocess installed post-installation script killed by signal (Segmentation fault)" [Undecided,New] https://launchpad.net/bugs/708537
<uvirtbot> New bug: #708551 in libvirt (main) "libvirt depends on SSL paths that don't exist in ubuntu" [Undecided,New] https://launchpad.net/bugs/708551
<trinkolas> hi everyone! how can i do a netinstall of ubuntu server 10.04???
<gobbe> !netinstall
<ubottu> Ubuntu can be installed in lots of ways. Please see https://help.ubuntu.com/community/Installation for documentation. Problems during install? See https://wiki.ubuntu.com/CommonProblemsInstall - Don't want to use a CD? See http://tinyurl.com/3exghs - See also !automate
<trinkolas> i need to do a netinstall from xen of ubuntu 10.04, but i need to know the url!!! anyone can help me???
<uvirtbot> New bug: #708571 in openssh (main) "ssh client segmentation fault" [Undecided,New] https://launchpad.net/bugs/708571
<uvirtbot> New bug: #708572 in tomcat6 (main) "tomcat6 postinst script err (sed)" [Undecided,New] https://launchpad.net/bugs/708572
<trinkolas> i need to do a netinstall from xen of ubuntu 10.04, but i need to know the url!!! anyone can help me???
<gobbe> trinkolas: didn you read what ubottu listed
<gobbe> trinkolas: url is your local mirror, or check some other from ubuntus page
<trinkolas> gobbe: virt-install doesnt allow a local mirror, only a netinstall
<gobbe> trinkolas: then use netinstall-media and install from there
<gobbe> url is your local mirror
<gobbe> local mirror == nearist site having images
<pluesch0r> hi everybody. i've installed lucid on a fujitsu server. everything works, except the video output is garbled when using the builtin ipmi/kvm module. any idea what i could be doing wrong/differently?
<pluesch0r> how do i find out what graphics mode the console is in right now?
<screen-x> every so often, my NTP server rejects all its peers and goes of to sulk in stratum 16, I setup a cron job to log what was happening: http://paste.ubuntu.com/558960/
<screen-x> Any idea how to solve it.. stop running my main ntp server in a vm? add more upstream servers?
<_ruben> ntp and virtualization are from from bestest friends .. especially a roo tone
<_ruben> root one
<screen-x> _ruben: far from ?
<_ruben> yeah .. brain-hand miscommunications
<yann2> could someone point me to a natty alpha iso?
<pmatulis> yann2: ?  google gives: http://cdimage.ubuntu.com/releases/natty/alpha-1/
<yann2> thanks... did try google put must have used the wrong keywords :(
<pmatulis> "ubuntu natty alpha"
<yann2> tred ubuntu 11.4 alpha download :)
<db-> any idea why my storage devices like sda are missing the HOST-RESOURCES-MIB::hrDeviceTable tree? OS is ubuntu lucid 10.04 net-snmp version 5.4.2.1~dfsg0ubuntu1-0ubuntu2.1
<db-> although i do see hrStorage in HOST-RESOURCES-MIB::hrStorage
<db-> problem is that collectors like opennms navigate through devicetree and are missing the disks, and therefore can collect usage data
<db-> s/can/can't
<Bipul`> http://paste.ubuntu.com/558996/ can any one look at my problem
<SpamapS> wow Bipul waited all of 8 minutes for an answer. :-/
<SpamapS> looks like there may actually be a bug in the dkimproxy package :-P
<aliverius> i built a raid 1 array with two disks which have gtp partitioning. i put the boot_bios partition for grub outside the raid partition. did i do wrong? now that i removed one disk from the array it doesnt boot
<SpamapS> aliverius: you should install grub on both disks
<Bipul`> http://paste.ubuntu.com/559008/ whats wrong with it
<SpamapS> Bipul`: I'm pretty sure that either a) there is a bug in the dkimproxy package, or b) you already installed it before, and the configs/scripts were broken.
<aliverius> SpamapS: so a first partition, outside raid/lvm, was a correct choice?
<aliverius> SpamapS: i think that ubuntu installed grub in both partitions
<aliverius> anyway i am reinstalling everything
<aliverius> will it be easy to re-create the array when i get the other disk?
<SpamapS> aliverius: should be, just duplicate the partition sizes from the working disk exactly.
<RoAkSoAx> morning all!!
<RoAkSoAx> SpamapS: dude!! isn't it like 6 am for you?
<SpamapS> RoAkSoAx: yeah, baby woke me up :P
<Bipul`> let me report this bug
<RoAkSoAx> SpamapS: oh!! Jeez I don't even remember when was the last time I woke up at 6 or earlier >P
<SpamapS> Bipul`: cool thanks!
 * SpamapS sits and waits while the mysql build downloads texlive-latext-extra-doc .. all 190MB of it
<Bipul`> http://paste.ubuntu.com/559017/ GUys plz help me out
<Bipul`> i dont know whats wrong with it
<SpamapS> Bipul`: since dkimproxy is broken, you may want to remove it first.
<Bipul`> sudo apt-get remove dkimproxy
<SpamapS> yeah
<Bipul`> this way
<Bipul`> http://paste.ubuntu.com/559023/ stil got error in removing
<Bipul`> sudo apt-get perg dkimproxy << do i need to use this command ?
<SpamapS> Bipul`: that would work yes, be careful as it will remove your configurations
<aliverius> does the reserved boot bios partition have to be bootable? the installer doesnt let me flag anything as bootable. i have root in raid+lvm
<patdk-lap> isn't the boot bios partition just extra holding room for grub2?
<Bipul`> http://paste.ubuntu.com/559029/ look at now
<Bipul`> stil error in stoping this application
<Bipul`> http://paste.ubuntu.com/559034/ guys i thought may be dkimproxy is not installed so when i try to install i got again a issue http://paste.ubuntu.com/559034/
<aliverius> patdk-lap: it is
<zul> SpamapS,  whats the bug number for the facter bug
<SpamapS> bug #708080
<uvirtbot> Launchpad bug 708080 in facter "facter does not recognize KVM VMs as 'virtual'" [Undecided,Fix released] https://launchpad.net/bugs/708080
<SpamapS> oooo
<SpamapS> cmake puts pretty colors on the screen when it has a tty
<robbiew> zul: any resolution on the likewise-open package home?
<zul> robbiew: just uploading it now
<robbiew> heh...ok
<robbiew> so I guess we took it back from desktop
<robbiew> :P
<zul> i guess..
<zul> the likewise people have already emailed me once
 * robbiew suspects it's easier for us to just keep it
<zul> although we dont have a way to test it to see if the bug fixes is actually valid though
<zul> robbiew: our old way went to racksapce ;)
<robbiew> heh
<zul> its still broken on arm afaik though
<hggdh> zul: morning -- I grabbed what I think is the SRU track(er|ing) from p.c.c. Now... what is what there? ;-)
<zul> hggdh: hold on lemme finish what im doing here
<hggdh> zul: roger wilco
<raubvogel> What would you use to monitor power supplies so you will, for instance, be warned when one of them decided to go fishing?
<pmatulis> raubvogel: talking about UPS?
<Kiall> holy crap - what happened to the PPA build queue! 4 days??
<raubvogel> pmatulis, actually redundant power supplies
<bigjools> there's a rebuild going on
<raubvogel> I have each connected to a different UPS, but would be nice to be told if one of those power supplies went on strike
<Patrickdk> normally what ipmi is for
<Patrickdk> or whatever other method your mb uses to talk to the psu
<RoyK> Patrickdk: huh?
<RoyK> raubvogel: it usually depends on which type of UPS it is
<raubvogel> RoyK, I am actually talking about the power supply in the computer, not the UPS the power supply is connected to.
<RoyK> raubvogel: that is - I remember now, there's a set of tools for that http://www.networkupstools.org/
<RoyK> apt-get install nut
<RoyK> and there are separate tools for APC UPSes
<RoyK> oh - ic
<RoyK> sorry
<Patrickdk> ipmi :)
<Patrickdk> if your motherboard supports it, and the psu is connected to the mb for it
<Patrickdk> atleast that is how all my servers monitor their psu's
<RoyK> I would think a system with redundant power should support that :P
<Patrickdk> depends on if the system was bought, or build youself :)
<Patrickdk> and built cheaply :)
<raubvogel> These are supermicro servers
 * RoyK has never built a system with redundant power
<Patrickdk> supermicro uses ipmi for all their stuff :)
<raubvogel> Coo
<RoyK> raubvogel: then it should be quite possible
<raubvogel> Cool
 * RoyK has a bunch of SM servers
<raubvogel> and what should I use to monitor the ipmi stuff?
<Patrickdk> dunno
<Patrickdk> I use munin to monitor most of it
<raubvogel> I like supermicro stuff a lot. They drive trays are kinda wimpy but I've never had one die on me
<Patrickdk> and my own scripts to watch for failures
<RoyK> raubvogel: https://help.ubuntu.com/community/IPMI
<dominicdinada> I am having a very hard time to get lamp to function properly, I had it installed correctly for 2 years and my problems all started when i added php5-pgsql extension it wiped all my access to mysql, with no drivers being being usable, so from that point i have attempted to remove and reinstall lamp 5 times all failing @ 77%
<dominicdinada> when i force quit it for the final time it left aptitude locked so i ran the commands to finish configuring all aptitude commands and they completed successfully but upon safe-upgrade and a reboot there is no mysql, php or anything running from the lamp package, I check the error logs and the only warnings i am getting is that mcrypt and the so's for pgsql are missing but it does not say it failed to load ? Wh
<dominicdinada> ere do i go from here
<gobbe> what did you try to install? (i mean what packages)
<dominicdinada> tasksel  -- lamp
<dominicdinada> besides that just the php5-pgsql packages
<dominicdinada> still going through all of the logs
<dominicdinada> but i check all the apache/mysql logs and besides 3 warnings it provides no answer
<ssureshot> anyone know of a ppa that has samba4 and openldap working?
<gobbe> dominicdinada: can you copy-paste output of the command to pastebin
<dominicdinada> gobbe: the command ?
<dominicdinada> !upgrade
<ubottu> For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/desktop/get-ubuntu/upgrade
<gobbe> dominicdinada: tasksel
<dominicdinada> sudo tasksel then check the box on lamp
<dominicdinada> it failed and left aptitude locked so i forced aptitude to finish configuring all failed packages
<gobbe> dominicdinada: sudo tasksell install lamp
<gobbe> dominicdinada: and copy-paste output
<dominicdinada> gobbe: what is the link for auto pasting output i have it installed but have not needed help in so long i forgot how to pastie it
<dominicdinada> as for this command it just returned a prompt and did nothing no messages
<dominicdinada> !pastie
<dominicdinada> !pasteit
<genii-around> !pastebinit
<ubottu> pastebinit is the command-line equivalent of !pastebin - Command output, or other text can be redirected to pastebinit, which then reports an URL containing the output - To use pastebinit, install the Â« pastebinit Â» package from a package manager - Simple usage: command | pastebinit -b http://paste.ubuntu.com
<dominicdinada> ty
<gobbe> hmmh
<gobbe> so it doesnt give any errors?
<dominicdinada> no it does not it returns nothing just a prompt
<dominicdinada> like i said it failed yesterday, i killed the process, and went to see what i could do today and dpkg was still locked so i forced aptitude to finish configuring all packages
<dominicdinada> via sudo dpkg --configure -a
<gobbe> ok
<dominicdinada> which successfully finished all packages with no errors at that time
<gobbe> you could try also to remove all packages and reinstall it
<dominicdinada> 6th time is the charm ?
<gobbe> so have you removed it earlier?
<gobbe> or just installed it again
<dominicdinada> removed
<dominicdinada> via tasksel
<gobbe> you could also try to install it from terminal "sudo apt-get install apache2 apache2-mpm-prefork apache2-utils apache2.2-common libapache2-mod-php5 libapr1 libaprutil1 libdbd-mysql-perl libdbi-perl libmysqlclient15off libnet-daemon-perl libplrpc-perl libpq5 mysql-client-5.0 mysql-common mysql-server mysql-server-5.0 php5-common php5-mysql"
<gobbe> and see what happens
<dominicdinada> gobbe: sorry i know i could but i always have troubles with that package
<dominicdinada> those packages......
<gobbe> what kind of trouble?
<dominicdinada> tasksel lamp nicely installs everything and does most of the leg work
<gobbe> that should be the list of packages tasksel does
<gobbe> tasksel however outputs much less information than apt-get
<dominicdinada> gobbe: and aptitude doesnt do anything further than placing the packages on the computer
<gobbe> but it outputs information in error situations
<dominicdinada> where as tasksel does alot of the work setting them up just minor modifications
<dominicdinada> an 26 08:35:24 diabolical-fs mysqld[4941]: #007/usr/sbin/mysqld: Character set 'utf8_general_ci'
<dominicdinada>  that is an error i did get now that i have been looking through the logs
<dominicdinada> Jan 26 08:35:25 diabolical-fs mysqld[4987]: #007/usr/sbin/mysqld: Character set 'utf8_general_ci' is not a compiled character set and is not specified in the '/usr/share/mysql/charsets/Index.xml' file
<dominicdinada> Jan 26 08:35:25 diabolical-fs mysqld[4987]: 110126  8:35:25 [ERROR] Aborting
<dominicdinada> i think i tracked a little of the problem down
<dominicdinada> http://pastebin.com/vF2jtw99
<dominicdinada> !app-armor
<poningru> suggestion: can we call the alternative install natty lite?
<SpamapS> poningru: ++
<SpamapS> dominicdinada: actually thats the minimal install ;)
<poningru> err right minimal
<SpamapS> dominicdinada: the apparmor bits are just letting you know that the profile's been loaded..
<dominicdinada> not when it is flooding my kernel and syslogs somethings going on
<SpamapS> dominicdinada: whats flooding your logs is that mysqld is crashing on startup
<dominicdinada> i check launchpad and there is a bug, but
<dominicdinada> check the logs crashing at startup = every other second
<dominicdinada> 10,000 lines worth
<SpamapS> yeah, mysqld takes a while to start back up after a crash
<jdstrand> there are no apparmor denials. apparmor should not be to blame
<SpamapS> just long enough where init doesn't think its thrashing
<SpamapS> dominicdinada: the UTF-8 thing is your most likely culprit
<dominicdinada> SpamapS: i do agree however even after i commented out those lines and attempted to reinstall the 7th time
<dominicdinada> still no where
<dominicdinada> since when is is utf8_general_ci not a valid language either
<SpamapS> dominicdinada: commented out what lines? Thats coming from your schema.
<dominicdinada> even still this explains nothing of why both apache and php are failing
<SpamapS> dominicdinada: because your app needs mysql? ;)
<dominicdinada> SpamapS: no and to display that i will rename my mail index page to show apache isn't working
<SpamapS> dominicdinada: that message is rather confusing since utf8_general_ci should in fact be compiled in
<dominicdinada> SpamapS: exactly and frankly i got sick and tired of seeing latin_swedish_1 when everysingle server in the western world and then even more all be using utf8
<dominicdinada> seeing and modifying
<dominicdinada> correct apache or php are not running either
<SpamapS> nobody's saying you can't usae utf8 :)
<SpamapS> its something else I'm sure
<JamesPage> zul: bug 705429 is now ready for your review - thanks
<uvirtbot> Launchpad bug 705429 in irqbalance "Latest update disables  irqbalance  with no offer to configure" [Medium,In progress] https://launchpad.net/bugs/705429
<dominicdinada> SpamapS: i did not see the instructions for the dist-upgrade on the community page
<zul> JamesPage: will do
<JamesPage> zul: ta
<dominicdinada> !dist-upgrade
<ubottu> A dist-upgrade will install new dependencies for packages already installed and may remove packages if they are no longer needed. Please see !upgrade for the proper way to upgrade to a new version of Ubuntu.
<dominicdinada> !upgrade
<ubottu> For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/desktop/get-ubuntu/upgrade
<SpamapS> dominicdinada: do-release-upgrade is preferred over dist-upgrade usually
<Pici> dist-upgrades aren't for upgrading to a new release.
<dominicdinada> SpamapS: I was told that a dist-upgrade would not upgrade the entire system just all the dependancies, which is incorrect it is a full upgrade no matter how you look at it
<SpamapS> dominicdinada: well it won't upgrade the system because it won't change which release its pulling from
<dominicdinada> SpamapS: the link and the text from ubottu seem to tell a unclear story but i am ready to give it a try
<Pici> You can't be sure that you're getting all your security fixes if you aren't using apt-get dist-upgrade/aptitude full-upgrade.
<Pici> dominicdinada: Whats confusing about ubottu's responses? (I can change them)
<dominicdinada> Please see !upgrade for the proper way to upgrade to a new version of Ubuntu
<dominicdinada> mixing a dist upgrade with that TAG as you have clearly pointed out they are 2 different things totally
<Pici> dominicdinada: Thats there because many people think that dist-upgrade will upgrade them to a new release of Ubuntu.
<dominicdinada> Pici: that is what Please see !upgrade for the proper way to upgrade to a new version of Ubuntu
<Pici> I'll think of a better wording though.
<dominicdinada> "A New Version of Ubuntu" to most people would mean I am using 10.04 and a new version would be 10.10
<Pici> dominicdinada: Yes.
<dominicdinada> aptitude full-upgrade ?
<dominicdinada> for the dist-upgrad ?
<Pici> aptitude full-ugprade is almost the same thing as apt-get dist-upgrade.  Theres a little difference with package removals, but if you prefer aptitude you can use it instead.
<dominicdinada> Pici:  i do prefer aptitude right after I am done reinstalling EBOX :( i will do the upgrade
 * dominicdinada hates ebox but webmin doesn't give a clear system picture
<lambda_x> does shutting down host send acpi poweroff to kvm virtual hosts or should I be doing it manually?
<RoyK> dominicdinada: learn the administration of the system from the command line - it doesn't take to much
<dominicdinada> RoyK: i dont know it all but i am learning little by little i will have to fit it into my busy school schedule of cisco, mcsa
<dominicdinada> and teaching myself php/javascript
<RoyK> dominicdinada: welcome aboard :)
 * RoyK installed his first linux box back in 1994 and is still learning :P
<gobbe> life is learning
<SpamapS> my first one was in 1995 ... Linux Universe ... ran from a CD-ROM and put / on a file inside a VFAT partition so you could try out Linux from a windows box.
<dominicdinada> and well any person who knows computers well knows dos, and s2k8 is a steep learning curve hell any MScores since Vista totally changed but Server-Core is dumb
<SpamapS> Was such a happy day when I installed Slackware and joined Undernet's #LinuxHelp a few months later.
 * SpamapS has been in that channel continuously since.. :)
<gobbe> slackware was my first distro also
<dominicdinada> SpamapS: we all had redhat and mandrake but i took a break until i had a useless server and laptop given to me with no potential as a windows machine and got back into linux
<RoyK> slackware 3.2
<RoyK> iirc
<gobbe> =)
<RoyK> and then to redhat, then debian, then ubuntu
<SpamapS> hah Roy, thats my exact progression too :)
<gobbe> i'm running redhat on servers mostly
<gobbe> and ubuntu on desktops
<dominicdinada> not hard to learn just hard to retain so much at once
<RoyK> gobbe: we're abandoning redhat these days - no reason to run 'supported' stuff when all you need is on the net, or in the worst case, support from canonical
<gobbe> RoyK: most of business software still is not supported on ubuntu :&/
<gobbe> like oracle etc
<RoyK> gobbe: we just ditched our old backup system for bacula, which works well
<dominicdinada> oh and add OSX to the list in 2 weeks when i get the money to buy a netbook ;/
<RoyK> gobbe: oracle has its own distro
<gobbe> RoyK: which is redhat + their kernel
<SpamapS> Bacula is amazing
<RoyK> yeah
<gobbe> RoyK: but it's also supported in redhat
<gobbe> RoyK: and not supported in ubuntu :)
<RoyK> I know - we have a couple of servers on oracle
<SpamapS> Found that at OSCON 2005 .. along with memcached. Truly a productive conference visit. :)
<RoyK> but then, with Oracle's pricing havoc, we've ended up running that on windoze machines
<RoyK> trying to move to postgresql these days
<RoyK> but with current applications written for oracle, I guess it'll take a few years
<gobbe> my customers are mostly huge enterprise-customers, so oracle etc is quite standard there
 * SpamapS has thankfully been able to avoid oracle for the most part :-D
<gobbe> like in linux-world it is redhat (or in some cases suse)
<dominicdinada> all my troubles came from pqsql but i heard it is a nice setup
<RoyK> gobbe: redhat was the standard at work when I started - I changed that :P
<gobbe> RoyK: well, there it might be possible, in my customer's it is not
<gobbe> RoyK: because software they run is not supported in ubuntu :)
<gobbe> i run my own servers on ubuntu
<zul> Daviey: can you cover the SRU meeting for me on monday
<RoyK> hm.. I forgot about QFS/SAM
<RoyK> but it looks like that project is rather dead
<RoyK> http://www.gnu.org/fun/jokes/ed.msg.html
<Tohuw> Has anyone worked out a cost benefit analysis for using EC2 for high availability applications? I'd be interested in some insights, especially if you decided in favor.
<SAM____> HI EVERYONE THIS IS SAM
<SpamapS> Tohuw: the whole reason for the cloud's existence is to have applications that spread accross multiple nodes .. presumably for HA.
<SpamapS> (and I include performance in availability)
<SAM____> can anyone tell me if this is correct config for bind please?
<SAM____> http://paste.ubuntu.com/559133/
<SAM____> can anyone tell me if this is correct config for bind please? http://paste.ubuntu.com/559133/ my website is not resolving www.mydomain.com
<Daviey> zul, yes, that should be fine
<zul> Daviey: thanks!
<SpamapS> zul: so I think actually I can still ship libmysqld-pic
<zul> SpamapS: how do you figure?
<SpamapS> zul: it still uses the same public headers as libmysqlclient
<zul> SpamapS: bah
<SAM____> hello?
<SpamapS> so while it is, itself, unversioned, its parent library/API/ABI are.
<Tohuw> SpamapS: sorry, I should have been more specific. I'm considering the cost factors of hosting an instance of Ubuntu Cloud Server using EC2 versus, say hosting a vps running Ubuntu Server. From a pure cost perspective, it seems a cloud instance price stacks up quickly with EC2, seeing as how I seem to need the instance itself, EBS, etc. et al ad infinitum.
<SpamapS> zul: I may ship the headers anyway in /usr/include/mysql-5.5 tho
<SpamapS> Tohuw: the reason to use the cloud is usually agility, not cost.
<zul> SpamapS: ack
<SpamapS> zul: do you recall where norbert hangs out on IRC? I may want to ping him for an opinion.
<zul> SpamapS: oftc maybe on #debian-devel
<Tohuw> SpamapS: that makes sense. Is it reasonable to assume that running an instance of Ubuntu Cloud Server on EC2 will, very generally, present a higher cost than a traditional infrastructure of similar resources (processing power/memory/disk space, etc.)?
<hallyn> zul: pls keep me in the loop if/when you play with lxc in uec, using the same images with lxcguest for kvm and lxc
<SpamapS> Tohuw: EC2 nodes are not known for their performance.. again, the only real reason is that you don't have to wait to get a new server.
<zul> hallyn: of course i was working on it right now
<SpamapS> Tohuw: so even if an EC2 node costs 5x what it would cost to have a similarly capable physical host.. the fact that you can have it *now* is worth it if your business has to scale up and down rapidly.
<hallyn> zul: rockin'.  dying to know if it works for you :)
<zul> hallyn: so am i :)
<SAM____> can anyone tell me if this is correct config for bind please? http://paste.ubuntu.com/559133/ my website is not resolving www.mydomain.com but resolves mydomain.com
<gobbe> SAM____: you mean that www.mydomain.com is not working?
<SAM____> no sorry
<gobbe> SAM____: it's not proper file
<Tohuw> SpamapS: excellent explanations, thank you.
<SAM____> can anyone tell me if this is correct config for bind please? http://paste.ubuntu.com/559133/ my website is not resolving www.unrealkillers.com.com but resolves unrealkillers.com
<gobbe> SAM____: don't repeat
<gobbe> SAM____: file is not proper
<SAM____> gobbe it is resolving unrealkillers.com not www.unrealkillers.com
<SAM____> so what should i have instead?
<gobbe> SAM____: https://help.ubuntu.com/community/BIND9ServerHowto
<uvirtbot> New bug: #708808 in cobbler (universe) "Makefile changes ownership of web directory to 'apache', not 'www-data'." [Undecided,New] https://launchpad.net/bugs/708808
<slicslak> hey guys, just fired up a rs cloud ubuntu instance.  when creating new users the default shell is sh
<slicslak> i know how to change it per user, but would like to change the default for new users going forward
<slicslak> is this a setting in /etc somehwere?
<uvirtbot> New bug: #676472 in libvirt (main) "after upgrade from ubuntu 10.04 to 10.10, virt-manager could not create or start a vm." [Low,Confirmed] https://launchpad.net/bugs/676472
<SpamapS> slicslak: grep 'DSHELL' /etc/adduser.conf
<gobbe> yep, change DSHELL-variable
<slicslak> ok, and that's set to /bin/bash.  wierd.  ok thx guys
<dominicdinada> still dont get why the
<gobbe> so that is bash and you run adduser and new user comes with sh?
<dominicdinada> Server is not running
<SAM____> can anyone tell me if this is correct config for bind please? http://paste.ubuntu.com/559133/ my website is not resolving www.unrealkillers.com but resolves unrealkillers.com
<gobbe> SAM____: stop repeating
<gobbe> SAM____: i told you earlier that it is not
<dominicdinada> i compaired all the server configs to a Fresh install and all the configurations are identical in apache2.conf/php.ini   sites-enabled etc
<SAM____> which config isnt correct
<SAM____> bc i looked at the config with the howto and i cant see my mistake
<gobbe> SAM____: and i gave you link to howto
<dominicdinada> EVERYTHING yet when i go to the address it sends the html file and a download :(
<gobbe> SAM____: well, it's not even close to what it shows in howto
<gobbe> SAM____: start from the line "Also, create an A record for ns.example.com the name server in this example: "
<gobbe> SAM____: there's short example
<dominicdinada>  !upstart
<ubottu> Upstart is meant to replace the old Sys V Init system with an event-driven init model.  For more information please see: http://upstart.ubuntu.com/
<gobbe> SAM____: there's also command named-checkzone to help you
<SAM____> yeah when i run that it says no config errors...
<SAM____> No errors were found in the BIND configuration file /etc/bind/named.conf or referenced zone files.
<gobbe> zone unrealkillers.com/IN: loading from master file testi failed: bad dotted quad
<gobbe> zone unrealkillers.com/IN: not loaded due to errors.
<SpamapS> hrm.. why does mysql use .files instead of .install files.. :-/
<gobbe> you run named-checkconf
<gobbe> not checkzone
<slicslak> gobbe, that's correct.  I found it though, I use useradd, and it's config file is at /etc/default/useradd
<gobbe> slicslak: ok :)
<gobbe> slicslak: that's why i asked it :-)
<slicslak> obviously i should have just rtfm'd to begin w/  ;)
<chovynz> how do I find out what sort of php and apache my server is running? What's the command from terminal
<chovynz> sort = version
<gobbe> php --version
<thesheff17> what is the name of the xserver ubuntu irc chat room?
<gobbe> or just check from apt-cache show <package>
<chovynz> did I do a bad thing by writing apt-get upgrade php?
<gobbe> it upgrades php-package
<chovynz> hmm
<chovynz> seems to be doing more than just updating php
<gobbe> hmmh
<chovynz> eg Unpacking replacement libk5crypto3 ...
<chovynz> Preparing to replace libgssapi-krb5-2 1.8.1+dfsg-5 (using .../libgssapi-krb5-2_1.8.1+dfsg-5ubuntu0.2_i386.deb) ...
<gobbe> true
<gobbe> it upgrades everything
<chovynz> uh.. ok. oops?
<SAM___> can someone help me restrict recursive DNS server please
<RoyK> chovynz: imho upgrading should be done for all packages, regularly
<gobbe> yep
<slicslak> ok, this is wierd.  i added the group web with groupadd, and it is showing in /etc/group w/ id 1000
<slicslak> when I chgrp web foo however, the group ownership remains as 4096
<chovynz> RoyK: I agreed, however I only installed the server 3 days ago
<chovynz> so what would the command be to upgrade php only?
<RoyK> just upgrade everything - apt-get update && apt-get dist-upgrade
<gobbe> chovynz: if you installed it from cd it includes old packages
<chovynz> oh well it is done now anyway
<chovynz> ok, so, I need a little help here. I'm trying to setup my own home mediawiki. I'm logged in remotely. What are the tools I need to make, "making tools"and adminstering mysql, php and other things on my server? I'm used to GUI, so this is new territory for me in Command line.
<chovynz> i.e. I want to make new tables and fields in mysql
<chovynz> how would I go about it in Command line?
<dominicdinada> gobbe: i noticed in my envars files there is alot missing from the envars on the server
<dominicdinada> gobbe: for instance the run, and lock dirs
<dominicdinada> export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
<chovynz> I know reboot-fu!
<chovynz> soon my server-fu will be strong
<SAM___> can someone help me restrict recursive DNS please
<yann2> hello - I am thinking of using lsyncd on a very large folder (maybe 100k subfolders). I understand lsyncd uses inotify, and uses one inotify watch per directory. I understand I would need to edit /proc/sys/fs/inotify/max_user_watches  ? Would it be reasonnable to set if very high - what kind of performance hit should I expect?
<SAM___> can someone help me restrict recursive DNS please
<Fidelix> Hey guys. My server's nameserver resolution is incredibly slow. It's taking 18 seconds!
<SAM___> fidelix have u setup restriced dns?
<SAM___> non recursive
<chovynz> any clues on how to log everything that happens on my server?
<Fidelix> SAM___, what is that?
<gobbe> SAM___: you are repeating your lines everytime, while waiting someone to help it would be nice to use google or browse forums (because for example to this case, there is howto)
<hallyn> SpamapS: i gather based on other examples that if i source a file in a pre-start script section of an upstart job, that any environment taken from that will remain when actually starting the job?
<SpamapS> hallyn: should yes
<SpamapS> hallyn: note that this is frowned upon because it slows the boot
<hallyn> SpamapS: perhaps then it would be worth installing /etc/default/libvirt-bin.disabled with the package, so that '[-r /etc/default/libvirt-bin && . /etc/default/libvirt-bin ] goes faster in the common case
<hallyn> But I'm leaving that to someone else
<SpamapS> hallyn: just the stat is slow
<SpamapS> hallyn: for libvirt-bin , you have to do it
<SpamapS> hallyn: actually,  you shouldn't be adding *new* default files
<SpamapS> hallyn: but if an upstart job was converted from an init.d script, you need to keep sourcing the file to pick up config changes.
<SpamapS> hallyn: I had this discussion w/ slangasek yesterday.. there needs to be a clear policy about this.
<dominicdinada> SpamapS: ugh quick dumb question
<hallyn> SpamapS: yes, and we don't care about a 'slow' stat when starting libvirt-bin.  it won't slow down other things
<SpamapS> hallyn: the issue is trying to keep the hard disk head from flying around the disk statting files.
<dominicdinada> Pici: ok no permissions on files, or the www-data user but i gave ownership of a few files to www-data and now it will run but i never changed the primary user / editor user settings from running files
<SpamapS> hallyn: one idea is to have a postinst helper that will convert values in /etc/default files into env's in the upstart job file.
<hallyn> SpamapS: another idea is to define a nice event that says 'now boot-uncrucial services can start'
<hallyn> SpamapS: waht i don't like about your idea is that it makes us all the more different from other distros
<SpamapS> hallyn: that is defined, its 'runlevel 2'
<SpamapS> hallyn: /etc/default files are deprecated .. so we're already more different.
<hallyn> SpamapS: ok, libvirt-bin starts on runlevel 2.
<hallyn> dude.  depracated in favor of what, custom upstart jobs?
<hallyn> that's going to kill us in awhile with upgrades
<SpamapS> right, hence the idea that we would deprecate the config file by sucking it into the upstart job
<SpamapS> The feeling is that upstart jobs are simple enough that merging won't be a problem.
<hallyn> hold on a sec, i need to find a quotes file to paste that into
<SpamapS> Haha yeah I don't exactly agree with it.
<SpamapS> Some of them are extremely complex
<hallyn> anyway, i'd have the fix for the libvirt one proposed by now but bzr co is taking FOREVER
<SpamapS> the other thought is the override files will be a good place for this, but thats vapor ware until its finished.
<SpamapS> bzr co ? I always use bzr branch
<hallyn> i thought the only difference was one stayed bound
<SpamapS> dunno
<robbiew> smoser: so do we want the aws guys opening bugs for issues they have?
<robbiew> seems like it would make more sense in terms of working the issue
<smoser> yeah.  ben and one of the other guys have launchpad ids
<RoAkSoAx> kirkland: howdy! one quick powernap doubt. The script to reduce the frequency should default to "performance" when in full power (instead of "ondemand"), or should we keep it as is?
<RoAkSoAx> kirkland: cause to really make useof the script it would have to be a combination of performance/powersave, though the user could manually edit the script to define that
<soren> SpamapS, hallyn: Yes, the difference between co and branch is whether or not it's bound or not afterwards.
<SpamapS> soren: bound to what?
<soren> SpamapS: The place from whence you checked it out.
<soren> SpamapS: Basically, before you commit, it makes sure that you're up-to-date with the remote branch, and your commit gets pushed to the remove immediately, too.
<SpamapS> AH
<SpamapS> so its centralized vs. distributed with co
<soren> Yeah.
<SpamapS> boooo ;)
<SpamapS> no wonder I was confusing Daviey
<SpamapS> with my merge's in my pushes
<kirkland> RoAkSoAx: i think powernap should record the cpu governor state before changing it
<kirkland> RoAkSoAx: and then set it back to whatever it was before
<kirkland> RoAkSoAx: so that if someone choose to pin their cpu on any one of performance|ondemand|powersave|conservative
<kirkland> RoAkSoAx: and we force it to powersave
<kirkland> RoAkSoAx: when powernap puts the machine asleep
<soren> SpamapS: Sorry, my explanation wasn't entirely technically accurate. On commit, it gets pushed to the remote first, actually. Only if that succeeds does you commit get applied locally.
<RoAkSoAx> kirkland: ok, I was thinking of that too. Where should we record it though?
<kirkland> RoAkSoAx: when we wake it up, we should set it to whatever it was before
<kirkland> RoAkSoAx: hmmm
<kirkland> RoAkSoAx: let me check the FHS
<soren> SpamapS: So you can't commit stuff that ends up not being pushable.
<kirkland> RoAkSoAx: but i'm thinking /var/lib/powernap or /var/tmp/powernap
<kirkland> RoAkSoAx: /var/run/powernap
<RoAkSoAx> kirkland: if we change the governor, and we reboot, the changes are kept, or are they rolled back to original?
<SpamapS> soren: Cool. I just never saw bzr as a centralized system, even though I know its useful for that too. :)
<kirkland> RoAkSoAx: well ... /var/run is cleared on boot
<kirkland> RoAkSoAx: /var/lib and /var/tmp are not
<kirkland> RoAkSoAx: i'm thinking that's not a setting that one would expect to persist across boots
<soren> SpamapS: It's useful in a couple of cases.
<SpamapS> Haha, I just noticed this.. mysql supports the ultimate hippie language..
<SpamapS> 0000000000539e20 g    DO .data	00000000000000b0  Base        my_charset_utf32_esperanto_uca_ci
<kirkland> RoAkSoAx: so i think it's safe in /var/run/powernap/cpu_governor.saved
<RoAkSoAx> kirkland: gonna try that now. If it persists then, I'll save it in /var/lib, if it doesn not persist, then /var/run should be enough
<SpamapS> soren: the best example for usefulness I can think of off the top of my head is what we were doing at the recent sprint/rally .. 3 people all working on a branch feverishly.
<soren> SpamapS: One is the case where people are used to this workflow and want an easy migration path to bzr.. But really, I think most people use it to avoid the case where they pull, fix up conflicts or whatnot, commit, and find someone else committed in the mean time.
<soren> SpamapS: ...and then have to uncommit and fix or merge and push.
<soren> SpamapS: Yes, that's exactly the sort of case, where it's useful. Lots of time can be saved. I used to do it for our Eucalyptus packaging branch.
<kirkland> RoAkSoAx: cool
<hallyn> jdstrand: do you have an opinion on bug 708172?
<uvirtbot> Launchpad bug 708172 in libvirt "service libvirt-bin start does not set KRB5_KTNAME as required" [Medium,Triaged] https://launchpad.net/bugs/708172
 * hallyn biab
<hallyn> kirkland: ^ you wrote the upstart job and your comment implies you really wanted it like that, so please feel free to comment the bug nacking the fix (and marking  bug as invalid/won'tfix :)
<dominicdinada> finally got it !!!!!
<kirkland> hallyn: looking ....
<SpamapS> hallyn: good to know that lucid does in fact install the upstart job.. so it only breaks hardy -> lucid then
<SpamapS> hallyn: I don't think a comment in an upstart job is enough of a warning though. :p
<hallyn> SpamapS: but it's not up to libvirt to give the loud warning, then
<kirkland> hallyn: looking at http://bazaar.launchpad.net/~serge-hallyn/ubuntu/natty/libvirt/upstart-include-default/revision/112 ...
<jdstrand> hallyn: for lucid it feels like you should update the upstart job
<hallyn> so if we feel that, systemically, we don't want to include /etc/default, then it is wrong-headed to demand packages warn about it
<jdstrand> hallyn: however for natty that should probably be handled better-- ie with /etc/default/libvirt-bin removed
<hallyn> jdstrand: that makes sense.  and maverick, same as lucid?
<uvirtbot> New bug: #635188 in cloud-init (main) "installing cloud-init on a non-ec2/UEC server results in a 20 minute boot wait" [Low,Fix released] https://launchpad.net/bugs/635188
<jdstrand> hallyn: ideally, yes
<kirkland> SpamapS: okay, update me on upstart-ness ... what's the current recommendation on /etc/default/* settings?
<hallyn> all right, thanks.  so first i'll push natty fix removing the /etc/default file.  Then when that's fix releases i'll sru a fix to include the /etc/default file.  but...  does that mean that upgrade of libvirt in natty has to warn about existing /etc/default file?
<hallyn> cause that gets ugly
<kirkland> SpamapS: hallyn: fwiw, when I added that comment about "just update the exec line here", I copied that verbatim from the /etc/init/ssh.conf upstart script
<hallyn> kirkland: ah :)
<jdstrand> kirkland: SpamapS may know better these days, but I can say that upstart is suppose to not use things in /etc/default
<kirkland> SpamapS: hallyn: and I did that following cjwatson and Keybuk's lead
<jdstrand> kirkland: rather, it was originally intended that way
<SpamapS> kirkland: the recommendation is that they will slow down the boot a bit by busying the disk system.. and so they should be avoided. However they're clearly necessary.
<hallyn> ok, having started up the discussion, i'm afraid now i need to leave for a bit in the middle of it.  biab.  will catch up
<SpamapS> kirkland: you did the right thing.. there is no consensus.
<kirkland> i think hallyn just farted in the elevator, and then exited
<SpamapS> The reality is that we should have put something in Lucid's release notes, but did not... so we are breaking all kinds of things on upgrade.
<jdstrand> well, the reason why they were created was because of dpkg's conffile handling and that sysv initscripts are conffiles, and that sysv initscripts could get out of hand quickly
<jdstrand> upstart is *supposed* to simply that so you don't need extra configuration outside of the job
<jdstrand> of course, the job is still a conffile
<jdstrand> I maintain a package with an upstart job and something in /etc/default, so take all that with a grain of salt :)
<jdstrand> s/simply/simplify/
<kirkland> okay, well, i'm thoroughly convinced that we have no idea what we want to do with this :-)
<SpamapS> jdstrand: I actually think the right thing to do is to convert these /etc/default's into env lines in the new upstart job.. and use the same vars in the same places.
<SpamapS> But that breaks w/ debian policy which says not to touch conffiles in maintainer scripts. :-/
<jdstrand> SpamapS: yes, that is what I hope will happen with libvirt
<SpamapS> And if we're going to do that, we really should provide a debhelper tool so people don't have to reinvent it every time.
<jdstrand> SpamapS: well, putting them in there and adjusting via maintainer scripts are two different things :)
<jdstrand> but, I would argue that if people are messing with it that much then perhaps it shouldn't be a conffile at all
<SpamapS> jdstrand: we can only put the defaults in there during the package conversion. On installation, we should respect the values in the existing config file. I believe actually thats allowed by the debian policy .. if an existing conffile is already modified, we can carry that forward.
<jdstrand> (ie, there is no sane default-- one of the criteria for making it a conffile)
<SpamapS> anyway, I also seem to have caught whiff of hallyn's emission and will need to carry on w/ this later too
<jdstrand> it will be a tricky upgrade path, surely
<kirkland> jdstrand: SpamapS: hallyn: should we discuss this further, perhaps in a meeting or something?
<kirkland> i suspect we need to get a policy in place around this
<kirkland> i personally have been very conflicted about what to do with this
<jdstrand> it is difficult because we start with Debian's packaging
<kirkland> i don't really like the smartass comment in line in the upstart job (edit the exec line here)
<kirkland> but that's the only route i was given at the time
<jdstrand> it is a viable route
<jdstrand> especially for an LTS
<jdstrand> tbh, and this may be sacrilege, I wonder a bit why libvirt really needs an upstart job
<jdstrand> *shrug*
<kirkland> jdstrand: you mean, you think it would be better as an init script?
<jdstrand> kirkland: I mean the benefits of having libvirt upstartified are not clear to me
<kirkland> Inquisitor!  Inquisitor!  Please draw and quarter jdstrand immediately!!!!
<kirkland> :-)
<jdstrand> heh
<jdstrand> some things clearly benefit-- eg you want it to start as early as possible or before networking, etc, etc
<kirkland> jdstrand: so if the only reason some people are opposed to sourcing those default files is boot speed, then i'm not convinced at all that that's a good reason for server upstart jobs
<jdstrand> sysv initscripts not being supported is certainly a good reason
<jdstrand> kirkland: no, that isn't a good reason imho
<kirkland> jdstrand: agreed
<jdstrand> not for libvirt
<jdstrand> and libvirt can start as late as you want in the boot process too...
<jdstrand> who cares?
<kirkland> jdstrand: and personally, i think we should give people a way to add daemon options by editing a configuration file, without causing dpkg conflicts in a conffile
<kirkland> ie, editing upstart jobs directly
<jdstrand> kirkland: I tend to agree. and that is exactly why ufw does that
<kirkland> jdstrand: that goes for libvirt, sshd, and others
<jdstrand> (though, ufw does it a bit differently)
<jdstrand> sshd possibly could be argued for
<jdstrand> since it is so ubiquitous, but, ehh
<jdstrand> still, ufw is in more Ubuntu installs than sshd, and it sources something from /etc/default
<kirkland> jdstrand: you rebel
<kirkland> jdstrand: SpamapS: hallyn: i think we should bring a proposal to ubuntu-devel@ and ubuntu-server@ mailing lists
<kirkland> jdstrand: SpamapS: hallyn: asking for a policy to be agreed upon
<b0ot> I have been searching everywhere for something that can do this: I need a media server that can take a variety of inputs (live video cameras, rtp/rtsp streams, and video files), archive the live video feeds to disk, while also providing a variety of outputs (multicast rtp video feeds for the live streams, and rtp/rtsp video feeds for the archived video/other video files) I also want the ability to do transcoding as the bandwidth in some parts of my networ
<b0ot> k is quite limited, (1.2 Mbs) while in other parts is around 80 Mbs. So I need to be able to transcode easily. And I would like a multi user web based system to control when you would want a stream etc.
<b0ot> Any suggestions?
<jdstrand> kirkland: I'm not sure what policy would be in place. it seems sort of an individual choice. It does tend to make some sense to have an /etc/default/foo for server items that won't adversely affect boot performance
<jdstrand> but let's see what the other guys have to say
<JFo> kirkland, did you happen to have any bugs (that we hadn't yet discussed) for the kernel team list?
<kirkland> JFo: hmm
<kirkland> JFo: not that i know of?
<JFo> ok, just ping me if you should encounter any :-)
<JFo> thanks bro
<kirkland> RoAkSoAx: okay, i'm testing powernap now
<RoAkSoAx> kirkland: cool :). Will finish the script in a bit too
<kirkland> RoAkSoAx: wow
<kirkland> RoAkSoAx: this is awesome!
<RoAkSoAx> kirkland: I assume that it is working great :)
<kirkland> RoAkSoAx: wol7 monitor -> working great
<Fidelix> Hey guys. My server's nameserver resolution is incredibly slow. It's taking 18 seconds!
<RoAkSoAx> kirkland: cool!! I think we should make powerwake support port 9 too!
<kirkland> RoAkSoAx: wol9 monitor -> working great
<kirkland> RoAkSoAx: ptmx monitor -> working great :-)
<RoAkSoAx> kirkland: :)
<kirkland> RoAkSoAx: dude, we are cooking
<kirkland> RoAkSoAx: powernap is finally getting to what i've always wanted it to be :-)
<kirkland> RoAkSoAx: you da man
<RoAkSoAx> kirkland: I'm glad you like it!! it is indeed pretty cool!
<kirkland> RoAkSoAx: i'm releasing this as is now
<kirkland> RoAkSoAx: keep on trucking, but i'm ready to see this in natty!
<RoAkSoAx> kirkland: cool!!
<Brdavs> !
<Brdavs> lxc seriously stinls
<Brdavs> stinks
<hallyn> pooh pooh
<binaryhat> when i do 'sudo restart nmbd
<binaryhat> ' i get sudo restart nmbd
<binaryhat> crap
<binaryhat> restart: Job failed to start
<Brdavs> whad did you expect to get?
<Brdavs> ah
<binaryhat> to start
<binaryhat> so why no nmbd?
<Brdavs> if anyone is interested - I have narrowed down 3 packages that screwe up 10.4 lxc container when upgraded
<Brdavs> is nmbd upstream? Can you do "restart smbd" when you are logged in as root?
<yann2> binaryhat, logs?
<hallyn> Brdavs: which packages? If you use the newest lxc from my ppa, i would hope those would be innocuous now.
<binaryhat> my share is accessible by ip but not name yann2
<hallyn> (but, drat, can't really chat right now, sorry)
<Brdavs> hallyn: Well, I use 10.10 stock lxc.
<binaryhat> yann2, it was accessible b4 i rebooted
<Brdavs> And lxc-ubuntu script seems to work, but when I apt-get upgrade
<binaryhat> anyone
<Brdavs> hallyn: The packages udev, mountall and ifupdown break lxc container
<Brdavs> binaryhat: can you "restart nmbd" when you are loggged in as root
<binaryhat> Nope
<Brdavs> well, then it's not an upstream job.
<binaryhat> start: Job failed to start
<Brdavs> binaryhat: do this
<Brdavs> sudo /etc/init.d/nmbd restart
<RoAkSoAx> ki/win 2
<RoAkSoAx> jeeeeeeeeeez again for the 10000000000000 time
<binaryhat> Brdavs, ather than invoking init scripts through /etc/init.d, use the service(8)
<binaryhat> utility, e.g. service nmbd restart
<binaryhat> Since the script you are attempting to invoke has been converted to an
<binaryhat> Upstart job, you may also use the restart(8) utility, e.g. restart nmbd
<binaryhat> sudo service nmbd restart fails too
<Brdavs> binaryhat: well, then it might be misconfigured or something...
<binaryhat> what is?
<Brdavs> binaryhat: nmbd daemon
<Brdavs> binaryhat: is it perhaps running, have you started it
<binaryhat> suggestions for fixing it?
<Brdavs> binaryhat: Have you started it "by hand"
<binaryhat> Brdavs, its not running in ps ax
<Brdavs> How about "netstat -na"
<Brdavs> or netstat -na | grep nmbd
<binaryhat> nothing
<Brdavs> binaryhat: I am at aloss now
<Brdavs> try to run it by hand
<Brdavs> see if it complains
<binaryhat> syntax?
<binaryhat> syntax? Brdavs
<Brdavs> /usr/sbin/nmbd
<Brdavs> Had to look it up on one of my servers
<binaryhat> weird
<binaryhat> that worked
<binaryhat> so the job is messed up??
<Brdavs> binaryhat: Did you play with any init scripts? Seems like somethin's fishy there
<binaryhat> Brdavs, never touch it
<SpamapS> kirkland: re "i think we should give people a way to add daemon options by editing a configuration file, without causing dpkg conflicts in a conffile" ... upstream agrees, and that feature may land in natty
<SpamapS> jdstrand: ^^
<SpamapS> hallyn: ^^
<Brdavs> binaryhat: wierd then
<jdstrand> cool
<binaryhat> Brdavs, should i fpaste  /etc/init.d/nmbd ?
<kirkland> SpamapS: sweet
<Brdavs> binaryhat: what's fpasting
<binaryhat> err pastebin
<SpamapS> kirkland: there's also a way to do it now without violating either principle, but its a bit hacky. :)
<SpamapS> kirkland: basically you'd just export it in rc's starting event
<SpamapS> ala BSD style init.. /etc/rc.conf
<binaryhat> Brdavs, pastebin
 * RoAkSoAx keen to breaking my system today!! Upgrading to natty in my main laptop (finally)
<SpamapS> RoAkSoAx: ^5, welcome to QA :)
<RoAkSoAx> SpamapS: hehe i usually upgrade after alpha2 but with unity I guess things will be worse
<binaryhat> Brdavs, in nmbd.conf i have 'start on (local-filesystems and net-device-up IFACE!=lo)'
<Brdavs> binaryhat: sorry... kinda buissy here with my LXC anomalies.
<Brdavs> Ubuntu server is going nowhere fast.
<binaryhat> Brdavs, http://www.mail-archive.com/ubuntu-server-bugs@lists.ubuntu.com/msg34900.html
<RoAkSoAx> SpamapS: anything broken that I should be aware of before hitting the button?
<SpamapS> RoAkSoAx: I have not updated since word of an X upgrade hit 3 days ago
<SpamapS> RoAkSoAx: but that may be resolved by now, not sure
<RoAkSoAx> SpamapS: uhmmmmmm yeah maybe or maybenot... I'm gonna try in another laptop then lol!!
#ubuntu-server 2011-01-28
<hggdh> folks, quick Q -- what would you like to be tested on Hardy/Dapper/etc re. server?
<SpamapS> hggdh: upgrades to lucid :)
<hggdh> SpamapS: now that's unfair ;-)
 * hggdh carefully agrees, though
<SpamapS> You talking about SRU stuff or just in general?
<twb> I think what I want most is for you to not break them
<hallyn> Brdavs: yeah, the good news is natty should fix those
<hggdh> SpamapS: SRU, both server packages and kernel
<Brdavs> hallyn: hahaha...
<Brdavs> hallyn: natty, orphan, prancing etc... They might as well be replaced by freebsd by then.
<Brdavs> Jails - i hear - work.
<Brdavs> Anyway... take care, buys...
<Brdavs> guys I mean
<Brdavs> bye!
<RichW> Please can someone help me with my IPv6 Networking problem, I have a thread at http://ubuntuforums.org/showthread.php?t=1676715 but nobody has replied and I have provided a detailed explanation.
<RichW> I am really stuck.
<Bilge> My server just rebooted twice unexpectedly
<Bilge> In the syslog I see
<ascheel> question about Ubuntu server 10.10.  Fresh installation, it's only Ubuntu Server meaning it's only booting to a CLI anyhow, but the video is not displaying.  It worked just fine during the entire installation of server, but the video is not working at all right now.  Anybody know what I can try to modify to get it to recognize this video adapter/
<ascheel> Related, the screen blacks out also during part of the Ubuntu Desktop installation.  it displays the initial splash screen, you can see it flicker like it's changing video modes to the next step, but then VGA signal is lost.
<sushi_> Amigos. Is this an ideal sources.list for Ubuntu LTS server http://www.usefuljaja.com/assets/2007/4/19/sources.list.txt
<sushi_> Or should I just leave the sources.list to what I got be default.
<ascheel> dapper isn't LTS anymore
<ascheel> 10.04 is LTS
<niles> sushi_: leave it alone
<sushi_> ascheel: Thanks. This dude consfused me http://www.usefuljaja.com/2007/4/ubuntu-setup-page-2
<niles> it shoule be fine
<sushi_> niles: Yeah. IT's fine already. Just wanted second opinion
<niles> kk
<uvirtbot> New bug: #709000 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/709000
<niles> postinst probally didnt start with #!/bin/sh
<niles> dpkg can be a real pain sometimes, it always screws up my repository
<kirkland> RoAkSoAx: hmm
<kirkland> RoAkSoAx: i'm getting: PowerNap will take the following action in [6] seconds: [/usr/sbin/powernap]
<kirkland> To cancel this operation, press any key in any terminal
<kirkland> RoAkSoAx: but it's never taking the action (powersave)
<ascheel> I've got a working install of server 10.10 running off of a CF card so I can use all 4 SATA ports as an array using adm.  Obviously it's a bit slow.  To speed it up, I want to move directories that get written to the most moved off to the array.  The largest part of that is apt-get.  Where does aptitude download the .deb files prior to dpkg when using apt-get?
<shauno> ascheel: /var/cache/apt/
<ascheel> shauno thank you very much
<ehnde> how can i identify which network card is eth0, eth1, eth2?
<ehnde> i have my nics plugged into a patch panel
<ehnde> i want to label the ports on the patch panel
<ehnde> i've found no correlating information between lspci and ifconfig
<twister004> hi guys... im writing a script to copy a folder to a location,  zip the  folder and then move it to some other location.. can i write these commands in sequence and will they work without any issue?... im doing this on my ubuntu-server 8.04
<twister004> basically, I want the copy command to complete... and only then should the compression start.. and then the move
<shauno> twister004: the usual way to do that is with '&&'.  chain each command together eg copy /that/file here && gzip file && mv file.gz /somewhereelse/.
<shauno> if any step fails, the chain breaks and the next step(s) don't run.
<twb> Or set -e
<shauno> (if failure is okay, you can use ; instead)
<twb> See also #bash
<twister004> shauno.. gr8!
<twister004> ill use &&
<twister004> shauno.. do u suggest i use gzip or bzip2?
<shauno> I've no real preference between them really.  as long as I know bzip2 is going to be available at the destination too.
<SpamapS> twister004: gzip is faster, bzip2 is more tolerant of corruption.
<SpamapS> and achieves a bit higher compression ratios on certain types of data (like source code :)
 * SpamapS would love to resurrect his multi-threaded bzip2 compressor project.. :-P
<fakhir> hello. ubuntu server 10.10. i have "@reboot /root/firewall.sh > /dev/null 2>&1" in crontab. the script works fine but does not run at boot.
<gobbe> if you want run script in boot crontab is not correct place, you place your script to init
<fakhir> gobbe, ok thanks
<jetole> Hey guys. Does anyone know how I can do a automatic do-release-upgrade without being prompted to answer any questions?
<twister004> hi guys... I'm "tar'ring a linux directory.. but the tar file is 0KB is size
<twister004> not sure what's going on
<twister004> im checking the size as the tar command is being executed.. the tar file size doesn't increase.. it's 0KB
<twister004> please advise here
<twister004> the command im running is " tar -cf folder_`date "+%Y-%m-%d_%H-%M"`.tar /mnt/images"
<reisi> has anyone ever had luck turning a kubuntu-desktop install into "headless" (by removing kubuntu-desktop metapackage)?
 * twb encourages date --rfc-3339=seconds
<twb> twister004: is /mnt/images a symlink?
<KristianDK> Hello! Is there any way to use an interval in cron jobs? Like 8-21, or do i have to make a commalist like 8,9,10 .. 21?
<twb> KristianDK: you can say "every Nth" -- */10
<twb> For something like "9 AM to 5PM", I usually see scripts that run every hour, and the script will start by checking the current time and exiting if it's outside that window
<KristianDK> twb, thats what i do now, but there is absolutely no reason to run it, while our company is closed ;)
<twb> Shrug.
<KristianDK> but i guess i could use your solution as well, scriptside
<shauno> KristianDK: 8-21 should work just fine
<KristianDK> shauno, great, thanks :)
<uvirtbot> New bug: #709071 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/709071
<lau> chmod issue on usb stick ext4 ,
<lau> /dev/sdb1 on /mnt/flash type ext4 (rw)
<lau> -rw-r--r-- 1 lau lau 32505856 2011-01-28 10:30 disk-crypt.img
<lau> chmod u+x disk-crypt.img
<lau> ls -lsa returns the same
<lau> -rw-r--r-- 1 lau lau 32505856 2011-01-28 10:30 disk-crypt.img
<lau> fixed !
<iclebyte> is there a release date for the next LTS edition?
<iclebyte> 2012
<twb> iclebyte: just so
<twb> iclebyte: Ubuntu release schedule is every six months, of which every fourth release is an LTS
<iclebyte> cool thanks.
<iclebyte> just trying to assertain if it's worth jumping from 8.04 to 10.04
<iclebyte> i'm leaning towards yes
<twb> NEVER upgrade unless you NEED a feature/bugfix/security patch that you KNOW the new version will provide.
<iclebyte> has any one experienced trouble with software RAID 1 on 10.04?
<Ken> Hi all. I have two locations, one with three computers another with seven. The location with seven has a "file sever*" for sharing files between all of the Windows XP machines. (*It's actually just a Windows XP with a shared network drive. Don't ask.) I'm trying to encourage the migration to Linux Server and one of the winning points would be if we could set it up so we have remote access to the same folders over the in
<iclebyte> it just wont boot. gives me the grub error no such disk. if i run the rescue cd, mount md1 then reboot it starts up fine. as soon as i power off the machine and do a cold boot it fails. I suspect it's something to do with LVM's uid's changing so I updated /etc/fstab to reflect /dev/md1 and /dev/md0 instead of the UID's however I still get the same issue. should I update grub.conf to point to /dev/md0 and /dev/md1 also?
<iclebyte> Ken, you can use a VPN to achieve what you want.
<iclebyte> look at openvpn
<Ken> iclebyte: Thanks for the confirmation. I really appreciate the help.
<iclebyte> most welcome.
<iclebyte> Ken, i've also found cost to be a pretty good one to convince management to move to linux for servers
<Ken> Iclebyte: I've expressed that it's free and the reasons why but they were very much "Oh, but free stuff must be insecure"
<Ken> I've had that debate with them too. I think the winner would be to show them it in action.
<Ken> Thanks again for the assistance.
<uvirtbot> New bug: #709186 in mysql-5.1 (main) "Error installing MySQL Server 5.1 on Ubuntu 10.10" [Undecided,New] https://launchpad.net/bugs/709186
<uvirtbot> New bug: #709188 in samba (main) "Samba in Lucid upgrade killed Envelope Feeder on HP LJ4000 printer" [Undecided,New] https://launchpad.net/bugs/709188
<uvirtbot> New bug: #709194 in vsftpd (main) "package vsftpd 2.2.2-3ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/709194
<aliverius> i am doing a frish install on a disk with raid and gtp
<aliverius> with the boot bios partition
<aliverius> it goes fine
<aliverius> i enter the os for the 1st time and i do, what else, an update with apt
<aliverius> the system wont boot afterwards
<aliverius> it reboot indefinitely
<aliverius> i have reinstalled the OS many times and it always happens
<iclebyte> aliverius, 10.04?
<aliverius> iclebyte: yes
<aliverius> 10.04.1
<aliverius> is it a known bug?
<iclebyte> aliverius, I'm having exactly the same issue
<iclebyte> out of interest did you previously have a raid1 software array on those disks?
<aliverius> yes
<iclebyte> welcome to the club
<iclebyte> what i thought strange was that the installer didnt sync the disks
<aliverius> hehe, if it is a global problem there is more hope for a solution
<aliverius> i am not experienced with raid 1
<iclebyte> i know this because under gentoo when i built my array it took over 2 hours to sync 1tb
<aliverius> it makes sense
<iclebyte> i've been working on this all morning with no avail
<iclebyte> what im trying right now is destroying everything on the disks then building it from scratch
<iclebyte> i'm about half way through..
<JenniferB2> hi folks.. I have installed a minimum version of ubuntu server ... and I would like to now install a minimum version of the gnome desktop on it.. without all the extra crap .. any tips on how I can do this ?
<iclebyte> JenniferB2, do you actually want the gnome-desktop or just the ability to run gnome apps?
<JenniferB2> i want the gnome user interface.. it's not going to be a server, but is my laptop
<JenniferB2> the ubuntu desktop edition includes lots of software and an altered gnome desktop
<JenniferB2> I want the core gnome without all that fluff.. a minimal version..
<uvirtbot> New bug: #709012 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/709012
<RoAkSoAx> morning all
<SpamapS> RoAkSoAx: once again I am up too early. g'morning
<zul> SpamapS: hah
<izinucs> I think I just backed up my mysql database using mysqldump -u USER -pPASS --single-transaction -Q --databases foo bar .. looked like it went smoothly.. but where does it put the file(s)?  or am I missreading the command and at the end have two database names.. the secondary being the backup with path location?
<SpamapS> izinucs: it spits the backup out to stdout as SQL and DDL
<izinucs> SpamapS: I'm pretty novice with mysql.. what I would like to to is backup my joomla database on my home server and reuse it on some commercial space I bought.  Can you help with a link/method?
<SpamapS> izinucs: so when you run that mysqldump, you need to add on the end   > backupfile.sql
<SpamapS> izinucs: then just transfer that backup file to your server and import it with   mysql -uUSER -pPASS < backupfile.sql
<izinucs> SpamapS: seems almost too easy :) .. thanks
<diabolicalone> Question about the lamp package installed. I just reinstalled the package via Tasksel, I had been using the lamp package via tasksel that i installed long ago. However this time upon install extensions such as Curl, were not included I do understand they are different versions but why are they not included this time around, Secondly where do you got the curl extensions and the missing others
<gobbe> what is curl extension?
<diabolicalone> I mean it is not an older version that i just installed, Secondly it is not deperciated, and not marked unsafe
<diabolicalone> http://us2.php.net/manual/en/intro.curl.php
<RoAkSoAx> SpamapS: morning!! I just hope you sleeping well my friend >P
<diabolicalone> prior to this came all rolled into one now such functions as header redirects and curl and such other things fail
<RoAkSoAx> zul: howdy!! So I'm still waiting for upstream to release new cluster-agents. The fixes for bashisms plus lots of other fixes to those RA's are in the new upstream. so it is either wait a bit more, or patch the files completely, ideas?
<zul> wait a bit more
<SpamapS> izinucs: you should note that if you are using MyISAM tables, and your database was being written to in any way while you run mysqldump, the backup may not be complete
<pmatulis> does anyone have an opinion on the 'proxmox ve' kvm/libvirt environment?
<RoAkSoAx> zul: ok :)
<zul> RoAkSoAx: i rather have more bugs fixed than one little bashim but we know about
<izinucs> SpamapS: how do I tell what type of tables are being used?
<RoAkSoAx> zul: indeed!
<SpamapS> izinucs: you can look in INFORMATION_SCHEMA or just 'show create table X'
<SpamapS> izinucs: select engine,count(*) from INFORMATION_SCHEMA.TABLES group by engine;
 * SpamapS just noticed that one of his wordpresses is on MyISAM.. doh
<SpamapS> no wonder its so fast.. hopefully it never crashes. :)
<izinucs> SpamapS: thanks again for the help.
<hallyn> SpamapS: can you comment in bug 708172 about the proposed upstream solution?
<uvirtbot> Launchpad bug 708172 in libvirt "service libvirt-bin start does not set KRB5_KTNAME as required" [Medium,Triaged] https://launchpad.net/bugs/708172
<hallyn> SpamapS: kirkland: I'll send an email to ubuntu-server+devel, but want to look up what upstream is doing in more detail first.
<RoAkSoAx> kirkland: howdy!! What do you mean powernap does not take the action?
<diabolicalone> what is the phpmyadmin "Like" package for PGSql ? I forget the name of it :(
<diabolicalone> phppgmyadmin right ?
<SpamapS> hallyn: I was going to bring it up today when we're all here.. I agree w/ kirkland that this should go to ubuntu-devel and ubuntu-server (and probably upstart-devel)
<hallyn> SpamapS: ok, do you want to send the intro email?
<hallyn> SpamapS: what was it you said upstream was proposing as a solution?
<hallyn> i just want to read up a bit
<SpamapS> hallyn: upstream is actively working on providing override files
<SpamapS> hallyn: so /etc/init/libvirt.override
<SpamapS> or libvirt-bin
<SpamapS> hallyn: these would never be conffiles
<SpamapS> hallyn: so if /etc/init/libvirt-bin.conf had   env LIBVIRT_BIN_ARGS="-d" .. and the ovveride had env LIBVIRT_BIN_ARGS="-d --foo" .. the args are overriden to be -d --foo
<zul> Daviey: ping
<aliverius> <iclebyte> i'm about half way through..
<aliverius> do you seem to have some success? ^^
<hallyn> SpamapS: and how do those files avoid the overhead of a stat?
<SpamapS> hallyn: they are loaded all at once at boot time
<SpamapS> hallyn: ureadahead is told to pre-cache /etc/init
<SpamapS> hallyn: or maybe not actually.. but the point is to avoid *random* IO
<hallyn> got it
 * SpamapS afk
<Daviey> zul, o/
<zul> Daviey: so im looking at the axis2c bug and apparently axis2c builds how does that mess with eucalyptus?
<Daviey> ooo
<Daviey> it now builds?
<Daviey> awesome
<Daviey> that is fine for euca
<Daviey> it was working before, just wouldn't rebuild
<zul> so upload dokos version?
<zul> Daviey SpamapS: on another note im going to prune the source in the cobbler bzr tree
<RoAkSoAx> So does anyone have any idea of what am I doing wrong with the packaging that when I'm purging a package it shows: "dpkg: warning: while removing powernap-common, directory '/usr/lib/python2.6/dist-packages/powernap' not empty so not removed." (I'm using python-central)
<SpamapS> zul: prune it back to the setup.py dist level?
<zul> SpamapS: yep
<zul> SpamapS: so it would acutally build in a nightly
<izinucs> SpamapS: one more question if you're around.. when using 'mysql -uUSER -pPASS < backupfile.sql'  how do I designate a specific database?
<apw> kirkland, about ?
<kirkland> apw: yo
<apw> about this long filenamy thing for ecryptfs
<apw> it seems to me that the changes are going to be pretty big, and
<apw> if upstream don't expedite them we are unlikely to have working support
<apw> for natty ...
<apw> now as this is not a regression, but it does cause issues
<apw> we might want to be in a position to disable it by default in new installs
<apw> i was thinking of bringing this up for discussion at the release meeting ... what do you think
<kirkland> apw: hmm
<apw> my position is approximatly that we should prepare for the possibility that we want to turn it off
<apw> and decide at A3
<kirkland> apw: so what do you need from upstream?  commits of jjohansen's stuff to the ecryptfs branch?
<kirkland> apw: once the changes are agreed upon?
<apw> that would pre-supposed that his stuff was a fully featured solution and its not even that yet
<apw> so even if its perfect in say 3 weeks time, thats very close to the wire
<kirkland> apw: yeah, no kidding
<kirkland> apw: so i mean, worst case is that we keep chugging as we are, dropping errno 36
<kirkland> apw: right?
<apw> (as i understand it we cna only have one long name pointing at a file in this solution currently etc)
<jjohansen> no
<apw> right ... so the question is are we ok with the status quo, or should we disable it, if jjohansen's patches arn't ready
<apw> hey jjohansen you're with ius
<jjohansen> just sat down
<apw> whats your feeling on whether they will be production ready by A3 ?
<jjohansen> I think there is a good chance
<Error404NotFound> I have 3 webservers which need a directory to be synced across each other. What would be the best solution here?Host it on an nfs server and share it from there?
<kirkland> apw: if his patches aren't ready, then they just don't make natty, and we keep chugging with long file name failurs
<apw> ok so i am just trying to work out if there is anything needed if that isn't true
<apw> ie there are 3 outcomes working support/status quo/turn off
<apw> and if 1 is not available do we continue with 2 or recommend 3
<apw> kirkland, so you vote 2 i take it, i  am abivalent i guess 2 is easier
<apw> jjohansen, any reaction to your patches from upstream?
<kirkland> apw: i've haven't seen the code so i don't know how easy it would be to "turn off"
<kirkland> apw: i think i understood jjohansen to be working on an option where those could be turned off at mount time
<kirkland> apw: which would be great
<apw> kirkland, i thought it was a mount option or something
<jjohansen> apw: not yet, yes mount time option
<apw> jjohansen, ok so for 3) we need a patch for that as well ... as well as installer changes
<apw> so unless someone is pushing for 3) i am saying nothing :)
<Fidelix> Please help! My server name resolution is REEEEALLY slow, like 15 seconds! What can I do to fix this?
<kirkland> apw: i'm not pushing for 3
<kirkland> apw: but i'm not against 3 either
<apw> kirkland, yeah i think i'll wait for guidance from release before worrying about that
<RoAkSoAx> SpamapS: btw.. IIRC, this kind of warnings are lintian related due to upstart jobs right? "W: powernap: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/powernap"
<kirkland> RoAkSoAx: hmm, what version of lintian are you running?
<kirkland> RoAkSoAx: i just fixed that
<RoAkSoAx> kirkland: maverick :)
<kirkland> 50 lashes with a wet noodle
<RoAkSoAx> kirkland: hehe I was gonna upgrade yesterday but SpamapS convinced me not to >P
<RoAkSoAx> kirkland: btw.. what's the issue you have with powernap not taking the action?? I tested it this morning from archive's in a natty laptop and no issues whatsoever
<kirkland> RoAkSoAx: i don't know yet
<RoAkSoAx> kirkland: ok, this is what it should show when in powersave mode: http://pastebin.ubuntu.com/559541/
<kirkland> RoAkSoAx: hmm, well, i'm not seeing my cpu's go offline
<RoAkSoAx> kirkland: hmmm does tail -f /var/log/pm-powersave.log show's any errors after performing powersave action?
<zul> Daviey: so if you are ok with it il upload the new axis2c today
<zul> Daviey: so after this release meeting you will never hear about it again ;)
<shubbar> how can i test printing from ssh? it seems the default printer is to pdf.
<zul> kirkland: cobbler just has some new power features that im uploading today
<kirkland> zul: okay
<RoAkSoAx> kirkland: roaksoax@shift:~$ tail -f /var/log/powernap.err
<RoAkSoAx> exec: 60: /usr/bin/pm-powersave: not found
<Error404NotFound> I have 3 webservers which need a directory to be synced across each other. What would be the best solution here? Host it on an nfs server and share it?
<zul> SpamapS: have you ever used func?
<SpamapS> zul: please baby, I invented the func
 * SpamapS wants the func
<SpamapS> gotta have that func
<SpamapS> zul: no what is it?
<zul> fedora unified network controller
<maswan> Error404NotFound: Either that, or rsync
<oCean> func is ok
<Error404NotFound> maswan: hmmmm...
<kirkland> RoAkSoAx: it's /usr/sbin/pm-powersave
<kirkland> RoAkSoAx: but yet
<kirkland> exec: 60: /usr/bin/pm-powersave: not found
<RoAkSoAx> kirkland: yeah! Fixed in the branch already :)
<RoAkSoAx> s/branch/trunk
<kirkland> RoAkSoAx: k, i'll test, pull, upload
<geekbri> is there an apt-get of adding a repository as an apt-get source, but have it disabled by default and then specifying on command line when i want it used?  IE simliar to yums --enablerepo=repo
<kirkland> RoAkSoAx: i think we need a config option to disable the wall message
<RoAkSoAx> kirkland: sure
<kirkland> RoAkSoAx: i'm running powernap on my laptop now, with absent=30, grace=5
<kirkland> RoAkSoAx: and i'll just let it sleep and wake up as much as it wants
<kirkland> RoAkSoAx: but i don't want a wall message every time
<RoAkSoAx> kirkland: I'll add an option "WARN" default to "y" which will enable/disable wall messages
<kirkland> RoAkSoAx: cool
<RoAkSoAx> kirkland: I guess that in the future we can add other warning types such as email the administrator or etc etc
<smoser> Daviey, kirkland around ?
<smoser> can one of you please take a look at my debconf config file: http://pastebin.com/xYWHTAe7
<geekbri> if im installing sun's java instead of openjdk, it seems to want to install a milliion other things i have no need for (such as x11-common)  is there a package within partners that will just install the java enviroment and not allt his extra junk?
<kirkland> smoser: yo
<smoser> http://pastebin.com/xYWHTAe7
<kirkland> smoser: looking now
<smoser> ah.
<smoser> forgot i'd typed already
<bcessa> hi there, I'm having problems getting UTF8 characters on my server, I check using: echo $LANG and I get an empty line, in another server where it do works I get this: en_US.UTF-8, any ideas on how/where to configure this on the first server? :O
<EvilPhoenix> maybe this: dpkg-reconfigure locales
<EvilPhoenix> bcessa:  ^
<EvilPhoenix> for the record though, i've never had taht problem on ubuntu servers
<kirkland> smoser: okay, i've digested it
<EvilPhoenix> cept for an openvz image for a VPS
<kirkland> smoser: what's your question(s)?
<bcessa> I'm using in fact a virtual server with openvz
<smoser> does it look sane ?
<smoser> or is it absolutely wrong to try wget/curl in config there.
<kirkland> smoser: well, that part is a little strange
<kirkland> smoser: but i get what you're doing
<kirkland> smoser: having sane timeouts is pretty essential
<bcessa> this may be obvious but I'm guessing a reboot is required after the reconfigure right, I just run it without any problems
<smoser> ok. then i'm going with that.
<smoser> thanks for review
<RoAkSoAx> kirkland: done! WARN option added
<kirkland> RoAkSoAx: sweet ;-)
<kirkland> smoser: sure thing man
<kirkland> RoAkSoAx: i'll pull and test in a few minutes
<RoAkSoAx> kirkland: cool :)
<bcessa> solved, the /etc/default/locale file was missing, thnx a ton
 * RoAkSoAx off to lunch
<Fidelix> Please help! My server name resolution is REEEEALLY slow, like 15 seconds! What can I do to fix this?
<evilsushi> anyone using cacti and snmpv3? I am having trouble getting the user generated
<evilsushi>  snmpwalk -v 3 -n '' -l authPriv -u user -A passw0rd localhost IF-MIB::ifName
<evilsushi> snmpwalk: USM generic error
<phsi> I need to call a script via upstart when the _first_ HDD finished fsck/mounting.
<phsi> Is there a trigger or something? mountall is pretty late
<genii-around> phsi: Perhaps filesystem
<phsi> genii-around: Tried that, seems to be the same as mountall?
<genii-around> hmm. No other idea offahnd then
<SpamapS> argh.. I hate updating ssl certs
<genii-around> phsi: I'm not sure if plymouth still runs up to end of fsck
<JanC> phsi: you might be able to use the "mounted" event for that
<JanC> see mounted(7)
<SpamapS> phsi: curious, whats the use case here?
<phsi> Thanks, that looks pretty good JanC
<phsi> SpamapS: Speeding up boot on a machine that can't use ureadahead. I call preload on started cryptdisks-enabled for now.
<phsi> SpamapS: /home/ is on LUKS but thhe rest isn't, so waiting for mountall is silly.
<SpamapS> phsi: interesting
<phsi> Yeah it did _nothing_ while waiting for the correct passphrase.
<phsi> Since almost everything waits for mountall apparently.
<phsi> Which makes sense :p
<MTecknology> can I force logrotate to run?
<MTecknology> dumb question.. better question.. how?
<phsi> MTecknology: logrotate -f -v /etc/logrotate.d/
<MTecknology> thanks :)
<RoAkSoAx> SpamapS: zul any ideas:
<RoAkSoAx> sudo cobbler check
<RoAkSoAx> httpd does not appear to be running and proxying cobbler
<zul> sudo a2enmod proxy_http
<RoAkSoAx> zul: oh lol was enabling just proxy
<SpamapS> RoAkSoAx: that one has gotten me too
<zul> SpamapS: ill fix it soon
<zul> SpamapS: in theory we can just run it in the postinst
<Roasted> hey there guys
<Roasted> anybody set up a freeradius server before?
<bencer> Roasted: have a look at the radius module of Zentyal, maybe helps http://doc.zentyal.org/en/radius.html
<Roasted> bencer, never heard of zentyal. What is it? A distro?
<bencer> Roasted: a web based configuration tool which runs on top of ubuntu server
<Roasted> bencer, I see. I see something here regarding a subscription though. Is this application free?
<bencer> is gpl
<bencer> packages in universe are a bit old, just add the ppa and install it
<Roasted> bencer, nice. Is its only purpose to be a config tool for freeradius or does it have other uses?
<bencer> https://launchpad.net/~zentyal
<bencer> you can configure many many things
<Roasted> bencer, is this gizmo kind of like ebox?
<bencer> zentyal is the new name of ebox
<Roasted> lol. no kidding??
<bencer> was renamed on september
<bencer> sure
<bencer> :)
<Roasted> I love ebox.
<Roasted> bencer, last question. you specified "ubuntu server" . it can run on ubuntu, right?
<Roasted> cause I'm running the desktop edition in this setup
<bencer> sure
<Roasted> bencer, thank you for your time.
<bencer> installer is based on server flavour installer, but that's it
<bencer> no problem, enjoy
<Roasted> bencer, ehh bit of confusion here.
<Roasted> zentyal is coming down as an ISO...
<RoAkSoAx> zul: are you guys working in cobbler only or also in koan?
<zul> RoAkSoAx: cobbler mostly
<bencer> you can download the installer, or install from ppa: http://trac.zentyal.org/wiki/Document/Documentation/InstallationGuide
<RoAkSoAx> zul: cause just found couple bugs in koan
<RoAkSoAx> zul: related to modules that do not exist in ubuntu
<zul> RoAkSoAx: sure file them away
<RoAkSoAx> zul: one is yum >P
<zul> RoAkSoAx: gah
<RoAkSoAx> zul: http://pastebin.ubuntu.com/559669/
<SpamapS> zul: I don't want to enable the proxy module by default
<SpamapS> zul: I think we could add a reminder in the cobbler check..
<SpamapS> zul: proxy is dangerous ;)
<zul> SpamapS: why is it dangerous?
<zul> RoAkSoAx: yeah koan is still very rh specific
<SpamapS> zul: without checking their configuration, users may accidentally expose their network to abuse w/ proxy
<Tophat> Ive setup exim4 to use gmail to send messages from my server for alerts in Opsview-- any ideas on how to test it to make sure it is able to send an email?
<SpamapS> Tophat: mail someaddress@somewhere.com
<SpamapS> Tophat: then check /var/log/mail.log
<zul> SpamapS: so something like "httpd does not appear to be running and proxying cobbler...did you enable proxy_http"  ?
<SpamapS> zul: "right.. and a clear set of instructions in README.Debian
<RoAkSoAx> has anyone been able to netbook a KVM
<RoAkSoAx> ?
<zul> SpamapS: sounds reasonable to me
<uvirtbot> New bug: #276365 in vm-builder "/var/run/network is not created" [High,Fix released] https://launchpad.net/bugs/276365
<kirkland> RoAkSoAx: around?
<RoAkSoAx> kirkland: yes
<RoAkSoAx> kirkland: what up? :)
<kirkland> RoAkSoAx: skype?
<RoAkSoAx> kirkland:
<RoAkSoAx> kirkland: sure
<Tophat> thank you spamaps
<RoAkSoAx> kirkland:
<RoAkSoAx> lrwxrwxrwx 1 root root  9 2011-01-28 08:38 usb-Primax_Electronics_Dynex_Wireless_Optical_Mouse-event-mouse -> ../event5
<RoAkSoAx> lrwxrwxrwx 1 root root  9 2011-01-28 08:38 usb-Primax_Electronics_Dynex_Wireless_Optical_Mouse-mouse -> ../mouse0
<RoAkSoAx> kirkland: http://pastebin.ubuntu.com/559677/
<uvirtbot> New bug: #709468 in openssh (main) "sshd is not restarted properly on libc6 upgrades" [Undecided,New] https://launchpad.net/bugs/709468
<genii-around> That bug would be unfortunate if it was on a remote box
<Tophat> how can i add a user to mail ?
<Tophat> Cannot open mailbox /var/mail/nagios: Permission denied
<Angryfurby> question i am trying to configure sendmail on ubuntu 10.10 and i am getting a reject on relay
<JFo> Angryfurby, I'd say that was more of a statement :)
<Angryfurby> this is true n00d  of me
<gobbe> !sendmail
<gobbe> there's nice tutorial, wait
<gobbe> https://help.ubuntu.com/10.04/serverguide/C/email-services.html
<Angryfurby> thxs
<Tophat> i have opsview running, and root can use mail, but the nagios user gets a permission denied error.  there is no /var/mail/nagios ..how can i add the user to mail?
<RoAkSoAx> kirkland: yeah /dev/input/mice tracks every single mouse connected... I just wished there was one work keyboards...
<Tophat> using exim4 if that makes a difference
<kirkland> RoAkSoAx: sweet
<kirkland> RoAkSoAx: that should be enabled, then
<RoAkSoAx> kirkland: what can be done for keyboards, is use a keyboard = y, that will attempt to find a keyboard in /dev/input/by-id by searching for a kdb or keyboard regex... though that doesn't ensure that all devices create symlinks with kdb or keyboard names
<genii-around> Tophat: I'd probably instead send it to root with   nagios: root                 in /etc/aliases
<kirkland> RoAkSoAx: hmm, okay
<kirkland> RoAkSoAx: okay, i'm going to shut down, pull my battery, and see if and how much powernap is saving on my laptop
<Tophat> genii-around thanks, will this work if its the nagios user thats sending the email?
<genii-around> Tophat: I'm not sure what the parent process is there
<genii-around> ( I don't use nagios )
<Tophat> lucky you :P
<RoAkSoAx> kirkland, Another option is to restrict the InputMonitor for keyboard/mouse only then... and the config will default to "mouse = y" and "keyboard = y" (the latter will attempt to detect keyboard automatically)
<kirkland> RoAkSoAx: oh, another thing ...
<kirkland> RoAkSoAx: i think we need a timestamp in front of "PowerNap will take the following action in [6] seconds: [/usr/sbin/powernap]"
<kirkland> RoAkSoAx: so that if you miss this message in real time, you know when it *was* delivered ;-)
<RoAkSoAx> kirkland: ok ;)... btw what do you think about making the InputMonitor only for mouse/keyboard as explained above?
<kirkland> RoAkSoAx: i think that sounds better
<RoAkSoAx> kirkland: btw.. doesn't your logging show date/time like mine?? 2011-01-28_15:33:52 WARNING  PowerNap will take the following action in [5] seconds: [/usr/sbin/powernap]
<kirkland> RoAkSoAx: i meant in the warn message
<RoAkSoAx> kirkland: oh ok lol!! >P
<kirkland> RoAkSoAx: ;-)
<kirkland> RoAkSoAx: the logging looks great
<RoAkSoAx> kirkland: yeah!! everything works very neatly!!
<wizardslovak> what would be cons to use dns server in my private server?
<wizardslovak> i mean pros hehe
<RoyK> http://lol.is/?skoda=10602
<wizardslovak> RoyK, hahahahah
<patdk-lap> wizardslovak,  what kind of dns server?
<wizardslovak> patdk-lap, BIND? well i am just curious what would be beneficiares of it
<patdk-lap> a dns server? or a dns recursor?
<wizardslovak> server
<RoyK> patdk-lap: most dns servers can recurse
<patdk-lap> well,I'mjust asking :)
<patdk-lap> what he wants to use it for
<RoyK> wizardslovak: for a dns server, bind is the most used software on the net - it's a little hard to get used to, but it works well
<zul> SpamapS: ping
<SpamapS> zul: pong sup?
<SpamapS> zul: note, have to go in about 10 min
<zul> SpamapS: heh im already gone
<zul> but 5.3.5 is the only changelog entry the CVE
<zul> ?
<SpamapS> hrm.. maybe not sure
<SpamapS> I TOTALLY forgot that we already had 5.3.4
<zul> because if its just a CVE then we basically have 5.3.5
<SpamapS> zul: yeah. I think so. :-P
<SpamapS> zul: well damn now I feel silly. ;)
 * SpamapS got all excited to triage a bug today
<zul> :P
<zul> yes i noticed
<SpamapS> ok well its still nice to have :)
<zul> yes well ill let mdeslaur worry about it then ;)
<SpamapS> zul: have a nice weekend.. :)
 * SpamapS disappears too
<GatorAlli> What is the best way to recover overwritten data, I accidentally overwrote some scripts a couple of minutes ago. Please help :(
<guntbert> GatorAlli: pulll them from your backup :-)
<GatorAlli> Is the backup provided with the service?
<GatorAlli> or the OS?
<guntbert> GatorAlli: what service?
<GatorAlli> singlehop
<guntbert> !crosspost | GatorAlli
<ubottu> GatorAlli: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.
<iclebyte> i've got ssh key based login running from one machine to a server no problem. for some reason the same process wont let me login from the actual host which i want to connect to
<iclebyte> i.e. ssh root@localhost
<iclebyte> i've enabled root login in /etc/ssh/sshd_conf
<guntbert> iclebyte: did you put the pub key into /root/.ssh/authorized_keys?
<iclebyte> yup. say the server is machineA - I can get to it from machine B no problems, but when I try to connect from machine A to machine A it fails
<iclebyte> ask's me for a password everytime...
<iclebyte> i've added the public key from the convirture user to roots authorized_keys
<fluvvell> iclebyte: using ssh-copy-id is often better
<pmatulis> iclebyte: check your logs
<RoAkSoAx> kirkland: I don't think we should enable by default any InputMonitor given that not everybody will have a USB keyboard/mouse connected
<iclebyte> pmatulis, don't see anything unusual
<iclebyte> using ssh root@localhost -v helped
<iclebyte> thanks chaps.
<kirkland> RoAkSoAx: hmm
<hallyn> SpamapS: the neat thing about bzr is you coudl just branch my trivial tree, make your trivial fixes, and merge your own :)
<hallyn> I sometimes feel that by sticking too much to the 'classic' review model, we really slow down quality fixes
<binaryhat> im reading https://help.ubuntu.com/community/KVM/Networking#bridgednetworking but i dont have /etc/vmbuilder/libvirt/libvirtxml.tmpl  on 10.10
<kirkland> RoAkSoAx: can't we detect that
<uvirtbot> New bug: #709542 in cloud-init (main) "100% cpu console-kit" [Undecided,New] https://launchpad.net/bugs/709542
<RoAkSoAx> kirkland: everything is possible >P but let me think first how can I do that without breaking the simplicity of loading the config file >P
<kirkland> RoAkSoAx: ack
<RoAkSoAx> kirkland: ok so it would be something like: In config, left keyboard/mouse = y, however, if regex for mouse/kbd in /dev/input/by-id exists, then create monitors, otherwise don't
<RoAkSoAx> s/left/leave
<kirkland> RoAkSoAx: sounds complex
<shaggy2> hello I need help with bind9 I have my dns server running fine, everything works correctly, only problem is, I need to change the time it take to use a newly created subdomain/domain
<shaggy2> how do I do that?
<tallis_> hi to all
#ubuntu-server 2011-01-29
<tallis_> does anybody have any experience o linux software raid?
<shaggy2> ok so I am needing to change how long it takes for bind9 to reliase that there is a new domain/subdomain. I am running ubuntu 10.10 I created a subdomain last night and the new subdomain didn't work for about 9 - 12 hours. how do I shorten that time?
<tallis_> does anybody have any experience o linux software raid?
<tallis_> does anybody have any experience o linux software raid?
<Nafallo> tallis_: quite a few most likely. what is it you really want to ask?
<Nafallo> also, repeating a question isn't likely to get you anywhere any faster really.
<tallis_> i'm trying to build a raid10 array
<tallis_> i created 2 md0 partitions with madam
<tallis_> the ubuntu installer see's them
<tallis_> but it doesn't detect 1 NON raid partiotion with shall become the "/boot"
<tallis_> any idea?
<tallis_> Nafallo, ?
<shaggy2> ok so I am needing to change how long it takes for bind9 to reliase that there is a new domain/subdomain. I am running ubuntu 10.10 I created a subdomain last night and the new subdomain didn't work for about 9 - 12 hours. how do I shorten that time?
<MTecknology> Is it possible to run your own dropbox server?
<MTecknology> I thought it was, but I'm having trouble finding any info on it
<jmarsden> MTecknology: Maybe you mean http://fak3r.com/2009/09/14/howto-build-your-own-open-source-dropbox-clone/ ?
<jmarsden> shaggy2: Most likely you need to set a shorter TTL in your zonefiles?  A line $TTL 900 at the top of each zonefile will mean they are cached by other DNS servers for only 900 seconds (15 minutes) before the authorized server is checked for any updates.
<MTecknology> jmarsden: oh- thanks :)
<jmarsden> MTecknology: You're welcome.
<MTecknology> jmarsden: I wrote a tiny script to kind of do it; it's been running about 2hr now :P
<niles> anyone know any good dns servers?
<jmarsden> niles: 8.8.8.8 and 8.8.4.4 are the Google public ones, they work well...
<niles> ok, thanks, but I meant more like bind9
<MTecknology> I love google dns servers
<MTecknology> before that I was stuck with my isp's or opendns which was almost as bad
<binaryhat> i need assistance w/ Bridge to LAN on my VM
<binaryhat> my VM cant connect to the net
<xid> i let my ec2 go past due, then i paid it up about 45 mins ago, now it says "It looks like you don't have an EC2 account."
<xid> and that I have to sign up, but every time I go to the sign up page it says I already have access
<xid> catch22
<SJr> What's the easist way to get a multi boot USB stick?
<MTecknology> http://dpaste.com/364659/ <- this is my hosts.deny file; that 'should' keep anything from reaching nginx from those IP's, right?
<jmarsden> SJr: pendrivelinux.com has a bucnh of relevant articles, try http://www.pendrivelinux.com/boot-multiple-iso-from-usb-via-grub2-using-linux/
<fongwee> Hi everyone I need some help with virtualisation on Ubuntu server
<jmarsden> fongwee: Go ahead and ask your actual, specific, question, and see if anyone here can help.
<fongwee> How do I virtualise a Ubuntu desktop on my server to run as a HTPC
<fongwee> I am stuck at the virt-install
<fongwee> Sorry I am a newbie in Linux
<fongwee> I had entered sudo virt-install --prompt
<jmarsden> Is it possible to just install Ubuntu Desktop on the real hardware, and avoid the virtualization?  That will be easier for a newcomer. Virtualizing an HTPC sounds... interesting, you'll be dealing with virtualized sound cards and so forth... do you *really* want to do that?
<fongwee> I am trying to setup a NAS and HTPC on the same computer. Is it possible to just use the Ubuntu desktop
<jmarsden> Sure.  Ubuntu desktop can run services to share files and stream audio and video...
<fongwee> Ok. The NAS is able to run RAID?
<jmarsden> Ubuntu server is an OS for "real server" use, often headless in a server closet.  Sure, Ubuntu desktop can use hardware and software RAID.
<fongwee> Ok. That sounds like what I need for a starting noob.
<fongwee> How do I configure it to run as a NAS?
<jmarsden> Just install the samba packages and set up shares, if you want "Windows-like" file shares.  For video and audio streaming there are plenty of options but I don't know mcuh about any of them :)
<jmarsden> fongwee: https://help.ubuntu.com/community/Samba/SambaServerGuide  might be worth reading.
<fongwee> ok thank you jmarsden. I will check it out
<jmarsden> You're welcome.
<no--name> Hi. I am running ubuntu-server 10.10 with fluxbox and when I plug my usb hard-drive in it doesn't come up in /media like it does on ubuntu-desktop... what gives?
<Thirtysixway> no--name I think it's nautilus that auto mounts it, and that's not installed on server edition
<no--name> ahh
<Thirtysixway> Check out https://help.ubuntu.com/community/Mount/USB
<no--name> well I just went mount /dev/sdb1 /mnt and it worked.
<Thirtysixway> ah okay
<sijo> hi
<sijo> hi
<uvirtbot> New bug: #709655 in samba (main) "package samba 2:3.5.6~dfsg-4ubuntu2 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,New] https://launchpad.net/bugs/709655
<anzenketh> I have /var mounted on a seperate partition is there a way that I can change that while the system is booted?
<anzenketh> I am using LVM
<anzenketh> cd /amahi
<novitololo> Hi. If /var/www have write permissions just for the root, how can I write files from Eclipse to that folder?
<\sh> novitololo: /var/www should have www-data:www-data and you can put your user in the www-data group
<novitololo> \sh: What do you mean by www-data:www-data ?
<\sh> novitololo: the permissions of /var/www should be www-data:www-data (user www-data, group www-data)
<novitololo> \sh, thanks.
<magez> heys, i have problem of not being able to connect to my server, i think its firewall problems
<magez> thats after i setup the complicatedfirewall ufw and rebooted
<magez> before the reboot i was able to connect to the sites and stuff
<magez> i can see the sites on localhost
<magez> cleared all the fw rules with webmin but nothing
<tallis_> I have a software raid in ubuntu at after an update it doesn't boot any more ... i get to the Busybox screen
<tallis_> anybody?
<Mateo_> Hi everyone !
<Mateo_> i don't understand something, i've added a virtualhost, a user using pure-ftpd, like i did a lot of times, but this time, i can't connect using ftp
<Mateo_> login is ok but it looks like password isn't
<Mateo_> i've checked it 3 times ...
<Mateo_> ok i try to change the password again and now it give me a Unable to fetch info about user [.....]
<Mateo_> ok found the problem ...
<Mateo_> thanks anyway !
<uvirtbot> New bug: #709723 in cobbler (universe) "The location of isc-dhcpd is incorrect in sync_post_restart_services.py" [Undecided,New] https://launchpad.net/bugs/709723
<Avi__>  I am installing ubuntu server after activating raid during setup. I have to configure iSCSI volumes. After I select Log into iSCSI targets, I need to enter the "iSCSI target portal address". After entering the ip, I get the following error: "No iSCSI targets discovered".
<Avi__> Please help.
<gobbe> Avi__: and you are sure that your iscsi-target is showing disks to your host?
<Avi__> after the partitioner loads, I get the following message: This is an overview of your currently configured partitions and mount points. Select a partition to modify its settings (file system, mount point, etc.), a free space to create partitions, or a device to initialize its partition table. Below this text I get the following options: Configure iSCSI volumes, Undo changes to partitions and Finish partitioning and write change
<gobbe> so you have server/storage providing iscsi-volumes?
<Avi__> yes
<Avi__> thats what the installer says
<gobbe> eh? installer?
<Avi__> the text based ubuntu server installer.
<orogor> hi here
<gobbe> Avi__: but...you have external storaage providing iscsi?
<orogor> i am having trouble setting up the server as router/dns/dhcp server wifi access point, anyone may help ?
<gobbe> orogor: well, it would help that you tell what kind of trouble you have
<orogor> current issue is that /etc/network/interface setting is overidded by something that i dont know and wifi interface is uspposed to give out dhcp  lease and has a fixed adress but somehow end up getting the dhcp adress it s supposed to give out
<Avi__> gobbe: i am not sure
<Avi__> please help.
<gobbe> Avi__: eh, you are not sure? do you know what iscsi is?
<gobbe> Avi__: iscsi is way to attach external storage to your server, but you need to have either external storage or server providing this disk
<Avi__> it is based on storage on the network?
<gobbe> yes
<Avi__> ok
<gobbe> it's way to use storage over ip-network
<gobbe> and to be able to use it, of course you need to have storage-system or server that can give disk
<Avi__> there are 2 hard disks on the server machine
<gobbe> so what you are actually trying to do?
<Avi__> i want to install ubuntu server
<orogor> these  disks will be presented not as file share , but as lun/raw partitions
<gobbe> Avi__: well then you just install it normally, you don't use iscsi
<Avi__> so how do i bypass it
<orogor> and you ll need to mount  them on the "client" server partition them and stuff
<Avi__> ?
<gobbe> Avi__: you don't select iscsi
<gobbe> Avi__: restart if you cannot get back after you selected iscsi
<orogor> gobbe,  any idea for the dhcp issue i have ?
<Avi__> i have no other option
<gobbe> Avi__: what did you select before that
<gobbe> orogor: hmmh, so are you trying to get ip with dhcp or act as dhcp-server?
<Avi__> after the partitioner loads, i have 3 options
<orogor> act as dhcp server
<gobbe> Avi__: what are options?
<Avi__> first is "Configure iSCSI volumes"
<gobbe> orogor: https://help.ubuntu.com/10.04/serverguide/C/dhcp.html
<Avi__> second: "Undo changes to partitions"
<Avi__> and third "Finish partitioning and write changes to disk"
<orogor> i set wlan0 as 192.168.2.100 in /etc/network/interface and dhcp server for range 200-250 , but wlan0  ip is now 192.168.2.201
<Avi__> the last two options don't work
<gobbe> Avi__: you selected automatic partitioning before that
<gobbe> orogor: upload interface-file to pastebin.ubuntu.com
<Avi__> no the partitioner loaded automatically without letting me select "manual partitioning"
<orogor> http://pastebin.ubuntu.com/559873/
<gobbe> Avi__: are your disks empty?
<orogor> http://pastebin.ubuntu.com/559875/
<gobbe> orogor: you are using server and not desktop?
<Avi__> no
<gobbe> Avi__: which version you are trying to install?
<orogor> http://pastebin.ubuntu.com/559876/
<Avi__> ubuntu 10.04 server
<gobbe> orogor: it shows that your wlan0 has no ip,  but wlan0:avahi has
<orogor> gobbe, i use it as both :)  only kernel is different
<gobbe> orogor: yep, and desktop has network manager
<orogor> i uninstalled network manager, i dont know why avahi want to give that if an ip
<gobbe> orogor: which could cause nice things
<gobbe> :)
<gobbe> orogor: say sudo ifdown wlan0
<gobbe> orogor: and then sudo ifup wlan+
<gobbe> orogor: and then sudo ifup wlan0
<orogor> looks better
<orogor> but then i dont know how to fix this definitivelly
<gobbe> so this is actually desktop and not server installation?
<orogor> avahi is suposed to broadcat capabilites of the computer not set up if
<orogor> really only kernel is different from server and desktop and depending on the days i boot either kernel
<orogor> that workstation has a shitload of services running
<Avi__> please help.
<gobbe> well, like i told, network manager also
<orogor> AVAHI_DAEMON_DETECT_LOCAL=1
<orogor> AVAHI_DAEMON_START=0
<gobbe> orogor: and scheduler
<orogor> network manager is uninstalled, i dont like it
<gobbe> so it gets ip on boot?
<orogor> huh from interfaces file
<orogor> i am not sure i get your question
<gobbe> well, it did have ip on your paste
<orogor> what wlan0 ?  yes and thats  the issue
<orogor> now i restarted it it has correct ip
<gobbe> with ifdown/ifup?
<orogor> yup
<gobbe> if you now restart your computer it still gets wrong ip?
<orogor> yes thats  sure i already tried restarting it after restarting interface
<gobbe> check from syslog that what service triggers the dhcp for it
<orogor> it s avahi autopid
<cossovich> hello folks. I'm looking for an elegant way to install PHP 5.2 on Maverick. I'm almost ready to start compiling from source... can anyone talk me out of that?
<orogor> hummm
<gobbe> cossovich: why php 5.2?
<cossovich> web development box primarily used for Drupal (6)
<gobbe> cossovich: php5 package is 5.3.2, is it too new?
<orogor> gobbe,  and even then i just started hostapd as soon as i did wlan0 (not wlan0:avahi) took 10.1.2.201 , and added a new route for the interface which broke the connection to the net
<cossovich> yar... Drupal 6 isn't compatible with 5.3
<gobbe> cossovich: ok :/
<gobbe> cossovich: then i would say that only way is to compile it from sources
<cossovich> I've seen some other solutions like changing the sources list to Karmic for the PHP packages but it just seems messy to me.
<gobbe> cossovich: yes, and that can cause lots of troubles :D
<cossovich> I think I'll go back to basics! Juts wanted to do a sanity check.
<cossovich> gobbe: what kind of potential troubles? (just out of curiosity)
<gobbe> cossovich: well, packages are depending from other packages
<gobbe> cossovich: so you could end up in situation where your system is needing two versions of packages :)
<cossovich> gobbe, I see... so if I go back to compiling PHP I just need to be aware of any updates myself and manually compile the software again when there's a new version?
<orogor> i just losed the connection for a few minutes
<gobbe> cossovich: i would try to upgrade drupal one that supports newer php
<gobbe> cossovich: but you could skip php-packages from updates
<orogor> hummmm
<\sh> orogor: what does drupal6 upstream says about php 5.3?
<orogor> no idea i think you had an issue with completion
<\sh> orogor: right...
<orogor> hi again
<orogor> i still have the same issue
<orogor> i dont manage to set a static adress for the interface
<gobbe> in boot?
<orogor> ..
<orogor> gobbe, no , apparently thats linked to dhcp
<orogor> or humm how to put it
<orogor> it start static, then every so often it gets a dhcp adress
<orogor> if i updown it it s  static , but then will get a dhcp again
<gobbe> so some process is triggerin it with dhcp
<orogor> gobbe, no , apparently thats linked to dhcp
<orogor> it start static, then every so often it gets a dhcp adress
<orogor> if i updown it it s  static , but then will get a dhcp again
<orogor> i configured dhclient.conf to try to get static, but it seems to have no effect
<gobbe> eh?
<gobbe> if you configure it as static it is static
<gobbe> unless something triggers dhclient to it
<orogor> http://pastebin.com/9jDeWBk4
<orogor> thats  dhclient.conf  which sets static in addition to interface file
<orogor> with avahi autopid deactivated and network manager uninstalled
<orogor> errr both uninstalled
<gobbe> disable dhclient if you want to use static ip
<orogor> that d be too simple
<orogor> i need one interface with dhcp
<gobbe> you can configure it from interface-file
<gobbe> others with static
<gobbe> and one with dhcp
<orogor> thats  what i do
<gobbe> well, if your wlan gets still ip from dhcp, even when it's configured as static, something is triggering dhclient to it
<orogor> http://pastebin.com/0wAMWZBC
<gobbe> i believe that auto-lines should be above of others
<gobbe> so auto eth1
<gobbe> and then iface eth1 ....
<orogor> fixed
<orogor> hummmm
<nimrod10> a
<OriK> Hi, I've been taking a look to Ubuntu Cloud and I've noticed that it's unsuitable if your nodes might fail unexpectedly
<OriK> do you know something that could manage that?
<Wout> Can someone help me figure something out??? I think I'm going mad here...
<Wout> I have a home server
<Wout> I wan't it to auto suspend and wake on lan
<Wout> no magic packet just activity
<Wout> I'm going to use powernap for the suspend part
<Wout> When I do ethtool -s eth0 wol u
<Wout> followed by: ethtool eth0 it says"Wake-on: u"
<Wout> then i issue pm-suspend
<OriK> I think that's not possible without magic packet, the network interfaces have activity continuosly so it wouldn't know which activity should make the server to wake on...
<Wout> My system suspends but doesn't wake from ping
<shirgall> The wakeonlan tool sends the magic packet
<shirgall> I don't think ping is enough
<Wout> the system does wake from wakeonlan Magic Packet
<Wout> "ethtool -s eth0 wol u" should set wol to wake on unicast...
<OriK> ... it wakes on unicast... with a magic packet
<OriK> not a regular ping
<Wout> This is not the problem.
<Wout> After a suspend the "u" wol setting is reset to "g"
<OriK> in fact you can't ping a suspended machine because it "doesn't have" IP
<Wout> my arp table still contains the system.
<Wout> Search ping and wol. This is widly used
<Wout> Even so this used to work on my 10.4 install
<Wout> No hardware changes fresh maverick install and it doesn;t work
<Wout> Even setting it to "p" (physical activity) doesn't work because its reset to "g" before suspend
<OriK> maybe there is a configuration file overwritting your command
<Wout> I'm thinking something like this.
<shirgall> Might be that something is resetting it in the rc scripts on suspend
<Wout> I think it's got something to do with bug 445950
<uvirtbot> Launchpad bug 445950 in powernap "powernap init script should enable WoL on valid interface(s)" [Medium,Fix released] https://launchpad.net/bugs/445950
<Wout> lol
<shirgall> That looks like a smoking gun. :)
<Wout> I thought so. But where can I set the wol variables......
<Wout> general question
<shirgall> By default /etc/powernap/action is nothing but comments, but you could add some actions there
<Wout> /etc/powernap/action has "pm-suspend"
<shirgall> And there doesn't seem to be any ethtool in the default /etc/pm scripts either
<Wout> however the behaviour I'm fasing is before powernap does anything
<shirgall> I don't see anything obvious. :(
<Wout> ethspeed
<Wout> /etc/pm/power.d/eth_speed
<Wout> ethtool -s eth0 autoneg on speed $1
<shirgall> Ah, on my default that's empty
<Wout> odd
<shirgall> I just installed powernap a couple minutes ago
<shirgall> Maybe I need to configure it before those scripts set up
<Wout> btw I used the powernap ppa
<Wout> ;-)
<Wout> version 2.2
<shirgall> Ah, I did not
<shirgall> 1.10-0ubuntu1
<Wout> ppa:powernap/ppa
<Wout> Anyone know how to contact Dustin Kirkland?? ;-)
<compdoc> you are not worthy
<Wout> :-)
<Wout> 2010-03-04 - Dustin Kirkland <kirkland@ubuntu.com>
<Wout> powernap (1.9-0ubuntu1) lucid; urgency=low
<Wout>   * debian/powernap.upstart: fix LP: #531950
<Wout>     - fix ethtool regex
<Wout>   - allow for admin customized ethtool script, when powernap's
<Wout>       is incorrect or undesired
<shirgall> That does seem promising
<Wout> thought so, now all I need to do is find that script.... I think
<Wout> https://bugs.launchpad.net/ubuntu/+source/powernap/+bug/531950
<uvirtbot> Launchpad bug 531950 in powernap "Powernap upstart script assumes that there is only wake-on-lan "magic packet" mode." [Medium,Fix released]
<alonswartz> kirkland: you around? I see you added "geolocation for aws server assignment" to the cloud-server-desktop-images blueprint and I might be able to help
<AdamDV> Propoer hostname in 10.04 is like this right? /etc/hosts: 127.0.0.1 server.domain.com server /etc/hostname: server
<alonswartz> kirkland: as reference - http://www.turnkeylinux.org/blog/geoip-amazon-regions and http://www.turnkeylinux.org/blog/auto-apt-archive
<Wout> have to go now
<Wout> thanks for the help
<AdamDV> Also, is the netadmin account used for anything, or am I free to use it for an account?
<r3sno> question for you guys.
<r3sno> if you were looking for a server admin to hire, would you suggest using a tool like webmin to setup a home router or require doing it "manually"?
<r3sno> i want to setup my server as my router, dhcp, etc. but i am sure id do it wrong, and i want the experince but want to do it "right"
<AdamDV> Where can I find the ssh.d log?
<r3sno> AdamDV: /var/log
<AdamDV> Yea. Under what file name?
<AdamDV> auth.log?
<r3sno> i think its auth
<AdamDV> I keep getting public key errors client side but auth.log shows no lines of anything. Hmph.
<AdamDV> Ah. Here we go. Authentication refused: bad ownership or modes for file /home/sysadmin/.ssh/authorized_keys
<AdamDV> What should the permissions be? I've got them at 0667
<r3sno> no clue
<AdamDV> 664. These messages should really be more descriptive >:(
<r3sno> have you tried clearing the keys and making new ones?
<binaryhat>  i need assistance w/ Bridge to LAN on my VM, my VM cant connect to the net
<thesheff17> binaryhat: are you using nat?
<binaryhat> not sure
<thesheff17> what is your ip of your server? and what is the ip of the virtual machine? use ifconfig to see ip.
<binaryhat> server is 192.168.1.101
<r3sno> is it sad to use to tools to admin a server? or direct conf editing?
<binaryhat> for VM is it br0 or virbr0 thesheff17 ?
<thesheff17> binaryhat: so on the server you should have bridged eth0 to br0
<binaryhat> thesheff17, eth0 and br0 have the same ip address, virbr0 has 192.168.122.1
<thesheff17> binaryhat: ah ok...so 192.168.122.1 is basically the virtual network for the backend...you can simply assign a static ip to your virtual machine in the same range as 192.168.1.x
<thesheff17> binaryhat: it depends if you want to use NAT or not.
<binaryhat> what do u suggest
<thesheff17> I don't use nat...I assign everything in the same range so 192.168.1.x and static IP everywhere.
<binaryhat> thesheff17, nat doesnt work, i get a 169 address
<thesheff17> binaryhat: I would try to set a static on the virtual machine in the same range as the server and then try ping the server ip from the virtual machine.
<binaryhat> not in /etc/network/interfaces?
<thesheff17> binaryhat here is how my network config files look for both the server and the virtual machine http://pastebin.com/gHsqR5bV
<thesheff17> yea you should be editing /etc/network/interfaces on both devices.
<thesheff17> once both devices are configured correctly your virtual machines will have access to everything...dns, web sites, local network, etc
<binaryhat> my guest VM is win7
<thesheff17> binaryhat: oh haha...try setting everything up in the same range...ip, gateway, dns
<PhotoJim> I'm running 10.04 LTS on a home server. pae kernels have been autoinstalled and I don't need them (the machine can onlly take 2 GB of RAM). when I go to remove them, aptitude says linux-server depends on linux-generic-pae.  am I missing something?  I've got the machine running on a non-pae kernel and obviously, all is well.
<Patrickdk> ubuntu server uses the pae kernel for 32bit
<Patrickdk> if you uninstall it, you will uninstall the ubuntu server meta package cause it depends on it, but everything will still work fine
<Patrickdk> it's upgrades that can get strange then
<PhotoJim> so I should just ignore it?
<PhotoJim> why is it forcing PAE? that seems unnecessary.
<PhotoJim> it doesn't hurt anything on my server but the kernel is larger than it needs to be in consequence.
<Patrickdk> well, you installed server mode
<Patrickdk> you could just install the none-pae kernel also
<PhotoJim> the non-PAE kernels are installed, but tue PAE ones get priority in the grub kernel list.
<Patrickdk> heh, odd
<PhotoJim> I guess I could change it to boot off kernel 2 instead of kernel 0.  that would always be the non-PAE non-debug kernel.
<PhotoJim> yes.
<Patrickdk> guess you could edit /etc/grub.d/10_linux
<Patrickdk> and add pae to the blacklisted kernels
<PhotoJim> that's an idea.
<jeeves_moss> how do I enable CONFIG_TASK_DELAY_ACCT in IOTOP?
<RoAkSoAx> kirkland: ping?
<thesheff17> does anyone know how to set a read only variable in mysql to not read only?
<r3sno> thesheff17: what do you mean?
<thesheff17> I'm trying to set this: set global lower_case_table_names=1;
<thesheff17> and I get  ERROR 1238 (HY000): Variable 'lower_case_table_names' is a read only variable
<r3sno> thesheff17: are you using logs? or something else?
<thesheff17> r3sno: I'm trying to do this on the mysql command prompt...it basically just says table names are case insensitive
<r3sno> thesheff17: try this out http://info.solomonson.com/content/how-fix-errno-24-mysql
<Skaag> I just finished installing Ubuntu Server 10.04 LTS on a system with a RAID1 configuration, it didn't boot. I loaded in rescue mode, and mounted the root drive, but I can't see any kernels in /boot/, any ideas why this might be?!
<thesheff17> r3sno: yea I was originally trying to set this in the my.cnf..but the mysql server wouldn't start...so I commented out and tried it on the command line.
<Skaag> I did not specify a different partition for /boot
<Skaag> just a plain system with / fs
<thesheff17> r3sno: and it doesn't start when I have SET lower_case_table_names=1 in the /etc/my.cnf file :-/
<Skaag> ok weird, within rescue shell, an apt-get dist-upgrade seems to want to bring a kernel, so maybe this will resolve itself
<Skaag> I just don't understand why an install will seem to finish properly, with no warnings or errors, and the system ends up not having a kernel...
<r3sno> other then googling the answer, i dont know anything else thesheff17
<thesheff17> r3sno: thanks for the help...yea this variable has given me huge headaches since I converted over from oracle...I really need to get the developers to fix the case sensitive tables in the code...they are just not willing to do it :-/ and I want to upgrade to the newest version mysql 5.5.8...mysql 5.0.x this variable can easily be set.
<bigmahatma> hello. I've got a amd k325 processor (on a dell m101z) and I'm running 10.04. I'd like to downclock the CPU, how can I do it?
<bigmahatma> hello?
<thesheff17> r3sno: that variable is set fine on mysql 5.1.41 it must be in the new version that they changed it :-/
<r3sno> heh, new versions are always nice
<thesheff17> r3sno: do you know anywhere to know how many CPU mysql supports?
<r3sno> i didnt know mysql didnt support as many cpus you could through at it
<Patrickdk> depends on how you use mysql :)
<r3sno> Patrickdk: please expand :D
<binaryhat> thesheff17, i still cant get bridge to work
<Patrickdk> I think it's limited to one cpu per connection
<Patrickdk> and that includes replication (replication is single cpu limited)
<thesheff17> Patrickdk: ah ok...I just got a new server... 24 cores...and I'm not really sure if mysql 5.1.x will support that number of cores....I was reading somewhere about how 5.5.8 would support that...I'm trying to find that.
<thesheff17> binaryhat: so you set the static ip on the windows box? can you ping your virtual machine server?
<Patrickdk> na it supports it now
<Patrickdk> it's the replication that doesn't support it
<Patrickdk> dunno if that is what your talking about though
<binaryhat> hmm
<thesheff17> Patrickdk: ah ok so mysql 5.1.x should support that many number of cores?
<Patrickdk> yep
<Patrickdk> when in doubt about high mysql loads, read mysqlperformanceblog.com :)
<Patrickdk> they do crazy load tests, on large systems like that
<thesheff17> Patrickdk: cool thanks. I prefer using the mysql version in the repo anyway.
<Patrickdk> heh?
 * Patrickdk wonders what he said that says I told you to use something different
 * Patrickdk hates people assuming what I say
<r3sno> Patrickdk: how did you learn to be a server admin?
<thesheff17> Patrickdk: oh you didn't...I was just reading about mysql 5.5 and how it has 370% performance boost over 5.1.x
<thesheff17> Patrickdk: so I was trying to use that version.
<binaryhat> thesheff17, yes i can ping it
<thesheff17> binaryhat: can you ping your router...usually 192.168.1.1
<binaryhat> hmm
<thesheff17> binaryhat: once that works try ping www.google.com...if that doesn't work your DNS servers aren't set.
<binaryhat> i cant ping the router
<binaryhat> i set the dns info on the win7 vm
<binaryhat> its my cable isp
<thesheff17> binaryhat: it sounds like something is wrong with the br0 bridge.  How did you install win7 through virt-manager?
<binaryhat> sudo virt-install -n ultimate7 -r 2048 -f ultimate7.img -s 80 -c /mnt/raid/Universe/Galaxy/ISO/Windows_7_AIO.iso --accelerate --connect=qemu:///system --vnc --noautoconsole -v --network=bridge:br0
<binaryhat> that way
<thesheff17> binaryhat: can you pastebin your ifconfig of the server?
<thesheff17> binaryhat: that looks fine
<binaryhat> thesheff17, http://fpaste.org/JFbt/
<binaryhat> thesheff17, http://fpaste.org/Hg6a/
<thesheff17> eth0 shouldn't have an IP since isn't that your bridge adapter?
<binaryhat> eth0 is the NIC server's
<thesheff17> you have eth0 set to dhcp...check out that pastebin I did http://pastebin.com/gHsqR5bV
<thesheff17> you def need this line: bridge_ports eth0
<binaryhat> i need eth0 to be dhcp
<thesheff17> br0 needs to be bridged off an adapter.
<binaryhat> it connects 2 the router
<thesheff17> this is like a virtual bridge....if you look at my pastebin I bridge eth0 to br0.  I'm not sure you can run dhcp & bridge br0 with the same adapter....if you really need dhcp for that server another physical network adapter should be used.
<binaryhat> ?
<binaryhat> hmm brb
<binaryhat> so set eth0 as static?
<thesheff17> in my pastebin I have iface eth0 inet manual
<anzenketh> Trying to remember how do you set a default group and user for a directory?
<thesheff17> I would just copy and paste my pastebin file and edit accordingly.
<thesheff17> anzenketh: chown -R username:group /dir/
<anzenketh> Yes I know how to change the group
<anzenketh> But I want additional directories and files to fall under the parent group
<anzenketh> as apposed to the created users
<thesheff17> anzenketh: hmm...sorry don't know that
<anzenketh> Figured it out it is chmod g+s directory will set the current permissions
<anzenketh> and umask 002 will set to default group writable
<Skaag> on a system with raid1, where do I install grub?
<Skaag> I have /dev/mapper/m032-root on / type ext4
<Skaag> how do I figure out where to install the grub boot loader?
<Skaag> just installing to /dev/sda and /dev/sdb was not enough
<hjmf> Skaag: on both disks
<Skaag> I just read in a guide my raid is fake
<Skaag> and it is recommended to just use mdadm
<Skaag> and make it a linux raid
<Skaag> but i'm thinking to skip the whole thing entirely
<Skaag> database machine... I want good performance
<Skaag> brb
<binaryhat> thesheff17, if eth0 is manual what ip address does it get?
<thesheff17> binaryhat: it doesn't get one...it gets bridged to br0 and br0 has the ip.
<binaryhat> then i cant ssh into the server
<thesheff17> you can ssh into the br0 ip
<thesheff17> br0 is for the server and not for the virtual machines
<binaryhat> thesheff17, i can ssh, but the guest o/s cant get a net connection
<thesheff17> binaryhat: not sure what that means?
<thesheff17> can't get a net connection?
<binaryhat> cant ping the gateway
<thesheff17> can you even ping the gateway from the server?
<binaryhat> yup
<binaryhat> but not from virt machine
<binaryhat> virt machine can ping server
<binaryhat> thesheff17, http://pastebin.com/6iYjXnMV
<thesheff17> binaryhat: yea that looks right...not sure why you can't ping the router.
<binaryhat> should win7 ip dns be dhcp or static?
<thesheff17> I would make everything static
<thesheff17> but I have never used win7 on a virtual machine.
<binaryhat> but it doesnt  get a net connection
<binaryhat> if u look at ifconfig virbr0 ip its differrent from static
<thesheff17> binaryhat: yea that is for the NAT stuff.
<thesheff17> binaryhat: that I don't use
<binaryhat> im stumped
<binaryhat> iv been fighting this for 3 days
<binaryhat> i can get it to work in non-bridge mode
<thesheff17> binaryhat: not sure what you mean by non bridge mode?
<binaryhat> whe i first installed win7 i got a net connection
<thesheff17> binaryhat: it sounds like that came off the NAT and did DHCP.
<binaryhat> then i realized it couldnt see the net shares
<thesheff17> yea that is the problem...nat makes it stuck behind the server.
<binaryhat> so...
<binaryhat> im stuck
<thesheff17> I would try to create a virtual machine with ubuntu and see if you see the same results.
<thesheff17> I don't have any issues with ubuntu on the same network range accessing everything.
<thesheff17> It may be something to do with win7
<binaryhat> maybe
<binaryhat> damn M$
<thesheff17> the other option is try to bridge services with iptables rules...but that is a whole slew of setup for really a pain to maintain .
<uvirtbot> New bug: #387189 in logrotate (main) "/dev/null corrupted (/dev/null.1)" [High,Confirmed] https://launchpad.net/bugs/387189
<AdamDV> 'package sun-java6-jre has no installation candidate'
<AdamDV> lolwut?
<thesheff17> AdamDV: sudo add-apt-repository "deb http://archive.canonical.com/ lucid partner"
<thesheff17> AdamDV: apt-get update && apt-get install sun-java6-jre
<AdamDV> Thx
<piercedwater> I have a Dell PowerEdge 1850 and when I rebooted it won't go passed the "PRess Ctrl-E For BMC setup"
<piercedwater> any ideas
#ubuntu-server 2011-01-30
<PhotoJim> piercedwater: not sure, but Ubuntu works ok on these machines.  I have a 2450.  booting off the internal SCSI, but have a SATA PCI card for a pair of SATA drives for my actual server directories.
<CppIsWeird> where does ubuntu store the uuid for the /dev/mapper for cryptodrives in the initramfs?
<CppIsWeird> i went to edit /etc/initramfs-tools/conf.d/cryptroot only to find that i do not have one.
<anzenketh> I attempted to schrink some logical volumes and now /home and /var will not mount
<anzenketh> Can somone help me fix that
<CppIsWeird> how come im on an encrypted system yet /etc/initramfs-tools/conf.d/cryptroot does not exist? how do i modify my kernels cryptroot file?
<boxbeatsy> hi, i'm on an ubuntu server, and i'm finding that my python scripts are randomly terminating.  i don't have any apparent internal or external signals that would cause this, so i'm thinking that it is a memory issue.  does anyone know where i should look for logs to confirm this?
<jmarsden> boxbeatsy: If you can make the issue happen at will, you could try running one of the scripts inside strace and check the resulting (long!) output to see what killed the script?
<boxbeatsy> jmarsden: aah thanks for the suggestion.  i acutally think i found the problem.. i was running 100 instances of polipo not knowing that it has an inmemory cache that over time builds up to 25MB
<jmarsden> OK.  100 * 25MB = ~2.5GB of RAM... shouldn't be a major problem on a server, though, should it?
<boxbeatsy> i believe my server only has 1.7GB of RAM
<boxbeatsy> :\
<boxbeatsy> is that unusual?
<boxbeatsy> i thought it was on the small end, but didnt know (pretty new to workign with external servers)
<boxbeatsy> it's an EC2 medium sized instance
<uvirtbot> New bug: #710038 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 20" [Undecided,New] https://launchpad.net/bugs/710038
<jmarsden> Well, it all depends.  At work, real physical servers tend to have 4GB to... well, 128GB of RAM :)
<jmarsden> I'm not sure what the common sizes are for virtual server machines in an EC2 cloud, that's a whole different world.
<boxbeatsy> holy crap
<boxbeatsy> yea...i just checked..it's a measly 1.7gb
<jmarsden> Sounds like you could either find a different program to do what you want, or hack polipo to set a smaller max cache size, maybe 4Mb instead of 25MB?
<boxbeatsy> jmarsden: yea im setting it to <1mb now cause i'm not even using the caching capabilities.  i'm just using it to assist in proxy authentication
<jmarsden> OK.  Sounds like that should work for you.
<boxbeatsy> thanks for the help :)
<jmarsden> You're welcome.
<thisIsNash> Can I get ubuntu server tech support here?
<jmarsden> thisIsNash: Maybe... it's a little late at night, not many people are around... ask your specific question and see who answers :)
<uvirtbot> New bug: #710084 in mysql-5.1 (main) "package mysql-client-core-5.1 (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/mysql', which is also in package mysql-client 5.5.8-1.linux2.6" [Undecided,New] https://launchpad.net/bugs/710084
<Woutje123> Dustin Kirkland in?
<Nafallo> Woutje123: he's been idle for 21h... not likely.
<Woutje123> aah
<Woutje123> Thanks for replly...
<Woutje123> reply
<Chat8152> this is so cool. I am actually chatting from my blackbwrry
<compdoc> hope youre not driving
<evon> lol no
<evon> now I can get help with my ubuntu box if it is broken
<binBASH> evon: It would be cool indeed when you're chatting from your blackberry while being in cairo
<storrgie> how can I check to see if my NIC is running at gigabit speeds?
<compdoc> could copy large files, or look at the lights on your switch
<compdoc> many have a different color or some way to indicate what speed
<compdoc> dmesg |grep eth0
<oCean> ethtool <interface>
<Woutje123> Mr. Kirkland?
<daisy> hello?
<compdoc> howdy
<daisy> hey compdoc
<daisy> I'm trying to set up 'new mail' emails from my server to another email account
<daisy> I'm not sure how to
<daisy> any ideas?
<daisy> I don't want to just forward the mails
<daisy> I'm using Postfix on Ubuntu
<daisy> if that helps
<compdoc> hang out and see if someone helps. Im not a Postfix guru by any means
<compdoc> you can also google postfix issues - doesnt have to be on an ubuntu system
<daisy> I'd use mailbox_command and insert echo "New Mail" | mail whoever@wherever && before it, except I disabled it because it stops execution, and messed up my Maildir config
<daisy> thanks anyway :)
<compdoc> usually, one account can have several email addresses, if thats what youre doing
<daisy> yeah, I've had a look, it doesn't seem to be a common problem
<daisy> yeah, I've set up some aliases, so for example webmaster -> root
<compdoc> you know more than I thought :)
<daisy> and if I wanted the whole email to get sent, I'd just put other email addresses in .forward
<daisy> thanks :)
<daisy> but I want at most the subject in the notification, if that
<Dragonshadow> Hi
<daisy> hey
<daisy> Dragonshadow: do you know Postfix well?
<Dragonshadow> I've got a kind've odd postfix problem and was directed to this irc to ask for help xD
<Dragonshadow> daisy: lol ^
<daisy> lol
<daisy> well, lets see if we can help each other
<Dragonshadow> what's your problem?
<daisy> I'm trying to set up 'new mail' emails from my server to another email account, without just forwarding the email
<daisy> and without using the mailbox_command variable
<daisy> yours?
<Dragonshadow> Recipient address rejected: gmail.com when trying to send mail
<Dragonshadow> receiving works just fine though
<daisy> is your isp blocking port 25?
<Dragonshadow> this is local testing with telnet
<daisy> try telnetting p25 from outside
<daisy> it could be that your isp requires you to relay outgoing messages through their servers, to stop spam
<Dragonshadow> this is on a dedicated server so...
<daisy> ok, so not a dynamic ip then? :)
<Dragonshadow> nope
<Dragonshadow> and telnetting from outside works
<daisy> can you send to non-local, non-gmail accounts?
<Dragonshadow> gimme one to try
<Dragonshadow> lol
<daisy> root@nightcoat.info
<daisy> be nice :)
<Dragonshadow> I won't spam :p
<Dragonshadow> Recipient address rejected: nightcoat.info
<daisy> hmm
<Dragonshadow> Btw, I don't really understand what you want to do
<Dragonshadow> only forward new mail?
<Dragonshadow> or rewriting the headers so it looks like its supposed to go to the new mail
<daisy> well, I get emails to nightcoat, and I want my gmail address to be notified that there's a new message, without just forwarding the message
<daisy> if that makes sense?
<Dragonshadow> that could get rather spammy if you could do that
<Dragonshadow> each time you get an email on nightcoat you'd get an email notif that you have new email on your gmail
<daisy> yeah, I know
<daisy> hopefully I'll be able to set some rules
<daisy> like max daily or whatever
<Dragonshadow> http://serverfault.com/questions/228828/postfix-new-mail-notification-to-gmail is this you? xD
<daisy> XD
<daisy> yup
<daisy> can you post your main.cf?
<Dragonshadow> its kind've a mess
<daisy> embarrassed? I won't laugh
<Dragonshadow> I honestly dunno if anything in there is a security flaw so I just query'd it to you :p
<Dragonshadow> I'm wondering if it might be reject_unknown_recipient_domain
<Dragonshadow> brb
<daisy> Dragonshadow: Mine has reject_unknown_recipient_domain too, I don't think it's that
<daisy> you've not got anything for mydestination, any reason? or any myorigin.
<azertyu> hello
<azertyu> i installed ubuntu 10.10 server
<azertyu> and also installed ubuntu-desktop
<azertyu> now my question is how to run gnome ?
<Cromulent> why do you want to run gnome on the server?
<compdoc> I do :)
<azertyu> sometime it is helpfull to troubleshoot problem
<azertyu> to install no machine
<azertyu> no machine ns
<azertyu> no machine nx
<daisy> azertyu: it'd be easier to just install desktop ubuntu, and apt-get apache etc
<compdoc> I did what daisy suggests - works better
<daisy> I don't think you want to be messing with X/gnome manually
<azertyu> i got ubuntu-desktop and apache allready present on my sys
<azertyu> doing an ssh session -X how to run ubuntu-desktop ?
<compdoc> startx doesnt work?
<Dragonshadow> back
<Dragonshadow> daisy: you setup to use amavis aswell?
<daisy> it's on my to-do list :)
<Dragonshadow> hrm.
<Dragonshadow> I don't think it
<Dragonshadow> nah
<Dragonshadow> content filter wouldn't touch domains
<Dragonshadow> Can I see your main.cf?
<daisy> it could be a banned from: to: address combination
<daisy> yeah, ok
<awanti> Hi. I need to login ubuntu server remotely. I am in different place. But that server is in LAN environment. So how could i login through ssh or any?
<Woutje123> anybody here with power management expertise?
<Woutje123> pm-suspend and that stuff?
<azertyu> no startx not working also daisy
<Dragonshadow> awanti: you'd need to connect to a machine on it's network
<Dragonshadow> and then ssh from it
<Woutje123> azrtyu is gdm installed?
<daisy> awanti: if you're behind a router you'll need to set up port-forwarding
<Dragonshadow> or you could do that..
<Dragonshadow> lol
<daisy> by going to 192.168.1.1 or wherever, it'll probably have it's own config page
<daisy> you can use traceroute to find it's address, it'll prob be the first entry
<awanti> plz. How? Can u give steps or any ...?
<azertyu> yes gdm allready present
<daisy> ok, type 'traceroute google.com' and paste the first few results here
<azertyu> yes gdm allready present Woutje123
<Woutje123> what does "sudo /etc/init.d/gdm restart" do?
<daisy> restarts gdm :P
<daisy> Dragonshadow, I've query'd it to you
<Dragonshadow> I see it, thnaks
<Dragonshadow> thanks even
<Dragonshadow> lol
<Woutje123> thanks daisy.... ;-)
<Woutje123> Mr. Kirkland not online yet?
<azertyu> restart gdm but there is no display on my screen
<daisy> less pedantically, it'll incorporate changes to config files
<Woutje123> aah
<Woutje123> sudo dpkg-reconfigure xserver-xorg
<Woutje123> anybody know why my eth0 wol setting are reset just before suspend?
<azertyu> done Woutje123
<awanti> Thanks Dragonshadow & daisy i found the answer thanks once again
<Dragonshadow> yw
<daisy> no worries
<Woutje123> now restart gdm again
<daisy> W123: maybe something to do with powersaving
<Woutje123> when i do:"sudo ethtool -s eth0 wol pug"
<Woutje123> ethtool eth0 says: "Wake-on: pug"
<Woutje123> then i issue "sudo pm-suspend"
<Woutje123> it doesn;t wake from unicast
<azertyu> restart but there is no display , don't forgot i connect to my server with ssh -X
<Woutje123> when I wake the server with "wakeonlan [mac-address]"
<Woutje123> it wakes
<daisy> does your motherboard support wol? often they don't, or they default turn off certain features
<Woutje123> then ethtool eth0 says:"Wake-on: g"
<Woutje123> I can wake it using magic packet
<patdk-lap> hmm, waking from off, and waking from suspend are totally different :)
<Woutje123> I used to be able to wake it with unicast (ping)
<patdk-lap> wake from suspend doesn't use the bios
<Woutje123> I think with either 9.10 or 10.04
<patdk-lap> also make sure it's not set to turn off the nic, on suspend
<Woutje123> azerty, sorry bout that.
<Woutje123> all that stuff i let you do wont work.....
<Woutje123> patdk-lap: how would I go about that?
<daisy> :D
<patdk-lap> I wouldn't know, I never suspend linux machines :) only windows
<Woutje123> patdk-lap: remember I can wake the system with magic packet (from suspend)
<patdk-lap> above you said it wouldn't?
<patdk-lap> so what exactly will and won't it do?
<Woutje123> patdk-lap: I set ethtool to wake on unicast, physical and magic packet
<Woutje123> when I issue a suspend it will only wake from magic packet
<patdk-lap> oh, so wakeonlan works
<Woutje123> when I check the settings after suspend and wake it's reset to only wake on magic packet
<daisy> W123: you say the same machine used to wake from unicast in a previous ubuntu?
<Woutje123> that is correct daisy
<patdk-lap> the setting doesn't survive reboots/suspend
<Woutje123> azerty: what happens if you do a "gnome-session"?
<patdk-lap> add that setting into /etc/network/interfaces in post-up
<Woutje123> havent tested reboot, but suspend doesn't work
<Woutje123> I think it's reset just before suspend
<Woutje123> otherwise it should wake up and have the wrong settings for the next suspend/wake
<daisy> W123, perhaps it's just not persistent, and isn't being set at waketime
<daisy> annoying, but have you tryed this: http://ubuntuforums.org/showthread.php?t=234588 ?
<daisy> the init.d script might help
<daisy> bye guys
<azertyu> from xterm unable to connect to ubuntu-desktop
<gobbe> unable to connect with how?
<azertyu> from ssh
<azertyu> this is what i got if i try startx from my xterm
<azertyu> http://paste.ubuntu.com/560318/
<gobbe> eh? you don't start X from there, you just start programs, like xterm or something else
<gobbe> so what you are trying to achieve?
<Dragonshadow> 550 5.1.1 <myaddy@gmail.com>: Recipient address rejected: gmail.com
<thesheff17> azertyu: there is a package called xvfb which is a x frame buffer...simply do apt-get install xvfb then tunnel x through an ssh command example: ssh -X root@192.168.1.5 and then you can run any X program though the frame buffer and it will appear on your machine. I use it all the time to run firefox on servers that don't have GUI remotely.
<azertyu> ok
<azertyu> back
<azertyu> yes me also i  use to do same as use thesheff17
<azertyu> but the problem i can't able to run startx from xterm
<azertyu> i got this error : http://paste.ubuntu.com/560318/
<thesheff17> it looks like the xserver is already started
<thesheff17> did you try to hit ctrl-alt-F7
<thesheff17> you can also try to do /etc/init.d/gdm restart should restart everything for x.
<thesheff17> or are you trying to do this all remotely?
<azertyu> yes correct
<thesheff17> azertyu: well I never tried to run the whole xserver remotely....usually people use vnc or freeNX
<azertyu> i isntalled freenx on server
<azertyu> i use no machine X from client
<azertyu> i also installed ubuntu-desktop on my server
<thesheff17> azertyu: you might also ask in the ubuntu irc.  I don't know about running an entire xserver remotely.
<azertyu> when i try to connect to my server from no machine X i just only got xterm opening but can't open ubuntu-desktop
<patdk-lap> you shouldn't be able to
<patdk-lap> cause you need a way to access it
<patdk-lap> be it vnc, nx, or some other remote desktop viewer
<azertyu> and if i do startx from server i got error that error : http://paste.ubuntu.com/560318/
<azertyu> patdk-lap: i installed freenx on my server and nomachine x on client
<azertyu> can't open ubuntu-desktop that's my problem
<patdk-lap> well, you shouldn't be running startx
<patdk-lap> cause it's already running
<azertyu> ok
<patdk-lap> well, sounds like you need to configure nx correctly then
<patdk-lap> to get access
<azertyu> then why i don't have display ?
<patdk-lap> how did you login to it?
<azertyu> what you meean " correctly " ?
<patdk-lap> ssh?
<azertyu> no from nomachine x
<patdk-lap> and if it doesn't give you a display, then something is messed up
<patdk-lap> follow the instructions on how to set it up again
<dominicdinada> questions about pgsql ? in unbuntu server
<xperia> hello to all. anybody here with some knoweledge about networking problem debuging. i have a ubuntu server and all people say it is heavy slow. i need somehow to analys or better isolate where the problem is located. IS it My ISP with the Fixed IP that is maybe bad Routed, is it my Linksys WRT54GL Router or is it my Ubuntu Server itself.
<xperia> anybody here how can help me a little maybe ?
<thesheff17> xperia: wireshark will log everything that is going in/out of the server on the network.  top will show you current cpu/ram load on the server.  Sounds like your clients are connecting through wireless....if you hook a cable directly to the network is it faster?
<tdn> After installing Kubuntu 10.10 my NFS mounts does not work anymore. I just get "mount.nfs: Connection timed out" when trying to mount them. How do I fix this? I am asking here in hope there is someone who knows NFS as I get no reply in #kubuntu.
<xperia> thesheff17: thank you a lot for your answer:
<xperia> i just maked a ping to one of my domains where my server is running and got very high ping times of about nearly 1 Second.
<xperia> 64 bytes from zux182-249.adsl.green.ch (80.254.182.249): icmp_req=9 ttl=64 time=0.933 ms
<xperia> http://pastebin.com/bFS0VWMG
<xperia> Asking me what here the Problem could be
<thesheff17> xperia: high ping times usually means bad internet connections on one of the two sides.  Or bad routing.  You can use tracepath on linux to see where it is routing through.
<thesheff17> xperia: also maybe slow DNS lookup.  See if you get the same ping times just pinging the IP.
<xperia> ahh okay yes i have bind running ony my server. could be really the bind server the problem
<qman__> your local bind is unlikely to be causing that problem
<jmarsden> xperia: 0.933 ms is almost one millisecond, not almost one second :)
<uvirtbot> New bug: #710319 in apache2 (main) "CPU usage is incorrect on server-status page" [Undecided,New] https://launchpad.net/bugs/710319
<jmarsden> xperia: Those are fast pings not slow ones :)
<thesheff17> xperia: yea if your dns lookup is local then that prob isn't the problem.  Try to run speed tests on both sides of the connection.
<xperia> hmm okay 0.8 ms is sure fas i thinked it is more like 800ms but how does it looks on your side really outside of the lan ?
<xperia> can maybe someone ping my server and say the times with
<xperia> ping www.wificom.ch and ping 80.254.182.249
<xperia> thanks in advance for help
<jmarsden> thesheff17: No, I think he just misread the ping output
<RoyK> fox news ftw! http://gibboni.apcdn.com/full/38135.jpg
<jmarsden> xperia: That is not pingable from here -- do you have it firewalled off?
<xperia> jmarsden: hmmm will just look at it but normally at least the router should bepingable. maybe you can try port 80 ip adress 80.254.182.249
<xperia> to ping this for sure must works as it is open over the router to the server
<jmarsden> xperia: You can't "ping" a TCP port :)  Ping uses ICMP.
<patdk-lap> you can ping a tcp port, tcpping :)
<xperia> ohh tcping would be great at port 80 ip adress 80.254.182.249
<xperia> or domain www.wificom.ch port 80 for testing
<jmarsden> patdk-lap: Well... OK, but that's not really a ping according to W. Richard Stevens TCP/IP Illustrated :)
<patdk-lap> :)
<patdk-lap> ya, it's more of a single port, portscan
<jmarsden> xperia: httping http://www.wificom.ch gives me lines like:    connected to www.wificom.ch:80, seq=0 time=513.75 ms
<xperia> jmarsden: thank you really a lot. you are great. that is at least some numbers that i can work with it
<xperia> can you maybe make same for my isp site www.green.ch to see what he has for a number to see how does it looks on his side ?
<xperia> httping http://www.green.ch
<xperia> 513.75 ms is quite a lot that is half second
<thesheff17> 64 bytes from webz.agrinet.ch (81.221.254.34): icmp_req=1 ttl=244 time=136 ms
<jmarsden> xperia: httping http://www.green.ch is a little better: connected to www.green.ch:80, seq=2 time=372.49 ms
<jmarsden> xperia: Bear in mind this includes some response from the server, httping http://www.yahoo.com and see what you get.  Maybe 280ms or so.
<xperia> hmmmm 100 ms faster but still a lot
<xperia> and how does it looks for google from your side as reference
<xperia> httping http://www.google.ch
<thesheff17> For google I get 64 bytes from iad04s01-in-f99.1e100.net (72.14.204.99): icmp_req=1 ttl=55 time=35.8 ms
<xperia> the sheff17 are you from swiss itself like me. you have very low numbers one time 35.8ms and other time 136ms
<thesheff17> I'm in Chicago, IL USA
<jmarsden> I'm getting 70ms or so to Google, from Southern California, USA.
<thesheff17> google though may be able to do some crazy routing to the closet server.
<thesheff17> *nearest server.
<thesheff17> haha yea...if I use www.google.com or www.google.ch it both resolves to the same IP for me: 72.14.204.99
<xperia> thesheff17 yeah they have a lot if geoip stuff
<xperia> i just maked this here and got shocked
<xperia> httping www.google.ch
<xperia> PING www.google.ch:80 (www.google.ch):
<xperia> connected to www.google.ch:80, seq=0 time=588.58 ms
<xperia> that is 0.5 Second for Pinging Google while you have 0.03
<xperia> what is on my side wrong hmmm
<xperia> let ping google itself with normal ping
<thesheff17> try using the ip only and see if you have the same response time.
<xperia> ping www.google.ch
<xperia> PING www.l.google.com (209.85.143.99) 56(84) bytes of data.
<xperia> 64 bytes from dy-in-f99.1e100.net (209.85.143.99): icmp_req=1 ttl=55 time=51.8 ms
<xperia> so with normal ping is much better only 51ms
<xperia> while with httping it need 500ms or better 10 times more hmmmm
<xperia> thesheff17: pinging the ip itself gives same result as pinging the domain
<xperia> ping 209.85.143.99
<xperia> PING 209.85.143.99 (209.85.143.99) 56(84) bytes of data.
<xperia> 64 bytes from 209.85.143.99: icmp_req=1 ttl=55 time=51.5 ms
<xperia> hmmm need to find out why on your side and on my side httping is such high
<thesheff17> mine is around double/triple when using httping gives me 117.76ms and ping gives me 36.5 ms
<thesheff17> httping went down to around ~80.00 ms after a couple pings
<xperia> yeah have same effect here. if i repeat the command several times it get very low. looks like some caching
<xperia> some network analysis tool would be great which can give information if router is porblem, server is problem or ISP Connection or IP Problem
<jmarsden> xperia: Have you tried mtr?
<xperia> jmarsden: unfortunately no. i am total new to this kind of problems but i will just look at it. thanks a lot for the tip !
<jmarsden> Ok, I need to go, but it might help, it is an enhanced traceroute that shows time and packet loss per hop.
<xperia> okay thank you still for your help. saved the numbers for sure that you give me !
<xperia> i think best is that i replace the server with a new one and remove the router and instead put the router software direct on the new Server
<xperia> but i will need additional Ethernet Plugs where i can put then the switches for the other Computers
<xperia> one last question. does anybody know some server dignossis script/tool that meassure diskacess performance, memory performance and such things and give some information about the server performance itself ?
<jmarsden> sysbench, lmbench, iozone3, bonnie++ ... there are plenty of benchmarking tools around.  Try   apt-cache search benchmark
<xperia> okay thanks jmarsden. allways a pleasure to read your very helpfull posts
<jmarsden> xperia: You're welcome.
<binaryhat> thesheff17, how can my server's ip address which is .107 even be able to connect to my router when iv only allocated ip addresses from .101 to .106?
<binaryhat> it does connect
<binaryhat> but i dont understand y
<patdk-lap> heh?
<qman__> if by "allocated" do you mean set the DHCP pool?
<qman__> in any case, you're probably using a class C subnet, which means any address from .1 to .255 will work
<binaryhat> qman__, im using a bridged connection
<qman__> that really has no bearing on subnetting
<binaryhat> hmm
<qman__> bridging just means connecting the lines at layer 2 instead of routing
<qman__> there's still a router somewhere further down the line
<qman__> or nearer
<ginet> i was suprised how fast ubuntu server startup after cold boot
<qman__> hmm
<qman__> on my file server, I've noticed the 'mkdir' command taking a very long time
<qman__> creating, moving, and copying file is no problem, just mkdir
<binaryhat> but what i cant figure out is how my guest VM can see 1 network PC even tho the .xml file for the machine has interface type='network'
<binaryhat> not  <interface type='bridge'>    <source bridge='br0'/>
<binaryhat> finally
<thesheff17> binaryhat: just got home...did it work?
<thesheff17> binaryhat: usually most networks are subnet mask 255.255.255.0 which means anything from 192.168.1.1 to 192.168.1.253 should be able be on the same network.
<thesheff17> binaryhat: and able to talk to each other.
<thesheff17> binaryhat: your DHCP range is usually a subset of that so usually 192.168.1.100-192.168.1.150 is setup for DHCP.
<quizme> is there any good reason to upgrade from 10.04 to 10.10 ?
#ubuntu-server 2012-01-23
<Psi-Jack> Hmmm
<Psi-Jack> Well, blasted.
<Psi-Jack> I have my 6to4 working from each of my firewalls directly facing the internet, which does my IPv4 NAT, SNAT & DNAT too, for my LAN.
<Psi-Jack> But, I can't seem to get the systems behind it to use that IPv6 IP address as a gateway.
<Psi-Jack> And I don't want to use radvd or something.
<DanaG> hmm, whenever I open a shell on my ubuntu server, I get stuff like this:
<DanaG>                                                                                                                      r
<DanaG> esize: unknown character, exiting.
