#ubuntu-server 2006-07-10
<screeb> Hi :)
<screeb> mdz: does TaskSel provide any configuration UI?
<screeb> It seams to be limited to an advanced package selector
<screeb> (about your post on http://ubuntuforums.org/showthread.php?t=191858&page=9 )
<thefish_> re
<thefish> anyone know what management solutions exist for a full ubuntu shop? Something like Zenworks?
<thefish> sorry to repeat, lost connection :)
* spike is working on one
<spike> thefish: in short, no, there are bits and pieces that you can use, but nothing accessible through a single interface and correlated
<thefish> spike: thanks, im interested in your project... what does it do? what are you making it with? etc?
<spike> there are various things like ebox,cfengine/puppet,FAI)pfai)/systemimager one can use
<spike> to install/deploy/monitor boxes (for the monitor part see ganglia,nagios,catci,munin)
<spike> thefish: it does (will) for zenworks/RHN/HP Openview do
<thefish> nice
<thefish> what are you building it with?
<spike> thefish: atm I'm focusing on box deployment (config and patches included) + monitoring (resources and so on)
<thefish> farinuff
<thefish> what are you doing the monitoring with?
<spike> I'm not really iterested in service config panels as I can use an editor and then the real important part is distribution and versioning
<spike> ie, cvs centralized repo + distribution policies done via cfengine/puppet
<spike> thefish: well, I'm trying to not reinvent the wheel, even if ppl keep saying it'll be a mess... but hey, it's my time :)
<thefish> true
<thefish> ive been using zabbix for monitoring, its sweet
<thefish> not as many plugins as nagios, but still very cool
<spike> yep, I use that too
<thefish> :)
<spike> mon is nice too
<spike> monit*
<spike> easier than nagios for small installation, and work on the host so can do things like restarting ssh daemons and the like
<spike> stuff that if it depends on connectivity (see nagios) it cant be done
<thefish_> k
<thefish_> what about updates etc?
<spike> local repo where packages get updated from a golden server + script that dump answers and set them on clients before they install the new pkg, so it can be done unattendedly
<thefish> kay
<spike> I also wanted a Xen instance related to the panel so I could automagically do patch/upgrade testing there
<thefish> ye nice plan
<spike> anyway, gotta work, later
<mdz> screeb: I'm not sure what you mean by a configuration UI.  it's an interface for installing sets of packages, and the sets are determined by the package database
<trrr> i need help setting up a server
<trrr> how do i chroot a user to their home dir when they login via ftp
<ivoks> trrr: use vsftpd
<ivoks> trrr: there is config option just for that
<whaq> trrr, what kind of server
<trrr> i cant do it with proftpd?
<ivoks> trrr: i guess you can
<ivoks> trrr: at least trough PAM
<trrr> meh i think i got it
<trrr> yeah
<trrr> >.> "DefaultRoot ~"
<redondos> Hello
<redondos> I was wondering how I can change the default locale system-wide.
<spike> I was wondering, how is that a server question?
<spike> redondos: dpkg-reconfigure locales
<redondos> That never prompts me for the default locale.
<spike> redondos: and I'll answer my own question too, it's not
<redondos> http://pastebin.ca/84287
<spike> redondos: you should use #ubuntu for such questions
<spike> not -server
<redondos> Oh, I just didn't want a "click here, point there" type of answer.
<redondos> Ok, here comes a server question: can you recommend me web a administration package such as cpanel?
<spike> redondos: ISPconfig, ebox, GPLhost
<redondos> Thanks.
<redondos> Which one do you prefer?
<redondos> I'll probably test them all, but just wanting opinions.
<spike> bah, hard to tell, there are reasons to like some and reasons to like others, it depends what you need... prob I'd pick up ISPconfig
<spike> redondos: something else you could have googled out: http://wiki.debian.org/HostingControlPanels
<spike> that's a comprehensive list, most complete available afaik
<redondos> k, thanks.
<Forth> hi
<redondos> Hello.
<Forth> I'm trying to install a vserver kernel, so I have apt-get linux-kernel-source et kernel-vserver-patch on dapper, then used make-kpkg --added_patch=vserver , but vserver patch produce several rejects
#ubuntu-server 2006-07-11
<porkpie> Hi ...I have tried to install ubuntu server on 2 compaq dl360's so far and they have both failed when detecting cdrom.  Can anyone advise please
<toggles> anyone know why `apt-get install mon` fails when it's listed here http://packages.ubuntu.com/dapper/admin/mon
<toggles> ahhh, it's ~x86, i see..
<J_P> hi all
<studprog> Hi ... i don't know if this is the right channel - but a request in #ubuntu came out silent.... I'm looking for some help about preseeding an Ubuntu Dapper installation ...
<studprog> anybody here gurus in debian-installer preseeding syntax
<lionelp> Hi studprog
<studprog> hi ;-)
<lionelp> never tried myself, but there was a good article on the subject here : http://www.debian-administration.org/articles/394
<studprog> lionelp: yep ... i have noticed it -- but debconf-get-selections --installer came out with the following err :debconf: DbDriver "di_questions": could not open /var/log/installer/cdebconf/questions.dat
<lionelp> studprog: you should sudo debconf-...
<studprog> and just running debconf-get-selections just posts all components set with "select"  as option ...
<studprog> lionelp: i did
<lionelp> strange, it works here...
<studprog> the folder /var/log/installer/cdebconf does not exsist ---i think it is removed by the installer afterwards (there was a security issue previously about the fact that the root password was readable in the questions file after installation))
<studprog> lionelp: you run dapper ? - or have you upgraded from e.g. breezy
<lionelp> dapper
<lionelp> I can check on an upgraded breezy
<studprog> ok ...thats odd ... i'm running a newly installed dapper - and there is no cdebconf dir ... only 3 files - partman, syslog and version
<lionelp> It also works on an upgraded breezy
<lionelp> hum... you are right !
<lionelp> (it was not a stable dapper when it was installed on my desktop)
<studprog> ahh...
<studprog> so all i have from the installer files is logging by something called Ubiquity
* lionelp stupid
<studprog> anyways ... what i really would like was to have some command in the preseed file that would let me know that the file actually was read..
<lionelp> studprog: with Ubiquity, be do not run Debian Installer
<lionelp> so...
<lionelp> :)
<studprog> ??
<lionelp> Ubiquity is not debian installer
<lionelp> If you want to have preseed from debian installer, i think you should install with the alternate cd (which installs with Debian Installer)
<studprog> ahh ... i though Ubiquity was some sort of logger .... so it's an installer ?? .... all pages i've seen state that ubuntu either uses debian-installer syntax or something called Kickstart...
<lionelp> yes, it is the new graphical installer run from the desktop-cd
<studprog> ok -- but i'm installing via PXE -- and i get the text-based installer ... is that d-i or does ubi* also have a textmode ?
<lionelp> d-i
<lionelp> ubi is graphical
<studprog> ok -- so i should focus on finding the right commands for d-i
<lionelp> I am not sure I understand what you mean
<studprog> sorry for the delay - a coworker had some questions
<studprog> lionelp: well -- i'll go browse the web for some example preseed files (using the d-i syntax) then
<screeb> hi !
<screeb> I don't have lot of feadback on the idea of packaging e-smith for ubuntu (a web based server managment interface)
<screeb> is there anyone interested in this project here? :)
<lionelp> Hi screeb
<studprog> hmm ... now it seems that i got past the language selection -- but i've also noticed that my preseed file isn't read ... i use the following parameter to invoke the preseed : preseed/url=http://installserver/preseed -- but from the accesslogs i can see that it's never read during install ;-//
<lionelp> e-mith is a Linux distribution, I do not understand your will to package. package what ?
<lionelp> I may be missing something :)
<screeb> I want to package all administration tools of this distribution and adapt to ubuntu
<lionelp> screeb: e-smith is now called SME Server by the way :)
<screeb> yes
<screeb> dont have much time now
<screeb> by!
<sharms> anyone here know someone who runs security.ubuntu.com that can let them know http is down?
<porkpie> Hi ...I have tried to install ubuntu server on 2 compaq dl360's so far and they have both failed when detecting cdrom.  Can anyone advise please
<ivoks> hm
<porkpie> ivoks:it a bit of a strange problem
<ivoks> g3?
<porkpie> let me check
<porkpie> ivoks:dam I can't tell
<ivoks> ok, no prob
<ivoks> so, it boots instalation and then doesn't detect CD?
<ivoks> cdrom
<porkpie> yeah
<ivoks> that's SCSI or ATAPI cdrom?
<porkpie> scsi
<ivoks> ad, i see
<ivoks> sec
<porkpie> ok
<ivoks> support for scsi cdrom is inside module
<ivoks> try modprobing sd_mod after boot
<ivoks> ctrl+alt+f2
<ivoks> modprobe sd_mod
<porkpie> OK ..I will try it now
<ivoks> can you do it while on IRC?
<porkpie> yeah
<ivoks> great
<porkpie> ivoks:whats the best version of ubuntu to use ?
<ivoks> 6.06
<porkpie> where can I download it from
<ivoks> ubuntu.com/download
<porkpie> ivoks:is it the alternate iso
<ivoks> it's ubuntu-server iso
<ivoks> what processor is that?
<ivoks> xeon with em64t?
<porkpie> ivoksPIII
<ivoks> then http://releases.ubuntu.com/6.06/ubuntu-6.06-server-i386.iso
<porkpie> OK ...I have that one ...I am just burning a new copy
<ivoks> why/
<porkpie> ivoks:because I have scratched the other copy
<porkpie> nearly done
<porkpie> Hi Ries
<Ries> never knew there was this channel!!! ppl on #ubuntu didn't tell!!!!
<Ries> hey porkpie
<porkpie> ivoks:Ries is a big fan of ubuntu
<ivoks> ok, but this isn't support channel
<porkpie> I know
<Ries> ivoks: well... on #ubuntu there are 800 ppl.... 750 are lurking.... and from teh 50 ppl about 1% answers questions about server :)
<Ries> I prefere to make this a real ubuntu-server channel :) I had a question yesterday about software raid1, LVM and XFS.... noone could answer :S
<Ries> however it works now
<porkpie> ivoks:just booting into ubuntu now .....after the kernel has uncompressed....I use ctrl+alt+f2 ?
<ivoks> just follow instalation and when it fails, then ctrl+alt+f2
<porkpie> ivoks:Hmm! tried the modprobe from the console but it just return to a #prompt
<ivoks> that's ok
<ivoks> now run dmesg
<ivoks> and check if it detected CDROM
<porkpie> Driver 'sd' needs updating - please use bus_type methods
<ivoks> run lspci
<ivoks> and report what SCSI controller you have
<porkpie> Hmm! strange no SCSI controller
<ivoks> take a better look
<ivoks> it wouldn't boot from SCSI cdrom if there's no SCSI controller :)
<porkpie> RAID bus controller: LSI Logic / Symbios Logic 53C1510 (rev 02)
<nihilocrat> 'lshw | less' might also help
<nihilocrat> I find it handy for figuring out what's on my system
<ivoks> symbios logic...
<ivoks> ok
<porkpie> nihilocrat:lshw doesn't work
<nihilocrat> Ries: is XFS worth checking out for a LAMP server?
<nihilocrat> 'doesn't work' as in it doesn't exist or as in it doesn't tell you anything about the cdrom?
<Ries> nihilocrat: I didn't select LAMP from the installation menu...
<ivoks> porkpie: try modprobe sym53c8xx
<nihilocrat> I didn't either, i'm just saying
<ivoks> porkpie: and sym53c416
<nihilocrat> A server whose purpose is a LAMP setup
<Ries> nihilocrat: I basicly did the partitioning myself for both drives... setup RAID1 on the drives... on one pertition I used EXT3, on teh other LVM and XFS... but it worked from the installer
<Ries> nihilocrat: this is going to be a webserver... postgresql, apache, mysql, and that sort of tools..
<nihilocrat> exactly
<nihilocrat> oh, wait a sec, I think I might have gotten acronyms mixed up
<nihilocrat> Yeah, I did, I thought you were talking about ZFS
<nihilocrat> Sun's newfangled fs
<porkpie> ivoks:I have a flashing cursor at the monent
<ivoks> porkpie: how about now?
<porkpie> No still flashing
<ivoks> that means you are back in comandline or it's working?
<Ries> nihilocrat: nope... I never heard of ZFS even :)
<nihilocrat> ah
<nihilocrat> It's relatively(?) new, and is supposed to be a 'next generation' FS
<nihilocrat> Which has an extra layer of abstraction from the hardware which is supposed to make it a lot easier for people (particularly sysadmins) to manage
<nihilocrat> I forget the details, I read about it two weeks or so ago
<ivoks> gtg
<porkpie> ivoks:I had to ctrl+c to get back to #
<ivoks> bye all
<ivoks> porkpie: check with dmesg what happend
<ivoks> i got to go now
<nihilocrat> bye
<Ries> nihilocrat: Ahhh nice.... I need XFS because it suppose to handle large files better then raiser or ext3....
<nihilocrat> I am slowly doing research in more 'enterprise'-oriented server stuff as I'm being handed higher-traffic and higher-uptime services
<Ries> nihilocrat: I was doing to same.... hence I picked LVM and XFS
<A-Kaser> "higher traffic" aq ?
<A-Kaser> as ?
<nihilocrat> Well
<Ries> currently in a default situation XFS outperforms EXT3 at ease..... 60MB/S for a disk to disk copy.... while EXT3 does about 30-40MB/sec
<Ries> LVM can scale nice..... but I never really did work with it on a live server
<nihilocrat> We want to move our webserver from Windows Server 2003 to Linux, and we're also running Moodle which is going to go into production in the fall
<nihilocrat> Both of these boxes are VMs on a VMWare machine
<nihilocrat> I'm the "go to" linux guy after the former "go to" linux guy went off to do higher-paying things
<Ries> Ooo.. I am looking into XEN, http://www.cl.cam.ac.uk/Research/SRG/netos/xen/
<Ries> for some of my customer needs....
<nihilocrat> I want to use one of the old servers to run Xen and play around with it
<nihilocrat> Then maybe put low-traffic stuff on it
<Ries> and customers that need ssh......
<nihilocrat> As well as a Free/Open/NetBSD install to see what it's like :P
<Ries> for freebsd stuff then porkpie knows about it....
<nihilocrat> really
<nihilocrat> that's cool
<Ries> yes.... he runs a couple of freebsd servers....
<nihilocrat> I think one of the cooler parts of virtualization is that it lets you run testing servers without requiring more hardware
<Ries> that is true
<nihilocrat> It makes configuration very modular, so you get the advantages of pizzaboxing without all the waste
<A-Kaser> and you can move virtual server from one server to another one
<A-Kaser> juste by scp
<A-Kaser> so if one of the virtual server become too big
<A-Kaser> it's easy to migrate it
<Ries> A-Kaser: do you have experiances with xen?
<A-Kaser> very few
<A-Kaser> more with vserver
* Ries is looking up vserver.....
<A-Kaser> :)
<Ries> A-Kaser: this one, right? http://linux-vserver.org/
<A-Kaser> yes
<Ries> I think I have something to play with.... A-Kaser since you know the two .... what would you currently recommend xen or vserver?
<A-Kaser> Xen have more features
<A-Kaser> and the network layer is more dedicated to the slave server
<A-Kaser> but vserver is very light
<A-Kaser> so I think it's not vserver vs xen but do you need SSH access or dedicated network layer
<Ries> I didn't read upon them well... I am interested in it to run it....
<A-Kaser> in a vserve you cannot change the ip address
<A-Kaser> the iptables
<A-Kaser> and you cannot change your kernel
<Ries> A-Kaser: that means I can't run apache on port 80 on two different vservers, right? But it is a good solution to run postgresql, apache and maby other services in different vservers. Is that a correct conclusion?
<A-Kaser> no you can
<Ries> (assuming the machine has one interface and no virtual interfaces).
<A-Kaser> it's a real virtualazing
<A-Kaser> on my workstation I use it to test witch apache1 + php4
<A-Kaser> and another vserver to test apache2 + php5
<A-Kaser> and another to test jboss on port 80
<A-Kaser> each vserver have an simple IP alias
<A-Kaser> as you can add with "ip addr add 1.2.3.4/32 dev eth0"
<A-Kaser> you need to configure the master vserver to be sure if you have an apache on it
<Ries> Ahhh yeaaa indeed... so each vserver operates on a alias..... I understand...
<A-Kaser> it didn't take all the IP alias to it
<Ries> got to go home cool and thanks
<A-Kaser> bye :)
<A-Kaser> drink time )
<A-Kaser> :)
<terje> hi, in fedora I use 'service iptables stop' to disable my firewall. How is this done in ubuntu?
<terje> and in general is there a service management command?
<uniq> if you install the package named 'debian-helper-scripts' you get the 'service' command.
<uniq> among others.
<uniq> terje ^^ (just to trigger hiliting)
<terje> sweet, thanks uniq
<uniq> you're welcome.
<Ries> terje:just use shorewall :)
#ubuntu-server 2006-07-12
<terje> ok, so what run control script controls iptables I wonder?
<terje> root@el-oso:~# grep -i iptables /etc/init.d/*
<terje> root@el-oso:~#
<terje> I should get a debian book..
<Ries> terje: I don't even know what ubuntu or debian uses out of the box....
<Ries> I always use shorewall because if the simplicty of it's configuration
<terje> well, I'm not even trying to configure my FW, I just want to turn it off.
<terje> I hear ya w/ shorewall
<Ries> what does iptables -L give you?
<terje> doesn't look like it's running though (iptables -nL)
<terje> yea, nada.
<terje> must be something else..
<Ries> then it's turned 'off'
<terje> (having a problem with my softphone).
<terje> ok, thanks.
<Ries> iptables -L gives me tree policies that are accepted.... means no firewalloing
<Ries> (INPOUT, FORWARD and OUTPUT chains)
<Redman276> good evening  all
<Redman276> ? for the general
<Redman276> is it possible to install  ubuntu server on a   2gb SD card ?
<blix> Dear Channel; Would you please help me configure apache 1.3 on Dapper? I installed the package but it seems that configuration is not correct.
<blix> I installed apache 1.3 package but apache does not start correctly and http://127.0.0.1/ do not loads apache index page. any comment?
<blix> I'm using Dapper.
<fabbione> blix: -> #ubuntu
<fabbione> apache1.3 is in universe and not supported
<blix> fabbione: what about apache2?
<fabbione> apache2 is supported
<fabbione> but generally this is not a support channel
<blix> fabbione: OK. thanks. I'll ask in #ubuntu.
<gapz> 'lo
<spike> is anybody aware of problems with linux-image-2.6.15-23-server kernel and vlans?
<spike> I have a few boxes running ubuntu+customized kernel running vlans without probs, then this box with dapper + linux-image-2.6.15-23-server which dies from time to time
<jsgotangco> hmm we're now on -26
<spike> sendin any packet from the inside or ssh'in from the private ip will resurrect the box
<spike> I was dumping traffic and there's nothing abnormal going on, nothing in the logs either, it really seems to just die for no reason
<fabbione> spike: that can be due to several reasons
<fabbione> not necessarely a kernel bug
<spike> fabbione: would you mind sharing your experience? I've spent the last few days chasing this bug. traffic just disappears once passed the fw and never reaches the box
<spike> it's like fw -> GB switch -> box, the switch is fine, I've got other boxes plugged in there
<fabbione> it can be the firewall it self. I have seen similar stuff in totally different environment
<fabbione> i had to keep a ping up from a box because the wireless card was "going to sleep" otherwise
<fabbione> and it was not playing vlam
<fabbione> (hw issue.. not driver)
<spike> the card is an e1000, kernel support for it should be just fine, I have similar boxes running with no probs
<fabbione> the fw might have arp problems with the vlan?
<fabbione> no arp -> cuts the traffic
<fabbione> arp from inside everything goes fine
<spike> mmmh, havent checked arp from the fw, I'll look for it, ta
<fabbione> when the traffic dies, check the arp
<screeb> hi!
<screeb> do you know where can I find informations on the resons why webmin packaging was stoped for ubuntu?
<screeb> (an old forum discution for exemple)
<lupusinfabula> hi there!
<lupusinfabula> +nc
<lupusinfabula> any of you have ever tried to install ubuntu server on a SCSI contoller AIC79xx? I have an IBM xseries 226 with an IBM ServeRaid
<lionelp> screeb: IIRC it was due to too many bugs in webmin
<lionelp> webmin was droped out of Debian
<A-Kaser> poy poy
<gapz> bye !
<screeb> lionelp: I just read my nog now :)
<screeb> thanks for your answer
<screeb> but would it be more difficult to fix it than rewrite a full web administration interface from scratch
<screeb> or just rewrite buggy modules...
<lionelp> I do not know webmin enough to anwser
<screeb> ok
<screeb> thanks :)
#ubuntu-server 2006-07-13
<A-Kaser> poypoy
<gapz> 'lo
<screeb> plop
<studprog> hi all ... currently i'm working on making a network based install (booting via PXE) ... i've got a system running that 1) reads a preseed file and 2) installs a ubuntu dapper minimal system ... my problem is that i can't seem to making it install ubuntu-desktop ...
<studprog> after base installation, it installs GRUB  - and thereafter reboots
<fabbione> studprog: and why would you do that, when there is one already?
<studprog> fabbione: i have to reply later -- my boss has just called for a admins meeting ...
* studprog will be back in about 30 min.
<fabbione> you also want to ask in #ubuntu .. this isn't a support channel
<Stian> Hey, ok. I've been using Ubuntu 6.06 server for a while, and was just made aware that with a small script and little effort, things like /etc/passwd can be disoplayed directly into the browser. What gives? How can I stop apache from misbehaving?
<SanketMedhi> Stian: misbehaving?
<nihilocrat> well
<Stian> yeah
<nihilocrat> you can put an .htaccess file in /etc, but
<Stian> it's showing off sensitive information
<nihilocrat> You really shouldn't make /etc web-accessible
<nihilocrat> is your docroot like / or something?
<Stian> exactly
<Stian> It's all default
<nihilocrat> bizarre
<nihilocrat> the default is /var/www/apache-default/
<SanketMedhi> the default is /var/www
<nihilocrat> oh well
<SanketMedhi> :)
<nihilocrat> I was thinkign of the default vhost
<Stian> eeeh
<nihilocrat> sorry
<Stian> yeah
<Stian> I am using vhost
<Stian> anywhoo
<Stian> ServerRoot "/etc/apache2"
<Stian> what's up with that??
<nihilocrat> I believe that's where it looks for its config files
<nihilocrat> DocumentRoot is the one you should worry about
<Stian> I cannot find any other Root or root in apache2.conf
<Stian> hmm
<Stian> oohhh
<Stian> nooohhh
<SanketMedhi> Stian: can you please explain what you want to do?
<Stian> hang on
<SanketMedhi> ok
<Stian> I need to have apache not display things like /etc/passwd. Now, I added vhost alias things myself, I guess I should add a document root for the <VirtualHost>
<Stian> or?
<Stian> I only have VirtualDocumentRoot
<Stian> all my sites are "configured" with vhost_alias
<SanketMedhi> !apache2
<SanketMedhi> !apache
<SanketMedhi> loss
<nihilocrat> haha
<SanketMedhi> :P
<nihilocrat> yes, you should have a DocumentRoot entry in your vhost configs
<nihilocrat> I've never used VirtualDocumentRoot and I'm not sure what it does :P
<SanketMedhi> Stian: In apache2 your virtual hosts exist in cd /etc/apache2/sites-enabled/000-default
<Stian> hmm, the only config i've made is in apache2.conf :p
<SanketMedhi> you don't really have to touch that
<Stian> I think I removed the loading of sites-enabled/* as well
<SanketMedhi> :O
<SanketMedhi> I think you should read the wiki for apache2
<Stian> NameVirtualHost *
<Stian> <VirtualHost *>
<Stian>   UseCanonicalName Off
<Stian>   DocumentRoot /var/www
<Stian>   VirtualDocumentRoot /var/www/%0
<Stian> </VirtualHost>
<SanketMedhi> http://help.ubuntu.com/community/
<SanketMedhi> I dunno if that will work in apache2
<Stian> it will
<Stian> it does
<SanketMedhi> ok
<Stian> at least for vhost_alias, the DocumentRoot thing didn't change anything
<Stian> I use this for 8 or so domains/hosts
<Stian> okay, I'll check the wiki
<SanketMedhi> ok
<Stian> and move the vhost to the assigned directory, and so on :)
<Stian> thanks for your inputs
<SanketMedhi> np I was hardly of any help
<Stian> Well, I guess that's what I get for hardly beeing able to explain my problem :P
<SanketMedhi> :)
<gapz> bye !
#ubuntu-server 2006-07-16
* Starting logfile irclogs/ubuntu-server.log
* #ubuntu-server  [freenode-info]  if you're at a conference and other people are having trouble connecting, please mention it to staff: http://freenode.net/faq.shtml#gettinghelp
* Starting logfile irclogs/ubuntu-server.log
* Starting logfile irclogs/ubuntu-server.log
<gapz> 'lo
<A-Kaser> lo
#ubuntu-server 2007-07-09
<Dutchman> Hello, does anyone have experiance with Ubuntu server 7.0.4 and an Hyperthreading CPU ? My system only recognize 1 core but HT is enabled ...
<Dutchman> Hmm no1 :(
<dendrobates> bug 306571
<AlexC_> bje: hey there,
<Emilinux> nickserv
<Emilinux> ns/ register 00ubuntu00 emiliano.berto@gmail.com
<mralphabet> o0
<Kamping_Kaiser> oops
<nealmcb> !bug 306571
<Emilinux> I want to sent mail from a bash script without installing a mail server like postfix or other mail server. IT's possible?
<Emilinux> HI
<ivoks> yes
<ivoks> with telnet :)
<ivoks> you need relay mail server
<Emilinux> which one do you suggest?
<ivoks> that deppends on your ISP
<ivoks> your ISP has mail server which users of that ISP can use
<ivoks> for example, for eutelia.it, it's smtp-in.eutelia.it
<Emilinux> ok, but I have to use Telnet, right?
<ivoks> no, i've never tried doing that in bash
<ivoks> you can use mutt, iirc
<ivoks> i don't remember if you could script it in bash
<ivoks> mutt also depends on /usr/sbin/sendmail :/
<Emilinux> I see 
<ivoks> if you know perl, there is libmail-sendmail-perl
<Emilinux> no I don't know per but I will try, I had just consider perl solution
<ivoks> you can do it in python too :)
<Emilinux> What is most secure, install sendail or Perl compiler?
<ivoks> perl isn't a compiler
<ivoks> it's parser
<Emilinux> perdon parser
<ivoks> you just want to send mail from that machine?
<Emilinux> yes just send for log
<ivoks> if that's true, you don't need MTA (postfix/sendmail/exim); if i were you, i would do it with python
<ivoks> there is even example in /usr/share/doc/python-twisted-mail/examples
<Emilinux> ok thank you I will try 
<lcdd> erm. i'd imagine there are about bazillion existing programs that do exactly this
<ivoks> like logcheck :)
<Emilinux> Let'me see 
<lcdd> apt-cache finds ssmtp, nullmailer, nbsmtp, esmtp-run ...
<ivoks> oh, you meant fake MTAs
<lcdd> i think they might suit the situation well
<Emilinux> now I have a lot to do thank you
#ubuntu-server 2007-07-10
<eauxnguyen> hi all. Any recommendations for hardware for a small office server with raid 0 or better yet raid 5? Considering hp factory refurb..
<mralphabet> something you can get local hardware support for /shrug
<mralphabet> find out what the vendors near you are warranty qualified for
<mralphabet> or if you are doing the hardware support yourself then buy whatever you are comfortable with.
<eauxnguyen> mralphabet: Thanks
<eauxnguyen> it looks like I can get reasonably priced hp looking at the known good list at ubuntu for the promise raid controller..
<tr0n102> Is there a way to raid 1 the MBR across 5 drives using mdadm or raidtools (not not grub-install etc)?
<tr0n102> Put another way: IS there a way to raid1 the first 512k of your hdd's in linux through mdadm/raidtools???
<mralphabet> raid 1 is *2 drives*
<mralphabet> 3 drives is not raid 1
<mralphabet> >3 drives is not raid 1
<lcdd> why not?
<mralphabet> that's wrong actually
<mralphabet> >2 drives is not raid 1
<mralphabet> there, fixed it
<mralphabet> lcdd: because raid 1 is a mirror, ie 1 to 1 copy to a second drive, a third drive doesn't fit into that equation
<tr0n102> *sigh please google that statement mralphabet. http://www.peg.com/techpapers/monographs/raid/raid.html
<tr0n102> anyways, for simplicities sake, lets just say I have 2 drives
<tr0n102> how could I do this?
<mralphabet> use mdadm
<mralphabet> One can configure RAID 1 to have more than one duplicate (e.g. "triple mirroring") copy of each disk.
<mralphabet> my bad
<mralphabet> win 15
<tr0n102> Everytime a drive dies, I should not have to install grub into the MBR. The MBR is part of the Hard disk, therefore the Raid software should handle it!
<lcdd> you can combine whole disks instead of partitions
<tr0n102> How can I do that with software raid lcdd!?
<lcdd> but i don't know for sure whether that will affect booting
<tr0n102> do you have a link?
<lcdd> well, the same way as with partitions, i think
<tr0n102> a hyperlink to this esoteric and forbidden knowledge?
<lcdd> http://tldp.org/HOWTO/Software-RAID-HOWTO.html
<lcdd> i hope it is current
<tr0n102> any particular section you were referencing?
<mralphabet> it is not current
<tr0n102> hmmm but that brings up a good point. instead of using a partition as a device, use the whole disk as a device
<tr0n102> fascinating, but can it work?
<tr0n102> "/spock
<lcdd> i've never tested it
<tr0n102> well, it doesn't work in my situation anyway
<tr0n102> Thanks for your help tho, I'll probably just use sfdisk to do it all
<tr0n102> Weird al Whit3 and n3rdy - http://video.google.com/videoplay?docid=-355446715071271348&q=white+and+nerdy&total=6362&start=0&num=10&so=0&type=search&plindex=0
<nealmcb> tr0n102: yeah - a great video - I have it on my nokia 770 internet tablet
<ghatak> Hi, i currently have a server with TFTP, DHCP setup for pxe boot. is it possible for me to redirect all the output to console? I am able to do it once the installation is done by changing grub
<stiV> hi everyone ... i have a question: i am trying to install multiple machines unattended, which is working pretty good, i have my own mirror and costumized packages (eg. apache2 package w. ssl generation and change config files built in) but i just can't figure out how to tell the "postfix" package to stop asking for configuration. (i changed the package to hold all the configs i need). anyone an idea or a link where i could f
<stiV> the installation is working very well, and i have a working unattended netboot environment, but because i changed some components on my mirror i can't get the installer to use the packages i want before the first boot, so i made a one-time bootscript (which works as well) where i do an aptitude update and install all the packages i want via aptitude install XY. thing is, postfix asks questions and i wandted to know if i just
<jdstrand> stiV: man 7 debconf
<jdstrand> stiV: particularly Unattended Package Installation
<stiV> that was what i was searching for ... ty :-)
<kronus_> Hi, is there any way to force dhclient to ask for a specific IP?  Our router doesn't seem to support this functionality, and a normal DHCP acquire gives me a different IP than before
<kronus_> and the whole office doesn't want to change their bookmarks :|
<kronus_> oh, and setting the IP with ifconfig makes the server unable to communicate with the outside world
<mralphabet> http://ubuntuguide.org/wiki/Ubuntu:Feisty#How_to_configure_network_connections
<mralphabet> hrm, that's if you are in gnome
<mralphabet> kronus_: what are you running?
<kronus_> server distro, no GUI
<mralphabet> !server gude
<ubotu> Sorry, I don't know anything about server gude - try searching on http://bots.ubuntulinux.nl/factoids.cgi
<mralphabet> !server guide
<ubotu> Sorry, I don't know anything about server guide - try searching on http://bots.ubuntulinux.nl/factoids.cgi
<mralphabet> hrm
<mralphabet> !network
<ubotu> Wireless documentation can be found at https://help.ubuntu.com/community/WifiDocs
<jdstrand> kronus_: why not use another computer as your dhcp server, and disable that on the router?  Then you can setup MAC addresses with IP addresses.
<jdstrand> kronus_: as for ifconfig not working-- did you remember to setup a default route?
<kronus_> jdstrand: what is a default route?
<jdstrand> kronus_: it tells the computer where to send packets that it doesn't know how to route.  Typical usage would be:
<jdstrand> route add default gw <ip of your router>
<kronus_> ah
<kronus_> i will try that
<kronus_> I think it worked, thanks :D
<jdstrand> kronus_: you should see:
<jdstrand> man route
<jdstrand> man interfaces
<kronus_> will do
<jdstrand> The second lets you configure these things in the debian/ubuntu way
<jdstrand> they will come up on boot automatically then
<kronus_> so a dhcp ack would set up both the NIC and the routing, then?
<jdstrand> typically yes
<jdstrand> you are doing it manually, so you need to do both
<kronus_> ah, route gw sets the gateway
<kronus_> it makes more sense now
<kronus_> I would go to #ubuntu to troubleshoot wifi, right?
<jdstrand> yes
#ubuntu-server 2007-07-11
<BFTD> Hi, how do i install openssl onto my server?
<Innatech> BFTD: http://www.google.com/search?hl=en&q=ubuntu+SSL+howto&btnG=Google+Search
<Innatech> look for a howto that applies to your intended usage....
<MajorPoopyPants> NICE
<Gruelius> how do i delete a user from the command line
<Gruelius> Im trying to setup the power aspects of my server. I have 5 disk's in a raid5 array. HDparm -C /dev/sda e.t.c. tells me the drives are in standby but i am reading the array right now. Do i need to tell hdparm to sleep the array aswell?
<b0ne> hey fabbione, i know you just got here, let me know if i can ping you with a software raid question?
<fabbione> just ask
<b0ne> have you seen mdadm spit back an error that one of the resources/devices is in use when attempting to create a raid array?
<fabbione> yes.. the point is in which context did you see it?
<fabbione> at boot time?
<fabbione> after boot when creating a raid?
<fabbione> etc..
<b0ne> no errors in dmesg, fdisk shows them both, i can change the partition table on the first, the second requires a reboot also due to "in use" 
<fabbione> you are not explaning the scenario
<fabbione> 1) what do you have now?
<fabbione> 2) what do you want to setup?
<fabbione> 3) how are you trying to set it up?
<fabbione> 4) when do you see the error..
<b0ne> i have a box that i'm going to use as a server, i installed a primary disk on ata100 ide controller 40gbish, then put two 500gb sata drives on the sata controller
<b0ne> i wanted to setup a raid0 software array using the installer or manually via mdadm
<fabbione> ok
<b0ne> i got it to work once via the installer and the configure raid option, but since reinstalling, the second disk is always in use the second i set the partition types to linux raid auto
<fabbione> hmmmm
<fabbione> can?t you determine wha is using the disk?
<fabbione> you said that it was RAID-0
<fabbione> do you have anything in /proc/mdstat ?
<fabbione> perhaps the kernel is trying to autostart it anyway from the old install
<fabbione> if so it would be busy
<b0ne> yeah, even though i haven't created the array yet, it shows md0 inactive sdb1[1] (s)
<fabbione> yeah of course
<fabbione> that?s correct because the kernel can see the old metadata from the previous install
<b0ne> i've tried mdadm -f /dev/md0 and mdadm -r /dev/md0 which reports no errors
<fabbione> so something like:
<fabbione> mdadm --stop /dev/md0
<fabbione> you need to stop it first
<b0ne> ah stop.. doh
<fabbione> then look in the mdadm man page
<fabbione> there is an option that?s like: --zero-superblock
<fabbione> that basically clear the md metadata in full
<fabbione> i don?t recall the option by heart so please look it up
<fabbione> force that command on the disk
<fabbione> reboot
<b0ne> cool, stop worked, i don't know why i didn't see that option when i was reading the help/man page earlier
<fabbione> it is not necessary to reboot but it?s easier to clear all the in mem data
<b0ne> i would have thought a windows install and format of those disks would have wiped that information out... go figure
<b0ne> thanks for the help :)
<fabbione> no they don?t
<fabbione> the md metadata are at the end of the disk
<fabbione> on a 64K boundary that no OS?es is going to touch for a very good reason :)
<b0ne> i was so excited to get this box put together, 1tb of storage on a gigabit network all to serve up xvid movies and music ;D
<Gruelius> hey, can someone show me how to setup clamav to scan samba?
<[miles] > hi guys
<[miles] > is anyone using mailgraph at all?
<[miles] > I need to get info on mail traffic on a per domain basis
<J_P> hi all
<padwan> erm, is there just two hosts that serves the security.ubuntu.com mirror?
<ivoks> almost all mirrors host it too
<ivoks> replace security.ubuntu.com with xx.archive.ubuntu.com
<mattwalston> Anyone have a suggestion for a mail server that IS NOT an exchange replacement?
#ubuntu-server 2007-07-12
<mattwalston> usermode linux
<mattwalston> oops, ignore that
<Jester45> hi, im trying to do http://www.faqs.org/docs/Linux-mini/Compressed-TCP.html  i have a co-located machine that i can ssh into. i was wondering if i must use  a proxy or if there is a diffrent way of doing this. and if i must use a proxy does anyone have a good guide to set on up 
<lcdd> Jester45: is this for web traffic?
<Jester45> possibly if it is fast 
<Jester45> im looking more for one of the co admins that only has dialup and downloading big logs take a while
<Jester45> and i was really curious 
<lcdd> if there are any web proxies available to the ssh machine, it's easy to forward http over ssh for anyone who has an ssh account
<Jester45> the log files and the ssh is on the same machine i could run a proxy on it 
<lcdd> so there are only two machines involved?
<lcdd> in that case there is no need for proxies
<Jester45> good
<lcdd> just use scp or maybe rsync over ssh to copy the files
<Jester45> so the ssh connection would make it kinda like a proxy 
<lcdd> it's just a tunnel between two machines
<Jester45> so use the same command ? then tell rsync to use that port
<Jester45> im not to good at networking
<lcdd> well, if you already know how to use rsync, just add the option -e ssh
<Jester45> ok
<lcdd> there is actually a good example on the rsync man page
<Jester45> thanks
<lcdd> but that connection is not compressed by default
<lcdd> Jester45: you can set ssh options, to enable compression among other things, in ~/.ssh/config (on the client machine)
<lcdd> needs just two lines:
<lcdd> Host myserver
<lcdd>   Compression yes
<lcdd> that's it
<Jester45> compression-level=9?
<Jester45> cant you set the level
<lcdd> i'm not sure. the CompressionLevel option is only for the older protocol version 1
<Jester45> k
<hatter> any ideas of the numbers of servers now used by ubuntu-server ?
<mralphabet> hatter: brazillions!
<hatter> mralphabet, haha
<hatter> do you use it ?
<mralphabet> I do
<hatter> i have etch and sarge on most servers now,  but etch is not discovering my sata controller due to a bug in the via-sata driver in the 2.6.18 kernel. so looks like i am switchiing it to ubuntu server
<hatter> so i was wondering how many in real life use ubuntu as a server
<mralphabet> I went from primarily from slackware to ubuntu
<hatter> because of hardware driver issues ?
<hatter> this has been the achilles heal of all these distros
<mralphabet> more the support cycle and community
<hatter> computer hardware moving faster than software drivers
<mralphabet> yeah
<hatter> painful
<hatter> how long were you using slack for ?
<mralphabet> I have a raid controller that isn't in the kernel yet and I have to run windows on that box, I hate it
<mralphabet> 8 years?
<hatter> even with ubuntu ?
<mralphabet> yes
<hatter> software raid ?
<fujin> anyone know much about asterisk? more importantly, if it is maintained locally so that I may ask the maintainer to build some extra features or create an asterisk-addons package
<hatter> s/w raid controller that is ?
<hatter> how new is the mobo ?
<mralphabet> it's a promise card
<hatter> oh they are painful
<mralphabet> quite
<hatter> its sata ?
<mralphabet> it's the first card they used a sata chipset for an ide card
<hatter> have you tried a knoppix live cd ?
<mralphabet> yup
<mralphabet> it's nowhere in the kernel
<hatter> damn
<mralphabet> was a bad purchase, learned my lesson
<hatter> hardware hardware
<hatter> this is what i think happens over at ms
<mralphabet> heh
<hatter> they spend all there resources on making drivers for new hardware
<hatter> i suffer so much with differing h/w and linux
<mralphabet> aye
<mralphabet> it has been getting better, but not quite there yet with some hardware vendors
<hatter> yes much better
<hatter> sata was driving me nuts for awhile
<hatter> now its driving me nuts again
<hatter> with etch
<hatter> which i didnt think would be a problem anymore
<hatter> which may lead me away from debian :(
<hatter> *sigh*
<mralphabet> I had luck with my last sata raid, though I don't remember the card!
<hatter> though i use feisty on my desktop
<mralphabet> the release cycle that ubuntu pushes is nice, their next LTS is going to be a lot nicer then 6.06 LTS, backports will be handled better
<mralphabet> fujin: I don't know who maintains the asterisk package
<hatter> well, my new ubuntu-server is now hanging at the running local boot scripts
<hatter> dammit
<mralphabet> ;(
<hatter> damn sata.  it has been a pain in my ass for ages.
<mralphabet> what chipset?
<hatter> via8237
<hatter> on a gigabytre ga-7vm400am
<mralphabet> onboard sata?
<benlake> anyone setup pure-ftpd with ssl?
<hatter> mralphabet, yes
<mralphabet> hatter: o0 that's an older board
<mralphabet> hatter: /win 17
<mralphabet> er
<mralphabet> hatter: I am surprised that is throwing issues
<mralphabet> hatter: try a live cd and see what it shows up as
<mralphabet> IE desktop install cd
<mralphabet> are you using feisty?
<hatter> mralphabet, the livecd for knoppix is fine, ubuntu is fine, etch kernel 2.6.18 doesnt detect it
<hatter> it appears to be a problem with via_sata driver in the 2.6.18 kernel
<lcdd> hatter: you could install etch to an external disk or some other media and then upgrade the kernel
<lcdd> maybe on another machine or even in qemu
<lcdd> it's not too difficult to drop the working installation in one tarball onto the sata disk afterwards
<hatter> lcdd, ah, theres a good idea
<hatter> i just found the sarge installer works, so my latest thought is to install sarge, u/g to etch, install kernel from backport
<lcdd> there might be some boot option to work around the problem also
<hatter> lcdd, i couldnt find any, i guess i may be able to get the working driver on a disk then use a boot option
<hatter> but then it doesnt put that driver in the kernel does it ? can the ide driver be a module ?
<ubuntuserver> helppppppppp
<ubuntuserver> i have installed ubuntu server
<ubuntuserver> and they hack it,and now i again install ubuntu server
<ubuntuserver> how can i protect it.
<lcdd> hatter: there's a boot option "all-generic-ide" which sounds like it could work
<ubuntuserver> i follow the how to 
<ubuntuserver> from a web page to install postfix apache mysql and etc.
<ubuntuserver> http://www.howtoforge.com/perfect_setup_ubuntu704
<hatter> lcdd, thx i will check it out
<ubuntuserver> can someone tell is this web site good for how to 
<ubuntuserver> is there someone receiv ?
<Burgundavia> ubuntuserver: that is an everything server
<Burgundavia> what are you actually doing with this server?
<ubuntuserver> apache,mail server,ssh
<ubuntuserver> and webmin too.
<Burgundavia> ugh, webmin is evil and unsecure
<Burgundavia> it is likely that is how they broke your computer
<ubuntuserver> i read that  they can brute force attack the ssh and then cna gain access
<ubuntuserver> but i don't log with root
<Burgundavia> they can, but the most common account to do that to is root
<ubuntuserver> but when i write root 
<ubuntuserver> and the password is say that the password is incorrect
<ubuntuserver> root pass is dissabled
<Burgundavia> ok
<Burgundavia> so reinstall, and install only what you need
<Burgundavia> there is no need to do everything they say there
<ubuntuserver> ok 
<ubuntuserver> but for web mai l
<ubuntuserver> what i can use
<ubuntuserver> zimbra?
<Burgundavia> sure
<ubuntuserver> ok but how can i configure it to work with the antivirus 
<Burgundavia> for that I have no idea
<Burgundavia> zimba likely has docs on how to configure clamav with it
<ubuntuserver> or can you tell me what web mail is good?
<Burgundavia> zimbra is pretty good
<ubuntuserver> ok man 
<ubuntuserver> one question 
<ubuntuserver> what web min do you use?
<Burgundavia> for web control?
<Burgundavia> I have been looking at ebox, but there is nothing currently good enough
<ubuntuserver> for example web mail server
<ubuntuserver> i will try to install zimbra
<Burgundavia> zimba will do everything
<ubuntuserver> and another
<ubuntuserver> i have ssh how can i protect it to if someone try brute force attack to bann him?
<lcdd> it's better to use proper passwords
<ubuntuserver> lcdd, i have my passowrd but how long need to be
<lcdd> ubuntuserver: the longer the better, but more importantly it should be difficult to guess
<ubuntuserver> ok but how can i configure that when is long that if somoone try to brute to bann him
<ubuntuserver> like 3 time incorrect and bann him
<lcdd> i don't know any programs for that
<Tones> hey
<ubuntuserver> yes
<Tones> ummm needing some help, trying to install ubuntu on an oldish compaq proliant dual p3 server running a raid array.....but the installer doesn't find the hard drive
<ubuntuserver> Tones, ubuntu feidty?
<Tones> urrr 7.04
<ubuntuserver> why don't you try 6.06
<ubuntuserver> ok when you put the cd-rum is it load it?
<Tones> yea when i put the cd in, it loads to the setup gui and goes through everything fine until it gets to hard drive detection
<ubuntuserver> aha
<ubuntuserver> and it don't detect the cd-rum
<Tones> yea it does
<ubuntuserver> i mean the hdd
<Tones> it detects the raid controller (i think) but then you go to the partition part nothing works, gives errors saying no space or anything even though they are 80gb
<ubuntuserver> ok do you have the ubuntu desktop cd
<Tones> yea, didn't try that one though
<ubuntuserver> put it,and if it load the go to the gnome partition 
<ubuntuserver> and format the partition
<Tones> ah ok, will go try that now
<ubuntuserver> ok goodluck
<Tones> same error, comes up saying "cannot determine the geomitry of the disc. do not use PARTED unless you kinow what your doing" or something like that
<ubuntuserver> the importand that is use gnomparted and delete the all disk
<ubuntuserver> is it on laptop?
<Tones> no its on a proper server machine
<Tones> oh gnomparted....ok will try that, is it right that its detecting the hardrive as /dev/ida/c0d0?
<ubuntuserver> ok then try to format it from windows.
<ubuntuserver> maybe for raid ?
<ubuntuserver> for ide or sata no?
<Tones> yea i've never tried any types of linux with a raid but from memory its usually something like /dev/hda/hd0 or something like that
<Tones> its scsi its not ide or sata
<Tones> brb, will try gnomeparted
<ubuntuserver> ok
<Tones> gnomeparted says no device detected
<ubuntuserver> ?
<ubuntuserver> from the live cd
<Tones> yup
<Tones> infinity: think its not seeing the raid properly....might not have a driver for it or something
<Tones> urrr....that was meant to be i think....stupid irc client
<ubuntuserver>   do you try to update the ubuntu
<Tones> how do i do that?
<ubuntuserver> now
<ubuntuserver> apt-get update
<ubuntuserver> but maybe the problem is that raid
<ubuntuserver> can you change the disk to be ide.
<necrite_> hi all
<necrite_> i have one problem
<necrite_> i have one server with load average "3" but when i run top.. i dont see any proccess using the cpu
<necrite_> do u have any way to know which proccess is using the cpu?
<athonus> Quick question. I trying to setup an FTP and i got vsftpd installed but when i /etc/vsftpd.conf i get permission denied. can anyone help?
<necrite_> sudo vim /etc/vsftpd.conf
<athonus> ahh ty
<necrite_> np
<athonus> hmm now i get command not found
<necrite_> sudo gedit /etc/vsftpd.conf
<athonus> still not found
<necrite_> mmm 
<necrite_> u dont have sudo? 
<necrite_> r u using ubuntu-server?
<athonus> ya
<athonus> im using ubuntu server
<athonus> but not sure about sudo
<necrite_> sudo -V
<athonus> sudo version 1.6.8p12
<necrite_> u have vi?
<athonus> yes
<necrite_> sudo vi /etc/vsftpd.conf
<athonus> that did something
<athonus> awsome ty again im in the file now
<necrite_> oks
<athonus> can anyone help im in /etc/vsftpd.conf and i dont know how to get out
<laichzeit> any good reason why ubuntu-server 7 doesn't use dmraid?
<Nafallo> 7?
<Nafallo> 7.04 it's called.
<Nafallo> please use the correct version :-/
<Nafallo> and that package is just an apt away
<laichzeit> yeah it's an apt away, but you can't install to a raid drive if the installer doesn't see it as a raid drive.
<laichzeit> i.e., you need dmraid so it creates /dev/mapper/raid_volume_asdl23j4lksjaa
<laichzeit> it's a fakeraid and shows up as /dev/sda and /dev/sdb
<lcdd> i don't there are any reasons to prefer fakeraid over software raid in a server
<lcdd> don't know if --
<lcdd> there might be issues with data recovery from fakeraid devices if you lose the hardware
<krampo> Hello, is there a way to tell apt not to upgrade some specific packages (say, kernel) when doing apt-get -y update ??? Some kind of masking I may say.
<lcdd> krampo: yes, it's possible to put packages on hold
<krampo> thanks, I couldn't figure out the keyword. Looks like it's easiest to do with aptitude?
<lcdd> yeah, aptitude is probably best for that
<laichzeit> any of you know if you can use the disk when a background resync is happening with software raid?
<lcdd> laichzeit: you can
<laichzeit> cool, thanks.
<krampo> it seems that apt-get ignores aptitude 'hold' flag. only aptitude respects that, is it so?
<soren> No. Apt-get respects it, too.
<krampo> hmm...I just tried to put on hold some packages, but apt-get upgrade upgraded them, aptitude said that they have been kept back
<soren> krampo: Which package have you put on hold and what happens when you apt-get upgrade?
<krampo> I put on hold update-manager and update-manager-core (for example)
<soren> Please run:
<soren> dpkg --get-selections | grep update-manager
<soren> and just paste the output here (shouldn't be more than two lines)
<krampo> update-manager                                  install
<krampo> update-manager-core                             install
<soren> Then aptitude is on crack.
<soren> Run:
<soren> echo update-manager hold | sudo dpkg --set-selections
<soren> echo update-manager-core hold | sudo dpkg --set-selections
<soren> That's it.
<krampo> cool, thanks
<krampo> now both are on hold
<soren> np
<krampo> cool, if I set hold using dpkg --set-selections, then aptitude respects it, if I set just in aptitude, apt-get doesn't get that hold
<infinity> aptitude doesn't twiddle the dpkg selections.  If you want that in a curses package manager, use dselect.
<infinity> (yay, dselect)
<soren> eek, dselect.
<soren> aptitude keeps its own list of held packages? Evil!
<infinity> aptitude does pretty much everything in its own special way.
<infinity> And dselect actually works. :P
<infinity> (I have years of bitter bias here, so take this with a grain of salt)
<infinity> soren: What happened to "shawarma"?  Too many complaints about your nick making people hungry?
<soren> infinity: Kees revealed that you could hijack nicknames if they hadn't been used in more than 6 months. soren hadn't been used in almost three years.
<soren> And was registered about a week before that.
<soren> :)
<soren> infinity: But yes, also too many complaints about making people hungry. :)
<maswan> infinity, soren: personally I agree and avoid aptitude for pretty mcuh those reasons
<zul> dendrobates: ping
<dendrobates> zul: pong
<zul> dendrobates: for the ldap authentication stuff why arent we using redhat-config-ldap or whatever the program is called
<zul> reading the ldap spec btw
<dendrobates> zul: currently, the debian packages makes changes to pam-ldap and nss-ldap, that I believe makes it incompatible.  One of the main purposes of the spec is to correct that.
<dendrobates> zul: I wouldn't rule it out in the future though.
<krampo> heh, speaking about ldap. Week ago I tried to set up authentication through ldap (our University has all students in ldap database), but I couldn't figure out how to map any ldap user to some local user. So users authenticate through ldap username/password, but get some local home dir (everybody the same, at the beginning).
<dendrobates> zul: also, pam-ldap and nss-ldap are linked against openldap-2.1, which is missing some functionality.
<dendrobates> krampo:  map? how did you do it?
<dendrobates> zul: the spec is a work in progress.
<krampo> I couldn't :)
<dendrobates> krampo: what did you try to do?  what packages dod you install?
<dendrobates> s/dod/did/
<krampo> libnss-ldap and libpam-ldap
<krampo> I followed some manual about Debian/Ubuntu authentication through ldap
<krampo> I got to the point where it authenticates username/password
<krampo> but then got some error (tryin' to find it in syslog)
<dendrobates> libnss-ldap when setup correctly, and should provide nss info. 
<dendrobates> of course, our ldap data must also be correct.
<krampo> anyway, as I remember it was something about can't find group or something like that
<dendrobates> did you create the necessary ou=group in your directory tree?
<krampo> I was just thinking whether it's possible to use just username/password authentication from LDAP and everything else from local system
<krampo> what's about that group? I just have read-only access to that LDAP server
<krampo> everybody is in People
<dendrobates> Ahh, it is possible you do not have sufficient access to search the directory for group information.
<krampo> there are also ou=groups (for example grouped by faculties)
<krampo> cn=faculty_name,ou=groups,dc=lu,dc=lv
<krampo> something like that
<krampo> there should be separate group for those who can authenticate using ldap from linux?
<dendrobates> the groups must contain the objectclass posixGroup  and contain memberUid attributes.
<dendrobates> you also must be able to search in that ou. 
<krampo> but the ou=People (where all those users actually reside) can't be used?
<dendrobates> krampo: it may contain primary group membership, but the system needs information about that group. i.e gid. and that is in ou=groups
<krampo> they have set it up like this:
<krampo> there's a group
<krampo> cn=teo,ou=groups,dc=lu,dc=lv
<krampo> it has ojectClass posixGroup atribute
<krampo> and it has gidNumber
<krampo> all the members are as attributes in that cn=teo
<krampo> just listed
<krampo> e.g zt12345, zt23435
<krampo> ....
<krampo> each of them is memberUid
<dendrobates> that's right.  perhaps you just have a misconfiguration. 
<krampo> beginning of LDIF:
<dendrobates> what os is the server running on?
<krampo> 7.04
<krampo> aaa
<krampo> lDAP?
<krampo> I think it's AIX
<krampo> or something like that
<dendrobates> is it openldap or ibm directory server?
<krampo> openldap I think
<krampo> that's an open server, if you like you can check :)
<krampo> http://bumbieris.lanet.lv
<krampo> dc=lu,dc=lv
<krampo> should be accessible from anywhere
<krampo> AFAIK
<krampo> dn: cn=teo,ou=groups,dc=lu,dc=lv
<krampo> objectClass: top
<krampo> objectClass: posixGroup
<krampo> cn: teo
<krampo> gidNumber: 213
<krampo> memberUid: zt30070
<krampo> beginning of LDIF file for that group
<dendrobates> krampo: you should discuss this with your directory server admins.  perhaps they have configuration steps for you.
<krampo> then continues long list of memberUid
<dendrobates>  the group looks fine.
<krampo> ok, but the group looks ok to you?
<krampo> ok
<dendrobates> however, if the server is ibm directory server, all is different.  AIX clients and servers, modify the posix schema.
<krampo> but on libnss-ldap reconfigure I should list the full path, right? cn=teo,ou=groups,dc=lu,dc=lv
<krampo> dendrobates: thanks a lot. I'll check with server admins (they're not very talktive, you know :) and try to figure out how to solve this thing.
<dendrobates> krampo: np
<krampo> I know that windows classrooms in university are using tool called pagina (or smth. like that) and they're authenticating against POP3 (which is connected to the same LDAP)
<dendrobates> krampo: that is a completely different thing, than Linux system authentication.  It would not have the same requirements.
<dendrobates> krampo: you should only give suffix when it asks for the search base  i.e dc=lu,dc=lv
<krampo> ok
<stiV> hi everyone ... back again :-) i have a problem with the postfix package: i have an unattended ubuntu installation, which installs everything i need. most of the packages are installed AFTER the setup process with a script that is being started in rc.local. the problem is, that some packages try to use stdin/stdout (eg. i had to adapt the ssl-cert package to use /tmp instead of a homedir, because it couldn't find a homedir ;
<stiV> (...) providing my own package would not be a problem)
<necrite> hi.
<necrite> when i run the "top" command. i see one line which say "cpu(s)"  and  I need one line per core. there is any SWITCH to see one liene per core?
<lcdd> necrite: '1'
<necrite> ?
<lcdd> hit one while in top
<necrite> lcdd, i have Cpu(s): 13.5%us,  0.5%sy,  0.0%ni, 85.2%id,  0.0%wa,  0.0%hi,  0.8%si,  0.0%st
<necrite> and i need cpu1 blah.. cpu2 blah
<lcdd> yes. the '1' key toggles cpu summary view
<necrite> nice ty!
<necrite> lcdd, what is the %id collumn?
<lcdd> idle
<necrite> mhhh so idle 100% is fine
<necrite> ?
<lcdd> right
<necrite> there is any place to paste 8 lines to show u one thing?
<necrite> i have 3 core's idle and one 63% idle and load average of 2.3 :S
<necrite> !paste
<ubotu> pastebin is a service to post large texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu-nl.org (make sure you give us the URL for your paste - see also the #ubuntu channel topic)
<lcdd> load average doesn't exactly mean cpu load
<necrite> lcdd, check this http://paste.ubuntu-nl.org/29681/ 
<lcdd> necrite: it looks ok
<necrite> but why i have 2 of load average?
<lcdd> this article explains load avg: http://www.linuxjournal.com/article/9001
<necrite> ty
<stiV> second try :-) i have a problem with the postfix package: i have an unattended ubuntu installation, which installs everything i need. most of the packages are installed AFTER the setup process with a script that is being started in rc.local. the problem is, that some packages try to use stdin/stdout (eg. i had to adapt the ssl-cert package to use /tmp instead of a homedir, because it couldn't find a homedir ;). postfix asks 
<stiV> (my own  package would not be a problem)
<Enron> Hi question i'm trying to update snapapi using dkms build --kernelsourcedir I can't locate the kernel source build dir can someone help
<Enron> Anyone alive?
<necrite> i am alive
<necrite> but i cant help u
<stiV> enron: if you have downloaded the kernel sources via aptitude they should be accessible via /usr/src/linux
<stiV> !kernel-source
<ubotu> To install the Linux (kernel) headers, open a terminal and: sudo apt-get install linux-headers-$(uname -r) To install headers for libraries, you need the accompanying -dev packages
<Enron> inorder to install acronis backup agent, I need to update snapapi module. I need to issue the command dkms build -m snapapi26 -v 0.7.19 \ -k <KERNEL_VERSRION> --config <CONFIG_FILE> --arch <KERNEL_ARCH> \ --kernelsourcedir <PATH_TO_KERNEL_SOURCES> # dkms install -m snapapi26 -v 0.7.19 \ -k <KERNEL_VERSRION> --config <CONFIG_FILE> --arch <KERNEL_ARCH> \ --kernelsourcedir <PATH_TO_KERNEL_SOURCES> 
<Enron> this is what i'm trying to do
<mralphabet> linux-libc-dev - Linux Kernel Headers for development
<Enron> I got an error when trying to build http://phpfi.com/249372
<mralphabet> you have build-essential?
<Enron> yes
<mralphabet> is linux-libc-dev installed?
#ubuntu-server 2007-07-13
<Enron> Can someone help I got an error when trying to build http://phpfi.com/249372
<ssn> hi
<ssn> is there a default firewall running in ubuntu-server?
<PanzerMKZ> I have a compaq DL360. I have made a custom ISO with a few drivers missing so that installs go better. But I would like to install without APIC. Is there a way to tell it that I don't want to use APIC?
<Dheeraj_k> please tell me what does this dns error means? http://www.dnsstuff.com/tools/dnsreport.ch?domain=desi-tek.com
<dendrobates> bug 125649
<ubotu> Launchpad bug 125649 in oprofile "config file is stored in /root" [Medium,Confirmed]  https://launchpad.net/bugs/125649
<Enron> good morning
<Enron> anyone awake?
<Enron> how can I download linux-source-2.6.15-23-server? Can someone help I got an error when trying to build http://phpfi.com/249372/
<mralphabet> http://packages.ubuntu.com/cgi-bin//search_packages.pl?version=all&subword=1&exact=&arch=any&releases=all&case=insensitive&keywords=2.6.15-23&searchon=names
<mralphabet> Enron: i686?
<mralphabet> http://packages.ubuntu.com/dapper/source/linux-source-2.6.15
<mralphabet> so it should be sudo apt-get install linux-source-2.6.15
<spensergilliland> hello
<spensergilliland> I just looked at netstat -a and see a port 1027 open on all IPs. Can anyone tell me what this is and why it is open?
<spensergilliland> udp        0      0 *:1027                  *:*
<spensergilliland> this is the important line.
<lionel> spensergilliland: do a netstat -ap you will have the process listening on the port
<spensergilliland> ok thank you
<spensergilliland> alright it says that dnsmasq is using the port i wonder why that is?
<lionel> apt-cache show dnsmasq will make a  better description than me :)
<ScottK> keescook: Thanks for approving me.
<keescook> ScottK: you betcha.  :)
<fernando> keescook, thanks
<keescook> fernando: welcome.  :)
<ScottK> What is the process for deciding if it's OK to add a new package for the server team?  I'd like to see a more complete set of mail server related packages.
<Innatech> anyone know if there's a dapper-compatible deb of ipmenu somewhere I can use? I'd rather not install a whole toolchain on my router to compile it. 
<Innatech> (Or if it's safe to use the one in the Warty repos?)
<ScottK> Innatech: You might ask yourself why it was removed...  But you can build the package using pbuilder on another machine (doens't have to be running Dapper) and move the binaries to the router.
<Innatech> yeah, I was wondering about that a little. Thanks for the reminder re: pbuilder . 
<Innatech> Would there be some note on its removal somewhere I should look for?>
<ScottK> There are sometimes bugs about removals, but not in this case.  I'd suggest Google.
<lionel> You can find the reason on http://people.ubuntu.com/~ubuntu-archive/removals.txt or http://ftp-master.debian.org/removals.txt
<kshahnjd> can someone help me set up a static ip?
<kshahnjd> i read the man
<kshahnjd> and changed /etc/network/interfaces but when I ifconfig, i'm still the old dhcp ip
<tck> kshahnjd, sudo ifconfig eth0 IP_ADDRESS NET_MASK 
<tck> what is your gateway and your assigned static IP address
<Nafallo> interface eth0
<kshahnjd> 255.255.255.0, my ip is 192.168.1.50 on my home network
<Nafallo>   ip address xxx.xxx.xxx.xxx/xx
<tck> whats your gateway
<Nafallo>   end
<Nafallo> wr
<Nafallo> :-)
<tck> so try this
<kshahnjd> gateway 192.168.1.1
<tck> sudo ifconfig eth0 192.168.1.50 255.255.255.0 up
#ubuntu-server 2007-07-14
<kshahnjd> iface eth0 inet static
<kshahnjd> 	address 192.168.1.50
<kshahnjd> 	netmask 255.255.255.0
<kshahnjd> 	gateway 192.168.1.1
<tck> sudo route add default gw 192.168.1.1
<tck> then try, sudo dhclient 
<Nafallo> tck: WHAT!? :-)
<kshahnjd> when i use your first line it says invalid argument
<Nafallo> kshahnjd: your conf looks good. that should just work.
<kshahnjd> when i dhclient it assigns me .33 again
<kshahnjd> instead of .50
<kshahnjd> it goes back to dhcp essentially
<Nafallo> tck: why would you set up a static ip just to use dhcp to reset what you just did?
<tck> dhclient can assign static ip addresses too right?
<Nafallo> tck: if you've configured the dhcpd for that yes.
<tck> kshahnjd, print a netstat -r 
<Nafallo> tck: but you doesn't have to set up the static ip on the computer before that then
<tck> and show the output
<Innatech> scottk lionel : thanks for info @ 15:21 & 15:27. 
<kshahnjd> tck: I can't show you the input, I can type it over to you, two separate computers
<lionel> np :)
<Nafallo> kshahnjd: sudo ifdown eth0 && sudo ifup eth0 with that conf should just work. you might want to try that.
<Nafallo> kshahnjd: forget about using dhcp until you have configured the dhcpd :-)
<kshahnjd> Nafallo: it returns the following "don't seem to be have all the avariables for eth0/inet failed to bring up eth0"
<Nafallo> kshahnjd: try to add broadcast 192.168.1.255
<Nafallo> kshahnjd: to interfaces of course.
<Nafallo> kshahnjd: then save the file and try sudo ifup eth0 again
<tck> iface eth0 inet static
<tck> address 192.168.1.50
<tck> netmask 255.255.255.0
<tck> network 192.168.1.0
<tck> broadcast 192.168.1.255
<tck> gateway 192.168.1.1
<Nafallo> right. network aswell :-)
<Nafallo> but I can't understand why does are still needed.
<Nafallo> those even
<tck> variety is the spice of life :P
<kshahnjd> same thing, same error "if down: interface eth0 not configured don't seem to have all the variables for eth0/inet"
<tck> kshahnjd, try sudo /etc/init.d/networking restart
<kshahnjd> i have, ifconfig still says .33
<tck> bring eth0 down
<tck> sudo ifdown eth0
<kshahnjd> same error, "don't seem to have all the variables for eth0/inet" faild to bring up eth0
<Nafallo> ehrm. if down says you don't have the variables?
<kshahnjd> yeah, keeps saying the same thing
<Nafallo> weird
<kshahnjd> am i missing something else?
<tck> specify, ifdown -i eth0
<Nafallo> kshahnjd: definatly. I just don't know what :-)
<kshahnjd> -i isn't an option
<kshahnjd> 'use --help for help
<tck> i've never used it, but hey
<tck> its eliminated
<kshahnjd> actually in the help it still says its there
<tck> hey try this
<kshahnjd> k
<tck> sudo ifport eth0 auto
<kshahnjd> ifport command not found
<tck> ok nm
<Nafallo> ehrm
<tck> can you print netstat -r
<Nafallo> never heard of :-)
<tck> and ifconfig for us?
<Nafallo> whats ifport?
<tck>  ifport - select the transceiver type for a network interface
<tck> SYNOPSIS
<tck>        ifport interface [auto|10baseT|10base2|aui|100baseT|##] 
<tck>        The  network  drivers  may not reconfigure a card for a new transceiver
<tck>        type if the interface is already open
<kshahnjd> Kernel IP Routing Table destination 192.168.1.0 default Gateway * 192.168.1.1 Flags U UG MSS 0 0 Window ) 0 irtt 0 0 Iface eth 0 eth0
<Nafallo> tck: hmm. I use ethtool for that :-)
<kshahnjd> that is the netstat -r
<tck> can you paste that in http://paste.ubuntu-nl.org please?
<kshahnjd> the server is on another laptop, is there a way?
<kshahnjd> i mean, beyond piping it and reading it here and copying and pasting
<kshahnjd> the laptop i'm on is not the server, the server is next to me
<tck> well its a bit messed up, hard to see whats what 
<tck> ah ok
<tck> well yeah..
<kshahnjd> i wrote the columns side by side
<tck> can you try
<kshahnjd> sry
<tck> well it has taken your default gateway
<kshahnjd> yes
<kshahnjd> 192.168.1.1
<tck> there should usually be a default entry under Destination
<kshahnjd> what is the apache wwwroot by default install? I can pipe it to a new file there and copy and paste it over here
<tck> the web root?
<kshahnjd> yeah, Destination is 192.168.1.0 and below it it says 'default'
<kshahnjd> yes
<tck> /var/www/
<tck> heres mine for ex.
<tck> http://paste.ubuntu-nl.org/29866/
<kshahnjd> is link-local the local loop?
<tck> I guess so
<tck> judging by the subnet
<Nafallo> no. it isn't
<Nafallo> 127.0.0.1 is loopback.
<kshahnjd> this is the command I'm running to pipe it so I can paste it to you:  sudo netstat-r >> /var/www/netstat.txt
<Nafallo> link-local is the address things get when DHCP doesn't answer
<kshahnjd> and I'm getting 'permission denied'
<Nafallo> 169.254/16
<tck> i.e. like APIA
<tck> hence the subnet mask being in that range
<Nafallo> kshahnjd: sudo doesn't work with pipes.
<Nafallo> kshahnjd: sudo -i and then run the commands.
<Nafallo> APIA?
<Nafallo> 127.0.0.1 is /8 btw
<Nafallo> or rather 127.0.0.0/8
<tck> ok
<kshahnjd> here is the pastebin
<kshahnjd> http://paste.ubuntu-nl.org/29867/
<tck> or APIPA
<tck> thx
<Nafallo> tck: what does that mean?
<tck> automatic private addressing or something
<tck> cool kshahnjd cool 
<tck> looks ok
<Nafallo> tck: sounds like something you just came up with TBH ;-)
<tck> http://www.google.ie/search?hl=en&q=define%3AAPIPA&btnG=Google+Search&meta=
<tck> bite me :P
<Nafallo> other people just was link-local etc... :-)
<Nafallo> hehe
<tck> kshahnjd, somehow you've got to flush the current DHCP assigned ip addy
<kshahnjd> it loves the dhcp for some reason
<kshahnjd> day 1 of linux with me has been abject failure
<tck> can you do a pastebin of ifconfig -a for us too ?
<tck> its a brilliant learning curve ;)
<kshahnjd> hehe
<tck> you'll be an expert after a week
<kshahnjd> heres hopin
<tck> ifconfig -a results?
<kshahnjd> http://paste.ubuntu-nl.org/29868/
<tck> thx
<tck> try  sudo ifdown eth0 again can you?
<kshahnjd> interface eth0 not configured
<tck> grr
<kshahnjd> btw what did sudo -i do?
<kshahnjd> well, i can rtm
<tck> im trying stuff in my shell, just a min :)
<kshahnjd> oooh simulate initial login
<kshahnjd> k, thx
<tck> did you have dhcpd installed by any chance?
<kshahnjd> a dhcpd
<kshahnjd> ?
<kshahnjd> the daemon
<tck> yes
<kshahnjd> no, i don't know, unless it came standard
<tck> ok type
<tck> dhcpd in the shell
<tck> if you don't have it, it will prompt you to install it, you don't need to
<kshahnjd> the program 'dhcpd' is currently not installed
<tck> ok ok cool
<kshahnjd> do i need to edit /etc/resolv.conf ?
<kshahnjd> by any chance
<tck> i know sometimes, a dhcp -k eth0 would send a sighup to the dhcpd daemon
<tck> whats in there at the moment
<kshahnjd> nameserver 192.168.1.1
<kshahnjd> thats it
<tck> type in dnsdomainname 
<tck> ok
<kshahnjd> done
<kshahnjd> no response from the shell though
<tck> ok thats ok
<tck> but you are letting your gateway assign dns settings right (while were talkinga bout it)
<tck> i have my ISP settings in there
<tck> nameserver 192.111.39.1
<tck> nameserver 192.111.39.4
<tck>  for ex.
<kshahnjd> I have the router's ip there
<kshahnjd> home network
<kshahnjd> netgear router
<tck> i use a linksys, 
<tck> i found something on google
<tck> http://www.ubuntugeek.com/change-ubuntu-system-from-dhcp-to-a-static-ip-address.html
<tck> according to one of the follow up posts
<tck> maybe one of the network-managers are affecting it
<dorianj> hi all, I'm running a default 7.04 LAMP stack, but cannot get PHP to recognize php.ini files that are in the same directory of the script. Are there any settings that the default install sets that I should be aware of?
<kshahnjd> i'm going to read it over
<leonel> dorianj: there's no php.ini per  directory  it's a php.ini only   and it is etc/php5/apache2/php.ini
<r00tintheb0x> Hey guys, is there any way to switch a Fedora server to an Ubuntu server remotely?
<r00tintheb0x> Should I just SCP all the directories over and reinstall grub?
<r00tintheb0x> brb
<r00tintheb0x> so anyone have any ideas about my question?
<ScottK> There is a way to do it (I've read about doing it with Debian), but it's non-trivial.  Google should help you.  I don't have the link.  
<r00tintheb0x> Okay ScottK, i think it should pretty easy. If i "tar -cjvf root.tar.gz /", then do a "mv /var /var.old" "mv /home /home.old" etc etc etc... and reinstall grub, and ensure all the modules load correctly then that should be it correct?
<ScottK> I really don't know.  I'd experiment on a local machine first.
<leonel> r00tintheb0x:  pxeboot 
<leonel> r00tintheb0x: I've installed  CentOS 4 with pxeboot remotely 
<leonel> r00tintheb0x: I guess with ubuntu can be done   even I've never done a ubuntu install with pxe
<r00tintheb0x> sweet leonel thanks
<leonel> r00tintheb0x: http://myy.helia.fi/~karte/ubuntu_pxe.html  
<r00tintheb0x> Thanks, im checking out http://ubuntuforums.org/showthread.php?t=327597&highlight=PXE+Install also.
<r00tintheb0x> Man, its nice not to see all the n00b questions flying by @ 100Mph.
<khermans> how can i add sources from apt.sources.d/* to unattended-upgrades ?
<khermans> i am able to add everything else, like feisty-updates
<ph8> hey guys! I've just joined the team
<ph8> I want to submit a fix for https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.0/+bug/33940
<ubotu> Launchpad bug 33940 in mysql-dfsg-5.0 "mysql_setpermission broken" [Medium,Confirmed]  
<ph8> can anyone link me to info on the procedure?
<ph8> i have a patch file ready
<ph8> i couldn't find a more general wiki
<ph8> anyone got any links?
<ivoks> -exit
<ph8> anyone awake?
<ph8> i put in a patch for a bug earlier, i only joined the team yesterday - just wondering what i need to do now
<ivoks> hi
<ph8> hi :)
<ivoks> patch for what?
<ivoks> and where?
<ph8> https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.0/+bug/33940
<ubotu> Launchpad bug 33940 in mysql-dfsg-5.0 "mysql_setpermission broken" [Medium,Confirmed]  
<ivoks> you should include it in mysql package
<ph8> ok, does that mean i contact its maintainer? can i do it myself somehow?
<ivoks> and, if you don't have main upload privileges, ask for someone to mentor you
<ph8> ah i'll need to do that then :)
<ivoks> you can do it (and you should)  by your self
<ivoks> if you didn't work with deb packages, ask for mentor directly...
<ph8> i see
<ivoks> i don't have main upload privileges too, so i can't sponsor it
<ivoks> beh...
<ph8> do you happen to know if there's a main mentor-getting site? launchpad is quite hard to navigate
<ivoks> if you didn't work with deb packages, ask for sponsor directly...
<ivoks> not mentor, sponsor :)
<ph8> https://blueprints.launchpad.net/~ubuntu-kernel-server/+mentoring
<ph8> :o
<ivoks> https://launchpad.net/~ubuntu-server/+members - find a member who is part of core-dev team
<ScottK> ph8: This is probably a good place to ask, just not on a weekend.
<ph8> :)
<ph8> i work during the week
<ph8> haha
<ivoks> heh
<ph8> no time for fun in the office :)
<ivoks> i work always :/
<ph8> seems odd the bug i just fixed
<ph8> odd in the sense that it's been open so long
<ph8> argh, gotta dash
<ph8> back soon!
<ScottK> You might also ask (politely) if anyone in #ubuntu-motu has time to help you prepare a debdiff for the bug.
<ScottK> If you get one, you can then attach it so the bug and subscribe ubuntu-main-sponsors and it'll get looked at for upload.
<ScottK> ph8: ^^
<Xanith> I'm having a weird problem with certain characters such as ' showing up funny on my lamp server. Can someone look at this and maybe help me out?
<BFTD> are they like @#$%?
<BFTD> ot stuff that isn't on the keyboard?
<Xanith> yea like the ' shows up with a diamond and a ? inside of it
<Xanith> if you'd like i can pm you the IP to access the page and see it..
<Xanith> my router forwards port 80 to the server here at my house
<BFTD> hrm
<BFTD> um...might
#ubuntu-server 2008-07-07
<Orfeous> going to uninstall ubuntu-server and install debian again.
<Orfeous> this wasnt like i expected
<Orfeous> see you
<methods> when i run sudo i get no output and the command does not execute from what i can see
<AtomicSpark> the only difference between server and desktop installs (minus packages) is something about cpu timing? i forget.
<LTSPTNK> Anyone here with a glue in integrating Ubuntu (LTSP envinroment) into Active Directory domain?
<soren> methods: Is that a question?
<methods> soren:  when i run a command using sudo it gives me no output and doesn't run the command...
<soren> LTSPTNK: ogra is our LTSP dude.
<soren> ogra: ^^
<soren> methods: What command are you trying to run?
<methods> does this mean my sudoers file is messed p ?
<methods> sudo echo test
<soren> methods: And nothing at all happens?
<methods> nope just returns
<soren> Interesting. Did you edit your sudoers file?
<methods> idk maybe but i dont think i did
<methods> i have no root password either so i can't do anything
<soren> You can always boot into recovery mode.
<methods> it's remote
<soren> hmm..
<soren> Well, you can't read your sudoers file, but can you see if it's maybe been truncated?
<soren> (i.e. size is 0)
<methods> -r--r----- 1 root root 394 May 13 05:51 /etc/sudoers
<methods> well another thing is that it asks me for the password every time
<methods> normally it caches it right
<soren> 394 sounds a bit small.
<soren> Ah, so it does actually ask you for a password?
<soren> You said that it just returns..
<methods> yea i put in my password and it just returns
<soren> /var/run is mounted alright?
<methods> yes
<soren> I know it sounds lame, but have you tried rebooting it?
<methods> what would that do ?
<soren> I don't know. Since I don't know what you did to break it, it's sort of hard to come up with good ideas to fix it.
<soren> Especially, ideas that a non-privileged user can do anything about.
<soren> Oh... How would you reboot it?
<methods> web panel i presume
<methods> anyway thanks i'll just call htem tomrorow
<soren> np
<LTSPTNK> ï»¿(09:17:25) soren: LTSPTNK: ogra is our LTSP dude.
<LTSPTNK> (09:17:28) soren: ogra: ^^
<LTSPTNK> guys, Ogra told me to try to contact this channel, becouse the problem is more LDAP/AD related than LTSP :)
<soren> I know what you have to do to hook into an AD domain, but I haven't a clue how that interacts with LTSP.
<LTSPTNK> I have been trying different hook-ups, now I'm pretty satisfied with Likewise-winbind
<LTSPTNK> but I run to little problems, because the ppl who authenticate against AD doesnt belong to any system groups, any hints on that?
<soren> Add them?
<nxvl> soren: i'm looking for you since friday
<nxvl> soren: did you get my mail?
<soren> nxvl: I haven't gotten to it yet. I think. Which one is it?
<LTSPTNK> add them? U really mean I should add all the 500 users from our AD to Ubuntu LTSP server and every time we get new person to house or one leaves, follow behind and update /etc/group?
<soren> Easy now..
<soren> You told me precisely *nothing* about your setup.
<soren> I don't even know which system groups you're talking about?
<LTSPTNK> oki, I just got little upset :)
<nxvl> soren: about augeas
<nxvl> soren: and a wiki page
<LTSPTNK> I work for one anonymous school in Finlan, doing my civil service. We have like 300 workstations/laptops in the house, all windows XP. I have been developing LTSP envinroment to replace one computing class. Infact to not to replace it, just hook the LTSP server betweem the switch and outer network.
<soren> nxvl: Yes, I see it. I'll get to it in a minute, I think.
<LTSPTNK> I have been testing many ways to authenticate against AD domain, only problem is the groups. I have been thingking if it is possible to add (for example) fuse group to AD and make ppl part of it. Or different, to link "domain^users" to some groups somehow, and for example "domain^admins" to "admin"
<LTSPTNK> and by authenticating via Likewise, I'm able to see all the AD groups i belong in, by typing the "id" command :)
<soren> I'm not really sure what mechanisms likewise/winbind offers for that.
<soren> Truth be told, I haven't really used it. :/
<LTSPTNK> what kind of authentication U have used?
<soren> LDAP
<lances> Hi, I'm hoping you all can help me with a very strange problem that I've run into. If I add an IPv6 tunnel to /etc/network/interfaces, without even enabling radvd, it breaks connectivity to certain websites to some of my NATed IPv4 clients although the affected sites work just fine from the gateway machine themselves.
<LTSPTNK> does it work with 2003 / 2008 AD??
<lances> or if NATed through a different gateway.
<soren> LTSPTNK: Don't know. I really meant that I've never really used AD.
<lances> anyone have any ideas?
<LTSPTNK> awh, ok, i see
<LTSPTNK> as far as i know, AD is just modified LDAP and they are compatible to some point...
<LTSPTNK> in LDAP U can add ppl to be part of the system groups in server side?
<soren> I've never really needed to, I think.
<nxvl> soren: btw
<nxvl> soren: if you haven't read it in planet ubuntu still, augeas got it's second ack
<nxvl> soren: so we can start breaking it any time from now on
<soren> nxvl: Has it been uploaded?
<nxvl> soren: not still i think
<nxvl> soren: the 2nd acker was unsure about the first one (if it was still valid on not)
<nxvl> so i'm waiting for raphink to upload it
<nxvl> (the first acker)
<soren> Oh, ok.
<nxvl> soren: bot if you want to give it a 3th ack and upload i won't get mad
<nxvl> s/bot/but
<soren> :)
<soren> If it's got two ack's already, I don't think I will. I'm a rather slow reviewer :)
<nxvl> soren: btw, if you got impressed with the 1st copyright, check the actual one
<nxvl> soren: even i am impressed with it
<nxvl> soren: and i wrote it
<soren> :)
<nxvl> soren: thanks for your answer!
<nxvl> soren: if you got some time, would you like to write the libvirt lense?
<soren> np :)
<nxvl> soren: i think it will be really easy, since there is already an xml module
<soren> I'm not sure such a thing makes sens.
<soren> You are *really* not supposed to edit those files directly.
<nxvl> soren: yes, i wanted to discuss it with you
<soren> Ever.
<nxvl> soren: so better to remove it from the list?
<nxvl> soren: and not include libvirt support on augeas?
<soren> I would say so. Sorry, I missed the fact that it was on there.
<soren> I only really looked for stuff that might be missing and not so much stuff that was on there, but shouldn't be. :)
<nxvl> soren: but, you don't think it would be useful to have libvirt support (or some kind of kvm support) on ucsa (or however i call it later)
<soren> Sure, but as far as I understand augeas, it only deals with files directly, correct?
<nxvl> yep
<soren> Then it's not going to be suitable for working with libvirt.
<soren> That is not to say that UCSA couldn't, though.
<nxvl> oh ok
<nxvl> so, you are saying that there mustn't be config file support for kvm, but other kind of support for it?
<soren> When you're dealing with libvirt, you'r not just editing files. You need to do special things to extract the config file and special things to put it back and make it take effect.
<nxvl> but, editing files will be needed
<soren> That's the core of the issue. There are various ways to work around this. How you choose to do so is up to you :)
<soren> Well, yes, files will have to be edited.
<nxvl> so augeas will need to support it
<soren> Probably.
<soren> Somehow.
<nxvl> and make aditional work on ucsa
<nxvl> for the effects to be taken
<soren> Unless you can throw random files at augeas and make it read that (instead of having augeas go look for the files itself)
<nxvl> i don't know much of kvm or the virtualization software that we use
<nxvl> that's why i wanted to discuss this with you, so you can guide me on how to plan it
<nxvl> soren: i think we can
<soren> AIUI, if you want to work with grub in augeas, it finds the menu.lst by itself. You don't tell it "hey, I want you to parse /boot/grub/menu.lst using the grub lens". You just tell it that you want to change grub's config.
<soren> ...and it goes and find the file.
<nxvl> soren: you can specify "/path/*"
<soren> Ok.
<soren> Well... Yes, I suppose you can use that somehow.
<nxvl> soren: to the api you need to tell it which file you want to edit. I think
<nxvl> soren: for yum it uses *
<soren> So in UCSA, you'd: 1) Extract all configurations virtual machines and dump them in /var/tmp/ucsa/libvirt, 2) add a special lens (that know to look in /var/tmp/ucsa/libvirt) to libaugeas, 3) parse the stuff, 4) make changes, 5) define everything from what's now in /var/tmp/ucsa/libvirt
<nxvl>   let filter = (incl "/etc/yum.conf") . (incl "/etc/yum.repos.d/*")
 * nxvl moves libvirt to the bottom of the ToDo since it looks like a nightmare
<nxvl> :D
<nxvl> ok now i need to sleep
<nxvl> we can discuss more about this later, when we are almost reaching the lenses goal
<nxvl> i hope i reach it for intrepid
<nxvl> and have augeas (the standalone version of it) for intrepid+1
<nxvl> and discuss the desing of it in california (if get invited)
<nxvl> s/if/if i/g
<soren> Cool.
<nxvl> yeah, augeas has simplified my work a lot
<nxvl> soren: have a good day!
<nxvl> i'm gone
<soren> Good night!
<nxvl> i need to be at work on 4.5 hours
<nxvl> soren: please think about if you want to have kvm support on ucsa and send me some documents on how to do this (how the configuration work and such things) to plan it better
<nxvl> soren: thank you!
<spiekey> hi
<spiekey> is there a netinstall cd for hardy?
<kraut> moin
<ogra> soren, ltsp just uses ssh for everything, so the proper question would have been "how do i integrate ssh (including X forwarding) into AD"
<soren> Oh.
<soren> Ok, thanks.
<ogra> we try to keep away from user management as far as we can in ltsp :)
<ogra> its all ssh only using whatever is set up on the server for auth ...
<soren> Sounds reasonable enough. That's good to know.
<LTSPTNK> it is good to see that ppl really care about my problem here :) this school has a lot of potential to start using Linux allmost as prior system if all goes well :)
<thefish> hi folks, could anyone point me at a ubuntu-specific doc for apache ssl "the ubuntu way" - ie how to set up vhosts, ssl etc
<sommer> thefish: there's some information in the serverguide: https://help.ubuntu.com/8.04/serverguide/C/httpd.html
<thefish> thanks sommer
<sommer> np
<tolun> hi
<tolun>  is there anybody for helping me?
<tolun> ;)
<tolun> i have got a start up service problem...
<tolun> :(
<lukehasnoname_> I likely can't help, but when you get on a channel just ask a question and see for a response
<tolun> ok
<tolun> How can I run ssh service at start up?
<tolun> automatically...;)
<thefish> tolun, sudo update-rc.d ssh defaults
<thefish> tolun, it should be set to start automatically when you install it anyway, do you have the ssh server installed?
<tolun> yes...thanks a lot... I will try it now
<tolun> thefish, thank you... it has been worked...
<thefish> tolun, glad it helped :)
<tolun> thefish, if I want to remove this start up script what should I do?
<thefish> tolun, you can either remove the links in /etc/init.d (bad) or sudo update-rc.d ssl remove (best)
<thefish> tolun, man update-rc.d ;)
<tolun> wow :D ok...
<tolun> again really thank you...
<thefish> no worries
<tolun> guys... have a nice day... bye bye
<thefish> seeya tolun
<bicz> allo anyone use knokd?
<bAndie9100> hi all
<bAndie9100> help! i would make a network with dump clients
<bAndie9100> on those exist only /tmp /var and /dev
<bAndie9100> other directories will be mounted via NFS
<bAndie9100> how should i do that?
<bAndie9100> its enough, to be the same kernels on serever and clients both?
<zul> just a thought to throw out there do we want dovecot 1.1.1?
<sommer> zul: sure
<thefish> zul, its the best imap server ive played with - really easy and impressive
<thefish> not tested in very high load situations though
<folke> Anyone here with knowledge bout 8.04 and vmware esx ?
<folke> I am having trouble to compile vmware-tools on hardy with esx 3.02
<_ruben> folke: depending on your needs you might want to try using open-vm-tools instead of the commercial vmware tools
<folke> _ruben: Oh, is this in hardy repo?
<_ruben> no, it was, but has been pulled due to being alpha status, its maintained/developed by vmware though
<_ruben> http://open-vm-tools.sf.net
<folke> Ah, tnx, I will look in to that. You said "depending on your needs".. Is there som drawbacks?
<_ruben> the commercial vmware tools offer more functionality .. i dont have a complete list of differences in my head
<folke> I am thinking of using 8.04 in production enviroment.
<folke> Not so i/o hungry servers, at first..
<folke> from what I see in the faq, it says that non-experimental stuff is released.
<folke> But nithing about stability and performance.
<_ruben> not using esx in production here (due to its licensing method regarding 3rd party usage) .. so not sure how it'd perform there
<folke> _ruben: Have you heard anythoing pro / con with the open source tools.. Would be really nice if they worked nicely tho,..
<zul> soren: ping did you mention that you had an munin patch for me?
<_ruben> folke: i installed em on some test machines that hardly do anything .. and i lurk on the open-vm-tools mailing list, which doesnt mention all that much problems (most of em are compilation ones)
<soren> zul: Yes! Hang on.
<folke> _ruben: Perhaps I give it a try on an internal 8.04 jeos at first :)
<soren> zul: http://people.ubuntu.com/~soren/221-apt-ubuntu-changes.patch
<soren> zul: Sorry about the delay. I had an ssh key issue I needed worked out first (And I was too lazy to just do it from another machine).
<zul> soren: no problem im going to merge the new one today and want to update the patc
<zul> patch even
<soren> cool
<zul> jdstrand: have you seen this? http://www.imapwiki.org/ImapTest
<Dark_Shadow2> greetings, how do i bring up my network at the local.premount time inside a initram?
<soren> Why?
<Dark_Shadow2> one sec, longer explanation
<Dark_Shadow2> pxe boot, client is diskless, should get a "image" from nfs/whatever networksource with full rw support in ram, currently im editing the init script so that it makes the "real_root" inside a created ramdisk, therefor i need to get the image , but error message seems to be that the network isnt up yet
<tolun> hi everyone...
<Dark_Shadow2> the finished idea bout it is having a pxe with some "images" of the clients, the clients get a minimal sys to boot, and chroot inside their image
<Dark_Shadow2> hu tolun
<tolun> i need an information...about a package name for db and db-devel...
<tolun> what are the new names for that? or how can I install them?
<Dark_Shadow2> cant say, dont know, sry
<mathiaz> Dark_Shadow2: you should ask the ltsp guys about this setup - that's what ltsp is doing IIRC - ogra should be able to help you
<Dark_Shadow2> hmm i could allways try
<Dark_Shadow2> thought the clients should not get a "terminal" at all
<Dark_Shadow2> ill check that tomorrow, thx for the tip
<ogra> Dark_Shadow2, what we do is to chave a botstrapped chroot with X, login manager and some other bits, that is rolled into a squashfs ... the client mounts that as nbd device and sets up a unionfs from it ... if you take that, ad remove all packages you dont want you should essentially have a minimal system to mount nfs shares over the dirs
<sommer> tolun: you may be looking for libdb4.6 and libdb4.6-dev?
<tolun> maybe
<tolun> i really dont know... one of the product which is named as @mail it needs this db and dbdevel...
<ScottK> tolun: sommer is almost certainly pointing you in the right direction.
<tolun> himmm ok
<tolun> thank you sommer and ScottK
<lukehasnoname_> ScottK: You know that feeling, when long ago you said something or advocated something and no one listened, and now people realize what you were trying to say?
<ScottK> Yes.
<Dark_Shadow2> that should be an option, ill give it some reading and a try tomorrow, need to go now, thx though
<ogra> Dark_Shadow2, https://help.ubuntu.com/community/UbuntuLTSP/LTSPQuickInstall (you want the bottom part)
<tolun> How can I activate apache2's mod_deflate ?
<sommer> tolun: sudo a2enmod deflate then sudo /etc/init.d/apache2 force-reload
<uvirtbot> New bug: #246298 in bacula (universe) "package bacula-director-sqlite3 2.4.0-1ubuntu1 [modified: usr/sbin/bacula-dir usr/sbin/dbcheck] failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/246298
<jay2> don't worry if I don't have a question right now I just want listen and learn new stuff currently
<jay2> I hope no one minds
<ScottK> Not at all.
<jay2> ty
<pubo> Hi
<pubo> I'm setting up Apache + SSL, and I would like Apache to start/restart automaticaly without having to type the password
<jay2> ty you just gave me another idea lol
<infinity> pubo: Then don't have passworded private keys.
<infinity> pubo: If you can name one good reason to have a passphrase on your private key, I'll give you a cookie.
<pubo> infinity, then, I should create the key without a password?
<infinity> pubo: Yes.
<pubo> uhm, ok :)
<infinity> pubo: As long as it's readable (on-disk) only by root, you've lost no security here.
<pubo> I thought It was a security problem not tu set a password
<infinity> pubo: Think about the fact that root can read the key from memory once apache loads it anyway.
<pubo> oki doki... thank you
<infinity> (The only possible implication is physical security, but if you have people with physical access to your server, you have bigger problems than key management, IMO)
<pubo> infinity, no. I use an Internet private server :)
 * delcoyote hi
<zul> soren: btw I included your patch in the upload thanks
<shing`> What are some good cluster management options for ubuntu?
<LieZ^> andyway to turn on remote access for vnc from bash?
<uvirtbot> New bug: #246343 in dhcp3 (main) "dhclient.conf should request nis-domain etc. by default" [Undecided,New] https://launchpad.net/bugs/246343
<zul> uh no
<infinity> *shrug*
<infinity> Until there's a better mechanism for packages to list which dhcpoptions they want to request, it's better to ask for too many than too few.
<mathiaz> ScottK: what do you think about the libdb transition in intrepid ? I'm updating the ServerTeam roadmap and there is an item about libdb4 transition
<mathiaz> kirkland: what is the state of status action to init scripts ?
<LMJ> moin moin
<mathiaz> nealmcb: any new factoids that should be updated ?
<kirkland> mathiaz: the common library pieces are present in Intrepid's /lib/lsb/init-functions
<sommer> !serverguide
<ubottu> Sorry, I don't know anything about serverguide
<mathiaz> !inetd
<ubottu> Sorry, I don't know anything about inetd
<sommer> I vote for serverguide :)
<mathiaz> !openssl
<kirkland> mathiaz: we now need to add the 4-line block to the pertinent init scripts, and bump their depends up to >= a particular version of lsb
<ubottu> Sorry, I don't know anything about openssl
<mathiaz> kirkland: is this still something that is targeted for intrepid ?
<kirkland> mathiaz: i'd very much like to see it done for the server init scripts
<lukehasnoname_> !ubottu
<ubottu> Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://tinyurl.com/5zfb6t - Usage info: http://wiki.ubuntu.com/UbuntuBots
<kirkland> mathiaz: i was sort of hoping owh would run with it
<kirkland> mathiaz: or perhaps another community member
<BockBilbo> hello!
<BockBilbo> I'm trying to configure my ubuntu server for accepting ssh connections using dsa keys but it doesnt seem to work fine. I have added my public key to the server's authorized_keys file but when starting the connection, the server does not give any answer after sending the public key...
<BockBilbo> I've configured this many other times on different ubuntu servers, and can't find out whats happing this time on this server
<BockBilbo> I've also tried to configure a different server to check if I'm missing something, and the configuration works on the other server!
<BockBilbo> anyone here has experienced something similar?
<slicslak> you've done a diff on your ssh config files and another servers config files?
<BockBilbo> yeah
<BockBilbo> they are both the same
<slicslak> authoried_keys has the correct perms and is in the correct directory with correct perms?
<BockBilbo> its on .ssh
<BockBilbo> with 600
<BockBilbo> owned by the user
<LieZ^> now seriously really noob questoion, is my vnc server running, heres a pic
<LieZ^> http://img411.imageshack.us/img411/9115/vnccq4.png
<slicslak> orry BockBilbo that's all i can think of
<BockBilbo> hehe
<BockBilbo> me too
<BockBilbo> i have compared the debug on a connection that works
<BockBilbo> with the one that doesnt
<BockBilbo> and this is the main diff:
<BockBilbo> in both, after stablishing an initial connection with the ssh server, the client shows this message: debug2: we sent a publickey packet, wait for reply
<mathiaz> kirkland: you may wanna update the section about status action in init scripts on the ServerTeam Roadmap
<BockBilbo> when making a connection it should continue with: debug1: Server accepts key: pkalg ssh-dss blen 433
<mathiaz> kirkland: it seems that what's written there related to the hardy dev cycle.
<kirkland> mathiaz: yeah, no problem
<kirkland> mathiaz: i can do that
<nealmcb> mathiaz: last I recall we needed to work on the factoids related to virtualization
<nealmcb> !virtualization
<ubottu> There are several solutions for running other operating systems (or their programs) inside Ubuntu, while using the native CPU as much as possible: !QEmu (with !KQemu), !VirtualBox, !VMWare, as well as !WINE and !Cedega for Windows applications
<nealmcb> !kvm
<ubottu> Sorry, I don't know anything about kvm
<mathiaz> ^^ that should be fixed :)
<uvirtbot> mathiaz: Error: "^" is not a valid command.
<BockBilbo> debug1: Authentications that can continue: publickey,password
<BockBilbo> debug2: we did not send a packet, disable method
<BockBilbo> but when the non working server i get: debug1: Authentications that can continue: publickey,password // debug2: we did not send a packet, disable method
<BockBilbo> sorry for the flood...
<nealmcb> ubottu: kvm is the preferred virtualization approach in Ubuntu.  For more information see https://help.ubuntu.com/community/KVM
<mathiaz> !paste | BockBilbo
<ubottu> BockBilbo: pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<nealmcb> ubottu: virtualization is <reply> There are several solutions for running other operating systems (or their programs) inside Ubuntu, while using the native CPU as much as possible: !kvm is the preferred approach in Ubuntu.  See also !QEmu (with !KQemu), !VirtualBox, !VMWare, as well as !WINE and !Cedega for Windows applications
<BockBilbo> mathiaz, ok
<nealmcb> soren - any comments on those proposals?
<ScottK> mathiaz: We should still try to get rid of anything older the 4.6.
<ScottK> kirkland: There is a thread going on now in debian-devel about LSB and status was discussed as a good thing.  This might be an opportune time to send the lsb/init-functions patch to Debian.
<ScottK> You might discuss it with slangesek.
<nealmcb> BockBilbo: I recall some serious recent concerns over dsa usage with ssh given its vulnerability to random number generator problems
<ScottK> There has also been a big upswing in SSH cracking attempts.
<nealmcb> BockBilbo: see e.g. http://wiki.debian.org/SSLkeys
<BockBilbo> http://paste.ubuntu.com/25754/
<BockBilbo> i have written down the steps I've taken and the verbose output of a connection
<BockBilbo> nealmcb im going to take a look at it now
<BockBilbo> but it still is strange the fact that the method I'm trying to follow worked with an ssh server on  ubuntu desktop installation and not on the server
<BockBilbo> nealmcb, I already knew about that issued, I have perhaps reinstalled the whole openssh-server package, purging the previous installation, so all the config file should be new...
<nealmcb> BockBilbo: yeah - I don't know if it is related, and I haven't heard of plans to withdraw support.  but I for one won't be using dsa for that reason and for the covert channel issue.  I'm curious - why do you want to use dsa?
<BockBilbo> i was just trying it
<BockBilbo> i tried rsa too
<BockBilbo> and didnt work
<kirkland> ScottK: I've sent to Debian already
<kirkland> ScottK: see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483285
<uvirtbot> Debian bug 483285 in lsb-base "lsb-base: lsb status_of_proc() function" [Wishlist,Open]
<ScottK> OK.  You might ask slangesek for suggestions about how to push it.
<kirkland> ScottK: maintainer says "I'm holding off on integrating these patches until I
<kirkland> get 3.2-12 into testing; adding functionality would break the spirit of the freeze, but I'll plan on getting status_of_proc() into unstable soon after that migration happens (hopefully soon)"
<ScottK> That's not so bad.  It may miss Lenny though.
<soren> nealmcb: Looks fine
<nealmcb> soren: pretty simple...  I proposed these a few weeks ago, but people probably missed them.  I'll follow up  in u-ops
<nealmcb> there may be more that could use help there also
<nealmcb> (related to virtualization)
<LieZ^> how do i tell what virtual display vnc is running on please?
<nealmcb> !virtualization
<ubottu> There are several solutions for running other operating systems (or their programs) inside Ubuntu, while using the native CPU as much as possible: !kvm is the preferred approach in Ubuntu.  See also !QEmu (with !KQemu), !VirtualBox, !VMWare, as well as !WINE and !Cedega for Windows applications
<nealmcb> !kvm
<ubottu> kvm is the preferred virtualization approach in Ubuntu. For more information see https://help.ubuntu.com/community/KVM
<nealmcb> :)
<BockBilbo> im afraid i havent been able to fix the problem
<BockBilbo> thanks anyway
<BockBilbo> :)
<specialKevin> anybody heard about issues installing 8.04.1 as a xen guest
<specialKevin> when I try to install it just suspends the guest and then when I bring it back goes back to the begining of the installer
<Deeps> 8.04 doesn't work in xen, dunno if that got resolved for .1
<ScottK> lamont: Please see ubuntu-server ML.  You have mail (re why is Postfix shipped in chroot and BIND not).
<specialKevin> Deeps: do you know what the issue with 8.04 and Xen is or a bug report I can follow
<Deeps> search the bug tracker for xen, it's a kernel issue and there's some patch that can be applied which resolves some issues i believe
<lamont> ScottK: because BIND had an installed base when I got it, that's why
<ScottK> lamont: I think it'd be useful if you'd respond on the list...
<lamont> yeah
<lamont> will do so in a little bit
<ScottK> OK.
 * lamont needs to finish out his work day
<ScottK> Would BIND defaults in chroot be a good release goal for Lenny +1/Intrepid +1?
<RoAkSoAx> ScottK: +1
 * ScottK isn't the one that needs convincing.
<RoAkSoAx> lol
<RoAkSoAx> so who is needed to be convinced?
<ScottK> ^^^ lamont is the maintainer for BIND in Debian and Ubuntu, but give him a chance to finish work first before you bug him too much.
<uvirtbot> ScottK: Error: "^^" is not a valid command.
<ScottK>  ^^^ lamont is the maintainer for BIND in Debian and Ubuntu, but give him a chance to finish work first before you bug him too much.
<RoAkSoAx> i see
<nxvl_work> ScottK: my next proposal (on CA i hope) will be chroot services out-of-the-box
<RoAkSoAx> that would be better xD
<RoAkSoAx> but bind should have been chrooted by default long time ago xD
<lamont> ScottK: certainly for new installs, yes
<lamont> RoAkSoAx: the one point where it almost was, I broke a fair chunk of the installed base, it never made it out of unstable
<lamont> actually, that wasn't chrooting - that was just running as non-root
<lamont> which it now does just on fresh installs, not upgrades
<nxvl_work> lamont: what about a bind-chroot meta package containing only the configuration of a bind chrooted?
<lamont> either requires an API exported from the bind package, or be delivered from bind9 source, else iz config violation
<ScottK> nxvl_work: I think doing it on new installs is reasonable.
<nxvl_work> ScottK: yep, that's why i suggest a new package instead of changing the new one
<nxvl_work> but lamont is right, it is config violation
<RoAkSoAx> yeah would be better to have new pkg with chroot config as nxvl_work said
 * nxvl_work will figure out how to do it wihout breaking debian policy rules
<nxvl_work> nick nxvl
<lamont> given that 99% of the user community has their own FHS-hating ideas on where files live, I want to give them a few minutes to get over the pain we caused with apparmor before we do more to them
<lamont> nxvl_work: it is a violation of policy for a package to modify a config file of another package.
<lamont> it's pretty simple... either you get the other package to export an API, or you don't do it.
<nxvl_work> lamont: yes, i know, that's why i will figure out how to have a different package (let's say bind-chroot) without breaking any rules
<lamont> nxvl_work: choose (A) or (B).  it's actually really simple.
<RoAkSoAx> what about having an script to chroot bind ?
<nxvl_work> :D
<nxvl_work> lamont: or you do duplicate binary with different config file
<nxvl_work> mm
<nxvl_work> debconf option, could be, but i'm sure it will break actual configurations at some point
<RoAkSoAx> yeah might be
<nxvl_work> lamont: you are a canonical sysadmin, aren't you?
<lamont> nxvl_work: when I'm at work, yes
<lamont> by night, I'm core-dev
<lamont> and only slightly split-personality :-)
<ScottK> Not to mention Debian Developer.
<nxvl_work> :D
<nxvl_work> heh
<RoAkSoAx> por lol
<cameronh> Is there any way to get libapache2-mod-mono and libapache2-mod-php5 to run together? both appear to be built against a different apache worker.
<infinity> cameronh: Looks like mod_mono either needs to be rebuilt or (more likely) just needs its dependencies loosened a bit.
<infinity> cameronh: The fact that no one has complained about this in either Ubuntu or Debian (and, in fact, there are no open bugs against it at all) is a pretty big warning sign to me that the thing doesn't much get used or tested, though.
<cameronh> infinity: seems the problem is that PHP isn't thread-safe but mod-mono is compiled for a threadsafe apache. I don't know much about the apache build process though... does building it against a threaded MPM mean it can't be used in a thread-free MPM?
<cameronh> infinity: googling around seems to suggest you should set PHP up with FastCGI and rather than an apache module unfortunately
<infinity> cameronh: No, pretty much all modules are build against the threaded headers, except for a few like PHP.
<infinity> cameronh: Using FastCGI is certainly an option.  The CGI binary in php5-cgi has FastCGI support.
<cameronh> infinity: there are a few bug reports but with very little progress on them, for example https://bugs.launchpad.net/ubuntu/+source/mod-mono/+bug/227781
<uvirtbot> Launchpad bug 227781 in mod-mono "libapache2-mod-mono and libapache2-mod-php are mutually exclusive" [Undecided,New]
<infinity> cameronh: Either way, the mod_mono packaging is pretty clearly wrong.
<infinity> cameronh: Ugh, yeah, the Debian maintainer appears to not understand the apache2 headers.
<cameronh> infinity: hmm :/
<infinity>   * Replaced build-dependency apache2-dev || apache2-threaded-dev with only
<infinity>     apache2-threaded-dev.
<infinity>   * Replaced apache2 binary dependency with apache2-mpm-worker, as the built
<infinity>     module for threaded apache will not work with prefork apache.
<infinity> That's a blatant lie.  apache2-dev *is* apache2-threaded-dev, so nothing changed when he made that change. :/
<cameronh> infinity: yeah the situation looked a little weird when i was trying to decipher it .. given that i don't know much about the innards of the apt/dpkg package manager
<infinity> I'll comment on the Ubuntu bug for now...
<infinity> Could certainly get it fixed in Intrepid... Getting an SRU accepted for Hardy might be a different story.
<cameronh> yeah... i've got an intrepid dev server anyway so i could use that personally .. my stuff is going into prod on a windows box anyway
<cameronh> infinity: do you think that perhaps mod-mono itself had some sort of bug that made it incompatible with prefork? it still wouldn't explain the apache2-dev apache2-threaded-dev change, but maybe there is some truth in the second statement
<infinity> cameronh: I really doubt it.
<infinity> cameronh: I've never built any module against the threaded MPMs that wouldn't run with the non-threaded ones.
<infinity> cameronh: If this was possible at all, it would be a bug in Apache, IMO, and we'd have a mess of reports about it from users of more popular threaded modules (like subversion, mod_perl, mod_python...)
<cameronh> infinity: ah. Well in that case, certainly seems like the apache maintainer is getting confused
<infinity> s/apache/mod-mono/
<cameronh> yes, rather :P
#ubuntu-server 2008-07-08
<nxvl_work> kees: ping
<kees> nxvl: hola!
<helfire> With multipule users on 1 server, homes in /var/www/user, how do you get set the permssions correctly? for php to work everything has to be www-data:www-data
<sommer> helfire: you can place the www-data user into the user's group, then allow read and execute rights to the appropriate directories
<sommer> helfire: there's also posix acls, that can give you much more permissions flexibility
<hads> Or fastcgi etc.
<helfire> sommer: if 2 users are part of the same group wont they be able to view the contents of /var/www/user1/*
<sommer> yes
<hads> Although if they are all www-data then www-data has access to all of the contents anyway.
<sommer> helfire: for your situation posix acls may work best... you can give just the www-data user the appropriate permissions
<helfire> but for securty reasons i dont want 2 users to be able to view eachothers directories, but to serve the pages they both have to be part of *:www-data
<helfire> are there any guides that step through setting up apache/etc with multiple users and acls?
<sommer> helfire: acls are sperate from apache, apache will follow the filesystem permissions... here's a rather long aritcle: http://www.suse.de/~agruen/acl/linux-acls/online/
<sommer> helfire: basically install the acl package, then get some experience with getfacl and setfacl, once you're used to them it's not that bad
<sommer> there's probably other more consice guides out there as well
<helfire> Ya, lots of guilds show you how to setup ISPconfig/apache/etc but then when multiple users come in they dont say anything about it
<helfire> Might as well ask while i'm here, Is ISPConfig the best option in managing multiple users websites? Long time ago i just wrote a perl script to do it all for me but that was years ago hehe
<sommer> not sure what you're looking for, basically posix acls allow the same permissions as normal, but to multiple users and groups... if in some level of acl a user doens't have permission they get denied access
 * sommer has never used ISPConfig
<helfire> oh no i'm just saying for managing multiple users, setting up limits, doing all the manual work for ya
<sommer> ah, I'd say try it out and if it's horrible you can always migrate to something else... or do things manually :-)
<SpaceBass> hey folks
<SpaceBass> I'm having a problem with setting up 8.04 server as an ldap client
<SpaceBass> I rebuilt my OpenDirectory server and all my other clients are working, but getent passwd does not show any OD users
<SpaceBass> I've tried dpgk-reconfigure and it does nothing
<SpaceBass> actually does nothing, just returns a bash prompt
<sommer> SpaceBass: did you try sudo dpkg-reconfigure ldap-auth-config ?
<SpaceBass> yeah
<SpaceBass> sorry - always leave the sudo off when in IRC
<sommer> how about sudo dpkg-reconfigure ldap-auth-client
<SpaceBass> i just removed/reinstalled ldap-auth-config and its ran the setup again ... but I still am not seeing network users with getent passwd
<sommer> SpaceBass: try double checking the /etc/ldap.conf file
<SpaceBass> sommer, yeah, it looks fine
<sommer> can you search with ldapsearch -x ?
<SpaceBass> oddly if I remove it and re-run dpgk-reconfigure it does not create a new one ... making me think maybe its not using that file
<sommer> it does
<SpaceBass> hummm
<SpaceBass> not sure why it wouldn't get re-created then
<SpaceBass> and of couse sudo dpkg-reconfigure ldap-auth-config
<sommer> it's probably only created during the package postinst, and dpkg-reconfiugre doesn't execute the exact same command... (that's a guess)
<SpaceBass> is failing again
<SpaceBass> ah
<SpaceBass> well, something's broken
<SpaceBass> the problem is that I need some kind of logs or verbose output
<sommer> SpaceBass: stop slapd then start it in a console window with: sudo slapd -u openldap -g openldap -f /etc/ldap/slapd.conf -d -1
<sommer> then do a getent and look for errors in the output
<SpaceBass> slapd is the server, not the client rght?
<sommer> correct
<SpaceBass> I'm not running slapd on this box
<sommer> are you sure your network connectivity is working then?
<SpaceBass> yeah
<SpaceBass> ssh is working, ping, all other clients, etc
<sommer> may want to double check with a quick nmap scan... should see ldap in the list
<sommer> other than that I'd try upping the logging on the server
<SpaceBass> checking
<SpaceBass> nmap shows that its open ... but getent passwd doesnt even cause a log entry n the server - like its not trying
<sommer> if the slapd logging isn't at a higher level it may not register an event
<SpaceBass> leme check
<owh> Can I insert a stupid question into this - not knowing anything about ldap? How have you told the client where the ldap server is?
<owh> I mean if getent passwd doesn't create an event, what is it trying to talk to instead?
<sommer> owh: the dpkg-reconfigure ldap-auth-client configures /etc/ldap.conf which holds that information
<SpaceBass> it reads /etc/ldap.conf
<sommer> owh: /etc/passwd
<sommer> SpaceBass: that is a good idea you might double check the connection setting in that file
<owh> So, if ldap.conf holds that information, is it what you expect it to be?
<SpaceBass> the ldap client libraries query the ldap server for the data
<owh> Sure, but my question is more about telling the clients who to ask for the answer.
<SpaceBass> thats from ldap.con
<SpaceBass> there's a line that reads: host 10.1.1.15
<SpaceBass> 10.1.1.15 is the ldap server
<owh> So, you can presumably ping the ldap serve?
<owh> s/serve/server/
<owh> (From the client)
<SpaceBass> yeah
<owh> How did the 10.1.1.15 end up in the ldap.conf file?
<SpaceBass> when you install ldap-auth-client (or reconfigure it) it writes to that file
<owh> With dpkg-reconfigure?
<owh> Does it require a port number?
<SpaceBass> not if you use the default - but I did try that to doble check
<owh> As I said, I'm not familiar with ldap, just the principles of trouble shooting :)
<sommer> SpaceBass: do you have ldapi:///hostname or ldap://hostname ?
<owh> Can you improve the verbosity of the client?
<SpaceBass> owh, wish I knew how
<owh> Ah a URI, rather than a host.
<SpaceBass> sommer, I've tried just the IP, ldap://host and ldapi://...
 * owh has a gander through the RTFM.
<sommer> SpaceBass: hmmm that should work, but you might also try Host ip_address instead of ldap://
<owh> SpaceBass: You know about this: https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html
<SpaceBass> yeah, thats for setting up a server
<SpaceBass> this is a client
<sommer> owh: doesn't cover client configuration... yet :)
<owh> :(
<owh> Crap
<owh> Don't make me install it :)
<owh> Ok, for a moment assume you did everything right - unlikely, but let's start somewhere.
<owh> How is what you're expecting not working?
<owh> Remember, once you get to the point of pulling out your hair, most likely the problem isn't what you think it is.
<owh> So, I'm just testing your assumptions at the moment.
<SpaceBass> I'm sure its one of those glaring things - like a typo
<SpaceBass> so I'm gonna put it down for the night
<SpaceBass> I appreciate the help - good troublshooting steps
<owh> Right, so work with me for a mo, give me 10 minutes :)
<owh> Then I'll let you slink off to bed :)
<SpaceBass> k
<owh> So, what are you doing that isn't working?
<owh> What command is failing?
<owh> Also, FYI, the man page for ldap.conf says that the URI is: URI <ldap[s]://[name[:port]] ...>
<sommer> SpaceBass: you might also try: sudo auth-client-config -a -p lac_ldap
<SpaceBass> well, its just not producing the expected output
<sommer> SpaceBass: that will configure pam for ldap
<owh> And the man page goes on to say: HOST <name[:port] ...>
<owh> So, the IP address is with a HOST command, but a URI is with a URI command. What does your ldap.conf show?
<SpaceBass> so it implies that the port is required
<SpaceBass> leme look
<owh> No, that's optional.
<owh> SpaceBass: man ldap.conf should give you this: ldap.conf(5): ldap config file - Linux man page <http://linux.die.net/man/5/ldap.conf>
<SpaceBass> sommer, not sure -a -p lac_ldap where the right switches - its reconfiguring every package on the system
<sommer> SpaceBass: not sure what you mean by "every package on the system"... every time I've used it, it only configures the pam modules
<SpaceBass> sommer, i mean cups, font server, keyboard layout...name it
<sommer> ah see what you mean... ya anything that uses pam, isn't that what you wanted?
<sommer> to reverse it use sudo -a -r -p lac_ldap
<sommer> err sudo auth-client-config -a -r -p lac_ldap
<SpaceBass> too late now :)
<owh> SpaceBass: Have you pasted your ldap.conf anywhere?
<SpaceBass> owh, not yet
<SpaceBass> will once this finishes
<sommer> not if you didn't want to do that... the auth-client-config is very safe and comments the original entries in the pam files
<owh> SpaceBass: Open up a new terminal :)
 * owh blames sommer for eating my 10 minutes :)
<SpaceBass> lol
<SpaceBass> blame my brain - its slowing down
 * sommer they tasted good :-)
<SpaceBass> I'm relatively old hat at this...been setting up boxes using ldap for years, but it usually "just works"
<sommer> are you on hardy?
<SpaceBass> 8.04
<SpaceBass> yeah
<sommer> hmmm, it's always worked for me, not sure what you're missing
<owh> SpaceBass: That's why I've been attempting to test your assumptions :)
<SpaceBass> sommer, me too ...
<SpaceBass> owh, :)
<owh> SpaceBass: Does it work anywhere else?
<owh> Can you diff the config file?
<SpaceBass> owh, all the other clients are OSX - and they do ldap a little differently
<owh> :)
<SpaceBass> I do have one other linux box that is working, but its 6.10lts
<owh> Well, check the .conf file first.
<owh> s/the/its/
<SpaceBass> even tried copying that file over
<owh> Well, version differences aside, that might rule out that as a source of the issue.
<owh> What happens if the 6.10 machine connects to the server? Do you see anything in the logs?
<SpaceBass> yeah
<owh> Machines on the same network?
<SpaceBass> yeah
<SpaceBass> same subnet even
<SpaceBass> same switch
<owh> If you watch with wireshark, do you see anything?
<SpaceBass> thats a great idea - but one for tomorrow :D)
<owh> Sleep well :)
<SpaceBass> thanks guys - again, I really appericate the help
<owh> Anytime.
 * owh just poked a stick at the problem :)
<bingoer> hi all
<bingoer> I'm in a bit of trouble
<bingoer> I am trying to upgrade my server from 7.10 to 7.04, and linux-image has broken
<bingoer> it shows that linux-image-2.6.22-15-server is installed, but its not installed in /boot. So when I try to remove it or purge it, it fails because there is no System.map or initrd in /boot
<bingoer> What do I do ?
<nealmcb> well, 7.04 is earlier than 7.10
<nealmcb> sigh
<kraut> moin
<uvirtbot> New bug: #232550 in gvfs (main) ""Connect to Server..." does not mount Windows Share (dup-of: 209520)" [Undecided,Invalid] https://launchpad.net/bugs/232550
<fly__> ?
<uvirtbot> New bug: #246322 in nis (main) "nis package must provide DHCP client scripts" [Wishlist,Confirmed] https://launchpad.net/bugs/246322
<uvirtbot> New bug: #246558 in openssh (main) "ssh's init script should generate host keys if they're missing" [Undecided,New] https://launchpad.net/bugs/246558
<nxvl> good morning everyone!
<emgent> hi nxvl
<nxvl> emgent: what's the difference between your branch and master's one on cve-tracker?
<emgent> master is ubuntu-security official branch
<nxvl> emgent: well, that obvious, but i mean in content
<uvirtbot> New bug: #246578 in samba (main) "using "net ads join" with -S breaks if given the long domain name " [Undecided,New] https://launchpad.net/bugs/246578
<zul> mathiaz: any thought of dovecot 1.1.1 for intrepid?
<mathiaz> sommer: were there any plans to split out the server guide into its own bzr branch ?
<mathiaz> zul: may be - I'd look at debian also
<sommer> mathiaz: heh, I was just looking at the doc.u.c, and noticed that it hasn't been updated :)
<sommer> mathiaz: I don't think there was anything concrete as far as a different branch
<sommer> mathiaz: do you think it needs to be?
<mathiaz> sommer: it needs to be split out in its own branch
<mathiaz> sommer: one of my todo item is to add a paragraph to the Server Team KnowledgeBase about helping out with the server guide
<sommer> mathiaz: I'm not opposed, but there'll need to be some strong arguments to overcome the arguments against
<mathiaz> sommer: and if it starts with - bzr branch ubuntu-doc - wait for a 400 Meg download - we've lost most of the contributors...
<sommer> mathiaz: it's actually miles better for intrepid... the history was dumped and the layout was rearanged
<mathiaz> sommer: I'd have to go back and read the threads, but the main arguments IIRC were related to packaging stuff
<sommer> mathiaz: it only takes about 5min
<mathiaz> sommer: mhh... I'll have to look into that then - I was reading the documentation team page about using bzr
<mathiaz> sommer: and it didn't look very promising
<sommer> mathiaz: as in not enough info?  I think it's enough to get people started, but I agree it could be better
<mathiaz> sommer: well - it's much info IMO
<mathiaz> sommer: I wrote a blog post last week about dkim testing and there was an item about updating the server guide
<mathiaz> sommer: so I wanted to add some intructions on how to do it
<mathiaz> sommer: I would have liked to write some like: bzr branch lp:~ubuntu-doc/ubuntu-server-guide; edit-the-mail-section; bzr push lp:~your-lp-id/ubuntu-server-guide; submit for review to the doc team
<mathiaz> sommer: reading through the documentation page, it seemed more complex than that
<sommer> mathiaz: ya, as of now it's bzr branch, edit, submit patch to the list
<mathiaz> sommer: and this morning there was an email on ubuntu-doc about a technical review - it should have been a patch instead
<mathiaz> sommer: right - unfortunately, reading the documentation page, it seemed more complicated than bzr branch, edit, submit a patch
<sommer> ya, the doc team really doesn't use the full capabilities of bzr... especially the distrubted vcs
<mathiaz> sommer: I would be fine with the process above
<mathiaz> sommer: exactly - I'll add a paragraph on working on the server guide
<sommer> mathiaz: I'm not opposed with the process either, additionally seperating the packaging would allow the serverteam control of SRUs
<mathiaz> sommer: I'll do more experimentation on how it takes to branch the ubuntu-doc tree
<mathiaz> sommer: right - IMO packaging bits should not be the reason for keeping all the docs in one branch
<mathiaz> sommer: conceptually I don't see why someone working on the server guide would need a copy of the Ubuntu migrating from windows guide
<sommer> mathiaz: an advantage of not branching is interaction with more than one team in the Ubuntu community... or at least letting the doc team have rights to the branch, I think would good
<mathiaz> sommer: basically you'd need to separate the packaging bits and the documentation, ie go to the standard upstream/maintainer system
<mathiaz> sommer: sure - I don't have a problem with that
<mathiaz> sommer: but I really like to say to new contributors - wanna fix a typo in the server guide ? -> bzr branch lp:~ubuntu-doc/server-guide
<mathiaz> sommer: the server-guide branch would still be part of the ubuntu-doc team
<sommer> sure, and I really like the potential to do an SRU on the serverguide even if others consider it too much work :-)
<sommer> mathiaz: I'll start playing around with the bzr branching too, then we can come up with a game plan
<sommer> mathiaz: also on the agenda for intrepid is pdf version of the serverguide, which shouldn't be a big deal, but could be easier if there is another branch
<mathiaz> sommer: that could be another option
<bAndie9100> hi all
<kraut> is it possible to see java-threads of a jvm with ps?
<bAndie9100> i would make a special network, can u help me?
<_ruben> installing jeos under hyper-v .. *shiver*
<mathiaz> sommer: hm - it took 8 minutes to branch the intrepid doc repository
<sommer> mathiaz: heh, still far better than the hardy docs
<sommer> mathiaz: but that is pretty long if you're focussing on just the serverguide
<mathiaz> sommer: glancing through the rules and control file, it seems that the serverguide has its own instructions
<mathiaz> sommer: so it could really be split from other parts
<sommer> mathiaz: cool, I'm all for it... I think the benefits outweigh any negatives
<mathiaz> sommer: from a packaging POV it would mean creating a new source package for it
<mathiaz> sommer: however we may need to keep track of the styles
<_ruben> heh .. no network support for hyper-v during jeos install .. how surprising :p
<zul> mathiaz: has that iproute SRU bug been uploaded yet?
<mathiaz> zul: yes - It's in -proposed
<mathiaz> zul: well - in the queue
<zul> cool
<mathiaz> zul: but not accepted AFAICT
<zul> yeah there is a samba sru and nut sru that hasnt been accepted yet either
<nealmcb> server team meeting in 4 minutes in #ubuntu-meeting
<nealmcb> https://wiki.ubuntu.com/ServerTeam/Meeting
<HellMind> guys, the install looks for fs-secondary-modules .ude , buts the file is .udeb
<HellMind> why is that?
<HellMind> 8.04 amd64
<HellMind> the amd64 iso is wrong, the long filenames in it are wrong
<lukehasnoname> many server guys are in the meeting right now, they'll be back shortly after 11am EST
<HellMind> how many hours ?
<HellMind> 7 hours :S
<lukehasnoname> 20-30 mins
<HellMind> anyone is using ispconfig or vhcs or similar?
<ivoks> i use ispconfig
<ivoks> udebs are 'debs' for debian installer
<HellMind> nice I will install ispconfig
<HellMind> I'm saying that the iso amd64 is broken, the filenames are wrong
<HellMind> the names are chunked
<HellMind> fs-secondary*  nic-restricted*
<LaserJock> mathiaz: I need to head out in a bit, got a minute for the serverguide translation bit?
<mathiaz> LaserJock: sure
<mathiaz> LaserJock: I was wondering if we need to have the .po files in the bzr branch
<LaserJock> no
<LaserJock> you need a .pot
<LaserJock> that'll then end up on Rosetta where it gets translated
<LaserJock> then when you go to do a release you download the .po tarball from Rosetta
<mathiaz> LaserJock: right - the .pot file is generated at some point when building the src pkg
<LaserJock> mathiaz: actually, the .pot is kept in bzr
<LaserJock> and is refreshed once in a while
<mathiaz> LaserJock: right - and for the server guide, there is also the .po files
<LaserJock> ok, so once you download the .po files
<LaserJock> you convert them back into docbook XML
<LaserJock> so you don't need the .po files in bzr
<LaserJock> just the .pot and the translated docbook
<mathiaz> LaserJock: so now I'm stuck on convert back to docbook
<mathiaz> LaserJock: this is where the fr/, de/, etc... directory are created ?
<LaserJock> yep
<LaserJock> so before translation you should have just a C/ directory
<mathiaz> LaserJock: are these on the website ?
<LaserJock> website?
<mathiaz> LaserJock: https://help.ubuntu.com/8.04/add-applications/ only show c/
<LaserJock> oh right yeah
<LaserJock> we don't put translations on help.ubuntu.com
<LaserJock> we recommend that translations be put on LoCo websites
<mathiaz> LaserJock: ok - only in the binary debs
<LaserJock> yep
<mathiaz> LaserJock: and once you have the docbook xml for translated packages, you have to rebuild the html files ?
<mathiaz> LaserJock: or you just ship the docbook xml ?
<LaserJock> ah, that depends
<LaserJock> for Ubuntu/Edubuntu at least we just ship xml
<LaserJock> I imagine you guys will want html at least
<mathiaz> LaserJock: that's because yelp is able to read docbook
<LaserJock> or maybe info
<LaserJock> mathiaz: yes, exactly
<LaserJock> I'm not sure what KDE does these days, it used to do just HTML I think
<mathiaz> LaserJock: ok - to go back on the .pot file process, you need to upload it manually ?
<mathiaz> LaserJock: or LP figures out automatically when there is a .pot file in the src deb ?
<LaserJock> yeah
<LaserJock> there might be some work with the Rosetta admins
<mathiaz> LaserJock: yeah - to which question ?
<LaserJock> since it's not a normal package
<LaserJock> sorry ;-)
<LaserJock> it extracts them from source packages
<LaserJock> so you generate the .pot and put that in your source package
<mathiaz> LaserJock: ok - thanks for the input - I think I better understand the whole workflow now.
<mathiaz> LaserJock: then you upload the src pck to LP and it will show up in rosetta automatically
<LaserJock> pretty much
<LaserJock> the first time it might take some pushing :-)
<LaserJock> but once the LP admins approve the .pot the first time it's automatic
<mathiaz> LaserJock: ok - gotcha - thanks !
<LaserJock> but actually right now it's already in Rosetta
<nxvl> btw i forgot to mention on the meeting
<LaserJock> mathiaz: https://translations.edge.launchpad.net/ubuntu/hardy/+source/ubuntu-docs/+pots/serverguide
<nxvl> ScottK (or persia) suggested me to backport augeas to hardy for testing and playing
<nxvl> did you think is a good idea?
<LaserJock> mathiaz: I gotta run now, but if sommer needs help with scripts, etc. for translations have him email me
<LaserJock> mathiaz: I had to figure all this stuff out for edubuntu-docs and have scripts for generating .pots and coverting .po to docbook
<mathiaz> nxvl: that may be helpful in the begining of the release cycle
<mathiaz> nxvl: to get people started in the next few weeks
<mathiaz> nxvl: but after feature freeze, we definetly want to focus on intrepid
<nxvl> mathiaz: so, you suggest to try to backport it inmediately after it reachs the archive?
<mathiaz> nxvl: yes - I'd put it in a ppa
<nxvl> heh
<mathiaz> nxvl: and point people to the ppa
<nxvl> i forgot about ppas
<nxvl> i will upload it tonight
<nxvl> now need to work
<nxvl> read you later!
<uvirtbot> New bug: #246664 in samba (main) "during winbind upgrade running desktop is harmed" [Undecided,New] https://launchpad.net/bugs/246664
<tolun> Hi everyone...
<tolun> my email server cannot generate pgp...
<tolun> I am using ubuntu 8.04.1 server x64 + atmail
<tolun> 5.4
<tolun> How can I check that pgp is installed correctly and works fine?
<HellMind> I'm trying to install the amd64 ubuntu server 8.04 from an usb pendrive to a raid 1 lvm partitioned disk with a mobo g33 intel. I got multiple problems :(
<HellMind> I finished the installation but it doesnt show me the login screen
<ikonia> tolun: your trying to get your mail server to pgp sign mails ?
<ikonia> HellMind: what does it show you
<tolun> ikonia, yes...
<ikonia> tolun: your client pgp signs mail, not the server normally
<HellMind> the last thing it does is  loop, module loaded
<ikonia> tolun: your mail server just delivers what your client injects into it
<ikonia> HellMind: you've installed, and then rebooted ?
<HellMind> ofcourse
<ikonia> HellMind: I'm just checking
<ikonia> HellMind: you get grub and it walks through the start up sequence ?
<HellMind> if i press ctrl alt del the login screen apears, but everything is incomplete and with errors
<HellMind> yes grubs its ok
<ikonia> HellMind: when you say login screen, do you mean the gdm desktop, or just a shell login ?
<HellMind> the only error i can se is, abnormal exit of modprobe
<HellMind> no shell
<HellMind> i mean, shell , no gdm
<ikonia> HellMind: can you boot into single user mode (add single on the end of your kernel boot options)
<tolun> ikonia, yes you have right... and I know that... Webmail part try to create a pgp key for a one account but server does not response back...
<ikonia> tolun: the mail server does nothing for pgp
<ikonia> tolun: what are you expecting the server to do ?
<tolun> I understand from atmail product that it takes pgp requests and it creates on server's pgp application and it returns back this key to user via webmail
<HellMind> it does the same, I think the install weren succesfully
<HellMind> i cant se the /var/log dir
<HellMind> it is recommended having multiple lvm partitions?
<ikonia> HellMind: the layout doesn't matter as long as it has / and swap
<tolun> ikonia, I understand from atmail product that it takes pgp requests and it creates on server's pgp application and it returns back this key to user via webmail
<ikonia> tolun: I have no idea how that would work,
<tolun> ikonia, it is really interresting... How can I check that server's pgp is working?
<ikonia> tolun: I've not idea, I can't see a way to allow a mail to manage pgp
<tolun> ikonia, ok not problem... do you know that how can I check only the pgp application?
<ikonia> tolun: test it on the command line
<ikonia> just make a pgp key
<ikonia> make a file then try to sign it
<tolun> ikonia, how...:'(
<ikonia> tolun: man pgp it's 3 steps, 1  create key 2. create object 3. sign object with key
<tolun> ikonia, here is the result for your advertisement.... man pgp No manual entry for pgp
<tolun> See 'man 7 undocumented' for help when manual pages are not available.
<blue-frog_> gpg
<ikonia> blue-frog_: thank you !
<tolun> blue-frog, thanks...
<HellMind> I think my problem is because I configured the raid 1 using debian, the raid ar /dev/mdx, ubuntu is trying to use it, or remove it here /dev/md/x
<ikonia> HellMind: shouldn't matter
<ikonia> HellMind: the path is /dev/md$x, not /dev/md/$x
<HellMind> how can I unisnstall the raid to start again
<HellMind> from 0
<HellMind> because the installer inst work
<ikonia> HellMind: remove the partition
<HellMind> how :S
<HellMind> the /dev/md0 is there
<ikonia> HellMind: ok, thats a good thing
<ikonia> HellMind: use the installer to format it
<ikonia> HellMind: your good to go
<HellMind> my hds hav no partition :(
<ikonia> HellMind: they shouldn't have if you've put them in a raid config
<ikonia> HellMind: you may want to mirror on a partition level, or slice up /dev/md0
<HellMind> I want to delete the previous /dev/md0 1 2 raid
<HellMind> the installer is wrong again
<HellMind> dunno what it executes but it fails, it says the partition is in use and the syslog says /dev/md/0 isnt exits, which is true, the raid is/dev/md0
<HellMind> is there a way to restart the installer without booting again?
<tolun> hi again guys....
<tolun> I have problem with creating a pgp key... it says that it needs more 300bytes for generating the key... How?
<tolun> the original message is: "Not enough random bytes available.  Please do some other work to give
<tolun> the OS a chance to collect more entropy! (Need 300 more bytes)"
<tolun> How can I generate random bytes for it?
<tolun> ?
<tolun> :)
<uvirtbot> New bug: #246702 in glibc (main) "[CVE-2008-1447] Randomize DNS query source ports to prevent cache poisoning" [Undecided,New] https://launchpad.net/bugs/246702
<HellMind> I MADE IT
<HellMind> the error was in the bios :S, with 1m on the vga it hangs, with 8 no
<telexicon_> I'm trying to install ubuntu server 8.04 on a poweredge 2450 but its throwing up a bunch of errors when trying to read packages from the cd during install: Exception Emask 0x0 Sact 0x0 Sett 0x0 action 0x2 frozen -> soft resetting link, eventually it fails with an I/O error
<ScottK> mathiaz: My regrets on missing the meeting today.  I had a family emergency to deal with.  How did the meeting go?
<mathiaz> ScottK: hope all is well on your side - it was busy busy
<ScottK> It's all done.  We had to put one of our dogs down last night and one kid was at camp 2 1/2 hours drive away.  So I went and got her last night and then took her back this morning.  Then I crashed.
<kirkland> mathiaz: hey....
<kirkland> mathiaz: I just ran into a nasty little situation with the lsb status_of_proc() that causes it not to operate properly, if run by a non-root user
<kees> kirkland: shellfoo?
<kirkland> kees: well, only slight....
<kirkland> kees: so in /lib/lsb/init-functions, you'll see a pidofproc() function
<kirkland> kees: which is used by my status_of_proc() function
<kirkland> kees: it tries to intelligently determine a proc's pid
<kirkland> kees: it seems, however, there's a strange dependency on being root
<kees> ya
<kirkland> kees: if $pidfile exists, it tries to run "kill -0"
<kirkland> kees: to determine if the process can be sent signals
<kirkland> kees: well, not root necessarily, but the owner of the process
<kees> well, it expects you to be able to kill the process you're querying
<kees> right
<kirkland> kees: ideally, querying status should be a non-priv operation, IMHO...  your thoughts?
<kees> you mean for the "status" init command?
<kirkland> kees: yup
<kees> I'd say it'd be nice, but not really a requirement
<kirkland> kees: further down in that pidofproc() function it uses /bin/pidof
<kirkland> kees: that works fine as not-the-owner-of-the-process
<kees> some processes need extra perms to know for sure if they're operating correctly
<kirkland> hmm
<kees> I'm assuming the kill-test is to make sure the process isn't zombie.
<kees> that's the only thing I can think of
<kirkland> kees: right...
<kirkland> kees: hmm, i'll have to think on this a little more
<kees> another option seems to be to make the pid file not world-readable
<kees> then it won't try the kill test
<kirkland> kees: that seems a little heavyweight
<kees> maybe do a uid check?
<kirkland> kees: i think i could more centrally test access on that file in addition to doing the file check
<ivoks> are we aware of http://www.isc.org/index.pl?/sw/bind/index.php
<ivoks> ?
<kirkland> ivoks: i saw jdstrand comment on it earlier on #ubuntu-devel
<ivoks> this means all DNS software
<kees> ivoks: yeah, it should be in the archive in about 40 minutes
<ivoks> very nice
<ScottK> kees: Do we have a fix for the libc stub resolver too?  Debian says they don't.
<kees> ScottK: we don't, and I've been attempting to more information about that.
<ScottK> Work around is install BIND I guess.
<kees> yeah, or trust your upstream DNS resolver and network
<kirkland> kees: what if I changed it to: if [ -f "$pidfile" && -r "$pidfile"] ?
<kirkland> kees: check if it's readable....
<kees> the -f is redundant
<kees> but that's already handled
<kirkland> kees: what about the "and is a regular file" part of -f?
<kees> your problem is when it's readable, but not your process
<kees> it's no greater race than the -f/read case.
<kirkland> k
<kirkland> kees: my bad... I need -O, True if file exists and its owner matches the effective user id of this process.
<kees> owner of the file may not be the uid of the process, though.
<ph8> hey all, i'm trying to convert an ubuntu desktop install to ubuntu-server with apt - can anyone tell me if the server repositories are different? or do i just need to install some kind of 'server' package?
<infinity> ph8: It's the same repositories, there's nothing to "convert", except to install a different kernel flavour, and to remove a lot of packages (ubuntu-server is pretty bare-bones)
<infinity> ph8: If you don't care about removing all the packages (and, really, if you did, you might just want to reinstall), then you're just left with the kernel... apt-get install linux-server
<ph8> i would reinstall but i've just setup my raid and i think it might be quicker for me to wildcard off a load of packages
<ph8> thanks i've just installed linux-image-server
<ivoks> and people say that linux servers are hard to install
<ivoks> :)
<HellMind> are imposible to install
<HellMind> isnt easy having the appliance already done in a vm :S
<kirkland> kees: okay, i'm going to have to take a different approach
<kirkland> kees: namely, status_of_proc() will not use the pidofproc() function.  rather, it'll use /bin/pidof
<kees> kirkland: well, but that may ignore the pid files.  that's the expected behavior
<kirkland> kees: yes, it will ignore pidfiles
<kirkland> kees: do you see a problem with that?  it'll look for a daemon of a given name, specified in the init script
<kees> kirkland: I'm confused, are you adding a new function or rewiring an old one?
<kirkland> kees: i wrote status_of_proc() from scratch...  was recently applied to Ubuntu's lsb package
<kirkland> kees: there are no users of that function yet
<kirkland> kees: i'm working on a stack of patches to use it
<kirkland> kees: that's when i came across this process ownership bug
<kees> aaaah, okay.  then I'm cool with the change you suggested.  :)
<kees> note though, that some things may misbehave -- e.g. sendmail has multiple PIDs, but only the master pid in the pid file.
<kirkland> kees: right, apache too, huh?
<kirkland> kees: see: https://bugs.edge.launchpad.net/ubuntu/+source/lsb/+bug/246735
<uvirtbot> Launchpad bug 246735 in lsb "status_of_proc() calls pidofproc() which calls kill, requiring ownership privileges on the process" [Undecided,New]
<kirkland> kees: patch at the bottom
<kirkland> kees: doko sponsored my last upload, i guess i can talk to him about this fix
<AtomicSpark> woo!
<kees> kirkland: okay, cool
<gregbrady> what software examines/blocks sshd access to a computer?  It updates the hosts.deny file.
<gregbrady> I think it allows 5 attempts or something and then adds that ip address to the hosts.deny file.
<gregbrady> I think it allows 5 attempts or something and then adds that ip address to the hosts.deny file.
<ivoks> denyhosts
<kirkland> kees: doko doesn't appear active.  any chance you can review and apply the lsb fix?  All of the rest of my patches depend on it, as I'll need lsb-base (>= 3.2-12ubuntu2) in each package's debian/control file
<kirkland> zul also offered some review/sponsoring/uploading too..........  pretty please?
<kees> kirkland: well, the archive is currently in soft freeze...
<kirkland> kees: oh...  hmm, what does that mean?  is that to spin cd's or something?
<gregbrady> ivoks, thank you....
<kees> kirkland: yeah, alpha 2 is being spun thursday.  we're in freeze until after alpha 2: https://lists.ubuntu.com/archives/ubuntu-devel-announce/2008-July/000446.html
<kirkland> kees: hmm, well, this change is not disruptive, perhaps unnecessary
<kirkland> kees: i'll ping slangasek about it
<kees> kirkland: okay
<kirkland> kees: thanks!
<kees> kirkland: np.  :)
<kirkland> kees: see slangasek's comment in #ubuntu-devel....
<kirkland> kees: are you willing/able to sponsor, or should I knock on someone else's door?
<kees> kirkland: I can do it, what's the bug #?
<kirkland> kees: https://bugs.edge.launchpad.net/ubuntu/+source/lsb/+bug/246735
<uvirtbot> Launchpad bug 246735 in lsb "status_of_proc() calls pidofproc() which calls kill, requiring ownership privileges on the process" [Medium,In progress]
<nxvl> kirkland: we are having the lsb patch included today?
<nxvl> kirkland: or just in ubuntu
<kirkland> nxvl: it was included in ubuntu a month ago or so
<kirkland> nxvl: Debian agreed to it in principle, want to wait until they open up their archive
<nxvl> :P
<nxvl> :D
 * nxvl is not following it
<kirkland> nxvl: i found an issue with the way pidofproc() is implemented, requiring root privileges
<kirkland> nxvl: i reworked status_of_proc() to use /bin/pidof rather than pidofproc() to get around that
<kees> kirkland: your patch would case pidof output to appears on stdout
<kirkland> kees: okay, i need a >/dev/null
<nxvl> augeas has took my life for the past month
<kees> kirkland: ah, yeah, that's in the prior version, cool.
<kirkland> kees: one sec
<kirkland> kees: okay, fixed
<kirkland> kees: anything else before I update the debdiff?
<kirkland> kees: I also switched status=1  to status="1"
<kees> kirkland: cool, I think that's fine
<kirkland> kees: updated patch posted
<nxvl> heh
<nxvl> augeas hasn't reach the archive and i have already received 3 new lenses
<nxvl> :D
 * nxvl loves FOSS Community work
<tester_> I am having troubles loading DBDriver mysql.  I've put an explanation of my problem at: http://pastebin.com/mb23133  Anyone got a moment to help me?
 * delcoyote hi
<runes> can anyone help with virtual hosts files in Apache using hostname?
<owh> kirkland: Nice catch on the status_of_proc()
<kirkland> owh: thx.
<owh> You seem to have been a busy boy :)
<kirkland> owh: i've just finished a batch of patches for at, bind9, cron, openssh, samba, sysklogd
<owh> I saw those come past, haven't looked yet. Are they different from the ones we made before?
<emgent> hello
<kirkland> owh: yeah, slightly
 * owh has a gander.
<owh> emgent: Salutations.
<owh> kirkland: Just the depends?
<kirkland> owh: yup
<owh> Cool, I didn't know how to do that and didn't get around to ask anyone.
 * owh hasn't stood still for some time :(
<kirkland> owh: no problem...
<owh> Excellent, onto the next problem :)
<owh> How did the meeting go today, that time is really, really bad for me :(
<owh> kirkland: Hmm, did you see this comment: (permalink)  <https://bugs.launchpad.net/ubuntu/+source/lsb/+bug/203169/comments/12>
<uvirtbot> Launchpad bug 203169 in sysklogd ""status" function for init scripts" [Wishlist,In progress]
<owh> kirkland: Especially the "exit $?" a completely redundant no-op...
<kirkland> owh: right, i fixed the versioned dependency thing
<owh> kirkland: Yeah, I'm talking about the second point.
<kirkland> owh: right, so my response is (a) exit $? doesn't hurt
<kirkland> owh: (b) "most" != "all"
 * owh is waiting for the punchline :)
<kirkland> owh: (c) in the case that $?=0, we're explicitly exiting with the status, not executing anything else beyond
#ubuntu-server 2008-07-09
<zul> kirkland: apache will have to be changed to use the status_of_proc stuff
<kirkland> zul: i'm considering that...
<owh> kirkland: But isn't the point that status_of_proc will die if it doesn't return 0, don't we have to wrap it in the same code as we did in the lsb.functions, the if[] construct?
<kirkland> zul: the only reason why i wouldn't is because the apache init script has it's own built in pid_of function
<kirkland> zul: that seems to be smarter and more specific to apache's array of daemons
<owh> zul: And it has internal knowledge on how apache works.
<kirkland> zul: i'm inclined to leave that on as is
 * owh agrees
<owh> Same is true for MySQL IIRC
<zul> ....only if you want it to change
<owh> zul: Huh?
<kirkland> zul: i'm inclined to allow init scripts that have smarter status) actions do their own thing
<kirkland> zul:  and we use our status_of_proc() for those that don't have anything yet
<owh> Yes, the status) we're doing is to help people who don't have one yet.
<zul> kirkland: oh I agree totally
<kirkland> owh: i'm still thinking about your point
<owh> zul: Standardising something that isn't standard makes no sense.
<ScottK> Providing the function is standard.  That doesn't have to mean one and only one implementation.
<owh> ScottK: Yeah, I think we're all agreeing on that.
<ScottK> OK.
<kirkland> owh: so what do you recommend?
<kirkland> owh: at is set -e, bind9 is not
<owh> kirkland: Let's see if we can reason this out.
<owh> kirkland: I agree with a b and c, but it doesn't fix anything.
<owh> kirkland: So, the status function we built provides an output.
<owh> kirkland: Hold on, I cannot recall, do we send the status back also?
<owh> kirkland: Hmm, we do.
<kirkland> owh: the status_of_proc() function return 0 on running, non-zero on not running
<owh> kirkland: I suppose we could argue that the status_of_proc function succeeds, so it shouldn't return non-zero.
<owh> kirkland: I don't particularly like my argument.
<owh> kirkland: Ok, let's think about this in another way. Who is going to use status?
<kirkland> owh: at is the only one of all of those that is set -e
<owh> kirkland: That only means less work, but we haven't actually solved the problem.
<kirkland> owh: state the problem
<owh> kirkland: It's going to happen 5 years from now.
<owh> kirkland: The problem is that exit $? doesn't return the result in the way that we intend it to in all cases.
<owh> kirkland: That is. the status_of_proc() function return 0 on running, non-zero on not running
<lamont> more and more scripts will use -e over time, fwiw
<owh> kirkland: So, five years from now, a happy hacker is going to come along, write an init.d script, use status and get burnt.
<owh> lamont: That is my understanding also - mind you, that comes from your contributions :)
<kirkland> owh: fine.  status_of_proc() itself is set -e safe
<owh> kirkland: Yes.
<kirkland> owh: so i think you mean that our usage of status_of_proc needs to be set -e safe too
<lamont> it just means that the interface to it becomes "if $(status_of_proc ...); then .... ; else ... fi;
<owh> kirkland: I think it does.
<lamont> see grep -q, for example
<kirkland> owh: how about:
<kirkland>     status_of_proc $DAEMON atd || exit $?
<kirkland>     exit 0
<owh> kirkland: I don't know if that works, but it looks right.
<kirkland> lamont: your thoughts?
<lamont> status_of_proc $DAEMON && exit 0 || exit 1
<owh> lamont: But the 1 may not be correct.
<lamont> s/1/$?/
<kirkland> lamont: that's known and accepted?
<owh> lamont: Why the && exit 0 ?
<lamont> if it returned zero, then exit 0
<kirkland> owh: it just puts it all on one line
<owh> Ah one, liner :)
<lamont> more to the point A && B || C is a common abreviation of if A; then B; else C; fi
<kirkland> lamont: how about:
<owh> It looks horrible, but we can make that work I think.
<kirkland>         status_of_proc /usr/sbin/named bind9 && exit $? || exit $?
<lamont> providing of course, that B cannot fail
<lamont> kirkland: ew
<kirkland> lamont: or is the explicit "0" better?
<lamont> I'd use the explicit zero
<kirkland> lamont:         status_of_proc /usr/sbin/named bind9 && exit 0 || exit $?
<kirkland> lamont: okey doke
<owh> kirkland: That construct is asking for a "smarter" person to remove the trailing part.
<kirkland> owh: :-D
<owh> kirkland: Yeah, keep the 0.
<lamont> owh: if it's a set -e script, then you just make the || and beyond be prefixed with a '#' :)
<owh> Hold on for a moment.
<owh> lamont: That is where I was going too. Let me see if I can word this...
<owh> If we're in a set -e environment and a function call returns non-zero, the script is terminated, right?
<owh> If that is right, then what does the script terminate with?
<lamont> not precisely
<owh> lamont: Lay it on me baby.
<lamont> if a statement evaluates to non-zero, then it terminates
<lamont> A && B || C is one statement
<kirkland> lamont: i'd like the construct to be the same in either set -e or not set -e
<owh> Right, but I'm stepping back a step.
<owh> lamont: What if A is non-zero?
<lamont> if A; then foo; fi is a bit more fishy, since foo exiting could kill the script
<lamont> if A returns non-zero, then you do C
<owh> lamont: The script terminates right?
<owh> No, hold on a mo.
<lamont> if C returns 0, then you don't
<owh> If we only use A.
<owh> Forget about what we just constructed for a moment.
<owh> If the single statement is A.
<lamont> A: if non-zero exit status, die with same
<owh> Then if it is non-zero, it terminates right?
<lamont> iff set -e
<owh> Right
<owh> So, what exit code does it die with?
<lamont> && == "if the previous thing was successful (zero status), then do this thing too"
<owh> No, forget about the && and ||
<lamont> -mix 635 : sh
<lamont> -mix \! : set -e
<lamont> -mix \! : sh
<lamont> -mix \! : exit 2
<lamont> -mix 636 : echo $?
<lamont> 2
<owh> lamont: So, in a set -e environment, the code terminates with the exit code of the died statement.
<lamont>            -e errexit       If not interactive, exit immediately if any untested command fails.  The exit status
<lamont>                             of a command is considered to be explicitly tested if the command is used to control
<lamont>                             an if, elif, while, or until; or if the command is the left hand operand of an â&&â
<lamont>                             or â||â operator.
<lamont> that'd be from "man sh"
<owh> So, that means that in a non set -e environment, the exit $? exits with what it is supposed to.
<owh> kirkland: My point appears moot. The code as it stands will work just fine and dandy in both environments.
<kirkland> owh: cool, thanks.
<owh> lamont: Do you agree?
<lamont> with which?
<lamont> specifically "the code as it stands" == ??
<owh> That the code we have now: http://launchpadlibrarian.net/13078414/diff.cron will work in both a set -e and non set -e space.
<owh> lamont: As in, we don't need no fancy && exit 0 || exit $? parts.
<lamont> owh: that's why the comment was: "They also don't take into account that several of these init scripts use "set -e", which makes "exit $?" a completely redundant no-op..."
<lamont> which means upstream will call you strange names and not take your patch
<owh> lamont: But that is only true in a set -e, not everywhere else.
<lamont> it's not that it won't work, it's that it's redundant
<owh> lamont: Yes. But you cannot remove it from all scripts, only from the ones that are set -e.
<owh> lamont: Remember, we're trying to solve two things. Make a status function, and provide a code example for other script authors.
<lamont> owh: which is specifically why the && || is better: it's clear, simple, and works without being redundant in all cases
<lamont> relying on -e is bad. exiting without explicitly meaning to is also bad
<owh> lamont: Now that is an argument I can agree with.
<owh> lamont: Can we code this inside our status_of_proc() rather than require the construct in each init.d script?
<lamont> if I call status_of_proc and it causes my script to exit, I'll have to hurt someone
<lamont> for the generic value of "I"
<owh> lamont: Yuk, true, but yuk.
<owh> Crap
<lamont>         if start-stop-daemon --start --oknodo --quiet --exec /usr/sbin/named \
<lamont> no different
<lamont> in fact, the start) case of /etc/init.d/bind9 is not a bad example of using functions/commands that exit with, uh, exit codes
<lamont> and it's not -e atm, I think
<owh> lamont: In fact that's a whole lot prettier than "&&exit 0||exit $?"
<lamont> right
<owh> if status_of_proc $DAEMON atd; then
<owh> 	log_end_msg 0
<owh> else
<owh> 	log_end_msg $?
<owh> fi
<owh> Something like that.
<lamont> now look at the head of /etc/init.d/stop-readahead
<lamont> owh: the atd syntax is exactly what the && || syntax is a short cut for
<lamont> grep -q "profile" /proc/cmdline || exit 0
<lamont> functions that return zero vs nonzero are extremely common.  and very useful,
<owh> Hmm, so at the moment we're really only arguing form :)
 * owh wakes kirkland back up.
<kirkland> owh: ?
<owh> kirkland: Turns out we do need the construct.
<kirkland> owh: see http://pastebin.ubuntu.com/26063/
<owh> kirkland: That's the one :)
<owh> kirkland: Can we replace this: status_of_proc /usr/sbin/named bind9 && exit 0 || exit $?
<owh> kirkland: With this: status_of_proc /usr/sbin/named $0 && exit 0 || exit $?
<owh> Or even: status_of_proc $DAEMON $0 && exit 0 || exit $?
<owh> Probably too obtuse.
 * owh goes to find a box to hide under.
<kees> everyone please upgrade your DNS servers.
<lamont> owh: $0 in an initscript could be all kinds of things... many of them starting with Snn or Knn...
<lamont> and what kees said... pls to be upgrading your nameservers
<owh> lamont: Yeah and SEP :)
 * lamont steps back for about 15 minutes to do something that he's been tryingto get done since about 1PKM
<owh> lamont: I haven't run a DNS server since I started with a satellite based Internet connection.
<lamont> 1PM even
<lamont> and have they upgraded?
<lamont> or do you care who you talk to?
<lamont> http://www.kb.cert.org/vuls/id/800113
<lamont> http://www.isc.org/index.pl?/sw/bind/bind-security.php
<owh> lamont: Well, the "corporation" doesn't know shit from sherlock and trying to actually talk to someone who understands the issue is harder than ignoring it. I still haven't found a satisfactory resolution, but have settled with OpenDNS for the moment.
<owh> lamont: It's not ideal by any stretch of the imagination.
<lamont> owh: the only place where I currently use an opendns server, I don't actually use the answer other than to say "got one" vs "didn't get one"
<owh> lamont: But I'm guessing that you're not in an environment where your workstation is the only CPU, that it is a laptop and that it is connected via a high latency connection.
<lamont> owh: that sounds like a perfect description of a situation where I'd run a local named configured to forward
<lamont> anyway, away for 15 min or so
<owh> lamont: Lemmie know when you're back, we'll continue :)
<Chipzz> I already tried asking this in #ubuntu-devel and #ubuntu-motu, but didn't get any response there
<Chipzz> I'm looking for a little help on packaging a php extension
<Chipzz> (the php zend guard/optimizer)
<Chipzz> and I'm a bit at a loss as to where to put a certain file
<mathiaz> Chipzz: have you looked at other php extension packages ?
<Chipzz> yes but this is special
<Chipzz> as in: really special
<owh> Chipzz: So, what is the file, why is it special, etc. Be specific.
<Chipzz> normally, php extensions go in /usr/lib/php5/20060613+lfs
<Chipzz> now I have /usr/lib/php5/20060613+lfs/ZendExtensionManager.so
<Chipzz> which is correct
<Chipzz> but this extenion is actually a loader for other extensions (which are zend extensions, not php extensions)
<Chipzz> currently I have this in /usr/lib/php5/zend/php-5.2.x/ZendOptimizer.so
<Chipzz> but I'm really not sure if this is correct, or if there is a better place
 * owh would have thought in /usr/share, but that might not be correct.
<Chipzz> no, since it's arch dependant
<owh> I suspect that there is a standard for that.
<Chipzz> you can (kindof) specify the directory where it should go:
<Chipzz> zend_extension_manager.optimizer=/usr/lib/php5/zend
<Chipzz> but it takes a subdirectory (ie the php version) where it looks for the file
<owh> Chipzz: Are there other packages for other distributions?
<Chipzz> not that I could find
<Chipzz> the thing is, it is a free download, but you have to register
<Chipzz> which I would want to work around by creating a package which builds the package
<mathiaz> Chipzz: do you plan to upload that to the ubuntu archive ?
<Chipzz> (cfr wine and qmail)
<Chipzz> mathiaz: I wouldn't mind contributing it, no
<Chipzz> but I'm not sure if it's suitable
<mathiaz> Chipzz: what's the license ?
<Chipzz> not exactly sure; there is a EULA and COPYRIGHT file which I can put online if you want to take a look?
<Chipzz> errr
<Chipzz> that should be: "cfr *pine* and qmail" above
<Chipzz> not wine :)
<mathiaz> Chipzz: you check with the ubuntu component definition - http://www.ubuntu.com/community/ubuntustory/components
<mathiaz> Chipzz: to figure out in where this would go - I'd take a guess at multiverse
<Chipzz> there's also another issue with the package which I'm not sure about what to do
<Chipzz> zend offers a couple of products, among which zend optimizer and zend platform
<Chipzz> zend optimizer is a free download, zend platform requires a license
<Chipzz> both ship a version of the zend extension manager though, and both versions are different
<Chipzz> on top of that, the version of the zend extension manager is seperate from the zend extensions it ships with
<owh> Chipzz: So, really, the file location question is a red herring.
<Chipzz> ie in the zend optimizer package (which has version 3.3.3), the zend extension manager version is 1.2.2
<owh> Chipzz: You have other, bigger issues, to deal with first.
<nxvl> mathiaz: augeas got sponsorship from kees one hour ago (or something)
<Chipzz> owh: that would be one way of looking at it; for me proper packaging is important, and having a package which I can deploy on my servers is important to me
<mathiaz> Chipzz: did you get in touch the maintainer that uploaded zend-framework (http://packages.ubuntu.com/hardy/web/zend-framework) ?
<Chipzz> if I can contribute that back to debian/ubuntu in a way, that would be a plus
<owh> Chipzz: That is a fair enough point.
<mathiaz> Chipzz: stephan seems to be the best person to talk to about your issue
<Chipzz> mathiaz: hrrrm, I didn't notice that existed. I should take a look at that first I guess
<Chipzz> I'm also looking to package other stuff which has less restrictive licensing
<Chipzz> mathiaz: one package that may be of interest to you is... give me one second to look it up ;)
<nxvl_> mathiaz: augeas got sponsorship from kees one hour ago (or something)
<nxvl_> mathiaz: we can sync it when it's accepted
<kirkland> mathiaz: i just uploaded a bunch of patches to https://bugs.edge.launchpad.net/ubuntu/+source/sysklogd/+bug/203169
<uvirtbot> Launchpad bug 203169 in sysklogd ""status" function for init scripts" [Wishlist,In progress]
<Chipzz> libapache-mod-ldapcfg
<Chipzz> but that is packaged in debian
<mathiaz> Chipzz: so it should be in ubuntu too
<owh> kirkland: How come you keep giving us edge links?
<kirkland> owh: i'm on the beta version of launchpad
<Chipzz> also looking at mod_spnego, which you may be interested in too
<Chipzz> *interesting
<kirkland> owh: their webserver should handle the redirection for you, no?
<nxvl> yeah, i have the same edge. problems
<nxvl> :P
<nxvl> it should be some way to avoid it
 * nxvl will write a whislist bug against LP
<owh> kirkland: Yeah, I see the site, it all works, but you've also used that URL in a bug report :)
<Chipzz> http://sourceforge.net/projects/modgssapache/
<kirkland> owh: i don't think it really matters
<mathiaz> Chipzz: that seems interesting - are you using these in production ?
<kirkland> i try to delete it when i think about it
<owh> kirkland: Fair enough :)
<Chipzz> mathiaz: not yet, just compiled it today
<kirkland> owh: but I paste exactly 132847239723ad39820e Launchpad URLs every day ;-)
<Chipzz> mathiaz: I need to get our reverse DNS in order, and then I'm going to try it on a test-server
<owh> kirkland: Stop teasing :)
<Chipzz> mathiaz: I'm willing to contribute packaging I do to debian and/or ubuntu
<mathiaz> Chipzz: well - if you start compiling stuff and want to properly package it for you server I'd suggest to try to get it into debian/ubuntu - it will increase a lot the testing of you software
<Chipzz> mathiaz: there are some things about libapache-mod-ldapcfg which I find suboptimal though, and which should be changed IMO
<mathiaz> Chipzz: your package
<kirkland> mathiaz: i have subscribed ubuntu-main-sponsors
<kirkland> mathiaz: and I've pinged a couple of the package owners (lamont, slangasek)
<mathiaz> kirkland: great - that's the way to go :)
<Chipzz> mathiaz: are there persons you suggest I coordinate with?
<mathiaz> Chipzz: to do what ? upload new packages ?
<Chipzz> upload/packaging itself/whatever
<owh> kirkland: You realise in the samba patch that if the first is not running, but the second is, it returns the wrong exit code?
<Chipzz> people to mentor me maybe
<kirkland> owh: yes
<mathiaz> Chipzz: MOTU is the best place the start - https://wiki.ubuntu.com/MOTU/
<Chipzz> or sponsoring to get it into debian
<kirkland> owh: that's why i put smbd second
<kirkland> owh: as it's "more" important, perhaps?
<mathiaz> Chipzz: if you're mainly interested in server stuff, the ubuntu-server team is also a good place to start
<owh> kirkland: Only for those who don't depend on nmbd.
<kirkland> owh: the most important thing is that it's 0 if both are running, and non-zero if either are running
<Chipzz> mathiaz: yeah I think that is more the case
<mathiaz> Chipzz: as for sponsoring in debian, you'd have to get in touch with debian and mentors - I'm less aware of things work in debian
<Chipzz> mathiaz: I know about MOTU :) but given the response to me php question I doubt that's the right place to start ;)
<Chipzz> *my
<owh> kirkland: No, if nmbd is not running and smbd is running, it will return 0.
<mathiaz> Chipzz: well - not everyone who is online a some point can give you the correct answer
<mathiaz> Chipzz: it may require some patience - or ask on the ubuntu-motu mailing list
<kirkland> owh: i disagree
<owh> kirkland: You could "fudge" it by adding the result codes up :)
<owh> kirkland: How so?
 * lamont iz bak
<kirkland> owh: status starts out at 0
<kirkland> owh: first tests nmbd
<lamont> kirkland: if ! status_of_proc smbd; then exit 0; fi
<lamont> meh
<owh> http://launchpadlibrarian.net/15898688/samba.status.debdiff
<lamont> status_of_proc smbd || exit $? || true\
<owh> lamont: ^^
<lamont> status_of_proc nmbd || exit $? || true\
<lamont> exit 0
<lamont> and lose the \\
<mathiaz> Chipzz: for new packages, have a look at https://wiki.ubuntu.com/UbuntuDevelopment/NewPackages
<kirkland> lamont: see http://launchpadlibrarian.net/15898688/samba.status.debdiff
<lamont> for i in "nmbd" "smbd"; do
<mathiaz> Chipzz: and if you want a mentor, there is the MOTU mentoring program
<lamont> wth use quotes?
<owh> kirkland: So, it starts at 0. nmbd is not running, so it changes. Then smbd is running, yuk. You are right, but yuk.
<kirkland> lamont: i think the quotes make it easier to read
<Chipzz> mathiaz: well, mentoring (I think) would not be the main issue; rather sponsoring for getting the packages in debian would
<mathiaz> Chipzz: if you're mainly interested in -server stuff than I can figure out ways to get you started
<lamont> kirkland: uh... ok.
<lamont> in a violently non-shell way, yes.
<kirkland> lamont: okay, i can remove the for loop
<owh> ROTFL
<kirkland> saves 1 line
<Chipzz> mathiaz: currently mainly -server stuff, but possibly other packages too in the future
<mathiaz> Chipzz: well - this is related to Debian - I cannot really help on that side
<mathiaz> Chipzz: I can definetily help in getting stuff in ubuntu
<Chipzz> mathiaz: yeah, but I'm guessing a lot of you guys are also debian maintainers, so I was thinking maintaining the package myself in ubuntu and having someone from the -server team do the uploads to debian would be best?
<owh> lamont: So, running named locally and forwarding it right? So, pray tell, whom do I forward to and moreover, how will this resolve my high-latency link issues?
<owh> Chipzz: You are confused by common sense :)
<lamont> owh: well, instead of always asking opendns, you could forward to them, and cache the response locally
<Chipzz> mathiaz: while I would be interested in maintaining stuff in debian myself too, the long procedure to becoming a debian maintainer is daunting, and I'm not exactly sure if it's worth it
<owh> lamont: Sure, but how would that improve the reliability of the responses I'm getting? Isn't that what sparked this discussion?
<mathiaz> Chipzz: better the other way around if you really want your packages in debian
<Chipzz> owh: well lamont sounds like a name I know from p.d.o ;)
<lamont> Chipzz: the correct way is to get a sponsor to upload to debian until you're done with the $PROCESS
<lamont> owh: well, presumably you'd want to find a nameserver that (1) would answer you, and (2) has a patched BIND
<kirkland> lamont: owh: try this on for size: http://pastebin.ubuntu.com/26086/
<owh> lamont: So, it's going to speed up my resolution, which is great, but it's no different from pointing at an external DNS server. So, what I end up with is a named process that needs to hibernate when the laptop does, then wakes up, refreshes its cache and then starts serving me.
<Chipzz> btw, while I'm here... does anyone have any thoughts on this bug? http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487993
<uvirtbot> Debian bug 487993 in mysql-common "/usr/share/mysql/charsets/Index.xml should be shipped in mysql-common" [Important,Open]
<owh> kirkland: The mechanics are the same. I'm not sure if lamont was picking you up on the for..loop, rather than the "0" status. I was commenting on the non-assignment which hasn't changed :)
<lamont> yeah -for loop or not is fine.
<lamont> those quotes are offensive
 * owh hands kirkland some pain killers :)
<lamont> but then, I've coded in shell scripts for, um, long
 * owh recalls stories from before there was standard voltages too :)
<owh> <grin>
 * owh checks the status_of_proc bit.
<owh> lamont: I know where this comes from, the "0". We got picked up on it when we built the status_of_proc() function.
<owh> lamont: kirkland was just following the same standard :)
<lamont> yeah - technically, you shouldn't need the quotes there either...
<owh> lamont: There was a whole debate about -eq and == and we made it the same everywhere IIRC.
<lamont> heh
<owh> lamont: If you want more grey hair: http://launchpadlibrarian.net/15896559/lsb.status.debdiff
<lamont> ah, so this status function has embedded output side effects...
<lamont> lsb muppets
<lamont> :-)
<owh> lamont: Hey, no fair, kirkland and I keep finding bugs in other peoples lsb code :)
<lamont> owh: I didn't mean you and kirkland...  I meant all those lsb folks who seem to not have a history of defensive shell programming
<kirkland> owh: lamont: okay, fair enough.  quotes were gross.  the for loop was unnecessary.  are both of you happy with http://pastebin.ubuntu.com/26086/ as it stands?
<owh> kirkland: It's your name on the wrapper - go for it :)
<lamont> kirkland: looks to be good
<kirkland> okay, i'll update the bug
<Chipzz> kirkland: what if nmbd fails to start but smbd succeeds? or would that not be possible?
<owh> Chipzz: We covered that :)
<Chipzz> looking at http://pastebin.ubuntu.com/26086/ at looks like status would get overwritten?
<owh> Chipzz: So, status starts at 0. nmbd is not running, so status changes. Then smbd is running, status is not changed.
<Chipzz> owh: whoops, looks like I meant the inverse
<Chipzz> :)
<Chipzz> which is still valid
<Chipzz> nm
<owh> Chipzz: We've been along this ground a few times now <grin>/
<Chipzz> yeah I guess I'm just tired - past 3AM here ;)
 * ogra wonders if you guys put so much effort into getting status feedback, why dont you directly start porting to upstart and forget about the initscript ?
<owh> ROTFL
<owh> ogra: We covered that too :)
<ogra> ah, well, i only saw the paste above, upstart is supposed to be the default in intrepid and the more we get ported the better
<ogra> so i thought i'D mention it :)
<owh> ogra: The original intent was to get this into hardy so we could have it for an LTS.
<owh> ogra: We ran into some opposition :)
<ogra> i saw the discussion
<ogra> and to be honest in ten years of debian server administration i have never actually missed status ...
<owh> ogra: We were trying to build some infrastructure to assist things like eBox etc.
<ogra> yeah, understood ... i dont object ... i just never personally found a use for it over ps
<owh> kirkland: Very funny quote in that patch :)
<kirkland> ?
<owh> The uploaded patch with the comment about quotes :)
<owh> (Not in the patch, but the submission)
<kirkland> ah
<owh> :)
<owh> Anyone know how to get rsync to use a password file with an encrypted password, rather than a clear text one?
 * owh wants to synchronise passwords between samba and rsync.
<jdstrand> lamont, kees: good job on the bind9 update :)
<kees> jdstrand: thanks!  lamont rocks.  :)
<lamont> jdstrand: other than me still needing to get something sane into sid/intrepid... :0(
<lamont> jdstrand: it helps that I had time to create the packages
 * jdstrand nods
<kees> and we have reasonable regression testing tools.  :)
<jdstrand> yeah for qa-regression-testing
<jdstrand> s/yeah/yea/
<owh> kees, as an aside, are you responsible for the ubuntu usn feed?
<kees> owh: I'm responsible for it's content (yes, we know it's ugly, plans are forming to deal with that)
<owh> kees: FYI The feed appears to be missing <pre> tags, so the formatting goes to pot when viewed in something like Thunderbird.
<kees> s/it's/its
<kees> owh: yeah, it looks very bad.  I *think* we have a solution, but I haven't had time to finalize it yet.
<kees> we were blocked for a while on some changes in the website, but that's done now.
<lamont> the beauty of 4 cores and non-threaded builds is that one need not feel guilt for playing a game while waiting for a build to complete
<owh> kees: All good, it's not me then :)
<kees> owh: no, certainly not.  it looks really really ugly.  ;)
<kees> lamont: hehe
<owh> lamont: That all depends on which game :)
<lamont> like the 4149 levels before it, this one _shall_ pass.
<lamont> owh: the definitive timewaster
<lamont> kobodeluxe
<owh> So was my samba/rsync question silly, unknowable, wrong, clueless ... ?
<lamont> uh... dunno.  what was the question?
<owh> Anyone know how to get rsync to use a password file with an encrypted password, rather than a clear text one?
 * owh wants to synchronise passwords between samba and rsync.
<lamont> rsync over ssh?
<owh> Yeah, but that adds a whole layer of requirements for non Linux clients.
<owh> The real reason is so that a user doesn't accidentally overwrite someone elses backup.
<owh> lamont: Hmm, kobo doesn't run on an N95 :)
<lamont> heh
<owh> lamont: Seems to run everywhere else :)
<owh> lamont: Hmm, QNX as a platform to run kobo, seems someone has too much time on their hands.
<owh> lamont: 574kB, now that's a selling point.
<lamont> frozen-bubble wins on the cool "you can do that with just perl and sdl????" front though
<owh> lamont: I didn't know that. It's vewwy vewwy addictive :)
<lamont> owh: so, rsync with encrypted passwords but not ssh?? dunno
<lamont> pretty sure the rsync daemon just likes to have a secrets file that's cleartext
<lamont> and certain that the proto defaults to all cleartext, all the time
<owh> Yeah, that's my understanding also.
<lamont> mebbe an stunnel wrapper?
<owh> The rsync server is an embedded machine with very little in the way of CPU overhead left.
<owh> Think NAS device.
<lamont> then encrypt before pushing.
<owh> lamont: As I said, it's not so much "security" as "stop idiots from overwriting eachother's files".
<owh> Of course, someone will give them all the same password, but that's a problem for a different day :)
<owh> Hmm, perhaps I can "force" the module based on the client's IP or MAC address
<lamont> that's just a matter of forcing the target based on source IP maybe?
<owh> Yeah, that's what I was just thinking.
<owh> Ooh, there's even an RSYNC variable for it: RSYNC_HOST_ADDR
<owh> :)
<owh> WFM, thanks for the comments lamont.
<Smaug> does installing phpmyadmin require any repositories or anything on 8.04 hardy?
<SiMeoN_> fresh install 6.10 server. cant remove cd from sources and add packman via command line.
<SiMeoN_> try apt-get update. gives errors. can see default web page from another box on network. any ideas whats going wrong?
<RoAkSoAx> SiMeoN_: pastebin your /etc/apt/sources.list file: pastebin.ubuntu.com
<SiMeoN_> not familiar with vim. gedit not installed, any other editor to use?
<nxvl> nano
<SiMeoN_> thanks
<nxvl> also
<nxvl> i think 6.10 is not supported anymore
 * nxvl confirms
<nxvl> yep
<nxvl> already dead this may
<RoAkSoAx> nxvl: but i believe repos are still available right?
<nxvl> don't think so
<SiMeoN_> o come on.
<nxvl> nope
<nxvl> not anymore
<nxvl> http://pe.archive.ubuntu.com/ubuntu/dists/
<nxvl> 6.06 is still supported since it's LTS
<nxvl> but not 6.10
<SiMeoN_> thanks
<RoAkSoAx> yep, not available anymore
<nealmcb> note that folks can at least still do package installs and updates for 6.10 and earlier via the http://old-releases.ubuntu.com/ubuntu site
<nealmcb> just no security patches etc
<nealmcb> ..no _ongoing_ patches
<kraut> moin
<hads> Good to know, not that I have any old boxes but good to know none the less.
<owh> I'm in the process of writing an email to the list about Bug #242505, but before I do, are there any suggestions on a way to get this issue attended to?
<uvirtbot> owh: Error: Could not parse data returned by Launchpad: The read operation timed out
<owh> Niice
<owh> https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/242505
<uvirtbot> Launchpad bug 242505 in linux-meta "vmware kernel modules for 2.6.22-15 missing" [Undecided,New]
<owh> Thanks :)
 * owh just loves artificial intelligence :)
<exot> hello all, can anybody lead me to the starting point of constructing vpn server , a vpn connection from outside my company to use my internal services
<henkjan> exot: https://help.ubuntu.com/community/VPNServer
<exot> henkjan, thank you
<exot> just a question, does that able to use pptp ?
<henkjan> the ubuntu wiki is a nice source of documentation
<exot> yes I know :)
<jetole> hey fellas
<jetole> I am looking for a log event management solution, something like splunk that allows me to analyze, search, graph log data etc but I am looking for something open source
<jetole> basically a free as in beer version of splunk, any ideas?
<gabbs> Hi, anyone got success installing an openvz-ish kernel image?
<gabbs> linux-headers-2.6.24-20-openvz depends on linux-headers-2.6.24-20 however Package linux-headers-2.6.24-20 is not installed.
<gabbs> how can I just build the linux-header deb ?
<\sh> gabbs: hmm? linux-headers-2.6.24-20 ? apt-get install ?
<gabbs> can't find it
<Zyna> Can someone tell me how I can delete a svn project serversided? I reated a test-project upon installation and now want to remove it...
<\sh> Zyna: never...it needs some svnadmin magic
<Zyna> how's that?
<\sh> Zyna: svnadmin magic means: "rm -Rvf <dir to svn-project>" on the server where the repo is stored...or do I understand you totally wrong?
<\sh> gabbs: btw...where do you found 2.6.24-20?
<gabbs> repository
<\sh> gabbs: which repository? the latest I found was 2.6.24-19
<gabbs> the code repository
<gabbs> git
<\sh> ah
<CrummyGummy> Hiya, whats the recomended pmacct client? pnrg looks good but i don't see it in the repo.
<gabbs> but someone in ubuntu-kernel told me how to fix it, so its all good now I think
 * gabbs tests
<Zyna> \sh, aren't the svn projects stored in some kind of db? just deleting the directory wuld result in an empty project, wouldn't it?
<\sh> Zyna: it would result in "no project anymore at all" :)
<Zyna> \sh, ok, maybe I just thought about it to complicated... thx
<\sh> Zyna: emptying the database, you can do imho only with the BDB tools which breaks the whole svn db, too...so wanting to recreate a project completly, just delete the whole dir with the db inside and all other svn infos...and svnadmin create <project> from scratch
<Zyna> \sh, ok, this is weired... I just deleted the directory on the server, then co'ed the project successfully, it even transfered all the structure even though it is no longer present on the server...?
<\sh> Zyna: you sure that your checkout path is on this server and not somewhere else?
<Zyna> absolutly, I use the IP to co
<\sh> strange...I have: (example) my checkout path is: http://foo.bar.tld/svn/project .... and on the server where this svn repo sits, (in directory: /storage/svn/project) when I delete it: cd /storage/svn/ ; rm -Rvf project ; cd .. and do another checkout, the webserver tells me, that there is no /svn/project anymore...
<Zyna> \sh, maybe I am confusing something? here my dav_svn.conf, my project-directory and my successfull co -> http://ubuntuusers.de/paste/390089/
<nandersson> jetole, Have a look at RRDtool http://oss.oetiker.ch/rrdtool/
<nandersson> jetole, It does graphing, unfortunatly it is based on "sampling". I.e you cant recreate a graph from timestamps
<nandersson> jetole, rrdtool is developed by the same guy who made mrtg
<jetole> nandersson: did you get the right name there
<jetole> I didn't ask anything about rrdlog, graphing or any of that
<jetole> I already use rrdlog too in cacti
<gabbs> does anyone know if there is a simple openvz tutorial for ubuntu-server ?
<gabbs> apparently the linux-image-openvz is not booting on my remote server =/
<jetole> https://help.ubuntu.com/community/OpenVZ
<jetole> that was google hit 1 on ubntu openvz
<soren> It's spelled "ubuntu"
<soren> That must be why.
<jetole> heh
<jetole> actually it's this new thing, maybe you've heard about it
<jetole> they call it a typo
<soren> I hate those.
<jetole> /ne too
<jetole> :P
<soren> :)
<jetole> btw, that was also hit 1 on help.ubntu.com too
<jetole> so no one can suggest a good log event management program (that is not splunk) eh?
<CrummyGummy> logwatch?\
<CrummyGummy> Hobbit can also be configured to do regex searches on logs.
<jetole> yeah I use it
<jetole> looking for something to help build a good search and management solution though
<jetole> hobbit?
<jetole> lemme look that up
<CrummyGummy> yup
<CrummyGummy> its more for monitoring but can watch logs.
<jetole> kinda like nagios + logs?
<jetole> btw, i fscking adore nagios
<CrummyGummy> Dunno, i havn't used nagios extensivly.
<\sh> Zyna: your svn path is: /var/local/svn :)
<\sh> Zyna: that's where your svn projects are hiding :)
<jetole> nagios is very very very cool
<CrummyGummy> hobbit works nicely and is easy to configure. No complaints.
<jetole> you know
<jetole> this looks familier actually
<jetole> I think I used it once upon a time
<CrummyGummy> Not big brother? It is a spin-off.
<jetole> anyways, nagios last night sent me a text message on my cell phone that our secondary sql server was down
<jetole> it kinda looks weak to me
<lukehasnoname> hobbit is not as powerful as nagios
<jetole> one app I was looking at this morning was php-syslog-ng
<CrummyGummy> Lol, don't tell me about SMS's, I get way too many a day.
<Zyna> \sh, nope, that's just where all the svn stuff lays... http://ubuntuusers.de/paste/390092/#
<jetole> from?
<CrummyGummy> lukehasnoname: How so?
<jetole> I don't care about SMS from people
<CrummyGummy> hobbit monitoring our custom services.
<jetole> I wanna know when corperate machine die
<\sh> Zyna: yes..that's your repo dir...argl
<\sh> Zyna: I think I understand your problem now :)
<lukehasnoname> hobbit is good but from what I hear, nagios is more detailed, and has a large plugin system
<CrummyGummy> they're gsm based and monitored useing a modem so there is the odd failure.
<Zyna> \sh, when doing svn co IP/svn/project1/ I want it to say: Sry, there ain't no svn project there
<\sh> Zyna: you have something like this: http://foo.bar/svn/trunk/project1 http://foo.bar/svn/trunk/project2 etc. and you want to remove project2 from the repo..
<Zyna> YES
<\sh> Zyna: svn help remove  :)
<Zyna> thx... gotta go do some errounds... thx for the support
<jetole> CrummyGummy: I have not used hobbit, but what lukehasnoname was saying, well let's put it this way, it currently does snmp, smtp, pop3, http, ftp, https and mssql checks for where it verifies the service itself and doesn't just look for an open port, it manages parents so if a router is out then it tells me instead of telling me 20 services dies because it doens't know the router to them died
<jetole> and it manages snmp traps and notifies on them as well
<jetole> it handles notifications, it can tell you if a disk is too full or cpu has peaked or if a service on said host is not running
<jetole> nagios really does own
<jetole> log management is just the last aspect that I need, cacti and nagios seem to cover all else
 * soren is a munin+nagios sort of person
 * jetole has never heard of munin
<CrummyGummy> The next version (tm) of hobbit  will have snmp trap support. And the heirarchical router thing you were talking about isn't supported. The rest is in hobbit.
<jetole> Hugin and Munin are the ravens of the Norse god king Odin. They flew all over Midgard for him, seeing and remembering, and later telling him.
<soren> jetole: Yes....
<jetole> I love how this munin home page tells me more about norse gods then even their faq does about what munin does
<soren> meanwhile, in the real world, hugin is a panorama picture generation application and munin is very much like cacti.
<CrummyGummy> Damn not another mythical named project. Try searching google for hobbit support...
<jetole> oh
<jetole> found the "about munin"
<gabbs> Anyone got an idea what the meaning is of "Starting up ..." and then the systems doesn't boot at all?
<gabbs> The message doesn't change
<gabbs> just a blinking cursor
<jetole> gabs, post grub?
<gabbs> no idea - I have a remote console attached to the server (its remote) and thats all I see
<gabbs> hmm ... I could send a signal to hard reset the box
<jetole> I would
<jetole> ip kvm?
<gabbs> LARA eco
<jetole> yes would have also been a good answer
<gabbs> well, I wanted to be specific
<jetole> I know, I just didn't care what kind
<soren> "Yes, LARA eco", would be both useful and specific :)
<gabbs> true :P
<jetole> yeah
<jetole> I had to google it to know it was a kvm over ip
<soren> I had to wait for someone to google it to know it was a kvm over ip
<jetole> see gabbs we all had to wait for me to google it
<gabbs> it says grub loading stage2, then Starting up ... and thats it
<jetole> lol
<jetole> ok, escape grub this time and remove the quiet option from the kernel
<gabbs> lol yea - sorry guys :D
<gabbs> how do you escape grub?
<jetole> although
<jetole> from what I hear
<gabbs> it shows very briefly, not sure I can get in there
<jetole> sounds like grub
<jetole> escape it with the escape key
 * CrummyGummy never got kvm working over a remote terminal. btw, is there a port for the HP proliant tools in the ubuntu repo?
<jetole> CrummyGummy: doubt it
 * gabbs tries
<jetole> it took me forever to get the dell DRAC kvm cards working over firefox like the add from dell claimed it would
<jetole> even senior open management techs from dell told me it won't work but it does now but only cause of some obscure blog I found
<CrummyGummy> It should work over a net terminal no?
<jetole> soren, what do you use for log management?
<soren> jetole: What exactly do you mean by "log management"?
<jetole> well logwatch is great but lots of people have lots of systems sending logs to a server and surely someone must know a program to help sort and search and analyze the data
<jetole> splunk does just that but it's either crippled or expensive
<gabbs> jetole, just ESC -> d on quiet, then b to boot, right?
<soren> Right now, I don't bother. I just leave them on the servers so that I can go look at them if I'm bored.
<jetole> gabbs: I think
<jetole> soren: you don't deal with many server issues, do you?
<gabbs> well, thats what I think too, but it still only shows Starting Up ...
<soren> I used to work at a place where we just grabbed all the logs from all the servers via ssh when they had been rotated, but didn't do any analysis of them.
<jetole> I have a dozen windows servers and about 15 linux servers aggregating in syslog on one server
<soren> jetole: Yeah. Trouble with that is that it only works for stuff that uses syslog.
<jetole> when an issue arises it's a pain to deal with that
<soren> Define "server issues".
<jetole> soren: that is linux, windows two sonic wall firewalls at our firm
<soren> My job is to deal with a type of server issues, so that's what I do all day.
<soren> I don't deal with Windows.
<jetole> server issues: something is not working the way it is supposed to on a server
<jetole> ?
<soren> My stuff works.
<soren> Sorry.
<soren> :)
<soren> When something is failing, that's when I go look at the logs.
<jetole> don't worry, I hate windows too but that option came with the job
<jetole> me too
<soren> unless it's ssh that's broken, it's not much of a problem to have to log into a different machine to inspect logs.
<jetole> but greping and parsing, etc etc gets to be a pain in the ass on huge log files
<soren> And even then, it's rarely a problem. All but one of my servers are virtual, so I have console access.
<soren> jetole: *shrug*
<jetole> yeah
<gbooks> hello!
<jetole> world!
<gabbs> is there a grub channel here on freenode or do I go to #linux ?
<gbooks> *grin*
<soren> I think it's more of a pain to try to guess ahead of time what's going to break in order to make good patterns to look for.
<gbooks> having an issue with a new lamp install on JeOS
<soren> What's the problem?
<jetole> alright, well I have to scoot for a bit
<ATA_Dark_Shadow> gabbs unless its a network boot grub prob i would suggest you go to #ubuntu and try there
<CrummyGummy> soren: Do you use a network console to connect to your virtual servers? KVM?
<gabbs> hmm, #ubuntu is full of "how can I load my ipod and log on to MSN" questions that flood the channel
<gabbs> it will be hard to place a question there methinks
<jetole> pidgin answers one of those
<jetole> but I agree
<gbooks> that is a good question.
<jetole> #ubuntu is a shit channel
<gbooks> gave up on it last night.
<soren> CrummyGummy: Err.. no.
<gbooks> let me remember!
<soren> CrummyGummy: Why on earth would I do that?
 * jetole leaves
<gabbs> yea jetole - gonna give it a shot anyway, at this point I am desperate :P
<soren> gabbs: What is your problem?
<soren> gabbs: I mean that in the helpful way.
<gabbs> heh
<gabbs> well, all I get is "Starting up ..." when booting
<soren> not the "hey, wtf is your problem?!?" way.
<gabbs> and there seems nothing I can do about it
<soren> Oh, that.
<CrummyGummy> soren: You make it sound like a bad thing? I need to setup a few virtual machines and I'd like to do that without traveling to the server room. I can't think of a better way. Just the implementation I'm not sure of.
<soren> CrummyGummy: Then I don't understand what you mean.
<soren> CrummyGummy: I don't hook up a special network console to interact with my virtual machines. I connect via vnc.
<CrummyGummy> I tried the vnc thing. It failed for some reason. (I can't remember why) I'll try that again.
<CrummyGummy> netconsole seemed like the easiest option. It just doesn't work. for me anyway...
<soren> gabbs: So you don't even get to pick a kernel in Grub?
<gabbs> I do
<gabbs> I hit ESC, get the selection, remove quiet and savedefault and all, press b to boot it then and its the same
<gbooks> hmmm.  can't seem to locate the error, but still can't seem to open the index.html page using an internal IP.
<gbooks> when I run this: netstat -lnp | grep ':80' I get this: tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      6360/apache2
<gbooks> should there be no IP or an IP other than 0.0.0.0?
<Deeps> 0.0.0.0 means it's bound to any and all ips
<soren> gabbs: Then what makes you think it's a grub issue?
<gabbs> well, tries several kernels
<gabbs> *tried
<soren> gabbs: Yes.... ?
<gbooks> duh.  I should know that!
<gbooks> then nuts, why can't I connect?
<talat> hi all i bought hp ml110 g5 server but i dont apply raid1 how can i do  ?
<talat> i use 8.04
<gbooks> in theory, by going to the server IP on my local network I should be able to hit the /var/www/index.html page, no?
<Deeps> yup
<Deeps> can you ping the server ip? can you ssh to the server? is there any firewalling on the server, or between you and the server?
<Deeps> are you sure you're not typo-ing the ip?
<soren> Any ipv6 involved?
<soren> gabbs: Did you try the recovery option?
<gbooks> that's what I thought!  any settings I may want to check?
<gbooks> no ipv6.
<gabbs> soren, I am getting somewhere :D
<gabbs> now it stops at: Checking 'hlt' instruction... OK.
<gabbs> then stops at that point
 * gabbs consults google
<soren> What's the hardware?
<gbooks> can ping.  not typo-ing IP (although I've been known to!)
<gabbs> AMD XP3000+, 1GB RAM
<soren> gbooks: I'm not sure I've heard yet what "can't connect" means...
<gabbs> (yea, oldskool)
<soren> gabbs: That should be fine.
<gabbs> it seems he fails to either find or detect the number of CPU's
<gabbs> because thats apparently the next output
<gbooks> no firewalling... I may have forgotten to mention this is a VM installation.  shouldn't make a difference... I can SSH in, and ping from the host server.
<gbooks> just can't seem to connect via http
<gbooks> thanks soren.  I usually forget key details when explaining things!
<soren> I still haven't heard what "can't connect" means.
<gbooks> not sure my message made it through
<soren> gabbs: Which kernel are you using?
<gbooks> "can't connect" is can't connect via http from host server to this VM
<soren> ...
<Deeps> does it refuse the connection or time out?
<gbooks> time out
<soren> Hang on..
<soren> You can SSH and ping from the host server, you say?
<soren> Where are you trying http frmo?
<soren> from, even?
<gbooks> from the VM host server
<soren> Ok.
<gbooks> which can ping the VM in question
<soren> ping is special, though.
<soren> It can also ssh?
<gabbs> soren, I am using linux-image-2.6.24-20-openvz
<gbooks> I can SSH from host server just fine
<soren> gabbs: Could you try a non-openvz kernel, perhaps?
<Deeps> gbooks: try restarting apache?
<Deeps> and/or try connecting from the vm to localhost
<Deeps> localhost/http to see if it can manage that
<soren> gbooks: Did you say earlier that you can connect to it from other places? Or am I just confused?
<gbooks> Deeps, just restarted via: apache2 -k restart
<gbooks> netstat looks the same as previous.
<Deeps> try to connect to the http server from the vm
<gbooks> soren, only trying from host server atm, no external IP yet...
<Deeps> use telnet/netcat/links/whatever
<Deeps> (i'm assuming you dont have a gui)
<soren> I blame firewalls.
<gbooks> let me check something...
<gbooks> I have another VM that has external IP and connects via HTTP just fine, and also cannot connect on local IP.  methinks my network is screwy!
<gbooks> I'll have to pick this up later.  Thanks Deeps!  Thanks soren!
<talat> can you help me i wanto use raid card on hp porliant ml110 g5
<talat> but hp give redhat and suse driver
<talat> how can i fix ?
<gabbs> what kernel cpu config would you set for a athlon xp ?
<gabbs> its not exactly a K7, not a a64 either
<sommer> anyone know of a way to unserialize data serialized with php's serialize function using python?
<trakinas> hello guys! big troubles with ssh...
<trakinas> http://pastebin.us/?show=m7dc3a772
<zul> kirkland: are you ok with those patches that you mailbombed yesterday
<sommer> nm, there's no built in method... sigh
<kirkland> zul: hang on
<zul> sommer: php? whats that..
<kirkland> zul: don't commit yet
<zul> kirkland: ok
<kirkland> zul: i think those patches (the ones that use status_of_proc()) are fine
<zul> kirkland: let me know when
<kirkland> zul: however, there's some discussion as whether or not status_of_proc() is complete
<sommer> zul: trying to unserialize some data from a db that's been serialized using php, but only I want to use python because it's sort of a shell script
<kirkland> zul: I'm working on another patch to status_of_proc() that I hope will satisfy a couple of questions from slangasek, lamont, and mdz
<zul> kirkland: heh good luck :)
<lamont> "questions".  heh
<kirkland> zul: thanks, i'm going to need more than luck
<kirkland> zul: i need "The Force"
<zul> sommer: heh
<lamont> kirkland: keep that ducttape away from me
<kirkland> as in "You don't need to see his identification...."
<kirkland> s/identification/justification/
<kirkland> lamont: hey, i just subscribed you to 246735
<lamont> meh
<lamont> :-)
<kirkland> lamont: i have a patch at the bottom of there that adds pidfile support to status_of_proc
<lamont> ah, ok
<kirkland> lamont: and solves the user-not-root-but-using-kill problem in a backward-compatible way
<lamont> nice
<lamont> bug 246735
<uvirtbot> Launchpad bug 246735 in lsb "status_of_proc() calls pidofproc() which calls kill, requiring ownership privileges on the process" [Medium,Fix released] https://launchpad.net/bugs/246735
<kirkland> lamont: let me know if i'm on crack ;-)
 * lamont really needs to remember the stupid url templ;ate
<lamont> bugs plural, not in the hostname, and no '+'.  got it
<lamont> status_of_proc "-p /var/run/bind/run/named.pid" bind9
<lamont> ew
<lamont> but yeah, it's not terribly insanely unreasonable
<uvirtbot> New bug: #246990 in amavisd-new (universe) "amavisd-release broken on 8.04 LTS" [Undecided,New] https://launchpad.net/bugs/246990
<Zyna> \sh, ping!
<Zyna> Can somebody help me with a svn problem? I've created a test project upon installation, now I want to completely remove it from the server... my project lies in /svn/project1/ I've deleted the entire directory however, I can still successfully co the project from my local machine. How do I delete the project from the svn server (serversided) I am aware, that I can do a svn rm, however, that would just remove the files and not the project it
<Zyna> self
 * delcoyote hi
<ctx144k> hello all
<ctx144k> anyone knows how to setup kolab2.1 with ldap 2.4 under ubuntu8.04-server?
<ctx144k> anyone knows that there exist any "ready" kolab2.2 packages for ubuntu8.04-server?
<uvirtbot> New bug: #228619 in samba (main) "samba group share not writable by group members" [Undecided,Incomplete] https://launchpad.net/bugs/228619
<ScottK> soren: Do we have a writeup on why kvm over zen?
<ScottK> zen/xen
<lukehasnoname> I haven't looked thoroughly yet, but I hope the KVM ubuntu documentation is really top-notch, because there aren't any books on KVM out. Xen has the edge on that market, and might be why it's still very popular
<sommer> oh don't worry about that... it's super duper!
<zul> super duper?
<sommer> my synonym for top-notch :)
<specialKevin> I am having issues trying to install a Hardy (8.04) DomU on top Xen Dom0, when during the install the kernel panics and the DomU shuts down and when I start it back up the install starts again
<specialKevin> 6.06 installs and runs fine with our Xen setup and if I trying to install 6.06 and then upgrade to 8.04 the only kernel that will boot is the 6.06 recovery kernel
<specialKevin> I looked through launchpad and could find a similar bug and I am not sure what component I should file a bug against or if anybody knew a similar bug report already
<specialKevin> or if anybody knows any solutions/work arounds for this problem that would be great
<telexicon> I'm trying to install 8.04.1 and when reading from the cd it eventually fails, looking at the console log there are a bunch of messages about ata exception emask 0x0 sact 0x0 (frozen) soft resetting link
<cl0s> I'm trying to install ebox, I did .. sudo apt-get install ebox ... downloaded all the libs and installed them fine then at the end it breaks when actually installing ebox..
<cl0s> The ebox group has not been set in the config file.Creating the eboxlogs database
<cl0s> i googled but couldnt find anyone with tthe exact same error message.. breaks even when i use the ebox repos...
<cl0s> dpkg: error processing ebox (--configure):  .... the entire message is .. http://pastebin.ubuntu.com/26301/
<cl0s> I'm pretty sure I had it working at one time.. then I apt-get removed it.. but I was trying to get it back and play with it again, not sure if it recently broke or it broke because I had it installed before.. i tried removing the old certs and config files it had put in before also for it to regenerate them..
<lukehasnoname> When I'm at work, I have to use IE6 for net access. Whenever I go to LP I get a "This page contains secure and nonsecure items. Continue?" error on EVERY page.
<lukehasnoname> Is there a way to disable this in IE or should LP be coded better? >_>
<ScottK> lukehasnoname: No I don't think you can disable it and in this case it's not LP that should be coded better.
<lukehasnoname> damn.
<ScottK> LP could do better about not using TLS where it's not needed, but it's a complex problem for them.
<telexicon> LP?
<Nafallo> launchpad
<kirkland> lamont: hiya
<kirkland> lamont: looks like slangasek and i have agreed upon an implementation of status_of_proc() that supports pidfiles
<kirkland> lamont: I opened a new bug with a one-liner to fixup bind9's init script as such.
<kirkland> lamont: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/247084
<uvirtbot> Launchpad bug 247084 in bind9 "bind9 init script status_of_proc() call should use pid" [Low,In progress]
<uvirtbot> New bug: #236794 in bind9 (main) "dig crashed with SIGSEGV in start_thread() (dup-of: 113417)" [Undecided,New] https://launchpad.net/bugs/236794
<uvirtbot> New bug: #247084 in bind9 (main) "bind9 init script status_of_proc() call should use pid" [Low,In progress] https://launchpad.net/bugs/247084
<kirkland> zul: https://bugs.launchpad.net/ubuntu/+source/at/+bug/247091 is ready for sponsorship
<uvirtbot> Launchpad bug 247091 in at "at init script should suppor t the 'status' action" [Wishlist,In progress]
<soren> ScottK: Not an accurate one, no.
<ScottK> soren: Since the decision in made, I think it would be highly useful to have an answer to that FAQ that we could reliably use.
<ScottK> I get asked by people who know I'm an Ubuntu dev and it'd be nice to have an accurate answer to give them.
<soren> ScottK: Sounds reasonable.
<lamont> kirkland: coolness
<nxvl> mm
<nxvl> i need to talk to foolano
<nxvl> i have found coolness with sooner augeas support
<nxvl> http://config-model.wiki.sourceforge.net/
<nxvl> :D
<uvirtbot> New bug: #247096 in dovecot (main) "dovevot init script should support the 'status' action" [Wishlist,In progress] https://launchpad.net/bugs/247096
<nxvl> kirkland: is there a list of services with missing status function to help with while augeas get accepted
<nxvl> ?
<kirkland> nxvl: owh generated a list a while back
<kirkland> nxvl: i don't remember where he put it
<kirkland> nxvl: if you have an intrepid box, grep for status) in your /etc/init.d directory
<kirkland> nxvl: rather, find scripts in /etc/init.d that don't have "status)"
<nxvl> will try
<nxvl> now i need to go for a bit
<kirkland> nxvl: see the list of bugs in https://bugs.launchpad.net/ubuntu/+source/lsb/+bug/203169/comments/33
<uvirtbot> Launchpad bug 203169 in sysklogd ""status" function for init scripts" [Wishlist,In progress]
<kirkland> nxvl: all of those have patches
<nxvl> i will figure out a way to have a list
<kirkland> nxvl: you can follow those for a model
<kirkland> nxvl: yeah, or generating a list of init scripts missing status actions
<kirkland> nxvl: i had a script that found those at one time....
<kirkland> nxvl: as did owh
<nxvl> yeah
<nxvl> by have a list i mean generate it
<nxvl> now i need to go for a bit
<nxvl> kirkland: i will ping you at night when i expect to have it
<nxvl> :D
<nxvl> read you!
<uvirtbot> New bug: #247103 in openssh (main) "ssh init script should support the 'status' action" [Wishlist,In progress] https://launchpad.net/bugs/247103
<uvirtbot> New bug: #247087 in samba (main) "samba init script status action" [Low,In progress] https://launchpad.net/bugs/247087
<Quatroking> Hi
<Quatroking> is this the channel for help with Ubuntu Server Edition?
<RoAkSoAx> Quatroking: yes it is
<Quatroking> Alright
<Quatroking> I need some help with mine, I can't get the network working.
<RoAkSoAx> mathiaz: are server guide translations going to stay in rosetta or gonna change to bzr?
<RoAkSoAx> Quatroking: ask your question :)
<Quatroking> Well, I'd like to know how I can set up my network.
<Quatroking> It won't seem to connect to it at all
<RoAkSoAx> Quatroking: you mean you want to configure an interface to connect to an specific network?
<Quatroking> Well I cant get any coinnection to my network whatsoever
<Quatroking> connection*
<Quatroking> I've tried to ping google, but then i get "connect: Network is unreachable"
<RoAkSoAx> Quatroking: pastebin your /etc/network/interfaces and /etc/resolv.conf
<Quatroking> I'm currently on an other pc as the Server has no internet connection.
<Quatroking> The server is next to me, though.
<RoAkSoAx> Quatroking: what are you using to connect to internet, switch? router?
<RoAkSoAx> do you have DHCP enabled on your network?
<Quatroking> I have a PC running Win2K which uses a WiFi to connect to the internet, and passes on the internet signal to a switch.
<Quatroking> Yes, I have DHCP enabled.
<Quatroking> The Win2K machine acts like an access point, sort of.
<Quatroking> The switch does show some network activity though
<RoAkSoAx> Quatroking: ok, so win2k is your gateway which has dhcp enabled so that your clients gain an IP address dynamically, right?
<Quatroking> Yes.
<RoAkSoAx> Quatroking: ok so, check your /etc/network/interfaces file an should show something like: iface eth0 inet dhcp
<Quatroking> how do i open the file again?
<Quatroking> i forgot the command.
<RoAkSoAx> Quatroking: cat /etc/network/interfaces will show the file contents
<Quatroking> it says
<Quatroking> "auto lo
<Quatroking> iface lo inet loopback"
<RoAkSoAx> Quatroking: ok, so that means that your network card is not there, do this now: ifconfig
<RoAkSoAx> and tell me if it shows information for eth0 or eth1 or something like that
<Quatroking> no eth0 or eth1.
<Quatroking> only that lo again
<RoAkSoAx> Quatroking: maybe your network card has not been recognized or something like that.. try using lshw and see if it shows your network card
<RoAkSoAx> or ping 127.0.0.1 to see if loopback is working
<Quatroking> it throws down a whole list, how can i read all of it?
<Quatroking> and pinging works
<RoAkSoAx> Quatroking: lshw | more or you can filter by: lshw | grep "string"
<Quatroking> how do i stop the pinging?
<RoAkSoAx> Quatroking: try issuing a: sudo ifup eth0 or sudo ifup eth1 or restarting networking sudo /etc/init.d/networking restart
<RoAkSoAx> Quatroking: Ctrl +C
<RoAkSoAx> what i'm guessing is that your network card has not been detected when you installed ubuntu server...
<RoAkSoAx> you can try modifying /etc/network/interfaces and add: auto eth0 iface eth0 inet dhcp
<RoAkSoAx> auto eth0
<RoAkSoAx> iface eth0 inet dhcp
<Quatroking> "Ã¯gnoring unknown interface eth0=eth0."
<RoAkSoAx> Quatroking: what about eth1
<Quatroking> same but with a 1
<RoAkSoAx> Quatroking: ok so it seems that your network card has not been detected
<Quatroking> how do I install it?
<RoAkSoAx> Quatroking: what network card are you using?
<Quatroking> I got two cards in it, a 3com and an intel
<RoAkSoAx> !help
<ubottu> Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://tinyurl.com/5zfb6t - Usage info: http://wiki.ubuntu.com/UbuntuBots
<Quatroking> i can check the product code of the 3com, but  I don't know about the intel
<Quatroking> the 3com is intergrated by the way
<RoAkSoAx> Quatroking: so is it a 3com network card or intel network card?
<Quatroking> both.
<Quatroking> it got 2 cards.
<Quatroking> one intergrated and one in the PCI bay
<RoAkSoAx> Quatroking: those are the supported 3com cards: https://wiki.ubuntu.com/HardwareSupportComponentsWiredNetworkCards3Com?highlight=(3com)
<mathiaz> RoAkSoAx: nope - the server guide translation should stay in rosetta
<mathiaz> RoAkSoAx: We'd probably try to get rid of the po file in the bzr branch
<mathiaz> RoAkSoAx: and add them only when uploading a src deb
<RoAkSoAx> mathiaz: ok cool (btw, discard my comments in your blog :))
<Quatroking> oh, i was wrong, the 3com is in the pci bay, and the intel is intergrated
<mathiaz> kirkland: are you doing some iso testing for alpha2 ?
<kirkland> mathiaz: not at the moment
<mathiaz> kirkland: I've tried to boot a test install in kvm and it doesn't work AFAICT
<kirkland> mathiaz: i'm finishing the init script stuff
<Chipzz> mathiaz: I only realized this after you left... zend-framework is something totally different; zend-framework is a set of php classes (ie php files), zend-platform and zend-optimizer are zend extensions. so zend-framework is of no use to me packaging wise ;)
<kirkland> mathiaz: yeah, kvm is hosed for intrepid right now
<RoAkSoAx> Quatroking: try using a live cd and verify is the cards are recognized... otherway you'll have to install the drivers manually... and sorry got to go
#ubuntu-server 2008-07-10
<mathiaz> kirkland: yeah - I noticed the amount of LP bug mail related to that :)
<Quatroking> ...
<Quatroking> The Live Cd doesn't work on it :(
<kirkland> mathiaz: i have one physical machine running Intrepid i'm using for the init script testing and development
<kirkland> mathiaz: i can repurpose it for iso testing thereafter
<mathiaz> kirkland: that would be great - as of the timeframe, alpha2 is due tomorrow
<mathiaz> kirkland: so having testing done by then would be helpfull :D
<kirkland> mathiaz: :-/
<gbooks> hi all!
<gbooks> trying to set up mod_rewrite... ran the ln -s... command and then wen to do: apache2 -k restart and got error:
<gbooks> apache2: bad user name ${APACHE_RUN_USER}
<hads> `sudo a2enmod rewrite` is what you should be running
<gbooks> hads, thanks!  that did it!
<hads> np
<zul> kirkland: lemme know when its really done :)
<kirkland> zul: okey doke
<kirkland> it's all really done
<kirkland> zul: i've subscribed you to the bugs I need sponsoring
<kirkland> slangasek sponsored the lsb upload
<kirkland> and slangasek sponsored the one for samba
<zul> kirkland: cool
<kirkland> zul: see https://bugs.launchpad.net/ubuntu/+source/lsb/+bug/203169/comments/33
<uvirtbot> Launchpad bug 203169 in sysklogd ""status" function for init scripts" [Wishlist,In progress]
<kirkland> zul: that comment has links to each of the bugs
<kirkland> zul: with patches that require uploads
<kirkland> zul: take a look and see if they're okay
<zul> kirkland: cool ill do it first thing tomorrow just trying to get liam to go to slee
<kirkland> zul: if they are, I'm going to write a wiki page on how to create similar patches for any other generic server package
<kirkland> zul: nxvl expressed an interest in helping
<zul> kirkland: cool
<kirkland> zul: there are dozens (hundreds? thousand+?) of other init scripts that could use this
<kirkland> zul: should be done in Debian, obviously
<kirkland> i'll push each of these patches to Debian
<zul> kirkland: sounds good to me
<kirkland> mathiaz: i'm downloading ISO's now
<mathiaz> kirkland: great ! thanks for help testing the new isos
<hessml> does anyone here have an opinion about managed switches - brands that you like or dislike?
<Jberg88> hi, is anyone in here?
<ScottK> Yes
<ScottK> lamont: Ping.
<ScottK> lamont: I'm looking for a policy compliant way to add another service to master.cf to reinject mail from amavisd-new after scanning.
<Jberg88> oh ok I was wondering if i would loose my google apps if i were to use BIND9 for my home webserver
<ScottK> How is it you think those are related?
<Jberg88> I don't know.
<ScottK> Then it seems like an odd question to me.
<pschulz01> Greetings.. what is the 'best way' to add new users to a ubuntu-server box?
<ScottK> pschulz01: See man adduser
<pschulz01> ScottK: Ta. Is there a command to list the deatils of a user? (regardless of if they are registered via LDAP or passwd)
<pschulz01> (Different system)
<ScottK> Dunno.
<pschulz01> I remember that 'ypcat' kind of worked for systems that used NIS.
<sommer> pschulz01: try the id command: id username... gives you some information anyway
<pschulz01> .. and 'id' shows me groups. I was after the rest of the password info.. particularly 'shell'
 * ScottK me slaps the entire Ubuntu Server team (except sommer) in the head via email.
<sommer> ScottK: Bug #247144
<uvirtbot> Launchpad bug 247144 in libsocket6-perl "MIR for libsocket6-perl" [Undecided,New] https://launchpad.net/bugs/247144
<ScottK> Kewl.
<ScottK> sommer: Thanks.  I really appreciate you working on it.
<sommer> np, hopefully its complete :)
<ScottK> sommer: You ready for me to review it?
<sommer> ScottK: yep, I think its complete
<ScottK> Is it really dbs?
<sommer> it says it in the control file... and there's an include in the rules file for dbs-build.mk
<sommer> wasn't really sure what dbs was, but looked like a patch system
<sommer> also the debian policy on the package is rather dated :(
<ScottK> It's the predecessor to cbds.
<sommer> ah, I'm not sure that it's actually doing anything, but it's there
<ScottK> What version do you have.  My says 3.7.3.0?
<ScottK> And compat = 7
<ScottK> I think you reviewed an old version of the package.
<sommer> libsocket6-perl_0.19-1
<ScottK> You want 0.20-1
<sommer> ah balls, I wasn't in my intrepid chroot... doh
<ScottK> ;-)
<sommer> I'll update the mir
<ScottK> sommer: dbs is part of the packaging system, not a patch system.
<sommer> ah, gotcha
<sommer> ScottK: updated, the rest of the questions still pertain... at least I think so
 * ScottK looks again.
<ScottK> sommer: 3.6/3.7 in standards version.  What work does it need?
<sommer> Homepage field, is really the only one I can think of, so I figured there may be more
<sommer> heh, just read your email... kind of spooky that I was working on another one when you were writing that
 * ScottK bets not.
<ScottK> Thanks again for your work on this.
<sommer> fair enough, I'll soften the language on that question
<sommer> np
<sommer> what's the deadline for MIRs?
<ScottK> Approval by feature freeze.
<sommer> ah, so we've got some time :)
<sommer> libsocket6-perl updated again
<ScottK> You need to mention dbs
<sommer> as a patch system?
<ScottK> As part of the packaging system.
<sommer> ScottK: or as a dependcy?
<ScottK> Tarball in Tarball is worth a mention as a packaging oddity.
<ScottK> It makes patching MUCH harder and so it a supportability consideration.
<sommer> ya, I wondered about that, but I've seen another package like that
<ScottK> It's odd, but not impossible.
<ScottK> Also it does have a test suite.
<helfire> acl's rock
<helfire> just thought i'd throw that out there
<sommer> ScottK: do you get that from the dh_testdir in debian/rules?
<sommer> oooohhhh, the "t" directory
<ScottK> Yes.
<sommer> but is it used in the package?
<ScottK> Not sure.  Looking.
<helfire> would it be safe to give www-data an acl for r-x to /var/www so apache will default have access to all new users
<sommer> helfire: should be, as far as I know
<helfire> if someone hacks the user www-data, i have bigger issues anyways i'd suppose
<sommer> heh, your pretty much in a world of pain at that point... I'd also keep an eye on who's in the www-data group also
<helfire> ya, using acl's no one should really be in it
<ScottK> sommer: It's listed in the MANIFEST, so I know it gets installed.  Not sure about running it.
<sommer> ScottK: if it were being run wouldn't that be in the debian/rules file?
<ScottK> Run at install, not during build.
<ScottK> There's some Perl specific magic for that that I don't recall how works.
<sommer> ah gotcha, I can look into that
<ScottK> Other than that, I think it's good.
<sommer> cool, thanks
<helfire> well /var/web/user/phptemp wont work unless i chown it back to www-data:www-data (even with proper acl's)
<helfire> nevermind i did it recursive so all the sessions got changed as well :)
<helfire> does anything report ACL violations?
<pschulz01> ping.. anyonw have experience with ssmtp ? I just installed and does exactly what I want it to do..
<sommer> pschulz01: I use it for simple mail testing with mutt
<pschulz01> Is there anything tricky about it at all???
<pschulz01> sommer: I have installed it on a gateway box that doesn't need to have a mailserver on it.
<pschulz01> sommer: This is to get sysadmin emails off the system.
<sommer> pschulz01: I've never noticed anything tricky... I think as long as you don't want it to do anything too complicated it'll work great for you
<sommer> basically as long as it has somewhere to relay mail off of ssmtp is great
<pschulz01> sommer: :-) .. well it hasn't open any ports, which is an excellent start.
<pschulz01> opened
<sommer> yep, I kind of think of it as just the sendmail binary and not the sendmail service
<sommer> but I'm also not sure how accurate that analogy is :)
<CrummyGummy> Elo
<redguy> hi
<redguy> my gutsy LTSP server stopped working after a minor update. .xsession-errors files in users' ~ complain about MAGIC-COOKIE . Anyone has an idea what might go wrong?
<kraut> moin
<nandersson> What has OpenSUSEs Build Service that Launchpad doesn't? I'm asking as I write for Swedish tech-mag TechWorld Open Source and I'm curious
<nandersson> I.e could OpenSUSE Build Service be of any use for Ubuntu?
<blue-frog> the opposite you mean
<nandersson> blue-frog, Yes, could be - in what way do they complement eachother
<blue-frog> no idea
<j0nr> hello
<j0nr> anyone able to help me set up vnc?
<j0nr> I need an understanding to the difference between whether you log into an existing sessions or start a new one
<ATA_Dark_Shadow> greetings, if you would need to choose a mailserver with very good connection to php, to send thousands of emails an hour, what would you choose? sendmail rather then qmail?
<hads> Most MTAs can send a large amount of emails without difficulty.
<xt> ATA_Dark_Shadow: postfix
<ATA_Dark_Shadow> hmm
<ATA_Dark_Shadow> ill try postfix then, as its already installed :)
<hads> I'd be more worried about PHP than the choice of mail server
<xt> truth (:
<jdstrand> soren: can you accept my email to ubuntu-server ml. I think I got it all straightened out (finally)
<soren> jdstrand: will do
<jdstrand> soren: thanks
<soren> done
<jdstrand> \o/
 * soren <3 listadmin
<jdstrand> ?
<soren> Yes, I'm hooking up file descriptor three to read from listadmin.
<soren> (It's actually meant to resemble a heart)
<jdstrand> ah-- sideways
<soren> It's the way all the cool kids say that they like something.
<henkjan> :)
<jdstrand> with my aliased font, it really doesn't look much like a heart
<soren> Yeah. I think kids use their computers lying down more than they used to. :) <3 etc.
<jdstrand> heh
<ogra> soren, see and i thought it was a damsel from the top (looking up)
 * jdstrand I was really interested in soren's use of file descriptor 3 for a moment
<jdstrand> s/I//
<jdstrand> (darn third person references)
<soren> jdstrand: That's where love is. Apparantly.
<zul> morning
<jdstrand> hi zul!
 * soren finds it slightly confusing, too.
<zul> hey jdstrand
<soren> zul: Hey, Chuck.
<zul> soren: Hey, Soren.
<jdstrand> soren: love is found in file descriptor 3!?! neat-- that is an answer to one of life's great questions
<soren> jdstrand: Yep. You heard it in #ubuntu-server first.
 * soren breaks for few minutes
 * jdstrand notes soren is useful for all sorts of things
<zul> jdstrand: unless you are hans reiser
<jdstrand> zul: dude, you're obsessed with that guy ;)
<zul> jdstrand: i think the jokes are humorous
<jdstrand> though I admit, I did see that thing on him last night (20/20?)
<zul> he was on again last night/
<zul> i think I was watching futurerama :)
<kraut> what's the difference between 8.04.1 and 8.04?
<Deeps> in windows lingo, service pack 1
<kraut> ok, just another release
<kraut> and from the point of a server-os, are there relevant changes?
<Deeps> release info + changelog should have that info
<kraut> ok
<kraut> that info is missing on: https://wiki.ubuntu.com/Releases?highlight=(releases)
<Deeps> kraut: release info as in the announcement: https://lists.ubuntu.com/archives/ubuntu-announce/2008-July/000112.html
<kraut> Deeps: thanks
<sommer> morning
<lukehasnoname> morning
<zul> hi sommer
<lukehasnoname> http://en.wikipedia.org/w/index.php?title=Comparison_of_file_systems&oldid=220529437#Features
<lukehasnoname> rightmost column
<dthacker> not funny
<lukehasnoname> k
<ScottK> lamont: Would you have a moment to put your Postfix maintainer hat on for a discussion?
<lamont> meh.  just for you dear.
<lamont> :-)
<lamont> wassup?
<ScottK> I'm trying to come up with a policy compliant way to automagically integrate amavisd-new into Postfix.
<ScottK> All the main.cf stuff I can do through postconf.
<lamont> main.cf changes: postconf -e.  master.cf changes: erk
<ScottK> Yeah.
<lamont> I'd welcome a patch to postconf (or new utility) to add/remove/edit bits in master.cf.....;
<ScottK> Would you be willing to consider a helper script in the postfix package that would append the needed stuff on the end.
<ScottK> Add I can do.  Remove is fraught with peril.
<lamont> agreed
<lamont> I was hoping you'd give me edit to. :))
<ScottK> ;-)
<ScottK> I was thinking something like postfix-add-filter $FILTERNAME $PORT_TO_LISTEN_ON
<ScottK> With a man page to explain.
<lamont> it'll take more args than that, I expect... like command args for example..
<lamont> but yeah
<ScottK> Start simple and standard and then add complexity as we go.  The amavisd-new docs have a very nice sample.
<lamont> heh. yeah
<lamont> sounds like a plan
<ScottK> OK.
<ScottK> Do you care if it's shell or python?
<ScottK> lamont: ^^^
<lamont> python has less scary auto-expansion crap in it/
<zul> kirkland: ping me when you are around?
<ScottK> Instead of pinging you when he's not around?
<helfire> Is there a way to make an image of a remote server then transfer it to my desktop and use it as a virtual server?
<helfire> like with dd or simialr
<soren> Yes.
<helfire> any guide or tips on how it's done :)
<soren> with dd or simialr.
<soren> I think it's easier if you tell me that parts you're not sure about.
<helfire> haha, well i vaugly know how dd works. My server has only 1 partition so can i dd to the same partition i'm reading?
<soren> No.
<helfire> didnt think so
<helfire> i can dd to a stream though, but my home connection is only 7mbps
<helfire> so 16 gigs would take a while, but probably doable
<soren> You can't shut the server down while you do it?
<helfire> no it's remote colocated in FL and i'm in MN :)
<soren> Is that Montana or Minnesota? I forget?
<ScottK> Minnesota.
<helfire> yup
<soren> Ok, not *that* bad, then :)
<ScottK> It's a long way either way.
<ScottK> Compared to .dk, I guess not.
<helfire> haha only a 300$ plane ticket now adays
<soren> At any rate, I don't see how it being far away relates to whether you can shut it down?
<helfire> and i'm sure they wouldnt let me in the server room
<soren> What would you do if it crashed? Cry and buy a new one?
<helfire> well i can shut it down i suppose, but how would that help me?
<helfire> yes :P
<soren> Well, most colo's that I know of offer some sort of recovery boot option. From there, I can access the hard drives and such without them being moutned.
<helfire> hmm, i guess i havent looked into that
<soren> So my question wasn't so much of a "can you reach the power button", but more of a "would a few hours of downtime be a huge problem"?
<soren> Again:
<soren> What would you do if it crashed? Cry and buy a new one?
<helfire> downtime at night wouldnt be a problem
<kirkland> zul: hey, give me a half hour or so to get my day going ;-)
<zul> kirkland: sure ill be here
<soren> Say you smashed your /etc/passwd and couldn't log in... What'd you do?
<helfire> call them and figure out their recovery options
<helfire> but i dont know them since i never have needed to use them
<soren> The thing is... dd won't detect if stuff you've already read has changed and such, so if you dd a runnning system's drives off to somewhere else, the filesystem integrity is out the window.
<soren> ...but if this is just for fun and giggles, that's probably not a bit problem.
<soren> If, however, you're doing it to set up a serious testing environment of some kind, then it's one heck of a problme.
<soren> problem, even.
<helfire> this is just for fun
<soren> no giggles?
<helfire> never
<soren> Oh. then i'm not sure.
<soren> You could try.
<soren> There's nothing lost (apart from time and bandwidth) if it doesn't work.
<helfire> i could just install 7.10 in vmware, copy the user space and file i know i've changed in /etc/, get a list of installed programs from apt and sync them, it would be a realitivly close copy
<soren> Oh, sure, if that's sufficient for you, just do that.
<helfire> probably :)
<soren> dpkg --get-selections and dpkg --set-selections are going to be handy.
<helfire> thanks
<soren> "dpkg --get-selections > foo.lst" on the source, and then "dpkg --set-selections < foo.lst ; dselect install" on the destinatino.
<soren> destionation, even.
 * soren is having a bad typing day
<helfire> yup, that should be good enough for me. Will give that a go this weekend
<zul> kirkland: ping so those patches have been blessed?
<cl0s> i'm having trouble with installing ebox..
<cl0s> getting this errror..
<cl0s> dpkg: error processing ebox (--configure):
<cl0s>  subprocess post-installation script returned error exit status 1
<cl0s> Errors were encountered while processing:
<cl0s>  ebox
<cl0s> E: Sub-process /usr/bin/dpkg returned an error code (1)
<cl0s> i tried to remove it, but i get the same error..
<dexem> probably it's showing more related errors
<cl0s> ubuntu 8.04 server ... only things its running/ has installed is openssh-server, vsftpd & svn server..
<cl0s> ill paste bin the entire thing.. 1 sec.. by the way its the latest from launchpad that they recommend on the ubuntu wiki and ebox site..
<cl0s> the repo version was giving me the same results also though..
<cl0s> ubuntu repo*
<cl0s> http://pastebin.ubuntu.com/26473/
<kirkland> zul: okey doke, what up
<kirkland> zul: break out the vial of holy penguin pee
<zul> kirkland: those status patches have the go ahead now?
<zul> eww :)
<kirkland> zul: for the blessing
<zul> kirkland: ok Ill do that now then
<kirkland> zul: let me check my mail and see if I got any show stopping responses
<zul> got the bug # handy as well?
<soren> It's funny how "show stoppers" used to be a good thing.
<kirkland> zul: start at https://bugs.launchpad.net/ubuntu/+source/lsb/+bug/203169/comments/33
<uvirtbot> Launchpad bug 203169 in sysklogd ""status" function for init scripts" [Wishlist,In progress]
<kirkland> that comment has links to all of the other bugs
<zul> kirkland: merci buckets
<soren> u has a bukkit?
<zul> I do, its full of monkeys
<soren> Wicked.
<kirkland> zul: yep, no negative responses
<kirkland> zul: those are ready then
<zul> sweet
<kirkland> zul: once Debian accepts the latest lsb-base patch, I'll push all of these to Debian
<zul> kirkland: yep yep
<kirkland> zul: also, i might need some MIR help from you today
<kirkland> zul: dendrobates said you're da man for MIR's
<zul> kirkland: sure
<zul> kirkland: samba has already been taken care of correct?
<zul> and lamont is ok with the one for bind?
<kirkland> zul: slangasek "approved" it in IRC, but it doesn't look look like he's applied it yet
<kirkland> zul: you can leave that one, if you want, and I'll ping slangasek in IRC later today
<kirkland> zul: or you can apply it
<kirkland> zul: see #ubuntu-devel yesterday
<kirkland> zul: grep for "B+"
<zul> kirkland: k
<lamont> zul: and uploaded.. well, modulo fixing it for yesterdays thing
<lamont> which will land in -3 sometime soonish
<lamont> kirkland: I assume the syntax in -2 will still _work_ with the new status_of_proc, yes?
<kirkland> lamont: yes, if you don't pass it a -p $pid
<kirkland> lamont: -3 is needed if you want -p $pid
<zul> kirkland: cjwatson ok with ssh as well?
<kirkland> zul: I have not spoken with cjwatson
<lamont> kirkland: that's what I'll be adding. :-)
<kirkland> i can ping him, if you like
<zul> kirkland: please
<kirkland> okay, i'll move that over to #ubuntu-devel
<cl0s> how would i search for and remove gconf modified keys set by ebox?
<soren> mathiaz: I'm curious about the timeline for your openldap cn=config work?
<mathiaz> soren: I'm planning to get something done by the end of this week so that I can get a review from slangasek during next week sprint
<mathiaz> soren: are you looking for something particular in the cn=config migration ?
<soren> mathiaz: Sounds great. I have a bit of a pet project that needs it :)
<mathiaz> soren: a new feature ?
<mathiaz> soren: what would you require ?
<soren> If just cn=config would be enabled by default, that would should be more than enough.
<mathiaz> soren: well - you can already setup cn=config - you just need to convert slapd.conf manually and modify /etc/default/slapd to point to your /etc/ldap/slapd.d/ directory
<soren> Sure, I know.
<mathiaz> soren: slapd already supports cn=config for quiet some time
<soren> ..but is this is going to be the default from now on, I'm not going to spend time automating that process for my little use case.
<soren> And I do believe this is going to be the default, right?
<mathiaz> soren: yes - that's my plan
<soren> Good.
<soren> I might try to sell my little pet project to one of you guys next week :)
<kirkland> mathiaz: zul: have a look at https://wiki.ubuntu.com/InitScriptStatusActions when you get a chance
<kirkland> I put step-by-step instructions in there for adding status actions to init scripts
<kirkland> mathiaz: zul: as soon as Debian's lsb takes the patch, I'll merge lsb again for Intrepid, and then I'll send a note out to the ubuntu-server@ mailing list asking for some volunteers
<zul> kirkland: sounds good to me
<kirkland> zul: since you've looked at a bunch of these patches now, you might have additional advice to add to that page
<zul> kirkland: sure I can think of openvpn at the top of my head
<kirkland> zul: oh, well, i meant more the instructions for how to create/test/submit an appropriate patch for this
<kirkland> zul: i link to owh's page where he has lists of packages that need this
<mathiaz> jdstrand: kees: what's the state of bug 227464 ?
<uvirtbot> Launchpad bug 227464 in php5 "Please roll out security fixes from PHP 5.2.6" [Undecided,Fix released] https://launchpad.net/bugs/227464
<kirkland> mathiaz: jdstrand: kees: fwiw, I have a php5.2.6 for Hardy built in my PPA, if that helps your testing/review
<jdstrand> mathiaz: kees is handling that one, but we'll talk about it
<jdstrand> kirkland: that is most helpful
<uvirtbot> New bug: #247316 in samba (main) "winbindd segfaults regularly" [Undecided,New] https://launchpad.net/bugs/247316
<lamont> so after I create the file in /etc/event.d, how do I make whatever decide to notice that it's there?
<uvirtbot> New bug: #247332 in postfix (main) "Please add a script to allow filter services to be programatically added to master.cf" [Wishlist,In progress] https://launchpad.net/bugs/247332
<bdmurray> kirkland: doc search rules
<kirkland> bdmurray: ;-)  i like your enthusiasm
<kirkland> bdmurray: have you seen the manpage archive I created?
<kirkland> bdmurray: http://ubuntu.dustinkirkland.com/manpages/
<bdmurray> kirkland: no, not yet.  I like how doc search can help augment my memory
<kirkland> bdmurray: the manpage repo is nice for reading manpages that you don't have installed on your system
<kirkland> bdmurray: or perhaps from older/newer ubuntu versions that you have installed on your system
<kirkland> bdmurray: if I could bribe kees into auditing the code, I could get it onto ubuntu.com :-P
<bdmurray> kirkland: maybe you'll get that chance next week!
<kirkland> bdmurray: true dat.  you're in London, I assume?
<bdmurray> kirkland: Indeed, that made the most sense
<mm_202> Hey guys, is there a way to get chown / chmod to affect hidden files / dirs as well?  I do a 'chmod -R a+r *', but it skips '.svn', etc..
<kees> mm_202: I use "." instead of "*" for that.
<mm_202> hmm.  Yep, that makes sense.
<mm_202> Thank you, kees!
<kees> mm_202: your shell expands the "*" to all non-hidden files before chmod goes recursive on your list.  using "." means chmod does the recursion from "."
<kees> mm_202: np :)
<mm_202> heh, yeah, forgot about the shell expandion...
<kirkland> zul: can you review https://wiki.ubuntu.com/MainInclusionReportEcryptfsUtils
<zul> kirkland: looks good to me
<kirkland> zul: thanks.  now what?
<kirkland> :-P
<zul> kirkland: file a bug in launchpad subscribe ubuntu-mir and wait
<kirkland> zul: k
<kirkland> zul: one bug per MIR, or per batch?
<kirkland> zul: I have a total of 5 that go together
<zul> one bug per MIR
<W8TAH>  hi folks -- im running samba on ubuntu hardy server -- working with my MS active directory -- user authentication works a treat -- but members of the group cannot access the folder even though the folder is 770
<W8TAH> smb.conf is at http://www.pastebin.ca/1068355
<ScottK> kirkland: When I have several that are related, I mention that in the bug.
<kirkland> ScottK: separate bugs?
<ScottK> Yes.
<kirkland> ScottK: one per MIR?
<kirkland> k
<ScottK> Yes.
<kirkland> zul: can you add your name as a reviewer of https://wiki.ubuntu.com/MainInclusionReportEcryptfsUtils if you're happy with it?
<warchief_ryan> anyone know why my server box was unresponsive when I woke up? I guess mainly the interface as I was still able to reboot it once I got the keyboard out...
<zul> kirkland: consider it dne
<kirkland> zul: can you review https://wiki.ubuntu.com/MainInclusionReportPkcs11Helper next?
<sommer> warchief_ryan: did you have a balanced breakfast before checking it?
<warchief_ryan> not really
<W8TAH>  hi folks -- im running samba on ubuntu hardy server -- working with my MS active directory -- user authentication works a treat -- but members of the group cannot access the folder even though the folder is 770
<W8TAH> smb.conf is at http://www.pastebin.ca/1068355
<zul> kirkland: I was doing that one as well this morning: https://wiki.ubuntu.com/MIRpkcs11
<sommer> warchief_ryan: that explains it :-)
<kirkland> zul: no way :-)
<kirkland> zul: for what?
<zul> there was a request to add smartcard support for openvpn
<zul> and I thought it was a good idea
<kirkland> gotcha
<sommer> W8TAH: is it a unix group or an AD group?
<W8TAH> AD group
 * kirkland goes read zul's MIR for MIRpkcs11
<zul> kirkland: lets merge them
<kirkland> zul: k
<sommer> W8TAH: does Samba know about the AD group?
<warchief_ryan> W8TAH: check the shares owner/group
<W8TAH> yes - it does --
<kirkland> zul: Upstream is vigorous.  :-)
<W8TAH> owner is set to my user
<kirkland> zul: it hasn't been touched since 2007-12
<W8TAH> group is set to the all faculty group
<kirkland> zul: I called that "calm"
<W8TAH> which my user is part of
<kirkland> zul: how about I add your differences to my report, and you review mine?
<zul> kirkland: sure update the bug number in your report and then delete mine
<kirkland> zul: done, review https://wiki.ubuntu.com/MainInclusionReportPkcs11Helper and add your name to the bottom
<kirkland> zul: still saving ....
<kirkland> saved
<zul> kirkland: done
<kirkland> zul: deleted your page with a message pointing to the merged named
<warchief_ryan> was about to say why hes using 'inherit permissions = yes nt, acl support = yes'
<warchief_ryan> with the forces
<warchief_ryan> and to check the permissions
<warchief_ryan> im out
<zul> kirkland: and update the bug as well
<kirkland> k
<uvirtbot> New bug: #247365 in samba (main) "Cannot copy complete files to NAS (samba server)" [Undecided,New] https://launchpad.net/bugs/247365
<kirkland> zul: next one for you.... https://wiki.ubuntu.com/MainInclusionReportTrousers
<ph8> how do i see all bugs in ubuntu server? do you just grab general ubuntu bugs that could be server related?
<mathiaz> ph8: https://bugs.launchpad.net/~ubuntu-server/+packagebugs is a good place to start
<ph8> thanks mathiaz, and how do i know which packages not to bother with (ones that will be dealt with by 'upstream' is the terminology?)
<mathiaz> ph8: none - we're all looking after all the bugs in there
<mathiaz> ph8: I'm not sure what you mean exactly
<mathiaz> ph8: all the bugs listed there have been reported by Ubuntu users - so they need to be triagged correclty
<ph8> well for example, a while back i put in a patch for a simple mysql bash script that had a bug against it, but my patch was overriden because the debian team fixed it
<ph8> ah ok, i'll read the wiki about the procedure
<ph8> what do you do when a bug is the responsibility of the php devs for example? Leave it open till they amend php and the MOTU have put it into a package?
<gegema> My server time seems to always fall behind for some reason. At first install it was about 8 mins behind. I did an ntpdate (ntp.ubuntu.com) to sync it.... but it was still falling behind. I tried adding the ntpdate command asa CRON job but kep on getting errors from CRON.
<gegema> 1) Why does the server time keep on falling behind? ( I haven't noticed this on my Desktop)
<gegema> 2) how do I enter CRON jobs that need to run as root?
<gegema> PS. cron.daily was done per instructions on http://doc.ubuntu.com/ubuntu/serverguide/C/NTP.html
<sommer> gegema: sudo crontab -e
<sommer> for number 2
<sommer> for number 1... could be the battery on your mother board, or another hardware issue
<kirkland> zul: hey, you still around?
<gegema> sommer, yeah but if ntpdate needs to run as root and I just enter the ntpdate command in cron, will it run as root?
<sommer> gegema: if it's in root's crontab then yeppers
<gegema> Cool deal... now I need a refresher on cron entries
<gegema> sommer: Thanks!
