#ubuntu-server 2005-12-26
<infinity> TBH, most of my recent experience is with Compaq/HP and IBM gear, which has management tools that don't suck.
<infinity> The Adaptec i2o stuff should be good too, but more expensive than the card you have there.
<Pygi> welcome m_peus
<m_peus> hi Pygi
<infinity> Pygi : Seriously, is that a script, or are you just watching like a hawk for /joins?
<Pygi> infinity: no script, lol ;)
<infinity> Pygi : If it's a script, I'd really prefer if you turned it off in all the ubuntu-* channels you're in.  If it's just you typing, it's still a bit... Repetitve.
<Pygi> just randomly look there and there and if somebody joined (no matter when) I say Welcome ;)
<Pygi> infinity: it's not a script, but if you can I can stop saying it
<infinity> Well, a personal greeting here and there is fine "Hey Bob, how's life, haven't seen you in the channel for a few days", but welcoming every single /join gets a bit old. :)
<Pygi> kk
<Pygi> no problem
<infinity> Thanks, dude.
<nictuku> infinity, what were your ideas about how to handle remote debconf? a remote database is not good enough, i believe. Is wrapping a readline frontend a decent idea?
<nictuku> with dpkg-preconfigure, that is.
<nictuku> or maybe -feditor
<nictuku> with a replaced editor environment
<infinity> Remote debconf was a sketchy "down the road" thing.
<nictuku> but it is necessary, isnt it?
<infinity> The first cut should really just handle simple package installation, sources.list.d/ setup, and remote package listings would be nice.
<infinity> Remote debconf is less necessary than you'd think.
<infinity> I set all my machines to use NONINTERACTIVE frontends, and sort out stuff later.  It's the only sane way (currently) to do remote system management.
<infinity> So, expecting people to continue to do that while we figure out the most clever way to do remote debconf is fine by me.
<nictuku> what about conffiles?
<infinity> I'd rather something that was tightly integrated with debconf than a half-assed solution cause we thought we needed it.
<nictuku> i see.
<infinity> conffiles can also be done without intervention.
<nictuku> by using the current installed version?
<infinity> You can select "always use old", "always use new", or "ask"
<infinity> The latter is clearly the default in both apt and dpkg.
<infinity> But you can set either of the other two in apt, and it'll bubble down to dpkg.
<infinity> So this system would, initially, just let admins make that choice (always use old" or "always use new", and we'll pass the approriate options down.  We can handle the "ask" mode after the basics are handled.
<infinity> (The problem with "ask" is the system can't be asyncronous)
<infinity> So, in reality, what you probably want is "always use (whichever makes more sense)" coupled with a system that allows you to later go in and view diffs.
<infinity> Which is easy enough to do, since you'll have the old/new files there as .dpkg-{new,old} files.
<nictuku> I see in the draft the use of ssh-server in the clients would be required. I don't see why. Wouldn't the push operations just ask a pull from the client? Could you explain?
<infinity> You use SSH to trigger the clients to pull from the server.
<infinity> This is not, strictly-speaking, required.  It's not the only way to do it, afterall.
<infinity> And if we're already building a bit of an HTTP-based security model for client->server, it can certainly be done in the other direction too.
<infinity> The point is just to have some sort of authenticated trigger, and SSH triggers are something we've used a lot in the past (for instance, all Ubuntu and Debian primary mirrors are triggered using SSH)
<nictuku> Yes that's why I believe too.
<nictuku> s/why/what/
<nictuku> is there any doc for python-apt? docstrings didn't help me much.
<MarioMeyer> heya nictuku .. u from br?
<nictuku> yes.
<MarioMeyer> can i pvt?
<nictuku> sure
<Pygi> hehe,matt
<Pygi> heh lbm ;)
<Pygi> sorry ealden, can't say welcome ;)
<MarioMeyer> heya chara...
<Pygi> chara?
<MarioMeyer> in pt_BR we call a 'chara' the person who has the same name as ours...
<MarioMeyer> :P
<Pygi> ah ;)
<Pygi> hey Mario
<ealden> Pygi: why not?
<ealden> hehe
<Pygi> ealden: I was 'forbiden' to say welcome to everyone who joins ;)
<ealden> WTH hehehe
<MarioMeyer> lol
<ealden> umm
<ealden> Pygi: ok
<ealden> heheh
<Pygi> heh ;)
<Unfun> lol
<Pygi> ok, it's isn't that funny ;)
<neuralis> infinity: ping
<neuralis> fabbione: ping
<fabbione> neuralis: pong?
<neuralis> fabbione: hey! long time no see
<neuralis> fabbione: when you have a chance, can you look at https://wiki.ubuntu.com/ServerTesting (bottom) and pitch in ideas for what else belongs there
<fabbione> neuralis: no.. i didn't even know there was a spec
<neuralis> fabbione: neither did i. this is part of the CommunityServerHardwareTesting spec, i inherited it from infinity on the last day of ubz
<fabbione> ah ok
<neuralis> fabbione: but mdz had something else in mind for it entirely, so that's what ServerTesting is -- i just braindumped the obvious things that came to mind at the bottom
<fabbione> i will have to look at it
<neuralis> fabbione: okay, thanks. if you think of anything else that we'd want people to test, let me know or just add it to the page.
<fabbione> ok
<fabbione> i wil
<fabbione> +l
<neuralis> btw, we have an almost-complete full userspace port of openssi to dapper
<neuralis> everything except udev (which is from warty), because we're sticking with our 2.6.10 kernel
<fabbione> ah nice
<fabbione> udev is changed a lot
<fabbione> remember we have upstream version freeze mid January
<neuralis> yep, i've notified our developers, they know about the deadline
<fabbione> yes and getting the code a bit before that is better
<neuralis> i also haven't gotten around to asking mdz when it makes sense to start hardware certification for servers
<neuralis> i.e. at what point in the release cycle
<neuralis> i'm thinking feature freeze. you?
<fabbione> possibly.. we need to ask him
<fabbione> sorry i am not particularly helpful today
<fabbione> i am at about 16 hours into kernel security
<fabbione> and i am tired
<neuralis> no problem, i mailed him, so he'll respond when he gets back from vacation
<neuralis> ouch! sorry, man
<neuralis> well none of this is urgent, so don't worry about it, we'll talk later
<fabbione> ok :)
* netjoined: irc.freenode.net -> brown.freenode.net
<sebest_> hello
<Pygi> hi
<sebest_> i'd like to know , where i could find info on what is going on in ubuntu server land (i m already subscribed to the ml)
<sebest_> i also read the wiki (the spec)
<Pygi> well, what exactly are you interested in?
<sebest_> the web ui and the config files under RCS
<Pygi> hehe, you should ask fabbione about that, but he's probably sleeping now
<Pygi> he's been squashing bugs for 16 hours ;)
<sebest_> :)
<sebest_> i'd like to know if ubuntu-server will have a specific goal (eg: small business) or will be a common server OS like debian/redhat and the like
<Nafallo> it will be ubuntu-minimal I guess :-P
<Pygi> with a few modifications
<Nafallo> Pygi: oh?
<sebest_> Nafallo, no specificity?
<Pygi> Naffalo: it will feature server tuned kernel, and some other things
<Pygi> I'd rather not go into much detail right now ;)
<Nafallo> Pygi: yea, but ubuntu-minimal + server-kernel is what will differ from a normal install, right? the md5sum-thingie will be able to work on... ehm, "ubuntu-desktop" as well?
<sebest_> i mean, is the simplicity to administer it a goal?