<DanaG> ^[[47;157Rdana@microserver:~$ ;157R
<uvirtbot> DanaG: Error: Missing "]".  You may want to quote your arguments with double quotes in order to prevent extra brackets from being evaluated as nested commands.
<DanaG> saywhat?
<DanaG> And it eats whatever letters I was pressing.
<lifeless> DanaG: over ssh or locally ?
<chelz> DanaG: yeah there's something wrong in your ~/.bashrc or ~/.bash_profile or ~/.profile
<chelz> DanaG: you figure out the line that's to blame and you fix the problem
<Caribou> morning, anyone familiar with debian-installer ?
<Caribou> first question is : Is Ubuntu's implementation of d-i modified wrt the original debian's d-i ?
<koolhead11> No
<koolhead11> it be same i suppose
<Caribou> koolhead11: thanks, this is what I thought
<Caribou> I'm trying to use the "auto url=" boot parameter from a CD install & I'm getting nowhere
<Caribou> doesn't seem to take the param into consideration
<txomon|home> Caribou, I think that is because the first steps, must be in the launch arguments too, till the network configuration
<Caribou> txomon|home: that's what I thought too, but the doc says that if 'auto' is used, it postpone the first steps 'til after network is up
<Caribou> txomon|home: but I might be onto something
<txomon|home> I saw some examples, and they solved it till the network stuff
<Caribou> txomon|home: yeah, you can pass the first steps as boot params, I'll look into that after lunch.
 * Caribou is off to food now
<Trx_> hi
<Trx_> does anyone know which programm writes /var/log/wtmp
<ikonia> normally "login"
<urthmover> holy c**p  tmux is the KING!!!!
<zul> morning
<pmatulis> urthmover: in general or in comparison with screen?
<urthmover> compared to screen I'm really liking it ...maybe its just that it's different  time will tell....I do like the multiple panes and vertical resizable nature of it though....its like having a tiling wm without devoting my desktop to a tiling manager like xmonad
<urthmover> guess it's time set mutt back up
 * zul is on a merge rampage
<smoser> Daviey, bug 920474 is *one* reason it didn't work
<uvirtbot> Launchpad bug 920474 in python-novaclient "nova client does not work on ubuntu" [Undecided,New] https://launchpad.net/bugs/920474
<Daviey> "oh well]"
<zul> grrr
<uvirtbot> New bug: #920474 in python-novaclient (main) "nova client does not work on ubuntu" [Undecided,New] https://launchpad.net/bugs/920474
<ppetraki> qlogic sold it's infiniband business unit to intel today
<rbasak> jamespage, do you happen to have access to your panda? I'm after the boot arguments you're using - there's a regression in precise, and I want to see if the boot args the installer is using have changed.
<jamespage> rbasak, I do
<jamespage> funny you should say that - I had some issues on thurs/friday getting armhf to install
<jamespage> rbasak, I assume you want the args from cobbler?
<rbasak> jamespage: no, I want boot.scr from your sd card
<rbasak> (just the text part)
<jamespage> rbasak, right-oh
<hallyn> stgraber: do you know offhand, does 'update-binfmts' use /sys/module/binfmt_misc ?
<jamespage> rbasak; http://paste.ubuntu.com/814372/
<jamespage> rbasak, ah - now I see what you mean
<rbasak> jamespage: binary pastebin fail :(
<jamespage> take 2
<jamespage> rbasak, setenv bootargs root=UUID=0e01e07e-0e1e-42f9-b06c-f7167356c195 ro quiet splash
<endzYme> hi all, any orchestra people out there? I have a quick question on whether you can implement orchestra on an existing open stack environment?
<rbasak> jamespage: and your fatload and bootm lines please, just to check?
<jamespage> rbasak, ack
<jamespage> rbasak, http://paste.ubuntu.com/814376/
<stgraber> hallyn: I don't think it actually does anything in /sys/module/binfmt_misc but it definitely accesses /proc/sys/fs/binfmt_misc
<rbasak> thanks jamespage
<rbasak> looks like a kernel regression though I'm not sure
<stgraber> hallyn: are you planning on blocking /sys/module/?
<hallyn> stgraber: ok, so you think bug 917660 should be addressed using apparmor, or is there a better approach?
<uvirtbot> Launchpad bug 917660 in lxc "Installing qemu-user-static in an i386 lxc container applies the binfmt changes to the host, breaking execution in that host" [Medium,Confirmed] https://launchpad.net/bugs/917660
<hallyn> stgraber: we should, yeah
<stgraber> hallyn: right, for this one, just blocking the binfmt_misc filesystem should be enough (once we can do that)
<hallyn> stgraber: well, we can do it now, we just can't enforce moutn moves :)  it's a start
<hallyn> stgraber: but,
<hallyn> this of course applies more generally to chroots
<hallyn> do we care?
<jamespage> rbasak, I'm running 3.2.0-1403
<hallyn> I'm not clear on whether it's possible for binfmt_misc to detect this itself
<rbasak> jamespage: I've filed bug 920511 and there's a workaround in there if you need it - thanks
<uvirtbot> Launchpad bug 920511 in linux-ti-omap4 "Regression: netinst on panda armhf fails" [Undecided,New] https://launchpad.net/bugs/920511
<jamespage> rbasak, nice
<pmatulis> on a kvm host i noticed that whenever there is a dialog on a guest (waiting for user input; ex: install screen or update manager pop-up) the load goes way up.  normal?
<ikonia> guess it maybe locking a cpu waiting for a response ?
<smoser> zul, ping
<smoser> where did you get python-novaclient from ?
<zul> smoser: nova.openstack.org/tarballs
<smoser> where does *that* come from?
<zul> smoser: its a jenkins job that generates the tarballs from git
<smoser> is there some upstream other than https://github.com/rackspace/python-novaclient
<zul> smoser: there should be https://github.com/openstack/python-novaclient
<smoser> ah.
<zul> it was updated like 5 days ago though
<adam_g> zul: ive added jenkins jobs in for python-novaclient and keystoneclient, FYI
<zul> smoser: : i was going to update it this afternoon anyways
<zul> adam_g: k cool
<adam_g> zul: and i think the packages uploaded last week are all in decent shape, altho i think glance upgrades will be busted due to config changes
<zul> adam_g: yeah ok
<utlemming_afk> Daviey, smoser: you guys around?
<Daviey> utlemming: always
<zul> quite literally
<utlemming> Daviey: I'm looking at the locale question for the cloud-images. Right now, as you so assutely mentioned, is that we only install en_US.UTF-8. Installing the other en locales makes sense, but do we want to install the other langugage locales too (i.e Spanish, Poortugueses, etc?)
<Daviey> utlemming: It's suggest just engrish :)
<utlemming> engrish? that's what I thought, but thought it prudent to get input first
<Daviey> Is it possible to force fallback to C ?
<smoser> utlemming, here.
<smoser> zul, its busted upstream also.
<zul> smoser: but you used it from git in that bug report didnt you?
<smoser> i used it from old git
<smoser> https://github.com/rackspace/python-novaclient
<zul> ah ok
<zul> geez that one has been updated nov 30
<derjoerg> Hi everybody
<derjoerg> does anybody here has experience with qvm qemu and virtfs support?
<koolhead17> tough to say, shoot your question :)
<derjoerg> I have oneiric server as host and client running
<derjoerg> if I have accessmode "passthrough" defined I can see and DELETE all files on the share
<derjoerg> but I'm not able to change or create new files/folders
<derjoerg> if I change accessmode to "square" I can create
<derjoerg> but
<derjoerg> then all the files/dirs have as user libvirt-qemu:kvm from the server
<derjoerg> and I'm not able to change this on the client
<derjoerg> :(
<derjoerg> I'm totally stuck
<derjoerg> How can I create files and folders with the respective client user rights?
<borudev> Hello, how is everyone? I had a quick question troubleshooting my ubuntu 11.10 server installation. I installed the same OS on 2 different servers and I'm experiencing the same problem. What happens is I turn on the server, it's ok for few hours, and then when I try to SSH to it, it get a time out, when I plug in the keyboard, and type something then I can connect to it again. Seems that
<borudev> it's going to some kind of sleep mode. Note, no desktop was installed just pure server OS. Anyone had this issue before? what could cause it? Thanks
<SpamapS> borudev: do you possibly have something like powernap installed?
<SpamapS> borudev: perhaps look in /var/log/syslog after it wakes up
<borudev> I didn't install anything other than server os
<borudev> maybe some kind of power management came with the os?
<SpamapS> borudev: shouldn't.
<borudev> I dont have direct access to the server right now, all i can do is reboot it remotely
<SpamapS> borudev: look through /var/log/syslog .. will probably have something around the time the server becomes unresponsive
<Psi-Jack> Hmm.. Anyone know a way to get a pptp connection to always try to reconnect on connection drop?
<Psi-Jack> Right now, when they change anything on their end, which is a lousy Windows server, it drops us from the VPN which causes some of our stuff not to work /for/ them, etc etc etc..
<Psi-Jack> It'd be cool if it were able to tie into upstart to keep it persistant, but the persistant isn't working as-is.
<SpamapS> Psi-Jack: I use an upstart job to run 'keep-one-running' to keep a few tunnels alive
<SpamapS> sounds redundant, but keep-one-running is more heavy handed and will continue to try forever, whereas upstart will give up
<SpamapS> Psi-Jack: but I don't do pptp .. these are just ssh
<Psi-Jack> SpamapS: Oh? Do you have any docs on how you set that up, or even a sample upstart.conf file?
<Psi-Jack> Cause I can setup pptp to not daemonize itself or whatever it takes.
<Psi-Jack> I just want to be able to keep this up no matter what. LOL
<Psi-Jack> Hmm, the way it seems to call it is to pppd call <name>
<Psi-Jack> from pon <name>
<Psi-Jack> Think I got it.
<Psi-Jack> Was as simple as copying the rsyslog.conf and changing the "script" section to just usr /usr/sbin/pppd call <name>
<Psi-Jack> use*
<Psi-Jack> But when I kill the pppd process, it doesn't respawn..
<SpamapS> Psi-Jack: add 'respawn'
<utlemming> Daviey: do you have a bug for the cloud-image language thing? or do I need to file one?
<hallyn> SpamapS: if it hasn't already been accepted, can you reject 0.7.5-5ubuntu27.22 from lucid-proposed queue?
<derjoerg> so nobody any tips regarding my virtfs problems?
<eagles0513875> any one manage to get virt-manager to pxe boot off of a kickstart script created in cobbler
<hallyn> derjoerg: i haven't used it myself
<derjoerg> :( ok
<hallyn> i don't know if it's a bug in our packaging, or a bug upstream, or a feature.  you could check on oftc#virt
<derjoerg> hallyn: thanks for the tip, but I'm pretty new here. What does oftc means?
<hallyn> irc.oftc.net, another irc server
<derjoerg> ok, will do. Thanks
<SpamapS> hallyn: rejected
<hallyn> SpamapS: thanks!  and so now i can re-upload with that same version?
<eagles0513875> hallyn: any ideas as to my issue or head to oftc as well
<hallyn> eagles0513875: sorry i have no idea what you're talking about.  will read up in a bit
<eagles0513875> hallyn: basically im trying to pxe boot a guest which i created in virt-manager using kick start script which i setup in cobbler
<SpamapS> hallyn: yes.. to be clear, you could have uploaded w/ the same version already.. though doing it this way is less confusing. :)
<hallyn> SpamapS: i see, thx
<hallyn> eagles0513875: reading up isn't helping me.  Have you posted more info elsewhere?  what is going wrong?
<eagles0513875> basically doenst give me time to hit f12 to boot into the pxe boot menu
<eagles0513875> just says it cannot boot from the partition on the remote machine and shuts down in 30 sec
<hallyn> do you have ipxe isntalled?  what release are you on?
<tcheck8> hi everyone. would anyone mind helping me setup an ssl cert for my server? i'm following the directions at https://help.ubuntu.com/community/OpenSSL but run into issues as soon as i try to create the appropriate directories
<eagles0513875> hallyn: do i need ipxe installed on the remote server ?
<eagles0513875> and im on 11.10
<hallyn> eagles0513875: no, ipxe installed wherever you are running kvm
<eagles0513875> running xen
<hallyn> eagles0513875: (what services is on the 'remote server'?)
<hallyn> oh
<hallyn> zul
<eagles0513875> the default ubuntu-orchestra server stuff
<eagles0513875> hallyn: ?
<zul> hallyn: ?
<hallyn> zul: ^ how do users do pxe with libvirt and xen?
<hallyn> (sorry, kbd misfire?)
<zul> hallyn: no idea
<hallyn> eagles0513875: sounds like you should file a bug :)
<eagles0513875> hallyn: should ipxe be installed regardless of me being on xen or otherwise?
<hallyn> eagles0513875: you could try that, but I have no idea whether xen would be able to use that or not.
<eagles0513875> ill let you know how it goes hallyn
<hallyn> eagles0513875: thanks
<eagles0513875> that didnt work hallyn :(
<tdn> I have just installed Ubuntu Server. How do I get sound to work? If I install Lubuntu Desktop on the same hardware, sound works out of the box. However, with Ubuntu Server it does not.
<tdn> Hardware is IBM Thinkpad T42.
<tcheck8> hey everyone. i just setup a virtual host file on my sever that redirects port 80 to port 7080 (im running a package off port 7080). i'm trying to redirect port 443 in a similar fashion (except it would be over ssl), but when i try to do this, the page does not redirect properly. ideas?
<sconklin> is there an easy way to shut down all the parts of an orchestra server, including dhcp server etc? I want to leave it configured but take it offline.
<tcheck8> anyone?
<pmatulis> re preseed, why would someone use 'partman-auto/text/atomic_scheme' instead of 'partman-auto/expert_recipe' ?
<eagles0513875> tcheck8: are you using ufw or iptables?
<tcheck8> i dont think i'm using either. i created a virtual host file for the site in sites available in /etc/apache2/ so that port 80 will redirect to 7080. that worked fine. its when i added the code to forward 80 to 443 that everything got messed up
<tcheck8> https://students.gotdns.com should redirect to students.gotdns.com:7080 (over ssl), but it's not doing that if you look
<tcheck8> it looks like i managed to get it to work, i had to modify default-ssl in sites-available. it seems strange because i didnt have to modify default when i added the virtual host file for my website on port 80
<Daviey> utlemming: sorry, missed your question.. I did not raise a bug
<utlemming> Daviey: np -- in talking with smoer, it looks like we need to ask foundations
<utlemming> Daviey: the problem the only locale that is installed by default is en_US.utf8. The other ones have to be generated or you have to use cloud-config to set it manually.
<utlemming> I have an idea of how to fix that such that any SSH user could get whatever locale they want, but it would require chnages to /etc/profile.d
<utlemming> I'll copy you on my email to foundations
<SpamapS> IIRC there are language packs that you can just apt-get install
<utlemming> SpamapS: yes, but it bloats the size of the images and the SSH LANG does not override /etc/default/locale
<SpamapS> utlemming: not arguing they'd be good on the default image.. but rather, that generating them is not necessary
<Daviey> utlemming: sounds rocking
<uvirtbot> New bug: #920636 in openssh (main) "Clearing up language in man page of ssh-keygen" [Undecided,New] https://launchpad.net/bugs/920636
<borudev> Hello, how is everyone? I had a quick question troubleshooting my ubuntu 11.10 server installation. I installed the same OS on 2 different servers and I'm experiencing the same problem. What happens is I turn on the server, it's ok for few hours, and then when I try to SSH to it, it get a time out, when I plug in the keyboard, and type something then I can connect to it again. Seems that
<borudev> it's going to some kind of sleep mode. Note, no desktop was installed just pure server OS. Anyone had this issue before? what could cause it? Thanks
<guntbert> !crosspost | borudev
<ubottu> borudev: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.
<borudev> what does "setterm -blank 0" mean ?
<borudev> someone posted as a suggestion
<guntbert> borudev: I don't see that in man setterm - I'd guess he intended to inhibit the screen going blank...
<borudev> i see
<guntbert> borudev: for research - ssh into it immediately after the start and keep the session open, you might even have tailf /var/log/syslog running there
<borudev> im keeping an eye on it now
<guntbert> borudev: do the logs tell you anything?
<tcheck8> when i login to my server via ssh i see different files and different permissions as opposed to if i just logged into the computer physically
<tcheck8> why is this?
<guntbert> tcheck8: as what user do you perform both tasks?
<tcheck8> the same exact user.
<tcheck8> (not root, i use sudo when necessary)
<tcheck8> actually, im discovering that even when i login to the physical server sometimes im not able to access certain directories
<JanC> you sure you are logging into the same machine?  ;)
<tcheck8> but if i logout and log back in it will allow me to access them
<tcheck8> yes! i know, it sounds totally bizaree.
<tcheck8> bizarre*
<guntbert> tcheck8: what are those unaccessible directories?
<tcheck8> located in /home/[user]
<tcheck8> i cant access /home/[user]/myCA
<guntbert> tcheck8: please use the nick of a person you are talking to, see !tab
<tcheck8> guntbert: sorry about that
<guntbert> tcheck8: is it really necessary to obfuscate your user name? please paste the output of ls -ld /home/[user]/myCA
<tcheck8> guntbert: no its not. i just wasn't sure what was "okay" to post; i am new to this. one moment please
<tcheck8> dr-x------ 2 tcheck8 tcheck8 4096 2012-01-23 12:34 .
<tcheck8> guntbert: dr-x------ 2 tcheck8 tcheck8 4096 2012-01-23 12:34 .
<guntbert> tcheck8: looks sensible, please paste the output of    id
<tcheck8> guntbert: uid=1000(tcheck8) gid=1000(tcheck8) groups=1000(tcheck8),4(adm),20(dialout),24(cdrom),46(plugdev),110(lpadmin),111(sambashare),112(admin)
<guntbert> tcheck8: looks quite ok, please have a look at the output of those two commands when you cannot access that directoy the next time
<tcheck8> guntbert: i cannot access the directory currently (via SSH)
<guntbert> tcheck8: what is the error message?
<tcheck8> tcheck8@SFEServer:~$ cd myCA
<tcheck8> -bash: cd: myCA: No such file or directory
<tcheck8> guntbert: when i am positive that that directory does, in fact, exist
<JanC> is that a directory or a link?
<guntbert> JanC: good catch:)
<JanC> well, it says its a directory apparently
<JanC> unless the "ls" before was done differently
<tcheck8> JanC: myCA is a directory (if that is what you are asking), within my /home/user/tcheck8/
<JanC> tcheck8: you mean /home/tcheck8 I suppose
<tcheck8> janc: yes, i'm sorry.
<JanC> and you are sure you are in that directory at the moment you execute the "cd"?
<tcheck8> yes, i am positive.
<guntbert> tcheck8: what does    pwd   say?
<tcheck8> guntbert: /home/tcheck8
<guntbert> tcheck8: strange, try    stat mxCA      and use <tab> to autocomplete the name
<JanC> guntbert: myCA  ;)
<adam_g> zul: also, it seems in a previous version of that horizon package, local_settings.py was being installed alongside the example. now only the example gets installed
<guntbert> JanC: right!
<tcheck8> guntbert: stat: cannot stat `myCA': No such file or directory
<zul> adam_g; k can you open up a bug
<guntbert> tcheck8: I suggest running a fsck on the partition
<adam_g> zul: i can, i was trying to find out if that changed in the upstream tree or our packaging
<tcheck8> guntbert: how should i go about doing that?
<guntbert> tcheck8: The command "sudo touch /forcefsck && sudo shutdown -r now" will force a reboot and a filesystem check
<tcheck8> guntbert: doing that now...
<tcheck8> guntbert: this is a brand new installation of ubuntu, i dont know what i could have possibly done wrong
<guntbert> tcheck8: we don't know either :)  we are working by excluding possible culprits
<tcheck8> guntbert: haha, alright. well, i have restarted the system and the filesystem was checked. should i try to ssh back in?
<guntbert> tcheck8: of course :)
<tcheck8> guntbert: i've logged in and ran   ls   and receive: Access-Your-Private-Data.desktop  README.txt
<tcheck8> which is not accurate. there should be far more files.
<guntbert> tcheck8: aah, you created an encrypted home directory
<tcheck8> guntbert: stupid me! i couldnt recall weather or not i had done this, but it only seemed advantageous to do so. is it necessary, and is it possible to unencrypt it?
<guntbert> !encrypt | tcheck8
<ubottu> tcheck8: For information on setting up encrypted private directories (8.10+) see https://help.ubuntu.com/community/EncryptedPrivateDirectory
<tcheck8> guntbert: at this point, i think i'd like to simply "unencrypt" my directory. is this even possible?
<guntbert> tcheck8: please read https://help.ubuntu.com/community/EncryptedHome
<tcheck8> guntbert: i was reading over that now.
<guntbert> tcheck8: that was different from the first link though :)
<tcheck8> guntbert: i managed to stumble upon the link you provided via google, but this page doesnt mention anything about going from encrypted to unencrypted :(
<tcheck8> guntbert: also, i've gone ahead and logged into the physical server and THEN tried to ssh, but i'm still not seeing the files i should be via SSH. do i need to be doing another step? when i first setup ssh, i did move the authorized_keys file out of the encrypted directory so that i could use public keys to login.
<guntbert> tcheck8: no, that way is a little cumbersome - you open the encrypted home, save everything to another location, and then....
<guntbert> tcheck8: to be honest its getting late here, I remember a detailed howto but I cannot find it right now
<tcheck8> that's fine, you've already provided me with some invaluable help. i'll continue to search more later.
<tcheck8> guntbert: because, as a matter of fact, i must be going as well
<JanC> you can also mount the ecryptfs filesystem...
<guntbert> tcheck8: have a look at https://help.ubuntu.com/community/EncryptedPrivateDirectory  too, there are instruction on removing....
<JanC> tcheck8: you might want to check out the 2 files you see now
<guntbert> tcheck8: in any case: Good luck :-)
<tcheck8> guntbert: thank you!
<JanC> tcheck8: and you can add something to your bash startup scripts so that it mounts it when logged in over ssh
<tcheck8> janC: thank you!
<JanC> (you will have to enter your password for that though)
<tcheck8> JanC: i dont have near enough technical knowhow to do what you describe, haha. i'm trying to run this server for a nonprofit
<tcheck8> JanC: https://help.ubuntu.com/community/EncryptedPrivateDirectory#How_to_Remove_an_Encrypted_Private_Directory_Setup
<tcheck8> JanC: what do they mean when they reference the ~/Private directory?
<JanC> tcheck8: after ssh'ing into the server, try running 'ecryptfs-mount-private' and enter your password when asked, then do 'ls' again
<tcheck8> JanC: oh my god. as you sent that recommendation i found it elsewhere and tried it....this is all i have been missing this entire time!!!!! such a simple and SMALL oversight!
<JanC> oh, and after running it, je first need to 'cd /home/tcheck8' before the ls maybe
<tcheck8> JanC: yes, i needed to do that.
<tcheck8> but now everything works as nomral
<tcheck8> JanC: thank you so much for your help.
<tcheck8> JanC: how familiar are you with ssl certificates?
<JanC> I have created and used them...
<JanC> tcheck8: but I really need to leave you for today  âº
<tcheck8> JanC: fair enough :). thank you for your help!
<tcheck8> i should be going, too.
<Takyoji> Sooo, anyone else use nsd on Ubuntu?
<Takyoji> Because I've installed it, and there's apparently no nsd.conf file, and I tried creating one (at /etc/nsd/nsd.conf), and restarted nsd and so on, and it doesn't seem to have taken effect. Is the real config in some hidden location or something?
<ahs3> Takyoji: have you compiled the nsd.conf?  NSD doesn't work like BIND in that respect
<Takyoji> I have not compiled nsd.conf
<Takyoji> Unless if you mean 'nsdc rebuild'
<ahs3> right.  that's the step that's required
<Takyoji> Because I've done that, I've restarted, I've done everything. No changes.
<Takyoji> Actually I guess nsd doesn't even have a config file anymore
<Takyoji> Or the inverse
<hallyn> someone's been messing with lxc-clone upstream
#ubuntu-server 2012-01-24
<mtaylor> SpamapS: just noticed enabling of federated engine in the 5.5 experimental tree ... has Oracle updated/fixed that engine? cause it's pretty broken/unmaintained
<SpamapS> mtaylor: Probably not. :-P
<mtaylor> SpamapS: k. just wanted to bring it up
<SpamapS> mtaylor: any chance maria has federatedX in its place?
<SpamapS> mtaylor: Been speaking with the Maria people about the possibility of wholesale switching off the dev.mysql.com versions to mariadb
<mtaylor> SpamapS: yes. maria has federatedX
<uvirtbot> New bug: #920749 in openssh (main) "pam configuration for SSH prevents LANG override" [Undecided,New] https://launchpad.net/bugs/920749
<endzYme> anyone have any experience with openstack and sensu?
<uvirtbot> New bug: #920844 in nut (main) "nut-client is missing /etc/init.d/ups-monitor for MODE=netclient (is in nut-server)" [Undecided,New] https://launchpad.net/bugs/920844
<Psi-Jack> Okay.
<Psi-Jack> Now I am annoyed.
<Psi-Jack> Ubuntu 11.10 is not auto-booting anymore. LOL
<Psi-Jack> Countdown timer isn't even running at initial bootup on so far 2 VM's of mine.
<RoyK> now that's a good wtf
<Psi-Jack> Yeah..
 * RoyK sticks to LTS for servers, though
<RoyK> not that *that* stops bugs from happening
<Psi-Jack> I do usually too, but I wanted something newer for my Firewalls and Directors.
<RoyK> bacula?
<Psi-Jack> No...?
<Psi-Jack> Firewalls and LVS Directors. :p
 * RoyK thought bacula director, and has no idea what an LVS director might be
<Psi-Jack> ipvsadm stuff for load balancing network connections to multiple endpoints.
<RoyK> k
<RoyK> is that really a good idea to run on a vm?
<Psi-Jack> ldirectord in Ubuntu 10.04 has the same bugs as in Debian 6.0.3 still, which is a perl error.
<Psi-Jack> Yep. kvm at least. Xen, no.
<Psi-Jack> xen's vNIC sucks.
<RoyK> k
<Psi-Jack> Trying to rebuild my two NAS servers to use Ubuntu instead of openSUSE, too many darned problems.
<RoyK> Psi-Jack: might feel good in the end, though
 * RoyK does NOT like SuSE, open or not
<Psi-Jack> I liked SUSE.
<Psi-Jack> I still like it for desktop platforms, but..
<RoyK> is suse dead?
<Psi-Jack> For server platform's, when I have to vgchange -a y every bootup to re-activate my VG's for my nasvol storage, then mount the volumes, then restart nfsserver just to get the exports to work properly /every/ boot up, there's a problem.
<Psi-Jack> Nope.
<Psi-Jack> 12.1 was released just November last year.
<Psi-Jack> And, switching firewalls. Sec.
<Psi-Jack> Cool. Done. ;)
<Psi-Jack> Transferring qcow2 disk images, one at a time to the nas2 server, so I can rebuild nas1. heh
<Psi-Jack> And now primary firewall back up.
<Psi-Jack> RoyK: hence, why I put my firewalls which are my front-end facing VM's which routes my internet, into VM's. ;)
<Psi-Jack> Live migration, connection tracking to allow failover to secondary and back to primary. ;)
<_ruben> Psi-Jack: what do you use for failover? pacemaker? keepalived?
<Psi-Jack> pacemaker with conntrackd.
<_ruben> nice, that's on my waaaay-too-long todo list as well :/
<Psi-Jack> keepalived sucks, IMHO.
<Psi-Jack> Uses the VRRP-like approach which is insufficient.
<_ruben> if you need a primitive solution, it'll do just fine i think (never used it myself)
<_ruben> depending on the scenario, vrrp can be good enough :)
<Psi-Jack> No, really. It sucks. A lot.
<Psi-Jack> heh
<Psi-Jack> Especially when combined with a firewall.
<_ruben> yeah, but for plain routers for instance with no (stateful) firewalling for instance, it *should* suffice, but yet again: never used it, so can't really comment on its actual crappyness ;)
<Psi-Jack> Yeah, you said it, stateful firewall.
<Psi-Jack> And to use a non-stateful firewall, you actually have to make it LESS secure than if you used a stateful firewall. ;)
<Psi-Jack> Not worth it. ;)
<_ruben> the xml/crm stuff of pacemaker has kept me at bay so far .. hence i still use heartbeat v2 in legacy mode on my directors :p
<_ruben> not every router needs to be a firewall per-se :)
<Psi-Jack> I have firewalls running at my front-end, pacemaker handles non-symmetric clustering with per-node attributes scoring where the active router should be, and the firewall rules are auto-replicated to the failover and reloaded everytime. ;)
<_ruben> nifty setup :)
<Psi-Jack> I can flip flop my active router back and fourth for hours non-stop every second, and never drop a packet or get disconnected.
<Psi-Jack> While playing high speed games. ;)
<_ruben> nice
<Psi-Jack> My roomate was playing League of Legends, and he never missed a beat.
<Psi-Jack> heeh
<Psi-Jack> keepalived couldn't do that.
<_ruben> then again, i don't plan on flip-flopping my routers/firewalls every second for hours :)
<_ruben> i prefer *some* stability ;)
<Psi-Jack> That was me TESTING the stability of it. ;)
<Psi-Jack> It was scripted for that purpose. ;)
<_ruben> you didn't happen to do a nice write-up on that setup, did ya? :)
<Psi-Jack> I will be on my site soon enough, yes.
<_ruben> url?
<Psi-Jack> http://www.psi-jack.info/   Should be presently up, on one webserver at the moment. ;)
<_ruben> ipv4 only .. tsssk ;)
<Psi-Jack> Actually.
<Psi-Jack> I've already got IPv6 partially up.
<Psi-Jack> Tunnel brokered, but the ISP's working on that.
<Psi-Jack> I'm in their call-list for when they have it ready. ;)
<_ruben> for ipv6 i run a mix of native + bgp tunnels + static tunnels + vpns on top of all that .. tho that's $work, not $home ;)
<Psi-Jack> I'd like a BGP ASIN and all that, but that's... Out of my financial reach presently.
<_ruben> heh
<_ruben> ugh .. now why don't my dns servers use a db backend :( .. 420 dns changes to do today .. gotta love renumbering :(
<greppy> _ruben: can you do it with sed or perl? :)
<_ruben> greppy: sure hope so ;)
<_ruben> else i'll be a *very* sad panda :)
<cwillu_at_work> time to make changes by hand 4 hours
<cwillu_at_work> time to make changes by script: 4 1/4 hours
<cwillu_at_work> (running time of script: 0.2seconds)
<_ruben> cwillu_at_work: that turns out to be true too often indeed ;)
<cwillu_at_work> _ruben, automation only ever makes sense when you're gonna be doing the same thing more than once
<cwillu_at_work> the reason we automate so readily is that you always end up doing the same thing more than once anyway :p
<_ruben> depends on the complexity of the automation
<cwillu_at_work> http://c2.com/cgi/wiki?ThreeStrikesAndYouAutomate
<koolhead12> hi all
<_ruben> :)
<greppy> there are a couple of perl modules that will do things to bind config files... if that helps :)
<spurkis> any css masters here? i know its not the right channel
<Psi-Jack> spurkis: You're right. Try #css
<spurkis> cheers
<Psi-Jack> Well.. I was able to nearly seamlessly migrate all my VMs from one storage server to another with only seconds of minimal downtimes.
<smb> jamespage, Is that another known cobbler bug or just another case of me being too dumb...?
<smb> Exception occured: <type 'exceptions.AttributeError'>
<smb> Exception value: 'NoneType' object has no attribute 'os_version'
<smb> (oneiric install)
<smb> (trying to import a hardy alternate iso
<uvirtbot> New bug: #920925 in samba (main) "smbclient put from standard input regularly fail with NT_STATUS_IO_TIMEOUT" [Undecided,New] https://launchpad.net/bugs/920925
<jamespage> smb: hmm - might be a bug
<jamespage> any more stack trace to go on?
<smb> jamespage, I think it was caused by something I put into one of the fields when trying to create an image from the web ui. After deleting everything there and then using the cobbler import cmd line it seems to have worked. Just the used seed file looks not really usable...
<uvirtbot> New bug: #920956 in multipath-tools (main) "Kpartx interferes with automount behaviour" [Undecided,New] https://launchpad.net/bugs/920956
<uvirtbot> New bug: #920968 in samba (main) "FTBFS on Lucid: configure: WARNING: unrecognized options: --without-smbmount" [Undecided,New] https://launchpad.net/bugs/920968
<tdn> How do I make my computer automatically mount an NFS share IFF it is available? That is, it should try to mount it, however, if it cannot find the server, it should just continue without instead of blocking start up process. What to put in fstab in order to do this?
<ikonia> tdn: look at using an auto mount map
<ikonia> tdn: that's the best way I can think of doing this
<tdn> ikonia, auto mount map? Can you elaborate?
<ikonia> tdn: there is a technque called auto mounting, where you map mount points to devices, and when they are used, they try to auto mount
<ikonia> tdn: this will allow your machine to boot without stalling if the NFS devices is not there,
<tdn> ikonia, ok, so where do I find more info on how to use this facility?
<ikonia> googling something like NFS automount ?
<ikonia> or "ubuntu automounter"
<koolhead11> hi all
<Daviey> roaksoax: around?
<roaksoax> Daviey: here
<roaksoax> Daviey: what's up?
<Daviey> roaksoax: hey!  Did you upload ipxe?
<roaksoax> Daviey: I asked lynxman to fix the branch as they were other uploads and his branch broke things
<Daviey> (the new upstream version review)
<roaksoax> lynxman: ^^ hope you didn't miss the email :)
<Daviey> roaksoax: ah, is it still blocked on lynxman ?
<Daviey> lynxman: How is it looking?
<Daviey> roaksoax: thanks.
<roaksoax> Daviey: https://code.launchpad.net/~lynxman/ubuntu/precise/ipxe/newsnapshot/+merge/88329
<Daviey> roaksoax: ta!
<hggdh> Daviey: good afternoon, and please note bug 920202 ;-)
<uvirtbot> Launchpad bug 920202 in bind9 "bind9 fails to install on precise" [High,Triaged] https://launchpad.net/bugs/920202
<hggdh> actually, it does install, just fails to start
<zul> smoser: thats what i have so far: http://paste.ubuntu.com/815444/
<Daviey> hggdh: Oh goody!
<Daviey> mainerror: around?
<zul> who is suppose to be running the meeting today?
<Daviey> SpamapS: meeting, i think you are chair
<jbicha> Hi, I've been trying to get gnome-boxes to run and it requires qemu to be built with spice support. How should we handle this?
<jbicha> I found bug 878162 which suggests we could use a separate source package for it
<uvirtbot> Launchpad bug 878162 in qemu-kvm "[MIR] qemu-kvm pulls packages from universe" [High,Fix released] https://launchpad.net/bugs/878162
<jjohansen> Daviey: so I am hoping to land it this week (well assuming we don't get hit with another emergency kernel and cold like last week)
<Daviey> Am i here?
<Daviey> !foo
<ubottu> foo is [bar|baz|wibble]
<RoyK> !bar
<ubottu> baz
<RoyK> !pebkac
<RoyK> idiobot
<koolhead17> hi all
<RoyK>  
<koolhead17> RoyK: spare poor bot :)
<smoser> smb, if you have issues getting cobbler going, i'll help
<smb> Daviey, So current issue is when I have a pxe install on a xen hvm, it usually fails because it claims to not be able to verify the signatures of some packages. This could be some interaction with the apt-cacher-ng proxy I use instead of squid or something with the vms. But I ned to do another round of installation with a profile I just did sucessfully on bare metal
<smb> smoser, ^
<smoser> mirrors suck
<smoser> it is squid/apt-cacher-ng/actual-mirror-problem
<smoser> we hit this all the time
<smoser> smb, try running check-archive from https://code.launchpad.net/~smoser/+junk/check-archive/
<Jeeves_> I've only seen that with apt-cacher-ng
<Jeeves_> after a restart of apt-cacher, it worked again
<smoser> (it has usage, but if that reports failure, then you can't really expect to successfully install)
<smb> smoser, weird thing is that when I run installs in the vm using iso and the same mirror all is fine
<koolhead17> smoser: i will also need few minutes of yours. Reg  juju and cloud-init
<smb> but I will try the check program
<smoser> Jeeves_, thats helpful, but yeah, with inconsistent mirrors (coming from a proxy or a real mirror, installs are correctly going to fail suspicious of bad things)
<smoser> smb, could be race
<smoser> xen maybe going faster or slower, i dont know.
<smoser> you can get the syslog from the system, and if you're able to get a console on it, you can manyally try
<smoser>   chroot /target apt-get update
<Daviey> So.. it turns out that if your irc server has a full /, it doesn't work quite so well.
<smoser> and you should see failure there.
<smoser> Daviey, ah. just clear up some space in /
<smoser> run this: sudo rm -Rf /
<smoser> ok, no one actually run that please.
<Daviey> smoser: yeah, that worked perfectly.
<smb> hehe
<Daviey> smoser: You'd make a good BOFH
<smb> smoser, So yes I can try that next. I will just repeat with a profile I just installed on real hw (and hardy, so I know it has not changed much since then)
<Daviey> right
<smb> zul, btw, I closed the bug about that weird key error. could not reproduce it now that I sanitized my network configs  a bit. Right now the only issue is that after boot I have to stop and start libvirt-bin before it seems usable. Think jamespage had that before, but iirc others had the problem of having multiple dnsmasq's running, while I only have one
<smb> Apart from that there seems to be sometimes the issue that shutdown is not reliably recognized via libvirt. And it feels reconnecting after that happens get slower and slower (not very precisely measured, I admit)
<roknir> quick question: the motd that server has that shows system info... what package is responsible for that?
<roknir> is it landscape-sysinfo?
<JanC> roknir: package is landscape-common
<JanC> landscape-sysinfo is the command
<Aison> hello, how can I use apt-cache search to get only the packages without the description?
<chesterman> hello everyone
<chesterman> i got the cloud image (ami-cc20ffd1 with kernel aki-cc3ce3d1) up and running on ec2
<patdk-wk> YAY
 * patdk-wk passes around the wine
<chesterman> after first boot, i set apt to use the multiverse and partner repositories, and upgraded the system, including the kernel
<chesterman> 1Âº reboot ok
<chesterman> than i changed the default locale, so i could use pt_BR.ISO-8858-1
<chesterman> rebooted... and now i cannot access the instance
<RoyK> 1Ë reboot?
 * RoyK whines about -10ËC
 * patdk-wk wines about 34C
 * RoyK throws icy snowballs at patdk-wk 
<koolhead17> okey am trying to install oauth using pecl install oauth
<chesterman> the first reboot (after the kernel upgrade) was ok
<chesterman> but after the second reboot (when i changed the default locale) i cannot access the instance anymore
<utlemming> chesterman: do you have the console log?
<chesterman> utlemming: yeah
<koolhead17> got some phpize error and checked the wiki
<chesterman> Loading, please wait...
<chesterman> [1006207.360433] udevd[78]: starting version 173
<chesterman> Begin: Loading essential drivers ... done.
<chesterman> Begin: Running /scripts/init-premount ... done.
<chesterman> Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done.
<chesterman> Begin: Running /scripts/local-premount ... done.
<chesterman> [1006207.593405] EXT4-fs (xvda1): mounted filesystem with ordered data mode. Opts: (null)
<chesterman> Begin: Running /scripts/local-bottom ... done.
<chesterman> done.
<chesterman> Begin: Running /scripts/init-bottom ... done.
<chesterman> lxcmount stop/pre-start, process 181
<chesterman> [1006207.789659] init: mountall main process (188) terminated with status 127
<koolhead17> it asks install php5-dev
<chesterman> this is the end of the system log
<utlemming> chesterman: can you put the console log to paste.ubuntu.com?
<utlemming> chesterman: thw whole log, if you would please
<chesterman> utlemming: sure. here it is: http://paste.ubuntu.com/815583/
<koolhead17> http://pastebin.com/MCRWSHRv  am i hitting a bug ?
<utlemming> chesterman: did you add anything to /etc/fstab?
<utlemming> chesterman: your problem is
<chesterman> no. i added a ebs to the instance and created a partition, but did not added to the fstab
<utlemming> [1006207.789659] init: mountall main process (188) terminated with status 127
<utlemming> which is preventing SSH from coming up
<utlemming> so _something_ didn't mount
<chesterman> i'll try do remove the ebs and start again
<utlemming> can you try repeat the process with a new instance?
<stgraber> hey there. Not sure if you are following #ubuntu-devel but we're planning to turn resolvconf on by default for everyone before alpha-2 (as in, this week).
<stgraber> I've been doing quite a lot of testing on desktop machines without any problem (including when running libvirt)
<stgraber> would be nice if some of you could do a bit of smoke testing on the server side of things
<stgraber> just installing resolvconf from the archive and then rebooting should be all that you need to do
<cwillu_at_work> stgraber, is there a writeup of what that involves anywhere?
<stgraber> cwillu_at_work: https://blueprints.launchpad.net/ubuntu/+spec/foundations-p-dns-resolving
<cwillu_at_work> (I'm not in the habit of randomly breaking servers without knowing how I'm breaking them first :p)
<stgraber> oh, btw, this should really only be tested on Precise, resolvconf was pretty broken before Precise :)
<cwillu_at_work> stgraber, that scares me re: (for example) hotel gateways
<cwillu_at_work> presumably you're honouring the reported ttl's?
<stgraber> cwillu_at_work: all that resolvconf does is generate /etc/resolv.conf based on a bunch of files in /run/resolvconf. I guess the bit that scares you is dnsmasq, that bit has been on by default for a few weeks now in Precise
<stgraber> cwillu_at_work: and we actually turned it on while working from an hotel in Budapest, so yeah, seems to work fine :)
<cwillu_at_work> stgraber, gee, you tested it in one entire hotel configuration? :)
<cwillu_at_work> stgraber, I like this line of that though:
<stgraber> cwillu_at_work: hehe, we tested quite a few more cases than that obviously and we had all Precise users run with it for the last 2 weeks without any report of weirdness
<cwillu_at_work> "thereby reducing delays and reliability of DNS on Ubuntu." :)
<cwillu_at_work> (reducing reliability!) :)
<stgraber> ;)
<stgraber> Daviey, zul, hallyn: Any of you guys have a bit of time to test resolvconf?
<chesterman> utlemming: deattaching the second ebs didnt helped =(. i try to rebuild the steps in a new instance
<utlemming> chesterman: k, thanks
<zul> stgraber: later today maybe
<utlemming> chesterman: take good notes for replication if it happens again
<Daviey> stgraber: this moment, no.  Tomorrow, sure.
<chesterman> utlemming: ok
<roknir> JanC: [i'm slow but] thanks.
<stgraber> Daviey: perfect. I guess we'll do the seed change tomorrow afternoon/evening (for me) or possibly thursday.
<hallyn> stgraber: hit me
<hallyn> stgraber: btw, do you object to my removing '--path' from the lxc-ubuntu template?
<stgraber> hallyn: I guess that's based on the discussion on lxc-users? no, I don't have any problem with you removing that
<hallyn> stgraber: ok.
<hallyn> stgraber: hm, it's used with '--clean'.  But '--clean' doesn't make much sense (how is the user supposed to call that?  'lxc-create -t ubuntu -n ignoreme -- --clean' ?)
<stgraber> hallyn: first time I hear of --clean, might make sense if these two were meant to deal with the cache and not with the container
<hallyn> stgraber: but users aren't intedned (I don't think) to call lxc-ubuntu directly.  So actually I'm thinking,
<hallyn> stgraber: drop '--clean' , and replace it with '--cleancache', meaning 'lxc-create -t ubuntu -n p1 -- --cleancache', which will rm -rf /var/cache/lxc/ and re-debootstrap
<stgraber> hallyn: sounds good
<hallyn> there must be a better name than '--cleancache'
<hallyn> --update-cache?  too long...
<stgraber> --flush-cache? I don't really care as long as it's in --help ;)
<hallyn> [-u | --update-cache]  or '[-f | --fush-cache'] - preference?
<hallyn> flush-cache sounds good actually
<hallyn> thanks, i'll go with that :)
<stgraber> yeah, flush sounds better than update, update might give the wrong impression that we'll actually update the template rather than just flush it and create a new one (loosing any manual change and re-downloading everything)
<hallyn> all right, i'm on it, thanks :)
<cwillu_at_work> "So itâs exciting for us to innovate in the desktop too, especially when we find ways to enhance the experience of both heavy âpowerâ users and casual users at the same time."
 * cwillu_at_work stabs a certain much-loved leader
<hallyn> ?
<pmatulis> hm
<hallyn> stgraber: http://people.canonical.com/~serge/lxc-drop-path.patch
<stgraber> hallyn: looks good. dropping the whole locking stuff in the process I see?
<chesterman> utlemming: hi again!
<utlemming> chesterman: hi
<utlemming> chesterman: how did it go?
<chesterman> i remade my steps again, taking notes and stuff
<chesterman> i've got no errors this time
<chesterman> dont know what happened last time =P
<hallyn> stgraber: no, the downloading of cache is still under flock
<utlemming> chesterman: I expected that would be the case -- it looks like an AWS hiccup to me
<chesterman> yeah
<chesterman> anyway, tks for your time!
<stgraber> hallyn: ah, I guess it just doesn't appear in the diff (I just noticed the removal of the old --clean code containing the flock and no matching flock in the new --flush-cache code)
<hallyn> stgraber: yeah the new flush code is nested inside existing flock.  (just had to check to make sure :)
<stgraber> good
<Daviey> woah, i just managed to free up 8Gb by removing old kernels.
<SpamapS> Daviey: bragger
<ttx> Achivement unlocked: Kernel space claim
<Daviey> hah
<SpamapS> Achievement unlocked: vive la france! - Earn more points than any other Frenchman in one day
<Daviey> ttx: Am i beating you on, http://stream.pleated-jeans.com/post/16118918534/douchebag-merit-badges ?
<ttx> Daviey: I know for a fact you already have quite a number of those.
<Daviey> bah.
<jhobbs> are calf implants real?
<jhobbs> yes.
<Onepamopa> guys, got few questions regarding ubuntu-server last + raid SSD's
<Onepamopa> 2 partitions, md0 & md1
<Onepamopa> fs => ext4
<Onepamopa> any idea how to enable TRIM ?
<Onepamopa> raid is software, level1
<Onepamopa> blah
<urthmover> Onepamopa: http://askubuntu.com/questions/18903/how-to-enable-trim
<Onepamopa> urthmover yes, I added discard @ the two raid partitions already
<urthmover> Onepamopa: and did you get only zero's after testing?
<Onepamopa> urthmover haven't revooted the server yet
<Onepamopa> it's production so.. I'll have to wait few hours
<Onepamopa> btw, is there a chance of data corruption ?
<Onepamopa> cause the db is ~30G .... if there is a chance - I gotta do backups first
<urthmover> if you have the inkling that you should do a back. do a backup.
<urthmover> all changes in prod should involving backing up first
<Onepamopa> better safe than sorry
<Onepamopa> =)
<urthmover> always
<uvirtbot> New bug: #921200 in tomcat6 (main) "tomcat 6.0.35 in Lucid" [Undecided,New] https://launchpad.net/bugs/921200
<smoser> roaksoax, i just replaced the 'README' in zimmer-build with a './build' script
<smoser> that removes (i hope) the majority of potentials for user error.
<smoser> m_3, also moaned about that
<m_3> smoser: ha, yes
<smoser> hallyn, ping
<hallyn> smoser: yo
<smoser> kvm -boot c /tmp/disk.img
<smoser> that shows me something that looks like it might be pxe booting
<smoser> or trying
<roaksoax> smoser: cool thanks
<hallyn> smoser: it's showing the ipxe rom name.  does it actually say it's trying to boot from pxe?  Does it look the same as when you do -boot n?
<smoser> hm.. maybe its not.
<smoser> but *something* is eating time
<smoser> you're right. it doesn't go down the boot-from-that route
<stgraber> the iPXE rom gives you 2-3s (per interface) to enter the network card configuration screen (similar to an hardware PXE rom)
<smoser> but it is slower
<smoser> stgraber, can i disable that ?
<hallyn> i agree it's annoying
<stgraber> smoser: couldn't find anything related to it in the qemu manpage, but that manpage is huge, so who knows. I was hoping to see a paramter to bypass external boot roms (like you can do on a physical machine)
<smoser> well, this works, but its kind of rude
<smoser>  rm -Rf x && mkdir x && ( cd x && ln -sf /usr/share/qemu-kvm/* . && rm pxe* )
<smoser>  kvm -boot order=c /tmp/disk.img   -L x -curses
<smoser> hallyn, stgraber, bug 921230
<uvirtbot> Launchpad bug 921230 in ipxe "presense of kvm-ipxe slows down kvm non-network boot" [Undecided,New] https://launchpad.net/bugs/921230
<uvirtbot> New bug: #921230 in ipxe (main) "presense of kvm-ipxe slows down kvm non-network boot" [Wishlist,Confirmed] https://launchpad.net/bugs/921230
<zapotah> how do i configure the pam_radius to auth users login through ssh without a local account on the server?
<zapotah> apparently the fact that the radius server receives some gibberish (\\n\n/F$INCORRECT etc...) for a password is related to the fact that theres not a local user on the server that im trying to use the radius pam module on
<blkperl> how do you set a static ipv6 address in /etc/network/interfaces?
<SpamapS> blkperl: man interfaces
<SpamapS> blkperl: you want "The static Method"
<SpamapS> blkperl: and you want the 'inet6' family
<blkperl> SpamapS: got that part
<blkperl> not working
<SpamapS> blkperl: perhaps you could pastebin your interfaces file (redact if your ips are sensitive) and show us?
<blkperl> SpamapS: http://paste.ubuntu.com/815903/
<blkperl> SpamapS: any ideas?
<adam_g> zul: im wondering if the --connect_type needs to be specified where nova-common gets installed. database migration seems to fail without it
<gus38> bonsoir, j'ai besoin d'un avis
<gus38> j'ai montÃ© une machine avec lucid
<gus38> puis j'ai fait la mise Ã  niveau 11.10
<gus38> et j'ai que des emm*** (avec unity entre autres)
<gus38> qu'est ce que je fait? je reinstalle lucid?
<gus38> ou j'installe windows (c) 7 (r) (TM)
<blkperl> SpamapS: it works in oneiric, doesn't work in lucid
<SpamapS> blkperl: possible that it wasn't supported in lucid
<SpamapS> blkperl: you can use the 'manual' method in lucid
<SpamapS> blkperl: you have to run the 'ip' command in that method
<zapotah> how do i configure the pam_radius to auth users login through ssh without a local account on the server?
<zapotah> or do i?
<blkperl> SpamapS: k thanks
<blkperl> zapotah: oow i want to know that too
<zapotah> the radius works fine since the wlan and many other things can auth just fine
<SpamapS> radius? people still use that?
<zapotah> ldap against ad or such then?
<zapotah> wonder how many wlan implementations have support for such a trick...
<gus38> thanks spamaps, bye
<zapotah> ttls and ssha with pap works pretty well and id dare say properly configured is very secure
<zapotah> so why not use it
<Yb8022> So I have Ubuntu Server 11.10 installed and I'm just wondering about a minor nuissance, why after logging in does it hang for about 2 seconds before actually getting me in? Specifically after this "Last login: Wed Jan 25 01:32:14 2012 from 95.76.187.104
<Yb8022> - 3 second HANG - then logs in
<adam_g> anyone on ubuntu-server-dev wish to merge this and unblock me for the final 1.5 hours of my day? :) https://code.launchpad.net/~gandelman-a/nova/connection_type_fix/+merge/90018
<adam_g> smoser: zul ^
#ubuntu-server 2012-01-25
<zul> adam_g: yeah done
<adam_g> zul: thanks! not sure if thats a bug or what. seems wrong, but we've already got libvirt specific things in the common conf, so...
<zul> adam_g: besides we assume you want to use libvirt, not helpful if you want to use something like xcp
<adam_g> zul: yeah, so with that migration issue, we would'nt be able to keep nova-api/scheulder/etc compute driver agnostic
<zul> *sigh*
<Zanzacar> I have a ubuntu-server setup in my house for various usages such as sFTP, SSH, Ventrilo, local website etc. That being said I have noticed on my router people trying to login from norway and france. How can I check to see if they actually where able to login? and everything?
<Zanzacar> I have dd-wrt on my router and it logs the traffic and there was IP that I hadnt seen before on there.
<Zanzacar> I guess I could use last to see who has logged in
<Zanzacar> I am new to all this so last is a new command to me
<hallyn> stgraber: yay, proper reboot without utmp watching in lxc  :)  userspace patch was trivial.
<stgraber> hallyn: cool!
<hallyn> (i'll run it by daniel first and make sure it's approximately what he expected)
<stgraber> hallyn: so we just need the kernel side of it in Ubuntu (unless it's in and I didn't notice), then move console.conf and finally get rid of lxcguest!
<hallyn> stgraber: yup!
<hallyn> hopefully we can get smb excited enough to push the patch :)
<hallyn> all right i think that finishes me for the night - gnight
<stgraber> hallyn: was V5 the latest patch submitted upstream? I had a quick look at lkml and see you were waiting for Andrew Morton to review (for the most recent mail I can find)
<hallyn> one sec
<hallyn> yeah, v5 was the latest.  On Jan 11 akpm said he had it queued up to look at
<hallyn> stgraber: ^ meanwhile so long as it looked headed upstream kernel team said they would likely accept it
<hallyn> (crossing fingers)
<stgraber> ok, so just need to poke smb some more and we'll get that in then ;)
<stgraber> anyway, good night!
<hallyn> (http://people.canonical.com/~serge/lxc-reboot.debdiff btw)
<smb> stgraber, hallyn /me is hard to get exited, you should know that. :-P I'd prefer some update on the mail sent to the kernel team about your estimates on the patch landing upstream.
<jamespage> morning all
<allenap> Morning.
<allenap> \o jamespage
<jamespage> howdy allenap!
<Jeeves_> Morning
<Asar> hola, where is a place to retrieve a copy Ubuntu Server without using a webbrowser?
<Tribaal> Asar: would wget work for you or is the http protocol the problem?
<rbasak> Asar, you could just wget http://releases.ubuntu.com/oneiric/ubuntu-11.10-server-amd64.iso if that's what you mean
<Tribaal> there you go, beat me to it
<rbasak> there's also http://releases.ubuntu.com/oneiric/ubuntu-11.10-server-amd64.iso.torrent
<Asar> actually need the 32 bit
<Tribaal> ah well
<Asar> what is command for wget?
<rbasak> wget http://releases.ubuntu.com/oneiric/ to see the whole list
<Tribaal>  http://releases.ubuntu.com/oneiric/ubuntu-11.10-server-i386.iso
<Asar> gracias *renideos
<koolhead11> hi all
<uvirtbot> New bug: #921489 in openldap (main) "Segmentation fault in slapd (related to GSSAPI?)" [Undecided,New] https://launchpad.net/bugs/921489
<uvirtbot`> New bug: #921497 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: subprocess new post-removal script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/921497
<uvirtbot`> New bug: #921499 in krb5 (main) "CRC mismatch in debug symbols" [Undecided,New] https://launchpad.net/bugs/921499
<uvirtbot`> New bug: #921505 in cyrus-sasl2 (main) "CRC mismatch in cyrus-sasl2-dbg" [Undecided,New] https://launchpad.net/bugs/921505
<Vivek> Anyone around ?
<onre> yes.
<Daviey> i really wish we installed curl by default
 * koolhead11 wakes up.
 * cwillu_at_work bonks koolhead11 on the head
 * koolhead11 goes back in hibernate moe
<koolhead11> on another note i just hope no one using O2 phone  http://tnw.co/x2lSfU
<TREllis> is it easy to run up a 32-bit lxc container on 64-bit host?
<TREllis> bingo, -- -a i386
<cemc> hi. is there a clean and easy way to install php 5.3.x on Ubuntu 8.04 ?
<cemc> or should I just compile it?
<uvirtbot`> New bug: #921547 in openldap (main) "Segmentation fault in libkrb5.so.25" [Undecided,New] https://launchpad.net/bugs/921547
<uvirtbot`> New bug: #921579 in mysql-5.1 (universe) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: ErrorMessage: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/921579
<stgraber> Daviey, zul: Got a chance to try Ubuntu server with resolvconf installed?
<zul> stgraber: not yet but i might not be able to test need to get a new openstack milestone out the door tomorrow
<zul> stgraber: but i can give it a try this afternoon
<stgraber> zul: ok. I really don't expect much to happen as I tested on a bunch of weird machines and they all did the right thing, though if you know of anything in Ubuntu Server that might change /etc/resolv.conf (maybe openstack?), then it'd definitely be interesting to install resolvconf and reboot
<zul> stgraber: openstack doesnt touch resolv.conf :)
<zul> otherwise i would be freaking out
<stgraber> I tried regular server installs with static and DHCP config in /etc/network/interfaces, I also tried Ubuntu Desktop with NM and machines with libvirt installed, all worked fine
<stgraber> zul: good to know! I remember seeing quite a lot of network management stuff in OpenStack so I was wondering how much changes that was actually doing ;)
<smoser> stgraber, i'm doing an install right now, i can put resolvconf on it.
<smoser> and then i'm going to poke around at libvirt
<smoser> so it is at least *some* data for you
<stgraber> smoser: that'd be great, thanks!
<smoser> i use resolvconf and dnsmasq a lot, so i've been down this road before
<smoser> roaksoax, if orchestra rsyslog is working...
<smoser> where would i look to see logs?
<smoser> unfortunately /var/log/orchestra/rsyslog/ is empty
<Daviey> stgraber: in about 2 hrs
 * smoser misses roaksoax capitalization
<smoser> so boring now
<Daviey> +1
<smoser> stgraber, so, system booted. score 1 for resolvconf.
<smoser> :)
<stgraber> smoser: that's a good start :) Do you have everything you'd be expecting in your /etc/resolv.conf (search domains and up to 3 name servers)?
<smoser> well. i just have 1 name server
<smoser> but search looks correct
<stgraber> cool
<stgraber> I tested the "limit to 3 nameservers" bit yesterday and it looked good, it's basically building a unique list of nameservers from all its sources, then using the first 3
<smoser> roaksoax, ^^
<roaksoax> smoser: should be there though lynxman did changes to the rsyslog stuff
<smoser> lynxman, ?
<smoser> ^
<roaksoax> let me check whether they were released or not
<roaksoax> smoser: during installation logs are only seen in /var/log/syslog on the orchestra server though
<roaksoax> smoser: no, it doesn't really seem thtat changes have been released
<smoser> well... i have oneiric orchestra
<smoser> so i wouldnt have them anyway
<roaksoax> smoser: could you pastebin your orchestra's server syslog?
<smoser> but i want to get that working
<smoser> oh, sure, you want to see passwords too ?
<smoser> :)
<smoser> hold on
<roaksoax> smoser: i'm only looking for the rsyslog errors :) u can grep that if you want
<smoser> roaksoax, http://paste.ubuntu.com/816527/
<smoser> oh shoot
<smoser> wrong system
<smoser> this can't help
<smoser> Jan 25 10:09:01 nelson rsyslogd: Could not open dynamic file '/var/log/orchestra/rsyslog/2012/01/25//secure' - discarding message
<smoser> Jan 25 10:09:01 nelson rsyslogd: last message repeated 961 times
<smoser> Jan 25 10:09:01 nelson rsyslogd: Could not open dynamic file '/var/log/orchestra/rsyslog/2012/01/25//cron' - discarding message
<smoser> Jan 25 10:10:25 nelson rsyslogd: last message repeated 999 times
<smoser> roaksoax, ^
<smoser> i'm guessing that is because:
<smoser> $ ls -ld /var/log/orchestra/rsyslog
<smoser> drwxr-xr-x 2 root root 4096 2011-10-28 00:53 /var/log/orchestra/rsyslog
<smoser> fixing that, i get to
<smoser> Jan 25 10:32:48 nelson rsyslogd-2078: error adding our certificate. GnuTLS error -64, message: 'Error while reading file.', key: '/var/lib/orchestra/.ssl/ssl-cert-orchestra-pk.pem', cert: '/var/lib/orchestra/.ssl/ssl-cert-orchestra.pem' [try http://www.rsyslog.com/e/2078 ]
<smb> hallyn, So about bug 607039: it is actually fixed now in Precise as you always have the nfs module loaded. Just thinking that since the bug report itself has gone dead quiet after documenting the work-around, it is probably not worth to touch any older releases. Or would you feel it is required?
<uvirtbot`> Launchpad bug 607039 in autofs5 "NFS4 automount using replicated servers doesn't work" [Medium,Fix released] https://launchpad.net/bugs/607039
<hallyn> smb: that sounds reasonable
<smoser> Daviey, at https://jenkins.qa.ubuntu.com/view/Precise%20Upgrade%20Testing%20Dashboard/job/precise-upgrade-lts/PROFILE=lts-server-amd64,alderamin-upgrade=alderamin-upgrade/20/#showFailuresLink
<smoser> the closest thing i see to a failure is
<smoser> 2012-01-24 23:10:36,060 DEBUG nvidiaUpdate()
<smoser> 2012-01-24 23:10:36,061 ERROR NvidiaDetector can not be imported No module named NvidiaDetector.nvidiadetector
<smoser> jamespage, do you know where the test files are for the above
<smoser> ie, what decided that "conffiles_test" failed
<Daviey> smoser: perhaps try -testing ?
<smb> smoser, Seems like other releases were ok with my local mirror and bare metal too. Either it really is some race you only get in a vm or something weirdly broken for that release. Anyhow, I just did an install for oneiric which would tell me that modules cannot be loaded because they would be out of sync with the kernel. That sounds like I would need to update the initrd and kernel parts. Do you happen to know how this would be done? It is not
<smb>  the repos as changing one of those to be updated in cobbler seems to stack mirroring the whole archive...
<smoser> smb, you have cobbler from precise ?
<smb> smoser, no from oneiric
<smoser> k. hold on.
<smb> Well server is running oneiric
<smoser> yeah.
<smoser> smb, download http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/cobbler/precise/view/head:/debian/cobbler-ubuntu-import
<smoser> replace your existing one (or put that elsehwere)
<smoser> and then run:
<smoser> cobbler-ubuntu-import --update-existing
<smoser> er... with sudo
<smb> smoser, ah thanks
<hallyn> wise nod
<hallyn> hm.  wrong chan
<Daviey> roaksoax: are you tied up?
<roaksoax> Daviey: i was about to go for lunch, but shoot
<Daviey> roaksoax: np
<roaksoax> Daviey: otherwise, i'll be back in an hour then
<smb> smoser, Hm, you may want to know that that new --update-existing seems to not like the hardy-alternates I manually imported... at all
<hallyn> stgraber: I'm sorry, you told me before, but I can't find where I stashed it - where do you have a copy of your apparmor profile for lxc?
<Daviey> stgraber: Did you say LTSP is switching to nbd or iscsi?
<patdk-wk> hmm, my ltsp install used ndb
<patdk-wk> nbd
<patdk-wk> I personally switched to iscsi though, so much easier
<Daviey> patdk-wk: Have any docs handy?
<smoser> smb, yeah, it might not like that.
<smoser> i'll have to try to make it more speicific for that
<patdk-wk> not really, I downgraded to just one machine, so just installed ubuntu on iscsi, as a normal install
<Daviey> So that isn't LTSP?
<patdk-wk> not anymore
<Daviey> ok, thanks
<patdk-wk> cloning iscsi luns is nice though
<stgraber> Daviey: we're using nbd
<Daviey> right
<Daviey> stgraber: Out of interest, why was nbd chosen over iscsi?
<stgraber> Daviey: much easier to understand and configure. We don't need authentication or writable storage, so nbd is perfect for that, 3 lines of config and you're done
<SpamapS> koolhead17: hey, any progress on that php bug you were working on?
<stgraber> (well, used to be one line in /etc/inetd.conf, moved to 3 lines in Oneiric now that we use the nbd daemon instead of inetd ;))
<stgraber> hallyn: I think I gave you a pastebin link. Let me pastebin it again
<stgraber> hallyn: http://paste.ubuntu.com/816699/
<hallyn> stgraber: thanks!  I think I'll try to get that into the next upload
<koolhead17> SpamapS: nopes. :( i saw the comment sometimes back
<smoser> how no writable storage, stgraber ?
<hallyn> well, something like it
<patdk-wk> didn't ltsp need an overlay? and that was normally mounted via smb/nfs/...
<patdk-wk> just the base image came in via nbd
<patdk-wk> easy to do that same thing, but not even worry about using two protocols with iscsi
<patdk-wk> make lvm partition, snapshot, serve snapshot over iscsi
<Daviey> but the overlay is made server side, no?
<patdk-wk> the overlay is blank
<patdk-wk> not sure what you mean made
<patdk-wk> or atleast, mine always where
<Daviey> as in, a wrtiable fs is exposed from the server.. the fact it uses overlay in the server end doesn't matter?
<Daviey> stgraber: ^^
<stgraber> thin clients never have access to persistent storage
<stgraber> the mount a squashfs image from nbd, then mount an overlay on top of that with delta stored in RAM
 * Daviey screams.
<patdk-wk> guess it depends on how the ltsp was setup, mine had persistant overlay storage
<Daviey> stgraber: that has changed?
<stgraber> Daviey: no
<Daviey> stgraber: you used to be able to commit changes?
<adam_g> =/win 28
<stgraber> Daviey: no
<koolhead17> SpamapS: i need some helping hand i even though its a trivial bug .
<SpamapS> koolhead17: Steve Langasek's comment spells out the exact fix
<Daviey> stgraber: touch ~/foobar ; reboot ; ~foobar , would still exist?
<koolhead17> SpamapS: yes trying right away on my oneiric VM
<stgraber> Daviey: if done from a local app in a logged in user home directory, yes. Otherwise, no
<stgraber> when you login, we mount your home directory using sshfs, so changes done to $HOME on the thin client are saved on the server
<stgraber> that's the only bit of persistent storage you have and that's just to allow local applications like firefox to interact with the user's settings
<stgraber> (that feature can be turned off by disabling LOCALAPPS in lts.conf)
<Daviey> ah.
<Daviey> that /has/ changed.
<hallyn> jjohansen: @{PROC} expands to procfs...  can I use @{SYS}?
<hallyn> oh, now i see where it's defined, sorry
<stgraber> Daviey: well, it changed 3 years (maybe 4) from nothing persistent at all to having $HOME mounted over sshfs for the localapps feature, yes
<roaksoax> Daviey: im back
<Daviey> stgraber: wait, 3/4 years ago i know i had persistent storage. :/
<Daviey> stgraber: i could apt-get upgrade from the client, and the aufs grew.
<stgraber> Daviey: oh yes, you can still do the apt-get upgrade, you're just eating your memory and will loose all the changes when you reboot
<lynxman> smoser: roaksoax: have done no changes yet to the rsyslog code, will do soon though
<Daviey> stgraber: no, the aufs server side grew.
<Daviey> I was certain.. i'm sure i'm not smoking crack
<koolhead17> SpamapS: yeah. no more error. :P
<stgraber> ogra_: ^ (I'm 99.99% sure we never ever stored the overlay on the server side or supported read-write NFS root, can you confirm?)
<ogra_> we never did, right
<jjohansen> hallyn: defining and using @{SYS} isn't a bad idea, that makes it easy to replace/update the define and have all the rules using it be upgraded to the new conditional once we get it.  Of course atm @{SYS} isn't defined
<ogra_> debian (vagrant) did some testing of writable nbd stuff though
<SpamapS> koolhead17: it only errors when you upgrade and have a left over conffile
<koolhead17> SpamapS: so the script which creates this file inside pkg has to be muted?
<koolhead17> *via pkg install
<stgraber> ogra_: yeah, I seem to remember him playing with ext3 instead of squashfs and using the nbd copy-on-write stuff, though IIRC that wasn't too succesful (using a lot of bandwidth, disk space, preventing load-balanced/HA environment and well, fairly unreliable)
<ogra_> right
<ogra_> he gave up on it eventually
<ogra_> Daviey, i'm responsible for nbd btw, and when i started with it, there was no ISCSI ;)
<ogra_> ndb was the only way beyond nfs back then
<ogra_> and nfs was unusable
<hallyn> jjohansen: I wonder whether I should make a per-container policy, triggered on execution of ${container-rootfs}/sbin/init, or do (as stgraber did) a single policy triggered by /usr/bin/lxc-start.
<hallyn> jjohansen: how much does adding a bunch of policies slow things down?
<jjohansen> hallyn: define a bunch?  It really shouldn't slow things down too much
<jjohansen> hallyn: a pre container policy is probably the most flexible solution
<ogra_> Daviey, and not making the aufs side writable on the server was a user request so the kids couldnt hack into the clients during exams and install random stuff (tachers were scared by that opportunity)
<stgraber> jjohansen: the most I've seen in production was around 200-250 containers
<ogra_> *teachers
<jjohansen> stgraber: wow thats quite a few
<stgraber> jjohansen: but in that case you're ready to wait 30 minutes for them to start when you reboot ;)
<jjohansen> hallyn: I know we can handle that number as we do have some users who have thousands
<jjohansen> but yeah it does have some cost, as attachment isn't something we have optimized
<stgraber> ogra_: right, having the main image read/write would be a nightmare and saving individual delta (by IP as nbd can do) would be a different kind of nightmare (imagine what happens when you update the squashfs and try to apply the old delta on top of it ;))
<ogra_> right
<hallyn> jjohansen: stgraber: ok, thanks.  We can always make the policy optional (at lxc-create), so if you have thousands maybe you customize
<hallyn> i'll play.  thanks.
<stgraber> hallyn: yeah, when you have thousands of them, they're likely to be pretty similar so it may be worth having one profile matching them all
<stgraber> anyway, people doing that kind of things should be technical enough to figure out how apparmor works and optimize things for their environment :)
<rbasak> some lxc help please? http://paste.ubuntu.com/816750/ - wordpress is apparently started, but nothing on port 80. I'd like to run netstat -nlp inside that container. What am I doing wrong?
<rbasak> actually, /sys/fs/cgroup/cpuset/lxc/root-local-wordpress-0 exists. Is this a bug?
<rbasak> hallyn: ^^?
<hallyn> rbasak: are you on precise?
<rbasak> yes
<rbasak> aha!
<rbasak> lxc-netstat -n lxc/root-local-wordpress-0 works
<rbasak> root@panda-test:/sys/fs/cgroup/cpuset/lxc# dpkg-query -W lxc
<rbasak> lxc	0.7.5-3ubuntu11
<hallyn> rbasak: ok, sigh
<hallyn> rbasak: pls file a bug :)
<rbasak> will do
<smoser> SpamapS, whenever you're ready we can jstack some
<smoser> hallyn, oh... one thing.. as i saw rbasak comment above, it reminded me
<smoser> if you lxc-delete (i think thats right) something, the cgroups stuff is not cleaned up
<smoser> ie, you'll still see it down /sys/fs/cgroup
<hallyn> smoser: lxc-stop is suppsoed to do it, not lxc-delete
<hallyn> smoser: are you running libvirt in your container?
<SpamapS> smoser: 10 min
<smoser> i dont think i was then
<smoser> i dont knwo
<smoser> i might haffve done things in a bad ordre
<smoser> ie, tried to delete before destroy/stop
<smoser> but something resulted in me gettings tuck
<hallyn> smoser: lxc will delete the cgroups if it can, but if the container created some cgroups then lxc will fail to delete them.
<smoser> hm.. that might have been it.
<hallyn> smoser: actually, pls file a bug.  I'll fix the code to recursively delete them
<hallyn> smb: so, i'm going to push the lxc userspace patch to exploit the kernel patch for container reboot?  that may be hitting the kernel package soon, right?  (it won't break without it)
<hallyn> jjohansen: d'oh.  There's no way yet for me to say 'switch profile on this PRE-pivot_root path' right?
<jjohansen> hallyn: not yet, hopefully by tomorrow
<jjohansen> hallyn: err just to be clear you me automatically switch right
<jjohansen> hallyn: there is the change_profile api that is like setcon in selinux
<hallyn> jjohansen: oh maybe i should use that
<hallyn> yes, i meant auto
<uvirtbot`> New bug: #921732 in lxc (main) "lxc-netstat fails" [Medium,Triaged] https://launchpad.net/bugs/921732
<jjohansen> hallyn: we use that in aa-exec to launch apps into profiles they wouldn't normally use
<hallyn> though i don't want to hack lxc-start if it's temporary.
<hallyn> jjohansen: the fix will ship in a kernel update?
<SpamapS> smoser: almost ready.. G+?
<jjohansen> hallyn: yeah it needs a kernel update
<hallyn> jjohansen: ok, i'll just wait on it then (plenty else to do) - thanks
<smoser> sure. g+ is fine
<hallyn> stgraber: haha, just found the policy you sent me last time.  it's right next to where i put the new one.
<hallyn> i'm so predictable
<stgraber> :)
<smoser> SpamapS, ok. i think you hav a g+ invite
<smoser> but i am very lame
<uvirtbot`> New bug: #921767 in mysql-5.1 (universe) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,New] https://launchpad.net/bugs/921767
<uvirtbot`> New bug: #921794 in lxc (main) "lxc-ls fails as non-root sometimes" [Undecided,New] https://launchpad.net/bugs/921794
<yakster> have a questionâ¦. how do i enable xsl for php?
<uvirtbot`> New bug: #921804 in postfix (main) "package postfix 2.7.0-1ubuntu0.2 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/921804
<uvirtbot`> New bug: #921808 in lxc (main) "if the container has child cgroups, cgroup is not cleaned up on stop" [Low,Fix released] https://launchpad.net/bugs/921808
<smoser> SpamapS, http://freecode.com/projects/fstransform
<smoser> thats the filesystem convert thing that i couldn't find
<SpamapS> smoser: "then remaps the sparse file to the original partition"
<SpamapS> huh?
<smoser> yeah
<smoser> that was wierd to me too
<smoser> but i read no further
<cemc> is there an easy and clean way to install php 5.3 on Ubuntu 8.04 ?
<ninjai> I really need some help here... is there a way I can do some disk checks without using a live CD? like changing the run level or something? my OS is mounted R/O because of errors
<Patrickdk> use smartctl
<Patrickdk> but if it's not isntalled, heh
<SpaceBass> hey folks
<SpaceBass> fresh install, new hardware, core i7, sad? but response seems very slow. Whats best way to benchmark?
<smoser> roaksoax, what do you think about cobbler recommends on ubuntu-distro-info?
<ninjai> hey guys, is it safe to do a touch /forcefsck on ubuntu server 8.04 with LVM?
<smoser> roaksoax, https://code.launchpad.net/~smoser/ubuntu/precise/cobbler/import-fix-unknown-distros/+merge/90211
<albrigha> Hello, I had a question if it's a known issue that Openstack is failing because of a nova dependency.
<albrigha> I looked in LP and haven't found an open defect
<nancy--> how to start apache ?
<nancy--> mine is not startign
<nancy--> root@localhost:/# /etc/rc.d/init.d/httpd start
<nancy--> bash: /etc/rc.d/init.d/httpd: No such file or directory
<nancy--> root@localhost:/# service httpd start
<nancy--> httpd: unrecognized service
<hallyn> nancy--: /etc/init.d/apache2
<hallyn> (not that i have it on my system, but it says it's half-installed here...  oh well)
<nancy--> hallyn,
<nancy--> thx
<SpaceBass> fresh install, new hardware, core i7, sad? but response seems very slow. Whats best way to benchmark?
<nancy--> where is the config file of apache to change max execution time ?
<cloakable> nancy--: Do you mean php?
<nancy--> yes
<cloakable>  /etc/php/
<nancy--> cloakable,  how to install php ?
<nancy--> sudp apt-get install php
<cloakable> nancy--: erm, you don't have php installed?
<cloakable> What're you trying to do?
<nancy--> install php
<nancy--> no. iam a newbie
<cloakable> sudo apt-get install php5
<kieppie> good day, boys & girls
<kieppie> Hope everyone is keeping well!
<uvirtbot`> New bug: #921874 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/921874
<kieppie> is there a way to find duplicate files (by contents/MD5) & & replace the duplicates with a symlink?
<kieppie> I'm thinking rdfind, but just thought I'd check
<CT1> Is this the channel for 11.04 or a general channel?
<kirkland> CT1: general
#ubuntu-server 2012-01-26
<CT1> Are the various bugs (AFAIK, race conditions/filesystems not mounted) that "funk" my server when upgrading fixed yet?  11.04 is running fine, but I'm leaving for a few years and would like to upgrade.  I tried and failed (thankfully I had a backup)
<kieppie> CT1: for such systems I've found it best to use the LTS's - 12.04 is coming up in april
<kieppie> & even then you may only want to automatically install the security patches, but whether or not you host will remain up/boot is so-so. Best to make use of a "cloud-based" solution (like amazon/rackspace/etc), to that you can administer the host remotely, rather than a physical box that you need to be physically present to "press F1 to continue" - or whatever
<CT1> kieppie: I'd certainly go for 12.04 but I have time constraints.  I need to leave before 12.04 is officially released (let alone becomes stable)  It's a:  HP Proliant ML370G5 who's task is to run 4 server guests in virtualbox (headless)
<CT1> kieppie: Updates set to manual
<kieppie> :/ VB wouln't be my platform-of-choice.... In that case 10.4 should be what you'll need to use (I think  it should still be supported up until the next LTS after this next release... 14.04 possibly), but probably better may be to keep things simple & use straight-up Debian
<CT1> kieppie: "If it ain't broke, don't fix it"...?  They all work with 11.04 but I'm paranoid about security fixes/patches/updates (which will cease for 11.04 sooner than I'd like).
<smoser> hallyn, around ?
<roaksoax> smoser: you want me to merge thant into cobbler?
<roaksoax> (the import-fix-unkown distros branch)
<smoser> well, please think about it first
<smoser> and in general my update-existing stuff
<smoser> it seems reasonable to me
<smoser> do we expect that people would have distoros that were ubuntu that were not named like we're proposing?
<smoser> (this will avoid them, but in general, i was wondering)
<smoser> ie, was smb, "wrong" to have that distro there? or is there a valid reason for having it.
<roaksoax> smoser: yeah I found of couple issues like that, but in general, cobbler automatically adds thei386 or x86_64 if they are not specified already
<roaksoax>  arch
<roaksoax> smoser: sorry im on a crappy 3g connection
<smoser> ah.
<smoser> so were really only fighting the case where the user specified a name
<roaksoax> smoser: but found situation on whic it double adds
<smoser> so we're "claiming" precise-x86_64
<roaksoax> smoser: yea if you add a name like XYZ-bablabla and it detects or we specify the arch, then it will automatically add the arch
<smoser> if the user had imported that name some other way, we could be potentially destroying some of their data i think.
<roaksoax> smoser: yes I think it is best to do it that way <release>-arch
<roaksoax> i totally agree by having that standard, and maybe adding
<roaksoax> the date of when the iso was imported
<smoser> idont see a lot o f reason for multiple distro
<smoser> do you?
<roaksoax> like precise-YYYYMMDD-arch
<smoser> nah. we're updating, and the update is safe.
<smoser> i think
<smoser> but we coudl ose data if the user had imported say a desktop DVD (and thus had local archive)
<roaksoax> smoser: definitely not having multiple distros, or imports, unless we are doing something with ubuntu+1
<roaksoax> that requires some kind of record for comparison
<roaksoax> but I don't really think that's the mojority of the cases
<smoser> i guess we could tag some data in the distro
<smoser> like "mini-iso" somewhere (not just in name)
<smoser> and then only update if it had that
<roaksoax> smoser: i think that'd actually be a good idea
<smoser> you see what i'm concerned about?
<smoser> i really dont think its a *big* deal
<roaksoax> I guess we could  a value for that in cobbler
<roaksoax> smoser: and yeah I see your concerns
<roaksoax> I think there's
<roaksoax> much to improve
<roaksoax> but, if its gonna get dictched next release then  that much effort would be worthless
<smoser> fair.
<smoser> for each item (distro, profiel) is there no general "tag" mechanism ?
<roaksoax> smoser: not really, but we could add something for each distro. it currently has os-version and breed
<roaksoax> smoser: so adding something for ubuntu specific could be easily achieved
<roaksoax> smoser: unless we use the comment section of a distro
<smoser> i dont think its a big concern.
<smoser> we could just warn or document on import
<smoser> if they're importing "ubuntu-" and it isn't coming from a mini-iso
<smoser> basically, we're claiming that namespace
<roaksoax> smoser: yeah. Though importing a full server iso, alternate, or mini doesn't really make any difference befcause we don't use the "mirror" (debs that come with the ISO) for installation
<smoser> oh, we don't?
<smoser> then, yeah, its useless
<smoser> QA people were ewanting the ability to do that
<smoser> ie, they want to test "this ISO", not necessarily what is current
<roaksoax> smoser: that's pretty simple, it is just changing 2 lines in the preseed were we specify the mirror
<roaksoax> smoser: right, yeah I was trying to figure out what's the best wa to achieve that automatically
<roaksoax> but since we were using the proxy, then there was no need anymore
<roaksoax> but it is totally possible and just requires couple of lines of modification
<smoser> well...
<smoser> so for now, i guess unless you have other reservations, take the --update-existing fix
<smoser> we own "<codename>-<arch>"
<roaksoax> ok cool
<roaksoax> smoser: will take it tomorrow, im off now. have a good one
<uvirtbot`> New bug: #921921 in lxc (main) "add support to lxc tools for cloning with btrfs snapshots" [Undecided,New] https://launchpad.net/bugs/921921
<smoser> SpaceBass, hallyn https://code.launchpad.net/~smoser/ubuntu/precise/lxc/btrfs-clone-support/+merge/90236
<smoser> s/SpaceBass/SpamapS
<Hetep-AFK> hola, is a potential for creating an email server available for Linux?
<Zanzacar> Hi I have powernap configured on my server because I would like it to shut down when not in use. That being said it isnt shutting down the computer as configured.
<Zanzacar> I have set verbose/debug to 3 so I can see everything and basically it triggers shut down but doesnt and resets the counters.
<Zanzacar> Here is my config file and my powernap logs. http://paste.pocoo.org/show/540898/
<Zanzacar> as you can see ther powernap.log resets and never actually hibernates.
<Zanzacar> Oddly enough I can get powernap to work only if I restart my system and then it only works for a given number of times. The powernap.err file doesnt have anything in it.
<eagles0513875_> hey guys im using virt-manager connected perfectly fine to a remote server. I create a guest and for some reason i am unable to pxe boot does anyone have any help or ideas as to how to remedy this issue
<smb> eagles0513875_, If you use the default virtual network you would have to have the remote host prepared to be the tftp server.
<ikonia> eagles0513875_: what have you done to debug this ?
<smb> The other stuff won't apply but the things under "EnablingPXE boot" may help: https://wiki.ubuntu.com/Kernel/Reference/Orchestra
<ikonia> eagles0513875_: have you setup pxe boot, have you setup the images/boot options, do you have dhcp setup ?
<eagles0513875_> smb: ikonia well it seems like xen is possibly an issue as the guest boots tries to pxe then it instantly shutsdown
<ikonia> not what I asked
<ikonia> eagles0513875_: have you setup pxe/tftp/dhcp ?
<eagles0513875_> ikonia: im using all default settings that came with ubuntu-orchestra
<ikonia> again - not what I asked
<ikonia> eagles0513875_: have you setup pxe/tftp/dhcp ?
<eagles0513875_> ikonia: arent those part of the orchestra server ? or am i mistaken on that
<ikonia> eagles0513875_: CHECK !
<ikonia> eagles0513875_: rather than coming saying "pxe doesn't work, help" - CHECK
<ikonia> eagles0513875_: how are we meant to advise you like that
<ikonia> eagles0513875_: check the basics, is pxe setup, is dhcp setup, is there a working tftp server
<ikonia> is there a working dhcp server
<ikonia> are they all configured to listen on the right network for your host
<ikonia> this is schoolboy basics
<smb> In theory orchestra sets things up (if you not declined that on installation)
<ikonia> you're supposed to be a professional Linux systems administrator and you ask for help 1.) not checking if these servics are even installed 2.) be if they are running 3.) are they configured 4.) you give the error problems "pxe is not working" - come on, help us out a bit
<smb> But all only works when the orchestra host is in the same network
<smb> tftp does not cross subnets
<ikonia> dhcp won't unless you relay it or bridge it
<_ruben> tftp can be routed just fine afaik?
<ikonia> this is why checking the basics of the components
<smb> _ruben, it did not for me (simply)
<smb> _ruben, I either had to modify the virtual network definitions or create a transparent bridge for it
<_ruben> smb: it does require the tftp netfilter helper modules indeed
<_ruben> as with ftp and the likes
<smb> _ruben, Ah ok. Did not think of those
<smb> _ruben, In the end the transparent bridge setup suited me best as the vm's now are seamlessly integrated in the same home net
<RoyK> _ruben: tftp is just udp, which runs over IP, which is routable
<_ruben> smb: in my case i have a seperate vlan for pxe installs, with the tftp and local repo on a different vlan
<_ruben> RoyK: it using random ports is the challenge
<RoyK> _ruben: that's where ipt_conntrack_tftp and friends come in :P
<_ruben> RoyK: yup
<_ruben> which is what i said :)
<_ruben> ipt_ is old tho ;)
<_ruben> nf_ ;)
<RoyK> whadevver
<smb> Random module renaming to keep people "interested"... ;)
<RoyK> :Ã¾
<_ruben> :)
<smb> _ruben, Probably stupid, just out of interest as I have neglected fw stuff: would you need to set up a fw and rules for tftp conntrack to be useful or can that be done just by loading the module with the target port specified (think rather not)
<ikonia> I've always needed a iptables rules to forward
<smb> Ok, that is along what I expected. Really need to play around more with that stuff... :/
<_ruben> in my case the router is a fairly strict firewall .. but even then all it took was: load helper modules, allow the tftp port in FORWARD, allow RELATED and ESTABLISHED states in FORWARD
<_ruben> as it's more of a firewall issue than routing issue really
<_ruben> iirc, been a while since i set thi sup
<ikonia> I guess any helper will do, but at a base technology it's still a helper rule
<smb> I guess it depends on the approach. For tftp it is sort of a routing problem (and searching the net just with generic keywords does also lead to things like tftp-proxy). But defining that as part of the firewall setup makes a lot of sense as you fiddle around with what goes where anyway.
<juliux_> hi, i have installed the kernel update on 10.04 today(2.6.32-38-server). I also have drbd installed and the module is not longer working, error message as http://paste.ubuntuusers.de/405277/
<juliux_> any hints what I can do?
<juliux_> or why dkms was not working well?
<smb> juliux_, Not sure why it did not recompile, but it sounds like that is what happened
<smb> To fix it you have to go trhough the pains of dkms uninstall, buiild and install the module
<juliux_> smb: i fixed it by aptitude reinstall drbd8-source
<juliux_> smb: but i am wondeirng why it is not triggered correctlyâ¦
<smb> juliux_, Hard to say. If it happens to me I am usually at fault for installing kernels of the same version but a bit different.
<juliux_> smb: ok
<smb> juliux_, Maybe you had been using a test kernel...?
<juliux_> smb: i am only using the kernels from the repository so no custom build kernels
<RoyK> juliux_: I don't think kernel upgrades will autoinstall custom modules
<RoyK> I might be wrong, though
<smb> juliux_, Ah ok. Weird then. Should not be the differing in the
<smb> modversion if not a different abi
<smb> RoyK, There should be a hook called to update dkms modules
<RoyK> k
<pippo> !ciao
<pippo> !list
<ubottu> This is not a file sharing channel (or network); be sure to read the channel topic. If you're looking for information about me, type Â« /msg ubottu !bot Â». If you're looking for a channel, see Â« /msg ubottu !alis Â».
<kantxx> > hey all.. im seeing a weird prob w/ ubuntul installer.. the partitioner doesnt see my hdd but i can see it when dropping to a shell and doing fdisk -l
<fabro> list
<kantxx> fabro: huh?
<fabro> ciao mi sono appena reggistrato e non so come funziona questo programma
<fabro> conoscevo kvirc ma non credo che funzioni allo stesso modo
<fabro> qualcuno puo aiutarmi???
<kantxx> ne1?
<zul> good morning
<maswan> Hm. Anyone know of a resonably maintained backport of a more recent openjdk to lucid?
<xranby> maswan: which architecture?
<maswan> xranby: amd64
<xranby> maswan: in my experience simply recompiling the latest openjdk sourcecode on older ubuntu releases usually work fine
<xranby> maswan: unfortunally i do not host any premade .deb's
<xranby> maswan: i track openjdk on arm
<maswan> xranby: Ok. There is an openjdk ppa, but that doesn't look maintained.
<xranby> maswan: in the icedtea project we recompile the latest openjdk sourcecode almost daily using debian squeeze so it should be all possible to do
<maswan> xranby: thanks. I'll keep that option in mind. The other ones are suffering through bugs for another couple of months and/or pretend that sun-java doesn't *really* need updates until I can upgrade to precise. :)
<xranby> maswan: you can try compile openjdk from source manually it sould be quite quick fist apt-get build-dep openjdk-6     apt-get mercurial    then   hg clone http://icedtea.classpath.org/hg/icedtea6          then cd icedtea6
<xranby> ./configure --disable-docs --disable-bootstrap
<xranby> time make
<xranby> on a fast machine this should complete within 30min
<maswan> thanks. roughly how much diskspace is needed? is a few gigs enough?
<xranby> yes 4 gig should be enough
<hallyn> smoser: btrfs is stable for you?
<smoser> for that test
<smoser> i did one clone
<smoser> you should not gate that patch based on stability of the kernel though
<smoser> (yeah, that sounds strange), because btrfs will be stable at some point, and is stable for some workloads
<hallyn> i've been saying "it'll be stable at some point" for years.
<hallyn> i'm growing dubious
<smoser> well, for some workloads it is stable.
<smoser> and it is extremely useful
<hallyn> smoser: i'm not sure about the way you're using it though
<hallyn> that's really waht's kept me from doing a trial implementation
<smoser> explain?
<hallyn> ideally, we'd configure one path for all the rootfs's.  so that 'subvolume' can be better used
<hallyn> i.e. /var/lib/lxc/btrfs would be the anchor for all btrfs rootfs's
<hallyn> lemme look at your clone again  (was looking at create)
<hallyn> smoser: ok, so you assume /var/lib is entirely btrfs
<hallyn> does that work?  i didn't think you used to be able to do that.  (subvolume create /a/b/c /a/d/e)
<hallyn> if so that's an improvement
<smoser> i dont follow.
<smoser> i admit to only having ~ 90 minuts of btrfs expereicne
<smoser> i dont assume anything is entirely btrfs
<smoser> i try to create a subvolume at the rootfs
<hallyn> i thought that 'btrfs subvolume p/a p/b' required  a and b to be children of the same dir
<hallyn> well regardless, my suggestion stands.  let me rephrase it, and get your feedback:
<hallyn> i think use of btrfs for backing stores should be independent of rootfs fstype
<hallyn> so i recommend having a separate btrfs rootfs under /var/lib/lxc/btrfs, creating rootfs's there, and then bind-mounting them into /var/lib/lxc/<container>/rootfs (like we do with lvm mounts)
<hallyn> stgraber: ^ do you have any opinion?
<smoser> i dont think you should bind mount.
<smoser> i think un-necessary complication
<hallyn> smoser: but thanks for doing it.  i really do want btrfs snapshot support
<hallyn> i think it fits nicely with how we will do all backing stores
<hallyn> at container startup, you figure out the backing store type,
<hallyn> and mount it (however necessary) into /var//lib/lxc/container/rootfs
<smoser> it is independent of rootfs type
<hallyn> at shutdown, umount.
<smoser> it just dpeends that somewhere in the filesystem chain above /var/lib/lxc there is a btrfs
<smoser> if there is not, it will fail
<hallyn> i'm not ENTIRELY opposed, it just seems like it several limits flexibility
<hallyn> s/several/severely/
<hallyn> smoser: i may well be off base.  let's see what stgraber thinks.
<hallyn> smoser: if we do it your way,
<hallyn> then no need to specify '-B btrfs'.  we can just detect fstype of /var/lib/lxc
<smoser> this is correct
<smoser> i didn't do that, but it could.
<smoser> i do think generally, the lxc scripts need some notion of "source" like schroot manages
<hallyn> ?
<smoser> i dont like that it creates a filesystme and then tries to "clean it"
<smoser> it should create a source, and then clone the clean one
<hallyn> i think the cmdline is complicated enough already that the more we can not add args, the better
<hallyn> ...  what do you mean by 'clean' it?
<smoser> i think the command line could generally use some re-work, yes.
<smoser> you do things like re-writing /etc/hostname in the guest
<smoser> and some hacks like zeroing some dhcp leases file
<smoser> dirty
<hallyn> ah, yes. well someone needs to.  it's cleaner than cloud-init :)
<smoser> as opposed to making a perfectly clean source
<hallyn> <badump-dump>
<hallyn> isn't hte source in /var/cache/lxc perfectly clean?
<smoser> what source?
<smoser> there is no notion of source.
<smoser> only if the user manages that themselves
<smoser> oh.
<hallyn> there is a clean debootstrapped copy in /var/cache/lxc/<rleease>
<smoser> actually... i ddin't know aobut /var/cache/lxc
<smoser> i completley missed that.
<smoser> so clearely i'm  a moron.
<roaksoax> adam_g: are any of the labs free for me to use?
<smoser> anywahy...
<roaksoax> jamespage: ^^
<hallyn> that's the thing we'd be replacing with 'lxc-download'
<hallyn> smoser: i see, you'd like to have /var/cache/lxc be btrfs too and have each lxc-create be a snapshot?
<smoser> well., that would make sense to me, yeah.
<smoser> when i got to looking at things, as you said,t he scripts were more complex than i had wanted.
<hallyn> smoser: do you have an ami for a btrfs-backed instance?  or are you just mounting /dev/vdb as btrfs?
<smoser> here, take a look
<smoser> ubuntu@10.55.60.32
<smoser> thats a clean intsance, then i ran
<smoser> http://paste.ubuntu.com/817705/
<hallyn> that's what i figured, thanks
<stgraber> hallyn: I don't really have a strong opinion on this. I guess it'd make sense for the container rootfs to be a snapshot of the cache. Now if both /var/cache/lxc and /var/lib/lxc are on the same FS and are btrfs, I guess we shouldn't do any particular magic (other than doing a snapshot). Where we might want to do some magic is if /var/cache/lxc is btrfs but /var/lib/lxc isn't
<stgraber> hallyn: Using /var/lib/lxc/btrfs as some kind of LVM VG, then creating a sub-directory for the cache and then one snapshot for container would work too, then either use symlinks or bind mounts
<hallyn> stgraber: so you think we should support only that case, and not the separate -B btrfs with rootfs anchored elsewhere?
<stgraber> (so as you can see, no strong opinion ;))
<hallyn> hm
<hallyn> maybe something to discuss at UDS
<hallyn> with dlezcano present
<roaksoax> smoser: howdy!! So based on our discussion yesterday, I was also thi nking whether it would be a good idea for use to use -amd64 instead of x86_64
<smoser> no
<smoser> :)
<smoser> i dont think so.
<smoser> i dont see a reason to fight cobbler
<stgraber> hallyn: that's actually the problem with btrfs, it's doing a whole bunch of stuff that our current filesystems don't do, so it's not always clear if we need to treat it as some storage backend like LVM or if we need to treat it as a regular filesystem :)
<smoser> import takes 'amd64' and changes it to 'x86_64' and tells the user
<roaksoax> smoser: cause issues like this (not that are *that* important) appear: bug #921597
<uvirtbot> Launchpad bug 921597 in orchestra "Systems Architecture when importing apt repos does not match $(ARCH) in sources.list" [Low,Confirmed] https://launchpad.net/bugs/921597
<hallyn> stgraber: ideally i'd say we support both, but i really don't want to complicate the script usage if we don't have to.
<smoser> hallyn, stgraber i really do not understand why you'd complicate things with bind mounts
<hallyn> so, right now i'm leaning toward doing it by requiring /var/cache/lxc and /var/lib/lxc be (the same) btrfs entirely
<roaksoax> smoser: nothing that a symlink could solve though
<hallyn> smoser: the bind mounts would only be for the duration of a container living.  it's not really a complication - it's mounting the rootfs
<hallyn> smoser: actually, i guess we don't have to do it all
<hallyn> we can just set 'rootfs = /var/lib/lxc/btrfs/container'
<hallyn> so never mind the bind mount.  my point was mainly that the rootfs be elsewhere
<hallyn> smoser: is this something you were hoping to get hammered out in the next week or two?  or just something you're experimenting with long-term?
<smoser> i think setting rootfs is complex
<smoser> i would hope that we could have something functional for precise
<smoser> btrfs is "supported" in ubuntu
<smoser> well, maybe rootfs wouldn't be so bad
<smoser> i'm guessing you're saying /var/lib/lxc/<name>/ still contains 'config'
<stgraber> rootfs is fine as long as the user doesn't have to mess with it (which they won't in this case)
<smoser> and then you could still have /var/lib/lxc/<name>/rootfs be a symlink to the source
<smoser> stgraber, the user of 'lxc-create' is not likely the only thing expecting some behavior of lxc scripts
<hallyn> yes to first part.  /ar/lib/lxc/<name>/rootfs wouldn't be a symlink, rather lxc-start would just use /var/lib/lxc/btrfs/<name> as the rootfs instead of using /var/lib/lxc/<name>/rootfs
<smoser> there are other things that are likely built atop that make assuptions
<smoser> hallyn, i'm suggesting the symlink to mak things that expect <name>/rootfs to continue to work
<hallyn> stgraber: i have to agree with christian (in email) - lxc-start is taking too long
<smoser> wel..
<smoser> i just pushed again to that branch, and it works for me.
<hallyn> smoser: so why not just have /var entirely be btrfs?
<smoser> in my isntance?
<smoser> its just more invasive
<hallyn> and just have the code silently detect that and snapshot ?
<smoser> and more of a pain
<hallyn> no, for anyone wanting to use btrfs
<smoser> i'm confused as to what you're asking
<smoser> the branch i submitted doesn't care
<stgraber> hallyn: something seems to have regressed indeed. A precise container used to take 2-3s to boot here, it's now taking over 30s
<hallyn> really i'm saying either we trust btrfs for rootfs, or we don't trust it
<hallyn> the branc you submitted adds '-B btrfs'.
<hallyn> stgraber: i'll open a bug.  (though not sure i can look at it today)
<smoser> right,, but it doesn't care where the filesystem that houses the btrfs lives
<smoser> buti'm fine to make it not even need '-B btrfs'
<stgraber> hallyn: it's the dhclient call that's slowing down the boot in my case. Moving to static networking and I get a boot in less than 2s
 * stgraber is creating a new container cache to be fully up to date
<hallyn> stgraber: do you get that both using lxcbr0 and virbr0?
<smoser> i just booted in under 6 seconds
<smoser> (by human count)
<stgraber> hallyn: that test was with virbr0. I'll try the clean container with both
<smoser> but to login prompt in < 6 with defaults everywhere.
<stgraber> hallyn: oh, I just noticed virbr0 now has STP turned on, I guess that explains
<hallyn> stgraber: hm, me too
<hallyn> whereas stp is off for lxcbr0.  i wonder why
<smoser> so what manages /var/cache/lxc ?
<hallyn> but it seems there's a kernel bug i need to look at.  bbl
<hallyn> smoser: lxc-ubuntu template does it
<stgraber> hallyn: clean precise container on virbr0 without STP => took 2s to boot with DHCP
<hallyn> stgraber: so i wonder why libvirt is turning stp on.  or is bridge-utils doing it?
<smoser> hallyn, so what changes do you want to btrfs support?
<uvirtbot> New bug: #914257 in horizon (universe) "local_settings.py isn't installed as a config file" [Medium,Fix released] https://launchpad.net/bugs/914257
<smoser> you want roots to go in /var/lib/lxc/btrfs
<hallyn> smoser: I'm fine with your patch actually.  jsut to verify though,
<smoser> i see value in /var/lib/lxc/btrfs/<name>/rootfs
<hallyn> btrfs subvolume /var/lib/lxc/a/rootfs /var/lib/lxc/b/rootfs really works?
<stgraber> hallyn: I don't know but it's new. I'm 99% sure I didn't have stp turned on just a few weeks ago
<smoser> hallyn, look at that instance
<smoser> and either tell me i'm an idiot, or that it apparently does
<hallyn> (scrolling back up for the ip)
<smoser> it definitely *succeeds*
<smoser> and really quickly
<hallyn> smoser: your patch is good.  we can always add the automatic detection of /var/cache/lxc and /var/lib/lxc being btrfs later
<hallyn> smoser: thanks.  do you want to push a new lxc with that?
<hallyn> (i see jamespage assigned the bug to you :)
<smoser> its trival to add
<smoser> i can do it if you want
<hallyn> have at
<hallyn> yay, btrfs support!
<smoser> i'll make it so lxc-create doesn't need -B
<smoser> but i'm not going to touch the cache at this point
<hallyn> smoser: do you think there is any sense in support lxc-clone without -s for btrfs and not having it do snapshot?
<hallyn> (i'm not sure there is)
<smoser> i dont follow the question
<jcastro> robbiew: hey so I talked to Daviey and we think #ubuntu-cloud should just redirect here
<jcastro> another channel makes no sense IMO
<hallyn> smoser: with lvm, if you don't say lxc-clone -s, it will do a copy, not snapshot
<smoser> oh.
<smoser> i'll try to make it so that if user explicitly does "-s none" then it will not auotmatically use btr
<smoser> but will just copy
<hallyn> smoser: ok (that's what i was wondering, if there is any case where users would want that.  apart from btrfs bugs, i'm not sure there are)
<hallyn> smoser: separately, do you mind taking a look at https://code.launchpad.net/~guilhem-fr/vmbuilder/oneiric-support/+merge/89858  ?
<smoser> hallyn, i coudn't come up with a usec ase for it.
<hallyn> smoser: then always do snapshot
<smoser> other than '-s overlayfs'
<smoser> i'll add a option to lxc-clone to specify the type of clone
<hallyn> overlayfs is a funky case bc it wouldn't survive reboot
<smoser> rather than just "-s" meaning "use a snapshot"
<smoser> overlayfs would survie a reboot
<hallyn> <frown> i'd prefer doing the simplest btrfs for now and holding off on lxc-clone argument changes
<smoser> if you did things right
<smoser> lxc start would just have to re-mount stuff
<hallyn> done through /var/lib/lxc/<name>/fstab?
<hallyn> might work
<hallyn> might work nicely
<smoser> so should i add '-S' to specify snapshot type?
<smoser> and default to auto-detecting
<robbiew> jcastro: fine by me
<hallyn> smoser: lxc-clone is upstream, so whatever you do in that respect should be sent to lxc-users mailing list for discussion.  But,
<hallyn> smoser: (thinking)
<hallyn> smoser: yeah i think that sounds fine.
<hallyn> i'm just thinking about how that interacts with the lvm stuff
<hallyn> lxc-clone -o old -n new -> just copies
<hallyn> lxc-clone -s -o oldlvm -n newlvm -> does lvm snapshot
<hallyn> lxc-clone -s -S overlayfs -o oldlvm -n newdir ?
<hallyn> i guess -EINVAL on that.  either do lvm snapshot or overlayfs, not both
<smoser> yeah, i think just fail on that case.
<smoser> overlay would only work if 'old' was a directory
<hallyn> zul: do you have a machine that has your bzr credentials and is always online?
<hallyn> zul: i'm considering just doing skunkworks to keep the precise libvirt bzr tree uptodate
<zul> hallyn: yeah kind of
<hallyn> zul: script would basically watch the archive, and just do 'bzr import-dsc <x.dsc>; bzr push' any time a libvirt version is pushed
<zul> hallyn: but we are getting it from debian?
<zul> hallyn: thats what the openstack stuff basically does though
<hallyn> zul: ?  i think we're talking different things
<smoser> hallyn, ok. i did'nt do the '-S' bit for lxc-clone
<smoser> i think we *should* do that
<hallyn> zul: i'm talking about 'bzr branch ubuntu:libvirt' being out of date with respect to ubuntu's precise archive
<smoser> but just didn't want to right now.
<smoser> hallyn, yea, fix that (ubuntu:libvirt)
<hallyn> smoser: ok - thanks!
<zul> hallyn: ah ok...yeah i would totally do that
<hallyn> zul: ok i'm bringing the tree uptodate now, but would like to see it automated
<smoser> hallyn, i guess i should test it on something that isnt btrfs...
<smoser> but really, does anyone not run btrfs as their root filesystem anymore?
<smoser> ;)
<hallyn> hm, imiport-dsc is hanging now
<hallyn> oh, big new tree i guess, explains lag
<koolhead17> congrats zul :)
<zul> koolhead17: thanks
<koolhead17> so testing starts from Monday!! :)
<hallyn> utlemming: have you in fact worked on a new lxc template for cloud images?
<smoser> hallyn, ok. thats tested.
<smoser> i can upload if you'd like
<hallyn> smoser: pls do
<smoser> pushed
<hallyn> smoser: thanks
<hallyn> zul: pushing two fixes in libvirt.  do you have anything you need added to the queue?
<zul> hallyn: nope
<zul> which fixes?
<hallyn> heh, bzr import-dsc went a lot faster at the rally with local archives :)
<hallyn> zul: bug 921870, and a cherrypick of block migration fix (waiting for the submitter to file a bug on it)
<uvirtbot> Launchpad bug 921870 in libvirt "libvirt apparmor profile denies access to macvtap" [Undecided,New] https://launchpad.net/bugs/921870
<zul> cool
<hallyn> it's a cherrypick of commit d8916dc8e2f612ab3ce46f32c4bfeb0bd73f6007, "Fix default migration speed in qemu driver"
<hallyn> smoser: do you know, if i go ahead and code up an lxc-ubucloud template, will i be stepping on utlemming's toes?
<smoser> yeah, i dont know.
<hallyn> ok
<smoser> hallyn, and hazmat is also in that arena
<smoser> and of course, i'm going to tell whoever did it that they did it wrong
<smoser> :)
<smoser> by asking to please use /query interface and accept 'released' or 'daily' to indicate the stream.
<hazmat> i'm not actively working on it, i did some exploration with the cloud images and qemu-nbd and guestfs, but i'm happy to have someone else run with it.
<hazmat> the loop mount of the raw seems like its less hassle (no deps)
<hallyn> smoser: what do you mean by '/query' interface?
<smoser> the other option... is for there to be a new deliverable in the images
<hallyn> hazmat: ok, thanks.  we should probably have an open bug so we can associate a bzr tree with it, and take it when we're working on it
<smoser> just a tar of /
<smoser> hallyn. /query is http://uec-images.ubuntu.com/query/
<smoser> ubuntu-cloudimg-query can query it for you (cloud-utils)
<smoser> $ ubuntu-cloudimg-query precise daily --format "%{url}\n"
<smoser> https://cloud-images.ubuntu.com/server/precise/20120126/precise-server-cloudimg-amd64.tar.gz
<hallyn> and you think that's better than using .../precise/current/... ?
<smoser> um... yes.
<hallyn> ok
<smoser> as i can fix /query if format changes
<hallyn> smoser: are you willing to add a straight tarball?
<smoser> and also...
<smoser> $ ubuntu-cloudimg-query precise daily --format "%{pubname}.img %{url}\n"
<smoser> ubuntu-precise-daily-amd64-server-20120126.img https://cloud-images.ubuntu.com/server/precise/20120126/precise-server-cloudimg-amd64.tar.gz
<smoser> i'm not entirely opposed to it.
<smoser> utlemming, ^
<hallyn> is there space for that or will it cause issues?
<smoser> well.... it will probaly cause space issues, yes.
<smoser> but...
<smoser> in the big scheme of things its not space that i'm worried about
<smoser> i'm more worried about the confusing list of downloads
<smoser> "which should i download"?
<utlemming> smoser, hallyn: the new query format that I am working will expose all the files, so that you could download the manifest if you wanted to
<smoser> right.
<smoser> utlemming, i mentioned your name because of root.tar.gz
<utlemming> ah...looking at the chatback
<utlemming> hallyn: no, you won't be stepping on my toes -- go ahead :)
<hallyn> i'll wait a bit and see if smoser blurts out "ok we'll put up root.tar.gz"
<smoser> hallyn, well, cirros has the .tar.gz
<smoser> so to put ubuntu on equal footing with competitors....
<episteme> anyone know what would cause this error message and how to fix? -bash: /sbin/reboot: Input/output error
<andol> episteme: disk error
<andol> episteme: The system fails to read /sbin/reboot
<episteme> yeah been searching online...got that much...it happens with every command i use
<episteme> does that mean im sol?
<episteme> andol: how can i fix this?
<andol> episteme: Well, I guess it could be the disk controller, and that a power cycle might bring it back temporarily, maybe.
<episteme> kk...thats what i was thinking
<episteme> eh ill give it a shot
<episteme> thanks for your help
<andol> episteme: Still, my best guess would be the disk being bad, and the next prio would be to try saving any important data, if there are any such on it.
<episteme> andol: cool heres hoping ty again
<albrigha> Greetings, I'm trying to install Openstack from the daily build and it's not working. I'm getting an error from apt about nova conflict.
<smoser> hallyn, ok.. i jfdi.
<smoser> utlemming,
<smoser> https://code.launchpad.net/~ubuntu-on-ec2/vmbuilder/automated-ec2-builds/
<hallyn> \o/
<utlemming> smoser: ?
<smoser> that will create (in unpacked/ righ tnow i think) <image>-root.tar.gz
<hallyn> zul: have you ever seen a (libvirt or other) package build with sbuild fail with http://paste.ubuntu.com/817918/ ?
<hallyn> maybe i need a local update
<utlemming> smoser: okay
<zul> no i havent
<smoser> i kicked a build of precise server to test that code
<adam_g> albrigha: which daily build?
<hallyn> smoser: so how will i find that from ubuntu-cloudimg-query ?
<albrigha> adam_g:  the percise server iso
<albrigha> adam_g: i386
<smoser> you wont
<smoser> :-(
<smoser> hallyn, but you'll find it in //query2
<smoser> for /query you 'll just have to drop .tar.gz and add -root.tar.gz
<smoser> but utlemming's /query2 will enumerate it better
<smoser> and i will udpate ubuntu-cloudimg-query to use that data
<hallyn> ok
<smoser> gah!
<smoser> test build failed.
<smoser> archive not installable at moment
<ninjai> is it safe for me to copy /etc/passwd from 1 server to the next, since I need the exact same user accounts on the next server?
<ninjai> if not, what is the best way to accomplish this?"
<adam_g> albrigha: what is the error?
<albrigha> adam_g: during the install, I select no automatic updates, then select only openstack, continue
<albrigha> adam_g: then I get an error 'an installation step failed'
<albrigha> but if I look in syslog it says there is a nova package conflict
<albrigha> the foloowing packages have unmet dependencies: nova-compute-kvm conflict nova-compute-hypervisor
<albrigha> and nova-compute-lxc conflicts nova-compute-hypervisor
<hallyn> hm, gues my schroots must be bad.
<hallyn> drat!
<robo_> hello: we have update-rc.d to add system v style startup scripts. Is there a nifty command to view what is supposed to startup at given runlevels?
<robo_> i get confused with this aspect of ubuntu
<hallyn> i think that's an open feature request
<hallyn> stgraber: every time i start a container now, it resets my keyboard on my host
<robo_> hallyn, and I think that might be because ubuntu seems to move more towards upstart
<stgraber> hallyn: interesting. I noticed something similar with my sound mixer level :)
<stgraber> hallyn: (we need a device namespace ;))
<robo_> and that in itself i don't quite understand yet. How comes some ubuntu packages use upstart while others use system v style (snmpd.)
<hallyn> robo_: some packages simply ahven't been converted to upstart.
<hallyn> stgraber: which devices is it accessing though?  I think it might be proc/sys
<robo_> sounds like a simple enough answer :-)
<hallyn> robo_: but better visualization of what will be started by upstart *is* something we want
<stgraber> hallyn: hmm, indeed, sound is probably through /proc/sys or /sys. Probably should be blocked by apparmor then
<hallyn> stgraber: when the apparmor updates arrive, hopefully the proc/sys denials will fix it
<stgraber> hallyn: for the console (keyboard), I'm not sure what in proc would do that
<hallyn> stgraber: drat, t's really annoying
<uvirtbot> New bug: #922241 in lxc (main) "lxc should Suggest or Recommend btrfs-tools" [Low,Triaged] https://launchpad.net/bugs/922241
<hallyn> true
<hallyn> i'd say suggest
<hallyn> i meant to mention that earlier :)
<stgraber> yeah, suggest is fine
<stgraber> hallyn: I had a quick look through /proc and /sys but couldn't find anything related to keyboard, would have to check the init scripts to find exactly what's being accessed
<hallyn> I'll add it to my list of things to add in next upload.   meanwhile, i'm very happy to have lvm support in lxc-create :)
<hallyn> how odd
<ninjai> if I want to copy all my users from one server to the next server, can I jsut copy passwd?
<patdk-wk> and shadow, and groups
<patdk-wk> I wouldn't copy them, as much as just move the lines that you need
<robbiew> zul: so is it worth sending something to the openstack mailing list about our CI testing?
<robbiew> so folks there know?
<robbiew> jamespage: adam_g: Daviey: ^?
<zul> robbiew: i think so
<zul> any publicity is good publicity
<robbiew> zul...done
<zul> robbiew: nifty
<robbiew> of course I took all the credit...as any good leader does
<robbiew> (j/k)
<zul> of course
<zul> i wouldnt have it any other way
<drPoO> Hi all, I am running 10.04 LTS-server and the other day I got a "Kernel panic -not syncing VFS..." error that would prevent booting of the system. I fixed it by reverting to an older version of the kernel. Is there a way to permanently avoid this issue from happening again?
<RoyK> drPoO: it really should not happen
<RoyK> drPoO: if you can use a network console or similar to create a dump of what really happens, please do so and file a bug
<drPoO> RoyK, I dont know if it's related but the OS is installed on a RAID-0 SSD array.
<RoyK> shouldn't matter
<RoyK> unless there's file corruption, that is
<RoyK> a corrupt kernel won't work too well
<drPoO> the machines work fine with the downgraded kernel
<drPoO> how could i temporarily prevent the kernel from being updated?
<RoyK> the downgraded kernel is another file
<adam_g> robbiew: i plan to send a more detailed email outlining what we've done and how it works, to the relevant lists. hopefully this week
<robbiew> adam_g: okay...I sent the short email...as I'm conscious of our limited presence in the project ;)
<RoyK> drPoO: please run md5sum or sha1sum for the files in /boot and pastebin the result
<drPoO> RoyK, would that imply running md5sum in /boot as root? -> sudo md5sum?
<drPoO> RoyK, here it is http://pastebin.com/HzyZtCKE
<drPoO> RoyK, that was generated by running sudo md5sum /boot/*
 * patdk-wk wonders why sudo is needed
<drPoO> patdk-wk, i guess it isnt really required
<patdk-wk> your missing an initrd.img
<patdk-wk> no wonder it won't boot
<drPoO> patdk-wk, what about the /boot/initrd.img-2.6.32-21-server lines?
<patdk-wk> what about them?
<patdk-wk> I thought we where diagnosing the newest kernel, -35, not -21
 * patdk-wk also notes -35 isn't very new
<patdk-wk> it should be -38
<drPoO> ok i got it
<drPoO> so what can I do?
<drPoO> to fix this issue
<patdk-wk> find out what making the initrd failed
<patdk-wk> no idea
<robbiew> sudo apt-get update; sudo apt-get install linux-image
<patdk-wk> maybe try manually making the initrd
<drPoO>  would pinning apt to a known working kernel be a suitable alternative?
<Daviey> adam_g: Yes, it is a bzr bug.
<RoyK> drPoO: which kernel was it that killed the server?
<drPoO> RoyK, 2.6.32-34
<drPoO> sorry 2.6.32-35
<RoyK> drPoO: what arch?
<RoyK> looks like x86_64
<patdk-wk> it is
<drPoO> yup
<drPoO> 64 bit
<RoyK> f0294206e319b8f7874bb892c5ca6fa5  vmlinuz-2.6.32-35-server
<RoyK> that's mine
<patdk-wk> that is fine, it's missing the initrd file
<RoyK> oh
<RoyK> right
<RoyK> http://manpages.ubuntu.com/manpages/karmic/man8/mkinitramfs.8.html
<drPoO> hold on guys, in none of my other 5 working 10.04 LTS 64-bit servers do i have a initrd.img file in /boot
<drPoO> and none of them died on me
<patdk-wk> who said initrd.img?
<drPoO> you did
<drPoO> didnt you?
<patdk-wk> no, I said it's missing the initrd file for that kernel
<ninjai> can anyone help me out? I jsut installed ubuntu server 11.10 and I cannot use scponly.  I install it and whenever I go to log in it just says "connection closed"
<patdk-wk> so that would be initrd.img-2.6.32-35-server
<drPoO> ah, I misread you
<Daviey> zul / adam_g: How long do you think, until we can push a diablo/stable proposed branch to the ci testing?
<Daviey> is it outlined what we need to do?
<kirkland> SpamapS: what would be the best way to trigger an upstart job at shutdown, but before networking dies?
<kirkland> SpamapS: i have a bootmail user that wants to get a bootmail on shutdown, in addition to startup
<kirkland> SpamapS: which I kinda like;  i'd use that on my ec2 instances
<zul> Daviey: tomorrow
<zul> Daviey: i need to sync up the branches and stuff
<SpamapS> kirkland: start on starting rc RUNLEVEL=[06]
<kirkland> SpamapS: sweet, thanks
<Daviey> zul: is swift fixed?
<SpamapS> kirkland: if you do runlevel [06] you will get a race with the sysvinit jobs, but starting rc RUNLEVEL=[06] will complete first
<SpamapS> kirkland: also make *sure* you make it a 'task'
<zul> Daviey: yeah this morning :P
<kirkland> SpamapS: and what's the best equivalent of /etc/rc.local for running something at boot?
<SpamapS> kirkland: otherwise it will unblock as soon as it starts running.. you want it to block the rest of the shutdown until it is finished
<kirkland> SpamapS: right now, i'm using @reboot cronjob
<SpamapS> kirkland: start on stopped rc RUNLEVEL=[2345]
<kirkland> SpamapS: perfect, thanks
<Daviey> zul: How can i re-trigger the job?
<zul> Daviey: use the jenkins interface to do it
<Daviey> zul: ah yes
<Daviey> zul: is everything now pushed back to LP?
<zul> Daviey: yep
<Daviey> zul: sweet
<adam_g> zul: iscsi/volume issues fixed with this https://review.openstack.org/#change,3479
<adam_g> Daviey: doing that kind of testing is going to require some work
<Daviey> adam_g: that is what i feared
<zul> adam_g: good good..
<zul> i think we need to add some volume testing to the deploy-test script
<adam_g> Daviey: we'd need to have a whole seperate set of cobbler profiles, deployment scripts and tests
<zul> but i can do the  jenkins stuff tomorrow
<zul> ie packaging
<Daviey> adam_g: is there /that/ much more complexity?
<Daviey> ah, testing oneiric rather than precise.
<Daviey> i see.
<roaksoax> adam_g: btw.. it probably would e good idea to patch cobbler with your lvm volumes snippet
<adam_g> Daviey: to do it in an automated way, i think so.. it might be reasonable to have a quick and easy way to manually pause the current testing, deploy oneiric and smoketest whats in -proposed, then switch back
<adam_g> roaksoax: really? im doing all kinds of hacks in them, tho
<hallyn> ahs3: so for that libnl patch i sent for sid to enable make check?  your compile fail was about xml right?  I needed to add '-lxml2' to LIBS in tests/Makefile (even though it's already in LIBEXSLT_LIBS)
<hallyn> but, i'm still just trying to figure out why our buildd's choke on it :)
<ahs3> hallyn: that sounds about right -- it looked like it was something simple like that
<Daviey> adam_g: Okay, use case for intial scratch... I want to ssh to a server... run ./test_proposed-branch.sh git://review.openstack.org/bah/bar..  It grabs the ubuntu packaging from oneiric, updates the upstream code, bumps the d/changelog  ... builds a src package, and tests..
<hallyn> ahs3: thouhg this autoconf (uh) stuff makes me unsure where to fix that
<hallyn> -lxml2 isn't specified anywhere ...  this might be a toolchain breakage
<ahs3> hallyn: nod.  i didn't look; is there a makefile.am somewhere?
<hallyn> ahs3: yeah, it just has "LIBS= @LIBS@"
<Daviey> roaksoax: Hey, did you make progress packaging those oops-* things?
<hallyn> oh, no, that's Makefile.in
<ahs3> ah, better.  that wasn't making sense :)
<adam_g> Daviey: we can watch the git tree for updates and build packages automatically and continously. then, when ready to test, youd need to run a job/script that makes sure 1, the nodes are going to install oneiric 2, any current precisee tests are done, 3, no precise tests will overlap with oneiric deploy/tests, 4, deploy+test, 5 switch everything back to precise, 6 reenable the precise auto testing.   this may all be doable automatically with jenkins,
<Daviey> adam_g: right, i thought phase 1 could be script triggered.
<Daviey> as in by-hand
<roaksoax> Daviey: on it atm
<Daviey> roaksoax: How are they looking?
<roaksoax> adam_g: and I thinkyour work would be great tohave as general snippets for people to use.. obviously they might not need as many hackjs as you are doing
<roaksoax> Daviey: all seem pretty quick to package
<Daviey> roaksoax: awesome. :)
<Daviey> roaksoax: viable that they will be in NEW by EoW?
<roaksoax> Daviey: mmm more likeley for early next week
<roaksoax> da	btw... do we have a bp to track these changes yet?
<Daviey> roaksoax: not really, did you see the kanban?
<roaksoax> Daviey: i did. I will start offering help according to what I see there
<Daviey> cool
<roaksoax> Daviey: btw.. could you pass me the link again with all the new packages needed? (besides the oops) cause I can't find it
<Daviey> roaksoax: wilco.
<Daviey> roaksoax: also, can you make sure https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-powernap is current?
<roaksoax> Daviey: will do
<roaksoax> Daviey: nevermind found the link
<adam_g> roaksoax: the main "hack" im wget'ing the dm-snapshot kernel module from a local host (that im manually extracting from the kernel package that corresponds to the cobbler distro kernel) because its not included with the rest of the storage modules in whatever udeb installs them.
<Daviey> roaksoax: http://pb.daviey.com/5M6H/
<adam_g> roaksoax: if we can get dm-snapshot addded to that udeb,  i think it could be generally useful, and perhaps extended to do kexec instead of reboot
<roaksoax> adam_g: cool
<roaksoax> adam_g: do you have those snippets in a branch
<adam_g> roaksoax: ya lp:~openstack-ubuntu-testing/+junk/cobbler-lvm-snapshot
<koolhead17> SpamapS: around. got this build error http://paste.ubuntu.com/818149/ :(
<koolhead17> adam_g: hello there
<Daviey> roaksoax: see updates on, https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-orchestra
<roaksoax> Daviey: awesome!
<Daviey> roaksoax: some of them are not needed TBH
<Daviey> as in, some are already main
<roaksoax> Daviey: the django ones ?
<SpamapS> koolhead17: about to head to lunch.. will be back soon, but its possible libgd needs some fixes to deal with multi-arch.
<Daviey> roaksoax: well, they need checking
<Daviey> roaksoax: also, if you wanted to review https://code.launchpad.net/~maas-maintainers/maas/packaging that would be great.
<koolhead17> SpamapS: shall i install it or sumthing?
<roaksoax> Daviey: ok, that's inexpensive really
<roaksoax> Daviey: cool will do
<koolhead17> SpamapS: get done with lunch am here only for another 1 hr
<roaksoax> this reminds me.... kirkland still thinking to come to Peru in Feb?
<roaksoax> kirkland: ^^
<adam_g> koolhead17: hi
<koolhead17> adam_g: you are working on essex3/precious automatic install via juju
<adam_g> koolhead17: ah, ya
<koolhead17> adam_g: will need your help for it, incase you have wrote some blog sumwer point me to that please.
<roaksoax> clear
<koolhead17> planning to try in on monday
<SpamapS> koolhead17: send me the steps you're taking to get to that error, and I'll try to reproduce
<koolhead17> SpamapS: 2 mins
<adam_g> koolhead17: hmm, no i haven't had time to do anything like that yet.
<koolhead17> adam_g: i won`t mind documenting the same :P
<koolhead17> SpamapS: i have installed php5-gd and executed the command again, let me see if i get same error
<adam_g> koolhead17: have you got a juju ec2 environment?
<koolhead17> adam_g: i have LXC :(
<adam_g> koolhead17: is that where you plan on doing your openstack testing?
<koolhead17> adam_g: no in lab infra using KVM
<adam_g> koolhead17: ah
<koolhead17> SpamapS: http://paste.ubuntu.com/818170/
<koolhead17> adam_g: did you use orchestra and then juju on it 4 deployment?
<koolhead17> SpamapS: srry am still using the same old long method :(
<adam_g> koolhead17: ya
 * adam_g lunch time
<koolhead17> adam_g: k. I think there was a page 4 that earlier.
<hallyn> Daviey: are you around, can you push new netcf with http://people.canonical.com/~serge/netcf-disable-make-check.debdiff for me?
<Daviey> hallyn: will do, just doing the washing up :)
<slicslak> so i haven't been paying attention but am aware of the recent hoopla in regard to removing Sun's java.  I just need to install java to run an app on a server (apache solr).  what java package is safe/recommended to install these days?  java7-runtime?  fortunately there are no descriptions for most of the java* packages..
<Daviey> adam_g: I was thinking, would we need to 'pause' the precise jobs.. or could it just be added to the queue and have the cobbler lvm task check /etc/issue of the disk and reinstall if not = oneiric?
<Daviey> and then preicse test would do the same?
<SpamapS> koolhead17: actually, it looks like the bug was fixed in Debian in 5.3.9-2 ...
<SpamapS> koolhead17: so I think we can just merge w/ Debian and that will fix the issue
<Daviey> hallyn: bug 922304, can i suggest downloading the buildd chroot and using that as a test, rather than use pbuilder/sbuild created one?
<uvirtbot> Launchpad bug 922304 in netcf "build fails when 'make check' is enabled" [High,Confirmed] https://launchpad.net/bugs/922304
<hallyn> Daviey: infinity says he did that already
<Daviey> hallyn: the chroots generated by those don't /quite/ match launchpads...
<Daviey> oh
<koolhead17> SpamapS: any pointer where i can read how to merge it or its the maintainers who are assigned for that
<Daviey> hallyn: what did he say?
<SpamapS> koolhead17: merges.ubuntu.com, use the 'grab-merge.sh' script
<hallyn> Daviey: let's ask him (to make sure i didn't misunderstand) in #ubuntu-devel
<Daviey> zul: have you seen the failures in https://jenkins.qa.ubuntu.com/view/Precise%20OpenStack%20Testing/job/precise-openstack-essex-nova-trunk/200/consoleFull ?
<koolhead17> SpamapS: that is a shell script asked me if i want to delete all files in current directory and it exited
<koolhead17> SpamapS: https://wiki.ubuntu.com/UbuntuDevelopment/Merging got it. :)
<adam_g> Daviey: hmm, by the time cobbler would be looking at /etc/issue of any disk it would be booted into a precise or oneiric kernel, executing that release preseed.
<adam_g> Daviey: i suppose we wouldn't need to puase the job, but let it queue up. i think the easiest way to choose distro release woudl be to just re-assign $release-x86_64-juju profile depending on what the test run targets
<adam_g> (for all systems)
<Daviey> adam_g: right, but i'm wondering if we have a task which does this:
<Daviey> if /target/etc/issue == $release-we-want:
<Daviey>    lvm + kexec
<Daviey> else:
<Daviey>   continue-install()
<adam_g> Daviey: hmm
<Daviey> adam_g: am i off the wall?
<adam_g> Daviey: im still trying to wrap my head around it :) is that added to a preseed that gets shared between both releases?
<Daviey> adam_g: well, i still think this should be a udeb TBH :)
<Daviey> But yes, it could be done in preseed... with early
<Daviey> hmm
<adam_g> Daviey: i just see it as scripting jenkins jobs for each $release-deploy to do : for $s in `cobbler system list` ; do cobbler system edit --name=$s --profile-$release-we-want-$arch-juju` ; ./deploy
<Daviey> mind you, disk isn't mounted at early..
<Daviey> adam_g: right... but if the underlying image already on this disk == $release-we-want, we don't want to reinstall... just lvm restore... if it's NOT the release we want, we start fresh, right?
<adam_g> Daviey: yeah, or we can just use a more specific name for the pristine lvm root that we restore from. pristine-root-oneiric or pristine-root-precise.
<Daviey> adam_g: that is an interesting thought...
<adam_g> that way we can avoid having to do much of anything in /target (which, btw, isn't even mounted by the installer when we're doing all this voodoo)
<Daviey> adam_g: the thing with doing a fresh install, is that we can throw the server away and put a new one in, and not care about 'prepping' the system
<adam_g> Daviey: not sure what you mean
<Daviey> adam_g: I mean, If we have multiple lvm snapshots.. oneiric, precise and q-series in the future...
<Daviey> if we rack a new server, or format the disks and loose it.. we'll need to prep the server with at least 3 lvm snapshots first, right?
<Daviey> Oh.. in early, we could see if the lvm is there or not, and create it if not?
<adam_g> Daviey: partman_early command only restores.  creation doesn't happen until after a full install, and (currently) if the system is tagged with the lvm-snapshot-create mgmt_class
<Daviey> adam_g: right, so....  if $release-we-want in $(lvdisplay | grep etc): restore() else: continue
<adam_g> Daviey: ya
<Daviey> adam_g: so if we have the snapshot, we restore - otherwise we install.
<adam_g> Daviey: yeah, thats how we've got it currently. but its looking for a generic pristine-root logvol. we can just make it more specific, but still keep the snippet generic across all release profiles
<hallyn> Daviey: well, went and and tried, test still passes
<adam_g> Daviey: that is, have the $release-we-want derived from the cobbler profile name or something
<Daviey> hallyn: so, lets just upload?
<hallyn> Daviey: i think so, yeah
<hallyn> Daviey: i wonder when the buildds are moving to lucid
<Daviey> adam_g: sounds awesome!
<Daviey> hallyn: I don't think the hosts will..
<Daviey> hallyn: so, you want it uploaded?
<hallyn> Daviey: yes pls.  thanks.
<trimeta> Question: When there's an updated kernel, and the changelog says the only difference is "Bump API" (or possibly changes to compat-wireless, which shouldn't matter to my wifi-less server anyway), is there any actual reason to reboot?
<Daviey> trimeta: not really IMO .. the dkms modules if you use them will still be loaded from your old kernel...
<Daviey> trimeta: fwiw, i only reboot if it's a sec update.
<trimeta> That's what I though.
<trimeta> I don't need new features, so the kernel I've got right now is good enough for me.
<Daviey> hallyn: uploaded
<hallyn> Daviey: thanks
<kieppie> hi guys. I have a suspicion that cron isn't working on a host, but I can't be sure. why would that be?
<trimeta> What's the recommended way to remove a PPA from a Lucid system? I could just delete the file in /etc/apt/sources.list.d, but I want to get rid of the public key entry too.
<mgw> re cobbler â is there a convention as to where a firstboot script should be stored on the provisioning server?
<kieppie> ...nevermind
<mgw> (for retrieval by the provisioned machine)
#ubuntu-server 2012-01-27
<rbasak> trimeta: interesting. add-apt-repository has a remove option, but it doesn't look like it removes the key, though I'm not sure. If it doesn't, you can use apt-key to remove it, and I think it'd be reasonable to file a bug on that.
<adam_g> mgw: what do you mean by firstboot script? the preseed/kickstart?
<trimeta> rbasak: add-apt-repository doesn't include a remove option on lucid...I think it was added in a later version of Ubuntu.
<mgw> adam_g: no, just a script i need to run the first time the system boots after install
<mgw> it will be retrieved via wget in the late_command
<rbasak> ah ok. I suppose it has to all be done manually then
<trimeta> At least, add-apt-repository --help doesn't say anything about removal.
<rbasak> The catch with key removal is that a single key might apply to more than one repository
<trimeta> True...but I remember adding a key when I added this repository, so I think I'm probably safe in removing it.
<adam_g> mgw: ah, no, i dont there is any convention around that, since it is outside the scope of cobbler itself at that point.
<mgw> ok, ty
<rbasak> And I don't think there's a mapping kept anywhere, so removing automatically it isn't simple. It's reasonable to expect this functionality though
<rbasak> for your case, will apt-key del do?
<trimeta> I think so...I checked apt-key list first, found the one which said "PPA for <dev who made the PPA I want to remove>", confirmed the key ID online at the place where I got the PPA, and apt-key del'ed it.
<trimeta> And removed the /etc/apt/source.list.d/ files.
<aljosa> anybody using glusterfs on amazon ec2/ebs or something similar?
<twb> !anyone
<ubottu> A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<aljosa> what to use on top of aws ec2/ebs to create a reliable distributed filesystem available to ec2 instances in a single aws region?
<twb> Dunno
<chelz> aljosa: might look into ceph / cephfs -- https://en.wikipedia.org/wiki/Ceph
<uvirtbot> New bug: #922425 in mysql-5.1 (universe) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 100" [Undecided,New] https://launchpad.net/bugs/922425
<realmagiz> hi all , i m using xchat for this IRC. I dont know how to start talking to someone whose name starts with Blk*
<realmagiz> in webchat.freenode.net, just type in first character and tab is ok
<chelz> realmagiz: try in #freenode
<realmagiz> chelz, what do you mean?
<chelz> realmagiz: your question, ask there
<realmagiz> chelz, sorry bro
<realmagiz> btw, does someone know how to block wifi users using sub wifi home router to share their one connection to many?
<realmagiz> my wifi router has no such feature of that control
<cloneMX> Hey all
<cloneMX> Hi have a problem, hope someone can helpme
<cloneMX> recently I installed ubuntu 11.04 server, but by some reason  some service just close the connections from some specific hosts (same subnet form my ISP or other that belong too), the specific efects are: after been logged with and ssh session this just stop showing  the output of a single command like "ifconfig" of if somene try to visit a resource from the apache server this connection is abruptly close and dont some any thing.
<cloneMX> First I thought was my firewall config but I have some other server config with the same config but with the diference the version of ubuntu are 10.XX.
<cloneMX> any clue?
<qman__> this is most likely a hardware issue
<qman__> if the connections work but drop at random, mid-command, hardware/drivers/kernel is the most likely suspect
<cloneMX> well could be
<cloneMX> cause I got this new Nic
<cloneMX> Broadcom Corporation NetXtreme BCM5723 Gigabit Ethernet PCIe
<qman__> first step to verify would be to boot a different live CD and test
<qman__> like a different distro or kernel version
<qman__> if the problem goes away, it's probably kernel/driver
<cloneMX> same with debia 6
<qman__> if it doesn't, it's probably hardware
<cloneMX> the same efect
<cloneMX> and I have 2 server
<qman__> then it's hardware, check to see if you're running the same kernel version
<cloneMX> 3.xxx
<qman__> have to be exact
<cloneMX> hehehe
<cloneMX> yea JK
<qman__> but, if the problem is the same in a 2.6 kernel and a 3.0 kernel, it's probably the actual hardware, or a long-standing driver bug
<cloneMX> I think you are right cause just before the login promt is display I got 4 massages like this
<cloneMX> ] netxen_nic 0000:10:00.0: eth1: set_features() failed (-5); wanted 0x601148b3, left 0x6011c8b3
<cloneMX> one for every ethx
<cloneMX> is a 4 ports nic
<qman__> check to see if/when that particular hardware support was added to the kernel
<qman__> it's possible that that card was never really given support, but loads and operates (poorly) with a driver for other cards automatically
<cloneMX> ok
<qman__> if that particular card does have support and has had it for a while, it's more likely that your hardware is actually bad
<cloneMX> the nic is the only Variable on my equation cause I got 2 servers with the same efect
<qman__> same problem, same NIC?
<cloneMX> yep
<qman__> then it's probably the driver
<qman__> either doesn't support it specifically or has some bug
<qman__> you could file a bug against it if you find what driver it is and such
<qman__> could also try other distros to see if it's only a debian-land bug or a linux in general bug
<qman__> and check the hardware manufacturer's page to see if you can download and compile a driver which eliminates the problem
<qman__> not a great long term solution but good for troubleshooting
<cloneMX> ok
<cloneMX> just as extra info
<cloneMX> reading the kern.log
<cloneMX> I got this
<cloneMX> [   18.924671] ------------[ cut here ]------------
<cloneMX> [   18.924673] WARNING: at /build/buildd/linux-3.0.0/net/core/dev.c:1328 dev_disable_lro+0x95/0xc0()
<cloneMX> [   18.924675] Hardware name: ProLiant ML110 G6
<cloneMX> [   18.924676] netdevice: eth2
<cloneMX> [   18.924677] failed to disable LRO!
<cloneMX> [   18.924678] Modules linked in: usbhid hid netxen_nic tg3
<cloneMX> [   18.924682] Pid: 313, comm: sysctl Tainted: G        W   3.0.0-15-server #26-Ubuntu
<cloneMX> [   18.924683] Call Trace:
<cloneMX> [   18.924686]  [<ffffffff8105e7cf>] warn_slowpath_common+0x7f/0xc0
<cloneMX> [   18.924688]  [<ffffffff8105e8c6>] warn_slowpath_fmt+0x46/0x50
<cloneMX> [   18.924691]  [<ffffffff814eeaa5>] dev_disable_lro+0x95/0xc0
<cloneMX> [   18.924693]  [<ffffffff815572e4>] devinet_sysctl_forward+0x134/0x170
<cloneMX> [   18.924696]  [<ffffffff811ccb74>] proc_sys_call_handler.isra.3+0xc4/0xe0
<cloneMX> [   18.924699]  [<ffffffff811ccba8>] proc_sys_write+0x18/0x20
<taipres> whoa there
<cloneMX> [   18.924701]  [<ffffffff81168083>] vfs_write+0xb3/0x180
<cloneMX> [   18.924704]  [<ffffffff811683aa>] sys_write+0x4a/0x90
<cloneMX> [   18.924707]  [<ffffffff8160eb82>] system_call_fastpath+0x16/0x1b
<cloneMX> [   18.924709] ---[ end trace 36b7aed031c3a3cd ]---
<taipres> pastebin is your friend
<cloneMX> [   18.924710] ERROR. Could not send configure hw lro request
<cloneMX> [   18.924714] netxen_nic 0000:10:00.2: eth3: set_features() failed (-5); wanted 0x601148b3, left 0x6011c8b3
<lifeless> !pastebin | cloneMX
<ubottu> cloneMX: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<cloneMX> but yes friend
<cloneMX> probs the driver
<cloneMX> tnx
<cloneMX> and sorry
<cloneMX> http://paste.ubuntu.com/818463/
<cloneMX> qman__ ty soo much letme see what happen
<cloneMX> well qman
<cloneMX> I think you are right
<cloneMX> http://blog.kurpanik.eu.org/?p=6
<twb> !enter
<ubottu> Please try to keep your questions/responses on one line. Don't use the "Enter" key as punctuation!
<realmagiz> what about my wifi issues?
<twb> What about it
<smw> udienz, I suggest following the "Auto-Identify to Nickserv at Login" instructions at http://www.linuxassist.net/irc
<smw> udienz, when you join you are not cloaked
<udienz> smw: thanks for remind, i forget to configurint it at xchat
<uvirtbot> New bug: #903318 in juju "juju ssh fails on local provider: pty-allocation-request-failed-on-channel-0" [High,Confirmed] https://launchpad.net/bugs/903318
<Jeeves_> Morning
<Jeeves_> I'm fighting with Grub
<Jeeves_> Anyone with clue how to fix this?
<Jeeves_> https://p.6core.net/p/ej90ojgv3b2npz3u
<_ruben> that doesn't look good :/
<_ruben> sounds like an unhandled cornercase in the script
<Jeeves_> It's two 3TB disks
<Jeeves_> with GPT and RAID1
<_ruben> don't think i ever got ubuntu to boot from gpt
<_ruben> never used >2TB disks, and when hardware raid is involved, i tend to carve out a small lun for the os
<_ruben> and it's kinda annoying that debian-installer decides to go GPT for 2TB disks, even tho those are small enough to not use gpt
<Jeeves_> I didn't use the installer for this one
<Jeeves_> I debootstrapped it
<Jeeves_> http://forums.funtoo.org/viewtopic.php?id=467
<Jeeves_> That might help
<twb> _ruben: that is a bug, #d-i said they'll look into it
<twb> _ruben: specifically the bug is the cutoff is at 2GB instead of 2GiB
<twb> Er, s/G/T/
<twb> FWIW, I have seen GRUB2 boot Ubuntu (Lucid, IIRC) off BIOS/GPT combination before.
<twb> _ruben: also run d-i with priority=low and you can choose the partitioning flavour
<_ruben> twb: ah, nice to know
<twb> Also d-i will allow you to use a disk as a filesystem (no partitioning) if you mke2fs it first; this can be done from the shell on vt2
<Jeeves_> which was the key to get in the grub menu again?
<Jeeves_> with grub2?
<Jeeves_> Right control?
<twb> This is handy if you plan to partition withing md raid, or if you have a small (say 2GB) VM disk and want to be able to loopback mount it without bothering to calculate offsets or install kpartx
<twb> Jeeves_: shift or control; left is more likely to work
<twb> Er, shift or alt, i think
<twb> In extlinux you can also use scroll lock, which is good because you can press it ahead of time, whereas hitting shift/alt in grub must be timed exactly -- after the BIOS finished, before grub finished :-/
<Jeeves_> Yeah, they screwed that up
<twb> I am a rabid anti-grub bigot
<Jeeves_> Is there anything else?
<twb> I'd have sold you on extlinux already except I don't know how to make it use GPT
<Jeeves_> So that sucks too :)
<twb> extlinux = syslinux = isolinux = pxelinux -- you've probably used it already, just not on hard disks
<Jeeves_> my bios is acting up strangely with those big disks
<twb> Jeeves_: well, in theory extlinux can use gpt, I just couldn't get it to work in an hour with a non-EFI mobo
<twb> Jeeves_: try allocating /boot within the first 2TB
<Jeeves_> twb: It is
<Jeeves_> But my bios just doesn't see the disks, most of the times
<twb> Jeeves_: and make sure your GPT partitioner does whatever backwards-compatibility things the kids are into these days
<Jeeves_> I used gdisk
<Jeeves_> Which booted kinda fine the last time
<Jeeves_> except that grub was whining about the 1.2mdadm /boot
<uvirtbot> New bug: #922473 in apache2 (main) "Typo mistake in description nearby DefaultType directive" [Undecided,New] https://launchpad.net/bugs/922473
<twb> Ah, good to know, I thought that issue was extlinux-specific
<twb> Not much I can help you with; I've avoided the whole itanium clusterfuck (efi/gpt) until now...
<Jeeves_> Yeah, well.
<Jeeves_> cfdisk didn't do well with these disks
<Jeeves_> fdisk didn't either
<Jeeves_> and then someone said GPT
<Jeeves_> which worked fine
<twb> parted
<twb> Obviously you must use GPT on >2TiB disks
<Jeeves_> except that grub didn't mention that it needed a small unused partition
<twb> That's because grub's an ass
<twb> d-i should do the partitioning for you anyway
<Jeeves_> I bootstrapped it
<twb> I'm assuming you tried that (partman) first?
<twb> Oh right
<Jeeves_> since my mobo wouldn't let me boot these disks and an usb disk at the same time
<twb> anyway pub time, good luck
<_ruben> put /boot on a stick and don't bother with having to boot from those disks :p
<mrevell> Morning
<Jeeves_> pub time!
<Jeeves_> It's 10.00 AM!
<smb> It is always pub time ... somewhere
<Jeeves_> :)
<Daviey> mrevell: o/
<mrevell> Hey Daviey
<soren> Daviey: Looking at http://bazaar.launchpad.net/~openstack-ubuntu-testing/+junk/jenkins-scripts/view/head:/tarball.sh ... Can you please stop building tarballs like that? Ideally, you'd use the ones we build, but failing that, can you at least build them in the same way as we do (python setup.py sdist)?
<soren> Daviey: If you don't, there's an important class of problems you'll never find. Specifically, required files that are not included in the tarball. You won't discover that until you build from the real tarballs, i.e. at the worst possible time: When it's too late.
<Daviey> soren: Yes, that was identified yesterday and zul will make the change today.
<Daviey> soren: Or, patches are very much welcome.
<dholbach> hiya
<Daviey> hey dholbach o/
<dholbach> can somebody help review http://mentors.debian.net/package/salt - technoviking and others have asked me for some help to get the package into Debian and Ubuntu
<dholbach> I thought you'd probably know best how to handle a package like that
<soren> Daviey: I've already written that stuff once.