<sommer> np
<quatroking> Hello
<quatroking> I was wondering, what packets do I need to run a LAMP?
<quatroking> Anyone?
<Brazen> "sudo apt-get install php5-mysql mysql-server" should pull in everything you need.
<quatroking> thank you.
<Brazen> php5-mysql will automatically pull in Apache and the php module as dependencies.
<quatroking> Alright.
<Nafallo> there is some magic to install the task as well.
<quatroking> It should all work in Xubuntu, right?
<Nafallo> I can never remember what the magic is though :-/
<quatroking> Ubutnu Server Edition won't seem to install my network card.
<quatroking> *ubuntu
<Nafallo> quatroking: sudo apt-get install lamp-server^
<Nafallo> :-)
<quatroking> sounds even easier.
<Brazen> depending on the version of Ubuntu, there may not be a "lamp-server" metapackage.
<quatroking> Its kinda strange how the Server edition wont install my network cards, while Xubuntu does
<quatroking> But at least I now directly have a handy GUI I like.
<Brazen> that IS strange
<Nafallo> Brazen: I'm pretty sure that existed in dapper already?
<Brazen> Nafallo: I double checked on a Dapper server and aptitude did not find it.
<Nafallo> Brazen: strange. I checked on LP and php5 seems to have some relation to that.
<Nafallo> anyway. why would someone install the previous LTS now?
<quatroking> Couldn't find the lamp-server package in 8.04
<Nafallo> quatroking: not a package. it's a task. hence the ^ behind
<quatroking> oh.
<quatroking> well it couldn't find the task then.
<quatroking> its now downloading the php and mysql stuff
<Nafallo> that sounds quite extremely odd.
<Brazen> I still use Dapper, but that's because I know it inside out and haven't taken the time to QA Hardy yet.
<quatroking> oh, it was a
<quatroking> ^
<quatroking> i've read *
<quatroking> will try again after its done with the php and mysql
<quatroking> Is it hard to configure mysql by the way?
<quatroking> I'm used to configuring it on webhosts, not on an own server
<Brazen> You can put phpmyadmin on your lamp server
<quatroking> Awesome, i've worked with that before.
<Brazen> There is a package for it, but I prefer to download the sources.  It's all just regular php files.
<quatroking> those can be used to configure the server from other pc's through the web, right?
<quatroking> just like they do on webhosts
<Brazen> yes, from any computer that can access the website being hosted on the server.
<quatroking> just insert the login data and full access.
<quatroking> thats a lot easier than I tought
<Brazen> yes, there is a little bit of setup, but it's been too long since I've done it to get to specific.  I think you just browse to a setup page, put in your database server information and then it creates a config file for you.
<Brazen> Then you just login and go nuts.
<quatroking> nice.
<quatroking> Just like IPB andphpBB, just install it with a page and everything is configured already
<Brazen> yeah
<quatroking> Alright, the LAMP is installed.
<quatroking> install the phpmyadmin sources now?
<Brazen> browse to http://localhost first to make sure Apache is workinng
<quatroking> lets see
<zul> kirkland: im quasi around
<quatroking> haha, Ãt Works!
<kirkland> zul: ogey doke...  just filed the mir bug for ecryptfs-utils https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/247400
<uvirtbot> Launchpad bug 247400 in ecryptfs-utils "main inclusion request: ecryptfs-utils" [Undecided,New]
<zul> kirkland: nifty
<kirkland> zul: but also, i have a patch that significantly simplifies the MIR for ecryptfs-utils: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/247389
<uvirtbot> Launchpad bug 247389 in ecryptfs-utils "ecryptfs-utils build should not depend on libltspi or libopencryptoki-dev " [Undecided,New]
<kirkland> zul: there are a couple of not useful, not required build deps that should be removed
<quatroking> brazen: install the myphpadmin sources now/
<quatroking> ?
<Brazen> quatroking: then yeah, you should just be able to extract the sources to the document root (I think it's like /var/www/html_docs) and then browse to the setup file
<kirkland> zul: I've filed it with Debian upstream too: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490233
<uvirtbot> Debian bug 490233 in ecryptfs-utils "ecryptfs-utils build dependencies" [Normal,Open]
<Brazen> quatroking: you'll probably have to read the phpmyadmin documentation to find out exactly what file you have to browse to.
<quatroking> How can I obtain full rights to var/www/ again?
<zul> kirkland: you want me to sponsor that upload tomorrow?
<kirkland> zul: yes, if the Debian maintainer doesn't take it immediately
<kirkland> zul: i suspect he will
<zul> kirkland: nifty if he does we can merge it if he doesnt then we will upload it
<zul> and im off to the park with liam
<Brazen> quatroking: I would use sudo to copy the files in there, or else chown the directory to your username ( " sudo chown -R username /var/www" )
<quatroking> okay
<kirkland> zul: adios
<lamont> so after I create something in /etc/event.d - how do I make the system notice?
<ScottK> kees or jdstrand: I'm uncertain if Bug #247409 should remain private or not.  I'd appreciate it if you'd look and see.
<uvirtbot> ScottK: Bug 247409 on http://launchpad.net/bugs/247409 is private
#ubuntu-server 2008-07-11
<osmosis_> Im still stuck with this apache thread high memory usage problem.
<kees> is that the python-dns affected by CVE-2008-1447 bug?
<uvirtbot> kees: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via certain cache poisoning techniques against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability.
<kees> lp is timing out on me
<runes> What is the officially supported mail server in Ubuntu 8
<runes> or moreso the safest MDA and MTA for someone new to it
<hads> exim and postfix are probably the most common. I prefer postfix myself.
<runes> I see a lot of postings on postfix I take it it's been around a lot longer than exim?
<Chipzz> I should investigate what I'm about to say, but I think you're wrong, and postfix is actually quite recent
<Chipzz> FSVO 'recent'
<hads> Yeah, I'm not sure on the histories but Postfix isn't old at all.
<runes> Oh hmm now I take it I will need a separate pop server on top of postfix?
<hads> It is well used and proven though
<runes> that's what I was looking for!
<runes> proven
<hads> Yes the MTA is separate to IMAP/POP. I use Dovecot for that myself, there are plenty of others.
<Chipzz> courier is quite popular
<Chipzz> you can also hand the mail to courier or postfix and have them deliver local mail
<Chipzz> which has the advantage of being able to do sieve
<hads> Dovecot too
<Chipzz> errr
<Chipzz> right :)
<Chipzz> s/or postfix/or dovecot/
<hads> Ah, I get it :)
 * hads is slow today
<Chipzz> sieve = serverside filtering/sorting of mail
<Chipzz> something like procmail
<hads> Too much messing with threads is breaking my brain
<Chipzz> but less dangerous
<runes> The challenge is: I just figured out virtual hosting on Apache for two of my sites.  Now I want to have a small mail server (if there is such a thing) so that I can access my mail remotely
<runes> also this is my way of getting away from windows server and into linux--head first.
<Chipzz> postfix with dovecot or courier, with system users or virtual users
<hads> There are quite a few howtos for those setups around - they are quite popular.
<runes> ok time to get reading I just set up the mx record (have to wait about 24hrs) and I'll need at least a weekend to drill through the basics
<runes> then another week of questions.
<runes> so I am not sure if this channel is appropriate or will I need to find a specific channel to ask questions on the specifics?
<hads> This channel is appropriate for questions regarding how to do things with an Ubuntu server, for really specific things you may be better off with #postfix or whatever.
<runes> that's fair well you both gave me a good head start I'm at the beginning of the Ubuntu help on postfix..figured I'd start there for reading.
<Chipzz> runes: first thing you want to figure out is wether you want to use system users or virtual users
<Chipzz> lots of things will depend on that
<hads> virtual is usually a good idea if you have multiple domains
<Chipzz> system users mostly only when you have users with shell accounts that expect to read their mail to (remotely or not)
<uvirtbot> New bug: #247439 in openldap2.3 (main) "Remove openldap2.3 source package from intrepid archive" [Undecided,New] https://launchpad.net/bugs/247439
<Chipzz> virtual users *is* harder to set up though
<hads> Agreed.
<hads> Although if you may need to move to it later on it's probably a good idea just to bite the bullet.
<Chipzz> akthough you should be aware that unless you use the secure versions of POP and IMAP you will be sending your system password over the wire in clear text
<Chipzz> which tends to be... well, not a good idea :P
<hads> Yeah :)
<ScottK> kees: Yes.
<ScottK> kees: That's already been disclosed in the Debian bug.  My uncertainty was about the rest of the discussion.
<kgoetz> hi all. other then wondershaper, does anyone know an easy way to get started with some form of shaping/trafic control?
<osmosis> Why is it that apache seems to have a 120MB ram limit per thread ?
<jords> I'm having a issue with getting ntop to think that my local traffic is local - eg I've set the "Virtual NetFlow Interface Network Address" to 192.168.1.1/255.255.255.0, but It still seems to think that 192.168.1.101 is a remote ip...
<RockHound> good day everyone ...
<RockHound> any chance that amavisd-new 2.6.x will be backported for 8.04? DKIM support is a big plus in this version
<venil> Hi Guys
<venil> is there a console way to search files that contain certain text line?
<venil> i'm a newbie
<soren> Look at grep.
<venil> is not a combination of grep and something
<soren> grep looks for stuff in files.
<RockHound> venil: grep "text" files
<soren> 'grep -r "Shopping list" .' (without the single quotes) will search recursively starting in the current directory for a file containing the string "Shopping list"
<RockHound> venil: -i = case insenstivie ; -n line number ; -R recursive directory search
<RockHound> err -r
<soren> RockHound: Same.
<venil> thanks, i'll try that
<soren> RockHound: -r, -R, and --recursive have the same effect.
<soren> i think there's even one more way to do it.
<RockHound> soren: well ... good ;)
<pubo> Hi,
<pubo> Do anybody know how can I change the eth3 name to eth1? My Network Card was broken and I had to buy another one, but now Ubuntu recognices it as eth3 instead of eth1
<maswan> pubo: check /etc/iftab
<pubo> maswan, ok, thanks!
<pubo> maswan, do you know which package creates iftab? I see that I don't have it on my /etc: $ /usr/lib/udev/migrate-iftab.pl
<pubo> /etc/iftab does not exist to convert
<RockHound> pubo: udev generates the names ... don't have iftab either
<RockHound> on gentoo there was a persistant rule for the names based on mac address
<maswan> Hm. If you don't have an iftab, then I don't know what generates the names.
<maswan> We set it up during (FAI) installation
<RockHound> maswan: udev does not generate those names? via /etc/udev/rules.d/75-persistent-net-generator.rules
<RockHound> ?
<maswan> RockHound: Hm. it might on a default install, I wouldn't know. I don't have any of those. :)
<_ruben> you need to edit /etc/udev/rules.d/70-persistent-net.rules
<_ruben> (or just delete it, it will be generated at boot)
<RockHound> _ruben: that is what I was looking for
<RockHound> perfect
<jdstrand> ScottK: bug #247409 is public debian bug #490217 (as you know-- you commented on it)
<uvirtbot> jdstrand: Bug 247409 on http://launchpad.net/bugs/247409 is private
<uvirtbot> Debian bug 490217 in python-dns "python-dns vulnerable to CVE-2008-1447 DNS source port guessable" [Grave,Open] http://bugs.debian.org/490217
<RockHound> so pubo: see _ruben's post
<jdstrand> ScottK: ah you unprivated it already
<jdstrand> oh, that was the debian bug-- anyhoo, I unprivated the launchpad bug
<jdstrand> (between that and the stub resolver Debian advisory, there is really nothing that isn't already publuic in there)
<jdstrand> public
<pubo> _ruben, sorry, I was on coffe :P
<pubo> _ruben, then, I only have to delete that archive and linux will generate a new one at the next system start?
<micheluntu> hi all, question regarding routing... where is the best place to put static route?
<pubo> 7
<pubo> ups, sorry :)
<_ruben> pubo: yeah .. any nics that arent configured in that file, will be after a reboot
<_ruben> micheluntu: in /etc/network/interfaces .. as an "up" script
<pubo> _ruben, I've deleted it, but eth3 still being eth3 :(. I'm going to edit now to see...
<_ruben> and you did reboot?
<micheluntu> _ruben: is it executed if i do ifdown ethx
<micheluntu> ?
<micheluntu> sorry, ifup ethx
<_ruben> micheluntu: no, thats what "down" scripts are for ;)
<micheluntu> sure :-/
<pubo> _ruben, yes :S
<micheluntu> ok.. i'll try, thanks
<_ruben> pubo: strange .. pastebin the contents of the rules file
<pubo> _ruben, but the reboot didn't generate a new one file... maybe using:   ip link set dev eth3 name eth1.... I'm going to test tit
<_ruben> pubo: which one did you delete ? /etc/udev/rules.d/75-persistent-net-generator.rules or /etc/udev/rules.d/70-persistent-net.rules ?
<ScottK> jdstrand: Thanks.  I wasn't sure.
<jdstrand> np
<pubo> _ruben, 75
<pubo> I've tested with ip link set... and it appears that works
<RockHound> pubo: it was 70 which you should have deleted
<pubo> RockHound, ok, I'm going to test ti
<RockHound> if you delete 75, then it will not work
<RockHound> as 75 generated 70 ...
<RockHound> so you will have to restore 75
<nandersson> Great videos from Daniel Holbach on the UbuntuDeveloper-channel regarding MOTU-development. I write an article about them om Swedish TechWorld Open Source-mag.
<nandersson> "I wrote"
<pubo> RockHound, now it works :).... Fortunately I moved 75 to /root instead of delete it. I undo the changes and removed 70 and now everything works!! Thanks all!!
<RockHound> pubo: yw
<emgent> heya
<gegema> after doing an apt-get update, is there a flag to view/list upgradable packages without needing to get into aptitude?
<soren> "apt-get upgrade" ?
<soren> And just say "no"?
<soren> Or "apt-get upgrade -s" if you must.
<gegema> soren: Thanks
<gegema> and when apt says "the following packages have been kept back", that means?
<gegema> they should be marked for removal I guess?
<_ruben> no, they most likely depend on extra packages to be installed
<_ruben> apt-get dist-upgrade would pull those in as well
<gegema> when was 8.04.1 released?
<gegema> or what should the current issue read?
<_ruben> not so long ago
<_ruben> one week ago
<gegema> and doing an apt-get upgrade should get me on that issue withouth needing to do a dist-upgrade correct?
<lukehasnoname> gegema: right
<_ruben> no, kernel upgrades among others usually (always?) are pulled in via dist-upgrade
<gegema>  sorry for asking dumb Q.s... I am still learning
<gegema> hrrm.. . not _ruben and lukehasnoname are giving me contradicting answers
<_ruben> as long as there are "kept back" packages, you are not fully up to date
<lukehasnoname> go with _r
<lukehasnoname> _ruben:
<kirkland> zul: ping
<zul> kirkland: yo
<kirkland> zul: yo, so about bug 247389
<uvirtbot> Launchpad bug 247389 in ecryptfs-utils "ecryptfs-utils build should not depend on libltspi or libopencryptoki-dev " [Unknown,Fix released] https://launchpad.net/bugs/247389
<kirkland> zul: debian upstream is not going to drop those build deps
<zul> kirkland: why not?
<kirkland> zul: but i think we should for now
<kirkland> zul: because they don't really care about main vs. universe ;-)
<zul> kirkland: yeah
<kirkland> zul: what do you recommend?
<zul> thats fine with me then
<kirkland> zul: if we take that patch, removing those 2 build deps, it saves us 3+ more MIRs
<kirkland> zul: and we're not using/needing the support
<zul> sounds good
<kirkland> zul: if the MIRs go very well, or if we want TPM and opencryptoki support in the future, well then we just MIR them, right?
<zul> yeah what do those packages do in the first place?
<kirkland> TPM is the trusted computing chip that's on most modern motherboards
<kirkland> ecryptfs has basic support for it
<kirkland> for instance, you could use a key embedded in your TPM for your ecryptfs mount
<kirkland> which would mean that that ecryptfs mount COULD ONLY work with your motherboard
<zul> kirkland: im thinking we just might as well add those MIR then so we dont have have a delta with debian and we might want those features in the future
<kirkland> zul: okay
<zul> sound reasonable?
 * freeflying 
<freeflying> sorry, type wrong
<kirkland> jdstrand: hiya, you around?
<jdstrand> kirkland: hi!
<kirkland> jdstrand: i could use a few minutes of your time today ideally to get auth-client-config handling the ecryptfs pam module
<jdstrand> kirkland: no problem-- do you have the profiles already?
<kirkland> jdstrand: i don't
<kirkland> jdstrand: see https://wiki.ubuntu.com/EncryptedPrivateDirectory
<kirkland> jdstrand: the Testing section
<kirkland> jdstrand: i need to add one line to  /etc/pam.d/common-auth, and one to  /etc/pam.d/common-session
<kirkland> jdstrand: and I pulled the source to auth-client-config
<jdstrand> kirkland: right, just at the end of a standard configuration, correct?
<kirkland> jdstrand: yes, that's fine
<jdstrand> kirkland: this should be shipped as part of the pam ecryptsfs package-- is that the plan?
<jdstrand> (nice spelling)
<kirkland> jdstrand: I think so, until which point slangasek has his magic pam configurator operational
 * jdstrand is a fan of ecryptsfs _and_ the interwebs
<kirkland> ^^^ spoken as Emperor Palpitine
<uvirtbot> kirkland: Error: "^^" is not a valid command.
<kirkland>  ^^^ spoken as Emperor Palpitine
<bdmurray> it's Palpatine
<emgent> jdstrand: if you have little bit time take a look in Bug #247612
<uvirtbot> emgent: Bug 247612 on http://launchpad.net/bugs/247612 is private
 * kirkland isn't right after the last round of lightning bolts from the Emp, after misspelling his name :-)
<jdstrand> kirkland: all you need to do is setup a proistine system for ecryptfs (ie no other pam changes), then do:
<jdstrand> auth-client-config -S
<jdstrand> kirkland: this outputs your current pam and nss to to stdout
<kirkland> jdstrand: http://pastebin.ubuntu.com/26683/
<kirkland> lemme fix the spacing
<jdstrand> kirkland: redirect that to a file, remove the nss_* and pam_account and pam_password lines, name it something sensible, and it's done
<kirkland> wowsers
<jdstrand> kirkland: well, you need to add it to the package still (drop it in /etc/auth-client-config/profile.d)
<kirkland> jdstrand: would this be something to give to debian, or Ubuntu-only change?
<jdstrand> kirkland: a-c-c isn't in debian
<kirkland> jdstrand: ah
<jdstrand> that will likely change, but for now, that is how it is
<jdstrand> kirkland: don't bother with the spacing-- just make it right in /etc/pam.d, then use auth-colient-config -S
<kirkland> jdstrand: yup
<jdstrand> kirkland: what you pasted doesn't have the session entry
<kirkland> jdstrand: i just fixed that
<jdstrand> can you repaste?
<kirkland> jdstrand: sure
<kirkland> jdstrand: http://pastebin.ubuntu.com/26684/
<kirkland> jdstrand: do you have a sample package I can model the packaging bits after?
<jdstrand> kirkland: ok, now remove nss_* pam_account and pam_password, and change the date string to be something meaningful, like [ecryptfs_standard]
<kirkland> jdstrand: http://pastebin.ubuntu.com/26685/
<kirkland> jdstrand: i wrote that to a file called: pam_ecryptfs.auth-client-config
<jdstrand> kirkland: you didn't change anything in pam_account or pam_password, so remove those lines too
<jdstrand> kirkland: I mean, if they need to be that, then leave them, but if not, remove them
<kirkland> jdstrand: http://pastebin.ubuntu.com/26686/
<jdstrand> kirkland: I suggest naming it 'ecrypts', so that you have the file /etc/auth-client-config/ecryptfs
<kirkland> k
<jdstrand> kirkland: once you put it in there, you can do: 'auth-client-config -l' and see if the profile pops up
<kirkland> jdstrand: well, the packaging can install it as such
 * jdstrand nods
<kirkland> jdstrand: within the package, though, i was going to call it debian/pam_ecryptfs.auth-client-config
<jdstrand> kirkland: but for testing it, just drop it in there now and moake sure it works
 * jdstrand nods again
<kirkland> jdstrand: do you have a package that uses this, that I might emulate?
<jdstrand> kirkland: ldap-auth-config
 * delcoyote hi
<jdstrand> kirkland: once it's in there, can do:
<jdstrand> auth-client-config -n -p ecryptfs_standard -t pam-auth ; auth-client-config -n -p ecryptfs_standard -t pam-session
<jdstrand> for a dry run
<jdstrand> kirkland: remove the '-n' for a real run
<kirkland> k
 * jdstrand notes it is probably convenient to use a comma separated list for '-t'
 * jdstrand goes to fix that
<Thorsten11> I am looking to swap my servers hard drive with a larger one.  How do I go about doing that and keeping all the data?  Any help would be great!
<kirkland> jdstrand: hmm, "auth-client-config -p ecryptfs_standard -t pam-auth ; auth-client-config -n -p ecryptfs_standard -t pam-session,pam-auth" ... does that go in debian/rules?
<jdstrand> kirkland: that second command needs to drop ',pam-auth' (a-c-c can only handle one -t option at a time right now)
<kirkland> oh
<kirkland> okay, so two calls
<jdstrand> kirkland: re rules> no, that is what the user will run to enable ecryptfs in pam
<jdstrand> kirkland: in a bit, those two commands will become:
<jdstrand> auth-client-config -p ecryptfs_standard -t pam-auth,pam-session
<kirkland> jdstrand: right
<kirkland> jdstrand: okay, i suppose this helps somewhat
<kirkland> jdstrand: but it still doesn't solve what I thought i was solving
<kirkland> jdstrand: avoiding having to do the pam setup post installation
<jdstrand> kirkland: there are mechanisms in place in auth-client-config to make it work in packaging, but as a policy isn't in effect and slangasek is doing a different implementation, then just leave it to the user
<kirkland> jdstrand: okay, thanks.
<kirkland> jdstrand: let me get a debdiff tested and available for your review
<jdstrand> kirkland: you can read /usr/share/doc/auth-client-config/README for ideas on package integration
<kirkland> jdstrand: well, i'll hold off until we see whether or not slangasek's implementation is good to go
<jdstrand> kirkland: but that is likely more than you want to do right now
<kirkland> jdstrand: right ;-)
<jdstrand> kirkland: keep in mind, while this doesn't help greatly in terms of what is outlined in Testing, it does allow you to ship a configuration that is known to work, and the wiki won't have to change.  You can also add other profiles to /etc/auth-client-config/ecrypts-- eg [ecryptfs_advanced], or whatever
<jdstrand> kirkland: it also provides an easy way to disable ecryptfs (one command as opposed to hand editing to config files)
<jdstrand> s/to config/two config/
<kirkland> jdstrand: that's a good point, thanks.
<kirkland> jdstrand: something like http://pastebin.ubuntu.com/26689/
<jdstrand> kirkland: but the use of auth-client-config, or steve's method, or a combination is really what needs to be implemented :)  use of auth-client-config just makes it easier
<kirkland> jdstrand: oh, yeah, i totally understand that
<jdstrand> kirkland: you don't need a Pre-Depends-- just add /etc/auth-client-config/profile.d to 'dirs'  (which you've already done)
<jdstrand> kirkland: I suggest using 'Suggests' instead of Pre-Depends
<jdstrand> kirkland: ecryptfs will work just fine aithout a-c-c
<kirkland> k
<kirkland> jdstrand: build gripes: dh_install --fail-missing --sourcedir=debian/tmp
<kirkland> cp: cannot stat `debian/tmp/pam_ecryptfs.auth-client-config': No such file or directory
 * jdstrand goes to download the thing
<jdstrand> there are a lot of build-deps...
<delly84> does anyone know the best way to purge an ldap database besides just removing /var/lib/ldap/* and /var/backups/unknown-...ldapdb  and re inserting the nodes via dpkg-reconfigure slapd and ldapadd?
<delly84> is that even the right way to do this?
<kirkland> jdstrand: to ecryptfs-utils?
<kirkland> jdstrand: i'm working a couple of MRs related to that now
<jdstrand> kirkland: from a pristine schroot, yeah
<kirkland> zul: doko approved pkcs11-helper \o/
<kirkland> jdstrand: hmm, i'm missing something obvious
<jdstrand> kirkland: the problem is that the profile is not copied into debian/tmp/etc/auth-client-config/profile.d
<kirkland> jdstrand: right
<kirkland> jdstrand: what should handle that?  something rules, I suspect
<jdstrand> kirkland: your libecryptfs0.dirs file makes etc/auth-client-config/profile.d created in debian/libecryptfs0
<jdstrand> but the profile is copied there either
<kirkland> jdstrand: is my syntax in libecryptfs0.install correct?
<kirkland> jdstrand: should it be ../pam_ecryptfs.auth-client-config etc/auth-client-config/profile.d
<jdstrand> kirkland: I'm not used to seeing it like that
<jdstrand> kirkland: I think just having /etc would be enough
<jdstrand> kirkland: your syntax looks fine based on the manpage (hey, I learned something!)
<kirkland> jdstrand: the ../ bit?
<kirkland> jdstrand: b/c, that actually works!
<jdstrand> kirkland: no, just the <file> <dir> bit
<kirkland> jdstrand: oh, i got that straight from ldap-auth-config
<kirkland> jdstrand: see ldap-auth-config.install
<jdstrand> hmm, I might have actually did that
<jdstrand> (ldap-auth-config.install)
<kirkland> jdstrand: you're so money you don't even know it!
<jdstrand> apparently I'm flaking out right now :)
<jdstrand> kirkland: a cleaner approach is in debian/libecryptfs0.install have:
<jdstrand> /etc/auth-client-config/profile.d/pam_ecryptfs.auth-client-config
<jdstrand> kirkland: then in rules:
<jdstrand> dh_install --list-missing --sourcedir=debian/tmp -Xpam_ecryptfs.auth-client-config
<jdstrand> and in rules:
<jdstrand> cp $(CURDIR)/debian/pam_ecryptfs.auth-client-config $(CURDIR)/debian/libecryptfs0/etc/auth-client-config/profile.d
<jdstrand> after the MAKE command
<kirkland> jdstrand: would s/pam_ecryptfs.auth-client-config/acc-ecryptfs/g be more consistent?
<jdstrand> kirkland: basically, we install the file into the libecrypts0 dir (as expected), then tell dh_install to skip that file when doing debian/tmp
<jdstrand> kirkland: I have no preference as to the name
<kirkland> jdstrand: which section of rules does the -Xacc-ecryptfs bit go?
<jdstrand> kirkland: it should *not* be named 'acc-ecryptfs' after install though-- files with acc- are installed by auth-client-config itself
<kirkland> jdstrand: oh
<jdstrand> it's a convention, not a hard-n-fast rule
<jdstrand> but there is no reason not to follow it
<kirkland> jdstrand: that's fine
<kirkland> jdstrand: i'll call it ecryptfs.acc in the source package
<kirkland> compact enough
<jdstrand> kirkland: I like the installed named as 'ecryptfs'-- it is easy
<kirkland> jdstrand: okay, and i'll install it as 'ecryptfs'
<jdstrand> kirkland: as for the -X... part-- just add it to the end of the dh_install line that already exists in binary-arch
<kirkland> jdstrand: the existing line has "fail-missing" ... yours "list-missing" ?
 * kirkland tries a build...
<jdstrand> kirkland: err, yeah-- good point. it should be fail-missing
<zul> kirkland: coolness please add it to the seeds then :)
<kirkland> jdstrand: k, i'm building with that now
<jdstrand> kirkland: I tried list-missing in testing
<kirkland> zul: i may need some instruction/documentation on doing that (later)
<zul> kirkland: cool you might not have access either
 * kirkland doesn't have much access at all
 * kirkland is entirely at the mercy of bribing a bunch of other people to sponsor his work :-)
<kirkland> jdstrand: okay, cool, that built, and installed properly!
<jdstrand> \o/
<kirkland> jdstrand: let me try the runtime command to enable....
<kirkland> jdstrand: what do you think of http://pastebin.ubuntu.com/26708/ ?
<jdstrand> kirkland: hold on
<jdstrand> kirkland: you reference debian/acc-ecryptfs in the changelog.
<kirkland> jdstrand: shite, okay
<jdstrand> kirkland: I've updated it-- other than that it looks good
<jdstrand> kirkland: do you want me to upload?
<kirkland> jdstrand: let me attach it to the bug
<jdstrand> kirkland: I build on amd64, did package upgrade testing, and tested auth-client-config profile integration
<kirkland> jdstrand: same here
<jdstrand> kirkland: let me know when to upload
<kirkland> jdstrand: patch at https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/247641
<uvirtbot> Launchpad bug 247641 in ecryptfs-utils "pam_ecryptfs.so insertion into the pam stack" [Wishlist,In progress]
<jdstrand> kirkland: does that mean it's ready to fly?
<kirkland> jdstrand: yup, good by me, i fixed the changelog
<kirkland> jdstrand: other than that it's identical
<kirkland> jdstrand: sad that we have to diverge from debian, but hopefully it's temporary
<jdstrand> ecryptfs-utils fly, ecryptfs-utils fly
<jdstrand> into the light of the dark black night
<jdstrand> kirkland: uploaded
<kirkland> jdstrand: thanks, i'm updating the wiki page now
<jdstrand> kirkland: it's a minor divergence that will help our users
<kirkland> jdstrand: definitely, a million thanks for your help
<jdstrand> np
<jdstrand> :)
<kirkland> jdstrand: do we care about hppa build failure?
<jdstrand> jdstrand: well, yes, but what do you mean specifically?
<kirkland> jdstrand: i just got a failed-to-build error for ecryptfs-utils with your upload for hppa
<jdstrand> that was fast
<kirkland> jdstrand: okay, instructions updated at: https://wiki.ubuntu.com/EncryptedPrivateDirectory#head-4a2aa7460fdca18bfe78bb1283becff406bbc13c
<jdstrand> jdstrand: it built last time
<jdstrand> kirkland: it's an apt error
<kirkland> jdstrand: i was just investigating that
<kirkland> jdstrand: okay, not our fault :-)
<jdstrand> kirkland: no
<kirkland> jdstrand: no, it is our fault?
<jdstrand> kirkland: it is not our fault
<kirkland> jdstrand: ;-)
<jdstrand> I submitted to retry the build
<jdstrand> kirkland: it built fine the 2nd time
<kirkland>  jdstrand: cool, thanks.
<kirkland> jdstrand: i just need the fix from Debian in 50-2 that makes mount.ecryptfs_private setuid
<kirkland> jdstrand: ideally, i'll get that in and merged by Monday, and we can have an ~/Private setup party in Lexington next week ;-)
<jdstrand> kirkland: guess you get to practice merging :)
<jdstrand> ok cool
<kirkland> jdstrand: yup
<jdstrand> \o/
<bdmurray> mathiaz: I might be able to help regarding moving bugs to a renamed package
<kirkland> mathiaz: any progress on the web app packaging standard?
<kirkland> mathiaz: i have a couple of simple, small PHP web apps that I'd like to get some assistance packaging from scratch next week
<kirkland> mathiaz: the good news is that they don't use a DB
<Chipzz> kirkland: have you looked at the packaging of phpmyadmin?
<kirkland> Chipzz: negative
<Chipzz> kirkland: take a look at that; maybe that will give you some idea's?
<Chipzz> s/'//
<kirkland> Chipzz: mathiaz had raised some issues with the way webapps are/not packaged with Ubuntu at UDS
<kirkland> Chipzz: if phpmyadmin's packaging is a model to be followed, i can do that
<kirkland> Chipzz: however, i was under the impression that none were considered "ideal"
<Chipzz> I'm not saying it's a model; it is however something you can take a look at to get some inspiration
<kirkland> Chipzz: cool, thanks for the pointer
<tolun> hi everyone...
<tolun> how can I increase entropy in kernel?
<tolun> is there anybody...
<lukehasnoname> be patient, a lot of these guys are working. they'll get to you in time, most of the time.
<tolun> :-/
<mathiaz> bdmurray: kwel - where is your magic script ?
<mathiaz> kirkland: no progress on the web app packaging standard
<bdmurray> mathiaz: I don't have one yet but ogasawara or I should be able to help
<mathiaz> bdmurray: ok - persia suggested to move them by hand while reviewing them
<mathiaz> bdmurray: which could be a good idea in this case as there aren't so many bugs
<bdmurray> mathiaz: right, I saw that.  I think it really depends on the volume.  If you are on top of them and know they are all valid just move them - otherwise reviewing during the process makes sense.
<nealmcb> Is there a tool (web query engine?) to easily determine if a given dns resolver (not under my control) is now properly doing random source ports (e.g. a tool that asks it to resolve an address at a domain that the tool can work with to see what source port the requests come in on?)
<ScottK> Not that I know of.  If you control the DNS server it's asking, you can capture data via tcpdump and check.
<Nicke__> nealmcb: Have you tried http://www.doxpara.com/ ?
<Deeps> urr, surely you can see the source port of incoming packets
<gegema> this may be a rediculous Q... but here goes. When doing a "history" command and I get a list of my previous commands, is there a way to select say the 200th command, so I doint have to up arrow 200 times to get to it?
<gegema> or is my only option to just copy and paste that command
<zul> !<history number>
<gegema> hmm.. tried history number before asking this Q... and just tried !history number and I get -bash: history: too many arguments
<nealmcb> Nicke_ yup - that's the ticket!  Dan's own checker on the sidebar at ï»¿http://www.doxpara.com/ .  Though I suggest you don't expect it to be too smart.  I see a lack of randomness that it didn't in my dns server
<Nicke__> nealmcb: yeah.. I only know that it detected my own dns server as vulnerable before I updated it, and said it was fine after.. but I don't see that as any guarantee ;)
<tolun> how can I increase entropy in kernel?
<nealmcb> tolun: get the machine to do interesting things - maybe df /usr or something like that
<nealmcb> or move your mouse etc
<tolun> nealmcb, it is a server which is far away and i am connecting via ssh
<tolun> and ubuntu server does not accepts my inputs
<tolun> from ssh
<tolun> I want that server should do entropy by itself
<tolun> :(
<tolun> I mean that it is not accepts inputs as an entropy action....
<tolun> does not server generate random bytes for entropy by itself?
<nealmcb> tolun: yes, but if it isn't doing much it can take time. disk activity should help which is why I suggested df /usr
<tolun>  owwww
<tolun> sorry...
<tolun> let me check this pls...
<tolun> ;)
<nealmcb> dooh - I mean du /usr ....
<nealmcb> df is much too efficient :/
<nealmcb> tolun: ^
<tolun> nealmcb, still I am testing...
<tolun> and still it did not achived my problem...
<tolun> :(
<trakinas> im having troubles with ssh
<trakinas> first thing: the keys arent being loaded. though i have removed and re-generated them
<trakinas> second thing: i cannot connect to the server anymore.
<trakinas> even after doing this: http://markus.revti.com/index.php/2007/12/05/245/
<nealmcb> so I'd like to run dan's script at ï»¿doxpara.com/, which uses javascript, from a server.  what handy javascript-enabled text mode browsers are out there again?  our elinks doesn't seem to have spidermonkey which would do some javascript
<Wicky656> how do you set limits in /etc/security/limits.conf to unlimited or is that even possible?
 * nealmcb hoped he'd eventually find a relevant, on-topic question :)
<tolun> nealmcb, it did not worked
<tolun> :(
<nealmcb> did you run du (not df like I said at first)?
<nealmcb> and exactly what are you doing?
<tolun> yes
<tolun> it has been stoped
<nealmcb> tolun: see e.g. http://bentham.k2.t.u-tokyo.ac.jp/notebook/?p=241
<tolun> ok
<tolun> and what else?
<nealmcb> I'd say, maybe, at a shell do this in the background just before generating your key:  "du / &"  or "ls -Rl / > /dev/null &"
<nealmcb> so it runs while you generate
<tolun> thank you nealmcb...
<tolun> i will try all of them...
<nealmcb> tolun: or generate it on a desktop and copy it to the server....
<tolun> i think i found it... which included in your link address...
<tolun> egd is a solution i think...
<tolun> of course i have to try it...;)
<tolun> nealmcb, really thanks for all... I will try it and inform you... of course if you need know...;)
<nealmcb> tolun: np
<bitsbam_> hello anyone use a dell poweredge ?
<nealmcb> bitsbam_: you might get better answers if you ask your underlying question
<bitsbam_> thanks, i need to know the procedure to power down a hard drive for a hot-swap replacement
 * nealmcb doesn't know :(
<Nafallo> ehrm. hotswap is yank out, put in new? :-)
<Nafallo> that's how I do it on HPs anyway. works fine.
<nealmcb> the "hammer" approach :)  I would have guessed it, but didn't want to steer someone wrong
<Nafallo> just take care if the machine starts rebuilding the array or something.
<Nafallo> you want to wait until it doesn't do that before you put in the new drive or you might loose the array.
<nealmcb> cool - I learned a nice emacs tip last night: tramp has a "sudo" mode, so you can edit /sudo::/etc/resolv.conf  without firing up another emacs
<bitsbam_> well, last night, i yanked a drive, and slid a new one in place, but it never showed anything other than the blinking amber lights for drive failure, put the old drive back in it blinked amber for a bit, then green
<bitsbam_> I suppose most of this would point to a drive failure ? It is a brand new drive.
<solexious_> [q] My server seems to hang on restarts, how can i find out how as it seend to be after ssh is stopped
<solexious_> seems*
<uvirtbot> New bug: #247727 in mysql-dfsg-5.0 (main) "mysql ignores view order when selecting with group by" [Undecided,New] https://launchpad.net/bugs/247727
<Chipzz> hrrrrm
<Chipzz> anyone here running debian testing?
<Chipzz> I just upgraded some servers from php5 5.2.5 to 5.2.6, and I hit max connections pretty fast
<Chipzz> appears to be a problem with apache threads (especially those to localhost; for the server reloading - WTF is apache doing this crap in the first place) hanging in the closing state for too long
<Chipzz> mentioning this because that version may be hitting intrepid...
<bitsbam_> anyone have a more correct procedure for readying a drive to be removed and hot swapped than just yanking the thing out of a dell poweredge server?
#ubuntu-server 2008-07-12
<tolun> Hi guys...
<tolun> I want to know that how can I install egd on ubuntu server...
<uvirtbot> New bug: #247750 in bind9 (main) "package bind9-host 1:9.4.2-10 failed to install/upgrade: subprocess dpkg-deb --control returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/247750
<CppIsWeird> i cant find the package libapache-mod-dav? apt-cache search returns nothing, as well as searchs for apache-mod and apache2-mod, none of which return a dav module
<darthanubis> whats the difference in the "generic" and "server" kernels?
<jetole> can anyone recommend a good method for syslog from windows to syslog-ng, lots of methods mentioned on the net, basically want to know what any of you use that works
<HellMind> Hello, which is the cmd to configure modules? (I want to load a mod for my nic)
<HellMind> And I need a tool like prime95 to stress the cpu
<hads> I've no idea what prime95 is but you could try cpuburn which is a package in universe.
<nijaba> HellMind: modprobe is a usefull comand for modules
<HellMind> primeworks
<HellMind> i will try cpuburn
<HellMind> but i dont know the name of the module :(
<nijaba> darthanubis: http://www.ubuntu.com/products/whatisubuntu/serveredition/features/kernel should give you a good idea
<HellMind> then i should do insmod -i
<nijaba> HellMind: mmh if you do not know the module, and it is not loaded automatically, you may have to do so search on the net to find it out in the first place
<nijaba> HellMind: http://people.ubuntu.com/~kirkland/search.html might help filtering your search
<kirkland> nijaba: light night?
<kirkland> nijaba: or early morning?
<nijaba> kirkland: preparing for jetlag
<kirkland> nijaba: ah, you must have traveled over the pond before :-)
<nijaba> kirkland: a few hundred times I think
<kirkland> nijaba: :-P
<nijaba> err...  no, more like below a hundred
<nijaba> but by not much
<nijaba> funny how you get highlighted when I point someone to your search engine
<kirkland> nijaba: thanks for the advertisement ;-)
<nijaba> :)
<kirkland> nijaba: i point a lot of newbies to it
<kirkland> nijaba: and, actually developers too
<kirkland> nijaba: newz2000 still hasn't turned on search.ubuntu.com, sadly
<nijaba> it is very useful
<kirkland> nijaba: you mess with the manpage repo any?
<nijaba> kirkland: we have to accept that things take time
<kirkland> nijaba: i use that one allday, everyday
<sommer> hey all
<nijaba> kirkland: not yet, haven't had time to look at the access details :(
<nijaba> hey sommer
<kirkland> nijaba: it's just ubuntu.dustinkirkland.com
<kirkland> sommer: howdy
<sommer> nijaba kirkland yo... anyone know about doc.u.c?
<nijaba> kirkland: thanks, bookmarked.  I'll drop comments if I have any
<kirkland> nijaba: thanks
<nijaba> sommer: know what?
<kirkland> sommer: never seen it before
<sommer> mdke hasn't been around for awhile, and the site is dated... at least the serverguide
<nijaba> hmm really?
<nijaba> we should talk with elmo about that
<kirkland> sommer: have you raised it on the doc mailing list?
<sommer> ya, and there's some good samba stuff in there
<sommer> kirkland: nope... was kind of waiting to see if he'd show up
<kirkland> sommer: ah
<sommer> I know he's updated it in the past
<kirkland> sommer: yeah, it's funny how little traffic there is in #ubuntu-doc
<sommer> kirkland: it picks up closer to release time
<nijaba> ok, past 11pm in Boston, I can go to bed :)
<kirkland> nijaba: see ya Sunday
<sommer> later on nijaba
<nijaba> kirkland: definitely.  I may be around tomorrow with some fun at finishing my limesurvey package.  emmet did raise a few issue.  As you will soon know, the first one it tough.
<nijaba> *is
<kirkland> brb, grabbing 'nother beer ;-)
 * sommer has a great italian wine :)
 * sommer dolcetto... yay!
 * nijaba has a lot of french wine but drinks coke
 * hads continues recovering from last night
<sommer> party!
<emgent> hello there :)
<kirkland> emgent: howdy!
<nijaba> emgent: hello! congratulations !
<kirkland> sommer: super tuscan?
<kirkland> emgent: i see you like folk music?
<sommer> kirkland: not sure where exactly, but it's good
<emgent> kirkland: sure.
 * kirkland pours himself a heffeweizen
<emgent> nijaba: thanks :)
<sommer> that's a good one
<emgent> kirkland: do you know "Modena City Remblers" ?
<kirkland> emgent: a close friend of mine is a folk musician in Tuscany
<kirkland> emgent: I don't...
<nijaba> ok, call of the hay...  good whatever guys!
<emgent> argh :)
<kirkland> emgent: i'll have to check them out
<emgent> kirkland: http://it.youtube.com/watch?v=SqJIb3_4P0Q
<kirkland> emgent: Irish Italian?
<kirkland> emgent: http://www.vanessapeters.com/ontheroad.html  <- those are my friends
<emgent> yeah
<emgent> kirkland: http://www.ramblers.it/home/home_1.asp?idpag=17&lang=eng
<kirkland> emgent: good stuff ;-)
<emgent> hehehe :)
<emgent> someone use moinmoin ?
<emgent> kirkland: when you come back in italy mail me :)
<kirkland> emgent: will do!
<kirkland> emgent: i spent 2 weeks there, last year
<emgent> :)
<emgent> http://en.wikipedia.org/wiki/Orvieto
<kirkland> emgent: is that where you live?
<emgent> sure
<kirkland> emgent: cool
<kirkland> emgent: we spent a week in Castiglion Fiorentio, near Arezzo
<emgent> http://www.ou.edu/ccac/images/orvieto.jpg
<emgent> oh cool
<emgent> 1 hour by car :P
<kirkland> emgent: Assisi is in Umbria, right?
<emgent> yes
<emgent> kirkland: but it`s a clerical city..
<emgent> orvieto too :(
<kirkland> emgent: "clerical"?  you mean, "religious"?
<emgent> yeah
<kirkland> ah, right
<kirkland> well, we enjoyed it for what it was worth
<kirkland> very medieval too
<kirkland> my wife and i enjoy little old italian cities, inside the ancient walls and such
<helfire> is there a RAID option that is not mirroring but just paridy so I dont need to have 2x the disk space for mirroring?
<emgent> yes it`s true, but in italy  Vatican > *, and it`snt good.
<kirkland> helfire: are you looking for RAID5?
<helfire> i belive so, is that a viable option for LVM+mdadm+RAID5?
<kirkland> helfire: i think you're mixing up your terms
<kirkland> helfire: you can certainly run an LVM on top of a RAID5
<kirkland> mdadm is just a command line tool used to administer RAIDs
<kirkland> and yes, mdadm supports RAID5
<helfire> oh i thought mdadm was a software raid utility
<kirkland> helfire: well, it is a command line utility for setting up a software raid, yes
<kirkland> helfire: the linux kernel handles the low level details of the raid devices though
<helfire> so i'd add physical disks to a software raid5 set, then create a LVM on top of it?
<kirkland> helfire: yup
<kirkland> helfire: and if you want to understand the different raid levels, make yourself a pot of tea and read http://en.wikipedia.org/wiki/RAID
<helfire> is expanding and failing as easy with RAID5 as RAID1?
<helfire> i've been reading tutorials on lvm+raid, but they all focus on raid1
<kirkland> helfire: mostly, yes
<kirkland> helfire: there's one kick, though, i'd say with raid5
<kirkland> with raid1, at any time, you can take one of your hard drives and go play elsewhere
<kirkland> helfire: ie, you can take it out of one computer and put it somewhere else and have all your data
<kirkland> helfire: with raid5, you have to have at least 3 disks to start with
<kirkland> helfire: and any one of your disks only contains a subset of the total data
<kirkland> helfire: so no single disk itself has all of your data
<kirkland> helfire: i have a 4 disk RAID 5....  it has 4 x 500GB drives
<kirkland> helfire: for a total of about 1.5 TB of space
<kirkland> a full disk is lost to parity
<kirkland> but with RAID5, that parity is striped across all 4 disks
<kirkland> helfire: I can lose any 1 of the 4 disks, without losing data
<kirkland> helfire: I cannot lose 2 disks, though
<hads> You aren't required to do LVM with RAID either, unless you want to.
<helfire> ya, i want to maximize space with the ability to expand (LVM)
<helfire> and the ability to repair if needed
<kirkland> helfire: well, technically, RAID5 is expandible now too
<hads> You can expand a RAID5 array
<helfire> oh interesting
<kirkland> lvm has been able to do that for a long time
<kirkland> but somewhere around 2.6.20 (???) roughly, it became possible to expand raid5
<hads> So if that's the only reason you want LVM it may not be nessecary (although you may want it for other reasons).
<hads> kirkland: Sounds about the right timeline to me
<helfire> could i have raid5 with say 2x250GB, 2x500gb and then add maybe 2x1TB
<kirkland> hads: i know it was just after RHEL5, which was 2.6.18
<helfire> see i keep buying big HD's when they're cheap but my files are just all over, i want one file server with a huge repository
<kirkland> helfire: you sound like a classic case for a raid5 ;-)
<helfire> it doesnt matter that they're a bunch of different sizes? I can just keep extending?
<kirkland> helfire: now you cannot do that
<hads> RAID5 is designed for same size disks
<kirkland> helfire: with raid5, you have to have identically sized disks
<helfire> ahh
<helfire> but i could get around that with making say 500GB LVM "partitions"
<kirkland> helfire: or, rather, if you have a 300, 400, 500, 600 G disks, you'd have 4 x 300G raid5 devices
<helfire> i'm confusing myself on what is the lowest layer RAID or LVM
<kirkland> helfire: you'd put RAID below LVM
<kirkland> helfire: the stack looks something like this....
<kirkland> helfire: disks are /dev/hda, /dev/hdb, /dev/sda, /dev/sdb
<kirkland> helfire: you'd partition a disk into partitions, /dev/hda1, /dev/hdb1, /dev/hdc1
<kirkland> helfire: you'd mark those partitions as type 0xfd, which is Linux software raid
<kirkland> helfire: you'd construct a raid device, /dev/md0, out of a set of raid partitions, say /dev/sd[a-d]1
<kirkland> helfire: you could then format /dev/md0 as a filesystem itself
<kirkland> helfire: or use that as a physical volume for lvm
<helfire> hmm i see
<kirkland> helfire: good luck, i'm signing off
<helfire> alright, thanks for the info
<runes> will adduser.conf run bash commands?
<helfire> could try to put a command in there like `touch /tmp/itworks`
<helfire> but man adduser.conf says it just reads in variables, but it does look very similar to bash
<runes> ok.  The challenge is that I am trying to figure out how to get adduser to create an sql user account at the same time it creted the linux account
<runes> created=creates
<runes> so I'm not sure where to put the commands to get it to run them or how to get it to call an external bash script
<runes> it's a pita to have to first create the user then go into mysql create the user there then create the mail user...
<hads> Why not a wrapper around adduser
<runes> hads can you explain?
<runes> I'm still quite new at linux
<runes> But I ahve no problem looking things up
<helfire> make your own shell script that calls both adduser and the mysql command to add a user
<runes> ok I was thinkign that i twas goign to be something like that
<runes> I guess the good thing about creating the bash script is that I can reuse it for multiple account creations
<runes> thanx helfire
<helfire> ya, you can add as much initial setup as you want to it
<runes> perfect
<helfire> when i was managing users, i had a 700 line perl script to do everything for me
<runes> You knwo I started using ubuntu a year ago...the last few months I started to take the learning more seriously and have figured out virtual hosting a bit of php and some MySQL but in truth the most important things like how to create backups, shell scripting etc I overlooked.. so now I'm forcing myself to use shell commands
<runes> it reminds me of the old dos days only a lot more exciting
<helfire> you can do anything with shell scripts, I couldnt live without em
<runes> the one thing I really don't understand is why there isin't an advanced backup utility for linux
<runes> yes I know tar is the usual way to do things and from what I am reading to create nfs shares to dump to
<runes> but soem kind of util-tool with compression and encryption.
<helfire> rsync?
<runes> oops....ok so there is one
<helfire> well it's simple to use something like rsync and other commands together to get compression and encryption etc that there's no reason to build a new utility
<runes> well back to the man pages I go
<helfire> the simplest just thinking off the top of my head todo remote backups would make a ssh tunnel from one server to the other and rsync over that, it'd give you compression over the network and encryption
<helfire> someone probably has thought of better ways, google i'm sure would come up with some good examples
<runes> one of the ways they mentioned is to tar the files and place them on a nfs mount (usually pointing to some kind of external drive tape or raid array)
<runes> but that makes me think of someone using winrar to back up a windows server only translated to linux
<helfire> ya
<runes> now in linux do you have to worry about locked files when you back them up
<helfire> maybe if your backing up like the active system partition, but if it's just user data I dont worry too much
<hads> rsync supports ssh natively
<runes> so at least I can run it through a remote session
<helfire> see, i havent used rsync forever, my backup needs are so tiny i just do a full tar each time :)
<runes> for me it would be mainly for the /home  /etc and  mysql files
<hads> helfire: rsync foo host:/home/foo/
<runes> helfire, and the tar grabs everything? Including the boot sector?
<helfire> no
<helfire> tar i belive only can grab filesystem files
<runes> ok
<helfire> like tar cvzf home.bak.tgz /home
<helfire> would create a compressed file of home
<helfire> bedtime, i might wake up and try for an iphone tomorrow haha
<runes> bah I'd wait have a good night!
<uvirtbot> New bug: #247795 in mysql-dfsg-5.0 (main) "package mysql-server 5.0.51a-3ubuntu5.2 failed to install/upgrade: AbhÃ¤ngigkeitsprobleme - lasse es unkonfiguriert" [Undecided,New] https://launchpad.net/bugs/247795
<warchief_ryan> doesn't samba use both CIFS and SMB? i'm confused  when there referred to separately as if you can choose to use one or the other with samba...
<uvirtbot> New bug: #247805 in munin (universe) "munin-node missing semi colon" [Undecided,New] https://launchpad.net/bugs/247805
<uvirtbot> New bug: #247806 in munin (universe) "munin-node.postinst has a typo" [Undecided,New] https://launchpad.net/bugs/247806
<chmac> Is there an equivalent of ssh-add I can use in a terminal?
<chmac> Or rather ssh-agent as ssh-add complains that it can't reach ssh-agent
<_ruben> ssh-agent and ssh-add can be used just fine in a terminal
<chmac> _ruben: I was missing the eval $(ssh-add -s) part :)
<_ruben> ah :)
<ctx144k> hello all
<ctx144k> i need an easy mail-server for sending inform,ationmails to an admin-email-adress, and sending cron-nmessages localy
<nijaba> ctx144k: what's easy?  to install?
<ctx144k> yes..
<ctx144k> i configured postfix. but... i have a problem with it
<ctx144k> if i say ion /etc/mailname a really domain mails to foobar@lingox.de are comming in, but mails to locally adresses (from cron and so on) doesent doesent come in
<nijaba> ctx144k: sudo tasksel install mail-server should install and do a basic working config
<ctx144k> if i say in /etc/mailname localhost, i get locally emails, but mails to another server willbe bounced:
<ctx144k> http://rafb.net/p/SFPGA958.html
<nijaba> ctx144k: bounced by whom?  what's the error?
<ctx144k> the another server is bouncing mails wich are from root@localhost
<ctx144k> so i need there a correct name
<nijaba> right, you need to have a correct domain name defined
<nijaba> ctx144k: do you operate your own dns?
<ctx144k> but if i set there a correct name locally emails willnot comming on local pc
<ctx144k> no
<nijaba> ctx144k: for a given domain?
<ctx144k> my pc has no domain
<ctx144k> its a client in internet. i need onmly sending administration emails to another server
<nijaba> ctx144k: so you do not really need postfix
<ctx144k> okay
<nijaba> ctx144k: or a real mail server
<ctx144k> i installed exim4, but there i dont get mails too
<ctx144k> what do i need?
<nijaba> ctx144k: try a package like msmtp-mta
<ctx144k> i need only a way getting locally mail from cron and so on, ans sending emails out
<nijaba> ctx144k: which should allow you to send email to any destination, without having to deal with a full smtp server
<ctx144k> yes
<ctx144k> http://rafb.net/p/knC8Py85.html
<nijaba> http://ubuntu.dustinkirkland.com/manpages/hardy/man1/msmtp.html has some good config example that should be easy to follow
<ctx144k> nijaba, merci its running
<nijaba> ctx144k: il n'y a pas de quoi, andre
<ctx144k> ?!?
<nijaba> ^^french for you ara welcome
<uvirtbot> nijaba: Error: "^french" is not a valid command.
 * nijaba kicks uvirtbot
<nijaba> ctx144k: sorry, your first name and your use of merci, made me thought you spoke french
<cropalato> Some one can help me? Where can i get more info about "NICs standby failover"?
<ctx144k> no iam german :)
<ogra> nijaba, we germans are good pretenders ;)
<ctx144k> but another question, ghow can i disable sending mails in cron?
<ctx144k> all cron-jopbs are sending mails to root
<_ruben> cropalato: you're looking for info on redundant networking or what?
<cropalato> _ruben, yes. redundat network, HA!
<_ruben> cropalato: what exactly do you want to know? the proper term in linux is "bonding" btw
<cropalato> _ruben, i want the my server don't lose any connection if my wire or NIC stop.
<_ruben> cropalato: google will find lots of articles explaining how to configure nic bonding, like http://pmjdebruijn.blogspot.com/2006/04/ubuntu-bonding.html
<cropalato> _ruben, thanks. bonding is the word.
<_ruben> cropalato: the details (like which bonding method to use), depends on your network. like redundant switches or not, or if you want to use both nics for increased bandwith when both nics are operational
<cropalato> _ruben, ok. thanks
<_ruben> yw
<namzezam> using amazon ec2, what is your recommended ami for Ubuntu Server Edition with Nginx on ma.large  (64bit 7.5 GB RAM) ?
<chmac> Any suggestion on how to tell apt that otrs is already configured and no longer requires configuration?
<dthacker> I'm planning on converting my squid proxy to a transparent proxy.   I currently have a cable modem.-->fw/router--->6 pc's  Do I need to move the squid server between the cable modem and fw/router for it to receive all web requests?
<didymus7777> I am running the new hardy server, with the webmin program (boss wants to see stuff) however when I set up the DHCP server with it (or with out it for that matter) even with the step by step fools way of setting it up I still get the error message- "starting DHCP server dhcpd3 ...fail!  I am not seeing what I am screwing up on, in fact I don't even really know were to look. yes I have ip-forwarding set up and the client computer with a stati
<sergevn> nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Invalid credentials
<sergevn> doe anyone know what this error means.
<sergevn> besides invalid credentials ofcourse
<sergevn> sure they are right
<sergevn> getent passwd gives back the correct users
<sergevn> to the connection to ldap works
<sergevn> pulling my hair  out here :P
<dthacker> sergevn: looking at the error message. It expects to find an LDAP server on localhost, and is not finding one?
<sergevn> it finds it
<sergevn> because getent gives back the ldap users
<sergevn> dthacker: :)
#ubuntu-server 2008-07-13
<Derander> Does anyone here understand postfix?
<hads> Some
<Derander> erp, sorry - missed your response until now
<Derander>  I figured it out, hopefully :_)
<ScottK2> lamont: Are you around and at least slightly available to talk about Bug #247332?
<uvirtbot> Launchpad bug 247332 in postfix "Please add a script to allow filter services to be programatically added to master.cf" [Wishlist,In progress] https://launchpad.net/bugs/247332
<schone> hey all
<schone> i was wanting to build a file server for my home network and was wondering is there much difference between using ubuntu server or desktop client?
<ScottK2> Ubuntu Server is only command line.
<ScottK2> It has a kernel optimized for server use.  For a home file server, that's unlikely to matter much.
<schone> so desktop is pretty much server with a gui
<ScottK2> The core of the each is common.
<schone> ah ok , I also wanted to setup a mysql/php , ror envioroment for testing and development
<ScottK2> You can do that on your desktop no problem.
<schone> sweet probably stick with the desktop
<ScottK2> For learning how to manage servers though, you'll want to learn the command line stuff though.
<ScottK2> It really helps you understand your system better.
<schone> ah ok
<schone> is there any prepackaged home server software (alternatives to windows home server?)
<ScottK2> You can do that on your desktop, just use the CLI stuff too.
<schone> cool
 * ScottK2 has never seen Windows Home Server, so has no idea what would be alternative to it.
<schone> ah ok cool
<ScottK2> For server GUI like things, the recommended approach if you want one is ebox.
<ScottK2> !ebox | schone
<ubottu> schone: ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<Derander> Does anyone have any experience setting up postfix? I'm trying to get postfix, courier and sasl working, but I keep getting 'SASL LOGIN authentication failure: password verification failed" when I attempt to send a message.
<schone> nice! thanks scottk2
<ScottK2> Derander: Do you have Postfix working without SASL?
<Derander> I think so
<ScottK2> i.e. if you put an IP address in mynetworks, can you send mail out?
<Derander> if I telnet to port 25 then I can send messages out
<ScottK2> OK
<ScottK2> Are you trying to set up cyrus-sasl or dovecot?
<Derander> erm, I'll figure that out.  one moment please
<ScottK2> !server-guide
<ubottu> Sorry, I don't know anything about server-guide
<ScottK2> !serverguide
<ubottu> Sorry, I don't know anything about serverguide
<ScottK2> Urgh.
<hads> It's in the topic
<ScottK2> Sure enough
<Derander> libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin << the packages that I installed dealing with sasl
<ScottK2> That's cyrus.
<Derander> I thought so
<Derander> (I'm following http://www.howtoforge.org/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu8.04)
<ScottK2> oK.
<ScottK2> Are you open to another approach?
<Derander> sure, why not?
<Derander> I just want a mail server ;-)
<ScottK2> Use Postfix and Dovecot and follow https://help.ubuntu.com/8.04/serverguide/C/email-services.html
<Derander> Will do
<hads> Dovecot SASL is fairly straight forward. I haven't played with cyrus for ages.
<ScottK2> Those are the ones that are the most supported here.
<ScottK2> Yes.  Dovecot is supposed to be dead easy.
 * ScottK2 still uses cyrus, but has a working configuration to copy from ...
<Derander> just dovecot and postfix, or the other things there too?
<ScottK2> You need at least 3 bits: Postfix, sasl (Dovecot), and a mail delivery agent (Dovecot instead of courier).
<Derander> Cool.
<ScottK2> Do you really need squirrelmail nand mysql?
<ScottK2> You'll want some spam filtering too.
<ScottK2> Look at amavisd-new with spamasssassin and clamav.
<Derander> I don't want squirrelmail, mysql doesn't hurt.
<Derander> Yeah, somehow I was getting spamassassin/clamav/amavisd-new in there too
<ScottK2> https://help.ubuntu.com/8.04/serverguide/C/mail-filtering.html covers that.
<hads> I'd start with greylisting (postgrey) and spamhaus lookups, you'd be suprised how much that stops and it's dead easy.
<ScottK2> For a small domain mysql is way overkill
<ScottK2> Agreed.
<Derander> Yeah, there will only be 3 users on this domain ;-)
<hads> Agree, you then have to factor in mysql being up to receive mail.
<ScottK2> Yep.
<hads> I'd just use a passwd-like file for dovecot.
<hads> You could use system users although I prefer virtual myself.
<Derander> I would like to use virtual.
<hads> Well I just setup a new hardy VM with postfix/dovecot yesterday to replace my current home server so if you get stuck I should be able to help.
<Derander> Okay, I'm stuck!
<Derander> What should I put in mynetworks?
<ScottK2> Leave it be unless you want to allow people to send mail based on IP address alone.
<hads> It should by default have something like 127.0.0.0/8 etc.
<Derander> Okay,
<hads> Which is fine.
<ScottK2> The other stuff is for IPv6 and is harmless.
<Derander> Okay :-)
<Derander> Oh lord
<Derander> All of the configuration files from my previous three attempts are still around
<Derander> I attempted deleting them once and borked aptitude
<Derander> Ah, figured it out.
<Derander> Man, setting up a mail server has been a massive undertaking - I set up apache/ruby/php/mysql/rails in 10 minutes..
<Derander> this has bee 12 hours
<ScottK2> The first one is really hard.
<Derander> I've noticed :-(
<ScottK2> I can go from parts in boxes to a running server in 3 or 4 hours including testing.
<Derander> Yeah, I'm only a hobbyist sys-admin
 * ScottK2 actually had to do that once when a box died during a maintenance outage.
<Derander> so this is my first shot doing it myself
<Derander> Hah :-)
 * ScottK2 is primarliy a consultant, but runs some small services.
<Derander> I work as a programmer :-)
 * hads is a jack of all
<Derander> Hee
<Derander> on to SASL
<ScottK2> For future reference, don't manually remove config files.
<ScottK2> Use the purge option when you remove the package and they'll go away.
<ScottK2> Manual removal confuses the packaging system.
<Derander> Yeah.
<Derander> I figured that out ;-)
<ScottK2> OK.
<hads> This may help as a sample dovecot.conf; http://paste.pocoo.org/show/79291/
<Derander> Will I need that, or is the one that the guide sets me up alright?
<hads> You don't need that at all, though it may be useful as a sample to refer to.
<hads> I haven't actually read the guide
<ScottK2> sommer: You may want to pay attention to this to see how the mail setup stuff in the server guide is working.
<Derander> Ah :-)
 * hads goes to read the guide
<ScottK2> sommer wrote or assembled most of the guide, but is probably sleeping now.
<Derander> Cool
<Derander> When configuring postfix, I created two certs
<Derander> two ssl keys
<Derander> er, no I didn't
<Derander> It appears to be working
<Derander> Or almost, I can't receive messages.
<Derander> What format is used for the password file?
<Derander> (referencing your paste hads)
<hads> Derander: http://wiki.dovecot.org/AuthDatabase/PasswdFile
<Derander> If I'm using virtual users, with mail_location = Maildir:/home/vmail/%n/mail, do I need to specify anything other  than user:pass in the passwd file?
<Derander> I don't.
<Derander> Okay, I'm failing.
<Derander> I'm trying to use virtual users
<Derander> http://paste.pocoo.org/show/79292/ -- dovecot.conf
<hads> You've got pam auth enabled for userdb and passdb
<hads> Might want to disable that.
<Derander> Yeah, I noticed that and got rid of it a little while ago - I think I might have it now
<Derander> my users file was formatted as a password file, I'm making it into a user file
<Derander> Bingo
<Derander> Bah, dovecot still won't accept messages.
<Derander> hads: this is the deal, I'm completely able to send messages, and view my 'sent' folder.
<Derander> what I'm NOT able to do is receive messages
<Derander> http://paste.pocoo.org/show/79293/ contains all of the information I could think of
<Derander> I'm trying to use virtual users.
<ScottK2> What do your logs say when a message delivery is attempted?
<ScottK2> Derander: ^^^
<Derander> one moment
<Derander> http://paste.pocoo.org/show/79294/
<ScottK2> First rule of mail server troubleshooting is always look in the logs.
<Derander> Right
<ScottK2> Derander: You want andymo.org mail delivered to this box, right?
<Derander> yes
<ScottK2> Then that domain needs to be in mydestination in /etc/postfix/main.cf.
<ScottK2> Otherwise postfix doesn't know it's to be delivered locally and thinks it's a relay attempt.
<Derander> ah.
<Derander> well, this time it didn't reject it.
<Derander> It does keep redirecting ot to andrew@mail.andymo.org
<Derander> when I send to andy
<Derander> but I think I know why
<Derander> yes, now it is going through
<Derander> but I get <andy@andymo.org>: Recipient address rejected: User unknown in local recipient table; from=<derander1324@gmail.com> to=<andy@andymo.org> proto=ESMTP helo=<wf-out-1314.google.com>
<ScottK2> Is the domain set up as a virtual domain?
<Derander> Nothing is setup beyond what is in the big paste.
<Derander> I'm sorry I'm such a bother
 * ScottK2 suggests some reading from http://www.google.com/search?q=virtual&sitesearch=www.postfix.org
 * ScottK2 needs to get to bed.
<Derander> Have a nice sleep :-)
<Derander> Looks useful
<ctx144k_> hello all, anyone have experiences with kolab2.1/2.2, ldap and ubuntu8.04
<ctx144k_> ?
<kgoetz> hi all. if i want software raid (mirroring) do i use the lvm option in the installer?
<kgoetz> the 'net doesnt seem to be helping me muh yet
<_ruben> kgoetz: lvm doesnt give you raid, you need the raid option for that, sw raid often is combined with lvm though (lvm on top of raid)
<kgoetz> hm. found a guide on help.ubuntu.com. i'll ry that out
<kgoetz> _ruben: i didnt think lvm was used for raid, but i dont see a 'raid' option in the installer
<_ruben> kgoetz: it'll show up when you mark a partition as "use for raid"
<kgoetz> _ruben: aah. thanks.
<erichammond> Depends what kind of RAID you want.  You can use LVM to stripe across two physical disks which is similar to RAID 0.
<erichammond> To be clear, that's not mirroring.
<hads> mirroring is what kgoetz was after
<erichammond> hads: Yes, just being pedantic.
 * kgoetz waits for raid to format (i'm expecting the build+format will take some time)
<kgoetz> hm. it hasnt taken long
<uvirtbot> New bug: #248067 in mysql-dfsg-5.0 (main) "mysql server can't be started: mysql.host doesn't exist" [Undecided,New] https://launchpad.net/bugs/248067
<_ruben> kgoetz: building of the raid happens in the background .. you can use it as soon as its recreated, even though it could take hours and hours for it to finish building :)
<_ruben> kgoetz: check /proc/mdstat for its status
<_ruben> or mdstats
<kgoetz> _ruben: looks like it'll take a whil to build - i might sleep on it ;)
<_ruben> ;)
<Wassasin> Hiya
<Wassasin> Can anyone help me with the configuration of my pure-ftp server daemon? I can't force it to accept more then 3 connections as the same user
<mrmonday> I've just compiled mysql 5.1.26 from source, to replace my 5.1.25 install, and I can't get mysql to start again - I get "Manager of pid-file quit without updating file." when I try to, any ideas?
<ScottK> mrmonday: My idea would be don't compile from source on a Debian/Ubuntu system.  Use the package management system.
<mrmonday> why does everyone say this instead of helping me with the problem :S
<mrmonday> it worked before when it was compiled form source about a week ago, it's only a new version
<ScottK> Why do you think that's not help.  It's  a serious suggestion.
<mrmonday> thanks for your suggestion, but I'd rather fix my problem
<ScottK> Even when I want to update a package, I update the debian package and build that.  I never install direct from source.
<mrmonday> you aren't me though :S
<ScottK> Yes, good luck.
<ScottK> I will note that I'm not here asking for help getting something to work.  All my stuff is working.  That may or may not be a relevant fact to you.
<mrmonday> it isn't, I just want to get my server back online
<ScottK> Debian does have an experimental 5.1.25 package.
<ScottK> http://packages.qa.debian.org/m/mysql-dfsg-5.1.html
<ScottK> Since building from source isn't working for you, you might try building .debs from that and using them.
<mrmonday> I had 5.1.25 runing before (compiled from source), which I had no problems with
<ScottK> Then you'll probably have more luck on a mysql oriented forum than a Debian/Ubuntu one.
<mrmonday> I've just compiled 5.1.26 using the same method, and it doesn't seem to work now
<mrmonday> ScottK: they just bash me for using ubuntu when I ask in #mysql
<ScottK> You're using Ubuntu, but you don't want to manage packages the Ubuntu way, so I don't know how to help you.
<ScottK> Good luck.
 * ScottK heads out.
<dthacker> I'd like to make my ubuntu squid server do transparent proxy.  I currently have cable modem--->router/fw--->switch----->PC's and servers.   Do I need to move the squid server between the cable modem and the router/fw to force all the traffic through it?
<ScottK-laptop> lamont: Ping.
<lamont> echo-reply
<lamont> I glanced at the script, will look at it more later today, btw
<ScottK-laptop> lamont: Great.
<ScottK-laptop> If that's generally suitable, it's be easy to replicate into one to do the same for policy servers.
<ScottK-laptop> lamont: After the last big round of "Debian/Ubuntu are insane to chroot by default", it was suggested that providing a 'unchroot' script would be a useful compromise.  Thoughts on that?
<lamont> sure
<lamont> that'd let me close my outstanding debian serious-bug
<ScottK-laptop> OK.  If you like the add-filter script, that's about half the work towards chroot/unchroot scripts.
<lamont> cool
<osmosis> how difficult is it to setup a SMTP server ?
<ScottK-laptop> Depends on how much you know about SMTP, your exact requirements, and if you're willing to spend money on a book.
<ScottK-laptop> osmosis: ^^
<osmosis> ScottK-laptop: sounds like you are saying it is a lot of work.
<osmosis> ScottK-laptop: i can't just apt-get install postfix and be done.
<ScottK-laptop> No, I'm saying it depends.
<ScottK-laptop> Possibly.
<ScottK-laptop> The postfix I run on my laptop was installed that way.
<ScottK-laptop> The postfix I run on my prodcution mail servers needes some significant configuration and other bits added in.
<osmosis> brb
 * ScottK-laptop back later.
<osmosis> back
<osmosis> Are you talking about just the basic postfix configuration, or is there more...like dns settings that need to be done, reverse dns.
 * delcoyote hi
<nealmcb>  osmosis: your requirements are the main issue, I'd say.  If you want good anti-spam defenses, in my experience it is a pretty significant ongoing hassle, but recently things have gotten better.  If you just want to be able to send occasional emails from a personal domain, and really use another address and server for most mail, it can be pretty easy
<osmosis> nealmcb: i just want to be able to send some mail from a php script, and have full control over the headers...which requires using a local server and not a remote smtp server.
<jpds> ErikWestrup: Please fix your connection.
<ErikWestrup> jpds: Everything is fixed now.
<jpds> ErikWestrup: Cheers! :)
 * Derander crosses his fingers, c'mon.. work mailserver, work!
<ErikWestrup> jpds: I was configuring the proxy in irssi, i'm sorry for the disturbing *quit-messages*
<Derander> OMG IT WORKS!
<Derander> Oh wait..
<Derander> nevermind
<__stress___> ï»¿I ï»¿ accidentally deleted some of my /home/"user" config files and now when I type "sudo any_command" and "tab" the command so that it can be auto-completed it does not complete....otherwise when I just type the comand and tab it, it auto-copletes...what can I do?
<Derander> Mine has never done that, so I have no idea :-)
<mralphabet> __stress___: sounds like you lost your .bashrc file
<mralphabet> create another user, copy theirs
<__stress___> I copied .bashrc and .profile from the root changed the permissions and the like...and it's the same way :D
<Derander> OMG! I've done it!
<Derander> MAIL WORKS!
 * Derander dances
<Derander> ScottK: If you're still around, thanks for all of your help! Got it working!
<Derander> Hads: Thank you too!
<hads> Derander: Well done. I just got up :)
<Derander> :-)
<Derander> Now to turn on spamassassin and all that jazz :_)
<Derander> back shortly, putting users online
#ubuntu-server 2009-07-06
<DormantOden> hey again, anyone know hoe I can give rtorrent permission to create directories?
<DormantOden> is it possible to give programs a group to run under?
<ghostlines> interesting questions
<DormantOden> i think apache2 uses www-data
<DormantOden> but i need to give rtorrent somthing...
<oh_noes1> hi, is this possible? => http://ubuntuforums.org/showthread.php?p=7567278#post7567278
<storrgie> yallo, question about virtualization
<storrgie> I am familiar with vmware workstation, I was going to put vmware server on my headless server.... mainly because of the web interface
<storrgie> vmware server seems to be shit though, there is a ton of issues with linux... most notably bridged networking
<storrgie> anyone using vmware server in jaunty server? or would you suggest anything else?
<qman__> n0gearII, sudo apt-get update && sudo apt-get upgrade
<mattt> storrgie: i've used it, found it to be much easier to use than xen :)
<storrgie> I want to get bridged networking working
<storrgie> http://serverfault.com/questions/26156/why-doesnt-bridged-networking-work-on-vmware-server-2-0-w-ubuntu-9-04
<mattt> storrgie: only used it on RHEL, sorry :(
<bsmith_> Hi I am attempting to setup a basic webserver using a Linux WRT54G router, ubuntu 9.04 32-bit server edition, and the howtoforge.com/perfect-server-ubuntu-9.04-ipconfig-3.  I just got started and can't set up the openssh.  Can someone help?
<twb> stgraber: re "anything else", the recommended virtualization system for Ubuntu is KVM.
<twb> Sorry, bad completion (storrgie left).
<bsmith_> anyone care to help?
<PhotoJim> bsmith_: it should just work, but if you expect to telnet to your Ubuntu box from remote, you'll either need to give it its own public IP (best), or port forward ports from your router.  port 22 is the ssh port.
<PhotoJim> bsmith_: oops, not telnet, of course.  ssh.
<bsmith_> PhotoJim: I think my issue is with the static IP.  My ISP doesn't allow for static Ip, how do I get around this?
<bsmith_> p.s. sorry for the late response
<PhotoJim> bsmith_: ahh, that's a tough one.  there are services that can work around it (see dyndns.org) but the best solution is to pay the extra fee for a static IP.  I can't help you with dyndns.org because my ISP gives me two static IPs automatically so I was good to go from the beginning.
<PhotoJim> bsmith_: the workarounds will still break from time to time, whenever your IP changes, until the change perpetuates in the DNS system.
<bsmith_> So I don't need to setup the static IP.  I actually wanted to use dyndns.org, untill I can purchase a static IP. (in college now).  Will i run into any issues in the howto if I don't set up the static IP?
<PhotoJim> yes, that will buy you some time.
<PhotoJim> you shouldn't have any problems, except that it will occasionally break and you won't be able to access it from remote.
<PhotoJim> it should automatically fix itself.  I'm not sure how long dyndns needs to fix itself after an IP change.
<PhotoJim> I'm guessing it's in the order of minutes to an hour or two at most, but I'm guessing.
<bsmith_> as far as I know, you can set it to update every 5 mins minimum.
<bsmith_> which is fine by me.  But can I use this server as both a web server and a media server. (bsmith.dyndns.org/web.html, and bsmith.dyndns.org/media.html?
<PhotoJim> well, try it.
<bsmith_> I haven't set it up yet.  I also assume I need apache
<PhotoJim> and I don't know, but I don't see why not.  it's pointing stuff to your IP.  your machine determines what services are running.
<PhotoJim> yes, or lighttpd which is a great web server for smaller machines.  wikipedia uses it.
<bsmith_> thanks for you help, I will attempt to set this up.
<PhotoJim> I use apache, but only because I didn't know about lighttpd.  I probably would use lighttpd today if I were to do a new installation.
<PhotoJim> no problem.  good luck.
<uvirtbot`> New bug: #395970 in drbd8 (universe) "Please merge drbd8 8.3.2~rc2-1(main) from debian unstable(main)" [Undecided,New] https://launchpad.net/bugs/395970
<twb> When was/is the EOL date for Ubuntu Server 6.06 LTS?
<ajmitch> I'd assume it'd be around the start of june 2011
<ajmitch> though I don't recall seeing a definite date
<twb> !eol
<ubottu> End-Of-Life is the time when security updates for an Ubuntu release stop. See https://wiki.ubuntu.com/Releases
<ajmitch> 6.06 was announced on 1 june 2006, so it ought to be 5 years from that date
<domas> 5 years it will be
<twb> What was the firewalling solution in 6.06 (i.e. prior to ufw)?
<ajmitch> as far as I know, it was just iptables, no frontends involved
<twb> ajmitch: was there any code to load tables on boot or if-up?
<twb> I remember that the Debian iptables packages have no such thing
<ajmitch> not beyond the standard iptables-save/load commands
<ajmitch> iirc it was pretty much just like debian
<twb> Debian's one doesn't even do that :-/
<twb> Anyway, that's pretty much what I thought, thanks.
<VK7HSE> just wondering if there is a howto for purging the Amais-New virus directory? as over time this gets quite full of spam/bad headers/virus mail ???
<MTecknology> I'm trying to do /usr/sbin/logwatch --detail 10 --range '-1 week' --mailto michael@domain.com but the report returned says "Period is day."
<MTecknology> Is that what's supposed to happen?
<twb> Any reason you're using logwatch instead of logcheck?
<MTecknology> logcheck is what I knew
<twb> I'm Not A Fan(TM) of logwatch's whitelist-oriented reporting.
<twb> If there's a daemon that logcheck doesn't know about, I want it to tell me instead of silently ignoring those log entrie.
<twb> ...which is what logwatch does.
<MTecknology> so.. logcheck -m michael@domain.com -Rsu
<MTecknology> how close is that to what you use
<MTecknology> ?
<MTecknology> even though what I typed is wrong
<twb> Actually I just let logcheck run automatically as part of its cron job.
<MTecknology> twb: you don't set it in a crontab?
<twb> MTecknology: correct.
<MTecknology> twb: so if I set the email addy for it the cron is already set up and it'll work?
<MTecknology> ok
<MTecknology> twb: thanks
<MTecknology> twb: massive email report, no nice summary :P
<MTecknology> but very detailed
<twb> MTecknology: yes, then you add whitelist for the entries you don't care about
<MTecknology> nice
<MTecknology> twb: did you know linux is dead because microsoft says it is? This is funny - http://satirewire.com/news/0101/linux_quit.shtml
<simplexio> im trying to install latest vanilla kernel to ubuntu-server which boot away from being 9.04 .. i made .deb and noe trying to install it with dpkg i get error and i dosent install it
<twb> MTecknology: I'm not interested in Microsoft./
<MTecknology> twb: I just thought the thing was a funny read, it's not based on any facts.
<twb> simplexio: why do you need a non-standard (i.e. non-Ubuntu) kernel?
<simplexio> i dont need it. i just have used to upgrade latest vanilla on every reboot
<simplexio> i mean this used to be trivial stuff. make menuconfig ;
<simplexio> sudo make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers
<simplexio> and the dpkg -i .deb
<simplexio> this cant be this hard
<simplexio> this one of those thing that used to work allways on my 32bit desktop, now this 64bit server allways complains shit
<MTecknology> simplexio: What is your reason for using Ubuntu and not an Ubuntu kernel?
<simplexio> well last one did fail with swapper now and then
<simplexio> besides .27 is like what year old ?
<MTecknology> Why didn't you report a bug instead?
<simplexio> and point was also, that make-kpkg used to be idiot sure way to compile and add kernel to grub (and maybe in future remove it using dpkg) why it isnt working now
<MTecknology> I'm using 2.6.28-13 right now. If you want the latest kernel, you should be using the latest Ubuntu.
<MTecknology> Just my opinion on it
<simplexio> this did offer me 27.11 after dist-upgrade,, need to check it again
<_ruben> or take a look at the mainline kernel builds as provided by the kernel team
<simplexio> you still miss the point. what im missing now here, am i doing something wrong or is there some bug in Ãºbuntu, i create custom kernel using : sudo make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers && dpkg -i *.deb
<simplexio> i can go easy way and learn nothing. or figure out whats wrong and fix it and learn somethign
<simplexio> because that way has been working and i dont see any reason why it shouldnt work anymore
<MTecknology> simplexio: I think the point we're getting to here is that a customized kernel isn't supported in here. You might want to try ##linux instead.
<MTecknology> twb: does that sum it up?
<simplexio> MTecknology: so ubuntu dosent support make-kpkg ?
<twb> MTecknology: yes, but I also asked because usually YAGNI applies
<simplexio> i dont have problems with custom kernel or compiling it, i have problemswtih make-kpkg and dpkg which dosent want install .deb package
<twb> Since simplexio already knows about make-kpkg, I assume he more or less knows what he's doing
<twb> simplexio: in what way does dpkg -i complain?
<simplexio> and far as i know those are part of ubuntu
<_ruben> simplexio: https://wiki.ubuntu.com/KernelTeam/KnowledgeBase
<MTecknology> looks like 2.6.31 might be in karmic :)
<MTecknology> Is it possible to use a new kernel without rebooting? Or rebooting in a lot less time?
<MTecknology> I know the obvious answer, I just want to be able to deploy a new kernel without the time. I heard something about doing this a while ago.
<simplexio> http://pastebin.com/md0e2d1a , error have been same alltime
<simplexio> actually it seems that custom build dosent make /lib/firmware/(uname -r)/ it just tries to dump all firmware to /lib/firmware/
<twb> MTecknology: AFAIK, no
<_ruben> ksplice .. www.ksplice.com .. quote: "Ksplice: Rebootless software updates"
<twb> Anything with a â¢ in its name makes me very suspicious
<twb> "Unlike previous hot update systems, Ksplice operates at the object code layer, which allows Ksplice to transform many traditional source code patches into hot updates with little or no programmer involvement. In the common case that a patch does not change the semantics of persistent data structures, Ksplice can create a hot update without a programmer writing any new code."
<twb> Sounds like they're basically swapping in new .ko files and telling the kernel to reread them.
<twb> And obviously it only allows you to handle a subset (80%, by ksplice's reckoning) of security updates -- you wouldn't be able to drop a whole new kernel in there without rebooting
<pirx> hi! if i want to install a 8.04 with some added software via the network to a bunch of servers, what method is easiest/best? one of these https://help.ubuntu.com/community/Installation#Server%20and%20network%20installations ? like Localboot or NetBoot?
<simplexio> that was intresting 8.10 custom kernel install didnt work, after i did upgrade to 9.10 right way ( this time i changed source.lst for apt) it works just like it has been working
<_ruben> livin' on the edge eh :)
<proti> morning
<RoyK> hm... I have some problems with a box here, running 2.6.28.13 (ubuntu 9.04). The system's processes are using a total amount of 2,5GB of memory as reported by ps axv, but free reports 3,8GB memory and 2,5GB swap used. Where did all that go?
<RoyK> proti: afternoon
<proti> RoyK: Think about disk cache and shared memory
<proti> See the cached and shared items of top.
<proti> I need some help with kerberos migration.
<proti> I want to move kerberos files to an LDAP tree.
<proti> I did find some relevant hint on google.
<proti> But only when creating Realms, not moving realms from file db backend to LDAP tree.
<j0nr> hi all, just set a mail server (8.04) I have it set up with maildir. In my home directory I have maildir and within this there are subdirectories for different accounts. I use mutt to view mail that comes into 'maildir' and then move them into the coressponding sub directories.
<j0nr> What i am wondering is if these subdirectories can be accessed thru imap.
<j0nr> the mail server is imap, but I only get to see that top level (i.e. in squirrelmail)
<j0nr> how can I see the subdirectories in imap client?
<proti> You have to tell the imap server that you are using the Maildir format.
<proti> j0nr: What kind of imap server ?
<j0nr> proti: dovecot
<j0nr> if thats the right answer :)
<j0nr> I installed dovecot and postfix
<j0nr> imap and imaps protocols
<j0nr> using maildir format
<j0nr> ah...all I had to do was rename my sub-directories to '.subname' i.e. add the dot in front of it.
<RoyK> proti: aware of that - it was anonymous memory pages - almost nothing left for caching
<RoyK> 50kB or so
<sandstrom> jdstrand: You were kind and helped me with some ufw troubles a few days ago. Your conclusion was that the state module wasn't present. Would you mind another question or two on this issue? My VPS-provider are claiming that the state module is present, and that my rules are wrong. Even though I have reinstalled everything twice and checked things quite a lot.
<proti> RoyK: Could you paste the top header ?
<jdstrand> sandstrom: simply show the VPS-provider the rules that are failing (substitute 'ufw-before-input' for INPUT). show them both the ctstate and state rules you tried
<sandstrom> jdstrand: would this work if the state module was installed (eg. should this be proof enough)?
<sandstrom> http://pastie.org/535670
<jdstrand> sandstrom: yes-- I just confirmed here on a hardy kernel
<sandstrom> thanks
<jdstrand> sandstrom: incidentally, to clean those out, use 'iptables -F foo;iptables -X foo'
<jdstrand> (that remove the foo chain)
<sandstrom> thanks
<AnRkey> does any1 know off hand if there is a problem with the mail-server virtual package on jaunty server? I'm about to go and try to reproduce the package install error on a VM but if it's already reported then what's the point.
<AnRkey> i'm installing the mail server from the net-install pxe image
<heath|work> how can I kill all ssh sessions?
<ivoks> kill ssh on that tty
<heath|work> have you ever had a problem connecting to virsh ? I can't control any machines... it just hangs on connecting to quem:///system
<heath|work> Do you know if I can restart libvirt without it kill all the machines?
<Travis-42> what is a good tool for quickly allowing one to browse log files and, possibly, sending email alerts about certain log messages?
<storrgie> anyone here using vmware server?
<KillMeNow> hello folks...  anyone know why libapache2-mod-security got yanked from the repos?
<jdstrand> KillMeNow: https://wiki.ubuntu.com/SecurityTeam/FAQ#Packages
<jdstrand> heath|work: you should be able to with libvirt 0.6.0 and later
<heath|work> thanks... I got it jdstrand
<oioiii> Hello, Im using php5.2.9 with mysql-server5.1.34 from dotdeb.org on ubuntu8.04lts, all seems fine but php is reporting mysql version as 5.0.18 rather than 5.1.34. Is this a concern? How can I change this?
<KillMeNow> have you restarted your apache2 server yet oioiii?
<KillMeNow> not sure if that will do it
<oioiii> no, it wont, just asked the same question over at #mysql and they said I should be fine...
<KillMeNow> ok Jdstrand...  they took it out of the 8.04 version and it's back in version 9, how can i upgrade my system to version 9 w/o reformatting?
<KillMeNow> i've done the dist-upgrade
<KillMeNow> should i just repoint apt to the newer repos?
<Hans_the_german> how good is ubuntu server compared to centos?
<KillMeNow> each distro has pluses and minuses
<KillMeNow> i used to use Centos exclusively and went to Ubuntu...
<Hans_the_german> if a may ask how many users?
<Hans_the_german> i am to setup server with function as a mail gateway, firewall, webproxy and ipsec server with freeswan
<KillMeNow> so you're looking to make something in to a firewall?
<Hans_the_german> aswell yes
<KillMeNow> check out smoothwall.org
<Hans_the_german> nah
<Hans_the_german> to limited
<KillMeNow> can do everything you just listed
<KillMeNow> heh ok?
<Hans_the_german> not powerfull enough
<Hans_the_german> i can only do what is provided by smoothwall, i cant change and add functions
<Hans_the_german> features like dkim,greylisting etc
<KillMeNow> ok
<Hans_the_german> dont like firewall policy its to limited
<Hans_the_german> no for large site
<KillMeNow> well, i run my stuff from ubuntu, like greylisting etc
<Hans_the_german> maybe a small network
<KillMeNow> in the end i think it's preference
<KillMeNow> i like the aptitude manager better than yum
<KillMeNow> plus i can tell you from experience, that centos won't run my IPtables tarpit
<KillMeNow> well not a tarpit per se, but the auto deny after X attempted connections for them script kiddies
<Hans_the_german> debian seems to be more secure and stable from what i hear and people are affaired of using ubuntu directly on the net...it seems
<KillMeNow> ubuntu is from the debian
<Hans_the_german> yes i know
<KillMeNow> er derived from
<KillMeNow> and as long as you follow standard security rules, you should be ok
<KillMeNow> i've had Ubuntu on the "net" for years w/ few problems
<KillMeNow> biggest issue i've had is getting apparmor to work
<Hans_the_german> ok and what about stability and performance?
<KillMeNow> i've run Ubuntu on my HP 2000LPR server w/ Megaraid for 2 years w/o any issues...  even had it attached to a 12 disk scsi raid shelf w/o any issues
<KillMeNow> I migrated from 6.06lts to 8.04 a while back w/o any issues...  it's running on a Dell 1750 dual Xeon
<KillMeNow> it's now been up for 34 days since my last reboot
<KillMeNow> course, i don't do any really heavy website action
<Hans_the_german> mmm...
<KillMeNow> however, i do some contract work for a couple business that run asterisk on Centos
<Vog> I haven't had any problems more with ubuntu on the net than other distros. Just make sure you do you updates and know what is running on your server.
<KillMeNow> and those are heavily hammered on a regular basis
<KillMeNow> yeppers...
<Hans_the_german> well i a bit scared of ubuntu in a high volume enviroment...
<KillMeNow> i'm trying to figure out how to get the apache-mod-security for 8.04
<Vog> A few of my boxen at other sites are HAMMERD with traffic during business hours
<KillMeNow> LOL...  i don't want to reinstall Ubuntu 9 over the top of it
<ScottK> Hans_the_german: What makes you think Debian is more secure than Ubuntu?  Ubuntu is more aggressive about using compile time hardening options than Debian.
<Hans_the_german> http://it.slashdot.org/article.pl?sid=07/08/15/1341224
<Hans_the_german> i dont like this,,,
<KillMeNow> ok, maybe we should google all the different flavors of Linux and see which ones have been hacked
<KillMeNow> when you read the article, it says that some ppl were not using smart security practices
<ScottK> Hans_the_german: I was around when that came to light and it's really attributable to poor administration practices.  There's no distro so secure you can't shoot yourself in the foot.
<KillMeNow> so very true ScottK
<Vog> I know of an administrator who I could hand over a bastill elinux install and he could make it hackable after a month on incompetance
<Vog> I quote " why can't we have 6 character passwords without numbers? You make us more unsecure by making me write these complicated passwords down on postits "
<Vog> He dosen't work for me anymore.....
<Vog> doesn't ^^
 * jmedina writes hashed paswords on posticks
<zende> I'm having trouble with apt-get on clean installations of hardy and jaunty using vmbuilder
<zende> anyone here who could help?
<KillMeNow> sorry, none from me
<KillMeNow> haven't played with vmbuilder yet
<zende> KillMeNow: thanks for the response
<zende> anyone else?  I'm getting 'E: Method http has died unexpectedly!'
#ubuntu-server 2009-07-07
<KillMeNow> http://www.linuxforums.org/forum/ubuntu-help/104116-apt-get-error-e-method-http-has-died-unexpectedly.html
<KillMeNow> check that out Zende
<KillMeNow> hope it helps
<zende> KillMeNow: I saw that thread, but it doesn't have enough information to help
<zende> apt-get segfaults when writing gpg keys
<zende> [pid  1911] write(4, "-----BEGIN PGP SIGNATURE-----\nVer"..., 189) = 189
<zende> [pid  1911] +++ killed by SIGSEGV +++
<KillMeNow> hrm...  you can always try to truss the gpgkey creation
<KillMeNow> see exactly where it's barfing
<zende> KillMeNow: how do I do that?
<KillMeNow> http://www.cyberciti.biz/faq/howto-use-linux-truss-strace-command/
<KillMeNow> you should be able to monitor all the system calls etc using that
<Bookman> I just installed denyhosts in 9.04 desktop and I modified the .conf file.  Now when I start it up and examine the denyhosts.log file it does not seem to be picking up the settings that I've changed in .conf even though it says that it is pointing to the right .conf file.
<Bookman> *denyhosts.log file is just denyhosts
<dinger2006> anyone used imagemagick?
<KillMeNow> only used it for gallery2 long time ago
<dinger2006> ah ok, noone ever used it for conversions?
<Bookman> Anyone online that can lend a hand with a denyhost installation in 9.04 desktop?
<teddy_> running ubuntu from a usb flash drive...apt-get update and apt-get upgrade...The update is very slow...973 B/sec.  I was wondering if this was because it is a flash drive, or that mirror is very slow
<teddy_> how do i change mirrors to find out if its the mirror or the faslh usb ?
<twb> teddy_: it's more likely to be the mirror.
<jmarsden> teddy_: On Ubuntu server, change the mirror you use by editing /etc/apt/sources.list .  You may also want to check your general Internet connection speed is decent -- maybe it is not the mirror but is your network connection??
<twb> If I saw 973B/sec, I would assume that someone has kicked out the network cable
<twb> And the reason it doesn't say 0B/s yet is because it's averaging against a much faster initial speed (before the cable was yanked).
<teddy_> i got Karrrazy bandwidth
<twb> teddy_: you're in the caucasus?
<teddy_> whats that?
<twb> teddy_: a mountain range.
<teddy_> no
<twb> Because "Karrrazy" sounds like an eastern European name :-)
<twb> http://en.wikipedia.org/wiki/Caucasus
<teddy_> usb flash drive system, apt-gets now much faster after changing mirrors
<nick125> Good evening. What virtualization method would you guys suggest for virtualizing Linux guests on Ubuntu on a system without VT?
<teddy_> xen
<jmarsden> virtualbox-ose
<jmarsden> It all depends what the guests will be used for...
<nick125> They'll be used as servers
<nick125> Right now, I have a Gentoo-based Xen box that I have three VMs on, running all of my network services. I want to migrate that server to Ubuntu, but I want to reevaluate what virtualization solution I'm using.
<jmarsden> xen or vmware server are the logical choices for that, I would think.
<nick125> Hm. I've never used VMWare Server.
<teddy_> 64-bit CPUs and Vmware ESXi
<nick125> teddy_: Unfortunately, I can't spend money on new hardware...and ESXi doesn't support softraid
<mattt> nick125: i think the latest version of ubuntu only supports kvm, so be careful which release you end up using
<twb> Ubuntu never supported vmware directly.
<mattt> twb: i mean as opposed to supporting both xen & kvm :)
<twb> Ah, sorry, I wasn't paying attention.
<twb> You mean Ubuntu libvirt doesn't support xen?
<mattt> (i wasn't clear tho, thanks)
<mattt> twb: i don't think there's a xen kernel in jaunty
<twb> Does the Dom0 need a special kernel?
<mattt> my dom0 lenny box: 2.6.26-2-xen-686
<mattt> perhaps there is a xen kernel on jaunty now, there wasn't when it was first released tho
<twb> mattt: did you have universe turned on?
<mattt> twb: i ended up using lenny instead :)
<jmarsden> http://packages.ubuntu.com/jaunty/xen-hypervisor-3.3
<jmarsden> "... An example config file for this kernel and documentation on how to build it can be found in the xen-docs package." -- in other words, you need to build your own dom0 kernel, apparently.
<mattt> jmarsden: PITA!
<jmarsden> mattt: Maybe.  You're unlikely to be updating your server's dom0 kernel every week, you aren't likely to auto update that kernel either... and you can (presumably) script the kernel build process, so it's mostly a one-time cost.
<billybigrigger> anyone alive?
<billybigrigger> and that uses awstats? how do i get apache to either spit out 1 large access.log for awstats to read, or have awstats read access.log and keep it continuous
<billybigrigger> every time apapche rotates the log, i loose all the stats, so i only end up having logs for a couple of days
<jmarsden> billybigrigger: Read the comments in /etc/awstats/awstats.conf regarding the logfile and use of pipes...
<billybigrigger> pipes, ahh, thanks jmarsden
<jmarsden> Should be lots of ways to recombine your log files and feed them to it that way.  Maybe LogFile="cat /var/log/apache2/*.log |"  or similar
<billybigrigger> jmarsden, the logs are ouputting to .log and .log.1 log.2
<billybigrigger> would access.* or *.log* work better?
<billybigrigger> althought i would like to encorporate other_vhosts_access.log
<billybigrigger> so *.log* would be my best option yes?
<billybigrigger> webalizer doesn't like that command
<billybigrigger> awstats worked ok
<billybigrigger> but webalizer.conf looks for logfile /var/......
<billybigrigger> not logfile="/var/....."
<billybigrigger> Webalizer V2.01-10 (Linux 2.6.28-11-server) locale: en_US.UTF-8
<billybigrigger> Error: Can't open log file "cat /var/log/apache2/*access*.log* |"
 * soren wonders where uvirtbot went
<henkjan> uvirtbot is lost in cyberspace ( 19:20 -!- uvirtbot` [n=supybot@amdi.linux2go.dk] has quit [Read error: 113 (No route to host)]
 * soren taps fingers
<soren> uvirtbot: Welcome back.
<uvirtbot> soren: Error: "Welcome" is not a valid command.
<uvirtbot> New bug: #396326 in php5 (main) "package libapache2-mod-php5filter 5.2.10.dfsg.1-1ubuntu1 failed to install/upgrade: subprocess post-installation script returned error exit status 10 (dup-of: 396327)" [Undecided,New] https://launchpad.net/bugs/396326
<uvirtbot> New bug: #396327 in php5 (main) "package libapache2-mod-php5filter 5.2.10.dfsg.1-1ubuntu1 failed to install/upgrade: subprocess post-installation script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/396327
<Dustan> newbie lamp admin here wondering if it's a good idea to set my server to automatically update?
<twb> Dustan: that depends on what kind of failure you want to get
<twb> Do you want your server to fail because it has been haxxored, or do you want it to fail because an automatic update was installed and something broke because you weren't babysitting the upgrade?
<mattt> hehe
<mattt> Dustan: subscribe to something that informs you when updates are available, and then apply them manually :)
<Dustan> ty
<mattt> Dustan: i'm quite new to ubuntu and don't know how package verions work (does it go as an ex. 4.4.1 -> 4.4.2, etc.?) ... if so, those kinds of upgrades could break external PHP modules (pecl, etc.)
<andenw_> matt, Dustan: security updates of packages should never include a new version that breaks compatibility - the security fixes are backported to apply to the older versions. (note "should" here, sometimes it is not possible to backport the fixes)
<mattt> andenw_: thanks for confirming ... so it sounds similar to RHEL's approach
<quizme> i tried to login to my server with ssh and failed 3 times at a password attempt, now i'm getting connection refused port 22 for that user only.  anybody know how to fix that ?
<quizme> is that some kind of a security thing ?
<quizme> actually it's not just for that user
<quizme> the whole domain seems to be shut off
<twb> mattt: the standard line is that you should not be installing packages that circumvent apt and dpkg e.g. via PEAR or cpan(1).
<twb> quizme: there are such things, but they are not on by default (AFAIK).
<scott_nwoktech> i'm trying to get pacemaker/openais etc for hardy server. The PPA doesn't work. Would packages built for debian work?
<mobi-sheep> I installed Ubuntu's kernel on my grandma's pacemaker this morning.
<mobi-sheep> It worked great. <3
<scott_nwoktech> ha
<mobi-sheep> Using debian packages (and/or) debian repos?  You're asking for troubles IMO.
<scott_nwoktech> yea...i decided to build from latest source, make my own debs. that will allow apt to upgrade them eventuallly right?
<mobi-sheep> I don't know.  I'm not the expert here. :)
<andenw_> scott_nwoktech: apt will probably not upgrade them correctly, unless you get version numbers exactly right..
<andenw_> scott_nwoktech: you can create your own PPA, and upload the debian source packages and tell the build servers to rebuild them for ubuntu...
<scott_nwoktech> i haven't had any experience with using your build servers, etc. i do have an account w/ launchpad...do you mean the debs i would build the source tarballs from? just upload them and tell the servers to build for whatever ubuntu versions i want?
<uvirtbot> New bug: #396455 in mysql-dfsg-5.0 (main) "while installing mysql on ubuntu ,the error is unable to connect http://151.8.10.209" [Undecided,New] https://launchpad.net/bugs/396455
<mattt> hm, trying to scp a 100GB+ file from one system to another (remote system is using XFS), but it keeps failing around 64 GB
<mattt> as far as i can tell that's not an XFS limitation?
<Dustan> isn't there a one line lamp installation?
<soren> Dustan: sudo apt-get install lamp-server^
<Dustan> lmao
<Dustan> wow
<Dustan> that installs all the latest stable packages?
<soren> Well, yes.
<soren> mattt: I'm not familiar with any limitations like that in XFS, no.
<soren> mattt: Perhaps openssh's internal counter falls over.
<soren> mattt: How does it fail, exactly?
<mattt> soren: "scp" just stalls and eventually disconnects
<mattt> soren: rather, scp just "stalls" :)
<zende> mattt: you could try breaking up the file using split.  worth a try
<mattt> yea, was thinking about that ...
<soren> That really shouldn't be necessary.
<soren> mattt: Can you try it again, and try stracing the scp process?
<mattt> soren: i'm rsyncing it now, let me start to strace
<soren> mattt: rsync doesn't work either?
<mattt> soren: i'll find out shortly :) it's ~ 120 GB, so takes a while :)
<mattt> at 58 GB now .....
<uvirtbot> New bug: #396472 in squid (main) "Please merge squid (2.7.STABLE6-2)(main) from debian unstable(main)" [Undecided,Confirmed] https://launchpad.net/bugs/396472
<mattt> soren: odd, it's going still
<mattt> soren: hmmm
<mattt> soren: i see what's happening
<mattt> soren: at 64 GB, for whatever reason, the remote ssh server is requesting me to re-authenticate
<mattt> soren: i caught it in time this time and it resumed
<soren> mattt: Reauthenticate? How?
<mattt> soren: password/key authentication
<mattt> soren: (rsync over ssh)
<soren> mattt: But the session is already set up?
<soren> Oh, rsync.
<mattt> soren: yep
<soren> Well, in that case, the connection must have been dropped and rsync tries to connect and pick up where it left off.
<mattt> soren: 3 times at 64 GB tho?  :)
<soren> Yes.
<mattt> that seems a bit strange
<soren> Is that strange?
<soren> Why?
<soren> I'm not saying the connection is being dropped randomly.
<soren> It's likely triggered by a bug that kicks in when 64 GB have been transferred.
<mattt> yeah
<mattt> or .....
<zende> apt-get is blowing up when trying to download packages for me
<mattt> my drive is read-only (hence me getting data off), and ssh can't update ~/.ssh/known_hosts
<zende> E: Method http has died unexpectedly!
<soren> mattt: I kidn of doubt that it would wait 64 GB before it tried to updated known_hosts?
<mattt> i don't know if it periodically checks that and if it can't verify the authenticity of the remote host after transfering so much data you need to re-log in
<mattt> (or it needs to re-verify the authenticity)
<mattt> soren: no, it checks immediately
<soren> mattt: That doesn't make sense for straight ssh.
<soren> zende: Try in #ubuntu.
<zende> soren: ok
<mattt> soren: not sure, that was a weird one
<soren> mattt: I'd try stracing ssh processes (both scp on the client, and the corresponding process on the server)
<mattt> i have the strace output, 100+ MB tho so i need to weed through it
<soren> mattt: From rsync or scp?
<mattt> soren: rsync, but i -used a -f so hopefully it included the ssh subprocess
<mattt> soren: i'll probably try disablign strict host checking later on, but need to get this file off before it's too late ... thanks for your input!
<n3m3s1s4u> Hi all - can anyone suggest a really easy to use webmail front end (not squirrel or roundcube) that works well on sendmail and pop?
<zende> what would cause apt-get to segfault when downloading packages when running hardy in KVM on a clean install using vmbuilder?
<incorrect> I want to apply some performance tuning options i've been setting in /sys/ is there something like sysctl.conf where i can store them?
<sommer> incorrect: you're probably looking for /etc/sysctl.conf
<incorrect> i don't see how i can map stuff from /sys/ i don't see a mapping in /proc/sys
<sommer> incorrect: the net.ipv4.ip_forward option for example maps to /proc/sys/net/ipv4/ip_forward
<storrgie> I need to set up a machine remotely with ubuntu-desktop installed on it, and be able to vnc in.... has anyone done this?
<billybigrigger> without ssh how would you have remote access?
<billybigrigger> im pretty sure you need physical access for that one
<a1fa> what was that benchmark tool for hd ?
<fbc-mx> ls
<fbc-mx> How can I make my virtual interfaces come up automatically on my server? I also need to logon and ifup them before I start my apache, and I'd like for them to start up automatically.
<a1fa> edit your interfaces file
<a1fa> auto eth0.1
<a1fa> or whatever
<fbc-mx> it is so wierd. even when that interface is up I can't ping it.
<a1fa> somebody recommended a ++ something benchmark yesterday
<_ruben> bonnie++
<a1fa> _ruben : thanks
<ivoks> kirkland: there's one really cool tool (iptraf) that requires bigger window than the one that's left with byobu; so, someone should look into that
<josephpiche> not sure if this is the right place for this, but i got a question: how do i check the status of services via cli? and is there an api i could use to connect to this via python or something?
<aruetten> josephpiche: what do you meen with service? you kann use ps to see what process are there
<josephpiche> wow, that sounded really newbish... i mean what is the "correct" way to do it i.e. not via calling "/etc/init.d/xxx status" via python
<ivoks> invoke-rc.d cron status
<josephpiche> thank you very much
<hggdh> or service cron status
<josephpiche> hmm... is one better than the other?
<hggdh> they pretty much do the same thing
<hggdh> service clean up the environment before executing
<orogor> hi here
<josephpiche> so, would you recommend using one over the other in, say, a panel applet?
<orogor> anyobne know if it s possible to go from a single drive install to a raid 10 install without reinstalling ?
<Hecate> orogor, hw or sw raid? i assume the latter.
<orogor> yes sw raid
<orogor> else it would be at least less an issue
<Hecate> i'm sure it can be done. the how is probably the issue. ;)
<Hecate> gimme a minute
<orogor> there s already lvm running
<Hecate> you got a seperate boot-partition? otherwise a raid-level that includes a zero will be difficult/impossible?
<Hecate> *.
<orogor> also right now i have 2 drives diamond max 10, i can put all the data on a single drive, then ill add 2 diamond max 21
<orogor> i could spare a 100MB partition, it s not an issue
<Hecate> you'll need a 5th drive to get the raid10 set up.
<hggdh> josephpiche, I would use 'service'
<Hecate> this is how i'd do it: 1) get 4 empty drives 2) boot the box from a live-cd/-usb 3) create 2 partitions on the 4 empty drives (1 GiB for boot and the rest for the lvm's data-stripe)
<Hecate> ^^ orogor
<uvirtbot> Hecate: Error: "^" is not a valid command.
<Hecate> _|__
<josephpiche> hggdh: thanks
<Hecate> orogor, 4) create a raid1 (copy) on all 4 small partitions, format it with ext2, install grub (QUESTION: Can grub boot from raid10?)
<Sam-I-Am> Hecate: just not raid 5 iirc
<josephpiche> hggdh: i need an applet for doing simple status, start, stop, restart actions on a couple services and couldn't find any, so I figured I should just write on
<orogor> humm
<Hecate> 5) create a raid10 on the remaining partitions, create a new lvm inside that raid, copy the data into it 6) get the system ready to boot: mount the system inside the lvm, chroot into it, adjust the mdadm.conf, modprobe.conf 7) update the initramfs 8) give it a shot
<Hecate> thanks Sam-I-Am
<orogor> hufff
<hggdh> josephpiche, I guess you can easily wrap a shell script (or perl, or python) around either service or invoke-rc.d
<hggdh> both of them will accept any parameters to be sent to the real init script being called
<Hecate> orogor, this is a very complicated thing to do, i'm afraid. and if i were you i would not tackle it, unless you either really need it or know what you're doing (i.e. you're really experienced)
<Hecate> i just hope a) my explanations are correct and b) you did understand them ;)
<orogor> experienced, but not with raid
<Hecate> orogor, maybe you could give the entire thing a dry run using a virtual machine?
<Hecate> or maybe you just want to start with sth a little less difficult. for example turning the entire thing into a raid1?
<josephpiche> hggdh: interesting. thanks for the advice
<Hecate> orogor, but before you start doing anything, verify that grub can boot from raid10. it does for raid1, since i use that myself.
 * Hecate is afk now. Got to fix himself sth to eat.
<orogor> Hecate, going to buy the disks before the store close, brb
<orogor> Hecate, that must somehow works, peoples do it , i worry more for theswitch itself
<a1fa> hostname,9632M,40107,95,43868,21,22237,7,30215,58,64024,10,457.4,0,16,+++++,+++,+++++,+++,+++++,+++,+++++,+++,+++++,+++,+++++,+++
<a1fa> is this any good
<a1fa> who can interpret bonnie data
<orogor> nobody :)
<orogor> i never understood it
<Sam-I-Am> its fields
<Sam-I-Am> they're well documented
<a1fa> url?
<Sam-I-Am> man page
<a1fa> ;P
<a1fa> no
<Sam-I-Am> no?
<mattt> bonnie can spit out html, no?
<Sam-I-Am> it should have output the field names above the data
<a1fa> nah
<a1fa> i want to compare it to other results
<a1fa> sorry
<a1fa> to ther setups by other people
<Sam-I-Am> http://www.coker.com.au/bonnie++/readme.html
<Sam-I-Am> that was hard using google :)
<a1fa> hm
<a1fa> 39mb/s sucks
<a1fa>  Timing buffered disk reads:   86 MB in  3.03 seconds =  28.39 MB/sec
<a1fa> lol
<a1fa> ghey
<Sam-I-Am> sounds a tad slow
<Sam-I-Am> then again, there are some craptastic raid controllers out there
<Sam-I-Am> like dell perc3
<mathiaz> kirkland: are you writing up the minutes of today's ubuntu-server meeting?
<kirkland> mathiaz: heh :-)
<kirkland> mathiaz: i'm pretty slammed right now, do you mind?
<mathiaz> kirkland: I'll try to get to it today then
<kirkland> mathiaz: cool, thanks.
<resno> Hello, I am trying set up a virtual server. And I am not sure what to do.
<resno> I need help configuring my server to be a vps.
<Hecate> resno, what exactely do you wanna do?=
<resno> i have django running and i would like to setup php to run.
<resno> the best way i can think to do it is with two seperate vpses
<billybigrigger> hey all
<billybigrigger> anyone here run a virtual server inside of vbox?
<billybigrigger> im trying to run a copied disk and created a new machine...
<billybigrigger> everything works good
<billybigrigger> except my networking
<billybigrigger> i have guest additions installed, nat set for network type in vbox, and i still get nothing
 * Nafallo thought vbox was some graphical thing :-)
<billybigrigger> yeah i run my www/mysql/mail services through it though
 * resno agrees with Nafallo
<billybigrigger> better than having 2 computers running
<billybigrigger> and nicer than combining server apps/services with desktop
<billybigrigger> so i run the server inside a vm
<billybigrigger> whats wrong with that?
<Hecate> what's django?
<KillMeNow> anyone here know of a better way to update your Ubuntu 8.04lts to 9 w/o having to download the install ISO?
<katakaio> Have you attempted a dist-upgrade?
<sbeattie> KillMeNow: do-release-upgrade doesn't work for you?
<KillMeNow> yea, i've done the dist-upgrade whenver i see a new kernel update
<KillMeNow> haven't tried the do-release-upgrade yet
<KillMeNow> lemme try that
<KillMeNow> course, lemme back up everything first
<RoAkSoAx> KillMeNow, https://help.ubuntu.com/community/UpgradeNotes
<alex-weej> halp
<ivoks> hulp
<alex-weej> we have an LDAP server which we're using for authentication etc. on a few hosts
<alex-weej> we have a server which is in a DMZ which we want to restrict "access" to
<resno> how do i setup a virtual server?
<alex-weej> anyone know the best way to do that?
<alex-weej> posix group membership?
<henkjan_> aan de moezel
<henkjan_> err, E_WINDOW
<alex-weej> i can limit ssh access to some groups, but that still lets you log in at the seat
<alex-weej> i need a more general way of limiting login to some group
<Sam-I-Am> alex-weej: netgroups
<uvirtbot> New bug: #373066 in mysql-dfsg-5.0 (main) "couldn't connct to my-sql. error 2002(HY000)" [Undecided,New] https://launchpad.net/bugs/373066
<\sh> anyone using pxe booting linux kernels and using root nfsmounts ?
 * \sh sees very strange dhcp request behaviour of ipconfig (klibc)...waiting too long and not sending directly dhcp requests to the server..an ipconfig -t 360 helps here..but this is so insane
<\sh> (pxe dhcp requests are working like a charm)
<\sh> switch runs on portfast mode for all native trunk ports...and we know it works
<\sh> the only candidate who can fck up this setup looks like ipconfig during initramfs
<AtomicSpark> So I'm a staff member on Halflife2.net and our website goes down when there is a spike in traffic. The summary is here http://pastie.org/private/enx6ksykaueil5qa6d7ug Is there anyway we can tweak a default LAMP install? Would using lighttpd make this better?
<ivoks> or you could configure the system?
<ivoks> default config is just that - default config
<ivoks> it doesn't cover all the scenarios
<ivoks> if you have big iowait, don't allow so many connections
<RoyK> AtomicSpark: I guess that depends on where the bottleneck is located
<ivoks> or buy faster disks
<ivoks> if it's an php app, you should also consider eaccelerator
<ivoks> and biger buffers for mysql
<AtomicSpark> I personally don't have access to the server. I'm just looking for tips to give him.
<\sh> AtomicSpark: remove all apache mods from the installation which you don't need...adjust the fork config in apaches configuration...you need stress your apache config to get good values...and increase your memory...2GB for mysql with a php app in front of it, is not enough...
<ivoks> high iowait is... bad luck
<\sh> AtomicSpark: well, another option may be to pay a sysadmin a good salary  ;)
<ivoks> basicaly, you reached the limits
<ivoks> you could try fix it with bigger buffers for mysql and apache
<AtomicSpark> It is a high traffic website. I'm surprized it's on such a weak system.
<ivoks> but with 2GB you don't have lots of space...
<ivoks> AtomicSpark: what disks are there?
<ivoks> probably sata
<AtomicSpark> I'm not sure. I'd assume SATA, but the website has been around for awhile. Might be SCSI.
<ivoks> or IDE :)
 * AtomicSpark shivers
<ivoks> if you get iowait with scsi, then you have serious problems
<ivoks> you'll have to cut on number of allowed connections
<ivoks> and fix the application
<ivoks> it's hard to talk about it without real numbers
<AtomicSpark> True. Well thanks for the advice. I'll forward it on to him.
<a1fa> who has ubuntu/debian boot cd that can do dell firmware updates?
 * \sh doesn't use dell hw...hp has some debian packages for x86 / x86_64
 * \sh is gone home
<AtomicSpark> a1fa: If dell comes with a firmware maintanince cd like HP does, just use it.
<KillMeNow> i guess Ubuntu is a microsoft product now:  http://linuxologist.com/linuxhumor/ubuntu-is-a-microsoft-product-now/
<a1fa> KillMeNow
<KillMeNow> yes?
<a1fa> thats funny
<KillMeNow> isn't it though?
<KillMeNow> Dell still hasn't corrected the mistake
<dinger1986> does anyone know what command you use with cp to not overwrite
<KillMeNow> cp -n
<dinger1986> i just tried that it says invalid option
<Tom_Ass> what port should I open in ufw to make my nfs shares accessible?
<jpds> Tom_Ass: 2049
<KillMeNow> i suppose you can try to use the --update option
<KillMeNow> it will only overwrite if the file is newer, but there is always rsync --ignore-existing
<dinger1986> ah rsync sounds ok
<dinger1986> sweet works a wee treat
<KillMeNow> glad to help dinger
<Tom_Ass> thanks, jpds, but it doesn't seem sufficient
<KillMeNow> are you running IPTables?
<Tom_Ass> KillMeNow, yes
<KillMeNow> try flushing your iptables and then see if NFS can mount
<KillMeNow> if you can mount it after IPTables are flushed and empty then it's the IPTables that's killing the connection
#ubuntu-server 2009-07-08
<pwnguin> https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-patch
<pwnguin> is this new? or simply never used?
<KillMeNow> no idea, first i heard of it
<KillMeNow> archives are empty so apparently nothing has ever gone out on it
<pwnguin> im writing out some linux patching policies for work
<pwnguin> already did the rhel doc
<pwnguin> now im working on Ubuntu
<KillMeNow> sounds like too much fun
<pwnguin> meh, it's interesting
<pwnguin> beats dealing with users
<KillMeNow> heh
<KillMeNow> suppose so
<pwnguin> looking for a comparable way to email security patch alerts
<KillMeNow> course, at this point in time, i would be happy to work with users as i'm unemployed at the moment
<pwnguin> ideally, just the packages we have installed
<pwnguin> but it kinda looks like traffic on security announce is light
<KillMeNow> i would say take a look at debian
<KillMeNow> since Ubuntu mainly gets it's packages from Debian
<pwnguin> right...
<KillMeNow> if something needs to be patched @ debian, Ubuntu is likely to follow shortly
<pwnguin> https://lists.ubuntu.com/archives/ubuntu-security-announce/
<pwnguin> there's also a website / rss feed
<pwnguin> but i was wondering whether there was something installable
<ice|work> i got a "minor" problem, if anyone have encountered this and know how to fix it please msg me
<ice|work> iceonnet@homeserver:~$ sudo visudo
<ice|work> iceonnet is not in the sudoers file. This incident will be reported.
<pwnguin> like a trigger to apt-get or cron job
<pwnguin> ice|work: are you in the sudoers file?
<iceonnet> no i saved it
<iceonnet> and exited
<pwnguin> err
<iceonnet> kinda sqrewed it up i guess
<pwnguin> ice|work: is your user in the sudoers file?
<KillMeNow> yea, so the message is pretty clear Iceonnet
<iceonnet> pwnguin: no, that is what i realized when i was done and got the message
<iceonnet> KillMeNow, yeah it is
<KillMeNow> it means that the username iceonnet isn't in the sudores file or it doesn't have permissions
<iceonnet> i did add this,
<iceonnet> apache ALL=NOPASSWD:/usr/sbin/useradd, \
<iceonnet> /bin/mkdir, /bin/ln, /bin/chown
<iceonnet> tho apache doesn't have any passwd
<KillMeNow> yea, and the command you gave it was sudo visudo
<pwnguin> KillMeNow: actually, i think something like apticron would suffice
<pwnguin> !info apticron
<ubottu> apticron (source: apticron): simple tool to mail about pending package updates. In component universe, is extra. Version 1.1.28 (jaunty), package size 14 kB, installed size 112 kB
<KillMeNow> hey pwnguin, that looks like a good solution
<pwnguin> yea, i was hoping people in here would know more than i could find with apt-cache search :P
<KillMeNow> at least then you would have some type of an idea when something is coming up...  however will it cover your security patch issue?
<pwnguin> well, im comfortable with canonical's turnaround time
<KillMeNow> yea, they are pretty quick usually
<pwnguin> as long as i mandate that -security is in soruces.list, we'll be fine I think
<KillMeNow> iceonnet..  you added the sudo rights of /bin/mkdir /bin/ln /bin/chown and /usr/sbin/useradd
<iceonnet> yeah its for a apache project
<KillMeNow> yea, but for the user iceonnet doesn't have /usr/sbin/visudo rights
<KillMeNow> follow?
<iceonnet> yup
<KillMeNow> at least that's what i'm guessing from what you said you added
<KillMeNow> so add /usr/sbin/visudo for iceonnet in the sudoers file
<iceonnet> well i can't access the visudo file since i removed admin group rights for sudo
<iceonnet> i guess i just should reinstall the whole thing
<KillMeNow> do you have root?
<iceonnet> root isn't set up from a fresh install is it?
<KillMeNow> not usually
<KillMeNow> usually the initial username you create during install has sudo su rights
<iceonnet> yeah
<KillMeNow> so you can get to root
<KillMeNow> but some ppl enable root after the fact
<iceonnet> how do i enable it? just f.ex do passwd root | set password?
<KillMeNow> if you didn't do this, and then changed the sudoers file, then yea i can't think of any workaround off the top of my head
<KillMeNow> lemme think about it for a second
<KillMeNow> try this...  sudo passwd root
<KillMeNow> if you can change the password, log out and then try logging in as root
<iceonnet> ok
<KillMeNow> if you can log in as root, you're saved from a reinstall
<iceonnet> iceonnet@homeserver:~$ sudo passwd root
<iceonnet> [sudo] password for iceonnet:
<iceonnet> iceonnet is not in the sudoers file. This incident will be reported.
<iceonnet> so i guess reinstall is the next stem
<iceonnet> *step
<KillMeNow> hate to say it, yea
<KillMeNow> think that's the case
<erichammond> iceonnet: Since apache has "sudo ln" access you might be able to save a copy of /etc/passwd, edit it, and then ln the copy over top of /etc/passwd.
<erichammond> Not sure if the system checks the ownership of the file.
<KillMeNow> well, how far in to this are you?
<erichammond> Give root a password and then log in as root.
<KillMeNow> if you just installed it and haven't done much to the system, i might just chuck it and start over
<KillMeNow> otherwise, try Eric's suggestion
<iceonnet> i just installed the server, apache, mysql, php and vsftpd, just done the basic setup
<iceonnet> so i guess i just should start over, its about 15-20 mins of installing and setting it up again
<KillMeNow> yea, that's what i would do
<erichammond> If the system doesn't like a non-root-owned /etc/passwd, then you could overwrite any file which root runs regularly (after saving a clean copy).
<KillMeNow> but i would also create a new account to use instead of the initial one you used
<kees> pwnguin: it's not used yet
<erichammond> my way is more fun :)
<KillMeNow> heh
<KillMeNow> HACKERY!  :D
<erichammond> but yeah, starting over and documenting or automating the correct setup steps is a good idea.
<erichammond> In case it wasn't clear, I also believe that giving an account sudo access to random commands is almost the same as giving it root access.
<iceonnet> about the root enabling, should i just do a passwd root, after the installation?
<KillMeNow> if you want to enable root access via ssh
<erichammond> I think an attacker could also get root with "useradd" and "chown".  I'm still thinking about mkdir.
<KillMeNow> i would recommend creating a new user besides the elevated user account at install
<KillMeNow> then i would give that other user account whatever rights you were looking to do...  you usually DON"T want to allow root login besides from superuser
<KillMeNow> AFK for a few
<neilv> any security-team people around?  i was directed here. i have a DoS security bug against ubuntu's packaging apache that appears to be stuck in the process...
<uvirtbot> New bug: #396813 in mysql-dfsg-5.0 (main) "karmic: file conflict when installing mysql" [Undecided,New] https://launchpad.net/bugs/396813
<neilv> https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/394350
<uvirtbot> Launchpad bug 394350 in apache2 "RLimitCPU has no effect in Apache" [Undecided,Incomplete]
<fool_> hey guys, i've turn ufw logging to full, grep all of /var/log but found no trace of ufw log. what should i do ?
<KillMeNow> i've never used the Ubuntu Firewall as a frontend, i've always used IPKungfu
<KillMeNow> try sudo ufw logging on
<pmatulis> KillMeNow: that's pretty funny
<KillMeNow> why is that?
<KillMeNow> yes i know that they are both front ends for iptables
<pmatulis> KillMeNow: the name (IPKungfu)
<KillMeNow> ooh
<KillMeNow> yea, i've used it since like 2001
<pmatulis> graphical?
<KillMeNow> when i got tired of beating my head on the table trying to get IPtables done right
<KillMeNow> no, it's all cmd line
<KillMeNow> it has several config files
<pmatulis> ok
<pmatulis> yeah, iptables is the dog's breakfast
<KillMeNow> www.linuxkungfu.org
<KillMeNow> plus the guy who wrote it is hella nice
<pmatulis> that helps
<fool_> KillMeNow: i tried ufw logging full
<ruben23> hi
<ruben23> how do i disable the ubuntu server firewall...?
<KillMeNow> yea, talked to him here on freenode in #ipkungfu
<pmatulis> come on guys, '$ man ufw'
<ruben23> is it builtin installed on the fresh ubuntu installed..?
<KillMeNow> yea, man ufw shows 'ufw logging on | off
<pmatulis> yes, ufw is installed by default
<fool_> pmatulis: i did
<pmatulis> well it says on the first few lines: ufw disable
<pmatulis> sorry, mixing you guys up
<pmatulis> that was for ruben23
<fool_>  # ufw logging on
<fool_> Logging enabled
<KillMeNow> oh hahahhaa...  yea 2 ppl here talking about UFW
<ruben23> how about already installed openssh but getting network refuse when ssh on the ubuntu server
<fool_>  ufw status
<fool_> Status: active
<fool_> To                         Action  From
<fool_> --                         ------  ----
<fool_> 22                         ALLOW   Anywhere
<fool_> it's active
<fool_> it's running
<fool_> but i can't find any log anywhere
<fool_> lol
<pmatulis> fool_: looks good but i would disable ufw and then test ssh
<fool_> pmatulis: ssh's working
<pmatulis> fool_: so what's the problem?
<fool_> pmatulis: no log anywhere
<KillMeNow> he's looking for the physical log file in /var/log
<KillMeNow> it doesn't show allowed connections i think
<fool_> pmatulis: when i turned on ufw aptitude couldn't work, and when i tried to look for logs i couldn't find any
<KillMeNow> only connections rejected correct pmatulis?
<ruben23> how about me, ssh not working--> i got network refuse error
<fool_> KillMeNow: i turned on full logging and still no log
<pmatulis> fool_: calm down
<KillMeNow> hrm...  ruben23
<KillMeNow> disable ufw and try ssh again
<ruben23> i just type command ufw logging off..
<fool_> pmatulis: oh my bad
<KillMeNow> if you've flushed your iptables and you still can't connect to ssh, is your box behind a firewall and is the firewall forwarding port 22?
<KillMeNow> ruben type in ufw disable
<ruben23> ok
<KillMeNow> that should turn off the firewall
<KillMeNow> then try to connect to ssh port 22
<KillMeNow> if it works, viola
<pmatulis> fool_: are you good now?
<KillMeNow> you need to add the rule in to ufw
<fool_> pmatulis: no
<KillMeNow> have you read the man page for ufw ruben?
<fool_> pmatulis: when i turned on ufw aptitude couldn't work, and when i tried to look for logs i couldn't find any <<<
<fool_> so i'm stuck on those 2 problems
<pmatulis> fool_: '$ sudo ufw logging high'
<pmatulis> fool_: that will give you a 'high' level of logging
<fool_> pmatulis: i tried with full w/o any luck
<pmatulis> fool_: then '$ tail -f /var/log/kern.log'
<ruben23> <KillMeNow> no luck---->still getting network refuse
<pmatulis> ruben23: is ufw disabled?
<ruben23> yes
<ruben23> disable now
<pmatulis> ruben23: did you flush your iptables rules?
<ruben23> i just disable
<pmatulis> '$ sudo iptables -F' IIRC
<ruben23> no flush
<pmatulis> please do
<KillMeNow> iptables --flush
<fool_> pmatulis: nothing
<KillMeNow> oh yea, sudo iptables --flush
<KillMeNow> then you can type in iptables --list
<KillMeNow> that should show you all your iptables rules
<KillMeNow> you shouldn't see any
<ruben23> ok in aminute
<fool_> pmatulis: i'm looking at syslog/kern.log/messages/dmesg and it shows up nowhere
<KillMeNow> hey fool_ have you checked in /var/log/messages for any ufw messages?
<KillMeNow> i'm reading a forum post on ubuntuforums and someone posted that it may be logging in messages
<fool_> pmatulis: i'm looking at syslog/kern.log/messages/dmesg and it shows up nowhere << KillMeNow
<KillMeNow> try sudo cat /var/log/messages | grep -i ufw
<pmatulis> fool_: and what do you expect to see there?  is it blocking stuff?
<fool_> pmatulis: there is nothing, no messages
<fool_> lol
<fool_> say if it's blocking aptitude or  something at least there'd be some messages
<fool_> but there's nothing
<fool_> :/
<pmatulis> fool_: why do you think it's blocking aptitude, that makes no sense
<KillMeNow> does aptitude work now with firewall rules in?
<pmatulis> fool_: AFAIK, ufw blocks incoming only
<KillMeNow> if now, disable it and then flush your iptables
<fool_> pmatulis: because aptitude works when i disabled ufw and doenst when i enable it
<KillMeNow> yea, another reason i used IPkungfu
<pmatulis> very strange
<KillMeNow> ok, that would make some type of sense...  check your rules...  did you block a outbound port range?
<fool_> pmatulis: yep, that's why i'm hear for help
<fool_> lol
<pmatulis> fool_: did you confirm that there are no other rules active?
<fool_> pmatulis: nope
<fool_> unless ufw status lie to me
<ruben23> guys
<pmatulis> '$ sudo iptables -L -n'
<ruben23> still cant login through ssh
<ruben23> network refuse
<KillMeNow> ok, is the ssh service running?
<pmatulis> ruben23: so you flushed the rules or not (i'm getting tired)
<KillMeNow> check your services
<KillMeNow> sudo netstat -nap | more
<ruben23> but when /etc/init.d/ssh restart ------> got this no such file directory
<KillMeNow> check to see if the ssh daemon is listening to port 22
<ruben23> done already as youve said
<ruben23> all done
<pmatulis> ruben23: guess sshd is not listening then
<KillMeNow> well, then it sounds like you don't have sshd installed
<KillMeNow> apt-get install sshd
<pmatulis> KillMeNow: no
<KillMeNow> no?
<pmatulis> package is 'openssh-server'
<KillMeNow> ooh yea
<KillMeNow> woulda figured that out soon enough
<pmatulis> ruben23: did you install this package?
<ruben23> doing it now apt-get install openssh-server
 * pmatulis packs up
<ruben23> ow..this is a fresh install ubuntu...
<ruben23> do i need to enable something on the sources list..?
<ruben23> before i can do apt-get install packages
<fool_> man
<fool_> he's gone
<KillMeNow> you might, but it wasn't broken after i installed ubuntu
<fool_> http://pastebin.ca/1487592 << here's the pastebin if anyone care tolook
<KillMeNow> looking
<KillMeNow> i'm not sure why you are accept UDP for port 22 and 80
<fool_> uhm that's irrelevant to my problem isn't it ?
<KillMeNow> yep
<KillMeNow> most likely
<KillMeNow> just saying
<fool_> well i just enable the ports so it doesn't matter udp or tcp
<fool_> unless there's a good reason i should specify
<KillMeNow> just thinking of flooding maybe...
<KillMeNow> course it really doesn't matter since there is no udp socket for port 22
<KillMeNow> or port 80
<ruben23> guys ssh-server is installed
<kees> bug 394350
<uvirtbot> Launchpad bug 394350 in apache2 "RLimitCPU has no effect in Apache" [Undecided,Invalid] https://launchpad.net/bugs/394350
<ruben23> on the ubuntu server
<fool_> KillMeNow: yeah so what should i do about aptitude and no logging problem ?
<KillMeNow> damn peculiar
<KillMeNow> your output chain looks ok
<KillMeNow> and aptitude is all out bound
<fool_> lol uh huh
<fool_> that's what puzzled me too
<fool_> i thought my isp pulled my leg for a min or something
<KillMeNow> it makes no sense
<fool_> then i realized i just turned ufw on
<ajmitch> kees: only thing I can think of on that one is that the kernel does some of the enforcing, and I saw something on the kernel list a couple of months ago about fixing it
<KillMeNow> my suggestion, try using ipkungfu
<KillMeNow> it's hella easy to install and the config files are very self explanatory
<KillMeNow> what version you running?
<KillMeNow> latest?
<fool_> yes
<fool_> jaunty
<KillMeNow> ok ruben, start it and try to connect to ssh
<ruben23> yeah..
<ruben23> still no succes
<KillMeNow> did it work?
<ruben23> no still
<KillMeNow> leave the firewall turned off
<ruben23> i got no such fiel or directory
<KillMeNow> make sure openssh-server is started
<kees> ajmitch: nah, it behaved correctly for me on hardy
<KillMeNow> sudo /etc/init.d/ssh status <--type this in ruben
<KillMeNow> all i can say is that i can't see really anything broken by your UFW rules fool_
<fool_> KillMeNow: i don't either
<fool_> lol
<fool_> but things are borken
<fool_> brb
<jmarsden> fool_: Turn on logging and see what gets logged by your UFW rules.
<KillMeNow> LOL...  he has
<KillMeNow> it's not logging either
<jmarsden> Then if nothing is logged, it isn't UFW/iptables doing the breaking...
<KillMeNow> getting nothing in either /var/log/messages
<KillMeNow> well it works when we turn UFW off
<jmarsden> Very strange... did you paste the iptables ruleset from when it is turned on somewhere... I just got home from work, have not scrolled back very far...
<KillMeNow> yea here:  http://pastebin.ca/1487592
<KillMeNow> nothing in the ruleset that i can tell is limiting the outbound connections
<KillMeNow> inbound looks ok as well
<ajmitch> kees: maybe there some some updates which have fixed it, very hard to say for sure :)
<jmarsden> KillMeNow: Yes, that looks pretty boring... does netstat -ntlp show sshd on port 22?
<fool_> jmarsden: ssh is working
<KillMeNow> i think jmarsden is looking at Ruben23's sshd issue
<fool_> oh my bad
<KillMeNow> two firewall types of rule problems jmarsden...  ruben23 and fool_
<jmarsden> Oh, I may be confusing the two... OK.
<KillMeNow> ruben23 is that he didn't have openssh-server installed
<kees> ajmitch: did it not work for you at some point?
<jmarsden> So for fool_ when UFW is enabled what exactly breaks -- what is the symptom?
<KillMeNow> fool_ has all that working, but when IPTables is turned ON - aptitude fails
<ajmitch> kees: I haven't tried it, but it's something that I should use
<ajmitch> I just saw the bug earlier & did a little checking since I'd touched apache2 recently
<jmarsden> KillMeNow/fool_: Does FTP to other sites work with UFW enabled?  Does HTTP to other sites work with UFW enabled?
<fool_> jmarsden: one sec let me try wget something
<KillMeNow> sorry, i'm doing about 40 different things at the moment
<KillMeNow> trying to reimage my wife's laptop from WDS, back up my Ubuntu box for update and watch this too  LOL
<jmarsden> fool_: It might also be good to try ftp to the site you are using in sources.list for apt/aptitude, using wget or a conventional ftp client such as lftp
<fool_> jmarsden: ufw on, wget doesn't work
<jmarsden> fool_: for http, or for ftp, or for both?
<fool_> jmarsden: for http
<fool_> let me try ftp
<jmarsden> fool_: OK.  Are you set up to use any kind of proxy server, for FTP or for HTTP?  Anything like squid or some more proprietary software or hardware "in the way"?
<fool_> jmarsden: nope
<fool_> say if i do this  wget http://mirror.mcs.anl.gov/pub/ubuntu-iso/DVDs/ubuntu/hardy/release/ubuntu-8.04.1-dvd-i386.iso
<fool_> then disable ufw
<fool_> it'll run
<fool_> then enable ufw
<fool_> it'll stop
<fool_> and so on and so forth
<fool_> lol
<fool_> no squid no proxy no cache
<fool_> i'm on a vps if that changes anything
<fool_> kernel 2.6.18-128.1.1.el5.028stab062.3
<jmarsden> Do you control the whole physical machine -- or are you renting the VPS from a provider?
<fool_> i'm renting the vps
<KillMeNow> ahhh
<jmarsden> OK.  So we don't really know what the provider does once packets leave your virtual machine...
<fool_> but it shouldn't matter should it ?
<fool_> since it's working when ufw is turned off ?
<jmarsden> Well, it means we can't test or run tcpdump on the host OS instance, for example...
<fool_> so what should i do ?
<jmarsden> Your pastebin of the ruleset does not seem to show UFW logging enabled -- are you *sure* it is enabled?
<KillMeNow> we had him turn it off i think
<KillMeNow> then disabled the ufw
<fool_> jmarsden:  cat /etc/ufw/ufw.conf
<fool_> # /etc/ufw/ufw.conf
<fool_> #
<fool_> # set to yes to start on boot
<fool_> ENABLED=yes
<fool_> # set to one of 'off', 'low', 'medium', 'high'
<fool_> LOGLEVEL=full
<jmarsden> Try    sudo ufw logging on     and then test again?
<fool_> i've been doing tail -f on syslog/kernlog/messages/dmesg  since the beginning
<fool_> lol
<fool_> nothing comes up
<fool_> weird as heck :/
<jmarsden> No....    sudo ufw logging on    # and then grep "UFW BLOCK" /var/log/*
<fool_> nothing
<jmarsden> OK.  You did a wget or whatever after enabling the logging, right?  Anwyay, I need to go, unfortunately (to eat and then out to play guitar)... back in ~2 hours or so I expect.  Hopefully you'll have found and fixed it before that!
<fool_> yes
<fool_> it's werid as hell
<KillMeNow> gah, sometimes i really hate M$ crap
<jmarsden> OK... definitely weird...  When you find the asnwer say so here... I'll log the channel so I find out what the answer was :)
<KillMeNow> i still think you should try ipkungfu
<KillMeNow> see if that works for you
<KillMeNow> mainly cause i like ipkungfu
<fool_> KillMeNow: this is not M$ crap
<fool_> KillMeNow: afaik this ufw is maintained by ubuntu devs
<KillMeNow> no, i mean myself
<KillMeNow> been fighting with M$ WDS all afternoon
<fool_> jmarsden: sure will , bon appetite
<KillMeNow> microsofts windows deployment services
<KillMeNow> it's a pita
<KillMeNow> yeap...  i'm sure UFW is maintained by ubuntu devs
<KillMeNow> but it's just a frontend for doing IPtables
<KillMeNow> i don't use UFW, but i also own the server mine is on
<KillMeNow> but if you think it's UFW, you can install ipkungfu, configure it and see if the problem persists
<KillMeNow> either way, i'm curious to know what the issue is as well
<fool_> haha if i have to get used to ipkungfu again then i might as well learn iptables
<KillMeNow> it's pretty easy to use, but ok
<KillMeNow> well it's time for me to go
<KillMeNow> have a good one
<jdstrand> fool_: some vps providers don't compile in all the necessary modules for ufw. See http://bazaar.launchpad.net/~jdstrand/ufw/trunk/annotate/head%3A/README
 * jdstrand is just passing by...
<jmarsden> fool_: I'm on my way out the door, but your pastebin also lacks a bunch of rules regarding state RELATED that my UFW setup has... which coudl be highly relevant to your issue...
<jmarsden> fool_: See http://pastebin.ubuntu.com/212336/
<MTecknology> How can I resize LVM partitions?
<fool_> it's werid as hell
<fool_> jdstrand: http://bazaar.launchpad.net/~jdstrand/ufw/trunk/annotate/headA/README gives me internal server error
<fool_> jmarsden: thanks
<jdstrand> fool_: that is .../head%3A/...
<fool_> jdstrand: so addrtype, comment, hl, limit , multiport, recent and state are the only required modules right ?
<nick125> Other than the server guide, what's another good documentation source for Ubuntu Server-related things?
<rags> I use an external smtp server to send/receive mail how to configure ubuntu to do the same?? I understand that postfix is the default MTA, should I use that or go for exim??
<nick125> In Ubuntu's networking configuration file, is there a way to either specify that the default kernel route not be added or have it removed?
<lamont> nick125: "default kernel route"?
<lamont> do you mean default network route?
<nick125> lamont: For instance, if I add the IP address 192.168.1.1/24, it'll add a route from 192.168.1.0/24 to 0.0.0.0
<nick125> Since my server will have two interfaces with IPs in the same subnet, it seems to get confused if both routes are there.
<jmarsden> nick125: if the two interfaces are set static, then only at a gateway line to one of their declarations... and you should only get one default route.
<jmarsden> Something like http://pastebin.ubuntu.com/212420/
<nick125> jmarsden: On one interface, there is only one host that I need to communicate to, so on my current setup, I remove the default kernel route and replace it with 192.168.1.24/32 to 192.168.1.24/32.
<jmarsden> ??? There is no such thing as a "kernel route".  And routing from A to A is... pretty useless by definition, you are already *at* A so no need to route to it.  Overall it sounds like you are trying to do something you do not fully understand... what are you trying to achieve?  pastebin me a little ASCII art diagram, or something?
<nick125> sure, one second.
<nick125> http://pastebin.ubuntu.com/212427/
<nick125> Sorry, my ASCII diagrams really suck....and that line there didn't break like it should've :(
<nick125> http://pastebin.ubuntu.com/212428/
<jmarsden> You want two different networks, both 192.168.1.x, connected to the same server, and route between them?  The logical answer is don't do that, renumber one of them, or bridge them.
<nick125> The problem is that I _can't_ renumber one of them.
<jmarsden> Then, as far as I know, you need a bridge, not a router to join them.
<nick125> Hmmm.
<jmarsden> Worst case could you make one into 192.168.1.0/25 and the other into 192.168.1.128/25 so they are different?
<nick125> Here's the problem: I have a static IP block from my DSL provider, and the modem has a static IP from within the block...
<nick125> And they won't give the DSL modem a different IP unless I pay them $50.
<nick125> ($50 for another IP block for the DSL modem)
<jmarsden> The usual approach is to put the "DSL modem" (which is usually a modem/router really) into bridge mode...
<nick125> Can't. My provider uses PPPoA.
<nick125> So, unless I find a supported USB modem or PCI modem, I'm screwed on that.
<nick125> I've asked and begged them to support PPPoE, and they refuse.
<jmarsden> And you need all 254 IPs?  for doing what?
<ajmitch> there are definitely PPPoA DSL modems that do some form of bridging, I've got a cheap linksys one at home that does that
<nick125> Well, it's actually a /28...I made up some numbers :p
<nick125> ajmitch: The modem will do bridging, it's just that I can't actually do PPPoA on my server.
<ajmitch> the modem does 'half-bridging' to use its term - it does the PPPoA
<nick125> ajmitch: Well...this modem has a half-bridging feature, it's just that....it doesn't work.
<ajmitch> heh
<nick125> And the vendor doesn't plan on doing a firmware update
<nick125> even though there is a _major_ security bug in them that allows anyone to bypass the "password" security.....
<nick125> not to mention the bug where it resets the password every time the modem power cycles.
<jmarsden> Time to buy a new ADSL modem/router ?
<nick125> Might not be a bad idea.....but most of them are really......awful.
<jmarsden> Google for linux pppoa and you'll probably find forums where this is discussed, and pick one with lowest awfullness ??
<jmarsden> Or... write a PPPoA driver for Linux :)
<jmarsden> There may actually be one already?
<nick125> You can't do PPPoA over Ethernet ;-)
<nick125> I spent hours and hours trying to figure it out before I realized that daunting fact
<nick125> I guess I could just drop the line to remove that pesky route into /etc/rc.local
<jmarsden> Hey, if that works for you, and saves you $50... it's worth a try!
<nick125> I was hoping that there was a nicer way to do it, but I'm guessing I'm probably the only one with this screwed up setup :p
<jmarsden> If you change the local LAN subnet to something else and do NAT on the server, does that not get you what you need?
<nick125> jmarsden: I'm already doing NAT....but I still need to assign public IPs to machines in the LAN :(
<jmarsden> No, you assign all the public IPs to the one server interface on the ADSL modem side of things, and assign local IPs to each machine on the LAN...
<jmarsden> Then do one to one NAT in the server.
<nick125> I've done 1:1 NAT before...but then you get into problems when you try to use the public IPs inside of the network
<nick125> So I end up having to setup a separate DNS server somewhere that points to the local IPs....so when I go to nick125.com, instead of getting the public IP, I'll get the local IP.
<jmarsden> Yes, you probably would... local DNS server can be on your server (the one with 2 NICs) -- you already have that server, so use it...
<nick125> Maybe I should just redesign my network to not be so....quirky.
<jmarsden> Yes.  I don't know if the NAT approach is really any cleaner than adding a line to rc.local... just trying to think up alternatives.
<jmarsden> Or, if the $50 is a one time fee... just pay the $50 :)
<nick125> Well, it's $50 plus $1/month....on top of the $80USD I'm paying them a month.
<jmarsden> OK... now compute what your time is worth redesigning the network and testing odd configurations etc etc... is it work $50 plus $1/month to you to avoid that headache?
<nick125> I'm not sure, especially considering that I might switch ISPs next month.
<jmarsden> Well, if you can switch that easily... drop a line into rc.local for a month, and clean up once you switch ISPs :)
<\sh> moins
<uvirtbot> New bug: #393450 in samba (main) "[SRU] pam_winbind Use incorrect value for password expiry calculation" [Undecided,Fix committed] https://launchpad.net/bugs/393450
<_ruben> hm .. i thought there was a way to tell cron to not log to syslog only for certain cronjobs .. cant seem to find anything on it though :(
<atomic__> yeah, that's been bugging me too
<atomic__> you can send a script's output do /dev/null though :)
<negge> that's what I do as well
<_ruben> that has nothing to do with cron itself logging to syslog though :)
<henkjan_> i'm thinking about using etckeeper
<henkjan_> any good reason to use bzr and not the default git?
<th0m> any news on the ssh remote exploit rumor .
<th0m> ?
<th0m> http://isc.sans.org/diary.html?storyid=6742
<socketbind> hi, i have installed ubuntu server 9.04 on a simple desktop machine to act as a file server. i seem to have a network card issue which im unable to fix
<socketbind> in the middle of large file transfers the ethernet card silently fails. there are no kernel error messages and the machine does not freeze
<socketbind> bringing down and up the ethernet interface fixes it
<socketbind> i'm unable to fix it and need some help. it is using the via_rhine driver
<pixlbox> does anyone know how to set up ftp access to authenticate via mysql, ive tried the vsftp and mysql tutorial on howtoforge but its not working
<iceonnet> is this command correct? sudo /usr/sbin/useradd <username> -m -p <encrypted password> -s /bin/sh
<_ruben> i'd put the username last as last parameter to be sure, looks fine otherwise
<iceonnet> ok, let me try that
<U2GB> look man useradd and man adduser
<iceonnet> thank you very much, worked like a charm =)
<iceonnet> is there any way to force a user to log out?
<_ruben> kill all of its shells
<iceonnet> to find the shells i write ps -x?
<cjwatson> th0m: nothing concrete to my knowledge, just rumours
<cjwatson> th0m: panicking's likely to be unhelpful
<th0m> how could i find the process which sendmail ?
<th0m> i'm cleaning a box, cant find the process spamming (think of apache, but cant find in the log)
<th0m> is there a way to identify the process executing the sendmail cmde ?
<hito_jp> th0m: I'm beginning to get the picture, please check your situations. 1) Are you in troubles that your server are spaming e-mails without your will?  2) Are you use some web-apps? or not?
<cjwatson> replace the sendmail process with a shell wrapper that prints its parent process id ($PPID) to a log file and then execs the real sendmail
<uvirtbot> New bug: #397054 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.1 failed to install/upgrade: Unterprozess post-installation script gab den Fehlerwert 1 zur?ck" [Undecided,New] https://launchpad.net/bugs/397054
<ruben23____> hi
<ruben23____> how do i check if openssh-server is installed on the ubuntu server
<bitprophet> dpkg --list | grep openssh
<bitprophet> (or grep openssh-server to be super specific, but I find a wider net is often more useful in case one has the package name wrong or made a typo)
<wizardslovak> hello
<wizardslovak> i need someone to help me set up apache and print server
<wizardslovak> !print server
<ubottu> Sorry, I don't know anything about print server
<wizardslovak> !print
<ubottu> Printing in Ubuntu is done with cups. See https://help.ubuntu.com/community/Printers - https://wiki.ubuntu.com/HardwareSupportComponentsPrinters - http://linuxprinting.org - Printer sharing: https://wiki.ubuntu.com/NetworkPrintingFromWindows
<ruben23____> <bitprophet>the output is  ll client, an rlogin /rsh/rcp repla       1:4.7p1-8ubuntu 1.2
<ruben23____> is my openssh server installed..?
<ruben23_> hi i do dpkg --list | grep openssh then -------------> ii open ssh - client ll client, an rlogin /rsh/rcp repla       1:4.7p1-8ubuntu 1.2
<ruben23_> is my openssh server installed..?
<bitprophet> ruben23_: nope, openssh-client is just the client stuff, you don't seem to have openssh-server
<bitprophet> Unless the server package name changed drastically after 8.04
<ruben23_> anyone have idea..
<bitprophet> can't you just aptitude install openssh-server ?
<specto> sudo apt-get install openssh-server should work
<ruben23_> yes i already do that..
<ruben23_> <specto> should i enable something first on my source.list
<ruben23_> this is a fresh install
<specto> ruben23_: no, its on every installation
<specto> ruben23_: even jeos
<ruben23_> <specto> i cant login through it
<ruben23_> remotely
<specto> ruben23_: that could be other problems
<specto> ruben23_: ps aux | grep ssh
<ruben23_> ssh is installed by default on ubuntu server
<ruben23_> ok
<specto> ruben23_: sudo netstat -natp | grep sshd
<ruben23_> ok
<specto> What does it say?
<ruben23_> in a minute got disconnected-need to reboot the server..
<ruben23_> <specto>...?
<ruben23_> for my ps aux | grep ssh
<ruben23_> 4425 0.0 0.0 5164 800 tty1 s+ 22:42 <-------------------output
<ruben23_> netstat -natp | grep sshd
<ruben23_> i got emty output
<ruben23_> empty
<alexm> ruben23_: what does this say? sudo lsof -i tcp:ssh
<ruben23_> ok
<alexm> this is what is saying for me:
<alexm> COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
<alexm> sshd    3225 root    3u  IPv4  23143       TCP *:ssh (LISTEN)
<alexm> sshd    3225 root    4u  IPv6  23145       TCP *:ssh (LISTEN)
<ruben23_> <alexm> sorry getting hard to transfer im not on terninal
<ruben23_> writing the details on the server now
<alexm> ok then, ruben23_
<alexm> just look for those LISTEN entries
<alexm> are they on the lsof output?
<specto> check if it is running 'ps aux | grep ssh
<ruben23_> ps aux | grep ssh------------------------>4425 0.0 0.0 5164 800 tty1 s+ 22:42
<ruben23_> unknow protocol for  lsof -i tcp:ssh
<alexm> what about... sudo lsof -i tcp:22
<alexm> specto: i'd suggest to grep for sshd instead
<alexm> as in ps aux | grep sshd
<ruben23_> maybe i guess need to reload the OS server itself
<ruben23_> again
<nick125> Good morning everyone
<alexm> ruben23_: no, there's no need to reboot
<alexm> is lsof -i tcp:22 giving you the same error?
<cvw> Cheers
<cvw> Got an issue with networking, our interfaces file is setup properly.  when calling "ifup eth0" the interface is brought up properly.  However, /etc/init.d/networking (re)start dose not bring the device up as expected.  What could we be doing wrong here?
<ruben23_> hi guys
<ruben23_> i have install ubuntu server 8
<ruben23_> during installation
<ruben23_> i was not prompt for network configuration
<ruben23_> directly goto hostname and partitioning
<sommer> ruben23_: by default the installer uses dhcp
<ruben23_> ok
<ruben23_> on the partition side what would i best select..?
<sommer> ruben23_: totally depends on what type of server it's going to be
<ruben23_> what is the default by it..?
<ruben23_> use entire disk
<sommer> ruben23_: I don't know if there is a hard and fast default, but the most flexible IMHO is LVM entire disk, that is if you don't know exaclty how you want the layout up front
<ruben23_> ok
<alexm> sommer: i usually set up /boot outside LVM, maybe for historical reasons, isn't non-lvm /boot needed anymore?
<sommer> alexm: nope... at least I've never had a problem putting /boot on LVM
<sommer> alexm: but I think the automated whole disk lvm will create a seperate /boot so you're probably right that's a safer way to go
<Edwi1> hi people
<alexm> i'm sure i had problems with that in the past with this, so i was just wondering
<alexm> s/ with this//
<alexm> sommer: btw, i installed nagios3 and munin following the karmic serverguide and it worked wonders
<alexm> i just missed a note explaining how to setup munin plugins (i found it in munin docs anyway)
<Edwi1> I have a problem installing virtualbox 3, it says that Ther is no enough space in /tmp while it tries to compile a kernel module for virtualbox, how can I change the space of /tmp ? (thanks in advance)
<sommer> alexm: good to hear :)
<ivoks> so, what's the deal now?
<ivoks> we have to submmit bug reports for syncs from debian? :)
<sommer> isn't that the procedure after debian freeze, or whatever the freeze is?
<ivoks> https://wiki.ubuntu.com/DebianImportFreeze
<ivoks> let's read...
<ivoks> ok... i request a sync from debian :)
<ivoks> any core dev around? :)
<Edwi1> sorry, I don't mentioned that I am using Ubuntu Server 8.04 LTS
<alexm> Edwi1: is /tmp on lvm?
<Edwi1> alexm is /tmp
<Edwi1> but I don't see where can I define or resize it
<alexm> Edwi1: what does df /tmp say?
<Edwi1> I was googling for a while and in some site says that it's chageable in /etc/fstab but I could not see anything abount /tmp or /tmpfs
<alexm> Edwi1: please, can you tell what says df /tmp?
<Edwi1> alexm: df -h /tmp/
<Edwi1> Filesystem                    Used  Disp Usage% Mounted
<Edwi1> overflow              1.0M  1.0M     0     100%         /tmp
<alexm> overflow? it's the first time i see this
<Edwi1> alexm sorry if something is bad translated
<Edwi1> yeah, alexm... me too!  :O
<alexm> Edwi1: this is what i get
<alexm> Filesystem           1K-blocks      Used Available Use% Mounted on
<alexm> /dev/mapper/tleilax-root
<alexm>                       20806268  16389232   3368460  83% /
<alexm> and /dev/mapper/tleilax-root in that case means logical volume root in volume group tleilax
<alexm> Edwi1: can you please run... grep /tmp /etc/fstab ?
<Edwi1> alexm how you could saw that information (what command)
<Edwi1> ok alexm wait a minute...
<alexm> Edwi1: df /tmp
<Edwi1> alexm, grep /tmp /etc/fstab   don't showed anything
<ivoks> mount | grep /tmp
<Edwi1>  df /tmp/
<Edwi1> S.ficheros         Bloques de 1K   Usado    Dispon Uso% Montado en
<Edwi1> overflow                  1024             1024         0      100%     /tmp
<Edwi1> sorry, it is spanish :$
<ivoks> i said
<ivoks> mount | grep /tmp
<ivoks> just copy paste
<Edwi1> ivoks: ~$ mount | grep /tmp
<Edwi1> overflow on /tmp type tmpfs (rw,size=1048576,mode=1777)
<ivoks> so, tmpfs, of 1MB size
<ivoks> what did that?
<Edwi1> yes ivoks, it seems... :-/
<Edwi1> I don't know ivoks, this ubuntu server was installed for another person
<alexm> but shouldn't it be an entry in fstab for /tmp?
<ivoks> well, a script could do it
<Edwi1> I don'tknow if the problems regarding with virtualbox can get solved resizing that filesystem, and btw how can I change it...
<alexm> tmpfs means that /tmp is in memory not disk
<Edwi1> alexm, unfortunately there is not any entry for /tmp in /etc/fstab  :(
<ivoks> you don't need to resize it
<ivoks> just umount it :)
<ivoks> copy the data before that
<ivoks> maybe there's something valuable
<Edwi1> ivoks:  really?
<ivoks> yeah
<ivoks> mkdir /var/tmp/tmp_tmp
<ivoks> cp -a /tmp /var/tmp/tmp_tmp/
<ivoks> umount /tmp
<alexm> ivoks: you're right, it's the best way
<ivoks> and then copy it back
<Edwi1> actually there is other people having a session on it server, it server is running an instance of vnc-server
<Edwi1> I supose that they (remote people) will lost their session if I made that changes, right?
<alexm> you could see if there's any file open in /tmp with ... sudo lsof /tmp
<Edwi1> alexm, it seems that smeone is using something... please check the output of  lsof /tmp
<Edwi1> lsof /tmp/
<Edwi1> lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/siget/.gvfs
<Edwi1>       Output information may be incomplete.
<Edwi1> COMMAND     PID      USER   FD   TYPE DEVICE SIZE  NODE NAME
<Edwi1> seahorse- 31852 dataguard  cwd    DIR   0,21  860 11868 /tmp/
<alexm> it seems that dataguard has a gnome session on the server
<alexm> either you tell him to logout for a while or that you'll kill his seahorse-agent
<alexm> seahorse is the gnome app that deals with passwords and keys
<ruben23_> hi can proceed with the installation of ubuntu
<ruben23_> got error when formatting partion
<ruben23_> what would i do
<ruben23_> it stop responding and stay for long
<Edwi1> ah ok alexm... but currently I am logged in the server as dataguard
<alexm> ruben23_: it could be a problem with the disk, what kind of error did you get?
<Edwi1> what could happen if I kill that process?
<ruben23_> it just freeze for long
<ruben23_> how do i reformat my entire disk
<ruben23_> might resolve the problem
<alexm> Edwi1: if you just kill it as in "kill 31852" mot much, seahorse-agent is expected to end ok
<Edwi1> ruben23_:  you can reformat the entire disk with a livecd
<alexm> but you can logout, go to a console and then login, perform the copy as ivoks explained, umount /tmp, logout and log back in gnome
<ruben23_> <Edwi1>the ubuntu installer itself../
<ruben23_> ?
<alexm> ruben23_: you're using the ubuntu server installer or any other?
<Edwi1> thanks alexm, I'll kill such process...
<alexm> Edwi1: just remember to logout and login back when finished with /tmp just in case you need seahorse-agent later
<Edwi1> I have done a copy of /tmp to /var/tmp/tmp_tmp
<ruben23_> ubuntu server 8
<Edwi1> alexm, but in your opinion how much space has to have aUbuntu Server that is used only for backup data from using an application to do that?
<Edwi1> will be doing the problem the actual size of /tmp or tmpfs ??
<alexm> Edwi1: did umount /tmp work?
<alexm> what does df /tmp say now?
<ruben23_> <alexm>...?
<Edwi1> I have did not the changes yet alexm :$
<alexm> ruben23_: to perform tests on the disk it'd be better to boot a live cd and run gparted, install smartmontools, etc.
<Edwi1> actually I have the irc from the server  :-/
<Edwi1> alexm, so I am thinking in just kill the process
<alexm> ruben23_: otherwise, you should change to a console on the first step of the debian-installer booting from the ubuntu server and proceed from there on the command line
<ruben23_> ok
<ruben23_> then on the console
<uvirtbot> New bug: #397143 in drbd8 (universe) "Please merge drbd8 2:8.3.2-1 (main) from Debian unstable" [Medium,Confirmed] https://launchpad.net/bugs/397143
<alexm> Edwi1: sure, i thought you had already killed it ;-)
<Edwi1> hooray!!! I killed the process and didn't happen ;)
<Edwi1> jajaja
<ivoks> testdisk is the best tool for disks
<Edwi1> for mounting again the /tmp  I just have to type: mount /tmp  to get mounted ???
<ivoks> Edwi1: why would you do that at all?
<ivoks> 1MB is not enough for /tmp
<alexm> Edwi1: no, you'll be using /tmp from the / partition
<ivoks> if you want to have /tmp in ram
<ivoks> add something like this:
<Edwi1> sorry, actually /tmp doesn't have its partition, it dependes under  /
<ivoks> tmpfs /tmp tmpfs size=130000000 0 0
<Edwi1> but, wait a minute friends... I can't umount /tmp  it says "device is busy"
<Edwi1> lsof /tmp/
<Edwi1> lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/siget/.gvfs
<Edwi1>       Output information may be incomplete.
<alexm> Edwi1: you'll have to logout
<specto> Edwi1: you'll probably have to boot to another cd....
<Edwi1> please, check this lsof output:
<Edwi1> umount /tmp/
<Edwi1> umount: /tmp: dispositivo ocupado
<Edwi1> umount: /tmp: dispositivo ocupado
<specto> !pastbin
<ubottu> Sorry, I don't know anything about pastbin
<specto> !pastebin
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. Ubuntu pastebin is at  http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from  command line | Make sure you give us the URL for your paste - see also the channel topic
<alexm> Edwi1: sorry, siget user should logout
<alexm> or umount /home/siget/.gvfs
<Edwi1> "dispositivo ocupado" is similar to "device is busy"
<Edwi1> ok alexm, I will try with your last advice
<Edwi1> alexm, it says again "device is busy"
<alexm> Edwi1: please, run sudo lsof /tmp
<Sam-I-Am> or fuser /tmp
<Edwi1> alexm, losf command, now doesn't show anything
<Edwi1> Sam-I-Am: fuser /tmp don't show anything, too
<alexm> Edwi1: now, try to sudo umount /tmp again
<Edwi1> alexm, /# umount /tmp/
<Edwi1> umount: /tmp: dispositivo ocupado
<Edwi1> umount: /tmp: dispositivo ocupado
<Edwi1> alexm, remembering "dispositivo ocupado" is equal to "device is busy"
<Edwi1> :-/
<Sam-I-Am> lots of stuff writes into tmp
<alexm> Edwi1: i know
<Edwi1> alexm :)
<alexm> Edwi1: new approach... sudo ls -l /proc/*/fd|grep /tmp
<Edwi1> thanks alexm, I'll try that :)
<Edwi1> alexm, the output of last advice you gave me is in: http://paste.ubuntu.com/213115/
<alexm> so users dataguard and siget should logout from their sessions in order to umount /tmp
<alexm> you could try to stop tracker et al. but it'll be a lot harder
<Edwi1> thanks alexm, but the easy way is killing the session for siget (a remote user connected) and I have to logout
<Edwi1> but if I had to do the hard way, how can I stop tracker ?
<alexm> in preferences > startup applications there's a way to stop tracker
<alexm> but you won't be able to do so for user siget
<alexm> unless you kill all tracker processes on the system
<Edwi1> alexm, what you can recommend me to do for user "siget"
<alexm> i'd try to ask him to logout first
<Edwi1> alexm, I called him by phone to his office but he is not there, so he gave permission to finish his session
<Edwi1> he told me that doesn't left running anything on the server
<alexm> so you're asking how to finish his session, isn't it?
<Edwi1> yes alexm
<alexm> since he doesn't care or recall having a session open then a "killall -u siget" should do
<Edwi1> ok alexm, i'll do that
<Edwi1> (btw, thanks for your help alexm)
<alexm> :-)
<ivoks> wow
<ivoks> killall -u
<ivoks> i always used slay
<Edwi1> alexm, i'll back... I'm going to logout (I am logged as dataguard)
<Edwi1> and I will try to umount /tmp from the console
<ruben23_> hi if my HDD is formatted with ntfs--->can i still used it to install ubuntu...server
<specto> ruben23_: I wouldn't, while ntfs-3g seems to perform decently compared to a native file system such as ext3 it's not acceptable for a server.  Just use a VM?
<ivoks> ruben23_: that most probably wouldn't work
<ivoks> you wouldn't have UNIX ACL's
<ruben23_> <specto> im formatting the HDD on a windows platform then put it again on my server to installed the default linux setup-but still got freeze during formatting on partition part.
<ivoks> which would render it useless
<specto> ruben23_: sounds like there is something wrong with your hard drive
<ivoks> anyway, good night
<ruben23_> how to boot on command pompt in the install cd..of ubuntu server
<alexm> Alt-F2
<ruben23_> <alexm> on boot up of CD..?
<alexm> no, you must start the installation process
<alexm> let the install process to detect your discs, etc. and then press Alt-F2
<ruben23_> then ill press Alt_f2 on what part..?
<ruben23_> ok
<alexm> or Alt-F3 ... there are a few consoles open
<ruben23_> <alexm> on the console ill reformat my HDD- with fdisk
<alexm> the installation process will perform some interesting setup steps for you: loading modules, network settings, etc.
<alexm> then, once on the console you can change the partition layout with fdisk, if you like to
<ruben23_> <alexm>on what part of the installation ill set ALT+f2
<ruben23_> when it prompt me for network setup..? partition?
<alexm> you can switch consoles anytime
<alexm> at least wait for the discs to be detected
<alexm> i don't have an exact picture of the whole d-i screens in my mind right now
<ruben23_> ok hope this will work for my HDD now
<alexm> nevertheless, you should check the disk for defects anyway
<alexm> one way to do it is with badblocks
<billybigrigger> hey all
<alexm> or with dd if=/dev/sda of=/dev/null
<alexm> or with testdisk
<billybigrigger> anyone know why i wouldn't be able to bring up eth0? i have it set to dhcp, and i know it works, static doesn't work either
<ruben23_> <alexm> whats your location..?
<ruben23_> :)
<billybigrigger> nvm, interfaces had an entry for eth0, and it needed to be eth1
<alexm> ruben23_: i'm near barcelona, es
<ruben23_> <alexm>---ow nice..
<ruben23_> im in the console now
<alexm> billybigrigger: check that interface names match the right mac address in /etc/udev/rules.d/70-persistent-net.rules
<alexm> ruben23_: the uds karmic venue was just 10 minutes away from my home ;)
<ruben23_> nice
<ruben23_> <alexm> are you a sysadmin..?
<alexm> yes, i work at the upc university in barcelona
<alexm> good night
<ruben23_> hi can i used cfdisk on ubuntu...?
<ruben23_> in the installation process on the console
<ruben23_> i got error------------------------------------------------>dos compatibility flag is not set
<DelphiWorld> hello
<KillMeNow> Howdy
<DelphiWorld> please how i can use static IP unstid of Using DHCP?
<KillMeNow> you have to edit your interfaces file
<DelphiWorld> UBUNTU SERVER 8.10
<KillMeNow> in /etc/network/interfaces
<DelphiWorld> ok
<KillMeNow> make sure you read this:  man interfaces
<KillMeNow> also make sure you are editing the right interface...  ifconfig is your friend
<KillMeNow> ifconfig will show you all network interfaces on the system
<DelphiWorld> ok
<ruben23_> hi-im on ubuntu installation terminal use fdisk on partioning- then now would like to run mkfs -t ext2 /dev/hdb1------> error mksf not found
<KillMeNow> ruben, why do you want to use ext2 filesystem?
<KillMeNow> use ext3
<KillMeNow> also, if you're installing Ubuntu, it can format and partion your drives for you
<nick125> Hmm...when doing RAID/LVM in Ubuntu, where do I put my /boot? Should I create a separate partition?
<KillMeNow> if all you have is the one RAID drive set w/o a free standing drive, you kinda have to put your /boot partition on the RAID.  Otherwise, if you have another drive you can mount that partition on a separate drive
<KillMeNow> follow?
<KillMeNow> here is a good article about building raid with Ubuntu:  http://advosys.ca/viewpoints/2007/04/setting-up-software-raid-in-ubuntu-server/
<KillMeNow> this is a decent looking article as well:  http://beginlinux.com/server_training/server-managment-topics/1001-raid-5-with-lvm-on-ubuntu-804
<KillMeNow> gotta go get some other things done but i'll be back in a while
 * KillMeNow[A] is now away - Reason : Not here right now
<ruben23_> <KillMeNow>sorry got disconnected----> yes i used the installation but during format my HDD freeze in progress
<jeiworth> saaaaay guys, what would be the best solution to block a machine from communicaating with the internet, i.e. i only want to allow network traffic from and to local machines/IPs?
<KillMeNow[A]> :jeiworth
<Reepicheep> jeiworth: don't give the machine a gateway
<KillMeNow[A]> that was the first suggestion before i accidentally hit enter
<hggdh> or block it at the router
<KillMeNow[A]> or if you wanted to be studly and set up your IPTables output chains to block all internet access except for your local networks
<Reepicheep> or iptables, or even better.. layers are good so do them all
<KillMeNow[A]> ok, now i am away
<jeiworth> Reepicheep: hmm but will then be reachable over its hostname or just its ip?
<Reepicheep> that shouldn't matter
<KillMeNow[A]> oh yea Ruben...  if you're using older hardware (Megaraid scsi for example) I don't think ubuntu supports that anymore
<jeiworth> <hggdh> or block it at the router <-- i am trying to convince the customer to do that but their linksys doesnt seem to offer that option :-/
<Reepicheep> that is dependent on the sources machines DNS settings and the DNS server or host file
<ruben23_> <KillMeNow[A]> :)
<KillMeNow[A]> i had a old megaraid hardware scsi raid controller and Ubuntu installs always failed on about the same place you're describing...  wound up pitching the controller for something else
<hggdh> jeiworth, heh. Being cheap sometimes bites back ;-) But I find surprising that their router does not even provide parental controls
<ruben23_> no im using SATA new one
<KillMeNow[A]> ok now i am REALLY away
<KillMeNow[A]> check to make sure that the SATA controller is in the supported hardware list
#ubuntu-server 2009-07-09
<jeiworth> Reepicheep: ok, we'll give it a try, thanks!
<ruben23_> sata is not supported on ubuntu..?
<Reepicheep> ruben23_:  sata is supported .. it is the controller card that may not be
<jeiworth> hggdh: yes, me too, i have 2 linksys, which both run with ddr-wrt, so i dont really remember what options are available in the original firmware
<jeiworth> lol ddr :D dd-wrt of course
<jeiworth> brb
<Reepicheep> jeiworth: you should then be able to block it at the router with dd-wrt (as long as that is the router that you are working with)
<Edwin1979> jeiworth: an off-topic question...
<Edwin1979> jeiworth: what is the meaning of 'brb' ? :D
<Reepicheep> but like I said before security comes in layers .. so block it at as many layers as possible
<Reepicheep> Edwin1979: brb = be right back
<Edwin1979> thanks Reepicheep !!! :D
<jeiworth> Edwin1979: hehe brb==be right back  ;)
<Edwin1979> thanks jeiworth ;)
<jeiworth> Edwin1979: iirc there is a whole wikipedia pages dedicated to irc abreviations :D
<jeiworth> (iirc==if i remember correctly)
<Edwin1979> jajajajaja, another IRC abreviation ;)
<jeiworth> Edwin1979: hehe are you from a spanish speaking country maybe?
<Edwin1979> yes I am jeiworth, I imagine because our way to laugh (jajajaja instead of hahahaha or hehehehe, right) ;)
<Edwin1979> I imagine you discovered that*
<pixlbox> i wanna use python and django with my server, has anyone installed these before ?
<DelphiWorld> hi
 * KillMeNow is no longer away : Gone for 1 hour 17 minutes 12 seconds
<jetole> does anyone know a good log aggregation type system for linux/unix syslog and windows event log where it is collected in one place and allows an easy way to view/manage log data?
<pmatulis> KillMeNow: hey, did you get ruben sorted out last night?
<KillMeNow> i am not sure
<KillMeNow> last i heard he installed openssh-server and never came back
<KillMeNow> eariler today he was having issues with mkfs ext2 when installing ubuntu
<KillMeNow> jetole - hit freshmeat.net or sourceforge
<KillMeNow> just make sure you pick a project that is recent...  you can also push all syslog to another server and then use ngsyslog ?  it allows you to collect syslog info in to a mysql database
<KillMeNow> google around, you should find something you're looking for
<cjwatson> or indeed rsyslog, which is what we'll be using in karmic
<pmatulis> cjwatson: really?  so that's final?
<cjwatson> yes
<KillMeNow> cjwatson, does rsyslog allow logging in to a SQL Database?
<pmatulis> KillMeNow: yes it does
<KillMeNow> oooh...  that's hawt...  last time i did it was on Centos 4 using syslogng or was it ngsyslog
<KillMeNow> anyways, it was hawt!
<pmatulis> rsyslog has a lot of nifty features
<pmatulis> native encryption, disk queues, and logging templates come to mind
<KillMeNow> last time i set it up was to collect all the PPPoE authentications from a Redback, made life easier to grep out issues
 * pmatulis has trouble with people who beg for help and disappear once provided the missing piece
 * KillMeNow believes in "Teach a man to fish and he'll feed himself"
<e-jat> if i have dual quad processor ... how to check/monitor if ubuntu maximize / utilizing all the cpu cores? if from top i can see it using 1 cpu only ..
<twb> e-jat: you should have a load of n where n is the total number of cores.
<twb> That is, if it is under full load.
<twb> For example, a dual-core, single-cpu system would have a load of around 2.00 when fully utilized.
<twb> uptime(1) is an easy way to print the load averages.
<oh_noes> Anyone know anything about open-vm-tools and if/when they'll ever be a stable production version to install on 8.04 LTS servers?
<twb> oh_noes: you mean compared to vmware-tools?
<oh_noes> well, vmware tools isnt a deb package is it ?
<twb> They're essentially the same codebase, so I don't see how they're any less stable.
<twb> Note that open-vm-tools is *only* for vmware guests.
<oh_noes> well, canonical arent publishing open-vm-tools in the primary production repositorries because it's not stable
<twb> oh_noes: so by extension, neither is VMware
<twb> But I think you'll find Ubuntu place open-vm-tools in multiverse because it is unsupported software that depends on unsupported proprietary software (namely, vmware), and it is not available in Hardy because it didn't exist at the time.
<oh_noes> oh, so its in multiverse, just not main.
<twb> http://packages.ubuntu.com/search?keywords=open-vm-tools
<twb> Usually I have a test server with all categories and a bunch of releases enabled, so I can see what's what using apt.
<poseidon> I'm trying to create a little home server with an old computer and ubuntu-server.  I can't seem to get the wireless card to work, however
<poseidon> It's a d-link dwa-130
<twb> !lspci
<ubottu> Sorry, I don't know anything about lspci
<twb> !wireless
<ubottu> Wireless documentation, including how-to guides and troubleshooting information, can be found at https://help.ubuntu.com/community/WifiDocs
<twb> poseidon: you might not get much help with wireless here, as it's rarely used in a server.  You might wanna also try #ubuntu or something.  (By all means hang around here, too, though.)
<billybigrigger> if i want a video to play inside the browser, do i have to have apache parse .avi files properly?
<billybigrigger> http://www.thefrozencanuck.ca/burnout.avi doesn't seem to want to play
<billybigrigger> but i know its on the server
<billybigrigger> ahh wrong perms
<billybigrigger> nope still not workign
<billybigrigger> 766 should be good enough to view it?
<twb> billybigrigger: works for me
<billybigrigger> ya i think its firefox 3.6 thats the problem
<billybigrigger> crashes everytime i hit the link
<twb> I was testing with wget
<billybigrigger> ahh
<twb> Firefox is for chumps
<billybigrigger> i thought it might have been the app handler in apache or perms
<billybigrigger> seems to be working now though
<billybigrigger> 3.6 is nice :P
<twb> I guess you need to make sure it's sending the appropriate content type
<billybigrigger> startup times feel like its being restored from minimizing
<twb> Content-Type: video/x-msvideo
<billybigrigger> where can i add content types
<billybigrigger> i was going to add it to /mods-availabe/mime.conf
<billybigrigger> but see no other similar entries
<twb> billybigrigger: sorry, that is what content-type you ARE sending, I guess it's right
<twb> The content-type is what the browser uses to work out what to do with the file
<MT-> Anybody around that uses logcheck?
<twb> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<MT-> Would this regex -> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: pam_unix(cron:session): session opened for user smmsp by \(uid=0\) match this string? Jul  8 08:20:01 insto CRON[30795]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
<MT-> twb: sorry
<twb> MT-: the logcheck docs explain how to test regexs
<MT-> oh, ok
<MT-> thanks
<twb> (Sorry, I'm a bit busy.)
<alex_joni> greetings, having a small routing problem (probably something misconfigured, but can't figure it out)
<alex_joni> I have a NAT box (8.04 server) with 2 interfaces (eth0 internal, eth1 external ip)
<alex_joni> when I try to reach the internal network, I see the server is using it's external ip addy.. any idea what I should check?
<alex_joni> (route seems ok)
<cemc> alex_joni: reach how ?
<twb> My wild guess is that your DNS setup is providing the wrong address for the server, to client machines on its LAN
<twb> But the information you've given so far means it could be absolutely anything -- it's not really clear what you're trying to do.
<_ruben> i'd guess that the nat rule is configured "too wide", as in: gets applied to internal traffic as well, instead of just internet-directed traffic
<alex_joni> cemc: sorry.. found a problem in my iptables script
<alex_joni> seems I was pushing everything through MASQ even the nat box
<alex_joni> _ruben gets a cookie ;)
<alex_joni> thanks guys
<twb> Aw, I lost.
<_ruben> hehe
<_ruben> cookie for breakfast ... yum
<twb> I got doughnuts yesterday!
<twb> Usually I only have meal.
<twb> Well, oats, anyway
<uvirtbot> New bug: #397312 in nagios-plugins (universe) "Please merge nagios-plugins 1.4.13+git200906171200-1(main) from debian unstable(main)" [Undecided,New] https://launchpad.net/bugs/397312
<MT-> I'm trying to setup loggerhead. I have no idea what I'm doing... I installed it and I have no idea where to go from here
<CTShadow> i've got an ubuntu 8.10 server with 2 nic's sharing the same subnet and ltsp installed. on eht0 i've got my production network and on eth1 are my ltsp clients. the server leases ip's with dhcp via both interfaces, but does not respond on arp requests on eth1 (the ltsp interface). how can i fix this?
<alex_joni> CTShadow: maybe you can try to enable proxy_arp on both interfaces
<alex_joni> echo "1" > /proc/sys/net/ipv4/conf/eth0/proxy_arp
<simplexio> CTShadow: just a guess but /proc/sy/net may have some nice switch to help
<MT-> How can I get all of apache2 back to its original configuration?
<simplexio> thoght. i have a bridge conf on 3 interfaces and all interface have proxy_arp 0
<MT-> I tried to use apt-get --reinstall, I tried to purge and reinstall, nothing works - not all of the files are recreated
<simplexio> MT-: dpkg-reconfgiure apache2 may help
<simplexio> .. dpkg-reconfigure
<MT-> I tried that too...
<soren> MT-: Which files are you missing, exactly?
<soren> purging the existing files and installing them again certainly should reset everything.
<MT-> all of them
<simplexio> MT-: one option is go to /var/cache/apt/archives/ and extract apache package and look if there is conf files that you can use, but that a little "hack" around package manager
<MT-> I think I got it... needed to purge apache2.2-common first
<soren> MT-: Which packages did you remove?
<soren> MT-: Right. apache2.2-common owns the configuration files.
<MT-> still not getting to loggerhead :(
<soren> Hm? What does loggerhead have to do with it?
<MT-> that was what made me screw everything up
<MT-> So... can anybody help me figure out how to setup loggerhead?
<MT-> I installed it and supposedly it should just work on port 8080, but it's not listening at all
<MT-> oh....
<twb> MT-: did you read /usr/share/doc/loggerhead/README.Debian.gz?
<twb> And indeed anything else in that dir
<MT-> twb: I'll try to work off that file
<MT-> ok... so loggerhead will load once. If I reload the page or click anythin the daemon dies... -_-
<CTShadow> alex_joni, simplexio: thanks, ill try that and report back
<MT-> loggerhead is dying after every single page load - AH!
<MT-> This is ALL I can get for error logs http://bzr.pastebin.com/m6d8b2cbb
<MT-> error.log is empty
<MT-> Can anybody tell me if this file looks right? I'm guessing it's probably why this is breaking? http://bzr.pastebin.com/ma4b26c3
<soren> Sorry, never used loggerhead, so it's a bit hard to tell.
<CTShadow> alex_joni: Unfortunately that did not work. i also did an /etc/init.d/networking restart. do i have to do anything else to make it work?
<covidiu> Hi. How do I enable automatic updates on Ubuntu Server?
<twb> drive-by querents :-/
<pat_> hi all I have a file, where I need to pull the text after the word central............. eg central/test............ well I need to pull the word test.... and Ideas ? , i can do the regex on central but I cannot get the text afterwards. I don't want the entire line, just the text immediately afterward
<alex_joni> pat_: I'd do a less | grep central| then sed
<alex_joni> or awk
<soren> pat_: Define "text immediately afterward". Up until the next space?
<soren> pat_: If so, this should do the trick:
<soren> sed -e '/central\// s/.*central\/\([^ ]*\).*/\1/ p' -n /path/to/the/file
<PC_Nerd1011> Hi, running 8.04 server, sudo aptitude install samba hangs on "starting samba daemons".  /var/log/samba/log/smbd mentions a: Unknown parameter encountered: "commend"..... to me that looks like a compile time issue that should have been fixed - but i cannot find anything by googling the error....  can anyone help me get samba installed?
<sommer> PC_Nerd1011: sounds like a config problem... should the word "commend" in /etc/samba/smb.conf be "comment" ?
<_ruben> or command .. who knows .. still i wouldnt expect it to hang though
<PC_Nerd1011> I'm not sure - I'll go and find it.. this was an install direct from "sudo aptitude install samba" - so I posted here straight away... just a moment.
<PC_Nerd1011> looks like it was...  so its probably a typo I made a few months ago when I was playing around with different bits and peices ( all ne server and all) - and when I uninstalled them they didnt remove configuration files. :) (time to keep debugging)
<sommer> PC_Nerd1011: just an fyi to remove a packages config files use apt-get purge $packagename
<PC_Nerd1011> ahh ok thanks :)
<PC_Nerd1011> um - how long should samba take to start on a dual code xeon server 2gb ram? - nothign in the error logs but hangs ( at least a minute so far) ?
<sommer> PC_Nerd1011: should take a couple of seconds... looks like you have another problem
<PC_Nerd1011> yup - just wiped the configuration file and starting fresh.
<PC_Nerd1011> ok... completely original smb.conf file , dhcp.conf is empty, /var/logs/samba/... log.smbd and log.nmbd both state samba has started - yet sudo /etc/init.d/samba start just hangs..... any suggestions on debugging?
<sommer> PC_Nerd1011: anything in /var/log/syslog
<sommer> or /var/log/daemon.log
<PC_Nerd1011> ok just a sec
<PC_Nerd1011> nothing in the last few hours from daemon.log, and nothign timewise that coresponds in syslog ( there are a few cron entries, but again nothign within about 1.5 minutes of each attempt at starting)
<PC_Nerd1011> * just tried again on syslog, and it appears that nmbd has written in a series of lines "become_local_master_stage2(396)", stating that my server {name} is now master on subnet IP.... but the IP is actually the server's IP and not the subnet at all.... could that be why its hangning?
<sommer> PC_Nerd1011: possibly...  you could also set the "log level = 3" option in smb.conf
<PC_Nerd1011> o..k.. , let me seek that line out.
<PC_Nerd1011> I think its crashing on "reloading printcap cache" even though I'm pretty sure I commented out all the printing related conf entries.
<uvirtbot> New bug: #306398 in php5 (main) "upgrading php5 package overwrites installed PEAR packages" [Undecided,Incomplete] https://launchpad.net/bugs/306398
<acalvo> Hello.
<acalvo> I work for an university, and we want to get rid of the manual deploying of OSes in the alum computers. We were thinking of using something thru BOOTP or PXE, but can't find a good tutorial or information. Does anyone know a good place to start?
<msantos> acalvo: this was a big help for me: https://wiki.koeln.ccc.de/index.php/Ubuntu_PXE_Install
<acalvo> well, I've two questions
<ruben23> hi got problem with ubuntu-server installation- when on partition part i got error the loading freeze...
<acalvo> 1) will it always start from PXE Install Server even if there is an OS installed?
<ruben23> how do i reformat my whole drive using linux installation disc
<acalvo> 2) how good is to user partimage server?
<msantos> acalvo: you can set boot preference in the bios usually
<acalvo> ruben23, why don't start from scratch?
<acalvo> ruben23, you can use mkfs.yourdesiredFS /dev/yourpartition
<acalvo> acalvo, ok, but it will always prompt to the installation
<ruben23> acalvo:  how do i do that--->can you give link to follow...?
<msantos> if you set local disk first and pxe second, it will only prompt if the disk is not bootable
<acalvo> msantos, good point...
<ruben23> msantos:sorry for that, but got no idea on your point newbie here....sorry again.
<acalvo> ruben23, for example, imagine you have the device SDA with 4 partitions, and you want to format SDA1 to EXT3, you must run mkfs.ext3 /dev/sda1 to achieve that
<ruben23> acalvo: am about to install form scratch--------> normally im installing ubuntu-server but can proceed during the partition section loading coz it hanged up and freeze the process, several time i attempted, so i decide to reformat my sata hdd first before doing instalation again, can i have option to reformat my hdd with an ubuntu-server installation disc..?
<acalvo> ruben23, well, yes, but it is part of the process. Of couse, you can do it from a terminal (ctrl+alt+[1-7]). But if your computer is hanging at the partitioning process, either is it something wrong with the media (CD or DVD) or is something wrong with your hardware
<ruben23> hmm..possible--->thanks for the hint
<ruben23> ill test the media first
<acalvo> ruben23, there is an option at the selection menu of the media
<ruben23> ok
<uvirtbot> New bug: #397203 in samba (main) "ldap.so missing from package" [Undecided,Incomplete] https://launchpad.net/bugs/397203
<TheFuzzball> Hello, I have installed Ubuntu server on a spair laptop so I can use it as a LAMP server but can't connect via an ethernet cable. How do I use the wifi card built into it?
<TheFuzzball> It doesn't show up with iwconfig, but I do know the driver that it uses
<mathiaz> kirkland: howdy!
<mathiaz> kirkland: question about libvirt+kvm - is there a safe way to check that all guests have shutdown correctly while rebooting the host?
<specto> !irssi
<ubottu> Irssi is a terminal based IRC client. See https://help.ubuntu.com/community/Irssi for help. See also !screen
<specto> how do I silence irssi parts and joins?
<pmatulis> specto: go to #irssi
<specto> pmatulis: eh, it was just a simple question thought someone might know
<kirkland> mathiaz: virsh list ?
<mathiaz> kirkland: hm - I was more thinking about the shutdown process
<mathiaz> kirkland: when you reboot the host, are all the kvm processes just killed?
<mathiaz> kirkland: is there a way to cleanly shutdown all the guests?
<kirkland> mathiaz: i'm don't know for sure, but i would certainly hope so
<uvirtbot> New bug: #397483 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.1 failed to install/upgrade: subprocess post-installation script returned error exit status 3" [Undecided,New] https://launchpad.net/bugs/397483
<uvirtbot> New bug: #397474 in openssh (main) "Is there a security ssh issue in ubuntu?" [Undecided,Invalid] https://launchpad.net/bugs/397474
<jdstrand> mathiaz: virsh shutdown <vm>
<mathiaz> jdstrand: right - does the shutdown libvirt script uses that?
<jdstrand> mathiaz: that sends an acpi event and if the guest has acpid installed, it will shut it down cleanly. if it doesn't, nothing happens
<mathiaz> jdstrand: right now I have to manually do that for all my vms before rebooting
<jdstrand> 'shutdown libvirt script'?
<jdstrand> oh
<jdstrand> I don't know about that
<cjwatson> http://lists.mindrot.org/pipermail/openssh-unix-dev/2009-July/027726.html, for anyone who's been worrying about this claimed openssh vulnerability
<jdstrand> mathiaz: I can say that there is a bug in libvirt in Jaunty that will stop (iirc) all machines started after the vm you requested to shutdown is shutdown
<jdstrand> ie, virsh start vm1 ; virsh start vm2 ; virsh shutdown vm1 -- both shutdown
<mathiaz> jdstrand: right - this may be annoying
<jdstrand> it may be fixed in karmic, I don't know yet
<jdstrand> s/may/is/ ;)
<jdstrand> s/may be/is/
<jbernard> kirkland: around?
<ivoks> just to give you an update on cluster stack
<ivoks> it seems that we could have full cluster stack by the end of the next week
<ivoks> upstream released all bits and pieces of what's needed for it
<jmedina> ivoks: congratulations and thanks
<uvirtbot> New bug: #397534 in mysql-dfsg-5.1 (universe) "package mysql-server-5.1 5.1.31-1ubuntu2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/397534
<Skaag> how do I mount a 'linux raid autodetect' partition?
<Skaag> ok I managed
<Max007> Hi
<Max007> I already use a bridged squid proxy but I'd want to do some traffic shaping with it too. What should I use ?
<specto> Max007: Hi Max007 , you may have to look into iptables traffic shaping
<specto> Max007: not fun though...
<ivoks> hello
<specto> hi
<specto> !hi | ivoks
<ubottu> ivoks: Hi! Welcome to #ubuntu-server!
<ivoks> ubottu is just being abused
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<specto> offtopic | ivoks
<specto> whoops
<specto> !offtopic | ivoks
<ubottu> ivoks: #ubuntu is the Ubuntu support channel, for all Ubuntu-related support questions. Please use #ubuntu-offtopic for other topics. Thanks!
<RoAkSoAx> lol
<ivoks> hm
<Guest45506> I have Ubunutu server running and I would like to make it into a dual boot. Is this "easy" to do?
<resno> guest45506 is now resno :) thanks
<beawesomeinstead> i've been thinking a while on a commercial for our client--local integrator. so, just out of curiosity, what do you guys think about and ad like this? http://img198.imageshack.us/img198/2411/img2426v.jpg
<beawesomeinstead> !offtopic | beawesomeinstead
<ubottu> beawesomeinstead, please see my private message
<resno> I have Ubunutu server running and I would like to make it into a dual boot, how should re-partition the drive?
<jpds> resno: Why would you want a server to dual-boot?
<resno> jpds: i isntalled server on laptop for some development work...
<resno> jpds: and to learn how to admin it...
<jpds> Couldn't you have used a VM or something like that?
<resno> in retrospect, that would have worked, but i didnt think this would happen.
<resno> ok, thanks.
<ruben23> hi, im instaling ubuntu server 8- on my server hardware problem is during reformatting- it takes long on 33% then my keyboard are blinking---> no progress, is this a signed of media errror or HDD....
<diffra> ruben23: Kernel panic.  Could be bad media, bad memory...  have you checked both?
<diffra> (by media I mean the hard disk, not the install disk.
<ruben23> ok, so waht i do with the HDD..
<ruben23> low level format it..?
<ruben23> then do installation again
<diffra> try to boot the ubuntu desktop cd and run smartctl -a /dev/sda1 (or /dev/hda1) -- pastebin the output
<ruben23> ok
<ruben23> ill go on console terminal..?
<ruben23> im using ubuntu-server
<metalfan_> hi
<metalfan_> what tool do you use to manage services that start at boot from the commandline?
<ruben23> diffra:..?
<ruben23> you there..?
<ruben23> run smartctl -a /dev/sda1 (or /dev/hda1) <---------------how do i do this on boot installation disc..
<ruben23> on the terminal
<ruben23> anyone...?
<ruben23> here can help
<metalfan_> ruben23, change to a console
<metalfan_> try alt+f2
<ruben23>  metalfan_: yes i do
<ruben23> then i run this smartctl -a /dev/sda1
<ruben23> it shows NOT FOUND
<ruben23> what would i do with that..?
<diffra> That's why I didn't suggest using one of the terminals, i doubt it's on the install CD.
<diffra> check all the terminals (alt+f2-f9... it's one of those) and look for error logs
<ruben23> ok
<metalfan_> ruben23, is that the complete error?
<metalfan_> does it say command not found?
<metalfan_> also i doubt that sda1 is right, sda would make more sense since you are searching for drive errors
<metalfan_> also check is sda is the correct drive/if its there
<metalfan_> have to go now
#ubuntu-server 2009-07-10
<Byron> Hello all
<Byron> I'm trying to install Ubuntu Server 2.9 and it keeps failing at the installation of the downloaded apps.
<Byron> "An installation step failed. You can try to run the failing item again from the menu, or skip it and choose something else. The failing step is: Select and install software"
<Byron> md5 is good. The integrity is good. Can't install packages
<diffra> 2.9?
<diffra> Also, check the other terminals to look for errors.  alt+f2, f3, etc.
<Byron> Sorry, 9.04
<Byron> No clue where I got that from
<Byron> diffra: I get a lot of 'package doesn't exist'
<diffra> Hmm... and the included integrity check tool came out clean?
<Byron> diffra: It appears to be the same 3 packages; libnewt0.52 ext2-modules and efi-modules
<Byron> diffra: Yes.
<Byron> After those 3 failed packages, there is this: "Falling back to the package description for console-setup-udeb"
<uvirtbot> New bug: #397644 in nagios3 (main) "Problem in post-install script" [Undecided,New] https://launchpad.net/bugs/397644
<quentusrex> I need help, the new ldap-utils won't look at the config file /etc/ldap/ldap.conf
<quentusrex> I can specify the host manually and it connects
<quentusrex> but if I just have the host in the config file, I get an error.
<KillMeNow> what error do you get?
<quentusrex> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
<quentusrex> it's not even trying to connect to the server...
<KillMeNow> is it localhost or on another machine?
<quentusrex> different machine
<KillMeNow> and when you specifiy the address of the different machine manually it works?
<Byron> Something is off. I restarted the install as there didn't appear to be internet access to the server (which is very odd). During the Install Base System, I get this now: Warning: Failure while configuring base packages. This will be attempted 5 times.
<quentusrex> KillMeNow: yes, when I specify the URI with the -H flag it works
<quentusrex> but when I leave it off and assume it will use the /etc/ldap/ldap.conf file it fails.
<KillMeNow> then we know that the port is open on the other end, have you tried to strace it?
<quentusrex> KillMeNow: yes, and it all works,
<KillMeNow> i'm not totally solid on LDAP so i'm kinda winging it...
<quentusrex> I've tracked the problem down to the fact that it isn't trying to open the config files.
<KillMeNow> so when you don't set it using -H and you restart the daemon while strace is running you don't see it crap?
<KillMeNow> ok permissions
<quentusrex> I'm running it as root
<KillMeNow> have you verified that the user account that is running the LDAP daemon has access?
<quentusrex> so there are no issues with permissions.
<KillMeNow> had to ask
<quentusrex> I'm running the client as root :)
<quentusrex> ldapsearch -x -d8 -v
<quentusrex> ldap_initialize( <DEFAULT> )
<quentusrex> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
<quentusrex> that's what I get...
<KillMeNow> did you configure the client side with like info?
<KillMeNow> in your ldap.conf file, do you have this line?  TLS_REQCERT allow ?
<quentusrex> nope
<KillMeNow> try adding it...  it might be the TLS certificate...  self-signed cert i'm guessing
<quentusrex> there are no certs involved.
<quentusrex> it's wide open openldap server.
<KillMeNow> ldap_sasl_bind says to me that it's looking for TLS
<quentusrex> but the second half says it can't even find the server
<KillMeNow> yes, it's trying to bring up TLS
<KillMeNow> and it says it can't CONNECT to the other LDAP server
<KillMeNow> which would be true if it's expecting a TLS cert
<KillMeNow> https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html
<KillMeNow> That's a tutorial on setting up OpenLDAP on Ubutnu
<KillMeNow> http://ubuntuforums.org/showthread.php?t=1197443
<quentusrex> I followed that...
<quentusrex> now I'm here. :(
<KillMeNow> that i a current forum for issues that you're experiencing
<KillMeNow> so you followed the TLS and SSL portion near the bottom?
<quentusrex> I'm going to reboot...
 * KillMeNow[A] is now away - Reason : AFK for a few
<ruben23> hi
<ruben23> can installed ubuntu-server, hanged up and freeze on formating process
<ruben23> i tried 2 sata HDD for isolation-same thing happens----->also during the hanged/freezing formatting--->keyboard blinks..
<ruben23> several time i test it same thing...
<ruben23> the object not been isolated is the memory..
<ruben23> cant installed ubuntu-server, hanged up and freeze on formating process
 * KillMeNow is no longer away : Gone for 7 minutes 21 seconds
<KillMeNow> ruben23, did you check to make sure your sata controller is compatible?
<KillMeNow> not the sata HDD, but the controller
<ruben23> KillMeNow:how would i do that..how do i check..?--->actually i already used this hardware with centos..
<ruben23> and also i have same specs with this on production using ubuntu server--->its running smooth.
<KillMeNow> https://help.ubuntu.com/community/Hardware
<KillMeNow> check that i suppose
<KillMeNow> another thing you could try is to Download the Ubuntu/Kubutnu LiveCD and try to boot up to that and see if the drives show up
<ruben23> ok
<KillMeNow> if you boot to the Live CD and you can see all your hardware, then it should be compatible... make sure you use the same versions
<ruben23> ok
<ruben23> i check its not on the ubuntu site----ubuntu liveCD..
<KillMeNow> https://help.ubuntu.com/community/GettingUbuntu
<KillMeNow> it's there Ruben23
<KillMeNow> that link has the instructions on how to Download the Live Desktop CD
<ruben23> ok doing it now
<ruben23> thnaks'
<ruben23>  KillMeNow:by for now need to sleep
<KillMeNow> sleep well
<KillMeNow> how did the reboot go Quentusrex?
<quentusrex> not well
<quentusrex> can't get ldap working at all how I want it to...
<KillMeNow> yea i dunno partner...  is this for replication or just standard client auth type stuff?
<quentusrex> standard client auth
<quentusrex> I'm just trying to get a workstation to auth to ldap
<quentusrex> and then mount the nfs drive
<KillMeNow> you might temporarilly try removing the ldap_sasl_bind from both the client and the server ldap.conf
<KillMeNow> other than that, *shrug* wish i could be more help
<metalfan_> hi
<metalfan_> what tool do you use to manage services started at boot?
<PC_Nerd101> Hi,  whats the best method for adding an NTFS partition at the end of my hard drive without using gparted (gui) ?
<KillMeNow> is there already unpartitioned space at the end of your drive?
<PC_Nerd101> no, from memory when I installed ubutntu (8.04), I used the entire disc and set it to ext3 ( so not of course samba shares cant be accessed with windows)...  so I need part of it to be ntfs
<KillMeNow> yea, no idea TBH...  have you tried google?
<PC_Nerd101> yeah - everything seems to link to gparted.
<KillMeNow> yea, dunno what to tell ya...  looks like gparted live cd is your option
<PC_Nerd101> slight catch....  no cd drive on server
<KillMeNow> you can install a driver to windows to read ext2/3 formatted drives tho
<PC_Nerd101> ( from memory.. i managed to get something setup to boot from usb, but it then had to download form the net, it wouldnt let me install from usb)..... so I'm stuch...
<PC_Nerd101> *Stuck
<PC_Nerd101> and I prefer not to have to pay around with filesystem drivers on my machine(s).. there are 3, soon to be 4 windows machines that will share to it - and its easier to have ntfs on linux ( hey.. linux is the only real os) as oposed to maintaining 4 anoyingly configured windows machines ;)
<KillMeNow> well, all i can say is download the gparted live cd, run it on your system and see if you can't convert some of the space
<KillMeNow> either that or stuff another drive in to the box
<KillMeNow> format that drive to NTFS and mount it
<PC_Nerd101> $$$ :P
<KillMeNow> LOL
<PC_Nerd101> I might look at booting into ubuntu on my current machien later on, and seeing if ... if I can mount the remote ext3 partition, if gpartition will allow me to partition it across the network... expect there will be network permission issues with it though.
<KillMeNow> i would expect that to not work PC
<PC_Nerd101> yeah - so I'm looking at having to somehow unmount the only current partition, in order to actually partition it.....
<PC_Nerd101> perhaps a network boot or something to mount it.....   I'll check back in if I've any more questions :) - thanks :)
<KillMeNow> yep
<quentusrex> Can I get some help with ldap client auth?
<quentusrex> I am trying to setup my workstation to be able to login with my ldap credentials.
<quentusrex> I have gotten to the point of being able to see all ldap users with the command 'getent passwd'
<quentusrex> but I can't seem to login with it
<rgreening> I'm looking for some advice regarding clustering? Anyone available or can someone point me to an expert :)
<rgreening> Basically, I want to set up a cluster to run a bunch of ubuntu vm's on. Like a DNS server, Mail Server, OpenNMS, etc.. all seperate vm's so I can taylor them and their usage...
<rgreening> I have 3 HP servers to start building the cluster.
<twb> rgreening: are you building a cluster for fun?
<rgreening> nope. I have a real world need for it
<twb> Hmm, perhaps you are using "custer" loosely.
<rgreening> cluster can mean 3 or 4 different things
<twb> http://en.wikipedia.org/wiki/Cluster_(computing)
<twb> By that article, what kind of cluster are we talking about?  HA?
<rgreening> yep. HA
<rgreening> so, my desire is to take the 3 servers and make a cluser (HA).
<twb> OK, I don't know about that.  I can see that the article links to Linux-HA, which I suspect will have its own channel.
<rgreening> on it, I would run an arbitrary number of vm's...
<rgreening> twb.. know anyone who would know about HA clustering?
<twb> Sorry, no.
<twb> I suggest you start digging through the linux-ha community's resources.
<rgreening> yeah, been reading up on this all day.. still no further ahead :)
<twb> rgreening: /join #linux-ha?
<ScottK> rgreening: I suspect if you talk to ivoks he'll have useful advice.
<rgreening> ScottK, twb: thanks. :)
<mattt> is there any config setting that allows you to mount all partitions w/ a particular mount option?
<mattt> to clarify, i'd rather not have to modify each partition's mount options in /etc/fstab for each box
<quizme> how do you increase the time before an ssh session starts to freeze up on you ?
<twb> quizme: ssh sessions don't freeze.
<quizme> twb: then what do they do when they stop moving?
<twb> quizme: try typing ^Q (Ctrl+q).  If that fixes it, you have accidentally enabled the scroll lock.
<quizme> k
<twb> Turn off flow conrol in your terminal emulator to avoid it in future
<quizme> it does it all the time
<quizme> like after 5 minutes
<quizme> if i'm idle
<twb> quizme: ah, then perhaps you need to turn on -o ServerAliveInterval=300
<quizme> what's that ?
<quizme> server side ?
<quizme> where do i put those options?
<quizme> client ?
<twb> ~/.ssh/config, or on the command line. (client side for both)
<twb> man 5 ssh_config
<quizme> tyu
<twb> Actually 300 *is* five minutes..
<Anirban1987> Can I install Roundcube on Ubuntu 9.04 server ?
<twb> Anirban1987: ask apt-cache policy.
<Anirban1987> twb : what is that ?
<twb> OK, instead try packages.ubuntu.com
<twb> According to http://en.wikipedia.org/wiki/RoundCube, roundcube is a PHP application.
<twb> In my experience if a PHP app is not available via the standard Ubuntu package archive (and often even if it is), it's so full of vulnerabilities that you would be mad to install it.
<twb> Hmm, but it appears roundcube *is* apt-gettable: http://packages.ubuntu.com/roundcube
<ScottK> We released Jaunty with the current roundcube believed to be secure at the time.  I don't follow it though, so no idea how it looks now.
<Anirban1987> ScottK : The current is 0.2.2.
<twb> It's in universe, so security updates aren't guaranteed anyway.
<Anirban1987> One more ques , 9.04 is named as jaunty ?
<twb> Anirban1987: ask lsb_release --all on your server.
<twb> (Yes.)
<psyferre> hey folks, can anyone answer a few quick questions about using dd to backup and restore a system?
<psyferre> I have an ubuntu server that I needed a backup for, so I used sudo dd if=/dev/sda1 ibs=4096 bs=2048 | gzip > /tmp/nms-server-dd-img.gz to dump a copy on a cifs share
<psyferre> Now i've got my fresh machine and wanted to restore the copy, so I booted up the live cd, installed smbclient and smbfs to get to my cifs share, and then used dd if=nms-server-dd-img.gz | gunzip | dd of=/dev/sda1
<psyferre> that didn't seem to do anything, so I thought maybe my backup had not gotten the MBR, so I installed ubuntu server, then loaded up the live cd again, and did the same thing.  Now the os gives me "Target filesystem does not have /sbin/init"
<psyferre> can anyone give me a shove in the right direction concerning what i'm doing incorrectly?
<incidence> How do I ban IPv6 address?
<incidence> I have it in hosts.deny but it has no effect
<incidence> "ALL: [::ffff:118.98.217.18/64]"
<howie> Can anyone tell me how to geta  subdomain to point localip/box so i can vnc it?
<ball> howie: set up a DNS
<ball> I think
<howie> well i did that
<howie> but
<howie> will that route a subdomain to different local ip?
<ball> If you want it to.
<howie> i have a working bind server and web server
<ball> brb, baby's crying
<howie> basically, i have a working bind server running and I have example.com pointing to my main box. what i want to do is have example2.com point to my second box in a way that i can host both a website and other various services on the second box.
<howie> ive read that apache2 can do this with reverse proxy, but from what i understand that only works with http traffic.
<ball> That'll be a DNS question.
<howie> ah. so i should probably ask around in a DNS channel then
<howie> Thanks a lot for your time! :)
 * ball shrugs
<ball> I'd happily answer if I had a clue about DNS in general or DNS on Ubuntu in particular
<soren> incidence: Which service are you trying to ban them from? hosts.deny does not apply universally.
<ball> hello soren, you're a blast from the past.
<soren> I am?
 * ball nods
<soren> I wonder who *he* was.
<Byron> Hello all. I got the Ubuntu Server running smoothly at home. <insert delight>
<Byron> Only issue I'm having now is that when I try to go to the site I setup, all of the php files are trying to download themselves.
<Byron> I can't access http://localhost/index.php as it tries to download rather than load in Firefox
<Byron> It's been a long time since I came across this issue and now I don't recall the solution.
<mattt> you sure the php5 module is enabled?
<Byron> I installed php5, was there something else that I needed to configure?
<mattt> check out /etc/apache2/mods-enabled
<Byron> OK
<Byron> I have php5.conf and php5.load in there
<mattt> don't know then ;)
<Byron> No worries.
<Byron> I've restarted apache to no avail
<Byron> It's midnight for me. I think I will find the answer in my sleep or possibly in the morning after some much needed sleep.
<Byron> Thank you matt. I will return tomorrow if I do not happen to get this resolved.
<mattt> Byron: sorry i couldn't have been more help :/
<Byron> mattt: It's not always about being the answer, it's about guidance. You helped remove one possible scenario. That's troubleshooting and that's helping.
<Byron> So I thank you for that, matt.
<Byron> Good night/morning/afternoon to you all.
<mattt> good night!
<NineTeen67Comet> Hello; I've got a plethora (9+) full size (some mid some full) towers running various tasks. They live under my stairs along with extra parts, cases, tools and boxes. There is room to build something, but I'm out of ideas.
<NineTeen67Comet> can anyone help with an idea on what to set them all up physically... Right now they are sitting next to and on each other. I would like them much more organized than that...
<mattt> NineTeen67Comet: get a bread rack
<NineTeen67Comet> Is that slang for a style of rack or do you literally mean find a bread rack from a grocery store somewhere second hand?
<NineTeen67Comet> I've seen some racks and what not online, but they seem very expensive.
<NineTeen67Comet> I also thought about just building some wood shelves but wood here in Japan (I'm stationed in Japan) is expencive.
<mattt> NineTeen67Comet: i think they're just generic shelves, yeah ... but can obviously hold quite a lot of weight
<NineTeen67Comet> mattt: ill look into something like that thanks for the idea...
<mattt> NineTeen67Comet: what are you doing w/ all the servers/  :)
<mattt> ?
<alexm> NineTeen67Comet: http://www.metro.com/application/Shelving are the classic metro shelves, but there are bootlegs also available
<NineTeen67Comet> Web server, media server (backend to MythBuntu), generic file/picture server (also stores movie covers for mythbuntu) and a couple backup specific boxes for me and the wife's main computers (rsynced nightly) ..
<NineTeen67Comet> I have to go take care of the baby (4 month old girl) . thanks mattt alexm I have the link open .. that's some stuff we have here I can try .. thanks ..
<kwork> is there list of installed packages in file, what i could monitor to see new installed packages ?
<_ruben> kwork: there's the output of dpkg -l ofcourse, and there's the files in /var/log/apt/
<kwork> var log apt isnt really userful
<kwork> thou maybe it could be configured
<kwork> dpkg --get-selections | awk '{if ($2 == "install") print $1}'  > /etc/apt/apt-build.list
<kwork> someone suggested that
<twb> Boot-leg shelving?
<twb> Surely boots go on shelves, no the other way around
<acalvo> Hi.
<acalvo> How can I test a SSL LDAP connection? I've tried with -Z, but it says it cannot contact de LDAP server, however it works without using SSL
<sommer> acalvo: did you turn SSL on in /etc/default/slapd?
<acalvo> yes
<acalvo> SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"
<sommer> acalvo: are you using a self-signed cert?
<acalvo> I've set up my own CA, and then create and signed a server cert
<sommer> acalvo: you might try adding TLS_CACERTDIR /etc/ssl/certs (or wherever your CA cert is located) to /etc/ldap/ldap.conf
<acalvo> sommer, good hint, let's see
<acalvo> still not working
<sommer> acalvo: you can try starting slapd in a terminal with the -1 option to see the debug output
<sommer> acalvo: also you might make sure that port 636 is open
<acalvo> and how do I check if the 636 port is open? I'm working inside a local lan
<sommer> acalvo: if you haven't configured a firewall it probably is, but also the nmap -sS IPADDRESS will show you which ports are open on a host
<acalvo> sommer, thanks
<sommer> np
<acalvo> well
<acalvo> it is not listed as open
<acalvo> neither 389
<sommer> acalvo: do you have ufw enabled?
<acalvo> but running slapd with -d 256 shows STARTLS command
<acalvo> sommer, it's a clean install of ubuntu 9.04, just to test SSL with some services
<sommer> and slapd is running?
<acalvo> well, ehm.., no
<acalvo> now it's working and it shows the ports
<sommer> acalvo: cool, can you connect?
<acalvo> nope
<acalvo> I'm reading again the community info
<acalvo> but, I've followed everything that is listed there, and is not working
<acalvo> is it mandatory to have configured the ldap.conf file in order to run ldapsearch?
<sommer> acalvo: it is if you don't want to use the "-b suffix" option
<sommer> acalvo: there's also the ubuntu serverguide: https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html
<acalvo> sommer, I'm following this guide
<acalvo> and some others
<sommer> acalvo: another thing to try is to add "TLS_REQCERT never" in /etc/ldap/ldap.conf... that basically disables the check of the server cert
<sommer> acalvo: that may help narrow down the issue anyway
<acalvo> sommer, thank you so much
<acalvo> I've just found find out the the problem is "TLS: peer cert untrusted or revoked"
<sommer> ya, using self-signed certs is a little touchy with slapd
<acalvo> sommer, so buggy, in fact
<sommer> acalvo: I'm not sure I'd say buggy... it's more that slapd has strict protocol adherence
<acalvo> yes, and I understand why
<acalvo> but they should also provide an easier way to test implementation
<acalvo> under lab enviorenments
<sommer> heh, ya the process of learning ldap and OpenLDAP server is pretty involved
<acalvo> but, I feel lost with their new way to store configuration
<acalvo> I've always end up stopping the service and editing the cn\=config.ldif file
<acalvo> ehehehe
<sommer> ubuntu server team is working on a more out of the box default configuration that provides a more "ready-to-use" directory
<sommer> acalvo: ya, the cn=config does take some getting used to... especially all the ldapadd, ldapmodify, ldapdelete options :)
<acalvo> yes
<acalvo> another thing that needs to be fixed is the PAM-LDAP integration
<acalvo> the ldap-auth-client does not work as expected
<sommer> ya, there's some work going on in that area as well
<acalvo> yip
<acalvo> I've they're doing such a great work
<acalvo> uf, I wrote without taking a look
<sommer> :)
<acalvo> sommer, well, thanks for your help, now it is working
<sommer> acalvo: no problem, glad I could help
<rsr> Hello, I am having some issues with fllash software and java. They are terribly slow and unstable when going through the proxy. I have to set up the browser to not use proxy for those sites and then things work fine. Maybe im missing a configuration?
<rsr> I am using ubuntu server 9.04 by the way
<specto> rsr: what kind of proxy are you using.
<specto> rsr: and what kind of bandwidth, upload, do you have for the proxy.
<rsr> I am using squid at the moment
<specto> rsr: are you using windows as the client?
<rsr> yes
<rsr> windows and internet explorer
<rsr> there are 53 machines on the network
<specto> rsr: sometimes flash does weird things with proxies. It could be many many problems. unfortunately I can't help right now, hopefully someone else will pipe up
<a1fa> flash tends not to use proxy
<a1fa> if there are socket connections within flash
<a1fa> such as irc client within flash
<rsr> a1fa: how come when I disable proxy things get a little better?
<rgreening> ivoks: ping
<rgreening> ivoks: ScottK suggested I ask you (as an expert) on a clustering/high-availability project I have.
<rgreening> ivoks: basically, I need to run a bunch of vm's with varied purposes (DNS, E-mail, EMS, Web) and ensure they are always reachable (always being relative of course). Basically survive failure of one node in the cluster by autostart on another node...
<rgreening> I'm only basically familiar with clustering... so any advice would be awesome.
<ivoks> hi
<rgreening> hey :)
<ivoks> ok, so... you want failover?
<rgreening> yeah, live...
<rgreening> not manual
<ivoks> right, live migration from failed node to alive one
<rgreening> but I also want to efficiently use the CPU, memory/ disk
<rgreening> which is why I think I need a cluster :)
<rgreening> I have 3 HP DL380G6 (brand new
<rgreening> each has 4GB ram, 3x300 10k SAS disks
<rgreening> internal HW RAID card for disks
<rgreening> 4xGE ports per server
<rgreening> 2.4GHz quad core CPU
<ivoks> ok
<ball> I don't have use for a cluster, but I could benefit from a more contemporary machine.
<rgreening> heh
<ball> My Ubuntu Server box is a 500 MHz Klamath
<ivoks> having three servers is good setp
<ivoks> step
<ivoks> since 2 aren't quite smart solution :)
<Byron> My continued issue is in regards to php files being downloaded rather than viewed through a browser. It appears that my /etc/apache2/httpd.conf file is empty. Is that right?
<ivoks> Byron: a2enmod php ; /etc/init.d/apache2 restart
<ivoks> rgreening: you'll need drbd+ocfs+pacemaker
<ivoks> rgreening: or... redhat cluster suite + drbd
<rgreening> cool
<Byron> ivoks: a2enmod php  -> ERROR: Module php does not exist!
<Byron> Could have sworn it was setup last night
<ivoks> Byron: you didn't install php
<Byron> ivoks: I'll install php5 again
<rgreening> ivoks: ocfs?
<ivoks> rgreening: oracle cluster filesystem
<rgreening> ah
<ivoks> ocfs2
<Byron> ivoks: php5 is already the newest version
<rgreening> is there a reason/circumstance to prefer one over the other?
<ivoks> Byron: libapache2-mod-php5 is the name of the package
<ivoks> rgreening: well, rhcs is pita to configure, but it's great stuff
<Byron> ivoks: That's also the newest version
<ivoks> rgreening: pacemaker is easier, but it didn't get real attention in ubuntu until karmic
<ivoks> rgreening: rhcs was supported clustering system in ubuntu
<rgreening> ok, I am thinking on starting with Karmic anyway... as this setup will be in test/development for a 4 month period at least
<ivoks> rgreening: and you'll have hard time finding documentation for both
<rgreening> I am all too familiar with the lack of docs... been search and researching last few days..
<ivoks> rgreening: great... then you could help us make our cluster stack rock solid
<rgreening> :P
<ivoks> Byron: a2enmod php5
<rgreening> lets make a deal. You point me in the right direction when I need a course change and I'll help with the cluster packages (since it'll benefit me anyway) :)
<Byron> ivoks: Module php5 already enabled
<rgreening> ivoks: ^ .. So, if it were you then using Karmic, oracle or red hat path?
<ivoks> rgreening: i'd use karmic, with pacemaker-openais as cluster manager and ocfs2 as filesystem on top of drbd8
<rgreening> ok. then my path is set. :)
<ivoks> and kvm :)
<rgreening> of course.
<ivoks> you might want to look at eucalyptus
<ivoks> you basicaly are asking for a cloud system
<rgreening> ivoks: is there a need to add a cloud on top of this?
<rgreening> or what advantage?
<ivoks> well, if you want load balancing...
<rgreening> if I am not talking ot other clouds or EC2 services
<rgreening> hmm...
<ball> rgreening: you get "trendy points" for using a cloud ;-)
<rgreening> lol
<rgreening> ivoks: I don't need load balancing per se but shouldn't the vm's share the CPU/memory/disk of the cluster?
<ivoks> Byron: then php is probably working
<rgreening> cluster...
<ivoks> rgreening: no
<ivoks> there are couple of clusters
<ivoks> one is high availability
<ivoks> that's what i was talking about
<ivoks> other is hpc
<rgreening> ok. my bad. I want HA not HPC...
<ivoks> that's sharing cpu/mem, but applications should be aware of that
<ivoks> so, in HA cluster, you have to designate VMs to certain servers
<ball> #hpc is a nice channel for those who are interested in that.
<ivoks> and backup solutions if those servers fail
<rgreening> ivoks: ok.
<ivoks> so, let's say vm1 and vm2 on serverA
<ivoks> vm3 and vm4 on serverB
<ivoks> vm5 and vm6 on server C
<ivoks> if serverC fails, vm5 moves to serverA and vm6 moves to serverB
<rgreening> ok..
<rgreening> and this can be preconfigured/determined right?
<ivoks> serverA doesn't know a thing about serverB or serverC
<Byron> ivoks: what would cause my php files to download rather than display?
<ivoks> it only knows their IP addresses and where to shoot if it wants to kill them
<ivoks> Byron: browser cache?
<Byron> These are all fresh boots
<ivoks> i don't get it... what can go wrong with the command 'apt-get install apache2 php5'
<ivoks> that's all that's needed to install apache with php
<rgreening> sounds reasonable ivoks.
<ivoks> rgreening: that's fail over
<ivoks> then, you'll need shared storage
<ivoks> that can be NAS or DRBD
<ivoks> DRBD is basicaly a RAID1 over network
<ivoks> version in karmic supports having three nodes in primary-primary-primary setup
<rgreening> ok, so I have 4xGE on each server. and I have 3x300GB 10K SAS drives in HW RAID in each server...
<rgreening> so I don't need an external storage array?
<rgreening> I can get one, if it will give a large perf boost...
<ivoks> well, fully redundant fiber channel or 10Gb iscsi would be a better options, but let's pretend you don't have couple of hunderts of thousands of dolars :)
<rgreening> you'd be correect :)
<rgreening> lol
<specto> 10Gb iscsi is almost never ever utilized
<rgreening> ivoks: you are awesome btw.
<specto> even with high traffic io
<ivoks> those might be even less than $100.000 :)
<ivoks> specto: right, but is faster than fiber channel
<specto> The average, according to cisco, is around 800kbps, so really 1Gb is only needed, max 2
<ivoks> specto: ?
<specto> note I would rather have 10Gb :P
<specto> ivoks: I was in a super long meeting with cisco, netapp, and vmware yesterday....
<specto> ivoks: I don't understand why they promote NFS as the best solution....
<ivoks> and they said you need only 800kbps to you disks? :)
<ivoks> your
<ivoks> i want gigabits :)
<specto> They said that's the customer average
<specto> and mbps not kbps sorry
<ivoks> ah...
<ivoks> ok... so
<ivoks> local disks are still the fastest thing
<specto> true that
<ivoks> drbd will make them slower, but that's something rgreening will have to accept if he wants high availability
<specto> true, it's not too bad though if you have decent bandwidth.
<rgreening> ivoks: 4xGE..
<ivoks> right, he could bond ethernets to form 2Gbps link
<rgreening> so, do I need to seperate the drbd ports from the regular vlan ports?
<ivoks> switch between them is gigabit?
<specto> rgreening: it's a good idea, or even seprate switches because you need high availability and the least amount of chatter
<specto> and see if you can turn on jumbo frames for just that particular vlan
<rgreening> yeah, I'll have a Cisco 37xx GE or 4xxx GE
<specto> that'll work
<ivoks> so, keep in mind
<ivoks> drbd link - for block device sync; you can use the same link for ocfs2 sync
<ivoks> cluster link - for communication between nodes
<ivoks> and wan
<specto> ivoks: lost me on that one :P
<ivoks> where exactly? :)
<rgreening> so, 2xGE drbd/ocfs2, 1xGE cluster link, 1xGE wan/intenet/core vlans..
<specto> ivoks: I hadn't heard of ocfs2
<ivoks> oracle cluster file system v2
<ivoks> rgreening: right, you could use drbd/ocfs/cluster on same link
<ivoks> rgreening: and then bond them, making them faster and allowing for failover
<ivoks> if cable or network card dies
<rgreening> ivoks: ok, if I bond them, they can't go to different switches though, correct...
<ivoks> sort of...
<specto> And do what my employer does, dual power supplies, dual power source, mirrored switches....
<rgreening> I have 2 DC PWS in each.
<rgreening> and a DC plant, double deisal generator as well
<rgreening> :)
<ivoks> you should look at ifenslave modes
<rgreening> ivoks: ok. cool
<rgreening> ivoks: where are you located?
<specto> Nice, for some reason they have 3 battery backups, 2 for each line, and a third to back the other two up, with a diesel generator as well
<ivoks> croatia
<rgreening> cool
<specto> and the building can withstand hurricane level winds
<ivoks> mode 2 could be interesting
<ivoks> i think that could work with different switches
<rgreening> ivoks: you have been such a huge help.
<specto> (note this is the health care industry, people could die if it went down)
<rgreening> ty ty ty ivoks :)
<ivoks> :)
<ivoks> XOR policy: Transmit based on the selected transmit hash policy. The default policy is a simple
<ivoks> (source MAC address \oplus destination MAC address) % n_{slaves}
 * rgreening owes ivoks beers 'n food 'n stuff :)
<specto> ivoks: how do you know so much!?
<ivoks> or x% of your earnings on the project :)
<ivoks> specto: i don't, really :)
 * rgreening is trying to save his job/career by doing this, as well as the jobs of the rest of the office.
<ivoks> hehe
<rgreening> :)
<specto> ivoks: I can't remember all of that stuff off the top of my head.  Guess I better keep working on that
<ivoks> well, i used google to find out the node number for ifenslave
<rgreening> ivoks: I am waiting to mount the servers. I assume, a default Ubuntu Server install is the correct path.
<rgreening> and go from there
<ivoks> and i've been working on cluster stack for month or two, so it would be funny if didn't know at least that
<ivoks> rgreening: sure
 * mathiaz waves at ivoks 
<rgreening> ok. I guess I need to join the server team :)
<ivoks> mathiaz: o/
<rgreening> hah
<ivoks> rgreening: but, really, if you are planing on using ha cluster only for VMs
<ivoks> rgreening: you should invest some time in learning eucalyptus and ubuntu cloud strategy
<ivoks> i haven't looked at it yet, so i don't know details, but it might be what you are looking for
<rgreening> ivoks: would it still use the base stuff we already talked about?
<ivoks> i don't know
<ivoks> i have no idea what eucalyptus does exactly
<rgreening> ok... hehe
<uvirtbot> New bug: #397699 in samba (main) "samba fixes for roaming profiles introduce regressions" [Undecided,New] https://launchpad.net/bugs/397699
<ivoks> it's cloud :D
<rgreening> do you know who the expert to ask is?
<ivoks> ...anyone deploying eucalyptus? or knows what it does?
<rgreening> hehe
<ivoks> i'm sure there are
<ivoks> erichammond could give you some info about what cloud really is
<ivoks> i see him bloging about clouds all the time
<Byron> How do I setup FTP on my Ubuntu 9.04 LAMP server?
<kim0> mathiaz: Hi there .. I was looking for a Hardy preseed file to allow degraded raid1 installation .. and was told you have the needed magic .. :)
<ivoks> https://help.ubuntu.com/9.04/serverguide/C/ftp-server.html
<Byron> Thanks ivoks
<mathiaz> kim0: hm - hardy may be more complicated
<kim0> mathiaz: ick .. thought so :
<mathiaz> kim0: setting up a preseeded raid installation requires the use of partman-auto-raid
<mathiaz> kim0: which is in universe for hardy: http://packages.ubuntu.com/search?keywords=partman-auto-raid
<mathiaz> kim0: that means the udeb is not on the installation media
<kim0> mathiaz: I am rebuilding the iso anyway
<mathiaz> kim0: how do you plan to install your systems? via cdrom or network?
<kim0> cdrom
<kim0> I can drop in the udeb and rebuild it no problem
<mathiaz> kim0: well - if you rebuild the iso, then you have to put partman-auto-raid in the cdrom
<kim0> and then you have the string needed in the preseed file ?
<mathiaz> kim0: http://paste.ubuntu.com/214903/
<kim0> mathiaz: perfect thanks a lot
<mathiaz> kim0: this is working correctly for intrepid+
<mathiaz> kim0: so the preseed strings may be different with the version of partman-auto-raid in hardy
<mathiaz> kim0: I've never tested partman-auto-raid in hardy - it may be broken :/
<kim0> oh .. hope it works then :/
<kim0> mathiaz: that one is not degraded is it
<kim0> it has 2 disks
<kim0> mathiaz: do I just delete one disk and decrement the count of devices <devcount> ?
<mathiaz> kim0: right - I've never tested installing a degraded raid array
<mathiaz> kim0: I don't know if partman-auto-raid or the installer would support that use case
<mathiaz> kim0: cjwatson may have a clue on this one
<kim0> mathiaz: okie then .. thanks again
<cjwatson> mathiaz: we sent him to you ;-)
<cjwatson> the installer is supposed to support it
<cjwatson> I just don't have recipes to hand
<mathiaz> cjwatson: ah ok. I've pasted a recipe that does it a raid installation
<cjwatson> I think 'mdadm mdadm/boot_degraded boolean true' is the rune
<cjwatson> but I don't know exactly what to do at the partman level
<mathiaz> cjwatson: I wasn't sure if the installer would actually install a degraded system - ie one of the disk is not there
<mathiaz> cjwatson: right - me neither. I've never tried to preseed a degraded install
 * cjwatson holds nose and looks at partman-auto-raid
<cjwatson> it looks as if it should let you simply by leaving out device names
<cjwatson> https://help.ubuntu.com/9.04/installation-guide/i386/preseed-contents.html and search for partman-auto-raid
<cjwatson> if the number of devices you give is smaller than devcount, I think it will come out degraded
<cjwatson> but you may need 'mdadm mdadm/boot_degraded boolean true' to arrange for the system to boot properly afterwards
<cjwatson> kim0: ^-
<cjwatson> this is entirely untested, and as mathiaz said you will need to include partman-auto-raid
<kim0> cjwatson: perfect .. so I'll drop in the udeb, respin the iso, use mathiaz's recipe and if the moon-phase is right, it should work
<kim0> that's great .. thanks folks :D
<kim0> use the recipe with only one disk that is
<Illusion> Hello Folks, I have a question about PXEBOOT/tftpboot in Ubuntu 64 8.10 server edition. Is it possible to boot up Windows CD's (unattended). I can boot Linux images (Knoppix Live/Ubuntu Live/Gparted) without any problems but Windows kernels don't like me. Anybody has a an idea to resolve such issue's. I know it's a lot easier to use a Windows server with RIS to remote install client machines.
<Illusion> ow, the kernel won't load. It just gets stuck. Anybody has a guideline for that maybe?
<ivoks> last time i installed windows, there was no ubuntu :)
<rgreening> ivoks: I started a page to track my clustering work. I used the spec template, so that if in the future we need a spec to help improve some aspect of this solution for karmic (or +x) we can use it. It's located here: https://wiki.kubuntu.org/rgreening/clustering
<ivoks> ok
<ivoks> i just managed to compile pacemaker with corosync/openais 1.0
<ivoks> that would be a big milestone
<rgreening> ivoks: ty again for setting me down the correct path for what I needed.
<ivoks> np
<ivoks> keep an eye on https://edge.launchpad.net/~ubuntu-ha/+archive/ppa
<rgreening> cool. will do.
<ivoks> this will end up in karmic, eventually
<ivoks> but we use ppa for testing
<kim0> cjwatson: mathiaz: as I try that .. I get "The installer failed to process the preconfiguration file" .. zero mention of what's actually wrong ?
<rgreening> yeah, we do the same for Kubuntu
<rgreening> ivoks: I was a server guy many moons ago. Then a desktop dev... getting back to server with this cluster :P
<cjwatson> kim0: syslog may say
<cjwatson> in fact I'm pretty sure it will
<Illusion> Is anybody able to answer my question? I hope im not impatience in your eyes.
<cjwatson> Illusion: I'm not sure about impatience, but I suspect the problem is simply that folks here are not by and large terribly familiar with the intricacies of Windows. Wouldn't it be better to ask somewhere Windows-oriented?
<Illusion> cjwatson: Well yes, but since I use a linux server i guess that's not an option. Windows Servers have a RIS server for that which is Pxeboot/tftpboot in linux.
<ruben23> hi please check my error http://pastebin.com/md3f68fe
<ruben23> anyone can help on this
<specto> ruben23: pastbin  >  cat /etc/apt/sources.list
<ruben23> ) specto:  http://pastebin.com/m2a2f3fc7 <-----------this is the output, this a newly installed
<specto> ruben23: looks normal.
<specto> ruben23: have you updated yet?
<specto> ruben23: apt-get update
<ruben23> specto: havent yet
<specto> ruben23: do that, and then apt-get install apache2
<ruben23> i wont like to update- to not install unecessary packages
<ruben23> apt-get update will install unecessary not needed packages right..?
<specto> no
<specto> ruben23: update updates the package lists
<specto> ruben23: you must do this
<specto> ruben23: upgrade installs updated packages, only packages that are already installed
<ruben23> ok
<ruben23>  specto: i got this ouput-------->  http://pastebin.com/pastebin.php
<ruben23> is this updated..?
<karstedt> Hello, i am attempting to use apache to forward incoming traffic from different subdomains to different ports on internal server and not having much luck
<karstedt> Ive got it to redirect flow to port 8080 however i cannot seem to get it to access /var/www/ from regular domain any more
<specto> karstedt: sorry, don't know much about apache
<karstedt> do you know of something else that would do what i am looking for?
<specto> karstedt: I know you can do this with apache
<karstedt> yeah, partially set up but not functioning right
<specto> karstedt: I use lighttpd web server, but all of it invovles changing configuration files.  Sounds like you may not have the server root or whatever apache calls it set.
<karstedt> not suer how to do that, DocumentRoot is set to /var/www/
<karstedt> just gives me back a blank page when i access it though
<specto> Where are you setting it to port 8080? or are you simply doing a redirect?
<karstedt> reverseproxy / 192.168.1.100:8080
<karstedt> with server name media.example.com
<karstedt> so it should foreward all traffic with media subdomain to port 8080 internally
<karstedt> and it does that fine, however i cannot get it to direct traffic from www.example.com to /var/www/ root
<specto> Ah I see, a proxy, couldn't help you there, no idea how apache does this.
<karstedt> me either, ;)
<specto> doesn't seem like you would want to use a reverseproxy though
<specto> you want to create a virtualhost
<karstedt> it is a virtual host w/ Proxy Off
<karstedt> so no one can piggy back off my server
<specto> Anyone else want to take a gander?
<karstedt> <VirtualHost 192.168.1.100:80>
<karstedt> ServerName media.karstedthome.com
<karstedt> ProxyRequests off
<karstedt> ProxyPreserveHost on
<karstedt> ProxyPass / http://192.168.1.100:8080/
<karstedt> ProxyPassReverse / http://192.168.1.100:8080/
<karstedt> </VirtualHost>
<karstedt> <VirtualHost 192.168.1.100:80>
<karstedt> DocumentRoot /var/www/
<karstedt> ServerName karstedthome.com
<karstedt> </VirtualHost>
<karstedt> <VirtualHost 192.168.1.100:80>
<karstedt> DocumentRoot /var/www/
<karstedt> ServerName www.karstedthome.com
<karstedt> </VirtualHost>
<specto> !pastbin | karstedt
<ubottu> Sorry, I don't know anything about pastbin
<specto> !pastebin | karstedt
<ubottu> karstedt: pastebin is a service to post multiple-lined texts so you don't flood the channel. Ubuntu pastebin is at  http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from  command line | Make sure you give us the URL for your paste - see also the channel topic
<karstedt> hmmm ok
<specto> karstedt: just don't paste configuration files here, put them on pastebin and give me the link, easier to read, no scroll-back etc
<karstedt> !pastebin http://paste.ubuntu.com/214964/plain/
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<karstedt> like that?
<specto> just the link
<karstedt> ok
<karstedt> any one have ideas about how to get this accomplished?
<karstedt> is there anything wrong with my virtual host file?
<specto> trying to figure it out
<specto> Is it just media that is doing this?
<karstedt> media is the only one functioning properly atm
<karstedt> other domains wont access /var/www/
<karstedt> only have one file in there atm test.php to see if its working properly or not
<specto> Virtualhosts generally point somewhere else, not the same location
<specto> Why else would you need a virtual host?
<specto> oh sorry was looking at the wrong conf file
<karstedt> ;)
<specto> instead of putting an IP why not put *
<specto> no port either as long as you have listen 80 in your conf
<karstedt> ill try that, i think its listening on all ports but router is only open on 80
<karstedt> same issue media goes where it should and www and @ jsut sit there
<karstedt> actually @ sends to port 8080 too for some reason lol..