<Pygi> sebest: that was the goal of project that was supposed to work/ship along with -server, but it is no longer in development
<Pygi> maybe someone else take it over tho
<Pygi> and there are some utilities planned
<sebest_> For the moment i don't really see what is the specificity of ubuntu server against a vanilla debian?
<sebest_> first i thought it would be done to nicely integrate with the desktop version
<Pygi> here's the list of packages for -server: http://cdimage.ubuntu.com/ubuntu-server/daily/current/dapper-install-i386.list
<sebest_> eg: ease centralized user administration: ldap/kerberos, central update of many workstations
<Nafallo> sebest_: I don't think we will have the manpower to develop that for dapper.
<Pygi> maybe dapper+1
<sebest_> Nafallo, i'm asking question to well understand the goals of the project
<Nafallo> sebest_: ah, thought you tried to make up your mind if you would install debian or ubuntu. sorry :-).
<Pygi> nafallo: :)
<sebest_> Nafallo , no :)
<Nafallo> sebest_: fabbione is working on some goodies we will have already in dapper though :-P
<sebest_> Nafallo, in fact i'd like to contribute on specific things, but i didn't want to duplicate
<sebest_> so i'm trying to get involve, and find some sources of informations on what is going on
<Pygi> hm, so sebest, wanna contribute?
<Nafallo> yea, same here :-).
<Pygi> send a mail to the server list, and I believe you will  be lead from there
<Nafallo> if I can find something I could do, that is ;-)
<Pygi> naffalo: I know about you ;)
<sebest_> Pygi, i already mailed in the ml :)
<Pygi> sebest: well, good, then :)
<sebest_> i read the the wiki and noticed that log aren't mention
<Pygi> nafallo: go work on simple implementation of central update workstations utility ;)
<sebest_> i think it's a really important feature missing
<sebest_> i hope we won't be left in the cold with the old syslogd ? :)
<Nafallo> https://wiki.ubuntu.com/ServerCandy
<Nafallo> Pygi: pffft :-P
<Pygi> nafallo: what? ;)
<sebest_> Nafallo, nothing about logs in this page
<Nafallo> sebest_: no, this is what will hopefully be implemented for dapper.
<sebest_> Nafallo, what is planned? use something different from syslogd?
<Nafallo> sebest_: I have no idea outside that spec :-)
<tepsipakki> lamont: around?
#ubuntu-server 2005-12-27
<tepsipakki> lamont: I would've asked about NFSv4-support for mount etc, but it can wait ->
<Pygi> ho, zmoog ;)
<zmoog> hello Pygi ^^
<Pygi> night
<fdamstra> Hi All.  Can somebody verify that the ubuntu-server 5.10 release is planned to be supported for 5 years as per spec?
<fdamstra> guess not.
<Valandil> fdamstra: sorry, heard about it, read about it, but I'd never put my had to fire for this... no guarantee
<Valandil> good n8 all :-)
<Nafallo> fdamstra: 5.10 is supported for 1.5y, 6.04 will be supported for 5 years.
<fdamstra> Ah, thanks Nafallo.  Guess I'll have to check it out again when 6.04 is out.
<troy> stupid nick thieves
<Pygi> heh ;)
<Pygi> will be better ;)
<troy> good day folks :)
<Pygi> good night folks ;)
<Pygi> heh
<MarioMeyer> heya chara
<Pygi> heya chara
<Pygi> ;)
#ubuntu-server 2005-12-28
<FlannelKing> anyone have any luck getting mod_rewriteto work with ubuntus apache2?
<FlannelKing> anyone have any luck getting mod_rewriteto work with ubuntus apache2?
<FlannelKing> anyone know how to fix the problem with mod_rewrite and apache2?
<Nafallo> there is a problem with it?
<FlannelKing> well, it doesnt seem to work.
<FlannelKing> and the guy (only one !idle at the moment) over at #apache cant figure out why, after going through a few config stuffs with me
<Nafallo> wfm
<FlannelKing> wfm?
<FlannelKing> well fuck me?
<Nafallo> works for me
<FlannelKing> ah
<FlannelKing> heh
<Nafallo> ls /etc/apache2/mods-enabled/ ?
<FlannelKing> so, yeah, I dont know.  No one at #ubuntu will chime in on whether they had to tweak their install or not to get rewrite to work
<FlannelKing> its there
<Nafallo> rewrite.load?
<FlannelKing> aye
<FlannelKing> and it loads mod_rewrite.so
<FlannelKing> and the .so file is there
<Nafallo> for the site:
<Nafallo>         RewriteEngine on
<Nafallo>         RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
<Nafallo>         RewriteRule .* - [F] 
<Nafallo> etc...
<FlannelKing> simply
<Nafallo> (file in sites-enabled)
<FlannelKing> RewriteEngine On
<Nafallo> restarted apache since you enabled it?
<FlannelKing> RewriteRule ^/$ /sometigne-else
<FlannelKing> yeah
<FlannelKing> about eight hundred times
<Nafallo> what does the error-logs say?
<FlannelKing> Ill show you my confs,
<FlannelKing> errors logs act as if rewrites dont exist
<FlannelKing> http://rafb.net/paste/results/eqQTFQ97.htm
<FlannelKing> is apache.conf and dav_svn.conf
<FlannelKing> and then....
<FlannelKing> http://rafb.net/paste/results/6RQupV53.html
<FlannelKing> is my site
<FlannelKing> vhost
<FlannelKing> We've tried forcing FollowSymLinks in main conf, which still doesnt work
<FlannelKing> (because in a virtual host, it wouldnt turn on rewriting in a conf file... or something to that extent)
<FlannelKing> and, apparently its a somewhat common problem, since there are about four unanswered threads about a 'mystery' problem with mod_rewrite in ubuntu forums
<Nafallo> well, turn on the RewriteEngine on a vhost base works for me.
<Nafallo> I don't use the forums.
<FlannelKing> with a rewrite rule in a conf file?
<FlannelKing> I was just googling, looking for solutions, heh.
<FlannelKing> well, heck.  Should we doubt the integrity of mod_rewrite.so?
<FlannelKing> I guess check a hash of it?
<Nafallo> I have no idea, except it works for me. I don't modify anything except sites-available either...
<FlannelKing> where are your rewrite rules?
<fabbione> FlannelKing: mod_rewrite works. definetely an error somewhere in the config
<fabbione> where exactly.. i dunno..
<Nafallo> ...sites-available/*
<fabbione> otherwise half of .ubuntu.com won't work
<FlannelKing> only ones Ive edited are dav_svn and my site.
<FlannelKing> hmm
<FlannelKing> ok, so, it works in the vhost
<FlannelKing> but, not in the conf file?
<FlannelKing> why not?
<ealden> are there problems with the twisted packages in ubuntu?
<Pygi> hehe, chara
<MarioMeyer_> heya
<Pygi> hehe :)
#ubuntu-server 2005-12-29
<Valandil> wat issn das?
<Valandil> sorry wrong frame
#ubuntu-server 2006-01-01
<Pygi> join #ubuntu-devel
<Pygi> hohoho valandil
<Valandil> hi Pygi :)
<Pygi> hohoho :)
<Valandil> <--- has no raindeers
<Valandil> ;)
<Pygi> heh, :)
<fabbione> http://www.local6.com/slideshow/news/3745342/detail.html?qs=;s=13;p=news;dm=ss;w=450;tn=b
<fabbione> ops
<fabbione> well it can be funny :)
<Pygi> hehe :)
<Pygi> what's that? :/
<fabbione> not exacly server related
<fabbione> it's a news site for weird thing
<Pygi> heh, well, not everything has to be server related :)
<Pygi> holidays, holidays :)
<Valandil> *giggle*
<Pygi> hehe :)
<Pygi> welcome Chara
<Valandil> OK, n8 all :_)
#ubuntu-server 2006-12-25
<overdose> Does anyone know of an list with supported SCSI cips
<overdose> ?