<soren> Daviey: That ought to be plenty.
<soren> :)
<Daviey> soren: patches/branches do tend to speak better than irc TBH :)
<soren> Daviey: a) I've already implemented all this once. b) I really can't be bothered writing patches for something if you're just going to reject them, so I prefer to ask if you have some sort of reason for not using the code I've already written.
<Daviey> soren: No, zul needed to create a script that turns a git head into a tarball.  That is the approach he went for straight away, but it's all about incremental improvement, right?
<Daviey> It wasn't a decision to say, "lets not use soren's stuff"
<soren> How could I tell?
<soren> I don't belive it's a surprise to you that we used to build packages per-commit.
<soren> So you know the code already exists.
<soren> ..yet you start from scratch.
<soren> I can't guess at your motivation for that.
<Daviey> soren: /where/ is that code?
<soren> EVerything we have automated lives at https://github.com/openstack/openstack-ci/
<soren> https://github.com/openstack/openstack-ci/blob/master/tarball_script.sh is what you want.
<Daviey> soren: handy!
<soren> Can you understand my lack of motivation to help you write that same thing all over again?
<Daviey> soren: Yes, Yes i can.
<soren> There's also a script that does all the ppa magic.
<soren> ..but it maybe need more work to fit your needs.
<Daviey> soren: right!
<soren> Since it's written to apply all the same packaging code on top of an upstream tarball for all the supported UBuntu versions. You probably don't care about anything older than Oneiric (or even Precise), and you probably don't want to apply the same packaging across the board (for SRU's and whatnot).
<Daviey> soren: well, this also needs to work for stable PROPOSED changes.
<Daviey> as in diablo/stable nova
<soren> Daviey: Precisely.
<soren> Daviey: THat's what I tried to hint at with the SRU thing, but I can see it was a bit convoluted.
 * soren heads to lunch early
<Daviey> soren: wait 1
<soren> ok
<Daviey> soren: If we make better reuse of what is there in openstack-ci, would you be interested in helping?
<soren> Absolutely.
<Daviey> \o/
<soren> I need to do something similar quite soon anyway.
<Daviey> soren: for Quantum?
<soren> No, for all the OpenStack projects. Just in a different environment.
<lynxman> Daviey: ping
<Daviey> lynxman: hola
<lynxman> Daviey: back in the grind, taking charge of the syslog bugs in Orchestra if that's okay for you sir
<Daviey> lynxman: is ipxe sorted now?
<Daviey> lynxman: what bugs are you looking at?
<lynxman> Daviey: ipxe had a review from jamespage and roaksoax, both suggesting different enhancements, so I'm doing all of them now
<Daviey> lynxman: yep, how are they going?
<lynxman> Daviey: bug #919913
<uvirtbot> Launchpad bug 919913 in orchestra "cron.d/remote_syslog_compress should skip .bz2 files" [Undecided,Confirmed] https://launchpad.net/bugs/919913
<lynxman> Daviey: will be done today
<Daviey> lynxman: Okay, just make sure you stay in sync with roaksoax - he is driving that part of it.
<lynxman> Daviey: I'll wait for him to get online to do that and a couple modifications on rsyslog config
<Daviey> cool
<Daviey> soren: Does it make sense for us to use jenkins.openstack.org/milestone ?
<Daviey> the bzr tree
<soren> Depends.
<soren> Are these packages for publishing at all or exclusively for your own tests?
<Daviey> soren: just own tests, but for giggles - push to a PPA aswell.
<Daviey> i think.
<soren> :)
<soren> If they ever hit a ppa, I think you should expect to use the milestone thing.
<soren> Unless you can come up with another versioning scheme that will correctly identify which versions should supersede which versions.
<soren> Good luck with that :)
<soren> Or are you really asking if you should be getting that information from there or from somewhere else?
<Daviey> soren: right!
<Daviey> Should we be reling on that branch for data
<soren> Ah.
<soren> ER..
<RoyK> http://yfrog.com/z/0kdmijj
<soren> Daviey: Good question, really. There's a bit of a race condition there, isn't there?
<Daviey> exacta-mundo.
<soren> ttx: ping
<Daviey> soren: gah, it's hard coded to use venv.. :(
<soren> ttx: My tiny brain can't handle this right now.. Can you help? (read from Daviey's "soren: Does it make sense for us..." and onwards (around 20 lines up))
<soren> Daviey: Oh, is it?
<soren> That's a newism.
<soren> Should be simple to revert.
<Daviey> unless i'm missing the env variable
<Daviey> soren: https://github.com/openstack/openstack-ci/commit/18a3500bddb70af5cbef5f4c83aa3991996597ac#tarball_script.sh
<koolhead17> hi all
 * ttx looks
<ttx> Daviey: what are you calling "jenkins.openstack.org/milestone" ?
<ttx> apparently I need to read more backlog
<Daviey> ttx: Hang fire
<soren> ttx: That's the bzr repo where we keep the milestone info. When you bump the milestone version on JEnkins, that's where the change lands.
<soren> Supposedly.
<ttx> soren: oh. so lp:~openstack-jenkins/milestone ?
<soren> No.
<soren> -> pm
<zul> morning
<rbasak> hey zul
<rbasak> zul: bug 879666, I can't find the console fifo patch in precise any more. What am I missing?
<uvirtbot> Launchpad bug 879666 in nova "chown error for console.fifo when launching vm" [Medium,New] https://launchpad.net/bugs/879666
<zul> uvirtbot: i dropped it because it hasnt been accepted upstream yet
<uvirtbot> zul: Error: "i" is not a valid command.
<zul> doh
<zul> rbasak: ^^^
<tyska> why apt-get update takes so long when i have a ppa repository listed on sources.list?
<rbasak> ok. I'm not sure it will be.
<rbasak> thanks zul.
<rbasak> zul: also you asked me to remind you about bug 873243 at the rally.
<uvirtbot> Launchpad bug 873243 in nova "nova-compute-xen depends on xen-linux-system which does not exist" [High,Fix released] https://launchpad.net/bugs/873243
<zul> rbasak:  hmmm..
<zul> rbasak: yeah still have to get the oneiric sru stuff
<therve> Daviey, sorry, other there?
<Daviey> therve: hey!
<therve> cool :)
<Daviey> therve: You have a patch for rabbitmq-server ?
<Daviey> therve: Are you happy to create a debdiff?
<therve> Daviey, sure that sounds like a good idea
<therve> Daviey, against precise?
<Daviey> therve: yeah, we always need to fix development version first, then consider an SRU
<therve> cool
<Daviey> therve: if you want a pointer, do ask.
<therve> Daviey, which bug should I attach it too?
<therve> #833073 maybe?
<Daviey> bug #833073
<uvirtbot> Launchpad bug 833073 in gdm "oneiric gdm picker list contains system user, rabbitmq" [Undecided,Confirmed] https://launchpad.net/bugs/833073
<Daviey> therve: so there are a few bugs which shold have been marked as duplicates
<Daviey> pick one, and we'll make the others to dupe against it
<Daviey> StevenK's might be best.
<therve> sounds good
<uvirtbot> New bug: #916153 in libcgroup (universe) "libcgroup1 security issues" [Undecided,New] https://launchpad.net/bugs/916153
<uvirtbot> New bug: #922594 in openldap (main) "Assertion in slap_listener" [Undecided,New] https://launchpad.net/bugs/922594
<iclebyte> has any one seen a scenario when building a software RAID1 array via the 10.04LTS installer in which when creating the first MD device the only partitions listed are sda1 and sda2 - no sda1 and sdb1?
<uvirtbot> New bug: #922600 in rabbitmq-server (main) "Upgrade rabbitmq-server to 2.7.1" [Undecided,New] https://launchpad.net/bugs/922600
<smb> zul, for you enjoyment I filed bug 922486 and bug 922137. Also virt-manager seems to have some issues of reliably noticing guests _not_ running anymore. While I can see that in virsh (not yet filed a bug)
<uvirtbot> Launchpad bug 922486 in libvirt "libvirt boot race on xen hypervisor" [Undecided,New] https://launchpad.net/bugs/922486
<uvirtbot> Launchpad bug 922137 in xen-common "xm new depends on python-lxml" [Undecided,New] https://launchpad.net/bugs/922137
<zul> smb: lovely...thanks i think :)
<smb> zul, My pleasure... :-P Well thought we should at least be aware
<smb> The depend thing is pretty lame/simple
<cerberos> Hi, I'm trying to install nginx but getting nginx-light: Depends: libssl0.9.8 (>= 0.9.8m-1) but 0.9.8k-7ubuntu8.6 is to be installed
<cerberos> where can I find this package? (google is not my friend)
<uvirtbot> New bug: #922650 in php5 (main) "Lucid needs the fix for PHP Bug #33210" [Undecided,New] https://launchpad.net/bugs/922650
<hallyn> stgraber: bug 922645, even though i usually hate set -e, i'm just gonna make lxc-ubuntu set -e.  It's working for me locally.
<uvirtbot> Launchpad bug 922645 in lxc "ubuntu template should fail on error" [High,Confirmed] https://launchpad.net/bugs/922645
<uvirtbot> New bug: #922645 in lxc (main) "ubuntu template should fail on error" [High,Confirmed] https://launchpad.net/bugs/922645
<hallyn> maybe the backing store preferences should be specifyable in /etc/default/lxc
 * smb growls at whatever userspace change between yesterday and today broke his server
<smb>  1486 ?        Z      0:00 [lockfile-remove] <defunct>
<smb>  1583 ?        Zs     0:00 [avahi-daemon] <defunct>
<smb>  1599 ?        Zs     0:00 [sh] <defunct>
<smb>  1699 ?        Zs     0:00 [rc] <defunct>
<smb>  1716 ?        Zs     0:00 [init] <defunct>
<smb>  1983 ?        Z      0:00 [ipmievd] <defunct>
<smb>  2022 ?        Zs     0:00 [xenstored] <defunct>
<smb>  2026 ?        Zs     0:00 [xenconsoled] <defunct>
<smb>  2059 ?        Zs     0:00 [xend] <defunct>
<smb>  2508 ?        Zs     0:00 [start-stop-daem] <defunct>
<smb>  2515 ?        Z      0:00 [lockfile-touch] <defunct>
<hallyn> thinking maybe i won't upgrade right now
<smb> does not sound like a good idea
<smb> typical apha friday
<smb> *alpha
<gary_poster> hallyn, hi.  when you have a moment, I'm having trouble with an lxc precise container (within precise host).  it has internet connectivity but no dns.  There is no /run/resolvconf dir.  Any ideas on things to try?
<hallyn> gary_poster: how exactly did you create the container?
<gary_poster> hallyn: sudo lxc-create -t ubuntu -n bbot -f /etc/lxc/local.conf -- -r precise -a i686 -b gary
<gary_poster> I'll get you local.conf...
<hallyn> what is in /etc/lxc/local.conf?
<gary_poster> hallyn, http://pastebin.ubuntu.com/818969/
<hallyn> gary_poster: and what does 'brctl show' give on the host?
<gary_poster> hallyn, http://pastebin.ubuntu.com/818974/
<hallyn> gary_poster: btw, resolvconf doesn't get installed by default, so i wouldn't expect /run/resovlconf (i dont' have one either)
<gary_poster> og!
<gary_poster> oh
<hallyn> gary_poster: ps -ef | grep dnsmasq ?
<gary_poster> /etc/resolv.conf should point to nowhere?
<hallyn> no...
<hallyn> it should get filled by dhcp
<gary_poster> hallyn (from host) http://pastebin.ubuntu.com/818975/
<hallyn> gary_poster: my container and host look much like yours, and i have /etc/resolv.conf with: nameserver 10.0.3.1
<smb> hallyn, just to add resolvconf had been one thing that got updated and it threw away my manually created one
<hallyn> smb: meaning resolvconf messed up your update?
<hallyn> gary_poster: you should see dnsmasq request from container in host's /var/log/daemon.log
<smb> hallyn, At least it seems to be one part of the mess up
<gary_poster> hallyn, I bet if I remove the broken symlink and add that file manually it will work.  But why wasn't it there to start with, is a question, I guess.  I'll start it back up
<hallyn> gary_poster: which broken symlink?
<smb> hallyn, Had to add dns-servers and dns-search into /etc/network/interfaces
<hallyn> oh!
<gary_poster> hallyn, /etc/resolv.conf
<hallyn> gary_poster: i think others (not in containers context) have seen that bug
<gary_poster> oh ok
<hallyn> stgraber: ^ do you know offhand why /etc/resolv.conf would get created as a symlink?
<hallyn> (without resolvconf installed)
<smb> hallyn, It might be related that now /etc/resolv.conf is a softlink into /run/...
<apw> gary_poster, is this inside your container ...
<hallyn> gah
<gary_poster> apw, yes
<hallyn> smb: is this brand-new?
<apw> hallyn, resolvconf is now a depends on ubuntu-minimal or something
<stgraber> hallyn: without resolvconf, no, but resolvconf is now the default :)
<gary_poster> yes, resolvconf is installed in my container
<smb> hallyn, It seems. At least this is the first time I got bitten. This morning boot was still ok
<gary_poster> without my explicitly asking for it
<hallyn> <sob>
 * gary_poster pats hallyn on the back
<apw> hallyn, so this seem like the same result we are seeing in schroots ...
<stgraber> hallyn: I'm still fixing breakage of that change in a bunch of different packages, so feel free to assign the bug to me and I'll look once I'm done with schroot, ltsp, dhclient and live-build ;)
<hallyn> stgraber: AFAIK there's no open bug yet.  should one be opened for lxc specifically?  i'd think this is a general bug...
<hallyn> apw: have you opened a bug for the schroot case?
<gary_poster> ok from perspective of user, you guys are on it, and I can manually change my /etc/resolv.conf .  I'm happy to help with filing or with testing if desired.
<apw> hallyn, its tim's bug ... i'll ask him
<smb> stgraber, /me wonders whether one can add xen to the list, too. At least I am broken in some strange way as well
<hallyn> gary_poster: thanks.  it *sounds* like i should trivially reproduce once my tests are done running here (i can't creat a container right now :)
<gary_poster> heh ok
<stgraber> hallyn: schroot will be fixed in the schroot hook
<hallyn> stgraber: what is the fix?
<stgraber> hallyn: when entering schroot, /etc/resolv.conf will be removed and replace by the content of /etc/resolv.conf outside of the chroot
<stgraber> hallyn: in the case of LTSP, I don't see why resolvconf wouldn't work in the container though
<stgraber> *LXC
<apw> stgraber, its a filesystem namespace just the same right ?
<hallyn> stgraber: ok, i'll investigate and see if a bug needs to be filed.  thanks.
<stgraber> hallyn: running actions post debootstrap might be where we need to fix it (copying the host's content during the few apt-get we do, then restoring the symlink)
<stgraber> hallyn: the resulting container should work fine with /etc/resolv.conf being a symlink
<hallyn> stgraber: ah, ok, i think we do the first part but we don't restore it
<stgraber> which isn't true for schroot because it doesn't actually run any network configuration or call any upstart job (and so needs fixing in the hooks)
<stgraber> hallyn: right, and cp /etc/resolv.conf $CACHE/etc/resolv.conf will fail (copying to dangling symlink)
<hallyn> stgraber: it isn't failling here though.  that's what has me confused
<apw> stgraber, or worse it'll copy over your real resolv.conf
<stgraber> hallyn: so you need to mv $CACHE/etc/resolv.conf $CACHE/etc/resolv.conf.orig && cp /etc/resolv.conf $CACHE/etc/resolv.conf && do our stuff && mv $CACHE/etc/resolv.conf.orig $CACHE/etc/resolv.conf
<hallyn> stgraber: right
<stgraber> hallyn: oh, actually, no, don't cp, do "cat /etc/resolv.conf > $CACHE/etc/resolv.conf" or you'll end up copying the symlink from the outside, with the exact same result as you currently have ;)
<hallyn> heh
<apw> hallyn, is your outside upgraded enough to have resolconf installed by default?  it was very recent
<apw> might be why you don't see it
<hallyn> apw: i did just update an hour or two ago...
<hallyn> but, resolvconf is not installed.
<hallyn> stgraber: I'm going to test:  http://paste.ubuntu.com/819005/
<stgraber> hallyn: that cat looks wrong seem like you're missing a >
<jcastro> robbiew: smoser: ok so the cloud.u.c AMI browser is gone now, we just send people to cloud-images.u.c
<stgraber> hallyn: other than that, yes, that should work fine
<hallyn> ha, yes indeed
 * hallyn watching debootstrap creep by
<hallyn> smoser: SpamapS: does any code you own or know of currently rely on 'lxc-is-container'?
 * rbasak wonders if there's a full text search capability of the entire archive source
<Daviey> rbasak: it's called grep.
<uvirtbot> New bug: #922706 in lxc (main) "handle /etc/resolv.conf being a symlink in lxc-ubuntu template" [High,Confirmed] https://launchpad.net/bugs/922706
<rbasak> :)
<Daviey> zul: have you touched the keystone ci job?
<zul> Daviey: no
<rbasak> Daviey: you'll let hallyn know then? Will grep give you an answer before the release? :-)
<Daviey> zul: looks like we have a name clash then
<Daviey> rbasak: hah :)
<zul> Daviey: hmm?
<Daviey> rbasak: ISTR jodh was looking at a full text search tool.
<hallyn> stgraber: hm, resolvconf fails to start though, presumably something to do with /run setup
<hallyn> rbasak: ?
<rbasak> it would be awesome to have a web-based searchable archive source browser
<stgraber> hallyn: fails to start in a container or at install time in debootstrap?
<rbasak> hallyn: sorry, nm
<hallyn> stgraber: fails to start in container.  (status stopped)
<zul> Daviey: repopro problems
<hallyn> when i 'start resolvconf' it all starts fine
<hallyn> before i started it, i had: /etc/resolv.conf -> /run/resolvconf/resolv.conf
<hallyn> so i think i will push the fix i have so far.
<Daviey> zul: how could reprepro be to blame?
<stgraber> hallyn: can you try: lxc-start -n container -- /sbin/init --log
<Daviey> zul: it is a filename clash
<hallyn> ok
<stgraber> hallyn: and then look at /var/log/upstart/resolvconf.log for the problem?
<Daviey> somehting put it into the pool, zul :/
<zul> not sure
<zul> Daviey: well its not red anymore
<hallyn> jjohansen: did the apparmor fix for pivot_root get into the kernel this week?  cause if not i think i'll push another profile to work around it.
<hallyn> stgraber: note that resolvconf didn't start, but ssh did - so i'm not getting a console, but i can ssh in :)
<Daviey> zul: did you do something?
<zul> Daviey: nope
<Daviey> hmm
<Daviey> zul: i retriggered the job
<hallyn> stgraber: /var/log/upstart exists, but no resolvonf in there
<zul> Daviey: ok
<hallyn> doh
<hallyn> stgraber: resolvonf starts on mounted=/run, silly!
<stgraber> hallyn: oh, ok, so it just doesn't start in our case ;)
<hallyn> stgraber: so until we get rid of lxcguest (next week), what do you think we should do?
<hallyn> i guess lxcguest.conf can just 'start resolvconf'
<hallyn> or emit MOUNTED=/run
<stgraber> hallyn: I had a similar issue in friendly-recovery yesterday, I went with "initctl emit mounted MOUNTPOINT=/run"
<hallyn> stgraber: lxcguest is the right palce to do that you think?
<hallyn> oh, no
<hallyn> lxcmount
<stgraber> should be lxcmount until we kill it (hopefully in a few days, we just need the new linux-meta now)
<hallyn> yay, success
<hallyn> stgraber: at this point the lxc commit is big enough i'd like a review - do you have time to review a bzr merge request?
<hallyn> if not, well it works here so i'll push.
<hallyn> (cause you look BUSY)
<stgraber> hallyn: sure, I can have a quick look
<stgraber> hallyn: yeah, I'm busy, but LXC is part of the list of things that need fixing because of resolvconf ;)
<hallyn> stgraber: merge request sent
<hallyn> stgraber: so i guess i'll wait for monday to talk to you and jodh about the upstart merge request for lxcconsole :)
<lynxman> jamespage: ping
<jamespage> hey lynxman
<lynxman> jamespage: hello o/
<lynxman> jamespage: I'm trying to bzr merge-upstream and I get an error saying that it's already merged
<lynxman> jamespage: could this be an issue with the version numbering?
<jamespage> might be
<lynxman> jamespage: http://pastebin.ubuntu.com/819049/
<jamespage> lynxman, please can you pastebin the output of bzr tags
<lynxman> jamespage: sure
<lynxman> jamespage: http://pastebin.ubuntu.com/819051/
<stgraber> hallyn: looking
<lynxman> jamespage: it did everything except the commit
<jamespage> lynxman, hmm - it looks like a bug in bzr
<lynxman> jamespage: heh :)
<lynxman> jamespage: so what do you suggest
<jamespage> if I alter the upstream version number to start with 1.0.0+git-3. instead of 1.0.0+git-2. it works OK
<jamespage> lynxman, drink lots of hard spirits
<lynxman> jamespage: heh :)
<lynxman> jamespage: that's the plan anyway :D
<lynxman> jamespage: will do that, thanks
<jamespage> lynxman, actually it might be something else
<jamespage> http://pastebin.ubuntu.com/819051/
<jamespage> the order of the branches is weird
<lynxman> jamespage: it really is
<jamespage> lynxman, dpkg --compare-versions 1.0.0+git-2.55f6c88 gt 1.0.0+git-2.149b50 && echo OK
<jamespage> no OK :-(
<lynxman> jamespage: *sigh*
<lynxman> jamespage: will push to 3 then
<jamespage> lynxman, that should do it
<lynxman> jamespage: thanks
<jamespage> lynxman, that version number is well wonky!
<Daviey> erm.. just make sure you don't make it so we cannot sync again :)
<lynxman> jamespage: it is :)
<lynxman> Daviey: can I call it "dorothy"?
<Daviey> no.
<lynxman> *pouts*
<jamespage> Daviey: thats a good point
<lynxman> Daviey: what would you suggest?
 * jamespage scratches his head
<jamespage> I hate git snapshots....
<lynxman> Daviey: tried to contact the debian packager but he didn't reply
<Daviey> jamespage: if $date-$githash is used, we are all good
<jamespage> Daviey: if that where but the case
<jamespage> it looks like $number.$githash in this case
<Daviey> yeah
<Daviey> $number is like an epoch it seems
<jamespage> kinda
<Daviey> so
<Daviey> we need to make git-2.55f6c88 > git-2.149b50
<Daviey> which it is
<jamespage> sighs
<Daviey> oh wait
<jamespage> dpkg --compare-versions 1.0.0+git-3.55f6c88-0ubuntu1 gt 1.0.0+git-2.149b50-1ubuntu4 && echo OK == OK
<Daviey> yep
<jamespage> I think the issue is with the version parser in bzr
<lynxman> Daviey: jamespage: so everybody agress to just jump to 3?
<Daviey> i think it's the git"-"2
<jamespage> its getting confused
<stgraber> hallyn: looks good
<Daviey> jamespage: it's not bzr's fault.
<jamespage> Daviey: well maybe
<jamespage> as I said the upstream versioning is wonky
<hallyn> stgraber: thanks, pushing
<jamespage> Daviey, lynxman: I think you have to go for the 3. option
<hallyn> gah - banshee kills my cpu again  (and i don't notice for awhile figuring it's a compile running long)
<jamespage> Daviey: we could upload as is as the package version string fix it - but the package importer will fail with the same issue
<Daviey> jamespage: 1.0.0+git-2.20120127.55f6c88-0ubuntu1 ?
<Daviey> jamespage: bzr isn't to blame here.
<lynxman> Daviey: that'd be cool but would break our compatibility with debian wouldn't it
<Daviey> lynxman: no
<jamespage> I think Davieys suggestion is the best
<Daviey> hmm
<Daviey> if DM gores to git-3. we are good.
<jamespage> lets face it - its an edge case due to poor use of git snapshot versioning
<Daviey> if they go to one digit above, git-2.149b50 yes - we are not good
<Daviey> jamespage: right
<jamespage> I'd prob go with 1.0.0+git-2.20120127.55f6c88-0ubuntu1
<jamespage> and deal with fallout as an when it happens
<lynxman> Daviey: thats why, I think we should try to contact the debian packager again, maybe by mail
<lynxman> Daviey: or just do what jamespage suggests
<jamespage> lynxman, well its worth trying; if you could move to the $date-$hash format it would help alot
<lynxman> jamespage: completely agree
<jamespage> Daviey: is ipxe mega urgent?  or can lynxman take a bit of time to get a more effective long term resolution
<Daviey> if he could move to, 1.0.0+git.20120127.55f6c88 - would be best
<Daviey> removing the first - aswell.
<jamespage> agreed
<Daviey> Anyway, it's not as urgent as it was.
<jamespage> anyway have to shoot - have a good one folks
<Daviey> o/
<Daviey> have a good weekend jamespage
<lynxman> jamespage: have an amazing weekend
<lynxman> Daviey: so try to contact debian packager, if not move to just date.hash?
<Daviey> lynxman: right
<lynxman> Daviey: cool :)
<lynxman> Daviey: emailed him
<NTHL> Hi, I'm on Ubuntu 10.04 server version, DCMTK in 10.04 is not the latest so I downloaded the latest .deb file. I then do "sudo dpkg -i dcmtklatest.deb" and "sudo apt-get -f install" but it didn't succeed. It still tells me that it has removed the old DCMTK and the latest DCMTK is not installed. Someone please advise me on what I should do to properly install the latest DCMTK on 10.04 !!!!
<NTHL> does any1 see my message? cuz other than seeing who joined and quit,  I'm not seeing anything else
<NTHL> I got no problem in #ubuntu
<uvirtbot> New bug: #922417 in glance "5x files into /etc/glance missed from PPA install" [Undecided,Invalid] https://launchpad.net/bugs/922417
<SpamapS> adam_g: hey, would bumping rabbitmq from 2.6.1 to 2.7.1 cause you any trouble? Seems like we should try and get the latest stable release into precise before Feb 16 FF
<adam_g> SpamapS: i was just about to go look at that.. but no, i dont see any reason why it would cause any problems
<adam_g> SpamapS: if you wanna stuff the packages in a PPA somewhere, id be happy to give it a test with charms + nova first
<davidl_> Hi there...  looking for a little hep with rsyslog. (mine config doesn't seem to be working... log files are not updating).  I have a vanilla 11.10 Server AMD64 install.  I've done an apt-get update, apt-get upgrade, apt-get install octopussy (which is a web based log analyzer).  Not getting any log data and it looks like rsyslog isn't working.  Suggestions?  TIA.
<SpamapS> adam_g: I gave it a quick shot, but the branch is messed up..
<SpamapS> missing upstream-2.6.1
<kalosaurusrex> Has anyone heard of an issue where if the cd-rom drive is not detected during the server/alt install that the installation will fail? (via usb install) I looked and haven't found a defect..
<adam_g> roaksoax: im merging a new version of facter, were you able to look at getting the processor fact to detect ARM?
<roaksoax> adam_g: not yet, was planning to work on it tis weekend lol
<adam_g> roaksoax: can you pastebin /proc/cpuinfo from an ARM board if its handy?
<roaksoax> adam_g: i'm not in the US atm and I'm gonna try to get
<roaksoax> adam_g: don't have a pandboard with me, but gonna try to get ssh access into one
<stgraber> hallyn: I just uploaded a new resolvconf changing its behaviour in chroots (non containers) a bit, that shouldn't break your fix though (just potentially make it pointless)
<stgraber> hallyn: the new behaviour is not to convert to a symlink at install time but instead touch /var/lib/resolvconf/convert and have the upstart job create the symlink
<stgraber> hallyn: so on a regular system this will happen immediately (as the package starts the upstart job) but in a chroot, it'll fail and will give you a regular resolv.conf, until this chroot is booted (which is the case for install chroots and containers)
<Darkwing> spamaps so... it happenedgain lol
<Darkwing> happened again
<SpamapS> Darkwing: muhaha, you'll never get your shirt!
<Darkwing> lol
<Darkwing> oh well :P
<SpamapS> It was in my bag on Sunday
<SpamapS> but I was only there for an hour and didn't see you.. or if I did, I forgot about it
<Darkwing> I did four interviews on sunday
<hallyn> stgraber: lxc-ubuntu grants access to c 5:0.  i'm going to take that away.  it's waht lets contianers mess with my xmodmap settings, and container's console is not 5:0 anyway
<Darkwing> Including Disney Animation... speaking of, part of that conversation was about Ubuntu vs Red Hat for their servers...
<stgraber> hallyn: not quite sure why we allowed that to start with...
<hallyn> big stick?
<hallyn> now i'm trying to figure out which of my proc/sys apparmor denials is stopping initctl
<adam_g> roaksoax: oh, i didnt' realize https://launchpadlibrarian.net/89070344/processor.diff
<stgraber> hallyn: do you have dbus in that container?
<hallyn> wtf - sysrq-trigger denial is stopping initctl?
<hallyn> i think so
<hallyn> you mean the packaged called dbus?
<stgraber> yeah
<hallyn> no
<hallyn> should it be installed by default?
<stgraber> no, it's just one of the ways initctl talks to upstart
<stgraber> so in your case it means it's talking directly to it without using the system bus
<hallyn> i just installed it to see if it makes a difference
<stgraber> root@test01:~# echo h > /proc/sysrq-trigger
<stgraber> -bash: /proc/sysrq-trigger: Permission denied
<stgraber> root@test01:~# initctl start hostname
<stgraber> hostname stop/waiting
<hallyn> but why does it need sysrq-trigger to run initctl?
<stgraber> so doesn't seem to be linked to sysrq-trigger, at least not on my machine :)
<stgraber> it doesn't, at least for me
<hallyn> i'm playing with http://people.canonical.com/~serge/lxc.apparmor
<stgraber> hallyn: mine is "rwklx", not sure if denying read access too makes a difference
<hallyn> with all lines except sysrq-trigger uncommented, it works.  with sysrq-trigger denied, i do get ssh and dhclient workign; but no console
<hallyn> i'll try
<hallyn> stgraber: btw denying 5:0 also stops it mucking with my sound level
<hallyn> yeah, either i'm being impatient, or adding 'r' to deny for sysrq-trigger fixes it
<hallyn> well it's not jsut patients - i get a msg about initctl denied
<hallyn> initctl: Event failed
<hallyn> stgraber: and when i deny r, i do not get that msg.  fascinating!
<hallyn> (had to re-check since getty idiotically clears the screen)
<hallyn> stgraber: so with new http://people.canonical.com/~serge/lxc.apparmor lxc with apparmor is working for me.
<stgraber> hallyn: cool. I'm sure we'll want to tweak a few things but that's a really good start.
<stgraber> hallyn: and the sooner we have it in Precise, the more we'll catch before release
<hallyn> stgraber: yeah i won't push it right away :)  i'm hoping for mount restrictions
<hallyn> hm, well, should i try to push it monday?
<hallyn> and, do you think 5:0 fix is worth pushing today?
 * hallyn thinks of the poor buildds
<stgraber> pushing the apparmor stuff on Monday sounds good
<stgraber> according to https://launchpad.net/builders/ the builders are sleeping :)
<hallyn> eh, maybe i should risk today then...
<stgraber> actually, we should have the new kernel on Monday, so we should also be able to try and drop lxcguest :)
 * hallyn hoping
<hallyn> well, i've stashed it in lp:~serge-hallyn/ubuntu/precise/lxc/lxc-apparmor for now.  will test more tomorrow and push monday.
<hallyn> man i'm full of typos today
<hallyn> i'd say butterfingers, but then i might eat them
<Daviey> i'm full of hypo's today :)
<hallyn> :)  <crunch>  d'oh!
<Daviey> adam_g: I'm going to stop sponsoring your work, and suggest others do aswell.
<adam_g> Daviey: its that time, huh?
<hallyn> "sink or swim" ?
<Daviey> adam_g: Apply for damn upload rights :)
<hallyn> Daviey = mean daddy
<Daviey> cruel to be kind :)
<hallyn> all right, package built and installed, lxc with apparmor working great.  \o/
<hallyn> stgraber: btw in case i haven't mentioned, https://code.launchpad.net/~serge-hallyn/ubuntu/precise/upstart/upstart-containers was my tree for putting lxc consoles into upstart.
<hallyn> bbl
<Daviey> adam_g: doesn't d/rules seem a little verbose?  http://pb.daviey.com/NJba/ debian->ubuntu
<uvirtbot> New bug: #922788 in facter (main) "Please merge facter 1.6.4-2 (main) from Debain testing (main)" [High,New] https://launchpad.net/bugs/922788
<stgraber> hallyn: any problem with having lxcconsole.conf be "start on container"? I'm also not too sure about whether upstream upstart will want the running-in-container script as part of the upstream code but that's something to discuss with jodh
<hallyn> stgraber: i think start on continer is fine...
<adam_g> Daviey: compared to debian? yes, it has been since oneiric: debian/rules: use what we had in natty; we don't want ruby-pkg-tools in main
 * adam_g lunch
<zul> adam_g: i think it might be a good thing to have ruby-pkg-tools in main, since the devops people seem to like ruby
<roaksoax> zul: has it ever been in main?
<zul> roaksoax: no but it will make life easier down the road me thinks
<roaksoax> zul: eventually, yes
<adam_g> zul: does that include gem2deb as well?
<zul> i think so
<zul> i havent looked at it recently
<stgraber> hallyn: confirmed LXC still works with resolvconf -1ubuntu5 (clean template and new container)
<uvirtbot> New bug: #922232 in nova "Volumes fail to attach without discovery using tgt" [Undecided,In progress] https://launchpad.net/bugs/922232
<adam_g> zul: did the ec2 cert nova stuff make it into e3?
<zul> adam_g: for keystone?
<adam_g> zul: the new nova service to allow euca-upload-bundle to work
<zul> adam_g: ah yes...
<adam_g> zul: into the e3 ubuntu packages?
<zul> yeah its the nova-cert daemon/package
<adam_g> ah, cool thanks
<Daviey> zul: How did you get on switching the git creation stuff?
<Daviey> roaksoax: Any news on those NEW packages (oops et all)
<Daviey> adam_g: Are you looking to wrap more tests into the CI?
<Daviey> vish suggested the exercise stuff from devstack tree?
<adam_g> Daviey: doing that right now. we're already using the euca exercise test from devstack as our simple test. im going to create a seperate test for the devstack tests that we can trigger from the main precise-openstack-test job. the same for tempest, at some point
<Daviey> adam_g: will you have time before EoW to get that live?
<Daviey> Don't panic about it, few upstream commits happen over the weekend... just curious
<Womkes> What kind of firewall would you guys recommend for a simple LAMP ubuntu server that is going to serve some websites, maybe later e-mail hosting.
<adam_g> Daviey: the devstack stuff, yeah.
<Daviey> adam_g: you really float my boat, you know that?
<adam_g> :)
<Daviey> Womkes: ufw
<Daviey> !ufw | Womkes
<ubottu> Womkes: Ubuntu, like any other Linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo | GUI frontends such as Gufw (GNOME) and Guarddog (KDE Lucid and Maverick) also exist.
<adam_g> Daviey: tempest is at least runnable against the cluster again, but lots of test fail and it takes ~35 mins for a full run. rather hold off turning that on for a while
<Daviey> adam_g: yeah
<Womkes> Thanks Daviey, looks like exactly like what I was  looking for
<Womkes> easy way to give access to services
<Womkes> http/mail/dns
<Daviey> Womkes: try, sudo ufw allow http
<Daviey> etc
<Womkes> What would you do as common practise security measures after installing a ubuntu server with the LAMP stack. I was thinking about (1) firewall (2) unattened-upgrades and (3) rkhunter?
<Womkes> Its a simpel server for myself to host some PHP stuff im working on
<Womkes> and php with suhosin
<RoyK> Womkes: why rkhunter? if the server is just installed, there really shouldn't be much chance for a rootkit
<kerframil> Womkes: make sure MySQL is bound only to the loopback interface (probably will be by default though)
<RoyK> btw, chkrootkit might be just as good
<RoyK> or make sure mysql isn't installed :P
<Womkes> I need mysql :)
<RoyK> use postgres :P
<Womkes> so only accessible through the 127.0.0.1 TCP not via the socket?
<RoyK> IIRC default mysql install listens to localhost only
<RoyK> socket is local anyway
<kerframil> Womkes: you can use unix domain sockets only if you like
<RoyK> so that should be even better
<Womkes> yeah, I don;t need outside access for the mysql
<Womkes> Although its onlyh for myself for testing, I do want it to be secure
<RoyK> ufw allow ssh && ufw allow http && ufw enable
<kerframil> Womkes: having TCP access can be helpful though
<Womkes> maybe allow from my home IP or something
<RoyK> kerframil: for localhost, yes...
<RoyK> Womkes: why?
<Womkes> Well, could come in handy for development
<Womkes> SQL tools
<Womkes> instead of phpmyadmin
<Womkes> i like heidisql
<kerframil> Womkes: it's not a given that domain sockets scale better either. something to bear in mind.
<RoyK> Womkes: if so, make sure you don't allow any IP to connect to mysql - use ufw
<Womkes> yeah exactly, limit mysql to my IP
<kerframil> Womkes: don't do that. you an access mysql trivially with an ssh tunnel.
<Womkes> ah yes, haven't thought about that
<RoyK> ufw allow ... ^W^W^Wman ufw
<Womkes> thanks for the input
<Womkes> im uploading ubuntu server image to my vmware datastore now, soon as its done i will install it :)
<kerframil> Womkes: ssh works great as an ad-hoc VPN for basic TCP forwarding. for anything more demanding, openvpn is good.
<RoyK> imho ssh is good for most use given sufficient bandwidth
<Womkes> after I got this going I was thinking about trying to setup my own mailserver with some webmail. Been looking into webmail solutions so far roundcube looks pretty nice
<kerframil> Womkes: speaking of ssh, consider using pubkey auth only
 * RoyK logs into his bacula server with ssh and starts bat over a wan link to check backup status
<kerframil> RoyK: yeah, it does the job for ad-hoc stuff
<Womkes> any of you got recommendations for IMAP and SMTP server?
<kerframil> RoyK: for MySQL, compression is helpful
<RoyK> !mail
<ubottu> Mail is another medium to communicate. Ubuntu mailing lists can be found at http://lists.ubuntu.com
<Womkes> ive used hm
<Womkes> what was it (thinking)
<RoyK> kerframil: ssh compression is generally useful imho
<kerframil> Womkes: dovecot for imap, by far. for smtp, I like postfix but exim is reportedly good. don't like sendmail.
<RoyK> !postfix
<ubottu> postfix is the default !MTA and !MDA on Ubuntu. For help, read https://help.ubuntu.com/community/Postfix and https://help.ubuntu.com/community/PostfixBasicSetupHowto - See also !MailServer
<RoyK> !dovecot
<ubottu> IMAP and POP are protocols for fetching email. The officially-supported server in Ubuntu is Dovecot (packages "dovecot-imapd" for IMAP, and "dovecot-pop3d" for POP) - See also !MailServer for information on the SMTP protocol
<Womkes> Ive used cyrus before
<Womkes> And exim
<RoyK> dovecot/postfix is "preferred" on ubuntu
 * RoyK uses Zimbra
<kerframil> Womkes: dovecot is so much better than the other imap servers; there's really no comparison
<Womkes> But happy to expand my horizon a bit to learn maybe better packages
<Womkes> ok, dovecot sounds good, and would you recommend for smtp server?
<RoyK> postfix is good
<RoyK> imho the best mta out there
<kerframil> Womkes: my vote would go for postfix
<Womkes> ok, well both are new for me, cyrus and exim i've used, so happy to learn somethign else :)
<RoyK> but then, I have close to zero experience with exim, so I can't really compare the two
 * RoyK moved directly from sendmail to postfix
<Womkes> well, I'm kind of looking to what work well with ubuntu too of course. don't want to stray to far from home in that regard
<Womkes> makes it easier to find howto's
<RoyK> true
<Womkes> Yeah, I use Zimbra at my work also, but that seems like a pretty hefty application
<RoyK> it's pretty heavy
<Womkes> works fine
<RoyK> lots of java sniplets etc
<Womkes> but this is just for personal use and to learn a bit more
<RoyK> but fucking brilliant for a lazy admin :D
<RoyK> anyway
<Womkes> After I got that all setup need to think about a backup method :P
<RoyK> dovecot isn't hard to manage
<RoyK> dovecot backup is just file backup
<Womkes> I still have two Dell R300 server laying around here. I was think about maybe installing xen on both of them and mirror eachother
<RoyK> zimbra backup is not that easy, with open database files etc
<Womkes> eventually I want to use the server to host my personal e0-mail also
<RoyK> what's in the r300?
<Womkes> by that time I want to have my data secured of course
 * RoyK doesn't know dell too well
<Womkes> like a quad core 2.4 GHZ and 8 GB memory
<Womkes> 1 hdd but I can put another in
<Womkes> I got two identical ones
<Womkes> and I can colocate them in a datacenter with a friend of mine free of cost
<Womkes> that's why im trying to learn a bit more
<Womkes> first with a vmware for some testing
<RoyK> so all you need is a good box with a truckload of disks and openindiana/zfs for storage? :D
<Womkes> well, :D
<Womkes> was thinking about some kind of redundant setup with the two server
<Womkes> which keep the data in sync
<Womkes> doesn't have to be like super active with automatic failover or anythiugn like that
<Womkes> just when one server dies I can put the other one online without loosing al my data (personal mail and stuf)
<RoyK> I'd vouch for shared storage
<Womkes> I've been reading about DRDB
<Womkes> with xen
<RoyK> drbd works too
<Womkes> well I don;t have  a seperate storage server
<Womkes> just the two dells
<Womkes> which I can put in software raid 1
<RoyK> then drbd is probably a good choice
<RoyK> drbd is essentially mirroring over IP
<Womkes> yeah, and then keep the disk images for the xen vm's in sync
<Womkes> that i what im thinking
<RoyK> so used with pacemaker ...
<Womkes> but doesn't have to be full automatic, no need for virtual IP's or anythign like that
<Womkes> i'm happy to just add the IP of the primary server to the secondary if the primary fails
<Womkes> and then fire up the xen vm again
<Womkes> that should work right ?
<Womkes> I'm looking to avoid any hassle of making backups of the file system and database
<NeoNetNinja> I don't mean to interrupt but I would just like to thank all of you in #ubuntu-server for making the most amazing and useful server operating system EVER! Giga-props and much respect to you all!
<Womkes> that seems a bit to complicated for me at this time
<Womkes> THen I need to figure out which directories/files I need to backup
<uvirtbot> New bug: #922646 in parted (main) "precise alternate LVM failed to install: no root file system" [High,Triaged] https://launchpad.net/bugs/922646
<Womkes> and have a better restore plan
<Womkes> So, ufw for firewall, dovecot and postfix for mail, roundcube for e-mail, xen + drdb for redundancy
<Womkes> looks like a nice project :)
<roaksoax> Daviey: i'm packaging them from pypi and are pretty simple. Should have them by monday/tuesday
<roaksoax> Daviey: depending on how much I work on them this weekend
<Womkes> thanks for the help guys
<roaksoax> Daviey: i'll let you know as soon as they are ready for you to review
<NeoNetNinja> I was amazed how easy it was to configure 802.3ad...
<NeoNetNinja> I building another server and will be using US...
<NeoNetNinja> I'll be able to backup my entire network and then backup the server in the cloud all with Duplicity
<NeoNetNinja> :)
<NeoNetNinja> via FTP
<Womkes> at my work they recentlyh setup a new cloud platform with onapp, some sysadmins did presentation last week
<Womkes> that was really really nice
<Womkes> very impressed by the whole setup
<Womkes> and for backup they use r1soft, had the priviledge of myh collegeau showing how that work also
<Womkes> amazing backup system
<NeoNetNinja> cool
<Womkes> cool story bro :P
<Womkes> nah but really, very impressed with the whole setup
<Womkes> makes me happy to have colleague that know what they're doing
<roaksoax> Daviey: https://launchpad.net/~andreserl/+archive/ppa/+files/oops_0.0.10-0ubuntu1~ppa1.dsc there's one.. i'll be uploading them to my PPA for review then you or someone else can do the peer review
#ubuntu-server 2012-01-28
<NeoNetNinja> I'm looking forward to "The Official Ubuntu Server Book" Precise edition :)
<osmosis> is there a way to enable LVM encryption on a disk that was not installed with LVM encryption?
<NeoNetNinja> osmosis: what it installed with LVM at all? Ergo, are the "partitions" LVM?
<NeoNetNinja> was*
<NeoNetNinja> osmosis: here is your answer: http://ubuntuforums.org/showthread.php?t=1335083
<osmosis> NeoNetNinja, yes, the partitions should be LVM
<osmosis> NeoNetNinja, thx
<osmosis> cool
<NeoNetNinja> osmosis: you're welcome
<osmosis> hmm..so it may in some shape be possible, but id had to reparition anyways, so a full reinstall is probably the fastest route
<NeoNetNinja> that's what I would do
<NeoNetNinja> here is a good guide: http://ubuntuforums.org/showthread.php?t=1205372
<NeoNetNinja> or use TrueCrypt
<NeoNetNinja> or: http://joernfranz.net/2011/01/20/installing-ubuntu-10-10-with-full-disk-encryption/
<NeoNetNinja> the alternate install is pretty much the same for all recent versions
<osmosis> ill take a look
<osmosis> that second link is a bit outdated...the newer installer is even easier
<osmosis> " I know that âGuided â use entire disk and set up encrypted LVMâ looks sexy to you, but please donât press that. Weâll do things by hand."
<osmosis> why did he pick that...why not just use guided.
<qman__> because guided partitioning, while convenient, isn't very smart
<qman__> if you're trying to do anything with multiple disks, you probably don't want guided
<qman__> if you have any specific requirements, it probably won't meet them
<qman__> and with servers, you tend to have those things, so showing how to do it manually is important
<qman__> if you just have a laptop with one drive you want encrypted, the guided is probably good
<taipres> in the US judge recently ruled they can make you decrypt the harddrive legally
<taipres> don't have to give up pass but have to decrypt for them, so probably best to use truecrypt
<taipres> and hidden os
<alot_of_mike> Why does server have x11-common?
 * alot_of_mike doesn't see anything obviously necessary in http://sprunge.us/EWRB
<SpamapS> alot_of_mike: aptitude has a 'why' sub-command that will tell you
<alot_of_mike> hm, some library for gd
<alot_of_mike> thanks, SpamapS
<gmr_> Hi there, was referred here from #ubuntu
<gmr_> Hoping someone can help me out, I have a 11.10 server install, trying to get things setup and am having trouble adding an eth0:0 alias. It seems that service networking stop/start/restart doesn't work, I believe I have the config correct (https://gmr.privatepaste.com/64a38a3706) and if I reboot the server, eth0 comes up but eth0:0 does not.
<gmr_> (paste has the examples of running the commands)
<qman__> gmr_, does `sudo ifup eth0:0` bring up the interface as expected?
<gmr_> tells me it's already configured
<gmr_> yet ifconfig eth0:0 doesn't show anything
<gmr_> hmm yet pinging the ip works :|
<qman__> try ifdown, then ifup
<gmr_> i've been waiting a fair amount of time on a non-problem it seems.
<qman__> heh
<qman__> happens to the best of us
<gmr_> hmm ifdown eth0:0 shutdown all of eth0
<gmr_> am more of a slackware, lfs, *bsd of guy trying to jump on the more enterprisey bus
<qman__> well, learning the debian way does take a little time, but I find it to be much easier in the long run
<qman__> though you do occasionally run into things like this where it doesn't work as expected
<qman__> the 'networking' service has been a little iffy ever since they started moving things to upstart
<gmr_> thanks for the point at ifup/ifdown.. probably wouldn't ahve tried to ping the interface otherwise.
<uvirtbot> New bug: #922954 in keystone (universe) "keystone has a missing dep on python-prettytable" [Undecided,New] https://launchpad.net/bugs/922954
<Daviey> roaksoax: sorry, just saw your response - that is great!
<Womkes> Is there any documentation yet available for setting up xen on the latest ubuntu? I understand that ubuntu now has full supprot for xen with 11.10
<Womkes> https://help.ubuntu.com/community/Xen
<Womkes> that is outdated
<chelz> Womkes: if xen doesn't provide anything then blogposts might be your best bet
<chelz> i found these:
<chelz> http://bderzhavets.wordpress.com/category/xen-4-1-2-on-ubuntu-11-10/
<chelz> http://zulcss.wordpress.com/2011/09/04/xen-4-1-1-on-ubuntu/
<chelz> from
<chelz> http://askubuntu.com/questions/83846/current-protocol-for-installing-xen-with-ubuntu-11-10-as-a-dom0
<chelz> also http://martincarstenbach.wordpress.com/2011/11/30/getting-started-with-xen-virtualisation-on-ubuntu-11-10/
<Womkes> thanks, will have a read
<chelz> Womkes: http://old-list-archives.xen.org/archives/html/xen-users/2011-10/msg00324.html
<chelz> Womkes: according to that mailing list thread it's really simple. i'd read those few messages
<chelz> then just refer to standard xen documentation. googling for errors if you get any along the way.
<Syria> Hi, I have a virtual windows 2003 machine hosted on my ubuntu server, how can I allow the virtual machine to access usb devices please?
<eagles0513875_> hey guys im just wondering is it possible to specify an ipv6 ip if dhcp doesnt manage to automatically configure the ip
<RoyK> !ipv6
<ubottu> For an introduction to IPv6 and information on tunneling IPv6 through IPv4 connections, see https://wiki.ubuntu.com/IPv6 | To disable IPv6 see https://help.ubuntu.com/community/WebBrowsingSlowIPv6IPv4
<RoyK> eagles0513875_: the short answer is "yes"
<eagles0513875_> ok sweet :D was just wondering was all :) working on getting varnish setup to act as an ipv4 to 6 kinda tunnel on my server thanks RoyK :)
<patdk-lap> heh, sounds like you want slaac
<patdk-lap> royk, comstar with ip6 is kind of funny
<patdk-lap> my 4nic server suddently has 32 iscsi paths, cause it's using ip4 and ip6 :)
<eagles0513875_> patdk-lap: what is slaac anyway
<eagles0513875_> the server i want to do this on is an esxi host was going to setup a small guest with varnish to do the ipv4 to 6 tunneling
<patdk-lap> http://lmgtfy.com/?q=slaac
<Tm_T> patdk-lap: tsssk
<eagles0513875_> RoyK: would SLAAC be enough in regards to allowing clients access to stuff like ssh over an ipv4 connection
<RoyK> eagles0513875_: sorry, I'm not really updated on ipv6
<eagles0513875_> ok will ask in ipv6
<Spectrum> Is there an easier alternative to https://help.ubuntu.com/11.10/serverguide/C/openldap-server.html for setting up basic network authentication for Linux and Windows clients?
<Spectrum> This is for a small home network.
<dravekx> is there a link to install oracle java 7?
<qman__> dravekx, There is no packaged version of oracle java anymore, because oracle did not renew the license which allowed this to happen in the first place. To install it, you must download it from oracle and compile/install it the old fashioned way.
<qman__> In case you didn't gather as much already, this is not an ubuntu recommended thing to do.
<dravekx> what's the recommended thing? openjdk?
<qman__> yes
<qman__> Considering official Java's security record, it was already not exactly a recommended thing to do before.
<roaksoax> g/win 16
<uvirtbot> New bug: #923179 in bacula (main) "package bacula-common-mysql (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/bacula/libbaccats.la', which is also in package bacula-common 5.2.3-0ubuntu2" [Undecided,New] https://launchpad.net/bugs/923179
<nOStahl> hows it going guys
<nOStahl> got myself setup a brand new shiny intel p4 ubuntu server 10.11 heh hosting git repo's via gitolite
<nOStahl> looking to add some more functionality to the server
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
#ubuntu-server 2012-01-29
<meerkats> or, how should I forward UDP to any given port?
<n0cturnal> hope someone can help me here.. at my wits end.. I upgraded from lucid to maverick last week, and my dhcp server has stopped working. I tried upgrading again (as was my plan anyway) to natty and oneiric.. but still doesn't work.. I see DHCPDISCOVER and DHCPOFFERs in logs, BOOTP works, but nothing via DHCP.. using isc-dhcp-server
<MTecknology> I had kvm working on my system and had to reinstall, I apparently didn't keep all the data i needed and didn't grab an xml dump from the systems. Is there anywhere on the system that the data may have existed that I could still get?
<MTecknology> I have the machines and a partial fs backup, but i can't seem to find the vm config
<MTecknology> I thought maybe /etc/qemu* but there's nothing there :(
<n0cturnal> MTecknology: /var/lib possibly?
<MTecknology> n0cturnal: just found it! /etc/libvirt/qemu/*.xml :D
<n0cturnal> nice, cool!
<MTecknology> n0cturnal: looks like i _almost_ have this thing back up and runnig the way i want...
<MTecknology> just can't get virt-manager to connect
<MTecknology> n0cturnal: any ideas on this one?.. libvirtError: End of file while reading data: sh: nc: not found: Input/output error
<MTecknology> trying to run the shell command nc, but i'm not seeing what provides that
<MTecknology> man... I feel like libvirt has fallen out of support; no docs or support or anything it seems
<chelz> MTecknology: i was just looking for docs on xen, which supposedly is all supported in later stuff, hardly any
<chelz> there don't seem to be many non-kvm virt docs :P
<MTecknology> chelz: i see kvm docs, not libvirt or xen docs
<MTecknology> chelz: I feel like I'm hitting problem after problem... I know I'm close
<MTecknology> I have to fix one vm before I can move on, but I have to get virt-manager working before I can do that much
<chelz> eh google for the problem then. i mean libvirt's site should have docs
<MTecknology> I've been searching quite a bit for this one
<MTecknology> I see a few people that had the issue without any posted solutions
<chelz> time to do some diving perhaps
<MTecknology> HAHA!
<MTecknology> chelz: So.... it wanted netcat to be on the system; now that netcat is on the host, I'm seeing End of file while reading data: nc: invalid option -- 'U'
<MTecknology> nc -h for help: Input/output error
<MTecknology> Apparently debian being the host and ubuntu being the workstation isn't going to work!?.... irunno
<chelz> eh
<chelz> well bugs are likely to crop up, but that sounds pretty odd
<MTecknology> chelz: worse here... that was easy to figure out... I needed netcat-openbsd installed, netcat-traditional wasn't good enough
<chelz> MTecknology: End of file while reading data: nc: invalid option -- 'U'
<chelz> ah yeah
<chelz> er
<chelz> that was meant to be netcat-openbsd
<chelz> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614291
<uvirtbot> Debian bug 614291 in virt-manager "Unable to establish qemu+ssh connection" [Important,Fixed]
<chelz> found that, which you probably saw
<MTecknology> same bug - debian #516482
<uvirtbot> Debian bug 516482 in virt-manager "libvirt0: qemu+ssh requires netcat-openbsd" [Minor,Open] http://bugs.debian.org/516482
<chelz> sounds almost like it should be fixed
<chelz> foobar# ln -s /usr/bin/netcat /usr/bin/nc
<chelz> heh
<chelz> no activity on 516482 since jul 2010
<MTecknology> i guess I'm happy enough that it's working now - i'll stop complaining :D
<chelz> bug 614291 says closed as of 15 Jan 2012 in Source-Version: 0.9.0-5
<uvirtbot> Launchpad bug 614291 in policykit "PolicyKit authentication does not work over X forwarding" [Undecided,New] https://launchpad.net/bugs/614291
<chelz> MTecknology: oh, you didn't say it was working
<chelz> psh
<chelz> i was trying to fix a problem that wasn't there
<MTecknology> chelz: sorry - as soon as i saw it depended on netcat-openbsd it started working
<chelz> ah
<chelz> that's easy enough
<MTecknology> chelz: thanks for the help :D
<chelz> error msg should be better
<chelz> haha np
<MTecknology> I might file a bug to make it trap that error and make a nice message instead of that :)
<MTecknology> I have to rebuild my router now that I can talk to it... bbiab
<MTecknology> chelz: that was super fun! you believe me?
<MTecknology> chelz: Only other issue I've been having is trying to use virt-manager to actually work on the machines, but it's a huge pain because I use dvorak and when I type in there it wants to use qwerty
<chelz> MTecknology: yeah filing a bug is a good idea
<chelz> oh
<chelz> heathen
<chelz> i didn't know something like virt-manager would care, that's weird
<chelz> could file a bug about that too. really should be agnostic about that kind of thing
<MTecknology> I figured it would be... but I imagine it sends the key id (before the system realizes it's not qwerty)
<chelz> should be getting input some different way then i'd think
<chelz> although i don't know how dvorak is setup usually. there might be a better way to set it than the way you've set it up
<MTecknology> dpkg-reconfigure keyboard-configuration
<MTecknology> from there i just selected the layout and it worked
<chelz> MTecknology: http://blog.garion.org/2011/04/26/using-virt-manager-on-macosx-with-dvorak-keyboard-layout/
<chelz> blowin minds right and left right here
<chelz> seems it's a qemu thing
<MTecknology> I remember trying to change that before and setting the keymap didn't help any
<chelz> well you do that plus the keymap file for qemu
<MTecknology> yup- I found someone that made a dvorak keymap file, i had no complaints from qemu or anything, but never managed to get it working
<chelz> i'd try what that blogpost says then go from there
<chelz> as in, do it, do it now
<MTecknology> i did it
<chelz> no change?
<MTecknology> nope
<chelz> https://bugs.launchpad.net/ubuntu/+source/virt-manager/+bug/496587
<uvirtbot> Launchpad bug 496587 in virt-manager "vnc keymap breaks non-us layouts" [Undecided,Fix released]
<chelz> i take it you're interacting with the guests through the vnc? or ssh?
<MTecknology> vnc
<MTecknology> ssh works great
<chelz> right
<chelz> check if virt-manager added en-US
<chelz> bug says "When creating a guest, virt-manager adds "keymap='en-us'" to the created vnc option."
<chelz> change to en-dv
<MTecknology> if i omit that part (actually, it has to be left out for the qemu-kvm in debian stable), then i have the same issue
<MTecknology> setting to en-dv, you need to create the keymap
<MTecknology> maybe I just didn't find the right keymap file...
<chelz> could symlink qemu's en-us to en-dv
<chelz> /usr/share/qemu/keymaps/en-dv \
<chelz> disregard \
<chelz> since yeah, my first guess is you didn't follow the blog post closely enough
<MTecknology> To make it work the way it's supposed to... I'd need to copy to /usr/share/qemu/keymaps/en-dv and then edit that file until i got it right, then it might work
<chelz> well that blog post linked to a place with a premade en-dv
<MTecknology> that's the one i tried
<MTecknology> chelz: sorry if I seem to be difficult on thise :( ... I didn't just run in to this issue, I just happen to be completely rebuilding the box and am running into it again
<chelz> np
<chelz> actually
<MTecknology> actually? .. you're mad and going to hurt me?
<chelz> yes, but before that
<chelz> MTecknology: https://bugzilla.redhat.com/show_bug.cgi?id=244787#c4
<uvirtbot> bugzilla.redhat.com bug 244787 in python-virtinst "incorrect default keymaps" [Low,Closed: errata]
<MTecknology> OOOH
<chelz> i am the law
<chelz> MTecknology: any change?
<MTecknology> chelz: dunno... I'm wondering if I need a complete reboot for it to get noticed
<MTecknology> I'm gonna do the reboot now
<chelz> eh, sysconfig/keymap might be just a redhat/fedora/centos thing. this page has a few ways to set a keymap, just put in your "en-dv" or "dvorak" or w/e for where it says "dvp": http://www.kaufmann.no/roland/dvorak/linux.html
<chelz> http://ubuntu-tutorials.com/2008/01/31/changing-the-system-keyboard-mapping-on-ubuntu-dvorak-vs-qwerty/
<MTecknology> I just tryied dpkg-reconfigure console-data; console-setup seems to have nothing to do with the layout
<MTecknology> I can't get the mapping to stick on the console....
<MTecknology> chelz: I betcha when I get it to stick, it's going to work like magic because you're smart and google abilities kick butt :)
<chelz> ehh
<chelz> not working so far. sounds like you need to see the light of qwerty pretty soon here
<chelz> MTecknology: yeah i'd look over those last few links
<MTecknology> chelz: nah.... I won't claim I'm faster because I'm using dvorak, but I definitely type better and more efficiently and I actually look like I know what I'm doing at the keyboard now
<chelz> psh yeah yeah yeah :P. gotta get it working first
<MTecknology> indeed....
<MTecknology> I was never able to actually type correctly or decent on a qwerty board. I just couldn't make my head learn it. Then comes many years later... dvorak and i just kinda clicked after about the first month of what i'd like to call typing hell.
<qman__> been typing qwerty since I was four years old, I know it was designed specifically to be less efficient, but there's no changing that kind of history
<qman__> next step is direct brain interface
<MTecknology> qman__: they did that already
<MTecknology> i think the guy that did it was called something like somebody duvorack or something
<chelz> MTecknology: setxkbmap
<MTecknology> chelz: I think I managed to get the console working with dvorak now, but I think I might also need a reboot before I can know for sure whether it worked or not
<chelz> needing to reboot seems a bit odd
<chelz> one config thing i saw actually looked like you gave the kernel a line
<MTecknology> chelz: oh... got to a point where i could reboot - same thing happening
<MTecknology> OOOH!!!!!!
<MTecknology> YAY!!!!!!!
<chelz> MTecknology: eh?
<MTecknology> chelz: Working!!
<chelz> MTecknology: i take it it's working, any idea what the fix was?
<MTecknology> multiple things... finally got console set up to use dvorak on boot, then had to set the VM's to use en-us, then had to turn the systems completely off
<MTecknology> and.... shazam
<chelz> huh
<chelz> so setting up the console made everything else work with en-us
<chelz> MTecknology: how'd you set the console?
<MTecknology> uhm.... i'm not sure
<chelz> heh
<chelz> well
<chelz> undo stuff until it breaks again :P
<chelz> or in a vm
<MTecknology> dpkg-reconfigure keyboard-configuration; dpkg-reconfigure console-data; dpkg-reconfigure console-setup; also installed kbd
<MTecknology> and...
<MTecknology> loadkeys dvorak
<MTecknology> not sure which part fixed it.. there was something else too....
<MTecknology> setupcon?
<MTecknology> setupcon *
<chelz> ah
<chelz> well, with all that one is bound to work i suppose
<Bogscitz> Moin
<Bogscitz> Ich versuche auf einem Ubuntu Server (11.10 x86_64) meine WLAN-Karte (Intel Wireless 4965AGN / iwl4965 geladen) zum AP zu machen. Leider mag hostapd nicht, obwohl es laut eigentlich out-of-the-box laufen sollte. Die Ausgabe von hostapd und dessen Config: http://pastebin.com/F3ZwzSuK
<Bogscitz> *laut allen Quellen ;)
<Bogscitz> wlan0 existiert auch: 6: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
<Bogscitz> Hat vielleicht noch jemand ne Idee?
<oCean> !de
<ubottu> In den meisten Ubuntu-KanÃ¤len wird nur Englisch gesprochen. FÃ¼r deutschsprachige Hilfe besuche bitte #ubuntu-de, #kubuntu-de, #edubuntu-de oder #ubuntu-at. Einfach "/join #ubuntu-de" eingeben. Danke fÃ¼r Dein VerstÃ¤ndnis!
<Bogscitz> Oops, sorry
<Bogscitz> Thanks
<oCean> heh, welcome :)
<Bogscitz> :)
<Bogscitz> Basically, Im trying to run my Intel Wireless 4965AGN / iwl4965 in ap mode. But hostapd fails to put it in master mode: http://pastebin.com/F3ZwzSuK (incl. config). wlan0 exists though
<Bogscitz> Its a 11.10 x86_64 box
<Bogscitz> Oh, iw list doesnt show me supported AP or AP/VLAN modes for the device
<Bogscitz> grml
<Womkes> !basic ubuntu server
<ubottu> Womkes: I am only a bot, please don't think I'm intelligent :)
<Womkes> Does anybody know what packages are included in hte "basic ubuntu server" tasksel option ?
<SpamapS> Womkes: you can see that by looking at the task data ..
<SpamapS> Womkes: but I don't see the "task" basic ubuntu server
<maxagaz> hi
<maxagaz> i have just installed ubuntu-server
<maxagaz> when I type ifconfig, I have just lo
<maxagaz> my eth is not in the list
<maxagaz> how to get it in the list
<maxagaz> felipe_: hi
<felipe__> hi
<maxagaz> felipe__: hi
<maxagaz> felipe__: how are you ?
<felipe__> max
<felipe__> maxagaz: dsgsdkjh
<nancy--> what are the most famous control panels for web hosting ?
<onre> famous for good or bad things?
<nancy--> good
<nancy--> ofcourse
<JanC> does Ubuntu server have something like this: http://www.daemonology.net/blog/2012-01-16-automatically-populating-ssh-known-hosts.html ?
<itguru> I'm building a webserver using ubuntu, and I've run into an issue. I thought I had php working, as he site in /var/www renders php, but sites in /user/public_html do not - Where shall I start to fix this problem?
<guntbert> itguru: did you see the !serverguide already?
<itguru> ...
 * itguru says serverguide ?
<itguru> I must google harder
<itguru> !serverguide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<itguru> Thanks for the tip, I usually build servers on centos
<itguru> blashphemy in here, I know :)
<itguru> Ah! Yes, I have gone through that page!
<blkperl> itguru: did you tell apache to look in /user/public_html?
<itguru> oops! wrong config file!
<blkperl> :)
<itguru> blkperl - yes, it does, at the moment, it just downloads the php file, I've updated the file /etc/apache2/mods-enabled/php5.conf - and commented out  php_admin_value engine Off - but still no php site :(
<uvirtbot> New bug: #923491 in mysql-5.1 (universe) "package mysql-server-5.1 (not installed) failed to install/upgrade: Ãºj pre-installation szkript alfolyamat 1 hibakÃ³ddal kilÃ©pett" [Undecided,New] https://launchpad.net/bugs/923491
<itguru> WooHoo! It's working ? but I made like 6 config changes, and 2 cache reloads, so I can't pin down what did it! But anyway, I think from here on in, I'm sticking to CCM methods - hacking ubuntu is fun, and there are many guides, and the community is great :)
<KristianDK> Is this the correct channel to ask about vmbuilder?
<itguru> I've got some sites sitting in public_html for a few users, I want some domain names to point to some of the sites, what's the best practice way to do this? I was thinking virtual hosts, but then, doesn't that configure the site twice? once for the public_html, and once for the domain name?
<andol> itguru: Well, assuming you want the vhost domain to be the new actual url I'd say the proper thing would be sitting up 301 redirects from the ~username url:s.
<itguru> I want users who type www.domain.com to go to ~/webdevguy but still see www.domain.com in the heading. I could just create a vhost and user the absolute path, which is easier, but if the user deletes the direcrory apache will fail a reload, right?
<andol> itguru: You know, that really isn't such a hard thing to test and find out by yourself...
<itguru> andol - I did, and I got it working, I just wanted to know if there is a best practice way f doing it
<itguru> F means of! by the way, not any other f word :)
<wmp> hello, i have problem with curl: /usr/lib/libcurl.so.4: no version information available
#ubuntu-server 2013-01-21
<vjacob> hiya. what kind of pros/cons can you think of either in favour or against a free (open-source) NAS box for a home file (media) server as opposed to a more general purpose distribution such as Ubuntu Server?
<PatrickDK> if you can't answer that, a nas distro it is for you
<vjacob> PatrickDK: good point, takker :)
<PatrickDK> the main thing that trumps all that, is your personal knowledge, and how much you want to mess with it
<hallyn> lifeless: oh, sorry, is that your question :)  you need to install the qemu-kvm-spice package, then run kvm-spice instead of just kvm
<hallyn> make sure to add '-enable-kvm' to the options, otherwise use the same options you've been using
<hallyn> lifeless: using virt-manager, at the end of the wizard you can click 'advanced options', go to 'display vnc', and then choose spice instead of vnc
<lifeless> hallyn: ok, and virt-manager knows to run qemu-kvm-spice ?
<lifeless> hallyn: (and thanks!)
<pmp6nl> Should iptables be blocking dns packets?
<patdk-lap> sure, if you told it to
<pmp6nl> it is, but is it suppose to be doing that.  Is it good or bad? patdk-lap - thanks
<patdk-lap> pmp6nl, only you can answer that
<pmp6nl> do you block dns patdk-lap ?
<patdk-lap> if you told it to, yes, it shoudl block it, or it would be a pretty lousy filter
<patdk-lap> is it good or bad? dunno, who told it to would have to answer that
<patdk-lap> yes and no
<patdk-lap> your asking the wrong questions
<pmp6nl> ok, so what would the point be of dns contacting the server?
<patdk-lap> heh?
<patdk-lap> to resolve domain names
<patdk-lap> as that is what dns does
<patdk-lap> stupid question
<pmp6nl> Yes, but i have a separte dns server
<patdk-lap> like of like asking, what is the point of running an http server
<pmp6nl> well thanks for being super helpful patdk-lap
<patdk-lap> trying, but your questions are ultra roundabout
<pmp6nl> how can someone ask a more specific question if they are trying to learn it and dont know how to ask more specifically?  If I am on a VPS does the host server (which is what controls the dns) need to contact my vps specifically
<patdk-lap> yes
<patdk-lap> how else will you be able to lookup dns entries?
<patdk-lap> if you reject all replies?
<patdk-lap> atleast this time you asked a specific question
<pmp6nl> Well everything has been working fine for 8 months...
<patdk-lap> depending on how it is setup, if your using conntrack, it will attempt to match outgoing and incoming udp packets so it will work
<pmp6nl> humm, that must be what its doing then. Ill research this more. THanks
<patdk-lap> but that can also have large memory usage effect if you do a lot of udp
<pmp6nl> might be, trying to figure out what is using so much memory.  Though it looks like apache
<vjacob> is it possible to change the cipher of the disk encryption post-install?
<vjacob> hi. is it possible to change the cipher of the disk encryption post-install?
<jotterbot1234> has anyone here had a go at trying to run an Adobe Update Server on ubuntu?
<jotterbot1234> specifically AUSST which they say can run on linux
<grendal-prime> oi
<grendal-prime> soooo is there a reason that the vncserver that is integrated into the os is so...well...sucky?
<grendal-prime> and if so can i point that fancy front end to use like the x11vnc server?
<luminous> do you need to "register" services with upstart?
<luminous> I have an upstart init script from a package contrib (uwsgi), it's pretty simple, has the same perms as everything else in /etc/init, but upstart fails to recognize it when I try `service uwsgi start`
<luminous> start: Unknown job: uwsgi
<luminous> -_-
<jodh> luminous: Try init-checkconf - http://upstart.ubuntu.com/cookbook/#init-checkconf
<jodh> luminous: ...and try using the upstart commands, rather than the SysV ones: 'start uwsgi'.
<luminous> it keeps changing I didn't know there where new commands
<luminous> HAH, cannot run as root?
<luminous> ERROR: failed to ask Upstart to check conf file
 * luminous thanks ini-checkconf for the details
<luminous> jodh: `start uwsgi` fails with the same error.. "start: Unknown job: uwsgi"
<luminous> I shall consider this system broken and redeploy :)
<luminous> thanks to salt and the cloud!
<jodh> luminous: you are probably running in a console environment: there is a fix in the pipeline, but dbus changed its behaviour recently. You need to start a dbus-daemon whilst init-checkconf runs: eval `dbus-launch --auto-syntax`
<jodh> luminous: as an alternative, you can put upstart into debug mode, touch the problematic file and look at the system log. It will show if the job in question failed to parse. To do this: 'initctl log-priority debug && touch /etc/init/uwsgi.conf && tail /var/log/syslog'
<balboah> bash: /sbin/reboot: Input/output error
<balboah> yay for dead drive
<luminous> sweet, I would not have identified the log-priority so quickly. that is a nice trick
<frojnd_> Hi there.
<frojnd_> I keep getting this in /var/log/auth.log Accepted publickey for git from IP port 56006 ssh2 even though I've set port for ssh 10022, does that mean that user is typing in wrong port command?
<RoyK> frojnd: iirc that just means it came from port 56006, that being the source port
<frojnd> ah ok.
<frojnd> One more question about ~/.ssh and everything iside it
<frojnd> Every computer should have chmoded ~/.ssh like this chmod 700 ~/.ssh && chmod 600 ~/.ssh/* correct me if I'm wrong?
<remix_tj> frojnd: no, correct
<remix_tj> only owner has to access .ssh
<frojnd> reverse mapping checking getaddrinfo for abts-north-dynamic*.in [122.161.*] failed - POSSIBLE BREAK-IN ATTEMPT! Why does this upper case say possible break in?
<frojnd> The user only tried to commit through git for 5 times
<mathi> hello
<mathi> I try to install ubuntu server from my external hard drive (through usb), the problem is that the installation steps asks me to mount from CD-ROM
<mathi> there is a workaround: http://demtrex.wordpress.com/2011/04/04/work-around-the-cd-rom-detection-issue-when-installing-ubuntu-server/
<mathi> but for me it doesn't suggest me to "Manually select a CD-ROM module and device"
<mathi> I am trying t install version 12.10 by the way
<frojnd> Any ideas on that reverese mapping?
<frojnd> http://scottlinux.com/2012/03/07/troubleshooting-ssh-server-logs-and-error-messages/ <- Next one, connecting client has no or bad reverse DNS (PTR). Does not necessarily mean you have a âbreak-in attemptâ.
<frojnd> ok, I'm good
<rideh> Updated mongo but now using service reports its an "unknown instance"
<CPrompt^> I have a fresh install of server 12.10.  I set up a virtual host in the "sites-available" that points to a directory in my home directory (/home/user/www).  Every morning when I try to access the site, the permissions are set so I get a "Forbidden".  I chmod it to 755 and all comes back.
<CPrompt^> What could be causing this?  All it is, is a LAMP server running a Wiki
<CPrompt^> there are no scripts that are running and I am the only one that has access to it
<rideh> did you use a stack script to install 12.10?
<rideh> can you run apache as the user?
<CPrompt^> rideh: I just let it install everything as normal, yes
<CPrompt^> not sure about running apache as the user.  I guess I could but that depends
<CPrompt^> i'll change the user in the apache.conf and see what happens.  Unfortunatley it will probably be tomorrow before I find out if it works  LOL
<rbasak> zul: hey. May I take the logwatch merge please?
<rbasak> (seems straightforward enough
<rbasak> )
<zul> rbasak: you dont even have to ask
<rbasak> Thanks!
<CPrompt^> rideh: thanks.  I think that actually did the trick
<apw> are we aware of network manager stomping on virbr0 on raring hosts ?
<hallyn> lifeless: right, it (virt-manager) should then DTRT
 * apw has had to add 'iface virbr0 inet manual' to /etc/network/interfaces to keep my bridge working
<hallyn> apw: oh?  i thought that bug was fixed on friday?
<hallyn> yup, at least lxcbr0 is running fine on my raring box with n-m still running
<hallyn> stgraber: how had you created that VM?  You manually in virt-manager clicked the cpu features you wanted?
<stgraber> hallyn: I never manually selected cpu flags, so my guess is that virt-manager did that for me at some point
<hallyn> zul: ^ (see Laney and stgraber above) I'm not sure yet, but we may need some changes to libvirt to accomodate the switch from qemu-kvm to qemu
<zul> hallyn: ack
<hallyn> stgraber: wait a sec.  you're using qemu-kvm-spice in that paste.  which has not changed
<hallyn> oops, wrong chan eh
<Combatjuan> Hello, how do I go about determining if this kernel bug https://bugzilla.kernel.org/show_bug.cgi?id=42981 has been patched in my ubuntu kernel (linux-image-3.2.0-35).  Does the -35 map directly to the upstream revision?
<uvirtbot> bugzilla.kernel.org bug 42981 in Power-Processor "Processor Aggregator Device is not stable causing FW-OS communication to stop" [High,Closed: code_fix]
<mathi> I can't install Ubuntu Server because it blocks at this step: Configure the package manager
<mathi> the last things it says is: Scanning the mirror
<mathi> and then it goes back to the Ubuntu installer main menu
<mathi> anyone ?
<RoyK> mathi: never seen that one - can you resolve/ping an internet host like google.com from the commandline? just press alt+left to switch to a console
<mathi> RoyK, it says, google is alive
<mathi> RoyK, at about 21%, it goes directly back to "Ubuntu installer main menu"
<rbasak> mathi: in the menu, go down to save debug logs and pastebin them?
<mathi> ok second
<mathi> syslog:   http://pastebin.com/raw.php?i=Nzn4PTgc
<mathi> hardware-summary:   http://pastebin.com/raw.php?i=JTGRVsLB
<mathi> partman:    http://pastebin.com/raw.php?i=m7AEp2TT
<mathi> rbasak, ^
<RoyK> mathi: which version of ubuntu is this?
<mathi> RoyK, Ubuntu Server 12.10
<mathi> ubuntu-12.10-server-amd64.iso
<RoyK> dunno - I've hardly installed 12.10...
<RoyK> not sure if it'll solve it, but I'd recommend using LTS releases like 12.04 for servers
<RoyK> I always do, unless it's a test site and I want to test something new and fancy
<mathi> RoyK, but 12.10 is a stable release, no ?
<RoyK> it's stable, but not long term support
<RoyK> !lts
<ubottu> LTS means Long Term Support. LTS versions of Ubuntu will be supported for 3 years on the desktop, and 5 years on the server; with the exception of 12.04 (Precise Pangolin), which will be supported for 5 years on the desktop. The current LTS version of Ubuntu is !Precise (Precise Pangolin 12.04)
 * qhartman also uses only LTS releases on servers
<mathi> ok, i'll go for that because I tried to install Ubuntu server for more than 4 hours, without success
<RoyK> and LTS is generally more stable over time, and is *generally* better kept after by canonical
<mathi> ok thanks I'll try right now:)
<RoyK> that's a lot of time trying to setup ubuntu...
<resno> if you had to allow ftp access which server would you use?
<qhartman> It can be a pain if the release you're using leaves support and PPAs you are using drop it.
<RoyK> mathi: what sort of server is this?
<rbasak> mathi: not sure if wget is available to you in the recovery shell, but if it is, can you try "wget http://archive.ubuntu.com/ubuntu/dists/quantal/Release" and check that you get sensible data?
<mathi> RoyK, i want to make an asterisk server (ipbx)
<RoyK> oh
<rbasak> mathi: apart from that I'm not sure, sorry. It still sounds like a network issue, but I've not seen it before.
<mathi> rbasak, I already shut down, I am going to follow the advices here, to install LTS. except if you are really interested, I can start the server again and check for you
<RoyK> well, are you going to use the asterisk version in the repos, or build from source?
<RoyK> the one in the repos is rather old
<rbasak> mathi: OK no problem. Go ahead with the LTS attempt
<mathi> RoyK, i'll install asterisk 11
<mathi> quite new release
<RoyK> k
 * RoyK used to work with asterisk for three years, some 4 years ago, and isn't allowed to use the needed vocabulary for asterisk pbx in this channel
<mathi> well downloading the 12.04, gonna have a rest, be back later to keep you up to date for this apt issue
<mathi> RoyK, why? :-)
<RoyK> !language
<ubottu> Please watch your language and topic to help keep this channel family-friendly, polite, and professional.
<mathi> ahaha I just got the joke
<RoyK> mathi: it's probably been cleaned up a bit since then, but I know uninett.no still sticks to 1.4 for their service for norwegian universities and colleges because of new bugs
<qhartman> I had much better luck working with the sipX IP PBX stuff than Asterisk.
<qhartman> But it's been multiple years since I mucked with it as well.
<RoyK> qhartman: dunno if sipx can do all of what asterisk can, though
<RoyK> guess it depends what you need
<qhartman> RoyK, True, it doesn't do Voicemail and that sort of thing. I was working with it to integrate voip stuff into an existing legacy PBX system.
<qhartman> IT was not standalone
<qhartman> But sipX was much easier to get going and less quirky than Asterisk
<RoyK> if it's just a sip proxy you need, I guess SER/OpenSER/SpenSIPS would do better than asterisk
<RoyK> s/Spen/Open/
<dokg> I am trying to boot from a USB external hard drive. It works for Ubuntu 12.10, but doesn't for the 12.04 LTS release
<dokg> I get for the latter, the error: "No DEFAULT or UI configuration directive found!"
<dokg> rbasak, still here ? :$
<raub> Quicn-n-easy question: shouldn't the reverse zone entry (in named.conf.local) for 172.16.101.64/27 look something like zone "64-27.101.16.172.in-addr.arpa" IN { [...] }; ?
<frojnd> Hi there.
<frojnd> When I perform sudo apt-get update && sudo apt-get upgrade It says: The following packages have been kept back: linux-generic linux-headers-generic linux-image-generic and the following will be upgraded: dpkg dpkg-dev libdpkg-perl libfreetype6 linux-libc-dev
<frojnd> it keep em back all the time, where is set this?
<RoyK> frojnd: what version?
<frojnd> RoyK: 12.4
<RoyK> it really shouldn't hold back linux-generic and friends
<RoyK> report a bug
<maxb> Really?
<maxb> Surely this is far more likely to be a artifact of the peculiarities of packages installed on this system than a bug?
<maxb> The packages could be on hold status, or there could be some kind of other dependency holding them back
<frojnd> maxb: where do I check if it's on hold status?
<maxb> 'dpkg -l linux-generic linux-headers-generic linux-image-generic', look at the first column
<frojnd> I already got server  when it was installed alreeady
<frojnd> maxb: it's ii for all three
<maxb> Not on hold, then.
<frojnd> 3.2.0.31.34
<frojnd> They are all this version
<frojnd> http://paste.ubuntu.com/1556497/
<maxb> I'd guess some other package dependency holding the others back
<frojnd> is there a log for apt?
<maxb> Current is 3.2.0.36.43
<frojnd> But that's just an speculation and blind guessing
<maxb> Oh, of course they're held back
<maxb> plain 'upgrade' only upgrades packages which don't require new packages to be installed to satisfy dependencies
<maxb> The whole point of those linux packages mentioned is to cause the installation of new kernel package version/names, by dependency
<frojnd_> maxb: if you wrote something I didn't receive due to change of IP...
<maxb> 20:34 < maxb> Oh, of course they're held back
<maxb> 20:35 < maxb> plain 'upgrade' only upgrades packages which don't require new packages to be installed to satisfy dependencies
<maxb> 20:35 < maxb> The whole point of those linux packages mentioned is to cause the installation of new kernel package version/names, by dependency
<frojnd_> ok
<frojnd_> so when other packages will need upgrade so will those three
<frojnd_> if I understand this correctly?
<maxb> Um. I don't really understand what you're trying to say, but I think the answer is "No."
<maxb> What you need to do, is to read the descriptions of 'upgrade' and 'dist-upgrade' in the apt-get manpage
<maxb> That explains the difference pretty well
<patdk-wk> upgrade only installs current stuff
<patdk-wk> dist-upgrade installs NEW stuff
<frojnd_> aha
<frojnd_> I see
<Quest>  what are the different foip fax over ip software
<frojnd_> In practice what's more secure upgrade or dist-upgrade? For people who has been using ubuntu-server for more then 6months?
<mdeslaur> you need to use dist-upgrade to get all the security updates
<frojnd> mdeslaur: I was concinred about that if I do dist-upgrade I might upgrade release, but then I found out that this could be done if I had modified /etc/apt/sources.list and also that this is now know as full upgrade not release upgrade
<frojnd> this is now known as full upgrade
<RoyK> mdeslaur: erm, shouldn't an upgrade get all the security updates, while dist-upgrade would get the low-priority upgrades?
<stgraber> RoyK: no, dist-upgrade just means that in the event where an extra package needs to be installed or removed to satisfy the upgrade, apt will do so
<stgraber> RoyK: upgrade (also known as safe-upgrade) will never add or remove a package on your system and will instead prevent any package the would pull or remove packages from getting installed
<mdeslaur> In stable releases, it should be fine to always use dist-upgrade. In the dev release, you have to be careful, and possibly use upgrade sometimes when the archive is in a state of flux.
<frojnd> linux-headers-3.2.0-36 linux-headers-3.2.0-36-generic linux-image-3.2.0-36-generic <- this requires reboot, is there a workarouind?
<stgraber> you can install them now, it won't force you to reboot, though you won't get the fixes (and potential security fixes, I don't know that particular version) until you reboot
<frojnd> stgraber: so the only way is to reboot
<mdeslaur> RoyK: occasionally security updates do have to pull in a new package, so if you're not using dist-upgrade, you're missing out.
<stgraber> frojnd: usually any package update requires the affected software to be restarted, when that's the kernel, it means a full system reboot
<frojnd> stgraber: roger that.
<frojnd> Let's time it then
<stgraber> ksplice allows you to apply some fixes online without reboot but that's an external service provided by Oracle and I'm not sure we actually support it in any way (and I've had quite a few weird kernel bugs caused by it in the past)
<RoyK> frojnd: it doesn't require an immediate reboot, but one to replace the running code
<Quest>  what are the different foip fax over ip software
<frojnd> RoyK: yeah I know that but eventually I have to do it. I might as well do it now when noone is wokring on it
<RoyK> Quest: foip is fax over ip using T.38 which is rather tricky, since T.38 is a rather wide standard
<frojnd> stgraber: ah yeah that.
<RoyK> fax over ip is just foip
<RoyK> or perhaps a scan-email-gateway
<Note> Hello, I am having problems adding a repository
<Note> I get add-apt-repository: command not found
<Note> I added python-software-properties
<Note> but I still get the same erro
<Note> r
<RoyK> Quest: the timing in t.38 must be really strict for T.30 traffic to get through well
<RoyK> Note: google that ;)
<Note> I did, and every google search says add python software properties
<Note> I added it and installe
<Note> And I still get command not found
<frojnd> I have GRUB_TIMEOUT=10 in /etc/default/grub in what should I change it to reserve seconds?
<RoyK> Note: python-software-properties installed?
<Note> RoyK, yes
<frojnd> But GRUB_DEFAULT=0
<Note> Setting up python-software-properties (0.92.9) ...
<Note> root@vps:~# sudo add-apt-repository ppa:nginx/stable
<Note> sudo: add-apt-repository: command not found
<Note> root@vps:~# sudo apt-get install python-software-properties
<soren> roaksoax: Are you able to stop by #ubuntu-meeting to talk about your SRU request?
<Note> RoyK,
<Note> python-software-properties is already the newest version.
<Note> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
<Quest> RoyK,  how do i know i have t38 support? i have asterisk pbx runing
<Note> nevermind
<Note> i was doing add-apt
<Note> its apt-add
<Note> doh!
<Note> hm, that didn't work either
<soren> roaksoax: Oh, it's not on the agenda anymore. Never mind.
<RoyK> Quest: well, asterisk is supposed to have some t.38 support, but even with spandsp (some 4 years ago), it didn't work properly. Steve Underwood, who wrote spandsp, didn't want to commit his code to Digium's regime, so digium apparently took some of it and wrote their own stack. Better ask on #asterisk for more info
<Quest> thanks
<RoyK> Quest: Digium isn't playing nicely with GPL - they apparently take pure GPL code and pour into asterisk, which is dual licensed
<frojnd> Omg
<Quest> hm
<frojnd> 2minute s12 seconds boot time
<frojnd> 2minutes 19seconds from the moment I run sudo reboot :o
<frojnd> This a lot don't you think?
<RoyK> frojnd: depends what sort of disk you've got and how many services running, and how slow the BIOS is
<RoyK> frojnd: better time it from the time you hit enter in grub and to the login prompt
<frojnd> RoyK: I don't have pysical access.. it's dedicated server
<frojnd> Let me find out what disks I really have
<RoyK> frojnd: no bmc/drac/ipmi/something?
<frojnd> RoyK: where?
<frojnd> RoyK: hdparm -I /dev/sda http://paste.ubuntu.com/1556630/
<RoyK> frojnd: some (or most?) servers have possibilities for remote access when the OS is down
<frojnd> RoyK: I can remotely go to rescue mode
<frojnd> if I *mess* something up
<hallyn> stgraber: hm, did i never send the patch to lxc-devel to close the rootfs.hold fd?  i thought i sent it last week...  but not seeing it in my mbox
<RoyK> erm... why that hdparm output? it doesn't say much
<RoyK> frojnd: smartctl -a may say a bit more if you're afraid of hardware errors
<frojnd> RoyK: I'm not but I can perform it
<frojnd> they keep backups..
<frojnd> I mean it's in raid
<RoyK> frojnd: you're not what?
<frojnd> :D
<stgraber> hallyn: I think you did, I just haven't reviewed it yet. Let me check
<stgraber> hallyn: "[PATCH] don't leak the rootfs.pin fd into the container"
<hallyn> stgraber: phew.  ok.  no hurry, i just wanted to make sure i didn't forget to send it.
<stgraber> hallyn: reviewed and acked. Pushing to staging now
<stgraber> hallyn: I think I also still have something to review on the per-container logfile stuff
<hallyn> stgraber: perhaps not, bc i pushed one or two myself
<hallyn> (since the pile ws becomign confusing)
<hallyn> just sent the first patch (of probably 3) for lxc-attach for user namespaces
<frojnd> RoyK: http://paste.ubuntu.com/1556652/
<frojnd> RoyK: read speeds are ok
<RoyK> frojnd: what raid config was this? is this write?
<frojnd> sudo hdparm -tT /dev/sda
<frojnd> ah raid
<RoyK> 100MB/s to a single drive is ok
<frojnd> I only run a few services
<RoyK> well, then don't bother about I/O
<RoyK> what you get here is sufficient
<frojnd> pstree: http://paste.ubuntu.com/1556670/
<RoyK> what about it?
 * RoyK flags n00b
<frojnd> just to see how many services server is running
<RoyK> ps faxw is probably better for showing what's on
<frojnd> http://paste.ubuntu.com/1556675/
<frojnd> not much :P
<frojnd> Can you suggest me some good security tutorials for admins?
<RoyK> first of all, don't install more services than needed
<RoyK> second, use ufw to open only needed ports
<frojnd> RoyK: that is already done
<RoyK> third, use something like denyhosts to block ssh worms and such
<RoyK> that covers most
<RoyK> well, of course, use common sense in choosing passwords
<RoyK> long ones are good
<RoyK> http://xkcd.com/936/
<patdk-wk> heh, anything >12chars is reasonably secure currently
<patdk-wk> I'm more into the 20-30 length though
<RoyK> that xkcd thing is rather good, though
<patdk-wk> yep
<frojnd> where do you store it? keepassx or similar?
<frojnd> RoyK: it's great :)
<patdk-wk> I had a website today that required 9 letters only, not 8 or 7, or 10, but exactly 9
<patdk-wk> I use keepass :)
<RoyK> frojnd: no need to store a password you can remember
<frojnd> RoyK: true that :)
<frojnd> RoyK: but when you have a lot passwords :D
<frojnd> and I mean 20+
<patdk-wk> royk, even after using a different password for 50+ websites?
<frojnd> thigs starts to get interesting..
<RoyK> then I use keepassx for the less secure ones
<frojnd> hehe
<frojnd> do you extra encrypt it?
<RoyK> well, I store the keepassx data on an encrypted partition :P
<frojnd> what if you forget to power off that hard drive :P
<RoyK> it should be consistent enough
<RoyK> so long as keepassx hasn't done anything recently
<frojnd> mhm
<RoyK> and I have backups...
<RoyK> encrypted, of course
<frojnd> RoyK: do you upload the to clouds too? like dropbox or now "mega"
<frojnd> or only other secure serveres
<RoyK> tertiary backups goes to crashplan, which is said to be encrypted
<RoyK> dunno how true that is, but really, I hope I don't have to find out
<frojnd> heh
<frojnd> denyhosts is slick
<frojnd> I'm looking how to configure it but I see now that it configures everything by some rules
<patdk-wk> royk, they are encrypted fine
<patdk-wk> but if someone else uploads the *same* file, they will know what *your file* is
<patdk-wk> but unless there is a dup match, it's prefectly secure
<mathi> RoyK, I finally tried to install 12.04 LTS, but it fails earlier in the installation process : Configure the network. Network authentication failed. Your network is probably not using the DHCP protocol. Alternatively, the DHCP server may be slow or some network hardware is not working properly
<mathi> I suspect it's the latter possibility mentionned, as it worked nicely in 12.10
<mathi> maybe 12.04 cannot detect my wireless card :(
<mathi> what should I do in this case ?
<patdk-wk> just don't bother, setup wireless after it's installed
<mathi> patdk-wk but I already installed ubuntu server without internet and I gave up ...
<mathi> because too many problems afterwards
<sander__> Do any brand ship servers preinstalled with ubuntu-server?
<mathi> why can't Ubuntu see my wireless card ? :( why on Windows I never have that problem
<mathi> sigh
<Fleck> mathi: lspci + google
<Fleck> or lsusb if USB wireless card
<mathi> omg... Ubuntu Server 12.04 gives same error as 12.10 at installation for me
<mathi> it just doesn't go beyond "Configure the package manager"
<mathi> Scanning the mirror...
<mathi> and goes back to main menu
<mathi> ok I think i'm done with this os
<RoyK> try installing without setting an ip address
<RoyK> might be something bad with the installer on your hardware
<mathi> RoyK, i skipped the network part
<RoyK> ok
<mathi> because 12.04 couldn't conect on the internet
<mathi> I will install Lubuntu and i'll see of it gets any better ...
<RoyK> mathi: I've installed ubuntu without networking a few times
<RoyK> mathi: is this a vm?
<mathi> RoyK, no
<mathi> it's a ZOTAC computer
<mathi> ZOTAC ZBOX SD-ID12 - Intel Atom Dual Core D525 Intel GMA 3150 Wi-Fi N
<RoyK> never heard of the brand
<RoyK> cabled networking somehow?
<mathi> http://www.techfresh.net/wp-content/uploads/2011/08/Zotac-ZBOX-SD-ID12-U-Barebone-Mini-PC-11.jpg
<mathi> RoyK, i don't have cable, only wifi
<mathi> i could ... but i should move all my stuff
<RoyK> try disabling wifi in the bios
<RoyK> iirc wifi support in the installer isn't too good on the server platform
<RoyK> works well with manual config, though
<RoyK> good luck - I'm off to bed
<mathi> RoyK, the manual config asks domain name etc
<mathi> quite strange
<Shogoot_ofwork> Hi people. Im setting up my first Ubuntu-server. I was wondering if im going to use RAID, and need to ask. The laptop im using as server has a 166 GB drive and i have a 500GB second hd attached to it. does it make nay sense to use RAID1, would the effect be that i only would have a 166GB Hd to write to? as the necesarily mirror each other?
<bradm> Shogoot_ofwork: correct, raid1 needs to have same sized paritions to work with - I guess you could partition off the > 166G part of the external disk and use it, but I haven't done that before.
<Shogoot_ofwork> ok thanks. i guess its a no go, as i the data on the resting 334GB of the second drive would not have the backup i want it to have if using RAID1
<bradm> wait, raid is _not_ backup.
<Shogoot> its a mirror its what i meant ;)
<bradm> but, yes, the rest of the disk wouldn't be protected.
<Shogoot> bradm, thanks for the help
<Note> Hello, I have a VPS running nginx, mysql and php, I have created a contact form that links to a .php document enabling visitors to send messages using the website and for me to receive the message sent from the website
<Note> however, i am not receiving the email, i think it is down to my server
<Note> what do i need to install for my server to be able to forward the mail on?
#ubuntu-server 2013-01-22
<Note> the email i want it to send it to is hosted by google apps using the domain of my website
<Note> and i can receive/send emails to it normally
<Note> just not from a form or from my server
<RoyK> Note: try installing postfix
<Note> yeah i just installed postfix
<Note> still isn't sending it
<Note> no idea what I'm doing lol
<RoyK> read the mail logs
<Note> http://serverfault.com/questions/119105/setup-ubuntu-server-to-send-mail
<Note> i followed that
<patdk-lap> well, postfix would be way overkill
<RoyK> not really
<patdk-lap> a nullmailer would be much simpler
<RoyK> postfix is simple to setup
<Note> as long as i can get something to work
<Note> i don't really mind what it is
<Note> postfix is already set up with the settings and installed
<Note> it just won't send
<Note> o_o
<Note> hm
<Note> i just got
<Note> Heirloom mailx version 12.5 6/20/10.  Type ? for help.
<Note> "/var/mail/root": 2 messages 2 new
<Note> >N  1 Mail Delivery Syst Tue Jan 22 00:14   72/2154  Undelivered Mail Returned
<Note>  N  2 Mail Delivery Syst Tue Jan 22 00:15   65/1938  Undelivered Mail Returned
<RoyK> pastebin the content of one of those
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Note> but it has my domain on it
<Note> D:
<Note> can i pm you it?
<Note> instead of saying it publicy
<RoyK> sure
<RoyK> still
<RoyK> if you have the domain name in public, it shouldn't bother you to paste the name
<Note> patdk-lap,
<Note> do you know postfix?
<patdk-lap> yes
<Note> Ok, can I pm you with a problem? I pm'ed RoyK but he's tired and doesn't want to help
<Note> If you don't mind that is
<patdk-lap> I don't do pm's
<Note> :/
<Note> Don't really want to put this into a public channel but here goes
<patdk-lap> sorry if your stuff is that secret, you shouldn't be on the internet
<Note> [00:20:43] <Note>	 ok, so firstly this
<Note> [00:20:47] <Note>	 http://pastie.org/private/xhi5qzks9lh0dioopqfsq
<Note> [00:20:48] <Note>	 then
<Note> [00:20:54] <Note>	 http://pastie.org/private/amfpju8lt4awhzo9aea4qw
<patdk-lap> it's postless to post anything other than postconf -n and your mail.log
<Note> where would i find my mail.log?
<patdk-lap> in /var/log
<patdk-lap> I can guess though, that you messed up, mydestination
<Note> here is postconf -n
<Note> http://pastie.org/private/ns1yi2yocpal2nbczv9yqg
<patdk-lap> why is admoxly.me in mydestination?
<Note> what should it be instead?
<Note> i want it to go to my email, hosted by google apps
<Note> that uses @admoxly.me
<patdk-lap> whatever it handles email for
<patdk-lap> that it OWNS
<patdk-lap> basically empty
<patdk-lap> but localhost is fine too
<patdk-lap> next, myhostname and myorgin should be the full name of your server
<Note> here is the log
<Note> http://pastie.org/private/yvsbuhyi6nnsyeahge9lw
<patdk-lap> something like, web.admoxly.me, or whatever you call it
<patdk-lap> and then, the name you used there should match your dns entries
<patdk-lap> forward and reverse
<patdk-lap> but mydestination will fix your current issue
<Note> so if i remove admoxly.me from mydestination
<patdk-lap> fixing the others will stop it from always going to spam, or getting rejected
<Note> the full name of my server is admoxly.me
<Note> or do i have to create a subdomain?
<PatrickDK> you didn't give your server a hostname?
<PatrickDK> hostnames are required
<Note> yes, my hostname is admoxly.me
<Note> is that a problem?
<PatrickDK> that is a domain name, not a hostname
<PatrickDK> hostname.domainname
<PatrickDK> hostname = ???
<PatrickDK> domain = admoxly
<PatrickDK> tld = me
<PatrickDK> if you want to send email from a server, it must be setup 100% correct
<PatrickDK> or the receivers won't accept it
<Note> is there a command i can run in terminal to find out my hostname?
<PatrickDK> hostname :)
<Note> root@admoxly:~# hostname
<Note> admoxly
<PatrickDK> so you messed up the installation
<PatrickDK> but that doesn't matter at all
<PatrickDK> all that matters is what the postfix thinks it's name is, and that all your dns entries match
<Note> what is the main file that i need to edit to fix this all?
<Note> then if you don't mind ill ask if i get stuck on a certain part
<Note> postfix/main.cf
<Note> or
<Note> postfix/master.cf ?
<Note> what will my
<Note> myorigin = /etc/mailname
<Note> be?
<Note> is that correct?
<Note> ohhh
<Note> sendmail is now working in terminal
<Note> sending to my domain
<Note> finally got it fully working
<Note> thank you very much PatrickDK and patdk-lap
<Note> but when i receive an email from the contact form the email is www-data@admoxly.me
<Note> is it possible to change www-data to contact
<patdk-lap> you have to change that in php
<Note> i wrote the .php file myself and no where within that does it say www-data
<patdk-lap> that is why it says that
<patdk-lap> you lacked to specify what it SHOULD say
<Donks> :)
<Note> I'm guessing it would be $from
<Note> ?
<patdk-lap> not sure, but likely not
<patdk-lap> there are TWO from's in an email
<Note> there is?
<patdk-lap> the from header, that is meaningless
<patdk-lap> and the envelope from
<Note> ah, the $from is the from header
<Note> i need to change the envelope from (the sender) ?
<patdk-lap> that should be easily googlable
<Note> http://www.flynsarmy.com/2012/04/change-default-from-email-name-from-www-data/
<Note> got it
<Note> :)
<Note> thank you
<sixstring> mod_proxy_html is killing me. for three days, i've been trying to make it change link URLs in response content. i'm on precise, and i just can't get the right config settings. i've tried a million different ways. anyone have a *working* reverse proxy that rewrites URLs in HTML links?
<sixstring> http://blog.sam-pointer.com/2009/11/17/building-and-installing-mod_proxy_html-and-mod_xml2enc << this looks pretty comprehensive, but it's for apache, not apache2.
<sixstring> how the heck do i even verify that mod_proxy_html is alive? i can't see anything in the log related to it. can i force it to choke, so i at least know it's alive?
<sixstring> is there another way i can munge content from my webapp that i'm proxying?
<samba35> i have 3 linux system and some time confused with hostname and ip and port  so , is there any way to get login prompt with system name (and /or with  uname -a) detail at ssh login prompt
<sixstring> holy gcc, batman! looks like i'm going to have to build mod_xml2enc.so for myself. why is there no package via apt-get?
<sixstring> http://pastie.org/5802458 << it looks like mod_proxy_html isn't getting fired at all. any thoughts? (3 days of googling, and i'm about out of ideas myself)
<sixstring> OK, how about modproxyperlhtml, instead of mod_proxy_html ?
<hallyn> zul: I'm starting to think we need a newer libvirt for QMP stuff to work righth with qemu 1.3.0
<hallyn> don't suppose you have a candidate package sitting around somewhere?
<vhadil> hy how to fix this, i use ubuntu server 10.10
<vhadil> http://dpaste.com/886397/
<TheLordOfTime> vhadil, as i said in #ubuntu, 10.10 is end of life, which means unsupported, really, you should upgrade to a supported version
<hallyn> zul: ok, so yeah, we'll need newer libvirt.  It was a pretty painless merge, but i seem to recall you had some things in mind for it - so let me know if you'd rather do it yourself, or have me do it.  (this is for bug 1102487)
<uvirtbot> Launchpad bug 1102487 in libvirt "VM won't boot after recent qemu upgrade" [High,In progress] https://launchpad.net/bugs/1102487
 * hallyn out
<vhadil> damn reinstal again
<melvincv> hi all. We are a small web hosting company with around 80 websites. We run LAMP, postfix+courier-imap, FTP and DNS services. Optimal server configuration?
<melvincv> Plz let me know what hardware configuration to use to get a good performance.
<melvincv> guys?
<melvincv> We have a quad core AMD CPU with 8GB RAM, it's inadequate now.
<melvincv> (in fact, my desktop has the same config lol)
<mysteriousdaren> melvincv: how much load on that machine?
<melvincv> load average?
<melvincv> load avg is usually 1.5 to 2
<melvincv> now it's 1
<voxadam_> How do I mount a SMB file system on every boot?
<vhadil> hy i want to build server, what version stabel
<vhadil> 12. ???
<vhadil> plz comment
<voxadam_> 12.10
<stanman246> hi anyone using nfsen or cacti?
<alex88> hi guys, upstart shouldn't log jobs outputs into /var/log/upstart?
<daniel_-> anyone can help me? I get this when I try to deploy to my ubuntu server  "sudo: no tty present and no askpass program specified"
<rbasak> daniel_-: I know what that means, but not how to help you. Can you describe how you got to that problem? How are you trying to deploy to your ubuntu server?
<zyga> hi, I'm using juju o quantal with the ppa:juju/pkgs ppa
<zyga> juju deploy $ANYTHING fails
<zyga> http://pastebin.ubuntu.com/1558994/
<zyga> it fails with "2013-01-22 13:48:50,275 ERROR Error processing 'cs:quantal/ubuntu': entry not found"
<zyga> any hints?
<Tboat> hey all, was wondering if someone could help me to get my postfix mail to forward to gmail, I have an alias set up, but it does not seem to be working.  i can send mail to gmail via command line, however, it will not automatically forward mail from my user box to gmail
<zul> hallyn: do you want to do it or do you want me to do it (update libvirt)
<phretor> anybody using ipmitool? ipmitool -H ... -U ... -P ... sol set volatile-bit-rate 115.2 1
<phretor> Error setting SOL parameter 'volatile-bit-rate' to '115.2': Parameter out of range
<hallyn> zul: was there anything you wanted to play with first in this new release?  If not I can do it (later today).
<zul> hallyn: nope
<hallyn> zul: actually.... have you been just manually moving debian/ into the new release, or using uscan or something?
<zul> manually
<hallyn> zul: ok, i'll do it
<Linux39> Hi all
<Linux39> i have installed linux ubuntu 12.10
<Linux39> may i know how to publish a small html web site
<Pici> Linux39: Take a look at https://help.ubuntu.com/12.04/serverguide/httpd.html
<daniel_-> rbasak: I get the error "sudo: no tty present and no askpass program specified", when I push a git repo to /var/git/xxx which deploys to /var/www/xxx
<resno> daniel_-: this is more a #git question, but are you using post-recieve hook or what?
<daniel_-> using a deploy tool
<daniel_-> it worked 1 month ago when I deployed the last time. didnt change any server or repo settings, now I get the error
<rbasak> daniel_-: git just calls ssh, which by default doesn't allocate a tty when calling a command on the other end.
<rbasak> daniel_-: you could configure ssh to always request a tty for that host by default - see the ssh_config manpage, RequestTTY option.
<daniel_-> alright thx
<rbasak> daniel_-: or you could configure sudo to not prompt for your password on your server. That's the NOPASSWD option - see the sudoers manpage
<daniel_-> appreciate your help. Ill check it out
<rbasak> No problem
<minorix> hello all
<minorix> anyone familiar with Snort IDS?
<rbasak> !anyone | minorix
<ubottu> minorix: A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<Donks> was running an openmediavault server with 2 3tb drives in raid 0
<Donks> unmounted my rad array and installed frsh ubuntu server
<Donks> how can i a. mount my raid array  or b. break down and destroy the raid array so i can start fresh?
<xnox> Donks: use ubuntu-server cd to activate raid and install
<Donks> should i be able to take a raid array from 1 system and seemlessly mount it in another?
<xnox> Donks: or use mdadm --zero-superblock to wipe raid of each drive.
<xnox> Donks: if you keep the same host name you should be ok.
<Donks> changed hostnames
<xnox> Donks: to start clean, zero out the superblock and reinstall.
<Donks> i think ide like to start fresh for its just s fileserver.seedbox and im goiing to just rsync
<Donks> less headaches imo
<mwcampbell> It just occurred to me that a good use of Ubuntu's trademark policy would be to demand that all cloud infrastructure providers use Ubuntu's official cloud images for images bearing the name Ubuntu.
<mwcampbell> Is this already the case, by any chance?
<mwcampbell> It would be a means of quality control, and would help Canonical by further promoting Landscape and (I guess) Cloud Guest support
<pythonsnake> Hi.
<rbasak> mwcampbell: from http://www.ubuntu.com/aboutus/trademarkpolicy, any commercial use requires a licence, AFAICT. So cloud providers interested in providing Ubuntu images should contact Canonical. But IANAL, and I'm just reading the published trademark policy and can't represent any official position on this.
<zul> yolanda: ping https://code.launchpad.net/~zulcss/nova/nova-updates/+merge/144333
<yolanda> let me see
<yolanda> oh, a new package is being generated?
<Note> Hello, I have set up a virtual host with nginx however if i go to www.domain.tld it takes me to the 'Welcome to nginx!' screen, but if i do domain.tld it goes to my website
<Note> Why is this?
<qman__> because www.domain.tld is a different domain name than domain.tld
<qman__> you need to redirect www.domain.tld to domain.tld
<Note> In my default or my domain.tld sites-available ?
<qman__> or the opposite, whichever you prefer
<qman__> I'm not familiar with nginx's configuration, but you need to specify an additional virtualhost with a 301 redirect
<pythonsnake> What's a decent starting guide for NGinx?
<miguitas> pythonsnake: http://wiki.nginx.org/GettingStarted check cookbook section
<Note> nginx: configuration file /etc/nginx/nginx.conf test failed
<Note> ugh
<zul> yolanda: did you merge the other branches yet?
<yolanda> yes, i did it
<yolanda> i havent' checked in jenkins, should we try a rebuild?
<zul> yolanda: im doing that now
<yolanda> ok
<yolanda> are you building quantum and keystone also?
<kirkland> niemeyer: ping
<kirkland> niemeyer: we have a new server package written in golang, in the raring new queue, pending review for acceptance into universe
<kirkland> niemeyer: we were wondering if perhaps you or someone on your team might like to review it for packaging correctness and suggestions?
<hallyn> zul: pushing candidate libvirt-1.0.1 to ppa:serge-hallyn/crossc, will do some testing later
<zul> hallyn: okies
<zul> hallyn: hda-duplex with qemu/libvirt is telling me i need a newer libvirt right?
<zul> hallyn: im getting this when building locally http://pastebin.ubuntu.com/1560288/
<hallyn> zul: yeah
<hallyn> unfortunatley the libvirti  uploaded has two build bugs
<zul> that being one of them :)
<hallyn> the one is trivial (get the RESUME patch from upstream), but the other is more work (the dnsmasq one to make it run as user)
<hallyn> oh,
<hallyn> yeah :)
<zul> looks like an incomplete transtion to me
<hallyn> just grab commit aedfcce33e4c2f266668a39fd655574fe34f1265 from git, and replace the backported one in our package with that
<RoyK> If anyone here works with raid setups, this one is rather educational in terms of differences between drive types http://kurl.no/8gly
<HanP> How to increase the cmoncurrent connections?
<RoyK> of what?
<HanP> Of a ubuntu server
<RoyK> well, of what service?
<RoyK> linux/ubuntu supports rather a lot of concurrent connections
<RoyK> some services are more limited
<HanP> Last friday i had a promotion and 15 000 people connecting to my server and the apache processes was limited to 256 maxclients
<RoyK> that's apache, not ubuntu ;)
<HanP> Yes I know
<HanP> Wrong channel?
<RoyK> well, you might want to try #httpd, but I guess some people in here are able to help - what mpm?
<HanP> the normal one, just out of the box
<RoyK> with php?
<HanP> MPM prefork
<RoyK> that's normal with php (since it doesn't support -worker)
<sarnold> HanP: so... if you know the variable you want to change (maxclients), why are you asking us for help? I'm curious if I'm missing something...
<HanP> php 5.3.10
<HanP> Yeas I know but can I increase the number of Maxclients?
<HanP> to 15 000
<sarnold> you might wish to try e.g. 512 first :) doubling a tunable value is not a small start...
<HanP> Yes but I don't know how to test concurrent connections
<sarnold> HanP: the 'ab' tool may be able to help
<sarnold> (apache bench)
<HanP> I was trying JMeter, Tsung, ab
<RoyK> AFAICS, the default is 150 on 12.04
<qman__> HanP, those variables are not strictly maximum connections, you don't want to set it to 15000
<HanP> YEs I know but I allready increased it
<sarnold> .. but when your users are over a modem connection or on the other side of hte world, their connection may not handle quite the same way...
<qman__> if your server was completely overloaded, doubling is a good place to start
<RoyK> HanP: increasing that to 15k may not be a good idea, since you'll probably run out of memory
<HanP> 95% is fast connection and the promotion is only in our country
<qman__> and then you can use benchmarking tools to figure out what it can handle
<HanP> Yes I know but I don't know the benchmarking tools so good
<qman__> also, prefork and mod_php are not so great for handling lots of connections
<qman__> if you have a very high load you should probably look into setting it up differently
<HanP> Or is nginx a better solution?
<RoyK> HanP: there's a perfectly good reason for that limit to be low, the concurrent connections are the actual connections (typically per second, unless your hardware is really slow), so if you set it to something like 15k, DDOSing your server will be rather easy
<RoyK> even DoSing it from a single client
<HanP> Ok I understand
<qman__> HanP, there are lots of options, but even just changing to worker and php fastcgi instead will reduce the resources needed per connection
<qman__> that's not without consequence, though
<RoyK> HanP: if you have very high load, you also should consider using a caching server in front, like varnish or squid
<qman__> there's a reason prefork and mod_php are default
<RoyK> caching is important with high loads...
<RoyK> varnish is excellent for this, but takes a wee bit of time to get used to, especially if you're using cookies
<qman__> when you're talking about high volumes, it takes trial and error and some testing to get it right
<HanP> And what do you mean with caching because all de hostsjust getting 1 php file
<HanP> And all the images are hosted in a CDN
<RoyK> then, really, you shouldn't be hitting a limit
<sarnold> what was memory use like when you were getting hammered? were you going into swap already?
<RoyK> unless someone is trying to DoS you :P
<sarnold> it'd be possible to write a PHP script poorly enough that you'd be in a world of hurt on even light load..
<HanP> No totally not
<MraAlbertina> ello. what's the best way to achieve a private grid computing system in order to run a ubuntu server environment?
<RoyK> it's quite possible ;)
<MraAlbertina> hello, either :)
<HanP> Yes but the php script was not poorly written
<sarnold> MraAlbertina: have you seen maas.ubuntu.com yet?
<sarnold> HanP: okay, good :)
<HanP> It had just to insert 15 000 inserts on 1 second to register the product sales
<MraAlbertina> not yet sarnold. thanks
<RoyK> HanP: eh... url?
<HanP> That link is allready gone because the product isnt available anymore
<MraAlbertina> sarnold: i just started with this idea, did a couple net searches..
<HanP> But next friday we have a new bigger promotion
<RoyK> HanP: if you made a really good website and a good product etc, perhaps you should need a faster database, and perhaps front-end caching
<RoyK> HanP: but then, if the static material is offsite, you shouldn't need too much caching
<qman__> right, the database could be the bottleneck too
<RoyK> qman__++
<qman__> if you're running LAMP it's pretty common
<qman__> it's a superb small time setup but it doesn't scale well
<HanP> The only thing that the server must do is put all the clients together and at 18h00 they must insert into a database and get into a queue system
<RoyK> HanP: the default config of mysql uses rather little memory
<qman__> HanP, the only way to know where the problem is, is to watch the server while it's under that load
 * RoyK has almost stopped using mysql and sticks to postgresql instead - far better 
<qman__> so you need to set up a test page, aim some spammy benchmarks at it, and watch what happens
<HanP> I know but its difficult because it will last only a couple of minutes
<HanP> oke but what is a good benchmark tool?
<RoyK> HanP: the quick way is to apt-get install sysstat and enable it + start it - it'll show the load - probably high i/o load if it's related to mysql.
<sarnold> HanP: so you've got 15000 users all hitting "submit" on a form at the same second?
<HanP> Is ab really good with concurrent connections?
<HanP> Yes sarnold
<sarnold> wow ;)
<RoyK> sarnold: what sort of disk subsystem?
<HanP> That I don't know because it is just Amazon AWS xlarge
<RoyK> IIRC amazon has cluster setups for these type of things
<RoyK> with 15k users at once, a single host won't do
<RoyK> at least not if the mysql server is running on the same host
<HanP> But if I run a mysql server on another host will it be fast enough?
<HanP> Because it must connect to another server
<RoyK> usually the interconnect is 1Gbps, so it should do
<sarnold> what's the per-process filedescriptor limit for a default apache?
<RoyK> and a dedicated database server is usually better equipped with memory not used by apache etc
<RoyK> HanP: how much memory does the host have? how does your my.cnf look?
<sarnold> HanP: connection setup/teardown will be painful so be sure you've got some kind of connection pooling going on -- would that be better done through a fast_cgi interface?
<RoyK> HanP: using innodb or myisam?
<HanP> my.cnf is just default
<HanP> myisam
<RoyK> myisam is terrible at locking, innodb is better
<RoyK> then perhaps move to innodb
<HanP> Yes but I think I will use a dedicated database of amazon aws then
<RoyK> still, use innodb
<RoyK> not myisam
<RoyK> myisam is *not* good for 15k concurrent inserts
<HanP> oke thank you
<HanP> I'm going to test the server with ab
<RoyK> HanP: better start with converting those tables locally to innodb - take dump first, though
<RoyK> ok
<HanP> Thanks for the information
<qman__> yeah, myisam has table locking, so every time a change is made, it must lock the whole table, where innodb has row locking
<qman__> it's not faster at everything but I'm fairly certain it will help in this case
<RoyK> HanP: or just move to postgresql - it's better in many ways
<qman__> yeah
<RoyK> HanP: if you don't use mysql-specific syntax, the move will be easy
<HanP> Is postgres better then mysql?
<RoyK> yes
<qman__> yeah
<HanP> OK I will test that also
<qman__> I can't think of anything mysql does better
<RoyK> HanP: better try that first
<qman__> postgres has solved most of its issues in recent versions
<sarnold> qman__: I've heard from a friend that in a 99% read-dominated workload, mysql myisam is pretty speedy...
<sarnold> maybe 99.9? they did updates daily..
<qman__> yeah, myisam beats innodb in heavy reads
<qman__> but he's got heavy writes
<RoyK> HanP: mysql sticks to an old caching regime where the dbms must be allocated specific memory resources, where postgres uses the linux caching for most of it
<sarnold> qman__: oh, indeed, I'm just saying that a read-only environment, mysql may out-pace postgres. (which I'd otherwise recommend every time :) hehe
<RoyK> qman__: exactly - mysql is like a filesystem at read speeds, but sucks rather badly on transactions
<HanP> OK I will try
<qman__> the only reason I still use mysql is because I can set it up from memory, where I have to look stuff up for postgres
<qman__> but that will change as I use it more
<RoyK> qman__: heh - I know - but recently, I've gotten to learn the postgres way rather well too ;)
<qman__> I very much like that I don't need to set up and remember a root password
<qman__> just su postgres
<RoyK> or su - postgres
<RoyK> to get the environment correct
<hallyn> kirkland: hey, question...  do you remember why we moved to preferring pa over alsa in qemu?  The launchpad bug doesn't really explain why it's needed.
<HanP> Is ab a good benchmark tool?
<HanP> I use it with gnuplot and if I see the results with concurrent connections the server accpet 500 clients without a problem
<axisys> using arcconf I can turn on led for disk on slot 3.. but how do I find out if that is sdd? I need to replace 4 of those raid10 disks with bigger disks..
<axisys> I don't see fdisk with any option to trigger any read on disk sdd
<axisys> may be dd read lot of blocks while infront of the system ?
<freakynl> anyone have experience with LIO as iSCSI target? Want to enable one username/password for all initiators, but it doesn't work, the parameters don't seem to exist at all. Following http://linux-iscsi.org/wiki/ISCSI under the 'TPG Authentication' section
<freakynl> 12.10 server btw
<frojnd> mhm
<kirkland> hallyn: hmm
<kirkland> hallyn: I honestly don't remember
<kirkland> hallyn: what does upstream qemu default to?
<pythonsnake> What receives most of the load when I use a php application?
<pythonsnake> php-cgi?
<freakynl> pythonsnake: that would depend on how you run php and what it's doing
<pythonsnake> For example, owncloud
<pythonsnake> I run php with php-fpm?
<freakynl> don't know that :) just run it and monitor
<pythonsnake> I'm sorry for innacurate answers, I'm getting started with php and stuff
<pythonsnake> freakynl: What I'm trying to do is
<pythonsnake> I got a VM
<pythonsnake> in that VM is installed NGinx
<pythonsnake> I want to kind of lend the work/load when using the server to the host
<hallyn> kirkland: not sure about upstream, but i'm trying to merge debian as closely as possible, and they have alsa first
<pythonsnake> I thought of a php-cgi socket on the host then forward the port to the guest
<hallyn> kirkland: the lp bug mainly mentioned having alsa enabled, then later mentioned pa over alsa without justification
<hallyn> kirkland: ok - i'll probably sync that bit bck from debian and see what breaks...
<kirkland> hallyn: ack, I think you'll be fine there
<kirkland> hallyn: just make sure you can launch an Ubuntu desktop live ISO and hear the sound
<kirkland> hallyn: that was my test
<kirkland> hallyn: back when Ubuntu had a startup sound
<kirkland> hallyn: bum da bum bum budump bum bum badumbbbbbbbb
<pythonsnake> ubuntu-server is cool
<RoyK> freakynl: IMHO using a non-LTS release for a server, isn't too good
<hallyn> kirkland: whatever happend with your surround sound startup soundn :)
<kirkland> hallyn: I still have the package in a PPA
<kirkland> hallyn: I use it in my theatre room
<hallyn> to freak out the cat
<axisys> how do you define ntp server IP in ntp.conf with preseed?
<axisys> d-i     clock-setup/ntp boolean true
<axisys> d-i     clock-setup/ntp-server string 192.168.1.24
<axisys> did not work
<qman__> problem with virsh and libvirt
<qman__> I created a couple VMs with ubuntu-vm-builder, and they worked great, until my power went out
<qman__> after my system came back up, the machines are not shown in virsh
<qman__> I can start them manually using the run.sh, but this opens them in a foreground qemu
<qman__> apparently there's supposed to be an xml file, but I don't know where, it's not in the VMs' directories
<sarnold> qman__: /etc/libvirt/qemu/<vmname>.xml
<qman__> thanks
<qman__> so now I'm getting unable to create cgroup when trying to start
<sarnold> does mount | grep cgroup show you a pile of mounts? /sys/fs/cgroup/{cpuset, cpu, cpuacct, memory, devices, freezer}
<sarnold> .. on my aptop
<qman__> only one
<qman__> cgroup on /dev/cgroup/cpu type cgroup (rw,cpu)
<sarnold> qman__: hrm. what release? I seem to recall .. 12.04? added the cgroups..
<qman__> 10.04
<sarnold> I was afraid of that, not very experienced there :/
<qman__> hmm
<qman__> I know I ran into this when I first created them
<qman__> but I thought I fixed it by doing this: http://lists.opensuse.org/opensuse-bugs/2011-03/msg01816.html
<hallyn> qman__: easiest is to umount /dev/cgroup/cpu; remove that entry from /etc/fstab, and sudo apt-get install cgroup-lite
<qman__> ok
<qman__> hmm, nothing in fstab
<qman__> I'll search for it
<hallyn> might grep for it in /etc/init/* /etc/init.d/* ...
<qman__> yeah, I've got a /etc/init.d/cgconfig and /etc/init.d/cgred
<hallyn> qman__: d'oh.  do remove those.
<hallyn> (that's actually subject of an on-going SRU)
<qman__> just want to make sure they're not part of installed packages
<qman__> I've got cgroup-bin and libcgroup1 already
<hallyn> qman__: remove those
<qman__> ok
<hallyn> that is, apt-get purge them
<qman__> this is a really old system and I can't remember half the things I did to it, been upgraded since 7.04
<qman__> couldn't find cgroup-lite
<hallyn> you're on precise?
<qman__> no, lucid
<hallyn> oh!  sorry i thought you had just updated from 10.04 to 12.04
<hallyn> sigh.  then i guess you can run cgroup-bin if you like, though it can cause problems with libvirt
<hallyn> you can also just add 'cgroup /cgroup cgroup defaults 0 0' to fstab
<qman__> that doesn't seem to work either, when I try to mount I get already mounted or device or resource busy
<RoyK> qman__: did you manage to get those vms online?
<hallyn> qman__: grep cgroup /proc/self/mounts to see where it is mounted
<qman__> hallyn, nothing
<qman__> RoyK, not yet
<hallyn> qman__: can you pastebi /proc/1/mounts?
<qman__> hallyn, http://paste.ubuntu.com/1560950/
<hallyn> qman__: drat, maybe the kernel is not wanting to change existing compositions
<qman__> oh, I found some garbage in /etc/rc.local
<qman__> removed it, going to try rebooting
<qman__> brb
<hallyn> qman__: running out - will be back in several hours.
<qman__> ok
<qman__> that did the trick, thanks hallyn
<hallyn> qman__: \o/
<MraAlbertina> hi. i have a debian installation on a computer with no  graphics at all, even console. i have access to it trough ssh. I would like to install ubuntu server on it. could you please tell me what's the best way of doing it.
<TheLordOfTime> MraAlbertina, is it your own system or one hosted by some company somewhere?
<MraAlbertina> my own systems
<TheLordOfTime> okay, that's a basic quesiton, but i see it come up sometimes ;P
<MraAlbertina> is it possible to take advantage of debian installation and start from it?
<TheLordOfTime> hate to have to ask you to wait for someone more knowledgeable on the topic, but AFAIK you can't install ubuntu from within Debian...
<TheLordOfTime> but again, i'm not the most knowledgeable one there
<MraAlbertina> ohh :(
<MraAlbertina> i know it was tricky long ago when i did this debian install, due to console and graphics capabilities on the machine
<TheLordOfTime> pardon the asinine question, but why do you want to switch?
<TheLordOfTime> i mean, i know Ubuntu's awesome for servers, but... :P
 * TheLordOfTime almost exclusively uses Ubuntu for servers :P
<MraAlbertina> TheLordOfTime: i want to do a MAAS with this machine
<MraAlbertina> TheLordOfTime: on the other hand, ubuntu has more up to dated packages...
<sarnold> MraAlbertina: can you do the install on another machine and just swap hard drives?
<MraAlbertina> sander__: yes i could do it
<MraAlbertina> oops, sorry, damn tab + fingers, i mean sarnold
<TheLordOfTime> :P
<sarnold> if you had a console of some sort, it feels like it'd be alright to run .. the alternative installer? the net-install disc? .. but without even a console, it feelsl ike it'd be difficult enough to work with it that swapping drives feels appropriate, if annoying.
<MraAlbertina> sarnold: even the MAAS? do i go ahead with that configuration too or just unitl i have ssh?
<TheLordOfTime> agreed with sarnold on that one
<sarnold> MraAlbertina: no idea there :/
<MraAlbertina> TheLordOfTime: + 1 more; he was the one who suggested me to use MAAS a couple hrs ago :P
<MraAlbertina> sarnold: until i get ssh, then do the MAAS by package
<MraAlbertina> that's the hard way tough
#ubuntu-server 2013-01-23
<dingo311> guys, why wont my permissions for alsamixer stick after a reboot? i have to use sudo to run it. this is on server 12. never had this issue with the desktop distro
<dingo311> guys, why wont my permissions for alsamixer stick after a reboot? i have to use sudo to run it. this is on server 12. never had this issue with the desktop distro
<sarnold> dingo311: wild guess: is there policykit on your machine? if not, do you need to add your user accout to the audio group?
<dingo311> sarnold: first part: not sure, fresh install, i added apache2, ssh basically. second part: yes, dingo has been added to group audio
<sarnold> dingo311: does 'id' show that? (adding a user to a group typiucally requires logging out and back in again, or running 'sg' or 'newgrp')
<dingo311> sarnold: no, audio does not appear in id. i will pay attention now when i log out next. also, does server have some issue against ssh-keys. i am having a terriable time but have done it before.
<sarnold> dingo311: I've never heard any issues with ssh keys; unless you've generated your key on a debian system with busted OpenSSL random number generator a few years ago and your key is in the blacklist as a result of being generated with low entropy...
<qman__> yeah, but that shouldn't happen anymore
<qman__> of course I did run into it just a few months ago, on a debian 4 server
<dingo311> sarnold: that cant be it. i will go back over the tut, i must be missing something. i dont set up keys very often
<dingo311> my only other issue since installing yesterday is today all services where unreachable. i thought system lost power but power was still on, a reboot fixed it.
<sarnold> dingo311: oh. that's odd. firewall settings? was it behind a NAT firewall?
<dingo311> sarnold: not sure about the settings, havent changed anything. no NAT firewall. wireless router
<sarnold> dingo311: unreachable by ip or by name or both?
<dingo311> sarnold: i have a ddns setup, that wasnt working, then when i got home local ip 192.168.0.1 wouldnt open router config.
<sarnold> dingo311: 192.168.1.1? I've had default-configuration routers on both 0.1 and 1.1...
<dingo311> sarnold: this is dlink, none of the ip's worked
<patdk-lap> some actually to 2.1
<sarnold> hehe, funny :)
<patdk-lap> some 10.1.10.1
<patdk-lap> can't remember any others I have seen
<sarnold> I've seen a 10.x somewhere, can't recall any details...
<patdk-lap> comcast business does the 10.1.10.1, but I have seen it somewhere else also
<dingo311> ok, so i generate a public key on my phone app, copy key to clipboard, get into ~/.ssh/authorized_keys and paste key. save and exit. restart ssh, and i get the error that "authentication method publickey with key home key failed'
<escott> dingo311, can you paste your auth_keys file please
<sarnold> dingo311: check permissions on your ~, ~/.ssh, ~/.ssh/authorized_keys files -- none must be group or world writable
<TheLordOfTime> also, make sure you put in the public key that was created, not hte private key (i've seen this as something others have sometimes done)
<RoyK> sarnold: ~/.ssh nor ~/.ssh/authorized_keys can be world readable either in most setups
<sarnold> RoyK: oh, does sshd enforce that too? heh, news to me :) I remember spending hours tracking down the group write case one day though, so it sticks with me.
<sarnold> RoyK: thanks :) that might save me hours in the future. hehe.
<escott> sarnold, enforces it all the way to system root
<RoyK> sarnold: chmod -R go-rw ~/.ssh is a good start
<escott> sarnold, basic idea is to verify that it is in fact your home directory and your folder in your home and your key in your folder in your home
<sarnold> escott: group or world writes, yes; but at least my homedir is 755, and ssh lets that work alright :)
<dingo311> escott: http://paste.ubuntu.com/1561376/
<escott> dingo311, you said something about a "home" key but the keyname in auth keys is "gs3"
<dingo311> sarnold: ls -l ~/.ssh = -rw------- 1 dingo root 217 Jan 21 22:51 authorized_keys
<RoyK> dingo311: sometimes sshd will check the files under there
<escott> dingo311, also a weird config why is root the other owner of your auth_keys file? why not dingo311/dingo311
<RoyK> better chmod go-rw those
<dingo311> escott: that is what the app is replying with, i thought that looked suspect.
<escott> dingo311, there is no "home" key in auth keys. so its either sending the wrong key or looking in the wrong place
<dingo311> escott: not sure. chown to change?
<sarnold> dingo311: how about ls -ld ~ ~/.ssh   ?
<escott> dingo311, the permissions of auth_keys is ok, but i would "sudo chown dingo311:dingo311 ~/.ssh ~/.ssh/*"
<escott> dingo311, thats just personal preference though. i dont like things to be owned by root without a reason
<dingo311> escott: i understand not wanting root in things that dont need it
<dingo311> sarnold: http://paste.ubuntu.com/1561385/
<sarnold> dingo311: I recommend "sudo chown dingo:dingo ~/.ssh" followed by "chmod 700 ~/.ssh" -- the first bit of advice is very much like escott's advice, so if you've run his (with the dingo311 -> dingo change obviously..) then mine won't be needed by now :)
<sarnold> dingo311: hey, just to make sure, you're trying to ssh into deathstar from your phone, right? sometimes people confuse the ~/.ssh directory on their client with their ~/.ssh directory on their server. (The 'home' vs 'gs3' makes me wonder..)
<dingo311> sarnold: ya, i went ahead and ran what he put up. and i have chmod 700 already .ssh is showing -rw-------
<sarnold> dingo311: .ssh _should_ report drwx------
<sarnold> dingo311: be careful with that -d to ls :)
<dingo311> sarnold: yes, the app is connectbot. it has a place to specify pubkey authentication, options are do not use any keys, use any open, or gs3. obviously i select gs3...
<dingo311> sarnold: thats kinda a duh, the .ssh is a folder correct, so should have d>>>>>>>
<sarnold> dingo311: exactly :)
<dingo311> sarnold: not sure i understand your line about:be careful with that -d to ls :)
<sarnold> hrm, does sshd read the ~/.ssh/authorized_keys file as root or as the user?
<sarnold> dingo311: ah, I worried about that after writing it
<escott> sarnold, doesn't make a difference since root can read anything (unless he has attributes or an encrypted home)
<sarnold> dingo311: if you just run ls -l ~/.ssh  it will show you the directory listing, which complicates seeing the permissions and ownership on the directory -- you either need to run ls -la ~/.ssh  and look for the "." entry (annoying) or run ls -ld ~/.ssh   -- which does _not_ give you a directory listing, and shows the details for the requested directory
<sarnold> escott: encrypted home was my destination...
<sarnold> escott: though I also wondered about an apparmor profile denying e.g. CAP_DAC_READ_SEARCH or CAP_DAC_OVERRIDE (which is more idle curiosity than helpful advice right now.. :)
<dingo311> sarnold: ahh, i get that. makes sense
<dingo311> sarnold: do i check if sshd reads the file as root in the sshd.config?
<escott> sarnold, i think he is looking at the wrong user/wrong ~/.ssh folder or something. it clearly is sending the wrong identity/checking against the wrong identity
<sarnold> dingo311: don't worry about that, that was idle curiosity on my part.
<sarnold> dingo311: I think escott's probably right; if it still doesn't work after fiddling with the permissions, then it feels like you've got something else going on. the error message you reported first was ".. with key home key failed" -- and the allowed key isn't labelled 'home'.
<dingo311> sarnold: i get that. hmmm.....must be problem with the app.
<dingo311> if anyone wants to look into this the guide i used is http://michaelchelen.net/articles/android-connectbot-ssh-key-auth-howto.html
<sarnold> the guide mostly looks alright, though I'd have used chmod 600 instead of chmod 644. but on my 12.10 system, both work...
<dingo311> sarnold: thats crazy, not sure whats up.......argggg
<dingo311> should i check to make sure all of ssh is installed, i would think so, but if you cant tell im rather noobish :)
<Free99> hey everyone, I'm trying to resize the partition on an ext4 disk that is not the system disk. I seem to be having a problem using the newly made space because I don't know how to format/mount it
<Free99> I've set it up in parted and everything but mount complains when I try to... well, mount it
<Free99> I can't tell if it is formatted or not
<dingo311> e
<dingo311> i cant remeber who helped me, but alsamixer no longer needs root. thanks.
<sarnold> dingo311: woo :)
<sarnold> Free99: you're probably looking for resize2fs or mke2fs
<Free99> sarnold: I already resized with resize2fs, then deleted the partition with fdisk, made 2 new primary partitions
<sarnold> Free99: oh, then you probably do'nt have any filesystems on the partitions?
<Free99> crud
<escott> Free99, if you know what block the partition ended on you can remake it on top of where it should be
<Free99> good thing I'm doing this on a soon-to-be server, I'm trying to do these steps so I can resize a partition on another machine which has important files on the partition
<Free99> (backing up obviously)
<Free99> sarnold: I'm trying to find some tuts where I could do this resize live, I'm setting up DRBD, but it needs some space for metadata... hence the resize operation
<Free99> mount /dev/sdb7 /mnt
<Free99> my bad
<escott> Free99, the steps for something like that are usually (a) resize2fs (b) fsck (c) mount to make sure (d) umount (e) write down the partition begin and end address in LBA and CHS if you have got it (f) back up the table (g) modify the table deleting partition if needed (h) recreate the table (i) remount
<Free99> (wrong window lol)
<Free99> ok escott. What's a good way to get LBA & CHS?
<Free99> also I don't know how to do (f)
<Free99> pretty much everything after (e) is what I'm having issues with, having never done that stuff before
<escott> Free99, tools like parted should be able to get you LBA and that should be all you need, but some tools for insane reasons like to ask for CHS... i have no idea how one gets that
<escott> Free99, perhaps one of the converters online
<Free99> cripes
<Free99> cool, found one
<escott> Free99, ripping tables out from under filesystems is and should be a scary thing to be doing
<escott> Free99, if it doesnt make you want to switch to LVM then you missed the point of it
<Free99> escott: I've never really understood it to be honest. RAID and the various Filesystems+options are as deep as I go into disk territory, besides mdadm
<Free99> well I guess I'll look into it based on your suggestions
<Free99> alright, so I have this new partition
<Free99> do you have a recommended setup method?
<escott> Free99, just put LVM on top of your RAID array. Then you have a logical partition table that you can grow and shrink in blocks of a few hundreds megs (depending on how you configure it)
<Free99> dang.
<Free99> too late to do that right?
<Free99> well yeah
<Free99> I can't now
<Free99> one of these machines is production
<Free99> but I still need to get it on DRBD, meaning I need a partition at least 80 megs for metadata
<Free99> escott: found this tool called cfdisk from the man tables, way better
<Free99> hey, anyone know if its possible to copy a 1TB sparse image onto a 500gb disk, if the sparse is actually only 200 gb?
<escott> Free99, should not be a problem, but it will never be possible to expand the sparse file since the filesystem is thin-provisioned
<Free99> escott: that's fine, just moving a VM disk
<Free99> problem is I used rsync -S and it's not writing it as sparse for some reason
<Free99> df -h
<Free99> night everyone
<vhadil> on ubuntu 12.04 i'l instal squid, but squid3 installed no squid2, why
<ftpd> Hi.
<ftpd> Guys, when is /etc/hosts generated? I suppose, during the installation. As I can observe, it adds records '127.0.0.1 hostname', instead of 'real_ip hostname'.
<ftpd> Can I avoid it somehow? I'm deploying mass amounts of machines by kickstart.
<lifeless> no, that line is appropriate
<ftpd> lifeless, Not for me. As hostname is resolved for 127.0.0.1, it makes me unable to monitor Java ;-)
<ftpd> JVM in Zabbix, to be more precise.
<lifeless> you should have 127.0.0.1 localhot
<lifeless> and 127.0.1.1 hostname
<ftpd> Oh, right. 1.1, not 0.1.
<ftpd> But still, I need the 'real' IP.
<ftpd> From DHCP.
<lifeless> I'm just sure why zabbix is buggy like this
<lifeless> but you could put in a if-up.d script to rewrite /etc/hosts
<ftpd> I can manage it by puppet, it's not a problem to change, but found this today and I'm just curious, why Ubuntu core team decided to use this. On Centos machines, for example, it uses the real IP.
<ftpd> Yup, a script, puppet or many other solutions. I just want to know _why_ is it like this.
<lifeless> I'm not 100% sure sorry. Speculation though - there are many ip's that may map to the hostname. Which one should be chosen ?
<ftpd> The one that fqdn points to, for me.
<degot> Hello, I've Ubuntu 12.10 server.  eth0 - wan , eth1 - lan .  I need to configure sub-interfaces for eth0:0-3 to use  4 IP addresses from different subnets with different gateways. Purpose: 1 ip for nat. 3 for one-to-one. How?
<degot> I did such thing, when I had many IPs from one subnet... it was easy with /etc/shorewall/masw
<degot> *masq
<ftpd> You can use route(1) on specific device.
<ftpd> Or -net.
<ftpd> route add -net 10.192.0.0/16 gw 10.193.6.129
<ftpd> Something like this.
<degot> route  is based on destination IP... not on source ip
<ftpd> Oh, right. My bad.
<degot> By the way, I have ideas, but i don't want to make experiments on remote server.. Is there some kind of rollback... ?  trigger rollback with delay 2 mins... If it was not canceled. It will restore configs and restart server/service
<degot> Or crontab + script will be easier?
<ftpd> <your command>; sleep 300; reboot
<ftpd> Or, better, use at.
<ftpd> now+3m or something like this.
<Koheleth> Loads of php and mysql updates this morning as I arise, anyone had problems after update?
<ic31> hi guys
<ic31> did any one install rdsserver on ubuntu 12.04 LTS?
<Andrei> nope ic31
<ic31> o
<ic31> ok
<Andrei> by the moment it's almost the default config from rackspace cloud the one i have to deal with
<ic31> new question, where can i find a good tutorial about samba 4 except the wiki because is really confusing?
<Andrei> That's not Ubuntu, but still a lot of usefull infos here https://wiki.archlinux.org/index.php/Samba from the ArchLinux Wiki ;)
<Andrei> I'm also on Arch, and i must say the docs are great ;) hope it helps
<ic31> i will look
<ic31> thx
<pythonsnake> Hey
<pythonsnake> What're the flags PHP is compiled with?
<feisar> hi, how can I ensure that 'update-package-lists' and 'unattended-upgrade' happen out of hours?
<feisar> ok found it in /etc/crontab. Is there any significance to cron.daily being run at 6:25, would I do any harm by changing it to 12am?
<Donks> buntu server 12.04 up and runningâ¦.webmin setupâ¦.samba shares created and writable along with new unix file/directory mode @ 777â¦when i try to copy over anything from OSX, Im asked to authenticate and told "Items cant be copied to "folder" becasue you dont have permission to read them.  The user on ubuntu server and osx are exact same.  I have read/write privs on the files themselves.  Anyone have an possible ideas on wher
<Donks> roadblock might be?   I have also tried adding "write list" "read/write list" and "valid users" none have seemed to give me the access Im looking for
<jamespage> zul: hows glance looking now?
<zul> getting there
<zul> jamespage: https://bugs.launchpad.net/oslo/+bug/1103473
<uvirtbot> Launchpad bug 1103473 in oslo "Running glance nosetests fails" [Critical,Confirmed]
<booom> does anyone knows how can i improve my ip email reputation?
<ikonia> ip email reputation ?
<ikonia> what
<Andrei> yeah, ikonia, same question !
<ikonia> do you mean you've been marked as a spammer ?
<hallyn> ikonia: well if you're using a cloud instance with reused ip..
<ikonia> hallyn: is it dynamic, or reused
<hallyn> reused as in someone else had it before
<hallyn> and spammed
<ikonia> contact the blacklists it's on and explain and make sure you meet their de-list requirements
<ikonia> however most spam lists treat cloud services as spam hosts the same as dhcp blocks
<hallyn> well booom left after 30 secs anyway :)
<JaChr_> Hi all! I'm in the process of migrating some servers from gentoo to ubuntu server (12.04). I've a queston about upgrading packages. In Gentoo, when upgrading pacakges, emerge would prompt me and ask me what to do if i had made changes to configuration files that otherwise would have been overridden.
<JaChr_> What is the procedure with Ubuntu? Will it leave all configuration files untouched, or will it in the same way promt me?
<maswan> it will ask
<maswan> or keep it untouched
<maswan> as long as the file is tagged as a configuration file in the package
<zerick> Hi guys, Does anybody know how to determine from which sourcelist  was downloaded a package ?
<JaChr_> maswan: Okay, thanks :)
<JaChr_> Then i don't need to worry when upgrading ;)
<hallyn> zul: found a bug in the 1.0.1 libvirt fixed by a later git commit.  new version will build in my ppa for another testset before i push to archive
<zul> ack...which bug?
<hallyn> zul: when you define a new net, it is marked non-persistent
<hallyn> so you can't mark it autostart
<zul> hallyn: oh lovely
<hallyn> (until you restart libvirt)
<hallyn> took me awhile to find the commit bc i was searching on 'transient' rather than 'persistent' in git log :)
<orudie> Greetings. I installed fail2ban on a new server. What is a good way to make it so that fail2ban will email daily reports to a specified email address ?
<Teduardo> Is anyone here using maas? on quantal? it doesn't seem to work as per the instructions here https://maas.ubuntu.com/docs/quantal/install.html
<RoyK> orudie: dunno - I use denyhosts instead, because of its ability to post bans to a central server for syncing - denyhosts reports blocked IPs by email, but in realtime - dunno if it can report daily - perhaps logcheck can do?
<orudie> RoyK, I have another host sending daily reports running fail2ban
<RoyK> orudie: ok
<RoyK> orudie: dunno, sorry
<bigjools> Teduardo: what is your exact problem?
<blair> when will openstack grizzly-2 hit http://ubuntu-cloud.archive.canonical.com/ubuntu ?
<blair> i see it's in raring already, but i want to try it on my 12.04 system
<patdk-lap> it will never be in 12.04
<patdk-lap> you could ask for a backport request, and someone might add it to backports
<patdk-lap> or you could build it yourself for 12.04
<patdk-lap> or see if someone else already has
<stgraber> patdk-lap: the archive above isn't the standard ubuntu archive, it's the ubuntu-cloud archive which does contain major backports of openstack
<stgraber> (I don't know what's the ETA for the new openstack to hit the cloud archive though)
<jcastro> zul might know
<stgraber> blair: there appears to be some pretty recent (2013.1) packages in the precise-proposed pocket of the cloud archive. Those are test packages though and shouldn't be used in production.