<KillMeNow> http://articles.slicehost.com/2008/4/29/ubuntu-hardy-apache-virtual-hosts-1
<specto> http://httpd.apache.org/docs/2.0/mod/mod_proxy.html
<karstedt> first article helped condense the code a bit with serveralias , forgot about that command however still wont access files in /var/www/
<karstedt> and if permissions are not set right apach gives you the forbidden error so i dont think thats it
<specto> sorry :S
<specto> you could try #httpd
<karstedt> that file is blank idk
<specto> karstedt: try the #httpd channel, they might be able to help you better.
<karstedt> ok ty
<dsandage> Networking/Install Problem: Using 8.04.2, accross multiple machines, same result = with two NICs installed, I can recieve DHCP, and then recievce ONE ping reply, at which point I experience no further network traffic.
<specto> dsandage: weird.
<dsandage> Agreed.
<dsandage> It has done this EVERY time I have isntalled on a machine with two nic's, I only have one connected to the network even.
<mathiaz> zul: do you have any idea where debian/patches/57-fix-mysqlslowdump-config.dpatch comes from?
<mathiaz> zul: or which bug it fixes?
<mathiaz> zul: I'm refering to the mysql-dfsg-5.0 package
<zul> mathiaz: refresh my memory can you pastebin the patch?
<mathiaz> zul: http://paste.ubuntu.com/214984/
<zul> mathiaz: not from me afaik
<dsandage> also, removing secondary nic consistently resolves problem
<dsandage> but now I need the second nic
<zul> mathiaz: https://bugs.edge.launchpad.net/ubuntu/+source/mysql-dfsg-5.0/+bug/183762
<uvirtbot> Launchpad bug 183762 in mysql-dfsg-5.0 "mysqldumpslow doesn't work" [Low,Triaged]
<NorthByNorthWest> Hi all! I installed a Ubuntu Server in my desktop in a vbox-machine... now i have bought and installed a dedicated server computer with Ubuntu Server Edition... can I simply move my virtual harddrive from my desktop to the new server and start up the virtual machine?
<NorthByNorthWest> Ubuntu server documentation doesnt seem to mention vbox in particual...
<specto> NorthByNorthWest: probably
<specto> NorthByNorthWest: :P
<NorthByNorthWest> specto: thanks ;)
<specto> NorthByNorthWest: you may need some configuration files though
<NorthByNorthWest> The official documentation, ChapterÂ 17.Â Virtualization, lists libvirt / JeOS / Eucalyptus / OpenNebula... are they alternatives to vbox? which one to choose?
<specto> libvirt is a virtualization library, JeOS is a stripped down kernel for virtualization playforms, Euctalyptus is a Cloud computing platform, I would just use vbox.
<specto> or you could use xen, or kvm, with an ovirt or convirture front end
<Bookman> How would I get through to a computer behind a router, behind a router, behind a modem?
<happy> port forwarding
<happy> you need to login to your router/modem through the web interface. then look for the part about "port forwarding"
<Bookman> happy: yeah, I thought I tried that....still doesn't seem to work
<happy> Bookman: then you did it wrong
<Bookman> I set my computer to be on the dmz of my first router.
<Bookman> my second router is hooked to my first router via the WAN port
<Bookman> I forwarded port 22 to my second router
<Bookman> And yet it still times out when I try to access
<happy> Bookman: there are multiple reasons for that. What model is it?
<qman__> Bookman, the outer router needs to have the inner router set as the DMZ
<Bookman> ah.
<qman__> then the inner router needs to forward the port to your computer
<Bookman> Dlink DIR615 is first router
<Bookman> Belkin_Pre-N_530200 is the second router
<happy> Bookman: listen to qman__ :-)
<Bookman> working
<Bookman> qman__: hmmm, still no luck.  Still times out
<happy> is ssh on?
<happy> i mean the ssh server
<Bookman> yes, it worked before I added the second router
<happy> Bookman: how could you hold back info like that :-P
<happy> this means the issue is with the second router
<Bookman> Sorry!:)
<Bookman> Ok, how to diagnose?
<Bookman> I set my computer as the dmz on the second router still time out
<Bookman> Ok, no worries.  For what ever reason, it is working now.
<Bookman> Thanks for the tips and help!
<Bookman> I've actually turned off the dmz on the second router and used port forwarding.  Still works and I'm pretty sure more secure
<qman__> yeah, it's advisable to not use the DMZ setting whenever possible
<qman__> also, when running an internet-facing SSH server, make sure you don't have any guessable user/password combinations, there are bots that just scan the internet for open SSH servers
<qman__> I get lots of dictionary attacks regularly, and I don't even have a static IP
<qman__> I configured iptables using the recent module to slow brute forcing to a crawl
<specto> I use denyhosts despite some others disliking it, I enjoy seeing an easy overview of blocked ips
<Bookman> qman__: understood.  I use denyhosts.
<Tumie> i'm going to install a server
<Tumie> :D
<Tumie> for the people who want to monitor their server: use ssh + conky :)
<jpds> Tumie: What happened to Nagios/Munin?
<Tumie> jpds: no idea :p
<Tumie> but conky = realtime on your desktop :)
<Tumie> saw an article about it, @ dutch linux magazine
<KillMeNow> specto:  there are brute force IPTable rules you can make that will block ssh attempts after X number of connections
<specto> KillMeNow: I know.
<KillMeNow> ahh ok
<specto> I like denyhosts because I don't want to further mangle my iptables and I like the logging for denyhosts
<KillMeNow> i hear ya
<Galbadore> Need a tarball and apt-get install expert.
<Galbadore> Question: I installed a apt-get package and installed a .tar, same package. I want to clean out the config for both. How do I accomplish this?
<happy> Galbadore: delete the config file?
<happy> ScottK: why use port nocking when you can use spa?
<ScottK> I don't even know what that is and I'm pretty sure I'm good with that.
<happy> ScottK spa is single packet authentication. It is a secure replacement for port knocking
<ScottK> OK.  It sounds less scary.
<happy> lol
<Byron> If I have my ubuntu server behind a router, do I follow the steps to configure a static IP within the ubuntu server?
<KillMeNow> well, if you plan on port forwarding i would suggest it
<KillMeNow> you can grab it's mac address and have it DHCP using a reserved address
<KillMeNow> i hvae one of my servers doing that from a MS DHCP server
<Byron> thanks KillMeNow
<KillMeNow> welcome byron
<uvirtbot> New bug: #396026 in sysstat (universe) "sadc "double free or corruption"" [Undecided,New] https://launchpad.net/bugs/396026
<uvirtbot> New bug: #396027 in mysql-dfsg-5.0 (main) "mysql appears to be installed twice :( !" [Undecided,Invalid] https://launchpad.net/bugs/396027
<uvirtbot> New bug: #397876 in php5 (main) "define() not working as intended" [Undecided,New] https://launchpad.net/bugs/397876
<Byron> KillMeNow: That worked like a charm, as expected I suppose.
<Byron> Now I need to figure out the on-going issue with php files being downloaded.
<KillMeNow> php files being downloaded?
<sseiersen> does jaunty support hot swap PCI?
<sseiersen> and hotswap SCSI drives?
<sseiersen> pretty much everything as hotswap?
<KillMeNow> no idear
<sseiersen> :/
<KillMeNow> i mean, i have servers right now that have hotswappable back plane for scsi drives
<sseiersen> anyone here atm?
<KillMeNow> but that's probably handled by the hardware raid controller
<sseiersen> I got HP ProLiants where everything is hot swap
<KillMeNow> sorry sseiersen
<sseiersen> Including the processors
<KillMeNow> yea, i have Dell 1750's
<sseiersen> YAY Dell!
<KillMeNow> nope, the proc's on my Dells aren't
<sseiersen> Im buying a few soon
<KillMeNow> but the powersupplies and the drives are hot swap
<sseiersen> Mine are
<sseiersen> I can drop in a new processor willy nilly
<sseiersen> :]
<KillMeNow> that's pretty pimp
<sseiersen> Indeed
<sseiersen> I bought about 10 ProLiants from a government liquidation
<sseiersen> :]
<KillMeNow> wow, lucky you
<sseiersen> Former Dept of Transportation servers
<KillMeNow> i don't have the cash reserves right now to hit the Gov't auctions
<KillMeNow> i bought my Dell's from a mortgage company that went belly up last year
<sseiersen> Mine were $12 a pop
<sseiersen> Love them
<sseiersen> Dual P3's
<sseiersen> Loud as hell tho
<KillMeNow> they were pretty new, bought the rack, Rack mount KVM & keyboard, servers and UPS for $600
<KillMeNow> heh, i gots the dual Xeon's
<sseiersen> nice
<KillMeNow> 3.06 ghz
<sseiersen> I plan on buying more eventually
<KillMeNow> but i'll tell ya, my power bill went up over 50%
<sseiersen> :]
<KillMeNow> buggers SUCK the juice
<sseiersen> Good ol' power
<sseiersen> Mine take 60Wph
<KillMeNow> yea, i need to throw up some solar panels
<sseiersen> Really low
<KillMeNow> yea, i am not sure what the 5 suck up
<KillMeNow> i could look on the back if i were so inclined
 * KillMeNow[A] is now away - Reason : AFK for a bit
#ubuntu-server 2009-07-11
<sseiersen> :O
<uvirtbot> New bug: #398033 in bind9 (main) "package bind9 1:9.6.1.dfsg-2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [High,Triaged] https://launchpad.net/bugs/398033
<sseiersen> :O
<sseiersen> Oh noes
<U2GB> Hi, can I make chroot with openssh-server on ubuntu 8.04 server?
<qman__> U2GB, yes, it requires additional software though
<U2GB> ok, I get this message when I restart ssh service "ChrootDirectory is not allowed within a Match block"
<U2GB> do you now what software?
<qman__> I use jailkit  http://olivier.sessink.nl/jailkit/index.html#download
<U2GB> ok thanks
<sseiersen>   
<sarthor> Hi, Hi, i am trying to configure linux computer with multi isp, having shorewall-perl 2.4.10, but there is error, all of my configuration are here, http://pastebin.com/m283087d6 Error says eth1 is not usable.
<brunokrebs> hi there
<brunokrebs> if my firewall rules are empty, and I type "iptables -P OUTPUT DROP" this will revoke any rules about outputs that I might add after that?
 * ball stares blankly
<qman__> no
<qman__> that will cause it to drop all traffic unless rules specify otherwise
<qman__> if you want to clear all your rules, use "iptables -F"
<brunokrebs> yes, thanks
<brunokrebs> I asked that because I was reading a book that have some examples
<brunokrebs> but the examples are not working properly
<brunokrebs> and I thouth it could be that first rule that they told me to put
<brunokrebs> that is drop from the three chains
<brunokrebs> but I made a few tests now and I could find that other rules can revoke this drop all first rule
<brunokrebs> thanks again
<brunokrebs> thought*
<brunokrebs> ok I was able to, after setting the firewall to drop all from all chains, ping the localhost adding a few rules
<brunokrebs> like: "iptables -A INPUT -i localhost -j ACCEPT" and "iptabls -A OUTPUT -j ACCEPT"
<brunokrebs> but I can't accomplish to enable access to a server outside, like google
<brunokrebs> how would I do that?
<ball> How do I tell Ubuntu Server which ntp server to use?
<duvnell> I'm currently booted from my old drive on /dev/sda1 .. I've now mounted my new drive's partition, /dev/sdb1.  Now I want to install grub on sdb1 because I'm about to remove the old drive on sda ... so when it boots next, the new drive will be sda...   How do I install grub on sdb?
<Dustan> Hey guys, I'm pulling out my hair here, hoping someone can offer some solutions to my issue.
<Dustan> I am moving a site from a managed host to a vps
<Dustan> I am running ubuntu 8.04 on my vps
<Dustan> on of the sites I am moving over uses a form/php script to email my client when they want a quote
<Dustan> http://www.harrysflooring.com/contact.html
<Dustan> php file processing the form
<Dustan> http://pastebin.com/d43357a34
<Dustan> I set up a simple lamp server and planned to use google apps for email
<Dustan> How can I make this function without the fun of setting up a full blown mail server on my vps
<Dustan> ? 1,000,000 internet points to man/lady who can save my day
<ball> Dustan: why not have it dump them to a flat file and use something like logrotate to chop that up for downloading via rsync or sftp?
<ball> Hang on though, you wouldn't need a main /server/, just a scriptable mail user agent
<ball> (something like the ancient Berkeley mail program, which could mail text from standard input)
<Dustan> here is the thing, I am a very young server admin, less than a year, so some of this stuff is way over my head. I am getting a grasp of things though.
<Dustan> would installing postfix fix my problem>
<Dustan> the form/php functioned fine on my managed host
<ball> No
<ball> At least, not without potentially introducing many more.
<Dustan> I see.
<Dustan> It's funny, when I found google apps I though that all my email nightmares were over.
<ball> Mail wouldn't be my choice.
<ball> Does your VPS have any kind of database on it?
<Dustan> mysql
<Dustan> it's a linode, it can have whatever we want
<ball> Just tuck them away in a table somewhere and add an admin interface that lets your customer click a button and download the lot.
<Dustan> what about  ssmtp
<ball> putting mail on your Web server is a bad idea in my opinion because of what could happen when your VPS is compromised
<Dustan> What he like about the email was I could have the email cc'd to his cell xxx-xxx-xx@phoneservice.com
 * ball shrugs
<Dustan> he could call the contact from his worksite
<ball> He'll like that until the spammers hit.
<Dustan> captchas?
<ball> Anyone here happen to know how to ask an Ubuntu Server box to suspend?
 * ball gives up and goes to bed.
<orogor> hi here
<orogor> anyone may help me to switch from a single drive install to a raid 10 install using only 4 drives?
<qiyong> i lost my clipboard, what is its widget name?
<qiyong> i lost my clipboard, what is its widget name?
<Speedy059> root@changeme:~# apt-get install yum
<Speedy059> Reading package lists... Done
<Speedy059> Building dependency tree... Done
<Speedy059> E: Couldn't find package yum
<Speedy059> root@changeme:~#
<Speedy059> How do you install YUM?
<Speedy059> Wont work for me :/
 * RoyK slaps Speedy059 
<RoyK> orogor: switch?
<RoyK> Speedy059: alias yum='apt-get'
<RoyK> orogor: there are several ways to do that. I'd recommend backup/reinstall/restore
<freelancer4> hey guys, i have acoupple of questions in ragards to replacing m$ sbs, with ubuntu, im starting at the base, and wanting some good hints / tips on building a working openldap + samba setup
<RoyK> freeflying: ask away - about openldap + samba, try google
<Speedy059> When I install KDE, ubuntu-desktop, VNC..when I connect VNC all I get is a command prompt and a black/white screen with now desktop. Any ideas?
<RoyK> Speedy059: on a server?
<NorthByNorthWest> Hi! Need som help with server and vbox... I have installed a Ubuntu Server Edition with everything that I need on my desktop computer, works really well! Now I want to migrate the VM-server to a dedicated server computer running Ubuntu Server Edition...
<NorthByNorthWest> which is the best way forward? I installed the virtualization options on the ubuntu server, but does that give me the option to simply move the virtual harddrive file and boot my virtual machine?
<avalonstable> hi folks, is pam required for kerberos?
<avalonstable> or is it enough to manually create a ticket (kinit) and login with that
<J_5> is their a command to tell me what version of some of the packages I have are (apache, open-ssh etc.) ?
<jmarsden> J_5: dpkg-query -W apache2 openssh-client # etc
<J_5> sweet, thank you.
<jmarsden> No problem.
<Byron_> Hello everyone. Thank you all for your help in getting my Ubuntu LAMP server setup. It's running, I can SSH to it from my phone (G1), FTP from my desktop and netbook, but I can't access the index.php file as it tries to download rather than display.
<Byron_> What would cause this to happen? All appears to be installed and running for Apache and php5
<Byron> when I use 'curl -i http://My.Own.IP.Address' I get the contents of what would display online, but my browser keeps trying to download the index.php file as opposed to displaying it on the browser.
<Byron> So it seems that I can only view the contents when I use a browser as root
<Byron> Is there a way around this (leaving it as root:root) or should I chown it to $USER:$USER?
<Byron> So it seems that chown'ing to $USER:$USER was the solution for /var/www
<Byron> www was set to 755, if that doesn't add some oddity
<jaredster> can somebody help me with cupsys?
<jaredster> https://help.ubuntu.com/6.06/ubuntu/serverguide/C/cups.html
<jaredster> this tells me to edit my /etc/cups/cups.d/ports.conf, but it doens't exist
<jaredster> even after I installed cups, cupsys, and cupsys-client
<heath|home> you're using 6.06?
<jaredster> no, ubuntu server 9.04
<jaredster> yeah i saw that
<jaredster> following this one now https://help.ubuntu.com/9.04/serverguide/C/cups.html
<jaredster>  it still says to look for /etc/cups/cups.d/, but the directory doesnt seem to exist.
<jaredster> heath|home, do you have any idea?
<heath|home> I'm not sure why it wouldn't be there. Do you want me to pastebin mine?
<jaredster> yes please
<heath|home> jaredster: did you install cups-common?
<jaredster> yes
<heath|home> There is 17 files in /etc/cups
<jaredster> etc/cups$ ls
<jaredster> acroread.conf       mime.convs      oopstops.types  pstopdf.convs  snmp.conf
<jaredster> cupsd.conf          mime.types      pdftops.conf    raw.convs      ssl
<jaredster> cupsd.conf.default  oopstops.convs  ppd             raw.typ
<heath|home> that's everything I have
<heath|home> here are the packages I have installed: http://pastie.org/542573
<jaredster> I'm kind of new to this.  I'm installing this for the house.
<jaredster> Isn't cups.d supposed to be a directory
<heath|home> jaredster: are you installing a server for your house?
<jaredster> yep
<heath|home> jaredster: look into ebox, it makes all this stuff a breeze
 * ScottK encourages continued learning about how the system works.
<heath|home> I think it's even in the guide
<jaredster> I've already invested too much time into this
<jaredster> I don't think I'm going to install an other distro
<jaredster> this is just one of the few things I'm trying to set up really
<heath|home> well, ebox runs on ubuntu. It looks like everything you need is in the dir, what exactly is not working?
<jaredster> no cups.d directory, the ubuntu guide tells you to edit files in it
<jaredster> /etc/cups/cups.d/ports.conf
<heath|home> I don't have that dir either...
<jaredster> weird
<jaredster> and yours works fine?
<heath|home> nor do I have that file
<jaredster> so that guide is wrong then
<heath|home> jaredster: http://www.debianadmin.com/setup-cups-common-unix-printing-system-server-and-client-in-debian.html
<jaredster> thanks heath|home
<jaredster> i'll try that
<heath|home> That explains what cupsd.conf needs
<jaredster> thanks heath|home
<jaredster> the main page is up now
<heath|home> you get it going?
<heath|home> nice!
<jaredster> yeah, except now I'm getting a 426 error
<jaredster> upgrade requierd
<jaredster> required*
<jaredster> btw I'm setting this up over the internet
<heath|home> That's always the best way to do it!
<jaredster> lol
<jaredster> I mean the server is in an other state
<jaredster> so that's always fun
<jaredster> openssh ftw
<jaredster> i'm getting an "426 Upgrade Required" whenever I try to access anything other than the main page.
<heath|home> main page being site:631 ?
<jaredster> yes
<jaredster> but if I access server:631/admin I get the error.
<jaredster> then it trys to redirect me to the lanip:631, which won't work because I'm not on the network.
<heath|home> http://desk.stinkpot.org:8080/tricks/index.php/2007/05/cups-problems-426-upgrade-required/
<jaredster> yeah I tried that, people are saying that removing the encryption fixes it
<jaredster> which is not the case here.
<heath|home> looks like you just need to add two lines for configuring remotely
<jaredster> which lines?
<heath|home> jaredster: did you try using https://
<jaredster> wow that worked
<jaredster> thanks!
<heath|home> security is #!
<heath|home> **1
<jaredster> lol
<jaredster> so I'll be there tomorrow and I'll hook up the printer
<uvirtbot> New bug: #398272 in dovecot (main) "New upstream version" [Undecided,New] https://launchpad.net/bugs/398272
<jaredster> one more question heath|home, do you recommend samba or bonjour for sharing this printer to a windows pc?
#ubuntu-server 2009-07-12
<Speedy059x> sudo apt-get install kubuntu-kde4-desktop and installed VNC - But when I log into the server all I get is a command prompt and a black/white background. Has anyone ever run into this?
<ScottK> Speedy059x: Your on Hardy?
<Speedy059x> jaunty
<ScottK> OK.  Well for Jaunty, just use kubuntu-desktop.
<Speedy059x> I did
<Speedy059x> sudo apt-get install kubuntu-kde4-desktop
<Speedy059x> then I install vnc
<Speedy059x> I tried installing kubuntu separate from KDE as well
<Speedy059x> still the same strange results
<ScottK> Note the difference between what I said to use and what you said you used.  I doubt it makes a difference, but it's a place to start.
<Speedy059x> I think it's the same, but regardless I tried both when I installed kubuntu-desktop and kde separatel
<ScottK> I've never tried VNC, so no idea if it works.
<Speedy059x> first time as well...CentOS it's easy to install but i'm not to familiar with Ubuntu
<Speedy059x> I thought Ubuntu was more GUI like that CentOS, thought it would be easier ;)
<Speedy059x> than centos*
<ScottK> Not servers.
<ScottK> We do have ebox for GUI like server management, but no real GUI (by design).
<Nafallo> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<Nafallo> :-)
<jaredster> ubottu
<jaredster> i might try ebox
<jaredster> is it easy to install?
<jaredster> and can I install it over ssh?
<jaredster> what do you think Nafallo
<Nafallo> jaredster: I've never used ebox
<jaredster> alright
<fenix_br> the time to run the command smbldap-populate, shows the error "failed to add entry: objectClass: value #4 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 87."
<quizme> does anybody know why only one vhost would work ?  the 2nd, 3rd and vhost conf files are being ignored.
<Speedy059x> When I install kubuntu-desktop with VNCServer....I login via vnc and all I see is command prompt terminal and all black/white and a big X for a cursor..any ideas?
<fbc-mx> How can I limit my apache server resources?
<fenix_br> please help me I could adois days trying to solve an error "failed to add entry: objectClass: value #4 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 87." the time to run the command smbldap-populate
<fbc-mx> My ubuntu server on weekends(heavy loads) ocasionally locks up. How can I limit the apache resources? Right now in my apache.conf I have 2 servers with 1000 connections. Should I try trimming it down to 500 connections?
<mattt> fbc-mx: what's your MaxClients set to?
<fbc-mx> mattt, can't tell right now cuz my machine won't respond to ssh in this state. I've already emailed the host provider to reboot my machine.
<fbc-mx> mattt, waiting for it to come back on line.
<mattt> fbc-mx: ok ... limit MaxClients, and if you're using MySQL limit max_connections
<mattt> fbc-mx: setting these too high can cause problems like this
<fbc-mx> ok, so I can control resources by controlling both of those parameters.. kewl... can't wait to start optimizing the server.
<fbc-mx> mattt, I also have to see find out if joomla uses one DB connection per user or uses only one connection.
<mattt> fbc-mx: for some stock standard mysql optimizations, have a look at http://mysqltuner.pl/mysqltuner.pl
<mattt> fbc-mx: not sure, i guess that's if PHP is configured to permit persistent connections?
<fenix_br> anyone has idea? about the error that I am having difficulty
<fbc-mx> fenix_br,  your samba is configured to pull from an ldap database.. I'm not too familiar with that setup.. I usually do everything from within the smb.conf file.
<fbc-mx> fenix_br, the few times I've had to do somethign like that I've used ebox... its free and easy to manage samba shares with an ldap database. It creates it all for you..
<fbc-mx> fenix_br, sudo apt-get install ebox (in case your interested)
<fbc-mx> fenix_br, has modular plugins for just about everything.
<fbc-mx> mattt, thanks. this script looks awesome... I'm gonna give it a go when my server comes back up.
<fenix_br> fbc-mx: I try very much for your help!
<fbc-mx> fenix_br, no prob.
<fenix_br> fbc-mx: tranks
<fbc-mx> fenix_br, obrigado! (I think that means your welcome. Not sure hehe)
<quizme> are all computers made in 2009 64 bit ?
<fbc-mx> quizme, well most budget pc's and laptops aren't. No netbook class machines are either.
<quentusrex> can someone give me a hand with openldap and tls certs?
<quentusrex> I have generated my certs, and it fails.
<quentusrex> I have generated testing certs, and it works
<quentusrex> it seems to have the problem with the cacert
<quentusrex> Does anyone know why openldap was compiled against gnutls rather than openssl???
<quentusrex> gnutls can't read some of my openssl generated certs :(
<ScottK> quentusrex: Usually it's for license reasons.
<quentusrex> but openssl is already distributed.
<quizme> fbc-mx k thanks
<fbc-mx> quizme, np :-)
<quentusrex> I have generated a 4096 CA key for signing all of my server keys, and gnutls can't handle it...
<ScottK> The usual problem is that the openssl isn't GPL compatible so GPL software can't link against it without a special exception.
<quentusrex> :(
<ScottK> I don't know for sure if that's the case here, but that's the usual reason.
<quentusrex> ok
<quentusrex> ScottK any idea how to check to see if gnutls can handle the certs?
<ScottK> Nope.  Sorry.  I'd guess review their documentation.
<fbc-mx> mattt, still there?
<fbc-mx> mattt, Here is the pastebin.. http://pastebin.ca/1492280
<fbc-mx> anyone know of an apache tuning script?
<robertr994> I'm running 8.04 64bit  on a AMD64 with 4 gigs ram  error log here http://www.kwtfstudio.com/1/error   Running apache , php5 and mysql.  locks up when Im not on the machine
<fbc-mx> robertr994,  I have the same problem... it even stops responding to ssh?
<robertr994> yep
<fbc-mx> robertr994, got what you need.
<robertr994> I may have stumbled on the issue,  hibernation
<fbc-mx> robertr994, use this script to optimze youy mysql usage http://mysqltuner.pl/mysqltuner.pl
<fbc-mx> robertr994, hib on a server??
<fbc-mx> robertr994, my issue was that I had really heavy usage.. I mean like close to 1000 simultaneous users...
<robertr994> my traffic isnt that high
<fbc-mx> robertr994,  if you don't have than, then yes, your prob might be hibernation.
<robertr994> has to do with the screensaver,  when I go back to the desktop
<robertr994> drops at that time
<fbc-mx> robertr994, your running a gui on your server??
<robertr994> running a shoutcast server
<robertr994> and website
<robertr994> thats all
<fbc-mx> robertr994,  shoutcast server should need a client connected to it full time...
<robertr994> no special programs, I dont even browse the net
<robertr994> its connected full time
<robertr994> www.kwtfstudio.com:8010
<fbc-mx> robertr994, you might want to do a ALT-CTL-F1 and login and type "sudo service gdm stop" see it the server dies after that. if it doesn't then it's an issue with your gui.
<robertr994> ok I'll try that
<fbc-mx> robertr994, as far as the gui is concerned. I guess you should go to preferences>>power managmenet and set everything to NEVER.
<robertr994> I did that a few minutes ago
<robertr994> Im new to linux,  been using windows servers for yrs
<robertr994> got pissed at windows tuesday morning and installed 8.04
<robertr994> love the way this machine runs on it
<robertr994> ALT-CTL-F1  I'll try after this radio show is over
<fbc-mx> robertr994, a rough way to disale hibernation could be to rename /etc/acpi/hibernate.sh to something else then "touch /etc/acpi/hibernate.sh"
<fbc-mx> robertr994, to create an empty file. Definitely not an elegant way to do it though.
<robertr994> ok
<fbc-mx> robertr994, good luck!
<robertr994> this runs great as long as Im on it  lol
<fbc-mx> robertr994,  here's another more elegant way of doing it through the gconf editor http://ubuntuforums.org/showthread.php?t=440225
<fbc-mx> robertr994, you may not have to reboot with that last solution... just log out and log back in, but I would reboot anyways to remove all doubt.
<robertr994> ok cool,  thanks
<robertr994> have a great weekend
<fbc-mx> robertr994, No prob.. How that helps you out. I know how stressing it can be to have a server acting up.
<fbc-mx> OMG, I might have actually helped someone..
 * fbc-mx pats himself on the back!
<jon_high9000> I have a question regarding to ubuntu-server ubuntu 9.04.
<fbc-mx> jon_high9000, OK hit me with it..
<jon_high9000> fbx-mx: I installed the server portion tonight mainly to setup a mail server. i am a newbie. way i setup the desktop and server  they are on separate partitions.
<fbc-mx> jon_high9000,  why would you do somethign like that for?
<fbc-mx> jon_high9000, You can add a gui to the server version if you really wanted to. All you had to do once you had the server version installed was type "sudo apt-get install ubuntu-desktop" and it would have done it for you.
<jon_high9000> fbc-mx: Purpose of the mail server is to retrieve mail from my gmail account using fetchmail dovecot and possibly postfix. main use is mainly for retrieval of email.
<fbc-mx> jon_high9000, yes but you can't be running both versions at the same time.. you'd either have to boot up as a server or as a desktop version.. If you did that then the server would never be up for the desktop version to retrieve the email from it. Kinda defeating the assumed putpose.
<jon_high9000> fbc-mx: i read somewhere you can use the sudo -s command and assign the same password using passwd
<fbc-mx> jon_high9000, I'd back up any data and reinstall it just as a server.. and add the gui so that you can get around it.
<jon_high9000> fbc-mx: this is to add the server to the desktop
<jon_high9000> fbc-mx: ok
<fbc-mx> jon_high9000, yes you can sync the password files from one partition to the other, I still don't get the functionality.
<fbc-mx> If you want the best of both worlds as in a server with a gui.. just reinstall it as a server, then add the gui..
<fbc-mx> jon_high9000, I mean, if you really get used to using the command-line like you really should to control and manage a server, you can remove the ubuntu-desktop package and run an autoremove, and I think it might clean the gui off the server for you.
<jon_high9000> fbc-mx: as i said earlier, i`m a newbie. just starting out. getting my feet wet as it were.
<jon_high9000> fbc-mx: been tinkering around trying to setup fetchmail to retrieve my email on gmail
<fbc-mx> jon_high9000,  They make pretty good books on ubuntu. I was a linux newbie but only a year ago, then I read a bunch on linux and ubuntu books.
<jon_high9000> fbc-mx that was on ubuntu-desktop however
<fbc-mx> jon_high9000, why wouldn't you want to retrieve your email with say Thunderbird for example
<fbc-mx> jon_high9000,  you could put your server in the DMZ of your router and setup DDNS and have gmail forward your mail to your ddns user@ddns-domain.com.
<jon_high9000> i could. but i get a lot of email and i want to find a faster way to retrieve my mail. mainly so i don`t get cut off by gmail when downloading my email.
<fbc-mx> jon_high9000, might save you alot of trouble and having to learn to configure dovecot, fetchmail at such an advanced level. You'd only need to learn how to create a mailbox and configure ddns and your router. Much easier that learing to configure mail and mail packages, that's for sure.
<jon_high9000> fbc-mx: i have a wireless router. wireless part (non-functional)
<jon_high9000> with ubuntu i mean
<fbc-mx> jon_high9000, nothing wrong with that. As long as your internet provider assigns a public ip to your router you can pass it along to your machine and program it to act as a full fledged mail server.
<fbc-mx> jon_high9000,  almost 1am here in Mexico City. A little past my bed time. I hope someone else in the channel can pick up where I left off.  Good luck.
<jon_high9000> no prob. thanks for your hlep
<jon_high9000> hlep
<jon_high9000> help
<Byron> !monit
<ubottu> Sorry, I don't know anything about monit
<Byron> Can someone help me with the configuration of monit. I want to make sure that I will receive the alerts if something should happen on the server.
<Byron> I've followed the directions and I disabled SSH. Within 2 minutes, monit had restarted ssh. I just want to be sure I'll get the notifications.
<Byron> !mail
<ubottu> mail is another medium to communicate. Ubuntu mailinglists can be found at http://lists.ubuntu.com
<achew22> I've set up KVM on a ubuntu 8.10 server and on connecting to it with my laptop (ubuntu 9.04) it won't let me do paraviartulization (sp?) or let me install from a network source. I don't mind not having paravirt but I would like to be able to install by pulling iso's over the internet. Does anyone have any idea how to enable that?
<uvirtbot> New bug: #398366 in openldap (main) "Certs generated with TinyCA2 and openssl cause errors in openldap and gnutls" [Undecided,New] https://launchpad.net/bugs/398366
<_ruben> hmm .. got a really strange issue with encrypted homedir on my server .. if im not logged in, i cant log in using my key (cant find it apparently) .. when im logged in, and my home is mounted, it does find my key
<Pirate_Hunter> can someone help me identify the problem, i just followed this tutorial on setting up bind9 but it wont startup, http://www.howtoforge.com/perfect-server-ubuntu8.04-lts-p4, under heading DNS server?
<_ruben> what do the logs say?
<Pirate_Hunter> where would i find the log
<_ruben> in /var/log .. most likely /var/log/daemon.log
<Pirate_Hunter> _ruben,  its is syslog goign to put it in pastbin
<Pirate_Hunter> http://paste.ubuntu.com/216255/
<Pirate_Hunter> its all absed on that tut yet why it doesnt work i dont know
<Pirate_Hunter> based*
<Pirate_Hunter> any ideas?
<Pirate_Hunter> anyone here care to help me with my problem
<TeLLuS> Pirate_Hunter: Fix owner or chmod. named[6110]: none:0: open: /etc/bind/named.conf: permission denied
<Pirate_Hunter> TeLLuS, thanx for the reply what would the ownership be i.e. chomd bind9 6610 (as it is how i named)
<Pirate_Hunter> TeLLuS, sorry i dont get how to go about changing/fixing the ownership through cli, how would i go about doing so
<Pirate_Hunter> what ownership does it need
<mobi-sheep> If it's in /etc/  It should be owned by root.  My guess.
<mobi-sheep> Pirate_Hunter: What does "sudo ls -l /etc/bind/named.conf" say?
<Pirate_Hunter> -rw-r--r-- 1 bind bind 907 2009-01-08 01:28 /etc/bind/named.conf
<Pirate_Hunter> mobi-sheep, -rw-r--r-- 1 bind bind 907 2009-01-08 01:28 /etc/bind/named.conf
<mobi-sheep> Pirate_Hunter: Try "sudo chown root:root /etc/bind/named.conf"  (I never messed around with server stuffs before).
<Pirate_Hunter> not sure but based on this tutorial, http://www.howtoforge.com/perfect-server-ubuntu8.04-lts-p4, i think bind9 isnt supposed to run as root but unprivildge to the user running it, if thats the case would i just choose the users i want it to run as because root would be automatic. grrr this was supposed to make setting a server easy
<mobi-sheep> Pirate_Hunter: sudo ls -l /etc/bind/* --> Bunch of files owned by bind bind?
<Pirate_Hunter> yeah they are are all owned by bind:bind maybe i should create that group and add myself in it that could work
<Pirate_Hunter> mobi-sheep, i just followed the tut the way they wrote it didnt think bind:bind an actual group that they might have will try making it
<mobi-sheep> "groups" will display the groups you're in.
<mobi-sheep> Just because the site have "how to" in the name does not necessarily mean they know how to.
<mobi-sheep> :o
<Pirate_Hunter> mobi-sheep, yah but i wouldve expect that they would mention something i have just added root and my user to that bind group which already existed will see how things go now
<Pirate_Hunter> grrrrr this was supposed to be an easy to follow tut
<mobi-sheep> Gonna avoid HowToForge now? :)
<mobi-sheep> Well.  Good luck either way.
<Pirate_Hunter> mobi-sheep, hahahaha yeah for sure, i would advise it, still it wont start im in that group yet permission is still denied hmmmm
<mobi-sheep> Pirate_Hunter: Try root.
<mobi-sheep> You can change back to bind:bind later.
<Pirate_Hunter> mobi-sheep, yah will do so will mess with this might break it even more grrrr
<mobi-sheep> The nice people here probably are giggling at the moment.
<Pirate_Hunter> yah most likely except why the **** is /etc/bind freaking root:root when it is a symlink I dont get how things like that can happen
<Pirate_Hunter> mobi-sheep, done well that was a new experience, not one much enjoyed no wonder most stay with the desktop
<mobi-sheep> What did you do to resolve it?
<mobi-sheep> Pirate_Hunter: Servers -- Not something that everybody would need.  Home server is a nice bonus though.
<Pirate_Hunter> mobi-sheep, the permission is now correct just need to find out why it isn't working i bet if i was using desktop this woulve been quick still will pay-off in the end, I hope 0.o'
<mobi-sheep> Pirate_Hunter: Desktop == No GUI.  And you increase your l33t points.
<mobi-sheep> Pirate_Hunter: I used XBMC on my home server though.  Ridiculously awesome.
<Pirate_Hunter> mobi-sheep, at this point forget the l33t points just want to get it working :/ and XBMC?
<mobi-sheep> I'll get you a  clip.
<Pirate_Hunter> ok
<Pirate_Hunter> ill still be here for a while
<mobi-sheep> Pirate_Hunter:  Site --> http://xbmc.org/   Video --> http://tinyurl.com/nj88vo.  I built it from minimal disc.   Not using it on Desktop (Although you can).  Hooked up to 46" TV + Sound via HDMI.
<Pirate_Hunter> well break time i guess will check it out now
<Pirate_Hunter> mobi-sheep, vedo dont work
<mobi-sheep> Pirate_Hunter: Flash?
<mobi-sheep> Pirate_Hunter: Well.  Gotta go.  Shower.
<Pirate_Hunter> kk
<Pirate_Hunter> mobi-sheep, yeah got it working apparmor was the cause of it not me and my server newbness just plain dumb apparmor
<mobi-sheep> !info apparmor
<ubottu> apparmor (source: apparmor): User-space parser utility for AppArmor. In component main, is standard. Version 2.3+1289-0ubuntu14 (jaunty), package size 317 kB, installed size 2112 kB
<mobi-sheep> Pirate_Hunter: Ahh I see.
<mobi-sheep> Pirate_Hunter: "AppArmor proactively protects the system from security threats, both internal and external. It enforce the applications to only be able to access resources aimed to be accessed by the application. In this way the system is protected to both known and unknown threats.
<mobi-sheep> For each application we want to protect or increase the security around, a security profile is created. The profile describes what files or devices the application is allowed to read, write and/or execute.'
<mobi-sheep> https://wiki.ubuntu.com/AppArmor
<mobi-sheep> Interesting!
<Pirate_Hunter> mobi-sheep, yeah but its a pain in the neck when it makes things not work that should work, however, i do understand how useful it might be
<KillMeNow[A]> i've never gotten apparmor to work properly
 * KillMeNow is no longer away : Gone for 1 day 18 hours 37 minutes 49 seconds
<howie> when i log into my server it gives me load avg and # of system process and #users ect.. is there a cmd to show that at will?
<J_5> howie: try the command top
<howie> that works but its there a way to get just whats at the top not all the pid users
<howie> looking for just this :System load: 0.0                Memory usage: 12%   Processes:       129 Usage of /:  0.7% of 219.58GB   Swap usage:   0%    Users logged in: 1
<J_5> I think you can with top, not sure of the command tho
<howie> ok cool i just man it
<J_5> try man top. That give you the information on top and what you can do with it
<J_5> :)
<J_5> or, it slow now. Maybe someone will come along and tell us in a while
<J_5> it's *
<howie> ya
<uvirtbot> New bug: #398549 in openldap2.3 (main) "Slapd, unless started manually, will not work with saslauthd" [Undecided,New] https://launchpad.net/bugs/398549
<billybigrigger_> can someone give me a another option for apache log analysis
<billybigrigger_> im using webalizer and awstats
<billybigrigger_> both just don't seem to want to keep my stats combined
<billybigrigger_> i've had this server for almost a month now and webalizer only keeps logs for a few days
<billybigrigger_> and awstats is now skipping weeks of logs
<Pirate_Hunter> whats the the package called for compiling stuff in ubuntu
<Pirate_Hunter> oops
<KillMeNow> If i recall, there is a new opensource project called "OpenXchange" that does web analytics
<KillMeNow> otherwise use google analytics
<uvirtbot> New bug: #398582 in apache2 (main) "Makefiles included with apache2-prefork-dev can't properly install modules created with apxs2 -g" [Undecided,New] https://launchpad.net/bugs/398582
<gletob> I can't get the Ubuntu server cd to boot
<gletob> I see the message where it looks for the boot record on CDROM but it says not found
<KillMeNow> gletob:  either you got a coaster for a CD rom, or the cd rom you have in the server doesn't like burned CD's cause it's old
<gletob> KillMeNow, It let me boot from a burned XP cd
<gletob> KillMeNow, and the SHA1SUM matches on the ISO
<gletob> ?
<KillMeNow> gletob:  Try burning another one from the ISO you downloaded, but in my experience either the CD you have now is a coaster or the CDRom doesn't like the one you have
<gletob> KillMeNow, Ok after 20 times turning the PC on and off it's booting from the cd
<KillMeNow> woot!
<KillMeNow> strange, but woot
 * KillMeNow[A] is now away - Reason : Gone away for a while
<gletob> It's an old crotchety computer.
<gletob> AMD K6 333 Mhz
<gletob> ATI 3D RAGE IIc with 4mb SDRAM
<gletob> 160 MB of DDR? I guess
<gletob> had windows 98
<gletob> so far so good
<gletob> I have a choose language screen!
<billybigrigger_> 9.04 server?
#ubuntu-server 2010-07-12
<[1]kaffien> can someone tell me what would cause this line in the fstab to not mount?    UUID=8095a8a2-80f0-4942-9a61-4738f3566209 /media/lsmnas2  xfs  0 1
<Kaffien> that is just a line for a secondary hdd for storing backups
<Kaffien> i looked up the block id via blkid
<zeeeeee> Can anyone assist me in getting indexhibit on my ubuntu server?  It has some sort of php semi-auto install file, but I'm not really sure how to use it.
<tiger2wander> Hi there
<tiger2wander> I've just purchased a Western Digital HDD 2TB, then plug it into my server running Ubuntu server 10.04 (Upgraded from 9.10) but seen it not detected my new HDD
<tiger2wander> I have not see it in list of `lspci`, `fdisk -l` or `lshw -C disk` commands
<tiger2wander> Please help me!
<tiger2wander> Is anyone troubled with this HDD?
<ChmEarl> tiger2wander, counting the new drive, how many drives on the system?
<tiger2wander> ChmEarl, I have 2 Seagate drivers 320GB running as RAID 1 before
<tiger2wander> ChmEarl, may RAID mode prevent kernel to detect new driver?
<tiger2wander> my kernel version is: Linux [hostname] 2.6.32-23-server #37-Ubuntu SMP Fri Jun 11 09:11:11 UTC 2010 x86_64 GNU/Linux
<ChmEarl> tiger2wander, so now you have three? did you use the same MB header array as the seagates?
<tiger2wander> ChmEarl, I have not configured it yet because of I don't see any message from `dmesg` about new hardware detection
<ChmEarl> tiger2wander, the seagates are on a separate card or directly to MB? and what is the chipset?
<tiger2wander> ChmEarl, I have not a plan to use new driver as RAID array, I'll use it as standalone driver to store data
<ChmEarl> tiger2wander, the new drive should be /dev/sdc
<ChmEarl> tiger2wander, if detection failed then try to attach the Western Digi to another SATA chipset. Perhaps the chipset used for it is disabled in the bios
<ChmEarl> tiger2wander, many MB's have 2 different SATA chipsets
<ChmEarl> tiger2wander, my MB has intel ich10 and jmicron
<tiger2wander> ChmEarl, there is only /dev/sda and /dev/sdb only
<tiger2wander> and RAID array is /dev/md0, /dev/md1 and /dev/md2
<tiger2wander> ChmEarl, my driver specs is here: http://www.newegg.com/Product/Product.aspx?Item=N82E16822136344
<ChmEarl> tiger2wander, you need to go into MB bios and activate SATA or ahci mode on all applicable headers
<tiger2wander> ChmEarl, and 2 old drivers specs is here: http://www.newegg.com/product/product.aspx?item=n82e16822148140
<unewbie> anybody using postfix with subdomains?
<tiger2wander> ChmEarl, both old and new drivers using Serial ATA
<unewbie> i need to install a new mail server
<ChmEarl> tiger2wander, then maybe you will need to run initramfs for your current kernel
<tiger2wander> ChmEarl, run `update-initramfs` ?
<ChmEarl> tiger2wander, yes after you check your MB bios and turn on the headers
<twb> Incidentally, what is up with some motherboards taking several seconds to load the AHCI controller on every boot? :-/
<tiger2wander> ChmEarl, yep! thank you so much, I'll do that later, because of my time zone is in business hours and can not turn off server now :)
<ChmEarl> tiger2wander, run dmidecode and see if all headers show-up
<ChmEarl> tiger2wander, no that won't help- didn't help on my system
<tiger2wander> ChmEarl, I'm looking for something in output of `dmidecode` now
<ChmEarl> tiger2wander, grep dmesg for the chipset names - that works on my system
<ChmEarl> tiger2wander, I search dmesg for jmicron and ich10 http://paste.ubuntu.com/462345/
<tiger2wander> ChmEarl, in my case there is no jmicron found in dmesg
<ChmEarl> tiger2wander, those are the chips that control my Sata/ahci headers. Your MB might be different
<tiger2wander> ChmEarl, yes, and there is my dmesg: http://pastebin.com/CWzcnXP5
<ChmEarl> tiger2wander, your ahci reports that RAID mode is turned on... no good
<ChmEarl> tiger2wander, my ahci reports SATA mode
<tiger2wander> ChmEarl, yes I'm using RAID mode for 2 old drivers running as RAID 1
<ChmEarl> tiger2wander, you are using linux software raid (mdx)
<tiger2wander> ChmEarl, yes
<ChmEarl> tiger2wander, the fakeraid is turned on in the bios
<ChmEarl> its turned on but your don't use it
<tiger2wander> ah, may I forgot to turn it off in bios seen install new Ubuntu server on that server last year
<tiger2wander> before I install Ubuntu on that server, it has run on Debian Lenny and using RAID mode too, may it has use fakeraid from bios
<ChmEarl> tiger2wander, when you go to data center you need to carefully look at the AHCI and RAID bios menus
<tiger2wander> ChmEarl, to avoid any conflict settings in bios?
<ChmEarl> your new drive will showup and most likely your bios wants to use it in RAID and you have to OK this
<ChmEarl> tiger2wander, of course thats not what you want, so turn RAID off and use AHCI or SATA
<tiger2wander> ChmEarl, ah! understand, btw once time bios is configured in fakeraid or something like that it will always add new driver to RAID array?
<ChmEarl> tiger2wander, my guess is that there is no auto config, you have to manually do it
<tiger2wander> ChmEarl, yes, I think so
<ChmEarl> #
<ChmEarl> [    1.039904] ahci 0000:00:1f.2: AHCI 0001.0100 32 slots 4 ports 3 Gbps 0xf impl RAID mode
<ChmEarl> #
<ChmEarl> tiger2wander, in that line there are 3 possible modes: AHCI, SATA, and RAID (fakeraid)
<ChmEarl> for your new drive AHCI is best
<tiger2wander> ChmEarl, Why don't use SATA mode for all?
<tiger2wander> ChmEarl, I think if we have difference drivers with difference specs implement so we will need AHCI
<tiger2wander> ChmEarl, and if all drivers has SATA compatible then choose SATA, it it right?
<ChmEarl> tiger2wander, sure SATA is fine (its legacy).. only RAID is bad since you need to manually be at console for too many things
<Roxyhart0> hi there, somebody know where i can get a doc to configurate DNAT with ubuntu server, inlcuding the definition in interfaces
<Roxyhart0> hi there, sombody know any doc to install DNAT in ubuntu? and how to sett it in the intercaes?
<qman__> so, my file server hard locked again after almost exactly the same amount of uptime, with no log information
<qman__> I'm just looking for opinions as to whether that's an indicator of a hardware issue or a software issue
<twb> qman__: do you have a local screen/keyboard or serial console connected to it?
<qman__> I have a local screen
<twb> Do you get a kernel panic on it?
<qman__> but it's completely hard locked, even sysrq is no use
<qman__> no, nothing on screen
<twb> OK, that was all
<alvin> qman__: Anything in /var/crash? (also, take a look at /etc/default/apport and enable apport)
<RudyValencia> I would like to back up the contents of my server to a USB hard disk automatically, what is the easiest way to do it?
<joschi> RudyValencia: rsnapshot for example (which is based on rsync)
<joschi> RudyValencia:  depending on what and how you want to backup your data there are better solutions
<RudyValencia> I want to backup both the 80GB / and 250GB /srv partitions on my server.
<Roxyhart0> hi there, sombody know any doc to install DNAT in ubuntu? and how to sett it in the intercaes?
<joschi> RudyValencia: then go with rsnapshot
<joschi> Roxyhart0: standard netfilter/iptables thing. see http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#DNATTARGET for example
<Roxyhart0> thanks a lot joschi!
<RudyValencia> what about cpio?
<twb> cpio is pretty historical
<twb> I'd be using rsnapshot or squashfs
<RudyValencia> ah
<twb> The point being they do a better job of incremental backups
<RudyValencia> can this 'rsnapshot' thing store to a USB drive?
<joschi> RudyValencia: it stores on any filesystem you tell it to...
<twb> rsnapshot just works on a directory, so you'd make a normal filesystem and mount it somewhere
<twb> Although you'd want to use a Unix filesystem, since rsnapshot requires hard links.  NTFS would also work, but probably not as well.
<RudyValencia> My USB drive is formatted ext3
<Kream> Hi all. I'm sharing sysadmin duties on some boxes with some other sysadmins. Is there a recommended way under ubuntu to set up a version control system for configuration files in /etc ?
<Kream> RCS seems the best tool for the job, but it's outdated and am not sure how it would work with ubuntu's sudo infrastructure.
<Kream> perhaps soemthing that integrates with bzr
<twb> Kream: etckeeper
<Kream> etckeeper ? hmmm
<twb> hands down
<twb> Apart from anything else, it will tell you 1) who installed a package (if they used sudo); and 2) it'll make daily autocommits, so you have 24-hour minimum granularity of "who caused that fuckup?"
<Kream> oh yeah baby
<Kream> that sounds hot
<twb> etckeeper defaults to git, except on recent versions of Ubuntu where canonical decided they liked bzr better :-/
<Kream> will solve so many issues
<Jordan_U> Even though bzr can't handle being run with sudo properly...
<twb> Jordan_U: I wouldn't know; I've never used etckeeper with bzr
<twb> Come to think of it, I haven't used bzr much AT ALL since etckeeper was created...
<Kream> " By default etckeeper is configured to use bzr for version control. The repository is automatically initialized (and committed for the first time) during package installation"
<twb> Kream: yes, but if you do something like "apt-get install git etckeeper", it will fail to find bzr and so abort the post-inst init.
<Jordan_U> twb: I tried it, and using sudo with etckeeper with bazaar leaves you with root owned files in ~/.bazaar/. So it's fine for all of those Ubuntu users that log in as root instead of using sudo...
<Kream> uh.... ok now i'm confused. I've not used any vcs system apart from the most basic SVN co stuff.
<twb> Jordan_U: that's a bug; report it.
<twb> Jordan_U: in fact, it's fixed in 0.47
<twb> Lucid only has 0.41, which is a pain.
<Kream> I have 2 people other than me who will be logging in as their usernames and using sudo to do admin tasks.
<Kream> no one gets to log in as root.
<Jordan_U> twb: IMHO it should have been fixed before bzr was made the default for etckeeper, which pretty much requires you to use sudo.
<Kream> few people get to log in at all.
<Kream> which should I use? default bzr ?
<Kream> or git or something else?
<Jordan_U> Kream: I'd personally go with git, but that's what I already use for my own projects.
<twb> Kream: whichever VCS you know best and have best support for
<Kream> what are the drawbacks to using bzr?
<Kream> i know none :)
 * Kream is a clean slate, VCS-wise
<twb> The downside of bzr is that only Canonical and their fanboys use it
<Jordan_U> And GNU projects.
<twb> Ha!
<twb> That decision was a fucking crock
<twb> "We'll use bzr because, technically, it has GNU in its name"
<twb> Kream: lots of people use git, so even though its UI is confusing and counter-intuitive, you can at least get help.
<Jordan_U> Kream: And I personally don't find git's UI confusing and counter-intuitive.
<twb> It reminds me of gnus
<Jordan_U> Kream: Also git is *fast*, which means that etckeeper won't be slowing down upgrades as much if you use git.
<twb> Jordan_U: slowness isn't really an issue unless you're doing upgrades one package at a time
<twb> etckeeper invokes the VCS twice -- once pre-apt, once post-apt
<Jordan_U> twb: I like to follow development releases :)
<twb> Jordan_U: well, even so, I only apply updates once a day...
<twb> However on my git ones, I did find that etckeeper was conusuming 8MB for every 1MB of working tree in /etc -- I think joeyh fixed that by tweaking the git auto-gc settings
<twb> http://bugs.debian.org/483804 hmm, maybe not
<Kream> eh, system run at 0 load most of the time so i'm not too worried about raw speed.
<Kream> runs*
<bogeyd6> a bug in ubuntu-bug, classy
<Kream> consuming? as in, diskspace?
<Kream> twb: ?
<twb> Kream: read the ticket
<Kream> oh ok
<Kream> soren: downsides for bzr is that it's way slower than git, right?
<Kream> sorry, hit tab after "lol"
<Kream> so
<Kream> apart from slowness is there any other downside to using bzr ?
<Jordan_U> Kream: In general or specifically for etckeeper?
<Kream> etckeeper
<Jordan_U> Kream: bzr in lucid still has the sudo bug, which means that you can't use etckeeper with sudo without breaking your user's bzr configuration.
<SpamapS> 17814 clint     20   0  346m 157m 1984 D  5.0 42.8   0:27.98 cc1plus
<SpamapS> ahh c++ .. such an awesome language. :)
<qman__> alvin, I don't have a /var/crash or /etc/default/apport
<alvin> qman__: I have apport on every system. I thought it was part of the base install, but can't find out why (apport-symptoms Recommends apport and apport Recommends apport-symptoms)
<qman__> this was an 8.04 install upgraded straight to 10.04
<qman__> after some googling I installed it, it may help
<qman__> if I get nothing at all I guess that means hardware
<alvin> qman__: Probably, but it's a lot of coincidence if it happens directly after an upgrade. Let us know what you find out.
<qman__> will do
<ccheney> hi
<DrPoO> hi
<zul> Daviey: can you look at bug #604400?
<uvirtbot> Launchpad bug 604400 in eucalyptus "Confusing comment in /etc/eucalyptus/eucalyptus.conf" [Undecided,New] https://launchpad.net/bugs/604400
<zenmower> dsa or rsa?
<jpds> rsa.
<Daviey> zul: on it
<zul> merci
<zenmower> thought so couldn't remember
<zenmower> thanks
<eolo999> hi, is it possible to upgrade a KVM virtual machine from hardy to lucid with a normal do-release-upgrade?
<eolo999> (on a hardy host)
<joel_> \quit
<BluesKaj> howdy folks , I've setup a media server in our TV room , and I would like to control i from my laptop like a remote . i don't need X or remote screen to run on the laptop. I would just like to be able to access media files and play them on the server which is hdmi connected to the tv .
<_ruben> BluesKaj: xbmc comes to mind
<WG1337> Hi! I have a problem with configuring sendmail to use gmail, after restart I get: unknown configuration line "define(`SMART_HOST',`smtp.gmail.com')dnl" and about 8 more such errors (pointing to newly added lines). What's wrong?
<qman__> WG1337, the first problem is that you're using sendmail
<qman__> it's ancient and a total nightmare to configure
<qman__> use postfix or exim instead, as those are the supported mail servers on ubuntu
<WG1337> Do I need to uninstall sendmail?
<WG1337> The thing is that I need to make PHP work with gmail, but most scripts use /usr/bin/sendmail
<qman__> I would use the purge option, otherwise you're going to have a lot of leftover configuration
<qman__> other mail servers create a '/usr/bin/sendmail' for that reason
<qman__> it doesn't mean you have to actually use sendmail
<qman__> there are a lot of guides for configuring postfix to use a gmail account, and when I did it myself it wasn't that hard
<rojoloco47> Hi I need Help with Setting up mail server in ubntu 10.04
<rojoloco47> Room is too silent
<rojoloco47> Can any body please help me with Mail Server in ubuntu 10.04
<rojoloco47> I really need it before next 2 hours
<thrain][> rojoloco47: I don't know much about it, but I would recommend following the steps in the server guide for the components of a mail server that you may need. https://help.ubuntu.com/10.04/serverguide/C/email-services.html
<thrain][> They tend to be good recipes that work in most cases.
<rojoloco47> I am just coming back from this page, This did not helped much :( @ thrain][
<qman__> !ask | rojoloco47
<ubottu> rojoloco47: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<qman__> we can't very well help you if you don't ask about your specific problem
<rojoloco47> Ok I want to install a mailserver ,just a simple mailserver with postfix, with which my clients can use Microsoft outlook in windows,
<rojoloco47> in other words i need a mailserver which provide smtp address and pop3 address so that my clients can recieve and send mail over internet
<qman__> that's quite simple, and I believe is covered in the server guide at the link above
<qman__> simply install the mail server and it comes configured that way
<rojoloco47> I tried but what I am not getting is, when I install postfix then what to do next? I mean what are my smtp and pop3 addresses for what I configure my mail client softwares ?
<qman__> as for receiving mail, that requires you to set up DNS properly for your domain
<qman__> you set your email clients to however it is they connect to that server
<qman__> if it's on the same local network and you don't have DNS, use the IP
<rojoloco47> Yes that everything I can do, what I can't do is simply a smtp and pop3 address to configure clients
<qman__> you simply use the name or IP of the server
<rojoloco47> lets suppose I have configured postfix using ubuntu official guide for a domain secure.sajidsaif.com now what are my smtp and pop3 address to configure mail client softwares ?
<batok> has anybody installed 10.04  in EC2?
<BluesKaj> _ruben, xbmc , ok I'll check it out ,thanks.
<qman__> the address would be [user]@secure.sajidsaif.com
<rojoloco47> I am sorry if I am not able to make you understand with the situation, like if we configure gmail with some email client , in incomming mail server we put address as pop.gmail.com and outgoing server we say its smtp.gmail,com, in the same way, what addresses will I have to use for incomming and outgoing mailservers ?
<qman__> the name or IP of your server
<qman__> if you have local DNS, use the name
<qman__> otherwise, it's the IP
<rojoloco47> IP ? can you make it more clear,
<rojoloco47> I will use it same like secure.sajidsaif.com ?
<qman__> IP address, whatever you configured
<qman__> yes, if that name resolves to the server
<rojoloco47> IP address will be DNS , is not it?
<qman__> if DNS works, that name will work
<rojoloco47> both incomming and outgoing mailserver address will be secure.sajidsaif.com right ?
<qman__> yes, if both postfix and dovecot are on the same server (which they are if you followed the guide)
<qman__> you may need to enable pop3, as I think only imap is enabled by default
<rojoloco47> Ok tell me once again, What I have to do, is simply install dovecot and postfix server nothing else from that guide ?
<qman__> it is actually even simpler than that
<qman__> sudo tasksel
<qman__> and choose mail server
<qman__> when asked, choose internet site
<qman__> and put in the requested information
<rojoloco47> I have put this command and it gave me a list of things
<rojoloco47> where mailserver is already selected
<qman__> then it is already installed
<Kaffien> anyone here have some experience setting up autofs?
<rojoloco47> let me finish guide with dovecot and postfix again, I have uninstalled everything assuming that its not working but let me check that i will update you
<Kaffien> i'm trying to set it up to allow ejecting carts from a   powervault RD1000
<WG1337> thanks qman__, with exim4 it sends mail :) also I found out that my ISP given mailbox sucks!
<maek> is there a way to extract a seed file from an installed server?
<rizzuh> How do I convert the Desktop into Server?
<maek> sorry, rtfm debconf-get-selection
<uvirtbot> New bug: #604717 in ntp (main) "Please convert init script to upstart" [Undecided,New] https://launchpad.net/bugs/604717
<Znow> Hey guys! I cant do: /etc/init.d/samba start <- it says it cant find it
<patdk-wk> samba?
<Znow> ofc in root@server
<Znow> the server tool thingie? :)
<patdk-wk> called smbd on my system :)
<patdk-wk> using lucid?
<Znow> oh, ill try that, yeah I am
<patdk-wk> service smbd restart
<Znow> oh... its already start
<Znow> started*
<Znow> anyhow, ive tried putty to connect it, but it wont
<patdk-wk> putty connects to samba?
<Znow> it wont
<patdk-wk> I should hope not
<patdk-wk> samba != ssh or telnet
<Znow> what to use then?
<patdk-wk> anything that supports cifs
<patdk-wk> windows, smbclient
<patdk-wk> smbmount
<Znow> sec
<Znow> erhhh?
<Znow> dunno what that is
<Znow> please enligthen me :)
<patdk-wk> those are all samba/cifs clients
<Znow> prefering any of those?
<patdk-wk> depends on what os your using
<Znow> PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers. ?
<patdk-wk> on the client/test machine
<patdk-wk> ya, putty has nothing at all to do with samba
<Znow> to connect to the server?
<patdk-wk> putty can connect to the server, using ssh or telnet
<patdk-wk> still nothing to do with samba
<patdk-wk> dunno why you talk about samba, and say putty won't connect
<Znow> I talked about samba, cause it wouldnt start, but ive obvious used the wrong command to start it. anyhow, putty wont connect to my server
<Znow> that is what I meant
<Znow> could you help me with that?
<patdk-wk> probably not
<patdk-wk> if ssh won't work, you don't have ssh installed
<patdk-wk> or something wrong with your network
<Znow> :o
<Znow> that wasnt much
<Znow> openssh-server is already installed
<Znow> it seems
<Znow> patdk-wk? :)
<patdk-wk> hmm?
<T3CHKOMMIE> !glassfish
<patdk-wk> I'm happy, just got nx working, dunno why, dunno how
<T3CHKOMMIE> hey everyone, im trying to figure out how to run a java JAR file on ubuntu server, its a gui program, and i can get it to run when i ssh -x using x11 but when i log out it kills the process. could glassfish fix this problem?
<Znow> openssh-server is already installed
<Znow> patdk-wk - openssh-server is already installed  - so that shouldnt be the problem... my server's "ip" is set to 83.92.69.50
<Znow> putty says connection timed out when I try to connect to the server
<Znow> can it be because both the server and the client is connected to the same switch, which is connected to my actual router?
<patdk-wk> dunno, depends on how you setup your router, server, client
<patdk-wk> I really don't want to go over network engineering
<T3CHKOMMIE> Znow are you behind a NAT router?
<Znow> T3CHKOMMIE - dont think so
<Znow> T3CHKOMMIE - aint sure
<T3CHKOMMIE> Znow, tell me how your network is set up in a net shell, i had some problems with ssh at first im sure i could walk you through it if i know how youre set up.
<Znow> T3CHKOMMIE - can we go private then?
<T3CHKOMMIE> sure
<uvirtbot> New bug: #604744 in nmap (main) "ncat when connecting trough proxy only sends lines in pairs " [Undecided,New] https://launchpad.net/bugs/604744
<erichammond> jjohansen, smoser: Have there been any thoughts about or investigation into bug 575193?  I have a client who is also experiencing high reported load on an idle EC2 Lucid instance.
<uvirtbot> Launchpad bug 575193 in linux-meta-ec2 "high reported load average on idle EC2 instances (dup-of: 574910)" [Undecided,New] https://launchpad.net/bugs/575193
<uvirtbot> Launchpad bug 574910 in linux-ec2 "High load averages on Lucid while idling" [Undecided,In progress] https://launchpad.net/bugs/574910
<erichammond> Thanks uvirtbot :)  I didn't even notice that bug was a duplicate.  There has been a fair amount of activity on the main bug.
<SpamapS> can you imagine how annoying an audio uvirtbot would be?
<SpamapS> "Hey bob, I was looking at bug 557739[uvirtbot starts talking.. launchpad.. bug..]
<uvirtbot> Launchpad bug 557739 in jockey "jockey-gtk crashed with BackendCrashError in convert_dbus_exceptions() (dup-of: 413624)" [Undecided,New] https://launchpad.net/bugs/557739
<uvirtbot> Launchpad bug 413624 in jockey "jockey-gtk crashed with BackendCrashError in convert_dbus_exceptions()" [Undecided,Incomplete] https://launchpad.net/bugs/413624
<smoser> erichammond, i've asked jjohansen before.  he's pretty convinced that its just accounting that is wrong.
<smoser> but i dont think he's gotten to do much on that.
<erichammond> smoser: Makes sense to me . There doesn't seem to be anything going on with the boxes.
<SpamapS> is it possible Xen is over-counting jiffies if something else steals its CPU cycles?
<erichammond> I believe I've seen this type of behavior before in the last couple decades, but I can't remember which Unix/Linux system it was on.
<SpamapS> like, if it spent 100 cycles doing nothing, but it didn't get to count them as doing nothing because the CPU was stolen.. then load would look high
<erichammond> I've learned to take load average as just an indicator that I should investigate to see if something really is wrong.
<SpamapS> yeah, load is useless w/o context. :)
<smoser> SpamapS, yeah, thats generally what we're thinking. is it is representing load more correctly as the load of a full cpu.
<smoser> and its not getting a full cpu
<smoser> yeah, i've seen kernel patches addressing things like this on power also.
<smoser> load seems high in the guest because the guest was getting 0.1 of a cpu
<smoser> erichammond, are there things reading load other than humans ?
<smoser> ie, is this going to cause some tool to say "oh no, my servers are more loaded than usual, i need to fire up more instances"
<SpamapS> its why response time always trumps artificial gauges and even counters.. if it takes a long time, something is wrong.
<erichammond> smoser: In the cases that I'm aware of I don't think it is causing other problems.
<erichammond> ...but it would be good to fix as it is alarming folks upgrading to Lucid on EC2.
<smoser> yeah, or at least clearly document "seriously, don't trust that!"
<erichammond> smoser: Nobody reads the documentation.
<smoser> as if its designed in behavior that isn't going to change, changing it is ongoing maintainence that we dont want to incur
<smoser> and it man not be something that is easily "fixable"
<SpamapS> I remember Theo Schlossnagle always berrating us for using mod_backhand's ability to read load average for traffic balancing.. he was like "no its useless use busy apache processes" .. ahh.. autoscaling w/ broadcast on a local LAN.. the good old days
<zul> smoser: ill do xinetd if you want to do apache :)
<smoser> nah. thanks for the offer though.
<zul> smoser: grumble
<spartan07_> how do I add a timestamp to a log being created by crontab?
<Jeeves_> spartan07_: use bitcron
<spartan07_> Jeeves_, never heard of it. is it installed on ubuntu server?
<Jeeves_> spartan07_: Nope. But it is on launchpad, just a sec
<spartan07_> is it bicron?
<Jeeves_> https://launchpad.net/~f-launchpad-bit-nl/+archive/bitcron
<Jeeves_> It enables you to email you if something is broken
<Jeeves_> instead of 'when there is output'
<spartan07_> awesome, thanks!
<Jeeves_> It also enables you to keep logfiles of your cronscripts
<matt_keys> I'm setting up a KVM host cluster out of 10 blades. I've got a 14 disk array RAID-5'd attached to a separate server, and exported that as an iSCSI target. My question is can I mount that from all the blade KVM hosts without corrupting it?
<Jeeves_> spartan07_: You're welcome
<Jeeves_> matt_keys: As long as you're not writing to the same lun with all the hosts, i think you can
<matt_keys> Jeeves_ : that's just the thing--it's all one big LUN. From what I'm reading I can't use ext3 because it isn't "cluster aware".
<Jeeves_> matt_keys: Indeed.
<Jeeves_> Why not create a lun per vm?
<Jeeves_> Or export it using nfs, and create an image per vm
<matt_keys> Would rather have one big storage pool for all the hosts to use
<Jeeves_> So, use nfs?
<matt_keys> RHEL's best practices show NFS to be too slow after about 5 guests start using it
<matt_keys> what about cLVM?
<Jeeves_> matt_keys: So what do they suggest?
<matt_keys> well RHEL uses the GFS/Cluster Suite
<matt_keys> I guess NFS is going to be the ticket probably
<RoyK> matt_keys: <priavate opinion>I use opensolaris/zfs for that sort of stuff</priavate opinion>
<Jeeves_> RoyK: That's the better option, yes :)
<RoyK> I use linux for most stuff, but for storage, opensolaris (or nexenta) beats most of the other options
<CppIsWeird> would this "command > outout.log 2 > error.log" work to dump the programs output to output.log and any errors to error.log?
<RoyK> CppIsWeird: which shell?
<CppIsWeird> umm, not quite sure how to answer that. w/e the default shell is when you ssh into a ubuntu-server.
<RoyK> ps $$
<RoyK> that'll be bash
<RoyK> command > out.log 2> err.log
<RoyK> without a space between 2 and >
<CppIsWeird> ok. thanks. :-)
<RoyK> np :)
<RoyK> man bash for more - but that manpage is rahter gross (4k lines or so)
<matt_keys> cLVM or just using local storage might be the better option... then just use NFS for migrations and ISO storage
<matt_keys> blades have two scsi hotswaps on them, all are raid1
<bpgoldsb> Anyone know the kernel parameter to limit your RAM?  I have 48G in a box, and I want it to think it has 1G.
<Jeeves_> matt_keys: Why limit yourselve?
<Jeeves_> matt_keys: IMHO it's smarter to create a lun per box, or search for other fs'es that can do what you want
<Jeeves_> bpgoldsb: Hmm
<Jeeves_> bpgoldsb:         max_addr=[KMG]  [KNL,BOOT,ia64] All physical memory greater than or
<Jeeves_>                         equal to this physical address is ignored.
<Jeeves_> bpgoldsb: http://www.cyberciti.biz/howto/question/static/linux-kernel-parameters.php
<bpgoldsb> Jeeves_: mem=1G solved it.
<RoyK> bpgoldsb: bingo - but why limit?
 * RoyK was about to answer bpgoldsb 
<bpgoldsb> Benchmarking disk i/o, need to overcome ram buffer, don't want to write 50G files.
<RoyK> ic
<RoyK> benchmarking i/o or filesystems?
<bpgoldsb> i/o
<RoyK> k
<bpgoldsb> I've got a box with a RAID-6 of 8 15K SAS disks, and a Corsair SSD.
<RoyK> writing with O_DIRECT will bypass the buffers, btw
<bpgoldsb> Testing performance of the native host, KVM linux guests using virtio, and KVM Windows guests using whatever qemu gives it for HW
<bpgoldsb> orly?  That might be more useful.  If iozone supports it.
<RoyK> bpgoldsb: erm - have you considered using zfs? with osol or fbsd?
<bpgoldsb> RoyK: Not really.  The FS doesn't seem like a big issue to me.  What would I be gaining?
<matt_keys> bpgoldsb: bonnie will let you tell it how much ram to use
<RoyK> matt_keys: doesn't matter if the OS is buffering, does it?
<matt_keys> uses direct calls if I remember right
<RoyK> bpgoldsb: read this http://hub.opensolaris.org/bin/download/Community+Group+zfs/docs/zfslast.pdf
<Jeeves_> bpgoldsb: zfs rocks
<bpgoldsb> RoyK: -I  Use VxFS VX_DIRECT, O_DIRECT,or O_DIRECTIO for all file operations, thats what you're talking about, right?
<RoyK> bpgoldsb: yes
<Jeeves_> There's really no fs that's as cool as zfs, yet
<RoyK> bpgoldsb: but scan through that preseantation, please
<matt_keys> bpgoldsb: yeah it's the -r option
<matt_keys> -r     RAM  size in megabytes.
<bpgoldsb> I'm not denying zfs rocks.  I'm just not sure I want to hybridize my network without a very good reason.
<bpgoldsb> RoyK: I'm reading now, I'll get back to you
<RoyK> k
<matt_keys> Jeeves_ : I know RoyK suggested zfs, did you have recommendation?
<bpgoldsb> RoyK: Actually, zfs is a real filesystem, right?  It's not like LVM where I throw extX/xfs/resier ontop, right?
<RoyK> bpgoldsb: it's a filesystem that incorporates stuff like LVM in a rather nice way
<bpgoldsb> Yes yes, but in the end, it's a filesystem.
<bpgoldsb> And I need to be able to carve out block devices to give to the virtual machines running on the host box.
<RoyK> it's a filesystem _and_ a volume manager
<RoyK> and you can create volumes that can be exported on iSCSI or FC or whatnot
<RoyK> sparse or not
<bpgoldsb> If I was building a SAN (and I actually will be soonish), I' plan to look at ZFS very heavily.
<bpgoldsb> But for this application, zfs doesn't make a whole lot of sense tbh.
<RoyK> and it supports very good compression and deduplication (the latter if you like to live on the edge)
<bpgoldsb> The big hurdles being, I'd have to switch from KVM to Solaris Zones or whatever you can run on BSD.
<RoyK> I'd suggest a separate box for the storage
<bpgoldsb> RoyK: So would I.  Can you help get me more budgeting? ;)
<RoyK> that's what we're doing now - duplicated 48TB on nexenta and something else for the access
<Jeeves_> matt_keys: Yes, zfs
<RoyK> bpgoldsb: you can use SSDs for caching, and use lots of cheap drives for the storage, and it'll run like hell
<bpgoldsb> RoyK: Just don't have the funds in the dept to spend on something like that atm.
<bpgoldsb> Just spent 15k on these two boxes I'm benching
<RoyK> bpgoldsb: the 48TB boxes we're buying will cost us NOK 100k each, whatever that is in  your currency
<Jeeves_> bpgoldsb: You should have planned ahead :)
<Jeeves_> 22:22 <Jeeves_> gcalc 100000 NOK in UDS
<Jeeves_> 22:22 <bitrot> 100Â 000 Norwegian kroner = 15Â 728 U.S. dollars
<coxn> I have this in a .cfg file that I'm using: destdir = /virtual-machines/ubuntu0/
<coxn> and it is getting ignored in favor of cwd
<coxn> suggestions?
<RoyK> bpgoldsb: good hardware from supermicro combined with cheap drives makes an excellent storage platform :)
<bpgoldsb> RoyK: You're preaching to the choir.  Just, the choir's budget sucks.
<RoyK> well, for your 15k setup, I could probably setup a little more storage :)
<bpgoldsb> RoyK: I could have gotten more storage, and neglected the other requirements.
<bpgoldsb> 15k for these boxes was cheap, and with a 25% educational discount
<RoyK> and those 48TB were net storage, after lots of redundancy
<bpgoldsb> 48TB of sata?
<RoyK> gross storage is about 80TB per box
<coxn> this is trying to use ubuntu-vm-builder btw
<Jeeves_> coxn: I've got the feeling ubuntu-vm-builder does not honor the configfile
<Jeeves_> try setting a tempdir....
<RoyK> bpgoldsb: 4x8x2TB drives in RAIDz2 VDEVs
<Jeeves_> The only way I got it to work was by manually exporting $TMP to a specific dir
<coxn> Jeeves_: it's pulling values from the configfile I'm specifying
<guhcampos> Has anybody installed nagvis on ubuntu 10.04 using a different .deb than the provided? 1.3.1 is too old
<RoyK> bpgoldsb: some SSDs for L2ARC (read cache) and some smaller and faster for the SLOG(write cache)
<coxn> Jeeves_: for example, it gets ip correct
<coxn> # dpkg -l ubuntu-vm-builder |grep ^ii
<coxn> ii  ubuntu-vm-builder               0.12.4+r455-0ubuntu0ppa1                        Ubuntu VM builder
<coxn> in case anyone was wondering
<Jeeves_> coxn: I know. I meant, not completely
<coxn> "when the destination variable name is specified, it is the variable name that should be used (ie: destdir instead of dest)." https://help.ubuntu.com/community/JeOSVMBuilder
<coxn> I'm a bit baffled
<RoyK> bpgoldsb: sorry, that was only 64TB gross, but still, it's a lot for the money
<coxn> I suppose I should write up a ticket about this
 * coxn wanders off to find food
<bogeyd6> How would one send an http command to a server without downloading anything?
<RoyK> bpgoldsb: get the idea_
<RoyK> ?
<bpgoldsb> RoyK: I get it.  I've done similiar things.  But I don't know what you want me to say.
<RoyK> bogeyd6: mostly a HTTP GET to some site will do good, but the,  you have to download the output
<bpgoldsb> I don't have the budget to build a redundant storage app AND build the other systems I needed to run the VM's
<RoyK> bpgoldsb: that was a single 48TB setup, we've got some smaller ones for other uses
<bpgoldsb> RoyK: Right, and I have a 15,000 USD budget.  The boxes, without any storage, cost 5,000 each.  And I need 2 of them.
<bogeyd6> RoyK, imma try a wget --output-document=/dev/null
<bpgoldsb> I don't think I can build a _REDUNDANT_ storage app, and deploy the _REDUNDANT_ network hardware to connect everything, for under 5,000
<bogeyd6> bpgoldsb, i am halfway in but sure you can
<bogeyd6> you just gotta not care about server and buy b-stock from CDW
<RoyK> bpgoldsb: are you building a redundat storage thing or just redundancy on one system?
<bogeyd6> i put together a nice 2.5tb raid 5 storage server for 1.8k
<RoyK> supermicro systems are quite stable, just as stable as the other HP equipment we have, and that from Sun
<bpgoldsb> bogeyd6: I don't buy from CDW.  I have a 2 supermicro boxes.
<bogeyd6> maybe you should, you can get 500gb sata hdd's for less than 120 bucks
<bpgoldsb> Right, I'm not running my virtualization boxes on SATA.
<RoyK> bogeyd6: you get 2TB for $120
<bogeyd6> i got no time for a 2tb hdd for 120
<bogeyd6> hp midline minimum
<RoyK> just get more of them - RAID - redundant array of inexpensive disks
<bpgoldsb> Raid doesn't solve the fact that they get much fewer IOPs than SAS or SSD.
<DrPoO1> hi guys. Is there a way to prevent mdadm.conf from changing drive labels?
<RoyK> HP midline means cheap disks sold at high prices
<bogeyd6> http://www.cdw.com/shop/search/results.asp?grp=bsk&outlet=1&Key=drive&InStock=1
<DrPoO1> We just inserted a new drive into our system and the array went down because the drive labels changed
<RoyK> bpgoldsb: you don't get more IOPS with SAS if the drives are slow, and all large drives are slow
<bogeyd6> RoyK, i dunno, i need the guarantee and replacement policy
<bpgoldsb> If you're saying I don't get more IOPs on my 15k 2.5 SAS drives than my 2TB WD Cavier, you're nuts.
<bogeyd6> bbiab
<RoyK> bogeyd6: I don't get it - the IT dept needs to kee things working, if they can blame someone when things go down, they still get a lot of trouble from the users and upper management. The best thing is to choose something that will sustain hardware failure
<uvirtbot> New bug: #604802 in commons-io (main) "Merge commons-io 1.4-3 (main) from Debian unstable (main)" [Undecided,New] https://launchpad.net/bugs/604802
<ccheney> kirkland`, having trouble getting powerwake not to explode when run from the cgi, is there a better copy of the cgi somewhere other than your bzr branch?
<trondpeter> Hi,  My server does not want to boot up correctly.. well actually it bots and it works, but I get some error (775) exited on status 4, while server actually is up and running and is accessible from ssh,  but locla screen and keyboard are impossible to use..  when I press esc i go between the ubuntu loginscreen (in ascii) and the error message.. (this in tty7)  before this error server started always in tty1
<trondpeter> if I press ctrl-alt-F1  tty1  is "empty" and no way of logging in...     Is this a known problem?
<trondpeter> I did disable all mounts in fstab except the /boot and /  ..  and they are correct set up  (done during install)
<T3CHKOMMIE> trondpeter, sorry man, i dont even know where to begin with that one :S
<trondpeter> T3CHKOMMIE  problem appeared without warning  and witout recent editing.. looks like a # of boots triggerd it..  Im starting to think its hardware related..  but strange it has worked flawlessly for many many days
<trondpeter> hmm it still works thouhg..   raid, samba and everything.. but cant log on without ssh lol
<T3CHKOMMIE> trondpeter, weird. i only ssh my server is headless, never had the problem :(
#ubuntu-server 2010-07-13
<trondpeter> im going to give it to a small business.. lol  :S   Ill just tell them that this is a great moneysaver.. screen and kebaord not even neccesary ehh possible  :D   But servers should only be connected with etehrnet and power anyway.. :)
<billybigrigger> can someone help me out with an ssh key problem
<billybigrigger> im trying to ssh-copy-id [user@host] from my friends machine to my server, trying to allow him access..but i keep get pubkey denied error messages
<billybigrigger> can i just copy/paste his rsa key into his ~/.ssh/authorized_keys on my server?
<trondpeter> OK hooked my server up with a keyboard and a screen.. The only thing that shows up on screen when I boot it is:  fsck from util-linux-ng 2.17.2     /dev/sda1: clean 765765/87658765 files, 765765/7657658765 blocks
<trondpeter> when I press escape  Ubuntu 10.14   . . . .   (startupscreen in ascii shows up)
<trondpeter> im now in tty7  (always used ssh or tty1 before this problem appeared.. tried to start from older kernel.. didnt work either.. :\
<trondpeter> searched all the web for answers too :\
<EvilTrek> anyone know where I can get support for the openssh-server package/sshd?
<EvilTrek> specifically with a security question
<NightDragon> ok who knows IT systems management really well? :)
<coxn> EvilTrek: fire up an openbsd system and it will point you to their bug tracking... "approach
<coxn> or, you know: http://openssh.org/
<trondpeter> hi guys     framebuffer is nessesary on a server edition??
<trondpeter> whi wirte lsmod  vga16fb is listed...
<trondpeter> when write *
<trondpeter> I can blacklist vga16fb right??    having some problems with boot  and trying to find the error.
<trondpeter> bfcon is also running... hmm strange.. I havent activated any graphics that I know about :\
<qman__> trondpeter, while I think you could disable it without issues, it is enabled by default
<buckelij> I'm trying to get libpam-ldap authentication working on 10.04. 'id username' works for most users, but fails for user without the givenName attribute with 'no such user'. any idas?
<Shapeshiftr> Hey.
<Shapeshiftr> Erm, I don't know if there is a SFTP channel or something to post this in, but...
<Shapeshiftr> how can I use SFTP if it's not auto-sudo?
<EvilTrek> Shapeshiftr:  erm.. .what?
<twb> SFTP is a module of SSH.
<EvilTrek> Shapeshiftr:  SFTP doesnt need sud o.o
<EvilTrek> sudo*
<twb> The SSH channel is #openssh.
<Shapeshiftr> I get a "write permissions denied" error whenever I try to copy any files from this compuier over.
<EvilTrek> depends where you're copying to
<EvilTrek> oh...
<twb> 11:34 <fsbot> tell us EXACTLY 1) what you typed; 2) what you saw; and 3) what you expected to see.
<Shapeshiftr> Just a home/user/
<EvilTrek> Linux to Windows?
<Shapeshiftr> Windows to linux.
<EvilTrek> or Linux to Linux?
<EvilTrek> Windows to Linux?
<Shapeshiftr> Yeah.
<EvilTrek> Shapeshiftr:  make sure you have ownership of /home/user
<Shapeshiftr> Error:	/home/administrator/levels/two.lvl: open for write: permission denied
<Shapeshiftr> Error:	File transfer failed
<EvilTrek> oh...
<EvilTrek> heh
<trondpeter> my server doesnt want to boot locally  (ssh works)  it "hangs" saying fsck from util-linux-ng 2.17.2   /dev/sda1: clean 50667/366480 files, 320366/1454676 blocks   Anyone can help me with a solution?  looked everywhere for help..
<EvilTrek> yeah use sudo there Shapeshiftr, because sftp doesnt mean sudoftp :P
<twb> trondpeter: are you running lucid?
<EvilTrek> Shapeshiftr:  since I assume your user you're using doesnt ahve ownership of the destination folder /home/administrator
<Shapeshiftr> I've logged into the SFTP as administrator
<Shapeshiftr> No, I do.
<Shapeshiftr> I AM administrator
<EvilTrek> hrm interesting...
<twb> Shapeshiftr: does an SFTP GET work?
<EvilTrek> check ls -l /home/
<EvilTrek> that too
<Shapeshiftr> hrm, twb ?
<EvilTrek> make sure that the administrator folder though is owned by your user
<Shapeshiftr> how would I go about doing that?
<trondpeter> yep   server edition  with samba kerberos authentication in a winblows AD domain
<EvilTrek> Shapeshiftr:  its a function: within SFTP... GET <remote file>
<EvilTrek> ?
<EvilTrek> i think
<Shapeshiftr> um, EvilTrek , I've logged in to the STFP client as administrator
<Shapeshiftr> So of course I have permissions :3
<trondpeter> ls -al ?  :)
<EvilTrek> trondpeter:  not fer ya, :P
<trondpeter> chown user:group file
<Shapeshiftr> Ok, so I'm using FileZilla
<Shapeshiftr> I drag and drop a file from my computer to the remote server computer.
<Shapeshiftr> And, write permission error.
<Shapeshiftr> :\
<Shapeshiftr> What does ls do, btw?
<qman__> Shapeshiftr, just because you _should_ have permission doesn't mean you _do_ have permission
<qman__> ls -al will tell you who owns and has permission to the files
<Shapeshiftr> Well, how would I not have write permissions for my own home folder? ...
<Shapeshiftr> Ok, running, one sec.
<qman__> you could have write to /home/administrator but not /home/administrator/levels
<qman__> or, /home/administrator/levels/two.lvl specifically
<twb> trondpeter: did you upgrade in-place from a previous release?
<Shapeshiftr> Ah, the folder i'm trying to copy to is set to root.
<Shapeshiftr> Yeah, /levels
<Shapeshiftr> How would I change that?
<qman__> Shapeshiftr, sudo chown -R administrator:administrator /home/administrator/levels
<Shapeshiftr> 3 seperate lines?
<Shapeshiftr> *separate
<qman__> one line
<Shapeshiftr> Erm, I mean, spaces in between each line?
<Shapeshiftr> of course, that was a stupid question.
<qman__> exactly as I have written it, in a terminal
<qman__> that sort of thing happens when you use sudo to create directories or files
<Shapeshiftr> Ah...
<Shapeshiftr> I'll remember that for next time.
<qman__> not a big deal, but you need to fix it if you want user-level access
<Shapeshiftr> It's a personal server, I'm really the only user besides root
<uvirtbot> New bug: #604845 in dhcp3 (main) "cannot connect to wireless networks using iwl3945 and network-manager" [Undecided,New] https://launchpad.net/bugs/604845
<Shapeshiftr> Ok, thanks everyone.
<Shapeshiftr> Later.
<bogeyd6> no one gave shapeshifter the website to the documentation :)
<twb> bogeyd6: what documentation?
<qman__> his problem was a typical permissions issue
<qman__> I wasn't aware there was any documentation to recommend there
<twb> RUTE, perhaps
<trondpeter> anyone wants to see my dmesg?  :p   http://pastebin.com/EanDAvmp        Sorry fell out a bit.. might have missed some messages
<trondpeter> safe to blacklist lp module?
<twb> trondpeter: so the machine booted fully?
<twb> lp is the parallel port; I wouldn't bother blacklisting it.
<bogeyd6> !serverguide | twb
<ubottu> twb: The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<twb> bogeyd6: I don't think the server guide covers POSIX DACs.
<trondpeter> yeah,, i acess it from ssh.  but not possible to access it locally
<bogeyd6> twb, i was talking about asking about "ls"and etc....
<qman__> trondpeter, did you try pressing escape?
<qman__> for some reason, lucid server likes to add the stupid graphical loading screen and hiding all messages
<qman__> that might be hanging you up
<twb> qman__: it's a "feature" that we can't remove :-/
<twb> Even if you comment out splash in the boot options, it still runs plymouth -- all that you disable is the chvt 7
<qman__> yuck
<qman__> first thing I always did on my servers was remove 'quiet splash' from the boot line
<qman__> invaluable when things break
<twb> AND, in plymouth, hitting ESC makes it print the full history, without clearing the screen first -- so if you only have five lines, and you hit ESC a few times, it prints it over and over in a confusing way
<twb> You also have to opt-out of fbcon now, and you *can't* opt out in d-i images.
<qman__> I understand that vanity is an issue for desktops, but for server, come on
<twb> qman__: allegedly "it's not just splash"
<qman__> I would be happy if they simply added an option that with a specific boot line it shows all messages the old way
<qman__> I don't really care what's under the hood as long as I get the information
<qman__> the way it is now is a total pain
<peugi2> Greetings! I have a question regarding network aliases for eth0, do they all have to be in the same subnet? If they do, how do I create eth1
<peugi2> ie, I just got new range of ips from my ISP, but I'm having trouble adding them to my interfaces file
<peugi2> can anyone please help with ip addresses?
<Underbyte> hey guys
<Underbyte> what happenin
<fridgerator> hello, anyone here?
<fridgerator> i have a question/issue, is anyone available to help?
<fridgerator>  i install ubuntu server 10.04, and set up ssh to log in remotely, everything installs and runs without a hitch.... when i restart my computer, after post, i get what looks like a blinking cursor " _ " then my screen goes blank and nothing else happens
<RudyValencia> !ubotu
<ubottu> Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://ubottu.com/factoids.cgi - Usage info: http://wiki.ubuntu.com/IRC/Bots
<CppIsWeird> i cant seem to get xen installed on ubuntu server because xen-tools is missing
<Underbyte> hey guys, how do i check for the number of file descriptors compiled in kernel?
<Jordan_U> Underbyte: What problem are you actually having / trying to solve?
<Underbyte> i'm filling out an IRCD application
<Underbyte> and that is one of the questions
<Underbyte> i've never heard a question like that
<ChmEarl> CppIsWeird, grab it from a karmic repo
<ChmEarl> CppIsWeird, its confirmed missing from lucid
<pthsWork> Anyone know of any good templates for documenting patch panels/switches cabling?
<tnt217> hi all
<tnt217> please help me to install autoconf version2.6?'
<tnt217> i try with command :apt-get install autoconf?
<uvirtbot> New bug: #604941 in mysql-dfsg-5.0 (universe) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.3 failed to install/upgrade: il sottoprocesso post-installation script ha restituito un codice di errore 1" [Undecided,New] https://launchpad.net/bugs/604941
<doko> hi, what is the ubuntu-server-qa/regression-test ppa about?
<crankyadmin> Hi there, Will ruby1.9 every become the default version in 10.04LTS server edition?
<twb> 10.04 is released, therefore it is stable.  That's "stable" as in "does not change".  So if it isn't already the default, it's unlikely to become so.
<crankyadmin> Cool thanks.
<RoyK> twb: that definition of "stable" is nonesense - feature-freeze != stable
<RoyK> but then, 10.04 _is_ fairly stable
<twb> Freezes happen before the release.
<RoyK> yeah, but "stable" != "feature-frozen"
<twb> As at the release, it becomes stable.  There are exceptions (notably, security patches), but these are exceptions.
<RoyK> you said `That's "stable" as in "does not change"`
<twb> Precisely.
<RoyK> that's abusing the word `stable`
<RoyK> "does not change" is "feature-frozen", and has nothing to do with the word "stable"
<twb> Plonk.
<RoyK> the only other place I've seen mixup of that was from the AsteriskPBX guys, but then, that project is a mess and is pretty far from any type of stability
<crankyadmin> So am I correct in assuming that 'apt-get install ruby' will never install ruby1.9?
<RoyK> crankyadmin: there might be other repositories if you want it from a package
<twb> crankyadmin: on 10.04, that is a reasonably safe assumption.
<crankyadmin> Cool
<twb> crankyadmin: for a security update to change ruby from 1.8 to 1.9, it'd have to be something both critical and impossible to backport.
<twb> Of course, it you have stuff like lucid-backports or PPAs enabled, you might accidentally get 1.9
<RoyK> crankyadmin: http://www.ruby-lang.org/en/downloads/
<RoyK> crankyadmin: sudo apt-get install ruby1.9.1-full
<RoyK> it's all in lucid already
<p1l0t> So I changed my ssh and sshd to RSAuthentication yes and password authentication to no. However I still invalid user messages in my auth.log... did I miss something?
<p1l0t> If you change ssh_config and sshd_config to RSAuthentication yes and Password Authentication to no why would auth.log still be showing invalid user attempts? (My key is several thousand bits long and one week old I highly doubt its been brute forced yet)
<Jeeves_Moss> is there a CLI only picture comparison program that will search through a directory of a few hundrad thousand files and look for duplicates?
<Jeeves_> md5sum ?
<alvin> Jeeves_Moss: fdupes can do that, based on checksums, but if the picture is a duplicate with a different resolution, that will not work
<DrPoO> what do u guys recommend for setting up automatic security updates on a server?
<joschi> DrPoO: unattended-upgrades maybe...
<DrPoO> joschi, is that a package?
<joschi> DrPoO: yep
<rahman> is there a quick way to get the user name who is running a process?
<DrPoO> top?
<Jeeves_> ps uax ?
<rahman> I now the name of process: "named"
<rahman> So how to learn who is running "named"
<Jeeves_> ps uax | grep named
<Jeeves_> The first column is the user running it
<Jeeves_> bind, usually for named
<rahman> Jeeves_: thanks, its what I need
 * patdk-wk is lazy, stat -c %U /proc/`pidof named`
<patdk-wk> though, I normally use the uid numbers
<Jeeves_> patdk-wk: That's not lazy, that inefficient :)
<patdk-wk> well, depends on what your using it for
<patdk-wk> I normally use it in scripts
<patdk-wk> ps aux | grep named would need something to filter columns
<patdk-wk> I guess I could modify the ps output also
<p1l0t> blain: If you change ssh_config and sshd_config to RSAuthentication yes and Password Authentication to no why would auth.log still be showing invalid user attempts?
<jefferai> zul: apachelogger pointed me your way about a problem we've uncovered
<jefferai> the problem is that libmysqld is distributed in a separate pic-enabled package
<jefferai> but, mysql_config --cflags doesn't have -fPIC
<jefferai> because the main package isn't built with -fPIC
<jefferai> so if you use mysql_config to get your build requirements your build will fail
<zul> jefferai: can you open a bug in launchpad
<jefferai> against what package?
<jefferai> mysql or the libmysqld-pic one?
<zul> mysql
<jefferai> ok
<jefferai> zul -- sorry, against mysql-server or mysql-dfsg?
<jefferai> hm
<jefferai> mysql-server doesn't exist..
<zul> mysql-5.1 please
<rahman> hi I get this error in my slave dns server: http://pastebin.com/XU1QRBTN
<sherr> I am using 10:04 server with KVM and virsh - trying to "hot add" an LV "disk" to a guest, but having problems.
<sherr> If I use virsh - and "attach-disk", the disk is "attached" but the gurst hangs and I have to destroy it.
<sherr> attach-disk DOM /dev/vgserver/disk vdb
<sherr> This creates a disk XML block :
<sherr> <disk type='block' device='disk'>
<sherr> <driver name='phy' type='virtio'/>
<patdk-wk> rahman, fix your master dns server
<sherr> But the guest is dead now.
<sherr> Does anyone use "attach-disk" with KVM/virsh?
<patdk-wk> hmm, actually I think it's the tmp file, guess named doesn't have write permission
<sherr> If I try and restart the guest (start), I get an error :
<rahman> patdk-wk: master has allow section for slave and it doesn't report any error in syslog for slave
<sherr> error: internal error unsupported driver name 'phy' for disk '/dev/vgserver/rum-disk-server'
<rahman> Jul 13 16:18:09 artvin named[647]: client 79.123.252.52#46624: transfer of 'artvin.edu.tr/IN': AXFR started         Jul 13 16:18:09 artvin named[647]: client 79.123.252.52#46624: transfer of 'artvin.edu.tr/IN': AXFR ended
<patdk-wk> ya, I just noticed the tmp file failed
<sherr> There is very little documentation for the "--driver" and "--subdriver" options to "attach-disk" ...
<patdk-wk> fix your filesystem permissions
<rahman> do I need to give -wrx permissions to "bind" user for /tmp dir?
<patdk-wk> heh?
<jefferai> zul: ok, done: https://bugs.launchpad.net/ubuntu/+source/mysql-5.1/+bug/605021
<uvirtbot> Launchpad bug 605021 in mysql-5.1 "mismatch in mysql_config output and libmysqld cflags" [Undecided,New]
<patdk-wk> what exactly did you do to your /tmp?
<patdk-wk> and I wouldn't know, I don't use named, I hate named
<patdk-wk> last I saw, named used chroot, dunno if that is the case in ubuntu
<zul> jefferai: thanks
<rahman> patdk-wk: :) well its a fresh installed bind9, I don't know where "named" is trying to write tmp-mAacM75gcD
<jefferai> zul: sure...now I just have to figure how to work around this breakage for people for now
<rahman> or trying  to read it from
<patdk-wk> I wouldn't know either :)
<rahman> patdk-wk: thanks anyways :)
<smoser> jdstrand, ping
<uvirtbot> New bug: #605021 in mysql-5.1 (main) "mismatch in mysql_config output and libmysqld cflags" [Undecided,New] https://launchpad.net/bugs/605021
<jdstrand> smoser: yes?
<smoser> you're archive admin? i think.
<smoser> https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/605013 is in need of help if you had some spare time.
<uvirtbot> Launchpad bug 605013 in cloud-init "[MIR] cloud-init (legacy-grub-ec2)" [Undecided,New]
<jdstrand> smoser: I am, but my day isn't until Friday (see ArchiveAdministration). what do you need?
<smoser> jdstrand, sorry, i didn't know of days. i'm ok to bug jonathan or wait.
<jdstrand> smoser: I should mention that I (or jonathon for that matter) are not on the MIR team
<smoser> oh. sorry. yeah, i was confused.
<smoser> so never mind then. thank you.
<smoser> jdstrand, can you verify for me that legacy-grub-ec2 should at least be in universe at the moment ? it does'nt seem to be in the archive right now, but i'm under the impression that no other buttons need pushing to get it there.
<jdstrand> smoser: sure, np :)
<smoser> https://launchpad.net/ubuntu/maverick/+queue?queue_state=3&queue_text=cloud-init shows component universe for that version
<jdstrand> smoser: is legacy-grub-ec2 a binary provided by the cloud-init source?
<smoser> yes
<jdstrand> smoser: was legacy-grub-ec2 added in a recent cloud-init upload?
<smoser> yes
<smoser> before this morning it was in the NEW queue
<jdstrand> smoser: https://launchpad.net/ubuntu/+source/cloud-init shows grub-legacy-ec2 (as opposed to legacy-grub-ec2) for 0.5.12-0ubuntu5
<smoser> grub-legacy-ec2 is correct.
<smoser> updating bug
<jdstrand> smoser: it is in LP. when did it get deNEWd?
<smoser> i'm a moron
<smoser> sorry
 * smoser apologizes for stupidity
<smoser> thank you for catching my bad package name. it is in universe.
<jdstrand> smoser: heh, no worries. happens to the best of us :)
<p1l0t> In sshd what is pubkey authentication?
<patdk-wk> rsa/dha key exchanges
<p1l0t> OK so pubkey must be allowed to use RSA or DSA
<patdk-wk> yep
<p1l0t> If you change ssh_config and sshd_config to RSAuthentication yes and Password Authentication to no why would auth.log still be showing invalid user attempts?
<patdk-wk> AuthorizedKeysFile     %h/.ssh/authorized_keys
<patdk-wk> do you have any authorized keys?
<p1l0t> Yes I have a working key, I am just curious as to why random (hackers or bots probably) are showing up in auth.log with invalid user attempts
<p1l0t> crackers I should say
<patdk-wk> oh?
<patdk-wk> cause it's invalid :)
<p1l0t> lol yeah I guess that makes sense.
<p1l0t> I was expecting it to say invalid key rather than invalid user I guess
<patdk-wk> is the user valid?
<p1l0t> negative
<kozmund> I don't believe sshd exposes the fact that keyboard-interactive is disabled, just like sshd won't expose that the username someone is attempting doesn't exist.
<p1l0t> kozmund: Yes for security that would make sense
<patdk-wk> hmm, I don't get that
<patdk-wk> with mine, configed with passwordAuthenication = no
<patdk-wk> it doesn't attempt passwordauth at all, on the client side
<patdk-wk> no error messsages logged
<p1l0t> mine too. Some attempts say invalid key, which would be expected, but some say invalid user which I guess I don't how they got that far with password attempts disabled
<patdk-wk> ya, I get invalid user
<patdk-wk> but the user check happens long before the password check
<patdk-wk> as it needs to know hte user, to find the directory for the certs
<p1l0t> before the key check even?
<patdk-wk> yes
<patdk-wk> you can't find the key, without looking in the users home dir for them
<p1l0t> Ah, that makes me feel better
<p1l0t> I was worried I had missed disabling something. I have had so many brute-force attempts that I felt I needed key based authentication
<patdk-wk> heh, simple firewall based rules normally do good with that
<patdk-wk> if not, fail2ban
<p1l0t> Yeah I would like to set a number more like 3
<p1l0t> Maybe set a banner too.. with idle threats of prosecution. (since most of these attacks are coming from China and Korea)
<rahman> what is the dfeault working directory for bind in 10.04? I get a named[23441]: the working directory is not writable when I restart bind and could'nt find where the option is set.
<Jeeves_Moss> alvin, sorry, I was AFK, I'm looking for something that'll take into account the diff sizes, res, etc.  I have ~300,000 pics that I don't want to manually go through
<ccheney> ttx, you happen to know much about the uec provisioning cgi script?
<ccheney> ttx, i'm running into a problem with it executing powerwake, tried to contact kirkland but he appears to be afk for a while
<Alan> I'm running 10.04 server, 64-bit, with software RAID5, and i'm finding that occasionally some operations take like 10 seconds to complete
<Alan> for example closing vim or logging out of SSH
<Alan> but only occasionally, and just that one operation
<alvin> Jeeves_Moss: I found a utility 'findimagedupes' in universe. I didn't try it, but it looks like what you're searching for
<Alan> and then it's back to being funke
<Alan> has anybody else hasd this happen before/
<talcite> hi guys. I have a program that's giving me a weird error in bash. I've seen it before but I can't remember what caused it
<talcite> http://pastebin.com/DxXtpA6K
<talcite> I don't understand why it doesnt' execute pclient. It's chmodded 755
<Jeeves_Moss> alvin, thanks, I'll research it.
<DrPoO> is there a way of creating a temporary partition in swap?
<patdk-wk> drpoo, tmpfs :)
<DrPoO> patdk-wk, tmpfs?
<patdk-wk> ya
<DrPoO> can one create a tmpfs on a ssd?
<patdk-wk> tmpfs is a swap backed ramdisk
<DrPoO> nice
<patdk-wk> you said in swap
<DrPoO> ya my swap is on an ssd
<patdk-wk> well, it's a ramdisk that can get swapped
<uvirtbot> New bug: #605062 in autofs5 (main) "(lucid) autofs had a strange behaviour with paths" [Undecided,New] https://launchpad.net/bugs/605062
<sherr> Question about KVM and LV - In Xen, an LV is seen/inserted into a guest as a partition (e.g. xvda1). In KVM, an LV is is seen as an entire disk in the guest i.e. /dev/vdb.
<patdk-wk> actually, in xen it's optional
<patdk-wk> I do it both ways
<patdk-wk> I personally feel inserting it as a partition is evil
<sherr> Is there a problem (downside) to not putting a partition table on the LV inside the guest (vdb1) and just a filesystem on the entire device vdb? This seems "cleaner".
<patdk-wk> sherr, generally you will be fine
<patdk-wk> but some things will freak out, and *install* a partition table for you
<sherr> Thanks - it seems to work OK, but just planning.
<patdk-wk> I have run without a partition table on systems for awhile, and it works
<sherr> I *am* concerned about compatibility and data safety.
<patdk-wk> but when I tried openfiler, it wipes the drive if it doesn't have a partition table
<sherr> Thanks. I will note that concern about things like OpenFiler - don;'t think it will affect me.
<patdk-wk> ya, openfiler I know will screw it up :)
<patdk-wk> haven't had anyhting else yet, but I normally don't use gui stuff
<sherr> I think I am going to have to search LP for bugs and probably log one though - trying to use "virsh" to "attach-disk" (hotplug) will hang the guest.
<sherr> Not a show-stopper for me, but a shame.
<patdk-wk> ya, I haven't used kvm at all, but lots of xen
<patdk-wk> switching them all over to vmware though
<sherr> I use Xen too ... but have had to switch to KVM because of new hardware.
<sherr> Debian Stable/Xen - unsupported h/w. Debian Testing/Xen - unstable ... so, on Ubuntu Lucid 10:04 now :-)
<patdk-wk> I'm still in 8.04
<patdk-wk> cause of xen
<patdk-wk> once the move to vmware is good, it will all be 10.04
<patdk-wk> some have already moved
<sherr> I don't know VMware well enough. And I need to provision a new server this week - with something I can support ...
<oru_work> I exported a database before running a script which caused problems, now i want to restore it to what it was before I ran the script. I exported databse in phpmyadmin, so how can I go about restoring it?
<sherr> oru_work: don't know phymyadmin, but isn't there a "restore db" section/button as well?
<zeeeeee> How do i disable the initial password to my server-  if i remote reboot, I lose connection, and have to manually take my keyboard and plug it into my server box and enter a password...
<SpamapS> zeeeeee: like, a BIOS password?
<zeeeeee> hmmm it seems like it's some sort of hd access password- once I enter it, it gives me the ubuntu-server main info page
<zeeeeee> but there's no way (that I've figured out) to enter the password remotely
<zeeeeee> upon rebooting
<zeeeeee> surely it was some setting I enabled during install
<patdk-wk> you can't
<patdk-wk> if that is a harddrive password
<patdk-wk> that has to be entered long before ubuntu starts
<patdk-wk> to disable it is annoying, if possible
<zeeeeee> it's harddrive encryption that i installed w/ubuntu server.  oi vei..  is there some encryptfs file I can delete?
<patdk-wk> whole disk encryption?
<patdk-wk> normal encryption setup by ubuntu is on the user level, not the whole system
<patdk-wk> seems really pointless to have an encrypted system, where the system can boot without a password
<patdk-wk> I can only guess your used cryptsetup to do it
<patdk-wk> and in that case you need to modify your /etc/crypttab file
<patdk-wk> http://linux.die.net/man/5/crypttab
<patdk-wk> 3rd field, sets the password
<patdk-wk> you will have to remake your initrd files
<billybigrigger> anyone aware of a network stats program similar to top, and iotop?
<patdk-wk> iftop?
<billybigrigger> iftop
<billybigrigger> there we go :)
<patdk-wk> trafshow?
<patdk-wk> heh
<patdk-wk> there are like 10+ of them
<billybigrigger> patdk-wk, thanks
<giovani> or bmon :)
<kees> soren: did you ever publish gfsharefs ?
<lowridah> does anyone know the specific directive for a ks file so that server only installs base by itself?  not development or other parts, just base
<lowridah> would it be %packages then @base without anything else?
<lowridah> in 10.04 it seems to install a bunch of development libs if I do that
<SpamapS> lowridah: you could just use the mini iso. ;)
<lowridah> that's a workaround, I want to know how to do it right =)
<lowridah> i'll just bang my head on it some more
<lowridah> (right is probably by passing a preseed file I know)
<soren> kees: I doubt it.
<soren> kees: It seems not :(
<webPragmatist> if you moved your /var/www to /srv/www (www is it's own partition) would you consider symlinking /var/www ?
<webPragmatist> or maybe mount --bind
<orudie> how can I check php log ?
<SpamapS> webPragmatist: I'd change the configs
<webPragmatist> SpamapS: well i have to do that anyway because i have like a jillion sites :)
<SpamapS> webPragmatist: but given the amount of stuff that expects to be served from /var/www ... a symlink is probably in order. :)
<webPragmatist> SpamapS: doesn't httpd stuff like a default site in there
<webPragmatist> oh no it's just this index.html
<kees> soren: if you send me a copy, I'd be happy to publish it!  :)
<SpamapS> webPragmatist: no
<orudie> php logs anyone ?
<lowridah> um.
<lowridah> turn on error reporting because I don't think there are php logs
<lowridah> you should see the errrors in the httpd logs
<lowridah> or edit your php.ini and add it
<lowridah> here's a really good link about it
<lowridah> http://lmgtfy.com/?q=php+log+file+location+ubuntu
<Pici> !google | lowridah
<ubottu> lowridah: While Google is useful for helpers, many newer users don't have the google-fu yet. Please don't tell people to "google it" when they ask a question.
<lowridah> lol
<lowridah> you seriosuly tell people not to google simple strings?
<lowridah> that's ridiculous
<Pici> lowridah: Thats the way we do things around here.
<soren> kees: Appreciated :)
<lowridah> wow here kinda sucks then
<soren> kees: I wonder where it is :-/
<kees> soren: nooo
<kees> soren: no losing it!
<soren> kees: I'm thousands of miles from home right now. I'm sure it's on one of my laptops at home.
<soren> kees: Remind me in a couple of weeks.
<kees> soren: hah, okay.  you in the states right now?
<soren> kees: Oui. Austin.
<soren> kees: I can see Dustin from here.
<soren> kees: :)
<kees> heh
<guntbert> !away > Underbyte
<ubottu> Underbyte, please see my private message
<peeps[work]> i restarted my server, and apache did not appear to start as normal.  i was able to start it manually, but i don't know why it didn't start on it's own, it worked ok before
<peeps[work]> i also noticed this yesterday on my laptop running ubuntu, that boincd did not start when I rebooted.  is this a recent bug in ubuntu
<peeps[work]> not sure if that issue is related but it seems like it
<qman__> could be a race condition problem, but you'd have to do some testing to make sure
<peeps[work]> qman__, how would i test such a thing?
<qman__> I'm not exactly sure of the best way to go about that, far as logging the information
<qman__> but a race condition is when something (ie apache) tries to start before something it depends on (ie the network) has finished starting, and fails
<peeps[work]> if it attempted to start during boot and failed, would it be in any particular log file?  i don't know very well what everything in /var/log relates to
<qman__> but then would start fine once the system is booted and you try it manually
<qman__> it would
<qman__> probably messages or syslog
<qman__> there would also probably be something in apache/error.log
<peeps[work]> qman__, what files configure what is run on startup?
<qman__> I don't know where they're at now, since the change to upstart
<peeps[work]> argh
<qman__> looks like I still have /etc/init.d/apache2
<peeps[work]> how does it know to call /etc/init.d/apache2.  is there a file that lists what to call in init.d, or what order?   or does it just automatically call everything in etc/init.d
<qman__> well, there used to be sysvinit configuration, but now it's all upstart
<qman__> looks like apache is still started the sysv way, just through upstart
<peeps[work]> actually i had boinc on this server as well, and that doesn't start either
<qman__> ah, it still has the rc?.d file structure
<qman__> update-rc.d should work too
<peeps[work]> *sigh* i don't understand this well enough.  i just don't get what could have broken it when it all worked fine before
<peeps[work]> dammit i'm a software developer not a sysadmin
<qman__> well, if you still have /etc/rc[2,3,4,5].d/S91apache2
<qman__> it's telling apache to start
<peeps[work]> qman__, ://paste.ubuntu.com/463152/
<peeps[work]> i don't have any rc*.d/*apache
<qman__> well, that explains it
<qman__> not sure how it happened
<qman__> sudo update-rc.d apache2 defaults
<qman__> ought to fix it
<qman__> err
<qman__> sudo update-rc.d apache2 defaults 91
<peeps[work]> what's 91 for?
<qman__> that's the ordering
<qman__> without it, it defaults to 20, which could cause it to start before it can run
<peeps[work]> ahhhhhhh, cups is down too.  nothing freaking works
<peeps[work]> qman__, i was mistaken, that find command did not work like i though it did.  I already have S91apache2 file
<osmosis> what is "committed" memory?
<webPragmatist> if i had to make an uneducated guess it would be memory that has been used by a process
<webPragmatist> or "committed" to a process
<peeps[work]> what is the pae in package linux-generic-pae ?  i've never seen this before
<uvirtbot> New bug: #605172 in libvirt (main) "virt-manager fails if target system uses tcsh as root shell" [Undecided,Confirmed] https://launchpad.net/bugs/605172
<peeps[work]> it has the same package description as linux-generic
<CppIsWeird> is git unsupported in ubuntu server 10.04?
<thesheff17__> CppIsWeird: I use git all the time with no problem
<CppIsWeird> what package do i install to get it?
<thesheff17__> sudo apt-get install git-core
<qman__> peeps[work], it has PAE enabled, which allows non-x64 kernels to use more than 4GB of RAM
<peeps[work]> oh
<qman__> aside from performance tweaks, the only place it can cause problems is with badly written drivers
<CppIsWeird> thesheff, thx
<thesheff17__> np
<thesheff17__> if you can't find a package you can always do apt-cache search packageName
<peeps[work]> still don't know how to fix my upstart issues
<thesheff17__> what service is not working throug upstart?
<peeps[work]> apache2, cups, boinc-client, maybe others that i haven't noticed yet
<peeps[work]> they worked fine days before.  i restarted today and they did not come up automatically
<thesheff17__> well I really new to 10.04 but I have still been using /etc/init.d/ scripts fine for apache2 and boinc
<peeps[work]> and i tried another reboot and they didn't come up again
<qman__> apache is still a sysv script, but upstart is doing all the sysv work now
<thesheff17__> eventually will the init scripts go away?
<qman__> yes
<peeps[work]> i have some cron jobs i added recently, which might take a long time to run, could this possibly cause problems?
<peeps[work]> that's the only thing i can think that's really changed
<thesheff17__> apache should be instant
<qman__> only if they run on startup
<peeps[work]> i just put them in cron.daily, cron.weekly, cron.monthly.  i don't know if those get called on startup or not
<thesheff17__> what is the method for adding a service to startup...I'm assuming update-rc.d is going to go away as well
<thesheff17__> you shouldn't be starting services through cron
<qman__> he isn't
<thesheff17__> well for startup at least
<peeps[work]> i'm not starting service through cron, i'm just saying the only thing that's changed is i added some cron jobs, they back up my files
<thesheff17__> oh ok
<qman__> anything in cron.daily, etc would only run on startup if you start up at the time it picked arbitrarily to run daily jobs
<qman__> which would only be about a one minute window in the day
<thesheff17__> do you still use update-rc.d for starting scripts on reboot?
<thesheff17__> services I mean
<qman__> for sysv-style ones
<qman__> not sure about upstart jobs
<thesheff17__> ok
<peeps[work]> i tried asking for help in #upstart, but it's dead in there
<ajaya> rshali?
#ubuntu-server 2010-07-14
<CppIsWeird> how do i install a dom0 kernel?
<jpds> Xen isn't supported on Ubuntu.
<CppIsWeird> ok. well, i want a dom0 kernel on a ubuntu-server machine. how do i accomplish this?
<b14ck> Hey all. I've got a ubuntu-server 8.04 box here. I'm trying to upgrade to 10.04. Is there an easy way to do this? I've already done: `aptitude update; aptitude safe-upgrade; aptitude dist-upgrade;`
<b14ck> But now it is saying there are no new updates available.
<b14ck> I really need to upgrade because I need access to python 2.6.x, whereas the current version I have is 2.5.x
<b14ck> Any help would be appreciated :)
<b14ck> actually, i think i may have figured it out
<uvirtbot> New bug: #605226 in drbd8 (main) "package drbd8-source 2:8.3.7-1ubuntu2.1 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 10" [Undecided,New] https://launchpad.net/bugs/605226
<qman__> b14ck, dist-upgrade is not a release upgrade, it simply installs all the updates even if it has to add new packages
<qman__> if you want to upgrade to lucid, you need to run `sudo do-release-upgrade`
<Carleas> Is there a way to test key authentication before disabling password login?
<Carleas> I want to lock down my server so it only accepts ssh logins from keys, but I don't want to lock myself out if I've set things up incorrectly.
<pmatulis> Carleas: of course, just log in.  key auth. occurs before passwd auth
<CppIsWeird> how do you execute two commands consecutively in one line on bash?
<pmatulis> Carleas: but if you're worried, just keep another session open
<pmatulis> CppIsWeird: separate them with a semicolon
<qman__> if the second command depends upon the first, use &&
<CppIsWeird> pmatulis, perfect, thanks. :-)
<Carleas> Thanks, pmatulis. I feel a little silly.
<Carleas> Is using key authentication sufficient protection?  I've seen suggestions to change the port to something other than 22, is that necessary in addition?
<qman__> changing your port will only reduce your exposure, at the cost of the annoyance of having to specify the port every time you connect
<qman__> I wouldn't bother with that
<CppIsWeird> i seem to be getting a strange scrolling sideways output when i watch tail /alogfile
<pmatulis> Carleas: you can do that to get off the radar of 95% of the simple scripts people use for dictionary attacks
<pmatulis> Carleas: those kind of attacks won't work if you're using key auth. but your logs won't fill up needlessly
<pmatulis> Carleas: also, your client config can be altered to use the non-standard port so it's not an annoyance
<pmatulis> Carleas: specifying protocol 2 is also highly recommended but i believe that is the default these days (used to accept both 1 and 2)
<CppIsWeird> im trying to use the 'watch' command with a file that displays improperly with its non printing characters removed. in the manual watch says use cat -v in the commands pipeline. i've tried this every way i know how and either it still displays strange or it gets hung up.
<jessezylstra> Hello. I run a server that had a problem after the upgrade to 10.04. I have no desktop enviroment, I am running Ubuntu Server, and when I go to the server everything is duplicated three times on the screen, tiny, blurry, and stretched-looking because, for some reason, the resolution changed. My monitor only supports 640xWhateveritis, and it is running at something higher. How do I fix this?
<SpamapS> jessezylstra: you may need to add a boot argument to reduce the resolution
<SpamapS> jessezylstra: try adding 'vga=785', do you know how to edit your grub command line?
<Geekman> Hey, I found a command a while back (few months I think) which recursively listed the permissions of all files and folders in a directory, which I could then direct to a file.  Then I could use a similar command to take that file and use it to restore the permissions.  I completely forget what commands they were, but I think I needed to install an additional package.  Can anyone think of what it might be that I'm thinking of?
<ccheney> kirkland, how do i determine the set of packages that uec normally installs to have pxe install as well?
<ccheney> kirkland, i set it to 'minimal' but that seems obviously wrong
<ccheney> kirkland, ah i see its in tasksel, i suppose i can select multiple of those
<ccheney> hrmm
 * ccheney thinks the uec.py should be doing that already
<ccheney> eucalyptus-udeb eucalyptus/install-mode multiselect cloud, walrus, cluster, storage  should do that i think
<ccheney> maybe i need to trigger  eucalyptus-udeb to be installed better than it is currently
<ccheney> seems to only be setting it up if you have localdeb set, which seems incorrect
 * ccheney wonders what exactly localdeb means
<jessezylstra> SpamapS: I hope you are still here. No, I do not know how to edit my grub command line
<jessezylstra> SpamapS: is it possible to do so through SSH?
<twb> jessezylstra: only if the machine is already booted and runs an ssh server
<jessezylstra> twb: that is the case
<jessezylstra> sorry for my delays, I am not seeing the window flash in the taskbar
<twb> jessezylstra: grub2 or legacy?
<jessezylstra> twb: I honestly do not know.
<twb> Find out
<jessezylstra> twb: how do I do that?
<twb> Do you have an /etc/default/grub*?
<jessezylstra> Negative.
<jessezylstra> twb: and just to be sure, I double checked!
<twb> Do you have /boot/grub/menu.lst?
<jessezylstra> twb: Yes.
<twb> Edit that
<twb> There'll be a #kopt line (i.e. commented out).  Edit it, then run "update-grub" to make it take effect in the uncommented portions.
<jessezylstra> Uncomment # kopt=root=/dev/mapper/ubuntu-root ro
<twb> No.
<menthurae> hello there :) i'm looking for some kind soul to please help me try to get my RAID5 array back up and running via mdadm
<menthurae> i've exhausted my fairly limited knowledge and from all the information i can gather i can't figure out why it isn't rebuilding ^_^
<twb> menthurae: what are the symptoms?
<electrofreak> I have / on a RAID1... and it happens to be resyncing right now... will the boot process wait for that to finish before booting?
<electrofreak> otherwise... I dunno what is wrong with my server
<electrofreak> RAID1 is md-raid
<qman__> no, syncing is an operation that can be done post-boot
<twb> md array resyncing is done in a background kernel thread.
<electrofreak> that's what I thought
<twb> If you reboot, it'll start again from scratch unless you have those bitmap thingies
<electrofreak> oh hi twb
<electrofreak> bitmap thingies?
<twb> Some optional md thing that allows it to remember what bits are synced
<electrofreak> but it shouldn't hold up the boot process?
<twb> I don't know much about it, I just heard it mentioned in a LUG
<qman__> no, it should not affect the boot process
<twb> electrofreak: it won't hold the boot process; it might make it SLIGHTLY slower
<qman__> except for maybe slightly reduced disk performance
<electrofreak> then.... I need to figure out why my server wont boot
<electrofreak> I let it go for like 10 minutes....
<electrofreak> finally hit ctrl-alt-del and it shut some crap down, and rebooted....
<qman__> that's not very long
<qman__> longer than it should be taking, but still not very long
<qman__> it might be fscking a big partition
<electrofreak> same thing... it's literally just sitting here
<electrofreak> monitor has nothing interesting on it.... some ureadahead-other error... which I googled and is apparently be9
<electrofreak> I went in with a livecd... saw that my array was rsyncing...
<electrofreak> and was able to mount it and poke around.... but none of the logs are showing anything from the boot process
<electrofreak> so now, I'm sitting here waiting for it to boot again
<qman__> did you press escape?
<electrofreak> qman__: just did....
<electrofreak> intersting..... now it's booting
<qman__> that's a new "feature"
<electrofreak> what did I press escape to?
<electrofreak> lol
<qman__> unhides the important boot information
<electrofreak> I have to be honest.... usually my server is headless.... i'd rather not have to deal with such "features"
<qman__> I agree wholeheartedly
<electrofreak> is it likely stopping for that ureadahead message?
<electrofreak> because, it seems like I should get to the bottom of that if that's the case.
<qman__> well, I'd have to see the whole thing to know
<electrofreak> there was also a message about md0 being clean
<electrofreak> and a fsck version print above that
<electrofreak> that's it.
<qman__> what size are your partitions
<electrofreak> eh, like ~150GB
<electrofreak> two 160GB drives...
<qman__> probably fscking then
<electrofreak> swap array and / array
<qman__> give it more time
<electrofreak> now this splash screen is going forever.
<electrofreak> qman__: it said it was clean?
<electrofreak> and now I see no disk IO
<qman__> ok, then that's not it
<qman__> you would see disk I/O
<qman__> but you probably wouldn't see the fsck progress
<qman__> another side effect of the new "feature"
<electrofreak> yea, I did until I presume it finished resyncing
<electrofreak> gosh, there is no output at all.... this splashscreen sucks
<qman__> it has certainly caused me plenty of headaches
<qman__> my file server has a > 5TB array on it
<qman__> I can no longer monitor fsck progress on boot
<electrofreak> ...I might know the problem... altho really it shouldn't hold up the boot process....
<qman__> I just have to wait 4 hours to see if it finishes or crashed
<electrofreak> I turned off my large ass RAID5 to help troubleshoot this crap...
<electrofreak> and that mounts...
<qman__> turned off?
<electrofreak> I should make it noauto
<electrofreak> (pulled the drives)
<qman__> that would do it
<qman__> especially if it mounts to an important location
<electrofreak> maybe.... I just restarted and I'm waiting again...
<electrofreak> darn it....
<electrofreak> theres no disk IO now.... with the RAID5 on...
<electrofreak> this is really frustrating that there is no output...
<electrofreak> how do I grab the grub menu?
<electrofreak> there is no message like there used to be
<qman__> I think you have to press shift or something
<qman__> I don't know, I don't like grub2 at all either
<Jordan_U> electrofreak: Hold shift during boot to see the grub menu (Ubuntu hides it by default).
<electrofreak> qman__: figured out the problem... had yet another thing in fstab that was mounting that really shouldn't. I've learned my lesson... it wont happen again :-(
<electrofreak> qman__: if you're still up (almost 4am here)... good night.
<qman__> same time here, glad you got it sorted
<cemc> have a hardy server install. how do I upgrade directly to lucid from command line? just a test upgrade
<jpds> sudo do-release-upgrade
<Jordan_U> cemc: By "test upgrade" are you referring to the --sandbox mode of do-release-upgrade?
<tydeas> Hello i got (WW) Open ACPI failed (/var/run/acpid.socket) (Connection refused) on the Xorg log.
<tydeas> What can i do for this .. What it is ?
<cemc> Jordan_U: no, I'm in a chroot'ed hardy, and I'm upgrading to see what happens, it's just a discardable test ;)
<jpds> tydeas: You can ignore that warning.
<Jordan_U> !upgrade | cemc
<ubottu> cemc: For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/desktop/get-ubuntu/upgrade
<tydeas> jpds: xorg does not start at all
<tydeas> i mean gdm
<Jordan_U> cemc: I'm not sure if upgrading in a chroot will work though because of https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/430224
<uvirtbot> Launchpad bug 430224 in ubuntu-release-notes "init: support chroots" [Undecided,Fix released]
<cemc> Jordan_U: I see
<jpds> tydeas: bug #496859 is where I remember being said that that warning should be ignored
<uvirtbot> Launchpad bug 496859 in xorg-server "MASTER: acpid should be disabled from xorg-server (fedora patch)" [Wishlist,Triaged] https://launchpad.net/bugs/496859
<tydeas> jpds: thanks will try fedora patch
<tydeas> but how can i really use this patch to fix my issue?
<tydeas> nice
<tydeas> how can i really fix this issue?
<tydeas> jpds: ?
<jpds> I don't know, I don't think that's what's causing X not to start though.
<tydeas> how can i check why xorg does not start?
<tydeas> other ideas?
<jpds> Is this a headless system?
<tydeas> no i have screen
<tydeas> if this is what oyu mena
<tydeas> *you mean
<tydeas> jpds: ?
<tydeas> what do you mean with `headless` ?
<peugi> hi, can somebody help me with ip address alias problems?
<peugi> it's driving me crazy ...
<peugi> I have vmware host running centos where the ip alias works fine, but in the ubuntu guest I can't get it to work
<peugi> I tried some wireshark sniffing and the packets are getting through, but the ubuntu vm is not responding to them
<joschi> peugi: have you configured the interface in your ubunt uvm?
<joschi> *ubuntu vm
<peugi>  yes I have
<peugi> do you want to see my interfaces and routes?
<joschi> peugi: and the interface has been brought up? `ifconfig $IFACE up` or `ip link set $IFACE up`
<peugi> yes
<peugi> actually I just got a message from the ISP: Sorry fro the delay, there is an issue with binding secondary VLAN ranges to a virtual server that only a few seasoned technicians are familiar with. The short answer is that from our default configuration the secondary subnets can only be used as additional IP addresses on 2nd generation virtual servers, but they can not be used as primary IP addresses.
<peugi> i'm running vmware 1
<peugi> http://sites.google.com/site/zenarstudio/home/kb/vmware-esxi-vlan-integration
<peugi> joshi: can you make sense of it?
<joschi> peugi: sorry, I'm no networking expert.
<peugi> thanks for your help either way :)
<peugi> I think I'm going to upgrade to ESXi from Server 1.x
<ccheney> hallyn, scrum?
<andreserl> jjohansen-afk, by any chance do you know where can I find a cn_idx for a kernel module?
<simulacrum> Why on the download page for Ubuntu Server http://www.ubuntu.com/server/get-ubuntu/download there is no link to a .torrent alternative way of downloading; this is bad for data integrity because downloading a 700 MB .iso file will in some cases determine data corruption, and Step 2 should also mention how to verify the iso with md5sum hash or sha256
<sommer> morning all
<jmitchell> how can I reseal a VM. I would like to create VM templates of my newly installed lucid OS.
<hallyn> ccheney: hm, should i be able to debootstrap a lucid image from a debian install?  (then install kernel and update-grub)?  Shoudl work just fine right?  I've never done it to make a full bootable system.
<ccheney> uh, if you have the ubuntu version of debootstrap probably
<ccheney> i don't know if the debian version knows about ubuntu releases
<ccheney> it should be easy to see though when you look at the files in the debootstrap package
<hallyn> well seems worth a shot to save my bandwidth
 * hallyn tries it out
<bogeyd6--> Is it possible to have two network interfaces on a box with the same subnet, different gateways, and not bonded?
<joschi> bogeyd6--: I don't think so. how would any program decide which interface to use?
<bogeyd6--> joschi, good point. being the mail server i dont neccessarily care because the two external IPS are better
<BeeBuu> i can't ssh in the system which running in my cloud, please help me.
<Todd> It's in a cloud.
<bogeyd6--> And.... /question
<uvirtbot> New bug: #605436 in multipath-tools (main) "kpartx fails to map partitions (device-mapper: resume ioctl failed: Invalid argument)" [Undecided,New] https://launchpad.net/bugs/605436
<BeeBuu> Todd,yes it's can you help me please?
<Todd> No I'm sorry. I was being rude. I still think the term cloud is funny corporate nonsense. Apologies.
<Todd> I would help, but I'm busy at work.
<bogeyd6--> BeeBuu, https://help.ubuntu.com/community/UEC
<bogeyd6--> cloud == vmware DRS/VMOTION
<Todd> Anytime 'cloud' is mentioned in a meeting someone always snickers.
<BeeBuu> bogeyd6--: let me see.....thanks
<BeeBuu> bogeyd6--:  i had checked that before, but ~~~
<bogeyd6--> well unforutnately, right now, that and google is about all you got
<BeeBuu> bogeyd6--: i did. but so less~~~
<bogeyd6--> i suggest running through the steps again BeeBuu  just to make sure you did it right
<bogeyd6--> what does ~~~ mean?
<BeeBuu> bogeyd6--: i think maybe you are right
<BeeBuu> can i install the UEC in machines with single netcard ?
<Carleas> If I require a key to login, installing fail2ban is pointless, right?  The key requirement will break dictionary attacks?
<jmitchell> Carleas, why would you want a box continually trying to log in if it's not supposed to be doing that
<jmitchell> if fail2ban or denyhosts blocks the host then it can't bother the system anymore
<jmitchell> denyhosts is my fave, works well
<jmitchell> and you can subscribe to black lists
<Carleas> So it will only serve to reduce traffic or processing?
<jmitchell> well, it's such a small amount of traffic and work that's being done
<jmitchell> but yes, it will save a small amount of traffic
<jmitchell> we're talking very small amounts
<jmitchell> the amount of traffic would only be a problem for a dialup user, that small...
<jmitchell> if that much
<jmitchell> make sure u know how denyhosts and fail2ban work though, don't go and lock u'rself out of the box now... i have done that before ;)
<klaas> what is the fastest filesystem to run ontop of a software raid5 if I mainly have big files (100mb+) -- its a backup server
<jmitchell> take a look at jfs
<klaas> filesystem totals around 13tb
<jmitchell> there are lots of blog posts about it though
<jmitchell> make sure it's a stable fs though
<jmitchell> that's lotsa data to lose
<jmitchell> ext3 as always served me well
<klaas> I was looking at btrfs - any experiences with that yet? not sure if its ready for productive use
<jmitchell> nothing betters ext3 for recovery though, it's saved my ass plenty
<jmitchell> butterfs is cool
<jmitchell> don't know much about it though
<jmitchell> it's been slashdotted quite a bit in the past
<klaas> I was looking for a compromise between speed and reliablity :)
<jmitchell> all i can suggest is that with 13tb of data, make sure u get it right ;)
<klaas> its just the first round of backup so data loss would suck but it wouldn't kill me :)
<jmitchell> what you can do, is formate it with each and benchmark it before you migrate the data, that might give you the answers u'r looking for
<klaas> true but I was trying to walk the lazy way:)
<jmitchell> klass, then it's googlewalking for u mate :D
<jmitchell> i get better answers from this # in the evenings
<DrPoo> how can I change the location of the apt repositories through command line?
<jmitchell> sudo nano /etc/apt/sources.list
<DrPoo> jmitchell, is there a way to find the lowest ping server automagically, as with the gui?
<jmitchell> i think it does that in the install, but i have never found a way to rerun that part of the setup after the install
<DrPoo> dpkg-reconfigure ??
<jmitchell> you can grab a list of mirrors on the ubuntu.com site and ping each...
<jmitchell> that's for reconfiguring a package
<qman__> pretty sure ext3 can't go that big
<jmitchell> like dpkg-reconfigure postfix would run the postfix tui
<qman__> so you'll have to look into something else
<jmitchell> and ext4 is soooo new
<qman__> the only advice I can give there is, don't use XFS is you don't have a super stable system on a UPS
<qman__> I've suffered total loss more than once with XFS
<jmitchell> yeah, xfs is not good for recovering, trudat
<jmitchell> ext3 for recovering is awesome
<qman__> yeah, but it can't get that big
<pmatulis> DrPoo: http://tinyurl.com/2w42hva
<qman__> pretty sure it maxes at 8TB
<qman__> you'd need two filesystems
<qman__> and LVM
<jmitchell> qman, what size can ext4 do?
<qman__> I use ext3 on my big file server too, never let me down
<qman__> but mine's only ~5TB
<qman__> ext4 maxes at 1EB
<qman__> that is, approximately one million terabytes
<jmitchell> ahh, qman__ if you up the block size then it can go up to 32TB
<jmitchell> the block size must then be 8k
<qman__> yeah, but I think there was something else preventing me from using block sizes greater than 4k
<qman__> I don't remember what, specifically though
<jmitchell> shweet, so when i outgrow my 1.3tb volume and it's time for the 20tb volume, i can move to ext4
<qman__> and it wasn't a performance thing
<jmitchell> i'm sure it will be ready then
<jmitchell> qman, on 4k blocks u can do 16tb
<qman__> ah
<jmitchell> so u'r sorted ;)
<qman__> guess that array was bigger than I remembered
<qman__> then 13TB would be fine
<qman__> and ext3 is definitely my recommendation for reliability
<jmitchell> yeah, but only if he gets the blocks right before
<jmitchell> no moving to bigger block size after
<qman__> that's with 4k
<jmitchell> not that i know a way of
<qman__> so no problems
<jmitchell> shweet
<qman__> ah, this was it
<jmitchell> qman__, do you also remove the journal and then increase volume size?
<qman__> In Linux, 8 KB block size is only available on architectures which allow 8 KB pages, such as Alpha.
<qman__> can't do 8k blocks on x86 with linux
<jmitchell> oh, ok then it's 4k for us, but 16tb is quite shweet none the less
<qman__> no, I leave journaling on
<qman__> pretty much defaults
<qman__> it's a good tradeoff
<jmitchell> hmm, what procedure do u use to increase the volume size then when you add raid capacity?
<qman__> still performs better than the atrocious NTFS, and it's a lot more reliable
<jmitchell> ntfs is poo, i agree
<qman__> I did a simple ext3 grow
<jmitchell> hmm
<qman__> forget exactly what command, I only did that once
<jmitchell> have not had to do this in ages so can't remember how i did mine
<jmitchell> had to remove the journal though
<qman__> but I didn't have LVM either
<jmitchell> how retarded was i
<qman__> just ext3 on an md
<jmitchell> same here
<jmitchell> hmmm
<jmitchell> i have reading to do
<qman__> shrinking is far more complicated, but growing is a fairly simple operation
<jmitchell> i wonder what i missed then
<qman__> I don't remember exactly what I did, it was a while back
<qman__> but gparted includes that functionality in it as well
<jmitchell> woohoo, it's 5:15, i coulda left 15min ago ;)
<jmitchell> later!
<qman__> hah
<jmitchell> thanks for the chat, it was most interesting :P
<jmitchell> goodluck DrPoo!
<astroboy> What's the easiest way to set up a email-forwarding system for my domain? Do I have to set up a mailserver or can I avoid it? I just want to forward all the emails to another address
<DrPoo> qman__, have u had experience in setting up an OCFS2 array?
<EtienneG> coffeedude, hey there!  If I am not mistaken, you're the one looking after Likewise Open, correct?
<jjohansen> SpamapS: do you have any links for KSLM besides the lp project, which doesn't have anything in it atm
<coffeedude> EtienneG, Mostly.  Actually have handed off to another dev here at Likewise recently.  What's up?
 * coffeedude hides.....
<EtienneG> coffeedude, come on, it's going to be an easy one!
<EtienneG> coffeedude, regarding upgrading from karmic to lucid; I understand going from lw 4.x to 5.x requires some manual steps
<EtienneG> as the way the configuraiton is handled have changed
<coffeedude> EtienneG, The upgrade is handled as part of the deb install.  But you probably want to look at the likewise-open-test PPA
<EtienneG> coffeedude, it has been suggested to me that removing /var/lib/likewise-open/db/registry.db, and re-importing the registry files in /etc/likewise would be enought
<coffeedude> EtienneG, and yes, 5.4 is very different from 4.x
<EtienneG> coffeedude, yes, that I know
<coffeedude> Removing registry.db will wipe the current state and you will have to rejoin.
<EtienneG> coffeedude, I will have a look at the PPA.  I was under the impression that upgrading from 4 in karmic to 5 in lucid was not supported, but if you say it is, then great!
<EtienneG> coffeedude, thanks for the info.  i will test a bit, and come back with questions I might have.  who is looking after the Ubuntu packages at Likewise now?
<coffeedude> EtienneG,  I'm handing off to Scott Salley here (hopefully).  But i'll still be involved.  Just feel bad about not getting the SRU done yet.
<raywang> hello, does anyone try to install a 64bit guest on a 32bit host in KVM?
<EtienneG> coffeedude, no worry, I wasn't even aware there is an SRU in the pipeline!
<raywang> well, nobody install a 64bit VM on 32bit operating system? :)
<raywang> hello? anyone is familiar with virtualization? I appreciate a lot. :)
<oru_work> how can i archive a directory with all the contents with tar ?
<raywang> oru_work, doesn't 'tar cjf  filename.tar.bz2 directory' help?
<oru_work> raywang, yeah i was doing tar czfv
<raywang> oru_work, i was wonder are you concerned about those hidden files?
<raywang> oru_work, after a quick googling, hope this can help http://www.linuxquestions.org/questions/linux-newbie-8/how-to-tar-dot-files-354591/
<RoyK> rapha: if you just give the directoyr name, it'll take it all, if you say dirname/* hidden files will be lost
<oru_work> how can I really make sure that php errors are logged ?
<rapha> RoyK: sure you mean me?
<RoyK> rapha: no, autocomplete led me to you, since mr/ms/mrs raywang left befour I could answer - sorry about that :)
<RoyK> oru_work: php.ini is your friend
<RoyK> oru_work: usually under /etc/php/apache(something
<jjohansen> andreserl: I'm not sure I follow what your asking?  Do you want to know where to find the connector constants for a given module? (include/linux/connector.h)
<andreserl> jjohansen, yep that's what I wanted, and I already have it. Thanks though :)
<RudyValencia> Hm, I want to offer some basic Web hosting services to a select few friends. Is there a good (and free) cPanel equivalent that won't mangle my server's configuration up too much?
<jjohansen> cp, sorry for latency
<simulacrum> RudyValencia: http://wiki.debian.org/HostingControlPanels http://www.vhcs.net/index.html http://lordmatt.co.uk/item/966/
<simulacrum> RudyValencia: You may also have a look at http://www.ebox-platform.com/
<RudyValencia> whoa
<RudyValencia> the demo of VHCS has no language strings :o
<RudyValencia> I think I'll use the successor to VHCS - ispCP
<andreserl> jjohansen, btw.. I have one quick question and you might be the one that can help me. DRBD starting from 2.6.33 is in mainline kernel... I just installed maverick server and couldn't find any drbd module. Does this mean that the module is not being compiled with the kernel shipped in maverick?
<RudyValencia> Eh, perhaps a subdomain based on the user's Linux username would be easier to handle.
<jjohansen> andreserl: currently it isn't
<andreserl> jjohansen, will it be?
<jjohansen> maybe, need to check why it isn't being compiled
<jjohansen> it may just be an oversight/missed config
<andreserl> jjohansen, ok, cool, because current package uses DKMS, but since now the module is included in the kernel, I'd think is best to use that module and drop DKMS
<jjohansen> andreserl: yes, and that is probably how it got missed, I'll submit a patch for Maverick
<andreserl> jjohansen, awesome thanks :)
<Absorto> hello! well, there was a terrible accident and /etc/apache2 was deleted :(
<elb0w> I cant ssh in to my box
<elb0w> but it says its running
<Absorto> so I then apt-get remove apache2 and then apt-get install apache2 and /etc/apache2 was created, but without envvars and apache2.conf!
<elb0w> what can it be?
<Absorto> elb0w: is the port listening? can you telnet to port 22?
<SpamapS> jjohansen-afk: sorry KSLM seems to be in its nascent conceptual phases. Cole has the concept altogether, but I don't think he's near implementation yet.
<elb0w> oh nvm he is getting denied private key
<elb0w> publickey*
<elb0w> Where do the logs go for that
<oru_work> in ubuntu /etc/php5/apache2/php.ini i have error_reporting = E_ALL , so now where can i look for php error logs ?
<jjohansen> SpamapS: okay thanks
<boran_blok> Hi
<boran_blok> Is this the right place to ask for info about smbd ?
<oru_work> i made a file called test.php with <?php aksjdha(); and when i point my browser to mysite.com/test.php all I see is a blank page and no error, is this normal ?
<patdk-wk> for security reasons, yes :)
<oru_work> patdk-wk, /var/log/apache2/error.log doesn't show any php related error, when is the php error file ?
<oru_work> where*
<oru_work> patdk-wk, ^^
<patdk-wk> dunno
<patdk-wk> if your using mod_php I would think error.log
<patdk-wk> unless you overrode it in the php.ini file
<patdk-wk> but then, I don't use apache, so
<SpamapS> oru_work: check /var/log/syslog too
<Absorto> heh! apt-get purge <everything apache related> and then reinstalling did it! many thanks
<oru_work> SpamapS, nope not there
<orudie> in /etc/php5/apache2/php.ini i hhave display_errors = On , where else can I check ?
<orudie> in /etc/php5/apache2/php.ini i have error_reporting = E_ALL but not seeing any php errors in /var/log/apache2/error.log
<_ruben> did you restart apache after making the config change?
<kusznir> Hi all: how do I change my software source on a ubuntu-server install without X (command line only)?  I want to select one of the specific mirrors listed in the software source selector tool in the gui.
<kusznir> (currently its using us.archive.ubuntu.com, which is WAY slower than the mirror sitting on the same gigabit interface: ubuntu.eecs.wsu.edu :)
<_ruben> kusznir: edit /etc/apt/sources.list
<kusznir> Umm...there are a TON of lines there...I tried to do a global replace, and my apt didn't work afterward.
<kusznir> Is there a tool that I can run that will just select that mirror, or do I have to replace specific lines of that file?  (and if so, how do I know which lines to change and which to leave the same, etc?)
<_ruben> doing a find and replace on us.archive.ubuntu.com to ubuntu.eecs.wsu.edu should work just fine, unless the later doesn't have a working/proper mirror setup
<kusznir> Ok, it seems tob e working that time,t hanks!
<talcite> hey guys. is it normal for a 2 year old, 12 disk linux soft Raid 6 device to only achieve 26mb/s on rebuild?
<talcite> it seems pretty slow since each disk should be able to put out at least 50 mb/s
<patdk-wk> how so?
<patdk-wk> the disks have nothing to do with it, for the most part
<patdk-wk> what is the stripe size?
<patdk-wk> what happens, is it has to read the data off of 11 disks, calculate what should be on the new disk, and write it to the new disk
<patdk-wk> normally it's the cpu or pci bus that limits speed
<patdk-wk> if the drives are connected using a pci bus, that is 100mb/s max
<patdk-wk> so a write speed of 8mb/s
<orudie> can anyone help me with a command to grep for error_reporting on my entire /etc/apache directory?
<patdk-wk> if you can maxout pcix, that would be 32mb/s
<kusznir> I'm trying to set up a cups print server.  I've installed cups and an assortment of cups-related packages on an otherwise bare 10.04 server install.  I'm trying to manage it remotely.  I've edited the one line in cupsd.conf for Listen to set it to *:631.  I can now connect from my management workstation (http://<hostname>:631), but all I get is 403: forbidden.
<kusznir> The cups log doesn't give any information about it (in fact, it normally doesn't even log anything for my connect attempts in this way).  I enabled debug mode, and only got "normal-looking" output; nothing remotely like an error/problem.
<kusznir> Suggestions?
<zul> damn you php...damn you
<kusznir> ahh..by default, all the allow,deny lines only allow for localhost...strange default.
<ivoks_> damn you lenovo, damn you
<kusznir> Its also strange that it doesn't log anything about the cause or even that a request was denied.
<ivoks_> zul: how are you?
<zul> ivoks_: good how are you?
<ivoks_> zul: i'm !@#%#$%!
<zul> ivoks_: ah so much fun
<ivoks_> zul: waiting for my laptop to get back from repair shop, and waiting for broadband connection :)
<zul> ivoks_: heh time to get drunk then :)
<ivoks_> zul: :)
<ivoks_> let's try that then
<ivoks_> see you in couple of days :)
<uvirtbot> New bug: #605558 in dhcp3 (main) "dhcp3-server segfaults on start with large dynamic lease ranges" [Undecided,New] https://launchpad.net/bugs/605558
<naiad> if i have 2 nics with internet connections active that are not bonded would I have to use iptables to for apt-get to use a specific interface?
<rsr> hi
<SpamapS> naiad: for outgoing packets, you're going to use the one that has the default route
<naiad> both interfaces have gateways set
<rsr> I installed webmin but whenever I restart the server it seems like it aplies the configuration that is in the file /etc/networking/interfaces instead of whatever I put in webmin
<rsr> is there a problem with webmin?
<guntbert> !webmin | rsr
<ubottu> rsr: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<rsr> I had issues with ebox
<rsr> Whenever I install ebox on an ubuntu server it screws the config files and tries to take over everything
<guntbert> rsr: I don't like ebox either, but webmin is definetely problematic (some people claim that it is compatible with ubuntu again - but as long as it isn't in the repos I keep my fingers off
<duiu> I have a softraid 1 that I need to migrate to a new system. Is there a way I can do this without copying data to USB drive, remaking RAID, and copying data back to the new RAID?
<TeLLuS> Hi, I added a gfx card and now plymouthd dies when trying a new kernel and generic lucid kernel stays black..  http://paste.ubuntu.com/463649/   Any way to make plymoth stay away from the framebuffer?
<naiad> does anyone know how to have /etc/network/interfaces use dhcp but not update resolv.conf?
<patdk-wk> edit /etc/dhcp/dhclient.conf
<patdk-wk> remove domain-name-servers and domain-search from the requests line
<patdk-wk> and defently make sure they are not in the require line
<webPragmatist> wheres the proper place to globally disallow directory indexes in apache as well as enable .htaccess files
<webPragmatist> i added the .htaccess file in the "default" vhost
<webPragmatist> but if I add -Indexes it doesn't seem to work
<SpamapS> webPragmatist: FYI, .htaccess == very slow.
<uvirtbot> New bug: #605593 in libvirt (main) "virsh won't start any domain, but gives an error message; maybe related to apparmor" [Undecided,New] https://launchpad.net/bugs/605593
<webPragmatist> SpamapS: yesâ¦ a poorly written .htaccess can be slow
<webPragmatist> o.O
<webPragmatist> and yes there might be a ms lag looking for a .htaccess file each request
<webPragmatist> but it's convenience far outweighs it's pitfallâ¦.. though it makes me wonder if it's contents could be cached
<CppIsWeird> how do i compile a new 10.04 kernel with dom0 support?
<SnakeNuts> Hello all. I need to have a quick verification to see if I'm doing things right: I have a server I only have remote (SSH) access to and I want to set up a firewall. If I use 'ufw' and I do 'sudo ufw allow ssh/tcp' and the 'sudo uwf enable', am I doing it in the right order to _not_ lock myself out? (I did so yesterday by installing eBox and its firewall plug-in. I had to have my VM re-installed...)
<patdk-wk> well, considering the following is here
<patdk-wk> -A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
<patdk-wk> -A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT
<patdk-wk> you should be fine
<jdstrand> SnakeNuts: that should work fine
<jord> Hey. I've installed postfix and root's mail is going to /var/mail/root but when I type mail as root nothing is listed. How do I get the mail to show up?
<SnakeNuts> patdk-wk: Thanks. I'm sadly not very well versed in iptables or the like, so I don't really know what those two lines mean. (I'm assuming they're in the default settings), could you enlighten me perhaps?
<patdk-wk> well, if you have the conntrack module loaded
<patdk-wk> it tracks your connections
<patdk-wk> so if it is tracking your ssh connection, and the connection is OPEN (ESTABLISHED), it will allow it, without checking the rest if your firewall rules
<patdk-wk> as you don't have the conntrack module tracking yet, you need that ssh allow
<patdk-wk> once ufw starts it will start conntrack
<patdk-wk> and will notice it and add it to the list
<patdk-wk> but for the future, restarting ufw and that, your ssh would be safe, cause of those lines
<SnakeNuts> Ok, that makes sense. Thanks a lot for that! I'll read up on the conntrack module too. Cheers!
<CppIsWeird> can anyone help me get a dom0 kernel on my 10.04 box?
<webPragmatist> anyone ever try to compile lsyncd
<webPragmatist> and actually use it
<SpamapS> webPragmatist: no, not a poorly written .htaccess
<SpamapS> webPragmatist: merely enabling .htaccess makes your server *much* slower
<webPragmatist> like i said further down
<SpamapS> webPragmatist: to server   yourserver/dir/another/deeper/file.html  the server must look for .htaccess in @docroot@/dir @docroot@/dir/another @docroot@/deeper with every single access to that file.
<webPragmatist> exactly
<therianwork> hey guys, is there a bug that is crashing the aptdeamon?
<therianwork> my box keeps shutting off in the mid of the night
<therianwork> :\
<webPragmatist> any of you guys use rsyncd
<webPragmatist> I'm trying to use xinet and all that jazz but despide having the user and group set to "root" i get "Permission denied" when trying to create a file
<webPragmatist> i'm just wondering if â¦ the "user" in user@myhost:: is the actual user that execs the command
#ubuntu-server 2010-07-15
<webPragmatist> and thats a big nope
<erichammond> webPragmatist: This doesn't answer your question, but I prefer to use rsync over ssh.  That way I only have to worry about controlling a single point of access on the server (sshd).
<webPragmatist> i am using rsync
<webPragmatist> it's called rsync with xinetd so it will run as root and not bitchâ¦ but the problem is, wellâ¦ it's bitching
<webPragmatist> because it's not really running as root, it's running as like "nobody:
<erichammond> webPragmatist: clarification: I prefer to do it over ssh rather than use rsyncd.
<webPragmatist> oh
<webPragmatist> lol
<webPragmatist> i dunno about that jazz
<webPragmatist> lsyncd doesn't use scp, etc.
<webPragmatist> http://www.server-world.info/en/CentOS_5/lsync/1.html
<webPragmatist> or rather it does but i don't care to try it
<webPragmatist> rsyncd should work
<erichammond> webPragmatist: rsync works over ssh without using "scp, etc."
<webPragmatist> and you just use keys i suppose
<webPragmatist> are you going to be around tomorrow?
<webPragmatist> in general is the only difference the authentication? or what
<webPragmatist> i put my clone in here if you have anything to say :)
<ruben23> hi what is the latest upgraded kernel version of ubuntu-server..?
<ruben23> like for ubuntu-8.04 LTS
<Callum__> oh man, I've got a dead battery in one of my UPSs
<Callum__> its so bad that its bulging in places
<Callum__> since that 1500VA UPS is ancient, I am going to assemble a RBC7 battery for a newer APC SmartUPS 1500VA unit I have, but its going to set me back at least NZ$267 >_>
<Callum__> and considering we're a non-profit, money isn't easy to set aside
<billybigrigger> anyone here deal with alot of NFS shares?
<multi_linux_dist> hi guys, i need a little help with my domainkey setup in the zonefile
<multi_linux_dist> i have setted it up:  http://pastebin.com/aGSs4pby
<multi_linux_dist> but dig
<multi_linux_dist> sorry, dig _domainkey.mara-tour.ro TXT returns no answer
<multi_linux_dist> do you have any idea why?
<billybigrigger> ?
<billybigrigger> looks ok to me here
<billybigrigger> domainkey.mara-tour.ro.	0	IN	A	67.215.65.132
<patdk-wk> billybigrigger,  that is a total foobar test :)
<patdk-wk> he said txt, not a
<patdk-wk> and it starts with a _
<patdk-wk> dig -t txt _domainkey.mara-tour.ro
<billybigrigger> thought he was looking for a mail record
<patdk-wk> nope
<billybigrigger> not familiar with txt sorry
<patdk-wk> check: dig -t txt _domainkey.patrickdk.com
<patdk-wk> he is looking to get dkim working
<multi_linux_dist> yes
<multi_linux_dist> patdk-wk: you are right, that is what i`m trying to do
<billybigrigger> not familiar with dkim...looks like you've volunteered pat :P
<patdk-wk> heh, you forgot to put a . on the end of your domains :)
<patdk-wk> so it's not _domainkey.mara-tour.ro
<patdk-wk> but _domainkey.mara-tour.ro.mara-tour.ro.
<multi_linux_dist> patdk-wk: i will try it now, but tryied before and still nothing
<patdk-wk> well, either it must just be, _domainkey
<patdk-wk> or, _domainkey.mara-tour.ro.
<patdk-wk> atleast based on the other examples i nthe file
<patdk-wk> though _domainkey.mara-tour.ro. would be the safe garrentied way
<patdk-wk> works
<multi_linux_dist> works?
<patdk-wk> ;; ANSWER SECTION:
<patdk-wk> _domainkey.mara-tour.ro. 3600	IN	TXT	"'t=y"
<patdk-wk> extra ' though
<multi_linux_dist> it doesn`t to me
<patdk-wk> you foobar'ed your test also? :)
<multi_linux_dist> dig -t txt _domainkey.mara-tour.ro
<patdk-wk> well, that won't work
<multi_linux_dist> QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
<patdk-wk> your local dns server is caching the bad result
<patdk-wk> for up to an hour
<multi_linux_dist> :D
<patdk-wk> so you have to contact your server directly
<patdk-wk> dig -t txt _domainkey.mara-tour.ro @92.114.86.188
<multi_linux_dist> hehe
<multi_linux_dist> :D
<multi_linux_dist> patdk-wk: thank you very much!
<patdk-wk> nohup dd if=/dev/urandom of=/dev/sdg bs=8192 > /dev/null 2>&1 &
<patdk-wk> nothing better than running that on 3 drives
<patdk-wk> just wish urandom was faster than 2MB/s
<multi_linux_dist> patdk-wk: Authentication-Results: mx.google.com; spf=pass (google.com: domain of testmail@mara-tour.ro designates 92.114.86.188 as permitted sender) smtp.mail=testmail@mara-tour.ro; dkim=pass header.i=@mara-tour.ro
<multi_linux_dist> google says that dkim pass
<multi_linux_dist> yahoo dont
<multi_linux_dist> cache?
<multi_linux_dist> why all my mails go into spam folder if the ip is not reported as spam?
<gnoob> guys,  whats the easiest way to send e-mail from console?  want to make my server notify me when somthing happen trough bash script
<zul> mail command?
<Guest28494> Hey is there a way to configure ubuntu server to connect to a wireless accesspoint to install?
<multi_linux_dist> telnet?
<multi_linux_dist> php mail?
<multi_linux_dist> you can run a php command via sh
<multi_linux_dist> or telnet i thin
<multi_linux_dist> think*
<multi_linux_dist> but php is sure
<Guest28494> Hey is there a way to configure ubuntu server to connect to a wireless accesspoint to install?
<Guest28494> Or where are the packages that the server needs to install?
<pnunn> Has anyone worked out how to move a windows image into ubuntu's eucalyptus cloud yet?
<cs1> hi guys
<cs1> i need some advice about setting up the server
<cs1> firstly
<cs1> about the networking
<cs1> how do i go about setting up the network on the server?
<cs1> hello?is anybody available there?
<cs1> your guidance is truly appreciated
<p1l0t> Does anyone know why ifconfig would not want to read from /etc/network/interfaces
<p1l0t> I swear I have this one server that changing the interfaces file does NOTHING I can set the address manually but changing the interfaces file has no effect. Everytime it reconnects it goes back to some other settings!
<p1l0t> It can't be the syntax because this syntax works in every other ubuntu machine I have
<dhastha> Need help:  I am trying to install Ubuntu server 9.10 in virtual machine manager. But Virtual machine manager returns :  Unable to complete install: 'internal error unable to start guest: char device redirected to /dev/pts/0
<dhastha> qemu: could not open disk image /var/lib/libvirt/images/UbuntuServer.img: No such file or directory
<dhastha> How to install ubuntu server 9.10 in virtual machine manager?
<qman__> p1l0t, ifconfig doesn't use those settings, it's strictly a manual override tool
<p1l0t> oh
<qman__> you should run `sudo service networking restart` to apply changes made there
<p1l0t> wilco
<cs1> how do i get about setting up the network for the server??
<qman__> cs1, it is explained clearly in the Ubuntu Server Guide, linked in the topic
<cs1> ok.
<cs1> sorry
<cs1> maybe i phrased my question wrong.
<qman__> if you are having a more specific problem, please explain
<cs1> i want to know is it REALLY necessary to setup the TCP/IP and stuff
<cs1> because we are only running the server within the company enviroment
<qman__> you can't communicate with the internet if you don't have TCP/IP
<cs1> icic
<cs1> sorry if i ask stupid questions as im new to this
<qman__> you could potentially use a different protocol, but these days, TCP/IP is the only one in widespread use
<cs1> icic.
<qman__> novell IPX/SPX is long gone, and IPv6 hasn't taken off yet
<cs1> so its better to setup TCP/IP??
<cs1> how about DHCP??
<cs1> is it neccesary??
<qman__> DHCP operates over IP
<qman__> DHCP is entirely optional
<cs1> ok
<cs1> regarding remote administration
<cs1> say i dont want to set it up now
<cs1> will i have trouble setting it up later in the future??
<qman__> it being remote administration, that's easy
<qman__> simply install the openSSH server
<qman__> it can be done at any point in time
<cs1> icic
<cs1> so it wont cause the server to crash later on??
<qman__> of course not
<qman__> it wouldn't be very useful if it did
<cs1> ok.
<cs1> about DNS
<qman__> DNS is also optional
<cs1> not necessary to setup right??
<cs1> ok
<qman__> provided you don't mind using IPs to refer to your computers
<cs1> i cant use host name to refer to the pc in the company??
<qman__> not without some sort of name resolution
<cs1> sorry
<p1l0t> you can with dns
<cs1> computer name
<qman__> DNS is one way, there are many
<qman__> you can set up the hosts files, or use netbios, though that one's a bit trickier with linux
<qman__> DNS scales the best
<cs1> i see
<cs1> so in a way its better to setup DNS to avoid any unwanted problems later on?
<qman__> as opposed to using hosts files, yes
<qman__> since each computer's hosts file must be configured in order to work
<qman__> while a DNS server can provide names to all computers on the network
<cs1> icic
<cs1> so without DNS,i will have to use the ip address to communicate with them??
<qman__> yes
<cs1> ok.
<cs1> network authentication
<cs1> which one is more flexible
<cs1> OpenLDAP
<cs1> Samba and LDAP
<cs1> Kerberos
<cs1> Kerberos and LDAP
<cs1> im not sure what are the difference among this four
<p1l0t> Depends on what you want to do
<qman__> they are all more or less equally flexible
<cs1> icic
<qman__> setting up a working system with any of the above is quite a complex process
<cs1> because we want to setup ERP on the server
<cs1> so we want to setup the server to be stable
<qman__> be aware that if you are trying to integrate with a microsoft active directory network, not all features are implemented in samba and you will have limited functionality
<electrofreak> why isn't there a config in /proc/?
<cs1> so its better to use Kerberos??
<qman__> no, samba is the only real way to integrate with active directory
<cs1> aahh
<cs1> ok
<qman__> you can get basic authentication if you make some undocumented tweaks to your windows servers
<qman__> but other than that, there isn't much
<p1l0t> If you have any Windows computers on your network you will want samba more then likely
<cs1> yes.
<qman__> yes, samba provides the best way to communicate with windows
<qman__> as limited as it is
<cs1> limited as in??
<qman__> samba's authentication is on the same level as windows NT 4
<qman__> getting it to work with active directory is an exercise in frustration, to say the least
<qman__> and you won't get anything more than simple authentication
<cs1> ok.
<qman__> none of the extra features like group policy are available
<cs1> sounds extremely hard to setup then
<qman__> it's definitely an advanced-level task
<cs1> i see.
<p1l0t> I wouldn't say extreme but it does take a little reading
<cs1> ok.
<cs1> for the remote administration, its better to use OpenSSH or eBox??
<cs1> i read in forums, ebox seems to be the more favorable option
<qman__> if you like hold-your-hand interfaces, then yes
<qman__> but be prepared for little bugs and things to pop up
<p1l0t> I use SSH but I have not tried eBox
<qman__> and definitely make sure you lock down your internet access to it
<qman__> I use SSH exclusively
<electrofreak> what is eBox?
<qman__> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<electrofreak> oh, ewww. lol
<cs1> in other words SSH is more stable than ebox??
<p1l0t> More secure for sure
<electrofreak> eBox is likely more user friendly... I wouldn't even classify eBox and SSH together
<qman__> because of the way ebox and similar interfaces work, if you try to do things manually as well as use ebox, you will be in a situation where the 'automagic' code is fighting with you over your manual settings
<qman__> confusing things can happen
<qman__> so unless you plan to use ebox exclusively, I suggest not using it
<cs1> icic.
<electrofreak> yeah, I would likely not like ebox because it wont be flexible enough
<cs1> icic.
<cs1> we want flexibility
<cs1> thats why we are looking for options
<p1l0t> automagic code has fighting me my whole life - hence why I switched to linux... of course now even linux is starting with auto-magic but at least my servers are still fairly pure
<cs1> before we start setting up the server.
<qman__> ebox fills the niche of cookie-cutter setups
<qman__> custom setups are better served manually
<cs1> ok.
<electrofreak> cs1: ah... doing some research for work or something? definitely play with this stuff in VMs to get a feel for things
<cs1> yes.
<cs1> im doing research for work
<qman__> yes, definitely set up a test system and play with it
<qman__> make sure it will work for you before you commit to it
<cs1> its better to run things in VM before doing it on the server right??
<p1l0t> Or just stick it on some old computer and learn with it
<p1l0t> I started a few years ago just because the Windows crashed on this old computer we had. No I run the company on that server. lol
<cs1> LOL
<cs1> about setting up the security for the server
<cs1> im not entirely clear about this
<p1l0t> Ubuntu is pretty good with being configured by default for security. Just read carefully about the changes you make
<cs1> icic.
<cs1> so i can setup up the server without have to fiddle with the security options>?
<qman__> there aren't any "security options" per se
<cs1> icic.
<cs1> about the monitoring part
<p1l0t> Well it depends what you do. Security options is kind of a vague statement
<qman__> security is not something that you just "turn on", it is a philosophy you follow throughout your system design
<cs1> hrmm
<cs1> ok
<qman__> ubuntu is secure by default, so you only need to worry about the things that you add or configure
<cs1> ok
<qman__> set up a proper firewall preventing internet access to things that should not have it, etc
<electrofreak> what is the server going to be used for?
<cs1> to host ERP system
<cs1> Enterprise Resourcing system
<p1l0t> I wish I knew what that was
<cs1> ermmm
<cs1> http://en.wikipedia.org/wiki/Enterprise_resource_planning
<cs1> here is the lin
<cs1> *link
<cs1> hope it helps
<cs1> how about monitoring part??
<cs1> from the documentation
<cs1> i can see there are 2 ways to go
<cs1> 1 is using Nagios
<cs1> another is Munin
<qman__> Nagios is a good platform
<qman__> I have not used Munin
<qman__> but if you're only monitoring one system, either is overkill
<p1l0t> I am actually working on my own system, but I have much more to learn about MySql
<qman__> they're designed to be full network reporting infrastructures
<cs1> ok
<cs1> File servers
<qman__> for windows clients, samba is king
<qman__> for linux clients, there are lots of options
<cs1> ok.
<electrofreak> nfs is probably the best option for linux clients
<cs1> thats for the DNS right??
 * giovani cringes
<cs1> ic
<qman__> NFS has specific weaknesses
<SpamapS> cs1: Munin is for instrumentation (graphing mostly). Nagios is for alerting.
<cs1> such as??
<qman__> it is wholly insecure without a tightly knit directory service
<SpamapS> cs1: Munin can feed alerts to Nagios
<qman__> if high throughput and performance is not critical, sftp is a great option
<qman__> secure authentication and easy to use linux-to-linux
<cs1> i see
<qman__> there are many more options though, especially if you're looking into distributed file systems
<cs1> i have no idea about file server
<SpamapS> nfsv4 is not insecure
<cs1> ok
<SpamapS> most of the weaknesses in nfs were eliminated w/ v4
<cs1> what other options do i have??
<SpamapS> but its still more complex than samba
<qman__> SpamapS, you still need a directory service to set up per-user access
<qman__> NFS works great in specific situations
<cs1> i see
<qman__> but there are plenty where it is a poor choice too
<SpamapS> qman__: yeah, I really wish people would just standardize on a single LDAP schema and one kerberos implementation so we can stop saying "it depends"
<uvirtbot> New bug: #605719 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.31-1ubuntu2 failed to install/upgrade: subprocess pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/605719
<qman__> Windows can interact with samba directly
<qman__> anything else you choose will require you to install software on windows clients
<cs1> all the computer in the company uses linux
<cs1> but we wanna prepare ourselves just in case we have 1 or 2 windows platform
<qman__> then, your options go way up
<cs1> LOL
<cs1> this is head cracking
<qman__> tons of options with neat features, like AFS
<cs1> what does AFS stands for?
<qman__> there are about as many options are there are keys on your keyboard
<qman__> Andrew File System
<cs1> geez
<SpamapS> Areallyhardtogetrunning File System
<giovani> haha
<SpamapS> at least, it was 6 years ago
<giovani> I suppose if you expect solutions that are out of the box to work well
<SpamapS> My theory is it was a ploy by CMU to encourage people to get advanced degrees trying to understand it.
<giovani> you will be disappointed
<giovani> well, AFS wasn't written by CMU
<qman__> http://en.wikipedia.org/wiki/Category:Network_file_systems
<qman__> just to give you an idea
<cs1> @.@
<cs1> thats alot
<giovani> AFS was an IBM project originally
<cs1> the chat application
<giovani> then became CMU
<cs1> can i add this feature in later on?
<cs1> or its better to perform it while i setup my server
<qman__> I don't know what you mean by "the chat application"
<SpamapS> http://www.itp.uzh.ch/~dpotter/howto/kerberos  <-- NFSv4 + LDAP + Kerberos = pages and pages of fun repetitive steps that could be packaged just like MS packages ActiveDirectory
<electrofreak> cs1 you can setup any thing at any time
<qman__> you can install anything at any time, but be aware that sometimes changing things breaks them, so any changes you make later you will want to perform on a test system first
<cs1> aaahhh
<cs1> ok
<cs1> because im looking at the documentation for ubuntu server
<cs1> there is a part called chat applications
<qman__> SpamapS, that's my biggest feature request for ubuntu server, a tasksel-style ready to go directory setup
<SpamapS> qman__: I believe it was discussed at UDS Maverick
<cs1> guys...what is version control system??
<SpamapS> cs1: wow
<cs1> SpamapS : yes?
<qman__> it is a system to keep track of versions and changes to files
<qman__> mostly used for source code or important documents
<cs1> i see
<SpamapS> cs1: version control is just so vital, I'm surprised that you would ask. I'm sorry, I don't mean to imply anything by that.
<qman__> yes, it's a critical part of the development process of any software
<SpamapS> qman__: Should be used for config info too
<cs1> i see i see.
<SpamapS> FreeBSD figured that out a long time ago.. we're just not figuring it out w/ etckeeper.
<cs1> so its a MUST to have??
<qman__> only if you have something you need to keep track of
<SpamapS> s/development of any software/infrastructure of any company/
<cs1> ok.
<qman__> such as a software project, some important documents, or anything that changes that you need to keep track of
<cs1> i see i see.
<SpamapS> like, say, /etc/apache2/* ;)
<cs1> SpamapS : i ask about it because i have no idea what is it about. =)
<qman__> version control is especially important if you have multiple people working on something
<cs1> aaahhh
<SpamapS> qman__: Its pretty vital to keep track of changes to system configurations IMO.
<KurtKraut> How do I change my server locale?
<cs1> about windows networking
<qman__> if someone deletes something important from a file, you can get it back
<twb> SpamapS: the other really annoying thing about nfsv3/krb/ldap is I don't have a turn-key way to get SSO
<cs1> seems like windows networking is the hardest of all right??
<qman__> integration with windows is handled mostly with samba
<SpamapS> qman__: what if you hae one person.. but that person quits. Its going to be vital to your organization to be able to understand why that person did things.. version control can definitely help untangle messes and timebombs.
<cs1> ok
<SpamapS> cs1: actually setting up samba to talk to windows clients is pretty simple
<cs1> so just install Samba an configure it??
<qman__> file sharing with samba is easy
<qman__> authentication is not
<cs1> ok
<cs1> authentication as in accessing each other file?
<qman__> that is, active directory authentication
<SpamapS> qman__: agreed. it can be.. maddening. ;)
<qman__> user-based file permissions is also fairly simple
<cs1> i see
<cs1> perghhh...information overload on my head now
<SpamapS> cs1: just figure out the next thing you need to do.. leave the rest for after thats done.
<qman__> SpamapS, I can definitely see the value there, I don't really use it myself because I'm pretty much a one-man IT department, even with the jobs I do for other people
<cs1> how about backups??
<qman__> but bringing others into the equation, that would be critical
<qman__> backups have even more options than file sharing
<cs1> Bacula is a software to handle backup?
<SpamapS> qman__: one man IT depts. are actually *more* important to wrap in version control. :)
<SpamapS> cs1: I am a huge fan of Bacula
<cs1> easy to use??
<SpamapS> cs1: depends on your setup.. if you just backup "everything everywhere" .. then its easy because the config file is very simple.
<electrofreak> I'd suggest rsnapshot, too. I've never used bacula, tho
<SpamapS> cs1: if you start trying to get tricky w/ different file sets and agents and policies.. its still not all that "hard" .. but its not point and click. ;)
<cs1> about the networking part
<cs1> we have router and switch on our server
<qman__> most of my backups consist of tar commands in a cron script
<SpamapS> rsnapshot is good for very simple setups. Its kind of like Apple's Time Machine without the pretty graphics. ;)
<cs1> do we still need to configure TCP/IP??
<electrofreak> SpamapS: and it works.
<qman__> cs1, you cannot access network resources if you don't configure TCP/IP
<SpamapS> cs1: I think you may need to think about getting some training.
<electrofreak> SpamapS: please don't compare it to TimeMachine... I hate TM with a passion
<cs1> yeah
<SpamapS> cs1: we can answer questions, but the reason you're feeling overwhelmed is you need a stronger foundation.
<cs1> i seriously need training now
<electrofreak> ubuntu is absolutely a very good "first linux server" tho...
<SpamapS> electrofreak: TM has saved me at least 3 times now.. so I <heart> TimeMachine.
<qman__> if you really want to understand how it works, I suggest starting with a routers & routing course
<qman__> it will give you a strong understanding of what networking really is
<qman__> then move on to the server administration stuff
<SpamapS> cs1: though being forced to learn it all "on the job" can be great training. :)
<cs1> yeah
<electrofreak> but if it's your first encounter with linux... or running a server in general... it will definitely be overwhelming
<cs1> thats what im going through now
<SpamapS> actually I know a kid who started out in IT at 16 racking servers for a hosting company..
<SpamapS> one of the best sysadmins/webdevs I work with now, 5 years later.
<SpamapS> never saw Windows other than on his laptop.
<electrofreak> some people just really have a nac for it
<SpamapS> Yeah, the key is that you like trial and error. :)
<cs1> wow
<cs1> that kid is smart
<qman__> I find the people that know the most and do the best work are the ones who take the time to learn and understand how it works on a basic level
<qman__> don't just memorize commands or "this is how it's done"
<SpamapS> memorization is what you do to get a paycheck
<cs1> LOL
<cs1> agree
<SpamapS> deep understanding comes from a desire to master your domain. :)
<cs1> i see
<cs1> you guys have been great help
<cs1> thank you so much
<electrofreak> this channel is open 24x7!
<twb> You're confusing memorization with deliberately inserting dead-man heisenbugs.
<twb> electrofreak: except bank holidays and the Queen's birthday
<cs1> LOL
<electrofreak> lol
<cs1> ok
<cs1> 1 more question
<cs1> what steps do i have to take in order to setup the server...
<electrofreak> install it you mean?
<cs1> the company will be using the server to host the ERP system
<cs1> yaya
<cs1> install it
<qman__> download the iso, burn to CD
<cs1> ok
<qman__> boot it in the server and follow the on-screen instructions
<electrofreak> well, download and burn the ISO... insert it into the drive, boot up, and follow the step-by-step. installing ubuntu is as easy as it gets.
<cs1> ok
<electrofreak> I do it for fun sometimes.
<cs1> but i mean when configuring the whole server to perform what we want the server to do for us
<qman__> the Ubuntu Server Guide covers most common tasks very well, once it's installed
<electrofreak> https://help.ubuntu.com/10.04/serverguide/C/index.html
<cs1> thanks
<cs1> so before doing it on a server
<cs1> its better to install it on a VM right??
<cs1> to test out everything
<qman__> whether you use a real server or a VM doesn't matter
<cs1> before we migrate to server
<cs1> aahh
<cs1> ic
<qman__> what does matter is that you don't take your business down to do it
<cs1> haha
<qman__> do it in a sandbox, a test system
<cs1> thats crazy
<electrofreak> VM is just easy to play around with things...
<cs1> i see
<qman__> if you have extra hardware to play with, feel free
<cs1> haha
<qman__> if not, a VM is a good way to do it
<cs1> now my brain is hanged
<cs1> LOL!!
<electrofreak> good luck sir!
<cs1> haha
<cs1> thanks
<cs1> im not sir btw..=P
<electrofreak> ooo, opps. my bad
<cs1> haha
<cs1> its ok
<cs1> =)
<cs1> anything else i missed out?
<cs1> in making more out from the server??
<electrofreak> make sure the hardware you put it on is a stable machine...
<electrofreak> not something thats going to catch fire every other day or whatever
<cs1> haha
<cs1> yeah
<cs1> i mean software
<qman__> yeah, don't buy brand new overclocker hardware, or grandma's old computer, get something you can trust
<cs1> what is etckeeper btw??
<qman__> etckeeper is version control for your /etc directory, in other words, your system configuration files
<cs1> so its a must have??
<qman__> highly recommended
<cs1> ok
<cs1> great
<cs1> im still not very clear about the networking thingy
<cs1> maybe like you guys have said
<cs1> i need training
<qman__> networking is the basis on which everything we talked about runs
<qman__> it is essential
<cs1> but by setting up the TCP/IP,it wont affect the switch and router right?
<electrofreak> oh, if the server is just going to be a client behind an existing router/switch setup... then you shouldn't have any problems.
<cs1> what about using the server as a host?
<cs1> will it have problems?
<qman__> no, the networking only gets complicated once you start using the server as a router or firewall
<cs1> haha
<cs1> OK
<qman__> pretty much, you will configure an address for it to use, and leave it alone
<cs1> ok
<cs1> i think thats all for now
<qman__> but an understanding of how it works is very useful when you run into trouble elsewhere
<cs1> now i have to discuss about it to my boss
<qman__> definitely look into a good book or a course on it
<cs1> haha
<cs1> ok
<cs1> will invest in a good book
<qman__> "is my network working" is to system administration as "is it plugged in" is to desktop support
<cs1> haha
<electrofreak> it should be said I guess that out of the box, ubuntu server will get an IP from the DHCP server (your router) and "just work"
<qman__> but if you don't set it static, that will change from time to time causing many headaches
<twb> IMO if you ask for static networking, you probably ACTUALLY want fixed DHCP
<electrofreak> just set the IP to something OUTSIDE of the DHCP range
<twb> That's where downstream is just a dump DHCP client, but upstream (the router) is configured to always and only allocate <IP> to a particular MAC
<qman__> yes, but then your DHCP server becomes a single point of failure
<qman__> fine for less important things, but this server sounds pretty important
<twb> qman__: in static networking, you have TWO points of failure
<twb> qman__: because if the network configuration of either end changes, your network won't
<twb> ...work
<electrofreak> yea, I don't use static assignments on my DHCP server... I just give it a range and then systems that need a static IP, I set a static IP on that system
<twb> For a mission-critical core host like the LDAP/Kerberos server, I might use static networking.
<twb> I certainly wouldn't use static networking for something less important like apache servers.
<qman__> anything that needs to still work when the internet goes down, I use a static IP
<electrofreak> that's a good rule of thumb
<twb> Your DHCP leases are served by the internet?
<qman__> basically, the file server, and the DHCP server
<qman__> a reserved lease is good for just about everything else
<electrofreak> twb, no I think he just means deciding one what needs a static IP...
<twb> It's also worth mentioning that DHCP poisoning can occur on untrusted networks
<electrofreak> all sorts of stuff can happen on untrusted networks ;-)
<twb> Which for something like the auth server, would leave you exposed to MITM
<twb> electrofreak: by "untrusted" I mean things like LANs where you have idiot end users with zombified windows laptops, rather than the conventional stuff like "the internet"
<qman__> I've run into those
<qman__> nasty buggers
<qman__> try to hijack your network with bad DHCP and DNS information
<electrofreak> ha, it's always fun to take all the available DHCP addresses with one machine :-P
<qman__> one windows machine gets infected, starts its own DHCP and DNS, serves other nodes on the network
<qman__> and starts hijacking google searches with malware
<electrofreak> I guess we bored 'em
<yosi> hi all, I'm running 10.04...  but i just did an upgrade.. and now my SSHd dones't work...   when i log on locally, if i turn ListenAddress (to restrict the SSH host addresses) everything works fine,  if it turn it back on, can't connect from any of the listed IPs, but everything worked fine before i did the upgrade...   did they do something to the SSHd in the latest upgrade?
<yosi> anyone, any ideas?
<yosi> error: Bind to port 22 on *.*.*.* failed: Cannot assign requested address.
<yosi> is what i get in my auth log
<jmarsden> yosi: One of the addresses in your ListenAddress line is incorrect, or does not exist on your system, most likely.
<yosi> hmmmm..  well ist s list of 3 external ips... my home and work ip's...    it was working for the last 6 months until i did a apt-get upgrade today
<yosi> could that have changed something?
<yosi> its a list*
<yosi> the next line after that error in my auth log is:
<yosi> fatal: Cannot bind any address.
<jmarsden> Um... ListenAddress is for addresses to *listen* on not for a list of remote addresses!  man sshd_config and read it.
<jmarsden> It says:    ListenAddress             Specifies the local addresses sshd(8) should listen on.
<jmarsden> To restrict where people can ssh in to the server from, use ufw or any other iptables-based packet filter.
<yosi> oh u are right!
<yosi> i mis read it
<yosi> so those are the local address, i guess if u have multiple ips
<yosi> yikes...
<EvilTrek> where are sshd config files stored?
<yosi> so all these months, i guess that feature hasn't been working as inteneded
<jmarsden> EvilTrek: /etc/ssh/
<yosi> is there any way to restict the IPs entering SSH without setting up a firewall...
<EvilTrek> thanks
<yosi> i find ip tables so complicated...
<jmarsden> yosi: ufw is simpler
<yosi> what does ufw stand for?
<yosi> is it as good as iptables?
<EvilTrek> and which line do i edit to deny password auth and allow publickey auth only?
<jmarsden> It uses iptables underneath.  It is just a simple command line interface to it.
<EvilTrek> last time I edited sshd_config was about a year ago xD
<jmarsden> EvilTrek: man sshd_config to read all about it.
<yosi> is it part of ubuntu or do i need to load it?
<EvilTrek> jmarsden:  ty
<jmarsden> yosi: It is part of Ubuntu but you may need to apt-get install ufw , I am not sure if it gets installed by default on Ubuntu Server.
<yosi> thanks...
<yosi> i will try..
<jmarsden> EvilTrek: You probably want PasswordAuthentication No
<yosi> since i need to only restict ssh, is there any facility in SSHd to oly allow connections from a certain host?
<jmarsden> yosi: You're welcome
<EvilTrek> jmarsden:  yeah i found it, already edited, and since its on a VPS, i'm rebooting it now xP
<jmarsden> yosi: I don't think so, but man sshd_config would talk about it if it exists :)
<yosi> thanks
<yosi> will read it nwo
<jmarsden> EvilTrek: There is no need to reboot for that, just restart sshd :)
<EvilTrek> jmarsden:  i also edited a few other things that required a restart for (system updates since i'm lazy at updating)
<cs1> guys
<cs1> i would like to ask whether windows platform users can login into Linux server
<yosi> i figured out i could restrict SSH to certain clinetas using TCP wrappers
<jmarsden> cs1: See /topic and read the Server Guide, especially https://help.ubuntu.com/10.04/serverguide/C/windows-networking.html
<cs1> is LVM necessary during RAID installation??
<twb> LVM and RAID are orthogonal
<cs1> aaahh
<cs1> ok
<cs1> thanks
<SpamapS> cs1: these days, not using lvm is sort of like choosing a car with manual windows/locks/etc. It has a place, but you need a good reason. ;)
<cs1> icic
<twb> Does lucid's upstart still run rcS.d and rc2.d jobs by default?
<SpamapS> twb: it still runs all of rc.
<twb> I *think* so...
<SpamapS> twb: /etc/init/rc.conf
<cs1> about the RAID + LVM...if follow the steps shouldnt be a problem right??
<cs1> because i will start installing the server soon
<cs1> =S
<twb> cs1: md, fake or hardware RAID?
<cs1> whats the difference btwn those 3???=S
<twb> Whether the raid is done by linux, badly by the CPU, or by an expensive dedicated coprocessor
<cs1> i think is done by linux
<SpamapS> cs1: basically, do you have a RAID card, or just some SCSI/SATA/SAS drives?
<cs1> Sata drives
<cs1> not RAID card
<SpamapS> cs1: md then
<cs1> ok
<SpamapS> cs1: md == multi device
<cs1> so i just follow the steps in the RAID guide???
<SpamapS> cs1: its Linux's built in software RAID
<cs1> https://help.ubuntu.com/community/Installation/RAID1%2BLVM
<twb> cs1: if you're using md RAID and LVM, you can set up both at install time using the Ubuntu Server install media.
<cs1> icic
<huats> morning
<AlexC_> morning
<AlexC_> I've got an issue with one of our servers here regarding SSH. We can login just fine, however it is slightly delayed. Looking in /var/log/auth.log we see:    reverse mapping checking getaddrinfo for alex.office.local [192.168.0.4] failed - POSSIBLE BREAK-IN ATTEMPT!
<twb> .local is reserved for MDNS
<AlexC_> doing a 'host 192.168.0.4' comes back with 'alex.office.local' and a 'dig a alex.office.local' comes back with 192.168.0.4
<AlexC_> MDNS?
<twb> zeroconf/bonjour/rendezvous
<twb> You cannot use .local on a 192.168 network.
<AlexC_> hum, I thought that was one of the purposes of it?
<twb> You thought wrong.
<AlexC_> however, if this was the issue - our other server does not result in this error and works just fine
<twb> Well, I didn't say it was the ONLY issue
<twb> Ultimately the problem is that libc (nsswitch.conf) isn't reverse resolving your IP back to the expected hostname.
<AlexC_> what could cause this?
<twb> Er, getting it wrong
<cwillu_at_work> AlexC_, was that host run from the server with the issue?
<twb> You should be using "getent hosts".
<twb> host(1) is not a valid test, because it always and only uses DNS.
<AlexC_> cwillu_at_work: yes
<cwillu_at_work> what twb said
<AlexC_> $ getent hosts 192.168.0.4    192.168.0.4     alex.office.local
<cwillu_at_work> the other server probably isn't configured to resolve mdns hostnames, or it's later in the resolve order (which I think it incorrect, as it ends up putting out a dns request that's guaranteed to fail)
<twb> Yeah; I still think the problem is using .local on the wrong network
<AlexC_> what is advised to use instead of .local?
<twb> IME it gives these kinds of bizarro failures
<twb> AlexC_: I use .lan, because it's the OpenWRT default.
<AlexC_> twb: if it makes any difference, there is a Windows Active Directory server on the network, which was setup before I got here to use '.local'
<twb> Just because it was someone else who fucked up doesn't make it right.
<AlexC_> ok, I'll see about changing to .lan
<ramseyd_> Hi guys
<ramseyd_> quick question:
<ramseyd_> I am trying to get latest version of cherokee web server on my ubuntu 10.04 using apt-get
<ramseyd_> But it keeps giving me this error:
<ramseyd_> W: Failed to fetch http://ppa.launchpad.net/cherokee-webserver/ppa/ubuntu/dists/lucid/main/binary-amd64/Packages.gz  404  Not Found
<ramseyd_> Even though, that link is correct
<ramseyd_> Anyone knows what could be wrong?
<ramseyd_> here is what a wget of that link gives me : http://dpaste.org/sIdK/
<ramseyd_> Someone can answer my question please?
<AlexC_> if I'm not putting users in a chroot, and clients would like SSH access - what sort of things should I do to protect certain files? Is it bad practice to remove read access on some files/directories?
<hallyn> jdstrand: gmorning - i was wondering, were you planning on merging libvirt 0.8.2 soon-ish?
<pmatulis> AlexC_: if these clients are not your own people then i wouldn't allow non-chroot access.  otherwise set up a separate system just for ssh access
<AlexC_> pmatulis: have you got a guide or reference for chroot SSH? Everything I see is very old and contradicts what other guides say
<AlexC_> I can't find any solid or trustworthy resource
<redshirtlinux> Hello everyone, does anyone know a reason why running updates on an Ubuntu 9.04 server might break the servers ability to talk to LDAP?  The server is a hosts a front end via apache and tomcat.  The site is made up of java, php, and html.
<pmatulis> AlexC_: i made some notes about it.  i don't remember it being terribly hard.
<pmatulis> AlexC_: what's stopping you?
<codeshepherd> I find 50 instances of console-kit-daemon running in my server.. . what does it do? Do I really need it? how do I stop it?
<codeshepherd> no one here uses console kit daemon ?
<jmitchell> are there any bind9 ninjas in the house?
<jmitchell> how can i get bind9 to use/allow login's and passwords for dyndns updates to it? I want to copy changeip.com or dyndns.org's type of setup
<jmitchell> i am currently generating keys instead
<smoser> anyone want to help with https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/43574
<uvirtbot> Launchpad bug 43574 in xinetd "Needs Ubuntu-style init script" [Wishlist,Triaged]
<smoser> it just needs sponsoring.
<smoser> branch attached.
 * jmitchell takes a look at the link\
<jdstrand> hallyn: I'm working on updates for libvirt and will do it as part of that
<AlexC_> pmatulis: I guess it's knowing what programs I want them to have access to, the directory structure and generally how to set it up
<D347H-C0D3> Hi gys... I just used debootrap for ubuntu 8.04 on my ubuntu 9.04(hosted on virtual box). When i tried installing xfce desktop on ubuntu 8.04 the folowing error came: http://paste.ubuntu.com/464024/
<pmatulis> AlexC_: well if they need access surely they know what for, no?
<soren> smoser: Does anything take care not to install the init script anymore?
<smoser> soren, yes. dh handles that.
<smoser> theres magic that, and on upgrade, there is magic that replaces /etc/init.d/xinetd with a link to /lib/init/upstart-job
<smoser> s/^theres magic that,//
<soren> smoser: Neat. :)
<hallyn> jdstrand: awesome, thanks
<AlexC_> pmatulis: yes, though I mean the more core gnu utils
<pmatulis> AlexC_: you have to at least provide a shell for them.  i remember having to copy over manually files for even that to work - it's not great
<AlexC_> pmatulis: this is what I don't like, it just seems like one big dirty hack. What happens regarding system updates for files I've copied?
<pmatulis> AlexC_: heh, you ask too many questions
<AlexC_> questions lead to knowledge :P
<pmatulis> AlexC_: and pain
<pmatulis> AlexC_: i can send you my notes if you would like
<AlexC_> that would be great
<AlexC_> thankfully most of our clients will use SFTP, of which chroot is incredibly simple
<pmatulis> AlexC_: dumped notes in a private window
<AlexC_> thanks, I'll read over :)
<sommer> morning all
<freakynl> hi, i'm having quite a bit of issues with ufw (the so called (not so)-uncomplicated firewall). Running ubuntu server 10.04 amd64 with ufw (because apparently that's the only iptables thing actually supported by ubuntu). It's main problem is the default config... who/what decided it would be nice to have a 3 connections per minute by default on *EVERY* connection on a *server*? Point me there, I'll bring the bat :). Anyways, anyone know how to
<pmatulis> freakynl: cool down
<AlexC_> freakynl: shorewall. end of :)
<freakynl> pmatulis: actually I am pretty calm, I just find it extremely hard to believe nobody else runs into it / this is default ufw rules on a *server*. 3 connections / min with a 10 burst is absolutely nothing for a webserver especially if clients don't pipeline
<jdstrand> freakynl: a) shorewall and iptables are both supported. b) only the 'limit' command has a 3 connections per minute default. allow does not
<freakynl> jdstrand: before hitting any allow rules i created with ufw (mainly for 80/443) it hits the ufw-logging-deny chain which blocks it (it goes input -> ufw-before-input -> ufw-logging-deny)
<freakynl> jdstrand: but there's something like iptables-save/restore from init.d then?
<jdstrand> freakynl: actually, I mispoke, the limit command is 6. the '3' you are seeing is for the logging chain, yes
<jdstrand> freakynl: that limit can be adjusted by adjusting your log level in ufw
<jdstrand> freakynl: see the LOGGING section in 'man ufw' for details
<jdstrand> freakynl: but, based on your comment, it sounds like the packets aren't matching your allow rule, which is why it is going to logging-deny (and therefore your default policy) in the first place
<jdstrand> freakynl: as for iptables-restore, see 'man ufw-framework' for details on how things are put together. basically, there is no iptables-save (you use the 'ufw' command or edit files directly) and an iptables-restore action happens on boot (or start/reload)
<Daviey> Is anyone ACK'ing SRU's today?
<Daviey> bah, wrong channel
<freakynl> jdstrand: thanks for the explanation. Actually they do hit allow, otherwise the backup clients wouldn't be able to backup at all and the website wouldn't be accessible. Currently almost all backup clients, depending on what they're doing (ie it occurs when uploading many small files) log 'network connection issues' every 5-10 mins. It then stops backing up for like 5 mins and then tries again. It hits the log/block due to not being allowed by
<Daviey> zul, Are you able to look at bug 313275, soonish?
<uvirtbot> Launchpad bug 313275 in logwatch "logwatch stunnel script doesn't match any stunnel4 log entries" [Low,Triaged] https://launchpad.net/bugs/313275
<zul> Daviey: i could be persuaded yes
<Daviey> zul, R-O-C-K-I-N-G
<Trek> i'm getting a weird issue with things related to something with perl failing.  Pastebin: http://starfleet.pastebin.com/E1uXrcyw
<Trek> any idea how to fix it?
<pmatulis> Trek: did you google for 'perl: warning: Setting locale failed.' ?
<Trek> pmatulis: yah, had issues finding it (slow slow slow internet)
<Daviey> Trek, Let us know if your search engine doesn't help you find a solution, and we'll crack on.
<Trek> standby, since GOOGLE IS TAKING 15 MINUTES TO LOAD
<Trek> grr stupid caps
<Trek> o.o
<Trek> well google found a result...
<Trek> but...
<Trek> i get new issues too o.o
<Trek> standby
<Trek> http://starfleet.pastebin.com/2YMhWT6D
 * Trek thinks his install is borked
<sherr> Trek: Google gets lots of hits for : "Cannot set LC_CTYPE to default locale" +ubuntu
<zul> smoser: ping
<smoser> here
<zul> smoser: im thinking this might help you guys http://people.canonical.com/~chucks/xen-mask-out-xsave-for-hvm-guests.patch
<smoser> jjohansen-afk, ^
<RyanP> I have Ubuntu Server 10.04 setup with LDAP authentication, and am using the LDAP server to authenticate client computers to the server. On the clients, everything works. On the server, I can login fine, but attempting to change the password I get the error: 'passwd: Authentication token manipulation error'
<n0n0x> Has anyone ever used sysbench on ubuntu?
<sherr> RyanP: that LDAP error seems to happen a lot and you will get a lot of hits on Google for it. Might be worth checking there first.
<RyanP> sherr: I spent a bunch of time on Google, and most of the links seemed to just say something like 'This is sometimes something to do with LDAP.' but nothing more helpful than that.
<[diablo]> hi, anyone know a big table database shipping with LTS please?
<binBASH> big table database?
<binBASH> I thought until now only google got BigTable :D
<oru_work> is there any suspicious activity here ? http://www.pastebin.org/397564
<oru_work> whats that ghostscript ?
<sherr> oru_work: why don't you look it up on the web - easy to track down. Why are you asking about "suspicious" activity?
<jjohansen> smoser: yeah that is essentially what I did
<ScottK> kirkland: Is it reasonably safe/possible to convert from unencrypted to encrypted home directory on 10.04?
<hallyn> ScottK: looks like ecryptfs-migrate-home might do it for you.  I'm going to test it right now actually.  You're on maverick?
<ScottK> I have systems on maverick, but the one in question is lucid.
<hallyn> ScottK: ok - i'm testing in a lucid vm then.  I'm curious about it myself, to be able to answer other ppl.  (for myself i prefer hand-mounting ecrytpfs'd subdirs - don't know why - old dogs and all that)
<webPragmatist> anyon here use rsyncd?
 * ScottK prefers it to automagic and reliable to having to think about it.
<hallyn> ScottK: <shrug> it worked perfectly for me.  I created a new temporary user with sudo privs, logged in as him, then did ecryptefs-migrate-home -u hallyn;  did a 'switch user' to hallyn to verify files were ok, 'switch users' back and rm -rf /home/hallyn.<random>
<maek> is there a way to copy the contents of the install dvd and use it for a network based install source?
<hallyn> ScottK: if/when the per-user keyring is honored to deny file reads, i might do all-home encrypted, but as it is, once you log in, any user able to descend your /home/$USER can read all your decrypted files...  so i try to keep encrypted dirs unmounted when possible,
<webPragmatist> ScottK: hey
<n0n0x> is it possible that mutexes got 4~5 times slower on x86_64 compared to x86? At least that's what sybench is telling me.
<webPragmatist> under /etc/default/rsync what's yalls default RSYNC_ENABLE
<webPragmatist> true?
<robbiew> ttx: wanted to get together in Prague to make sure things are in line for 10.04.1...is there anyone in Server focused on this?
<maek> in preseed how do you tell the server to use a different repo to install from other then archive.ubuntu.com or the mirror of said repo?
<robbiew> ttx: just want to be sure I don't leave anyone out
<SuperLag> Any of you guys use Tomcat on Ubuntu Server?
<SuperLag> I've added all the tomcat6-* packages, and edited the tomcat-users.xml file to add the default users who were commented out... but when I try to bring up the Tomcat Manager, I'm still getting an "access denied" message
<SuperLag> *sigh*
<SuperLag> I figured it out. :/
 * SuperLag kicks himself
<ttx> robbiew: that would be zul (and possibly me)
<robbiew> ttx: ack..thnx
<Ast001> Hello after installation of Ubuntu 10.04 server I have got fonts so small that I need microscope to read anything. How can I enlarge that ?
<matt_keys> I'm trying to connect to a remote kvm host via ssh. using just the hostname, I can't log in as root by default so I used username@kvmhost. It prompts for the password and authenticates, but then it closes connection with "File "/usr/share/virt-manager/virtManager/connection.py", line 896, in _try_open None], flags) File "/usr/lib/python2.6/dist-packages/libvirt.py", line 111, in openAuth if ret is None:raise libvirtError('virCon
<Jeeves_> Ast001: Uh, on your monitor?
<Jeeves_> Or via ssh? :)
<Ast001> yes I am unable to configure anything
<Ast001> on monitor
<Jeeves_> Hmm, goed question.
<matt_keys> Ast001: try text mode install?
<Jeeves_> matt_keys: He allready installed
<Jeeves_> and the serverinstaller is textmode :)
<Ast001> I installed ubuntu
<matt_keys> oh... try holding ctrl down and using the scroll wheel
<zul> ttx: are we planning on updating openldap its getting kind of stale in maverick
<Ast001> ok
<Ast001> ctr + mouse wheel changes nothing
<ttx> zul: we should, maybe sync with mathiaz on that
<matt_keys> Ast001: http://ubuntuforums.org/showpost.php?p=4322584&postcount=3
<Ast001> ok thanks
<Ast001> I will try that
<uvirtbot> New bug: #605977 in puppet (main) "emacs puppet-mode not auto loaded in lucid" [Undecided,New] https://launchpad.net/bugs/605977
<RyanP> I have Ubuntu Server 10.04 setup with LDAP authentication, and am using the LDAP server to authenticate client computers to the server. On the clients, everything works. On the server, I can login fine, but attempting to change the password I get the error: 'passwd: Authentication token manipulation error'
<pmatulis> is there a mailing list manager that integrates well with ldap (to hold membership data)?
<ForestBear> hey guys I have a server set up with nginx, I can see it on my own computer by LAN computers (connected to the same router) cannot see it?
<b14ck> Hey all. I'm trying to compile some software that requires the linux source code. I've installed linux-headers-2.6.32-23 linux-image-2.6.32-23-server and linux-source-2.6.32  but they aren't showing up in /usr/src. My question is: How can I force the package manager to 're-install' those packages fresh without removing them and breaking my install?
<sherr> "linux-source" should give you a .tar.bz2 file to extract in /usr/src - are you sure you need it though? Module compilation just needs headers I think.
<pmatulis> he's gone
<sherr> OK, thanks.
<Kream> can anyone recommend a lightweight http webserver with support for http digest authentication?
<pmatulis> Kream: lighttpd
<norbiAnevem> hy guys
<ubuntu_love> can you please help me with some info
<ubuntu_love> i have a domain key
<ubuntu_love> public and private and spf
<ubuntu_love> but yahoo says that domainkey is neutral=it doesn`t exists
<ubuntu_love> it is that possible that dkim-milter doesn`t sign the mail with the domainkey?
<ubuntu_love> or yahoo server is checking that with dig TXT _domainkey?
<ccheney> kirkland, found you don't really need a mirror, approx is good enough :)
<ScottK> ubuntu_love: domainkey and dkim aren't the same thing.
<ubuntu_love> ScottK: could you please check this report: http://pastebin.com/KFXF07hg
<ubuntu_love> it says that the domain key is invalid
<ScottK> ubuntu_love: It says domainkeys neutral (which is due to no signature).  Your mail has a DKIM signature, not a domainkeys signature.
<ScottK> ubuntu_love: Which Ubuntu release are you using?
<ubuntu_love> ScottK: i downloaded the ubuntu server today
<ubuntu_love> the server from i send the mails is a fake centos
<ScottK> Then support for it's off topic here.
<ubuntu_love> ScottK: ok, thank you!
<ScottK> hallyn: Worked great.  Thanks.
<hallyn> ScottK: cool, glad to hear it
<n0n0x> Isn't there any way to check how ECC memories are performing? I mean, how many times ECC saved my server
<effowe> Hi: I'm running Ubuntu Server 10.04 and am trying to learn more about /etc/rc*.d, runtimes, and startup processes. running sysv-rc-conf still shows packages that are no longer installed, can someone point me to a comprehensive guide / tutorial to removing unused startup processes from their runtime directories so that they no longer show up in sysv-rc-conf?
<piov> hi...any iptables helpers here...need help with port based routing
<Kream> anyone here use munin?
<ruben23>  hi guya anyone can recommend cheapest hosted server..?
<MTecknology> !info php5-gd2
<ubottu> Package php5-gd2 does not exist in lucid
<MTecknology> !info php-gd2
<ubottu> Package php-gd2 does not exist in lucid
<guntbert> !info php5-gd | MTecknology
<ubottu> MTecknology: php5-gd (source: php5): GD module for php5. In component main, is optional. Version 5.3.2-1ubuntu4.2 (lucid), package size 33 kB, installed size 152 kB
<MTecknology> guntbert: thanks :)
<guntbert> MTecknology: you're welcome :-)
<Kream> anyone here use munin?
<guntbert> Kream: why don't you ask your real question? (I myself know nothing about munin though)
<MTecknology> Kream: I use nginx, it has some of the same letters. :)
<piov> when i do port based routing (mark..ip route...ip rule...etc), traffic routes fine outbound, but inbound syn/ack packets are not forwarded to the client from the linux firewall?
<piov>  i can see the packets hit the prerouting chain, but they never get to the forward chain
<piov> any ideas?
<piov> problem similar to http://linux.derkeiler.com/Newsgroups/comp.os.linux.networking/2007-09/msg00095.html
<webPragmatist> how hard would it be to retrofit this to ubutun
<webPragmatist> ubuntu*
<webPragmatist> http://www.server-world.info/en/CentOS_5/lsync/1.html
<theacolyte> Am I missing something, or why is escape not letting me enter grub settings (looks like likewise open broke AGAIN - and I can't log in using any username/password combnations)
 * theacolyte needs to get into init 1
<theacolyte> No amount of mashing escape is working
<theacolyte> Eh, nevermind, I'm just going to roll back to 8.04
<theacolyte> 10.04 has been extremely painful
<webPragmatist> how can i make a init.d script start at boot
<qman__> webPragmatist, update-rc.d
<webPragmatist> aww eff LOL
<webPragmatist> well i don't feel as badâ¦ it just uses the start-stop-daemon too â¦ i just created an init.d that was already somewhere on the interweb http://code.google.com/p/lsyncd/source/browse/package/debian/init.d?r=73
<webPragmatist> well
<webPragmatist> that doesn't even seem to specify runtimes?
#ubuntu-server 2010-07-16
<CppIsWeird> so i've got a kernel source and i want to compile and install it. can someone point me to documentation to take me from this point. everything i find so far is sort of confusing.
<cs1> hi guys
<cs1> im having trouble setting up the LDAP server
<cs1> how do i copy the example of the 'backend.example.com.ldif' using terminal??
<cs1> guys
<cs1> anyone there??
<cs1> urgently need some help here
<cs1> hi
<cs1> anyone here?
<cs1> im having troubles how to setup the LDAP server
<cs1> hi
<cs1> anyone here that can help me??
<cs1> im having troubles setting up the LDAP server
<cs1> i dont know how to copy the backend ldip file
<shabbu> Need help: Error in installing ubuntu 9.10 server in virtual machine manager (QEMU). I pasted my error here http://paste.ubuntu.com/464317/
<shabbu> guys help me
<webPragmatist> help me help you
<jmarsden> shabbu: Here is a guess: The message "qemu: could not open disk image /var/lib/libvirt/images/ubuntuserver.img: No such file or directory" means that file is not there, but you asked qemu to use it.  Tell qemu to use an image that exists, and it will probably work better.
<cs1> guys
<webPragmatist> GUYS
<cs1> i need help in setting up LDAP server
<cs1> how to create the ldif file??
<cs1> using the terminal
<cs1> coz according to the guide
<cs1> they ask me to copy the backend files
<cs1> but i have no idea how to do it
<jmarsden> cat >>somefile.whatever
<jmarsden> paste your text in here...
<jmarsden> ctrl-D
<cs1> u mean this text
<cs1> # Load dynamic backend modules
<cs1> dn: cn=module,cn=config
<cs1> objectClass: olcModuleList
<cs1> cn: module
<cs1> olcModulepath: /usr/lib/ldap
<cs1> olcModuleload: back_hdb
<cs1> # Database settings
<cs1> dn: olcDatabase=hdb,cn=config
<jmarsden> I mean whatever text you want in the file
<cs1> objectClass: olcDatabaseConfig
<cs1> objectClass: olcHdbConfig
<cs1> olcDatabase: {1}hdb
<cs1> olcSuffix: dc=example,dc=com
<cs1> olcDbDirectory: /var/lib/ldap
<cs1> olcRootDN: cn=admin,dc=example,dc=com
<cs1> olcRootPW: secret
<cs1> olcDbConfig: set_cachesize 0 2097152 0
<cs1> olcDbConfig: set_lk_max_objects 1500
<jmarsden> No need to paste 5000 lines in here... stop that!
<cs1> olcDbConfig: set_lk_max_locks 1500
<cs1> olcDbConfig: set_lk_max_lockers 1500
<cs1> olcDbIndex: objectClass eq
<cs1> olcLastMod: TRUE
<cs1> olcDbCheckpoint: 512 30
<cs1> olcAccess: to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none
<cs1> olcAccess: to attrs=shadowLastChange by self write by * read
<cs1> olcAccess: to dn.base="" by * read
<cs1> olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read
<cs1> ok
<cs1> sorry
<cs1> im using terminal to create the file
<twb> jmarsden: I just plonked him
 * twb thinks: why doesn't ubottu deal with flooders like the dpkg bot does?
<jmarsden> Maybe it's an attempt to help Ubuntu seem kinder and gentler to newbies??  I don't know.
<shabbu> jmarsden, This kernal requires an x86-64 CPU, but only detected an i686 CPU. Unable to boot - please use a kernel appropriate for your CPU.    this error occurring
<twb> shabbu: so your CPU isn't x86-64 compatible
<jmarsden> twb: Or the virtual CPU he set up isn't...
<twb> Oh, a VM
<jmarsden> shabbu: If your real host PC is 64bit and running a 64bit host OS, then make sure that qemu is told to run a 64bit VM.
<shabbu> twb, I am trying to install in  VM
<twb> qemu-system-x86_64 rather than qemu
<AdamDV1> Why am I getting this?
<AdamDV1> configure: error: C compiler cannot create executables
<qman__> pretty straightforward to me
<qman__> is your build environment set up right? you need to install it
<qman__> build-essential
<twb> AdamDV1: usually it's because your CFLAGS has something like -m32, so you're trying to do a half-assed cross-compile
<twb> Or, as qman says, simply because you forgot to install all of build-essential
<AdamDV1> Yea, it was that.
<AdamDV1> Thanks
<CppIsWeird> just for a sanity check, i ran diff -rqd /dir1 /dir2, and it didnt report anything, this means that those directories are EXACTLY the same byte for byte?
<twb> Is there a standard (or semi-standard) way to set the timezone via DHCP or NTP?
<twb> I have diskless netbooting clients, and rather than hard-coding the timezone in the image, I'd prefer to set it only on the server and have the clients pick the timezone at boot time based on the server's responses.
<FrooFroo_> twb, you can set the timezone as a kernel parameter I'm pretty sure
<enzoplex> Can you change the kmemsize on a virtual environment from the virtualized environment?
<enzoplex> *from within
<kaushal> hi
<kaushal> can someone please guide me about my post on https://lists.ubuntu.com/archives/ubuntu-users/2010-July/223352.html ?
<uvirtbot> New bug: #606163 in dhcp3 (main) "apparmor profile for dhcp3-client is too strict" [Undecided,New] https://launchpad.net/bugs/606163
<Takyoji> When I try to setup a network bridge from eth0 to eth1 using bridge-utils, it typically ends up where I have no internet connectivity at all. And when I do a packet capture, the system is apparently asking for the MAC address of the router every second.
<Takyoji> (whereas the packet capture is conducted after internet connectivity on the system fails to work, after trying to setup a network bridge)
<Takyoji> Any suggestions?
<tydeas> Hello there I can not start mysql service
<tydeas> Any ideas where can i find info for this?
<tydeas> The last 2 days my ubuntu-server fails
<tydeas> a lot.
<tydeas> XServer does not start
<tydeas> mysql does not start
<tydeas> wtf?!
<tydeas> Can somebdoy help on this??? Tell what i suppose to take info about this failure?
<binBASH> check mysql error log
<tydeas> checked nothing
<binBASH> which file did you check?
<binBASH> It's in /var/log/mysql/error.log
<tydeas> yes
<remix_tj> check disk space :-D
<binBASH> yup ;)
<cs1> guys
<cs1> i keep getting error when im doing the OpenLDAP configuration
<cs1> ldapadd : invalid format(line 1) entry = ""
<tydeas> this is the error.log http://pastebin.com/BmDgGy72
<tydeas> I can not understand much though
<tydeas> ps waux returns a mysql entry like
<tydeas> root     14589  0.0  0.0   7620   920 pts/4    S+   13:00   0:00 grep --color=auto mysql
<tydeas> this is why it does not start
<tydeas> ???
<Jeeves_> tydeas: No
<Jeeves_> That's your grep behind ps aux
<tydeas> what?
<tydeas> I see
<Jeeves_> tydeas: I think you ran 'ps uax | grep mysql' ?
<tydeas> yes
<uvirtbot> New bug: #606203 in setserial (main) "Packages install use deprecated option" [Undecided,New] https://launchpad.net/bugs/606203
<Jeeves_> tydeas: The reason that mysql doesn't start can probably be found in /var/log/daemon.log
<tydeas> Jeeves_: i is socket issues
<tydeas> Jeeves_: check please http://pastebin.com/K1faCMAK
<Jeeves_> tydeas: No, you don't have a socket because mysql isn't running
<Jeeves_> what happens if you type 'start mysql'
<tydeas> root@sindos2:~# start mysql
<tydeas> start: Job is already running: mysql
<tydeas> omfg
<binBASH> :)
<tydeas> what is this?
<tydeas> ps -A grep mysql returns nothing
<tydeas> mysql -u root -p does not connect
<tydeas> and now this...
<tydeas> http://pastebin.com/ZBfAzQj6
<tydeas> check this
<binBASH> try
<binBASH> netstat -neap|grep 3306
<binBASH> with apt-get dist-upgrade you can install kept back packets
<tydeas> should i install?
<binBASH> sorry, it updates, it does not install :)
<binBASH> so if you want to keep your system uptodate you should run it
<Jeeves_> tydeas: What does /var/log/daemon.log say?
<tydeas> http://pastebin.com/akmv7iJv
<Jeeves_> tydeas: And after you type 'restart mysql
<Jeeves_> '
<Jeeves_> ?
<ivoks> nothing
<ivoks> daemon isn't started, so it can't print anything :)
<ivoks> check /var/run
<ivoks> if there's mysql pid fiel
<ivoks> file
<Jeeves_> ivoks: Usually the daemon start, prints some errors, and quits :)
<tydeas> no there is not a .pid file there
<tydeas> restart does not work... it makes to much time...
<binBASH> tydeas: what does netstat -neap|grep 3306 tell you?
<tydeas> binBASH: bothing
<Jeeves_> binBASH: ps allready says mysqld isn't running, so the socket won't be in use as well :)
<binBASH> Jeeves_: if it's in use by another program surely does :)
<binBASH> because he pasted something that the socket bind fails......
<Jeeves_> binBASH: Yes, the client fails to connect to the socket of the server
<ivoks> does /var/run/mysqld exist?
<binBASH> Jeeves_: http://pastebin.com/BmDgGy72
<binBASH> This was not a client issue :D
<Jeeves_> Ah, haven't seen that paste before
<Jeeves_> tydeas: What address do you have for bind-address in /etc/mysql/my.cnf ?
<binBASH> maybe the system has dhcp assigned ip address and bind in my.cnf is wrong
<tydeas> now i mysql -u root -p and get wrong passwd
<tydeas> w8
<binBASH> ok, so it's running now, mysqld just used long to shutdown properly :)
<binBASH> maybe heavy query was running.
<Jeeves_> That shouldn't matter
<Jeeves_> But if you're stopping mysqld, the script tries to ping mysqld, IIRC.
<Jeeves_> And if mysqld isn't running, that takes a while
<tola> Hi, when installing a UEC node controller, what are the default firewall settings? Are all ports open or closed by default?
<binBASH> Jeeves_: It would explain at least why the port was in use still :)
<qman__> tola, I assume it's a default accept policy, like a normal ubuntu install, but you can verify by running `sudo iptables -L`
<tola> qman__: thanks
<Shredzp> hello anyone here
<tola> that's odd, why does the Ubuntu 10.04 desktop installer see my Ubuntu 10.03 UEC Node controller root partition as "uknown"?
<tola> I was hoping to resize it and dual boot
<sommer> morning all
<eagles00513875> hey guys where does apache2 specify website encoding?
<eagles00513875> !apache2 | eagles00513875
<eagles00513875> stupid bot
<RoyK> eagles00513875: AddDefaultCharset UTF-8
<RoyK> or something
<eagles00513875> RoyK: ok trying to isolate some encoding issues
<eagles00513875> RoyK: you still there
<eagles00513875> RoyK:
<eagles00513875> do i need to specify in the default type text/plain or text/html\
<RoyK> that's set by mod_mime
<eagles00513875> RoyK: where did you specify the charset then
<eagles00513875> in the apache2.conf file and under what section there
<RoyK> I just set it in the virtualhost
<eagles00513875> RoyK: would you mind pastebining your virtual host setup for me
<_chris_> is it normal to have like 10-15 processes of apache2 running ?
<RoyK> _chris_: yes
<_chris_> okay
<RoyK> _chris_: that is, you can set min/max for mpm-prefork
<RoyK> or whatever mpm you're using
<_chris_> also that one's running as root ?
<RoyK> _chris_: threre's only one running as root, for opening 80/tcp etc
<RoyK> the other processes are children of that
<eagles00513875> ahhh this is frustrating
<eagles00513875> my entire website uses the utf-8 for some reason apanta has screwed up the encoding or something
<RoyK> eagles00513875: http://pastebin.com/cr45FbM5
<eagles00513875> RoyK: what file is that specified in
<RoyK> http://pastebin.com/d86JH2dZ
<RoyK> that one's better
<RoyK> this was /etc/apache2/sites-available/my.domain.com.conf
<RoyK> or similar
<eagles00513875> humm i just have my site in /var/www
<RoyK> but - gotta go now - http://bukta.no/ opening soon :D
<eagles00513875> RoyK: will u be on here this weekend
<RoyK> on and off, but mostly off, this festival is a little more fun than chatting
<RoyK> but then, you disappeared too
<p1l0t> In apache2 for lucid, Can I set the server to serve a different document root for different IP addresses but with the same port?
<Jeeves_> p1l0t: I guess you can with mod_rewrite?
<p1l0t> what about ports.conf?
<Jeeves_> That defines on which ports you want apache to listen
<Jeeves_> Wait, with ip addresses, do you mean clients or servers? :)
<p1l0t> I want to server a different document root to the internal network than the outside world
<p1l0t> But I was hoping to use the same port just on different addys example 8.8.8.8:80 and 10.1.0.1:80 but would that be a problem since its the same port or does it not matter since the ip addresses are different
<Jeeves_> p1l0t: So you have two different IP's on the server, right?
<Jeeves_> Will you use two different hostnames for the sites?
<p1l0t> Oh wait, come to think of it no, lol. because I have a router before the server :P thats why I got confused
<Jeeves_> p1l0t: Ok, so you just want to add a vhost
<Jeeves_> p1l0t: http://www.debuntu.org/2006/02/22/7-virtual-hosting-using-apache-2
<p1l0t> Yeah I will be forced to use two different ports I think
<Jeeves_> https://help.ubuntu.com/8.04/serverguide/C/httpd.html
<p1l0t> Unless I installed a second network card
<Jeeves_> p1l0t: No, you don't
<Jeeves_> http can serve different sites on the same port for ages
<p1l0t> I want to learn these things
<Jeeves_> p1l0t: Than read the links I just gave you :)
<p1l0t> wilco
<p1l0t> Jeeves_: thanks BTW
<Jeeves_> yw
<p1l0t> Although I changed the 8.04 to 10.04 and it still worked ;)
<p1l0t> OH so I could do like admin.mysite.com to a different document root...
<Jeeves_> yes
<p1l0t> excellent
<Italian_Plumber> are there any plans for a 8.04.5?
<ccheney> uec provisioning test install takes 15m39s on my laptop
<ttx> SpamapS: ugent ping
<smoser> woohoo.  http://uec-images.ubuntu.com/maverick/current/ . maverick images 20100716 and newer are registered to grub loaders.
<ttx> smoser++
<zul> smoser: nifty....you get a cookie :)
<MTecknology> trigger_error?
<MTecknology> sorry
<Hilikus> hey guys
<Hilikus>  i'm having problems with mysql. it won't start at boot or if i do sudo service mysql start
<Hilikus> but if i start it manually sudo -u mysql mysqld, it works fine
<Hilikus> init: mysql main process (946) terminated with status 1
<SpamapS> Hilikus: did you read the log file? Maybe it is not configured right.
<Hilikus> it is, i've been using this for a long time
<Hilikus> the one thing that seems to fix it is to bind to the localhost instead of the network ip, but even then. i've had times where it binds to the network address without problem
<Hilikus> like i said, if i start it manually it binds
<Hilikus> so it's not binding that's the problem
<kirkland> jdstrand: ping
<kirkland> jdstrand: the openjdk packages you want me to test are from https://edge.launchpad.net/~ubuntu-mozilla-security/+archive/ppa ?
<SuperLag> SpamapS: read any good books lately? :)
<jdstrand> kirkland: yes
<SpamapS> SuperLag: Drive is awesome. :)
<theacolyte> 8.04 LTS - Likewise open has stopped working at random - trying to login yields "Access denied" - I'm trying to find information and I'm coming up dry
<theacolyte> Honestly not even sure how to troubleshoot (I am 100% confident on the AD end)
<SpamapS> theacolyte: "likewise open" huh?
<theacolyte> yes
<theacolyte> Actually at this point I'm more interested in removing it cleanly
<theacolyte> I've had almost nothing but problems with it in both 8.04 and 10.04
<SpamapS> theacolyte: what is Likewise ?
<SpamapS> theacolyte: I can't tell if that is capitalized because it is a proper name for something, or just the first word of your sentence.
<theacolyte> Are you being serious?
<SpamapS> theacolyte: yes entirely. You joined and said "Likewise open has stopped owrking at random"
<theacolyte> And what does a capital L have to do with the question?
<SpamapS> theacolyte: is Likewise a project, or were you continuing a sentence from a previous conversation?
<theacolyte> http://likewiseopen.org/
<SpamapS> thank you
<theacolyte> It's AD authentication for Ubuntu
<theacolyte> Sorry, I read that totally wrong
<SpamapS> Yeah sometimes its just hard to be clear in short text messages. :)
<theacolyte> I figured out how to fix it at least temporarily which buys me some time to figure out what's happening
<SpamapS> wow, $225/incident for support!
<theacolyte> haha, really? I didn't even get that far
<theacolyte> I'd stick to good ol' ubuntu auth
<SpamapS> yeah I'm no help there, though in the past I've setup winbind+samba to integrate with AD
<theacolyte> hehe, in likewise's defense, it IS a lot easier than winbind +samba
<theacolyte> hehe
<SpamapS> Metroid, the original, was easier than winbind + samba.
<theacolyte> if I remember right, likewise setup was literally one line
<SpamapS> theacolyte: until it didn't work anymore. ;-)
<SpamapS> theacolyte: does the thing have any logs? maybe /var/log/syslog ?
<theacolyte> oh, conviently it looks like doing an upgrade from 8.04 to 10.04 seems to disable it
<SpamapS> doh
<eagles0513875> RoyK: hey
<zul> hggdh: ping
<pmatulis> how can i troubleshoot an upstart job, huh, not starting upon boot?  it runs ok manually
<zul> hggdh: can you nominate 579584 and 603363 for lucid for me?
<hggdh> zul: doing it now
<zul> hggdh: thanks
<hggdh> zul: done
<zul> hggdh, thanks!
<hggdh> zul: I thought you would have had the capability restored by now?
<zul> hggdh: nope :(
<hggdh> weird...
<eagles0513875> jpds: ping
<uvirtbot> New bug: #606368 in excalibur-logkit (main) "Please merge excalibur-logkit 2.0-4 (main) from Debian unstable (main)" [Undecided,Confirmed] https://launchpad.net/bugs/606368
<smoser> pmatulis, you can turn on debugging with upstart
<smoser> my guess is you're waiting for some event that doesn't occur
<smoser> what is your "start on" ?
<smoser> can you post the job ?
<pmatulis> smoser: and where do i find the debug messages?
<smoser> pmatulis, they'll go to the console and to syslog
<smoser> hold on, i'll get how to turn it on
<pmatulis> smoser: i think i may be affected by an existing bug but my test system does not exhibit it
<pmatulis> https://bugs.launchpad.net/ubuntu/+source/autofs/+bug/573919
<uvirtbot> Launchpad bug 573919 in autofs "autofs doesn't work with lucid" [Medium,New]
<smoser> pmatulis, http://paste.ubuntu.com/464624/
<pmatulis> smoser: see last comment in that bug
<pmatulis> or
<pmatulis> https://bugs.launchpad.net/ubuntu/+source/autofs/+bug/511245
<uvirtbot> Launchpad bug 511245 in autofs "portmap is not started during boot process before autofs and hence autofs does not work properly" [Low,Triaged]
<uvirtbot> New bug: #606375 in ipsec-tools (main) "Racoon daemon script is missing a newline" [Undecided,New] https://launchpad.net/bugs/606375
<Xpistos> I don't know where my config file for finch is located. I cann't remember how to find or search for it. Can someone help me jog my memory
<eagles0513875> Xpistos: locate finch then it will list all finch related files
<eagles0513875> Xpistos: configurations are ususally located /etc
<Xpistos> eagles0513875: Thank you brother
<eagles0513875> Xpistos: welcome
<smoser> pmatulis, so heres my guess  as to what is happening.
<smoser> well, hold on.
<smoser> what provides statd ?
<pmatulis> smoser: nfs-common i think
<pmatulis> smoser: so broken system is missing that maybe
<smoser> ok. pmatulis so, it seems to me that
<smoser> - autofs recommends nfs-common so you should get that on install of autofs in lucid
<smoser> - autofs is a sysvinit job
<smoser> - statd is a upstart job
<smoser> that leads to a race condition where the sysvinit job used to run much later in boot, but now, because there are very few sysvinit jobs, it runs very early.
<smoser> the comment there will probably fix the issue, but the real fix is to get autofs to an upstart job so it can properly depend on 'started statd'
<pmatulis> k, i thought autofs was an upstart job
<pmatulis> smoser: what is the easiest way to check?
<pmatulis> smoser: symlink to upstart-job (very non-intuitive)
<pmatulis> ?
<smoser> i was just looking at the source. and azamat definitely suggests its an autofs job
<smoser> but the lucid source has no mention of upstart
<Hav0cStyles> autofs is an upstart
<Hav0cStyles> http://ubuntuupdates.org/packages/show/167397
<smoser> yeah, i'm wrong on that.
<hggdh> zul: there?
<zul> hggdh: yep
<Hav0cStyles> Is there a split right now? it's quiet
<hggdh> zul: have you seen bug 598476?
<uvirtbot> Launchpad bug 598476 in mysql-5.1 "MySQL server fails to load on boot" [Low,Triaged] https://launchpad.net/bugs/598476
<zul> hggdh: yeah ill have another look at it
<Italian_Plumber> are there any plans for a version 8.04.5 ?
<hggdh> zul: thank you. I was going to propose a change, but I am still unsure on how to deal with bzr and LP
<pmatulis> Italian_Plumber: no
<Italian_Plumber> thanks pmatulis
<pmatulis> Italian_Plumber: https://wiki.ubuntu.com/HardyReleaseSchedule
<Italian_Plumber> thanks agian
<webPragmatist> hey guys
<webPragmatist> I am getting the ureadahead error status 4 â¦ how can i get to my fstab to fix this or something? I tried recovery mode and it doesn't work
<webPragmatist> http://ubuntuguide.net/howto-fix-ureadahead-problem-after-upgrading-to-ubuntu-10-04
<webPragmatist> or even how can i disable ureadahead
<pmatulis> webPragmatist: remove package?
<webPragmatist> pmatulis: how i can't even boot heh
<pmatulis> webPragmatist: oh, well boot with a rescue cd
<webPragmatist> whats ureadahead even for
<pmatulis> !info ureadahead
<ubottu> ureadahead (source: ureadahead): Read required files in advance. In component main, is important. Version 0.100.0-4.1 (lucid), package size 23 kB, installed size 148 kB
<pmatulis> webPragmatist: make booting faster
<webPragmatist> hrm
<webPragmatist> seems ridiculous that this would halt boot
<smoser> webPragmatist, fwiw, i dont think that is what is stopping your boot
<webPragmatist> it's an inproperly configured fstab that is stopping my boot but that shouldn't stop my boot
<webPragmatist> if that makes sense
<smoser> ah. ok.
<webPragmatist> it should just not mount the dumb drives
<webPragmatist> and boot
<smoser> well, the way to fix it is to boot rescue cd or usb drive
<smoser> then, for filesystems you dont need to boot, do:
<smoser> nobootwait
<smoser> you want to add that to the 'options'
<webPragmatist> hrm
<smoser> (see man fstab)
<webPragmatist> right
<webPragmatist> so if I add nobootwait ureadahead won't crap out?
<webPragmatist> or rather it fstab won't
<smoser> i think they're unrelated
<webPragmatist> the other issue is I think the disk is drbd so it's not even mountable yet
<webPragmatist> considering they aren't synced
<webPragmatist> smoser: where is nomountwait
<webPragmatist> er nobootwait
<webPragmatist> i looked at man mount and nothing
<smoser> man fstab
<webPragmatist> smoser: it's not in there
<pmatulis> smoser: that snippet of upstart goodness for debugging purposes, where do thos lines go?
<smoser> ah. sorry, pmatulis
<smoser> just put that in a "/etc/init.d/debug-me.conf"
<smoser> or any upstart job really.
<smoser> wait
<smoser> in /etc/init/debug-me.conf
<smoser> also, you can pass on the kernel command line '--verbose' or '--debug'
<smoser> and upstart responds
<smoser> webPragmatist, what is not there ?
<webPragmatist> any reference to v
<webPragmatist> nobootwait
<pmatulis> sommer: do you have any idea what section "Add Persistent Log Entries to Job Definition Files" is talking about on http://upstart.ubuntu.com/wiki/Debugging ?
<smoser> hm..
<smoser> $ dpkg -S /usr/share/man/man5/fstab.5.gz
<smoser> mount: /usr/share/man/man5/fstab.5.gz
<smoser> $ dpkg-query --show mount
<smoser> mount	2.17.2-0ubuntu1
<sommer> pmatulis: seems like it's talking about how to use upstart to save log files
<smoser> $ man fstab | grep noboot
<smoser>        hold up the boot for these; ``nobootwait'' which can be applied to non-
<sommer> pmatulis: do you have a more specific question
<pmatulis> sommer: it's saying by simply creating a file in tmp this is going to help, i don't see how
<smoser> well, you can't really review files in /tmp
<smoser> as next boot they're going to be cleaned
<sommer> right... maybe /var/log would be better
<smoser> you shouldn't put stuff in /tmp that you want to see later.
<smoser> right. or /root or something.
<sommer> maybe /tmp is just an example?
<smoser> well its a bad one :)
<sommer> ya, don't disagree with that :-)
<pmatulis> wow, those nicks are similar
<smoser> webPragmatist, so, if you missed the above my 'man fstab' on lucid definitely does have 'nobootwait'
<webPragmatist> i seeâ¦ i don't ahve access to proper ubuntu mans i guess
<webPragmatist> is there ubuntu mans online
<pmatulis> sommer: i don't get the basic idea, how does one connect upstart to that log file?
<sommer> oh, did I get drug into another conversation? :-)
<pmatulis> i think i messed up
<pmatulis> he he
<smoser> kirkland, what gives, why is this wrong: http://manpages.ubuntu.com/manpages/lucid/man5/fstab.5.html
<sommer> pmatulis: from what I understand you'd just add a redirect to your upstart job:  echo "Debug Message" >> /tmp/upstart
<kirkland> smoser: what's wrong about it?
<sommer> pmatulis: in other word I don't think upstart itself is connected to the file, but the paticular upstart scirpt is
<smoser> well, 'man 5 fstab' for me gives me something from mount, not from loop-aes-utils
<smoser> bummer:
<smoser> $ apt-get install loop-aes-utils
<smoser> ..
<smoser> Adding `diversion of /usr/share/man/man5/fstab.5.gz to /usr/share/man/man5/fstab-orig.5.gz by loop-aes-utils
<smoser> webPragmatist, you may be successful trying 'man fstab-orig'
<smoser> kirkland, how does that determine what package should give a man page ?
<smoser> in the case of a diversion  or conflict
<kirkland> smoser: that manpage was extracted from that deb
<kirkland> smoser: the script crawls through all debs in the archive, and extracts manpages from them
<smoser> yes.
<smoser> and what does it do when 2 debs conflict on a man page, or one dpkg-diverts another
<smoser> 'mount' and 'loop-aes-utils' both provide that man page.  loop-aes-utils diverts 'mount' version
<kirkland> smoser: last write wins
<kirkland> smoser: it just untars the debs, does not install them
<kirkland> smoser: loop-aes-utils was probably updated more recently than mount
<smoser> y. bummer.
<kirkland> smoser: do you have a better suggestion?
<smoser> webPragmatist, http://paste.ubuntu.com/464670/ if you 're still interested
<smoser> i have no better suggestion.
<kirkland> smoser: https://bugs.edge.launchpad.net/ubuntu-manpage-repository/+bugs
<kirkland> smoser: please file a bug, if none of those describe the issue
<kirkland> smoser: it's similar to Bug #544332
<uvirtbot> Launchpad bug 544332 in ubuntu-manpage-repository "man pages not showing up for commands affected by update-alternatives" [Wishlist,Confirmed] https://launchpad.net/bugs/544332
<smoser> yeah
<smoser> i saw that .
<smoser> its similar.
<kirkland> smoser: and Bug #336328
<uvirtbot> Launchpad bug 336328 in ubuntu-manpage-repository "sh links point to bash instead of dash" [Low,Confirmed] https://launchpad.net/bugs/336328
<smoser> fixing either of those would likely fix this
<smoser> i'll just comment in 336328
<ccheney> today's cd image doesn't boot, is that what daviey mentioned earlier about syslinux being broken?
<ccheney> it claims "Unknown keyboard in configuration file"
<bobboau> I'm haveing an issue trying to install on a server, it won't install grub2, it asks me to insert the disk labeled blahblahblahlucidlinxblahblahblah into drive cdrom, I'm installing from a USB cd rom because the server does not have a cd rom in it, and I don't have a spare available
<larsemil> i successfully log on to my iscsi target from the initiator, but still nothing show up in my fdisk -l on the client. why?
<p1l0t> I figured it out :) it's dhclient that keeps changing my ip address on its own
<p1l0t> now if I only knew what was triggering it...
<p1l0t> nothing in the crontab
<p1l0t> WHY I just want my server to stay up all the time
<jiboumans> smoser: ping
<smoser> here
<jiboumans> hey, is it possible to pass commandline options to puppetd using cloud-init?
<smoser> puppetd runs via upstart ?
<jiboumans> smoser: doesn't look like it
<jiboumans> start-stop-daemon
<jiboumans> i'm particularly looking to set debug, verbose & trace
<p1l0t> sudo apt-get remove dhcp3-client hopefully has solved my problem for good
<smoser> looking
<smoser> jiboumans, i'm just reading from the packages for puppet
<smoser> but it looks to me that /etc/init.d/puppetd reads /etc/default/puppet and respsects DAEMON_OPTS
<smoser> you can write that file in a couple different ways.
<jiboumans> smoser: yup.. how do i make cloud-init DTRT in that case? it has it's own puppet: section
<smoser> the easiest is in maverick
<jiboumans> smoser: this is tracking down a bug in lucid unfortunately
<smoser> i dont know that you can configure that with cloud-config (i doubt it)
<smoser> but with cloud-init multi part syuntax you can eiterh write an upstart job that writes that file (and runs before puppetd)
<smoser> or you could write a handler and then trigger the handler
<smoser> the upstart job propbbaly simpler
<smoser> hold on
<jiboumans> smoser: i was also looking for the code that implemented the puppet: directive in cloud-init
<jiboumans> but couldn't find it
<bobboau> oh cool activity, I'm haveing a problem getting a server installed, when it was trying to install grub it gave me an error like it could't find the cd rom during install and not supprizeingly it wouldn't boot  after that, I've managed to get to a grub prompt when the machine boots up, but I have no idea how to go from here
<smoser> in lucid it is in cloudinit/CloudConfig.py
<smoser> to write that defaults file, you can put content in user-data like:
<smoser> http://paste.ubuntu.com/464702/
<bobboau> oh, impotant detail, I'm using a usb cd rom
<chewbranca> hi, I'm running the 10.04 AWS AMI using an EBS volume for the entire root partition, I'm wondering what the best way would be to mount different parts of the filesystem to separate EBS volumes, any ideas?
<jiboumans> smoser: how does that fit with the rest of the userdata? can i just append your snippet to the end of it?
<smoser> i figured that question was coming
<smoser> you need mime multipart
 * jiboumans cringe
<smoser> https://help.ubuntu.com/community/CloudInit
<jiboumans> thanks, i'll go take a look
<smoser> there is a tool linked there 'write-mime-mulitipart' and an example of how to use it
<smoser> jiboumans, i've got to run. i hope that should be enough for you.