#ubuntu-server 2006-12-26
<froud> Hi, anyone know if egroupware install on edgy server works
<froud> I tried an install on dapper but came up against https://launchpad.net/distros/ubuntu/+source/egroupware/+bugs
<froud> Wondering if anyone tried edgy before I dist-upgrade
<ivoks> server people :)
<Amon_Re> hey guys
<Amon_Re> anyone awake?
* Amon_Re pokes the room
<Amon_Re> hey samit
<ivoks> hi
<samit> hey
<Amon_Re> samit: you don't happen to use lvm do you?
<ivoks> wii samit 
<ivoks> lol :)
<ivoks> i use lvm
<Amon_Re> wii?!
* Amon_Re hides his tv
<ivoks> Amon_Re: /wii samit
<ivoks>  like whois
<Amon_Re> ivoks: i know, was joking about the Nintendo Wii ;)
<samit> no, I'm not using lvm.. why? :)
<Amon_Re> ivoks: do you use lvm on your desktop or just on your server?
<ivoks> Amon_Re: both
<Amon_Re> samit: i have 2 computers, both using lvm, neighter of them can log into ubuntuforums.com , password gets accepted, cookey gets written, but it keeps saying i'm not logged in, these are both fresh installs
<ivoks> that has nothing to do with lvm
<Amon_Re> only thing they have in common is the version of ubuntu (edgy) and lvm
<Amon_Re> ivoks: i have no clue what else it could be, ephythingy (what's it called, the gnome browser) has the exact same issue
<ajmitch> absolutely nothing to do with lvm, in fact :)
<ivoks> well, lvm can't be
<Amon_Re> i'm willing to believe it's not lvm, heck, i'd love to believe it, but if it's not lvm, then what could it be? ;)
<ivoks> browser, and only browser
<ivoks> or proxy, if you use it
<Amon_Re> ivoks: i checked my settings, couldn't find anything wrong with them
<Amon_Re> no proxy
<Amon_Re> no extensions
<Amon_Re> nothing at all, i'm on a clean installed laptop, the only extra's on this laptop are xchat & mc, it has the same problem
<samit> do any cookies get saved? you can check them in Firefox from: Edit - Preferences - Privacy - Show cookies
<Amon_Re> file permissions seems fine
<Amon_Re> samit: yep, i see them
<ivoks> well, whatever it is, it's not related to ubuntu-server development or use of ubuntu-server :)
<Amon_Re> ivoks: i know, but i figured it'd be more likely to find lvm users here ;)
<Amon_Re> because that's what i was suspecting
<Amon_Re> ivoks: know any other browsers that are available in the repos?
<ivoks> Amon_Re: konqueror, epiphany, mozilla, lynx, links, w3m...
<mralphabet> here's vote three for nothing to do with lvm
<Amon_Re> ivoks: i'll try konqueror, links & lynx are slightly to arcane for me ;)
<ivoks> now... what do you think ubuntu-server is missing, if anything?
<Amon_Re> it's annoying tho, can't post at the forums because of the problem....
<ivoks> (this is unrelated to lvm and Amon_Re's problem)
<Amon_Re> ivoks: exchange replacement
<ivoks> other than that :)
<Amon_Re> ivoks: dunno anything else really, the rest i need is there (web, mail, ftp, file & print, scanning)
<mralphabet> I need a way to monitor hardware raid . . . (lsi megaraid specifically) and I haven't found a utility to do it
<ivoks> mralphabet: there's a tool
<ivoks> mralphabet: i use it, daily
<mralphabet> ivoks: I figured there was, I just haven't crossed paths with it yet
<ivoks> mralphabet: it's not good as 3ware's, but...
<mralphabet> is anything?
<ivoks> it's ok for rebuild, monitor, etc..
<ivoks> it's called megamgr
<ivoks> non-free
<ivoks> mralphabet: what card you have?
<mralphabet> ivoks: thanks, I'll take a look
<mralphabet> an i4
<ivoks> mralphabet: i'll give you a link
<ivoks> mralphabet: http://www.grad.hr/~ivoks/ut_linux_mgr_5.20.zip
<ivoks> i have problems with LSI
<ivoks> and dapper :/
<mralphabet> ivoks: heh, I haven't had any problems yet . . . it's an older card, I figured any support issues should be nailed down by now for it
<mralphabet> ivoks: thanks for the zip, afk a few
<ivoks> i get high iowait and low write speed
<ivoks> where low is ~ 6MB/s
<ivoks> that's and Intel(R) RAID Controller SRCS16
<Amon_Re> Hah!
<Amon_Re> incase anyone wonders, the problem was the url, www.ubuntuforums.org works, .com doesn't (logging in that is)
<Amon_Re> ivoks: 6MB? That's a sata raid ain't it?!
<ivoks> yes
<Amon_Re> should be faster
<ivoks> a lot faster
<ivoks> redhat had the same problem
<ivoks> but then they fixed it in kernel
<Amon_Re> what kernel do you use?
<ivoks> i should grab their source and see what they did
<ivoks> dapper's 2.6.15
<Amon_Re> wasn't there a more recent one backported?
<Amon_Re> btw, ever played with evms?
<ivoks> i don't use backports on production machines
<Amon_Re> i see
<ivoks> i tried edgy's kernel, but same thing
<ivoks> i'll check out redhat's kernel
<Amon_Re> good luck :)
<ivoks> thanks
<Amon_Re> don't happen to know a decent way to share evolution calendars between multiple computers do you?
<ivoks> webdav?
<Amon_Re> ivoks: i've been looking into it, and i can publish a calendar onto my webserver, but the other machines can only use it as a read-only calendar, seems rather messy really
<Amon_Re> syncml would be cool, had it not been buggy & in java
<Amon_Re> caldav is something i never even heard of untill i saw the plugin in evo :P
<Amon_Re> there just isn't anything out there that even comes close to be an exchange replacement :(
<mralphabet> ivoks: have you seen anything that will report health of the array?  or is it in megamgr and I'm just not seeing it?
<ivoks> Amon_Re: openexchange
<ivoks> mralphabet: Configure -> Add/View
<mralphabet> ivoks: ahh, thanks
<Amon_Re> ivoks: never gotten that to work (although that was quite awhile ago.... ) maybe i should give it another shot
<ivoks> mralphabet: or Objects, Logical Drive, View/Update
<ivoks> Amon_Re: well, i got it working on breezy a year ago
<mralphabet> ivoks: perfect, thanks again
<ivoks> i think i found rh's patch
<Amon_Re> ivoks: how well did/does it run?
<ivoks> Amon_Re: it worked; it was proof of concept; i had to re-install it on redhat (which was supported platform, but produced worse results :)
<Amon_Re> lol :)
<Amon_Re> well, i guess i could go the openxchange route (although getting that beast to run on a gentoo server might be painfull), but it's overkill for my needs atm, simple calendar syncing/sharing should be easy! :P
<andriijas> why should i use ubuntu server and not debian?
<mralphabet> hello drive by opinion seeker
<mralphabet> er . . . goodbye I mean
#ubuntu-server 2006-12-27
<foo> from mail.log - , relay=gmail-smtp-in.l.google.com[72.14.247.27] , delay=4, status=bounced (host gmail-smtp-in.l.google.com[72.14.247.27]  said: 550 5.1.1 No such user 26si19736540aga (in reply to RCPT TO command)) Hm, weird. I am doing echo test|mail mygmailaccount@gmail.com No idea where it's getting that user from. Maybe I don't have the RCPT set up correctly. Any ideas?