<zul> blair: end of this week hoepfully
<zul> stgraber:  umm...the milestone candidates should not be used in production the final versions in that archive can be used in production
<zul> and are used in production
<patdk-lap> stgraber, oh? didn't know it was different
<stgraber> zul: that matches what I said above then ;)
<blair> zul, thanks
<blair> stgraber, i'm running into a bug with folsom that i want to see if it's resolved in grizzly, won't be production use
<blair> stgraber, also, what's in ubuntu-cloud archive is grizzly-1, not grizzly-2, and grizzly-1 is 2 months old
<stgraber> blair: even in precise-proposed (as opposed to the default precise-updates)? the packages in precise-proposed are just a few days old based on their version timestamp
<blair> stgraber, yes, they are, but they have g1 in the name and looking at one changelog, it was build on Nov 26
<blair> zul, is there a mailing list to join to follow discussions on openstack releases to the archive
#ubuntu-server 2013-01-24
<MraAlbertina> hi. do you know any way of detecting and configure the NIC briefly. ( i did a basic installation on other machine and installed openssh, then moved the hard drive to the one where i don't have any access to display. I can't get it to connetc to the network. So i believe it's necessary to detect the network card again, on this machine.
<sarnold> MraAlbertina: could be, check /etc/udev/rules.d/70-persistent-net.rules and /etc/network/interfaces  -- hopefully there're some details in those
<MraAlbertina> sarnold: hi :) i don't have access to the machine... but i can login, pass and then issue commands - but no display
<MraAlbertina> i just login, pass then sudo reboot pass ... and it did it
<sarnold> MraAlbertina: hahaha, wow, what a kick. :)
<MraAlbertina> :)
<sarnold> MraAlbertina: the udev rules file has a comment that says it was autogenerated by /lib/udev/write_net_rules
<MraAlbertina> so, i believe if i force to recognize the new nic it might work, with sort commands
<MraAlbertina> sort/short
<sarnold> bleh, reading /lib/udev/write_net_rules doesn
<MraAlbertina> so... the only way might be to write a file in a pen and copy it over the one in there
<sarnold> doesn't give many hints to its correct use. pff.
<MraAlbertina> or moving the hard drive back to the installation box... a big pain :(
<sarnold> MraAlbertina: try just a bare "/lib/udev/write_net_rules", then reboot, and see what happens? :)
<MraAlbertina> okay
<MraAlbertina> where could i get a copy of it, you know?
<MraAlbertina> don't worry if is too much work for you, i'll find it
<sarnold> MraAlbertina: it's in the 'udev' package; if it isn't installed yet, it might not even be the right track..
<MraAlbertina> sarnold: i can't see what's installed, that's the problem.
<MraAlbertina> it's ok. tomorrow i'll try to install in a different way
<sarnold> *snort*  dpkg -l udev && reboot    ....
<MraAlbertina> snort? :o
<sarnold> if it reboots, it was installed :)
<MraAlbertina> okokok
<sarnold> there's gotta be some better way to get boolean status out of a machine than a reboot....
<MraAlbertina> sarnold: it's fine, that's a new installation so no problem with running servers
<MraAlbertina> there are no running servers anyway, it was a basic install
<MraAlbertina> no... didn't reboot. tried 3 times :( so it means no changes
<MraAlbertina> the wireless led is on. i think there is a way of making a temp connection to wan. if so i'll ssh and change everything
<MraAlbertina> i didn't cinfigure wireless during the installation...
<MraAlbertina> conf*
<Free99> hello. I'm trying to resize a 1997Gb ext4 partition down to 1996Gb, I need the extra space for drbd metadata. Issue i'm running into is that every time I try running `resize2fs /dev/sdb 1996G` I get told that the requested size is larger than the number of blocks for the whole drive
<Free99> what am I doing wrong?
<sarnold> Free99: /dev/sdb
<sarnold> Free99: it should probably be a partition, e.g. /dev/sdb1 or /dev/sdb2 or similar
<Free99> so it should be /dev/sdb1
<Free99> ok
<sarnold> how's the projcet going otherwise? :)
<Free99> last step before I start syncing, the other server is ready to sync with this one via drbd. pretty psyched
<sarnold> awesome :D
<Free99> sarnold: so I ran `resize2fs /dev/sdb1 1996G` and it says, "The containing partition (or device) is only 487584768 (4k) blocks.
<Free99> You requested a new size of 523239424 blocks."
<Free99> meanwhile cfdisk tells me that sdb1 is 1997.21 gigs
<sarnold> Free99: can you interact with the programs using units of kilobytes? the 1000 vs 1024 mega and giga stuff would terrify me to no end
<Free99> I guess that makes sense hahaha
<Free99> is there a difference between sector size & blocks?
<sarnold> Free99: well.... most <2TB drives use 512 byte sector sizes / blocks (though I think they use 540 bytes on disk, what with error correcting codes...) -- but some new, large, drives use 4k sectors. or so I've heard.
<Free99> sarnold: interesting b/c the response it's giving me mentions 4k
<Free99> 4k=4096 or 4000?
<sarnold> Free99: 4096
<sarnold> or at least I think the 1000 vs 1024 insanity never reached the kilobyte level :)
<Free99> I just re-read the man page for resize2fs, the author is pretty funny when he mentions that everything is in base 2
<Free99> gibibytes (facepalm)
<sarnold> Free99: it's actually -standardized-. *sigh* :)
<marshall> hey ubuntu-server
<marshall> i've got a server running a web app of mine. the app can be reached in the browser and stuff, but I can't ping google or anything when I ssh into the box. what could cause this?
<qman__> missing or incorrect default gateway or DNS servers
<sarnold> can you ping ip addresses?
<marshall> let's see...
<marshall> sarnold: yeah, i can ping google's ip
<sarnold> marshall: yay :) that's probably dns then. check /etc/resolv.conf and /etc/nsswitch.conf (rare for that one to break..)
<virusuy> howdy gents !
<virusuy> greetings from Uruguay !
<marshall> qman__: i'm not the one hosting the server, i'm the dev. the host said they would implement ssl for us sometime today, and I'm pretty sure they messed it up, but I don't know how they could have messed it up to this point. they generated a key and cert file.
<marshall> sarnold: everything looks normal in those files
<Free99> sarnold: I got it resized, sweet!
<sarnold> Free99: awesome :D
<Free99> but now what?
<Free99> can I just mount it or do I have to do anything?
<sarnold> Free99: do whatever that drbd syncy thing you were going to do? :)
<sarnold> Free99: wellllll, I'd probablybe inclined to fsck. got an hour? :)
<Free99> hmmm. my entire department's VM disk repo, or waiting a little while. hmmm.
<Free99> they're backed up though
<Free99> sarnold: someone was mentioning that I have to delete the partition and then recreate it
<Free99> is that true?
<hallyn> stgraber: you know, i just built your ppa's lxc (not the pending one, the one with logfile changes) and lxc-info works fine for me
<hallyn> ah
<hallyn> it's a permission thing!
<hallyn> sudo lxc-info works, lxc-info does not
<marshall> sarnold, qman__: what do you know, the host screwed up the DNS outside the server. Thanks for your help, gentlepersons.
<sarnold> Free99: that was escott; his advice sounded good to me, or at least resizing the partition to match reality, made sense to me. but I've not done what you're doing. :)
<sarnold> marshall: woot. nice. :)
<Free99> cripes man, that's what really has me nervous lol
<sarnold> Free99: I did a resize once, a decade back, using lvm. I was terrified to run that resize2fs command, but it all worked in the end.
<hallyn> stgraber: heh i'll have to think about that
<hallyn> i might just say "screw it, that means we wait until we have unprivileged containers"
 * hallyn goes to put his chin on his fist in a thinking pose
<sarnold> that might be a long wait :)
<escott> Free99, sarnold im here, but i can't promise to remember what i said earlier
<sarnold> escott: I've got it in /lastlog if it'd be helpful :)
<escott> Free99, you were shrinking some partitions right?
<sarnold> < escott> Free99, the steps for something like that are usually (a) resize2fs (b) fsck (c) mount to make sure (d) umount (e) write down the partition begin and end address in LBA and CHS if you have got it (f) back up the table (g) modify the table deleting partition if needed (h) recreate the table (i) remount
<Free99> escott: you mentioned fsck'ing the resized partition, check the data was still there, then resize the partition by noting the start and end
<escott> sarnold, thanks
<escott> Free99, there are two instances where the size of the partition are recorded. one in the filesystem and one in the partition table
<stgraber> stgraber@castiana:~$ sudo lxc-info -n qatracker01
<stgraber> lxc-info: could not build log path
<stgraber> hallyn: ^
<escott> Free99, you want to always ensure that the partition table entry is larger than the filesystem entry
<hallyn> stgraber: that's not the error I get
<hallyn> stgraber: I get lxc-info: failed to open log file "/var/lib/lxc/r1/r1.log" : Permission denied
<escott> Free99, so after you resize2fs you can then shrink the table entry to match the filesystem
<escott> Free99, tools like gparted would do that on your behalf
<Free99> escott: that doesn't make sense, wouldn't you want to limit the size in software before you got your butt kicked by the hardware?
<Free99> escott: doing this on ubu server, no X11
<stgraber> hallyn: I get the same error as root and non-root. Let me strace it, see what's going on.
<Free99> escott: I realized they are both software lol
<escott> Free99, that is what i am describing. you limit in software (resize2fs so that the ext2 partition knows it should be smaller) and then you limit in "hardware" (cut off part of the disk with the table)
<escott> Free99, you just dont want a situation where ext2 would be trying to write to a location which would be beyond the end of /dev/sda7 or whatever the partition device is
<Free99> escott, now that i've resize2fs'd this mother, how do I change the partition? I was tinkering with cfdisk a little
<escott> Free99, since you shrank you are now safe in that ext2 will never touch the bits at the end of the partition device, so you can shrink the device itself
<stgraber> hallyn: strace doesn't show anything useful, so it fails before it tries to access/create something
<escott> Free99, a tool like parted might allow you to shrink the partition in place, alternately you delete the entry/table and recreate in place (and then fix up UUIDs since they might be regenerated)
<stgraber> hallyn: and I get the same problem with lxc-stop and lxc-start so can't try with a freshly started container either
<Free99> spooky thing though, I ran cfdisk /dev/sdb and it tells me there is nothing but free space
<hallyn> stgraber: then your build is different from mine.  weird
<escott> Free99, might it be a gpt table?
<hallyn> stgraber: what version exactly?
<stgraber> hallyn: oh, would the fact that /var/lib/lxc is a symlink mess with your stuff? :)
<escott> Free99, does sudo parted -l /dev/whatever show msdos or gpt table type
<hallyn> yes it probably would
<stgraber> hallyn: 0.9.0~alpha2-0ubuntu1+b1~bzr1099-27~201301230251~raring1
<Free99> escott: nope, I ran it on /dev/sdb1 not sdb
<Free99> so my bad again
<stgraber> hallyn: my /var/lib/lxc and /var/cache/lxc are symlinks to sub-directories of /home/ :)
<hallyn> yeah we've got the same versions
<hallyn> lemme try as a symlink into /mnt
<hallyn> stgraber: how long is the pathname then?
<hallyn> stgraber: no, /var/lib/lxc as symlink to /mnt/lxc doesn't cause any issues here
<stgraber> hallyn: my /var/lib/lxc/qatracker01/ once expanded would become /home/stgraber/data/vm/lxc/lib/lxc/qatracker01/
<Free99> escott: it's an msdos disk
<stgraber> a tiny bit shorter than that actually: /home/stgraber/data/vm/lxc/lib/qatracker01/
<Free99> escott: http://pastebin.com/A7nRB3y1
<Free99> I ran `resize2fs /dev/sdb1 487559168` to shrink the partition
<escott> Free99, and your next change is to the table which is /dev/sdb
<escott> Free99, not sdb1 as you already noted
<Free99> so how do I do this without losing data? tried googling this but it doesn't seem really clear
<escott> Free99, see if you can use parted on the command line to shrink the partition. That would be the easiest
<hallyn> stgraber: that still works fine for me.  (wtf?)
<escott> Free99, something like "sudo parted /dev/sdb" resize partition_number start end
<Free99> how do I know what the end is?
<escott> Free99, it would be start+size
<hallyn> stgraber: hm.  wait.  I think I made the mistake I warned you about earlier :
<escott> Free99, in your case start+487559168 (making sure you have matching units everywhere)
<Free99> escott: I changed the size of the partition by 25,600 4096-byte blocks
<Free99> escott: so parted is saying the start is at 1049kB
<Free99> I multiply that by 512 to get the start that I have to add to "start+487559168"
<Free99> is that correct?
<Free99> I'm sorry to be leaning on you like this
<stgraber> hallyn: the path length is the problem
<stgraber> hallyn: "p1" will work fine "a-long-name" won't
<escott> Free99, 487559168 is in what bytes?
<Free99> I...guess so?
<stgraber> hallyn: 40 characters to the container path works, 41 doesn't (if that means anything to you)
<Free99> escott: it's in 4k blocks
<stgraber> hallyn: also, "lxc-start -n abc" where "abc" doesn't exist, will still create the directory and logfile. We probably don't want that to happen if the container doesn't exist :)
<escott> Free99, so you shrank the disk from something like 1860GiB to 1859.9 GiB
<Free99> right, only need about 100mb
<Free99> really, 58.6mb by calculations
<hallyn> stgraber: your main failure is due to my typing 'sizeof' instead of 'strlen' :)
<Free99> escott: but I rounded up
<stgraber> hallyn: (and me not spotting it in the review ;))
<hallyn> stgraber: as for the logfile getting created, I'm actually not sure you can get what you want there, bc you want two conflicting things:
<escott> Free99, so by my calculation your new partition needs to run from
<hallyn> 1. if someone specified logdir as /var/log/lxc, you want /var/lgo/lxc to get created
<hallyn> 2. if someone specified /var/lib/lxc/container, you don't want that to get created :)
<hallyn> note, the container not existing is something that gets logged
<escott> Free99, 1049kB to 1950237721kB
<escott> Free99, but then this is where things get fun
<hallyn> i suppose this might mean Dwight can't get what he wants,
<hallyn> and we insist on using /var/log/lxc/container.log
<escott> that 1049kB might (and probably is) something like 1048.5 kB but is rounded up
<hallyn> but there is still the other problem - unprivileged users
<hallyn> unless we only default to the logfile for lxc-start and lxc-execute, and everything else defaults to console
<stgraber> hallyn: for the record, I really like the idea of having /var/log/lxc/<container>.log and not /var/lib/lxc/<container>/<container.log :)
<escott> Free99, so you might want to go into parted and type
<escott> Free99, "unit B; print" to and then do everything in bytes
<stgraber> hallyn: well, in my case, it was lxc-start creating the directory I didn't want, so having only lxc-start and lxc-execute do the logging won't really help there
<Free99> yeah, took your value, mutiplied by 1024 then divided by 4096, its pretty close to what resize2fs says the partition got resized to
<hallyn> stgraber: no, those are separate issues, indeed that wouldn't help
<hallyn> stgraber: ok i might respond to your email tomorrow then - thanks for spottin gthis, sorry for the inconvenience
<hallyn> i thought i had it all figured out
<hallyn> (meddling kids)
<stgraber> hallyn: I think we need a sane fallback if the default log location isn't writable (where the fallback is likely to be no logging at all) and we'll just have lxc-create write a decent lxc.logfile when using a user namespace
<escott> Free99, and then add to the bytes reported by parted as the start the bytes reported by dumpe2fs on the device /dev/sdb1
<Free99> escott: so the value I get is 487559168*(4096/1024)=1,950,236,672
<Free99> thats in kB
<stgraber> hallyn: but yeah, I think we'll need to write down all the scenari and make sure we do something we think is sensible in all cases (offering enough flexibility so that distros can easily change the locations)
<stgraber> hallyn: anyway, talk to you tomorrow!
<escott> Free99, sure i may have typed a number wrong when i was putting it in the calculator. I would suggest you work in physical blocks or smaller because parted will round up/down
<Free99> well I clucked up, typed dumpe2fs /dev/sdb1 and now ssh is getting mad at me, I can't press ctrl-c any faster
<hallyn> stgraber: yup, ttyl
<escott> Free99, so Bytes or 512Bytes not logical blocks (4k)
<Free99> escott: just wanted to check that the numbers were close
<escott> Free99, you can safely round the size of the ext2 partition up, but you cannot miss that starting block
<Free99> escott, roger that.
<Free99> escott: how's this look? `(parted) (parted) resize 1 1049kB 1950236672kB`
<Free99> hmm. getting a complaint about incompatible features on the partition
<Free99> I already cleared out the journal
<escott> Free99, you disabled the journal?
<Free99> tune2fs -O ^has_journal /dev/sdb1
<escott> Free99, annoying that you would have to do that
<escott> Free99, i realize it probably would have been easier to do the whole resize operation inside parted. i was giving the quick overview last night before i signed off
<Free99> escott, well it's still not working, not sure what features are stopping this
<escott> Free99, at this point parted should not care what kind of filesystem is on that partition
<escott> Free99, because it should be small enough, but it probably checks it anyways just to make sure its a safe operation and then pukes because of other non-journal features it cannot handle (maybe extents)
<escott> Free99, with another tool like fdisk you can just delete the partition and create a new one in the place left over
<escott> Free99, you just have to get it all lined up correctly
<Free99> escott, erm. I'm kind of cool with just disabling features, resizing, then enabling. doesn't that seem more sensible?
<Free99> longer though
<escott> Free99, disabling extents will be a time consuming operation and could result in corruption pretty easily
<Free99> oh snap
<escott> Free99, i don't even know if you can disable all features... thats not usually the direction people go with features
<escott> Free99, you have your backups. i would just back up the table with sfdisk, and then use fdisk to delete the partition and create the new one in the right place
<Free99> escott: so based on what the manual says, running sfdisk -d /dev/sdb > /root/sdb.out ought to work?
<escott> Free99, yes
<escott> Free99, then make sure everything on that device is unmounted before playing around with the partition table. if anything goes south you can reload the backup table you just made
<Free99> escott: if I write the end of the partition table incorrectly, but the beginning is fine, will I lose any data?
<Free99> beginning = 2048 bytes
<escott> Free99, it cant be short. otherwise its ok
<Free99> ok phew
<Free99> think I got it
<Free99> one other question. how do I actually get my data onto the drbd?
<Free99> since /dev/sdb1 is the disk device and /dev/drbd1 is the drbd thing...
<Free99> woohoo! it worked! the resize part anyhow
<Free99> thanks a million escott & sarnold
<escott> Free99, do fsck that partition again, then mount it read only and look around before final sign-off
<Free99> I did, also re-enabled the journal
<escott> Free99, i dont know what the drbd thing is so...
<escott> Free99, and then fsck after you re-enable... basically fsck every time you do anything
<escott> but now that you have done it the painful way it should be much easier in the future
<Free99> hey um escott
<escott> Free99, yeah
<Free99> so I ran a e2fsck and it's saying the superblock or partition table is corrupt
<escott> Free99, well something isnt correct then
<Free99> so should I restore the sfdisk dump?
<escott> was it clean after you changed the partition size?
<escott> or was it the change in partition size that caused the corruption?
<Free99> "The filesystem size (according to the superblock) is 487558900 blocks
<Free99> The physical size of the device is 445382656 blocks
<Free99> "
<escott> if it was an issue with shrinking the partition then yes restore it
<escott> and then make the partition table the length evidently should be 487558900 blocks so verify thats what you said it would be
<Free99> well I think the problem may have been with the resize2fs
<Free99> partition table has to be larger than the resize2fs right?
<escott> so your partition start was 1049kB which is something like 2000+ blocks into the disk
<escott> so your end is going to be 2875 58 900 + 2000 = 2875 60 900 or so
<Free99> so basically should I start with the resize2fs then do the partition table?
<escott> Free99, did the resize2fs not shrink the filesystem?
<Free99> b/c it's talking about the superblock, which sounds like the 2fs tools more than a mess-up in fdisk
<escott> is 487558900 not the number of blocks you want?
<Free99> but its saying the physical size of the device is 445382656
<Free99> blocks
<Free99> so apparently I added a zero at the end
<Free99> and its way larger than possible
<escott> Free99, the superblock number is what is coming from resize2fs. the physical is from fdisk
<escott> Free99, its possible you accidentaly grew the FS
<escott> Free99, so long as you never wrote to the disk you might not notice? seems strange though and fsck should have noticed that after the resize before the fdisk
<Free99> I remember that the disk is 1997.21G
<Free99> if each sector is 4096bytes, then...
<escott> Free99, 4kB would be a standard logical block size for the filesystem, but it could be other sizes
<escott> Free99, the disk will probably report a block size of 512B
<Free99> hmm. ok, so how do I know where the problem lies?
<Free99> is it with my fdisk or with my 2fs?
<escott> Free99, i dont know what you started with so i dont know for sure what to say
<Free99> I started with resize2fs
<escott> 487558900 in 4kB blocks is 1859.9 GiB
<Free99> yep, definitely messed up on the resize2fs
<escott> 445382656 in 4kB blocks is 1699 GiB
<escott> thats unfortunate b/c thats the slow one
<Free99> dang man
<Free99> I think the data is gone
<escott> Free99, did you restore the table with sfdisk?
<Free99> sfdisk -O sdb.out
<Free99> right?
<escott> Free99, its in the manpage "man sfdisk | grep -C5 -- -d"
<Free99> oh phew!
<Free99> it worked
<Free99> good call bro
<escott> as long as you don't mount the disk read-write until it passes an fsck you should be ok
<Free99> any reason I should pick e2fsck over fsck or vice-versa?
<escott> Free99, no. one will call the other
<Free99> phew ok. passed fsck
<Free99> files all seem to be there
<Free99> think I ought to be ok to mount
<escott> Free99, as long as you are passing fsck you should be fine
<Free99> guess I'll try this again tomorrow. Thanks for your help escott
<escott> Free99, alright goodluck
<Free99> you rock man. peace
<escott> Free99, you've stumbled through the basic mistakes and recovery so it should be easier for you tomorrow
<daffy|2> Hi all
<koolhead17> hi
<daffy|2> i've a question about selecting a version when i'm installing a package with ubuntu (the latest)
<daffy|2> i need to install a specific older version of java (java version "1.6.0_22")
<koolhead17> daffy|2: oracle java is not specifically supported from ubuntu repo
<koolhead17> you have to do it urself :)
<daffy|2> :)
<daffy|2> so i have to compil this version
<daffy|2> i use the openjdk on my second server, but it's running under centos
<koolhead17> daffy|2: yes. do it yourself :)
<daffy|2> thanks for help
<Spanky> Anyone know how to tell if "local application" in Java Visual VM is dangerous or not?
<Spanky> I'll try #javasec...
<daniel_-> I get this error when I deploy to my server:        sudo: no tty present and no askpass program specified
<daniel_-> my repo is in /var/git and gets deployed to /var/www
<rbasak> daniel_-: did you get anywhere with RequestTTY in ~/.ssh/config and/or NOPASSWD in sudoers?
<rbasak> daniel_-: I suppose another solution would be to change permissions so you don't need sudo
<rbasak> daniel_-: Or you could set a suitable askpass
<daniel_-> nopasswd I havent tried yet
<daniel_-> hey rbasak there is no config in ~/.ssh
<rbasak> daniel_-: by default there isn't one - you'll need to create it
<daniel_-> on my server or my local computer?
<rbasak> Local computer. You might want to limit the entry to apply to only your server with a Host directive. And I'm not entirely sure that it'll work with git. sudoers NOPASSWD should work. It all depends on the approach you want to take
<daniel_-> rbasak: thx Ill try this one now
<daniel_-> rbasak:        /Users/daniel/.ssh/config: line 4: Bad configuration option: RequestTTY
<rbasak> daniel_-: it needs to go under a Host stanza
<rbasak> daniel_-: Host my-server.example.com
<rbasak> daniel_-:     RequestTTY yes
<daniel_-> Host myhost
<daniel_->   RequestTTY yes
<daniel_->  /Users/daniel/.ssh/config: line 2: Bad configuration option: RequestTTY
<daniel_->        /Users/daniel/.ssh/config: terminating, 1 bad configuration options
<rbasak> Not sure then, sorry
<daniel_-> np. Ill try some of your other solutions
<daniel_-> what would I add to visudo? I mean I run a deploy from my local computer which checks out /var/git/xxx and deploys to /var/www/xxx All files and folders belong to my user
<daniel_-> there is no git user on my /etc/passwd
<rbasak> daniel_-: evidently your user is trying to do something as root by calling sudo as part of your deployment. If you want to stop the error this way, then either don't call sudo, or allow sudo to permit access as root without your password
<rbasak> As an example, this line allows the ubuntu user to access root without a password:
<rbasak> ubuntu ALL=(ALL) NOPASSWD:ALL
<daniel_-> thx
<daniel_-> for your help rbasak
<daniel_-> now it works
<quietone>  I can't mount an encrypted drive, mount returns "NTFS signature missing"
<psivaa> jamespage: virtual host server installations do not include cpu-checker from 20130120 onwards. Is that intended? (virtual-host smoke tests failing with kvm-ok not being installed doe amd64)
<quietone> it's used for rdiff-backup and I didn't expect it to be NTFS
<quietone> not much experience in this area. Any reading suggestions appreciated
<Andrei> ...
<psivaa> jamespage: Daviey: reported a bug for the issue above ^ bug 1103982
<uvirtbot> Launchpad bug 1103982 in ubuntu-meta "cpu-checker is not included in virtual host server installations from 20130120 onwards" [Undecided,New] https://launchpad.net/bugs/1103982
<LuizAngioletti> Hello there! How do I know the script I put under /etc/cron.daily/ is being run every day?
<LuizAngioletti> The infos at https://help.ubuntu.com/community/CronHowto are a little out of date, as it seems.
<virusuy> LuizAngioletti: take a look at /var/log/syslog
<LuizAngioletti> done that.
<virusuy> don't you see a line like
<LuizAngioletti> It appears my script hasn't run, although I can see a line from cron at 6h25am this morning
<virusuy> oh
<LuizAngioletti> any ideas on why it wouldn't run? The perms and ownership are right.
<virusuy> and what said that line ?
<LuizAngioletti>  ubuntu CRON[19838]: (root) CMD (test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ))
<LuizAngioletti> virusuy: ?
<virusuy> uhmm
<virusuy> create a new script, a easy one .. like a scripts who execute "ifconfig -a" and send the output to a plain file in /tmp
<virusuy> and see if that works
<virusuy> if it does.. then is something wrong with your script
<LuizAngioletti> my script takes some 30s to execute completely, could that be it?
<LuizAngioletti> cron doesn't want to wait, or something.
<virusuy> LuizAngioletti: nope..
<virusuy> LuizAngioletti: that shouldn't be the problem
<LuizAngioletti> and what if the script runs properly by means of ./script.sh?
<virusuy> in your script, what do you do ??
<virusuy> i mean
<virusuy> using commands ... like in terminal ?
<virusuy> or you execute instead of ifconfig -a ... /sbin/ifconfig -a
<LuizAngioletti> I use commands like in the terminal.
<virusuy> ok.
<virusuy> probably thats the problem
<LuizAngioletti> how?
<virusuy> i do not really know why
<virusuy> but sometimes, and in some cases..cron doesn't seems to have the right PATH to those commands
<virusuy> and thats the reason why if you run manually your script it works
<LuizAngioletti> So, I'd have to go... /sbin/ifconfig -a
<LuizAngioletti> absolute paths?
<LuizAngioletti> for everything?
<virusuy> or set the path at the beggining of the script
<virusuy> but i don't know if that's a "healty" practice
<LuizAngioletti> PATH=$PATH:blah/blah?
<virusuy> yes
<virusuy> or
<virusuy> you can set something like
<virusuy> well.. what you said seems good
<LuizAngioletti> =P
<virusuy> anyway, wait a few minutes to see if someone where can help you with an easy way
<virusuy> in fact help us :-P
<LuizAngioletti> virusuy: thanks for the insight though.
<virusuy> LuizAngioletti: you're welcome
<LuizAngioletti> Now that a lot of text has gone by...
<LuizAngioletti> why would a script not be run by anacron?
<LuizAngioletti> It runs perfectly as ./script.sh but it isn't run when under /etc/cron.daily/ or /etc/cron.hourly.
<LuizAngioletti> virusuy: it doesn't work to simply put the PATH=$PATH:/blah
<LuizAngioletti> virusuy: I don't really know why... but if I schedule my script to be run by "crontab -e", it gets run. If I simply put it under /etc/cron.hourly, it doesn't.
<RoyK> how did you put it under /etc/cron.hourly? just copy or symlink the script in?
<LuizAngioletti> RoyK: I copied it.
<RoyK> LuizAngioletti: looks like /etc/crontab uses run-parts to run those
<RoyK> perhaps try manually
<RoyK> or use the crontab ;)
<LuizAngioletti> RoyK: That means that I can't simply put scripts under the .[period] directories?
<LuizAngioletti> How do the files already in there get executed and mine don't?
<RoyK> no idea
<RoyK> check the logs
<LuizAngioletti> RoyK: It doesn't get run.
<LuizAngioletti> (my script I mean).
<LuizAngioletti> the run-parts run normally.
 * RoyK has no idea
<LuizAngioletti> People simply put them under crontab?
<RoyK> I usually use crontab -e, though, to keep all my stuff in one place
<LuizAngioletti> ok.
<LuizAngioletti> Well... it works there... =)
<Pici> cron.hourly doesn't necessarly run at 0 minutes past, so I don't find it useful for my stuff either.
<LuizAngioletti> Pici: It runs at 17 minutes past, by default.
<rbasak> LuizAngioletti: is your script executable? Also, check the run-parts manpage for naming rules.
<LuizAngioletti> rbasak: It is +x , and I've just done that. The script name is clean-operation.sh
<LuizAngioletti> rbasak: I supose it can't be named with a . then.
<rbasak> LuizAngioletti: there's run-parts --test /etc/cron.hourly. Does that list it?
<rbasak> LuizAngioletti: ah yes. Looks like '.' is not permitted
<LuizAngioletti> rbasak: It always pays to wait. Some knowledgeable sage comes to the rescue. =)
<LuizAngioletti> RoyK: There is our answer. See, virusuy ?
<virusuy> LuizAngioletti: wow.. nice
<virusuy> rbasak: thanks !
<rbasak> No problem!
<LuizAngioletti> rbasak: =) thank you.
<jcastro> jamespage: hey, do you know if elasticsearch on anyone's radar as far as packaging?
<jamespage> jcastro, not that I am aware of - is it java?
<jcastro> it is
<jamespage> (guess it is as you are asking me :-))
<jcastro> and the charm grabs from upstream and some people want a more debian-like experience
<jibel> smoser, jodh I found bug 1103881 this morning, not really critical but really annoying. I *think* it's upstart but have no evidence. If you could have a look that'd be nice.
<uvirtbot> Launchpad bug 1103881 in cloud-init "cloud-final is never executed if upstart is upgraded during initialization of the image " [Undecided,New] https://launchpad.net/bugs/1103881
<smoser> jibel, hm... that is bad.
<jodh> smoser/jibel: upstart will now restart itself on package upgrade if the running instance is capable of stateful re-exec. However, I don't know what that means in the context of cloud-init I'm afraid.
<smoser> jodh, well, i'd hope that cloud-init can remain blisfully unaware
<smoser> jodh, you can take a look at the upstart jobs there
<jodh> smoser: the whole point of stateful re-exec is that it is supposed to be transparent to the system too. I think we need to see some logs here.
<jibel> jodh, what kind of log do you need?
<jibel> the issue is 100% reproducible with yesterday's images
<jodh> jibel: the system log / dmesg with Upstart in debug mode (boot with --debug). Then we can see when the re-exec occurred and what happened afterwards.
<jodh> jibel/smoser: to save me learning cloud-init, can you tell me at what point in the boot it runs apt-get?
<Daviey> zul: did you see bug 1104137 ?
<uvirtbot> Launchpad bug 1104137 in nova "FTBFS on raring in schroot" [Undecided,New] https://launchpad.net/bugs/1104137
<zul> Daviey: yeah its effing testrepository failures that i havent figured out how to fix them
<zul> without disabling the tests
<Daviey> zul: i fear it's blocking jdstrand
<zul> Daviey: ill talk to him
<zul> jdstrand: ping
<jdstrand> hey
<smoser> jodh, early-ish.
<smoser> start on (filesystem and started rsyslog)
<smoser> but other things shove that to also happen after networking is up
<drPoo>  hi all, Im runnint 10.04 LTS on a headless server and I get the following when running df -h "100% /var/lib/ureadahead/debugfs". Has anybody ran into this issue? I found this page http://www.somewhereville.com/?p=1370 telling me to "sudo mv /etc/init/ureadahead.conf /etc/init/ureadahead.conf.disable". Any ideas?
<roaksoax> SpamapS: hi Clint! How's everything? Hey I've seen you've been doing SRU's every now and then. When you can, do you mind taking care of bug #1049177 please? It would be very much appreciated
<uvirtbot> Launchpad bug 1049177 in isc-dhcp "isc-dhcp-server apparmor profile should have include ".d" " [Medium,Fix committed] https://launchpad.net/bugs/1049177
<SpamapS> roaksoax: yeah I do SRU's when I have some spare time... might have better luck with bdmurray today.
<roaksoax> SpamapS: cool thanks :)
<RoyK> drPoo: dunno - seems /var/lib/ureadahead/debugfs is on the root fs on my lucid box
<RoyK> drPoo: pastbin output of "mount", please
<jibel> jodh, logs attached to the bug report
<pythonsnake>  where does service starting errors go to?
<RoyK> daemon.log, usually
<pythonsnake> thanks
<pythonsnake> is it in var log
<RoyK> yep
<RoyK> erm, perhpas /var/log/syslog
<drPoo> RoyK, http://pastebin.com/4gA40L5t
<pythonsnake> hmmmmmmmmmmmmmm
<drPoo> RoyK, and currently I cannot upgrade mountall because I have no space...
<zul> hallyn: they just tagged a rc for libvirt 1.0.2 i think it would be good to have in raring
<zul> er...not the release candidate but 1.0.2 final
<hallyn> zul: no objection from me.  Do you know if it contains the commit "qemu: Relax hard RSS limit" ?
<hallyn> zul: and have you enabled --with-vbox?
<hallyn> stgraber: just about ready with the new logfile patchset - good news is no packaging changes will be required for us now
<zul> hallyn: havent looked at it yet hopefully this afternoon
<stgraber> hallyn: nice
<hallyn> zul: 'm sorry!  i thought you said *you* tagged it, i.e. had it ready :)
<zul> hallyn: i wish
<jamespage> hallyn, are you aware on anything in quantal which would cause the permissions on /dev/kvm to be root:root rather than root:kvm
<jamespage> hallyn, I keep seeing it on a test system and its breaks my 'power control'
<hallyn> zul: ok, well if i have time i was going to push a libvirt for those two fixes anyway, so let me know if you start the merge, otherwise i'll just merge
<hallyn> (if i have time - i'm not here tomorrow)
<hallyn> jamespage: i'm not aware of what it is, but we've seen it before (i.e. adam_g i think saw it)
<zul> hallyn: sure remember they are rc candidates so im just suggesting we upload 1.0.2 when it hits final
<hallyn> zul: oh, ok  nm then
<hallyn> jamespage: it seemed as though udev wasn't seeing inotify updates of rules.d
<hallyn> jamespage: oh, can you check your udev logfile?
<hallyn> jamespage: is there a msg about group kvm not existing?
<jacobjames> Hello. Downloading Ubuntu server right now. Trying to set up home web server. How do I go about this?
<hallyn> if so, then perhaps i'll try simply restarting udev altogether
<jacobjames> Also trying to get the remote desktop working?
<jacobjames> Any help would be awesome. Thanks.
<jacobjames> Remote desktop for multiple users that is.
<RoyK> !ltsp
<ubottu> LTSP is the Linux Terminal Server Project, which adds thin-client support to Linux servers. See chapter 3 of the !edubuntuhandbook, http://www.ltsp.org and/or http://en.wikipedia.org/wiki/Linux_Terminal_Server_Project
<rbasak> jacobjames: https://help.ubuntu.com/12.10/serverguide/httpd.html
<patdk-wk> royk, I don't think he wanted many thinclients
<jamespage> hallyn, I can reproduce it on demand by fixing the permissions and then stop/start qemu-kvm
<jamespage> I also have an issue where nested kvm is not enabled on install; only after restart
<axisys> how do I find out which disk is sdd ?
<RoyK> jacobjames: what sort of remote desktop?
<axisys> /dev/sdd rather
<axisys> dd if=/dev/sdd1 of=/dev/null count=10000 bs=1024K to see which one showing activity.. any other way?
<jcastro> heya smoser
<smoser> hey
<jcastro> http://askubuntu.com/questions/245096/adding-nodes-to-maas
<jcastro> I asked around and someone told me that the missing wiki page is somewhere on the server team's pages, and to ask you
<jamespage> hallyn, "Jan 24 12:27:16 caipora udevd[20668]: set permissions /dev/kvm, 020660, uid=0, gid=0"
<hallyn> jamespage: you mentioned /dev/kvm being root:root  after install - are you sure you're not conflating that (sometimes happening) with the group::--- acl sticking around?
<jamespage> hallyn, hmm
<hallyn> jamespage: there are several issues all messing up /dev/kvm
<hallyn> the one about stop/start qemu-kvm sounds new though, can you tell me more about it?
<jamespage> hallyn, OK - so I restarted udev and then did the start stop of qemu and the permissions are correct
<hallyn> jamespage: can you reproduce that again from scratch (from install)?
<hallyn> if so, i think we have a udev bug
<hallyn> that we can report
<jamespage> hallyn, I've seen it on two systems now
<jamespage> hmm - actually all 4
<jamespage> I suspect that most systems get rebooted after install
<hallyn> jamespage: yeah but there are so many things messed up i'd like 100% precise, specific, reproducible steps :)
<jamespage> these ones don't
<jamespage> hallyn, OK - lemme work something out
<hallyn> jamespage: no not too long ago i 100% fixed it.  then it broke again :)
<hallyn> jamespage: thanks!
<hallyn> jamespage: and note, if you find kvm failing, but /dev/kvm is root:kvm 0660, then check 'getfacl /dev/kvm', which should show a group::--- acl in that case
<hallyn> i have a bug with proposed 1-line patch for udev to stop that one
<jamespage> hallyn, once the permissions are OK it works just fine.
<pythonspace> anyone got docs fr nginx fastcgi_params pleasE?
<hallyn> zul: hm, actually i suspect 1.0.2 will require some packaging changes, something about manually removing ipv6 filter rules...  just heads-up
<zul> k
<Grey_Loki> Hi, i've got a server I haven't updated for a while, it's running 10.10, I want to upgrade it to the latest LTS release (which I believe is 12.04), what's the best way of doing this?
<lifeless> sudo do-release-upgrade
<patdk-wk> you will have to upgrade it to 11.04 -> 11.10 -> 12.04 :(
<Grey_Loki> 'command not found' on sudo do-release-upgrade
<lifeless> patdk-wk: wasn't 10.10 also an LTS? we support LTS->TLS upgrades
<RoyK> sudo -i first
<patdk-wk> apt-get install update-manager-core
<Grey_Loki> Apparently 10.04 was an LTS
<Grey_Loki> Not entirely sure why I didn't use that one on this box to begin with
 * Grey_Loki smiles
<lifeless> oh, rar yes.
<patdk-wk> even .04 are lts :), 6.04 8.04 10.04 12.04 and hopefully 14.04
<RoyK> Grey_Loki: it's usually little problems with upgrading, but issues may arise - just try
<Grey_Loki> patdk-wk: apt-get update and apt-get install update-manager-core both fail with error: 404  Not Found [IP: 91.189.92.202 80]
<patdk-wk> give it internet access?
<patdk-wk> oh
<patdk-wk> that is probably too old
<patdk-wk> your going have to use the archive repo's
<RoyK> 11.10 should be supported
<patdk-wk> but he is using 10.10
<patdk-wk> not 11.10
<RoyK> oh
<sarnold> 10.10 was natty, retired a while back
<Grey_Loki> I'm updating from 10.10, here's a full pastebin of an apt-get update - http://pastebin.com/HpxXrbBP
<Grey_Loki> patdk-wk: so an edit of /etc/apt/sources.list with some 'new' repos?
<RoyK> Grey_Loki: there are archives out there
<patdk-wk> archive.ubuntu.com
<Grey_Loki> patdk-wk: the last parts of my pastebin mention archive.ubuntu.com - are they pointing to the right area?
<patdk-wk> dunno, need to see sources.list
<RoyK> patdk-wk: maverick isn't thhere
<Grey_Loki> One mo.
<patdk-wk> odd, why does it say maverick, if your on 10.10
<sarnold> patdk-wk: my fault. sigh :)
<Grey_Loki> patdk-wk: http://greyloki.dyndns.org/sources.txt
<RoyK> patdk-wk: perhaps because 10.10 == maverick
<patdk-wk> oh, now sarnold confused me :)
<pythonspace> compile and install xorg without root <- possible?
<patdk-wk> :)
<RoyK> pythonspace: no
<pythonspace> why
<RoyK> pythonspace: compile, yes, install, no
<sarnold> pythonspace: compile, probably :) install? no.. run? no..
<pythonspace> even with prefix?
<patdk-wk> Grey_Loki, adjust archive.ubuntu.com to old-releases.ubuntu.com
<RoyK> pythonspace: Xorg runs as root
<pythonspace> oO
<TheLordOfTime> what RoyK said.
<pythonspace> i thought i was running it as a user
<pythonspace> xinit
<pythonspace> Hm
<pythonspace> How about running Xorg with ~200mb ram?
<sarnold> pythonspace: should be doable, if you don't mind not running Gnome or Unity or KDE...
<pythonspace> No DE of course
<sarnold> pythonspace: dwm, wmii, i3, fluxbox, lxde, xcde (is that right?), might be more useful
<pythonspace> I  want a skype server thingy
<Grey_Loki> patdk-wk: apt-get update ran nicely with that, next step is to apt-get install update-manager-core and then do-release-upgrade as root?
<patdk-wk> yep
<patdk-wk> you might, or might not have to change that back though
<RoyK> pythonspace: perhaps twm?
 * RoyK sniggers
<sarnold> RoyK :)
<pythonspace> how much ram do you think would a minimal xorg + skype consume?
<sarnold> ... though you _can_ run X without any window manager, if you wish.
<RoyK> pythonspace: with 200MB I'd forget about it
<sarnold> pythonspace: Xorg on my laptop has 28 megabytes "resident" memory. no idea on skype...
<pythonspace> :(
<RoyK> Grey_Loki: yes...
<RoyK> as patdk-wk said
<pythonspace> how about
<pythonspace> nvm
<RoyK> dunno - window managers aren't really a server question, after all, nor is X
<pythonspace> bitlbee server :P
<sarnold> but why run X at all?
<pythonspace> for skype
<Andrei> why running xorg and skype on a server ?
<pythonspace> for bitlbee skype support
<Andrei> sorry, but i don't see the point
<Grey_Loki> patdk-wk / RoyK - upgrading nicely, thanks for your help :)
<RoyK> to 11.04?
<patdk-wk> well, 10.10
<patdk-wk> then onto 11.04 :)
<patdk-wk> oh wait, he was on 10.10
 * patdk-wk is hopelessly confused
 * patdk-wk smacks himself
 * RoyK attends
 * TheLordOfTime chuckles
<sarnold> patdk-wk: _I'm sorry_ :D
<RoyK> brb - reboot
<RoyK> b
<cocoa117> when using nfsv4 to export filesystem to linux client. does the locally bind filesystem automatically export?
<cocoa117> <cocoa117> e.g. /media/pool/family on /srv/sto/home/pans/multimedia type none (rw,bind)
<cocoa117> so when i exports /srv/sto/home as root to clients, do i get access to the /meida/pool/family folder?
<m_tadeu> hi...Im trying to build some sources and I'm getting this error -> No rule to make target `/usr/lib/libpangoft2-1.0.so', needed by `src/libwt.so.3.2.2'.  Stop.
<sarnold> cocoa117: I don't think NFS exports cross filesystems
<m_tadeu> the thing is that libpangoft2 is inside /usr/lib/x86_64-linux-gnu/
<m_tadeu> how can I deal with this?
<hallyn> zul: I will probably push http://people.canonical.com/~serge/libvirt.debdiff this afternoon
<zul> hallyn: you dont need any additonal depends for vbox?
<hallyn> zul: nope, builds just fine
<zul> k
<zul> +1
<hallyn> gonna re-build and re-run the testsuite first...
<sarnold> m_tadeu: it'd probably be easiest to install libpango1.0-0 or whatever package provides that file on your release...
<cocoa117> sarnold, so does it mean i need to export each filesystem separately?
<sarnold> cocoa117: that's my recollection
<m_tadeu> sarnold: libpango1.0-0 is also in /usr/lib/x86_64-linux-gnu/
<sarnold> m_tadeu: now I think you either get to teach your Makefile about multilib, or give it a new library search path..
<m_tadeu> sarnold: autch
<RoyK> there - perhaps done with rebooting this vm for a while...
<adam_g> zul: http://people.canonical.com/~agandelman/g2_deps/pyparsing/ need this for quantumclient (and probably others)
<zul> adam_g: looks good
<zul> lifeless: so if you want to reproduce that reliably in a chroot, clone the git source for nova ; apt-get build-dep nova then run the testsuite
<JonEdney> When I try to run screen on my 12.04 server, I receive "Cannot open your terminal '/dev/pts/1' - please check.".
<JonEdney> Hmm, seems screen dont work when you su to the user, nvm
<jcastro> utlemming: ooh, I have been waiting for non-manual cloud images, nice!
<utlemming> jcastro: yup, its been a long time coming. 10.04 went out the door last night. And I am going to slowly turn on the others.
<utlemming> jcastro: it was a fair amount of work to get everything in place though. A lot of moving parts.
<hallyn> ahs3: netcf 0.2.3-1 pushed to ppa:serge-hallyn/virt for a test.  very minor changes, don't expect any problems
<hallyn> ahs3: (will ping you when ready for push to experimental)
<ahs3> hallyn: okey dokey.  thx for the heads up
<jcastro> utlemming: I'm sure, I like how it matches the kernel cadence, that's hot action
<hallyn> ahs3: if you get sick of these pls let me know :)
<utlemming> jcastro: the kernel cadence was the easy part, and the natural choice. We want users to use the latest kernel.
<ahs3> hallyn: heh.  no worries.  you may want to become a DD at some point :)
<hallyn> ahs3: yup
<jacobjames> Hey I just got finished installing Ubuntu Server... I am at a command prompt... NO GUI? What the heck do I do?
<pythonsnake> lol jacobjames
<jacobjames> yeah funny.
<jacobjames> used to the nice ubuntu GUI.
<pythonsnake> where did you install it
<jacobjames> Least I was able to login
<yeats> jacobjames: ubuntu server doesn't come with a GUI by default
<jacobjames> how do i get one?
<jacobjames> from the command line
<pythonsnake> jacobjames: use ubuntu not ubuntu server
<hallyn> apt-get install ubuntu-desktop works for me
<jacobjames> I need to use the server to host my website.
<yeats> jacobjames: I wouldn't add ubuntu desktop to a server
<pythonsnake> you should probably learn to not use X
<hallyn> (don't need desktop to host your website, but...)
<yeats> jacobjames: I would do 'sudo apt-get install tasksel' and then 'sudo tasksel' selecting lxde
<jacobjames> permission denied on the apt-get install ubuntu -desktop
<yeats> jacobjames: if you're going to install the full desktop, I would do what pythonsnake suggests and just install desktop ubuntu
<jacobjames> k working on taskel
<pythonsnake> jacobjames: sudo
<jacobjames> taskel is already at newest version???
<pythonsnake> hmm
<yeats> jacobjames: okay - then 'sudo tasksel'
<virusuy> howdy gents!
<jacobjames> nice. desktop loading.
<jacobjames> Thanks python
<yeats> jacobjames: you may be out of your depth if you're thrown by this kind of thing though
<pythonsnake> how are you gonna configure your web server
<jacobjames> Pretty computer savy, just some new territory. Should be climbing soon. Just gotta get some help on where to get the gear.
<jacobjames> apache
<jacobjames> got my a record pointed to my ip this morning.
<pythonsnake> ok
<pythonsnake> use nginx
<jacobjames> what is nginx
<pythonsnake> web server
<jacobjames> different then apache?
<pythonsnake> better
<pythonsnake> for you, probably
<jacobjames> cool. Thanks for the info.
<jacobjames> what about a good ftp?
<pythonsnake> and learn to use the command line <- urgent
<sarnold> please don't use ftp
<pythonsnake> ^^
<uvirtbot> pythonsnake: Error: "^" is not a valid command.
<virusuy> LOL
<jacobjames> ok.
<jacobjames> why shouldn't I use ftp?
<jacobjames> anyone running thin clients out there?
<virusuy> besides security issues ?
<jacobjames> want to set up some thin clients on this server also.
<virusuy> (related to ftp)
<jacobjames> I though ftp was very secure?
<pythonsnake> im curious, where did you get your server  jacobjames
<jacobjames> off ubuntu site.
<dingo311> i am having problems with my internet/server. at this point i get timeouts from ping but yet am still able to connect to the internet, browse... just fine. i cannot remote into the server nor do any of the websites i have work.... any ideas?
<pythonsnake> jacobjames: did you buy it
<jacobjames> no.
<dingo311> ping fails on my win laptop as well as the server
<jacobjames> free.
<pythonsnake> is this on your desktop
<jacobjames> what>
<jacobjames> is this on your desktop>?
<pythonsnake> where did you install ubuntu server
<jacobjames> on my desktop computer.
<pythonsnake> hmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
<pythonsnake> install ubuntu desktop O.O
<jacobjames> ok.. I am confused.... If I have server edition installed what is the difference with the desktop version.
<pythonsnake> dingo311: 'but yet am still able to connect to the internet'
<pythonsnake> to your server?
<jacobjames> ok you must be talking to the other guy>
<dingo311> pythonsnake: no connections to the server, but using lynx for example i can browse the web, but ping times out
<pythonsnake> lynx from where dingo311
<dingo311> from the server
<sarnold> jacobjames: ftp sends usernames and passwords in the clear (oops). ftp does not work well with NAT (annoying), and the active/passive mode is annoying. The binary vs ascii is annoying. There's no data integrity checks, so data can be replaced (accidentally or maliciously) and no one will ever notice. There's no standardized protocol for nearly anything, because it was assumed a human was sitting at the screen with sane filenames
<pythonsnake> jacobjames: are you gonna use the desktop daily
<jacobjames> so what is my alternative.
<jacobjames> I just want to set up my server to host http://, ftp, and thin clients.
<pythonsnake> dingo311: firewall?
<hallyn> jacobjames: what sort of thin clients
<hallyn> jacobjames: to host ftp and http you don't need the desktop.  Just go read the ubuntu server guide on setting up apache and vsftpd
<hallyn> https://help.ubuntu.com/12.04/serverguide/
<sarnold> jacobjames: _please_ look into sftp and see if it can meet your needs. clients are available for windows too, if that matters (putty, winscp, I think)
<hallyn> sarnold: haha, good point
<hallyn> ftp is still good for netboots at least :)
<sarnold> hallyn: itym tftp? :)
<pythonsnake> maybe he's gonna use his desktop like a desktop sarnold hallyn
<dingo311> pythonsnake: honestly, not setup. this is a fresh install of server 12.04. i installed apache2, openssh, and a music steaming web interface. all of which i had on my desktop edition before i switched to server. the only firewall is the router. All of this has worked...few days ago same symptoms but a reboot fixed it. today, rebooted twice but no dice...
<hallyn> pythonsnake: you mean lynx and w3m and mutt
<hallyn> sarnold: i do
<pythonsnake> hallyn: ?
<pythonsnake> dingo311: hm
<pythonsnake> dingo311: you pinged the ip?
<hallyn> pythonsnake: 'desktop as a desktop' - nm
<dingo311> pythonsnake: just tried to ping out from server, havent tried pinging the server
<pythonsnake> hallyn: as in ubuntu server as desktop
<hallyn> yes
<sarnold> dingo311: many firewalls drop ICMP (despite most admins knowing better)
<Chomps> what fw are you using or what router?
<dingo311> sarnold: i think it is my ddns, pinging the ip went right through
<pythonsnake> dingo311: there you go
<dingo311> only firewall is router: dlink....dont flame me too bad, i know i need a firewall, is iptables a good place to start?
<sarnold> dingo311: investigate 'ufw'
<dingo311> pythonsnake: not sure how to resolve the ddns issue, but i will google around
<sarnold> dingo311: it's a convenience wrapper around iptables. if it does what you need, it might save you a lot of time.
<dingo311> sarnold: thanks. also, if you remember my ssh issue... i reformatted my phone and started everything fresh and got my keys working straight away
<sarnold> dingo311: haha. man. that's too bad, it shouldn't have been that way, but I'm glad it's working. :)
<jacobjames> THin clients the ones that allow people to get a desktop pushed out to a terminal. Any suggestions.
<dingo311> sarnold: only people who use this are me, my wife, and a few close friends...would iptables work for that?
<Chomps> I agree with sarnold many routers block ICMP by default. I personally never use them. I try to get a router that supports 'bridge mode' and then write my own firewall. iptables is are very powerful if used correctly.
<dingo311> Chomps: only thing that has changed is from destop version to server, all hardware the same. could ICMP still be the culprit. only issue with desktop ever was overheating, never had anything unreachable
<dingo311> i am not familiar with all the lingo, googled ICMP, looks intimidating.
<dingo311> i dont think my router is blocking anything
<Chomps> to start ubuntu server 'auto writes' firewall rules like ACL's to a temp file. I dont like it either. have you tried to flush the firewall rules on the server?
<Chomps> check to see if there are any rules first "iptables -L"
<dingo311> Chomps: no i have not tried flushing the rules, which i interpet as deleting
<sarnold> jacobjames: look into this? https://help.ubuntu.com/12.10/ubuntu-help/sharing-remote-login.html
<Chomps> then run: iptables -F
<Chomps> iptables -X
<Chomps> iptables -t nat -F
<Chomps> iptables -t nat -X
<Chomps> iptables -t mangle -F
<Chomps> iptables -t mangle -X
<Chomps> iptables -P INPUT ACCEPT
<dingo311> all that, in that order i assume
<Chomps> iptables -P FORWARD ACCEPT
<Chomps> iptables -P OUTPUT ACCEPT
<Chomps> yes in the above order
<Chomps> that will allow all rules to be cleared and accept anything and output anything
<dingo311>  iptables -L gives an error, ends with iptables or kernel needs to be upgraded
<Chomps> are you running as root
<Chomps> sudo su
<dingo311> never, but these need to be run as root? that would make sense
<Chomps> yes definatly
<dingo311> iptables -L output http://paste.ubuntu.com/1567355/
<Chomps> was that before or after you ran the above iptables commands
<dingo311> efore
<Chomps> well that looks like they are all flushed then
<Chomps> I would run them anyway and then save the iptables
<dingo311> cool
<Chomps> "iptables-save"
<dingo311> iptables -L looks the same, like you said it would.
<Chomps> ICMP functions differently than other protocols - It is below the IP level in a technical sense. you can take a look at the before rules in /etc/ufw/before.rules
<Chomps> check to see if the following exists (or similar): -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
<dingo311> if i can access via local ip 192.168.x.x but not through ddns then that points to faulty ddns carrect
<Chomps> could be or it could be the ISP Proxy server
<dingo311> sudo iptables -A ....?
<Chomps> no in the file /etc/ufw/before.rules
<Chomps> not on command line
<Chomps> try ping (from that server) to google or some site. ie: ping 8.8.8.8
<Chomps> if you get a response then then ICMP out from that server is ok.
<dingo311> yes i see the string in before.rules
<dingo311> i dont think i will, hang on
<dingo311> well it wasnt before when i tried but now success
<Chomps> ok cool...so if I understand correctly you want to be able to ping from somewhere outside to your server?
<Chomps> dingo311, would it be asking too much if you can give me the ddns name so that I can try ping it from outside?
<Chomps> will give you the results
<dingo311> correct. i cannot ping through the ddns
<dingo311> the ddns is buffet.dlinkddns.com
<Chomps> there is definitely an incoming (to you) block on ICMP
<Chomps> I think it is either a setting on the router or your ISP
<dingo311> you say that just from ping results? or did you look at some other info?
<dingo311> so do i call my isp?
<Chomps> just from ping results. I dont get any reply. I would ask your ISp if they are blocking it, yes
<Chomps> bottom line: you can ping the server from your internal network which means your server is ok. If you are sure there is no setting on your router that blocks ICMP requests, then your ISP  or ddns is blocking it...its now that simple...ask them
<dingo311> hmm, fair enough. although i thought they only block certin ports. i will double check my dlink router to make sure its not blocking requests then call. thanks very much for your help
<Chomps> no prob. I hate ISP's that block things as a so called service...enjoy
<dingo311> out of curiosity how would the isp know that i switched from desktop to server os? they couldnt would be my guess
<Chomps> It shouldn't be of concern to them
<Chomps> Just out of interest. On your router do you have "DNS AND DEFAULT GATEWAY" option
<Chomps> I take it the ddns account info is on the router itself....if so make sure "Enable Firewall" has a check on it or ICMP wont work and also "Enable NAT"
<dingo311> im begining to think it is striclty a ddns problem. ddns says status disconnected(obviously bad) looking at what router ip says it conflicts with whatismyip.com
<dingo311> ddns is on the router. looking for the dns and default gateway
<dingo311> i saved my router config before changing os and reloaded it. so all should be the same, should be
<Chomps> oh well then you might have put in the incorrect account info in on the router, hee hee that would realy be a big issue. maybe just a typo on the router. the IP must be the same on ddns provider and your router
<Chomps> dingo311, goto dlinkddns.com and log in...check the IP there. That must be the same as the IP provided by your ISP. if not, that would be problem no 1
<dingo311> shouldn't the ddns host be updating that, that is what it is for
<dingo311> never thought to really check all that since i never had a problem with it.
<Chomps> your router updates that with the host. check that the ddns info on your router is correct and that it is updating dlinkddns.com correctly
<Chomps> ok whatever you did now, it worked....
<Chomps> I can ping your IP...well done...save the router config...
<Chomps> 64 bytes from ip68-102-96-181.ks.ok.cox.net (68.102.96.181): icmp_req=2 ttl=104 time=337 ms
<Chomps> dingo311, :)
<dingo311> i got that too. must need a system or router restart because buffet.dlinkddns.com:4040 still times out
<jacobjames> ok i am at the command prompt how do i get into my gui. I just donwloaded apt-get ubuntu-desktop
<dingo311> ddns host had wrong ip in dns, thought that was their job
<Chomps> ok but that is something different. 4040 is a port you are trying to get through on. you now need to forward that port on the router to the servers internal IP
<Chomps> under poert forwarding
<Chomps> port
<dingo311> right, port forwarding is enabled, pointing to the correct ip
<Chomps> Also I take it that there is a service on your server listening on port 4040 ?
<dingo311> haha, let me make sure that is still up
<Chomps> try "telnet localhost 4040" on the server that will tell you
<jacobjames> got it.
<Chomps> jacobjames, should be startx
<jacobjames> yes waiting now. Thanks
<Chomps> dingo311, is the service running ?
<jacobjames> chomps ok just booted into a blank screen with background?
<hallyn> ahs3: http://people.canonical.com/~serge/netcf_0.2.3 has the package, tests fine on raring
<Chomps> jacobjames, did you just run apt-get install ubuntu-desktop  not xubuntu-desktop or anything else. because apt-get install ubuntu-desktop will install the gnome desktop
<Guest85517> Chomps: system needed a reboot afet updating ddns, still not sure why they had ip wrong, but i wont forget to look there next time.
<Chomps> dingo311, cool
<Chomps> dingo311, ok I can see your server is listening on that port...good stuff, have fun...
<ahs3> hallyn: thx.  i'll take a look and upload to experimental if all is well
<dingo311> in my dhcp client list there is an unknown ip with mac 00-00-00-00-00..... is this just a fluke?
<Chomps> dingo311, that looks like and invalid ARP request
<Chomps> dingo311, is that on the server, is your server the dhcp server
<dingo311> Chomps: not sure how to answer that, but i think so yes.
<Chomps> dingo311, do you have a dhcp server service running on your server? Also if you have dhcp running on your router they could be conflicting and can cause an election on the network. (the one will try and force out the other)
<sarnold> (dhcp has elections?)
<Chomps> dingo311, only one dhcp server should be handing a single subnet...ie 192.168.x.y
<dingo311> Chomps: not sure if dhcp server service is running on server. I will have to look into it later. got called to work. bah. thanks again for all your help. it means alot.
<Chomps> cool, it is 1:20am here...going to catch a few zzZZ, cheers
<axisys> failing to grow raid10 after replacing one of the 6 disks with a larger disk
<axisys> # mdadm --grow /dev/md10 --size max
<axisys> mdadm: raid10 array /dev/md10 cannot be reshaped.
<axisys> what gives?
<MraAlbertina> hi. what could be the problem of a machine connecting to the network but not to the net? besides all tests i did and comparing with this machine what can i do to check what's wrong with it? i have a feeling a simptom might be important: /etc/resolve.conf is empty. trying to insert manually 'nameserver 192.168.1.1' 'domain home' 'search home' doesn't solve because the changes would be lost on next reboot.
#ubuntu-server 2013-01-25
<sarnold> MraAlbertina: that typically means it is being overwritten by the resolvconf mechanism; see /etc/resolvconf/resolv.conf.d/* files for information..
<MraAlbertina> sorry, sarnold , i didn't see your msg. thanks
<MraAlbertina> sarnold: strange... /etc/resolvconf/resolv.conf.d/tail was empty. i put the values and now.. without a reboot or service networking restart i get a net ping alreadyg the net
<MraAlbertina> already/ cut the rest :)
<sarnold> MraAlbertina: woo :)
<sarnold> MraAlbertina: does that mean you days-long drama to get your funky machine-without-a-console installed has finally reached a point where you can treat it just like any other machine? :)
<MraAlbertina> lol
<MraAlbertina> sarnold: you don't believe how much tweaking is needed to get this working
<sarnold> MraAlbertina: it's sounded really annoying. :)
<MraAlbertina> yeah, a bit
<MraAlbertina> well, i'm trying to get this machine working to have a MAAS working with the others
<MraAlbertina> if i can get it to a point where i believe it results i might get a couple 486 machines from the garage and this would be a super/hiper/big computer system :)
<sarnold> here's hoping you've got some PXE-capable NICs in those 486s ;)
<MraAlbertina> i were kidding about the 486, but these ones yes, they could interact with pxe
<MraAlbertina> altough i might bet into another problem on this headless machine... i can't access bios setup
<MraAlbertina> bet/get
<MraAlbertina> bye sarnold, have a good night :)
<quietone> when I try mount a drive at /dev/mapper i get "NTFS signature is missing".
<quietone> kinda new at this, and searching hasn't helped (yet). Anything I should be reading?
<sarnold> quietone: how are you trying to mount the drive? what type of filesystem does it have on it?
<quietone> sarnold, I'm not sure. fdisk -l just shows 'Linux'.
<quietone> sarnold, "mount -o acl,user_xattr /dev/mapper/backup /mnt/backup"
<axisys> I guess raid10 does not allow grow.. oops
<axisys> since I have a backup, I will just rebuild raid10
<axisys> now is it possible to build raid10 with disks of different sizes?
<axisys> in my case: 2 76G and 4 300G disks
<sarnold> axisys: I think you'd be able to raid0 a 76 and a 300; and raid0 a 76 and 300; and then raid1 the result for 376 gigs of storage..
<axisys> sarnold: hehe.. i was just reading the same thing here
<axisys> sarnold: http://www.spinics.net/lists/raid/msg17303.html
<axisys> so I have 2x72G and 4x300G
<axisys> i guess raid0 (raid1,raid1,raid1) .. right?
<sarnold> axisys: oh, I _think_ Neil gave different advice than I did -- you should go with his advice, he's The Guy :)
<sarnold> axisys: I think you've interpreted his advice correctly
<axisys> sarnold: thanks
<axisys> sarnold: (offtopic) how do you do that underline thing? pretty cool
<sarnold> axisys: I just put underscores before and after the word; most clients underline that way :)
<axisys> _this_
<axisys> nice!
<axisys> how about bold?
<sarnold> *asterisks* give you bold :)
<axisys> *bold*
<axisys> lol
<axisys> thanks
<sarnold> don't tell anyone I told you this (and for $DEITY's sake, don't _use_ them), but ^B does bold too
<axisys> sarnold: :-)
<Free99> hey sarnold: you know anything about drbd?
<jeeves_moss> how can I setup a single local dovecot server so I can use the mail dir files from a long dead server so I can get the e-mails out of them and push it into my Exchange server?
<patdk-lap> the same way anyone would setup any other dovecot server
<patdk-lap> follow the instructions 100%, there is nothing you can shortcut about it
<jeeves_moss> patdk-lap, even if I'm just doing it for a single user?
<patdk-lap> jeeves_moss, and a webserver is easier to setup for 1 client? vs 100 clients? not really
<patdk-lap> it makes no difference, there is just as much work
<jeeves_moss> patdk-lap, I'm just trying to rescue the remaining e-mail that I was able to pull
<eagles0513875_> hey guys I have a single domain email server setup, how do I go about setting up aliases? as I am using postfix plus dovecot.
<greppy> eagles0513875_: look at /etc/aliases
<eagles0513875_> thanks greppy will take a look
<eagles0513875_> greppy: quick alternate question im in the process of setting up a  new mail server, my question becomes i have another mx entry pointing at a different provider and a new mx entry pointing at another server. how will the email know which mx entry to use will it check the one with the highest priority first then if it doesnt find the account there check the other one?
<greppy> mail should go to the lowest numbered mx record first, not all senders honor that though.
<greppy> if you do a 'dig -t mx grephead.com' you will see that mail.grephead.com has a priority of 0 and backup.grephead.com has a priority of 10, backup tries to deliver to mail.grephead.com
<ikonia> it only uses the higher priority one if the lower prirority one doesn't respond
<andol> Then there are spammers who intentionally go for the highest mx number, hoping that the backup mx will have a weaker spam protection.
<greppy> == andol
<ikonia> eagles0513875_: you are running a professional Linux consultancy business, to paying clients, how are you not knowing the basics of a mail server ?
<ikonia> this is getting really tedious that you use this channel to basically command by command get you to set things up for your paying clients
<eagles0513875_> ikonia: reason im askign these questions is i dont want to disrupt their current setup in terms of emails until some other issues get resolved
<ikonia> eagles0513875_: yes, but you should already know this stuff
 * eagles0513875_ goes back to work
<eagles0513875_> hey guys I am looking at replacing apache prefork with either the event or worker versions what advantages does each of them have and what would one recommend?
<Andrei> i have no idea at the moment eagles0513875_  (i'm right after a sleepless night, not easy to think :)
<eagles0513875_> Andrei: understandable bro
<Andrei> thx. be back later
<pythonsnake> whats the way to reverse proxy using htaccess?
<ikonia> eagles0513875_: why are you looking to replace the apache process if you don't know what the alternatives do and their advantages ?
<koolhead17> hallyn: around
<zul> jdstrand: pinger when you are around
<jdstrand> zul: I'm here
<zul> jdstrand: when you get a sec can you review python-extras its a new dependency of quantum and will be a new dependency of python-testtools
<jdstrand> zul: sure
<zastern> If I modify /etc/security/limits.conf to allow a user more open files, e.g. www-data, can I just restart apache, for that to take effect? I'm trying to figure out a way to avoid a reboot.
<zastern> I know that if it were a normal user I could have them log out and back in, so for apache i suspect stopping and starting the service, which runs as www-data, might do it. Not sure how i can test that though.
<tedski> .+host *!*tedski@50.57.111.248
<tedski> derp
<tedski> lets try that in the right window :P
<toordog> is there any easy solution for central authentication with Ubuntu like the project FreeIPA for RedHat?
<toordog> or something like spacewalk?
<awaterma> Check out the CAS project. It's HTTP based.
<awaterma> http://www.jasig.org/cas
<Toordog> thanks for the link, I will investigate it.   :)
<awaterma> You can tie it into normal authentication on a unix box (PAM, etc.) or via JDBC, LDAP, etc. Nice solution. Developed for Universities.
<Toordog> the website is just unclear if it is just a SSO or it's good to centralize the authentication of my server park
<Toordog> cool
<Toordog> ok that answer my worry :)
<Toordog> it should work just fine then
<awaterma> If you're doing in Unix work, I think you'd want to do something with PAM.
<Toordog> yes actually i have about 400 servers with ubuntu 10.x and 12.x
<awaterma> Or Radius or possibly something like that. :)
<awaterma> Have you looked at the MAAS implementation?
<Toordog> I tried to build from scratch a ldap server but it was quite a headache
<Toordog> i'm considering to implement MAAS and JUJU for deployment infrastructure
<awaterma> Our server is too wimpy, so I moved to basic KVM for what I'm up to. :)
<Toordog> we are adding 30 servers per month in average and often it comes by batch every 2-3 month of 100-200 servers
<Toordog> ok
<awaterma> I'm just looking at single numbers of boxes down here. That's a huge amount to me. :)
<Toordog> well automated, it's like managing <10 servers
<Toordog> ;)
<awaterma> Hey all, it was suggested to me to look at using bonding to take advantage of my 4 nics on a box that's serving as a server for several vms, which I'd like to have running under two bridges. One bridge for static DMZ traffic, the other for internal. Is this possible?
<awaterma> toordog: nice!
<Toordog> awaterma:  yes it is possible but you need to have your switch to support the aggregation protocol you'll be using
<Toordog> basically you will create 2 aggregate link interface (LAG1 and LAG2)
<Toordog> can be separate switch or same switch, you could as well do your seggregation using VLAN and having only one LAG
<awaterma> Hmm. Here's my current problem, I have one nic up in "manual" mode supporting a bridge. This works nicely. When I bring up the other nic, the static connection goes down. I think this is due to using two separate gateways.
<awaterma> Does that sound like the right analysis?
<Toordog> you cannot use 2 gateway
<awaterma> And I have read a little that I could do this with a vlan, but it gets a bit confusing. :)
<Toordog> gateway = default route when there is no other route defined.
<awaterma> So, the analysis is right?
<Toordog> VLAN is just like a virtual network
<Toordog> on the same hardware
<awaterma> Am I mis-using gateway? I thought this was part of the interface configuration, e.g. computer where traffic is directed.
<Toordog> in a computer you have static route , you can see it via netstat -rn
<Toordog> your static route tell your computer where to send traffic
<Toordog> when it doesn't find a static route, it will send it to the gateway
<awaterma> Can I even do what's been requested on the same box? E.g. host virtual servers that server DMZ traffic. And host servers that server internal traffic?
<Toordog> you would have to explain me exactly waht is your DMZ traffic and Internal ...
<Toordog> do you want all VM on the internal network segment to see each other?
<awaterma> Not necessarily. Just be available from outside, e.g. Lamp servers for different departments.
<awaterma> (I'm at a University)
<Toordog> DMZ = Internet with public IP?
<awaterma> So some lamps serving external public http traffic, others serving internal traffic. that's what's desired.
<awaterma> I don't want to bridge the two nics.
<Toordog> ok
<Toordog> but is your DMZ with public IP?
<awaterma> Yeah, that's the idea.
<Toordog> Is your VM under your management or under the management of random people or untrusty people?
<awaterma> Two different routers. One router for one set of nics. Other for nics internal. I'm running the box.
<Toordog> ok
<awaterma> I think what happens now, is I bring up the other nic, and I run into this gateway issue. I don't want to bridge all the nics, as that would open the internal net to the outside. I want to use one bridge for external (public) nics and VMS, another for internal. This was why bonding was suggested to me.
<awaterma> Am I hoping for too much on one box?
<Toordog> no actually this is pretty basic
<Toordog> on your internal network why do you need a gateway?
<awaterma> I'm not sure I do. What's happening is that when I bring up the internal network (as a bridge, which is what I want, or as just a simple network connection) the external network becomes unreachable.
<Toordog> just make sure your gateway is on the DMZ side
<Toordog> route add default gw 10.x.x.x via eth0
<awaterma> I thought that the gateway issue was connected to the gateway that each cards is using, the static bridge is configured to pass through to one gateway, the other interface is DHCP.
<Toordog> DHCP can setup gateway for you and overwrite your static one
<Toordog> so better not use DHCP on a server
<awaterma> Ah, so add the route command before bringing up a the DHCP gateway?
<awaterma> Ah, okay, that makes sense now.
<Toordog> you can only have one gateway
<awaterma> So I could do this at the /etc/networks/interface level?
<awaterma> E.g. setup a static for a 10.x.x. or 192.x.x.x that uses an actual external gateway?
<awaterma> In the definition?
<Toordog> the thing about your internal network is that you might have let say : 10.1.1.0 /24 and 10.1.2.0/24 and 10.1.3.0/24 and you need to set a gateway to reach the other network
<Toordog> no
<Toordog> you would have
<Toordog> eth0 static IP public with gateway
<Toordog> eth1 static IP *NO GATEWAY*
<Toordog> eth2 static IP *NO GATEWAY*
<Toordog> ...
<Toordog> only one can have static IP
<awaterma> Ah, okay. And then when the other interfaces come up, they inherit the gateway defined in eth0?
<Toordog> sorry
<Toordog> damn
<Toordog> only one can have gateway
<Toordog> yes
<awaterma> (Sorry, I'm a coder, not a network guy.) :)
<Toordog> routing is not per interface
<Toordog> it is per machine wide
<awaterma> Ah, okay, so the DHCP server is rewriting the route table which is what knocks out my access.
<Toordog> the only thing that is per interface in routing is the path to reach the location.  Let say : reach 10.1.2.0 via eth1  and reach 10.1.3.0 via eth3
<Toordog> but it is per machine wide view since you can only reach one network node per one interface at a time *normally, there is advance option to even bypass that*
<Toordog> yes
<Toordog> DHCP is evil if it is not configured correctly
<Toordog> it thinks it knows better than you
<Toordog> :P
<awaterma> LOL.
<awaterma> So, all I have to do is update my /etc/network/interfaces file to define statics and only use the keyword "gateway" in my "eth0" definition? Or would I need to right a "ifup" script to define the route as something like "route add default gw 10.x.x.x via eth0" as well?
<awaterma> (Sorry for all the questions, this has been troubling me for a couple days).
<zastern> Do deamon starts go through pam with ubuntu/upstart?
<zastern> E.g. does /etc/security/limits.conf affect things, like where domain is a user like www-data
<Toordog> awaterma:  set your eth0 with gateway, no need of ifup script
<Toordog> unless your eth0 is not always up
<Toordog> which is unlikely
<awaterma> Toordog: Cool! Thanks! Off to the lab!
<sarnold> zastern: Idon' think so; there's no /etc/pam.d/apache or /etc/pam.d/nginx or similar..
<zastern> sarnold: yes, but the daemon runs as a user
<zastern> and im setting the domain to be that user
<zastern> e.g. www-data
<zastern> in /etc/security/limits.conf
<sarnold> zastern: yeah, I think the limits for most daemons have to be set via the daemon's configuration or just before the daemon is started
<zastern> sarnold: that seems to violate the principle of system level security though. E.g. no process or user may have more than 8000 open file handles
<zastern> or whatever.
<Toordog> CAS project doesn't have an IRC room?
<sarnold> zastern: it's definitely an annoyance that it can't be configured in one location..
<zastern> sarnold: I don't think there's a specific apache configuration item for this though, for example
<zastern> and apache docs mention tuning limits.conf specifically
<zastern> but otoh that might just be a thing on EL-based systems
<zastern> sarnold: hey and while you're here, what's your favorite AppArmor tutorial :D
<sarnold> zastern: hrm, there's no _great_ apparmor tutorial :( the wiki has two, "Creating and modifying AppArmor policy with the tools" and "Creating and modifying AppArmor policy by hand" that together should be tolerable :)
<zastern> cool, thanks.
<sarnold> zastern: .. not all the tools work with the newest features, so knowing how to do things by hand is important
<zastern> I need to secure my apaches.
<sarnold> zastern: http://wiki.apparmor.net/index.php/Documentation
<sarnold> zastern: but the tools, when they work, are a good time saver :)
<zastern> sarnold: yeah, I'm not looking for a wizard. But something more directed than just "read all the documentaiton that exists, line by line"
<sarnold> zastern: apache is a bit complicated because there's two ways to confine it: either as a single apparmor profile (simple) or use the libapache2-mod-apparmor package and confine different portions of your site with different permissions (hooray for keeping phpbb away from your other code..)
<zastern> sarnold: yeah . . . I was planning to use the latter, because I think different sites might have different requirements
<sarnold> zastern: you can also set the rlimits for a program in apparmor policy; it's not a perfect fit, since it is setting the usual rlimits rather than per-profile limits, but it is simple :)
<zastern> I don't know what that means, but I'll look it up!
<sarnold> :)
<zul> hallyn: ping
<Chriys> Hi everybody. i have an issue with my ubuntu server (12.04). When it's connected to router the commands apt-get install/update stuck at [Waiting for Headers] but if i connect it directly to the modem everything works fine. I have a dynamic ip and my router is TP-Link. the last i fixed it by putting into resolv.conf those lines:domain ahidjodesign.com nameserver 192.168.1.1 and 192.168.1.101
<Chriys> localhost. Thanks for your help.
<Chriys> anyone can help
<ketan985> http://ubuntuforums.org/showthread.php?p=12473841#post12473841
<ketan985> ya
<ketan985> Hi Chriys
<Chriys> hi
<Chriys> I got one question for you
<Chriys> i have an issue with my ubuntu server (12.04). When it's connected to router the commands apt-get install/update stuck at [Waiting for Headers] but if i connect it directly to the modem everything works fine. I have a dynamic ip and my router is TP-Link. the last i fixed it by putting into resolv.conf those lines:domain ahidjodesign.com nameserver 192.168.1.1 and 192.168.1.101 localhost.
<Chriys> Thanks for your help.
<ketan985> tell me...
<ketan985> Bro server must have configured with static ip
<Chriys> yeah i know but i don't have one currently so i'm using a no-ip
<ketan985> sometimes due to misconfiguration of nameserver we couldn't connect internet yet we connected to network
<sarnold> ketan985: you want to put _php_ in the path to receiving _email_?? sounds scary.
<ketan985> why ?
<ketan985> why scary man ? It 's normal
<sarnold> php is a fairly brittle language. I'd do my best to keep untrusted input away from it. and email is 90% untrusted and unsafe input...
<ketan985> Chriys,  Put nameserver 8.8.8.8 in resolve.conf
<ketan985> sarnold,  then what should we use
<sarnold> ketan985: I'd pick perl, python, or ruby...
<ketan985> sarnold, I need that fuctionality any language I can use
<sarnold> ketan985: look into the 'milter' support, it may do what you need
<ketan985> how I need to config that postfix server , that i need to know
<ketan985> sarnold, can you provide me link ???
<sarnold> ketan985: http://www.postfix.org/MILTER_README.html
<Chriys> are you serious ? :o it worked like a charm
<Chriys> ketan985
<Chriys> thanks do you know what is causing this
<sarnold> Chriys: did you keep the 192.168.1.1 nameservice lines when you directly plugged int othe modem?
<Chriys> think yes but i didn't modify the resolv.conf when i plugged to the modem
<sarnold> aha :)
<sarnold> then you wre tryin to use a nameserver that didn't exist :)
<sarnold> Chriys: 192.168/16 is in the RFC1918 "non-routable" class of addresses; they won't work on the internet, only within a network designed to use them (as is the case behind most consumer routers..)
<Chriys> so i can do nameserver myISPDns ? right
<sarnold> Chriys: yes
<Chriys> and i have bind9 running on my server so nameserver 192.168.1.101 should be correct
<ketan985> ya correct Chriys
<sarnold> Chriys: perhaps 127.0.0.1 would be better, if it is actually on the same host..
<Chriys> great now i understood. ok cool got another question
<ketan985> ask me friend
<Chriys> i'm using virtual host on my ubuntu server 12.04 and i set my domain(with 1and1) to point the CNAME of the no-ip on my server. but if i try to access to mydomain.com it shows 403 forbidden can access / on this server
<ketan985> There is problem with permissions.
<ketan985> checkout it
<Chriys> already tried. i did chown chriys:www-data /var/www/ahidjodesign and chmod -R 777 /var/www/ahidjodesign
<Chriys> i did the the same with /home/chriys/www-dev/ahidjodesign
<Chriys> the files are located there and point to /var/www/ahidjodesign
<ketan985> reload server and try again Friend
<Chriys> in the error log of apache i got this: Symbolic link not allowed or link target not accessible: /var/www/ahidjodesign
<ketan985> then try to link again
<Chriys> ok
<ketan985> using ln -s
<sarnold> you're not allowed to exit the document root using symbolic links
<Chriys> don't understand
<ketan985> I don't think so
<ketan985> Bro It is given in terminal no in document file
<ketan985> Chriys, continue with links
<Chriys> ight
<sarnold> Chriys: you'll need this if you use symlinks: http://www.apache.com/docs/httpd-docs-2.2.13.fr/mod/core.html#options
<ketan985> It is very easy syntax .
<Chriys> it should work because i followed step from ubuntu-fr site
<Chriys> same issue i'm going to verify the virtual host settings
<Chriys> got a last question for you guys you helped me a lot.
<ketan985> I am always Happy to help Friend
<Chriys> postfix won't send email i have courier imap installed. But everything works fine if i send to myself or local
<Chriys> i also remember that i wasn't able to find the package postfix-tls.
<ketan985> Hey Chriys , I am new to postfix and having some problem like this
<ketan985> http://ubuntuforums.org/showthread.php?p=12473841#post12473841
<ketan985> pleia2,  Can you help a little in solving this issue?
<Chriys> thanks. Do you know how to configure a MX on my server i pointed my domain to the no-ip on my computer(which is a CNAME)
<Chriys> ketan985: for your question i followed some steps yesterday for creating database for postfix. But got no idea for the php script
<ketan985> I have a scprit friend but I don't know how to config postfix to apply it
<Chriys> ok i see. http://library.linode.com/email/postfix/courier-mysql-ubuntu-9.10-karmic
<Chriys> http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-ubuntu-12.04-lts
<ketan985> I followed this but couldnot succed , It disturbs functionality of server and I could not mail .
<Chriys> the first one has more detailed step
<ketan985> this link http://blog.thecodingmachine.com/content/triggering-php-script-when-your-postfix-server-receives-mail
<Chriys> it help you to configure postfix with courier and mysql
<ketan985> I have .py script , sendind you....
<Chriys> yeah i see but trying to accept it
<Chriys> ketan985: i could be funny but i don't code in python
<ketan985> Dont worry, whatever the launguage we used, I need to config postfix
<Chriys> haha. i don't know why but i can post on the postfix channel
<ketan985> http://askubuntu.com/questions/247579/fetch-data-from-incoming-mail-in-postfix-mail-server
<designbybeck> I connected to a Server via the COnnect to server SSH in the file browser. I have su access on that server with my username. I can see the files but I can add files to because it says access denied
<designbybeck> i can't paste files in there
<designbybeck> any ideas?
<sarnold> scp/sftp is not going to call 'su' to write files with a different owner for you.
<cloakable> indeed
<sarnold> I'm not sure if there is a nice way to do what you want to do.
<cloakable> sudo passwd root?
<designbybeck> :(
<designbybeck> i don't have the root password
<designbybeck> I thought I've done this before
<designbybeck> fused into a box and opened and edited files in a GUI and saved them back to the server
<sarnold> perhaps, but you might have put your ssh keys into /root/.authorized_keys or something.
<designbybeck> i'm a newbie
<designbybeck> not sure how to do that
<designbybeck> I'll try filezilla
<Chriys> i'm back ketan985 sorry i had my mother on the phone
<designbybeck> got denied using FIlezilla also
<designbybeck> my IT hates me LOL
<Chriys> designbybeck it is your server ?
<designbybeck> grrr... I guess you could say that Chriys... I work for a university, we asked for a R&D server I could play with, so the did a bunch of stuff to it first
<designbybeck> i do have su rights
<designbybeck> I was able to use filezilla to copy my bg.png file I'm playing with to my /home/username
<designbybeck> and then logged into the terminal and cp'ed it to /srv/image
<designbybeck> and that seemed to work
<Chriys> what is the directory on which you have issue
<designbybeck> I just setup a canvas LMS install Chriys so it is /srv/canvas/public/images
<Chriys> so cant do anything inside of this directory
<Chriys> ?
<Chriys> if yes do this command and paste resul:  ls -l /srv/canvas/public/images
<Chriys> designbybeck: result*
<designbybeck> on sec
<designbybeck> Chriys:
<designbybeck> http://www.pasteall.org/39140
<designbybeck> this was me coping the css over
<Chriys> sorry bro but you have no way to copy or paste something in it. You can only read what is inside. Contact the root if he can add you permission or you are the root retrieve your root password
<designbybeck> ok, thank you for the feedback Chriys
<Chriys> you are welcome
<Chriys> Guys question for you what is the difference between <Directory></Directory> and <Directory /var/www></Directory>
<frojnd> My quess would be <Directory></directory> automatically set directory and <Directory /var/www></directory> set directory to /var/www
<Chriys> ketan985 i received your file
<sarnold> Chriys: <directory> is a syntax error. keep this page open while you fiddle with your apache configuration :)  http://httpd.apache.org/docs/current/mod/core.html#directory
<Chriys> thanks sarnold you always have great links haha :p
<sarnold> Chriys :)
<Chriys> by the way do you about postfix it gives me a lot issues
<sarnold> I've done less with postfix; but between the manpages and website, it's reasonably over-documented :)
<Chriys> i tried so many steps one week but still having same issue -_-' Postfix want send email outside of the local environnement
<Chriys> since one week*
<hallyn> zul: i'm not in today.  nobody here but us chickens
<zul> figured
<Chriys> sarnold: did you find something about postfix ?Â¸
<jeeves_moss> how do I import the e-mails that I was able to save from the maildir of my dovecot server directly into Thunderbird so I can move them to my new host?
<sarnold> jeeves_moss: you may need to use a tool such as https://github.com/tdb/maildirarc
<jeeves_moss> sarnold, thanks, I'll have a quick look
<jeeves_moss> sarnold, basically, the folder is from a long dead server, and this is the last mailbox that I can't pull back from the dead from backups
<jeeves_moss> sarnold, are you still here?  I'm getting an error when I rin that program  "BEGIN failed--compilation aborted at ./maildirarc line 45."
<sarnold> jeeves_moss: ah, nuts :) that's the danger of recommending software one's never tried...
<jeeves_moss> sarnold, lol.  well, I don't know what to say.  this thing is kind of pissing me off.
<sarnold> jeeves_moss: try: sudo apt-get install libemail-address-perl
<sarnold> that should install the Email::Address module that is referenced on line 45
<jeeves_moss> sarnold, thanks
<jeeves_moss> sarnold, if I'm reading the howto correct, there is no way to batch the entire directory
<sarnold> jeeves_moss: it might just take some shell scripting; something like (untested :) for m in * ; do maildirarch -d0 -m /path/to/mboxes/${m} -c -F -n $m ; done    -- if that looks right, remove the -n ..
<jeeves_moss> sarnold, ok.  thanks again for your help.  the wife is calling so I need to leave this for now.
#ubuntu-server 2013-01-26
<quietone> we changed from Centos to Ubuntu 12.04 for office samba server for XP boxes.  profiles were 'lost' and users can't change theme etc on new profiles.
<quietone> i've been searching all week and have yet to find a fix. Any tips or reading suggestions welcome.
<quietone> And apologies for asking about XP here.
<sarnold> quietone: did you copy the samba configuration over wholesale? or just merge over the 'important' changes you might have made?
<quietone> sarnold, my workmate did most of the work, so I am not sure how to answer. I know smb.conf is identical
<sarnold> quietone: is there anything interesting in the log files?
<sarnold> quietone: are file permissions on the drive correct? (users can write into their own directories...?)
<sarnold> quietone: time for me to bail, hope these help you figure it.. :)
<quietone> sarnold, thanks
<brad358> can someone who knows how to use samba help me please? i cant seem to edit the settings on it
<kevinmthomas> hi
<kevinmthomas> I have a question, I have postfix set up on ubuntu server and I am able to send and receive mail but i cant get a client like Thunderbird to conect
<kevinmthomas> hi
<daniel_-> anyone can help me? I want to mysql to start after reboot. I put this into cron "@reboot sudo service mysql start" and used "
<daniel_-> sudo update-rc.d mysql defaults"
<daniel_-> works
<AlecTaylor> hi
<AlecTaylor> I don't have a Window Manager installed, but I ran 'startx'. How do I stop the X server so I can restart it with OpenBox?
<sk1pper> daniel: you can use sysv-rc-conf, to add and remove daemons from run levels
<AlecTaylor> When I try to connect (via VNC) to my server after I ran starx, I get an error: "No DISPLAY found"
<docjay> hey all - runner server 12.04.  Could someone give me a hand with 'libmysqlclient18' and 'percona-server-common-5.5'?
<docjay> when I install one it removes the other and I need both to be installed
<docjay> I'm stumped
<patdk-lap> you did something odd then
<patdk-lap> cause they co-exist fine on my issue
<patdk-lap> older build of percona didn't play happy though
<patdk-lap> hmm actually, the ubuntu libmysqlclient18 gets replaced with the percona one, no issues
<patdk-lap> used to be it wasn't named right, and caused issues
<docjay> hey, thkx for your help
<docjay> its a fresh install actually
<patdk-lap> there is only one catch I can think of
<patdk-lap> I don't install the percona from their packages
<patdk-lap> but rebuild them into normal packages
<docjay> oh, okay, what is the best way?
<patdk-lap> not sure if that makes a difference
<patdk-lap> do it this way for easy upgrades
<docjay> http://pastebin.com/0aWXbXxC
<patdk-lap> https://launchpad.net/~patrickdk/+archive/general-lucid/+packages
<patdk-lap> oh, that is the issue, libmysqlclient-dev
<patdk-lap> why are you installing -dev?
<docjay> I'm following a guide to install 'newznab
<docjay> http://freek.ws/2012/12/02/basic-tutorial-on-how-to-install-newznab-on-ubuntu-12-04-64-bit/
<patdk-lap> seems silly
<patdk-lap> do it without the -dev
<patdk-lap> the -dev is only needed if you compile stuff yourself
<patdk-lap> and nothing on that page is getting compiled. so
<docjay> k, lemme try
<docjay> unable to locate 'libmysqlclient'
<patdk-lap> hmm, I also wonder why they mention lenny
<patdk-lap> oh well, don't use random instructions from people :)
<docjay> yeah, I am using precise now
<docjay> :)
<docjay> what do you suggest
<patdk-lap> ya, and percona makes a precise build, so dunno why they would mix in a debian build
<patdk-lap> lets see
<patdk-lap> remove all mysql stuff
<patdk-lap> apt-get purge .*mysql.*
<patdk-lap> add percona repo for precise should do it
<patdk-lap> then start with installing percona-server-server-5.5
<patdk-lap> then try the rest
<docjay> will do, adding the repo now
<docjay> finally, the percona config started for me  ;)
<patdk-lap> I'm upgrading my last ones from 5.1 to 5.5 right now :)
<docjay> what do you think I should do about 'libmysqlcleint'?  you said that I really didn't need the -dev but it can't find it otherwise.
<docjay> thanks for your help - how easy was that  :)
<patdk-lap> heh?
<patdk-lap> the libmysqlclient is a metapackage, it will install libmysqlclient18 in your case
<docjay> it all worked just fine.   thanks!
<samba35> how to get list of all dpkg--recconfigure(able) package
<storrgie> how do I enable a server to start after reboot. I put a service file in /etc/init.d is that all thats required?
<RoyK> storrgie: symlink it to rc2.d
<storrgie> RoyK, thank you sir
<storrgie> testing now
<mwcampbell> On a new system, should I install vmbuilder via the python-vm-builder or ubuntu-vm-builder package?
<mwcampbell> 12.04
<Vasa> I accidently chmodded all my system to 711 and now I can't run any commands
<Vasa> is there anything I can do? =/
<Vasa> ok i got access
<k1ng> lol
<Vasa> what is a safe chmod for all the system
<Vasa> to fix this problem
<k1ng> 665
<Vasa> ohhh man thank god it got fixed i was worried =.=
<Vasa> xD
<Vasa> and thanks for the help k1ng
<mdeslaur> Vasa: you likely need to reinstall if you chmodded your whole system. Permissions are now most likely in an insecure state.
<k1ng> ^ Vasa do as he said
<uvirtbot> k1ng: Error: "Vasa" is not a valid command.
<k1ng>  ^ Vasa do as he said
<Vasa> ok i should backup then
<Vasa> atleast i can backup
<Vasa> can chmod 777 somehow damage the system? excpect for the outside security reasons?
<fx> hi all, i'm having a bit of a problem, after upgrade to 12.04 i can't bring eth0 up, it shows all zeroes for mac address in ifconfig
<fx> The OS runs in a Xen VM, i booted DSL and the interface worked charmingly
<fx> I can give it the previous mac, and an ip manually but when i do ifup it just hangs
<fx> Bloody udev
<fx> removed the rule, restarted, works =9
<jeeves_moss> how do I get MySQL to auth to a windows AD?
<jacobjames> having a problem
<jacobjames> my server not showing up on the network.
<jacobjames> it is hardwired into the router and i can get access to the internet through a browser.
<jacobjames> when i log into my router a netgear 7550 that computer does not show up.
<jacobjames> I have rescanned my network without success.
<jacobjames> Anyone know anything about SMB?
<jacobjames> does it apply to linux?
<jacobjames> How
<linuxman44> correct me if i am wrong, but isnt smb only for windows? i think samba might be similar, but thats just a raw guess
<patdk-lap> smb was discontinued in windows with xp
<RoyK> well, cifs is just smb with signed packages
<RoyK> just he same old crap
<jacobjames> cifs?
<patdk-lap> no, its a lot different
<patdk-lap> cifs fixs lot and lots of smb issues
<RoyK> no
<jacobjames> what is cifs?
<RoyK> smb2 fixes a lot more
<RoyK> cifs is just signed smb
#ubuntu-server 2013-01-27
<hanlond> I have a question regarding the use of & in the shell
<escott> hanlond, and...
<hanlond> I have no GUI installed, so if I use VI to edit a file and add & the the end of the command, how do I then start using VI
<escott> hanlond, fg
<hanlond> and is there a way to unfocus from VI afterwards?
<escott> hanlond, ctrl-z if vi doesnt capture it
<hanlond> will that work with any process?
<escott> hanlond, any process that trap SIGSTP
<hanlond> Thank you very much
<escott> hanlond, or remap ctrl-z
<hplc> hello, how does server version comes shipped when it comes to dns? to servre localhost? localdomain? or not at all by default?
<escott> hplc, presumably not installed by default
<hplc> escott, but if choosen during install i mean
<hplc> my english aint that great
<escott> hplc, it will serve any computer configured to ask it for dns information. so if it is also a dhcp server it would presumably suggest itself as the dns server
<hplc> escott, so in that case one can say that it would serve the homelan / domain?, im not that good at being 100% correct, but i hope i make sense enough
<escott> hplc, put it to you this way. i'm making some tea, i will serve you some but only if you come by and ask....
<escott> hplc, you have to configure the other computers on the domain to ask that computer if you want it to be the dns server
<hplc> escott, ok, yes that way i get it
<hplc> can the server version act as dns / dhcp and be the firewall at same time? or put something else to guard the border?
<escott> hplc, yes. thats probably the easiest setup to configure
<escott> !ics | hplc
<ubottu> hplc: If you want to share the internet connection of your Ubuntu machine with other machines in the network see https://help.ubuntu.com/community/Internet/ConnectionSharing
<hplc> yes, recon that from "firestarter" in the desktop edition
<hplc> how does ubuntu going to handle the UEFI? the shim bootloader?
<escott> hplc, the "shim bootloader" is for secure boot. there is support for direct efi loading not sure its in the ubuntu kernel though
<hplc> and does ubuntu support use of btrfs? it seems like a solution where one can add HDDs as time goes by
<RoyK> btrfs isn't very stable yet
<escott> hplc, yes buts far from a usable filesystem
<hplc> escott, but doesnt UEFI mean 100% hardware cutoff anything that isnt MS?
<hplc> RoyK, escott ok
<escott> hplc, huh?
<RoyK> hplc: if you want raid, use md
<hplc> escott, i meant, the idea behind uefi is to allow ONLY ms to pass the bootloader on a hardware level due ti INTEL chips set that way? right?
<escott> no
<hplc> i was under that impression after reading linux format nr 167
<escott> hplc, you read it wrong
<escott> and you are talking about secure boot not efi
<escott> and you are incorrect about secure boot :)
<hplc> but isnt secure boot and UEFI the same thing?
<escott> that said i dont think secure boot is very useful so i would disable it
<escott> no they are not
<hplc> im confused, qoute from page 38 "UEFI and / or microsofts secure boot is hampering manufactoring of linux or dual boot computers" end quote
<patdk-lap> everything you read on the internet must be true :)
<hplc> no not internet, the paperback version of a magazine
<escott> hplc, there has been an enormous amount written about this. you are welcome to read about it
<patdk-lap> those still exist?
<escott> hplc, many laptops from Dell/Compaq/etc are shipping with 4 primary partitions (a boot partition, windows partition, recovery partition, and a OEM driver partition)
<escott> i could write a sensationalist article about how that is hampering the installation of linux and how its an evil trick by MSFT
<escott> or i could write about how its a relatively minor technical impediment for those who know what they are doing
<hplc> but still, im confused, is "Linux Format" paperback magazine a joke? to me it looks quite serious
<escott> i could even write about how evil microsoft ships windows partitioned in such a way as to use the ENTIRE disk
<escott> all to prevent other operating systems from being easily and readily installed
<escott> OMG sensationalist blog posting coming right up
<hplc> ?
<escott> hplc, (a) you arent going to have windows on the computer you are talking about because its a server (b) you can just disable secure boot (c) you can probably switch to bios boot mode if you want
<hplc> escott, well yes, i do indeed consider using ubuntu server instead of my present FreeBSD
<hplc> escott, and i cant understand what is so funny about me mentioning that paperback magazine, is its articles made up out of thin air? i dont understand
<escott> hplc, i didnt make fun of the magazine, but there are better things to read than linux format
<escott> hplc, lwn.net is very solid
<hplc> escott, is it something that exist both in electronic and paperform? what does it cost?
<escott> hplc, website only. there is a membership if you want to read the current one or you can read a week or two behind
<hplc> escott, as a homeuser, that doesnt need to keep up with cutting edge news, is the free version enough? right?
<escott> hplc, a one week old lwn article is probably more up to date than a print edition of linux format that has been sitting on the shelf of B&N for the past week
<escott> hplc, it can be very technical in some parts that may or may not be what you are interested in reading
<hplc> escott, yes that is more than welcome
<mortrca> I replaced the motherboard in my server and now I'm having problems getting it to boot. Everything seems to be fine at first, everything reports "OK" as it starts, until it gets to Tomcat. There it just says "* Starting Tomcat servlet engine tomcat6" and hangs.
<mortrca> Apache fails to start, but it reports a syntax error in apache2.conf and then moves on without haning.
<mortrca> *hanging.
<mortrca> Troubleshooting pointers anyone?
<escott> mortrca, is the networking working correctly?
<escott> mortrca, ie if your interface card was on the motherboard it will have a new MAC address and perhaps a new device
<mortrca> escott: It displays a message about waiting another 60 seconds for network configuration which I haven't seen before
<mortrca> and moves on after the 60 seconds
<escott> mortrca, i would look into that. make sure that something isn't misconfigured there
<escott> mortrca, check /etc/udev and all the /etc/networking stuff
<mortrca> escott: I seem to have bigger issues. I now cannot get a BIOS post or any video out from the board. I think this is now a hardware problem.
<mortrca> Thanks for the suggestion, if I ever get that far I'll give it a try.
<iamzim> Good day, i'm thinking about going for a psad+fwsnort setup, is there a more effective solution?
<hanlond> I have a question regarding /etc/network/interfaces
<hanlond> if I have a DNS server pointing to and IP address www.xxx.yy.zz
<hanlond> what do i need to set the following to in order to get an SSH client working
<hanlond> I have
<hanlond> auto eth0 \n iface eth0 inet static \n address www.xxx.yy.zz netmask 255.255.255 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1
<escott> hanlond, dns is handled through /etc/resolv.conf
<Corey> I'm trying to resize a KVM guest that itself uses KVM.  Every time I make the attempt, I have to blow away the partitions in fdisk, recreate them, and reboot.  This changes the UUID, and leaves me unbootable.
<Corey> (I'm operating on a copy)
<Corey> Screw it.  Adding the new space as a new partition, and I'll handle it in LVM. :-p
<Corey> THERE we go.
<Corey> Add that as a new PV, add the new PV to a VG, lvresize, resize2fs, and we're in business.
<Corey> "simple" as that.
<e_t_> What are you using as the block device for the first-level KVM?
<Corey> e_t_: LVM.
<Corey> So yeah, turtles all the way down. :-)
<Corey> (LVM is on top of a hardware RAID10 of direct attached storage.)
<Corey> The sad thing is that this... is my personal environment, not work's. :-)
<e_t_> So you lvresize the storage volume for the first-level guest and it blows away your partitions?
<Corey> Not exactly.  This is under libvirsh.
<Corey> So on the host, I copy the old VM's lv to a new, larger one.
<Corey> In that new larger one, fdisk sees the new space, but nothing else does.
<Corey> So deleting the root and lvm partitions in fdisk and recreating them with the lastblock boundary further out (which works if you're NOT using UUIDs) fails horribly at reboot time.
<Corey> Now I feel like a grumpy old man shaking his fist and screaming to get off his lawn.
<Corey> This is also Lucid; not sure if it's any better in Precise.
<e_t_> Does it work any better if you mount by label instead of UUID?
<Corey> Most likely, but I'm not sure how to make that work in Ubuntu.
<Corey> A cursory search didn't turn up anything.
<Corey> "adding the extra space as /dev/vda6" worked a treat though.
<e_t_> I don't think fstab is distro-specific.
<Corey> e_t_: I suspect that cutting the box to mount by label, rebooting, and then updating the uuid's with the CURRENT partition table would work as well.
<Corey> e_t_: No, but update-grub and the stuff surrounding it are.
<Corey> It's not even fstab; it doesn't get to that point.  It's the initrd and the kernel locations.
<Corey> So I'd have to update grub.cnf
<Corey> Or whatever the name of the file in question is, in CentOS (my strong suit) it's menu.lst
<damrock> i got some packet drops with my intel ethernet adapter
<damrock> i didn't had this problem with kernel 3.7
<damrock> should i install the actual kernel module 1.2xy something?
<RoyK> damrock: custom kernel?
<RoyK> seems either chkrootkit is out of sync with ubuntu, or that /sbin/init really is infected on 12.04
<damrock> no custom kernel
<damrock> ppa kernel
<damrock> my SAS controller doesnt work with 3.7
<damrock> but with 3.5, but with 3.5 ethernet is fucked up
<patdk-lap> stop buying unsupported hardware?
<damrock> lol
<Tm_T> damrock: ppa kernels are most likely supported only by the maintainers of said ppa
<damrock> marvell is proper supported
<damrock> what should i buy, sil chipset?
<patdk-lap> marvell is not very specific, they make LOTS of things
<damrock> marvel provide its own kernel modules
<damrock> but the way to compile moduels changed in 3.7
<damrock> so i cannot compile the kernel module for 3.7 my sas controller
<RoyK> what sas controller is this?
<damrock> rocketraid 2720
<damrock> 2 pieces of them
<damrock> 16 x 2 tb drives with mdraid 5
<RoyK> erm - 16 drives in raid-5?
<RoyK> single raid5?
 * RoyK mumbles something about playing with matches and gasoline
<damrock> raid5 with 1 spare
<RoyK> better convert that to raid-6...
<damrock> yeah if i get the ethernet work in 3.5
<RoyK> I'd use r6 with a spare or even split it up to smaller raid sets with that amount of drives...
<damrock> i would have to wait for btrfs raid5
<patdk-lap> no need for a spare
<RoyK> what sort of nic?
<damrock> intel e1000
<patdk-lap> if you really want a spare, just throw the spare on the motherboard port
<damrock> i put the spare to mobo port
<damrock> 16 drives and 1 spare on mobo port
<RoyK> damrock: should work, but perhaps new pci id
<damrock> well i buy new hardware next month, 17 3tb wd red harddrives with intellipower and sell those 2tb ones
<damrock> they are cheap pnly 130 bucks for each
<RoyK> that's pretty good
<damrock> im out of space...
<RoyK> what are you storing on all this?
<damrock> mkv
<RoyK> video?
<damrock> yes
<RoyK> anyway - I'd recommend using r6 for such a setup - really
<RoyK> large desktop-grade drives have rather high error rates
<damrock> maybe i put the entire thing to lvm and run it with lvm
<RoyK> lvm doesn't support raid[56], though
<damrock> vgcreate does not work?
<damrock> vgcreate vg1 /dev/md or something?
<damrock> then mkfs.btrfs /dev/vg1/lv1?
<RoyK> oh, yes, lvm on top of md works fine
 * RoyK doesn't trust btrfs yet for production
<damrock> oyu can't even trust kernel 3.5 for production
<damrock> thats why im here with my ethernet problem with dropped packets
 * RoyK sticks to LTS releases ;)
<damrock> and its intel, not such a cheap chinese manufactuer
<damrock> yeah i had this prblem with 3.2 on lts
<RoyK> ok?
<RoyK> reported a bug?
<damrock> a lot of peoples reported it
<RoyK> url?
<patdk-lap> intel has lots of known driver issues that have not been fixed in years
<patdk-lap> I dunno why you would trust intel to not have buggy drivers
<damrock> i agree
<damrock> but it works on windumb
<patdk-lap> intels e1000 and iw drivers have known to have issues
<damrock> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1018561
<uvirtbot> Launchpad bug 1018561 in linux "e1000e needs updating due to 82574L keeps dropping RX packets" [Medium,Confirmed]
<RoyK> that's interesting - I have rather a lot of machines with those cards
<damrock> those "eeprom fix" didn't help
<damrock> maybe some ethtool quirks in the nvram inserted or something
<damrock> but i said if i use the drawring kernel my sas doesnt work anymore... thats pretty funny
<RoyK> so, the nic works with 3.7, but there you can't find the controller?
<damrock> well i get another nic at monday, im tired with this stuff
<patdk-lap> what about just using 3.5 with backported modules?
<patdk-lap> that is what I do to get a more stable wifi driver
<damrock> good idea
<patdk-lap> you could always also download the e1000e driver from intel and compile it yourself also
<patdk-lap> royk, I have gone into scary territory for me, running my own build of illumos-gate on oi
<patdk-lap> never built illumos kernel before
<RoyK> hehe - does it work?
<patdk-lap> spent almost all day yesterday getting it built
<patdk-lap> hmm, the *debug* one wouldn't
<patdk-lap> but non-debug boots
<patdk-lap> have it on 3 machiens, the test build, my home
<patdk-lap> and just shoved it into production
 * RoyK has never built an illumos kernel neither
<RoyK> why did you upgrade?
<patdk-lap> nfs panic
<RoyK> btw, what's the current oi status these days? "still not dead yet"?
<RoyK> ouch
<patdk-lap> nothing better than free an null pointer :)
<damrock> just make install to compile the driver according to the manual... no depmod -a or something
<patdk-lap> you should always depmod -a
<patdk-lap> but that isn't a part of compiling the driver, that is part of installing the driver
<damrock> weird instructions
<RoyK> patdk-lap: seems gcc just ignores a free((void *)0)
<patdk-lap> not sure about gcc, but I know libc in linux ignores it, and  Ithink also ignores anything random value you give it that wasn't malloc'd
<RoyK> ok
<patdk-lap> I don't think it was a free(NULL) as much as free(random) though
<RoyK> just tried to free(random) - that segfaulted nicely
<patdk-lap> :)
<patdk-lap> might be one of the other malloc packages
<patdk-lap> used many different ones
<patdk-lap> https://www.illumos.org/issues/3449
<patdk-lap> well, in this case it was a free(0)
<patdk-lap> or some processing on a NULL pointer
<patdk-lap> nothing better than single line bug fix's
<damrock> ok module installed
<damrock> just rmmod the module, then copy the new compiled module to the lib mod stuff and modprobe it
<damrock> well, the error remains
<RoyK> damrock: I saw a post about it with the error being the same even with 3.7.x
<Fuzolan> The Message "Your BIOS is broken; DMA routed to ISOCH DMAR unit but no TLB space." should only lead to a performace drop or I'm wrong?
<samba35> i have nokia 3500c phone i want to connect to internet using this phone ,how do i connect i tryed with wvdail but i get message on phone subcrib to packet data 1st and wvdail goes in redial attempt
<RoyK> connecting to the net via a phone from a server?
<damrock> royk whatever
<RoyK> ?
<damrock> i will buy another ethernet nic
<damrock> just try to figure out a good nic
<damrock> whats a recommended network nic for pcie x1?
<patdk-lap> any desktop nic?
<damrock> any?
<patdk-lap> well, depending on performance
<patdk-lap> intel, broadcom, realtek, ...
<damrock> it should give me 120MB/s with 4 or 8k frames
<patdk-lap> heh? no
<damrock> for afp and nfs
<patdk-lap> your lucky if you get 112MB/sec
<patdk-lap> but I dunno about getting that kind of speed on a desktop class card though
<RoyK> damrock: using jumboframes_
<RoyK> ?
<Yannik> hi guys, im not quite sure if im right here, but Im looking for help to configure my file rights for var/www correct. Im running apache on ubuntu with php as mod_fcgid. www-data user and my standarduser share a group "ftpuser", which is the group of var/www. Is it correct to set every directory now on 755 and every file on 664?
<escott> Yannik, that is a strange permission set. why read exe on directors and read write on files in those directories
<escott> Yannik, 775 664 would seem more normal
<Yannik> sorry, that was a typo
<RoyK> Yannik: better make them owned by root or some other user - allowing www-data write access to those files may open for some interesting issues if a bug is found in a php script or similar
<Yannik> they are owned by root (except for the files uploaded by the standarduser)
<Yannik> but i could change that via proftpd too
<Yannik> I thought putting them in the same group (ftpuser) the too users (standarduser and www-data) would be fine
<TheLordOfTime> agreed with RoyK on the www-data write access
<TheLordOfTime> (sorry, late to the convo ;P)
<Yannik> currently files have "- r w - r - - r - -" and directories have "drwxr-xr-x"
<frojnd> Hi there :)
<TheLordOfTime> can someone be kind enough to suggest to me some kind of run-of-the-mill iptables rules that allow for some ICMP stuff?
<patdk-lap> TheLordOfTime, something like:
<TheLordOfTime> on campus network i'm curious whether they're trying to ping me or something, i
<TheLordOfTime> 'm running in a non-restrictive firewall mode
<patdk-lap> iptables -A INPUT -t icmp -m icmptype 3 code 4 -j ACCEPT
<TheLordOfTime> which is dangerous, hence the info request :P
<patdk-lap> iptables -A INPUT -t icmp -m icmptype 11 -j ACCEPT
<patdk-lap> those two are required for ANY ip traffic to work
<TheLordOfTime> -m icmptype  <-- errors out
<patdk-lap> hmm
<patdk-lap> ah
<patdk-lap> iptables -A INPUT -t icmp-type 3/4 -j ACCEPT
<TheLordOfTime> which one allows pings/echos?
<patdk-lap> iptables -A INPUT -p 1 --icmp-type 11 -j ACCEPT
<TheLordOfTime> i think this network checks to see if you're online using that.
<patdk-lap> iptables -A INPUT -p 1 --icmp-type 3/4 -j ACCEPT
<patdk-lap> nope
<patdk-lap> those allow pmtu to work
<TheLordOfTime> *sigh*
<patdk-lap> I said REQUIRED, ping is optional
<TheLordOfTime> i will need ping
<TheLordOfTime> as well :p
<patdk-lap> I believe ping is 8
<patdk-lap> iptables -A INPUT -p 1 --icmp-type 8 -j ACCEPT
<TheLordOfTime> okay, lets see if this works
<TheLordOfTime> because my overly restrictive ruleset was causing me to not be able to be on the network
<TheLordOfTime> so... :P
<patdk-lap> forget doing iptables manually, and use shorewall :)
<guntbert> patdk-lap: +1
<Fuzolan> The Message "Your BIOS is broken; DMA routed to ISOCH DMAR unit but no TLB space." should only lead to a performace drop or I'm wrong?
<Nahita> Hey guys, I just got my 1st server. And was wonder about dynamic DNS. Any specefic ones you recomend?
<virusuy> Nahita: dyndns ?
<virusuy> no-ip
<Nahita> ok, thnx. I also noticed there are free ones. So why would I pay for one?
<TheLordOfTime> not dyndns
<TheLordOfTime> dyndns stopped their free service recently
<TheLordOfTime> those who still had free ones keep their free ones
<Spanky100> I got a free one for my pop that works with a D-link router.  Though I think it will only work with D-Link routers...
<Nahita> hehe, but whats the diffirence between those you pay for and the free ones?
<frojnd> Hi there, is there a way to backup iptables rules before I try and make changes in case I mess something up?
<shauno> frojnd: iptables-save >file and iptables-restore <file "work for me (tm)"  (no space before either hyphen)
<frojnd> shauno: what if I don't have itpables-save? I only have iptables and iptables-restore
<frojnd> Is there another way around?
<dingo311> everytime my server resarts the router gives it ip x.x.x.103. this is via network cable. all my settings are from befor i had the server and the router near enough to connect so i was using wifi for sometime. it had ip x.x.x.102, so all my settings use this ip. i have configured my router to use the 102 ip but have to run sudo dhclient eth0 to get anything to connect. how do i get the router/server to use the 102 ip default?
<PeterGriffin>  dingo311 you can do this http://pastebin.com/dK2cfnGW
<dingo311> PeterGriffin: not sure of line 9
<PeterGriffin> it is still the router ip
<dingo311> PeterGriffin: that was a no go. i can pastebin the interfaces file if you need
<PeterGriffin> do it
<PeterGriffin> dingo311: your router connects you to internet, right?
<dingo311> PeterGriffin: yea, not saying i got everything in the file coorect. im pretty noobish. i can ping the outside ip tho.
<PeterGriffin> so what is the sitoation now?
<dingo311> i rebooted the server, it didnt connect. I got it to connect.
<PeterGriffin> paste interfaces file
<PeterGriffin> and did you change the resolve file
<dingo311> the wifi had its own ip and mac. i turned off the hardware switch, plugged in an ethernet cable. got a new local ip and mac. i know how to update my router with dhcp reservation, but evry reboot it reverts back to the old ip, the 192.168.0.103
<dingo311> http://paste.ubuntu.com/1578174/     <---interfaces, did not change resolve files
<PeterGriffin> what's the router ip
<dingo311> the local? 192.168.0.1
<PeterGriffin> you should write it in th gateway line
<PeterGriffin> change network to 192.168.0.0
<PeterGriffin> then edit /etc/resolvconf/resolv.conf.d/base
<PeterGriffin> inside write nameserver <your router IP>
<dingo311> with <>?
<PeterGriffin> without
<dingo311> ok, anyway to check without a reboot?
<PeterGriffin> sudo /etc/init.d/networking restart
<PeterGriffin> thet should do it
<dingo311> Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces * Reconfiguring network interfaces...
<PeterGriffin> so did it restarted the interface
<PeterGriffin> what ifconfig  says
<dingo311> no
<dingo311> hanging on last part
<dingo311> says failed to bring up eth0
<PeterGriffin> sudo ifconfig eth0 up
<PeterGriffin> it should bring it up
<PeterGriffin> or restart it again
<dingo311> by it you ,ean whole system?
<PeterGriffin> yea, in the second sentence  :)
<PeterGriffin> but
<PeterGriffin> you shoud first try sudo ifconfid eth0 up
<PeterGriffin> ifconfig*
<PeterGriffin> even try first sudo ifconfig eth0 down and then up
<PeterGriffin> dingo311: did eth0 go up
<saltmiser> PeterGriffin and dingo311 are the same person
<saltmiser> xD
<PeterGriffin> really lol
<Vasa> hello I have a problem that a partition '/dev/xvda1/ is mounted as root / as read only and it makes any changes impossible, how do i go about getting it to the normal fully read/write access for root?
<Vasa> i tried the command mount -o remount,rw /partition/identifier /mount/point
<Vasa> mount -o remount,rw /dev/xvda1 /
<Vasa> however it says that "mount: you must specify the filesystem type"
<escott> Vasa, for a remount?
<Vasa> yes I want to remount the /
<Vasa> as a read/write filesystem
<escott> but it shouldnt be asking for the filesystem type on a remount unless something is seriously wrong
<escott> are you in a busybox shell?
<Vasa> yes it does but what filesystem should i provide
<Vasa> i am controlling it via a SSH
<Vasa> root
#ubuntu-server 2014-01-20
<zanzacar> Maybe I will just play some nethack or something. That game has always been kind of fun.
<zanzacar> Does anyone know of any other terminal games?
<KI7MT> zanzacar, there's loads of them: http://efytimes.com/e1/fullnews.asp?edid=116626
<KI7MT> If your just bored, there's some fun things in here: http://www.tecmint.com/20-funny-commands-of-linux-or-linux-is-fun-in-terminal/
<lkthomas> hey guys
<lkthomas> for Kerberos, how to set it up so that I only need to sign in once to access all servers ?
<Patrickdk> lkthomas, that is pretty simple
<Patrickdk> you set it up so kerberos gives you a tgt on login
<Patrickdk> then every service you access, has to accept the kerberos tickets for auth, instead of username/password
<lkthomas> Patrickdk: any guide I could follow for this setup ?
<Patrickdk> kerberos?
<lkthomas> yeah, the one you just mention
<lkthomas> tgt, and service access ticketrs
<Patrickdk> ya, the kerberos documentation
<lkthomas> errr
<Patrickdk> atleast, I followed it pretty well, back in '95
<lkthomas> right
<ethermonk> php based web page running on localhost spitting out "Permission denied (13) in /var/www/system/library/session.php"   any ideas?
<Patrickdk> ya
<Patrickdk> you have a Permission issue
<ethermonk> what do i do?
<ethermonk> never seen this befor
<ethermonk> getting this error from opencart. never had trouble with opencart on ubuntu before
<ethermonk> http://pastebin.com/gfpmWGbL
<zanzacar> KI7MT: Thanks thats great. I am going to have to try that out.
<zanzacar> KI7MT: Man I thought I could play monop against the computer but I can only play by myself. Tetris is cool though
<ethermonk> must have been something to do with the server cache. walked away to fix a sink, came back and all my problems went away on their own.
<nickenchuggets> Is it okay to not require auth for SMTP?
<nickenchuggets> It seems if I enable sasl for SMTP, then I can't receive any mail.
<nickenchuggets> I basically just need a pretty basic setup, I only need to be able to send and receive mail, but I want to have a local client that can send and receive mail as well.
<nickenchuggets> I'm using Apple's Mail client.
<nickenchuggets> I seem to have IMAP configured correctly, because I'm receiving e-mails, but I'm not able to send them.
<nickenchuggets> so I just sent myself a test email from my gmail
<nickenchuggets> and I received it through my own e-mail server
<nickenchuggets> and I see it in my mail client
<nickenchuggets> and I can see in the logs that the message was written to the maildir
<nickenchuggets> I do see a warning that the aliases.db is older than the aliases file
<nickenchuggets> so it looks like the problem is sending mail through my SMTP server
<ethermonk> no its not okay. you will become a spammer in no time
<nickenchuggets> ah, ok
<nickenchuggets> would it be easier to use like, a public SMTP server?
<nickenchuggets> I guess I'm not really sure how SMTP is supposed to work exactly
<nickenchuggets> and it seems that when I have sasl enabled for SMTP, I can't receive any e-mails, which seems really strange
<ethermonk> what mailserver are you using?
<nickenchuggets> postfix
<nickenchuggets> I thought SMTP was just for sending mails, not receiving mails
<nickenchuggets> so I don't understand why I can't receive mail when sasl for SMTP is on
<ethermonk> https://help.ubuntu.com/10.04/serverguide/postfix.html
<nickenchuggets> another thing that seems kind of odd is that when I configure my mail client with SMTP, it doesn't really seem at all apparent that it's going to use TLS/SASL/etc
<ethermonk> you have dovecot?
<nickenchuggets> is that normal?
<ethermonk> theres also https://help.ubuntu.com/community/Postfix
<nickenchuggets> yeah, dovecot
<nickenchuggets> so that last link, that should work with Ubuntu 13.04 right?
<ethermonk> have you edited /etc/default/saslauthd ?
<nickenchuggets> not at all
<ethermonk> yeah, go through that second link
<ethermonk> make sure you've done all that
<nickenchuggets> okay, I'm also using virtual mailboxes, does that make a difference in this case?
<ethermonk> yeah
<ethermonk> this should be up to date: http://vogasec.wordpress.com/2012/07/01/ubuntu-postfix-dovecot-shared-mailboxes/
<ethermonk> https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto
<nickenchuggets> would it be easier to use a different server other than postfix?
<nickenchuggets> perhaps there's one that's simpler, or just fits my needs right out of the box?
<nickenchuggets> I think I'm going to try just using courier
<nickenchuggets> hmm, I'll try that postfix/courier set up
<nickenchuggets> what I don't understand is what SMTP has to do with receiving mails
<nickenchuggets> from what I understand, when I send an e-mail to an account on my mail server from say gmail, SMTP seems to pick it up, and try to authenticate in order to deliver it to its destination, which is actually on the same server as the SMTP server
<nickenchuggets> I thought it would just receive all mails addressed to the account on my mail server
<nickenchuggets> since I haven't really put any spam filtering in place
<nickenchuggets> so, from observing the logs, it looks like the account that is receiving mail needs to authenticate to receive mails?
<nickenchuggets> I mean, just to have it delivered to the virtual mailbox?
<nickenchuggets> I thought IMAP was for downloading e-mails from the server, and SMTP was just for sending them out and that it would be in no way involved in receiving e-mails from other servers
<patdk-lap> hmm, postfix is the most simple mta
<patdk-lap> exim is also comparable
<patdk-lap> courier is the most complex thing there is
<patdk-lap> you thought that there is a thing as receiving and sending emails is wrong
<patdk-lap> all emails are receiveced and sent
<ethermonk> well all emails are sent. recieved is a different story.
<patdk-lap> heh?
<patdk-lap> how can it send an email, if it didn't first receive it?
<ethermonk> im talking about whether or not it reached its destination.   server can't compensate for fat fingering the address. (off topic)
<patdk-lap> yes, but the mta (postfix) has no concept of mail flow, all email is received and then sent
<ethermonk> ^
<patdk-lap> if you don't keep that in mind, you will screw up your config
<soren> SMTP is the protocol used between two mail servers. POP3/IMAP is between a mail server and an end user.
<patdk-lap> soren, almost
<patdk-lap> submission is used between mail server and end user
<nickenchuggets> all email is received and sent...
<nickenchuggets> ?
<nickenchuggets> O.o
<ethermonk> the server recieves the email first (from you) then sends the email to the destination party
<nickenchuggets> what about authentication though?
<patdk-lap> you should be running auth on submission port
<ethermonk> SMTP is fine
<nickenchuggets> so even with authentication, it receives the email?
<patdk-lap> yes
<nickenchuggets> even if authentication fails?
<patdk-lap> if the mail server job is to relay email, not to generate it
<soren> patdk-lap: True.
<patdk-lap> people or webservers normally generate email
<ethermonk> yup. i only send. i do no receiving
<ethermonk> well PHP is doing the sending
<ethermonk> blah whatever, not related
<nickenchuggets> so postfix is the simplest to configure?
<ethermonk> i've only used postfix and sendmail and you do not wanna run sendmail
<nickenchuggets> what's the simplest IMAP/SMTP setup?
<patdk-lap> simplest? or easist and full featured
<nickenchuggets> I guess a balance between the two would be great
<nickenchuggets> I'm only going to have at most a few users probably
<patdk-lap> normally dovecot + postfix makes the best, and keeps it simple
<nickenchuggets> and I don't really want to give them unix logins
<ethermonk> uh. i'd run RoundCube
<nickenchuggets> er, shell logins
<patdk-lap> what does roundcube have to do with anything here?
<ethermonk> nothing
<ethermonk> wrong room
<ethermonk> room/window same difference
<patdk-lap> still using aol? :)
<patdk-lap> channel!
<nickenchuggets> hmm, I'll consider something like webmail if I really can't get this configured
<patdk-lap> that won't help
<ethermonk> you'll still need the services, that wasnt intended for you
<nickenchuggets> oh, ok
<patdk-lap> webmail won't work, unless your mta and imap server works
<nickenchuggets> ah
<patdk-lap> email is very hard
<patdk-lap> cause it's a stack, with many many layers
<nickenchuggets> yeah, it's a lot harder than I thought it would be
<nickenchuggets> do you guys have a preference of MTA?
<patdk-lap> I use postfix everywhere I can
<patdk-lap> and where I can't, I use sendmail
<ethermonk> i use postfix if i absolutely have to have the mail server in house
<nickenchuggets> hmm... I guess I should probably stop my postfix server for the moment
<nickenchuggets> since SMTP is pretty much wide open
<Repox> Hi. I'm trying to accomplish some server administration with lxc and I'm having some issues regarding port forwaring. I have a linux container containing a mysql database; to connect to this from an external resource I need to forward the incoming traffic to the right linux container. But I'm unsure as to how to forward the traffic correct. Could someone point me in the right direction?
<KI7MT> Repox, This link has examples of forwarding different srvs to specific containers: https://www.digitalocean.com/community/articles/getting-started-with-lxc-on-an-ubuntu-13-04-vps
<Repox> KI7MT: Thank you - I will take a look.
<lifeless> jamespage: oh hai :)
<jamespage> morning lifeless
<lifeless> jamespage: dunno if you saw the chat I had with zul in backlog; I was having a very weird behaviour with ovs 2.0.1 from trusty, with saucy kernel
<lifeless> jamespage: I filed a bug; workaround is to not use the dkms package, but that package is needed for e.g. nxvlan :(
<jamespage> lifeless, give me 5 - just dealing with something - then you will have my full attention
<lifeless> jamespage: no worries
<lifeless> jamespage: its not urgent (as I have a workaround), just wanted to touch base on it
<jamespage> lifeless, OK _ so what are you seeing?
<lifeless> jamespage: when I run two saucy machines with a gre tenant network, with trusty openvswitch pacakges, including the dkms datapath package
<lifeless> jamespage: gre traffic is emitted correctly, but not handed into the br-tun bridge
<lifeless> jamespage: I put a bunch of details in the bug
<lifeless> jamespage: there's also this thread - http://lists.openstack.org/pipermail/openstack-operators/2014-January/003893.html
<jamespage> reading now
<jamespage> lifeless, hmm
<jamespage> it looks like some sort of path MTU discovery issue
<lifeless> jamespage: so there are two distinct issues
<jamespage> lifeless, but I'm not 100% sure
<lifeless> jamespage: one is the performance thing, which yes MTU is a big part, ties into GRO too
<lifeless> jamespage: thats under control :)
<jamespage> lifeless, the alternative to dropping the VM MTU is to bump the interface MTU's on the server
<lifeless> mmm, fixing pmtud is the key thing; anyhow thats not an Ubuntu problem best I can tell - its upstream
<lifeless> (and changing the mtu when you're netbooting things is super tricky... but thats a rathole)
<jamespage> lifeless, I handle it via dhcp in our qa lab
<lifeless> anyhow, the second issue was that when I upgraded to 2.0.1 w/dkms datapath, the tunnels were totally broken
<jamespage> lifeless, OK _ I need to repro that - I'm actually working on the charms this week to get icehouse working again (need to catchup with trunk changes prior to b2)
<jamespage> I'll focus on this today
<lifeless> jamespage: the openflow flows were defined to handle gre packets, but the kernel datapath flow was missing
<lifeless> running 2.0.1 with the kernel datapath module works - but you can only do GRE tunnels :(
<jamespage> lifeless, on saucy yes
<lifeless> yeah, saucy
<jamespage> oh we so need 14.04 with its 3.13 kernel
<jamespage> lifeless, lets catchup in +24 hrs and see where I got to
<lifeless> specifically, saucy, added trusty sources at a lower priority and pinned *openvswitch* up higher
<smb> roaksoax, Could you do a review/sponsor for drbd8 backport (bug 1185756)? Testing looks imo good.
<smb> jamespage, The iscsitarget backport also might need some encouragement from some other side than me... (bug 1262712)
<jamespage> smb, golly - sorry - I'd forgotten about that
<jamespage> wheres the bot?
<smb> https://bugs.launchpad.net/ubuntu/precise/+source/iscsitarget/+bug/1262712
<smb> Not that I am the bot
<jamespage> rbasak, mysql-5.5 should actually be a merge candidate again now
<jamespage> I pushed in .35 over the weekend
<rbasak> jamespage: OK, thanks!
<jamespage> rbasak, all the debian packaging has now been migrated to git
<jamespage> rbasak, http://anonscm.debian.org/gitweb/?p=pkg-mysql/mysql-5.5.git
<jamespage> might make feeding back changes a little easier for you
<Manishanker> Hi i need some information about the ubuntu -13.10 server deployment as Maas on baremetal physical standalone machines
<Manishanker> ZNC ?
<Manishanker> What is ZNC ?
<jamespage> lifeless, if you are still up/when you do get up - we carry patches for the 3.11+ support via cherry picks
<jamespage> we did not have this one:
<jamespage> http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=9a27329d2ce023e4399fdffe44cd49e0309dbfb5
<jamespage> i suspect that is the issue - testing it now
<frojnd> Hi there. So I have a rpi at home on which I run motion program. Program shows live stream on a 8080 port. How would I use my remote server for distributing live image since at home I only have 50KB/s upling? The idea is just to transfer image to remote server and then use server's ip for accessing stream?
<frojnd> What would be the most elefant and easy way to achive. ALs oi a remote server I  run nginx
<frojnd> Any ideas?
<rbasak> frojnd: I do it with rsync (and watershed), since motion can be configured to run a script after capture. But you're a little offtopic here, since Ubuntu Server doesn't run on an RPi.
<frojnd> rbasak: I know it does not run on rpi :)
<frojnd> can you tell more about rync and watershed?
<frojnd> also can you share a script?
<rbasak> Sorry, my RPi isn't booted right now.
<frojnd> Ok, can you discribe me how did you configure motion?
<frojnd> maybe on private
<frojnd> if this is offtopic
<rbasak> Sorry, I just don't have the time. I don't mind giving you pointers of course; I've done that.
<hXm> hi, im going to change my server, is there a way to export all users&databases from mysql and import them to the new server?
<hXm> i know how to export all databases, but what about the users and their passwords
<leblaaanc> hey guys i have a samba share with this definition http://pastie.org/private/ol43eqskqgzbntrlbfmd5wâ¦ the perms get set properly when mounting on windows but on linux it creates rwxrw-rw- insteadâ¦ thoughts?
<leblaaanc> -rw-r--r--  i mean
<jamespage> lifeless, I'm confident about that fix so I've pushed it to saucy - it aligns with the symptoms you saw
<jamespage> lifeless, trusty - not saucy
<jamespage> sorry
<jamespage> zul, https://bugs.launchpad.net/ubuntu/+source/ntdb/+bug/1270831
<jamespage> (as you did the merge :-))
<zul> jamespage:  *sigh* just saw
<salvorapi> hi
<salvorapi> i have a question about OpenStack Havana release
<salvorapi> there's some people that can answer me about this?
<leblaaanc> what would a umask of 000 do?
<salvorapi> leblaaanc: no permission for all
<leblaaanc> gdammit why is this not working
<jamespage> zul, https://bugs.launchpad.net/nova/+bug/1270845
<jamespage> that's effecting trunk testing right now
<leblaaanc> if that "create mask (666)" is OR'd onto the "force create mode(666)" would they cancel eachother out http://pastie.org/private/qbss08a6n7bdk51rmg6zq ?
<zul> jamespage:  ok cool ill have a look
<jamespage> zul, it was ok at b1 - I downgraded to check
<zul> jamespage:  ack
<zul> jamespage: https://code.launchpad.net/~zulcss/neutron/conccurency-testr/+merge/202327
<jamespage> zul, that's going to make it worse I think
<zul> jamespage:  slower?
<jamespage> zul, yes - concurrency 4 was OK
<zul> jamespage:  ill set it to 4 then
<jamespage> otherwise you hit the sbuild timeout
<zul> jamespage:  updated the branch
<jamespage> zul, ok - look in a bit - otp
<zul> ok
<jamespage> zul, need to get libvirt into the lab archive - its blocking deployment testing atm
<zul> jamespage:  ok ill do it right now
<zul> jamespage:  how is it blocking?
<jamespage> python-libvirt builds against it from the PPA
<jamespage> so it ends up with an unfullilable depencency
<zul> ah yes
<zul> gimme a minute and ill upload a new one
<jamespage>  python-libvirt : Depends: libvirt0 (>= 1.2.0-0ubuntu1~cloud0) but it is not going to be installed
<jamespage> zul, you'll have to sbuild it locally on test-01 and install it by hand
<jamespage> (it a manual merge right?)
<zul> it is
<jamespage> zul, I'd pull the source from the staging ppa onto test-01, build and install
<jamespage> zul, infact lemme do that - it will unblock me
<zul> jamespage: ok hold on a sec
<zul> jamespage:  you will need the following for precise http://pastebin.ubuntu.com/6787026/
<zul> ill get it updated on the CA
<jamespage> zul, or https://launchpad.net/~ubuntu-cloud-archive/+archive/icehouse-staging/+files/libvirt_1.2.0-0ubuntu1%7Ecloud0.dsc
<jamespage> thats good enough for the moment
<zul> jamespage:  heh ok...im just updating for the cloud archive right now
<jamespage> ack
<jamespage> zul, just ppa:openstack-ubuntu-testing/icehouse and ppa:ubuntu-cloud-archive/icehouse-staging
<zul> jamespage:  ok
<zul> jamespage:  just doing a local build before i upload it first
<jamespage> ack
<jamespage> zul, I must get a build-from-branch job written - that way you could just push the branch and it would build and publish everywhere
<zul> jamespage:  that would be nice
<jamespage> zul, do you have a branch for libvirt? I've been stuffing my forks under ~ubuntu-cloud-archive on LP
<zul> jamespage:  no the bzr branch for the packaging is broken i havent found time to fix it yet
<jamespage> zul, damn
<jamespage> that sucks
<zul> jamespage:  btw keystone is using oauthlib now so we dont have have to carry that massive oauth2 patch
<jamespage> zul, good
<jamespage> zul, we need todo somehting with python-django-auth don't we
<zul> jamespage:  yeah ill put it on the list
<jamespage> zul, its on barry's tracking bug already
<zul> jamespage:  ok ill just freaking do it ;)
<jamespage> \o/
 * jamespage hugs zul
<lifeless> jamespage: awesome
<lifeless> jamespage: did the tunnel thing happen on trusty as well ? or was it purely a backport issue?
<soahccc> Can someone confirm that the commands mentioned in this post work with ubuntu? Or do they need "translation" as well?
<soahccc> http://forums.debian.net/viewtopic.php?f=10&t=68375#p388177
<jamespage> lifeless, only needed for trusty
<jamespage> hmm
<jamespage> now you have me thinking
<jamespage> oh - no its OK with 1.10.2 on saucy - that was pre-restructure
<brightbeat> are /tmp dir is mounted no exec by default?
<Sweeney> Hello everyone, new here.
<Sweeney> I'm playing around with a server that has an intel embedded raid motherboard and I would like to install Ubuntu. I don't have any experience with servers, where is the best place for me to read up on the topic?
<lifeless> jamespage: so running 2.0.1 on saucy.. is where I hit this with the dkms module
#ubuntu-server 2014-01-21
<teward> anyone know what software and setups I'd need to get PPA-like functionality in a private server setup?  Not the whole LP thing, just the PPA functions.
<jrwren> teward: your own repository?
<teward> jrwren: with the whole upload-source, auto-build, upload to repository shebang that PPAs already have
<jrwren> teward: or do you want to be able to upload sources and have the system compile it for you like PPA does?
<jrwren> teward: I'd love that too, if you find something please let me know :)
<Repox> Hello. If I have made changes to iptables, what is the prefered way of saving the rules for next boot; "iptables-save > /etc/network/iptables.rules " or can I just use "iptables-save"?
<KI7MT> Repox, look into using  iptables-persistent
<jamespage> lifeless, I appreciate that - the cherry pick I did covers 3.11 kernel as found in saucy
<rostam> HI is anyone here familiar with the dotdee concept? thx
<kirkland> rostam: hi, I wrote dotdee ... what are you looking for?
<cfhowlett> kirkland, now THAT is customer service!
<ruben231> hi guys i have linux server from US and other one is on Autralia, they are connected adn syn by simple internet line, would stablishing a VPN between them would improved.. the conenctivity of both when ti comes to lagged and slowness performance..any idea guys, i particularly used mysql database
<cfhowlett> ruben231, VPN is for security - not speed.  I doubt that merely switching to VPN would speed things up - but I could be wrong.  If no response here, ask in #ubuntu
<TJ-> ruben231: Adding a VPN won't improve latency; if anything it'll add a few milliseconds
<ruben231> TJ-: ok so no difference at all for the conenctivity issue of slowness and lagged coz currentlyly i dont used anything
<TJ-> ruben231: The only cure for those are using a better route, which is outside your control I'd guess
<rostam> kirkland, hi thanks for getting back to me.  I am still confused on usage.  I need to modify some configuration files beloinging to other pkgs through scripting.  I am not sure yet how to do this through dotdee, Although I just find out about this pkg and I think it will do what I need, any references on this will greatly appreicated. thx
<ruben231> my curernt latency to US server form Australia is  OK (165 ms)
<kirkland> rostam: when you say "I", in this case, are you acting as a sysadmin on your own system, or as a Debian package maintainer?
<kirkland> rostam: because, as I understand it, the latter would be a Debian policy violation (one package mucking with another package's configuration files)
<rostam> kirkland,  are system will be installed as embedded system, there will be no sysadmin using puppet, chef...  We need to changes some of the files, I thought dotdee helps me not to violate the debian packing. The changes to files will be dynamic depends on the environment they are installed.
<kirkland> rostam: I think you're fine, in that case, to use dotdee
<kirkland> rostam: so first, a couple of (maybe obvious?) pointers...  have you read http://manpg.es/dotdee.8 and http://blog.dustinkirkland.com/2011/06/dotdee-how-to.html and http://blog.dustinkirkland.com/2011/04/dotdee-modern-proposal-for-improving.html
<kirkland> rostam: in the latter, I tried to propose dotdee as being an officially blessed way of handling conffiles, but I don't think it went anywhere in Debian
<rostam> kirkland, great thanks I will dig into the references you provided. I hope I can find you here in next couple days for more questions. Thanks
<kirkland> rostam: I'm always here;  generally online during the workday in the USA
<rostam> kirkland, thanks again
<zul> jamespage:  can you push this one back into debian? http://paste.ubuntu.com/6791793/
<jamespage> zul, 'submittodebian'
<jamespage> try it
<zul> jamespage:  ok done
<jamespage> zul, it sends and email - did that work OK?
<jamespage> should get a confirmation back
<zul> it looks like it
<rbasak> roaksoax: OK if I take the facter merge? Might as well do it before I look at puppet.
<roaksoax> rbasak: go for it! :)
<zul> jamespage: https://code.launchpad.net/~zulcss/python-ceilometerclient/1.0.8/+merge/202473
<jamespage> zul, +1
<zul> jamespage:  https://code.launchpad.net/~zulcss/python-heatclient/0.2.6/+merge/202480
<jamespage> zul, -1 typo
<zul> jamespage:  updated
<railsraider> can someone help me out with this upstart it hangs but when i just fire the start-stop-daemon from the shell it works http://pastebin.com/QtsYWUPb
<railsraider> it hangs on start
<jamespage> zul, +1
<jamespage> zul, I'm assuming you will merge these btw
<zul> jamespage:  yep
<zul> jamespage:  https://code.launchpad.net/~zulcss/python-troveclient/1.0.3/+merge/202483
<jamespage> zul, +1
<zul> jamespage:  https://code.launchpad.net/~zulcss/python-keystoneclient/0.4.2/+merge/202486
<jamespage> zul, +1
<germanstudent> Are there good gnuplot alternatives? (Want to know, because I have to decide which tool to study)
<mdeslaur> hallyn: any eta for a fixed qemu package in trusty?
<zul> jamespage:  https://code.launchpad.net/~zulcss/python-swiftclient/1.8.0/+merge/202497
<jamespage> zul, +1
<zul> thanks
<jamespage> zul, I have trusty deploying again in the lab btw
<zul> \o/
<zul> jamespage:  2 more ;)
<zul> jamespage:  https://code.launchpad.net/~zulcss/python-neutronclient/2.3.3/+merge/202505
<zul> jamespage:  neutronclient fixed
<jamespage> zul, +1
<parallel21> If I setup a firewall rule to allow ssh on a subnet, ssh will still appear open to an address outside of that subnet, yeah? The firewall rule would just deny the packets
<ikonia> no
<ikonia> as port 22 would be blocked outside that subnet
<parallel21> so running a scan should render 22 port closed when outside the subnet
<parallel21> Cause that's not what I'm getting when I setup ufw
<parallel21> Though the address is blocked
<zul> jamespage:  last one today https://code.launchpad.net/~zulcss/python-savannaclient/0.4.1/+merge/202512
<jamespage> zul, +1
<zul> jamespage:  thanks
<jamespage> zul, np
<hxm> hi
<hxm> what is the email server in ubuntu server
<hxm> dovecot?
<ersi> If you want it to be, yeah
<ersi> dovecot+postfix would work
<hxm> they are hard to configure, right?
<hxm> i never get make dovecot work
<hxm> there I go
<ersi> Email in general, is a pain in the ass. Doesn't really matter which software you choose :)
<Mikaela> I usually use postfix and it does everything I want with dpkg-reconfigure.
<sarnold> there's many pieces of email; postfix serves a very different role than dovecot
<lifeless> jamespage: cool
<teward> anyone know what software and setups I'd need to get PPA-like functionality in a private server setup?  Not the whole LP thing, just the PPA functions, where I debuild -S the source, upload it to some location, the system automatically builds it, and then assuming it doesn't fail, it uploads to a debian repository?
<chilicuil> teward: it's called soyuz, and there are not a lot of documentation, however you may want to see, https://dev.launchpad.net/HackingSoyuzIRCSession #I've not deploy it locally, so I don't know what exact steps you require to build something similar
<teward> ehhh, CBA to deal with it, I may as well just upload packages to the server manually, then manually run sbuild on them one at a time
<teward> then manually move them into a debian repo
<teward> i could always poke the launchpad devs to give me a hand but i'm not in the mood to bug them
<teward> chilicuil, i'll read that later, i'm kinda bleh from this evil snow
<hxm> what is better, Maildir or mbox?
<sarnold> hxm: Maildir is faster for many operations and it's my definite choice; though it is far easier to rsync or scp an mbox file around from system to system or from program to program. most everything can import from mbox..
<hxm> aha, thanks
<hallyn> mdeslaur: (i'm on vacation today;  but qemu works for me in trusty, so pls quote a bug #)
<mdeslaur> hallyn: it's stuck in proposed
<mdeslaur> I think powerpc FTBFS
<hallyn> zul: do you mind taking lp:~serge-hallyn/+junk/cgmanager and uploading it to the archive?
<hallyn> mdeslaur: oh yeah.  infinity was going to look at that since he has hardware
<zul> hallyn:  sure
<rostam> kardan: I am trying to use preseed to automate debian installation.  I like to have two partition sda1 and sda2 and install two instances of ubuntu on each partition.
<hallyn> zul: thanks
<mdeslaur> hallyn: thanks
<rostam> sorry wrong window
<zul> stgraber:  i just uploaded cgmanager btw
<stgraber> zul: thanks, will review in the queue now
<zul> cool
<stgraber> zul: can you re-upload with just the last changelog entry? the previous ones never made it to either Ubuntu or Debian, so it feels a bit odd having that in the initial upload
<zul> stgraber:  sure
<stgraber> zul: thanks, I just rejected the existing one
<mallu_> hi, does anyone use Active directory for managing linux app/service accounts?
<stgraber> and I see the new one, perfect, reviewing that one now
<hxm> i have installed roundcube via apt-get
<hxm> but the verson is 0.7, I wanted to upgrade it to the latest one 0.9
<hxm> can I just download the .tar.gz file from sourceforge?