<jiboumans> smoser: yeah, i should be able to figure it out
<jiboumans> thanks for the pointers smoser!
<smoser> i tihnk that will get the file written for you
<smoser> you'll want to start your upstart job as early as possible
<smoser> because you have to run before puppet
<smoser> 'filesystem' will probably get you there.
<smoser> 'start on stopped cloud-init' would get you started earlier though.
 * ccheney will be pushing his new uec provisioning rewrite to lp later today
<ccheney> :)
<uvirtbot> New bug: #605252 in qemu-kvm "qemu-kvm fails to build from source on armel" [Low,Fix released] https://launchpad.net/bugs/605252
 * ccheney thinks its done
<ccheney> probably some bugs still there to be fixed but its much better than before :)
<ccheney> has support for mirror selection, partitioning (limited), user account creation in the script now
<therianwork> what do you guys prefer sshfs or nfs?
<Hypnoz> why would doing a sed replace change my symlinks into regular files? http://dpaste.de/OJi5/
<SpamapS> anybody with admin access to the ubuntu-server team on launchpad around?
<SpamapS> Hypnoz: because sed -i creates a new file, then renames it to the old one
<Hypnoz> ahhh
<Hypnoz> interesting
<Hypnoz> so now i have to make a script to check if a file is real or sym, and only apply the sed if it's real?
<SpamapS> Hypnoz: find may be able to solve it
<Hypnoz> so putting an option in find to ignore symlinks, and then doing like a -exec sed...
<SpamapS> yeah somethign like that
<Hypnoz> thats shitty. Those are the little things that surprise me sometimes, that sed has been around for sooooooooooo long, and still no one has but a switch in it to ignore symlinks
<Hypnoz> since it has such a bad affect on symlinks, you'd think someone would have noticed that
<SpamapS> it does one thing well. :)
<Hypnoz> destroy symlinks?
<SpamapS> You start adding crazy features like that and the program becomes a maintenance problem. :)
<ccheney> kirkland, https://code.launchpad.net/~ccheney/uec-provisioning/branch
<Hypnoz> crazy features? and how about we just throw out tac, and turn it into a -r switch on cat?
<Hypnoz> is that craaaaaazy too?
<SpamapS> Hypnoz: the only crazy part is that -i doesn't state clearly that it creates new files and renames over top of them.
 * ccheney bbl, headed to hospital
<therianwork> never a good sign
#ubuntu-server 2010-07-17
<qman__> I'm setting up postfix as an internet mail server, and it's asking me if I want to use procmail for local delivery. What's the difference?
<qman__> I've set up postfix for internal mail plenty of times, but I've never run into this question
<qman__> guessing it's new in lucid
<qman__> also, it's not covered in the server guide
<qman__> they just give a list of answers without the questions
<qman__> and they don't match up with the current state of the debconf questions
<enzoplex> I'm using irssi. Is there a way to remove all of the join/parts ?
<qman__> sorry about that, DNS quit working properly
<pmatulis> enzoplex: yes, but ask in #irssi
<lamont> qman__: you have your debconf priority set lower than you have in the past - the questions haven't changed in a very long time.
<lamont> that is, just hit return and take the default, and you'll see what you would have seen if the debconf priority was higher.
<qman__> lamont, that makes sense, but following the guide precisely gives a different set of questions than the answers given follow
<qman__> this is a fresh install, nothing else getting in the way
<lamont> qman__: that's because normally (and for whoever wrote the guide), the debconf priority was higher, so they didn't see that question and it just got given the default answer without prompting
<lamont> interesting
<lamont> the procmail question only comes up if procmail is installed, but I had thought it was low
<lamont> yeah.  procmail is a low priority question, so unless you've done something to make debconf start asking everything (like an error during the install...), you wouldn't get asked that question
<qman__> I simply did `sudo dpkg-reconfigure postfix` as shown
<qman__> for reference the procmail question comes after the listen addresses and before the mailbox size limit
<lamont> sounds about right from my recollection of writing those questions several years ago
<lamont> so... it's possible that the default for dpkg-reconfigure was changed to be low instead of high, dunno
<lamont> but the postfix debconf questions haven't changed in an eon
<qman__> not a big deal, just thought it might help if the questions were listed as well to avoid that problem
<lamont> might not hurt, esp if the default priority changed
<MTecknology> !info varnish
<ubottu> varnish (source: varnish): a state-of-the-art, high-performance HTTP accelerator. In component universe, is optional. Version 2.1.0-2 (lucid), package size 296 kB, installed size 964 kB
<hggdh> yeah, seems interesting. See the Communications of the ACM, July 2010
<cs1> guys
<cs1> i need help here
<cs1> is there any default LDAP password??
<enav> Hola gente estoy buscando una alternativa al artisteer para editar plantillas de joomla... alguna buena sugerencia???????
<cs1> guys
<cs1> how do i trace my LDAP password??
<cs1> is there anyway i can see the LDAP password??
<netwidget>  hi, new to Ubuntu, installed ubuntu server 10.04 without domain name for local domain.  how do I do this after install?
<joschi> hi, I have a problem with the a dynamic file template in rsyslog. it seems rsyslogd wants to write to the log files in /var/log/%HOSTNAME% before the directory was created.
<joschi> at least in normal mode. in debug mode, it creates the directory just fine.
<joschi> I've posted details about my configuration, the error message and part of the debug output under http://pastie.org/1048389
<joschi> it could be related to Bug #484336 (https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/484336). changing the owner of /var/log to the user 'syslog' works, but I'd rather avoid that
<uvirtbot> Launchpad bug 484336 in rsyslog "/etc/rsyslog.conf permissions incorrect/missing for creation of dynamic files" [Undecided,Confirmed] https://launchpad.net/bugs/484336
<uvirtbot> Launchpad bug 484336 in rsyslog "/etc/rsyslog.conf permissions incorrect/missing for creation of dynamic files" [Undecided,Confirmed]
<tarvid> why does the kernel add to cache when that causes increase in swap used?
<tarvid> is there a way to control how aggressively  memory is cached?
<tarvid> is there a way to reduce total swap?
<joschi> tarvid: you can control that behaviour with sysctl parameter vm.swappiness
<joschi> tarvid: also see https://help.ubuntu.com/community/SwapFaq#What%20is%20swappiness%20and%20how%20do%20I%20change%20it?
<tarvid> thanks - current value is 60
<tarvid> is there such a thing as cachinerr?
<tarvid> is there such a thing as cachiness?
<qman__> tarvid, what are you trying to do, exactly?
<tarvid> avoid terrible situations where swap grows out of control and cached is large
<qman__> the system will never use swap to cache
<qman__> it only uses free memory to cache the disk
<tarvid> there seems to be some "tipping point" where a sudden demand brings the server to its knees
<tarvid> i'd rather not cache than swap
<qman__> caching should not mean swapping, ever
<qman__> it would be fairly pointless to cache the disk in swap, which is just another disk (or often the same disk)
<eventyret> Got some issues with permissions denied when running echo server1.example.com > /etc/hostname
<eventyret> /etc/init.d/hostname restart
<eventyret> :/
<tarvid> root@helen:/usr/sbin# free -m
<tarvid>              total       used       free     shared    buffers     cached
<tarvid> Mem:          3711       2865        845          0        302       1589
<tarvid> -/+ buffers/cache:        973       2737
<tarvid> Swap:        10691        148      10542
<joschi> eventyret: forgot `sudo`?
<eventyret> joschi: naah i used sudo as well though i made a thing here it was hostname.sh start
<eventyret> following this guide http://ubuntuforums.org/showthread.php?t=1197883
<qman__> tarvid, lower your swappiness
<qman__> it will then do less caching to free more memory
<tarvid> like 10?
<joschi> eventyret: you used sudo in the wrong place? ;)
<qman__> yeah, try 10
<joschi> eventyret: `sudo echo foo > bar` for example won't work the you'd expect
<qman__> if it's still swapping unnecessarily, lower further
<eventyret> well
<qman__> of course, you already have more than enough free to hold what's in swap
<eventyret> joschi: this gives me an error as well echo ns1.YOURDOMAINNAMEHERE.com > /etc/hostname
<qman__> which simply means it decided that memory won't be needed any time soon
<joschi> eventyret: yes, of course. /etc/hostname is only writable by root.
<eventyret> Gives me -bash: /etc/hostname: Permission denied
<eventyret> *doh*
<qman__> eventyret, using redirection doesn't quite work with sudo
<eventyret> hehe ^
<qman__> the first part will be root, but the redirection won't be
<eventyret> might be that
<eventyret> its a VPS so :)
<eventyret> but even their guide sucked
<eventyret> so only root can change hostnames and such
<qman__> I just use sudo -i, then do whatever I needed
<eventyret> what is sudo -i ? :)
<qman__> there is probably a way to quote it into a single command but I don't know
<joschi> eventyret: `man sudo`
<qman__> sudo -i invokes a root shell
<eventyret> ahhh ok :)
<eventyret> *shurgs* how to exit manual ><
<eventyret> I know im fresh but i though it was Ctrl X like in nano ><
<eventyret> q :D
<eventyret> worked :P
<tarvid> thanks joschi qman__  it takes a week or so to test but I am monitoring with cacti
<qman__> tarvid, it's far more likely that a memory leak is causing your issue, but that will make it wait longer to swap things
<qman__> also ten gigs of swap is an awful lot
<tarvid> I didn't choose that, it was the default and a lot less would be preferable
<tarvid> is there a safe way to reduce the size of the swap partition?
<qman__> swapoff, resize the partition, swapon
<qman__> but that will just leave that space unused
<tarvid> pretty standard lamp+postfix+mailman installation
<tarvid> got lots of space
<qman__> on systems with plenty of RAM, I generally just don't do swap at all
<tarvid> still on 9.10, php issues with drupal and python issues with google apps
<tarvid> I'll take a look at 10.4.1
<qman__> I'm keeping my desktop on 9.10 for a while, a lot of people had trouble with it, but my upgrade went smooth and I've got it just the way I like it
<tarvid> me too, some issues like transcode
<tarvid> i ran across a NID system that could work on IPtables but I forget what it was
<tarvid> My server gets hammered periodically
<qman__> try the iptables recent module
<qman__> great way to limit the request rate per IP
<tarvid> any tricks to install? prerequisites?
<qman__> I think it's included in the default install for ubuntu
<qman__> a good explanation of how to use it: http://www.debian-administration.org/articles/187
<qman__> the example situation is solved better other ways, but the information there is good anyway
<tarvid> not just ssh, i watched msnbot banging user/register repeatedly the other night in spite of robots.txt and rejections by the server
<qman__> right
<qman__> just change the port specified and the counts and such
<qman__> it works for any type of connection
<tarvid> that means I have to think
<qman__> of course
<qman__> but you only have to think once
<qman__> script it, and be done
<tarvid> I have the Gerald Ford problem and much is floating around in my mind
<tarvid> wherever I left it
<qman__> and yeah, msnbot purposely ignores robots.txt and is especially brutal
<tarvid> looking through the auth log and I have a number of failed attempts on vsftpd
<uvirtbot> New bug: #606630 in vsftpd (main) "package vsftpd 2.2.2-3ubuntu6 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/606630
<eventyret> does this channel cover questions about DNS stuff :)
<eventyret> exit
<gnoob> Hi guys. I have a ubuntu-server with 4 identical disks. 1Tb each. Running RAID5. Each disk has a partition of 6Gb free space before raid-partitions start. sda1 (6Gb) has Ubuntu on it.  I would like to make something substituting RAD1 using dd to clone sda1 to sdb1.
<gnoob> Is this possible?
<gnoob> want the server to keep running from sdb1 if sda fails..   But sending me a e-mail :)
<gnoob> anyone with good advices?  (my first time doing this :))
<gnoob> I would have to set boot priority in bios to sda first and if no sda -> sdb I guess..   BUt afraid dd, and identical partitions (and boot sectors) can mess things up a bit
<gnoob> Raid1 is probably a better option?  but had some problems with grub..   Any suggestions?
<joschi> gnoob: I'd say go with a RAID-1
<ivo_> hi guys I am having a small problem I have soft RAID5 and it meant one of the drives is failed, which is not, because all drives' SMART is ok
<ivo_> I am now rebuilding it
<ivo_> but I should be able to use it
<gnoob> Ok raid1 over sda1 and sdb1 then,  but it will slow down performance a little or not? And grub will need to be installed on sdb also right? :)  Thanks for advice joschi
<ivo_> but It is not avaibe to mount in the disk utility
<ivo_> I tried to mount it manually
<ivo_> but because the array is encrypted I get this:
<ivo_> do mount -o ro /dev/md0 /mnt/tempstore/
<ivo_> mount: unknown filesystem type 'crypto_LUKS'
<ivo_> can you help me how to proceed
<gnoob> I tried raid1 at first,  but had some grub problems..  (but used old disks and IDE over one channel =  slooooow  :p)
<joschi> gnoob: yes, it'll marginally cost performance and yes, you'll have to install grub in each mbr
<ivo_> a link to a manpage will be aso ok
<gnoob> Ok thanks a  lot joschi!!  Ill start getting hands dirty then :)      I will probably return to ask for how the e-mail thing works later :p    want to be noticed when a disk have trouble
<ivo_> I am not new to linux but have used other unix and unix like systems for a very long time
<BeeBuu> anyone help me?
<BeeBuu> i follow the article on https://help.ubuntu.com/community/UEC/CDInstall ,when i do the part 5 of STEP 7, it failed~~~
<uvirtbot> New bug: #566537 in mod-wsgi (universe) "[MIR] mod-wsgi: libapache2-mod-wsgi" [Undecided,Fix committed] https://launchpad.net/bugs/566537
<tdr112> can you get a 32 bit verstion ?
<alison> hello, one of my servers with a gigabit nic keeps connecting and 10 or 100 Mbps, and very occasionally at 1000. Would anyone know why this is??
<alison> oh and its connected to a 1000Mbps port on the switch
<soren> alison: Line noise, maybe.
<soren> alison: bad cable or something.
<mestre> hola
<mestre> me pueden ayudar a configurar el ldap con samba
<mestre> para autenticacion de usuarios?
<mestre> somebody?
<mestre> english or spanish?
<Trixboxer> Hi, one small question regarding UEC, in "MANAGED" mode why to use dhcp server.. I got succeed in "SYSTEM" mode for creating instance but IP assignment is not working correctly.. any pointers ?
<MrPicard> Hi Guys, where could i find the most easiest ftp server to setup?
<MrPicard> The other question i have is, Where is the config file for proftpd?
<remix_tj> /etc/proftpd/proftpd.conf afaik
<MrPicard> Ta remix shall give it a go.
<MrPicard> Ok, i type cd /etc/proftpd but it comes up as having no directory
<MrPicard> any alternative ftp systems?
<MrPicard> when i now connect upto ftpd im given this error.
<MrPicard> Connection attempt failed with "ECONNREFUSED - Connection refused by server".
<uvirtbot> New bug: #606715 in logwatch (main) "Logfile defintions wrong after changes to logfile rotation in Ubuntu Lucid" [Undecided,New] https://launchpad.net/bugs/606715
<uvirtbot> New bug: #594372 in tgt (universe) "MIR: tgt" [Medium,Fix committed] https://launchpad.net/bugs/594372
<Italian_Plumber> at startup, is there a way to cancel a disk check in progress?
<hackeron> hey, does anyone know a way to get 16 audio input channels into one PC? - I dont need a mixer or anything, basic phono/composite or 3.5mm microphone jack will do
<palt> Italian_Plumber: Try pressing c
<cloakable> hackeron: sixteen soundcards?
<cloakable> or there's likely some specialised kit with that many input channels
<hackeron> cloakable: tried 2 creative ones and even that caused stability problems
<ksoviero> What are the differences between the generic kernel and the server kernel?  The FAQ points me here: http://www.ubuntu.com/products/whatisubuntu/serveredition/features/kernel, but it is a 404...
<ksoviero> hello?
<jpds> Hi.
<jpds> The server kernel has less modules built-in I believe.
<ksoviero> Well, for example, I know it has a PAE extension, that allows up to 64GB or RAM in the 32bit version...
<ksoviero> does it have any enhancements for something like asynchronous I/O?
<cwillu_at_work> any slab guru's around?
<cwillu_at_work> trying to troubleshoot an oom that shouldn't be happening
<cwillu_at_work> small allocation is failing even though there's 50+MB of ram free (on an embedded server with 256mb ram)
<cwillu_at_work> slabtop is reporting an insane number of size-2048 slabs, all in use, and the number increase at a rate of about 1 per second
<cwillu_at_work> disconnecting the network cable stops the increase :)
<cwillu_at_work> but I'm trying to figure out how to reclaim the space, if such a thing is possible
<cwillu_at_work> or figure out exactly where the memory is being allocated
<cwillu_at_work> (rmmoding the network driver doesn't reclaim anything)
<soren> cwillu_at_work: Try in #ubuntu-kernel. They're more likely to be able to help.
#ubuntu-server 2010-07-18
<Iraqi> Q" After i installed ubuntu 10 on laptop Dell Vostro 1400 then done but bugs is working freeze? Why ? how can fix it ?
<hyperactivecrond> is it possible for the alternate installer to start an SSH daemon so one can do a remote installation?
<pish> Hi, is it possible to install some kind of "minimal" gnome in a ubuntu server in order to have a lighter desktop than xubuntu?
<MTecknology> pish: why do you want a gui on a server?
<pish> MTecknology, I'd like a "light" desktop server for development purposes in an old machine (P3/512MB)
<MTecknology> pish: oh..
<MTecknology> pish: xfce is lighter than gnome - If you want light then check out openbox
<pish> MTecknology, ok thanks. Which one is the distro for ubuntu+openbox? is it lubuntu(lxde)?
<MTecknology> pish: get the ubuntu alternate cd - install just the Command Line system - I think you press F4 at the boot screen to get that - then aptitude install openbox
<MTecknology> pish: warning though - light does not mean easy to learn :)
<pish> MTecknology, ok, I'll consider that. Thanks for your tips.
<MTecknology> np - enjoy
<MTecknology> pish: btw - openbox is what I use every day
<MTecknology> you might also want openbox-themes, obmenu, and obconf
<pish> MTecknology, in an existing Ubuntu Desktop installation, could I install openbox packages just for testing and then remove them and be back to gnome?
<MTecknology> pish: yup
<MTecknology> pish: aptitude install openbox :)
<pish> MTecknology, great. I'll try it right now. Thanks a lot again.
<s_mark> does anyone know how to limit incomming connections speed based on IP address? e.g. limit each ip max to 1MB/s. Would linux tc do the job, if so how?
<SpamHotel> Anybody else in Prague?
<soren> SpamapS: Oh, I'm sure they didn't evacuate the city because you came. :)
<ivo_> Hi, is there a way to make snapshot on a md volume? and is there a way to run fsck on a mounted filesystem?
<cwillu_at_work> ivo_, depends on the filesystem, but generally no, and md doesn't support snapshots afaik (you need lvm, or a filesystem  that has it built in for that)
<ivo_> :(
<ivo_> damn I should have sticked with opensolaris
<ivo_> how else can I be sure my data is ok
<ivo_> if I have to take my system down
<ivo_> only to fsck the filesystems
<ivo_> this is a lot of downtime
<cwillu_at_work> btrfs has checksumming, and will probably be suitable for cautious production use soon
<cwillu_at_work> fsck generally isn't concerned with data corruption, only metadata corruption though
<SandGorgon> anyone using mysql with a SA-SCSI 10K drive on Ubuntu ? Any performance issues, driver problems, etc ?
<Jeeves_> SandGorgon: I wouldn't expect those problems, actually.
<VeeCount> hiall! Has anyone got an experience run func/certmaster/opensymbolic on Ubuntu Server?
<VeeCount> tried google and lots of other stuff, but nothin seemed to be helpful
<VeeCount> has anyone got hte clue?
<Jeeves_> VeeCount: What's that?
<VeeCount> func stands for Fedora Unified Network Controller
<VeeCount> it's some kinda handy tool to manage lots of nodes on yur lan
<Jeeves_> VeeCount: hmm, never heard of it
<VeeCount> actually the idea was as follows, i've got about a dozen old machines and wanted to make them work as a cluster
<VeeCount> looked into some solutions likkerrighed, cfengine and so on to automate the processes
<VeeCount> recently i've come upon opensymbolic and it seemed to be the solution, but the manuals are very poor
<qman__> VeeCount, have you looked at UEC?
<VeeCount> nope
<VeeCount> what's that?
<qman__> Ubuntu Enterprise Cloud
<qman__> see if it meets your requirements, since it's going to be way easier to install on ubuntu than anything else would be
<VeeCount> oh yes, sure, but the community frightened me saying that this solution is rather heavy
<qman__> well, it depends on what you want to run
<VeeCount> the other issue that i have to keep in mind that the nodes are diskless///
<qman__> UEC works well for VMs from what I gather, but if you just want to run a bunch of threads, might want to go with something more like a beowulf cluster
<VeeCount> thanks qman__ i'll look into that
<qman__> I don't know about any of the tools you listed, but it would certainly be possible to set up a PXE boot image for beowulf cluster nodes
<qman__> I'm guessing those tools are supposed to simplify the process
<VeeCount> yup, i have no trouble setting the pxe-boot
<VeeCount> using nfs and tftp
<qman__> that area is pretty tough to search on, you have to cut through all the buzzwords and advertisements for real info
<VeeCount> the machines are running fine, the thing i want to do is to consume their resources atogether to run a single VM
<qman__> but yeah, it basically comes down to exactly what you want to do
<qman__> a single VM? that's not really possible with anything I know of
<VeeCount> google showed me such an exaple using xen
<VeeCount> but it didn't seem to be very handy
<VeeCount> i've tried out mpich, but the procecces im using are not very good parallelized
<qman__> you can distribute threads pretty easily, but running a VM across multiple machines has a lot of issues, especially regarding network latency
<VeeCount> could you plaese clarify about distributing threads?
<qman__> in a beowulf style cluster, you set up all the nodes to share threads
<qman__> they share an NFS drive and balance processes across the hardware on your cluster
<VeeCount> okay then, what tools should i look into for balancing processes?
<qman__> but any one process can only exist on one machine at a time
<qman__> so if your application doesn't have multiple processes, it won't really give you any advantage
<qman__> it behaves much like a machine with lots of processors in it
<qman__> but with more lag because of the network
<VeeCount> im still working on threading my app, but behaving like a machine with lots of processor is quite suitable
<VeeCount> actually perhaps is the decision im looking for
<VeeCount> still int search for the tools
<qman__> I've been looking but I can't seem to find one that's very ubuntu centric
<qman__> I did a few years ago, but that's not much use now
<VeeCount> if you're still interested, i can point on Kerrighed, but unfortunately it's not very stable
<VeeCount> and the common problem i face is that when a single node crashes the whole process goes down, and no batch query tools are helpful
<qman__> everything that looks promising turns up missing
<qman__> this is the most useful thing I've found so far: http://www.linuxquestions.org/questions/linux-newbie-8/beowulf-cluster-on-ubuntu-10-04-a-818999/#post4029508
<VeeCount> thanks again qman__, i've looked into it, but still it's mpich, at the moment i'm about to try UEC, greatful for your advise
<VeeCount> bye
<qman__> good luck
<VeeCount> hi!
<VeeCount> qman__: I looked into UEC, and they say that Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance bottleneck
<VeeCount> so what do you think will it work on a diskless node?
<discordianfish> hi
<VeeCount> hi, discordianfish
<uvirtbot> New bug: #606898 in postfix (main) "package postfix 2.7.0-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/606898
<discordianfish> i'm glad that i found a ubuntu server install cd but now i wonder: can i use it for network install too? looks like i can't change the package source to network or something like that :/
<discordianfish> i bet this it possible somehow
<pickles> during install of lucid server, the virtual michine task installs KVM, right?
<pickles> not Xen host (dom0)?
<VeeCount> discordianfish: i've come upon http://ubuntu-tutorials.com/2007/10/11/how-to-configure-pxe-network-booting-on-ubuntu-for-network-based-installations/ will it be helpful?
<discordianfish> VeeCount: i just want to use the network as package source. that has nothing to do with pxe booting
<discordianfish> guess than i'll just use debootstrap again
<VeeCount> okay, so has anyone a clue on setting up UEC on diskless nodes
<papertigers> growing my raid +1TB :) oh how I love ubuntu server and mdadm
<ubuntuweaving> hi to all
<ubuntuweaving> im newbie in ubuntu server
<ubuntuweaving> please help
<ubuntuweaving> when i try to browse my website is says access denied
<ubuntuweaving> how to troubleshoot it?
<ubuntuweaving> anyone pls
<ubuntuweaving> anyone pls help me
<ubuntuweaving> buzzzzzzzzzzzzzzzzzzz
<jaypur> how much performance do i get running a game server at ubuntu server instead running at ubuntu client???
<jaypur> because, ubuntu client has to run graphic stuff right?
<zermann> Hi,i have a machine with ubuntu 10.04 server. it has run well for 1 month, then when i reboot it halt just before booting ubuntu. it is not an hardware problem because with a live cd or another version of ubuntu (8.04) all run well. maybe is grub2 that halt the system? do you have any idea?
<zermann> Today i reinstalled ubuntu 10.04, all was right untill i updated the kernel, maybe is thew new kernel? is there a way to know if this is the problem?
<jpds> zermann: Boot into the old kernel?
<zermann> jpds, it halt before grub2 display anything, is it possible that grub2 halt the system ?
<jpds> Unlikely.
<zermann> is there a log from grub2?
<jpds> No.
<jpds> What kind of machinen is it?
<zermann> it is an AMD x2 4000
<zermann> chipset nforce 405
<tapas_> Hi list I am having 2 webservers A--B on B a website is accessible as http://localhost:9090/portal from internet I want that to be accessible on my public domain name as www.mydomain.com/site so on A I have following vhost configuration http://pastebin.com/c1rb2C0r and on B I have following http://pastebin.com/PfZDxyYT
<tapas_> some how HTML is broken
<tapas_> please see if at A ProxyHTMLURlmap I used correctly
<tapas_> I am using Ubuntu 10.04 with KVM
<tapas_> \q
<tapas_> exit
<zermann> hi, it is possible that ubuntu 10.04 server do not boot if system clock is set some hours earlier?
<zermann> One more question, when i log in i get this stat:  Memory usage: 0%  but, if i see 'free -m'  : -/+ buffers/cache: 380  3517. How is this possible?
<pmatulis> zermann: i hope not, why?
<zermann> pmatulis, it is a week that my system halt at boot start
<zermann> but sometime is all ok
<pmatulis> zermann: ok, but why do you mention the clock?
<zermann> because when it doesn't boot i saw the clock 2 hours in the past
<zermann> maybe is a battery problem but, the system do not boot
<pmatulis> zermann: how many times did you see this happening?
<zermann> every two or three days
<zermann> i notice that because in the past two week there as been storm near my house so i had to halt and unplug the system
<zermann> storms
<zermann> sorry for my poor english
<pmatulis> zermann: could set the right time and reboot a few times and then put a bad time, reboot, and see what happens?
<pmatulis> zermann: i hope you are not proven right  :-)
<zermann> pmatulis, i just done that 5 minutes ago, it is not the problem i was wrong.
<Jeeves_Moss> I'm having an issue with sending e-mail through my posfix/dovecot system from my WM5 device.  I can get my mail over TLS, but I get a failure when I try to send.  I've seen losts of posts of the same problem, but no one has seemed to be able to fix it
<pmatulis> Jeeves_Moss: i guess wm5 device does not follow the smtp standards
<Jeeves_Moss> pmatulis, is there a work around?  I REALLY need to be abe to send from my PPC
<pmatulis> Jeeves_Moss: you will need to increase logging level on smtp listener (master.cf) and post some logs
<pmatulis> Jeeves_Moss: when the device tries to send
<Jeeves_Moss> pmatulis, where in the master.cf file do I change the log level?
<pmatulis> Jeeves_Moss: you may actually need to increase verbosity of the tls/sasl component.  are you using saslauthd?
<Jeeves_Moss> I think I am
<pmatulis> Jeeves_Moss: see if you can start it in debug mode (-d maybe)
<pmatulis> Jeeves_Moss: should say in man page
<pmatulis> Jeeves_Moss: you should also determine if you can send w/o TLS
<Jeeves_Moss> ok, one sec.  I just have to finish this phone call
<pmatulis> Jeeves_Moss: maybe it's a more basic problem (SMTP)
<pmatulis> Jeeves_Moss: regardless, the logs should tell you what's up
<SandGorgon> hey.. have you guys ever used the pure-python Lamson mail server ? I was actually hoping someone who had used it - it seems orders of magnitude simpler than anything else
<Jeeves_Moss> pmatulis, ok, sorry, Fiance on the phone.  better not hang up on here or my life is over.  LOL  Bridezilla attacks!
<arrrghhh> hey, does anyone use rtorrent in here?
<metalfan__> hi
<metalfan__> ive got a ubuntu server installation and messed a up dm-crypt experiment, now i cant skip the password question for the drive at boot. its say that i should be able to press S to skip that part, but neither s nor S did work
<metalfan__> its always trying to input a password
<metalfan__> is there a way to boot linux without mounting some partitions?  ive tried "single" but the problem still persists
#ubuntu-server 2011-07-11
<airtonix> so last week, i was happily using gedit to edit files through ssh to a server. today, i do the same, happily enter ssh://servername in the nautilus address bar, it loads i see files, select one and start editing with gedit... much joy
<airtonix> except when i go to shift+ctrl search... it tells me ~/.gvfs/servername does not exist
<twb> airtonix: GUIs are off-topic for this channel.  Try #ubuntu.
<airtonix> i thought it might be a server related issue
<airtonix> since you know... ssh-server is involved
<airtonix> apparentyl ssh-server is not in any way related
<twb> It sounds like a client-side issue
<ntoombs> I have installed LAMP on my ubuntu server and I cannot connect to it on port 80. I have forwarded port 80 and the port check tool I am using says 80 is closed.  I have also forwarded ports 22 and 8080 to ensure that port forwarding is working and it is. I edited the /etc/apache2/ports.conf file to listen to port 8080 as well as port 80. When I ask someone to connect using address:80 they can't see anything. But when I ask so
<ntoombs> generated by my apache2 server. I can connect to everything localy just fine so I know the server itself is working. I have asked my ISP if they block port 80 and they said no. I called my router manufacturer today for 4 long hours to see if they could figure out why port 80 wasn't working and they couldn't solve it.
<ntoombs> So my question would be this... with this information of things I've already tried, how do I get port 80 to work with my LAMP web server?
<twb> ntoombs: pastebin the output of "netstat -nlp"
<ntoombs> http://pastebin.com/ZX2TJFGe
<jmarsden> ntoombs: apache is not listening on port 80 on your server.
<jmarsden> It is listening on port 8080, which probably means you messed with its configuration?
<ntoombs> my  /etc/apache2/ports.conf file has it set to listen to port 80 and port 8080
<jmarsden> Why?  Just    sudo tasksel install lamp-server     # gets you a running apache on port 80.
<ntoombs> because at first port 80 wasn't working so i set it to listen to both ports to make sure apache could actually listen to anything
<jmarsden> How about not trying stuff you don't fully understand, and fixing the real issue instead? :)
<jmarsden> Can you uninstall the lamp setup and start over?
<ntoombs> And i just checked that file and apache2 wasn't listening to port 80
<ntoombs> jmarsden: that's why i'm here
<ntoombs> but i only come here as a last resort
<ntoombs> i like to figure stuff out on my own. can you respect that?
<jmarsden> OK, so uninstall all the LAMP stuff and then do    sudo tasksel install lamp-server
<jmarsden> and nothing else.
<ntoombs> ok
<jmarsden> With a freshly installed, default, unchanged lamp-server installed, you can do   wget -q -O - http://localhost     to see if it is listening on port 80.
<ntoombs> jmarsden: done and the wget command just outputs the contents of the index.html file
<jmarsden> Right, so it is working.
<jmarsden> So now checj your port 80 forwarding and all will be fine.
<ntoombs> it's not
<ntoombs> the port check tool says port 80 is closed
<jmarsden> I have no idea what a port check tool is.  What does      sudo netstat -ntlp | grep :80     output now?  Should be just one line.
<ntoombs> http://pastebin.com/QtHNcdyq
<jmarsden> OK, cool.
<jmarsden> So, this server is on a local LAN, I take it.  Can you browse to it from any other local PC on that LAN and see the index.html contents?
<ntoombs> lan yes wan no
<jmarsden> OK, so then the issue is in the router, not the server.  Are you sure the server is forwarding port 80 to the correct local IP?
<ntoombs> yes everything but port 80 forwarded to that address works
<Delerium_> ISP blocking port 80 ?
<ntoombs> they say no
<ntoombs> but i may call them again to double check
<jmarsden> Then this is no longer a Ubuntu server issue... either the ISP is blocking it and lying about it, or else you made a mistake somewhere in the router config.
<lifeless> serge_: hi
<lifeless> serge_: lxc appears to reset the sudo timeout :)
<lifeless> serge_: I think there is some crossover
<ntoombs> jmarsden: i spent 4 hours today speaking to netgear support and they said the same thing about ubuntu and my isp
<jmarsden> So... sounds like your ISP is lying to you!
<ntoombs> probably
<ntoombs> i'll check
<twb> ntoombs: which ISP?
<ntoombs> windstream
<twb> Dunno them, sorry.
<Delerium_> ntoombs, You can always try to ask on the DSLReports.com : http://www.dslreports.com/forum/windstream
<ntoombs> ok I'll try that.
<ntoombs> are you sure it's not a problem with ubuntu?
<ntoombs> or more specifically the lamp server
<Delerium_> No. I'm not.  But since port 80 is listening, wget is working (like jmarsden says) ... I don't think it's a Ubuntu issue.. especially if you can see the index.html from you LAN
<ntoombs> windstream insists they are not blocking port 80
<twb> IMO most likely your appliance router
<ntoombs> what do you mean?
<twb> ntoombs: OK, the thing between the wall and your Ubuntu server
<twb> ntoombs: is it running Ubuntu, or did you buy a tiny solid-state box from Walmart and just plug it in (hence "appliance")?
<ntoombs> it's a netgear n300 dgn2200 modem router combo that costs $100 so it's not a simple appliance
<ntoombs> but i know what you mean
<twb> In technical terms, that is definitely an appliance
<twb> Except possibly if you reflashed it with openwrt or dd-wrt or whatever
<ntoombs> yea technicaly :p
<ntoombs> i'm too much of a noob with routers to know how to do that
<twb> So: I consider that suspect #1, because it'll be running some random crap firmware
<ntoombs> yup
<ntoombs> most default firmware is crap
<ntoombs> twb: are you still there?
<ntoombs> jmarsden: are you still there?
<jmarsden> ntoombs: Yes.
<ntoombs> yay
<ntoombs> ok so i called netgear again
<ntoombs> finally got someone seemingly competent
<serge_> lifeless: not sure how sudo timeout works.  I assume it's something that will be solved when user namespaces are sufficiently completed to be used in lxc.  (I think I just hit a new milestone on those at git://kernel.ubuntu.com/serge/userns-2.6, but still quite some time before they're ready)
<ntoombs> he still couldn't figure out why port 80 won't work
<twb> ntoombs: hmm?
<ntoombs> every port i open for the server (22 and 8080) works but port 80 doesn't
<twb> ntoombs: you are nmapping from somewhere outside your network?
<ntoombs> no
<twb> Do so
<ntoombs> but i am checking open ports outside my network
<ntoombs> http://www.isup.me/ with my ip address
<ntoombs> and http://www.yougetsignal.com/tools/open-ports/ for open ports
<twb> Well, I don't trust some website's say-so
<twb> I know nmap works
<ntoombs> i've had multiple friends try to connect too
<jmarsden> ntoombs: So... it sounds like nothing has changed, your ISP is still possibly lying to you, or your router is misconfigured.
<ntoombs> jmarsden: it still remains that lamp is the most complicated piece of the puzzle. I've checked with my isp multiple times to make sure port 80 is open and looked on the internet to double check. I've had multiple hour long conversaitons with my router manufacturer to ensure i have configured the router correctly.
<jmarsden> ntoombs: lamp is very well tested.    sudo tasksel install lamp-server    works.
<ChmEarl> ntoombs, give me your IP so I can test
<jmarsden> If you suspect the router, replace it or bypass it.  If you suspect your ISP is lying, get a different ISP.
<ntoombs> ChmEarl: doesn't sound like a very smart thing to do tbh
<jmarsden> ntoombs: If you really think ssh is so much simpler and less buggy than apache, run your openssh server on port 80 and see if you can ssh to it...
<ntoombs> but ssh doesn't use port 80
<ntoombs> and i never said apache was buggy or unsimple
<jmarsden> Huh?  It does it you tell it to!
<twb> ssh uses whatever port you tell it to
<ntoombs> oh my misake sorry
<jmarsden> ntoombs: That's like saying "apache doesn't use port 8080"... well, it doesn't do so by default...
<ChmEarl> ntoombs, you are open on 8080
<ntoombs> i've tried changing apache to port 8080 and it gives me a 404 error
<ChmEarl> ntoombs, http://paste.ubuntu.com/641653/
<ChmEarl> is that you?
<ntoombs> yes
<ntoombs> is port 80 open?
<ChmEarl> no
<ChmEarl> I tried it
<ntoombs> do you know why it might not be open?
<ChmEarl> ntoombs, grep -ir 8080 /etc/apache2/*
<ChmEarl> whereever you see 8080, change it to 80
<ntoombs> http://paste.ubuntu.com/641657/
<ChmEarl> ntoombs, maybe not... nm
<ChmEarl> ntoombs, those are not apache configs
<jmarsden> ChmEarl: That sort of advice is really dangerous...
 * ChmEarl feels the reins pulling on my neck
<ChmEarl> ntoombs, iptables -L -v -t nat    <-- check for a redirect
<ntoombs> http://paste.ubuntu.com/641658/
<jmarsden> ChmEarl: On a freshly installed Ubuntu server... how would that have got there?!
<jmarsden> I'll leave you do it...
<jmarsden> s/do/to/
<ntoombs> lol jmarsden
<ChmEarl> ntoombs, who setup the router? there is a forward/redirect there
<ntoombs> do you have better advice besides get a better isp or router?
<ntoombs> the router changes the ip address to a static local ip based off the mac address
<jmarsden> ntoombs: well, if you knew enough you could hook the server to the public IP, and use *it* as a router to the rest of your LAN... but I'm not walking you through doing that :)
<ntoombs> i couldn't get my server to statically assign a static ip so i had my router do it
<ChmEarl> ntoombs, 100% sure.. your router is open on 8080 and redirects it to a private IP:80
<ntoombs> so how do i fix that?
<jmarsden> ntoombs: You did remove the 8080 forwarding before you added a straight port 80 forwarding rule in the router, right?
<ntoombs> does it matter in which order i forward ports?
<ntoombs> jmarsden: i think i may be missunderstanding what you're asking
<jmarsden> (a) Why  are you still doing things with port 8080, when you actually want port 80; (b) did you clear out all your port forwarding stuff in the router, and then add *only* port 80 forwarding, in all those hours with netgear support?
<ntoombs> no because I didn't know it mattered if other ports were open
<jmarsden> Try it.  You have little to lose.
<ntoombs> ok
<ntoombs> should i power cycle afterwords or is that unnessecary?
<jmarsden> It all depends on the router.  power cycle it if you want.
<ntoombs_> jmarsden: port 80 is still closed
<ntoombs_> port 22 is still open
<jmarsden> Then you left a port 22 forward in the router... I thought you were going to " clear out all your port forwarding stuff in the router, and then add *only* port 80 forwarding"  ??
<ntoombs_> it shouldn't matter
<jmarsden> No, but it suggests you are bad at following directions.  Port 80 forwarding "should" just work, too.
<ntoombs_> yea it should work but to me it's silly to think the reason could be because it's not the only port forwarded on my router
<ntoombs_> i got rid of ever open port on my router except for the ones i need open
<ntoombs_> the fact that both are forwared the same way and only port 80 is closed could mean two things
<ntoombs_> my isp is blocking port 80 which i've alredy confirmed to be false or something is wrong in the configuration of my ubnutu server
<ntoombs_> or more specifically lamp
<ntoombs_> and yes i know lamp should work right out of the box
<ntoombs_> chmearl: what whas this you were 100% sure about earlier?
<jmarsden> OK, you can go on blaming LAMP as long as you like... it won't help.
<twb> jmarsden: just plonk him, you're not going to get anywhere :-/
<ChmEarl> ntoombs_, http://localhost:80  should work as is
<ntoombs_> jmarsden: i'm not trying to blame anything. I just don't see where the problem is
<ChmEarl> telnet localhost 80
<uvirtbot> New bug: #808611 in samba (main) "package samba-common-bin 2:3.4.7~dfsg-1ubuntu3.3 failed to install/upgrade: failed in buffer_write(fd) (10, ret=-1): backend dpkg-deb during `./usr/bin/net.samba3'" [Undecided,New] https://launchpad.net/bugs/808611
 * jmarsden gives up and goes to bed...
<ntoombs_> ChmEarl: Connection closed by foreign host.
<ntoombs_> twb: what do you suggest I try? because i am seriously out of ideas
<twb> ntoombs_: sorry, you've already taken up too much of my/our time.
<ntoombs_> twb: have i annoyed you somehow?
<ChmEarl> ntoombs_, grep 80 /etc/apache2/ports.conf    <--- thats what controls listening port
<ntoombs_> chmearl: it's set to listen to port 80
<ChmEarl> ntoombs_, tail /var/log/apache2/access.log   <--- see my IP hit your server
<ntoombs_> yea i see it
<ntoombs_> well i think i see it
<ntoombs_> i'm not really sure what i'm supposed to look for
<ChmEarl> ntoombs_, normally port 8080 on a router is used for outside config... not as a passthrough to the LAN
<ntoombs_> http://paste.ubuntu.com/641665/
<ChmEarl> ntoombs_, for someone to hit your router on 8080 means they want to config the router from internet
<ntoombs_> i don't have anything going to port 8080 on my router anymore.
<ntoombs_> but port 80 is still closed
<ntoombs_> am i understanding correctly?
<u1035> hi
<u1035> how to check security of ubuntu server
<u1035> is there any tool or script available
<carldoncarl> getting a fd0 read error v.v
<carldoncarl> memtest solve that up?
<jmarsden> u1035: Many.   tiger, openvas, auditd, lynis, and several more.
<twb> #ubuntu-hardened also
<twb> jmarsden: debsums
<twb> Also logcheck, and making sure you actually, you know, receive and READ mail from the system.
<uvirtbot> New bug: #808631 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess new post-removal script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/808631
<airtonix> is it common that ssh-agent won't start on ubuntu server?
<airtonix> trying to add my ssh keys with ssh-add so it tells me 'Could not open a connection to your authentication agent.', so i try to start ssh-agent, which just spews out some stuff that looks like it should be in a .sh file
<joschi> airtonix: yep, that's actually what the output of `ssh-agent` is supposed to be ;)
<airtonix> ok, so it is normal that ssh-add still says 'Could not open a connection to your authentication agent.'
<joschi> just run `ssh-agent` or $(ssh-agent)
<airtonix> bash: SSH_AUTH_SOCK=/tmp/ssh-RwCCmL5827/agent.5827;: No such file or directory
<joschi> airtonix: yes, because you probably didn't set SSH_AGENT_SOCK
<joschi> airtonix: ehm, s/AGENT/AUTH/
<airtonix> well
 * airtonix rages
<airtonix> anything else i need to know ?
<airtonix> because on desktop, i just run ssh-agent and it works.
<joschi> nope, should work out of the box
<airtonix> bah this is broken
<airtonix> i can't set that variable because it keeps changing
<airtonix> ok so you have to
<airtonix> ssh-agent $SHELL
<soren> airtonix: That's the way ssh-agent always worked.
<airtonix> i've never had to do that before
<airtonix> on desktop just had to run ssh-agent in startup applications
<soren> Then someone has done it for you.
<airtonix> yeah well maybe the gnome desktop is just that awesome
<soren> It's not GNOME. it's in the packaging.
<soren> of ssh-agent.
<airtonix> you would ruin my fantasy?
<soren> EVery day.
<airtonix> :<
<airtonix> ok so with that out the way, i need to figure out how to make fabric use my ssh keys
<uvirtbot> New bug: #808653 in postfix (main) "package postfix 2.8.2-1ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/808653
<twb> By default Xsession.d will start an ssh-agent on graphical login
<twb> This is not the case for text logins, but you can ask for it in your .profile or similar.
<twb> Filme at 11
<tyreza> hello i  can't boot my pc this is what i got as error :
<tyreza> http://img593.imageshack.us/img593/8436/lllq.png
<tyreza> what need to do ?
<jMCg> :-/
<soren> zul: You owe Launchpad a couple of bzr revisions (swift 1.4.2~blahblah-ubuntu3 is in the archive, but bzr only has up to -ubuntu2). plz to fix. kthxbai
<smoser> RoAkSoAx, awake?
<Ursinha> bom dia coleguinhas
<acidflash> hello everyone
<acidflash> i have a LVM which should be full to the max,
<RoAkSoAx> smoser: I'm here
<acidflash> i have moved from one computer to another
<acidflash> when i do pvscan, it says the drives are empty, but im sure they are full
<acidflash> is there anyway to create a symlink and mount the lvm ?
<uvirtbot> New bug: #808769 in lm-sensors (universe) "Please sync lm-sesnsors from Debian Unstable." [Undecided,New] https://launchpad.net/bugs/808769
<smb> acidflash, Not sure what you mean with symlink. But what exactly does pvscan say? And what release are we talking about?
<acidflash> ubuntu 10.04 pvscan output >> pvscan
<acidflash>   PV /dev/sdb1   VG Videos   lvm2 [931.51 GiB / 931.51 GiB free]
<acidflash>   PV /dev/sdc1   VG Videos   lvm2 [931.51 GiB / 931.51 GiB free]
<acidflash>   PV /dev/sdd1   VG Videos   lvm2 [931.51 GiB / 931.51 GiB free]
<acidflash>   PV /dev/sdf1   VG Videos   lvm2 [931.51 GiB / 931.51 GiB free]
<acidflash>   PV /dev/sde1   VG Videos   lvm2 [1.36 TiB / 1.36 TiB free]
<acidflash>   Total: 5 [5.00 TiB] / in use: 5 [5.00 TiB] / in no VG: 0 [0   ]
<acidflash> this lvm was full, now its showing up as empty... i mean when i want to mount the vg, shouldnt there be a place where its refered to? ie: /dev/Videos/Videos
<acidflash> or whatever ??
<smb> If the meta-data was read correctly and all, yes. The vg needs to be activated (though that should be done automatically)
<acidflash> how do i activate it?
<smb> So, vgdisplay would also tell you its empty?
<acidflash> 1 min
<smb> sudo vgchange -ay Videos
<acidflash> outside of the lvm ?
<acidflash>   0 logical volume(s) in volume group "Videos" now active
<acidflash> thats what hte result is
<acidflash> i must re-create the lv you think?
<smb> You should not need to
<smb> And it would likely destroy the contents (which you probably do not want either)
<acidflash> no i dont want to do that
<smb> So when you moved the disks. Was that from another computer running 10.04 to this one running 10.04?
<acidflash> its the exact same computer
<acidflash> i just moved it from one case to another (diff motherboard)
<smb> Ah ok
<smb> Could you pastebin the output of "sudo pvscan -vvv" for me?
<acidflash> yes sure
<zul> smoser: damn it
<acidflash> its not fitting in buffer
<acidflash> and >> is only giving me last bit
<smb> Have you tried pastebinit (probably needs install): pvscan -vvv 2>&1|pastebinit
<acidflash> grabbing it
<acidflash> http://pastebin.com/bFkJNSWJ
<smb> acidflash, Hm the only small thing I see is that for the partitions it changes to read with 1K blocksize. But I cannot say whether that is really an error. Just seems different to what I see on my own installation.
<acidflash> aha
<acidflash> i dont think it should effect it though,
<acidflash> ill show you how it was mounted before from fstab, 1 min
<acidflash> #/dev/Videos/Videos /videos     ext4    defaults,barrier=0,data=writeback        0       3
<acidflash> of course without hash
<acidflash> there was a symlink to the lv -> /dev/Videos/Videos
<smb> Apart from that it really thinks there are no LVs defined...
<acidflash> :(
<acidflash> is there any way to teach it of the lv ?
<smb> Did you do any reinstallation or just replace the board and reboot? Just to get my mental image...
<acidflash> no i replaced the board, booted, was having problems with a pci->sata converter that had 2 hdd's on it
<acidflash> so i took it out
<acidflash> then it was saying it couldnt mount the lv
<acidflash> so i just skipped
<acidflash> went into lvm
<acidflash> did a pvremove --removemissing -force to remove the unknown pv's
<acidflash> sorry vgreduce
<acidflash> not pvremove
<acidflash> vgreduce --removemissing -force
<smb> Hm... When I read the description of --removemissing and -force together I wonder whether this might have been the bad thing...
<acidflash> it wouldnt remove the the unknown pv's otherwise
<acidflash> iirc though, even before that it said that the drives were empty
<acidflash> ouch
<acidflash> and you cannot or do not want to remove them  manually,
<acidflash>               you can run this option with --force to have vgreduce remove any partial LVs.
<acidflash> the lv is gone
<acidflash> but the data is still there i think
<smb> It should be. What I am wondering is why it did complain about missing/wrong pvs. Those should get identified by the scan and metadata on them and not by any physical location
<smb> There may (but treat it carefully) be a backup of the configuration in /etc/lvm/backup
<acidflash> yeah you'd think so, but pvname was unknown
<acidflash> aha!
<acidflash> let me check
<acidflash> ok there is..
<acidflash> description = "Created *after* executing 'vgreduce --removemissing --force Videos'" <-- no good i think
<smb> No :/ Does not sound too good... before would be better...
<acidflash> hehe yeah
<acidflash> 5 Tb's of videos :(
<acidflash> there must be a way to manually recreate the lv, because the data is still there without doubt
<acidflash> even if the lv says otherwise
<smb> You may try to re-create the lv. The problem is that you would need to get the order of used PVs right. Nothing that feels like one wants to do it without have the current status of everything backed up before...
<ppetraki> smb, acidflash, LVM keeps backup copies of the metadata in /etc after every operation. /etc/lvm/backup
<ppetraki> smb, acidflash, if you find a decent one, pre vgreduce, you can do a "restore" with it, and get your LVs back
<acidflash> ppetraki: we saw the meta data after the command was executed, im not sure its too beneficial
<smb> ppetraki, There seems only to be one and that was done *after* the operation...
<smb> acidflash, has that backup sections in it describing lv's (maybe it has even when saying it did it after the command)
<ppetraki> acidflash, smb, normally if makes a copy after each volatile lv operation, like lvcreate...
<acidflash> http://pastebin.com/exD9QWmv
<acidflash> thats the backup, you will be better judges if it helps or not
<smb> Yeah, think it did what it was saying. There is only pv information in there
<ppetraki> acidflash, :(
<acidflash> i came across a blog, but im not quite understand what the guy did..
<acidflash> http://blog.adamsbros.org/2009/05/30/recover-lvm-volume-groups-and-logical-volumes-without-backups/
<smb> acidflash, wait
<acidflash> ok
<smb> Maybe there is hope
<smb> There could be /etc/lvm/archive
<smb> with backups
<acidflash> there is stuff in here
<acidflash> FOUND ONE
<ppetraki> I was wondering if it kept multiple superblocks
<acidflash> !!!
<acidflash> before the extend tooo
<smb> acidflash, So what you want is the file with the highest index number that still has logical volumes int there
<acidflash> http://pastebin.com/xQmP8m75
<acidflash> that one was after adding the 2 pv's but before the extend
<acidflash> should i go one before?
<acidflash> ok now how do i use those backups, i found one before i extended the vg
<acidflash> thank god for auto-backups :D
<smb> Hm, probably you want the one that had the same (number) of PVs in it which are now present... But then you say you added two volumes and then extended the vg. Also extended the lv to be bigger?
<acidflash> smb: I found a backup before the extending
<acidflash> smb: the same hdd's are present now that were present before the extended but after the pvcreating
<ppetraki> acidflash, smb, do we know for sure that the extend succeeded?
<acidflash> ppetraki: yes it had worked, this was 3-4 days ago, before the board fried and the move today
<acidflash> ppetraki: i had added 3.4 Tb of data to the LVM with the extend (2 x 2TB Hdd's)
<acidflash> it worked alright
<smb> acidflash, Hm, but that was then using the same LV right?
<ppetraki> acidflash, so at this point, you can't make it much worse, get copies of all the sequences off that machine, and then you can start experiementing with restoring the boundaries
<acidflash> smb: yes it was using the same LV
<acidflash> ppetraki: its the same machine, just diff board, even same hdd sequence as before.. put them in same sata ports (numbering wise)
<smb> So the filesystem was extended as well and using the two drives...
<acidflash> Smb: yes I extended the filesystem after the vgextend
<ppetraki> smb, that's how he'll know if he got the boundaries right, fsck won't explode due to missing inodes :)
<smb> ppetraki, Well I think to get it recovered there need to be all the drives present. Because all of them were part of the fs
<ppetraki> smb, yes
<serge_afk> fwiw, my net link is horribly unreliable right now (after some storms went through)
<acidflash> smb: all the hdd's that were on the fs or all of them that were on the lv ? because if only the ones that were on the lv, they are all present
<smb> acidflash, So you need to get into a state where you have all 7 drives accessible, then you should restore the backup before the removal
<acidflash> smb: couldnt i do a restore before the addition of the pv's to the vg?
<acidflash> i have a back up of that state
<ppetraki> acidflash, your filesystem would be upset with you, since you've already extended it
<acidflash> ppetraki: I could probably reduce it i think??
<ppetraki> acidflash, what's your goal here? you've got everything you need to put things back as they were. You were the victim of an LVM bug, not an FS bug
<acidflash> ppetraki: i am unable to get the otehr 2 hdds to function properly because they were installed with a pci->sata converter that is buggy, its causing problems and not working half of the time
<smb> acidflash, only if you have the LV ok and only if the data on it could fit into the remaining drivers. But since you extended the LV and with it the fs, all the files are spread over all PVs and you want to get back to that state
<smb> acidflash, You may use any connection method you can (like external usb connections
<acidflash> i think ill try that,
<ppetraki> acidflash, there you go
<acidflash> ok so is there an article or guide i can follow to do the recovery process?
<ppetraki> acidflash, it's just vgrestore and a solid understand of the LVM components
<smb> ... and a lot of sweat...
<ppetraki> yeah
<acidflash> hehehe
<acidflash> ok let me grab some usb to sata converters and give this a try
<ppetraki> maybe next time you'll consider backing your LVM with a fault tolerant volume, like a RAID 5/6 MD
 * acidflash crosses fingers
<acidflash> thanks for all the help guys, you were extremely helpful
<Umren> ,
<soren> zul: Did you see my comment earlier today?
<zul> soren: yeah i thought it was smoser who said it
<zul> soren: ill fix it up
<soren> Cool, ta.
<soren> zul: Like now?
<zul> soren: yes lemme finish what im working on
<soren> Cool.
<soren> Let me know if it's going to be more than 20 minutes.
 * soren is on a tight schedule today.
<zul> soren: wait fix it in the bzr branch or in the archive?
<Daviey> soren: Are you in London on Wed?
<soren> zul: It's in the archive!
<soren> Daviey: I'm not, no.
<soren> zul: As per my comment earlier: "(swift 1.4.2~blahblah-ubuntu3 is in the archive, but bzr only has up to -ubuntu2)"
<jamespage> does anyone know if squid 2.7 had IPv6 support?
<jamespage> /had/has/ :-)
<Daviey> jamespage: let me google that for you :)
<Daviey> jamespage: you need 3.1 or later.
<jamespage> I don't think it has - just want to make sure I'm not missing something obvious
<jamespage> yeah - thats what I thought
<Daviey> http://wiki.squid-cache.org/Features/IPv6
<jamespage> hmm - so does that make our choice and squid-deb-proxy (which uses squid not squid3) in orchestra good?
<soren> zul: ?!?
<soren> zul: Er... that's not what I meant at all.
<zul> soren: take it...im really busy here as well
<soren> zul: Ok, I'll take it from here. Don' touch anything :)
<Daviey> jamespage: perhaps not.. we should get lifeless's PoV on this.
<jamespage> Daviey: I kinda assumed it did but just found out otherwise...
<hggdh> smoser: got a question on a ec2 image update for Lucid -- available?
<smoser> sure
<smoser> hggdh,
<hggdh> smoser: http://pastebin.ubuntu.com/641989/ mostly between lines 143 and 212
<smoser> hggdh, ignore
<smoser> ie, ignore "/usr/sbin/grub-probe: error: cannot find a GRUB drive for /dev/sda1.  Check your device.map."
<hggdh> smoser: I am deeply in debt, etc, etc :-) Thank you
<smoser> its there because grub2 doesn't really like xen/ec2
<smoser> but we have grub2 installed in the images a.) i think because it gets pulled in by ubuntu-server seed, and b.) because it is used in UEC boot
<soren> Daviey: Have you guys started an agenda wiki page for the sprint?
<Daviey> soren: not yet..
<soren> Daviey: Ok.
<hggdh> smoser: perfect -- I thought we were cool, but I wanted to be sure
<smoser> soren, etherpad, please.
<smoser> othe rthan i dont know how much backup we have on that, i prefer it to wiki
<soren> smoser: You youngsters and your newfangled tools.
<smoser> soren, i'd be just as happy if you started a text doc, and bzr pushed it
<soren> Etherpad is fine.
<soren> http://etherpad.ubuntu.com/OpenstackUbuntuSprint
<soren> ttx, mtaylor: ^ btw
<ttx> soren: on it
<soren> ttx: Ta.
<amero> what is the timer frequency of stock kernel in ubuntu server? can anyone that find that out for me? i dont have access to ubuntu server right now
<amero> $ cat /boot/config-`uname -r` | grep HZ
<hggdh> zul, adam_g: can I use two machines from the UEC test rig?
<adam_g> hggdh: go for it
<hggdh> adam_g: thank you. I am taking (for the day) sapodilla and soncoya
<adam_g> k
<roasted_> anybody here use likewise open by chance?
<uvirtbot> New bug: #808939 in autofs5 (main) "autofs has undocumented dependency on smbfs" [Undecided,New] https://launchpad.net/bugs/808939
<syadnom2> [{disclaimer, also posted in #ubuntu-cloud }] hi all. anyone able to chat with me about the differences between the ubuntu cloud an something like vmware or xenserver?
<b0nghitter> i hope someday ubuntu can work with adobe so that flash media server is supported on ubuntu server.
<b0nghitter> it installs fine, just needs some tweaking in the init scripts
<b0nghitter> currently they only oficially support centos and rhel :[
<RoAkSoAx> SpamapS: ping
<aljosa> anybody knows why in 11.04 when i enter $PWD<tab> i get \$PWD in bash? how can i make it expand $PWD normally?
<zul> back later
<mintacious21> can someone tell me how to free up space on usb drive
<mintacious21> for to be able to use 4.1 GB or more for installing iso
<patdk-lap> delete files, empty trash
<mintacious21> i did
<patdk-lap> then what is the issue?
<mintacious21> my usb information says thatthere is only 3.75 GB free and there is nothing onit!
<patdk-lap> yep
<mintacious21> do i compress iso or something/
<patdk-lap> normally you can only access 90% of rated capacity
<patdk-lap> doubt anything is going read a compressed iso
<patdk-lap> if you have to fit a 4.1gig iso, you need a 8gig usb stick
<mintacious21> darn is there any way i can get a copy protected iso from a linux company that will be able to copy it to usb
<mintacious21> or something
<patdk-lap> what exactly is a linux company?
<patdk-lap> and I didn't know open source made copy protected iso's
<mintacious21> linux distribution i meant
<mintacious21> yeah you can buy them from their website
<patdk-lap> heh?
<patdk-lap> rhel, centos, ubuntu, debian, freebsd, none of them come with copy protection
<Harzilein> hi
<mintacious21> they are put on a disc but i want to figure out how to be aqble to copy linux based iso to usb
<Harzilein> looks like the people who maintain our production server only _upgraded_ (w/o dist-upgrade) from hardy to lucid. i can't really change that right now, but i need to install an upstart 0.3 config for cron. as upstart 0.3 would not be able to determine the pid of forked/daemonized jobs i'm considering running cron -f. do you think this should work? (http://paste.debian.net/122594/) (without making upstart block or something, i fear i need to read th
<mintacious21> it doesnt even show up as a file in unetbootin
<mintacious21> or anything
<patdk-lap> harzilein, upgrade/dist-upgrade won't upgrade form hardy to lucid at all
<oCean> mintacious21: show us
<mintacious21> how?
<oCean> show us what you are talking about
<mintacious21> i downloaded the iso from linuxmint .com and it wont even show up in unetbootin
 * Pici wonders what this has to do with Ubuntu Server
<mintacious21> do i have to extr4act it first?
<ppetraki> Pici, nothing at all
<mintacious21> just help me okay ubuntu is a type of linux so it wont hurt you guys
<mintacious21> i dont have debian
<mintacious21> ihave linux ubuntu
<mintacious21> and plus nobody is on #linuxmint
<mintacious21> they never are
<mintacious21> they dont seem to listen like you guys do
<Pici> mintacious21: This channel is for support for the server release of Ubuntu. If anything, #ubuntu would be the place to ask about running unetbootin. Just because you are banned from there doesn't mean that you can ask off-topic questions in our other channels.
<mintacious21> what are you talking about?
<mintacious21> im trying to get help
<Pici> Are you running Ubuntu Server?
<mintacious21> yes
<mintacious21> i have ubuntu right now
<mintacious21> it is my default se3rver
<Pici> mintacious21: Sorry, then.
<Pici> mintacious21: How big is your usb drive?
<mintacious21> 4.GB
<nealmcb_> Any AppArmor gurus here?  There is an interesting question at the IT Security StackExchange site about MAC.  I tried to provide some Ubuntu AppArmor input, but would love your insights.  http://security.stackexchange.com/questions/5134/453
<nealmcb_> "What is preventing the widespread common use of MAC-type systems?"
<mintacious21> 4.0 GB
<Pici> mintacious21: Well if it claims it needs 4.1G, I don't think you can fit that on a 4.0G drive.
<mintacious21> no it says i only have 3.75
<mintacious21> GB
<mintacious21> and the iso is 3.8 GB
<ppetraki> mintacious21, well, sure, that's its formatted capacity, and is true everywhere, harddisks included
<Harzilein> <patdk-lap> harzilein, upgrade/dist-upgrade won't upgrade form hardy to lucid at all
<Pici> mintacious21: Do you need any files on there? check out what your favortite partitioning tool says about the partitions on the usb, maybe you aren't seeing all you should see.
<ppetraki> mintacious21, so either, don't use a filesystem or find a different way to boot from USB.
<Harzilein> patdk-lap: i don't know what they did. maybe they tried to downgrade to hardy then. anyway, i'm stuck with upstart 0.3 and it'd help if i knew i can expect my cron config to work...
<mintacious21> huh thats weird everything seems to be mounted correctly now
<utlemming> mintacious21: please check with your device manufacter's definition of what a GB is. Many USB devices define a GB as 1000000000 bytes, while OS's like Linux define it as 1073741824 bytes. So the differential that you're seeing likely the result of a manufacturer that is giving you the short definition of a GB.
<mintacious21> it says 1/4 of a trillion
<mintacious21> 250,059,350,016
<patdk-lap> utlemming, also, formatting it uses up space, the partition table, ...
<ppetraki> we don't even support this usb tool he's using to copy the iso, it appears to require knowledge of the distro he's trying to burn: http://unetbootin.sourceforge.net/
<mintacious21> so what does that mean?
<mintacious21> hello?
<ppetraki> mintacious21, it means, we don't know enough about the tool you're using to help you
<mintacious21> you mean the usb drive
<mintacious21> it is a kingston
<mintacious21> 4GB usb drive
<ppetraki> nope, back in your initial post, you stated unetbootin can't see the file, and if that's true, it doesn't matter how much space you have
<mintacious21> what do you mean?
<ppetraki> "<mintacious21> i downloaded the iso from linuxmint .com and it wont even show up in unetbootin"
<ppetraki> you tell me
<mintacious21> i told you
<mintacious21> so
<mintacious21> it must be formatted differently
<mintacious21> or somrething
<mintacious21> i think i know why
<ppetraki> mintacious21, well, you can start helping yourself by reading the unetbootin docs and figure out what it's looking for
<mintacious21> the unetbootin is out od date
<mintacious21> it only supports up to linux mint 10.10
<oCean> what download at linuxmint is of that size? Even the dvd is 864MB
<mintacious21> isnt something
 * patdk-lap also wonders what download could be *copy protected*
<mintacious21> isnt that something
<mintacious21> hey i have an idea how if i download linux mint 10.10 and upgrade it
<mintacious21> to linux mint 11
<mintacious21> would that work?
<mintacious21> ?
<oCean> now that's a question for a mint channel
<mintacious21> ok thanks for your help i just figured out how
<mintacious21> yes!!
<RoAkSoAx> serge_afk: by any chance have you experienced that VM's on br0 cannot obtain IP from a DHCP server?
<uvirtbot> New bug: #809046 in apache2 (main) "Apache Server Dumpos Frequently - "*** glibc detected *** /usr/sbin/apache2: double free or corruption" " [Undecided,New] https://launchpad.net/bugs/809046
<serge_afk> oops, i'm not afk!
<serge_afk> RoAkSoAx: no, i haven't.  do you mean dhcp server which is not on host?
<serge_afk> RoAkSoAx: if so, i suspect br0 needs stp on?
<RoAkSoAx> serge_afk: correctbut was working until today
<serge_afk> shouldn't have been?
<serge_afk> RoAkSoAx: best way imo to look into it is to test it with a veth tunnel (without kvm)
<serge_afk> RoAkSoAx: other possibilities include that /proc/sys/net/ipv4/ip_forward isn't set now, or that iptablnat iptalbes rules aren't set...
<serge_afk> i see, 'serge' is taken
<RoAkSoAx> serge_afk: it was working until today's upgrades.. so something might have been messed up
<RoAkSoAx> but will look at it
<RoAkSoAx> thanks
<RoAkSoAx> cause is not even giving IUP address to the VM's when using virbr0
<serge_afk> huh
<serge_afk> how is br0 set up?
<serge_afk> is eth0 on it?
<RoAkSoAx> serge_afk: yes
<RoAkSoAx> serge_afk: as I said, everything was working until I upgraded today
<serge_afk> yes, everything was working, i'm just wondering what could've changed and therefore what yoru setup is :)
<serge_afk> but ok, lemme know when you find out.  interesting.
<RoAkSoAx> serge_afk: just tested with natty
<RoAkSoAx> and everything is fine
<RoAkSoAx> so it is not my router's fault
<RoAkSoAx> serge_afk: might it be because of udev or related?
<serge_afk> s'possible.  could also be kernel
<RoAkSoAx> serge_afk: i think might be udev or related as I ended up not having mouse/keyboard for a while until got it fixed
<serge_afk> RoAkSoAx: can you grab an older kernel, dpkg -i it, (maybe from your /var/cache/apt/archives), and test that?
<serge_afk> hm
<serge_afk> might check on #ubuntu-devel :)
<RoAkSoAx> serge_afk: heh.. yeah will do that I guess
<RoAkSoAx> anyways
<ntoombs_> Hi. I'm having problems forwarding port 80 to my server for LAMP. I have talked to my isp to make sure they are not blocking it and they confermed they are not. I have sucessfully forwarded port 22 to my server in the same way I have forwarded port 80. Does anyone know of a reason why port 80 wouldn't allow incoming connections like this after talking these mentioned steps?
<warzauwynn> ntoombs_: try iptables -L and see if something in there is blocking 80
<ntoombs_> warzauwynn: everything is ACCEPT
#ubuntu-server 2011-07-12
<TheEvilPhoenix> ntoombs_:  is the web server running?
<TheEvilPhoenix> i.e. the apache part
<ntoombs_> TheEvilPhoenix: Yes I can access it just fine localy
<TheEvilPhoenix> and is it binding to *:80?
<TheEvilPhoenix> just to make sure that its reading outside connections
<ntoombs_> http://pastebin.com/Rzyukbit
<TheEvilPhoenix> ntoombs_:  can I /query ya for a sec
<ntoombs_> yes
<ntoombs> Hi. I'm having problems opeing port 80 for my LAMP server. I have opened port 22 sucessfully for an ssh connection the same way I opened port 80 however, port 80 still remains closed. I have called my ISP multiple times to see if they are not blocking it and they confermed that they are not. The LAMP server is working perfectally on a local connection but no one can see it externally. Can anyone think of a reason why port 80
<Ursinha> ntoombs: that happened here in Brazil to me, and the isp guys didn't know what they're talking about... turns out port 80 was blocked by them
<Ursinha> ntoombs: have you tried setting the port to 8080, just in case?
<ntoombs> Yea and 8080 gets through. I've gotten throug port 80 before with this isp.
<Ursinha> if you set the port locally and redirected in your router or whatever links you to the external world, it should work
<Ursinha> hm
<ntoombs> to be sure, is there a program i could install that uses a port that I can change to 80?
<ntoombs> Hi. I'm having problems opeing port 80 for my LAMP server. I have opened port 22 sucessfully for an ssh connection the same way I opened port 80 however, port 80 still remains closed. I have called my ISP multiple times to see if they are not blocking it and they confermed that they are not. The LAMP server is working perfectally on a local connection but no one can see it externally. Can anyone think of a reason why port 80
<amero> part
<amero> opps
<megrem> set up postfix but it refuses to send mailsto foreign hosts: relay access denied
<_johnny> hi, i'm having an odd networkin problem. i've followed this guide http://ubuntuforums.org/showthread.php?t=318539 to get wlan working. and i can do a scan and see all APs, but as soon as a pull the ethernet cable, but ip's are lost and no internet connection
<_johnny> plug the cable back in, and both ip's are regained, and internet connectivity on both ip's
<_johnny> would anyone mind having a look at my networking  config ?
<lei__> Hi]
<lei__> Is there anyone who can un-install libvirt?
<lei__> Hello
<lei__> Is there anyone who can un-install libvirt? Since I have two version conflict
<th0mz> Anybody in England please ? out of subject question. I'm looking for a dedicated/vps server prvider based in england please.
<shauno> th0mz: bitfolk.com and bytemark.co.uk are the two names I usually see for vps.  couldn't answer for dedicated
<th0mz> thanks shauno
<andol> th0mz: I have a VPS with Bitfolk, and I am very happy with them.
<andol> th0mz: Yet, if you want a more "cloudy" solution, where you can spawn new virtual machines yourself etc I guess you might want to go with Linode. In the Bitfolk case there is still the need to talk to support@ when creating a new virtual machines, modifying amount of resources to it, etc.
<th0mz> to be exact, i'm just looking to a small vps to get an ip based in england to access BBC video ;)
<th0mz> i just need to run openvpn or kind of proxy... So i'm looking to the cheapest solution.
<th0mz> i have nothing to host (i'm working in a hosting compagny, all my personal need are hosted here).
<uvirtbot> New bug: #809218 in cobbler (universe) "Cobbler should generate a usable /etc/rsyncd.conf file but doesn't" [Undecided,New] https://launchpad.net/bugs/809218
<uvirtbot> New bug: #809239 in dhcp3 (main) "Default interface config is not deleted after upgrade to Natty (dhcp3-server)" [Undecided,New] https://launchpad.net/bugs/809239
<SpamapS> RoAkSoAx: pong, was travelling yesterday
<rurufufuss> how does one remove libraries added from make install?
<rurufufuss> is it only doable manually?
<SpamapS> rurufufuss: unless you changed the --prefix, they should be in /usr/local...
<SpamapS> rurufufuss: some things have a 'make uninstall', try that first
<SpamapS> rurufufuss: if not, you can just rm the files... just make sure you get rid of *all* the files.
<rurufufuss> cool, thanks
<Boon> setfacl: Option -m: Invalid argument near character 3
<Boon> setfacl -m u:lighttpd:rx /var/www
<Boon> does my command wrong?
<Boon> anyone?
<Boon> ?????????/
<soren> Calm down.
<jamespage> SpamapS: still around?
<amelin> hi all, i just found out, that i can start ubuntu server in rescue mode and become root without being asked for a password
<amelin> bug or feature?
<patdk-wk> does it really matter?
<amelin> well, i guess
<patdk-wk> anyone with physical access doesn't need a password to copy your drive
<patdk-wk> unless it's encrypted
<pmatulis> amelin: that's fine.  if you ever set a p/w for root user then it would be different
<amelin> pmatulis: ah okay, but there is a root pw set
<amelin> patdk-wk: of course it does, i dont want a technican in any center to have it that easy
<patdk-wk> :)
<pmatulis> amelin: why did you set a root p/w?
<patdk-wk> my bios locks the keyboard, no password, the bios won't accept entry from the keyboard
 * patdk-wk always sets a root password
<maswan> you can get into rescue mode as root even if you set a root password
<amelin> patdk-wk: if my system fails, i dont want that everybody can access my system, okay, maybe a technican call me sometimes an tell that he already fix it
<Pici> Remove the entry from GRUB and add a GRUB password if you're really paranoid about it.
<maswan> if you want to protect data against attackers with physical access, you need to do disk encryption
<pmatulis> maswan: but doesn't it ask you to enter that p/w?
<patdk-wk> pmatulis, ideally, yes
<patdk-wk> otherwise local users would still have access
<maswan> pmatulis: depends on which rescue mode you go to.
<maswan> booting init=/bin/bash etc won't care about root password being set
<pmatulis> maswan: sigh, i'm not talking about that stuff
<maswan> pmatulis: then what are you talking about? I thought we were talking about booting rescue modes with root password set or not
<pmatulis> maswan: i'm talking about the official rescue mode
<pmatulis> maswan: boot cd and choose from menu
<maswan> pmatulis: oh, external boot, then it is up to whatever you boot if they want to care about that.
<maswan> pmatulis: so no added security from a root password
<pmatulis> maswan: well you're confusing my conversation with amelin
<pmatulis> amelin: what did you do to get into your rescue mode?
<amelin> pmatulis: reboot, open grub menu, choose rescue mode, choose the shell menu
<amelin> okay, i choose the shell option to become root
<amelin> so after reboot i choose rescue in the grub menu
<pmatulis> amelin: and you can get root access w/o p/w even with a p/w previously set?
<amelin> pmatulis: yes
<pmatulis> amelin: k, guess i'll need to go over that scenario.  i didn't think you could do that
<maswan> sounds resonable, one of the uses of rescue mode would be to recover from forgotten passwords
<Ursinha> good morning
<shauno> it's difficult to work around root from a local boot.  if they edit at the grub menu (or provide their own boot media), they can just use init=/bin/sh to bypass *everything*
<shauno> so you've bot bios-level & physical defences, and encryption.  anything past that is a false sense of security
<patdk-wk> this is what locked racks or cages are for
<amelin> jeah, okay, maybe thats right, maybe i was just a bit to confused :-)
<RoAkSoAx> SpamapS: howdy! yeah I heard... we were wondering how did you get ensemble + cobbler to work as we were unable to
<RoAkSoAx> smoser: ping
<lynxman> Ursinha: bom dia
<Ursinha> lynxman: bon dia :)
<lynxman> Ursinha: ooh very good ;)
<Ursinha> :D
<hggdh> <yawn/>
<van7hu> hello
<van7hu> could I get help with bind here?
<van7hu> https://help.ubuntu.com/community/BIND9ServerHowto
<van7hu> according to it, I can configure bind9 as hybrid cache and master, then could I achieve it?
<ScottK> Did you look in the server guide?
<ScottK> It discusses bind9 configuration.
<van7hu> that's it?
<smoser> RoAkSoAx, in now
<soren> Oh, good grief.
<ScottK> van7hu: If you aren't willing to look at the existing documentation, I think it's unlikely you'll find the level of help you want for free.
<van7hu> ScottK, okay
<soren> zul: Do you have a stack of changes to the glance packaging that you forgot to push?
<zul> soren: no
<zul> soren: i dont think so
<soren> zul: There are *5* uploads to the archive that aren't in bzr.
<zul> soren: frig
<soren> zul: One of them even has changes from two people. How did you pull that off?
<zul> soren: ill clean it up today
<soren> Where are you keeping this stuff? If yo uhave changes from two people, you must be sharing packaging somewhere. Where?
<zul> im not
<zul> it was done locally and uploaded
<zul> as i said ill clean it up today
<soren> Ok.
<soren> zul: Before you actually do fix it, I'd like to hear what you intend to do.
<soren> zul: Whenever.
<SpamapS> RoAkSoAx: there was a lot of stuff necessariy
<RoAkSoAx> SpamapS: do you think you can write a small howto for me/us to be able to do it?
<SpamapS> RoAkSoAx: are you trying to do it w/ my branch or something else?
<RoAkSoAx> SpamapS: we (smoser and I) were tryiung to do it with your branch without success
<smoser> SpamapS, woohoo
<SpamapS> RoAkSoAx: did you setup a webdav?
<smoser> we did not.
<SpamapS> that part is a pita
<SpamapS> it would probably help if you guys just said where you're stuck
<lynxman> jamespage: ping
<Daviey> RoAkSoAx: how is it going?
<RoAkSoAx> Daviey: its going we are currentlyu trying to get somethjing to work with smoser
<Daviey> something? :)
<smoser> SpamapS, we're trying to be secretive, and not tell you things so you can't laugh at how incompetant we are :)
<Daviey> lol
<smoser> but, spamaps, if you could write down everything you need to do to get it functional , then that would be great.
<SpamapS> smoser: good idea, I am a heartless bastard that way
<Daviey> s/that way//
<jamespage> lynxman: 10 mins
<smoser> cobbler-devenv at lp:~smoser/+junk/cobbler-devenv/
<lynxman> jamespage: k
<smoser> is pretty close to creating the clean environment
<smoser> you coudl start there.
<SpamapS> smoser: uh.. install cobbler, setup a writable webdav at /formulas ..
<SpamapS> smoser: oh I bet a full environments.yaml would help
<smoser> yea. that would help
<smoser> and "setup a writable webdav" is not dummy proof.
<smoser> and i think that you need to have an ensemble agent running on the cobbler
<SpamapS> smoser: http://paste.ubuntu.com/642690/
<rallias> I'm having difficulties that apache suddenly cannot access the /testing subdirectory of my web server... can someone help me out with this?
<SpamapS> smoser: http://paste.ubuntu.com/642691/
<serge_af1> stgraber: is the lxc srcarch +=arm patch from you?
<serge_af1> just wondering whether to put your signed-off-by on it
<serge_af1> recon i could check the bzr tree
<jamespage> lynxman: back now - wassup?
<lynxman> jamespage: hey
<DanaG> hmm, anyone here use zfs on ubuntu server?  I've currently installed OpenIndiana, but I'm quickly starting to dislike the lack of packages for just about everything I want to run on the server.
<DanaG> How's btrfs?  Can it now reliably fsck?
<DanaG> s/reliably/do/
<DanaG> I do see this, at least: http://www.mail-archive.com/linux-btrfs@vger.kernel.org/msg10864.html
<SpamapS> DanaG: from what I understand, its still experimental. :(
<DanaG> "it" being btrfs?
<SpamapS> yes
<SpamapS> Though a few distros are pushing harder to make it the default
<serge_af1> stgraber: nm, found the original author :)
<DanaG> hmm, installing ubuntu-server to an 8GB usb stick, in a 1.5GB-RAM VM.
<DanaG> The system it'll be running on has 5GB RAM.
<DanaG> Do I really need swap, or is swap a bad idea?
<viezerd> altijd swap
<pmatulis> DanaG: swap is not great in a vm
<DanaG> I've made a rawdisk vmdk for the flash drive.
<DanaG> And the VM is just for the install, not the final place it'll run.
<pmatulis> DanaG: if you have enough ram then don't use swap
<pmatulis> DanaG: it won't run in a vm?
<DanaG> No, I'm just doing the install in a VM.
<DanaG> So then I can take the drive home and plug it into the microserver.
<RoyK> DanaG: swap can be nice when something goes bad - it can also be a nice way to swap out things that aren't in use, especially on desktops and when hosting large applications, VMs etc
<DanaG> There's no way the installer need more than 1.5GB, right?
<DanaG> Well, the install, and post-install upgrades.
<RoyK> DanaG: setting /proc/sys/vm/swappiness to 100 will make linux swap out earlier, thus keeping more memory available for useful stuff - a lot of allocations are for memory that's not in use, and that's important indeed for VMs
<BuenGenio> guys having a major issue with the server here
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<BuenGenio> mysql, apache stopped because apparently  / is full
<BuenGenio> however, du -chs shows this:
<BuenGenio> Filesystem            Size  Used Avail Use% Mounted on
<BuenGenio> /dev/sda3             108G  103G     0 100% /
<BuenGenio> ???
<RoyK> BuenGenio: usually 5% is reserved for the root account
<RoyK> BuenGenio: you should never fill up a file system that much anyway
<BuenGenio> i don't know what did
<BuenGenio> probably a runaway log
<BuenGenio> but I'll check
<BuenGenio> need to start mysql first thing
<RoyK> you can change the amount of reserved space with tune2fs -m
<RoyK> man tune2fs
<RoyK> setting that to zero is usually a very bad idea for the root
<pmatulis> BuenGenio: try to reclaim some space quickly with 'sudo apt-get clean'
<DanaG> Then you can install ncdu -- ncurses disk usage tree thingy.
<pmatulis> DanaG: installing unnecessary s/w on a system with a space problem?
<BuenGenio> it's some log somewhere
<DanaG> pmatulis: it's a small tool, and it'll tell you where all the space went.
<DanaG> But yeah, check logs first.
<pmatulis> BuenGenio: first get space with my command and then 'sudo du -sh /var/log/*'
<DanaG> That ncdu package is just 92 kilobytes, by the way.
<DanaG> no, wait, 22.
<SpamapS> RoAkSoAx: so , did you guys still want a howto first? I feel it will be faster if you just show me whats broken
<koolhead17> hi all
<koolhead17> apt-cache showpkg moodle  shows mysql-client as deps but does not install it. Using dbconfig-common for installation throws error saying mysql-client needs to be installed before this process to finish.
<koolhead17> do i need to file a bug for this?
<SpamapS> koolhead17: postgresql-client | mysql-client
<SpamapS> koolhead17: if you already have postgresql-client installed, that dependency is satisfied
<koolhead17> SpamapS, http://pastebin.com/sxscTTyU  this is what getting installed once i do apt-get install moodle
<koolhead17> i can see postgresql-client getting installed with it
<SpamapS> koolhead17: yeah, that just means that the moodle maintainer prefers postgres over mysql
<SpamapS> koolhead17: if you want to be explicit.. just do  apt-get install moodle mysql-client
<SpamapS> koolhead17: you can just install both also.. since you're writing a formula.. eventually you should support both.
<koolhead17> SpamapS, so its not a bug, just a confusing dbconfig-common configuration of moodle where once clicking on mysql as db option ceases the deployment
<SpamapS> koolhead17: dbconfig-common is basically the predecessor of ensemble. ;)
<SpamapS> koolhead17: it is to ensemble as neanderthal man is to ensemble .. a fork along the same chain that will become less relevant as ensemble becomes more popular. :)
<zul> dbconfig is evil
<koolhead17> SpamapS, :D
<koolhead17> zul, +1
<koolhead17> am still stuck with phpmyadmin preseed
<RoAkSoAx> SpamapS: yes it would be helpful for us here at the sprint
<koolhead17> SpamapS, its just am not interested in paying amazon to test the preseed stuff :D
<koolhead17> before putting it on ensemble :P
 * koolhead17 bows to RoAkSoAx 
<DanaG> hmm, anyone use the kq Linux zfs?
<DanaG> Random: http://www.dailymail.co.uk/news/article-2011051/Black-macaque-takes-self-portrait-Monkey-borrows-photographers-camera.html
<Ursinha> /20
 * Ursinha fails with irssi
<pmatulis> DanaG: that's off-topic, kindly refrain...
<koolhead17> SpamapS, can i atleast request for showing some love to mysql :P
<DanaG> anyway, I think I'll try ubuntu-server with zfs.
<serue> zul: there?
<Ursinha> -ETOOMANYNICKSWITHS
<Ursinha> SpamapS: so
<Ursinha> SpamapS: I'm fixing the old SRU reports script, so you can have it for now
<SpamapS> Ursinha: thats great!
<Ursinha> SpamapS: I'm sorry I've been quiet these days, I'm bootstraping yet
<Ursinha> ::)
<SpamapS> Ursinha: I was hidden away in the mountains all last week.. AFAIK, you have been shouting with a bull horn all week. ;)
<Ursinha> haha
<DanaG> hmm, in Linux, how significantly much better is an Intel NIC than a Broadcom 5723?
<patdk-wk> you can't compare them like that
<patdk-wk> and that is a very old broadcom
<DanaG> That's what's in the HP microserver I have.
<DanaG> I have that, and a 5721 PCIe 1x, and one of these: http://www.newegg.com/Product/Product.aspx?Item=N82E16833106033
<patdk-wk> odd, the netextreme ii's have lower numbers
<patdk-wk> heh, that is a budget intel card
<patdk-wk> that broadcom should be much nicer than that
<DanaG> Really?  Interesting.
<patdk-wk> why? you just picked the lowest cheapest thing intel makes
<patdk-wk> and think it will perform?
<DanaG> I have an 82574L somewhere else (not sure where), and it worked pretty well, I believe.
<patdk-wk> http://www.newegg.com/Product/Product.aspx?Item=N82E16833106011
<patdk-wk> that is more rated along that broadcom chip
<DanaG> Some peope in #openindiana suggested that Intel would be better than Broadcom.
<DanaG> I'll have to try the Broadcom again.  Maybe it's just their broadcom driver that's the problem.
<patdk-wk> dunno
<patdk-wk> never had an issue with broadcom nic's myself
<serue> zul: could you push http://people.canonical.com/~serge/lxc_0.7.4.2-0.3ubuntu3-pkg/lxc_0.7.4.2-0.3ubuntu3.dsc ?
<kirkland> jamespage: howdy, around?
<jamespage> kirkland: yep
<DanaG> well, that's weird... I boot a server (a spare one, not the microserver that's at home), from a USB stick...
<DanaG> The screen is blank for like 70 seconds... and then pops up, fully booted.
<DanaG> This is without "quiet".
<patdk-wk> danag, normal issue, grub put it into video mode card doesn't like or something
<patdk-wk> easy enough to fix
<DanaG> It was fine at grub, actually.
<DanaG> Or do you mean the interaction between grub and kernel?
<DanaG> I'll try grub console instead of gfxterm.
<DanaG> Nope, still blank, but this time with a blinking cursor.
<DanaG> Before doing much troubleshooting, I'll have to try it in the system I'll actually want it in.
<kirkland> SpamapS: ping
<DanaG> Any of you use zfsonlinux?
<SpamapS> kirkland: pong, on a call but wassup?
<kirkland> SpamapS: forgive a dumb question ...
<kirkland> SpamapS: but i'm spinning my wheels here :-)
<kirkland> SpamapS: what's the best way to see the current list of formulas that have landed in principia?
<SpamapS> kirkland: *good* question.. I was wondering the same thing. :-P
<Ursinha> /7/7
<Ursinha> argh
<serue> yuck, lots of oopses at __raw_callee_save_xen_make_pte+0x11/0x1e
<kirkland> SpamapS: :-P
<kirkland> SpamapS: we need the equivalent of "apt-cache search"
<SpamapS> kirkland: Yeah, a lot of that is delayed as we wait for ensemble to have a proper repo.
<SpamapS> kirkland: we could certainly hack it in.
<SpamapS> kirkland: http://code.launchpad.net/principia has a lot actually
<SpamapS> kirkland: but has stuff in dev too
<kirkland> SpamapS: hmm, hard to tell what's in, and not
<kirkland> SpamapS: so, for instance, I'm trying to tell if my "musica" formula has been accepted ... how do i do that?
<SpamapS> kirkland: if there's an lp:xxxx branch its "accepted"
<SpamapS> kirkland: but I think it also needs to go into the mrconfig
<SpamapS> kirkland: so 'principia getall' grabs it
<serue> SpamapS: regarding lp:~clint-fewbar/ensemble/lxc-container/, are you still ok keeping that in the ensemble source, rather than the lxc source?
<SpamapS> serue: I am not sure where exactly it belongs actually.
<SpamapS> serue: I think there's value in distributing that with lxc
<serue> SpamapS: oh what am i thinking.  let's discuss it at the sprint
<serue> SpamapS: since zul seems to not be around, do you mind sponsoring my little lxc cleanup?
<SpamapS> serue: especially if we can genercize it enough where one can just say 'lxc-create -t uec -d oneiric -a amd64 ...'
<serue> SpamapS: i don't want to make the templates more complicated...
<serue> oh
<SpamapS> serue: I 'spose I understand
<serue> yeah, but you can just have ensemble do that,
<SpamapS> serue: do what?
<serue> just install it at /usr/lib/lxc/templates/lxc-uec
<serue> then you can do lxc-create -t uec
<SpamapS> serue: I see value in people being able to boot the same image that is used on the cloud in lxc.
<serue> sure
<serue> i prefer ensemble isntalling the template right now in case the template is going to change a lot for awhile
<SpamapS> serue: that sounds good then
<serue> cool
<serue> SpamapS: so do you mind pushing http://people.canonical.com/~serge/lxc_0.7.4.2-0.3ubuntu3-pkg/lxc_0.7.4.2-0.3ubuntu3.dsc ?
<SpamapS> serue: is that attached to a bug?
<serue> no
<SpamapS> serue: you need to run clean before building that source
<SpamapS> --- lxc-0.7.4.2/debian/lxc.debhelper.log        1969-12-31 16:00:00.000000000 -0800
<SpamapS> +++ lxc-0.7.4.2/debian/lxc.debhelper.log        2011-07-12 08:00:54.000000000 -0700
<DanaG> hmm, is ebox supported, or is it known to break things?
<SpamapS> !ebox
<ubottu> zentyal is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/Zentyal (Project formally known as eBox - including in Lucid/10.04).
<SpamapS> DanaG: ^
<serue> i don't see a .log file.  but i guess i tarred it on the other laptop.  sigh.
<DanaG> Does ebox run its own ldap server, or can I do it without ldap?
<SpamapS> serue: why aren't you using bzr-buildpackage ?
<DanaG> oh, I see... usersandgroups is not just for local groups.
<SpamapS> or bzr-builddeb, whatever its called
<DanaG> It's explicitly for managing ldap.
<serue> spam	i use debuild -S -sa
<serue> SpamapS: (jinkeys, network is killing me) i don't use bzr bd bc I don't use bzr right now bc the bzr trees are always out of date.
<serue> I know that's been recently addressed, and I need to try going back to a udd dworkflow
<serue> spam	anyway, I thought that debuild -S did a debian/rules clean.   but i see the .log file.  huh
 * serue wants to smack irssi for not expanding SpamapS 
<SpamapS> serue: why are the bzr trees getting out of date?
<SpamapS> serue: we can fix that usually by importing the versions that have failed
<serue> SpamapS: dunno.  i don't think they had failed per se
<amero> does anyone know what's the hyphen sign in front of log filenames in rsyslog,conf mean?
<amero> eg mail.* -/var/log/mail.log
<serue> SpamapS: making a f'ing bzr tree
<serue> <grimace> quilt patches applied
<serue> yay, i get to start over.
<alamar> sometimes that's a good thing ;)
<DanaG> hmm, looks like ebox is more than I need.
<DanaG> all I'd really want is something like what FreeNAS gives.
<serue> SpamapS: well, i don't understand it.  New version, with source at lp:~serge-hallyn/ubuntu/oneiric/lxc/lxc-0.7.4.2-cleanup-patches and pkg src at http://people.canonical.com/~serge/lxc_0.7.4.2-0.3ubuntu3-pkg created with 'bzr bd -S -- sa', the debhelper.log files are still there
<serue> (but not in the bzr tree)
<SpamapS> serue: *weird*
<serue> not like it's a helpful log either :)
<serue> SpamapS: eh well, pls push if you feel comfortable.  bbl.
<SpamapS> serue: will take a look ASAP.. need to go find some food
<pmatulis> SpamapS: take out spear?
<SpamapS> pmatulis: the only thing I'll be able to hunt and kill with a spear in west L.A. is Chihuahua .. and then I'd have to deal with angry UCLA juniors and their giant pink purses.
<pmatulis> SpamapS: LOL (at chihuahua), still reading
<pmatulis> SpamapS: wow, another LOL
<pmatulis> has anyone heard of idmapd spontaneously stop running?  have natty desktop client randomly getting the nobody-user using NFS/autofs with solaris server
 * SpamapS wonders if Chipotle would be interested in some locally sourced Canine..
<xperia> hello to all. i am trying to get the modrewrite loging to work on my Ubuntu Server maschine but i fail now the whole day to get this to work.
<xperia> Anybody can give me a advice how to enable logging for modrewrite ?
<maccam94> is the php suhosin patch installed by default in lucid? do i need/want the php5-suhosin package in apt?
<zeknox> using iscsiadm how can I detach from an iscsi server?
<pmatulis> zeknox: --logout i think
<zeknox> pmatulis: thanks buddy!
<serue> Daviey: any update or new comments on spice upload?
<roasted> Has anybody tinkered with network interface bonding? I'm curious about a few things and was hoping someone could clear the air...
<patdk-wk> works great for me
<roasted> what does?
<alamar> i guess bonding
<roasted> wasn't sure if that was directed at me or not
<alamar> what's your problem with bonding?
<roasted> well I found a guide for it, but I wanted to talk to someone who knows a lot about it to help me understand it a bit more.
<patdk-wk> how about we start simple
<patdk-wk> question?
<roasted> I'm running edubuntu 10.04 on a server with 4 gigabit network ports, I want to combine them into 1.
<roasted> would that be the broadcast method?
<patdk-wk> none :)
<patdk-wk> what is the goal?
<patdk-wk> what are you attempting to protect?
<roasted> to make all 4 NICs look as one
<roasted> I'm just trying to maximize throughput
<patdk-wk> you can make all 4 look like 1 several ways
<patdk-wk> not all of them will maximize throughput, infact most won't
<patdk-wk> cause maximizing throughput over 4 nics is not easy to do
<roasted> well, here's my dilemma so you know what I'm doing
<roasted> I'm running an LTSP server with thin clients.
<roasted> I previously ran a server with a single gig port to a lab of 30 clients without issue.
<roasted> this year we're moving to 60-70 clients, so naturally my thought process is to utilize the other nic's
<roasted> to help out with the load, ya know?
<roasted> I've always set up LTSP on smaller scale setups, so bonding was never a necessity. but this time I think it'd be wise to utilize bonding, based on my client load this year as well as the benefits I read about.
<roasted> what do you think would be best?
<maccam94> roasted: the best option is if you can afford a managed switch, use IEEE 802.3ad Dynamic link aggregation
<roasted> well, I'm here in our server room, we have some decent gear
<roasted> let me see...
<roasted> dell powerconnect 6248
<patdk-wk> wish I knew what that was, non-rebranded
<roasted> hmm
<maccam94> yup
<roasted> so my optimal solution would be to work at the switch level and let ubuntu alone?
<maccam94> no, you configure both ends
<roasted> ahh
<roasted> I thought you meant one or the other.
<maccam94> so you want to do 802.3ad bonding in ubuntu, and the switch should work with it
<maccam94> i'm not certain if you have to configure bonding on the switch side or if it will automatically detect it
<patdk-wk> that will do it, configure 4 ports of that into a ladp
<patdk-wk> no, linux only supports static mapping
<patdk-wk> so you need to configure it on both sides
<roasted> I see. what advantages would 802.3ad give me?
<patdk-wk> alittle less than adaptive bonding, but much much more reliable
<roasted> does it just lump all bandwidth into one larger pipe
<patdk-wk> hell, no, you can't do that
<maccam94> roasted: so you want lacp
<roasted> maccam94, at the switch?
<patdk-wk> pretty much you limit a mac per interfaces
<patdk-wk> all packets from that mac or mac+ip will go over the same connection
<patdk-wk> but packets from other paces will use other interfaces, so if you have enough different source, you will use all your links up
<roasted> hm
<maccam94> patdk-wk: are you familiar with LACP?
<roasted> trying to put all this together and understand it...
<patdk-wk> only bad thing would be to put a layer3 switch, router, or firewall between the clients and ltps server
<patdk-wk> maccam, yes
<maccam94> patdk-wk: he has a layer 3 switch
<roasted> we have layer 3
<maccam94> it supports LACP
<patdk-wk> but his layer3 switch isn't doing layer3 stuff is it?
<roasted> I don't believe this particular 6248 is
<maccam94> so i think he just needs to create the lagg interface in ubuntu and it should work
<patdk-wk> and on the switch
<maccam94> roasted: http://www.dell.com/us/en/enterprise/networking/pwcnt_6248/pd.aspx?refid=pwcnt_6248&cs=555&s=biz
<roasted> I think our switches acting as layer 3 are 3500 series switches
<maccam94> Link Aggregation with support for up to 18 static  aggregated links, 8 dynamic aggregated links per switch and up to 8  member ports per aggregated link; LACP support (IEEE 802.3ad), LLDP-MED
<maccam94> so as long as your server is directly connected to that, you should be ok
<monokrome> Hey. Does anyone here have experience with setting up puppetmaster on Ubuntu?
<patdk-wk> setup a static lacp on the switch
<monokrome> I am trying to figure out why Ubuntu's installation expects/assumes that I have etckeeper installed.
<roasted> monokrome, oh man. that's my next project... :(
<monokrome> heh
<roasted> maccam94, if I do this, would the server itself see only 1 ip?
<roasted> like would my entire box, despite having 4 ports, use 1 ip or would each interface still have to be set up?
<maccam94> roasted: you would have the 4 physical interfaces, and one virtual aggregated interface
<monokrome> roasted:  Pretty simple to get it running, but configurations don't work because it assumes etckeeper is set up - but I don't know how to fulfill it's assumed requirements.
<maccam94> the physical interfaces wouldn't have ips
<roasted> so I'd set my static IP to the virtual interface in /network/interfaces?
<maccam94> roasted: i think it would look like this: ifconfig lagg0 laggproto lacp laggport bge0 laggport bge1 laggport bge2 laggport bge3 192.168.1.50 netmask 255.255.255.0
<roasted> oh bo
<roasted> y
<maccam94> so lagg0 is the virtual interface, the bge's are your physical interfaces, and then you've got the ip and netmask
<maccam94> so lagg0 gets the ip info
<maccam94> and laggproto is lacp so it will negotiate bonding with the switch (assuming that functionality isn't somehow disabled, as the documentation says it supports up to 8 dynamic aggregated links)
<maccam94> roasted: think you get it?
<soren> zul: The latest glance upload's changelog entry says "debian/control: python-hashlib". What does that mean?
<zul> stupid typo
<soren> Should have been ruby-hashlib?
<zul> soren: no i noticed when jetlagged that there were a python-hashlib in the tools/pip-required
<zul> sorry tools/pip-requires
<soren> zul: And then you... wrote python-hashlib in the changelog, but added python-daemon in debian/control?
<zul> no i think that was me i dont know what i was thinking
<soren> ok
<soren> Fixed.
<uvirtbot> New bug: #809526 in squid (main) "squid 2.7.STABLE9-2ubuntu5.1, reload kills squid, called in /etc/resolvconf/update-libc.d/squid" [Undecided,New] https://launchpad.net/bugs/809526
<uvirtbot> New bug: #809602 in bind9 (main) "package bind9-host 1:9.7.0.dfsg.P1-1ubuntu0.3 failed to install/upgrade: unable to install new version of `/usr/share/doc/bind9-host/copyright': No such file or directory" [Undecided,New] https://launchpad.net/bugs/809602
<DanaG> hmm, anyone here have experience with btrfs mirrored drives?
<DanaG> I'm trying to figure out whether I want to do that, or do zfs+linux, or do openindiana.
<DanaG> I'd definitely prefer to have Linux.
<CrystalVoid> greetings everyone ... i have 2 cpu;s and want to run a small ubuntu file server ... http://products.amd.com/en-us/DesktopCPUSideBySide.aspx?id=72&id=25 ... i want to aim for low power ... but am woried about the l2 cache ... and recamendations ?
<TheEvilPhoenix> question for ya: will krb5-user and its dependencies screw with standard UNIX login at the command line on a system?
<TheEvilPhoenix> the package is a prereq for connectivity to my university's UNIX filespace
<TheEvilPhoenix> from anything
<qman__> CrystalVoid, that depends entirely on what other hardware you're running
<qman__> the CPU is only really important on a file server if you use software raid
<qman__> and what sort of software raid you're running
<qman__> for example, my previous file server was running a single core athlon 64 3500+ venice, and was fully capable of saturating a gigabit link with a raid 5
<qman__> while also running a couple dozen torrents
<TheEvilPhoenix> hey qman__ know anything about kerberos authentication and how its packages screw with local authentication, by chance?
<qman__> nope
<qman__> I know how pam works, but I don't know anything about how kerberos is packaged
<TheEvilPhoenix> ah
<TheEvilPhoenix> i really only need to know if krb5-user will interfere with the standard UNIX login system on this system
#ubuntu-server 2011-07-13
<CrystalVoid> qman__,  mostley iscsi + zfs probley ...  so yah loads of software work
<qman__> how many disks, and what sort of data rates you want to achieve?
<qman__> also, are you getting a good disk controller?
<CrystalVoid> no firm count on disk atm .. but 2 to 8 ish probley  .. .// controller .. whatever is onbord .. i hate it but i am forced to use scrap whatever i can dig up
<CrystalVoid> speeds ... i hope to use some minor compression so 60 to80 would be good .. but ill take what i can get
<qman__> then it's not worth bothering with the better chip
<TheEvilPhoenix> qman__:  question, so as long as I dont install the kerberos PAM package there's no risk of breaking the standard UNIX local login/authentication system?
<qman__> the controller will be a tighter bottleneck
<qman__> TheEvilPhoenix, so long as PAM is not modified, local authentication will not be affected
<TheEvilPhoenix> ah very good
<qman__> I can't say whether the package you want to install will modify PAM or not
<TheEvilPhoenix> qman__:  i think kerberos has its own PAM package... but i'll check
<twb> In current releases the manifest will give a good hint, because it will provide files in thingo
<twb> /usr/share/pam/ ?
<CrystalVoid> thank you qman__  :)  i think that tips me in faver of the smaller chip
<TheEvilPhoenix> lemme check
<twb> There's a directory that gets turned into pam by a debconf clicky-clicky checklist UI thing
<TheEvilPhoenix> because it loads a few parameters
<TheEvilPhoenix> s/parameters/prereqs/
<twb> Not /usr/share/pam
<qman__> CrystalVoid, you're only looking at ~20% difference between them anyway, so if power or cost is a concern, the less powerful chip is the better choice
<TheEvilPhoenix> twb:  the libpam-krb5 package isnt being installed, and that package installs the Kerberos auth module for PAM, so I should be good right?
<twb> TheEvilPhoenix: libpam-krb5 *is* the pam krb auth module.
<TheEvilPhoenix> but its not required for the package i needed to install
<twb> Oh, right, I misread you
<TheEvilPhoenix> so i'm trying to make sure that that module is *not* installed
<twb> Sure.
<TheEvilPhoenix> so it doesnt override the base UNIX authentication
<TheEvilPhoenix> and if all else fails, uninstall everything with purge, right? XD
<twb> AFAIK even if you did install libpam-krb5 noninteractively, it still wouldn't break local flat-file authentication.
<qman__> yeah, it would just add krb5 to it
<TheEvilPhoenix> it did that with a Ubuntu server I used once before
<TheEvilPhoenix> so :p
<TheEvilPhoenix> i like to be preemptive and ask rather than be sorry later
<qman__> now, if krb5 is horribly, horribly broken, it may effectively break local auth
<twb> I suspect you managed to contribute to that case.
<twb> qman__: it's not so much "broken" as "special"
<TheEvilPhoenix> stop blaming this on pebkac
<nonotza> anyone know if wireshark is available for shell only?
<utlemming> yeah, its call tshark
<utlemming> although "tcpdump -w pcap" will give you a dump that you can import into the GUI version
<nonotza> thanks
<twb> tshark can do that too, obviously
<twb> If you have enough disk space for the pcap, I would run tcpdump on the router or server, tho, because it's deps are far smaller than tshark's
<Zimsky> Does anyone know of any fan speed control software?
<Zimsky> For controlling system fans both manually and automatically.
<twb> Zimsky: that's done in the kernel.
<Zimsky> Oh
<twb> There's also fancontrol - utilities to read temperature/voltage/fan sensors
<twb> but IIRC it's only for stuff the normal kernel can't talk to, or it's obsoleted by the kernel stuff.
<twb> You probably want something like /sys/class/fan
<Zimsky> what is that?
<twb> Zimsky: /sys/ is a pseudofilesystem used to talk to the kernel
<Zimsky> so how do I use it?
<twb> I don't know.
<twb> Usually I stop caring once the fan slows down on its own, because I trust the kernel to make reasonable decisions.
<twb> kernel question: can I "reload" a ko while it's in use?
<twb> The manufacturer says "If you reload the solos-pci module it should reset the Solos chipsets."
<twb> # rmmod solos-pci; modprobe solos-pci ==> ERROR: Module solos_pci is in use
<twb> Apparently even stopping the pppds didn't allow me to rmmod it :-/
<serue> SpamapS: lp:~serge-hallyn/ubuntu/oneiric/lxc/lxc-0.7.4.2-cleanup-patches/ / http://people.canonical.com/~serge/lxc_0.7.4.2-0.3ubuntu3-pkg has been cleaned up, thanks to broder
<serue> SpamapS: when you get a chance, pls re-pull and, if it looks ok, push?
<alamar> where exactly are the scripts that do the networking setup nowadays? (with upstart and such)
<serue> alamar: some is in /etc/network/if-up.d/upstart;  some in /etc/init/network*
<alamar> thank you
<alamar> the reason I ask is I was wondering if ubuntu uses ifconfig/route or iproute2 for initial network setup on boot
<twb> alamar: by default it uses the old stuff (see "ifupdown" package).
<twb> alamar: you can easily use "manual" stanzas in interfaces(5) to use iproute2 instead, and there is a minority of people (inc. me) who do this.
<twb> alamar: also, NM will do whatever the hell it does.
<serue> if you let it :)  the fiend
<twb> Step #1 is purge NM
<twb> alamar: here's a very complex iproute2-based interfaces(5) -- http://paste.debian.net/122735/
<StrangeCharm> after doing a fresh install, after grub, i just get a blinking cursor. i've tried a couple of times, with no luck. what am i doing wrong here?
<twb> StrangeCharm: IMO?  Using grub
 * twb is a grub hater.
<StrangeCharm> imo?
<StrangeCharm> grub's the default?
<twb> In My Opinion
<twb> For some reason Ubuntu and Debian use syslinux for CDs and USB keys and network installs, but still use grub for hard disks.  IMO syslinux (as extlinux) should also be used for hard disks, because it is simple and deterministic and it Just Works.
<twb> (The argument against it is that some people have weird setups, like 2007-era EFI-only macbooks, and syslinux doesn't support those.)
<shang> hi all, anyone here has used orchestra before to deploy Ubuntu server?
<twb> Never heard of it.
<lifeless> twb: new bootstrap thingy in oneiric
<lifeless> twb: https://lists.ubuntu.com/archives/oneiric-changes/2011-May/001881.html
<twb> as in a replacement for debootstrap?
<lifeless> layers on top AIUI
<lifeless> replacement for kickstart perhaps
<twb> But kickstart is totally useless for debian, because preseeding is already there, better supported, and prettier
<twb> Er, s/debian/ubuntu/
<twb> lifeless: orchestra looks more like FAI
<twb> Sheesh, source format 1.0 in a new ubuntu-driven project?  Someone's a 3.0 hater.
<twb> lifeless: yeah, orchestra is definitely in the same category of thing as FAI
<DanaG1> hmm, I wonder how long it'll take before btrfs gets a fsck that'll fix things.
<DanaG1> hmm, I figured out what's happening with my slow boot...
<DanaG1> It sits at a blank cursor before the message that says something about starting kernel.
<rixius> I'm trying to get ubuntu-server on my macbook, that  has a broken display. Is there a method to make a bootable CD that will fully automate installation and end with ssh enabled?
<Tommy_nmw> hi everyone
<Tommy_nmw> I am newbie of Ubuntu server
<Tommy_nmw> facing many problems using ubuntu as newbie
<rixius> Tommy_nmw: what's the problem?
<Tommy_nmw> the only thing is my ubuntu server will be without internet
<Tommy_nmw> at work, due to office policy, I can use or download from internet only from Windows XP
<Tommy_nmw> I do not know what complete packages I could download manually from Windows XP for my ubuntu server
<twb> [ "$QUICK" ] && touch /var/run/ppp-quick
<twb> What the fucking fuck?  How is that supposed to be per-connection when you have two PPPoA lines?
<twb> ifupdown and ppp are like sausages, don't look at how they're made :-/
<twb> What I'm actually doing is replacing ifdown's totally useless ppp integration with an upstart job that calls "pppd call foo" for each PPPoA line, because APPARENTLY pppd, despite being told "persist", will simply exit if you leave the line unplugged for ten minutes, and never come back up.
<twb> >grrr<
<twb> Also, WTF is with ifupdown being written in noweb
<lifeless> twb: it was al the rage
<twb> It just reinforces that ifupdown needs to die
<twb> So it turns out that despite (AFAICT) being coded to do so, ifupdown is simply not passing "unit 0" to the pppd call (via pon), so it's only by complete accident that I've been getting correct pppN numbers by now.
<twb> (I would have used meaningful names for my ppp ifaces, except that pppd encodes iface names as ints, not strings :-/ )
<lifeless> pppd is pretty old itself
<DanaG1> okay, I decided to go with Ubuntu Server + zfs.
<DanaG1> All I care about is that the FS works, and that it's not a royal pain to do anything like it is with openindiana.
<twb> lifeless: yeah, I could really do without ever having to touch ppp or radius ever
<Tommy_nmw> hi
<Tommy_nmw> hi
<Tommy_nmw> who could help in EVDO connection?
<twb> What is an EVDO?
<e_t_> It's a type of "3G" cellular data service.
<twb> Oh that stuff
<twb> Dunno, but I hear people do pppd with strange AT codes to make 3G go
<Tommy_nmw> Evolution-Data Optimized
<Tommy_nmw> http://en.wikipedia.org/wiki/Evolution-Data_Optimized
<uvirtbot> New bug: #809753 in logwatch (main) "logwatch bug in postfix filter" [Undecided,New] https://launchpad.net/bugs/809753
<twister004> hi guys... how can I manually configure my wireless interface in ubuntu?
<Ursinha> buenos dias, amigos
<shingen> my headless server died... removed hdd, trying to boot in vbox but I get nothing.  where can I start with troubleshooting boot issues?
<lynxman> Ursinha: morgen
<shingen> blargh, grub got hosed, strange
<jamespage> kirkland: around?
<ConstantineXVI> for an XMPP server, if you only have the server port open outside your firewall, no one on the outside can log on or create accounts, right?
<joschi> ConstantineXVI: yes
<ConstantineXVI> joschi: good, thanks
<joschi> ConstantineXVI: but usually you can also configure these permissions in most XMPP servers
<joschi> ConstantineXVI: at least the registration part
<ConstantineXVI> joschi: want just anything inside the firewall (aws group, actually) to be able to register, but people on the outside still able to talk to the bot
<kirkland> jamespage: howdy
<RoAkSoAx> utlemming_: btw... you didn't need to roll back to natty , i lots keyboard/mouse too. You just needed to delete /run/udev
<patrickmw> jamespage: I thought I was added to ~ubuntu-server-iso-testing-dev but I'm not on the members list.  Did you add me to a different project?
<jamespage> patrickmw: i'll check a bit later
<patrickmw> jamespage: ack. I have a branch I want to propose
<jamespage> hmm - you should be able todo that without being a member
<T3CHKOMMIE> hey everyone got a really quick hardware question for you. im rutting an Zotac ION N330 board and im trying to figure out if a mini ITX FF 150 psu will run that and a 2.5 hdd
<T3CHKOMMIE> 150W that is.
<baggar11> T3CHKOMMIE: is there something about that config that makes you think it won't work?
<T3CHKOMMIE> saw a review on the PSU some guy was complaining it wouldnt run his N330
<T3CHKOMMIE> seems strange to me, i imagin a atom wont draw that much
<patdk-wk> looks like it won't work :( n330 needs like 90watts, and the 2.5" drive needs 10watts
<T3CHKOMMIE> 150 isnt enought?
<patdk-wk> for 100watts?
<patdk-wk> hopefully, unless it's a crappy 150watt psu :)
<T3CHKOMMIE> seems like its crappy.... i need an emergency replacement case and psu for a busted server.
<patdk-wk> can't believe that thing needs 90watts
<T3CHKOMMIE> looking to just get bye until payday.
<patdk-wk> my atom laptop uses 7watts, including the screen and 2.5" drive
<T3CHKOMMIE> mother board says its a 8w TPU
<T3CHKOMMIE> TDP* sorry
<baggar11> T3CHKOMMIE: I think you'd be fine
<T3CHKOMMIE> baggar11 ill bite the bullet and order it and hope it all works. might have a problem when doing 1080p but for now i think it will work?
<_ruben> my atoms have 90W psus iirc
<patdk-wk> mine only has a 40watt
<DanaG> !find libmono-remoting
<ubottu> Package/file libmono-remoting does not exist in natty
<DanaG> where is libmono-remoting?
<DanaG> System.Runtime.Remoting
<DanaG> ah, libmono-system-runtime2.0-cil
<fowlduck> I'm trying to find out if apache 2.2.17 on ubuntu natty suffers from these vulnerabilities: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1928 and http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0419
<uvirtbot> fowlduck: The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used.  NOTE: this issue exists because of an incorrect fix
<uvirtbot> fowlduck: Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrat
<fowlduck> I can't find anything on the bug tracker or in the ubuntu changelog, but I could just be crappy at searching launchpad
<Pici> fowlduck: See http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-0419 and http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-1928
<uvirtbot> Pici: Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated b
<uvirtbot> Pici: The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used.  NOTE: this issue exists because of an incorrect fix for
<Pici> uvirtbot: thats annoying.
<uvirtbot> Pici: Error: "thats" is not a valid command.
<Pici> Theres a CVE search somewhere in Launchpad, but this tool is much nicer.
<fowlduck> cool, thanks
<utlemming_> smoser: ping
<smoser> here
<utlemming_> smoser: I take it we want to have new live-build scripts generate VMDK, OVF and tarballs correct?
<smoser> well, you can probably re-use the stuff
<smoser> vmdk is generated from the partition image
<smoser> but yeah
<utlemming> okay, I'll dig on that. thanks
<uvirtbot> New bug: #810044 in cloud-init (main) "cloud-init will have race conditions for cloud-config with multiple network adapters" [Undecided,New] https://launchpad.net/bugs/810044
<bencc> ubuntu server doesn't come with ntp installed, right?
<bencc> is it standard to install the ntp package to sync the clock?
<Pici> bencc: ntpdate is installed by default, but not ntp.  And yes, I'd install it for properly maintaining time
<smoser> utlemming, the goal really woudl be to just drop in a different "vmbuidler" command. and have everything else just work as is
<bencc> Pici: ntp or openntpd ?
<Pici> bencc: It looks like openntpd doesn't change the clock's rate, which I feel is one of the main features of ntp.
<utlemming> smoser: yup, that is my goal
<bencc> Pici: ok. thanks
<utlemming> smoser: I want to make this as simple as I can
<smoser> yeah.
<smoser> we should be comparing the filesystem content output
<smoser> between the two
<smoser> we need to be aware of everything that is different, and understand why
<utlemming> I did a pass of that yesterday and am working out the differences now.
<utlemming> The biggest difference I've found is that the new images don't have grub2 files dropped to /boot/grub, so I'm going to get that fixed.
<utlemming> I also did a md5 comparision to try and spot configuration difference. I have to follow up by diff'ing them.
<serue_> SpamapS: lp:~serge-hallyn/ubuntu/oneiric/lxc/lxc-0.7.4.2-cleanup-patches/ / http://people.canonical.com/~serge/lxc_0.7.4.2-0.3ubuntu3-pkg has been cleaned up, thanks to broder
<serue_> SpamapS: when you get a chance, could you pls re-pull and, if it looks ok, push?
<SpamapS> serue_: sorry I've been wrapped up in a bunch of other things. I'll take a look soon.
<serue_> SpamapS: np, thanks!
<serue_> Daviey: .
<smoser> soren, can you verify ? 810074
<smoser> s/verify/confirm/
<soren> bug 810074
<uvirtbot> Launchpad bug 810074 in firefox "firefox crashes with pentadactyl installed" [Undecided,New] https://launchpad.net/bugs/810074
<soren> smoser: Uh..
<soren> smoser: a) I don't know what Pendactyl is, b) I don't really use Firefox.
<soren> smoser: Is that really the bug you meant? If so, I wonder why you're asking me :)
<smoser> pentadactyl is to vimperator what openstack is to eucalyptus (sort of)... a more open and usable fork.
<smoser> i thought you were a vimperator user
<Aison> how can I disable the cpu frequency scaling?
<Aison> is that some bios thingie or some ubuntu server thingie?
<soren> smoser: I use Chrome, actually.
<soren> smoser: I occasionally miss vimperator, though.
<smoser> soren, chrome schmome
<uvirtbot> New bug: #810157 in nova "support '-' for writing to stdout in nova-manage environment/zip" [Undecided,In progress] https://launchpad.net/bugs/810157
<tkeith> How can I figure out if I'm vulnerable to CVE-2011-1770? Is DCCP something that's enabled by default?
<uvirtbot> tkeith: Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1770)
<tkeith> Ha, what a smart bot :) My question still stands though.
<patdk-lap> tkeith, strip all dccp off packets on your network
<patdk-lap> or have your switch do it
<tkeith> patdk-lap: So, assuming everything outside the server is untrusted, it'd be vulnerable?
<patdk-lap> would say so
<tkeith> patdk-lap: Ok, thank you, that's what I needed to know
#ubuntu-server 2011-07-14
<ntoombs> Hi. I have a problem accessing my LAMP server externally through port 80. I can access it internally using both it's assigned local static ip address and my networks external ip address. I have talked to my ISP multiple times to see if they are blocking port 80 and they confirmed that they are not. Here are some commands I have run on my server to check if the ports are open and my server is connected to the network.
<ntoombs> nmap -sP 192.168.1.0/24 (http://pastebin.com/wt9JYDJc) nmap 192.168.1.119 -p 1-10000 (http://pastebin.com/KFZswzYg) netstat -an | grep ':80' (http://pastebin.com/0ZrFb5YD)
<patdk-lap> hmm, none of those are public ip's
<patdk-lap> do you have any public ip's on your server?
<ntoombs> i don't know what you mean. my public ip is for my router
<patdk-lap> and you configured dnat on your *router*
<ntoombs> if by dnat you mean port forwarding, yes i did that
<TheEvilPhoenix> ntoombs:  then whats the IP to the router
<TheEvilPhoenix> i.e. if you went to whatismyip.com or something
<TheEvilPhoenix> whats that number :P
<TheEvilPhoenix> dont tell us though :P
<ntoombs> i know what it is
<TheEvilPhoenix> didya try using that for the bind number?  or perhaps just *
<patdk-lap> heh? that won't work TheEvilPhoenix
<TheEvilPhoenix> patdk-lap:  whoops my bad
<qman__> you can't bind to an IP that the server is not configured with
<TheEvilPhoenix> been a while since i messed with Apache ;)
<TheEvilPhoenix> ignore me then
<qman__> if it works from LAN, it's most likely the ISP or the router
<qman__> they might swear up and down but the only way to know for sure is testing an alternate port
<patdk-lap> make a new port forwarding rule
<ntoombs> port 22 works fine for ssh
<TheEvilPhoenix> is this a residential IP, out of curiosity?
<qman__> 22 is not commonly blocked
<patdk-lap> that maps like port 8080 to port 80
<TheEvilPhoenix> ISP*
<qman__> yeah, in the router, change it to 8080 or 9000 or something, and test
<qman__> if it works, your ISP is lying
<qman__> which is far more common than it should be
<qman__> if not, it's probably the router
<patdk-lap> hmm, it's a dynamic isp address
<patdk-lap> I can't believe they aren't blocking port 80
<ntoombs> i've been able to connect on port 80 before with this isp
<patdk-lap> things change
<qman__> commonly blocked ports are 25, 80, 113, 145-149, 443, and 445
<patdk-lap> people change
<patdk-lap> routing changes
<patdk-lap> don't forget 135-139
<qman__> ah, that's what I meant
<qman__> instead of 145-149, my bad
<ntoombs> that was like 2 weeks ago though
<qman__> it's a pretty simple thing to test if your router is sane
<qman__> just change the external port that gets forwarded to 80 on your server
<serue_> kirkland: are you around by chance?
<ntoombs> qman__: i'm sorry i don't know what you mean
<ntoombs> i thought 80 was the port i'm forwarding to my server
<qman__> in most routers, you forward port X to port Y on IP Z
<qman__> you can leave Y and Z alone, and just change X
<TheEvilPhoenix> ^ that
<uvirtbot> TheEvilPhoenix: Error: "that" is not a valid command.
<qman__> then try it from the internet
<TheEvilPhoenix> stfu bot
<ChmEarl> ko
<ntoombs> my router forwards from external ip address > router (checks incoming connection and on what port) > whatever device the router forwarded the connetion
<ntoombs> sorry i'm not very good with networking
<TheEvilPhoenix> i've worked with forwarding though
<TheEvilPhoenix> ntoombs:  most routers support this:
<qman__> yes
<qman__> connections come in on the external IP
<qman__> when you set up port forwards, you pick a port that the connections come in on
<qman__> then pick an IP and port to forward said connection to
<qman__> you can leave the second half alone, and just change the first one
<qman__> so that connections coming in on 8080 go to your server on 80
<TheEvilPhoenix> some random port and net connection from external > router > NAT: (<random port> -> InternalMachineIP:<any port>) > InternalMachineIP
<TheEvilPhoenix> so for example
 * patdk-lap spanks TheEvilPhoenix
<TheEvilPhoenix> i could bind the system in such a way that: port 8754 --> System:80
<twb> Generic MASQUERADE or SNAT and a specific DNAT.  Film at 11.
<TheEvilPhoenix> or any other combo :P
<patdk-lap> twb, shouldn't that be, ipv6 killed nat, story at 11
<ntoombs> qman__: so instead of forwarding the incoming connection to port 80 i forward it to port 8080?
<qman__> no
<TheEvilPhoenix> ntoombs:  no
<ntoombs> dang
<ntoombs> thought i had it :(
<qman__> connections coming in on 8080, go to port 80 on the server
<twb> patdk-lap: yeah, but I doubt the OP knows that yet
<TheEvilPhoenix> you forward incoming connections from port 8080 to port 80 on the machine
<qman__> so that you can leave your server alone, listening on the normal port 80
<qman__> but work around a possible port block from your ISP
<qman__> prepositions matter here quite a bit ;)
<TheEvilPhoenix> indeed
<ntoombs> ok i'll look around in my router how to forward a port to a different port :P
<TheEvilPhoenix> ntoombs:  what router
<ntoombs> netgear n300 dgn2200
<ntoombs> modem/router combo
<TheEvilPhoenix> ah
<ntoombs> i'm not seeing any option for what you guys are talking about
<TheEvilPhoenix> ntoombs:  screenshot?
<ntoombs> sure
<TheEvilPhoenix> no i kid
<TheEvilPhoenix> lemme grab google ;)
<TheEvilPhoenix> or a screenie works :P
<ntoombs> whatever you wanna do
<ntoombs> which one?
<TheEvilPhoenix> screenie
<TheEvilPhoenix> because google is evil
<ntoombs> k
<chowder> Has anyone here ever used the xen hypervisor? I want to run it on my laptop with Ubuntu 11.04 as the dom0. I've looked online for a how-to but to no avail. Any ideas?
<TheEvilPhoenix> chowder:  #ubuntu ?
<TheEvilPhoenix> chowder:  laptops usually fall under the purview of the standard ubuntu channel
<ChmEarl> chowder, I do that on oneric since it has the xen aware kernel-3.0
<chowder> TheEvilPhoenix, come one now. Do you really think that in the main channel anyone is going to have any idea? (yes, I tried asking)
<TheEvilPhoenix> :P
<ChmEarl> sorry oneiric
<chowder> ChmEarl, sounds like a good idea but I don't really want something unstable for my dom0. Just doesn't seem like a good idea
<ChmEarl> chowder, you want to build dom0 from source? use konrads git repo
<ChmEarl> http://git.kernel.org/?p=linux/kernel/git/konrad/xen.git
<chowder> ChmEarl, I'm on a fresh 11.04 install. I've got my LVM set up just the way I like and all that. I figure that the last step is to install xen.
<ChmEarl> chowder, best bet is to build xen and dom0 from sources
<chowder> ChmEarl, http://www.ubuntuupdates.org/packages/show/292562 <--- xen package mentioned here. Why is it better to build from source if its already supported in the kernel?
<ChmEarl> let me see
<TheEvilPhoenix> ntoombs:  anything?
<ntoombs> copying the link now :)
<TheEvilPhoenix> :)
<ntoombs> http://i194.photobucket.com/albums/z286/ntoombs19/Screenshot2011-07-13at84932PM.png
<ntoombs> if you need more just ask
<ChmEarl> chowder, I tried that setup on oneiric -- it worked with linux-image-3.0-2-sever
<TheEvilPhoenix> ntoombs:  what's in that services dropdown list?
<TheEvilPhoenix> the complete list
<ntoombs> the services dropdown is where the ports come from and you can add new services in the services link
<TheEvilPhoenix> i'm aware
<TheEvilPhoenix> add a new service
<chowder> ChmEarl, well my question is where do I go from here? I've got a fresh install ready to go
<TheEvilPhoenix> named HTTP-alt, port 8080
<TheEvilPhoenix> oh wait
<TheEvilPhoenix> that wont work
<TheEvilPhoenix> darn, its one of THOSE routers
<TheEvilPhoenix> </rage>
<ChmEarl> chowder, do apt-cache search linux-image-generic  <-- what's the highest version available for 11.04?
<TheEvilPhoenix> i mean theoretically...
<chowder> ChmEarl, one moment, please
<TheEvilPhoenix> you can use 8080 forwarded to your system, then use an iptables forward or something to reroute it to port 80 at the box
<twb> ChmEarl: rmadison knows
<TheEvilPhoenix> but i'm not sure of the method for that
<ntoombs> TheEvilPhoenix: There is not an 8080 service but i could easily make one
<chowder> ChmEarl, it doesn't say which version it is
<ChmEarl> sorry apt-cache show
<ntoombs> i was hoping to make this a public webserver so i don't want everyone to have to go through port 8080 to get to it
<TheEvilPhoenix> ntoombs:  can i /query ya for a sec?
<ntoombs> yea
<chowder> ChmEarl, 2.6.38.10.25
<ChmEarl> chowder, not ready for xen dom0 -- you will have no support for domU
<chowder> ChmEarl, so I need a later kernel?
<ChmEarl> chowder, later or a build from source known to support xen
<chowder> hmmm...this sucks.
<ChmEarl> chowder, but as you said earlier, natty does have xen and xen-tools in repo, but no kernel yet
<ChmEarl> sorry, not tools, xen-utils-4.1
<chowder> recompiling the kernel takes 100 years...especially to go through all of those options
<chowder> I'd rather just reinstall debian testing or something and save myself the headache
<ChmEarl> chowder, do you know `kevin on ##xen? he has a solution in his ~/kernel tree
<chowder> ChmEarl, never heard of him but I can contact him, I guess
<ChmEarl> ask for the 2.6.38 dom0 kernel archive
<chowder> I really don't care about the Dom0 too much. I just need it to be stable. After all, it will be managing my other vms
<kirkland> serue_: hi, here now
<serue_> kirkland: was just wondering whether you wanted the latest changes in lp:ecryptfs rolled into an oneiric release or not.
<kirkland> serue_: yeah, definitely
<kirkland> serue_: sooner the better, too
<kirkland> serue_: poke me tomorrow and we'll walk through the release procedure
<serue_> kirkland: d'oh, i'm out tomorrow and friday
<kirkland> serue_: heh
<kirkland> serue_: okay, Monday?
<serue_> cool
<serue_> thanks
<serue_> kirkland: talk to you then
<serue_> SpamapS: lxc?
<SubSolar> Question, I was looking at an Ubuntu 9 machine yesterday that was being used as a file server for Windows clients.  But it looked like a stock/default smb.conf.  Can it be using a different config file located somewhere else?
<qman__> first, there is no 'Ubuntu 9', there is 9.04 and 9.10; second, it's possible but it would have to have modified init scripts or be started in a different way
<qman__> the 'homes' configuration is included but commented in the default file
<qman__> it's likely they simply uncommented it
<SubSolar> Hmm, it was /share
<SubSolar> Also, I'm not sure if it's 9.04 or 9.10.  If I wanted to upgrade to the latest 11, can I do it straight or do I have to go from 9 to 10 to 11?
<qman__> ubuntu version numbers don't work that way
<qman__> I guess I wasn't clear on that
<qman__> 9.04 would have to be first upgraded to 9.10, then 10.04, then 10.10, then 11.04
<SubSolar> Oh, damn.
<qman__> ubuntu version numbers are release dates
<qman__> 9.04 is april 2009, etc
<SubSolar> It may just be easier to format and install the latest ubuntu...
<qman__> probably
<SubSolar> since 9 is no longer getting updates
<qman__> but I would suggest using 10.04 instead
<qman__> because it will require less upgrades, as it will be able to upgrade directly to 12.04 when that comes out
<qman__> otherwise you'll run into the exact same thing when 11.04 is out of date
<e_t_> It usually is easier to do a clean install. For me, at least, it is also a good opportunity to de-cruft.
<qman__> 10.04 still has a little under four years left on it
<qman__> for server
<rurufufuss> so I have this line in a bash script: convert "$i" -scale "12.5%"
<rurufufuss> it takes in $i from for in in 'ls blah'
<rurufufuss> how do I make that handle filenames that have spaces in the middel?
<rurufufuss> whoops, only discovered that #bash exists
<twb> rurufufuss: by not using ls
<twb> But yeah, #bash is the place to ask
<Tommy_> hi
<Tommy_> how to correct very small fonts in ubuntu server version?
<Tommy_> on CLI screen, I found only small fonts
<Tommy_> I wish somebody could help me as it is burning issues nobody can solve
<Tommy_> hello
<Tommy_> hello , can you hear me ? is it late there on the line ? is it bed time ?
<e_t_> For me, it's nearly 2AM.
<e_t_> Also, consider that everyone here is a volunteer. If no one knows the answer to your question (as I do not), no one will respond.
<Tommy_> oh
<Tommy_> so what do you think I should do?
<twb> Tommy_: dpkg-reconfigure console-setup
<Tommy_> :(
<twb> Tommy_: if that doesn't work, blacklist the framebuffer driver that's being loaded
<twb> http://paste.debian.net/122845/
<e_t_> You can connect to the server via SSH and use a graphical terminal program with adjustable font sizes.
<twb> In the latter case, you'll need to run "update-initramfs -u -k all"
<twb> e_t_: assuming he's silly enough to run a graphical system on his desktop :-P
<Tommy_> How can I know if I use frame buffer or not
<Tommy_> ?
<twb> Tommy_: lsmod | grep fb
<airtonix> twb: oh you
<Tommy_> what?
<Tommy_> i tried update-initramfs -u -k all. and rebooted. not ok yet
<twb> airtonix:
<twb> Sorry
<twb> Tommy_: is it still loading a framebuffer driver?
<Tommy_> i do not know how to to check if it is still loading framebuffer
<Tommy_> but fonts is still small
<twb> Tommy_: lsmod | grep fb
<Tommy_> ok i will try
<Tommy_> what should I read for you ?
<twb> pastebin the output of that command
<twb> Ok, that's odd.
<twb> I jsut checked on my sid .38 system, and it has no fbcon module loaded
<twb> But it *does* have i915 and drm_kms_helper
<Tommy_> http://pastebin.ubuntu.com/643950/
<uvirtbot> New bug: #810397 in autofs5 (main) "can't mount non IPv6 NFS shares" [Undecided,New] https://launchpad.net/bugs/810397
<Fidelix> Hello, can someone help me with this? Jul 14 08:47:56 fidelix sshd[14040]: reverse mapping checking getaddrinfo for 18740105196.user.veloxzone.com.br [187.40.105.196] failed - POSSIBLE BREAK-IN ATTEMPT!
<Fidelix> I can't make a passwordless login on my server, and this appears in the server's /var/log/auth.log when I try to ssh
<patdk-wk> it's just a warning, ignore it
<patdk-wk> there isn't anything you can do about it, unless you bitch to your isp for a few months, they might fix it
<_ruben> nothing you can do about the warning that is, passwordless logins oughta be a possibility still
<Fidelix> I was only able to do a passwordless login after I set UseDNS no on sshd_config
<uvirtbot> New bug: #810270 in cups (main) "AppArmor profiles need updates for /var/run â /run and /var/lock â /run/lock" [High,Fix committed] https://launchpad.net/bugs/810270
<uvirtbot> New bug: #810051 in nova "Copyright/legal issues in Nova (from Debian upstream)" [Low,Confirmed] https://launchpad.net/bugs/810051
<zul> lovely mysql explicity depends on a gcc version now
<Daviey> :o
<skaet> yuk.
 * skaet hopes its not an old version, and its a dependency on a specific bug implementation.... :P
<hggdh> smoser: we need to test the new -proposed kernel for Hardy
<hggdh> smoser: on EC2, forgot to mention, sorry
<smoser> hggdh, what do you need (anything?) from me?
<hggdh> smoser: I though we could run the Hardy with a --kernel= pointing to the lucid AKI
<hggdh> darn! If I run on us-east1, I should provide an AKI from us-east1...
<utlemming> smoser, hggdh: anything I can help with on testing the EC2 hardy kernel?
<smoser> hggdh, wait...
<smoser> if you wan tot test the -proposed kernel in hardy
<smoser> then you boot the hardy image with the pv-grub kernel
<smoser> and apt-get dist upgrade
<smoser> and reboot
<hggdh> smoser: yes -- with the --kernel pointing to the lucid pv-grub aki, correct?
<smoser> yeah.
<smoser> you confused me when you said "lucid AKI"
<smoser> its not really a lucid AKI, but a generic (amazon owned) aki
<hggdh> utlemming: I have it running now, thanks
<hggdh> smoser: heh -- you published it in an email talking about Lucid, so I ass-u-med it was Lucid
<patrickmw> jamespage: how's the jenkins ppa coming along?
<jamespage> 7 packages to go
<patrickmw> nice!
<jamespage> currently unblocking something upstream in Debian
<jamespage> (oh and thats oneiric archive - not PPA :-))
<patrickmw> aww
<semiosis> is there any way to have old versions preserved in a PPA?  currently whenever i upload a new version of a package the old version gets deleted.  can it keep them?
<SpamapS> semiosis: when thats needed, its best to either have two PPA's, or add the version to the source package name.
<uvirtbot> New bug: #810580 in mysql-5.1 (main) "mknod /run/mysqld/mysqld.sock is blocked by apparmor" [Undecided,New] https://launchpad.net/bugs/810580
<semiosis> SpamapS: thanks thats what i was afraid of
<foughala> hello
<foughala> i want some help, please
<foughala> about Wired Connection
<foughala> i have two PCs
<foughala> &  a switch
<foughala> one PC with XP sp2
<foughala> and this one with Ubuntu 11.04
<xibalba_> good afternoon folks
<xibalba_> i need a little help getting ubuntu 10.04 LTS installed ona Super Micro box with RAID 1
<xibalba_> i went through the install once, and it completed successfully.
<xibalba_> upon reboot i was dropped into a command prompt "grub rescue>"
<xibalba_> i'm re-running the ubuntu install right now, thinking i messed up the grub settings somewhere. I wantd to know if anyone had any advice or input on this install type
<lucidl> what's the safest way to upgrade to a newer release of a application that is in a newer release of ubuntu, into a older release
<lucidl> I want to  install nut 2.6 branch instead of the 2.4.3 that is in lucid server
<xibalba_> looks like i should go the fakeraid router maybe
<xibalba_> i thought the intel stuff would be supported, it's an ich10r
<pythonirc101> I've a ubuntu server that is connected on the web using dhcp. What is the easiest way to configure it so that I can access it from outside? (from anywhere -- the dhcp is a 192.xxx ip)
<e_t_> pythonirc101: set up port forwarding on your Internet-facing router to forward port 80 traffic to the server.
<jamespage> smoser: python-boto 2.0 \o/
<smoser> :)
<smoser> let the fallout begin
<jamespage> hehe
<uvirtbot> New bug: #810736 in samba (main) "logrotate script needs to notify all samba processes when logs are rotated" [Undecided,New] https://launchpad.net/bugs/810736
<Daviey> smoser: eeeek
<pythonirc101> e_t_: I would like to do ssh and http or anything else from outside so that i can forward the packets to this machine using a name or static ip perhaps.
<Daviey> you've busted everything
<Daviey> jamespage: ygm
<jamespage> Daviey: ygm to
<Daviey> so i have!
<e_t_> pythonirc101: The static IP will be on your router. You can buy a domain name from any of the registrars and assign that name to your static IP. After that, you still need port forwarding because a server with a 192... address cannot be reached from the Internet. You can forward all the ports you desire, though you should only forward those for services you're actually using.
<pythonirc101> e_t_: I dont have a static ip
<pythonirc101> my network administrator gives me only a dhcp connection
<pythonirc101> which is good for browsing and such but not running servers
<e_t_> pythonirc101: dyndns.org
<pythonirc101> e_t_: exactly. Now, can i use commandline from ubuntu server to configure dyndns?
<e_t_> pythonirc101: sudo apt-get install dyndns gets you the update client.
<pythonirc101> thanks
<pythonirc101> e_t_: how do i get a name?
<pythonirc101> can it be done from the commandline?
<pythonirc101> e_t_: perhaps this will work : http://en.kioskea.net/faq/718-installing-a-dyndns-client ?
<e_t_> pythonirc101: No. You'll need to visit the dyndns website and set up an account. I think you can get a subdomain (i.e. pythonirc.dyndns.org) for free. After that, you configure the client program according to the instructions you posted.
<pythonirc101> e_t_: if i have 20 such machines to run, then this doesnt sound like a good solution :(
<utlemming> smoser: ping
<pythonirc101> hence i wanted a commandline solution
<smoser> here
<smoser> but not for long utlemming
<e_t_> pythonirc101: Perhaps you should describe your setup in more detail. There might be alternate solutions.
<utlemming> smoser: k
<utlemming> do you want to sync up tomorrow morning then on the training thingy for Monday?
<smoser> yes
<utlemming> kees, I'll ping you around 10:30ish (GMT-0:600)
<utlemming> Interesting...apparently my IRC client replaces k\, with kees
<kees> heh :)
<utlemming> lol
<utlemming> smoser: I'll ping you around 10:30ish (GMT-06:00) if that works for you
<smoser> good deal
<zul> kees: i need to bug you tomorrow about a couple of openstack things
<CrazyGir> hello! forgive me if this is not the best place this question, but I'm not sure who else to direct this to, and I'm using kvm/libvirt & ubuntu-server, which it seems like a fair number of folks here are skilled with :)
<e_t_> !ask | CrazyGir
<ubottu> CrazyGir: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<CrazyGir> I have inherited responsibility over a set of VM servers and their VMs. I did not setup the servers themselves or the networking setup (which is a little complicated). These servers were originally going to be in a 2-node active-active cluster, but we ran into so many issues with that, the admin working on the systems separated them and they are now standalone (the networking config was left as is though)
<CrazyGir> I'm getting there, sorry, a lot to sort through and figure out what to say
<CrazyGir> I have been creating VMs on one of these systems, and am having a difficult time figuring out what I need to do to get network connections from the external interface to the VMs themselves
<e_t_> What you have to do is set up the VM host as a router. I can walk you through it.
<CrazyGir> that might already be done
<e_t_> Then you set up some iptables rules to do Network Address Translation, from the VMs to the outside.
<alamar> .o(eh.. what vm technology are we talking about?)
<alamar> ah
<alamar> i c, didnt scroll up enough
<CrazyGir> e_t_: how can I review/look at the current config there
<CrazyGir> I'm not as skilled in ubuntu/linux as I am in BSD
<CrazyGir> right now I have a bridge interface setup with an external IP
<e_t_> iptables -L or iptables -t nat -L will show any current iptables rules.
<CrazyGir> then a virtual bridge setup for the VM subnet
<CrazyGir> wow that cmd is slooooow
<e_t_> For me it's nearly instantaneous.
<CrazyGir> hrm
<CrazyGir> not here
<sparc> maybe add a -n
<sparc> to avoid dns resolution
<CrazyGir> this makes me miss pf
<CrazyGir> so I see this, which is related to the vm subnet: MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24
<CrazyGir> and two others, one ecah for TCP/UDP
<CrazyGir> that's outbound? source is .122.x and destination is anything else, am I understanding that correctly?
<e_t_> OK. That looks like it was set up with virt-manager. If you've got that program, you can handle the networks graphically.
<CrazyGir> virt-manager would run on the server?
<CrazyGir> e_t_: could the DRDB Management Console potentially have done thi?
<CrazyGir> that
<CrazyGir> *that
<e_t_> virt-manager is kind of cool in that it can connect to a remote kvm, but it can be run locally.
<e_t_> I have no knowledge of DRDB.
<CrazyGir> hmm.. I could probably get that setup in my xubuntu (local) vm
<pltmnky> I'm having trouble getting a qlogic IBA7322 HCA card recognized. The libraries are installed, the udev rules are in place, however the device is never populated.
<pltmnky> running ubuntu server 10.04
<pltmnky> it is an infiniband card
<e_t_> CrazyGir: You could also ask in #virt (OFTC).
<CrazyGir> for what? the network config?
<e_t_> For anything libvirt related.
<CrazyGir> hah
<CrazyGir> ok, well how should I go about working with / configuring these bridges to get from ext --> VM?
<CrazyGir> the virt-manager isn't able to connect, so if I can do this on the cli, that is fine
<e_t_> You want services running on the VMs to be accessible from outside?
<CrazyGir> yep, HTTP/etc
<e_t_> OK. That's port forwarding (it seems like that's the topic du jour).
<sarkis> what are these services in here /usr/share/dbus-1/services
<sarkis> used for?
<sarkis> how can i restart a certain service from that folder?
<CrazyGir> e_t_: for the immediate moment, port forwarding would be fine
<CrazyGir> in the future I would want to give some VMs ext IPs
<CrazyGir> e_t_: so iptables is what I should use to setup port forwarding?
<e_t_> CrazyGir: Yes. Here's a guide http://www.debian-administration.org/articles/73
<CrazyGir> thanks for the direction here :)
<CrazyGir> e_t_: are iptables commands entered via the cli, or is there a set of files you edit?
<e_t_> Command line. However, they are wiped out on reboot, so you'll want to enter anything you want to keep into a script to be run at boot.
<CrazyGir> hah!
<CrazyGir> oh what joy :)
<CrazyGir> is there anything in ubuntu that exists already as the "standard" script to add such iptables commands?
<e_t_> Not that I know of. You can add the commands to /etc/rc.local, or make a separate script and call it from rc.local.
<CrazyGir> oies
<CrazyGir> *okies
<CrazyGir> ok, so I have those rules in place, forwarding 8000 on the ext IP to 8000 on one specific VM
<CrazyGir> nothing gets through (browser times out, and http on the VM doesn't see anything) so is there a way I can confirm the TCP packets are even getting through to the VM?
<e_t_> ping or traceroute
<CrazyGir> oh nice! tcpdump to the rescure
<CrazyGir> *rescue
<CrazyGir> ok, I can confirm the packets getting through the server and off to the vm
<e_t_> But not coming back?
<CrazyGir> not getting to the VM
<CrazyGir> tcpdump run on the VM sees nothing
<CrazyGir> no iptables rules are setup on the VM
<CrazyGir> so I don't quite understand what is getting in the way
<CrazyGir> any thoughts / suggestions, not sure what to dig into next here
<e_t_> There shouldn't be an iptables on the VM itself.
<CrazyGir> there aren't
<CrazyGir> I'm able to SSH to the VM from the VM server
<CrazyGir> so I know the VM is setup correctly in that sense
<e_t_> Can you pastebin the output of ifconfig on the VM server?
<CrazyGir> sure
<CrazyGir> it's long, cause of all the VLAN/etc config for the original setup that is nolonger
<CrazyGir> 22:48:39.259017 IP ppp-x-x-x-x.XXX.net.44372 > 192.168.122.218.8001: Flags [S], seq 1399355578, win 8192, options [mss 1442,nop,nop,sackOK], length 0
<CrazyGir> e_t_: this is from tcpdump, does this confirm the packet was SENT to the .218 IP?
<CrazyGir> or just that it is destined for the IP
<e_t_> That just says it was sent.
<e_t_> You might also paste /etc/network/interfaces
<CrazyGir> there's a lot here i need to santize out :(
<CrazyGir> well, not a whole lot, but some
<CrazyGir> e_t_: http://dpaste.com/568852/
<CrazyGir> there's more in ifconfig
<pltmnky> ignore my question, qlogic cards use a mellanox chipset, had to install the mellanox drivers
<CrazyGir> that is good to know
<CrazyGir> e_t_: thoughts?
<e_t_> CrazyGir: It looks to me as though a lot of things a jumbled together in there, though that may be a result of sanitization.
<e_t_> s/a/are
<e_t_> This is a single VM server? If so, I would set it up to have one external IP (maybe bonded NICs, but one IP). There should be only one bridge interface, bound to eth0, and then all the VMs connected to that bridge interface.
<mfdl> Anyone have some time to work me through an installation issue?
<CrazyGir> e_t_: I believe that is exactly how it is setup, but with some other cruft (eg from drdb link between the two servers in the original cluster, etc)
<e_t_> CrazyGir: Well, I saw two bridges, an eth1, and an eth0.7 (0.0 - 0.6?). If there's a lot of networking cruft, it may be causing hidden routing errors.
<CrazyGir> hmmm
<CrazyGir> I know!
<CrazyGir> nginx to the rescue
<CrazyGir> for now I'll use nginx on the vm server :)
 * e_t_ has no idea how that will help.
<CrazyGir> it will help me get the immediate need resolved while making time for me to sort out these more complicated issues
<CrazyGir> the VM server can hit the VM network just fine, so I can use nginx as a reverse proxy
<CrazyGir> e_t_: how can I remove iptables rules?
<CrazyGir> err... remove _only_ those that I had added before
<e_t_> That's a little more difficult. iptables --flush will wipe everything.
<CrazyGir> yea
<e_t_> Which commands did you enter before?
<CrazyGir> I guess I could reboot, provided that the existing stuff is all in iptables
<e_t_> Rebooting would fix it.
<CrazyGir> from http://www.debian-administration.org/articles/73
<CrazyGir> it actually looks like ufw was used to configure this vm server
<CrazyGir> I imagine ufw has a way of persisting rules
<e_t_> it does
<CrazyGir> so a reboot will fix this
<e_t_> It should.
<CrazyGir> okies, thanks for your help! I'm going to take a break on this and come back with a fresh mind laters ;)
#ubuntu-server 2011-07-15
<rdvonz> How do I get my domain name connected through BIND?
<twb> Well, personally I would be using nsd instead of bind.
<twb> rdvonz: have you already gone through https://help.ubuntu.com/10.04/serverguide/C/dns.html ?
<rdvonz> @twb: I'll give it a look!
<twb> OK, feel free to ask again if you still have trouble
<rdvonz> @twb: Ah yes, I browsed through this article.
<twb> rdvonz: you don't need the "@" btw
<patdk-lap> but the @ is cool :)
<rdvonz> I'm too used to twitter/facebook/etc., sorry.
<rdvonz> twb: Do you know anything about webmin? I was using that because it gave me easier access to the config files. However, I still don't quite understand how all of this works. I have a computer right now that is running Apache without any virtual hosts. I have all the  information for the domain name, I have no idea how to translate it into my server.
<twb> I know: don't use it.
<twb> rdvonz: vhosts are trivial to set up in the default ubuntu /etc/apache2/sites-enabled/ layout, but if webmin is installed it may have broken that.
<twb> rdvonz: normally all you do is write a virtualhost entry in a new file in that dir, then a2ensite and run apache2ctl graceful.
<rdvonz> twb: Should I get rid of it?
<twb> rdvonz: unfortunately if you have used webmin already, its greasy prints may be all over the system even after you uninstall it.  A clean install would be best, but if that's a pain then you can avoid that and hope for the best
<rdvonz> twb: That still leaves the question of using the domain I have, how do I got about that?
<twb> rdvonz: uh, could you be more specific?
<twb> "use" how?
<rdvonz> twb: configure BIND so that it points to my server.
<patdk-lap> heh?
<patdk-lap> you mean configure bind and point dns to your bind server?
<patdk-lap> that sounds very unreliable
<twb> patdk-lap: you mean because bind tries to be both a caching resolver and a zone master/slave server?
 * rdvonz doesn't know what he's talking about. At all.
<twb> rdvonz: there are broadly two roles for a DNS server -- firstly, to serve your own domain(s) to the world; secondly, to serve the world's domains to your LAN.
<twb> rdvonz: BIND mixes the two together, when they really ought (IMO) to be totally separate services.  nsd and unbound are an alternative implementation that keeps them separate.
<twb> Of course, Ubuntu seems to recommend bind, whereas I'm just some guy
 * patdk-lap recommends powerdns :)
<patdk-lap> atleast for recursor
<patdk-lap> I should test nsd sometime
<twb> nsd was built by norwegians to run on the root servers, so me like big hug
<patdk-lap> same for powerdns, but just wasn't norwegians
<patdk-lap> I think it was germans
<twb> Also unlike mara, it has the same file format for zones as named, which is handy when e.g. Emacs has a major mode  that automatically updates the serial number whenever you save the file.
<patdk-lap> the only thing that I would use bind for, is if I had to support dynamic updates
<patdk-lap> and it had to be done via dns/dhcp
<twb> patdk-lap: I use dnsmasq for that
<twb> Basically cyber.com.au is "split horizon" -- laptops are added in dnsmasq and resolve internally only, but static allocations are served from quack.cyber.com.au (nsd) and dnsmasq points at it for parts of cyber.com.au it can't resolve on its own
<patdk-lap> heh, I refuse to do split horizon
<patdk-lap> I do install dnsmasq for small installations
<twb> I have five LANs, (limited) split horizon makes sense for me
<patdk-lap> I'm way over 5
<patdk-lap> I'm in about 40 lans
<twb> It's not full bind-style split horizon, you basically just say to dnsmasq "work it out" and it does some heuristics based on source iface and such
<patdk-lap> spit horizon muddies it too much
<twb> I can certainly see the argument for that :-)
<patdk-lap> pretty much did away with all of the need for that by using proxy-arp
<patdk-lap> or other mac tricks
<twb> I'd actually like to just disable ARP entirely
<twb> Have a static ip neighbours table hard-coded for the LDAP server, and then get all the other entries from machine objects in LDAP or something
<twb> I might end up doing that for prisons, but for the office ICBF.  And of course IPv6 ICMPv6 will obviate the problem Real Soon Now.
<twb> (problem = ARP poisoning &c)
<patdk-lap> ya, where I are about arp poisoning, I use ipsec
<patdk-lap> to cross between the user accessable lan, to the more secure lan
<twb> At one of the prisons, we actually have each switch port set to a specific MAC, and if it sees any other MAC, to lock that port until further notice
<twb> So you can still do spoofing, but you have to guess right first time :-)
<twb> (Oh, and there's physical security to prevent you bringing in boot media or unauthorized computers.)
<patdk-lap> all my users are rdp
<patdk-lap> so I just care if they attempt to use their rdp machine to mess with the control machines
<patdk-lap> mainly the windows ad servers
<patdk-lap> if they do screw with mac/arp, the ad will just get dos
<patdk-lap> only affects themselfs really
<patdk-lap> and since all traffic from that ad outside that lan uses ipsec, no info is gained
<twb> patdk-lap: so basically they are thin clients, except RDP instead of rlogin or X?
<patdk-lap> no
<patdk-lap> you don't do any work on your own machine, it's all done on these machines you rdp into
<patdk-lap> one machine per user
<twb> patdk-lap: that's called a thin client
<patdk-lap> one lan per customer
<patdk-lap> a thin client would be on the user side
<patdk-lap> I'm on the other end
<patdk-lap> we don't do the clients stuff
<patdk-lap> the clients log into us
<patdk-lap> I guess you could say, we run a whole thin client lab, without thinclients, only the backend hardware
<DanaG> Interesting... I tried the Broadcom (5723) card again...
<DanaG> Merely having it enabled, brought everything to a near halt.
<DanaG> It took over 1 minute to go from hitting enter after password, to getting the console.
<qman__> that happens sometimes, it may have nothing to do with your card
<DanaG> But disabling it fixed it.
<DanaG> And re-enabling it re-broke it.
<DanaG> And that's with no ethernet plugged in.
<DanaG> So for now, I'm using the Intel.
<qman__> the update checker may be attempting to use said broadcom for something
<qman__> you'd have to disable it to find out for sure
<DanaG> It literally went like this: boot enabled.... slow.  Reboot with disabled: fast.  Enabled: slow.  Disabled: fast.
<DanaG> ANd that was even with NO interfaces up.
<DanaG> Not even the Intel.
<qman__> a fair point, but the login time is not a good indicator of anything
<qman__> due to the number of things that happen in the motd and such
<DanaG> Heck, it was making even TYPING be slow.
<DanaG> I think.
<qman__> type rates, that's different
<qman__> top would clear it up
<DanaG> It felt like the driver was eating 60% of my cpu cycles.
<DanaG> I'll have to try that some time.
<DanaG> Anyway, for now I'm happy with the Intel ( http://www.newegg.com/Product/Product.aspx?Item=N82E16833106033 )
<qman__> I installed a similar model in my file server when the onboard died
<qman__> other than having to upgrade to lucid for lack of drivers in hardy, it worked out well
<qman__> I've since gotten a new board, but kept the intel NIC
<DanaG> hmm, anyone know of a realtime large-dir sync tool?  Aside from Unison, which took a long time to run with all files on one end and nothing on the other end.
<Defectz> Hello all, so I have a question about Ubuntu server, I Downloaded ubuntu Server 64 bit v11.04 and i burned it onto a dvd-r disk to install on my other computer. So it says to put in the cd, restart your computer, and follow the instructions on my screen. I did this but there is no instructions only something saying Solinux 4.01, copyright ect. What do i do now?
<nonotza> when I'm generating an ssl key and csr using openssl, how can I specify 2048 encryption?
<joschi> nonotza: with the last parameter of `openssl genrsa`, see `man genrsa`
<nonotza> thanks
<yann2> hello - is there any tutorial on how to use kvm-clock with Lucid? Is this even recommended? My guests currently don't, and drift a lot, even *with* ntpd installed :(
<stetho> Hi - Anyone know where I can get support on ircd-hybrid (installed on Ubuntu Server)? I have installed it and it seems to work fine - with one exception. Even with one room and one user trying to get a room list results in "server load too heavy" message. /list works fine
<iclebyte-work> quick question. Lets say I have domain.com. If I want to receive email for domain.com I only have to create an MX record on domain.com which points to mail.domain.com - I can then have the actual A record for domain.com point to another server correct?
<andol> iclebyte-work: yes
<iclebyte-work> okay thanks, i've got some support guys telling me I need to have mydomain.com point to my mail server in order to receive email other wise I can only get user@mail.mydomain.com - I just wanted this verifying. Thankyou
<andol> iclebyte-work: http://en.wikipedia.org/wiki/MX_record#History_of_fallback_to_A
<iclebyte-work> thanks.
<uvirtbot> New bug: #810977 in openldap (main) "slapd remove/reinstall fails" [Undecided,New] https://launchpad.net/bugs/810977
<jamespage> zul: around?  could you do a NEW upload for me?
<jamespage> RoAkSoAx: morning
<jamespage> RoAkSoAx: any chance you could do a couple of NEW uploads for me?
<Ethos> What's the preferred method for emailing logs from ubuntu-server (apache logs etc...)
<jMCg> Ethos: why would you do that?
<jMCg> Ethos: what problem are you trying to solve?
<Pici> Ethos: Does logwatch fit what you're looking for?
<Tommy_nmw> hi
<Tommy_nmw> who can help me pointing proxy in server to get internet?
<Tommy_nmw> hello
<Tommy_nmw> hello
<Tommy_nmw> is anyone there?
<Ursinha> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<Tommy_nmw> ok
<Tommy_nmw> in IRC, how  can i reply to the someone who answered me?
<Tommy_nmw> how to join #asterisk channel from webchat.freenode.net. it is hard because it needs port 6667
<Ursinha> Tommy_nmw: well, you're in freenode already, you just need to /j #asterisk
<Ursinha> :)
<Tommy_nmw> it really didn't work
<Tommy_nmw> as it also need specifc port
<Tommy_nmw> http://www.asterisk.org/support
<Tommy_nmw> hello
<uvirtbot> New bug: #811035 in euca2ools (main) "euca-upload-bundle: ImportError: cannot import name Connection " [Undecided,New] https://launchpad.net/bugs/811035
<Ursinha> Tommy_nmw: I just joined #asterisk and it's fine. In this window you just need to /j #asterisk
<Tommy_nmw> i m  using from webchat.freenode.net. not IRC client software
<Tommy_nmw> i got the following errors. [19:40] == #asterisk Cannot join channel (+r) - you need to be identified with services [19:47] == #asterisk Cannot join channel (+r) - you need to be identified with services [19:47] == #asterisk Cannot join channel (+r) - you need to be identified with services
<patdk-wk> just register your nick
<Ursinha> ah
<Ursinha> yeah, what patdk-wk said
<RoAkSoAx> jamespage: sure! point me to them and I'll upload later today
<jamespage> RoAkSoAx: thanks
<Tommy_nmw> how can I ?
<Tommy_nmw> complete command please
<Ursinha> Tommy_nmw: hehe, ask on #freenode
<Tommy_nmw> I donn't know what command I have to type
<Tommy_nmw> i m new to IRC command
<Ursinha> Tommy_nmw: so if you're new, first thing you should know is that we're all volunteers here
<Ursinha> demanding stuff may cause you to be ignored ;)
<Ursinha> Tommy_nmw: try /msg nickserv help register
<Ursinha> it will explain what you should do
<Tommy_nmw> I can register
<Tommy_nmw> but i can't verify
<Tommy_nmw> Can't use this command in this window eror appears
<Ursinha> Tommy_nmw: what's the error?
<Ethos> Could anyone recommended a good up-to-dateish Ubuntu server book?
<Ethos> http://www.amazon.com/dp/0137081332/?tag=stackoverfl08-20
<Ethos> Anygood?
<hggdh> Daviey: +1 sent
<Tommy_nmw> IRC sucks
<_ruben> then don't use it
<Daviey> hggdh: hurray
<pltmnky> Tommy_nmw: /msg nickserv identify yourpassword
<Daviey> hggdh: just need one from bdmurray then?
<Tommy_nmw> i tried
<Tommy_nmw> I kept getting #asterisk Cannot join channel (+r) - you need to be identified with services
<pltmnky> then you didnt match your passwords, or nickserv didnt recognize
<pltmnky> spacing is important
<pltmnky> nickserv isnt intelligent, only useful
<hggdh> Daviey: just need one more +1, from anybody in -control (of course, members of the server team are suspect due to conflict of interest)
<Tommy_nmw> [20:19] -NickServ- You are now identified for Tommy_nmw. [20:19] == #asterisk Cannot join channel (+r) - you need to be identified with services
<Daviey> hggdh: okay, will wait and see then.
<Pici> !register
<ubottu> Information about registering your nickname: https://help.ubuntu.com/community/InternetRelayChat/Registration - Type Â« /nick <nickname> Â» to select your nickname. Registration help available by typing /join #freenode
<Pici> Tommy_nmw: ^
<RoAkSoAx> Daviey: Howdy... is it still a target to get collectd in main?
<Daviey> RoAkSoAx: Should be, yes
<Daviey> I thought there was a MIR for it
<RoAkSoAx> Daviey: it is assigned to you and it is BLOCKED
<Daviey> bug #801721
<uvirtbot> Launchpad bug 801721 in collectd "[MIR] collectd" [Undecided,Incomplete] https://launchpad.net/bugs/801721
<RoAkSoAx> Daviey: ahhh lol :)
<RoAkSoAx> smoser: ping
<smoser> RoAkSoAx, howdy
<RoAkSoAx> smoser: howdy!! I'm trying your devenv. Are the VM's gonna use virbr0 (192.168.122.0/24?
<smoser> they go on their own bridge
<smoser> hole thing is isolated
<RoAkSoAx> smoser: ok, but if the host is the squid-deb-proxyu
<RoAkSoAx> smoser: i'm building cobbler and it is using a network on 192.168.122.0/24 I think, cause otherwise it wont be accessible to squid-deb-proxy which I'm pointing to it at 192.168.122.1
<smoser> i think it still should hit your squid dep proxy
<smoser> the dev-env builds its own cobbler vm
<smoser> that you stick on that isolated network
<smoser> oh... when you build that cobbler-vm, it just uses kvm guest net
<smoser> which wont hit your proxy unless you tell it to
<smoser> is that what you were asking RoAkSoAx ?
<RoAkSoAx> smoser: yeah
<smoser> see the README.txt in that subdir
<smoser> and in the preseed file there, is commented out a line for proxy
<smoser> give it some valid IP for your proxy server
<RoAkSoAx> smoser: yeah I know how to give the proxy IP, though my question is that it has correctly obtained the debs through the proxy, it has rebooted, and now it is stuck
<smoser> how stuck ?
<RoAkSoAx> smoser: nevermind, it is unstuck now lol
<smoser> so, it does a reboot and then does more stuff
<smoser> the reason was that adding orchestra-server to the list of packags brought in mcollective
<RoAkSoAx> smoser: but anyways... my point is that whenever we deploy a new machine that uses that cobbler server that was created... how do we ensure that the network is accessible to squid-deb-proxy
<smoser> and mcollective was failing to install during the installer
<smoser> i didn't open a bug on that...
<RoAkSoAx> given that you say that it is a new network created, which means we need to manually modify squid-deb-proxy?
<smoser> lynxman, ^
<smoser> does your squid-deb-proxy only listen on some network ?
<smoser> i think it will all "just work"
<smoser> oh wait.. .maybe not. maybe you will.
<smoser> wait. no it should work
<RoAkSoAx> smoser: on s-d-p you have to list the allowed networks
<RoAkSoAx> smoser: but let me finish testing
<lynxman> smoser: mvo did some modifications so we can tweak that through debconf, we do in orchestra
<smoser> RoAkSoAx,  i did not know that.
<smoser> lynxman, well ideally, it would "just work" from the installer.
<smoser> or at least not crash the installer
<smoser> :)
<lynxman> smoser: it worked last time I did it, just sayin'
<lynxman> smoser: not implying that you broke it ;)
<lynxman> smoser: and about mcollective waiting for Daviey to upload 1.2.1 with some fixes, including the dependency for stomp that was dropped somehow
<Voziv> Hello, how I can I specify static dns servers while still having my network interface use dhcp?
<smoser> Voziv, you have to configure the dhcp server
<Voziv> And for those of us who don't have access to their dhcp server?
<patdk-wk> na you don't
<patdk-wk> you just have to remove the dns lines from dhclient
<patdk-wk> or override them
<RoAkSoAx> smoser: ok after installing the cobbler image I cannot connect to the squid-deb-proxy server on 192.168.122.1
<RoAkSoAx> which is obvious as it is a different network
<patdk-wk> there is even an example in /etc/dhcp3/dhclient.conf
<Voziv> patdk-wk: that file is empty for me
<patdk-wk> what version you running?
<Voziv> 10.04
<patdk-wk> strange, same as me, so it should exist
<smoser> jamespage, around ?
<jamespage> smoser: yep
<jamespage> wassup
<Voziv> it exists, it's just empty
<smoser> you easily able to test http://paste.ubuntu.com/644828/
<smoser> if that makes euca2ools 1.3.1 happy as it is, i'll hold off a bit on the upload of a newer version
<smoser> RoAkSoAx, yeah, that makes sense.
<smoser> RoAkSoAx, so you run a squid-deb-proxy in a guest ?
<jamespage> smoser: yep - give me 5
<RoAkSoAx> smoser: nope actually I was running it on the host
<RoAkSoAx> smoser: but telling the VM's to use the ipaddress of virbr0
<RoAkSoAx> instead of the IP address of the host itself
<smoser> RoAkSoAx, right.
<smoser> jamespage, http://paste.ubuntu.com/644831/
<smoser> is against full installed file names
<smoser> i tested at least no import error
<RoAkSoAx> smoser: so in the preseed, I change the mirror to the ip that I have in wlan0 and it fails
<jamespage> smoser: http://paste.ubuntu.com/644833/
<jamespage> no so happy
<smoser> right.
<smoser> i'll poke some more
<SpamapS> Hey do we have a jenkins setup available to us by any chance? Been thinking it would be good to setup continuous functional testing of Ensemble.
<smoser> jamespage, http://paste.ubuntu.com/644839/
<smoser> that one worked for me in a : uec-publish-image --type image -vv x86_64 euca2ools.spec smoser-test
<RoAkSoAx> smoser: why are you installing cman?
<RoAkSoAx> smoser: http://paste.ubuntu.com/644848/
<jamespage> smoser: that worked nicely
<robbiew> SpamapS: RoAkSoAx: who should own this blueprint now -> https://blueprints.launchpad.net/ubuntu/+spec/server-o-ensemble-orchestra-openstack-support
 * robbiew notices it's not started...but I know work is being done this week ;)
<robbiew> Daviey: fyi ^^^
<Daviey> robbiew: Great!  RoAkSoAx has committed to sending us a status update towards the end of day.
<robbiew> Daviey: cool...but we should update the blueprint, right?
<robbiew> to reflect reality
<robbiew> currently the effort is assigned to SpamapS and has ZERO workitems done :/
<SpamapS> Lets look again tho..
<Daviey> robbiew: yeah, adding it to the overview tracking page
<robbiew> https://blueprints.launchpad.net/ubuntu/+spec/server-o-install-experience  needs some love too....I think the boot-experience is already known ;)
 * robbiew is catching up with his todos...which means he has more time to dig ;)
 * robbiew just realizes he probably just triggered Daviey to give him more ToDos
<Daviey> hell. yes.
<SpamapS> robbiew: refresh
 * SpamapS has been quite remiss in updating his WI's
<RoAkSoAx> Daviey: towards end of the weekend more likely :)
<Daviey> RoAkSoAx: Yeah, best not send emails whislt intoxicated.
<RoAkSoAx> Daviey: hehehe
<RoAkSoAx> smoser: ping
<RoAkSoAx> smoser: how cna I ensure that the host is listening
<smoser> RoAkSoAx, here.
<smoser> where host = cobbler server ?
<RoAkSoAx> smoser: err host where the cobbler server is running
<RoAkSoAx> as virsh cannot connect
<RoAkSoAx> to start the machine
<smoser> you are wanting to start one of the nodes?
<smoser> is that right ?
<RoAkSoAx> smoser: never mind, figured it out... so anyways
<smoser> did you see the 'HOWTO' there ?
<RoAkSoAx> smoser: ensemble is working with your devenv beautifully
<RoAkSoAx> smoser: spoke too soon :)
<SpamapS> RoAkSoAx: can you take a look at https://blueprints.launchpad.net/ubuntu/+spec/server-o-ensemble-orchestra-openstack-support and add a WI for what you've been doing, and any extra info to help us track the status?
<pltmnky> anybody have time to help me out with an infiniband network problem?
<smoser> RoAkSoAx, whats going wrong ? i'd like to help.
<smoser> i'd like to make the "build cobbler server" work better, and "just work" with as little config from user as possible
<RoAkSoAx> smoser: is a prblem with the preseed
<RoAkSoAx> SpamapS: sure
<RoAkSoAx> smoser: on the cobbler dev image can you make that /etc/hosts  points to the IP of the cobbler server instead of 127.0.0.1 or whatever is there
<smoser> RoAkSoAx, you mean 'cobbler' entry in /etc/hosts, you want it to point to its "real IP" ?
<roasted> Question - if I'm running an Ubuntu DHCP server with 2 NICs, would each NIC hand out IP addresses?
<smoser> i think the debian policy is that /etc/hosts for 'hostname' should have 127.0.1.1.  the installer actually sets that.
<Daviey> RoAkSoAx: Early next week, are you able to look at the cobbler bugs? https://bugs.launchpad.net/ubuntu/+source/cobbler
<RoAkSoAx> smoser: yes, otherwise the "nopxe" will make the installation fail as for node0X cobbler server would be 127.0.0.X instead of 192.168.123.2
<Daviey> smoser: This disucssion is deja-vu.
<smoser> exactly.
<smoser> :)
<RoAkSoAx> Daviey: yeah I was planning to that :)
<Daviey> RoAkSoAx: rocking!
<smoser> RoAkSoAx, it shouldnht fail
<RoAkSoAx> smoser: right, it is either that, or tell /etc/cobbler/settings that next_server and server are the IP instead of "cobbler"
<smoser> we write into /etc/cobbler/settings that the 'server' is "cobbler"
<smoser> if it uses that string as the 'http_server' value, then that should work
<RoAkSoAx> smoser: yes, but in /etc/hosts , cobbler is 127.X.X.X
<smoser> as the client will correctly resolve 'cobbler' to a read host
<RoAkSoAx> smoser: so that tells the preseed that the cobbler server is "127.X.X.X"
<smoser> RoAkSoAx, but cobbler should not attempt to resolve locally that name
<smoser> really?
<smoser> i dont think thats what is happening
<RoAkSoAx> smoser: yes, just tried it
<smoser> oh.
<smoser> nho
<smoser> the devenv doesn't set 'server' right i think
<RoAkSoAx> smoser: i just changed /etc/hosts to 192.168.123.2 cobbler
<RoAkSoAx> and it works
<smoser> thats just completley wrong
<smoser> oh.. here.
<smoser> on your cobbler server
<smoser> get the preseed values for a node
<smoser> i think you will see 127.0.1.1 in there.
<smoser> i swear i went though this.
<smoser> s/went through this/hit this and made it work with 'cobbler'/
<RoAkSoAx> smoser: yes I see 127.0.1.1 but it is wrong as it should be the public IP of the cobbler server
<RoAkSoAx> smoser: otherwise node0X won't be able to access the cobbler server to set the nopxe stuff
<Daviey> smoser / RoAkSoAx: I thought we were agreeing not to rely on name resolution?
<RoAkSoAx> Daviey: that's just the dev environment, not on the real thing
<Daviey> ah
<smoser> RoAkSoAx, agreed that is wrong tha tyou see that.
<smoser> but i think you just have to set something int he /etc/settings correctly
<RoAkSoAx> smoser: yeah either way works
<RoAkSoAx> smoser: but I do prefer that the /etc/cobbler/settings are set correctly
<smoser> so what do you have in /etc/cobbler/settings for 'server' ?
<utlemming> smoser: do you want to chat now, or do you want to put it off for a bit? It looks like you guys are in a grove now.
<RoAkSoAx> smoser: server and next_server are both the IP address
<smoser> RoAkSoAx, but you should be able to put 'cobbler' there.
<smoser> it absolutely is wrong for cobbler to resolve that for http server
<smoser> *especially* to resolve it via /etc/hosts
<smoser> RoAkSoAx, it "works for me"
<smoser> http://paste.ubuntu.com/644879/
<smoser> utlemming, yeah, we can chat
<RoAkSoAx> smoser: it doesn't work for me but you should not be using cobbler becuase cobbler is never mapped to 192.168.123.2
<smoser> RoAkSoAx, it is mapped to that
<smoser> via dns
<RoAkSoAx> smoser: right, so maybe in my setup something is not working well with the dns sstuff
<smoser> $ ps axw | grep dnsm.*cobb
<smoser> RoAkSoAx, ^ what does that show?
<smoser> and /var/lib/libvirt/dnsmasq/cobbler-devnet.hostsfile
<smoser> should be populated
<RoAkSoAx> 4105 pts/0    S+     0:00 grep --color=auto dnsm.*cobb
<RoAkSoAx> 22819 ?        S      0:00 dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/cobbler-devnet.pid --conf-file= --except-interface lo --listen-address 192.168.123.1 --dhcp-range 192.168.123.2,192.168.123.254 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/cobbler-devnet.leases --dhcp-lease-max=253 --dhcp-no-override --dhcp-hostsfile=/var/lib/libvirt/dnsmasq/cobbler-devnet.hostsfile --dhcp-boot pxelinux.0,,192.168.123.2
<RoAkSoAx> it is
<smoser> RoAkSoAx, i never tried it the whole way through
<smoser> but if the nodes do dns lookup, they should be good
<RoAkSoAx> smoser: "The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it."
<RoAkSoAx> 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
<smoser> RoAkSoAx, right...
<smoser> absolutely
<RoAkSoAx> smoser: so maybe it is not resolving as when it creates the kickstart it passes 127.0.1.1 when it should not be like that
<uvirtbot`> New bug: #811149 in mysql-5.1 (main) "package mysql-server-5.1 (not installed) failed to install/upgrade: ErrorMessage: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/811149
<uvirtbot`> New bug: #811151 in mysql-5.1 (main) "package mysql-server-5.1 (not installed) failed to install/upgrade: ErrorMessage: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/811151
<uvirtbot`> New bug: #811154 in openssh (main) "package openssh-server 1:5.8p1-1ubuntu3 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/811154
<CrazyGir> hello! with ufw, how do you remove an entry
<robbiew> jdstrand: ^^^
<martyn> Okay, I'd like to get openMPI 1.5.3 (or .4 when it's released in a week) into oneric
<martyn> if I create the source deb, what's needed to get it included?
<roasted> Would it be a headache to set up two DHCP scopes within Ubuntu and tag each scope to a different VLAN?
<patdk-wk> no, that is simple
<roasted> is the tagging done in the dhcp scope or in the interface file per eth1 or eth2, etc?
<SpamapS> roasted: VLAN tagging would be the network interface's responsibility
<jdstrand> CrazyGir: re ufw> either prepend 'delete' in front of the rule you used to add it, or use 'sudo ufw status numbered' followed by 'sudo ufw delete #'
<jdstrand> CrazyGir: see 'man ufw' for details
<roasted> SpamapS, so I wouldn't put any VLAN tags within the dhcp scope at all then?
<SpamapS> roasted: no, you would configure a vlan interface which you'd bind dhcpd to
<RoAkSoAx> smoser: for some reason in the devenv, the oinstalled host didn't disable PXE
<roasted> SpamapS, would it just be done by a single vlan=1 tag or something like that?
<patdk-wk> heh?
<patdk-wk> normally vlans are named like, eth0.1, eth0.10, eth0.11
<roasted> I never did vlaning in linux
<SpamapS> roasted: I think this works https://wiki.ubuntu.com/vlan
<patdk-wk> you could name them otherways, but it gets hard then whe nyou have more than one nic
<patdk-wk> that is pretty confusing
<smoser> RoAkSoAx, so you mean it looped ?
<patdk-wk> I only do the last part, modify the interfaces file
<SpamapS> man interfaces doesn't mention 'vlan-raw-device'
<smoser> the preseed file that i supplied int hat image does not have any snippit or varialbe for nopxe callback
<RoAkSoAx> smoser: yeah just realized that
<RoAkSoAx> smoser: i though it did :)
<roasted> SpamapS, that looks good. and easy. thank you!
<SpamapS> ahh.. looks like the 'vlan' package implementes it in if-pre-up.d
<smoser> no. RoAkSoAx so we want to have that added.
<roasted> SpamapS, that a good thing, I assume?
<patdk-wk> well, it won't work till you apt-get install vlan
<smoser> RoAkSoAx, i'll update it with http://paste.ubuntu.com/643466/
<smoser> was the preseed otherwise correct?
<roasted> oh right
<roasted> its like 3 steps
<SpamapS> doc needs updating then
<patdk-wk> apt-get install vlan; vim /etc/network/interfaces; ifup eth0.x
<roasted> apt-get install vlan, add eth# to vlan#, assign static ip/subnet, etc
<smoser> RoAkSoAx, ok. that is done. and pushed.
<smoser> RoAkSoAx, did you use the 'setup.py' stuff to populate nodes ?
<smoser> id' be interested in modifying that to support tagging the management class to assign it to an ensemble user also
<RoAkSoAx> smoser: yeah I already corrected the preseed
<RoAkSoAx> smoser: we need to start merging this stuff into lp:orchestra (basically the preseed)
<smoser> right. we do.
<kirkland> smoser: RoAkSoAx: +1
<smoser> kim0, around ?
<smoser> RoAkSoAx, i think after that long discussion we decided to use a snippet for the ensemble late_command so we'll need to do that. and i would suggest that we do the same for the nopxe
<smoser> RoAkSoAx, SpamapS i think the late_command ends up looking something like this:
<smoser> d-i   preseed/late_command string true && \
<smoser>    $SNIPPET('ENSEMBLE_LATE_COMMAND') && \
<smoser>    $SNIPPET('DISABLE_PXE') && \
<smoser>    true # add your late_commands here
<RoAkSoAx> smoser: looks good to me
<robbiew> RoAkSoAx: so are you the only person on the team not attending a sprint Aug 8-12 ?
<robbiew> :)
<robbiew> RoAkSoAx: interested in joining us in Austin...would probably help the Ensemble team...figure millbank isn't an option for you atm
<RoAkSoAx> robbiew: yeah I'm the only one not attending :'(
<RoAkSoAx> robbiew: and sure I'll be more than glad to travel
<robbiew> that's easily rectified
<robbiew> RoAkSoAx: perfect...add your name to the wiki page and let marianna know you'll need accommodation
<RoAkSoAx> robbiew: hehe wanted to go to Dublin/London for a loooooooooooooooooooooooong time :)
<RoAkSoAx> robbiew: cool, will do
<robbiew> then book the flight
<robbiew> yeah....poor timing, I guess
<RoAkSoAx> robbiew: Will do. Thanks
<utlemming> RoAkSoAx: fly Delta out of St. Paul...then we can give Robbie a little heartburn.
<ChmEarl> boot succeeds but hangs for 40s at init-bottom script and throws timeout error on `watershed vgscan`. My root in on LVM
<ChmEarl> this is oneiric with custom kernel from git (dom0)
<RoAkSoAx> utlemming: St.Paul as in MN?
<ChmEarl> if I install mdadm (don't need it) the hang time goes away, but I have tons of raid modules loaded that I don't need
<utlemming> RoAkSoAx: Yeah, but from where you are that would be a miserable conncetion
<RoAkSoAx> utlemming: heh.. I actually did depart from St. Paul once (To Detroit through ) and wouldn't do it twice :)
<RoAkSoAx> in delta
<utlemming> lol, worst I had was a flight from Seattle to Salt Lake through Dallas. Last time I want to fly American
<utlemming> s/want to/did/
<RoAkSoAx> utlemming: heh... AA for me has been great so far
<robbiew> utlemming: lol
<uvirtbot`> New bug: #811273 in php5 (main) "FTBFS due to libpng (and lesser libjpeg)" [Undecided,New] https://launchpad.net/bugs/811273
<uvirtbot`> New bug: #811275 in dovecot (main) "package mail-stack-delivery 1:2.0.13-1ubuntu2 failed to install/upgrade: Unterprozess installiertes post-removal-Skript gab den Fehlerwert 1 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/811275
<xibalba_> hi folks, has anyone here done nic-boning with Ubuntu 10.04 LTS ? I am trying to create 2 BOND groups, but only my first bond is showing up
<xibalba_> and actually my first bond isn't applying the correct settings
<xibalba_> hmm, this chan seems a little inactive, and #ubuntu is a little too active
#ubuntu-server 2011-07-16
<lickalott> gents, having an issue with znc on ubuntu server 11.04 randomly dc'ing.  has anyone seen this?
<CrazyGir> jdstrand: thank you!
<CrystalVoid> if i installed onto btrfs can i do a snapshot of the entire os? or only sub volumes?
<patdk-lap> what is the difference?
<patdk-lap> aren't they one in the same?
<CrystalVoid> i may be mis understanding  *first time ever relly spending any time thinking about filesystem things
<CrystalVoid> what would the command look like ?  something like "btrfs subvolume snapshot  / snapshot-name" ?
<patdk-lap> with btrfs, everything is a subvolume
<patdk-lap> you can view them different ways, like point in time views, if you wish
<patdk-lap> dunno how flexable they have made it yet
<patdk-lap> but technically it could even do multible streams from the same base
<patdk-lap> it's been alittle over a year since I used btrfs
<CrystalVoid> ahh thanks tho :) it all helps
<CrystalVoid> any chance you rember how to restore a snapshot?
<patdk-lap> restore?
<CrystalVoid> .. if a take a snap shot of something .. then brake it .. how would i go back to that point?
<tiphares> hey does anyone have the slightest clue how ftp-proxy works with ubutnu? i can't find anything worthwhole on google, and the docs for it makes no sense to me :(
<uvirtbot`> New bug: #811428 in apache2 (main) "Apache does not honor -FollowSymlinks due to TOCTOU, which allows access to /proc/<pid>/ files" [Undecided,New] https://launchpad.net/bugs/811428
<_johnny> hi, i'm running ubuntu 9 (karmic) and have some troubles setting up wlan properly. i have gnome, and installed network-manager-gnome and set the network up just fine. got ip, able to resolve etc. however i'm unable to "make available to all" for the wireless connection. it's simply greyed out. any ideas?
<StevenR> _johnny: are you logged in as someone with "sudo" privs?
<uvirtbot`> New bug: #278075 in dapper-backports "DSBL is gone and needs to be removed from SpamAssassin" [High,Fix released] https://launchpad.net/bugs/278075
<johna> Hi
<johna> I am new to ubuntu server - my previous setup was Centos 5.5. so 1) i am used to using a GUI interface - any suggestions as to a suitable GUI for Ubuntu?
<slyboots> Hey
<slyboots> Does anyone know a decent way of manaing LVM and by extension LUN setups on a Ubuntu server? Preferably web/console based with a decent UI
<slyboots> Doing this by hand is a .. git.
<uvirtbot`> New bug: #811518 in samba (main) "SAMBA cannot browse Workgroups, name resolve order" [Undecided,New] https://launchpad.net/bugs/811518
<patdk-lap> heh, it's simple by hand
<patdk-lap> but what do you mean by extension LUN setups? you mean iscsi?
<slyboots> Well more resizing
<patdk-lap> if you purely want a web system to do that, look at openfiler
<slyboots> Its fecking harrowing trying to *shrink* a LVM since if you do it wrong you butcher the data
<patdk-lap> well, that's a given :)
<slyboots> LUN's are easy
<slyboots> its just.. I dont like poking LVM's espically resizing when I can help it
<dejuren> whois chex
<johna> What if any is the downside of LVM on a server, and conversely what is the upside?
<qman__> LVM offers more flexibility than direct partitions at the expense of some minute amounts of space and the overhead of an abstraction layer
<johna> qman__: thanks, I am new to Ubuntu, I was using Centos, my server died PS problem blew everything, so I am setting up a new server. my current needs are postfix/dovecot & webdav. HW config phenom II, 8Gb, 4 x 1Tb hd.  1st problem how to config HDs, then on to SW. Any advice would be welcome, in fact its desperately needed! TIA
<qman__> depends entirely on your load, importance of data vs performance, etc...
<qman__> quad core phenom?
<qman__> postfix+dovecot is easy to do on ubuntu, I haven't done webdav
<uvirtbot`> New bug: #811568 in squid-langpack (main) "Sync squid-langpack 20110707-1 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/811568
<qman__> if speed and reliability are more important, I'd do raid 10, if capacity and reliability are important, raid 5
<qman__> regardless of what you choose, I'd do mdraid (it's in ubuntu's setup)
<johna> qman__:  quad core = yes.
<qman__> then raid 5 should perform well enough provided you have a half decent disk controller
<qman__> AMD 8 and 9 series are good enough
<qman__> for four disks at least
<qman__> but if you want the most speed, 10 is better
<johna> qman__:  I had thought of adding a 5th as a spare, but the pocket book need to rest.
<qman__> most important thing is setting up smartctl
<qman__> a couple years ago I lost a raid 5 array when three drives died the same day
<qman__> had I had smartctl set up properly I would have gotten a few days warning
<johna> qman__: would /boot - raid 1, swap - raid 0 , /tmp raid 1, /root raid 5/6, /common raid 5/6 (long term data store) as partitions be reasonable, or would I be better to put rrot and common under LVM.
<qman__> that's way more complicated than it needs to be
<qman__> unless you plan on actually needing lots of swap, here's what I would do
<qman__> on each drive, create one partition ~512MB at the beginning
<johna> qman__: thanks for the warning about smartctl!
<qman__> then one partition the rest of the size
<qman__> mirror two of them as /boot, use the other two as swap
<qman__> then set up a raid 5 or 10 on the other four big partitions at /
<qman__> the reason being
<qman__> you're only working with the same four disks
<qman__> splitting up partitions like that is only really helpful if you have separate hardware to put them on
<qman__> if you want to split up / and your /common, that's fine too, but all that other stuff is just not needed
<qman__> and raiding swap is not necessary
<qman__> because you just create two swaps, and it will use what is available
<uvirtbot`> New bug: #811571 in librdmacm (main) "Sync librdmacm 1.0.14.1-2 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/811571
<johna> can I boot into a raid 5, on centos /boot had to be on a single drive or a raid 1
<qman__> you can, though depending on hardware it may not work on the first try
<qman__> getting grub to play nice can be a pain, but it can do it
<johna> OK, so for ease of ?setup/ops? /boot on a raid 1, swap across all 4 drives ....
<qman__> good plan
<johna> I would limit swap to 1 x memory
<qman__> I really don't bother with swap as a serious consideration, it's just a stop gap if I run out of RAM
<qman__> RAM is so cheap now, it's just not worth the hassle
<qman__> 16GB DDR3 is $100
<qman__> so, whatever is convenient extra space in your paritioning scheme, that's what I use for swap
<johna> qman__: with 8* Gb I don't really swap, but it doesn't cost much to setup.
<johna> qman__: I think I will split / & /common just because if at some future date I need to install a new opsys I can reformat if needed without affecting the data store.
<johna> qman__: any suggestions as to sizes, I was thinking /root 512Mb raid 1, 2Gb swap/drive, root (/) 160 GB raid 5, /common  "the rest" raid 5.
<johna> qman__; any preference as to raid 5 or 6, raid 6 was not available on Centos so I have no experience with it.
<johna> or, going back to LVM, would I be better off  I be better off setting up /root and swap and putting everthiong else under LVM
<johna> or doing what i should have done and read back over the post by qman__ stick to the KISS principle!!!
<johna> qman__: thanks for all the help, I am sure I will be back for more, have a good weekend!
<qman__> johna, /root doesn't really need to be separate for any reason
<qman__> unless you meant /boot
<qman__> raid 6 adds additional parity at a very significant performance expense
<qman__> I would suggest against it with four drives, it's only really worth it if you have 6+ and need two-disk failure protection
<johna> qman__: my mistake I meant /boot, OK, i will stick to raid 5 I might when funds permit add a spare to the raids, I believe that this is can be done.
<qman__> yes, it's pretty easy to do
<qman__> fdisk the new drive and then a single mdadm command
<uvirtbot`> New bug: #811610 in mysql-5.1 (main) "package mysql-server-5.1 5.1.57-3.1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/811610
<jeeves__> ho can I get my slave bind servers to sync to the master automatically?
<patdk-lap> jeeves, how can you mess that up?
<patdk-lap> you just have to set axfr authorize, and notify
<patdk-lap> but then, I just find bind annoying, and dont use it
<pdtpatrick1> Is there a problem with ubuntu and bridge networking?
<pdtpatrick1> http://pastebin.com/Yz4bJF8e
<e_t_> pdtpatrick1: how did you create the bridge?
<pdtpatrick1> e_t_, i installed bridge_utils and then manually edited network/interfaces
<pdtpatrick1> restarted networking but it craps out
<pdtpatrick1> which is funny because ifconfig shows virbr0 up and working just fine.
<e_t_> can you pastebin your interfaces file?
<pdtpatrick1> http://paste.ubuntu.com/645578/
<pdtpatrick1> yes i know i did the static settings twice.. i was testing something out
<pdtpatrick1> crap .. i think it should be bridge_ports instead of bridge_port
<pdtpatrick1> yup that was it
<TheEvilPhoenix> how can i forward incoming traffic on some port and redirect it to a different port for processing on the same machine with iptables?
<patdk-lap> hmm, I don't make any bridges in /etc/network/interfaces, always do them differently
<patdk-lap> TheEvilPhoenix, REDIRECT
<pdtpatrick1> how do u usually do yours?
<TheEvilPhoenix> patdk-lap:  usage outlined in the man pages?
<e_t_> TheEvilPhoenix: http://www.cyberciti.biz/faq/linux-port-redirection-with-iptables/ might help
<patdk-lap> pdtpatrick1, /etc/rc.local
<pdtpatrick1> can i see an exactly of your file ?
<patdk-lap> http://paste.ubuntu.com/645581/
<pdtpatrick1> why u setting the mac addy.. i almost thought it was a broadcast at first. Curious
<patdk-lap> cause, I configured those bridges as if they are network switchs, they are not used on the system itself at all
<patdk-lap> your binding eth0 to yours, I don't
<pdtpatrick1> oh i c
<pdtpatrick1> thanks for that
#ubuntu-server 2011-07-17
<jeeves__> how can I set up my Bind server to auto replicate to a set of slave servers external to my network?
<jMCg> jeeves__: might ask that question in #bind or #dns
<jeeves__> I asked in Bind, it's a ghost town in there
<patdk-lap> heh, I already answered that question
<patdk-lap> http://www.zytrax.com/books/dns/ch7/xfer.html
<patdk-lap> oh it was a different channel :)
<pdtpatrick1> do u guys know of anything similar to rc-status in debian ?? something like daemon tools where is i can type sstat and it shows all services running and how long they've been up ?
<pdtpatrick1> anyone has knowledge relating to ... http://cr.yp.to/daemontools.html  ??/?
<patdk-lap> can't stand them
<patdk-lap> upstart is suppost to be doing all that stuff now anyways
<pdtpatrick1> what can't u stand about them ?
<pdtpatrick1> Im going to have to read up more about upstart
<Tommy_nmw> hi
<Tommy_nmw> anyone who has done LAMP web server for real world?
<jeeves__> Tommy_nmw, what do you mean "for the real world"?
<Tommy_nmw> jeeves__:  not for testing environment
<jeeves__> Tommy_nmw, I have one that runs multi-domains, and supports our customer CRM for one of my companies.
<Tommy_nmw> jeeves__: I am a newbie of ubuntu server and I really do not understand without stepby step screen shot. The thing is I want to setup my php inventory application on LAMP server and make it accessible via domain name instead of IP
<Tommy_nmw> jeeves__: from the network
<jeeves__> Tommy_nmw, well, that's a 2 part problem.  You need to set up Bind9, and if you want it internally/externally accessable, you have to set up 2 zones.
<Tommy_nmw> jeeves__: do I need to buy public IP address?
<jeeves__> depends.  do you want the outside world to be able to see your LAMP server?
<Tommy_nmw> hi
<littlebearz> $VPS.GetNick(14,#archlinux,520)
<littlebearz> DURgod
<littlebearz> $VPS.GetNick(14,#ubuntu,366)
<littlebearz> $VPS.GetNick(14,#ubuntu,420)
<littlebearz> $VPS.GetNetworks()
<Tommy_nmw> hello
<littlebearz> $VPS.GetNick(14,#archlinux,478)
<littlebearz> ngochai
<Tommy_nmw> hello
<StrangeCharm> when i call xemacs from the command line in an x session, it creates an x window. how can i tell xemacs only to launch in the shell?
<littlebearz> $VPG.GetNick(14,#ubuntu-server,259)
<Tommy_nmw> hi
<Tommy_nmw> how to change time zone from EDT to our local time on server
<Tommy_nmw> ?
<Tommy_nmw> hi
<Tommy_nmw> how to shutdown server from ordinary user by adding to sudoer group ?
<Tommy_nmw> hi
<Tommy_nmw> how to shutdown server from ordinary user by adding to sudoer group ?
<Tommy_nmw> how to shutdown server from ordinary user by adding to sudoer group ?
<Tommy_nmw> how to shutdown server from ordinary user by adding to sudoer group ?
<Datz_> what?
<Tommy_nmw> Datz: what ? what do you wanna know ?
<Tommy_nmw> hi
<Datz> Tommy_nmw: I just didn't hear you the first time
<Datz> your question is really two questions
<Datz> I'm sure you can find how to add a user to the sudo group if you look
<Datz> once you've done that try man shutdown
<Datz> sudo file*
<johna> john
<kaushal> Hi
<kaushal> If JAVA6 U26 is not made available in hardy, does it mean because Desktop has EOL ?
<kaushal> I mean Ubuntu Hardy Desktop 8.04 has gone EOL ?
<kaushal> why is it not made available on Server edition since its supported till Apr 2013
<kaushal> can someone please explain
<kaushal> https://bugs.launchpad.net/ubuntu/+source/sun-java6/+bug/797718
<uvirtbot`> Launchpad bug 797718 in sun-java6 "sun java 6u26 needs packaging" [High,Fix released]
<qman__> kaushal, strictly speaking, only packages in 'main' are supported throughout the life of the distro
<qman__> pretty sure sun java is in partner, and may or may not be supported
<kaushal> qman__: Thanks and that answered my question
<kaushal> so multiverse, restricted and universe is not supported till 5 years ?
<kaushal> Trying to understand
<kaushal> quit
<pdtpatrick_> Question -- why is it when u use static IP. /etc/resolv.conf keeps going blank after reboot? Is network manager still controlling that file?
<tdn> Sometimes my mailscan server runs out of disk space or inodes. How do you recommend I monitor this so that I will receive an e-mail some time before it runs out? Should I use nagios for this?
<StevenR> tdn: yes. nagios can do that, and there are other tools too.
<tdn> StevenR, what other tools do you recommend?
<StevenR> icinga (I think that's how it's spelt) seems popular, though it's a frontend to nagios.
<tdn> Ok.
<StevenR> I've not used anything else actually
<tdn> I would like something that runs alone on each machine.
<tdn> Like a cron job or something.
<tdn> Or a deamon.
<StevenR> why?
<tdn> Because otherwise I have to solve trust issues with having one machine login to others.
<StevenR> nah
<tdn> This is how it is solved with nagios.
<StevenR> you could use the nrpe agent on each server to report to a central location
<tdn> Yes. I thought about that. However, nrpe seems rather complex to get up and running.
<tdn> I already have a nagios server though.
<tdn> It just probes if hosts are up via network.
<tdn> (icmp ping and tcp connect)
<StevenR> well, do disk space checks via nrpe (it's not that hard) or SNMP
<tdn> SNMP?
<StevenR> yes
<tdn> How?
<tdn> SNMP is a protocol.
<tdn> With what tool then?
<StevenR> nagios
<StevenR> it'll do snmp checks.
<tdn> Oh.
<tdn> Ok.
<tdn> I think I just have to look further into nagios then.
<StevenR> at my last job, it did cpu (windows and linux), disk, system load, temperature (for a room monitoring system) and airflow (for our extraction fans).
<tdn> Ok. Do you have a sample configuration I can see?
<StevenR> not anymore
<tdn> Ok.
<StevenR> I don't have access any more
<StevenR> (If I still worked there, I'd pastebin you some config chunks)
<tdn> Ok.
<cyber638> can anyone help me with bind9
<quentusrex> cyber638, what seems to be the issue?
<cyber638> Can anyone tell me how to write dns record of yahoo.com ... I am using bind9 and I want to make my own dns server
<StevenR> cyber638: why do you want to do that?
<quentusrex> cyber638, So you want to have your own DNS server on your network? Correct?
<cyber638> yes
<quentusrex> cyber638, Then after setting up your own local DNS server you want to override the ip address for yahoo.com?
<cyber638> yup... I want to resolve the DNS for all sub domains of yahoo.com
<quentusrex> cyber638, do you mind telling me why you want to do this?
<cyber638> sorry I don't mean to override it.... but actually in our college we have dns server which is very very slow..... so we want to make our own dns server for some websites which we visit daily....
<quentusrex> cyber638, Aah, I see. You want to cache the values so that they are returned faster, not override the values.
<cyber638> no cache
<cyber638> I want a complete independent dns....
<cyber638> just for yahoo.com, google.com & gmail.com
<StevenR> cyber638: I'd advise against that.
<quentusrex> cyber638, So you want to have to manually go and change all values for all the dns entries each time yahoo or google change theirs?
<StevenR> IPs change.
<quentusrex> and sometimes they change often.
<cyber638> quentusrex , if yahoo and google change their dns entries then is there any way to update it automatically
<quentusrex> cyber638, yes, that would be a caching dns system.  Only one request actually has to lookup the value, then all other requests get the cached copy.
<cyber638> oh ok... then tell me how to do it for yahoo.com and I will do it for remaining websites
<quentusrex> and the cached copy is kept for as long as yahoo and google specify it should be kept.
<quentusrex> cyber638, For bind9 it can cache 'all' sites dns entries if you would like.
<quentusrex> cyber638, This setup is similar to what you will probably want: http://tldp.org/HOWTO/DNS-HOWTO-3.html
<quentusrex> That would configure your dns server to resolve dns entries itself(talk directly to the name servers for yahoo and google) then cache the entries.
<cyber638> I am getting difficulty to understand it
<cyber638> A.ROOT-SERVERS.NET.     6D  IN      A       198.41.0.4 ==> how to write it for yahoo.com
<quentusrex> cyber638, You don't need to deal with that.
<quentusrex> the ubuntu bind9 package includes the initial entires for the root name servers.
<cyber638> so you mean I just copy paste those things in respective files as written on the website....
<quentusrex> https://help.ubuntu.com/community/BIND9ServerHowto
<quentusrex> cyber638, do you have an ubuntu server installed?
<cyber638> no its ubuntu only
<cyber638> I have installed bind9 too
<quentusrex> cyber638, do you see the files that are already in /etc/bind/
<cyber638> yes
<quentusrex> you should probably read through them starting with /etc/bind/named.conf
<quentusrex> cyber638, just glance through them so you know what the default configurations are.
<cyber638> ok.. already tried them before but failed to do ...
<cyber638> as you know google has its dns like 8.8.8.8
<cyber638> similiarly I wanted to create my dns server but only for one website like yahoo.com
<quentusrex> cyber638, yes, and google provides 8.8.4.4
<quentusrex> cyber638, If I understand you correctly then you are trying to go the wrong direction(slightly).
<cyber638> why?
<quentusrex> If you are only looking for dns resolution speed improvements, so that browsing common sites is faster then you need a DNS server that caches lookups.
<cyber638> my intention is to learn how to make DNS server ... not to cache it
<quentusrex> Which is not as complicated as you probably think it is. You only need to have about 3 extra lines in the configurations.
<quentusrex> cyber638, But you should never try to host somebody elses domain.
<cyber638> yes... I don't want to host any domain... I just want to create DNS server which will resolve the names into ip address of yahoo.com and for all its subdomain
<quentusrex> cyber638, correct. but you don't have to specify the information manually.
<quentusrex> Bind9 is smart enough to look up the information properly.
<cyber638> yes... so can you tell how to do it
<quentusrex> Using http://paste.ubuntu.com/ can you paste the contents of /etc/bind/named.conf
<quentusrex> cyber638, I will be glad to walk you through the process.
<cyber638> ok
<cyber638> here is the link http://paste.ubuntu.com/645811/
<quentusrex> Thank you and can you paste /etc/bind/named.conf.options and /etc/bind/named.conf.local please.
<quentusrex> I do not need the default-zones pasted.
<cyber638> ok
<cyber638> named.conf.options at http://paste.ubuntu.com/645814/
<cyber638> named.conf.local at http://paste.ubuntu.com/645816/
<quentusrex> Alright, good. Very stripped down configs to start with.
<quentusrex> Now, the first question for you cyber638 : Do you want your server to resolve the lookups itself, or do you want your ISP's DNS server to do the 'heavy work'.
<cyber638> i want my server to resolve the lookups itself
<quentusrex> Ok, then just a moment.
<quentusrex> cyber638, please run this command on the ubuntu DNS server:   dig @localhost google.com
<quentusrex> and pastebin the output.
<cyber638> http://paste.ubuntu.com/645821/
<quentusrex> it seems bind is not started, please run: service bind9 start
<quentusrex> then rerun the dig command.
<cyber638> http://paste.ubuntu.com/645823/
<cyber638> listen our university blocks the connection at port 52 and 53 for all ip except the ip of open dns
<quentusrex> Then it sounds like you will need to setup opendns as a forward. Just a moment.
<cyber638> but there is a problem
<quentusrex> Uncomment the forwarders section  and replace 0.0.0.0 with 208.67.222.222
<cyber638> ok
<quentusrex> then you can run: rndc reconfig
<quentusrex> and that should have bind9 update the configurations.
<cyber638> here are the results http://paste.ubuntu.com/645825/
<quentusrex> Good.
<quentusrex> run it again, and check the Query time
<quentusrex> see how long it takes now.
<cyber638> its 0msec
<cyber638> got cache
<quentusrex> that's it.
<quentusrex> Any request for a DNS entry that isn't already cached will be forwarded to opendns, then cached.
<cyber638> ok but I have 1 last problem
<cyber638> our university block game websites like miniclips.com and to block it they use open dns
<cyber638> but when I use ip address for opening website then the website get opened
<quentusrex> alright, time for a small experiment.
<quentusrex> run the dig command for the domain for something that is blocked.
<quentusrex> What is the result?
<cyber638> oh ok
<cyber638> here is the result http://paste.ubuntu.com/645830/
<cyber638> miniclips.com.		0	IN	A	67.215.65.130 ==> all blocked websites are sent to this ip
<quentusrex> Is that the actual ip address?
<quentusrex> aah, ok.
<quentusrex> So, let's try something a bit different.
<cyber638> ok...
<quentusrex> replace the ip address for your forwarder with 8.8.8.8
<cyber638> already tried it...
<quentusrex> then run: rndc reconfig
<quentusrex> then: rndc flush
<cyber638> they have blocked port 52 and 53 for all ip except for open dns
<quentusrex> hmm, let me think about this one for a moment.
<cyber638> but I have one more idea
<cyber638> can we dig on some webpage
<cyber638> and put that data into bind9
<cyber638> I have one more way... proxy is allowed in our university but it slows the speed... so can we use proxy to dig, once we get the data then we will remove the proxy...
<quentusrex> cyber638, At the moment I can't think of a simple solution to the problem. Other than just adding an entry in your /etc/hosts file. But that doesn't help windows clients.
<cyber638> that's not the problem...
<cyber638> i want it in ubuntu
<quentusrex> you only want the ubuntu machines to be able to get the real ip of the sites?
<cyber638> we don't have problem with operating system as our friends use both OS....
<cyber638> they just want to play online games so they can even play them using ubuntu
<cyber638> but I want the DNS to resolve the ip address of all subdomains of miniclips.com
<quentusrex> Aah, then life is easy. Just add this line to the file /etc/hosts    "8.8.8.8 the.domain.com"
<quentusrex> replace the ip address with the correct ip address of the site, and replace the domain with the correct domain
<cyber638> I already tried it but there is problem
<quentusrex> and you can just add a: "8.8.8.8 *.domain.com" to resolve all subdomains.
<cyber638> but what if e.miniclips.com will have some other ip address
<quentusrex> aah, /etc/hosts can not support wildcards.
<cyber638> yeh ....
<cyber638> if there any way to lookup the DNS of the miniclips for its subdomain
<quentusrex> cyber638, you might want to look into dnsmasq
<quentusrex> but I have to go.
<cyber638> what is dnsmasq
<cyber638> oh ok
<quentusrex> https://help.ubuntu.com/community/Dnsmasq
<cyber638> when u will be back
<cyber638> is there anyone who can help me with bind9
<cyber638> ????
<Lorant> hello, anyone tried to set up a DiabloII server under ubuntu?
<TuxBrother> simple question: I created a forward zone. domain.name.local to the Windows AD Server, let's say 192.168.1.2. the BIND9-server, on 192.168.1.3, hosts name.local, and needs to <forward> domain.name.local to 192.168.1.2
<TuxBrother> but nslookup domain.name.local 192.168.1.3 fails: server fail. 192.168.1.2 just works
<TuxBrother> I blame Windows 2K8 R2, I think I need to allow somewhere to pickup the forwards, am I right?
<mmncs> I have a VPS with two websites running on it and I would like to setup mail. Since its just a drupal site and a wordpress site I only need one mail for each website and the guides I have been looking at are quite extensive, what would you recommend?
<qman__> mmncs, to handle more than one domain name, you need to go the long way and set up virtual mailboxes
<qman__> with only one you could use local system users and be done, but with more than one, you can't
<mmncs> damn I was hoping I could avoid that
<SpamapS> or just use aliases. :-P
<SpamapS> mmncs: honestly.. just use gmail for domains ;)
<mmncs> but how do I set that up
<qman__> well, you _could_ use local users, but then you couldn't have two users by the same name, one on each domain
<qman__> they'd be the same user
<SpamapS> you can accept mail for 2 domains on one server and just use aliases to differentiate
<SpamapS> virtual mailboxes isn't "the long route" tho.. its like.. 2 lines in 2 files.
<mmncs> sounds interesting, how would I go about that and would I also be able to send mails from the server, my drupal site?
<mmncs> Since I would def want to avoid going the long way and gmail is just fine, since its only two mail accounts
<qman__> just install postfix with the 'internet site' configuration
<mmncs> done that
<qman__> then, as long as the domain you used is correct
<qman__> and your DNS is set up right
<qman__> you're good to go
<mmncs> how is that
<TuxBrother> anyone?
<qman__> TuxBrother, I don't know, as I have not set up such a configuration; however, I would enable BIND secondaries and put the zones in both, unless you need dynamic updates
<TuxBrother> An AD needs dynamic updates
<qman__> I work with AD on a daily basis
<qman__> it's not strictly necessary
<qman__> just a nicety
<TuxBrother> another question
<TuxBrother> I have a dd-wrt router
<mmncs> qman__, how do I then setup my sites to send mail and how do I setup the receive portion, if you have a guide that would be great
<TuxBrother> can I configure that to forward domain.name.local to 192.168.0.2, and all other domains to 192.168.1.3?
<qman__> mmncs, if you installed postfix that way, sites can just use the system mail functions, such as php's mail(), and it will work
<qman__> TuxBrother, I don't think dd-wrt has anything that sophisticated in it
<mmncs> qman__, cool thanks, and how about the receiving part
<qman__> you forward based on port numbers
<TuxBrother> ahh
<TuxBrother> what do you recommend?
<qman__> mmncs, your server will receive mail, but it will only deliver for the domain it's configured with, to users that exist
<TuxBrother> I need that only the AD Domain dns-requests go to Win2K8R2 (domain.name.local), and all other domains (name.local) to the linux box
<qman__> that's where aliases or virtual mailboxes, etc. come in
<qman__> TuxBrother, I would just put both zones on both boxes and be done
<qman__> the only way to do that is forwarding
<mmncs> qman__, but I have two domains for each website
<qman__> you were going about it the right way, but I don't have an answer for your original question
<qman__> mmncs, that's where the virtual mailboxes come in
<qman__> then you configure your server with multiple domains and users for those domains, and your server will receive for those too
<mmncs> qman__, and that is the long way?
<qman__> yes
<mmncs> qman__, ok thanks
<TuxBrother> qman__, do you know anybody that could answer my question?
<qman__> TuxBrother, no, I would suggest looking into 2008 guides though
<qman__> provided you set up forwarding right in BIND, which is well documented, that would be the only thing left
<mmncs> Im using ufw as firewall how do allow postfix, should it be: sudo ufw allow Postfix or sudo ufw allow Postfix Submission ?
<TuxBrother> and I can't find that one
<TuxBrother> Windows only knows this sentence: Forwarders are DNS servers that this server can use to resolve DNS queries for records that this server cannot resolve.
<TuxBrother> well, I am looking for this one: Forwarders are DNS servers that USE this server to resolve DNS queries for records that THAT server cannot resolve.
<TuxBrother> error (network unreachable) resolving 'domain.name.local.0.0/A/IN': 2001:500:1::803f:235#53
<TuxBrother> ipv6 perhaps cause this?
<TuxBrother> this error message appears on a lookup
<uvirtbot`> New bug: #811948 in postfix (main) "package postfix 2.8.2-1ubuntu2.1 failed to install/upgrade: el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 75" [Undecided,New] https://launchpad.net/bugs/811948
<cerberos> How do I install Firefox for use with xvfb? When I try apt-get install all I see are GUI versions. I want to run it headless http://coreygoldberg.blogspot.com/2011/06/python-headless-selenium-webdriver.html
<uvirtbot`> New bug: #811976 in nut (main) "Update nut to 2.6.1-2" [Undecided,New] https://launchpad.net/bugs/811976
<druciferre> Looking for help changing the array name in the superblock information for mdadm array... The only thing I can find on google is changing the device name from /dev/md0 to /dev/md1... this is not what I want... when you do mdadm --query --detail /dev/md0 it shows "Name: sysresccd:0" I want to change that...
<fluvvell> druciferre, I'm unclear as to what kind of name you are looking for. And my  mdadm --query --detail /dev/md0 gives a whole page of data about the array, but no name. Same result on 8.04 and 10.04 server
<druciferre> fluvvell, it depends on what version of the superblock you use
<druciferre> i bet your version is less than 1.0
<druciferre> fluvvell, http://linux.die.net/man/5/mdadm.conf look under the "ARRAY" section for "name="
<druciferre> fluvvell, more details from the mdadm(8) man page  -->  -N, --name=    Set a name for the array. This is currently only effective when creating an array with a version-1 superblock. The name is a simple textual string that can be used to identify array components when assembling.
<fluvvell> druciferre, gotcha. Yep, mine are 0.9 superblocks.
<druciferre> fluvvell, the only way i ever found to change that name/label was to zero out the superblocks and recreate the array...
<fluvvell> druciferre, I've generally only had to refer to the separate elements by their UUID, so hadn't come across the need to name them otherwise
<druciferre> fluvvell, despite having been using an md array for over a year, this is the first point in time when i've begun investing time in really understanding how it works...
<druciferre> fluvvell, one of my drives dying is what prompted all this...
<fluvvell> druciferre, I've had raid1 arrays for about 4 years at various sites, but never felt the need to name them. Have had to replace about 4 failing devices so far.  The main cause I've discovered is insufficient cooling of drives. Incidentally, while googling your reference to superblock 1.0, I discovered wikipedia has an mdadm page, Breif but interesting.
<fluvvell> while I've had some angst over drive replacement, they have usually ended up being quite straight forward.  It might be a different story with RAID5 perhaps.
<druciferre> fluvvell, after my drive died, i noticed a huge amount of dust in the front cover blocking the fan i had cooling the drives... so you're probably right, but you can bet I will be cleaning the dust out of once or twice a month from now on
<fluvvell> druciferre, or filter your server cabinet. Or get your computer box off the carpet ;-)  Businesses that have un-sealed car parks or workshops adjacent to the office have been the sites I've struggled with dust the most.
<druciferre> I have hard wood floors... the server is a custom built mini-tower that is sitting on the floor, and i do have plans to get it off the floor as soon as I can find something to sit it on
<fluvvell> I note that kernel.org has an announcement for a new version of mdadm.  "Subject:  ANNOUNCE: mdadm 3.2.2 - A tool for managing Soft RAID under Linux" Dated June 17th 2011. Probably won't migrate into ubuntu for a version or so.
<fluvvell> druciferre, If its dust on hardwood, One of my engineer clients had a small cabinet made with a place for a removable dust filter on the front. They can change it monthly, cuts dust considerably. We are in a cool climate I might add.
<druciferre> fluvvell, do you know anything about acl permissions ?
<fluvvell> Access control lists. I
<fluvvell> ve tried to keep clear of them...
<fluvvell> There is a samba add on I believe....
<druciferre> Oh well, thanks
<fluvvell> Sorry. I've seen sites with it working but not had personal experience.
<druciferre> was trying to find out if the settings are stored on the disk like the unix permissions are, or if I need to backup the acl settings
<quentusrex> fluvvell, did kernel.org mention what was changed in the new version of mdadm?
#ubuntu-server 2012-07-09
<jeeves_moss> how can I install a cisco AIR-CB21AG-A-K9 PCMCIA card?  it won't show up when I run lspci
<ping__> tes
<ping__> hy
<novato> Buenas noches
<novato> Alguien me pueden ayudar
<uvirtbot> New bug: #1022434 in openssh (main) "sshd server crashes on startup" [Undecided,New] https://launchpad.net/bugs/1022434
<Guest24740> Evening. I'm trying to setup apache2 on ubuntu, however there seems to be a problem with accessing subdirectories?
<Guest24740> for instance, my CSS file is kept in a subdir (/bend) however I'm unable to access any of the files in subdirectories
<Odium_xXx> That's better.
<greppy> Odium_xXx: what errors are you seeing in /var/log/apache2?
<Odium_xXx> [crit] [client 127.0.0.1] (13)Permission denied: /var/www/bend/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://localhost/
<dax> Are the permissions wrong on /var/www/bend/.htaccess?
<Odium_xXx> I don't beleive there is a /ver/www/bend/.htaccess
<dax> Are the permissions wrong on /var/www/bend/?
<Odium_xXx> define 'wrong' ?
 * dax blinks
<dax> Well, can a process running as www-data:www-data read files in the directory, for starters
<Odium_xXx> woah
<Odium_xXx> ok, that's way out of my league, sorry.
<Odium_xXx> this is my first attempt at linux/ubuntu
<dax> Ah.
<Odium_xXx> I've just come from windows, trying to setup my server in ubuntu.
<dax> Open a terminal, run "ls -ld /var/www/bend/", paste output here
<Odium_xXx> it outputs /var/www/bend
<dax> It should look something like "drwxr-xr-x 40 username groupname 4096 Jul  8 21:02 /var/www/bend/", if you use the options I said
<Odium_xXx> oic
<Odium_xXx> drwx------ 3 root root 4096 2012-07-09 15:42 /var/www/bend
<Odium_xXx> ^ is that what you're after?
<uvirtbot> Odium_xXx: Error: "is" is not a valid command.
<dax> Odium_xXx: yeah
<dax> Two things to note there. The directory's owned by user "root" and group "root", and then the drwx------ bit at the start. the d just means it's a directory. The next nine spaces are user, group, and other permissions respectively
<Odium_xXx> ah-ha, alrighty.
<dax> so what that's telling me is "there's a directory /var/www/bend/ that can be read, written, and browsed by the "root" user, and can't be read, written to, or browsed by other users in the "root" group or other users in general.
<dax> and since apache runs as the "www-data" user, that's a problem ;)
<Odium_xXx> thus apache is unable to acces anything in said subdirs?
<dax> indeed
<Odium_xXx> aaah, I see.
<Odium_xXx> ok, so I can see the problem.
<Odium_xXx> I wonder, am I able to change the folder permission for a new user / group?
<dax> two options: 1) change the owner of the directory (and probably the files in it) to www-data, 2) change the permissions so other users can access the files
<Odium_xXx> if I change the owner of the dir and containing files, will I still be able to alter them as root?
<Odium_xXx> that's a stupid question, I know, just want to be certain :P
<dax> yes, root can alter anything, regardless of permission set
<Odium_xXx> ah ok, brilliant.
<dax> do you know about chmod and chown already, or shall I go through those?
<Odium_xXx> I've used chmod before, i'm just googling chown now.
<dax> chown is for changing ownership, as the name implies. Similar format to chmod: chown -R www-data:www-data /var/www/bend/ will change the owning user and group on /var/www/bend/ itself and anything inside it to the user "www-data" and group "www-data"
<dax> leave out the -R to just change ownership of the directory
<Odium_xXx> ah I see, that's fantastic.
<Odium_xXx> I think i'll include the recursive flag
<Odium_xXx> just to be safe?
<dax> I don't know what recommended practice is with permissions and ownership of stuff in /var/www/ these days; someone else in here might know that better. But yeah, if you want to make everything owned by www-data and be done with it, that'd be the easiest way
<Odium_xXx> ah look you've given me a fantastic lead for where to go from here.
<Odium_xXx> Had me utterly stumped.
<Odium_xXx> Thanks so much,I appreciate it. :)
<dax> You're welcome :)
<greppy> Odium_xXx: in general, unless you specifically need the webserver to be able to write to the data in /var/www, just make sure that it is readable by anyone on the system, chmod 755 for directories and 644 for files.
<greppy> ( sorry for the delay, I'm at work and got sidetracked, well, working :) )
<Odium_xXx> ah great, thx greppy.
<Odium_xXx> i was just having some problems accessing my site files, that's just resolved them, :)
<greppy> *nod* just keep in mind, if the files/directories are owned by www-data that means that the webserver can add, modify and delete files, so be mindful of what you run on it :)
<uvirtbot> New bug: #1020067 in puppet (main) "Ubuntu 12.04 resolving hangs when querying AAAA records against BIND (Ubuntu 10.04) DNS servers" [Undecided,New] https://launchpad.net/bugs/1020067
<Daviey> jamespage: good morning.. Have you seen collide?
<jamespage> Daviey, morning - nope
<jamespage> Daviey, context?
<Daviey> jamespage: http://www.youtube.com/watch?v=8Gq12bLbm54&feature=player_detailpage#t=119s
<Daviey> skipped to the good part.
<jamespage> Daviey, cool!
<Daviey> jamespage: sweet spot between shared gnu/screen and etherpad
<jamespage> Daviey, might make pair programming work really nice distributed
<Daviey> jamespage: although.. lack of easy debugging seems a flaw
<jamespage> Daviey, I guess that is a bit more tricky
<Daviey> jamespage: and smoser will moan about lack of vi interface
<jamespage> Daviey, I would expect no less
 * jamespage last MIR raised for ceph work this cycle
<Daviey> jamespage: \o/
<jamespage> Daviey, 5 new packages for main
<Daviey> jamespage: /o\
<RoyK> new day, new job, new possibilities :)
<jamespage> Daviey, any chance you might get time to look at the thrift packages in NEW today?
<Daviey> RoyK: congrats
<Daviey> jamespage: without a doubt
<Sadale> I've a question.
<Sadale> I wonder whether there is a reliable way to identify a visitor of a website.
<_ruben> Sadale: define "identify"
<Sadale> hmm
<Sadale> something like IP, cookie.
<Sadale> It is used to ban bad users.
<Sadale> The problem is: IP can be changed. Cookies can be disabled, HTTP header can be spoofed/modified.
<thisismyname> got a little problem here: i want to do ip tracing in a vm
<thisismyname> soi put the physical interface in prmoisc mode
<thisismyname> the bridge in promisc mode
<thisismyname> set bridge_agingtime 0
<thisismyname> but still... i don't receive every packet in the vm
<thisismyname>  i can see the younters climbing up on the physical interface and on the bridge... but not in the vm
<thisismyname> (vm is attached to the bridge)
<thisismyname> anyone up for some help?
<thisismyname> btw, using kvm for virtualisation
<jamespage> utlemming, smoser: add-apt-repository/python-software-properties needs some attention in the cloud images for quantal
<jamespage> not sure if you are aware or not
<Daviey> jamespage: I've assigned smoser the bug.
<jamespage> Daviey, marvellous
<jamespage> Daviey, whats the bug reference?
<Daviey> jamespage: bug 1021418 .. uploaded, but oddly FTBFS
<uvirtbot> Launchpad bug 1021418 in cloud-init "Replace python-software-properties Depends with 'software-properties-common'" [Undecided,Fix released] https://launchpad.net/bugs/1021418
<jamespage> Daviey, hmm - must be using an out-of-date image then
<Daviey> jamespage: no, the 'fix' failed to build.
<Daviey> jamespage: I hit the magic retry button, just to see what it gives
<Daviey> jamespage: Are you ready to berate smoser ?
<jamespage> "ImportError: No module named setuptools"
<jamespage> oopps
<Daviey> jamespage: does this make much sense to you? https://jenkins.qa.ubuntu.com/view/Openstack%20Testing/view/Overview/job/quantal_folsom_python-glanceclient_trunk/21/console
<jamespage> Daviey, I think the versioning of keystoneclient changed - we probably have a cruft 2012.x version in the local archive
<Daviey> jamespage: i suspect we do. :(
<jamespage> Daviey, want me to fix? its a quick reprepro remove command
<Daviey> jamespage: it was bumped with an epoch.. are our scripts handling that?
<jamespage> Daviey, ah - I see
<jamespage> no idea - lemme take a look
<Daviey> jamespage: quick fix > slow fix.. but we sould probably handle this gracefully
<smoser> i'll fix ftbfs
<jamespage> Daviey, I think the epoch is not being picked up by the automatic versioning
<jamespage> well its definately not as its based on upstream version
<jamespage> smoser, \o/
<jamespage> morning BTW
<Daviey> morning smoser o/
<smoser> good morning, mr da
<smoser> Daviey,
<smoser> i'll fix the ftpfs. i uploaded that friday night at end of my day. wanted to get it in. :-(.
<smoser> http://paste.ubuntu.com/1082649/
<smoser> does that look like the correct patch, Daviey ? i just would not have thoght i needed to explicitly depend on python-setuptools.
<uvirtbot> New bug: #1022541 in cloud-init (main) "FTBFS: cloud-init 0.7.0~bzr564-0ubuntu1 failed to build" [Undecided,New] https://launchpad.net/bugs/1022541
<ScottK> smoser: You can drop XS-Python-Version: all while you're there.  It doesn't do anything.
<rbasak> smoser: bug 1022101 (cloud-init python-setuptools ftbfs) is an earlier duplicate with a patch and already in the sponsorship queue
<uvirtbot> Launchpad bug 1022101 in cloud-init "cloud-init FTBFS in Ubuntu Quantal" [Medium,Confirmed] https://launchpad.net/bugs/1022101
<smoser> thank you rbasak i'll fix.
<ScottK> smoser: That's a correct fix for that (and I see rbasak aready mentioned what I was about to)
 * Daviey wonders off.
<thisismyname> how can i debug my /etc/network/interfaces configuration??
<Cirbri> I was wondering, does anyone know of a good solution for systems graphing? And are there any particularly good ones that plug into Nagios/Icinga?
<thisismyname> nagvis
<Anomie21> Where can I find mail headers for mail sent out with mail -s?
<thisismyname> Cirbri, nagvis
<Cirbri> thisismyname: nagvis, eh? Sounds interesting
 * Cirbri wonders off to have a look.
<Cirbri> thisismyname: Aah, I was thinking more system status graphing, i.e. to keep an eye on trends or resources and such -- rather than network diagram sorta graphs.
<Cirbri> Any ideas?
<colun> Hello all, I have a problem with my openvpn : in the terminal a obtain on the server : AUTH-PAM: BACKGROUND: user 'xyz' failed to authenticate: Permission denied. This is the pastebin of the different files : http://pastebin.com/qDS3nurN
<colun> Thanks
<colun> I already tested it with the root user of mysql and I have the same error
<colun> I can't understand because active for this user is '1' and the password has been inserted by a php pdo in mysql.
<zul> hallyn: ping
<hallyn> zul: .
<colun> nobody for my bug with openvpn and mysql ?
<zul> hallyn: so i have packaged libvirt 0.9.13 and im going to upload it this week but i need someone to do some sniff testing other than myself
<hallyn> stgraber: i'd say i got about 2/3 of the work for get_item and clear_item in the api done over the weekend.  hoping to do another hour or two tonight
<koolhead11> hi all
<zul> hallyn: im still having veth problems with libvirt-lxc problems with it though but thats another topic
<hallyn> zul: post me a debdiff and i'll take a quick look
<zul> hallyn: ok i need to finish off what im doing here but it will be later this week
<zul> just giving you a heads up
<hallyn> zul: oh ok, cool.  i thought you had it right now :)  thanks
<zul> hallyn: well i do just not a debdiff
<hallyn> ok
<stgraber> hallyn: cool!
<hallyn> smoser: utlemming: could you add setuptools to Build-Depends for cloud-init (see https://launchpadlibrarian.net/109659564/buildlog_ubuntu-quantal-i386.cloud-init_0.7.0%7Ebzr564-0ubuntu1_FAILEDTOBUILD.txt.gz )
<hallyn> (sorry, i'm horrid at recalling which of you does cloudinit :)
<hallyn> oh hey!  something i have upload rights to!
<hallyn> oh well, may as well wait for the experts in this case :)
<ubuntucloud956> hello
<thisismyname> hi
<ubuntucloud956> bye
<thisismyname> bye
<thisismyname> lol :)
<uvirtbot> New bug: #1022612 in nova (main) "private instance IPs can only reach public IPs in other regions, not the same region" [Undecided,New] https://launchpad.net/bugs/1022612
<uvirtbot> New bug: #1021921 in quantum (universe) "it's not possible to  quantum-plugin-openvswitch-agent " [Undecided,New] https://launchpad.net/bugs/1021921
<jMCg> I'm trying to run my own repo (with reprepro), but I run into the following problem: I'm rebuilding packages and they end up with the same version number in different distros (lucid, precise, oneiric), so when I run includedeb on new packages, I get:
<jMCg> http://dpaste.com/768679/
<znull> hello, i'e installed lxc how do i enter in the container
<kyle__> Making a kickstart file for the first time.  I notice all the docs on it say some interaction is still needed, to start the install.
<kyle__> Are there any recipies out there for making a cd that boots and runs the install without a by-your-leave?
<pdtpatrick> kyle__: why not use pressed instead?
<pdtpatrick> http://d-i.alioth.debian.org/manual/example-preseed.txt
<kyle__> pdtpatrick: No reason I suppose.  Let me look at it.
 * glance have bin using fai allot
<kyle__> fai?
 * pdtpatrick uses the foreman + puppet 
<pdtpatrick> kyle__: here's something in the wiki for preseed for ubuntu: https://help.ubuntu.com/11.04/installation-guide/i386/appendix-preseed.html
<glance> kyle__: http://fai-project.org/
<koolhead17> hi all
<adam_g> zul: did you re-enable the nova test suite?
<zul> adam_g: yep i was trying to fix the tests
<adam_g> zul: ah, any luck?
<zul> adam_g: almost
<kyle__> OK, I'm reading through the preseed stuff, and I'm a little unsure what it gives me over kickstart.
<bitmonk> kyle__: a debian-based distribution. ;)
 * bitmonk ducks
<kyle__> but 'buntu supports kickstart.
<kyle__> And while the preseed doc gives LOTS of information, it never actually explains how to use it.  Bad docs!  Bad.
<pdtpatrick> Ubuntu definitely supports kickstart but you need to have more hands in it
<pdtpatrick> what are you confused on with regards to the docs?
<pdtpatrick> it explains a lot in the docs, https://help.ubuntu.com/11.04/installation-guide/i386/preseed-contents.html#preseed-l10n
<pdtpatrick> although partman is probably the confusing part.
<kyle__> pdtpatrick: Well, for one it just goes into initrd, but doesn't explain if the process is modifying an existing ubuntu install image, or passing params in.
<pdtpatrick> link please
<pdtpatrick> i think a good way to get a feel for it would be to run it in a VM and see what it does
<pdtpatrick> then you'll understand what is happening as you see it happen.
<kyle__> holdon.
<kyle__> https://help.ubuntu.com/12.04/installation-guide/amd64/preseed-using.html#preseed-auto
<kyle__> There it is.
<pdtpatrick> one second, i'll share mine with u
<pdtpatrick> http://pastie.org/private/mnjcl3bri1y5qsxiq5u3w
<pdtpatrick> so the initrd points to the .gz binary, the auto url points to my preseed file
<pdtpatrick> along with some other variables
<kyle__> Hum.
<kyle__> pdtpatrick: And you do this altering the isolinux boot config on the ISO?
<pdtpatrick> here's my tftp directory
<pdtpatrick> http://pastie.org/private/wqjk8pxkbfqum5uwqzcg
<pdtpatrick> the file i pasted earlier is from 01-00*
<kyle__> Ohh ok, you're doing a pxe boot to install.
<pdtpatrick> right
<RoyK> bug 1010587 is *annoying*
<uvirtbot> Launchpad bug 1010587 in ecryptfs-utils "encrypted /home randomly unmount on vm" [Undecided,New] https://launchpad.net/bugs/1010587
<monolive> i would like to provide some info to cloud-init ( specifically the metadata_urls )
<monolive> what is the best way ?
<qhartman> Having trouble with the default apt repo in AWS images, us-west-1.ec2.archive.ubuntu.com . It's giving me 403 errors on some files once out of every 5 or so times I try to hit it from my servers in us-west-1. Is anyone else seeing this?
<qhartman> This happened a couple times last week as well, but then seemed to clear itself up after a bit.
<uvirtbot> New bug: #915506 in juju "juju-log and relation-set outputs {}" [Low,Fix released] https://launchpad.net/bugs/915506
<alex88> hi guys, someone is experiencing high cpu usage in mysql? i've just installed mysqld on fresh 12.04 openvz image and it's using 100% cpu..
<SpamapS> alex88: perhaps its busy doing things it couldn't do before?
<alex88> SpamapS, found the solution, it's in #mysql topic
<SpamapS> alex88: 12.04 bumps from 5.1 to 5.5, which includes a lot of concurrency fixes (though they're all related to multiple CPU cores..)
<SpamapS> Oh that one
<SpamapS> yeah.. weird bug
<SpamapS> stupid leap seconds
<alex88> SpamapS, i don't understand what that means :) btw, it's fixed now, thanks anyway
<henkjan> SpamapS: alex88 was still suffering from the leapsecond bug i guess
<SpamapS> yeah
<henkjan> ah, you are on #mysql also :)
<SpamapS> well only because he suggested it
<henkjan> lots of clever mysql people hanging around there
<SpamapS> indeed
<koolhead17> https://bugs.launchpad.net/ubuntu/+source/memtest86+/+bug/560839
<uvirtbot> Launchpad bug 560839 in memtest86+ "error: too small lower memory (0x99100 > 0x98400)" [Unknown,Confirmed]
<koolhead17> seems like 12.04 is affected by this bug too
<kyle__> A very strange problem: if I hit enter in grub, my systems boot.  If I let it timeout and autoselect, I get a black screen, and nothing.
 * nrd chelas time!
<SpamapS> kyle__: perhaps there's a race condition...
<kyle__> SpamapS: What sort of race condition would cause that?
<SpamapS> kyle__: something that is still initializing when you hit enter is causing problems when it is done initiailizing after the timeout
<SpamapS> kyle__: you can disprove that easy enough, just lower the timeout to 1s
<SpamapS> or even 0 I suppose
<kyle__> /boot/grub/grb.cfg or somesuch?
<kyle__> Interesting.  Appears to have helped.
#ubuntu-server 2012-07-10
<uvirtbot> New bug: #1022772 in postfix (main) "Microversion release update for postfix 2.9.3-2" [Undecided,New] https://launchpad.net/bugs/1022772
<darkf34r> I'd like to register my nickname on freenode, could I?
<dax> darkf34r: http://freenode.net/faq.shtml#nicksetup
<dax> (btw, #freenode is the usual channel for network support questions)
<BuenGenio> hi there
<BuenGenio> any idea why this has started happening after the last postfix upgrade?
<BuenGenio> http://pastebin.com/VPR9wXRP
<BuenGenio> some users - not all, and not always, also started complaining about their mail clients asking for their passwords when sending mail
<BuenGenio> personally, I've never had this occur to me on the same server, and there's nothing obvious in logs that would suggest it's a postfix/auth issue
<BuenGenio> however, the small proportion of users with the problem only started complaining after the upgrade
<qman__> if they're using MS outlook, it just does that, tell them to reboot
<qman__> as for your pastebin, looks like you're missing whatever library or module is used for quotas
<BuenGenio> qman__, didn't used to do that "password incorrect". in any case, you know what their answer is going to be - it works with my other email account - so it's YOUR problem
<BuenGenio> and they would be right...
<qman__> I deal with it all the time, MS Outlook just does that sometimes, usually when the server goes offline while the computer is connected
<qman__> the fix is to reboot, or in bad cases, recreate the profile
<ScottK> BuenGenio: Those errors are from a postfix that was built with the unofficial VDA patch.
<qman__> but if people besides Outlook users see it, then you may have an issue
<ScottK> The official Ubuntu packages don't have that.
<ScottK> So if you switched from a custom build with the VDA patch to the standard Ubuntu packages, you'd get errors like that.
<BuenGenio> how to get rid of that?
<ScottK> Actually there's a few there that aren't VDA related.
<ScottK> What version of Ubuntu are you running?
<BuenGenio> 12.04
<BuenGenio> upgraded from 11.04 -> 11.10
<BuenGenio> -> 12.04
<qman__> well, you either need to get a same-patched custom version for 12.04, or deconfigure the custom bits
<ScottK> What's the  output of dpkg -s postfix?
<ScottK> Also what do you get from grep spf /etc/postfix?
<ScottK> BuenGenio: ^^^
<BuenGenio> 1 sec
<ScottK> Also please pastebin the output of postconf -n.
<BuenGenio> nothing
<ScottK> Can you pastebin /etc/postfix/master.cf?
<ScottK> Also main.cf.
<BuenGenio> ScottK, http://pastebin.com/rW1c2Ckz
<BuenGenio> postconf -n ^^
<BuenGenio> ScottK: master.cf: http://pastebin.com/av5q2syH
<ScottK> OK.  What was it you got no output for?