<foo> I want to upgrade to php 5.2 instead of 5.1.2 on ubuntu server. What's the best way to go about this?
#ubuntu-server 2006-12-28
<NineTeen67Comet> Hello all .. I'm using Ubuntu Server 6.10 .. I have been using Gallery2 for a long time (couple years) and always installed it by hand. I see it in the apt-get repositories but I'm unsure how to implement it? I keep all my websites on /media/shared/shared/www .. I assume Gallery/Plone/Wordpress etc etc .. is going to install somewhere around /var/www .. How can I use it with apt-get since my sites are not in /var/www?
<NineTeen67Comet> Off to play with it .. 
<Stalwart> can anyone tell me what i get if install ubuntu in server edition?
<Stalwart> basic system or bunch of useless daemons?
<ivoks> 'cli' option in ubuntu install installs basic system, if i'm not mistaken
<ivoks> server version installs almost same thing
<ivoks> but different kernel
<Stalwart> different kernel?
<Stalwart> with xen or something even more different?
<ivoks> eh, more or less
<ivoks> -generic kernel is desktop kernel
<ivoks> -server kernel uses different scheduler
<ivoks> and some other stuff
<ivoks> it's slower for multimedia, but better on high load (very simplified :)
<Stalwart> oh
<Stalwart> is question about timer frequency for #ubuntu-desktop or something like that?
* Stalwart likes 1khz for both system timer and usbhid
<ivoks> i think there are lowlatency kernels planed for feisty
<Stalwart> in freebsd timer can be set with boot parameter
<ivoks> i don't think this is possible on linux, but i really am not sure
<ivoks> maybe you should ask in ubuntu-kernel?
<Stalwart> hehe
<Stalwart> probably
<okaratas> -j #ubuntu-tr
<okaratas> sorry..
#ubuntu-server 2006-12-29
<artbird309> How would I set up a LDAP server
<lionel_> artbird309: did you search on help.ubuntu.com/community ?
<artbird309> Yes
<lionel_> artbird309: this page describe how to set up a LDAP server : https://help.ubuntu.com/community/OpenLDAPServer
<artbird309> I did not see that page
<artbird309> I will look at it thanks
<lionel_> you're welcome
<jhutchins> Can anybody confirm for me that hylafax and freeradius work on ubuntu server?
#ubuntu-server 2006-12-30
<TooR4u> how to install ubuntu server ...?
<TooR4u> sudo apt-get install .....?
<TooR4u> what cmd i have to type to install ubuntu server
#ubuntu-server 2006-12-31
<rverrips> Evening all - Happy New year ...
<rverrips> Need a quick bit of help - Looking for a howto but can't find one in forums ... Would like to upgrade a debian testing to ubuntu-server - I have the ubuntu-server 6.10 CD and would prefer to use that first ... Do I just need to update the source.list and point to edgy on the CD?
<lane> Does anyone know of a webcam that works with ubuntu server without the gui?
#ubuntu-server 2007-12-24
<peanutb> Ahmuck: this comp has 512 megs of ram
<peanutb> the other one i was using had some weird Rambus ram in it or something so it got debian on it
<spiekey> howdy!
<spiekey> has someone ever made a AP out of a ubuntu box?
<spiekey> there are tons of documentation about Wirless Clients, but not how to set up your own AccessPoint
<t94xr> yeah i've wanted to that aswell
<pteague> anybody know how to remove tomcat from the services started on boot?
<t94xr> lots of people usually end up reflashing a WRT54GL and extending the antenna's to larger amplified ariels
<spiekey> if i use: "pre-up iwconfig wlan0 mode Ad-Hoc"  then i can see my box, if i change it to "pre-up iwconfig wlan0 mode Managed" it disapears.
<spiekey> any idea why?
<spiekey> where is my config: http://pastebin.ca/830877
<Nafallo> hmm
 * Nafallo needs to implement mailfiltering on the serverlevel
<zylmak> hello
<zylmak> i have a problem setting up perl in apache
<nealmcb> zylmak: I may not know how to help, but you'll be much more likely to get an answer .... damn
<pteague> anybody know what the url for the buy one get one is? for the laptops?
<pteague> The Ubuntu project is poised to release its second Long Term Support (LTS) release in April, which will be crucial to its acceptance in corporate environments.  We don't know a lot about the Ubuntu 8.04 LTS release ("Hardy Heron") but the server release better support virtualization in a big way if the company is going to push into data centers with any success...
#ubuntu-server 2007-12-25
<Delvien> How much space would you say i need for ubuntu server? 10gigs ?
<Delvien> for /
<Kamping_Kaiser> to install?
<Kamping_Kaiser> 1~gb for a base(ish) install+software
<Delvien> Is there a difference in kernels for AMD vs intel ? Does it really matter?
<Delvien> for ubuntu-server that is. (7.10)
<Delvien> nm found it out
<antdedyet> Delvien: what is the answer?
<antdedyet> !kernel
<ubotu> The core of the Ubuntu Operating System is the Linux kernel: see https://help.ubuntu.com/community/Kernel - You shouldn't have to compile your own, but if you're convinced you do, see https://help.ubuntu.com/community/Kernel/Compile - For more: /msg ubotu stages
<Delvien> antdedyet there are only 2 "install" versions, 32 bit and 64 bit
<Delvien> antdedyet that means that the instlal will automatically pick up what processor you have and install all the nec stuff for you
#ubuntu-server 2007-12-26
<Kamping_Kaiser> pschulz01, evening
<Kalamansi> afternoon here guys
<Kalamansi> using ubuntu 7.10 desktop
<Kamping_Kaiser> for everyones background: Kalamansi is after help setting up a gateway to do content filtering, and block p2p traffic
<Kamping_Kaiser> Kalamansi, your technical questions from pm, i'll answer them here.
<Kamping_Kaiser> to setup dansguardian for a basic setup, follow these steps https://wiki.ubuntu.com/EdubuntuProxy
<Kamping_Kaiser> once you have the basic setup, you/we can change it to make it work for you better
<Kalamansi> ok im on it. done downloading it
<Kalamansi> but i am not using edbuntu... im using ubuntu...is it okay?or conflict?
<Kamping_Kaiser> it all works the same
<pschulz01> Kamping_Kaiser: Evening..
<Kamping_Kaiser> pschulz01, hope you had a great last 3-4 days ;)
<pschulz01> Kamping_Kaiser: Someone is being quiet at the moment :-)
<Kamping_Kaiser> hehe. :)
<pschulz01> Anyone here using dspam?
<Kalamansi> Kamping_Kaiser : is it okay to use ubuntu 7.10 desktop with x window (for my server)? im not good in typos by hand scripting
<Kamping_Kaiser> Kalamansi, you can do if you want. for a 'real' server you would avoid x, but for a home/learning sedtup its ok (just i dont know how you configure a server via a gui :))
<Kalamansi> Kamping_Kaiser :  while after installing this dansguardian and squid i will plug off the monitor and just leave the tower cpu.
<pschulz01> Kamping_Kaiser: Any problems with the kernel/scheduler in desktop do you think?
<Kamping_Kaiser> pschulz01, not for a simple gateway, which is what it sounds like (s?)hes trying.
<Kalamansi> Kamping_Kaiser : Is it ok?my server is pentium dual core 3.00ghz, 1gb ram, 256 videocard, azus p5pe? is it okay for server?
<Kalamansi> Kamping_Kaiser : handling 40 units winxp home workstations ?