<hxm> or I will mess it
<mallu_> nobody use Active directory for Linux user accounts?!
<stgraber> zul: accepted
<stgraber> zul, hallyn: will add it to the server packageset now and review the binaries in a minute (waiting for them to build on LP now)
<okeanos> hello, can someone help me with a frustrating ipv6 problem?
<sk1pper> okeanos: what's the problem?
<melter> if i run "apt-get install apache2-mpm-prefork", why does "apachectl -V" show the MPM as "event"?
#ubuntu-server 2014-01-22
<jdrab> hi guys i have a weird problem with php date.timezone, i'm running 13.10 in php.ini i have set date.timezone to UTC (also tried "UTC") but for some reason every time i try to run var_dump(date_default_timezone_get()) to see if the correct timezone is used i get
<jdrab> PHP Warning:  date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.
<jdrab> and it does not matter if date.timezone is set to Europe/Berlin or something else
<jdrab> var_dump(date_timezone_get()) allways prints "UTC";
<jdrab> i'm using PHP 5.5.3-1ubuntu2.1
<jdrab> error_reporting in php.ini is set to E_ALL
<jdrab> the only thing that helps is using ini_set('date.timezone','Europe/Bratislava'); in file where date functions are used
<jdrab> i think thats a bit weird
<jdrab> ..magic.. it works now. i just removed ini_set from the file and it still works even after apache restart    o.O
<jdrab> kill me now.. now it does not work :D
<rostam> Hi I have created two partition on my disk, sda1 and sda2. I have installed ubuntu on sda1 and I can boot from it. Is it possible to replicate sda1 to sda2 and be to boot from it? thx
<khedrub> Greetings. I'm about to setup a new webserver and face the usual decision if Debian oder Ubuntu Server LTS ... could you give me some hints on what would be the benefit of Ubuntu Server 12.04 LTS over a naked Debian 7? Esp. security-wise or with the software available in the repositories?
<ogra_> khedrub, security support until 2017 ...
<khedrub> ogra_, do you know if the security updates come as quick to both systems? Or does canonical maybe even suppply additional security updates that debian doesn't?
<ogra_> i think ubuntu is usually faster, the amount oof fixes should be similar
 * ogra_ hasnt run a debian server in years so i cant really lett 
<ogra_> s/lett/tell/
<ogra_> (i seem to have my fingers backwards today)
<khedrub> :-) thanks
<yolanda> jamespage, better here, sorry: http://paste.ubuntu.com/6797136/
<rbasak> roaksoax: facter done. Can I take the puppet merge?
<roaksoax> rbasak: go for it
<zul> jamespage:  i added oslo.rootwrap to cinder this morning fyi
<jamespage> zul: great
<hallyn> zul, test-building to be sure, but any objection to http://paste.ubuntu.com/6797651/ ?
<zul> hallyn:  nah
<hallyn> k thx
<garbagegod> If I have domain.com on server A, and sub.domain.com on server B, is it possible / valid to use the same SSL cert for both of them even though they're on separate servers?
<yolanda> jamespage, zul: https://code.launchpad.net/~yolanda.robla/keystone/icehouse_fix_distribution_refresh/+merge/202697
<garbagegod> Anyone?
<garbagegod> Anyone...?
<pmatulis> garbagegod: https://en.wikipedia.org/wiki/Wildcard_certificate
<garbagegod> Yes, I am aware of that
<garbagegod> My question is pertinent to the IP addresses
<garbagegod> Can one SSL cert be used across multiple IP addresses
<garbagegod> Without any issues
<patdk-wk> garbagegod, depends
<patdk-wk> if the certificate contains an ip address, no
<patdk-wk> if it doesn't, sure
<garbagegod> ok
<garbagegod> thank you
<medic89> Hello everyone! I am new to the Ubuntu community.
<sarnold> welcome aboard :)
<medic89> I am working on a home server project as a hobby. It has been going smooth by following the online documentation but I have run into an obstacle that I do not know where to find the answer for.
<medic89> I am sure it is pretty simple for an experienced user...
<adam_g> jamespage, any chance you can enable builds for > 12.10 @ https://code.launchpad.net/~python-jenkins-developers/+recipe/python-jenkins-daily ?
<medic89> ...I connect to the server remotely via SSH from my Win7 laptop with the Putty client. The server was installed with LVM and encryption. If I have to remotely reboot the machine I cannot reconnect because it of course prompts for a passphrase in order to unlock the disk
<medic89> I have asked on Ask Ubuntu but I am just in a hurry to get past this small road block!
<medic89> Any help would be greatly appreciated, thanks.
<sarnold> medic89: that's a risk of using encrypted storage; you can probably use a serial console or an integrated lights out system on the motherboard to interact with the console at boot time
<medic89> Thanks for the welcome btw, Sarnold.
<medic89> Thanks! I will have to find out what those are. Is the only other alternative is to do w/o disk encryption? I assume I would have to re-install?
<sarnold> medic89: yeah, not all systems will support serial console or ILO setups; in those cases, perhaps using ecryptfs-based encryption for user data would make more sense, then you could supply the passphrase when logging in (ssh keys are a complication...) and still get some benefit of encrypted data
<sarnold> medic89: probably you can do some juggling to undo the encryption without a re-install, but the reinstall would probably be faster and more predictable :)
<medic89> Thanks, Sarnold!
<jamespage> adam_g, done
<sarnold> medic89: have fun :)
<adam_g> jamespage, thanks!
<medic89> Sounds like it might be easier for a hobbyist such as myself to just do away with the disk encryption for now and maybe try the encryptFS stuff later.
<medic89> Wish I could just edit a file somewhere and change something like "askForPassPhrase = no" lol
<xibalba> wondering how i can do this without having a new line, after the =
<xibalba> for fn in `cat domainList.txt ` ; do echo "domai $fn : NameServer = "; dig +noall +answer soa $fn | awk '{sub(/.$/,"",$5);print $5}'; done
<jtran> anyone know where i can get racadm util for dell servers?   or how to install it using apt from repo somewhere?  on dell support website it's not where they suggest it should be http://en.community.dell.com/techcenter/systems-management/w/wiki/3205.racadm-command-line-interface-for-drac.aspx
<jtran> for ubuntu of course
<sarnold> jtran: apt-file search racadm  doesn't return anything that looks useful to me..
<jtran> sarnold: agreed
<sarnold> jtran: hrm, looks like they ought to offer the download on their website after entering a service tag. have you had any luck with that?
<jtran> yup entered the service tag, which takes you to same download page even if you don't enter one
<jtran> and no luck
<jtran> believe me it's a wild goose chase
<sarnold> :(
<infinityloop> hi all. I have yet another wifi card problem, any help would be appreciated
<infinityloop> I have an Asus N13 usb wifi card and it uses a Ralink RT3072 chip. My understanding is that the RT2800usb module supports this chip
<infinityloop> during the install, my AP is detected but I can't authenticate with the AP for some reason
<infinityloop> I skipped the wifi configuration during install to come back to it later which i'm attempting now without much luck
<infinityloop> I modprobe the rt2800usb module and created an entry for the wlan0 interface in the interfaces files
<infinityloop> file
<infinityloop> and tried bringing up the interface
<infinityloop> when I run dmesg, it just keeps on printing : wlan0: associated
<infinityloop> wlan0: deauthenticated from ....
<infinityloop> cfg80211: calling crda to update world domain ..
<infinityloop> and back to wlan0 assoicated
<infinityloop> and its repeats on and on
<infinityloop> any ideas on what's going on?
<medic89> Hi folks. Fresh install of ubuntu server 12.04. Connected to dhcp enabled linksys router via ethernet cable. connection is fine with dhcp. As soon as I set /etc/network/interfaces to static on eth1 and fill in the appropriate address, netmask, and gateway, I can't bring up eth1
<medic89> tried sudo ifup eth1 and sudo /etc/init.d/networking restart
<medic89> It worked before reinstallation.
<medic89> says Error: an inet prefix is expected rather than 192.168.1.111/225.225.225.0
<sarnold> medic89: can you pastebin your /etc/network/interfaces?
<medic89> standby
<medic89> http://pastebin.com/thMWETiY
<medic89> its very curious since I did the same exact thing before re-install and it worked fine.
<medic89> And there is nothing different except no encrypted home folder or lvm. Both times it is basically a stock install.
<sarnold> medic89: ooh ooh; typos :) 225 vs 255
<medic89> ...
<sarnold> netmask 225.225.225.0  should be 255.255.255.0
<sarnold> very tricky I damn near didn't spot that one :)
<medic89> LOL
<medic89> Thanks, :)
<medic89> you can tell I don't do a lot of networking since I typoed all three
<sarnold> at least it's consistent :)
<medic89> lol, sometimes you just need another brain to look at your work.
<sarnold> yes
<medic89> Thanks again Sarnold. I am sure I will be back from time to time throughout this little project.
<sarnold> cool :) have fun!
<medic89> ty
<smallfoot-> Does the cloud image have Plymouth? :s
<smallfoot-> Does the server image have Plymouth? :s
#ubuntu-server 2014-01-23
<jrwren> 11aa1
<atpa8a> hello
<atpa8a> i'm so confused... (good news everyone!)
<atpa8a> running a kvm server at the moment... looking for a better management capabilities... openstack comes on all the searches... adding ubuntu gives me MAAS and juju... do i really need all that sh*&^t?
<sarnold> atpa8a: are you using libvirt to manage the kvm instances?
<atpa8a> yup
<sarnold> atpa8a: I'll admit there are days when I curse libvirt up and down, but it mostly works alright, and it's possible to write some utilities around it..
<sarnold> drats :) that was my one good idea. hehe
<atpa8a> really... just want a UI for libvirt :) web with VNC console support...
<atpa8a> i'm pretty cool with libvirt
<sarnold> virt-manager works for me but I'll grant it isn't great :) hehe
<medic89> I guys. newbie question: I changed to root with "sudo -s" to do something but since being in root is kind of a dangerous place i want to go back to my username, how?
<hallyn> i wonder what management capabilities atpa8a really wanted
<sarnold> medic89: you exit the shell; usually ^D does the job, but if not, 'exit' should
<medic89> ty
<cfhowlett> medic89, one: avoid root.  you do NOT need root for 99.9% of system management.
<cfhowlett> !root
<ubottu> Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<sarnold> meh, sometimes when you're doing a bunch of administration tasks, sudo -s is awesome. I get tired of typing 'sudo' in front of every command. :)
<medic89> lol
<sarnold> don't tell anyone, but I've usually got a sudo -s shell open on one of my tmux sessions all the time...
<medic89> Thanks guys. I'm setting up OpenVPN by following the 12.04 documentation. It said change to root...I didn't, but then I had to in order to run a script because it didn't have permission to make a dir; sudo wouldn't work.
<Kalavera_> hey guys, something went wrong with a server that was in raid 10 and now it wont boot again
<Kalavera_> I have tried to re-assemble the array but it is not working
<jamespage> rbasak: you might want to join debian-mysql on oftc when you start work on the mysql re-sync
<jamespage> that's where most discussion is taking place
<jamespage> not huge volume...
<rbasak> Done. Thanks!
<farway> yesterday out server (12.04.4 LTS)  updated mysql automatically, but it did not start up the process again, the mysql logs show http://pastebin.com/9FrCbVWv does anyone had the same problem or know if i need to do something to prevent that this will happen again (the warnings about the config file are already fixed)?
<jamespage> farway, I expect you got the .35 security updates
<farway> jamespage: thats correct
<farway> jamespage: do you know what when wrong / what i should do to prevent that it will not startup on the next update?
<jamespage> farway, I see on bug in launchpad that looks similar
<jamespage> just looking
<jamespage> https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/988801
<jamespage> farway, can you start mysql manually?
<farway> jamespage: yes starting in manually is no problem ans the version shows .35
<jamespage> farway, can you run
<jamespage> use mysql;
<jamespage> select * from plugins;
<jamespage> (pastebin the output if possible)
<farway> jamespage: because its short: ERROR 1146 (42S02): Table 'mysql.plugins' doesn't exist
<jamespage> farway, ok
<jamespage> farway, ok - lets check where is actually failing
<jamespage> farway, sudo vi /var/lib/dpkg/info/mysql-server-5.5.postinst
<jamespage> add "set -x" to tthat script
<jamespage> and then run sudo dpkg-reconfigure mysql-server-5.5
<farway> jamespage: i think, because the last backup is 8 hours ago, i'll first start a new one :D
<jamespage> farway, always a good idea
<farway> jamespage: as i don't know how long it will take i will say thank you for now, and if i'm not able to track down the problem using 'set -x'  i'll ask here again. but i think i have now a new starting point to continue searching the problem myself :)
<jamespage> farway, ack
<jamespage> farway, also worth raising a bug for this btw
<jamespage> as you had a running server pre-upgrade this looks like some sort of problem
<jamespage> (we get alot of mysql bugs which are due to generally broken configurations - but not in your case :))
<farway> jamespage: :D  server maintaing is a time filling job, with lots of surprises ^^
<zetheroo> If I remove from a server the disks which make up the md1 raid, is that raids config still somewhere in the system? If so how do I erase all traces of that raid array?
<farway> jamespage: i did the backup, one question about the procedure, is it likely that when calling dpkg-reconfigure mysql-server-5.5  that it would break mysql server completely ... i know that is hard to tell, but should it normally just do what it will do for a normal update?
<jamespage> farway, it should not
<farway> jamespage: ok
<farway> jamespage: i ran the process now, and the error log shows the same message. On the first look i don't see that the ALTER of user that faisl in the log has a differnece in the syntax that could make it fail
<jamespage> farway, can you pastebin the terminal output?
<farway> jamespage: sure .. i just check right now if it contains - even if i don't expect it - some sensitiv information
<farway> jamespage: here it is: http://pastebin.com/EXnXutW4
<farway> damit
<jamespage> farway, hmm - so that script gets to its exit 0
<jamespage> how odd
<farway> an i exposed the debian password -.-
<jamespage> farway, argh
<dcosnet> well. time to type franticly
<jamespage> farway, sorry - I can get stuff scrubbed from the ubuntu pastebin but not that one
<farway> jamespage: well i would need to change it anyway when it left my system ;)
<jamespage> farway, understand - of course
<farway> jamespage: ok so i have change the passord. do you have any idea what could have gone wrong
<jamespage> farway, well the postinst script appears to have started ok
<jamespage> completed OK rather
<jamespage> which is odd - it mysqld still not running?
<farway> after running dpkg-reconfigure mysql-server-5.5  it does not start up again
<farway> the error message is the same in the error log complaining about the alter alter of the user table and telling me the plugin exists while it does not exist
<farway> jamespage: hmm ok plugin exists now
<jamespage> farway, that should be an ignorable error (I looks at
<farway> ah ok probably it also existed before :D
<jamespage> the script - it sets +e prior to running that step)
<farway> jamespage: imy guess is that line the complains about 'ALTER TABLE user ADD column Show_view_priv enum('N','Y')'  because after that  it it says '140123 13:15:04 [ERROR] Aborting'
<jamespage> farway, it looks likely
<Pupeno_w> Is there a program that would let me get the expiration date of an SSL certificate?
<ikonia> openssl
<farway> Pupeno_w: if i remember right it is something like: openssl x509 -in certfile -noout -enddate
<ikonia> farway: fantatic memory
<ikonia> fantastic
<jamespage> zul, all of the lab builds appear to be hosed btw - looks like some sort of access issue to ppa.launchpad.net
<zul> jamespage:  yeah started last night
<farway> ikonia: currently i don't believe in my memory. have two two weeks working an publication with just some hours it tends to say goodby for some time :D
<alveraan> I have an xfs partition that I can mount with mount -t xfs, but not using fstab. Once mounted using mount.xfs, mounting via fstab works too.
<farway> ikonia: there it went away again ... having -two  +sleep
<farway> jamespage: i reread the launchpad, i can exclude apparmor because it is currently not running. really strange ... i'll go through each line in the postinst now as mysql is not always that accurate with it's error messages
<ikonia> alveraan: the xfs module is not getting loaded
<alveraan> ikonia, ok I'll try adding it to /etc/modules. Thx
<farway> jamespage: thx again for taking the time to help me. I'll take something to eat now and do then some further research.
<jamespage> farway, no problem!
<rbasak> zul: ok to upload a bugfix to libvirt-python? bug 1270588
<zul> rbasak:  go ahead
<zetheroo> getting really frustrated with mdadm and setting up the simplest of raid arrays! Everything works great until I reboot the system and then the array is renamed somehow to md127 and fdisk reports "Disk /dev/md127 doesn't contain a valid partition table" ...
<Zorky1> Im looking for someone, who can help me with a setup with a PXE server. regarding the files for each distro. i followed this guide. the pxe server is working. but when i click a distro i put in. it boots into the image. but cannot access the folder. where i mounted the files https://help.ubuntu.com/community/PXEInstallMultiDistro
<alveraan> zetheroo, you could pass the --name option to mdadm --create. Your raid device would then be at /dev/md/thegivenname
<alveraan> zetheroo, or create a mdadm.conf
<zetheroo> this is the command I am using: mdadm --create /dev/md1 --level=1 --raid-devices=2 /dev/sdc1 /dev/sdd1
<alveraan> zetheroo, as for fdisk, why would you do an fdisk on a md device?
<zetheroo> and there already is a mdadm.conf in /etc/mdadm/
<zetheroo> this is what I have right now: http://paste.ubuntu.com/6802757/
<michell90> Hey everybody, following Problem: I'm running a linux server and I have windows clients connecting via ssh. The windows client has a local printer. Now the windows user needs to print a file from the remote linux host to his own local printer. Does anyone know how to do this?
<zetheroo> alveraan: can I rename the array from md127 to md1 again?
<alveraan> zetheroo, you'll have to stop the array, then reassemble it as md1
<alveraan> zetheroo, as for mdadm.conf, it should contain a DEVICES and one or more ARRAY lines. Check man mdadm.conf for examples.
<zetheroo> alveraan: mdadm.conf seem to like to use UUID's ...
<zetheroo> alveraan: how do I locate the UUID for my new array?
<zetheroo> alveraan: how do you reassemble the array with a different name?
<Zorky1> Im looking for help setting up a PXE server.
<alveraan> zetheroo, mdadm --manage /dev/md127 --stop  , then reassemble. Please use mdadm --help, it's well documented ;-)
<Zorky1> Looking for help regarding pxe server. that wont mount the files past kernel
<ikonia> mount files paste kernel ?
<ikonia> that's not pxe - pxe only starts the booting, anything after that is just configuration
<ikonia> if you're getting a boot of $something then pxe is working
<Zorky1> ikonia:  begin tring nfsmount -o nolock -o 10.110.1.10:/srv/install/Ubuntu/13.10_desktop/amd64 /cdrom â¦ mount call failed - server repied :permission denied
<zetheroo> alveraan: I got as far as "mdadm --assemble --name=md1" but not sure what to do now ....
<Zorky1> ikonia:  i get that error
<ikonia> Zorky1: "permissions denied...."
<ikonia> and that's nothing to do with pxe as the preboot work has already happened
<ikonia> that's trying to boot the process you've downloaded via pxe, so at that point, pxe is done
<Zorky1> ikonia:  okay. the files are mounted in the /srv/install folder from fstab. so the iso is readable from /srv/install/Ubuntu/13.10_desktop/amd64
<Zorky1> i can't seem to figure out. whats causing this. since all the files are readable.
<ikonia> how do you know they are readable ?
<ikonia> it's saying permissions deined, that suggests the share permissions are wrong
<Zorky1> yeah but on what folder. the amd64?
<Zorky1> ikonia:  every file past /srv/install has the same permissions
<ikonia> look at your share permissions - forget file system yet
<ikonia> test it by doing anonymous nfs mounts
<Zorky1> ikonia:  these ? in  /etc/exports? 10.110.1.0/24(ro,async,no_root_squash,no_subtree_check)
<Zorky1> hmm theres no rw in that line
<ikonia> .....errr did you not set this up ?
<Zorky1> i followed a guide. im still learning
<ikonia> ok, have you tested mounting that ?
<Zorky1> just tried with rw in that line. didn't work
<ikonia> I didn't say that
<ikonia> where did I say "add rw to that line" ?
<Zorky1> nowhere i just tried it myself.
<ikonia> why do you need read write access ?
<Zorky1> i just wanted to test if, that was causing it to be not readable
<ikonia> "read only"
<ikonia> it should be readable
<ikonia> pointless to work on this if you're just doing random things to resolve it
<zetheroo> trying to mount the raid array using the UUID fails ... mount: special device UUID=bb818a40-23de386d-5d855fc4-517420cb does not exist
<ikonia> does that uuid exist.....
<zetheroo> I got the UUID info from " mdadm --detail /dev/md1"
<zetheroo> UUID : bb818a40:23de386d:5d855fc4:517420cb
<ikonia> where are you looking at that?
<zetheroo> mdadm --detail /dev/md1
<zetheroo> http://paste.ubuntu.com/6802899/
<ikonia> zetheroo: that doesn't mean that uuid exists
<zetheroo> :P
<zetheroo> what does one do to make a UUID exist?
<ikonia> check if it does exist first
<zetheroo> how?
<ikonia> look in the dev-by-uuid device files
<ikonia> that's basically what mount is going to check
<ikonia>  /dev/disk/by-uuid
<ikonia> I think
<ikonia> not got an ubuntu box to chec
<ikonia> check
<Zorky1> ikonia:  i found the problem.
<zetheroo> that UUID is not there
<ikonia> Zorky1: great
<ikonia> zetheroo: ok, so that's why mount is failing
<ikonia> so now you know where to look
<zetheroo> though there is this: lrwxrwxrwx 1 root root   9 Jan 23 14:19 8c121204-72d2-4590-b128-a67e9b79b6ba -> ../../md1
<zetheroo> so there is already another md1 device?
<ikonia> zetheroo: no, there is a uuid for a device doesn't mean that device is actually still there
<zetheroo> doh
<zetheroo> is there a tool to manage these UUID's?
<ikonia> they are system generated ???
<ikonia> how do you expect to "manage" them
<ikonia> that's the whole point of them
<zetheroo> I don't get it ... if the system generates them why is it not updated? I rebooted the machine twice since having the new array made
<ikonia> looks like your raid setup is screwed/wrong
<zetheroo> well .. is there anything wrong with mounting the array using /dev/md1 instead of the UUID?
<zetheroo> because it works with /dev/md1
<Zorky1> ikonia:  the problem is not nfs. it's when the folder is mounted it's mounted as read only. when i mounted the iso into the folder
<ikonia> it's mounted read only - because you told it to be mounted read only
<ikonia> hence "ro"
<ikonia> and why does it need to be anything else other than read only ?
<Zorky1> ikonia:  it's mounted with this in fstab udf,iso9660 user,auto,loop 0 0
<ikonia> Zorky1: that has nothing to do with it
<Zorky1> yes it has. because when i copied the files over to the folder it booted
<ikonia> thats you copying the files - that's not permisisons
<Zorky1> then why couldn't i read the files. when the iso was mounted to that folder. but when i copied all the files from the iso into the folder it worked.
<ikonia> I suspect becaise you are trying to decompress an iso onto a read only file system ?
<jamespage> stgraber, whats the right way to set a lxc container to autostart on reboot these days?
<jamespage> juju appears to still be trying to create symlinks in /etc/lxc/auto
<farway> jamespage: i think i found the corresponding bugs https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1208729 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708176
<jamespage> farway, hmm - that does look likely
<farway> jamespage: i'll apply the parts after the fails commands by hand now and adding the missing information to the plugin table and then turn off auto security updates for now, as i don't want to be want to be awakened by my monitor tool because of that again -.-
<jamespage> farway, ideally those updates would only be applied if missing - trying to figure out the best way todo that
<jamespage> farway, what's odd is that if I install and then re-install mysql-server-5.5 I see those abort errors in the mysql log as well
<jamespage> but I still end-up with a running mysql
<farway> jamespage: do you have rows in your mysql.plugin table ?
<jamespage> farway, no - its empty which appears to be wrong
<jamespage> wtf is going on
<jamespage> farway, oh - i see - if the table already exists, then the maintainer script bails
<jamespage> in a non-error way
<farway> jamespage: yes that is what i also have seen, i'm wondering if the plugin rows for default parts are optional with 5.5 i need to check this, because in none of my installations there are rows in it
<jamespage> farway, having that call in the maintainer script is foobar now - the install_mysql_db creates that table as part of the system db script
<zul> smb: kill it :)
<smb> zul, Heh, with my non-existing powers :)
<jamespage> farway, ditto on the fix privs as well I think
<zul> smb: kill the fool
<farway> jamespage: ok, then there is just one last thing i stubbled across while checking the script. why does it call "update-rc.d -f mysql remove"  i mean i don't want the script ro remove it form my startup list
<jamespage> farway, no - that's automatic maintainer script to ensure that an old style sysvinit script is disabled if its installed in /etc/init.d
<jamespage> ubuntu uses the upstart configuration
<jamespage> which does not rely on /etc/rc.X
<jamespage> farway, I think the old bit that has to be run in the replace_query - otherwise the debian sysmain password won't be set
<stgraber> jamespage: lxc.start.auto = 1 in config
<farway> jamespage: hmmm it becomes more and more puzzling :D because until i added mysql to the init.d id did not start on reboot.  Probably the preconfigration install image of the hoster was somehow wrong (was a fresh setup after a server crash some months before)
<jamespage> stgraber, yeah - thats what I thought
<jamespage> farway, something sounds a bit wonkey
<farway> jamespage: That's paraphrased nice ;) But i think i get closer to the problem. But for now i'll need to do something else.  Have a nice day
<jamespage> farway, you to
<zul> jamespage:  django-compressor fixed
<zul> jamespage:  icehouse-2 is out
<jamespage> zul, goodie
<zul> jamespage:  ppa issues look like is fixed
<hxm> hi, I bought a SSL cert and the seller asks me for my configuration, I use apache2 but I didnt still use any ssl so I dont know what is better, openssl or apachessl?
<hxm> or apache2 is able to manage certs itself
<zerick> openssl
<zul> jamespage:  https://code.launchpad.net/~zulcss/keystone/2014.1.b2/+merge/202901
<zul> jamespage:  https://code.launchpad.net/~zulcss/cinder/2014.1.b2/+merge/202905
<zul> jamespage: https://code.launchpad.net/~zulcss/glance/2014.1.b2/+merge/202912
<zul> jamespage: https://code.launchpad.net/~zulcss/nova/2014.1.b2/+merge/202913
<zul> jamespage:  https://code.launchpad.net/~zulcss/trove/2014.1.b2/+merge/202914
<rostam> Hi I am using preseed to automate installation. In my current preseed file, system reboots after complete installation, I do like not to reboot. Any suggestion? thx
<hitsujiTMO> rostam: http://askubuntu.com/questions/142821/which-debconf-preseed-option-to-auto-reboot-after-installation
<jpds> rostam: Doesn't sound so automated all the sudden.
<andol> rostam: Mostly out of curisoity, what is the problem with the automatic reboot?
<rostam> all thanks so much for input and questions, I just want to test something before reboot so I want to stop rebooting. that is all.
<rostam> HI our sy stem gets its IP address from a dhcp server. Every time we update the /etc/hosts with the acquired IP address and hostname. Is there a way to automate this? thx
<sarnold> rostam: I think what you're looking for is rfc 2136, to have the dhcp server update a dns server with the name
<hitsujiTMO> rostam: is it necessary to update /etc/hosts with the name? will 127.0.1.1 hostname    not do it for you?
<rostam> hitsujiTMO,  we have distributed environment. The master and slave. The master is always identified as ts1.local and slaves ts2.local, ts3.local. So I am not sure if what you suggesting would work. By the way it is 127.0.0.1 I think.
<rostam> sarnold, so updating dns is the same as /etc/hosts interesting.  Let me try it thanks again.
<sarnold> rostam: most /etc/hosts these days have 127.0.0.1 localhost and 127.0.1.1 hostname -- the lo interface claims 127.0.0.1/8 so there's a lot of addresses that wrap back to localhost
<rostam> sarnold,  thank you did not know that.
<zul> smoser: ping
<smoser> hey
<zul> smoser: can you do a quick review of https://code.launchpad.net/~zulcss/keystone/2014.1.b2 (it contains yolanda's banner patch)
<smoser> done.
<thumper> hallyn: has the autostart behaviour for lxc changed in trusty?
<hallyn> thumper: yes, stgraber's new autostart setup may be in now.  certainly in the ppa
<stgraber> hallyn: yep, it landed with beta2 last week
<thumper> hallyn: hmm... managed to break juju's behaviour
<thumper> hallyn: can you explain the change?
<hallyn> juju uses autostart?
<stgraber> thumper: yes, autostart settings are now upstream and use the container's config instead
<thumper> hallyn: yep,
<stgraber> thumper: I believe I already told someone this morning wrt juju
<stgraber> thumper: use "lxc.start.auto = 1" in the container config
<thumper> stgraber: don't expect us to talk to each other :-)
<hallyn> stgraber: remind me, is there any attempt at auto-conversion for /etc/lxc/auto/ users?
<stgraber> hallyn: yes, there's migration code, but it won't do them much good for new juju containers
<hallyn> heh yah
<stgraber> any container on the system at the time of the upgrade to beta2 should have been automatically converted (symlink removed, /etc/lxc/auto removed and lxc.start.auto = 1 added to the container config)
<thumper> stgraber: is this lxc going into the cloud archive?
<thumper> stgraber: for precise?
<thumper> is there a way we can work out if this is supported?
<stgraber> thumper: maybe hallyn knows, I usually ignore the existence of that external archive entirely
 * thumper nods
<stgraber> thumper: rule of thumb would be, if /etc/lxc/auto exists, use it, if not, use lxc.start.auto = 1
<thumper> stgraber: that makes sense...
<thumper> should be able to handle that pretty easily
<stgraber> as the upgrade of LXC will migrate anything in /etc/lxc/auto to lxc.start.auto and then remove the directory, that logic should work even on systems that get an LXC upgrade at the middle of a run
<thumper> awesome...
<thumper> I'll bake that logic into Juju :-)
<hallyn> thumper: jamespage would know if lxc is going into cloud archive
<hallyn> (if it still matters)
<thumper> hallyn: ok
<zul> adam_g:  https://code.launchpad.net/~zulcss/ceilometer/2014.1.b2/+merge/202939
<swimmer> hi - not sure whether to ask here or over at #ubuntu: since today I'm running a vps on Ubuntu server 13.04 and I'd like to replace sysklogd with syslog-ng (the one I use on all my Gentoo machines) or maybe rsyslog (to learn even more ;-) )
<swimmer> is that a question of stopping the service, removing the package, installing the replacement and configuring it?
<swimmer> or is there more risk involved?
<sarnold> swimmer: rsyslog shld have been the default syslogd..
<swimmer> that's not up to me ... that's what I got atm ;-)
<swimmer> I just want to have a syslog daemon which can parse & separate my ufw messages
<swimmer> and all that stuff is new for me coming from Gentoo
 * jdstrand advises swimmer to look at /etc/rsyslog.d/20-ufw.conf
<ogra_> ubuntu comes by default with rsyslogd since several releases already
<ogra_> you should already have it
<swimmer> jdstrand: that's not recognized ... and importing the rules/config into /etc/syslog.conf didn't change anything
<swimmer> and yes I restarted the service
<jdstrand> swimmer: Ubuntu ships with rsyslog by default. /etc/rsyslog.d/20-ufw.conf will configure rsyslog to put ufw messages only in /var/log/ufw.log
<jdstrand> swimmer: sorry, you can configure rsyslog to put ufw messages only in /var/log/ufw.log via /etc/rsyslog.d/20-ufw.conf
 * ogra_ wonders how you even got sysklogd installed 
<ogra_> you or another admin must have replaced rsyslog with it
<swimmer> hihihi - everyone is telling me what I *should* have ;-)
<swimmer> I bought I VPS yesterday, logged in & started looking around to get familiar with Ubuntu server
<swimmer> I read up about apt-{get,cache} & aptitude, tried out both and ended up with aptitude running an update
<swimmer> after that I let aptitude update all packages and that was it
<sarthor> Hi I read this link, https://www.digitalocean.com/community/articles/how-to-set-up-apache-virtual-hosts-on-ubuntu-12-04-lts and have created virtualhost, How to access that virtual host from lan, from the ip of my computer http://192.168.1.107, I am accessing the old page, How my browser will go to /var/www/newlycreatedsite.com/public.html/index.html. HELP pleasae
<zul> adam_g: https://code.launchpad.net/~zulcss/heat/2014.1.b2/+merge/202946
<ogra_> swimmer, well, then remove sysklogd and install rsyslogd ... you shouldnt need to care for anything, the packages will stop and start the services as needed when uninstalling/installing
<swimmer> ogra_: I got a warning when I tried to do that ...
<swimmer> ogra_: that's why I ended up here
<ogra_> what did it say
<sarnold> swimmer: you may need to do it in one command, like apt-get install rsyslog sysklogd-
<swimmer> * rsyslog conflicts with linux-kernel-log-daemon (provided by klogd 1.5-6.2ubuntu1)
<swimmer> * rsyslog conflicts with system-log-daemon (provided by sysklogd 1.5-6.2ubuntu1)
<sarnold> then try apt-get install rsyslog sysklogd- klogd-
<ogra_> yeah
<swimmer> thank you guys - I'll give that a go ...
<swimmer> lol - I had to stop ufw first to be able to get the packages needed ;_)
<swimmer> ;-)
<sarnold> heh, sounds like your firewall rules might be just a touch too tight ;)
<swimmer> yeah - I really panicked this morning after not sleeping when I realized that they don't spend you a firewall when you buy a vps ;-)
<swimmer> so I had to get used to that ufw thingie and make sure nothing gets through but my ssh connection
<swimmer> hmmm - this apt-get command ... does it remove *everything* from the packages?
<swimmer> I still see klogd and sysklogd with 'services --status-all'
<swimmer> and I reckon it's safe to remove /etc/syslog.conf? I see that /etc/rsylog.d/50-default.conf is quite similar ....
<sarnold> swimmer: well, apt-get purge (or dpkg --purge) will remove everything; but since you needed to issue the install and uninstall commands at the same time to satisfy dependencies, it probably just used the dpkg --remove option, which would leave modified configuration files around...
<sarnold> swimmer: yes, should be safe to remove /etc/syslog.conf
<swimmer> ahh neat - 'apt-get purge sysklogd klogd' is still possible :)
<swimmer> quite a lot of question marks with 'service --status-all' ;-)
<swimmer> and quite strange that you have two concurring daemon systems
<swimmer> ^daemon control systems
<sarnold> swimmer: heh, there's more than that :) there's at least rsyslog busybox-syslogd dsyslog inetutils-syslogd klogd sysklogd socklog -- in addition to the systemd-style journals which replace syslog also..
 * swimmer hides
<swimmer> keep it easy man
<swimmer> remember ... its my first day
<sarnold> hehe :)
<swimmer> and I haven't slept for 36h by now
<sarnold> oh that's trouble
<swimmer> I guess I still have to find the right ufw rules for letting apt* pass through
<sarnold> the mistakes you can make when you've not had enough sleep are so much more impressive than normal every-day mistakes... hehe :)
<swimmer> ohhh that's ok with me ... I'm just a small stupid user who messes up anyway ;-)
<swimmer> but you guys helped me already a lot
<sarnold> swimmer: hehe :) well, have fun! ;)
<swimmer> thank you :)
<swimmer> I'll stick around here and keep asking if you don't mind ... ;-)
<swimmer> ROFL - now I know why rsyslog was not installed -> https://bugzilla.openvz.org/show_bug.cgi?id=2693
<swimmer> bitten by precisely that bug :)
<ubuntutis> anyone know where to get ajax to install it with the lamp stack
<swimmer> so is anyone using that fix? -> http://www.nostate.com/4228/fixing-the-100-cpu-and-no-useful-output-imklogrsyslog-kernel-logging-problem-on-ubuntu-guests-under-xen-pv/
<rostam> HI I am creating preseed file. I want to install the grub on separate disk, not sure how to do that in preseed file? thx
<swimmer> hihihi - that fix does even work actually :)
<swimmer> and now I can see that ufw is actually all over the place ;-)
<genii> rostam: https://help.ubuntu.com/10.04/installation-guide/example-preseed.txt has examples
<rostam> genii, thx
<quietone> after some updates we can't print to ip printer, xp boxes can print
<sarnold> quietone: there's a lot that can go wrong with printers.. this wiki page has a lot of information on debugging them, it might be useful: https://wiki.ubuntu.com/DebuggingPrintingProblems
<quietone> sarnold, thanks that looks promising
<Doda12> Does someone know an easy to use tool I can call in a shell script that outputs basic statistical data like max, min, mean?
<compufreak> IPv6 isn't automatically settting a static address here's my interfaces file: http://pastebin.com/i6D2TGsQ
<compufreak> However, using "ip -6 addr add 2001:470:1f11:1363::4/64 dev eth0" assigns the address and IPv6 works fne afterwards
<swimmer> OK - time to do the final test and reboot the vps ... wish me luck B-)
<sarnold> have fun swimmer :)
<swimmer> I guess the fun starts ... it's offline :-/
<quietone> sarnold, any other ideas?
<sarnold> quietone: do you have any error messages in log files that look related?
<quietone> sarnold, sorry, things changed and I have to leave. thanks for asking
#ubuntu-server 2014-01-24
<rostam> Hi I am trying to compile a package which reqiures a head file from boost library  version libboost1.49.-dev as part of quantal, but my system is on precise (12.04) how could I use that library in precise? thx
<swimmer> ok guys just for the records: that workaround that I applied yesterday was *not* applicable for OpenVZ en that's why the whole vps went down after a reboot.
<ogra_> well, ask your OpenVZ provider to fix it ...
<ogra_> afaik they are legally not allowed to call it Ubuntu if they change the default packages ... iirc thats somewhere in the trademark policy
<swimmer> hihi - you mean I should p*ss them off on day 2 already? ;-)
<swimmer> I first let them investigate what else I could use to adjust the logging to my liking ...
<swimmer> it seems to be a known issue with OpenVZ
<rbasak> jamespage: please could you subscribe ~ubuntu-server for ruby-rgen? This is for bug 1271857.
<rbasak> (MIR)
 * rbasak wonders where the bot is.
<Zorky> Hello. Im having trouble with a PXE server im setting up. The PXE server works. and is able to spit images out. But when i boot into an image. i get to the live version of ubuntu desktop. thats fine. i get an internet connection there. and is able to ping 8.8.8.8 But when i boot ubuntu 12.04 server i get bad archive mirror. like it dosent get a dns
<mardraum> are you assigning IP info manually, or using DHCP?
<Zorky> using dhcp
<mardraum> are the dns servers your dhcp server is giving out legit?
<Zorky> giving out dns name. and the server ip. and 8.8.8.8
<mardraum> does "host google.com" work ?
<Zorky> option domain-name "example.local";
<Zorky> option domain-name-servers 10.110.1.10;
<Zorky> option domain-name-servers 8.8.8.8
<Zorky> rebooting the vm
<Zorky> i think i just found the error. there was no ; after 8.8.8.8
<Zorky> mardraum:  pinging google.com work
<mardraum> original problem remains?
<Zorky> gonna test with ubuntu server now. have to download 32bit version to test it now
<Zorky> mardraum:  it works now :) funny how 1 letter can mess the entire thing up
<mardraum> not really. but a good lesson to learn
<Zorky> mardraum:  it's weird that it works fine when you are not pxe booting. then i get the 8.8.8.8 dns. but the images dont :S
<LeMike> hello. i am puzzled. viewing `ps -e | grep sh` shows me one process with bash. i like to kill all of them but I can't. neither me nor another root is able to `kill 1234 -KILL` or `kill 1234` this one. someone familiar with it ? some ideas?
<rostam> hi is there any mechanism that a process can be notified if a usb devices is installed or removed? thx
<rbasak> rostam: look into udev (for low level) and the D-Bus "org.freedesktop.UDisks" service (for desktop integration)
<rostam> rbasak, thx
<rostam> rbasak, I did some googling, I find udev-noify.  This provides gui notification which is not what I am looking for. Any suggestion? thx
<rbasak> rostam: you can add your own udev rules set up to run what you want when something happens. You can also write a daemon to receive realtime notifications from udev (eg. "udevadm monitor" does this). I suggest you look deeper into udev and try and understand it.
<rostam> rbasak, thanks got it
<jamespage> rbasak: done
<rbasak> Thanks!
<swimmer> rostam: another option could be udevil
<zul> jamespage:  https://code.launchpad.net/~zulcss/neutron/2014.1.b2/+merge/203075
<jamespage> zul: +1
<zul> jamespage: https://code.launchpad.net/~zulcss/horizon/2014.b2.1/+merge/203079
<jamespage> zul, needs an asset refresh
<jamespage> -1
<zul> jamespage:  f..
<zul> jamespage:  fixed
 * jamespage goes to make his eyes hurt
<zul> jamespage:  hah
<jamespage> zul, you need to add the new assets it generated to the branch
<jamespage> -1
<zul> jamespage:  *sigh* can you take care of horizon, its starting to piss me off
<zul> jamespage:  https://code.launchpad.net/~zulcss/ironic/2014.1.b2/+merge/203090
<rbasak> jamespage: FYI, looking at mysql now. Looks like this one will take me a while.
 * rbasak disappears into a corner to work on it.
<jamespage> zul, ok - re horizon
<zul> jamespage:  thanks
<zul> jamespage:  ironic is going to have sqlalchemy problems as well :(
<jamespage> zul, oh great
<jamespage> when does that all land upstream?
<jamespage> zul, horizon done and uploading btw
<zul> jamespage:  icehouse-3 i think
<zul> jamespage:  requirements repo got updated last week and the gates are backed up
<jamespage> zul, fwiw I confirmed bug 1248519 on trusty
<jamespage> cinderclient
<zul> looking
<zul> jamespage:  do you know if the attached review fixes it?
<zul> jamespage:  so i was looking at django-compressor and beautifulsoup is optional dependency
<jamespage> zul, which bits do we use for openstack?
<jamespage> and does the test suite pass without it as a bd?
<zul> jamespage:  not sure about the openstack bits, you need a patch that was pushed upstream like 2 hours agao
<zul> jamespage:  i think we will be fine with out it
<zul> jamespage:  the saucy version didnt have bs installed and i dont think we had any problems with the compression did we?
<jamespage> zul, no - it worked OK - but bear in mind this is a distro package, not an openstack package
<jamespage> we need to get rid of beautifulsoup in favor of bs4
<zul> jamespage:  agreed
<zul> jamespage:  lemme try something first
<jamespage> zul, ok
<zul> jamespage:  http://django-compressor.readthedocs.org/en/latest/quickstart/#dependencies
<zul> jamespage:  ok i unerstand this now
<zul> jamespage:  upstream django-compressor (in github) use bs4 for python3 support
<jamespage> zul, oh
<Vasa> is it possible to configure pptp to work in a way that there is a lan-like connection between all the clients? and if so what term do you recommend me to google for? i tried pptp work like lan
<hitsujiTMO> Vasa: i assume you mean you want a NAT
<Vasa> well maybe, its just i am trying to play games like CIV and i want to avoid the use of stuff like hamachi
<Vasa> do you think PPTP can be configured to work that way?
<hitsujiTMO> Vasa: are all the clients connecting to the vpn?
<hitsujiTMO> Vasa: or are some on the local lan where the vpn is?
<Vasa> hitsujiTMO yes but when i tried it, i couldnt see them in the game in the list i assume some ports are blocked?
<Vasa> but it works fine in a VPN client such as tunnegle
<Vasa> and yes there was ping between the clients in PPTP
<hitsujiTMO> Vasa: then you need to set up the pptp clients in bridged mode
<hitsujiTMO> wait. forget what i just saud
<hitsujiTMO> Vasa: ok, where is the vpn? someones house or a private server in a data center or what not?
<Vasa> VPS
<Vasa> i am not sure what the problem is tho, ports being blocked?
<Vasa> it doesnt transfer all the ports via the tunnel?
<hitsujiTMO> Vasa: if you can ping them but the game cannot connect then it sounds like a firewall issue on the host
<hazmat> re lxc anyone know what this means.. $ lxc-start -d -n eis-m1 -> lxc-start: Executing '/sbin/init' with no configuration file may crash the host
<hazmat> oh.. nevermind.. container wasn't defined..
<hxm> i have configured a ldap server, I can add users and so on, but how to create an user that already exists in the machine? when I set up the unix I get the conflict
<pmatulis> hxm: don't do that (create same user)
<Ryan_Lane2> howdy. in 12.04 I could install cgroups-bin and use /etc/cgconfig.conf and /etc/cgrules.conf. it seems this package now just installs cgroups-lite, and I can't see how to use cgconfig/cgrules
<Ryan_Lane2> in 14.04
<Ryan_Lane2> what do I need to do to use cgroups in 14.04?
<sarnold> Ryan_Lane2: a new cgroup manager is under construction, you can see progress here: https://github.com/hallyn/cgmanager
<Ryan_Lane2> right, so I need to use that?
<sarnold> Ryan_Lane2: likely, yes; it wouldn't hurt to look into it now, and expect that'll be easiest for 14.04..
<Ryan_Lane2> any documentation?
<Ryan_Lane2> does it use cgconfig/cgrules or no?
<sarnold> Ryan_Lane2: dbus messages, as far as I've read through it so far
<Ryan_Lane2> -_-
<sarnold> I don't know if it is planned or expected to write compatibility interfaces with the older mechanisms or not..
<hxm> pmatulis: but then I will have duplicated users
<hxm> shall I remove the system user and create it via ldap?
<joshu_> hi what are some suitable ways to monitor an ubuntu server acting as a firewall, dhcp, nat, openvpn? The server is an edge virtual machine for a group of cloud servers. I'm interested in what is recommend to monitor in terms of bandwidth through the ubuntu server (router), the health of the server so that I know if something is going wrong instead of manually logging on to check things...
<sarnold> joshu_: monitoring tends to take one of two forms, you've got your nagios-style up/down checks and you've got collectd-style statistics collection. both are useful. also investigate mrtg and munin.
<joshu_> sarnold is using a service such as pingdom relevant?
<patdk-wk> depends on WHAT you need to monitor
<joshu_> sarnold i.e. if pings fail something is wrong...
<patdk-wk> nothing you said, in your first post, says pingdom would help at all
<sarnold> joshu_: if ping is a good representation of what you care about.. :)
<patdk-wk> pingdom is to know, if *random people on the network* has issues talking to you
<patdk-wk> the issue is, hell, the kernel can almost completely crash, and ping wil lwork
<patdk-wk> you can remove all disks from the server, and ping will work
<sarnold> joshu_: the linux-ha folks have piles of monitoring tests for their services that actually check the services are functional. that makes most sense to me..
<joshu_> patdk-wk sarnold ok I see what you mean.
<joshu_> So if the server is acting as a router/ firewall then I should focus on network related monitoring, but in addition to that monitoring CPU, memory, storage is also important to get an overall picture?
<patdk-wk> normally, track connection count, traffic in/out, link status
<joshu_> i'll brb
<joshu_> back.. patdk-wk and those metrics you mentioned what tool do you use?
<pmatulis> hxm: yes, just keep a few key local users, like root and a few who can become root via sudo
<patdk-wk> I use munin
<joshu_> i'll google it
<hxm> miss clicked
#ubuntu-server 2014-01-25
<MavKen> anyone have experience with installing Zurmo?
<alberge> hey folks, I've been using HVM images from http://cloud-images.ubuntu.com/locator/ec2/
<alberge> but noticed that there aren't any for us-west-1
<sarnold> alberge: hrm, I see us-west-1 images for trusty, saucy, raring, quantal, precise, oneiric (!), natty(!), maverick(!), lucid, karmic(!), and hardy(!)
<alberge> specifically hvm
<sarnold> ooooo
<alberge> (in order to run the shiny new i2 SSD-backed instances, which are only available on hvm)
<sarnold> smoser: are you the right one to ask about hvm AMIs at http://cloud-images.ubuntu.com/locator/ec2/ ? us-west-1 doesn't appear to have any hvm instances
<smoser> is there hvm in us-west-1 ?
<sarnold> good question :) hehe
<smoser> it would appear there is.
<smoser> and yeah, alberge we should have them.
<smoser> utlemming, ^
<smoser> it seems that there are hvm in all regions now.
<smoser> at least i see 'hvm/amzn-ami-hvm-2012.09.0.x86_64-ebs' in all regions
<smoser> err... amazon/amzn-ami-hvm-2012.09.0.x86_64-ebs
<utlemming> smoser: looking now
<smoser> http://paste.ubuntu.com/6811533/
<utlemming> sarnold: you're right, its not show the ami for us-west-1
<sarnold> utlemming: thank alberge, I just poked smoser, I figured he'd know :) hehe
<smoser> i didn't realize there was hvm in all regions.
<smoser> i use ec2 (and pay attention to it) so much less than i used to
<smoser> as there are other options now
<utlemming> smoser: I didn't realize that either
<utlemming> ths will get fixed asap
<MavKen> digitalocean has ubuntu images... it is great
<MavKen> on SSD
<smoser> MavKen, yeah, but they're not the cloud images.
<smoser> no cloud-init.
<smoser> what fun is that.
<MavKen> oh ok
<smoser> :)
<smoser> just kidding. really, they're price-performance really, *REALLY* hard to compete with.
<smoser> i use them for toying around.
<MavKen> yeah... I've always had shared hosting in the past but ubuntu server at home... have learned alot about the server side since leaving hostgator shared
<MavKen> moved 21 of my clients to one $10 droplet and never have performance issues (all small sites, average 1k hits a month)
<smoser> i still have shared hosting @brickies.net on dreamhost.
<smoser> you can't beat the price.
<MavKen> nope
<smoser> i split, *split* a $9/month plan at dreamhost :)
<sarnold> heh, how many gigs of storage are you up to on dreamhost? :)
<MavKen> I took one look at AWS for the free year but damn that control panel is too much
<MavKen> haha
<smoser> for a while i had cirros-cloud.net serving images off of dreamhost.
<sarnold> hahah, nice :)
<smoser> http://download.cirros-cloud.net/
<smoser> i forget the traffic, but I calcualted it at like $60 a month in traffic.
<smoser> i moved it to cloud files on rackspace because they gave openstack committers $500/month credit
<smoser> (and it is now a lot faster download)
<sarnold> that $500 was PER MONTH?
<sarnold> zounds :)
<smoser> yea. for 24 months.
<smoser> up to $500 credit.
<smoser> yeah, so cirros has done 107.19 GB in traffic in 11 days of this billing cycle. on cloud files.
<smoser> so that $60 is high. but easily it was doing $30 in traffic out of dreamhost on my $9/month plan.
<alberge> thanks smoser, it seemed like it was just an unintentional omission
<alberge> another question: is there a reason that all the hvm AMIs are EBS-backed rather than instance-store?
<smoser> :)
<smoser> well, initially thats all there was (i think).
<smoser> now with the instance store's getting ssds, there makes sense to have them.
<alberge> yeah that sounds familiar
<smoser> so, yeah, that request has been made. i think utlemming is looking into it.
<alberge> awesome, thank you both
<alberge> anything I can do to help, or to get an update when you've built the new ones?
<smoser> alberge, well, they'll show up on that locator.
<smoser> also in the simplestreams data.
<smoser> alberge, shameless sstream-query promotion:
<smoser> http://paste.ubuntu.com/6811720/
<MavKen> is there a best practice of setting up hosting clients at /home/client/public_html or /var/www/client/public_html ?
<sarnold> not that I know of
<MavKen> ok
<MavKen> i always run into permission issues... and I don't know why I have such a hard time with it
<utlemming> alberge: we're blocked, but should have those shortly
<utlemming> alberge: I hope to have them within a few weeks
<alberge> that's instance-store backed ones?
<alberge> utlemming: that's super exciting, let me know if I can help out in any way
<axisys> added this in /etc/manpath.config and rebooted the system.. still does not show in manpath
<axisys> MANPATH_MAP     /var/qmail/bin          /var/qmail/man
<axisys> what gives?
<axisys> I added the bin path to /etc/environment and I needed to reboot to get the MANPATH
<axisys> is there a way to activate it without reboot
<MavKen> if I am hosting several wordpress sites, is there anything wrong with doing everything as root and never creating a user?
<utlemming> alberge: will do
<utlemming> alberge: I've turned on hvm ebs for all regions, they are going to land with the next batch updates. Precise will with 12.04.4
<omdreams-home> ping - anyone alive
<DenBeiren> I'm having issues with my cron
<DenBeiren> it's configured to shut down my server, but it doesn't :-)
<DenBeiren> not as user, not as root
<shredding> Hey all.
<shredding> I have two servers and can login to both via ssh from my machine, but i cannot ssh from one server to another (want to do rsync).
<shredding> I can't as well ping the other server.
<shredding> And that's where my knowledge about networks end.
<shredding> How could i investigate?
<at54tl> hello
<able> For some strange reason the 13.10 installer doesnt see my existing windows partitions (gpt layout)
<hitsujiTMO> able: have you loaded the installer in uefi mode or legacy grub/csm mode?
<able> unknown
<able> its a nehalem box, I guess there is no UEFI
<able> how do I select between the two?
<able> there is no uefi/csm setting in bios, I guess nehalem (the first Core iX-series) was before UEFI
<able> windows works fine with the disk in gpt mode though
<hitsujiTMO> able: if you've a gpt disk then you should have a uefi setup. what version of windows is on the drive?
<able>  server 2012 r2
<able> so... 8.1
<hitsujiTMO> able: can you pastebin the output of: sudo fdisk -l
<able> i see whats wrong
<able> i set the drive to gpt whole installing windows but I did not reboot
<able> so.... it has a gpt header but is in reality mbr
<able> shait
<hitsujiTMO> 2 secs
<hitsujiTMO> !fixparts
<hitsujiTMO> use this: http://www.rodsbooks.com/fixparts/
<hitsujiTMO> its in the repo
<hitsujiTMO> hmm. install gdisk package to get fix parts. it will allow you to remove the false gpt info
<makara> recommend a domain name registrar?
<highvoltage> gandi.net
<bekks> makara: "domain dealer of your choice" ;)
#ubuntu-server 2014-01-26
<joshu> I just received an email notification saying that my fail2ban jails stopped. Then they restarted. Seems odd why they would stop. Any suggestions on how to check if this was malicious?
<MoleMan> Could somebody provide instructions / a basic how-to for compiling SSH Server 6.2 for Ubuntu server 12.04, or even better provide a link to pre-compiled version please?
<Patrickdk> let me guess
<Patrickdk> pci compliance report?
<MoleMan> no, just want to use multiple auth function
<Patrickdk> hmm
<MoleMan> for Google Auth 2 factor TOTP and SSH keys
<Patrickdk> heh? I do that now
<MoleMan> how?
<Patrickdk> it *just works*
<Patrickdk> I'm doing it on openssh 5.3p1
<Patrickdk> that is much much older than 12.04 ssh :)
<Patrickdk> ok, there it is
<Patrickdk> man sshd_config
<Patrickdk> and read the UsePAM section
<Patrickdk> ChallengeResponseAuthentication (otherwise, ask for token)
<MoleMan> oh yeah, I want to require 2 methods
<Patrickdk> mine does
<Patrickdk> I use password + token
<MoleMan> so SSH key, AND challengeResponse with PAM for the TOTP
<Patrickdk> ya
<Patrickdk> ssh key will bypass password+token
<Patrickdk> cause ssh key will bypass pam
<MoleMan> yeah
<MoleMan> thats not what I want
<Patrickdk> ok, that, you might need 6.2 for :)
<MoleMan> I want to require SSH key and TOTP, which is a 6.2 feature with the 'AuthenticationMethods ' option
<Patrickdk> it's in saucy
<Patrickdk> it should be simple to download the saucy source, and resubmit it for precise
<Patrickdk> or just compile it locally
<Patrickdk> http://packages.ubuntu.com/saucy/openssh-server
<Patrickdk> on the right, download source package, download all 3
<Patrickdk> then, dpkg-source -x openssh_6.2p2-6ubuntu0.1.dsc
<Patrickdk> then dpkg-buildpackage -us -uc
<MoleMan> do the compressed files need extracting first or just leaving as they were downloaded?
<Patrickdk> as is
<MoleMan> okay, thanks, I'll try that
<MoleMan> sounds a fair bit simpler than I was expecting :)
<Patrickdk> the issue your likely have, maybe, is dependencies
<MoleMan> which is why I was hoping someone had a PPA or something for it  :p
<Patrickdk> but that should be easy to fix
<Patrickdk> I don't, but I could add it to mine in a few min :)
<Patrickdk> I have lots of other things in there :)
<MoleMan> hehe :p
<MoleMan> just discussing how easy it would be to upgrade the server completely not sure whether it's worth the hassle
<Patrickdk> I personally wouldn't
<Patrickdk> looks like it, just works :)
<MoleMan> the first command you gave works, the second is giving me errors trying to find a changelog though
<Wilkim> hello
<Wilkim> I have been trying to follow tutorials online on how to use LVM to test some stuff out on my OS, I understand very little and am a noob. when i set the OS up I just did the normal setup, how can i tell what my volume group is?
<Wilkim> or the default voume group
<MoleMan> can you remember if when you set it up, you told it to use LVM or not?
<MoleMan> Wilkim: `sudo vgs` should list all volume groups
<Patrickdk> you need to be in the openssh-6.2p2 folder
<Patrickdk> for that second command
<Patrickdk> it's building in my ppa currently
<MoleMan> you might need to run `sudo vgscan` to scan for volume groups first
<Patrickdk> https://launchpad.net/~patrickdk/+archive/testing
<Wilkim> thank you! now i tried sudo lvcreate -L 4G -s -n initalconfig /dev/ubuntu-vg/initalconfid and i get back: Snapshot origin LV initalconfid not found in Volume group ubuntu-vg.
<Wilkim> config*
<Wilkim> i corrected my spelling ther first time,
<Patrickdk> looks like the ppa is going be 30min though
<Wilkim> sudo lvcreate -L 4G -s -n initalconfig /dev/ubuntu-vg/initalconfig: Snapshot origin LV initalconfig not found in Volume group ubuntu-vg.
<MoleMan> jesus :p thats why I don't compile stuff then if it takes that long!
<Patrickdk> no, it's the ppa
<Patrickdk> it took me like 2min to compile
<MoleMan> ah okay
<Patrickdk> but the ppa, is 11min till it gets to compile it, currently
<Patrickdk> it will take the ppa like 10min to compile it or so
<Patrickdk> then another 5-10min for it to publish the results
<Patrickdk> ppa's are slow for this stuff, but good to distribute
<MoleMan> I don't know how PPAs work
<MoleMan> I just presumed compiling it would create a standard package or something, that could be distributed / added to a repo
<MoleMan> didn't realise they were different
<Patrickdk> it does
<Patrickdk> but the ppa first has to build a buildserver to compile it on
<Patrickdk> and then it has to publish it to a repo when finished
<Patrickdk> so, 30min turnaround time for a ppa is good
<MoleMan> ah okay
<Patrickdk> sometimes it's so busy, it will say, 12hours till it has time to compile :(
<MoleMan> hmm, now getting unmet dependancy errors
<MoleMan> probably not the best time to be doing this
<Patrickdk> well, I had them all, so you probably just don't have it installed for your version
<Patrickdk> apt-get build-dep openssh-server
<Patrickdk> I had already customized the 12.04 openssh server, so I had them already installed
<Patrickdk> it was if they changed from 12.04 to 13.10 I was worried about
<MoleMan> ah
<MoleMan> of fun, adding all the clutter to my AWS instance :p
<Patrickdk> heh, I have one vm I use to package stuff on
<Patrickdk> keeps all the mess there, or really keeps it clean of non-build stuff
<MoleMan> yeah
<MoleMan> probably should, but I'm lazy
<MoleMan> I've not compiled anything in as long as I can remember
<MoleMan> well, I lie, I know I compiled /something/ at /somepoint/ no idea what or when though
<Wilkim> Anyone know why when I try this: "sudo lvcreate -L 4G -s -n initalconfig /dev/ubuntu-vg/initalconfig" I get this as an error: Snapshot origin LV initalconfig not found in Volume group ubuntu-vg.
<Patrickdk> Wilkim, try a valid command?
<Wilkim> Patrickdk what do you mean, sorry
<Patrickdk> well, what are you attempting to snapshot?
<Wilkim> just my whole os the way it is
<Patrickdk> ok, and it's name?
<Wilkim> honestly, I dont know lol, im new to linux
<Patrickdk> learn to use, lvs
<Wilkim> "/dev/sda2"
<Patrickdk> that is not in lvs
<Patrickdk> pastebin the output of lvs
<Patrickdk> or better
<Patrickdk> the output of vgs and lvs
<Wilkim> ah sorry, ty
<Wilkim> http://pastebin.com/aAvUCCTe
<Patrickdk> lvcreate -L 4G -s -n root-initalconfig ubuntu-vg/root
<Wilkim> http://pastebin.com/psgA2M7U
<Wilkim> thank you!
<Wilkim> how can i list all snapshots? :s
<Patrickdk> lvs
<Patrickdk> a snapshot shows up as a normal entry, makes it alittle confusing
<Patrickdk> why I put the root- in front
<Wilkim> its ok thank you, when i try to run the command it says:  Volume group "ubuntu-vg" has insufficient free space (13 extents): 1024 required.
<Patrickdk> that is cause root has it all
<Patrickdk> your volume is only 37gigs
<Patrickdk> and it's all used up, between root and swap
<Wilkim> I see, meh I didnt know i had to reduce "root" in order to use lvm =/
<Patrickdk> well, you need emptyspace to create new stuff
<Wilkim> ah its ok, ill re-create the os, i havnt really done much new stuff
<Wilkim> much stuff to it * ty
<Patrickdk> no need
<Patrickdk> resize2fs to make it smaller
<Patrickdk> then use lvresize to adjust the lvm smaller
<Wilkim> wow theres a lot you can do in linux eh
<Wilkim> I am a windows guru but such a noob in linux
<bekks> People calling themselves "gurus" arent gurus at all, to my experience. :>
<Wilkim> resize2fs makes the partition smaller?
<Patrickdk> both smaller and larger
<bekks> resize2fs resizes filesystems - depending on the options and the filesystem you are using, it may even work online.
<Wilkim> Well I am not a guru, but IT techs at work come to me for questions about windows when they need somthing lol
<Patrickdk> to make smaller, I don't think it can do it online
<Patrickdk> for that I like to reboot using the sysrescd iso
<bekks> shrinking filesystems doesnt work online.
<Wilkim> thank you Patrickdk thank you i will try to do all that in a little, gotta take care of something
<Patrickdk> heh, easier than my last 7 hours on the phone with vmware
<Wilkim> thats a long time on the phone lol
<Wilkim> I hope everything works out for you
<Patrickdk> ya, back where I started before the call :)
<Wilkim> thats how it goes for me usually lol
<Wilkim> So, for when I do this, all i did out of the box of ubuntu-server is setup a static ip and installed dnsmasq, so its like 5 mins to re-do that
<Wilkim> if i reinstall ubuntu-server, do I just not want to use some space to use it for snapshots? :s
<Patrickdk> ya, but your going get into lots of lvm fun, to setup custom partitioning
<Patrickdk> cause it will always go maxsize by default
<Wilkim> meh, ill deal
<Wilkim> thank you!
<Patrickdk> ya, it's deal with that install interface to do it, or do it afterwards :)
<Patrickdk> I feel afterwards is quicker, requires less thought too :)
<MoleMan> feck
<MoleMan> Patrickdk: can you compile for i386 on an amd64 platform?
<Patrickdk> only amd64 :)
<Patrickdk> but the ppa is compiling now
<MoleMan> yeah
<MoleMan> I just though fuck it, use the ppa
<MoleMan> I may just replace my AWS instance to 13.10 to keep the crap off it
<MoleMan> but PPA will be useful for my home server for the next few weeks until I finish replacing it at least :p thanks :)
<Patrickdk> oh, i386 is done
<MoleMan> thanks :) I think I trust you not to have done anything dodgy with it ;)
<Patrickdk> why the source is included
<Patrickdk> amd64 done
<Patrickdk> just have to wait for publish now
<Patrickdk> I did leave that nsa patch in it
<MoleMan> haha :)
<Patrickdk> ok, the ppa is ready to be used
<Karlthane> Anyone have any experience with Zarafa?
<bekks> !anyone | Karlthane
<ubottu> Karlthane: A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<jrwren_> what is zarafa?
<jrwren_> oh, email and groupware http://www.zarafa.com/
<tsilenzio> hello
<CappyT> Hi everyone, I have a big problem with samba... When I create a user for samba DC (i use samba4 as domain controller) with samba-tool, user is created but I can't add that user to a samba share, because is not also a system user...
<jrwren_> CappyT: yes. that is true.
#ubuntu-server 2015-01-19
<grendal_prime> no i dont get to grub
<Datz> Hi, my samba password keeps getting reset every day. How can I stop this, and why is it happening?
<lordievader> Good morning.
<soahccc> no iowait, CPU is at like 1% and memory is chilling out still a load of 35... wtf
<lordievader> soahccc: Processes waiting for IO? (D state)
<soahccc> lordievader: no that I could say. just one is occasionally running otherwise all are sleeping
<soahccc> lordievader: ohh I see one is in D state... rsync  :<
<lordievader> That is then likely the culprit. And the fun thing about the D state is that you cannot kill them...
<soahccc> lordievader: I just noticed and I think the machine did not survive the reboot :/
<lordievader> ?
<soahccc> hmm or it's checking disks has been a view months since last reboot :)
<soahccc> we have 3 identical machines and 1 syncs to 2 and 3... on the third one I had 50 rsync tasks in D state whilst the second server is all fine... So I guess something went south there
<lordievader> NFS share unreachable?
<soahccc> there is no nfs share just rsync over ssh
<jamespage> sarnold, do you have an eta for when you might get to look at the MIR in bug 1407695 ?
<jamespage> https://bugs.launchpad.net/ubuntu/+source/python-pysaml2/+bug/1407695
<ikonia> can I ask why mir is being raised as a server bug ? is mir still only optional on the server install ?
<rbasak> ikonia: https://wiki.ubuntu.com/MainInclusionProcess
<rbasak> ikonia: MIR != Mir
<lordievader> To keep things simple...
<ikonia> thank you
<abhishek_> can i configure centralised patch management server . I have around 40 Ubuntu servers
<Walex> abhishek_: yes. Look at APT repo caching or mirroring.
<abhishek_> ok . thank you Walex
<Walex> soahccc: 'D' means waiting for IO usually
<Walex> abhishek_: look for example at 'apt-cacher', 'approx', 'apt-mirror',
<hazzardous> Hi, what is the best IPsec server package ?
<jpds> hazzardous: strongSwan.
<jpds> !best | hazzardous
<hazzardous> jpds, so if you have to connect 2000 machines with a network through VPN, do you choose that solution?
<jpds> hazzardous: It's in main and thus gets security updates.
<jpds> hazzardous: Just: sudo apt-get install -y strongswan # Done.
<jpds> hazzardous: I have lots of experience with it and it just works.
<jpds> hazzardous: And for you, it's made in .ch.
<hazzardous> jpds, ipsec-tools and openswan are also in standard distrib...
<jpds> hazzardous: Not in main.
<hazzardous> Swiss is a ++ :-)
<jpds> hazzardous: And both projects have been abandoned as far as I know.
<hazzardous> ok... so i'll take a look to strongswan !
<hazzardous> thank you
<jpds> hazzardous: There is no "best", you need to poke around and see what fits your needs.
<jpds> I can't think of why strongSwan wouldn't be able to handle 2k clients.
<jpds> And it's all open-source software.
<hazzardous> jpds, thank you for your advice
<jpds> hazzardous: https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes#strongSwan
<patdk-wk> heh?
<patdk-wk> openswan hasn't been abandoned
<patdk-wk> the maintainers don't update it often though, and the orig developer forked it to libreswan
<jpds> patdk-wk: It has.
<patdk-wk> what do you mean, it has
<jpds> patdk-wk: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736557
<patdk-wk> ok the debian package of it has been, but not openswan itself
<patdk-wk> though, everyone should have moved onto libreswan though
<jpds> strongSwan's also going strong.
<patdk-wk> strongswan is strong for a few reasons
<patdk-wk> cause it is very diverse
<patdk-wk> but that is also it's problem, making it more confusing and heavy
<jpds> libreswan documentation seems a bit sparse.
<patdk-wk> I thought strongswan was more sparse
<jpds> I found it was fairly simple once one got their head around it.
 * jpds was comparing https://libreswan.org/wiki/Configuration_examples vs. https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation
<patdk-wk> well, strongswan does a LOT more than libreswan too
<patdk-wk> also requiring more documentation
<patdk-wk> gone over those strongswan things over and over many times, till I got it kindof working
 * jpds wrote a puppet module for the necessary bits: https://github.com/jpds/puppet-strongswan
<patdk-wk> not saying it's not nice, but it's way overkill for most
<Walex> put it briefly, both strongSwan and libreSwan are pretty good. Other IPsec implementations exist but are not as actively maintained.
<Walex> Libreswan is currently in some ways a bit behind stronSwan but it is being also quite actively developed.
<Walex> for most people they are equivalent.
<sudormrf> ppetraki, you around? :)
<ppetraki> sudormrf, just in time for lunch :) sup?
<sudormrf> in a 4 disk mdadm setup using RAID 1, you would have to create two raid arrays to have two usable disks, correct?
<ppetraki> sudormrf, min number of disks required form a RAID1 is 2 disks. Then there's the issue of hot spares which is a whatever your policy is
<ppetraki> sudormrf, http://www.thegeekstuff.com/2010/08/raid-levels-tutorial/
 * ppetraki very high level overview
<patdk-wk> sudormrf, depends on what your goal is
<patdk-wk> you can do two raid1 (of two disks)
<patdk-wk> or a single raid1 (of 4 disks)
<Azaril> can you use trusty packages in precise?
<patdk-wk> or a raid10 (of 4 disks)
<patdk-wk> Azaril, yes and no, it highly depends on the package itself
<patdk-wk> but normally the answer is *no*
<sudormrf> patdk-wk, the goal would be to have a single array of 4 disks, 2 usable, 2 mirrored in one raid array.  so would that be raid 10?  if so, does mdadm support that?
<patdk-wk> yes, raid10
<sudormrf> patdk-wk, ok cool.  I am testing all this out in a VM before I go and use it, so just trying to figure things out :)
<sudormrf> first time using mdadm
<sudormrf> ok that is all setup.  now working on setting up whatever is necessary to make it a time machine client as well :D.
<ppetraki> sudormrf, how fast is it? fio --fallocate=none --direct=1 --ioengine=libaio --prioclass=1 --prio=0 --time_based --mem=malloc --randrepeat=0 --norandommap --runtime=10 --bs=4k --rate=0,0 --iodepth=1 --rw=randread --size=0 --offset=0 --name=/dev/loop200 --cpus_allowed=0  --grou
<ppetraki> sudormrf, change /dev/loop200 to MD device. *do not do a write test to a block device unless you don't care about the data*
<sudormrf> ppetraki, not really caring about a test right now
<sudormrf> it is entirely virtual and entirely for testing.  just trying to get my feet wet with it before I actually build something out :)
<ppetraki> sudormrf, sure, just good to know. also that should be --group on the end, copy paste error
<sudormrf> I can test
<sudormrf> if you want.  will probably be pretty slow because VM over USB
<sudormrf> but sure
<sudormrf> ppetraki, any experience with setting up time machine in ubuntu server?  seeing different tuts all over the net and all of them are slightly different.
<ppetraki> sudormrf, its more for your reference, its a good idea just to see what its like. Also on a live array, you can do read block tests over time to see if it's degrading, which is a sign of a backing store beginning to fail, as it's taking longer to complete.
<ppetraki> sudormrf, no experience with time machine
<sudormrf> ppetraki, thanks :).  I will try it :D.  do you recommend read block tests be done with a cron job on a periodic basis (once a day or so?).  also, what is a backing store?
<ppetraki> sudormrf, backing stores are the things that make up the MD
<ppetraki> sudormrf, once a month is fine.
<sudormrf> once a month.  good to know.  so if a backing store is beginning to fail, does that mean a drive is going to fail?
<ppetraki> sudormrf, backing store *is* the drive, the MD device is considered a logical volume
<sudormrf> oh.  so when doing the test does it tell you which backing store is having the problem, or does it only show the whole array?
<sudormrf> would smart checks accomplish basically the same thing?
<ppetraki> sudormrf, So testing against MD0 tells you generally if there's a problem, and if there is then you would start looking at the backing stores e.g. SD devices.
<ppetraki> sudormrf, you can run it periodically or make a script
<sudormrf> what I was thinking was to use NRPE to do SMART checks
<sudormrf> is one method better than the other?
<ppetraki> sudormrf, what real SANs do is keep performance counters for all the backing stores and look for descriptiveness , these generally precede smart triggers
<sudormrf> ah.  gotcha
<ppetraki> not really familiar with nagios, it probably works
<sudormrf> there may be an NRPE plugin that does the test that you are describint
<sudormrf> describing
<sudormrf> I will have to look in to it
<ppetraki> probably not, that's work :)
<sudormrf> LOL I use nagios right now and like it.  for something as basic and yet as critical as you are describing I would be surprised if someone hasn't created a plugin to do this.
<ppetraki> sudormrf, it requires tuning and lots of testing, sure I could write on to generalize it.... and then be inundated with bug reports for false positives
<sudormrf> no no no, not asking you to do it.  saying that someone may have already done it :D
<ppetraki> sudormrf, maybe
<sudormrf> yeah.  I will check in to it :)
<sudormrf> well I have made some headway in regards to timemachine.  got it setup on the server and it is showing in the OSX vm.  just can't get it authenticated (doesn't work in finder either), so checking in to that.
<ppetraki> cool
<nickander> you are running time machine on an ubuntu server?
<sudormrf> nickander, trying to setup the server to receive time machine backups
<sudormrf> for some reason the OSX vm is having issues connecting to it at all (not just time machine)
<sudormrf> trying to track down what is happening
<sudormrf> think I found the problem
<nickander> sudormrf: are you using smb?
<sudormrf> nickander, have you done this setup?
<nickander> no, but i work a lot with enterprise mac / linux stuff
<sudormrf> oh, nice :D.  well the problem appears to be with the avahi-daemon
<nickander> are you trying to use .local addresses?
<nickander> because i would not recommend that, i think apple is trying to phase those out
<sudormrf> http://paste.ubuntu.com/9788170
<sudormrf> shouldn't be
<sudormrf> the server is not acting as a DHCP/DNS server, so if .local is appended automatically that is something I would have to look at
<nickander> avahi allows a server to interact with the bonjour service
<sudormrf> you see the netatalk panic
<sudormrf> looks like it may have to do with the order the services start
<nickander> haven't played much with netatalk
<sudormrf> going to try something
<nickander> bonus points for using afp
<sudormrf> heh.  I am just looking at the tuts I could find.  if you have a better suggestion (that doesn't have this silly issue with netatalk) and works I am willing to try it :D.  doing this all in a VM first so when I actually build out the system the setup will be quick
<sudormrf> made some progress.  can now connect to it through finder, but now time machine doesn't see it.  trying some more things.
<sudormrf> got it!
<sudormrf> yay
<ppetraki> \o/
<sudormrf> :D
<sudormrf> in reality this isn't going to get used all that much as anything important is on the main server
<Guest33455> Hi, I have a (virtual) server that was migrated to another hardware node and no services are started, do you have any recommendation to find what causes the problem? I've manually connected to my server over VNC to enable networking and ssh but otherwise no services are running excepting the default ones
<byprdct> Hi everyone. What's the best way to replicate a base server I always use?
<nickander> rsync
<nickander> oh wait, what do you mean by base server
<nickander> as in the base install before services are configured?
<Guest33455> follow up on my previous question (which you can ignore), I've located that "initctl list" results in all services are in "stop/waiting" mode, any tips to find cause?
<byprdct> hi nickander I was thinking of using a base after I install and modify configuration files like nginx etx
<byprdct> etc*
<byprdct> so for instance if I setup server A with all the stuff I like to use to host static websites and I want to beable to use that on different hosting provides like digital ocean, aws, joyent etc what would be the best way to use server a on the different hosting providers?
<byprdct> without trying to go the docker route
<byprdct> overkill I think
<klerik> Hi! Just install KVM server, virt-manager. Try run VM from virt-manager and it write "Cannot access backing file /mnt/VM/xpsp3_lv_kvm.qcow: Permission denied"
<klerik> Which permissions need?
<sudormrf> ok, yep.  everything is now working as expected there.  sweet. that should cover all the stuff I am trying to do with this thing that was new to me (mdadm and timemachine).. weeeeeee
<sudormrf> what do you guys use to backup your servers?  I am thinking of just doing a tar backup of everything, but was wondering if there is a better solution.
<sudormrf> was thinking of using this method: http://www.aboutdebian.com/tar-backup.htm
<ppetraki> sudormrf, rsync.net
<ppetraki> sudormrf, [shameless plug to own blog] http://peterpetrakis.blogspot.com/2013/06/automating-and-encrypting-duplicity.html
<rberg_> duplicity is pretty convenient if you want encryption / compression
<sudormrf> ppetraki, checking out your blog
<sudormrf> in this case, encryption is not necessary.  just compressed archives.
<ppetraki> sudormrf, yeah you can just skip that part then
<sudormrf> backing it up to a different network share in case things explode I can quickly recover
<ppetraki> sudormrf, EOD here, hope that helps.
<sudormrf> ppe? lol
<sudormrf> oh
<sudormrf> laters
<sudormrf> rberg_, what makes duplicity better than the tar'ing method?  just curious, never used duplicity :)
<sudormrf> looking at the info here: http://www.cyberciti.biz/faq/duplicity-installation-configuration-on-debian-ubuntu-linux/ and specifically the exclude section, it looks almost identical
<sudormrf> more robust?
<sudormrf> built in rotation is nice.
<rberg_> everything duplicity does you can do with the standard tools and big pipeline, its just a bit more convenient I think..
<MACscr> how can i disable any of this automatic ipv6 stuff on my servers? i only want it setup with what i have in my network/interfaces file, nothing else.
<sudormrf> rberg_, yeah that is what it is looking like.  will probably use duplicity due to the ease of rotation
<sudormrf> hmm.  maybe not
<sudormrf> hmm there we go
<sudormrf> testing this out in a VM right now to see how it goes.  if all goes well I will create a script and pop it on to my two servers :D
<sudormrf> rberg_, does duplicity use compression by default?
<rberg_> thats a question for the man page :)
<sudormrf> heh
<sudormrf> truf.  brb
#ubuntu-server 2015-01-20
<miphix_> xD
<miphix_> How's every one doing?
<lordievader> Good morning.
<caraconan> Hi here. I'm a little bit confused here. I had a 12.10 server, and then after a "sudo do-release-upgrade" I can see "13.10" in my /etc/issue, but looking at https://wiki.ubuntu.com/Releases it's marked as end of life. What should I do to upgrade my server to the... "current" version? Thanks
<caraconan> Ok, I can imagine that I'm missing another jump
<lordievader> caraconan: Continue the upgrade procedure.
<caraconan> ok thanks
<dominic1134> hi there, we're looking for developers and package maintainers which would like to join our development team for an open source anti spam appliance project. check out www.openas.org . we're happy to hear from you :-)
<thor77> hello, i have an ubuntu-vps with a nginx-webserver. i want to easily (without sudo) copy/edit files to /usr/share/nginx/ (the webserver's root). what's the easiest way to archive this?
<teward> thor77: beat yourself with the guide to linux - there's a thousand safety reasons for why you don't do that.
<teward> thor77: not to mention, you shouldn't put your web root in a package-maintained directory anyways, and should make an alternate directory, either as a subdirectory in there (as root/sudo) or elsewhere, so long as nginx has +x on the directories (and the ability to read the files)
<teward> thor77: the biggest reason for me saying don't use /usr/share/nginx/ directly and either use a directory under that or move elswhere, is because https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1194074
<teward> thor77: the second biggest reason is you don't want a hijacked user account to be able to edit the files without needing the sudo password - this is also why you should SSH Key Auth Only your server so you don't have rouge access in case your password gets stolen
<teward> (and use a different password on your SSH key)
<patdk-wk> teward, why?
<thor77> teward: okey, okey, didnt thought about the security issues
<patdk-wk> so your trading a stolen password for a stolen rsa key?
<patdk-wk> you should use 2factor
<thor77> tekk: and my server is using ssh key auth only
<thor77> ssh key is protected with a password
<patdk-wk> password + keyauth, keyauth + token, password + token, something
<patdk-wk> ssh key can be brute forced
<teward> patdk-wk: and you can brute force a 2048bit key in how long?
<patdk-wk> it is not 2048 bit
<teward> patdk-wk: then what's the bitstrength of a default generated ssh key in 14.04
<teward> patdk-wk: point standing: it's easier to bruteforce a password than the privkey.
<thor77> my ssh-key is 2048
<patdk-wk> we aren't talking about the generated key
<patdk-wk> we are talking about the PASSWORD protecting that key
<thor77> the key is on my local computer
<teward> patdk-wk: this is a discussion for elsewhere, IMO
<patdk-wk> your password is also on your local computer
<patdk-wk> till it got compromised :)
<teward> patdk-wk: again, discussion for elsewhere
<teward> thor77: i strongly suggest not changing the permissions for the folder, and use another path, but NOT in the home dir
<teward> (there's other security considerations there)
<thor77> teward: i will think about it, thanks for your suggestion
<teward> patdk-wk: if only everyone followed the SANS recommendations: don't use the same password for everything
<patdk-wk> that is good, but don't put all your credentials in one location :)
<patdk-wk> that is even harder
<patdk-wk> but 2factor helps that, storing two passwords for everything, in two locations
<teward> patdk-wk: and the "Use Strong Passwords!  > 12 characters, alphanumeric+punctuation+special symbols, random
<teward> patdk-wk: true
<thor77> but if i use a new folder, is it a security issue when the web-user AND my normal-user have write acess to it?
<patdk-wk> stolen laptop, stolen phone
<patdk-wk> not likely for both to happen at once
<teward> patdk-wk: my passcode db is inside a truecrypt container inside an ecryptfs container on a hardware-encrypted flash drive
<patdk-wk> atleast for me
<teward> which itself has a pincode that if yo ufail 10 times the data is nuked
<thor77> you are very paranoic...
 * teward may be a little paranoid :)
<patdk-wk> lets see
<patdk-wk> mine is in a keepass file
<patdk-wk> on a encrypted drive
<patdk-wk> that is secured via a usb token
<patdk-wk> that is secured via a nother usb token
<patdk-wk> that is secured via a password
<teward> oop i forgot to mention the PGP encrypted files... eheheheheh
 * teward keeps that on a separate device
 * teward forgot he got more paranoid :)
<patdk-wk> I attempt to use 25random char passwords :(
<patdk-wk> so many places limit me to 15chars or sometimes less
<teward> patdk-wk: wish there were ways to use yubikey cloud otps on everything but meh
<patdk-wk> we did go paranoid with rsa keys, I forced them too though
<patdk-wk> rsa logins work, but require token auth also
<teward> patdk-wk: my keys are 8192bit strength so meh
<teward> and they in turn require passwords that were randomgen'd > 64 characters
<teward> so........
<teward> :P
<arcsky> hello, i have a few Ubuntu-servers running at my office. I wonder if there are any mangmenet open tool for lets say upgrade it and other mangment stuff
<patdk-wk> apt-get
<teward> patdk-wk: i think he means en masse management and such
<teward> rather than connect to each manually
<teward> landscape or puppet come to mind... but i'm not a fan of either
 * teward prefers the manual touch :P
<patdk-wk> yes, he wanted landscape
<patdk-wk> but he also said open tool
<teward> patdk-wk: heh
<patdk-wk> and that means, basically no
<arcsky> GUI crap
<patdk-wk> puppet isn't exactly what he wanted :)
<patdk-wk> plus again, not open, so chef, but still not what he wanted :)
<arcsky> Puppet good?
<patdk-wk> as good as the person setting it up and using it
<marty_axel> can someone help me with vsftpd configuration?
<thor77> marty_axel: use ssh
<thor77> you dont need vsftpd, if you have sshd installed
<thor77> you can use sftp and scp then
<ppetraki> or rsync
<marty_axel> mhmm...
<marty_axel> i configured vsftpd from google. All perfect, but when i set pasv_address=my_public_ip and try to connect using my public ip, it`s not working. I can connect with localhost and 192.168.1.14, but not with public ip
<teward> !crosspost | marty_axel
<ubottu> marty_axel: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.
<teward> (pick here or #ubuntu - stick to it - that's the most effective method)
<rbasak> kickinz1: can you take bug 1412830 please? I can help you through it.
<kickinz1> rbasak: looking
<kickinz1> rbasak, ok
<teward> server team meetings are public right
<rbasak> teward: yes. In #ubuntu-meeting
<teward> rbasak: i think i'll lurk today :)
<rbasak> (on now)
<rbasak> teward: please do!
<teward> maybe i should o/ since i'm still on the 'team' on LP xD
<teward> rbasak: it's helpful that i don't have a schedule full of classes on tuesdays now xD
<rbasak> :)
<bananapie> which program do I use to see all the files modified by a particular program? I think it was gdb or something like that, but I can't remember
<rbasak> bananapie: strace maybe?
<rbasak> strace -eopen is useful for that kind of thing
<bananapie> Nice :)
<bananapie> thanks :)
<teward> rbasak: general question: nginx is on the server team's list of things they keep eyes on since the MIR, right?  (in this case, now, it's on my radar all the time, since updates no longer sit for 3 weeks before being looked at)
<rbasak> teward: we do, but generally I look to see if you respond first, and usually you do :)
<teward> rbasak: yep.
<teward> :P
<teward> rbasak: well, feel free to always throw things my way :)
<teward> rbasak: especially given -devel is somewhere I lurk now :)
<rbasak> Thanks!
<thor77> is it possible to run a process in a virtual env with limited ressources?
<rbasak> thor77: look into ulimit? Or for more control, maybe cgroups, LXC, etc.
<thor77> thanks for the keywords
<teward> rbasak: no problem - and if the server team always wants to throw things my way they're welcome to
<rbasak> teward: remember, you're part of the server team :)
<teward> rbasak: i meant as a regular thing in the meetings and such, if nginx becomes heavily more active
<rbasak> teward: ack :)
<teward> coreycb: hopefully you don't mind the nginx mention with the server team meeting - since nginx-core got into main (thanks to rbasak and sarnold and all for the MIR processing, again), it's definitely on my radar a ton more nowadays.
<teward> especially since there's more people using it (according to all the errors I see on errors.u.c :P)
<rbasak> teward: no problem, thanks for coming!
<coreycb> teward, yes, not a problem whatsoever, that's what the meeting is for
<coreycb> thanks for attending!
<teward> coreycb: how fortunate my schedule isn't full nowadays
<teward> i can attend the meetings more frequently now
<rbasak> teward: 8678 popcon installs apparently
<coreycb> teward, that's guaranteed not to last for long right? :)
<coreycb> (the schedule not full part)
<teward> coreycb: at least until finals week or midterms - my class schedule has only a 14:00-15:45 class tuesdays
<coreycb> teward, oh man, I'm jealous :)
<teward> come summer, back at the 9-5 job :P
<teward> 09:00 - 17:00 job*
 * teward needs to do 24-hour time notation by default now
<teward> coreycb: and if i'm not able to attend, i'll drop a blurb to the -server mailing list for nginx updates that should be in the meeting - but as i said to rbasak, emails, bug reports, and pings in -devel -server    are the best way to get my attention (in that order)
<coreycb> teward, sounds good, thank you
<teward> you're welcome
<teward> and the lovely thing about PPU rights is that the updates no longer sit in the sponsoring queue for 3 weeks xD
<teward> so there's expedited processing of merges
<teward> and non-security things outside of the development release (I loop in the security team for security-impacting Vivid updates for nginx now though)
<teward> coreycb: i also know there was previous discussion adding nginx to the images, as something you can select and install.  But I don't know whether there's any need for such changes at this time.
<coreycb> teward, I am not sure tbh. rbasak do you know?
<teward> that request came into my email and on ask ubuntu and other locations, I believe, and prompted the MIR
<teward> (which in turn prompted nginx-core's creation)
<teward> it's probably an old discussion at this point
<teward> at least a year or more
<teward> oh, two years, almost...
<rbasak> teward: I don't remember talking about adding an nginx option to the installer. Right now we just have LAMP I think, which does apache?
<teward> rbasak: right.  i had a question come up in a bug (trying to remember!) which said "Will this be on the images"
<rbasak> I see.
<teward> at the time, i said "out of my purview"
<rbasak> I have no major objection, although there are always space constraints, and the desire to reduce complexity rather than increase it.
<teward> rbasak: indeed.
<teward> rbasak: the discussion might come up in future, maybe closer to the next LTS, but i bet you there's a few people what would like it
<rbasak> I'm also biased away from the images. I'm happy for the crowd who use them to continue to use them, but I don't.
<teward> although i have no objection to leaving it off of the images.
<rbasak> The future is in cloud images, rather than the traditional installer, IMHO.
<teward> agreed
<teward> rbasak: there are the traditionalists though xD
<rbasak> Yes and they're welcome to look after the installer images :)
<teward> rbasak: isn't part of QA's testing to test the traditional installer images...?  :/
<teward> i think i remember seeing a testing task for it somewhere
<teward> yep there's a test item >.>
<teward> rbasak: what package do we provide for LAMP?  Or is it just a set of things to install, is all?
<rbasak> teward: I think it just installs MySQL, Apache and PHP (libapache2-mod-php5 presumably).
<teward> mmm
<jpds> Isn't there a tasksel thing?
<teward> rbasak: well i see a problem setting up an nginx+mysql+php stack with the images, in that php5-fpm (what is typically used with nginx) is universe
<teward> if it too needs to be in main we open a can of worms, I believe
<teward> might open*
<patdk-wk> what about php5-cgi?
<teward> rbasak: so it's a future discussion, obviously.  but at least nginx-core *is* in main and there's people who now actively maintain it  *points at self*
<patdk-wk> you don't have to use fpm
<teward> patdk-wk: wouldn't that require a fastcgi wrapper?
<patdk-wk> you just need a fcgi or even cgi if you want :)
<patdk-wk> teward, php5-cgi is a cgi AND fcgi
<patdk-wk> fpm is a multi-fcgi wrapper
<teward> patdk-wk: so php5-cgi could accept a fastcgi_pass then?
<patdk-wk> yes, just using php5-fpm is normally *simpler* :)
 * teward sets up a server VM to test!
<patdk-wk> it would
<patdk-wk> but you probably need to make init scripts and stuff for it
<patdk-wk> whereas fpm already has it
<patdk-wk> fpm is what made, going from a single fcgi php to per user php simple
<teward> patdk-wk: yeah, the init scripts might be the pain - if LAMP is implied to work out of the box, and php5-cgi has no init, can that even be a viable solution
 * teward won't write the init scripts :P
<patdk-wk> well, pick your pain :)
<teward> catch-22.  both options are equally painful :p
<teward> i should blog about setting up an nginx+mysql+php5 stack on ubuntu 14.04+... hmmm
<patdk-wk> personally, I like php5-fpm :)
<teward> patdk-wk: agreed
<teward> makes it less painful to set up :P
<patdk-wk> put all my php.ini settings into it's per instance customization
<patdk-wk> no more php update saying it needs to overwrite my php.ini :)
<patdk-wk> makes happy sysadmin
<teward> heh
<patdk-wk> interesting
<patdk-wk> today seems to be a spam day
<rbasak> teward: I feel that php5-fpm is inadequately maintained currently for it to be in main.
<teward> rbasak: you and I are in agreement
<teward> hence the 'can of worms'
<rbasak> teward: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1267255
<rbasak> :)
<teward> rbasak: *subscribed and watching*
<sarnold> jamespage: we've got a backlog of reactive work at the moment; probably I'll get to 1407695 and the other MIR work next week at the earliest
<teward> is server going to be on the testing tracker for alpha 2?
<NoobsFlyVFR> I just installed xorg and i3-wm on my Ubuntu 14.04 LTS server and I am trying to install lightdm using sudo apt-get install lightdm. But it wants to install unity, and all other united related components.
<NoobsFlyVFR> How do I install lightdm without installing unity and everything else?
<sarnold> NoobsFlyVFR: maybe try installing lightdm-greeter alongside lightdm?
<NoobsFlyVFR> That worked, sarnold. Thanks a lot.
<sarnold> nice
<sarnold> I figured this looked like the reason why unity was being brought in: Recommends: xserver-xorg, unity-greeter | lightdm-greeter | lightdm-kde-greeter
<NoobsFlyVFR> Exactly.
<antiPoP> HI, I have an ubuntu 12.04 server with automatic updates enabled. However some security updates are aplied automatically while others not. What is happening? here are the configs and relevant logs: https://gist.github.com/antiPoP/9c97efbc523caab148ea
<sarnold> antiPoP: perhaps those updates were published after the periodic check run?
<antiPoP> sarnold maybe, but I didn't did an apt-get update
<sarnold> antiPoP: hmm
<antiPoP> so how have been these fetched?
<dtscode> hey guy... ive got a process that keeps saying this: dtscode@dragontoothsoftware:~/billbot$ warning: The echo canceller started acting funny and got slapped (reset). It swears it will behave now. is there any way to tell what is saying it?
<sarnold> echo canceller sounds like a voice-over-ip thing
<dtscode> oh. its probably my ts3 server then
<dtscode> can i restart it and redirect all output to /dev/null?
<sarnold> probably
<sarnold> thogh you might want to investigate using an initscript or upstart script to manage it as a service, rather than just a program you have to 'nohup ./foo > /dev/null 2>/dev/null </dev/null'  ...
<dtscode> would sudo service teamspeak3 restart > /dev/null work?
<dtscode> oh ok
<X123> screen! :)
<sarnold> true, screen or tmux is nice too :)
#ubuntu-server 2015-01-21
<keithzg> Hmm, was there ever a fix for the "no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory" error when using sudo? I entirely forgot to follow that.
<keithzg> I know I can fix it by removing SMB password sync from my PAM config, but I was hoping it'd be fixed by default by now, and it doesn't seem to have been.
<keithzg> (or at least, not fixed through an update on existing installs)
<keithzg> Hmm, looks from https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1257186 like it's waiting for 14.04.2 for the fix to be released?
<sarnold> keithzg: that would surprise me.
<keithzg> sarnold: Fair enough, I just see no other indication that it's being worked on other than that tag.
<sarnold> keithzg: indeed; it feels to me like that tag is giving false hope
<sarnold> keithzg: perhaps there are plans afoot to replace the samba version wholesale aroud 14.04.2 time, but it's not a precedent I'm familiar with, and it seems strange to me to wait until a new point release before doing so
<keithzg> sarnold: Hmm. Yeah, the fix seems to have come in with Samba 4.1.10 ( https://www.samba.org/samba/history/samba-4.1.10.html ), a bugfix for Samba 4.1 back in July.
<keithzg> Utopic and Vivid both have 4.1.11, but trust and trusty-updates are still on 4.1.6.
<dtscode> hey guys... i keep running sudo tasksel install mail-server, but it responds with: tasksel: aptitude failed (100)
<dtscode> how can i fix it?
<sarnold> dtscode: try simpler tools, e.g. apt-get install mail-server^ or install the specific mail server that you want
<dtscode> ok. ty sarnold
<hariom> Is there any secure way to share some directory or file system between remote servers (LAN environment but still not fully trusted)
<sarnold> what do you mean by "secure"?
<Openstack_> Anyone have any experience with openstack autopilot?
<sarnold> and what do you mean by "share"?
<Openstack_> I've successfully commissioned MAAS nodes and am running in to pxelinux.cfg issues when it attempts to boot to disk
<hariom> sarnold: Security with NFS like system. I heard SSHFS can be an option
<lordievader> Good morning.
<phix> Evening lordievader
<lordievader> Hey phix, how are you doing?
<adsc> i'd like to have heartbeat handle apache2 and mysql processes, so how do I disable them from starting at boot?
<adsc> it seems mysql has a script in /etc/init, but apache doesn't seem to
<lordievader> adsc: It does: /etc/init.d/apache2
<lordievader> Sysvinit vs upstart.
<astbis> Hi. I have some trouble getting Apache2 vhosts working. I did install apache2 php mysql aso. Everything works like a charm. But vhosts seams not to be working. Any ideas where to look for a solution. Here is a pastebin of my vhost configuration and apachectl -S output. http://pastebin.com/NQdxx6mr
<adsc> lordievader: it seems both our statements are correct
<adsc> anyway, i removed apache2 with update-rc.d and edited the upstart script of mysql so that it doesn't start
<marty_axel> problem with sftp, can t connect on port 22 connection refused. On ufw status i have port 22 ALLOW . What seems to be the problem?
<lordievader> astbis: I take the config file is enabled?
<astbis> a2ensite yes
<lordievader> astbis: Allright, what do you get when you go to a vhost?
<astbis> apachectl -S shows it is loaded
<astbis> I get only the first vhost loaded.
<lordievader> astbis: Anything in the logs?
<lordievader> astbis: Not sure if the server or my browser does it, but the www. part is removed and thus resulting in the same page. Perhaps you can make the test clearer by replacing www. with test. or something.
<astbis> Nothing in error.log
<astbis> I don't get it. Added a subdomain. Added just as the others. Entered the ip in /etc/hosts on my client and it works. Why not the others?
<lordievader> astbis: For the www part, I'm starting to suspect the browser.
<astbis> Thanks for the help. Testet it with linux links and it worked as configured. Google Chrome handles it weirdly. Why? Am i wondering.
<astbis> Cleaned browser history. Now Google Chrome shows i correctly.
<astbis> Thanks for the help.
<lordievader> No problem ;)
<lordievader> Glad you figured it out :)
<marty_axel> i have a problem with my sftp connection, it says port 22 : connection refused
<adsc> hello
<adsc> oh, sorry, i thought it has disconnected
<pmatulis> morning
<marty_axel> can anyone help with my problem?
<lordievader> !ask | marty_axel
<ubottu> marty_axel: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<kevinde> I have a hdd in a caddy that I take home with me from school, on this hdd I have Windows 7 & Ubuntu installed. Everything works fine on the machine at my school (where ubuntu was originally installed). I have tesame caddy bay installed on my pc at home where I can plug in my hdd and start windows/ubuntu. The only problem i'm having that when my hdd is plugged in the caddy bay at home that Ubuntu cannot find my network card bu
<kevinde> How is that possible,
<lordievader> kevinde: What network card? Make/model/etc
<kevinde> The network card build in my motherboard ( ASUS SABERTOOTH Z87 )
<kevinde> I can connect any other device such as a wireless adapter without any problems
<kevinde> It did work in the past, but somehow it stopped working about a month ago
<lordievader> What chip?
<pmatulis> kevinde: and, specifically, what do you mean by "cannot find my network card"?
<kevinde> well, it does get listed in lspci but ubuntu network manager doesn't detect it at all
<lordievader> kevinde: Does "ip link" show it?
<kevinde> might this be a driver issue,
<kevinde> I am at my school right now, cannot check that
<lordievader> kevinde: Then I suggest that you return when you are at the pc in question.
<kevinde> will do that, thanks
<adsc> i am trying to start mysql server with /etc/init.d/mysql start, but all I get is some apparmor logs in syslog
<pmatulis> kevinde: maybe not using 'eth0' but 'em1'.  that's what i have on my Z77 Sabertooth
<adsc> is there no way to start mysql directly, without upstart?
<jjohansen> adsc: what are the apparmor log messages?
<kevinde> pmatulis, I will check that when i'm back home, if that is the case ip link will show that?
<lordievader> kevinde: Yes.
<kevinde> it's just strange that it would be like that, as it used to work with eth0 in the past
<kevinde> but I will take a look at that
<adsc> jjohansen: http://pastie.org/9847401
<jjohansen> adsc: so you can modify the apparmor profile, or if you don't care about its protections for mysql disable its profile
<jjohansen> to disable the profile
<jjohansen>   sudo aa-disable mysqld
<adsc> will give it a try, thanks
<adsc> aa-disable doesn't exist
<jjohansen> to modify the profile, you can open /etc/apparmor.d/usr.sbin.mysqld file in an editor and then you need to add rules for the name= and denied_mask= combinations
<jjohansen> adsc: sudo apt-get install apparmor-utils
<jjohansen> eg. to add permission for the first denial add
<jjohansen>   /srv/mysql/production.lower-test w,
<jjohansen>   
<jjohansen> the other rule would be
<jjohansen>   /srv/mysql/ibdata1 w,
<jjohansen> you would then do
<jjohansen>   sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld
<adsc> if i disable it with aa-disable, will it stay that way, or do I have to do that every time the system reboots?
<jjohansen> adsc: it will stay disabled
<adsc> good
<adsc> although it doesn't seem to be the problem
<adsc> the last five log messages stay the same
<adsc> is there a simple way to get mysql to start without upstart?
<adsc> or does the /etc/init.d/mysql script work for you guys?
<adsc> ok, it seems to have to do with changed datadir
<adsc> i changed datadir to some other path, and from then on, it couldn't start it anymore
<adsc> as soon as I change datadir, mysql doesn't start anymore...any idea why?
<marty_axel> port 22 : connection refused on ssh. I`m behind a router and using ubuntu 14.04.1 LTS
<marty_axel> port 22 : connection refused on ssh. I`m behind a router and using ubuntu 14.04.1 LTS. I`m trying to connect filezilla(windows 7 computer) to server ubuntu, using either vsftpd or sftp. None of them seems to work on public ip.
<patdk-wk> if by *router* you mean a firewall(nat) device, no, it won't work
<maswan> unless you configure the firewall/nat to pass those packets on. how this is done, if at all, depends on the device and not the ubuntu server too.
<marty_axel_> by router i mean router
<marty_axel_> and it works, i just don t know how to config it yet. Please don t answer if you don t know
<maswan> if you just mean router, "i'm behind a router" is a null statement on the internet, since all packets are routed.
<marty_axel> i have a router in my room, i don`t know how to call it otherwise
<Grey_Loki_> marty_axel: what is the make and model of this router?
<marty_axel> linksys, doesn t really matter
<marty_axel> i already have a computer with ubuntu that works, i only try to change that computer with a better one
<marty_axel> with a newly installed ubuntu
<marty_axel> i have made port forwarding for port 21 22 on router
<jamespage> smb, believe it or not I can no longer replicate the problem I was having with block devices under vivid
<smb> jamespage, Oh I believe that rather easily. I suspect some kind of race anyhow. But generally, do you know details about what things go on during deployment up to the point where you would try to make the second disk a ceph device which you could document in the bug?
<smb> The thing is I have no clue what was on vdb before. It probably is not cloud-localds data since that only seems to support isofs or vfat
<adsc> has anyone managed to specify a different datadir for mysql than /var/lib/mysql? If I change this value in the config, mysql doesn't start anymore
<marty_axel> can someone help me configure vsftpd on ubuntu 14.04.1 LTS
<ivoks> what's there to configure?
<jamespage> smb, its an ephemeral disk created and attached to the instance by the underlying cloud
<jamespage> smb, its ext4 formatted
<fixxxermet> Is there a way to vlan tag your interface DURING the ubuntu install?
<smb> jamespage, Unfortunately that information is not helping me. In order to strip as much away as possible I rather need info about what the contents and exact format are (like what kind of label) and what actually was doing the mount and how any data on it was used. I *assume* (since its openstack) that the base vda contents are a cloud-image and the setup data for cloud-init actually came via net. So again, what mou
<smb> nted vdb, for what?
<marty_axel> it doesn t work on ssh
<marty_axel> for example
<jamespage> smb, cloud-init mounted the disk on boot
<jamespage> smb, it queries the metadata service to figure out what todo
<ivoks> marty_axel: vsftpd doesn't work on ssh?
<ivoks> i'm not sure i understand
<ivoks> openssh can provide sftp
<ivoks> vsftpd can provide ftps
<ivoks> if that's what you are refering to
<Pici> vsftpd can do ftps and ftp.
<marty_axel> i installed vsftpd, i can connect using filezilla on port 21 using localip(192.168.x.x),using public ip i have no chance. I try now using sftp, and i can t connect not even by using ssh user@ip on my ubuntu
<marty_axel> i get port 22 : connection refused
<ivoks> again, read:
<ivoks> 17:39 < ivoks> openssh can provide sftp
<marty_axel> a installed openssh server
<ivoks> vsftpd has nothing to do with ssh
<marty_axel> configure sftp from the internet
<ivoks> ahm, have you configured port forwarding from your external ip to internal?
<marty_axel> i doesn t, but i tried both ways, to make it work, i don t care which one works, i need it to work
<marty_axel> yes
<ivoks> can you ssh/ftp to your local ip?
<ivoks> instead of public one
<marty_axel> i can t ssh using local ip
<ivoks> if you can, then port forwarding isn't set
<marty_axel> it says port 22 : connection refused
<Pici> Can you ssh from the server to itself?
<marty_axel> i go on my ubuntu, i write ssh user@192.168.x.x and i get an error : port 22: connection refused
<ivoks> and you installed 'ssh'?
<marty_axel> yes
<ivoks> easy to check
<marty_axel> sudo service ssh status , it says it s running
<ivoks> netstat -nat | grep 192.168.x.x:22
<ivoks> or actually
<Pici> marty_axel: Thats on the server? or your other computer?
<ivoks> netstat -nat | grep :22
<ivoks> you should see 0.0.0.0:22
<marty_axel> grep:22 command not found
<Pici> You forgot a space
<NoobsFlyVFR> marty_axel, run netstat -nap
<marty_axel> i get 0.0.0.0:21
<marty_axel> nothing about :22
<ivoks> then your ssh is not running
<ivoks> or it's listening on different port
<ivoks> sudo netstat -natp | grep ssh
<NoobsFlyVFR> netstat -nap will reveal what port it's running on, marty_axel. If you're not sure, use sudo service ssh restart.
<marty_axel> i can restart it,it says ssh/stop ssh/start
<marty_axel> 	sudo netstat -natp | grep ssh doesn t return anything
<ivoks> then it's not running
<Pici> marty_axel: Just for clarification, are there two computers that we're talking about here? Are you running these commands on the server?
<marty_axel> yes
<marty_axel> i have windows7, i m talking to you from it. And the other computer with ubuntu 14.04.1 LTS on which i`m trying your commands
<ivoks> than you did something with your ssh
<marty_axel> and then copy the result in my mind and paste it here :D
<ivoks> and now it won't start
<jpds> marty_axel: Check your syslog file.
<marty_axel> if i sudo service ssh status, it says it s running
<marty_axel> i don t know how to do that. i`m php programmer(beginner), and this is for the small company i`m working for,it`s one time job
<ivoks> so, you installed ssh
<ivoks> what else did you do?
<ivoks> did you change any service to listen on port 22?
<ivoks> or did you change ssh configuration?
<ivoks> pgrep sshd
<ivoks> does that return a number?
<marty_axel> mhm, wait one second to tell u exactly what i changed
<marty_axel> nothing
<marty_axel> it returns nothing
<marty_axel> http://www.krizna.com/ubuntu/setup-ftp-server-on-ubuntu-14-04-vsftpd/
<marty_axel> what it says here
<marty_axel> it s the only thing i did
<ivoks> ssh is not running
<ivoks> so you did step 8?
<marty_axel> yes
<ivoks> you probably made a mistake there
<ivoks> and ssh won't start cause of broken configuration
<marty_axel> true
<marty_axel> but still can t connect
<marty_axel> i have something that i cant understand, in the sshd_config i have AllowUsers testing@192.168.x.x
<marty_axel> and i want to connect using my public ip
<nickander> have you considered adding your public ip to the config
<marty_axel> yes but i don t know where :D
<marty_axel> i can t connect on my ubuntu using ssh, now it gives me password error
<marty_axel> ...
<marty_axel> permision denied,please try again, when i input my password.
<marty_axel> i can connect with an user eventualy, but i can t connect with filezilla
<marty_axel> Error:	Authentication failed.
<marty_axel> Error:	Critical error: Could not connect to server
<darkxploit> marty your problem seem to be very vast
<darkxploit> are you trying to ftp on a server having the folder which is mounted as nfs
<darkxploit> did you check permission
<darkxploit> are you on a production platform or a simple home test
<darkxploit> i need more info dude
<darkxploit> it might be  iptables though.. it all depend
<marty_axel> on my company
<darkxploit> ok so u r testing on a pre-prod server
<marty_axel> they have a server already
<marty_axel> they put me on a new computer
<marty_axel> i installed ubuntu,and now i need to config it so i can connect trough filezilla
<darkxploit> which port are u running the ftp server
<darkxploit> oh ok
<marty_axel> if i install vsftpd i can connect with port 21 only with localip not with public
<darkxploit> in such case, the server [destination] which you want to access [source] have to be understood prior setting the ftp
<marty_axel> so i understood that with sftp its more easier
<darkxploit> yep
<marty_axel> so i installed openssh-server
<marty_axel> i made configurations
<darkxploit> you can install proftpd, sftpd vsftpd.. anything is fine provided you have install a ftp server
<marty_axel> i managed on ubuntu to write ssh user@localip
<darkxploit> which one have u chose ?
<marty_axel> http://www.krizna.com/ubuntu/setup-ftp-server-on-ubuntu-14-04-vsftpd/
<marty_axel> this tutorial i made
<marty_axel> i can connect using one user,altough i made 4 users.... and i can connect on localhost
<marty_axel> after infinite battles :D
<darkxploit> ok what is the output of netstat -ntpl | grep -i ftp on the server
<darkxploit> command >> netstat -ntpl | grep -i ftp
<darkxploit> paste the output here
<marty_axel> 0.0.0.0:21
<darkxploit> hmm ok
<darkxploit> now from the client
<marty_axel> i dont have putty installed
<marty_axel> on the client
<darkxploit> the server or computer where you want to install filezilla
<darkxploit> do this test
<marty_axel> where?with what i mean
<marty_axel> command promt?
<darkxploit> telnet <<ipaddress of the server>> 21
<marty_axel> don t have telnet either...mhmm
<darkxploit> is the server or computer from where you want to install filezilla windows or linux ?
<marty_axel> i have filezilla on windows7
<marty_axel> and ubuntu on another computer
<darkxploit> ok the windows 6 itself
<darkxploit> 7
<darkxploit> open cmd
<darkxploit> type
<darkxploit> telnet ip address of the server 21
<marty_axel> i need to activate telnet on win7,just a minute
<darkxploit> telnet is a good tool to test if nothing is preventing the connection
<darkxploit> may be there is a firewall somewhere in the company or a simple iptables rules on the server or any firewall rules on the windows machine
<marty_axel> ok,installed it
<marty_axel> 220 <vsftpd 3.0.2>
<sudormrf> question for you guys about rsync.  I have a cron job that does a very simple task.  looking in my cron log it says that rsync is trying to chown files at the destination.  never seen this before and not sure why it would do so.  is this normal behavior?  the command being used is rsync -raz --progress /path/one/ /path/two/
<marty_axel> only output it says
<darkxploit> ok great
<darkxploit> it means traffic is fine
<darkxploit> now on the server, you created three users right ?
<marty_axel> yes
<marty_axel> added them on the same group
<marty_axel> i only did what that tutorial tought me :d
<darkxploit> sudormrf use rsync with the -n arguments with addition
<darkxploit> to what u r using
<darkxploit> it will run it in dryrun mode
<darkxploit> so that you can debug the problem
<darkxploit> ok from the filezilla
<marty_axel> Command:	open "marius@192.168.1.168" 22
<marty_axel> Command:	Pass: ************
<marty_axel> Error:	Authentication failed.
<marty_axel> Error:	Critical error: Could not connect to server
<marty_axel> using port 22 i need to connect,right?
<sudormrf> darkxploit, thanks :)
<marty_axel> let`s say i make this work. The goal is to connect to the server using public ip
<darkxploit> dude 22 is ssh
<darkxploit> u said ftp server is running on port 21
<darkxploit> connect on port 21
<marty_axel> Response:	500 OOPS: vsftpd: refusing to run with writable root inside chroot()
<darkxploit> no worries sudormrt... are you having anymore problem
<marty_axel> Error:	Critical error: Could not connect to server
<darkxploit> ok
<darkxploit> now u need to know which folder that you want to access
<darkxploit> on filezilla you need to specify which folder that you want to access
<darkxploit> and on the server you need to give specific permission
<darkxploit> do one thing
<marty_axel> home/marius/files
<darkxploit> what is the output of ls -lha /home/marius/files
<kevinde> lordievader: I`m at home now, Ive tried ip link but it only detects the lo interface
<kevinde> lordievader: Does this mean it is a driver issue?
<marty_axel> total 8.0k
<darkxploit> kevinde, if u dont mind me interrupting you..? are u trying to access a virtual server on vmware or vbox ?
<darkxploit> no marrt
<darkxploit> ls -l /home/marius/files
<marty_axel> drwr-xr-x 2 root root
<darkxploit> lol
<darkxploit> of course if wont work
<lordievader> kevinde: Possible, what does dmesg say about it?
<darkxploit> because the user is root
<marty_axel> dr-xr-xr-x 4 root root
<darkxploit> and the group is root
<marty_axel> my head hurts :D
<darkxploit> does the user marius exist on the server
<darkxploit> what is the output of cat /etc/passwd | grep -i marrius
<marty_axel> marius:x:1000:1000:administrator
<darkxploit> ok
<kevinde> lordievader:  Ive got 2 different errors here, xhci_hcd 0000:00:14:0: ERROR no room on ep ring     &  phy0 -> rt2x00usb_vendor_request: Error - Vendor Request 0x07 failed for offset 0x1700 with error - 12.
<marty_axel> he needs to connect,marius is my boss :D
<kevinde> darkxploit: I am not :)
<lordievader> kevinde: Those are both usb related.
<marty_axel> i need to connect using my public ip,not localip
<darkxploit> marty_axel, fire this command chown -R marius:marius /home/marius/files
<marty_axel> remember
<lordievader> kevinde: You said lspci showed it?
<marty_axel> invalid group marius
<darkxploit> marty_axel, fire this command chown -R marius:root /home/marius/files
<marty_axel> ok
<marty_axel> it worked
<kevinde> lspci shows Ethernet Controller: Intel Corporation Ethernet Connection I217-V (rev 04)   that must be my onboard motherboard nic if im correct
<darkxploit> now access the server from the filezilla
<marty_axel> not working,probably i need to restart vsftpd ?
<darkxploit> no
<marty_axel> ok,still not working,same error
<darkxploit> its not needed
<lordievader> kevinde: Could you pastebin the output of 'lspci -k|grep Ethernet'.
<marty_axel> so you know i have some modifications made in vsftpd.conf
<darkxploit> are u sure u did a telnet on port 21
<darkxploit> and not on 22
<darkxploit> ues
<darkxploit> yes
<marty_axel> yes
<marty_axel> on port 21 i did telnet
<darkxploit> the tutorial looks fine
<marty_axel> anyway, what are you telling me to do now,it worked a few hours ago
<marty_axel> but couldn t make it work using public ip
<darkxploit> something is sure
<darkxploit> the problem is within the server
<darkxploit> its not with the ip
<marty_axel> noo
<kevinde> lordievader: hang on
<marty_axel> the problem is in vsftpd.conf,i m sure
<darkxploit> because the telnet test was ok from client to server
<darkxploit> yes
<marty_axel> but how do i connect to my public ip?
<marty_axel> that s the real problem
<darkxploit> u can connect to the server using mobaxterm on windows
<marty_axel> i can say pasv_address : 5.2.x.x
<darkxploit> then u wont need ftp etc..
<marty_axel> i need using filezilla,because that`s what it is now
<darkxploit> u can transfer file easily
<marty_axel> on computers and on the other servers
<marty_axel> server*
<darkxploit> yes but with mobaxterm its more easy
<marty_axel> i don t argue with you
<darkxploit> but since u need ftp
<marty_axel> but i m a simple employee
<marty_axel> with 1 month of practice
<darkxploit> lol
<marty_axel> just finished college
<marty_axel> :D
<darkxploit> i am not an employee
<marty_axel> i never put my hands on linux before, never :D
<marty_axel> i m not an employee,i`m in probation :))
<darkxploit> did u followed this part as well ---> sudo useradd -m john -g ftpaccess -s /usr/sbin/nologin
<marty_axel> so it s important for me to fix this... since i m not in my home town and rents are over the roof 70% of my salary goes on rent
<marty_axel> yes
<darkxploit> the goal is to create the ftpaccess file
<darkxploit> i would recommend you to do a test on 2 vbox machine
<kevinde> lordievader:  http://www.pastebin.com/FmuvsnJv
<darkxploit> i cannot help anymore.. feeling sleepy now.. its 22 25 here
<darkxploit> sorry
<marty_axel> ok,one more question
<marty_axel> quickly
<darkxploit> yes
<marty_axel> how do i exit a file
<marty_axel> that i edit it in readonly
<darkxploit> from where
<marty_axel> :D
<marty_axel> vi /etc/vsftpd.conf
<darkxploit> oops
<darkxploit> ok so
<marty_axel> witouth sudo, so i cant :wq
<darkxploit> put caps lock
<darkxploit> press ZZ fast
<darkxploit> if it dont work
<darkxploit> press esc
<darkxploit> press :
<darkxploit> i mean type :
<marty_axel> yes
<darkxploit> q!
<lordievader> kevinde: Err, I wasn't paying attention. I meant 'lspci -k|grep -A2 Ethernet', sorry.
<marty_axel> with !
<marty_axel> okey
<darkxploit> yes
<marty_axel> thank you
<darkxploit> another option is press Esc
<marty_axel> have a good night, and thank you for your time, i deeply appreciate it
<darkxploit> and do ZZ fas
<darkxploit> fast
<marty_axel> it worked,thanks :P
<darkxploit> if it still dont work
<kevinde> lordievader: http://www.pastebin.com/sViE0AmC
<darkxploit> i can help u tommorow
<darkxploit> right now i am tired
<marty_axel> okey, thank you,i`ll search for you tomorrow then
<plm> Hi all
<plm> $./app.sh 2>> error.log -> how I do to add datetime when each error happen?
<darkxploit> marty_axel, i am sending u a private message
<lordievader> kevinde: Is the module e1000e loaded?
<kevinde> lordievader: lsmod doesnt list that
<lordievader> kevinde: Try to load it.
<kevinde> lordievader: loaded the module but it did not do anything
<lordievader> kevinde: You can confirm it is loaded?
<lordievader> kevinde: What is the output of "sudo modinfo e1000e|grep version"
<kevinde> lordievader: I do not see the module in lsmod after mod probbing it, Will post the output of modinfo shortly
<kevinde> lordievader: http://pastebin.com/JnGNkzFz
<lordievader> kevinde: I get the feeling that your version of e1000e does not yet support your card.
<lordievader> !info linux-image-generic precise
<ubottu> linux-image-generic (source: linux-meta): Generic Linux kernel image. In component main, is optional. Version 3.2.0.75.89 (precise), package size 2 kB, installed size 32 kB
<kevinde> lordievader: It worked in the past, Would upgrading to 14.04 help by any chance?
<kevinde> I am using 12.04 LTS at the moment
<lordievader> kevinde: Check if 2.3.2-k does support the I217-V.
<kevinde> lordievader: where could I find the supported network cards for that version? I tried looking for it. (I found this also https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1182878 ) perhaps enabling HWE stack woul fix this?
<lordievader> kevinde: Intel's site states that it does: https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=22887&lang=en
<kevinde> lordievader: Should I upgrade the e1000e manually?
<lordievader> kevinde: I'd rather not. Unless you can assure that the module is compatible with your kernel version.
<kevinde> lordievader: If I am correct and enable HWE stack this should install the newest e1000e after updating?
<lordievader> No idea, I am not familiar with HWE.
<kevinde> lordievader: Ok, I will give it a shot. Thanks alot for the help, really really appreciate it.
<lordievader> kevinde: No problem.
<x86bit> Hi
<x86bit> I need some help setting up my proftpd server, I cant seem to access it from out side my network
<x86bit> I have port forward 21
<x86bit> I need some help setting up my proftpd server, I cant seem to access it from out side my network (Sorry my connection timed out )
<x86bit>  I need some help setting up my proftpd server, I cant seem to access it from out side my network
<rberg_> doesn't ftp server need port 20 and 21? more if in passive mode
<x86bit> it is on 21
<x86bit> I can only access it from home as i have changed my hosts file to point my domain to the local servers internal ip
<shauno> it's not *only* 21 though.  ftp is evil, not only because it's plaintext, but because the protocol was written by someone who hates you.
<shauno> (I just label it "here be dragons" and ignore it.)
<rberg_> 21 cmd, 20 data
<x86bit> My friend to me to use MasqueradeAddress
<x86bit> and a passive port range
<lordievader> x86bit: Using scp ain't an option?
<x86bit> It is but, I want to setup webhosting and I use sentora and it currently uses ftp for file transfer
<x86bit> Clients dont want to use a program like scp
<x86bit> So do i need to port out to 20 as well ?
<rberg_> and a passive range
<rberg_> http://slacksite.com/other/ftp.html seems like a good read
<rberg_> heh pure evil is ftps :)
<x86bit> I will try to set port 20 to port out as that might be the problem
<x86bit> haha
<x86bit> here is my config
<x86bit> http://paste.ubuntu.com/9810366/
<x86bit> I get this error with scp http://puu.sh/eQcpn/a66dda446d.png
<x86bit> Its very odd that all i can say
<lordievader> x86bit: Looks like a firewall.
<x86bit> A firewall on the server ?
<x86bit> Wait a sec. If I comment on the MasqueradeAddress it works
<x86bit> But only internally
<lordievader> A firewall somewhere, check nmap or something.
<x86bit> Yeah ok,  I will have a look
<x86bit> I have to get on the road now but I will have a crack at it later
<x86bit> Thank you everyone that helped
#ubuntu-server 2015-01-22
<lordievader> Good morning.
<marty_axel> Hello. I can t connect to my server using port 21 or 22 on my public ip address. With my localip it works only on port 21 (ubuntu 14.04.1 LTS)
<lordievader> marty_axel: NAT?
<marty_axel> yes
<lordievader> marty_axel: Have you setup port forwarding?
<marty_axel> yes
<marty_axel> all ports are opened
<marty_axel> i can connect to my public ip on port 80, for example
<lordievader> marty_axel: Is your public ip of the server '5.2.130.66'?
<marty_axel> yes
<marty_axel> how did u know :-o
<lordievader> marty_axel: Magic fingers ;) Only port 80 is open, port 21 and 22 are filtered. Do you run a firewall?
<marty_axel> on my router yes
<marty_axel> but i used port forwarding
<lordievader> No firewall on the server?
<marty_axel> ufw disabled enabled,doesn t matter,it doesn t work either way
<lordievader> marty_axel: From within the local network what do you get for "nmap -p 22 <local-server-ip>"?
<marty_axel> from the computer with ubuntu i can run that command
<marty_axel> from windows 7...don t know how to
<marty_axel> unable to determine any DNS server. Host is up. 22/tcp open ssh
<marty_axel> revers DNS is disabled
<lordievader> marty_axel: The Ubuntu machine is that the server?
<marty_axel> yes
<lordievader> marty_axel: Hmm, then install zenmap on the Windows machine and try from there.
<marty_axel> Nmap scan report for 192.168.1.168
<marty_axel> Host is up (0.00013s latency).
<marty_axel> PORT   STATE SERVICE
<marty_axel> 22/tcp open  ssh
<marty_axel> MAC Address: 00:14:D1:1C:6D:77 (Trendnet)
<marty_axel> Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds
<marty_axel> Nmap scan report for 192.168.1.168
<marty_axel> Host is up (0.00013s latency).
<marty_axel> PORT   STATE SERVICE
<marty_axel> 22/tcp open  ssh
<marty_axel> ..
<marty_axel> Nmap scan report for 192.168.1.168
<marty_axel> Host is up (0.00013s latency).
<marty_axel> PORT   STATE SERVICE
<marty_axel> 22/tcp open  ssh
<lordievader> marty_axel: Please use pastebin when you want to paste console output.
<marty_axel> ok
<lordievader> marty_axel: Now try it with the public ip.
<marty_axel> http://pastebin.com/3vtRCghH
<lordievader> marty_axel: Heh, it closed even. You port forward likely isn't correct.
<marty_axel> from the router?
<lordievader> marty_axel: Yes.
<lordievader> marty_axel: Inside your network things are ok, outside they are not. So the problem likely is the wall seperating the inside from the outside.
<marty_axel> newbie in this, so practical the problem stands inside the router, port forwarding not done corectly, am i right? :-s
<lordievader> marty_axel: That is likely the culprit, yes.
<marty_axel> but i can connect from ubuntu on ssh but cant from filezilla with my localip
<marty_axel> ssh user@192.168.1.168 works, filezilla same thing(user password port:22) gives an error: authetication failed :-ss
<marty_axel> this is the only thing i don t understand right now, and i`ll try to fix the other problems today :P
<lordievader> marty_axel: Read the error...
<marty_axel> http://pastebin.com/wsjs9rz3
<lordievader> marty_axel: Ah the second error likely causes the first one.
<marty_axel> yes but why since it works on ubuntu machine with same user and pass, why not on filezilla
<lordievader> marty_axel: Different protocol?
<lordievader> marty_axel: Also is it the same machine?
<marty_axel> different,it was an error in config, i had to comment something,it works now on localip
<marty_axel> now i`ll try with public ip :D,untill tonight it will work! :D
<Azaril> hi, is preseed or kickstart recommended?
<jamespage> rbasak, do you want todo the honours on https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/1408478 ?
<rbasak> jamespage: ack
<ganey> I've been trying to set up MAAS on ubuntu, and get nodes on without using pxe. When i use the installation disc and enter the maas server ip to join, i just get a SIGKILL and the node restarts?
<Sling> so during ubuntu 14.04 installation im doing software raid wrong apparently, now i have a /dev/md127 with one disk added to it, sda2, which I cannot fail or remove
<Sling> rebooting the system did not change anything, it's busy/in use
<Sling> how can i remove this md device when its busy and can't be failed ?
<Sling> (im not in ubuntu itself, only in the installer)
<ganey> is it loading swap from the disk? i had to resize a disk yesterday, swapoff -a, then it worked.
<Sling> yea i assigned it to be swap during a previous attempt, swapoff -a didn't change it
<ganey> damn, err.. i'll have a think
<Sling> also I doubt swapon happened in the installation when im only at the partitioning step
<Sling> but just to be sure, tried it again, still says device or resource busy after 'mdadm --fail /dev/md127 /dev/sda2'
<Sling> and i dont have 'lsof' in this baby shell so can't even see if any process has stuff referenced to that disk
<teward> rbasak: ping - https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1324062 is still on my radar, and now that we're almost half-way to the next LTS, we might want to consider options going forward and check with the release team and such - if 5.1 is going away come next LTS (or being demoted into Universe), and LuaJit isn't going to come up, we'll have to trim from the package the nginx lua support
<teward> rbasak: and yes, i'm bringing this up every release :P
<Sling> ganey: managed to remove it in the end by reassigning the raid partition to be some random ext2 filesystem and rebooting
<Sling> very weird :)
<ganey> ah awesome well done sling :D
<zul> hallyn:  just working on libvirt i put the 2 cgmanager patches together
<jamespage> smoser, minor ss fix - https://code.launchpad.net/~james-page/simplestreams/i386-i686/+merge/247296
<jamespage> gah wrong branch
<smoser> jamespage: what is the fallout of that ?
<jamespage> smoser, basically with i386, nova by default won't schedule an instance as the hypervisors all report i686
<jamespage> != i386
<smoser> hm.. so its just been that completely broken for so long.
<jamespage> smoser, it would appear so
<jamespage> smoser, we might want to review other image architectures to ensure we are matching the right openstack ones
<smoser> fixed.
<hallyn> zul: ok, i just pushed a new libvirt to v yesterday wit ha few more trivial changes
<zul> hallyn: ubuntu20?
<rbasak> teward: thanks. Yeah - I'll leave it to others to manage lua itself. They'll see the reverse dependency so I hope we'll hear from them if they want to drop 5.1 from main.
<teward> rbasak: right, if they do drop that, then we have to drop lua from the nginx binaries in universe.  or separate -core into its own source package
<hallyn> zul: yeah that one
<zul> hallyn:  cool ok
<zul> hallyn:  1.2.11 is building now
<hallyn> 1.2.12 should be out soon :)
<hallyn> (but i'm not suggesting waiting)
<Elion> hi, i'm looking to add some RAM in an old server that use 667mhz ddr2 fully buffered ecc ram, do i really need to use the same RAM or can i use standard ddr2 ram (not ecc nor fully buffered) ?
<ganey> you might find it cheaper to replace all the ddr2 stuff with non ECC
<ganey> i never got on with mixed modules myself
<smoser> bug 1
<smoser> bug 1153626
<fandi> hello
<fandi> how to prevent oom killer on ubuntu server kill a process example glusterfs
<fandi> thanks
<rberg_> you can create exclusions for the OOM killer, but if you are out of ram something is going to get killed
<rbasak> fandi: google? Eg. http://unix.stackexchange.com/q/58872
<fandi> rberg_: ok thanks .. i looking for that
<fandi> rbasak: ok let me check
<fandi> rbasak: thanks
<rberg_> is it common for VMs in openstack to not have a /dev/disk/by-id ? I do have a by-uuid.
<rberg_> I can see the udev rules to create that in 60-persistent-storage.rules, but when I query udevadm I dont see that field
<rberg_> should VMs in openstack have a ID_SERIAL or ID_MODEL set? I dont see those on this VM
<rbasak> I don't know the answer, but I can see how a serial or model wouldn't make sense on a virtual device.
<rberg_> agreed
<rberg_> I looked at a virtual box vm and I do see it set there
<rberg_> as SATA_VBOX_HARDDRIVE
<rberg_> maybe kvm doesnt do that, or its misconfigured
<airjump> hello
<xjunior> I'm having an issue with upstart (https://gist.github.com/xjunior/765ff75ff8af4391498c). It starts and monitors a PID, but then the actual process is running a different PID!
<ogra_> xjunior, http://upstart.ubuntu.com/cookbook/#expect
<xjunior> ogra_: well, I have an expect daemon there
<xjunior> which didn't help
<jpds> xjunior: expect fork ?
<xjunior> jpds: sameâ¦
<xjunior> https://gist.github.com/anonymous/40ed284673938450f99b
<xjunior> then if I try to stop with upstart, it hangs
<ganey> how do i add nodes to a maas server WITHOUT pxe?
#ubuntu-server 2015-01-23
<Telendrith> I just installed ubuntu server on a Dell PowerEdge 2950, and it won't boot or get to the boot loader. I think it's because the server dosn't support UEFI, how can I change it to BIOS? or do you think it's a miss diagnosis
<dorotheus> I have an ubuntu VPS that I rebooted and now I cannot connect to. Before rebooting its disk was full but I cleared a few gbs and then rebooted. I emailed the support and they gave me this image: http://s17.postimg.org/59cqhng3j/Untitled.png. How can I tell them to proceed?
<sarnold> dorotheus: first, get a good magnifying lens. The stronger the better.
<sarnold> dorotheus: does your vps provider have a "console" mechanism set up in their management interface?
<dorotheus> sarnold yes they do.
<sarnold> dorotheus: ah, good. that might let you get some information to fix it..
<dorotheus> sarnold, oh that's great. Well I knew that...
<Anteac> i fucked up nano /etc/apt/sources.list
<Tzunamii> Anteac: Hindsight is 20/20, but please make backups of files you're going to edit/replace before fiddling
<Anteac> any site which offers vbox images preconfigured with php,mysql,etc?
<lordievader> Good morning.
<ganey> Anteac:I dunno if vagrant boxes work? there's loads of preconfigured boxes.
<Anteac> i think i can just select lamp server with ubuntu setup
<presidente> ciao
<Azaril> my preseed.cfg doesnt seem to be working
<Azaril> is there a way i can work out why
<zertyui> hello there
<zertyui> i try to mount nfs filesystem
<zertyui> this is the message i got :
<zertyui> http://paste.ubuntu.com/9834994/
<zertyui> is that normal ?
<teward> zertyui: what command did you run
<zertyui>  mount fas2:/vol/home  /mnt/
<zertyui>  mount server2:/vol/home  /mnt/
<hroi> hi
<SchrodingersScat> hey, haven't used incron in a while :[
<hroi> im having some problems with incron
<SchrodingersScat> do you think it's a problem with that? or whatever you're trying to run? this 'foo'
<hroi> I've only used it on debian before, but dont recall having issues
<hroi> SchrodingersScat,   on my ubuntu 14  it actually runs
<hroi> but I dont get why there are no /var/log/cron files
<hroi> for me to dig up errors
<hroi> SchrodingersScat,   it completely refuses to do anython on  the amazon aws ubuntu
<hroi> yet I think it is a vanilla ubuntu
<SchrodingersScat> is there a /var/log/incron ?
<hroi> #63-Ubuntu SMP Wed Sep 3 21:30:07 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
<hroi> on amazon
<hroi> SchrodingersScat, no, none such
<teward> i have an ubuntu server in a VM - it has two connections: one NAT'd, and one host-only.  When the host-only is connected, it fails to be able to reach out to the internet.  Is there a way to define a "Internet Accessible" connection and another that isn't the route to the internet?
<Azaril> my preseed.cfg doesnt seem to be working, is there a way to find out why?
<hroi> ahh got it to work...
<hroi> it was my bad  ... only allowd one " " white space between items in the tab list
<Pici> ;36
<foolhardy> I'm finding that the ntp daemon is dying nightly, probably during the vm suspended backup. How can I automate 'service ntp restart' every morning at 0600?
<foolhardy> runnign ubu server 12.04
<foolhardy> x64
<jpds> foolhardy: Have a tool like puppet ensure that the service is you.
<jpds> is running for*
<foolhardy> good idea, I'll do that. Thanks
<zertyui> hello
<zertyui> anyone ?
<SchrodingersScat> is it me you're looking for?
<zertyui> i got this error :http://paste.ubuntu.com/9834994/
<Sling> zertyui: after what command?
<zertyui> mount server2:/vol/home /mnt/
<zertyui> i got this error :http://paste.ubuntu.com/9834994/
<Sling> yes you just said that
<Sling> and this /vol/home is a NFS mountpoint on server2?
<zertyui> yes
<Sling> take a look at https://help.ubuntu.com/community/SettingUpNFSHowTo
<Sling> or https://help.ubuntu.com/14.04/serverguide/network-file-system.html
<Sling> if you still have issues, tell us that is in syslog and dmesg
<Sling> also, can you mount it from other clients?
<zertyui> i can able to mount the same nfs mountpoint on a ohter freebsd server
<zertyui> but using with ubuntu i can't at all
<Sling> did you install nfs-common on the client?
<Sling> dpkg -l | grep nfs-common
<Sling> if there is no output, do sudo apt-get install nfs-common
<Sling> (as explained in the URL's I gave)
<Telendrith> I just installed ubuntu server on a Dell PowerEdge 2950. After reboot, I don't even make it to the boot loader. Any ideas?
<patdk-wk> I have a few thousand ideas
<patdk-wk> what one would you be interested in?
<pmatulis> friday lulz
<Telendrith> Ha, the best idea you have :]
<Telendrith> I started my raid 1 from scratch and reinitalized, did the install .. and Nothing :o
<henkjan> Telendrith: hardraid?
<henkjan> Telendrith: maybe need to set that array bootable in de raid controller bios?
<zertyui> simply that's the problem
<zertyui> nfs-commun not installed
<Telendrith> I'm using the built in raid controler.
<zertyui> now i the nfs filesystem is mounted
<zertyui> i would like to see mountpoint as a device
<zertyui> possible ?
<zertyui> hello anyone ?
<teward> zertyui: patience is a virtue :P
<pmatulis> zertyui: why do you want a directory to be a device?
<teward> anyone ever seen a problem where `curl -1` will occasionally *NOT* use TLS
<JanC> teward: IIUC -1 only forces the type of SSL/TLS it uses, but it doen't force SSL/TLS itself?
<JanC> you can use --ssl-reqd to force SSL/TLS
<teward> JanC: well, it was forcing TLSv1, wireshark confirmed
<teward> TLSv1+
<Spyros> Hello guys, i received credentials for an ubuntu server system that had a website running, the goal was to add a second one (virtualhost). After fiddleing arround the server is discovered it was running ubuntu 12.04. Will i break everything if i update it to 12.04.5 ?
<teward> Spyros: 12.04 and 12.04.5 are synonymous
<teward> Spyros: there's no difference between 12.04 installed and you keep updating via apt-get update and upgrade, vs. installing 12.04.5 and installing additional updates
<teward> Spyros: the only difference are what HWE stacks are on the image, really, and the kernel version on the image, but you can install those without reinstalling the server
<teward> so long as you're installing updates on the server from the repos
<Spyros> teward, yes i will simple update from the official repos. I mean i heard apache 2.4 breaks the virtualhosts of apache 2.2 for instance. Do i keep apache 2.2 or does it update to 2.4 ?
<sarnold> 12.04.5 is still apache 2.2
<sarnold> 14.04 is on apache 2.4, so you'll want to plan that transition for when you've got some time
<teward> Spyros: what sarnold said
<teward> sarnold: thank you for chiming in, i'm nginx, not apache :)
<Spyros> When does 12.04 support end?
<sarnold> Spyros: april 2017
<sarnold> Spyros: https://wiki.ubuntu.com/Releases
#ubuntu-server 2015-01-24
<optrusty> Hi Guys I just bought a vps and I wanna ask what can I do with 1GB Ram
<optrusty> It's kind of a dumb question, but I am still wanting to know
<grendal_prime> ok im now officially fully perturbed
<grendal_prime> i have a desktop that i need people to remote access.  how the hell do i do this without all the fkn artifact crap going on?!!
<grendal_prime> if i connect to this even with vnc i get crapy screen refresh stuffs missing. On the local lan its fine, over the vpn it BLOWS
<grendal_prime> its ok if its slow..but come on if i cant read it? operations is going to bitch like yo wouldnt believe
<mmance> Is anyone else having problems with their mdadm raid in 14.04.1?
<mmance> I am getting  create user root not found on boot
<mmance> it was working, but it seems to happen during a package change
<mmance> I have reinstalled 3x to "fix" it. but after doing an apt-get whatever and rebooting causes this
<lordievader> Good morning.
<Guest69813> Morning
<Tomlowndes> For some reason I didnt have a name
<Tomlowndes> strange
<lordievader> Welcome back, Tomlowndes.
<Tomlowndes> How are you today?
<lordievader> Doing good here. How about you?
<Tomlowndes> yeah im okay thanks In Manchester and Nottingham for the weekend so hoping the weather stays nice so I can take some photo's
<CiPi> Daaaamn, when i install server from usb, every time is installing the grub on usb, i can`t do anything to change this, how can i fix this. I can`t boot without usb.
<lordievader> CiPi: Manually install it to the correct drive?
<CiPi> Yes man, i have try every damn way. Now i try installing after fiew steps, i removed the usb...
<CiPi> The os has been loaded to HDD, after this i removed the USB.
<CiPi> Now i`m on the grub step...
<CiPi> hehe...
<CiPi> Huh, hope it runs...
<lordievader> CiPi: sudo grub-install /dev/<disk> (or whatever it was in Ubuntu)
<CiPi> Yep, i have try this, in the final is giving an error, something like that, are you using two disks ?
<CiPi> Bla-bla...
<lordievader> CiPi: So read the error, investigate and fix the error.
<CiPi> Seems to work for now, is still installing. USB is out, grub installed to master boot record.
<CiPi> Daaaaamn:|
<CiPi> This method worked...
<CiPi> Need to remove usb before installing the grub
<CiPi> At the grub step.
<lordievader> CiPi: That seems like a bad idea... but good to hear it worked.
<CiPi> Working without problems.
<kabar> how i view example.com.csr file
<kabar> i am using ubuntu 14.04 nginx
<kabar> which command i use to view inside the file
<lordievader> kabar: Is it a text file?
<kabar> yes
<lordievader> kabar: cat, less, more, dog, tail, head, etc, etc.
<kabar> is "cat example.com.csr" is right command
<kabar> ?
<kabar> i am new in this
<lordievader> kabar: https://help.ubuntu.com/community/UsingTheTerminal
<lordievader> kabar: And yes.
<kabar> thanks
<Tachikomas> Hello. I'm looking for the best way to protect my ubuntu server from the web. I use actually fail2ban, but it protect just the open ports. Any idea ?
<ogra_> what else would you protect ?
<ogra_> non-open ports can not be talked to
<Tachikomas> It's a backup server, using bacula.
<Tachikomas> so just 21/22 / 9101/9102/9103 open.
<Tzunamii> If you want good protection you should set up something like OpenVPN client(s)<->backup server
<Tzunamii> After that just add some iptables rules to accept input on the port(s) from the VPN
<Tzunamii> Deny everything else
<Tachikomas> like that ? http://pastebin.com/CU6LRPvB
<Tzunamii> Something like that, yes.
<Tachikomas> I try to enable that on the restart.. but impossible with update-rc.d
<Tachikomas> http://pastebin.com/H8aqR90K
<Tzunamii> Get a VPN up and running first between client and server and when it works well, just add a few rules. It's quite easy
<Tachikomas> ok.
<Tachikomas> Thanks.
<Tzunamii> If you have any specific questions, don't hesitate to poke us/me
<Tachikomas> Thanks. :)
<Tzunamii> Besides putting up some iptables rules you can force a application to just listen to one network (IP).
<Tachikomas> it's already done. Bacula just listen from authorized ips.
<Tzunamii> Tachikomas: Well, I'm talking about forcing. Not instructing the application in it's config-files.
<Tzunamii> http://daniel-lange.com/archives/53-Binding-applications-to-a-specific-IP.html
<Tzunamii> Anyway, I wish you the best of luck
<Tachikomas> Thanks :D i think i will need it.
<Tzunamii> Don't fret. This is very common practice so it's quite documented. Just have to pull your sleeves up and Google your arse off for some research
<hariom> hey friends, I have 3 VMs. They are NATed. When I try to connect any of the VMs from remote server over https, I am able to connect. But when from with in one of the VMs I issue the same https request, it gives timeout msg.
<hariom> What could be possibly wrong?
<hariom> https url is of the form: https://www.myexample.com/mypage
<hariom> When I use https://<internal_ip_of_the_VM>/test , it works fine but not the https://www.example.com/test
<CiPi> Damn, ubuntu is fuuuul of errors
<bekks> CiPi: So is every other distro.
<devster31> hi
<devster31> can anyone suggest me a good rtorrent script either for upstart or init.d? I'm having trouble finding one that uses a particular user:group and tmux and kills the process with SIGINT
<Tzunamii> devster31: https://github.com/mjsilva/rtorrent-screen-debian-init-script/blob/master/rtorrent  perhaps
<devster31> i'm using tmux, it complicates things a bit since the start-stop-daemon doesn't track the correct PID and doesn't kill rtorrent, moreover the TERM command isn't the correct one since it kills all connections instead of closing them, on the rtorrent manual they suggest it's better to use SIGINT
<Tzunamii> devster31: I don't use tmux myself, but this might help you out: https://sites.google.com/a/demonkutya.com/demonkutya/bash/anewimprovedrtorrentservicescript
<devster31> thanks
<devster31> that's what I was looking for
<Tzunamii> Any time
<Tynach> Hi, I'm developing a website, and so on my Ubuntu desktop I've installed some of the server packages. Because I don't want to run X11 apps as root, I'm storing my website files (written in PHP) in a subdirectory of my home directory.
<Tynach> I'm using Ubuntu 14.10, and I finally managed to get Apache to load the index.php file and send it to the browser... But it's just raw PHP. Not the output of the PHP file.
<Tynach> If I use PHP inside of the /var/www/http folder, it works. But outside of that, it does not.
<Tynach> How do I fix this?
<devster31> I think there's a piece of Apache config that tells the server which pages should be processed by php, I'm not that familiar with Apache though
<Tynach> Well yeah, but that's just for file extensions. .php, .php5, .phps, etc.
<devster31> did you check if all the phpmodules are installed and enabled in apache?
<Tynach> devster31, yes, and inside of /var/www PHP works fine. But outside of there, it does not.
<devster31> if you're using virtual servers maybe you need to copy AddType application/x-httpd-php .php in the second one too
<Tynach> You know what, nevermind. I just found my problem, and I feel like an utter moron. I tested PHP in my home directory with '<?' tags instead of '<?php' tags.
<Tynach> Switching to <?php works just fine. I presume if I really want to continue using <? I'll just edit php.ini.
<kabar> *** System restart required ***
<kabar> which command i used to fix this
<devster31> sudo reboot?
<Tynach> kabar, 'sudo shutdown -r now' should work. I don't know if Ubuntu has a different, more preferred method.
<Tynach> The '-r' in there is for 'reboot'.