<BuenGenio> ScottK, for grep -i spf
<ScottK> OK.
<ScottK> How about main.cf.
<ScottK> And I'm also still looking for dpkg -s postfix.
<ScottK> BuenGenio: Have you vanished?
<BuenGenio> no, i'm here
<ScottK> BuenGenio: Did you pastbin main.cf?
<ScottK> I need to see that.
<BuenGenio> ScottK, dpkg -s postfix: http://pastebin.com/3d7PLQ8t
<ScottK> Good.  That's the correct one for 12.04 with all updates applied (which is what you want).
<ScottK> Now main.cf.
<BuenGenio> cat /etc/postfix/main.cf: http://pastebin.com/V536vh4t
<ScottK> Thanks.
<BuenGenio> cheers
<ScottK> So there are a few problems here.
<ScottK> First is the SPF one.  To use the SPF policy server you've got set up, you need to do two things:
<ScottK> 1.  Add check_policy_service unix:private/policyd-spf to your smtpd_recipient_restrictions, right before permit_auth_destination.
<BuenGenio> ok
<ScottK> 2.  In line 123 of your master.cf add the missing 'd' to policy-spf, i.e. policyd-spf.
<ScottK> That will make those warnings go away.
<BuenGenio> yeah, so I did something wrong grepping /etc/postfix for spf the first time =)
<BuenGenio> there's quite a few spf references there
<ScottK> Yes.
<ScottK> Not a problem.
<BuenGenio> added spf restriction
<BuenGenio> but that doesn't address the "unused parameter" issues
<ScottK> Remove all reference to virtual_mailbox_limit_override, virtual_maildir_extended, virtual_overquota_bounce, virtual_create_maildirsize, and virtual_maildir_limit_message from main.cf.
<ScottK> Those are VDA patch functions that aren't supported by postfix upstream or Ubuntu.
<ScottK> Alternately, you can update your package to apply the VDA patch, but you are totally and completely on your own there.
<ScottK> http://vda.sourceforge.net/
<ScottK> They have their own mailing lists.
<BuenGenio> ok
<BuenGenio> is there a launchpad project with binaries for that?
<ScottK> No idea.  That's part of where completely on your own kicks in.
<BuenGenio> heh
<BuenGenio> cool, thanks for the help
<BuenGenio> ScottK, one error left
<BuenGenio> /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: spf-policyd_time_limit=3600s
<ScottK> What's your service in master.cf called?
<ScottK> Is it policyd-spf?
<ScottK> If so, that needs to match.
<ScottK> policyd-spf_time_limit=3600s
<ScottK> I see it was policy-spf.
<ScottK> So make that parameter in main.cf match the service name in master.cf plus _time_limit.
<ScottK> BuenGenio: ^^^
<BuenGenio> ah
<BuenGenio> oic
<BuenGenio> sweet
<ScottK> One of the changes in more recent postfix releases is it started warning about these things.  Those were possibly broken all along, but no one knew because there were no warnings.
<hilarie> okay, so my isp got mad at me for using both an static and dynamic ip (long story) so I went out and bought a 2nd nic for my ubuntu server, and its showing up as connected, but I can't figure out how to make it play nice, right now, I just have my xubuntu hooked directly up to it trying to get it to connect, so I can then put my router in place of the xubuntu netbook and everything can be connected
<hilarie> how can I get my ubuntu dhcp server up and running? it shows its active, but my xubuntu isn't connecting
<hallyn> stgraber: all right i don't expect this to be reliable yet, but lp:~serge-hallyn/ubuntu/quantal/lxc/lxc-api-getconfig/ .  it leaves open the question of how you want the get_config_item(lxc.network) to look
<hilarie> how to tell if your nic is "modern" and will handle the crossover stuff without you?
<stgraber> hallyn: I guess the easiest is to do as you said on Friday, have get_config_item("lxc.network...") return the key for all interfaces, one on each line
<stgraber> hallyn: I can pretty easily then write some python to query all the .network keys and generate nice interface objects (or similar) that people can understand and update easily
<hallyn> stgraber: it gives full 'lxc.network.*' output.  (none of the others do)
<stgraber> hallyn: yeah, not sure I like the special casing that much... I think it's best to treat the network stuff just like any other key and let the higher level stuff deal with it (in this case, the python overlay).
<hallyn> stgraber: but that doesn't really work bc the network stuff needs context
<hallyn> i.e. one nic might be macvlan with vlan_id to print, one might be veth with another endpoint ifname to print
<hallyn> gateways and bcast etc are also optional
<hallyn> so i could drop 'lxc.network.' but keep the rest of the key names, but that just makes it all the more work for your layer since you'll have to convert between that and the config file
<hallyn> so maybe i need a network-specific query api after all with things like 'network_get_link()'
<stgraber> gah, lxc's network config is really a mess... let me quickly write a bit of python that looks like what I was hoping to get from get_config_item/set_config_item/clear_config_item, then we can see if that's even doable ;)
<hallyn> stgraber: let's talk tomorrow (or after you've taken a look and can tell me which parts you hate the most)
<hallyn> sounds good
<hallyn> good night
<stgraber> hallyn: http://paste.ubuntu.com/1083899/ that's rougly how I was planning to use get_config_item. Essentially iterating all possible keys, assuming I'll always get one line per interface with the line empty if it's not set
<stgraber> hallyn: which then lets me build a list of interfaces and properties that the user can play with. When changed, I'd simply iterate through all the keys again with clear_config_item first, then do set_config_item calls to set the keys
<stgraber> so it'd involve quite a bunch of calls to get_config_item, clear_config_item and set_config_item
<stgraber> hallyn: which only works as long as none of these keys can exist more than once per interface (I'm not sure about that bit, if these some of these keys can be defined multiple times, it'll just fail...)
<stgraber> (we really should really plan to move to lxc.network.<interface>.* ... that'd make things much easier to deal with ;))
<stgraber> hallyn: anyway, I'm off, I'll take a long at the branch tomorrow (for now I was just speculating based on our previous discussion and IRC comments, haven't looked at the implementation). good night
<hallyn> stgraber: lxc.network.ipv{4,6} are both lists (meaning multiple values for addresses)
<hallyn> night
<stgraber> hallyn: argh...
<ping__> hy
<ping__> help my ubuntu server installing lusca can't cache youtube :(
<ping__> help :(
<glosoli> How do I check if mail service is installed in my VDS
<glosoli>  ?
<andol> glosoli: Well, did you install one? :) Also, how do you define a mail service? A basic (sending) SMTP server, or more?
<glosoli> andol: basic sending smtp server, I didin't installed one, but it might have been installed when I buyed a Cloud Server with Ubuntu, I kinda see in Parallels Panel something like sendmail mentioned
<andol> glosoli: For starters, you can check if you have anything listening on port 25
<andol> sudo netstat -tlnp | grep ":25"
<glosoli> yeah send mail
<glosoli> is being listening on 25
<andol> glosoli: Ok, sounds like you have something install, but no idea whatever it is properly configured or not.
<glosoli> ok will check that out as there is some php file on the website being hosted by that server
<andol> (Also, sendmail is something I haven't touched in a while.)
<glosoli> so if it won't popup any error while using send_mail I assume I can think that everything is o
<glosoli>  ?
<glosoli> is ok"
<andol> No idea.
<ping__> hy sir, plz help, i instal squid on ubuntu server, but i cn't cache youtube ?
<glosoli> any ideas how to clear DNS Cache
<glosoli>  ?
<ping__> s
<ping__> glosoli = sudo aptitude install nscd
<ping__> Flush DNS Cache in Ubuntu Using the following command sudo /etc/init.d/nscd restart
<glosoli> so likely if I updated some domains ip, if I flush DNS Cache I will get to it as the new IP already
<glosoli>  ?
<greppy> glosoli: are you using your own local dns server, or using an ISP or other external DNS server?
<glosoli> greppy: ISP, so that basically means I  can't do anything yes
<glosoli>  ?
<greppy> glosoli: probably not
<glosoli> what's the best email panel
<glosoli>  ?
<glosoli> or the most used one, for having email control center or something inside ubuntu server as some kind of web front end
<greppy> glosoli: I have been using and liking the froxlor panel from http://froxlor.org
<greppy> glosoli: but I also do some domain hosting for friends and family, giving them the power to manage the email for thier domains makes life easier.
<glosoli> greppy: does it also provide something like frontend for singing with accounts and reading the mails ?
<greppy> glosoli: nope, for that you can use something like squirrelmail or roundcube.
<SteveRiley> glosol: for dns flush, see http://ubuntuguide.net/flush-clean-dns-cache-ubuntu-12-04-precise
<glosoli> SteveRiley: too late, isp already updated hmm
<glosoli> greppy: I found roundcube something pretty
<SteveRiley> glosoli: ah, okie. sorry, just noticed your msg.
<glosoli> SteveRiley: no problem
<glosoli> greppy: 10GB for hosting something like email service for few mails and some other websites, is far too less for a server yes ?
<greppy> glosoli: depends on how much space they want to use.
<glosoli> greppy: Might be ~5GB
<greppy> most websites are not that large unless you have lots of images, movie or music files.
<glosoli> well I think if I add everything it might be 90percent of space wasted
<greppy> all of my email fits in about 2.3gb, but that is archiving several years and also being on several mailing lists.
<Anomie21> Is there any firewall for Ubuntu 11.10 that has a nice web gui?
<jMCg> Anomie21: fwbuilder is a nice GUI and can be exported to pretty much everything.
<jMCg> We use it at $work for everything (ipfw, iptables, etcâ¦)
<jMCg> Personally, I just use ufw on Ubuntu
<jMCg> To repeat my fancy pants question from yestereve:
<jMCg> 18:58:37 < jMCg> I'm trying to run my own repo (with reprepro), but I run into the following problem: I'm rebuilding packages and they end up with the  same version number in different distros (lucid, precise, oneiric), so when I run includedeb on new packages, I get:
<jMCg> 19:00:41 < jMCg> http://dpaste.com/768679/
<jMCg> The progress so far: I know that what I want is not possible, because the repo uses the same pool to serve all files from it. If I want it any other way, I'd need a different config for each distro, but HEY HEY, the config is different for each distro ANYWAY. (emphasis mine)
<jMCg> putting Multiple in conf/incoming would allow me to put the package in multiple distributions, but of course not when the same version has different.. stuff. Is different.
<jMCg> I'm talking to myself, I know, but that's okay, really.
<jMCg> Ponies.
<glosoli> http://www.webmin.com/deb.html is this ok for doing webmin installatin on Ubuntu Server
<glosoli>  ?
<bazhang> !webmin | glosoli
<ubottu> glosoli: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<glosoli> bazhang: what would you recommend to change it
<glosoli>  ?
<bazhang> https://help.ubuntu.com/community/Zentyal
<glosoli> bazhang: is it free
<glosoli>  ?
<zul> good morning
<jamespage> morning zul
<jamespage> zul: hey - I uploaded a fix for openvswitch so that it will actually start with the 3.5 kernel
<zul> jamespage: cool...sorry i couldnt get to it soonser
<jamespage> however the DKMS package is still broken - I did try to pick some patches but it got to the point where I may as well just done a HEAD snapshot
<jamespage> zul, also the kernel module is NOT provided by the kernel on arm*
<zul> jamespage:  ok ill take a look at it this afternoon...i swear
<jamespage> zul, sorry - I was not hassling - I'm through my immediate blocker with this mornings upload
<jamespage> just wanted to impart what I had discovered
<zul> jamespage: i know you were not hassling..i need to spend some time on it
<feisar> Hi I have a question regarding UFW, I'd like to do the following: sudo ufw allow from any to 192.168.255.5 port 60000:65535/tcp
<feisar> but I get the error: ERROR: Port ranges must be numeric
<jdstrand> feisar: change /tcp to ' proto tcp'
<Pupeno_W> What's the proper place to modify the prompt system wide?
<feisar> jdstrand: thank you : ) 'sudo ufw allow proto tcp from any to 192.168.255.2 port 60000:65535' did the trick!
<RoyK> any idea what kernel I should choose for an ubuntu server guest (x86_64) under vmware esx?
<stgraber> hallyn: so, thinking about it some more (but still haven't checked your branch, sorry), I guess the easiest way of dealing with this mess would be to add an index argument to all the *_config_item() functions and an extra count_config_item() function
<stgraber> hallyn: for most of the keys (!network basically), this would be set to 0/NULL but for network, you would be able to query the various sections independently using it
<stgraber> hallyn: though I don't really like the count_config_item name, would have to think of something better as it wouldn't be returning the number of key with a matching name, but instead the number of sections to use with index=
<stgraber> hallyn: I suppose it could simply be count_config_section() and based on what we currently have, the only option where it'd return >1 would be for anything under lxc.network
<jamespage> zul, around? wanted to discuss something openvswitch-ish with you
<zul> jamespage: yep
<jamespage> zul, OK _ let me set the scene
 * zul gets his popcorn
<jamespage> I'm working on packaging a tool called mininet which makes use of the openvswitch-controller
<jamespage> however; it uses the ovs-controller executable directly
<zul> ok
<jamespage> BUT the openvswitch-controller package installs an init scripts and starts it up automatically
<jamespage> I considered doing bad things in the postinst/postrm script for mininet to stop/disable it
<jamespage> but going on the big linitian error I don't think using update-rc.d to manipulate another packages init scripts appears to be acceptable
<zul> ok
<jamespage> zul: how would you feel about some restructuring of the openvswitch package so that say all binaries are provided by -common
<zul> jamespage: i wouldnt mind
<jamespage> and the -controller et al packages just have the init scripts
<jamespage> zul, do you know the debian maintainer?  I think its one of the upstream guys
<zul> jamespage: yeah he is...i would talk to the debian guy...simon horms is his name i think
<jamespage> zul, ack
<jamespage> I'll email them both
<jamespage> rbasak, nice triaging BTW
<hallyn> stgraber: I figured only network would have a c->num_networks(), and then c->get_network_config(c, "macvlan.vlan_id") which returns -1 if invalid
<rbasak> thanks!
<stgraber> hallyn: surely with an extra parameter to get_network_config to tell it what network to retrieve the key from?
<jamespage> any chance someone could verify an SRU for me - bug 993291
<uvirtbot> Launchpad bug 993291 in nis "[SRU] package nis 3.17-32ubuntu1.2 failed to install/upgrade: invoke-rc.d: unknown initscript, /etc/init.d/nis not found." [Medium,Fix committed] https://launchpad.net/bugs/993291
<jamespage> cheers
<hallyn> stgraber: of course
<hallyn> lemme do some busywork and then i guess i'll write it all back down and see how it looks
<stgraber> hallyn: ok. I'm not a big fan of special casing networking like that, but at the same time my suggestion would essentially do that too (as count_config_section() would only return >1 for network)
<hallyn> stgraber: well there is another possibility - we can use our own tweak on the config syntax, and have:
<hallyn> get_config_item(c, "lxc.network") -> ("veth", "macvlan", "veth")
<hallyn> get_config_item(c, "lxc.network.nic2.macvlan_id") -> "4802"
<hallyn> uh, make that "veth\nmacvlan\nveth" for the first return value
<stgraber> hallyn: could you make that:
<stgraber> get_config_item(c, "lxc.network") => "eth0\neth1\neth2" (with ethX being whatever name lxc would use in the container)
<stgraber> then have get_config_item(c, "lxc.network.eth2.macvlan_id") => 4802
<stgraber> because I'm kind of planning to ask for a config format change for lxc.network to essentially match the above, so that way, if that change ever gets upstream, we wouldn't need any API change
<stgraber> (or rather, API consumers wouldn't need to change)
<hallyn> stgraber: but they don't have to have a name
<hallyn> i suppose for unnammed ones i could use 'nic%d', and use the name if it exists...   complicates (and makes more fragile) by a bit, but gives you what you want in most normal cases
<stgraber> hmm, good point...
<stgraber> ok, let's just go with lxc.network.<index>.<key> => lxc.network.0.macvlan_id
<stgraber> or nic0 if you prefer but I'm not sure it really makes it any clearer :)
<hallyn> agreed
<hallyn> i suspect from a user pov this will mean we'll want a get_keys() fn, i.e. get_keys("lxc.network.0")
<stgraber> hallyn: yeah, that'd make my life much easier when writing the python code to deal with networks. Otherwise I'd have to include an hardcoded list of keys and go through them all, not difficult to do but seems to be a bit of a waste of CPU time ;)
<glosoli> Hey folks, I have some question, so here it goes: I have made backup via Direct Admin from some shared hosting, is there any way to restore that backup in some Dedicated Server I own with something other than Direct Admin ? cheers
<jamespage> Ursinha, do you have the mootbot meeting log for last week?
<jamespage> I seem unable to find it :-)
<Ursinha> oops, sure, just a moment
<jamespage> Ursinha, thanks for running the meeting BTW - much appreciated
<Ursinha> jamespage, no problem at all, sorry I haven't updated the page as I should
<Ursinha> jamespage, here's is the output generated by the bot: http://ubottu.com/meetingology/logs/ubuntu-meeting/2012/ubuntu-meeting.2012-07-03-16.00.moin.txt
<jamespage> Ursinha, ta
 * jamespage nudges Daviey about the thrift packages in the NEW queue
<Daviey> jamespage: undoubtedly
<jamespage> Daviey, ta
<Daviey> jamespage: It's all accepted, but can you confirm python-thrift needs Arch: any ?
<jamespage> Daviey, yep - it builds a .so
<Daviey> ah, super
<Daviey> o/
<Daviey> gah
<bencer> there were some ongoing efforts to package ovirt, what's the status of this on 12.10?
<smb> zul, Hm, I just realized (by failure) that between my xen version and yours from the later source there seems to be a tiny but evil difference that it does not create the /usr/lib/xen-default link. Something that libvirt does not like much...
<Daviey> !!!
<zul> smb: ergh...ok
<smb> zul, Not sure why. To me the update-alternatives --remove in the xen-utils postinst looks a bit weird...
<zul> smoser: i have a euca2ools patch if you want to review it later this week
<smoser> zul, have you/can you do a pull request to upstream?
<smoser> https://github.com/eucalyptus/euca2ools
<zul> smoser:  no/yes, it adds armhf as a valid architecture
<zul> so i dont know if its suitable for upstream inclusion
<smoser> i would suspect it is.
<smoser> or surely we can make it such that it is
<glosoli> I am installing Zentyal
<glosoli> anyone can say what does that mean "   â Please enter the password for the admin entry in your LDAP directory.  â  "
<glosoli>  ?
<glosoli> LDAP Directory what exactly is it for
<xranby> glosoli: LDAP can be used to keep track on manu users in larger organizations. like centralized login authentication for multiple systems
<xranby> many
<glosoli> so that password should be hard to ques ?
<glosoli> guess"
<Daviey> zul: so.. should we do a pep8 1.1 upload?
<zul> Daviey: wouldnt it be a bit backwards since we already have 1.2 in quantal
<Daviey> zul: i mean, 1.1 to quanta
<Daviey> quantal
<Daviey> As in, i don't think openstack is going to 1.2 anytime soon
<xranby> glosoli: sorry i have not setup any Zentyal system so i cant guide you..
<glosoli> xranby: what do you use
<glosoli>  ?
<zul> Daviey: yeah i started getting the pep8 tests past with 1.2, its not going to be easy
<zul> so yeah
<Daviey> zul: i think we should just go back :(
<Daviey> i'll do that now
<zul> Daviey: i dont want to....but yes
<zul> Daviey: pep8 will need to be blacklisted for syncs then
<zul> jamespage: i dont understand it...according to the changelog for openvswich you patched to work with 3.5 but dkms building still fails for me
<jamespage> zul, I did not - "use of openvswitch without openvswitch-datapath-dkms"
<jamespage> I could not get the dkms build to work
<smb> zul, So yes, I think that xen-utils-4.1.postinst should actually have a "update-alternatives --install /usr/lib/xen-default xen-default /usr/lib/xen-4.1 50" (or whatever prio is normal) instead of --remove-
<zul> jamespage: ok ill start there then :)
<jamespage> zul, it probably needs a 1.7.x git snapshot with some patches I think
<zul> smb: 4.1.3~rc1+hg-20120614.a9c0a89c08f2-3 removed the /usr/lib/xen-default according to the changelog
<zul> smb: so libvirt needs to be fixed
<zul> jamespage:  or patch the snot out of the dkms module
<jamespage> zul, I got to 5 patchsets; none of which applied cleanly and then gave up
<zul> jamespage: *sigh* :)
<smb> zul Just read that... Though I wonder how well that works if xen suddenly becomes xen-4.2... But probably not an immediate problem...
<zul> smb: i guess we will find out eventually :)
<smb> Pretty much very likely. :)
<zul> jamespage: crud... with the openvswitch git tree http://paste.ubuntu.com/1084805/
<jamespage> zul: yeah - git tree + patch to allow 3.5 kernel
<zul> jamespage: right
<jamespage> zul, there is only one explicit kernel check in datapath/datapath.c
<jamespage> and note that the only think that this provides over the kernel openvswitch provided module is the brcompat module
<jamespage> which is not advised....
<zul> yeah
<zul> jamespage: i wonder why we are still using the 1.4 branch
<jamespage> zul, not sure; its been pretty much untouched from Debian AFAICK
<jamespage> AFAIK
 * jamespage <- should learn to type
<zul> maybe stick 1.6.1 in a ppa so we can test it out
<zul> jamespage: there is a program called hooked on phonics :)
<jamespage> zul, it still lacks the 3.5 support tho
<jamespage> I think thats only in the 1.7 branch
<jamespage> sorry - not even there....
 * jamespage sighs
<jamespage> zul: worth a discussion with upstream - bpl just pointed out an obvious way for me to fix my mininet problem...
<jamespage> without restructuring the package....
<jamespage> blp that is
<jamespage> not bpl - he's someone else....
<glosoli> http://dpaste.org/PmoiE/ how do I fix this ?
<piercedwater> I am trying ton convert FLAC to ALAC using avconv, but i get this error and avconv stops: [flac @ 0x824baa0] Format detected only with low score of 25, misdetection possible!
<piercedwater> any ideas?
<r3dLunchb0x> looking for a good server reporting tool. Just need basics, top/network/disk/cpu/mem
<r3dLunchb0x> something I can send to management
<tonyyarusso> Hi, I just copied rsyslog config files over from an older Ubuntu system (either 10.04 or 8.04) to a new Ubuntu 12.04 system, and something's different with our logging behavior.  This is a central logging box, and it's supposed to write to separate files per source host.  Problem is, it's doing that AND writing EVERYTHING to the normal /var/log/syslog.  Did something change in how that's handled in the config file?  How do I ...
<tonyyarusso> ... tell it not to duplicate the remote stuff, and only put local messages in there?
<tonyyarusso> Here's the config we're using:  http://pastebin.com/exZtpiSK
<tonyyarusso> r3dLunchb0x: What exactly are you trying to report?  They're current status?  Capacity trends?  Outage history?
<r3dLunchb0x> trends over 5-7 days. I tried nagios and zabbix but i would like simple...bash scripts even
<glosoli> Hmm wha can be the problem
<glosoli> apache2 is isntalled
<glosoli> there is no init script for it
<adam_g> win 9
<koolhead17> hoi all
<r3dLunchb0x> tonyyarusso: trends over 5-7 days. I tried nagios and zabbix but i would like simple...bash scripts even
<tonyyarusso> r3dLunchb0x: For things like disk space, a little bash script would be fine.  Network traffic would be a little trickier, depending on what level of granularity (how frequent of checks) you need.  You could use the Nagios plugins and just run them from cron, or use snmpget for everything, again from cron.
<tonyyarusso> If you wanted to actually calculate trend lines or anything there are ways to do it, but it'd be a bit more complicated.
<r3dLunchb0x> tonyyarusso: snmpget....i tried that on ubuntu server 10.04 running on HP proliant hw, I get nothing worth while...Is there not a pkg for something like this?
<rbasak> du2rrd (http://oss.oetiker.ch/optools/wiki/du2rrd) is awesome for monitoring disk space
<zastaph> can't decide if I should setup RAID 0 or 1 from BIOS which is a fake RAID or from Ubuntu https://help.ubuntu.com/community/Installation/SoftwareRAID on my HP Microserver
<RoyK> zastaph: I'd drop raid config and rather use software raid
<RoyK> just my opinion...
<zastaph> right
 * RoyK has setup dozens of servers on software raid...
<zastaph> I got one 160GB and 2 250GB in the server.. could probably do RAID 5, but then all 3 would be 160GB i guess
<RoyK> you have a wee bit more control with software raid when something goes wrong
<RoyK> two small partitions for the root and the rest for raid-5 should do
<RoyK> although, personally, I never mix those, but I guess there aren't too much space in that thing
<RoyK> what about two tiny SSDs for the root mirror and three largish drives for the data?
<zastaph> i got 2 small servers.. this one will be for KVM on a USB stick, and then 160GB space for 3-4 VM's .. then on the other server I'll install a samba/NFS for actual storage
<zastaph> i figured that would be the right way to do things
<RoyK> you could use two USB sticks for the root and the drives in raid-5
<RoyK> you'll hit the wall once it starts swapping, though
<zastaph> if the USB stick breaks I'd just lose the RAID master and KVM server... that could be restored I guess
<RoyK> zastaph: keep in mind swap if you want to use a usb stick for the root - those sticks are usually slow
<zastaph> right..
<RoyK> zastaph: if you have sufficient memory, decrease vm.swappiness to something very low, like 0
<zastaph> so could use the 160GB for KVM, and buy 3 new for RAID-5 for VM's
<RoyK> kvm/libvirt without the VMs is just config files
<Lcawte> Anyone around to help me with some firewall problems
<RoyK> so two 16GB plugs in a mirror for the root should suffice
<zastaph> yes but you said if I use usb stick I'll get a bottleneck?
<zastaph> don't have 2 plugs, only 1
<RoyK> a usb hub? :)
<RoyK> another single point of failure, so maybe not
<zastaph> :)
<RoyK> Lcawte: !ask
<RoyK> erm
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<RoyK> zastaph: are you sure there aren't more USB outlets on the mobo?
<RoyK> there usually are
<zastaph> RoyK, internally no.. but sure outside.. but hmm?
<zastaph> and raid on USB sticks?
<RoyK> why not? :)
<Lcawte> Ok, so I'm running Ubuntu Server, and I have iptables installed, anyway... the firewall I assume, it doesn't seem to be the router, as other people were getting through, used to "randomly" block certain people, like one of my friends used to get blocked, but now everyone but my IP seems to be blocked. Although, on ports other connections are getting through from the same server... whats going on?
<Lcawte> domain is lewiscawte.info
<zastaph> and that's a stripe raid i guess?
<RoyK> zastaph: raid-1 aka mirror
<zastaph> but then I don't get any speed from it.. so what's the point? if the KVM itself breaking isn't any critical?
<RoyK> zastaph: so that when (not if) one of them dies or is unplugged, the other can do the job
<zastaph> the VM's could still be restored i guess
<RoyK> zastaph: well, if the root dies, your VMs will probably have a rather hard time
<zastaph> hmm, right
<zastaph> and installing RAID on the root is as easily as doing it on other disks?
<RoyK> but then, if you don't need uptime, just go with a single drive
<zastaph> no I don't need uptime
<RoyK> zastaph: with ubuntu server, yes, just create partitions for boot and root and swap as "physical partitions for md" (equal size on both drives) and configure md
<RoyK> that's during install
<RoyK> you can't do that with ubuntu desktop install
<zastaph> right, I read that
<zastaph> what if I choose minimum install? (for virtual machine)
<RoyK> but then, running ubuntu desktop off a usb plug won't be much fun :P
<zastaph> should I choose normal
<RoyK> erm
<RoyK> the VMs shouldn't do much thinking about md
<RoyK> just setup your server with two USB sticks, make a mirror on  those, or three, one for boot, one for root, one for swap
<RoyK> once installed, create a raid-5 on the three spinning drives (or do it during install, up to you)
<zastaph> i also had this design in mind: 1 USB for root (KVM on Ubuntu) .. 160GB for VM's, and RAID 1 on x2 250GB's, doing daily/weekly backup of the VM's to that. Anyway if I put my VM's on a RAID it's not a backup
<RoyK> mount that somewhere like /usr/lib/libvirt (if you do it after installation, make sure to rsync -avPHAS the data from the old dir to the newly mounted)
<zastaph> and then all data on my secondary server, RAID 10 setup or something
<RoyK> zastaph: didn't you say you had a secondary server? if so, use that for backup
<zastaph> someone told me it's always a good idea to use a decoupled NFS for data, to avoid having data in VM's, keep them tidy
<RoyK> I don't think that would be of much need
<RoyK> I've been running VMs off NFS for some time
<zastaph> I like the idea of decoupling logic and data
<RoyK> zastaph: sure, the data is under /var/lib/libvirt/images, the logic is mostly under /etc/libvirt
<RoyK> zastaph: but then, decoupling sufficiently, and you lose control over what's really needed, to keep good backups until the day you need them
<zastaph> yes and I would just mount the other server folders on the KVM server
<RoyK> zastaph: well, not much changes in kvm land, except the images, that is, unless you change the VMs
<zastaph> lets say I have my git repositories and my sql databases taking up 1 TB .. Would you store those inside the actual VM image? or on a secondary image on the same server?
<RoyK> zastaph: if I were you, I'd setup the server with two small, spinning drives, and perhaps a spare, and just use the storage server for the VMs, over NFS
<RoyK> zastaph: you *can*, but it's not necessarily a good idea to run databases in a VM. Better use the fileserver for that. For Git, I don't think it matters much, but perhaps an NFS share on the fileserver for storage will look better the day you need to extract it and the VM has somehow died
<zastaph> would you make small images for VM's? 30GB something, and then secondary images for the server, and everything on the storage server?
<zastaph> duh, secondary images for the data
<RoyK> just tell kvm not to allocate the VM images, and let them grow dynamically, then you can make them as big as you like (or whatever is healthy)
<zastaph> then you would store the actual data (git repositories, etc.) inside the VM's ?
<RoyK> for data, I'd say use the fileserver with NFS from the VMs
<zastaph> heh i'm lost
<zastaph> i thought the mantra about VM's is that they are "encapsulated" and can be easily moved
<RoyK> control question: You're setting up a fileserver with a bunch of space, right? And, you're setting up a smallish server to serve VMs
<zastaph> fileserver has 4 1TB's .. I was thinking about setting up vanilla Ubuntu server on that, with manual samba or NFS sharing..
<zastaph> but yes to your question
<RoyK> zastaph: in my world, I'd use VMs for small things or application specific setups, like a Zimbra server, or some webserver for my brother, or this irc login host
<RoyK> for things demanding I/O specifically, I'd use iron
<zastaph> what is Iron
<RoyK> hardware
<RoyK> like your fileserver
<zastaph> performance is not my main goal.. i'll be the only user of these servers.. maintainability, stability and not losing my data is important
<RoyK> zastaph: if a VM needs to serve large amounts of data, I would do that via NFS from the server to avoid that data locked up in a VM image
<zastaph> i'd like to keep things simple though
<RoyK> if it's smallish, it's no problem
<RoyK> if it's a database, I'd use the fileserver, if the database is significant in size
<RoyK> if it's something small, like a wordpress db, just use it locally
<zastaph> install mysql on the fileserver?
<zastaph> not install mysql in a VM, and then the actual data on the fileserver?
<RoyK> I have a single server at an ISP running a few VMs. A few of the VMs need databases, and the host runs those. It makes better use of available memory than spreading that buffering out to the VMs, allowing me to shrink memory use on the VMs
<RoyK> I don't run databases in VMs unless it's something very isolated
<RoyK> or unless someone is sufficiently geeky to demand full admin rights to that db :P
<zastaph> make sense.. and indeed it would be a good idea to just install mysql to the fileserver running vanilla ubuntu
<zastaph> it should be able to handle that and samba/NFS at the same time
<RoyK> yes
<RoyK> even a very, very, very cheap machine would be able to handle that
<RoyK> even a cheap cellphone :P
 * RoyK reminds everyone that 1999 is over
<zastaph> actually.. I could also install git-core on the fileserver, rather than letting a secondary server/VM handle that
<zastaph> i'm starting to rule out the VM server's purpose now :p
<RoyK> zastaph: so long noone needs direct access to the git root, yes
<RoyK> zastaph: but if you want someone to access the git file store directly, that's better done within a VM
<zastaph> i.. don't think I need that
<RoyK> zastaph: but then, perhaps the git file store may be on the fileserver, shared with nfs
<resno> my machine booted to busybox, ibelieve my hdd is failing, how can i get it running temporarliry?
<zastaph> just a generic git user, behind ssh
<resno> i tried fsck
<RoyK> resno: boot on a live cd and start troubleshooting from there
<zastaph> and when I think about it.. KVM only complicates things :)
<RoyK> :)
<zastaph> and if I can run git+mysql+samba/NFS on one server, I have a whole server leftover for playing around
<RoyK> zastaph: you can probably run those VMs on the fileserver as well, normally samba+mysql+git won't use that much cpu
<zastaph> and install KVM where?
<RoyK> that's what I ended up doing, just two 1,5TB drives in a mirror, cpu is just a core2duo, 6 gigs of RAM, currently 5 VMs in production
<RoyK> on the fileserver
<resno> RoyK: production wise, what hypervisor do you use?
<RoyK> just make sure you have (a) mirrored root on separate drives and (b) a small RAID set, RAID-5 or better, for the data, also on separate drives
<RoyK> !kvm
<ubottu> kvm is the preferred virtualization approach in Ubuntu. For more information see https://help.ubuntu.com/community/KVM
<resno> oh you use kvm everywhere?
<RoyK> resno: I just use kvm, some people prefer Xen, since it's slightly cooler, but it's harder to work with (IMHO)
<zastaph> RoyK, fileserver has 4 1TB's .. can't I just RAID10 those for one main ubunut server? and then install git+mysql+samba/NFS ?
<RoyK> resno: at work, we use vmware in a rather large setup - kvm can't do that IMO
<resno> RoyK: i was considering going esxi
<RoyK> zastaph: do you have room for another two oldish 160GB drives for the root?
<zastaph> resno, I tried all of them before I settled with KVM.. they are only headaches :)
<RoyK> resno: it's better, I guess, but KVM works well for me
<zastaph> RoyK, not without some modifications.. but.. if I'm not going to KVM, why do I need a root?
<resno> RoyK: my question has been how do you setup drives on a baremetal hypervisor?
<resno> esxi on usb, and then os drive and then data drives?
<zastaph> esxi lost me when I tried to clone and had to pay cash :)
<RoyK> resno: depends on the hardware, obviously, but my typical setup would be two small spinning drives for the root, and a largish raid-5 or raid-6 for the data
<resno> RoyK: "root" being? oses stuff?
<RoyK> or raid-1+0 if you're worried about IOPS
<RoyK> resno: root being your root filesystem with its programs, /boot and swap
<resno> gotcha
<RoyK> zastaph: erm - you need a root filesystem on the server ;)
<zastaph> RoyK, then we're back to scratch.. root on one server, and data on fileserver
<RoyK> zastaph: and you can't boot off a raid-[56]
<zastaph> oh
<zastaph> I only have 4 HDD slots in each server
<zastaph> rest have to be mounted in special ways
 * RoyK hands zastaph a roll of duct tape
<zastaph> decisions decisions
<RoyK> or perhaps a new chassis? ;)
<zastaph> ouch
<zastaph> all the time wasted to customize these 2 :)
<RoyK> most of us have a few around, and they should be usable for most mobos
<zastaph> so.. even if I wanted to dedicate one for solely fileserving, I would still need 1-2 extra disks for its root? if I wanted the 4 HDD slots for RAID-10 ?
<RoyK> yes, you need more than four drive slots for a good fileserver
<RoyK> you can, however, run the root off a couple of usb drives, but it will be slowish to boot, and not much fun if it starts swapping
<resno> heh, a fileserver with limited drive expandability?
<RoyK> but then, swapping is rarely fun
<RoyK> resno++
<zastaph> resno, but a very energy efficient one ;)
<zastaph> they both have eSATA :p
<resno> is using sas not an option?
<RoyK> zastaph: how many esata ports?
<soren> RoyK: Actually, grub2 should support booting from raid5.
<RoyK> zastaph: a port multiplier won't be much good for performance
<zastaph> 1 in each
<RoyK> soren: oh - when did that happen?
<RoyK> !grub2
<ubottu> GRUB2 is the default Ubuntu boot manager since 9.10 (Karmic). Lost GRUB after installing Windows? See https://help.ubuntu.com/community/RestoreGrub - For more information and troubleshooting for GRUB2 please refer to https://help.ubuntu.com/community/Grub2 - See !grub1 for releases before Karmic (9.10)
<zastaph> soren, RAID-10 too?
<soren> RoyK: I have mailing list posts from at least 2009 suggesting that it works.
<soren> RoyK: http://www.mail-archive.com/grub-devel@gnu.org/msg08994.html
<zul> hallyn: ping
<RoyK> soren: I thought I tried that within a vm with precise just recently and found it didn't work at all
<zastaph> and does that work for software raid too?
<zul> soren: grub2 works?
<RoyK> still
<RoyK> even if it *is* supposed to work, I stand my ground: I would recommend two smallish drives for the root, and a small bunch of largish drives for a RAID-5 or -6 set for the data
<RoyK> that will separate system and data, and make recovery far easier the day it all goes wrong
<zastaph> hmm right..
<zul> hallyn: so libvirt-lxc segfaults for me
<hallyn> zul:		/win 20
<soren> zul: It's been known to not be entirely broken at times.
<hallyn> (*&(* lag
<zastaph> RoyK, then I could get a dual-disk device -> eSATA and boot from that, and use 4 HDD's in each for RAID-10
<hallyn> zul: where does it segfault?
<zul> hallyn: when its trying to load veth0
<zul> hallyn: hold on
<RoyK> zastaph: sounds like a good idea ;)
<zul> hallyn: this is the dmesg
<zul> hallyn: http://paste.ubuntu.com/1085179/
<RoyK> zastaph: or even better, you said you weren't worried about performance, if so, rather use raid-6, same net data, better safety
<zul> hallyn: http://paste.ubuntu.com/1085180/ thats the xml domain
<zul> hallyn: thats the log file: http://pastebin.ubuntu.com/1085182/
<zul> hallyn: and yes veth is loaded
<zastaph> RoyK, thanks for all the ideas
<RoyK> zastaph: out of interest, how many VMs do you plan to run concurrently?
<RoyK> if it's just a few, and perhaps a local mysql or postgresql db on the host, and a git thing, then raid-6 or even raid-5 will probably suffice
<zastaph> yeah 3-4
<RoyK> linux' i/o scheduling and buffering does a fairly good job for those things
<zastaph> but don't forget it's atom based servers, and software raid
<RoyK> which atom?
<RoyK> H?
 * RoyK sniggers
<RoyK> sorry, just, which atom cpu?
<RoyK> and how much memory?
<zastaph> Acer easyStore H340 -> Intel Atom 230 ... HP ProLiant Microserver -> AMD N36L
<zul> hallyn: and im at a lost
<zastaph> ahh memory.. only 2 GB in the easyStore but 8 GB in the microserver
<zastaph> which calls for the easyStore being just a dumb fileserver
<zastaph> and Atom 230 has no hardware extensions
<zastaph> for virtualization
<RoyK> then better separate them
<resno> atoms virtualizing..
<hallyn> zul: trying...
<resno> this is just sounding worse to me
<zastaph> HP microserver is quite good for virtualization with a minimum energy use
<zul> hallyn: 0.9.13 does the same thing i think
 * RoyK thought his fileserver was fried today and checked pricing for a new mobo+cpu+8GB RAM and it cost about NOK 1300 with a two (or four?) core amd thing
<RoyK> I don't really see a good reason for using atoms for servers...
<hallyn> zul: you get this with what's stock in quantal?
<zul> hallyn: yep
<RoyK> zastaph: how much did those machines cost?
<zastaph> RoyK, yeah perhaps I live up to the saying when you buy cheap you pay double :)
<RoyK> zastaph: and btw, that was from a local computer shop, not something from ebay ;)
<zastaph> RoyK, don't recall.. easyStore I bought for windows home server (which broke, obviously) and HP Microserver was quite cheap
<RoyK> NOK 1300 is ~USD 200, btw
<zul> hallyn: if i removed the nwfilter stuff it works fine
<zastaph> looking for a eSATA device for 2 HDD's
<RoyK> zastaph: really, get an old chassis with room for some drives and start over - it'll be easier and probably just as cheap ;)
<zastaph> RoyK, and I have a wet dream to get ZFS working :p http://sstahlman.blogspot.dk/2011/02/acer-easystore-h340-using-eon-to-fool.html
<RoyK> zastaph: and quite possibly very much better
<RoyK> zastaph: with linux?
<zastaph> mmm.. wanna buy 2 small servers? :)
<zastaph> nah solaris
<RoyK> I've used openindiana in production for some time
<RoyK> but I guess smartos or omnios may be better supported these days
<zastaph> I looked at the install docs and just gave up :)
<zastaph> i tried smartos, same feeling
<resno> i was once excited about zfs, but now im against it
<zastaph> if they make ZFS in something as easy to use as ubuntu server, I'm on
<resno> non-expandablity of raid was a kill
<RoyK> resno: I've used zfs for some 400TB of storage and it rocks, but I'm using linux md for my home server for the reason you mention
<resno> yea, for my home server being stuck willnever work
<RoyK> resno: the only way to expand a redundant zpool correctly, is to replace every drive with larger ones, which is somewhat a showstopper for a homeserver
<RoyK> linux md rocks that way :D
<RoyK> make a mirror, convert to raid-5, add a drive, add another, convert to raid-6, oops need more space, convert to raid-5 ...
<zastaph> someone needs to simplify RAID :)
<RoyK> zastaph: it's a bit hard for a complex system like zfs
<RoyK> since raidz is more like raid-3 than anything else - there are no block-level stripes, just write stripes
<RoyK> and then there's a snapshot, or a clone, and another dedup, so to change that to something else while running, you need to rewrite the whole system, which isn't very easy
<zastaph> everything can be simplified.. system shouldn't ask you silly questions like pools and stripes.. instead it should show you a GUI with your harddisks, and ask if you want reliability or speed, and then set it up behind the scenes :)
<resno> RoyK: im just curious if i have two disks free and a 3rd with data... can i do that?
<resno> zastaph: do you run a gui on your server?
<RoyK> resno: detail that, please
<zastaph> nah, just saying that RAID could be simplified a lot
<RoyK> zastaph: it really can't
<RoyK> zastaph: RAID is rather complex
<hallyn> zul: bridging to virbr0 worked fine, bridging to br0 seems to have killed my instance
<resno> RoyK: ok. 3x2TB drives. 2 of the drives are empty. 1 drive has stuff on it. so, i want to start raid but dont have 3 disks to do it (raid 5)
<RoyK> zastaph: it'd be like saying "scientists, can you please simplify this physics thing?"
<zastaph> so was programming in the 80es.. but it's gotten easier :)
<hallyn> or just killed its network
<RoyK> resno: just create a RAID-5 on those two drives
<resno> RoyK: ah, you can do that... ool
<RoyK> resno: then create a filesystem on that one, or perhaps an lvm system first if you want more flexibility, then create a filesystem on the lvm
<resno> swell
<resno> RoyK: gotta run andpikc up the kid :) bbl
<RoyK> resno: then move the data, then expand the raid to the third drive, it'll take half a day or so, but the system will be online during that time
<stgraber> hallyn: hmm, I have a weird one for you, maybe you have a clue of what's going on here :)
<stgraber> ~ # ls /proc/sys/net/ipv4/conf/
<stgraber> all      default  eth0     lo       sit0
<stgraber> ~ # ls /proc/sys/net/ipv6/conf/
<stgraber> all      default  lo       sit0
<stgraber> hallyn: found that one while testing my automated ipv6 tester with quantal containers
<stgraber> hallyn: basically eth0 vanished from ipv6/conf but not from ipv4/conf (I'd expect it to be present in both)
<stgraber> I didn't even know that was possible (and not quite convinced it should be ;))
<RoyK> stgraber: can you pastebin 'ifconfig -a' ?
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<hallyn> stgraber: interesting.  i don't get that in precise at least
<stgraber> RoyK: no ifconfig, I'm debugging that in an installer initrd ;) and don't worry, I know pastebinit, I wrote it.
<stgraber> hallyn: that's with a quantal container running on a precise host
<stgraber> hallyn: running the exact same test with precise container on the same quantal host works fine
<hallyn> quantal container on quantal host also works for me.
<hallyn> lemme create a quantal container on my precise laptop
<stgraber> hallyn: yeah, seems to be specific to whatever d-i is doing, the router container works great on quantal
<hallyn> funky
<stgraber> yeah, also based on the logs it worked for a while as it managed to run rdisc6, get an IP and everything, then dhclient started and no more v6 after that :)
<hallyn> and so you don't expect me to see this in a quantal container on precise host?  you were doing something 'special'?
<stgraber> hallyn: well, starting debian-installer in a container, that's all ;) (which you may consider as "special")
<hallyn> i do
<hallyn> is it possible for you to have it straced?
<zastaph> RoyK, hey.. I thnk both servers support PXE boot.. can't I just use the 1 server for root then, and boot second server from first, thus dedicate all 4 disks to RAID-6 ?
<stgraber> hallyn: stracing the whole installer is a bit tricky as it's downloading quite a few megs of stuff from the network, I'm trying to figure out exactly what bit triggers that bug so I can strace it
<RoyK> zastaph: you can, but I still think it's a jolly good idea to use an old chassis with some cheap mobo with enough SATA controllers and room for drives and more SATA controllers as the drives fill up
<hallyn> zul: jinkeys!  this is a kernel bug
<hallyn> smb: ^
<hallyn> well, ok, the kernel bug doesnt' really look like what zul is reporting, but crikey
<stgraber> hallyn: though besides half of the libraries changing, a clear change is isc-dhcp that got bumped from 4.1 to 4.2, I'll diff the dhclient script quickly to see if it wouldn't be that simple :)
<RoyK> erm - what kernel bug?
<hallyn> the one where when i do 'brctl addif br0 veth0' my networking hangs
<zastaph> RoyK, these 2 might have more SATA controllers inside, but then I need to figure what to do with power aswell
<RoyK> zastaph: most drives don't use too much power these days, at least not the "green" ones
<zastaph> and why is PXE a bad option?
<RoyK> zastaph: just please listen - using a traditional pc with very cheap mobo+cpu+memory will make your life a bit less miserable once you need to upgrade
<hallyn> zul: does your whole compute node become inaccessible after that segfault or not?
<RoyK> zastaph: it's just another thing that can fail
<zul> hallyn: no dont think so
<hallyn> odd
<zastaph> RoyK, sure.. but it's hard to accept that I have to give up 2 servers :)
<hallyn> all right let me go grab my quantal laptop and test on bare metal
<zul> hallyn: no it doesnt
<RoyK> zastaph: sell them on ebay :D
<RoyK> zastaph: or keep one for playing around, use it for something cool
<zastaph> might try that
<zastaph> I use VM's for playing around
<RoyK> zastaph: I've been working with data storage as my prime job for about three years, with mostly open systems, and I'm just giving you a bit of advice
<zastaph> but I don't want to build a server myself.. then rather buy something ready
<RoyK> zastaph: it's just a motherboard, a cpu and some memory and drives
<hallyn> zul: which kernel are you on?
<RoyK> and a havoc of cables
<zul> 3.5
<zul> 3.5.0-3-generic
<zastaph> with me, buying hardware is never just something, it's lots of options and decisions :)
<RoyK> well, that's your choice
<RoyK> I'm going to bed
<zastaph> good night
<RoyK> nite, lads and lassies
<zul> hallyn: i noticed that CONFIG_NET_CLS_CGROUP is built as a module
<stgraber> hallyn: http://paste.ubuntu.com/1085250/
<stgraber> hallyn: addr flush is the problem :)
<stgraber> hallyn: simplified version: http://paste.ubuntu.com/1085255/
<hallyn> stgraber: .... "don't do that" ? :)
<hallyn> man page says "this is a pretty dangerous operation" :)
<stgraber> hallyn: well, in netcfg we need to flush all the addresses and routes everytime we call netcfg
<stgraber> hallyn: I interpret this warning as "it's dangerous as you'll loose all your addresses and routes" but that's exactly what I want, except for the side effect of loosing the interface in proc :)
<hallyn> stgraber: now this only happens with veth (in a container) right?  if you do it on bare metal it doesn't?
<stgraber> hallyn: same on bare metal
<hallyn> zul: i'd say open a bug.  i can't get a box ready to reproduce today (and technically am not supposed to this week :)
<stgraber> hallyn: well, at least with a bridge interface. Let me try with a real interface
<zul> hallyn: cool...will do so
<hallyn> zul: thanks
<stgraber> hallyn: yep, reproduced on bare metal with eth0 on my netbook
 * stgraber patches isc-dhcp to workaround the bug for now
<hallyn> zul: when bridging to a br1 (which has a lxc container running on it) my libvirt container starts fine, so i'm not sure what is going on when i have it clinging to br0 with eth0
<hallyn> zul: and i haven't yet reproduced your segv :)
<zul> yeah...fun fun
<hallyn> haha.  shutdown my libvirt-lxc instance, 'why didn't it go away?'.  oh yeah...
<hallyn> zul: there you go.  it's the filterref
<zul> hallyn: thats what i supsected
<hallyn> http://paste.ubuntu.com/1085277/
<hallyn> bleh
<hallyn> well installing libvirt-bin-dbg should make it simple enough to debug.  next week.
<hallyn> stgraber: still looking through git log
<stgraber> hallyn: so far I know it affects 3.2 to 3.5 at least. I don't have anything running an earlier kernel to test against
<hallyn> stgraber: oh, but 'ip addr flush eth0' doesn't do that in precise userspace.  so it's not a kernel change
<stgraber> hallyn: it does in precise too, I was just lucky enough that isc-dhcp was using "ip -4 addr flush" back then
<stgraber> hallyn: now in 4.2 they changed it to "ip addr flush" instead which flushes both ipv4 and ipv6 and triggers the bug
<zastaph> so, RAID 1 is the only RAID ubuntu support for boot/root out of the box?
<hallyn> stgraber: no, i'm doing 'ip addr flush eth0' and it doesn't go away
<hallyn> but in q container it does
<stgraber> hallyn: definitely does here :) tried on bare metal 12.04 and in a clean 12.04 container
<hallyn> odd
<hallyn> in fact even if i chroot into my q container i still can't get /proc/sys/net/ipv6/conf/eth0 to go away
<hallyn> eth0 being my real but unused nic
<hallyn> maybe it has to be a non-init procfs?
<hallyn> no, doesn't help
<hallyn> all right, i need to run.  hopefully i can finish up the api stuff later tonight - but i'm not optimistic for tonight :(
<stgraber> hallyn: do you have an ipv4 on it?
<stgraber> hallyn: it probably needs something to flush to trigger it
<hallyn> stgraber: yeah, just did 'ifconfig eth0 10.0.9.9 up'.
<hallyn> (it wasnt' actually live, mind you)
<stgraber> hallyn: strace: http://paste.ubuntu.com/1085297/ (not that it's really useful as the netlink messages aren't exactly easy to decipher)
<hallyn> grumble :)
<cpg> hi, i have a 12.04 system that after upgrading everything, it seems to not be willing to upgrade the kernel for some reason:
<cpg> The following packages have been kept back:
<cpg>   linux-generic-pae linux-headers-generic-pae linux-image-generic-pae
<cpg> seeking advice as to why this could be
<hallyn> stgraber: i sacrificed my wlan0, but still couldn't get it to disappear
<hallyn> stgraber: ttyl
<stgraber> hallyn: really weird, I had no problem reproducing it on 3 machines here, two on 12.04 (both containers and host) and one on 12.10...
<stgraber> anyway, ttyl
<resno> zastaph: raid has been made easy by unraid
<resno> RoyK: have you ever looked at unraid?
<zastaph> he left
<resno> meh
<zastaph> I think I'm gonna buy this for my root/boot: http://www.raidsonic.de/en/products/soho-raid.php?we_objectID=6863
<zastaph> and then I can use the 4 internal disks on the HP Microserver for RAID-10
<zastaph> was kinda hard to find, as it's not a hdd enclosure nor a NAS
<zastaph> the category is sohoraid :)
<thys> hi
<ping__> n thys hy to
<thys> Im confused, files say that I have wzdftp but when I type in pstree it says it vsdftp. which is it have then?
<ping__> service vsftpd restart
#ubuntu-server 2012-07-11
<jasonmsp> hey all.  I have several websites hosting on my server (running apache) is there something  I can use to monitor network traffic and cap the total network traffic over a specified period of time?
<ping__> jasonmsp what u use for monitoring
<jasonmsp> nothing at the moment. I'm looking for a solution to monitor the traffic and cap it if they hit a certain threshold
<jasonmsp> but I'm looking to do that on a vhost basis.
<zul> hallyn: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1023205
<uvirtbot> Launchpad bug 1023205 in libvirt "libvirt_lxc crashed with SIGSEGV in random_r()" [Undecided,New]
<kyle__> pxe installing, I keep getting an error about a corrupt Packages file.  I read some posts suggesting just gunzip it, but it didn't help.
<adam_g> ww/away gone
<BankAdmin> Hello, can multiple virtual instances of Ubuntu Server access the same physical RAID array directly, or can this only be done by mounting samba shares of the physical host locally within each VM instance?
<BankAdmin> I can't stick around but if you have any info on this please let me know at public AT duvrazh (dot) net
<RamJett> Any know any link on beefing up dhcpclient for a server. I run a private cloud with openstack and the instances sometime have a glitch and do not get a dhcp response. It then destroys the interface and I loose IP.
<Super_Dog> Any fstab wizards out there?
<LordJebe> Hello, I would need a little help with an autoupdate script
<LordJebe> Any helping hands?
<RoyK> resno: looks to me unraid is some file-level raid aka raid-3. it' also proprietary, or little used, full of buzzwords etc, so i think i'll stick to linux ;-)
<_Andrew> Hi guys, need some help, I'm following the answers posted about getting DNS working here.. http://askubuntu.com/questions/140688/upgraded-server-to-12-04-dns-no-longer-working
<_Andrew> But none of the answers are working
<_Andrew> This is for 12.04
<_Andrew> Clean install
<RoyK> _Andrew: check /etc/resolv.conf
<RoyK> _Andrew: static ip or dhcp?
<ubuntu> Nathan_S
<Super_Dog> fstab wizards....  remember "\040"= a directory space in fstab...
<Super_Dog> That had me stumped...
<_Andrew> RoyK, I have a static IP set and I have added nameservers to resolve.conf
<_Andrew> but still can't ping google.com or anything
<_Andrew> In fact the resolv.conf just gets wiped regardless of the config I changed in the link I gave eariler
<jamespage> zul, I think we should drop the openvswitch-datapath packages based on what upstream have suggested for quantal
<RoyK> _Andrew: with static ip, you need to add the nameservers to /etc/network/interfaces - at the end of the eth0 block, add 'dns-nameservers x.x.x.x' and 'dns-search your.tld'
<Pupeno_W> is there a way to run bash instead of sh in upstart scripts?
<jamespage> zul, thoughts on openvswitch then? drop the datapath packages?
<zul> jamespage:  still waking up but yes...i agree
<feisar> could someone tell me why scponly has been removed from the repos and what I'm supposed to use instead?
<jpds> feisar: "(From Debian) RoQA; RC buggy, unmaintained, replacement exists; Debian bug #650590"
<uvirtbot> Debian bug 650590 in ftp.debian.org "RM: scponly -- RoQA; RC buggy, unmaintained, replacement exists" [Important,Open] http://bugs.debian.org/650590
<jpds> https://launchpad.net/ubuntu/+source/scponly/+publishinghistory
<zul> good morning
<feisar> jpds: thanks
<jamespage> zul, I'll stuff that in now then
<zul> jamespage: cool....i have to go figure out how to unbreak libvirt
<samba35> how do i change openstack dashboard passwd  ..password is lost by me
<samba35> usign 12.04
<Daviey> zul: does bug 1011627 need some love?
<uvirtbot> Launchpad bug 1011627 in six "[MIR] python-requests" [Undecided,Fix released] https://launchpad.net/bugs/1011627
<zul> Daviey: yes i just havent gotten to it yet
<Daviey> cool
<Daviey> roaksoax: python-mailer needs dh2 transition ?
<jamespage> zul: I'm just going to disable the package in control for the time being
<jamespage> upstream might make it work again at some point in time
<jamespage> i.e. its a hack
<zul> jamespage:  yeah i think 1.4.2 might be getting long in the tooth as well
<jamespage> zul, I think an update to 1.6.x with current snapshot from branch-1.6 might be a good idea
<jamespage> zul, I can do that at the same time if you like - have a test setup here already
<zul> jamespage: stick it in a ppa first before uploading it :)
<hallyn> zul: hm, for some reason tftpd-hpa is not starting right here on boot.  upstart thinks its running, but ps -ef | grep tftp shows nothing, and clients aren't connecting
<hallyn> when i sudo restart tftpd-hpa, then clients can connect and ps -ef | grep tftp shows it running
<zul> running what?
<hallyn> root     18298     1  0 08:02 ?        00:00:00 /usr/sbin/in.tftpd --listen --user tftp --address 0.0.0.0:69 --secure /var/lib/tftpboot
<hallyn> i see nothing in the upstart job that should cause that...
<roaksoax> Daviey: checking...
<roaksoax> Daviey: that'
<roaksoax> Daviey: that's wird I thjought I had uploaded it already
<Daviey> roaksoax: heh
<roaksoax> Daviey: done!
<Daviey> \o/
<roaksoax> Daviey: if you are doing AA work, could you also take care of python-tx-tftp please?
<roaksoax> it's in the new queue
<Daviey> roaksoax: i accepted it earlier :)
<roaksoax> Daviey: awesome then, thanks1`
<roaksoax> Daviey: awesome then, thanks1
<roaksoax> err
<roaksoax> !
<Daviey> oh what
<Daviey> I reviewed it, but didn't accept it.
<Daviey> roaksoax: I wanted to question why you didn't use github?
<Daviey> roaksoax: There isn't a debian/watch file which will probably be needed for MIR btw
<Daviey> but happy to accept it.
<roaksoax> Daviey: I didn't use github because I wanted to use the same approach as we did with cobbler on having it imported over launchpad, and for ease of packaging
<Daviey> roaksoax: ok, cool
<roaksoax> Daviey: and can't really have a watch file when upstream doesn't provide tarballs, can we?
<Daviey> roaksoax: well.. you can.. it's just less fun.
<Daviey> probably not required for this example TBH
<Daviey> anyway, accepted :)
<roaksoax> Daviey: I see, cause I couldn't find any examples of importing from a branch in debian/watch. But I agree it is pretty stationary code either way.
<roaksoax> Daviey: and thanks!
<resno> RoyK: no unraid for you lol
<zul> jamespage: im sitting on libvirt 0.9.13 btw
<jamespage> zul, coolio - I think that gives us ceph authenticated block access
<smb> zul, breeding?
<zul> smb: ?
<zul> smb: exactly
<smb> Just imagined you sitting on the package keeping it warm. ;)
 * smb wonders how zul speaks without being present...
<JanC> I suggest you turn join/leave messages on  ;)
<ahs3> well, duh, zul's a demi-god.  of course he can speak without being present.
<zul> hallyn: i applied the random libvirt-lxc segfaulting patch to libvirt and still get the same thing
<hallyn> zul: drat.  (i'm still waiting for mine to finish building)
<zul> hallyn: http://paste.ubuntu.com/1086274/
 * hallyn shakes his head - traffic to archives is painfully slow right now for me
<zul> hallyn: it just cant find veth
<hallyn> zul: are you sure you quilt push'd the patch?  bc it's fixed here
<hallyn> mind you in ppa i had a test case failure for i386, something to do with initrd, but i'm going to have to hope that's a ppa-only problem bc nothing i changed should have caused that.
<hallyn> zul: (back in a bit, lemme know...  it'd be very weird if it worked for me but not for you)
<jsnapp> smoser, if i have a multi-part cloud-init user-data can i specify the order things get run?
<smoser> what things?
<jsnapp> smoser, for example can i have a couple scripts run , then cloud-config, then another script?
<smoser> hm..
<smoser> you can accomplish what you want, yes.
<smoser> depending on what you want, bootcmd may be sufficient
<smoser> http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/doc/examples/cloud-config.txt
<smoser> also see Cloud Boothook at https://help.ubuntu.com/community/CloudInit
<jsnapp> smoser, ok, thanks ... what about multiple user-data scripts running at rc.local-like time? do they run in any particular order? such as alphabetical?
<smoser> if you provide filenames, they run in run-parts order
<smoser> C locale sorted order.
<jsnapp> ok, thanks very much
<S0ME1> hello, I am facing issue with ubuntu image desktop via PXE installation
<S0ME1> I am using version 12.04 LTS
<S0ME1> I am using DNSMASQ & atftpd for booting PXE
<RoyK> resno: no, I prefer the real stuff, either linux md or zfs, depending on application ;)
<S0ME1> but once the system booting over the network, they read the preseed.cfg but issues with Packages file missed, I created that file, the 2nd issue say, continue without installing kernel ? .... really strange stuff !
<S0ME1> what is the best way to install ubuntu desktop 12.04 LTS over the LAN?
<S0ME1> any suggestion ?
<hallyn> zul: exaclty what do you mean by 'missing veth'?  can you show 'ls /sys/class/net'; 'ip link add type veth'; 'ls /sys/class/net' output?
<zul> hallyn: gimme a sec rebooting
<zul> hallyn: well manually it works: http://paste.ubuntu.com/1086402/
<hallyn> zul: can edit that domain, get rid of the 'target dev=veth0' and 'mac address=' lines, and see if that helps?
<zul> hallyn: sure
<hallyn> the 'target dev=veth0' *should* only be there while it's running, hopefully
<hallyn> note, i don't expect that to help, just want to verify
<RoyK> looks like the next few servers I'll be setting up at work, will be on centos, because ubuntu doesn't have ovirt :(
<Daviey> RoyK: if you do try oVirt on Ubuntu, i'd like to know how it goes.
<hasdf> is there any control panel which supports lighttpd?
<Daviey> hasdf: gnome-terminal is one, putty is another.. there are a few.
<RoyK> bug 337976
<uvirtbot> Launchpad bug 337976 in ubuntu "[needs-packaging] Package Redhat's oVirt for use on Ubuntu" [Wishlist,Confirmed] https://launchpad.net/bugs/337976
<zul> hallyn: no dice
<hallyn> now that's unrelated to the new 'ovirt' effort right?
<RoyK> Daviey: after browsing this http://www.ovirt.org/wiki/Ovirt_build_on_debian/ubuntu I don't think I can give my boss a good reason for choosing ubuntu for this system
<RoyK> hallyn: why?
<RoyK> hallyn: are there any new ovirt efforts ongoing in debuntu land?
<hallyn> RoyK: http://www.theregister.co.uk/2011/09/23/ovirt_red_hat/
<hallyn> dannf: were you the one who knows a bit more about (the new) ovirt?
<Daviey> RoyK: we were more involved initially, but really decided to consecrate our effort on IaaS
<hasdf> Daviey, I mean control panels like webmin, cpanel etc
<RoyK> hallyn: both link to ovirt.org
<hallyn> hmm
<RoyK> hallyn: the fancy windows frontend isn't interesting
<hallyn> ok, i thought it had a new code base for some reason.  parently not
<RoyK> the failover parts in ovirt *is* interesting
<RoyK> but then - perhaps I'll just setup KVM with shared storage on GFS2 and do some hacking - possibly more fun :D
<hallyn> zul: looks like 0.9.12-0ubuntu5 has built but not yet been published...  come on...  come on...
<zul> hallyn: im going to finish what im doing here then i can grab the source and build it myself :)
<hallyn> zul: the advantage of the archive is the -dbg packages :)
<zul> right nm then :)
 * RoyK wonders if vbox can handle sharing disks....
<Pupeno_W> How do you disable upstart services?
<RoyK> !upstart
<ubottu> Upstart is meant to replace the old Sys V Init system with an event-driven init model.  For more information please see: http://upstart.ubuntu.com/
<hallyn> RoyK: it sounds like you're doing something interesting.  might be fun to post goals to ubuntu-server and get some more ideas.  For instance i think SpamapS has some experience with all the cluster/cloud-fs's
<RoyK> hallyn: will do - just need to discuss it a bit at work first
<hallyn> cool
<RoyK> but I guess we'll start off with two pizzaboxes and a shared piece of disk on the SAN
<SpamapS> Pupeno_W: natty and later, do 'echo manual >> /etc/init/$jobname.override'
<Pupeno_W> SpamapS: interesting. Thanks :)
<RoyK> SpamapS: do you have much experience with shared filesystems like GFS or OCFS?
<SpamapS> RoyK: yes, my experience with both was to give up and buy a NetApp
<RoyK> how did that make things better?
<SpamapS> RoyK: they are very old-world.. very fussy, and IMO, SAN shared FS's are a money and time sink
<RoyK> tried v2 of them as well?
<SpamapS> RoyK: the NetApp always worked.. even tho we had to find all the flock()'s and turn them into fcntl locks.. that was nothing compared to trying to tune GFS
<SpamapS> no this was maybe 8 years ago
<RoyK> a few things have happened since then ;)
<SpamapS> RoyK: in fact the netapp was eventually replaced by a couple of commodity servers running Linux NFS once we made our code behave and realized we didn't even need the netapp.
<SpamapS> RoyK: this was with *billions* of file operations per hour
<RoyK> SpamapS: so a mere million IOPS? pretty fancy hardware, then ;)
<SpamapS> RoyK: 20 disks in RAID5+0 on a nice external HP RAID (I forget the number.. something-1000)
<RoyK> but probably not a million IOPS
<SpamapS> RoyK: the key was to have 1GB of battery backed cache
<SpamapS> RoyK: I did not say IOPS too.. file operations... not everything made it to disk :)
<RoyK> well, I'll do some testing with vbox to see what happens :D
<RoyK> and tomorrow with some 1U machines struggling to use the same SAN LUN
 * RoyK likes that sort of fun
<hallyn> zul: looking one more time at http://paste.ubuntu.com/1086274/, the missing eth0 looks to still be because the libvirt-lxc driver segfaulted before it created the veth pair.  then the libvirt monitor which is supposed to do brctl addif br100 veth0 fails
<hallyn> zul: what does /var/log/libvirt/lxc/instance-00000001.log show?
<SpamapS> RoyK: Anyway, I've never had a workload which wanted a real SAN.. so perhaps your use case is different. I prefer to encapsulate everything in its own cost pool rather than have a big storage monster. ;)
<RoyK> funny thing is, we already have an ESX setup, but it's drawing too much from the budget, so I've been asked to help setup something with KVM to offload whatever not needing that redundancy ESX can give us
<zul> hallyn: i turned on more verbose debugging: http://paste.ubuntu.com/1086475/
<patdk-wk> royk, ya, esx is nice, but alittle overkill unless you want some kind of ha
<RoyK> I *do* want to do some kind of HA
<RoyK> for instance, I want to move VMs around if they're in the way
<RoyK> that's not HA, but perhaps poor-man's-HA
<zul> hallyn: doesnt seem to be published yet :*(
<hallyn> zul: all right fine build locally ((*&%(*$&%)
<zul> dont worry ill build the debug packages as well
<RoyK> patdk-wk: I misread that - we need HA for pretty much, but we don't need ESX-grade HA for everything, and ESX is rather expensive, so we want a small KVM setup to offload the ESX with the not-so-important-VMs, but even there, we want shared storage, I recommended NFS, but he didn't listen, so we'll try GFS2
<patdk-wk> basically, you just want normal esx HA, but not FT
<patdk-wk> vmotion, restart on host failure, but not 100% uptime requirement
<RoyK> I don't know if we use FT
<RoyK> I just started in this job :)
<patdk-wk> heh
<RoyK> and for what I can understand, there's no current plan of abandoning ESX altogether, but to offload it with KVM for the less important stuff
<patdk-wk> heh, I hope they are using other good features of esx for something then
<RoyK> so do I
<patdk-wk> but then, those features only really come into play with really demanding vm's
<patdk-wk> so maybe that is the goal
<zul> hallyn: well it seems to work, but the domain seems to crash http://paste.ubuntu.com/1086519/ (note: that this is with a precise image)
<RoyK> IIRC FT VMs are rather heavy, so perhaps they want to offload the cluster with taking out the smaller, less important ones to KVM
<patdk-wk> I'm getting ready to setup my first few FT vm's here
<RoyK> what sort of network are you using? 10G or IB?
<patdk-wk> right now, 1g :(
<patdk-wk> the FT vm's might have to wait till the 10g upgrade
<RoyK> not good for FT, or so I've heard
<patdk-wk> ya
<hallyn> zul: ok lemme try a precise container.  (gonna take awhile to create, archives NOT treating me well)
<zul> hallyn: ok lemme try with a quantal container
<RoyK> patdk-wk: perhaps better use IB, might even be cheaper, and for the memory transfer, probably better than 10GE
<patdk-wk> really wish I could use my 8g fc's for it
<patdk-wk> they can't use IB though :(
<patdk-wk> their systems can't handle it
<RoyK> ok
<hallyn> zul: that's libvirtd.log right?  do you have a instance-00000x.log you can pb?
<zul> hallyn:  thats the instance-00000x.log
<hallyn> hm
<RoyK> just use a dedicated FC setup, then - the memory traffic is *heavy*
<hallyn> zul: in what way does it crash?  does the whole domain disappear?  or does it hang and you can't login?
<zul> whole domain disapears
<hallyn> plausible
<hallyn> sigh, i hope i dno't have to weed through the other libvirt-lxc commits t o pick the 'important' ones
<RoyK> patdk-wk: but - why is it their systems can't handle IB?
<patdk-wk> their blades/chassis can't
<patdk-wk> it could do IB or FC
<RoyK> ah
<RoyK> ic
<patdk-wk> but they build everything on fc
<RoyK> but they can do 10Ge?
<hallyn> zul: might be worth switching to 0.9.13 + the init_random patch
<zul> hallyn: agreed
<patdk-wk> ya, the blades already support 10g, just the blade switch needs to be swapped
<zul> i thought the init_random patch already made it in
<RoyK> patdk-wk: if they have dual port, use a dedicated network for the memory part
<RoyK> and thus, a dedicated switch
<patdk-wk> they currently have 2 10g and 2 1g nic's per blade
<patdk-wk> 4 switchs
<RoyK> or at least a vlan if the switch can handle that
<patdk-wk> could do 4 10g ports
<hallyn> zul: can't have, you said yo uhad the same failure with 0.9.13 right?
<zul> hallyn: yeah but i might be on crack now...anyways ill double check, play around with it and upload it on friday
<patdk-wk> ya, if they give me 4x 10g, I'll be dedicated 1 or 2 of those ports for bulk data moves
<RoyK> that is - any switch can handle vlans, but I meant "if the switch can handle both the ordinary traffic and that memory traffic"
<hallyn> zul: wait, what, upload what on friday?
<zul> libvirt 0.9.13
<hallyn> my container should be half debootstrapped...
<hallyn> ok
<zul> i have it already packaged, just need to add one more patch other than the init-random patch
<stgraber> jamespage, ivoks: merged open-iscsi from Debian, our delta is really quite minimal now so it should help keeping on top of the bugs
<stgraber> (took a couple of days to get it done as it was last merged back in Jaunty)
<RoyK> stgraber: jaunty??
<bitmonk> anyone have linux-crashdump / apport working on 10.04? we're trying to gather information on these '200ish days' failures which are affecting our prod infra..
<bitmonk> when i install linux-crashdump, i see that apport fails to start
<bitmonk> doesn't really say much in log, some boilerplate in daemon.log
<bitmonk> which i can paste bin in a sec :)
<kyle__> When you're installing via kickstart, which packages can you safely select for installation?  I tried vim-nox, but it's failing on it.
 * bitmonk thinks ubu+kickstart makes about as much sense as apt on rhel
<bitmonk> just an opinion, of course, but you should take a look at fai.
 * bitmonk is an idiot, enabled=0 in /etc/default/apport of course
<kyle__> bitmonk: fai is more than I need.  and from what I've read, with what I'm doing, kickstart and preseed should be almost identical.  Hell, one requires the other.
<stgraber> RoyK: yeah, nobody really looked after open-iscsi for quite a few years :)
<RoyK> strange thing is that it works...
<RoyK> hopefully also after this upgrade ;)
<stgraber> kinda, I had to add pretty ugly hacks back in 11.10 for it to still let you boot
<kyle__> stgraber: What are people using for iscsi instead then?
<stgraber> kyle__: they are using open-iscsi, that's the scary part ;)
<stgraber> I mean, it works fine as long as you don't use it for your root device
<stgraber> if you use it for your root device, it'll still work but if anything happens on the server, you're pretty much dead
<kyle__> Ooh I see.  I don't know why you'd use iscsi for your root device without an HBA to be honest.
<stgraber> as there's a bug preventing iscsid from starting
<stgraber> some people apparently are doing that ;)
<kyle__> I suppose it would be pretty easy to setup a pxeboot to do it... Ugh.
<stgraber> the new version I just uploaded fixes that bug on top of a lot of others and reduces the delta so much that merging changes from Debian should just be a matter of minutes
<kyle__> stgraber: Most of the root device is really file-level stuff, so NFS would probably outpreform iscsi (software not hba) anyway.
<stgraber> yeah, that's how I've been testing it, PXE setup + iscsi server
 * kyle__ nods
<stgraber> I never liked iscsi to be honnest, if you're into serious storage, just go with a SAN+fiber-channel, sure it's more expensive but it's MUCH faster and usually more reliable
<grendal> has anyone buit dns servers with content filtering?
<patdk-wk> I'm doing iscsi for diskless workstations
<patdk-wk> like it over other models
<grendal> i need something similar to opendns but..well not opendns
<kyle__> grendal: I'm sure lots of people do, but I tend to do filtering at a proxy level.  What are you trying to do?
<kyle__> Ahh.
<kyle__> patdk-wk: Which OS?  How's it preforming?
<patdk-wk> for me? no one has complained, or even noticed
<patdk-wk> right now, the iscsi server has 4 1g nic's, and workstations just have 1g nic
<grendal> got a situation where i have a lot of individual boxes..over 6000 actually.  cant send all their traffic to one server or a cluster even.. need to just block dns requests
<kyle__> stgraber: I can see it's advantages for some things, especially if you need lots of connectivity, and speed isn't the aim.  But for anything I've ever done a well tuned NFS server beats it.  Just what I've done though.
<patdk-wk> using OI comstar for iscsi target
<kyle__> patdk-wk: What OS is on the clients?  Linux? BSD?  windos?
<patdk-wk> mixture
<patdk-wk> mythbuntu at home :)
<kyle__> patdk-wk: And they're all fine with it?  Neat.
<patdk-wk> here at work, win7
<patdk-wk> have 8 of those win7 machines here
<patdk-wk> well, doing iscsi boot
<patdk-wk> the idea is, these machines are more for temp employee/workstations
<kyle__> grendal:Ah ok.  If you want to do it in DNS, I'm pretty sure there are howtos.  Or you could make a firewall rule on the server in question, and deny all traffic that not from where you want.
<patdk-wk> so iscsi makes it easy to snapback changes to redeploy
<kyle__> patdk-wk: cool.
<patdk-wk> also, having the whole disk image able to fit in ram, on the iscsi server, helps make it pretty snappy
<kyle__> Heh.  That's almost cheating.
<zul> hallyn: new libvirt at http://people.canonical.com/~chucks
<punjab> Hi. How to get ubuntu 12.04 settings when installed from minimal netinstall? Things like visible boot process, motd?
<patdk-wk> punjab? heh?
<punjab> patdk-wk: When you install from server iso, there are this little differences
<patdk-wk> yes
<patdk-wk> I just don't see the point
<patdk-wk> the graphical stuff just gets in the way if you have issues
<patdk-wk> or even to let you know what is slowing down the boot
<punjab> Yes a want this, but i install from minimal netinstall
<patdk-wk> I only install from minimal
<hallyn> that's what i most often do
<hallyn> now in taskel you can then select 'ubuntu server image' iirc.  not sure if that ends up same.
 * patdk-wk did his first redhat minimal instal this week, that was a total pain, been too long since I last did one
<punjab> When you login on clean minimal install, then login motd is different. In server minimal install have info about running procesess and system load
<patdk-wk> clean minimal install?
<punjab> yes. Only ssh selected
<patdk-wk> I'm confused by your two different minimal installs
<patdk-wk> I only know of one
<punjab> One from oficiall ubuntu server iso another from minimal iso: https://help.ubuntu.com/community/Installation/MinimalCD/
<patdk-wk> ya, would have to compare the preseed files on those two different images
<patdk-wk> I always use the server iso these days, since it's easy to mount iso in vm
<patdk-wk> used to pxe boot install everything
<punjab> I dont expect difference, so i install from minimal.iso... Now i must configure this things manually
<punjab> Something like ubuntu-server package with server settings will be fine
<zul> hallyn: so i almost have libvirt-lxc working again on quantal, i supect i need to backport one more patch
<hallyn> which?
<zul> http://libvirt.org/git/?p=libvirt.git;a=commit;h=60687546705bab38bd5245713601b717b9b16c9d
<hallyn> oh, yeah
<hallyn> though i still maintain they start all right for me <shrug>
<zul> on 0.9.13?
<hallyn> zul: no on 0.9.12-0ubuntu5
<S0ME1> anyone can help me plz?
<genii-around> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<S0ME1> I am working on PXE installation for Ubuntu 12.04
<S0ME1> and I faced this error "The installer cannot find a suitable kernel package to install"
<S0ME1> any advices ?
<S0ME1> hellp!
<S0ME1> hello!
<genii-around> S0ME1: Where is your installer getting it's deb files from?
<S0ME1> genii-around: from my own mirror
<S0ME1> I just rsync the CD file under my web server
<S0ME1> file=files
<genii-around> S0ME1: So you've added some option to your dhcpd.conf like next-server <IP-of-your-mirror-here>  ?
<S0ME1> genii-around: I am using DNSMASQ
<genii-around> Hm
<S0ME1> managing TFTP & DNS & DHCP
<genii-around> S0ME1: What is the tftp line on your server which is loading the kernel?
<S0ME1> genii-around: if install the ubuntu server using CD manual, it is working well but over the network I got this error ""The installer cannot find a suitable kernel package to install""
<S0ME1> genii-around: what do you mean please ?
<genii-around> Hm
<genii-around> S0ME1: So right now when you boot the remote machine, it starts to load it's first part but then stalls during boot?
<S0ME1> it is working
<genii-around> S0ME1: What do you have in /var/lib/tftpboot/   ?
<genii-around> eg: What are the contents of your pxelinux.cfg file
<genii-around> work requires me, returning shortly
<S0ME1> genii-around: juts to boot via my pressed and
<genii-around> S0ME1: In your /etc/dnsmasq.conf what do you have for tftp-root value? And then, wherever that directory is, do you have a netboot kernel in there?
<kyle__> What's the rational for putting ntpdate as the default on ubuntu server instead of ntpd?
<smoser> hallyn, qemu-kvm installation fails if you dont have a kernel module for kvm available.
<smoser> (as the service tries to modprobe and fails)
<smoser> FATAL: Module kvm_amd not found.
<smoser> i do not believe that was the case recently
<hallyn> in q?
<hallyn> smoser: you get that in quantal, not precise, right?
<smoser> quantal
<hallyn> i dunno, debian maintainer wasn't happy with my q package anyway, perhaps i should redo all of it
<hallyn> smoser: thanks i'll fix it
<hallyn> smoser: tbh i don't understand why it sometimes isn't available.  don't all our kernels ship it?
<smoser> -virtual kernel does not have it.
<smoser> and someone's custom kernel might not have had it
<hallyn> smoser: in precise it will also fail if not installed, fwiw
<smoser> hallyn, for some reason i dont think tha tis the case
<hallyn> smoser: i agree i've never seen it happen, but looking at the upstart job, it *should*
<smoser> i'm basically walking through some notes i had done on p
<hallyn> my point being i worry something else may be wrong
<smoser> and i dont have any recollection of it failing ther
<smoser> but it is possible my notes are just bad
<smoser> clearly easy enough to test by launching an instance
<hallyn> no, i don't recall it ever failing in a cloud image in p
<hallyn> smoser: what would you suggest, do 'modprobe || true' or just 'modprobe || {stop; exit 0'}' ?
<smoser> hallyn, i guess || true
<smoser>                 modprobe -b kvm_intel "$KVM_NESTED"
<smoser> that seems evil
<smoser> the right way to do that i would think would be to modify modprobe.d
<hallyn> smoser: fwiw the reason i ignored this before is that we have an upstart job for loading the kernel module, so if loading kernel module fails, it seemed the upstart job should fail
<hallyn> smoser: 'options kvm_intel nested=1', and invite the user to change that if they like?
<smoser> well, yeah, thats what i was saying. doesn't that seem like the more common place to do that?
<smoser> ie, if something else modprobed this, they wouldnt get your settings
<hallyn> sure
<hallyn> just need to learn the debian packaging way to install a modprobe.d file
<hallyn> (will have to wait until next week)
<kyle__> dpkg-reconfigure mdadm offers you the choice of booting with a degraded raid, or not.  But it doesn't seem to be putting bootdegraded=true into the grub config.  Where's the "right" place to put that manually?  /boot/grub/grub.cfg is auto-generated durring updates, right?
<guntbert> kyle__: /etc/default/grub
<kyle__> Thank you.
<guntbert> kyle__: you're welcome :) and dont't forget to run sudo update-grub afterwards
<kyle__> guntbert: This was getting really frustrating I'll tell ya.
<kyle__> Now to check to see if that's a known bug.
<kyle__> Yea, new bug.
<hilarie> Hello!
<hilarie> I have a ubuntu server (12.04) with 2 nics, 1 nic is wan, the other is lan, how can i turn ssh off for the wan? (eth0)
<genii-around> hilarie: You mean have the ssh server only running on the lan for people to ssh in, or you mean to prevent people from ssh-ing out to the internet at large?
<hilarie> Prevent inbound SSH traffic, I.E. I think I want to close port 22 on the wan? I am not sure, I don't want anyone to be able to SSH the server from wan
<genii-around> hilarie: You can set in sshd_config to only listen on whatever IP only ( so the lan one only ) ... i think is the ListenAddress variable
<hilarie> genii-around, Thank you!
<genii-around> If traffic is going through a router already, probably not really a concern unless that machine has an IP directly on the internet, or is in the DMZ, or port 22 is forwarded
<genii-around> hilarie: np
<hilarie> genii-around, it isn't protected by a NAT
<hilarie> its Modem----->server----->wifi router-----> other stuff
<genii-around> hilarie: Ah, then yeah
<hilarie> would rather block the WAN then have to play around with disabling the p/w
<genii-around> ( if server is doing the ISP auth )
<hilarie> The ISP multicast for IPTV destroys the wifi router
<hilarie> genii-around, this looks like the command
<hilarie> 		   ListenAddress host|IPv4_addr:port
<hallyn> stgraber: bzr+ssh://bazaar.launchpad.net/~serge-hallyn/ubuntu/quantal/lxc/lxc-api-getconfig/ is working for me
<hallyn> stgraber: give it a spin
<hilarie> do I include the |  ?
<genii-around> hilarie: Yes. So you can also put there some non-standard port too if you liked on the same line
<hilarie> so ListenAddress host|LANIP:22    ?
<genii-around> hilarie: If no port specified then 22 is assumed
<hilarie> genii-around, Your a gentleman and a scholar, thank you!
<genii-around> hilarie: Well, one of those two anyhow! ... don't forget to restart sshd after of course...
<hilarie> thats the sudo /etc/init.d/ssh restart
<hilarie> right?
<hallyn> stgraber: all right, never mind.  i have some fine-tuning to do
<genii-around> hilarie: I can't remember if upstart job or no for that yet
<genii-around> ( might be sudo start sshd ...instead)
<hilarie> Yeah, everytime I do /etc/init.d/ stuff, it yells at me about an upstart job, what is that?
<genii-around> hilarie: init.d/contents are linear-loading type startup scripts... init/scripts are those for upstart which loads what it can in parallel
<genii-around> hilarie: The old way is being migrated, etc
<hilarie> I think I get it... if it yells at me about it, you can just go sudo start *stuff*
<genii-around> hilarie: Well, /etc/init.d/name stop first.... but yeah
<hilarie> without the /etc/init.d/*stuff* *start/restart/stop*
<genii-around> hilarie: If the app only has old one in /etc/init.d/    you can still go through upstart with sudo service old-name start
<hilarie> Port 22 is closed on MyIP :)
<hilarie> From a security standpoint, its not a big deal that the BIND9 has port 53 open on my WAN port right?
<genii-around> hilarie: Not sure there, but every closed port helps
<hilarie> It's the only open one on WAN :)
<genii-around> hilarie: If you're extremely worried about attacks there, you could even compartmentalize port 53 into a virtual machine that can't compromise anything else
<hilarie> I was just reading about bind9, and its so simple, and well devoloped, there are no known vulnerabilities
<genii-around> hilarie: If you search for bind9 and exploits I'm sure there's probably a few
<hilarie> Bleh, your right!
<hilarie> All ports closed or Stealth!
#ubuntu-server 2012-07-12
<mgi> Hi, I am trying to set up a cluster of nodes using MAAS and juju, and I'm at the point of doing "juju bootstrap", which seems to work. However, "juju status" complains about an invalid SSH key. I have researched all I can on the net, there doesn't seem to be much out there. I guess the first question is: how can I log into a freshly installed MAAS node? SSH or local, I don't mind.
<mgi> (I have also set a password for the 'ubuntu' user in /var/lib/cobbler/kickstarts/maas.preseed but I don't know if this is working, as I am unclear on the order of when things run)
<hilarie> How can I modify kittenwar (/sbin/iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -j DNAT --to-destination 64.111.96.38) to only effect IPs above 192.168.1.15?
<al_nz1> HI guys
<al_nz1> could someone please help with a apache2 problem. I think for starters I need to know what file to modify for document root?
<al_nz1> and httpd.conf doesnt seem to be the right file?
<mvp> you mean to set document root or to edit current document root file
<al_nz1> to edit document root. I need to point it to a diff dir
<al_nz1> I have got : http://pastebin.com/xWBNGq4C
<al_nz1> Or even more info : http://pastebin.com/p7ShTPwW
<mvp> httpd.conf should still be valid in 12.04, although it is empty by default
<greppy> al_nz1: https://help.ubuntu.com/12.04/serverguide/httpd.html may help
<al_nz1> I think I am a bit confused, there seems to be httpd.conf and also /sites-available/default
<greppy> al_nz1: yes.
<greppy> by default, nothing is in httpd.conf
<al_nz1> greppy: yes, but as you can see from my pastebin (the second one at least) I have added some info to httpd.conf and tried to restart apache but get an error
<greppy> the current best practice is to specify each vhost/domain in it's own configuration file in sites-available/ and then create a symlink to the file in sites-available in sites-enabled
<al_nz1> ...see bottom of pastebin
<al_nz1> greppy: hmm, ok. Tho there will only ever be one site on this PC
<greppy> ummm
<greppy> it complains that Action doesn't make any sense.
<al_nz1> greppy: which could be because I shouldnt have edited httpd.conf but apache2.conf instead?
<al_nz1> The instructions are located at www.mobotix.com/eng_GB/file/2431175/readme_en.txt
<al_nz1> but they relate to Apache on windows :-
<al_nz1> :-(
<greppy> it looks like you need to enable a module for action to make sense in the config
<al_nz1> greppy cgi is enabled by default
<greppy> al_nz1: in that link there is a line loading mod_actions.o
<al_nz1> greppy: which link?
<al_nz1> the link at www.mobotix.com? or the pastebin?
<al_nz1> greppy: here is a list of mods enabled
<al_nz1> http://pastebin.com/stqKYTiF
<mgi> I have an question which is orthogonal to my last: what is the best solution in ubuntu for imaging a cluster of machines? i.e. set up a golden image, then farm that off to a bunch of blades (with the relevant sections modified, such as NIC information, etc.)
<greppy> al_nz1: the mobotix
<mgi> an = a
<al_nz1> greppy: is that the line Action       mxremotepreview /cgi-bin/MxRemotePreview.cgi.exe
<greppy> al_nz1: based on the error message, you need to find the module that provides action.
<greppy> al_nz1: yes, that is the line that it is complaining about.
<greppy> The error message "Syntax error on line 4 of /etc/apache2/httpd.conf" is a pretty obvious clue :)
<al_nz1> greppy: for sure, though I was wondering if it was generating a error due to something on the previous line
<glosoli> I have some account at Ubuntu server, how do I check my rights to File System ?
<al_nz1> so, by the look of google apache2 modules are loaded with sudo apt-get, but how do I work out the module name?
<greppy> al_nz1: the module you need, according to the documentation that you are working from is mod_action.o
<al_nz1> sure, but the sudo apt-get install mod_action.o doesnt auto complete or work
<greppy> al_nz1: right.  apt-cache search mod_action may find what you need. I have never used mod_action or tried to install it.
<al_nz1> parser3-cgi - Parser 3, HTML-embedded scripting language (CGI binary)
<al_nz1> php5-cgi - server-side, HTML-embedded scripting language (CGI binary)
<al_nz1> are the two results?
<greppy> al_nz1: looks like it.
<al_nz1> greppy: ok, idiot alert here. how do those results help me install mod_action.o ?
<greppy> al_nz1: I won't be able to give you step by step instructions on how to get this working, I'm just pointing you in the direction that may find your answers.
<al_nz1> greppy: definitly appreciated!
<greppy> al_nz1: if you install one of those packages, it may provide that module.
<al_nz1> right!
<greppy> al_nz1: apt-cache show parser3-cgi
<greppy> read what it tells you about the module.
<greppy> errr, not module, package :)
<mgi> For what it's worth:
<mgi> mgi@queeg:~$ ls /etc/apache2/mods-available/actions.*
<mgi> /etc/apache2/mods-available/actions.conf  /etc/apache2/mods-available/actions.load
<mgi> You should just need to enable it, assuming that's the same module you need.
<al_nz1> mgi: seen those, how do I enable them?
<mgi> sudo ln -s /etc/apache2/mods-available/actions.load /etc/apache2/mods-enabled/
<mgi> sudo ln -s /etc/apache2/mods-available/actions.conf /etc/apache2/mods-enabled/
<greppy> or use sudo a2enmod
<mgi> Then reload apache.
<mgi> Or that :)
<mgi> Sorry, I'm used to doing it that way.
<al_nz1> mgi: ln -s - that creates a sym link right?
<mgi> Correct, but do it greppy's way instead.
<greppy> the nice thing about just using 'sudo a2enmod' is it will list what mods are available on the system.
<glosoli> Any ideas what can be the command for export Mssql from Ubuntu Server ?
<glosoli> I mean there is running mssql in ubuntu server, I want to export some db of it
<mgi> glosoli: mssql? Or MySQL?
<glosoli> "unixODBC 2.2.11"
<glosoli> mssql
<al_nz1> well, I think it got it going....http://pastebin.com/2FSxWyze
<al_nz1> brb....
<al_nz1> back
<RoyK> glosoli: use freetds to connect to mssql
<RoyK> how to dump a db from there, I really don't know
<glosoli> RoyK: There is a problem, I have access to server, but I don't know addresses and ports or name of that mssql database
<RoyK> glosoli: then ask the mssql sysadmin ;)
<glosoli> Would be hard to get the contacts of one, but still worth trying then
 * RoyK has no idea whatsoever how to find that info from sqsh
<grendal> this is making me crazy...
<grendal> and thats not good
<grendal> so i got this script i wrote in php   and it works great..so great that, well we wound u using the hell out of it.  thing is we trigger it with cron.  and...we need it to run more frequently then every min
<rbasak> jamespage: I've just checked openmpi status for quantal. Debian have merged our changes and uploaded an openmpi1.6, which we have autosynced (awesome and lots of thanks to Sylvestre!). So I presume I should file a removal request for openmpi1.5, now that it is superceded? Do we need a transitional package to upgrade people more smoothly?
<rbasak> jamespage: second, I have a request to put openmpi1.6 in precise-updates. I take it that this is a no-no and I should point to backports?
<slg> hi there, i hope someone can help me, i need a init script to start two processes at startup with stop start restart funtkions. Here my first attempt, i have not tried the script yet and i am a noob. http://pastebin.com/c112RR5M
<snitride> Hi there, maybe someone can help me with a shellscript i am trying to modify, it should run two processes as daemons on system init, http://pastebin.com/xwkSF1pa would this work? Also i should mention i am a absolute newbie with shellscripts..
<zul> good morning
<jamespage> rbasak, yes - you should raise a bug for the AA team to get it removed (q 1)
<jamespage> q2 as its a new package its not appropriate for -updates - and I think backports does not do new packages either - but I would defer as I've never done one
<till__> i seem to have a huge issue with landscape-related scripts on 10.04.4
<till__> whenever i try to login, update-motd scripts are run
<till__> which end up being zombies
<till__> and block my login
<till__> i can't figure out why they would block
<till__> because i can run these scripts interactively
<till__> here is my login attempt (which on the client hangs at 'entering interactive session'):
<till__> https://gist.github.com/3097944
<till__> this is on the server in question
<till__> when i kill the python script running my login completes
<nandersson> Hi, is ubuntu-alternate together with Debian Installer and Preseed the most efficient way to do unattended installations? An installation takes a lot longer than a normal installation. Wouldnt it be smarter to do a template that one distribute out by a simple ncat and dd?
<rbasak> nandersson: you can do that if you wish, but you do need more inside knowledge of what you need to change to make each machine unique (eg. hostname, but there is more).
<nandersson> rbasak, I only know about /etc/hostname, /etc/hosts and /etc/udev/rules.d/70-persistent-net.rules
<rbasak> nandersson: the maas project will probably switch to this, and should be the easiest way to manage this stuff in future
<rbasak> nandersson: off the top of my head, that should be sufficient. But I might be missing something, and depending on what other packages you install, more may be required.
<rbasak> nandersson: if you just want a base image to then install more packages later, look at ubuntu core
<nandersson> rbasak, cool! Where can I find information about this maas-project?
<rbasak> nandersson: https://wiki.ubuntu.com/ServerTeam/MAAS/
<rbasak> (first hit on google, which is nice!)
<rbasak> I think they're still using d-i though, but also believe they may be switching to a more dd-style approach soon. Not sure what the roadmap is though.
<nandersson> rbasak, Ubuntu Core as in "Ubuntu Mini Remix"?
<rbasak> nandersson: https://wiki.ubuntu.com/Core
<rbasak> nandersson: but again, you need more inside knowledge to know what to do. Eg. add a user, create /etc/hosts, /etc/network/interfaces, generate locales, etc.
<rbasak> basically everything the installer normally does
<ironm> hello. I have prepared a local repository for off-line installation of MariaDB 5.5.25 on ubuntu-server 12.04 - http://rsync.it-infrastrukturen.org/public-mariadb/ubuntu/mariadb-5.5.25-ubuntu-12.04-repo.tgz and wrote some description how to use it - http://rsync.it-infrastrukturen.org/public-mariadb/ubuntu/mariadb-ubuntu-local-repo.pdf
<ironm> further I have prepared a script and some config file examples for running mysqld_multi on ubuntu-server 12.04 and box with multiply ethernet interfaces - http://rsync.it-infrastrukturen.org/public-mariadb/ubuntu/mysqld_multi_install_db_files.tgz. It would be great if I could get some feedback. Thank you in advance ;)
<nandersson> rbasak, Yeah, but those are basically the same if you have ldap-auth
<xfxchilde> Current mood: Blow torch + MAAS = Raving lunitic with a smile =DD =/
<xfxchilde> Morning :)
<xfxchilde> Anyone here try MAAS yet?
<jamespage> smoser: around?  12.04.1 meeting in 35 mins and we have not looked at that list yet
<andygraybeal_> i'm tryign to add a serial number to my harddrive with libvirt/kvm and i'm running ubuntu 10.04 w/ libvirt 0.7.5  - i'm adding the <serial>WD-WMAP9A966149</serial> tag in the .xml file and redefining the vm, but i cannot see the serial with either "ls -l /dev/disk/by-id/virtio-WD-WMAP9A966149"  or "hdparm -i /dev/vda"
<andygraybeal_> does anyone have any suggestions?
<smoser> jamespage, sure.
<jamespage> smoser, do you have the official link
<smoser> https://wiki.ubuntu.com/PrecisePangolin/12.04.1
<smoser> (see bug lists there)
<smoser> http://status.qa.ubuntu.com/reports/kernel-bugs/reports/rls-p-tracking-bugs.html is what  was mostly going by
<jamespage> smoser, yep - thats the one
<smoser> jamespage, ok. so how do you want to do this.
<jamespage> smoser, I was just thinking
<jamespage> smoser, the biggest lists are juju and maas
 * jamespage puts them to one side for the moment
<smoser> yeah. on that list, there are only like 2 that are not juju/maas.
<jamespage> smoser, I think the couchdb stuff is done
<jamespage> smoser, couchdb is in universe and kombu only suggests it now
 * jamespage marks as fix released
<till__> does anyone have any thoughts on my issue?
<till__> it seems like update-motd is ran each time i log into a server
<till__> and even though i purged the package
<till__> it still happens
<till__> and i can't figure out where this is triggered
<jamespage> smoser, actually no its not -looking at the wrong packages
<jamespage> smoser: are we really likely to make such a wide impacting change in 12.04 now?
<smoser> jamespage, that is strange.
<jamespage> smoser, I think those are a 'Won't Fix'
<jamespage> I don't believe they are suitable for SRU
<smoser> well, it would be a funny definition of "5 years support" if that included "5 years of support unless we move the package to universe"
<jamespage> agreed - marking 'Won't Fix' then
<smoser> alright. then we're down to maas, juju, openstack (python-eventlet, keystone)
<smoser> so i think we need to somehow address the growing urgency of 12.04.1 with maas and juju teams.
<jamespage> smoser, agreed
<smoser> at least press a decision has to be made to get them off the list one way or another.
<smoser> other bug list?
<jamespage> I guess SpamapS is the go-to for juju; is roaksoax the right person for maas?
<jamespage> at least as the rep in the team who's most likely to work on them....
<jamespage> arosales has already tasked SpamapS, m_3 and jimbaker with reviewing the juju ones
<smoser> yes, roaksoax is best contact ther. and i can agree to help him address the list.
<jamespage> smoser: OK - so if you pickup with roaksoax on the maas one's I'll hassle SpamapS et al to review the rest
<jamespage> smoser, I also see some stuff on http://people.canonical.com/~jamespage/server-sru/precise-sru.html
<jamespage> specially anything assigned to ubuntu-server or canonical-server
<smoser> what criteria makes the make the james page list?
<till__> is there a better place to ask about landscape and update-motd?
<smoser> targetted to precise.
<jamespage> smoser, server-team subscribed to the package for bug reports, targetted and accepted to precise
<smoser> till__, you can ask. there are some landscape people here.
<till__> i asked a couple of times, no one seems to reply ;)
<xfxchilde> till__, id love to help but i'm unsure =/
<till__> yeah, me too
<till__> it took me a few hours to get this far
<xfxchilde> I've been working on MAAS for about 5 1/2 hours, i'm about to give up myself.
<xfxchilde> I think im going to give up o.0 lol
<jamespage> smoser, OK - I had a quick scan
<jamespage> the cobbler one worries me
<jamespage> bug 858867
<uvirtbot`> Launchpad bug 858867 in cobbler "XMLRPC  allows unauthed users access to various methods (which it shouldn't) " [Medium,Confirmed] https://launchpad.net/bugs/858867
<jamespage> as I don't know how much we can really do about it
<hallyn> hm, what's happened to python-software-properties->add-apt-repository ?
<jamespage> rbasak, could you take a look at the comments on bug 988819 please
<uvirtbot`> Launchpad bug 988819 in mod-proxy-html "[SRU] wrong path to libxml2.so.2 in mod_security - broken by multiarch enabled libraries" [Undecided,Confirmed] https://launchpad.net/bugs/988819
<jamespage> hallyn, try python3-software-properties
<hallyn> oh ffs
<jamespage> lol
<jamespage> hallyn, I think that might be a bug but I'm no expert....
<till__> i wish i could figure out how to hook into run-parts
<till__> to get a log of some kind
<hallyn> jamespage: thanks, it'll get me off and running, then i can look into whether there's a bug :)
<hallyn> (first i gotta get a set of tests rolling for zul)
<zul> <senior burns>excelente</senior burns>
<till__> would anyone know which 'event' triggers 'run-parts' to run when a user logs in?
<hallyn> jamespage: no, actually python3-software-properties still doesn't have it.  (done by hand for now, will look into it)
<jamespage> hallyn, software-properties-common maybe
<hallyn> jamespage: looks like, as I see
<hallyn> debian/software-properties-common.install:usr/bin/add-apt-repository
<hallyn> so i guess it's really a bug in command-not-found
<till__> for anyone interested, here is my journey and a solution: http://askubuntu.com/a/162373/11244
<hallyn> (can't confirm until my other apt-get finishes)
<till__> now trying to figure out how to get rid off this when i bootstrap an instance on ec2 =)
<jamespage> hallyn, that gets updated periodically so may be out-of-date for quantal
<hallyn> jamespage: oh is that done automatically?  I see it sits in a 'scan.data' file :)
<hallyn> nm i guess
<rbasak> jamespage: I lost connection, not sure if you got this
<rbasak> <rbasak> jamespage: I've added a comment
<rbasak> I'm not sure if I need to do anything more?
<jamespage> rbasak, I think the approach to the SRU needs to be re-considered
<jamespage> but lets see what response your comment provokes
<zul> hallyn: how is it looking?
<hallyn> zul: tests are running...
<hallyn> should be awhiel yet
<zul> hallyn: ok...i have to wire up the cpu_arm stuff in our libvirt as well
<hallyn> zul: qa-regression-tests test-libvirt.py passed
<zul> hallyn: cool...ill just wire this up and ill upload
<hallyn> sweet
<hallyn> no shutdown support yet :(
<zul> for lxc?
<hallyn> yeah
<zul> http://libvirt.org/git/?p=libvirt.git;a=commit;h=97d7f02dcc4848f5f7a64ecd5b32c9beffb7f359
<zul> but i think it might be apart of the lxc-reworking
<hallyn> zul: it still unconditionally (even in git head) drops CAP_SYS_BOOT
<zul> yep
<hallyn> so no way can shutdown work in the container
<hallyn> or reboot
<zul> *sigh* :)
<hallyn> zul: when you see a WIFSIGNALED(status) check under that waitpid, then they're trying reboot support
<rbasak> SpamapS: do you have any experience with backports? Would openmpi1.6 be a suitable candidate for precise-backports? precise has openmpi1.5 (source package); in quantal we're dropping that and openmpi1.6 from Debian has already synced.
<ScottK> rbasak: Would it be a new package in precise then?
<rbasak> ScottK: technically, yes.
<ScottK> What do you mean by technically?
<rbasak> ScottK: it would supercede openmpi1.5 in precise
<rbasak> (but we don't need to remove openmpi1.5 from precise)
<ScottK> How would it supersede it?  Does it provide the same binary packages?
<rbasak> No, it provides a separate set of binary packages.
<rbasak> But it's based on the same upstream (just different upstream releases)
<rbasak> It's a library, hence the version number in the package name
<rbasak> No reverse depends. In Precise, all openmpi depending packages depend on openmpi (no version in name) which is 1.4
<rbasak> Reason for 1.6 is improved ARM support
<rbasak> Does that make sense?
<rbasak> ScottK: is a new package a problem?
<ScottK> No.  New package is totally easy.
<ScottK> As long as it's tested, it's a great candidate for backport.
<ping__> hy
<rbasak> Great, thanks.
<SpamapS> jamespage: re juju bugs, I'm going to comb through them today
<jamespage> SpamapS, that would be fantastic!
<jamespage> SpamapS, be harsh - if we are not ever going todo something please mark won't fix  :-)
<jamespage> and feel free to bump anything that def won't make 12.04.1 to 12.04.2 or later
<SpamapS> jamespage: indeed, I think there are maybe 2 or 3 things we'll fix in the next upload to precise-propsoed and the rest will get bumped
<jamespage> SpamapS, ack - please re-target as appropriate...
<jcastro> SpamapS: Does this bug exist? http://askubuntu.com/a/162373 if not, what package should it be reported against?
<jcastro> basically pretty motd makes things slow
<SpamapS> jcastro: I think thats a bug in landscape that may be resolved in 12.04
<jcastro> ok, /me investigates
<jcastro> thanks
<jamespage> adam_g, I assigned you the SRU for openvswitch - hope that was OK - looked like you already had it in hand
<adam_g> jamespage: yes, cool
<jamespage> adam_g, nice one
<adam_g> jamespage: i actually pinged dan out of band about getting the bug updated with the proper SRU template, and i would prepare the package for -proposed.  im sure he and his tema know more about the issue and regression potential than me
<jcastro> SpamapS: found it: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/805423
<jcastro> thanks
<uvirtbot`> Launchpad bug 805423 in pam "pam_motd needs a module option to disable in-line dynamic updates" [Medium,Fix released]
<jcastro> not a decent tradeoff imo,
<blitzkrieg766> should i enable any automatic updates during install? and if so, why?
<blitzkrieg766> all, just security, or none?
<genii-around> blitzkrieg766: Usually security is good
<blitzkrieg766> danke
<zul> hallyn:  0.9.13 uploaded
<hallyn> zul: rockin'
<RoyK> http://paste.ubuntu.com/1088463/ <-- I thought the RAID had died, five drives died after a VERY BAD PSU, but the ones that mattered, survived \o/
<hallyn> stgraber: ok, at this point lp:~serge-hallyn/ubuntu/quantal/lxc/lxc-api-getconfig is working with c->get_item and c->clear_item.
<hallyn> stgraber: get_item(lxc.cgroup) is not yet implemented (will return -1)
<hallyn> stgraber: that is one remaining to-do, the other is to have c->load_config() clear out any already-loaded configuration.  (unless you think we shouldn't?)
<hallyn> stgraber: if lxc-api-getconfig works for you, either let me know and i'll push it into the main api branch, or you can just grab my 0094 patch which includes everything
<stgraber> hallyn: I can see some benefits of not clearing the config on load_config(), mostly if you want to stack a bunch of configs, though I suppose clearing by default makes sense
<stgraber> hallyn: would adding a parameter for that work for you?
<stgraber> hallyn: or alternatively make load_config() never clear the config and support clear_config() to flush everything
<hallyn> stgraber: hm, let's leave it as is then.
<hallyn> stgraber: a clear_config(0 will be good,
<hallyn> i just need to check what else i need to clear besides what i already support with clear_config_item()
<hallyn> but so you don't need that right now?  (i was getting doubled-up configurations in my test case, which made my test case counting nics returned by get_item("lxc.network") fail :)
<hallyn> and, separately, do you need get_item(lxc.cgroup.whatever) right now?  If not i'd like to wait on that
<hallyn> in other words, i'd like to be done and let you use it for a while :)
<stgraber> hallyn: I'll have to look at the branch. I need a way to access the value of a lxc.cgroup... entry, though not its live value (from /sys/fs/cgroup) yet
<stgraber> so far I've been lucky enough not to get in a case where multiple load_config would break the world for me, but I can certainly see this happening so it's certainly going to be on the list of things we need to have before pushing upstream (or in Ubuntu)
<hallyn> stgraber: hm, ok.  then maybe a 'get_item("lxc.cgroup.devices.allow")' will suffice, and be easy enough to do
<stgraber> hallyn: that's why I made the distinction between (get/set/clear)_config_item and (get/set)_cgroup_item in my mail ;) the former only deals with the lxc config without doing any live change, the later only deals with the live values without touching the config
<hallyn> stgraber: ok, lemme whip that up then
<hallyn> then i'll check it into your branch
<stgraber> cool, thanks
 * stgraber gets back to reviewing the 120 bugs targeted for 12.04.1...
<hallyn> chao
<hallyn> <blink> that doesn't look right :)
<hallyn> i guess i'm hungry.  more chow.
<stgraber> jamespage: looking at bug 944546 shouldn't that be moved to precise-updates?
<uvirtbot`> Launchpad bug 944546 in libcommons-cli-java "StringIndexOutOfBoundsException in HelpFormatter.findWrapPos" [High,Fix released] https://launchpad.net/bugs/944546
<stgraber> jamespage: it's currently targeted to 12.04.1 but you marked it incomplete as it's not clear it's actually a problem with anything in the archive
<stgraber> (in such case, the priority should probably be changed to something lower than high)
<blitzkrieg766> when I try to add a windows xp box to a domain i just created, it says "user not found" what am i doing wrong?
<blitzkrieg766> ubuntu server 12.04
<RoyK> blitzkrieg766: samba domain?
<blitzkrieg766> yes ROYK, samba domain
<blitzkrieg766> i think somehow i've screwed up the permissions,
<RoyK> never tried samba domains, sorry
<blitzkrieg766> bummer
<blitzkrieg766> lo
<blitzkrieg766> lol
 * RoyK uses windoze machines for that sort of stuff
<RoyK> AD et al
<blitzkrieg766> yep
<blitzkrieg766> thats what i WAS doing.. but i've found this lovely company who stays away from the MS stack if possible
<blitzkrieg766> and... i.... LOVES it
<blitzkrieg766> freebsd as a host, most of the vm's are either freebsd or ubuntu server, it rocks
<blitzkrieg766> ok, another question....
<blitzkrieg766> is there by default a group called "sysadmin" in ubuntu server?
<blitzkrieg766> 12.04
<sw> blitzkrieg766: why, what exactly are you trying to do?
<blitzkrieg766> well, i've setup samba as a DC for windows machines,
<blitzkrieg766> and when I try to add an xp station to the domain, i get a "user not found" error
<blitzkrieg766> i think the group for the user's credentials i'm using is wrong,
<blitzkrieg766> the instructions said I had to also add that user to the "admin" group but there isn't one
<blitzkrieg766> and the page says admin should be there by default,
<sw> $ sudo cat /etc/group | grep sys
<sw> sys:x:3:
<sw> syslog:x:103:
<sw> blitzkrieg766: admin -> sudo now, iirc
<souliaq> the mediawiki package for "precise" is version 1:1.15.5-7. Anyway to get more updated package (1:1.19.x) for 12.04 server?
<blitzkrieg766> sw, ?
<blitzkrieg766> your syntax confuse me a little... i entered that command,
<sw> blitzkrieg766: what command?
<blitzkrieg766> sudo cat etc etc etc
<sw> souliaq: build it? https://launchpad.net/ubuntu/+source/mediawiki/
<blitzkrieg766> i guess what i'm saying is I didn't understand the last part of your instructions
<sw> blitzkrieg766: you mentioned a 'sysadmin' group, so I listed all default groups and searched for ones containing sys showing that there isn't a 'sysadmin' group
<blitzkrieg766> ahhh
<blitzkrieg766> ok
<sw> blitzkrieg766: there used to be an 'admin' group, but that is now 'sudo' if I remember correctly. someone else will confirm
<sw> I remember something along those lines, anyway ...
<jamespage> stgraber, I think you are right - as I got no response from the original reporter....
<jamespage> I'm going to 'Won't Fix' it
<stgraber> thanks
<hallyn> stgraber: pushed to your tree
<hallyn> stgraber: for get_cgroup_item (live values), it might be best to use libcgroup.  hope you're in no hurry, if you are shout.
<hallyn> i also assume you're happy with your python clone for now.  again shout if not
<stgraber> hallyn: yeah, get_cgroup_item isn't high priority, neither is clone() as these should be fairly easy to implement in python (well, clone was at least)
<hallyn> stgraber: wonder how bad it woudl taste to have liblxc link against libcgroup to reuse cgget/cgset.
<hallyn> but, worry about that later.
<stgraber> hallyn: AFAICT libcgroup1 doesn't depend on anything other than libc so it should be a cheap dependency to add to lxc
<hallyn> stgraber: now that libcgroup doesn't introduce its upstart jobs and daemons, yes
<jMCg> byoby-enable enables stuff in my homedirectory, which isn't so nice, because my homedir is on NFS...
<stgraber> hallyn: daemons and upstart jobs that's libcgroup-bin right? we just want libcgroup1, we don't need libcgroup-bin in lxc
<stgraber> hallyn: testing on 12.04, libcgroup1 installs fine and doesn't pull libcgroup-bin, it only contains the library (/lib/libcgroup.so.1.0.37)
<hallyn> stgraber: oh yeah.  i was first thinking of the 'cgget' and 'cgset' binaries, for use by python.  but yeah for the c lib i wouldn't need that.
<stgraber> hallyn: oh right, yeah, for python I'd probably just parse the cgroupfs, I don't like the idea of depending on libcgroup-bin (especially as most of my test machines are 12.04 ;))
<stgraber> jamespage: should bug 920197 be assigned to zul? (for the swift task)
<uvirtbot`> Launchpad bug 920197 in swift "[SRU] webob last stable version 1.1.1 response header bug" [Undecided,Confirmed] https://launchpad.net/bugs/920197
<hallyn> jdstrand: hey.  looking at bug 1015154.  it looks to me like 'fixing' that requires basically giving up on restricting libvirt-qemu at all?
<uvirtbot`> Launchpad bug 1015154 in libvirt "virt-aa-helper refuses to create unix socket for a serial port" [Undecided,New] https://launchpad.net/bugs/1015154
<jdstrand> hallyn: why do you say that? virt-aa-helper 'just' needs to be made aware of the xml and add the path to /etc/apparmor.d/libvirt/libvirt-*.files
<jdstrand> just like we do with the others
<hallyn> jdstrand: oh.  yeah.
<jdstrand> it shouldn't be hard to do (thought it isn't something I can do anytime soon (vacation coming up))
<jdstrand> s/thought/though/
<hallyn> jdstrand: great, thanks.  No I was just thinking wrongly.  Will mark it confirmed/med
<jdstrand> cool
<hallyn> stgraber: for bug 1013549, we really should get the one-line patch from the description into quantal next time we update
<uvirtbot`> Launchpad bug 1013549 in lxc "lxc-clone fails for xfs fs on lvm" [Medium,Triaged] https://launchpad.net/bugs/1013549
<hallyn> hm, well i guess we can't take it as is, but...
<hallyn> lemme just send a patch upstream for now
<stgraber> hallyn: bug 974584 is targeted for 12.04.1 but not assigned to someone, are you the one working on it?
<uvirtbot`> Launchpad bug 974584 in lxc "Semaphores cannot be created in lxc container" [High,Fix released] https://launchpad.net/bugs/974584
<hallyn> stgraber: no.  it's fixed in debian.  nothing for me to do
<hallyn> stgraber: (see my last commen tin the bug)
<stgraber> hallyn: who's taking care of merging the package from Debian, cherry pick the fix and push the SRU to proposed?
<hallyn> stgraber: no idea, i was hoping slangasek would respond
<hallyn> stgraber: i can give them a shot but dont' have upload rights to that one
<hallyn> also there is a pretty wide ubuntu delta, which is intimitading
<stgraber> hallyn: ok, I'll assign to canonical-foundations and bring it up at our next meeting
<jamespage> stgraber, if you don't get a response on bug 993249 this week I'm going to steal it - its a ridiculously easy and low impact fix
<uvirtbot`> Launchpad bug 993249 in activemq "[SRU] activemq fails to start on Ubuntu 12.04" [Wishlist,Fix released] https://launchpad.net/bugs/993249
<hallyn> stgraber: thanks.  if you *prefer* to assign it to me i'll try it on monday.
<stgraber> jamespage: steal all the bugs you want, I certainly won't complain :)
<wedgie> i've got 'up route add -net 10.0.0.0/8 gw 10.0.0.1' in /etc/network/interfaces under the static config for the interface that has that gateway, but when i restart networking (or reboot the server) the route doesn't appear. Where did i go wrong?
<wedgie> pretty vanilla install of 12.04 server
<smoser> hallyn, around ?
<hallyn> smoser: partly (only to d/l sles 10 for a qemu bug reproduce - so laggy network)  what's up?
<smoser> i boot an instance
<smoser> put eth0 on a bridge
<smoser> then try to run a kvm with tap attached to that bridge.
<smoser> using http://smoser.brickies.net/git/?p=tildabin.git;a=blob;f=xkvm;hb=HEAD
<smoser> i'm trying to network boot off of a tftpd that is running in the host
<smoser> where host here means instance
<smoser> :)
<smoser> and immediately it locks up
<smoser> ie, networking dies. reboot brings it back.
<hallyn> smoser: are you on q?
<smoser> that was on q, yes
<smoser> but i assume i'm just doing something stupid
<hallyn> smoser: yeah, come to think of it, maybe
<hallyn> smoser: i'm pretty sure the dhcp request goes to your 'host' dhcp server, which messes you up
<hallyn> smoser: how about creating a br1, starting a dhcp server in a container on there,
<hallyn> and then net-booting the kvm instance from that bridge?
<smoser> thats actually a good solution i think
<smoser> basically, what i was *trying* to do was:
<smoser>  * boot instance
<smoser>  * apt-get install maas
<smoser>  * kvm ....
<smoser> such that the kvm would pxe boot from the maas server on that system
<smoser> (and generally look like a new system to maas)
<smoser> so i think your suggestion of doing the 'apt-get install  maas' inside a lxc container  is quite reasonable.
<hallyn> smoser: yeah so i think something like http://paste.ubuntu.com/1088856/
<hallyn> (you can just 'lxc-console -n maasserv' to install maas and get the ip address)
<smoser> does traffic get out of that network?
<hallyn> smoser: no
<smoser> hm..
<smoser> i would kind of need it to (nat would be fine)
<hallyn> smoser: you can add a second nic on br0 in the container
<smoser> ie, to get to the archive.
<hallyn> (or lxcbr0)
<adam_g> zul: 'round?
<hallyn> smoser: come to think of it, nat won't forward dhcp right?  (i could be wrong)  if so, then you could just use lxcbr0 as usual and hook kvm into that
<smoser> hallyn, right.
<hallyn> smoser: do you only need the open net in the maas container, not on the nodes?
<smoser> but who answers the dhcp on the lxcbr0 ?
<hallyn> your container
<smoser> but who for the first?
<smoser> clearly my container doesn't answer for itself, does it?
<hallyn> oh.
<hallyn> yeah, we have a dnsmasq running for it
<smoser> hm..
<smoser> i have to play with this.
<hallyn> smoser: coudl try http://paste.ubuntu.com/1088862/
<smoser> what does the nat?
<hallyn> iptables
<hallyn> /etc/init/lxc-net.conf
<hallyn> smoser: but using http://paste.ubuntu.com/1088862/ you'd have lxcbr0 available to the container, while kvm insances would only have br1 to the container for dhcp
<hallyn> so the maas container would have to be set up to use eth1 for guests
<smoser> hallyn, ok. i'll have to play with this. thanks though.
<hallyn> smoser: np.  i may have to try it myself, sounds useful.
<smoser> hallyn, so i could just set up a bridge, put the maas lxc container in it.
<smoser> and have it serv dhcp, telling stuff the default route is the "host"
<smoser> or whatever.
<smoser> basically get nat that way
<smoser> right?
<smoser> hm.. hallyn ^
<wedgie> looks like the answer was to move it above the "dns-nameservers" and "dns-search" parameters
<rockets> I just did a ufw default deny incoming, and then ufw allow from MYIPADDRESS
<rockets> and everybody remote can still ping/reach the server
<hallyn> smoser: sorry, my irc window ssh session apparently locked up and it just looked like noone was talking
<hallyn> smoser: but no, i don't think what you're saying is quite wha ti'ms aying
<hallyn> i'm saying, have the maas container have two nics: one on either br0 bridged with eth0, or on lxcbr0 (which is nat'ed to eth0)
<hallyn> the other nic on br1, which is private
<hallyn> then run your kvm VMs with tap on br1 only
 * hallyn out
<hallyn> smoser: (ping if that wasn't clear)
<smoser> hallyn, hm..
<smoser> but why do i need the complexity
<smoser> hallyn, well, if you return, this seems like it should work for what i was wanting.
<smoser>  i create a bridge (using libvirt for simplicity... yes, i think that sounds funny too)
<smoser> but anyway: http://paste.ubuntu.com/1088955/
<smoser> then i would boot a lxc container for my maas server on that bridge.
<smoser> it woudl have to statically configure its networking including dns.  the default route and gateway would be 10.0.5.1.
<smoser> then, it can provide the dhcp server on that network and tell others to use 10.0.5.1 as the default route and even as dns. (libvirt runs a caching only dnsmasq for me there).
#ubuntu-server 2012-07-13
<hallyn> smoser: and so your container would use both your new bridge and virbr0?  it's actually a tinge more complicated than what i was suggesting imo but should work :)  just make sure that libvirt doesn't start a dnsasq for the new network
<overrider> Hello - i am running a 10.04 Server, and i would like to upgrade a few packages on it to newer version despite them not being in the archives. Example is id like to use rsnapshot1.3.1 but only have 1.3.0 on my system. Another is i kind of need wkhtmltopdf 0.9.9 but only have 0.9.0 on my system. Is the only obvious answer to upgrade to 12.04 ?
<arussel> Hi, I'm having a lot of difficulties install postgres on the latest LTS. I've done it on 2 other servers, I can't manage to know what is going wrong with this one.
<arussel> I'm doing: 'sudo apt-get install postgresql'
<arussel> but no files are installed in '/etc/postgresql', so the init script doesn't find any 'version' and doesn't start anything
<arussel> I've got no error either when installing or '/etc/inid.d/postgresql start'
<arussel> what package is supposed to create the directory '/etc/postgresql' ?
<ScottK> arussel: I think you want /etc/postgresql-common and it's postgresql-9.1.
<arussel> ScottK: thanks. I've tried a billion times with all the packages, I switch from aptitude to apt-get and got it installed now.
<arussel> not sure this is the root cause
<arooni-mobile> hey folks;  running ubuntu 10.04 LTS;  i want to get php-fpm + nginx.  i already have nginx setup... but trying to figure out how to get php-fpm.  ideas?
<S0undwave> How does one go about manually configuring DHCP for Ubuntu Server? I'm new.
<ScottK> They didn't last long.
<xfxchilde> morning
<reisi> what script is ran after kernel image installs to update grub? i'd like to add grub installing on all my hard drives (which are part of md raid) instead of first one
<RoyK> hi all. setting up a couple of machines as a small kvm cluster with iscsi/gfs2 storage
 * glance would sugest using lvm and drbd instead
<RoyK> huh - why??
<reisi> ffs this grub/grub-pc thing for 10.04 is unbearable, apparently back in the day no one did booting from md+lvm
<RoyK> they're both connected to a SAN, shared storage
 * RoyK glances at glance 
<RoyK> and I'm using lvm on that
<RoyK> and gfs2 on top
<glance> i would atleast drop gfs2
<RoyK> and then use what?
<glance> plain lv's
<glance> one less layer -> less problems and more preformance
<RoyK> and how would you plan for the two machines to share that?
<glance> didn't you say that you used shared storage? =)
<RoyK> glance: yes, shared block device, meaning: NEEDÂ FORÂ FILESYSTEMÂ SUPPORTINGÂ SHAREDÂ BLOCKÂ DEVICE
 * glance just shakes his head
<glance> don't use any filesystem on your host machines. use lv's directly.
<RoyK> glance: if you have a good alternative to that, feel free to comment
<glance> i just did.
<RoyK> glance: oh - no filesystem - just dd your VMs to the LV?
<glance> jepp
<glance> or rather qemu-img convert -O host_device
<RoyK> hm...
<RoyK> then - how can I make sure those VMs aren't started on two nodes at the same time?
<glance> implement that in control logic instead of filesystem locking.
<glance> kvm doesn't lock the file anyhow.
<RoyK> sanlock works well for that
<glance> and what prevents you from starting that vm two times on the same machine then? =)
<RoyK> anyway - first problem is: iscsiadm -m node --login: works well, but after a reboot, the device is lost and I need to --login manually again - any idea when?
<RoyK> glance: sanity and stuff like virsh/virt-manager
<glance> so, use your sanity to not start the vm's on multiple machines =)
<glance> or use ex. ganeti
<RoyK> any idea about that iscsi problem?
<RoyK> and about sanity and multiple machines - I'm not going to run this all by myself, and I want it foolproof
<RoyK> any sane ones around?
<glance> RoyK: you can use clvm if you like locking-by-shared-storage =)
<RoyK> sorry, but what's wronga about gfs2?
<RoyK> redhat uses that in production in its clusters
<RoyK> also, do you have iscsi experience? my LUNs fail to attach after a reboot
<_ruben> RoyK: which target software you use?
<RoyK> iscsiadm -m node shows the lun, but I have to manually login to it to see it
<_ruben> or wait, you're just the initiator
<RoyK> dunno - some SAN
<RoyK> yep
<_ruben> no experience with that
<shortdude> Hi, does anyone have any experience with rsyslog?
<mdeslaur> lynxman: are you the puppet expert?
<glance> shortdude: ask your question
<mdeslaur> lynxman: puppet in quantal is likely to be busted, as default ruby is now 1.9....I've got a merge ready from debian, but it doesn't solve the problem
<jcastro> smoser: jamespage roaksoax Ursinha m_3 G+ in about 10 minutes?
<shortdude> i have been running rsyslog to gather remote syslogs from other ubuntu servers and today it decided to start crapping out.  Most of the local syslog files are under 1M but today its over 600M w/ a repeated message from 2 hours ago.  It is complaining about the line "$RuleSet remote" and the 2 places i bind it to ports.  The rsyslog process is also hammering /dev/log.
<glance> log loops?
<glance> we just use $AllowedSender
<shortdude> sorta, it continuosly logged a series of errors about the 3 lines 2 hours ago.  no other logs are duplicated over and over
<glance> let servers have if $fromhost-ip != '127.0.0.1' then ~
<glance> before *.* @
<glance> ...
<glance> so that it doesn't send away any logs but its own.
<shortdude> if it helps, my config is at http://pastebin.com/mejj7v5r
<glance> is the config-file the same at cerberus
<glance> ?
<shortdude> whoops forgot to take that name out, cerberus is the name of the server
<shortdude> i have restarted the rsyslog process but after 15 seconds it started hammering /dev/log and the cpu wait is 25-75% according to top.  I have not rebooted it to see what happens since i dont want to go rebotting things unless i know it will do some good.
<koolhead11> hi al
<glance> shortdude: http://pastebin.com/D77nrj3x
<shortdude> @glance... Thanks, another admin and i are working to chance our config to remove the ruleset similar to yours.  The other admin here with me said he found something about rsyslog 4.2 not working well with rulesets
<glance> shortdude: that config is runing in a 4.2 rsyslogd on lucid, and is working just fine.
<glance> in two years it have had maybee two unexpected crashes.
<glance> and its about 1k hosts logging to that machine
<shortdude> sounds good, i like to hear that.  we are running on lucid also
<philipballew__> What would I use to see all ip address in use on my lan?
<philipballew__> nmap for sure, but what is the command if anyone knows off hand
<ikonia> philipballew__: the switch/router should show that from an arp
<philipballew__> ikonia, well my router kinda sucks, but Im ssh's in from far away
<philipballew__> Ah, ikonia I see what you mean!
<philipballew__> thanks!
<koolhead11> hi philipballew_
<shortdude> @glance... you still on?
<hallyn> zul: bad news.  0.9.13 libvirt doesn't seem to work for creating a new qemu based vm through virt-manager (at least remotely)
<zul> gah?
<glance> shortdude: sortof
<shortdude> @glance... thought i would let you know that we figured out what was going on and we did have a logging loop on the log server
<shortdude> we took off a line and it is working now
<shortdude> thanks for you help
<|2ump|2oast> Hello - I'm building a SOHO samba fileserver using ubuntu server 12.04 and I have been looking for bare metal backup / restore solution.  I've looked at mondo/mindi and tested it (both on 32bit and 64bit editions of ubuntu server) but there were numerous issues and I was unable to restore.  Does anyone here have a bare metal backup / restore solution that you use or recommend?
<koolhead11> adam_g: hey there
<adam_g> koolhead11: heya
<koolhead11> adam_g: will you be at OSCON>
<koolhead11> adam_g: cool stuff. Folsom on Q and precise
<adam_g> koolhead11: of course ill be there, i can practically see the convention center from my window right now. :) will you?
<koolhead11> adam_g: yes. am in portland as well
<adam_g> koolhead11: cool!
<koolhead11> adam_g: you from portland itself?
<adam_g> yup
<kirkland> SpamapS: howdy!
<kirkland> SpamapS: could I get you to promote something from -proposed to -updates?
<kirkland> SpamapS: http://pad.lv/u/ecryptfs-utils
<kirkland> SpamapS: there's a proposed package that's been sitting there for a long time
<SpamapS> kirkland: I don't see any verification on the bugs
<SpamapS> kirkland: bug 884407 seems to be verified
<uvirtbot`> Launchpad bug 884407 in ecryptfs-utils "mount.ecryptfs_private is broken on arm" [Low,Fix committed] https://launchpad.net/bugs/884407
<SpamapS> kirkland: bug 576133 needs verification still tho
<uvirtbot`> Launchpad bug 576133 in ecryptfs-utils "Shouldn't allow autologin for ecryptfs users" [Low,Fix committed] https://launchpad.net/bugs/576133
<kirkland> SpamapS: lemme get that for you
<kirkland> SpamapS: ugh;  downloading 11.10 iso;  will be a few minutes
<roaksoax> SpamapS: howdy! If you have some time, could you please take care of bug #1024010
<uvirtbot`> Launchpad bug 1024010 in maas-enlist "[SRU] After Commission Action 2 no longer exists" [High,Fix released] https://launchpad.net/bugs/1024010
<kirkland> SpamapS: done!  https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/576133/comments/10
<uvirtbot`> Launchpad bug 576133 in ecryptfs-utils "Shouldn't allow autologin for ecryptfs users" [Low,Fix committed]
<SpamapS> roaksoax: if its in the precise-proposed queue, it will get looked at soon..
<roaksoax> SpamapS: awesome, thanks
<SpamapS> roaksoax: we have a crazy backlog.. several days behind.. if its time sensitive though, I'm happy to queue jump it
<roaksoax> SpamapS: it would be nice to have asap as breaks maas enlistment into precise maas version
<roaksoax> into quantal maas verrsion*
<hallyn> mdeslaur: hey - with virt-manager, connecting remotely, do you usually connect to root?  is connecting to qemu:///host/system (rather than session) the intent?
<mdeslaur> I never use session, and I connect to my user on the remote machine
<mdeslaur> hallyn: you use session?
<hallyn> mdeslaur: well system wasnt' working in one setup, so i had quickly hacked connect.py to use session...
<hallyn> but after i did that, i noticed it created ~/VirtualMachines and used that in place of /var/lib/libvirt/images/,
<hallyn> and was wondering whether i'm just messing with things, or if there's a real problem :)
<hallyn> ok, let me try clearing everything and using /system
<mdeslaur> yeah, as it doesn't have sufficient rights when you use session
<mdeslaur> I suspect a bunch of stuff will fail if you use session
<mdeslaur> you should put your user in the libvirt group on the remote machine, and use system with your user
<hallyn> ok - i was in the libvirt group, but i think my problem was due to 0.9.13 in quantal (which we'll look at monday)
<hallyn> thanks (retrying)
<mdeslaur> I've only used remote connections for testing virt-manager though, so I'm not exactly an expert of using it that way
<mdeslaur> hallyn: let me know if you need any help
<hallyn> mdeslaur: i thought i'd tried this before, but i think ihadn't deleted my ~/VirtualMachines.  resetting everything worked.  thanks!
<mdeslaur> hallyn: cool!
<hallyn> now to figure out whether grub1 failing was fixed by switching from precise->quantal, or amd->intel
<stgraber> hallyn: are you aware of an easy way to know whether an ethX entry is veth?
<stgraber> hallyn: I need to make NM deal with veth for when it's running in a container. It currently ignores any virtual interface which makes it quite broken in there.
<hallyn> stgraber: hm, not really.  you can at least tell whether it's virtual by looking under /sys/devices/virtual/net
<stgraber> hallyn: yeah, the problem is that NM ignores anything that's virtual, so I'm trying to make it a bit more clever, ideally without allowing all virtual devices in the process :)
<hallyn> stgraber: looking at the kernel code, ethtool may know how to get the information.
<hallyn> stgraber: 'sudo ethtool -i veth' shows'driver:veth'
<hallyn> stgraber: http://paste.ubuntu.com/1090532/  is the code which detects that.  ioctls will get you what you need
<stgraber> hallyn: thanks! I'll add that to NM's detection code then
<hallyn> 0x00000003 is the ioctl #.  not sure yet if you can do ita gainst any socket or what
<hallyn> stgraber: yeah looks like just socket(AF_INET, SOCK_DGRAM, 0);
<hallyn> stgraber: surely you can make it prettier, but this ripped off hacked bit from ethtool works for me http://people.canonical.com/~serge/detectveth
<hallyn> (shows what you need)  'sudo detectveth veth1' worked for me
<stgraber> hallyn: cool. There's already a function in NM doing a similar ioctl, will change it a bit to also retrieve the driver and then add a check for veth
<stgraber> thanks
<hallyn> stgraber: excellent :)  have a good weekend
<stgraber> you too
<zastaph> oops.. I made a software RAID on another machine, moved the harddisks, now I can't even DBAN them, and most rescue disks fail to boot because something is confused
<zastaph> tried many mdadm commands, fail, remove, stop.. --zero-superblock and even dd if=/dev/zero
<zastaph> the latter faults the OS during the process, segfaults
<zastaph> what boot iso can do this gracefully ?
<zastaph> guess I need dmraid
<hallyn> Daviey: are you still around?
<hallyn> Daviey: well, nm.  was wondering if your amd x130e was available and pre-loaaded with quantal server :)
<hallyn> i'll just sacrifice my install.  bbl
#ubuntu-server 2012-07-14
<hallyn> zul: oh, i think all i had to do in quantal was cd /var/lib/libvirt; chown libvirt-qemu:kvm images; chmod g+rx images.
<hallyn> so that dir needs to have its owner/perms set on install
<zul> hallyn: cool patches welcome :)
<hallyn> zul: that's like some packaging magic :)
<hallyn> zul: i'll worry about it on monday :)  just wanted to make sure you weren't worried about it
<zul> hallyn: monday dude :)
<hallyn> ttyl, have a good weekend
<katronix> Hi all, I just upgraded my dedicated server to 12.04 and it seems OpenPanel doesn't work quite as well under it, anyone know of a web based configuration for it that works really well?
 * RoyK has no idea what openpanel might be
<RoyK> !openpanel
<RoyK> perhaps
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<RoyK> !ebox
<ubottu> zentyal is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/Zentyal (Project formally known as eBox - including in Lucid/10.04).
<katronix> yeah I was using OpenPanel under 10.04.1-64 but it stopped working in some ways when I upgraded, not sure how to fix it
<ubuntnoob> So, i tried to make a mirror of an old hdd, using a bigger, newer hdd using this: http://www.infidigm.net/articles/ubuntu_hdd_upgrade/  guide, after fixing fstab to reflect the new hdd, i finally got it to "ubuntu 10.10 (servername) tty1  /n (servername)login"
<ubuntnoob> when I try to login with user, it says "unable to cd to "/home/user" and brings me back to login
<ubuntnoob> i tried logging in as root, but it says password incorrect -
<ubuntnoob> is there a default pw? i know what I set it to
<ubuntnoob> also, i did manual recovery to edit fstab, then i reloaded broken packages and updated grub
<rewtraw> Anyone know how to rename a NIC? lshw shows my dual-NIC, but one is named "rename2" while the other is the usual "eth1". Using "rename2" as the ID in /networking/interfaces works, but I would rather rename it as "eth0"
<rewtraw>        logical name: rename2
<katronix> Hi all, I accidentally turned off InnoDB in my list of engines for mysql, can someone suggest how I fix that?
<patdk-lap> what version?
<katronix> of ubuntu or mysql?
<katronix> ubuntu is 12.04 LTS and mysql is mysql  Ver 14.14 Distrib 5.5.24, for debian-linux-gnu (x86_64) using readline 6.2
<katronix> anyone still here?
<katronix> patdk-lap are you still here?
<patdk-lap> ya
<uvirtbot`> New bug: #1021810 in nova "`nova-manage fixed list` fails if network has been deleted" [Undecided,New] https://launchpad.net/bugs/1021810
<uvirtbot`> New bug: #1023025 in openldap (main) "search fail with get_ctrls : controls require LDAPv3" [Undecided,Confirmed] https://launchpad.net/bugs/1023025
<uvirtbot`> New bug: #1023405 in libreoffice (main) "please transition libservlet2.5-java -> libservlet3.0-java and then demote tomcat6 source and binaries to universe" [High,In progress] https://launchpad.net/bugs/1023405
<uvirtbot`> New bug: #1024326 in horizon "django_compressor is required for access to the dashboard" [Undecided,New] https://launchpad.net/bugs/1024326
<uvirtbot`> New bug: #1024475 in libnss-ldap (main) "libnss-ldap causes boot hang on Ubuntu 12.04 Precise" [Undecided,New] https://launchpad.net/bugs/1024475
<uvirtbot`> New bug: #993808 in net-snmp (main) "package snmpd 5.4.3~dfsg-2.4ubuntu1 failed to install/upgrade: el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 1 (dup-of: 984499)" [Undecided,New] https://launchpad.net/bugs/993808
<uvirtbot`> New bug: #1014864 in walinuxagent (universe) "[MIR] walinuxagent" [High,Fix committed] https://launchpad.net/bugs/1014864
<uvirtbot`> New bug: #1023160 in samba (main) "package winbind 2:3.6.3-2ubuntu2.1 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Undecided,Incomplete] https://launchpad.net/bugs/1023160
<uvirtbot`> New bug: #1023221 in net-snmp (main) "package snmpd 5.4.3~dfsg-2.4ubuntu1.1 failed to install/upgrade: la subprocezo instalis skripton post-installation liveris eraran elir-staton 1 (dup-of: 984499)" [Undecided,New] https://launchpad.net/bugs/1023221
<uvirtbot`> New bug: #1023325 in openvpn (main) "openvpn init.d script writepid in wrong location" [Undecided,Incomplete] https://launchpad.net/bugs/1023325
<uvirtbot`> New bug: #1023360 in openssh "Comments longer than 1024 chars break sshd_config" [Medium,Fix released] https://launchpad.net/bugs/1023360
<uvirtbot`> New bug: #1023692 in samba (main) "package samba-common 2:3.6.3-2ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2 (dup-of: 1017237)" [Undecided,New] https://launchpad.net/bugs/1023692
<uvirtbot`> New bug: #994845 in net-snmp (main) "package snmpd 5.4.3~dfsg-2.4ubuntu1 failed to install/upgrade:  userdel: user snmp is currently logged in (dup-of: 984499)" [Low,Incomplete] https://launchpad.net/bugs/994845
<uvirtbot`> New bug: #1023418 in python-oauthlib (universe) "[MIR] python-oauthlib" [Undecided,Fix released] https://launchpad.net/bugs/1023418
<uvirtbot`> New bug: #1023539 in samba (main) "package samba-common 2:3.6.3-2ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,Incomplete] https://launchpad.net/bugs/1023539
<uvirtbot`> New bug: #1023600 in bind9 (main) "db.root file outdated" [Low,Triaged] https://launchpad.net/bugs/1023600
<uvirtbot`> New bug: #1023775 in mysql-5.5 (main) "package mysql-server-5.5 5.5.24-0ubuntu0.12.04.1 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,Invalid] https://launchpad.net/bugs/1023775
<uvirtbot`> New bug: #1024222 in mysql-5.5 (main) "package mysql-server-5.5 5.5.24-0ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Invalid] https://launchpad.net/bugs/1024222
<uvirtbot`> New bug: #1024300 in mysql-5.5 (main) "Empty strings in mysql.user "disables" new users" [Undecided,Invalid] https://launchpad.net/bugs/1024300
<uvirtbot`> New bug: #1024355 in php5 (main) "package php5-mysqlnd 5.4.4-1ubuntu1 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 4" [Undecided,New] https://launchpad.net/bugs/1024355
<uvirtbot`> New bug: #1002997 in tomcat7 (main) "Tomcat7 package should have jdbc-pool module" [Wishlist,Triaged] https://launchpad.net/bugs/1002997
<uvirtbot`> New bug: #1022493 in snappy (universe) "[MIR] leveldb, snappy, libs3" [Medium,New] https://launchpad.net/bugs/1022493
<uvirtbot`> New bug: #1023057 in postfix (main) "package postfix 2.9.1-5 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1 (dup-of: 523896)" [Undecided,New] https://launchpad.net/bugs/1023057
<uvirtbot`> New bug: #1023076 in nova (main) "package nova-common 2012.1+stable~20120612-3ee026e-0ubuntu1.1 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,Invalid] https://launchpad.net/bugs/1023076
<uvirtbot`> New bug: #1023899 in tomcat7 (main) "Tomcat 7 Startup script should be (slightly) changed to allow mutiple instances" [Wishlist,Triaged] https://launchpad.net/bugs/1023899
<uvirtbot`> New bug: #1012794 in tomcat7 (main) "[SRU] DataSource JNDI lookup with javax.naming.Name failed" [High,In progress] https://launchpad.net/bugs/1012794
<uvirtbot`> New bug: #1023931 in puppet (main) "(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})" [Undecided,Confirmed] https://launchpad.net/bugs/1023931
<uvirtbot`> New bug: #991901 in nova (main) "Errors associated with nova starting." [Undecided,Incomplete] https://launchpad.net/bugs/991901
<uvirtbot`> New bug: #1001040 in postfix (main) ""TLS library problem" drops incoming mail when sender uses RC4-MD5 cipher" [Medium,Confirmed] https://launchpad.net/bugs/1001040
<uvirtbot`> New bug: #939300 in apache2 (main) "Update Apache to 2.4" [Wishlist,Confirmed] https://launchpad.net/bugs/939300
<uvirtbot`> New bug: #1000219 in cobbler (universe) "cobbler does not recognise 12.04 server iso" [Medium,Confirmed] https://launchpad.net/bugs/1000219
<uvirtbot`> New bug: #1023591 in php5 (main) "php5 opens /proc/XXX/auxv thousands of times until Apache crashes with "too many open files"" [Undecided,New] https://launchpad.net/bugs/1023591
<uvirtbot`> New bug: #1023550 in postfix (main) "Postfix missing libresolv in chroot jail" [High,Triaged] https://launchpad.net/bugs/1023550
<uvirtbot`> New bug: #1022821 in squid (main) "squid crashed with SIGSEGV in __find_specmb()" [Medium,New] https://launchpad.net/bugs/1022821
<ewook> woha
<uvirtbot`> New bug: #1023244 in bind9 (main) "package bind9 1:9.8.1.dfsg.P1-4ubuntu0.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Invalid] https://launchpad.net/bugs/1023244
<uvirtbot`> New bug: #1021560 in leveldb (universe) "FTBFS: gives high rate of false positives on powerpc" [Medium,Confirmed] https://launchpad.net/bugs/1021560
<uvirtbot`> New bug: #1023016 in nova (main) "unable to delete/deregister image" [Undecided,Confirmed] https://launchpad.net/bugs/1023016
<uvirtbot`> New bug: #1022725 in glance (main) "glance-registry does not include python-paste as a dependency" [Undecided,Incomplete] https://launchpad.net/bugs/1022725
<uvirtbot`> New bug: #1022903 in libnss-ldap (main) "[ARM] libnss-ldap misses softlink /lib/libnss_ldap.so.2" [High,Triaged] https://launchpad.net/bugs/1022903
<uvirtbot`> New bug: #1024653 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.63-0ubuntu0.10.04.1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 255" [Undecided,New] https://launchpad.net/bugs/1024653
<uvirtbot`> New bug: #1024655 in apache2 (main) "package apache2.2-common 2.2.14-5ubuntu8.9 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 255" [Undecided,New] https://launchpad.net/bugs/1024655
<uvirtbot`> New bug: #1024658 in clamav (main) "package clamav-freshclam 0.97.5+dfsg-1ubuntu0.11.04.2~10.04.1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 255" [Undecided,New] https://launchpad.net/bugs/1024658
<uvirtbot`> New bug: #1024755 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Confirmed] https://launchpad.net/bugs/1024755
<n2deep> Does anyone know where /run on 12.04 gets its size parameter from? Mine is set at 10% and I want to make it bigger.
<|2ump|2oast> hello, has anyone ever had the following error: Jul 14 14:34:39 fileserver kernel: [ 2670.940174] ata3: exception Emask 0x10 SAct 0x0 SErr 0x90200 action 0xe frozen?
<qman__> |2ump|2oast, looks like a drive, drive cable, or drive controller failed for some reason
<|2ump|2oast> I've got 3 drives of the same type
<|2ump|2oast> 2 are in a software raid this one is just off on it's own
<|2ump|2oast> nothing critical is on the drive thankfully
<|2ump|2oast> I'm running a smart long self-test on the drive - do you think that would indicate drive failure once it's completed?
<qman__> not really, it just runs it though its paces
<qman__> what indicates drive failure is whether or not any errors are logged
<qman__> though sometimes they fail without ever giving any
<qman__> it could easily be a loose cable or unreliable power too
<qman__> that error was generated by the disk controller driver, meaning it could not communicate with the hard drive for some reason
<qman__> it doesn't necessarily mean there was a media error
<RoyK> |2ump|2oast: it will indicate drive failure if enough errors are found
<|2ump|2oast> thanks qman__ and RoyK - I'll test the PSU once the SMART is done running and double check  BIOS settings and physical connections.  I've seen some funny things from this drive in the past, but not recently.
<MoleMan> What's the command for updating the time? (yeah, I'm feeling too lazy to google
<ikonia> ntpdate
<ikonia> or use ntpd if the times close to being in sync
<ikonia> or "date" to force it to a specific time/date
<VampsDaBeast> what is the command to rename a file
<VampsDaBeast> when i entered the filename before saving.. i hit a number in the tld so i need to change it
<ikonia> mv
<VampsDaBeast> ahh yea.. thanks
<|2ump|2oast> VampsDaBeast: mv currentname newname
<VampsDaBeast> dont need the /etc/blah/blah right
<ikonia> depends if you are in the same directory
<ikonia> although if you're asking these sort of questions, would it not be better if you run a desktop with a gui
<ikonia> make it easier on your self
<VampsDaBeast> how woould i learn to run a LAMP server on a GUI?
<ikonia> exactly the same way as you are doing now
<ikonia> lamp is linux/apache/mysql/php, that has nothing to do with if a gui is running or not
<ikonia> which suggests to me even more you should run the desktop install with a gui to help get you running
<VampsDaBeast> what bout installing xdm with mate on the server install?
<ikonia> I wouldn't suggest that, but of course it's up to you
<VampsDaBeast> its not a production enviro server
<ikonia> that doesn't change what I said
<VampsDaBeast> then why run a desktop install of ubuntu to learn server operations?
<ikonia> because a desktop doesn't change the function of a server or it's capabilites
<ikonia> which again suggest you really don't understand what you are doing
<VampsDaBeast> difference between a desktop, and a server is the installed packages
<ikonia> which is fine, carry on, but if you can't rename a file and you don't know how to google the correct command, you're going to stuggle, I was just offering a suggestion to help you actually work
<guntbert> !serverguide | VampsDaBeast
<ubottu> VampsDaBeast: The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<guntbert> !manual | VampsDaBeast
<ubottu> VampsDaBeast: The Ubuntu Manual will help you become familiar with everyday tasks such as surfing the web, listening to music and scanning documents. With an emphasis on easy to follow instructions, it is suitable for all levels of experience. http://ubuntu-manual.org/
<guntbert> VampsDaBeast: or see https://help.ubuntu.com/community/UsingTheTerminal
<ikonia> I'm sure the help was appreciated
<guntbert> thx for the confirmation, ikonia :)
<uvirtbot`> New bug: #933417 in libfcgi (universe) "Stack smashing while using a lot of connections" [Medium,Fix released] https://launchpad.net/bugs/933417
<koolheadd17> adam_g, hola
#ubuntu-server 2012-07-15
<uvirtbot`> New bug: #999614 in php5 (main) "new SoapClient() with connection_timeout = NULL breaks multi-dimensional arrays" [Undecided,Expired] https://launchpad.net/bugs/999614
<crass> has anyone needed to append some dns entries to a pppd created link? with dhcp its easy, but pppd seems unworkable without some major changes.
<Syria> Hi, VirtualBox Failed to open the X11 display!
<Syria> Please help me with this.
<Syria> SSH -X, Found it, Thank you.
<uvirtbot`> New bug: #1024926 in clamav (main) "package clamav-base 0.97.3+dfsg-2.1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1024926
<RoyK> anyone that knows a good online backup solution? crashtest looks ok, but it's dead slow, ETA for backing up 2,3TB is 29 days(!), and I'm on a 60Mbps symmetric line
<patdk-lap> all of them will go like that royk
 * RoyK is just a bit worried about restore - waiting a month for restore would be rather bad
<patdk-lap> ya, why I don't like any of the current solutions
<patdk-lap> some people will offer to ship you a 2tb restore drive though
<patdk-lap> as I already have an offsite rack, I just do it myself it there
<RoyK> I have an offsite server, but not with very much space
<glosoli> Hey kinda stupid question, but how can I set Up Ubuntu server without having monitor ?
<trimeta> glosoli: You'll probably need a monitor during the installation, but after that if you've got ssh set up you can remove the monitor and administer it that way.
<glosoli> trimeta: ash that what I was wondering for
<trimeta> There may be a way to perform the entire installation remotely...I've never tried. I don't know if any of the LiveCDs automatically set up ssh.
<glosoli> trimeta: ah no prob
<Katronix> Hi all, can someone point me to a good page to learn how to configure my ubuntu server to be name servers?
<glosoli> was just curiosity mainly
<RoyK> glosoli: try a serial console
<RoyK> !dns
<ubottu> To set up a Domain Name Service see the !serverguide - https://help.ubuntu.com/10.04/serverguide/C/dns.html
<glosoli> Well I am not doing it at the moment, just thinking of
<glosoli> as I will be in need tomorrow
<Katronix> thanks Roy
<trimeta> Out of curiosity, why does the zfsutils package only install helpful system maintenance cronjobs on kfreebsd, not on regular Linux-based systems?
<RoyK> trimeta: ask the package maintainer...
<trimeta> Fair enough...it also seems like the Linux version is many versions behind, which may be related...but again, same answer.
<RoyK> mhm - seems ubuntu 12.04 only has up to zpool v23
<RoyK> which is something like two years old
 * RoyK uses illumos for zfs
<Katronix> http://pastebin.com/DH03puUu should this work?
<trimeta> illumos? What's that?
<RoyK> trimeta: opensolaris-descendant :)
<trimeta> Ah.
<RoyK> trimeta: it's the "kernel" of the free solaris-based distros around
<RoyK> openindiana, omnios, nextos, nexenta ...
<RoyK> s/nextos/smartos/
<trimeta> Also, oops, I think I upgraded my zpool past the version that the FUSE module can handle...I'm using the zfs-native thing, which goes up to v28.
<trimeta> I think I remember hearing about the continuation of Solaris, but I forgot what it was being called nowadays.
<RoyK> trimeta: oh, native zfs on linux? I've never tried that
<trimeta> It builds a kernel module with DKMS.
<RoyK> trimeta: solaris is solaris
<RoyK> trimeta: but opensolaris was forked to openindiana, and then illumos was separated as a new project for OS/Net (kernel + important userbits)
<trimeta> Ah...I've just stuck with Ubuntu, I like being able to use PPAs to add up-to-date software on top of a stable base.
<Katronix> can anyone look at that pastebin I put up?
<RoyK> trimeta: I use ubuntu for most stuff, but in my last job, I setup some 400TB spread out on seven storage servers - fun ;)
<RoyK> all on openindiana...
<trimeta> Katronix: I don't know much about DNS records, sorry...
<Katronix> trimeta np
<RoyK> Katronix: $ORIGIN your.tld
<Katronix> Sorry Roy, I don't understand
<RoyK> try this http://pastebin.com/Etvf2hbB
<Katronix> Roy OK I put that in, I suppose for now I would have to dig to the server to see if it worked?
<RoyK> make sure you updated serial
<Katronix> yep I did
<Katronix> the server itself does not recognize the domain yet :(
<RoyK> what's in the logs?
<Katronix> RoyK http://pastebin.com/mvB8gdUe I guess lines 7 to 10 is the issue?
<RoyK> what's on those lines?
<Katronix> sorry I mean lines 7 to 10 of the pastebin results
<RoyK> perhaps just change to $ORIGIN your.tld on top
<RoyK> and drop the other
<Katronix> Jul 15 11:36:17 ubuntu named[31439]: /etc/bind/chrisamoody.com.zone:4: SOA record not at top of zone (chrisamoody.com.chrisamoody.com)
<Katronix> Jul 15 11:36:17 ubuntu named[31439]: zone chrisamoody.com/IN: loading from master file /etc/bind/chrisamoody.com.zone failed: not at top of zone
<Katronix> so I guess getting closer
<RoyK> oh, change back to $ORIGIN . at the top
<RoyK> then place $ORIGIN your.tld just after the SOA
<RoyK> $ORIGIN chrisamoody.com, that is
<Katronix> ok
<Katronix> so add it after the MX line?
<Katronix> RoyK I have several lines saying in part, "/etc/bind/chrisamoody.com.zone:4: ignoring out-of-zone data (.)" different lines though
<RoyK> what's on line 4?
<RoyK> Katronix: pastebin the zone file again, please
<Katronix> k
<Katronix> http://pastebin.com/ALv5SNQJ
<Katronix> bind complains about lines 4, 11, 12 and 14
<RoyK> Katronix: try to move the origin line above those three records
<Katronix> so move line 15 to line 10?
<RoyK> something like that, yes
<RoyK> otherwise '@' will reflect origin '.', which doesn't make sense
<Katronix> http://pastebin.com/8PXFqRhv
<Katronix> seems to still not like the SOA line
<Skaag> hey I have an old old old karmic server lying around, how do I get it upgraded to the next release?
<Skaag> I'm going to try a do-release-upgrade and see if that works
<Skaag> I'm asking because an apt-get update can no longer find most of the repositories.
<Katronix> is your sources.list updated?
<guntbert> !upgrade | Skaag do it step by step (or LTS->LTS)
<njin> kamic has 5 years too
<njin> of support
<guntbert> !upgrade | Skaag
<ubottu> Skaag: For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/desktop/get-ubuntu/upgrade
<Skaag> ok let's see how the do-release-upgrade goes
<Skaag> ah thanks
<Skaag> it's a server.
<RoyK> Katronix: oh - the soa is wrong
<njin> why it cannot found the repo
<RoyK> change the @ to your domain name
<RoyK> Skaag: karmic hasn't been supported for a while ;)
<Katronix> RoyK so it should be chrisamoody.com IN SOA ns1.chrisamoody.com. hostmaster.chrisamoody.com. ( ?
<RoyK> try that
<Skaag> I know, i've been upgrading regularly all of my boxes but this one somehow remained because it's one of those customers who have totally embraced the "if it ain't broken don't touch it" idiom ;-)
<qman__> karmic was not an LTS and did not get 5 years
<qman__> you have to change your repositories to the old-releases to get updated
<Katronix> RoyK so http://pastebin.com/q9f2GRji would indicate its successfully loaded?
<Skaag> somehow do-release-upgrade is working. according to the docs it was supposed to give me an error message, and I was then supposed to use -d to upgrade anyway. but it just seems to work without the -d switch.
<RoyK> Katronix: looks right
<Katronix> RoyK cool, is there a way to test it? leafdns still says it can't talk to ns1/ns2 but its also set to a ttl of 48 hours
<RoyK> ttl of 48 hours???
<Katronix> http://leafdns.com/index.cgi?testid=A169BAD2
<RoyK> just type "host chrisamoody.com x.x.x.x" where x.xx.x.x is your server's ip
<RoyK> Katronix: have you added a zone section for that domain in the named.conf or named.conf.local file?
<RoyK> well, obviously, otherwise you wouldn't have gotten an error
<Katronix> actually my named.conf file includes zone.conf which loads chrisamoody.com
<Katronix> RoyK I guess its not working yet http://pastebin.com/v1Fd0RjH
<RoyK> Katronix: no, guess something is wrong - sorry - tired
<Katronix> np, thanks for your efforts
<zakk> anyone have a fast mirror of ubuntu-server 12.04 64?
<TheLordOfTime> use the torrents?
<zakk> where are they?
<seekwill> http://www.ubuntu.com/download/desktop/alternative-downloads
<zakk> thx
<seekwill> I agree, it's a bit hard to find
<resno> my boss is considering hosting our servers in our office, they are currently under someone elses control, what is a "good" internet speed to start with?
<resno> on a daily basis, i believe our site gets 1,000 hits or so
<Katronix> resno, is this an intranet site? or an internet site?
<lifeless> resno: the speed and bandwidth you need depends on : the peak concurrent traffic; the response time you want to give your users. 1000/day could mean 1000 in 5 minutes, for an end of day accounting site, or it might be totally random. You'll need to do more analysis to know.
<Katronix> anyone available to help me with a dns configuration issue?
<tonyyarusso> Katronix: I can try
<Katronix> Cool, I'm trying to get chrisamoody.com to be recognized by the net
<tonyyarusso> Um, pretty sure I see your issue
<Katronix> cool
<Katronix> I know the nameservers don't work, but the question is why?
<tonyyarusso> Katronix: You have it set to use ns1.chrisamoody.com and ns2.chrisamoody.com to resolve the domain, but it needs to be able to resolve the domain to see those nameservers.
<tonyyarusso> In other words, you have a cart before the horse issue.
<Katronix> ok, how do I get it to recognize the nameservers?
<tonyyarusso> So you'll need to update that to either a) point to NS records on some other domain, or b) do it by IP address
<Katronix> well Ideally the server will be its own nameservers and hosting the domain
<Katronix> it was working before I updated to percise
<tonyyarusso> ORLY?
<Katronix> yep
<tonyyarusso> That...shouldn't have worked.
<tonyyarusso> Or at least I don't think so.  I guess I could be wrong.
<Katronix> lol, you mean a server can't be both a name server and a web host?
<qman__> no, you need glue records
<tonyyarusso> nah, I mean the nameservers set on the domain itself.  But maybe they do.
<tonyyarusso> Yeah, what he said
<qman__> http://en.wikipedia.org/wiki/Domain_Name_System#Circular_dependencies_and_glue_records
<tonyyarusso> I'm not entirely sure how registrar's create those, or how to check them though
<Katronix> well I have already registered the name servers
<qman__> how you actually get it done depends on your registrar
<Katronix> I just the need the server to start doing it
<Katronix> so I guess first question, how do I get the nameservers to start working?
<qman__> basically, when you have that circular dependency, your registrar needs glue records to provide the IP
<tonyyarusso> As an example, this is what the page for creating them looks like on my registrar's panel:  http://files.tonyyarusso.com/glue-records.png
<qman__> so that when someone asks "who knows about asdf.com?" the parent server says "ns1.asdf.com, which btw, is 1.2.3.4"
<tonyyarusso> It's labeled "Name Server Registration" in their menu.
<Katronix> yes I have done that already
<Katronix> I'm now working on getting the server to work
<shauno> you've specified a name, but no IP address
<qman__> also can be called vanity name servers
<Katronix> http://leafdns.com/index.cgi?testid=C476D608 shows the IPs for it
<tonyyarusso> Eh?  Why does it say not authoritative?
<qman__> zone's not configured right
<Katronix> well that is what I'm trying to figure out , is why its not configured properly
<tonyyarusso> Can you pastebin the relevant BIND configs?
<Katronix> yep
<Katronix> http://pastebin.com/K8EYeu3R
<qman__> line 4, remove ns1
<Katronix> remove just ns1.chrisamoody.com ?
<qman__> no, remove the ns1.
<qman__> should just be chrisamoody.com in that spot
<Katronix> ok
<armaan> Hi folks ... while setting up LDAP i am getting this error--> ldap_bind: Invalid credentials (49)
<armaan> how should i resolve this ???
<Katronix>  host chrisamoody.com 173.193.86.158 still returns Host chrisamoody.com not found: 2(SERVFAIL) :(
<tonyyarusso> Katronix: did you restart bind?
<Katronix> yes
<tonyyarusso> and increase the serial
<tonyyarusso> ?
<Katronix> may have forgotten that, one sec
<Katronix> ok no effect
<qman__> try this http://pastebin.com/zN4SbKad
<tonyyarusso> Also, I don't think you want the domain in there twice.  Just "@ IN SOA chrisamoody.com. hostmaster.chrisamoody.com. ("
<tonyyarusso> I have no idea what $ORIGIN is for
<Katronix> me niether, someone else suggested it
<tonyyarusso> qman__'s paste looks good to me
<Katronix> one sec
<Katronix> chrisamoody.com mail is handled by 10 mail.chrisamoody.com. well I guess this is better :)
<tonyyarusso> Indeed
<tonyyarusso> anthony@timmins:~$ host chrisamoody.com
<tonyyarusso> chrisamoody.com has address 173.193.86.158
<tonyyarusso> chrisamoody.com mail is handled by 10 mail.chrisamoody.com.
<tonyyarusso> You're in business.
<Katronix> now getting a mismatched glue issue but we are doing better
<armaan> Hi folks ... while setting up LDAP i am getting this error--> ldap_bind: Invalid credentials (49)
<Katronix> chrome says it doesn't know my site yet...
<koolheadd17> armaan, is there specific documentation you are following
<tonyyarusso> Katronix: is 173.193.86.158 correct for your web host?
<jacobw> armaan: sudo ldap* -h localhost -Y EXTERNAL ...
<Katronix> yes
<jacobw> -Y specifies an SASL mechanism, EXTERNAL is 'let root in'
<armaan> koolheadd17: http://comtech247.net/2012/05/13/how-to-set-up-an-ldap-server-on-ubuntu-12-04-lts/
<tonyyarusso> Katronix: is Apache running?
<armaan> koolheadd17: also tried it
<Katronix> tonyyarusso yes
<tonyyarusso> Katronix: Actually, hrm, yes it is.  Now you have Apache redirecting http://chrisamoody.com/ to http://www.chrisamoody.com/, and www isn't resolving.
<Katronix> hmmm, ok will work on that
<tonyyarusso> It is properly looking at your nameservers for it though, so something in the BIND config for that subdomain.
<Katronix> should the two zone files be basically the same?
<tonyyarusso> It's not a separate zone
<tonyyarusso> it should be in the file you were working on before
<tonyyarusso> Unless you have a REALLY good reason to maintain a subzone.
<qman__> delegation would be the only good reason I know of
<koolheadd17> armaan, please check ubuntu server guide
<koolheadd17> it has a section openldap
<r0tha> koolheadd17: rofl essentially saying RTFM
<qman__> we can't support $random_blog_guide
<qman__> following the server guide first, and other sanctioned resources, is important
<koolheadd17> qman__,  +1
<jacobw> rtfm is a valid response
<koolheadd17> r0tha,  jacobw  nopes i don`t see it that way
<qman__> especially with something as complicated as openldap
<armaan> jacobw: it says -h not compatible with -H
<koolheadd17> age for RTFM are over now :)
<armaan> koolheadd17: okiez :)
<jacobw> if were, there would be no manuals
<koolheadd17> jacobw, i meant to say we are more tolerant these days. :)
<r0tha> koolheadd17: i mean RTFM is more of a benefit for everyone.
<qman__> that's not to say random blog guides aren't useful, because they are, but having not written and never used said random blog guide, I can't help you with it
<r0tha> if the manual is unclear it should be reviewed and revised
<koolheadd17> r0tha, qman__ +1 i just feel rude to say RTFM :)
<Katronix> yay my site is back up
<koolheadd17> Katronix, was it some apache issue
<Katronix> koolheadd17 no I just had to remove the code to for www.chrisamoody.com
<koolheadd17> oh k
<JenniferB2> hi folks... if I install ubuntu-server lts ( latest ) ... can I install gnome 2 on top of it thorugh apt-get install ?
<qman__> nope
<qman__> you'd have to compile it or get it from a third party, ubuntu only has gnome3 in its repositories
<JenniferB2> yes... but is it possible ? stable through other repositoroes ?
<qman__> in theory but it wouldn't be a supported configuration
<qman__> I recommend lubuntu as an alternative
<JenniferB2> why not xubuntu ?
<JenniferB2> i need it as desktop computer
<JenniferB2> not actually a server
<TheLordOfTime> JenniferB2:  you could install any Desktop version and install server packages on it
<TheLordOfTime> JenniferB2:  but GNOME2 is no longer part of Ubuntu
<qman__> you could use xubuntu, but I like lubuntu better
<TheLordOfTime> and I like Kubuntu, so...
<TheLordOfTime> its a personal preference of desktop envirionment
<qman__> lubuntu can have a pretty similar feel to gnome2 if you want it to
<JenniferB2> TheLordOfTime: I dont want all these fancy pancy new stuff ... i am a developer.. i dont need fancy big ugly buttons... kubuntu video i saw was a turnoff ... ubuntu 12 as well.
<qman__> then you will like lubuntu
<TheLordOfTime> JenniferB2:  gnome-shell or gnome-classic in Ubuntu
<JenniferB2> nice ... lts to ?
<TheLordOfTime> i needed Kubuntu for stuff
<TheLordOfTime> but personally i do everything via CLI
<TheLordOfTime> except IRC
<TheLordOfTime> JenniferB2:  Kubuntu, Lubuntu, etc. 12.04 will be LTS
<JenniferB2> TheLordOfTime: I heard that gnome-classic is a bit buggy
<TheLordOfTime> JenniferB2:  it is, that's why i said gnome-shell too :P
<JenniferB2> TheLordOfTime: haha
<TheLordOfTime> as for them being LTS, some might be community maintained
<qman__> I don't think the lubuntu bits are LTS, but you'll get base system updates
<qman__> and will be able to upgrade to the next LTS directly
<JenniferB2> http://lubuntu.net/blog/lubuntu-1204-now-available
<JenniferB2> qman__: yes.. it says that on the page
<qman__> practically, I don't think it makes much difference
<qman__> the important part is the kernel and base system updates, and the applications don't usually get much love later on anyway
<JenniferB2> qman__: yes.. I am sure ... is lubuntu nicer than xubuntu ?
<qman__> in my opinion, yes
<qman__> but there are plenty who disagree
<qman__> but it's all free, so give it a try
<TheLordOfTime> what qman__ said about LTS
<TheLordOfTime> parts of it won't be LTS-supported
<qman__> but those parts don't normally get updates that late in the cycle anyway
<TheLordOfTime> mhm
<JenniferB2> ok... this is an off question .. but what about linux mint ... could it be said it is equally stable as ubuntu or likely less ?
<JenniferB2> I want to use this desktop for years
<TheLordOfTime> MINT MUST DIE
<TheLordOfTime> i mean...
<TheLordOfTime> !mint
<ubottu> Linux Mint is not a supported derivative of Ubuntu. Please seek support in #linuxmint-help on irc.spotchat.org
<TheLordOfTime> (continuing to ask about mint in Ubuntu channels... well... not exactly advised)
<JenniferB2> hehe .. it is based on ubuntu!
<TheLordOfTime> there is ##linux here if you *really* want to risk it with questions about mint
<TheLordOfTime> do not make me pull the factoid out again
<TheLordOfTime> or ping ops
<JenniferB2> hehe
<JenniferB2> #linux
<TheLordOfTime> (they will just say the same thing i just did - mint support in ubuntu channels is bad)
<JenniferB2> sorry
<uvirtbot`> New bug: #1025066 in samba (main) "package winbind 2:3.6.3-2ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1025066
#ubuntu-server 2013-07-08
<MacroMan> I'm having some problems sending emails over ssmtp to google apps. All my emails bound with "DNS Error: Domain name not found" and I noticed that the from line reads "Received: from server.aplexpress.co.uk ([80.82.113.124])"
<MacroMan> I have not set up server.aplexpress.co.uk. Any idea where this may have come from and how I configure it? (The computer name is "server" I believe)
<greppy> MacroMan: does your ISP force use of a mail proxy server?
<jamespage> morning folks!
<MacroMan> Ah, just misconfigured ssmtp. Now all fixed. Sorry to waste anyones time.
<jamespage> melmoth, merged your ntp/ntpmaster changes - thanks!
<jamespage> look forward to the python rewrite
<melmoth> i m on it.. still a but puzzled with how charm helper works.. but i ll get there.
<jamespage> melmoth, I remember now - I wrote that charm when subordinates first landed as it was something simple to learn with
<melmoth> it s the first charm that made me understdood what a subordinate was.
<psivaa> hallyn_: jdstrand: jjohansen: sorry to bother you again, but bug #1197484 is still occurring and largely impacting almost all the saucy server smoke tests. Would greatly help if it gets looked at. thanks
<uvirtbot> Launchpad bug 1197484 in isc-dhcp "Connection requests to saucy server VMs from a precise host fail after fresh VM installs" [Undecided,New] https://launchpad.net/bugs/1197484
<jamespage> adam_g, merged the hookenv branch - the other two still need a bit of work - see MP's for details.
<jamespage> jodh, is there a nice way to not run a specific command under upstart user sessions?
<jamespage> jodh, I've fixed a bug in openvswitch trunk in saucy for this (it assuming init == pid 1)
<jamespage> but I really don't want to have to backport it to 12.04 for SRU's
<MacroMan> I've set up MX records in my bind9 configuration for google apps, but the google test tool is telling me that no mail exchanger has been found. The records are there if I do nslookup on my domain.
<jodh> jamespage: can you give more details? not clear on what you're trying to do.
<jamespage> MacroMan, might just be a propagation delay
<MacroMan> I'm not sure what could be wrong. They've been set since Saturday.
<jamespage> jodh, OK - openvswitch has its own monitor stuff which ensures its daemons keep running
<MacroMan> Here's a pastie of my nslookup: http://pastie.org/8120520
<jamespage> jodh, the test that verify that this all works ensures that the parent processes are set correctly when ovs is started up using this method
<jamespage> jodh, in trunk they used to check that the top level process was owned by init by detecting that the parent pid of the monitor daemon == 1
<jamespage> jodh, I fixed that test with a workaround just to ensure that the daemon parent process was not that of the shell that spawned it
<jamespage> jodh, but I really don't want to backport that fix for an SRU
<mardraum> MacroMan: no A record for them
<mardraum> MacroMan: http://www.intodns.com/aplexpress.co.uk
<MacroMan> mardraum, That tool says I have multiple A records for MX.
<mardraum> it says a what?
<MacroMan> "It seems that all your MX records have the same IP(s):
<MacroMan> There is no use on having multiple MX records pointing to the same ip."
<MacroMan> Under "Duplicate MA A records"
<mardraum> MacroMan, can you resolve aspmx.l.google.com.aplexpress.co.uk  ?
<MacroMan> mardraum, That's odd. That's not what I've got set in my bind config
<mardraum> so fix it
<mardraum> add an A record for all the MX records you have
<MacroMan> Thanks for pointing that out, I hadn't noticed.
<jodh> jamespage: going back to the original question, the simplest test to detect if you're running under a Session Init is whether UPSTART_SESSION is set.
<MacroMan> mardraum, Should I point the A record for "aspmx.l.google.com.aplexpress.co.uk" to the IP address of "ASPMX.L.GOOGLE.COM" which is what I have in my zone config?
<mardraum> to the IP of whatever machine should be receiving mail
<MacroMan> OK thanks. Yes it'll be the IP of the aspmx address.
<mardraum> google probably have best practice docs about what to do, I don't speak for them
<MacroMan> Just a sec. Should I have a period at the end of the MX record addresses? Is that why it's appending my domain after the MX record address?
<MacroMan> Here is my config: http://pastie.org/8120563
<mardraum> yes.
<mardraum> I don't mean to be rude, but why not go read some docs about bind?
<MacroMan> mardraum, Sorry. I landed myself in some hot water and my company wasn't receiving any email and I needed to get it fixed quickly. Thank you very much for helping me. I've added periods at the end and now email is working. Thank you very, very much.
<mardraum> you probably could have fixed it a lot sooner by using google search and looking carefully at some example zone config files
<mardraum> panic and IRC don't go together well
<MacroMan> mardraum, I know. It's working now though and a weight has been lifted. tbh, I'm a web dev that has taken on the task of setting up a new dedicated server, and I'm in a little over my head.
<jamespage> jodh, any ideas?
<jodh> jamespage: my response above no good?
<jamespage> jodh, I might have dropped at that point in time
<jamespage> jodh, I can't see your response
<jodh> 10:39 <jodh> jamespage: going back to the original question, the simplest test
<jodh>              to detect if you're running under a Session Init is whether
<jodh>              UPSTART_SESSION is set.
<jodh> 10:42 <MacroMan> mardraum, Should I point t
<geaden_> Hello, guys! Need help with setting up passwordless ssh to remote server (EC2). I copied public key to the of authorized_keys file. But when connecting it keeps asking prompt for password. The problem is this is a production server and I can't lost connection to it due to my misconfiguration((( Tried almost every tutorial. Followed this trobu
<geaden_> *troubleshooting guide https://help.ubuntu.com/community/SSH/OpenSSH/Keys
<geaden_> But without success
<mardraum> geaden_: ssh -i <file> <user>@<ec2-vm>
<geaden_> mardraum: thanks for reply. My key file is already in ssh-add -lâ¦ But I'll try, thanks
<mardraum> that's the way aws setup for you
<mardraum> anything else is you create a local keypair and copy the pub file to authorized_keys on the server
<geaden_> yes, this is default. But it was configured before me, to login by entering password. Now I need to authorise via key
<geaden_> mardraum: Yes, the problem is it seems my instance doesn't recognise my pub file in authorised keys, and prompt for password after
<mardraum> "authorized" you have to spell like an american
<geaden_> mardraum: Yes, sorry
<mardraum> did you check permissions?
<mardraum> use ssh -v for some extra info on the client.
<geaden_> mardraum: my current permissions are -rw-------  1 root root  947 Jul  5 09:12 authorized_keys
<mardraum> so you are trying to login as root?
<mardraum> is that permitted in sshd_config?
<geaden_> Yes PermitRootLogin yes
<geaden_> mardraum: with ssh -v I see following: https://www.friendpaste.com/tmYy4SMuVRHlKonGxcBUs
<mardraum> classy, expired cert
<geaden_> hmmmâ¦ on other servers I can connect with that public key
<mardraum> your paste site I mean.
<geaden_> aghâ¦ yesâ¦ Used this long time agoâ¦ I'll repaste
<geaden_> https://dpaste.de/RLO2W/
<mardraum> ... ?
<geaden_> mardraum: what's wrong?
<mardraum> I havwe no idea
<geaden_> mardraum: ok. Anyway thanks for your time
<geaden_> mardraum: I found out and fix the issue. The problem is I wrote wrong pub key in authorized keys. Thanks
<mstafa> hi
<hallyn_> psivaa: TBH, I'm starting to wonder whether you have hardware troubleson that machine.  You've had weird lxc errors too a few weeks ago that I couldn't reproduce.
<mstafa> iam keep getting that error when trying to restart apache2 on my server please help>>>(/etc/init.d/apache2: 51: .: Can't open /etc/apache2/envvars)
<mstafa> help please
<hallyn_> (asked one in the bug)
<mstafa> iam keep getting that error when trying to restart apache2 on my server please help>>>(/etc/init.d/apache2: 51: .: Can't open /etc/apache2/envvars)
<psivaa> hallyn_: replied to the question in the bug and there could possibly be issues in the host hw but in this instance, the issue is only with server VMs
<psivaa> our desktop smoke tests work fine and do not see this issue. they also run a number of VMs at a particular time
<Vec> How difficult is it for a ubuntu-novice to install/properly configure VirtualBox on my ubuntuhost with guest ubuntu? I want to run basic file sharing/printer sharing/backup on the server and ONLY LAMP-stack on the guest VM. Is it pretty straight forward, or does it need a ton of planning?
<hallyn_> psivaa-lunch: the desktop systems probably work around it by running network manager
<Siebjee> Does any one know where the periodic process 'apt-get dist-upgrade' is comming from ? I've installed the server without automatic-updates. Ubuntu 12.04 LTS
<jamespage> zul, adam_g: http://people.canonical.com/~jamespage/ca/grizzly/
<zul> jamespage:  +1
<psivaa-lunch> hallyn_: ok, i'll try an install a precise host system to see if i can reproduce, but it would help me if someone is able to findout what that hw issue in the host
<Free99> hey everyone. I'm working on assembling a NUMA shared-memory HPC system, I'm trying to find documentation on how to properly compile a kernel to facilitate this.. I've found a few things already, but I'd like some more if anyone has any pointers
<patdk-wk_> free99, there is no such thing as a numa shared-memory system
<patdk-wk_> it is either shared memory, or it's numa
<hallyn_> psivaa: i'm installing a saucy server on a laptop so i can try to reproduce here.
<psivaa> hallyn_: ack, thank you
<hadifarnoud> mysql is shutting down on its own. here is the error log https://gist.github.com/hadifarnoud/0d3366b33872aa7ac8ab  any idea why?
<patdk-wk_> hadifarnoud, forget how to read?
<patdk-wk_> InnoDB: mmap(137363456 bytes) failed
<patdk-wk_> your out of memory
<asac> smoser: hey ... do you know whats going on with our daily server dashboard?
<smoser> asac, link?
<smoser> https://jenkins.qa.ubuntu.com/view/ec2%20AMI%20Testing/view/Overview/
<smoser> that is all broken due to test harness failure / breakage
<smoser> and clearly needs fixing
<asac> smoser: http://reports.qa.ubuntu.com/smokeng/saucy
<asac> guess thats the same
<asac> can you give me background?
<smoser> asac, https://jenkins.qa.ubuntu.com/view/ec2%20AMI%20Testing/view/Overview/job/raring-server-ec2-daily/73/ARCH=i386,REGION=us-east-1,STORAGE=ebs,TEST=simple-user-data,label=ubuntu-server-ec2-testing/console
<asac> smoser: so whats the background/reason/current way of thinking? will you fix it?
<asac> or who will?
<smoser> i suspect that it is  boto change that busted it.... not sure though.
<asac> boto?
<jdstrand> psivaa: I will be looking at it. I still can't reproduce reliably, though once I say the error
<smoser> i'll make sure that this is fixed by end of this week.
<smoser> and, asac thanks for caring.
<jdstrand> s/say/saw/
<smoser> jamespage, ^
<smoser> i think thi sis just a issue where console output of the instance through boto is now getting 'None' rather than empty string.
<smoser> similar to https://bugs.launchpad.net/ubuntu/+source/euca2ools/+bug/1188602
<uvirtbot> Launchpad bug 1188602 in euca2ools "get-console-output on instance fails with 'NoneType' object has no attribute 'replace'" [Low,Confirmed]
<jamespage> smoser, well that might be a cause for concern but I'm not sure that's what asac is pointing at
<asac> smoser: ok... in case it turns out it was caused by something done outside the server team, i want to know about what happened
<asac> thanks
<asac> jamespage: http://reports.qa.ubuntu.com/smokeng/
<psivaa> jdstrand: thanks
<asac> thats the "official smoke test page" that i am looking at... thats the place i am tasked to get people (all !=server) to backout the stuff that caused the regression. unfortunately, server images completely failing started when i was on vacation, so i am just catching up :)
<asac> jamespage: ^^
<disposable> my supermicro server has 2x intel 82576 NICs. when i use them separately, i've no problem with them. when i use them as bond0 in active-backup setup, i get dropped packets (and eventually overruns). This is happening on 3 separate servers. as soon as i detach ethX device from bond0 and the ethX device is set to off, packet loss stops. it doesn't matter which of the two devices i detach. this happens in 12.04 with 3.5 kernel. i have not tes
<SpamapS> smoser: is bug 1182265 fixed in saucy yet?
<uvirtbot> Launchpad bug 1182265 in cloud-init "omnibus installation support is broken" [High,Confirmed] https://launchpad.net/bugs/1182265
<disposable> i don't see e1000e loaded, so i suspect it's using igb module. how do i debug this? i've even compiled 3.9.9 kernel and i still get packet loss
<smoser> SpamapS, no. but i will have that end of day i hope.
<smoser> you're asking wrt SRU arent you.
<SpamapS> smoser: I accepted it, just poking you to make sure you know it needs to be fixed. :)
<smoser> SpamapS, thank you. i plan on doing an upload today.
<SpamapS> thats cool. I might even have time to do SRU's again next week :)
<jamespage> asac, I see hallyn_ has been working on it - hallyn_ : bug 1197484 appears to be generating concern
<uvirtbot> Launchpad bug 1197484 in isc-dhcp "Connection requests to saucy server VMs from a precise host fail after fresh VM installs" [High,New] https://launchpad.net/bugs/1197484
<jamespage> asac, trying to get myself into a position to help re-pro that issue
<jamespage> (slow network connection is getting in the way)
<genii> Searching repositories for a pastebin application seems to be yielding little result. Is pnopaste the one currently recommended?
<asac> jamespage: it seems this started on jul 2
<asac> not sure what happened then
<fang0654> Anyone know where to tell smbd what network cards signify having a network connection and starting at boot?
<fang0654> I have Ubuntu installed as an openvz container, so the network adapter is listed as venet0 instead of eth0
<fang0654> nvm, I found it.  /etc/init/smbd.conf
<yolanda> jamespage, zul: https://code.launchpad.net/~yolanda.robla/ubuntu/saucy/openldap/server_banner/+merge/173544
<psivaa> hallyn_: jdstrand: I was able to reproduce bug #1197484 on my local raring host. Added a comment in the bug with the log file
<uvirtbot> Launchpad bug 1197484 in isc-dhcp "Connection requests to saucy server VMs from a precise host fail after fresh VM installs" [High,New] https://launchpad.net/bugs/1197484
<smoser> hey...
<smoser> just thought i'd mention. simplestreams was updated last week in saucy
<smoser> now you can do
<smoser> http://paste.ubuntu.com/5855907/
<smoser> utlemming, ^
<smoser> that forms the base of quite a reasonable ubuntu-cloudimg-query replacement
<smoser> http://paste.ubuntu.com/5855927/
<smoser> prettier
<zul> smoser: you need purdy colors next
<hallyn_> psivaa: grrr, the utah vm seems to be in a loop re-installing itself again and again
<psivaa> hallyn_: that's new, i have run the tests on raring and precise.
<hallyn_> jjohansen: sarnold: so if /sbin/dhclient has Urx perm to /sbin/dhclient-script, and /sbin/dhclient-script does #!/bin/bash, and we see a perm denied error message for profile=/sbin/dhclient, file=/bin/bash - did we expect after Urx of /sbin/dhclient-script that profile be called 'unconfined' ?
<hallyn_> so it sounds like apparmor simply requires that the interpreter be allowed before a script to which we have Urx which uses that interpreter is allowed
<hallyn_> I assume this is a change in apparmor kernel behavior - a reasonable one imo,
<hallyn_> but it would require updates of profiles
<sarnold> hallyn_: I -expect- that the dhclient-script would execute as "unconfined", and /bin/bash would be executed without any apparmor intervention
<sarnold> hallyn_: (well, aa3.0 will make that name configurable, I think -- and it would still be a profile. long story there..)
<sarnold> hallyn_: but I _think_ psivaa's bug will require some dedicated time from john, everything I've seen looks like it should work fine
<hallyn_> sarnold: ok, thanks.
<roaksoax> adam_g: lp:~andreserl/charms/precise/glance/port ok, upgrade works. I guess i could use the restart_on_change thing and would be in a good state
<koolhead17> SpamapS, ping
<jdstrand> sarnold: for psivaa to become unstuck, we should be able to allow 'r' on /bin/bash though, right?
<jdstrand> this bug seems familiar
 * jdstrand hasn't been able to play with it yet, but will very soon
<sarnold> jdstrand: yes, but .. if the policy is busted enough that it doesn't work, then adding 'r' on bash doesn't necessarily seem like it'll work then, either.
<SpamapS> koolhead17: pong, wassup?
<koolhead17> SpamapS, good thanks.
<resno> if i handed you a vm and said put it on your network, what would check on it before allowing it on your network?
<resno> ie) i received a preowned machine, and have no clue about the enviroment its coming to me from. no idea about running packages or configurations
<genii> Interesting. mod_log_sql makes pnopaste not run
<lenios> you''re not giving enough information resno
<resno> lenios: i'm not sure what else to say.
<lenios> why would you receive such a thing?
<resno> our previous server maintainer and development staff was outsourced. they are closing down, and i am in charge now.
<resno> multiple people had access, and installed any number of packages etc
<resno> we also had volunteers working on it at one time
<lenios> i'd start by getting the list of installed packages and a backup of /etc and /var
<lenios> but how comes you don't even know what's supposed to run on it?
<resno> nothing has been documented at all
<resno> and the admins have changed multiple hands
<resno> i know what's supposed to be on them... its the stuff that has crept in over time i fear
<resno> lenios: for example, on of the vms i was handed was running 7.10
<lenios> what's important is what service is supposed to be on it
<lenios> you can list packages to get an idea of what should be installed, if no one installed manually in /usr/local, /opt or somewhere else
<lenios> you can also run the vm within a internal network, and watch if services are listening on network with netstat -natp
<resno> ok.
<resno> i was told that one of the servers may have a vpn installed on it...
<resno> origins unknown
<resno> so, that'll catch some bits
<jdstrand> psivaa: hey, for bug #1197484, do you have the dhcpd/dnsmasq configuration for the server?
<uvirtbot> Launchpad bug 1197484 in isc-dhcp "Connection requests to saucy server VMs from a precise host fail after fresh VM installs" [High,New] https://launchpad.net/bugs/1197484
<jkyle_> when I run /etc/init.d/hostname restart, it outputs this suggestion:
<jkyle_> Since the script you are attempting to invoke has been converted to an Upstart job, you may also use the stop(8) and then start(8) utilities e.g. stop hostname ; start hostname. The restart(8) utility is also available.
<jkyle_> but, when I attempt to run those commands I get
<jkyle_> stop hostname => stop: Unknown instance:
<Cetrian> Hi all - installing Ubuntu Server for the first time right now  =]
<Cetrian> I'm really impressed with the installer so far - very easy to use and effective. no bloat.
<Cetrian> Ah crap - looks like it won't boot with UEFI - anyone know how to work with that?
<hadifarnoud> what does this mean? Warning: 91.207.138.61 giving up on port because retransmission cap hit (10).
<hadifarnoud> nmap
<Cetrian> never mind got it - had to flip UEFI to non-windows mode in BIOS
<sarnold> Cetrian: another approach is to use 12.04.2 LTS -- it includes a newer hardware enablement stack, to get UEFI support, newer X drivers, etc.: https://help.ubuntu.com/community/UEFI
<Cetrian> ah no worries - it seemed to work when I selected Non-Windows UEFI
<sarnold> Cetrian: that's fine, you'll just use the original kernel, X, drivers. nothing wrong with that. :)
<Cetrian> I don't understand the objection? Isn't 13.04 better than 12 in this respect? (Just asking :) )
<sarnold> Cetrian: 13.04 will not be supported for the same length of time as 12.04 LTS; most people in here probably prefer the longer support to the newer software
<sarnold> Cetrian: but of course 13.04 is there if you're alright with a nine-month support window, or want to participate in developing what will eventually become 14.04 LTS  :)
<Cetrian> ah gotcha. This is mainly for a home server, so hopefully that won't matter, and I could just upgrade to 14 LTS when it comes out?
<sarnold> Cetrian: yes, with the caveat that the 'supported' upgrade path would be 13.04 -> 13.10 -> 14.04.  (skipping versions generally seems to work, but isn't recommended.)
<Cetrian> Ah, thanks sarnold!
<Cetrian> I am really thrilled with this so far - I feel like a noob again ;)  I've been a Windows Server guy for so long, and it really feels good to give the finger to MS and the NSA :)
<Cetrian> I have a server with a GUI servingâ¦ nothing yetâ¦ but it still feels cool! ;)
<sarnold> :D
<Cetrian> Full disk encryption, UEFI boot, loving it.  Now I just need to decide if I want to keep using FlexRAID, or if I should go with some other software RAID. (Not looking to do hardware RAID at this stage)
<akurilin2> Folks, what's the best location to place secret keys and configuration settings on an ubuntu server for a web application running as www-data to consume? I'm thinking an envdir folder that only root would be able to access when the server starts, but where would I place it?
<sarnold> akurilin2: /etc might be appropriate, it's supposed to contain configuration..
<akurilin2> sarnold, perfect, I was thinking /etc as well, just wondering if perhaps there was a folder in it that was meant for these situations
#ubuntu-server 2013-07-09
<ScottK> jamespage: Do we have a documented openssl exception for mongodb now?
<sarnold> akurilin2: /etc/apache2 might be Good Enough
<akurilin2> sarnold, cool, thank you.
<Senor> my ubuntu command line is not aligned to left ,what is the reason?
<marcoceppi> Senor: screenshot?
<Senor> marcoceppi:command line start at the middle of the screen ,does it need i install vga driver?
<Senor> like this :
<marcoceppi> Senor: you shouldn't need to, how are you connecting to the machine?
<Senor> I login directly from physical machine
<Senor> not by  remote access
<marcoceppi> Senor: just at console, or do you have a desktop package installed?
<Senor> no
<Senor> since it is used as a server
<marcoceppi> Yeah, I don't think you'll need any graphics packages. I'm curious what the photo looks like
<sarnold> Senor: is this a CRT or an LCD? hooked up over VGA or DVI?
<Senor>                                                      Senor:~#abcd
<Senor> efg
<Senor> just like that
<Senor> marcoceppi:Do you have mothod to fix it ?
<Senor> or Does it reply on some configurations ?
<marcoceppi> Senor: what happens when you type reset?
<Senor> marcoceppi:it just clear the screen
<sarnold> Senor: is this a CRT or an LCD? hooked up over VGA or DVI?
<Senor> i am not clear of that ,how does I check for that?
<sarnold> does the monitor weigh two kilograms or fifteen kilograms? :)
<sarnold> for the connector, well, you'll probably just have tofind the cable on the back of the computer and look at it to see if it is a VGA connector or a DVI connector
<Senor> ok
<sarnold> VGA was complicated, the video cards output the signal for pixels as the crt scanned from top-to-bottom, left-to-right
<sarnold> it outputs video signal while scanning across, and turns off when the electron beam is sent back to the other side of the display -- and again when moving from bottom right corner to upper left corner
<sarnold> as a result, it was very easy for displays to be shifted, squashed, stretched, or even "wrapped around" by the correct monitor settings or video card settings
<ScottK> In fairness, that's exactly how CRTs work in hardware, so it made sense at the time.
<sarnold> if you're lucky, you just fiddle with the controls on the front of the monitor. but if the monitor is used with multiple machines, and can't store settings for multiple video cards, you might need to change the way the video is output from the machine...
<Senor> how does I change that?
<sarnold> ScottK: definitely, it drastically simplified the CRT hardware, and usually some simple controls were enough to fix it, and fix it just once..
<sarnold> Senor: you could fiddle with the monitor knobs directly
<sarnold> Senor: or you could try adding vga=ask to your kernel command line, try different vga settings, and find one that works better
<Senor> sarnold:If I add nomodset to kernel command line ,it output as normal
<sarnold> Senor: oh! hurray. :)
<sarnold> Senor: I was going to aim you at Documentation/fb/modedb.txt in the kernel sources if vga= .. didn't fix it. but that sounds good too. :)
<Senor> But I really do not know meaning of nomodset
<Senor> I google it
<vexed___> can anyone give me a hint on how to install ubuntu (server) on KVM ?  I try to do virsh console guest and it hangs at the prompt.  vrish ttyconsole shows /dev/pts/3
<Senor> sarnold:thanks anyway
<sarnold> Senor: sure thing :) have fun!
<thesheff17> vexed___, I would try virt-manager
<vexed___> that won't work, no X here.  Only console.
<thesheff17> well virt-manager works across a machine if you have X on another
<thesheff17> it can connect over SSH
<thesheff17> or forward X
<vexed___> Hmmm, never tried that before.
<thesheff17> to your local
<brad100> hello
<brad100> hello?
<sarnold> brad100: hello :) irc tends to be quiet until someone asks a question..
<sarnold> (if all 200-odd people rpelied to every "hello", not much else would get said :)
<brad100> oh ok, so i just set up my very own email server and i cant recieve any emails at all
<brad100> and google gives me an error when i try to send emails to it
<brad100> can you help?
<sarnold> brad100: sending and receiving are often very different things, it'd make sense to focus on one at a time
<brad100> ok
<sarnold> brad100: do you have any error messages in the log files that look relevant?
<brad100> i want to work on receiving
<brad100> nope
<brad100> im checking /var/log/mail.log
<brad100> but there is nothing
<brad100> im using dovecot to receive mail
<sarnold> brad100: dovecot is probably how your client retrieves mail from a server; probably postfix or exim is broken if you're having trouble sending mail to your new server
<brad100> ohhhhh, yeah i found the errors. Virtual_alias_maps  map lookup  problems seems to pop up a lot
<sarnold> yay :) now you've got a loose string to pull
<brad100> nice, now what do i do ? xD
<sarnold> brad100: check the pathname you gave to the maps, see if it is (a) there (b) readable by the server (c) well-formatted (d) contains the data you need it to contain...
<brad100> yep youre right its a postfix thing too. uhh could you walk me through that please?
<sarnold> sorry, time for me to get some dinner and walk the dog :)
<brad100> ok well thank you so much for youre help
<sarnold> brad100: there's Way Too Much documentation on postfix in both the manpages and the postfix.org site -- and who knows, someone who knows postfix may just show up soon..
<sarnold> brad100: have fun and good luck :)
<brad100> thanks ill need it xD
<sarnold> :)
<brad100> uhhh anybody else here who can help me?
<wxl> anyone around know how i can autostart wifi on boot?
<brad100> my server already does that
<brad100> wxl
<wxl> brad100: i'm convinced i know how to set it up in general but i'm wondering if the hidden ssid isn't a complication
<brad100> yeah that might be
<brad100> idk
<wxl> i assume you have auto wlan0 etc. in /etc/network/interfaces?
<brad100> yep
<wxl> i should just stop being stubborn, unhide the thing and see what happens :)
<vexed___> thanks thesheff17 ssh -X works with this.
<brad100> @wxl yes do that
<thesheff17> vexed___, cool glad it worked
<brad100> doo itt
<wxl> well that did it
<wxl> now if i can just figure out how to get around itâ¦ ;)
<Guest58432> I just install ubuntu-server and install mailutils packages,now can send mail ,but can't recipent mail. wo can help me?
<brad100> good luck
<brad100> i tried to set up a mail server and i still need help
<xirre> Hi, I was looking around and just could not find words on how to express this question in a  search format. I'm looking for a program that would allow a user, typically one running a server, the ability to place processes in a depressed state while keeping certain processes running normal to save power. More like a sleep mode that "dreams" about a specific thing which in this case would be the server and the internet.
<xirre> .
<jamespage> ScottK, not yet
<jamespage> ScottK, whilst we are talking about this; do you have an opinion on what needs to be done to make things good for raring once the license exception is documented?
<jamespage> I expect the licensing changes to land into the current devel releases - is that sufficient or would we need to add something to the package in raring to document this
<Niaobu> Hi, I'm trying to setup an old laptop as a headless server running ubuntu server 12.04. The laptop has a ATI Mobility Radeon HD 5870 graphics card which is producing a lot of heat when it should be doing nothing. Temperatures reach 80C when all that is running is a single ssh session. Temperatures are low when running windows etc. Is there anything I can do to control the gpu?
<jamespage> Niaobu, yes - let me dig the option out for you
<jamespage> Niaobu, http://paste.ubuntu.com/5857743/
<jamespage> thats an upstart configuration I used to force the card into low power mode
<Niaobu> jamespage: thanks! I'll try that.
<jamespage> ScottK, also I'm assuming the backport I requested for mongodb 2.2.4 + SSL to 12.04/12.10 is blocked on resolution of this issue as well?
<jamespage> https://bugs.launchpad.net/quantal-backports/+bug/1168389
<uvirtbot> Launchpad bug 1168389 in quantal-backports "Please backport mongodb 1:2.2.4-0ubuntu1 (universe) from raring" [Undecided,Confirmed]
<psivaa> jdstrand: i have just updated bug #1197484 with the answers to your questions.
<uvirtbot> Launchpad bug 1197484 in isc-dhcp "Connection requests to saucy server VMs from a precise host fail after fresh VM installs" [High,Incomplete] https://launchpad.net/bugs/1197484
<psivaa> jdstrand: i see you are finding it difficult to reproduce. I could show the error if you are able to log into the server in our lab, if that's ok
<vlad_starkov> Question: What PAM module do you use for authenticating vsftpd users?
<ScottK> jamespage: I think that as long it's documented in the devel release, that's sufficient.  Do we have a timeframe for resolution?  Given the TB decision, I think that it ought not remain SSL enabled for long without the exception.
<ScottK> I hadn't looked at that request, so I hadn't blocked on that, but unless it's urgent for other reasons, perhaps waiting does make sense.
<davegarath> Hi all, I have a little problem with nfs on ubuntu 12.04. I have to do strange conf: I have to mount a nfs share from the same server that export it ( sorry for my bad eng :P ). When I do I/O on the mounted nfs this hang and load average grows to 10
<itarchitectkev> hey folks, I'm having fails on installing rabbitmq-server on 12.04. can haz helpz please?
<itarchitectkev> I've purged, reran update, same errs: http://paste.openstack.org/show/39808/
<jamespage> ScottK, OK - my understanding is that the exception in the licensing is signed off internally upstream; its just waiting for engineering resource to implement into the codebase
<Niaobu> jamespage: I pasted that script into a new file in /etc/init and it seems to work. I rebooted and the temperature seems to stay at 70C which is lower, but still pretty useless. Do you have any other suggestions?
<jamespage> Niaobu, hmm
<jamespage> Niaobu, is it the CPU or GPU which is running hot?
<jamespage> (sensors would tell you on most systems)
<jamespage> reason I ask is I just tested that script on my old laptop with is also ATI based
<jamespage> and it did the trick
<ScottK> jamespage: If they could put an announcement on their web site or something, that would be enough.
<jamespage> ScottK, ack - I'll see what can be done
<Niaobu> gpu is running hot. the cpu is at about 40C
<jamespage> Niaobu, hmm
<jamespage> Niaobu, can you cat /sys/class/drm/card0/device/power_profile please
<jamespage> just to make sure the change did apply
<Niaobu> it reads low
<Niaobu> i havent done anything with drivers for the gfx card. this is a fresh ubuntu server 12.04 install
<jamespage> Niaobu, might be a kernel difference - I'm using the 3.10 kernel on saucy
<Niaobu> saucy is 13.04?
<Niaobu> this seems to be 3.5.0
<Niaobu> I'll try wirh 13.04 then
<ivoks> saucy is 13.10
<jamespage> Niaobu, its possible to install newer kernels on 12.04
<Niaobu> oh, ok. I'll try that first then
<jamespage> Niaobu, see linux-generic-lts-raring
<jamespage> for example
<Niaobu> ok. that's kernel 3.8, right?
<Niaobu> installed 3.8 and rebooted. it rebooted at 70C, but i'll give it a couple of minutes
<seiflotfy_> hi guys
<seiflotfy_> i am trying to install ubuntu-minimal with a preseed
<seiflotfy_> i am booting it as follows
<seiflotfy_> linux vga=788 initrd=initrd.gz -- quiet preseed/url=http://some/path/to/preseed.cfg
<seiflotfy_> first question: What happens if the url is not available?
<seiflotfy_> nm that is answered now
<Niaobu> jamespage: it's still at 70C
<jamespage> Niaobu, not sure then - sorry...
<Niaobu> no problem. thanks for your help
<Niaobu> i'm almost at the point where I'm considering installing windows for the drivers and running ubuntu in a vm :/
<jamespage> Niaobu, this is just running server right?
<Niaobu> yeah.
<Siebjee> Does any one know if you can see which data is going into /dev/null ?
<asac> smoser: seems stuff is moving towards green again :) ... nice ... what was the reason for the server dashboard bustage?
<asac> ah jamespage  :)
<smoser> yeah, jamespage fixed that.
<smoser> the ec2 tests still needt to be fixed
<zul> jamespage:  we should probably rename the quantum jobs to neurtron
<jamespage> zul, you got a plan for that yet?
<jamespage> i.e. the name transition
<jamespage> zul, has the upstream repo been renamed yet?
<zul> jamespage:  i have a branch that renames everything for neutron that i had pending after the rename
<zul> jamespage:  yes
<zul> jamespage:  i was going to work on packaging things today btw
<koolhead17> zul: jamespage & in next release all the pkg names will too get changed to neutorn?
<jamespage> zul, good-oh
<jamespage> koolhead17, yes
<zul> koolhead17:  yes
<zul> jamespage:  ill just need someone to review the MP when im ready
<koolhead17> jamespage: zul cool. would be handy if a blog comes with existing & rename. :)
<zul> koolhead17:  uh huh
<jamespage> koolhead17, OKies
<jamespage> we'll make sure that happens
<koolhead17> thanks jamespage
<koolhead17> zul: better start putting some post on your blog
 * koolhead17 hides
<smoser> utlemming, could you look at the ec2 tests sometime today. i'm looking  at https://jenkins.qa.ubuntu.com/view/ec2%20AMI%20Testing/view/Overview/job/raring-server-ec2-daily/ARCH=i386,REGION=us-east-1,STORAGE=ebs,TEST=simple-user-data,label=ubuntu-server-ec2-testing/73/console
<smoser> and it appears to me that the trace there is from a version of ubuntu-server-ec2-testing that is in a PPA at https://launchpad.net/~ubuntu-server-ec2-testing-dev/+archive/testing/+packages
<smoser> it also appears to me trunk (lp:ubuntu-server-ec2-testing) is fixed.
<koolhead17> hola Daviey
<smoser> so maybe all we need to do is upload a new version to the ppa and update whatever system is running that code
<jamespage> zul, is the newer version of sqlalchemy in saucy going to break stuff in openstack?
<zul> jamespage:  yes
<zul> jamespage:  how do you think i get my fun then? :)
<jamespage> zul, lol
<koolhead17> ahem
<koolhead17> i saw zigo<deb guy> coming up with some soln in the list, it seems
<jamespage> zul, any objection if I do a mass update of branches for the lab so that the VCS fields point to the correct locations?
<jamespage> (seeking a pre-ack)
<zul> jamespage:  nope
<jamespage> koolhead17, I can't see that?
<jamespage> (re name changing)
<koolhead17> jamespage: cool
<zul> jamespage/roaksoax:  https://code.launchpad.net/~zulcss/python-neutronclient/rename/+merge/173715 (quantumclient renaming)
<jamespage> zul, can you rebase that on the Vcs changes I just pushed please
<jamespage> zul, also merged in infinities direct distro changes for glance and nova
<zul> jamespage:  ack
<jamespage> hopefully the Vcs fixes will prevent that happening going forwards
<zul> jamespage:  done
<jamespage> zul,  you need to add transitional packages no?
<zul> jamespage:  do i?
<zul> jamespage:  *sigh*
<jamespage> zul, otherwise upgrades will break
<zul> jamespage:  *sigh*
 * zul shakes his fist
<jamespage> zul, watch file also needs an update
<zul> jamespage:  ack
<jamespage> I think - I'm assuming they renamed the LP projects?
<jamespage> rbasak, infinity fixed up the golang armhf headers issue with a patch
<zul> jamespage:  done
<zul> jamespage:  feel free to +1 neutronclient
<rbasak> jamespage: ack. He's here at Linaro Connect - we've been talking about it.
<rbasak> jamespage: there's more work needed if we need to backport golang 1.1. Do we need to do that?
<jamespage> rbasak, good-oh - I also uploaded 1.1.1 post that fix to get things rolling with juju-core
<jamespage> rbasak, yes we do
<jamespage> (need to backport that is)
<koolhead17> jamespage: can you point me testing repo 4 cloud archive
<koolhead17> which has havana pkgs
<jamespage> koolhead17, the cloud-archive is probably best place to go right now
<jamespage> koolhead17, I pushed b1 into the updates pocket last night - https://wiki.ubuntu.com/ServerTeam/CloudArchive
<koolhead17> jamespage: am in openstack meeting & now openstack-doc becomes a project. so need to work on how release install doc same day havana comes out
<jamespage> koolhead17, OK
<jamespage> koolhead17, I remember committing to writing some docs for OpenStack + Ubuntu + Juju and reviewing the full install instructions in portland
<jamespage> but I've not done anything yet
<koolhead17> jamespage: well i have always done that but not with Juju :(
<koolhead17> i will create new branch and start pushing install doc for havana/OS so the day havana releases we have a install doc
<jamespage> zul, when will all project converge on using the neutronclient?
<jamespage> we need to time uploads with that otherwise everything will break big time
<zul> jamespage:  i think its starting now
<jamespage> zul, we need to audit the repo's in the lab with whats in staging for havana/precise as well
<jamespage> I'm assuming its got out of sync with all the new backports we are doing.
<koolhead17> jamespage: zul just let me know when is the write time to start documenting havana based isntall steps
<zul> jamespage:  projects have been renamed but things like nova are still using quantumclient
<zul> jamespage:  yeah
<zul> koolhead17:  yeah
<zul> jamespage:  maybe we should add Provides: python-quantumclient as wel since things like nova hasnt been updated yet
<jamespage> zul, yeah - but that won't work as the package namespace has changed internally
<jamespage> nova will try to import 'quantum' and it won't find nothing
<jamespage> so Provides: python-quantumclient != True
<zul> jamespage:  frig
<jamespage> zul, we could not add the transitional package right now
<jamespage> and then we can manage it with both in the archive at the same time
<jamespage> if that makes sense
<zul> jamespage:  true
<jamespage> once all deps on python-quantumclient have been switched, then add the transitional package for client tooling only upgrades
<zul> jamespage:  ok ill drop the transitional stuff from my branch then and then re-added when stuff like nova gets updated
<rbasak> jamespage: what do you think about bug subscriptions as mentioned in bug 1197896? These aren't really "server" packages per se - just dependencies of puppet. Do we usually step up and subscribe/manage bugs for packages like these?
<uvirtbot> Launchpad bug 1197896 in ruby-indentation "[MIR] ruby-safe-yaml, ruby-hashie, ruby-indentation" [Undecided,Fix committed] https://launchpad.net/bugs/1197896
<jamespage> rbasak, yes
<rbasak> jamespage: please can you subscribe ~ubuntu-server to those then please?
<jamespage> rbasak, ack
<jamespage> rbasak, done
<rbasak> THanks!
<zul> jamespage:  should be ok now
<jamespage> zul, OK - one final thing I think
<jamespage> Conflicts: python-quantumclient ( << 1:2.2.0-0ubuntu1 )
<jamespage> Replaces: quantum-client, python-quantumclient ( << 1:2.2.0-0ubuntu1 )
<jamespage> 1:2.2.0-0ubuntu1 -> 1:2.2.0-0ubuntu1~ otherwise we break stuff in the cloud-archive backports
<jamespage> actually lemme think about that again
<jamespage>  python-quantumclient ( <=1:2.2.0-0ubuntu1 )
<jamespage> zul, I think thats right?
<zul> jamespage:  looks like it
<jamespage> it would be << 1:2.2.4.2.g037497d-0ubuntu1~
<zul> gotcha
<zul> jamespage:  pushed for review
<jamespage> zul, apologies - you need to use Breaks/Replaces
<jamespage> http://wiki.debian.org/Renaming_a_Package
<jamespage> rather than Conflicts/Replaces
<zul> jamespage:  done
<jamespage> zul, hrm double "<< <<"
<jamespage> zul, can we drop the quantum-client from replaces as well?
<zul> jamespage:  done
<zul> jamespage:  we need a way to prevent tox from downloading stuff from the internet while running tests
<jamespage> zul, egress filtering!
<zul> jamespage:  nah i was thinking of patching tox.ini
<jamespage> zul, yes - see MP
<zul> jamespage:  cool thanks
<Daviey> kirkland: There is a screen merge begging for your help btw.. :)
<SpamapS> zul: PIP_INDEX_URL -> black hole
<kirkland> Daviey: oh, lovely
<kirkland> Daviey: has it been started yet?
<zul> SpamapS/jamespage: ripped from python-tox http://paste.ubuntu.com/5858703/
<SpamapS> zul: yeah, same difference :)
<Daviey> kirkland: nope, we've been keeping it warm for you :-)
<kirkland> Daviey: oh, thanks for saving it for me
<kirkland> Daviey: I see it hasn't been touched in ages
<Daviey> kirkland: Does the delta still make sense?
<kirkland> Daviey: hopefully most of it can go away
<jamespage> jdstrand, re bug 1187262; did my response about v8, embedding and potential attack surfaces make sense?
<uvirtbot> Launchpad bug 1187262 in snowball "[MIR] mongodb, libv8, snowball, gyp" [High,New] https://launchpad.net/bugs/1187262
<jdstrand> jamespage: yes, I thought I responded, I will do so now
<jamespage> jdstrand, thanks
<TheSov> I need a little help with logrotate, I have an ubuntu server and i needed to run logrotate on my syslogd, but it only runs correctly the first time, and syslog stops collecting data
<TheSov> i dont think logrotate is properly restarting syslog
<erictr1ck>  I'm trying up change the upload_max_filesize in Ubuntu 12.10 but no matter what I do it stays at 2M. I have changed upload_max_filesize in /etc/php5/apache2/php.ini, /etc/php5/cgi/php.ini, and /etc/php5/cli/php.ini and also restarted apache. What could I be doing wrong?
<mustafa> hi i have a problem with my www directory it says 550 permission denid whenever i want to transfer files to ...any idea
<resno> what server you using?
<resno> and what type of files?
<resno> mustafa: ^
<mustafa> <resno> yes ...have you got any solve for this
<resno> i asked you questions above
<mustafa> <resno> iam using ubuntu and any file (hole file ,img, etc....)
<mustafa> <resno> using sftp over vsftpd
<resno> where are you seeing the 550?
<roasted> Hello friends. I noticed at home when pulling a large (1GB+) file over samba and wireless, my connection seems to continually drop halfway through. It just stalls and that's it. At work on the same machine, things are great. I'm beginning to wonder if it's something with my server (guess it could be my router too). Anybody have any insight to throw on the table?
<wxl> roasted: anecdotally, i find that wireless is inconsistent over the long run. i betcha if you were wired, you'd have no problem
<resno> basically
<sarnold> mustafa: are you certain about sftp over vsftpd? I didn't think vsftpd did sftp...
<roasted> wxl: I have no problems wired. and I agree with you, I just find it disturbing that *every* transfer I do over wireless at home, it tanks, but at work it's absolutely fine.
<resno> sarnold: 550 is an apache error. right?
<roasted> thing is, I find it foolish to go inside to plug in to pull a large ISO when I'm on the deck and planning to sit out there for another 3 hours anyway
<sarnold> resno: sounds a bit like an internal server error, yeah
<wxl> roasted: it is for this reason i don't really use wifi for production. i use it to set things up but that's about it.
<sarnold> resno: oh! ftp error code, 550 Requested action not taken.
<roasted> wxl: thanks, but that doesn't really get me anywhere closer to finding out what could be the root cause of this issue.
<resno> sarnold: he said 550 permission denied
<sarnold> resno: yeah. ftp error message.
<resno> so what im trying to do is create a user that can do access root files, but no other root abilities
<resno> this user will be for backing up using rsync
<sarnold> resno: you could create a new user, set their shell to be the script that does the backup, set their uid to 0, and put an apparmor profile on their shell that grants "capability dac_read_search," and /** r, and the'll be able to read any file on the system but not load modules, modify files ,etc
<sarnold> resno: you'll probably want to grant /usr/bin/rsync ix, and rsync might need write access somewhere too..
<resno> sarnold: im presently going to login from a remote machine and doit.. does this still apply
<sarnold> resno: yes
<resno> cool
<NomadJim> is this still a legit way to get the up to date version of node? http://stackoverflow.com/questions/7214474/how-to-keep-up-with-the-latest-versions-of-nodejs-in-ubuntu-ppa-compiling
<NomadJim> i meant - http://stackoverflow.com/a/7214700
<zul> Daviey:  python-oslo.sphinx uploaded
<Daviey> zul: ok, will review it either later tonight or tomorrow
<zul> Daviey:  ack
<zul> adam_g:  ill get keystoneclient 0.3.1 uploaded today
<adam_g> zul, nice
<Daviey> smoser: Any idea why I am seeing this, http://pb.daviey.com/Hx2F/ on a cloud image?
<zul> adam_g/roaksoax: https://code.launchpad.net/~zulcss/python-keystoneclient/0.3.1/+merge/173795
<smoser> no. that sucks.
<smoser> utlemming, ^
<cortexman> i'm having a hard time getting Lucid to take a static ip address. i've got precise doing it using just the network settings gui
<cortexman> however lucid keeps getting a dynamic ip. in precise I had to add sudo dhclient eth0 to /etc/rc.local. i did the same in lucid, and I also specified the ip, netmask and gateway
<cortexman> in precise dhclient causes it to work. in lucid dhclient changes the static ip seen in ifconfig to a dynamic ip
<cortexman> anyone?
<mgw> is there a tool for querying dhcp for an available IP without actually taking out a lease?
<sarnold> mgw: if I'm reading page #13 correctly ... http://www.ietf.org/rfc/rfc2131.txt
<sarnold> mgw: .. a DHCPDISCOVER without a followup DHCPREQUEST is more or less what you want
<mgw> sarnol: thanks
<mgw> sarnold: ^
<mgw> as an alternative, how can I ensure that once a lease has been obtained, the IP will not change?
<mgw> which is my actual goal
<sarnold> configure your dhcp server for insanely long lease times?
<mgw> will that persist over a dhcp server restart?
<sarnold> some will, yeah
<mgw> I was going to use OMAPI to create host objects
<mgw> But then I have the problem of finding a free IP
<mgw> sarnold: I've also seen some mixed info on whether host objects created with OMAPI will survive a dhcpd restart; do you know?
<sarnold> mgw: sorry, well outside of my experience :)
<mgw> sarnold: np, thanks!
<theazman_> Hi everyone, I'm looking for a web based onenote replacement that we can host on our servers. We have to be able to drag and drop photos in? Any suggestions? I have looked at a ton of them.
<e-DIO-t> theazman_ evernote ?
<e-DIO-t> ah no, evernote's not web based .
<Corey> e-DIO-t: It can be!
<Corey> You just can't self host it.
<sarnold> theazman: look for CMSes with 'drag and drop content" on cmsmatrix.org ..
<cortexman> I have tried /etc/modules, /etc/modprobe.conf, /etc/modprobe/alsa_dummy.conf, yet I cannot get ubuntu to load a set of kernel modules on reboot.
<cortexman> anyone?
<delinquentme> FOAR all those in here who would consider themselves hardcore server maintainers ... Any chance someone might have compiled a list of ReallyBadIdeasâ¢  double points for anything specific to ubuntu
<delinquentme> I've got a server which has grown organically ... and I know what I"m used to seeing ... but I need to pick out what things are actually critical issues vrs non-compliant
<sarnold> delinquentme: if I see one more person recommending "chmod -R 777 ..." as a solution or troubleshooting tip, I think I'll go mental...
<sarnold> aha :)
<delinquentme> hahah
<delinquentme> this is true
<delinquentme> surely there is a script which I could run which would just go through every file and report back what is chmodded as 777
<delinquentme> ... im thinking that would be a pipe to find or locate?
<sarnold> I think find / -perm 777   would do it
<sarnold> oh heck, that also finds symlinks. oops.
<delinquentme> sarnold, i've never seen the / before
<Pici> find takes a path as the first argument
<delinquentme> oh hio Pici o/
<delinquentme> just OOC has anyone taken a toll of what kind of applications you guys here are deploying?
<delinquentme> Soo what files SHOULD be 777
<sarnold> yay on my system, find / -mode 777 -type f     and find -mode 777 -type d   both return no results :) that'd be a decent enough period check...
<sarnold> delinquentme: just about nothing; /tmp is going to be 1777, sticky bit set, and perhaps other dirs should be the same..
<sarnold> sigh, not -mode. stupid brain makes for lousy copy-and-paste :)
#ubuntu-server 2013-07-10
<delinquentme> woah. weird.
<delinquentme> a bunch of pictures from my old phone are 777
<sarnold> probably they came off a FAT filesystem and the kernel did the best it could...
<roasted> Question - does crontab care about time format? As in, a 1 AM execution... 01 vs 1 for the hour?
<akurilin2> Does it matter to disable root login on instances like those in EC2, where the only possible login is for a non-root user with a known SSH key?
<rbasak> jamespage: around? You might be interested in an OpenJDK session here in half an hour. http://lce-13.zerista.com/event/member/79652
<zap707> hello
<zap707> anyone there?
<zap707> hello
<zap707> anybody???
<zap707> hell
<zap707> o*
<zap707> will anbdy answer me?
<xnox> rbasak: what do you think about ruby 2.0 in saucy? a friend of mine made a source package and send it to me.....
<rbasak> xnox: is Debian on 2.0 yet? AIUI, Ruby packaging is extremely painful so I'm less happy about there being an Ubuntu delta to maintain.
<xnox> rbasak: there is ITP.
<xnox> rbasak: and hundrets of people making half-broken guides "how to install ruby 2.0 on " (12.04 13.04)
<xnox> rbasak: i'll poke debian people.
<rbasak> xnox: AIUI, upstream and the Ruby community generally abhor using distro packages. So as I see it, packaging Ruby in Ubuntu is only useful for dependencies, rather than for users to use directly.
<rbasak> The official way to install Ruby appears to involve curl|sh
<rbasak> I'd love to see that change, but in the meantime I'm not sure who we'd be helping by maintaining a delta anyway.
<xnox> rbasak: it's not a delta, but a new package, not default.
<xnox> rbasak: and sync it when debian has it.
<rbasak> I'd still call that a delta. Just terminology.
<xnox> let me nudge debian to upload and see what happens =)
<rbasak> Perhaps a PPA would be a good place to start instead.
<rbasak> I'm just worried that we'd cause more confusion and dislike than help. But that's just my opinion. I could be wrong.
<Daviey> xnox: I am pretty reluctant for Ubuntu to go differently to Debian with ruby atm.  We have a hard enough time maintaining the current offering of ruby :)
<yolanda> hi, seeing that problem trying to do an apt-get update for saucy: Failed to fetch bzip2:/var/lib/apt/lists/partial/eu-west-1.ec2.archive.ubuntu.com_ubuntu_dists_saucy_universe_binary-amd64_Packages  Hash Sum mismatch
<yolanda> doesn't sound good
<jamespage> utlemming, see yolandas question ^^
<seiflotfy_> hi guys
<seiflotfy_> how do i create a snapshot of the current precise server ubuntu repositories.
<ogra_> seiflotfy_,  there are no "server repositories" :)
<ogra_> seiflotfy_, what you could do is to set up a package proxy ... run a local debootstrap,install ubuntu-server in the chroot (all using that proxy) and then take a snapshot of the proxy archive that created
<ogra_> or use a constant local archive mirror and fish out the packages (and deps) the server seed defines
<yolanda> jamespage, utlemming, i cannot do an update, at least from the eu mirror
<seiflotfy_> debmirror?
<yolanda> is that happening in other ones?
<jamespage> yolanda, no idea
<koolhead17> melmoth: hola
<melmoth> hola koolhead17
<koolhead17> melmoth: long time how is life man?
<melmoth> calm.
<lynxman_> melmoth: bonjour
<melmoth> hehe bouchour lynxman !
<lynxman> melmoth: ;)
<koolhead17> ohai lynxman :d
<koolhead17> melmoth: where are u these days man?
<melmoth> koolhead17,  strasbourg. I do not know when/where i m going next
<lynxman> koolhead17: o/
<koolhead17> lynxman: so how is devOps life treating you :ds
<koolhead17> melmoth: aah your home
<melmoth> yep.. home sweet home.. But it s a noisy neighboorhood (especially the hurd of elephant upstair) i think i need to find a more sweet home.
<lynxman> koolhead17: so far so good ;) will see you at HK?
<koolhead17> lynxman: not sure if i will come. But yes fingers crossed :D
<lynxman> koolhead17: cool! :)
 * melmoth think he will not be there...
<melmoth> a shame, i so like dumplings.
<koolhead17> melmoth: who knows you will travel & return back from there before us :D
<melmoth> true. one never knows.
<koolhead17> lynxman: so all chef work these days?
<lynxman> koolhead17: way more than that ;)
<lynxman> melmoth: domage :(
<koolhead17> lynxman: <evil grin>
<brendan-> anyone experiencing issues with 12.04 server that the rpc.ipmapd process(es) get hung
<brendan-> i've had it happen on more than 1 machine at different times, but not sure where to begin to troubleshoot
<dlloyd> who pissed off nickserv
<theazman> Does anybody know of a web based equivalent to onenote that we can host on our servers?
<lflucas>  hi, I'm trying to setup nfs_v4 between two computers ubuntu 12.04. But I'm not able to get automatic idmap working, since the user IDs are different in both machines. Is it a bug?
<lflucas> What is the solution to do the mapping between the same users using different UIDs on NFSv4?
<Chocobo> does anyone know of a PPA or other repository with a version of Qemu >= 1.3?
<AdamSmith> Hello
<zul> adam_g:  ping
<shodan45> freenode having troubles today?
<adam_g> zul, hey
<zul> adam_g:  why isnt websockify in pydist-overrides?
<adam_g> zul, ? where?
<zul> adam_g: pydist-overrides, if its in there then it will be ignored when trying to install the package
<zul> (like argparse)
<adam_g> zul, in nova?
<zul> adam_g:  yeah
<zul> actually its already there
<adam_g> it is there
<zul> adam_g:  ok nevermind then
<TheSov> would anyone know why my system just starts transmitting from to the network card the moment i attach a 20TB iscsi disk?
<TheSov> err mount* not attach
<adam_g> zul, the reason i added the patch to avoid it in requirements.txt is that, with the new entry-point loading, every single nova package will need websockify as a depends. and it pulls in a bunch of stuff
<zul> adam_g:  ok gotcha
<AdamSmith> so how did you guys get into developing open source software?
<hallyn> Chocobo: 1.5 is in saucy...
<hallyn> not sure what the cloud archive ppa has but i would assume 1.3 or 1.5
<zul> hallyn:  cloud archive will have qemu for havana2
<hallyn> i'm sure that means something
<hallyn> :)
<hallyn> really i don't know what he wanted it for...  if he needed it built for a specific release or what.  so <shrug>
<hallyn> but 1.4 is in raring, 1.5. in saucy.  one of those should be good enough.
<Chocobo> hallyn: cloud-archive seems to have 1.0
<hallyn> Chocobo: that's surprising.  zul: i thought cloud archive was based on raring?
<zul> hallyn:  saucy for havana
<zul> hallyn:  which will be updated soon
<Chocobo> hmmm, odd.
<hallyn> Chocobo: ^ i don't use the cloud archive myself, don't know wher eyou're looking...  but if nothing else you can grab the package source from raring or saucy archive and build your own
<akurilin2> Quick question: does it make sense to disable PermitRootLogin in sshd_config if the machine only has one key anyway, for another user?
<akurilin2> Like EC2 ssetup
<Chocobo> hallyn: Interesting... I have this repo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main"   Is there a way to list the version of qemu just in that repo?
<wxl> Chocobo: correct me if i'm wrong, but doesn't apt-cache policy give you this information?
<Chocobo> wxl: it may, I am quite new to ubuntu unfortunately.   Hrmmm
<wxl> Chocobo: try sudo apt-get update && apt-cache policy qemu
<Chocobo> wxl: http://pastie.org/pastes/8129014/text
<Chocobo> I don't even see the grizzly cloud archive repo in the list...  I know it is there because I have grizzly installed :P
<Chocobo> And it looks like I should be getting qemu-1.5.0  http://ubuntu-cloud.archive.canonical.com/pool/main/q/qemu/
<wxl> does sudo apt-get -y dist-upgrade upgrade ya?
<wxl> (it should)
<Chocobo> wxl: it does, but qemu is not in the list of upodated packages.
<wxl> hm.
<wxl> and that deb line you mentioned is in /etc/apt/sources.list?
<Chocobo> wxl /etc/apt/sources.d/cloud.list
<wxl> well that's not too surprising
<Chocobo> What isn't?
<wxl> the location
<Chocobo> So that should be ok?
<wxl> should be
<Chocobo> :/
<wxl> the only thing that i've never seen before is the precise-updates/grizzly snytax
<wxl>  i assume you are on precise right?
<Chocobo> wxl: sorry, I didn't copy the whol line:  http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main
<wxl> (lsb_release -c)
<Chocobo> wxl: Codename:       precise
<wxl> brb phone
<Chocobo> man this is odd.
<Chocobo> wxl: http://ubuntu-cloud.archive.canonical.com/dists/precise-updates/grizzly/main/binary-amd64/Packages
<Chocobo> It looks like qemu is not included for grizzly!?
 * Chocobo weeps.... openly.
<wxl> well libvirt-bin suggests it
<wxl> >=0.9.1
<Chocobo> huh
<wxl> long story short if grizzly/cloud/whatever is not supplying >1.0, canonical ain't going to give you any more
<Chocobo> wxl: looks like I will be building from source.   Crap :/
<wxl> well you could install the deb from that url
<wxl> but i'm not sure that will cause other dependency issues
<Chocobo> wxl: there are a lot (10's) of dependencies.
<wxl> my experience with ubuntu repos is they're usually separated by os version
<wxl> whereas this cloud archive appears to have no such delineation
<wxl> has it only been released with precise?
<wxl> if so, you can probably survive with downloading and installing the deb
<wxl> e.g. wget http://ubuntu-cloud.archive.canonical.com/pool/main/q/qemu/qemu_1.5.0+dfsg-3ubuntu2~cloud0_amd64.deb && sudo dpkg -i qemu_1.5.0+dfsg-3ubuntu2~cloud0_amd64.deb
<Chocobo> wxl: so just try to install the one I need, look for the dependency problem... download the dependency and install that... so on and so on?
<wxl> more or less, yes
<Chocobo> wxl.  Ok, thanks.   I am nervous that they didn't include 1.5 with Grizzly.   I guess it would be easy enough to back out of though.
<wxl> luckily, unlike building from source, you'll just need to install packages (either from main repos or debs as above but the former is certainly preferred) rather than having to track down which dev packages have the libraries you need
<wxl> is there a channel for grizzly?
<Chocobo> wxl: doesn't look like it.
<wxl> rather openstack
<wxl> sorry don't know what i'm talkig about :)
<Chocobo> wxl: there is, I asked but no one seems to be around.
<wxl> yeah try #openstack maybe
<Chocobo> wxl: ok, thank you for the help!
<wxl> Chocobo: sorry i couldn't do more!
<wxl> Chocobo: for further help you might check https://help.ubuntu.com/12.04/serverguide/ubuntucloud.html#ubuntu-cloud-troubleshooting
<Chocobo> wxl: thanks again.  I think I will send a message to the mailing list and see what I get back.
<wxl> sounds like a good plan
<TheSov> what would be a good reason to add an l2arc
<TheSov> just a huge working set?
<nrze> ubuntu server any good,
<wxl> as good as apples
<wxl> except it doesn't keep the doctor away
<debian-n00b> do I have to create a seperate zone file for each domain I want to provide dns for?
<debian-n00b> I want two domains to resolve to the same ip. How do I do this in my bind config?
<sarnold> debian-n00b: either use CNAME to redirect one name to the other or use another A record...
<debian-n00b> sarnold: can I do that in the same zone file? or do I need to make another zone file for the new domain I want added?
<sarnold> debian-n00b: I believe you need a new zonefile for each domain
<debian-n00b> sarnold: yeah.. that's what I was thinking. I guess my question is how do I add the reverse zone file if its already being used for the primary domain
<sarnold> debian-n00b: a very quick overview is available here, https://help.ubuntu.com/12.04/serverguide/dns-configuration.html
<debian-n00b> sarnold: lol.. yeah I read that.. .. thanks though
<sarnold> debian-n00b: the IP can only reverse-resolve to a single name... since it's the same IP, you might only have the three zone files -- two forward, one for each domain, and one reverse, since there's only one "zone" there...
<Daviey> dosaboy: around?
#ubuntu-server 2013-07-11
<GH0> I seem to be having an issue with isc-dhcp-server on Ubuntu 13.04, I notice in my logs that I am constatnyl getting this: " Can't create new lease file: Permission denied: 14 Time(s) " I tried troubleshooting, by tearing down apparmor, looking up the permissions, stopping isc-dhcp, chowning the permissions for the lease file to dhcpd:dhcpd, then starting the services again. They are then chown'ed to root:root
<GH0> I can't figure out what the cause of this is, or how to permanently resolve it.
<GH0> I did find in the startup script that at the end, it chowns them to root, but that wouldn't quite make sense because it would need to be dhcpd:dhcpd for the isc-dhcp server to modify the files.
<GH0> But I didn't want to go about editing the startup script without making sure that would resolve the issue.
<Nicolas_Leonidas> hi, there was a power outage and now this ubuntu server doesn't connect to network
<Nicolas_Leonidas> at startup it says "waiting up to 60 more seconds for network configuration..", the lights on NIC and ROUTER are blank
<Nicolas_Leonidas> what can I do ?
<GH0> Test a nother nic?
<GH0> Set a static IP and see if you can connect to the network via that way?
<Nicolas_Leonidas> GH0: I went into /etc/network/interfaces and removed everything except loopback as some people have suggested, it's booting up
<Nicolas_Leonidas> yup, see some light on the router
<GH0> No idea after that, that would have been my basic trouble shooting steps, then I would have looked online, then I would have come here.
<Nicolas_Leonidas> ok so with only loopback, the light on router is blinking green, but as soon as I do ifconfig eth0 up 192.168.2.25
<Nicolas_Leonidas> the light goes dead
<Nicolas_Leonidas> what log file can I look at to see errors?
<Nicolas_Leonidas> dmesg shows "eth0: link is not ready"
<Nicolas_Leonidas> I'll download knoppix and see if the problem is with ubuntu or NIC
<Nicolas_Leonidas> so silent here...
<GH0> Nicolas_Leonidas, unfortunately, it is. I was having issues with isc-dhcp-server and am unable to figure them out so I am waiting.
<tedski> Nicolas_Leonidas: what does dmesg and syslog say about what happened?
<tedski> GH0: dhcpd should be running as root
<tedski> i don't have a 13.x system at my disposal
<GH0> What permissions are needed for the dhcpd.leases file?
<GH0> Maybe my permissions are just broken, but, rw-rw---- would seem appropriate to me.
<tedski> -rw-r--r-- 1 root root 5076 Jul 10 20:16 /var/lib/dhcp/dhcpd.leases
<Nicolas_Leonidas> tedski: link not ready
<tedski> $ ls -ld /var/lib/dhcp
<tedski> drwxr-xr-x 2 root root 4096 Jul 10 19:59 /var/lib/dhcp
<GH0> :/ Those are the same permissions I have.
<tedski> Nicolas_Leonidas: are you sure the power outage did not cause a hardware failure?
<Nicolas_Leonidas> tedski: no I'm not sure I'm downloading knopiix in the setup you can open a browser, that's a good idea right?
<tedski> Nicolas_Leonidas: that's a start
<tedski> Nicolas_Leonidas: i also blow out /etc/udev/rules.d/*persistent-net.rules
<tedski> Nicolas_Leonidas: that will ensure udev hasn't mixed up your hardware ordering
<tedski> GH0: what does apparmor say when you put it in complain mode?
<tedski> GH0: also, what are ther permissions on dhcpd.leases~?
<tedski> (note the tilde)
<GH0> The permissions are the same as the non-tilde file. However, how do you put apparmor into complain mode? aa-complain doesn't seem to work, though that is probably a really old command.
<tedski> https://help.ubuntu.com/community/AppArmor#Put_a_profile_in_complain_mode
<tedski> aa-complain is the correct usage
<GH0> sudo: aa-complain: command not found
<GH0> Yeah, that is what I found...
<GH0> I would figure that command would be installed with the apparmor package.
<tedski> i'm at a talk right now, so i actually don't have access to any ubuntu boxen :(
<tedski> so, wish i could get help
<tedski> my debian boxes don't run apparmor
<tedski> i'll be back later
<ScottK> sarnold: ^^^
<ansy> failed to detect os error while installing virtualmin on 12.04 server
<dosaboy> Daviey: yep
<jamespage> yolanda, lemme pull that merge and take a look
<yolanda> now finding that error: undefined reference to `libecap::Area::toString() const'
<yolanda> jamespage, problem with a diff of debian/control
<jamespage> yolanda, did you managed to drop a dependency?
<yolanda> jamespage, i did an incorrect merge in control and dropped a dependency, yes
<jamespage> yolanda, OK _ just reproducing your issue above
<bitnumus> hi, how am i able to force NTP to update my local system clock ?
<bitnumus> the offset is 264seconds, i need it to be 0
<jamespage> yolanda, OK - I don't see that problem - are you sure the control line for BD's is OK now?
<yolanda> double checked now
<jamespage> yolanda, hmm - libecap2 is in universe
<yolanda> not in main, so is not ok to add as a build-dependency?
<jamespage> yolanda, well it's been added since the last merge - it looks sensible so we should do a MIR for it
<jamespage> yolanda, I'd include it in the merge and then file the MIR for libecap
<jamespage> yolanda, have you done any MIR's yet?