<Kamping_Kaiser> Kalamansi, its obscenely overpowered, otherwise no problem ;)
<pschulz01> Kamping_Kaiser: I'm running a server on a AMD P200+ (old old old)
<Kamping_Kaiser> pschulz01, i'm running a server on a sun sparc of unknown speed.
<pschulz01> s/Kamping_Kaiser/Kalamansi/
<Kamping_Kaiser> Cpu0Bogo        : 540.49
<Kamping_Kaiser> :)
<Kalamansi> Kamping_Kaiser :  in this section sudo iptables -t nat -A OUTPUT -p tcp -d ! 192.168.0.0/255.255.255.0 --match owner --gid-owner users -j REDIRECT --to-ports 8080 -- do i need to use this 192.168.0.0 instead of 192.168.1.1? because my modem is setup to 192.168.1.1 .....
<Kalamansi> pschulz01: with x server? (your old server)
 * Kamping_Kaiser wishes he could remember the real link for setting up a filtering proxy
<Kamping_Kaiser> Kalamansi, what is your native language?
<Kamping_Kaiser> http://www.debian-administration.org/articles/23  http://www.squid-cache.org/mail-archive/squid-users/200504/0575.html and more advanced : http://www.debian-administration.org/articles/187
<Kalamansi> Kamping_Kaiser : filipino - tagalog, visayan, ilonggo and english (philippines, davao city)
<Kamping_Kaiser> hm. not sure if theres ubuntu channels for those.
 * Kamping_Kaiser considers aquireing food (but i'm not hungry :/)
<Kamping_Kaiser> i'm heading to the hawtins :)
<Kamping_Kaiser> Kalamansi, good luck with your problem - read those links and have a play around. i'm sure someone here can help. remember that today is probably a bad day - xmas just finished in most of the world. tomorrow or the day after may be better. see you all!
<Kalamansi> Kamping_Kaiser : do you have links for advance guide?dansguardian and iptables..thanks
<Kamping_Kaiser> !iptables
<ubotu> Ubuntu, like any other linux distribution, has firewall capabilities built-in. The firewall is managed using the 'iptables' command (see https://help.ubuntu.com/community/IptablesHowTo), or GUI applications such as Firestarter (Gnome) or Guarddog (KDE).
<Kamping_Kaiser> Kalamansi, ^^ look at that link
<Kamping_Kaiser> Kalamansi, ask in #dansguardian about a dansguardian link :)
<Kalamansi> ok do you have 24 hours tutorials there?pdf?hehehe
<Kalamansi> Kamping_Kaiser : is it ok to run firestarter and dansguardian?
<pschulz01> Kamping_Kaiser: Were you aware of any of the following problems with dspam? https://bugs.launchpad.net/bugs/+bugs?field.searchtext=dspam&search=Search+Bug+Reports&field.scope=all&field.scope.target=
<pschulz01> Hmm... https://bugs.launchpad.net/ubuntu/+source/dspam/+bug/141413
<ubotu> Launchpad bug 141413 in dspam "dspam-webfrontend.conf has wrong group" [Undecided,New]
<Kalamansi>  pschulz01: im not sure really what to run tho..which one is more secure firestarter or dansguardian?
<kbrooks> Can ubuntu-server be installed with no CD?
<dthacker> kbrooks: a network install is available, I have not tried it.
<lamont> I discovered this week that the network install defaults to server.  most nice
<lamont> well, at least on some platforms.
<zylmak> good morning, what is the command to see the right over a file or folder?
<zylmak> hello i have problem setting up apache
<zylmak> especialy  the cgi
<zylmak> does anyone know ho to setup apache2?
<h4x0r7h1s> I have a server on Edgy I'm moving to Gutsy
<h4x0r7h1s> it has Apache2 with ssl
<h4x0r7h1s> the Edgy version works well; the Gutsy one gives the error in firefox:  ssl_error_rx_record_too_long
<h4x0r7h1s> hrm
<spiekey> hey!
<spiekey> How do i get my network card driver into the initrd image? I need it to boot via lan
<Centaur5> My thin clients can boot into the login screen but they don't authenticate.  I don't see any error messages in syslog and I've tried deleting the ltsp installation, running build-client again, and update-sshkeys. Are there more diagnostic steps I can do?
#ubuntu-server 2007-12-27
<Kamping_Kaiser> Centaur5, check users .xsession (.xerror?) fro errors
<Kamping_Kaiser> do you have sabayon installed?
<Centaur5> I'm installing that now
<Centaur5> I'm getting this in .xsession-errors xrdb: Can't open display ''
<Centaur5> That's rather odd, I wonder what suddenly caused that to happen.
<Kamping_Kaiser> any hardware/software/configuration chagnges happened recently?
<Centaur5> The thin clients have been dead for over a week and I haven't figured it out.  The last thing I changed on the server before they died was setting up a chillispot/freeradius server.
<kraut> moin
<pteague_work> anybody know which fs i should be using on a virtual server? ... for the virtual machines themselves
<leonel> ext3 as usual ..
<pteague_work> k, just making sure... i'm rsyncing a huge amount of files to it & at the time i wasn't getting any response when attempting to ssh to it to check some things
<Delvien> ARP cache,, is that held on my router or the computer itself?
<Delvien> ok held on the server,
<Delvien> I need to know how to extend the ARP flush to 48 hours
<nealmcb> Delvien_: what is the underlying problem pou're trying to solve?
<nealmcb> *you're
<Delvien_> WoL for my vmware server, If the computer is off for some time.. i cant wake it up by sending it a "magical packet"
<Delvien_> looks like 5 minutes is the timeframe
<nealmcb> Delvien_: hmm - sounds complicated :-)  how does vmware fit into this?  and which sort of magical packet are you talking about, and which host do you want to wake up from where?
<Delvien_> no no no, i need to wake up my machinie not nec my vm,
<Delvien_> I dont need my vmware server on all the time
<Delvien_> which is run off ubuntu-server
<Delvien_> so i turn off the machine when im not using it
<Delvien_> and when i need it on i use an app called "wakeonlan" so my server will boot up, its a whole thing with wake on lan receives a signal and boots the computer
<Delvien_> but the ARP flush is set to 5 minutes, i cant find ANYTHING online on how to extend this to 48 hours
<Delvien_> nealmcb do you get what im trying to do?
<nealmcb> Delvien_: so we can ignore vmware entirely?
<Delvien_> yep
<nealmcb> and you have a client machine (linux?)
<Delvien_> thats just what my server runs :P
<nealmcb> and a server?
<Delvien_> ubuntu-server
<Delvien_> a client ubuntu-desktop
<Delvien_> server is ubuntu-server 7.10
<nealmcb> do you get an error message?
<Delvien_> woops nick is wrong
<Delvien> nealmcb no, it just doesnt wake up because the settings are flushed, the computer simple just doesnt turn on after a time if i send a WOL packet,
<nealmcb> so you think you want to have the client machine remember the ethernet address longer than 5 min?  but it doesn't complain about not knowing it?
<nealmcb> if this was a common problem with WoL I'd expect them to suggest a solution....
<nealmcb> so what is unusual about your configuration?
<Delvien> nothing, some people have the same problem but like always, they never post their solutions
 * nealmcb nods
<Delvien> ARP is automatically set to clear within a few minutes or hours
<Delvien> i can run command "arp" while the computer is on, and man arp shows nothing that will help
<Delvien> im at a loss
<nealmcb> does a packet get sent?  e.g. does ethereal show anything?