<devster31> unless you already did and there's still the message
<devster31> or you don't want to reboot
 * andol nowdays prefer the reboot command, since that day he accidently mixed up "shutdown -r" and "shutdown -h", on a remote server.
<kabar> if i only use reboot
<kabar> is good
<kabar> or not
<guntbert> kabar: you need     sudo reboot
<Tynach> kabar, unless you're already in a root shell, you need 'sudo' for anything that affects the operation of the system. Whether that's a system configuration file, or shutting down/rebooting the system, you always need 'sudo' or in some other way gain root privileges.
<kabar> it's work
<kabar> now *** System restart required *** is not showing
<devster31> how do file permission work for a docker container with a system folder mounted?
#ubuntu-server 2015-01-25
<acmehandle> How do I prevent user from viewing the '/' root directory?
<SchrodingersScat> !permissions | acmehandle
<ubottu> acmehandle: An explanation of what file permissions are and how they can be manipulated can be found at https://help.ubuntu.com/community/FilePermissions
#ubuntu-server 2016-01-25
<tsimonq2> hi, where would the last meeting's logs be? I can't seem to find them...
<PCatinean> Hello everyone, I have received an email from the hosting service that my server was sending out spam.Looking at the server logs I see hundrets of email being sent constantly
<PCatinean> I've shut the postfix server down for now but now I need to investigate and see the cause, can anyone please help me debug this so I can take the proper course of action?
<cpaelzer> PCatinean: Hi, is that the same discussion as started on #ubunutu ?
<PCatinean> cpaelzer, yes it's the same, I was refered to this chan for ubuntu server, but yeah
<cpaelzer> PCatinean: IHO - since the discussion there already started to drag in more people lets keep it there for now
<PCatinean> Ok will do, thanks cpaelzer
<cpaelzer> PCatinean: we are fine to get here again if they refer you to go "off" the chan :-)
<PCatinean> Haha, ok thanks :D
<PCatinean> what is your take on this btw cpaelzer ?
<cpaelzer> PCatinean: I'm not an expert, but I'm fine giving you my take :-)
<cpaelzer> PCatinean: in general I'd have two ways of attack #1 stop it spreading #2 analysis
<PCatinean> Done first by shutting down postfix server I guess
<cpaelzer> PCatinean: #1 would mean I take the server off the network entirely (if possible) and keep it for later debugging
<cpaelzer> PCatinean: replacing it with a totally fresh and healthy new one for a while at least
<cpaelzer> PCatinean: then there would be time to do #2 and find out what happened - with that you have an idea if/what to search in your further environment
<cpaelzer> PCatinean: there are a few good links I found on the first search - probably those guys have thought way more about it - e.g.
<cpaelzer> https://wiki.ubuntu.com/BasicSecurity/DidIJustGetOwned http://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server  http://www.cert.org/historical/tech_tips/win-UNIX-system_compromise.cfm (old)
<PCatinean> Thanks a lot cpaelzer
<PCatinean> Btw I have ispconfig installed if that makes a difference
<cpaelzer> PCatinean: honestly If I'm in your situation I'd go to people who did that more often - I expect there are a lot things that can be done right or wrong :-/
<cpaelzer> PCatinean: are you in the lucky case that you have some kind of official support contract like http://www.ubuntu.com/management/ubuntu-advantage (or others) - so you could tap on these ressources?
<cpaelzer> PCatinean: if not my personal way would go to some friends with an IT Sec background, but well you need to find those right :-)
<cpaelzer> PCatinean: if nothing of that is an option for you my (personal) direction would be as stated above, take it off the net, replace it so your service works and read all the links (and more) to start breaking down what happened
<cpaelzer> PCatinean: I never used ispconfig, so I don't know if it would help you in any way in this case
<cpaelzer> PCatinean: all of that https://wiki.ubuntu.com/BasicSecurity is good, but most is about preparing, IMHO only the part I linked before is for "after-the-fact" cases
<PCatinean> cpaelzer, thank you for the detailed answer.It's clear that I just have to read through links, break them down one by one and In the meantime I've contacted a sysadmin
<cpaelzer> PCatinean: yeah thats probably wise, so you are not owning the systems but only the services on them?
<PCatinean> I do own the system I have full root access
<cpaelzer> PCatinean: but it is hosted somewhere for you then  regarding "I contacted a sysadmin"?
<PCatinean> Ah yes he is a general sysadmin does not belong to the hosting company where the admin is
<cpaelzer> PCatinean: ok, sorry I couldn't help more - I hope you quickly find what happened and it isn't too widespread
<PCatinean> Sysadmin as in he works with this stuff on a regualar basis not like me that I just need them when I need to put my programming work online
<PCatinean> Me too, thanks a lot for your patience :D
<cpaelzer> PCatinean: ok, I see that is your friend to ask then
<PCatinean> cpaelzer, found this in the log, I think this is the first time they broke in
<PCatinean> 82.211.31.232
<PCatinean> oops no that's the ip
<PCatinean> http://hastebin.com/izuwihohon.pl
<cpaelzer> PCatinean: well then it is at least not too old yet
<cpaelzer> PCatinean: this can be false positives in case the IP is actually one of you and missing in @local_domains_maps
<PCatinean> It's sending out emails to trolololo, that wasn't any of our users for sure :))
<PCatinean> So it does not specify which email address was used?
<cpaelzer> PCatinean: it seems it doesn't specify, but since with SMTP the sending addr could easily be faked it might only lead you astray anyway
<cpaelzer> maybe that is why they didn't report it
<PCatinean> Sorry not to familiar with the terms and how it works
<PCatinean> Doesn't that line imply that the email server received a order to send to those email addresses which means somebody had a username?
<cpaelzer> PCatinean: well they faked the submitter to example.com didn't they
<cpaelzer> PCatinean: yes I read it as it got an order to send, but authentication and SMTP are two things that don't stick together all too well
<cpaelzer> PCatinean: just read the first paragraph https://en.wikipedia.org/wiki/Email_spoofing :-)
<cpaelzer> PCatinean: so I'm not saying that alone
<cpaelzer> PCatinean: so far you only know that someone was able to connect to your SMTP - "if and which" authentication you set in front of that is up to you as SMTP itself doesn't imply one
<cpaelzer> PCatinean: https://en.wikipedia.org/wiki/SMTP_Authentication for basics, you have to find what of that or similar your setup uses
<cpaelzer> PCatinean: and then you are right to assume that somebody went past that
<PCatinean> hmm hmm hmm
<cpaelzer> PCatinean: the reported IP could also be one path for you to take a look
<cpaelzer> PCatinean: while it might be likely that this wasn't the origin, but just an hop in between
<cpaelzer> PCatinean: it might still be worth to send a mail to the owner so they can check - maybe they are compromised as well
<PCatinean> pfuuu this is complex stuff when you have no idea
<cpaelzer> PCatinean: "seems" to be from http://www.accelerated.de/en/ and they do hosting
<cpaelzer> PCatinean: so maybe just one of the systems they host is compromised as well
<cpaelzer> PCatinean: yet I'd consider it nice if you let them know about it
<cpaelzer> PCatinean: you can (more or less) check IPs with e.g. https://www.whoismyisp.org/ip/82.211.31.232
<cpaelzer> PCatinean: but then be aware that mostly you only finde the ISP with that - stil lin this case it seems to point at a particula data center service provider which is good
<cpaelzer> PCatinean: as the have likely personal to deal with such stuff
<cpaelzer> PCatinean: on their end at least
<cpaelzer> PCatinean: you still have to find how they passed your security/auth but that depends too much on what you actually had set up
<cpaelzer> PCatinean: I talked to a few more people and - while I don't know if that is an option for you - other than taking it just off the network we weould have a few more hints
<cpaelzer> PCatinean: that would be - before you start looking around on that system clone off the disks (in case the rootkit or whatever removes itself to not be found you can go back and try again)
<cpaelzer> PCatinean: also any analysis should be done from "the outside" so not on that system booted, but from another system mounting the disks
<cpaelzer> PCatinean: otherwise the rootkits can hide themselve too good
<cpaelzer> PCatinean: but as I said, I don't know if that is an option for your hosted environment
<PCatinean> cpaelzer, this is eeary
<PCatinean> http://hastebin.com/tamuhijoji.rb
<PCatinean> I think the test email username has been hijacked?
<PCatinean> This is the first time things started acting up in the logs
<cpaelzer> PCatinean: another hint from some friends http://www.gfi.com/blog/top-20-free-digital-forensic-investigation-tools-for-sysadmins/
<cpaelzer> PCatinean: but almost all efforts start with cloning and taking it offline
<cpaelzer> PCatinean: yeah that looks like the auth for the test account
<cpaelzer> PCatinean: is that still in the default setup?
<PCatinean> Can't take it offline as it is a production server :(
<cpaelzer> PCatinean: that might be the most likely issue
<PCatinean> The default setup of postfix? yes
<PCatinean> and ispconfig
<cpaelzer> PCatinean: well than IMO you WILL take it offline at some day - there is no way keeping a compromised system in the long run
<cpaelzer> PCatinean: you never know "what else" might be in there
<PCatinean> Well I can make a fresh install in the weekend I guess and config everything from scratch
<PCatinean> Just I need to know what went wrong and fix it the next time
<cpaelzer> PCatinean: but do it on a different system if you can, so you have time to analyze this one more thoroughly
<cpaelzer> PCatinean: follow all of this and likely more http://serverfault.com/questions/644219/postfix-and-compromised-accounts
<cpaelzer> PCatinean: but I guess you already did the first time - at least you have amavis and such
<PCatinean> Not sure if I want to wipe the entire system because of something like for example: having test@site.com with a weak password
<cpaelzer> PCatinean: if you are sure it was just that it - after all it is your call to make anyway
<PCatinean> I can never be sure but the evidence tends to point at this
<peetaur> Hi, when trying to do "apt-get update" using either de.archive.ubuntu.com or us.archive.ubuntu.com (didn't try others), I get this error:  W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/precise-updates/main/binary-i386/Packages  Hash Sum mismatch
<peetaur> seems to happen on any server. So ... what can I do to get it fixed?
<peetaur> only affects precise, not trusty.
<peetaur> and not just main repo, but also universe
<PCatinean> Is this bad? smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
<peetaur> also not sure if related... but I get some bzip2 errors also, also only for precise, not trusty... but if I delete these repos from my apt-cacher-ng server, the errors go away https://bpaste.net/show/6ae2b0ac1497
<peetaur> (and the first error happens with or without using apt-cacher-ng)
<lordievader> Good morning.
<MacroMan> Wanted to check that calling debchange -nmu on a package that I am building will prevent apt-get from overwriting my installed package?
<ikonia> I wouldn't say thats the best way to do it
<ikonia> I'd look at pinning it pre-install
<ikonia> or changing the package name to significy it's your custom version assuming nothing depends on it
<MacroMan> ikonia, Thanks. So I'd use debchange --create for that ?
<ikonia> doesn't that just create a diff
<MacroMan> Efectively creating my own unique package
<rbasak> If the package in the archive is version 1.0-1, I usually use 1.0-1.1~local1 or something like that. Then any security or bugfix updates will trump my local version, but I can set up a package hold to avoidthat if I wish.
 * MacroMan is reading more docs on debchange
<rbasak> MacroMan: you want to focus on how apt works and how Debian version strings are compared (defined in Debian policy, test with dpkg --compare-versions)
<MacroMan> rbasak, Cool thanks.
<rbasak> MacroMan: debchange is really for the common cases only. It just changes the version string in certain preset ways.
<rbasak> Maintainers can always trump debchange by changing the version string manually
<MacroMan> OK. Well my use case is adding a config string onto nginx and repackaging for install. I really just want apt to not overwrite my package and let me upgrade it manually.
<MacroMan> My use it important that it remains my version and not the maintainers, even for security as my setup completely relies on my change.
<rbasak> Is this for HTTP/2 support?
<MacroMan> No, image_filter.
<MacroMan> I'm already using their repo which has http/2 enabled.
<MacroMan> This for an image server only and so if image_filter stops working, so will all my image resizing
<rbasak> Say on Trusty, where nginx is 1.4.6-1ubuntu3. I would rebuild as 1.4.6-1ubuntu3+local1. Then I'd add a package hold using dpkg --set-selections.
<rbasak> I'm not absolutely sure this works as you want. Please check before using!
<rbasak> Also, obviously you want to be keeping a very close eye on any nginx security notices.
<MacroMan> Presumibly calling `dpkg --install` will still allow me to install a package even with a hold?
<MacroMan> It'll just prevent apt from upgrading it?
<MacroMan> Found the answer. And yes it does.
<MacroMan> rbasak, Thanks for that. It's set me on the right track.
<MacroMan> I'm looking to run something to test that one of my servers is online, but sending it a ping every second somehow seems absurd. Is there a better solution?
<MacroMan> This is to run almost continuously for the next 2 weeks.
<hateball> MacroMan: what's absurd about that? if you need to know it responds to ping every second, what else would you do?
<hateball> Do you need to monitor if a certain service is running?
<lordievader> Zabbix does precisely this to see if something is up.
<hateball> Yes, or nagios or plenty of others
<lordievader> Uhum
<peetaur> MacroMan: why not ping? does it use too much bandwidth? :P
<OerHeks> make a cronjob that pings every minute?
<MacroMan> Just seemed a little absurd, but I suppose any keep-alive tool will do just that.
<MacroMan> I'm basically having and argument with a data centre over connectivity dropping and them insisting that it's fine. So I want to run a continuous test to show it the connection goes down.
<hateball> oh they left
<peetaur> "failure is fine" :D
<hateball> I was going to suggest them to install smokeping
<hateball> produces nice graphs they could hand over
<jpastore> Can I get a recommendation on where to place a drop rule? the ufw rules files seem a little confusing for something that's supposed to be uncomplicated. basically I want to drop anything not allowed
<thebwt> if that were a rule, it should be last. But give me a second, there should be a way to make that default (if it isn't already)
<jpastore> thebwt, I agree it should be the last rule. I think it should go in ufw-after-input chain in the after.rules file is that correct?
<thebwt> ohhh you mean direct iptables manipulations. Yes that sounds correct
<jpastore> well I'm modifying the ufw config file for persistence.
<thebwt> gotcha, I thought you where messing with the 'ufw default deny INPUT' type thing. I've not done it that way.
<jpastore> so if I add to the /etc/ufw/after.rules as the last line before the commit: -A ufw-after-input -i p5p1 -j DROP it shoudl drop anything not matched prior right?
<jpastore> I know p5p1 is weird.
<thebwt> yes, but it also skips the ufw-reject-input, ufw-after-logging-input, and ufw-track-input chains
<jpastore> wouldn't that be better in the case of some type of a DoS attack? by rejecting and/or logging, it will cause more of a problem. is it not better to just drop off problems?
<thebwt> I mean, if that's the objective.
<thebwt> not enough context to say, my infra usually sits under  load balancer, so only the ports allowed pass through
<thebwt> if it's a DoS to some non http protocol, then yea that would help. But usually they're going to be over the stuff you've already allowed
<thebwt> and if it's a ddos (not a just a Dos like you said) iptables ain't gonna save you
<jpastore> thebwt, fair enough. thanks for the input
<jpastore> I feel like ufw is far more complicated than iptables solo.
<^King> How to check if http is installed on my ubuntu vps?
<^King> via ssh/putty
<rbasak> nacc: https://bugs.launchpad.net/ubuntu/+source/php5
<pmatulis> stgraber, hallyn: are there iptables issues with using LXD (especially in regards to using it with Juju)? can iptables rules get in the way somehow?
<rbasak> nacc: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1315888
<ubottu> Launchpad bug 1315888 in php5 (Ubuntu Trusty) "Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist" [High,Confirmed]
<rbasak> https://bugs.launchpad.net/ubuntu/+source/php5/+bug/74647
<ubottu> Launchpad bug 74647 in php "php5-gd not using bundled GD library" [Undecided,Fix released]
<rbasak> https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1184252
<ubottu> Launchpad bug 1184252 in php5 (Ubuntu) "php5: non-free files in upstream tarball ("The Software shall be used for Good, not Evil")" [High,Fix released]
<rbasak> https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1069529
<ubottu> Launchpad bug 1069529 in php5 (Ubuntu Raring) "Regression in system fallback for date_default_timezone_get()" [Medium,Fix released]
<coreycb`> zul, can you sync python-os-win 0.1.1-1 from experimental
<zul> coreycb`: 0.0.6-1ubuntu1 is in -proposed
<coreycb`> zul, it's ok for a sync, debian has py3 support now
<lucidguy> need to upgrade a 10.04 server to 12.04.  Can't seem to accomplish this via apt etc.. guess due to eof.  Any predicitons to how successful I'll be using a 12.04 ISO instead?
<sarnold> do-release-upgrade ought to do it
<lucidguy> sarnold: I doesnt, you get erorr 404 on some of the repos.  Tried switchout out to archive ones, but still not luck.
<patdk-wk> only if he enabled the archives repos for 10.04
<lucidguy> actually using old-releases.ubuntu.com etc
<bekks> !eolupgrade | lucidguy
<ubottu> lucidguy: End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
<lucidguy> Yeah, followed those instructions, the install pukes
<bekks> lucidguy: So your computer starts to smell?
<bekks> lucidguy: Or do you get specific error messages instead?
<gQuigs> where can I find what's blocking ceph 0.8.10 from the cloud archive?  (or the cloud archive bug version of 1477174 or 1535278)
<gQuigs> I'm really looking for when 0.8.11 would be released (or where I can track it) for the cloud archive for precise...
<jpastore> hi, quick question, Is there a limit to the number of physical cores the stock kernel can support? someone told me it was 16.
<jpastore> looking for info to substantiate that
<shauno> jpastore: there is, but it's way past 16.  try: grep NR_CPUS /boot/config-`uname -r`
<jpastore> thank you
<sarnold> jpastore: you could also use something like num_cpus kernel boot parameter, taskset(1) or cpuset(7)
<jpastore> sarnold, well I'm trying to figure out how many cores postgres will support and if I need to do anything special to the kernel or postgres. like recompile with other switches...though I'm considering seeing if the intel primatives would be of benefit as well
<sarnold> jpastore: the handful of google results that looked like they'd be worth interpreting (with a grain of salt) suggests postgresql scales at least through 64 cores well, but that your workload needs to be parallel enough for it to work -- postgresql will use one task per connection, so if you've just got four connections, that might use four cores, and leave the rest of the cores more or less idle
<nacc> jpastore: do you actually mean physical cores? or do you mean logical cpus?
<nacc> jpastore: iirc, NR_CPUS=256 in the ubuntu kernel (at least glancing at one of my systems) -- and that's the number of *logical* cpus the kernel supports
<nacc> jpastore: so let's say you had HT2 on an Intel CPU, I believe that would mean you had 128 cores enumerable, aiui
<nacc> jpastore: it then depends on how many sockets are in your physical machine, etc
<nacc> the only way it would be 16, though is, if you had HT4, which I don't think is possible on any of the current generation of Intel CPUs (skylake)
<ianorlin> I don't think there are multisocket skylake out yet or anything more than say a quad core for skylake as xeons only the E3 have even been anounced
<nacc> ianorlin: ah true
<ianorlin> I don't think there are any with four threads per core
#ubuntu-server 2016-01-26
<jpastore> sarnold, thank you. I've run into a similar info wall googling
<jpastore> nacc, physical, but as far as pg is concerned, both. Though I'm told logical cores don't always work out as well as expected.
<sarnold> jpastore: *nod* not a real surprise, the folks who know just do what they need to do...
<jpastore> sarnold, /sigh so how do those who don't know become the ones who know?
<patdk-lap> it really depends on the workload
<sarnold> jpastore: if you're lucky you find the right group to help you along :)
<patdk-lap> ht cores only help, when your using different parts of the cpu
<sarnold> patdk-lap: so, there's a question -- which would you prefer of two e5-26.. v3 CPUs, one with ten cores and no HT, or eight cores and HT?  :)
<patdk-lap> those are small options
<jpastore> patdk-lap, well, the application is telephony switch. I'm setting kamailio for LCR. so every dial is going to be a few queries.
<patdk-lap> need to know clock rate, interchange speed
<patdk-lap> qpi speed
<patdk-lap> and specifically, what load it will be running
<jpastore> I'm storing CDRs, querying for LRN to feed LCR.
<patdk-lap> some loads do just math, so more cores better
<patdk-lap> orthers need more memory access, so qpi matters
<jpastore> well this would be a few read do hi/lo btree comparison in the index, and then a write for the cdr for later analytics
<patdk-lap> if you want max lookup speeds
<patdk-lap> and lookups won't hit in the cpu cache
<patdk-lap> you want best qpi speed
<patdk-lap> fastest access to memory
<jpastore> ok I'll check on the chips quoted
<patdk-lap> if the issue is running many many at once
<patdk-lap> it might be more cores is better
<patdk-lap> then the debate is cpu cache vs memory acccess speeds
<patdk-lap> memory access is slow, and that core will wait, ht could help make use of that core during that waiting though
<patdk-lap> sarnold, if all things the same, 8cores
<patdk-lap> ht is hardly benifit pg itself
<patdk-lap> it will help the system some, but not enough vs 2 more real cores
<patdk-lap> ht at the best normally gives 20% improvement,
<sarnold> patdk-lap: so, here's the two systems.. http://www.cpu-world.com/Compare_CPUs/Intel_CM8064401612900,Intel_CM8064401831000/
<patdk-lap> oh ya, 10core :)
<sarnold> patdk-lap: 2630 vs 2663; the 2663 chips look like they're impressive beasts but I don't know if they'd be faster enough for my work loads to justify the extra heat..
<patdk-lap> higher qpi, but only alittle
<patdk-lap> much higher cache
<patdk-lap> the qpi you can see translates to supported memory
<patdk-lap> ddr-1600 vs ddr-2133
<RoyK> some years back, ht was a joke. the latest tests I've seen show it may be a big gain, obviously depending on type of load
<patdk-lap> so if we give ht it's best case of 20% improvement, that is like 1.6 extra cores at best case
<sarnold> I -think- that the systems that are using the 2663 have all 24 memory slots occupied and thus run at slower speeds anyway
<patdk-lap> sarnold, only if you fill them
<patdk-lap> if you don't fill every slot, it will run full speed
<sarnold> RoyK: yeah, it used to be something like 5% performance boost or 10% performance loss.. but these days with super-deep pipelines and glacial memory speeds, it might make more sense than it used to
<patdk-lap> think it's more that the compilers are much more tuned to making ht friendly code too
<patdk-lap> removing as many jumps and stuff as possible, so the pipeline doesn'tget dumped and reloaded
<RoyK> a friend of mine tested his i7 something for transcoding video and he got a good boost by enabling ht (after we were discussing how much it really can do)
<sarnold> patdk-lap: the nice thing about filling all the slots is that it's a hueg amount of memory :) http://www.ebay.com/itm/IBM-LENOVO-THINKSERVER-RD650-2x-E5-2663-v3-10-CORE-192GB-12x-3TB-SAS-W-RAILS-/201468817323?hash=item2ee87a2fab
<RoyK> I beleive that boost was 40% or so over non-ht
<sarnold> RoyK: wow
<RoyK> sarnold: I don't remember the numbers correctly - posted a question to him - guess he'll be up tomorrow sometime to answer it
<sarnold> RoyK: thanks
<RoyK> sarnold: I looked at the IRC logs from back in may - looks like it was some rendering with a performance gain of 35% or so. Well hopefully know more tomorrow
<sarnold> RoyK: wow. very impressive :)
<RoyK> it surprised me a great deal
<sarnold> it's certainly a lot more than I'd expect. but I don't know how well rendering matches my own eventual needs.. VMs, fuzzing, ubuntu archives, and all the packages unpacked for archive-wide greps, cppcheck, shellcheck, etc runs... all those feel more disk-blocked than RAM blocked
<sarnold> but even then, another hardware thread willing to run might benefit greatly from the HT
<RoyK> I just don't know enough about this...
<patdk-lap> ya depends, those workloads are so random
<patdk-lap> if it was just postgres, I would go the 10core
<patdk-lap> single threaded performance, faster memory speeds, would greatly help it
<RoyK> I went to an HPC seminar some 4 or 5 years back and they were like "turn it off!"
<RoyK> for postgres, I'd leave it on
<patdk-lap> ya, I would always leave it on
<patdk-lap> but the question is 8core with ht, or 10core without ht support :)
<patdk-lap> 2.4ghz vs 2.8ghz
<RoyK> although... I don't have much postgres servers left that aren't virtual ;)
<RoyK> We have some 250 servers in operation, some 30 of them are physical and most of those are to be retired soon
<sarnold> RoyK: heh, are any of them going to be for sale? :)
<sarnold> oh, I forgot, you're in norway, right? shipping/import probably too much hassle :)
<RoyK> sarnold: mostly old stuff - the newest ones we're throwing out will be R300s
<RoyK> all new servers are blade servers anyway, except a handful of 1U or 2U servers (and one 4U thingie with zfs for cctv storage)
<sarnold> RoyK: ahhh :)
<RoyK> some of our old school admins still stick to physical servers (even though those are the most troublesome ones)
<grendal_prime> anybody know how to set up... libaprutil1-dbd-pgsql
<grendal_prime> I cant figure out where the config file is...
<sarnold> does dpkg -L libaprutil1-dbd-pgsql  help?
<grendal_prime> let me check
<grendal_prime> ya no good
<grendal_prime> i just dont understand
<hallyn> pmatulis: sorry, was out today.  i don't know of any iptable sissues with using lxd.  lxd is afaik still network-agnostic atm.  It will eentually have a ipv6-only bridge of its own, but not yet.
<hallyn> pmatulis: waht are you seeing?
<haidar_> hello ,I want to put the server.iso file inside the Ubuntu server throught command how can I do that please "the ubuntu server is running on VM and the OS is windows" I want to put it in dirctory /var/lib/libvirt/images???
<haidar_> I would like to copy file server.iso to dirctory /var/lib/libvirt/images ?? I have a file in usb flash disk and the OS is windows
<adun153> haidar: to clarify, you have a flash drive plugged into your linux server, and you want to copy a Windows Image from that to /var/lib/libvirt/images?
<TurBoss> Hi
<TurBoss> I'm getting GPG errors when doing apt-get update
<TurBoss> http://dpaste.com/1JT6GST
<mahdi> hi all
<mahdi> i configure my main board for use raid 1 with two hard driver and install ubuntu 14.04 server and in boot i get these error
<mahdi> mdm create use root not found
<mahdi> mdadm create groud disk not found
<mahdi> and system not boot and these message print in a loop
<pmatulis> hallyn: i'm not seeing anything yet. i'm writing LXD:Juju documentation and i'm trying to be proactive
<gQuigs> jamespage: would the plan be to backport 0.80.11 to the precise Cloud archive (unlike 0.80.10 which didn't make it?)  LP#1535278
<jamespage> gQuigs, for 12.04?
<jamespage> bug 1535278
<gQuigs> jamespage: yup
<ubottu> bug 1535278 in ceph (Ubuntu Trusty) "0.80.11 stable point release" [Medium,In progress] https://launchpad.net/bugs/1535278
<jamespage> gQuigs, once SRU team accept that into trusty, I'll get it pushed through to icehouse-proposed for UCA
<jamespage> gQuigs, we'll give everything a test and then push out that and any other updates that are pending release
<gQuigs> jamespage: awesome :)
<gQuigs> I was just concerned because 0.8.10 never made it out of the cloud archive -proposed it seems
<jamespage> .10 not being released was an oversight - apologies
<gQuigs> oh ok :)
<gQuigs> thanks!
<hallyn> pmatulis: oh.  well today/tomorrow stgraber  and tycho and i will be traveling, but we'll be all in one spot thu/fri so might be a good time to have a hangout to discuss docs
<pmatulis> hallyn: ok
<hallyn> stgraber: do you care when/what time we would do that?  pmatulis: you're east coast?
<pmatulis> hallyn: yeah
<hallyn> pmatulis: ok i'll schedule something for thu - morning your time.
<pmatulis> hallyn: are there other things you want to discuss re juju/lxd docs? lxd/firewall may be just a few minutes
<hallyn> pmatulis: do you have a rough draft you can send us so we can think about it?  'just a few minutes' is definately fine :)  But i wanna make sure we have kickass lxd doand juju+lxd docs on help.ubuntu.com
<hallyn> pmatulis: invite sent - thanks for working on the docs!
<pmatulis> hallyn: lxd itself will remain on linuxcontainers.org for now and juju/lxd docs will be on jujucharms.com (that url always feels strange)
<pmatulis> hallyn: maybe you can review the juju/lxd stuff - https://jujucharms.com/docs/devel/config-LXD
<hallyn> pmatulis: got it open in a browser, will look over it at airport later this eve - thx
<pmatulis> hallyn: thanks
<tarpman> w 23
<tarpman> excuse me.
<DammitJim> is there a reason why tomcat8 isn't available from the default repos?
<nacc> DammitJim: it's in universe?
<nacc> DammitJim: what do you mean by "default"?
<DammitJim> like with the normal repos
<DammitJim> like in the sources.list
<DammitJim> oh
<DammitJim> I'm on trusty, sorry... talking LTS
<nacc> DammitJim: ah, one sec
<DammitJim> I'm only asking because everyone at my company keeps saying we should be on the latest
<DammitJim> well, I don't want to go to the latest if there is a reason why it isn't in the normal repos
<tarpman> DammitJim: tomcat 8 was only uploaded to debian unstable a few weeks before trusty was released - way too late to make it in
<nacc> DammitJim: yeah, looks like it wasn't added to ubuntu until vivid, so it wouldn't be in that LTS
<DammitJim> oh ok
<DammitJim> but it's not like it's not "trusted" or "stable" software
<DammitJim> I just have to add the proper repo, right?
<teward> um, what?
<teward> DammitJim: it's not available in Trusty.  Unless there's a third party repository providing the software, it won't be available in Trusty
<teward> and you'd have to update to Vivid if you want the copy that's there
<teward> or rather Wily, 'cause I think Vivid is EOLing soon
<DammitJim> I would be upgrading to the next LTS release
<teward> then you wait for 16.04
<teward> then upgrade to that
<DammitJim> is that coming soon?
<tarpman> in 2016/04, as the version implies :P
<DammitJim> duh for me
<DammitJim> I never knew that
<DammitJim> look at that!
<sarnold> heh I was a bit embarassed when I finally figured it out too :)
<tarpman> DammitJim: there is also a process for requesting backports https://wiki.ubuntu.com/UbuntuBackports and a tool for doing so - requestbackport(1) from ubuntu-dev-tools
<DammitJim> any sys admins in da house?
<tarpman> DammitJim: there is also backportpackage(1) in ubuntu-dev-tools, for building a backport locally or in a ppa
<DammitJim> I think I'm going to go nuts!!!
<DammitJim> thanks for the info tarpman
<DammitJim> I'm in a weird dilema
<DammitJim> as a company apparently, we need to strive to be on the latest release if possible of any software we run
<DammitJim> I work in the IT department and the developers are telling me that I'm the one who needs to determine what version of tomcat should be installed on the servers
<DammitJim> what is wrong with that last statement?
 * tarpman shrugs
<tarpman> you're running the latest (LTS) version of ubuntu
<tarpman> and software provided by ubuntu and supported by its security team
<tarpman> if you diverge from that, you're taking on all the burden of tracking security updates and things yourself
<tarpman> it's not hard for even a manager to understand ;)
<sarnold> fwiw it looks like tomcat8 is still in universe in xenial anyway
<tarpman> ah yeah, was looking at tomcat7 - still getting some security updates in trusty and vivid
<DammitJim> what does that mean sarnold ?
<sarnold> DammitJim: packages in universe get security support from the community -- there's a handful of packages where someone from the community cares enough to keep it up to date, but most don't get that kind of attention
<nacc> DammitJim: https://help.ubuntu.com/community/Repositories/Ubuntu
<DammitJim> oh, so that's a good thing, right?
<DammitJim> thanks nacc
<DammitJim> so, in terms of determining the version of tomcat to use, do you guys think that's a sys admin thing or a developer thing?
<DammitJim> or together?
<sarnold> DammitJim: well, it surely beats having -no- repository of software :) but unless someone steps up to provide e.g. tomcat8 patches, it just doesn't get updated.
<DammitJim> I hate the fact that I was thrown the words: "We don't care as long as it is tomcat, you figure out the version"
<DammitJim> which is crazy because they are the ones who build the software that has to be compatible with tomcat
<DammitJim> or am I totally wrong?
<sarnold> DammitJim: they may stick with a core of functionality that they expect to work in tomcat7 and tomcat8 alike; or they may be willing to tailor the software to fit the requiements of either one. You need to figure out the best mixture of upstream support, ubuntu support, and self-provided support; it's not necessarily easy
<DammitJim> dammit!!!
<DammitJim> ... jim
<DammitJim> so, it is up to me, not the developers?
<sarnold> it might be worth a discussion :)
<DammitJim> ok, good
<DammitJim> I think I'm going to collect all the information you have given me
<DammitJim> so, release schedule
<DammitJim> support
<sarnold> "hey guys we can use canonical-supported tomcat7 packages in the latest LTS will very little effort"
<DammitJim> upstream plan
<DammitJim> anything else I"m missing?
<DammitJim> vs if I need support for tomcat8, where would I go?
<sarnold> "but it'd be a lot of effort for me to maintain tomcat8, if that's somethin gyou actually need. do you need any of its features? is it worth the cost?" etc
<DammitJim> in terms of security... tomcat 7 and tomcat8 are probably the same, right?
<sarnold> probably close enough
<dcnoderunner> My question is regarding package guidance of samba, not support per se.
<dcnoderunner> Asking here because ubuntu-server is the only team responsible for that package that has a channel.
<dcnoderunner> I noticed Xenial has been bumped up to 4.3. Yay!
<dcnoderunner> 4.4 will be released in March.
<nacc> dcnoderunner: what's your question?
<dcnoderunner> Samba does not do LTS type releases. To get the longest support from them upstream, one should pick the "freshest" release.
<dcnoderunner> Has any finite decision been made on if Xenial will ship with 4.4?
<nacc> dcnoderunner: feature freeze for xenial is feb. 18, just fyi
<dcnoderunner> (and where do I find such info in the future so I don't have to bug you guys each release?)
<henkjan> dcnoderunner: https://wiki.ubuntu.com/KernelTeam/Newsletter/2016-01-12
<dcnoderunner> FYI received. [In the back of my head I think I've seen things arbitrarily exempted by Canonical employees in the past]
<dcnoderunner> Yay again!
<sarnold> dcnoderunner: https://wiki.ubuntu.com/Releases  usually  has links off to per-release plans, schedules..
<sarnold> but the wiki seems unhappy ATM.
<dcnoderunner> Oh wait, that meant kernel 4.4.  Oh well, that's good too.
<dcnoderunner> So the firm-but-not-final answer I'm hearing is wait and see what's been pulled or not by Feb 18th.
<dcnoderunner> I'll optimistically stay in channel to hear more for a few more hours..
<nacc> dcnoderunner: samba 4.3.3 is what's in xenial right now
<nacc> if 4.4 isn't GA until March, I'd expect it won't make Xenial
<dcnoderunner> Yeah, and I'm happy you're at least willing to break with Debian to bump it up to that.
<nacc> dcnoderunner: to be clear, it's no break ... current+1 follows unstable until feature freeze (when also, I believe the debian autosync is turned off)
<nacc> dcnoderunner: and unstable (sid) now has 4.3.3 as well
<dcnoderunner> But samba only supports their releases for 18 months. So the longer you're 'in the range' of their support cycle, the easier it should be to work with them and squash bugs.
<dcnoderunner> https://wiki.samba.org/index.php/Samba_Release_Planning
<dcnoderunner> https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.4
<nacc> dcnoderunner: there's lots of unsupported (upstream) versions potentially -- i would consider send an e-mail the -devel mailing list to find out, i'm not sure who's in charge of deciding that
<dcnoderunner> nacc: Oh, really? Unstable was still at 4.1 when I looked last week. Sorry.
<nacc> dcnoderunner: np, just looked today, so don't know when it got updated
<tarpman> https://tracker.debian.org/news/734141 says samba 4.3.3  was accepted into unstable back in december...
<nacc> tarpman: thanks
<tarpman> dcnoderunner: fwiw, distro support for a particular package doesn't necessarily end when upstream support does. distro maintainers tend to have lots of experience supporting their stable releases by backporting patches and such.
<nacc> rbasak: let's say we did decided to have both php5 and php7 available; how would we deal with the pear/pecl packages? would there then be two versions of each? or would we simply not ship php7 versions?
<rbasak> nacc: I imagine we wouldn't ship php7 versions
<rbasak> nacc: I think it would be even more too much work to try and supply two sets of each.
<nacc> rbasak: yeah, that's what i figured -- it would get pretty hairy, i think
#ubuntu-server 2016-01-27
<roasted> hello friends
<roasted> Curious if any mdadm experts can chime in. I'm looking to take my RAID1 (2x3TB WD Reds) and migrate it to a RAID6 with 2 additional 3TB Reds I just purchased. Am I understanding correctly that best case is to create a RAID 6 (with two failed drives) with the new drives, let them sync, then rsync data from RAID1 to RAID6 degraded array, then after add the RAID1 drives to the RAID6 pool?
<sarnold> roasted: that's the approach I'd take with zfs, I presume mdadm is similar enough in this case
<roasted> sounds good. I am rsyncing all the data to my external. Just waiting on it to finish up and give this a go.
<roasted> sarnold, do you know if any formatting is required with the 2 original drives currently in the RAID1? Or would you think I can just drop them from RAID1, add to RAID6, and let the software figure it out?
<sarnold> roasted: sorry, I don't know
<roasted> sarnold, I'll have crazy up to date backups, so maybe I'll just, ya know, try it and see what happens. ;)
<sarnold> roasted: woo! :)
<mahdi> hi all
<mahdi> i configure my main board for use raid 1 with two hard driver and install ubuntu 14.04 server and in boot i get these error
<mahdi> mdadm create group disk not found
<mahdi> mdadm create user root not found
<mahdi> and system not boot and these message print in loop and when i reset system with alt+ctrl+delete the boot to ubuntu is lost
<Gyakomo> Good day, my MAAS DHCP server doesn't respond to requests for PXE Boot. What can I do?
<Gyakomo192856> Hope to avoid disconnections again, I'm Gyakomo
<halvors> Hi. I'm woundering will phpmyadmin be updated to support PHP7.0?
<halvors> Im talking about the upcoming LTS release 16.04
<ikonia> doubtful
<ikonia> as ubuntu doesn't make phpmyadmin, so if it works with 7 or not is nothing to do with ubuntu
<ikonia> and as ubuntu is not shipping php7 in "main" it's only in an additional repo, I don't think the focus will be on shipping a version oh myphpadmin that works with 7
<lordievader> halvors: Are there efforts upstream towards that goal?
<jelly> dependencies of 4.5.3.1 packaged in debian show it's compatible with php7
<jelly> Depends: libapache2-mod-php5 | libapache2-mod-php5filter | php5-cgi | php5-fpm | php5 | libapache2-mod-php7.0 | php7.0-cgi | php7.0-fpm | php7.0 [etc]
<lordievader> Then I suppose that it will be updated somewhere in the future to support php7 in Ubuntu too.
<jelly> what's the codename for 16.04?
<lordievader> Xenial
<jelly> halvors: I guess looking at packages.ubuntu.com/phpmyadmin would answer your question, then
<jelly> (click on http://packages.ubuntu.com/xenial/phpmyadmin)
<synbit> Hello, I'm trying to do something very specific with proftpd on Ubuntu 12.04. Is this the right place to ask for help? I'd be grateful if you could point me to the right direction.
<rbasak> synbit: you're welcome to ask here, or perhaps some proftpd-specific place
<synbit> rbasak: thanks. I searched for a proftpd-specific channel with no luck, so I thought I'd ask here instead.
<synbit> So here it goes: I have set up proftpd with virtual users. I'm trying to use ExecOnCommand of the mod_exec module (http://www.proftpd.org/docs/contrib/mod_exec.html).
<synbit> In order to test this I have two accounts: adminUser and testUser. These users have a different UID, but testUser has the same GID as adminUser.
<synbit> Upon successful upload of a file (that is STOR command, http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-FTP-commands.html) I execute a script which moves the uploaded file from testUser's home directory to adminUser's home directory.
<synbit> The error I'me getting is "STOR ExecOnCommand '/srv/sftp/scripts/sftpTest.sh' failed: Operation not permitted"
<ikonia> you just need to debug that script
<ikonia> operation not permitted could be a bug with something being called in the script, or as simple as the script not having execute permissions
<synbit> Trying to replace the mv command with something like "echo 'bla' > /tmp/test.txt" works fine. Seems like a permissions issue to me. Any ideas how to do this with proftpd?
<ikonia> no idea about proftpd - it's an ftp daemon, not aware of how to use it as a file system manager
<synbit> ikonia: thanks for your input. The script is executable by anyone
<synbit> I'd prefer to use the built-in functionality of the ExecOnCommand that proftpd provides rather than implement my own "file-mover" with a cronjob or something...
<synbit> If anyone has done that I'd appreciate their input!
<rbasak> Try running the script manually as you expect it would be called, but as the ftp user. Also check for AppArmor denials.
<rbasak> Make sure the filesystem isn't mounted noexec
<rbasak> Somehow I suspect that your script isn't running at all.
<synbit> rbasak: hmmm... I'll try running it as this virtual user (If I can switch to that). That's why I suspected as well, but when I replaced the mv with the echo to some file in /tmp it worked. Which means it is executed.
<synbit> I'll try switching to this user first though... Thanks for your suggestion
<tomreyn> maybe it's the users' shell?
<tomreyn> for user in testUser adminUser; do echo "Shell of $user: $(getent passwd $user|awk -F: '{print $NF}')"; done
<tomreyn> synbit: more likely, though, based on what you discussed so far the target directory is not writable for your testUser, though.
<synbit> tomreyn: I've explicitly added testUser to the same group as adminUser and have also given appropriate group permissions on the folder the script is attempting to move files to
<synbit> I tried switching to testUser, but as this user is virtual (defined within proftpd's config) I get "Unknwon id" back as I would expect.
<synbit> Also proftpd has not an explicit apparmor profile (the service is not listed apparmor_status command's output).
<synbit> I am not very familiar with apparmor, but what I'm thinking now is checking the default profile for apparmor (I suspect this is where proftpd will belong since there is no specific profile?)
<synbit> right, so I disabled apparmor with the teardown option according to the wiki, I ckeched there are no profiles loaded, tried again and still got the same error...
<synbit> Somehow I feel the problem can be solved within proftpd's config... Running chmod 777 on the adminUser's home (as a test) did not help either.
<synbit> tomreyn: Sorry, I missed your comment regarding the users' shell. The problem is that these users don't exist in the passwd file. Tried to pass a different file as an argument to getent and I got "Unknown database" error.
<synbit> Looking into proftpd's specific passwd file, I can tell you both users have /bin/bash defined as their shell if that helps.
<tomreyn> synbit: if it's virtual users they'll be restricted to *at most* the possibilities the system user running the server process has.
<tomreyn> also there can be a chroot configuration (in proftpd's configuration files) in place by default restricting things further.
<tomreyn> also in openssh's configuration in case you're using that for sftp / scp transfers + authentication
<synbit> tomreyn: You are right (http://www.proftpd.org/docs/contrib/mod_exec.html#ExecOnCommand).
<synbit> I'm not sure what's wrong though with the script being executable by anyone and the involved directories and files rwx by at least the group that both virtual users belong to.
<tomreyn> its location by chance
<synbit> do you mean the location of the script?
<synbit> because that's fine as well.
<tomreyn> yes, if it's outside of the area these users have access to permission denied is what you'd get to see
<synbit> yeah, you are right. I'm not sure what role the location of the script plays in this, but I suspect it's fine.
<synbit> Otherwise when I replaced the script's contents with "echo 'bla' > /tmp/file.txt" the script executed successfully and the file /tmp/file.txt was created as well
<zin_> Hi! my mdadm raid wont auto mount after power failure. is it posssible to fix this?
<rbasak> proftpd isn't using seccomp or something like that , is it?
<synbit> rbasak: honestly I have no idea what seccomp is... Let me have a look and I'll post back
<synbit> zin_: Not sure I'm the best person to give advice on this, but check if there is an entry in /etc/fstab for your raid
<zin_> synbit: yes it is in fstab
<zin_> synbit: /dev/md0        /home   ext2    defaults        0       0
<tomreyn> RAIDs don't mount, they are assmbled and activated, providing access to file systems (and other structures) stored on them
<tomreyn> well check the file system stored on /dev/md0
<tomreyn> and review the status of your RAID using cat /proc/mdstat
<zin_> md0 : active raid1 sda1[2] sdc1[3]       1953382336 blocks super 1.2 [2/2] [UU]
<zin_> and the md0's filesystem is the same as in the fstab
<zin_> and raid state is clean
<zin_> if i restart pc it works. but after power failure it wont
<zin_> it is still under /dev/md0
<zin_> and still clean
<zin_> but i have to write manually 'mount /dev/md0 /home'
<synbit> rbasak: I did apt-cache search seccomp and it came back with libseccomp-dev, libseccomp0 and libseccomp1
<synbit> none of these packages are installed on the system. Am I right to assume that's a module? I did lsmod and couldn't find anything related either
<synbit> Searching the web I found that vsftpd is using it as of version 3.0.0, but I couldn't find any references to proftpd. If you know a definitive way of checking whether proftpd is using seccomp please let me know.
<pitastrudl> how could i monitor&log the network connection stability of a virtual server?
<pitastrudl> to see when it lost connectivity and for how long and maybe some additional info if possible
<hateball> pitastrudl: there are simple things like smokeping, or you can use a real monitoring solution like icinga, zabbix etc
<pitastrudl> thanks hateball, ill look into that
<ren0v0> Hi, when using ssh, how do i tell ubuntu to use all keys under ~/.ssh/  ?
<ren0v0> currenetly it only looks for id_rsa
<lordievader> You write an ssh config?
<ren0v0> lordievader, nope
<ren0v0> lordievader, i'm pretty sure normally if i add a key to that folder its just "tried" by default
<ren0v0> maybe i'm tripping :)
<ren0v0> lordievader, say i'm doing this for a git repository, and i have 4 repos all with different key access, what then? do i just set the host in ssh config to the repo url or something? And this is definitely the normal thing to do, because i've never done it before
<lordievader> SSH configs are lovely. Also you don't want to try all your keys at some random host.
<lordievader> ren0v0: https://www.reddit.com/r/netsec/comments/3frnxb/my_ssh_server_knows_who_you_are_seriously_try_ssh/
<ren0v0> lordievader, hmm, maybe its a .gitconfig option and i'm stupid
<ren0v0> just can't remember ever writing any of this to a config, and it just "working", you're right about trying all keys, but i'll only have 5 and a few repos
<soahccc> I have a problem with fail2ban not unbanning IPs. The status of the jail shows 1 banned IP, the iptables have hundreds rules till there. The log shows "iptables .. returned 100" errors and seems to not retry.
<lordievader> soahccc: It could be a save/restore thing that got iptables and fail2ban out of sync.
<soahccc> lordievader: hmm maybe it had a problem with >19k violators? :D
<lordievader> Ouch, that is a lot.
<soahccc> I just removed the entries manually for now
<synbit> Thanks for your suggestions regarding the proftpd issue. I found this http://www.proftpd.org/docs/faq/linked/faq-ch5.html#AEN478
<synbit> number 5 is a little suspicious... I've not found a built-in solution for this. If I do find one, I'll let you know. If not I'll have to do it with a cronjob unfortunately.
<sdeziel> Hello, I debootstrapped a Xenial VM and installed acpid. Unlike previous versions, acpid(.service) isn't running by default so my VM didn't shutdown when signaled by virsh.
<sdeziel> I've read that ACPI events should be handled by logind but this didn't work in my case because logind requires dbus to start and it wasn't installed (only a recommends on systemd).
<sdeziel> So to make a long story short, what's the recommended way to deal with ACPI on headless servers/VMs?
<rbasak> I thought it was still acpid. AFAIK, that still works on our Xenial cloud images, or is that broken?
<rbasak> I'd start by comparing against what an official cloud image.
<rbasak> what an official cloud image does.
<rbasak> OOI, why are you using debootstrap directly?
<rbasak> Incidentally, debootstrap on Xenial is broken I discovered. I filed a bug in Debian yesterday.
<sdeziel> rbasak: OK, I'll checkout cloud image
<sdeziel> I used debootstrap out of habit but I guess it's time to revisit that choice
<rbasak> Pre-prepared images FTW, IMHO. Saves a ton of time.
<rbasak> debootstrap isn't going away though. We use it to make our pre-prepared images :)
<nacc> rbasak: ping
<rbasak> nacc: o/
<sdeziel> rbasak: thanks
<nacc> rbasak: hey, I've not seen anything yet as to ondrej's proposal; but the few folks that have responded to the LP are clearly those that want to use PHP7. There seem to be functional means to have PHP5 and PHP7 co-installed (even if the packages won't allow it from our repository, as they conflict). But then there's the open support question. Is this the point where I should take it to jgrimm and kirkla
<nacc> nd ?
<rbasak> nacc: I'd certainly like to hear their views now, yes. Shall we arrange a meeting?
<nacc> rbasak: yeah, i pinged kirkland separately, but calendar indicates he might be at a sprint? I can schedule a hangout though ... would today be ok? I don't want to keep you around later than necessary
<jgrimm> nacc, rbasak:  i sent email response on what my thoughts are at the moment.  yes, i'm open to a hangout.
<jgrimm> nacc, is there any new news, new thoughts since we last chatted?
<nacc> jgrimm: only what i've updated the lp bug with
<jgrimm> nacc, link?
<nacc> jgrimm: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1522422
<ubottu> Launchpad bug 1522422 in php5 (Ubuntu) "Update to php 7.0" [Wishlist,Triaged]
<jgrimm> thanks!
<BrianBlaze420> hello beautifuls
<BrianBlaze420> I am using ufw and have set a limit to my ssh connections and it works lovely but I am wondering if it's possible to change the limit... I know it has defaults but can I change them?
<jdstrand> BrianBlaze420: it is not currently a configurable option. you can workaround that by adjusting /lib/ufw/user*.rules if you wanted
<BrianBlaze420> awesome that looks good jdstrand I am guessing the only thing special about it is you have to configure it that way and not with a ufw command
<jdstrand> BrianBlaze420: well, you can use the ufw command then modify it. if you'd prefer something less hacky, add the rules to /etc/ufw/before*rules
<BrianBlaze420> well I already did it the first way and it worked so I am good
<BrianBlaze420> thanks a lot jdstrand
<jdstrand> np
<carlwgeorge> kirkland: Can you post your slides (or video) of your scale talk soon-ish?
<kirkland> carlwgeorge: these?  http://people.canonical.com/~kirkland/SCALE%2014x-%20adapt%20install%20anything.pdf
<kirkland> ;-)
<carlwgeorge> yessir, thank you much
<thebwt> boom
<jgrimm> kirkland, heh.. your slides on 'adapt' are timely.. i was just telling nacc earlier today about the prototyping you'd done earlier in the year on that
<dasjoe> kirkland: very interesting! I have no idea how containers work, what about packages which build kernel modules via DKMS?
<rbasak> dasjoe: those would go on the host I'd expect.
<jancoow> Hi. When will the openssl patch be available?
<dasjoe> rbasak: I thought so, right
<rbasak> I think with the right configuration you _could_ modprobe from inside a container, but I don't see why that would ever be needed.
<trippeh_> how much space does a ubuntu mirror use nowadays? packages/sources only, not isos.
<nacc> rbasak: and sort of violates the principle behind the isolation (as the modprobe in the container could theoretically affect other containers)
<trippeh_> 680GB in 2013, looks like
<teward> trippeh_: you could probably ask #ubuntu-mirrors and get a better answer, but I heard close to a terabyte nowadays
<trippeh_> ok
<jrwren> also depends on platforms & versions.
<sarnold> trippeh_: I did some quick calculations a few weeks ago and figured I'd need ~terabyte, but I'm hoping I'm not too far wrong :)
<trippeh_> all the things! :)
<sarnold> trippeh_: what, you got an s390 in that shed? :)
<trippeh_> nah, I killed all my weirdo archs a decade ago
<trippeh_> used to run auth dns on m68k ;)
<jrwren> at a previous job we were only interested in x86_64 and server at that, so we used reprepo to mirror and we stripped some larger desktop packages out. IIRC it was well under 30GB for trusty, x86_64 with some filters applied
<trippeh_> I'll use ~1TB as the guideline for a full package/source mirror
<trippeh_> a little more, a little less, who cares ;)
<genii> Last I mirrored the repos it was around 35G
<genii> ( not including restricted and partner)
<trippeh_> hey look, a couple of leftover 1TB SSDs. what a coincidence ;)
<sarnold> oo
<teward> trippeh_: i'd suggest maybe 2TB as a safe bet, but it depends on how many releases and such you're pulling in
<teward> genii: that's the ISOs, I thought?  I heard different from -mirrors
#ubuntu-server 2016-01-28
<Pinkamena_D> I installed ubuntu with software raid5 on six identical drives two days ago. It was fine while using it yesterday and rebooting it many times. Today I came in and I get raid error not enough operational devices on md0 (4/6) failed. I feel like this is so unlikely as to be impossible, and all drives are still seen in bios.
<tomreyn> hmm that's indeed a bit weird, Pinkamena_D
<tomreyn> unless you were unlucky and hit a set of bad drives, which happens occasionally.
<tomreyn> check S.M.A.R.T. data, do a long self-test on each of the drives
<tomreyn> also make sure your layering of block devices is compatible to RAID-5
<rbasak> nacc: I was wondering about having two PPAs. A bootstrap PPA, as well as the current one.
<rbasak> nacc: the current one could be set up to depend on the bootstrap PPA, so anything built in the bootstrap PPA can be build-depended on.
<rbasak> nacc: then we might be able to prepare everything in the PPAs, ready to be rebuilt for the archive when we're ready, so then we can defer the decision.
<rbasak> We could even have multiple "levels" of bootstrap PPA if needed.
<rbasak> Just a thought - I've not thought it through fully.
<nacc> rbasak: that seems reasonable. what is the benefit of having a distinct bootstrap PPA? just reducing the noise?
<rbasak> nacc: so that the steps to bootstrap the main archive are laid out rather than lost
<nacc> rbasak: ah that makes sense
<pacmanfan> 26 packages can be updated.
<pacmanfan> 14 updates are security updates.
<pacmanfan> ^^^ the default motd has that. is there a way to display that again without creating having to exit the shell and log in again?
<pacmanfan> i can't find a way to print the default motd again, nor am i aware of an apt-get function that will show it
<tarpman> pacmanfan: /usr/lib/update-notifier/apt-check --human-readable  - in xenial, not sure about older
<tarpman> pacmanfan: for the apt bit specifically. the entire motd should be just in /etc/motd
<pacmanfan> that works, thanks!
<pacmanfan> my /etc/motd is empty, i guess because i haven't added a custom one
<tarpman> oh, sorry
<tarpman> seems to be /run/motd.dynamic
<tarpman> /etc/motd used to be a symlink, I guess not any more
<tarpman> (via "grep -r motd /etc/pam.d")
 * tarpman hasn't looked into this stuff in a while...
<pacmanfan> aha, that explains all the docs i found referencing /etc/motd
<pacmanfan> i'm just like "huh... that must be for custom stuff"
<KaoticEvil> anyone around that can lend a hand installing ubuntu server?
<KaoticEvil> specifically know why it wont see my nVidia RAID array during partition setup?
<PryMar56> kernel cmdline: dmraid
<KaoticEvil> PryMar56: could you elaborate a little bit more?
<KaoticEvil> i.e. where do i enter that?
<KaoticEvil> right before entering the partitoner, it asks if i want to activate the RAID drive, i hit yes, and all i see in the partitoner is the single drive thats not in the array
<PryMar56> what is the boot media?
<PryMar56> USB or ISO? or Hypervisor?
<PryMar56> how do you launch the installer?
<PryMar56> if its a CD, hit F1 and read how to customize the kernel cmdline
<KaoticEvil> PryMar56: USB, metal system, not VM
<KaoticEvil> i added "dmraid=true" to the cmdline, and still no joy :/
<KaoticEvil> or do i not need the
<KaoticEvil> "=true" part?
<PryMar56> to disable it, I add : nodmraid, so I guess:dmraid (is enough)
<KaoticEvil> PryMar56: i will try that, thanks
<PryMar56> KE if the installer sees your nvidia fakeraid, the device names are unique and contain nv084084~ (wild chars)
<PryMar56> nothing like sda1, sda2
<KaoticEvil> right.. i already found that out using PartedMagic
<KaoticEvil> still nothing
<PryMar56> maybe insmod=dm-raid
<PryMar56> the driver is called dm-raid.ko
<KaoticEvil> would i be better off using the installers software RAID?
<PryMar56> KaoticEvil, I make no value judgement about the dmraid. Once you bothered to setup the nvidia bios raid, you owe it to yourself to expt with it and make your mind up
<PryMar56> if you change course and go with software raid, you have to erase the fakeraid meta data first
<KaoticEvil> that would be fine.. no data on there at all
<KaoticEvil> fresh install.. just put the hardware together today
<DexDeadly> hello, having trouble mounting a cifs share
<DexDeadly> sorry samba share from my ubuntu server
<DexDeadly> anyone mounting a samba share using active directory
<DexDeadly> though a nas4free box if possible as well
<DexDeadly> anyone able to assist me
<DexDeadly> nm got it
<rbasak> kickinz1: I'm looking at ntp now.
<rbasak> kickinz1: did you have an MP in LP for it?
<kickinz1> rbasak, not yet.
<rbasak> kickinz1: OK. Also I just realised you can't, since there's no repo to merge into yet.
<rbasak> kickinz1: shall we start as we mean to go on? I can create that now, then you can file an MP for your logical branch. I can review that with the inline comment functions, etc.
<rbasak> kickinz1: and then after that's done, you can file a second MP for the merge itself.
<kickinz1> rbasak, OK
<rbasak> kickinz1: OK, I've created the ~ubuntu-server-dev ntp repo with your import.
<rbasak> kickinz1: please could you submit an MP from https://code.launchpad.net/~kick-d/ubuntu/+source/ntp/+git/ntp/+ref/logical/4.2.6.p5+dfsg-3ubuntu9/+register-merge
<kickinz1> rbasak, yes
<rbasak> kickinz1: to go to the logical branch in the ~ubuntu-server-dev ntp git repo.
<rbasak> Thanks
<kickinz1> Done.
<rbasak> kickinz1: that looks good I think. 2416 lines alarmed me, but I think they're all the CVEs so it looks like what I expected. Thanks!
<kickinz1> rbasak, yes, most are related to CVEs.
<kickinz1> rbasak,  how do we proceed now?
<rbasak> kickinz1: I'll review your merge next.
<rbasak> kickinz1: probably through a second MP is best.
<rbasak> I need to figure out what to push so that you can file one.
<kickinz1> rbasak, maybe push new/debian (4.2.8p4+dfsg-3)?
<mrtAkdeniz> howdy!
<mrtAkdeniz> Guys, Is it a good idea to use different machine for databases?
<mrtAkdeniz> I mean buy 2 dedis, 1 for application server and 1 for database? Will there be any performance lose because of network?
<mrtAkdeniz> These 2 dedis will be on the same IP gap
<nacc> mrtAkdeniz: I think the short answer is 'it depends'
<nacc> how often are you hitting your db, etc. how is your network configured
<nacc> mrtAkdeniz: but there is insufficient information to make any guess
<rbasak> https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1522422
<ubottu> Launchpad bug 1522422 in php5 (Ubuntu) "Update to php 7.0" [Wishlist,Triaged]
<cpaelzer_> rbasak: thanks will refer to that when questions about php 7 come up again
<psyferre> Hey folks.  I've got an x86 ubuntu server that needed an OS update.  I did do-release -update (cleared out old kernels after it complained of low space in /boot), and it finished fine.  On reboot, I get "no such device" errors and no grub menu.  In rescue mode I can see all my data.  /boot is completely empty.  I edited fstab to change the uuid of /boot to /dev/sda1, and /boot looks normal.  Rebooting still yields the same error.
<psyferre> After that reboot, I entered rescue mode again and tried the same thing... nothing in /boot this time. =-/
<psyferre> update-grub complains that /boot/grub doesn't exist.  I just tried remounting /boot from /dev/sda1 and via UUID in fstab.  Neither way shows anything in /boot now.
<psyferre> I *am* using LVM, so I told rescue mode to give me a shell in the root vg.  Is there anything special I need to do to get all partitions mounted?
<psyferre> To clarify - I'm not using recover mode from a grub menu, but via a live cd's "Repair a Broken System"
<pmatulis> psyferre: /boot is in a LVM logical volume?
<psyferre> pmatulis: yes, but not on its own.  It's part of the /root volume
<psyferre> pmatulis: It's been a while since I really got into lvm, so I may not have my head around this the right way.  In Repair a Broken System, I had several options for a shell.  I chose the root lvm, rather than /dev/sda5.  Maybe that's incorrect?
<psyferre> Choosing /dev/sda5 fails to mount.
<pmatulis> psyferre: you need to expose the lvm layer
<psyferre> pmatulis: Ah, now my google searches are yielding something useful.  Okay, so it looks like this is basically exactly what I need to do? http://ubuntuforums.org/showthread.php?t=1347375
<pmatulis> psyferre: that's the idea. it's been a while for me too
<psyferre> pmatulis: awesome.  Thank you very much for your help.  I really appreciate it.
<pmatulis> psyferre: welcome. let us know what happens
<kid4coding> heja
<kid4coding> gents
<bizhan> I have installed ubuntu 15.04 on my system.  I have attached an embedded device to my system through via USB. I need to configure the usb to act as network adapter device. Any idea how this could be done. Many thanks in advance?
<kid4coding> where is the best location of the document folder for an apache web server
<psyferre> pmatulis: Will do.  I also found this tool: http://sourceforge.net/p/boot-repair-cd/home/Home/  Seems promising, and was recommended by howtogeek...
<psyferre> http://www.howtogeek.com/114884/how-to-repair-grub2-when-ubuntu-wont-boot/
<pmatulis> bizhan: normally the kernel either supports the usb network adapter or it doesn't. what do you see with dmesg command after inserting the device?
<sdeziel> psyferre: you mentioned that your /boot was  contained in the root fs yet you are mentioning it has a UUID, this seems contradictory
<psyferre> sdeziel: It's likely that I'm munging terminology.  I have two volumes, root and swap.  Fstab has a line for the root lvm, and a separate one for /boot.  /boot is mounted via its uuid.
<sarnold> bizhan: please note that 15.04 reaches the end of its life in a few days https://wiki.ubuntu.com/Releases
<sarnold> kid4coding: /var/www is popular
<bizhan> pmatulis, I get some errors: [32255.895599] wlan0: no IPv6 routers present
<bizhan> [32451.653564] CFG80211-ERROR) wl_run_escan :  Escan set error (-25)
<sdeziel> psyferre: if /boot has a UUID it means it's a partition (likely your sda1). The PV would then likely be in sda5
<bizhan> sarnold, thanks I will start the update today.
<sdeziel> psyferre: so when you'll run your repair stuff, make sure to work from inside your root LV and have your /dev/sda1 mounted on /boot inside that root FS
<psyferre> sdeziel: Yes, it's definitely sda1.  When I tried to mount /dev/sda1 as /boot it was empty.
<sdeziel> psyferre: OK and if you umount it, is your data inside /boot ?
<sdeziel> psyferre: maybe your sda1 is empty and mounting it shadows what's inside /boot from your root FS
<kid4coding> getns
<kid4coding> If I type #cat /etc/apache2/sites-available/mysite.conf
<kid4coding> the document root is set to /var/www/html/
<psyferre> sdeziel: Here's where I'm at currently: http://pasteboard.co/18xIWl3X.png
<kid4coding> I have created a file .php containing a function to print out the configuration <?php phpversion(); ?>
<kid4coding> I saved the file as info.php. When I go with my browser at http://localhost/info.php
<kid4coding> I still get a black screen
<sdeziel> psyferre: looks good to me. This shows your /boot partition does have a bunch of kernels
<psyferre> sdeziel: everything *seems* to be proceeding logically...  Not sure why /boot was empty before.  It seems fine now... my last attempts were through fstab, then mount -a
<sdeziel> psyferre: maybe it was not mounted before hence was empty?
<psyferre> sdeziel: Must not have been.  I changed lines in fstab, then mount -a, and it was back to normal.  Then rebooted.  After grub failed again, I went back in recovery mode and did mount -a... nothing in /boot.
<psyferre> sdeziel: I must have messed something up in the process.  So, my next step is drop into grub prompt, and do something like # root (hd0,0)  and # setup (hd0), right?
<psyferre> Hmmm... guess not.  "/bin/sh: 7: grub: not found"
<sdeziel> psyferre: have your tried in the chroot you had in your recovery env?
<psyferre> sdeziel: Yes, If I understand you correctly.  After chroot foo I checked /boot.  Then I changed directory back to the root of foo and attempted to run grub
<kid4coding> Is there any command to verify I got these modules installed
<kid4coding> mysql-server libapache2-mod-auth-mysql php5-mysql
<sdeziel> psyferre: yes. You might also need to mount /proc before chrooting. I vaguely recall that some version of grub needs it
<sdeziel> kid4coding: dpkg -l| grep mysql
<sarnold> kid4coding: dpkg -l 'mysql*' | cat
<sarnold> (the pointless | cat  forces dpkg to show the full version numbers)
<psyferre> sdeziel: ah, that makes sense.  Okay, I'll give that a shot too.  Thank you!
<sdeziel> psyferre: you are welcome
<sdeziel> sarnold: thanks for explaining the not so pointless cat :)
<sarnold> sdeziel :)
<kid4coding> sdeziel: it seems that I do not have those modules
<kid4coding> can I only install the modules above with apt
<sdeziel> kid4coding: yes, apt should let you install those packages without problem
<kid4coding> done
<kid4coding> thank you
<kid4coding> Can I leave the loopback address for the binding address of mysql rather than assigning my real IP since it can change?
<kid4coding> I leave 127.0.0.1
<sdeziel> kid4coding: if your PHP app is running on the same machine as your MySQL server, 127.0.0.1 will do just fine
<sarnold> kid4coding: if both the server and client run on the same system, that's probably better -- or there may be a named unix domain socket you could use too
<davidic657> I am sick and tired of Ubuntu security notices hitting my system before some official notice
<davidic657> you guys have you head up your ass or what
<Temper> does the kernel support vlans on multiple virtual interfaces?
<davidic657> you look like idiots
<davidic657> well?
<Temper> i have one firewall for a building that has multihomed businesses in it. The network is segregated by vlans. Now I want to setup a VPN server on the firewall to allow remote access.. and hints?
<sdeziel> davidic657: what would you prefer? Get the notice only to see you cannot actually pull the patched software?
<davidic657> do you guys have your heads in place or not?
<Temper> davidic657: with that kind of attitude who are you expecting a reply from?
<davidic657> I dont care
<davidic657> do not do the updates before notification
<Temper> davidic657: who, exactly, do you think you are?
<davidic657> whats the thing abought the horse leavibnf etc etc
<ikonia> davidic657: what is the actual problem you're upset about
<davidic657> getting updates with no news about them, like a day later
<Temper> turn off auto updates
<davidic657> security?
<Pici> davidic657: turn on apt-listchnges
<Pici> apt-listchanges
<davidic657> justget it together guys and stop giving excuses
<sarnold> davidic657: feel free to subscribe https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-January/date.html
<Pici> davidic657: I still don't understand your question.
<jrwren_> davidic657: please read: http://www.ubuntu.com/about/about-ubuntu/conduct
<davidic657> pici you never will your better of on suse anyway
<ikonia> davidic657: ok - stop
<davidic657> stopped
<ikonia> davidic657: either explain your problem calmly, and we'll be happy to talk/help with it if possible
<ikonia> or drop it
<ikonia> either is fine
<davidic657> I believe I said stopped
<ikonia> ok
<davidic657> or did you miss that typing?
<Temper> that's not stopped it's mutated
<ikonia> Temper: enough
<Pici> Anyway.....
<ikonia> Temper: I've already asked you in #ubuntu to stop with this comments
<davidic657> pici go to suse
<Pici> I'm happy where I am, thanks.
<Temper> ikonia: no you didn't
<ikonia> Temper: ok then "please stop"
<Temper> with? using !commands?
<Temper> sorry to play with the bot
<ikonia> thanks
<Pici> Temper: feel free to /msg ubottu if you want to try out !commands :)
<Temper> supercalifragilisticexpialidocious really does need to be added tho..
<ikonia> Temper: this stuff - we don't need to see it please
<Temper> seriously relax..
<ikonia> I am
<ikonia> please just stop with the silly comments
<davidic657> chilled here
<Temper> ikonia: all work and no play...?
<davidic657> get your act together
<ikonia> davidic657: you too
<ikonia> it's a channel for ubuntu server discussion, please use it for that
<davidic657> Hve its why I am here
<Temper> besides still waiting to see if anyone responds to my request for tips on how to VPN into a vlan environment...
<Temper> maybe #openvpn?
<ikonia> Temper: ok, then please wait for that
<ikonia> I don't know what tips you want
<sarnold> Temper: you know that's way less likely once you fill everyone's scrollback with mindless chatter :)
<ikonia> just selected bridged or routed mode - bang you're done
<Temper> sarnold: stop with your mindless chatter - you are ruining my chances for a response..
<ikonia> Temper: I won't ask you again
<ikonia> Temper: stop with the stupid comments to people
<Temper> ikonia: and how to you select a vlan id based on user?
<ikonia> Temper: you don't
<ikonia> Temper: you'd need to tag the tun or tap device
<ikonia> you'd need multiple tun or taps depending on your routing
<Temper> so each user will need it's own tun/tap interface?
<ikonia> no
<Pici> What are you actually trying to accomplish here?
<ikonia> you're not trying to give each user their own vlan are you ?
<davidic657> lol
<Temper> i run a network with like 10 businesses on it
<davidic657> pici loves suse
<ikonia> ok ?
<Temper> it is segmented by vlans
<ikonia> ok
<Temper> so each user, or company user, will need access to a specific vlan id
<Temper> as to not be able to access other company resources
<ikonia> Temper: so thats not really openvpn's problem if you look at it
<ikonia> you'll vpn to a "holding" area
<ikonia> you then need to route or bridge your traffic through to the other networks
<ikonia> you do that by presenting specific routes per user / group
<davidic657> geez
<sarnold> would it be better to run multiple openvpn concentrators? a different port per company?
<ikonia> then the devices those routes take the user through will tag for you
<Temper> that is the part i am curious on.. how to do it.
<ikonia> or as sarnold have a vpn per network and have them vpn into their specific business unit
<Temper> sarnold: explain
<davidic657> ikonia:  what is your problem?
<ikonia> davidic657: your silly comments that you've been asked to stop
<davidic657> about what?
<ikonia> davidic657: drop it - contribute to the channel, be quiet, or leave
<ikonia> those 3 options are all that matters
<ikonia> Temper: what are these users authing against ?
<davidic657> me knowing pici is a big suse person
<Temper> the whole vpn system is non-existant at this point
<ikonia> Temper: ok - what "would" they auth against
<sarnold> Temper: I'm just curious if it'd be better to run multiple instances of openvpn if the data they handle should be separated from the other users -- then each instance could get its own tun devices or whatever..
<Temper> so whatever is needed will be done
<Temper> i was just going to create users and auth the vpn off the user database
<Temper> pretty sure i have done that before
<ikonia> Temper: what is the user database ?
<ikonia> a database, ldap, a file ?
<Temper> . /etc/passwd?
<ikonia> errr that doesn't seem a good option to manage multiple network entry points
<Temper> yeah i was thinking it would be simpler than it is
<ikonia> it's not
<kid4coding> mysql seems running
<ikonia> I'd suggest taking a step back from the VPN at this point and look how you would manage users on the network with multiple accounts and different network restrictions
<ikonia> Temper: once you have an idea of that the vpn options will be smaller and you'll be able to narrow it down to 1 or 2 realistic options
<Temper> i wonder if it would work just to put each company on a different 10.10.x.x network segment and then just put the server on all vlans and use "network security"
<ikonia> that wouldn't auth users
<Temper> i have seen it doen that the ip address range is based on the user
<kid4coding> I still have problems with PHP to be executed from Apache
<Temper> so i could maybe modify that example
<kid4coding> I got a blank screen
<ikonia> that won't auth users though
<ikonia> no
<ikonia> kid4coding: error in your php
<kid4coding> I was just printing the output of phpversion();
<ikonia> still an error
<Temper> kid4coding: i hate to break it to you but this isn't really a programming channel
<kid4coding> ikonia: how can I access httpd.conf on ubuntu
<ikonia> if you're getting a white screen
<ikonia> kid4coding: in a text editor
<Temper> kid4coding: nano httpd.conf
<kid4coding> Temper: it does not exist on ubuntu
<Temper> or should i have sent him to vim :)
<Temper> kid4coding: try #php
<Pici> kid4coding: Did you enable mod_php?
<Temper> Pici: must have or he'd be getting php code
<Pici> Temper: This is on-topic for this channel as long as hes just trying to get php enabled.
<kid4coding> Temper: I am installing LAMP
<Pici> kid4coding: how?
<sarnold> kid4coding: it's apache2.conf on ubuntu
<kid4coding> sarnold: I am following this https://help.ubuntu.com/community/ApacheMySQLPHP
<kid4coding> sarnold: under /etc/apache2/ I do not have httpd.conf
<kid4coding> Is it normally located on a different path?
<sarnold> E486: Pattern not found: httpd
<sarnold> kid4coding: (a) I'd be skeptical of that wiki page, it starts out discussing a release of ubuntu from six years ago. not a great start.
<sarnold> kid4coding: (b) I don't see httpd.conf mentioned on that page, not sure where you found that, but it feels like a rhel or centos guide instead :)
<sdeziel> kid4coding:  this https://help.ubuntu.com/14.04/serverguide/lamp-applications.html might be a better starting point
<Temper> yeah i wasn't excited to open that link either..
<cmh-fn> kid4coding - this might be a good one too https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-14-04
<ikonia> that guide works in concept
<ikonia> and it is for ubuntu
<sarnold> kid4coding: check out the a2enmod and similar manpages
<Temper> still if he is getting a blank page and not php code something is somewhat configured
<Temper> now you need to check the log files
<kid4coding> I want to open httpd.conf to define the association with .php for apache
<ikonia> it is doing that
<ikonia> as you're getting a blank page
<ikonia> if it wasn't associated you'd get the page displayed as text
<sarnold> kid4coding: probably it's something like a2enmod php5 or something.
<ikonia> it should already be enabled
<sarnold> *nod*
<ikonia> as if it wasn't the php would be displayed as text
<ikonia> it's a code error
<ikonia> as PHP won't display errors by default
<Temper> ikonia: i am not the only one trying to do this... https://forums.openvpn.net/topic9600.html no there are no answers forthcoming yet
<kid4coding> it says that PHP5 is already enabled
<ikonia> Temper: re-read what I said
<ikonia> there are ways to do it, but you are missing too much the basics of management to be able to do it
<kid4coding> ikonia: to me?
<ikonia> kid4coding: no, temper
<ikonia> kid4coding: your problem is your PHP is wrong
<ikonia> I'm reasonably confident of that
<kid4coding> php -v works fine from bash
<Temper> kid4coding: create this test.php file <? echo "test"; ?>
<Temper> i think that should work.. hehe been a while since php
<Temper> then access http://ip/test.php
<ikonia> kid4coding: that is not apache rending your php
<ikonia> kid4coding: that is nothing to do with it
<Temper> kid4coding: php is the preprocessor but there is a lot going on under the hood to map that to and from apache.
<Temper> i am fairly confident you have the hooks setup to send the .php file to the preprocessor but that doesn't mean it is configured correctly. if you didn't you would get the .php as a text file in the browser.
<ikonia> we've already covered that
<Temper> but ikonia is right most likely your php is malformed... well actually - wouldn't php parse back an error?
<ikonia> no
<sarnold> ikonia: it's still nice to spell out debugging steps..
<ikonia> you just get the white screen unless you turn on debugging
<ikonia> but as you are at a level where you can't edit a text file - that seems to be a bit of a pointless process to walk through
<Temper> maybe we should just tell him how to do that?
<Temper> ikonia: I am confused by what you mean here: " I'd suggest taking a step back from the VPN at this point and look how you would manage users on the network with multiple accounts and different network restrictions"
<ikonia> Temper: you have a network, with multiple vlans on it, and users that will need access to different ones, how will you controll auth on those networks - you can't have every user on every box in the password file
<Temper> those are different levels. the vpn is just on the network level.. each business - once on thier network segment - is a completely different system
<Temper> like some use mac and other use windows..
<ikonia> right, but you need a way to auth them for the vpn and control their restrictions
<Temper> yeah.. so at most i need to be able to support like 200 users
<kid4coding> definitely, many things have changed
<Temper> i can't just use the linux user?
<ikonia> you can, but is that really how you want to manage 200 users for complex auth and group privileges ?
<Temper> i mean i can setup radius if you think it would be better
<kid4coding> Gents, do you work as sys admin on Linux?
<ikonia> Temper: your other option is to make an exposed entry point for each network vlan and put an openvpn entry point on each one
<Temper> no group privledges.. just user1 -> vlan 1
<ikonia> then just manage a password file per openvpn box for only the users allowed on that network
<ikonia> you could do it with 1 box and virtual hosts
<Temper> the whole network is on 1 box and vms
<Temper> well except the mac os stuff -
<ikonia> right, but it's VM's so you could do it on one "vm" then
<Temper> i only have one outbound ip address..
<ikonia> thats ok
<Temper> i guess i could put each business on a different port..
<ikonia> that works
<ikonia> or reverse proxy it to the internal IP's
<Temper> but i really want to just have 1 file for the open vpn client config and then map it by username/password
<ikonia> you could do that with one password file and multiple vpn instances authing off it
<ikonia> you would just need to make sure there was a difference in groups for the users
<ikonia> so you could stop openvpn1 authing users for people in the group for openvpn2
<Temper> i have never ran multiple instances of ovpn on 1 box..
<ikonia> you can do it from 1 binary set, so if you update 1 vpn's binaries/libraries you update them all
<ikonia> it's just launching multiple instances
<Temper> so you just have startupscript that essentially run openvpnserver /etc/openvpn/vpn1.conf - etc
<ikonia> pretty much
<sdeziel> Temper: the openvpn init script makes it really easy to interact with each individual VPN
<sdeziel> Temper: /etc/init.d/openvpn restart foo
<Temper> foo being the instance?
<sdeziel> this would look for /etc/openvpn/foo.conf
<sdeziel> yes
<ikonia> sdeziel: does it support something like an include.d so you can put multple configs in there and it loops through them ?
<sdeziel> ikonia: if you call /etc/init.d/openvpn restart, all of them will be stopped. The one that will start are those set to AUTOSTART in /etc/default/openvpn
<Temper> so then create a virtual network (eth0:0) for each vpn instance? then map each virt net to a vlan?
<sdeziel> ikonia: but yeah, you can drop multiple .conf under /etc/openvpn/
<ikonia> sdeziel: so you just define multiple instance in the one config, or specify multiple config files, either works
<sdeziel> ikonia: each instance has to be in a single conf file
<ikonia> ok, so it has to be multiple config files
<ikonia> still easy to manage
<sdeziel> yup, one config per openvpn process
<Temper> yeah i could just copy 1 config to another and edit the changes..
<sdeziel> Temper: if you have a limited amount of users, you could put your per-user config in "ccd" files
<sdeziel> man openvpn for the gory details
<ikonia> thats an interesting idea, although that would make user managment more complex
<Temper> sdeziel: haha no thanks!
<sdeziel> this way you could pin each user to a static IP that you control. This would in turn allow you to restrict the access with the firewall
<sdeziel> ikonia: indeed, no free lunch ;)
<Temper> maybe it would be easier just to make a small vm per company and then just port forward from the firewall to the correct vm?
<sdeziel> radius is supported by a plugin IIRC
<sdeziel> Temper: that sounds like the best way
<Temper> will that work with a vpn connection.. can i use ip tables to take incomming port say 3333 -> 10.10.1.50:[whatever the vpn port it by default]
<Temper> then 3334 -> 10.10.1.51:[same port]
<sdeziel> Temper: yes, will work without problem. Default port is UDP/1194
<Temper> i bet i could even use the openvpn appliance...?
<Temper> they'd be limited to 2 concurrent connections per company unless they bought a license.. and they could manage thier own users
<Temper> nm that autoconfigure stuff on the openvpn appliance will never work.
<ikonia> no, thats openvpn-as
<ikonia> if you get openvpn it's totally free
<Temper> that's what i mean..
<Temper> i would prefere to use openvpn-as if possible
<ikonia> then buy a license
<ikonia> it's quite cost effective
<Temper> you get 2 concurrent connections for free
<sdeziel> the as version was pretty kickass last I checked
<ikonia> it still is
<Temper> but it would never be able to autoconfigure witht he firewall changing the ports..
<sdeziel> IIRC it was installable as a deb
<ikonia> it is still
<Temper> yeah it is pretty easy to get going.
<nacc> rbasak: what's the normal process for requesting a new package for debian? or a new version of something from upstream? file a debian bug?
<kid4coding> I apologize if I bother with this story.
<kid4coding> I re-checked a few steps from the wiki to install everything, but I cannot get it sorted.
<genii> nacc: Yes, with bug description of something like "wishlist"
<nacc> genii: thanks!
<kid4coding> Module php5 already enabled
<kid4coding> apache2 is running
<kid4coding> doc root is set to /var/www/html
<kid4coding> I placed a file under that folder to check the configuration
<kid4coding> but I still get  a blank page....
<kid4coding> what else could I check since apache2 is actually running
<sarnold> error logs?
<kid4coding> sarnold: I am not seeing anything wrong in there
<nacc> kid4coding: can you verify that a static HTML page is hosted properly?
<kid4coding> sure
<nacc> kid4coding: that way we can isolate it to php, presumably
<kid4coding> localhost works fine. I can try to make a change to it
<ikonia> kid4coding: your php is wrong
<ikonia> if you are getting a blank page, there is an error in the php it's parsing
<ikonia> I told you to look at this an hour ago
<nacc> ikonia: ah sorry, i didn't go look at the backlog
<ikonia> nacc: not your problem,
<ikonia> nacc: I just don't understand why, it's still continuing without resolving that core base problme
<ikonia> problem
<nacc> ikonia: fair enough :)
<kid4coding> ikonia: sorry
<kid4coding> nacc: the static page works fine
<ikonia> static page is not php
<kid4coding> the php5.conf  under /etc/apache2/mods-enabled
<kid4coding> shows the following:
<kid4coding> SetHandler application/x-httpd-php-source
<ikonia> we've been over this
<ikonia> we know it's parsing php or you'd get text
<ikonia> there is a problem with your php
<kid4coding> a2enmod php5 Module php5 already enabled
<ikonia> we know this
<ikonia> we went over this an hour ago
<kid4coding> ikonia: what else I could check. I went over the basic.
<ikonia> your php is wrong
<kid4coding> ikonia: apart installing the related packets, that's the configuration I personally made
<ikonia> what are you talking about
<kid4coding> ikonia: if I type from the bash #php -v it actually works
<ikonia> again - I've told you 3 times that is not the same as the web server
<nacc> kid4coding: can you pastebin the php file you are trying to load?
<ikonia> kid4coding: is there a reason you have ignored everything you've been told and keep repeating the same thing over and over
<ikonia> your php is wrong
<ikonia> haveyou looked at the error log of your webserver
<ikonia> to see what it outputs when it tries to parse the page ?
<cryptodan> php.ini could have short tags disabled and some scripts written in php use the short tag <? ?> instead of <php? ?>
<kid4coding> <?php phpversion(); ?>
<kid4coding> that's all I wrote
<kid4coding> I am trying to see what php.ini is actually loading
<kid4coding> that's the error.log
<kid4coding> http://pastebin.com/cUDfaR78
<ikonia> kid4coding: change it to phpinfo()
<ikonia> phpinfo();
<cryptodan> yup ikonia got it
<ikonia> kid4coding: does that work ?
<kid4coding> ikonia: yes
<kid4coding> it works like champ
<kid4coding> thank you to all for the kindness
<ikonia> ok - so we've wasted well over and hour while you refused to accept the php was wrong
<ikonia> next time please, just listen to what's been said and work with people
<kid4coding> ikonia: I feel like you have been right under my should this way.
<kid4coding> ikonia: sorry mate.
<ikonia> it's not a big deal,
<ikonia> but please, in future, try to take in what people are telling you to help, rather than focus on what you think the problem is
<kid4coding> ikonia: let's recap
<kid4coding> ikonia: you think you right
<kid4coding> kid4coding: on the other side of the net, there's a noob that does not use a single command on linux
<kid4coding> ikonia: listens to you, and try to figures out what's wrong
<ikonia> you didn't listen to me
<ikonia> you did everything but what I told you to do
<ikonia> and ignored what I told you what th eproblem was
<kid4coding> ikonia: when did I ignore what you said?
<ikonia> what is the point of asking for help to ignore it and just keep repeating the problem over and over
<ikonia> kid4coding: the fact that I told you over an hour in detail we knew PHP was setup right, and your problem was with the PHP code
<ikonia> yet an hour later you're still trying to check if php is setup right
<ikonia> you've ignored the code
<ikonia> and you're testing on the command line despite me telling you that had no relevence to the web server
<ikonia> so basically you had this fixed and explained to you over an hour ago, you ignored it and continued to just repeat the same thing over and over
<kid4coding> ikonia: I think we all got the point of what you want to say
<ikonia> clearly not as you asked when did I ignore what you said
<ikonia> so I had to explain it
<kid4coding> ikonia: it's definitely clear now
<kid4coding> ikonia: thanks
<ikonia> super
<ikonia> hope it goes better next time
<kid4coding> ikonia: definitely
<kid4coding> do you recommend any book for learning apache for a production network?
<ikonia> no
<ikonia> if you're going to run this on a production network - you need to know what you are doing, not reading a book
<kid4coding> lol
<kid4coding> ikonia: I understand what you mean.
<cryptodan> Might want to consider going to school and taking a class on System Administration and Web Development
<kid4coding> cryptodan: a class at evening will take me ages
<kid4coding> cryptodan: do you recommend any online class?
<ikonia> you can't short cut experience
<cryptodan> Prefer Hands on in Class training for System Administration and Web Dev
<kid4coding> ikonia: I am talking about how often the lessons are offered.
<kid4coding> cryptodan: I understand your point.
<ikonia> you need time inbetween to absorb and practice
<cryptodan> and in class discussion with other students and the instructor
<cryptodan> If you do it online you may go to sources for help and get the wrong info
<kid4coding> https://linuxacademy.com/
<kid4coding> See you soon
<kid4coding> Thanks again for teaching me
<profall> Hey, uwf is not enabled but I cannot connect to a MySQL remotely (output) on port 3306. (the mysql is not on the ubuntu machine!!!)
<profall> telnet times out as well so I know its a network connectivity issue, any ideas.
<sarnold> profall: timeout suggests that a firewall is DROPping packets rather than REJECTing them
<sarnold> profall: investigate the target machine and all routers between the two systems
<profall> The target machine is working fine on other non Ubuntu based machines.
<bekks> By default, mysqld listens on 127.0.0.1 only.
<profall> My CentOS server can connect to it just fine
<sarnold> bekks: if that were it, telnet ought to get "connection refused"
<profall> Any ideas?
<profall> What default firewall stuff is enabled on ubuntu 14.04?
<sarnold> profall: none; iptables -L ... ought to confirm if you've got something else loaded or not
#ubuntu-server 2016-01-29
<caliculk> I have a ubuntu-server platform that is trying to install grub-pc, but is running into errors. I am running sudo apt-get update && sudo apt-get uprade and when it gets to grub this happens: http://pastebin.ubuntu.com/14693307/
<caliculk> Then it tells me that grub failed to install, do I want to continue.
<pcn> Is this the right place to ask about the aws us-west-2 apt servers being dodgy?
<henkjan> pcn: are those official ubuntu mirrors, maintained by canonical?
<pcn> I believe so
<henkjan> pcn: try #ubuntu-mirrors
<pcn> us-west-2.ec2.archive.ubuntu.com for e.g.
<pcn> OK, thanks
<jamespage> cpaelzer_, hey - I'm pushing a snapshot of ovs 2.5.0 into xenial today
<cpaelzer_> jamespage: thanks
<jamespage> cpaelzer_, just test building and will then upload.
<jamespage> cpaelzer_, your request for that vhost-user patch to go into 2.5 appears to have happened
<cpaelzer_> jamespage: yes just a few hours after your cherry pick it got to 2.5 as well
<cpaelzer_> jamespage: if the current discussion about OVS-DPDK configuration makes it into master, but no more into 2.5 do you tihnk we might be able to cherry pick those as well later in the cycle ?
<jamespage> hmm
<jamespage> maybe
<jamespage> smoser, utlemming: hello - have there been any changes to the xenial cloud-images to disable mountdevsubfs ?
<jamespage> its showing as masked on the one I'm using which is making it hard to upgrade lvm2
<rbasak> nacc: for a new upstream version in an existing Debian package? File a Debian bug against that package.
<rbasak> (if there isn't one already)
<smoser> jamespage, not that i'm aware of. in xenial ? or trusty.
<smoser> but utlemming is a better person to ask for sure.
<jamespage> smoser, utlemming: there was an init-system-helpers break
<smoser> xenial?
<jamespage> which is fixed, but the upgrade order post boot means that we hit the bug still
<jamespage> smoser, yah
<smoser> bug ?
<jamespage> smoser, that was a pitti comment in -devel
<jamespage> smoser, fixed in 1.26ubuntu2
<rbasak> rharper: I would remove verification-done from bug 1511735 just in case it accidentally lands before the NM fix
<ubottu> bug 1511735 in libnl3 (Debian) "libnl: fail to bind() netlink sockets" [Unknown,New] https://launchpad.net/bugs/1511735
<rharper> ok
<rharper> rbasak: ok; tested a fix, updated bug 1511735 with the details and also filed a new bug for the patches against NM bug 1539634
<ubottu> bug 1511735 in libnl3 (Debian) "libnl: fail to bind() netlink sockets" [Unknown,New] https://launchpad.net/bugs/1511735
<ubottu> bug 1539634 in network-manager (Ubuntu) "network-manager crashes when using libnl-3-200-3.21.1-1ubuntu1" [Undecided,New] https://launchpad.net/bugs/1539634
<rbasak> rharper: thanks, I added a Trusty task to that new bug. Please could you set the status for the dev release appropriately? Is it known to be Fix Released?
<rbasak> rharper: the debdiff looks good, but we'll need SRU paperwork. Might have to deviate from the template a little bit because of the nature of this, but right now the SRU team will probably just think the paperwork's missing.
<rbasak> rharper: please add dep3 headers to the patches
<on247> hi
<on247> sftp root login without password fails on my EC2 instance
<on247> but login with regular user just works
<on247> i get weird errors like packet length too large or unexpected EOF
<genii> That's a Good Thing
<on247> anyone any ideas of what is the issue
<genii> ( that root login is disabled)
<on247> A good thing ?
<on247> But it isnt
<on247> Password-less root login is enabled
<on247> trying to login with key
<on247> i have set PermitRootLogin to without-password
<on247> so should work
<on247> right ?
<rharper> rbasak: thanks;  I'll confirm that Xenail has newer libnl and newer networkmanager, if so then it's FIxed Released;
<rharper> I'll fix up the dep3 heads and SRU info as well;
<swat30> hallyn, poke re: https://bugs.launchpad.net/bugs/1536331. any luck reproducing?
<ubottu> Launchpad bug 1536331 in qemu (Ubuntu) "Precise to Trusty live migration failing" [Undecided,New]
<nacc> rbasak: right, thanks -- i was hoping it wouldn't be necessary but it seems like php7 support for at least one package requires pulling down a new upstream, which also requires a new debian package (for a new dependency)
<rbasak> nacc: OK. We have a process for that if it's required, and so do Debian.
<nacc> rbasak: ok cool
<nacc> rbasak: do you have a brief guide how I might write a one-off package for testing purposes in our PPA until we get an "official" version, of an entirely new package?
<B0bsF1sh> How can I install a NetFlow collector and visualizer/analyzer in Ubuntu 14.04.3 LTS? I'm trying to get my OpenWRT router to capture and send using softflowd and now I need to be able to view it. Is softflowd the right thing to run on the router? What do I run on my Ubuntu box?
<hallyn> swat30: yeah, i can reproduce, lemme update the bug.  i se enothing in the debdiff for qmeu to explain it
<caribou> beisner: just commented about LP: #1539546
<ubottu> Launchpad bug 1539546 in lvm2 (Ubuntu) "Service mountdevsubfs has to be enabled to start service lvm2" [Undecided,New] https://launchpad.net/bugs/1539546
<caribou> beisner: here is the transcript of pitti's comments : http://pastebin.ubuntu.com/14696394/
<rbasak> nacc: that is the nature of the package? Is it PECL or something else?
<rbasak> nacc: version 3 quilt + debhelper with the dh sequencer is the easiest minimal thing
<gchristensen> Hi, I've installed an older kernel. Is there a way to determine using a command what I need to set GRUB_DEFAULT to in /etc/grub/default, in order to boot it by default? I'm trying to do this via automation.
<gchristensen> actually, let me rephrase: I've installed an older kernel, and on reboot it still boots to the newer one. I'd like for it to instead boot the older kernel. What is the best way to implement that?
<nacc> rbasak: it's https://github.com/Ocramius/PackageVersions which is now a dependency of php-proxy-manager 2.0.0 (which is the version that is actaully being supported, it seems like)
<hallyn> swat30: hm, this is curious - the patch in trusty seems to add an errant alias of pc-1.0 to pc-1.0-qemu-kvm, lemme rebuild locally without that and see if that fixes it
<swat30> hallyn, I was actually just about to mention that in the bug
<swat30> I noticed it while trying to get it to work
<hallyn> i'm a little incredulous as that should have caused the SRU verificaation to fail originally;  but it's definately suspicious
<swat30> I had a hard time getting it to work w/o it, but I'm not much of a C dev
<adam_g> anyone know why uvtool would be bombing out on me? http://paste.ubuntu.com/14698264/
<adam_g> smoser, rbasak ^
<adam_g> ooh, probably because i deleted the libvirt storage pool
<teward> I think "Manual Package Selection" is broken in the Xenial ISOs...
<teward> tested with the 20160129 daily
<raju> Hello
<raju> I have sent a mail about I would like to start contributing to Ubuntu Server.
<raju> But I need guidance. could somebody tell me what is the process for getting or assigning to a mentor. Thank you.
<raju> By the way I have experience with BASH , Python and C programming language . A little above to beginner but below to intermediate.
<tarpman> raju: generally: pick a bug, start working on it. if you run into trouble, search google, ask questions if you can't find the answers on google
<tarpman> raju: the process for getting a mentor is: type your question into google ;)
<raju> tarpman: Thank you.
<raju> I will do that way.
#ubuntu-server 2016-01-30
<tgm4883> Anyone looking for a Systems Engineer position around Lake Oswego? http://www.hirebridge.com/v3/Jobs/JobDetails.aspx?cid=7158&jid=361638&m=0  (Don't mind that it says georgia, we've got a LKO office)
<tgm4883> bah
<tgm4883> this is the completely wrong channel :/
<sarnold> which lake oswego? :) heh
<tgm4883> This was supposed to be in the Ubuntu Oregon channel
 * tgm4883 falls on his sword
<patdk-lap> don't abuse the sword like that
<arooni_______> how do i get tmux 2.1 on ubuntu 14.04 ?  it exists here: http://packages.ubuntu.com/xenial/tmux but not sure how to get it on ubuntu 14.04 ?
<tarpman> arooni_______: http://manpages.ubuntu.com/manpages/trusty/man1/backportpackage.1.html
<sarnold> tarpman: coooool
<sarnold> that saves about a thousand messages :)
 * tarpman wonders if ubottu would let him add a factoid...
<tarpman> sarnold: which part is new to you, backportpackage or manpages.ubuntu.com? just out of curiosity :)
<sarnold> tarpman: backportpackage
<arooni_______> tarpman, i found the dsc at https://launchpadlibrarian.net/224976217/tmux_2.1-2.dsc ... but i'm not really sure how i get tmux 2.1 on my system
<tarpman> arooni_______: please read the above link and then ask a more specific question
<arooni_______> i did read that page; i still cant figure out the command
<tarpman> arooni_______: I don't have time to give you the step-by-step, sorry... as sarnold said, it would be a thousand messages
<sarnold> arooni_______: "pull-lp-source tmux xenial" would grab all files needed for the source
<tarpman> backportpackage has grabbing built in ;)
<sarnold> it does??? clearly I skimmed too quickly :)
<tarpman> backportpackage -s xenial -d trusty -u ppa:rtandy/somepackage-backports somepackage is usually all I need
<arooni_______> this is as far as i've gotten: backportpackage --dont-sign -s xenial -d trusty . https://launchpadlibrarian.net/224976217/tmux_2.1-2.dsc
<tarpman> arooni_______: so that will have made a backported source for you, and dumped it somewhere - I forget where - now you have to build it. either sign it and upload it to a ppa, or build it in a local pbuilder or sbuild
<arooni_______> i have to do all this just to get a working version of tmux huh
<arooni_______> its still not dropping the source anyway; its complaining "backportpackage: error: You must specify a single source package or a .dsc URL/path.
<arooni_______> "
<arooni_______> aah ha!  there is already a 2.1 version built on this ppa
<arooni_______> https://launchpad.net/~pi-rho/+archive/ubuntu/dev
<sarnold> arooni_______: what's wrong with trusty's tmux?
<arooni_______> sarnold, i like to run the same version of tmux/fish/and other utilities across my environments .. (i use os x in addition to ubuntu)
<sarnold> tarpman: man, thats cool. 48 seconds later I've got the built tmux package. :)
<tarpman> :D
<arooni_______> sarnold, what did you use for the URL/dsc?
<sarnold> arooni_______: "backportpackage tmux -b -B sbuild -w work"
<sarnold> it defaults to grabbing from current dev, defaults to building for the current target
<arooni_______> ah so i had the command all wrong
<arooni_______> i wish that man pages had more examples
<tarpman> I'm sure the ubuntu-dev-tools maintainers would happily accept contributions :)
<B0bsF1sh> With netflow collecting, what moves the flow files from the collection directory /dev/shm/ into the capture directory /opt/netflow/capture/ ? I'm getting data collected in the former but not captured in the latter, but I don't know what to check for troubleshooting.
<B0bsF1sh> I followed the instructions here: http://wvnetflow.sourceforge.net/INSTALL.ubuntu
<patdk-lap> why aren't you asking #wvnetflow
<patdk-lap> that isn't even a package offered at any level by ubuntu
<arooni-mobile> how can i stop my ssh agent from always offering my ~/.ssh/id_rsa key even when in my ssh config i specify for a given hostname; to use a different ssh key ?  https://gist.github.com/arooni/55731accce5fea4a4eb1  ?
<patdk-lap> -i
<arooni-mobile> fixed it
<B0bsF1sh> patdk-lap: There's a #wvnetflow?  wow, ok thanks. --->
<B0bsF1sh> Except there isn't. I thought I could get some general linux help from people that may have used netflow
<Voyage> I might be sllightly off topic but can anyone help? http://pastie.org/10701958#12-13
<yeats> Voyage: looks to be the same issue as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808466
<ubottu> Debian bug 808466 in redmine "update error at configure" [Grave,Open]
#ubuntu-server 2016-01-31
<LostSoul_> Hi
<LostSoul_> I'm getting in exim4:
<LostSoul_> gitlab@my.domain Unrouteable address
<LostSoul_> Any ideas?
<iGeni> whe i make 1 of my servers sync with ntp  can i let all my other server sync to that internal server?
<iGeni> instead of putting them all open
<arcsky> hi guys i have problem with openvpn. it doesnt start when i do /etc/ini.t/openvpn start
<pmatulis> arcsky: what ubuntu release are you using? openvpn may be using upstart, not sysvinit. try 'sudo service openvpn start' ?
<TheEagerPadawan> hi, i've set up a nginx web server on my desktop and a apache virtually (virtualbox) in bridged mode. Both systems can ping each other. However when i try to wget a file on the virtualserver that is hosted by the nginx on the desktop it doesn't work, sadly enough
<pmatulis> TheEagerPadawan: elaborate on 'doesn't work'
<pmatulis> i.e. is it a web server error or a network error?
<TheEagerPadawan> pmatulis: when i try to wget it doesn't start the download
<pmatulis> TheEagerPadawan: check the web server logs to see if the request is detected
<pmatulis> TheEagerPadawan: if detected, see if the logs can illuminate what the problem is
<TheEagerPadawan> pmatulis: logs don't seem to say anything regarded to the download i'm trying to do
<pmatulis> TheEagerPadawan: if not detected, forget the application layer, and go to the network layer. see if you get a response on port 80 (assuming using port 80)
<pmatulis> nc -vz <ip address> 80
<pmatulis> if no response, see if the desktop is listening on the port
<TheEagerPadawan> pmatulis: got ya, thanks seems like the virtual can't reach desktop on port 80
<pmatulis> then on desktop:
<pmatulis> sudo lsof -i4tcp:80 -n -P
<pmatulis> should get similar to:
<pmatulis> nginx   993 www-data    6u  IPv4   9021      0t0  TCP *:80 (LISTEN)
<TheEagerPadawan> nope
<pmatulis> TheEagerPadawan: then nginx is not running
<pmatulis> sudo service nginx start
<TheEagerPadawan> pmatulis: what if i told you it is running
<JanC> not configured correctly
<JanC> ?
<pmatulis> TheEagerPadawan: yeah, so something is just wrong with nginx
<TheEagerPadawan> seems like that the lsof only pops up when i'm actually browsing to such said website on the desktop
<TheEagerPadawan> by using the private ip
<pmatulis> TheEagerPadawan: using inted/xinetd ?
<TheEagerPadawan> pmatulis: http://www.tiikoni.com/tis/view/?id=3367282
<pmatulis> *inetd
<TheEagerPadawan> no, on both cases
<pmatulis> TheEagerPadawan: does the wget command work from the desktop?
<TheEagerPadawan> let me see
<pmatulis> using 192.168.0.107
<TheEagerPadawan> that would be 192.168.0.107 wgetting from 192.168.0.135
<TheEagerPadawan> yes that works
<TheEagerPadawan> it just the virtual that doesn't seem to get access to port 80 on the desktop
<pmatulis> well, it sounds like a configuration problem
<TheEagerPadawan> welp i atleast i know who to hit over the head tomorrow ;)
#ubuntu-server 2017-01-23
<patsToms> is there any way to find source for kernel which ubuntu was built?
<cpaelzer> patsToms: http://askubuntu.com/questions/2964/where-can-i-find-the-source-code-for-the-ubuntu-kernel ?
<cpaelzer> patsToms: if you just want source the third answer is probably your best which leads you to git repos at https://wiki.ubuntu.com/Kernel/Dev/KernelGitGuide
<patsToms> thanks
<samba35> i am trying to configure dpdk 1st time on ubuntu 16.04.1 ,and i am getting this error/message when i run systemctl status dpdk
<samba35> WARNING: incomplete spec in /etc/dpdk/interfaces  - BUS '' ID '' MOD ''
<cpaelzer> samba35: can you pastebin the interface file you use?
<Hink> Does anyone know if there is a way to jail an executable and it's processes to be totally isolated within the system?
<samba35> interface file from /etc/dpdk/interface ?
<cpaelzer> yes samba35
<samba35> thanks god you are here
<samba35> its just one line   pci  (mac-id-of-nic )  uio_pci_generic
<samba35> am i missing something i follow intel dpdk guide
<samba35> and some setting from /etc/default/openvswitch-switch
<cpaelzer> samba35: https://help.ubuntu.com/lts/serverguide/DPDK.html#dpdk-config-dev
<samba35> DPDK_OPTS='--dpdk -c 0x3 -n 2'
<samba35> ok thanks
<cpaelzer> the opts lack the permission fixes you likely need and also you lack to specify memory (might grab all but that is rearely what you want)
<cpaelzer> for the interfaces I wonder about the error if that is really all you have in there
<cpaelzer> this message is only reported if it can't split it up to three pieces
<cpaelzer> even "foo bar foobar" should fail later
<samba35> can i use pci based device or do i require pci express cards ? and do i require vfio (vt-d ) ? to run basic dpdk
<cpaelzer> you need a dpdk supported card - I doubt these days anybody has still old "only pci" cards
<cpaelzer> suppoerted devices are also listed on the link I listed above
<cpaelzer> including links to their device page in the dpdk doc
<cpaelzer> which sometimes have constraints, special setup needs, firmware loads, ....
<samba35> Network devices using DPDK-compatible driver is showing correct nic
<cpaelzer> no vt-d needed
<cpaelzer> if you really could just "pastebinit /etf/dpdk/interfaces" and list the link here
<cpaelzer> I'd want to take a look
<cpaelzer> samba35: and once your are add it also a status of dpdk devs
<samba35> honestly speaking
<samba35> there is only one line ,i am sorry  pci  0000:0mac    uio_pci_generic
<samba35> '82566DC-2 Gigabit Network Connection' drv=uio_pci_generic unused=e1000e
<samba35> this is a card
<samba35> system is use ich10
<cpaelzer> hrm
<cpaelzer> maybe you have an empty line in it?
<cpaelzer> so two things
<cpaelzer> one - your card already seems to be assigned properly
<cpaelzer> second - that error that you mentioned - it comes out for every lind where it can't find values for the defines
<cpaelzer> grep -v '^[ \t]*#' "$DPDK_INTERF" | while read BUS ID MOD; do
<cpaelzer> if any of BUS ID or MOD is empty you see the error you mentioned
<cpaelzer> samba35: yet since your card is assigned "drv=uio_pci_generic" I wonder if you might just have an empty line in the config
<cpaelzer> if you do systemctl status dpdk does the output hold anything about either assigning or the card already be assigned?
<samba35> dpdk_proc_info  when i run this command it show old card ,initally i try to configure this card but it did not work then i use other card
<samba35>  Reassigning pci:0000:0mac to uio_pci_generic
<samba35> Jan 23 14:49:48 ubuntu16 dpdk-init[1746]: WARNING: incomplete spec in /etc/dpdk/interfaces  - BUS '' ID '' MOD '
<cpaelzer> well, I wonder about "0000:0mac", but other than that it seems to follow your config
<cpaelzer> and I still expect you have an empty line after the config
<cpaelzer> that would match the grep but not split into three valid arguments, which would cause your error message
<zul> coreycb: i fixed glance this morning
<coreycb> zul, ok thanks. what was wrong?
<zul> coreycb: glance-store was not installing its configuration files correctly so glance was not getting installed correctly
<coreycb> zul, ok
<zul> coreycb: the rootwrap.conf file was being installed into /etc/glance/glance
<jamespage> zul, coreycb: dealing with webob and a nova fixup for ocata-proposed today
<jamespage> then I think we're all good
<coreycb> jamespage, ok.  did webob need a delta on the sync debian?
<jamespage> nope
<coreycb> sync from
<patsToms> is there any way I can use private key to connect to ssh?
<hateball> !ssh | patsToms
<ubottu> patsToms: SSH is the Secure SHell protocol, see: https://help.ubuntu.com/community/SSH for client usage. PuTTY is an SSH client for Windows; see: http://www.chiark.greenend.org.uk/~sgtatham/putty/ for its homepage. See also !scp (Secure CoPy) and !sshd (Secure SHell Daemon)
<hateball> this bit in particular https://help.ubuntu.com/community/SSH/OpenSSH/Keys
<patsToms> so another question
<patsToms> by ssh-dss they mean private key?
<andol> ssh-dss might not be the key type you want...
<coreycb> jamespage, these are ready to promote if you have a moment:  http://paste.ubuntu.com/23851946/
<alex88> hello everyone, after scheduling a shutdown how do I see the pending shutdown? tried `systemctl list-timers`, looked at atd.service, systemd-shutdownd.service, nothing
<jamespage> coreycb, looking at those shortly
<coreycb> jamespage, thanks
<lordievader> Good afternoon
<jamespage> coreycb, all done
<jamespage> ta
<cpaelzer> jdstrand: thanks for your insight on bug 1658198
<ubottu> bug 1658198 in libvirt (Ubuntu) "multi-level stacked qcow2 files are not properly handled in Apparmor" [Undecided,Incomplete] https://launchpad.net/bugs/1658198
<rbasak> cpaelzer: a mysql-5.7 security update landed recently. So anyone whose system would have a failure on mysql-server-5.7.postinst before will have received one on receiving that update.
<jdstrand> cpaelzer: yw
<cpaelzer> rbasak: I see - that explains the sudden spike of reports - all bad configs coming in to report on an update
<zul> coreycb/jamespage: i was thinking of going through https://qa.debian.org/developer.php?login=openstack-devel%40lists.alioth.debian.org and make sure the relevant stuff in universe archive is good
<zul> (because im a masochist)
<coreycb> zul, you could take a pass on upper-constraints to see how we stand
<zul> coreycb: sure
<FMan> I like Ubuntu Server, but people push me to deploy CentOS instead
<cncr04s> i used to use centos, ubuntu is superior in every way
<coreycb> zul, i asked the release team to reject python-oslo.context  2.12.0-0ubuntu1 because it's > upper-constraints
<FMan> would you like to give specific examples?
<zul> coreycb: ok sounds good
<cncr04s> ubuntu packages get updated way faster then centos related ones. at least in my experence.
<delewis> newer kernels, too.
<delewis> CentOS 7.x kernel is ancient.
<coreycb> zul, stevedore is > upper-constraints too but that's already promoted to -updates.  we need to be check upper-constraints before uploading.
<zul> coreycb: ack
<joelio> CentOS kernel in 7 is 3.10 but does have backports bear in mind - just to add some balance :)
<joelio> I've noticed grsec stuff appearing in ubuntu sources, are there plans for full support soon?
<lordievader> There are plans for the kernel itself to integrate grsec things. After all the grsec mess.
<joelio> interesting, thanks
<jge> probably not the best channel but anyone know how to remove a file monitored by rsync?
<joelio> jge: not sure what you mean by monitored?
<joelio> they're just files, so depending on which fs your rsyncing from remove it from there, there are also rsync flags to delete anything in the target dest that's not in source (--delete)
<jge> keep getting "mv:cannot stat 'some file..' No such file or directory, which is fine since it's not there anymore but how could I tell it to stop
<joelio> mv? perms ok etc?
<joelio> or is it changing under the hood as you begin the rsync job
<joelio> if something is moved, it'll still have the inital tree of files so that could be the cause
<jge> the file does not exist on source or destination, so no perms to check
<joelio> that sounds... strange :)
<jge> I know...
<joelio> where is the error too, rsync makes dot files when copying, so if it can't rename/move that might be a bit wtf
<jge> let me double check again, make sure is not a case of being monday and I'm slow ;)
<jge> joelio: it looks to be some sort of temp file, name starts with ~
<jge> ~$File.xlsx
<jge> but it's not in the destination or source
<joelio> yea, that's not an rsync temp file, it'd be a randomly generated uid with a . at the start
<joelio> are you doing something recurstively and it's bringing in that file? Or is a process writing to that area outside of rsync and it's a temportal file, so rsync reads it in the file listing but but the time it's come to copy, the temporary file has gone
<jge> joelio: it's a network share, with several people working on that excel sheet at times
<jge> so it gets saved, that file gets deleted
<frickler> is it possible that Dir::Etc::SourceList is still mentioned in the man page of apt-get, but has no effect anymore?
<frickler> ah, nevermind, need to override sourceparts instead
<joelio> jge: yea, sounds about right.. is the network share something that you can snapshot? If so, do that and backup the snapshot - otherwise you'll always get inconsistent backups depending on the update frequency of that share
<joelio> if you need to maintain the two in sync, checkout unison instead, you might have a better experience
<jge> joelio: I need the two to be in sync, I've looked at unison and ended up going with osync.. I can't do snapshots on that fs, so I just added an exclusion list to ignore "~$" files for now
<joelio> yea, sounds reasonable
<DammitJim> so, I've asked before, but do you guys know where I can look since my Ubuntu 16 servers are taking 8 minutes to shut down?
<DammitJim> this is happening on new install and upgrades
<DammitJim> I narrowed it down to the fact that I use a logical volume for /var
<sarnold> huhn
<sarnold> that's interesting
<DammitJim> yeah, If I have just a logical volume for /home and not for /var, the problem doesn't exist
<sarnold> my own server seemed like it never shut down when I issued shutdown -h now but I chalked that up to servers being weird hardware and just smack the power button. I've never tried waiting eight minutes. ;)
<DammitJim> but I don't know where to look to figure out where the problem resides or what is waiting for /var?
<teward> I just never shut off my servers :P
<teward> I have a graceful shutdown process of course for my VMs, but :P
<DammitJim> I try not to, but this will hurt me when I do a dist-upgrade to 50 servers
<sarnold> teward: well, the last time was at 4am when the UPSes were making the world's worst noise. heh.
<teward> sarnold: heh
<teward> sarnold: were they on the verge of selfdestruction?  :P
<DammitJim> oh man, we had a power outage on Saturday... I'm still bruised from that
<DammitJim> so, do you know what I should do?
<sarnold> DammitJim: I've heard suggestions that setting systemd's journal to persistant mode so that you can inspect previous boots can sometimes help.
<DammitJim> how do I do that?
<sarnold> teward: no, but after ten minutes I figured the power wasn't coming back right away. (It took 31 hours. I was not pleased.)
<teward> sarnold: ouch
<sarnold> DammitJim: systemd-journald(8) has the two-liner instructions
<DammitJim> oh gosh, I was just told by the president that if power goes out, I need to drive to the office... I hope I don't have to wait 31 hours to go home!
<DammitJim> sarnold, so, I need to do research on systemd-journald to figure out 2 lines I need to change to set persistent mode?
<sarnold> DammitJim: well, you could just run them and hope for the best :) but five minutes to read the manpage would't hurt
<DammitJim> yeah, I am just trying to understand your suggestion
<DammitJim> so, I am reading about systemd-journald
<DammitJim> sarnold, I need to find out how to set up persistent mode?
<sarnold> DammitJim: if you search for 'pers' in systemd-journald manpage, you'll quite quickly find the two lines to paste :)
<DammitJim> I found them
<DammitJim> just trying to understand what that does
<DammitJim> it seems related to /var/log/journal
<sarnold> systemd maintains its own journal
<DammitJim> maybe that mount is "unmounted" before it finishes the download and systemd still wants to write to it?
<sarnold> rather than syslog's simple plain-text format, this thing is binary and easily broken
<teward> sarnold: so, I'm gonna work on the merge sometime this week, maybe friday, for nginx to Zesty, do you need to do a cursory security review or are we good to go with me just doing the merge?
<teward> It still needs Release team review anyways, because it needs work on which binaries go to which pockets.
<sarnold> teward: no need, and better to not wait for me, I'm afraid I'm already holding up too much work for our teammates
<teward> sarnold: that was more a generic question not a "put it on your list of crap to do" :p
<sarnold> DammitJim: so my hope is that by setting it persistent it'll have a place to write the things it wants to write during shutdown. It's a longshot, but as my usual debugging approach is "read the logs then the source", it feels like a natural hope :)
<sarnold> teward: normally once something is in main we don't bother re-reviewing
<DammitJim> sarnold, you are 100% on this. I don't have eyes where I need them
<DammitJim> and this sounds like would allow me to read something?
<teward> sarnold: well, the exception was the HTTP/2 stuff
<DammitJim> so, what you are helping me with is to have a log that I can read the next time I boot the server up because systemd will normally log to a volatile location, right?
<teward> sarnold: but you're not wrong :)
<sarnold> DammitJim: that's my hope. I don't know for sure that systemd is actually logging anythuing then, but it's the only idea I've got.
<sarnold> DammitJim: exactly
<DammitJim> thanks
<DammitJim> looking and testing
<sarnold> teward: right. but I'd be wasting my time looking over http/2 code, if it worked at all that would mean it's already too complex for me to find issues by inspection
<teward> heh
<teward> sarnold: well, we also know that the core headaches we had were w2ith the 3rd-party HTTP2 library implements that were evil on many of the webservers
<teward> NGINX rolls their own so :P
<sarnold> heh yeah.
<sarnold> I'd trust the nginx team way more than the average group of yahoos
<DammitJim> sarnold, so, actually, I found the section that talks about creating the folder and setting tmpfiles
<DammitJim> is that what you were refering to?
<sarnold> DammitJim: yes
<DammitJim> ok, cool. I'm taking a snapshot and running updates
<teward> sarnold: true statement, but we also have pretty good rapid-reply responses to things with them
<DammitJim> what's funny is the system freezes only after I do an: apt-get upgrade
<teward> coord. between Debian and Ubuntu nginx needs to improve, but eh
<DammitJim> just installing ubuntu 16 doesn't hang on shutdown
<sarnold> DammitJim: o_O that's insanely strange
<DammitJim> so, 1 of the gazillion packages that gets updated must be the cause
<DammitJim> blah
<DammitJim> brb
<DammitJim> thanks sarnold
<DammitJim> does Ubuntu change from EST to EDT when the timezone is set up to America/New York?
<DammitJim> like when one runs `date`
<sarnold> well, the time doesn't _change_, like it does on windows systems. instead, all the time-and-date routines know the transition points and print the correct time.
<DammitJim> right, so right now my boxes say EST
<DammitJim> when summer comes, it should print EDT
<sarnold> but the kernel just keeps counting seconds since 0:00:00 1 Jan 1970 UTC
<DammitJim> just because of the fact that I picked America/New York, right?
<sarnold> right
<DammitJim> thanks
<DammitJim> so, basically there is no way to NOT observe DST when one is on an eastern time zone
<sarnold> DammitJim: you could set the timezone of the box to report UTC if you wanted to skip timezone nonsense
<DammitJim> yeah, the developers would go crazy on that
<DammitJim> LOL because they don't do utc conversions, yet
<DammitJim> we are still in the process
<zul> coreycb: ping we are pushing it with python-sphinx, python-stevedore, python-docutils
<coreycb> zul, hmm?
<zul> coreycb: just going through my upper-constraints check
<coreycb> zul, we should evaluate the diffs of what we have vs the upper-constraints versions
<coreycb>  zul, oslo.context too
<zul> coreycb: http://pastebin.ubuntu.com/23853429/ (None - No status, ??? - Unknown Status - X - Cutting it close)
<zul> coreycb: oslo.context got bumped this morning
<coreycb> zul, ok cool
<zul> coreycb: but yeah ^^^
<coreycb> zul, that must not have landed yet though
<zul> coreycb: not yet
<zul> coreycb: my eyeballs are going squirley
<coreycb> zul, castellan and gabbi should get bumped
<zul> yeah..
<zul> ill put it on my list
<coreycb> zul, and might as well bump the tempests
<zul> yeah
<zul> coreycb: http://paste.ubuntu.com/23853450/
<coreycb> zul, thanks
<zul> reno probably as well
<zul> coreycb: tempest updated ;)
<rangergord> Hi. I'm using Ubuntu Server to run an embedded app. My application dependencies come from various sources: official apt, 3rd party PPAs, manual downloads, python pip, etc. I do not trust those dependencies to still be downloadable in a year or two or three, so I would like to freeze what I got right now, and have a way to copy those dependencies on new systems. What is the simplest and
<rangergord> safest way to do this? Imaging the partition and restoring it on new systems?
<rangergord> also wondering what issues could arise from having different HW. It will always be x64, but like, will the new system fail to boot cause the old one had 1 soundcard and 2 network cards but the new one has 0 soundcards and 1 network card?
<rangergord> will/could
<sarnold> man that all sounds so brittle
<tarpman> rangergord: if you don't plan to port your app forward to future versions of (for example) the system packages it relies on, IMO you should just install it on a virtual machine so you can carry that forward to whatever hardware you like in future
<tarpman> rangergord: but you really do need a plan for taking into account, for example, security issues in your dependencies that are only fixed in newer versions
<sarnold> if it were me I'd go to more effort to copy the original sources, and document how to perform the install. THat way you stand a chance of addressing security updates in the component pieces.
<rangergord> sarnold: I already documented how to perform the install, I have a script that does it, it's just not reliable. especially npm (Node/Javascript package manager) is the weakest link in the chain, there's packages that stopped working for a week even though I'm pinning specific version.
<rangergord> I like the idea of a VM
<sarnold> rangergord: holy cow, npm, pip, apt, ppas.. russian roulette!
<rangergord> sarnold: it's a Node webapp...and I have to use Python for the the work Node can't do, need pip to get the snmp library, and I save on Postgres.  :P
<rangergord> PPAs is for latest Node LTS
<theGoat> i have a syslog-ng box forwarding me events where the IP addresses are spoofed.  but none of the events are getting written.  i go lookin the logs and see this:  kernel: IPv4: martian source 192.168.1.13 from 1.2.3.4, on dev eth1 -- are the packets being dropped?
<sarnold> I thought the kernel only had options to -log- the martians; if you want them dropped, I think you have to use iptables to do it
<theGoat> ok...i'll have to some more digging.  thanks
<sarnold> theGoat: please report back what you find, if you find something :) thanks
<theGoat> will do
<theGoat> doing some goodling i came across: https://wiki.ubuntu.com/BasicSecurity/Firewall. when i checked /proc/sys/net/ipv4/conf/eth1/rp_filter it was set to 1.  if i set it to 0, what do i have to restart for the change to take effect?
<rbasak> theGoat: it takes immediate effect on eth1 I believe
<theGoat> ok....hmmmmm.....still seeing the martian packet events....i'll have to do more digging
<sarnold> theGoat: the logging happens via net.ipv4.conf.*.log_martians -- does rp_filter do the trick?
<DammitJim> sarnold, you still around?
<sarnold> hey DammitJim :) any luck?
<DammitJim> well, for some reason after doing that, the system no longer hangs!
<DammitJim> how do I read the journal logs?
<sarnold> journalctl
<DammitJim> I did see that the system was having a hard time unmounting /var
<sarnold> iirc you can use -b 1 or -b 2 to select previous boots
<DammitJim> but this time it just kept going
<DammitJim> I can't copy and paste from the server, but this is kinda what it says: Starting Unattended Upgrades Shutdown... Unmounting /var... Stopped Apply Kernel Variables... umount: /var: target is busy
<DammitJim> var.mount: Mount process exited, code=exited status=32
<DammitJim> Failed unmounting /var
<tarpman> DammitJim: https://github.com/systemd/systemd/issues/867 probably
<DammitJim> is my system trying to unmount var before some other service needs it?
<DammitJim> thanks tarpman ... reading
<DammitJim> gosh, that issue is old
<tarpman> but unfixed afaik
<tarpman> also why can't you copy and paste from the server?
<DammitJim> I am not ssh'd... just VMWare consle
<DammitJim> console
<DammitJim> and on another machine
<DammitJim> crap, so this problem exists for real?
<DammitJim> thanks sarnold and tarpman
<DammitJim> interesting, though that the systemd changes I made helped
<DammitJim> I had also changed the timeouts, but I don't think it's even waiting the 30 seconds
<DammitJim> but thanks. I think I might switch all my servers over to that
<DammitJim> I gotta run
<DammitJim> have a good one
<sarnold> tarpman: nice find. ugh.
#ubuntu-server 2017-01-24
<fishcooker> should i restart the box after configure network interfaces? http://vpaste.net/HQirT AFAIK im used to do /etc/init.d/networking restart or ifconfig eth0 down && ifconfig eth0 up, but it doesn't work
<lordievader> Good morning.
<rbasak> cpaelzer: did you intend to drop the openldap merge from the blueprint?
<cpaelzer> rbasak: yeah it was a dup, check the second to last line
<cpaelzer> rbasak: I was updating mine and picked a few of the more simpler merges to fill into my qemu testing idle time slots
<cpaelzer> rbasak: and so I found a few things that were duplicates or not updated yet
<cpaelzer> rbasak: I hope there is no openldap != openldap magive that I'd have missed - did I ?
<rbasak> cpaelzer: ah OK. Just checking!
<saju_m> In what order
<saju_m> In what order I should install these packages http://dpaste.com/1Q388JC ?
<zul> coreycb: i uploaded a newer tempest last night btw
<coreycb> zul, ok thanks
<zioproto> coreycb: can you confirm that Openstack Kolla in not yet package for Openstack Newton in Ubuntu ?
<coreycb> zioproto, confirmed.  although we were talking about packaging it.
<zioproto> ok, I am testing it at the moment, right now working with pip then
<jamespage> zioproto, hey
<zioproto> hey
<jamespage> zioproto, are you looking at kolla itself or one of the kolla-ansible/k8s deployment projects?
<zioproto> we have this problem here, that we dont feel like rewriting our puppet stuff from puppet3 to puppet4
<zioproto> at the moment looking at kolla in stable/newton
<zioproto> that is still just kolla without the additional kolla-ansible repo
<zioproto> that starts in ocata
<zioproto> kolla-ansible repo only has a master branch
<jamespage> zioproto, ack
<zioproto> still did not look at Kubernetes
<jamespage> zioproto, ok so can I suggest a slight different approach to packaging kolla then ?
<zioproto> sure
<zioproto> I am all ears !
<jamespage> zioproto, have you heard of snaps?
<zioproto> is k8s different from https://github.com/openstack/kolla-kubernetes ?
<jamespage> kubernetes == k8s
<jamespage> for folk like me that can't spell or be bothered to type a long name :-)
<zioproto> ok, so this is the same stuff ? https://launchpad.net/kolla-k8s
<jamespage> yah
<zioproto> so what different approach you would suggest ?
<zioproto> ah snaps
<zioproto> yes
<jamespage> zioproto, yeah
<zioproto> yes
<jamespage> zioproto, https://github.com/openstack-snaps/snap-rally
<zioproto> packaging distribution agnostic, right ?
<jamespage> yep
<zioproto> I hear of it
<zioproto> but I dont have experience
<jamespage> zioproto, we've been looking at it alot in the last few months
<jamespage> zioproto, have a mostly functional set of openstack snaps
<zioproto> actually is how we deploy RC packages on Cumulus Linux
<jamespage> I just raised the review to get rally and tempest snaps up under /openstack
<joelio> jamespage: interesting, I'm working on rally today. Code available?
<zioproto> do you have a stable/newton openstack snap for Kolla that I can test ?
<jamespage> zioproto, not yet - I was going to suggest that you have a run at it
<zioproto> jamespage: are you coming to Milano to the ops meetup ?
<jamespage> they are pretty quick to write
<jamespage> zioproto, might be
<jamespage> zioproto, plans tbc
<zioproto> okay, so I will first give it a try with pip
<jamespage> joelio, https://github.com/openstack-snaps/snap-rally
<joelio> thanks
<jamespage> is installable from the snap store - take a read of the README
<zioproto> Kolla is already new, and I cant introduce in the team 3 new technologies at the same time :)
<jamespage> zioproto, just think of it as a static wrap of pip
<jamespage> installable without infecting the rest of your install with pip-ness
<jamespage> joelio, fwiw I think you need the snapd from xenial-proposed for the rally snap - its a classic mode version
<jamespage> which is pretty new feature
<jamespage> joelio, 2.21 is the version
<joelio> jamespage: yea, I'll take a look - I'd be keen to look at this for the cli tooling too, currently we provide a Vagrantfile for customers and a web interface, a snap would be cool too
<jamespage> joelio, oh I already have one in flight
<joelio> ace :)
<jamespage> joelio, openstackclients
<jamespage> joelio, idea is that it provides all openstack project cli tools
<joelio> brill, sounds ideal
<jamespage> the snap store is due to support series soon as well, so we can have a openstackclients aligned with each stable release of openstack
<joelio> awesome
<jamespage> joelio, we're bootstrapping snap bits atm - if you wanted to join #openstack-snaps that's where most irc discussion is happening
<joelio> jamespage: ack
<jamespage> zioproto, ^^ if you're interested as well :-)
<zioproto> ok ! I will try to join also there
<zioproto> so when I run commands like
<zioproto> sudo snapper create -d "Installing DHCPd pre-release fix" --command "dpkg -i ./isc-dhcp-*deb"
<zioproto> I am already use snap
<zioproto> is the same tool right ?
<zioproto> or snapper is yet another thing ?
<joelio> zul: different, thats for snapshotting your local stuff.. this is more akin to an image registry/catalogue
<joelio> zioproto: ^^ (sorry zul)
<joelio> I just tested rally out, took less than a minute including setting up xenial-proposed, lgtm
<smoser> dannf`, please feel free to verify bug 1640519
<ubottu> bug 1640519 in curtin (Ubuntu Xenial) "arm64 xenial maas images don't include u-boot-tools package" [Medium,Confirmed] https://launchpad.net/bugs/1640519
<zioproto> joelio: so we are talking about this ? http://snapcraft.io/
<joelio> yep
<dannf`> smoser: yep - i'll ask sfeole to try it in his setup
<cpaelzer> rbasak: could you run the importer on tgt ?
<cpaelzer> rbasak: currently old/new debian is still outdated so it needs an import anyway
<cpaelzer> rbasak: but I'm eager to see what it does since this already has a zesty merge
<cpaelzer> yet I'm considering a re-merge to pick up latest (and drop more delta IIRC)
<jamespage> zioproto, have you considered switching to charms from your current puppet approach for deployment of openstack?
<zioproto> mmmâ¦ no, not at all :)
<rbasak> cpaelzer: sure
<cpaelzer> thanks rbasak
<rbasak> cpaelzer: done
<coreycb> EmilienM, is ocata-proposed working ok for you know that webob is back to 1.6.2?
<EmilienM> coreycb: I haven't tested
<EmilienM> mwhahaha: ^
<mwhahaha> no
<mwhahaha> we've got other issues
 * mwhahaha hasn't had time to dig
<mwhahaha> but nova's broken
<coreycb> mwhahaha, in what way?
<mwhahaha> coreycb: http://logs.openstack.org/66/422766/4/check/gate-puppet-openstack-integration-4-scenario001-tempest-ubuntu-xenial-nv/790428e/console.html#_2017-01-24_15_07_22_546980
<mwhahaha> https://review.openstack.org/#/c/422766/ if you want to follow along
<coreycb> mwhahaha, is there any chance that run has the old webob?
<mwhahaha> nope
<coreycb> mwhahaha, hmm
<mwhahaha> http://logs.openstack.org/66/422766/4/check/gate-puppet-openstack-integration-4-scenario001-tempest-ubuntu-xenial-nv/790428e/logs/dpkg-l.txt.gz
<mwhahaha> 1:1.6.2-2~cloud0
<coreycb> mwhahaha, any details in the scheduler log as to why no valid host was found?
<mwhahaha> http://logs.openstack.org/66/422766/4/check/gate-puppet-openstack-integration-4-scenario001-tempest-ubuntu-xenial-nv/790428e/logs/
<mwhahaha> like i said, i haven't looked deeply yet. there was a vif error that is saw when i took a few seconds
<mwhahaha> http://logs.openstack.org/66/422766/4/check/gate-puppet-openstack-integration-4-scenario001-tempest-ubuntu-xenial-nv/790428e/logs/nova/nova-compute.txt.gz#_2017-01-24_15_01_25_380
<jamespage> mwhahaha, coreycb: hold a mo
<jamespage> I think that might be due to a os-vif incompat we had
<jamespage> Rebuilding amd64 build of nova 2:15.0.0~b2-0ubuntu2~cloud0 in ubuntu xenial RELEASE
<jamespage> just triggered that
<coreycb> jamespage, hmm
<jamespage> sorry that fell off my plate yesterday
 * mwhahaha buys jamespage a bigger plate :D
<coreycb> :)
<jamespage> coreycb, mwhahaha: hmm
<jamespage> coreycb, mwhahaha: no I did do it yesterday
<jamespage> 2:15.0.0~b2-0ubuntu3~cloud0
<jamespage> is the right version
<jamespage> we might have a general os-vif compat issue in that case
<mwhahaha> http://logs.openstack.org/66/422766/4/check/gate-puppet-openstack-integration-4-scenario001-tempest-ubuntu-xenial-nv/790428e/logs/nova/nova-conductor.txt.gz#_2017-01-24_15_00_57_582
<jamespage> mwhahaha: [Errno 2] No such file or directory
<jamespage> looks like something fails on the compute node with regards to port creation
<coreycb> jamespage, yeah would be nice to know what that file or director is
<jamespage> 2017-01-24 15:01:52.220 4178 DEBUG oslo.privsep.daemon [-] u'brctl addbr qbr9926d47b-cb' failed. Not Retrying. out_of_band /usr/lib/python2.7/dist-packages/oslo_privsep/daemon.py:194
<jamespage> brctl by the looks of things
<mwhahaha> http://logs.openstack.org/66/422766/4/check/gate-puppet-openstack-integration-4-scenario001-tempest-ubuntu-xenial-nv/790428e/logs/syslog.txt.gz
<mwhahaha> there's the syslog if you want to go looking
<mwhahaha> looks like there's a bunch of aodh errors too we'll need to cleanup at some point
<jamespage> mwhahaha, coreycb: indeed bridge-utils is not installed
<jamespage> mwhahaha, coreycb: ok looks like a dep change in libvirt is causing this
<jamespage> xenial libvirt has a hard depends libvirt-bin -> bridge-utils
<jamespage> in ocata uca
<jamespage> libvirt-daemon-system -> recommends bridge-utils only
<mwhahaha> pesky libvirt
<mwhahaha> if you're fixing deps, python-gabbi is also required by tempest. we fixed it in our testing since we don't use the packages but it wasn't getting pulled in
<coreycb> mwhahaha, ah ok we'll take a look at that
<jamespage> coreycb, we don't see this as juju install bridge-utils automatically on all units for container bridging and addresssing
<jamespage> but it does need a tweak
<jamespage> I'd suggest actually having the dep on neutron-openvswitch-agent or nova-compute - not quite sure which is best tbh
<jamespage> nova uses brctl directly I think
<jamespage> coreycb, prob nova-compute methinks
<mwhahaha> for what it's worth, rdo has nova-compute -> bridge-utils
<mwhahaha> https://github.com/rdo-packages/nova-distgit/blob/rpm-master/openstack-nova.spec#L144
<coreycb> jamespage, mwhahaha: yeah seems to make sense to add as a dep for nova-compute
<coreycb> we only have it for nova-network atm
<coreycb> alright let me make those 2 updates
<coreycb> mwhahaha, it doesn't look like tempest uses gabbi. could it be a project-specific plugin?
<mwhahaha> it's possible
<mwhahaha> coreycb: ceilometer test
<mwhahaha> http://logs.openstack.org/48/422248/8/check/gate-puppet-openstack-integration-4-scenario001-tempest-ubuntu-xenial-nv/1c85705/console.html#_2017-01-20_22_23_32_199166
<coreycb> mwhahaha, ok i'll add that dependency for ceilometer.  these will build and i'll let you know when they're backported and promoted to ocata-proposed.
<mwhahaha> coreycb: thanks
<greyolla> Is there a way I can do my own live kernel patching without using canonical's livepatch service? ie looking to self host/maintain.
<jgrimm> caribou, do you still have merges in progress for kdump-tools, clamav, and nut packages?  thought i'd make sure they are still on your radar
<jgrimm> oh, kdump-tools was for secureboot, not a merge
<caribou> jgrimm: kdump-tools/makedumpfile is synced with Debian; clamav is awaiting on the MIR of tomsfastmath to become a sync
<caribou> jgrimm: nut still needs to be completed afaik
<jgrimm> cool enough, i was just going through the blueprint and checking in on INPROGRESS items
<caribou> jgrimm: I'd like to get the kexec-tools done too depending on my b/w
<jgrimm> ack
<JemalMoha> Hello All, nice to be part of the community!
<ctjctj> Hello.  I just upgraded to 16.10 and iscsitarget no longer exists.  What is the replacement package?
<Noname01x2> i need assistance
<ctjctj> Noname01x2, ask your question. don't ask for attention.
<Noname01x2> ok
<Noname01x2> so on my ubuntu server i have apparmor, which i need. and its not working. getting an error in the log.
<Noname01x2> im open to any solution to get rid of the error, although i would prefer not to remove mysql-server in the process.
<sarnold> please pastebin your DENIED entries
<Noname01x2> how do i do that? im no pro
<Noname01x2> i took a screenshot
<Noname01x2> saved it in paint
<sarnold> Noname01x2: dmesg | grep DENIED should do it
<sarnold> you could use the pastebinit program to automatically copy-and-paste that to a pastebin site
<sarnold> ctjctj: I don't know about _the_ replacement for iscsitarget, but there's a few choices.. both libsiscsi and tgt appear to be in main in 16.10: http://packages.ubuntu.com/source/yakkety/tgt  http://packages.ubuntu.com/source/yakkety/libiscsi
<Noname01x2> hmm let me try that
<ctjctj> tgt and libiscsi and I'm checking istgt now.  All my google foo is pulling up iscsitarget references.  THanks sarnold.
<Noname01x2> im in emergincy mode
<ctjctj> Noname01x2, *grins* I understand.  I've got 10+ devs that are grumping because we lost all of our iscsi targets.
<sarnold> owww
<ctjctj> I'll blame you for the solution.
<sarnold> when devs are grumbling is probably not the ideal time to be doing research, but last time I looked into iscsiland, this table seemed useful http://scst.sourceforge.net/comparison.html
<noname01x3> sending you a file, please accept sarnold
<sarnold> eh?
<noname01x3> its a screenshot
<sarnold> why not just pastebin the dmesg | grep DENIED?
<noname01x3> cant
<noname01x3> let me try again
<noname01x3> im in the emergency mode terminal thing
<noname01x3> i coppied the msg
<noname01x3> now what
<ctjctj> noname01x3, if you don't have it installed, install pastebinit   and use it to create pastebin documents.  You'll get back a URL which you post here.
<ctjctj> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<noname01x3> im rebooting
<Noname01x2> ohh i get it
<DammitJim> sarnold, are you around today? good afternoon
<noname01x3> pastebin came up. now all i have to do is get the text....(still rebooting)
<DammitJim> is there a problem with setting systemd-journald to persistent?
<sarnold> hey DammitJim :) I wouldn't have thought so, but in that bug report yesterday I got the impression that using it might lead to .. wel,l the exact issue you were facing yesterday
<DammitJim> LOL
<DammitJim> well, making it persistent has actually somehow helped and the server reboots just fine
<sarnold> dude
<DammitJim> should I be concerned with leaving it the way it is?
<sarnold> just when I think I understand how things work..
<noname01x3> Right now I'm at "Welcome to emergency mode! After logging in, type "journalctl -xb" to view system logs, "systemctl" to reboot, "systemctl default" or ^d to try again to boot into default mode. Press Enter for maintenance.
<DammitJim> LOL... same thing here... I mean, the log still says that it couldn't unmount /var
<DammitJim> dammit, that means that there are more problems, huh?
<sarnold> DammitJim: it should be fine to keep it on persistent. your logging fielsystem may see twice the write rate that it had before, since now rsyslog -and- journald are logging, but for most people that really shouldn't be a burden.
<DammitJim> ok, thanks
<DammitJim> it's sad that one only has a limited amount of time and to get to the root of a problem sometimes one has to just skip it until later
<DammitJim> whatever later is...
<noname01x3> interesting
<JemalMoha>  How to Stop any daemons that is listening on the default SMTP port. (Newbie Here!)
<sarnold> DammitJim: yeah. from that bug report it looks sort of like there's no real fix in sight, either
<sarnold> Noname01x2: so you're stuck in a rescue mode? o_O oy. that sounds like an annoying thing to sort out.
<noname01x3> yeah
<noname01x3> it boots into this mode and thats what I was trying to tell you guys. I cant even open any programs
<noname01x3> how can I copy and paste the error if I cant even copy n paste
<sarnold> aha
<noname01x3> I see a red Failed
<noname01x3> Failed to start LSB: AppArmor initialization. at the end of the line.
<noname01x3> everything else has a green OK
<noname01x3> Fix it please. Thanks.
<noname01x3> What about the packages? Can we do something with that?
<sarnold> noname01x3: what does dmesg | grep -i apparmor report?
<JemalMoha> Help ?   How to Stop any daemons that is listening on the default SMTP port. (Newbie Here!)
<sarnold> JemalMoha: use netstat -anp | grep :25 to find whatever it listening on port 25, then either use systemctl stop <name> to stop the thing (16.04 lts and newer), or 'stop name' to stop the thing (14.04 lts and older)
<JemalMoha> @sarnold thanks!!
<noname01x3> sarnold it reports: {       0.001320] AppArmor: AppArmor disabled by boot time parameter
<sarnold> noname01x3: hrm, I wouldn't have expected that to cause the boot to fail.
<noname01x3> [       29.453556] system[1]: systemd 229 running in system mode.
<noname01x3> its all ur fault. u broke it. :-)
<noname01x3> fyi i made up that last line.
<noname01x3> ..about u braking it...
<noname01x3> also it says: (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK...
<sarnold> that bit just says that systemd was configured with support for all those different tools
<noname01x3> Well the app armor is important.
<noname01x3> oh
<noname01x3> app armor is in red
<sarnold> hehe, yes, I feel the same way, I've been working on apparmor since 2000 :)
<noname01x3> :-)
<noname01x3> I'm confident you can help me.
<sarnold> noname01x3: are there better errors in the logs? /var/log/syslog for example?
<noname01x3> how do i get that
<sarnold> less /var/log/syslog probably -- there's a chance that the things causing you trouble may not say 'apparmor' directly in the lines..
<noname01x3> I would live to give you all possible info.
<noname01x3> ok a lot of info cam ein
<sarnold> jump to the end and then start scrolling backwrads..
<tyler3332> I have an ssh key with a passphrase, but Im not getting asked to put my passphrase in, why is this? Its for a local VM.
<sarnold> tyler3332: ssh-agent or a keyring daemon perhaps?
<ctjctj> noname01x3, in case you did not know, you can use a slash (/) to start a search in less.  So find your apparmor error, then use page up down to move up and see what was happing near there.  You can use 'G' to go to the end of the file and '?' to search backwards.
<tyler3332> how do I check?
<ctjctj> tyler3332, ssh-add -L
<tyler3332> yup there is a key there
<tyler3332> is that ssh-agent?
<ctjctj> That means you are connected to an ssh-agent.  When the key is added to the agent you were asked to provide the passphrase.
<tyler3332> ah ok
<ctjctj> It is assumed that ssh-agent will take good care of your private keys.  I.e. it wont leak them to just any old person.
<tyler3332> ok thanks.
<ctjctj> ssh-add is how you add (and remove?) keys from the agent.  -l will give you finger prints and -L will give you the public key half.
<tyler3332> do keys get added automatically? cause I didnt add it myself
<ctjctj> When I'm dealing with clients lacking clues we'll get them to log in with a password verify that they have a working agent with ssh-add -l then have them give us the ssh-add -L output so that we can update "authorized_keys" and turn off password access.
<sarnold> definitely good idea
<ctjctj> (reality is that we have a special VM with a guest account that the log into to runn ssh-add -L.  That way we never allow password access to our servers to our clients.
<sarnold> DUDE
<sarnold> that's great :)
<noname01x3> sarnold i cant tell what msg is good and whats bad
<ctjctj> There is *exactly* one password on our servers.  For root which I know for emergency access from the KVM console.
<sarnold> noname01x3: can you copy-and-paste it to paste.ubuntu.com?
<noname01x3> I have no idea how.
<noname01x3> maybe i should have booted into advanced mode
<ctjctj> sarnold, take a look at pam_ssh_agent_auth for how to allow sudo access based on ssh keys.
<ctjctj> noname01x3, use pastebinit like I pointed you at.
<sarnold> ctjctj: he's stuck in a rescue mode, no networking, no nothing :/
<ctjctj> sarnold, service networking start ?
<sarnold> worth a try
<coreycb> beisner, can you promote nova - 2:15.0.0~b2-0ubuntu4~cloud0 to ocata-proposed please?
<noname01x3> i believe i have network access
<noname01x3> it says starting raise network interfaces....
<sarnold> ctjctj: pam_ssh_agent_auth.. that's odd. it's better than passwords for sudo but I'd be afraid that the ssh key lifetimes useful for logging in to hosts may not match sudo lifetimes very well :)
<noname01x3> [OK]Started ifup for eth0.
<ctjctj> sarnold, I don't follow.  what do you mean by ssh key lifetimes?
<sarnold> ctjctj: well, back in the day I used to use ssh-add -t 300
<coreycb> beisner, that should help get puppet CI back in order for mwhahaha
<ctjctj> sarnold, ah, we don't  we leave the key in for the duration of the session.
<sarnold> ctjctj: but then I started doing tasks on VMs that would take an hour, etc, so I wound up moving to ssh-add -t 3600 ... and then eventually the tasks got long enough that I gave up on -t entirely and just add keys to the agent that last -forever-
<ctjctj> yep.