<yolanda> jamespage, never
<jamespage> yolanda, https://wiki.ubuntu.com/MainInclusionProcess
<jamespage> yolanda, its actually quite a simple one so a good one to start with
<yolanda> jamespage, ok
<jamespage> no extra dependencies or suchlike
<yolanda> libecap2 and libecap2-dev
<jamespage> yolanda, but do the merge first and then worry about the MIR
<yolanda> ok
<jamespage> yolanda, yeah - source is libecap
<yolanda> i submitted a merge request for nagios3 yesterday
<yolanda> just filed a bug and sent the debdiff
<jamespage> yolanda, for squid3 there are a couple of other bits that can be fixed
<jamespage> the transitional squid and squid-common packages can be dropped now
<yolanda> i did it
<yolanda> and refreshed patches
<jamespage> yolanda, did you drop two patches?
<jamespage> 98 and 99?
<yolanda> the 98
<yolanda> refreshed the 99
<yolanda> there are two 99 anyway, the ssl-cert-snakeoil and the 99-lp
<yolanda> i found that there is a line that applies in 99-lp, the -667,7 one
<jamespage> yolanda, okay  - good
<jamespage> (I did not look that hard)
<yolanda> jamespage, i preserved the apparmor stuff
<jamespage> good
<yolanda> and autopkgtests, i think it's all our delta
<jamespage> yolanda, re 99-lp - that patch came from upstream so I don't think its still required
<jamespage> http://bazaar.launchpad.net/~squid/squid/trunk/revision/12473
<yolanda> the patch is slightly different from upstream, but it makes sense to drop it, yes
<jamespage> yolanda, it will be because it was backported
<jamespage> upstream move on afterall
<yolanda> ok
<Daviey> dosaboy: Sorry, just saw your response.  bug 1199037, are you working on it?
<uvirtbot> Launchpad bug 1199037 in python-eventlet "backport eventlet exception context fix" [Undecided,New] https://launchpad.net/bugs/1199037
<dosaboy> Daviey: yes
<dosaboy> well not right now but I aim to have it done soon
<dosaboy> 0.13 is currenlty being packaged for Ubuntu as well
<Daviey> dosaboy: OK, thanks
<Daviey> dosaboy: by who?
<dosaboy> zul
<dosaboy> not sure which archive it is aimed at though
<Daviey> dosaboy / zul: Why are we jumping ahead on this one?
<dosaboy> so I am gonna backport that fix to raring/cloud archive
<Daviey> dosaboy: Nothing should be targeted at the cloud-archive that isn't in the backing primary archive
<dosaboy> Daviey: this backport is aimed at primary and cloud archive
<dosaboy> the 0.13 release I am not sure, you'll have to ask zul
<Daviey> dosaboy: ok, thanks
<dosaboy> Daviey: just noticed I had not assigned that bug ;)
<dosaboy> sorted now
<Daviey> ta!
<Senor> To develop one tcp server ,which design is better ?  multithread and multiprocess
<jamespage> adam_g, do we have a juju-deployer compatible with juju-core yet? you mentioned something yesterday?
<yolanda> jamespage, is ok to grab erlang for a merge?
<jamespage> yolanda, already did it
<yolanda> ok, i'm looking at robies html
<yolanda> maybe it's outdate
<yolanda> outdated
<yolanda> libnss-ldap is ok then?
<jamespage> yolanda, yeah - it does not autorefresh I think
<jamespage> yolanda, libnss-ldap - go for it
<yolanda> ok
<yolanda> some conflicts with patches mostly
<raininja> good lawd the internet is a wasteland
<Chocobo> Anyone willing to help a newb manually upgrade certain packages?  I have myself in a wicked tangle right now.   I installed a package with dpkg (qemu-kvm from cloud archive), but I need to install some dependencies (like libbluetooth3) but it won't let me install that because it compains qemu-kvm has unmet dependencies.
<Jeeves_> what does 'apt-get -f install' say?
<Chocobo> Jeeves_: it tries to remove a bunch of packages that I really do not removed.
<Chocobo> Jeeves_: http://pastie.org/8131248
<Chocobo> namely nova-compute and nova-compute-kvm  (qemu-kvm and qemu-system-x86 I installed manually with dpkg -i)
<Chocobo> Is there an easy way to undo the manual installs that I did?  I am am so new to debian/ubuntu package management.  Sorry :/
<melmoth> Chocobo, usually i use apt-get so it deals with dependencies itslef.
<melmoth> like, once the cloud archive ppa is added to the system, apt-get update, and then apt-get install whetever i need from there
<melmoth> Chocobo, if the ppa is correctly added, what happen if you apt-get update, and apt-get install qemu-kvm ?
<Chocobo> melmoth: I would love to do that, but I am using Grizzly which does not include a newer version of qemu (>=1.3.0) which is required for 0-downtime snapshotting.   I am trying to install a newer version manually from the cloud archive.
<melmoth> i dont get the "from the cloud archive" bit. If the package you want comes from the cloud archive ppa, you shoul dbe able to use apt-get
<melmoth> if it does not, then, yeah, you ll have to install all dependencies first before dpkg -i works.
<Chocobo> melmoth: Grizzly: http://ubuntu-cloud.archive.canonical.com/dists/precise-updates/grizzly/main/binary-amd64/Packages  and Havana: http://ubuntu-cloud.archive.canonical.com/dists/precise-updates/havana/main/binary-amd64/Packages
<Chocobo> If you do a search for "Package: qemu" on those sites you will see that hava includes the newer version of qemu but grizzly does not.
<Chocobo> melmoth: any idea how to satisfy the dependencies when apt-get refuses to work because of missing dependencies?  it seems like "dpkg -i" installs the package even if there are missing dependencies which causes problems if you try to use apt-get?
<melmoth> Chocobo, what i am about to propose may be a bad idea, but hey.. what about 1) adding the grizzly ppa, 2) install qemu-kvm from there (with dependencies)
<melmoth> then removing the havana ppa, adding the grizzly one, and apt-get install the stuff you need from there
<melmoth> i dont know if dpkg -i install things breaking dependencies on top of my head, but i hope it would not do that :)
<melmoth> i meant, 1) adding the havana ppa
<jamespage> melmoth, Chocobo: please hold
<Chocobo> htmmm, I could try that.  Not a bad idea.
<Chocobo> jamespage: ok.
<jamespage> Chocobo, we only backported qemu to havana
<jamespage> so grizzly uses 12.04 version
 * jamespage reads backscroll
<jamespage> Chocobo, ah - I see - so you have picked the qemu from the havana cloud archive - but you don't have it installed as a specific source right?
<Chocobo> jamespage: I really need qemu >= 1.3.0 in Grizzly... I need to find a way to manually install it.   Correct, I do not hava Havana set as a source (because we are using Grizzly)
<jamespage> Chocobo, OK - this is not officially supported in any way
<jamespage> but you could add the havana CA to your sources and then use pinning to ensure if does not get picked by default
<jamespage> so you can grab qemu from havana and openstack from grizzly if that makes sense
<Chocobo> jamespage: I think so.  I am not sure about the pinning part.
<jamespage> Chocobo, http://jaqque.sbih.org/kplug/apt-pinning.html
<jamespage> Chocobo, if you follow that but use the cloud-archive repos
<jamespage> and ping havana lower than grizzly
<jamespage> you should be able to "apt-get install qemu-kvm/havana" for example
<Chocobo> jamespage: and that will handle dependencies?
 * jamespage crosses his fingers
<jamespage> I think so yes
<Chocobo> so.. I can't use "release" as my pin...  because it looks like the release for cloud archive is "main"   is there a pin for "repo"  or something similar so I can ping precise-updates/havana lower than precise-updates/folsom?
<Chocobo> Hold on, I may have found the man page on pinning
<tom[]> anyone got an executable tcping http://www.linuxco.de/tcping/tcping-1.3.5/
<tom[]> ?
<tom[]> i can't be bother to install dev tools just for this
<jamespage> Chocobo,  Pin: release c=precise-updates/havana
<jamespage> I think
<Chocobo> jamespage: and a Pin-Priority of probably..  0 < P <=100
<jamespage> Chocobo, something like that
<jamespage> you can alway check things by doing 'apt-cache policy qemu-kvm'
<jamespage> it will tell you the orders of install by default
<Daviey> Chocobo: When you have the formula, can you pastebin it please?
<Chocobo> I will.  Hrmmm, I hope the troubles I caused earlier is not going to get in my way.
<Chocobo> jamespage: E: Release 'havana' for 'qemu-kvm' was not found
<jamespage> Chocobo, http://pastebin.com/H3MfSJ12
<jamespage> Chocobo, with that approach you don't even need the /havana
<Chocobo> jamespage: I think I need to find a way to undo the trouble I caused with dpkg :(
<tom[]> nevermind. i should use nc instead
<Chocobo> Wow, I am terrible at Ubuntu package management.  I feel like I am all thumbs.
<Chocobo> and I keep going in circles.    Ok, so lets say I installed a package with "dpkg -i" and it had unmet dependencies...  how can I undo that?
<jcastro> undo it or fix it?
<jcastro> usually you can sudo apt-get -f install afterwards
<jcastro> and it will fetch the missing deps and then resolve itself
<jamespage> zul, actually qemu-kvm is uninstallable from the havana cloud archive right now
<Chocobo> jcastro: I can't do that because it want's to uninstall some of my openstack components.  What I really want to do is replace the manually installed version with the version in repository.
<zul> jamespage:  uh?
<jamespage> zul, vgabios and seabios
<jamespage>  qemu-system-x86 : Depends: vgabios (>= 0.6c-3~) but 0.6c-2ubuntu3 is to be installed
<jamespage>                    Depends: seabios (>= 1.7.2-2~) but it is not going to be installed
<Chocobo> So this won't work even if I fix my problem from dpkg?
<jamespage> Chocobo, nope
<Chocobo> Well crap
<jamespage> havana cloud archive is still work in progress
<jamespage> consider it as stable as the development release day-to-day
<Chocobo> I am going to have to this from source.   :/
<Chocobo> How can I undo the changes I made with dpkg?  I want to go back to the version from the cloud-archive.
<zul> jamespage:  ohhhh sshhi..
<Chocobo> These are the changes I made: http://pastie.org/pastes/8131364/text
<Chocobo> There doesn't seem to be an option to ignore dependencies in apt-get
<Chocobo> Is there anyone that might be able to help me?  I am really stuck here.
<Chocobo> Gosh, I think I got it... I needed --force-depends
<jcastro> smoser: do we have docs on simplesteams anywhere?
<jcastro> streams even
<smoser> jcastro, not very good ones. but there is some in lp:simplestreams doc/
<zul> jamespage:  http://people.canonical.com/~chucks/ca/
<jcastro> smoser: I'd like to put that on developer.ubuntu.com if you don't mind
<psivaa> jdstrand: Just curious if any luck in reproducing bug #1197484
<uvirtbot> Launchpad bug 1197484 in isc-dhcp "Connection requests to saucy server VMs from a hosts fail after fresh VM installs" [High,New] https://launchpad.net/bugs/1197484
<ndee> how can I respond to a Broadcast message when I'm logged in?
<jdstrand> psivaa: no, but I did see it on a lease renewal, so I have something to chase after
<rbasak> ndee: depends on what you mean by a broadcast message. Are you looking for wall(1) or write(1)?
<ndee> rbasak, it was "wall" I think :) thanks
<psivaa> jdstrand: ack
<TheSov> does anyone know why, when I connect an iscsi target to my ubuntu box it sends 12 megabits of data, from my system to the iscsi host continously for no reason whatsoever?
<patdk-wk> it has data it wants to save?
<patdk-wk> oviously, your guess of, no reason whatsoever, is not accurate
<jamespage> zul, looks OK - do they build?
<jamespage> with precise havana
<zul> jamespage:  yeah lemme double check
<zul> jamespage:  yep
<jamespage> zul, +1
<mgz> jamespage: can we just put juju-core in saucy today?
<jamespage> mgz, otp - free in a bit
<mgz> sure, poke me when done
<Chocobo> Where can I find the source for packages?
<Chocobo> (from cloud-archive)
<jamespage> mgz, OK - done
<jamespage> mgz, there are some challenges with the tarball up on launchpad.net  - namely the top-level source folder is missing
<jamespage> so I could not load it directly into the packaging branch like we did last time
<jamespage> mgz, I think dcheney proposed a branch - but it would be great to cut a new tarball if possible
<mgz> but we can do that step manually no? ( should have caught it in review of the script, sorry)
<jamespage> mgz, well we can yes
<mgz> basically, we need a 1.11.3 pretty soon anyway to fix a few crucial upgrade bugs
<mgz> gah, network connection being unreliable
<jamespage> mgz, OK - I'll manually repack the tarball for now on the assumption that next release it will be fixed up
<jamespage> so juju-core-XX.XX.XX/src/<projects>
<jamespage> OK
<mgz> so, we could reroll the tarball tomorrow, but seems like that step is just one of several niggles we can shake out before a cleaner release either tomorrow or early next week
<mgz> yeah, that sounds good
<theazman__>  Anyone know of a web based replacement to onenote that we can host on our servers?
<jamespage> mgz, you will want to be aware of bug 1200255
<uvirtbot> Launchpad bug 1200255 in golang "go get ... fails with SIGILL on armhf" [Undecided,New] https://launchpad.net/bugs/1200255
<jamespage> mgz, I'm intending on enabling the armhf arch for this next upload....
<mgz> enabling arm sounds good, if if blows up, we need to know
<jamespage> rbasak, bug 1200255
<uvirtbot> Launchpad bug 1200255 in golang "go get ... fails with SIGILL on armhf" [Undecided,New] https://launchpad.net/bugs/1200255
<mgz> that bug is new to me...
<mgz> I'm not using golang 1.1.1 on my box of course
<jamespage> mgz, uploading right now
<jamespage> mgz, thats just on ARM
<jamespage> ah - of course
<mgz> I've been living with cgo being borked on my arm machine, should try the 1.1.1 from ppa
<jamespage> mgz, please do
<NoiseEee> hey, im wondering if someone might be able to help me solve some openssl issues on 12.04 vs 10.04: https://gist.github.com/NoiseEee/b99e4994329ddab53fa9
<jamespage> mgz, OK uploaded
<mgz> ace.
<mgz> what's your packaging branch, so I can pull?
<adam_g> jamespage, i have a branch i was workin on that works now with py-juju. need to cleanup and make surei didnt break the juju-core interface
<jamespage> mgz, it will be ubuntu:juju-core once the upload is built
<andygraybeal> is there a reason i might have  a /srv/cvs folder on a serveR?  i've not installed CVS
<sarnold> GH0,tedski,ScottK, aa-unconfined might not be installed because the apparmor-utils package drags in another 40+ megabytes of packages via hilarious dependencies. :(
<GH0> alright, is there a specific package to run it?
<tropicalmug> Hi! Does anyone have experience with ircd-hybrid and hybserv?  I'm having some trouble getting NickServ and the like available.  I can see them when I log into my server from itself, but not from the outside.
<tropicalmug> :(
<tropicalmug> Oh well.  Thanks anyways guys!
<tropicalmug> just for like...being on irc.
<adam_g> zul, are these issues on saucy or precise? https://bugs.launchpad.net/nova/+bug/1200231
<uvirtbot> Launchpad bug 1200231 in nova "Nova test suite breakage." [High,New]
<zul> adam_g:  saucy
<adam_g> zul, have you tried with the newer sqlalchemy?
<rbasak> TheSov: that sounds like a bug. Can you check for an existing bug, and if there isn't one then make sure that you can reproduce the problem on a freshly installed system (and a fresh iSCSI target) and then file a bug with instructions to reproduce the problem?
<psyferre> Hey folks, anyone know if there is any local disk caching that happens with cifs shares?  I've got a file server that claims it is nearly out of disk space, but appears to be counting a mounted cifs share against that total.  0.o
<psyferre> As far as I can tell, I've got a 300gb dir which puts me at about 45% capacity.  That directory is being rsynced over a cifs share to a backup file server.  It appears that location I mounted the cifs share is counting against the total root file system capacity, so my server thinks it is nearing 100%.  It actually denied a write to another server, saying that the disk was full.
<psyferre> Any guesses or smacks with the clue bat would be appreciated... my googling isn't turning up anything helpful.
<sarnold> psyferre: can you paste df output?
<rbasak> psyferre: have you accidentally rsynced at a time when the cifs share was not mounted? When mounted again, it will be hidden.
<psyferre> rbasak: you're a genius.  I bet that's it.
<rbasak> Because I've never ever forgotten to mount something and then accidentally filled the root fs up. Oh no. :-P
<davegarath> Hi all I'm trying to export a nfs share with no_root_squash but when I mount it on my client and write a file with root this file is squashed nobody:nogroup. What I'm forgetting ?
<davegarath> ( sorry for my bad eng )
<rbasak> rsync over a cifs share though? I never trusted that, especially for backups. Have you considered running an rsync daemon on the backup server? cwrsync has worked well for me for Windows servers in the past.
<psyferre> rbasak: I think I tried that and had a bunch of trouble getting it setup.  Then I found that I could mount the share with _netdev and it would *supposedly* remount if it lost connection...
<psyferre> I'll go back to the drawing board and find a better way to sync.
<zul> adam_g: not yet
<zul> adam_g: its still stuck in -proposed
<adam_g> zul, can you pip install it and try the test suite ?
<zul> adam_g:  sure
<grex25> Hello!   Could someone tell me typical values (watt) what a server consumes normally?
<grex25> [New hardware, about 900eu / 1000 usd]
<sarnold> grex25: in the wild-guess territory, I think 500 watts at boot, 350 watts at moderate load, 125 watts at light load
<grex25> should be very energy efficient, what are "good" values? 80?
<grex25> Normally there it should not have a to high load, but raspberry is to slow
<sarnold> grex25: I think laptops under full-tilt will get closer to 80 or 100 watts, they'd still be way faster than a raspberry
<sarnold> grex25: (I've got a pandaboard that I think is about 5 watts; it's sigifnicantly faster than the raspberry, but not exactly fast.)
<grex25> sarnold: Now its a intel atom setup, 50W,   but I thought there would be something better now (2/3 years old hardware)
<sarnold> grex25: intel's new haswell chips come in a variety of top-power-draw .. server editions can go for ~100 watts, laptops can be quite low... but of course that's just one component of the whole
<grex25> sarnold: but panda/beagle/raspb are very nice
<sarnold> grex25: I get 10MB/s IO to my pandaboard's CF. take that into consideration.. :)
<grex25> sarnold: okay, than i have to wait a little bit
<sarnold> grex25: I'm not saying it isn't nice :) it just isn't suitable for all server tasks. irc and torrent host? awesome. hehe.
<anepanaliptos> howdy
<anepanaliptos> i used to be able to follow this guide, and it did work for some systems in the past, but recently, i have tried this on two more new installations and i always hang at updaing yasm to 2.0
<anepanaliptos> err 1.2.0
<anepanaliptos> https://ffmpeg.org/trac/ffmpeg/wiki/UbuntuCompilationGuide
<anepanaliptos> i installed a fresh 12.04LTS, and followed the steps. this did work for me in the past, no problems, just copy and paste each block
<anepanaliptos> now, i do the yasm compile instructions line by line, they all seem to complete, but when i do yasm --version i still get the 'old' one.
<anepanaliptos> nvm
<sarnold> anepanaliptos: if you installed yasml from the archive, it is liable to be in your PATH before the version that you just compiled and installed..
<anepanaliptos> yeap. and that's exactly what it ius. just thought about it.
<anepanaliptos> id 10 t error.
<sarnold> anepanaliptos: and if your new one _should_ be in your PATH earlier, perhaps you have to tell your shell to delete the hashed location of the executable, hash -d  ought to do it..
<sarnold> anepanaliptos: woot. :)
<anepanaliptos> root@tesla:~/ffmpeg_sources# which yasm
<anepanaliptos> /usr/local/bin/yasm
<anepanaliptos> root@tesla:~/ffmpeg_sources# yasm
<anepanaliptos> -bash: /usr/bin/yasm: No such file or directory
<anepanaliptos> root@tesla:~/ffmpeg_sources#
<anepanaliptos> just fixed it with a symlink
<sarnold> hash -d yasm   also should have fixed that, fwiw
<anepanaliptos> not sure if there is a 'proper' way
<anepanaliptos> (well i did do the hash -d before i ran that command)
<sarnold> oh? hrm.
<anepanaliptos> but no worries. the major part is fixed.
<sarnold> maybe your /usr/bin/yasm was missing a library. that's not as common as it used to be..
<sarnold> ah. I was wrong. hash -d doesn't delete everything. bah. :)
#ubuntu-server 2013-07-12
<anepanaliptos> sarnold: hash -r
<sarnold> anepanaliptos: awesome, much better, thank you :D
<anepanaliptos> still the guide doesnt work, but that's a rtfm fix
<sarnold> what's wrong now?
<anepanaliptos> (even though it did work before, not sure what changed..)
<anepanaliptos> i did the make install
<anepanaliptos> i run ffmpeg
<anepanaliptos> and it tells me ffmpeg is not installed and i can pull it from the repos
<sarnold> anepanaliptos: is it in ~/bin or ~/ffmpeg_build/ somewhere?
<anepanaliptos> hang on im recompiling (i did make -j9 so dont worry it wont be long)
<anepanaliptos> ok done
<sarnold> especially fast if you changed nothing, hehe :)
<anepanaliptos> yes it is.
<anepanaliptos> the exe is in the root dir
<anepanaliptos> well, "root" ~/ffmpeg_build/ffmpeg
<anepanaliptos> root@tesla:~/ffmpeg_sources/ffmpeg# ./ffmpeg
<anepanaliptos> was totally valid and ran ffmpeg
<anepanaliptos> does anything have to do with the fact i am doing this as root and not sudo -s ?
<anepanaliptos> i dont see why.
<anepanaliptos> rebooting.. maybe....
<anepanaliptos> (im doing that now..)
<sarnold> anepanaliptos: I thnk the make install step should copy it somewhere into the prefix's children (~/ffmpeg_build/)
<anepanaliptos> wtf
<anepanaliptos> it created the bin folder in my ~ dir
<anepanaliptos> and in there are the binaries (or symlinks to em)
<anepanaliptos> somewhere.. these instructions have gotten foobared
<sarnold> anepanaliptos: maybe that means make install uses the --bindir parameter?
<sarnold> anepanaliptos: you're right that sudo -s vs logging in as root, or doing the compile as a user and then sudo make install, could all fiddle with the $HOME variable..
<anepanaliptos> no
<anepanaliptos> someone broke the document/howto
<anepanaliptos> i went back using the wiki history thing
<anepanaliptos> and im gonna try the instructioned that looked like the page from when it worked
<sarnold> ah! :)
<anepanaliptos> source ~/.profile
<anepanaliptos> that line is missing from the 'current' one
<anepanaliptos> stil ldoesnt work
<anepanaliptos> ill rtfm and let yo uknow
<anepanaliptos> i got this. :)
<i00nsu> nice
<i00nsu> hello
<i00nsu> how to enable vhost's \ site-availables/*  ? is not working for me
<sarnold> i00nsu: did you try the a2ensite command as described here? https://help.ubuntu.com/lts/serverguide/httpd.html
<i00nsu> sarnold: yes. and service apache2 reload
<i00nsu> the DocumentRoot is at /home/user/Public_html/
<sarnold> i00nsu: did you get any error messages when you ran them? did you get errors in the logs?
<i00nsu> and Directory too
<i00nsu> is working but points to /var/www/ instead to /home/user/Public_html :o
<i00nsu> sarnold: no errors
<Nicolas_Leonidas> after a power outage my network stopped working, yesterday someone recommended I should remove some udev stuff
<Nicolas_Leonidas> to make it work, what can I do to fix this problem?
<sarnold> Nicolas_Leonidas: in my experience, loss of network connectivity after powerfail often means devices didn't come up in the correct order -- often solved by rebooting a modem or other upstream link, followed by rebooting a router, then perhaps a switch, and then the device that doesn't have network access...
<Nicolas_Leonidas> sarnold: that's a good point, but outage happened 3 days ago or so, and I've restarted everything many times
<sarnold> Nicolas_Leonidas: oh :/
<Nicolas_Leonidas> the router works, all other computers have connectivity
<Nicolas_Leonidas> dmseg says "eth0: link is not ready"
<sarnold> Nicolas_Leonidas: plug/unplug the wire from the NIC and the switch?
<sarnold> try other ports on the switch?
<Nicolas_Leonidas> sarnold: tried that too, when I connect the cable to another computer the other computer works
<sarnold> plug it into a different switch? or plug it into an auto-sensing NIC somewhere else?
<sarnold> Nicolas_Leonidas: aha, so not that port on the switch then..
<Nicolas_Leonidas> today I bought a new NIC, same problem, now I'm almost convinced it's a software issue with ubuntu
<Nicolas_Leonidas> just found something interesting on syslog
<Nicolas_Leonidas> DHCPDISCOVER on eth0 to 255.255.255.255
<Nicolas_Leonidas> port 67 interval 18
<i00nsu> sarnold: I restart the server and is working.
<sarnold> Nicolas_Leonidas: did you find any 'link becomes ready' messages for your NIC?
<sarnold> i00nsu: hunh. odd.
<i00nsu> :)
<Nicolas_Leonidas> sarnold: in where?
<sarnold> Nicolas_Leonidas: dmesg ..
<sarnold> Nicolas_Leonidas: does 'ip link' show you your NIC?
<Nicolas_Leonidas> no
<Nicolas_Leonidas> should I reset the router to factory settings?
<sarnold> Nicolas_Leonidas: probably not. _maybe_ the router has some MAC firewall rules or something, but that seems a stretch
<sarnold> Nicolas_Leonidas: are there errors in the router's logs?
<anepanaliptos> gia sou re ellhna.
<Nicolas_Leonidas> I just saw the dhcp log on router for the first time let me see if there is anyting in there
<Nicolas_Leonidas> reset the router to factory settings
<Nicolas_Leonidas> that didn't help either
<Nicolas_Leonidas> "booting the system without full network configuration"
<adam_g> roaksoax, jamespage:  once that openstack tempating stuff lands, this will help sync the templates /w https://code.launchpad.net/~gandelman-a/charm-helpers/sync_include_hints/+merge/174320 and any other non-py assets from charm-helpers
<adam_g> currently it does not, and will delete those that exist in a local charm during sync
<koolhead17> Daviey: around?
<jamespage> Chocobo, havana-updates for cloud archive should contain those two missing packages in the next ~1hr or so
<yolanda> jamespage, zul , having this problem: http://paste.ubuntu.com/5867778/
<yolanda> seems that isn't finding python-setuptools although it's added as build-depends?
<yolanda> jamespage, in case of python-cliff, do you think it makes sense to request a sync, not a merge? the only difference i see, apart from new things, is the pydist-overrides
<xnox> yolanda: can you pastebin full log?
<yolanda> xnox, i found that the problem is dh $@ --with python2,sphinxdoc --buildsystem=python_distutils
<yolanda> if i set the buildsystem to python_distutils it fails
<yolanda> if i remove that it works
<yolanda> but it's a merge from debian, and their rules file uses it
<xnox> yolanda: do you have a link to dsc? or a full build-log for me to look what's happening?
<yolanda> xnox, let me reproduce again and show the log
<yolanda> http://paste.ubuntu.com/5867812/
<yolanda> xnox ^
<xnox> yolanda: you are building locally, not in sbuild / pbuilder? i thought a full log with how all deps are getting installed as well.
<yolanda> xnox, it just fails on debuild
<yolanda> i can't arrive to sbuild step
<xnox> yolanda: can you push a branch with python-cliff-1.4-1ubuntu1 somewhere?
<yolanda> ok
<xnox> yolanda: or tar it up =) and scp to like people.canonical.com =)
<yolanda> xnox: https://code.launchpad.net/~yolanda.robla/+junk/python_cliff_1.4-1ubuntu1
<xnox> yolanda: cool, let me look.
<xnox> yolanda: so it succeeds for me fine here. Do you have python-setuptools installed locally?
<xnox> as it's needed to build the source package.
<xnox> yolanda: or you can use
<xnox> $ debuild -S -sa -nc
<xnox> which will build the source package without running the "clean" step.
<xnox> does that work?
<yolanda> Installed: 0.6.37-1ubuntu1
<yolanda> i'll remove and install again
<yolanda> i'm not sure if requesting a sync instead of a merge, the only significant delta is the pydist-override
<xnox> yolanda: you will not be able to sync the package as something is very odd:
<xnox> xnox@sochi:/tmp$ md5sum ubuntu/*orig* debian/*orig*
<xnox> ca4b80452f73b58a01e18f8ebcfb4504  ubuntu/python-cliff_1.4.orig.tar.gz
<xnox> 3d5017c362d9b34eddf88aa43099411e  debian/python-cliff_1.4.orig.tar.gz
<xnox> xnox@sochi:/tmp$ du -a ubuntu/*orig* debian/*orig*
<xnox> 124	ubuntu/python-cliff_1.4.orig.tar.gz
<xnox> 36	debian/python-cliff_1.4.orig.tar.gz
<xnox> yolanda: debian original tarball is so much smaller and has different checksum, so launchpad will reject the sync. How come they are so different is a mystery though.
<yolanda> i'll send the debdiffs for the merge then
<xnox> so you could merge the packaging, but continue to use ubuntu's tarball for ubuntu uploads.
<xnox> (or note that in sponsorship / debdiff request)
<xnox> $ diff -r -U 4 debian/cliff-1.4/ ubuntu/cliff-1.4/
<xnox> Only in ubuntu/cliff-1.4/: cliff.egg-info
<xnox> Only in ubuntu/cliff-1.4/demoapp: build
<xnox> Only in ubuntu/cliff-1.4/docs: build
<xnox> Only in ubuntu/cliff-1.4/: PKG-INFO
<xnox> Only in ubuntu/cliff-1.4/: setup.cfg
<xnox> so ubuntu tarball is not "clean" and has build artifacts in it
<yolanda> debdiff is complaining for that also
<davegarath> Hi all I'm trying to export a nfs share with no_root_squash option but when I mount it on my client and write a file with root this file is squashed to nobody:nogroup.
<mardraum> nfsv4?
<davegarath> Is this a bug ?
<davegarath> nfs4
<mardraum> try 3
<davegarath> ok]
<mardraum> nfsv4 is a cruel mistress.
<davegarath> but In nfs4 no_root_squash doesn't work  ?
<mardraum> I haven't tested, but see if it works for you with 3 first
<mardraum> 4 requires other stuff configured like user mapping
<davegarath> ty mardraum in vers3 it's all ok
<mardraum> cool :D v4 changed a lot, so if you want to try implement it there, I think you'll need to do a bit of reading :D
<mardraum> it's also a relatively immature implementation compared to v3
<hxm> i was configuring a samba server and shared some directories, but when i go to \\server.name it says i have no permissions and i should access to the shared directory directly
<hxm> how to configure samba for list the shared directories?
<Chocobo> jamespage: thanks, I just used pinned the raring release and use those.  Not sure if that was a great idea or not...
<zul> roaksoax:  i will need your reviewing skills today
<roaksoax> zul sure!
<zul> roaksoax:  https://code.launchpad.net/~zulcss/python-swiftclient/mock-fbtfs/+merge/174416
<roaksoax> give me 5
<zul> roaksoax:  noooooo
<raininja> how the heck do you get a version for the package in apt
<samba35> i have 1 strange problem ,one of my ubuntu server on vmware (as a guest ) doesnt boot when there is unexpected problem (mostly power failure ) how do i fix it (normally it auto boot )
<patdk-wk> samba35, look into GRUB_RECORDFAIL_TIMEOUT
<samba35> patdk-lap, what i suppose to look for grub_recordfail_timeout
<samba35> patdk-wk, sorry can you please tell me where i suppose to look
<samba35> patdk-lap, sorry
<patdk-wk> I just did
<samba35>  set timeout=${GRUB_RECORDFAIL_TIMEOUT:--1}
<samba35>  what it suppose to be
<patdk-wk> what?
<patdk-wk> you do know how to use google?
<samba35> i supposw to change value ? or what
<patdk-wk> http://askubuntu.com/questions/211797/how-do-i-make-ubuntu-power-loss-proof
<samba35> ok
<davegarath> is there a way to force nfs-server to export nfs3 only ?
<davegarath> I have no way to force my application to  mount nfs with nfsvers=3 and I have to use no_root_squash in order to write root files
<kearneykid> hey i am trying to install ubuntu server on a old hp server that ran windows 2000. whe i try to install normal i get a blank screen and when i use nomodeset and vga=normal i can see the error in the photo attached. also sometimes the cap and scroll lock leds flash on the keyboard.
<kearneykid> http://img577.imageshack.us/img577/96/tl0i.jpg
<patdk-wk> kearneykid, likely you need to use an older ubuntu, as the old hp server is probably way too old
<patdk-wk> try 10.04 on it
<kearneykid> will do, thanks
<patdk-wk> heh, older, newer ubuntu, that only supports newer cpu's
<patdk-wk> where the definition of newer cpu, is old, but not that old
<sarnold> we did (or soon will) lose support for 386 chips..
<patdk-wk> 386, that was done long ago
<patdk-wk> 486 was lost and 586 also
<sarnold> patdk-wk: you might be thinking of the optimized compiles..
<patdk-wk> maybe, but I thought 12.04 needed p4 or better
<sarnold> egadget anyway says it was 3.8.. :) http://www.engadget.com/2012/12/15/linux-to-drop-i386-support-in-the-3-8-kernel/
<kearneykid> by any chance do you know much about overclocking haswell?
<patdk-wk> sarnold that is linux though, I know ubuntu dropped it sooner
<patdk-wk> ya, ubuntu 10.10 drops pre i686 support
<sarnold> patdk-wk: no kidding :) hehe
<sarnold> patdk-wk: thanks :)
<patdk-wk> and 12.04 dropped non-pae supported cpu's
<patdk-wk> I used to know where that was offically stated, having a hell of a time locating it
<patdk-wk> https://help.ubuntu.com/lts/installation-guide/i386/hardware-supported.html
<patdk-wk> "However, Ubuntu precise will not run on i586 or earlier processors. Despite the architecture name "i386""
<patdk-wk> "Support for i586 and lower processors, as well as for i686 processors without the cmov instruction, was dropped in Ubuntu 10.10. Most i686 and later processors are still supported"
<sarnold> patdk-wk++
<m0nk3yjoe> Anyone know powerdns well?
 * RoyK doesn't
 * sarnold waves to m0nk3yjoe :)
<m0nk3yjoe> sarnold, Hello there!  You are all over these "Intertubes"
<m0nk3yjoe> =)
<sarnold> m0nk3yjoe: I try :)
<mgriffin_> can someone confirm for me that mysql server for precise does not have a dependency on libaio1 but quantal does?
<mgriffin_> oh, precise filed this as won't fix.. https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/999766
<uvirtbot> Launchpad bug 999766 in mysql-5.5 "MySQL 5.5 not compiled with native AIO" [Medium,Fix released]
<mgriffin_> :(
<StathisA> hello, i'm looking for a ubuntu server administration blog/webpage having tutorials,guides,examples etc...any suggestions?
<sarnold> StathisA: https://help.ubuntu.com/12.04/serverguide/
<mgriffin_> that was a really silly decision, probably they didn't know innodb would fallback to not using libaio1 if it was simply not found
<StathisA> sarnold: thanks
<m0nk3yjoe> Guess not.. =(
<sarnold> m0nk3yjoe: it might be better to ask the more specific question anyway..
<m0nk3yjoe> I'm trying to figure out the package pdns-backend-mysql
<sarnold> "well" means different things to different people, but a concrete question can either be answered or not :) hehe
<smw_> Hi all, I have a headless server and want to run a gui program which I don't need to access the gui for. What is the best way to do this?
<smw_> I am not trying to control a gui program remotely (like vnc), I just want it to run even though there is no display
<axisys> how to check total RES usage by a process with multiple threads?
<sarnold> smw_: investigate xvfb
<smw_> sarnold, thanks
<smw_> sarnold, works perfectly, thanks :-)
<sarnold> smw_: woot :)
<smw_> sarnold, I came in here and got a great answer. In #linux I got a lecture on not running X on a server :-\
<smw_> I was also told to rewrite the program not to need X and one person ask me "why do you even think that is possible"
<sarnold> smw_: sheesh :) I find if you don't know the answer, it's fair to hazard a clearly-labeled guess, but arguing is another approach entirely :)
<cwillu_at_work> smw_, in fairness, it _does_ imply that the program is at least mildly silly
<cwillu_at_work> even on windows, a service needs special checkboxes enabled in order to interact with the desktop
<cwillu_at_work> smw_, what's the program if you don't mind my asking?
<smw_> cwillu_at_work, it is a webbrowser. We already have it automated with extensions/rpc, but we need it running full time on a server
<smw_> cwillu_at_work, and an indication that I am doing something abnormal is not a reason to argue about whether or not servers should run browsers/x11 programs
<cwillu_at_work> sure
<cwillu_at_work> I'm just asking
<smw_> cwillu_at_work, yeah, we have a lot of work already put into automating some tasks through the browser, but running it on a server seems better than a desktop :-)
<Ricky27> Hey. I run a server with a fairly good CPU and 32GB RAM (only ~6GB used on average). Any idea if I could run anything? Like a BOINC project that requires not all of CPU but more RAM? I'm paying for this machine anyway
<thesheff17> BOINC is almost all CPU intensive...you can specify the number of CPU it uses and you can also specify nice 19 ./bonic so it has the lowest priority on those CPU when things are running.
<Ricky27> thesheff17: thanks! Do you think this will interfere with a standard apache2 setup if i allocate 6 of 8 cpu cores?
<sarnold> Ricky27: it shouldn't, see also ionice to ensure your apache has higher priority IO requests...
<thesheff17> hehe yea what sarnold said
<Ricky27> sarnold & thesheff17 thank you!
<nOStahl> hey guys, my /boot is full heh. cant run sudo apt-get autoremove it complains about it being full to run the operation, how can I get rid of some old kernels manually the right way?
<sarnold> nOStahl: you can rm old kernel and initrds from /boot by hand until you've freed enough space to continue with the tools
<nOStahl> ah ok
<sarnold> nOStahl: just be sure to leave the kernel and initrd for the kernel version you're currently running, the newest, and make sure to leave at least two, in case one doesn't work well. :)
<nOStahl> aye
<nOStahl> ty its going now
<sarnold> woot
<nOStahl> why would it have filled up the boot partition on its own? heh
<nOStahl> shouldnt apt-upgrade be managing that on its own
<sarnold> once upon a time, old kernels were never automatically removed... I think that there is some kind of automatic limiting in place now, but I've never looked into it deeply enough to understand. :/
<nOStahl> hmm some thing is broken
<sarnold> nOStahl: I thought that went easily, there's sometimes more to fixing the problem..
<nOStahl> its giving broken pipe when I try to sudo apt-get -f install
<nOStahl> dependancy issues
<sarnold> nOStahl: can you pastebin the errors?
<nOStahl> there's some flag set somewhere telling it there's no space left on the device
<nOStahl> cant pastebin from this terminal access for some reason
<nOStahl> but its got broken dependancies
<nOStahl> the following packages have unmet dependancies: linux-headers-server : depends : linux-headers-3.2.0-48-generic but it is not going to be installed
<nOStahl> linux-image-server : depends linux-image-3.2.0-48-generic but it is not going to be installed
<sarnold> nOStahl: the pastebinit package can paste to a long list of pastebins, it might be handy if you're trying to fight your way through an obnoxious firewall
<nOStahl> yet if I try sudo apt-get -f install    it runs through like its working but then broken pipes
<sarnold> nOStahl: you can apt-get purge linux-headers-server linux-image-server  -- then fix all the other errors -- then re-install them, to make sure you get updates
<nOStahl> ok
<nOStahl> will try purge
<nOStahl> nope no luck
<nOStahl> its stuck on those packages...
#ubuntu-server 2013-07-13
<nOStahl> how can I remove old kernel headers
<sarnold> same thing, apt-get purge linux-headers-blah ..
<nOStahl> wont let me
<nOStahl> keeps coming back saying the depends thing
<sarnold> then delete whichever package depends upon them as well..
<sarnold> you might need to put it back when you're finally done, of course, so keep track of which packages require the headers..
<nOStahl> howdo I delete a package if it keeps not letting me delete them? :P
<sarnold> nOStahl: add more package names to the command line
<sarnold> any luck finding a pastebin that you can get to?
<nOStahl> the terminal access I have to the vm wont let me copy
<nOStahl> but scroll up I hand typed it all out painstakingly :)
<sarnold> nOStahl: apt-get purge linux-headers-server linux-image-server   shoul dhave taken care of the ones you typed earlier..
<nOStahl> it complains about dependancis of the current headers it looks like
<nOStahl> and refuses to go further lol
<sarnold> so I presume it makes similar claims, <packagefoo> : depends <packagebar> but it is not going to be installed.. -- keep adding <packagefoo>s to the apt-get purge command line until it stops complaining at you :)
<nOStahl> k
<nOStahl> nope not working
<nOStahl> still thinks the disk is full even though its not
<sarnold> check df output, perhaps it is...
<stgraber> full even though it's not => did you check "df -i" when you run out of inodes your disk is "full" even though there's still bytes left to write to
<sarnold> stgraber: oh man, it's been sooooo long since I've seen that, I'd forgotten all about it. :) nice catch.
<nOStahl> ya its inods
<Patrickdk> yay :)
<nOStahl> not yay heh
<Patrickdk> evil inodes
<nOStahl> how do I take care of inods
<Patrickdk> as far as I know, reformat
<Patrickdk> is it ext3/4?
<sarnold> maybe a fsck will clean out a bunch?
<sarnold> look for a huge /lost+found directory on the filesystem?
<Patrickdk> ya, a reboot could clear some, if some deleted files are held by open programs
<Patrickdk> maildir folders
<nOStahl> just rebooted to check that still 100%
<nOStahl> how do you empty lost+found?
<Patrickdk> rm -rf /lost+found/*
<nOStahl> k just didnt know if there was a command associated with managing it
<sarnold> look at the files in there, see if you recognize the data, and if you do, mv the file to a new name. if you do'nt, delete the file. hehe.
<Patrickdk> well, if he hasn't noticed it missing yet :)
<sarnold> Patrickdk: lol
<nOStahl> just going to resize the partition heh
<nOStahl> wasted too much time already
<sarnold> resizing may not add new inodes
<sarnold> unless you're re-sizing to make space to make a new /boot or similar..
<nOStahl> if it dosnt work then i'll just build a new vm and transfer stuff over I guess
<Patrickdk> yes, but exactly how did you run into this issue?
<Patrickdk> by default it makes enough inodes for every sector
<Patrickdk> you have to specify largefile to cause it to make less inodes
<Patrickdk> did you even locate where all the inodes have gone yet?
<nOStahl> nope no one knew how
<Patrickdk> heh?
<Patrickdk> no one knew how what?
<nOStahl> how to locate it
<Patrickdk> that is rather easy
<nOStahl> I ran a litle bash line that located a wordpress install as holding the most inodes
<sarnold> heh, php sessions or something?
<mastr[x]bennett> ah. server specific. excellent
<Patrickdk> no gui talk!
<nOStahl> what I dont understand is that that wordpress install is just running 2 images on a slider for a digital display so how is it using so many inodes lol
<Patrickdk> my guess?
<Patrickdk> it got hacked, and you have all kinds of other websites your hosting now :)
<sarnold> Patrickdk++
<nOStahl> not easy feat to do when its local networked :P
<delinquentme> SO
<delinquentme> what kind of files should I be worried about having 777
<sarnold> if you've got a FAT filesystem on an SD card or something, those files might be 777. you probably shouldn't have any others on your systems.
<delinquentme> sarnold, yeahhh so thats one of the things I've noticed :D
<delinquentme> but like .xls files?
<delinquentme> or .jpg?
<delinquentme> what about .py ?
<delinquentme> sudo find . -perm 777 -type f
<delinquentme> this will searching within the current dir right?
<Valduare> so anything new with ubuntu server 13.04?
<akaWolf> Hello! I'm using svnserve v. 1.7.5 and libsasl2-2_2.1.25. I start the svnserve, then I try to connect to localhost repository, and then I've got "svn: E170001: Authentification error"
<akaWolf> Can everyone help me?
<Senor> why nslookup command  returns "localhost"  for all 192.168.1.x  at  192.168.1.116 ?
<Senor> what is eth0:0
<Senor> ?
<bekks> A virtual IP on eth0
<Senor> if I tcpdump all packets throguh its ip ,what -i option should be given out?
<Senor> tcpdump -i eth0 ? or -i eth0:0 ?
<bekks> Neither nor. -i specifies an interface, regardless of what IP is configured on that interface.
<Senor> bekks:chould you tell me what command to type?
<bekks> Whats the problem you are trying to solve behind all that?
<Senor> I want to detect whether  packets are transfered  through eth0:0 ro realserver
<bekks> Then take a look at your netmasks (of all interfaces) and your routing table.
<Senor> then ?
<bekks> Then you will see wether packets have to pass eth0:0
<Senor> ok,I try to vivsit eth0:0 ,expecting it transfers my request to other server ,then get the reply from that server ,but I have no received reoly from it
<Senor> what is  about the reaon?
<Senor> reason
<qiyong> why my apache ps shows as: /usr/sbin/apach
<qiyong> not apache2
<qiyong> W: Failed to fetch http://mirror/ubuntu/dists/precise-security/multiverse/binary-i386/Packages  404  Not Found
<qiyong> why amd64 box fetching i386 files? i don't have any deb-i386 in sources.list at all.
<jtv> qiyong: Your apache may up as /usr/sbin/apach just because there isn't room... try piping the output through "| cat"
<jtv> I don't know why an amd64 box would fetch i386 files, unless of course the installed OS is i386.
<qiyong> jtv: pgrep shows the name with path
<qiyong> jtv: the path shouldn't showup
<jtv> Why not?
<qiyong> did you try?
<jtv> It may be a matter of which ps options you use...  I like "ps -ef" (POSIX flavour).  For me, the paths normally show up.
<jtv> You didn't say which options you use.
<jtv> But some programs override the string that shows up in ps to be something shorter.
<qiyong> just bare ps
<StathisA> i can only install 12.04 on a VM for testing and learning...am i losing much from 13.04?
<qiyong> and other procs don't have paths
<jtv> That doesn't mean it's wrong though.  If apache sets its ps text to its full path, then that's the right thing for ps to show.
<qiyong> it breaks my scripts
<qiyong> another 12.04 shows normally
<jtv> That sounds as if there may be something weird about the apache you have installed.
<mardraum> StathisA: for testing and learning, probably not
<mardraum> StathisA: detail more about what you are trying to achieve?
<qiyong> why amd64 box fetching i386 files? i don't have any deb-i386 in sources.list at all.
<StathisA> well tbh not much, just messing around with cli...probably some headless file server/torrent downloader in the end
<mardraum> StathisA: you'll be fine
<StathisA> mardraum: ok cheers!
<qiyong> i have pkg names as foo:i386
<qiyong> is that right?
<mardraum> qiyong: it is for a 32 bit pkg, yes?
<qiyong> mardraum: anyway my box is amd64
<qiyong> i guess the pkg db is screwed up
<mardraum> no, it's probably that you installed something needing 32 bit pkgs
<qiyong> damn, aptitude shows pkgs in arhcitecture: i386
<qiyong> that status is 'p' though
<qiyong> where can I talk about apt internals?
<rbasak> qiyong: there's #debian-apt on OFTC. There are relatively few people involved in apt internals though.
 * rbasak used to lurk there
<kearneykid> hey i have a HP ProLiant ML330 G3 Server and i want to install ubuntu server on it. i have tried version 13.04 and 10.04
<kearneykid> when installing both give me a blank screen
<kearneykid> any ideas?
<kearneykid> marlinc any idea?
<marlinc> What?
<kearneykid> hey i have a HP ProLiant ML330 G3 Server and i want to install ubuntu server on it. i have tried version 13.04 and 10.04
<kearneykid> when installing both give me a blank screen
<marlinc> I've got no idea to be honest
<kearneykid> no problem thanks
<Koheleth> Hi, how do I install and use a new language pack on my server, its currently French but I need it in English
<Koheleth> 12.04 LTS
<rbasak> Koheleth: install language-pack-en. I'm not sure if you'll need it, but "locale-gen en_US.UTF-8" (or whichever variant) won't hurt.
<qiyong> what is var/log/user.log for?
<qiyong> service or start/stop, which toolset is the go?
<RoyK> doesn't matter
<genii> qiyong: service will do both upstart and sysvinit, start/stop as far as I'm aware only does upstart
<RoyK> genii: oh, didn't know that
<adidas> I have two ubuntu servers. One is meant to be a fileserver with a RAID 1 configuration (12.10), and the second is a web/app server (12.04.2) running uwsgi-python which is serving up a python/pyramid application. I was able to mount a directory that contains images in the RAID server on the web server using sshfs, but for some reason the web app cannot write images to the mounted RAID directory. It can read the images though. I mounte
<adidas> d the directory as www-data and when I am acting as www-data via su I can write to the RAID directory. However, the web app gets a permission error when it attempts to write an image (it can create directories so that's a mystery to me). I am not sure how to troubleshoot this since  ps reports that the app is running as www-data.
<hachre> adidas: it must be a max filesize issue, or some additional restrictions that are set up on this uwsgi-python thing
<adidas> thank you!
<adidas> I was able to get it to work once with an image from a phone. Then I attempted to upload larger images. I kept testing with the larger images with no luck.
<adidas> I just tried it again with that same cell phone image (just under a MB) and it worked!!
<adidas> thanks so much
<hachre> :)
<hachre> np
<adidas> I guess thats what touch worked too lol
<StathisA> i'm running a headless server, and i need something to help me backup stuff from a NAS to another NAS on scheduled intervals...anybody knows if a package can do this?
<StathisA> smth like Cobian for instance, but headless and for ubuntu
<StathisA> also has to NOT use Rsync
<melmoth> whats wrong with rsync ? that s exactly what is it for.
<StathisA> RSync tends to keep the source file permissions, ending up with unusable backups - unless i chown them (as an admin)
<andol> StathisA: Well, rsync has plenty of flags in regards to what metadata to keep, or not to keep.
<melmoth> well, that s not really a problem, you scn script that easily. and i bet there may be an option about that as well
<melmoth> like --no-perms
<StathisA> hmm..ok i might try this up again then...any interfaces (web maybe) that'll help?...i like CLI but sometimes i need some GUI
<melmoth> dont know of any.
<melmoth> i launch my backup in some bash script in a screen session.
<andol> StathisA: While I don't have any good gui for you, I'd like to point you in the direction of rsnapshot. It gives you a nice config file wrapping, provides snapshots based on hard links, etc.
<StathisA> i could Cron some bash i guess, but i'd like some reporting on whether it completed - and email notification when it doesnt. i probably could work on some scripting but it be nice to have it newb-style too
#ubuntu-server 2013-07-14
<vmuser> anyone running geronimo3 ?
<goles> Hey guys, I'm starting a fresh ubuntu 13 64 bits server, I was wondering if someone knows about a decent guide about the basics of security that I should be aware of, (I'm not exactly a noob, but I want to cover my bases).
<goles> I already disabled SSH password login (for instance)
<goles> Anyone around? :D
<andol> goles: The most important part is really to understand the daemons you are running on the server, and have them properly configurd, to not allow more than neccesary.
<goles> andol: I think I should be more or less ok then... will browse through https://help.ubuntu.com/13.04/serverguide/ though
<bitbyte> hey guys is there any specific setup you would suggest for dyndns on ubuntu server
<virusuy> bitbyte: what do you mean by "setup" ??
<bitbyte> looking to setup dyndns on my server but the noip2 never updates
<bitbyte> or dosnt run correctly
<bitbyte> a friend suggested ddclient but I'm not too sure
<virusuy> well, i used dyndns like 6 years ago,
<virusuy> and setup at that time seems really easy and straightforward
<bitbyte> i also need to setup irc client some one suggested athene but can't find any documentation really
<virusuy> this is the first time that i read about that irc client
<virusuy> lol
<bitbyte> fair do's it dosnt look very known
<bitbyte> when i checked the forums
<virusuy> but it's an IRC client ?? or something else related with IRC ?
<bitbyte> its an irc client
<bitbyte> any who i gotta go
<virusuy> oh, ok, cheers
<bitbyte> laters man
<resno> anybody good with postfix? im needing some help.
<sw> !ask | resno
<ubottu> resno: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<resno> i didnt expect someone to be around now really
 * sw doesn't see opening times in the /topic.
<sw> resno: By the way, they have their own channel dedicated to support over at #postfix.
<resno> ya, but its quiet
<resno> just looking to solve my issue
<sw> So can you ask it or not?
<resno> heres what i got. http://pastebin.com/1e4WJBsR i am using php sending a message and then i would like the list of aliases to broadcast it out to the users
<ntzrmtthihu777> hello, someone care to test my apache server from the outside?
<goles> Hey guys, I'm configuring a web server using nginx on ubuntu server... I was wondering about which could be a good place to store my ssl certificates? (so that they are only accessible to the nginx user)
<TheLordOfTime> goles:  someplace outside the web directory
<TheLordOfTime> goles:  most users aren't in the www-data group so ideally someUser:www-data would work, so that normal users can't see it
<TheLordOfTime> or www-data:www-data (if it exists on your system) can be the ownership groups
<TheLordOfTime> and then somewhere else outside the web root directory that is still "secure"
<jsonperl> any reason anyone can think that occasionally all processors would drop to 0% usage for a minute or two
<shankstaBytes> can i reinstall apache and clear all the configuration files ?
<sw> shankstaBytes: $ apt-get purge apache2; apt-get install apache2
<goles> TheLordOfTime: This is very strange though... I installed nginx and all the information that I've read says that the installation should have created dirs sites-available/sites-enabled, however in my case they where not
<TheLordOfTime> goles:  nginx -v
<TheLordOfTime> pastebin the output
<TheLordOfTime> from the command line
<TheLordOfTime> or maybe just paste the one output i forget whether it's multiline
<TheLordOfTime> *checks*
<TheLordOfTime> yeah it's one line output
<goles> TheLordOfTime: this is the line nginx version: nginx/1.4.1
<shankstaBytes> the default SSL isn't working for me whats a good way to debug?
<shankstaBytes> apache error log?
<shankstaBytes> im just doing a testing server and i need ssl enabled
<shankstaBytes> if i purge apache2 and apache2-common will that delete /var/www
<TheLordOfTime> goles:  which OS?
<TheLordOfTime> 13.04?
<TheLordOfTime> 13.10?
<TheLordOfTime> 12.04?  And are you using the nginx ppa
<goles> TheLordOfTime: Ubuntu 13.04 x64
<goles> I added the nginx repository, updated and installed using apt-get install nginx
<sw> shankstaBytes: No.
<TheLordOfTime> goles:  which nginx repository?  ppa:nginx/stable   ?
<goles> TheLordOfTime: let me check that
<TheLordOfTime> goles:  and did you originally install the version in the Ubuntu repositories before installing the version in the nginx ppas
<TheLordOfTime> goles:  if in doubt it's probably the stable ppa
<TheLordOfTime> !info nginx raring
<goles> TheLordOfTime: I think I didn't install any other version that the one added from the repos that are specified here: http://nginx.org/en/linux_packages.html#stable
<ubottu> nginx (source: nginx): small, powerful, scalable web/proxy server. In component universe, is optional. Version 1.2.6-1ubuntu3.2 (raring), package size 6 kB, installed size 89 kB
<TheLordOfTime> oopsies...
<TheLordOfTime> xD
<TheLordOfTime> goles:  ehhhhhhhh
<TheLordOfTime> *looks*
<goles> :D
<TheLordOfTime> goles:  ehhhhhhhh
<TheLordOfTime> goles:  i can't vouch for those  packages, the nginx team maintains its own PPA for nginx...
<TheLordOfTime> goles:  i'm going to assume that based on the package you installed and the fact it does not include those folders it's a "bad package"
<TheLordOfTime> i never use the nginx-provided repos for nginx i use the PPAs.
<TheLordOfTime> ... that, and i maintain the PPAs so...
<TheLordOfTime> goles:  sudo apt-get remove --purge nginx nginx-common
<TheLordOfTime> goles:  then remove the repository you added
<goles> TheLordOfTime: what do you suggest ? (this is what I actually see in /etc/nginx https://gist.github.com/Goles/ede540f0b66f686d317d )
<TheLordOfTime> then do sudo add-apt-repository ppa:nginx/stable
<goles> TheLordOfTime: ok, will do
<TheLordOfTime> then do sudo apt-get update; sudo apt-get install nginx-full
<TheLordOfTime> goles:  the PPA the nginx team (and coincidentally myself) maintain will add the sites-available and sites-enabled folders
<TheLordOfTime> per Debian
<TheLordOfTime> ...  oh damn i forgot about the migration to new libraries...
 * TheLordOfTime grumblesa
<TheLordOfTime> stupid stupid stupid me.
 * TheLordOfTime preps an update for saucy
<goles> TheLordOfTime: hahaha, this is the cool thing about irc :)
<TheLordOfTime> goles:  ehh i've been meaning to update for a recent libraries migration upstream in debian, and i forgot to apply it xD
<goles> TheLordOfTime: lol, I see... will follow your advice... seems like add-apt-repository is not installed by default in ubuntu server...
<TheLordOfTime> goles:  sudo apt-get install python-software-properties
<goles> TheLordOfTime: got it to work
<goles> TheLordOfTime: thanks! :)
<TheLordOfTime> goles:  i assume the sites-available and sites-enabled folders exist now :p
<goles> TheLordOfTime: they do! ahahaha, btw... is it a normal thing to use sudo to startup nginx?
<TheLordOfTime> goles: sudo service nginx stop; sudo service nginx start
<TheLordOfTime> that launches the master daemon process but it doesn't access anything.  the workers are www-data by default
<goles> TheLordOfTime: great, I see... I thougth that the workers would use the 'nginx' user
<TheLordOfTime> goles:  nope, it uses www-data by default
<TheLordOfTime> goles:  when in doubt, use the PPA.
<TheLordOfTime> i try and keep that recent
<TheLordOfTime> but i have to update the debian packaging on it to adapt to the latest debian upstream changes.
<goles> TheLordOfTime: I see :) , thanks man
<TheLordOfTime> goles:  yeppers!
<zzak> anyone know a good resource for setting up procmail with postfix? ive been at it with google for hours and no luck
<zzak> mailbox_command = /usr/bin/procmail
<zzak> log: status=sent (delivered to command: /usr/bin/procmail)
<zzak> but i get no email
#ubuntu-server 2014-07-07
<byte> moin
<cloudman> Hi, getting people saying my servers running buntu 12.04.4 is unsecure because its running an outdated version of apache ( 2.2 ) this is bollocks yeah, its fully patched!
<cfhowlett> cloudman could be that the next LTS 14.04 has a newer version - doesn't mean that 2.2 is unsecure though
<histo> cloudman: it's getting security patches until april of 2017
<cloudman> cfhowlett: ty thats what I mean 2.2 is secure but people like Securi are flagging it up as a threat and its nonsense
<cloudman> just to make them click a link and try to make some cash
<cfhowlett> cloudman might be worth upgrading to 14.04.  I'm not sysadmin so I don't know all the implications of that ...
<cloudman> just told them to stop scare mongering
<histo> cloudman: Who is telling you this?
<cloudman> cfhowlett: php 5.5.9 is a no go for me and my servers at the moment
<cloudman> and sod taking it off stable
<cloudman> histo: Securi scan
<cloudman> maybe Ubuntu should send them an email
<cloudman> and say, hey, at least make a note that even though its outdated it is totally secure
<cloudman> its deceptive just to make the punter click a link and fix it and causing sysadmins extra work answering false threats to clients
<cloudman> pain is the ass
<ogra_> well, point them to http://www.ubuntu.com/usn/precise/ it has the full list of CVEs
<cfhowlett> cloudman fud are going to fud.  continue to maintain your system and do what you do.
<cloudman> :) thanks all
<histo> WTH is securi scan?
<cfhowlett> histo online virus scan?  reported that my windows system was infected by linux ...
<cfhowlett> which could be repaired for a price
<cloudman> lol
<ogra_> that gives "viral marketing" a whole new meaning :)
<cloudman> at the price of sysadmin time
 * histo bets it finds any site not running their software insecure
<cfhowlett> I always love popups telling me how to repair my windows - when I'm running UBUNTU!
<cloudman> actually might be worth putting their site through it
<cloudman> even told me servers have no firewall, click here to put it right lol
<cloudman> its down right deception
<histo> their site has issues scanning itself lol
<riply> Hi guys, it's been a while since I've used the virtualmin / ubuntu installation script. I am looking at rebuilding my box and want to move away from using apache and give nginx a try. Is it part of the auto installer these days?
<histo> http://sitecheck.sucuri.net/results/securi.net
<cloudman> histo:  :)
<histo> cloudman: email that back to them.
<cloudman> aint got the time ;)
<cloudman> I only use irc even when I have too
<cloudman> too busy updating my servers
<cloudman> hope updates begin to slow down
<histo> riply: what autoinstaller?
<riply> histo, hi man :)
<histo> riply: hello
<cloudman> Can we have a new feature to Ubuntu?  No updates
<riply> histo, there is an auto-installer which virtualmin (Used to??) supply which you could run on a clean ubuntu installation, which would setup all the dependancies. Let me see if I can dint it.
<riply> histo, http://www.webmin.com/vinstall.html
<histo> riply: you would have to read their script and see what webserver it installs
<cloudman> histo:  my mistake its sucuri.net try again you get a formatted static html page lol
<cloudman> riply:  I use VM a lot
<cloudman> like every server
<riply> cloudman, I'm listening :) this installation script is 1300 lines long!
<cloudman> dont mess with it
<cloudman> ripy 12.04 or 14.04?
<cloudman> I found on 14.04 it does not pull in awstats and mailman at times but that might be me
<cloudman> other than its fine
<riply> cloudman, I've just finished setting up RAID5 for 14.04
<riply> she is literally sitting on first boot
<riply> waiting her fate.
<cloudman> get on the vm channem andreycheck is a treasure to help
<cloudman> channel sry
<histo> riply: grep apache /some/script/file
<riply> I am on the VM chan :) left the same message earlier!
<cloudman> riply: they have a howto for using nginx
<cloudman> yeah see you
<riply> I am at the office now so will have a look when I am home.
<riply> the server's there too..
<cloudman> will stick with apache myself
<riply> cloudman, thanks man - I've not been on the site for years.
<riply> cloudman, the only reason I want to move is that this project is going to, hopefully, get a lot of traffic.
<riply> I don't want the thing to die on me :(
<cloudman> well you need a good server and network for that
<cloudman> can I pm you?
<riply> cloudman, you're welcome to
<cloudman> ty
<zul> jamespage:  great python-oslo.db is broken in utopic
<DeltaHeavy> Should everything in my /usr/local/share/ be under the main user I use? I keep getting this error in zsh and fixed it by changing ownership to 'root:root'. I think I may have made a big mistake when giving permissions to my main user for global nodejs modules but I'm unsure =X
<DeltaHeavy>  /usr/local/ is all owned by my main user. not root
<reesp> Hi! i need help... my companie want start to use ubuntu in our projects. please tell me one thing: for a company, its free to use ubuntu server?
<DeltaHeavy> reesp: 100% yes. You just don't get any support.
<ogra_> well, you get community support unless you pay ... then you can get commercial support too
<RoyK> reesp: linux is free, but certain distros can't be used without payment, things like SuSE and RedHat
<DeltaHeavy> I used to be a CentOS (free RedHat clone) and Debian guy. I switched to Ubuntu Server and I couldn't be happier.
<reesp> yes its true RoyK
<reesp> Ok many thanks
<reesp> where can i get comercial support?
<RoyK> reesp: but paying for that's my question too - tried to find it on ubuntu.com, but the site is a bit messy
<DeltaHeavy> reesp: http://www.ubuntu.com/management
<DeltaHeavy> I find Google is better at navigating websites than I am lol.
<RoyK> landscape is nice
<reesp> exist 2 kinds support: landscape and advantage, right?
<RoyK> reesp: yep - you'd want the latter if you're paying for support. landscape is nice for a server overview etc, but it's not *support*
<RoyK> reesp: but then, having worked with linux systems for a while, I don't really see the idea of "support", since these days, you have things like google and irc and forums and facebook and whatnot
<RoyK> reesp: but again, if it's not seen as a big cost, it's a very nice payback
<patdk-wk> well, it also depends
<patdk-wk> sometimes having someone else patch and fix a package is nice
<patdk-wk> expecially if you run in to a kernel issue
<RoyK> patdk-wk: that's certainly a case
<RoyK> I wonder how long it'd take canonical to fix #1171945 if I actually paid them support
<RoyK> bug 1171945
<uvirtbot> Launchpad bug 1171945 in mdadm "Nested RAID levels aren't started after reboot" [Undecided,Confirmed] https://launchpad.net/bugs/1171945
<patdk-wk> I just randomly hit another one
<patdk-wk> #1274320
<patdk-wk> guess it doesn't love me
<patdk-wk> bug 1274320
<uvirtbot> Launchpad bug 1274320 in grub2 "Error: diskfilter writes are not supported" [High,Triaged] https://launchpad.net/bugs/1274320
<RoyK> 1171945 seems to be upstart
<RoyK> I don't like upstart
<RoyK> I also don't like upstart
<patdk-wk> well, upstart is going away
<RoyK> yep
<RoyK> I hoped for systemd in 14.04, but seems we'll have to wait another two years (LTS)
<patdk-wk> we have systemd in 14.04
<patdk-wk> the issue is, we have systemd + upstart
<hallyn> zul: hey, if/when you merge the new libvirt, can you address bug 1335221 (adding package info to the configure line in debian/rules)
<uvirtbot> Launchpad bug 1335221 in libvirt "libvirt builds should include packager information" [High,Triaged] https://launchpad.net/bugs/1335221
<zul> hallyn:  yeah working on it now
<hallyn> cool
<jdowdle> I'm having trouble mounting a NFS share on a 12.04 box. When issuing the mount command, it times out. It's thru vagrant - but I've mounted other NFS shares via vagrant before. I think the base box chef/ubuntu12.04 is possibly missing something.
<zul> hallyn:  should be available here https://launchpad.net/~zulcss/+archive/libvirt-testing
<Thatguy> Is there a shell I can use for my web hosting server for people to use that will only allow them to do basic commands and only see web files
<peetaur2> Thatguy: I don't know if there is such a shell, but whichever you choose, make sure to also sandbox it inside apparmor or other LSM when you pick one.
<Thatguy> ok
<peetaur2> Thatguy: eg. let's say you give them rsync access... then they upload their own bash, and run    rsync -e "/home/me/bash" blah/ localhost:blah/     and they might have a new unlimited shell
<Thatguy> I found out you can do a jail with bash
<patdk-wk> why would you do that?
 * patdk-wk thinks someone needs to learn what apparmor is
<patdk-wk> doing a jail in bash will break all other programs
<Thatguy> sorryi mean
<Thatguy> rssh
<jrwren> the bash restricted shell?
<Thatguy> Its a package called zsh only allows sftp and rsync items
<DeltaHeavy> Thatguy: That's not what zsh does at all, nor does it create a jail.
<Thatguy> ow mean rssh :D
<DeltaHeavy> Gotcha
<Thatguy> haha getting the two messed up :D
<Thatguy> got it working trying to chroot it now
<Thatguy> but when i do it wont let me login
<Thatguy> any one here used sshd config with chroot?
<patdk-wk> ya, totally dislike it
<Thatguy> cant set it so /var/websites
<Thatguy> only setable to /
<superboo1> Hi all. I need to format a 4TB partition. I'm running 14.04LTS Server. Someone suggested using the GUID partition table. Is this supported by the default kernel in 14.04? Is there a more reccomended way to achieve a 4TB partition?
<Thatguy> which is what it would be normaly :S
<patdk-wk> superboot, it's been supported for a long time
<rickbeldin> Looking for tips on analyzing core dump of /usr/bin/kvm from 12.04.   Where do I get debug symbols (debuginfos?) for this?
<Thatguy> turns out that for chroot on ssh root has to own folder :S
<patdk-wk> yep
<Thatguy> got it working with proftpd now
<Thatguy> Do you know how to make when I do service proftpd restart
<Thatguy> wait 2 second between stop and start
<Thatguy> because i have to do it twice or do start then stop
<Thatguy> tryed pause 2 but it comes up with an error
<patdk-wk> add a sleep in the init script
<Thatguy> just add "sleep 2"
<Thatguy> right
<Thatguy> as i get this /etc/init.d/proftpd: 180: /etc/init.d/proftpd: pause: not found
<DeltaHeavy> Thatguy: I've done secure sshd configs so users can only use SFTP with no ability to muck anything up.
<Thatguy> DeltaHeavy: gona use proftpd ;D
<DeltaHeavy> I'd avoid the use of plain ol' FTP period. It's slow, shitty, and insecure.
<Thatguy> using sftp module for it
<patdk-wk> DeltaHeavy, who said it was ftp?
<DeltaHeavy> Thatguy: Ok, gotcha. Thought it just did FTP
<Thatguy> no :D
<DeltaHeavy> patdk-wk: The website says it's an "FTP Server" so yeah.
<patdk-wk> now, I setup mine long before proftpd had sftp support
<patdk-wk> I'm using a nicely patch sshd
<DeltaHeavy> The amount of webdevs I see that use FTP honestly boggles my mind. Then again there seems to be a LOT of really stupid webdevs who havn't a clue in the world about what they're really doing.
<Thatguy> lol
<patdk-wk> and also patched suexec in apache, though it's supported now, for apparmor
<Thatguy> was gona use ssh chroot but you have to set the user of the folder to root
<patdk-wk> DeltaHeavy, I would be happy if they used ftp, still using frontpage2003 here
<DeltaHeavy> patdk-wk: Are you serious?
<patdk-wk> yes
<Thatguy> any of you know why This " /etc/init.d/proftpd: 180: /etc/init.d/proftpd: pause: not found" is coming up :S
<DeltaHeavy> Why @_@
<patdk-wk> cause they can :)
<DeltaHeavy> patdk-wk: Who's "they"?
<patdk-wk> customers
<DeltaHeavy> Your place of work's webdev department?
<DeltaHeavy> Ugh
<patdk-wk> it's still too much of a selling point
<patdk-wk> for people to not bother upgrading
<patdk-wk> or learning something new :(
<DeltaHeavy> What's a selling point?
<patdk-wk> they don't have to change
<DeltaHeavy> Making your website look like a pile of shit and get a shitty page rank?
<patdk-wk> oviously they are not concerned about that
<DeltaHeavy> It's basically saying "I'm ok making garbage"
<patdk-wk> I have so heavily patched the frontpage cgi binaries to secure them
<patdk-wk> well, to make them work in a secure enviorment
<DeltaHeavy> They still produce utter garbage.
<DeltaHeavy> No self-respecting webdev uses Frontpage or a WYSIWYG period.
<patdk-wk> heh?
<patdk-wk> most of them use wordpress these days :)
<DeltaHeavy> That's not a client :p
<DeltaHeavy> Or like...editor
<DeltaHeavy> Whatever you want to call Frontpage
<patdk-wk> IDE
<DeltaHeavy> If you want to call it that lol.
<Thatguy> yeah i know what you mean :D
<patdk-wk> only thing that applies
<Thatguy> and then they get defaced
<Thatguy> because its not very secure
<DeltaHeavy> Eh, WP isn't that bad. There are just a LOT of shitty WP devs installing plugins made by other shitty WP devs. WP core is fine.
<DeltaHeavy> Shitty devs gravitate towards WP and use it for EVERYTHING.
<Thatguy> it has a upload script that can be used to upload a php shell
<DeltaHeavy> I have a client I'm always helping out, they're a consulting firm. They have document roots inside document roots inside document roots.
<Thatguy> lol
<DeltaHeavy> No JS event listeners. Just onclick attributes and the like.
<DeltaHeavy> 4 versions of jQuery included on each page
<Thatguy> lol
<Thatguy> just incase the url goes down 3 times :D
<DeltaHeavy> It confuses me why shit like this is so common in comparison to other development platforms x.x
<IdleOne> Can we please watch the potty language
<DeltaHeavy> True, sorry. Forgot this channel had that rule.
<GH0> Is there a list of the big package changes from 12.04 to 14.04? Or any other change logs that deal with packages? I just want to make sur when I upgrade that it doesn't break anything
<DeltaHeavy> GH0: Nodejs works way better on 14.04 I find. Also it's using PHP5.6 which hasa lot more awesome features.
<sarnold> GH0: release notes are handy; every package has a changelog, too, though it might not be easy to pick out what's new between two releases..
<GH0> I just want to make sure things like VMware wont break, since it is pretty picky about the running kernel. Among other things.
<patdk-wk> picky about the running kernel?
<patdk-wk> gh0, what exactly is vmware?
<patdk-wk> you don't normally run a company on a computer, but software
<DeltaHeavy> If you Google stuff like "VMware Ubuntu 14.04" and even append a "not working" to it, it should be obious if there's a huge problem with upgrading or not.
<patdk-wk> I have 0 issues using esxi or workstation on 14.04
<patdk-wk> or esxi inside workstation on 14.04
<RoyK> DeltaHeavy: I have some 1404 machines on esxi - works well
<mfisch> zul: can you tell me if I should be using python-glance or python-glanceclient for scripts? it look like from P-->T that some client features migrated
<mfisch> zul: and I'm not sure if one is deprecated perhaps, there still seems to be overlap
<zul> glancecleint
<mfisch> thanks zul
<lordievader> Good evening.
<RoyK> evening
<lordievader> Hey RoyK, how are you?
<hushnowquietnow> Hello
<hushnowquietnow> I think I may have just screwed myself over with an ubuntu server I'm maintaining.  I misspelled the server's domain name in /etc/hostname and then rebooted.  Now trying to SSH to the machine just returns a 'network unreachable' message
<hushnowquietnow> Is there any way I can get back into the server remotely?
<sarnold> hushnowquietnow: 'network unreachable' probably says more about your local host than the server
<sarnold> hushnowquietnow: try pinging your gateway device, tracerouting out to the network, etc
<hushnowquietnow> sarnold: I'm trying to connect from the same machine that I'm IRCing on
<sarnold> hushnowquietnow: ah :)
<sarnold> hushnowquietnow: can you ping the IP? traceroute to the IP? ping the DNS? traceroute to the DNS?
<hushnowquietnow> Oops
<hushnowquietnow> Pinging the hostname gives responses from an entirely different IP.  Pinging the IP returns 'destination host unreachable'
<hushnowquietnow> I'm not sure how to interpret the output of traceroute
<RoyK> hushnowquietnow: does pinging the host and running "host yourhost.somewhere" give the same ip?
<hushnowquietnow> RoyK: Running the host command returns the proper IP address and the one that responds to ping
<hushnowquietnow> Well, at this point I think I'm better off cutting my losses and just restoring the VM from a snapshot
<hushnowquietnow> One other question though: should /etc/hostname have the FQDN of the server?  Or just its hostname without the domain?
<sarnold> I -think- hostname should just have the hostname, no domain
<hushnowquietnow> So I wasn't even supposed to be doing the thing I did when I broke everything D:
<sarnold> heh, I think there's been debate about the /etc/hostname file for the two decades I've been around..
<patdk-wk> heh
<patdk-wk> I vote hostname file goes away :) or contains the fqdn
<patdk-wk> mailname should go away too
<sarnold> hah, I hadn't noticed I still have an /etc/mailname ..
<rberg> can /proc /sys and /proc/sys get merged while we are shaking the tree?!
<rberg> :)
<patdk-wk> rbeg, that is a kernel issue, much harder :)
<digs> I am fighting vsftpd on 12.04. I am using Amazon EC2. I have been able to make this work just fine on 14.04 - here is my config: http://codepad.org/0n1DGuCq
<digs> It fails on file transfers.
<digs> It gets to 100% and then times out.
<digs> I have tried removing the chroot, same issue.
<digs> Ports 20,21,12000:12100 are open to 0.0.0.0/0 on the associated ec2 security group. There is no firewall running on the server.
<digs> (at least none I installed and iptables is not running)
<DeltaHeavy> digs: Why are you using FTP in the first place? Why not use SSH?
<DeltaHeavy> SSHFS and SFTP both run through it.
<digs> legacy support.
<digs> I am moving to that over the next few months... but I can't do it yet.
<DeltaHeavy> What do you need to support though that can't use those protocols? SSH is ooooold
<digs> I don't want to defend my decision.
<RoyK> hushnowquietnow: are you sure you don't have an line in /etc/hosts for that box?
<hushnowquietnow> I can't be sure any more.  I reset the machine from a vm snapshot about 10 minutes ago and now it's happily humming along
<DeltaHeavy> digs: I'm just curious at this point.
<RoyK> it's good it works ;)
<DeltaHeavy> Was asking though because if we know the root of what you're trying to accomplish there might be an easier solution digs. Often when people try to set up FTP they're better off using a better protocol.
<digs> I have been a admin for over 10 years. I appreciate and completely understand your angle but I assure you, I need ftp for now.
<digs> I am fairly new to ubuntu though. I have only been using it for about a year. I am much more aquantied with FreeBSD.
<DeltaHeavy> Yeah, I'm not saying you're wrong. I am legitemetly curious now but if it's too much trouble to explain don't bother.
<DeltaHeavy> digs: Is there an error log?
<RoyK> IMHO FTP is for special purposes these days, and hardly needed for anything else
<digs> I can't understand why the config works perfectly fine on 14.04 and doesn't on 12.04. I actually have this issue on another server too, which I opted for sftp because I couldn't make regular ftp connections work after I upgrade the box. It was working fine before.
<digs> DeltaHeavy, there is a "transfer log" but it is of no help. Nothing useful.
<RoyK> digs: try to disable the firewall if you have any
<sarnold> digs: anything useful in dmesg?
<digs> Just double checked, no.
<digs> By all documentatin and 20 some posts found by my searches, this configuration should work.
<DeltaHeavy> File permissions?
<DeltaHeavy> Do you have acl on?
<histo> digs: is it possible that some new feature in 14.04 vsfpd version vs 12.04 isn't supported in the config?
<digs> histo: Yes, there are some differences, but these particular configuration parameters match and vsftpd doesn't complain about any of them.
<digs> DeltaHeavy - no acl, and file permissions are valid.
<digs> I was going to try making a 777 dir just to see and I forgot. let me try that.
<histo> digs: yeah start there and see
<digs> same issue.
<histo> digs: try a default config
<RoyK> digs: pastebin iptables -vnL ; ip6tables -vnL
<digs> It starts the file transfer, get's to 100% in filezilla, then hangs for about 20 seconds and filezilla pops up asking if I want to overwrite or resume the transfer and the filezilla log looks like this: http://codepad.org/9BioM0HK
<digs> I changed the ip.
<RoyK> digs: filezilla has issues - does it work with something like ncftp?
<histo> RoyK: how would it be firewall if it starts the transfer
<RoyK> digs: nice ip addres btw
<digs> fw: http://codepad.org/8bM7IdFX
<RoyK> histo: probably not, just asking
<RoyK> digs: well, that's wide open
 * histo suspects client
<digs> client works fine on 14.04 - and it is a popular client, if I can't get it to work with filezilla, the server side is useless.
<digs> for grins, I will try another.
<digs> okay, now I am baffled. It worked on the other client with a .txt file. I tried the same file with filezilla. it works. I tried a pdf... it works. I tried the same file I have been trying... a favicon.ico ... it fails. Tried a .png, it works.
<digs> it fails .ico files on both clients. wtf.
<digs> I have been stabbing this thing for over an hour.
<patdk-wk> digs you have a firewall anywhere?
<digs> I have a cisco fw on-site. I can check the IPS logs.
<patdk-wk> make sure the port range it uses for passive mode ftp is open
<patdk-wk> you might only have it partially open
<digs> simpler, I can exclude myself in the ACL from the traffic forward to ips.
<patdk-wk> what ftp server is it?
<digs> vsftpd
<digs> son of a _ it was the cisco IPS blocking the .ico file extension. grrr.
<digs> Thanks for oiling my gears guy. shezz.
<digs> guys*
<digs> only reason I tried a .txt file was because I was too lazy to go find the .ico in the other ftp client :D
<digs> no I have to reconfigure this the IPS to chill out, at least for a few LAN ips.
<RoyK> digs: blocking .ico files is rather paranoid ;)
<patdk-wk> they are nothing but issue :)
<hushnowquietnow> Did the .ico files work on the 14.04 server?
<digs> RoyK - I agree... I am not sure why it blocks them... yet.
<RoyK> digs: guess it's about the possibility of embedding source code in pictures so that the javascript interpreter could accidentially run a script inside a image, but then, they'd have to block all image files, which would take the internet back to 1993 or so ;)
<smoser> $ sudo lxc-create -t download -n f -- --list
<smoser> Setting up the GPG keyring
<smoser> hang
<smoser> stgraber, hallyn ^
<smoser> i suspect that that hang is gpg waiting for random data
<smoser> that is never going to come to it
<smoser> is that true ?
<hallyn> smoser: seems plausible
<smoser> :-(
<hallyn> create some randomness :)
<hallyn> smoser: you could do --no-validate
<hallyn> not sure if that will eschew the gpg keyring creation altogether or not
<hallyn> if not, it should
<smoser> bah
<smoser> no. its looking for download key from a keyserver
<smoser> :-(
<smoser> why wasnt that delivered for me withthe package
<stgraber> smoser: because we want to be able to revoke the key easily if the server is corrupted and not wait for distros to update their package in that case
<stgraber> we use a pretty big gpg keyserver network though and have it setup so that it works over http proxies though and attempts to fetch the key 3 times
<stgraber> so it's pretty rare to be in an environment where fetching the key won't work but fetching the index and image afterwards will
<smoser> stgraber, and how would you revoke that key?
<smoser> you'd believe that some user is more likely to update their upstream tarball than get a key id from you?
<smoser> and i disagree that its "pretty rare" to be in such an environment
<smoser> many environments have network access only through http_proxy
<smoser> how is it any different to deliver a keyid than to deliver the key ?
<smoser> gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xBAEFF88C22F6E216
<smoser> bah
<smoser> https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1338781
<uvirtbot> Launchpad bug 1338781 in lxc "lxc download template needs access to hkp://pool.sks-keyservers.net" [Undecided,New]
<smoser> i honestly dont understand how that is any different.
<ochiottes> hey
<ochiottes> i just found that syslog has no entries for the past 5 weeks
<ochiottes> how do i check if it's running and how would i turn it on again?
<stgraber> smoser: if we need to revoke the key, we push the revocation to the key network and we're done, that will immediately prevent anyone from getting content signed by the compromised key, without having to rely on the distros updating lxc
<stgraber> smoser: switching to a new key will then require distros to update LXC to include the new keyid but at least during that time, lxc will refuse to create containers with images signed by a compromised key (which would be essentially remote code execution on all machines using the template)
<smoser> well, i'm not entirely convinced.
<smoser> and less convinced that depending on a uncommon protocol delivered from a service that is not all that reliable is a good solution.
<stgraber> well, I've carefuly chosen that specific network, protocol and port combination specifically because it works through http proxies. I've got multiple servers using the download template on very restricted networks with gpg and https traffic happily going through a proxy, you're the first one to report a problem with that, so I'm wondering what's special with your setup...
<stgraber> smoser: actually, looking at the code, it looks like http_proxy isn't set in your environment
<stgraber> smoser: otherwise the template would have used hkp://p80.pool.sks-keyservers.net:80
<byte> n8
<smoser> stgraber, you are correct.
<smoser> i didnt get http_proxy set.
<patdk-wk> isn't that replayable?
<smoser> annoying that it doesnt pass through sudo in this case.
<patdk-wk> by mtim
<patdk-wk> mitm
<stgraber> ah yeah, sudo is a bit annoying for that...
<smoser> but you're still dependent on this arbitrary 3rd party web service
<smoser> why not just wget https://linuxcontainers.org/the-key and use that ?
<stgraber> we don't depend specifically on that service, the GPG network is replicated between services so you can use any valid keyserver you want. I also thought it'd be a better practice not to have our key revokation procedure depend on the same server that's hosting the rest of the files (since it'd be likely both would be compromised at the same time, being on the same physical box)
<stgraber> pool.sks-keyservers.net is made of over 20 servers, reachable over ipv4 and ipv6 around the world, so I think it's reliable enough
<stgraber> patdk-wk: you are correct, the keyserver protocol can be man-in-the-middled and so if you get your hands on our private gpg key and our https certificate (or get access to the web server), you can then MITM the gpg keyserver and the images server to feed bad images to a client
<stgraber> patdk-wk: which seems reasonably difficult (though not impossible). And this would be for a very targeted attack, not for the widespread distribution of compromised images (which was our main focus there)
<hallyn> niemeyer: hey - is there anyone in particular who'd be good to ask about relationships/dependencies between golang packages in trusty?
<niemeyer> hallyn: I'm happy to talk about it, but I'm not a good person to explain it.. my preference was always for a more monolithic approach, but we've inherited that design from Debian, which surely follows more closely what the policy says
<smoser> stgraber, i dont knwo how reliable it is.
<smoser> i'm fairly sure i've seen it down.
<smoser> but you've now inserted something into the critical path that was previously utilized very occasionally
<smoser> ie, compare the number of times you've gpg --import-keypair to the number of times you've 'apt-get install'  or 'apt-get update'
<hallyn> niemeyer: in order to sru docker.io we need a few golang packages updated.  I've opened bugs for those, but am wondering whether they in turn should trigger any others.  bugs are:
<hallyn> bug 1338759, bug 1338769, bug 1338772, bug 1338775  (and two more to come when rharper opens them)
<uvirtbot> Launchpad bug 1338759 in golang-context "SRU 0.0~git20140522.1.1f3e8a4-2 to trusty" [Undecided,Fix released] https://launchpad.net/bugs/1338759
<uvirtbot> Launchpad bug 1338769 in golang-gocapability-dev "SRU >= 0.0~git20140516~ to trusty" [High,Fix released] https://launchpad.net/bugs/1338769
<uvirtbot> Launchpad bug 1338772 in golang-mux "SRU 0.0~git20140505.1.136d54f-2 to trusty" [High,Fix released] https://launchpad.net/bugs/1338772
<uvirtbot> Launchpad bug 1338775 in golang-pty "SRU 0.0~git20140315.1.67e2db2-1~ to trusty" [High,Fix released] https://launchpad.net/bugs/1338775
<hallyn> niemeyer: they all built/installed fine as they were, and none listed any versioned deps that weren't being met in trusty,
<hallyn> but i just wanted to make sure.
<VioByte> Anyone know how to get Ubuntu 12.04 to allow support for lookups to LDAP with a username that contains a dot/period instead of returning "id: user.name: No such user" Or is this not doable for some retarded reason?   Normal ldap user lookups work fine except for the dotted ones.
<niemeyer> hallyn: These are all third-party packages which I'm not familiar with
<hallyn> niemeyer: ok, thanks
<hallyn> niemeyer: if they're not core to go anyway then all the better :)  i didn't want to break builds of juju or something
<niemeyer> hallyn: Yeah, two of them are part of Gorilla, which is a bunch of helpers on top of Go's http package
<hallyn> i dont' see any packaged version of that ?
<niemeyer> hallyn: These are the packages
<niemeyer> hallyn: https://github.com/gorilla
<hallyn> yeah that should be fine (since it's coming from git)
<VioByte> Anyone know how to get Ubuntu 12.04 to allow support for lookups to LDAP with a username that contains a dot/period instead of returning "id: user.name: No such user" Or is this not doable for some retarded reason?   Normal ldap user lookups work fine except for the dotted ones.
#ubuntu-server 2014-07-08
<xop> I am hosting ssh server behind a router. I already port forwarded port 22 to my server, and it was accessible via public ip until yesterday when it suddenly decided to stop working, though accessing through local ip is fine (OpenSSH).what might be the cause of this?
<Patrickdk> heh?
<Patrickdk> what does router and portforwarding have to do with each other?
<Patrickdk> you mean behind a nat firewall?
<xop> yes
<xop> #s
<histo> xop: did your public ip change?
<histo> xop: ipchicken.com
<xop> no
<xop> i checked that
<histo> xop: What happens when you try to connect?
<xop> timeout
<xop> nothing
<xop> no promt for password
<xop> it is just weird.. it was fine (public access) until lastnight
<histo> xop: tracepath some.ip.add.ress
<Patrickdk> did you install something like fail2ban?
<xop> sshguard yes
<histo> xop: sshguard is a windows application isn't it?
<histo> !info sshguard
<ubottu> sshguard (source: sshguard): Protects from brute force attacks against ssh. In component universe, is optional. Version 1.5-5 (trusty), package size 123 kB, installed size 333 kB
<histo> nvm me
<histo> xop: that's probably blocking you then.
<xop> eh
<xop> let me check on that
<xop> i[i
<xop> holy hell you were right
<histo> xop: so you enterred your password wrong to many times
<derek> that's the most random and awesome guess at a connectivity problem I've seen yet lol
<xop> i did not access it last night
<xop> somebody must have,,,
<xop> i have a shared account and device so i guess that must be it
<histo> xop: sshguard shouldn't be blocking everything if someone tries to access.  If it is uninstall it and install fail2ban
<xop> ah wlp
<xop> welp*
<histo> xop: sshguard should just add a rule to block whatever IP was trying to login multiple times.
<xop> well the defualt limit is 4 so a little mistyping can result in banning
<xop> perhaps i should change that
<xop> Thank you for the help
<xop> I must get going. Awesome hunch btw
<solarfly> xop++
<Patrickdk> derek, not random at all :)
<lkthomas> hey guys, for standard upstart script, how could I let upstart track the process status ?
<Patrickdk> dunno, I need to get moving on my upstart scritps
<Patrickdk> have to rewrite them all to systemd now :(
<lkthomas> why
<lkthomas> version 14 ubuntu using systemd only ?
<RoyK> upstart sucks
<Patrickdk> you don't read the news I guess
<Patrickdk> http://www.markshuttleworth.com/archives/1316
<lkthomas> what the fsck
<lkthomas> so init -> upstart -> systemd
<lkthomas> when does it going to settle
<Patrickdk> while, I think it was odd for ubuntu to go upstart
<Patrickdk> systemd devs are kindof an ass
<Patrickdk> so I'm conflicted both ways
<Patrickdk> royk, systemd wants to bend the system to their will
<Patrickdk> they have attempted to make kernel changes for things they broke in systemd
<Patrickdk> lots of fun
<lkthomas> I got it
<lkthomas> nevermind
<histo> Patrickdk: why are you rewriting them now? Just to be ahead of the curve?
<Patrickdk> need them for 16.04
<Patrickdk> :)
<histo> Patrickdk: you have 2 years
<Patrickdk> I have around 18months
<Patrickdk> then I will be defently in testing
<histo> technically 5 years but meh
<Patrickdk> 5?
<Patrickdk> you want me to upgrade when it's going eol?
<histo> yeah if you are a procrastinator
<Patrickdk> and you don't want me to build any new servers using the newer version
<Patrickdk> normally, I have things fully tested a month before release
<Patrickdk> so I can be filing lots of bug reports :)
<Patrickdk> and hope they get fixed
<lkthomas> Patrickdk: in theory you shouldn't run your production infrastructure with latest version
<Patrickdk> heh?
<Patrickdk> so upgrading 8 months after release is unacceptable?
<lkthomas> I am serious
<lkthomas> yeah
<Patrickdk> even if I fully tested it?
<lkthomas> it took us 2 years to migrate from Lucid to Precise
<lkthomas> management decide to stay on Precise a while
<cfhowlett> Patrickdk yes it's acceptable.
<Patrickdk> and why?
<lkthomas> Patrickdk: 10 servers deployment every month make us very busy
<Patrickdk> well, that sounds like your issue :)
<lkthomas> we don't have time to test and retest production system with latest release
<Patrickdk> my issue is making sure it tests good
<lkthomas> OH
<lkthomas> QA engineer ? LO
<lkthomas> LOL
<Patrickdk> all my critical systems have been upgraded already to trusty
<cfhowlett> Patrickdk 12.04 still works.  use it or don't.  it's supported for 5 years.  unless your deployment NEEDS the very latest, greatest, shiniest stuff, why would you, lemming-like, upgrade the instant the new version hits?  wait for the first point release at least.
<Patrickdk> the other ones, I haven't, cause of other issues, like php changes
<Patrickdk> those will likely get side-by-side deployments
<lkthomas> Patrickdk: actually our developer have their code written on precise
<Patrickdk> you mean, it's supported for 2.6years :)
<lkthomas> so effort to move to new version is huge
<Patrickdk> or 3.6, something like that
<lkthomas> Patrickdk: it's enough until we change to new job :P
<Patrickdk> I'm not going anywhere
<lkthomas> I think eventually we will hire someone do it or I already change job
<Patrickdk> this is my 4th time
<lkthomas> centos run like what, 10 years
<Patrickdk> this time has been perfectly smooth so far
<Patrickdk> centos is likely to run 2months
<lkthomas> Patrickdk: no ?
<lkthomas> Patrickdk: they hardly do big version change
<Patrickdk> I have no love for centos
<Patrickdk> likely better now with rhel backing them
<Patrickdk> but getting security updates 2-3months late
<Patrickdk> is not something that is acceptable
<Patrickdk> but you get what you get for free
<Patrickdk> lots of rhel installs
<Patrickdk> lots of ubuntu installs
<lkthomas> for me I find it easier to manage Centos
<Patrickdk> no centos
<lkthomas> than ubuntu
<Patrickdk> I always found rpm a huge pain, and deb worked better
<lkthomas> how so ?
<Patrickdk> rpm always broke my systems everytime it updated software
 * lkthomas never had that problem
<Patrickdk> rpm doesn't track installed files
<Patrickdk> if you delete a file, it will magically return
<Patrickdk> if that file caused a config issue, well, your software just broke
<lkthomas> we are using puppet to manage those crap
<lkthomas> it will never get into problem
<Patrickdk> puppet doesn't fix it
<lkthomas> Patrickdk: puppet is a workaround
<Patrickdk> though it can make sure it's corrected
<lkthomas> yeah
<lkthomas> anyway
<lkthomas> brb
<lkthomas> need to work on puppet again
<lkthomas> LOL
<blaaa> I might want to add a wifi-AP/router-function to my home server, I am looking into buying http://www.compex.com.sg/productdetailinfo.asp?model=WLE900VX as a network card, how well is is suopported in ubuntu?
<avernos> I have an application that requires several tcp open sockets, and i'd like to increase the default tcp limit on open connections, where can i do this?
<jdstrand> hallyn: hi! would you mind joing #apparmor on oftc?
<jdstrand> hallyn: I have the developer of the libvirt-lxc apparmor patches there and he is looking at fixing that bug for us
<jdstrand> hallyn: he has an unrelated question about libvirt-lxc being started in the net namespace and I thought you might be able to answer his question better than I
<jdstrand> hallyn: (that bug being bug #1331081)
<uvirtbot> Launchpad bug 1331081 in libvirt "please split libvirt-driver apparmor abstraction for qemu and containers" [Wishlist,Triaged] https://launchpad.net/bugs/1331081
<rickbeldin> Hi. Working a Canonical support ticket  00069682.  I have a large file (900mb) to upload and getting connection refused on ftp to archive.admin.canonical.com.     Don't know if that is 'normal' for that machine.
<rickbeldin> What is the attachment limit for Launchpad?
<rickbeldin> Trying to find this specific version of qemu-kvm and dbgsyms for coredump analysis:  1.2.0+noroms-0ubuntu2.12.10.7~precise1+lp1309676debug.  I have precise repos enabled and can't find it.
<RoyK> rickbeldin: upload it somewhere and link to it - guess you have a webserver somewhere?
<rickbeldin> RoyK: I can do that, but Greg Vallande gave me the ftp site yesterday for the 64gb (!) core dump.  I assumed he wanted it in the same place.
<Lachezar> Hey all. I am trying to boot the Alternate i386 Server (14.04) on a bit of an old hardware. USB stick is a no-go: blank screen on boot. USB CD boots, but hangs immediately at language selection (complete block: NUM lock does not toggle). Please advise.
<rbasak> Lachezar: try 10.04 or 12.04 to try and pin it down?
<rbasak> I wonder if this is related to lack of non-pae support now.
<rbasak> Though I think it gives you a message in that case.
<Lachezar> rbasak: the machine has 1G RAM, and is a Celeron, so no PAE and no x64.
<rbasak> Lachezar: PAE has been required recently.
<Lachezar> I have a 10.04.03 server iso. Trying it ou. I'll be back...
<patdk-wk> I think pae requirement came into play for 12.04
<rbasak> That's my memory too - though in 12.04 it was possible to get a non-pae machine to work using the netinst iso or something. I have a non-pae 12.04 machine that works.
<Lachezar> 10.04 booted, now what can I do to have a 14.04 installed? Custom CD? Or LTS-Upgrade-x2?
<cfhowlett> Lachezar you can do an LTS to LTS upgrade to 12.04 > 14.04    or download 14.04 and do a clean install
<Lachezar> cfhowlett: 14.04 won't boot. That's why I'm trying the 10.04 CD, which actually boots and does not hang.
<Lachezar> I'd very much like to install 14.04 straight away, without the LTS upgrade path.
<cfhowlett> Lachezar 14.04 won't boot?  why not?
<Lachezar> cfhowlett: hangs on language selection.
<cfhowlett> Lachezar  odd behavior - not sure that direct upgrade would avoid the issue, but ... sorry but 10.04 > 12.04 > 14.04 is your upgrade path
<Lachezar> cfhowlett: people here suggested it has something to do with PAE missing.
<cfhowlett> Lachezar I can't comment - not enough knowledge
<Repox> Hello. I'm trying to disallow access to a specific port on my server with iptables. This is what I tried: http://pastie.org/9368600 - but its not working. What am I doing wrong?
<patdk-wk> you can't upgrade to 14.04, if you don't have pae or x64 support
<patdk-wk> oh, 12.04 will work
<patdk-wk> but >12.04 won't
<patdk-wk> no, I'm wrong :(
<patdk-wk> 12.04 needs it too
<patdk-wk> http://www.webupd8.org/2012/05/how-to-install-ubuntu-1204-on-non-pae.html
<patdk-wk> doubt that is recommended though
<Lachezar> patdk-wk: So basically I'm stuck with 10.04 on that machine?
<lordievader> Good evening.
<patdk-wk> sounds like you could upgrade to 12.04, but it won't be much fun
<patdk-wk> and then, dead end, yes
<sarnold> you could always compile your own kernels
<sarnold> hard to believe I used to do that for _fun_
<patdk-wk> :)
<patdk-wk> I used to have lots of fun with the 2.0 and 2.2 kernels
<patdk-wk> lots of patches and stuff I worked on in them
<sarnold> yeah, back in those days you -could- read through the whole menuconfig in an afternoon and see what the world had to offer :) hehe
<patdk-wk> now if I could quit my jobs and stay at home all day like back then :)
<sarnold> haha
<patdk-wk> sarnold, it's not just going be a kernel issue is it?
<patdk-wk> isn't all packages compled it those options?
<patdk-wk> and that old cpu support is going have issues with instructions not existing
<patdk-wk> besides just pae
<sarnold> patdk-wk,Lachezar, oh this is the 'hangs at language selection' thing.. can you try again with a ps2 keyboard? iirc that was a usb keyboard problem :P
<patdk-wk> I dunno, I'm just suggesting, he is likely to have more issues, if he does solve the pae issue :)
<sarnold> sure could be
<sarnold> heck depending upon the 12.04 installer people use they might run into issues. the original 12.04 discs might be best for long-term support for some older hardware, those get the full five years of support, I think the intermediate "hwe" kernels in the newer discs will drop out of support when 14.04.1 is released.
<patdk-wk> hell, last night I suprised myself, I still have a machine running 32bit
<sarnold> nice :)
<michaelaguiar> Can someone tell me how I can have an SSH user jailed to their var/www/sitename.com ?
<michaelaguiar> For example, I have multiple sites, for multiple clients.  I want to give them SFTP access to their site only
<patdk-wk> again?
<sarnold> michaelaguiar: check ChrootDirectory in the sshd_config(5) manpage
<patdk-wk> but it's not likely to work the way you want :)
<patdk-wk> if you want something easier, try proftpd
<michaelaguiar> ok Iâll try proftpd
<patdk-wk> but then, you can't have ssh and proftp/sftp on the same port
<sarnold> patdk-wk: oh? why wouldn't chrootdirectory work out for sftp?
<patdk-wk> it does work :)
<sarnold> oh okay
<michaelaguiar> Hmm, would it work if I jail the users to their home directory, and link any file they need into that home directory, so that they can upload and it can just sync over?
<patdk-wk> it just has very insane settings to make it work
<patdk-wk> now, those insane settings are nice, it makes it very secure
<michaelaguiar> maybe a symlink or something?
<patdk-wk> you cant symlink outside a chroot
<patdk-wk> that is the whole point of the chroot
<sarnold> michaelaguiar: symlinks are resolved relative to the 'root' they live in. it can lead to madness.
<patdk-wk> to not allow it
<michaelaguiar> ah
 * Lachezar has had enough for today. The 'server' has an 10.04.3 installation.
<Lachezar> Thanks for the pointers everyone.
<michaelaguiar> What would you guys recommend then?  just using proftpd or trying to use ChrootDirectory
<michaelaguiar> And in the chroot path, would it be best to have that users site served from their home directory, instead of /var/www?
<michaelaguiar> sarnold: do you know how I can use the ChrootDirectory method, but have the user access his site in /var/www?
<sarnold> michaelaguiar: why not just chroot them right into their directory and not force them to know a /var/www/ prefix?
<michaelaguiar> sarnold: thats what I want to do
<michaelaguiar> can I chroot them to a directory that is not their home?
<patdk-wk> with ssh? don't think so
<michaelaguiar> I didnât think so
<patdk-wk> but the bigger issue will be the permissions on the /var/www folder to make that work
<michaelaguiar> Might as well just use proftpd for this case
<michaelaguiar> thanks for the info guys
<michaelaguiar> is ACL a good solution for locking people to specific directories?
<FunnyLookinHat> Are any of you aware of a GUI that makes it significantly easier to use Ubuntu as a router?  We've got a box already running as a router, but I have to believe there is a better way to manage IP forwards and whatnot than straight IPTables
<DeltaHeavy> FunnyLookinHat: I forget the name but there are for sure GUI tools for iptables.
<lordievader> If all you require is basic iptables support: gufw.
<FunnyLookinHat> lordievader, is there a web-GUI version of gufw?  We run our servers headless...  :)
<lordievader> FunnyLookinHat: There's a cli version, but then you can just write iptables ;)
<FunnyLookinHat> lordievader, hehe - well the problem is managing a lot of iptables rules...  they're quite... unruly :)
<FunnyLookinHat> I've made the mistake of writing a badly written iptables rule one too many times
<rberg> ufw is pretty straight forward from the CLI. I prefer to edit /etc/iptables/rules.v? manually
<sarnold> ufw might not be the best choice for routers though :)
<rberg> whooops missed that
<FunnyLookinHat> Yeah the big thing we want to be able to do is easily setup one-to-one forwards
<rberg> vuurmuur looks pretty nifty
<FunnyLookinHat> rberg, Ah that one is cool - I'll dig into it a bit
<sarnold> FunnyLookinHat: some pals really liked this, dunno if I could ever get the hang of it though: http://ferm.foo-projects.org/download/2.0/ferm.html
<FunnyLookinHat> sarnold, ooh, nested rules!  Very cool
<sarnold> FunnyLookinHat: probably you know iptables better enough than I do that it'd be easy but whether it is improvement enough over iptables, no idea :)
 * patdk-wk loves shorewall
<FunnyLookinHat> Yeah I mean - I know how to use IPTables well enough...  this is more of a "what if my tech wants to setup a server that grabs one of our external static IPs so that a customer could test something"
<sarnold> I seriously miss ipf/pf -- I found that one pretty easy to use. (which is part of why I like ufw, it's close to pf, but it is just a front end with assumptions, rather than a native full language. oh well.)
<patdk-wk> I was good at making iptables manually
<patdk-wk> but it becomes too much work to maintain and audit
<patdk-wk> shorewall makes it much simpler
<FunnyLookinHat> http://shorewall.net/NAT.htm very cool  :)
<patdk-wk> not sure if it will solve *that* issue though
<patdk-wk> I tried fwbuilder, didn't really like it :(
<FunnyLookinHat> patdk-wk, yeah but it'd make writing a web-gui much easier
<patdk-wk> ya, my iptables was getting to be around 300 lines
<patdk-wk> just became unmanagable
<patdk-wk> shorewall makes it even more secure, but does increase it to aorund 1200 iptables lines
<patdk-wk> but it's also quicker :)
<ttoll_renci> quick apache2 question, how does it know to use /etc/apache2/sites-enabled as a config directory?
<sarnold> ttoll_renci: IncludeOptional sites-enabled/*.conf
<ttoll_renci> oh, thanks, didn't look at the apache2.conf file, used to RHEL packaging
<sebastianlutter> how to start VVM with BoxHeadless at startup on Ubuntu Server 12.04?
<bitfury> hi, anyone know what version of tomcat gets installed in ubuntu server 14.04 LTS when you select it during install?
<Repox> Hi, does anyone have any experience with LXC? I'm having some issues reaching a server from a container, but not from the host.
<diffen_> Hello, I wonder if this is a good solution. Im thinking of installing a MAAS solution with four servers and then installing iredmail on top of them. Is this a smart solution and a doable solution? If not, what is a good solution for a stable email solution.
<ndf> how is the auto screen off/blank configured in 13.10 server?
<ndf> oh and also the kernel message behaviour?
<ndf> I'm recovering a disk with safecopy and getting a lot of "buffer I/O error on device dev/sdb" in all my ttys
<ndf> and my tty fors go blank so I have to type in the safecopy output to see it again lol
<ndf> *ttys -for
<ndf> **my ttys go
<ndf> interestingly screen contains kernel messages in an empty area of a split
<ndf> oh, no it doesn't, the regions scroll away with the outside bbbbuffer
<ndf> *buffer ... odd =/
#ubuntu-server 2014-07-09
<pds_> hello guys i'm trying to kickstart a ubuntu server 14.04LTS from a 12.04LTS desktop , i'm using the following tutorial http://digitalsanctum.com/2013/03/22/how-to-setup-a-pxe-server-on-ubuntu/. I wonder how i can use a kickstart file that i host remotely , and if i only need to provide the boot.iso file in nginx
<ronator>  st8:Qk!Lo-W
<ronator> sk8er
<stemid> in 12.04 LTS, latest patches, I am still having a problem with isc-dhcp-server where /var/lib/dhcp/leases* change ownership whenever the service is restarted. or the OS is restarted. when it is owned by root dhcp can't rotate the leases file and it grows uncontrollably.
<stemid> this has gone on for many months, I thought it would be patched.
<peetaur2> you could edit the init.d file to add some chown ... or remove what is there
<stemid> I did that under start|stop but the last time the OS was restarted not even that helped
<stemid> I've been forced to setup a nagios alert on the ownership of the leases file. and so far this alert has saved me the last two times the service has restarted or the OS restarted.
<peetaur2> what is the wrong and right owner?
<peetaur2> hmm it seems my dhcp server is 10.04 rather than 12.04, and has the user as dhcpd, and the path is /var/lib/dhcp3/dhcpd.leases
<peetaur2> so good thing I didn't use 12.04 then? ;)
<stemid> 12.04 path is /var/lib/dhcp and dhcpd:dhcpd is correct
<stemid> I can re-create this bug anytime, just sudo service isc-dhcp-server restart
<stemid> but now I have removed the chown from the script
<stemid> seems to me that the script should be patched upstream by ubuntu
<peetaur2> does it literally say "chown root" in there?
<peetaur2> or some variable?
<stemid> the script does no chown on its own
<stemid> I have no idea how this happens
<stemid> dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf
<stemid> obviously root starts it
<stemid> and then it drops privs
<stemid> but why create leases before dropping privs?
<stemid> and no setgid set on the parent dir
<stemid> I could setgid on parent dir, chown it to dhcpd
<stemid> then all files will be created with dhcpd as owner
<stemid> http://paste.debian.net/108850/
<peetaur2> maybe you could also use ACLs to make sure dhcpd always has access
<stemid> yes
<stemid> workarounds are possible
<stemid> https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1186662
<uvirtbot> Launchpad bug 1186662 in isc-dhcp "isc-dhcp-server fails to renew lease file" [Undecided,Triaged]
<stemid> I should post there though
<stemid> aha it's apparmor
<peetaur2> since when does apparmor chown things?
<stemid> it can prevent chown
<stemid> by the dhcpd process
<peetaur2> can't you just modify the apparmor profile so it is allowed to chown and have full control of the file?
<stemid> peetaur2: will check
<DarkStar1> Hi all I have a SSL question regarding a domain "catch-all" certificate
<ronator> you must have too much money ;-)
<DarkStar1> if I need to reuse the certificate on another server bearing the domain name how can I? As I understand it the key that I used to generate the csr upon which the cert was created is for that server only
<DarkStar1> ronator: not me. someone who's got the cert and wants me to install it for them on another server
<DarkStar1> :)
<DarkStar1> but I am poor and damn near desolate
<ronator> catch-all certificate would mean you can have *.yourdomain.com - "normally" that is done on one machine with several virtual hosts. not sure If I understood your Q
<ronator> deploy a catch -all cert for different machines ... goood question :D
<DarkStar1> different machines yes
<ronator> you _could_ do as you said, but it is not recommended
<ronator> https://support.discountasp.net/KB/a132/can-you-export-my-ssl-certificate-use-on-different-server.aspx
<peetaur2> of course you can put a cert on many independent machines... all SSL does is validate that a CA cert (eg. in the browser) is the one that signed the server cert, and the browser has no idea which other servers have the same key, and doesn't care.
<peetaur2> but copies of the private key all around mean more risk if one system is compromised.
<patdk-wk> this is what certificate copies are for
<patdk-wk> make a the same cert with many different private keys
<patdk-wk> if one server gets compromised, only that one needs to be revoked
<Lachezar> Hello all. I had a problem installing Ubuntu Server yesterday, and it was suggested that I use 10.04 installation disk. It worked. Today I did a release upgrade, and now I have a 12.04 with '3.2.0-65-generic-pae #99-Ubuntu SMP Fri Jul 4 21:17:05 UTC 2014 i686 i686 i386 GNU/Linux' kernel.
<Lachezar> Does that mean, that my hardware actually has PAE support? Can I do a release upgrade to 14.04 now?>
<jrwren> no, it just means your kernel has pae support.
<Lachezar> Actually... I have other 12.04 Ubuntu Server machines (two), that show no available release upgrade... Is that correct?
<jrwren> grep --color pae /proc/cpuinfo   # to see if your CPU supports PAE
<Lachezar> jrwren: Ahha! cpuinfo flags has 'pae'. So that might not be the reason why 14.04 Server CD hangs on language selection (upon boot, not when installing!0.
<jrwren> why not run 64bit?
<Lachezar> jrwren: Old hardware: Intel(R) Celeron(R) CPU 2.53GHz, low memory: 1G
<jrwren> oh. you don't need a pae kernel at all.
<jrwren> laptop?
<Lachezar> jrwren: I don't need PAE, but it seems I have no choice (apart from recompiling my own).
<leotr> hello. I have one (only one) server with 6 HDDs and 64 Gb ram. I want to setup MAAS on it and then use juju for administering it. Is it possible?
<leotr> i mean is it true that one server is enough for that
<jrwren> yes, its true.
<leotr> should i download ubuntu for cloud cd in this case?
<leotr> *ubuntu server for cloud
<Xbert> are aa-logprof and aa-genprof broken in 14.04?
<peetaur2> Xbert: I haven't tried them but heard yes they are
<peetaur2> Xbert: #apparmor is on the irc.oftc.net network, maybe they know a fix
<tyhicks> Xbert: hi - they're not in great shape in 14.04
<Xbert> peetaur2, its seem that way from my experience too, pfft nice for a LTS
<peetaur2> Xbert: someone once said that the LTS releases are not officially LTS until some point .. maybe that's the key to stability
<tyhicks> Xbert: we've got fixes for a majority of the bugs in the upstream code repo, but no one has yet had a chance to SRU them to 14.04
<peetaur2> and it makes obvious sense since any release in general is the same
<Xbert> they bragged out having apparmor only a few years ago, now they let is die
<tyhicks> it's not dying
<tyhicks> the tools were rewritten in python (from perl)
<tyhicks> and the rewrite introduced a number of bugs
<Xbert> 14.04 is tested for months, apparmor is in based install and it been months since 14.04 release, i would expect it to work
<tyhicks> it was unfortunate that the upstream rewrite happened prior to 14.04
<Xbert> for me it completely broken
<peetaur2> ah cool, python is probably an improvement
<peetaur2> but now we're beta testing ;)
<tyhicks> Xbert: filing bugs is a big help
<peetaur2> can you simply install the old apparmor tools from the old repo?
<Xbert> i thought the problem with me doing an in place upgrade, i just did a fresh install and its the same
<tyhicks> peetaur2: yes, that should be fine
<peetaur2> on non-beta testing servers of course ;)
<Xbert> the bug has been reported 3 times already
<Xbert> last back in may
<tyhicks> Xbert: what's the bug number?
<Xbert> https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1319830
<uvirtbot> Launchpad bug 1319830 in apparmor "aa-logprof will scan forever on Ubuntu 14.04 server (dup-of: 1307665)" [Undecided,New]
<uvirtbot> Launchpad bug 1307665 in apparmor "signal entries in audit.log send aa-logprof in infinite loop" [Medium,Fix committed]
<Xbert> and https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1319829
<uvirtbot> Launchpad bug 1319829 in apparmor "aa-genprof will crash when select scan on Ubuntu 14.04 server" [Undecided,Confirmed]
<tyhicks> Xbert: we've got upstream fixes for those issues, now we need to go through the SRU process to update the package in 14.04
<Xbert> how do i do that?
<tyhicks> Xbert: How do you do an SRU?
<lordievader> Good evening.
<Xbert> tyhicks, yes, i don't know what you mean
<tyhicks> Xbert: https://wiki.ubuntu.com/StableReleaseUpdates#Procedure
<tyhicks> Xbert: it is quite involved, you're probably better off temporarily downgrading to the 13.10 package and waiting for us (Ubuntu Security) to do the SRU
<Xbert> tyhicks, ok i give that a go, thanks
<tyhicks> Xbert: sorry for the trouble :/
<ndf> is there a way to temporarily turn off kernel messages about I/O errors on a (usb)disk? [/dev/sdb]
<raray> is there a protocol/program for accelerated file transfer over the internet?
<raray> I want to transfer files from my server
<raray> File transfer via ssh is very slow for some reason.
<raray> FTP over tls is ok, but only as fast as 1 tcp connection
<raray> is there a protocol/program using multiple connections or udp?
<raray> ...
<K4k> Can anyone think of any weirdness I might run in to if I rename GID 27 from "sudo" back to "wheel"?
<rbasak> raray: TCP should scale to the available bandwidth. Even one connection. If it doesn't, you have a connection or TCP stack problem.
<raray> rbasak: the problem is my connection is over a shared medium
<raray> if i use 2 tcp connections it will be almost 2x as fast.
<rbasak> raray: http://lartc.org/lartc.html has instructions to help you manage bandwidth and prioritise traffic
<raray> Priorize traffic? It's over the internet...
<raray> And the utilization on both devices is quite low
<raray> the problem is the ISP seems to be overselling the cables.
<raray> that means I can not priorize anything
<rbasak> If the ISP aren't stupid, then they'll be doing bandwidth management so each customer gets an equal amount of bandwidth under contention
<raray> rbasak: fact1 1: I have a quite slow connection at home. fact 2: if i use 2 tcp connections it is almost 2x as fast fact 3: I recently was in a fast wifi with my laptop and got 50mbits over 1 tcp connection to that same server
<raray> instead of 1mbit
<raray> so the devices on both ends can't really be the problem
<sarnold> raray: wow. sounds like a stupid ISP
<sarnold> raray: you could probably use split to split a file into chunks then use multiple scp or multiple rsync connections to transfer the pieces, then re-assemble them on the far side
<sarnold> raray: the more you abuse it the more likely it is your isp will figure out how to rate limit per customer rather than per connection, which would doubltess be an improvement for nearly everyone :)
<raray> sarnold: thats what I'm thinking
<raray> sarnold: i already did the splitting and reassembling manually. The transfer was faster, but too much manual effort
<leotr> hello. I have server with raid controller, 2 processors, 64 gb of ram. I want to use it for creating virtual machines for experiments. I would like to be able to use juju for fast vm creation and software deployment and so on... as i understand MAAS  is not  what I might want
<leotr> could you suggest me something for my task? what is the best option
<sarnold> leotr: you could use the juju-local provider to spin up LXC containers; it isn't VMs, so it won't be perfectly like using a cloud provider.. you could also manually create a pile of VMs and then use the manual provider...
<sarnold> leotr: see https://juju.ubuntu.com/docs/config-manual.html and https://juju.ubuntu.com/docs/config-local.html
<leotr> thanks
<zartoosh> HI how could I have boot.log timestamped?
<zmbmartin> I am using ghostscript to compress pdfs. On my OSX machine the compressed pdf looks identical to the full pdf. In ubuntu the compressed pdf is missing some patterns and fills from the full pdf.
<zmbmartin> So if I run the full pdf through gs on OSX it outputs the same just compressed. But when I run the full pdf through gs on my ubuntu-server the file is compressed but patterns and fills are missing.
<dustinspringman> anyone around familiar with routing via VPN?
<billy_ran_away> Why does the ldap package break my current ldap install so often?!?!
<billy_ran_away> Also why can't I remember the password to my local account?!?!
<dustinspringman> so... i've got the tunnels up. The ubuntu-server can ping all the LANs, but I cannot route between LANS for some reason.. I think its related to IPTables, but the instructions I see online seem to imply that I'm an IPTables expert.. not the case.. thoughts on a good resource/walk-thru?
<sarnold> dustinspringman: did you set e.g. /proc/sys/net/ipv4/conf/all/forwarding
<dustinspringman> sarnold: I believe so, but I will double check, doing it now..
<billy_ran_away> anyone know how to pick up a currently running process?
<billy_ran_away> I ssh'ed in to my network server, ran screen. Then from there I ssh'ed in to another machine and kicked off a long running process.
<sarnold> billy_ran_away: I normally used screen -RAD when reattaching screen sessions
<billy_ran_away> sarnold: I upgraded ldap on ubuntu and have since locked myself out of that machine...
<billy_ran_away> sarnold: But I still see the processes running on my local desktop...
<billy_ran_away> â  ~  ps -ef | grep -i heroku
<billy_ran_away>   501 53623 53416   0  2:50PM ttys004    0:05.92 ruby /usr/local/Cellar/heroku-toolbelt/2.34.0/libexec/bin/heroku run console
<billy_ran_away> i'd like to just pick up the output of that heroku run console
<billy_ran_away> process...
<sarnold> billy_ran_away: you can't really pick it up without re-attaching to that screen session
<billy_ran_away> sarnold: yea that was what I was afraid of
<billy_ran_away> sarnold: I can ssh in to my local user on my server that has the still running screen session with my ssh keys
<billy_ran_away> sarnold: but I can't remember that password so I can't sudo anything...
<dustinspringman> sarnold: when I cat /proc/sys/net/ipv4/conf/all/forwarding I get 0 as a response... Do I change that to a 1?
<billy_ran_away> I hate ldap upgrades! I mean sure it's happened before to me when upgrading major versions of ubuntu, but the package maintainers wouldn't be so mean as to break compatibility between minor versions of that one package, or so I thought...
<sarnold> dustinspringman: yeah, if you want to be a router :)
<dustinspringman> doh!
<sarnold> billy_ran_away: argh. that's annoying :)
<dustinspringman> sarnold: done, gonna test to some remote sites
<billy_ran_away> thanks for listening sarnold!
<billy_ran_away> i'm just going to wait for these processes to finish and then reboot the server in to single user mode
<billy_ran_away> it's just those long running processes were for work and I was asked about the progress of them and now I look like an idiot who locked himself out or I lie
<sarnold> billy_ran_away: heh, I used to keep a 'toor' account around for those kinds of issues.. haven't done that in a while though
<dustinspringman> sarnold: I owe you a beer! that got me working! Thanks so much!
<sarnold> dustinspringman: nice :D have fun!
<billy_ran_away> sarnold: Yea I have an lbill account, which has my ssh keys in it
<billy_ran_away> but alas i forgot that password
#ubuntu-server 2014-07-10
<OssumPawesome> hello I'm trying to remotely forward a port using ssh on my ubuntu web server. So far I can get 192.168 loaded up through elinks/links2, but when I fill out the port forwarding form nothing changes and my new forwarded port is not added to the list. could anyone help me with this?
<sarnold> OssumPawesome: are you using ssh's actual port forwarding mechanisms (-L and -R) or are you just happening to use elinks over an ssh connection to try to configure port forwarding on some -other- device like a home router?
<OssumPawesome> the second one sarnold
<OssumPawesome> my router
<sarnold> OssumPawesome: many router interfaces require javascript in order for 'submit' buttons to work -- or, they even lack the submit buttons entirely on the assumption that the javascript will Just Work
<OssumPawesome> sarnold, if youre still there - is there a way i could get javascript to work on command line or somehow open a port on my router a different way?
<sarnold> OssumPawesome: try ssh -L 8888:192.168.1.1:80 servername --- then aim your firefox or chrome to localhost:8888
<sarnold> OssumPawesome: of course if you have to connect to to it with ssl, it'll take a bit more work, probably you'll have to run 'ssh' as root, and also add -L 443:192.168.1.1:443 so that https://localhost/  will load the remote router page..
<OssumPawesome> yeah im doing this remotely so everythings gotta go through ssh
<OssumPawesome> what is ssl?
<sarnold> OssumPawesome: SSL is secure-sockets-layer, the original name for the new TLS, transport layer security -- it's the little lock icon in the web browsers, the "s" in "https"
<OssumPawesome> sarnold, it works! thank you so much you are a beautiful human being. I honestly did not expect to be able to do this remotely. Thanks again
<sarnold> OssumPawesome: hehehe :) glad it worked for you :)
<sarnold> OssumPawesome: ssh -L and -R are awesome powerful things. they can get you out of trouble or create all kinds of trouble :) have fun!
<maxb> ssh -D is even more awesome :-)
<sarnold> maxb: wow, I haven't seen that one before. looks awesome. ssh -D blort, then go set your socks proxy in firefox, and OMG EVERYTHING WORKS ? :)
<maxb> Pretty much
<sarnold> maxb: cool :) thanks
<maxb> And then you combine it with tsocks, and you can run pretty much anything over it
<sarnold> oooh.
<sarnold> very cool. :)
<maxb> Very handy for "I want to run this as if I was within my datacentre"
<maxb> or reconfiguring the ADSL router in an office on the other side of the globe
<pds_> hi ladies and gentlemen i'm trying to kickstart a ubuntu server 14.04 LTS with a ubuntu desktop 12.04LTS, following this tutorial http://digitalsanctum.com/2013/03/22/how-to-setup-a-pxe-server-on-ubuntu/ using this kickstart file i create with the gui (http://paste.ubuntu.com/7773935/). It boots up just fine but it doesn't seem to want to automate.
<stemid> a kickstart file is not enough pds_, you also need to modify the boot parameters in the pxe files.
<stemid> to point to the ks file
<stemid> also any incorrect command in the ks file will halt the automated install and ask for input.
<stemid> and I've only pxe booted debian, never ubuntu, but debian does not have full KS support. I still have to use preseed.
<pds_> stemid what precisely do i need to modify?
<stemid> well you should find a complete tutorial that also covers the PXE files. I can only speak from experience with Debian and RHEL. I tend to modify pxelinux.cfg/debian-installer/amd64/pxelinux.cfg
<root-user> Hey guys, question here maybe someone can help. Yesterday i did "sudo chmod 600 //"  and now my system wont boot and i cant login trough console. Anybody knows a solution maybe?
<stemid> you could try booting a live CD, mounting your root filesystem and doing chmod 0755 on it
<root-user> Thanks, read about it but not tried it yet. btw, doest the chmod 600 // means that i have changed file permissions on the entire system :o?
<stemid> no, you did not use -R
<stemid> thankfully
<stemid> so hopefully you only need to reset / to 0755 and then boot up.
<root-user> Ah, that's a relief! Let me try it :)
<pds_> stemid i'm been messing around with kickstart files for to damn long
<pds_> trying preseeding now
<pds_> http://sfxpt.wordpress.com/2013/06/09/get-the-debianubuntu-ready-and-customized-the-way-you-like-in-10-minutes/
<root-user> stemid, u still here? I booted from live disc, and mounted my file system. Got a terminal but when i try to chmod 0755 it says "unable to open /etc/sudoers: permission denied"  Could you tell from this what I need to do?
<pds_> is there any documentation any where on the interwebs on how to automate the installation of ubuntu server
<root-user> @Stemid,  thanks! your guided me in the right direction, fixed now with the liveCD :)!
<pds_> kickstarting ubuntu server getting the installer failed to download a file from the mirror.
<hron85> Hi! Can anyone help me with joining a 14.04 server into the AD? I successfully joined the server, wbinfo -u and wbinfo -g works correctly. getent passwd $USERNAME works correctly, however the getent passwd does not lists any windows user.
<hron85> I do not know it is related or not, but sshd says initgroups: invalid argument when i try to log in into the server with my windows account
<peetaur2> pds_: I found kickstart (an alien system) to suck terribly in Ubuntu, so I use preseed only (which is native to Debian). I doubt it's related though.
<peetaur2> kickstart comes from redhat
<peetaur2> pds_: do you use a caching server? I recommend apt-cacher-ng
<pds_> nope just a simple nginx server
<peetaur2> is it a mirror? or unrelated to packages? I'm talking about the packaging proxy
<hron85> anyone with samba knowledge?
<pds_> but i'm open for suggestions reading the help.ubuntu about preseeding
<pds_> extracted the ubuntu iso the my nginx www/ubuntu
<pds_> join #ubuntu-nl
<peetaur2> I'm not so sure extracting the iso is the best way to do it
<pds_> just following http://digitalsanctum.com/2013/03/22/how-to-setup-a-pxe-server-on-ubuntu/
<pds_> brb
<peetaur2> pds_: what I used (maybe) was this http://www.linuxquestions.org/questions/linux-newbie-8/automated-remote-installs-of-ubuntu-using-kickstart-802660/ and then modified it heavily... so in partcular look at the "Step 3. Copy the netboot files into the tftp server."
<peetaur2> I am not sure really where all my notes came from ;) but that link was in my notes
<pds_> yup did that
<peetaur2> so if you downloaded the netboot stuff, then you don't need any iso ...
<peetaur2> and you shouldn't need a web server except for kickstart
<peetaur2> and I couldn't get various methods to work for supplying the preseed.cfg... so I put it in the initrd cpio.gz
<peetaur2> but you might find a way to put it on the web (but it is kinda wrong since that means you can't configure network in pressed then)
<AtuM> pds_, http://linux.opm.si/programska-oprema/ubuntu-14-04-network-install
<AtuM> pds_, these are my notes written after I got this to work.. kickstart is almost unusable in 14.04.. use preseed and use my notes to get ahead
<pds_> hmmmz
<peetaur2> AtuM: heh oh nice. Good thing I never even tried kickstart in 14.04 because I already found it bad in 12.04 or whatever I started with. (where it worked for basics, but didn't do network, disk, keyboard, language, :D [anyuthing but proxy I think] properly)
<peetaur2> but it had a purdy GUI ;)
<AtuM> peetaur2, well.. GUIs are sometimes evil ;-)
<pds_> kk
<pds_> so back to the drawing board
<pds_> read the fricking preseed files
<peetaur2> and FYI I found partitioning horrid in preseed... they reinvented the wheel. All they would need to give you is some parted, mdadm, lvcreate, etc. commands, but they made a thing that is limited in some ways (have to use whole disk, can't have a mix of raid and not, can't keep old partitions, etc.)
<pds_> so you guys would go for preseeding instead of kickstart
<peetaur2> on a debian based system, yes for sure
<AtuM> peetaur2, I do manual partitioning.. I only use network install so I don't need to add a dvd unit to servers
<peetaur2> you can also just leave the partitioning blank and it'll prompt during install
<AtuM> pds_, you don't have a choice.. preseed is debian based.. kickstart does not work for debian
<pds_> kickstart does kinda work :)
<pds_> but i guess i'm trying to hard :)
<peetaur2> on the last mass install I did just that... had a pre-script that downloaded a chroot with the tools I needed, unpacked it, and then I hit ctrl+f2 and did my partitioning in there :D  (for 73 servers... would have been nice if preseed partitioning didn't suck)
<peetaur2> my chroot had a script of course
<peetaur2> but still manually connecting to each kvm over IP and hitting a few buttons is stupid
<AtuM> pds_, when you get kickstart to work properly, please give me a shout and a link to your manual :)
<pds_> let me note some stuff down
<pds_> ask peetaur2 and AtuM stuff about preeseeding :)
<pds_> btw i actually got it allmost working
<pds_> http://www.tiikoni.com/tis/view/?id=bb55c79
<AtuM> oh.. I see it's almost installed :D
<peetaur2> I don't know what it's doing there, but what (I imagine) mine does is:    install base system from CD (like your download), and then since it's a proper netboot, installs non-base stuff (ssh server for example) from the network, using the caching server. So if you just have one repo set that is your server, but it has no extra stuff not on the cd, then it'll fail there.
<peetaur2> so I think you need a proper netboot with a simple caching server. (apt-cacher-ng is super easy to set up... basically just install, and it works already, no repos to set up like the stupid aptproxy which was horribly designed)
<AtuM> peetaur2, you use kickstart for this?
<AtuM> peetaur2, I don't think pds_ got as far as installing the os. I don't see how this can be done with kickstart. I should check how fedora does it, as it basically also writes an image and then expands it to the partition.
<pds_> well i allmost succeeded no ?
<AtuM> pds_ depends on what file it's trying to download..
<pds_> ubuntu local mirror
<peetaur2> AtuM: no, I tried kickstart, and got it to work with a mix of preseed for things not supported, but later found it had side effects, so moved the kickstart parts to pure preseed, and now it works fine.
<AtuM> pds_, is this post-install or is it searching for the installer image?
<AtuM> pds_, installer no longer uses repo to install base os.. it copies an image and expands/extracts it..
<AtuM> it can later use repo to install extra packages if needed
<pds_> probably searching for the installer
<AtuM> peetaur2, I'va also moved away from kickstart completely.. too bad preseed is not as good for partitioning. lucky for me I don't need that yet
<peetaur2> kickstart is worse for partitioning btw ;) (at least on Ubuntu)
<peetaur2> just for someone like me that knows the CLI well, it's far easier to use plain commands like parted, mdadm, pvcreate, lvcreate, etc. to partition a multi-disk system in loops and stuff
<AtuM> pds_, ok, so you're still far off.. I'd recommend you to stop wasting time with kickstart and forget the nice gui it has
<pds_> well that was pretty clear
<pds_> well about a month of research down the drain
<pds_> woop
<peetaur2> haha
<peetaur2> a month wasted
<peetaur2> it would take you like 3 hours to get a simple preseed file going
<peetaur2> sorry to tell you only now :(
<AtuM> pds_, you might want to use the knowledge on redhat systems.. not such a waste in my eyes
<peetaur2> hehe yes you can look on it positively that way ;)
<pds_> well since kickstart worked on ubuntu (well the gui that was)  and most of my knowledge is on centos system ...
<AtuM> what I've found is that there is no "ultimate" distro/os.. so every knowledge gained is helpful sooner od later
<hron85> anyone with samba knowledge?
<jrwren> `ask
<hron85> jrwren: i already asked, but nobody responded....
<jrwren> oh, the getent passwd you expect to list?
<hron85> yeah, i get rid on getent passwd problem
<hron85> jrwren: but the latter is still an issue
<hron85> sshd says initgroups: invalid argument when i try to log in into the server with my windows account
<jrwren> my knowledge in that area is 10+ yrs old. sorry. I only vaguely recall if listing all users ever worked with winbind
<hron85> it work
<hron85> s
<hron85> just have to winbind enum users = yes and same with groups
<jrwren> is nscd running?
<pds_> looking into preseeding found some examples , wondering if there is a list with possible key values
<peetaur2> look in debian docs... should be there
<peetaur2> there's one that has all options but commented out
<pds_> this one ? http://www.debian.org/releases/wheezy/example-preseed.txt
<pds_> https://help.ubuntu.com/12.04/installation-guide/example-preseed.txt
<axisys> how do I look a for a process that matches a name and if its cpu usage is higher than 15% then restart? I could use ps and find the info and restart.. but it might not be safe automate that way..
<rberg-> I -think- debconf-get-selections will show a list of possible preseed options
<axisys> manually is how we are doing it today..
<peetaur2> pds_: yes probably
<peetaur2> debconf-get-selections lists options, but they don't necessarily apply to the install process
<peetaur2> a great command to know though
<peetaur2> (preseed is not just for installing the OS)
<pds_> well it gives a lot of options regarding key but not the values
<peetaur2> axisys: why do you want to do that? some commands need more CPU ... (flash player for example, needs 100% on all cores :D... er no wait, kill that)
<rberg-> ahh. I use FAI for mass installation and debconf-{g,s}et-selections to avoid debconf questions
<pds_> flash is just evil :p
<axisys> peetaur2: this process when goes higher than cpu .. operation starts lagging
<axisys> operation related to the process that is
<axisys> peetaur2: we have been seeing this for last few months
<axisys> peetaur2: today we are thinking to automate the kill/restart
<peetaur2> axisys: which process it it?
<axisys> peetaur2: tac_plus
<axisys> I am thinking of converting it to a daemontools service .. so killing/restart will be reliable.. but I want to find a quicker solution until we migrate to new system and move it under daemontools
<jrwren> axisys: have you tried investigating why it is using so much CPU? There might be good reason.
<peetaur2> some Cisco thing? you'd think they had enough money to hire a better code monkey to fix their stuff...
<peetaur2> I thought Cisco was one of those "pay 3x as much as it's worth but get it done right" sort of companies
<axisys> peetaur2: tac_plus is from tacacs+ pkg provided/opensourced by shrubbery
<peetaur2> k... so 3rd party
<peetaur2> well either way, I have no experience with it
<axisys> jrwren: we did not find anything unusual .. every session ties to a core.. probably limited by disk IO and new system will have lot more memory and SSD disk
<axisys> but trying to find a hack to find a process with high cpu usage and automate the kill/restart
<axisys> peetaur2: ^
<axisys> python's psutil looks pretty nice
<pds_> http://paste.ubuntu.com/7775297/ debconf-get-selections
<peetaur2> what's wrong with using ps -c and -o to find pid by name, then check cpu, and kill if high?
<peetaur2> sounds like a short script
<peetaur2> -C that is
<pds_> hmmm examples of preeseeding files are nice but i need to find the correct keys :)
<peetaur2> axisys: ps -C tac_plus -o "pid,%cpu"
<axisys> peetaur2: looking at that switch now
<peetaur2> the big example probably has most install-related keys, just not all values
<peetaur2> then find the docs that go with it to explain values
<pds_> i've been looking for explinations of keys but couldn't find a decent website for it just yet
<peetaur2> well, link the official docs to prove you looked :P and then ask about an option and maybe we know
<axisys> peetaur2: I am reading the man ps
<pds_> https://help.ubuntu.com/12.04/installation-guide/i386/preseed-contents.html
<pds_> i would like to install ubuntu server in english but with a belgian keyboard
<peetaur2> pds_: k, well that's the ubuntu guide... the debian one would be more complete. But you also need a question.
<peetaur2> pds_: sadly I think that's one thing I couldn't get right... at this company we use English language but German (eliminate dead keys) keyboard
<pds_> well darn
<peetaur2> pds_: here's what I set in my file, but I don't know if it worked, but clearly variant/model USA is wrong. http://dpaste.com/31K4JCK
<axisys> peetaur2: hmm so ps -C tac_plus -o "pid,pcpu,cmd" --sort pcpu is a good start.. looking for a switch like .. display only if the pcpu is higher that 15.00 w/o awk
<axisys> peetaur2: thanks for that hint
<peetaur2> just parse it (rule is if there's a -o sort of thing for format, yes you can parse it) with awk, and then use bash... eatenup=15; if [ "$cpu" -gt "$eatenup" ]; then ...
<peetaur2> trim away the % first
<pds_> got something like this
<pds_> http://dpaste.com/0T7FECW
<peetaur2> pds_: deleting keys might mean it will ask instead
<pds_> peetaur what do you mean?
<peetaur2> I have many more keys in my file, don't I?
<peetaur2> if you remove them instead of changing the values, it might ask instead during the install
<peetaur2> and also you have  debian-installer/locale  twice
<peetaur2> (and so do I... hehe)
<pds_> let me check
<pds_> continueing http://dpaste.com/0TEETD2
<K4k> Tossing this out again in case anyone is here today that might know the answer.
<K4k> If I switch the name of GID 27 from sudo to wheel, will this cause any odd behavior that anyone can think of?
<peetaur2> K4k: you can probably make 2 groups with same GID
<bitfury> Hi everyone
<K4k> peetaur2: Oh, that's actually possible!? I didn't even think of that because I just assumed it wouldn't let me
<bitfury> anyone know what version of tomcat gets installed when I select it during install?
<bitfury> does it go for the latest stable tomcat8
<cfhowlett> !info tomcat bitfury
<ubottu> 'bitfury' is not a valid distribution: extras, kubuntu-backports, kubuntu-experimental, kubuntu-updates, lucid, lucid-backports, lucid-proposed, partner, precise, precise-backports, precise-proposed, quantal, quantal-backports, quantal-proposed, saucy, saucy-backports, saucy-proposed, stable, testing, trusty, trusty-backports, trusty-proposed, unstable, utopic, utopic-backports, utopic-proposed
<cfhowlett> !info tomcat
<ubottu> Package tomcat does not exist in trusty
<bitfury> !info tomcat8
<ubottu> Package tomcat8 does not exist in trusty
<bitfury> :\
<bitfury> what about this http://packages.ubuntu.com/utopic/tomcat8
<peetaur2> K4k: I know it's possible for users, but not sure about groups (since the group file syntax says id and members on same line)
<bitfury> oh nvm, failed to read it's universe
<K4k> peetaur2: manpage for groupadd indicates there is a -o flag for non-uniq GIDs. Thanks!
<peetaur2> K4k: nice :)
<user123321> Suppose I want to install 2 Ubuntu or LUbuntu servers with identical server programs in each one, is CARP good for HA and LB?
<K4k> ACK! Ok, I got my GIDs mixed up. We use GID 10 for wheel in ldap. Ubuntu sets GID 10 as uucp... I wonder if switching the GID for uucp to 14 (same as on Redhat) would break anything so that sudo could be moved to GID 10
<K4k> nope, doesn't appear it does :) yippeee
<zartoosh> HI how could I have entries in /var/log/boot.log timestamped?
<TJ-> zartoosh: That is saved by "/etc/init/plymouth-log.conf", part of the Plymouth graphical boot manager
<TJ-> zartoosh: I'm not aware of a way to have those messages timestamped unless you edited the Plymouth source-code directly, or intercepted Upstart's console output
<zartoosh> TJ-, thanks for your answer, okay I do not want to touch any source code, so I guess the best is to intercept the upstart's console output.
<TJ-> zartoosh: I'm thinking that'll be just as difficult!
<zartoosh> TJ- in /etc/init/plymouth-log.conf : It flushes the boot log to disk, so it is not part of creation of entries ...
<TJ-> zartoosh: Correct
<TJ-> zartoosh: what is flushed to disk is the contents of the console buffer
<TJ-> zartoosh: so unless you have a way to intercept and prefix timestamps as the messages are written to the console, there's no way to accurately timestamp them
<zartoosh> TJ-,  oh I see, okay, thank you so much. I did googling yesterday, it seems there is a program called "grab_serial" that may help me on this ...
<zartoosh> Hi I have installed ubuntu 14.04. I boot in uefi mode.  Whenever I reboot or powercycle system stops the boot process at grub menu and I have to manually type enter. Is there a parameter I can change so it automatically boot? thanks
<genii> zartoosh: You can try: edit /etc/default/grub    and see if there is a line like: GRUB_TIMEOUT=        and put some small number there like 5 ( the number is how many seconds to wait before automatic booting). Then after, to do sudo update-grub
<genii> If the GRUB_TIMEOUT line is not there, to add it.
<zartoosh> genii, there is a GRUB_TIMEOUT set to 2. but still it needs enter... Could be screen resolution ?
<genii> zartoosh: If it's not prompting you to choose a valid screen resolution each boot, that is probably not it
<zartoosh> genii, it is not prompting, so it is not display issue. Let me paste the /etc/default/grub ...
<zartoosh> genii  http://paste.ubuntu.com/7776445
<genii> zartoosh: Looks fine there.
<zartoosh> genii, could it be because of the uefi mode?
<genii> zartoosh: That would be my guess. I don't know enough about EFI/UEFI to be of much assistance there, however
<zartoosh> genii, thanks
<user123321> Suppose I want to install 2 Ubuntu or LUbuntu servers with identical server programs in each one (eg: Apache and might be other server programs), is CARP good for HA and LB? Does anyone have experience with CARP?
<bitbyte> iâm trying to generate a CA to my webserver know any guides ?
<patdk-wk> you don't use CA's on webservers
<sarnold> heh, the first guide I find uses des3 and 1024 bit rsa. otherwise decent-looking but perhaps a decade out of date..
<zartoosh> hi I have installed ubuntu 14.04 on my system. Network interface name has changed from eth0 to em1. I removed the biosdevname package with the hope that interface name goes back to eth0, it didn't, any one could help me please?thx
<sarnold> zartoosh: look for something like /etc/udev/rules.d/70-net-persisnte-rules or similar
<rberg-> and delete it!
<rberg-> I hate that file :)
<lordievader> Allways in for trouble that file!
<rberg-> it will be regenerated on boot but with the names you want this time
<zartoosh> sarnold, rberg-  it seems it did not, during reboot it says it can  not make the link for eth0 device.
<zartoosh> I actually preseeded my installation and during installation I had the biosdevname removed. Then in reboot the file 70-pres... had the device node as "eth" however it did not work either.
<lordievader> zartoosh: Does it show any wired network interface?
<zartoosh> lordievader, yes it does
<lordievader> zartoosh: Ok, great. So what exactly does not work?
<lordievader> Is it that the NIC is still called em1?
<zartoosh> lordievader,  the network interface does not come up either as eth0 or em1
<lordievader> zartoosh: Could you pastebin the output of both "lspci -k|grep Network" and "ip a s"?
<zartoosh> lordievader, I do not have network access to that system I will do it with use of usb, will take me a few minutes, thank you for trying to help me ...
<lordievader> zartoosh: No problem, and take your time ;)
<zartoosh> One more question , in pervious ubuntu installation like 12.04 I could do Alt+F2 and get console access, but on 14.04 seems this is disabled ?
<henkjan> zartoosh: try ctrl-alt-f2?
<zartoosh> henkjan, I am sure I have tried that too, I am rebooting I will try it soon. t
<lordievader> zartoosh: That was probably ctrl + alt + f[1-6], indeed.
<lordievader> However, a server should boot straight into tty1.
<zartoosh> lordievader, I did F2 key, but will try it soon again. thank you again.
<zartoosh> henkjan, lordievader  Yes the <ctrl> was missing now that issue is gone, thanks
<lordievader> ;)
<zartoosh> lordievader,  http://paste.ubuntu.com/7777127  and http://paste.ubuntu.com/7777134
<bitfury> I'm getting constant broken pipe messages when connecting to a server via ssh
<bitfury> ClientAliveInterval, CountMax and TCPKeepAlives have been adjusted on the server side
<bitfury> what am I missing? :\
<atpa8a> hello
<atpa8a> with vlans, can i assign an IP to both the vlan interface and raw interface?..
<atpa8a> basically... i want to have an untagged traffic and tagged traffic
<bekks> atpa8a: So not tag at all, not explicitely untag/tag.
<atpa8a> bekks: i mean... is it... auto eth0\n iface eth0 inet dhcp\n auto eth0.100\n iface eth0.100 inet dhcp\n raw_device eth0\n?
<atpa8a> dhcp here only for example
<bekks> atpa8a: No, that are two assignments.
<atpa8a> how can i do something like that?
<MACscr> ok, im doing pxe installs of ubuntu for my servers and it appears that plymouth is getting installed, which i dont see a reason to have on a server. Whats the best way to disable it from being installed or removing it alltogether?
<ikonia> just disable the splash option in grub
<MACscr> that doesnt do it
<ikonia> it does
<MACscr> no, plymouth still tries to load
<MACscr> plus i think its better to just not install it at all on a server
<ikonia> what are you trying to disable, the splash or the whole plytmouth process
<MACscr> all of plymouth
<ikonia> you're going to have problems doing that
<MACscr> why?
<justizin> anyone have any idea wtf is happening here? : http://pastebin.com/LRenJktv
<justizin> trying to set up amazon ses per http://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html
<MACscr> justizin: ask in #postfix
<sarnold> justizin: apparmor or selinnux or similar? check dmesg | grep DEN to see if apparmor is involved..
<justizin> nothing from dmesg | grep DEN
<justizin> apparmor doesnât have a process running, though i forget if it keeps one
<sarnold> it doesn't
<justizin> whatâs wierd is that strace says itâs trying to open the target file O_RDONLY, when itsâ job is to create it
<sarnold> is the open(.. O_RDONLY) an existence-check or something? that's strange..
<justizin> i guess it could be, but it seems odd that it would exit on no such file or directory, since it should be creating the file
<sarnold> justizin: try ls -ld / /etc/ /etc/postfix /etc/postfix/sasl_passwd.db -- see if the permissions look sane
<TJ-> justizin: can the postfix user read/write that file?
<justizin> yah i did, i mean, again, iâm root, and the target file doesnât exist
<justizin> it doesnât exist :)
<justizin> the error is not lying, but iâm confused as to why the program that should create the .db file fails when it doesnât exist
<justizin> https://gist.github.com/bitmonk/c1aac7825f28d57835c2 <- more detail
<TJ-> justizin: your 'strace postmap' is using the .db file as the input
<justizin> oh yeah, that was the wrong command
<justizin> han gon
<TJ-> justizin: while your at it, can you add the result of "ls -al /etc/postfix/" ?
<sarnold> justizin: so strange that it says "Permission denied" in the short-paste but "No such file or directory" in the strace output..
<justizin> sarnold: that, too
<justizin> no thatâs from my erroneous paste, new gist coming
<justizin> https://gist.github.com/bitmonk/3fecf9b13e02a408e82b
<justizin> so it is actually permission denied, that is less confusing
<justizin> except that i am root
<justizin> i am able to create that file with âtouch'
<TJ-> justizin: "open("/etc/postfix/__db.sasl_passwd.db", O_RDWR|O_CREAT|O_EXCL, 0644) = -1 EACCES (Permission denied)"
<justizin> right
<TJ-> justizin: The file it is failing for is "__db.sasl_passwd.db", presumably a temporary
<justizin> i can touch that as well
<sarnold> justizin: notice the line 299, it changes it's effective uid to 1006.
<justizin> ah
<justizin> itâs becoming postfix
<sarnold> hrm, shouldn't >1000 be for user accounts?
<TJ-> Yeah, it drops privs, which is why I asked if the postfix user has access to the directory
<sarnold> the postfix user doesn't have write access to the directory
<parallel21> can cifs be mounted over different subnets?
<sarnold> parallel21: afaik cifs can be mounted over the internet, no?
<justizin> yeah i chown-ed /etc/postfix to the postfix user and i get the same
<justizin> oh
<justizin> itâs becoming âhm'
<justizin> right because.. augh.. i hate this, i want so bad to undo it ;d
<justizin> we run _everything_ as one user, because no reason
<sarnold> :(
<parallel21> thanks sarnold
<justizin> and that does it
<justizin> thanks (facepalm)
<justizin> well, itâs actually wierd, hum, we run postfix as the postfix user
<justizin> ah it runs as the source file owner
<justizin> -o squashes that behavior
<justizin> obviously we should not be doing that
<justizin> but every time i try to change it in one place i get ramblings about following our existing practices ;d
<sarnold> so, how's the resume? :) all polished up and ready to go I hope? :)
<justizin> anyway thanks for bouncing ideas around w/ me guys
<sarnold> good luck justizin :)
<justizin> pff, iâm still relatively new here, i just have to smash some better practices into place
<sarnold> oh, okay, so it's not hopeless
<justizin> the problem is, noone is ever like âspend the next two weeks un-fucking our config mgmtâ
<justizin> no itâs just like years of bad habits woven into the code
<justizin> the rationale for doing it the stupid way is not so bad, which is basically that for the most part each machine only runs one thing, and if you break into that, you have access to anything very important on that machine
<justizin> but mail is an obvious exception
<sarnold> I can understand the point, but working against he assumptions of the software involved is another matter :)
<justizin> i totally agree, thatâs my counter
<justizin> iâm like okay but.. we get so much for free!
<justizin> it just doesnât feel that way because we are set in our ways about going against the grain, so years of changes in upstream behavior and packages have completely eclipsed us
<justizin> the attitude is often like âoh yeah you have to do that thing because <software package> is dumb'
<justizin> and itâs like no, itâs not dumb, it expects to have itsâ own user
<justizin> thatâs completely reasonable 1970s practice! ;d
<sarnold> haha
<sarnold> well, good luck fighting the good fight ;)
<justizin> yeh
<justizin> there are worse fates ;)
<sarnold> :)
<justizin> anyway tks
<MACscr> ok, got another question. I am provisioning my ubuntu systems with pxe and my finish template is failing and i have to hit continue for it to finish the install because of the failed exit code. Is there a log where i can see the error after it boots for the first time or should i be able to switch to another console window and see the error somewhere?
#ubuntu-server 2014-07-11
<gjpminingco> hey all i am needing some major help
<gjpminingco> I have a Server running Ubuntu Server 14.04, I have my Internet coming in on port em1 with a static IP, I want to Give Inet access to all my hardware on my switch that is connected to my server via em2 and i had it working but now after trying to install a dhcp server for all non static ip hardware i have lost internet access for my hardware on my switch
<sarnold> gjpminingco: check your IPs on your interfaces, routing tables, iptables rules, and ip_forwarding sysctl..
<gjpminingco> is there anyway i can keep my system from loosing it's Static IP every time i restart
<sarnold> gjpminingco: set the ip in /etc/network/interfaces ?
<gjpminingco> thanks
<gjpminingco> anyone any good at setting up ICS on ubuntu server and Also setting up DHCPD to run also
<sarnold> ICS?
<gjpminingco> Internet Connection Sharing
<sarnold> gjpminingco: ah. you probably want to research iptables snat -- the nicest description of snat and dnat I've seen so far is here: http://www.linuxquestions.org/questions/linux-security-4/iptables-dnat-snat-and-masquerading-264649/#post1341452 -- but perhaps there are better guides :)
<sarnold> gjpminingco: I'm lazy enough I'd probably try shorewall frontend first :)
<Patrickdk> :)
<Patrickdk> sarnold, it's required, when you have like 20+ vlans, and vpn's and other crap all going on in the same box
<Patrickdk> way too much to do by hand
<sarnold> Patrickdk: that's encouraging :) nice to hear there' ssomething that does a tolerable job with complex setups :)
<Patrickdk> ya, my first attempt at it was nice :)
<Patrickdk> a xen machine, like 5 different internal bridges, two external nics, and 6 vpn's
<Patrickdk> different vpn's where allowed different access to the internal bridges/xen clients
<Patrickdk> could be done by hand sure, but the mount of time for a simple change would have been painful
<zartoosh> hi what process creates /etc/network/interface file ? thx
<RoyK> zartoosh: vi
<zartoosh> RoyK,  no what I mean is, this file originally get populated with network interfaces , what process does this? thx
<RoyK> zartoosh: it's pre-built by the installer
<zartoosh> RoyK, okay I tried to modify its content through preseeding it failed... thanks
<DaD> DaD  Lo all.. Any sysops maintaining Ubuntu 14.04LTS AMP stack servers?
<slompo> hi
<slompo> A Brazilian?
<sarnold> slompo: there is #ubuntu-br
<DaD> Guys... I need some help
<slompo> thanks sarnold
<sarnold> slompo: you're welcome, have fun :)
<slompo> have people from all over the world here?
<slompo> you think it worth being set up a small host to host small websites and email accounts of small businesses? Or would it be better to leave it on account of the great hosts?
<sarnold> slompo: I suggest looking at email and web hosting differently; email is an absolutely miserable thing to host yourself but hosting your own website is not too bad
<sarnold> slompo: of course, handling spikes of web traffic (slashdot, daringfireball, etc.) can be pretty hard on your own, but that's not a problem most people have. keeping up on security fixes for your website software is the main task and that's also not terrible, just tedious most of the time :)
<slompo> I understand. I already have a server in digitalocean, but my emails are on dreamhost, and I suffer a bit with this. In Brazil we do not have very good service providers.
<slompo> -h
<slompo> bye, thanks
<lordievader> zartoosh: What you could do is modify the 70-net-persistent rule and change the name to eth0.
<liquid-silence> hi all, setting up a new mail server, should I just use postfix + sql backend? or would I need to think of dovecot
<peetaur2> postfix is a MTA... it doesn't give users their mailboxes. You need a thing like dovecot for that.
<liquid-silence> or courier-imap?
<liquid-silence> I am looking for something that does however give me the ability to create accounts via database or something
<liquid-silence> as it will be multi domain
<liquid-silence> but I also don't want to spend 10 hours when adding one account
<liquid-silence> peetaur2 so I presume I need to look at dovecot + postgresql?
<peetaur2> yes probably you want a database supported by both your MTA and whichever IMAP server you choose
<liquid-silence> ok dovecot it is, have not done this in a while though :D
<liquid-silence> mind if I ask some more questions?
<fathi_> anyone can help me please ?
<pds> any one around here that has xp with preeseeding and is will to help me out setting it up => already created the preseed file since it my first time doing so i would like to have a peerreview http://dpaste.com/1V7C296
<pmatulis> pds: what problem are you having?
<pds> well i would like to know how i can test it out
<pds> and if the preseed file is out
<pds> and if the preseed file is correct *
<peetaur2> pds: I put mine in the initrd on the netboot server
<peetaur2> pds: but that means you need a whole new initrd for each uniquely configured machine, rather than just a new preseed for each machine
<peetaur2> pds: which is fine for me... so if that's fine for you, I can tell you how to do that
<pmatulis> not many people are willing to comb a preseed file.  best is to try it, try to fix any resulting error, and then ask here if you need help
<pmatulis> pds: â
<pds> it may be a better idea if i can swap the preseed files at will, but at this moment i just want to get a PoC working
<pds> so let the beast go, and let's go nuts
<peetaur2> pds: so I don't know if you want it but if you do, here's what I do to pack the preseed into the initrd http://pastebin.com/iXDPDssb
<pds> what would be the effect of this?
<peetaur2> anything booting from your netboot will use the preseed
<peetaur2> assuming you set the dirs right ;)
<pds> spoiler: brace yourself newbie questions related to pxe booting and preseeding incomming
<ed8> hi, I'm working on a systemd services and when I try to run: systemctl daemon-reload
<ed8> I got: systemctl: command not found
<ed8> the 'systemd{,-shim}' packages are installed
<ed8> I'm running on a 14.04
<pds> i would like to pxe boot a ubuntu server 14.04LTS with the seed file i wrote http://dpaste.com/1V7C296.  After that i would like to use ansible do some configuration files.
<pds> so a) how can i pxeboot the server, b) how can i couple the preseed file that i wrote to do it's business (automate the installation) and c) how can i provide a custom script at the end to wget the ansible stuff and let it spin
<pmatulis> pds: netbooting, preseeding, and custom installation scripts is a big topic.  you will get better help here if you do some research beforehand
<pds> did so see resources
<maxb> pds: I had a quick look at your preseed.cfg paste. I quickly stopped looking at it because it was so mired in commented out stuff, I couldn't easily see the functional bits. In any case, preseed setup always ends up requiring actual testing. It's sadly not practical to expect to write a preseed which works first time
<peetaur2> he actually did quote resources before, which had all the steps...
<peetaur2> not sure why he didn't try them :D
<peetaur2> (yesterday I think)
<maxb> So, test it, and come back with questions if you can't solve how it breaks! :-)
<pds> for petes sakes how do i test in the first place
<peetaur2> pds: Yesterday, you linked http://digitalsanctum.com/2013/03/22/how-to-setup-a-pxe-server-on-ubuntu/ and I linked http://www.linuxquestions.org/questions/linux-newbie-8/automated-remote-installs-of-ubuntu-using-kickstart-802660/
<peetaur2> pds: and then I said those are fine, but use pressed instead of kickstart
<peetaur2> and you already have a preseed file, so just put it in the initrd, skip thte kickstart steps (which makes the web server obsolete also), and then try it, and come back with errors and confusion, but not just "please tell me all the steps on IRC" ... these guides already do that fine.
<maxb> pds: You test by attempting to run an installation
<maxb> "Try it out and see if it works" is a pretty simple testing methodology :-)
<peetaur2> yes
<peetaur2> and then you are welcome to come back with any errors or questions to resolve confusion
<peetaur2> but IRC is really not the place for pasting howtos
<peetaur2> howtos for very specific things, sure... but not for general things where the only specific part is your preseed file
<pmatulis> pds: truth be told, this stuff can be confusing due to the different ways to achieve preseeding.  are your targets virtual or real?
<mndo> Hi, I am having network problems on the guests of a kvm trusty server - pinging the guest goes from a couple of ms to several seconds.. any ideas?
<oro> hi all, any experience here with bcache?
<oro> udev screws up bcache* naming after each reboot. Ubuntu 14.04, bcache-tools from PPA
<rbasak> oro: I'd like to land bcache-tools in the archive proper, so I'm quite interested in the issue you have.
<rbasak> oro: but I haven't actually tried it myself yet. Let me know what you find though, please?
<oro> rbasak, http://pastebin.com/A9YBL9Ag
<oro> here you can see, that after two boots the bcache*  numbered devices get their names in different order
<oro> I want to have one disk SSD cache (/dev/sdn) in front of 11 HDDs (/dev/sd{b,c,d,e,f,g,h,i,j,k,l})
<oro> rbasak, also you can see the wrong registration order in dmesg
<oro> http://pastebin.com/vEjpKm00
<pds> pmautils following http://www.linuxquestions.org/questions/linux-newbie-8/automated-remote-installs-of-ubuntu-using-kickstart-802660/ atm
<pds> testing on virtuals
<pds> but the actual devices are real
<pds> the final project that is
<pds> so following the tutorial
<pds> sudo /etc/init.d/openbsd-inetd start =>  * Not starting internet superserver: no services enabled
<pds> @pmatulis seems like the tutorial you gave me could use an update
<pds> do you actually need openbsd-inetd
<pmatulis> pds: i didn't give you a tutorial
<pds> well you linked to http://www.linuxquestions.org/questions/linux-newbie-8/automated-remote-installs-of-ubuntu-using-kickstart-802660/ no
<pds> nmv that was peetaur
<pds> any way do you actually need openbsd-inetd
<pds> god darn it how hard can it be to find a decent source on how to preseed an ubuntu server 14.04 LTS
<pmatulis> pds: go for the original documentation.  you are referring to blogs and forums
<pds> #http://digitalsanctum.com/2013/03/22/how-to-setup-a-pxe-server-on-ubuntu/ #http://www.linuxquestions.org/questions/linux-newbie-8/automated-remote-installs-of-ubuntu-using-kickstart-802660/ #http://linux.opm.si/programska-oprema/ubuntu-14-04-network-install  #UNIX and Linux System Administration Handbook 4th Edition (Jun 2010) #page 417 - 419  #ftp://cpe-69-205-130-169.stny.res.rr.com/Public/E-BOOKS/Linux%20System%20Administrati
<pds> how many more do you need :)
<pds> give me a sec
<pds> here you go
<pds> http://dpaste.com/0FY7V8N
<pds> that all the stuff i read over the past 2-3 days
<pds> sp you can't blame for not trying
<pmatulis> pds: here:
<pmatulis> http://www.debian.org/releases/stable/i386/apb.html.en
<pmatulis> http://d-i.alioth.debian.org/doc/internals/
<pmatulis> pds: and i asked you a question but you did not answer, so i'm also trying to help you
<pds> i'm not blaming you i'm just getting a bit frustrated because i'm reading reading reading without having any  progress
<pds> what was your question i may have missed is because well i was reading
<pds> hmmm if is about real or virutal i did answer
<pds> testing on vm's because if i fuck up something it's easier to throw away and restart
<pds> but the final goal is psychical devices (hp thin clients) to be exact
<pds> around [13:33] to be precise
<pmatulis> pds: ok
<pmatulis> pds: you will need at the very least a web server to dish up the preseed files
<pmatulis> pds: you can point to those files in different ways
<pmatulis> ==> virt-install (for virtual installs) or pxe (needs dhcp,isolinx) are 2 popular ways
<LarsN> when using preseed to automate pxe installs of 12.04, I'm running into a small catch.  I have the following entry in my preseed file: d-i debian-installer/locale string en_US
<LarsN>  however the installer still pauses, waiting for me to specify which country I'm in.
<LarsN> Is the solution as simple as adding: d-i debian-installer/country string US
<LarsN> which I would have thought to be redundant?  Or is there another setting I need to include to get past the country string.
<ldelarosa> Hello guys I need some help, I just set up apache as reverse proxy and It's working with "http" but not with "https"
<LarsN> looks like d-i debian-installer/country string US did fix it.  Good to know.
<zartoosh> lordievader, thanks that worked.
<lordievader> zartoosh: Nice, good to hear.
<lordievader> Good afternoon.
<Demon_Jester> hey guys i have a linux based server at my home and im currently in the process of "hardening" it. I am wanting to know if anyone here that manages on linux based servers that setup alerts you for suspicious activity.
<sarnold> Demon_Jester: checking for apparmor DENIED messages is a good way to see if confined services or programs are being probed; checking dmesg for segfaults is useful; checking authentication times may be useful...
<Demon_Jester> well i mean im thinking of writing a script to send me alerts when im away if stuff has been modified or if it finds other things still wip
<sarnold> Demon_Jester: makes sense; apt-cache search tripwire shows some similar tools that may be helpful
<Demon_Jester> sarnold: ok thanks
<zul> hallyn:  ping
<patdk-wk> tripwire is nice
<patdk-wk> but also, tripwire is predictable, first thing people look for
<patdk-wk> just hope you get your security done good
<Trudko> hi guys I have ubuntu server where I have production code and I would like to easily create copy of that so I can run it locally in vm to test the code
<aandy> hi, anyone who has experience with carp on ubuntu? i'm using ucarp, but my question is general: i have a simple setup of advskew for master/slave of 1 and 100. it works as expected (slave takes over as master fails), but master regains the ip "too fast" (i.e. before a service has been started). which parameter is it i'm suppose to change to let the master be online for a bit longer before gaining the ip again
<hallyn> zul: what's up
<zul> hallyn:  how does lxc-snapshot work with unprivileged containers
<hallyn> zul: same way as with privileged containers...  it creates a overlayfs clone in a custom lxcpath
<hallyn> zul: the location has changed recently, so i'm not sure where it ends up in trusty
<zul> hallyn:  ok
<hallyn> it could be .local/share/lxcsnaps or .local/share/lxc/$container/snaps
<hallyn> stgraber: https://jenkins.qa.ubuntu.com/job/utopic-adt-cgmanager/27/ARCH=amd64,label=adt/console  i have no idea what is going on.  is it ok for the adt testcase to restart cgmanager with --debug and then print out the /var/log/upstart/cgmanager.log?
<stgraber> hallyn: sure
<Level15> hi. I am trying to install mantis bug tracker on ubuntu 14.04. According to https://launchpad.net/ubuntu/trusty/+package/mantis there is a mantis package for trusty, however, when i do aptitude search mantis i get nothing. Any ideas?
<hallyn> stgraber: ok trying
<sarnold> Level15: looking for the mantis source package itself shows a different story, only available for lucid, precise, saucy: https://launchpad.net/ubuntu/+source/mantis
<Level15> sarnold: hm, so that means the package does not exist for trusty?
<sarnold> Level15: that's whatthat looks like -- it was removed from debian eight months ago: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730121
<uvirtbot> Debian bug 730121 in ftp.debian.org "RM: mantis -- RoQA; RC-buggy, unmaintained" [Normal,Open]
<Level15> sighs
<Level15> thanks
<GrantK> When I ssh into my ubuntu 12.04LTS server, my login message announces: Your current Hardware Enablement Stack (HWE) is going out of support ... Install a newer HWE version by running: "sudo apt-get install linux-generic-lts-trusty linux-image-generic-lts-trusty"
<GrantK> but, when I exec that install cmd, it reports: "linux-generic-lts-trusty is already the newest version. linux-image-generic-lts-trusty is already the newest version."
<GrantK> Do I actually need the update? or is the message 'confused'?
<GrantK> checking `hwe-support-status --verbose` returns "Your Hardware Enablement Stack (HWE) is supported until April 2017."
<GrantK> which to believe?
<genii> GrantK: I'm inclined to believe hwe-support-status
<GrantK> genii: Checking versions manually, I'm 'correctly' updated, apparently.  Seems you're right. Nice if the notices get fixed -- but NBD if you know actual state.  Thx!
<bitfury> !info mysql-server
<ubottu> mysql-server (source: mysql-5.5): MySQL database server (metapackage depending on the latest version). In component main, is optional. Version 5.5.37-0ubuntu0.14.04.1 (trusty), package size 12 kB, installed size 130 kB
<lordievader> Upgraded to Trusty from Saucy like a smooth ride. Nice work Ubu server devs \o/
<bitfury> !info apache
<ubottu> Package apache does not exist in trusty
<bitfury> !info apache2
<ubottu> apache2 (source: apache2): Apache HTTP Server. In component main, is optional. Version 2.4.7-1ubuntu4 (trusty), package size 85 kB, installed size 462 kB
<bitfury> !info vtiger
<ubottu> Package vtiger does not exist in trusty
<ashd> sarnold:
<ashd> oops
<ghsh> hello
<ghsh> where can i ask some questions right here on channel or ?
<sarnold> ghsh: welcome to irc; irc works best if you just ask questions directly and wait around a little while for an answer
<Patrickdk> never
<Patrickdk> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<sarnold> sigh
<Patrickdk> bots where made to be abused
<Patrickdk> just if someone could get all my triggers programmed into it
#ubuntu-server 2014-07-12
<Super> Hello. I am having trouble with upstart. I don't know how to find the PID of a program Upstart started.
<sarnold> Super: see e.g. "sudo status atd"
<Super> Thanks.
<Super> The program I need to restart/start/stop starts using upstart but it is not in sync with /etc/init.d/program but the pid of /etc/init.d/program is correct. it points to /var/run/program/
<Super> What I want is to sync Upstart and Init.
<Super> For this specific program.
<Super> Somehow the PID aren't in sync between Upstart and Init.
<atpa8a> hmm
<atpa8a> what's the correct way to configure both untagged vlan and tagged vlan on an interface?..
<atpa8a> hmm
<atpa8a> both eth0 and eth0.1 get ip config?...
<dustinspringman> so... i'm trying to finish up my VPN aggregation server... and I've got all my routers that connect to the 14.04 server up and running... the only snag I've hit is getting my 12.04 server to route to all my routers via the 14.04 server.. anyone got some time to help me pinpoint my issue? Tunnel from 12.04 server to 14.04 server is UP.. Route shows UP.. Can ping from 12.04 to 14.04 and vice versa... just can't reach 1
<Trudko> Guys I have ubuntu server in production and I would like to copy it easily to my testing environment any tool to do it?
<lordievader> Good morning.
<ashd> Have an issue with 14.x LTS hanging after/on ârandom: nonblocking pool is initialized done.â during boot,  File systems are clean. trying various routes I have re-formatted swap, configured grub into console mode - It is a ESXi container which had an accidental hard shutdown, but that might not be the issue as i had not rebooted since the last update. What would be the next event after "random: nonblocking pool is initializedâ
<ashd> it looks like thisâ¦  http://screencast.com/t/GaIaYBMh7
<vedic> I am looking to use 12.04 LTS 64bit server for production use. This production environment will have 16 core process, 16 gb ram, 300 gb raid 1 hdd and panel to create virtual machines on it. As i read this link, it makes me feel like Ubuntu server is wrong choice: http://www.reddit.com/r/linuxadmin/comments/15lmqi/alright_whats_really_wrong_with_using_ubuntu/
<histo> vedic: what panel?
<vedic> histo: virtualization via VMWare
<histo> vedic: is there a question there?
<vedic> histo: Why ubuntu is not a good choice? Is it biased towards other OSes or its really true
<histo> vedic: Is what biased?
<vedic> histo: http://www.reddit.com/r/linuxadmin/comments/15lmqi/alright_whats_really_wrong_with_using_ubuntu/
<cfhowlett> vedic I'm not an admin, but after scanning the article, couldn't the same be said of - well - ANY distro?
<N0DE`> vedic ...depends on what you wanna do ...
<vedic> NODE`: like what
<N0DE`> my company had to switch from Ubuntu to Centos ...because we prefer stability, predictability over edge / updates
<N0DE`> we deal with dozens of cassandra servers, some virtualized in xen ...currently moving into cloudstack too
<N0DE`> Ubuntu is still one of my fav OS to play around with things... because of its large packages and stuff.
<histo> N0DE`: what kind of release cycle does centos have?
<histo> N0DE`: that offers more stability that its
<histo> s/its/is?/
<N0DE`> Centos do not update libraries too frequently ... thats why their repos are way behind and most of the time you have to do self compilation on trying out new things.
<N0DE`> i still remember centos 6.5 still being on python 2.6 libraries for example
<histo> N0DE`: lts versions of ubuntu are supported for 5 years
<N0DE`> nonetheless ... seasoned admins ... should be well aware before applying updates and know what they are updating... the convenience of apt-get dist-upgrade as such created alot of complacent admins ...not really understanding what they are updating and then complains.
<histo> true
<N0DE`> :P
<N0DE`> i have a fair share of nightmares running centos as well .... so i would just say, go with what you a comfortable and familiar with.. and look through on the level of difficulty to achieve the setups / softwares you will be running
<N0DE`> there is no one size fits all IMHO
<MACscr> hmm, got a server where the udev names dont seem to have been applied to my network interfaces after a reboot. Any suggestions?
<MACscr> im running 14.04
<dustinspringman> anyone around familiar with pptp routing?
<RoyK> imho pptp should be shot in the neck and dumped on deep water, but that's another story :P
<fabske> Helo
<fabske> I have a big problem
<fabske> with our server
<fabske> I have installed ubuntu server 12.04 on a 250gb harddisk
<fabske> no i have a new harddisk, 3TB
<fabske> so i changed the harddisks and installed ubuntu server 14.04 64bit
<fabske> but i cannot go online with it :(
<fabske> the ethernet adapters are em1 and p4p1
<fabske> i copied the /etc/network/interfaces from the old harddisk to the new one
<fabske> but i cannot set up a network connection
<RoyK> fabske: 14.04 uses bios names for the ethernet adapters by default
<RoyK> fabske: guess your old interfaces file had names like eth[01]
<fabske> yes
<fabske> and i already tried to change them to p4p1
<fabske> even following does NOT work:
<fabske> auto p4p1
<RoyK> ifc	  
<fabske> iface p4p1 inet dhcp
<fabske> it does not get an connection..
<fabske> ifc?
<fabske> RoyK, what can I do?
<RoyK> pastebin ifconfig -a
<RoyK> !pastebin | fabske
<ubottu> fabske: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<RoyK> that may be a little hard without a network connection, though :P
<fabske> i can just copy the text manually..
<RoyK> fabske: two NICs? is that for routing/firewalling?
<RoyK> and if so, are you sure which is which?
<fabske> i am sure!
<fabske> and now it works!!!
<fabske> i can ping my laptop!
<RoyK> :)
<RoyK> what was wrong?
<fabske> but i cannot ping web.de
<fabske> i am sure it changed eth1 to p4p1 last week and tried..
<fabske> this time i did again and now it works..
<RoyK> not all websites allow ICMP ECHO
<RoyK> I can't ping web.de eitheer
<RoyK> oh
<RoyK> I can
<fabske> now i need to add nameservers
<fabske> how can i add the nameservers?
<RoyK> fabske: normally 'dns-nameservers' in the interface block in interfaces
<RoyK> and dns-search for listing search domains
<fabske> i have a bridge br0
<fabske> in my interfaces
<fabske> it is ok to add it there?
<fabske> until now it wasnt there
<RoyK> do you need a bridge?
<RoyK> if not, why is it there? ;)
<fabske> i need a bridge
<fabske> because i have virtual servers their
<fabske> ok, it works! :)
<fabske> but i cannot connect by ssh :(
<RoyK> fabske: pastebin output of ifconfig
<xop> Hello. I am hosting a website behind a nat router and i tried port fowarding port 80 to the hosting server but all http request from all devices from my network ended up going to the server (all 404ed). How can I get around with this?
<TJ-> xop: The router should only port-forward port 80 TCP arriving on the public interface, not on the private interface(s)
<xop> sorry for sounding like a noob but i cannot see that option on web-based router config
<xop> what category might tha comes under
<TJ-> xop: Sorry, can't help you there, best to read the manual
<dustinspringman> alright fellas, I'm stumped on a pptp routing problem...
<dustinspringman> Ive got 14.04 pptp server.... I have 12.04 connected to it... I also have about a dozen routers connected to it... 14.04 can ping all the remote LANS... 12.04 cannot reach remote lans... LAN's can't reach eachother..
<dustinspringman> when I do a tcpdump -i ppp0 icmp and run a ping from 12.04 to XYZ Lan, I see the traffic coming into the 14.04.. buuuut.... what appears to be the issue is that locally on the 14.04 routing is working, but the forwarding (although its enabled) is not.. its trying to forward packets out the eth0 instead of the appropriate pppX of the LAN it is destined for..
<dustinspringman> i thought about POSTROUTING MASQ rules, but I don't want to masq traffic between LANs, I need it to be purely routed..
<CripperZ> i definitely will be banned, but for those who dont understand what is happening Israel / Palestine, watch this summarize animated video. Ignore it and you be as good as killers. Imagine China conquers islands of PH, Malaysia, Japan and u go thru the same exact war - https://www.facebook.com/photo.php?v=339032919583669  ...remember nothing is impossible, just like Russian annexed Crimea.
<TJ-> dustinspringman: Have you scrutinised the routing tables of the 14.04 server to ensure all subnets are unique?
<dustinspringman> TJ-: yes, numerous times.. from the 14.04 I can reach all remote LANs.. its something with the LAN-14.04-LAN forwarding or firewall or something... I see the packets from LAN1 destined for LAN2 in the 14.04 on a TCPdump, just dies out on th 14.04 as if its blocked or has no route..
<TJ-> dustinspringman: the 12.04 host is a PPTP client connecting to a 14.04 PPP interface?
<dustinspringman> correct
<dustinspringman> and I can ping from 12.04 to 14.04 on the vpn subnet
<TJ-> dustinspringman: have you done a tcpdump on the target host to see if the packets arrive there? I've seen this many times where the remote host doesn't have a route for the return path and thus no replies arrive. You're sure the packets are going astray on the PPTP server before being sent out?
<TJ-> dustinspringman: can you pastebin "ip addr && ip route ls table all" ?
<dustinspringman> TJ-: from which host?
<TJ-> dustinspringman: sorry, on the PPTP server
<dustinspringman> yeap
<dustinspringman> TJ-: one sec
<dustinspringman> http://pastebin.com/MqHkWWzp | checking on the remote LAN interfaces to see if packets are arriving now..
<TJ-> dustinspringman: which subnet is the 12.04 host in?
<dustinspringman> TJ-: Only the PPTP assigned subnet of 172.31.254.0/24.. specifically .199
<TJ-> dustinspringman: so, ppp4 ?
<dustinspringman> that server has no LAN hosts, so I have nothing to route back to it aside from snmp and icmp traffic.. so the 12.04 effectively connects to the 14.04 to look at the remote LANs for monitoring... (just a looking glass, not a participant in any lan functions)
<dustinspringman> TJ-: correct, ppp4 as of now (those are assigned dynamically in the config FTR)
<dustinspringman> TJ-: waaaaaaaaiiiiittttttt a minute...... WTH... i've not changed anything and it's working now..... what in that actual f#ck.!
<dustinspringman> i'm reaching 172.16.199.0/24 subnet from the 12.04 now without issue....
<dustinspringman> TJ-: Ah ha! You were right sir!! It was the return route issue!! the others don't have the return route yet, only the x.x.199.0/24 does! that appears to be the common denominator!
<TJ-> aha! seen that so many times I've learned to check that first :)
<dustinspringman> TJ-: ya know.. i should have known that.. .I've run into that before.... I just completely spaced it!! Been working on this for hours!
<TJ-> Yup, that's happened to me... the 'clues' from the server are deceiving
<dustinspringman> TJ-: I gues sometimes you just need a fresh pair of eyes! Thanks for the help man!
<TJ-> I generally tcpdump the outgoing interface to ensure packets are heading to the target, and if nothing comes back, I'm pretty sure its a routing issue at the far end
<dustinspringman> TJ-: indeed! very deceiving because it acts like a firewall issue.. doesn't give you crap.. it would be nice if there was some sort of "no route to host" message spat back at you like "no return route from host".. I guess there's probably issues with doing that or the ITF would have done it by now...
<dustinspringman> TJ-: that's right were I was in my debug when I jumped on here... You just sped me up quite a bit
<TJ-> dustinspringman: I assume the target was routing the replies out on its default interface ... as it ought to ... and therefore the next-hop router would be the one saying "no route to host"
<dustinspringman> TJ-: true true.. or on some ISP's, where they use 172's for management, I could have been sending packets to a device or network that exists but is firewalled... I've done that before too.. Worst is when the devices on their network respond to icmp but have no discernable services open that can tell you what the damn thing is! That's always fun trying to figure out "is that mine? no, thats not mine, is it?"... had th
<TJ-> :)
<dustinspringman> TJ-: Thanks again for the help man, I'm gonna take a break for a bit then finish adding the routes to the remote lans. Take it easy man
<RoyK> damn dihydrogenmonooxide
<RoyK> makes us die
<bekks> We need to prohibit it, actually.
#ubuntu-server 2014-07-13
<_jp> hey all. I'm dealing with the notorious stale NFS file handle problem. I can't unmount or remount. Is there any way to solve this without rebooting?
<_jp> I've tried lazy unmount, and forcing
<_jp> The NFS server had to be rebooted, but the share is available again.
<_jp> Any way out of this?
<cfhowlett> _jp ##linux might know
<_jp> k
<racecon> getting started on virtualization for a couple of headless servers running 14.04, would kvm or xen be the way to go?
<andol> racecon: I'd go with KVM, both because of it having more momentum in general as well as it being better integrated in Ubuntu.
<racecon> thanks for the input.  it seemed like kvm was somewhat preferred in some forum posts I read.
<Guest92124> Hello.  I am looking for help in getting DNS working.  Everything is loading, loags are being written, no firewall to port 53.  When I tyr dig, it returns status: SERVFAIL
<Guest92124> Oh and I am running LinuxMint
<lordievader> Good morning.
<ashd> morning world.  i have a system hang at this point - http://screencast.com/t/1PV6XFQFav - file system is clean - all packages are good but it will not complete the boot process 14.04 LTS
<lordievader> ashd: Did you create a custom initrd?
<ashd> lordievader: no, was completly out of the box with updates
<ashd> lordievader: and thinking that soemthing was wrong i âapt-get install --reinstall initramfs-toolsâ - but is still broken
<SierraAR> I'm looking for a web based file manager I can setup on ubuntu server 12.04, that should only have access to a specific folder and access files/folders as a specific user (The folders are in a users /home directory, not in /var/www/
<lordievader> ashd: You could try recreating your initramfs, "sudo update-initramfs -u"
<SierraAR> Also, if any ops are around, someone in this channel sent me a random PM with a link I'm not clicking when I joined
<SierraAR> [02:08] <kikinii> show gratis (solo hooy) --> (Link removed so nobody clicks it)
<ashd> SierraAR: I had that as well.. blocked and deleted
<ashd> lordievader: iâll give that a go - 48 hours and i am still no closer to getting a clean boot.
<lordievader> ashd: Oh, do you have some kind of a special setup?
<ashd> lordievader: well, is dedicated to virutalmin - it is in an ESXi container but apart from that a fresh install of 14.04 LTS
<ashd> lordievader: well, fresh, two weeks old
<lordievader> No raid or something? Uefi? That sort of thing?
<ashd> lordievader: No raid, ESXi disks only, one disk LVM set up for /root and swap
<ashd> lordievader: sda1 = bootâ¦.
<ashd> lordievader: all pretty out of the box really
<ashd> lordievader: it is in the init phase that it breaks.. but i am stuck getting some logging out of that.
<lordievader> ashd: lvm2 is installed I take?
<ashd> lordievader: well it was.. - and as i can work with the disks in rescue mode it is working i suppose.. i can boot in with break=init and housekeep etc, all the disks are clean and the packages up to date.
<ashd> lordievader: i have not specifically looked at LVM yet, was looking at systemd - upstart - random
<lordievader> Well lvm support needs to be in the initrd/initramfs.
<ashd> lordievader: the system was booting fine untill the host had a crash on friday AM, lvm is in the initramfs as i can boot=init and work with the file systems etc
<ashd> lordievader: or perhaps i should look into this.
<lordievader> ashd: Have you checked the filesystems for errors?
<ashd> lordievader: all clean - and all packages are good - i have re-installed upstart - systemd - and a few others all without issue
<SierraAR> Ok, new problem.. I was having an odd error with webmin on my 12.04 server, so I went to uninstall and reinstall it... Suddenly, when I run 'sudo apt-get install webmin', it's telling me it's unable to locate package webmin. I'm tried running a sudo apt-get update, but no luck
<ashd> SierraAR: grab the package from the webmin site and dpkg -i webmin.xxx
<ashd> SierraAR http://sourceforge.net/projects/webadmin/files/webmin/1.690/webmin_1.690_all.deb/download?use_mirror=softlayer-ams
<SierraAR> Right.. completely forgot it's not in the repositories. That through me off because apt-get remove worked xD
<lordievader> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<lordievader> SierraAR: ^
<SierraAR> Wonder if that's related to why webmin was giving me invalid request errors
<ashd> ubottu: when was this decision taken?
<ubottu> ashd: I am only a bot, please don't think I'm intelligent :)
<ashd> ubottu: i was only asking...
<ubottu> ashd: I am only a bot, please don't think I'm intelligent :)
<ashd> !virtualmin
<lordievader> !ubottu
<ubottu> Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://ubottu.com/factoids.cgi | Usage info: http://ubottu.com/devel/wiki/Plugins | Bot channels and general info: https://wiki.ubuntu.com/IRC/Bots | Make a clone of me: /msg ubottu botclone
<SierraAR> Hm.. Out of curiousity.. If I wanted to setup an interface on an ubuntu server I want to access through VNC, is that possible?
<SierraAR> I.e. setting up a simple desktop environment with a vnc server, that starts on boot
<lordievader> SierraAR: Yes it is possible, however it ain't recommended. VNC isn't very secure.
<SierraAR> lordievader: If I'm using a realvnc license with encryption, and it only accepts tunnelled SSH connections (AKA localhost only)? I'm not actually sure if doing that makes anything more secure
<ashd> SierraAR: put up a VPN and keep it inside that
<SierraAR> Pretty much everything on my server only responds to localhost, and my SSH user only accepts a private key
<lordievader> ashd: By the by, from the break=init busybox are you then able to continue the boot process?
<ashd> lordievader: no, i can work with the system but when i exit out of it - it hangs
<lordievader> Hmm, you where able to mount your disks right?
<ashd> lordievader: yes, and check them, and after mounting proc and dev i can install uninstall using apt-get / aptitude etc.
<lordievader> Pff, that is really strange...
<ashd> lordievader: yes, and i would really like it not to be strange - i am about to ditch ubuntu for centos 7 for this application - if i cannot work out WTF is going on - how can i be sure it will not happen again.
<ashd> lordievader: i actually suspect it is something simple, just need to get a handle on it.
<lordievader> Heh, CentOS is even wierder :P
<Guest92124> exit
<Guest92124> quit
<ashd> lordievader: eveyrhing is weird untill you understand it -
<lordievader> !info initscripts
<ubottu> initscripts (source: sysvinit): scripts for initializing and shutting down the system. In component main, is required. Version 2.88dsf-41ubuntu6 (trusty), package size 27 kB, installed size 219 kB
<lordievader> ashd: Is ^ installed correctly? (Reading an old bug report, they mention that package)
<ashd> lordievader: i everything checks out ok - BUT i will reinstall it now (i think that is one of the re-installs i ahve already done)
<ashd> lordievader: apt-get update ran clean
<ashd> lordievader: sudo dpkg --configure -a = clean
<lordievader> ashd: sudo apt-get dist-upgrade?
<ashd> lordievader: no dist-upgrade availabe for 14.04 LTS
<ashd> lordievader: but i did run it anyway
<ashd> lordievader: so initscripts is now âreinstalled
<ashd> lordievader: exit from busybox gives me http://screencast.com/t/24rw4aIs
<ashd> lordievader: will re-boot and see
<ashd> lordievader: does not look any better.
<ashd> will leave it for a while and see if there are any developments while i look up that last screencast
<lordievader> ashd: Well it's different, different is sometimes better ;)
<ashd> lordievader: yes, was different when exiting busybox.. but not in the normal boot.. BUT i thought selinux is replaced by apparmour in 14.04LTS
<ashd> lordievader: i am looking into that now
<ashd> lordievader: well re-installing apparmor did not do anything useful
<lordievader> ashd: You don't run a custom kernel, right? Just the generic one?
<ashd> lordievader: generic - and i have re-installed it too
<lordievader> Hmm interesting on my machine the /sys/fs/selinux does not exist either.
<ashd> lordievader: is 10.04?
<ashd> lordievader: basically - i have been looking at this since friday AM - and i am nowhere nearer sorting it out.
<lordievader> Ah, are you running 10.04?
<ashd> lordievader: no 14.04 LTS
<lordievader> ashd: Ah ok, running Trusty here too.
<ashd> lordievader: have started installing centos in another container - if i cannot understand this - then i cannot trust it to be in production
<lordievader> Well this shouldn't happen. I have never seen it to be honest.
<ashd> lordievader: yep, i have never seen the, nor has anyone else i have spoken too.. there are some threads on the net about similar boot problems, but nothing seems to help or actually be relevenat to the problem.
<lordievader> Reinstall of Trusty ain't an option?
<ashd> lordievader: so it can happen again? there should not be an issue that cannot be fixed by the sysadmin for the machine - re-installing because i donât understand is the microsoft way
<ashd> lordievader: it will be on the same hardware - same software - basically virtualmin pro - so once i get sites going live i really donât want this to happen again.  and given what the bot just said about webmin, which is what virtualmin is built on
<ashd> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<linuxthefish> hi, does ubuntu server have wifi utility in by default?
<linuxthefish> like to configure wifi networks
<lordievader> linuxthefish: On a Trusty vm of mine they seem to be available.
<linuxthefish> <kikinii> show gratis (solo hooy) --> http://s422803032.mialojamiento.es/
<linuxthefish> what is this?
<lordievader> linuxthefish: A spam bot. Just ignore the bot.
<linuxthefish> oh
<linuxthefish> thanks though, ubuntu server time!
<Maddeth> Hi guys been having a kernel panic: "kernel panic-not syncing: VFS: unable to mount root fs on unknown block(0,0)" it's on a VM, I have tried numerous backups, and different kernels, re-installing grub, /boot is not full, I have performed and apt-get autoremove but nothing appears to be working
<Maddeth> I have also tried installing new over the top without formatting the original disk, it runs fine, but reboots with the same error
<Maddeth> If it wasn't for the fact I have tried backups from 30 days ago, I would have pointed at the vmdk
<Maddeth> but, I am at a loss
<Maddeth> anyone have any experience, or idea as to what I can try next?
<Maddeth> I have already replaced the server that died, but I really want to get to the bottom of this
<lordievader> Maddeth: What kind of vm is it?
<lordievader> KVM?
<Maddeth> ESXi
<Maddeth> lordievader: v7
<lordievader> Does it use LVM?
<Maddeth> No
<Maddeth> lordievader: not through my choice ;)
<ashd> Maddeth: create a new VM and use your existing disks
<lordievader> The VM uses a standard Ubuntu kernel I take?
<Maddeth> lordievader: yes
<Maddeth> ashd: hmm, good shout, I will take a look
<ashd> Maddeth: actually, install a minimal fresh and then you know it works
<ashd> Maddeth: then swap out the vdisks
<Maddeth> ashd: same issue (without doing a minimal fresh first)
<Maddeth> taking a break, off on lunch for a sec :)
<nerium> Have anyone here heard about a software called Linux_time_y_2?
<nerium> My server has been "infected" with this file and is doing a ton of DNS requests against a server
<nerium> Its being ran as the elasticsearch user and I'm not sure how it go into the system
<dasjoe> nerium: this gives a good summary about what happened to your box and what to do now: http://www.gossamer-threads.com/lists/wiki/wikitech/482149
<nerium> dasjoe: Awesome, thansk!
<Maddeth> ashd: lordievader: Trying it on a different host now, see if that makes a difference
<punkgeek> i need encodeing my php file in /var/www/html, what should i do? :-?
<Patrickdk> what do you mean
<psih0man> hello! I'm trying to start a LXC on an Ubuntu 14.04 host but it is giving me an error about the mounts and it won't start; the container was created with lxc-create -n container -f container.conf -B loop. here are the config, fstab and log files: http://dpaste.com/0V445J0
<psih0man> what whould fstab contain in this case?
<alison412> hi all. i am trying to upgrade using do-release-upgrade. i am over ssh and lost my connection. no worrries, it starts screen when it starts. except now it wont accept my user password. i am logged in as root right now but im not sure what to do without breaking it. help.
<marshall> hey ubuntu
<marshall> what's the easiest way to setup single-sign-on? I don't want to have to setup all my users, groups and home directories on every machine
<jrwren> copy your passwd adn show files around?  :)
<jrwren> its not a good solutino, but its the easiest.
<marshall> i've used LDAP and, it's anything but it's pretty precarious
<marshall> every apt-get upgrade on the client breaks ldap auth
<Patrickdk> it depends what you want sign-on for
<Patrickdk> and what you need to support
<Patrickdk> personally, I'm using just about everything :)
<Patrickdk> ldap, radius, pam
<Patrickdk> between those, pretty much have everything covered
<Patrickdk> you could go more modern, and to saml
<tjbenator0> So when I set "mailbox_command = /usr/lib/dovecot/deliver" in postfix I get an error
<tjbenator0> which says there is a configuration error with dovecot. When I use "dovecot -n" it returns no errors
<Patrickdk> that is to be expected
<Patrickdk> if you switch to lmtp instead, you won't have issues
<marshall> Patrickdk: i think i want to give saml a try
<tjbenator0> I found some instructions here: http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP... Tried it and now I'm getting Undeliverable email stating the user doesn't exist
<tjbenator0> Oh wait, I think i fixed it ;D
#ubuntu-server 2015-07-06
<lordievader> Good morning.
<sarthor> HI, python packages are not installed . how to change software source,
<lordievader> sarthor: What python packages? And what errors do you get?
<sarthor> sudo apt-get install python-cups python-dateutil python-decorator python-docutils python-feedparser python-gdata python-geoip python-gevent python-imaging python-jinja2 python-ldap python-libxslt1 python-lxml python-mako python-mock python-openid python-passlib python-psutil python-psycopg2 python-pybabel python-pychart python-pydot python-pyparsing python-pypdf python-reportlab python-requests python-simplejson python-tz python-unicodecsv pyth
<sarthor> on-unittest2 python-vatnumber python-vobject python-werkzeug python-xlwt python-yaml wkhtmltopdf
<sarthor> changed these in source.list .. Worked. deb http://suse.uni-leipzig.de/pub/releases.ubuntu.com/ubuntu/ trusty main
<sarthor> deb-src http://suse.uni-leipzig.de/pub/releases.ubuntu.com/ubuntu/ trusty main
<sarthor> deb http://ftp.freepark.org/ubuntu/ trusty main
<sarthor> deb-src http://ftp.freepark.org/ubuntu/ trusty main
<lordievader> !paste | sarthor
<ubottu> sarthor: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<sarthor> Ooh. Great bot. OK.
<pmatulis> sarthor: what happened to nginx yesterday?
<sarthor> pmatulis, was unable to install yesterday. but today i changed a lot of software source from here " https://launchpad.net/ubuntu/+archivemirrors " the one I pasted here, worked.
<sarthor> pmatulis, no no . .nginx is still not installing.
<sarthor> pmatulis, E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/nginx_1.4.6-1ubuntu3.1_all.deb  Connection failed [IP: 91.189.91.15 80]
<sarthor> Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
<sarthor> I did that apt-get update --fix-missing but no result.
<lordievader> Mirror out of date?
<sarthor> lordievader, where to find the FRESH one. here is some lists but no success https://launchpad.net/ubuntu/+archivemirrors
<lordievader> Use the main archive.
<lordievader> http://archive.ubuntu.com/ubuntu/
<sarthor> lordievader, Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/main/binary-amd64/Packages  404  Not Found [IP: 91.189.92.200 80]
<sarthor> showing this all the day " 0% [Waiting for headers] "
<sarthor> used " deb http://archive.ubuntu.com/ubuntu/ trusty main " and " deb-src http://archive.ubuntu.com/ubuntu/ trusty main "
<lordievader> Hmm, that file ain't there. Let me see if I get the same error.
<lordievader> Nope, no problems here with those sources.
<lordievader> I wonder why it tries to get that file.
<joners> Can anyone give me a hand with some ssh keys?
<joners> ive created a public/private keypair using putty gen. I want two different servers to be able to talk to each other, i understand that ive got to add the public key to the remote server and the private key would stay on the local server
<joners> Ill potentially have several other servers which may want to also communicate via ssh to the remote server using the same keypair, do i simply just add the private key to each local server?
<bekks> joners: For two servers (which arent running putty), generate a keypair on each server, and exchange the public keys.
<bekks> Putty has nothing to do with it.
<joners> if im already connected to one of those servers using ssh it wont screw up anything or ask for a new key will it?
<bekks> joners: I assume both servers have valid keypairs. Now configure server A to accpet the key of server B, and vice versa. No need to generate new keypairs.
<joners> thanks, i havent generated any keypairs with them just connected via ssh after the install
<bekks> joners: So if both servers dont have keypairs, you need to generate them.
<joners> cool, will try that now. Thanks for the help
<teward> rbasak: ping, when you get a moment can you start a parallel thread to the release team one with the tech board?  Release team says the TB should weigh in
<teward> (the nginx request for exemption at LTS time)
<rbasak> Daviey: ^^ thanks for the reply, but why a parallel thread?
<rbasak> Daviey: won't that just confusingly fragment the conversation?
<Daviey> rbasak: Really, just because i think it is rude to bring in a senior board as referral mid-thread, without a summary.
<Daviey> But whatever, I won't cry if you bring them in. :)
<teward> Daviey: i'm still hunting analytics, but i may be forced to manually pull them all
<teward> which is a headache but doable
<teward> (especially with that tool causing LP to error on its data pull)
<Daviey> teward: That sucks, I had no idea it wasn't working.
<teward> Daviey: yeah, well, it's trying to pull all the data from 2k13 forward in one go
<teward> and I'm not fluent enough in C to go digging to make it pull in smaller sets
<teward> as I said I *can* pull stats, run them through my splunk instance for visualization generations..
<teward> but eh
<teward> kinda more important right now for me to get my systems to ping to my Landscape server... i hate self-signed certs though
<teward> Daviey: i spent about 25 minutes on #launchpad seeing if it was their side, turns out the tool is just pulling too much data
<Daviey> teward: Ugh, i didn't remember it being in C!
<teward> i could pull from the staging PPAs if you'd like
<teward> they're far newer
<Daviey> teward: I was sure there was a python version...
<teward> but you don't get as nice analytics
<Daviey> teward: I don't think it is essential, it was just a nice data thing to add to the discussion
<rbasak> Daviey, teward: I'm interested in the difference of opinion about whether to follow upstream git HEAD or not.
<teward> Daviey: indeed.  ehhh this will have the same issue
<rbasak> What Daviey said makes sense for Openstack.
<teward> rbasak: s/git/hg/
<rbasak> I'm wondering whether that applies to nginx here though.
<teward> rbasak: replace nginx with apache and ask the question
<rbasak> Because Openstack users don't really expect to consume Openstack in a stable way until it's actually out upstream.
<teward> since that's the nearest analog
<teward> s/analog/similar package/
<teward> rbasak: i don't think it makes sense to track upstream hg for this - we'll end up with half-developed functions
<teward> Daviey: ^
<Daviey> rbasak: Are you expecting people to consume the version released with LTS, then be happy to jump to a major new version shortly after?
<rbasak> Server users wanting a particular nginx will generally install the Ubuntu LTS that comes with the nginx that they want.
<teward> Daviey: from a changes perspective, 1.10.x is cut from 1.9.x
<teward> Daviey: that is to say, the actual delta will be minimal
<teward> except for the potential of a new feature added in or finalized in development, with bugfixes as well
<rbasak> Daviey: what teward says. The 1.9 to 1.10 bump is actually a no change branch AIUI, much like moving off rc.
<Daviey> Ah, i did not know that.
<teward> Daviey: the same happened from 1.6.x/1.7.x to 1.8.x/1.9.x -
<rbasak> Except that upstream effectively keep 1.9 ("mainline") production ready at all times.
<teward> in that 1.8.x is cut from the 1.7.x branch
<teward> and 1.9.x is the in-development branch
<teward> rbasak: with their tagged releases, yes
<rbasak> Right
<teward> not necessarily the same with the upstream repo
<rbasak> brb, need to make a call
<teward> ack
<Daviey> I think the question still unclear to me is.. What will cause the least surprise to users of the next LTS?
<teward> Daviey: i think sticking with stable will make them ask "WTF"
<teward> Debian has actually had a req for mainline packages
<teward> and during when they track stable they ahve the same req and it's refused
<Daviey> Will it be, shipping a pre-release of the upstream LTS or the odd version point release number from prior?
<teward> IDK why they do it that way but...
<teward> Daviey: I... don't follow?
<teward> sorry i'm still not at 100% - the holidays threw me a loop
<teward> my sister decided to get me drunk and i have a headache from that still >.<
<Daviey> teward: I mean, we are currently talking about the next LTS, what version is put in there at _release_ time.
<rbasak> I don't think there's much scope for users to be surprised by a version bump in nginx within a month or two of LTS release.
<Daviey> teward: nice
<teward> Daviey: correct.  From 1.9.x to 1.10.x is not going to be a huge surprise
<teward> Daviey: prior to release, it'll likely have 1.9.x tracking Debian
<Daviey> rbasak: Right, so - releasing for the 1-2 months of a hg snapshot, then updating to final VS a major version jump in that 1-2 month window? right?
<Daviey> Which one of those will cause least surprise to users?
<teward> Daviey: then we run the 'Untested Bug Explosion" issues at LTS time
<teward> if it takes nginx a week to go from 1.9.x to 1.10.x and they have bugs in there, which cause crashes, is that really the better option?
<Daviey> does upstream stack all of their testing to the last week before release?
<teward> Daviey: no, however we have no guarantee there's not a half-developed feature in there
<Daviey> In that 1-2 month window, what causes it to become stable - enough that we'd be happy jumping major versions as a SRU?
<Daviey> teward: right.  I am wondering if a release note stating that for 1-2 months nginx is a tech preview until it is updated.. vs throwing in an older version and possibly making the user experience worse by jumping feature versions post release
<teward> Daviey: that's going to be a consideration either way for the Universe packages
<teward> in that any version bump might need a corresponding third party module version bump for FTBFS fixes
<teward> which i've seen 3 times iwth the 1.9.x branch so far
<Daviey> right
<teward> (especially the nginx-lua module, although there's a different discussion there)
<teward> (with regards to Lua)
<teward> (of which i think i've discussed briefly with rbasak)
<Daviey> rbasak / teward: Have you thought about keeping 1.9 in universe for release, then adding 1.10 in main post release?
<Daviey> Is that a better solution ?
<teward> Daviey: we'd have to demote nginx-core
<teward> or remove it
<teward> (nginx-core was specifically created for the MIR)
<Daviey> right
<rbasak> We could do that, but what would that achieve?
<rbasak> (demote then promote later I mean)
<Daviey> rbasak: No, i mean having two versions in the archive.
<rbasak> Oh.
<rbasak> That's be a bit painful :-/
 * teward shivers
<rbasak> (in terms of maintenance work, etc)
<Daviey> indeed
<rbasak> For version, if the choice is between hg snapshots or 1.9 releases, I think I favour 1.9 releases. They're effectively stablised hg snapshots from upsteam AIUI.
<teward> that's an accurate representation
<teward> and 1.9 releases are tagged in hg, if we really wanted to pull from there (but they match the tarballs0
<rbasak> Perhaps an analogy to Openstack is following RCs instead of upstream git?
 * teward throws Apache out the window
<teward> sorry, i'm annoyed at a VM right now >.<
<Daviey> So this is interesting, not much happened between 1.7.12 -> 1.8.. Really just fixing a compile issue.
<rbasak> Right, because the last 1.7s are effectively RCs for 1.8.
<Daviey> Right
<Daviey> I didn't know this.
<rbasak> Though there's no feature freeze rule AFAIK.
<teward> AIUI there's no feature freeze there, no.
<teward> okay, i need a walk otherwise i'mma throw servers out the window next, back in a few
<Daviey> I am guessing there is no 1.9 point release schedule ?
<teward> Daviey: none
<Daviey> teward: o/
<rbasak> I'm also of the general opinion that if that's what upstream ship, that's what users expect from us.
<rbasak> Or, at least, that is by definition acceptable for us to ship to users.
<Daviey> rbasak: So a pre-release branch of 1.10 won't even exist.. it would be a case of tracking 1.9.X head?
<rbasak> Though I accept there is a clash with our feature freeze policy.
<rbasak> Daviey: yes, but I would want to follow 1.9.X _releases_ instead, which I think is what teward wants to do.
<Daviey> rbasak: I mean, looking at the small gap here https://github.com/nginx/nginx/commits/branches/stable-1.8 .. going from 1.7.12 -> 1.8 post release would be fine! :)
<rbasak> Daviey: it would, but we have no guarantee of that for 1.9.last -> 2.0 :-(
<rbasak> (but we want to do it anyway)
<rbasak> jcastro: you championed nginx into main when we did it a few years ago. I wonder if you have any thoughts on this? Guessing you're not aware of the discussion so far. Thread at https://lists.ubuntu.com/archives/ubuntu-server/2015-June/007072.html (cross over into July: https://lists.ubuntu.com/archives/ubuntu-server/2015-July/007081.html)
 * rbasak wonders if Sarah Novotny still works for nginx.
<rbasak> Might be worth asking her too?
<Daviey> rbasak: I think it might be worth getting upstreams perspective if possible.
<Daviey> rbasak: If you do this, can you press on reluctance to have feature changes post-release, avoiding config changes and generally surprising the user least :)
<jcastro> rbasak: yeah so I think it'd be nice to get at least semi-official response from them on what they'd like us to ship
<jcastro> I am going to bet that it's 1.9
<Daviey> Yeah, based on stable verisons being a cut from odd branches, this does change my opinion.
<jcastro> does someone want me to ping sarah?
 * teward spawns again
<teward> rbasak: she does, you may want to ask LinuxJedi (Andrew HUtchings) as his role is pretty much being the advocate in this case
<teward> the liason between us and them, AIUI
<teward> he's been more responsive than Sarah has, TBH
<Daviey> teward: LinuxJedi of get-iplayer?
<teward> Daviey: not sure, but LinuxJedi as in the LinuxJedi in this channel now
<teward> Daviey: i don't know his whole background
<teward> i could find out but i'd rather eat my lunch xD
<Daviey> I'm probably confused.
 * teward shrugs
<teward> Daviey: i'm already confused, but that's not atypical of me when i'm multitasking in quantities of tasks more than i usually work with at once xD
<teward> I do know that the LinuxJedi currently in this channel here was present at my request (with Sarah joining in while he was in Moscow) to answer questions I might not be able to from the nginx side of things
<teward> they're also my contact for forwarding questions/concerns up to nginx and getting timely responses to inquiries back
<teward> Sarah's also a valid contact too if you wish to reach out
<teward> jcastro: AIUI from Andrew, they support 1.9.x as well
 * jcastro nods
<teward> or 1.10.x, but with the timeline of releasing being so close to LTS release it wouldn't get in until after FeatureFreeze or possibly even FinalFreeze
<teward> or after release
<jcastro> hey so thinking aloud, could we do whatever snapshot of 1.10.x and then commit to putting final in 16.04.1?
<Daviey> jcastro: Nice idea. Why didn't I think of that? :)
<teward> jcastro: 1.10.x pre-snapshots are 1.9.x
<jcastro> oh ok
<rbasak> jcastro: we can do that, sure. Though wouldn't it be better to do it even earlier?
<jcastro> Daviey: it's the maas-model
<teward> they don't have a 1.10.x tag series until they cut 1.10.x
<jcastro> ok
<teward> which means we'd be following 1.9.x tags/snapshots
<teward> until 1.10.x releases
<teward> and 'snapshots' aren't necessarily guaranteed as 'stable'
<teward> (could have some bugs, etc.)
<rbasak> LinuxJedi: so I think the key part of the difficulty we're having is that Ubuntu expects to have a feature freeze for everything in its release around mid-Feb 2016 (exact date TBA)
<rbasak> LinuxJedi: and there is some dissonance between that and nginx's policy of doing anything to a 1.10 candidate (effectively the last 1.9 releases I guess) until 1.10 is actually out.
<rbasak> LinuxJedi: is there anything you can to do accomodate us on this please?
<teward> note i don't think they're awake atm
<rbasak> ack
<jcastro> rbasak/teward: I'm of the opinion that doing it earlier and getting a non-LTS cycle in will be better for you come next spring
<teward> jcastro: the consideration of this is whatever lands in wily will likely land in lts
<teward> so deciding ahead of LTS to have 1.9.x before LTS release will be the go-ahead to merge
<teward> failing that, i do nothing, and wily gets 1.6.x or w/e is currently in vivid
<teward> !info nginx-core vivid
<teward> oh right bots are evil
<jcastro> I don't think the old one should even be an option
<ubottu> nginx-core (source: nginx): nginx web/proxy server (core version). In component main, is optional. Version 1.6.2-5ubuntu3 (vivid), package size 384 kB, installed size 1075 kB
<teward> jcastro: that's what lands if i do nothing
<jcastro> like that's opposite to what people expect in nginx right?
<jcastro> If we ship the LTS with 1.6.x we're basically telling people "this is useless for you go use a PPA."
<teward> jcastro: for LTS the big thing is "Do we keep it on 1.9.x or do we get an exemption for 1.10.x?"
<teward> i'm OK with nothing happening for wily xD
<rbasak> jcastro: right. So 1.6 is out IMHO.
<teward> ^ that
 * jcastro nods
<teward> at least for LTS
<teward> wily, decision is do we deviate from Debian and put 1.8.x in in the interim
<jcastro> yeah so like do 1.9.x and get an exception to upgrade it to 1.10 for the point release
<teward> or do we pull in 1.9.x, and then what do we do for LTS
<rbasak> jcastro: and I think the same is for 1.8 really. It'll EOL upstream when 1.10 is out, just after our 16.04 release.
<teward> ^ that
<jcastro> well, I love not deviating from Debian also, but if it's dead upstream that's even worse IMO
<teward> heheh
<teward> urgh i have too many emails >.<
<teward> jcastro: you're of the opinion rbasak and I have - 1.9.x for LTS, following Debian, and 1.10.x when it releases assuming a TB exemption
<teward> (almost like a one-off MRE)
<jcastro> yeah
<jcastro> also, I don't see in the thread but what do the security team think?
<teward> jcastro: we didn't loop them in, but I know sarnold gave an opinion early on in the server team thread
<rbasak> IIRC sarnold was in favour of 1.9.x then MRE to 1.10.x too.
<teward> mhm
<teward> but i don't know if that was a security team opinion or his own
<teward> (that's in the ubuntu-server thread from a few weeks ago pre-server team meeting)
<jcastro> I see it now, thanks
<jcastro> ok so it seems like everyone is in violent agreement then
<teward> except with what to do come LTS release
<teward> we've had releases which had the 'mainline' version in it before during the debian syncups, but since there's a delta everything's manually merged
<rbasak> Well we know what we _want_ to do. Just need permission from the release team and/or TB.
<teward> ^ that
<jcastro> right.
<rbasak> I think we've concluded that it needs to be the TB.
<teward> rbasak: and I think Daviey said the TB should be looped in
<teward> rbasak: agreed there, actually I think we even discussed privately and came to the conclusion the TB would likely need looped in
<teward> that is you and I discussed privately
<teward> as LTS approaches, I'm more curious what we're going to do with the Lua issue
<jcastro> yeah, like to me it seems that just a note in the release notes for nginx users outlining that 1.10 will come later would be fine
<jcastro> we've done that before with things
<rbasak> +1 for release note
<teward> rbasak: the second part of this is regardless of nginx version, what do we do with Lua
<teward> is the release team and others still gunning to drop the older lua?
<teward> i think 5.1... it was?
 * teward pulls the code
<rbasak> I'm not too worried about lua TBH
<rbasak> AIUI, 5.2 is quite different from 5.1. Like a major bump with ABI breaks. More like lua 6.
<jcastro> actually, we did this exact thing with Ceph .79->.80 for 14.04
<jcastro> so there's precendent there
<rbasak> We can just follow what upstreams do. If the distro wants to drop 5.1 and upstream nginx doesn't support 5.2, then we have no choice but to drop lua support. Not really our decision.
<rbasak> IIRC the same applies to Apache.
<teward> rbasak: indeed, i'm fine with that, as the PPAs will continue to have Lua support provided 5.1 exists in the repos - failing that there will be outrage
<rbasak> How many people actually _use_ nginx with lua?
<teward> 'cause i know there's quite a few who use the Lua modules
<rbasak> Hmm, OK.
<teward> rbasak: enough for me to know that if Debian dropped it there'd be people screaming and blood flowing
<rbasak> Perhaps their outrage should be directed at the implementation of 5.2 support? :)
<teward> I had some outcry when I temporarily disabled it in the PPAs due to FTBFS problems
<teward> ended up screeing my emails for two weeks
<jcastro> I still think btw, that people who constantly flame you over mail or whatever over the PPA should really not do that.
<teward> i agree with you
<rbasak> Empty vessels and all that. The majority of users probably just get on with things, build their own, etc.
<teward> this is now why i forward all "Hey, the PPA has a problem" emails with an autoresponder saying "File a bug on it on Launchpad at [link]."
<rbasak> Daviey: so are you OK with releasing 16.04 with 1.9 and seeking an exception from the TB for a bump to 1.10 in -updates?
<teward> rbasak: (WRT Lua, it reminds me of Wireshark, in that newer Wireshark minor bumps (1.12 to 1.13 for instance) would break the earlier version and custom-compiled modules.  (There are buisnesses that fit that criterion))
<Daviey> rbasak: Based on learning that 1.10 is cut from 1.9.X mostly.  What is the unknown is how long there will be between the 1.9.X in LTS to the 1.10 version.
<teward> Daviey: matter of weeks, using April 21 (the last cut date nginx had done this with) as a base guideline, within a few weeks either direction of release
<rbasak> Daviey: I believe their schedule is "April 2016", so assuming a regular schedule for us then not more than a couple of weeks at most I think. Though of course like us nobody can commit to that.
<teward> so my guess would be within a week or two after, or a week before, we release
<teward> i can ask for LinuxJedi to poke the devels at nginx to get a more firm date when we get locser to April
<ciscam> there's a cifs share I need to mount on my ubuntu server. I use credentials for an account with full_set permissions (tested working with an android and a windows machine), but get no chmod/chown permissions inside ubuntu, for neither users nor root
<ciscam> the mount options I used are: credentials=*,iocharset=utf8,nounix,file_mode=0777,dir_mode=0777
<ciscam> nounix to get write permission at all and dir/file-mode to grant users on that machine write permissions
<arvislacis> Hello all, I have problem with Ubuntu 14.04 VPS when trying to upgrade or dist-upgrade system - Sub-process /usr/bin/dpkg returned an error code (1)
<teward> arvislacis: what's the entire error say
<teward> that's one section of it, and by far not the whole error
<arvislacis> teward: http://pastebin.com/TwAJ29ya
<teward> rbasak: Daviey: jcastro: are we all in agreement, at least for Wily, to do the merge from Debian?
<jcastro> teward: debian is on 1.9 currently iirc?
<jcastro> sorry I am starting to get mixed up, heh
<teward> jcastro: correct
<teward> jcastro: so for Wily it's just a merge
<teward> which I can do
<teward> provided my sbuild schroots didn't implode again
<jcastro> sounds good to me
<Daviey> teward: Please outline the plan to TB first
<teward> ack
<teward> rbasak is more eloquent with thorough messages to the TB about such things, though, he may want to start, and then make a note my plan will be laid out in the next message or such
<teward> brb.  again.
<lala> Say if I want to use my Ubuntu Server 14.04.2 LTS not only on my local network, but configure it with a subdomain, how would I do so? I already made the IP address static on my local network by using `sudo nano /etc/network/interfaces/`.
<cwillu_at_work> are there any gotchas with setting up a ubuntu samba ad dc?
<jpds> lala: Have you given your server a public IP or are you NAT'ing?
<cwillu_at_work> I'm unable to join another ubuntu machine as a member server; net ads join fails with a kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials;;  Failed to join domain: failed to connect to AD: Invalid credentials error
<lala> jpds: My server doesn't have a public IP yet.
<lala> I've made my server's local IP static.
<lala> Not sure how to configure a public IP.
<jpds> lala: OK, so you've set up NAT on your router?
<lala> jpds: Not sure.
<lala> Not sure what that is.
<jpds> lala: OK, so outside of your private network, noone can get to that machine because it sits behind a router that's on the internet.
<lala> jpds: Yes.
<jpds> lala: So you'll have to configure that router so that it "port forwards" ports on the public IP to a port on your server.
<jpds> lala: I suggest you look up your router documentation.
<sarnold> http://portforward.com/english/routers/port_forwarding/
<sarnold> wow, they've really scammed-up the website since the last time I looked at it
<lala> sarnold: Because of the scam adware links?
<sarnold> lala: the full-screen "download our software" interstitials, etc..
<lala> jpds: My router shows that it has NAT enabled.
<jpds> lala: No idea what you're seeing, but there should be like a port-forward section.
<lala> Found the settings!
<lala> Let me see.
<lala> https://usercontent.irccloud-cdn.com/file/3622q4Gi/Screen%20Shot%202015-07-06%20at%202.20.19%20PM.png
<jpds> lala: You probably want the single one.
<lala> jpds: Okay. Which port should I use?
<jpds> lala: Well, you map a port on the router to a port on your server.
<lala> jpds: A single port?
<lala> Okay.
<jpds> lala: If you're trying to forward a website, you usually forward something to port 80 on your static IP.
<lala> So which port should it be?
<jpds> lala: Just pick one to test, 8080?
<lala> What if I also want to ssh. And also ftp (in case?) or others.
<lala> Is 8080 used by anything else?
<jpds> lala: Shouldn't be by default.
<jpds> lala: You can add rules for them later?
<lala> jpds: I'm not sure why that was a question.
<lala> Not sure what you're asking.
<jpds> later? â later.
<teward> if i have an issue with a server being unable to be registered in a self-hosted personal landscape instance, is that something you all can help me with or am I screwed
<sarnold> lala: please don't use ftp, it's a terrible protocol with horrible implementations.
<lala> I've messed up my internet by accident and fixed it again! Yay!
<lala> Messed up the /etc/network/interfaces file.
<lala> And then used `/etc/init.d/networking restart` and it was fixed!
<lala> Well it was fixed after I fixed the `/etc/network/interfaces` file.
<brett__> An upgrade from 12.04 to 14.04 appears to have broken the ability for users to change their password in Samba. I've searched eveyrwhere I can think of - any hints?
<lala> The `iface eth0 inet6 static` part messed it up.
<brett__> It appears to be an issue in PAM " smb_pam_passchange: PAM: Password Change Failed for user XXX"
<lala> Never mind. I messed it up again.
<lala> Okay. I think I've messed up my network configuration.
<lala> Now everything is unresponsive.
<ash_m> when I'm setting up a user account for the first time; it says it's for non-administrative activities.... it suggests my full name, but honestly, I don't think I'll be logging in as anything but admin anyway.
<ash_m> erm
<ash_m> then I looked at this post: Specifically, the first user you create (when you install) and all users in the 'sudo' group are considered 'administrators' and have the ability to use 'sudo' for administrative tasks. So if you want to have a non-administrative user, make a new user account and don't put it in the 'sudo' group, then that user won't be able to make any system-wide changes.
<ash_m> but it specifically says: "A user account will be created for you to use instead of the root account for non-administrative activities.
<sarnold> ash_m: by default, the root account isn't used for interactive users on ubuntu
<sarnold> ash_m: feel free to configure it that way if you wish
<ash_m> sarnold: I am happy to sudo everything if that's what you're saying...
<ash_m> sarnold: but I am confused as to what this account is because of the contradicting message and post
<ash_m> sarnold: also, "admin" is not allowed.
<sarnold> ash_m: once the account is created, log in to it, and run 'id' or 'groups' to see if it is in the 'sudo' group; if it is, then it's an administrative account
<sarnold> I'm surprised about 'admin' being forbidden; I don't see that account on my system, which is the only reason I can think of for i to be forbidden..
<ash_m> sarnold: I've reinstalled a couple times before and last time I was able to run sudo apt-get upgrade with no problems; does that make it seem like it's attributed to the sudoer's group?
<ash_m> sarnold: yeah, I didn't see it either
<ash_m> sarnold: but the message says: "Reserved username\n The username you entered (admin) is reserved for use by the system. Please select a different one."
<sarnold> interesting, I've not seen that before.
<ash_m> sarnold: I'm running 14.04 LTS if that makes a difference
<ash_m> anyway, I'm sure you probably named your account sarnold ... right?
<sarnold> ash_m: exactly :)
<ash_m> mkay.
<ash_m> out of curiousity, do you have your home directory encrypted?
<ash_m> sarnold: ^
<sarnold> ash_m: no
<ash_m> thanks :P
<ash_m> what LVM?
<patdk-wk> I normally never use lvm, unless  Ihave an explicit use for it on that system
<patdk-wk> but others, love lvm
<ash_m> hmm... I'll skip it, but I'll look into it later I guess.
<ash_m> erm... I don't remember setting a root password in the setup
<patdk-wk> why would you?
<patdk-wk> what does one need a root password for?
<ash_m> :: shrug :: I'm following a tut
<sarnold> brute-force login attempts :)
<patdk-wk> heh, tutorials are full of fail
<teward> that includes ones on help.ubuntu.com too :P
<patdk-wk> even if they are 100% accurate, they fail, cause they assume you have some level of understanding, that is never meet
<teward> (there's a few that should be revised :P)
<patdk-wk> yes
<teward> sarnold: mind if I pick your brain with a question?
<sarnold> teward: sure
<teward> see PM
<ash_m> By default root does not have a password and the root account is locked until you give it a password.
<ash_m> apparently
<patdk-wk> not locked, but unable to directly login, without sudo
<brett__> What is the correct way to force a Windows user to change their password at the next login in Samba in 14.04?
<crucidal_> Hi, I disabled a virtual host with a2dissite and reloaded my apache service afterwards. even after clearing my cache the virtual host is still accesible. Does anyone know how to solve this?
<ash_m> I'm confused... do I _not_ need to see my username in sudoers or sudoers.d in order to be part of the sudoers group?
<crucidal_> afaik sudoers is enough ash_m
<ash_m> :q1
<ash_m> oops
<sarnold> ash_m: this bit here normally suffices:
<sarnold> # Allow members of group sudo to execute any command
<sarnold> %sudo   ALL=(ALL:ALL) ALL
<ash_m> sarnold: I see
<ash_m> and only someone in that group can make another user part of that group
<ash_m> right?
<crucidal_> ok Dont mind my question: I used a copy of my old virtualhost to create a wildcard.conf... and in there I was still referring to the old html
<ash_m> is there a ctrl+v equivalent in vbox?
<bekks> host+v
<bekks> maybe.
<bekks> Whats the actual issue behind your question?
<ash_m> bekks: that didn't work
<teward> ash_m: what's the actual issue behind your question
<ash_m> I want to paste from my windows computer to the vbox
<teward> install VBox Guest Additions
<teward> and does server even have a clipboard?
<teward> bekks: ^
<ash_m> :: shrug ::
<ash_m> under Devices it says "shared clipboard"
<bekks> Enable clipboard sharing for your VM.
<ash_m> but I don't know how to access the clipboard
<teward> ash_m: but also install the guest additions (i don't think they're default installed?)
<bekks> Where exactly inside the guest do you want to copy things into?
<ash_m> bekks: vim... I'm editing the interfaces file
<bekks> In a console?
<ash_m> bekks: well, it's a vbox
<teward> better question, why do you need to *paste* anything in there
<bekks> Thats not the answer.
<teward> why not type it out
<ash_m> teward: paste is a useful function to know regardless
<bekks> clipboard sharing technically doesnt work without a graphical environment inside the guest.
<teward> ash_m: if you're running server as a guest clipboard sharing isn't guaranteed
<teward> it usually has/needs a graphical component
<teward> ash_m: and again you haven't answered MY question - why do you need to paste into there
<teward> why not type it out
<ash_m> teward: it would seem that's my only option.
<ash_m> teward: but to answer your question, it's simply faster
<teward> no, it's not
<teward> :P
<teward> trust me, i work in VMs all the time, it's not faster to paste something from the host - especially if you end up typing it out once already
 * teward points to the three server VMs on this system right now :P
 * ash_m trusts teward 
<sarnold> ash_m: it's usually easier to just ssh to your vms
<sarnold> ash_m: then you could use e.g. putty's paste feature
<teward> ash_m: agreed with sarnold - set up openssh on your VMs, set up NAT rules, etc. if it's on the VBox NAT network device (or, add a host-only one, etc.), then use PuTTY or such
<teward> it saves a lot of headache
#ubuntu-server 2015-07-07
<teward> Daviey: ping
<teward> if you're not busy :)
<ztane_> should we downgrade our openssl ... :P
<njmbb8> hey guys, if i want to run a server and be able to run a gui, what is my best option?
<hellyeah> dunno about topics this could be helpful http://askubuntu.com/questions/53822/how-do-you-run-ubuntu-server-with-a-gui
<lordievader> Good morning.
<skylite> how can I check if an hdd is part of an lvm?
<lordievader> skylite: Run 'pvs'.
<skylite> thx
<jamespage> mfisch, hey - I am working a 2.3.2 update for ovs - but blocked on some unit test failures atm
<matadores> help ubuntu server 14.04 lts?
<bekks> matadores: Ask a question :)
<matadores> you have tutorial  install antiddos ?
<matadores> and protectio my vps ?
<bekks> matadores: Is that a specific software or do you have an actual question? :)
<matadores> i am search tutorial protection and install anti-ddos
<matadores> help mi pray
<patdk-lap> it is impossible to protect against a ddos, unless you unplug your network cables
<lordievader> Isn't that giving them, the attackers, an instant win?
<patdk-lap> basically, the one with the bigger guns wins, and the point of a ddos is, they can always scale to have the largest
<patdk-lap> well, if you get lucky, you can do something, like traffic profiling to block them
<patdk-lap> but then, that is just lazyness on their part :)
<patdk-lap> the only way to protect against it, is to blacklist as many incoming ip's as possible as fast as possible, and pray you aren't blocking ligit customers
<patdk-lap> and the blocks must be at a level that has enough bandwidth to handle it
<patdk-lap> so the ones with the most bandwidth wins
<patdk-lap> and the latest ones for the last few years, it doesn't really matter how much bandwidth you have, it's not enough
<patdk-lap> terrabits of bandwidth needed
<matadores> ok
<matadores> The attack always comes from one person or a maximum of 3 people
<lordievader> Block those ;)
<matadores> tutorial?
<matadores> I am just starting out with a vps ubuntu 14.0.4 lts
<matadores> sorry for my english but use google translator
<lordievader> matadores: https://help.ubuntu.com/community/IptablesHowTo
<matadores> how to use this command the vps throws me out and I have to reinstall
<matadores> sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
<Tzunamii> matadores: Just add a timer to a shellscript that flushes all the Iptables rules after, let's say, 5 mins
<Tzunamii> no need to reinstall
<lordievader> Or first allow ssh, or whatever you use to connect.
<matadores> i I tried to use the commands through ovh but the result that the controls were not working more than in the tutorial
<Tzunamii> In short, have a shellscript set a cron-job that will flush all the rules. After that functionality just add the Iptables rules you want to test.
<Tzunamii> lordievader: that's how you do it the proper way
<Tzunamii> aka, dev mode
<teward> 'dev mode' - you know that what lordievader is saying is the proper way to do things?
<Tzunamii> sigh
<teward> allow connections to only the ports you need opened, IP-restrict them as well if you want them more locked down, etc.?
<Tzunamii> Unless you know what you're doing you can still screw up any pre-allowed service/port with subsequent rules. Hence the dev mode
<teward> Tzunamii: FWIW they should be doing it 'right' rather than flushing all their iptables rules every 5 minutes (as they won't come back)
<Tzunamii> You're wrong, mate
<lordievader> If anything, flush and then reload a save. Not just flush. That is rather bad for an internet facing server.
<teward> ^ that
<Tzunamii> The Iptables rules you want to test is (read: should be) in a script already, hence they won't "go away"
<lordievader> But if you know what you are doing you don't need that 'dev-mode'.
<matadores> I want you to lock the user running the attack although it uses an IP not true
<Tzunamii> lordievader: Even the best CSO can frack things up royally
<matadores> the user running the attack also prides itself on using python
<teward> rbasak: ping, btw, if you're not busy :)
<lordievader> matadores: You know your attackers?
<matadores> si
<matadores> yes
<lordievader> matadores: Heh. Still, if it is just a handfull of IPs, just drop their traffic right away.
<matadores> you can give me as you do?
<lordievader> matadores: Read the tutorial I gave you.
<matadores> excuse my asking, but I do not know still use the commands and so I try to use the guide
<Tzunamii> In addition to lordievader's recommendation (HOWTO) I can recommend this tutorial as well https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
<matadores> I have to run all the tutorial or a specific part?
<teward> matadores: you should *read* the tutorial then run the relevant parts
<matadores> ok
<teward> and while we *could* write up a ruleset for you, we don't actually know what servicse you want exposed to the internet, etc.
<teward> so we'd be *guessing* at what you need
<teward> and you wouldn't learn anything
<lordievader> ^ that, we want you to learn how to configure a firewall
<Daviey> a/win	goto #b	
<matadores> I have to use only port 80 and 10090 in my site but I can also change the port 10090
<matadores> how to use the control panel sentora
<bekks> matadores: this is the starting point: http://docs.sentora.org/?node=23
<matadores> hanks
<matadores> thanks*
<coreycb> jamespage, zul, hey, can you review this?  https://code.launchpad.net/~corey.bryant/ubuntu/wily/python-fixtures/1.3.1
<jamespage> coreycb, some feedback - pbr 1.2.0 means you don't need the patch for test-requirements
<jamespage> coreycb, does it build and unit test ok?
<coreycb> jamespage, yes, build and unit test are ok.  I see pbr 1.2.0 is in proposed so I probably wasn't picking it up in the build.
<jamespage> coreycb, pbuilder?
<coreycb> jamespage, sbuild
<jamespage> hmm - sbuild should use proposed by default I think
<jamespage> coreycb, I only merged that this morning btw
<coreycb> jamespage, ok lemme try again
<coreycb> without patch
<jamespage> coreycb, no worries - I'll drop that as I merge and upload
<coreycb> jamespage, cool thanks
<Teduardo> Howdy everyone. Has anyone had any funky problems with sendmail in ubuntu 14 since the logjam thing?
<Teduardo> i'm getting crazy tls issues
<jamespage> coreycb, I'm also going to version pbr >= 1.2.0 as that's the release that supports that python version foo
<coreycb> jamespage, yep good idea
<jamespage> coreycb, that should unblock heat aside from the MIR's right?
<coreycb> jamespage, I think so
<jamespage> coreycb, marked merged and uploaded - thanks!
<Teduardo> does anyone use ubuntu 14 and sendmail?
<bekks> People do - but whats your actual question?
<Teduardo> i'm trying to figure out why i'm getting this when trying to send email. 28496:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3339 i actually found the error in google and created a new 2048 bit dh key
<Teduardo> is there a command that will regenerate the tls keys/certs for sendmail on ubuntu?
<teward> Daviey: rbasak: ping, again xD
<teward> Daviey: rbasak: No rush, but just an FYI: If the Security team needs to weigh in on the nginx issue, I talked to sarnold and he said that effectively his opinion in the ubuntu-server list could be considered the Security Team's view on the nginx issue.  You can reach out to him to confirm this, if you wish.
<Daviey> teward: thans
<Daviey> +k
<rbasak> teward: sorry, pretty busy ATM. The TB email is on my list.
<teward> rbasak: no rush, just wanted to add the note above
<rbasak> teward: ack, thanks.
<teward> i'm still writing out my plan-of-action either way
<teward> got sidetracked with some Apache hell yesterday
<Teduardo> do we think there will ever be a release of apache 2.4.10 or 11 for 14.04 lts? there is an annoying PCI DSS thing flagging with the LUA bug
<Teduardo> even though we arent using LUA the scanners are very stupid
<patdk-wk> it will never happen
<patdk-wk> not even sure why it would need to happen
<patdk-wk> this is normal pci dss scanner stuff you should solve
<patdk-wk> even if it was upgraded to 2.4.11 to solve that issue, next month you will be in here saying, my pci dss scanner says I have an issue and need to upgrade to 2.4.13, when will that be released?
<patdk-wk> !usn
<ubottu> Please see http://www.ubuntu.com/usn for information about Ubuntu security updates.
<Teduardo> I'm sorry I asked.
<Pici> /70/70
<mdeslaur> Teduardo: like most Linux distros, we backport security patches, we don't update to new versions. See our FAQ here: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions
<mdeslaur> Teduardo: do you know which CVE they are referring to? Is it CVE-2014-8109?
<mdeslaur> Teduardo: apache in 14.04 doesn't even compile mod_lua
<mdeslaur> Teduardo: see here: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8109.html
<Daviey> jcastro: Can you moderate ubuntu-cloud pls?
<Daviey> jcastro: A user trying to report an issue with aws mirrors.
<jcastro> uhh, I don't know how to do that?
<jcastro> you mean the mailing list?
<jcastro> I thought it got subsumed by the server list?
<Daviey> jcastro: Well there is still low volume traffic there..
<Daviey> jcastro: mailman thinks you are the admin for the list... :/
<Daviey> smoser, utlemming: Do you admin ubuntu-cloud list?
<lucidguy> Ubuntu server with two nics on same network different ips... configured dns round robin for host.  Obiously all  inboud packets will be balanced, but will the packet exit out the nic it came in?  Or will it goto a default first  NIC?
<smoser> utlemming can probably dig it up
<jcastro> Daviey: yeah sorry that's not me, we should fix it though, heh.
<Daviey> jcastro: no worries, thanks :)
<bekks> lucidguy: According to the TCP RFC, it chooses an interface randomly, if both have the same routing weights.
<jamespage> coreycb, urgh - just spotted this - https://launchpadlibrarian.net/210631929/buildlog_ubuntu-wily-amd64.ceilometer_1%3A5.0.0~b1-0ubuntu1_BUILDING.txt.gz
<coreycb> jamespage, hmm I'll look in a bit
<jamespage> coreycb, the sphinxcontrib stuff can be trimmed
<rbasak> matsubara: are still OK to chair the meeting today please?
<matsubara> rbasak, yes
<rbasak> Thanks!
<jamespage> coreycb, heat uploaded - I trimmed the sql related bd's out - not required for now
<jamespage> but we do need to switch python-mysqldb <-> python-pymsql this cycle
<coreycb> jamespage, ok, thanks
<jamespage> coreycb, it won't build until the MIR for the clients completes and an archive-admin does the promotions
<jamespage> coreycb, urgh - I still have horizon on my list
<teward> it's official - i'm developing a hatred for VPS providers' default Ubuntu images
<teward> we don't have Apache installed by default with a standard server install do we?
<teward> (i.e. if they skip tasksel and such)
<smoser> teward, no. ubuntu server install would not have that. either in cloud-image or default from d-i media.
<teward> then that's where all these nginx bugs're coming from
<jrwren> this is why CPC is awesome.
<teward> smoser: also d-i media?  (I'm not 100% fluent in all shortened names/acronyms yet)
<smoser> debian-installer
<teward> ah ok
<smoser> ie, download of server iso
<teward> smoser: was there a reason that Apache is included by default on cloud and d-i media?
<jrwren> teward: its not.
<teward> then i'm confused
<teward> because people are apparently installing nginx on new things and getting Apache conflicts
<teward> because port 80 can't be bound to, so postinst fails
<teward> and this is brand new with something in 15.04
<teward> 'cause no others have that problem
<jrwren> yes, that is true, you can apt-get install apache2 nginx and both packages will install and boht default to port 80 and conflict.
<smoser> it wouldnt surprise me if a provider of a vps made an install that had apache installed.
<teward> I know some VPS providers roll it out and are a pita
<jrwren> one would have to install both packages.