 * nealmcb wonders why there is no error message from wakeonlan
<Delvien> there wouldnt be
<Delvien> its not accessing the computer itself when its off. its just sending it a packet
<Delvien> saying "hey wake up"
<Delvien> there would be no response because the eth card is "sleeping" and only accepts a packet to signal the boot
<nealmcb> I was assuming that the problem was that the arp cache is on the client didn't have the sleeping server's mac address - right?
<nealmcb> s/is on/on
<Delvien> it has it , but only for a certain amount of time
<nealmcb> you run wakeonlan on the client, right?
<Delvien> ye
<Delvien> yep
<nealmcb> so if it sends a packet, it is a problem on the server end, and if it doesn't send a problem, it is a client / network issue
 * nealmcb forgets most of the details of arp caching, frankly....
<nealmcb> we once had to run a rarp daemon, but since then, most "arp" problems turned out to actually be other networking issues
<Delvien> ARP caching keeps the mac address and the ip address so if your system goes down for a short amount of time it will keep the same information, the MAC address of course would all stay the same, but the IP would remain
<Delvien> err wouldnt remian for IP
<Delvien> remain
<Delvien> there is a way to extend that ARP caching, but i dont know how to in linux
<nealmcb> what kind of network?  what kind of router(s)?
<Delvien> just LAN atm
<Delvien> wrt54g
<Delvien> nealmcb and i know its something in ubuntu-server i can change because if i disconnect the power then turn it off just far enough to get to grub turn it off, and send the WOL it doesnt boot
<Delvien> but if i let it boot up then shut down, it will wake with the packet
<nealmcb> wired lan?  I wonder if the router can be configured to help
<nealmcb> I don't see what the server has to do with it - it is asleep....
<nealmcb> I would think you'd be changing the arp cache time on your client
<nealmcb> the server might ignore wol when already in grub or something....
<nealmcb> Delvien: what command line do you use to wake it up - do you give it an ip address or a mac address?
<nealmcb> seems like you just need to remember the mac yourself....
<Delvien> nealmcb right i thought that to but what WOL does is keeps power coming to the ethernet , so it can receive a packet, which sends a signal to the mobo to boot
<Delvien> wakeonlan -i 65.186.88.xx -p 9 00:11:5B:14:4A:xx
<Delvien> put x's in there so no ones gonna try and hack me :P
<Delvien> im testing something, hopefully this will work
<nealmcb> so why do you need an arp cache if you give it the mac address?
<Delvien> put wol into "d" mode
<Delvien> if the cache is cleared its not on the network technically
<Delvien> therefore the router is like "huh" and throws the packet away, course, you wouldnt get an error
<Delvien> unless im wrong
<nealmcb> I think the arp cache is just a local thing used to construct the packet.  if you give it the mac addr, it shouldn't need the cache
<Delvien> the cache is on the server not the client
<nealmcb> no - the router would have its own arp cache
<nealmcb> the cache is on each local machine, whether it is a client, server or router
<nealmcb> but as I say I don't think you need it....
<Delvien> i guess you are right
<Delvien>  there is a parameter in the router named "ARP flushing time" that is defined in 5 minutes.
<nealmcb> and sniffing your network will tell you if the packet is being sent
<Delvien> I have no idea how to change the ARP flushing time
<nealmcb> can you change that?
<Delvien> weird cant find an option
<nealmcb> if it is a switched network I guess the router might need to be involved, but that would seem error-prone....
<Delvien> nealmcb think if i didnt have it on DHCP would it be a problem ?
<nealmcb> is it getting the same ip address each time?
<Delvien> yeah
<Delvien> only 2 on the lan atm
<Delvien> my client and server
<nealmcb> then the answer should be "no it wouldn't matter"
<nealmcb> but of course most of my answers are based on theory, not practice :-)
<proprietarysucks> anyone know how to get 3ware card working on ubuntu 6.10 server ?
<nealmcb> !hardware
<ubotu> For lists of supported hardware on Ubuntu see https://wiki.ubuntu.com/HardwareSupport - To help debugging and improving hardware detection, see https://wiki.ubuntu.com/DebuggingHardwareDetection
<proprietarysucks> https://wiki.ubuntu.com/DebuggingHardwareDetection is a blank page with how to file a bug report
<proprietarysucks> and the first one doesn't have it
<proprietarysucks> this is 9650SE
<proprietarysucks> the instructions from 3ware are: http://www.3ware.com/KB/article.aspx?id=15054
<proprietarysucks> however it's not working as expected; something is different
<Delvien> nealmcb was seeing if i could upgrade my routers firmware, of course my router is the ONLY one on the list i have to jump through a flaming hoop to flash
<proprietarysucks> specifically step 7
<nealmcb> proprietarysucks: hmm - scary set of instructions....
<proprietarysucks> here's the problem I run into
<proprietarysucks> When I go back to tty1 to 'select' 3w_9xxx, there's nothing to select
<proprietarysucks> it's still on the same screen it was before
<proprietarysucks> in other words, the instructions suggest the installer will fail to find drive and then ask you to load a module
<proprietarysucks> however in reality the installer doesn't seem to be doing that
<proprietarysucks> I have to have this done on 3 systems asap :(
<nealmcb> proprietarysucks: sorry - not my area of expertise :-(
<nealmcb> perhaps ask 3ware for help or ask them to release the source for the driver and build your own kernel....
#ubuntu-server 2007-12-28
<Delvien> nealmcb I think i figured it out.. it wasnt ARP at all.. I was just having it go to a port and since the computer clears ARP cache I just have to make sure to route it to my external IP address with the mac address
<Delvien> now i just wish i could test it from another network... no one has free wifi where i live.. course it could be the fact that I named my ESSID Virus_seed :P
<ewook> oy!
<ewook> did ubuntu discontinue webmin as a package with the release of 7.10?
<Kamping_Kaiser> hopefully :/
<ewook> Oo now why would you say that?
<Kamping_Kaiser> !webmin
<ubotu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system
<ewook> lol
<ewook> thanks.
<Kamping_Kaiser> "unexpected issues" usually meaning "serious breakage"
<Kamping_Kaiser> heh. np.
<Kamping_Kaiser> !box
<ubotu> Sorry, I don't know anything about box - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<Kamping_Kaiser> !ebox
<ubotu> Sorry, I don't know anything about ebox - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<Kamping_Kaiser> well you should :@
<ewook> replacement?
<Kamping_Kaiser> ewook, i think thier trying to replace it with something called 'ebox'. look it up
<ewook> guessed so :)
<Kamping_Kaiser> :)
<ewook> see no issues with the current release right now tho.
<ewook> I'll hold my tounge on that tho until I've touched everything that I can manage with it.
<Kamping_Kaiser> ubotu, ebox is something you should know about. perhaps an -op will tell you (Ping ops :P)
<ewook> but so far, so good. just confused since it didn't show up.
<ewook> !teach ebox - replacement for webmin
<ewook> ^^
<ewook> lol
<ewook> 03:06 <ubotu> Error: I am only a bot, please don't think I'm intelligent :)
<Kamping_Kaiser> the ops will deal with it
<ewook> ya. shame that they didn't include some notes in the package database regarding the discontinuance.
<ewook> or did they?
<Kamping_Kaiser> dont know. heh.
<ewook> ^^ . well, thanks for the info. oooh, by the way - whats the syntax  for the local language-flavor of the ubuntu-channels? cannot recall *_*
<Kamping_Kaiser> -cc
<Kamping_Kaiser> eg -au, -de
<ewook> aaah.
<Kamping_Kaiser> :)
<ewook> thanks again ;p
<Kamping_Kaiser> np
<ewook> oh.. since I'm acctually here. do you run apt as a cron-job?