<ctjctj> So the life time would be fine for sudo work.
<sarnold> but I certainly don't want more than ~five minutes of allowed sudo window
<sarnold> not that that's perfect
<sarnold> an open terminal is a disaster anyway
<sarnold> but still
<ctjctj> sarnold, ah.  I understand.  I'm dealing with a bunch of Devs that are Drupal/Wordpress people.  Teaching them to do anything safely is hard.
<sarnold> ctjctj: it certainly doesn't come naturally. :)
<noname01x3> Maintenance mode
<beisner> coreycb, ok, promoted. ye shall haz bridge utils.
<coreycb> beisner, awesome
<ctjctj> My current favorite is that our "director of creative direction" has been giving out the company user name/password (.htpasswd) to clients instead of making them use their individual passwords)
<noname01x3> ctjctj so if I  have network access. then what
<sarnold> noname01x3: sweet. apt-get install pastebinit, and then pastebinit /var/log/syslog -- if it looks like something you'd want to share with the world
<ctjctj> noname01x3, now you can do things like apt-get install pastebinit and use that to get us bits and bobs of what's going on in your system.
<sarnold> ctjctj: ouch. just .. ouch.
<noname01x3> reading package
<noname01x3> done
<ctjctj> sarnold, yeah.  Ouch is the word for this guy.  He manged to make his way onto my s___ list about 6 months ago.  Normally it takes about 2 weeks to work your way off.  He is deeper on the list than when he was placed on it.
<sarnold> ctjctj: gotta hand it to him, he does sound -creative-
<noname01x3> installed
<noname01x3> so now what
<noname01x3> im at root
<sarnold> pastebinit /var/log/syslog
<ctjctj> Friday I get a client to agree to X,Y and Z.  This makes things so much easier for what I'm developing.  Monday he talks to the client and undid all of that client work.  So now the project is in limbo for another two weeks until client reaches a decision, again.
<noname01x3> sarnold it says: http://paste.ubuntu.com/23859388/
<ctjctj> noname01x3, *yes*!
<sarnold> noname01x3: great :) moment..
<noname01x3> Congrats to me.
<noname01x3> This is fun
<noname01x3> My boss will be unhappy if this isn't fixed, however.
<ctjctj> noname01x3, sorry about that.  Part of the problem is that we forget to specify everything.
<noname01x3> ctjctj ok so thats ok. I get it. You didn't understand how low my skill level was.
<noname01x3> VERY LOW. But I'm a smart guy.
<ctjctj> sarnold, that looks like a desktop boot.  I'm seeing boatloads of gnome-session stuff.
<noname01x3> I sound like I'm almost not stupid.
<sarnold> I can't spot anything that looks like trouble ;(
<noname01x3> sarnold A desktop boot? How dare you?
<ctjctj> sarnold, would dmesg hold it?
<ctjctj> I'm thinking that systemd might not be running yet.
<ctjctj> syslogd
<ctjctj> noname01x3, on that server: dmesg| pastebinit
<noname01x3> uhh ok. let me see
<noname01x3> ctjctj Http://paste.ubuntu.com/23859412/
<sarnold> [    0.000000] Command line: BOOT_IMAGE=/vmlinuz-4.4.0-59-generic.efi.signed root=/dev/mapper/BNY--VS--CA--vg-root ro security=selinux selinux=1
<sarnold> no wonder apparmor init script isn't happy :)
<ctjctj> noname01x3, translation.  fix your boot command line.
<ctjctj> selinux and aptarmor don't play well together (IIRC)
<noname01x3> okay. how do we do that
<sarnold> indeed :)
<sarnold> maybe someday
<sarnold> but not this year
<sarnold> and probably not next year
<noname01x3> Thats ok. We have time.
<ctjctj> sarnold, apt-get purge selinux ?
<noname01x3> But we need this up and running asap
<noname01x3> lol
<ctjctj> maybe with an * in there some place?
<noname01x3> ctjctj someone doesn't like selinux.
<noname01x3> ctjctj yes thank u.
<ctjctj> noname01x3, you don't at this point.  Or you can explain to "boss" why the system is down? *GRIN*
<noname01x3> :-)
<ctjctj> I'm waiting for sarnold to approve that line
<sarnold> good question, I don't know selinux packging well enough to know if they automatically add selinux=1 stuff to the kernel command line..
<sarnold> apt-get purge 'selinux*' would be a decent starting point anyway
<ctjctj> sarnold, I'd start with the purge, check /boot/grub.menu (or whatever it is this week) and if it is still bad we'll update it via grub stuff.
<tarpman> careful, that might match libselinux as well
<noname01x3> sarnold will it give me a warning if it will do something i dont like?
<sarnold> noname01x3: not really
<sarnold> linux is like that
<ctjctj> noname01x3, nope.  It's unix.  If you want to shoot yourself in the foot then it will ask you how big of a hole you want to make after the first shot.
<sarnold> it'll let you cut off your arms if you want
<noname01x3> lol
<ctjctj> sarnold, *laughs* great minds and low ethics think alike.
<noname01x3> ok thanks for the tip.
<sarnold> lol
<coreycb> zul, yay python-statsd approved
<noname01x3> I like the purge selunix idea.
<ctjctj> I'm going to send a cuss word filled bug report to whomever wrote the option parsing for tgtadm  '-y' is not allowed/supported.  I ended up in the source code to find out that -y means --blocksize...
<coreycb> zul, that should unblock some things
<zul> coreycb: i saw
<zul> coreycb: oslo.middleware
<ikonia> -y means blocksize ???
<ikonia> who thought that out
<noname01x3> I have a backup checkpoint from this morning.
<noname01x3> I can put it right back if it goes bad
<ctjctj> ikonia, yeah.
<noname01x3> or maybe I dont know what im talking about.
<sarnold> ctjctj: eww!
<ctjctj> noname01x3, I'm glad you have that checkpoint.  Means we don't have to worry about xxxbadcommamndXXX -rf / mean people.
<noname01x3> ctjctj, thanks. Yeah I believe I can try it with no worries. And my boss is constantly asking me whats new and I would love to have an answer, other than repeating what you guys are saying, which causes him to ask "And".
<ctjctj> noname01x3, what version of ubuntu are you running? 14.04LTS?
<sarnold> probably 16.04 lts, with kernel version 4.4.x
<ctjctj> sarnold, ok.
<noname01x3> 16.04 LTS
<ctjctj> noname01x3, once you have the purge done: pastebinit /boot/grub/grub.cfg
<noname01x3> ctjctj, ok i will do the purge now.
<noname01x3> apt-get purge selinux
<noname01x3> Done
<noname01x3> waait it says click y to continue
<ctjctj> noname01x3, wrong command.
<ctjctj> apt-get purge 'selinux*'
<noname01x3> pressed y
<ctjctj> That's ok.  When you are done run the second purge too.
<ctjctj> sarnold, updated my original command.
<ctjctj> if it says anything about "grub" as it is doing that purge let us know please.
<sarnold> good idea, apt-get purge 'selinux*' looks better
<ctjctj> sarnold, well I did cut and paste your version... *GRIN*
<sarnold> hehe
<noname01x3> ctjctj, http://paste.ubuntu.com/23859484
<noname01x3> whats the second purge?
<sarnold> the second purge would remove any selinux policies that might have been installed via tha packages
<ctjctj> it adds a wildcard to search for other packages named selinux[anything]
<noname01x3> ohh ok lets not lol
<ctjctj> So if there is a selinux-break-nonames-system the * would match -break-nonames-system
<ctjctj> You want to delete those other things noname01x3.
<noname01x3> ctjctj, unless you insist
<ctjctj> sarnold, looks like the security=selinux and selinux=1 are still in the grub.cfg
<sarnold> "security=selinux selinux=1
<sarnold> yes that :) heh
<noname01x3> ahhhhhhhhh
<noname01x3> lets get it out!!!!!!
<noname01x3> ok whats the purge. lets do it
<ctjctj> noname01x3, what's happening is that sarnold and I could very easily tell you how to remove that part in grub.cfg and update grub to have your system boot.  But my fear is that the next time you got a kernel update the selinux issue would come back.
<ctjctj> apt-get purge 'selinux*'
<ctjctj> noname01x3, pastebinit /etc/default/grub.cfg
<ctjctj> noname01x3, do you speak vim, emacs or ed/ex?
<Noname01x2> what the???
<Noname01x2> i was disconnected
<ctjctj> Noname01x2, pastebin /etc/default/grub.cfg after the purge
<ctjctj> Noname01x2, do you speak vim, emacs, ed/ex, or nano?
<noname01x3> im back
<noname01x3> ctjctj, none of the above
<ctjctj> noname01x3, pastebinit /etc/default/grub.cfg
<ctjctj> if that purge completed.
<noname01x3> unable to read from /etc/default/grub.cfg
<ctjctj> sorry /etc/default/grub
<ctjctj> to many windows with some being 14.04 and some 16.10 with slightly different naming conventions.
<noname01x3> ctjctj, http://paste.ubuntu.com/23859650/
<ctjctj> noname01x3, nano /etc/default/grub  go to the line that says "GRUB_CMDLINE_LINUX_DEFAULT" and remove everything between the quotes.
<ctjctj> nano is designed for my 6yo.  So I'm hoping you can drive it... *GRIN*
<sarnold> that's the first package I purge every install :)
<ctjctj> sarnold, my IDE is emacs.... *GRIN*
<noname01x3> ctjctj, I'm doing what you told me. Stand by...
<sarnold> ctjctj: do you also use it for irc, email, web, etc? :)
<ctjctj> sarnold, is there any other way? *grin* Nope.  just my programming editor.  I'm equally at home with vim, vi, ed, ex, jove and a few others.
<sarnold> ctjctj: no kidding? I started with vi too long enough, and never figured out how to do more than quit emacs..
<ctjctj> though I have used it for email, irc and uunet news
<ctjctj> sarnold, I started with a home grown editor that I wrote to interface with a distribute console editing system. (scredit at MSU).  But I was playing "hack" or "nethack" and my fingers learned the vi key movements.
<sarnold> and once vi was in my fingers, nothing else quite fits right
<ctjctj> about 1989 I was working with Mike Muuse (author of ping and a bunch of other great things) and watched him drive "jove" (jonathans own version of emacs).  Jove was light weight enough to load in a reasonable amount of time vs emacs.  And seeing some of the things  he was doing, multiple windows into the same file, two files open at the same time, cut and paste from one window to another.  and all of it in a 24x80 green
<ctjctj> screen terminal.
<noname01x3> ctjctj, do i remove the ""?
<ctjctj> I switched to jove the next day.  Used jove until emacs for programming and vim for "quick edits"
<ctjctj> noname01x3, no.  Leave the ""
<ctjctj> sarnold, I have one of my logical units back.  Thanks for the pointer to tgt.
<sarnold> ctjctj: ahhh that makes sense. yeah. emacs was way too heavy to load on the shared system I started with, I didn't want the other users upset :)
<sarnold> ctjctj: sweet! how's the transition?
<noname01x3> ctjctj, im done.
<ctjctj> the transition is a pita.  It is all command line controlled.  I haven't located a configuration file yet so about 6 long command lines to define the target, define the LUN, define the users, attach the users, open the target to the initiator.
<noname01x3> I think I want to become an ubuntu expert now.
<ctjctj> noname01x3, update-grub
<noname01x3> ctjctj, im still in nano.
<noname01x3> ctjctj, do i do exit?
<ctjctj> isn't it in the menu at the bottom? (ctrl-x)
<ctjctj> it will ask you to save the file and such.  Do so.
<noname01x3> ctjctj, yeah I just wanted to confirm.
 * ctjctj ups the age requirement from 6 to 8
<sarnold> ctjctj: damn :/ what a pain in the butt :(
<noname01x3> ctjctj, lol. I get it. Its very easy to use. I just like to follow instructions to a tee.
<noname01x3> ctjctj, ok now we do that other thing yo usaid....
<noname01x3> updating...
<ctjctj> sarnold, as far as I can tell this is a cleaner interface.  iscsitarget has a command line interface but it does not save any dynamic modifications.  So you have to modify the target/lun dynamicly, update the configuration file.  Hope you got it right.  If you restart iscsitarget your initatiors hate you.
<ctjctj> sarnold, this is all dynamic which is good in that way.
<noname01x3> ctjctj, done.
<ctjctj> noname01x3, pastebinit /boot/grub/grub.cfg
<noname01x3> ctjctj, http://paste.ubuntu.com/23859711/
<ctjctj> noname01x3, what is your favorite God?
<ctjctj> noname01x3, cross fingers, start praying and type "shutdown -r +1"
<sarnold> ctjctj: owww, I never really thought about trying to change configs of these things on the fly
<sarnold> ctjctj: (i've really only got the one good computer, so even though I've read all the docs, once upon atime, I never needed to use the things)
<noname01x3> sorry. disconnected
<noname01x3> ctjctj, what now
<ctjctj> sarnold, I'm sitting in my home office with primary box 16.10, two vm's 14.04lts, two other desk tops for wives and kids computer.  And then a dozen primary servers and two dozen dev VM sandboxes running 14.04lts.  I've broken everything atleast once.
<ctjctj> noname01x3, cross fingers, start praying, and type "shutdown -r +1"
<ctjctj> and stop disconnecting. *grin*
<sarnold> ctjctj: hehe, breaking things, a good way to learn
<ctjctj> sarnold, changing /etc/default files is new to you?
<sarnold> ctjctj: yeah. I felt more at home with editing the one big /etc/rc with the ifconfig and route commands and what not just stuffed in there.
<sarnold> sysvrc was a stretch, but I got there.
<sarnold> /etc/default/ .. newfangled things. I never think to look there first, only when reading the sources eventually shows the ". /etc/default/whatever" in the script I'm reading
<ctjctj> sarnold, I was once at the National Cancer Research center in Fredricks MD (I think I remember correctly).  I had 48 hours to install unicos on their cray X/MP.  Documentation says it takes two weeks.  It took me 32 hours.  Having the director pop in ever 2 hours to check on things was stressful.
<ctjctj> On the other hand the fact that pizza and Coke-a-cola were always fresh was nice.
<noname01x3> ctjctj, sarnold, if this works...
<sarnold> ctjctj: daaaang. things were different in those days. linux was a breath of fresh air compared to those cranky old unix machines.
<sarnold> ctjctj: my first job had an sco unix thing. no compiler. no header files. but we did have perl..
<noname01x3> a start job is running...
<ctjctj> sarnold, not really.  Early linux was the pits compared to BSD 4.4 though I hated solaris.  SunOS 4.3+ was a joy to work with.
<noname01x3> hmmm.
<noname01x3> "OK" AppArmor initialization.
<ctjctj> sarnold, I once had to get a CC compiler on to a "binary only" box in order to compile GCC
<sarnold> ctjctj: I dunno. I recall my first slackware install much more fondly than the terrible old sco box... heh.
<sarnold> ctjctj: the bsdi system I only ever used as a user. it just worked. someone else dealt with everything :)
<sarnold> ctjctj: boostrapping gcc though. ugh.
<ctjctj> SCO is not a fun version of Linux.
<noname01x3> ctjctj, sarnold, its all showing OK so why is it still in emergency mode?
<sarnold> ctjctj: rofl
<ctjctj> noname01x3, no idea.  Why did you tell it to boot to emergency mode?
<noname01x3> uhhh
<sarnold> noname01x3: why is it in emergency mode this time?
<noname01x3> dont know
<ctjctj> (or you can show us syslog and let us try and figure it out from data instead of guessing?)
<ctjctj> sarnold, BSDI is not the same as BSD.  BSDI is based on BSD 4.4 open release.  Which is what set Unix free.  Thank you U of California.
 * ctjctj needs a control dial for snark level.
<sarnold> ctjctj: yeah, I didn't actually use a bsd 4.4. system. just the bsdi derivative. (Thanks microsoft!) and then a freebsd system somewhere along the way, for a month, just for kicks.
<ctjctj> I have a few contributions to FreeBSD.
<ctjctj> But that was a long long time ago.
<noname01x4> wow i came back automatically this time
<ctjctj> noname01x4, I told you to stop disconnecting.  How rude.  Makes it hard to help you.... *GRIN*.  We invite you to show us data so we can figure out how you asked your system to boot into emergency mode.
<ctjctj> (that's a quiz)
<noname01x4> http://paste.ubuntu.com/23859756/
<noname01x4> what the
<noname01x4> how can I quit
<ctjctj> your name changed.
<sarnold> ping timeouts are funny things
<noname01x4> Im on wifi so maybe thats why
<noname01x4> or pint timeouts
<sarnold> your irc client didn't respond to the server's PING? request in time, so the server disconnects you
<noname01x4> okj
<ctjctj> sarnold, that's exactly the same syslog as he posted last time.
<sarnold> normally your client will notice that it hasn't had a PING? request in a while and disconnect/reconnect on its own. and your name would still be in use.
<sarnold> well now that's odd. I thought those timestamps didn't look right..
<noname01x4> so what now
<ctjctj> noname01x4, I'm thinking.
<ctjctj> sarnold, he can write to his disk.  So the disk is not read-only.
<ctjctj> noname01x4, do: ls -l /var/log/syslog and take note of the size and date
<ctjctj> noname01x4, then service rsyslog start
<ctjctj> check /var/log/syslog and see if anything changed.
<noname01x4> ctjctj, ok
<noname01x4> ctjctj, its doing something....
<ctjctj> syslog is growing or the date changed?
<noname01x4> nothing is happening
<noname01x4> just sitting there.
<ctjctj> noname01x4, did you run ls -l /var/log/syslog again?  Did the values change?
<noname01x4> ctjctj, no they did not change.
<sarnold> o_O
<noname01x4> 13:19
<noname01x4> wow u made the guy quit
<ctjctj> did it tell you why it was entering emergency mode?
<noname01x4> nope
<ctjctj> Did you see any "fails" on the boot?
<noname01x4> i just typed reboot
<ctjctj> noname01x4, it is almost always better to use "shutdown -r +1" than a simple "reboot"
<noname01x4> shutdown -r +1?
<noname01x4> what is that
<ctjctj> yes.  Like I said up above.
<ctjctj> try "man shutdown"
<noname01x4> ok so far it says "mounted /boot/efi.
<noname01x4> ok
<noname01x4> I will use that in the future.
<noname01x4> if possible
<noname01x4> i tried it and it didnt take, but maybe i typed it wrong
<ctjctj> you should be able to type "man command" for any command we give you.  If you don't know what the command does or the options we are giving you, you should run man to see what it is you are being told to do.
<noname01x4> its dpoing something
<noname01x4> qq
<ctjctj> Which doesn't help when people are intentionally attempting to mess with you, the old: Your documents don't look right.  You need to make them look better.  Open up a DOS window and type "format c:" that will format all your documents to C things better
<noname01x4> interesting
<noname01x4> I just cant get this boot going
<noname01x4> always emergency mode
<ctjctj> Of course *I* never did that.  I just sent out CD's with Linux or FreeBSD labeled "Windows '95 update'
<noname01x4> cant we just change somethjing in the boot to say startttt normally
<ctjctj> what does journalctl -xb tell you?
<noname01x4> so much info
<ctjctj> Ok.
<ctjctj> start the network then
<noname01x4> nothing looked bad except maybe one or two things
<ctjctj> journalctl -l -xb | pastebinit
<sarnold> off to lunch, back eventually, good luck guys :)
<ctjctj> sarnold, thanks for the discussions.
<sarnold> thanks to you, too, very helpful :D
<noname01x4> sarnold, you are fantastic. enjoy your meal.
<noname01x4> ctjctj, http://paste.ubuntu.com/23859865
<ctjctj> noname01x4, did you see anything in RED as that scrolled by?
<noname01x4> Yeah a few thinks., ctjctj.
<noname01x4> pci had a problem
<noname01x4> but who needs a pci
<ctjctj> Ok.  how many disk drives do you have attached to this machine?
<ctjctj> pastebinit /etc/fstab
<ctjctj> It is looking bad for a disk drive.  I would also like to see "blkid | pastebinit"
<noname01x4> pci: fatal?
<ctjctj> According to your journal you failed to mount /data because /dev/sdc1 does not seem to exist.  I'm exploring that right now.  So if you can get me those two pastebin's it would be helpful.
<noname01x4> ctjctj, http://paste.ubuntu.com/23859904
<noname01x4> there was a third hard drive thats not there
<ctjctj> noname01x4, *blinks* what do you mean there is suppose to be a third drive that is "not there"?
<ctjctj> Did you take the drive out of the box?
<noname01x4> ca boto and ca data
<ctjctj> noname01x4, I don't follow.
<noname01x4> cs data
<noname01x4> wait
<noname01x4> im typoing
<noname01x4> wait my boss is telling me something about hard drives.
<noname01x4> he is not sure what he's talking about
<noname01x4> he says there should be a drive called data
<noname01x4> ok nvm
<ctjctj> Yes, there should be a drive that is mounted on /data
<ctjctj> And I asked for "blkid | pastebinit" so I can see what drives you have
<noname01x4> ctjctj, http://paste.ubuntu.com/23859927/
<ctjctj> Ok.  Ask yourself and your boss "DID YOU REMOVE A DRIVE FROM THIS BOX?"
<noname01x4> yeah I would hope not. uhggg. now hes on the phone.
<noname01x4> timed out waiting for device dev-sdc1.device
<noname01x4> that may be normal i guess
<ctjctj> noname01x4, There is a sda and a sdb drive that shows in your dmesg boot sequence.  There is no reference to sdc.
<ctjctj> Your fstab says to mount /dev/sdc1 as /data.  If that fails then bad things happen.  Such as ending up in emergency mode.
<noname01x4> ohh
<ctjctj> So when I hear the answer to the question "Did you remove a drive from the box" I can move forward on debugging your issue.
<noname01x4> ok stand by
<ctjctj> This is one of those times where people get slapped with a dead fish "My system doesn't boot"  four hours of debugging later "Do you think that removing this extra card from the computer might have caused and issue?"
<ctjctj> noname01x4, is this a bare metal box or is it virtualized?
<ctjctj> And yes, my snark level is high.
<noname01x4> virtualized
<ctjctj> Are all three drives provided as virtualized drives or is one of them provided as an iscsi target?
<noname01x4> that is an interesting question. give me a few more minutes to get the answers.
<ctjctj> noname01x4, any answers yet?
<ctjctj> noname01x4, I'm out of here in 16.25 minutes for an hour.
<ctjctj> AFK
<noname01x4> hey hey
<noname01x4> ctjctj, my boss is saying there was a third physical drive that was removed
<noname01x4> ctjctj, but there error was there before the drive was removed.
<noname01x3> ok
<noname01x3> ctjctj, all the drives are virtual
<noname01x3> ctjctj, and the error happed before the third physical drive was removed.
<Noname01x2> crazy
<Noname01x2> my boss told me to continue working on this until its fixed
<jelly> "flogging shall continue until morale is improved"
<ctjctj> noname01x3, are you here?
#ubuntu-server 2017-01-25
<ctjctj> noname01x3, your virtual box has lost a disk drive.  In my world that would be somebody messing up big time and I'd be screaming at them.  Since that drive is mounted on /data I would assume it is a database or something like that so even if we get the server back up and running it is unlikely to be functioning correctly.  To get your system to boot into something other than emergency mode (single user mode in old timer
<ctjctj> speak) you need to edit /etc/fstab (nano /etc/fstab) and put a # in front of the line that has /dev/sdc1 /data in it.  Write that file out and reboot with "shutdown -r +1".  Your server should then boot but it will be unlikely to function.  Get on the phone with your boss and let him know that whomever is in charge of the virtualization seems to have taken a disk drive away and that you are expecting sever data loss.
<Noname01x2> hi
<Noname01x2> hey
<tsimonq2> ho
<tarpman> hum
<Noname01x2> hey guys
<tsimonq2> Hiya Noname01x2, you need anything in particular? :)
<Noname01x2> ctjctj, are u here?
<tsimonq2> Noname01x2: What did you need from him? Maybe someone else can lend a hand too. :)
<tarpman> tsimonq2: scroll up. tl;dr - VM with a disk removed, systemd is complaining (understandably)
<tsimonq2> tarpman: Hm ok thanks
<Noname01x2> im back
<Noname01x2> ctjctj, hey
<Noname01x2> ctjctj, hellooo
<sarnold> he may be gone for the night, who knows
<sarnold> best to just ask questions :)
<tsimonq2> ^
<Noname01x2> ok
<Noname01x2> im at home now soo uhhggg
<Noname01x2> sarnold, what am i to do with this stupid.
<Noname01x2> stupid server
<sarnold> Noname01x2: where are you stuck?
<Noname01x2> emergency mode
<sarnold> still? last I saw you were trying to bring back a  missing disk
<Noname01x2> disk was not mounted maybe
<noname01> im back
<noname01> on my laptop now
<mwhahaha> coreycb, jamespage: tests are passing, only outstanding issue is that designate mdns is not happy. we're disabling deploying that for now, but just fyi http://logs.openstack.org/48/422248/15/check/gate-puppet-openstack-integration-4-scenario003-tempest-ubuntu-xenial-nv/684b4df/logs/syslog.txt.gz#_Jan_24_23_48_19
<coreycb> mwhahaha, thanks for the update.  i'll take a look at designate in the morning.
<noname01> i get kicked way too much
<JemalMoha> Help ! How to Disable ETRN and VRFY commands.
<cpaelzer> JemalMoha: depends on your program - search engine gave me plenty of hits for "Disable The VRFY, EXPN, and ETRN commands in SMTP"
<zul> coreycb: im updating clients today
<coreycb> zul, ok
<mdow814> Hey everyone, is this the correct chat for conjure up issues?
<noname01x3> yeah
<zul> coreycb:im so confused.....there is something called python-cinderclient-ext now
<coreycb> zul, what's that for?
<zul> i have no idea
<zul> http://git.openstack.org/cgit/openstack/python-brick-cinderclient-ext/tree/README.rst
<adrian_1908> If I want to forward email sent to name@mydomain.com (ubuntu server) to another address, is "postfix" the tool of choice, or is there a simple service designed for just that?
<rbasak> Forwarding is a pain because you end up with spam being forwarded, then being unable to reject it at your boundary, so you have to create backscatter or drop them on the floor.
<rbasak> Unless I'm behind on the times, postfix in particular is not great at handling this kind of thing well.
<adrian_1908> ah damn, I didn't even think about that.
<rbasak> Better to have the final destination receive the email directly so it can do the spam filtering at the same time. I appreciate that's not always possible depending on what requirements you have for the final receiving service.
<rbasak> cpaelzer: did you just accidentally undo a bunch of blueprint changes by starting from an old version?
<adrian_1908> rbasak: yes, I might actually consider that instead. Thanks for the insight.
<cpaelzer> rbasak: I had about 40 minutes between pressing edit and finally getting to do the update
<cpaelzer> rbasak: is there a log so that we can recover?
<cpaelzer> maybe some changes fell into that window?
<cpaelzer> rbasak: If the content is only refresh on a full page refresh it might even have lost more as I had the tab open from yesterday
<cpaelzer> rbasak: I better not press edit again until I heard from you how we coordinate the recovery
<cpaelzer> rbasak: please ping me, query/hangout as you want
<jgrimm> cpaelzer, i have the diff of your changes if you need them
<cpaelzer> jgrimm: yeah please send me a mail - I know what I wanted to change and can sort out the rest
<jgrimm> cpaelzer, it was probably only the re-ordering that i did yesterday
<jgrimm> cpaelzer, ack
<cpaelzer> jgrimm: I subscribed now to do that without help in any case it happens again
<jgrimm> cpaelzer, no worries. sent
<cpaelzer> thx jgrimm
<cpaelzer> rbasak: I'd clean up now - please stop me if you are already on it
<coreycb> mwhahaha, designate-mdns needs python-monasca-statsd.  we have that as a suggested dependency so i'm going to move that to a required dependency.
<mwhahaha> coreycb: oh i had previously dealt with that by adding in a noop to bypass the statsd thing
<coreycb> mwhahaha, oh interesting
<mwhahaha> coreycb: https://review.openstack.org/#/c/389800/
<mwhahaha> coreycb: cause rdo didn't want to package statsd so maybe i need to check our config
<mwhahaha> coreycb: do you know if that change and https://review.openstack.org/#/c/393829/ is in the package?
<coreycb> mwhahaha, yeah it looks like it is in there
<cpaelzer> jgrimm: rbasak: I made two changes now - the first is a revert of the former accident (thnkas for the diff jgrimm) and the second is the change I actually wanted to make
<jgrimm> \o/
<rbasak> cpaelzer: sorry, I've only just seen this. I think it's resolved now?
<cpaelzer> rbasak: yes
<coreycb> mwhahaha, is this commit missing any code by any chance?  https://github.com/openstack/designate/commit/224e279a39b4f7dd12fe0ed0747f22d647a691ca
<noname01x3> hey guys ok I have more information about a problem i was having with my ubuntu server.
<noname01x3> if anyone here is interested in helping me out. let me know. thanks.
<mwhahaha> coreycb: no
<mwhahaha> coreycb: that was the one that fixed the noop stuff so that should work. i didn't think the mdns error was related to the stats stuff but i can look closer later today
<coreycb> mwhahaha, ok i'm just confused as to why the metrics.py bits didn't land
<coreycb> mwhahaha, yeah adding statsd fixes the mdns error
<mwhahaha> coreycb: so you have to config it not to use statsd and use noop byd efault
<coreycb> mwhahaha, ah ok i see
<mwhahaha> because in their infinite wisdom, designate merged that in on by default
<coreycb> :)
<coreycb> mwhahaha, ok lemme know how it goes
<mwhahaha> coreycb: oh so we handled the missing statsd with an oslo thing
<mwhahaha> coreycb: https://github.com/openstack/designate/blob/master/designate/metrics.py#L46-L47
<mwhahaha> so that should fall back to the noop if statsd is not present
<mwhahaha> if you guys have python-monasca-statd as a dep that'd fix it (and probably be better for the end user)
<coreycb> mwhahaha, thanks.  i'm going to leave it as a Suggests dependency and update the default config to fall back to noop since it really is optional
<mwhahaha> coreycb: so i was wrong that it's not a config option, as it should just fall back in the code. if i get some time i'll dig into it more but it didn't seem like any error i had seen related to this previously but who knows
<coreycb> mwhahaha, i just noticed that, it defaults to disabled
<mwhahaha> designate makes me sad :(
<coreycb> mwhahaha, heh
<coreycb> mwhahaha, based on the traceback with TypeError: 'NoneType' object is not callable, i think the failure is at the @metrics.timed('mdns.xfr.zone_sync') decorator in designate/mdns/xfr.py
<noname01x3> sudo apt-get install boot-repair
<coreycb> metrics = None
<coreycb> mwhahaha, which comes from designate/metrics.py
<mwhahaha> coreycb: hmm ok weird
<coreycb> mwhahaha, and i confirmed that installing python-monasca-statsd fixed it
<mwhahaha> coreycb: based on that, https://github.com/openstack/designate/commit/224e279a39b4f7dd12fe0ed0747f22d647a691ca should have been the fix for that
<mwhahaha> coreycb: metrics = None isn't the issue cause it gets set on line 115
<mwhahaha> coreycb: my fix should have fixed the nonetype error because without it, https://github.com/openstack/designate/blob/master/designate/metrics.py#L107-L109 blows up
<mwhahaha> but i'll dig into later
<noname01x3> my server is down....
<zul> coreycb: hey....i think we need a MIR for monasca-statsd
<coreycb> zul, i'm adding it back to suggests
<zul> coreycb: ok
<zul> coreycb:  http://pastebin.ubuntu.com/23864831/
<coreycb> zul, does that test designate-mdns?
<zul> coreycb: yes
<coreycb> zul, ok i'm guessing you have monasca-statsd installed
<zul> coreycb:possibly...i didnt check
<zul> coreycb: yes
<coreycb> zul, ok so the test should currently fail w/out statsd
<zul> ok...so we should probably have it depend on statsd then no?
<coreycb> zul, no
<zul> or have the tests install statsd
<coreycb> zul, since it's optional it'd be good to run the tests without it installed
<zul> ok
<faraway> While monitoring the processes (/proc/stat)  on my server I observe regular peeks of process launches and I would like to figure out what processes are launched, can someone recommend to tool to log which processes are launched?
<axisys> interface file only take route command? can I use ip route instead?
<axisys> interfaces*
<zul> coreycb: i was thinnking we should do barbican and manila as well
<coreycb> zul, that would be great
<maswan> faraway: process accounting
<rbasak> faraway: atop
<rbasak> (it uses process accounting)
<sarnold> faraway: execsnoop
<sarnold> (it uses kernel tracing)
<sarnold> granted, execsnoop isn't new processes, but it does show new execs, which in many cases is what you're more interested in anyway
<faraway> Iâll take a look at those. Iâm not exactly sure what is causeing that peeks, but I guess it could be the statistic tool because. The problem is the processes seem to be only active for a short time so the donât appear in htop or top. Iâll take a look at your suggestions
<faraway> [â¦]because it it appears in regular intervals and only for a short period.
<zul> coreycb: ugh...this is slightly less than ideal http://pastebin.ubuntu.com/23865072/
<faraway> sarnold, maswan, rbasak many thanks for your help. I was able to find which commands where causing the peeks.
<coreycb> zul, what's that from?
<zul> coreycb: aodh dep8 tests
<zul> coreycb: im onit
<sarnold> faraway: nice :)
<Amgine> How to start mysqld with --skip-grant-tables --skip-networking ? when I use # /usr/sbin/mysqld the socket does not exist, so the attempt to reset the root password fails.
<sarnold> Amgine: are you trying to make a permanent change or a temporary change?
<Amgine> Permanent, since I cannot recover the previous mysql root pass.
<tomreyn> Amgine: does the mysql server still up fine without changes?
<tomreyn> if it does, you could start it then use "mysql --defaults-file=/etc/mysql/debian.cnf" to gain privileged access, then use sql to set a new root password.
<Amgine> tomreyn: how would that work? let me check that .cnf
<Amgine> does debian-sys-maint have full privs?
<tomreyn> Amgine: this configuration file contains credentials of a management user which is automatically setup by debian derivates so that it can carry out maintenance tasks. since it needs elevated privileges to carry out several of these maintenance tasks it does get some of those by default. it shoudl be sufficient to reset the root password.
<tomreyn> the *mysql* root user's password, that is
<coreycb> zul, i'm going to add an epoch to stevedore and oslo.context and downgrade the to align with upper-constraints
<coreycb> s/the/them
<Amgine> w00t, that worked. Thank you tomreyn!!
<zul> coreycb: ok
<noname01x3> sarnold, hey dude
<noname01x3> sarnold, now I can bug you again!!! yes!
<sarnold> hey noname01x3 :)
<noname01x3> sarnold, Ok. so my boss says he ran an update and thats when this problem started where it boots into emergency mode.
<noname01x3> sarnold, it was working fine before and after one of the physical hard drives were removed.
<sarnold> noname01x3: one problem at a time
<tarpman> noname01x3: clearly your first mistake was to let a boss anywhere near the servers ;)
<sarnold> noname01x3: why was the hard drifve removed? was it just yanked out via the management console or did he also remove the fstab entries and all references to it on the server?
<noname01x3> tarpman, exactly
<noname01x3> tarpman it took so long to even get him to admit that he upated it.
<noname01x3> sarnold, hold on... my boss is saying after he removed the hard drive... he didnt make any coresponding changes on the server - other than running an update because he saw the small file size and thought it would be no big deal to update.
<noname01x3> arnold, so he removed the drive. was able to run the server, with no problem. then ran an update. and still there was no problem... until he shut down and booted up, and it booted into emergency mode.
<noname01x3> sarnold, we are planning to have a vendor that has access to that server, come in and redo the server from scratch. this will cost us a lot of money and there will be down time. we have until friday to fix this.
<sarnold> noname01x3: so, where are you stuck? have you removed the filesystem from the /etc/fstab yet?
<noname01x3> sarnold, no i have not. this is my first time trying to fix a linux server.
<noname01x3> sarnold, I would like to try this. please instruct me.
<sarnold> noname01x3: once you're in rescue mode again, edit the /etc/fstab with nano or whatever editor it is you like, and add a # to the line that had your /data filesystem
<noname01x3> sarnold, ok i will try that now
<noname01x3> sarnold, it already has the #
<noname01x3> sarnold, can you tell me what me /ect/fstab is telling me?
<noname01x3> i remember pastebin
<noname01x3> Http://paste.ubuntu.com/23865652
<sarnold> noname01x3: /etc/fstab tells the system which filesystems to mount
<sarnold> noname01x3: note that this shows the /data filesystem is still not commented out
<noname01x3> sarnold, I think i made a boo boo.
<noname01x3> I have a blank screen
<noname01x3> I saw that the # was missing on one of the rows so I added it.
<noname01x3> OMG WAIT ITS NOW LOADING THE OS
<noname01x3> AHSHHSHAH
<sarnold> The # is a comment character
<noname01x3> you did it
<sarnold> it means "don't read the rest of this line"
<noname01x3> holyyy
<noname01x3> ddude
<noname01x3> its pick and purple
<noname01x3> pink
<sarnold> most configuration files have a comment character and most of them pick #, but sometimes it's ; or !
<noname01x3> sarnold, you have saved us! holy crap
<noname01x3> i can use my mouse now
<noname01x3> wow you fixed it!
<noname01x3> thank you so much dude
<noname01x3> holy lmao
<sarnold> keep looking through the logs to make sure you get everything back to normal
<noname01x3> omg i dont even want to touch it now
<noname01x3> how do i go into logs again, however?
<noname01x3> i mean not from the terminal
<noname01x3> wait wait let me call me boss to give the good news.
<noname01x3> lol this is funny to me. so the boot instructions had a comment as the instruction. haha
<sarnold> noname01x3: depends what you're looking for; dmesg for the kernel logs, journalctl for 'all the logs', /var/log/ has a huge pile of more specific logs, most things wind up in /var/log/syslog
<noname01x3> sarnold, oh wow so its much more complicated. i get it though.
<noname01x3> sarnold, I'm learning a lot and surprisingly I'm able to remember this stuff.
<sarnold> good good :D
<noname01x3> sarnold, I would like to stay in touch. can I have your email address? Mine is NoName01x1@outlook.com
<sarnold> noname01x3: seth.arnold@gmail.com
<noname01x3> thx have a good evening. tell ctjctj that my issue has been resolved.
<noname01x3> I owe you guys one.
<sarnold> have fun noname01x3 :)
 * genii harvests the emails and goes to make coffee
<genii> ;)
<sarnold> genii: google saves me from all but like three spam a year. i don't know how they do it but it's impressive.
#ubuntu-server 2017-01-26
<fishcooker> im on ubuntu 14.04... after i do reconfig /etc/network/interfaces... how to restart the network... i do /etc/init.d/networking restart but it don't use latest config
<rbasak> fishcooker: easiest way? Reboot. If you want to bounce the loopback interface, then stuff may fail anyway. Complicated way? Bring down the interface(s) you're changing *first* using ifdown, then edit /etc/network/interfaces, then ifup what you need afterwards.
<rbasak> "/etc/init.d/networking restart" doesn't really make sense in the modern era of hotpluggable NICs and complex network layouts such as bridges and bonds.
<rbasak> And we don't have a goal-seeking networking configurator (yet).
<fishcooker> noted
<jamespage> bug 1659515
<ubottu> bug 1659515 in tempest "Some tests fail when running keystone v3 with policy.v3cloudsample.json" [Undecided,New] https://launchpad.net/bugs/1659515
<fishcooker> what's the diff between ifconfig eth0 up/down with if[up/down] rbasak?
<rbasak> fishcooker: ifupdown keeps track of things in userspace for you, including doing DHCP, DNS, etc. ifconfig bypasses that and speaks to the kernel directly and does none of that.
<frickler> jamespage: cleaning up old stuff I found https://bugs.launchpad.net/tripleo/+bug/1632538 , can you please check if that is good to go from -proposed to -updates now?
<ubottu> Launchpad bug 1632538 in OpenStack Compute (nova) newton "Using generate_service_certificate and undercloud_public_vip in undercloud.conf breaks nova" [Undecided,Incomplete]
<jamespage> frickler, looking now
<jamespage> frickler, I can't do the move myself - but you've updated the tag so the SRU team should pickup soon
<jamespage> rbasak, I know its not your day but is this something you could do ^^ ?
<jamespage> coreycb, are we good to push proposed->updates for ocata?
<rbasak> jamespage: trying but I'm just getting LP timeouts right now, sorry.
<jamespage> rbasak, urgh
<jamespage> rbasak, I think that went through (I just saw an email for one series)
<jamespage> the 16.04 I think
<rbasak> jamespage: retried both, done now I think, including the automatic bug comment.
<jamespage> rbasak, thankyou - much appreciated - frickler ^^
<rbasak> You're welcome
<frickler> thanks from me to both of you
<coreycb> jamespage, yes i think we can.  there's a bug in designate that seems to be an upstream bug.
<coreycb> that's all
<samba35> when i want to use update-alternative it says "" in manual mode "" what it mean ? do i run update-alternative every time ? can this be done auto ?
<samba35> brb
<jamespage> coreycb, ok promoting now
<jamespage> you announce email lgtm btw
<coreycb> jamespage, ok thanks
<jamespage> coreycb, we might need to get neutron-lbaas-dashboard packaged up
<zul> coreycb: there is some new deps out this morning but b3 is startnig to release as well, so im going to get to the deps first then start on b3
<jamespage> its the lbaasv2 dashboard so currently with newton you can't horizon configure LB's
<jamespage> works OK from the CLI tho
<coreycb> jamespage, ok
<coreycb> zul, sounds good
<coreycb> jamespage, i'll see if we can get that into ocata
<zul> coreycb:  nova might be blocked because python-os-xenapi is not in the archive yet and no archive admin has reviewed it
<cpaelzer> jamespage: zul: coreycb: whatever it is worth todays retry on the weird container pid issue I reported worked fine
<cpaelzer> still it was worth to write about it so people can find it in the chat log and such
<zul> cpaelzer: the s390 thing?
<cpaelzer> zul: yeah the container pid namespace assertion thing
<cpaelzer> zul: had 1 ppc and 2 s390 hits - so not arch exclusive
<zul> cpaelzer: ah ok
<coreycb> cpaelzer, ok i'll let you know if we see it in the future
<frickler> is it intentional that murano-dashboard for UCA newton is still at 2.0.0, while the rest of murano is at 3.0.0?
<frickler> I also just found a nasty issue in it: https://bugs.launchpad.net/ubuntu/+source/murano-dashboard/+bug/1659570
<ubottu> Launchpad bug 1659570 in murano-dashboard (Ubuntu) "Installing murano-dashboard=3.0.0 deletes needed files" [Undecided,New]
<zul> coreycb: i got barbican
<zul> coreycb: b3 needs a newer alembic
<zul> coreycb: i got heat
<bigtonicus> i need to send no-reply emails from my private subnet but the mail client needs to sent them to the smtp server securely any tutorials out there that can help me?
<bigtonicus> so i need to send no-reply@example.com from a client on a private subnet to a server running the tls postfix server so the mail to the tls postfix server is secure
<sarnold> bigtonicus: do you want a full-blown smtp service on the sending machine or do you just want a simple little tool? msmtp is a nice simple little thing
<bigtonicus> it needs to send no-reply emails for a fqdn will msmtp do that?
<bigtonicus> so I will be sending the email from a client but i need to configure the mta postfix server to send emails for the example.com domain
<sarnold> sure just set the From: header to whatever you please
<zul> coreycb: got glance
<coreycb> zul, ok
<coreycb> mwhahaha, i file a bug so we can track the designate issue: https://bugs.launchpad.net/designate/+bug/1659638
<ubottu> Launchpad bug 1659638 in Designate "ocata designate-mdns fails if monasca-statd not installed" [Undecided,New]
<mwhahaha> coreycb: ok
<zul> coreycb: heat busted with newer ceilometerclient, proposing fix
 * teward throws sticks at sarnold
<sarnold> afternoon teward :)
<teward> greetings to thee
<teward> sarnold: mind if I bother you about SSL stuff?
<teward> very basic question :p
<sarnold> sure
<teward> sarnold: i am about 100% certain of this, but there's no *sane* way to backport OpenSSL 1.0.2 to Trusty or such is there?
<teward> Not without introducing major explosive breakages
<sarnold> teward: nothing comes to mind for doing that 'easily'
<sarnold> you certainly wouldn't want to just replace the system openssl with a newer package
<sarnold> you could compile your own in /usr/local and use it for the things that need a newer openssl, but that seems like it's outside your usual range of intentions :)
<teward> that's the assumption I made.  see https://bugs.launchpad.net/nginx/+bug/1658129 for why I asked :P
<ubottu> Launchpad bug 1658129 in Nginx "Please support OpenSSL 1.0.2 in Trusty for NGINX PPAs" [Wishlist,Won't fix]
<teward> sarnold: you're right, ^ that's what I was asking about
<teward> and I'm not ready to open that can of worms.  Ever.
<teward> I'd sooner volunteer to be hit by a taser than open that can of evil :P
<sarnold> teward: this is something that a snap could handle. but I don't know how likely snaps are to work on trusty. we've sunk man-months into making that happen but not having systemd on trusty is a bit of a sticking point.
<sarnold> maybe even man-years
<teward> sarnold: well, I am pretty "No." in these terms
<teward> basically the PPAs are under my direct thumb, if I say "Sorry, not happening" I win that fight.
<sarnold> teward: for a ppa that's probably the right attitude to take :)
<teward> true statement
<teward> but i've seen stupid things like this for the nginx package over history too :P
<teward> ended up having to tell people it is never happening
<sarnold> I have a friend who is convinced half the secret to success in an open source business is knowing which requests deserve a "no" response
<teward> that's about accurate heh
<teward> brb coffee run
<sarnold> as in you've got to know what it is you set out to build and why you're doing it. listen to people but be prepared to say "that's not why we're doing this" if their vision doesn't align with yours
<sarnold> enjoy :D
<teward> yup
<teward> sarnold: i've done that for feature requests to add new modules to Ubuntu (but not Debian) in the past
<teward> mostly because I don't want to make your guys lives' evil on the Security Team
<teward> 'cause it'd need reviewed :P
<sarnold> \o/ :D
<sarnold> yeah my review backlog is guilty long..
<teward> :P
#ubuntu-server 2017-01-27
<mwhahaha> coreycb: just fyi, I figured out the designate stuff and posted a patch to designate. It was my noop code, but for a different reason then I had seen previously
<Term1nal> Question.. I see that nginx-full is compiled with the option: --with-stream=dynamic
<Term1nal> I guess meaning that it's a dynamic module. How do I go about installing/activating said module?
<Term1nal> or do I need to recompile as static?
<Term1nal> I guess I do... despite the module being enabled in /etc/nginx/modules-enabled, it refuses to recognize the "stream" directive
<sarnold> Term1nal: strings output on a usr/sbin/nginx from the nginx-full package sure looks like stream ought to be available; can you pastebin your config and error messages?
<Term1nal> sarnold: I figured it out, there was no include directive for modules_enabled
<Term1nal> though it doesn't seem to work anyhow. :(
<Term1nal> proxying, that is.
<sarnold> oh :/
<Xpistos> Hey all. I am having some trouble accessing my smb share. I have it mounted but when I try and delete or add, I cannot. If i try and chmod the file it says they are read only not sure why.
<sarnold> check the logs on the samba server and dmesg on the client
<Xpistos> sarnold: checking now
<Xpistos> sarnold: nothingon the client in dmesg looking for samba, smb or cifs
<Xpistos> sarnold: I see alot of logs but nothing helpful
<sarnold> that's unfortunate. :/ it's been decade since I've used samba, so I was hoping that the error would stand out clearly :)
<Xpistos> maybe I should just use nfs
<sarnold> Xpistos: what does the filesystem line look like from /proc/mounts? how about ls -ld . for the directory?
<Xpistos> proc/mount says '/dev/sda1 /wd320 ext4 rw,relatime,data=ordered 0 0'
<Xpistos> ls -ld is full open
<sarnold> sorry, I meant for the smb share
<Xpistos> drwxrwxrwx 10 x x 4096 Nov  5 14:42 /wd320/
<Xpistos> sarnold: on the server or the laptop
<Xpistos> ?
<sarnold> probably laptop
<Xpistos> checking
<Xpistos> proc/mounts '192.168.1.25:/wd320 /home/x/Server/wd320 nfs4 rw,relatime,vers=4.0,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.80,local_lock=none,addr=192.168.1.25 0 0'
<sarnold> nfs4 :)
<Xpistos> sarnold: not sure why it says that.? I have the nfs mount commented out in the /etc/fstab
<sarnold> are you perchance root on the laptop?
<Xpistos> I can be
<sarnold> most times nfs is configured with 'root_squash' that forbids root on clients from writing
<Xpistos> so maybe if I reboot the laptop it will pull the correct fs
<Xpistos> it will not let me umount the share
<sarnold> if you've got your /etc/fstab configured the way you'd like it, you could probably also do umount /home/x/Server/wd320 ; mount /home/x/Server/wd320
<sarnold> lsof | grep /home/x/Server/wd320  ?
<Xpistos> unrar     18704                x    3r      REG               0,47  54701023   11010511 /home/x/Server/wd320/Comics/Processing/0-Day Week of 2016.11.02/Revival 044 (2016) (Digital) (Zone-Empire).cbr (192.168.1.25:/wd320)
<sarnold> if you kill the unrar process perhaps you could then umount the filesystem
<Xpistos> let me see
<Xpistos> still says the device is busy but lsof has no output for the share
<sarnold> odd
<Xpistos> let me reboot and see. brb
<xpistos> sarnold: well that is progress anyway,
<sarnold> xpistos: are things happier now on cifs?
<xpistos> sarnold: the share does not connect and says I need to be root to mount it. when I do, it says mount.cifs: bad UNC (192.168.1.25:/wd320)
<xpistos> sarnold: so I guess is should use the UUID instead there
<sarnold> uncs are more like //servername/wd320 or \\\\servername\\wd320
<xpistos> sarnold: now it says permission denied
<sarnold> xpistos: what operation did you try?
<xpistos> "//192.168.1.25/wd320     /home/x/Server/wd320                    cifs  guest,uid=1000,iocharset=utf8  0  0"
<xpistos> well my uid is 1000
<xpistos> on both servers
<xpistos> or both systems server and laptop
<sarnold> check the samba logs on the other end point, perhaps it'll have a more detailed answer for why the mount is forbidden
<sarnold> note that smb/cifs has had multiple ways to do 'guest mode' over the years and I wouldn't be surprised if the client and server disagree on how to make it work
<xpistos> I tried  'cat log.* | grep 1.80' with not hits for the entire samba log. I think this might be on the laptop side
<xpistos> sarnold: dmesg on the laptop says 'CIFS VFS: cifs_mount failed w/return code = -13'
<xpistos> nothing new there
<DK2> just killed a system by shrinking a lvm partition
<DK2> thank god for backups
<abhishek> hi
<abhishek> i am using conjure-up to deploy Kubernetes on aws
<abhishek> could you tell me how to modify aws instance default size as well change aws region
<abhishek> it took while deploying m3. medium and us-east-1
<abhishek> but i want to change that
<abhishek> is any one here
<abhishek> ?
<abhishek> hello
<zioproto> jamespage, what was the name of the channel to follow for the snap packaging discussions ?
<jamespage> zioproto, #opentack-snaps
<jamespage> zioproto, #openstack-snaps rather
<zioproto> ah ! I was missing a 's' :)
<ObrienDave> details, details ;P
<nww> help
<lordievader> Good morning.
<nww> hi
<nww> good evening
<nww> is any one online ?
<ObrienDave> no ;p
<nww> :>
<nww> i need one help
<nww> regarding conjure-up aws kubernets deployment
<lordievader> !ask | nww
<ubottu> nww: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<ObrienDave> well, I can't help with server, i just hang out here to see how many people ask "is any one online" ;P
<nww> Could you tell me how to modify aws instance default size as well change aws region , by default it took while deploying , m3. medium and us-east-1 , But i want to change that
<nww> trying to deploy kubernets on aws using juju , conjure-up
<coreycb> mwhahaha, cool yeah I think the designate fix has been merged now.  I'll cherry pick the patch and upload a new package version.
<coreycb> mwhahaha, ah i see that's your patch.  not merged yet but I'll cherry pick from gerrit.  thanks!
<coreycb> zul, i'll get designate for b3
<zul> coreycb: ok
<zul> coreycb: i got cinder
<zul> coreycb: if you can do horizon that would be great ;)
<coreycb> zul, will do.  i'm fiddling with that and dashboards now.
<zul> coreycb: i got keystone as well
<zioproto> this was finally merged: https://review.openstack.org/#/c/403160/ it would be cool to have it into the ubuntu packages :) It is UX customer facing, super important :D
<zul> coreycb: got manila
<coreycb> jamespage, can you promote designate 1:4.0.0~b2-0ubuntu5~cloud0 to ocata-proposed?  it includes a patch that enables the designate-mdns service to start.
<caliculk> Hey everyone, I have a machine that is running 16.04.1 hosted by a VPS that is self-managed. I have been trying to get the system to email me reports from logwatch ( no matter how crappy of a software it is) and also try to get other reporting features to email on the system (like cron reports and such). However, no matter what I am doing with postfix it just always sends to the user instead of the actual email address on file. When I
<caliculk> attempt to send emails from logwatch, postfix complains that the email is too large, and ssmtp just doesn't send any email at all (or I don't receive it in any case). I was wondering if someone could assist me in getting that set up so I have some basic reporting features from the machine.
<joelio> I just tend to use exim4, when installed run a 'dpkg-reconfigure exim4-config' and then set a smart host to a 'proper' SMTP server to relay it. Can do that in postfix of course (maybe point at gmail smtp or whatever)
<rbasak> caliculk, joelio: I'm reminded of: http://askubuntu.com/q/228938/7808
<caliculk> rbasak, I tried that with ssmtp, and then mail never actually was received on my end. It appeared to be sending, but could never figure out where it was going.
<joelio> yea, it makes sense (to me anyway) to send via an smtp smarthost
<joelio> otherwise you have to deal with all the fun and shennanigans of running an outbound mail server, dmarc/spf and all that stuffs
<rbasak> caliculk: if you don't know about it already, look into swaks as a testing tool.
<caliculk> Alright, I will take a look tomorrow when the weekend starts. Having to head into work right now.
<anoymous_mx> Hi all
<anoymous_mx> How can protect my server with ubuntu 16 in Linode?
<anoymous_mx> In my file /var/log/auth.log there are a lots IP from differents country (china, peru, usa, etc)
<anoymous_mx> Jan 27 11:34:26 localhost sshd[12817]: refused connect from 116.31.116.18 (116.31.116.18)                 (1557 times to try to connect)
<anoymous_mx> Jan 27 11:23:12 localhost sshd[23012]: refused connect from 222.165.133.145 (222.165.133.145)    (300 times to try to connect)
<anoymous_mx> How can I to avoid this connections?
<nacc> anoymous_mx: i mean, you are avoiding them, in that they are being refused by sshd
<anoymous_mx> yes but sometimes with with my pc when run command ping to my server not responding
<anoymous_mx> from my pc
<anoymous_mx> iptables -A INPUT -s  116.31.116.18   -j DROP
<anoymous_mx> iptables -A INPUT -s  116.31.116.18   -j REJECT
<anoymous_mx> I used this commands but I do not know if this commands is correct
<anoymous_mx> sorry for my bad english
<blueking> easiest way to add new hdd to ubuntu server without gui ?
<zul> coreycb: neutron*/trove/glance left out of the main ones
<coreycb> zul, ack
<wyre> hi guys
<wyre> I cannot setup wired connection from gnome-control-center network
<wyre> anyone knows why cannot I use that?
<wyre> and do a graphical setup?
<jayjo> can I use grep to search an entire directory for one word and identify the file that it's in?
<tarpman> jayjo: yes. grep -rl word directory
<tarpman> jayjo: -r -> search recursively through subdirs, -l -> list files only,don't print the matches themselves
<jayjo> thank you - that worked great
<sarnold> anoymous_mx: if you can allow ssh to your server from only specific IP address ranges (say, your home ISP) or something similar that can drastically cut down on ssh connection brute force attempts
<sarnold> anoymous_mx: do you allow passwords when connecting to ssh?
<anoymous_mx> sarnold: Yes I allow password when connecting to ssh
<sarnold> anoymous_mx: I recall reading once that the majority of linux compromises are due to ssh password bruteforcing
<anoymous_mx> sarnold: Yeah, but I think that with iptables might help to avoid this attacks
<anoymous_mx> sarnold: But i am not sure
<tomreyn> anoymous_mx: the blacklisting approach you are using with iptables is not a good one. for three reasons: (1) blacklisting means you always need to get active to ensure you remain protected and there is a window of opportunity (until you add the new blacklisting record) where attacks can succeed. (2) use ipsets instead of iptables rules for single ip addresses or single networks, those perform a lot better. (3) there are way too many
<tomreyn> attackers for you to blacklist them manually, and most of them will actually stop attacking after some weeks, leaving you sit there with outdated records (and overhead which needs to be processed on each single inbound connection attempt).
<anoymous_mx> tomreyn: Thans for the information
<tomreyn> what you should do instead is to only allow ssh key based authentication. maybe make ssh listen on a different port than 22. and, as previously suggested, maybe only allow connections from the networks you use to connect to the server. you could also set up ipfilter connection limiting.
<tomreyn> anoymous_mx: ^ and welcome.
<anoymous_mx> tomreyn: Yeah, additionaly to this i modify hosts.allow only with my IP and hosts.deny with ALL:ALL
<anoymous_mx> modified
<tomreyn> i wouldn't use this meachanism to control access unless iptables is not an option
<anoymous_mx> tomreyn: iptables or hosts.allow/hosts.deny or both?
<tomreyn> use iptables with ipsets if you want to whitelist ip addresses and/or ports. do not use hosts.allow/deny (tcpd) for this purpose as long as iptables is available.
<tomreyn> that's for performance reasons and for susceptibility to denial of service reasons mostly.
<tomreyn> i'm not even sure whether sshd is actually tcpd wrapped, so whether those configurations would apply to it.
<anoymous_mx> tomreyn: Okay, thanks for the information
<sarnold> tomreyn: ldd `which sshd`, shows libwrap0
<tomreyn> so this suggests hosts.allow/deny does apply to ssh
<sarnold> i'd still prefer iptables
<sarnold> your instinct there feels right :)
<tomreyn> sarnold: and ideall you'd be using "objdump -x `which sshd` | grep wrap" instead :-P
<tomreyn> althoug i guess (hope) your local sshd is safe.
<anoymous_mx> I need go to my home, thanks for the information, i will to read about this
<anoymous_mx> buen provecho
<sarnold> tomreyn: so true. bad habits are hard to break :(
<tomreyn> see you, good luck
<tomreyn> sarnold: indeed, a readily available wrapper / alias with a catchy name could help you and me and everyone else breaking those bad habits.
<tomreyn> ldd is just much more quickly typed than the equivalent objdump command.
<sarnold> back in the day we had an ldd apparmor profile. I wonder where that went.
<kyle__> I don't suppose anyone here has experience with dual nvme adapters?  I just got servers in with them, and I only ever see one of my two NVME cards.
<sarnold> kyle__: what does dmesg | grep -i nvme show? how about lspci | grep -i non-vol
<kyle__> sarnold: It shows the one I installed two, and both partitions. (efi & root)
<kyle__> 02:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd Device a802 (rev 01)
<kyle__> And lspci, just shows the one.
<kyle__> I was wondering if there were some gotchas I just didn't know about.
<kyle__> errr.  s/two/to/  I have no idea what's wrong with my typing today :P
<sarnold> kyle__: is this an adapter that maybe converts a 8x lane to two 4x lanes or something similar? are you sure it's plugged into a slot that has enough lanes to split?
<kyle__> sarnold: Yeah. Supermicro sells it in this configuration.
<kyle__> :/  Silly me for thinking they'd verify it first.
<sarnold> kyle__: okay, wild guess time, maybe the lstopo tools from the hwloc package can help you out
<kyle__> lstopo?  I"m not familiar with those.
<sarnold> it's a handy little tool to visualize the architecture of a system
<sarnold> I'm hoping it'll be enough to help yo ufigure out what's wrong
<kyle__> Wow.... So from this, I can see all of the SAS & SATA controllers are on one numa node.
<kyle__> Is there an obvious way to map the PCI address shown in lspci to the ones in lstopo?
<sarnold> all the details are stuffed in /sys/devices/pci* but it's not the easiest thing to traverse or read :/
<sarnold> I just can't find any documentation one way or another if pcie switches need special drivers or not. sorry. :/
<kyle__> Hu.  Yeah, I don't see two in there.   I see one device that I __think__ is it, but only one.
<sarnold> I'd seriously hope supermicro would set the bios correctly for one of these things but you may have luck fiddling around in the bios options too. I seem to recall seeing way too many configuration choices last time I went through my supermicro's bios..
<kyle__> sarnold: I have my doubts they set things right, from past experience.  For one thing, these only show up if the box is in UEFI or Dual (legacy+UEFI) mode.  Which makes no sense.
<kyle__> If I coudlnt' boot from it in legacy, sure, I"d understand that, but to not even show up?
<sarnold> kyle__: ugh. I wonder if that's just being silly or if windows falls over if its visible..
<kyle__> Argh.  Yeah.  For this beautiful box to be cripped for windows's sake would be galling.
<keithzg> Hmm, I'm running a server that (initiated via Phabricator, but I've now tried it manually as well) worked fine using imagemagick's "convert" function on images on 14.04, but now on 16.04 tends to fail out with
<keithzg> convert: memory allocation failed `butwhy_000000043' @ error/quantize.c/QuantizeImage/2743. convert: memory allocation failed `butwhy_000000043' @ error/gif.c/WriteGIFImage/1648.
<keithzg> (and such; "butwhy" in this case is the test filename)
<keithzg> The server VM in question has 4GB of RAM and the actual RAM usage doesn't *appear* to spike enough for it to have truly run out of memory.
<nacc> keithzg: i'm guessing that's an imagemagick internal thing
<nacc> keithzg: what kind of file is it?
<sarnold> http://sources.debian.net/src/imagemagick/8:6.8.9.9-5%2Bdeb8u6/coders/gif.c/#L1647
<nacc> which hasn't changed upstream since they moved to github :)
<keithzg> nacc: 'tis a GIF image; Phabricator resizes and applied text on the fly (well, for the first time of any such combination on a Phabricator instance, and then it's cached) and it's one of those images, which is failing, that I'm manually testing there.
<keithzg> The same command on the same image but run on my 64-bit desktop (the server is 32-bit) does complete without complaint.
<keithzg> But of course, it *also* completed without complaint back in 14.04 . . .
<sarnold> based on the source it doesn't even look like it tries to allocate memory
<sarnold> it just notices that there's either more than 256 colors in the thing or the image storage class is direct (wtf that means..)
<keithzg> That . . . seems like a bizarre error for it to spit out, then! (Although in keeping with imagemagick's reputation :P)
<nacc> yeah, i don't really understand what the issue is
<nacc> keithzg: tbh, i'd contact them via their forums and see what they say
<sarnold> yeah given just how strange the codebase is that's your best bet
<nacc> and how often a bug is found and they respond immediately with 'we reproduced it and a fix will be in git shortly'
<keithzg> Sounds like a plan
 * keithzg trudges off to create an account on the Imagemagick forums
<sarnold> nacc: aye so true. and if you're really lucky it doesn't get accidentally reverted in a few git checkins :)
<nacc> sarnold: yep :)
<sarnold> keithzg: it might also be worth trying your input with valgrind, or if you build imagemagick from git to test, to try the compilation with ASAN. they're not so good at writing safe code, maybe you've found an exploitable problem.
<sarnold> keithzg: the error message you tripped makes it seem unlikely but you never know
#ubuntu-server 2017-01-28
<keithzg> sarnold: Hmm, I'll give that a shot
<Capprentice> how to change network manager settings under ubuntu 16.10 from ssh over remote connection?
<jelly> nmcli maybe?
<anonymous_mx> good morning
<demonspork> I have an Ubuntu VM on an ESXI host. There are some major problems, commands will take a minute to run sometimes, it randomly seems to freeze. The rest of the time it is fast, all storage is SSD speeds, network works right. I noticed that I have 20GB of RAM listed, but I am using 808M and 149M is free. Does this mean that Dynamic memory is turned on for this VM, and could it also be the problem?
<compdoc> what version of ubuntu?
<demonspork> 16.04 LTS
<compdoc> it understands memory ballooning, no problem
<demonspork> A friend is hosting this for me, so I don't know what exactly is set on the host
<demonspork> trying to get ahold of him to see what he has set
<compdoc> I have problems using virtio nics in kvm guests because of a certain problem, but ballooning and virtio storage works fine. course, cant speak for ESXI
<compdoc> hmmm, ballooning could be different drivers than your Dynamic memory
<compdoc> can you choose type of nic? e1000?
#ubuntu-server 2017-01-29
<NginUS> I can only connect to my nfs server if my firewall's off. What ports does the Windows client need me to open??!! I'm going crazy w this
<ChmEarl> NginUS, in /etc/default/nfs-kernel-server look at RPMMOUNT*.. I set it to 892
<ChmEarl> rpc.mountd ^
<ChmEarl> then I open 2049 & 892
<NginUS> ChmEarl: I dunno what port the Windows NFS Services Client is using tho-
<NginUS> I gotta set it to what the Client's using
<ChmEarl> NginUS, the client should be able to query RPC: rpcinfo -p 192.168.1.1
<ChmEarl> NginUS, I also open portmapper on 111
<NginUS> ChmEarl: Sweet, thanks alot!
<NginUS> ChmEarl: OMG, I can't thank you enough. I'm so relieved to have this working right now
<ChmEarl> NginUS, cheers.. my 2049 port is open strictly to LAN, not WAN
<NginUS> yea
<ChmEarl> my rule counts: https://paste.debian.net/plain/911379
<ChmEarl> nobody ever probes 892 tcp
#ubuntu-server 2018-01-22
<Now_its_Broken> Hi,  can anyone here point to some instructions on getting openvswitch working with netplan?
<lordievader> Good morning
<ahasenack> rostam: try the dig tool, dig @<ip-of-dns-server> <name-you-want-to-resolv>
<ahasenack> rostam: start with using the ip from /etc/resolv.conf
<ahasenack> if that's 127.0.1.1 or some such, move on to your real dns server, then try 8.8.8.8 (google's), etc
<ahasenack> rbasak: hi, I'm getting this from g-u merge start on samba:
<ahasenack> $ git ubuntu merge start pkg/ubuntu/devel
<ahasenack> 01/22/2018 09:53:01 - ERROR:pkg/ubuntu/devel version (2:4.7.3+dfsg-1ubuntu1) is after debian/sid version (2:4.7.1+dfsg-1). Are you sure you want to merge? (Pass -f to force the merge).
<ahasenack> rbasak: debian/sid is at 4.7.4, though
<ahasenack> seems like the debian branch(es?) are behind in the importer?
<rbasak> AFAICT, sid is at 2:4.7.3+dfsg-1 and bionic-devel is at 2:4.7.3+dfsg-1ubuntu1
<rbasak> Do you see something different?
<rbasak> I was looking at https://code.launchpad.net/~usd-import-team/ubuntu/+source/samba/+git/samba
<ahasenack> rbasak: rmadison, and the merges page
<ahasenack> both show sid at 4.7.4-+dfsg-1
<ahasenack> rbasak: sorry, the vpn dropped, this was the last I saw:
<ahasenack> <ahasenack> both show sid at 4.7.4-+dfsg-1
<ahasenack> * Disconnected ()
<rbasak> ahasenack: ah. OK. So the problem is that the importer is straightforwardly out of date rather than inconsistently out of date in different branches I think?
<rbasak> I need to sort out my VPN connection. That's blocking me from looking right now :-/
<ahasenack> rbasak: I don't know, but "out of date" sounds right
<eoli3n> Hi
<eoli3n> i'm trying to preseed (with ubuntu kickstart + some preseed lines) a ubuntu install on a dualboot
<eoli3n> each kickstart make Win7 not bootable
<eoli3n> i need to repair Win7 with CDROM
<eoli3n> fact is that i need to automate 800 nodes deploy
<eoli3n> here is the kickstart file -> https://ptpb.pw/F5ts
<eoli3n> here's some checksums on what changed at each steps -> https://ptpb.pw/0Y6b.png
<eoli3n> and here the "view details" log from win7 repair tool -> https://ptpb.pw/fxvz
<eoli3n> the fact is that PARTUUID seems changing after kickstart
<eoli3n> i think its due to partman
<eoli3n> and i'm searching for a way to keep same sda1 PARTUUID
<eoli3n> to not to have to repair WIN7 after kickstarting
<eoli3n> the strange thing is that kickstarting edit only MBR's bootloarder part -> and repairing with WIN7 CDROM changes only C:\Boot\BCD
<eoli3n> and every loop i do a kickstart deploy gives the same
<eoli3n> while true; do ; kickstart change bootloarder ; WIN7 boot broken ; repairing with CDROM, it edits date inside sda1 ; done
<eoli3n> (sorry for that huge paste)
<Ussat> dont dual boot
<eoli3n> are you serious ?
<Ussat> very
<eoli3n> cool
<eoli3n> any serious help here ?
<Ussat> There is, in my opinion, almost no reason to dual boot anymore with modern hypervisors
<eoli3n> you doesn't have my needs
<eoli3n> and i'm not asking for that help
<eoli3n> that's cool from you
<eoli3n> but not my ask
<mason> eoli3n: Wait, you're taking a checksum of sda1 there?
<mason> eoli3n: I'm assuming sda1 is your ESP, yes?
<mason> I'm not completely understanding here, but I'd be more inclined to think you're seeing a problem with your efibootmgr entries.
<eoli3n> mason: i'm using legacy not uefi bios
<eoli3n> i took some checksum to see what kickstart change
<eoli3n> sda1 is windows part
<mason> eoli3n: Ah... Nowadays I wouldn't consider dual-booting without UEFI, but I'm not sure Windows 7 can deal with UEFI. Can it?
<eoli3n> mason: i use old nodes
<eoli3n> i don't know, problem is that i will node renew my 800 nodes now :)
<eoli3n> i will not
<eoli3n> *
<mason> right
<eoli3n> my problem needs a bit reflexion to understand what i do
<eoli3n> sorry to bot be able to make it easy undestandable
<mason> just noted that you've included multiple pastes - looking
<eoli3n> thx, ask if any question
<eoli3n> the important paste is the table
<eoli3n> a bit hard to understand
<eoli3n> i started at line1 with a dualboot working
<eoli3n> then i reinstall with kickstart at line 2
<eoli3n> my kickstart installation needs to keep win7 working
<eoli3n> after kickstart, i'm not able to boot win7 without win7 CDROM repair tool
<mason> #Clear the Master Boot Record
<mason> zerombr yes
<mason> Guessing that's why.
<eoli3n> nomp
<eoli3n> nop
<eoli3n> asked to dev of ubuntu kickstart
<eoli3n> it does nothing
<rbasak> ahasenack: I import samba by hand and it worked fine.
<rbasak> Not sure what happened in the past.
<rbasak> ahasenack: so it should be good for you now.
<rbasak> Sorry it didn't work before. It could have been due to a gap when the importer was running.
<rbasak> We haven't got the full "catch up everything" thing running yet.
<rbasak> nacc: ^
<eoli3n> mason: he pasted me that -> https://paste.ubuntu.com/26409694/
<mason> eoli3n: Hm, well. Hopefully someone who's done this will come around with ideas, or there's always the mailing list. I don't run Windows anywhere so I'm not entirely clear on what it wants and what's changed out from under it.
<TJ-> eoli3n: I only just came in, but it sounds to me like GRUB needs to create a menu entry for the Windows install. If you want Windows to remain the primary boot-strap bootloader then you have to prevent GRUB from writing it's bootstrap code
<eoli3n> TJ-: i don't want to prevent it
<eoli3n> chainloader +1 is working
<eoli3n> problem is that win7, while booting, ask for repairing
<eoli3n> TJ-: https://ptpb.pw/0Y6b.png
<eoli3n> please check and tell me if its clear
<eoli3n> when installing with kickstart, nothing changed on the disk exept ubuntu install on sda2 and bootloader 0>446 on sda
<eoli3n> the strange part is
<eoli3n> when i repair win7
<eoli3n> it repair by changing BCD on win7 install
<eoli3n> i don't know more what it does -> here's the log file -> https://ptpb.pw/fxvz
<eoli3n> grub is working
<TJ-> eoli3n: is the partitioning using only MBR ?
<eoli3n>  what do you mean ? "using only MBR" ?
<TJ-> eoli3n: it's possible to have GPT hybrid that also has a valid MBR
<eoli3n> i'm using mbr not gpt
<eoli3n> https://ptpb.pw/F5ts
<eoli3n> https://ptpb.pw/F5ts
<TJ-> OK, and which sector does sda1 start at?
<eoli3n> oups sorry for double
<eoli3n> 2018
<eoli3n> ahhh
<eoli3n> 2048
<eoli3n> please look at the paste
<eoli3n> at PRE part
<eoli3n> you will see that i use sfdisk to restore part table
<TJ-> eoli3n: OK, so under normal circumstances GRUB will write it's boot-strap into sector 0 and it's core image into sector #1 through 2047
<eoli3n> not from 0>446 ?
<eoli3n> hm i didn't knew there was more that "boot-strap"
<eoli3n> my question is
<TJ-> eoli3n: 446-509 is the partition table, 510-511 is the signature
<eoli3n> ok
<eoli3n> so why
<eoli3n> installing grub breaks win7 boot
<eoli3n> as win7 bootloard is at start of sda1
<eoli3n> bootloader
<eoli3n> so at 2028
<eoli3n> 2048
<TJ-> eoli3n: the process goes PC >BIOS > read sector 0 > execute code from offset 0. This is the bootloader's boot-strap code. In GRUB it then uses BIOS services to read sector #1-2047 into memory and continues executing - that is GRUB's core image, which then finds GRUB's root file-system and accesses that, loads the normal.mod and executes 'normal' command which reads /grub/grub.cfg and processes it
<TJ-> (menu, wait for key press, launch OS, etc)
<eoli3n> i get it
<TJ-> As I recall, Windows boot-strap code in sector 0 looks for the partition that is flagged as Bootable, then reads boot code from that partition, which then reads Windows bootmgr code
<eoli3n> the partition sda1 is marked as bootable
<eoli3n> with "boot" flag i mean
<eoli3n> so installing grub can not break any win7 install right ?
<TJ-> eoli3n: right, from your table it looks as if the Win7 repair is writing something into the 'spare' sectors from sector 1 onwards - is that correct?
<eoli3n> which are spare sectors
<eoli3n> what i can say, is that repair tools write between 2048 and end of partition
<eoli3n> i know that it edit BCD file
<TJ-> eoli3n: Installing GRUB will break Windows every time 100%, since it has to write it's boot-strap code into sector 0. However, it uses os-prober to locate the Windows OS during "update-grub" and adds a menuentry for Windows
<eoli3n> TJ-: i used a previous installation method which install grub with a custom script without breaking win7 part
<eoli3n> win7 install i mean
<TJ-> eoli3n: it sounds more likely Windows is breaking itself - by 'thinking' it needs a repair when it doesn't simply because sector 0 changed, then during the repair it goes on to change things it doesn't need to change
<eoli3n> so how to make it works without repair ? dd backup then restore ?
<eoli3n> i need to automate the process
<eoli3n> but still, i'm not understanding on how my previous deploying method differs
<eoli3n> in my previous installation/deploy method, i uncompressed a huge tar.xz on disk, then install grub in chroot with this script -> https://ptpb.pw/DR9s
<eoli3n> that didn't make win7 needs a repair
<eoli3n> why ?
<eoli3n> my previous installation working method, complete is -> boot debian bootstrap pxe -> sfdisk to restore part table -> detar.xz sda2 (/boot) and sda3 (/) -> chroot -> install grub with the script in chroot -> reboot
<eoli3n> win7 still working after that
<eoli3n> what differ in kickstart method ?
<eoli3n> weird, isn't it ?
<TJ-> I'm trying to determine what exactly "grub-installer/with_other_os" is supposed to fo
<TJ-> I think that should be set to "true" when you expect another OS to be installed; I don't think that'll affect the issue you are having though
<eoli3n> that was my question before all of that on #debian
<eoli3n> i tried every options TJ-
<eoli3n> with_other_os and only_debian, set to true or false
<eoli3n> all false was my last try
<eoli3n> just tried to install grub with my custom script
<eoli3n> as https://ptpb.pw/n5Av
<eoli3n> lets try, i tell you in 20min
<eoli3n> grub-installer/skip boolean true
<eoli3n> then generate a chroot grub.sh installer
<eoli3n> cat not echo -> fixed : https://ptpb.pw/ao3y
<TJ-> eoli3n: Are you sure when Win7 'repairs' it's not writing a GPT to the disk? Because in your table for lines (3) and (4) you show PARTUUID - that will only be available for GPT, MBR scheme has nowhere to store a /partition UUID/ (whereas the file-system in the partition can/does have a UUID)
<TJ-> eoli3n: GPT uses sectors 1-33 which would explain why in line (3) you have a different checksum for 0>1024
<eoli3n> i repair, and recheck
<TJ-> use "gdisk" to check before and after
<eoli3n> i can't, no xserver
<TJ-> gdisk is console
<eoli3n> ah
<eoli3n> huhu
<TJ-> "gdisk -l /dev/sda"
<eoli3n> need to redeploy, my custom grub.sh breaks
<eoli3n> tell you in some minutes
<eoli3n> hmm that could be the trick
<eoli3n> dump and restore with sgisk
<eoli3n> TJ-: before -> http://ix.io/EvA, after -> http://ix.io/EvC
<eoli3n> GUID change each time i run gdisk
<eoli3n> http://ix.io/EvD
<eoli3n> http://ix.io/EvE
<TJ-> OK, so not GPT then. So why is Win7 changing something in sector 1+? Does it also hide recovery info there?
<eoli3n> hide recovery info ?
<eoli3n> where ?
<eoli3n> i don't know why, i think, maybe it changes only BCD boot file
<eoli3n> in log of repair tool, it just says that it edit the entry in BCD
<eoli3n> suppress previous one then replacing by a new matching one
<eoli3n> as i my previous paste
<eoli3n> https://ptpb.pw/fxvz
<eoli3n> https://ptpb.pw/0Y6b.png
<eoli3n> 3 collumns in orange are same
<TJ-> eoli3n: oh! I misread your table "0>1024" as being the first 4 sectors of the disk, but that's actually the 1st partition
<eoli3n> i mean first one is 2048 > (1024*50)
<eoli3n> yep
<TJ-> eoli3n: you should take a checksum of sectors 1-2047
<eoli3n> hm but how to cut it
<mason> eoli3n: This is where UEFI is much more orderly. There aren't random things slipping their tentacles around different undocumented bits of disk.
<eoli3n> 0>446, 446>510, 512> 2047 ?
<TJ-> as in "dd if=/dev/sda skip=1 count=2047 | md5sum"
<eoli3n> ok but it will tell nothing
<eoli3n> https://ptpb.pw/0Y6b.png
<eoli3n> i already test lower part
<eoli3n> 0>446 , 446>510
<eoli3n> 1>2047 will have part table and bootloader into it no ?
<eoli3n> the range is too high ? you know what i mean ?
<eoli3n> sadly, i have to go :( , i really want to find out that problem, i will try to diff md5sum 512>2047 too tommorow
<TJ-> eoli3n: no, 1-2047 are 'spare' sectors which GRUB puts its core image in
<eoli3n> ?
<eoli3n> https://fr.wikipedia.org/wiki/Master_boot_record
<eoli3n> i don't get what you mean
<eoli3n> sorry
<eoli3n> wikipedia says that 0>446 is part table
<eoli3n> so how 1>2047 could be grub core image
<eoli3n> 1 is a byte, yes ?
<eoli3n> byte "1" to byte "2047"
<eoli3n> ?
<TJ-> No, it's sectors of 512 bytes
<TJ-> dd uses 512 byte blocks by default
<eoli3n> ohhhhh
<eoli3n> i will take a look tomorow morning at 8h (GMT+1)
<eoli3n> thx a lot for your help
<DammitJim> is there an ubuntu repo for tomcat 8.5?
<sarnold> DammitJim: 8.5 appears to be in artful and forthcoming bionic
<DammitJim> I guess I've got to learn what bionic and artful is
<DammitJim> I have ubuntu 16.04 LTS servers with tomcat 8 and apparently Apache Tomcat is making tomcat 8 EOL in September
<nacc> DammitJim: 18.04 (unreleased) and 17.10, respectively
<DammitJim> trying to start getting off that version
<DammitJim> gosh, it looks like I'm going to have to just uninstall tomcat8
<sarnold> oh
<DammitJim> and download the apache=tomcat-8.5.zip
<DammitJim> and work it from that angle
<sarnold> so you don't actually have an application that requires 8.5?
<DammitJim> no repos
<DammitJim> I do not
<DammitJim> we are purely doing it because it's EOL
<sarnold> just upgrade to 18.04 LTS when you're comfortable with the change
<sarnold> 18.04 will be released before september.
<DammitJim> yeah, I think that'll be an option in my proposal
<sdeziel> DammitJim: also, Tomcat 8 being in main, it should be supported for the full lifetime of 16.04 even if upstream reaches its EOL
<nacc> (supported by canonical/ubuntu)
<nacc> *not* by upstream, to be clear :)
<sdeziel> yeah, main is a canonical thing :)
<DammitJim> thanks for clarifying that, sdeziel
<DammitJim> so, if there was a problem with tomcat 8, Canonical would fix it and release an update?
<nacc> DammitJim: yeah
<nacc> generally speaking, it does depend on 'the problem', as we still need to follow SRU rules
<nacc> but preusming you mean CVEs or so, then yes
<DammitJim> awesome
<DammitJim> I need to find the documentation that explains that, because that is AMAZING
<nacc> https://help.ubuntu.com/community/Repositories#Main
<nacc> iirc
<DammitJim> thanks
<DammitJim> nacc, I'm reading the Main section
<DammitJim> that's where Tomcat would fall under, right?
<nacc> DammitJim: correct
<sarnold> you can use 'apt-cache policy tomcat8' to see
<sarnold> not all binary packages built from a source package are in main, so it doesn't hurt to check all the binary packages you care about
<nacc> sarnold: good point
<DammitJim> oh gosh
<DammitJim> the devil is in the details, but thanks!
<DammitJim> so, it seems that if I want to use tomcat 8.5, I'll have to upgrade to Ubuntu 18.04?
<nacc> DammitJim: i think everying is in main except libtomcat8-embed-java nad tomcat8-user
<nacc> DammitJim: once released, yes, or 17.10 in the meanwhile
<Ussat> sigh
<Olanzapin> &j ssacc.net
<keithzg> So here's something that's been baffling me, and it's arguably appropriate since the router in question runs Ubuntu ;)
<keithzg> A bunch of random sites seem to have started blocking HTTP traffic from my office, with what appear to be Apache "Access Denied" messages. This extends to curl/wget from the router itself . . . but somehow *not* to traffic through the OpenVPN instance?
<TJ-> keithzg: is your public IP on a blacklist?
<keithzg> TJ-: That was my first thought, but if it is, I can't seem to find any publically-accessible listing thereof
<TJ-> keithzg: what's the public ip address/mask ?
<keithzg> TJ-: It's 184.70.164.246, aka gmcl.com
<keithzg> (My current working theory remains that it's some sort of private corporate blacklist; that doesn't explain why VPN'd traffic doesn't get block but I can sortof hand wave that away with "routing is complicated, I'm probably not understanding something")
<TJ-> keithzg: if you are using openvpn to tunnel out to another host that then routes, it's IP address will be different
<keithzg> TJ-: The router is also the VPN server, though, so shouldn't sites see that as the IP address of the traffic?
<TJ-> keithzg: you mean you connect from LAN clients using openvpn to your gateway router?
<TJ-> keithzg: checked the IP, not blocked anywhere
<keithzg> TJ-: Specifically I mean that the router for the office LAN is also the VPN server that external clients use to get into our LAN remotely.
<TJ-> keithzg: Oh, I thought you meant you link your gateway to another location and tunnel /out/ through it
<TJ-> keithzg: then I can only thing your gateway is messing with the traffic, are you sure your network doesn't have a transparent proxy?
<TJ-> keithzg: does it affect HTTPS connections or only HTTP?
<TJ-> keithzg: i'd suspect the Apache message you see is from your own network
<keithzg> TJ-: Funny story about that, due to this I've noticed that https://thebay.com doesn't have a valid cert ;) but yeah it appears to affect both HTTPS and HTTP traffic, for instance https://tools.usps.com has a valid HTTPS connection but tells me "You don't have permission to access "http://tools.usps.com/" on this server"
<TJ-> keithzg: I think you've got an internal redirection issue in the gateway. Possibly the rules that were set for incoming openvpn  tunnel traffic are breaking regular forwarded traffic
<TJ-> keithzg: Ask yourself: 1) when did this start? 2) What did I change just before I noticed the issue?
<keithzg> TJ-: That's the problem, other than the standard security patches I haven't touched anything on the router in ages now.
<TJ-> keithzg: it's an Ubuntu server actiing as gateway?
<keithzg> TJ-: Yup.
<TJ-> keithzg: check /var/log/syslog and /var/log/kern.log for clues
<TJ-> keithzg: also, if it has apache2 web-server installed, check it's logs in /var/log/apache2/ in case it indicates it's responsible for the messages
<keithzg> TJ-: No messages in kern.log for several days now, I can't see anything that seems remotely relevant in either syslog or the apache logs, and nothing seems to shwo up if I tail them while trying to access a site :(
<TJ-> keithzg: has it run out of space? "df -h"
<TJ-> also try "df -ih" (for inodes)
<sarnold> pity there's no way to get both in one invocation :(
<keithzg> TJ-: Naw, the 256GB M.2 SSD that the router runs is only at 4% space usage (the only higher is /run at 8%, and inode usage for everything is being rounded to 1%
<TJ-> keithzg: good. Are you comfortable sharing the netfilters rules? ("pastebinit <( sudo iptables-save )"
<keithzg> TJ-: https://paste.ubuntu.com/26440410/
<tomreyn> if you request httpS://tools.usps.com amdd get to see an error stating that you may not access HTTP://tools.usps.com/ (so non-encrypted) then this is a pretty obvious hint that your TLS connection was stripped towards the receiving end.
<tomreyn> s/amdd/and/
<TJ-> tomreyn: that's why I suspect a local proxy
<tomreyn> right
<TJ-> keithzg: are the local clients using Ubuntu/Linux ?
<keithzg> Yeah I wonder . . . I'm going to try turning off the Apache server (which is proxying to a VM running the *actual* company website)
<keithzg> TJ-: Not all of them, the first person who noticed this and has continued to notice things is on Windows 8.1, and I randomly tried a macOS VM at one point. I myself have been mostly testing this from Kubuntu.
<keithzg> Well, shutting down the Apache server on the router didn't change anything.
<TJ-> keithzg: I'm also surprised, if that is a gateway router, that the INPUT chain doesn't have a DROP policy and then specific rules for allowing VPN/SSH traffic in
<TJ-> keithzg: can you do one of those 'wget' ops that gets denied and show us the output in a pastebin?
<TJ-> keithzg: from the gateway itself
<TJ-> keithzg: also, "pastebinit <( ip -4 -6 route show )"
<keithzg> TJ-: I have SSH blocked with `-A INPUT -i external0 -p tcp -m tcp --dport 22 -j REJECT --reject-with icmp-port-unreachable` and that I thought worked fine for blocking SSH traffic (I actually run a port knocker, and that's how rules for allowing SSH in get added)
<sdeziel> "ip -4 -6 ro" only returns v6 routes here (on Xenial)
<TJ-> keithzg: right, but if there are other services on the gateway they may be exposed.
<TJ-> sdeziel: it returns both here on 16.04
<keithzg> TJ-: Ah, fair enough.
<TJ-> sdeziel: oh, no, you're correct! Sorry, I misread!
<keithzg> Anyways the denied requests are just single-line HTTP responses, ex.
<keithzg> <html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.<br><br>Your support ID is: 16159986499229415207</body></html>
<sdeziel> TJ-: too bad, I would have like it to work ;)
<TJ-> keithzg: so, "pastebinit <( ip route show; ip -6 route show )"
<TJ-> sdeziel: yeah, it annoys me that without switches it defaults to IPv4
<keithzg> TJ-: https://paste.ubuntu.com/26440446/
<keithzg> Oh how I wish we had IPv6
<TJ-> keithzg: I wanted to see the entire wget messages. Do "pastebinit <( wget http:///whatever 2>&1 )"
<keithzg> TJ-: Oh, fair enough, I just saw that it was going "200 OK" and nothing else other than the actual *contents* of index.html indicates any problem.  But here: https://paste.ubuntu.com/26440457/
<keithzg> Oh oops, never mind that
<keithzg> Although maybe that's a clue to some degree, many initial URLs are fine, but then what they're actually redirecting to isn't OK.
<keithzg> Actual wget output for one of these 403s: https://paste.ubuntu.com/26440460/
<sdeziel> "wget -SO - http:///whatever 2>&1 )"
<tomreyn> i'd rather suggest to use curl --trace /tmp/trace http(s)://...
<TJ-> keithzg: thebay.com is broken for me too, and TLS connections return SSL_ERROR_BAD_CERT_DOMAIN
<TJ-> keithzg: any other domains do this to you?
<sdeziel> 69.192.84.206 belong to Shaw Communications
<sdeziel> keithzg: would that be your ISP ^
<tomreyn> tools.usps.com seemed like a better test candidate
<TJ-> For that I get "20 redirections exceeded."
<sdeziel> and when resolving www.thebay.com, I get an akamai IP so it looks like an ISP getting in the way
<keithzg> tomreyn: heh yup, that would be precisely what I was going to try as an alt. Here in fact is the curl trace output for that: https://paste.ubuntu.com/26440477/
<tomreyn> keithzg: that's the output of which command?
<keithzg> sdeziel: Interesting, I saw Akamai when trying to figure things out before too with https://www.us-cert.gov/ (the third website giving this error)
<TJ-> sdeziel: that explains it then, they've left thebay.com in the DNS zone file but it should be front-ended by cloudfront. www.thebay.com is correct with a CNAME
<keithzg> tomreyn: `curl --trace tracefile https://tools.usps.com`
<TJ-> sorry, akamai, not cloudfront
<sdeziel> keithzg: from that paste, it seems the 403 was emitted by Akamai themselves
<sdeziel> Server: AkamaiGH
<sdeziel> maybe Akamai thinks your IP has a bad reputation?
<TJ-> tools.usps.com also on akamai - do Akamai have a problem?
<TJ-> sdeziel: I did an RBL check on the IP addres over about 30 RBLs and it's clean
<sarnold> akamai may have their own database
<tomreyn> akamai don't like you.
<keithzg> That defintiely aligns with the vague intimations of https://community.akamai.com/community/cloud-security/blog/2016/04/07/why-is-akamai-blocking-me
<keithzg> (one of the first things I found when initially noticing this error and when nmap told me that the us-cert site was hosted by Akamai)
<TJ-> this is 1 of the big downsides to centralised proxies
<keithzg> Yeahhh, and unfortunately that help page gives the impression that there's no way to contact Akamai and ask them precisely what's going on :(
<TJ-> keithzg: has anything on your network been doing automated connections, say to access the USPS site for example?
<TJ-> someone developing a tool to query shipping status maybe?
<keithzg> TJ-: Nothing intentional, no; the only software development anyone other than ol' sysadmin me does is oldskool Win32 work for the software we sell (that in turn tends to run on theoretically airgapped networks, so we don't even have any sort of auto-updater or such for our tools).
<TJ-> keithzg: how about via the VPN - you said connections via the VPN were OK - which I can only see happening if the VPN uses a different IP address for it's exit interface from your /30
<sdeziel> or maybe the VPN is using split tunneling ?
<TJ-> keithzg: show us "pastebinit <( ip addr show )"
<keithzg> TJ-: Yeah, that one baffles me as well. Here it is: https://paste.ubuntu.com/26440512/
<TJ-> keithzg: so, the external clients /are not/ using the VPN for general internet access, which explains htat
<sdeziel> keithzg: on a VPN client that works, could you share "pastebinit <( ip ro)"
<TJ-> sdeziel: I hate that "split tunnel" name, it's deceptive, there's no split in the tunnel, it's just standard routing!
<sdeziel> TJ-: I /think/ it could be it but I haven't seen any evidence so far
<keithzg> sdeziel: Well drat, I didn't bring my laptop to work today! I wonder if Android can manage that.
<TJ-> sdeziel: I'm sure it is, the client will use their standard default route (and hence connect successfully to thebay.com) but will route 10.0.0.0./8 (or similar) via the openvpn tunnel
<sdeziel> keithzg: you could do something server side. "sudo iptables -A FORWARD -i tun0 -o external0"
<TJ-> keithzg: 1 thing you could try us assign another IP address to external0 and use it as the source address for a test, see if it is blocked too, or just your current single IP address
<sdeziel> keithzg: then with the VPN client, access a site then run this on the server side: "pastebinit <(sudo iptables -nvL FORWARD)"
<TJ-> my typing is going downhill, my fingers have a mind of their own!
<sdeziel> TJ-: if Akamai blocks based on IP reputation, they maybe do that using wider CIDRs than /32
<TJ-> sdeziel: right, but it's worth testing, because if it's only a /32 there is a workaround
<keithzg> sdeziel: Seems the command works fine from a shell on my Android phone, I think? https://paste.kde.org/pw2t6zene
<sdeziel> keithzg: hmm, no default route?
<tomreyn> 184.70.164.246 belongs to a /13 (!) - not ideal if your hopes are that you'll be emitting less bad traffic than the average of shaw communication (cable?) users. for business use, a much smaller address range would be recommendable.
<sdeziel> keithzg: "ip ro g 8.8.8.8" ?
<TJ-> which is "ip route get 8.8.8.8"
<sdeziel> yeah, sorry, I'm very lazy
<TJ-> :D trying to educate as well as diagnose :p
<sdeziel> and it's better to have the receiving end understanding a command before running it :)
<keithzg> sdeziel: 8.8.8.8 via 10.180.113.86 dev rmnet_data0  src 10.180.113.85 uid 10228
<TJ-> I keep telling that to my Huskies!
<sdeziel> lol
<keithzg> (I haven't tried `sudo iptables -A FORWARD -i tun0 -o external0` yet, for the record)
<sdeziel> keithzg: I think that's your answer
<sdeziel> keithzg: you are using split tunnelling (or routing just the remote LAN IP space over your VPN/tun0)
<keithzg> Aha, fair enough (can't remember if that was intentional on my part when I ported over to the new server, or maybe that
<keithzg> 's an artifact of the convoluted setup of my predecessor)
<TJ-> keithzg: it makes sense, no point in routing internet bound traffic via the tunnel
<sdeziel> keithzg: at least that's what I believe is going on. I'm not very familiar with the per UID routing stuff done on Android
<keithzg> TJ-: Yeah, it's definitely what I'd have chosen to set up if I actually did so deliberately ;)
<TJ-> keithzg: do you want to test with your 'spare' currently unused IP address?
 * sdeziel wonders if per UID routing landed upstream
<keithzg> TJ-: That does sound like a plan---although I honestly don't know what it is, heh (I knew we had a second static address but I haven't bothered to look it up)
<TJ-> keithzg: your 184.70.164.244/30 gives you 2 IP addresses: .245 and .246 (which you use) so we can try adding .245 and using it
<TJ-> keithzg: "sudo ip addr add 184.70.164.245/30 dev external0"
<sdeziel> wget --bind-address=184.70.164.245 -SO - https://tools.usps.com/
<TJ-> keithzg: then try "wget --bind-address=184.70.164.245 -S -O - http://www.thebay.com"
<TJ-> Grrrr, stealing my typing :D
<sdeziel> I don't trust your self-aware fingers either ;)
<TJ-> LOL
<keithzg> hehe
<keithzg> Well I must've messed up the addition of the additional address or something, since that (either one) just hangs at "Connecting" forever
<TJ-> keithzg: check with "ip addr show dev external0"
<TJ-> keithzg: you should see both .245/30 and .246/30
<TJ-> We know there's no netfilter rules to get in the way :)
<keithzg> TJ-: Heh. Yeah I see it listed although it's different? https://paste.kde.org/pbatt57z3/32j5t0/raw
<TJ-> keithzg: that's fine
<TJ-> keithzg: let's check routing: "pastebinit <( ip route show )"
<keithzg> TJ-: Fair enough, I just wasn't sure, although upon reflection I assume "brd" means broadcast so that makes sense to me then
<keithzg> TJ-: https://paste.ubuntu.com/26440728/
<TJ-> keithzg: did you say both .245 and .246 hung when used with wget --bind-address= ?
<keithzg> TJ-: Oh, no I didn't try binding to .246 instead. Just tried it, it instantly works.
<TJ-> interesting, adding the new IP changed the default via to .245
<keithzg> (well, gives the 403 from AkamaiGHost, heh)
<TJ-> keithzg: I'm getting confused. which works? "wget -S -O - http://www.thebay.com" ?
<keithzg> TJ-: That works (gets a 403), explicitly binding to .246 works (also 403), explicitly binding to .245 does not (hangs on the Connecting step)
<TJ-> keithzg: weird, that suggests your ISP has assigned a /30 but is not routing it! Is there a modem/router from your ISP connected to the server?
<TJ-> keithzg: in which case it's likely .245 is assigned to that device
<TJ-> keithzg: do "sudo ip addr del 184.70.164.245/30 dev external0" to clean up the server
<keithzg> Yeah they insisted they couldn't give me *just* a modem anymore :( (this is why I don't use Shaw personally!). In theory they've disabled it so that it's only acting as a modem, it's not bridged or anything, but I wouldn't be surprised then if the modem+router box also has its own IP address secretly then.
<keithzg> Huh, even add that del I still see .245 as the default route.
<keithzg> (Did I just not have a default before? Yeesh, I need to keep better track of these things!)
<sdeziel> https://paste.ubuntu.com/26440446/ shows that you had a "default via 184.70.164.245 dev external0 onlink"
<sdeziel> keithzg: that's one of your earlier paste
<keithzg> sdeziel: Ah, fair enough. So it's more just a lack of comprehension of what it all means on my part then, heh.
<TJ-> oh, so .245 is the ISP device
<TJ-> i missed that
<sdeziel> keithzg: no, we screwed up a little I'm affraid
<TJ-> keithzg: so the upshot is ... Akamai
<TJ-> i read the default as .246 originally, grrr
<keithzg> Curse our fallable humanity!
<TJ-> I blame my fingers AND my eyes :)
<TJ-> basically, broken I/O
<sdeziel> on the up side, you were not SSH'ed in from a remote location and didn't lose access :)
<keithzg> hehe
<keithzg> Yeah, seems like my next step is probably to bug my ISP and see if there's some way they can get more info or a delisting from Akamai.
<keithzg> Many, many thanks! :)
<keithzg> I wish all of the internet was full of people as wonderful as #ubuntu-server :D
<keithzg> Fallable and human as they may be ;)
<sdeziel> hehe
<sdeziel> good luck!
<keithzg> Thanks!
#ubuntu-server 2018-01-23
<lordievader> Good morning
<eoli3n> hi
<lordievader> Hey eoli3n How are you?
<eoli3n> fine, u ? :)
<lordievader> Doing good here :)
<cpaelzer> almost forgot, good morning
<lordievader> Hahaha, hey cpaelzer
<lordievader> How are you doing?
<cpaelzer> good, busy enough to forget to say hello for more than an hour but good :-)
<lordievader> ð
<ahasenack> can I use rmadison to query packages for EOL ubuntu releases, likey yakkety?
<ahasenack> or, what other way is there to learn at which version a certain package was in one of these releases?
 * ahasenack tries packages.ubuntu.com
<ahasenack> nope
 * ahasenack tries launchpad.net/ubuntu/+source/<package>
 * ahasenack tries launchpad.net/ubuntu/<release>/+source/<package>
<ahasenack> bingo
<eoli3n> is there any way to msg a offline user ?
<eoli3n> with !tell or something ?
<eoli3n> !tell
<eoli3n> !help
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<eoli3n> !msg
<ubottu> Please ask your questions in the channel so that other people can help you, benefit from your questions and answers, and ensure that you're not getting bad advice.
<lordievader> Don't think ubottu has that  functionality.
<hateball> !memoserv
<hateball> pff
<boxrick> Here is a random question, I currently use Xenial for everything. Not tried Bionic yet, how working / broken is it currently. And does it massively differ in any way ?
<lordievader> Such question are usually forwarded to #ubuntu+1
<boxrick> Fair enough, I guess I should be more specific. Has the networking changed much in Bionic?
<eoli3n> re
<Odd_Bloke> boxrick: Networking has changed fairly substantially, yes.  networkd will be the default (in the server), and it will be configured using netplan.
<boxrick> Just found this. https://insights.ubuntu.com/2017/12/01/ubuntu-bionic-netplan/
<boxrick> Good news, ifupdown was rather unreliable.
<eoli3n> so if somebody saw it yesterday, i was debugging a kickstart install, which actually breaks win7 boot. I'm not a end user, i need to automate to deploy 800 nodes.
<eoli3n> here is the kickstart file -> https://ptpb.pw/TMJt
<eoli3n> here are my tests -> https://ptpb.pw/Uc7_.png
<eoli3n> and here the log of win7 cdrom repair tool -> https://ptpb.pw/fxvz
<eoli3n> TJ-, which is not connected right now, helped me a bit yesterday
<eoli3n> he asked me to add sector#1 to #2047 test
<eoli3n> in table, every orange part are differing from previous state
<eoli3n> i want my kickstart install, to work without kicking win7 install, and without needed of repairing anything
<boxrick> So Odd_Bloke, getting netplan and systemd networkd working in a similar way to Bionic on Xenial. Is that even possible?
<Odd_Bloke> boxrick: I don't think you'd want networkd in xenial, but I _believe_ netplan can render ENI.
<Odd_Bloke> cyphermox will probably be able to be more helpful, though he might not be awake for a couple of hours.
<cpaelzer> ahasenack: also full publication history can sometimes help to uncover weird version changes and what happened
<cpaelzer> hard to read but once mastered full of info
<ahasenack> cpaelzer: where is that?
<ahasenack> ah, link in the top right
<ahasenack> https://launchpad.net/ubuntu/+source/python3.4/+publishinghistory for example
<ahasenack> thx
<eoli3n> how could i have partuuid on parts, using msdos part table
<eoli3n> ?
<eoli3n> when i run blkid i have some PARTUUID setted
<eoli3n> the part table is msdos, wtf
<danrik> Does anyone know if ubuntu 17.10 still supports md5 signed vpn certificates?
<danrik> I know that fedora dropped it completely, but thought that ubuntu still supports it: https://ask.fedoraproject.org/en/question/80081/fedora-23-unable-to-verify-openvpn-certificate-after-update/
<cpaelzer> ahasenack: I'll look at your samba merge now
<cpaelzer> anythin in particular to watch out ofr?
<cpaelzer> s/ofr/for/
<ahasenack> not this time
<ahasenack> cpaelzer: one thing, though, it won't build without bionic-proposed
<ahasenack> because of a build-depends change
<ahasenack> and migrations are basically frozen still
<cpaelzer> have you a ppa already as usual?
<cpaelzer> or not yet because of that?
<cpaelzer> you can enable proposed in the ppa I think
<ahasenack> cpaelzer: I do
<ahasenack> and I have :)
<ahasenack> just a sec
<ahasenack> cpaelzer: https://launchpad.net/~ahasenack/+archive/ubuntu/samba-merge-4.7.4
<cpaelzer> thanks
<eoli3n> i really need help
<eoli3n> is there anybody which could help on multiboot kickstart deploy ?
<eoli3n> who
<ahasenack> don't know about kickstart, sorry :(
<cpaelzer> me neither
<eoli3n> hm, thx for answering anyway :)
<cpaelzer> ahasenack: MP is good, a few minor questions but no stoppers - if you need sponsoring let me know
<pankaj> I am addicted to watching youtube videos. Just wanted to get rid of web browser functionality in ubuntu. Is their any way to achieve this task?
<Ussat> speaking og youtube....
<Ussat> https://www.youtube.com/watch?v=e4Ao-iNPPUc&list=RDe4Ao-iNPPUc
<Ussat> of
<Ussat> ya I know off topic, but had to
<cyphermox> boxrick: hey, how can I halp?
<boxrick> Ohh I was just looking at getting Ubuntu 18.04 like networking in 16.04 ( IE netplan and systemd.networkd )
<cyphermox> boxrick: aye
<boxrick> 1) Is this actually realistically possible
<cyphermox> there may be a couple of moving pieces to configure, but it should be possible
<cyphermox> netplan is already the same version as in bionic
<boxrick> 2) Is there much point in doing this ( my idea here is to make the transition to 18 less painful down the road ) and I also have a bunch of pain with ifupdown currently in xenial.
<cyphermox> boxrick: so; remove any ifupdown configuration you have and migrate it to netplan; make sure you're running the latest systemd from -updates, and you're already pretty good
<cyphermox> the benefit depends on what you're doing for network configuration right now
<boxrick> Well its all built inside of Ansible templates, but we have to modify the networking-service with some systemd extends
<cyphermox> you're right that if you migrate now, you won't have to do it later, but unless you have things that aren't working in ifupdown, you don't have all that much of a benefit
<cyphermox> also, if you use openvswitch, for the time being you're better of keeping ifupdown
<boxrick> ifupdown doesn't like you replacing the config files and restarting
<boxrick> It expects, take the network down, then put the new config in
<boxrick> Then bring it back up
<cyphermox> yes
<boxrick> Otherwise it all goes haywire.
<boxrick> So I have some workarounds for that, but I was hoping the 18.04 way would work better.
<cyphermox> 'service networking restart' is not something you ever want to do
<boxrick> Which is kind of mad
<boxrick> Since it works perfectly in CentOS.
<cyphermox> (I agree, ifupdown requires the config to tear down network)
<boxrick> But I have worked around that anyway by doing it in a different fashion which allows us to do restarts cleanly.
<cyphermox> well, netplan is unaffected by that, if you just 'netplan apply', you should see your configuration applied.
<cyphermox> so yeah, all of it is very much dependent on the complexity of your network configuration
<boxrick> Well that sounds promising, and we don't use Openvswitch right now.
<cyphermox> and we can discuss this further in #netplan if you want
<boxrick> Sure
<cyphermox> openvswitch is planned, but it's complicated, so it takes time
<mwynne> Hi. One of my ubuntu-server VMs rebooted last night, and I can't find anything related to the reboot in syslog or kern.log. Any suggestions for where else I can look to find what happened?
<nacc> mwynne: do you have unattended-upgrades enabled?
<mwynne> nacc: How can I tell?
<TJ-> mwynne: /var/log/apt/history.log and term.log
<nacc> mwynne: config wise /etc/apt/apt.conf.d/50unattended-upgrades, iirc
<mwynne> It looks like it's enabled, but '//Unattended-Upgrade::Automatic-Reboot "false";'
<nacc> mwynne: ok, i'd check the logs TJ- mentioned
<mwynne> I'm assuming since that's commented out it shouldn't reboot automatically?
<mwynne> It looks like it's doing upgrades
<mwynne> How can I disable that?
<sarnold> first you have to figure out why it rebooted
<mwynne> Yeah.
<sarnold> anything in logs? audit logs?
<sarnold> hypervisor logs?
<mwynne> I can disable it, but I'd like to know why.
<mwynne> sarnold: I'll check hypervisor logs.
<mwynne> sarnold: Nothing I can find in those logs.
<Neo4> Hi! I've made list of apps that must be needed for create mail server, is it full list what I need? https://docs.google.com/document/d/1X3azb3yyFc3vOyUefcTpKVUlEWdXc4Stw9to2KB_eKg/edit?usp=sharing
<mwynne> nacc: `last -x` gives me this: http://paste.openstack.org/show/650992/
<nacc> mwynne: and that's a new kernel installed?
<nacc> that would seem like an unattended-upgrade run (note, u-a also logs its own stuff)
<nacc>  /var/log/unattended-upgrades
<mwynne> nacc: Yeah, new kernel. I guess that forces the reboot?
<nacc> mwynne: i'd check the log, but i'd assume so? it would certainly have flagged a need-reboot
<sarnold> you could start up another vm with an older kernel, set the cronjob to run 'soon', and see what happens..
<sarnold> I'd certainly be surprised to see a machine reboot after installing a kernel update
<sarnold> but maybe your system is configured in that fashion
<nacc> cpaelzer: fyi, i'm holdinng off on the php-defaults merge, because 7.2 just landed in unstable, so i'm going to be bumping it
<sarnold> pity there's no clear "shutdown request made by comm ... pid ... user ..."
<mwynne> sarnold: yeah... grep -i reboot in the unattented upgrades dir doesn't return anything either :S
<sarnold> shutdown? halt?
<mwynne> Nope
<Neo4> when I do it sudo echo "hello body" | mail -s "hello subject!" neo@kselax.ru
<Neo4> I got new massage in /var/mail/neo
<nacc> Neo4: why are you sudo'ing to echo?
<Neo4> when I try send message from gmail.com on neo@kselax.ru I didn't get anything
<Neo4> nacc: I want send from root at first
<nacc> Neo4: "on neo@..." -- do you mean *as* neo@ ... or *to* neo@... ?
<Neo4> on this mail neo@kselax.ru
<Neo4> from my gmail.com mail and I got nothing
<nacc> Neo4: ok, you didn't answer my second question
<nacc> Neo4: "on neo@..." -- do you mean *as* neo@ ... or *to* neo@... ?
<Neo4> to neo@kselax.ru
<Neo4> from neovichnn@gmail.com
<Neo4> on /var/postfix/main.cf I have this mydestination = kselax.ru localhost
<Neo4> it seems mails will delivered only from kselax.ru and from localhost?
<Neo4> neovichnn@gmail.com ?
<Neo4> must be I need add gmail.com there, Now will try
<Neo4> no, doesn't work
<nacc> Neo4: i have a hard time following what you are doing, please dont use enter as punctuation
<nacc> Neo4: mydestination = kselax.ru means that anything sent to *@kselax.ru on that machine will be delivered locally
<Neo4> nacc: it is not influence on deliver from other machines?
<nacc> http://www.postfix.org/BASIC_CONFIGURATION_README.html#mydestination
<Neo4> understood, I thought there should be names for others
<Neo4> I'd read that and didn't understood anything
<nacc> Neo4: then, without intending offense, maybe setting up a mailserver isn't for you
<nacc> Neo4: or you need more basic level knowledge of mail routing, etc. before you do an actual implementation
<Neo4> nacc: no, my, I know how that origin is my last part and what mean destination, Will learn ahead :)
<Neo4> nacc: it's very fast do you think I'll be give up
<nacc> Neo4: i don't undersand what you wrote, sorry
<Neo4> nacc: when you read that doc it means that destination is specify domain that will delivery from somewhere far like gmail.com or something else
<nacc> Neo4: no
<nacc> that's not at all what it says
<nacc> "The mydestination parameter specifies what domains this machine will deliver locally, instead of forwarding to another machine."
<Neo4> yes I've understood for now
<nacc> it doesn't talk about other domains at all
<Neo4> yes, yes, I know and test show it
<nacc> Neo4: again, are you sure you want to run your own mail server?
<nacc> if you're using gmail already, just use gmail?
<Neo4> before my mails that I send on gmail.com had been deliverd on gmail and now after put gmail.com to my destination I've got nothing
<Neo4> nacc: yes,
<nacc> Neo4: send *on* gmail? do you mean *to* gmail?
<nacc> Neo4: sending "on" gmail sounds like you are using the web intnerface
<Neo4> nacc: any serious administrator must know how to configure server :)
<Neo4> own mail server is need almost for any organization and this is very important ability
<nacc> Neo4: i think you're putting the cart before the horse a bit
<nacc> many companies just pay google to do it, because it's a PITA
<nacc> (imo)
<sarnold> Neo4: a huge number of companies outsource it to google or microsoft, because it's such a pain in the ass to host email these days
<Neo4> nacc: I mean to neovichnn@gmail.com after put domain to mydestinaton = gmail.com It wont send
<nacc> Neo4: well, yes, becuase that's what mydestination does
<nacc> Neo4: you told postfix that gmail.com is your local destination
<sarnold> Neo4: take a look at "g suite email" https://support.google.com/domains/answer/6069226
<nacc> Neo4: you are welcome to continue to learn how to use postfix, but realy most of your qquestions should be directed to a postfix-specific channel, it feels like, or the docs
<sarnold> yes the name is stupid but $5/mo to not think about email sounds like a good deal to me :)
<nacc> Neo4: but honestly, it seems like more work than it's worth, and you already have gmail
<Neo4> sarnold: really? I've watched this video https://www.youtube.com/watch?v=iPz8wf2i-Gw
<Neo4> and guy said it's very important skill, and this is considered the must difficult task for administrators because should be configure a few programs for works together
<nacc> right, it's difficult and fiddly to get right
<nacc> so why are you doing it? just to have it on your list because a youtube video said so?
<Neo4> nacc: in that video that guy did it for 1.5 hours
<sarnold> Neo4: it's extremely difficult, it *is* important, but many companies don't even want the trouble.
<Neo4> very fast
<nacc> Neo4: did what for 1.5 hours?
<nacc> Neo4: you mean they configured a mail server in 1.5 hours?
<nacc> Neo4: fine, go do exactlly what they did...
<Neo4> sarnold: he said many companies required own mail server, and that server that he show in video is real server that can be work perfectly
<Neo4> nacc: yes with preconfigured config files
<nacc> Neo4: right, so not realistic at all
<nacc> Neo4: yes, if you have *already* configured your mail server, configuration is easy
<nacc> that seems rather circular
<sarnold> the first mail server I set up I spent a solid month reading the sendmail book before starting
<Neo4> nacc: see there, it's realistic, he has already files for apps and do it fast
<sdeziel> setting up a mail server is only one part of the equation, ongoing maintenance need to be factored in
<nacc> and actually undrestanding what you are doing
<Neo4> sdeziel: he is not newbie, for him it's 1 - 2 hours
<Neo4> sarnold: I also spent much time but I think it worth it, Soon I'll have my server and be able send many massage for people )
<sarnold> Neo4: the trouble is, email is way more difficult today than it was twenty years ago
<sarnold> granted, postfix is a thousand times better than sendmail
<sarnold> but spf and dkim and god knows what else is so much harder
<TJ-> gap in the market for a config tool then :)
<Neo4> sarnold: in video didn't use spf and dkim. there use postfix, mysql, clamd, clamSMTP, spamassassin, postfixadmin and squirrelmail
<Neo4> I think for start we can do it without spamassassin, clamd and clamdSMTP
<sarnold> Neo4: does he get around to *sending* mail??
<Neo4> don't know might be
<Neo4> I can send on gmail without spf and dkim
<Neo4> sarnold: it won't problem install this if you know all of rest
<Ussat> That video is very wrong, its hardly an important task now, maby 5 years ago, but now most big corps dont do that in house
<nacc> Ussat: +1
<Ussat> sigh
<Ussat> Open a ticket to SAN team requesting a 3TB mount for a VM, ticket comes back.....this has been completed
<Ussat> Whats the mount point ???
<Ussat> sigh
<nacc> heh
<ahasenack> nacc: hey, any idea what's going on here? It's a clean checkout (branch listed at the bottom): https://pastebin.ubuntu.com/26446136/
<ahasenack> for some reason it thinks there are changes not represented as a patch? And then fails
<nacc> ahasenack: i'd need to  try and reprodcue it locally
<nacc> ahasenack: is the branch pushed somewhere?
<nacc> ahasenack: the file it's iterating is the generated patch
<ahasenack> nacc: git ubuntu remote add paelzer
<ahasenack> then checkout lp1726879-artful
<nacc> ahasenack: for SA?
<ahasenack> yes
<nacc> ahasenack: give me afew
 * ahasenack likes git ubuntu remote add <person>
<nacc> esp. as we use it for bugfixes and stuff going forward
<nacc> it makes it so much easier to do Git reviews (for me)
<ahasenack> same
<ahasenack> hm, I wonder if this package has two tarballs
<ahasenack> it does
<ahasenack> spamassassin_3.4.1.orig-pkgrules.tar.xz and spamassassin_3.4.1.orig.tar.xz
<nacc> we *should* handle that ok
<nacc> ahasenack: which snap are you at?
<ahasenack> nacc: lemme check
<ahasenack> nacc: git-ubuntu  0.6.2+git59.1e67e4c  350  nacc       classic
<nacc> ahasenack: hrm, i don't see that from the store anymore
<nacc> but htat's ok
<ahasenack> I can update
<nacc> my git-ubuntu fixes snap (locally built) didn't hit anything with that branch
<nacc> i'm switching to edge to check again
 * ahasenack gets 351
<ahasenack> nacc: I still see it with r351
<nacc> ahasenack: ok, i'm stilll d/ling it here
<nacc> ahasenack: interesting, reproduced, debuggin
<ahasenack> cool
<nacc> ahasenack: can you file a bug?
<ahasenack> on it
 * ahasenack -> eod
<ahasenack> cya tomorrow
<nacc> ahasenack: ok, it's related to component tarballs you were right
<nacc> ahasenack: https://bugs.launchpad.net/usd-importer/+bug/1738957 I think is the fix
<ubottu> Launchpad bug 1738957 in usd-importer "lint fails when multiple orig tarballs exist" [Undecided,In progress]
<nacc> but nnot 100%
#ubuntu-server 2018-01-24
<Checkmate> hello i have ubuntu server and i cannot receive and mails
<Checkmate> i have installed postfix
<Neo4> Hi
<Neo4> On my VPS is installed postfix and it sends mails on neovichnn@gmail.com but doesn't accept back
<Checkmate> Neo4 i have same problem
<Neo4> what I need to do for get back mail? MX? I didn't create it and watched in this video guy created it https://www.youtube.com/watch?v=xq-CkxQV-7o
<Neo4> Checkmate: do you have your own domain?
<Checkmate> i have try this command echo "This is the body of the email" | mail -s "This is the subject line" user@example.com
<Checkmate> not yet i have only vps
<Neo4> Checkmate: and you get message on user@example.com?
<Checkmate> no
<Checkmate> try maybe will work for you
<Neo4> Checkmate: example.com is your name of computer?
<Checkmate> no replace with your gmail
<Neo4> Checkmate: I can sent message it's work for me
<Neo4> Checkmate: I've already done it and it's work I can't get back mails
<Checkmate> you mean received mails
<Neo4> Checkmate: where you want send mail? I might be I can help you
<Neo4> Checkmate: yes receive, didn't receive
<Neo4> Checkmate: where you send mail? on this 'example.com'?
<Checkmate> i dont want send on anything i'm working on script peand i want to test $send option mail
<Neo4> what is peand?
<Checkmate> perl
<Neo4> oh
<Neo4> ok, you want locally get this message?
<Checkmate> i cannot receive mails
<Checkmate> i configure postfix correctly
<Neo4> it depends from what domain you send
<Neo4> really?
<Checkmate> gmail
<Neo4> what is in your mydestination?
<Checkmate> i'm making test to my gmail
<Neo4> and you get there message?
<Checkmate> no
<Checkmate> so what is the problem ?
<Neo4> you might not have configured correctly
<Checkmate> do you have video?
<Neo4> what the video?
<Checkmate> demo
<Neo4> for what?
<Neo4> no
<Checkmate> lool for postfix
<Neo4> what is this?
<Checkmate> sorry?
<Neo4> no don't have
<Neo4> I don't know what is loop for postfix
<Checkmate> well
<Neo4> can you show your main.cf?
<Checkmate> what did you run on your vps?
<Neo4> Seems you put there something wrong
<Neo4> site and other crape
<Checkmate> relayhost =
<Checkmate> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
<Checkmate> mailbox_size_limit = 0
<Checkmate> recipient_delimiter = +
<Checkmate> inet_interfaces = localhost
<Checkmate> inet_protocols = all
<Neo4> I used it for test in overall
<Neo4> what is origin?
<Neo4> what is mydestination?
<Neo4> myorigin and mydestination?
<Checkmate> localhost
<Checkmate> myorigin = /etc/mailname
<Neo4> ok, gmail might not accept mails without real domainname. What is in that file? Name of yoru computer something like 'ubuntu-blablabla'
<Neo4> try send mail to other provider
<Neo4> or you can sand mail to localhost
<Neo4> do you know how check mails? in /var/mail
<Neo4> there should be files for each users with mails
<Checkmate> no no
<Checkmate> the problem i cant remember
<Checkmate> i have configured smtp on other server work perfectly
<Neo4> and there exists logs files sudo tail -f /var/log/mail.log
<Neo4> Checkmate: really? You can look at log file /var/log/mail.log
<Neo4> run that using (sudo tail -f /var/log/mail.log) and you'll be able track changes in realtime
<Checkmate> shit men u know why
<Checkmate> because lol we cannot send mails without domain
<Neo4> reallY?
<Checkmate> yeah men
<Neo4> we can, there your domain is name of your computer
<Checkmate> my last server vps have domain name linked
<Neo4> no, I think no
<Neo4> you can send, from can be anything
<Neo4> try send to localhost
<Neo4> do this (echo "body" | mail -s "subject" root@localhost
<Neo4> seems so
<Checkmate> yes right
<Neo4> instead localhost you should put value from your console http://pix.toile-libre.org/?img=1516772510.png
<Checkmate> i'm sure i miss something on installation
<Neo4> or from yoru 'myorigin'
<Neo4> I don't know what you put there
<Neo4> there should be name after your username@  in console
<Neo4> and then check sudo nano /var/mail/root
<Neo4> there must be new mail
<Neo4> just localhost, it should be work, others won't work because you have in mydelivery = localhost only
<Checkmate> do you know how to get all history command
<Neo4> for deliver others domains you must specify them there
<Neo4> no
<Neo4> arrow up or down
<Neo4> how to list
<Checkmate> you know nothing on linux right?
<Neo4> :)
<Neo4> no, nothing it's zero, and I know much
<Checkmate> good
<Neo4> much far from zero )
<Neo4> know how to install LAMP on VPS, how to create virtual hosts for apache
<Neo4> nothing it's underestimate yourself :)
<Neo4> Checkmate: postfix badly know
<Neo4> MX
<Checkmate> work good
<Neo4> Checkmate: who does work good?
<Neo4> Checkmate: postfix?
<Neo4> yes,
<Neo4> do it for receive message and basics configuration will have been done
<Checkmate> what is your problem?
<Neo4> I didn't create MX? Is it neccessary always to create?
<Neo4> I've never run postfix
<Checkmate> try to install it
<Neo4> I'm not sure need it or not? Is it exaclty for receive should be MX?
<Checkmate> i'm trying to get back all command from last vps cause its important i think
<Neo4> I asked in DNS, What is it and why it need. Mail exchanger and will bothering my host support :)
<Checkmate> look like this one
<Checkmate> apt-get install build-essential libexpat1-dev libgeoip-dev libpng-dev libpcre3-dev libssl-dev libxml2-dev rcs zlib1g-dev
<Neo4> Checkmate: you should have saved all command in file
<Checkmate> apt-get install php7.0-bcmath
<Checkmate> no in var/log or by history
<Neo4> Checkmate: don't know, Ther was something important? I have my own file where I've put all my command for VPS, Separate it on sections, it's 8 pages
<Checkmate> to get smtp work correctly ithink you need to install all php things
<Neo4> then when install VPS I look at there
<Neo4> there all installed
<Checkmate> i'm sure you miss something
<Neo4> no, I miss MX
<Checkmate> create info.php file
<Neo4> how my server receive files from external mailserver?
<Neo4> see mail exchanger
<Checkmate> <?php phpinfo(); ?>
<Neo4> what does it means, should be it thing that alter mail?
<Checkmate> you need to check all things
<Checkmate> smtp php ....
<Checkmate> do you have domain linked on ur vps?
<Neo4> yes
<Neo4> kselax.ru
<Checkmate> will be easy for you just run the script and see what happen when you send
<Neo4> ok
<Checkmate> when you run php like wordpress or something
<Checkmate> will receive error and you will fix it easy
<Neo4> Checkmate: I fixed, it's not blame, reason is something other
<Checkmate> also install newer version of php
<Neo4> Checkmate: https://en.wikipedia.org/wiki/MX_record
<Neo4> there written MX accept mails
<Checkmate> you slove the problem?
<Neo4> Checkmate: soon
<Checkmate> Neo4
<Neo4> I've created mail.kselax.ru it's my MX mail exchanger
<Neo4> Who know what shall I put in hosts file?
<lordievader> Good morning
<Neo4> my server is listen loopback http://pix.toile-libre.org/?img=1516779389.png
<Neo4> How to make it listen my real IP 91.227.18.35
<cpaelzer> hi lordievader
<cpaelzer> good morning to all of you
<cpaelzer> Neo4: I assume you mail server isn't directly on that external IP
<cpaelzer> Neo4: so you need to forward ports
<cpaelzer> Neo4: well it all dpeends from your actual network topology, anything I assume could be wrong
<lordievader> Hey cpaelzer how are you doing?
<cpaelzer> great, and you?
<lordievader> Doing good here :)
<cpaelzer> ahasenack: hey I sponsored samba as requested, but have a question
<Neo4> cpaelzer: it has the same IP
<cpaelzer> Neo4: ok, then it is "only" part of the actual mailservers config
<cpaelzer> Neo4: but since ther is no single "the mailserver" the answer might still vary a lot :-)
<cpaelzer> ahasenack: ahasenack: I needed to fall back to dpkg-buildpkg and checked the debdiff matches the proposed changes
<cpaelzer> ahasenack: did you see soemthing like https://paste.ubuntu.com/26449720/?
<cpaelzer> ahasenack: nacc: If I run commands in lines 30-34 manually I'm just fine
<Checkmate> guys i have a lot of files named c_sessions1873773
<Checkmate> on /tmp
<Checkmate> any idea how to disable this mistake
<Checkmate> i belive by php.ini right ?
<Checkmate> give me solution breakfast and will back
<cpaelzer> Checkmate: maybe http://www.php.net/manual/en/function.session-save-path.php#98106 ?
<cpaelzer> quite old thou
<Checkmate> thanks wait i check
<Checkmate> cpaelzer i need to add session on all php pages on my domain ?
<cpaelzer> Checkmate: not as I read it
<cpaelzer> Checkmate: search engines give me plenty of results, but all vary slightly
<cpaelzer> Checkmate: my half-guessing TL;DR is that the garbadge collection doesn't catch your files
<cpaelzer> you already have sort of a session, that create those c_session files
<cpaelzer> it is about configuring the gc to catch those
<cpaelzer> if your case creates these files via a different mechanism, then none of that applies
<Checkmate> cpaelzer maybe cause i disabled cookie session by htaccess code
<Checkmate> last week
<Checkmate> cpaelzer when i try to open or download one of this files i get Error message from server: No such file
<cpaelzer> odd
<cpaelzer> maybe already deleted files with stale file handles or anything like it
<cpaelzer> does lsof show these files still open by something?
<Checkmate> no
<cpaelzer> Checkmate: so you have a file you can not open, is not open by anything, but listed by ls?
<cpaelzer> what says stat on one of these files?
<cpaelzer> also ENOFILE?
<cpaelzer> and also stat --file-system on the same
<cpaelzer> Checkmate: ^^
<Neo4> I might be have to install webmail?..
<Neo4> What is popular web server apps?
<Neo4> or literature something like ubuntu guide overview posibilitec
<lordievader> Apache(2) and Nginx are large players.
<Neo4> yes, using it might be 90% of all internet apps made
<Neo4> LAMP LEMP, mail server, and nothing else?
<Neo4> I'm going to learn crone... have never use it
<Neo4> popular chat, I want to learn server apps...
<Neo4> interesting exists some literature about app on linux servers...
<Neo4> simple overview
<Neo4> in ubuntu server guide is written many differ apps, I learned that we can create own wiki using CMS. That guide seems have been written by a few differ people, because when read noticeable immediately differ  vocabulary
<lordievader> What is your goal? Just to learn? If so, learn to use Google effectively.
<Neo4> I can't understand what does mean this new notion 'reverse proxy' know it use for node.js...
<lordievader> Reverse proxies are nice. Makes your webserver forward the request to a backend server transparent to the user.
<Neo4> lordievader: just overview linux possibilities, for know what is created and don't create wheel in future
<lordievader> That ain't easy. Linux has many possibilities.
<lordievader> Too many to count.
<Neo4> lordievader: dns nice, better maybe something read general like dns how internet work and so on....
<Neo4> lordievader: and you know what apps have already created? I don't
<lordievader> Is there a need to know every application in existence? When I have a job that needs doing only then do I look what is available.
<lordievader> For you other (sort-of) question: read books, read web-pages, read man-pages, etc.
<lordievader> Oh, and experiment.
<Neo4> lordievader: no, you don't need to know equal apps, like postfix and exim or roundcube, squirrel, just one differ apps
<Neo4> it need for get common imagine what we have made and make  you more proficient like developer
<Neo4> lordievader: I don't
<lordievader> Neo4: Like I said: read, google, experiment, read more. You won't suddenly know everything overnight, but you'll learn eventually.
<Neo4> lordievader: linux is not so bad like it was before when you only install it :)
<Neo4> lordievader: for example  this technology do you know how to create video chats, sites where video and voice? What if these sites we can easy to create and there exists some app that is used for it
<lordievader> What are you asking? That sentence only made half sense -.-
<Neo4> lordievader: I mean site like famous chaterbat
<Neo4> where video call and voice
<Neo4> real time applications
<lordievader> Yes? What about it?
<Neo4> lordievader: porn video chat
<lordievader> I really don't know where you are going with this...
<Neo4> lordievader: doesn't matter, just simply wondering.... :)
<Neo4> lordievader: and exists sites of services that is exchange money online, or for example exchange bitcoints?
<lordievader> Well anyways, like I was arguing before, it is often easier to search for information if you have a clear goal in mind (for example I want to know about webservers). Rather than, 'I want to know everything about Linux'.
<Neo4> yes, ok, agree, and this is big theme, and impossible to know everything...
<Neo4> better to learn common things DNS internet algorithms schemes and whatever you think is common thing ....
<Neo4> or what you like
<Neo4> better what you like and want
<Neo4> :)
<ahasenack> cpaelzer: I think you need --for-merge
<ahasenack> did you sort that out?
<cpaelzer> no I didn't
<cpaelzer> fell back to dpkg-buildpkg
<cpaelzer> but yeah I see your point as it is only a mior bump
<cpaelzer> I'd not see how that would boil down to the equiv package failing to install thou
<cpaelzer> ahasenack: ^^
<cpaelzer> ahasenack: btw I still fail the build missing the equivs
<cpaelzer> as I wrote this morning
<ahasenack> ok, time to check some excuses regressions
<ahasenack> Segmentation fault (core dumped)
<ahasenack> pcmk                 FAIL non-zero exit status 139
<ahasenack> that's quite the start
<ahasenack> it's been failing like this since november last year
<ahasenack> at least looks like it's reproduceable
 * ahasenack brings up an s390 vm
<ahasenack> cpaelzer: hi, do you know something about ocfs2 filesystem kernel modules not being enabled for s390?
<ahasenack> I have fs/ocfs2/dlmfs/ocfs2_dlmfs.ko in my amd64 4.13.0-31-generic kernel
<ahasenack> but it's not there for s390x's 4.13.0-30-generic
<ahasenack> bionic
<ahasenack> unless that small bump from #30 to #31 introduced it
<ahasenack> but there doesn't seem to be a 4.13.0-31 for s390x in the archive
<cpaelzer> ahasenack:  /lib/modules/4.13.0-21-generic/kernel/fs/ocfs2/ocfs2.ko
<cpaelzer> oh I see dlmfs
<cpaelzer> moment
<cpaelzer>  /lib/modules/4.13.0-21-generic/kernel/fs/ocfs2/dlmfs/ocfs2_dlmfs.ko
<ahasenack> hm, 21
<cpaelzer> might not be in 4.4 maybe?
<ahasenack> it's 4.13
<cpaelzer> oh you are on 4.13 as I am
<ahasenack> but a bit ahead
<cpaelzer> let me update
<cpaelzer> umm I am on latest in bionic
<cpaelzer> where did you get the -30 for?
<cpaelzer> oh artfuÃ¶
<cpaelzer> artuful
<cpaelzer> I see
<cpaelzer> maybe not enabled in artful yet?
<cpaelzer> grep -i ocfs /boot/config-* ?
<ahasenack> wait, did I boot up artful?
 * ahasenack checks
<ahasenack> no, I'm definitely on bionic
<ahasenack>  *** 4.13.0-30.33 500
<ahasenack>         500 http://ports.ubuntu.com/ubuntu-ports bionic-proposed/main s390x Packages
<ahasenack> Linux bionic-andreas 4.13.0-30-generic #33-Ubuntu SMP Mon Jan 15 19:47:38 UTC 2018 s390x s390x s390x GNU/Linux
<ahasenack> cpaelzer: that grep: https://pastebin.ubuntu.com/26451125/
<ahasenack> what's yours?
<ahasenack> root@bionic-andreas:~# find /lib/modules/ -name '*ofcs2*'
<ahasenack> root@bionic-andreas:~#
<ahasenack> :/
<ahasenack> smb: hi, do you know something about ocfs2 modules not being in bionic's s390x kernel?
<smb> ahasenack, no, sorry. sforshee ^?
<ahasenack> it's early for him :)
<sforshee> ahasenack: I'm awake, let me look
<ahasenack> sforshee: wow :)
<sforshee> ahasenack: looks like it should be enabled for s390x
<sforshee> which kernel specifically are you referring to?
<ahasenack> sforshee: 4.13.0-30-generic #33
<ahasenack> sforshee: https://pastebin.ubuntu.com/26451125/ my grep in the config files
<ahasenack> but find /lib/modules/ found nothing
<ahasenack> let me grep the pkg
<ahasenack> root@bionic-andreas:~# dpkg -l linux-image-4.13.0-30-generic|grep -i ocfs
<ahasenack> root@bionic-andreas:~#
<ahasenack> er
<ahasenack> let me do that again with the right option
<sforshee> ahasenack: do you have linux-image-extra installed?
<sforshee> might be in there
<ahasenack> same result
<ahasenack> let me check extra
<sforshee> *extras
<sforshee> sorry, I was right he first time, no s
<ahasenack> sforshee: got it, it was in
<ahasenack> linux-image-extra-4.13.0-30-generic
<ahasenack> linux-image-extra-4.13.0-30-generic: /lib/modules/4.13.0-30-generic/kernel/fs/ocfs2/dlmfs/ocfs2_dlmfs.ko
<ahasenack> sforshee: I'll update the test dependencies to include that
<ahasenack> thanks for your help
<sforshee> np
<ahasenack> maybe I didn't have linux-image-generic installed, as it includes extra
<ahasenack> I'll investigate
<ahasenack> ok, now I get the core dump :/ (another issue)
<ahasenack> + o2image /dev/loop0 /tmp/disk.image
<ahasenack> Segmentation fault (core dumped)
<ahasenack> let's see
<ahasenack> I actually get a kernel backtrace
 * ahasenack tries an older kernel
<ahasenack> same
<ahasenack> cpaelzer: have you seen this dmesg error in s390x before? https://pastebin.ubuntu.com/26451318/
<cpaelzer> yes
<ahasenack> oh, do tell
<cpaelzer> it is more of a class of issues than pointing to a specific thing
<ahasenack> I found a bug in rsyslog about it, fixed with a new rsyslog upload
<ahasenack> so not a kernel bug I take it
<cpaelzer> ahasenack: this is essentially trying to access a bad pointer
<ahasenack> ok, plain segfault-like?
<cpaelzer> yep
<cpaelzer> "like"
<ahasenack> oh, xnox opened a bug about it: https://github.com/markfasheh/ocfs2-tools/issues/22
<cpaelzer> llgc	%r1,0(%r3) with r3 being zeros
<cpaelzer> that means access addr 0
<ahasenack> xnox: did you also open an ubuntu bug about that perhaps?
<Checkmate> cpaelzer
<Checkmate> sorry my laptop crashed
<Checkmate> i didnt answer on time
<cpaelzer> Checkmate: that explains the sudden loss of communication :-)
<cpaelzer> Checkmate: I hope you are good again
<Checkmate> stat --file-system
<cpaelzer> and the same withotu --file-system
<cpaelzer> was just a try to get what those files could be about
<cpaelzer> since you can't open, remove or do anything
<ahasenack> xnox: I filed one
<Checkmate> command not found
<Checkmate> er
<Checkmate> cpaelzer  File: 'ci_session50ebed2631a437a4b2b9bf7c6e8aab97a3b483ed'
<Checkmate>   Size: 34              Blocks: 8          IO Block: 4096   regular file
<Checkmate> Device: 801h/2049d      Inode: 17664003    Links: 1
<Checkmate> Access: (0600/-rw-------)  Uid: (   33/www-data)   Gid: (   33/www-data)
<cpaelzer> Checkmate: are you running CodeIgniter?
<cpaelzer> search engines show me plenty of issues around that in relation to those files
<cpaelzer> Checkmate: does your error log have messages like the one mentioned here https://github.com/bcit-ci/CodeIgniter/issues/3610 ?
<tobasco> jamespage: any info on gnocchi packages?
<Checkmate> cpaelzer yes i'm running codeigniter
<Checkmate> PHP  14. session_start() /var/www/html/web/system/libraries/Session/Session.php:141
<Nivex> Is this the right place to address an issue in autofs?
<ahasenack> if it's in ubuntu, I'd say it's a good place to start
<ahasenack> :)
<Nivex> https://bugs.launchpad.net/ubuntu/+source/autofs/+bug/1101779
<ubottu> Launchpad bug 1101779 in autofs5 (Ubuntu) "autofs "lookup_mount: exports lookup" fails on IPv6-only hosts" [Medium,Confirmed]
<Nivex> The patch is to build with libtirpc, which seems sane enough since autofs depends on nfs-common which depends on libtirpc anyway
<ahasenack> that's an old bug, wow
<Nivex> Yes, yes it is.
<Nivex> I'm hoping to shepherd it through before 18.04 so I don't have to live with another broken LTS
<ahasenack> at least libtirpc is in main
<ahasenack> do you know if upstream was ever notified?
<ahasenack> CHANGELOG:- add autofs(5) note of IPv6 libtirpc requirement.
<Nivex> There's a couple Debian bugs open on it. I linked to one in the comments toward the end. That bug has been open for four years.
<ahasenack> "       To be able to use IPv6 within autofs maps the package must be build to use the libtirpc library for its RPC communications. This is becuase the glibc RPC  implementation  doesn't
<ahasenack>        support IPv6 and is depricated so this is not likely to change.
<ahasenack> "
<ahasenack> that's from the manpage autofs(5)
<ahasenack> sounds like a straight forward fix, unless there are downsides in using libtirpc
<ahasenack> Nivex: would you be able to test a bionic package if I gave you a ppa?
<Nivex> I can probably spin up a VM
<ahasenack> ok, I'll let you know once it's built
<ahasenack> are you subscribed to the bug? I can paste the link there
<ahasenack> kevin? Looks like you are
<Nivex> I flagged it as affecting me, so I probably do
<ahasenack> did you receive my comment in the bug about the autofs(5) manpage?
<Nivex> not yet, but bug mail can be slow sometimes
<ahasenack> ok
<ahasenack> rbasak: hi, could you please kick a git import for 389-ds-base?
<ahasenack> nacc: or you ^
<rbasak> ahasenack: OK, running
<Nivex> ran into a wall getting my bionic test vm ready. rpc.gssd is failing to start "ERROR: opendir(/run/rpc_pipefs) failed: No such file or directory"
<ahasenack> rbasak: thanks
<ahasenack> Nivex: everything up-to-date?
<Nivex> yep
<DammitJim> is there a recommended software to set up a highly available file server using ubuntu?
<DammitJim> I'm reading about Hadoop, but I don't know if that can share files that I can access from windows and Linux easily
<dpb1> Hadoop certainly seems like the wrong thing. :)
<DammitJim> yikes
<DammitJim> I don't know where I got the idea that a hadoop cluster would provide a highly available file server
<DammitJim> any other options?
<DammitJim> I think I read a little about glusterfs
<Nivex> I rebooted and rpc.gssd had started. Not sure what the deal was, but I can do my test mount now.
<DammitJim> or is this as simple as setting up a cluster NFS servers?
<Nivex> ahasenack: I think I'm ready for your test PPA
<DammitJim> is there DRBD in Ubuntu?
<mason> drbd8-utils/xenial 2:8.9.6-1 amd64
<mason> And I guess more to the point, /lib/modules/4.4.0-112-generic/kernel/drivers/block/drbd/drbd.ko
<DammitJim> thanks mason
<DammitJim> so, doing something like this probably makes more sense: https://help.ubuntu.com/community/HighlyAvailableNFS
<ahasenack> Nivex: packages built, fwiw: https://launchpad.net/~ahasenack/+archive/ubuntu/autofs-ipv6-1101779/
<Nivex> ahasenack: booya! worked right off the bat
<ahasenack> nice
<ahasenack> I hope ipv4 keeps working too :)
<Nivex> I actually can't test that since my krb5 realm is v6 only
<ahasenack> nice setup
<ahasenack> rbasak: lp auth url? :)
<kneeki> So while I was installing server 17.10 I mistakenly selected my wifi adapter as my default connection instead of wired (enp3s0f0), now when the server boots up it doesn't establish a connection to the net until I 'sudo dhclient enp3s0f0'. I've tried adding 'auto enp3s0f0\niface enp3s0f0 inet dhcp' to /etc/network/interfaces but that doesn't seem to fix the problem. Any ideas what is next?
<Nivex> ahasenack: anything else you need me to do to keep this moving forward?
<ahasenack> Nivex: reply in the bug saying you tested the package from the ppa with ipv6 and that it worked, that would help
<ahasenack> maybe do the same in the debian bug
<ahasenack> even though these are not debian builds
<Nivex> I updated the launchpad bug. I updated the Debian bug 10 days ago asking if their patch could be pushed but it's been silence. The patch was provided 5+ months ago, so that maintainer apparently isn't paying attention to the bug reports.
<ubottu> Error: Debian bug 10 could not be found
<Nivex> heh. debian bug 737679 for those playing along
<ubottu> Debian bug 737679 in autofs "autofs does not appear to support IPv6 hostname lookups for NFS mounts" [Important,Open] http://bugs.debian.org/737679
<ahasenack> Nivex: sorry, my connection dropped for a moment
<ahasenack> I was saying you should comment on both bugs about the test you made
<Nivex> ahasenack: updated the LP bug. I updated debian bug 737679 ten days ago asking if the patch (provided 5+ months ago) could be integrated but still crickets.
<ubottu> Debian bug 737679 in autofs "autofs does not appear to support IPv6 hostname lookups for NFS mounts" [Important,Open] http://bugs.debian.org/737679
<ahasenack> Nivex: I pushed an MP, my colleagues should take a look soon
<Nivex> ahasenack: wonderful, thanks!
<ahasenack> thanks for bringing it up
 * ahasenack stares at the 386-ds-base dep8 test setup and scratches head
<ahasenack> IP=`ip route get 1.1.1.1 | awk '{print $NF; exit}'`
<ahasenack> ah, the fix is in bionic-proposed
 * ahasenack checks where that migration is at
<ahasenack> all tests green
<ahasenack> needs python-ldap to pass
<ahasenack> rbasak: nacc: hi, could one of you please import freeipa into git? Thanks
<nacc> ahasenack: i will start it
<ahasenack> thx
<nacc> rbasak: --^ fyi
<ahasenack> nacc: I tried using https://code.launchpad.net/~racb/usd-importer/+git/usd-importer/+merge/336300 to start my bind9 merge, just to see how far I would get
<ahasenack> nacc: it all seems to work until I rebase logical into new/debian
<nacc> ahasenack: what happens?
<nacc> ahasenack: that's not related to git-ubuntu at that point
<nacc> all you have are Git commits you are rebasing onto another commit
<nacc> they might not all apply, like usual
<ahasenack> nacc: that's the thing, they conflict in d/changelog
<ahasenack> which is unexpected
<ahasenack> https://pastebin.ubuntu.com/26453830/ is what rebase is trying to do
<nacc> ahasenack: oh wait
<nacc> ahasenack: that's still not right
<nacc> there should be no "import" lines in a logical rebase
<nacc> ahasenack: so ... let me think
<ahasenack> right
<ahasenack> nacc: my git log when I'm sitting at my logical tag
<ahasenack> nacc: https://pastebin.ubuntu.com/26453838/
<ahasenack> it seems fine
<ahasenack> on top of old/debian
<nacc> you might need to pass something to rebase so that it knows where to start
<nacc> i'm looking
<nacc> ahasenack: i think you want
<nacc> git rebase --onto pkg/debian/sid old/debian HEAD
<nacc> ahasenack: our graph now (generally) looks like "Here is how you would transplant a topic branch based on one branch" in `man git-rebase`
<ahasenack> so that rebase command,
<ahasenack> means get these commits between old/debian and HEAD (which is my logical)
<ahasenack> and apply them on top of pkg/debian/sid
<nacc> ahasenack: right, you're telling it your old base
<nacc> it's basically how you do partial rebase
<nacc> ahasenack: can you file a bug, i need to update the docs for that
<nacc> cpaelzer: fyi, the importer had't run since 1/9 (due to the lp outage). I'm reset it and its catching up now
<Checkmate> hey this command is right ?