<teward> smoser: i know that RamNode does that and I've already thrown a wrench at them
<teward> jrwren: or have Apache preinstalled - which AFAICT appears to be the case
<teward> based on these apt logs i keep looking at
<teward> (in the bugs)
<teward> the trouble is, there's no usable debug info in the 'fail to install' reports, because the systemd logs and other logs aren't included with the bugs
<jrwren> teward: maybe for their tasksel. its certainly not preinstalled on cloud-image or -server install
<teward> so it ends up with 10 or 15 Incomplete bugs because we need more info
<smoser> well, ideally you put apport hooks into nginx
<smoser> and then tell people to run 'apport-collect' or 'ubuntu-bug'
<teward> smoser: i have yet to find detailed documentation for that or a useful resource
<smoser> and it collects installed packages and such.
<teward> smoser: it already does that stuff, i need a new hook to grab data from other commands
<teward> where's one of thsoe bugs...
<teward> we also need translators 'cause i can't read anything but english >.<
<smoser> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1462530
<smoser> that was filed via 'ubuntu-bug linux'.
<teward> smoser: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1447294  <-- example of a post-installation failure bug
<smoser> it collects up all thatCRDA, CurrentDmesg...
<jrwren> IMO we should encourage VPS providers to use cloud-image and join CPC
<teward> what it needs to pull is the `journalctl -xe` output, and/or the `systemctl status nginx.service` data
<teward> smoser: and I can't find how to force such apport hooks
<smoser> oh. i see.
<teward> smoser: several of these're nonstandard configurations or a likely Apache conflict
<smoser> i dont really know how you'd get that.
<teward> smoser: nor do I, hence my question about Apache
<teward> most of these're caused by something listening on port 80
<smoser> i'm sure pitti would know.
<teward> otherwise it'd be a bigger fireball in the dpkg logs and such
<teward> 'cause this kind of stuff ain't useful:
<teward> Apr 22 14:24:32 hostname systemd[1]: Failed to start A high performance web server and a reverse proxy server.
<teward> Apr 22 14:24:32 hostname systemd[1]: nginx.service failed.
<teward> ^ E: Not Useful
<smoser> yeah, that' seem like you could get better info.
<teward> smoser: and alas: that's all systemd gives you
<teward> it actually says "Please check [other commands]"
<teward> so i'm about ready to take systemd and throw it into /dev/null
<jrwren> i miss /var/log/upstart/ logs of stdout and stderr
<teward> https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1471713 <-- THIS is a clear "Won't Fix" or "Invalid"
<teward> and a clear evidence of the issue of apache conflicting
<teward> smoser: short of me modifying the postinst script to (a) check if the Apache service exists, and if it does stop Apache, or (b) check if port 80 is open or not, that's not a fixable bug
<teward> and can have unintended other hell if you just need to install nginx to run it on a different port (i.e. could take down a production web server)
<jrwren> or nginx conflicts apache2 deb, which would be terrible.
<teward> jrwren: indeed, and that's an unacceptable option
<teward> one i refuse to touch
<teward> s/touch/use/
<jrwren> i use nginx on 81 and apache on 80 and much crazy proxying  :)
<teward> so either we need apport hooks to call in the data from those other commands that it's saying to include, or I have to flesch out the postinst scripts and cause undesired behavior with Apache being installed on the system
<teward> jrwren: i use nginx on multiple ports, and also Apache on others, so as I said, it'd cause potentially undesired behavior.
<teward> but the postinst script *could* check if port 80 is bound to, and if it is, just not start nginx
<teward> and make a note saying "Check what's listening on port 80, or have nginx listen on a different port, before starting the service/"
<jrwren> do we have any other cases of services in main which don't deb conflict and use the same ports by default? I'd guess no.
<teward> jrwren: in main?  probably not.
<jrwren> right, I think that is a great solution.
<teward> but lighttpd comes to mind if we expand to Universe
<teward> jrwren: i'd be lucky to be able to get that in as an SRU though, but it could be an SRU to prevent fail-to-install-due-to-port-80 binds and such
<jrwren> exim, postfix, sendmail, likely all conflict with each other.  various identds various ntpds
<teward> mhm
<teward> what tools exist in a default plain install to test if ports are bound to?
<teward> netstat?  (yes I know it's old)
<jrwren> lsof maybe?
<smoser> python ? perl ?
<smoser> twethe issue though, is that:
<smoser>  'apt-get install service'
<smoser> on ubuntu should result in that service running
<smoser> and if it doesnt, then that is arguably a bug.
<smoser> ie, fixing your behavior to "do not fail install if i can't bind to port 80" is arguably creating a bug.
<smoser> teward, ^
<teward> smoser: agreed, and neither of my options are desirable
<teward> smoser: ultimately, though, the bug report would have more details
<smoser> right. and a useful ereror message to the user.
<teward> so we can "Invalid" half the bugs and provide "Find the conflicting port binding program"
<teward> as a workaround
<jrwren> teward: /proc/*/net/tcp and translate the hex port :)
<teward> PART of that is apport hooks
<teward> unrelated: does the cloud team or otherwise provide openvz images or no?
<teward> smoser: i assume pitti's the go-to for apport hooks?
<teward> jrwren: LOL
<jrwren> teward: hey, it works well. cat /proc/*/net/tcp | grep :0050
<smoser> teward, yeah, i'd start there.
<teward> smoser: if apport hooks won't work, then something in the postinst script to check if port 80 is bound anywhere, and exit with an actually meaningful error to stdout and such might be more useful than just 'passing' over the error
<smoser> jrwren, http://www.smallo.ruhr.de/award.html
<teward> and i'd rather NOT have to have an apache2 conflicts, because then people using both simultaneously get mad
<smoser> just because :)
<smoser> well, you may have thought of this, but one solution might be to give someone a package that does not (by design) start the service.
<smoser> so:
<smoser>  apt-get install nginx
<smoser> starts the service or fails as espected
<smoser>  apt-get install nginx-manual
<smoser> does not
<smoser> i
<teward> smoser: we'd have to replicate 4 binaries then
<smoser> yeah, i'm sure you've thought of a lot of this stuff.
<teward> nginx-core-manual nginx-light-manual nginx-extras-manual nginx-full-manual
<teward> and that makes a HUGE delta from Debian
<teward> which we're actually trying to reduce xD
<smoser> why are these not debian bugs ?
<teward> smoser: because people use sane Debian images?
<jrwren> smoser: yes, I know :)  thanks for calling me out on it
<teward> smoser: i can't answer why they aren't but still
<smoser> well, its still a bug that you get crap failure out of out of 'apt-get install'
<teward> smoser: right, in either case
<teward> and i could create a replica situation by installing APache in Debian and see if I can reproduce the problem
<teward> (there, though, there's no apport hooks, so a bug report would contain 0 useful infromaiton compared to mildly useful info)
<teward> i know the problem - `ubuntu-bug` is too user friendly.  loljk
<ash_m> if my default ssh config doesn't have a AllowTcpForwarding line, should I still write one to set it to no?
<teward> smoser: the other issue with a -manual package would be that it too needs a main promotion - which of course is a separate review
<smoser> binary main promotions are not really a problem
<smoser> ie, from same source.
<teward> mmm
<Kully3xf> how can I pass in text into a script
<Kully3xf> like if the script asks "how many servers" when ran, how can I include that information in the command
<brett__> Anyone using Trusty as a Samba PDC to set temporary password for new users which they must change at their first login?
<lamont> no password stuff here, it's just a fileshare
<tarpman> brett__: i'm running a samba classic PDC (not AD) with openldap as backend, not sure whether that's relevant for you
<coreycb> jamespage, I must need an sbuild config change b/c currently it doesn't fail the build if a dep is in universe.
<brett__> tarpman: I really appreciate the response! We're presently using tdbsam as a backend, but I'd love to know what mechanism you are using to force users to change their passwords. I'm an LDAP idiot and don't know if there are tools baked in for this or if you use PAM or something else...?
<tarpman> brett__: I force a password change by setting "sambaPwdLastSet: 0" in the LDAP database. you could probably do a similar thing against tdbsam using pdbedit...
<brett__> tarpman: Huh.We used to use "net sam set pwdmustchangenow <USER> yes" and I've seen references to  "sambaPwdLastSet" but wasn't sure it would work with Samba4. I'll give it a try! Thank you mucho!
<lucidguy> bekks: thanks
<tarpman> brett__: sambaPwdLastSet is specific to the samba3-openldap schema, I have no idea what the equivalent is in a samba4 world, sorry
<brett__> tarpman: No problem, like I said I'm grateful for the hint anyway. In #samba I was directed to samba-tools but that appears to be very AS focused. Anyway, thanks again for the suggestion!
<sarnold> Kully3xf: most scripts that accept input do so on standard input, so you cna do something like "echo 10 | ./script" and it'll supply the 10 to standard input
<Kully3xf> cool thanks
<coreycb> jamespage, testing is done and complete on precise icehouse proposed for 2014.1.5
<ash_m> if my default ssh config doesn't have a AllowTcpForwarding line, should I still write one to set it to no?
<Tzunamii> yes, the default is 'yes'
<Seveas> ash_m: the default is on.
<Seveas> so no need to set it
<Seveas> ah, I misread 'no?' as 'on?'. Yes, you need to write an AllowTcpForwarding line to disable it :)
<Tzunamii> >.<
<Tzunamii> Already answered that
<jamespage> coreycb, awesome-o
<ash_m> Seveas: thanks :)
<coreycb> jamespage, new proposal for ceilometer - https://code.launchpad.net/~corey.bryant/ubuntu/+source/ceilometer/+git/ceilometer/+ref/master
<ash_m> I'm not sure how this works. eth0, eth1... are interfaces right?
<ash_m> is there a command to show which adpater each interface uses?
<cryptodan_laptop> ash_m: yes "sudo ifconfig"
<ash_m> cryptodan_laptop: I see... I can't ssh to my vbox for some reason :(
<ash_m> cryptodan_laptop: (thanks)
<cryptodan_laptop> ash_m: is your vbox using bridged or nat?
<ash_m> NAT
<teward> ash_m: you need to set up the NAT rules to allow 22 in over the NAT to the specific VM
<cryptodan_laptop> ash_m: use bridge so it can get an IP from the router or dhcp pool
<teward> cryptodan_laptop: alternatively they can change the NAT
<teward> nat rules*
<ash_m> teward: I set up a host only adapter and configured the network config file on the server
<ash_m> teward: I can ping that adapter at least.
<teward> ash_m: i meant at VBox
<teward> not on the 'server'
<cryptodan_laptop> Id recommend switching to bridged its much easier
<ash_m> teward: yeah, I have a host-only adapter on vbox
<teward> ash_m: is the host-only adapter on the host added to the server?
<teward> and did you update the IPs there?
<teward> and did you install openssh-server?
<ash_m> teward: I've installed openssh-server and I've configured /etc/network/interfaces
<jamespage> coreycb, problem with ceilometer
<jamespage> "ceilometer.tests.publisher.test_kafka_broker_publisher" errors with an import error; but testr just ignores those
<jamespage> the kafka patch might need some updating
<coreycb> jamespage, hmm ok I'll look.  not sure why it worked for me.
<jamespage> coreycb, it builds fine - just skips the unit tests
<jamespage> Ran 0 tests in 2.546s
<jamespage> \o/
<coreycb> jamespage, oh shoot
<coreycb> jamespage, technically that's 100% success
<jamespage> ha
<ash_m> teward: any ideas on what to troubleshoot :(
<ash_m> ?*
<erkburgles> enough messing around, straightforward question possibly no answer-how in the hell do i free my photos from the maximum security osx prison and import them to ubuntu
<erkburgles> particularly speaking of IPHOTO
<axisys> to upgrade from 10.04.04 LTS do I just run do-release-upgrade ?
<bekks> !eolupgrade | axisys
<ubottu> axisys: End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
<sarnold> axisys: yes, note this bug might bite you once you're up and running https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1472378
<axisys> sarnold: I dont have any web server running
<axisys> sarnold: thanks for the link tho
<axisys> I guess I will need two upgrade to get the latest LTS?
<axisys> this is ubuntu server
<axisys> I guess reboot (before start, just in case); apt-get update; apt-get dist-upgrade; reboot; do-release-upgrade?
<sarnold> axisys: yeah, you're two releases behind; your plan for updating to trusty makes sense to me
<sarnold> axisys: the ca-certificates issue will actually affect ssl/tls connections that your server initiates; I don't think it'll matter to a web server...
<axisys> sarnold: I am mostly using ssh ..
<axisys> this is a jumpstation I am upgrading
<sarnold> nice, then it's unlikely to matter much :)
<sarnold> besides, the precise->trusty upgrade may fix it all up anyhow
<axisys> will kick it in 10 mins
<sarnold> do you have console access to the system? updates ought to work but it's always nice to make sure you've got a backup mechanism to log in
<axisys> so reboot -> apt-get update ; apt-get dist-upgrade; reboot -> apt-get install update-manager-core; do-release-upgrade  ?
<axisys> sarnold: ^
<axisys> and update-manager I guess
<sarnold> axisys: sounds good to me
<axisys> do I need to upgrade the sources.list file too? that seems odd
<sarnold> do-release-upgrade ought to handle that
<axisys> cool.. kicking it in 3 mins
#ubuntu-server 2015-07-08
<axisys> so far these will be removed
<axisys> http://dpaste.com/3AMFME6
<axisys> wow jump from kernel 2.6 to 3.2
<sarnold> the next jump feels even bigger, to 3.13... :)
<axisys> wow!
<axisys> so put grub on /dev/sda and /dev/sdb.. do I need to put in /dev/md0 (raid1) as well?
<axisys> I did not think so.. but just making sure
<axisys> hmmm..
<axisys> after reboot
<axisys> Waiting for network configuration...
<axisys> Waiting up to 60 more seconds for network configuration...
<axisys> its a server with static IP
<axisys> I am on console
<sarnold> odd, I can't recall seeing that before
<axisys> Booting system without full network configuration...
<axisys> pre-up /usr/sbin/ethtool .. they moved it to /sbin/ethtool
<sarnold> heh lets hope that was fixed in an SRU ..
<axisys> all looks good
<axisys> thanks to you and bekks for help
<sarnold> done? woo :)
<axisys> yep
<axisys> took more than an hour
<sarnold> cool :)
<sarnold> I'm surprised about that
<axisys> I will find out tomorrow morning from user complains if anything broke.. heh
<sarnold> but at least you got to pick the hour of your choosing :)
<sarnold> hehe
<axisys> yep. we have 6 jumpstations.. so it was easy to take it down
<R0ckET> hi
<ash_m> okay, so I switched my vbox over to a bridged connection so I could ssh, but now apt-get can't connect to the internet
<ash_m> any ideas?
<ash_m> I don't think /etc/init.d/networking restart is doing anything
<ash_m> if I do /etc/init.d/networking stop; how do I make sure that it's actually stopped?
<ash_m> oh yeah, when I run service networking stop, it says: "stop: Job failed while stopping"
<ash_m> okay, so apparently service networking restart isn't _supposed_ to work anymore
<ash_m> I think the main recommendation is ifup/down
<ash_m> but sudo ifdown eth1 says: ifdown: interface eth1 not configured
<ash_m> and sudo ifup eth1 says: ifup: RTNETLINK answers: File exists
<ash_m> doing some research on that, I came across the command netstat -rn
<ash_m> this prints a table that lists eth1 with ..........
<ash_m> wait, nvm; that doesn't really provide useful information
<ash_m> (I am just realizing that)
<ash_m> but the problem is still there
<ash_m> the peeps over in ##networking helped me narrow it down to what I believe is a problem with tcp
<ash_m> there is nothing listening on port 80
<ash_m> google isn't really helping me out much here
<lordievader> Good morning.
<lordievader> ash_m: Can you still ping your gateway?
<ash_m> lordievader: I think so... lemme check
<ash_m> lordievader: being that it's a bridged connection, I assume the gateway for the vm is the same as my computer?
<ash_m> lordievader: in any case, that is true
<lordievader> Usually yes.
<lordievader> You can ping it?
<ash_m> yeah
<lordievader> Okay, can you ping 8.8.8.8?
<ash_m> yes
<lordievader> Does your dns work?
<ash_m> how do you check?
<lordievader> ash_m: dig www.google.com
<ash_m> lordievader: https://bpaste.net/show/3e2fc5e9dc04
<ash_m> lordievader: does that mean it's working? :}
<lordievader> Yes, DNS works. Does apt-get update still not work?
<ash_m> lordievader: apt-get update just hangs forever
<ash_m> 0% [Connecting to us.archive.ubuntu.com (2001:67c:1562::16)] [Connecting to sec
<lordievader> Does ipv4 work?
<ogra_> did you try the main mirror instead of us.*
<ash_m> lordievader: how would I check that?
<lordievader> Disable ipv6 ;)
<lordievader> sudo echo 1|tee /proc/sys/net/ipv6/conf/all/disable_ipv6
<ash_m> lol
<ash_m> I just jumped through a bit longer tut for disabling
<lordievader> echo 1|sudo tee /proc/sys/net/ipv6/conf/all/disable_ipv6
<ash_m> in any case; should i try pinging now?
<lordievader> ash_m: No, apt-get.
<ash_m> WORKING!
<ash_m> amazing
<ash_m> soooo.... why did this work on NAT and not Bridged?
<ash_m> NAT converts ipv6 to ipv4?
<lordievader> Under NAT it probably never got an ipv6 address.
<ash_m> I see.
<lordievader> Anyhow your ipv6 network bridge is broken.
<ash_m> lordievader: well, that's good to know
<ash_m> lordievader: thanks so much
<lordievader> No problem.
<ash_m> lordievader: I don't want to pester you more, so I'll check to see if this is now a problem google can help me with :)
<ash_m> lordievader: that was a really good assessment... what led you to this theory?
<lordievader> ash_m: If you did I would have said I couldn't help you. I don't know much about ipv6.
<lordievader> ash_m: IPv4 worked, your "Connecting to..." line showed an IPv6 address.
<ash_m> lordievader: so you thought, "It's attempting to resolve a v6 address... I wonder what happens if it just attempts to fetch a v4 address"
<ash_m> ?
<lordievader> The resolving ain't the problem, the connecting to is the problem.
<lordievader> ash_m: Linux prefers ipv6 so if you have an ipv6 address it will try that first.
<ash_m> is this something I should bother trying to fix or should I just be satisfied with leaving ipv6 disabled?
<lordievader> ash_m: That is up to you.
<ash_m> lordievader: how do you pronounce your sn? I am saying it "lordy evader" in my head
<lordievader> Lord ee vader, it is a play on words.
<ash_m> (to which I quickly get tired and contract it to "lordevader")
<ash_m> oh, well then
<ash_m> :)
<ash_m> alright, my compy needs to restart
<ash_m> I am really hopeful it doesn't revert all the changes I made to my folder settings... it tends to do that for some reason (win 8.1)
<ash_m> c ya! thanks again!
<lordievader> Hmm... it will revert the ipv6... but then he was gone.
<YamakasY> is ubuntu still friendly ?
<ash_m> back :)
<YamakasY> wb
<lordievader> Hmm... it will revert the ipv6... but then he was gone.
<lordievader> ash_m: ^
<ash_m> lordievader: I'll check it out
<ash_m> lordievader: I actually went through a more elaborate process to edit the conf file directly so I hope that sticks
<lordievader> ash_m: /etc/sysctl.conf you mean?
<ash_m> lordievader: yeah
<ash_m> I wish there was a way to keep MI off on VirtualBox
<ash_m> lordievader: it would appear it stuck
<ash_m> :)
<lordievader> ash_m: Yes, that is persistent.
<lordievader> MI?
<andol> On that note, instead suggesting "echo 1|sudo tee /proc/sys/net/ipv6/conf/all/disable_ipv6" it might be a slightly better approach to suggest "sudo sysctl net.ipv6.conf.all.disable_ipv6=1", it mapping more directly to what one would put in /etc/sysctl.conf
<andol> Not that one really want to have that line in ones sysctl.conf, but still :-)
<ash_m> lordievader: mouse integration
<lordievader> andol: There are many ways to rome ;)
<ash_m> lordievader: it's a server OS anyway, so I will never see it on that console
<lordievader> andol: It is in mine, simply because I haven't gotten round to properly setting up ipv6 yet.
 * andol makes an effort to keep his inner IPv6 zealot under control...
<ash_m> andol: yeah I added net.ipv6.conf.all.disable_ipv6 = 1
<ash_m> net.ipv6.conf.default.disable_ipv6 = 1
<ash_m> net.ipv6.conf.lo.disable_ipv6 = 1
<ash_m> I guess default and lo are meaningless if all is disabled
<ash_m> andol: is it worth me attempting to fix my VM so that IPv6 works? right now (as you have noted) it's just disabled.
<andol> ash_m: Assuming you have some idea on where to start, it wouldn't hurt to at least spend some time on it.
<andol> I mean, sooner or later you will need to familiar yourself with IPv6.
<ash_m> that's true, but sooner or later I will need to familiarize myself with networking in general lol
<jamespage> coreycb, dosaboy, zul: haproxy included for liberty CA - enables SSL termination support for LBaaS
<jamespage> coreycb, something new for you to learn - https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1472586
<jamespage> you should be able to follow in my footsteps for previous updates
<zetheroo>  memory on a webserver is being gobbled up by something and I need to find out by what ..
<coreycb> jamespage, got it, thanks
<lordievader> zetheroo: (h)top?
<zetheroo> lordievader: that shows percentages ... I would like to see MB or GB ...
<lordievader> It shows those things too, and else you can allways calculate them.
<zetheroo> all I see is memory percentage
<lordievader> zetheroo: Top shows virt, res and share by default, in htop you can enable those.
<coreycb> jamespage, 2014.1.5 is Fix Released for trusty and CA testing was successful on precise-icehouse-proposed
<zetheroo> I am just wondering ... is it safe to completely turn off swappiness on a server?
<lordievader> zetheroo: That depends.
<zetheroo> I saw about 10GB of the 16GB memory was marked as "cached" by the monitoring tool we use (munin) - would it make a difference to enable swap?
<lordievader> If you have enough ram or don't care about the oom, it can be disabled.
<zetheroo> ok - well there was about 1GB free ...
<zetheroo> after rebooting the server only 1.5GB is being used out of that 16GB
<jamespage> coreycb, awesome
<jamespage> coreycb, need to let precise bake for +5 days based on when stuff went into proposed
<coreycb> jamespage, ok
<jamespage> coreycb, will push out on monday
<jamespage> remind me if I have not done it
<coreycb> jamespage, will do, sounds good
<boukiller> hello, can someone help me with this squid config http://pastebin.com/iLntCWMh ? I have a Access Denied error from squid (ubuntu server 14.04lts)
<teward> rbasak: since you know more about it than I, are SRUs accepted for inclusion of apport hooks in order to make diagnosing the ****storm of unusable ambiguous bugs we've seen recently against nginx easier?  or should I be poking -release with that question?
<teward> (for vivid+, we need extra info in the bug report that apport just can't give us on its own, for those postinstall bugs)
<soahccc> We had a hard drive failure in our raid1. I removed the disk from the array and shut the machine down, replaced disk and when I now try to boot I get this: http://files.sven.bmonkeys.net/images/811730085_12085082117409553779.jpg_2015-07-08_16-11-36.png Any idea what could possible went south? I guess it generally found something to boot from (ie grub is not broken)
<rbasak> teward: pretty sure the SRU team would be happy to take apport hook enhancements, as long as they're also present in Wily.
<rbasak> teward: I've done that for mysql before.
<teward> rbasak: yeah, this is gonna have to land in Wily and Vivid
<teward> especially since we have a lot of incomplete, crap-information bugs on the same version with no debugging info
<teward> so thanks to pitti in -devel, i've got the info i need to start poking apport hooks into play.  Then I have to beat the source package and test xD
<teward> (so if we have a bug or two that accidentally get in and I Invalid them, blame testing >.>)
<rbasak> matsubara: please could you test Utopic in bug 1443735? There was a small accident earlier: http://irclogs.ubuntu.com/2015/07/08/%23ubuntu-release.html#t12:09
<rbasak> soren: am I right in thinking that you manage the bot in here? I don't think it's worked in a while.
<soren> rbasak: Well..
<soren> rbasak: No. I stopped managing it at one point.
<soren> soren: I just failed to let you guys know :(
<soren> Hah.
<rbasak> soren: ah :)
<soren> And now I'm talking to myself.
<teward> rbasak: I *could* drop a clone of one of my bots with Bug Number ANnouncing into here, or we could poke whoever manages ubottu... :P
<teward> soren: heh
<rbasak> I can always ask to get another bot in here, just don't want to end up with two operational ones.
<teward> rbasak: i think the issue is we used to have a ubot, and we have ubottu now...
<teward> not sure what the situation is on what does what thoug
<soren> I feel pretty confident saying that mine is gone for good.
<rbasak> OK. We'll figure out a replacement. Thank you for your bot's previous hard work :-P
 * soren tips his hat
<teward> rbasak: well, I know Ubottu can do it, just tested in -bots
<teward> maybe the managers need to turn that on for here?
<rbasak> teward: do you know who manages ubottu?
<teward> i could find out
<rbasak> Would you mind?
<teward> nope, just gotta switch to a channel 5 chans up on the list
<teward> rbasak: Pici'll take a look at it
<rbasak> Thanks Pici and teward!
<OliPicard> hey everyone, I'm trying to setup a cron job every hour to run python3 script.py at the location /var/www however the cron isn't firing. any ideas as to why it isn't? I'll paste the cron syntax in a second :)
<teward> rbasak: do you think that there'll be any issue with adding the apport hooks to Wily nginx while we have the pending issue with where to go forward?
<lexdvnc> Hi everyone. Quick question. Has anyone here any attempted a kernel upgrade to 4.0 on Ubuntu 14.04 LTS?
<lexdvnc> The hot kernel patch is really *something*
<rbasak> teward: I don't think so. Seems to me that they're fairly independent.
<teward> ack
<teward> rbasak: the only thing is it increases the delta between Debian and Ubuntu, but necessarily so
<teward> (because apport)
<smb> rbasak, ping about hangout
<rbasak> Yeah, though it's pretty well separated. I think Debian might even take apport stuff now. We did it for MySQL as it doesn't impact Debian at all. I can't remember Debian status though. Ultimately depends on the maintainers I guess.
<rbasak> smb: joining
<OliPicard> 0 * * * * python3 /var/www/html/setup.py is on my crontab -e
<teward> rbasak: it appears to me people actually RESPOND to requests for information on Debian bugs
<teward> whereas people don't here in Ubuntu, my guess is because ubuntu bug reporting is a lot more friendly
<OliPicard> I'm guessing I would need to use 0 * * * * python3 setup.py /var/www/html
<pmatulis> OliPicard: start with something reall simple. the problem is prolly not with cron but with the binary and/or how it's being called
<OliPicard> pmatulis: it's calling fine when in manual mode
<OliPicard> if i was to run the app using python3 setup.py it's fine (note it's not called setup.py, It's just an example ;))
<teward> stupid question, but does your user when running that script (assuming a userspace crontab) have access to the directory?
<teward> and also what are you using to determine whether the script is firing or not
<OliPicard> Yup :D
<OliPicard> grep
<OliPicard> grep CRON /var/log/syslog
<OliPicard> Jul  8 07:00:02 host CRON[2156]: (CRON) info (No MTA installed, discarding output)
<teward> OliPicard: consider maybe wrapping the command in a bash script, call `logger` and log to syslog that it's going to try and execute the script, then the line after the python3 ... line can be another logger call that spits out what the exit code was?
<teward> (ran into a headache like this here at work >.<)
<teward> (at least for testing :P)
<teward> in case cron says nothing by some weird issue
<TJ-> lexdvnc: I use kernels 4.1 and 4.2-rc1 with 14.04
<lexdvnc> TJ- are you using it on server or desktop? The concern here is that I want to run 4.0 on KVM VPS
<TJ-> lexdvnc: both
<lexdvnc> TJ- how was the upgrade process? Smooth? Encountered any major issue?
<TJ-> lexdvnc: I just built the kernel ("make ... deb-pkg"), installed the packages and rebooted
<lexdvnc> Okay gotcha. I will attempt upgrade
<lexdvnc> Thanks TJ-
<OliPicard> Teduardo: Ah :D on a server
<OliPicard> tedward: sorry my auto correction just failed.
<OliPicard> tedward: Just tried this instead: 0 * * * * python3 plutus.py /var/www/html
<matsubara> rbasak, sure. I focused on the two lts and the current release. I didn't try the grub-signed packages though
<coreycb> jamespage, python-keystonemiddleware is fix released in utopic and successfully tested in the CA for trusty-juno-proposed
<jamespage> coreycb, ack
<k2gremlin> Quick question, blank iptables allows all or no?
<soren> k2gremlin: Depends.
<soren> k2gremlin: You also define a default policy.
<soren> k2gremlin: So it's up to you.
<k2gremlin> Well it's blank and ssh is working locally so...
<k2gremlin> but I was trying to define a few ports last night and I could not for thwe life of me get them to work
<jamespage> coreycb, promoted to updates - thankyou!
<coreycb> jamespage, ty!
<soren> k2gremlin: This is the output of my "iptables -L": http://streambin.net/1bd496bb-59ba-4b50-b517-f297f1e9ada5
<soren> k2gremlin: See where it says "Chain INPUT (policy DROP)".. That means the default policy is DROP.
<soren> k2gremlin: If nothing matches, that's what will happen.
<k2gremlin> soren, Ok so my def is accept
<k2gremlin> so why is my server not accepting :/
<k2gremlin> ports are forwarded on my router
<soren> Either another rule is blocking it or you're not actually listening on the given port.
<k2gremlin> Chain INPUT (policy ACCEPT)  with nothing under it
<k2gremlin> its weird.. when I do a netstat, they show up.. but with a blank state..
<k2gremlin> how do I fix that?
<soren> k2gremlin: What do you mean "blank state"?
<k2gremlin> nothing listed under state for the 2 ports im trying to use
<k2gremlin> udp        0      0 0.0.0.0:7778            0.0.0.0:*
<k2gremlin> thats it lol
<soren> UDP is stateless.
<k2gremlin> Ok then my port 7777 is not working at all :/
<k2gremlin> thats the tcp port
<soren> You're not really giving me anything to work with. I have no idea what you're trying to do, what you've done, what you were expecting to happen and what actually happened.
<k2gremlin> soren, I am trying to get an Ark server running. It shows up on the LAN but is unreachable from the WAN.
<soren> So you say.
<k2gremlin> soren, if your interested in taking a peek... https://join.me/887-845-113
<matsubara> rbasak, I'm unable to reproduce the bug in Utopic for bug 1443735. It seems the install from scratch already leaves me with grub2 2.02~beta2-15ubuntu01 which after a power off have the 30s grub timeout set.
<matsubara> rbasak, is that enough of a verification?
<matsubara> rbasak, I left a comment in the bug report stating so.
<rbasak> matsubara: I think that's fine. Thank you!
<matsubara> rbasak, np
<teward> rbasak: fwiw, I fear i'm overcomplicating the apport hooks file xD
<teward> but i guess that's just my coding style.
<teward> (for nginx)
<LinuxJedi> teward: anything I can help with
<teward> LinuxJedi: not unless you know how to make systemd actually show stderr during apt
<teward> LinuxJedi: it's not an nginx core issue - it's an apport handling issue
<teward> LinuxJedi: if you'd like I'll give you a rundown of the issue in PM
<teward> AND update you on something else
<LinuxJedi> ah! Unfortunately I can only do the basics in systemd. May I suggest beating it with a hammer? :)
<teward> :P
<teward> LinuxJedi: i'm going the apport-hook method, but i'll give you the rundown of the issue anyways, see the incoming PM
<LinuxJedi> cool, thanks :)
<sarthor> Hi, I am running ubuntu-server, I am facing this message with apt-get install any-pakagge. E: Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/main/p/postgresql-9.                                  3/libpq5_9.3.9-0ubuntu0.14.04_amd64.deb  Connection failed [IP: 91.189.91.14 80]
<jge> weird, anyone know why syslog is writting twice to main log and template even when "&~" is present?
<sarnold> sarthor: is it still happening? I get a 200 OK when I connect to it
<sarthor> sarnold, Have still happening that.
<sarnold> sarthor: I suggest trying mtr 91.189.91.14 or traceroute 91.189.91.14 to try find out where the connection fails
<sarthor> sarnold, mtr says this http://paste.ubuntu.com/11843594/
<sarnold> sarthor: that packetloss early on is astonishing.. but the later hops all seem alright..
<sarthor> sarnold, that is my modem IP address.
<sarthor> and My ISP assign it dynamically.
<sarthor> rest I have no issue with internet, where will be the issue? with my ISP or with distination ?
<Sprocks> how do i enable AMD-V so that i can have my ubuntu 14.04 server run 64bit virtual machines in virtualboxheadless?
<bekks> Sprocks: Enable it in the BIOS.
<Sprocks> bekks: i dont see an option for it in the bios but i ran "grep --color svm /proc/cpuinfo" and it says the support is there
<bekks> And do you get a specific vbox error message?
<jamespage> SpamapS, ironicclient should be in the proposed area of the cloud-archive for kilo in the next hour or so
<Sprocks> when i create a vbox machine using the command line it creates a nice 64bit machine but when i try and install a 64bit os i get the wrong kernal message you'd expect
<TJ-> Sprocks: if you see the svm flag then virtualization support is enabled, but the hypervisor may require a kernel module to use it. For QEMU there's the KVM module
<Sprocks> TJ-: so you think if i install kvm everything should work fine?
<TJ-> Sprocks: not for VirtualBox, for that you need the VB module, usually its a DKMS managed module I believe
<TJ-> Sprocks:  see "apt-cache show virtualbox-dkms"
<sarthor> HI again, if I can not download some packages from here, http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main libpq5 amd64 9.3.9-0ubuntu0.14.04
<sarthor>   Connection failed [IP: 91.189.91.13 80] , then what will be next option please.
<Sprocks> TJ-: would you like the paste of that?
<TJ-> Sprocks: No, I read it here. I was giving it you for information... that is the moduel VB will require, if it isn't already installed
<bekks> The kernel modules are always required, but the error message you get would be interesting.
<bekks> sarthor: You could use another mirror.
<smygIG> Hallo. Can i use static ip in server when the router is using dhcp? The problem is thet my server dont get ip if it starts before the router.
<ogra_> smygIG, you should tell your router to leave that IP out of the DHCP pool so it doesnt get assigned twice
<ogra_> (beyond that, yes, sure, that should all work)
<smygIG> ORGA_ the ip is lockt to my servers mac.adress
<ogra_> right, then it is fine
<smygIG> OGRA_ thanx
<Sprocks> TJ-: this is what i get when i try to install that http://paste.ubuntu.com/11843935/
<TJ-> Sprocks: I thought VirtualBox was installed?
<Sprocks> TJ-: it is, i installed it according to https://www.howtoforge.com/vboxheadless-running-virtual-machines-with-virtualbox-4.3-on-a-headless-ubuntu-14.04-lts-server
<bekks> Sprocks: Then DONT install virtualbox-dkms.
<bekks> Thats a package from the Ubuntu repos, while you install virtualbox from the Oracle repo.
<TJ-> Sprocks: Are you aware that the 14.04 archives has virtualbox  4.3.10-dfsg-1ubuntu5 ?
<Sprocks> TJ-: no i wasnt aware of that but would that let me run a vbox headless server with 64bit guests?
<TJ-> Sprocks: There are a series of packages, see "apt-cache search -n 'virtualbox' ... but virtualbox contains "/usr/bin/VBoxManage"
<teward> postfix question: if I want to accept all addresses for a given domain, and forward them (virtual domain aliases basically), is @domain.tld sufficient or is there more config needed (OTHER than putting it in virtual_alias_domains and adding the mapping)
<k2gremlin> Is there anyway to tell a process on Ubuntu to use more then 1 core?
<sarnold> k2gremlin: that can only be done via writing the application to use threading or multiple processes
<sarnold> k2gremlin: by default, every program can use as many processors are on the system
<k2gremlin> sarnold, Apparently not the Ark Server program lol
<k2gremlin> when it boots up, it slams one core.. and nothing else lol
<sarnold> k2gremlin: that's not a big surprise; multi-threading programs are difficult to get right. Multiple processes are a lot easier, but not necessarily a good fit for whatever it needs to do.
<k2gremlin> Understand. Thanks
<k2gremlin> just being bored while I try to fix a damn port issue.. its killing me lol
<k2gremlin> if my iptables says (policy ACCEPT) on input, all is open by default right?
<k2gremlin> and any -j Accepts I toss on there don't do crap.. ?
<teward> k2gremlin: is this an EC2
<teward> or something behind a hardware firewall/router/NAT
<k2gremlin> its behind a router/nat
<teward> portforward
<teward> did you do that?
<k2gremlin> and the router is forwarding the ports..
<teward> did you verify it?  (packet trace on the server, verify the packets reach?)
<k2gremlin> http://imgur.com/QBd9FlG,lOCNNFa#0
<teward> sarnold: how hard would it be for me to get a tiny nginx upload into wily right now, given I have upload rights?
<teward> (it's the apport hooks)
<sarnold> teward: afaik if you have upload rights you can upload whatever you want almost whenever you want, right? featurefreeze times etc..
<teward> sarnold: within reason, yeah,I mean I can't upload something that torpedoes the builds, obviously, except where it's a complete accident
<k2gremlin> Another general question, is there a way to tcpdump for multiple ports? port 7777 | port 7778?
<teward> sarnold: i'm doing some final testbuilding before dropping things into my vivid test vm to see if the apport hooks are built in right to the packages, but eh
<k2gremlin> or is it (7777|8888)
<sarnold> k2gremlin: something like "port 7777 or 8888"
<TJ-> k2gremlin: "port 7777 or port 8888"
<sarnold> k2gremlin: there's some examples (more complicated) in the tcpdump manpage
<sarnold> teward: nice
<teward> sarnold: i love sbuild xD
<k2gremlin> sarnold, thanks
<teward> sarnold: the only thing I hate is all the flavors of nginx - that's one apport hook per nginx binary
<teward> so, nginx-core nginx-light nginx-full nginx-extras
<teward> ^ four identical files
<sarnold> ooof
<teward> because the debug symbols don't need the apport hooks, nor does the -common package
<sarthor> Hi. I am back again with same probem if some person can help to guide me toward solution. my apt-get says Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/main/libc/libcrypt-openssl-rsa-perl/libcrypt-openssl-rsa-perl_0.28-1build1_amd64.deb  Connection failed [IP: 91.189.91.13 80]
<teward> sarthor: working here, maybe switch mirrors, or wait a little bit?  (a wget indicates that the download works fine)
<sarthor> teward, I am facing this issue since 3 days. How to change mirror. I am not expert.
<teward> three days?  and it still happens?
<sarnold> sarthor: hmm.. are you perchance using squid-deb-proxy or apt-cacher-ng? I think I had that error message when I switched mirrors but forgot to update the squid ACLs
<teward> ^ that perhaps?
<sarthor> no squid or any proxy server involved. connected direct to FTTH modem. 25 m/s downllink
<sarthor> and this url from the server says in browser  " http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main cpp-4.8 amd64 4.8.4-2ubuntu1~14.04" ..The requested URL /ubuntu/ trusty-updates/main cpp-4.8 amd64 4.8.4-2ubuntu1~14.04 was not found on this server.
<sarnold> what URL did you paste into your browser?
<sarthor> sarnold, that was wrong sorry.
<sarthor> this is what my apt-get says Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/main/libc/libcrypt-openssl-rsa-perl/libcrypt-openssl-rsa-perl_0.28-1build1_amd64.deb and i think this file is not there.
<teward> sarthor: um... what you just posted is not a link?
<sarnold> sarthor: I just retrieved that file from all three servers that are using that name
<teward> sarnold: http://us.archive.ubuntu.com/ubuntu/pool/main/libc/libcrypt-openssl-rsa-perl/libcrypt-openssl-rsa-perl_0.28-1build1_amd64.deb  <-- try and get that
<teward> erm
<teward> sarthor: ^
 * teward kicks the internet
<sarthor> teward, sarnold with me it says The connection was reset
<sarthor> The connection to the server was reset while the page was loading.
<sarthor> while I have good internet
<teward> apparently not
<teward> something's killing the connection
<sarnold> sarthor: I think you've got a difficult debugging process ahead of you; try doing http to a few dozen websites, see if you can find any commonalities between what works and what fails
<sarthor> teward, yea. I can browse internet. can install alot more packages. downoad speed is awsome. do not what is issue.
<sarnold> sarthor: at least you're resolving the dns names to the same IPs that I'm getting, so you get a free pass on DNS :)
<sarthor> Ahhhhhhhhh... I was crazzy to lean how to configure postfix. I found good tutorial Now I can not install packages due to this issue.
<teward> sarnold: in other news: i discovered interacting with my VM over SSH from the host itself on a host-only device makes copy-paste and editing things so much easier and i only discovered this last week is more sane xD
<teward> s/is more sane//
<sarnold> teward: ssh is the only way to use vms :) hehe
<sarthor> BYE for now.
<TJ-> sarthor: the issue seems to be a HTTP protocol version issue. HTTP/1.0 fails, HTTP/1.1 succeeds
<TJ-> darn!!!!
 * TJ- thinks sarthor is behind a transparent proxy that is using HTTP/1.0 for outbound requests
<teward> sarnold: yes it is xD
<teward> TJ-: i think so too, perhaps
<teward> but he said no proxy in there
<teward> i doubt it
<sarnold> TJ-: hah, I'd never think to try that..
<TJ-> If his ISP is operating a proxy he won't know about it.   see http://paste.ubuntu.com/11844647/
<TJ-> Interestingly, that mirror is showing different Apache versions for HTTP/1.0 vs HTTP/1.1 - must be behind a load-balancer/proxy itself
<teward> TJ-: indeed
#ubuntu-server 2015-07-09
<mikesilver> hi!!!! everybody!
<mikesilver> Could anyone help me?
<mikesilver> I canÂ´t install exfat-fuse and exfat-utils on ubuntu server 14.04.2 LTS :-(
<sarnold> what errors do you get?
<mikesilver> It is assumed that already comes in the universe repository but i cant install it
<mikesilver> "E: Unable to locate package exfat-fuse"
<sarnold> do you get any reasonable-looking output from this? grep universe /etc/apt/sources.list
<mikesilver> look:
<mikesilver> emâ¦ if i post all content of grep the moderator banned me, right?
<mikesilver> deb http://mx.archive.ubuntu.com/ubuntu/ trusty main universe multiverse
<mikesilver> deb-src http://mx.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse
<mikesilver> deb http://mx.archive.ubuntu.com/ubuntu/ trusty-security main universe multiverse
<mikesilver> deb http://mx.archive.ubuntu.com/ubuntu/ trusty-updates main universe multiverse
<mikesilver> deb-src http://mx.archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse
<mikesilver> deb-src http://mx.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
<mikesilver> deb-src http://mx.archive.ubuntu.com/ubuntu/ trusty-proposed main restricted universe multiverse
<mikesilver> deb-src http://mx.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
<sarnold> mikesilver2: have you run apt-get update lately?
<mikesilver> yes
<mikesilver> yes
<mikesilver> update, upgrade
<sarnold> did you get any errors from that?
<mikesilver> noup
<mikesilver> anything
<sarnold> I downloaded the mx.archive.ubuntu.com trusty Packages.bz2 and found exfat-fuse, and those files do exist under pool/universe/f/fuse-exfat/exfat-fuse_1.0.1-1_amd64.deb ...
<mikesilver> nothing
<mikesilver> so what happens?
<mikesilver> my instalation is clean
<mikesilver> one hour aprox xD
<mikesilver> it never happened to me
<sarnold> mikesilver: try this zgrep exfat-fuse /var/lib/apt/lists/*trusty* | wc -l
<mikesilver> i just installed Webmin
<sarnold> yikes
<sarnold> firewall that thing so that you can access it from only whatever IP addresses you actually use
<mikesilver> result of command: 2
<sarnold> those "web consoles" are the most common intrusion point for hacks..
<mikesilver> i know.. but my server is for home test ^_`
<mikesilver> zgrep exfat-fuse /var/lib/apt/lists/*trusty* | wc -l = 2
<sarnold> mikesilver: I'm out of ideas; all the results of what you're running look like your apt is properly configured, and it looks like you ought to be able to download the packages fine. The mirror you're using has the packages. It all should work.
<mikesilver> i know!!! its crazy!!!
<mikesilver> but I cant install it!
<sarnold> mikesilver: that just leaves some crazy ideas, like rm /var/lib/apt/lists/*trusty* ; apt-get update && apt-get install exfat-fuse
<sarnold> I'd be sad if that actually does the job
<mikesilver> sudo apt-get install exfat-fuse:
<mikesilver> Reading package lists... Done
<mikesilver> Building dependency tree
<mikesilver> Reading state information... Done
<mikesilver> E: Unable to locate package exfat-fuse
<sarnold> how about apt-cache policy exfat-fuse?
<mikesilver> oum, i dont know
<mikesilver> xD
<mikesilver> what do you mean?
<sarnold> mikesilver: run apt-cache policy exfat-fuse | pastebinit -- install the pastebinit package if you don't have that installed yet :)
<mikesilver> The program \xabpastebinit\xbb is not installed. You can install it by typing:   sudo apt-get install pastebinit
<mikesilver> sarnold: What does that mean?
<hexch> mikesilver: https://help.ubuntu.com/community/Pastebinit
<sarnold> mikesilver: it is telling you how to install the pastebinit package
<mikesilver> oh!! ok ok
<mikesilver> waitâ¦ =)
<mikesilver> sarnold: I cant install it! same error that exfat-fuse
<sarnold> hey, that's fun :)
<mikesilver> Cannot initiate the connction to mx.archive.ubuntu.comâ¦â¦.
<sarnold> man it's obviously bed time, why didn't I think to check a different package earlier?
<mikesilver> xD
<sarnold> how about apt-get install bash ?
<mikesilver> never mind
<sarnold> you shold get an error message like "bash is already the newest version." somewhere in that output..
<mikesilver> yeap! newest version 0U, 0 N 0to R and 0 not upgraded
<mikesilver> the neswet version and all in 0
<mikesilver> newest*
<sarnold> mikesilver: how about these: apt-get install emacs   or  apt-get install vim   -- you don't actually have to install them, but I'm curious if it knows about those...
<sarnold> both emacs and vim are in main..
<mikesilver> ok wait
<mikesilver> Results: Do you want to continue? [Y/n] y
<mikesilver> WARNING: The following packages cannot be authenticated!
<mikesilver> Install these packages without verification? [y/N] y
<mikesilver> Err http://mx.archive.ubuntu.com/ubuntu/ trusty/main imagemagick-common all 8:6.7.7.10-6ubuntu3
<mikesilver>   Cannot initiate the connection to mx.archive.ubuntu.com:80 (2001:67c:1360:8c01::18). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::18 80]
<sarnold> HEY! those are actual errors. hooray.
<mikesilver> :-)
<sarnold> (a) there's no reason why those packages should be untrusted. that's bad. (b) should IPv6 work? is there some reason why that's failing?
<sarnold> sorry to say I just don't have the energy to help debug further
<mikesilver> im it is assumed that ipv6 is not working, i have disabled...
<mikesilver> im working only with ipv4
<mikesilver> thank you very much men!
<mikesilver> I think I will re-install the server from scratch
<mikesilver> xD
<sarnold> that shouldn't be necessary
<mikesilver> how restore the repository list? and her keys?
<mikesilver> i think that the problem is the RSA keys
<mikesilver> or any similar
<mikesilver> the connection to the repository is what fails
<sarnold> mikesilver: the keys are only used to verify the downloaded contents, they aren't used in actually connecting
<mikesilver> When I ping www.google.com, the DNS resolved, but after not connecting
<sarnold> mikesilver: I think the key that's needed for trusty is 790BC7277767219C42C86F933B4FE6ACC0B21F32  -- apt-key list    will show you your configured keys
<sarnold> mikesilver: oh man, then you've got a lot more debugging ;/ sorry i didn't think to check these simple things first
<mikesilver> yeap
<mikesilver> the key isnt found
<mikesilver> the key was not found
<sarnold> it only lists the lower 32bits of the keyid...
<sarnold> good luck mikesilver :)
<mikesilver> thans man!
<mikesilver> nites nites!
<sarnold> gracias :)
<mikesilver> Good night everybody!!!
<mikesilver> bye!
<mik3silv3r> =)
<mik3silv3r> exit
<Mik3Silv3r> What irc client recommend?
<lordievader> Good morning.
<Mik3Silv3r> im an user of mac osx
<lordievader> Mik3Silv3r: Irssi :)
<Mik3Silv3r> Irssi?
<lordievader> Yes.
<memoryleak> I have an issue with a cron job. I'm running a third party script in a cron job as apache user - it doesn't work (data is not being created). If I run the script as an user created by me, which is not a system user - it works. What could cause this behavour?
<lordievader> Permissions?
<jamespage> coreycb, contextlib2 is worth an MIR IMHO
<jamespage> coreycb, I'll not block on the ceilometer update - but please can you raise one - we can drop the patch and add the BD back later
<memoryleak> lordievader: it doesn't work as well when executed as root :(
<lordievader> memoryleak: Do you get errors?
<Mik3Silv3r> quit
<mikesilver2> oum.. irssi i ugly
<mikesilver2> xD
<mikesilver2> colloquy.. fine...
<mikesilver2> komanda is pretty
<mikesilver2> limechat nice...
<lordievader> Irssi is awesome.
<mikesilver2> is commandline
<ObrienDave> you want functionality or eye-candy?
<lordievader> mikesilver2: Exactly, great ain't it :P
<mikesilver2> but im newer
<mikesilver2> uninstalled xD
<lordievader> mikesilver2: You do know you are in #ubuntu-server right? Asking server guys you usually get gui-less answers ;)
<mikesilver2> xD
<mikesilver2> your right!
<mikesilver2> xD
<mikesilver2> but.. but... im an user of mac too!
<ObrienDave> i'm sorry ;P
<mikesilver2> the ubuntu server its fine... but my personal computer is mac...
<mikesilver2> for ubuntu server ssh
<mikesilver2> but in my mac too?
<lordievader> What?
<mikesilver2> =)
<mikesilver2> commandline
<mikesilver2> for chat
<memoryleak> lordievader: no output to stdout/stderr
<lordievader> I have no idea what you are asking. Could you write full sentences?
<lordievader> memoryleak: Exit code?
<mikesilver2> memoryleak: instal pastebinit ;-)
<Mik3Silv3r> well... i go to sleep
<Mik3Silv3r> :)
<Mik3Silv3r> goodnight!
<sarthor> HI.. 4 th day, still have the problem. I tested with several internet connections. same issue apt-get install any-pakagge. E: Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/main/p/postgresql-9.                                  3/libpq5_9.3.9-0ubuntu0.14.04_amd64.deb  Connection failed [IP: 91.189.91.14 80]
<sarthor> changed mirros,  http://us.archive.ubuntu.com to  http://ru.archive.ubuntu.com and  http://in.archive.ubuntu.com and  http://sp.archive.ubuntu.com and  http://hk.archive.ubuntu.com but no difference. HELP
<lordievader> sarthor: Can you ping the ip?
<sarthor> let me connected again direct with modem.
<sarthor> lordievader, yea I can ping that 19.189.19.14
<sarthor> 22 transmited. and same recieved. 0% loss lordievader
<lordievader> sarthor: Allright, what do you get when you nmap port 80 on that ip?
<sarthor> lordievader, says 80/tcp open  http
<frickler> anyone else seeing issues with the latest grub updates? we are building our own cloud images and since tonight they are failing on boot being unable to find the root volume UUID
<frickler> happens for both trusty and vivid
<lordievader> Hmm, that is good.
<lordievader> sarthor: ^
<lordievader> sarthor: Is apt configured to use a proxy?
<sarthor> lordievader, there is not proxy involved.
<lordievader> sarthor: Can you connect to the ip with a web browser from that box?
<sarthor> lordievader, yea it is working.
<lordievader> Could you pastebin the full error you are getting?
<sarthor> lordievader, http://paste.ubuntu.com/11847781/
<frickler> fwiw, http://cloud-images.ubuntu.com/vivid/current/vivid-server-cloudimg-amd64-disk1.img shows the same error for me
<lordievader> sarthor: Are you able to download http://91.189.91.13/ubuntu/pool/main/libn/libnet-cidr-perl/libnet-cidr-perl_0.17-1_all.deb
<lordievader> ?
<sarthor> lordievader, yea downloaded.
<lordievader> Pff.
<lordievader> sarthor: Do you know strace?
<sarthor> lordievader, no, do not know that.
<lordievader> Hmm, is strace installed?
<sarthor> yea installed.
<lordievader> sarthor: Was it installed already, or did you need to install it?
<sarthor> it was installed
<lordievader> Hmm, ok. strace -o /tmp/apt.trace apt-get install <some package> >/dev/null
<lordievader> After you've done that could you pastebin the /tmp/apt.trace file?
<sarthor> lordievader, i did this, nothing happening strace -o /tmp/apt.trace apt-get install postfix* >/dev/null
<sarthor> waiting...
<lordievader> After a while it should be done... unless apt is waiting for input... Hmm perhaps you should run: stace -o /tmp/apt.trace apt-get install -y postfix >/dev/null
<coreycb> jamespage, I'll raise a MIR for contextlib2
<sarthor> lordievader, http://paste.ubuntu.com/11847897/
<lordievader> sarthor: Err, that is dpkg output?
<lordievader> Seems like apt downloaded things okay this time.
<sarthor> it was the result of that command you told me.
<sarthor> strace -o /tmp/apt.trace apt-get install -y postfix >/dev/null
<lordievader> Not the file /tmp/apt.trace?
<lordievader> I wanted to see that file ;)
<sarthor> lordievader, big file. here http://paste.ubuntu.com/11847927/
<lordievader> I see an '400 URI Failure\nURI: http://us.a', could you pastebin your /etc/apt/sources.list?
<sarthor> lordievader, http://paste.ubuntu.com/11847982/
<lordievader> Have you ran an apt-get update lately?
<sarthor> yea several times.
<lordievader> Hmm...
<sarthor> lordievader, any clue?
<lordievader> Err, I don't really get what is going on...
<lordievader> Somehow apt is getting the wrong url or something.
<jge> weird, updated to latest chrome stable release but the old version still comes up.. what am I doing wrong? :\
<pmatulis> sarthor: i find it very odd that you are having so many problems with package installs. there is prolly something systematically wrong with your setup
<sarthor> pmatulis, I have multiple computers and multiple internet connections in different places. all have same issue. may be due to region.
<lordievader> pmatulis: Looked like his postfix installed without problems.
<lordievader> Strange thing is he can download the debs through his browser...
<sarthor> and lordievader pmatulis some packages installing very normal. and some have that issue.
<lordievader> That is really wierd.
<TJ-> sarthor: You left yesterday and didn't see my report. Your problem appeared to be caused by requests using HTTP/1.0 not HTTP/1.1
<pmatulis> sarthor: then prolly something systematically wrong with how you configure your machines, irrespective of where they are located
<TJ-> sarthor: Here, this was what I found: http://paste.ubuntu.com/11844647/
<sarthor> TJ-, where are fasting, and that time was the time when we end fasting.. Sorry for that.
<TJ-> [00:44] * TJ- thinks sarthor is behind a transparent proxy that is using HTTP/1.0 for outbound requests
<TJ-> [00:46] Interestingly, that mirror is showing different Apache versions for HTTP/1.0 vs HTTP/1.1 - must be behind a load-balancer/proxy itself
<sarthor> TJ-, On my end I am not using any proxy, I dont know my ISP side.
<TJ-> sarthor: Well, those results explain your issue. I think your ISP or country have transparent proxies
<sarthor> TJ-, may be, so everything was great before 1 week. So then I think there will be no solutions. because counter will remove proxies for me.
<TJ-> sarthor: I'ts quite concerning they would intercept package updates; suggests the packages fetched might be interfered with, so you sohuld triple-check their signatures match the Ubuntu signing keys
<sarthor> TJ-, I downloaed ubuntu-server 14.04 fresh iso. installed. on VM. with the defautl setting I am facing these issue. and if you want to install again new machine. I can do that too.
<TJ-> sarthor: reinstall isn't going to help if the network connection is causing your package update failures
<sarthor> if you want me to install* Sorry the mistakes in language.
<sarthor> ok.
<Lurchy> morning everyone
<lordievader> TJ-: Interesting, how did you find this out?
<TJ-> lordievader: find what out?
<lordievader> TJ-: That sarthor's problem is related to http 1.0 instead of using http 1.1
<sarthor> lordievader, is it possible to be fixec?
<TJ-> lordievader: see the pastebin where I manually used telnet connections
<OliPicard>  hey everyone, I'm having problems with executing a script in my crontab from python. Not sure as to why https://www.irccloud.com/pastebin/epA6EKu8/
<lordievader> sarthor: If I understand TJ-'s theory correctly there is a proxy somewhere between you and the archive server who is translating things from http 1.1 to 1.0. If you do not control this proxy I do not think you can fix it.
<TJ-> lordievader: correct.
<lordievader> Interesting/annoying problem though.
<TJ-> lordievader: you notice that the pastebin show 2 different server versions answering the 2 connections, too?
<sarthor> so lordievader I do not control this. and I tried 3 ISPs. So it was fine, and it is strange that all of those 3 isps put same rules on same time.
<TJ-> lordievader: that'll be because there's a HTTP/1.1 load-balancer and without a "Host:" header it directs the connection to the default server
<lordievader> TJ-: The first one doesn't show an ip. But *.archive.u.c is probably load balanced.
<TJ-> sarthor: Are all 3 ISPs in the same country? Which country are the ISPs in?
<lordievader> Oh wait different apache versions, never mind.
<sarthor> yea. same country.
<TJ-> lordievader: I missed the IP from the paste, but it was the same
<TJ-> sarthor: which country is it?
<lordievader> Perhaps it is the country itself? Where do you live, sarthor? If you do not mind me asking.
<sarthor> Saudi Arabia
<sarthor> I do not mind this. you guys helping..
<lordievader> Hmm, which country in the middle east wanted their own internet again?
<TJ-> According to Wikipedia: "Saudi Arabia directs all international Internet traffic through a proxy farm located in King Abdulaziz City for Science & Technology. A content filter is implemented there, based on software by Secure Computing."
<teward> heh
<lordievader> Does it also say that this proxy only support http 1.0?
<lordievader> :P
<teward> lordievader: probably badly configured lol.  unless they are *trying* to block Ubuntu and such :P
<lordievader> Let's hope it is the former.
<sarthor> these things are happening since 4 or 5 days. there is no restriction on such stuff.
<TJ-> sarthor: So I think the sysadmins have mis-configured the proxy
<lordievader> It has only been happening the past couple of days, right?
<sarthor> TJ-, yes. lordievader every thing was great.
<TJ-> sarthor: Your nearest localish official Ubuntu mirror is Oman, and I've justed checked it looks to have been last updated 29th June
<sarthor> damn....downloading...... working..... I do not how..
<TJ-> sarthor: It might be worth testing against other Ubuntu mirrors (not us.archive.ubuntu.com) and see if the same issue occurs. If you get lucky and find a mirror that isn't using a virtual host, then HTTP/1.0 will work
<sarthor> Wowo....downloaded all packages.. but this was just test machine. now I will check on other one too.
<sarthor> TJ-, i have check with  ru.archive.ubuntu.com  sp.archive.ubuntu.com  in.archive.ubuntu.com if that are different. it was same.
<TJ-> sarthor: That really confirms the faulty country proxy then
<sarthor> but now downloading .. all good now..
<sarthor> that really confirms a country "faulty proxy" then *
<sarthor> Hey really you people do great job. I do not why, but really it is great. I only can say Thanks you a lot. Salute to your efforts.
<lordievader> I hope the Saudi Arabia IT team fixes this soon ;)
<sarthor> lordievader, hope so.
<jrwren> cloud-config, the docs section is titled "add apt repostiories" but the example proceeds to choose a mirror via apt_mirror, not add an additional repo http://cloudinit.readthedocs.org/en/latest/topics/examples.html#add-apt-repositories
<jrwren> nevermind. I'll send MR for docs.
<teward> rbasak: hate to say you should bump priority on the TB email, but I think we're going to have build failures for NGINX without any merge
<teward> (see -devel)
<patdk-wk> heh, fun, this last grub update is broken :(
<rbasak> teward: ack. Sorry, just slogging through a ridiculous todo list
<teward> rbasak: no problem, i'm just running into a lot of build test issues with wily
<teward> one of which needed the 'merge' to start, but then one which recurred again regardless
<teward> who knows the most about debhelper and the packaging process changes if any in WIly?
<rbasak> teward: I try and prioritise stuff for other people, but the top five items on my todo are all for other people :-/
<teward> rbasak: ack.  you can ignore my request to bump the priority, i have to dig into the build process more
<teward> i think there's something broken in wily now
<rbasak> I don't think anything has changed much. Probably the biggest change is the systemd stuff but that hasn't really changed much in debhelper unless you specifically ask for it.
<teward> rbasak: any idea what could cause this kind of failure?  http://paste.ubuntu.com/11850085/
<teward> ooops
<teward> wait
<teward> http://paste.ubuntu.com/11849975/
<teward> i have too many links in my clipboard xD
<teward> specifically, what would create debian/tmp/use
<teward> my guess is *maybe* the perl module but...
<tarpman> teward: random guess: an executable (dh_exec) dh_install script, starting with "use Config;", being interpreted as a literal .install file by dh_install?
<tarpman> teward: looks suspiciously similar to http://sources.debian.net/src/nginx/1.9.2-1/debian/nginx-extras.install/?hl=3#L3
<teward> i should've just posted here instead of -devel
<teward> tarpman: that's a problem though, because AFAICT that's needed
<teward> tarpman: then something in debhelper has changed from Vivid to Wily
<teward> because the build doesn't fail there in Vivid
<teward> tarpman: know of any overrides that can make it process the output from Perl rather than assume it's an install file?
<teward> because looking at the error what you just said makes sense
<tarpman> teward: first check: is the file in question executable (mode +x)? :)
<tarpman> teward: I'm not really familiar with dh_exec, I'm afraid
<teward> ooooo i see what happened
<teward> lol
<teward> tarpman: that's tar's fault
<teward> it needs to be +x then
<tarpman> blame the tools!
 * teward kicks the thing
<teward> solved it!
<teward> tarpman: thank you for your guidance, and also thanks to those not in here, turns out tar lost the +x on that install script written in Perl
<teward> so things exploded
<tarpman> teward: getting further now? :)
<teward> tarpman: it's building now.
<teward> just trying to get dh_installapport to work onw
<teward> now*
<teward> since (a) i need that in wily, and (b) i need that before the merge in wily, and (c) it's needed in Vivid
<teward> if installapport doesn't work...
 * teward shakes fist at sbuild
<teward> tarpman: i don't know why it's so hard to invoke a dh_ command :/
 * tarpman 
#ubuntu-server 2015-07-10
<neonixcoder> Good day team..
<neonixcoder> I am trying to upgrade 10.04 LTS to 12.04 unattended upgrade with "do-release-upgrade -f DistUpgradeViewNonInteractive"
<neonixcoder> But middle after installing new kernel the server is rebooting..
<neonixcoder> How can I disable reboots in installation as the servers are located in remote locations..
<neonixcoder> The main problem with reboot is my system is unable to boot again due to kernel panic issue..
<neonixcoder> Any suggestions?
<lordievader> Good afternoon.
<grzywacz> Who maintains AWS EC2 mirrors used by Ubuntu AMIs by default? I'm seeing transfer rates in single bytes/s from AWS network, kinda breaks (security) updates without manual intervention. :)
<teward> grzywacz: you mean the archive mirrors?
<teward> i.e. .ec2.archive... ?
<teward> grzywacz: see #ubuntu-mirrors.  There's already a known issue I think with the UK mirrors.
<Pici> I just saw a topic change mentioning this in #canonical-sysadmin
<grzywacz> teward, sounds like this case, thanks
<teward> Pici: i'm not there, is it the same thing -mirrors is talking about?
<Pici> probably
<teward> my guess is that it is
<teward> grzywacz: you can always try the DE country mirror, or another mirror, in the interim,.
<teward> (that was the suggestion from someone a few days ago when eu-west-1 was having problems)
<grzywacz> Right, will do. Just wanted to highlight the problem. :)
<teward> grzywacz: indeed.  I think they're already on top of it, someone was in saying they've been fielding a lot of questions about mirror issues, and it looks like they're starting to look at things, and recognize where problems may exist
<grzywacz> Ack. That's fine.
<teward> it's probably a decent thing that I lurk so many channels... xD
<teward> no, but i occasionally poke them about whether other update servers're having issues, too, so yeah, stay tuned for updates, and use a different mirror in the interim
<grzywacz> Easier to notice some strange dependencies this way. ;)
<micahg> if anyone is interested in the haproxy trusty backport, it needs some quick testing for a security update: https://bugs.launchpad.net/trusty-backports/+bug/1473162
<rbasak> micahg: thank you for handling that. I don't really know haproxy so don't know how to test it, but hopefully the reporter will take care of that.
<rbasak> Looks like it has two reporters now.
<micahg> yep, if someone tests today, I'll upload, otherwise, I'll keep an eye out over the weekend
<teward> how do I change the max number of auth failures for openssh_server?  Because i fail my pw once it kicks me out
<tonyyarusso> teward: MaxAuthTries?  Default should be 6 though.
<teward> tonyyarusso: why'd it be kicking me out as "Too many authentication failures: 1 ..."
<teward> for every server i've recently set up and staged
<tonyyarusso> Do you have it set to 1?
<teward> (all 14.04)
<teward> tonyyarusso: i *shouldn't* since it was a default install from the ISO
<teward> so tasksel, select openssh-server, etc.
<teward> should be the stock config there
<teward> i discovered something weird in wily
<teward> at least, in a VM
<bladernr_> Hey, how do I file a bug against qemu-system-ppc?  I can't find it on LP and not sure if it's its own thing or spun from some other project
<bladernr_> and also nto sure even if that's something we host or what
<bladernr_> so may be a debian without LP bug tracking
<lordievader> bladernr_: You probably need its source package, qemu.
<teward> !info qemu-system-ppc
<ubottu> qemu-system-ppc (source: qemu): QEMU full system emulation binaries (ppc). In component main, is optional. Version 1:2.2+dfsg-5expubuntu9.2 (vivid), package size 2920 kB, installed size 21400 kB
<teward> bladernr_: the source package is qemu on LP - file against that, or use `ubuntu-bug qemu-system-ppc` maybe?
<teward> (or do it manually against qemu :P)
<ianorlin> bladernr_: if you don't have a gUI on the system you may want to use apport-cli
<bladernr_> teward: ianorlin thanks!
<amanji> Hey sorry for asking this here but I'm a noob at server networking and need a way to connect to a remote Postgres database from my local machine. I've already configured pg_hba.conf and postgres.conf on my server end. The problem is that the server only accepts connections on port 443 while postgres listens in on port 5432. How do I go about connecting the two?
<smoser> jrwren, https://code.launchpad.net/~evarlast/cloud-init/add-apt_sources-docs-to-rtd/+merge/264312
<smoser> fyi, you can do that like this too:
<smoser> http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/doc/examples/cloud-config.txt#L120
<sarnold> amanji: you can change the port that postgres listens to via config files ifyou need to http://www.postgresql.org/docs/9.1/static/runtime-config-connection.html
<amanji> I tried that, but the server has only specific ports open and so when I changed the port to those that the server can listen on it denies me permissions to restart the postgres service
<sarnold> amanji: hmm. is that becaus eyou've got a TLS webserver already running?
<sarnold> amanji: normally the error for that kind of thing isn't a "permission denied" but "can't bind socket"
<amanji> yeah theres already a webserver running
<sarnold> aha
<sarnold> amanji: why those specific ports? do you need to adjust firewall rules with your hosting provider to enable more?
<amanji> For work purposes we can only connect using those specific ports, I know its weird
<amanji> so if the webserver accepts connections on a specific port postgres cannot use the same one to create db connections?
<sarnold> right, you can only have one program listening on a specific (port, IP address)
<amanji> so why is it that ssh and https can use the same ports?
<sarnold> maybe, if one is bound to e.g. 127.0.0.1 and the other bound to e.g. 192.168.1.2.
<jrwren> smoser: oh!!! thanks!
<jrwren> smoser: I'll update that MR
#ubuntu-server 2015-07-11
<sarthor> Hi, HI, my Router IP is 192.168.100.1, Port 80 is redirected to some pc 192.168.100.101, where my webserver is running, now i have email server on other PC, and IP is 192.168.100.111 and have I have to access my mail server like "http://mysite.com/webmail" Now If the request of http://mysite.com/webmail is comming on port 80, so that will go to 192.168.100.101, How can I send this request to 192.168.100.111 while the request in coming on port
<sarthor>  80. both linux machines are running on ubuntu-server 14.04. HELP
<patdk-lap> you can't
<patdk-lap> if you *really* want to do that, consult your webserver software
<patdk-lap> or use haproxy instead
<sarthor> patdk-lap: what should I do with my webserver software, just an idea?
<bearface> reverse proxy?
<Polluticon> I want to be able to stream audio from my windows 7 pc to my Ubuntu server over wifi, Is this possible?
<sarnold> there's probably something like icecast for windows
<Polluticon> I was thinking pulseaudio because Icecast seamed to just stream certain files
<Polluticon> The problem is I'm having trouble figuring out how to use pulseaudio
<sarnold> I know pulseaudio's original purpose in life was network audio, I don't know if it is actually any good at that task now..
<Polluticon> could Icecast stream all of the audio from my pc you think?
<sarnold> I was hoping you'd find a "driver" for windows that would let you select it as a soundcard and have it send audio into icecast instead, but that's me being hopeful rather than helpful..
<sarnold> this looks promising https://github.com/DustyDrifter/AltaCast
<Polluticon> Is it any different from edcast?
<sarnold> a link I found for edcast lead here, https://code.google.com/p/edcast-reborn/
<sarnold> they look like they recommend using altacast instead
<Polluticon> I'm going to give that a shot. Thanks!
<Polluticon> sarnold?
<sarnold> hey Polluticon, any success?
<Polluticon> I got it all working kind of. The server works and I can stream over it but the sound is not playing from my ubuntu machine. Do i need a seperate client on there too?
<sarnold> Polluticon: I think amarok, rythmbox, mplayer, can all do icecast
<Polluticon> can any of those be used from just the command line?
<sarnold> mplayer
<Polluticon> perfect!
<Polluticon> Thanks for all the help
<sarnold> woo :)
<Polluticon> Unfortunately the stream is about 10 seconds behind. Is there anything I can do about that?
<sarnold> I suspect there's both server-side and client-side caching.. you may be able to turn both of those down
<sarnold> s/caching/buffering/
<sarnold> hmm, I odn't see anything promising in the mplayer manpage :/
<Polluticon> Yeah I think I'll just live with it. It's pretty much just for music anyway so it doesn;t matter too much
<sarnold> just so long as the easy volume and mute are on the linux system.. heh
<sarnold> if it is really music... you could export a share from your windows sytem, mount it on linux with smb or cifs, and use something like mpd. mplayer, etc., to play them directl on the linux system
<Polluticon> The server has a pre/power amp with volume controls connected to it. And I would do that but I use Spotify for music so I needed this to pick up it's sound without the physical files
<sarnold> there is (or was?) a native spotify client that I used a few years ago.. it was a gui application, though
<Polluticon> Yeah I actually set up a mopidy server on it as well as a client called ncmpcpp to control it through the command line
<sarnold> mopidy looks neat
<sarnold> is it? :)
<Polluticon> But the client was really limiting and I couldn't find a better one. I also wanted to be able to stream youtube or something else too
<Polluticon> mopidy is pretty cool. Really easy to setup
<Polluticon> ice cast is cool though because I can listen through in web browser on any device
<Polluticon> anyway thanks for all the help
<sparchitect_> Q: I'm trying to configure wordpress on my Ubuntu LAMP. My ISP blocks port 80 so I have been messing around with work-arounds and I believe the apache server is setup correctly and serves through port 8080 instead of 80. When I connect to the server from outside the local network(m.y.i.p:8080), it will show the default apache page as it should. However, when I proceed to view the wordpress installation (m.y.i.p:8080/blog), 
<sparchitect_> This, of course, causes wordpress to not show up since ISP is blocking port 80. QUESTION: How do I make wordpress stay on port 8080 and not automatically redirect the browser to the default port?
<histo> sparchitect_: configure your router to forward incoming requests on 8080 to port 80 on your server.  then just browse your external ip like normal
<sparchitect_> histo: hmmm, interesting, I thought I had already correctly forwarded the port. Let me check again
<sparchitect_> histo: This is what my forwarding looks like right now. Does this look right to you? I'm such a novice with all this networking stuff =P http://imgur.com/8KhAAfS
<histo> sparchitect_: what dns are you using?
<histo> sparchitect_: you need to configure a redirect so that whatever.com points to yourip:8080   now and you should be good
<histo> sparchitect_: also no point in forwarding port 80 > yourbox in your router config if you isp is blocking it the 8080 to yourbox:80 is sufficient
<sparchitect_> histo: well I've got a redirect setup through NameCheap, and I believe I'm on their dynamic dns. and navigating to mydomain.com is correctly redirecting me to mylocalip:8080
<histo> sparchitect_: then you should be good to go so wordpress should be at mydomain.com/blog
<sparchitect_> I feel like it has to do with wordpress configurations maybe, and thanks for pointing out the useless port forwards
<sparchitect_> hmm then maybe i need to mess around with my redirecting at namecheap then
<histo> sparchitect_: yeah make sure it's resolving properly, didn't know they provided that.
<histo> sparchitect_: https://community.namecheap.com/forums/viewtopic.php?t=3622
<sparchitect_> histo: Also, the only way I can test it (outside of local network) is on my LG smartphone with 3G data service. perhaps this isn't the best way to test this sort of thing
<histo> sparchitect_: you should be able to test inside the network by going to mydomain.com
<sparchitect_> histo: Oh, awesome, thank you so much for your help histo. You've definitely pointed me in the right direction!
<sparchitect_> histo: oh, intersting, then I suppose its working fine then and it is just a problem with my crappy cellular data network
<lordievader> Good morning.
<edgy> Hi, I set my apache to event mpm but with every apache update in my ubuntu server, it reverts back to prefork how can I fix this?
#ubuntu-server 2015-07-12
<cripperz> want to earn USD50 per week by just shortening links.. new technique ... cant be found online ... pm me if interested. Requirement u need to run an app for atleast 150hrs per week else be ban from server.
<patdk-lap> not surre I can work 150hours per week without sleep
<lordievader> Good morning.
<Bayoumi_dk> hi.. what is ubuntu cloud? online desktop? or just another server?
<bekks> Services running on remote servers.
<Bayoumi_dk> ok thx.. :)
<Bayoumi_dk> There are no webbased ubuntu os?
<bekks> Whats is a "webbased ubuntu os"?
<Bayoumi_dk> I thought that cloud is maybe a webbased Linux...
<bekks> What is a "webbased linux"?
<Bayoumi_dk> I'm just asking.. don't be an asshole
<bekks> Igf you cant handle explanation requests, better dont say anything, instead of getting personal.
<bekks> Setting you on ignore, for avoiding to read you any further.
<bekks> *If
<Bayoumi_dk> Nice admin
<Bayoumi_dk> There are lots of online operation system writing in php/pearl.. I thought that ubuntu cloud was is a new ubuntu online operation system..
<lordievader> I suppose it is more geared towards could vm services. Like amazons web stuff.
<wolflarson> what is an easy way to just add ips to a file and then ban them from my whole computer?
<wolflarson> fail2ban keeps banning the same ips every few hours (from china) and I just want to ban the whole range but I am not sure how
<lordievader> wolflarson: iptables, or better ipset.
<lordievader> Fail2ban has ipset support.
<AvatarA> if you want easy, google ufw
<wolflarson> boom that is really easy thanks AvatarA!
<wolflarson> lordievader, iptables scares me
<lordievader> Iptables is nothing to be scared about. It is rather lovely. Once you start getting into iptables you start to dislike ufw.
<wolflarson> i dont think i am smart enough to use it
<AvatarA> it's hard to learn when you don't really need the advanced stuff iptables has to offer
<AvatarA> but if you'll need to fine tune your settings it will become easy as you take it step by step and learn from practice
<lordievader> Anyone is able to learn iptables.
<bekks> Everyone :)
<wolflarson> so AvatarA will these settings save after reboot? or do I need to write these out to a file and add them to a config or something?
<wolflarson> dont want to lock myself out :)
<renebarbosa> w
<AvatarA> yes they're saved
<AvatarA> what are you trying to block? bruteforce attacks on ssh?
<wolflarson> well fail2ban seems to work for that OK
<wolflarson> its just that when i go in the fail2ban log I see the same ips over and over again
<wolflarson> may as well block them forever
<cryptodan> You can also use ufw which is an interface for iptables
<AvatarA> if you want to get rid of all that junk in the logs, change the listening port of ssh
<AvatarA> it's not security but at least you get rid of 99% of the noise
<Demon_Jester> Hey guys, I installed ubuntu server via usb, and my internal HDD was sdb while my flash drive was sda, and I had to install lilo grub on sdb (gnu grub was giving me problems) now when I boot the ain hdd it gives me ALERT! sdb6 cannot be found, I think this is because my main HDD is back to sda now. Is there way to change bootloader to search for sda instead of sdb?
<AvatarA> you have access to the grub boot menu when you boot?
<Demon_Jester> AvatarA no, I do not, it just goes into console, and my name is initarmfs
<TJ-> If "lilo" was used instead of "grub2" I'm not surprised :)
<AvatarA> hold shift before you boot into console
<Demon_Jester> TJ- I wish I could install grub but it just tells me it failed, and doesn't tell me why
<Demon_Jester> AvatarA ok I will give it a shot, what is suppose to happen? menu?
<AvatarA> aaa I misread, I thought you have grub
<Demon_Jester> AvatarA I held shift and brough boot menu, and all there is "Linux" do I select it or since I dont have grub holding shift is moot?
<AvatarA> anyway, you need to edit your boot entry from that boot menu and change to sda where necessary and then also edit your fstab
<AvatarA> after you boot
<AvatarA> well in grub you pressed "e" to edit the menu entry
<AvatarA> there must be a key for lilo as well but I don't know it, didn't use lilo that much
<Demon_Jester> AvatarA, what edit program can I use? vi/gedit/nano are not available. or would I have to use sed to modify files?
<AvatarA> type editor, tell me what happens
<AvatarA> sed is good for your particular case but be careful and have a looksie in your fstab before you run that command, see if everything else looks ok
<Demon_Jester> editor: not found and i used find and could not find fstab
<AvatarA> look in /etc/fstab
<AvatarA> btw you have a very weird install
<Demon_Jester> no fstab in /etc
<AvatarA> type mount
<Demon_Jester> I know I have weird install nothing can go smooth for me, trying to install ubuntu server on dell poweredge is a hassle.
<Demon_Jester> hold up
<AvatarA> and paste that to pastebin so I can see
<Demon_Jester> i cant paste it from another computer that has no internet access even when i bring up eth port.. it just shows me rootfs systf etc.. if i try to do mount /rootfs says cant find "etc/fstab" no such file or directory
<AvatarA> tell me what is "on /"
<Demon_Jester> im gonna load irc on my tablet so i am not going between each room brb avatar
<Demon_Jester> AvatarA ok i am back. did you asked what was on /?
<AvatarA> I want to know what is mounted as / (root)
<AvatarA> but I believe you're booted into initramfs now
<Demon_Jester> yeah i am.
<AvatarA> that would explain the lack of nano and such
<AvatarA> I'll tell you what should be done cuz how, is longer :)
<AvatarA> remount your /dev/sda1 (or whatever your system is installed) as /
<Demon_Jester> ext4 or anything?
<AvatarA> ext4 if that is how you created your partition
<Demon_Jester> kk
<AvatarA> and with defaults is good
<AvatarA> after you remount that, you should resume boot, not restart
<Demon_Jester> ok i mounted sda1 on / i didnt receive any error
<Demon_Jester> resume boot? just type boot?
<AvatarA> I am not sure exactly how that can be done in your case.
<AvatarA> if you type exit what happens?
<Demon_Jester> gives me same error on giving uup waiting and how it cant find dev/sdb6
<AvatarA> ok remount that sda1 and tell me if you can find /etc/fstab afterward
<Demon_Jester> no fstab im just gonna restart maybe i will get lucky
<AvatarA> nothing's changed so I don't believe so
<Demon_Jester> damn it
<AvatarA> how did you partition your drive?
<AvatarA> did you install on the first partition?
<Demon_Jester> yeah. its trying to find sdb that doesnt exist. idk how to change it to sda
<AvatarA> you're now in initramfs, something that runs in the RAM without using anything on your hard disk
<AvatarA> 2.you need to mount /dev/sda1 so you can access it
<AvatarA> 3. you need to edit /etc/fstab so you can edit it and replace with /sda1 where necessary
<AvatarA> 4. you need to edit your lilo config and do the same thing
<AvatarA> 5. reboot
<Demon_Jester> there is no lilo conf file. unfortunately.
<AvatarA> let's retry :)
<AvatarA> mkdir mylinux
<AvatarA> works?
<Demon_Jester> ok i mounted
<Demon_Jester> yes mkdir mylinux works
<AvatarA> umount /dev/sda1 cuz I don't know what/how you mounted there
<AvatarA> so umount /dev/sda1
<AvatarA> works?
<Demon_Jester> no errors.. let me see of my dir is stil in /
<dukestyx> hey, may be a hot topic, but is SSL v3 still considered insecure?
<AvatarA> mount /dev/sda1 /mylinux
<Demon_Jester> kk
<AvatarA> worked?
<Demon_Jester> yep
<AvatarA> ls /mylinux
<Demon_Jester> all i had to do was make different dir
<AvatarA> you get a bunch of directories and files?
<Demon_Jester> yep fstab is here lilo.conf
<AvatarA> ok, those you need to edit
<AvatarA> replace what was your usb, /dev/whatever it was with /dev/sda1 and then you can reboot
<Demon_Jester> it shows uuid which matches /dev/sda*
<AvatarA> where, in fstab?
<Demon_Jester> ya
<AvatarA> line that starts with UUID= ?
<Demon_Jester> ya
<AvatarA> ok
<AvatarA> now check lilo.conf
<AvatarA> if fstab uses UUIDs then nothing needs to be changed
<Demon_Jester> hmm
<AvatarA> UUIDs replace stuff like /dev/sda1 with that series of characthers you just saw
<Demon_Jester> can i scroll in console so im not viewing last bit of a file?
<AvatarA> so they stay unique and don't change even if you add or remove drives
<AvatarA> what command did you use to view?
<Demon_Jester> cat
<AvatarA> use "less"
<Demon_Jester> less not found
<AvatarA> what about "busybox less"?
<Demon_Jester> applet not found
<AvatarA> cat lilo.conf | more ?
<Demon_Jester> still nothing. screw it just gonna use sed replace all sdb with sda and hope for the best
<AvatarA> nope
<AvatarA> it's not sdb
<AvatarA> you should have had a number at the end
<AvatarA> sdb1 or sdb6 or something
<AvatarA> same with sda, use sda1
<Demon_Jester> i know sda1,2,5,6
<AvatarA> cuz sda1 is first partition,
<AvatarA> sda is your drive, as a whole
<AvatarA> if you replace everything with just sda you will likely screw everything even more
<AvatarA> cat lilo.conf | head
<AvatarA> ?
<Demon_Jester> i know i meant sda1 sda2 sda5 sda6
<patdk-lap> lilo?
<patdk-lap> I didn't think ubuntu ever used lilo
<Demon_Jester> this is useless it wont save my stuff anyways
<AvatarA> what do you mean it won't save it?
<AvatarA> it does save what you edit now
<Demon_Jester> if they didnt then i wouldnt have it installed. i would be trying to figure out why grub keeps failing at initial install.
<Demon_Jester> when i use sed it outputs the changes but wont save.
<Demon_Jester> o.. -i wasnt used
<AvatarA> how do you know it doesn't save, it says so?
<AvatarA> ok, worked now?
<Demon_Jester> i use cat lilo.conf and still shows sdb1 sdb6 etc..
<Demon_Jester> ya it did
<AvatarA> root=/dev/sdb1? or something like that?
<Demon_Jester> well it did but its root=/dev/sda1; similar, im rebooting in hopes it worked
<AvatarA> yeah root=/dev/sda1 seems about right
<Demon_Jester> hmm still booting.. nope same error
<AvatarA> it would be cool if you could somehow paste your lilo.conf :)
<AvatarA> what was the error again?
<AvatarA> anyway seems kinda f'd up that you're using /dev/sda1 here and UUIDs in fstab
<AvatarA> weird weird install
<Demon_Jester> ALERT! /dev/sdb6 cannot be found.. it tells me to check /proc/cmdline.. i tried to change it to sda6 using echo and said with no luck
<Demon_Jester> sed*
<AvatarA> no /proc doesn't matter here , that is not on your hard drive
<AvatarA> you sure your sed changed sdb6 to sda1 ?
<AndroUser> Hello
<AndroUser> Does this app work, anyone here?
<Demon_Jester> well i mean i switched sdb6 to sda6 if needed i can switch sda6 to sda1 in lilo.conf
<AvatarA> oh man... :D
<AvatarA> find a way to show me lilo.conf as it is now
<Demon_Jester> i cant even fully view it myself.
<AvatarA> maybe you can scroll after cat
<AvatarA> try Shift and Up Key
<AndroUser> Hey guys, would anyone be able to help me with this: http://askubuntu.com/q/647527/99155 I upgraded to 15.04 and my servers file system has become read only, really struggling to work out why/fix it :(
<AndroUser> @here I'm hoping its something simple, i literally just updated from 14.04 to 15.04
<AvatarA> AndroUser, /dev/vda1 on / type ext4 (rw,errors=remount-ro) seems vda is mounted as rw, read/write
<AvatarA> why do you say it's read only?
<AndroUser> AvatarA, i cannot make any changes at all
<Demon_Jester> Avatar shift + page up works
<AvatarA> ok, at the beginning
<AvatarA> boot=/dev ...
<AvatarA> what do you have there?
<AndroUser> I put the rw at the end, but it keeps saying there is something wrong with the UUID, so i changed it in fstab but it still doesnt work
<AndroUser> What do you mean?
<AvatarA> it was for Demon_Jester
<Demon_Jester> tells me to `lilo to make changes which i did lol im at a >_ line.. lol
<Demon_Jester> ok im back at the beginning
<AvatarA> that line starting with boot= told you lilo to make changes?
<AvatarA> AndroUser, how did you change UUID exactly?
<AndroUser> AvatarA, I have no idea what made it wrong in the first place, but i asked DigitalOcean to put in the recovery ISO, booted to that and edited /etc/fstab to what i though the correct UUID was, took out the ISO rebooted, and its still read only
<Demon_Jester> boot= is dev/sda should it be changed to sda1?
<AvatarA> no, that is correct
<Demon_Jester> root=/dev/sda1 actually
<AvatarA> after some lines that say image=/boot/vmlinuz .. ?
<AndroUser> AndroUser, see the fstab output at the bottom, the #commented line is what it was previously, before i changed it: http://askubuntu.com/q/647527/99155
<AndroUser> Oops i mean AvatarA
<AvatarA> well it should match blkid of vda1
<Demon_Jester> avatarA insee image=/vmlinuz with options underneath like label=linux read-only etc..
<AvatarA> it sucks that I can't see the whole file but if you type lilo
<AvatarA> does it say that it is applying changes or something like that?
<Demon_Jester> no saus /bin/sh lilo not found
<AndroUser> AvatarA is it the UUID starting 18 or 8c?
<Demon_Jester> says*
<AvatarA> aa yes
<AvatarA> so go to /mylinux/sbin/lilo
<AvatarA> run that
<AndroUser> AvatarA, labeled DOROOT or primary
<Demon_Jester> how do i run it? i already tried `lilo` no luck
<AvatarA> it should be the first one AndroUser I don't know what the second is
<Demon_Jester> ok i did the whole director `/mylinux/sbin/lilo` and got a error "Fatal: chroot /dev/sdb6: no such file orndirectory"
<micahg> does anyone have a test  neutron-lbaas-agent setup that they could quickly test a new haproxy with on trusty?
<AvatarA> hey Demon_Jester if you try "chroot /mylinux" what happens?
<Demon_Jester> goes to root@none gave me some errors about something.
<Lew> AvatarA hey sorry got disconnected
<Lew> Its AndroUser
<Lew> (On my phone)
<Lew> Which one should the UUID be?
<AvatarA> I said it seems to be first, I don't know what the second is
<Lew> Ok so the DOROOT
<Demon_Jester> avatar what should i do now?
<AvatarA> I was thinking about a chroot so you can uninstall lilo and just install grub but that requires a lot of steps too
<Demon_Jester> i can use vi and stuff no
<Demon_Jester> now
<Demon_Jester> woot
<AvatarA> yeah but I don't know if it's a complete chroot
<AvatarA> proc should have been mounted too, sys and dev
<AvatarA> anyways
<Demon_Jester> proc kind of is. nothing in directory
<AvatarA> now you can less lilo.conf
<Demon_Jester> i was able to view it completely using shift + page up,down earlier
<AvatarA> and see if you have any sdb6 there or whatever that error told you
<Demon_Jester> no sdb6 in lilo.conf which is throwing me off.
<AvatarA> and sda1 where it should be?
<Demon_Jester> its on root/dev/sda1
<Demon_Jester> root=/dev/sda1*
<AvatarA> well cuz that is just a config file and changes have not been written to boot loader
<AvatarA> so try lilo now
<Demon_Jester> same error
<AvatarA> what error?
<Demon_Jester> fatal: chroot /dev/sdb6: no such file or directory
<AvatarA> hmm, I don't know where it gets that sdb6 from if you say it isn't present in lilo.conf
<Demon_Jester> i tried looking at /boot/map since that was a directory but no luck there
<AvatarA> lilo -b /dev/sda
<AvatarA> same error?
<Demon_Jester> AvatarA sorry i was at the server. umm i had my flash drive in so i removed it and rebooted. and i used df and showed my main hdd as sdb1 so idk whats going on. lol
<AvatarA> so now your drive is sdb1
<AvatarA> so what is sda1?
<Demon_Jester> oh for fuck sakes vi wont edit my fikes it jist inserts letter doesn't delete. no i have to fucking figure why that is not fucking working.
<lordievader> Demon_Jester: Please watch your language.
<lordievader> You could use vim instead of vi, it is much more user friendly.
<Demon_Jester> vim is not on here
<lordievader> Install it, takes just a second. Or use nano, ofcourse.
<Demon_Jester> now when i use lilo i get "fatal: raid_setup: stat("/dev/sdb")"
<Demon_Jester> i cant eth0 is not working no internet connection.
<lordievader> "Is not working" any more details?
<Demon_Jester> i bring it up. doesnt get ip address assigned. i already used sed to modify what i need.
<lordievader> Dhcp or static?
<Demon_Jester> dhcp.
<lordievader> "sudo dhclient eth0" doesn't get you an address?
<AvatarA> still in initramfs now?
<Demon_Jester> no i have to make directory when i restart
<AvatarA> so still at the initramfs stage
<Demon_Jester> still getting sdb error idk why in ls /dev it doesnt list any sda* or sdb* i have checked lilo.conf repeatedly to see if there is /dev/sdb6 and nothing.
<TJ-> initrd is a static file-system, and if udev doesn't run then no dynamic discovery of devices will occur
<lordievader> Ain't it a good idea to configure lilo with UUID's instead of sdXY stuff?
<TJ-> Surely it'd be quicker to reinstall using GRUB and get guidance during the install to ensure the boot-loader is correctly installed? Maintaining a Lilo boot-loader is going to be nightmare; I'm not sure the update scripts take account of it any more
<AvatarA> I was thinking he could chroot and then remove lilo and then install grub2
<Demon_Jester> i cant install grub it failed durimg installation didnt say why didnt tell me what logs to look at. lilo was my other option.
<lordievader> Is lilo even supported by Ubuntu?
<lordievader> !lilo
<ubottu> lilo is an alternative [Li]nux Boot[Lo]ader. Note: it is recommended that you use GRUB on Ubuntu instead.
<lordievader> Hmm, that is informative -.-
<AvatarA> how is your drive partitioned?
<Demon_Jester> sda1 is ext4 sda5 is swap sda6 is ext4 idk if that is what u meant.
<AvatarA> so you have a system partition, first, then some swap space and then the last is for your /home , personal files?
<TJ-> Boot with a Live ISO in "Try ..." mode (giving full network and tools access), create a chroot into the installed system, replace lilo with grub2, get it configured correctly under guidance, and reboot
<Demon_Jester> TJ- i cant try ubuntu-server..
<lordievader> Demon_Jester: Get an ubuntu image or some other desktop flavor.
<AvatarA> if he can mount his root partition can't he also chroot into it?
<TJ-> AvatarA: if 'chroot' is available
<AvatarA> Demon_Jester, want to give it a go?
<TJ-> Demon_Jester: my feeling is you've already suffered 3 hours trying to make progress; in that time a Live ISO boot + chroot would have fixed this... and there's no guarantee continuing with Lilo is going to be sustainable for upgrades - and there are very few people now with expertise and experience with Lilo
<Demon_Jester> if grub could not be installed at initial installation, how will it work now?
<TJ-> There's a lot of expertise on grub problems; that is a solvable issue
<lordievader> Running grub-install in a terminal usually gives an error that is quite google-able.
<Demon_Jester> well ok i will give it a shot.
<TJ-> I'm currently doing a remote in-place replacement; the server is 12.04, I've created a 14.04 debootstrap install in a separate VG and am configuring that to take over from 12.04, using a chroot. I can be 100% sure that'll boot restarting the server. When you've got access to the network and full tool-set it makes fixing things so much easier
<lordievader> TJ-: That is allways a nice way of doing a reinstall :)
<lordievader> Why a separete VG though?
<TJ-> lordievader: It's been through 2 release-upgrades previously; I want a clean slate this time
<lordievader> I usually take a new lv in the same vg naming it something root-new-lv. When I'm done and it's tested I'll swap them around.
<TJ-> lordievader: Current environment Xen block devices,  1 per file-system. I want the flexibility of LVM
 * lordievader has no experience with Xen.
<TJ-> lordievader: This server started out with 8.04 I think it was
<lordievader> Old server then ;)
<TJ-> No, 6.04!
<TJ-> 6.06 even, Dapper
<lordievader> Hehe even more ancient :P
<lordievader> I hope not on the same hardware as then?
<TJ-> yeah... and the amount of legacy crud means I'm reluctant to remove older components in case it breaks something
<lordievader> Wow, what specs?
<TJ-> It's virtualised, on Xen, and I'm porting it to KVM as well as moving it to 14.04
<Demon_Jester> ok im burning ubuntu to usb. should be done shortly
<TJ-> Intel Xeon E5-2680
<lordievader> Ah, ain't to bad. My personal server is weaker ;)
<TJ-> The thing I like about a chroot replace/upgrade is you can move one service at a time (DNS, SSH, HTTP, SMTP, IMAP, etc.) over to the new install and ensure it is stable rather than moving everything and then scrambling to deal with upgrade issues, especially with the custom configs such systems usually have
<TJ-> Demon_Jester: just to be sure; the Live ISO you're writing is the same architecture as the installed system (amd64, or i386) ?
<Demon_Jester> amd64 they both are
<TJ-> Demon_Jester: good :)
<Demon_Jester> ok im in and have terminal, do i just google how to install grub?
<TJ-> Demon_Jester: No, we'll take you through it
<TJ-> Demon_Jester: You'll need root for most of this so to make things easier start off with "sudo -i"
<TJ-> Demon_Jester: , next, install the pastebinit package so you can easily share output with us: "apt-get install pastebinit"
<lordievader> I was more talking about the error. But replacing google with this chat works too ;)
<Demon_Jester> well i mean i also googled but he, pastebinit is installed
<Demon_Jester> eh*
<TJ-> Demon_Jester: "mkdir /target"
<TJ-> Demon_Jester: "pastebinit <( lsblk -f )"
<Demon_Jester> ok its said failed to comtact the server
<lordievader> Demon_Jester: Do you have an internet connection?
<TJ-> Demon_Jester: Yeah, just out luck that ubuntu pastebin is having problems this past few minutes... it seems to come and go. Try again
<Demon_Jester> lirdieavor, yes; TJ-, ok
<Demon_Jester> http://paste.ubuntu.com/11869385/
<TJ-> lordievader: I've been having problems accessing paste.ubuntu.com I think there's a routing issue
<lordievader> Hmm, I see.
<TJ-> Demon_Jester: thanks, so we're dealing with /dev/sda. Now show us "pastebinit <( blkid )"
<Demon_Jester> http://paste.ubuntu.com/11869402/
<TJ-> Demon_Jester: OK, and now "pastebinit <(cat /proc/partitions )"
<TJ-> Demon_Jester: this gives us all the background info we need to be confident we understand the disk layout
<Demon_Jester> http://paste.ubuntu.com/11869411
<Demon_Jester> kk
<TJ-> Demon_Jester: So sda is a 500GB disk?
<Demon_Jester> no its 1tb i partitioned it down to 500 for idk why tbh.
<TJ-> Demon_Jester: OK... "pastebinit <( fdisk -l /dev/sda )"
<TJ-> Demon_Jester: if fdisk not-found, then "apt-get install util-linux"
<Demon_Jester> http://paste.ubuntu.com/11869448/
<Demon_Jester> sorry for the delay
<TJ-> Demon_Jester: that's a weird layout!
<TJ-> Demon_Jester: from your earlier adventures with the mention of /dev/sdb6, I'm guessing that /sda6 is the root file-system; is that correct?
<TJ-> Demon_Jester: On that basis "mount /dev/sda6 /target" should allow us to confirm  that?
<Demon_Jester> i believe so, i hate this kind of stuff tbh
<TJ-> Demon_Jester: "ls /target/" shold show something similar to "bin  boot  dev  etc  home  lib  lost+found  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var"
<Demon_Jester> its blank, am i suppose to mount something there
<TJ-> Demon_Jester: >>>> On that basis "mount /dev/sda6 /target" should allow us to confirm  that
<Demon_Jester> ya it shows what u listed.
<TJ-> Demon_Jester: great! let's prepare it for chroot then. "for n in proc sys dev dev/pts run etc/resolv.conf; do mount --bind /$n /target/$n; done"
<Demon_Jester> i receive an error /target/etc/resolv.conf does not exist
<TJ-> Demon_Jester: OK, let's create something for it then. "touch /target/etc/resolv.conf"  .... after that do "mount --bind /etc/resolv.conf /target/etc/resolv.conf"
<TJ-> Demon_Jester: that bind is allowing the chroot to use the host's DNS resolver so that normal IP networking is available inside the chroot
<Demon_Jester> ok done.
<TJ-> Demon_Jester: Right, time to enter the chroot: "chroot /target"
<Demon_Jester> ok done.
<Demon_Jester> does chroot just make that directory temp root directory?
<TJ-> Demon_Jester: That and it intercepts some system libraries to fool tools into believing that too
<TJ-> Demon_Jester: Now lets find out what the installed bootloader packages are: "pastebinit <( dpkg -l *lilo* grub* )"
<Demon_Jester> http:/paste.ubuntu.com/11869585/
<Demon_Jester> crap
<Demon_Jester> should still be able to see it.
<TJ-> OK, so just "lilo" currently. Let's remove that and then install grub2. "apt-get purge lilo"
<Demon_Jester> ok purged
<Demon_Jester> apt-get install grub2?
<TJ-> Demon_Jester: "apt-get install grub-pc"
<TJ-> At some point, if I recall correctly, you'll get asked where to install grub. That will be "/dev/sda"
<Demon_Jester> ok i selected sda
<TJ-> You should also see it generate the grub.cfg file, where it lists all the kernels it found installed
<Demon_Jester> took me a second to realize space selects it.
<TJ-> I guess it was running the text-console ncurses pseudo-windowing interface. That can be confusing :)
<Lurchy> if I was setting up a home system as a server...how can I set it up to wake on LAN?  is that a bios setting exclusively?  or do I need to set it also in ubuntu?  can anyone enlighten me?
<Demon_Jester> i dont see grub.cfg in /target
<TJ-> Demon_Jester: "ls -l /boot/grub/"
<Demon_Jester> ok perfect
<TJ-> Demon_Jester: I'm going to take you through that process manually just so you know how to do it yourself, and what good output looks like too
<TJ-> Demon_Jester: "grub-install /dev/sda"
<Demon_Jester> wdf its installing for i386..
<TJ-> Demon_Jester: don't panic :)
<Demon_Jester> finished. no errors
<TJ-> Demon_Jester: GRUB runs in 32-bit mode... hands over to an operating system, which then switches into 64-bit long mode if its the AMD64 install
<Demon_Jester> oh i see
<TJ-> Demon_Jester: OK, now to generate GRUB's /boot/grub/grub.cfg (which is done every time a new kernel is installed/old kernel removed) do "update-grub"
<Demon_Jester> ok done.
<patdk-lap> lurchy, both, depends on what level of *sleep* your in
<patdk-lap> if you mean, full poweroff, that is bios only
<TJ-> you should see it list the kernel versions as it does that... each of those versions will be added to grub.cfg, with a 'regular' boot entry and a "Recovery" entry accessible from GRUB's "Advanced" sub-menu at boot-time, if you hold Shift as the system is booting.
<Demon_Jester> oh. i see. ok.
<TJ-> Demon_Jester: I'm reasonably confident that is fixed, but I want to check before I say "reboot", OK?
<Demon_Jester> ok
<Lurchy> hmmm...sleep mode in ubuntu?  can you explain the difference?
<Lurchy> ahh
<patdk-lap> consult your cpu manual
<TJ-> Demon_Jester: "pastebinit <( dd if=/dev/sda bs=512 count=1 |  hexdump -C)"
<Lurchy> I understand....I read it already
<patdk-lap> I think there are normally 5 levels, where 5 == full poweroff
<TJ-> Lurchy: If the motherboard is being supplied with 5V Stand-by, and the firmware has enabled WoL, and you've not disabled it with ethtool/miitool, then it should wake when sent a magic packet by tools like etherwake
<patdk-lap> the only one the bios controls for wol
<Demon_Jester> TJ- hexdump command not found
<Lurchy> I am reading some stuff on my netgear POE router...it is saying "magic packet"....then I guess it would boot to ubuntu
<TJ-> Demon_Jester: bah! keep forgetting its the Live ISO: "apt-get install bsdmainutils"
<TJ-> Demon_Jester: , then re-run the pastebin ... hexdump command please
<Demon_Jester> http://paste.ubuntu.com/11869647/
<TJ-> Demon_Jester: Hmmm! I don't like that I can see LILO as well as GRUB there. Give me a moment to check on that
<TJ-> Demon_Jester: OK, we can ignore that. The import part is the first 3 bytes which do a jmp 0x90 (eb 63 90) where the GRUB boot-strap code starts
<Demon_Jester> ok. what do you want me to do from here? reboot?
<TJ-> Demon_Jester: just to be double sure I want to see the first few sectors where GRUB installs its core.img: "pastebinit <( dd if=/dev/sda bs=512 count=4 skip=1 | hexdump -C )"
<Demon_Jester> http//:paste.ubunti.com/11869668/
<Demon_Jester> damn it.
<Demon_Jester> paste.ubuntu.com/11869668/
<TJ-> Demon_Jester: FYI: A BIOS boot reads sector 0 of the disk into memory and then the CPU executes it. The boot-strap code then loads more sectors which are GRUB's core.img, usually from sector 1 through about 1024 (these sectors are generally unused space at the start of the disk). core.img contains the proper boot-loader code, which then finds /boot/grub/, loads grub.cfg and executes its instructions to show menu, boot the default entry, or whatever
<TJ-> Demon_Jester: That looks perfect; exactly the same as my system
<Demon_Jester> oh i see. im still confused but stuff looks interesting.
<TJ-> Demon_Jester: OK, "exit" to get out of the chroot, then use the Live ISO's normal reboot option to shutdown and reboot cleanly... remove the USB once the reboot begins of course
<TJ-> Demon_Jester: one thing I forgot to check, was that the target's "/etc/fstab" is correct, but if you haven't touched that the installer will have written that correctly originally
<Demon_Jester> hmm ok grub loaded and my screen when inactive
<TJ-> black screen?
<Demon_Jester> ya
<TJ-> That is a relatively common issue with some GPUs/driver combinations
<TJ-> Did the system load the OS before the screen went black?
<TJ-> Usually you can see GRUB write "Loading Linux..."     "Loading initrd..." at top of screen before the Os takes over
<Demon_Jester> screen goes blank before loading OS
<TJ-> Sounds like it may be switching to graphics mode. Try Ctrl+Alt+Del to reboot, hold Shift down, when you see the GRUB menu choose the "Advanced" menu, then select the first "Recovery ..." option
<Demon_Jester> no advance menu comes up
<Demon_Jester> nvm i went to advance options
<Demon_Jester> ok it took me to root@myserver
<TJ-> When GRUB starts it checks to see if the Shift key is being held down. If so, it doesn't boot the default operating system entry, it shows its menu. Usually the top entry is "ubuntu" and represents the normal boot with the latest kernel; beneath that is "Advanced" which is a sub-menu when selected shows all the installed OSes, each with its normal boot and an alternative "Recovery" option for when there are problems
<Demon_Jester> ah ok.
<Demon_Jester> appears im in a shell environment
<TJ-> OK, that's good. If the black-screen was caused by the usual GPU issue we add the setting "nomodeset" to the kernel command-line.
<Demon_Jester> ok
<TJ-> Did you see a menu with several options including "root shell" before getting to the root prompt?
<Demon_Jester> no just linux and linux with gibberish recovery
<Demon_Jester> gibberish words i mean.
<TJ-> OK... if the usual Recovery environment is installed it shows a pretty screen to do common tasks from
<TJ-> First we need to ensure the root file-system is mounted with read/write permissions so you can make changes
<TJ-> "cat /proc/mounts | grep ' / '  "
<TJ-> you should see something like "/dev/sda6 / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0"
<TJ-> What is important is whether you see the "rw" option or not. If you see "ro" its mounted read-only and we need to change that
<Demon_Jester> yep its ro not rw
<Demon_Jester> wait.
<TJ-> Demon_Jester: OK: "mount -o remount,rw  /"
<Demon_Jester> umm i was looking at the uuid is it rootfs im suppose to be looking at or /dev/disk/by-uuid/?
<TJ-> The output of /proc/mounts is <device> <mountpoint> <options>  ... you should be looking for "/" in the mountpoint column
<Demon_Jester> im guessing rootfs / rootfs rw 0 0 is probably it
<Demon_Jester> and it is rw
<TJ-> That's good, we can change files
<TJ-> OK, I'm hoping you have a simple text editor installed, the default is usually nano - are you familiar with it?
<Demon_Jester> yes. to be clear I do have experience with ubuntu (not really really tech with it) along with openwrt, and arch linux.. arch wasnt as hard to install as people claim
<Demon_Jester> anyways im ready.
<TJ-> OK ... assuming it's nano: "nano /etc/default/grub"
<TJ-> look for the line that has "GRUB_CMDLINE_LINUX="
<Demon_Jester> found it
<TJ-> keeping whatever may be assigned to it already, add in "nomodeset" so its something like GRUB_CMDLINE_LINUX="nomodeset"
<Demon_Jester> it was blank.
<TJ-> if there are other settings there, ensure you separate from them using a space
<Demon_Jester> so nothing else
<TJ-> OK, simple then... save it and get back to the shell (Ctrl+X) I think?
<TJ-> Now we regenerate grub.cfg - that new setting will be added to the kernel command-line for every entry in the file: "update-grub"
<Demon_Jester> yep. i ran the update on grub
<TJ-> Demon_Jester: in theory - if the black screen was caused by the GPU issue - the screen should remain active during boot now
<TJ-> "reboot" should do it
<Demon_Jester> lets hope *crosses fingers*
<Demon_Jester> still black screen.. if i go into recovery and install openssh will i be fine to ssh in?
<TJ-> Yes
<Demon_Jester> ok cool i will do thay
<Demon_Jester> thay
<TJ-> I assume you already configured the network side
<Demon_Jester> that
<Demon_Jester> yes.
<TJ-> Weird you're getting a black screen still; does the system have multiple GPUs, or multiple heads connected? I've seen that happen when a single monitor was connected to the secondary head ... everything is cloned to both heads until the OS starts, then it goes dark as the OS only uses the primary head
#ubuntu-server 2016-07-11
<LaserAllan> JanC: you still here?
<frickler> jamespage: coreycb: neutron-8.1.2 fails to rebuild for me because it misses https://review.openstack.org/321791, and nova-13* seems to have an issue with paramiko, also getting nova-13.1.0 would be nice
<frickler> jamespage: on a related note, do you know why ceph and keystone are still stuck in the xenial queue?
<lordievader> Good morning.
<cpaelzer> rbasak: I saw you already answering mails this morning, would you have the time to make pacemaker available for the merge process via the importer?
<cpaelzer> rbasak: I sent a mail to the list already earlier this morning if you want to reply for tracking
<cpaelzer> not urgent thou, just one of the two next things on my list - so I thought it is worth a ping ahead of time
<cpaelzer> and the list is to the horizon and back anyway :-)
<rbasak> cpaelzer: OK, I started the import of pacemaker. It may take a while.
<jamespage> cpaelzer, hey - revisiting the work I started on ovs 2.6 today - had some test failures first time round...
<jamespage> frickler, poking on the ceph sru - not sure why that's blocking - we've had a standing mre exception with the sru team for the last 4 years, they normally go through pretty quick
<jamespage> I'll let coreycb answer the other two - or ddellav might know as well
<jamespage> cpaelzer, hmm suspect I'm going to need a dpdk 16.04 build
<jamespage> http://paste.ubuntu.com/19068274/
<cpaelzer> jamespage: great to hear
<cpaelzer> jamespage: I'm already on DPDK 16.07 and I see the matching OVS patches in the OVS entry queue
<cpaelzer> jamespage: I doubt it, but let me know if I can help
<jamespage> cpaelzer, I'll try with your 16.04 and 16.07 ppa's
 * cpaelzer hands a virtual thank-you-beer to jamespage
<jamespage> thank me when I have it done :-)
<cpaelzer> you can collect those and turn them to real when we met next time
<cpaelzer> rbasak: that is why I asked in advance - thanks for starting it
<frickler> jamespage: coreycb: we would also very much like to get an update to keystonemiddleware-4.4.1 incorporating the fix for https://bugs.launchpad.net/keystonemiddleware/+bug/1533724, this crashed one of our deployments over the weekend
<ubottu> Launchpad bug 1533724 in keystonemiddleware "keystone-signing folders fill /tmp and seriously slow down reboots" [Medium,Fix released]
<jamespage> tyhicks, hey - quick question - I'd like to try to put one of the remote console access stacks into main this cycle for openstack
<jamespage> tyhicks, it will require some MIR's but I wanted to see if you had a preference  - there are some choices
<jamespage> tyhicks, I think the choice is novnc or spice
<jamespage> spice is already in main, but the html shim is not yet
<valluttaja> anyone familiar with mod_wsgi?
<jamespage> ish
<coreycb> frickler, hi, we've got nova 13.1.0 in progress.  what was the issue with paramiko?
<coreycb> frickler, ddellav is testing keystone in xenial-proposed, he may have an update
<coreycb> frickler, we'll get keystonemiddleware 4.4.1 into the SRU queue soon
<ddellav> coreycb frickler i had tested that awhile ago and it passed but im running them again now just to be safe. I'll keep you updated on the outcome.
<coreycb> ddellav, alright let's try to get those bugs marked verification-done today
<ddellav> coreycb lp:1592865?
<coreycb> ddellav, yes
<coreycb> frickler, btw neutron 8.1.2 builds ok for me without that patch
<le_pig> hmm
<frickler> coreycb: looks like I had cluttered my build node by doing some devstack runs, which pip-installed newer libraries that got used during the build tests and made them fail. I'm rerunning the build now on a fresh node
<v1s> I running ubuntu 16.04 server I have a usb2eth adapter connected to wan and then I have the built in eth and wifi for local network. I am using hostapd / bridge-utils / dnsmasq. The wan is working fine but only one system connecting to the wifi is pingable and I see other sytems in the dhcp client list but cant reach any of them any ideas ? can post any conf to check
<cpaelzer> v1s: so your wireless and your builtin net are connected to the same network ip/netmask range?
<v1s> @cpaelzer: yes they are bridged using ip 10.20.30.1/24
<tyhicks> jamespage: hi - I'm not familiar enough with either project to have a preference
<tyhicks> jamespage: considering that spice is already in main, that might be the route that results in the least amount of code going from universe to main
<jamespage> tyhicks, that was my thinking as well
<tyhicks> sarnold: once you start your day, can you chime on whether you have any preference here? ^
<mdeslaur> tyhicks, jamespage: please make it spice, it's a better choice and supports(will support?) 3d acceleration
<jamespage> sounds like we are all in agreement :-)
<tyhicks> sounds good
<frickler> coreycb: o.k., all builds did run fine now, sorry for the confusion.
<frickler> can I download packages for stuff in the SRU queue somewhere or would I have to build them myself?
<coreycb> frickler, ok good, no problem
<coreycb> frickler, you could get them from here, for core packages at least: https://code.launchpad.net/~ubuntu-server-dev/+git
<coreycb> frickler, it would probably make more sense for us to just poke the sru team to get things moving a long
<coreycb> ddellav, mind poking the sru team for a review of keystone 9.0.2?  that's still in the review queue.
<frickler> coreycb: ddellav: also python-keystoneauth1-2.4.1 pls, assuming jamespage has already done enough poking for ceph ;)
<coreycb> ddellav, frickler: I just asked infinity for a review of those in #ubuntu-devel
<coreycb> ddellav, jamespage: for the mitaka keystonemiddleware point release I did it in an ubuntu/mitaka branch on alioth.  that seems to make more sense to do for a dependency that we share with debian, rather than just working from the archive without a repo.
<coreycb> http://anonscm.debian.org/cgit/openstack/python-keystonemiddleware.git/?h=ubuntu/mitaka
<coreycb> frickler, a few of the packages we discussed earlier are in the xenial review queue now: https://launchpad.net/ubuntu/xenial/+queue?queue_state=1&queue_text=
<codepython777>  If I set a variable in /etc/profile  - does it drop down to my bash shell always?
<tarpman> codepython777: the "Invocation" section in the bash(1) man page talks about the conditions under which bash runs specific startup files
<codepython777> tarpman: it worked it seems, thanks
<coreycb> ddellav, jamespage: I see trove has b2 out for newton so I'm going to do that now and keep track of what's done in our spreadsheet
<ddellav> coreycb ok sounds good
<kwoot> Anybody awake for some br0 troubles?
<kwoot> please?
<Sling> maybe ask a real question instead
<kwoot> Good idea! So, I switched disks on a system to upgrade the hardware. of course this also means 2 new mac addresses on a dual homed system. On it runs a small kvm host (webserver) that services several small sites). Thing is, everything seems to work, but networking from the kvm host does not. It should run over br1, and br1 is bridged_ports to eth4 (system renames them from eth0 and eth1 to eth3 and eth4).
<kwoot> I have no clue why it is failing at this time.
<kwoot> The internal network kan connect through the dual homed system as usual, the system can ping to everybody (including the kvm host), but the kvm host can not ping to anybody. Local time is almost 23:00 so I could be missing the obvious here.
<kwoot> correction: kvm host can ping himself and the ip of the br1 interface, but not the gateway/modem
<kwoot> reboot. no joy
<coreycb> jamespage, ddellav: CI should be mostly blue after the next round of builds go through.  I didn't update nova-lxd, the snapshot tar is 13.0.0, but 13.0.0 was already released so I wasn't sure what was up with that.
#ubuntu-server 2016-07-12
<v1s> I am trying to share connection with users on eth and wifi for some reason seems ip's are getting assigned but seems only one of the systems connected is actually able to connect and even able to get ping'd and its kind random depending when rebooted. Any ideas?
<v1s> using ubuntu 16.04 server hostapd,dnsmasq
<sarnold> v1s: are you doing standard NAT things? maybe pastebin your iptables ocmmands, that might help someone spot the issue
<v1s> sarnold: here is my iptable rules http://pastebin.com/R8a8Vnce
<v1s> my /etc/network/interface file: http://pastebin.com/S9evC2eD
<patdk-lap> that is one very interesting ruleset for iptables
<v1s> but is it bad?
<patdk-lap> as far as, very loose and insecure? sure
<v1s> hostapd conf: http://pastebin.com/zVuUFuQ9
<v1s> dnsmasq conf: http://pastebin.com/nB8cYBcP
<v1s> the problem is seems only one system is reachable on the network
<v1s> security is a later concern
<jamespage> coreycb, awesome!
<frickler> coreycb: thanks for the update, lets hope that this gets accepted faster than the other stuff that is pending for almost a month now
<frickler> coreycb: do you use gbp-pq to manage your patch sets? I'm assume not, because I'm getting something like http://paste.ubuntu.com/19160062/ if I do an import/export. it would be very helpful if you could get that cleaned up some day. (note: I've only just started to use gbp, so maybe I'm doing something wrong here)
<cpaelzer> frickler: Hi I'm as new to gbp as you, but isn't gbp pq only needed if you need/want per-release-branch patch queues - maybe that isn't needed (yet)
<cpaelzer> well, whatever the reasoning was it is for coreycb to clarify
<rbasak> Sounds like the quilt patches just need dep3 headers.
<cpaelzer> http://dep.debian.net/deps/dep3/
<codepython777> dpkg --set-selections - hangs - how do i fix this?
<cpaelzer> codepython777: on what does it hang?
<cpaelzer> codepython777: ps axlf on column wchan
<cpaelzer> codepython777: or /proc/<pid>/wchan
<cpaelzer> rbasak: another bug for me please? (if not I'll try to pick one that wears the right tags)
<cpaelzer> codepython777: also it is waiting for stdin, you are feeding a file to it right?
<rbasak> cpaelzer: fancy preparing some MySQL SRUs for me? I was going to do those next, but I'd appreciate someone else reviewing the patches, and I can do some sponsorship/triaging/assignments instead perhaps?
<cpaelzer> rbasak: I can try to review whatever you point me to
<rbasak> OK, let me find them.
 * cpaelzer lacks a review experience, but that means room to grow
<rbasak> cpaelzer: there are four patches that I think are in Yakkety but need SRUing to Xenial:
<rbasak> http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=f12dd3fb5387113585a981e2b8d234e81c6a630d
<rbasak> http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=5d0dc4726f4a7b395c165907765f841547519ce9
<rbasak> http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=86c9a9052500551d94ed71318e785c5b23b2ff2c
<rbasak> http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=7897042ea6c65aeb608fb28b4b54639d3dbf3352
<rbasak> cpaelzer: finally, https://github.com/ltangvald/mysql-5.7/commit/fa6ea034692 also needs pushing to Debian, adding to Yakkety and SRUing to Xenial, together with the latest MySQL point release (.13 IIRC). pitti already reviewed this one, and had one suggestion (match against start of line or word boundary), so no need for you to look at it, I'm just including for completeness.
<rbasak> cpaelzer: some of these fixes are essential for Xenial but also invasive, so I'm being quite cautious, which is why I haven't got round to them yet. So I'd appreciate an additional pair of eyes.
<rbasak> cpaelzer: as well as any of your thoughts towards testing
<cpaelzer> rbasak: so the task for now would be to backport, prep a debdiff and all needed for an SRU (test descriptions, reasoning) for Xenial of mysql
<cpaelzer> rbasak: and then testing around which could be done by any of us, best by both :-)
<rbasak> cpaelzer: that's the full task, yes. I don't necessarily intend to hand all of it to you, but at the same time I'm fed up of MySQL having been working on it in Debian so much for a couple of weeks :-/
<cpaelzer> rbasak: I'll just start and at the end of the day we can check status and pass along among us
<rbasak> cpaelzer: I'm keen to get the SRU done before the 16.04.1 point release. It would be nice to make the ISO image, but my main reason is timing, as more people will mass upgrade to Xenial. So I'm already a bit behind.
<rbasak> cpaelzer: thank you :)
<rbasak> cpaelzer: I'm hoping to do one mega-SRU which includes these five patches and the latest upstream microrelease.
<coreycb> jamespage, can you add manila to the daily ci for liberty?
<coreycb> ddellav, you'll want to get the packages you're testing promoted to liberty-proposed before you test them: http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/liberty_versions.html
<ddellav> jamespage beisner can one of you guys promote python-glance-store 0.9.2 to liberty-proposed from staging please?
<cpaelzer> rbasak: I'd like to mark bug 1584234 as dup to bug 1571865 (just as bug 1567884 already is) and then state the master one fixed by SRUing http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=7897042ea6c65aeb608fb28b4b54639d3dbf3352
<ubottu> bug 1584234 in mysql-5.7 (Ubuntu) "mysql-server fails to install if it cannot start due to not enough memory" [Medium,Triaged] https://launchpad.net/bugs/1584234
<ubottu> bug 1571865 in mysql-5.7 (Ubuntu) "mysql fails to start after upgrade if previous defaults were customised" [High,In progress] https://launchpad.net/bugs/1571865
<ubottu> bug 1571865 in mysql-5.7 (Ubuntu) "duplicate for #1567884 mysql fails to start after upgrade if previous defaults were customised" [High,In progress] https://launchpad.net/bugs/1571865
<cpaelzer> ack?
<cpaelzer> I see why you are building on digglett :-)
<cpaelzer> rbasak: FYI patches almost applied fine, debdiff and changelog prepared - Test design written in pseudocode - now starting with the real work to convert that pseudocode in something that reliably triggers to be our verification after the fix
<rbasak> cpaelzer: sorry, just catching up
<rbasak> cpaelzer: I think bug 1571865 is separate. Did something refer to that?
<ubottu> bug 1571865 in mysql-5.7 (Ubuntu) "mysql fails to start after upgrade if previous defaults were customised" [High,In progress] https://launchpad.net/bugs/1571865
<rbasak> cpaelzer: this bug is that the default settings do not work if the system has low RAM. I've hit that myself. I think a proper fix might be to detect that situation and offer different default settings or something, but I'm not planning that for this current SRU.
<cpaelzer> rbasak: essentially 1584234 is a special case of 1571865, it fails to start - just instead of tweaked config it is (actually any sort of) insufficient system config
<cpaelzer> rbasak: I'm fine not linking them, just thought so
<rbasak> cpaelzer: they're different, IMHO, because they have separate root causes. So as we apply fixes for different root causes, we want to track progress separately.
<rbasak> cpaelzer: there is perhaps a third bug that the error message is unhelpful.
<cpaelzer> rbasak: I just came by as I searched which one to adress with the last fix you linked - you don't have to over-work that now - you have time until the final SRU takes place to modify changelogs :-)
<cpaelzer> rbasak: didn't want to stall whatever you do
<rbasak> cpaelzer: FYI, I'm fixing up/testing https://github.com/ltangvald/mysql-5.7/commit/fa6ea034692, since that will block you soon.
<rbasak> My plan is to push to Debian VCS and cherry-pick into Yakkety. Then we can SRU everything together.
<cpaelzer> rbasak: I'm testing those two options already in the scope of the "fail with better error message" bug
<cpaelzer> rbasak: but I see how auto-converting them is a better fix
<rbasak> cpaelzer: OK. Note also https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/+bug/1596056 which will make it slightly better.
<ubottu> Launchpad bug 1596056 in init-system-helpers (Ubuntu Xenial) "output of invoke-rc.d for systemd units un-debuggable on failure" [Wishlist,Triaged]
<cpaelzer> rbasak: fyi http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=f12dd3fb5387113585a981e2b8d234e81c6a630d alone is incomplete as it is not removing it from the .install file
<rbasak> cpaelzer: also there is http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=7897042ea6c65aeb608fb28b4b54639d3dbf3352
<rbasak> cpaelzer: I guess we could SRU that patch as well
<cpaelzer> rbasak: you already added that to the list I should watch before :-)
<rbasak> Oh, sorry :)
<rbasak> So many patches!
<cpaelzer> hehe
<cpaelzer> you said mega SRU
<cpaelzer> you get mega SRU
<rbasak> :)
<cpaelzer> That is why my testing isn't so much about testing, but about documenting the shortest possible way to trigger&verify an issue
<rbasak> cpaelzer: wrt. not dropping from the install file, good catch. There's also http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=b79c5b96d881b1d93f9da48f78d3e7155fb9cd84 which I think I forgot to mention.
<rbasak> cpaelzer: debian-start still remains afterwards, but becomes a no-op.
<cpaelzer> rbasak: that is just what I added :-)
<rbasak> cpaelzer: I thought that was a safer approach than dropping debian-start entirely, in case users have locally modified upstart files.
<rbasak> cpaelzer: thanks :)
<rbasak> cpaelzer: mega SRU == complexity :-/
<beisner> hi ddellav, promoted python-glance-store 0.9.2-0ubuntu1~cloud0 to uca liberty-proposed re: bug 1596973
<ubottu> bug 1596973 in python-glance-store (Ubuntu Wily) "[SRU] liberty point releases" [Undecided,Fix committed] https://launchpad.net/bugs/1596973
<v1s> I am running hostapd / dnsmasq but only one of the connected clients is reachable any one have any idea why that maybe?
<lordievader> They get an ip?
<v1s> yes
<v1s> they get ip address
<lordievader> Do they respond to arp?
<v1s> do u mean $arp IPADDRESS
<lordievader> Do they respond when you arpping them?
<v1s> yes they both respond when arping them
<coreycb> ddellav, jamespage: trove and ironic uploaded for yakkety.  I haven't seen any other core packages released by upstream yet.
<jamespage> coreycb, awesome
<jamespage> due this week right?
<lordievader> v1s: Is there a firewall active?
<coreycb> jamespage, yep
<jamespage> coreycb, uh-oh whole load of red on the master branch builds
<jamespage> I better take a look
<v1s> lordievader: no I did not put one
<coreycb> jamespage, it seems like tooling issues possibly
<lordievader> v1s: Do both reply to ping?
<v1s> lordievader: only one replies. If if both are connected. if only one of them is connected then it will ping
<v1s> lordievader: it will not ping more then one of the ip address if there are more then one system connected
<lordievader> v1s: But both reply to arp when both are connected?
<v1s> lordievader: yes correct
<lordievader> v1s: How did you configure your address space?
<v1s> lordievader: single line in dnsmasq.conf http://pastebin.com/1Bts1bFz
<jamespage> zul, any specific reason pylxd declares  python-cryptography (>= 1.4)
<jamespage> ?
<lordievader> v1s: What routes do all the boxes have to each other?
<jamespage> coreycb, there are some installability issues on xenial in the ppa
<v1s> lordievader: do u mean my routing table?
<v1s> if so http://pastebin.com/hBvJR52i
<lordievader> v1s: Part of that, for example does your AP have a route to the whole address space?
<coreycb> jamespage, hmm, ok
<zul> jamespage: off the top of my head i dont remember....check with rockstar
<lordievader> v1s: That looks okay.
<jamespage> zul, I don't really want to have to backport cryptography to the UCA so early in the 2 year interim release cycle
<lordievader> v1s: Can the two clients ping each other?
<jamespage> so if its not required...
<v1s> lordievader: no only the one that I am able to ping can ping me back
<zul> jamespage: ahaha....yeah i can see that
<lordievader> v1s: That is not what I am asking, can client one ping client two.
<jamespage> zul, that's not inline with global-requirements btw
<v1s> lordievader: sorry no it can not
<zul> jamespage: 2.0.3?
<zul> or 2.0.2
<jamespage> zul, 2.0.3
<zul> jamespage: yeah i need to update that
<jamespage> zul, https://github.com/openstack/requirements/blob/master/global-requirements.txt#L23
<jamespage> zul, please do its blocking manila and nova-lxd builds atm
<zul> jamespage:yeah pylxd is not apart of the openstack project so it doesnt sync with the global-requirements.txt
<lordievader> v1s: What happens when you tcpdump everything (on the AP) from everything of an unpingable client, and then let that client ping the AP?
<jamespage> zul, sure but it would be a good idea given desire to be in-tree if it aligned right :-)
<jamespage> oh wait sorry - getting confused
<jamespage> I see
<zul> jamespage: yeah
<jamespage> zul, lets check with rockstart
<jamespage> r
<zul> he should been on #ubuntu-server but he isnt..
<v1s> lordievader: I am not expert with tcpdump but is this what you mean? http://pastebin.com/1siL3JLA
<v1s> lordievader: right now I can reach WINDOWS-5910H5R but cannot reach gary-PC
<lordievader> v1s: Interesting, I get the feeling your ARP responses don't make it to the client. I'd tcpdump there to verify.
<v1s> lordievader: u think something in the server is blocking it ?
<lordievader> v1s: No, I am saying it might not reach it destination. I have no idea wether this is true, or even if there is something blocking it.
<lordievader> First find the problem, then find the cause ;)
<ddellav> thanks beisner
<codepython777> cpaelzer: thank you!
<nacc_> cpaelzer: thanks for covering last week; i blame the holidays
<codepython777> If I have to do 100s of apt-gets, how can i do this so that I dont have to download all these from the web everytime?
<nacc_> codepython777: i thought someone answered you yesterday in #ubuntu
<codepython777> nacc_: not this one? If you saw the answer, can you please cut and paste?
<nacc_> codepython777: is your only goal to avoid downloading the packages?
<codepython777> nacc_: I use a usb stick to run a script that installs a lot of packages
<nacc_> codepython777: and i assume you mean on multiple machines?
<codepython777> nacc_: At this point, it would be nice if i could avoid downloading
<codepython777> nacc_: yes
<cpaelzer> nacc_: hehe
<nacc_> codepython777: the issue you run into is the time delay between one machine and the next; what if you're installing what are now insecure packages (due to -security updates to them)
<cpaelzer> nacc_: you are welcome, and due to the holidays it wasn't th emost crowded and complex of meetings
<codepython777> nacc_: Then we do a apt-get update/upgrade after the whole install process?
<nacc_> cpaelzer: regardless, thanks -- and i'll do today's meeting
<nacc_> codepython777: ok, so you're hoping to statistically catch most; just making sure you were doing that step
<RoyK> codepython777: setup a local mirror
<codepython777> nacc_: yes.
<codepython777> RoyK: Can one do that on a usb stick?
<nacc_> codepython777: i would either use ubumirror, an apt-cacher, or put all the packages you care about on the usb stick (which ubumirror might be able to do)
<codepython777> what command do i need for that?
<codepython777> I dont want to setup an apache+ local mirror
<codepython777> Just want all the files on the usb disk - If I could [r]sync them with better versions over time, that would be cool
<RoyK> codepython777: afaics using https://help.ubuntu.com/community/Apt-Cacher-Server would be an easier and probablye better approach
<nacc_> codepython777: why is the usb stick necessary, btw? can't you just scp your script to each machine?
<RoyK> nacc_: or use something sensible like ansible :P
<nacc_> RoyK: i figured that was a step too far :)
<codepython777> nacc_: I dont want to assume network
<nacc_> codepython777: i would also end up probably suggesting an installation/configuration tooling
<codepython777> RoyK: how does ansible help?
<nacc_> codepython777: so you have machines that don't have network at all? that seems to deviate from your earlier `apt-get update; apt-get upgrade` step :)
<codepython777> nacc_: I want to install everything from usb stick, then get it on network and do apt-get update/upgrade step
<RoyK> codepython777: well, if you don't want networking, well, I really don't know what you use these things for - what sort of machines are these?
<codepython777> a machine that i just assembled from scratch
<RoyK> ubuntu/debian will find network adapters on a very large majority of the machines out there
<codepython777> then install ubuntu + then run my apt-gets from usb + then connect to network and update
<RoyK> I beleive you should read up a bit more on managing lots of machines first
<RoyK> you could do a network install
<nacc_> codepython777: i'm not sure there is a trivial way to do what you want, unfortunately
<RoyK> lots of machines in parallel
<codepython777> btw, I need to install upwards of 1000 packages using apt-get !
<nacc_> codepython777: why??
<codepython777> because of software dependencies
<codepython777> can this be done using dpkg-dev?
<nacc_> codepython777: no, i mean why do you need 1000s of packages above the base install by default?
<RoyK> codepython777: it'd probably be faster using the LAN than using a bunch of USB sticks
<nacc_> codepython777: seems like you should just master your own ISO or something similar with the packages on it?
<RoyK> codepython777: please tell why you don't want to use network for this
<codepython777> RoyK: USB3 is faster than my gigabit conneciton, right?
<patdk-wk> it could be, depending on the usb3 storage media
<RoyK> codepython777: possibly, but the memory chips on that usb pen is quite possibly a lot slower
<codepython777> RoyK: why use network? when its slower?
<codepython777> patdk-wk: Its a top of the line SSD
<patdk-wk> top of the line ssd's don't have usb3 interfaces
<patdk-wk> they have pcie x4 interfaces
<RoyK> codepython777: then you can just start all installations at once with PXE or something
<v1s> lordievader: so I removed /var/lib/misc/dnsmasq.leases restarted dnsmasq and it let me ping both address. I restart and it seems if I dont start pinging them then it wont let me do it later
<patdk-wk> maybe even do some kind of multicast pxe install :)
<codepython777> RoyK: Yes, but its easier if it not dependent on another machine?
<patdk-wk> but that can get really complex, and only useful if you do full reinstalls often
<nacc_> codepython777: excpet you're now finding why it's not easier (to scale) :)
<codepython777> Why cant we just keep it simple
<codepython777> ?
<RoyK> patdk-wk: please don't :P
<lordievader> v1s: Still sounds a bit like a misconfigured network... but hey if it works ;)
<codepython777> USB3 shell script ?
<patdk-wk> not depending on another machine != easier
<v1s> lordievader: ok trying to figure out where the isssue is
<patdk-wk> for me, sitting in a single location, and doing remote pxe boots and installed to all other machines
<patdk-wk> seems much simpler
<RoyK> codepython777: I've only worked with linux for 20ish years, I'm just trying to help, just like the other guys here
<nacc_> codepython777: what does USB3 have to do with shell scripts?
<codepython777> nacc_: I run the script that picks the packages from the disk and installs it on the system?
<RoyK> codepython777: we're managing some 10 or 15 thousand PCs and we don't really run around with USB sticks to reinstall them
<lordievader> v1s: I'm not saying it is... Just what I think ;)
<lordievader> RoyK: hahaha, that would be fun.... not.
<RoyK> lordievader: so please try with apt-cacher and perhaps pxe install if you want that
<nacc_> codepython777: --^
<nacc_> codepython777: https://help.ubuntu.com/community/InstallingSoftware#Installing_packages_without_an_Internet_connection also may be of use
<patdk-wk> apt-cacher-ng + pxe net installs, works great
<v1s> is there anyway to tell if there is another dhcp server on the network ?
<v1s> or other system offering dhcp
<lordievader> v1s: Ask for an address, see who responds ;)
<nacc_> v1s: i think you'd use tcpdump or just dhcpdump to do that
<nacc_> lordievader's suggestion is probably easiest, though :)
<lordievader> nacc_: My anwser involves tcpdump ;)
<nacc_> lordievader: ah; i read it as 'run dhclient and see who responds'
<codepython777> RoyK: I just copied the .deb files from usb to /var/cache/apt/archives/ - and then fired apt-get = > Is there a problem with that approach?
<lordievader> nacc_: That is pretty much it, but it will probably limit the answer to one, hence the tcpdump for others ;)
<rattking> Hello folks, with sysvinit we had /etc/default/ for shell sniplets and configuration pieces to be sourced in the init script where the package would not over write.. how is that done with systemd services?
<jge> Hey all good morning, I'm looking to upgrade mysql 5.5 to 5.6 could I just do an inplace upgrade with: apt-get install mysql-server-5.6
<jge> ?
<RoyK> codepython777: should work, but network will probably be faster
<codepython777> RoyK: You are underestimating the speed of USB3 :)
<RoyK> codepython777: *you* are underestimating managability
<codepython777> RoyK: yes ! You are right! I need to take your advice and setup a pxe installer sometime :)
<RoyK> codepython777: better start now
<nacc_> jge: what version of ubuntu?
<jge> nacc_: 14.04
<nacc_> jge: presuming you've read this, http://dev.mysql.com/doc/refman/5.6/en/upgrading-from-previous-series.html, i think the packages should handle data migration; however you should make backups, etc.
<jge> nacc_: yep read that, thanks
<rbasak> o/
<smoser> rbasak, ubuntu-meeting
<nacc> heh
<rbasak> Oh :)
<rbasak> cpaelzer: FYI, I uploaded the fix for bug 1571865 to Yakkety. So that should unblock the mega-SRU. I'm EOD now.
<ubottu> bug 1571865 in mysql-5.7 (Ubuntu Xenial) "mysql fails to start after upgrade if previous defaults were customised" [High,Triaged] https://launchpad.net/bugs/1571865
<cpaelzer> rbasak: ok
<cpaelzer> rbasak: I have one test completed and the next will finish shortly
<cpaelzer> I'll end with a mail to you once I'm done
<cpaelzer> rbasak: so you can take over then
<rbasak> cpaelzer: many thanks for your help!
<spm_draget> Upon upgrade I see in the log "error: open /var/lib/lxd/containers: no such file or directory" - lxd fails to start. Which is logical since I have no containers configured. But why is lxd installed? Is it part of the default server packages?
<spm_draget> Can I disable it?
<degorenko> coreycb, hey, is it possible to update saharaclient to 0.15.0 version? :) which contain fix for https://launchpad.net/bugs/1565775
<ubottu> Launchpad bug 1565775 in Python client library for Sahara "'--version' shouldn't be used as an argument for subcommands " [High,Fix released]
<coreycb> degorenko, sure I'll take a look, might be a few days though
<degorenko> coreycb, ack, thanks
<jnex26> Howdy.
<jnex26> Question... has anyone seen ubuntu server stall a process once the CPU time hits 06:00:00
<jnex26> ?
<jnex26> it has done it twice now !
<jnex26> thanks
<sarnold> you could set an rlimit for cpu time (see ulimit -a output)
<jayjo> I'm trying to run some commands with aws cli, and I'm getting different results from different machines. I checked the versioning and there is a discrepency... on the machine that works it reads: aws-cli/1.10.36 Python/2.7.10 Darwin/15.5.0 botocore/1.4.26 and on the one it does it not it reads: aws-cli/1.2.9 Python/3.4.3 Linux/3.13.0-74-generic
<jayjo> Can I force the install to use the versions that work on one machine on the machine that doesn't work -- 1 is a mac and the other is ubuntu
<jnex26>  ulimit -a
<jnex26> core file size          (blocks, -c) 0
<jnex26> data seg size           (kbytes, -d) unlimited
<jnex26> scheduling priority             (-e) 0
<jnex26> file size               (blocks, -f) unlimited
<jnex26> pending signals                 (-i) 7394
<jnex26> max locked memory       (kbytes, -l) 64
<jnex26> max memory size         (kbytes, -m) unlimited
<jnex26> open files                      (-n) 1024
<jnex26> pipe size            (512 bytes, -p) 8
<jnex26> POSIX message queues     (bytes, -q) 819200
<jnex26> real-time priority              (-r) 0
<jnex26> stack size              (kbytes, -s) 8192
<jnex26> cpu time               (seconds, -t) unlimited
<sarnold> I didn't know you could run OS X on aws
<jayjo> that is the local machine
<RoyK> !pastebin | jnex26
<ubottu> jnex26: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<jnex26> sorry
<jnex26> http://paste.ubuntu.com/19202648/ process limits
<sarnold> jnex26: did you check the ulimit via whatever mechanism spawns your process?
<sarnold> or just a shell on the system?
<jnex26> php spawns the process. but it runs under a shell it is a exec(); in php
<sarnold> damn that's terrifying
<sarnold> anyway, check your php.ini there may be a "maximum cpu time" thing specified there?
<jnex26> just out of interest, why is it terrifying ?
<spm_draget> Upon upgrade I see in the log "error: open /var/lib/lxd/containers: no such file or directory" - lxd fails to start. Which is logical since I have no containers configured. But why is lxd installed? Is it part of the default server packages?
<spm_draget> Can I disable it?
<sarnold> spm_draget: feel free to apt-get purge lxd if you don't intend to use it
<sarnold> jnex26: I've just seen too many poorly-written php scripts that allow more or less complete control of a computer by attackers..
<jnex26> ahh... I would do it all in php, but handbrake does not have a php lib !
<sarnold> aha :)
<sarnold> just be insanely careful about what inputs you accept..
<jnex26> no inputs to it at all, spawns a user process when a specific type of disk is inserted in the drive !
<sarnold> good good
<jnex26> irony is I wrote this in ubuntu desktop and it works fine. only running on the server version am i having issues
<b-yeezi> Hi all, I have a question about accessing a mongodb server (trusty) running in an LXD 2.0 container from the host (xenial)
<b-yeezi>  I am just trying to connect to it, but it say connection refused by server.  I can ping it, I made sure the port is open. Still no luck
<b-yeezi> I can see a new lxbr0 network device, and when I ping the container, I see that it's using that device's gateway
<nacc> b-yeezi: have you looked at the logs in the container?
<b-yeezi> I did. It doesn't even notice the request
<b-yeezi> I can't find much in the docs for only opening up to the host, and not to the entire lan
<sarnold> b-yeezi: are you using macvlan? iirc that doesn't alow containers to talk with the host
<b-yeezi> Do I need to set up another bridge? Create a new container profile? Add a new nic device to the container?
<nacc> sarnold: i assume if lxdbr0 showed up (default lxd config), then it's not macvlan but bridged
<b-yeezi> sarnold, whatever the default is. I don't think its macvlan
<sarnold> nacc: could be. I haven't done battle with this, just skimmed the docs..
<b-yeezi> I confirm. It's just bridged
<nacc> b-yeezi: and you are tryin to connect from the host, right?
<b-yeezi> What do I have to do to allow it to talk to the host? I'm setting up an environment on my laptop with mongodb in a trusty container to talk to a dev wsgi server
<b-yeezi> from my laptop, the host
<b-yeezi> nacc, yes
<nacc> b-yeezi: ok
<b-yeezi> nacc, my use case is to use lxd to set up dev environments of many configurations instead of vms. This is my first test
<nacc> b-yeezi: i've not setup a database in a container, but it should be fine
<nacc> b-yeezi: to be sure, mongo is actually running, and if you `lxc exec .. bash` to the container and connect locally, you can (with the same credentials)?
<b-yeezi> I don't know if it makes a difference, but it is mongodb 3.2, not the 2.6 that comes from the official repo.
<nacc> b-yeezi: and ... support stops :)
<b-yeezi> I'm about to create a new one with 2.6
<nacc> b-yeezi: my trivial guess is that your /etc/mongod.conf says to only allow localhost connectivity (bind_ip) or so
<sarnold> maybe try using nc -l in the container and connect via nc from the host to double check that tcp is allowed through with simple tools?
<nacc> sarnold: good call
<b-yeezi> sarnold, I used ufw allow 27017
<b-yeezi> I will try both and get back to you
<b-yeezi> Thanks for your help
<minx> Hi I am for all intents and purposes a complete noob in linux can anyone point me in the right direction of a detail step by step guide to the fundemental basics and possible within the same source leads onto more advance stuff? I have tried a google around and can't seem to find what I'm looking for
<sarnold> minx: as far as I know, no such guide exists. it would be immensely difficult to create one of that scope..
<genii> The Linux Documentation Project may be a good place to start
<sarnold> minx: you can use general-purpose guides like https://help.ubuntu.com/lts/serverguide/  -- specific guides like http://mywiki.wooledge.org/BashGuide -- the general set of HOWTOs (possibly badly dated by now) http://www.tldp.org/docs.html
<sarnold> minx: and of course most tools, configuration files, etc. have manpages; I started learning linux via "ls /usr/share/man/man*" and reading everything in there
<minx> man pages?
<sarnold> there's extensive system documentation in the manpages
<sarnold> run "man ls" to see an example
<sarnold> they document user commands, sysadmin commands, configuration files, device drivers, subsystems, programming interfaces, etc
<b-yeezi> sarnold, nacc it was the mongodb.conf bind_ip only allowing localhost. In the docs, it says that it is suppose to default to allow all, but debian changes it to only allow 127.0.0.1
<b-yeezi> Thanks for your help
<sarnold> b-yeezi: ahhhhhh
<sarnold> b-yeezi: see e.g. https://www.riskbasedsecurity.com/2016/07/redis-over-6000-installations-compromised/ for a description why :)
<sarnold> b-yeezi: thanks for reporting back, I always like hearing the end results :)
<minx> Thank you very much! these look like some good places to start thank you very much! ^__^
<sarnold> minx: oh yes, most packages leave documentation in /usr/share/doc/<packagename> too -- sometimes it's just the packaging changelogs, sometimes there's things that don't really fit in to a manpage
<b-yeezi> sarnold, yeah I totally understand why. From a risk standpoint, it's better to fail by leaving the defaults rather than leaving the system open by default.
<kantlivelong> help
<kantlivelong> oop
#ubuntu-server 2016-07-13
<b-yeezi> kantlivelong, with what?
<goddard> i have a problem where my wordpress site isn't able to connect to the mysql server
<goddard> i can login to the server from phpmyadmin
<codepython777> where can i download all the current .deb files for 14.04.4?
<patdk-lap> ubuntu package servers
<patdk-lap> archive.ubuntu.com and security.ubuntu.com
<codepython777> patdk-lap: which directory do i clone for getting to 14.04.4 packages?
<codepython777> patdk-lap: http://archive.ubuntu.com/ubuntu/pool/main/ - are these files shared between multiple versions of ubuntu?
<patdk-lap> yes
<patdk-lap> use something like apt-mirror
<codepython777> patdk-lap: looks like one needs apache + apt-mirror?
<codepython777> patdk-lap: is there a script somewhere that will mirror all .deb files for a given version (like 14.04.4)?
<patdk-lap> ya, apt-mirror
<codepython777> patdk-lap: is there a one line command using apt-mirror to do what i need?
<patdk-lap> sure, service apt-mirror start
<patdk-lap> though, I think it normally goes into cron
<codepython777> patdk-lap: where does it write the .deb files?
<patdk-lap> http://manpages.ubuntu.com/manpages/trusty/man1/apt-mirror.1.html
<jamespage> ddellav, coreycb: lots of experimental uploads from zigo over the last 24hr - which way do we need to catchup?
<Yanick> Any one have any good guides/books for high performance network tuning for ubuntu?
<Xin> yanick; er, what in particular were you trying to tune..
<Xin> It comes in a fairly '
<Xin> 'best for everyone' configuration
<Yanick> IDS, so IRQ cpu stuff etc.
<Yanick> and kernel stuff to boost its performance
<Xin> see, none of that really means anything
<Xin> lol
<Yanick> ?
<Xin> for most network adapters the driver already comes compiled into the core, irq's are utterly meaningless to do with anything 'optimization', 'cpu stuff' = ???
<Yanick> my plan was to split the traffic with 4 rss queues, and then have 4 suricata workers pinned to each CPU, not done or tested this before so thats why I asking, pretty much looking for a best practice guide / tutorial for high performance networking stuff
<cpaelzer> Yanick: in my personal experience in like 99.9% eventually it turns out that the tuning made it worse
<cpaelzer> Yanick: the reason is that you have to know a lot of your workload (sizes, timings, ...) to make good tunings
<cpaelzer> Yanick: especially since most really critical things are auto-tuning these days
<cpaelzer> Yanick: IRQs are local to the card you can set up rps (if your card can HW assist even more effectively) and the workers will migrate to the IRQ arriving cpu anyway
<Yanick> cpaelzer: what about C and P states? should i just set it to max all the time or let the auto tuning do that too?
<cpaelzer> Yanick: as I said "in my experience" tuning rarely helps in the long term - people do it on a POC state and nobody realizes the workload changes later on
<cpaelzer> Yanick: you surely can do it, but it is not a one shot task - IMHO it has to be rechecked and reevaluated continuously
<cpaelzer> Yanick: that means you can do all of https://www.kernel.org/doc/Documentation/networking/scaling.txt but then it is "you" who have to take care it still applies over time
<cpaelzer> and that is why I mean, I too often have seen environments where years ago someone tuned something and it is making it worse today
<Yanick> cpaelzer: Tnx alot! :)
<Yanick> cpaelzer: Got any experience with dpdk or any other kernel bypass methods? good? bad? hard?
<cpaelzer> Yanick: I'm the Ubuntu dpdk maintainer :-)
<cpaelzer> Yanick: it works, but it is a) not generally  helping but for special purposes and b) only maturing the last 12 months
<cpaelzer> Yanick: with b) I mean you see it getting more stable day by day which is great, but up until recently it was all too easy to hit severe bugs
<cpaelzer> Yanick: https://insights.ubuntu.com/2016/05/05/the-new-simplicity-to-consume-dpdk/ https://help.ubuntu.com/16.04/serverguide/DPDK.html
<cpaelzer> Yanick: so if you are using Openvswitch you have a good chance to gain some benefit, and I hope that with upcoming OVS 2.6 and DPDK 16.07 things are more stable
<cpaelzer> Yanick: but if you are just runnign some arbitrary service on your server they won't help you until they actually exploit DPDK
<cpaelzer> Yanick: I've seen work on nginx for that and there might be more I haven't seen
<cpaelzer> Yanick: the performance answer always was and probably always will be "it depends"
<Yanick> cpaelzer: haha nice!
<Yanick> cpaelzer: Done any performance test with lxd containers? much overhead/latency? would it be possible to run a 1gbps sensor(suricata) in lxd?
<cpaelzer> TL;DR container (almost) always is as fast as without virtualization
<Yanick> Think I will give that a try :D need to set up a sniffing interface in promisc mode and map it into the container then?
<cpaelzer> Yanick: yeah you should just try and check if the bridge would eat up too much bandwidth
<cpaelzer> Yanick: I only found older LXC howtos, once he is online later on stgraber can point you to something recent for lxd
<Yanick> cpaelzer: Thank you so much for your time :) appreciated!
<coreycb> jamespage, we should be good for oslos and clients but most anything else could possibly need an update
<jamespage> frickler, finally moving on the 10.2.2 update for ceph
<jamespage> apols for the lag
<jamespage> dropped under a carpet somewhere
<frickler> jamespage: np, thx for the update, most of the openstack stuff seems to have gotten into proposed yesterday already, so that should be fine for now
<jamespage> frickler, ceph accepted - takes some hours to build...
<frickler> jamespage: did you ever look at generating a set of packages with jemalloc enabled instead of tcmalloc? it seems that this is a compile-time-only decision due to the way some libraries are included, the variant using LD_PRELOAD doesn't seem to work anymore
<CrashTestDummy> Hello. I configured my lxd on ubuntu 16.04 according to this tutorial on the interwebz : https://insights.ubuntu.com/2015/11/10/converting-eth0-to-br0-and-getting-all-your-lxc-or-lxd-onto-your-lan/
<CrashTestDummy> The problem is that i do noet get any DHCP address from my opnsense machine to the containers. The opnsense machine also does not seem to get a DHCP request from the containers
<roaksoax> CrashTestDummy: that's probably an issue with the bridge you are using
<CrashTestDummy> log : https://codeshare.io/Ndexm
<CrashTestDummy> I think so too, can you please help me by having a look at the codeshare to see if you find something strange ?
<compdoc> I removed lxd just so I dont have to see boot messages from it anymore
<CrashTestDummy> But i am actually using lxd
<compdoc> CrashTestDummy, how is you networking setup? pastebin.com your /etc/network/interfaces
<stoker> Hi, does anyone have a document which describes how to deploy maas, juju and openstack on xenial?
<stoker> I have 8 HP SLG7 computes where I wish to do a deployment.
<CrashTestDummy> my interfaces file is the last section of the codeshare
<CrashTestDummy> https://codeshare.io/Ndexm
<stoker> Is there a way to deploy xenial from an ISO, providing a configuration file and skip all the questions it asks during install?
<nacc> stoker: you are referring to a preseed file
<nacc> stoker: and i think you can put a preseed file on the iso that will get loaded at install time
<stoker> ok, thanks
<stoker> I'll google it
<nacc> stoker: https://help.ubuntu.com/community/Cobbler/Preseed is roughly a no-questions-asked install preseed
<nacc> stoker: https://wiki.debian.org/DebianInstaller/Preseed/EditIso
<stoker> nice
<nacc> stoker: i *think* (not sure, never tried it), but you might be able to pass the preseed as an install-time parameter to the installer kernel and it might also be able to d/l it, not sure if that requires specifically the netinstall kernel/initrd combo, though
<stoker> I can remaster the ISO if necessary but DL would be real easy
<nacc> stoker: yeah, should be easy to test, at least
<nacc> stoker: note that depending on how you install, you might also need to pass things like the network configuration to the installer so that it can download the preseed
<nacc> stoker: at that point, you might as well pxe install :)
<stoker> inception
<cpaelzer> rbasak: when you consider merge review priorities you might have a look at the last two comments in bug 1567540
<ubottu> bug 1567540 in ntp (Ubuntu) "ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)" [High,Triaged] https://launchpad.net/bugs/1567540
<cpaelzer> rbasak: it seems it starts to get uncomfortable :-)
<teward> is there a known issue where landscape-client will eat up all the RAM and swap on small-sized servers?
<teward> and then not clean up after itself thereby nomming all the data?
<teward> Xenial, by the way
<deadnull> so I created a custom bind9 package from the deb-src, and I want to host on my mirror (using aptly) is there a way to fix the duplicate package (Writing more data than expected) error?
<sarnold> deadnull: what error is that? I don't think I've ever seen it..
<sarnold> deadnull: can you pastebin the error  and surrounding context?
<sarnold> teward: news to me, it might be news to them too :) maybe grab some ps output on the process every hour for a few days and paste the log to a bug?
<deadnull> sarnold so the deal is I am running an aptly server. I am mirroring xenial, xenial-updates, and xenial-security. The issue is i build bind9 from source with mysql-dlz, which has different content then the distribution package in the xenial repo, so when I do an install, there is a conflict because the packages are different.
<deadnull> I think I have found a way to remove the upstream bind9 package from my mirror so there is no conflict. the reason I am doing this is because I dont want to have deb-src enabled on my servers and compiling custom packages on servers.
<sarnold> deadnull: hmm, if you give your bind package a unique-to-you version number I think that ought to just work
<deadnull> sarnold yea, looking into that as an option now, forgive my ignorance with dpkgs, how would I set a custom version/name - my google-fu is apparently failing me
<sarnold> deadnull: in the debian/changelog change the top-most version number -- adding -deadnull to the end would probably be sufficient
<sarnold> (better yet, make your own new entry in the file, so you can see what you did to it the next time you have to rebuild :)
<deadnull> woot, thanks man, I really appreciate it!
<deadnull> i was in the rules file
<sarnold> yeah, you can look and look and look and never spot it :)
<teward> sarnold: going to spin up a dns3 on my net and try and replicate
<teward> can't have the only two DNS resolvers for my net having zero space for bind9 to use ;P
<sarnold> teward: are those auths or recursors?
<teward> sarnold: half-and-half.  internal recursors for my network, with authoritative on some of the domains (overriding public IP for private IP ranges and such necessary for proper internal network routing)
<sarnold> aha
<teward> sarnold: since the entire network runs DNS through there, I have to make sure those are 'up'
<teward> 100% swap and 98% RAM means it can't operate
<teward> was able to get in and stop landscape-client and subprocesses with a kill -9
<teward> freed up all the swap and all but 100MB of RAM (in use by the rest of the system)
<teward> unclean approach, I know, but...
<teward> with both DNS servers having 512MB RAM, and 512MB swap...
<teward> and landscape-client trying to nom almost a full gig...
<teward> sounds to me there's a memleak somewhere
<sarnold> it's quite possible :) hehe
<sarnold> I suspect most of the machines running landscape client have a bit more headroom
<teward> true
<teward> but i noticed it eating 512 RAM and 48 MB on a 1024MB VPS so...
<teward> and fun fact: this doesn't happen with 14.04
<teward> it uses about half that.
<coreycb> ddellav, I synced saharaclient 0.15.0
<Xin> hey guys and girls I want to set up a proxy ring of sorts, and have it so that at a random given node, I siphon data out at random, but only my static ip is allowed.. any other traffic is put into an endless loop lol
<Sling> what
<Xin> so like 4 nodes of routing, mainly http but other stuff too, a full vpn
<Xin> I connect to one of these at random and make requests
<Xin> Only that node should have the request, and should only perform it for my ip address
<Xin> for all other addresses, it should just infinitely loop 1,2,3,4,1,2,3,4 etc, or similar
<sarnold> and why should it do that?
<Xin> Well mainly for lols
<sarnold> do the owners of those machines pay you for bandwidth used? :)
<Xin> they're all my vps's
<Xin> geologically sparse
<Xin> I also need to set up the full vpn thingy lol :/
<Xin> never done that before
<Xin> I was supposed to have a partner in all this but they bailed because they are a flake
<Xin> my mistake.
<Xin> what id love is some kind of time sensitive token for everything over the vpn
<Xin> so even if it were logged, at a later date, it would be irrecoverable essentially
<Xin> im not doing anything dodgy, I just want to be as secure as possible
<Xin> security isnt really my thing though
<sarnold> I think the DHE ciphersuites will provide that
<Xin> oh yeah?
<Xin> what vpn server would you recommend?
<Xin> or how do I configure such a thing haha
<sarnold> the best VPN i've ever used was an IPSec configuration; but that doesn't always work through e.g. terrible hotels.
<sarnold> openvpn seems to have a lot of fans, it seems to be able to work through a lot of terrible misconfigured networks
<Xin> yeah that seems to be the go
<Xin> so I basically just want to steal its network stack
<Xin> um
<Xin> is that what a vpn inherently does?
<Xin> or do I need other software for each specific protocol
<sarnold> depends on the VPN software, most can provide generic IP support so they can route any IP-based protocol, usually icmp, udp, and tcp
<sarnold> but e.g. tor is limited to just tcp, drastically reducing what it can be used for
<Xin> yeah, I was thinking about using an anonymous vpn that then routes through tor
<Xin> is that overkill lol
<skylite> btw any working ideas to block tor traffic?
<Xin> cut your network cables
<sarnold> skylite: the list of exit nodes is published, just drop packets from them
<Xin> works 100%
<skylite> sarnold wow. all of them?
<sarnold> skylite: yeah
<skylite> cool
<Xin> so is it overkill? is it even a good idea at all?
<Xin> itd be nice to have a tor address too
<Xin> im not sure how all that works
<Xin> I also need to be able to coordinate one task between all the nodes if I so choose
<Xin> eg I might install a new package
<Xin> I dont want to do that on every vps
<Xin> nor do I want an apt-get specific solution. I want to essentially batch bash lol
<Xin> ok so I have openvpn
<kzaitsev_ws> I have a possible very dumb question, but can't really find the answer anywhere =)
<kzaitsev_ws> do SRU bugs go to https://launchpad.net/ubuntu/ ?
<kzaitsev_ws> I'm in the process of understanding how to propose an update to my openstack project's package to cloud-archive
<rbasak> SRU bugs go to the usual place for the package - https://bugs.launchpad.net/ubuntu/+source/<source package name>
<rbasak> Then they need to have a series added for the SRU target.
<rbasak> I don't remember what we do to track bugfixes in the cloud archive specifically. coreycb may be able to help you with that.
<Xin> if I told you my name was Todd Aspen
<Xin> would that seem legit to you
<kzaitsev_ws> rbasak: yep, I've been pinging him for a day or two =) I think he's somewhere in Europe and is asleep now =)
<kzaitsev_ws> Xin: now that's a really weird thing to stumble into =)
<terje> when enrolling machines in maas, is it possible to specify a naming schema?
#ubuntu-server 2016-07-14
<goddard> i cant connect to mysql server from wordpress
<goddard> can some one give me a hand?
<sarnold> do you get any error messages? check both mysql and wordpress logs
<rawi> Hi folks, somebody knows if Xenial will bring Samba 4.4, or will stay with 4.3 for the next 5 years?
<rbasak> The plan is to not bump major version, though that has already happened once for security reasons.
<rbasak> See https://wiki.ubuntu.com/StableReleaseUpdates#When. We don't want to change behaviour for existing users.
<rawi> rbasak: Thank Yyou. I was only asking because of features (demote dead controller), not security. So I'll find another way
<rbasak> rawi: it would be possible to have an official backport if someone volunteers that: https://help.ubuntu.com/community/UbuntuBackports
<rawi> rbasak:  I've never adapted and compiled programs on my own, so I'll wait or try debian backports
<eakdev> I was wondering if I could make our ubuntu file server into a web server as well. Is this possible and okay?
<jamespage> ddellav, pkgos-parse-requirements appears to have improved a little
<vagarwal> eakdev: it is possible, simply follow a guide to setup a webserver
<jamespage> ddellav, coreycb: not sure we can avoid backporting paramiko and cryptography for newton UCA
<jamespage> however
<jamespage> sbuild does not understand the conditional deps pn crypto on lescina
<jamespage> coreycb, ddellav: doing an sbuild backport for lescina
<jamespage> should do the trick
<coreycb> jamespage, I agree, we're going to need cryptography and paramiko.  was it sbuild that was causing cryptography to fail?
<jamespage> coreycb, yeah
<coreycb> jamespage, ok cool.  I was stuck on that.
<coreycb> jamespage, I didn't touch CI yesterday, but depending on where we are with b2 I'll poke at it today
<jamespage> coreycb, i've been poking
<coreycb> jamespage, thanks
<jamespage> coreycb, ok sbuild updated - we can try cryptography again now
<coreycb> jamespage, ok I'll kick it off
<jamespage> coreycb, two neutrons and a ceph build atm
<jamespage> no wonder that machine is slow :-)
<coreycb> ahh
<coreycb> jamespage, I can't tel why this is failing: http://10.245.168.2:8080/job/backport_package/1336/console
<jamespage> coreycb, neither can I
<jamespage> I'll backout the sbuild update
<coreycb> jamespage, ok
<Amine_> Hello all I am having troubles to run my a remote ubuntu machine (14.04 LTS) running under Linux kernel version 3.14.32.  After a recent upgrade and a reboot the machine refused to boot and freeze at some point. I was able to reboot the machine in system rescue mode and also read the content of /var/log/dmesg to see what happened
<Amine_> here is the dump of dmesg http://codepad.org/llFGvb62
<Amine_> Can anyone help to know why my the machine freeze and therefore I can't ping nor ssh it ?
<DelphiWorld> yo ubuntuficators
<DelphiWorld> i'm runing ubuntu server 16.04
<DelphiWorld> i want to build kernel 3.15.5
<DelphiWorld> but i have failur
<DelphiWorld> include/linux/compiler-gcc.h:106:30: fatal error: linux/compiler-gcc5.h:  file not found
<sky> hiya, wrote a script that runs pg_dump then scp's the results. I am getting a broken pipe error when I run the script with crontab but not normally
<coreycb> jamespage, ddellav: we're looking pretty good on deps for b2.  about all that I see left that we can update are: python-ddt, python-debtcollector, python-django, python-eventlet
<ddellav> coreycb ok, i'll take a look at those
<coreycb> ddellav, I don't think we need to get them for b2 necessarily
<coreycb> ddellav, let's work on them after
<ddellav> coreycb ok
<coreycb> ddellav, are you working on monascaclient?  I just noticed heat needs 1.2.0
<ddellav> coreycb yea, it's basically done
<coreycb> ddellav, ok let me know when it's ready and I'll upload it
<coreycb> beisner, jamespage: when you get a chance python-keystonemiddleware 4.4.1-0ubuntu1~cloud0 and openstack-trove 1:5.0.1-0ubuntu1~cloud0 are ready to promote to mitaka-proposed
<coreycb> beisner, jamespage: also the neutrons (7.1.1), nova 2:12.0.4-0ubuntu1~cloud0, and python-oslo.concurrency 2.6.1-0ubuntu1~cloud0 are ready to promote to liberty-proposed
<rattking> hey hey, has anyone here upgraded from 12.04 to 16.04 skipping 14.04?
<nacc> rattking: i don't think that's supported
<rattking> hmm but it should be possible right?
<genii> You'd be better off to just do a clean install of 16.04 in that case
<nacc> rattking: http://askubuntu.com/questions/115835/is-it-possible-to-skip-an-lts-upgrade
<nacc> rattking: "possible", maybe? (anything is possible with root! :) ... advised, perhaps not
<rattking> its its too tricky I will probably do a debootstrap install on another partition
 * rattking tries something
 * genii makes more coffee
<rbasak> rattking: I often drop migration paths when no longer needed to clean up. I'm sure others do too. So there are probably landmine packages that will explode if you attempt it and hit one of those cases. You may also end up with latent bugs that you'll find later that won't make any sense and that you don't necessarily attribute to your leap even if that was the cause.
<rattking> hmm good point.. I was looking at a system the other day I have thats been dist-upgraded for 10 years now and relized I have no clue what might have been modified in that time :)
<rattking> the problem I am facing is the number of systems I need to upgrade off of 12.04 this year. so whatever I do it needs to be scripted and solid
<jcastro> https://askubuntu.com/questions/797896/16-04-server-enabling-ldap-authentication-causes-systemd-logind-to-fail
<jcastro> any help on this one would be appreciated!
<nacc> jcastro: may want to ask for clarification if they know what was updated that might be involved (sounds like a regression) /var/log/dpkg.log may help with that
<ddellav> coreycb python-monascaclient is good to go, builds in experimental and yakkety: lp:~ddellav/ubuntu/+source/python-monascaclient
<rattking> forcing an dist-upgrade from 12.04 to 16.04 wasn't too bad, I had to force remove 'netbase console-setup libblkid1 module-init-tools' due to multiple packages owning the same files, but they all installed correctly during the upgrade.. now to look for breakage :)
<coreycb> ddellav, pushed and uploaded.  I changed the min pbr back to 1.8.
<coreycb> ddellav, all the core packages marked as TODO in the spreadsheet are ready for b2
<coreycb> I just took a pass
<ddellav> coreycb ok, thanks for the heads up
<beisner> o/ oh hey coreycb - sure checking those now
<coreycb> beisner, thanks.  I think maybe just the liberty ones are left to do.
<beisner> coreycb, looks like both are already done
<coreycb> beisner, alrighty, cool
<beisner> boom done :)
<velus> hello all, im creating a chat service on a website and i need a php processes to be run on the server, it needs to be runc constantly, and was told the best was was to set up a service script for it. is there any example services scripts so i can run the php script as a demon/service, and have it start on start up
<sarnold> if you're on 16.04 LTS there's a pile of configurations in /lib/systemd/system/  -- if you're on something before that, look in /etc/init/
<velus> how do i check the version
<Xin> If someone told you that Hillary Clinton was officially considering selling her breast milk to Bernie Sanders, on a scale of 1-10 (1=low) how credible would you say this statement was
<Xin> oops wrong window
<velus> ok the testing server is 16.04 and the webserver is 14.04
<compdoc> heh, thats dumb even in the right window
<nacc> compdoc: :)
<spm_draget> https://help.ubuntu.com/community/Dovecot#Setting_up_Maildir has for mail_location once ~ - syntax and once %u - syntax, all mixed. Is there a reason or just bad documentation?
<sarnold> spm_draget: it looks like it exists to show that both are possible
<mowthegrass> Hi
<mowthegrass> Anyone encountered issues durning installation, the installer just seem to get frozen on screen (Not really getting killed) it just needs to manually be woken up by a key stroke on the screen, Post the key stroke it just continues the installation
<sarnold> spm_draget: %u looks like it expands to user@domain, %h expands to the home directory, and they recommend using ~/ instead of %h for some reason: http://wiki.dovecot.org/Variables
<mowthegrass> we are doing installations over 200 machines almost 60% of them go into this state eventually leading to manual work
<sarnold> mowthegrass: I have a computer that behaves like that, I suspect it's part of the IPMI/BMC/Video card
<sarnold> mowthegrass: you may wish to investigate e.g. MAAS or FAI or something else that requires less manual intervention
<mowthegrass> sarnold: did you find any fix for that ?
<sarnold> mowthegrass: no, I lamost never interact with that machine's keyboard/monitor, when I do I just hit the control key while turning on the screen..
<mowthegrass> sarnold: we are doing FAI however after the installation kicks in the purple screen simple gets to a state where it doesnt finishes the installation except showing the progress bar.
<mowthegrass> i need to manually hit some key
<sarnold> mowthegrass: does it actually -hang-??
<mowthegrass> sarnold:it doesnt hang
<mowthegrass> it completes the installation provided just hit some key out on the screen
<sarnold> but you do have to hit the key? that's .. annoying.
<mowthegrass> yep
<mowthegrass> we kicked in almost 200 machines today and waited more than 2 hrs  and this kept wondering whats happening
<mowthegrass> nothing shows in installers logs too
<spm_draget> samold: Mixing both syntaxs without any further comment is totally confusing and not really a good way of documenting it.
<kyle__> Stupid user questions: has the syntax of /etc/network/interfaces.d/* changed?
<kyle__> The same config I used for vlans in 14.04 doesn't appear to work on my test-box of 16.04
<spm_draget> kyle__: Funny enoughâ¦ I moved some lines from interfaces 1:1 to files under interfaces.d and suddenly my network would not come up anymore on 16.04. Did not debug that yetâ¦ just reverted the changes
<kyle__> ugh.
<kyle__> I was hoping for a, 'dumbass, it says right here in xyz wiki!', so I could get this all working :P
<kyle__> Humm.  The only way I made it happy this time was with vlan-raw-device
<lordievader> kyle__: I think 16.04 is using bios naming instead of the old ethX naming. Might that be your issue?
<kyle__> Nah, I like the eth naming myself, but I have it configured with the new name, in all of its silliness
<kyle__> enp3s0f0
<lordievader> Could you pastebin your config?
<rharper> kyle__: can you share your interfaces config ?
<rharper> kyle__: both your /etc/network/interfaces  as well as anything in interfaces.d
#ubuntu-server 2016-07-15
<goddard> having an issue where my wordpress site is unable to connect
<goddard> but i can connect with phpmyadmin
<Gorian> say, anyone around in here?
<Gorian> @coreycb
<t4nk050> Hi
<t4nk050> I need help with an issue. I have a Dell R610 box with 4 ethernet ports. eth0 & eth1 are bonded and connected to 2 Dell stacked switches. eth2 and eth3 are outbound to a pair of Dell 5424 iSCSI SAN switches.
<t4nk050> The SAN switches are in Active-Standby mode.
<t4nk050> i.e. only eth2 is in use for the SAN switch connectivity.
<t4nk050> Whenever I restart this server, the ping towards the SAN group management IP fails
<t4nk050> And it happens intermittently - not at every restart. Only during some restarts
<t4nk050> This happened last night as well
<t4nk050> Running ifdown eth2 && ifup eth2 fixed the issue.
<t4nk050> Any pointers how can I debug the problem?
<t4nk050> The box is running 14.04.4 LTS
<t4nk050> Ubuntu
<sarnold> t4nk050: have you been able to capture e.g. ip link or ethtool output with both 'good' boots and 'bad' boots?
<sveinse> What is the easiest approach to disable mdadm and lvmetad from a 16.04 server? The obvious choice is to uninstall them, but I'd really like to have ubuntu-server install, which pulls in both of these tools
<Zardoz84> Some one can help me ? I have a really scary situation with a Ubuntu server, with a lot of process that are stuck on "uninterruptible sleep", including a postgress database
<sarnold> is it an NFS mount?
<Zardoz84> Nope
<Zardoz84> I have a EXT4 + BTRFS system over a RAID
<Zardoz84> many of the process that are on "uniterruptible sleep" state, don't are touching the BTRFS fs, so I think that isn't a bug of btrfs
<Zardoz84> It's a Ubuntu 14.04.4 LTS, that we just did a apt-get upgrade yesterday
<sarnold> you may not have options beyond rebooting
<sarnold> (I asked about nfs because it's possible to bring back missing mounts through some ugly tricks, which, once you know them, are handy to know...)
<Zardoz84> uname -a -> Linux XXXX 3.16.0-70-generic #90~14.04.1-Ubuntu SMP Wed Apr 6 22:56:34 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
<Gorian> don't suppose anyone online can help with making keystone+uwsgi+nginx work?
<Zardoz84> I was afraid of reboting, because there two postgres process hanged with the D flag
<sarnold> maybe do an 'ubuntu-bug linux' first, to get osme details filed, but there's every chance that -those- processes will also hang D ..
<Zardoz84> Ds   jul13   0:00 postgres: checkpointer process
<Zardoz84> and the mos worrysome process is this : " D    abr25   7:58 [jbd2/dm-4-8]"
<t4nk050> #sarnold I was unable since it occurs in a production envionment and during this time we have to quickly do everything under the sun to bring the interface up.
<sarnold> t4nk050: makes sense. maybe prepare a little "ohcrap" script you can run to get the info before you start fixing..
<sarnold> Zardoz84: actually, try to grab the /proc/<pid>/stack files from that thing before you reboot
<sarnold> Zardoz84: .. and before running the ubuntu-bug command
<t4nk050> #sarnold Thinking of preparing a script that automates the restarting the interface using ifupdown and executing the script on post-up in ifconfig?
<sarnold> t4nk050: I was just thinking of the ip link and ethtool commands..
<Zardoz84> thanks sarnold , trying to reboot now
<t4nk050> #sarnold - Sure, I can do it next time. Anything else I can check? kern logs don't hint much, they correctly register ADDRCONF(NETDEV_UP): eth2: link is not ready and  ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
<sarnold> good luck
<sarnold> t4nk050: nothing else comes to mind, but ask again in another hour or so, there ought to be more europeans around by then, maybe someone else will have good ideas
<t4nk050> #sarnold ok
<Gorian> anyone encounter a sigsegv when running uwsgi?
<sarnold> Gorian: a sigsegv, that's almost nice, you've got something concrete to work with there :)
<Gorian> lol
<sarnold> Gorian: if it were me, I'd try strace on the thing and try to find out what it's doing
<Gorian> ugh. It's one in the morning, I don't want to debug, I want a quick fix :(
<sarnold> that's my generic go-to tool. it's not great fun but it often gives me a decent idea where to start...
<sarnold> Gorian: ugh :( sorry to hear it
<Gorian> trying to run keystone behind nginx
<Gorian> follow the guide... and it breaks horrible
<sarnold> Gorian: was it working a few hours ago? maybe look for recently-applied updates, perhaps one went funny.
<Gorian> no
<Gorian> just installed keystone
<Gorian> then followed the guide to setup keystone with nginx
<sarnold> ah
<Gorian> I could try it with apache and mod_wsgi, per the official ubuntu documentation, just tired hoping to fix it
<Gorian> meh
<Gorian> runs fine under apache, it's a weird nginx/uwsgi/nginx+uwsgi error
<Gorian> idk
<ivoks> rbasak: bacula in your ppa fixes the problem with mysql
<ivoks> rbasak: bconsole problem can be fixed with adding maximum console connections in bacula-dir.conf
<sveinse> Will 16.04 break horribly if I uninstall lvm2 and mdadm from it?
<Zardoz84> sarnold: Well, looks that is a RAID problem. I have a "resyncing" message when I reboot on safe mode and I open the system sumary
<Gorian> I would guess not, if you aren't using them? Lol, i have no clue. I never use mdadm or lvm
<Zardoz84> I thought that I had installed smartmontools to monitoring the health of the hard disks....
<sveinse> Gorian: No I'm not. Point is ubuntu-server (which IMHO is a good package to start from on a server) pulls them in
<Gorian> http://askubuntu.com/questions/99774/exclude-packages-from-apt-get-upgrade?
<Gorian> I've never actually used that, so idk
<Gorian> huh. I've never used that package before
<Gorian> any reason that you have to use the metapackage instead of just downloading what you want individually?
<ivoks> rbasak: in addition to everything, new MySQL doesn't like bacula's default values for datetime
<ivoks> rbasak: i figured out that replacing '0000-00-00 00:00:00' with NULL in mysql's install script solves the problem
<ivoks> rbasak: make that 'in bacula's mysql install script'
<ivoks> rbasak: pretty much, it seams that there should be an upgrade script for mysql 5.6, which would alter all '0000-00-00 00:00:00' with NULL
<sveinse> Hmm, when I build my recipe from scratch it fails with "Could not find qmake configuration file linux-oe-g++.", but I find it in ./sysroots/x86_64-linux/usr/lib/qt5/mkspecs/linux-oe-g++, almost next to qmake itself.
<rbasak> nacc: ^^
<rbasak> ivoks: thanks. nacc was looking at the bacula situation. I think he's got something for me to sponsor.
<ivoks> honestly, mysql should do that, because mysql changed
<ivoks> but... i'll leave it to you guys :)
<rbasak> ivoks: I'm not sure what you mean. Major release bumps break reverse depends all the time. Usually the dependencies keep up, or distro engineers send patches.
<ivoks> rbasak: yeah, sorry. so, mysql 5.6 changed and previously valid values for datetime and timestamp are not valid anymore
<ivoks> rbasak: one of such values is 0000-00-00 00:00:00
<rbasak> Right - because that was a non-sensical value anyway. SQL uses NULL for that.
<ivoks> rbasak: that was a value bacula used
<ivoks> right
<rbasak> MySQL upstream have been cleaning up with a ton of things on the "MySQL is stupid" hitlist :)
<ivoks> :)
<rbasak> Bacula upstream are active on Launchpad bacula bugs BTW
<ivoks> but what i wanted to say is that, once mysql is upgraded, mysql package should check all databases and fix that bs
<ivoks> instead of bacula
<ivoks> imho
<ivoks> i know, i've seen kern commenting
<rbasak> I disagree. The bacula package needs to do it. It makes no sense for the mysql package to have knowledge of all reverse depends.
<ivoks> that's fine, as i said, i'll leave it to you to do it in the proper place :)
<rbasak> OK. I understand what you mean now anyway, thanks :)
<ivoks> heh, context switching all day :)
<ivoks> sorry for confusion
<rbasak> np
<t4nk050> I need help with an issue. I have a Dell R610 box running Ubuntu 14.04.4 LTS with 4 ethernet ports. em1 & em4 are bonded and connected to 2 Dell stacked switches. em2 and em3 are outbound to a pair of Dell 5424 iSCSI SAN switches. The SAN switches are in Active-Standby mode. route -n shows http://pastebin.com/YNCNkvNR Whenever I restart this server, the ping towards the SAN group management IP fails. And it happens intermitten
<antonispgs> hi guyes, fresh install on a dedi server and after apt-get upgrade this comes up
<antonispgs> http://imgur.com/OIlnpKw
<antonispgs> what should i do?
<t4nk050> ..Only during some restarts. This happened last night as well. Running ifdown em2 && ifup em2 fixed the issue. Any pointers how can I debug the problem? I could not capture ip link and ethtool output since it occurs in a production envionment and during this time we have to quickly do everything under the sun to bring the interface up.
<vbotka> antonispgs, "show the differences ..." and try to figure out if you need the local changes
<antonispgs> ok thanks
<Madhu__> hi
<junaidali> Hi everyone, should there be any issues if an lxc is running in parallel to and lxd?
<junaidali> I have an lxc which should start a few services when it is created. If I create lxc when there are no lxds on the machine, it works as expected but the services inside lxc doesn't get started when that lxc is created while an lxd is also on the same machine
<junaidali> sorry, somehow the message got cut.. :)
<junaidali> I have an lxc which should start a few services when it is created. If I create lxc when there are no lxds on the machine, it works as expected but the services inside lxc doesn't get started when that lxc is created while an lxd is also on the same machine
<junaidali> I'm new to LXDs, any idea what might be the issue?
<meekrat> Running 14.04.4 LTS and a "do-release-upgrade" says "no new release found"
<t4nk050> I need help with an issue. I have a Dell R610 box running Ubuntu 14.04.4 LTS with 4 ethernet ports. em1 & em4 are bonded and connected to 2 Dell stacked switches. em2 and em3 are outbound to a pair of Dell 5424 iSCSI SAN switches. The SAN switches are in Active-Standby mode. route -n shows http://pastebin.com/YNCNkvNR Whenever I restart this server, the ping towards the SAN group management IP fails. And it happens intermitten
<t4nk050> Only during some restarts. This happened last night as well. Running ifdown em2 && ifup em2 fixed the issue. Any pointers how can I debug the problem? I could not capture ip link and ethtool output since it occurs in a production envionment and during this time we have to quickly do everything under the sun to bring the interface up.
<meekrat> etc/update-manager/release-upgrades has prompt=lts also - so everything looks ok
<t4nk050> #meercat 14.04 to 16.04 will be offered on July 21st when 16.04.1 is released
<meekrat> t4nk050: ah - that explains it.  Thanks
<mowthegrass> is there anyway to preseed grub install to specific device / install grub on the device where the installation took place
<mowthegrass> by default installer looks at sda
<coreycb> ddellav, jamespage: all of our core packages are uploaded for b2 (minus aodh/ceilometer which haven't released yet).  horizon is failing to install but I think I have that figured out, just need to test it.
<coreycb> ddellav, jamespage: working through ca backport issues now.  I patched python-cryptography in ca-patches for newton to get past it's backport issue.
<jamespage> coreycb, \o/
<LaserAllan> hi there, I have 2 NFS mount commands i want ot be done at a startup, where should i put the mount -t nfs server:/path/to/files /mnt/folder
<t4nk050> #LaserAllan You can try placing them in /etc/network/interfaces below the interface configuration information. See http://pastebin.com/KBNxCtuS
<LaserAllan> t4nk050: With or without sudo?
<t4nk050> Without
<t4nk050> #LaserAllan just ensure you are writing below the correct interface through which the network share will actually be available
<LaserAllan> source /etc/network/interfaces.d/*
<LaserAllan> # The loopback network interface
<LaserAllan> auto lo
<LaserAllan> iface lo inet loopback
<LaserAllan> Thats the only thing i hav ein the file so i am writing those two commands under those lines
<jayjo> I'm trying to create an ssh tunnel and forward my local port 5555 through a server i have ssh access to. I tried ssh -nNR -L 5555:localhost:5432 jayjo@<server address> and upon trying to connect to this instance I get a "Connection refused"
<jayjo> can I get more verbose output, or is there something clearly wrong that I'm trying to do
<ddellav> coreycb o/ awesome
<setuid> I'm having a bear of a time getting my preseed + kernel append line to get past the initial Language prompt right when the ISO boots.. .once I interactively hit enter on English, and then Enter again on the "Install Ubuntu Server", the rest of the automation works.
<setuid> I've tried every option in the preseed file and append lines to force en, en_US, etc. but it's not working
<nate_> I'm trying to setup a server using software raid 1. When booting, I get: "error: attempt to read or write outside of disk `hd0'."
<sky> I setup a long running cron script... supposed to be fired once a day
<nate_> I have 2 disks, used automatic partitioning. Then made two raid devices, then set them to be used as ext4 with a root mountpoint, and the other as swap.
<sky> when that time comes, its fired every 60 seconds
<sky> I guess this is anacron or something watching the process, terminating and respawning every 60?
<nate_> sky: You're using 0 0 * * * ?
<sky> I'm using * 2 * * *
<sky> it only fires once per day. but then when it starts, it keeps retrying every 60 seconds
<nate_> That would execute every minute on the 2nd hour.
<nate_> You probably want 0 2 * * *
<sky> oh
<sky> doh
<sky> thanks
<nate_> sky: no problem.
<caribou> rbasak: does "Unable to read /etc/mysql/my.cnf.migrated" upon upgrade of mysql-server-5.7 rings a bell ?
<caribou> rbasak:  I know you were hacking at it recently
<caribou> rbasak: just want to know if  I should open a bug about it
<AndyWojo> Is there a Ubuntu specific cloud channel? For OpenStack etc?
<rbasak> caribou: that's bug 1602963
<ubottu> bug 1602963 in mysql-5.7 (Ubuntu) "mysql-server-5.7.postinst fails with "sed: can't read /etc/mysql/my.cnf.migrated: No such file or directory"" [High,Fix committed] https://launchpad.net/bugs/1602963
<rbasak> caribou: the fix has landed. I've set the bug to Fix Released.
<caribou> rbasak: thanks for the info; thought it'd be better to check with you first
<caribou> rbasak: most probably not hit my mirror yet
<setuid> Can someone set eyes on this? http://paste.ubuntu.com/19502064/
<setuid> I'm still getting prompted right before the boot selection menu, to choose a language
<setuid> When I choose "English", then choose "Install Ubuntu Server", the rest of the unattended/automated install works as expected
<setuid> My append line looks like this:
<setuid> file=/cdrom/preseed/unattended.seed auto=true priority=critical debian-installer/language=en debian-installer/locale=en_US kbd-chooser/method=en localechooser/preferred-locale=en_US.UTF-8 console-setup/ask_detect=false console-setup/layoutcode=us netcfg/get_hostname=maas-test netcfg/get_domainname=maas initrd=/install/initrd.gz --
<nacc> setuid: i'm here too
<nacc> setuid: let me read scrollback
<setuid> I'm 99.8% of the way there, just the first two interactive prompts
<setuid> But oddly, this works on 14.04's version of virt-install, but not on 16.04's version (1.3.2)
<nacc> ivoks: could you test the version in a PPA?
<setuid> I just plucked the relevant entries out of questions.dat after doing an interactive install, they didn't work when put into the preseed and append line
<nacc> setuid: heh, was just helping someone else yesterday with random virt-install stuff (not playing nice with cobbler); let me look
<setuid> nacc, the version of virt-install? Sure, one sec
<setuid> cobbler and chef are next on my list, actually ;)
<setuid> I need to be able to rebuild the whole openstack stack, then maas + juju using chef + cobbler
<setuid> There doesn't appear to be a ppa for virtinst
<nacc> setuid: cobbler doesn't play great with virt-install (and ubuntu) afaict, just fyi
<nacc> setuid: seems to be assumptions about what kind of --location that virt-install gets which cobbler doesn't satisfy
<nacc> setuid: you say it works on 14.04's virt-install but not 16.04; installing the same ubuntu in each (e.g., 14.04 as the victim OS?)
<setuid> I wonder if jumping to uvtool would obviate those gaps
<setuid> Yes, installing trusty using virt-install on native 14.04, and installing trusty using 1.3.2 virt-intall on native 16.04
<setuid> Trying to change as little as possible, before I start playing with different guest vms
<nacc> setuid: hrm, that's an unexpected issue, i'd guess
<setuid> 14.04 ships 0.600.4, 16.04 ships 1.3.2
<nacc> setuid: *if* the preseed works with 14.04 and doesn't work with 16.04
<nacc> as the preseed shouldn't be being parsed at all by virt-install, only by the installer, aiui
<nacc> anyone else, cmiiw
<setuid> Ok, so it's the append lines then?
<nacc> setuid: are they identical between the two cases?
<setuid> I've stripped out all the irrelevant pieces (netcfg/* values for example) to try to simplify the debugging
<ivoks> nacc: which ppa?
<nacc> yeah
<nacc> ivoks: ppa:nacc/bacula
<ivoks> nacc: i'd like to avoid major upgrades
<nacc> ivoks: it's just the fixes right now
<nacc> ivoks: to the existing xenial & yakkety packages
<ivoks> 7.4.1~dfsg-1.1~ppa8.is.actually.7.0.5+dfsg-4.1~ppa3 ?
<ivoks> if i install that, i'll have issues going back to real 7.0.x
<nacc> ivoks: let me build you nicer versioned one
<nacc> one sec
<ivoks> but i've already altered my database
<nacc> ah
<nacc> ok, nm
<nacc> i'll try and reproduce it locally
<ivoks> install bacula on 14.04 and upgrade
<nacc> yep, understood
<ivoks> if you just install it on 16.04, i'm not sure you'll hit the problem with database
<ivoks> on first sight, everything runs, but problem appears only when you start running a backup process
<nacc> ivoks: you do, actually, but we've fixed that in my ppa build
<nacc> ivoks: which is a testbed for the sru
<ivoks> i don't recall if this machine was 14.04->16.04, or 12.04->14.04->16.04
<ivoks> i could find out thou :)
<ivoks> 2.6.24 kernel
<ivoks> sounds like 12.04
<nacc> yeah
<nacc> although 12.04 right now is on 3.2.0.106.122
<nacc> so that might actually be an un-updated 12.04.0 ?
<ivoks> ha?
<ivoks> now
<ivoks> it was installed as 12.04
<ivoks> upgraded to 14.04
<ivoks> and yesterday upgraded to 16.04
<nacc> 2.6.24 isn't in the archives at all
<nacc> afaict
<ivoks> maybe it was 10.04
<nacc> which hasn't been supported for ... 2 years? :)
<ivoks> that's irrelevant
<ivoks> 2.6.24 was 8.04
<nacc> it's relevant for what upgrade paths i need to test
<ivoks> so, it was installed as 8.04 and was upgraded over time
<ivoks> yesterday it was upgraded from 14.04 to 16.04
<setuid> I wonder if this is a 1.3.2 parsing bug, ignoring values passed in
<ivoks> it's pretty cool nothing more than that broke :D
<nacc> setuid: it could be (i'd check upstream to see if already reported?)
<nacc> setuid: in my experience the only value i've needed to preseed is debian-installer/locale
<t4nk050> I need help with an issue. I have a Dell R610 box running Ubuntu 14.04.4 LTS with 4 ethernet ports. em1 & em4 are bonded and connected to 2 Dell stacked switches. em2 and em3 are outbound to a pair of Dell 5424 iSCSI SAN switches. The SAN switches are in Active-Standby mode. route -n shows http://pastebin.com/YNCNkvNR Whenever I restart this server, the ping towards the SAN group management IP fails. And it happens intermitten
<nacc> setuid: if you set more than that, it will start prompting
<t4nk050>  Only during some restarts. This happened last night as well. Running ifdown em2 && ifup em2 fixed the issue. Any pointers how can I debug the problem? I could not capture ip link and ethtool output since it occurs in a production envionment and during this time we have to quickly do everything under the sun to bring the interface up.
<nacc> setuid: but just setting locale sets language, country & locale, iirc
<ivoks> t4nk050: you have two routers for same network over different nics with the same metric?
<ivoks> s/routers/routes/
<setuid> nacc, The rest of the automated install works without prompting, it's just those first two intial values... the first language input and the boot selection
<ivoks> t4nk050: if i understood everything correctly, i'm actually surprised it works at all
<ivoks> t4nk050: sounds like you should have an active-passive bond on your ubuntu box
<ivoks> so bond0, i presume lacp, and bond1 active-passive
<nacc> setuid: right, understood that part
<setuid> Something isn't right... because questions.dat's values are used to successfully install interactively, but those same values don't work unattended.
 * setuid boggles
<nacc> setuid: what is questions.dat ?
<setuid> nacc, When you install a machine, automated or otherwise, the answers to every prompt are put into /var/log/installer/cdebtool/questions.dat
<setuid> They're almost identical to preseed format
<setuid> everything I've read says that langauge=en should be sufficient in an append line to pass the intial dialog
<nacc> setuid: sorry, internet hiccup at home
<nacc> setuid: have you tried just passing debian-install/locale=en_US ?
<setuid> Yes
<nacc> *debian-installer
<setuid> append   file=/cdrom/preseed/unattended.seed debian-installer/locale=en_US console-setup/ask_detect=false netcfg/get_hostname=maas-test netcfg/get_domainname=maas initrd=/install/initrd.gz --
<setuid> that's what I'm using now
<setuid> with all the appropriate same options turned on in the preseed
<setuid> 1 second after boot, I get the language selection menu, before the "Install ubuntu Server" option
<nacc> setuid: can you pastebin your preseed file?
<setuid> It's obviously not the language, locale, country, etc.
<setuid> yep, oen sec
<nacc> setuid: i've never cdrom installed with preseed, only pxe; and i've never seen the 'install ubuntu server' dialog :)
<setuid> http://paste.ubuntu.com/19506925/
<setuid> Ok, let me try using --location and my local mirror path to the install tree, vs. using the iso
<kidn3ys> Hello, I have a dvr package that is installed that is supposed to pull the MAC of the server for licensing purposes. Anyone have any suggestions on how I might be able to determine HOW it's doing that? Even fresh installs of the package result in a mac of all zeros.
<patdk-wk> kidn3ys, there could be hundreds of ways
<patdk-wk> no idea what this mythical dvr package is using
<setuid> Using --location and --extra-args, passing in the appropriate append values, works. No initial prompt for language.
<nacc> setuid: interesting
<setuid> But when using --cdrom (omitting --location and --extra-args), it prompts before the boot selection
<nacc> setuid: so it does seem to be some weird interaction between virt-install ad the args?
<nacc> setuid: if you do --cdrom + --extra-args?
<nacc> *what if
<setuid> you can't use --cdrom with --extra-args, it exits because they're incompatible options
<nacc> ah
<nacc> setuid: sorry, i've not used it much :)
<setuid> I had to remaster the iso file to inject the append lines into isolinux/txt.cfg
<jonah> Hi just wondered if anyone can help. I'm running a few ubuntu servers but keep having to manually change file permissions to get things to work. When I ftp a CMS it won't load, so I manually change all the files to 0644 and directories to 0755 and it works great, the installer runs. But then from within the CMS backend if I try install a plugin or addon etc it often sets the permissions wrong for the addon and again I have to come out and
<jonah> manually set permissions... Does anyone have any tips on this so that default perms are correct when writtn by a normal (not root) user from apache or CMS etc?
<jonah> Thanks for any help
<setuid> jonah, Did you ask the relevant CMS channel?
<setuid> jonah, Probably ownership, not permissions
<setuid> Also, 0755 will probably open you up to remote exploits, so be careful (esp. using Drupal or Wordpress)
<kidn3ys> patdk-wk: that's what I figured. I tried stracing it on startup but didn't have much luck. =/
<jonah> setuid: it's not one particular CMS, it's pretty much any of them. So it is more somethign with my ubuntu server setup rather than down to a CMS. FTP also acts strangely with perms too, doesn't set them right on uploading stuff...
<setuid> jonah, ownership, probably... not permissions
<setuid> If you're serving this over http, the files have too be readable by your webserver user, probably www-data, NOT the user uploading the files
<setuid> nacc, I'd rather do this with an iso, because it's 50% faster than doing it over http (even to my local Ubuntu mirror on the same LAN segment)
<jonah> setuid: it seems to be perms though, as when I ftp in after a cms installs the ownership is correct, but then I have to change all the perms...
<setuid> jonah, "have to change all the perms"?
<setuid> jonah, Where are the files coming from? Windows? Or Linux -> Linux?
<setuid> 5m to build with an iso, 10m to build over http
<nacc> setuid: i guess that makes sense, esp. for virt installs potentiall
<setuid> nacc, I wonder... if there's a boot menu that happens with an iso that doesn't happen when pulling a remote initrd
<setuid> If I'm remastering, I can rip that menu out... or find the right append hook to pass through it
<setuid> Maybe using a kickstart file + preseed?
<setuid> can virt-install use a kickstart file?
<nacc> setuid: well, it's not wehther virt-install can or not; it's whether ubuntu can, and it can, sort of
<setuid> True
<nacc> https://help.ubuntu.com/community/KickstartCompatibility
<setuid> kickstart is a dead-end, that's RH specific
<nacc> well, there's a compat layer
<nacc> for some things
<nacc> and you can preseed what isn't in the kickstart-compat
<setuid> I shouldn't have to jump through these hoops to get a completely unattended install
<nacc> setuid: right, i'm thinking it's an iso specific thing
<nacc> setuid: i think very few people preseed iso installs :)
<setuid> Remastering all of my ISOs to support unattended is also a hassle
<setuid> How does anyone using a cloud to stand up new images, do it? If I'm building 500 machines, that's 500 copies of the same packages coming through the lan
<setuid> It's logical to do it from the same, local source iso
<nacc> setuid: using a caching proxy?
<setuid> The preseed works with the iso everywhere except those first 2 prompts
<setuid> hrmph!
<nacc> https://help.ubuntu.com/community/Installation/UnattendedCD ??
<nacc> hrm
<nacc> heh, it says locale should work too
<setuid> yep, but it doesn't :(
<nacc> setuid: have you tried bumping priority?
<nacc> i wonder though if this is all before d-i is really running
<setuid> priority=critical, so far
<setuid> hrm, their preseed syntax is different
<nacc> for which?
<setuid> Mine comes from the actual iso (I injected it)
<setuid> theirs is on a remote http
<nacc> yeah
<nacc> it shouldn't matter, but i wonder if it puts it in a different mode when it knows it's getting stuff off the network
<setuid> I can change that, my preseed is identical in both places
<nacc> setuid: in the installed system have you tried runing `debconf-get-selections --installer` to see if there's any relevant entries that maybe aren't being set?
<jonah> setuid: well i upload a cms from linux, but it doesn't matter where it comes from. The problem is more when the CMS is working and running and then from within it I install an addon in the backend, this then has the wrong permissions and I have to go in via ftp or other means and change them...
<setuid> jonah, It absolutely matters where it comes from, because file permissions from Windows -> Linux will not be what you expect them to be
<setuid> Transferring from Linux -> Linux will retain source permissions, Windows -> Linux will not
<setuid> nacc, Let me try that...
<ivoks> jonah: right
<jonah> setuid: but I'm talking about after you have transferred the files and set them all up right - once then logged in to a website apache is then setting them wrong...
<ivoks> jonah: this depends on how apache+php is configured
<jonah> ivoks: hi thanks
<ivoks> if it's using php as a module in apache
<ivoks> then all files created by your web page will have www-data uid/gid
<jonah> ivoks: currently i believe I use fastcgi running as the domain owner
<setuid> jonah, The CMS may be reconfiguring them to ensure consistency/security
<ivoks> fastcgi gives more options
<ivoks> when running as fcgid, all php files are executed with your uid
<ivoks> and therefore create files with your uid as owner
<ivoks> what kind of fixes do you have to do over ftp?
<jonah> ivoks: yeah using fcgid, and it is setting the files as the right owner so it is running as domain owner correctly, just for some reason the perms are always 0777 rather than 0755 for example on directories
<ivoks> umask?
<jonah> ivoks: i have to just ftp in and change all files to 0644 and directories to 0755
<jonah> ivoks: yeah i thought that, but I don't want to change anythign that will break security or root perms etc so just wasn't sure
<ivoks> when you create a new file over FTP, what mask does it have?
<jonah> ivoks: when I create a test file with ftp it has no owner or perms! in filezilla it just says xxx for the numerica value and owner.group is blank...
<ivoks> that's just impossible. :)
<setuid> Sounds like a filezilla preference is incorrect
<jonah> ivoks: i read a bit about unmask but haven't delved into anything as I don't want to start breaking system processes etc
<setuid> 0111 perms?
<setuid> x-x-x?
<jonah> ivoks: ah hang on, I clicked refresh on the view and it does have default perms!! the owner is right and group as the domain user
<jonah> ivoks: but the perms of the file are 664
<ivoks> and mask of the file?
<ivoks> ok
<ivoks> that means your umask is 002
<ivoks> which is ok
<jonah> ivoks: when i do a folder the perm is 775
<ivoks> are you sure files created by webapp are 777?
<jonah> ivoks: well for example I just installed prestashop, the installer ran half way but then must of been creating new files and failed. When I ftped in I had to change all files to 0644 and dirs to 0755, then reran the installer and it completed.
<jonah> ivoks: when I then go in to the backend and try install an addon, same issue, that addon then doesn't work or the page for it doesn't work until ftp in and update perms
<jonah> ivoks: but that's just an example, it's the same with drupal, modx and most cms I've tried. i think wordpress was ok but most stuff seems to break itself with the 664 files and 775 folders.
<jonah> ivoks: but my server seems to like 0644 and 0755!! haha
<ivoks> that doesn't make sense
<jonah> ivoks: crazy huh!?
<ivoks> and files created by cms are owned by your user?
<ivoks> not by www-data or something like that?
<jonah> ivoks: yeah
<jonah> ivoks: let me double check that...
<coreycb> beisner, jamespage: can you tell what's wrong with the promotion of the packages in staging here? http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/liberty_versions.html
<ivoks> the behavior you are describing would make sense if you use mod-php
<jonah> ivoks: yeah looks like all the files are the right user
<coreycb> beisner, jamespage: neutron-lbaas 1:2015.1.4-0ubuntu2 is ready to promote to kilo-proposed when you get a chance
<nacc> ivoks: curious; without the PPA fixes for bacula, bacula-dir doesn't even run with mysql (afaict)
<ivoks> nacc: correct
<nacc> ivoks: so you just noticed manually the tables were wrong?
<ivoks> nacc: so, i installed bacula from rbasak's ppa
<nacc> ivoks: ah ok
<ivoks> jonah: makes no sense
<ivoks> jonah: you must be missing something
<ivoks> :)
<ivoks> jonah: fcgid will create files owned by you, in a directory owned by you
<ivoks> jonah: there's nothing that would prevent that
<ivoks> jonah: mod-php will require 777 on the dir, to be able to put files in it
<ivoks> since dir is owned by you, and files are owned by www-data
<ivoks> there must be something else
<ivoks> i'd love to help, but it's 6:30pm
<ivoks> and it's friday :)
<Sling> ivoks: definitely not 777
<ivoks> Sling: it would
<Sling> files should not be owned by www-data
<ivoks> mod php would require user to allow apache user to write
<ivoks> and the only way to do it is to create rwx for all
<ivoks> unless acl
<Sling> so, create a group for that
<Sling> put www-data in the group
<Sling> user in the group
<Sling> voila
<patdk-wk> apache user? don't you mean www-data user
<ivoks> he's a user, not a root on the system
<Sling> patdk-wk: www-data is just the user configured on some distro's
<Sling> 'apache user' is meant in general
<patdk-wk> personally, I would just not use mod-php, unless the server is only used by one php application
<ivoks> i love mod-php, because it's easy
<patdk-wk> switch to like php-fpm, and run each php site as a different user
<ivoks> but
<Sling> mod_php is a pretty lame way of serving php these days :)
<ivoks> fpm is the way to go
<setuid> nacc, there's no command debconf-get-selections, thouogh there is a debconf-set-selections command
<setuid> did you mean dpkg --get-selections?
<maxb_> There is a debconf-get-selections, but it's in a different package to debconf-set-selections
<setuid> Ok, not part of the default install, Ill search
<nacc> setuid: sorry, yeah, it's in debconf-utils, iirc?
<setuid> FOund it, what am I looking for in the output?
<nacc> setuid: so if you run that, e.g., `debconf-get-selections --installer > preseed.cfg` it will generate an exact preseed syntax output fo every installer selection
<nacc> now, you shouldn't use that as a preseed
<nacc> but you can parse through it, or feel free to pastebin, and we can see if there's something else we could set
<nacc> ivoks: reproduced, thanks
<setuid> nacc, Seems to be non-chronological
<nacc> setuid: yeah it's just everything (iirc)
<setuid> I think I found it
<nacc> setuid: what's the line?
<setuid> d-i     localechooser/languagelist      select  en
<setuid> but it didn't work as an append
<setuid> localechooser/lanuagelist=en
<setuid> debconf/language=en also fails
<nacc> setuid: just to be sure, are you passing 'auto-install/enable=true' ?
<setuid> auto=true priority=critical
<nacc> k
<setuid> http://paste.ubuntu.com/19513727/
<nacc> setuid: i have no idea if this is still true, but: http://unix.stackexchange.com/questions/196874/prevent-language-selection-at-ubuntu-installation
<setuid> Tried all of those, both as append and in preseed
<nacc> setuid: yeah, so i'm thinking it's an isolinux thing
<nacc> not a preseed thing
<setuid> I tried this last night, but it just leaves me with a selection menu of 1 langauge, which I still have to hit Enter on
<nacc> setuid: did you try with the timeout?
<setuid> Right, it happens well before the preseed is parsed
<nacc> setuid: and with isolinux/lang (not langlist)
<nacc> e.g., from http://askubuntu.com/questions/122505/how-do-i-create-a-completely-unattended-install-of-ubuntu/122506#122506
<setuid> AH!
<setuid> echo en > isolinux/lang gets rid of the initial language selection
<nacc> :)
<setuid> now I'm stuck at the grub menu asking me to choose a boot option
<setuid> *facepalm*
<nacc> grub menu or isolinux menu?
<setuid> the boot selection menu, top enter ("Install Ubuntu Server") is highlighted
<setuid> hitting enter, proceeds with the rest of my unattended install
<nacc> ok, that's isolinux
<nacc> 'txt.cfg' file
<nacc> so i *think* it's just a matter of (since it's the default0 putting a timeout or something in
<setuid> Yep, probably a timeout
<setuid> I'll dig into that... thanks! THis has been hours of searching
<nacc> setuid: i think you just put TIMEOUT 1
<nacc> or something
<nacc> http://www.syslinux.org/wiki/index.php?title=SYSLINUX
<setuid> No syslinux on an ubuntu installer cd
<nacc> "A timeout of zero will disable the timeout completely. The default is 0."
<nacc> isolinux is syslinux compatibile, afaict
<setuid> Prbably something in isolinux/txt.cfg
<nacc> same syntax
<nacc> setuid: so you can either remaster the iso to only have the one option
<nacc> or put a non-zero timeout
<setuid> Got it... isolinux/isolinux.cfg
<setuid> Tried a few other files in there first, based on google results
<setuid> http://unix.stackexchange.com/questions/32243/how-do-i-configure-syslinux-to-boot-immediately
<setuid> So it look like it's working, although it still hits my local mirror for pulling packages, not the iso it booted from
<nacc> setuid: it will use both, presumably
<setuid> I need to blog this up, because this is a culmination of 2 days of testing across several hundred builds to vet this out, and most of the details on google aren't complete, or are out of date
<setuid> Now I'll try this same process on my 14.04 box and see if it continues to work, or if I have to port the commands and write up two versions
<nacc> setuid: gl! please do blog about it, it's good to hear you're finally successful!
<setuid> With this method, I can automate the build of a functional maas server from a local iso or a remote http repo, in 5m or 10m
<Pici> /21/25
<nacc> rbasak: re: bacula + mysql-server install ordering. I think the issue is the configuration step of bacula is running just after the configuration step of mysql-server, but mysql-server hasn't finised installing yet so bacula fails to find it running. Is it possible for one package's dependency to be ordered in such a way that the dep has to be fully installed first?
<rbasak> nacc: there's Pre-Depends, but usually dpkg tries to ensure the dependency's postinst has run first anyway.
<rbasak> nacc: do you know why mysql-server hasn't finished installing even though the postinst has finished?
<nacc> rbasak: maybe it just hasn't been started yet?
<nacc> rbasak: it's not clear to me
<rbasak> It should be started and running by the time the postinst is done. If it's not, I think that's a bug.
<nacc> rbasak: ok, i'll trya nd reproduce it again, trying to fix the underlying bug first
<rbasak> eg. "apt-get -y install mysql-server mysql-client && mysql -u root ..." should always work
<nacc> rbasak: i'll keep digging and let you know
<nacc> rbasak: switching tacks, re: puppet bug in 16.04; would appreciate if you could review those, as users have been getting restless. I'll work on getting upstream fixed properly before 16.10 comes out
<beisner> hey coreycb - looking re: liberty staging
<nacc> rbasak: ok, so i think what's happened is that "Setting up mysql-server-5.7 (5.7.13-0ubuntu4) ..." hasn't finished yet when dbconfig-common runs for bacula-director-mysql; and it tries to connect immediately and fails
<beisner> coreycb, pushed staging to liberty-proposed and kilo-proposed.  lmk if the report doesn't reflect that within +1 hr.  thx!
<coreycb> beisner, thx!
<beisner> coreycb, yw sir
<setuid> nacc, Thanks for the help earlier, I'm building out some bash templates, so I can gen the iso with some replacement vars and spin this up quickly without having to touch the preseed or isolinux files
<nacc> setuid: seems reasonable :)
<setuid> The less places I have to twiddle the netcfg vars, the better
<setuid> I've got the build and teardown automated, just not the replacement vars for internal vs. external network and iso vs. http, but that's easy
<rattking> Hey all I am having some secure apt issues with my personal apt mirror. how can I check what key the packages were signed with?
<sarnold> packages aren't signed; the InRelease files are signed, and those have hashes of Packages* files, that have hashes of the packages
<rattking> thanks for the info, I am not seeing a .gpg for my mirror in /var/lib/apt/lists so thats probably the issue
<kidn3ys> Is there a simple way in /etc/fstab to mount an iscsi volume?
<sarnold> the detached signatures on the Release files in "old releases" leads to race conditions that, across as many users as ubuntu has, mean someone saw the race and got errors from apt, on a daily basis
<rattking> my aptly mirror is fine, but I have been trying to use fai-mirror to make a mirror of every installed package to bring over to some offline systems
<sarnold> so the new approach is the InRelease file and the by-hash/ directories, to avoid the races
<rattking> nice! does this new approach apply to precise? I didnt see any InRelease files just Release and Release.gpg
<kidn3ys> It seems that the entry I added to fstab is attempted before the initator comes up =/
<sarnold> rattking: InRelease files are even in precise and newer; the by-hash directory is in xenial and newer
<sarnold> kidn3ys: isn't that a common issue for networked systems, that the remote peer may be offline when booting?
<rattking> thanks for the info, I now know whats missing!
<kidn3ys> sarnold: its not though =/
<kidn3ys> sarnold: it looks like whatever is in fstab executes before the iscsi initiator starts on the local system
<sarnold> kidn3ys: sigh. I ofcourse screwed up initiator vs target.
<sarnold> I know that those terms make sense but .. sometimes I screw it up.
<kidn3ys> sarnold: I confuse them too. I think I found something... '_netdev' seems to be the key.
<sarnold> kidn3ys: are you on xenial? or pre-xenial?
<kidn3ys> sarnold: pre, I think. 14.04
<sarnold> kidn3ys: hrm. I'm not sure what to suggest there, except perhaps changing the line to "noauto", and add a manual mount sysv init script.. and make sure it's numbered to start after the iscsi initiator, if the iscsi initiator also starts via a sysv init script
<kidn3ys> sarnold: adding '_netdev' as an option in fstab seems to mount it on boot but the 'mounting network filesystems' task shows as 'failed' during boot now.
<sarnold> kidn3ys: ooh. did that add any new error messages that might indicate what to work on next?
<kidn3ys> sarnold: not seeing anything =/
<sarnold> kidn3ys: dang
<kidn3ys> sarnold: pretty new to linux, i was looking in dmesg -- is there a better place to look?
<sarnold> kidn3ys: /var/log/upstart/ .. maybe look for a 'mountall' or a file for your initiator..
<sarnold> kidn3ys: or /var/log/syslog (or maybe it's called 'messages' these days, I can't keep track...)
<kidn3ys> sarnold: mount: special device /dev/sdb1 does not exist
<kidn3ys> and then mountall: mount /mnt/edvr/1 [840] terminated with status 32
<kidn3ys> I see what I did. I had '/dev/sdb1' in the device name field instead of the UUID
<kidn3ys> sarnold: that did it, thanks for your help :)
<sarnold> kidn3ys: excellent :D the uuid and the _netdev combined?
<kidn3ys> yep
<sarnold> awesome :D
<kidn3ys> sarnold: _netdev seems to 'mark' that entry as a network device so it bring sup the network stack/iscsi before it mounts it
<sarnold> I wonder if that still works in xenial. heh.
<kidn3ys> hehe :)
<terje> hi, is it possible to script 'sudo lxd init' such that I don't have to answer any questions?
<terje> nevermind, I see that it is..
#ubuntu-server 2016-07-16
<Gorian> hey, wondering what people think as far as running a distributed filesystem on top of raid and something like ZFS
<Gorian> ZFS + RAID + Gluster with no file copies? ZFS + single disks in a pool + gluster multiple copies? ZFS + redundant pools + gluster with multiple copies for maxiumum redundancy?
<antonispgs> hey guys how can I set dhcp to auto from cli?
<LaserAllan> If i want to mount shares automatically when a server starts, what would be the command to put in fstab then?
<Gorian> wow, this channel is so dead
<teward> Gorian: this isn't a super active channel no, but if you have a question about Ubuntu Server feel free to ask
<teward> and there will be more activity heh
<Gorian> antonispgs: if you are still here, try editing /etc/network/interfaces, so you end up with "auto eth0" and then "iface eht0 inet dhcp"
<Gorian> https://help.ubuntu.com/lts/serverguide/network-configuration.html
<Gorian> teward I don't need help, I was more noticing multiple people asking for help and getting no replies
#ubuntu-server 2016-07-17
<fk_007> using trusty on an acer easystore h340. system load average according to top is around 1.09. Seems like high interrupt activity with continuous ksoftirqd processes. any known issues with this setup or fixes to bring down the load? is it normal or something to be concerned about?
<RoyK> fk_007: what is the system doing?
<fk_007> well thats what i'm trying to figure out exactly. it is running apache for http, proftp, mysql, and smb. Just used as a home server and access point for away from home... not sure why the load seems so high... it has been so since I put ubuntu on it, thinking that some hardware is basically being controlled by some default (generic) driver that is causing high cpu usage but not sure... really just looking for guidance in how to look
<fk_007>  further into this issue
<RoyK> possibly a process in D state
<RoyK> that'll drive up the load data
<RoyK> or in Z state (zombie)
<RoyK> pastebin output of 'ps axf'
 * patdk-lap2 wants to be in s state
<fk_007> http://pastebin.com/khWSkKrx
<RoyK> fk_007: 6665 is in D state - take a look and try to see if it stays there - what does dmesg -T have to say?
<fk_007> http://pastebin.com/0pCsxh71
<fk_007> hey thanks for looking into this btw!
<RudyValencia> Hi, so I've put the Ubuntu Server ISO on my flash drive using Rufus, but I don't get expert install in Grub, how do I tell it to go into expert mode?
<RudyValencia> Nevermind, I figured it out
<lucz> so, I have an AWS ec2 ubuntu server that is suddenly asking for a password when I try and SSH to it, I'm SSH'ing with the ubuntu user
<lucz> which has no password
<lucz> what do I do now?!
<lucz> some help ASAP would be appreciated
<teward> lucz: I think for EC2 they actually require you to use key auth
<teward> not password auth
<teward> using the key you download from EC2, and then provide it.  It's probable that someone *set* a password and got into the server
<lucz> teward: you can set it to password auth
<teward> I usually do a lot of lockdown on EC2s when I have them
<teward> including key auth
<lucz> right so how do I get into the server now? it's just a dev system
<teward> lucz: if you don't have the password you're going to have to key auth
<teward> or start over
<lucz> how do I key auth if it's asking for a pw
<lucz> can I force it to us key auth?
<lucz> I really don't want to have to rebuild it
<teward> you can *try* to use `ssh -o PasswordAuthentication=no user@ipaddr`
<teward> but I would look at the output of ssh -vv as well to see whether the server is actaully accepting the keys or not
<teward> worst case is you're locked out, and on EC2 I don't think there's a way to bruteforce your wan into changing the password, but don't quote me on that (I haven't used an EC2 in a while)
<lucz> ok, I'l try that
<lucz> thanks
<lucz> ok I got in as another user, but now what do I do to figure out why this is happening
<lucz> the user I have can access root
<lucz> the user I'm logged in as is meant to be able to use a password to SSH, ubuntu user uses a key
<lucz> teward: any ideas? I don't see anything odd in the sshd config file
<lucz> oh weird, I restarted ssh and now it's all back to normal
<lucz> I have another question - how do I change the displayed bash prompt hostname - i.e ubuntu@server.internet.com~$
<lucz> how do I change server.internet.com to something else
<teward> lucz: change the hostname on the server.  Or change it for your user prompt.
<lucz> I need to change it for everyone
<lucz> who logs in
<teward> lucz: Make sure that /home/ubuntu/.ssh/ has the authorized_keys file in it, and the OpenSSL version of the public key of the private key you use for key auth is in there
<teward> lucz: change the server hostname then.
<teward> the entire hostname of the server has to change, or you have to roll custom PS1 environment variables for each shell that's installed's global profiles
<teward> but note user level profiles can override
<lucz> how do I change the hostname?
<lucz> both hosts and hostname files have ip addresses, but the bash prompt says a FQDN
<lucz> editing hostname and restarting the hostname service doesn't work
<teward> take a look at http://askubuntu.com/questions/87665/how-do-i-change-the-hostname-without-a-restart
<teward> (sorry i'm on a crap tablet right now - can't write out uthe full answers :/)
<lucz> teward: thanks :) /etc/hosts currently reads ip - localhost
<lucz> teward: running sudo hostname newhostname doesn't do anything
<lucz> teward: I've tried all of the things you normally do to change the hostname and none of them do anything
<teward> i think that's something i had issues with on EC2, i had to tell them what hostname to set my server up with and that was what it always had
<teward> but it's been a while since I set it up
<teward> lucz: the only other way is to edit the global environment profiles for all thte shells on the system (read: bash) to have a different PS1
<teward> and then instead of the autopopulating hostname it's custom text you specify
<lucz> teward: thanks for your help - I think I'll just try and ansible it, we have some playbooks set up for setting the hostname but for some reason when I run them I get permission denied public key error -__- it's always something!
<Gorian> anyone around?
<teward> Gorian: ask a real question
<teward> people usually don't reply to "anyone around"
<teward> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<Gorian> lol, I ask a question, come back a week later to no response
<Gorian> so might as well make sure people are around to read it ;)
<teward> coming back a week later seems to be problem 1 :p
<teward> problem two is you aren't stopping back sooner lol
<teward> just ask your questoin
<Gorian> well, it was hyperbole - I've been sitting in this channel 24/7 for quite a while. Used to have an IRC bouncer and sit in IRC servers for MONTHS. They all say "just ask a question" then you ask your question once every couple weeks, and get no response for montsh
<Gorian> *months
<Gorian> anyway, what I asked a few days ago with no response yet: http://i.imgur.com/slVG9UL.png
<Gorian> (web client sucks, sorry. Doesn't do anything more than time stamps apparently)
<teward> repost your real questoin
<teward> don't make us view an img to try and guess it
<teward> that's another problem
<Gorian> well, if you read the image, there would be any guessing, since it was my "real" question
<Gorian> just saying, you talk about "just ask your question and then someone will answer" - but I asked that questions days ago, and no one answered yuet
<Gorian> *yet
<Gorian> and I've been sitting in this IRC server 24/7 since I asked
<teward> again, you're requiring us to read an image.  what about those of us IRCing from phones or tablets where that's not easy :P
<OerHeks> Gorian, you might want to reask such poll in #ubuntu-server
<teward> OerHeks: *cough* this is #ubuntu-server
<OerHeks> oops mea culpa
<OerHeks> :-D
<Gorian> @teward the point wasn't "
<Gorian> "hey, go read it here"
 * teward goes to do something productive.
<Gorian> it was "Hey, you are claiming that if i just ask my question and wait, people will answer"
<teward> you also have to be here and sometimes *repeat* your question
<Gorian> and I'm countering with "I asked a question and waited, and no one answered, let alone remembered that I asked"
<Gorian> so, I'm telling you, sometimes it's worth verifying that there are real people to actually read the question before wasting my time
<Gorian> I'll copy it here, on the off-chance that people are actually active this time.
<Gorian> hey, wondering what people think as far as running a distributed filesystem on top of raid and something like ZFS
<Gorian> ZFS + RAID + Gluster with no file copies? ZFS + single disks in a pool + gluster multiple copies? ZFS + redundant pools + gluster with multiple copies for maxiumum redundancy?
<Gorian> losing space to RAID AND losing space to GlusterFS is a lot of lost space... but single pools in zfs means you lose out on ZFS level features like self-healing, and 0 copies in GlusterFS means I can't lose a node
<Gorian> so, just do both and keep throwing more disk space at it until I have enough?
<patdk-lap> using raid + zfs is pointless effort
<Gorian> O.o
<patdk-lap> the whole point of glusterfs is to loose diskspace
<Gorian> the whole point of ZFS is that it creates redundancy
<Gorian> most of the features of ZFS rely on some form of disk redunancy in your vdevs
<patdk-lap> yes, but why would you attempt to create redundency by using raid, and then use zfs ontop of it, and loose all of the ability of zfs to do so?
<patdk-lap> there is no need or requirement to have redundency
<Gorian> because you misinterpreted what I said and thought that I meant non-zfs raid + zfs?
<patdk-lap> you can use it like any other normal filesystem that doesn't have redundency
<patdk-lap> maybe you just misspoke your question
<patdk-lap> zfs + raid + gluster
<Gorian> I could, but then you lost a lot of the features of ZFS
<patdk-lap> zfs + hardware raid + gluster
<patdk-lap> or else why would you ever say raid?
<patdk-lap> or what do you mean by raid?
<patdk-lap> since we can't figure out what you are talking about, hard to answer
<Gorian> because just before, I mentioned ZFS + single disks (i.e. zfs not use redundant vdevs vs. zfs using them)
<patdk-lap> there is no difference, zfs uses vdevs
<Gorian> that's not true
<patdk-lap> if you make the vdevs redundent or not, matters not to zfs
<patdk-lap> it might matter to you, but not to zfs
<Gorian> you can setup vdevs in multiple ways, either a pool of single-disk vdevs, mirrored, striped, raidz1,2,3
<patdk-lap> striped?
<Gorian> you being pedandtic about it just to be isn't helping at all
<patdk-lap> that is not possible
<patdk-lap> it's just vdevs
<patdk-lap> !goal
<Gorian> right. Is there anyone in this server that isn't just hanging around to be difficult? I have better things to do than argue with people who get off on purposefully misinterpreting things people say.
<patdk-lap> I'm likely the best qualified in this channel, considering I have been using zfs on very demanding systems for almost a decade now, and have used it with glusterfs too
<patdk-lap> but if you don't want to actually ask what you want, and instead keep beating around the issue
<patdk-lap> or maybe go join #zfsonlinux and try your luck there
<Gorian> you also sound like you have a giant ego that gets off on trying to create strawmen out of other people's question so that you can beat the strawman down. I'm not up for that. I have to go back to work and deal with idiots all week.
<Gorian> the point of fun home projects is to get away from that.
<patdk-lap> well, it is *free* help
<dasjoe> Why is haproxy built without support for tproxy?
#ubuntu-server 2017-07-10
<cpaelzer> good morning
<lordievader> Good morning
<andol> 223122211221122231
<andol> Oops
<cpaelzer> andol: too much entropy spilling over?
<cpaelzer> well it is actually not that good being down to three chars :-)
<danpawlik> coreycb: Hi. Is possible to change in Xenial repository package python-openstackclient from version 2.3.0 to version 2.4.0? There are few issues in version 2.3.0 e.g. openstack network list shows other network UUIDs as neutron net-list
<danpawlik> coreycb: pls let me know if its possible to upgrade
<zioproto> danpawlik: it is always a nightmare with the client. I ended up running my client in a docker container
<zioproto> danpawlik: https://zioproto.ninux.org/2016/11/16/docker-to-run-the-openstack-client/
<zioproto> this way I do oscli
<zioproto> and I enter in a env with the right client
<zioproto> also 2.x is very old
<danpawlik> zioproto: exactly. I do almost the same, but I ust directly python virtualenv
<danpawlik> zioproto: but here comes other problem: someone just install openstack client availalbe in ubuntu repo and just want to use all Openstack services
<zioproto> that is really a problem.
<danpawlik> and when he have a problem he bother you
<danpawlik> the simplest way is to tell him install package min 2.4.0 and then comes next question: where can I find it xD
<coreycb> danpawlik: can they use openstackclient on xenial from the cloud archive?
<danpawlik> coreycb: I can, you can, but... customers which are buying servers in my company will use openstackclient available in repo
<danpawlik> we will make a notification on the page that user should use openstackclient >=2.4.0
<danpawlik> but... maybe it will be better to "upgrade" the package?
<coreycb> danpawlik: we can't do that unfortunately
<coreycb> danpawlik: if there are particular patches to backport from 2.4.0, that might be an option
<danpawlik> coreycb: I try to find the patch for it
<rbasak> cpaelzer: https://code.launchpad.net/~paelzer/ubuntu-seeds/refactor-platform-virt-artful/+merge/327076 looks a bit broken - conflicts. I think maybe you targetted ubuntu.artful instead of platform.artful?
<teward> would anyone be so kind as to try and NTP query us-wa.ntp.dark-net.io please?  I think it's up, but I can't tell due to crappy internet.
<andol> teward: It responds to (icmp) ping but not to NTP queries
<zioproto> I am trying to disable IPv6 DAD in the qrouter network namespaces on the openstack network node. When I edit something in  /proc/sys/net/ipv6/conf/all/ is that global for all interfaces in any network namespace ?
<danpawlik> coreycb: https://github.com/openstack/python-openstackclient/commit/8c6b5a087a4b0dca16faffdbcb5fc9f2d424ddf8
<danpawlik> coreycb: or this one https://github.com/openstack/python-openstackclient/commit/c9cfd569fe2f7c9f499843d77ebbc096b333733b
<danpawlik> coreycb: I just check git log --pretty=oneline 2.3.0..2.4.0
<danpawlik> coreycb, zioproto: so now is possible to create new package with applied patch  :) ?
<zioproto> coreycb: you mean with a huge patch with all differences between 2.3.0 and 2.4.0 ???
<zioproto> but does not make any sense :)
<danpawlik> zioproto: new package for 2.3.0
<danpawlik> but with patch for neutron region
<coreycb> danpawlik: that seems reasonable, i'll get that backported
<coreycb> zioproto: :)
<coreycb> danpawlik: keep an eye on bug 1570491 to follow status
<ubottu> bug 1570491 in python-openstackclient "Network client (neutron) initialized without specifying region" [Medium,Fix released] https://launchpad.net/bugs/1570491
<danpawlik> coreycb: ack. Thx
<teward> andol: crap sounds like it's down then.  thanks for checking.  i'll stab it further
<teward> andol: can you run an `ntpdate` against the server, it *looks* like it's working now at least from work here.  After a quick restart of the thing of course.
<DK2> is it advised to use fail2ban to protect ssh?
<teward> DK2: probably wouldn't hurt.
<danpawlik> coreycb: I receive an email from launchpad. nice, big thanks !
<ahasenack> is dep3changelog authoritative regarding the structure of the DEP3 header?
<ahasenack> i.e., if it fails, the header is incorrect and must be fixed?
<teward> ahasenack: I presume your DEP3 headers are created for patches via `quilt header --dep3 -e` or similar?  (Because that's how I get DEP3 compliant headers on my patch files)
<ahasenack> no, there was a dep3 header already, but not compliant
<teward> ah
<ahasenack> should I quilt --dep3 it and complete what's missing then?
<teward> (E: No Context :P)
<teward> *yawns and chugs coffee*
<ahasenack> always a good idea :)
<nomoney4me> hi all! not sure if this belongs in windows or ubuntu.  I am trying to get a script going that would be able to reset AD password.  Im having a hard time getting a ldaps connection, can anyone help?
<teward> nomoney4me: you sure that your AD environment supports ldaps?
<nomoney4me> I have read up in ldaps, and it looks like as long as port 636 is open, then ldaps is enabled for AD, is this not correct?
<nomoney4me> my ubuntu box can do ldapsearch on the AD just fine.  However, in order to do a changetype:modify, it looks like I need to be on ldaps (Or something secure)
<nomoney4me> but when I change port to 636, there are some ssl things that I don't understand and not sure how to configure it.
<Epx998> Any known issues with the installer having a dhcp issue with 10g nics?
<Epx998> I get a pxe dhcp IP addr, but in the installer - the address is not aquired.
<Epx998> This is so strange.
<ahasenack> Epx998: can you check dmesg and see if the nic was properly detected?
<Epx998> ahasenack: it had to have, I was watching my dhcp servers log and saw the link hit right before autoconfig went
<ahasenack> Epx998: wasn't that the bios pxe booting and its dhcp request?
<Epx998> eth4: NIC Link us Up 10Gbps, Flow Control: RX/TX
<ahasenack> you should see two dhcp requests: from the bios, when pxe booting, and later by the installer
<Epx998> ahasenack: That was doing the debian-installer
<ahasenack> ok
<Epx998> ahasenack: just before autoconfig
<Epx998> i'll run it again to dbl check though
<ahasenack> and tail /var/log/syslog if you can (on the installing system)
<Epx998> if this fails ill disable the onboard nics incase autoconfig is tripping on eth0 nic being unplugged, though im setting eth4 specificallu in my netboot append options
<Epx998> dhcp offer from pxe, at the menu - going forward
<Epx998> ok autoconfig with 10g worked, its failing on eth0
<Epx998> which i unplugged, even though i statically set eth4, it still attempts on eth0
<Epx998> bloody annoying this is ;P
<Epx998> if this works, only 350 servers to disable onboard nics for
<sarnold> would it be easier to move to xenial?
<sarnold> it feels like the predictable-names nic thingies there might make this more approachable
<sarnold> and save some poor intern from hours of tedium
<Epx998> sarnold: Google does not support Xenial builds yet for android.
<Epx998> for our mobile stuff on android, we build on what google certifies, ub12 and ub14 - soon ub12 will be out and we'll be on ub14.
<sarnold> Epx998: oh :( pity. I had hoped this would be some in-house software that needed updating ;(
<tarpman> Epx998: you can't run your build stuff in a chroot or something?
<Epx998> tarpman: its not how our build system is set up, though we are starting to run smaller builders in docker containers on ub14
<Epx998> ok well with the onboards disabled, autoconfig still failed
<Epx998> ill have to troubleshoot  a bit more, meeting now :D
<tarpman> meeting: "why the hell aren't the servers done yet"
<tarpman> :)
<tarpman> don't die, Epx998
<Epx998> i think.. eth4 gets renamed to eth1, is that possible?  since im setting eth4 in my netboot menu, maybe this causes dhcp autoconfig to fail?
<ahasenack> renames are logged
<ahasenack> search for eth[0-9] perhaps in the logs
<braziercustoms> So frustrated. Installed ubuntu 16.04.2 server 64 bit this time :D.  Did all my updates and snap install conjure-up --classic and completed. Then went to restart. After reboot I could not login. Luckily I already set a root password.  It just kept telling me mine is incorrect. So I log in as root and try to change it and it (passwd jbrazier) it asks twice but no matter what the passwords don't match.  So I went to shad
<Epx998> !!! i got it
<ubottu> Epx998: I am only a bot, please don't think I'm intelligent :)
<Epx998> VICTORY
<sarnold> braziercustoms: irc has line length limits. you were cut off at "went to shad"
<sarnold> Epx998: yeah?? :D
<Epx998> yeah, i didnt account for the interface rename with the disabled 4 onboard nics
<Epx998> BUT i have to add compiling the during the install, since it probably wont be present at a reboot
<Epx998> compiling the ixgbe driver
<braziercustoms> SArnold lol ok
<braziercustoms> So I went to shadow and removed password hash. Now I can login but still can't fix my password. Not to mention after I reboot only a few containers started and when I info --showlog on a running container sometimes I get the info sometimes I get connection refused, is lxd running?
<Epx998> isnt root disabled by default?
<stokachu> braziercustoms: you got like 4 different issues
<stokachu> braziercustoms: lets just start with one first
<braziercustoms> I'm frustrated is 1 of them this my 8th reinstall
<stokachu> yes that is frustrating, but good news is you are probably doing it wrong
<Epx998> braziercustoms: i did probably 40 trouble-shooting my 10gb nic / ixgbe driver issue :D
<stokachu> iirc you had to reinstall the first time because you put a 32bit os down on the machine
<stokachu> other than that there shouldnt be any reason to keep reinstalling unless you just have that much time on your hands
<braziercustoms> Stokachu I know.. I know.. I'm sorry.
<braziercustoms> It only takes 8 min
<stokachu> so.. lets pick one of the first issues and go through that
<stokachu> preferably most important to least
<braziercustoms> It takes longer to reboot
<braziercustoms> Ok
<braziercustoms> Stokachu Are you going to determine the order or am I supposed to ask?
<stokachu> balls in your court
<braziercustoms> Ok I guess password issue is pretty important
<stokachu> ok, so explain what you did and how you tried to resolve it
<stokachu> and please stop deleting files
<braziercustoms> I didn't delete any files. I opened shadow and removed my password hash so I could get back in
<braziercustoms> And I backed it up beforehand
<stokachu> ok, so you can login but the problem is you can't change your password now?
<braziercustoms> Yes
<dpb1> are you trying to change passwd for root or jbrazier
<braziercustoms> The passwd command complains that my passwords do not match for jbrazier. I'm scared to try root it still lets me log in as root
<braziercustoms> I know they do
<dpb1> braziercustoms: I bet it's something to do with your modification of /etc/shadow
<braziercustoms> No it happened before I did that..but I just tried again and now it's working..
<stokachu> you had caps lock on didnt you
<stokachu> i do it all the time
<stokachu> :), anyway, next problem please
<braziercustoms> No I swear.. me and two other people tried putting in passwords I even tried one two three four
<stokachu> i'm on a role
<stokachu> roll*
<braziercustoms> 1234
<dpb1> 1 is not a roll
<stokachu> ugh and there it goess
<dpb1> that's just a 1
<braziercustoms> Lol
<stokachu> dpb1: in bball thats all you need
<dpb1> hot hand.
<stokachu> hah
<braziercustoms> Ok let's move along. What's with the containers and the conjure-up.lxd?
<ahasenack> braziercustoms: is the root fs read-only by any chance?
<stokachu> braziercustoms: does conjure-up.lxc list show all your containers running with IPs?
<braziercustoms> Ahasenack no
<braziercustoms> 1
<braziercustoms> But this time I ran it I got connection refused
<stokachu> braziercustoms: do a `watch conjure-up.lxc list`
<stokachu> i wonder if the daemon is just restarting
<stokachu> ive seen that happen sometimes with snap upgrades
<braziercustoms> 1st time refused 2nd showed a few running
<sarnold> :(
<braziercustoms> Refused
<braziercustoms> Ok wait. I did fresh install I o my added ssh but I left the tools option in the install menu enabled.. Would this cause a prob?
<braziercustoms> Install I only added
<braziercustoms> Curious stokachu each different time it does run it's different.. some will have ip some wont..