<Kamping_Kaiser> yeah. theres actually a package for it
<ewook> it is? *_'
<Kamping_Kaiser> cron-apt - automatic update of packages using apt-get
<Kamping_Kaiser> apticron - cron-script to mail impending apt updates
<Kamping_Kaiser> depending on what you want
<ewook> first one ;p
<Kamping_Kaiser> :)
<ewook> a bit sad tho that they messed up the kernel with pae... generic one isn't really that fun to run.
<Kamping_Kaiser> pae?
<ewook> something to do with acpi
<Kamping_Kaiser> oh
<ewook> cannot recall. didn't have the energy to understand it. but got the fun stuff with cpu to old for kernel - panic thingy.
<ewook> solution - go generic-kernel.
<Kamping_Kaiser> hopefully they fix it before the next release then
<ewook> perhaps. or, low budget cpu's isn't to go for anymore ;p
<Kamping_Kaiser> I HATE USB
<Kamping_Kaiser> *rant*
<Kamping_Kaiser> sorry. :|
<ewook> *_*
<ewook> why?
<ewook> I love it ;P
<ewook> no burning ports with disconnect/connect during running
<Kamping_Kaiser> lots of reasons, including dying after copying 25gb~, or hammering the cpu with interupts
<ewook> aaah. I only use it for HID's ;P
<ewook> storage goes with the ethernet ;p
<Kamping_Kaiser> hehe
<Kamping_Kaiser> *hugs ps2*
<ewook> =/ my kvm's didn't like swapping between win32 boxes and linux-boxes and died all the time
<ewook> damn homebrew ps2 crap =/
<Kamping_Kaiser> :(
<ewook> made a mess when I used the kvm instead of a ssh connection =/
<ewook> all puters just screamed *_* . so - I moved it to a corner and use usb-kb and mouse between a couple of machines instead :)
<Kamping_Kaiser> :)
 * Kamping_Kaiser thrashes his CPU :/
<Kamping_Kaiser> not that you need to know that :p
<ewook> well, perhaps no - but got me quite interested in WHY ... :p
<Kamping_Kaiser> hehe. building packages
<ewook> oooh.
<ewook> doesn't using a package-manager kinda throws of that need? ;P
<Kamping_Kaiser> not when you need customisations :)
<ewook> aaaaaah
<ewook> no, true ;p
<Kamping_Kaiser> :p
<ewook> a damn. time to kill some time sleepnig. laters.
<Kamping_Kaiser> later mate
<leonel> !webmin
<ubotu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system - Consider "ebox" instead
<Burgundavia> leonel: ?
<leonel> Burgundavia: ??
<Burgundavia> leonel: why did you pull up the webmind thing?
<leonel> <ewook> did ubuntu discontinue webmin as a package with the release of 7.10?
<leonel> and I remembered that  ...
<leonel> that's all
<Burgundavia> ahh, right
<Kamping_Kaiser> 3 lines down
<Kamping_Kaiser> or 4, if your client shows parts
<leonel> I lost the net connection
 * Kamping_Kaiser also points out ewook has left ;)
<leonel> plop ..
<Burgundavia> yep, I got it
 * nealmcb sees life returning to the channel :-)
<Burgundavia> hey nealmcb
<nealmcb> Burgundavia: howdy!  it's fun to relax on the holidays :-)
<genii> Hi ppl. I've needed to disable onboard nic, also had another in and then pulled it. Now on third. However instead of it being now eth0 since it's the solitary , it appears as eth2. I'd like to make it eth0 to ifconfig. Previously this would have been by putting a line in /etc/iftab specifying an ethX with a MAC, now I don't know where to set this.
<Kamping_Kaiser> !z25
<ubotu> Sorry, I don't know anything about z25 - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
 * genii sips a coffee
<Kamping_Kaiser> bah. brb
<Kamping_Kaiser> genii, <dpkg> methinks z25 is as of version 0.090, udev has the ability to statically rename ethernet cards based on MAC address.  The addresses are configured in /etc/udev/rules.d/z25_persistent-net.rules .  If you want the mappings to change, edit that file.  If you don't want udev to touch your interface names, remove that file and z45_persistent-net-generator.rules in the same directory.
<Burgundavia> yep
<genii> Kamping_Kaiser: OK I'll give it a shot
<Kamping_Kaiser> looks ike ubuntu users 75 not 25 (gutsy)
<genii> Hmm must be 70-persistent-net.rules
 * Kamping_Kaiser wonders why the udev stuff is renamed and reordered
<nealmcb> genii: yeah
<genii> Got it, thanks
<nealmcb> !udev
<ubotu> Sorry, I don't know anything about udev - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<nealmcb> !dev
<ubotu> Interested in becoming an Ubuntu Developer? Get started here: https://wiki.ubuntu.com/UbuntuDevelopment
<nealmcb> :-)
<genii> What a hassle. Before just shuffle the ethX names in /etc/iftab
<Kamping_Kaiser> different file. its not that painful
 * genii shakes a fist at udev!
<genii> Kamping_Kaiser: True, just not well documented
<nealmcb> genii: yeah, but as I understand it, getting plugable devices to work well required stuff like that
<Kamping_Kaiser> genii, yeah. i only know from that factoid
<genii> nealmcb: Well now I'll know for next time anyways :)
<genii> Well it would be good for removable adapters
<Kamping_Kaiser> sucks for swapping os/nic though
<genii> Multiple pcmcia, etc
<genii> Kamping_Kaiser: Yes, was starting to piss me off actually <laughing now>
<Kamping_Kaiser> :)
<lifesf> Hi everyone; I need some help to mount; i've tried going through man pages a bit; the info on the internet has not been helpful so far... I am wondering if anyone would be able to help me figure out how to mount a hdd on my present machine; and preferably so it can mount automatically each time the pc reboots.
<Kamping_Kaiser> lifesf, give us some details - whats your release, whats the hard drive, what filesystem is it, internal or external drive? etc
<lifesf> internal NTFS Ubuntu 7.10 Server; running no GUI
<lifesf> sata if that helps in any way :)
<Kamping_Kaiser> can you run `ls /dev/ |grep sd` and `mount` and pastebin the output?
<lifesf> what is pastebin?
<Kamping_Kaiser> !tell lifesf about pastebin
<Kamping_Kaiser> you'll wind up with a  line that looks like this - /dev/sdc2       /mnt/ntfs            ntfs    defaults        0       2 - i just want to try and get the correct settings :)
<Kamping_Kaiser> !ping
<ubotu> pong
<Kamping_Kaiser> your there.
<lifesf> http://paste.ubuntu-nl.org/49777/
<lifesf> i'm where?
<lifesf> hmm sry; i'm not that quick tonight
<Kamping_Kaiser> i'm guessing sdb1 is your ntfs drive
<Kamping_Kaiser> so run `sudo mkdir /mnt/ntfs` (ntfs=whatever you want to reference the drive as)
<lifesf> ok; and if i want it to mount automatically when the pc boots?
<Kamping_Kaiser> getting there. i want to make sure i have the right drive first
<Kamping_Kaiser> did you run that?
<Kamping_Kaiser> then run `sudo mount /dev/sdb1 /mnt/ntfs`
<lifesf> ntfs to anything i want?
<Kamping_Kaiser> you can call it /mnt/windows or /mnt/isos (for example)
<Kamping_Kaiser> just nothing with a space
<lifesf> yup done both
<lifesf> no error nothing
<lifesf> i'll check the drive to verify data
<Kamping_Kaiser> run `ls /mnt/ntfs/`
<Kamping_Kaiser> if it has what you hoped for, thats good ;)
<lifesf> it does :D
<Kamping_Kaiser> if it does, use `sudo sensible-editor /etc/fstab` to open the fstab file (filesystem table)
<Kamping_Kaiser> add a line like : /dev/sdb1       /mnt/ntfs         ntfs         defaults         0          0 to the bottom (perhaps with a comment # this is my ntfs drive)
<lifesf> is sensible-editor a editor? because i'm still new and i use nano
<Kamping_Kaiser> sensible-editor uses the default editor - which i think is nano
<lifesf> ok
<lifesf> exit and save?