<Checkmate> find "/tmp/" -name "ci_session|*" -mtime +6 -type f -delete
<sarnold> protip, run it once with -print instead of -delete and if you like the look of it, run it again with -delete
<Checkmate> delete files after 6 days
<patdk-lap> heh
<patdk-lap> testing is pointless
<patdk-lap> that will only delete files that haven't been modified in 6 days
<patdk-lap> personally I like to use ctime
<patdk-lap> force session expiration :)
<sdeziel> Checkmate: I don't think the "|" should be in the -name argument
<nacc> sdeziel: patdk-lap: fwiw, Checkmate just got kicked from #ubuntu for cursing and (it looks like to me) personally attacking a few helpers
<nacc> (and also crossposted the same question, which we try to discourage)
<sdeziel> nacc: ack
<Checkmate> sdeziel
<Checkmate> @daily root find /tmp/ -type f -mtime +4 -name ci_session\* -exec rm {} \;
<Checkmate> i dont attack anybody its just mistake
<mason> ikonia: Why praytell did you do that?
<nacc> ahasenack: fyi, freeipa imported
<nacc> mason: i'm assuming bleedover from #ubuntu
<Checkmate> no one want help me more great
<mason> nacc: Seems inappropriate.
<nacc> mason: could be; dunno
<nacc> mason: i'm not an op :)
<mason> Checkmate: sarnold's answer was the right one - test with -print.
<Checkmate> mason he answering protip not me
<mason> Checkmate: No, he meant it for you. "Pro tip" is a way to say "this is a best practise".
<Checkmate> and what the wrong on my command
<nacc> Checkmate: what are you trying to do?
<mason> Checkmate: The correctness of your command wasn't considered - just the notion that you want to test with -print and see what it says, rather than running it with -delete or not testing it at all.
<mason> ikonia: Public please. I didn't ask for a private message.
<Checkmate> i have codeigniter script required to create file with ci_session names
<ikonia> mason: ok, it's not your concern then
<mason> ikonia: Abuse of ops privs affects all of us.
<ikonia> mason: read the private message
<mason> ikonia: Learn netiquette and don't send unsolicited private messages.
<ikonia> mason: I am sorry for sending you a private message, if you read it you'll understand why I didn't "announce it" however, discussing other users issues within the namespace is not your concern, so please let it go
<hggdh> sigh
<nacc> rbasak: in master, gitubuntu/test_git_repository.py does not use the unittest or unittest.mock imports?
<rbasak> nacc: I think I'd have only imported them if I needed them
<nacc> rbasak: pylint3 also says unused
<nacc> rbasak: are they somehow used implicitly?
<rbasak> I don't think so.
<rbasak> Go ahead and remove
<nacc> rbasak: a comment mentions the mock, but I don't see it actually doing what the comment says :)
<rbasak> I'm surprised pylint didn't pick up on that
<nacc> it's not an error, we only check for errors
<nacc> (since we're not pylint clean yet)
<nacc> rbasak: not urgent, was just curious :)
<nacc> rbasak: sorry, if you're there -- do youy hve your Release pastebin for the scripts handy?
<hashwagon> Is unattended-upgrades the best way to automate security updates? Any better methods?
<rbasak> Not sure which pastebin you mean?
<rbasak> I guess the answer is no to "handy" then. Sorry!
<nacc> rbasak: heh, the one that added the signed Sources stuff
<nacc> (iirc)
<nacc> i don't believe you ever put that in a MP
<nacc> rbasak: I belileve you wanted me to pull that into my scripts branch
<mason> hashwagon: There's https://landscape.canonical.com/
<rbasak> nacc: oh
<rbasak> nacc: the signature verification thing?
<nacc> rbasak: yeah
<rbasak> nacc: repaste: http://paste.ubuntu.com/26454992/
<rbasak> nacc: IIRC I didn't consider that ready to push as-is though
<nacc> rbasak: thanks; landing your branches now, as well
<nacc> rbasak: ack, i'm adding tests
<nacc> rbasak: or were you saying we can leave it for lp-beta?
<rbasak> I think it's worth adding it now
<nacc> rbasak: +1
<rbasak> Not ready in terms of tests, yeah - but also docstrings, parameterisation of the keyring location, etc.
<nacc> yep
<nacc> that's all part of this brnach (or will be)
<nacc> the script-fixing one i'm doinng now
<rbasak> OK sounds good
#ubuntu-server 2018-01-25
<Neo4> why know what is DNS server? I've read about BIND if I install it what I'll get?
<genii> Headaches
<sarnold> Neo4: there's three types of DNS servers: authoritative, recursive, and forwarding
<sarnold> genii: lol +1
<Neo4> what does do DNS server? it return IP  of servers
<sarnold> Neo4: an authoritative server knows the IPs and names of specific services and so on
<genii> Neo4: Basically, yes.
<sarnold> Neo4: a recursive server knows how to start from the "root nameservers" and query each hierarchy of name servers to find an eventual answer to a question
<Neo4> sarnold: ok
<sarnold> Neo4: forwarding nameservers do not know how to query the roots, they just forward the question on "to the next nameserver", which *will* know how to answer the question
<Neo4> in general what shall I get?
<sarnold> Neo4: so which types of DNS server you need to run depend upon what services you want to offer
<sarnold> Neo4: if you have clients on a LAN that want to look up hostnames like www.yandex.ru, then you would probably want to run a recursive or a forwarding server for your clients
<Neo4> I will able put any domains to my DNS server? something like ns.my_fqdn
<sarnold> Neo4: if you want to provide services to the world with your own names, you could run an authoritative server
<Neo4> sarnold: I needn't any )
<sarnold> yes
<Neo4> just curious
<sarnold> if you want to run your own name servers, you would register your name servers with your registrar ("glue records")
<sarnold> Neo4: I strongly recommend powerdns instead of bind
<sarnold> Neo4: other popular choices are knot and unbound
<Neo4> sarnold: I want for test run one on digital ocean and overview all possibilities and settings )
<sarnold> Neo4: if you set up a recursive server DO NOT MAKE IT PUBLIC
<Neo4> on digital ocean popular BIND
<sarnold> bind was the first and still very popular
<sarnold> but they mix auth and recursive which has shown to be very dangerous
<sarnold> i've read both bind and powerdns sources and I know which one I'd rather run :)
<genii> unbound is fairly decent
<sdeziel> I concur, unbound is an excellent recursor
<sdeziel> I have yet to try powerdns but I think sarnold just convinced me ;)
<Neo4> if I have my own DNS somewhere I can bind there domainname and ip address from digitalocean and not use a cname and other from digitalocean panel?
<sarnold> powerdns folks also make a dns proxy, dnsdist -- during a recent round of dns DDOS attacks, folks with bind servers were able to servive by plopping dnsdist services in front
<Neo4> it might be this functionality is DNS
<Neo4> badly understand this notions
<sarnold> Neo4: you need to get IPs and IP routing from somewhere..
 * mason is a staunch BIND fan. Goes with the whole dinosaur thing. BIND and Sendmail forever!
<sarnold> mason: let me guess, *real* sendmail, no m4 for you? :)
<mason> No, I'm an M4 fan. In fact, I've had two customer issues come up recently where I got to spread the Sendmail love.
<sarnold> hehe, that's greatdnl
<mason> hah
<nacc> rbasak: hrm, did you not see this? https://paste.ubuntu.com/26455183/
<nacc> rbasak: makes the gpgv stuff ... unclear how to use. The manpage implies 2 is a fatal error
<hashwagon> On 16.04 the man page for unattended-upgrade says /etc/cron.daily/apt initiates the upgrade process. Anyone know why /etc/cron.daily/apt isn't generating for me? Has anyone else seen this?
<rbasak> nacc: I didn't see that in my testing. Perhaps you're using an older series than I di?
<rbasak> nacc: if so it's still a valid problem though.
<rbasak> Might be able to work around by providing the DSA public key too
<sarnold> hashwagon: looks like it's a systemd timer thing now
<sarnold> hashwagon: check out systemctl cat apt-daily-upgrade.service
<genii> sarnold: What's wrong with real sendmail? It's simple and efficient!
<sarnold> genii: "simple"? :) this is the first I've ever heard that word used with sendmail :)
<mason> Monolithic, single binary, single process. Few moving parts.
<mason> That it's self-aware is incidental.
<sarnold> hehe
<rbasak> sendmail.cf contains enough moving parts to make up for that.
<MJCD> hey y'all, I want to set up bind or dnsmasq or some such thing
<MJCD> and I want it to act as a dns cache
<MJCD> which just looks up non-cached or out of TTL type thing
<mason> MJCD: I like unbound for that sort of role.
<nacc> rbasak: i was checking xenial-updates as a random test on bionic
<nacc> rbasak: is the DSA public key available via a different keyring?
<MJCD> mason, oooh
<MJCD> let me google that
<MJCD> ohhhh
<MJCD> this looks great
<MJCD> and its recursive
<MJCD> yeah mason this is exactly perfect
<MJCD> I can set upto 4 forward-addr
<MJCD> which by default is already google dns
<MJCD> brilliant
<mason> MJCD: Good, glad you like it!
<MJCD> thanks so much
<MJCD> see y'all soon
<mason> o/
<nacc> rbasak: oh i see what i was doing wrong, i need to pass all the keyrings
<gibking> hi guys
<gibking>  i'm struggling with dhclient/ipv6 and wonder if i hit a bug or not
<gibking> DHCP Client System: trusty server, 4.4.0-111-generic, isc-dhcp-client  4.2.4-7ubuntu12.10
<gibking> host gets ip6 addr normally: "ip a s" inet6 2003:.../128 scope global valid_lft forever preferred_lft forever
<gibking> but after some time (probably has something to do with lease-time?) the ip becommed depreffered
<gibking> preferred_lft is set to zero and in syslog i can see: dhclient: PRC: Address 2003:... depreferred
<gibking> but this  does also happen on 16.04 server
<gibking> this is why i am not sure if its a bug or "working as designed"
<gibking> does anybody know whats happening there?
<gibking> RAs are beeing sent from the firewall and routes are refreshed normally.
<Shmam> Hi, I'm trying to get crontab to work. I have the following: `@reboot and inside of run, there is a bash script with `#!/bin/bash and then it cds into a dir and starts a nodejs script. But it doesnt work for some reason. If I try to do `/home/sam/Documents/repo/run` as a regular user, it works fine.
<cpaelzer> thanks nacc for the importer reset, AFAIK the missing versions were much older but I'll report next time I see something
<lordievader> Good morning
<cpaelzer> good morning
<lordievader> Hey cpaelzer
<lordievader> How are you doing?
<cpaelzer> hi lordievader, doing good for now
<cpaelzer> as soon as all I work on is built I'll face the wall of errors that I expect :-)
<disposable2> i have a LXD profile that had limits.memory.swap set to false. I've changed that to true. do i need to restart my containers for that setting to have any effect?
<cpaelzer> you can check if it directly applied via lxc config get <container> limits.memory.swap
<cpaelzer> I pinged a few friends who should know the answer about the restart
<cpaelzer> hopefully one shows up in a bit
<cpaelzer> disposable2: ^^
<disposable2> cpaelzer: thank you. i had tried the lxc config get before i asked but it doesn't return anything
<disposable2> only an empty line
<cpaelzer> for me as well, as soon as I set something it obviously retruns what  I set
<cpaelzer> I wonder what it tweaks in cgroups - is it only per continaer swappiness?
<cpaelzer> if so that would eb easy to check
<cpaelzer> disposable2: yes that is it
<cpaelzer> what is your /sys/fs/cgroup/memory/lxc/<container>/memory.swappiness
<cpaelzer> switching this off/on seems to swicth that between 0 and 50
<cpaelzer> so once you edited your profile from false to true, check if the value changed from 0 to 50
<cpaelzer> disposable2: ^^
<disposable2> cpaelzer: well, now that i've set it manually for all my containers, it says 50 for all the containers
<cpaelzer> which is the value for "true"
<disposable2> cpaelzer: yet, the ram is almost completely full and no swapping is happening. the host machine has vm.swappiness=60. hmmmmmm
<cpaelzer> that is the global default value
<cpaelzer> disposable2: and it will still swap only what it considers rather inactive
<cpaelzer> if you e.g. have cold page cache that will be dropped first
<cpaelzer> disposable2: if this is not your prod machine you can check if/when it would swap by using a mem eater keeping his memory hot and slowly increasing its size
<disposable2> cpaelzer: thank you for taking the time
<cpaelzer> stress-ng --vm-keep --vm 1 --vm-bytes can do that for you
<cpaelzer> I had my share of fun with swap in the past and experience sharing is part of the open source spriti right :-)
<soahccc> What would be the most sensible way to permanently change CPU scale governor? I found multiple ways: udev rule, sysfsutils (can't I use sysctl?) or just dump it into rc.local?
<ahasenack> xnox: hi, about my ping yesterday about ocfs2-tools on s390x
<ahasenack> xnox: I have an ocfs2-tools ftbfs upload stuck in excuses because the s390x tests fail. You filed https://github.com/markfasheh/ocfs2-tools/issues/22
<ahasenack> I mean, my upload fixes the ftbfs :)
<soahccc> I fixed my problem, turns out it was supposed to be on "ondemand" but system only has performance/powersave and it choose powersave as fallback
<soahccc> But on the topic of that: who defines these scaling governors? system or cpu?
<ahasenack> soahccc: have you tried cpufrequtils? (Sorry, didn't get the whole context)
<ahasenack> and/or cpufreqd
<soahccc> ahasenack: yea it's cpufrequtils (included in the image from the hoster) but they have ondemand in there but the new CPUs in our new servers don't have that
<ahasenack> and cpufreqd? Can't you chose a governor there and it will set it every time it starts, i.e., at every reboot?
<ahasenack> that being said, my artful system has this:
<ahasenack>  /lib/systemd/system/ondemand.service:ExecStart=/lib/systemd/set-cpufreq
<soahccc> there is no cpufreqd but I edited (and found it) in /etc/default/cpufrequtils
<ahasenack> which runs /lib/systemd/set-cpufreq
<soahccc> curiously there is a service "ondemand" which I guess should set governor to ondemand, no idea if I need that service for anything now
<ahasenack> do you have that systemd file above?
<ahasenack> maybe debug it, because it looks like it tries to do the right thing
<ahasenack> FIRSTCPU=`cut -f1 -d- /sys/devices/system/cpu/online`
<ahasenack> AVAILABLE="/sys/devices/system/cpu/cpu$FIRSTCPU/cpufreq/scaling_available_governors"
<ahasenack> check what you get for $AVAILABLE
<ahasenack> I have:
<ahasenack> $ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors
<ahasenack> performance powersave
<ahasenack> in a laptop, of course
<soahccc> I don't have both of these files
<ahasenack> not even the /sys/devices/system/cpu/..... one?
<soahccc> and sys reports only two governors
<ahasenack> is this xenial or what?
<soahccc> performance and powersave (same as cpufreq-info says), xenial yes
<soahccc> https://gist.github.com/2called-chaos/03263073f6d3ab83a9b9f72ee4a244f1
<ahasenack> in xenial you have /etc/init.d/ondemand?
<soahccc> yes, that's there
<ahasenack> it's similar code
<ahasenack> that is what is setting your governor
<ahasenack> you need it to be set to performance?
<soahccc> ahasenack: I assume it uses /etc/default/cpufreqinfo no? Because it was set to ondemand there and I guess it defaulted to powersave?
<ahasenack> it does not
<ahasenack> look at the script, it does not read /etc/default/cpufreqinfo
<ahasenack>  /etc/default/cpufreqinfo must come from another package
<soahccc> ahasenack: yeah and it has a comment in the file that it's from the hoster's installimage
<soahccc> I haven't restarted the machine yet (I set it to performance manually) but here's where I changed it to performance: https://gist.github.com/2called-chaos/457ee50f08df3a1b25059bedb80ba234
<ahasenack> I don't see a way in that /etc/init.d/ondemand script for it to set the governor to performance
<ahasenack> it's either interactive, ondemand, or powersave. If your system supports neither, it exits without touching the governor
<soahccc> I restarted ondemand service and it didn't change back
<ahasenack> which package profides that file? dpkg -S /etc/default/cpufrequtils
<ahasenack> provides*
<ahasenack> and then check if the package has an initscript or something like that, with dpkg -L <name>
<soahccc> no path found matching pattern /etc/default/cpufrequtils
<soahccc> but I guess it's from cpufrequtils (same name)
<ahasenack> makes sense
<soahccc> i   cpufrequtils                                                  - utilities to deal with the cpufreq Linux kernel feature
<ahasenack> look for an initscript in it
<ahasenack> and then check if it reads /etc/default/cpufreqinfo
<ahasenack> or just do grep /etc/default/cpufreqinfo /etc/init.d/*
<ahasenack> could also be an upstart job. Then do grep /etc/default/cpufreqinfo /etc/init/*
<ahasenack> and /lib/systemd/system/* for systemd
<soahccc> yeah there is and it does :) mystery solved (no idea why ondemand is there though)
<ahasenack> then that initscript should set it
<ahasenack> the only other possible problem is if it comes before the ondemand initscript, as the ondemand one could override the changes
<soahccc> I think the ondemand service is broken, the script reads AVAILABLE and DOWN_FACTOR variables, the latter doesn't exist
<soahccc> But do I even need that service if there is apparently a different service doing the same thing?
<ahasenack> it's part of the initscripts package, so you can't just remove it
<ahasenack> you can disable it
<ahasenack> if your cpufrequtils one comes after, though, there is no harm in keeping both
<soahccc> ahasenack: haha these fools, they misspelled "govenor" variable, their script wouldn't do shit even if I had ondemand
<ahasenack> which script? From ubuntu, or from your provider?
<soahccc> from the provider :D
<ahasenack> heh
<ahasenack> well, mistakes happen
<ahasenack> I'm glad you found out :)
<soahccc> took us 2 weeks actually. we ordered new servers and our page got slower. we were like "okay, microcode update, PTI and slightly worse single core performance"... yesterday I imported 500 million records and the page was faster and we were like ._.
<ahasenack> rbasak: hi, could you please (re)import gvfs into git? It's stale: bionic has 1.34.1-1ubuntu4, ubuntu/devel is at 1.32.1-0ubuntu1, and there is no bionic branch
<rbasak> ahasenack: running
<rbasak> We concluded that the importer had been stuck a while.
<ahasenack> rbasak: when it breaks like that, it's really stuck, or crashed?
<rbasak> I think Nish restarted it yesterday, but that's why it's behind on so many packages.
<ahasenack> a crashing importer is easier to handle than a stuck one
<rbasak> It hangs on talking to Launchpad
<ahasenack> mh
<rbasak> I think Nish also filed a bug to investigate where we need to fix the timeouts
<ahasenack> yes
<rbasak> I think it's within launchpadlib somewhere
<ahasenack> https://bugs.launchpad.net/usd-importer/+bug/1745211
<ubottu> Launchpad bug 1745211 in usd-importer "launchpad outages hang the importer and scripts calling into launchpadlib" [Undecided,New]
<ahasenack> cpaelzer just pointed me at it
<cpaelzer> at least our answers are in sync
<eoli3n> any help on this would be very appreciated -> https://unix.stackexchange.com/questions/419104/what-is-partuuid-from-blkid-when-using-msdos-partition-table/419116#419116
<eoli3n> please look at my comment of the answer
<eoli3n> i'm trying to kickstart install without breaking existing win7 install
<eoli3n> i'm not a end user, i need it as deploy tool
<eoli3n> without any manual intervention
<boxrick> I have had a few minor situations where 'atftp' package dies. Normally I would just use systemd and make sure the mode is restarted, or in the past used something like monit / runit to make sure the service stays up. So in the case of atftp it has an init.d script which is absorbed by systemd and ran. I would normally replace this, but is there a way of extending the option. So I can add a parameter like restart
<boxrick> always ?
<boxrick> Like a systemd extends for example
<Odd_Bloke> boxrick: Is https://askubuntu.com/questions/659267/how-do-i-override-or-configure-systemd-services what you're looking for?
<coreycb> jamespage: i got started on b3 deps for queens. here's the list of what remains: https://paste.ubuntu.com/26459041/ . i still have a few i'm wrapping up that aren't in that list.
<ahasenack> Nivex: hi, autofs uploaded to bionic :)
<Nivex> rock on!
<Nivex> You want another easy one? :)
<ahasenack> sure
<Nivex> https://bugs.launchpad.net/ubuntu/+source/partman-iscsi/+bug/1641656
<ubottu> Launchpad bug 1641656 in partman-iscsi (Ubuntu) "initramfs parameters invalid for IPv6 portal" [Undecided,New]
<nacc> rbasak: sorry, i've been afk on nhouse stuff; did you want to sync today still?
<rbasak> nacc: I'm tied up this evening now, sorry (not you - the team meeting running over and then hit my EOD)
<nacc> rbasak: totally fine; i did get one test written that ensures we are using the right URL for the Release -> Sources lookup
<nacc> rbasak: i'll see if the scripts are dtrt, and i'll put up a MP for you to look at and we can discuss further tests from there
<sdeziel> is there a way to ask systemd to sanity check a given unit?
<nacc> sdeziel: systemd-analyze verify <FILE> ?
<nacc> sdeziel: per https://github.com/systemd/systemd/issues/3677
<nacc> sdeziel: not sure how far you want the sanity checked :)
<sdeziel> nacc: I'm looking for a tool that will sanity check a unit and any override snippets it may have
<nacc> sdeziel: the above will only check the syntax, afaik
<sdeziel> nacc: indeed and it doesn't check the $foo.service.d directories either
<sdeziel> thanks anyway, I'll keep digging the various man pages
<sarnold> ship it all to another system and try?
<sdeziel> sarnold: I'm cooking a puppet module to let one drop some override snippets then trigger a service restart. The sanity check is to avoid the foot gun ;)
<sarnold> puppet step number one .. spin up a new server somewhere ..
<sarnold> hehe
<sdeziel> https://memegenerator.net/instance/55819969/chuck-norris-meme-testing-is-for-wimps-real-men-test-in-production
<sarnold> :)
<Nivex> http://i1.wp.com/agilescout.com/wp-content/uploads/2012/05/i-dont-test-my-code.jpg
<sdeziel> wow, someone loved it enough to create this https://www.idontalwaystestmycode.com/
<patdk-lap> I didn't know there was another way to test code
<sdeziel> "systemctl daemon-reload" will catch any typo in the unit but it's then too late and the bad file will be deployed
<ahasenack> nacc: I submitted https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888463 to debian
<ubottu> Debian bug 888463 in bind9utils "bind9utils: missing python3-ply dependency for python scripts" [Normal,Open]
<ahasenack> tomorrow I might check what's really going on: why debhelper didn't catch that
<nacc> ahasenack: what fille specifies ot upstream (e.g. requirements.txt) that ply should be used?
<nacc> ahasenack: it should be generated by python3:depends, aiui
<ahasenack> yeah, but it's not working. Not in ubuntu, nor in debian sid
<ahasenack> something with bind's build system probably
#ubuntu-server 2018-01-26
<nacc> ahasenack: total guess, but bin/python/setup.py seems to be missing any statement of its dependnecies
<TJ-> Had a strange lvm issue here. LV mirror with 2 sides plus log. Made it inactive to "lvextend -L 60G Archive/SourceCode" and then "lvchange -aly Archive/SourceCode" fails with 'device or resource busy. Eventually noticed with "lvs -a -o +devices" the attributes of the mirror sides were marked I (inconsistent) and the mlog no longer had the 'l' flag - compared to other similar mirrored LVs. Then, after
<TJ-> having used the 'lvs' command, 'lvchange -aly' worked!' I'd already tried to force a resync and that hadn't helped. Any ideas what was going on?
<b18c5> do i just install squid and im on a proxy server ? or how does that work ?
<tomreyn> b18c5: if you are connected to a server and install squid there then you're on a proxy server since squid is that. but i'm not sure that's what you're trying to do.
<b18c5> honestly im new on this o/s im used to windows, looking for a sense of security lol
<tomreyn> installing squid will not magically provide security. in fact any extra listening service you install increases the attack surface.
<tomreyn> what are you trying to achieve?
<b18c5> blocking my i.p adress
<tomreyn> if you block your ip address from your server then you won't be able to connect to your server anymore.
<b18c5> sorry, i'm trying to block my i.p adress from other people
<tomreyn> maybe you want to access the internet (or services on the internet) without disclosing the ip address of your router at home?
<sarnold> I'd suggest grabbing a book such as TCP/IP Network Adminstration before going any further
<b18c5> mainly on irc lol i feel like a target on here
<sarnold> if you wish to irc slightly anonymously then your best bet is Tor
<tomreyn> also read up on "irc bouncer"
<b18c5> how would tor work ? isn't that for web browsing ?
<tomreyn> tor works for any tcp protocol
<tomreyn> irc is a tcp protocol, as is http(s)
<b18c5> when i whois myself though my information pops up
<TJ-> b18c5: if you've a registered nickname on Freenode you can ask in #freenode for a mask
<b18c5> i did lol
<sarnold> note that a mask is only a 'best effort'; if services is down when you connect it can't help.
<b18c5> i tried a vpn but that shit was confusing
<b18c5> besides that issue, how would i do a disc clean up on a linux based system ?
<sarnold> sudo dd if=/dev/zero of=/dev/whatever bs=131072
<sarnold> that block size is just 128 kilobytes. there's nothing magical about that number. It's just big and a power of two.
<sarnold> some guy has put together 'dban', 'derik's boot and nuke', iirc, that does something similar for all connected hard drives.
<tomreyn> the names' "darik", and that's not really ubuntu related, but it's a commonly used option for overwriting hdd's.
<TJ-> it's easy to do from initrd; just boot with "break=premount" and then use the shell and dd to do parallel dd's on each device
<b18c5> i think i ended  up deleting and upgrading everything
<sarnold> tomreyn: d'oh! thanks :)
<tomreyn> sarnold: and i mixed you up with b18c5, sorry.
<mbff> Hello, I'm running into an issue where my Ubuntu server is not responding to port forwarded requests.
<mbff> I have disabled ufw. Nginx for example works on the lan and localhost but not from wan
<sarnold> what error messages do you get onthe clients and the server?
<mbff> nothing, it just hangs
<mbff> I see the packets hit with tcpdump, but curl hangs
<HateNetPlan> Hello, I asked this over in #ubuntu and they directed me here. I am trying to convert my /etc/network/interfaces to netplan, and am having trouble getting the routes to work the same. I was hoping someone would be able to help me make a new netplan yaml file based on my old config. Here is a picture of it (with netmask having a typo, woops) https://puu.sh/z9RAL.png
<cpaelzer> goot morning
<cpaelzer> taking a look HateNetPlan ...
<HateNetPlan> Good to hear!
<nacc> cpaelzer: thanks
<cpaelzer> get to bed nacc!
<nacc> cpaelzer: yeah :)
<mason> HateNetPlan: FWIW, I don't think ifupdown is going away. Merely deprecated.
<mason> I plan to cling to it like grim death.
<nacc> mason: +1
<nacc> i believe the default on fresh installs may have switched, or might switch, or something
<HateNetPlan> Someone will save it, that much I am sure
<nacc> but upgrades should keep ifupdown going forward
<nacc> and you can always install it manally
<HateNetPlan> Ubuntu 17.10 swapped already
<cpaelzer> yes
<HateNetPlan> It's default netplan
<cpaelzer> it is no more there by default
<cpaelzer> ifup/down
<cpaelzer> but still exists
<cpaelzer> HateNetPlan: as you already found hooks no more directly exist in netplan (as some of the backends don't have them)
<cpaelzer> see https://wiki.ubuntu.com/Netplan#Frequently-asked_questions
<cpaelzer> so for your case the recomended way is to encode the former logic in systemd services afaik
<cpaelzer> like https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ and such
<cpaelzer> it is a bad time of the day - afaik cyphermox works on converting some packages with hooks
<cpaelzer> I know they work on a how-to describing how to convert several old cases
<cpaelzer> but it doesn't exist yet (not that I'd know of)
<cpaelzer> HateNetPlan: I assume based on your eni-rule you wanted it to push/pop the routing rule every time it does up/down
<HateNetPlan> Yes.
<cpaelzer> to my lack of good phrasing netplan is meant to provide one simple config so that you don't mind to have to understand networkd and/or networkmanager - so you become independent where you are for the most common cases
<cpaelzer> I think we can agree that your case is interesting, but maybe not the most common one
<cpaelzer> netplan doesn't prevent you to use any special backend features
<cpaelzer> so on a server it would render to systemd-networkd
<cpaelzer> I wonder if we could express it there somehow
<cpaelzer> but https://www.freedesktop.org/software/systemd/man/systemd.network.html is rather lengthy for a fast "ah there it is" :-)
<HateNetPlan> Maybe I should have started around there haha, spent more time then I care to admit on this
<HateNetPlan> Thanks by the way. Now that it can even connect to the internet I can grab ifupdown as a backup
<cpaelzer> HateNetPlan: like this maybe as a start https://serverfault.com/questions/667319/systemd-networkd-and-direct-routes
<cpaelzer> if you want to go on trying to convert it fully
<HateNetPlan> Actually, based on that link
<HateNetPlan> That explains how much lxc is connected correctly
<HateNetPlan> Because that's how the .network file looks
<HateNetPlan> Ok, well I need sleep. It's 1 am for another day in a row, and I am just happy someone was able to help me
<HateNetPlan> I'll leave this open just to look back later to be sure
<cpaelzer> good luck on your way to a nic rename one day :-)
<lordievader> Good morning
<cpaelzer> hi lordievader, great Friday morning to you as well
<lordievader> Hey cpaelzer How are you doing?
<cpaelzer> good
<cpaelzer> after all - its Friday :-)
<lordievader> Indeed
<rzo1> Any plans on https://bugs.launchpad.net/ubuntu-release-notes/+bug/1531864 in the near feature? I think, people should decide themself, if they want to enable http2 support for there Apache2 from official packages...
<ubottu> Launchpad bug 1531864 in Release Notes for Ubuntu "HTTP/2 disabled in Apache httpd" [Undecided,Fix released]
<cpaelzer> rz_o1: yeah
<cpaelzer> rz_o1: that is done actually
<cpaelzer> well I need to read the details of the bug you linked, but I enabled http2 for apache in 18.04
<rz_o1> any plans for 16.04 too? :) but i am glad to here that for 18.04
<cpaelzer> rz_o1: not that I'd know of any 16.04 plans for it
<cpaelzer> the security maintenance ack for the http2 lib that is used only covers the version in bionic onwards
<cpaelzer> nginx had it earlier since they use a different implementation which was ack'ed before
<cpaelzer> by getting nghttp2 not only apache but also curl got http2 now - so you get a test tool against http2 with it as well now
<rz_o1> ok thansk for the info
<cpaelzer> yw
<jamespage> coreycb: I've done all of those dep updates apart from os-vif - which is being awkward with unit tests under py3
<jamespage> working that atm
<jamespage> tobasco: hi expect to get to re-adding the py2 compat patckage for gnocchi next week when we do m3
<jamespage> coreycb: re pxc-5.7 - I'm fairly happy with my branch now - its in https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3110
<ahasenack> nacc: indeed (wrt python3-ply), this fixed it: https://pastebin.ubuntu.com/26463772/
<coreycb> jamespage: great, thanks. I'll take a look at 5.7 and try it out. i see a lot of b3's are out too so i'll plan on starting on those today.
<coreycb> jamespage: i'm getting started on b3's
<ahasenack> rbasak: hi, could you please kick an import of sssd into git-ubuntu? 1.16.0-5 showed up in debian unstable
<ahasenack> g-u still has 1.16.0-3
<rbasak> ahasenack: running
<ahasenack> thx
<jamespage> coreycb: bah minor upgrade issue from 5.6->5.7 - that split out of wsrep.cnf is going to break things so will drop it
<coreycb> jamespage: ok that's fine with me
<tobasco> jamespage: cool, thx for the update, i will make sure to work on the puppet side when its available
<rbasak> ahasenack: should be done
<ahasenack> rbasak: hm, pkg/debian/sid is still at 1.16.0-3 instead of 1.16.0-5. LP could be lagging behind then?
<rbasak> ahasenack: yes: https://launchpad.net/debian/+source/sssd
<ahasenack> ah, I see
<jamespage> coreycb: btw did you confirm that pxc 5.7 is broken with gcc-7 or was that a forward copy from pxc 5.6?
<coreycb> jamespage: i think i confirmed that but it's been a while so i'm not positive
<coreycb> jamespage: i feel like it had compile errors with gcc-7
<xchat> hi
<xchat> i would like to know how we can custom package on a OS ISO ?
<xchat> like that all require package are ready on the OS by defautl
<ahasenack> rbasak: when you have a moment, could you chime in on my zstd branches that are up for review?
<ahasenack> rbasak: cpaelzer already did, but you have way more context
<ahasenack> rbasak: btw, cpaelzer's needs-fixing were addressed (I had forgotten to run update-maintainer)
<ahasenack> rbasak: and one more thing for your queue, if you could: I'd like to know if having a build-dep on python3-distutils-extra (universe) for landscape-client (main) in bionic is ok: https://bugs.launchpad.net/landscape-client/+bug/1743562
<ubottu> Launchpad bug 1743562 in Landscape Client "build-dependency on universe package: python3-distutils-extra" [Medium,New]
<ahasenack> I think it's used just when building the package and no code from it will be used at runtime, and I think that's accepted, but I wanted to be sure
<rbasak> OK
<nacc> ahasenack: yep, makes sense
<nacc> ahasenack: seems like an upstream bug then?
<nacc> cpaelzer: we had a separate discussion on this, and mayb ewill backport it to 16.04
<nacc> cpaelzer: but only if we backport nghttp2 as in bionic to it, as well
<nacc> rbasak: around?
<rbasak> nacc: o/
<nacc> rbasak: HO?
<rbasak> We can sync?
<rbasak> Yep. Two minutes
<nacc> rbasak: yeah
<nacc> sure
<rbasak> Standup HO?
<nacc> rbasak: yep
<ahasenack> nacc: bind? Yes, I filed it upstream and with debian
<nacc> ahasenack: yeah cool
<ahasenack> nacc: right now, that is our only delta with debian :)
<nacc> ahasenack: seems fien :)
<ahasenack> rbasak: the importer picked up sssd 1.16.0-5 \o/
<ahasenack> 30 minutes ago	
<ahasenack> DSC file for 1.16.0-5
<ahasenack> nice
<boxrick> Is there any reason that loads of services still exist in /etc/init.d when a real systemd service would be much more suitable?
<ahasenack> nothing specific, no
<ahasenack> some packages even ship both
<ahasenack> nacc: hmm, old/debian seems wrong in this output, no? https://pastebin.ubuntu.com/26465717/
<ahasenack> it should have been 1:9.10.3.dfsg.P4-12.6
<sdeziel> boxrick: not every packages are shipping systemd units.
<ahasenack> nacc: ah, it's a difference between the current snap and the code from the MP with the branch ubuntu-package-merge-base
<ahasenack> the branch gets it right
<ahasenack> $ ~/git/projects/usd-importer/bin/git-ubuntu merge start --tag-only pkg/ubuntu/devel -f
<ahasenack> 01/26/2018 16:28:20 - INFO:Created tag old/ubuntu for version 1:9.10.3.dfsg.P4-12.6ubuntu1
<ahasenack> 01/26/2018 16:28:20 - INFO:Created tag old/debian for version 1:9.10.3.dfsg.P4-12.6
<ahasenack> 01/26/2018 16:28:21 - INFO:Created tag new/debian for version 1:9.11.2.P1-1
<sdeziel> boxrick: if you know how to create systemd units, you could propose those to the package maintainer in Debian
<ahasenack> nacc: but then the lint from that branch gets it wrong again
<Epx998> is there any known issues upgrading to a 4.4.x kernel on a stock trusty server?  the upgrade is failing and I am getting stuck in initramfs after a restart
<ahasenack> have you tried regenerating the initramfs?
<ahasenack> did you also look for disk full issues, specially in /boot?
<Epx998> i ran update-grub, dont think ive ever needed to regenerate that before
<ahasenack> (if you have that as a separate partition)
<Epx998> we do, but never had an apt-get install linux-image... error before
<genii> I had some weirdnesses lately with this. It tried to do Grub1 things when the machine is actually using GRUB2. Like, it wanted to do changes to menu.lst
<Epx998> lets see if this works, round 2.
<Epx998> im scared to reboot lol
<Epx998> nope failed
<Epx998> seeing if i can do it at preseed
<ahasenack> Epx998: did you check the things I mentioned?
<ahasenack> update-grub doesn't regenerate the initramfs file, fwiw
<Epx998> yeah on a reimage, I ran update initramfs -c -k linux-image-4.4.0-31-generic
<Epx998> then update-grub again, rebooted
<sdeziel> Epx998: "update-initramfs -uk all" is what I use usually
<ahasenack> it can't find the root device/fs?
<ahasenack> yeah, -k all
<ahasenack> to avoid silly mistakes typing the kernel version
<Epx998> I saw the all option, I wasnt sure about it
<ahasenack> but it could break your older kernel/boot
<Epx998> i added a d-i option to my preseed to use the kernel i want, its restarting now
<ahasenack> I'm assuming you are rebooting into that
<ahasenack> or it's a new install?
<sdeziel> the -k option wants only 4.4.0-31-generic (aka uname -r)
<Epx998> new install
<ahasenack> ah
<ahasenack> this 4.4.x is an hwe kernel?
<Epx998> no just out of the repo after a new install
<sdeziel> you said it was a trusty server so a 4.4 outta be a HWE one
<Epx998> same result with a preseedf
<Epx998> funny thing is my installer image is using 4.4 heh
<Epx998> ill try again manually with the -uk all, if that fails ill hand off with the stock image and let dev deal with it
<sdeziel> Epx998: with 14.04, at some point release the ISO got the HWE kernel added IIRC
<Epx998> sdeziel: this is a pxe/netboot install
<sdeziel> Epx998: then you must be shipping a 4.4 vmlinuz ;)
<sdeziel> running "file vmlinuz" on the pxe box should tell you
<Epx998> pxe box? you mean tftp server?
<sdeziel> yes
<Epx998> yeah i remade my netboot images, trusty is using an updated 4.4
<Epx998> i think even my precise images are 4.4
<Epx998> wait no
<Epx998> but trusty is yeah
<sdeziel> Epx998: I'd try https://askubuntu.com/questions/953430/using-preseed-how-do-i-select-the-hwe-kernel with sed 's/hwe-16.04/lts-xenial/'
<Epx998> hwe kernel is married to a specific version right?
<sdeziel> Epx998: for Trusty, the HWE kernel you'll get will always be a 4.4 one
<sdeziel> I think that earlier some other older versions were made available but they are now superseeded by the one backported from Xenial
<sdeziel> https://wiki.ubuntu.com/Kernel/LTSEnablementStack#Kernel.2FSupport.A14.04.x_Ubuntu_Kernel_Support shows it well
<Epx998> ok reinstalled, about to do the kernel
<Epx998> so give linux-hwe-generic-trusty a try?
<sdeziel> not sure such package exist
<Epx998> that was in my search for anything hwe
<sdeziel> sorry, you are right it does exist
<Epx998> trying this 1 last time with "update-initramfs -uk all"
<sdeziel> the HWE wiki page mentions "linux-generic-lts-trusty" though
<Epx998> yeah I saw that to
<Epx998> well fiddlesticks
<sbeattie> the version in the name is the release version the kernel is based off of. for 14.04, to get the 4.4 kernel, you want linux-image-generic-lts-xenial.
<Epx998>  sudo apt-get install --install-recommends linux-generic-lts-xenial
<Epx998>  - this just aborts after I type 'y' heh
<Epx998> ok reboot with lts-xenial
<Epx998> i think that one worked
<Epx998> now to see if the ixgbe driver builds
<Epx998> ah no need, awesome.  i think this is as close as ill get to what dev wants
<akern07> How do you set up new users for FTP or SFTP to only have access to a certain folder? (ex: /var/www/html)
<dlloyd> chroot is the safest way
<sdeziel> akern07: openssh has a nice way to do chrooted SFTP, man sshd_config and search for "internal-sftp"
<akern07> Thanks I'm going to try that out
<Epx998> ok thanks for the help, i think i got these 2 hosts where they need to be
<sdeziel> great
<nacc> ahasenack: please file bugs, i'm not context switched in
<nacc> powersj: is there any equivalent to pytest's parameterize that unittest supports? Or do we nneed to use a framework (either pytest or nosetest) to do it?
<powersj> nacc: I don't recall there being a direct way
<nacc> powersj: found it (subTest() context manager)
<nacc> it's new in 3.4
<powersj> ah
<nacc> https://docs.python.org/3/library/unittest.html#distinguishing-test-iterations-using-subtests
<nacc> means i can drop one import from my newe tests :)
<Epx998> i have to try for 4.4.0-31 again
<nacc> powersj: what's the preferred layout for tests? if testing script.py, script_test.py?
<powersj> nacc: I prefer tests in the same directory as code and name_test.py as you state
<nacc> powersj: ack
<Epx998> my workmate tried 4.4.0-31, might be we need extras as well, which ive not seen that req before
<Epx998> yeah added the extras results in the happy path
#ubuntu-server 2018-01-27
<hallyn> feh, 'install maas region controller' on artful server install cd seems broken?
<nacc> powersj: --^
<nacc> hallyn: i'll follow up with him on monday
<g5385> Sup
<maret> Hi, I am trying to setup firewall for ubuntu server edition. First I run netstat -ntlp | grep LISTEN to get what apps are running now and out put is https://pastebin.com/JbE3aRXn. My next question would which of these ports should I allow for ufw? all or only those which are external? Some of them are used externally but some like mysql is only used itnernally for webapp
<DirtyCajun> i am moving about 44TB of data from Server A to Server B. Server A is 12 JBOD drives. Server B is 8 drives in a RAID 6. Using NFS i am maxing out at about 1.1Gbps on a 10Gbps network. At even 50MBps read (lowballing) i should be able to hit about 4Gbps. Does someone know of a better system to transfer than NFS?
<Neo4> hi
<Neo4> what is main file for mysql in ubuntu?
<Neo4> must have been this /etc/mysql/my.cnf ??
<Neo4> my is empty almost. is it normally there only comments https://paste.ubuntu.com/26473855/
<Neo4> ???
<Neo4> what do might have got to do I for add this row "innodb_buffer_pool_size = 20M" ?
<Neo4> mySql is sucking, I've read this might have got to help
<Neo4> this is my /var/log/mysql/error.log file https://paste.ubuntu.com/26473497/
<Neo4> I'd been trying to fix it couldn't have corrected this. What I had done? I used phpmyadmin and there select tables and rebuild tables and as well as this command in console had been used (couldnt have found console used command)
<Neo4> sense the same like we run from phpmyadmin
<Neo4> it does the same, and didn't helped anything :(
<Neo4> why know what is the problemo?
#ubuntu-server 2018-01-28
<Neo4> here may have to be solution https://www.digitalocean.com/community/questions/mysql-server-keeps-stopping-unexpectedly
<Neo4> this row innodb_buffer_pool_size = 20M
<Neo4> How I could be have to find this row in my file /etc/mysq/my.cnf didn't exided that row, I've putted it myself in the bottom. Couldn't be it right? where I could find my real that variable?
<Neo4> any  suggestions?
<Neo4> that couldn't have helped again the same error 'couldn't connect to mysql server' https://kselax.ru/
<Neo4> I don't know how to fix it
<Neo4> it is error what I have had http://pix.toile-libre.org/?img=1517098891.png
<Neo4> see it http://pix.toile-libre.org/?img=1517099113.png
<Neo4> why I have so little memory?
<Neo4> I have on this server many subdomains where I put sites for test, Could be this the reason so low memory?
<Neo4> I think apache always has equal memory or it depend on number of set up sites/
<Neo4> the more sites the less memory?
<Neo4> it is crystal clear my problem is memory? What shall I do, I have got there a few sites. Does it mean I might have to remove a few sites?
<teward> Neo4: I'd suggest reviewing what's running and identify what's using the most memory.  Then address those processes accordingly
<teward> because some processes use a lot of memory while others don't.
<Neo4> teward: who to do it?
<teward> MySQL, PHP, and Apache2 are all resource hogs until you tune them
<Neo4> do you know command?
<Neo4> teward: do you see in pic there swap is zero?
<teward> it's more than just one 'command'.
<teward> Neo4: swap size isn't in our control
<teward> that's a control of your system provdier/admin
<Neo4> teward: http://pix.toile-libre.org/?img=1517099113.png
<teward> swap being 0 means nobody set a swapfile or a swap partition
<teward> stop sending me links I already reviewed
<teward> or i'll stop trying to be helpful and just walk away
<Neo4> ok
<Neo4> see if there many sites, do you think site can feed memory?
<teward> MY suggestion is install `htop`, and look at that, ordering by memory usage.
<teward> if the primary users are MySQL, APache2 and/or PHP, then you should start fine-tuning the configurations of those services to *not* use as much in terms of resources.
<teward> but that can be difficult the more sites oyu run.
<Neo4> teward: I've installed there 7 wp sites, can this have taken all merry?
<Neo4> ok, I badly understand it
<teward> yes, it could have.  Assuming there's no caching in play, it could take up memory.  Also assuming that your sites haven't been hijacked; if they ahve been and have malicious stuff running they could be consuming more memory.
<Neo4> oh I even didn't think about it and am going to create many many sites else :)
<Neo4> I've must removed 4 sites
<Neo4> teward: is this app https://hisham.hm/htop/
<teward> Neo4: sudo apt-get install htop
<Neo4> I'll try right now
<teward> don't bother googling things
<teward> just install stuff from the repos
<Neo4> see my computer is lubuntu? http://pix.toile-libre.org/?img=1517100055.png
<Neo4> and there error
<Neo4> teward: no all right now
<teward> Neo4: is this a VPS or something hosted by someone else, or your physical system
<teward> it LOOKS like it's a VPS because of the low amount of RAM
<Neo4> teward: my real vps
<Neo4> http://kselax.ru
<Neo4> http://pix.toile-libre.org/?img=1517100153.png
<Neo4> teward: see I've run http://pix.toile-libre.org/?img=1517100261.png
<teward> your VPS is overtaxed.  Swap not existing you need to take up with yoru VPS provider.
<teward> and you should probably NOT be running Lubuntu on it, you should run the pure command line Ubuntu Server instead
<teward> and learn how to SSH
<Neo4> teward: might be that 1ubuntu1 not lubuntu ) see this http://pix.toile-libre.org/?img=1517100372.png
<Neo4> apache has eaten all memory
<Neo4> how to create swap?
<Neo4> I might be have to create swap myself?
<teward> Neo4: https://support.rackspace.com/how-to/create-a-linux-swap-file/ may be relevant, but not all VPSes let you enable swap, even with swap files.
<teward> Neo4: if you're running lots of sites though you *need* to have a bigger server, and not consume all the memory.  Or retune the system to properly use less memory, and if you're using Apache you have to really tune PHP, not Apache, for the lower-RAM server.
<teward> otherwise it will eat your memory.
<Neo4> teward: ok, I didn't know it, I thought it must have done automatically
<Neo4> teward: see not swap has appeared http://pix.toile-libre.org/?img=1517101287.png
<Neo4> what shell I do next?
<Neo4> why there so many mysql row?
<teward> Neo4: that's the number of 'threads' that mysql has.  But I can't help you out much from here, as I said before, you have to tune MySQL and PHP, and that's tricky to do from here.
<teward> since it requires a lot of work to properly tune it
<teward> https://www.narga.net/optimizing-apachephpmysql-low-memory-server/ may help with that.
<teward> but it is nontrivial and requires a lot of long-term work.
<Neo4> teward: ok, understood, thanks, I know php, use it in windows
<Neo4> there exists variable that change memory
<Neo4> I'd better removed a few sites
<Neo4> teward: thanks
<LeMike_> Hello. When I do "ps aux | grep ssh-agent | wc -l" I get 230 running agents. This does not seem right. Why so many and can I just kill them? (hint: there is continous integration running on the server and each may have opened one)
<rypervenche> LeMike_: You just answered your own question. What you wrote in your "hint" is true.
<tanuki> In 17.10, after installing I get a "^@" on the console every second or so. It doesn't happen in the installer or in recovery mode.
<tanuki> It's acting like it's being typed so it's pretty much impossible to log in on the console.
<tanuki> Correction: it does happen in recovery mode
<tanuki> But it's ignored at the command line for some reason
<tanuki> Doesnt happen in the installer shell though
<tanuki> Installing 16.04 now to see if it does the same thing.
<tanuki> 16.04 doesnt seem to do the same.
<saban> hey. i modified lines in rsyslog.conf to add some custom logs. what do i need to add that this logs will be relayed to my remote rsyslog server? https://pastebin.ubuntu.com/26479158/
#ubuntu-server 2019-01-21
<partlycloudy> hello, has anyone got ssl worked with MAAS 2.4?
<leftyfb> partlycloudy: you should try #maas
<leftyfb> partlycloudy: also, learn to ask for help, not for a survey
<partlycloudy> leftyfb: thank you leftyfb. i tried #maas, but it was silent thereâ¦
<leftyfb> partlycloudy: you'll need to wait, possibly till Tuesday
<partlycloudy> leftyfb: oh yeahâ¦ long weekend.
<lordievader> Good morning
<ahasenack> good morning
<kstenerud> when calling dpkg-buildpackage, I get the following error:
<kstenerud> dpkg-source: error: aborting due to unexpected upstream changes, see /tmp/dovecot_2.3.4-2.diff.iemGlV
<kstenerud> What does that mean? My source tree is clean
<ahasenack> it's not, when compared to the orig tarball
<ahasenack> not that sometimes (most of the time, in my experience), the "dh clean" step doesn't really clean it up completely
<kstenerud> How do I fix it?
<ahasenack> unapply all patches, and compare your tree with the orig tarball
<ahasenack> maybe you committed something to the tree instead of as a debian patch
<ahasenack> or maybe there is "dirt" that dh clean didn't clean, so try "git clean -f -x -d"
<ahasenack> and check git status
<ahasenack> with --ignored
<ahasenack> rbasak: what's the difference between "platform" and "ubuntu" in these seeds repositories? https://code.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/+git/
<rbasak> ahasenack: I believe it's legacy from when we had separate 3 year and 5 year LTS periods between desktop and server.
<rbasak> ahasenack: now they're equivalent but just have different seeds in different places.
<ahasenack> rbasak: so how did you find out where to add the irc server seed, anope?
<kstenerud> I'm getting a strange error when I try to dput a ppa:
<kstenerud> gpg: ../dovecot_2.3.4-2_source.changes: error 58: gpgme_op_verify
<kstenerud> gpgme_op_verify: GPGME: No data
<kstenerud> Has anyone seen this before?
<rbasak> ahasenack: I looked for the seed that contained supported server packages (that aren't seeded anywhere further up the hierarchy)
<ahasenack> kstenerud: did you sign the changes file?
<Lachezar> Hey all. In Ubuntu Server 18.04 docker is a "snap". How do I do "... --volume /path:/mount ..." in such environment?
<Lachezar> I need to specify a volume to be in a dedicated disk/partition mounted in the host.
<ahasenack> rbasak: hm, last time I did a seed change, it was in "ubuntu" repository
<ahasenack> but my change was to drop a seed
<ahasenack> so I just had to find where it was defined
<ahasenack> but it's still unclear, I just asked in #ubuntu-devel
<ahasenack> rbasak: did you see the response in #ubuntu-devel about the difference between "ubuntu" and "platform"?
<ahasenack> ...
<tomreyn> it is a plausible theory that someoene who had the ubuntu-server package but no -desktop packages installed on 16.04, but had xfce and xserver-xorg installed, and initiated a do-release-upgrade upgrade to 18.04, would end up with xwayland?
<lotuspsychje> we also dont know what the user has chosen during upgrade, he did mention to have chosen yes-no etc
<rbasak> tomreyn: I think you're better off asking desktop people. Server people don't deal with xfce, xserver-xorg or xwayland.
<rbasak> Server packages have no interaction with those components.
<tomreyn> rbasak: and this is entirely logical. but i assumed server folks do design the upgrade path for when there is the ubuntu-server package installed, and i assume this was the case here.
<tomreyn> but let's not spend time on it, since i have no hard facts.
<tomreyn> thanks
<rbasak> tomreyn: understood. FWIW, there isn't an upgrade path as such. Upgrade paths are implemented when necessary in individual packages.
<tomreyn> oh, thanks for pointing this out, so that's a misconception i had there. i thought i had noted that the release upgrader code which is downloaded by do-release-upgrade inspects presence of these meta packages and makes choices based on those findings.
<muhaha> is there any crontab that can support year in crontab? I just want to run job only once (without deleteing crontab entry for example) I can not use at, because I need some shared "db". I am able to create lock file with flock to prevent duplicate triggering.
<sdeziel> muhaha: how about a little quirk like: [ "$(date +%Y)" = "2020" ] && myjob
<rbasak> tomreyn: do-release-upgrader does have some magic for some edge cases I believe, but that's the exception rather than the norm.
<rbasak> It's not that the server team writes an "upgrade path" for each release or anything.
<lordcirth_> muhaha, what do you mean by a shared db?
<rbasak> I'm not sure the server team has ever needed anything in do-release-upgrade.
<tomreyn> rbasak: thank, this is is good to know, should prevent me from providing as much flase info in the future :)
<rbasak> We generally just make sure we ship stuff that'll upgrade correctly with plain apt.
<rbasak> I wouldn't be surprised to hear that the switch to wayland and back needed some magic in do-release-upgrade. However I don't know either way. Such a thing would have been implemented between the desktop and foundations teams.
<muhaha> lordcirth_: I have webhook wrapper which can setup crontab for example... I can run this server in failover/more that 1 instance... atd can not use NFS for spool, but crontab depends only on files on FS, so If I create lock when is time to trigger job, another instance can not trigger this job as duplicate, if is there lock file from flock.
<lordcirth_> muhaha, ah ok
<muhaha> Problem is that crontab can not hanlde one time jobs..
<muhaha> nncron can use year in pattern AFAIK
<lordcirth_> muhaha, if the first thing your job does is check the lock file, it can just do nothing
<muhaha> no, one of X instances will trigger crontab job-> first one will create lock file and run command, otheres will not run because of lock file -> already created
<lordcirth_> muhaha, yeah, that's what I mean. Just don't delete the lock file when you're done. Then it will only run once.
<muhaha> http://www.nncron.ru/help/EN/working/cron-format.htm -> this one can handle year -> you can trigger job only once with shared file locking
<muhaha> lordcirth_ I am using https://linux.die.net/man/1/flock -> can not create and let lock file forever, some bash wrapper is wacky ... I just want quick, proper way.
<lordcirth_> Well, nncron seems like it works too, as long as it's not hard for you to migrate
<TJ-> muhaha: which release are you using? Sounds like a job for a systemd timer
<lordcirth_> Oh, yeah that exists too
<muhaha> systemd time is not in dockerized ubuntu, right?
<lordcirth_> muhaha, probably not. The host sets the kernel time.
<THKitten> is there anyone in here who is an admin in #linux? Looks like I've been banned again (because I'm using TOR). This was fixed before for me as I'm a trusted user, but it looks like it's been broken.
<TJ-> THKitten: did you try in ##linux-ops ?
<ahasenack> kstenerud: schleuder is also failing in debian at least: https://ci.debian.net/packages/s/schleuder/
<ahasenack> same failure
<ahasenack> ruby...
<lunaphyte> i upgraded from 14 to 16, and it broke booting.  it seems to be related to lvm and initrd/initramfs
<lunaphyte> grub loads ok, and the kernel starts to load, but then when it tries to mount various filesystems, it can't, and eventually gives up trying and drops to an initramfs prompt
<lunaphyte> all i have to do to get it to work is manually issue "vgchange -y", then i can exit and it resumes booting and everything is fine - so it seems like the initrd has support for lvm, but just isn't activating the volume groups?
<lunaphyte> how can i troubleshoot and fix this?
<lunaphyte> i've since upgraded from 16 to 18.04, and 18.04 to 18.10, but it remains broken
<lordcirth_> lunaphyte, https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1573982
<ubottu> Launchpad bug 1573982 in lvm2 (Ubuntu) "LVM boot problem - volumes not activated after upgrade to Xenial" [Undecided,Confirmed]
<lunaphyte> lordcirth_: oh, wow.  was that something you happened to already know about, or did you just now find it with some searching?
<lordcirth_> FWIW, this sort of thing is why I just reinstalled
<lordcirth_> lunaphyte, I searched it just now
<lunaphyte> grr
<lordcirth_> "ubuntu initrd lvm"
<lunaphyte> well, i'm grateful you did, for whatever reason, i was obviously doing an awful job
<lordcirth_> lol np
<lunaphyte> lordcirth_: why does reinstalling make the problem a non issue?
<lordcirth_> lunaphyte, pretty sure the 16.04 installer works fine with LVM. It's upgrading the old system that misses something.
<lordcirth_> I'd seriously consider wiping it and installing 18.04
<lunaphyte> i see
<lunaphyte> yeah, i would like to, honestly
<lunaphyte> not right now though
<lunaphyte> i'll be able to once i get some other crap straightened out
<lordcirth_> lunaphyte, also, just wondering, do you need LVM? I don't use it anymore
<lunaphyte> i guess that depends on what "need" means :)
<lordcirth_> I just reinstalled my home PC with ZFS root, which was a bit involved, but it's awesome now
<lunaphyte> do i need it?  no, not really. i do like it though
<lunaphyte> oh zfs
<lunaphyte> yeah, maybe at some point
<TJ-> lunaphyte: haha! Notice I posted a udev patch to that bug?
<lordcirth_> btrfs works as well and is trivial to install to /, unlike ZFS
<lunaphyte> TJ-: oh, let me look
<lordcirth_> But I wanted raidz / raid5, and btrfs's raid5 is alpha
<lunaphyte> lordcirth_: i have been using btrfs on other systems recently
<lunaphyte> i do like it, but i've unfortunately had some very very bad experiences too
<lordcirth_> It's a bit buggy still. ZFS is wonderful.
<lunaphyte> i'm hoping i've just done something irresponsible, but that's another thing to figure out
<lunaphyte> systems that get shutdown uncleanly, and the filesystem is rendered completely unusable
<lunaphyte> repeatedly
<lunaphyte> it was a huge bummer
<lunaphyte> but anyway, that's a different story
<lunaphyte> TJ-: how do i see the patches posted to the bug?  just within the thread discussion itself?
<TJ-> lunaphyte: Looks like my patch addresses a slightly different case to yours; in my case it was when kernel command line has root=UUID= whereas yours is for /usr not being activated
<lunaphyte> oh ok
<TJ-> lunaphyte: yes, they're linked from the comment where they are introduced, and aslo listed on the right side
<lunaphyte> oh there, i see.  thanks
<TJ-> lunaphyte: Your /usr/ issue won't be solved by that, you need the earlier patch form comment #10 I think it is
<lunaphyte> "I then booted via rescue system and added "lvm vgchange -ay" in /usr/share/initramfs-tools/scripts/local-top/lvm2 right before "exit 0""
<lunaphyte> that guy?
<TJ-> Correct
<lunaphyte> ok
<TJ-> use -aay rather than -ay though
<lunaphyte> is that a more so a hack?  or is it actually the correct way to solve the problem?
<TJ-> lunaphyte: correct way - the problem occurs because this command was removed from the software
<lunaphyte> ok, cool.  thanks very much
<lunaphyte> i'll give it a try shortly
<TJ-> don't forget to update-initramfs beforehand
<lunaphyte> before rebooting?
<ahasenack> rbasak: what I meant in standup, I can't install libmariadbclient-dev in debian/sid: https://pastebin.ubuntu.com/p/7bkNKWdGbf/
<ahasenack> dev one is 10.1, whereas the one carrying the soname is 10.3
<TJ-> lunaphyte: yes, after adding change and before rebooting
<lunaphyte> gotcha.  i won't forget :p
<lunaphyte> in /usr/share/initramfs-tools/scripts/local-top/lvm2, i see "activate "$ROOT"", which makes sense, but also "activate "$resume""
<lunaphyte> i don't see where $resume is getting set.  what is this?  where does it come from?
<KWhat4> How do you install lzma or lz4 support for mariadb in this OS?  [ERROR] InnoDB: innodb_compression_algorithm = 4 unsupported. InnoDB: liblzma is not installed. Yet apt cache certainly thinks liblzma5 is installed.  Does ubuntu not support anything but gzip for row_format compression?
<KWhat4> version 10.1
<KWhat4> Its, cool.  No one uses lz4 for realtime compression anyway due to libz superior compression speed and ratio.
<lunaphyte> i'm having trouble getting this system to keep a resolution of 1280x1024
<lunaphyte> i've set GRUB_GFXMODE=1280x1024 and GRUB_GFXPAYLOAD_LINUX=keep in /etc/default/grub, which seems to partially work, but something is still changing the resolution at some point during boot
<lunaphyte> the display i'm using can't go beyond that, so it goes "out of range" when that happens and i can't see the screen of course
<lunaphyte> how can i figure out what is doing this?
<lunaphyte> it looks like maybe due to the edid information?
<lunaphyte> aha, yes
<lunaphyte> booting with the physical display worked.  the kernel didn't detect it, so it left the resolution alone, and the network console didn't go out of range
<lunaphyte> oops
<lunaphyte> "booting with the physical display disconnected worked", i meant to say
<rbasak> ahasenack: libmariadbclient-dev is deprecated in 10.3 I think and will be removed.
<rbasak> Are our regular cloud images supposed to work on bare metal? What does MAAS do?
<rbasak> I have a friend for whom this doesn't work because his USB keyboard doesn't work. Installing linux-image-generic fixes it.
<rbasak> He can't use MAAS because he needs the installation to work over the Internet.
<rbasak> So no TFTP.
<rbasak> In his case a USB installation is fine, so he's blatting the cloud image onto a USB stick at my suggestion, and separately providing a NoCloud cloud-init datasource using an SD card.
<rbasak> (well TFTP would work, but he can't control DHCP to bootstrap that)
<OerHeks> besides https://docs.maas.io/2.5/en/installconfig-network-ssl your maas service need a lot of work for ssl  https://askubuntu.com/questions/736126/using-https-with-maas-web-interface-login-redirects-to-http
<rbasak> This approach seems to work fine except he's currently needing to make two modifications to the image that he'd like to avoid: 1) installing linux-image-generic to make the USB keyboard work; and 2) dropping console=ttyS0 to work around bug 1573095 (I'm about to update that bug with details)
<ubottu> bug 1573095 in Ubuntu "16.04 cloud image hangs at first boot" [Undecided,Confirmed] https://launchpad.net/bugs/1573095
<rbasak> rharper: ^ would you happen to know please?
#ubuntu-server 2019-01-22
<sergeant> while connecting to the mongo shell on an ubuntu server. I am getting this error http://paste.ubuntu.com/p/SS7VBxFdck/. Please help!!!!!!!
<lotuspsychje> sergeant: please idle a bit here, volunteers might be still waking up ok
<sergeant> yeah sorry
<igordc> or going to sleep :(
<igordc> sergeant, I haven't particularly dealt with mongo much but it looks like it isn't running on that specified port
<igordc> sergeant, double check the server
<sergeant> how do i check that ?
<eject_ck> After installing packages updates on 5 Ubuntu 16.04 servers one wont start (just stuck during kernel boot), https://imgur.com/a/Nukuvk9
<eject_ck> Anybody had such an issue ?
<eject_ck> how can I collect details for such probelm?
<eject_ck> kernel 4.4.0.141
<lotuspsychje> !info linux-image-generic xenial
<ubottu> linux-image-generic (source: linux-meta): Generic Linux kernel image. In component main, is optional. Version 4.4.0.141.147 (xenial), package size 2 kB, installed size 14 kB
<lotuspsychje> eject_ck: did you try booting a previous kernel yet?
<eject_ck> yes, no luck
<eject_ck> I tried to boot with dis_ucode_ldr   [X86] Disable the microcode loader. and it worked
<eject_ck> interesting now why it caused problems
<lotuspsychje> eject_ck: maybe provide us some dpkg logs from the installed updates recently, maybe volunteers can find a link
<eject_ck> ok
<lordievader> Good morning
<eject_ck> lotuspsychje: where to send ?
<lotuspsychje> !paste | eject_ck
<ubottu> eject_ck: For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<eject_ck> https://paste.ubuntu.com/p/4f4rfg2Xvk/
<lotuspsychje> eject_ck: that seems like a big dpkg list, is that a normal update or did you upgrade or wait long?
<eject_ck> normal update
<eject_ck> after long break
<lordievader> You want the apt history log ð
<lotuspsychje> lordievader: he got 5 xenial servers not booting anymore
<eject_ck> no no
<lordievader> `/var/log/apt/history.log` to be precise.
<eject_ck> I got 1 server out of 5 not bootable
<lotuspsychje> ah
<lordievader> `dpkg -l` just shows what is installed. The apt history log shows what it did, what it updated, installed, etc.
<eject_ck> adding dis_ucode_ldr to boot options helped to start server
<eject_ck> then I ran apt update && initramfs -u
<Mudchains> Good morning all. I have a old 8.04 ubuntu server with mysql databases on it. I want to setup a new 18.04 server and migrate the databases. Is there any guide lines about scsci controllers and disk design ? I am running VMware Vcenter/ESX 6.5
<Mudchains> hi lotuspsychje ;)
<eject_ck> then I downloaded latest microcode from Intel and put it into /var/firmware and restarted
<eject_ck> it started with no problems
<lordievader> Mudchains: What you could do is boot a live-usb/iso of 18.04 and check if everything works.
<Mudchains> lordievader: I am running 18.04 on multiple VM's and they are working fine. They have only a 'old' disk design and scsci controller attached.
<Mudchains> For the next VM's I want to make a template :)
<lordievader> If you only have databases on there, wouldn't it be a better idea to setup a new VM with 18.04 install maria-db and transfer the databases to the new VM?
<Mudchains> lordievader: thats my idea also
<Mudchains> lordievader : do you have experience with the vmware paravirtual scsci controller and performance?
<lordievader> No, I use kvm/qemu.
<Mudchains> ah ok :)
<lordievader> I try to stay away from vmware ð
<Mudchains> we are running 310+ machines on vmware atm :)
<Mudchains> google doesnt say anything about optimized ubuntu templates for vmware unfortunally
<Mudchains> lordievader: the new server is up and running, now the most time taking job..mysql, optimalisation and db migration.. :)
<Mudchains> lordievader: why choosing maria-db btw?
<lordievader> Because mysql is Oracle now.
<lordievader> Maria-db is drop-in replacement.
<Mudchains> lordievader: thats the only reason? :)
<lordievader> For me it is, but I've moved away from mysql alltogether.
<lordievader> A more indepth comparison: https://blog.panoply.io/a-comparative-vmariadb-vs-mysql
<Mudchains> lordievader: I just readed it haha :D
<ahasenack> good morning
<rbasak> o/
<ahasenack> hi rbasak
<ahasenack> kstenerud: did you see my notes about schleuder?
<ahasenack> I added a bug to the exim4 card comments
<kstenerud> Yes, so we need to fix schleuder to unblock exim4 right?
<ahasenack> yep, for a loose definition of "fix"
<ahasenack> might need kicking out too, I asked in #ubuntu-release yesterday, didn't get a response
<Mudchains> lordievader: pff what a job, migrating the databases xD
<lordievader> Is it?
<lordievader> Dump, scp, import. Right?
<Mudchains> at least the new ubuntu 18.04 server is up and running :)
<Mudchains> lordievader: yes thats correct, also found a query to copy the mysql users
<Mudchains> the most annoying part is all the application/odbc connections
<awalende> Hi there, is it possible to write iptable rules for vlans?
<awalende> Id like to block all incoming on a vlan interface of mine
<sdeziel> awalende: yes, -i and -o support any interface name
<awalende> sooo "iptables -P INPUT DROP -i vlan118" should do the trick
<sdeziel> awalende: well, -P doesn't accept -i
<sdeziel> awalende: -P is to set the chain policy (aka default faith of a packet reaching the end of the chain)
<sdeziel> awalende: but any -I/-A rules that you have can use -i vlan118
<sdeziel> awalende: ex: "iptables -A INPUT -i vlan118 -j DROP"
<awalende> ah okay, I'll try this. Thanks!
<awalende> mhh weird, "iptables -L" shows me that I have a new DROP rule. However this list does not show my any information on which vlan this rule is enforced.
<awalende> "DROP       all  --  anywhere             anywhere  "
<sdeziel> awalende: could you pastebin "iptables-save" ?
<TJ-> awalende: "iptables -nvL"
<awalende> https://pastebin.com/k5YhK1RZ
<awalende> ah I believe "iptables -nvL" did the trick, I see the rule for vlan118 now
<awalende> -nvl - > https://pastebin.com/WViuyD5G
<awalende> thanks for your help folks :)
<sdeziel> awalende: np. FYI, you can use prefix matching for input/output devices like this "-i vlan+"
<sdeziel> I find this quite useful at times so I thought I'd mention it ;)
<awalende> :)
<herald85> hi, i keep having issues during updates with downloading the required version of linux-headers. When I manually browse to http://security.ubuntu.com/ubuntu/pool/main/l/linux/  and click on linux-headers-4.4.0-141_4.4.0-141.167_all.deb it also fails to download. Anyone know how I can work around this?
<ansyeb> hello. how it that possible? https://pastebin.com/YgJttRpw
<ansyeb> what is on 22001?
<ansyeb> <SerajewelKS> ansyeb: almost certainly a -R forward from one of your users
<ansyeb> could someone provide a link to the corresponding manual page?
<jelly> ansyeb: man ssh_config, search for RemoteForward
<ansyeb> I found this: http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd
<jelly> ssh has about 4-5 different forwardings and agent forwarding or X11 forwarding is not relevant for -R
<jelly> -R is a ssh client command line option that opens a listener on the remote side and tunnels tcp connections somewhere visible to the client side
<ansyeb> oh man..
<jelly> serajewelks suggested you were seeing a remote listener side of such a setup
<jelly> the* remote listener side
<jelly> if you want web search keywords: ssh remote forwarding
<ansyeb> ÑÐ» ÐµÐ½
<ansyeb> ok ty
<jelly> it's a way to enable access to a service that ssh server you connected to can't otherwise reach; somethimes used as a workaround instead of having to punch holes in firewalls
<jelly> ansyeb: what does "ps -fp 1973" say? it might be interesting to see what is its parent process, that might confirm the -R theory.  However,but it is somewhat unusual for a sshd process with a -R listener socket open to be running as root
<baffle> I have a server with 2*L3 uplinks; The uplinks has a /31 for basic connectivity, and the same /32 on both interfaces+loopback. 0.0.0.0/0 is routed via the /31 on both interfaces, and src set to the /32. Packets gets sent randomly out via both interfaces, but there is asymmetrical routing so replies might come to the other interfaces; If this happens, the package seems to just disappear. I have
<baffle> rp_filter set to 0, what else have I forgotten? Iptables INPUT/FORWARD is set to ACCEPT...
<baffle> Anyone have any ideas what it could be?
<sarnold> baffle: rp_filter on *all* interfaces? or just the global config?
<baffle> sarnold: It's set to 2 on all interfaces..
<sarnold> baffle: this guide suggests assymetric routing uses would benefit from '1' https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.rpf.html
<baffle> sarnold: That's weird, this does not match documentation in https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt <- 1 is strict, 2 is loose. 0 is disabled.
<baffle> (I have it set to 2, not 0, so that was wrong on my part)
<baffle> Set to 0 on all/default/<interfaces> now, same behaviour.
<baffle> And I have enabled log_martians too, and there are no entries in any logs. :-/
<sarnold> baffle: huhn. that is more or less exactly opposite of the what the guide said :(
<baffle> sarnold: Any tips on how to debug further?
<sarnold> baffle: nothing good, I'm insanely rusty on router kinds of things :/ .. maybe firewall packet counts? perhaps they're being blocked by rules?
<TJ-> baffle: I may be confused but your original question seems to be talking about *replies* coming into this server on a different interface - rp_filter is about sending replies *out* from this system
<sdeziel> rp_filter is a source validation mechanism so should apply to inbound traffic I think
<baffle> sdeziel: But maybe in the forwarding path?
<baffle> I.e. for packets passing.
<baffle> (Typically a router)
<sdeziel> baffle: AFAIK, rp_filter is applied on traffic reception even in the forwarding case
<sdeziel> baffle: I don't have the time to look myself but surely sharing "ip a; ip ro" would help folks have a better idea of your setup
<baffle> sdeziel: Oh. I forgot the paste-link I prepared... https://paste2.org/FLH32Z5F
<baffle> (rp_filter is now set to 0, not 2 as in the paste)
<sdeziel> baffle: is 10.200.0.1/32 supposed to be some kind of HA IP or Virtual IP?
<baffle> sdeziel: Yes, it is supposed to be a HA IP.
<sdeziel> baffle: then I wouldn't expect to see it configured on the 2 NICs at the same time.
<baffle> sdeziel: Well, I only had it on loopback before, then packets could be sent to it from an external host.. I.e. to reach a service bound to that IP. But for the host to source packets to that IP, and not the /31 linknets, one both needs to set the src in ip route + set IP on the interfaces. If IP is not set on the interfaces, packets will not be sent out by the kernel..
<sdeziel> baffle: looks like you are running bgp which is unexplored territory for me, sorry ;)
<sdeziel> baffle: I would have think that you could set just an ip route with source specification without needing to actually have the IP configured on the real outbound NIC (just lo0)
<sarnold> btw how does a /31 work? there's two addresses, and the all-ones-equiv would be broadcast.. leaving the all-zeros for the one host?
<baffle> sdeziel: Yes, it's BGP, but all it does it populate the routing table, and announce the /32 to the switches.
<baffle> sdeziel: If I remove the IP from the outbound NICs, and just put it in lo0, and have src set to the IP, no packets go out..
<sdeziel> baffle: your default route with 2 nexthops looks good to me. Have you confirmed with tcpdump what's going on?
<sdeziel> sarnold: I'm suspecting some kind of p2p setup
<sdeziel> ipcalc says there are no broadcasts for /31: https://paste.ubuntu.com/p/yhR2dkxS8B/
<sdeziel> ipcalc also mentions https://tools.ietf.org/html/rfc3021 for /31 ranges :)
<sarnold> ha! of course there's an rfc to answer my exact question :)
<sarnold> thanks sdeziel
<baffle> sarnold: It works great for linknets between routers, and there is no network/broadcast address.
<baffle> sdeziel: Yeah, if I source icmp packets from interface ens1f0 I get echo+reply back on ens1f0. If I source icmp packets from interface ens1f1 the echo is sent out from ens1f1, but the reply comes back on ens1f0 (due to what I ping being a few hops away, and having a best path via the switch ens1f0 is connected to)
<sdeziel> baffle: have you tried "ping -I 10.200.0.1 10.100.1.5" ?
<sdeziel> baffle: I'd expect it to work and load balance the echo requests evenly between the 2 NICs since they have the same weight
<sdeziel> baffle: the echo replies might all come via ens1f0 though if the switch behaves that way
<sdeziel> baffle: out of curiosity, why deal with this at L3 instead of L2 (LACP, bonds, etc)?
<baffle> sdeziel: Uh, that worked. One minute, I'll check something....
<baffle> sdeziel: Whaddayaknow. Facepalm time. It works fine, and probaly has been all along, I think I was looking the wrong place all along. All day.
<sdeziel> baffle: hehe
<sarnold> uhoh
<sarnold> whatr exactly was the wrong thing in question? :)
<baffle> sdeziel: The reason for going with L3 instead of L2 is to avoid having MLAG on the switches, I've seen that (and stacking) fail too many times..
<blackflow> sarnold: oh hey, you're a ZFS fan amirite?
<sdeziel> baffle: OK
<sarnold> blackflow: yeah
<blackflow> sarnold: is the ZFS wiki page editable only by ubuntu devs, or community? because the uses cases are blatantly lying :)  https://wiki.ubuntu.com/ZFS
<baffle> sdeziel: So, instead of using L2 that we all know and love, I'm introducing more complexity with routing instead.. It is probably a bad idea.. But at least it is standardized, and you can use whatever vendor..
<blackflow> that really needs some correction, because it's very much false.
<sarnold> blackflow: I'd expect anyone in the right launchpad group would be able to edit it
<blackflow> should I open a bug report then?
<blackflow> eg. Jack's use case is fiction. ZFS does no such thing.
<sdeziel> baffle: I've heard good things about L3 redundant setups so I guess it's just a matter of fully understanding this new paradigm
<sarnold> blackflow: hah yeah that looks way wrong
<blackflow> so is Ari's use case, ZFS does not do that :)
<sarnold> ha
<baffle> sarnold: I think what I originally observed, but failed to catch, was that outgoing connections from a container got masqueraded (randomly) to linknet IPs on interfaces + the "HA" IP.
<lordcirth_> Yeah, Jack's is handled by btrfs, I'm not aware of any filesystem that just grabs storage devices lol
<sarnold> blackflow: if you want to edit the wiki, this is the group to join https://launchpad.net/~ubuntu-wiki-editors -- many other groups are already included on the thing, so maybe it'd make sense to join one of the other groups instead of this one
<sarnold> blackflow: I've got to run for lunch.. if you'd rather not bother, just let me know and I'll happily delete those usecases :)
<blackflow> sarnold: thanks, I'll see what I can do first.
<sdeziel> baffle: the masquerading shouldn't be random since your default route says to go out with 10.200.0.1, no?
<sarnold> blackflow: thanks
<blackflow> sarnold: bon apetit!
<sarnold> :D
<baffle> sdeziel: Yes, but it is still very hard to know what is the correct way to design a spine/leaf design with full redundancy on hosts.. Some designs seems to think that spine/leaf should be core, with ToR switches connected to the leafs, and host using L2 to one ToR switch. Or LACP/MLAG to two ToR switchces. Some designs use ToR switches as leafs (as I do).. But that both in a rack should use iBGP and
<baffle> bgp and be in the same AS.. Some have the same AS on spines.. It's very confusing..
<baffle> sdeziel: That's what I tought...
<sdeziel> baffle: the only semi-random (round robin I think) portion would be the outbound NIC the kernel picks
<baffle> sdeziel: But I'll modify the rule to have --to-source..
<sdeziel> baffle: out of curiosity, if you run this multiple time, do you see the kernel alternating the outbound NIC: ip ro get 1.1.1.1
<baffle> sdeziel: No, that returns same IP consistently. And I've set sys/net/ipv4/fib_multipath_hash_policy to 1 (L4).. But 1 sec, I'll see what happens.
<sdeziel> baffle: yeah, same source IP but what about the dev?
<baffle> sdeziel: Same device, same link IP, same source IP. I.e. -> 1.1.1.1 via 10.20.128.32 dev ens1f0 src 10.200.0.1 uid 1000
<baffle> sdeziel: But I assume that is just cached. If I actually generate TCP traffic to the same host now, the flows round-robin.
<baffle> sdeziel: I'll modify the masquerade rule and test now..
<sdeziel> baffle: probably but I would have appreciate the kernel telling you about the round robin thing
<sdeziel> "ip route get fibmatch 1.1.1.1" maybe?
<baffle> sdeziel: That works, returns both path.
<baffle> s
<baffle> sdeziel: Also, manually replacing MASQUERADE with -J SNAT --to-source works a treat.
<sdeziel> baffle: thanks good to know
<sdeziel> baffle: I don't understand why MASQUERADE would do the wrong thing though
<teward> masquerade uses the primary IP address on the system, if I'm not mistaken
<teward> and not "alternative IPs" (secondary, tertiary, extra, etc.)
<sdeziel> teward: it should make a decision based on the info from routing table, or at least that would be a logical (to me) way of doing it
<teward> while I agree with you, i'm also coming in late.
<teward> so I'm not up to speed :P
<baffle> teward: What is the "primary" IP anyway?
<sdeziel> that's what the routing table tells you it is
<teward> unless your routing tables are screwed, the 'default route' according to the routing table typically
<teward> usually the first IP address on an interface if you don't have any custom routing tables in play
<baffle> Hmm, wonder what happens if I reorder IP addresses in netplan.
<teward> just as an FYI I came in late, did you share your configuration?  Do you have custom policy-based route rules set up?
<teward> (which would therefore alter the 'default routes')
<sdeziel> teward: 2 nexthops with same weight as default gw
<sdeziel> https://paste2.org/FLH32Z5F
<teward> hah BGP is at play I see
<teward> sdeziel: I usually consider in a Multi IP scenario SNAT/DNAT is better than the MASQUERADE functionality in iptables
<teward> just from experience
<baffle> sdeziel: I totally agree.
<sdeziel> teward: agreed but I would still expect MASQUERADE to do the right thing in such scenario
<teward> sdeziel: my two cents is I call masquerade a 'hackish' way to SNAT/DNAT automagically.
<teward> just my thoughts on it :P
<sdeziel> this automagic should be reliable ;)
<teward> sdeziel: when is anything networking related EVER reliable :p
<sdeziel> teward: lo is pretty reliable but that's the exception
<baffle> Now the /32 is the first IP on both interfaces, but MASQUERADE still chooses the link-net as NAT source. Â¯\_(ã)_/Â¯
<baffle> Guess I'll have to disable the automatic creation of NAT rules in Docker. Maybe it's time to check if they've added more functionality..
<teward> sdeziel: well other than that lol
<sdeziel> baffle: oh well, I was wrong (again) :P
<teward> baffle: to be fair in my containerized environments (EXCEPT for this laptop, because it has only 1 IP lol), i never trust MASQUERADE to do what I want lol
<teward> always SNAT everything :P
<teward> my two cents.
<baffle> teward: I don't think I have a choice.
<Mudchains> i love it when a old optimized my.cnf of mysql5.0 fixes the new slow installed mysql5.7 server
<Mudchains> first i changed the scsi controllers, but then ubuntu didnt start up anymore haha
<baffle> sdeziel/sarnold/teward++: Thanks for all the help!
<sdeziel> baffle: yw
#ubuntu-server 2019-01-23
<ansyeb> hello. so I found ssh remote forwarding on one of my servers. tunnel is litening on :22001. how to find out where the other side of that tunnel is?
<lotuspsychje> ansyeb: see also the #openssh channel
<ansyeb> already talking there
<ansyeb> but the solution doesnt work for me yet ((
<lotuspsychje> ansyeb: can nmap help you findout ?
<herald85> goodmorning everyone. new attempt: I keep having issues with apt trying to download linux-headers but failing. I've tried several mirrors but it keeps saying "Failed to fetch http://gb.archive.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-4.4.0-141_4.4.0-141.167_all.deb" .
<tomreyn> herald85: did you run "sudo apt-get update" before you tried to install the headers? also, there should have been a second line of out put regarding this gb.archive.ubuntu.com server which should explain why it failed. please post the full output tpo a pastebin. note that i may have to leave any minute now, but this will help others diagnosing this issue.
<tomreyn> ansyeb: try "netstat -plnt | grep -F ':22001'" or "lsof -i :22001"
<herald85> tomreyn:   https://gist.github.com/fboux0/8fa835fd5ef2dfbff659a7a51524d9dc   only three packages because I installed the rest with ' apt upgrade --fix-missing' which cause apt to skip the headers
<tomreyn> herald85: let's ignore gb.archive.ubuntu.com for now and focus on security.-ubuntu.com, which there are also errors with (probably for the same reason). your system resolves the security.ubuntu.com hostname correctly to 91.189.88.152 but fails to connect to it. this can be due to firewalling on your LAN (your ubuntu system, your router, the router / firewall of the network your computer is in).
<tomreyn> another possible explanation is that your internet provider routes traffic to this ip address to a mirror server they run, but this is less likely, and they shouldn't be doing that for security.ubuntu.com.
<tomreyn> herald85: got to run. i *may* be back in 10 minutes.
<tomreyn> herald85: i'm back if you still need support - i've missed anything you may have said since i last spoke, though (feel free to PM).
<herald85> tomreyn:  thanks , I wanted to verify on the fortigate but the firewall dudes are MIA
<tomreyn> hehe, the common issue. you should run a fortimanager (virtual) appliance (in a VM) so everyone who is entitled to can view (but not modify) the current configuration.
<herald85> I updated the gist if I try just wgetting a random file on security.ubuntu it works, if I try the linux-headers via security.ubuntu ... nothing.
<tomreyn> i'd need the url again, lost all context
<herald85> https://gist.github.com/fboux0/8fa835fd5ef2dfbff659a7a51524d9dc
<herald85> oh ... wait... it worked now. huh.
<herald85> wget failed 4 times then the 5th it was able to download
<herald85> does this work for you ?        wget http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-4.4.0-138_4.4.0-138.164_all.deb
<tomreyn> herald85: yes, this works
<tomreyn> you should use curl to test, though, with the --resolve option
<tomreyn> herald85: i assume that some of the ip addresses security.ubuntu.com resolves to are whielisted in your firewall, but not all of them
<herald85> mmh could be
<herald85> they assured me it wasn't blocked but well .. let's visit them again :) thanks tomreyn
<tomreyn> hmm no actually this theory is false since your gist shows that you had both a successful download and an error on this same ip address.
<tomreyn> so you have intermittent tcp connect issues to http://91.189.88.152:80
<herald85> I'm going to try rule out any network issues first, test outside firewall etc
<tomreyn> sounds good.
<tomreyn> herald85: things you can try: tracepath / mtr / traceroute, to see whether your route is to the target is mostly static and whether there is may be a broken router somewhere.
<tomreyn> also: sudo apt-get -o 'Debug::Acquire::http=1' update
<tomreyn> for a workaround, switching to https *may* work, but not all mirrors support it
<tomreyn> https://github.com/tomreyn/scripts/blob/master/ubuntu_archivemirrors_https returns a lit of archive mirrors supporting httpS, but doesn't check whether they support your release or mirror security patches.
<ansyeb> hello. "ln -snf /srv/www/.shared/TEST $WORK_DIR/releases/$TIMESTAMP/TEST" on a machine works well. but when executed by gitlab-runner over ssh, somewhy it cuts the /srv/www/.shared part and virtually tries to ln /TEST that does not exist
<ansyeb> why???
<ansyeb> of course fails and I can not deploy
<ansyeb> executed as same user, both manually and during a job
<tomreyn> ansyeb: is this an ubuntu system, since /srv/www is not a standard path on ubuntu
<ansyeb> Ubuntu 16.04.1 LTS
<ansyeb> path can be anything
<tomreyn> uh, do you not install security patches then?
<ansyeb> could this be the reason to my issue?
<tomreyn> 16.04.5 is current
<tomreyn> unlikely
<tomreyn> but it'll be difficult to diagnose this without more context, and even then it looks very much like a scripting issue, not one with ubuntu
<dexterfoo> hello. i have an ubuntu server hosted on digital ocean. with the default install, will the system clock ever be adjusted? do i need to set up automatic adjustment to the system clock if i am doing regular web stuff?
<ahasenack> kstenerud: hi, can you perhaps run the verification steps of https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1606331, since the reporter hasn't yet?
<ubottu> Launchpad bug 1606331 in tomcat8 (Ubuntu Xenial) "StringIndexOutOfBoundsException - Tomcat8.0.32" [High,Fix committed]
<ahasenack> I'm cleaning up pending MPs, and found that one
<kstenerud> sure
<ahasenack> I have one like that myself, backuppc
<rbasak> dexterfoo: systemd-timesyncd is enabled by default on Bionic. And Xenial I think.
<rbasak> For how that impacts DO's virtual environment you'll have to ask their support I guess.
<ansyeb> anyone using gitlab here? gitlab IRC channel is pretty much dead
<lotuspsychje> !crosspost | ansyeb
<ubottu> ansyeb: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.
<Deihmos> Any use auto mount on server 18.04
<Deihmos> Testing Ubuntu server. Hard as hell configuring things without a GUI. How do you manage?
<teward> Deihmos: research and learning how everything works on the CLI :P
<teward> lots of time and effort into that too
<baffle> Deihmos: Experience helps..
<Ussat> whats a GUI ?
<sarnold> Deihmos: after a while I suspect you'll find the gui gets in the way more than it helps. it's not a bad way to keep multiple terminals visible on screen at once..
<sarnold> Deihmos: once a guy needed to issue a command along the lines of: "sudo chmod 755 /var/www
<teward> sarnold: i'm sorry don't you mean `chmod 777` :P
<sarnold> Deihmos: .. and proceeded to spend four hours figuring out how to run nautilus as root and wreck the permissions on who knows how many other files ...
<sarnold> teward: lol
<Deihmos> Nah too much typing
<Deihmos> Time consuming
<Deihmos> will this work to remote desktop https://www.interserver.net/tips/kb/install-xrdp-ubuntu-server-xfce-template/
<tomreyn> Deihmos: unless you insist on using the rdp protocol, i'd recommend using either x2go or (ssh tunneled) vnc instead.
<Deihmos> all my other computers are windows and at work i have windows
<Deihmos> i cannot install those software but can rdp
<Deihmos> if i install that wouldn't the server boot to a gui?
<Deihmos> or can i have the gui only when i rdp
<tomreyn> it will need to run the daemons but doesn't have to do the graphical processing.
<tomreyn> the right way to manage a linux server remotely is, of course, through the shell, though
<Deihmos> too tideous to move files
<tomreyn> why so?
<Deihmos> tedious
<tomreyn> you can still use a GUI on the client
<Deihmos> like if i want to transfer a file from my local pc to a folder on ubuntu server it is just too much of a hassle
<tomreyn> if you have a windows client, you could use winscp for example
<Deihmos> or auto mount my usb is a hassle
<Deihmos> by installing gnome disks i can get it up and running with a few clicks
<tomreyn> enabling automounting is a one-time configuration
<Deihmos> not sure which guide to follow
<Deihmos> so many different methods. gnome disks has a setting to auto mount. i wonder if it edits whatever file that is needed
<tomreyn> https://help.ubuntu.com/community/Mount/USB#Auto-mounting_.28Ubuntu_Server.29
<Deihmos> i followed that guide. recommends installing usbmount but it didn't work
<tomreyn> i assume gnome-disks uses gio
<Deihmos> yes and it is simple
<tomreyn> "didn't work" isn't going to get you very far in terms of volunteer support ;-)
<tomreyn> but if you got a solution you are happy with, that's cool
<Deihmos> i searched and there is some issue with 18.04 and usbmount
<tomreyn> i'd say: whatever floats your boat.
<sarnold> Deihmos: iirc putty supports sftp
<sarnold> Deihmos: if it doesn't, find a windows client that does..
<tomreyn> well winscp (despit ethe name) does, and surely has a better gui than putty.
#ubuntu-server 2019-01-24
<Deihmos> winscp looks interesting. trying it out now
<Deihmos> yep this is perfect
<Deihmos> is there a command to see resources used?
<sarnold> hundreds :)
<sarnold> Deihmos: this is a decent very fast introduction http://www.brendangregg.com/blog/2015-12-03/linux-perf-60s-video.html
<killown> what does that mean AppArmor parser error for /etc/apparmor.d/usr.sbin.mysqld in /etc/apparmor.d/usr.sbin.mysqld at line 74: syntax error, unexpected TOK_CLOSE, expecting TOK_END_OF_RULE
<killown> error after apt upgrade
<killown> invoke-rc.d: initscript apparmor, action "reload" failed.
<killown> isn't ubuntu server supposed to be stable?
<killown> it's just a fresh install without update for two months
<killown> ubuntu 18.04...
<lotuspsychje> killown: without update?
<lordievader> Good morning
<ahasenack> good morning
<ahasenack> I forget, the installation tests done in the migration step, are they done with -proposed enabled overall, or just for the package that is undergoing migration?
<evit> Does anyone know if the Ubuntu Repo PHP PEAR package is affected by this https://www.grahamcluley.com/poisoned-pear-php-extension-repository-download-infected-for-up-to-six-months/
<rbasak> evit: I expect so, yes, based on that article. It sounds like the compromise was in the repository. The point of the Ubuntu Repo PHP PEAR package is to connect to that external repository.
<evit> rbasak, Should I remove the package till it is updated? What are others doing?
<rbasak> evit: the package isn't the vulnerable part.
<rbasak> You'll need to track what others are doing upstream. You aren't any different from those on other distributions or installing from upstream sources who use PEAR.
<evit> Is it just the single go-pear.phar file?
<evit> The tightlipped (lacking in details) response from the PHP/Pear team doesn't help
<kstenerud> some investigation into openvpn service: "service openvpn start" changes state to "active (exited)", regardless of whether --daemon is specified or not.
<kstenerud> The "state" of the openvpn service doesn't affect nmcli behavior. You can start and stop VPN connections regardless of whether it's active or not.
<kstenerud> There are also no processes running when the service is "active"
<rbasak> It sounds like there's a general problem if it still stays active, but not related to the --daemon bug report I think then?
<kstenerud> From what I can tell, it doesn't need a service at all...
<kstenerud> Everything works regardless
<kstenerud> Or maybe that's just with network manager?
<kstenerud> The only time an openvpn process opens is when you nmcli start a VPN connection
<sdeziel> kstenerud: "systemctl cat openvpn" shows that it only calls /bin/true so probably not what one wants
<sdeziel> kstenerud: on the CLI, the new way is to call "service openvpn@$foo start" or "service openvpn-{client,server}@$foo" where foo is the name of the .conf file
<Deihmos> why would ubuntu use swap when there is so much ram
<kstenerud> sdeziel: Where would these .conf files be?
<sdeziel> kstenerud: for the openvpn@ version they are in /etc/openvpn/*.conf. for the openvpn-{client,server}@ ones, in /etc/openvpn/{client,server}/*.conf
<ahasenack> careful, there is an hierarchy
<ahasenack> there's /lib/systemd, /etc/systemd, and /run/systemd (not 100% about the path for the last one)
<sdeziel> ahasenack: those path are for the unit definition not the config of the OpenVPN instance
<ahasenack> sdeziel: ah, right
<ahasenack> sorry
<sdeziel> kstenerud: try "systemctl cat openvpn{,-client,-server}@" and you'll see they set a workingdir and tune execstart
<kstenerud> so is that the same as the .sesame dir in the homedir?
<sdeziel> ahasenack: hehe, always good to make people aware of those multiple hierarchy being in play
<sdeziel> kstenerud: sorry, never heard about a .sesame dir
<rbasak> That's a Canonical-internal thing for our VPN configuration.
<sdeziel> hmm
<sdeziel> kstenerud: I'm not familiar with the above but if it resides in $HOME, openvpn-client@ will by default not have access to files in there due to the ProtectHome=true it has. Dunno if that's relevant for you but I'd though I'd mention this little gotcha
<sdeziel> err, this ^ applies to all openvpn instance units in fact
<sdeziel> Deihmos: what's the output of "free -mt"?
<Ark74> Hello guys!
<teward> *sits on Ark74*  (I'm in here too LOL)
<teward> @Ark74: FYI that on Xenial HTTP/2 support is spotty because of OpenSSL lib versions and such
<Ark74> I'm looking forward http2, I've build apache2 (2.4.34) from disco, but seems it doesn't have http2 enable
<teward> Ark74: a2enmod http2 does nothing?
<Ark74> teward, yeah, I had to backport several packages openssl 1.1.1a included
<Ark74> it does, I mean it links to /usr/lib/apache2/modules/mod_http2.so
<Ark74> I've configured h2 in apache
<teward> I know that in Bionic it's got HTTP2 support via nghttp2 package.
<teward> and Cosmic and assumingly Disco, but that's not in my radar typically
<Ark74> but it keeps serving http/1.1
<teward> backporting that to Xenial will meet you with mixed results (you're probably better off just upgrading)
<teward> Ark74: how're you testing?
<teward> Ark74: do you have HTTPS enabled?
<teward> which is part of http2's requirements?
<teward> most browsers don't support HTTP/2 without HTTPS enabled as well
<Ark74> loading the browser page with DevTools and also using nghttp client
<Ark74> I've tried apache2 ppa with http2 support
<Ark74> and it worked
<Ark74> I'm trying to backport form oficial packages
<Ark74> yeah, https is used
 * Ark74 points -> https://launchpad.net/~ondrej/+archive/ubuntu/apache2
<teward> on DIsco or on Xenial?
<teward> Pretty sure trying to do this on Xenial will fail without some workl
<tomreyn> also there's no disco builds on this ppa
<mason> LXD question if anyone knows - if I want to point LXD to a local dataset when I run lxd init, it sees that and makes some datasets under it, but then "lxc profile show default" says "path: /" and "pool: local" and I see /var/lib/lxd on root being populated. Do I need to have my target dataset mount on /var/lib/lxd? Is the fact that I didn't define a mountpoint problematic, and it'd have been happy
<mason> planting itself anywhere as long as it had a mountpoint? I'm brand new to LXD and curious about this.
<Ark74> teward, the ppa is for Xenial.
<Ark74> I'm using apache2 shipped on disco (2.4.34)
<Ark74> hoping it is included there, but seems it doesn't
<rbasak> mason: try #lxcontainers (IIRC)
<mason> rbasak: ty
<mason> It seems to exist. Thank you. Asked there.
<mason> Of course, they're all quiet in there. I guess I'll test on a VM later and let it create a pool, and see how it handles the mountpoint.
<rbasak> The lxd developers do hang out in there, but perhaps they're not available right now.
<mason> Mm, no idea what timezones they inhabit.
<sdeziel> mason: AFAIK, no need to have anything mounted in the host, lxd takes care of that
<Ark74> the question remains, does apache2 (2.4.34)on disco have http2 support?
<Ark74> thanks!
<mason> sdeziel: Hm, it seems not to do that, though - the init clearly creates datasets below the one I specify, but then everything populates inside /var/lib/lxd and the dataset is left untouched.
<mason> sdeziel: What you're describing is what I'd have expected.
<sdeziel> mason: what's the storage backend you are using?
<mason> sdeziel: ZFS, specifying a dataset that's part of an existing pool.
<sdeziel> mason: OK great, so that matches my setup. So to be sure I understand your problem, if you stop a container then manually mounts it's fs, you have nothing?
<mason> The tutorials all show the admin letting LXD create pool, so it's easy enough to do that and see what it sets up.
<mason> sdeziel: I am at the very beginning. Didn't notice this until I didn't see the dataset untouched as I was downloading a container.
<sdeziel> mason: the downloading doesn't touch the storage pool
<sdeziel> mason: IIRC, it stores temporary files in /var/lib/lxd
<mason> Hrm.
<mason> Maybe I've misread the lxc profile show default output then. That's possible too.
<teward> Ark74: let me spin a container and test.
<teward> i'm still doing stuff at work lol
<Ark74> teward, Thanks!, please take the time you need, I'll be around the whole day if necessary
<Ark74> :)
<tomreyn> disco is: /join #ubuntu+1
<tomreyn> https://httpd.apache.org/docs/2.4/howto/http2.html#building states you need to ./configure with --enable-http2 during build time to create the mod_http2 module, and this module is included in disco packages: https://packages.ubuntu.com/disco/amd64/apache2-bin/filelist
<tomreyn> the other requirements of "at least version 1.2.1 of libnghttp2", at least version 1.0.2 of openssl" are also satisfied.
<teward> Ark74: #ubuntu+1
<teward> tomreyn: Ark74: in the interim, confirmed it works.  https://paste.ubuntu.com/p/JN6q3n7F3j/
<teward> disco container, bionic host with cURL calls and verbose output, showing the SSL negotiation and the use of HTTP/2
<tomreyn> i haven't checked whether "LoadModule http2_module modules/mod_http2.so" is included by default, may require "a2enmod http2"
<teward> Ark74: so you've got a misconfigure somewhere most likely.
<teward> tomreyn: it needs a2enmod http2 which i said above
<teward> tomreyn: it also needs enabled with a Protocols directive to include h2
<teward> i included an example ssl config that works with http2 as well using the default site/docroot/welcome page
<tomreyn> right makes sense
<Ark74> teward, hmmm, yeah then I'll make the same test as you to confirm on my side then go back in my footsteps see where it broke
<teward> Ark74: note you'll need ssl-cert as well to use the template I gave.
<teward> which generates snakeoil certs
<teward> and now to put better thermal pads on my laptop's mosfets.  back later.
<Ark74> yeah, don't worry I got that covered
<Ark74> thank you very mush teward
<teward> *returns*
<teward> Ark74: you're welcome.  Sorry to constantly claim you did it wrong, but yeah with the tests provided it should give you the ability to test yourself :)
<teward> (sorry I had to go into a meeting right after I got the thermal pads on my MOSFETs to help with cooling)
<Deihmos> https://usercontent.irccloud-cdn.com/file/GxXwrqhv/IMG_0149.JPG
<Deihmos> sdeziel: see pic
<sdeziel> Deihmos: pastebinit for next time
<sdeziel> Deihmos: looks like some tasks needed a lot of RAM in the past pushing some unused chunks to be put to swap to free RAM
<sdeziel> Deihmos: you may want to use "vmstat" to check if there is some I/O traffic to/from swap. This will tell you when something is actively causing swap to occur
<Ark74> teward, no problem, I'm aware of the high chances getting something wrong. It's great to have the confirmation, though
<Ark74> teward, yep. Confirmed (yet again). apache2 2.4.34 has http2 capabilities ;) my backport compilation surely was broken.
<silentfury> Hi there. Setting up an ubuntu linux lab on an old ibm systemx server i have. Would I be better to go with the latest release 18.10 or or the 18.04 lts?
<benharri> lts
<benharri> generally preferable to use lts releases on servers
<silentfury> even if it's just a test lab?
<benharri> 18.10 will have some newer packages
<sdeziel> silentfury: none LTS releases are only supported for 9m so probably worth it if you need something not in the previous LTS and also want to upgrade your lab frequently
<sdeziel> s/none LTS/non-LTS/
<silentfury> i'll try out 18.10 then. we'll see if it even likes this old hw i have
<benharri> if you don't mind upgrading with each non-lts release, then go for it
<silentfury> yeah, im mostly a windows server guy, so that's par for the course
<sarnold> silentfury: LTS releases if you just want things to work, non-lts releases if you like filing bug reports :D
<silentfury> i'll keep that in mind
<lunaphyte> is there a dpkg mechanism or such that controls the contents of /etc/initramfs-tools/conf.d/driver-policy ?
#ubuntu-server 2019-01-25
<Deihmos> winscp makes it really easy to access the server files. is there any other tool similar to it?
<sarnold> filezilla? downloadzilla? something like that.. I think also does sftp
<oskie> hello, does one need ntp package for time synchronization in bionic, or is the default systemd timedated stuff enough?
<ducasse> oskie: timedated is enough
<lordievader> Good morning
<kstenerud> I'm getting a strange error in openvpn:
<kstenerud> Jan 25 09:42:17 tester ovpn-uk-kstenerud[2111]: Options error: --ca fails with '/home/karl/.sesame/canonical_ca.crt': No such file or directory (errno=2)
<kstenerud> and yet: # ls /home/karl/.sesame/canonical_ca.crt
<kstenerud>  /home/karl/.sesame/canonical_ca.crt
<blackflow> Clusterer: how about you fix your connection eh?
<lordievader> kstenerud: Can the user running openvpn read that file?
<kstenerud> It turns out that it can't read things in user directories, even if started by root
<kstenerud> even if the user directory is owned by root
<kstenerud> even if the user doesn't exist
<herald85> kstenerud: maybe apparmor is intervening? If it were RHEL i'd look at selinux
<kstenerud> I was able to get it to work by copying the files into /etc/openvn and updating the conf file
<kstenerud> this was in a standard bionic vm via uvt-kvm
<kstenerud> nothing in journalctl mentioned apparmor issues
<mdeslaur> rbasak: hi! are you working on mysql 5.7.25 in debian?
<rbasak> mdeslaur: I think Lars has prepared it, but it's probably waiting on me to upload or something.
 * rbasak needs to give Lars a DM upload bit.
<rbasak> mdeslaur: how can I help?
<mdeslaur> rbasak: oh, was just wondering if it was being worked on, no rush
<mdeslaur> rbasak: thanks
<Deihmos> Wondering if I should install 18.10. Probably no benefit
<teward> Deihmos: if this is a production install and not 'testing' or 'development' i'd probably not install 18.10
<teward> but I also don't know what the original problem(s) if any you were having were
#ubuntu-server 2019-01-26
<cryptodan> I dont like the new installer for ubuntu server lol
<sarnold> the old debian installer's still around somewhere
<sarnold> and please file bugs :)
<cryptodan> its really confusing especially the partitioning area
<lotuspsychje> or browse current ubiquity bugs, there are quiet a few :p
<cryptodan> but I will say the new server loves ubuntu 18.04 its fast and smooth
<cryptodan> when I get my new backplane for my 8 600gig Drives I can then fully retire my dell 4600 thank you aacraid bug
<elsheepo> Can anyone here please help me setup subdomains with apache2?
<cryptodan> netplan is pretty straight forward
<cryptodan> can I remove the Ubuntu Cloud Image?
<lbracher> Hi there! I'm trying to permit password authentication over ssh on a server but I'm failing. I put PasswordAuthentication yes on sshd_config, restarted sshd and set password using passwd. I can see my login attempts on auth.log. Do you have more ideas? What I'm missing?
<blackflow> lbracher: did you unlock the account as well with passwd -u  ?
<lbracher> blackflow, it worked! Thank you so much! :)
<lotuspsychje> cookie blackflow :p
<hadifarnoud> do you guys know any easy to use tool for backup and restore elastic?
<lotuspsychje> !backup | hadifarnoud
<ubottu> hadifarnoud: There are many ways to back your system up. Here's a few: https://help.ubuntu.com/community/BackupYourSystem , https://help.ubuntu.com/community/DuplicityBackupHowto , https://wiki.ubuntu.com/HomeUserBackup , https://help.ubuntu.com/community/MondoMindi - See also !sbackup and !cloning
<hadifarnoud> what about this? https://github.com/taskrabbit/elasticsearch-dump
<lotuspsychje> hadifarnoud: for git support, contact the maintainer of the git please
<hadifarnoud> this is not a git support
<lotuspsychje> sorry?
<lunaphyte> the mysql config file includes both conf.d/* and mysql.conf.d/* - why is there a split of included config files between these two directories?
<how2hack> hi, i've got cups installed in ubuntu server and i want to share a windows printer (pdfcreater) but cups can't find it, when i go to add printer i can't see windows printer via samba, the printer is shared
<how2hack> do i need to install any package for cups to support windows printers via samba?
#ubuntu-server 2019-01-27
<JanC> how2hack: is there any reason why you have to use âpdfcreaterâ?  (e.g. CUPS has its own PDF creation driver)
<JanC> also, it seems like you have to enable LPD support on the Windows PC to use it from CUPS
<JanC> see e.g. https://danielgibbs.co.uk/2012/03/printing-from-cups-to-a-printer-attaches-to-windows-xpvista7/
<JanC> or http://www.printmanager.com/cms.php?aid=82&fullpage=1&support=8
<how2hack> well it's just homework, the problem is ubuntu server 18.10 (the version i installed) is missing the smb backend
<how2hack> i copied the binary from my computer to the vm, but for some reason it doesn't work
<how2hack> i'm checking the links, thanks
<JanC> you mean you copied a Windows printing driver binary to linux?
<how2hack> no, the cups smb backend from my linux system to the ubuntu-server vm
<Deihmos> when server boots it flashes fw status recovery error for a split second
<Deihmos> no idea what it means
<SJr> Did openjdk-8 get removed from Ubuntu 18.04?
<SJr> Nevermind
<Deihmos> does server have built in backup and restore?
<andol> Deihmos: Aside from there being suitable software availible in the package repos, no.
<Deihmos> i wonder if acronis will work. looking into it
<blackflow> Deihmos: i'd use either filesystem snapshotting capabilities like btrfs or zfs have (+ offsite send|recv), or base it on rsync with something like rsnapshot.
<tanja84dk_> I have just got a weird error when I tried to ssh into my online server that I have not tried before. It asked to add the shh fingerprint to the known_host file because I have not visit the server from that client before so I said yes. Then it said right after it added it that the host key differs from the key for the ip
<tanja84dk_> how come could it differs when it just have added it
<kinghat> does ubuntu server block ports 80/443 by default? i have them forwarded to the machine but am having timeout issues with lets encrypt.
<kinghat> https://www.irccloud.com/pastebin/TMXMsAHq/
<kinghat> this is a scan i did from outside the network: https://usercontent.irccloud-cdn.com/file/jtnWLfMB/image.png
<tomreyn> kinghat: ubuntu server does not filter any ports by default.
<kinghat> huh
<blackflow> kinghat: you can check with `iptables -L -n`   and ip6tables for ipv6
<kinghat> ya i dont see anything in there about 80 or 443. though i do see that one of my docker containers mapped to port 9000.
<kinghat> https://paste.debian.net/hidden/5cb118d8/
<tomreyn> kinghat: it's not uncommon that cable television (as well as DSL) providers restrict / block traffic to and from specific ports.
<kinghat> so i added ports 80/443 in another section on my router and i got a little further: https://usercontent.irccloud-cdn.com/file/yPVQpFGw/image.png
<kinghat> and now only an issue with the hostname? odd: https://paste.debian.net/hidden/634648bf/
<kinghat> actually. if i scan it over and over again it goes from being closed to filtered.
<kinghat> hmm
<blackflow> kinghat: there's no response at port 80
<kinghat> they are bouncing between filtered/closed when i scan from outside my network. odd
<tomreyn> your isp doesn't even allow anyone not in US to visit their corporate website - all traffic dropped.
<kinghat> huh?
<tomreyn> kinghat: this is kind of !ot here, but i'm happy to discuss in #ubuntu-offtopic
<JanC> every ISP that blocks foreign IPs from accessing their website should be blackholed by all other ISPs
<SJr> Um what is the recommended way to install java 11 on Ubuntu 18.04, given that java-11 is actually java 10 in the packages?
<blackflow> eww unicode in irc
#ubuntu-server 2020-01-20
<jmadero> hi all, I'm trying to sync up various systems with three users - I'm having a nightmare of a time getting ownership to work right
<pragmaticenigma> jmadero, Synology does appear to have the ability to work as an rsync server directly. Perhaps that might be an avenue to persue?
<pragmaticenigma> jmadero, I found this article that sounds really close to what you're attempting to do: https://gnax.io/backup-to-your-synology-nas-with-rsync/
<jmadero> pragmaticenigma: hm, not a bad idea. I've never heard of an rsync server before
<jmadero> I'll read that real quick
<pragmaticenigma> jmadero, I've done it with a few of my machines. Rsync has a server service/daemon option. The purpose is so that when you do remote sync'ing, the rsync application only has to do the analysis of the files on it's side, it then uploads that information to the rsync service, which keeps it's own analysis. Then the rsync server sends back what files need to be syncronized. It's designed to reduce the amount of data required
<pragmaticenigma> back and forth to do the file signature checking between the two systems.
<jmadero> hm - not convinced this will work still but investigating
<jmadero> well, this is surprising, running rsync from synology and using ssh is running incredibly fast
<pragmaticenigma> not surprising
<jmadero> way faster than my new i7
<jmadero> new interesting result, running rsync from Synology with ssh to client results in correct user, incorrect group though
<pragmaticenigma> I personally could live with the wrong group, so long as I can access my files
<jmadero> issue would be that when it loses group the other users can also access it
<jmadero> this is all more an intellectual experiment than anything, I honestly don't care if my wife has access to my home folder :-b but, not being able to resolve this is going to make me lose my mind
<pragmaticenigma> that's the only concern i have is if you're litterally syncing the entire home folder as one unit... It would be preferred that you only sync what is within the home folder... that way the root of the home user directory retains it's group value and permissions
<jmadero> pragmaticenigma: that's true, then there would be just minor hiccups (for instance when it modifies my ssh keys and makes them unusable with bad permissions)
<jmadero> I'm doing a roundtrip sync right now using Synology as the rsync "runner", seeing what happens with my permissions
<pragmaticenigma> which is why I personally wouldn't venture down this path. Sure it's nice to have everything sync'd, same backgrounds on all machines etc. But I have always found it more of a pain in the long run
<pragmaticenigma> tweaks that you use for one machine, may not work on another, and as you go further down the hole, other things will catch
<pragmaticenigma> If it were just a matter of sync'ing music, videos and documents, I would only set those up to be sync'd
<pragmaticenigma> settings and config files don't always migrate well from machine to machine
<jmadero> yeah, I'm finding that to be true haha but, going to fight giving up a bit longer
<jmadero> maybe I'll come up with some stupid hack that works - including the almighty "setPermissions.sh" script that runs after every rsync and just sets everything right haha
<pragmaticenigma> and I'm also a big fan of not sync'ing my ssh keys, as if a machine were to become compromised or lost. I only have to remove the key for that computer. I don't have to go to all my other machines and reset them up
<jmadero> yeah I actually may exclude the .ssh directory
<pragmaticenigma> I wish you luck there jmadero ... I've gotta sign off for now.take care
<jmadero> pragmaticenigma: thanks for helping, you've given me lots of ideas to try
<Wally> Ubuntu is crashing on first login when I set it up with AD. Not sure why. Replicated it on another machine, all the steps were completed. It works fine after first login
<lordievader> Good morning
<rbasak> Teikoman_fi: o/ I wrote uvtool
<rbasak> There's a PPA if you want --network-config in older releases
<rbasak> https://launchpad.net/~uvtool-dev/+archive/ubuntu/master
<rbasak> However that's unofficial of course
<rbasak> And uvtool is now ported to Python 3, so it's not going to work with old releases that don't have the libvirt Python 3 bindings
<Teikoman_fi> rbasak: oh hey, yeah at the time I went bad route and applied adams patch directly but I did however test that the devel side does work too.(I even cloned devel locally yesterday and started trying to figure out what it does command wise)
<rbasak> Teikoman_fi: not sure what you mean by porting to virt-manager - if you use uvtool, virt-manager should see the created VMs and you can continue there
<rbasak> Do you mean a GUI version?
<Teikoman_fi> virt-manager is deprecated as far I know and RHEL is replacing it with Cockpit
<Teikoman_fi> probably the gui version
<rbasak> Ah I didn't know that
<Teikoman_fi> I am glad it was ported to Py3(makes easier to read from what I have deciphered so far) and will see how badly everything breaks if I try update our main dedi to that one :S
<lordievader> Is it deprecated? Last version is from july last year.
<Teikoman_fi> lordievade: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/deprecated_functionality sect:  7.11 mentions it being deprecated
<Teikoman_fi> Cockpit is nice tho it lacks features specially on VM side which is one of the reasons I wanted to see what Uvtool is doing command wise
<rbasak> Teikoman_fi: uvtool glues three things: simplestreams to maintain a local store of cloud images, cloud-init for getting the cloud images to do the right thing on boot, and libvirt to set it all up.
<rbasak> If you have any specific questions I'd be happy to go into more detail
<rbasak> Flaky connection here though
<lordievader> Not sure if there is a difference, but is this not RHEL deprecating virt-manager in favour of cockpit, rather than virt-manager being deprecated?
<rbasak> virt-manager's VM setup process always seemed very installer-oriented to me, as if cloud images aren't a thing
<rbasak> Perfect for installer testing, but not so much for the "quick VM please" use case
<rbasak> Though that can't be hard to add
<Teikoman_fi> yeah and lately I have found myself loving the cloud images more where uvtool kicks in like a champ and well since the network-config functionality was added it pretty much fixed the main issue I had with the dedi provider as they do have some weird network things ongoing
<rbasak> Thank you for the compliment :)
<Teikoman_fi> I only have 1 odd issue with uvtool but it's something that arp -a + virsh domiflist fixes quickly
<Teikoman_fi> if I create a VM that uses additional ipv4 from network-config, for some reason uvt-kvm ip <vm> is unable to get the IP of that box therefor I need to use some superglue awk + grep magic to pull mac from domiflist and try match it with the arp -a response :)
<rbasak> Yeah uvtool's IP address determination is heuristic only and doesn't understand any configuration customisation such as adding another IP
<rbasak> All we can do is add additional heuristics on a case by case basis
<rbasak> Bug 1825263 is for your particular case I think
<ubottu> bug 1825263 in uvtool "uvt-kvm wait fails when there is a second NIC" [Wishlist,Triaged] https://launchpad.net/bugs/1825263
<Teikoman_fi> rbasak: Currently this pasta is what I use(currently broken but more or less for reference) https://paste.ubuntu.com/p/Yr74KRrz3C/ that would list me the VMs in general with their name, mac, ipv4, status and bridge
<rbasak> Thanks! Maybe paste that into the bug for others?
<Teikoman_fi> idea would be to try replicate what virsh does with `virsh net-dhcp-leases <network>` but with multiple VMs without  having to specify the network or machine specifically.
<Teikoman_fi> sure, just need to try fix it as said it's not fully working(only returns 1 VM from 2 for whatever reason)
<Teikoman_fi> Now I am just wondering that how safe is it to try get the master ppa as 18.04 shows latest possible is 140 and how badly will the existing machines break after the update since the 140 was patched with adams blog patch file(as it was required for Hetzner to even work)
<Teikoman_fi> rbasak: so tried fixing it abit and now it's pretty much this(with the output after #): https://paste.ubuntu.com/p/2n7w9qfc8D/ sadly I am not sure if it's really useful for the Bug 1825263 at all and ofc this does not cover if you have multiple NICs(not tested) plus this is with direct network-config IP mapped VMs to public ipv4 without private network routes.
<ubottu> bug 1825263 in uvtool "uvt-kvm wait fails when there is a second NIC" [Wishlist,Triaged] https://launchpad.net/bugs/1825263
<ackk> hi, I have a netplan question, is this the right place to ask?
<lordievader> ackk: If it isn't we'll let you know ;)
<ackk> lordievader, :)
<ackk> so, I have a container with a single eth0, I added netplan config to create a br0 bridge with eth0 in it (setting the bridge mac to the one of the eth). now if I revert the original config with just eth0, netplan doesn't seem to do anything
<oerheks> are you sure it is eth0 ?
<oerheks> ifconfig would show the names of interfaces
<ackk> oerheks, wdym?
<lordievader> OerHeks: ip link show these days ;)
<lordievader> ackk: Did you re-apply the netplan config after changing it? (I don't use netplan but vaguely remember that you have to re-apply the config after change)
<ackk> https://paste.ubuntu.com/p/R8PzyFPtjP/ is the config I aded
<ackk> lordievader, yes. and I actually now noticed that br0 doesn't have an address anymore (but it's still there) but also eth0 didn't get an address
<lordievader> ackk: Do you have bridge-utils installed?
<ackk> lordievader, https://paste.ubuntu.com/p/TmypGVDnMt/
<ackk> lordievader, no
<ackk> I thought those were deprecated too?
<ackk> ip l del should do?
<lordievader> True, they are. Just like the output more than iproute2's version.
<ackk> lordievader, +1
<ackk> ip makes it very hard to see what's in a bridge
<lordievader> ackk: What is the output of bridge link?
<ackk> 25: eth0 state UP @if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 2
<ackk> lordievader, ^
<lordievader> So eth0 is part of the bridge.
<ackk> yes
<lordievader> Is br0 set to dhcp?
<lordievader> Is there a dhclient running for br0?
<ackk> lordievader, well not anymore, I removed it. to be clear, adding the config from the first paste gave me br0 correctly working (with an ipv4 and eth0 in it). what I was trying to do is to revert to just eth0
<ackk> lordievader, no
<lordievader> Oh, you are trying to remove the bridge interface? And just do dhcp on eth0?
<lordievader> In that case read https://wiki.archlinux.org/index.php/Network_bridge#With_iproute2
<lordievader> It shows you how to create the bridge, show it, and remove it again.
<lordievader> Then define your netplan config how you want it and apply that.
<rbasak> Teikoman_fi: yeah that makes sense. Thanks anyway!
<Deihmos> etwork installer for the server ?
<Deihmos> isn't there a network installer for the seerver
<tomreyn> Deihmos: what are your requirements, what are you looking for in a "network installer for the server"?
<tomreyn> pxe booting? downloading updates during installation?
<Teikoman_fi> Hmmph almost deciphered 1 of the routes from uvtool to pure commands :D Python looks so much more cleaner and idk if bash can even properly generate the config/yaml files so nicely. At least the deciphered way covers my personal use case for ubuntu images. Now to pack it into some sort of sh file to cover those tedious converter + yaml generation steps
<Deihmos> so when i install it is already up to date
<tomreyn> Deihmos: the installer, or the installed system?
<Deihmos> installed system
<tomreyn> Deihmos: if i recall correctly both 18.04 LTS server installers take care of this
<tomreyn> Deihmos: have you tried and found it not to be so?
<Deihmos> no I just did an install and it had 60 updates
<Deihmos> installed 18.04 lts server
<tomreyn> using which installer?
<Deihmos> the standard installer
<tomreyn> 18.04.3 live-server?
<Deihmos> yes
<Deihmos> https://ubuntu.com/download/server
<Deihmos> i think i need to use the mini iso to get a network install. problem is the mini is a little different from the server version
<pragmaticenigma> Deihmos: Different in what way?
<Deihmos> for one it has a splash screen when you boot it. I have to manually disable that stuff
<ackk> lordievader, oh ok, so I have to remove the bridge manually. I thought netplan would do it, as the doc mentions at some point that interfaces that get removed from the config are unconfigured
<tomreyn> Deihmos: how many systems are you installing?
<Deihmos> 3. I will just use the live-server. no big deal
<lordievader> Deihmos, tomreyn: There is an update tickbox in the installer right? Given you have an internet connection.
<Deihmos> didn't see that tickbox
<lordievader> ackk: Well, I suppose it could do it. But like I said, I've never used netplan, so I don't know if it actually will.
<Teikoman_fi> well if it's normal server installer it does go through DHCP setup parts etc visually even when configuring the server and if it fails, it asks you if you want to manually set it up(bumped into this like yesterday at least).
<tomreyn> lordievader: it's been a while that i used the server installer, i don't want to make any false statements.
<lordievader> Hrmm, same here.
<tomreyn> last but one time i tried you could live-update the installer itself, i.e. snap refresh subiquity, and benefit from its new features and bug fixes. but last time i tried this was subiquity was longer hosted on snapcraft.io so this was no longer possible.
<tomreyn> i think there are nightlies or weeklies now, though, at least for 20.04, maybe 18.04, too.
<tomreyn> so things are in flux, as is more or less confirmed by https://discourse.ubuntu.com/t/server-installer-plans-for-20-04-lts/13631
<tomreyn> hmm there is http://cdimage.ubuntu.com/ubuntu-server/daily-live/current/ but while the directory name suggests "daily" the amd64 one was last built on january 7.
<powersj> tomreyn, those are blocked by tests if you go up a directory you will see there is a pending directory with the ISO from today
<powersj> I know paride is looking into the tests now to see what has prevented the latest from getting promoted
<paride> -> true
<weedmic> can a browser cause a system freeze that ctrl+alt+f3 won't even work?  and if yes, can it also cause a reboot? and if yes, how do I fix it?
<tomreyn> powersj: thanks. so the assumption is those can be ok, aynd in contrary to what i was told previously (https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1803338/comments/11) live images can generally be used for testing again (at least after they passed tests)?
<ubottu> Launchpad bug 1803338 in subiquity (Ubuntu) ""proposed" is enabled by default on bionic server-live amd64 daily images" [Critical,Invalid]
<pragmaticenigma> weedmic: something like that is possible... and when I've encountered it, it's because a web site was using malicious code (e.g. Digital Currency Miner)
<tomreyn> weedmic: web browser (i assume) related questions are better placed in #ubuntu, i'd say.
<powersj> tomreyn, they are ok, in that they passed a smoke test and are ok for development work; not for production
<tomreyn> sure, not for production
<weedmic> ok, so far the only reboots on the server were while either FF or Chrome were running.  but I do not think malicious sites were accessed, but can check.  just wanted to know if it is possible.
<weedmic> is there a command to see what voltage is actually reaching each cpu/core/thread?  something like htop, but for votage?
<paride> tomreyn, powersj, but note that the failed test that prevented the current image promotion in the last days *is the smoke test*, so the latest "current" images is not to be considered ok for anything for the moment
<tomreyn> weedmic: maybe the bios canhint on it. other than that there may be proprietary system management hardware providing this infomation, but this is hardware specific.
<paride> sorry, I mean the latest "pending" images
<tomreyn> paride: thanks for the warning, i've actually settled for testing the latest which passed the test
<weedmic> not part of inxi - re read man page
<weedmic> q - rebooting to check cmos tests
<pragmaticenigma> dang it... they left just as I found the answer... lm-sensors can read CPU temp, voltage, and fan speeds
<lordievader> _weedmic: An out-of-memory situation where the machine starts swapping like crazy may also seem like switching tty's is unresponsive. Perhaps your browser was eating all the ram?
<pragmaticenigma> lordievader: I think they're offline still
<weedmic> this was useful - watch -n 2 sensors
<lordievader> _weedmic: Powertop might be able to give some details too as to where the power is going.
<pragmaticenigma> weedmic: also, lm-sensors can also view voltages: https://www.cyberciti.biz/faq/how-to-check-cpu-temperature-on-ubuntu-linux/
<lordievader> lm-sensors == sensors ;)
<pragmaticenigma> yeah... strange that you don't install "sensors" to get it though
<lordievader> Well, the package provides more binaries than just sensors.
<tomreyn> hmm, got a nice grub shell after installation. :-/
<lordievader> Better than "medium not found"
<lordievader> ;)
<tomreyn> yes, grub installed fine (or maybe it's the one that was already there)
<tomreyn> lvm is missing
<tomreyn> actually not.
<lordievader> Your version of grub is able to boot to lvm directly?
<tomreyn> yes it should be,
<pragmaticenigma> !coc
<ubottu> The Ubuntu Code of Conduct is the document that spells out etiquette in the Ubuntu community | http://www.ubuntu.com/project/about-ubuntu/conduct | For information on how to electronically sign the CoC, see https://help.ubuntu.com/community/SigningCodeofConduct | Watch http://static.screencasts.ubuntu.com/videos/2010/12/22/004-SigningCoC.ogv
<pragmaticenigma> sorry folks... wrong tab
<distek> Hey all! I'm having an issue with my Ubuntu Server. I'm currently running it in a VM as my Nextcloud instance. It's running quite well for the most part! My issue is that it seems to just stop allowing connections randomly. Any means of accessing it, whether it be via LAN or WAN fails. It appears I can fix it by just resetting the interface from within the VM (ip link set [dev] [down/up]). This is
<distek> less than ideal, of course, so I was wondering if anyone has an idea on how to track down the root cause?
<tomreyn> distek: is there anything about it on the logs?
<tomreyn> which virtualization are you using, how is traffice passed into and out of the VM?
<tomreyn> i think i identified the problem with the server installation. i had edited the archive mirror the server installer had chosen, changing http to https, which none or not all of the servers this hostname resolves to actually support.
<tomreyn> the installer accepted this change, there was no warning or error about it, the installation was considered successful.
<distek> Not that I can see. I'm a bit confused as to what's controlling the network to begin with. NM doesn't appear to be present, so no luck there. Didn't see anything in particular in journalctl or dmesg. The interface appears to be able to reach out, just nothing routes back to it(when it starts this non-sense).
<distek> I'm using libvirt/qemu
<distek> More info: Interface is using macvtap(private). I'm not concerned with the host being able to directly communicate with the guest. Just the rest of the LAN
<tomreyn> distek: inspect interface statistics in the VM and on the host. next time it occurs, ping out of the vm and into it by ip address and watch the traffic ((tcpdump) and compare it to when you do this while the traffic flows fine.
<tomreyn> see if you can still use some but not other protocols when it happnes, i.e. icmp vs udp vs tcp.
<distek> I'll give it a try! Thanks tomreyn!
<ahasenack>   scan: scrub repaired 0B in 0 days 03:43:10 with 0 errors on Mon Jan 20 15:54:18 2020
<ahasenack> always good news
<tomreyn> bug 1860352
<ubottu> bug 1860352 in subiquity (Ubuntu) "User supplied mirror server not verified, no errors reported" [Undecided,New] https://launchpad.net/bugs/1860352
<strangezak> Hey guys im a little lost here, so my system is having a CPU lockup when server goes down and i walk over the monitor connected to the server and its flooded with CPU #1 stuck for 22 seconds [(networkd):6019]. So i restart the box and enable verbose logging for systemd-network and im getting this log every minute or so https://pastebin.com/DVXywEme 192.168.0.27 isn't even a valid ip on this network. I checked what is running under the source port
<strangezak> and it says dnsmaq, but dnsmasq isn't even installed on this system when i sudo apt-get remove dnsmasq it says dnsmasq is not installed. Any ideas on how i can investigate this further
<rafaeldtinoco> strangezak: several other services use dnsmasq for "internal dhcp/dns" stuff (lxd, libvirt).
<rafaeldtinoco> it seems you're getting a soft lockup (20 sec) in systemd-networkd
<rafaeldtinoco> better path here is to open a bug over systemd in launchpad.net and inform ubuntu version, kernel version, and probably attach more logs to the bug
<rafaeldtinoco> https://bugs.launchpad.net/ubuntu/+source/systemd/+filebug
<rafaeldtinoco> to help you out ^
<Wally> I'm getting the "oh no something's wrong" when a new AD user has logged into my Ubuntu machine. The logs seem to indicate " Check that logind is properly installed and pam_systemd is getting used at login.
<Wally> Pretty sure that's all setup properly..
<Wally> It works on second login though which is even odder.
<Wally> I assume likewise-open is unmaintained
<pragmaticenigma> Wally: secong login attept, or different user?
<Wally> second logiun attempt
<pragmaticenigma> Wally: sounds like something just took longer than expected to perform the authentication
#ubuntu-server 2020-01-21
<Wally> yeah probably.
<pragmaticenigma> well hopefully that's all it is. workarounds are nice
<Wally> they sure are.
<Wally> Gotta shove this into a build script too
<samba35> i am trying to setup firewall on kvm using openvswitch or linux bridge (which will be best ? in this case ) presetnly setup with linux bridge
<samba35> installed firewall also but i have now idea how to pass nic  from host to guest (firewall) and configure nic
<lordievader> Good morning
<lordievader> samba35: Are you trying to setup a firewall VM or a firewall for VMs?
<nanthencodeneeth> I have a domain https://panimooladevitemple.org/ and i have email officepanimooladevi@keralatemples.us .I could not sent mail from gmail to this mail. iI cannot alsp sent mail from roundcube plugin of cpanel of this mail to gmail.What changes should i make in the cpanel. to enable mail service.please help me
<teward> i assume you have error output from both attempts?
<nanthencodeneeth> yes ...Error IconAddress not foundYour message wasn't delivered to office@panimooladeviemple.org because the domain panimooladeviemple.org couldn't be found. Check for typos or unnecessary spaces and try again.The response was:DNS Error: 2088022 DNS type 'mx' lookup of panimooladeviemple.org responded with code NXDOMAIN Domain name not found:
<nanthencodeneeth> panimooladeviemple.org
<teward> you need to set up MX records in DNS for your domain.
<nanthencodeneeth> can you tell me how to do that..  or point me to some article on how to do that in cpanel
<teward> wherever you specified your DNS records, you need to set an A record to your roundcube address/domain, and an MX record in your @keralatemples.us pointing to it.  Not sure how to do it in cpanel sorry
<nanthencodeneeth> will it be a problem if keralatemples.us is expired
<teward> yes
<nanthencodeneeth> our company had that domain earlier now it seems to be expired
<teward> if the domain is expired you can't set DNS for it
<teward> you need the domain to be active.
<nanthencodeneeth> can i create a mail for panimooladeviemple.org . If so can please help me on how to do that
<ducasse> nanthencodeneeth: not trying to be rude, but if you're going to administer email for a domain you should know these things.
<Ussat> ^^
<Ussat> also, if your company let a domain exopire, I kinda question that
<Ussat> also I wojuld NORT use cpanel for this
<Ussat> NOT
<ducasse> nanthencodeneeth: nor is this an ubuntu question. you could try ##networking, maybe they can point you to some resources to read
<nanthencodeneeth> thanks ducasse
<ducasse> but really, admining email safely requires you to know what you're doing. this means you need to do a lot of reading.
<nanthencodeneeth> https://stackoverflow.com/questions/59848844/how-to-create-a-new-mail-using-cpanel
<tomreyn> Is there also "How to do the dishes using Cpanel"?
<nanthencodeneeth> tomreyn quite funny
<tomreyn> more or less, but please note this channel is really just for when you run the "ubuntu server" operatgin system and have questions regarding it, which rules out cpanel.
<oerheks> interesting.. site uses gmail ...
<oerheks> https://panimooladevitemple.org/contact.php
<oerheks> yes ...Error IconAddress not foundYour message wasn't delivered to office@panimooladeviemple.org ...typo?
<gp> having a little trouble getting going with a simple microk8 demo on bionic. is there anything other than microk8s.enable dns dashboard registry ingress i should be doing to get a working registry? how can i determine it is actually running?
<gp> getting timeouts when i attempt to push an image
<gp> is there any documentation that shows install with pinned versions? trying to figure out version compat and learn how it all goes together at the same time is tough
#ubuntu-server 2020-01-22
<urgodfather> hello, im banging my head in on configuring a remote dedicated server new nic. i only have kvm access and maint. mode will not work. i can confirm that there is in fact a netplan yaml but i cannot for the life of me get it to initialize on boot. it was incorrect, so i have updated with the correct info using bash from the kernel. would anyone be
<urgodfather> willing help me nudge this along?
<compdoc> this looks interesting:  http://www.yamllint.com/
<compdoc> has the interface name changed?
<urgodfather> yes
<urgodfather> i think (?)
<urgodfather> lol
<urgodfather> not to mention its a german keyboard in kvm
<sarnold> warum sie haben es kaputtmachen?
<compdoc> maybe:  sudo netplan try
<urgodfather> from kernel?
<Wally> I'm looking at the logs for Ubuntu, whenever I attempt to login with an AD user it spits out "Jan 22 13:28:45 ubuntu systemd-resolved[539]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP." I'm pretty sure this is why tis not working, any ideas would be appreciated
<Wally> Pretty sure it's a DNS issue -_-
<sarnold> Wally: this discussion may help you understand it better https://github.com/systemd/systemd/pull/8608
<Wally> ah
<zxvff> Hi all. I am having a difficult time migrating a server to a new ubuntu instance. it's an ubuntu server but apache2 is running from /etc/apache-sp. How do I update my systemd script to use the /etc/apache-sp locatio instead of /etc/apache2?
<zxvff> I can't find the location of the init script that runs the command to start apache
<lordievader> Good morning
<lordievader> zxvff: You want an systemd override (systemctl edit apache2.service), else your edit will be overwritten on the next update. That said, why not migrate your apache-sp to /etc/apache2?
<samba35> i have setup basic bridge with ovs-vsctl add br and ovs-vsctl add-port to my nic
<samba35> and i have guest on kvm ,now how do i assing ip address to guest from host
<lordievader> DHCP?
<samba35> yes try but its now working
<samba35> or i am doing some thing wrong
<lordievader> Firewall dropping the requests/answers?
<samba35> no firewall no appliation firewall
<lordievader> Start tcpdumping then
<samba35> ok
<samba35> sorry but i have very little or equal to no idea on how to read output
<lordievader> What you are looking for is if the server sees the dhcp request (and answers it), and on the client to see if the answer is being received.
<samba35> ok
<samba35> let me give try
<samba35> will also refresh packages
<samba35> brb
<weedmic> If anyone needs to know how to manipulate both icon size and precise placement of icons in plasma5 kde, let me know.  I have it all figured out now.
<lotuspsychje> weedmic: hows that related to ubuntu server please?
<weedmic> some use de = plasma
<lotuspsychje> but its not a server specific question
<lotuspsychje> weedmic: could try #plasma ?
<lordievader> More suited for #kubuntu
<coreycb> sahid: re: networkx ussuri backport, yes it seems more and more packages are needing 2.x. I've been trying to patch packages back to 1.x in ca-patches but it's getting more likely that we need to backport networkx
<coreycb> sahid: I started trying to but it gets very involved
<bipul> I'm looking for a help regarding X forwarding on ssh inside Ubuntu server.
<sahid> coreycb: i was considering doing a revert of dc6495cfa1c8e1dc95bad554a55f0b4e8e360abe
<coreycb> sahid: in taskflow?
<sahid> yes
<sahid> i mean condiring prepare a patch for ca-patches that to revert it
<coreycb> sahid: let's do that for now and carry it in ca-patches
<coreycb> sahid: horizon's uploaded, thank you
<sahid> coreycb: ack
<coreycb> sahid: looks like we'll also need a ca-patch to six.patch to s/python2/python in d/control
<jayjo> is it possible to set up EITHER a yubikey or Google Authenticator two-factor auth for ssh on ubuntu, but not both?
<jayjo> Similar to how on google (for example) you can register multiple second factors in case one becomes unavailable, but you don't have to use each of them on each login
<pragmaticenigma> jayjo: This thread seems to be close to achieving what you're looking for... it might start you down the right path? https://serverfault.com/a/222655
<pragmaticenigma> I haven't heard of the ability to choose one or the other on login... you'd have to have some way to prompt the user which they're choosing
<lordcirth_> jayjo, I'm pretty sure in PAM you could set it to prompt for both, but only require one to pass. That's pretty clunky though.
<pragmaticenigma> lordcirth_: How would PAM be able to identify which one is being used though?
<lordcirth_> pragmaticenigma, it prompts for one, and then the other, and in one you just press enter and submit emptystring
<lordcirth_> And it ORs then
<pragmaticenigma> ah, simple solution :-)
<lordcirth_> Very kludgy
<pragmaticenigma> At the moment, I haven't seen anything better. Except to ask users on setup which they prefer and setup the user to only use that option
<lordcirth_> It *might* be possible to present one text prompt, and run it past both methods
<lordcirth_> For example, Yubikey auth works if you type your password, then your yubikey, or yubikey -> newline -> password
<jayjo> If I were to allow users to decide which one they prefer, would there be any way to bypass the 'preferred' one if it became misplaced?
<jayjo> Thanks for the resources, definitely on the right track
<pragmaticenigma> I'm sure anything is possible
<jayjo> I found this feature just searching through ubuntu docs: https://help.ubuntu.com/community/SSO/FAQs/2FA
<jayjo> is this for ubuntu in general or just for login.ubuntu.com ? It does mention "You can add multiple 2fa devices to your account; the system will auto-detect which one you use at each login. We recommend having at least two devices associated with your account so you will have a backup in case the main device fails or locks you out. It's also required to have a "printable backup codes" device in case
<jayjo> all your electronic devices become unavailable.
<sarnold> jayjo: all the services that use the canonical-supplied 2fa mechanism (which isn't entirely the same as all canonical services that have logins, I think I've seen third-party projects integrating with the login.ubuntu.com single-signon before..)
<teward> jayjo: anything that uses login.u.c and its SSO system is bound to that
<teward> some third party services utilize it as well, but that ONLY applies to login.u.c and the SSO system that goes with it
<teward> those statements don't apply to other SSO systems/providers which don't integrate with Canonical's SSO.
#ubuntu-server 2020-01-23
<Wally> I'm trying to parse the busybox command "dhclient" into the grub boot script to load a preseed url
<Wally> how would I do taht?
<sarnold> what problem are you trying to solve? I have to wonder if using a preexisting thing like cloud-init or maas would be an easier starting point
<Wally> cloud-init might be what I need
<Wally> I'm trying ot enable dhcp support so wget will work
<Wally> Not sure cloud-init is what i'm  after as i'm putting the regular ubuntu base on a desktop to bind to AD etc
<azidhaka> Hi, bind() to 0.0.0.0:443 failed (98: Address already in use) but netstat and lsof do not have any process listening on 443
<azidhaka> fuser -k 443/tcp also doesn't help
<jayjo> found this question dealing with how to use https://serverfault.com/q/964680 as a follow up from earlier for having multiple 2fa methods while one serves primarily as a backup
<azidhaka> connection to 443 is refused
<lordievader> Good morning
<azidhaka> for the bind problem above, there were two listen directives in the nginx config, one with ssl and one without, thats why it couldn't bind
<samba35> i am trying to shift from linux bridge to openvswitch
<samba35> my linux bridge config is like this to implement same on openvswitch what i will be right way
<samba35> https://pastebin.com/JJ1VFpUC
<coreycb> sahid: the  taskflow patch is against 3.8.0 but I'm only seeing 3.7.1 in focal
<coreycb> so it's not applying. changes are minor I think but just wanted to check on 3.8.0.
<sahid> coreycb: hum...
<coreycb> sahid: oh I see. 3.8.0 is in our git repo but not released.
<coreycb> sahid: I'll revisit 3.8.0 and apply your patch if all looks good
<sahid> ok thank you coreycb, let me know then if i need to work on it for 3.7.1
<coreycb> sahid: your patch applies fine on 3.8.0, and I think the blocker for uploading last time was actually the networkx issue
<coreycb> sahid: that's applied and pushed now. the next backport should fix it. thanks again for the patch.
<sahid> ack perfect thanks
<Wally> Anyone here had any success getting a kickstart / debian-preseed working via network?
#ubuntu-server 2020-01-24
<lordievader> Good morning
<frickler> Wally: for 18.04 you need to use the alternative netboot image, that works fine for me. sadly for 20.04 that will no longer be available, will need to revamp our installation environment
<frickler> coreycb: jamespage: will focal really have py3.8 as default? currently I'm still seeing py3.7. c.f. https://governance.openstack.org/tc/reference/runtimes/victoria.html
<coreycb> frickler: that's the plan, yes. victoria upstream will officially support 3.8 but ussuri upstream won't.
<frickler> coreycb: I'm talking about current focal cloud image, it still says that py3.7 is the default python3
<coreycb> frickler: doko is working on the transition to 3.8 for focal. it will likely be very soon.
<frickler> coreycb: ah, o.k., thx
<coreycb> frickler: if you want to give a review of https://review.opendev.org/#/c/693401/ it might help giveit a nudge so we can at least get some unit test coverage upstream
<GreyXor> Hi everyone, there is no landscape for ubuntu server 19.10 ?
<tomreyn> GreyXor: did you check for a snap?
<GreyXor> tomreyn, i just follow official documentation
<GreyXor> https://landscape.canonical.com/set-up-on-prem
<Ussat> why would you use landscape on 19.10 , a non lts version ?
<GreyXor> Ussat, who said landscape it's only for lts version ?
<frickler> coreycb: done, will ping other reviewers, too
<Ussat> I never said it was only for lts
<coreycb> frickler: thanks
<Ussat> I asked why you would on a non lts version
<GreyXor> because i don't have a lts version
<Ussat> Install one ?
<GreyXor> Ussat, why ? i already have 19.10 and it's working well, i don't want to reinstall all server for landscape
<Ussat> ...
<Ussat> ok
<GreyXor> so, initial question :) there is no landscape for ubuntu server 19.10 ?
<GreyXor> Ussat, I don't understand why you want to redirect me to a lts...
<Ussat> because, landscape is generally used in an enterprise, which generally, has os's that have a loonger lifetime than a non lts.
<Ussat> but do what you want
<Ussat> a non LTS will stop getting updates/security fixes LONG before a non-lts
<Ussat> long before a LTS I mean
<tomreyn> GreyXor: the set-up-on-prem page refers to this PPA: https://launchpad.net/~landscape/+archive/ubuntu/19.10 - 19.10 here refers to a Landscape release version, not an Ubuntu version. See the Ubuntu releases it is available for below under "Published in".
<GreyXor> Ussat, that your opinion, i don't admit "generally" word. i know why LTS can be better for enterprise. i told you i have 19.10 and you try to redirect me to 18.04.. my first question is simple. there is no landscape for 19.10 ? but i see it's a coimplicated question
<GreyXor> tomreyn, ahh thanks :)
<Ussat> do what you want......its generally not an opinion that enterprises are better off with more stable things, but ok
<tomreyn> so the simple answer is, there is no landscape 19.10 for ubuntu 19.10 from this PPA
<GreyXor> easy
#ubuntu-server 2020-01-26
<samba35> after create openvswitch with ovs-vsctl how to same the switch permanetly ,so after reboot dont have to create switch again
<weedmic> Am I correct that gnutls28 has nothing to do with ssh (and cannot affect it)?
<andol> Assuming that we are talking OpenSSH, no. Might possibly exists other ssh implimentation which relies on gnutls.
<weedmic> thought so, ty
<d43mon> u
<d43mon> sry, wrong chat