<stokachu> braziercustoms: yea thats some crazy ish with snap and lxd restarting
<stokachu> braziercustoms: can you try `sudo snap refresh conjure-up --edge`
<stokachu> i got some additional fixes in there
<braziercustoms> Yeah stokachu. Do I need to stop anything?
<stokachu> nah this will be a good test
<braziercustoms> Ok
<dpb1> stokachu: conjure-up ships a version of lxd in it, right?
<stokachu> yea
<braziercustoms> It's refreshed
<stokachu> does conjure-up.lxc list show you anything?
<braziercustoms> I put it back on watch.. So far 4X and no refuse
<braziercustoms> Looks like they are starting.
<braziercustoms> Right now everytime it checks again it says error on one container and each time it moves down the list and the one that said error before is running
<braziercustoms> I'm exited already
<stokachu> ok thats good news
<Epx998> have to say, d-i installer has a serious thing for eth0/1
<Epx998> if your link isnt eth0/1 it gets really upset on netcfg auto
<braziercustoms> Btw if I had had caps lock on earlier when I tried to change my password it would have accepted it cuz both passwords would have been in caps but it wouldn't accept anything even 1234
<stokachu> braziercustoms: i would just blame dpb1
<stokachu> he likes it
<dpb1> wrong
<sarnold> I think there are quality standards for user-set passwords
<dpb1> I mean, I do like it
<stokachu> hah
<sarnold> stokachu: oh very handy to know thanks :D
<stokachu> sarnold: lol
<braziercustoms> They are all RUNNING. reboot see if they come back?
<stokachu> braziercustoms: sure we're high rolling right now
<stokachu> let it fly
<braziercustoms> Lol
<braziercustoms> What did --edge do? Use a beta?
<stokachu> uses what we have in our development branch
<sarnold> snaps have different channels; some are intended to be stable, some betas, and some right from source control with no promises of any sort. of course each snap is free to use them as they see fit.
<stokachu> we have a few more things to do before we promote it
<stokachu> yea so --edge is essentially our master branch on github
<stokachu> but certain features like that lxd one will make it into a properly candidate->stable channel soon
<Epx998> https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/713385 <- my exact issue, been reported since 2011, last update feb of this year as still an issue. oi
<ubottu> Launchpad bug 713385 in netcfg (Ubuntu) "netcfg/choose_interface=auto fails to find the right interface" [Medium,Confirmed]
<braziercustoms> Ok now I'm lost.. After reboot I can't login again.. but I think it's only the first terminal on f1..   I will verify but right now my screen is flooding with conjure-up messages.
<braziercustoms> Btw the first terminal cursor is always screwed up. Instead of being at the end of the word login, it's always under the L
<braziercustoms> It it usually still works
<braziercustoms> But it
<sarnold> eww
<braziercustoms> Is this because of development version? The flooding?
<braziercustoms> Can I stop it?
<braziercustoms> Ok sarnold. How do I turn off all the logging to stdout?
<dpb1> stokachu: ^
<braziercustoms> All containers running after reboot.
<braziercustoms> Oh thanks dpb1 I did tag the wrong one oops sorry.
<braziercustoms> Ok server 16.04.2 still have a login problem. Intermittent authentication failure. Auth log just says authentication failure. If I keep trying to login eventually it lets me. Sometimes I enter username and hit enter and it resets asking for login again.
<dpb1> resetting the login prompt is normal after a timeout on the password
<Epx998_> still cannot login after an install?
<braziercustoms> Dpb1 it reset as soon as i hit enter after putting in login name.
<braziercustoms> Epx998 intermittently. Dpb1 tag me so it alerts my phone.  Sometimes I can login sometimes I cant.
#ubuntu-server 2017-07-11
<cpaelzer> rbasak: gah yeah - all was fine except when opening the MP on LP enterd the wrong traget
<cpaelzer> rbasak: thanks for making me aware
<jonah> Hi my csf/lfd firewall keeps giving UUIDD warnings about excessive usage. I thought I'd best check if it's safe to whitelist "/usr/sbin/uuidd --socket-activation" ?
<rbasak> ahasenack: I'm thinking about MP vs. upload tag workflow. Can you tell me what you can change the MP Status field to in https://code.launchpad.net/~ahasenack/ubuntu/+source/libapache2-mod-auth-pgsql/+git/libapache2-mod-auth-pgsql/+merge/326173 please?
<ahasenack> sure
<ahasenack> rbasak: work in progress, needs review, merged
<rbasak> Thanks. I also have Approved and Rejected.
<rbasak> I think that's because I'm in ~usd-import-team and that's the merge target.
<ahasenack> yep
<hosas> how do I delete virtual network interfaces
<sarnold> try ip link delete?
<hosas> ip link delete  vboxnet23 is returning "RTNETLINK answers: Operation not supported"
<hosas> sarnold: I did but I'm getting "RTNETLINK answers: Operation not supported"
<hosas> by the way I'm using Ubuntu 16.04
<teward> hosas: you may want to go into the virtualbox network editor and remove the interface.
<teward> if you're on a GUI that is
<teward> if not, then you'll have to probably just *remove* virtualbox.  (It's not real useful on servers anyways, afaict)
<sarnold> hosas: interesting. does vbox provide nic-specific kernel modules that you could unload? or does it lump together all its virtio devices into one module?
<hosas> sarnold: that's a complex question for me- I have no Idea what you're saying lol
<sarnold> hosas: hehe, okay; try 'lsmod' on the guest and see if there's a huge pile of vbox* module names or just one or two
<gheorghe_> hosas did you try removing them from etc network interfaces?
<sarnold> if something looks like vbox-virtio-nic or gives the strong impression that it just does NICs, try rmmod the thing :) -- noting of course that if you're ssh'd into the vm, you migh lose control over the vm
<hosas> gheorghe_:  let me try but I don't think it work
<teward> sarnold: `vboxdrv` = `vboxnetadp,vboxnetflt,vboxpci` = individual lsmod items.
<gheorghe_> hosas if you reboot .... :D
<teward> on 16.04 host.
<teward> gheorghe_: vboxnet nics aren't populated in /etc/network/interfaces I believe.
<teward> they're usually part of their own drivers/services
<hosas> the actually issue is this: when I ran iwconfig I get a lot virtual network that I'm not using
<teward> like VMware's are.
<hosas> le t me try it and give you feedback
<axisys> what is good p2v software to convert a physical to VMware VM ? vcenter convertion is failing since they are in different network. So if I could run it locally and take the image over, not sure if possible
<gheorghe_> hosas, teward: sorry i didn't notice you use vboxnet. why not KVM ?
<hosas> gheorghe_:  reboot didn't work. But the let try carefully state the main issue
<hosas> after updating from 14.04 to 16.04 about  a month ago I immediately noticed that my network-manager is show alot of: Ethernet Network () device not managed
<hosas> but my internet works
<hosas> so I started googling to find a way out and the closet answer I got on the net was: someone blame it on Docker
<hosas> the solution given never worked for me
<hosas> someone suggested to state the issue here might get help
<hosas> gui network operation manager for virtualbox is not helpful either
<hosas> sarnold: perhaps you tell me how to use  ip link delete properly (with an example). Thanks
<sarnold> hosas: I think I figured you're solving a different problem than I expected
<sarnold> hosas: I thoguht you wanted to isolate a specific VM from the network but I've now come around to thinking that you're trying to remove NICs from the vm host, not vm guests, and that'll probably just break your VMs
<hosas> sarnold: yes. But I think  ip link delete suppose to help-according to the man page
<hosas> sarnold: let me show an iwconfig
<sarnold> if you actually use and care about vms on this thing you should probably just leave well enough alone
<hosas> sarnold: please look at this http://paste.ubuntu.com/25069732/
<sarnold> 36mb ooof
<hosas> sarnold: sorry that was wrong look at this instead http://paste.ubuntu.com/25069737/
<hosas>  
<hosas> sarnold: as you can see I have a lot of useless vboxnetxx just laying there: the problem is the are showing up on my gui network manager as: Ethernet Network ( ) device not managed
<hosas> it's annoying when you have 20 of them
<hosas> I really don't care if break a vm- I hate scrolling down just to access my network interface
<sarnold> then uninstall virtualbox and be rid of them all? :)
<hosas> hahahaha
<hosas> that didn't work either
<hosas> but I did only twice
<hosas> sarnold: thanks for your time and the other 'guys' that help
<sarnold> hosas: removing vbox didn't work? how did you uninstall it?
<teward> gheorghe_: I use vmnet for VMware.  KVM is a pain to bridge things.  Though in 99% of cases stuff is for me already containerized in LXC/LXD.  Except my MacOS VM, that's in VMware.  (Free VMware Workstation 12 license through school, why not :P)
<hehehe> folks
<hehehe> vult allows to issue vps stop via api
<hehehe> can be used with ossec to stop it in case of someone copying db?
<hehehe> if its real time monitoring they would not be able to get it out from the server perhaps
<hehehe> depends on how fast vultr kvm stop works
<hehehe> teward: also from time public vuln is published what it takes time wise for it to be added to ubuntu sec updates?
<nacc> hehehe: if someone is able to read your database to copy data out of it, then you're already compromised
<hehehe> nacc: they wont be able to get it out
<teward> hehehe: i'm a little confused by why you're highlighting me?
<nacc> hehehe: well, not compromised, but i don't undestand what security problem you think you're solving
<hehehe> teward: I was thinking you are the dude who maintains sec updates
<nacc> hehehe: shouldn't you be asking vult?
<hehehe> nope?
<nacc> hehehe: please get your facts straight.
<hehehe> hey there
<hehehe> my facts are straight
<hehehe> ;)
<nacc> no, they are not.
<hehehe> and why not
<nacc> hehehe: you come in here periodically, it feels like, to troll
<hehehe> how do you pull database out?
<hehehe> when vm is down?
<hehehe> name calling is not best way to talk
<hehehe> this is not a creche
<hehehe> whats the weakness in the idea?
<hosas> sarnold: this is embarrassing  :)- it worked...let me try installing it again and if it comes back-doubt it would
<hehehe> teward: am I wrong to think you are guy dealing with ubuntu security updates? :)
<hehehe> if yes sorry
<nacc> hehehe: you are wrong
<sarnold> hosas: those nics probably will return
<nacc> hehehe: no one person deals with all security updates
<hehehe> nacc oki but teward is one of them
<hehehe> ? :)
<nacc> hehehe: the security team deals with security updates
<hehehe> well if you dont want to talk
<hehehe> :)
<hosas> sarnold: they better not
<nacc> hehehe: i don't understand why? i'm the only one *not* ignoring you at this point.
<hehehe> why what
<hehehe> why u dont want to talk?
<hehehe> I dont know
<hehehe> and yes how fast ubuntu security is updates?
<hehehe> maybe a website to check
<nacc> hehehe: nm. I don't understand why you think I don't "want" to talk. I am the only one responding to you, because (i expect) most people are ignoring you.
<hehehe> lol dude people are busy
<nacc> hehehe: https://usn.ubuntu.com/
<hehehe> its not like everyone sits here and reads chat
<Ussat> hehehe, its updated as it gets done, its a FREE service, if you want gaurentees, feel free to pay for #rhel
<hehehe> yes that is clear now
<hehehe> ty for the link
<sarnold> or ubuntu advantage, though that wouldn't actually get you security updates faster :) heh
<hehehe> eee
<hehehe> sarnold: I think best  then simply check cve db daily and apply
<hehehe> :)
<sarnold> just install unattended-upgrades on your guinea-pig machine
<hehehe> yes I have done it
<hehehe> :)
<Ussat> if your worried about having to apply sec updates daily, well, bigger issues
<Ussat> I patch monthly
<Ussat> unless a VERY good reason
<hehehe> i prefer ideally as soon as public exploit is out
<hehehe> why wait :)
<Ussat> because, none of my systems are open to the net
<hehehe> oki
<hehehe> sarnold: what you think about vps lock down upon unauthorised access?
<hehehe> then simply change a record to machine with nginx and html undermaintenance and quickly patch
<sarnold> hehehe: why not just configure your security groups to enforce what you want enforced?
<hehehe> which security groups?
<Ussat> this conversation sounds vaguely familiar
<hehehe> anyways going to do something :)
<sarnold> hehehe: 'security groups' is aws terminology for provider-supplied firewalling. you open up specific ports / ip ranges in their networking layer for your systems to communicate with. it's a lot like a firewall that the system itself can't manage.
<hehehe> i done that
<hehehe> however if someone managed to escalate to root, you cant block 80 and 443 ports
<hehehe> they will simply put sql backup in www and download
<Ussat> if someone manages to esc to root, youre already boned
<hehehe> nope
<hehehe> re read what been said
<hehehe> vultr allows vps shutdown via api
<Ussat> I know what vultr is
<hehehe> with a monitoring server that logs sql it may be possible to shut vps fast
<hehehe> especially if monitoring server is in private network on vultr too, low latency
<hehehe> or attacker sql export and wget will be faster?
<jonah> hey I've set up some ssh rsa keys and they work great. but I enabled the password protection thinking that a password would only be prompted for once initially. however I'm asked every time I connect. I've tried doing the ssh-add command which works but then when I close and reopen a terminal I'm asked again for the password each time. also after a reboot I'm asked each connection. Does anyone know how to just be asked for the
<jonah> password once, after a reboot etc of course asked again but not then for every connection...?
<nacc> jonah: you want to look into setting up an ssh-agent
<nacc> jonah: i believe -- if you're on a desktop, there are some builtin to gnome, etc.
<ahasenack> is there a known bad interaction between ntpd and something from systemd? Does systemd have its own ntp(d) service?
<jonah> nacc: thanks - well i wanted to just use the command line ssh-agent and use ssh-add but it doesn't seem to stick...
<sarnold> ahasenack: yes, systemd-timesyncd
<ahasenack> sarnold: is that inside the systemd package, or a separate one?
 * ahasenack searches
<sarnold> jonah: the trick is you've got to get the agent started and environment variables populated correctly
<nacc> jonah: iirc, ssh-agent, when run, dumps out a bunch of env variables
<nacc> jonah: you need to actually issue those to use the agent
<sarnold> jonah: if you're starting the agent after you've started an X11 session it's probably been started too late
<ahasenack> â systemd-timesyncd.service - Network Time Synchronization
<ahasenack> ok
<nacc> sarnold: good point
<sarnold> because you need to get those env variables to all child processes for terminals and the like
<sarnold> a dozen years ago I used a tool called 'keychain' to try make it more managable, but I haven't found a need for it on ubuntu
<jonah> sarnold: ah ok, so is there a method i can follow for this? like do i just add the ssh-add command in front with && of my ssh command, so the initial connection then asks for the password but future ones don't from that session?
<sarnold> jonah: I'd say troubleshoot the basics first; start a new terminal and immediately env | grep SSH to make sure you've got a SSH_AUTH_SOCK variable, that the socket exists, permissions look right, etc
<ahasenack> jonah: what's your desktop? This should be working out-of-the-box without having to run ssh-add
<ahasenack> or is this a server?
<ahasenack> (I saw X11 being mentioned, hence my question)
<jonah> ahasenack: sorry yes server
<gheorghe_> i had an aswer for honas and he left lol
<ahasenack> jonah: and you have a private encrypted ssh key on that server, and you want to ssh from there to somewhere else
<sarnold> gheorghe_: oh?
<gheorghe_> oh wat?
<sarnold> I'm curious what your answer was going to be :)
<lunaphyte> hi.  i also have just asked this in ##linux, so feel free to admonish me for cross posting - given this:  http://dpaste.com/1A9WWH8 - i'm wondering where scsi0 and scsi1 are?
<lunaphyte> aha - host0: ata_piix and host1: ata_piix
<lunaphyte> it seems like it would be nice if that was a little bit more readily reflect in the output of things like lsscsi
<lunaphyte> hmm, maybe there's an option to say show all even unused
<lunaphyte> yes, lsscsi -H
<hehehe> after changing hostname which service I restart for changes to take place?
<hehehe> or reboot is must?
<qman__> it used to just be an init script called hostname
<qman__> but I'm not sure with current versions
<tarpman> hostnamectl(1) ?
<hehehe> Failed to restart hostname.service: Unit hostname.service is masked.
<hehehe> oki this may work sudo hostnamectl set-hostname new-name
<hehehe> teo thanks tarpman
<hehehe> yep
<hehehe> sudo dpkg-reconfigure --priority=low unattended-upgrades  - what does priority low do?
<genii> asks more config questions
<hehehe> genii: hmm how come?
<hehehe> and if I set priority=high?
<genii> Then it only asks questions it can't just set reasonable defaults for
<hehehe> ok low priority questions
<hehehe> ty
<genii> Yep
<hehehe> and when it says origin Debian its normal for Ubuntu 16.04?
<hehehe> it did work already on 1 box I just wonder why it use Debian cause it Debian based?
<genii> Yes, because upstream is Debian
<hehehe> the package update unattended how often does it checks for updates?
<drab> hehehe: read the man page and check its config
<genii> hehehe: Default is each boot, or each shutdown if you switch it to that in /etc/apt/apt.conf.d/50unattended-upgrades. If you want to specify a certain number of days, set APT::Periodic::Unattended-Upgrade=X where X is how many days. You can do this with creating  /etc/apt/apt.conf.d/02periodic and putting it in there.
<genii> 0 for value there is to disable unattended upgrades
<hehehe> genii: how come its not in the updgrade-unatended manual?
<hehehe> yes  I did modify 50... file to enable updates with reboot and update time now
<hehehe> genii:  it there any point to run it hourly?
<tarpman> hehehe: no. there's little point to updating more than about once a day; all that does is generate more load on the servers
<genii> hehehe: https://wiki.debian.org/UnattendedUpgrades
<genii> hehehe: I recommend to install apt-listchanges also, as described there. You don't have to use it with system pager, I have mine just email me offsite
<hehehe> what is apt-listchanges for?
<genii> What it's name suggests
<genii> To list changes in your packages
<hehehe> and if I create 02periodic will its config work alongside 20auto ?
<hehehe> or I must use only one of them?
<genii> Either or both, it doesn't matter
<hehehe> I checked listchanges conf - it simply emails root when new packages are installed?
<genii> It has a bunch of different settings. You can pipe the changes also to system pager, etc. But doing that is a pain. Check it's manpage
<genii> Defualt I think is sytem pager and not to email
<hehehe> apt-listchanges is a tool to show what has been changed in a new version of a Debian package, as compared to the version currently installed on the system.
<hehehe> why it is useful?
<hehehe> to read what the vulnerability was?
<genii> Because it includes the changelog to know what was modified in the newer version. And if new version doesn't work, you know what older version to revert to.
<genii> And which mainainer, usually, made the change, etc
<hehehe> can oki
<hehehe> browser
<hehehe>     Displays an HTML-formatted changelog using a web browser, with hyperlinks for bugs and email addresses. By default, the BROWSER environment variable will be used.
<hehehe> but how it secure access to it? and I dont want to install any webservers
<hehehe> can it simply output to a custom log? :D
<hehehe> maybe Dumps output to stdout, with no pauses.
<hehehe> text
<genii> I just have it email. If you want o set it up some other way you'll need to consult someone else
<hehehe> what is pager?
<sarnold> more, less, etc
<genii> system page is like the apps "less" ans "more"
<genii> page/pager
<genii> If you specify some program for the pager that is a custom script you write, it will use that
<hehehe> sarnold: any idea how to write apt-listchanges to a custom log file?
<sarnold> I don't know, I don' use it myself
<hehehe> dump to stdout? where would that file be?
<hehehe> then I can cat it :D
<hehehe> well one way is to email author and ask lol
<hehehe> :)
<sarnold> .. or read the manpage
<hehehe> I read it
<hehehe> it does not say how to log into file
<genii> Maybe experiment with a pager replacement like: tee -a /someplace/somelogfile
<hehehe> I am off to next task :)
<hehehe> I think later it can be done
#ubuntu-server 2017-07-12
<hehehe> genii do you use ossec?
<hehehe> many tutorials suggest to run it as root
<hehehe> there is some workaround but I wonder if it worth to change it so it runs under local user
<hehehe> https://groups.google.com/forum/#!topic/ossec-list/UI6Yng70wh0
<hehehe> sarnold: is there any issue with installing ossec from a root dir on an ossec server
<hehehe> I dont see any
<hehehe> since it runs as root it does not matter where its located
<hehehe> also while I am in ssh session I changed firewall to block custom ssh port yet my session did not ds
<hehehe> so it applies to new sessions only?
<hehehe> seems so
<hehehe> \nice
<hehehe> :D
<maco> I've got a VPS running 16.04, and today I installed updates (probably first time in 2 months) and rebooted. Now I'm repeatedly getting system hangs with "task blocked for more than 120 seconds" â is this an issue with recent updates? (Or a coincidence?)
<eatingthenight> not an issue with recent updates
<maco> Alright, thanks. More log digging says it started 2 hours ago and happens at 15 & 35 past the hour. Weird.
<eatingthenight> that is strange
<eatingthenight> is that the message in syslog?
<maco> Which task is blocked semi-alternates between jdb2/vda1-8 and mysqld
<maco> But I grepped that "120 seconds" in syslog
<eatingthenight> did you have an increase in traffic refently?
<eatingthenight> *recently
<maco> I added another site to my WordPress multisite install about 30 hours ago. Only one person knows about it though, so I doubt that's it. Most popular site on the server has higher traffic than this regularly (podcast episode every other week--this is an "off" week)
<maco> I mean unless the sheer existence of that new site is the issue? But it was fine for 28 hours...
<eatingthenight> is this hosted on aws?
<maco> Cron hourly is 17 minutes after the hour not 15
<maco> No, it's Dreamhost's openstack setup
<eatingthenight> have you tried tuning kernel params at all yet?
<maco> Nope
<maco> I forgot that phrase even existed
<eatingthenight> overall it's going to be real hard to debug that without more info as it's just general system tuning that is specific to your workload and environment. Stack overflow should be able to point you in the right direction for how to start narrowing it down.
<maco> Ok here's something
<maco> I see app armor denies for mysqld right before the first time it happens
<maco> Oh never mind. That's the last thing in the logs before it, but a half hour passes
<maco> Ugh. Ok so I see stuff in openstack help about this being caused by storage problems after rebooting
<maco> Rebooting a VM shouldn't cause storage issues
<maco> Possible solution found. If it works, I'll post the link here to satisfy any curiosity you may have eatingthenight
<lordievader> Good morning
<nisargjhaveri> Hello!
<nisargjhaveri> I'm trying to setup ldap authentication on Ubuntu server 16.04, using `nss-pam-ldapd`
<nisargjhaveri> I think the ldap auth part works, but when I try to login, auth.log says "fatal: initgroups: username: Invalid argument"
<nisargjhaveri> If I set map gidNumber to 100, auth.log says "fatal: seteuid userID: Invalid argument"
<nisargjhaveri> I recently setup another server using `libpam-ldap`, I didn't encounter any similar errors there..
<nisargjhaveri> Any ideas?
<Pascal__> hi i haven an problem with apache ... i want to create an subdomain but my subdomain redirects serverside to my domain. subd.server.my.domain.com => server.my.domain.com any idea?
<lordievader> How does your configuration look like?
<Pascal__> https://pastebin.com/Z9rwXJzc
<lordievader> Do both addresses resolve to the same ip address?
<lordievader> Else you need to add the (sub)domain as server name.
<Pascal__> same ip
<Pascal__> but when i type essen.vm-doku.my.domain.de ist shows the index of /var/www and not of /var/www_2
<lordievader> And that is with the servername setting?
<lordievader> Pascal__: What does `sudo apache2ctl -S` return?
<Pascal__> https://pastebin.com/wmwK2Pa9
<lordievader> Both vhosts are names localhost. Hence apache cannot distinguish them.
<lordievader> Have you set the servername correctly?
<Pascal__> this is my /etc/hosts : 127.0.0.1	localhost 127.0.0.1	vm-doku.eva.evapolda.de	vm-doku 127.0.0.1	essen.vm-doku.eva.evapolda.de essen.vm-doku
<lordievader> Pascal__: That is not what I asked for. What ServerName is set in the apache config of the websites?
<Pascal__> for essen.vm-doku.my.domain.de is essen.vm-doku and for vm-doku.my.domain.de is vm-doku
<lordievader> Could you show me your config again?
<Pascal__> https://pastebin.com/7Vw9kKVC
<lordievader> The ServerName needs to be a fqdn.
<Pascal__> ive set that with fqdn ... now it says at essen.vm-doku.my.domain.de ... DNS-Name not found
<lordievader> Is it a valid fqdn?
<Pascal__> i think so, our (windows)-Dns has both forward-addresses
<lordievader> Can you resolve it?
<Pascal__> now, after reboot of the DNS-Server, yes but now i also become the index of /var/www at essen.vm-doku
<lordievader> Could you paste the output of `sudo apache2ctl -S` again?
<Pascal__> https://pastebin.com/FRKsFFJS
<lordievader> Both do use a different config, 000-default.conf for vm-doku and essen.conf for essen.vm-doku ;)
<Pascal__> yup i've pasted it together to reduce spam
<lordievader> If you look in the access logs, do they reflect the right thing? I.e. when going to essen it is logged to access_essen.log?
<Pascal__> but i've found the problem it was the <VirtualHost fqdn:80> after i changed that to <VirtualHost *:80> it works fine
<Pascal__> but also thanks for your help :)
<lordievader> Nice, good to hear :)
<vimart> is ubuntu server 16.04 ready to run php,python  CGI?
<lordievader> vimart: What do you mean exactly?
<vimart> lordievader: to run simply scripts in php or python?
<vimart> For example I'd like to have contact form on www
<lordievader> vimart: If you install the necessary stuff, sure.
<vimart> lordievader: I've noticed that PHP probably is comming with ubuntu server but I don't see python, what should I install to run python? cgi?
<lordievader> Python (2.7) is installed by default.
<nacc> lordievader: PHP is not installed by default either
<nacc> lordievader: sorry, vimart --^
<nacc> vimart: but python is
<lordievader> Hence the 'if you install the necessary stuff' ;)
<nacc> lordievader: yep, i meant in relation to vimart's last comment
<lordievader> Yes, indeed.
<jonah> hi, any friendly folks around that could please help. my server is taking a beating from a spammer/ddos. Not sure how to get things straight if anyone would be kind enough to lend a hand please?
<tomreyn> jonah: still looking for help?
<tomreyn> looks like both your hosting company website and its blog are online so i guess that's no longer an issue.
<jonah> tomreyn: hey thanks, sorry i got a bit tied up there
<tomreyn> i can imagine
<jonah> tomreyn: it seems to have all come from backscatter, but on a large scale with clamscan going nuts scanning tens of thousands of email bounce backs coming in
<sarnold> nacc: any suggestions for 1703752 ?
<tomreyn> i see, so it was / is your mail server that was being overwhelmed. that's luckily a lot easier to fix than a web based ddos
<sarnold> yeah if nothing else, "just turn it off" isn't a bad start
<nacc> sarnold: looking
<nacc> sarnold: i'll pick it up -- there seem to be a few bugs here
<sarnold> nacc: thanks; normally I'm content to say "yeah bad php can use trusty" but if it's something we shipped anyway, it'd be nice to at least warn folks if it won't work. or something. :/
<nacc> sarnold: yeah, we have done some fixes and iirc, i think my cursory usage did work
<nacc> sarnold: so this is probably something > cursory
<sarnold> somehow I'm not surprised roman would hit a 'logout' button that you might not :) hehe
<nacc> sarnold: yeah
<nacc> sarnold: i was more concerned with "does the UI display"
<sarnold> "doesn't seem badly misfunctional"
<nacc> sarnold: yeah -- which it admittedly was, at first
<sarnold> heh
<hehehe> https://www.vultr.com/docs/how-to-install-modsecurity-for-nginx-on-centos-7-debian-8-and-ubuntu-16-04
<hehehe> does it work?
<hehehe> or whats your setup for ubuntu 16.04 nginx and mod security
<ahasenack> nacc: an opinion here, please
<ahasenack> nacc: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1531622/ is it worth fixing for 16.04, since it's just a config change?
<ubottu> Launchpad bug 1531622 in rsyslog (Ubuntu) "default config still using a legacy keyword: KLogPermitNonKernelFacility" [Medium,Fix released]
<ahasenack> it's quite probable that dpkg will prompt about a config file change during the upgrade, so just installing the update won't fix it in all cases
<ahasenack> but looks like people want it
<ahasenack> got a duplicate bug even, for 16.04
<nacc> ahasenack: i think it is probably worth pursuing -- not sure i follow the 'won't file in all cases' comment?
<ahasenack> nacc: sorry, I dropped just after mentioning the duplicate bug, where is that comment?
<ahasenack> nacc: that being said, the new option doesn't work :P (upstream bug)
<ahasenack> the error was silenced, but the kernel messages also :P
<nacc> ahasenack: your comemnt itself earlier: "... so just installing the update..."
<ahasenack> nacc: I mean if the user made an unrelated change to rsyslog.conf, installing the update won't fix the broken config option
<ahasenack> dpkg will prompt the user, saying the config file changed, and ask for help, right?
<ahasenack> keep, overwrite, diff, etc
<ahasenack> or are we expected to detect this in postinst somehow and fix it for the user?
<nacc> ahasenack: it feels like something we should detect if it was a valid config before and now is not
<nacc> ahasenack: is that the case here?
<ahasenack> nacc: no, we introduced a bug when we changed how the klog module is loaded
<ahasenack> we should also have changed how its options are set
<ahasenack> what we have currently in xenial is a mix: new style loading, old style option setting
<ahasenack> that's the bug
<ahasenack> this was fixed in yakkety: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1531622/
<ubottu> Launchpad bug 1531622 in rsyslog (Ubuntu) "default config still using a legacy keyword: KLogPermitNonKernelFacility" [Medium,Fix released]
<ahasenack> yakkety+ is fine (except for the upstream part: https://github.com/rsyslog/rsyslog/issues/477)
<nacc> ahasenack: ok
<nacc> ahasenack: sorry, i'm kind of deep in some git-ubuntu stuff. Your judgment seems reasonble to me
<ahasenack> I'm just wondering if a config file change is worth for an SRU, given that the user might very likely be prompted to edit the file anyway during the upgrade
<ahasenack> or maybe that's not so likely
<nacc> ahasenack: it might be worth an e-mail to ubuntu-devel-discuss if you can't decide (or ubuntu-devel)
<ahasenack> ok
<ahasenack> it would fix new installs at least
<trippeh> hum. acpid dropped /etc/acpi/events/powerbtn in artful because "since the script is a no-op when systemd-logind is running and systemd-logind is now *always* running". this is not true as dbus is required by logind but dbus is not yet mandatory.
<trippeh> Condition: start condition failed at Wed 2017-07-12 17:47:47 CEST; 6h ago
<trippeh>            ââ ConditionPathExists=/lib/systemd/system/dbus.service was not met
<braziercustoms> First time I've been back to this snap install conjure-up --edge and every time I run conjure-up.lxc list I get different results showing different status for all. Sometimes have up sometimes not...
<nacc> stokachu: --^
<sarnold> trippeh: how'd you get a system without dbus? I thoguht that was basically mandatory in order to use systemd for init
<trippeh> sarnold: these images are built using debootstrap, very similar to ubuntu base or whatever it is called nowadays
<trippeh> most of systemd works fine without dbus
<stokachu> braziercustoms: I bet if you run journalctl -f you'll see snap services restarting..
<stokachu> I'm not sure why that happens though
<trippeh> I may just give in and start adding dbus, even if I'm not stoked about the attack surface ;)
<sarnold> trippeh: aha
<braziercustoms> :/  looks like it is
<trippeh> then again if someone gets access to these vms in a manner that gives access to dbus it is usually game over anyway
 * trippeh scratches beard
<braziercustoms> Stokatchu it is :/   how is this setup started?
<stokachu> There are snap services in /etc/systemd
<braziercustoms> Stokachu how many?
<trippeh> (I also realize using debootstrap means I'm mostly on my own :p)
<trippeh> oh well *adds the powerbtn stuff back using ansible*
<trippeh> it is just some config files after all
<braziercustoms> Stokatchu I'm sure you are familiar with the errors. But I got "Not restarting into /snap/core/current/usr/snap/bin/snap" older than error.. flooding
<braziercustoms> And kernel audit about apparmor profile does not exist for neutron agents. Why didn't it do this after first reboot?
<trippeh> sarnold: even networkd works without dbus ;)
<sarnold> trippeh: ha :D
<braziercustoms> Stokatchu I can't proof of concept on the "proof of concept version" :D
<braziercustoms> Stokatchu it stabilizes? It seems to have stopped... how can I follow this issue?
#ubuntu-server 2017-07-13
<cyphermox> is this a known thing? https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1700826
<ubottu> Launchpad bug 1700826 in ubuntu-meta (Ubuntu Xenial) "please include numactl on the ubuntu-server iso" [Undecided,New]
<cyphermox> (I can update the seed, but I want to make sure it's agreed upon before)
<hehehe> hey folks
<hehehe> who here knows git well? :D
<nacc> cyphermox: i'll ask at our standup tmrw
<cpaelzer> good morning
<[J]oules_> local ubuntu 16.04 acting as syslog server for LAN. rsyslog.conf is setup for udp and tcp on port 514 to enable syslog server. ufw is disabled. iptables -nL shows accept for the 3 default chains. However no lan device/computer is able to communicate with this ubuntu server.
<lordievader> At all, or only the rsyslog service?
<lordievader> [J]oules_: ^
<Ussat> different vlans ?
<Ussat> firewall between them
<[J]oules_> no vlans
<Ussat> FW's between them ?
<Ussat> how are you checking connectivity ?
<[J]oules_> trying to debug sip phone. have sip phone syslog pointing to this ubuntu 16.04. disabled ufw and rebooted. don'
<[J]oules_> see anything in /var/log/syslog, /var/log/messages from phone at all
<[J]oules_> changed sip  phone syslog to send to remote centos server, remote centos shows logs from sip phone
<[J]oules_> just dont want those logs going to remote server. want them to come to this local ubuntu server
<lordievader> [J]oules_: Could you answer my quesiton?
<lordievader> question even
<[J]oules_> lordievader: since rebooting only see very few entries in syslog and messages like: Jul 13 09:01:42 myomie colord[1430]: (colord:1430): Cd-WARNING **: failed to get session [pid 3889]: No such device or address
<[J]oules_> Jul 13 09:09:01 myomie CRON[3928]: (root) CMD (  [ -x /usr/lib/php/sessionclean ] && /usr/lib/php/sessionclean)
<[J]oules_> thats it
<lordievader> That was not my question... is there any network response when pinging it from another host, for example?
<[J]oules_> i can ping the ubuntu server, ssh to it, cannot telnet port 514 to it
<lordievader> What does nmap report about that port?
<[J]oules_> nmap not installed
<[J]oules_> from other server on lan: ping myomie
<[J]oules_> PING myomie.internal (192.168.25.15): 56 data bytes
<[J]oules_> 64 bytes from 192.168.25.15: icmp_seq=0 ttl=64 time=0.306 ms
<lordievader> Could you install nmap and check?
<[J]oules_> telnet myomie 514
<[J]oules_> Trying 192.168.25.15...
<[J]oules_> telnet: connect to address 192.168.25.15: Connection refused
<[J]oules_> yup
<lordievader> Also, use some pastebin service for pasting console output.
<[J]oules_> lordievader: do you know the syntax to nmap port 514?
<lordievader> [J]oules_: Assuming you want tcp: `nmap -p 514 <host>`
<[J]oules_> thx
<[J]oules_> 514/tcp closed shell
<[J]oules_> if iptables shows accept for everything, ufw shows disabled why is it blocked?
<[J]oules_> i tried before to open 514/tcp and it still did not help
<[J]oules_> fw status
<[J]oules_> Status: inactive
<lordievader> Could you pastebin the output of 'sudo iptables-save'  and 'sudo ss -tnl'?
<coreycb> jamespage: most of the pike failures for CI are due to needing the new python-sphinx
<coreycb> jamespage: I checked with the maintainer and he said he's planning on uploading but will be a few weeks
<cyphermox> nacc: ta
<Adri2000> hello
<Adri2000> anyone knows why https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1699010 is marked for lxd instead of lxd/lxcfs?
<ubottu> Launchpad bug 1699010 in lxd (Ubuntu) "process start times offset by host uptime" [Undecided,Fix released]
<Adri2000> and if there is some kind of SRU in progress for xenial?
<[J]oules_> https://www.irccloud.com/pastebin/PunCQwY1/
<hehehe> hey hey
<[J]oules_> lordievader: i see 514 is not listed
<hehehe> lordievader: heya :)
<hehehe> lordievader: do u know git?
<hehehe> I am encountering some silly error yet to see what is it
<[J]oules_> lordievader: i take it that since this ubuntu server is not listening on 514 is the reason. Question then is, how to get it to listen on port 514?
<hehehe> you  can install use ufw
<hehehe> easy to use
<hehehe> then you cal simply sudo ufw allow 514
<hehehe> :)
<hehehe> and it will auto adjust iptables rules
<hehehe> u can also allow in only or out only and to a specific ip and or protocol
<[J]oules_> hehehe: i did that before ... ufw allow 514/tcp and ufw allow 514/udp and no syslog messages were coming in
<hehehe> you using ossec?
<hehehe> then you need to open 1 more port
<hehehe> 1514?
<hehehe> you can google which port :D
<[J]oules_> i am not using ossec
<hehehe> well then why u need 514 open?
<[J]oules_> just whatever installs with ubuntu server
<hehehe> whatever what?
<[J]oules_> because we need to debug a device on LAN
<hehehe> whats it called?
<hehehe> well then open it and thats it
<hehehe> :D
<[J]oules_> the iso for ubuntu 16.04
<hehehe> yes fine
<[J]oules_> there was no extra security added
<hehehe> thats fine
<hehehe> you can add it yourself
<hehehe> :)
<[J]oules_> add what?
<hehehe> whatever u want to add
<hehehe> security wise
<[J]oules_> you mean even if ufw/iptables is disabled it still blocks?
<[J]oules_> put it this way, how to get it to listen to 514 ?
<teward> [J]oules_: run a service that binds to port 514
<[J]oules_> from what i read ....
<teward> have a firewall rule to include port 514 as allowed
<teward> you can't send traffic to a port that doesn't have something to receive the data - that's the core issue there.
<teward> to have something listen on <= 1024 you usually need to run something as root
<[J]oules_> rsyslog
<[J]oules_> https://www.irccloud.com/pastebin/ZXy2gFy2/
<hehehe> yes what teward said :D
<hehehe> use common sense dude
<teward> [J]oules_: that usually doesn't run as root, IIRC.  you may need to use a higher port number like 10514, and then set up a local port-forward for the firewall
<[J]oules_> everything i searched said to enable rsyslog with what is in the p/b and restart rsyslog
<teward> hehehe: that's not necessary, please refrain from rudeness.
<hehehe> common sense is rude?
<hehehe> dude get lost
<hehehe> :)
<teward> >.>
<teward> this is why I hate IRC sometimes
<[J]oules_> no kidding
<[J]oules_> usually because the answer is not known
<hehehe> Joule simply do something like  ssh root@example.com -p514  from any other box
<hehehe> :)
<hehehe> -p is port
<hehehe> wait nope
<[J]oules_> teward: the firewall ufw/iptables is disabled
<[J]oules_> hehehe: i showed earlier, telnet port 513 connection refused
<[J]oules_> hehehe: i showed earlier, telnet port 514 connection refused
<[J]oules_> sorry
<hehehe> yep
<[J]oules_> port 514
<hehehe> 1 moment :)
<[J]oules_> getting rsylog working on a centos server which is remote works, but dont want these logs going remote
<[J]oules_> basically same setup with rsyslog.conf and restarting rsyslog
<[J]oules_> for some reason on ubuntu its like pulling teeth
<hehehe> https://superuser.com/questions/397892/utility-to-open-tcp
<teward> [J]oules_: you may want to use a higher port.
<teward> such as 1051X, because <= 1024 usually has issues
<teward> [J]oules_: is the system you're working on ubuntu or centos?
<ogra_> [J]oules_, usually it is "uncomment 4 lines in rsyslog.conf, restart rsyslog"
<teward> because if it's not ubuntu i'mma throw you to the ##linux channel.
<hehehe> nc -4 -k -l -v localhost 1026
<[J]oules_> the box is ubuntu, i am chatting here from it
<[J]oules_> ubuntu 16.04 LTS
<ogra_> [J]oules_, http://paste.ubuntu.com/25082196/ ... uncomment these four lines (the ones without spaces after the hash sign) in rsyslog.conf and restart rsyslog (works everywhere here ...)
<ogra_> and on the sending machine, create a file in /etc/rsyslog.d/ containing one line:
<ogra_> *.*   @remote.server:514
<ogra_> where "remote.server" is the machine from the first step
<[J]oules_> https://www.irccloud.com/pastebin/jHiUD2K7/
<ogra_> it isnt different in ubuntu than in any other machine
<ogra_> s/machine/linux distro/
<hehehe> Joules lol next time say it clearly - I want to send syslog to other machine
<hehehe> not I want to test some lan device :D
<ogra_> did you try dropping the "AllowedSend
<ogra_> er
<ogra_> for a test ?
<[J]oules_> just did it now ogra_  and restarted rsyslog
<[J]oules_> nothing different
<ogra_> weird, never had any probs with that
<hehehe> provide copy of your firewall rules on both machinese
<hehehe> :)
<hehehe> machines
<hehehe> or use ufw
<ogra_> do you have any other modifications of the syslog config ?
<[J]oules_> i did enable ufw and enabled 514/UDP and 514/TCP and it still did not work
<hehehe> ufw oki
<hehehe> *oki
<ogra_> any reason to run ufw ?
<hehehe> Joules and why 514?
<hehehe> ufw is easier
<hehehe> thats all
<ogra_> sigh
<ogra_> hehehe, you are not being helpful
<hehehe> Joules you simply want to send syslog from 1 machine to another?
<ogra_> [J]oules_, any reason to run a firewall on that machine ?
<[J]oules_> https://www.irccloud.com/pastebin/S6cCJ2Sy/
<ogra_> (assuming it sits in a LAN that is firewalled anyway from the outside world)
<[J]oules_> this ubuntu server is also my workstation. It's behind a mikrtotik router. It is not blocking LAN <-> LAN
<hehehe> Joules so what exactly do you want to do?
<ogra_> sure, but hopefulls WAN->LAN ;)
<ogra_> *hopefully
<[J]oules_> hehehe: have my sip phone send it logs via syslog to this ubuntu server/workstation
<hehehe> oki
<[J]oules_> like i mentioned before, if i set the syslog on the phone to send to one of our pbx's it logs just fine. All our pbx servers are either centos 6 or centos 7
<[J]oules_> just this ubuntu server
<[J]oules_> i think i will just create a centos 7 vm on this ubuntu server via virtualbox
<[J]oules_> this is too much of a PITA
<hehehe> https://www.debuntu.org/how-to-remote-syslog-logging-on-debian-and-ubuntu/
<hehehe> nah dont give up
<hehehe> dont be such quitter :D
<ogra_> [J]oules_, http://paste.ubuntu.com/25082249/ ... just uncommenting the four lines and restarting syslog gets me this on 16.04
<ogra_> [J]oules_, theer must be something additionally that stops rsyslog from opeing the port
<[J]oules_> i do have those lines uncommented
<[J]oules_> hehehe:  /etc/default/syslogd  does not exist
<[J]oules_> ogra_:  agreed, just dont know what it is
<ogra_> yeah ...
<[J]oules_> one thing for sure, this ubuntu box is not listening on port 514 udp/tcp
<ogra_> well, if you tinkered with firewall stuff it might be related ... though then i would expect at least some complaint from syslog in the logs that it cant bind to the port or some such
<[J]oules_> ok i will turn on ufw and then show you
<hehehe>  pastebin /etc/rsyslog.d/50-default.conf
<hehehe> :)
<[J]oules_> https://www.irccloud.com/pastebin/uUW6redV/
<[J]oules_> yet nothing comes in...
<ogra_> sudo netstat -anp|grep :514
<ogra_> ?
<[J]oules_> https://www.irccloud.com/pastebin/PwXrSVWQ/
<hehehe> this is on receving box?
<ogra_> does your host actually listen ?
<hehehe> post your 50-default.conf :D
<hehehe> to double check
<[J]oules_> sudo netstat -anp|grep :514
<[J]oules_> [lnb@myomie]:/var/log>
<[J]oules_> nothing
<ogra_> so rsyslog definitely doesnt listen
<[J]oules_> correct
<hehehe> then its setup error
<hehehe> as simple as that
<ogra_> anycomplaints in syslog when you restart it ?
<hehehe> *config
<[J]oules_> https://www.irccloud.com/pastebin/vr8LHekq/
<[J]oules_> i think that rsyslogd should be -r not -n
<hehehe> did u use *.* @syslogserverhostname:514 ?
<ahasenack> rbasak: I think samba's ubuntu/zesty-devel is behind in the git repository: rmadison shows 17.04.3, but git has 17.04.2 if I'm not mistaken
<hehehe> and restart service?
<ogra_> [J]oules_, it is -n here as well
<hehehe> http://www.randomhacks.co.uk/how-to-configure-an-ubuntu-server-to-log-to-a-remote-syslog-server/
<hehehe> :)
<hehehe> read this :)
<[J]oules_> hehehe: that log to REMOTE
<[J]oules_> i need log to LOCAL
<hehehe> ogra_: DUDE
<hehehe> hmm
<hehehe> so sip phone soft running  on same box?
<hehehe> right
<hehehe> then it would likely have own log
<hehehe> somewhere  in configs
<ogra_> [J]oules_, anything non-standard  in /etc/rsyslog.d/ ?
<hehehe> you dont need to open any ports
<hehehe> blah
<[J]oules_> ogra_: no
<ogra_> any other changes in rsyslog.conf ?
<ogra_> http://paste.ubuntu.com/25082303/ is the default config as the package ships it
<[J]oules_> telnet localhost 514
<[J]oules_> Trying ::1...
<[J]oules_> Trying 127.0.0.1...
<[J]oules_> telnet: Unable to connect to remote host: Connection refused
<rbasak> ahasenack: that's odd. samba is in our whitelist. Shall we wait for nacc to come online and check the importer?
<hehehe> remote host?
<hehehe> dude u said its local
<hehehe> which one is it?
<[J]oules_> hehehe: local
<[J]oules_> i ran the command from the ubuntu server i am on
<ahasenack> rbasak: so you did confirm it's behind?
<rbasak> No.
<hehehe> Joules so to make it clear you got sip phone one the box and u want it to send its log to syslog on same box?
<hehehe> right?
<hehehe> *on the box
<[J]oules_> sip phone is not a box, its a physical telephone
<braziercustoms> Ist that just a generic can't connect message hehehe?
<[J]oules_> it is on same LAN as ubuntu server
<hehehe> oki
<rbasak> ahasenack: yeah confirmed
<hehehe> so land hardware sip phone using asterix?
<[J]oules_> plain and simple, this ubuntu server is not listening on port 514
<ahasenack> rbasak: thanks
<[J]oules_> pbx servers are all remote
<hehehe> Joules plain and simple unless some server uses 514
<ahasenack> rbasak: I'll bring it up in standup, it's just half an hour away
<hehehe> some server soft
<rbasak> Looks like it was published on the 5th.
<hehehe> 514 wont be listening
<rbasak> So perhaps the importer wasn't running then?
<[J]oules_> hehehe: yes agreed, RSYSLOG
<hehehe> braziercustoms: which one
<hehehe> Joules this hardware sip phone got a software config file
<teward> rbasak: and server team: NGINX 1.12.0-1ubuntu1 (merge from the 1.12.0-1 packaging that was in Debian then replaced with 1.13.x) merge completed, and uploaded.  once that builds and lands, i'll push the latest patch for a security issue (Security team is aware, cc: sbeattie)
<hehehe> to where does this config file direct logs?
<ogra_> [J]oules_, i'd really start from scratch .. drop all ufw stuff (uninstall it), flush iptables ... and first of all try to get the standard working that works for everyone else
<hehehe> maybe it sends them to a separate log file instea of syslog
<hehehe> :)
<hehehe> and folks anyone here good with git? :D
<teward> hehehe: i know a bunch, so does rbasak, what's up?
<ogra_> [J]oules_, once you have that, re-enable the firewall bits and configure it (if you really feel you need to dis-trust devices in your LAN that is)
 * teward also runs a GitLab instance for himself
<ogra_> [J]oules_, on any Ubuntu machine i worked with in the last 13 years just uncommenting the 4 lines and restarting rsyslog was enough, be assured this usually works :)
<hehehe> when I do git checkout -b origin and later want to build and make - local box will look for files on the githib repository where branch files are?
<hehehe> so say initially I git clone master branch and then I run checkout -b origin
<hehehe> to select a specific branch
<[J]oules_> ogra_: i cant agree with you more, uncomment those lines and presto
<[J]oules_> ogra_: but this box flatly says 'not in my lifetime'
<[J]oules_> brb have to help someone
<ogra_> well, there must have been some tinkering that broke it i guess
<hehehe> Joules post you /etc/rsyslog.d/50-default.conf :)
<hehehe> just to check
<hehehe> *your
<ogra_> hehehe, what would you expect to find there ?
<hehehe> I dont know some mistake :)
<hehehe> maybe typo
<ogra_> then rsyslog would complain in the logs on startup
<hehehe> oki
<hehehe> so using occam razor what can it be?
<rbasak> hehehe: I don't understand your question. What are you trying to achieve?
<hehehe> rbasak: oki - I want to compile modsecurity from a specific branch
<hehehe> as per howto here https://help.dreamhost.com/hc/en-us/articles/223608748-How-to-Install-libmodsecurity-Nginx-on-Ubuntu-14-04
<rbasak> Those instructions look a bit broken to me.
<hehehe> yes
<rbasak> I wouldn't create a local branch called "origin/v3/master". That's confusing.
<hehehe> rbasak: so whats the best way then?
<rbasak> git will do it, but thereafter lies confusion.
<rbasak> git clone v3/master https://github.com/SpiderLabs/ModSecurity
<rbasak> then git submodule init, etc.
<rbasak> Sorry
<rbasak> git clone -b v3/master https://github.com/SpiderLabs/ModSecurity
<rbasak> then git submodule init, etc.
<coreycb> jamespage: looks like python-sphinx 1.6.3 upload to experimental is just blocked by sphinxcontrib-websupport in NEW
<jamespage> coreycb: ack
<hehehe> rbasak: yes thats the command I was missing :)
<hehehe> how to git clone a branch :)
<hehehe> thanks!
<rbasak> You're welcome :)
<hehehe> well at least last night I had time to read php intro since I was stuck on this front :)
<hehehe> Joules I think if we carefully look at all setup - there is a logical way to find mistake - its just I am new to linux but I can think logically sometimes :)
<hehehe> rbasak: usually if make encounter any mistakes it will log then to syslog or not?
<hehehe> I wonder how people double check that make run correctly
<nacc> rbasak: i made the same importer change for your bugfix locally as soon as i woke up, will ack/merge it now
<rbasak> hehehe: if it's done well, it should stop with an error if there's a problem.
<rbasak> nacc: thanks!
<hehehe> cool
<hehehe> is there a simple way to pull all logs (as per user choice) from a box to remote server, as per event (so simply adding new entries to a logs incrementally in real time)
<hehehe> or it will consume a lot of client server resources?
<nacc> rbasak: done (but you prob. got notified already)
<rbasak> hehehe: A periodic rsync is probably the easiest trade-off close to that.
<rbasak> nacc: thanks!
<gimmic> it is unfortunate that MAAS is free, but Landscape is not
<dpb1> gimmic: landscape is free for up to 10 physical hosts and 50 containers
<gimmic> Yeah.. Who wants to use an OS management platform for >10 systems?
<gimmic> "This car functions, but only drives 10 mph, please pay if you want to go faster than 10 mph"
<gimmic> that's a trial.
<ogra_> gimmic, well, something has to pay the salaries ;)
<ogra_> gimmic, i bet a lot of people would take such a car if you get it for $0 at the vendor and only have to pay if you go above 10mph ;)
<gimmic> seems antithetical to the open source community.
<nacc> open source != free
<ogra_> geez ...
<gimmic> You could make the same argument about any of the projects. MAAS could be licensed the same way
<ogra_> sure
<nacc> gimmic: what argument?
<andol> gimmic: If you don't like the way landscape is licenced and/or priced, then don't use it?
<nacc> gimmic: i think you are the only making a principled arguemnt here :)
<gimmic> :) Just venting an opinion
<Ussat> antiethical....seriousely ?
<gimmic> not antiethical.. antithetical.
<gimmic> Although I guess it's really not any different than the rhel environment
<Ussat> I have no problem payinf for software that I use if it gets the job done
<nacc> gimmic: it's not different than anyone trying to make money, if you want to use *only* free software, that's a different discussion than relevant here
<gimmic> Of course. All I said was that it was unfortunate
<Ussat> I dont see how it is unfortunate
<Ussat> unless you mean its unfortunate you cant leech
<gimmic> that's a bit of a strawman, unless you consider anything you don't exchange money for is leeching
<gimmic> back to the opensource ethos..
<Ussat> opensource ethos......please
<Ussat> I use the best tool for the job. open/closed, it does not matter
<nacc> gimmic: again, you're conflating open and free
<nacc> gimmic: IMO
<gimmic> Yeah.
<nacc> rbasak: ahasenack: `git ubuntu lint --for-merge` of the samba merge (so far): http://paste.ubuntu.com/25082678/
<nacc> messaging needs some massage
<aatish> Hi everyone. i want to install ubuntu server on a HP ProLiant ML10 Gen9. I really need the RAID functionality. I read on forums that i should set controller to AHCI. IS there a workaround? thank you
<Ussat> use ahci and Linux raid
<Ussat> https://en.wikipedia.org/wiki/Mdadm
<rbasak> nacc: nice!
<aatish> Ussat, Is there a guide for mdadm?
<dpb1> lots of them!
<dpb1> the linux raid one is what I remember starting with.
 * dpb1 googles
<dpb1> here: https://raid.wiki.kernel.org/index.php/RAID_setup
<aatish> dpb1, got it. thank you. But now i got the error: variable 'prefix' isnt set :( when installing ubuntu from a usb
<nacc> rbasak: do we want emit 'pass' or something for checks that pass?
<dpb1> aatish: would need more details.  I'm not familiar with that particular failure mode
<rbasak> nacc: I feel that would be more noisy
<rbasak> s/more/too/
<nacc> rbasak: ack, just checking :)
<rbasak> nacc: except maybe with a -v or something?
<nacc> rbasak: we can leave it for not
<nacc> *now
<rbasak> Agreed
<nacc> rbasak: about to add the versioning check
<nacc> rbasak: reading your code, what function should i call to check the version? i guess for a merge, i should pass the debian version?
<nacc> rbasak: next_development_version(debian_version) ?
<rbasak> Yes, I think so.
<nacc> rbasak: ack, doing it now
<[J]oules_> created a new ubuntu 16.04 lts server. uncommented the 4 lines in rsyslog.conf, restarted rsyslog, phone IS logging to the new ubuntu server
<[J]oules_> something on this ubuntu server is not working right and is blocking incoming syslog
<nacc> rbasak: did you ever figure out what you meant by unapproved in http://paste.ubuntu.com/25039931/ ?
<rbasak> nacc: I think I must have meant the version in the unapproved queue, but then changed tack and now intend it to mean the version currently highest in the given series.
<rbasak> nacc: maybe s/unapproved/current/ unless you can think of something better than "current"?
<nacc> rbasak: but w/in the context of the importer, that function can obtain the value of uannproved given a repository and a series name (aiui)?
<nacc> rbasak: or do you want to query lp for it?
<rbasak> before = [max(series.pocket_versions) for before_series in serieses if before_series < series]
<nacc> rbasak: and/or what does after mean?
<rbasak> sorry: before = [max(before_series.pocket_versions) for before_series in serieses if before_series < series]
<rbasak> sorry: before = [max(after_series.pocket_versions) for after_series in serieses if after_series > series]
<rbasak> Argh
<rbasak> Take 3:
<nacc> heh
<rbasak> before = [max(before_series.pocket_versions) for before_series in serieses if before_series < series]
<rbasak> after = [max(after_series.pocket_versions) for after_series in serieses if after_series > series]
<nacc> so we're trying to use that to sandwich our versioning, in case the prior series has bumped, etc/
<rbasak> nacc: does that make sense?
<rbasak> Right
<nacc> e.g., to detect if we need to do 16.04.1 rather than .1
<nacc> rbasak: ok, that makes sense
<rbasak> And current (formerly unapproved) = max(series.pocket_versions)
<nacc> right, i guess in my mind, this (next_sru_version) is a lower level API and the actual api is (next_sru_version(series)()
<rbasak> Yes. That's reasonable.
<nacc> as the above values for a repo are all derivable given the series :)
<rbasak> Your actual API would look up in Launchpad.
<nacc> yep
<rbasak> And my lower level API is the pure testable version comparison bit.
<nacc> understood
<rbasak> nacc: a reminder: I believe next_sru_version is incomplete. But we can use it and add test/fix when we hit those cases for now I guess.
<nacc> rbasak: ack
<rbasak> Yeah it doesn't actually examine before or after at all.
<nacc> right, but the spec means it can (and should eventually) :)(
<nacc> s/(//
<nacc> rbasak: fyi, i have a commit in this series which turns GitUbuntuRepository into a wrapper for pygit2.Repository. It's really handy (and let's us drop a bunch of accessor properties). But now if we need some pygit2.Repository function/attribute, it's just  there immediately
<rbasak> I do think that the wrappers are not worth it any more.
<rbasak> But why not just expose the underlying pygit2.Repository object as a well known property to GitUbuntuRepository?
<nacc> rbasak: that's basically the same thing in this case
<rbasak> So just switch from _local_repo to raw_repo or something.
<nacc> rbasak: we do that already
<nacc> but no caller actualy needs that object
<nacc> they need some method or attr of that object
<rbasak> Yes but it's explicit then.
<rbasak> A caller will do repo.raw_repo.foo()
<nacc> rbasak: tbh, i think what i have is a lot cleaner than expecting callers to know if something is a method of repo or of repo.raw_repo
<rbasak> I'm not keen on inheritance or __getattr__ magic if that's the way you're thinking.
<nacc> rbasak: ok, is there a specific reason?
<rbasak> I disagree. It means that someone less familiar with the code and APIs won't know where to look to find a particular implementation of something.
<rbasak> The name raw_repo could be better.
<rbasak> Also it means that if we need to change something, it's easier to find what callers are doing by just searching for raw_repo.
<nacc> i give you the latter point
<nacc> i suppose it's not a big deal either way -- i found the wrapper object pattern handy to not have to type so much and to not have to add any new methods. It's implicit, though, as you suggest, and I can make it explicit instead
<nacc> rbasak: i'll retool the change, thanks for the feedback
<dannf> hey dpb1 - would you be able to seed numactl for the 16.04.3 server iso now that the MIR is approved?
<nacc> dannf: we discussed it this AM in our standup
<nacc> rbasak: --^
<nacc> dannf: would be good to subscribe the server team to that bug to get our attention
<dannf> nacc: ok
<dpb1> dannf: thsx
<rbasak> dpb1: so the question for you here is: are you willing for your team to take on the maintenance for this?
<rbasak> (from a general process perspective)
<nacc> and shouldn't that have been resolved in the MIR rather than in the seeding discussion?
<rbasak> Really that should happen before the MIR approval...
<rbasak> Yeah
<nacc> i guess the theory was src:numactl is main'd, so we are on the hook for it already
<nacc> but i don't think server is subscribed to src:numactl
<nacc> not sure if anyone is?
<rbasak> It missed it in this case because our process (the team bug subscription being the gate) doesn't account for binary only movements.
<nacc> oh we are, nm
<rbasak> Another example of this is php fpm, which has a bigger maintenance issue.
<rbasak> Perhaps the MIR process should have a requirement for a documented team commitment in addition to the subscription.
<rbasak> cyphermox: FYI ^
<cyphermox> well, in a way we do, that's why I'm asking if you guys are aware of that request for numactl (which is already in main)
<cyphermox> numactl was MIRed some time ago already, the other MIR was to make sure the binary numactl package was also promoted, and then seeding (which triggers me checking that it's really what you want)
<ahasenack> nacc: ok for me to push the tags on that samba merge branch? Or should I leave it as is?
<nacc> ahasenack: you can push it
<ahasenack> nacc: old/debian new/debian old/ubuntu reconstruct/<ubuntu version> \
<ahasenack> deconstruct/<ubuntu version> logical/<ubuntu version> ?
<ahasenack> these, right?
<cyphermox> rbasak: in my view, MIR doesn't need to gate on something being seeded, as if it's not, things will just get migrated back to universe anyway next time someone goes to look at component-mismatches
<nacc> ahasenack: yeah
<rbasak> cyphermox: it's not gating on something being seeded I'm requesting. But I do think that MIRs should be gated on a team committing to support it.
<rbasak> Usually the team subscription check suffices for that.
<rbasak> But not for a binary only movement, as in this case.
<cyphermox> rbasak: it is
<cyphermox> if you already subscribed to the source, why would you not maintain also one of the binaries that come from it?
<rbasak> cyphermox: take php fpm as an example.
<cyphermox> you'll need to look at the bugs anyway
<rbasak> cyphermox: https://bugs.launchpad.net/ubuntu/+source/php7.0/+bug/1267255
<ubottu> Launchpad bug 1267255 in php7.0 (Ubuntu) "[MIR] php7.0 (php7.0-fpm binary)" [Wishlist,Confirmed]
<rbasak> cyphermox: in that case, we're not prepared to have a mess dropped on us.
<ahasenack> nacc: pushed
<rbasak> Once the issues are fixed (by us or others), then we can consider what burden ongoing maintenance of that binary might have on our team.
<cyphermox> rbasak: we review the things every time there is a MIR anyway
<cyphermox> so if it looks like a mess, it seems rather obvious that one should double-check
<rbasak> cyphermox: sure. What I'm asking is an explicit gate on the team who is being given the work.
<cyphermox> I mean, I don't disagree that I would check with you guys again if some random person asks for a new binary in a huge package that looks like a mess
<cyphermox> in the case of numactl however, it's a tiny thing
<rbasak> I agree it probably doesn't matter for numactl.
<cyphermox> (in the grand scheme of already maintaining libnuma, which is where the magic really happens)
<rbasak> But from a process perspective, I'm pretty sure that's a hole.
<cyphermox> what do you mean?
<rbasak> Through which something big will slip sooner or later, as it's not a documented part of any process.
<cyphermox> anything that looks messy in a package in a big red flag anytime you review a MIR
<rbasak> That decision should be down to the team being landed the work, not the MIR team.
<cyphermox> yes
<cyphermox> if the team isn't asking for the MIR themselves, we check
<rbasak> It shouldn't rely on the MIR team deciding if something has a red flag or not.
<rbasak> The decision should go to the subscribing team in all cases.
<cyphermox> in all cases, the MIR team is supposed to do a check that something is generally maintainable without too much pain
<rbasak> That's not what I'm asking for.
<rbasak> In all cases, I'd like the MIR team to check that the subscribing team is OK with the MIR.
<cyphermox> presumably, if you're writing the MIR for your team, you're already OK with it?
<rbasak> In this case, the MIR wasn't written by us.
<nacc> cyphermox: in this case, we didn't write the MIRs
<nacc> in either of these two cases, actually
<cyphermox> which one are we looking at?
<rbasak> Both numactl and fpm.
<cyphermox> I'd rather we deal with numactl as a different case, since src:numactl was already reviewed before
<rbasak> I disagree.
<cyphermox> again, this one is a tiny binary, and the real magic happens in the lib
<rbasak> numactl is an example of exactly the case where the hole in the process is present.
<cyphermox> and fpm is not?
<rbasak> It's also present for fpm.
<rbasak> The two examples are in the same category: binary only movement.
<rbasak> In all cases, I'd like the MIR team to check that the subscribing team is OK with the MIR.
<cyphermox> I don't think you're looking at things the right way
<cyphermox> I don't care if it's binary only or what, a MIR request is a MIR request, the package should be reviewed
<rbasak> Do you disagree with this statement?
<rbasak> Sure, by all means, review it.
<cyphermox> I don't
<rbasak> I'm not saying that you shouldn't review it.
<cyphermox> I agree, the subscribing team should be OK with the MIR
<rbasak> I'm saying that as part of the review I'd like the MIR team to check that the subscribing team is OK with the MIR before approving it.
<cyphermox> heh, fine
<cyphermox> my point in numactl is so tiny it's ridiculous to do back-and-forth about it aside from whether you really want it to be seeded, as the seeding or depends is what will really make it stay in main
<cyphermox> that definitely doesn't apply to anything with php in the name
<dpb1> right, that was my understanding
<dpb1> almost a no brainer
<rbasak> I accept that it seems ridiculous for numactl if you consider that case on its own.
<rbasak> My point is that we should agree the general case while we're here.
<dpb1> I thought it was the general case, actually, this is the first one I have seen
<cyphermox> rbasak: I'm not, I'm talking generally, tiny things that seem obvious are obvious. Things that require a bit more thought, you ask the team responsible, especially if the team didn't create the MIR themselves.
<rbasak> The fpm example is one I happened to spot during triaging. I suspect it'd have gotten approved without consultation with the server team had I not noticed.
<cyphermox> ie. if you file a MIR for something php and the team is subscribed already, I will review and expect that you didn't file the MIR for kicks
<cyphermox> rbasak: I strongly disagree
<rbasak> Sure. If you see that comments are made by active/responsible members of ~ubuntu-server, you can take that to mean that we're OK with it.
<cyphermox> anything php is a huge ugly in my mind
<cyphermox> so we agree
<rbasak> cyphermox: it may be for you, but others have different thinking processes.
<rbasak> That's why we have a written list of requirements - so that your predecessors, you, and your successors will all be able to be consistent.
<rbasak> *You* may not have approved it, but someone else might have.
<cyphermox> rbasak: I think doko works the same way, though I haven't seen his MIR reviews recently
<sarnold> btw what's the sticking point with fpm? it feels better to me than executing php directly in e.g. apache's address space
<rbasak> That's why I'd like this check to be explicit in the process.
<rbasak> sarnold: just a pile of bugs that I'd like to see fixed.
<cyphermox> rbasak: that is the extent of the MIR team, if we don't count nacc who we've been trying to onboard
<sarnold> rbasak: aha :)
<rbasak> sarnold: so we might well end up doing it, it's just another thing on the backlog.
<cyphermox> nacc: speaking of that, sorry, I kind of just pushed some wiki pages to you and didn't get back on that
<nacc> cyphermox: it's ok, we've all ben busy :)
<rbasak> cyphermox: like I say: it's not just who's on the MIR team today. It's about who will be on it in five years' time.
<cyphermox> rbasak: if you think it's insufficiently obvious, you can add it to the wiki
<cyphermox> or better, nacc can write it in the perspective of someone very new to the MIR team
<rbasak> cyphermox, nacc: please :)
<cyphermox> rbasak: I rather rely on the good sense of people on the team, given that they are appointed specifically for their good sense
<cyphermox> or, "rely" is perhaps not the right word
<cyphermox> but I trust others on the team to be able to use their own judgement when reviewing MIRs
<rbasak> cyphermox: sure, though there's also a written checklist of things to verify. Someone with good sense might assume that the process is designed to catch mundane errors, and so not think too hard about this kind of edge case.
<cyphermox> rbasak: well, the MIR team's mandate is not to catch mundane errors really
<rbasak> We have a checklist; this is missing from the checklist; therefore we should add it to the checklist.
<rbasak> cyphermox: I'm defining missing checking to see if the team has committed as a mundane error.
<cyphermox> it's to make sure that things that make it to main are maintainable in main, and won't cause us pain in the long run. I think that goes with making sure those who are signed up to maintain a package know that they are signed up for it and agree to it
<rbasak> Right, and therefore it should be in the checklist.
<rbasak> Right now, it's not.
<rbasak> QED.
<nacc> rbasak: for next_sru_version, is it sufficient to check active series only? or do we need to check any published series?
<cyphermox> rbasak: the MIRTeam wiki page is not a checklist.
<cyphermox> rbasak: more like guidelines of known issues. It could never contain all things to check and be relied on to catch all issues
<cyphermox> so like I said, if you think it needs to be added, fine, I'll never be against that
<cyphermox> but in some cases it's important to be flexible too, and things in that list of red flags may be acceptable given some packages and horribly bad given others
<cyphermox> rbasak: similarly, as an archive admin if you catch something reviewing a MIR to do the promotion dance that was missed and isn't on the wiki page, by all means you should add it
<nacc> ahasenack: do you have a pending MP that fixes a bug i can lint?
<ahasenack> nacc: does it have to be a debian merge?
<nacc> ahasenack: no, specifically not a merge, if possible
<nacc> ahasenack: as in, a bugfix MP
<ahasenack> nacc: https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/326073
<ahasenack> nacc: another one: https://code.launchpad.net/~ahasenack/ubuntu/+source/squid3/+git/squid3/+merge/326860
<nacc> ahasenack: thanks
<nacc> ahasenack: hrm, your new/debian is still pointing to the wrong point
<ahasenack> in samba?
<nacc> it's at -2 and -3 is in debian :)
<nacc> ahasenack: yeah
<ahasenack> hm
<ahasenack> I have a bunch of samba branches, I just updated the merge one I think
<ahasenack> but wait, this is only about the merge branch, right?
<nacc> ahasenack: http://paste.ubuntu.com/25083516/
<nacc> ahasenack: yeah
<ahasenack> locally I have:
<ahasenack> f717b66 (tag: pkg/import/2%4.6.5+dfsg-2, tag: new/debian, tag: ahasenack/new/debian) Import patches-unapplied version 2:4.6.5+dfsg-2 to debian/sid
<ahasenack> let's see
<ahasenack> f8ed728 (tag: pkg/import/2%4.6.5+dfsg-3, pkg/debian/sid, debian/sid) Import patches-unapplied version 2:4.6.5+dfsg-3 to debian/sid
<ahasenack> ok, I rebased that one on debian/sid
<ahasenack> should I just run that git ubuntu merge command with the tags-only parameter?
<nacc> ahasenack: it's ok for now
<nacc> ahasenack: i mean, the linter is rightfully complaining :)
<nacc> ahasenack: let's leave it for a bit
<ahasenack> good :)
<ahasenack> hey, every linter needs a failing test case :)
<rbasak> nacc: sorry, connection flapping
<rbasak> 18:43 <rbasak> Good question
<rbasak> 18:43 <rbasak> I think we need to go backwards until we see a version that is lower than the current version (in the proposed series).
<nacc> ahasenack: :) ... and line 3 was a bug in my code
<rbasak> 18:44 <rbasak> It might be easier to just do all series.
<rbasak> 18:44 <rbasak> Though that is a little unbounded, so I don't like it.
<nacc> rbasak: in order to support eol folks dtrt?
<nacc> rbasak: also, in http://paste.ubuntu.com/25083516/, should we allow for an empty newline in a second hunk relative to merge-changelogs?
<nacc> oh it's a bug in git ubuntu merge :/
<hehehe> rbasak if I get make error make: *** No rule to make target '3317'.  Stop. - any idea how to debug it? I am following same tutorial, configured nginx with modsecurity nginx module and not run make
<hehehe> *and now
<hehehe> http://nginx.org/en/download.html
<hehehe> sorry https://help.dreamhost.com/hc/en-us/articles/223608748-How-to-Install-libmodsecurity-Nginx-on-Ubuntu-14-04 :)
<nacc> hehehe: you should ask the owner of the software you are trying to build how to build it
<hehehe> yes I did try to ask in #nginx its difficult to get reply :)
<hehehe> I was thinking maybe i can debug myself
<sarnold> I bet they respond better to pastebins that show commands and error output
<hehehe> I take you bet :)
<hehehe> how much you bet :D
<hehehe> I bet 1 kg of banana
<sarnold> I hate bananans no thanks that's not a bet I want to win
<hehehe> lol really?
<hehehe> whats your fav fruit then?  and dont say its stake :)
<hehehe> steak
<sarnold> mmm steak
<nacc> hehehe: debugging a build error requires understanding what make was trying to run and why
<nacc> hehehe: your oneline of output is completely insufficient for that
<hehehe> agree
<hehehe> sarnold: lol when i was like 10 I loved steaks
<hehehe> anyways I managed to make it
<hehehe> @ nginx etc
<hehehe> who here uses grantite to monitor ubuntu server?
<hehehe> mainly to see bottlenecks
<hehehe> no one? :P
<hehehe> o wel
<nacc> ahasenack: http://paste.ubuntu.com/25083923/
<nacc> dpb1: --^ lint running against andreas' branch
<ahasenack> nacc: is there a --verbose to see what checks it did?
<ahasenack> looks nice!
<nacc> ahasenack: not yet :)
<nacc> ahasenack: i think i will add that as it's confusing for now to not see what passes :)
<ahasenack> nice
<DammitJim> how do I know if the samba I installed was compiled using embedded heimdal kerberos?
<DammitJim> apparently there is a new security update from samba for those versions
<ahasenack> I'm not sure
<ahasenack> I think that samba AD DC will use that heimdal
<ahasenack> samba's ./configure doesn't mention this explicitly, there is only an option to build *without* samba ad dc
<ahasenack> support
<ahasenack> found this:
<ahasenack> "we support building against a Heimdal or system MIT
<ahasenack> Kerberos library, provided the version is recent enough (otherwise we
<ahasenack> will use our internal version of Heimdal)"
<DammitJim> ahasenack, you are right
<DammitJim> I just found info on that and I'm using samba with kerberos for work with AD
<ahasenack> and that samba ad dc funcionality requires heimdal (doesn't work with mit)
<DammitJim> where can I see when Ubuntu releases a patch?
<ahasenack> work *with* AD is different
<ahasenack> even samba3 had that as a client/member
<DammitJim> oh
<DammitJim> then how can I verify I"m using that flavor of samba?
<ahasenack> it's CVE-2017-11103 right?
<DammitJim> yeah
<DammitJim> I think Debian doesn't even have that patched
<ahasenack> better ask in #ubuntu-hardened, that's the secteam channel
<DammitJim> thanks ahasenack
<ahasenack> I'm not yet fully versed on samba acting as an AD DC
<ahasenack> and it's not clear to me if that vuln affects the client or the server. I think it's client
<ahasenack> "Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks"
<DammitJim> I'm pretty sure we are using that
<DammitJim> but samba is not exposed to the outside world
<DammitJim> yeah, this is kinda confusing because I don't know that we do DRS replication service for replication of passwords
<ahasenack> DammitJim: what ubuntu release are you on?
<DammitJim> LST 14 and 16
<ahasenack> trusty and xenial you mean?
<DammitJim> yes
<ahasenack> DammitJim: you use winbind then?
<DammitJim> yeah
<ahasenack> samba does ship what looks like its own kerberos libraries
<ahasenack> like
<ahasenack>  /usr/lib/x86_64-linux-gnu/samba/libcom_err-samba4.so.0
<DammitJim> yes
<ahasenack>  /usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26
<ahasenack> and others
<ahasenack> and winbind and other tools are linked to that
<DammitJim> yes, it's actually a lot that one configures to use AD authentication
<ahasenack> so I'd say it's affected yes
<DammitJim> I think I'm going to have to schedule patching since I'm not 100% sure
<ahasenack> ubuntu also has the heimdal code as separate packages, I just wasn't sure which one samba was using
<ahasenack> i.e., if updating just the system heimdal would suffice to close the bug for samba
<ahasenack> *looks* like no, but I will defer to the security team's evaluation
<DammitJim> yeah, I asked them and they said it's in progress
<ahasenack> DammitJim: found this: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11103.html
<DammitJim> so, needs triage means it needs to be worked still
<ahasenack> I think so
<ahasenack> you can check the status there
<DammitJim> what is DNE?
<ahasenack> I'm guessing "does not exist", but better ask
<hehehe> :)
<DammitJim> is there a reason why I would want to use ubuntu-server vs ubuntu-desktop for a database server?
<hehehe> yes
<hehehe> less libraries
<hehehe> so less potential holes
<DammitJim> thanks
<DammitJim> any other?
<hehehe> it will be a bit faster
<hehehe> eat less ram :D
<hehehe> and sarnold try to ask for any advice in nginx channel and see :)
<hehehe> its veryyy slow
<DammitJim> sarnold, patch nginx on your ubuntu server, dude ;)
<sarnold> DammitJim: eh?
<Epx998> more driver woes :D
<ZSplat> I need some help.  I have a 16.04 server that has ceased to allow write access, even with sudo and multiple reboots.  Two 3TB drives are LVM'd  together, smartctl from recovery says both drives pass.
<Epx998> Nothing in dmesg after boot?
<ZSplat> Epx998 http://sprunge.us/ZAQb
<sarnold> definitely check dmesg
<ZSplat> I didn't see anything
<ZSplat> But I'm not amazing
<sarnold> [    9.347176] EXT4-fs (dm-0): Couldn't remount RDWR because of unprocessed orphan inode list.  Please umount/remount instead
<Epx998> what does sudo mount -o remount,rw / do?
<Epx998> aha logs ftw
<sarnold> Epx998: uncanny -o remount,rw advice :)
<ZSplat> Doing it, just a sec
<ZSplat> "mount: / not mounted or bad option"
<ZSplat> sarnold
<sarnold> :(
<Epx998> toshiba drive, udma133 wowza
<sarnold> I think I'd boot into a USB stick, fsck the thing
<ZSplat> Is that a bad kind of drive to have?
<ZSplat> It's a remote server, but I can boot into a recovery
<Epx998> im not a fan of toshiba, we do a lot of new hardware POC here and tosh's always give me headaches
<Epx998> im sure its a good drive :D
<sarnold> aside frmo the deathstars I think I always had good luck with toshibas
<ZSplat> btw, here's dmesg | tail -50 from that http://sprunge.us/iCRO
<sarnold> very confusing
<Epx998> sarnold: you'll like this driver issue, im testing out un-released HP hardware on UB12 :D
<ZSplat> So that unprocessed orphan inode list thing is the likely culprit?
<sarnold> Epx998: sheeeesh
<sarnold> ZSplat: yes
<ZSplat> thanks, I'll do some digging
<Epx998> ZSplat: did you hard power off before or something?
<ZSplat> Epx998 , I don't have physical access to it, it's in a data center.  But not that I am aware of.
<Epx998> hope you have idrac or ilo access :D
<ZSplat> Epx998 , I can boot to a rescue OS.  Doing that now
<ZSplat> Epx998 https://puu.sh/wIRCL/de084ec098.png
<Epx998> fancy
<sarnold> that's beautiful
<Epx998> our guys in austin still use flash drives to deploy *nix servers .....
<sarnold> Epx998: they may like to skim the maas docs while waiting for slow-ass usb read speeds one of these days :)
<ZSplat> ok, here's my lsblk: http://sprunge.us/TCQDso am I just going to '#fsck
<ZSplat> oops
<ZSplat> mangled
<ZSplat> Am I just going to '#fsck /dev/sda1' then '# fsck /dev/sdb1'?
<ZSplat> This is what I get in either instance: https://puu.sh/wIRU8/4e6ca21817.png
<Epx998> i honestly dont use fdisk often
<ZSplat> nor do I, lol
<Epx998> what does fdisk /dev/sda do?
<ZSplat> e2fsck: Cannot continue, aborting.
<ZSplat> \/dev/sda is in use
<ZSplat> That makes no sense because "umount: /dev/sda: not mounted"
<ZSplat> Right?
<ZSplat> sarnold
<sarnold> ZSplat: the errors came from vg something or other right?
<sarnold> ZSplat: or md?
<sarnold> sigh stupid memory
<sarnold> anyway, the errors were on some raidy-thing, not directly from the block devices
<ZSplat> It's an LVM of two drives
<ZSplat> Ok, so I need to fsck the LV?
<sarnold> yeah
<ZSplat> heh, ok
<ZSplat> Looks like we might be in business - https://puu.sh/wISgC/7283b24303.png
<Epx998> whats the server do?
<Epx998> im just being nosey btw
<ZSplat> http://sprunge.us/dcdb
<ZSplat> Epx998 Plex, rtorrent, sickrage, couchpotato, ZNC, and a few other things
<ZSplat> Nextcloud
<Epx998> interesting
<ZSplat> I used to piece it all together myself, this time I just used the quickbox script - quickbox.io
<ZSplat> EVERYTHING WORKS AGAAAAAAIIIIN
<Epx998> ZSplat: woot thats the best kind of result
<ZipSplat> Epx998, and now I'm back through ZNC
<Epx998> now make this 408i controller work for me
<sarnold> ZipSplat: sweet :)
<sarnold> ZipSplat: Ican't recall if fsck makes it explicit if it re-parents objects to lost+found or not -- go looking through the lost+fond directories and make sure nothing shows up
<ZipSplat> sarnold, if lost+found is empty then... am I good?
<sarnold> yeah
<sarnold> well, the fsck shows things -were- wrong, you might ye find files shorter than you expect, or wrong data, or whatever, but there's not much you can do about that except compare against backups
<hehehe> :))))))))))))))))))))))))))))))))))
<Epx998> Getting a weird message, "Volume group name already in use" on a new deploy - should be no VG's on these disks
<Epx998> VG is specified in my preseed, but if kicks me out, wht wouldnt i be able to set a different name manually
<Epx998> wonder if the clear isnt working correctly
<tomreyn> Epx998: is the vg name something generic? something which might already be present in /dev ?
<tomreyn> e.g. 'null' or 'sda'
<nacc> rbasak: did you want to do a sync real quick? I'm about to EOD
#ubuntu-server 2017-07-14
<nacc> dpb1: fyi, https://code.launchpad.net/~nacc/usd-importer/+git/usd-importer/+merge/327399
<nacc> rbasak: i'm likely to only be working my AM tmrw and may not have access to my computer, if you review and ack something for the importer code, do you mind just pushing it yourself?
<nacc> *access in the afternoon, that is
<nacc> i'd like to get this pile of stuff landed :)
<Epx998> what is the upstream kernel exactly?
<sarnold> that usually means a tarball downloaded from kernel.org
<sarnold> but could include a git clone and build..
<Epx998> hmm
<sarnold> the ubuntu kernel team has some debs of pre-built 'upstream kernels' that they offer to people when testing issues -- if it works with plain upstream, that means the patches to fix or enable something can usually be cherry-picked from the upstream git trees
<Epx998> reason I ask is on this new hp gen10, hp is releasing stuff for kernels, mentions their stuff is added to the upstream kernel, then found the upstream kernel.ubuntu.org, date looks recent-ish, but its 3.10 vs 3.13 in repos
<Epx998> i think answeer to my latest issue is to remove the scsi controller and toss it in the trash
<Epx998> 6TB raid 0 shows up as 600GB in ubuntu, 63GB in centos
<sarnold> I went out of my way to buy non-raid HBA
<sarnold> it feels like raid cards are more trouble than they're worth
<Epx998> yeah they are, we are trying to improve build times as best we can - so mgmt is buying all sorts of hardware
<Epx998> this 360 g10 is nice, but i dont like the hba
<sarnold> can you flash it with an IT mode firmware?
<Epx998> no firmware for it yet
<Epx998> just the sizes the drivers are seeing is weird, 63gb on centos..
<sarnold> both 63 and 600 sound ominous
<sarnold> something
<sarnold> something's badly broken sort of thing
<Epx998> im going to toss different drives in it tomorrow
<sarnold> an ancient switch from the dark ages was flipped somewhere
<Epx998> im wondering if im hitting 512e 4kn or whatever issue
<Epx998> something to explore tomorrow, cheers
<rbasak> nacc: sorry only just seen this. I gave up this evening due to connectivity issues. ack on pushing myself.
<nacc> rbasak: ack, np!
<nacc> rbasak: i think gu-lint (and the branch it is based off of) is good to go. I believe I have instructions in there for squashing as appropriate in each commit and I'm fine for you to do that)
<nacc> rbasak: and/or feel free to do fixlets on top of my branch after squashing
<rbasak> OK, thanks!
<nacc> rbasak: if you're feeling inspired, feel free to add `git ubuntu review` (which for now can just take a mp as an argument and run `git ubuntu lint` on it)
<rbasak> You want me to squash fixlets into your branch? Or add on top?
<rbasak> :-)
<nacc> rbasak: i think (for clarity) it's probably easiest to squash all of my stuff first, then put fixlets on top. But since you're going to end up being the pusher (most likely), you can just squash them all together (as in, I'm probably not going to review your fixlets before you're ready to push)
<nacc> rbasak: if you want, i can squash what i have now
<rbasak> OK. Leave as is, that's fine.
<hehehe> rbasak:  :) I have compiled 2 versions of latest nginx stable 1 with simply configure add module modsecurity ... and one with same + 16.04 distro nginx params https://pastebin.com/0MRQgt4c
<hehehe> version 1 works with modsecurity version 2 not
<hehehe> I wonder if anything in configure may conflict with mod secure
<hehehe> I double checked both configure both do find and add modsecure
<cathode> hi i'm currently running a FreeBSD 11 system as a NAS/SAN server for a small home lab. I'm trying to downsize and considering replacing the BSD with Ubuntu Server 17.04 and using KVM to host VMs instead of a separate VM host machine
<cathode> I'm assuming that Ubuntu server should have no problems running Samba 4.5 to host windows-compatible shares?
<andol> cathode: Are you aware that Ubuntu 17.04 is a non-LTS release, which is only supported with security upgrades, etc for 9 month?
<cathode> i mean, i can read, so yes i was aware of that statement. i guess I don't understand the implication?
<cathode> does ubuntu / linux not have ways to upgrade a host to a newer release?
<cncr04s> run 16.04
<Seveas> cathode: sure, upgrades work fine :)
<Seveas> cathode: I think andol just wanted to make you aware that with non-lts releases you have to do this every 6 months instead of every two years
<lordievader> Good morning
<Seveas> \o
<cathode> ok gotcha
<cathode> like i said it's a home lab so downtime is not really a big deal
<cathode> and i wanted to go with 17.04 because it apparently has ZFS support built right in without installing anything other than zfsutils
<Seveas> then 17.04 is an excellent choice :)
<cpaelzer> jamespage: are you planning to up ovs to 2.7.1?
<cpaelzer> there is a bunch of nice fixes that avoid hard fails due to use afer free, faults, ...
<cathode> how long does 'update-grub' normally take when installing ubuntu server?
<cpaelzer> cathode: I think it scans all partitions, but if that scanning has issues it needs a lot of timeouts
<cpaelzer> cathode: depending on your setup and potential issues it can be quite a while, but usually not that long that you'd wonder
<cpaelzer> cathode: do you have any I/O errors on dmesg while this hangs?
<cathode> didn't see anything
<cathode> theres 27 disks connected though
<cathode> i let it sit for like 15 minutes before killing the install process
<cathode> it sat at 66% the entire time
<cpaelzer> cathode: any other odd devcies plugged in - a flaky usb to disk converter or sdcards or such
<cpaelzer> that could stall the scan as well
<cathode> can i skip installing grub and use the rescue mode to reinstall it after?
<cpaelzer> cathode: sorry never tried that
<Sourcey> Hello. Hope someone can help me. I have set up a A and MX record. email.example.com and want to run PostFix on my server. Im struggling with understanding the hosts and aliases
<cpaelzer> cathode: I'd more try to check what it actually does while it appears hanging
<Sourcey> seems like the guides online shows different things. what exactly in /etc/hosts and /etc/aliases has to be setup?
<jamespage> cpaelzer: yup
<cpaelzer> thanks jamespage!
<jamespage> cpaelzer: just uploaded
<cpaelzer> prepare to wait on armhf test ressources :-)
<cpaelzer> thanks jamespage
<jamespage> cpaelzer: btw happy for you todo those as well - but please push commits to the git repo on launchpad :)
<cpaelzer> jamespage: you are right I missed that on the last fix
<cpaelzer> I have one in the queue that I can do better as soon as it is upstream accepted :-)
<cpaelzer> jamespage: I guess since you upload you did already clean for the ones I missed - or is there anything I can still help to complete?
<cpaelzer> I see you added them already as I expected, thanks
<jamespage> cpaelzer: I did no further action required for now
<cpaelzer> you get a +1 on my "spend a beer once I see them" paper
<alexII> hi, Software RAID is extremely slow, why?
<lordievader> Quite fast here.... What flavour of raid?
 * teward pokes rbasak
<teward> you rang?
<teward> anyone seen rbasak around?
<teward> he pinged, but i was busy in a meeting.
<dpb1> he's here
<dpb1> give him a sec, I'm sure he'll reply
<dpb1> :)
<teward> dpb1: yep he's repkying now :)
<teward> heck i can't type
<dpb1> hehe
 * teward chugs what's left of his bottle of pepsi.
<teward> time to work on the mountain dew now.
<cathode> hi
<nacc> rbasak: your review for gitubuntu-submit-fixes is a bit confusing, as the first diff comment conflicts with the suggested rewrite
<rbasak> nacc: sorry. Which bit?
<nacc> rbasak: it's ok, i think i resolved it
<nacc> rbasak: you gave a full replacement implementation and commented on the old one
<nacc> rbasak: which was a bit confusing at first, but after a cup of tea, i followed
<rbasak> Sorry, I'll try and explain better next time. The comments on the old one were the rationale for my changes, but by the time I was done it seemed easier to demonstrate what I meant with the replacement.
<nacc> yep
<nacc> rbasak: that's fine, i just wanted to make sure i wasn't missing something
<nacc> rbasak: gitubuntu-submit-fixes updated
<rbasak> ack
<nacc> rbasak: i can rebase gu-lint on it, once you've reviewed, as they are dependent (so that i can pick up the api change to nearest_remote_branch)
<rbasak> Thanks for the docstring corrections. I never understood how I was supposed to do that.
<nacc> rbasak: np, I've seen it elsewhere, I'm pretty sure that's correct
<nacc> rbasak: ok, gu-lint is ready to push whenever you are
<nacc> rbasak: for gitubuntu-submit-fixes, i'll do those fixlets and push, if that's ok with you?
<nacc> rbasak: done
<Epx998> Mmm it gave me access to infoblox
<Epx998> it = IT
<sarnold> Epx998: did you sort out that 69gb / 600gb thing?
<Epx998> sarnold: not yet, vendor is supposed to come onsite today - but im 99% sure its a firmware problem
<sarnold> Epx998: hopefully they'll have some answers :)
<Epx998> sarnold: I think in the end, my mgr wont order the G10 with any controller cards. ha.
<sarnold> Epx998: heh, that's one way to side-step the whole thing
<Epx998> sarnold: i hate not solving it, but i think its out of my hands
<Epx998> sarnold: on a good note, today is all about provisioning ub14 servers
<Epx998> slowly we are moving away from 12
<sarnold> woot
<sarnold> progress :)
<Epx998> sarnold: had to, docker wasnt working on 12 appearently
<sarnold> heh yeah 12.04's kernel predates most ofthe features docker would use
<sarnold> the ESM HWE kernel might be new enough but don't let them hear it
<Epx998> sarnold: yeah we need to get off of 12, wanting docker has made that happen, so im good with it
<Epx998> note: not all of nvidia uses 12, just parts of the mobile unit :D
<Epx998> yeah so I added ilo IP's to DNS instead of system IPs. gg me.
<sarnold> good thing it's friday
<jonfatino> Hello my ubuntu livecd for some reason is only running my cpus at 800mhz
<dpb1> probably because of the powersave governor
<jonfatino> echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
<jonfatino> echo "3800000" | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_min_freq
<jonfatino> echo "3800000" | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_max_freq
<jonfatino> Still nothing :-(
<sarnold> anything in dmesg?
<sarnold> how about thermald's logs?
<dpb1> Also, there was something about intel_pstate and a grub setting
<dpb1> not sure if that is still applicable
<jonfatino> [    3.096939] Intel pstate controlling: cpu 7
<jonfatino> I see this
<hehehe> whats the difference between using alphabetical and numerical command with chmod?
<hehehe> if any
<sarnold> numerical is easier to understand; alphabetical lets you say "add this permission to whatever it already has" or "remove this permission from whatever it already has"
<cathode> i think i screwed up. i installed samba 4.6 by building from source following a guide, but then i installed winbind via 'apt install winbind'. should i have built winbind from source too?
<cathode> right now i'm looking at a bunch of wierd errors, like my samba deployment got reset back to defaults
<sarnold> if you choose to use upstream for one of them you'd probably be best served by using upstream for them all
<cathode> what would be the best way to get everything back to a clean slate?
<sarnold> copy aside the files you know you've configured; apt-get purge the packages that you installed via the distro but want to use upstream stuff
<sarnold> re-install all the upstream stuff
<sarnold> and copy back your config files
<cathode> ok thanks
<sarnold> cathode: it's actually really good timing, https://www.samba.org/samba/security/CVE-2017-11103.html was released recently
<cathode> ah yea
#ubuntu-server 2017-07-15
<cathode> how do i tell ubuntu 17.04 to import pools upon boot that were imported when it last shut down
<cathode> import zfs pools*
<sarnold> hrm I'd just sort of expect that to happen automatically
<sarnold> zpool import ought to be a good start
<sarnold> do you get error messages?
<cathode> no error messages. but when i reboot, the pool doesnt get imported automatically
<cathode> on freebsd there was a pool cache file that the kernel used to keep track of what it last knew about
<sarnold> how about dmesg? journalctl ?
<sarnold> yeah the cache file exists on zfsonlinux too
<cathode> what exactly should i be looking for? just `journalctl | grep zfs` or something?
<cathode> ahhh, hmm
<cathode> Jul 14 18:34:16 nexus systemd[1]: zfs-import-cache.service: Unit entered failed state.
<sarnold> I didn't spot any logging messages in mine that looked particularly useful :/
<cathode> aight
<cathode> thanks for looking. i'm going to keep reading :)
<cathode> yeah it looks like the system might be trying to import pools before the devices  are ready
<sarnold> :(
<Polarcraft> Anyone know why I can't set my hostname for my server? Tried setting the hostname and hosts files to the correct hostname, but with no success. I also tried executing hostnamectl, but that just error'd out.
<sarnold> Polarcraft: what did you change the name to? what did you put in the /etc/hostname and /etc/hosts files? how did you call hostnamectl and what error did it give you?
<Polarcraft> sarnold, it defaulty has cp in it, so I put the full hostname "cp.vengyn.net". Yet it doesn't stay on reboots. hostnamectl is being called via: "# hostnamectl set-hostname cp.vengyn.net", which throws: "Could not set property: Failed to activate service 'org.freedesktop.hostname1': timed out".
<sarnold> Polarcraft: try putting just 'cp' in /etc/hostname -- hostname(5) says "no spaces or dots"
<Polarcraft> Well shit.
<Polarcraft> Alright let me throw another thing at you, using telnet on port 25 returns cp.localdomain. Any reason for that happening?
<sarnold> hrm I'm not real up to date on mail servers :/ most have some way to set the machine's various names though, yours may need some configuring still
<Polarcraft> Well it was setup auto by Plesk, which they don't seem to have a fix for it :(
<sarnold> i'm pretty skeptical of web-based control panel things; they often have tools to read and write configurations for ten year old tools or brand new tools but rarely the tools that are on the system, and they tend to have security holes in them, or in the configurations they write. :(
<Polarcraft> Well Plesk was working until we tried sending emails to gmail and outlook.
<Polarcraft> Apparently my ip was blacklisted due to issues with the dns, which was fixed besides this issue.
<sarnold> email is cranky these days
<Polarcraft> Indeed, but if it fixed I would be a happy camper.
<Polarcraft> s/if it/if it was
<pacmanfan> anyone have a trick for expanding a /boot partition when there's an LVM partition after it?
<pacmanfan> i'm using the gparted livecd to expand /boot on a bunch of 16.04 servers, and there is no consistency between them for what works
<pacmanfan> or i'm not seeing the consistency because i have to try a gazillion things before i'm able to shift unallocated space over to be adjacent to /boot
<pacmanfan> what i'm struggling with most is getting gparted to deactivate the LVM
<pacmanfan> on one of the servers, it would deactivate if i ran vgchange -an <vmname>-vg
<pacmanfan> another one deactivated the LVM after i created a partition in unallocated space and then nuked it
<pacmanfan> but i just can't get this one to deactivate...
<lordievader> Good morning
<Eruptum> Hi, seems like a silly question but, can' t seem to find a good answer online... what precautions should I take (other than backup what's on the Raid) if I decide to upgrade from 14.04 Raid1 to 16.04? thx
<tomreyn> a backup that is stored on the same system and location is not a backup
<tomreyn> you want backups to be remote.
<Eruptum> it would def be backed-up to somewhere else...
<Eruptum> There's not a whole bunch of data on the raid, just want to make sure my ducks are in a row before pulling the trigger on the upgrade...
<tomreyn> use ppa-purge to remove 3rd party repositories and their packages.
<tomreyn> other than that, if you have a full backup, i can't think of anything else.
<tomreyn> be sure to have a live bootable media (usb stick or cd-/dvd-rom) ready to recover the system should the upgrade fail.
<Eruptum> ppa-purge even if it's non-gui?
<Eruptum> okay, have bootable media for recovery...
<tomreyn> sure, if you have any ppas and any packages in there might interfere with the upgrade process (since PPAs are not supported and not tested for upgrades)
<Eruptum> ah, thanks... help is much appreciated tomreyn!
<tomreyn> you could discuss which ppas you have and we could discuss whether they're likely going to be an issue.
<tomreyn> but any PPAs you have will be disabled during the upgrade anyway. however, packages installed form there, which can (and often do) interfere with the upgrade process aren't removed automatically during an upgrade, so you'll better do it now if there are any which could post a problem.
<tomreyn> welcome
<teward> rbasak: for awareness: it seems rerunning that autopkgtest I mentioned that failed *worked* and it was able to get released from proposed.  Now I can get 1.12.1 in.
<CyberpunkZombie> hi guys, i am wondering how i can fix a small issue. i am running on an old Dell Precision M90 lappy, and there is no way to stop the "on lid close, go to suspend state" switch in the bios, so I was wondering if there was a way to do it in the OS.
<CyberpunkZombie> it might lay with power savings settings, but i have NO idea how to deal with any of that.
<CyberpunkZombie> well, from terminal. 8D
<vbotka> CyberpunkZombie, FWIW, you might want to take a look at my notes how to ignore lid https://pastebin.com/Cpu1WQFz
<CyberpunkZombie> Thank you!
<CyberpunkZombie> lol, no gedit
<CyberpunkZombie> and not adding that many packages for it, lets see if vim is there
<CyberpunkZombie> ok, got it with VIM i think, rebooting it lets see if it works 8D
<CyberpunkZombie> seems to work like a charm, thank you!!
<fishcooker> sudo do-release-upgrade is the same operation with * Install a newer HWE version by running: sudo apt-get install and reboot your system.
#ubuntu-server 2017-07-16
<Space-Duck> Can anyone tell me how to fix this error I get trying to install php7.0-curl? The following packages have unmet dependencies: php7.0-curl : Depends: php7.0-common (= 7.0.4-7ubuntu2) but 7.0.15-0ubuntu0.16.04.4 is to be installed
<hehehe> hehe
<hehehe> hi
<hehehe> is there an easy way to incrementally copy selected logs to remote server in real time?
<hehehe> apart running ossec active rule
<hehehe> or cron every second
<hehehe> :)
#ubuntu-server 2018-07-09
<dva5912> Really trying to wrap my head around this whole net plan deal. My google-fu isnt working well tonight and id like some help if you all can! https://pastebin.com/XhZrq3VG Im trying to take my two nic cards, and bond them together in a balance-rr mode to reduce the bottle neck of just one card
<dva5912> Folks, never mind. Went static instead of DHCP and the issue resolved itself. used https://serverfault.com/questions/882758/nic-teaming-on-ubuntu-17-10-via-netplan to answer my own question
<lordievader> Good morning
<tribaal> exit
<tribaal> (sorry)
<jamespage> coreycb: horizon finally uploaded with py3 support
<jamespage> that was fiddly
<ahasenack> rbasak: hi, around? I got asked to add a copyright statement to my salsa mr: https://salsa.debian.org/debian/krb5/merge_requests/2
<rbasak> ahasenack: o/
<ahasenack> rbasak: how do I add that? Who owns the copyright?
<rbasak> ahasenack: that's fine. I'll send you a link to our internal documentation. We license contributions to software under the same licence of the work itself.
<rbasak> ahasenack: I think it should be sufficient to say that this is Canonical's internal documented policy and therefore your work is licensed under the existing license.
<coreycb> jamespage: great! i got aodh py3 uploaded on friday and will be focused entirely on py3 this week.
<ahasenack> rbasak: the previous apache2 sru is done, would you be willing to push the upload tag for https://code.launchpad.net/~ahasenack/ubuntu/+source/apache2/+git/apache2/+merge/348632 so that I can dput it?
<ahasenack> or would you rather wait for christian to get back?
<ahasenack> you can also start a new review from scratch if you prefer
<rbasak> ahasenack: you have upload rights so I trust your judgement :)
<rbasak> ahasenack: what's the git commit hash I'm upload tagging please? The git clone line to grab that would be helpful.
<ahasenack> still, it's how our team works
<rbasak> Is it already peer reviewed by Christian?
<ahasenack> rbasak: yes, he gave a +1
<ahasenack> the hash is what's pushed: 8b6ec8cea379f63aa0e907cec8f70dc4d86e7e83
<rbasak> Then I think all the requirements are met and I'm happy to essentially blindly push whatever hash you want upload tagged :)
<ahasenack> ok, thanks
<rbasak> ahasenack: upload tag pushed
<ahasenack> rbasak: thanks
<DammitJim> is there a maximum file name length in Ubuntu?
<blackflow> DammitJim: such limits are defined by filesystem used.
<DammitJim> so, I have logical volumes and formatted to ext4
<blackflow> and a google prompt nearby?
<DammitJim> yeah
<DammitJim> I just want to make sure I'm not assuming something
<DammitJim> All I saw was that there is a limit for fat32 of 255 characters
<blackflow> I thought FAT was limited to 8.3
<DammitJim> but I'm confused if there is a limit for the file name vs the full path name
<blackflow> there are limits to both. In fact, I even think linux kernel has some hard limits, lemme unearth that...
<blackflow> DammitJim: yah, PATH_MAX and NAME_MAX, defined in limits.h, and if you have kernel headers installed, see eg.  /usr/src/linux-headers-4.15.0-24/include/uapi/linux/limits.h
<ahasenack> rbasak: hi, one more upload tag push if you will: https://code.launchpad.net/~ahasenack/ubuntu/+source/exim4/+git/exim4/+merge/348895
<ahasenack> I can dput
<ahasenack> rbasak: just a sec, let me drop that ~ppa1
<ahasenack> rbasak: now it's good, 524946598222abae1016435ffded0961343e92f8 is HEAD in that MP and good for upload tag push
<rbasak> ahasenack: pushed
<ahasenack> rbasak: thanks
<subvhome> I have a server with http service running on it. I've port forwarded my firewall appliance so that I have access from the web. I would like to block access from the private network... server ip is 10.0.1.10 ... so the network is 10.0.1.0/24 ... can this be done with UFW without breaking my port forwarding?
<RoyK> subvhome: iirc "ufw block from 10.0.1.0/24 to any proto tcp port 80"
<jdstrand> s/block/deny/
<RoyK> jdstrand: thanks
<jdstrand> RoyK: thanks for the rule :)
#ubuntu-server 2018-07-10
<Goop> How would I go about replying to an email from command line, using s-nail?
<Goop> I don'
<Goop> I don't have anything setup on the server except the basics from Postfix, and I'm jerry-rigging an email client with s-nail in command line. All my mail is outputted to ~/Maildir .
<Goop> How do I make sure I can use my mail server to proxy mail for G Suite? Here's my configuration for Postfix: http://paste.ubuntu.com/p/vCHGmg97rN/
<tomreyn> Goop: https://support.google.com/a/answer/2956491
<tomreyn> smtp-relay.gmail.com != ASPMX.L.GOOGLE.COM
<tomreyn> also seek support from google and in #postfix
<lordievader> Good morning
<coreycb> jamespage: i'm working on some horizon bits. it's not happy installing python3-django-horizon before openstack-dashboard. it might just need a openstack-dashboard-common for config/etc that the python packages depend on.
<bobthebuilder20> Hello, currently running a Ubuntu 16.04 web server with proxy setup. Getting an proxy error HTTP: Failed to make connection to backend: localhost. Any suggestion in resolving this
<bobthebuilder20> Hello, currently running a Ubuntu 16.04 web server with proxy setup. Getting an proxy error HTTP: Failed to make connection to backend: localhost. Any suggestion in resolving this?
<coreycb> jamespage: this is where i'm at: https://paste.ubuntu.com/p/RtVSSvD5Ds/
<petn-randall> Hi, I decided to try the new minimal-ubuntu images on AWS (used the default images before), and upon provisioning, it gets stuck waiting for input when installing tzdata: https://paste.ubuntu.com/p/2ytCZW5ckf/
<petn-randall> Is this a known issue?
<jamespage> coreycb: ah yes you might be right - I only tested upgrades, not fresh installs
<jamespage> coreycb: I think your dashboard switch-a-roo LGTM
<coreycb> jamespage: ack thanks, i'll get that uploaded
<jamespage> coreycb: I should have realized that - I think my largely fragmented work schedule for that piece did not help
<jamespage> thanks for sorting that out
<coreycb> jamespage: oh np at all. really just wanted to not be dup'ing any work so figured i'd poke you.
<fizzik> Hey was wondering why dnsmasq will not start on boot
<sarnold> are there any errors in the logs?
<fizzik> Hmm can't seem to find a log file for it in /var/log
<fizzik> https://gist.github.com/36c532baa9bebffc937afd48904493f7
<fizzik> ^ that's what I found in /var/log/syslog | grep dns
<fizzik> I have no problem manualy booting it after boot using systemctl. It [FAILED] during boot I can catch it scrolling by
<sarnold> fizzik: "unknown interface enp3s0"
<sarnold> fizzik: did you tell it to listen on that interface? does that interface exist? should it exist?
<fizzik> sarnold: this interface exists it seems as though dnsmasq may be starting before the interface is up?
<fizzik> Its annoying because my whole network uses it. If the machine reboots I have to run the service manually to get dns queries for my network
#ubuntu-server 2018-07-11
<amazoniantoad> I'm trying to install ubuntu server edition on a dell poweredge 2800 but I can't seem to get the disks listed when trying to install. There are about 7 hard drives present so I don't know how this is happening
<amazoniantoad> Anyone ever handled one of these things? This is my first time
<amazoniantoad> Originally when I tried to install from USB the only drive it listed was the cdrom, burnt the iso to it and now nothing is listed
<sarnold> do you need to reconfigure the perc card in some fashion? e.g. set it to hba mode or set up a raid array via bios or something similar?
<amazoniantoad> I don't know what a perc card is. PXE is an option. I also don't know what hba mode is. I tried finding something to do with the RAID configuration in the BIOS but no luck
<tomreyn> amazoniantoad: press ctrl-r (as in RAID) during boot. PERC is a storage controller (Dells' proprietary HW RAID)
<amazoniantoad> tomreyn: doesn't display that as an option but I'll try that right now
<amazoniantoad> bios revision a06
<amazoniantoad> utility mode, setup, pxe mode
<sarnold> there's a chance it might be prompting you while video doesn't work..
<sarnold> servers are cranky like that
<tomreyn> also, utility mode might get you there
<amazoniantoad> It's still loading, very very little memory on this machine
<tomreyn> some screen shots here https://www.dell.com/support/article/us/en/04/sln292433/dell-poweredge-no-boot-device-available-is-displayed-during-startup?lang=en
<amazoniantoad> options so fuck
<amazoniantoad> scsiselect utility
<amazoniantoad> bmc setyo
<amazoniantoad> setup*
<amazoniantoad> so far*
<amazoniantoad> wth?
<amazoniantoad> Why did it autocomplete with a curse...
<amazoniantoad> So it offers all of those options
<amazoniantoad> then it boots into my installation media
<tomreyn> enter setup, go to "integrated devices", see what "Embedded RAID controller" is set to
<tomreyn> ...and which values are available for this option.
<amazoniantoad> okay
<amazoniantoad> os install mode is off
<amazoniantoad> dont see embedded raid controller
<tomreyn> okay maybe you just have none then
<amazoniantoad> No what?
<amazoniantoad> I know there are hard drives
<amazoniantoad> I'm looking at them
<sarnold> are they plugged into a backplane? is the backplane connected to anything on the motherboard?
<amazoniantoad> I'm going to have to take this thing apart to get a better look
<amazoniantoad> Because there are big sheets of metal covering up spots
<sarnold> I'd *hope* the connectors for the backplane would be accessible with just removing the top..
<sarnold> afterall someone might need to service the machine while it's still on the rails..
<amazoniantoad> I see embedded server management
<amazoniantoad> This guy just left this server at this office and it didn't actually do anything. It ran some special version of windows but all he used it for was for employees to clock in
<amazoniantoad> We have shifted away from that and now I have to repurpose this thing
<amazoniantoad> I'll be back
<amazoniantoad> I'm going to start taking this thing apart
<sarnold> "Embedded dual channel Ultra320 SCSI" .. heh, this is older than I expected ;)
<tomreyn> :)
<tomreyn> there is an add-on raid-controller, PDF page 6 of https://downloads.dell.com/manuals/all-products/esuprt_ser_stor_net/esuprt_poweredge/poweredge-2800_user%27s%20guide8_en-us.pdf explains how to locate it.
<tomreyn> but since it's an add-on it makes me think it's not installe dby default.
<tomreyn> server manuals https://www.dell.com/support/home/us/en/04/product-support/product/poweredge-2800/manuals
<sarnold> "raid key"
<tomreyn> latest BIOS is A07, 07 Jul 2012
<tomreyn> cute, isnt it?
<sarnold> remind me to hug my supermicro when I head back downstairs :) sheeeesh
<tomreyn> :)
<tomreyn> latest BMC Firmware, v.1.83, A10, 07 Jul 2012
<tomreyn> latest Backplane Firmware, v.1.00, A01, 07 Jul 2012 (so probably no upgrade needed there, phew)
<sarnold> hah
<tomreyn> 2 gb ram installed by default
<tomreyn> but dell selles refurbished 256 MB DDR2 ecc upgrade modules for it
<tomreyn> so you're safe.
<sarnold> oh man.. how much do they want for those? :)
<tomreyn> dunno, no prices there.
<sarnold> uhoh, talk to sales staff territory, that can't be good. they have boat payments to make.. :)
<tomreyn> :)
<tomreyn> 15k rpm scsi drives
<tomreyn> 36 GB :)
<sarnold> I wonder how throughput / latency on those compare to my spinning metal disks.. probably pretty favourably
<tomreyn> 2x 1900W PSU
<tomreyn> might draw a little bit more power than yours
<sarnold> insert impressed whistle sound here
<sarnold> that's incredible
<tomreyn> amazoniantoad: so it's actually Ctrl-M to enter RAID controller setup according to https://www.youtube.com/watch?v=RtbstKvdhBs
<sarnold> for "mraid"? :)
<tomreyn> or "make it work", not sure
<tomreyn> Ctrl-E for BMC, also doesnt make a lot of sense, unless it stands for enlightenment.
<dpb1> any ZFS expertise around?  I am running into this and wondering what is up.. https://askubuntu.com/questions/1054051/zpool-import-not-importing
<sarnold> dpb1: zpool import -d /dev/disks/by-id/ or something similar --- just plain /dev/ if you don't care about stable device names in the vdevs
<dpb1> sarnold: ya, same behavior with either -d /dev/disks/by-id or -d /dev
<sarnold> :/
<sarnold> dpb1: dmesg?
 * dpb1 looks
<dpb1> nothing in dmesg, :/  looking if there is a way to set debug, etc
<sarnold> dpb1: hmm. okay, maybe make a new directory, and copy the exact device node into that directory..
<dpb1> you mean, like mknod?
<sarnold> that ought to do it too.. but I thought cp would do that for you?
<sarnold> oh man. cp tries to *read* the thing. ew.
<sarnold> yeah then mknod. heh.
<dpb1> ok, did cp -dp
<dpb1> same
<dpb1> no pools available to import
<dpb1> hrmph
<sarnold> dpb1: time to head to #zfsonlinux and hope dehacked is around..
<dpb1> asked
<dpb1> :)
<qwebirc52334> anyone can help me? i am having problem installing full gnome desktop on ubuntu 18.04 server
<qwebirc52334> the command sudo apt install tasksel taking forever to finish
<qwebirc52334> cleaned installed on a VM
<qwebirc52334> installation and network config is done. i can log-in and now wanted to install gnome desktop
<qwebirc52334> update: i am following this thread https://askubuntu.com/questions/53822/how-do-you-run-ubuntu-server-with-a-gui
<qwebirc52334> it sas to do this "sudo apt-get update" and "sudo apt-get install ubuntu-desktop"
<qwebirc52334> the first one sudo apt-get update is taking long time. is there anyway to do it faster?/
<tomreyn> qwebirc52334: why do you install a gui on a server?
<qwebirc52334> to do works conveniently without remembering commands
<qwebirc52334> if I had a GUI, browsing though the settings and files would have been easier for me
<tomreyn> it effectively prevent that you learn your way around the terminal, but you really should if you want to manage servers regularly, since once you do, you will work much better, faster, more effectively. running a GUI also consumes system resources you could better use for other things. and last but not least, it increases the attack surface.
<tomreyn> you could use text based GUIs such as ncdu which don't depend on X
<tomreyn> your choice - i just would not recommend it. if you still would like to proceed, show the output of the apt-get update command.
<tomreyn> !pastebinit | qwebirc52334
<ubottu> qwebirc52334: pastebinit is the command-line equivalent of !pastebin - Command output, or other text can be redirected to pastebinit, which then reports an URL containing the output - To use pastebinit, install the Â« pastebinit Â» package from a package manager - Simple usage: command | pastebinit
<qwebirc52334> i understand. for example, right now I am having issue with very slow apt-get and I dont know why. my internet is very fast, and do not have any issue with windows servers at all. i have seen that I might have to change repository, how do I do that? if i had a GUI, i could probably find it out by myself
<tomreyn> without a GUI, you can find out yourself as well, you just need to search the web a little. these tasks have been done and documented many many times before, so you're not alone.
<tomreyn> sure, it will take a bit longer than doing it on a gui the first and second time, but by the third time you will start saving time.
<tomreyn> and get much better error output.
<tomreyn> !terminal | qwebirc52334 this is for later, to get you started
<ubottu> qwebirc52334 this is for later, to get you started: The linux terminal or command-line interface is very powerful. In Unity or GNOME, search the dash for "terminal" and press ENTER. Other desktops: Applications -> System Tools -> Terminal (MATE), K-menu -> System -> Konsole (KDE), or Menu -> Accessories -> LXTerminal (LXDE). Guide: https://help.ubuntu.com/community/UsingTheTerminal
<qwebirc52334> ok, I am following..
<tomreyn> see the link 'Using the terminal' there
<tomreyn> for now, i can guide you at least to find out why apt is slow
<tomreyn> which ubuntu version is this, do you know? if not, run: lsb_release -ds
<tomreyn> oh you said 18.04, sorry.
<qwebirc52334> i dont have any error now.......but its very slow i can say. right now its stuck at 18% [11 sources 0 B/1,098 B 0%]
<qwebirc52334> its 18.04 amd64
<tomreyn> okay, can you run this in a second terminal window: apt-cache policy | pastebinit -
<tomreyn> this should return a http address, or an error message saying you dont have pastbeinit installed
<qwebirc52334> ok, sorry for asking but how do I open second terminal?
<tomreyn> are you connected to the server using ssh?
<qwebirc52334> i am connected to console
<tomreyn> so you have keyboard and mointor attached to it and are sitting necxt to it?
<qwebirc52334> its a VM and I am directly connected to display
<qwebirc52334> yes
<tomreyn> okay, which virtualization is this?
<qwebirc52334> VMware
<tomreyn> a pity, i dont know enough about it.
<qwebirc52334> esxi 5.1
<qwebirc52334> i can use my keyboard and mouse to inout to the VM console
<tomreyn> i see, you can install an ssh server next time, then access the system via ssh.
<tomreyn> this allows you to connect to it multiple times and have multiple sessions open at once.
<tomreyn> there are better ways for this, but this is too advanced for now.
<qwebirc52334> ok. may be after this is done or probably errored-out..
<qwebirc52334> i think i can connect to to the server by ssh
<tomreyn> at how many % is it now?
<qwebirc52334> 18%
<qwebirc52334> let me open putty to connect to it
<tomreyn> okay, just cancel it then. press ctrl-c
<qwebirc52334> ok
<tomreyn> oh you can connect with ssh already?
<qwebirc52334> cancelled
<tomreyn> putty is an ssh client
<qwebirc52334> i didnt try before but i think i can connect to ssh. anyway, i cancelled the apt-get command
<qwebirc52334> and thanks thanks for your helping me.....
<tomreyn> okay, let's test internet access: type this, press enter, and tell me what it says for % packet loss on the bottom:  ping -c 3 abc.de
<qwebirc52334> ok
<tomreyn> you're welcome
<qwebirc52334> 3 packets transmitted, 3 received, 0% packet loss, time 7181ms
<qwebirc52334> rtt min/abg/max/mdev = 283/285/287/1.670 ms
<qwebirc52334> so thats the statistics
<tomreyn> ok, that's pretty long, wher ein the world are you?
<qwebirc52334> i am in Guam
<tomreyn> ok, maybe then it is fine, i do not know how well the internet infrastructure is there
<qwebirc52334> the internet speed that I usually get from our Windows servers is around 10+MB (mega byte) download
<tomreyn> and germany where this server is is far from you.
<qwebirc52334> its a 150Mbps connection
<qwebirc52334> ok. is there anyway to choose a nearest package server?
<tomreyn> okay, that's very good if it's per second, i was just referring to latency, not bandwidth.
<tomreyn> okay, so let's see what is up with apt
<tomreyn> right, we should do this
<tomreyn> can you try to connect to the server via putty?
<qwebirc52334> ok
<tomreyn> if this works out then yxou can just copy and paste the commands i type, andwhat they return, this would be easier for you
<tomreyn> i assume you had to type the statistics you provided above?
<qwebirc52334> yes, logged in through putty
<qwebirc52334> yes, u r right
<tomreyn> very well, so what does this return? apt-cache policy 2>&1 | pastebinit -
<qwebirc52334> now it will be easy
<qwebirc52334> http://paste.ubuntu.com/p/Mss2khCF37/
<tomreyn> also, if you will come here regulalrly, i recommend you install an IRC client instead of using the website to login to the chat. personally i like the "hexchat" IRC client which is available on the major desktop operating systems
<qwebirc52334> hmm, i see. well, I will try to get an IRC client. what client do u recommend?
<tomreyn> see what i just wrote ;)
<qwebirc52334> oh, got it
<tomreyn> next, please post: ping -c5 archive.ubuntu.com 2>&1 | pastebinit -
<qwebirc52334> ssh not responding......pls give me a moment
<qwebirc52334> http://paste.ubuntu.com/p/TQjcJdBXQt/
<tomreyn> hmm, maybe soemthing is not right with the VM, let's check this: dmesg | pastebinit -
<tomreyn> the trailing '-' is not actually needed
<qwebirc52334> http://paste.ubuntu.com/p/kTkHqs3m9x/
<tomreyn> you can remove the virtual floppy if esx can do this. you will never need it.
<qwebirc52334> yes
<tomreyn> can you show: pastebinit <( free -m; df -h; )
<qwebirc52334> ok, i joined hexchat as sunshine5
<tomreyn> * sunshine5 :No such nick/channel
<tomreyn> maybe you connected to a different IRC network. we are on Freenode.
<qwebirc52334> sorry, rf53
<tomreyn> oh ok :)
<rf53> hi tomreyn, this is me
<tomreyn> hello hello.
<tomreyn> see if you like this better
<tomreyn> rf53: this is what a hilight looks like on hexchat
<rf53> yes, better than webclient
<tomreyn> <tomreyn> can you show: pastebinit <( free -m; df -h; )
<rf53> http://paste.ubuntu.com/p/QmbjKgm7QS/
<tomreyn> what does "uptime" return? its just one line, post it here directly
<rf53> i need to shutdown server to remove floppy drive
<rf53>  06:18:32 up  1:06,  4 users,  load average: 0.00, 0.00, 0.00
<tomreyn> okay, i'll wait for it to reboot
<rf53> ok
<lordievader> Good morning
<tomreyn> hi lordievader
<rf53> i wonder why its showing 4 users
<rf53> this is only me connected
<tomreyn> w
<tomreyn> ^ may tell
<lordievader> Hey tomreyn
<tomreyn> you probably have 4 sessions open
<lordievader> How are you doing?
<rf53> hmm. could be
<rf53> ok, removed floppy drive and server is coming up
<tomreyn> lordievader: fine, thanks :) rf53 + i are just looking into speeding up his apt. he's got http://archive.ubuntu.com configured right now but it's pretty slow from Guam. i'm reading that we could use "deb mirror://mirrors.ubuntu.com/mirrors.txt" instead
<lordievader> rf53: Do  you have a slow internet connection?
<tomreyn> rf53: give me a second, i am composing a new confguration file for you.
<lordievader> Slow DNS, etc?
<tomreyn> hmm right we didnt check dns, it could be that
<rf53> i dont have slow internet connection
<rf53> i am using 150 Mmps corporate connection
<rf53> from our windows servers, internet is very fast, like 10+MB download from microsoft repository
<tomreyn> dont take it as an insult, we're just trying to understand what is making apt slow for you currently.
<rf53> i understand
<tomreyn> :) can you run: "systemd-resolve --statistics 2>&1 | pastebinit"
<rf53> we have 100+ other servers, most of them ar windows and internet speed is not an issue
<rf53> it could be soemthing with this VM, but since I am not a expert, not sure how to troubleshoot
<tomreyn> time systemd-resolve archive.ubuntu.com 2>&1 | pastebinit
<rf53> ok, running command...
<lordievader> rf53: What is the output of 'for i in {0..10}; do /usr/bin/time -v dig +short archive.ubuntu.com 2>&1 |grep wall; done'?
<rf53> http://paste.ubuntu.com/p/z7fkkwrSFm/
<rf53>  for i in {0..10}; do /usr/bin/time -v dig +short archive.ubuntu.com 2>&1 |grep wall; done
<rf53>         Elapsed (wall clock) time (h:mm:ss or m:ss): 0:05.96
<rf53>         Elapsed (wall clock) time (h:mm:ss or m:ss): 0:00.00
<rf53>         Elapsed (wall clock) time (h:mm:ss or m:ss): 0:00.00
<rf53>         Elapsed (wall clock) time (h:mm:ss or m:ss): 0:00.00
<rf53>         Elapsed (wall clock) time (h:mm:ss or m:ss): 0:00.00
<rf53>         Elapsed (wall clock) time (h:mm:ss or m:ss): 0:00.00
<rf53>         Elapsed (wall clock) time (h:mm:ss or m:ss): 0:00.00
<rf53>         Elapsed (wall clock) time (h:mm:ss or m:ss): 0:00.00
<rf53>         Elapsed (wall clock) time (h:mm:ss or m:ss): 0:00.00
<rf53>         Elapsed (wall clock) time (h:mm:ss or m:ss): 0:00.00
<rf53>         Elapsed (wall clock) time (h:mm:ss or m:ss): 0:00.00
<tomreyn> whoops, too much output here
<rf53> sorry
<tomreyn> np ;)
<tomreyn> <tomreyn> time systemd-resolve archive.ubuntu.com 2>&1 | pastebinit
<rf53> http://paste.ubuntu.com/p/bhcyxSs6b5/
<rf53> real    0m2.662s
<rf53> user    0m0.147s
<rf53> sys     0m0.033s
<lordievader> That first request is quite slow.
<rf53> ok
<lordievader> How is your dns set up?
<tomreyn> it's ubuntu server in an esxi 5 VM
<rf53> may be something with network configuration...i used ip address from our server address pool..like other servers
<tomreyn> *18.04
<lordievader> For comparison my first request (with an empty resolver cache) takes 0:00.01.
<rf53> yes
<rf53> esxi 5.1
<rf53> we have local dns server
<lordievader> Could you pastebin the output of `for i in {0..10}; do /usr/bin/time -v dig @8.8.8.8 +short archive.ubuntu.com 2>&1 |grep wall; done` please?
<rf53> same LAN
<tomreyn> lordievader: btw. rf53 is here (Guam): https://en.wikipedia.org/wiki/Guam#/media/File:Guam_on_the_globe_(Southeast_Asia_centered)_(small_islands_magnified).svg
<tomreyn> but there seem to be undersea cables going there.
<lordievader> That is probably not going to help for latencies ð
<rf53> yes, its a small US territory
<rf53> http://paste.ubuntu.com/p/Z7KGPrmkM5/
<lordievader> That looks better.
<lordievader> I'd switch to Google DNS. Or, even better, setup a caching resolver wich forwards to Google.
<tomreyn> so you're convinced it's dns?
<tomreyn> i agree it seems to be base don your tests
<lordievader> Not convinced, but it plays its part.
<tomreyn> maybe the local resolver is just a bit busy
<tomreyn> how to configure the resolver properly on 18.04 ?
<tomreyn> i really dont know yet
<rf53> ok. we are in a LAN and not sure how to change/forward to Google DNS from Ubuntu
<tomreyn> rf53: can you: pastebinit /etc/resolv.conf
<lordievader> I typically do not have resolvconf installed and can just make those changes to `/etc/resolv.conf`.
<tomreyn> i think resolvconf is installe dby default though
<rf53> http://paste.ubuntu.com/p/bVRzCnxpSW/
<tomreyn> Quoting 18.04 release notes: Default DNS Resolver: The default DNS resolver is now systemd-resolved. The standard /etc/resolve.conf file is now managed by systemd-resolved, and configuration of the resolver should be done in /etc/systemd/resolved.con
<tomreyn> f
<tomreyn> rf53: pastebinit /etc/systemd/resolved.conf
<rf53> http://paste.ubuntu.com/p/BFzZWZH5Pb/
<tomreyn> hmm, okay then let's edit this file. do you know nano? it's a command line file editor.
<rf53> do i need to install it on server?
<tomreyn> it may already be installed. can you run:: sudo nano /etc/systemd/resolved.conf
<rf53> yes, its here
<tomreyn> we want to make line 15 of http://paste.ubuntu.com/p/BFzZWZH5Pb/ say this: DNS=8.8.8.8
<tomreyn> when done editing, press ctrl-x
<tomreyn> and press enter to save it
<rf53> will it be #DNS= or DNS=
<rf53> do i remove #
<tomreyn> no #
<tomreyn> remove it
<rf53> done, saved
<tomreyn> now: sudo systemctl restart systemd-resolved.service
<tomreyn> then run "apt-get update" again and see if its faster
<lordievader> And then test the latency again.
<rf53> ok, doing...
<tomreyn> also run this again: for i in {0..10}; do /usr/bin/time -v dig +short archive.ubuntu.com 2>&1 |grep wall; done
<rf53> running apt-get update
<rf53> let me open another ssh
<tomreyn> :) very well
<rf53> http://paste.ubuntu.com/p/PdvnqX5CMJ/
<tomreyn> please also show (just one line): date- u
<tomreyn> can you say whether apt-get is faster now?
<rf53> Wed Jul 11 06:50:12 UTC 2018
<tomreyn> thanks
<rf53> apt-get seems again stuck at 18%
<rf53> 18% [11 Sources 0 B/1,102 B 0%]
<tomreyn> it must have trouble reaching one of your apt mirrors: http://paste.ubuntu.com/p/Mss2khCF37/
<tomreyn> bot security.ubuntu.com and archive.ubuntu.com are pretty standard, though.
<rf53> ok, so I think I just need to wait for it to finish
<rf53> is there anything like changing mirros to force it download from closest mirror?
<tomreyn> yes
<tomreyn> if you cancel apt (ctrl-c) and run this instead, it should tell us why it is taking so long: sudo apt-get -o 'Debug::Acquire::http=1' update
<rf53> ok, do u think it might help?
<rf53> ok
<tomreyn> but we can also edit your /etc/apt/sources.list now, as you prefer
<tomreyn> ... to maybe get you a faster mirrror.
<rf53> with the command, looks like it was fetching the files. but again stuck at 18%
<rf53> i am not sure what nearest mirror my location has
<tomreyn> can you paste the last 15 lines of output to http://paste.ubuntu.com ?
<rf53> any US or Australia Mirror?
<tomreyn> probably australia, i think
<rf53> https://paste.ubuntu.com/p/g56jhDFtW6/
<rf53> https://paste.ubuntu.com/p/NjD4dzrGH2/
<tomreyn> hmm okay, i was wroing, it doesn't help ;)
<tomreyn> let's just update your sources.list
<rf53> ok
<tomreyn> you have ubuntu backports configured, do you need them?
<rf53> no
<tomreyn> ok, i'll remove them since they are not well supported.
<rf53> ok sure
<tomreyn> give me another 1 minutes
<tomreyn> 2
<rf53> you are helping me, and I am grateful. take your time
<tomreyn> cancel apt if it's still running, then run:
<rf53> ok
<rf53> cancelled
<tomreyn> sudo mv /etc/apt/sources.list /etc/apt/sources.list-disabled-20180711
<rf53> done
<tomreyn> wget https://pastebin.com/raw/pgBBUTXB -O - | sudo tee -a /etc/apt/sources.list
<tomreyn> this will download the sources.list configuration file for APT which I posted to this location, and set it up for you.
<rf53> ok, done all
<tomreyn> please run "sudo apt update" afterwards, and let me know whether it works better
<rf53> ok
<rf53> looks like much faster.....so far
<rf53> and not stuck
<rf53> from AU
<tomreyn> good. it may still get stuck sometimes in the future when you rnu it. if this happens, either just cancel and run it again (it will use different mirrors then and should not get stuck again), or wait.
<rf53> ok, got it
<tomreyn> now, do you still want to install ubuntu desktop? ;)
<rf53> so apt-get update does download and install both?
<tomreyn> no, it just uipdates the information on available packages, it doe snot install them ,yet
<rf53> i think i will give some time to learn commands
<tomreyn> you can also use 'apt' now instead of 'apt-get' (except when you write shell scripts with it)
<tomreyn> apt is a little mor euser friendly
<tomreyn> if you run "apt update" now it will tell you how to geta list of pending updates.
<tomreyn> to install them, run: "apt full-upgrade"
<lordievader> And `apt` gives progress bars ð
<rf53> so its like listing all pckages that has updates available. so to install update do I need to use apt-upgrade command?
<tomreyn> <tomreyn> to install them, run: "apt full-upgrade"
<rf53> i will use apt then. progress bar i like more
<rf53> ok
<rf53> on my screen, though it seems working, its still says 18%
<rf53> Get:11 http://mirror.tcc.wa.edu.au/ubuntu bionic/main Sources [829 kB]
<rf53> 18% [8 Sources 0 B/1,113 B 0%] [11 Sources 0 B/1,098 B 0%]
<rf53> at very last of lines, its 75.8 kB for all lines
<tomreyn> so that's still the old apt command? you didn't cancel it yet?
<rf53> not yet
<tomreyn> well you can do so now
<tomreyn> 75.8 kB is not THAT much ;)
<rf53> ok, so let me do this
<rf53> i ran "sudo apt update", seems same output except the last line is yellow color
<rf53> now, it connected to NZ server
<rf53> anyway, i will just wait and once its done will run "apt full-upgrade"
<tomreyn> rf53: it will vary, picking the servers returned at http://mirrors.ubuntu.com/mirrors.txt at random (this file loos different for you than it does for me, since the server returns the best apt mirrors for your region)
<rf53> got it
<tomreyn> so since it picks different servers at random on the next run, if "sudo apt update" gets stuck, i would just cancel and run it again.
<tomreyn> but that's up to you ;)
<rf53> the problem is to know if its stuck or not, because the lines are moving....
<tomreyn> okay, if the output keeps changing then i guess it's fine
<rf53> but its the same lines coming again and again
<rf53> let me give u some recent lines in pastebin
<tomreyn> they may look very similar, or even identical when it actually does somethign different.
<tomreyn> ok
<tomreyn> also, if you would like me to explain any of the commands we ran above, please let me know.
<rf53> https://paste.ubuntu.com/p/w4rTycnJfy/
<rf53> so if "apt update" only lists updates needed, and not even does download, why is it taking so long? shouldn't it be done in just a few seconds?
<lordievader> Normally, yes.
<rf53> its still 17%. let me cancel and run it again
<tomreyn> hmm yes this doesnt look good
<rf53> how can i check disk space info? sorry for asking
<tomreyn> df -h
<tomreyn> we did this before, you have space left
<lordievader> There are no firewalls at play?
<tomreyn> http://paste.ubuntu.com/p/QmbjKgm7QS/
<rf53> oh ok
<rf53> we have firwalls, but its not an issue for our windows severs
<tomreyn> lines 1-3 are about memory in megabytes (free -m), the rest is the output of 'df -h' (disk free in human readable output)
<tomreyn> when i traceroute to you from a couple locations around the world it always goes through los angeles, usa
<tomreyn> so maybe we should actually use US mirrors
<rf53> yes, we can try that
<rf53> usually we have better traffic with US since its an US Territory
<tomreyn> you can create another backup copy of the apt sources.list file: sudo cp -p /etc/apt/sources.list /etc/apt/sources.list-disabled-20180711-2
<rf53> created another backup
<tomreyn> and then: sudo rm /etc/apt/sources.list; wget https://pastebin.com/raw/VhLc8Uv3 -O - | sudo tee -a /etc/apt/sources.list
<rf53> done
<tomreyn> and then: echo | tee -a /etc/apt/sources.list
<tomreyn> this is just to add a blank line to the end, i forgot this
<tomreyn> and finally: sudo apt update
<rf53> sudo echo | tee -a /etc/apt/sources.list
<rf53> tee: /etc/apt/sources.list: Permission denied
<tomreyn> sorry, this: echo | sudo tee -a /etc/apt/sources.list
<rf53> sudo apt update
<rf53> Err:1 http://us.ubuntu.com/ubuntu bionic InRelease
<rf53>   Could not resolve 'us.ubuntu.com'
<rf53> Err:2 http://us.ubuntu.com/ubuntu bionic-security InRelease
<rf53>   Could not resolve 'us.ubuntu.com'
<rf53> Err:3 http://us.ubuntu.com/ubuntu bionic-updates InRelease
<rf53>   Could not resolve 'us.ubuntu.com'
<tomreyn> uuh, my bad
<rf53> do i need to update DNS again?
<tomreyn> no, i just made a mistake, the server name is wrong
<rf53> ok
<tomreyn> to fix this: sudo rm /etc/apt/sources.list; wget https://pastebin.com/raw/Cehw3vSV -O - | sudo tee -a /etc/apt/sources.list
<rf53> done
<tomreyn> please also post: sudo ls -l /etc/apt/sources.list.d/ 2>&1 | pastebinit
<tomreyn> and finally: sudo apt update
<rf53> yes off course. its running ...
<rf53> taking time at 14% [Waiting for headers]
<rf53> 14% [4 Sources 0 B/1,104 B 0%]
<tomreyn> hmm, something must be wrong with either oyu network or the esxi or the ubuntu installation
<tomreyn> chances are oyu have double NAT and that gets in the way
<tomreyn> with packets not getting properly rewritten or whatever
<rf53> hmm
<lordievader> Perhaps doing a packet capture can give some insight.
<tomreyn> you'd need to do a packet trace to analyze this further
<rf53> ok, i will do that
<rf53> i will also try to change ip address
<rf53> thanks for your help
<rf53> i will log-out now and try to do some troubleshooting myself
<rf53> http://paste.ubuntu.com/p/rcr3DzqWKX/
<rf53> this is output of "sudo ls -l /etc/apt/sources.list.d/ 2>&1 | pastebinit"
<tomreyn> okay, thats fine
<tomreyn> i mean the output, and good luck with the touble shooting
<rf53> ok. thank you tomreyn
<tomreyn> it could also be a misconfigured firewall blocking the requests or, more likely, packets reutnrned for your requests
<tomreyn> i suspect the tcp 3-way handshake doesnt get fully transmitted
<tomreyn> you're welcome.
<tomreyn> if you wanted to reproduce this on y another system, set up another VM on the same esxi server with similar network configuration and i suspect it will produce the same issue.
<rf53> ok, what I will do it create another VM on other ESXi node and see if that has any difference
<rf53> it could also be firwall if the packets transmission is different than windows
<tomreyn> tcp should be universal, but more package translations can cause more problems.
<tomreyn> good approach, good luck.
<rf53> and if there is any rule in firewall
<rf53> ok
<rf53> thanks and bye
<anddam> b move 8
<anddam> hello, I installed a fresh 18 server system, configured the eth interface to use dhclient at install time. How can I see what DHCP server provided info to the system?
<blackflow> anddam: can you rephrase that question? not sure I understand what you're asking.
<anddam> blackflow: sure,I configured the eth interface on a system to use dhclient, it gets configured but I'd like to see which DHCP server provided the info
<anddam> I read /var/lib/dhcp/ should have leases files
<anddam> it does not on this system
<anddam> on another similar system (these are virtualbox VMs with a bridged network interface) I do see the .leases file
<anddam> the system showing the .leases file is an Ubuntu 16 and I configured /etc/network/interfaces, on this new 18 I see configuration moved to netplan
<anddam> in /etc/netplan I see https://gist.github.com/adab4d/51cfd2d458602e439e8f1b08a7720b06
<anddam> it could also be that my assumption is wrong, how do I check that my enp0s3 has been configured via DHCP?
<anddam> blackflow: ^
<blackflow> anddam: netplan is just configuration abstration, it's using networkd as backend on servers, and NM on desktops. according to your post, it's configuring enp0s3 for dhcp. also cloud-init is mentioned, and that's where my knowledge about it stops, I don't use cloud-init
<blackflow> anddam: iirc, leases and dhcp activity should be logged in the journal
<blackflow> anddam: dhclient will log DHCPREQUEST and DHCPACK
<anddam> blackflow: what service?
<anddam> blackflow: as I wrote I think I configured for dhclient but I may be wrong, I would like to confirm that
<anddam> sstemd-networkd[825]: enp0s3: DHCPv4 address 192.168.1.22/18 via 192.168.0.1
<anddam> correct server
<anddam> thanks
<blackflow> anddam: right so you configured for DHCP, not specifically dhclient. that's systemd-networkd doing the work there.
<anddam> oh, like dhclient is a specific DHCP client, but systemd-networkd can do the job as well?
<Haris> hello all
<blackflow> anddam: iirc yes, it doens't need dhclient
<Haris> how to get php pthreads mod with php5 on 14.04 lts ?
<hadifarnoud> hello
<blackflow> Haris: like, for threaded PHP? I think you can't without rebuilding whole PHP
<blackflow> why do you need it btw?
<Haris> is it possible via pecl mod install ?
<Haris> php app that's scaling to require threading
<blackflow> its' not a module, it's whole interpreter being ZTS
<Haris> is there a less radical solution for 14.x
<blackflow> PHP is not thread-safe in itself tho', so even with that, you'll likely have issues
<blackflow> it's not ubuntu specific, but PHP specific
<Haris> don't the main repo or ppa pkgs have it pre-built somewhere ?
<blackflow> official repos don't. there could be a PPA but those aren't supported here.
<Haris> hmm
<Haris> where does one go for ppa
<blackflow> Haris: that said, see if Ondrej has something:   https://launchpad.net/~ondrej
<Haris> hmm
<blackflow> Haris: I'd do all this in a dedicated container btw. If you break your system, you get to keep the pieces.
<Haris> lol
<Haris> makes sense
<hadifarnoud> blackflow: is this sound right? https://gist.githubusercontent.com/hadifarnoud/4e5e3d1d2f977de2a337e43382ed726a/raw/8be2eb9717c4ce7b02da006201181cb701b85278/cloud-init.cfg
<hadifarnoud> I think I should follow their instruction in comment
<blackflow> hadifarnoud: you don't need "network" or "netmask" parts, and 255.255.255.255 is invalid anway. use CIDR notation for the IP, eg.   address 138.201.116.62/24   (if it's /24)
<blackflow> in fact not even broadcast is needed. only address and gateway (which you're missing)
<hadifarnoud> it's 32
<blackflow> hadifarnoud: the inet6 also looks wrong, I wouldn't use ::0 in that subnet.
<blackflow> hadifarnoud: no it's not. /32 means single IP but that's not your subnet.
<hadifarnoud> my v6 is 2a01:4f8:1c17:5d80::/64
<blackflow> is it though? that's all zeroes in that subnet (due to :: at the end)
<blackflow> ipv6 isn't about individual addresses but about subnets. you're assigned a /64 subnet and have to define addresses in it yourself
<hadifarnoud> like this one? 2a01:4f8:1c17:5d80:78:47:223:238
<hadifarnoud> IPv6 is so confusing to me
<blackflow> hadifarnoud: looks okay if that's what you want.
<hadifarnoud> I thought I assign a subnet and all IPs in that subnet works
<blackflow> not automagically no
<blackflow> do you know how many address that would be? :)
<hadifarnoud> millions :D
<blackflow> 2^64 more precisely
<hadifarnoud> I found my gateway via `ip route | grep default`
<hadifarnoud> that should be ok, right?
<Haris> can the pecl pthreads implementation help on 14.x lts ?
<blackflow> Haris: yes if that's a  currently working config. it's also listed in your Robot (hover on the ipv4)
<Haris> taht one went over me
<Haris> that+
<blackflow> sorry that was for hadifarnoud :)
<blackflow> Haris: as for pecl pthreads, I don't think so, you need ZTS in the interpreter
<blackflow> I mean try it, but I doubt it.
<hadifarnoud> does it look fine now blackflow ? https://gist.github.com/hadifarnoud/4e5e3d1d2f977de2a337e43382ed726a
<blackflow> hadifarnoud: no. is that a hetzner CX VPS? that gateway looks like it. if so, you don't define public IPs on the iface. you also have two conflicting stanzas for eth0, one dhcp and one static.
<hadifarnoud> blackflow it is a VPS. I think it does not persist so if anything goes wrong it's easier to just reboot, right?
<blackflow> hadifarnoud: but which VPS... Hetzner has different network setups between VX, CX and Cloud lines
<hadifarnoud> CX11
<blackflow> hadifarnoud: well, the CX line can have only one IP, 172.31.1.100, always, it's routed based on MAC from their side. you don't define public IP on it.
<hadifarnoud> there is a float IP
<blackflow> hadifarnoud: not for CX
<hadifarnoud> I have a floating IP on this server
<blackflow> then you'll have to ask Hetzner how to set it up.
<blackflow> afaik CX don't have it. new cloud servers do.
<Haris> interest based money model is killing economies world wide. pushing human being(s) to reduce and reduce
<hadifarnoud> isn't CX new cloud servers? that's what I have blackflow
<blackflow> it is not.
<hadifarnoud> I currently did make it work by doing `ip addr add 78.47.223.238/32 dev eth0`
<blackflow> CX have no public IPs, only 172.31.1.100, always and only that.
<blackflow> so if your server has a non RFC1918 address and it works, that's not a CX VPS
<hadifarnoud> I'm confused. how is it working now?
<blackflow> by not being a CX server
<hadifarnoud> it clearly says that in dashboard. CX11
<blackflow> this is slightly offtopic here though, you'll have to ask Hetzner for setup specific to their network. meanwhile, as for those e/n/i stanzas: write the IP in CIDR format. the gateway is in the same subnet, can't be RFC1918 then. you had conflicting entries for eth0 with dhcp and static at the same time.
<blackflow> well if that's CX and you have a non-RFC1918 IP, then they changed something significantly, or you aren't using what you think you are. At any rate, ask Hetzner for support with that.
<hadifarnoud> https://gist.github.com/hadifarnoud/4e5e3d1d2f977de2a337e43382ed726a see my comment. there is a screenshot there
<hadifarnoud> how come gateway is not in that subnet? you're right. maybe `ipconfig | findstr /i "Gateway"` isn't right
<Haris> is pthreads supported on xenial or bionic or same for them also ?
<Haris> php pthreads
<Haris> ondrej says no pthreads before 7.0.x
<blackflow> hadifarnoud: oh I see what they did..... they started calling the new cloud servers as CX, and they dropped the old CX servers
<Haris> that means its experimental on xenial
<Haris> but its already available on centos
<Haris> via a third party repo
<hadifarnoud> ip route | grep default
<hadifarnoud> yeah
<blackflow> Haris: php zts is not officially supported on Ubuntu, so this is becoming slightly offtopic. like I said, if you want that, you're on your own, use a PPA or build from source, good luck ;)
<hadifarnoud> so, the gateway is correct?
<blackflow> hadifarnoud: I don't know. afaik their cloud servers don't use RFC1918 for anything
<blackflow> _really_ open a ticket for them and ask for proper network config..... OR, reinstall from their original ubuntu images
<blackflow> if you want a floating IP, convert from dhcp to static, have two stanzas, one for each IPv4
<blackflow> btw, their floating IP is really manual work, it doesn't auto failover.
<hadifarnoud> how about this? https://gist.github.com/hadifarnoud/4e5e3d1d2f977de2a337e43382ed726a
<blackflow> hadifarnoud: :0 and :1 are not needed these days any more (wiht iproute anyway). that gateway doesn't look right, but if they say it is, then it is. /32 is not your subnet.
<hadifarnoud> I'll ask for the gateway
<hadifarnoud> so I can just use the same interface? https://gist.github.com/hadifarnoud/4e5e3d1d2f977de2a337e43382ed726a
<blackflow> hadifarnoud: check the console, all networking info should be listed there
<hadifarnoud> unfortunately there is nothing more than server IPs and reverse DNS in Hetzner Console.
<blackflow> hadifarnoud: well launch another cloud instance and see how it's set up. you pay them by the hour anyway
<blackflow> (using their official ubuntu images, I mean)
<hadifarnoud> ok
<ahasenack> rbasak: hi, good morning/afternoon
<ahasenack> rbasak: if you have a moment, could you please push the upload tag for https://code.launchpad.net/~ahasenack/ubuntu/+source/libapache2-mod-perl2/+git/libapache2-mod-perl2/+merge/348780, after you take a quick look?
<ahasenack> cpaelzer +1'ed it
<coreycb> jamespage: btw i've been making python(3)-* packages conflict on each other for core packages
<coreycb> jamespage: figured i'd mention that in case you can think of an issue with that. for example with some packages like horizon dashboards files conflict in /usr/share
<ahasenack> rbasak: if you are back, and/or feeling able, could you please import into git-ubuntu pmdk and ndctl? They were accepted into cosmic (\o/)
#ubuntu-server 2018-07-12
<spicey> hello , i have a question related to my vps, for which i choose for  ubuntu server 14.04.  i run 4  wordpress websites, for one i want to install a ham radio logbook plugin. I want to use a terminal based logbook, but i dont know where to put it: on my vps, or on my desktop pc? you can only add records to the logbook using the terminal. then the log file can be uploaded to the related wp plugin, so that the
<spicey> logbook eventually will show on my website.
<spicey> do i need to use my vps?
<sarnold> probably you could run the software locally and copy just the data over to the vps
<spicey> ah
<spicey> what i thought but then i run into stuff like no mysql installed
<spicey> does that mean i need to create mysql database for my desktop pc?
<spicey> Requirements
<spicey>     Perl, including Switch, DBI and DBD::MySQL
<spicey>     MySQL server (3.23.23 or higher) and client
<spicey> these are the requirements for the software
<sarnold> woah
<sarnold> mysql 3.23... just how long ago was this last updated?
<spicey> i have no idea
<spicey> lol
<sarnold> I'd be hesitant to stick it on the public internet
<spicey> ok that's clear
<spicey> it won't be on a site google can find
<spicey> well at least that's whaty i hope
<spicey> you know what ill send your remarks to the ham who created this maybe he has an explanation
<sarnold> it's shodan you have to worry about :)
<spicey> shodan?
<spicey> i dont know shodan
<spicey> im just a beginner
<spicey> it says 'or higher'
<spicey> so higher won't hurt
<spicey> higher never hurt :p
<spicey> 3.23 or higher
<sarnold> well here's some windows screenshots showing how to install mysql 3.23 on windows, maybe that will suggest the vintage software .. :) http://carme.cs.trinity.edu/thicks/Tutorials/MySQL-Install-Community-Server-3.23/MySQL-Install-3.23.html
<sarnold> cute. http:\\www.mysql.com...
<spicey> so ugly put that away
 * spicey burns the page
<spicey> is that mysql on windows... how weird
<spicey> it makes me wanna puke
 * spicey feels nauseous now
<spicey> CLog is developed and tested on CentOS 7, with the included Switch, Perl, perl-DBI, perl-DBD-MySQL and MySQL. However, it should run on most UNIX/linux platforms. In some occasions you may have to change the perl path on the first line of the 'clog' file.
<spicey> wtf i have to "change the perl path"
<sarnold> spicey: oh good
<spicey> really?
<sarnold> yeah if the author runs it on something as recent as centos 7 then it's way less terrifying than I was envisioning ten minutes ago
<spicey> ah okay haha
<sarnold> the copyright on that page is from 2003.. and we have rather higher security expectations these days than we did back then
<spicey> so there is hope?
<sarnold> yeah
<spicey> ok that's good
<spicey> maybe i best send the ham who created the thing a mail
<zhill29_> Disclaimer: I'm not currently diagnosing this. Just wondering if anyone has run into it. Was trying to setup zfs on an ubuntu server install (16.04-3) in raidz with 5 disks. Kept getting 2 disks saying they were busy, one at a time.
<zhill29_> Was always /dev/sdg or /dev/sdf for some reason, never the other 3
<lordievader> Good morning
<Xandrov> Good evening. I'm having an issue getting a raid to re-mount after a power outage. Mount is saying it's unable to read the superblock. I was able to fix this before by stopping/restarting the raid with mdadm but that isn't working this time. Is anyone able to offer any suggestions? Please and thanks :)
<lordievader> Xandrov: This might help you https://linuxexpresso.wordpress.com/2010/03/31/repair-a-broken-ext4-superblock-in-ubuntu/
<rbasak> ahasenack: imported. They won't auto-update until I next upload to edge and restart he importer.
<rbasak> (actually to beta)
<ujjain> how do enable SSH on Ubuntu in Docker... systemctl start ssh -> system has not been booted with systemd as init system (PID 1). Can't operate.
<blackflow> ujjain: docker is designed for single (master) process applications as PID 1, not really a VM-like env you can ssh into.
<ujjain> Yeah I understand, but I am just trying to example a jenkins pipeline with ansible etc.
<blackflow> then you'll have to run a process manager as pid 1, which can start sshd and whatever else, contrary to what it's designed to do.
<ujjain> and I have no ability to create VM's, so figured to use a container. Normally we would manage VM's with it.
<blackflow> why no ability to create VMs?
<blackflow> there's also vagrant if you need to abstract VM creation for testing purposes
<ujjain> because it would have to be done manually... more difficult during training.
<ujjain> Yeah, but not everybody has vagrant installed here
<ujjain> everybody does have docker... so me creating a dockerfile would be quickest
<blackflow> it's just anotehr tool like docker is
<blackflow> y'all are using it wrong tho
<ujjain> but it's for a 1 hour training
<ujjain> not for production use.
<blackflow> then like I said, the docker would need to start a process manager as pid 1, with which you can start other services in that container. or just run sshd directly if that's the only thing you need?
<blackflow> ujjain: which btw is not really ubuntu specific, and you'll find fare more help with it in #docker.
<blackflow> *far more
<ujjain> service ssh start is already working, but systemctl isn't ...
<ujjain> it's an ubuntu image though.
<blackflow> the problem is not ubuntu specific.
<ujjain> how would I even autostart apache in an Ubuntu container? that'd be the same issue.
<ujjain> apt-get install apache2, service apache2 start does work
<ujjain> but no autostart
<blackflow> "ubuntu container"? that's vague. which container tech? LXC, LXD, docker?
<blackflow> ujjain: note also that systemd itself can containerize services that are locally installed, including using a chroot, or even with nspawn.
<ujjain> CMD    ["/usr/sbin/sshd", "-D"] looks to be a fine solution
<ahasenack> rbasak: thanks
<ahasenack> rbasak: just curious, they won't auto-update because they need to be added to the white list, and that means a commit and snap update, is that it?
<rbasak> ahasenack: right. I've done the commit, but the pipeline to get it to the auto importer machine as asnap
<rbasak> as a snap involves manual steps
<ahasenack> ok
<ahasenack> rbasak: would you have some moments today to look at my outstanding MPs?
<rbasak> Sure
<ahasenack> maybe the sssd one first, since it's a fix for a ftbfs
<ahasenack> thanks
<rbasak> OK
<rbasak> ahasenack: +1. Shall I push the upload tag?
<ahasenack> rbasak: yes please
<ahasenack> rbasak: I can dput
<rbasak> ahasenack: pushed
<ahasenack> thanks
<rbasak> ahasenack: did you already ask me to push the upload tag for https://code.launchpad.net/~ahasenack/ubuntu/+source/libapache2-mod-perl2/+git/libapache2-mod-perl2/+merge/348780?
<ahasenack> rbasak: I think I pinged after your EOD
<ahasenack> and realizing that, added a comment to the mp
<ahasenack> is lp timing out for somebody else?
<blackflow> ahasenack: WorksForMe(tm)
<rbasak> ahasenack: +1 for clamav. Shall I push that upload tag too?
<ahasenack> rbasak: yes please
<ahasenack> rbasak: let me check if I can upload, just a moment
<ahasenack> rbasak: I can, so just the tag please
<rbasak> ahasenack: tag pushed, thanks
<ahasenack> cheers
<coreycb> jamespage: i think conflicts might be too strict. murano-dashboard needs both python(3)-heat-dashboard installed as BDs to run unit tests.
<coreycb> working around that with a heat-dashboard-common package
<ahasenack> rbasak: I shouldn't mark https://code.launchpad.net/~ahasenack/ubuntu/+source/libapache2-mod-perl2/+git/libapache2-mod-perl2/+merge/348780 as merged until it lands in proposed, right? It's an SRU
<rbasak> ahasenack: I agree. It's a mess whatever we do though since I have to push the upload tag.
<ahasenack> assuming the answer is "yes", any ideas to get it off the list at https://code.launchpad.net/~canonical-server/+activereviews ?
<rbasak> We could mark it as Approved perhaps?
<ahasenack> works for me, could you please do that?
<rbasak> Done
<ahasenack> thx
<kaleidoscope> hey guys
<kaleidoscope> i need some help committing dns servers to resolv.conf via /etc/networking/interfaces
<kaleidoscope> https://ptpb.pw/rrVf ;; i have this static conf in the interfaces file and the 'dns-nameservers' does not output to resolv.conf
<teward> kaleidoscope: what version?
<teward> and what *is* in /etc/resolv.conf currently?
<kaleidoscope> teward: ubuntu 18.04 and currently resolv is using the systemd-resolve stub address (127.0.0.53), though that does work (pinging google outputs temp. resolv error)
<teward> kaleidoscope: /etc/network/interfaces isn't used by default, netplan is.  are you sure you're configuring your networking in the right location?
<kaleidoscope> teward: i believe so, i at least have static networking working as per my configuration
<kaleidoscope> teward: if that's the case, i will move on to netplan as well
<kaleidoscope> ah i see
<kaleidoscope> it seems ubuntu does not use ifupdown anymore
<teward> kaleidoscope: no, Netplan has taken its place
<teward> we use systemd for things now
<teward> so ifupdown has no more usefulness by default
<kaleidoscope> gotcha, then i'll use netplan and hopefully that will resolve my dns issue. also, it's safe to disable the 'networking' interface, yes? then enable 'systemd-networkd' because netplan uses it as a renderer
<teward> I don't know what you mean by the "networking" interface in this context
<kaleidoscope> teward: ah sorry, i meant the 'networking' service, the one that utilizes ifupdown for connections
<teward> kaleidoscope: not sure if it's safe or not, sorry I don't have all the info available
<kaleidoscope> teward: it's okay, i went ahead and disabled 'networking.service' netplan is working perfectly with the same configuration.
<teward> glad to hear it
<kaleidoscope> but i now am running into another problem. it seems netplan is ignoring sysctl and assigning ipv6 to my NIC.
<kaleidoscope> i can run sysctl -p to disable it, but i assumed this was done at boottime
<kaleidoscope> is there any method to disable ipv6 via netplan? i run a vpn that only supports ipv4 and ipv6 opens a leak
<kaleidoscope> sysctl.conf includes the following : https://ptpb.pw/ScDi : and is respected only when manually running sysctl -p
<teward> you sure it's a publicly addressable v6?  it might just be a link-local address, and I don't think there's a way around that *currently*
<teward> but don't quote me, I just disable all outgoing v6 via ip6tables (ip6tables -A OUTPUT -j DROP)
<teward> (it's probably not the safest way to do that thonugh)
<kaleidoscope> teward: i did some testing and yes, it can retrieve webpages via 'curl -6'. i believe link-local address starts with "fe80" and my main ipv6 addresses has my ISP's prefix. but thank you for the tip
<teward> kaleidoscope: i'd just turn off v6 dhcp, and leave it as a link-local address then
<teward> i think there's a way to do that but I don't remember it, I have it on my computer but not here (I'm on my phone here right now)
<kaleidoscope> teward: see, that's what i saw as well, but does that only work for dhcpv6? i only use radvd for my gateway
<cyphermox> kaleidoscope: accept-ra: no
<kaleidoscope> cyphermox: awesome, that works perfectly, thank you
<cyphermox> kaleidoscope: np
<kaleidoscope> perfect
<kaleidoscope> netplan is working and dns is working again (using resolved stub)
<kaleidoscope> thank you teward for your help :)
<cyphermox> kaleidoscope: great
<cyphermox> kaleidoscope: if you have questions don't hesitate on #netplan too
<kaleidoscope> cyphermox: ah, didn't know there was a netplan channel! thank you for that, i'll ask questions there if i run into networking problems again
#ubuntu-server 2018-07-13
<lordievader> Good morning
<sikun> lordievader, morning
<lordievader> Hey sikun How are you doing?
<sikun> lordievader, not too bad, long day :/ lol
<sikun> yourself ?
<lordievader> Doing good here. Still waking up for a bit.
<sikun> lordievader, nice
<sikun> blah... need something to keep me busy for a while, lol
<masber> good afternoon, I am trying to install ubuntu 18.04 and in the networking section I need to create a bonding but I can't see the option to do that... any advice?
<masber> I was thinking to skip the networking part and continue with the installation but the installer is not allowing me to keep going if no nic is setup
<masber> any thought?
<sikun> does it detect the NIC(s) ?
<sikun> guessing it does if it's wanting you to set it up, could just enter in bogus info and then change it after first boot
<masber> sikun, yes it detects the nics
<masber> sikun, I can't continue the installation, it complains that no nic has been setup
<sikun> manually configure one nic then, just give it 192.168.1.2 ip and change it afterwards
<tafa2> i'm sure this has been asked/debated a zillion times - but I need a new naming system for my servers - what do you guys use?
<tomreyn> stars is common, rivers, cities, or if you're enough of a nerd and dont have (and wont have) too many servers, then pivk just your favourite comic series / movie characters / locations etc.
<masber> hi, I just installed ubuntu 18.04 and changed netplan config file to setup my network, now I want apply my new network config by running systemctl restart NetworkManager.server but that doesn't work, any idea?
<masber> *want to apply
<masber> error message says Unit NetworkManager.server not found
<masber> I am following official documentation https://help.ubuntu.com/community/NetworkManager?action=show&redirect=WifiDocs%2FNetworkManager
<tomreyn> masber: did you install ubuntu server or desktop?
<masber> tomreyn, server
<tomreyn> server defaults to the system-networkd backend
<tomreyn> desktop uses network-manager by default
<tomreyn> at leats thats what i think i read on the release notes
<tomreyn> you surely read those, too? :)
<masber> sudo systemctl restart system-networkd ?
<tomreyn> masber: you need to "netplan apply"
<tomreyn> and before that, "generate"
<tomreyn> https://netplan.io/design#commands
<ahasenack> rbasak: hi, good morning/afternoon
<ahasenack> rbasak: if you are in review mood, here is another one, for a merge from debian this time: https://code.launchpad.net/~ahasenack/ubuntu/+source/autofs/+git/autofs/+merge/349320
<Haris> hello all
<Haris> how to get php 7.2 on xenial ?
<cyphermox> tomreyn: generate is unnecessary, just "netplan apply" is enough
<tomreyn> cyphermox: thanks
<tomreyn> Haris: please dont cross post
#ubuntu-server 2018-07-14
<easyOnMe> hello everyone
<easyOnMe> I would just like to seek help here
<sarnold> hey easyOnMe, irc works best with specific questions :)
<easyOnMe> I created a subdomain like countryName.domainName.org but when I tried it on the browser it says: You don't have permission to access / on this server.
<sarnold> .. exactly like that. hehe.
<sarnold> easyOnMe: have you checked the webserver's error logs? sometimes they point out hte error clearly
<easyOnMe> hang on let me see and I will get back on something that I do not understand
<easyOnMe> sarnold: I got this from the error log
<easyOnMe> sarnold: [Fri Jul 13 21:33:47.260068 2018] [autoindex:error] [pid 28044] [client 116.88.154.241:35378] AH01276: Cannot serve directory /var/www/html/countryName/: No matching DirectoryIndex (index.php,index.html,index.cgi,index.pl,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive
<easyOnMe> [Fri Jul 13 21:33:47.527334 2018] [core:error] [pid 28044] [client 116.88.154.241:35378] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://countryName.domainName.org/
<easyOnMe> the thing is that there is already an existing directory at /var/www/html/countryName
<sarnold> and an index?
<easyOnMe> I am not sure about that but let me tell you this first
<easyOnMe> this error of forbidden access started occurring when I implemented an ssl certificate
<easyOnMe> previous I can access all the subdomains I created by just using the http://
<easyOnMe> but when I implemented a certificate for some reason it started all these errors
<easyOnMe> I am using codeigniter so I just placed all the folders inside the subdomain folders
<easyOnMe> so I am not sure about this index stuff that the error is talking about
<easyOnMe> sarnold: it keeps on giving this error: You don't have permission to access / on this server on port 443
<sarnold> easyOnMe: hmm, I *think* the thing to do is ignore the cert for the moment.. focus on the log error messages..
<sarnold> easyOnMe: ls -l /var/www/html/countryName/index* and make sure that something is there
<easyOnMe> ok give me a minute
<easyOnMe> sarnold: no such file or directory
<easyOnMe> so what do I do now
<sarnold> easyOnMe: find out why! :)
<sarnold> easyOnMe: should the direcdtory be there? or is it using the wrong name?
<easyOnMe> the directory is there and it is the correct name
<easyOnMe> the thing is I am using codeigniter and all usually do is copy and paste the whole codeigniter folder and it usually works
<easyOnMe> and this is what i did in this case
<easyOnMe> but for some reason the error says no index stuff all that
<easyOnMe> this is what I did with the main domain so I thought similar procedure will work with subdomain
<sarnold> easyOnMe: hmm. maybe restart the server and make sure that the configuration file you're debugging is actually the one in use?
<easyOnMe> sarnold: yeah already did that earlier
<easyOnMe> the problem still persist
<easyOnMe> sarnold: do you the countryName.domainName.conf file
<easyOnMe> sarnold: do you need the countryName.domainName.conf file
<easyOnMe> cause I can show it to you
<sarnold> easyOnMe: I'm running out of ideas.. it wouldn't hurt to pastebin the configs though and maybe someone who knows apache better than I do could spot something?
<easyOnMe> here it is: https://pastebin.com/FUyBNtaB
<sarnold> that's :80 though
<sarnold> right?
<sarnold> not 443?
<easyOnMe> yep
<easyOnMe> is that a problem
<easyOnMe> cause there is on existing subdomain that is working using a similar .conf configuration
<easyOnMe> the only difference is their subdomain name
<easyOnMe> but that one is working while this other subdomain is not
<sarnold> it might indeed be the source of the problem
<easyOnMe> sarnold: so do you want me to change the port
<easyOnMe> into 443
<sarnold> easyOnMe: if you do that your http service is liable to stop
<sarnold> well, for that domain
<sarnold> or.. maybe all?
<sarnold> dunno.. anyway probably you'll have to understand it better than I do :D
<adamretter_> How do I specify the Mac and static-ip for a guest when creating it via uvt-kvm ?
<adamretter_> Can someone tell me how to specify the MAC Address to uvt-kvm when using the --bridge parameter? At the moment my bridge interfaces is coming up with a random MAC
<compdoc> thats odd. I think my bridges use the same mac as the interface
<adamretter_> compdoc: Each on my vnet interfaces on the host has to have a specific registered mac to be allowed traffic by my hosting provider's network
<flipwalker42> Hey I'm having a heck of a time getting a server install of 18.04 working. It seems to install normally, but on first boot goes to grub rescue. Installing on a Dell R710 2x6core proccessors with 64GB ram, 6x4TB HD setup with a hardware raid 10. Installing using basic 'use entire disk' partitioning.
<memphisto> flipwalker42: uefi? legacy?
<flipwalker42> Hm. I assume UEFI, but I haven't actually checked. Going to go confirm.
<memphisto> flipwalker42: when running in live mode/or installer can you check if you see your raid ctrl? do you have drivers for it? is there module that needs to be build in initramdisk in order to boot of of it
<flipwalker42> memphisto: YOu hit the problem on the head. THank you. It was runing legacy. Switched to UEFI and reinstalled. Working perfectly now. ANd I feel dumber. But thanks! :-)
<memphisto> flipwalker42: good to hear its working
<JanC> learning new things doesn't make you dumb!
#ubuntu-server 2018-07-15
<cryptodan_mobile> Anyone good at dns zone files and propagation
#ubuntu-server 2019-07-11
<coreycb> sahid: jamespage: fyi i had to add the following for bionic-train backports
<coreycb> https://www.irccloud.com/pastebin/3UVHsPql/
<coreycb> jamespage: fyi i think sahid's will need that to build on bionic-train
<jamespage> why is that required?
<jamespage> I did not do that for any of the 30 or so I did this morning btw
<jamespage> I've just been leaving in the python-* BD's - enough todo the clean step at least
<sahid> i followed your pattern jamespage
<coreycb> sahid, jamespage: it's needed if you drop Build-Depends on python-setuptools as those will run the py2 build/clean. if you keep python-setuptools it'll succeed.
<coreycb> i'm not picky. i've been dropping all the py2 deps.
<coreycb> sahid: jamespage: just want to make sure they build successfully on b-t though before we upload
<sahid> coreycb: ok i will make a second pass
<sahid> jamespage: i can take care of yours too if you want?
<coreycb> sahid: you can just add the py2 python-setuptools back. try it on one package maybe and make sure it builds ok on b-t
<sahid> coreycb: how to enable UCA with pbuilder-dist?
<coreycb> sahid: there's an sbuild-train cmd you can run on top of a bionic sbuild chroot. or you could add-apt-repository cloud-archive:train to a pbuilder chroot. or you could just create a ppa that is based on the bionic-train staging ppa.
<coreycb> sahid: jamespage: ok py3-only swift uploaded. there were a bunch of failing py37 unit tests but they were fixed after a new snapshot. upstream is only running a subset of py3 functional tests but there's a lot of action on the py3 front upstream so that's promising.
<sahid> hum... yeah ImportError: No module named setuptools
<sahid> dh_auto_clean: python setup.py clean -a returned exit code 1
<jamespage> coreycb, sahid: my take was dh-python needed to be more clever about what it did - so I left the python-setuptools dep in place and just dropped the BDI's python-*
<jamespage> why it runs a py2 cleanup step with --with python2 is not provided...
<jamespage> coreycb: its odd because we have both debhelper and dh-python backported to bionic-train
<coreycb> jamespage: hmm interesting
<sahid> ok... i wanted to follow james's pattern but in fact i did not :/
<ruben23> hi there guys, what version of php do we have as package on ubuntu server Ubuntu 18.04.2 LTS
<blackflow> !info php bionic
<ubottu> php (source: php-defaults (60ubuntu1)): server-side, HTML-embedded scripting language (default). In component main, is optional. Version 1:7.2+60ubuntu1 (bionic), package size 3 kB, installed size 12 kB
<sarnold> !info php7.2 bionic
<ubottu> php7.2 (source: php7.2): server-side, HTML-embedded scripting language (metapackage). In component main, is optional. Version 7.2.19-0ubuntu0.18.04.1 (bionic), package size 9 kB, installed size 84 kB
<sarnold> there we go :)
<ruben23> also there is no apache2-mpm-prefork package anymore..?
<sarnold> I don't see any mpm packages any more https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.6
<sdeziel> ruben23: mpm modules are shipped in apache2
<sdeziel> mpm_{event,prefork,worker} are available
<ruben23> so i dont need to install it like this.? ---> apt-get install apache2 apache2-mpm-prefork
<sarnold> correct
<ruben23> just install apache2
<ruben23> also guys one more thing i cant install libcurl3 --->
<tomreyn> does you hand slip off your keyboard when you try to type it then?
<ruben23> https://pastebin.com/3FzLXN4i
<tomreyn> this outout was generated by which command (be sure to always show both the command you ran and the output it produced)?
<ruben23> apt-get install libcurl3
<tomreyn> did you run    sudo apt update    before you ran the command which created this output?
<sarnold> I don't think you can have both libcurl3 and libcurl4 installed at once
<sarnold> http://paste.ubuntu.com/p/7D3cRFphcW/
<ruben23> yes i run update so libcurl4 is already built on Ubuntu server 18.04
<ruben23>  sarnold: what this do.?
<sarnold> ruben23: it shows the reasoning why I think you can't have both packages installed at once
<ruben23>  sarnold: libcurl4 is already installed on UBuntu server 18.04.?
<ruben23> so i cant install libcurl3
<tomreyn> do you need it, though? if so, you can probably replace libcurl4 by libcurl3?
<tomreyn> i think there must be another issue if the dependency resolver fails to calculate this
<ruben23>  tomreyn: libcurl4 would do
<tomreyn> !info libcurl4 bionic
<ubottu> libcurl4 (source: curl): easy-to-use client-side URL transfer library (OpenSSL flavour). In component main, is optional. Version 7.58.0-2ubuntu3.7 (bionic), package size 232 kB, installed size 689 kB
<tomreyn> !info libcurl3 bionic
<ubottu> libcurl3 (source: curl3): easy-to-use client-side URL transfer library (OpenSSL flavour). In component universe, is optional. Version 7.58.0-2ubuntu2 (bionic), package size 232 kB, installed size 688 kB
<tomreyn> hmm libcurl4 is in main, so this would seem to be the default indeed
<tomreyn> ruben23: so you already have libcurl4, don't need libcurl3, then you can just keep things as they are, right?
<ruben23> tomreyn and  sarnold:  thanks a lot for the help
<tomreyn> personally i have libcurl4 and libcurl3-gnutls installed on 18.04.2
<tomreyn> so you can even have both versions if you don't mind using a different ssl lib
<ruben23> what this mean guys im lacking for upgrade.? https://pastebin.com/0DKUqy6N
<tomreyn> ruben23: there's a pending update from one of your 3rd party apt repositories
<tomreyn> ruben23: can you post the output of this    sudo /bin/true && cat &>/tmp/aptlog < <(sudo apt-get -qqy update 2>&1; apt-cache policy 2>&1; sudo apt-get -syV full-upgrade 2>&1;); nc termbin.com 9999 </tmp/aptlog; rm /tmp/aptlog
<ruben23> tomreyn:  it works after i do apt-get upgrade
<tomreyn> i assume you have some 3rd party repositories configured which are cuasing the depedency resolver to fail the way it does.
<ruben23> guys we dont use eaccelerator anymore to optimized apache2 right.?
<tomreyn> from my memory, 'eaccelerator' was a php opcode cache and source code encoder
<ruben23> i mean php sorry
<ruben23> tomreyn: with ubuntu 18.04 we dont used anymore this eaccelerator.?
<tomreyn> ruben23: we? no. maybe you do, i don't.
<ruben23>  tomreyn: :) sorry for the we
<tomreyn> no worries, ruben23, i notice this is common amongst ES and PT native language folks, i just like to make silly jokes. see this https://en.wikipedia.org/wiki/EAccelerator
<ruben23> they said thie eacellerator is depricated and they used OPcache instead
<tomreyn> ruben23: yes, this seems to be the most common opcache since php7. if you also want memory caching there is also memcached and apcu
<hashwagon> Does anyone know why an ubuntu 16.04 server would change from a statically set IP address? I'm not finding anything online about this. Is there a failover mechanism?
#ubuntu-server 2019-07-12
<ruben23> sarnold: hi there
<sarnold> evening ruben23
<ruben23> sarnold: im so sorry i forgot to take note of teh substitute of apt-get install linux-headers-server in Ubuntu server 18.04 lts, what was that again if you dont mind, really sorry
<sarnold> ruben23: linux-headers-generic
<ruben23> ;-) Thanks a lotr
<sarnold> you're welcome :)
<adol-christin> hello i need help
<adol-christin> getting my domain to work on my ubuntu dedi server
<adol-christin> i played with host names and it kinda kept crashing the server over and over
<lordievader> Good morning
<lordievader> adol-christin: What kind of domain are you referring to? DNS domain, AD domain?
<adol-christin> dns domain got it from google domains
<adol-christin> and good morning to you too :)
<lordievader> What is the actual problem?
<adol-christin> well how do i get it to communcate to my dedi server
<adol-christin> can i show a screen of how i configured it
<lordievader> !paste
<ubottu> For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<adol-christin> https://gyazo.com/7af911fd6493e23dbf1c777df89375cd
<adol-christin> screen image and i changed stuff on my last ubuntu os on local host but that just constatly crashed the server over and over
<adol-christin> https://www.youtube.com/watch?v=aPqDQX5naHA
<adol-christin> i found this one
<adol-christin> tutorial that is.
<adol-christin> i edited /etc/hosts/
<adol-christin> and added my domain too it 0.0.0.0 aetherdreams.com and another line with 0.0.0.0 www.aetherdreams.com
<adol-christin> but that seemed to crash ubuntu over and over after doing that
<adol-christin> do u kno why it would do this?
<lordievader> Brr, you don't want to do that.
<lordievader> 0.0.0.0 is a representation for the entire network.
<adol-christin> oh so the youtuber is a retard?
<lordievader> That said, since you are setting up DNS you don't want to be editing your hosts file since it defeats the purpose.
<lordievader> Youtube is rarely good for these kind of things.
<adol-christin> so what do i do to get apache to work with my domain name?
<lordievader> You rather want to read manual pages, rfc's or tutorials of known good sources.
<adol-christin> know any links too it?
<lordievader> You first want to fix your DNS setup, currently I get an NXDOMAIN on www.aetherdreams.com.
<adol-christin> so did u see my screen shot i sent?
<lordievader> Then once www.a.c points to the IP address of the server you can tell Apache that its servername www.aetherdreams.com
<lordievader> Yes
<adol-christin> i watched a youtube vid on google domains i did what they said
<adol-christin> Do you know what i did wrong?
<lordievader> The description reads 'glue records', this is not what you want. You want to change the regular records.
<blackflow> adol-christin: you need to stop messing around with public DNS and public servers until you know what you're doing.
<adol-christin> https://gyazo.com/58e99bc995c19a7638f5b1c704f30f6d
<lordievader> +1 to that, first figure out how things work before diving in.
<adol-christin> as i said last night ive done with other domain servers and it was piss easy but this one never used it before
<lordievader> I.e. read documentation
<lordievader> Perhaps even RFCs to figure things out.
<adol-christin> RFCs?
<blackflow> adol-christin: no, you don't know what you're doing. please stop messing with  public infrastructure, you'll cause damage to someone.
<adol-christin> how can u be sure ill cause damage to someone?
<blackflow> Set up a VM and do it all on your VM, in your LAN, learn all the things and concepts first.
<lotuspsychje> adol-christin: setting up servers needs basic knowledge, you cant just random do things
<blackflow> adol-christin: becase in 20+ years of my experience I've seen it many times. noob setups getting pwned by bots and starting ddos attacks and other illicit things. open email relays. open dns resolvers....
<lotuspsychje> adol-christin: did you read the server manuals we gave you last night?
<blackflow> Set up a VM and learn things in that first. Folks here will be delighted to help with specific questions about that (after you've read required docs and tried yourself first).
<adol-christin> no i passed out
<adol-christin> can u resend it
<lotuspsychje> !server | start here
<ubottu> start here: Ubuntu Server Edition is a release of Ubuntu designed especially for server environments, including a server specific !kernel and no !GUI. The install CD contains many server applications. Current !LTS version is !Bionic (Bionic Beaver 18.04) - More info: http://www.ubuntu.com/products/whatisubuntu/serveredition - Guide: https://help.ubuntu.com/lts/serverguide - Support in #ubuntu-server
<lotuspsychje> adol-christin: before going to production, try the VM advice blackflow provided
<blackflow> in addition to this, Digital Ocean has plenty of useful How-To articles on server applications and configurations. Google is your best friend there.
<blackflow> for example, like this:  https://www.google.com/search?client=ubuntu&channel=fs&q=how+to+set+up+apache+site%3Adigitalocean.com
<adol-christin> ah i see they gave me the wrong installation of it >_<
<adol-christin> its not server edition just regular ubuntu for some reason
<lordievader> Of what?
<lordievader> That doesn't really matter.
<lotuspsychje> 'they'?
<blackflow> lordievader: it might if there's no GPU which was suggested yesterday as cause of crashes.
<lordievader> The point is, that you need to learn things (read, try out in isolation, etc) first before putting things into production.
<adol-christin> will u help me once i learn?
<blackflow> Sure, if you have specific questions, pertaining to Ubuntu, we're all ears here.
<lordievader> Like blackflow said, if you put in the effort we are willing to answer questions, sure.
<lotuspsychje> adol-christin: ubuntu server is also a responsible task, at some point you will need to be on your own too
<blackflow> and you'll need to know how to fix things over ssh only. running rescue environments, mounting your main installation's disks to fix broken boots, that's also important experience for running remote servers.
<blackflow> who's "they" btw? which hosting company are you renting that behemoth server from?
<huehner> Hello, seeing very strange apache2 behavior on bionic (2.4.29-1ubuntu4.7) with latest updates (regression fix for openssl1.1.1)
<huehner> apache freshly restarted -> do a run of ssllabs.com/ssltest against it and 2 apache2 processes stuck at 100% apparently indefinitely
<huehner> andol: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1836329 -> regression in 4.6 -> 4.7 in LTS :(
<ubottu> Launchpad bug 1836329 in apache2 (Ubuntu) "Regression running ssllabs.com/ssltest causes 2 apache process to eat up 100% cpu, easy DoS" [Undecided,New]
<andol> huehner: Why me?
<huehner> andol: bad fingers on my side (was unintended), sry
<andol> No worries.
<ruben23> hi there guys where do i configure the my.cnf when i used MariaDB10.2 its quite different now from MariaDb5.5
<ruben23> any idea guys.?
<mTeK> Without gasoline and a match how would you diagnose a port flap using DAC's in bond to mlagged switches. It starts happening after 8 days after a reboot... I've changed firmware on cards, installed driver as dkms as manufacture says, changed kernels, changed DAC cable manufactures.
<mTeK> It's randomly after 8 days happening on 4 servers. These 4 servers are some older supermicro's. I wouldn't think it would be the motherboard or pcie slot issue. The flap is only on one of the DAC's, the other interface seem stable but it's on a different switch.
<mTeK> I'm thinking next step is to create more mlagged interfaces and move the servers into the new port channels to see if it's the first 4 ports of this switch.
<mTeK> If that doesn't solve it should I change OS or nic cards next?
<tomreyn> maybe increase log verbosity on the module (if available), see if there are power saving options there you can disable
<mTeK> Your talking about nic power settings and not server governers?
<tomreyn> mTeK: yes, but i really have 0 experience with DAC, should have said so.
<tomreyn> switching governors might also be worth a try, sure.
<mTeK> I use them quite a lot and I have the same cards in others servers using the same network config and they are working.
<mTeK> There are power settings on the mellanox cards.
<mTeK> I'm not even sure if the server or the switch side that's dropping
<mTeK> The switches are arista and since I didn't buy them new I have no support from them.
<tomreyn> aaw crap. they can do good enough logging though. or port mirroring.
<tomreyn> at least the non entry models
<mTeK> They are DCS 7150  so not entry level.
<mTeK> ceph is pretty resiliant as long as the server goes offline, it doesn't like the bouncing ethernets.
<mTeK> I think there is a timeout command that I can set on the bouncing on the switch. That way once it starts it will hold the port offline till the timer clears.
<tomreyn> maybe you can do flap detection and fencing near the source instead.
<tomreyn> actually your approach may be better
<mTeK> Well I think that is how it works...
<mTeK> Here is a paste of the logs https://pastebin.com/s13dDb68
<teward> anyone with an 18.04 machine successfully configured a Bridge on their system with Netplan that lets the system itself have Internet and be reachable, but also allow cintainers such as LXD containers to use the bridge to get DHCP addresses too?
<sdeziel> teward: I think so, let me check if I have something to share
<sdeziel> teward: correction, I'm using a different bridge for the host and separated bridges for my lxd containers. That may still be useful to look at for you though https://paste.ubuntu.com/p/M6wwcMXTkR/
<teward> sdeziel: thanks.  running into some headaches with macvlan on LXD by default.  The headache I have is that it's being derp with the containers behind
<teward> maybe because VMware's involved it's eating packets...
<teward> might mess with it later right now I just need to get this damn mail server set up >.<  *uses straight NAT for reasons in the interim*
<sdeziel> teward: macvlan is annoying to deal with
<teward> yes, it is
<teward> so is VMware promiscuous mode eating packets from the host
<sdeziel> because the host needs also a macvlan device if you want it to talk with your containers?
<sdeziel> s/\?$//
<teward> i don't need host -> container I just need Network <--> Container
<teward> and container is making DHCP requests
<teward> but they're not getting to the virtual firewall;
<teward> so IDK what's up there
 * teward will mess with that later
<sdeziel> teward: with macvlan, your containers will show up with a new MAC when they get to VMWare so maybe you need to allow this virtual NIC to have more than 1 MAC
<teward> not sure that's doable, but promiscuous mode and accept mac changes is enabled
<teward> but VMware's having a hell of a time with it
<teward> so IDK
<teward> i'll mess with that in a separate VM later for testing
<teward> FOR NOW
<teward> I'm just going to straight NAT the container ports to the host
<teward> and vice versa
<lordcirth> Ok, this is weird. Brand new 18.04 LXC container, from the download template. If I try to start salt-minion, ssh, or postfix, they say "Job for salt-minion.service canceled."
<teward> lordcirth: did you check syslog or other logging mechanisms to see why it explodified?  :p
<lordcirth> teward, still hunting. I rebooted it, and now "systemctl start salt-minion" returns "Failed to connect to bus: No such file or directory"
<lordcirth> As does 'status' so it's not salt-specific
<teward> well salt I think there's known problems with
<teward> but i was more curious about ssh and postfix
<lordcirth> teward, ssh does the same
<lordcirth> Also FYI this is the repo.saltstack.com salt
<lordcirth> And I did have a problem earlier where one of my salt states tried to set the timezone, which apparently doesn't work in containers
<lordcirth> Because timedatectl doesn't work
<lordcirth> I'll rebuild the container.
<sarnold> that sounds like super-unhappy dbus
<teward> ^
<teward> sarnold: but wouldn't that have a global effect rather than a container-specific problem?
<teward> or is it possible there's apparmor isolation going on?
<sarnold> rebuilding the container will be a pretty good indicator, I hope
<lordcirth> I have this exact container setup running elsewhere, so it has to be something changed recently
<lordcirth> ok, I made the container again, ssh was running. Installed salt-minion, accepted key, rebooted
<lordcirth> ssh and salt-minion came up
<sarnold> yay! but .. bummer to not Know what the problem was
<lordcirth> Well, I'm not done applying the states yet.
<lordcirth> Doing them in parts this time
<lordcirth> I have a suspicion that linux-generic-hwe-18.04 getting installed in the container is what borked it
<sarnold> hmm. any chance you've got a working container, can install that, and break your container?
<lordcirth> The kernel package was installed by Salt after container init, so I'm trying now with that package commented
<sarnold> aha
<lordcirth> Previously all ceph clients were physical, so I forgot that it would install hwe
<lordcirth> ahah, no, that didn't fix it. But commenting out an entry I put in /etc/fstab did
<lordcirth> So I bet it's an apparmor profile issue
<lordcirth> But I did it in an identical container earlier!
<lordcirth> Ok, I got it to work by setting lxc.mount.entry properly and leaving /etc/fstab empty
#ubuntu-server 2019-07-13
<ruben23> hi guys i have a startup scrip named vicidial and wanted this to be run this every startup on my Ubuntu server 16.04 any idea how to do it.?
<sarnold> ruben23: sticking a @reboot line in a crontab would be an easy way to do it
<sarnold> ruben23: just be aware that cron has different PATH than your login shell :)
<ruben23> should it not be put in /etc/init.d/
<ruben23> then make like this update-rc.d -f vicidial defaults  <------------ is this still works.?
<sarnold> yes, that should still work too
<sarnold> ruben23: you may or may not find this useful, too: https://wiki.ubuntu.com/SystemdForUpstartUsers
<ruben23> ok thanks, where do we can view if how the startup script run during the startup of teh ubuntu server.? like logs
<tomreyn> ruben23: /var/log/syslog* or journalctl -b
<tomreyn> ruben23: the 'proper' way with systemd to run something at boot would be to create a systemd unit (start reading up on this if you'll upgrade to 18.04 LTS and beyond at some point).
<tomreyn> for now, there are still compatibility wrappers for sysv init scripts (but i hope / wish they'll all be converted / dropped 'soon')
<mjcd> holla all
<mjcd> i'm looking for mouse support for the native terminals without window or desktop managers
<mjcd> I tried um
<mjcd> gpm
<mjcd> but it's super laggy
<mjcd> painful to use
<mjcd> I know easiest solution is to ssh in from windows or wherever
<ratrace> hi. anyone with experince with btrfs in kernels newer than 4.9? iam re-evaluating its feasibility for production storage, and would love to hear other people's experience.
<blackflow> ratrace: considered ZFS too? I wouldn't trust btrfs in prod.
<ratrace> blackflow, considered but we have no interest in zfs. plus its future in linux is questionable due to license. prefer in-tree modules wherever possible.
<compdoc> I hadnt heard there were issues
<ratrace> compdoc, debian has a wiki page full of warnings, and we had issues with earlier kernels (4.4 and 4.9) with unmountable filesystems after conversion of extent types from single to mirror
<hackeron_> Hi there, I have an issue with journalctl, I set it to use 100M maximum, which for some reason gives me only 2 days of logs. When I run journalctl --disk-usage it shows 106M used but when I run journalctl | wc -c - there are only 7MB of logs. Any ideas?
<hackeron_> I posted a question with more details here: https://serverfault.com/questions/975160/journalctl-disk-usage-shows-106m-while-journalctl-wc-c-shows-only-7mb-of-lo
<Walex> ratrace: Btrfs works well except for the multiple device layer. If you use it on a single block device (e.g. based on MD) it is quite reliable.
<ratrace> Walex, that defeats almost all the advantages of btrfs
<Walex> ratrace: the main advantage of Btrfs is snapshots...
<andol> Walex: Because everyone has the same use case and sees the same advantages?
<TJ-> hackeron_:  the stored logs are binary and include lots of meta-data you don't see in the usual output
<Walex> andol: because snapshots is the almost unique feature of Btrfs, unique if you count only in-kernel filesystems
<ratrace> Walex, yes snapshots and checksumming, make the two top reasons we want btrfs.
<ratrace> checksumming more than snapshots
<blackflow> ZFS has no issues with RAID levels tho'.
#ubuntu-server 2019-07-14
<peepsalot> anyone have an idea how to deal with unresponsive byobu on a server?  it seems to have frozen and unfortunately I have run byobu-enable so it always loads into byobu session(and hangs) when I attempt to logon.  is there anything i can do without rebooting?
<peepsalot> gah, nevermind it became responsive again, after 10minuts or something.  really weird
<ra> peepsalot, you could get the pid in top or htop and kill the process, then restart. i use tmux
<peepsalot> the thing was I couldn't get into any shell at the time when it was frozen
<peepsalot> also afaiui byobu is just a frontend for tmux anyways
<ra> ctrl-f6 should force kill a window
<JanC> byobu is a configuration for tmux or screen
<JanC> calling it a frontend is technically wrong  :)
<JanC> and my guess would be that something was delaying login or something like that?
<JanC> or shell startup?
<JanC> or the system was overloaded
<JanC> peepsalot: ^^^
<peepsalot> well, i do keep it busy with work: 49.94 load on 48 threaded cpu(s) :)    but i've never noticed any responsiveness issues like that before
<peepsalot> it happened while I was in the middle of doing a search of scrollback in a tmux window
<peepsalot> which only keeps 100k lines in the worst case
<JanC> I/O overload can do that, I guess, or when you get into a swap storm
<peepsalot> 0 swap usage though, i got ram to spare
<peepsalot> only about 33% ram used
<JanC> if you were logged in remotely, it could also have been a network issue
<ra> peepsalot, you might try byobu-disable and start it from the terminal to see if the hang reproduces that way
<peepsalot> it was over ssh (on my LAN), but even when I went to the physical computer to try logging into virtual console, it was hanging upon login (because that would connect to the same byobu session since that's what "byobu-enable" configures it to do)
<JanC> it might be a login/authentication/PAM issue
<JanC> I've seen that happen on a heavy I/O load too
<peepsalot> well, anyways its better now, not sure I could reproduce it if I tried (i've already been doing more scrollback finds and nothing like that is happening now), just an odd hiccup that hopefully won't occur again soon
<ra> peepsalot, re my first reply about the pid, you can alt-f2, alt-f3 to open a new tty and kill the process
<peepsalot> ra, i couldn't login from those at the time... because byobu/tmux was stuck churning on something, and login goes directly to byobu session
<ra> so try byobu-disable and start it from the terminal to see if that changes anything
<ra> peepsalot, but you did try alt-f2?
<JanC> login would have to happen before byobu starts on a new virtual console
<kinghat> is my zfs mirror pool mounting automatically to the server?
<kinghat> what i mean is i can see its mount point and its working fine but i dont see it setup in my fstab.
<kinghat> and i just added another drive to the system and formatted it to ext4 and it shows up in the disk list, im guessing i need to manually give it a mount point?
<blackflow> kinghat: ZFS doesn't use fstab unless you explicitly set up mountpoints in legacy mode. zfs-mount.service mounts datasets that aren't in legacy mode.
<kinghat> so I would just need to make it auto mount manually?
<tomreyn> if you're alking to someone specifically, be sure to mention their nickname.
<tomreyn> otherwise, provide context.
<kinghat> tomreyn: nobody in particular and its just an added drive to my server. i had forgotten how my pool was mounted since it was set and forget.
<kinghat> since i dont think i will be adding the drive to the pool and just using it for backup i need to figure out how to get it to auto mount like a regular drive
<kinghat> unless zfs also does backup stuffs?
<blackflow> kinghat: you're asking confusing questions.
<kinghat> probably
<blackflow> ZFS datasets are mounted either by zfs-mount.service -- which looks at datasets mountpoint attribute -- or by legacy mounts via fstab (for which mountpoint=legacy at the dataset attribute)
<kinghat> ya im guessing mines via zfs-mount.service.
<blackflow> so if you want a dataset mounted, you should specify its mountpoint= attribute. if it's "legacy", then you need to use fstab.
<kinghat> i have a zfs mirror pool that is mounted and working fine. i added another drive, formatted it and noticed it doesnt automatically have a mount point.
<blackflow> kinghat: "formatted it" ?
<kinghat> i think i want to use the drive as a backup drive that gets backed up to from multiple locations everyday.
<blackflow> you're not answering my questions. how did you "format" the drive (the terminology doesn't exist for ZFS)
<kinghat> blackflow: i did mkfs.ext4 /dev/sdc
<blackflow> and that has to do with your ZFS questions... what? lol
<kinghat> it was previously formatted with ntfs
<blackflow> so if you want an ext4 filesystem mounted at boot, you need to add it to fstab.
<kinghat> it doesnt. i was confused as to why/how the zfs pool/drives were mounted as i couldnt remember setting them up. i just addeded a drive, formatted it, and noticed its not auto mounted anywhere on the system.
<kinghat> yes
<blackflow> fstab or write a proper systemd .mount unit  (fstab is converted to them at run time anyway)
<kinghat> figured thats what i needed to do something like that.
<blackflow> ZFS is a completely different beast from traditional filesystems. It's a whole fs+volumes+raid+snapshots+compression+encryption+.... kind of kitchen sink solution, with a set of services, its own specific concepts and idisyncrasies
<blackflow> ext4 is just a passive filesystem, nothing else, no services, no volume management, no raid, but latest versions methinks can do encryption.
<kinghat> blackflow: if i didnt want to add the new drive as a 3rd mirror and wanted to use it as a backup drive, does zfs have something for that as well or just use something like rsync?
<blackflow> kinghat: you can send ZFS snapshots at block-level to another drive, or over the network to <wherever>
<kinghat> what if im sending other data from another drive to said backup drive?
<kinghat> as well*
<blackflow> kinghat: but consider what you're asking. if you're gonna add a third drive to the same chassis, that's hardly a backup. you can add a hot spare to your existing pool, or simply increase redundancy by creating a 3-way mirror
<blackflow> you can rsync files from other filsystems, and use zfs snapshots send|recv for ZFS filesystems
<blackflow> snapshots are moved between datasets, so you can have   rpool/backups-for-zfs ,   rpool/backups-for-others     and then you send|recv to backups-for-zfs, and use rsync under backups-for-others
<RoyK> kinghat: something like this? https://xkcd.com/1718/
<kinghat> lel
#ubuntu-server 2020-07-08
<lotuspsychje> that was a quickfix :p
<icey> lotuspsychje: indeed :)
<nb-ben> ok I managed to boot without u-boot
<nb-ben> that's pretty cool. saved me some suffering
<DK2> i have a pxe installation with initrd.gz and linux file for the installation. the installation does not find the nic of the server. i have the source files for the driver but i dont know how to integrate that in my initrd.gz any good guides to that?
<Jenshae> Hi all. I am getting very frustrated with ZFS at the moment. I made a RAIDZ (RAID 5) with 4x SSD drives. Every time that I reboot or shutdown and boot up, I get a different status. Now, "zpool status" shows all drives "ONLINE" and CKSUM = 0. However, sometimes they are all "DEGRADED" and yesterday I had one degraded and the rest online.
<Jenshae> I have tried S.M.A.R.T. I have tried scrubbing and I have rebuilt the pool from scratch.
<Jenshae> I don't know how to diagnose this further, to work out where the problem lies, particular disk, ZFS itself, the hard drive controller, BIOS or some sort of kernel problem.
<Jenshae> Corruption is happening, "zpool status -v" listing the files, I go to them and I can't open them.
<Jenshae> (I also checked that all the drive cables are firmly and fully plugged in)
<Jenshae> Anyone got some terms I could search around to try and figure this out?
<RoyK> Jenshae: is this native zfs or fuse-zfs?
<RoyK> Jenshae: also, please pastebin zpool status -v
<Jenshae> I don't know what fuse-zfs is.
<RoyK> Jenshae: I've seen zfs finding errors the drive didn't know about (so-called "silent" errors)
<RoyK> zfs-fuse, perhaps - anyway - that's zfs running under fuse, that is, in usermode. If you have the spl/zfs kernel modules, it's native
<Jenshae> https://pastebin.ubuntu.com/p/wK3nSVfMFX/
<Jenshae> RoyK: Sorry, took awhile to sanitise it, most of my folders and file names are a bit too descriptive, so this is just a snippet https://pastebin.ubuntu.com/p/Yj4PHpTZbP/
<RoyK> hmâ¦ that's wierd - too many errors on all four drives?
<RoyK> which version of ubuntu and zfs/zpool is this?
<Jenshae> Yeah, it is weird, some boot ups, all listed as "ONLINE" without "DEGRADED" against them, sometimes all drives are "DEGRADED" and only yesterday did I have a single drive result.
<RoyK> weird, even
<RoyK> how are these connected? standard sata from onboard controllers or something more fancy?
<Jenshae> Ubuntu 18 ... what is the -v / -version, etc to get the ZFS version?
<Jenshae> Standard board SATA, yes.
<RoyK> probably --version
<RoyK> I haven't worked with zfs for a while
<RoyK> *in* a while
<RoyK> damn
 * RoyK complains about "bad language day"
<Jenshae> zfsutils-linux is already the newest version (0.7.5-1ubuntu16.9).
<Jenshae> I find that I get temporary brain damage and my typing goes to hell if I deprive myself of sleep.
<Jenshae> Like, 3 hours sleep on day 1, 14 hours on day 2, 3 hours on day 3 but on the fourth day, still typing like I am malfunctioning.
<Jenshae> (Have had one of those weeks, hence the slow responses and "like" twice in a sentence."
<Jenshae> ... and a " instead of a ) ...
<RoyK> https://xkcd.com/859/
<Jenshae> Are you trying to cast a hex on me?! :o
<Jenshae> What are these about? " vol2:<0x241ec> " I could restore the other files but I don't know how to manually fix what ever that is.
<RoyK> hehe
<RoyK> does it allow you to start a scrub?
<Jenshae> scan: scrub in progress since Wed Jul  8 13:52:36 2020
<Jenshae> 	2.13G scanned out of 593G at 545M/s, 0h18m to go
<Jenshae> 	0B repaired, 0.36% done
<Jenshae> Yes.
<Jenshae> I am not too concerned about the data. I have backups. I just don't want to throw away money on a motherboard or drives a set of drives without knowing where the fault is and I am getting tired of restoring data while this problem persists.
<RoyK> Jenshae: I can understand - it's rare to get errors on all drives at the same time
<RoyK> Jenshae: btw, can you pastebin smart data from the drives?
<Jenshae> RoyK: Is there a terminal interface for SMART? I can't copy out the GUI results.
<RoyK> smartctl -a /dev/sdX | pastebinit
<RoyK> that is - wait
<RoyK> for dev in sd[abcd] ; do echo ====== $dev ====== ; smartctl -a /dev/$dev ; done | pastebinit
<RoyK> for instance
<RoyK> replace [abcd] with the real device names
<Jenshae> Hmm ... "sudo: smartctl: command not found". I have Gnome Disks installed.
<RoyK> apt install smartmontools
<Jenshae> "sudo apt install msartmontools" I am so msart
<RoyK> hehehe
<Jenshae> Oh no, I am infected! M$-Art ...
<RoyK> this has nothing to do with M$ ;)
<Jenshae> https://help.ubuntu.com/community/Smartmontools describes the three tests but doesn't say how to initiate one.
<RoyK> smartctl -t short /dev/sdX
<Jenshae> " smartctl --test=long /dev/sda /dev/sdb /dev/sdc /dev/sdbd " will work?
<RoyK> smartctl -l selftest /dev/sdX (or smartctl -a /dev/sdX - it'll normally show progress as well)
<RoyK> no, it doesn't take more than one argument, so better 'for dev in /dev/sd{a..d} ; do smartctl -t long $dev ; done
<RoyK> '
<RoyK> well, it takes several arguments, but only one drive, for some reason
<Jenshae> " sudo smartctl --test=long /dev/sda && sudo smartctl --test=long /dev/sdb && sudo smartctl --test=long /dev/sdc && sudo smartctl --test=long /dev/sdd "
<RoyK> btw, if you have /dev/sdbd, it means you have a *lot* of drives :D
<Jenshae> *Flex*
<RoyK> that also works, obviously, but I prefer a little for loop
<RoyK> just remember that with &&, it will only run the next command (etc) if the first succeeds
<Jenshae> "RoyK: btw, if you have /dev/sdbd, it means you have a *lot* of drives :D" https://www.youtube.com/watch?v=YFk2_5RkwlA
<RoyK> hehe
<RoyK> linux starts off with sda, then sdb and so on until it reaches sdz and then starts over with sdaa, sdab etc, so if you have sdbd, it means you should have at least 55 drives
<hallyn> what, vimoutliner package was removed in focal?
<Jenshae> https://pastebin.ubuntu.com/p/3ZZPDJCkxJ/ https://pastebin.ubuntu.com/p/9F9MRWT99c/ https://pastebin.ubuntu.com/p/3HhZtmGMrP/ https://pastebin.ubuntu.com/p/25zJRCVd8G/
<Jenshae> RoyK: Results are in.
<Jenshae> Extended tests, all passed, no failures shown.
<RoyK> hm - those "unknown attributes" - I wonder if you can find out something more if you compile smartmontools from scratch
<RoyK> no need to install it - just run it from the source dir
<Jenshae> Got a cmd for that?
<RoyK> Jenshae: https://github.com/smartmontools/smartmontools
<RoyK> Jenshae: mkdir -p src/git
<RoyK> cd src/git
<RoyK> git clone https://github.com/smartmontools/smartmontools.git
<RoyK> cd smartmontools/smartmontools/
<RoyK> ./autogen.sh ; ./configure ; make
<Jenshae> https://pastebin.ubuntu.com/p/3HBKrX9JQp/
<Jenshae> nvm, step by step.
<RoyK> you may need some packages like the build-essential metapackage
<Jenshae> It wouldn't "sudo ./autogen.sh" and needed "sudo sh ./autogen.sh" after that then each one with sudo in front of it.
<RoyK> no need for sudo there
<Jenshae> It didn't work without it. Done now. Command to run the compiled one?
<RoyK> unless you ran 'sudo mkdir -p src/git'
<RoyK> ./smartctl
<RoyK> add a sudo in front of that and use the same parameters as last time
<RoyK> looks like 6.6 is the one installed on my machine (debian buster 10) while the one from git is 7.2, so probably some new stuff there
<RoyK> just check smartctl --version and ./smartctl --version
 * Jenshae crosses fingers
<Jenshae> See you again in 30+ minutes
<Jenshae> Do you work with servers or do it as a hobby?
<RoyK> a bit of both :D
<RoyK> I've worked with IT and servers since around 1996
 * Jenshae waves a feather duster around >;P
<Jenshae> Actually, I started work in IT in 1998. IT cafe after school and weekends.
<Jenshae> I haven't managed to get through my Linux+ manual yet. >.>
<Jenshae> Keep going a few chapters on, then realising I can't remember anything from a chapter or two back. Go back and re-read.
<Jenshae> I also keep having a background thought of, "I am unlikely to use that. I could look it up."
<Jenshae> I am getting to the point where I might save up for a System76 work station. Building and configuring my own ones ... I am starting to doubt myself or the industry as a whole.
<RoyK> hehe
<RoyK> I first started working "mosttime" with linux in 1998 and fulltime in 2000
<RoyK> linux has luckily evolved a bit since the first slackware 2.1 I installed in 1994
<RoyK> Jenshae: btw, you don't ned to run a new test - that's done by the drive itself. Just run ./smartctl -l selftest /dev/sdX
<Muligan> hey fellas, I've a server setup w/ldap access.  What/how would you suggest I give a single user from ldap ssh/sudo access?
<Jenshae> Muligan: Personally, I would create a group, assign permissions to it and work from there but I am not an expert.
<Jenshae> RoyK: Better results? https://pastebin.ubuntu.com/p/Tq3NB965rq/
<Jenshae> They all passed with nothing in the Failed column.
<RoyK> Muligan: using visudo should do
<Muligan> Jenshae, I would agree
<Muligan> I've just limited visibility/knowledge into our ldap server(s)
 * Muligan is an old school AD guy
<Muligan> :\
<Muligan> anyhow, I'll get it figured out
<RoyK> Muligan: but check with getent passwd first to see if the users are visible there
<RoyK> Jenshae: looks good. How is the scrub going?
<Jenshae> When you get used to " sudo chown user:group /folder[and/or file] " then it can be quite handy.
<Jenshae> "scan: scrub repaired 1.08M in 0h8m with 120 errors on Wed Jul  8 14:01:23 2020"
<RoyK> damn
<RoyK> can you pastebin zpool status -v ?
<RoyK> perhaps censor the filenames, they are irrelevant to me
<Jenshae> All the really weird ones with <hexcode> looking stuff is gone.
<Jenshae> I don't think it could have repaired any of these files if the data was missing.
<Jenshae> It has actually managed to reduce errors this time, instead of finding more.
<Jenshae> Going to restore the files, run the scrub and see if I can clear down the log.
<RoyK> Jenshae: it's good you have a backup. Now, restore those files and reboot the thing, preferably cutting the power suddenly or something to see if you can provoke the error that way
<RoyK> or just reboot -f
<RoyK> if it fails again, well, there's a bug or something
<RoyK> I doubt this is a hardware error
<RoyK> Jenshae: also, if you experience this in the future, make sure to check dmesg. you should be able to find issues in the logs too, as in /var/log/kern.log.something
<Jenshae> Thank you. Will let you know how it goes.
<RoyK> Jenshae: You could check the old kernel logs now to see if you find anything from last crash
<RoyK> as in whence the errors originated
<Rusty_Almighty> Is there a way using the installer's busybox implementation to get disk manufacturer?
<Rusty_Almighty> and model?
<RoyK> I don't think so
<Jenshae> I just saw that smartctl provided that.
<RoyK> better use a live boot
<Jenshae> Inxi also gives you the model number
<RoyK> you can find it with 'ls -l /dev/disk/by-id/' too, but that requires udev and I'm not sure if busybox installs have that
<Jenshae> Royk: These are listed as the important errors in my logs - https://pastebin.ubuntu.com/p/rnJBHB8qcR/
<RoyK> Jenshae: from which file was that?
<Jenshae> Other: Lightdm sends the pam error, Hardware: is the amdgpu error, Applications: spice-vdagent send the redhat.spice one, Other: systemd sent the Postfix one.
<Jenshae> Is there a ZFS filter I can apply to look for something related to my problem?
<RoyK> again, from which file were these error messages_
<RoyK> ?
<Jenshae> I don't know, as usually looking at a GUI, it has Important, All, Applications, System, Security and Hardware down the side as category options.
<RoyK> oh
<RoyK> learn the terminal, dude ;)
<Jenshae> So much in the logs. :(
<RoyK> Jenshae: just pastebin output of 'ls /var/log' and I'll do my best to guide you :)
<Jenshae> RoyK: Sent via IM. Could it be a hard drive driver problem since SMART didn't pick every thing up the first time?
<Jenshae> Could it also be my DE not doing a polite shutdown because it isn't notifying the ZFS subsystem that it is shutting down?
<RoyK> Jenshae: nothing really suspicious there
<RoyK> some wee errors, but that's normal
<teward> rbasak: thanks for handling that bug triage.  It's nice when we have defined triage cases that come up regularly isn't it xD
<Jenshae> Is there a command for a very polite shutdown, such as, "zfs umount pool2 && poweroff"?
<rbasak> teward: :)
<RoyK> Jenshae: poweroff should do that for you anyway
<Jenshae> RoyK: I don't seem to have all of these options, only zpool status? https://docs.joyent.com/private-cloud/troubleshooting/disk-replacement
<RoyK> Jenshae: zfs should anyway be robust enough to allow you to pull the plug at any time without the whole raidz going down. I started working with zfs on solaris some 12 years ago and it really works. I've done lots of "oops" reboots and similar. I guess an upgrade to 20.04 may help this if there's a more recent version of zfs there
<Jenshae> Is there a checklist for in place upgrades? I haven't had any success with them so far.
<RoyK> not really a checklist - just remember to backup what's important. I've done it several times without major issues. Some hichups sometimes, but not really anything that breaks major stuff
<RoyK> that's with do-release-upgrade
<RoyK> with 20.04 today, you'll need -d with that since 20.04.1 isn't out yet
<Jenshae> It would also be the first time I was on the cutting edge of Ubuntu, I normally wait 6+ months for them to iron out bugs after general release.
<RoyK> hehe
<Jenshae> The other work station is still rocking 14.04
<RoyK> well, good luck
<RoyK> that isn't supported anymore, though - hope it's not available on the net
<Jenshae> https://ubuntu.com/about/release-cycle still gets security updates.
<Jenshae> I should try a kernel update on it when this one is fixed.
<RoyK> that's Extended Security Maintenance (ESM), which you have to pay for
<Jenshae> Sorry, getting my versions confused. Getting tired. It is on 16 and this one is 18. Thought for a moment it was 14 and 16
<Jenshae> ... would manual upgrading work? Kernel, then repositories?
<sarnold> it's usually better to just run do-release-upgrade and let the upgrader sort it out
<Jenshae> Piece by piece to see where it fails?
<sarnold> but I'm not aware of the context of your zfs problems
<Jenshae> I am not sure about my ZFS problems. I seem to get corrupted files every time I reboot or shutdown and boot back up again.
<sarnold> ouch :/
<Jenshae> What is this resilvering thing about? Would it help?
<sarnold> 'resilvering' is when zfs detects errors on a drive and repairs the errors with data from other drives or copies
<Jenshae> Is it automatic and therefore won't help?
<sarnold> if you've got errors in files visible to userspace but eg zpool status doesn't report errors, then perhaps it's bad memory or something similar?
<Jenshae> As it has tried it?
<sarnold> you could kick off a scrub, zpool scrub, to look for errors
<Jenshae> I have a boot drive and then a ZFS pool. System files should be safe.
<Jenshae> Yup, about to go and delete the remaining results of "zpool scrub -v", saved the list then reboot.
<Jenshae> Umm ... I am discovering single corrupt files in empty folders that should be full ...
<sarnold> hmm, lone files in directories that used to be full *might* also be files in a *mountpoint*, not in zfs; normally zfs refuses to mount datasets if the mountpoint has any files or directories in it, which means it's pretty easy for *one* failed mount for whatever reason to lead to data being in multiple places ..
<sarnold> but if mount output shows a zfs dataset mounted in that location, then it's very strange, and might reinforce my thought that you've got bad memory, or perhaps memory errors due to power supply problems, etc
<Jenshae> It is a fairly simple setup, four drives, freshly built into a RAIDZ (RAID 5), mounted to user folder point and data dumped in there.
<Jenshae> Same goes for the other work station.
<RoyK> zfs can withstand an unexpected reboot quite well
<RoyK> this must be either a bug or some hardware issue
<Jenshae> Which and where is the question.
<RoyK> with four drives tagged TOOÂ MANYÂ ERRORS at once, well, there's the controller that might be the problem
<RoyK> who knows
<RoyK> it may also be the memory, unless it's ECC
<RoyK> (which reminds me that producing ECC costs a cent or two more than non-ECC-memory, but costs the double, since they want to skim off a lot for "server" stuff)
<Jenshae> It is not. This is a fairly budget build at about Â£800
<RoyK> Jenshae: so better visit http://memtest.org/ and do a memory test
<RoyK> you just download an iso and put in on a usb drive or something and boot directly into it
<RoyK> some distros even come with it preinstalled in grub
<RoyK> seems ubuntu is one of them
<Jenshae> Will do.
<Jenshae> Will run it over night.
<Jenshae> I really wish that terminal was smart enough to read a space and figure out if it was a file name.
<RoyK> Jenshae: I know a guy that works with supermicro machines and he said it usually failed before test 4 or 5 and the early tests are rather quick
<Jenshae> scp /folder/file name.something can be such a nuisance.
<RoyK> 'scp /folder/file\ name' or just 'scp "/folder/file name"'
<Jenshae> Being able to do a find and replace to change "/home/etc" into "rm /home/etc" then straight up copy and paste them would be handy
<Jenshae> I think I am picking up a pattern, it looks like a particular main folder within the pool had a problem.
<Jenshae> Maybe something went wrong when I copied it over.
<Jenshae> Could scp be at fault?
<RoyK> nah
<Jenshae> Does it have a buffer limit? Do I need to move subfolders individually?
<RoyK> it works in userspace - the filesystem is in kernelspace
<Jenshae> Could the other workstation have put its disk to sleep or scp's permission timed out?
<Jenshae> If we figure this out and I ever end up lecturing IT, I will try and recreate the problem to give them a tough assignment.
<Jenshae> Thoughts and prayers, thoughts and prayers. Please send me them, they apparently all that is needed. https://pastebin.ubuntu.com/p/D9ttcHmFnk/
<Jenshae> RoyK: Okay, shutdown, waited awhile, booted up, ran a scrub and still no errors. So, I am thinking it might be a write or incomplete copy problem?
<RoyK> that would have been fixed in the journal
<RoyK> and not affected the filesystem itself, just the file
<RoyK> so something is fishy there
<Jenshae> "RoyK: that would have been fixed in the journal" I need some more context.
<Jenshae> Are there any I/O stress tests that will tell me if there is an error reading or writing with ZFS?
<RoyK> the filesystem has a journal, like all modern filesystems. when something is written, a journal entry is made and synced. when the file is commited to disk, another journal entry is made and commited, saying "this block is ok"
<RoyK> you have to go back to FAT32 or ext2 and similar stuff to find filesystems lacking a journal
<Jenshae> If it is a write problem, as a work around, can scrub and rsync work together?
<Jenshae> I won't attempt to restore tonight, do a very cold boot in the morning.
<RoyK> if there's a write problem, it'll be reported in dmesg and the kernel log
<RoyK> and if there are no silent errors, the error is elsewhere
<RoyK> I'll put my money on the memory
<Jenshae> Haven't had any random application crashes.
<Jenshae> Everything to, from and using the boot drive has given me no problems.
<RoyK> so try a memory test first - if it fails, clean the memory connectors, both the motherboard and the chips, with isopropylic alcohol (if you can find it somewhere in these coronean times) and run a new test
<RoyK> using a brush to clean the motherboard sockets is usually the way to go
<Jenshae> I use the boot drive for my personal stuff because it isn't shared.
<RoyK> but check the memory first, so that you can see if there's something there
<RoyK> but I'm tired - ttyl
<Jenshae> Sleep well.
<Jenshae> Thank you for all the help.
<RoyK> thanks
<Jenshae> I have been asking around this problem for months on and off, this has gotten me a lot further than anywhere or anyone else.
<quadrathoch2> i guess, zfs for linux is still pretty new, so not alot of people know stuff Jenshae
<Jenshae> Trying to give Roy-K more of an accolade than critise the community.
<quadrathoch2> I never thought you would critize the community
<Jenshae> Sorry, read it more as an excuse or defence than an explanation.
<Jenshae> See you all tomorrow / Friday. Thanks again for the help. o7
#ubuntu-server 2020-07-09
<kyle__> I don't suppose anyone here has had spinrite not launch on one of their servers, after it actually booted into freeods?  Tangentially on topic, because it's an ubuntu server ;)
<kyle__> It just needs help
<sarnold> spinrite? wow there's a name I haven't heard in ten years, give or take.. (in the sense of, "wow, there's aname I haven't heard of in ten years", at the time :)
<kyle__> Yeah, some dumbass used a laptop drive when he got this r610 in his basement, because he was so excited to set it up, and put in an SSD a few weeks later.  All the data was moved over, just not the boot.
 * kyle__ really hates that guy sometimes
<sarnold> sounds like someone you ought not let near your computers :)
 * sarnold nods
<kyle__> Sometimes it feels that way.
<kyle__> I guess I'll let it sit overnight and see if it (spinrite) starts up.
<kyle__> Otherwise I know what I'm doing tomorrow after work :P
<sarnold> btw what's the point of spinrite in 2020?
<kyle__> It's a spinny drive that I put in there.  Also the bulk-storage drives in my NAS box are spinny, because that's still the best bang for the buck storage wise.
<RoyK> ddrescue should do the same job
<kyle__> Work only buys spinners reluctantly any more, and I'm almost at that point at home.
<sarnold> but when you need a few dozen TB of space, they really are the cheapest way there :)
<kyle__> Also, I really enjoy the security-now podcast, so it's kindof like giving the old guy a donation.
<sarnold> but, like, what's the point of sipnrite? heh
<sarnold> morning RoyK :)
<kyle__> OK, really going to bed this time o7 night
<sarnold> gnight kyle__
<strixdio> I have pfsense running as a VM on ubuntu server, with a NIC passed through, but connected to the host over a bridge. host can ping guest. I have a laptop plugged into a port on the NIC, and for testing I have allowed all traffic in firewall rules. laptop cannot ping the ubuntu host. Might I be missing something? not sure if it's a pfsense issue,
<strixdio> ubuntu issue, or user issue.
<strixdio> originally I was thinking, maybe it has to do with ip_forward, but that didn't seem to do anything.
<RoyK> sarnold: morning :)
<RoyK> in-place fixing of drives isn't really my cup of tea
<sarnold> I always thought of spinrite as a DOS FAT consistency thingy, so I'm surprised to hear of it again
<lordievader> Good morning
<martin__> I have unattended-upgrades to install security updates automatically, when I got to work this morning one of our servers were shutdown. It was terminated at 04 which is the same time I run
<martin__> my automatic updates on... can anyone explain what the heck happened? I looked in the logs and I did not see it actually installed anything at 04 so am wondering if someone was pending from aa previous upgrade.
<martin__> something was pending*
<RoyK> martin__: I beleive I've seen that happen once or twice, which is why I generally don't restart servers automatically, but rather schedule downtime for that to be done.
<samba35> is seems kernel -4.15.0-109 problem since upgrade to to this kernel system in panic error and yesterday it was not booting at all
<samba35> how do block kerenel -109 block for some days or block tilll i manaully update
<samba35> i try to hold
<samba35> what is latest stable version with 18.04 ?
<samba35> can some one please confirm ?
<keithzg> Very baffled, I keep getting timeouts on file operations on a server but I can't seem to actually find anything throttling the io, or any errors that would indicate why suddenly things are failing :/
<keithzg> The btrfs pool being used has user directories on it, so the big issue is email; Dovecot in particular seems to be having a lot of trouble (Postfix weirdly less so), the service won't even shut down although the log claims its been killed with signal 15.
<keithzg> All started when I applied updates to this 18.04 install and rebooted two days ago.
<keithzg> `kill -9`ing doesn't even seem to be able to remove the lingering dovecot processes . . . arghh
<Ussat> Linux hc-vubuntutest 4.15.0-109-generic #110-Ubuntu SMP Tue Jun 23 02:39:32 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
<Ussat> on 18.04
<Ussat> No issues here
<genii> keithzg: Maybe sudo lsof|grep dovecot shows it busy in the middle of file operations of some sort which can't be closed
<keithzg> genii: Good point, I should have thought of that! And I did see some indications that that was the case, buried in the logs, with Dovecot complaining about `cannot append message to file /home/username/mailmirror: unable to lock for exclusive access: Resource temporarily unavailable`. Have since just rebooted the damn server, and since then it has worked fine, but the same sequence of events happened yesterday, so I bet I'll get another chance for such
<keithzg> introspection tomorrow . . .
<keithzg> Hard to meaningfully troubleshoot when everyone is calling and texting saying "everything is broken!", really quite distracting lol
<genii> keithzg: Maybe keep us posted, seems an interesting issue
<keithzg[m]> genii: Shall definitely do . . .
<coreycb> jamespage: regression testing passed on ussuri-proposed. I didn't promote any of your SRU packages though, will leave that to you.
#ubuntu-server 2020-07-10
<smoser> ahasenack or rbasak can we import sshuttle ?
<smoser> 'git ubuntu' import
<smoser> https://bugs.launchpad.net/ubuntu/+source/sshuttle/+bug/1873368
<ubottu> Launchpad bug 1873368 in sshuttle (Ubuntu Groovy) "ssshuttle server fails to connect endpoints with python 3.8" [High,Confirmed]
<smoser> i dont knwo how people do anything without git ubuntu. if i am going to look at a package, the first step is checking for git-ubuntu and then bothering one of  you two (sorry for that).
<ahasenack> smoser: sure
<ahasenack> on it
<ahasenack> rbasak: I'm pushing the config change
<smoser> gracias
<ahasenack> smoser: I'm monitoring it and will let you know
<smoser> ahasenack: i'm not in any need of an update. thanks though.
<ahasenack> it's dealing with a bunch of lancuage-pack imports atm
<ahasenack> rbasak: something to think about: we could have a big queue, and a small queue, like dep8 tests
<smoser> i just can't wait until all ubuntu packages are in it.
<ahasenack> yeah
<ahasenack> ok, it got to sshuttle
<ahasenack> smoser: done https://code.launchpad.net/ubuntu/+source/sshuttle
<rbasak> smoser: getting very close to that now.
<rbasak> The importer concurrency is overhauled now, and is scaling nicely
<rbasak> ahasenack: we could, though with the recent scaling improvements delays aren't really noticable for now except when doing things by hand
<rbasak> There's also a big performance regression I know about that I want to fix, but I've been deferring it because it hasn't hit us in practice
<znf> how do you set the DNS server on 18.04 when the interface has been configured trough /etc/network/interfaces ?
<znf> dns-nameservers seems to be ignored in this case
<znf> and there's no netplan, for some reasons
<FunnyLookinHat> Ubuntu has (or still has?) the ability to create a user + shove an SSH key on them by default with an initial boot by placing a file in the filesystem somewhere... but I can't remember it for the life of me, and my googling is drawing a blank.  Anyone have any ideas?  More accurately, I think I remember it just putting a key into the ubuntu user's authorized_keys file maybe?
<RoyK> !ansible
<RoyK> FunnyLookinHat: just use ansible
<FunnyLookinHat> LOL
<FunnyLookinHat> Well I'm imaging some arm boards - like little r-pi's or whatnot - and I wanted to easily make the image shove some network config and an ssh key in.  I swear this was a part of the cloud init project or something
<FunnyLookinHat> OH - Wow - CloudInit - That's the name...  apparently it was stuck in the back of my head: https://help.ubuntu.com/community/CloudInit
<strixdio> I have ubuntu-server 20.04 running libvirt and lxc. network is configured with a bridge, static IP, no DHCP. Something is causing the boot to stall while "waiting for network". Any thoughts?
<strixdio> I'd also like to add, I'm using pfSense as a VM, which obviously can't be on before the host.
<RoyK> I'd suggest using an old PC of some sort for pfSense instead
<RoyK> But apart from that, I don't know
<strixdio> nah, looking for the power savings.
<strixdio> I have a full rack of equipment and don't want much of it on 24/7. Then I can repurpose the current pfsense box as a test machine.
<strixdio> I *think* /usr/lib/systemd/system/libvirtd.service "After=network.target" might be able to change, I have to see.
<strixdio> idk if that is the answer I need though. I want to run a test to see if that's even what's causing it, first.
<strixdio> yeah I think that wasn't the issue. How would I tell which service specifically is waiting for the network? "Reached target Host and Network Name Lookups" "A start job is running for wait for Network to be Configured"
<strixdio> hypothetically the network *should* be configured with the static IP already, so I'm not sure why it's hanging.
<sarnold> systemd has a boot analyzer that might help figure out which services is waiting for which other services
#ubuntu-server 2020-07-11
<strixdio> it seems putting "optional: yes" on the interfaces makes it work *shrug*
<sarnold> is that in the netplan?
<strixdio> yeah.
<sarnold> cool, thanks
<Jenshae> Heya
<Jenshae> RoyK: I am more certain it is a write problem and not a power off one, now. Could it be a permissions problem? Do the ZFS subsystems need folder permissions set to a specified group for write access?
<Skyrider> If I were to request a self-host application, where can I ask it best? I know the type what I'm looking for, just unsure if it exists.
<RoyK> Jenshae: the filesysteme rights are set like on any other filesystem except zfs may use another ACL scheme, also called NFS4 ACLs. From a user's perspective, they're the same, though. If you're not using complex ACLs, there's no difference between the two
<Jenshae> RoyK: I found an article explaining setting the maximum Access Control Lists in CentOS and another saying how to use it generally in /etc/fstab. How would I check it is correct for ZFS?
<Jenshae> Most of the other results are focused on Oracle. How different is that from Ubuntu's version? I think the syntax for their SQL is quite different and some of the ways they handle things like joins are a bit unique.
#ubuntu-server 2020-07-12
<TJ-> I have a long-running Linux VM that gets its IPv6 via SLAAC, but after the first successful allocation it seems to expire and not be renewed, losing connectivity. I've tracked it down to the kernel's net.ipv6.conf.eth0.autoconf being set to 0 - but cannot find anything configured to change that. Anyone have any ideas on what might be doing it? This is Ubuntu 18.04 using ifupdown (not
<TJ-> systemd-networkd)
<tomreyn> the "suddenly after the system booted and ran fine for a while, network configuration changed" symptom reminds me of earlier reports on cloud-init, but that'S the only thing i could think of. and i'm not sure this sounds related to what you're seeing.
<Skyrider> What's the best way to upgrade sudo from 1.8 to 1.9?
<andol> Carefully :-)
<andol> Looks like there are sudo 1.9 packages for Ubuntu 20.10.
<andol> If you really need sudo 1.9 for your current Ubuntu release I suggest you rebuild those, and try them out in a test environment.
<Skyrider> I recall upgrading sudo weeks ago in my lxc container. Forgot how to though :D
<andol> Curious, what's the draw of sudo 1.9?
<Skyrider> sudo: setrlimit(RLIMIT_CORE): Operation not permitted <- having this bug fixed in containers.
<Skyrider> https://github.com/sudo-project/sudo/issues/42
<andol> Ah.
<Skyrider> Odd ubuntu 20 comes with a legacy release of sudo though.
<andol> Nitpick: There is no such thing as Ubuntu 20.
<andol> Ubuntu 20.04 is just as close to 19.10 as it is to Ubuntu 20.10.
<Skyrider> I tried looking for 1.9 in the cache policy, but only 1.8 pops up.
<andol> Also, looks like sudo 1.9 was released after Ubuntu 20.04 came out.
<Skyrider> Guess that makes more sense then ^_^
<andol> Anyway, if this is only for a container, rather than for a bare metal host, everything ought to be a lot easier and safer.
<andol> Might just as well try grabbing the Ubuntu 20.10 sudo 1.9 binary package(s), and see what happens if you try to install them directly.
<Skyrider> I attempted to grab the deb packages, but its attempting to remove my existing sudo.
<Skyrider> Which leads to errors "Refusing to remove sudo"
<andol> Interesting.
<andol> Worked fine for me in an Ubuntu 20.04 VM. https://paste.ubuntu.com/p/FgQyQ7JKwd/
<Skyrider> Oddly enough running it a second time works. O_o
<Skyrider> Though, its complaining about libpython3.6, not installed. for sudo-ldap and sudo-python.
<tomreyn> mixing packages from different ubuntu releases is generally not advisable (exceptions may apply, but that's unsupported then)
<Skyrider> I merely grabbed the "sudo-python_1.9.0-1_ubu1804_amd64.deb" file as well, which depends on python3.6
<tomreyn> i'd certainly not recommend doing this for the purpose of snoozing a warning message
<albert23> Skyrider: did you see there is a very simple solution? echo "Set disable_coredump false" >> /etc/sudo.conf
<Skyrider> I actually had no idea ^_^, I merely saw it was resolved in  1.9 of sudo
<tomreyn> noticing this would have involved reading more than the first two posts of the bug report
<Skyrider> Guess it is because I merely expected for upgrades to latest versions in combination of ubuntu 20 being new as well would be simple.
<andol> Skyrider: That sudo-python package doesn't look like it's from the official repositories?
<Skyrider> Ya, guess that's my fault for relying on a third party site ^^
<TJ-> tomreyn: turned out to be my bad - ifupdown config for IPv6 - if you do not specifically add "autoconf 1" to *every* IPv6 static stanza the tooling sets it to 0 (disabling SLAAC) and we have about 15 static assignments to the same interface and only the first set "autoconf 1"
<tomreyn> TJ-: hmm, maybe that's a good reason to do away with ifupdown then indeed.
<TJ-> yeah... this is a system that has evolved continuosly since 2007
 * tomreyn shudders
<TJ-> the problem was the uncommanded "autoconf=0" for the interface
<TJ-> at least with ifup --no-act --verbose --force I was able to see it issuing the commands - can't do that with systemd-networkd!
<tomreyn> i agree that debugging isn't as easy with many parts of systemd as it should be
<tomreyn> (or i lack understanding of how to do it properly)
<TJ-> no way to manage active state of sd-nd at present that I'm aware of
<tomreyn> hmm, i don't think i ever tried
<TJ-> you have to edit the text config files and restart the service
<tomreyn> hmm, that's a bit unexpected, a deviation from the behaviour of other service units.
<tomreyn> but then i guess networking is somewhat ffoundational and you don't want to accidentially disable it, if that's the perspective where this came from.
<tds> i quite like ifupdown2 as an ifupdown alternative
<tds> being able to properly diff the running state against config, and only apply changes as needed, is very nice
<trippeh> the latest sd-nd has up/down per interface, but you may still need to reload (havent tested it extensively)
<TJ-> now I'm fighting with the obtuse openwrt method of configuring multiple interfaces to get IPv6 PD working correctly
<trippeh> yeah you just define a wan6 pointing to the same interface/bridge
<TJ-> trippeh: unfortunately not in this case; the WAN side is fine and I've just got the LAN side (via Luci) to look correct, clients are seeing PDs and using SLAAC too, but the routing is going astray somehow, or firewall isn't being correctly set. Unusual situation in that I've a /48 PD but the upstream router from me has taken an address from within the PD range so I've had to put a /126 on
<TJ-> the WAN6
<trippeh> I have DHCPv6-PD working with openwrt, and systemd-networkd at home.
<trippeh> the PD support in sd-nd has become quite serviceable in 246
<trippeh> TJ-: thats a little weird indeed - but can you just not assign the /64 upstream is in on the downstreams?
<TJ-> trippeh: well, the upstream router is on PD::1/48
<trippeh> as in /48 "on link"??
<TJ-> trippeh: yes
<trippeh> are you sure. are they drunk
<RoyK> Generally you don't segment to lower than /64
<RoyK> But that only gives you 65536 networks on a 48-bit prefix, which can possibly be a hassle? ;)
<TJ-> RoyK: it definitely is for our use-case !
<RoyK> TJ-: erm - what usecase is that?
<TJ-> RoyK: addressing every star in the universe :)
<RoyK> TJ-: something like this? https://xkcd.com/865/
<TJ-> RoyK: not far off :)
<RoyK> TJ-: but seriously - what are you trying to do here?
<TJ-> ^^^ read above ^^^
<trippeh> if the upstream router has /48 on-link, and then needs to install the same /48 route to your openwrt, what does it do?
<trippeh> does it become a ECMP route?
<trippeh> this setup sounds borked
<RoyK> TJ-: if using openwrt, how large will this routing table become if you do it your way? I *really* doubt your router will be able to handle that
<TJ-> RoyK: one entry in the table
<TJ-> the /48
<RoyK> but what's the point of all those networks???
<RoyK> btw, I was thinking more of the internal routing tables - one entry for each network - it'll be a rather nasty job for a small cpu
<trippeh> I am rather confused. :)
<RoyK> aren't we all?
<znf> Here's something I've been beating my head around. I need to install a HWE kernel on 18.04; thing is, last time I did this, the server wouldn't come back online -- it booted, but something happened to it's networking.
<znf> What that was? I've no idea.
<znf> The thing is - I've got no IPMI/IKVM on this. How can I reboot into the new kernel and then reboot back to the old one if something happens? What's a good failsafe?
<tds> znf: can you powercycle the machine remotely?
<znf> no
<znf> I was thinking I could simply make a script reboot automatically in ~5 minutes unless killed
<znf> but I'm drawing a blank on how to make it choose the old kernel back
<tds> i suppose you could have the script just reconfigure grub, though that's a bit nasty
<znf> and my friend is not to keen on driving there and going on top of a 13 story building with a keyboard and monitor to fix it, understandably
<tomreyn> there's a single good answer to such scenarios: wait until you can do it safely.
<tomreyn> that's unless it's not a production system and you don't mind loosing it for days or weeks until someone passes by.
<znf> eh, it's a box with the only purpose of capturing DVB-S (hence why it's on top of the building)
<znf> and I just need the newer kernel to enable a newer intel video driver so I can use quicksync
<tomreyn> from what i read it was 'just' that last time, too.
<tomreyn> 'just' a differently configured reboot ;)
<znf> I mean it's not that important :P
<tomreyn> there's grub-reboot for this scenario you have, but i haven't used it in a while, so i'm not certain this still works reliably. maybe soemone else can comment.
<znf> I see
<znf> that's interesting, but it doesn't really say how the hell to get a picture of the actual MENU_ENTRY number
<tomreyn> yes, we lack a utility for this. but i *think* this gives it away:   grep -o "menuentry '[^']*.*" /boot/grub/grub.cfg | awk -F "'" '{print $2":\n\t"$4}'
<tomreyn> start counting at 0
<znf> the confusing part is the submenu stuff
<znf> Ubuntu does it in submenus
<znf> The titles should be separated using the greater-than character (>) with no extra spaces.  Depending  on  your  shell  some  characters
<znf>        including > may need escaping.
<znf> granted, I could also do "Ubuntu, with Linux 4.15.0-99-generic"... probably
<tomreyn> right, the submenus are a bit tricky and error prone
<tomreyn> https://unix.stackexchange.com/questions/62733/how-to-correctly-set-up-the-right-grub-2-default-menu-entry
<tomreyn> so, since the "Advanced" menu is usually the second entry on the main menu, you start with "1" (remember, it's an index, start couting at 0), then you add ">" to indicate there's a submenu, and from the submenu you pick the very entry, again starting to count at 0
<xae-a12> Any1 here have experience blocking fake harmful bots?
<tomreyn> xae-a12: why, do you live in seattle? build thicker walls, i'd say.
<xae-a12> no i thankfully do not lol
<tomreyn> but maybe you weren't referring to pysical bots after all, and i just jumped to conclusions for lack of detail?
<SpaceBass> Hey folks - I'm trying to debug a problem with LDAP authentication. Does anyone know if it is possible to get verbose output or logs in Ubuntu for libnss_ldap ? ... the config file supports a logging option but it's not clear that the ubuntu client supports it