<Kamping_Kaiser> yep.
<lifesf> oops wait... should i tab instead of spaces?
<Kamping_Kaiser> shouldnt matter
<lifesf> alright
<Kamping_Kaiser> now run `sudo umount /mnt/ntfs` (to unmount what we just mounted), then `sudo mount -a`
<lifesf> fuse: failed to access mountpoint /mnt/ntfs: No such file or directory
<lifesf> FUSE mount point creation failed
<lifesf> Unmounting /dev/sdb1 (Musique)
<Kamping_Kaiser> then `mount`. if you got no errors on those 3 commands, and you see /mnt/ntfs after you run `mount` your good to go :)
<Kamping_Kaiser> did you call it ntfs?
<lifesf> ok; i just changed my error in fstab and i tried mount -a again and it says: mount: unknown filesystem type 'musique'
<Kamping_Kaiser> show me the line(s) you added to /etc/fstab
<lifesf> i changed it sorry; i noticed the second "ntfs" was designing the "type" ijust changed it back to ntfs
<Kamping_Kaiser> cool
<lifesf> mount -a gave no errors this time
<Kamping_Kaiser> now 'mount'. does it show up in the list?
<lifesf> if it saying: [/dev/sdb1 on /mnt/ntfs type fuseblk (rw,nosuid,nodev,noatime,allow_other,blksize=4096)] then yes
<Kamping_Kaiser> looks good.
<lifesf> :)
<Kamping_Kaiser> you can pastebin the lot if you want me to double check, but i think your good to go :)
<lifesf> http://paste.ubuntu-nl.org/49779/
<Kamping_Kaiser> bril. nice work :D
<lifesf> YOU are the brilliant one :D
<Kamping_Kaiser> hehe. nah.
<lifesf> so this means; i boot reboot and everything will be good?
<Kamping_Kaiser> thats what i expect
<lifesf> Perfect :)
<Kamping_Kaiser> :)
<lifesf> Thank you VERY much :)
<lifesf> enjoy your night/day :)
<Kamping_Kaiser> no problems. have fun :)
<pteague_work> anybody know of a good web panel similar to whm/cpanel for ubuntu?
<Blazer11> hello all
<Blazer11> need help SunBlade 1500 Xorg, multi pci domain prob
<Blazer11> ive been through all posts several times, it seems this was addressed in Fedora, im curious if one was to convert Fedora Xorg.rpm to .deb and instthis would work
<Blazer11> where is everyone
<Blazer11> circle jerking?
<Blazer11> lol
<Blazer11> out for coffee?
<MenZa> It might work, but it is /DEFINITELY/ not recommended.
<MenZa> !alien | Blazer11
<ubotu> Blazer11: RPM is the RedHat Package Management system. Ubuntu uses !APT, not RPM. RPM packages are not supported (the package "alien" can allow installing them, but it's quite dangerous)
<Blazer11> MenZa do u have any sug on a workaround ive been fighting with this, if i could backport to xfree86 that would do the trick
<MenZa> !info xfree86
<ubotu> Package xfree86 does not exist in gutsy
<MenZa> hmm
<MenZa> !find xfree86
<ubotu> Found: xserver-xorg-input-synaptics, xfree86-driver-synaptics, xserver-xfree86, t1-xfree86-nonfree, ttf-xfree86-nonfree (and 1 others)
<MenZa> xserver-xfree86 is available from the repos.
<Blazer11> i think its the transition package?
<MenZa> I'm not entirely sure what that is.
<Blazer11> could i change something in sources list to install xfree86?
<Blazer11> funny thing is i dont think gnome .deb package has support for xfree86 anymore
<kbrooks> Blazer11, xfree86 -> xorg. xfree86 is gone
<kbrooks> Blazer11, it has been superseded by xorg
<Blazer11> debian sarge uses xfree86, i thought this would do the trick, but it hangs detecting cdrom during install
<kbrooks> Blazer11, this is #ubuntu-server not #debian
<kbrooks> Blazer11, we cannot help you here
<Blazer11> I know im using Ubuntu
<kbrooks> Blazer11, so why do you mention debian sarge? and gnome is X server agnostic
<Blazer11> just making comparison, what was the last v of Ubuntu that used xfree86
<kbrooks> !info warty xserver-free86
<ubotu> Package warty does not exist in gutsy
<kbrooks> !info xserver-xfree86 warty
<ubotu> xserver-xfree86: transitional package for moving from XFree86 to X.Org. In component universe, is optional. Version 1:7.2-5ubuntu13 (gutsy), package size 0 kB, installed size 24 kB
<kbrooks> !info xserver-xfree86 hoary
<kbrooks> Blazer11, hm unsure
<Blazer11> i think warty was the last make, but how could i get a hold of the install images?
<kbrooks> Blazer11, but use packages.ubuntu.com to look for warty hoary edgy dapper gutsy (i might have left out a distribution)
<kbrooks> and the package xserver-xfree86
<Blazer11> warty not on the list
<zylstra555> Hello, I am running an Apache2 server with PHP, MySQL, Perl, and the basics installed. (And of course, the Ubuntu Server OS). I have a forum, and I would like to get the GD Library installed. How do I do this?
#ubuntu-server 2007-12-29
<antdedyet> hmm
<antdedyet> anyone not having problems with gutsy + kvm-intel module?
<antdedyet> only recently did the kvm-source + kvm pkg installation on a recent intel machine with vmx cpu flags and ran m-a a-i kvm, haven't tried rebooting and am getting lots of unresolved symbol messages in dmesg when trying to load the module: kvm-intel
<pteague> hmm... i need a new computer name... i have alpha, beta, ceta, delta, epsilon, gamma, & zeta
<mralphabet> I use superman villains
<soren> pteague: Er.... You could - this is just a suggestion - perhaps use the rest of the greek alphabet?
<pteague> yeah, thinking theta or iota...
<Gh0sty> mralphabet: i dont know any superman villains ;p
<Gh0sty> whats wrong with just things like "fileserver01" :p
<Gh0sty> well at the computer club at school we named them after simpson characters: the very big old sun box was homer :)
<mango> Hi.  I am looking at installing Ubuntu Server with RAID1.  Which download would you recommend - the standard Server Install CD, or the much larger Alternate Install CD which is said to specifically support LVM and RAID?
<mango> It isn't clear if the Alternate Install CD is intended for desktop or server use or both.
<mralphabet> mango: is it hardware raid or were you planning on using mdadm (linux software raid)?
<mralphabet> mango: either way, both should work with the standard server install disk
<mralphabet> mango: if you are trying to support some wacky onboard "raid" controller, that may be different
<mango> Just software RAID using mdadm.  I was wondering why that would be treated separately, based on the notes for the Alternate Install CD.
<mralphabet> the alternate cd is . . . more for the wacky installs
<mango> software RAID should be very standard now, so nothing wacky there.
<mango> Thanks then, I will just use the standard Server Install download.
<mralphabet> when I set up my mdadm mirror for the boot drives, it was on the standard server install disks, there were no problems.
<mango> I have just been using SME Server for a corporate server, and that configures RAID1 out of the box if it finds two or more drives.  I like that distro a lot for that type of application, but now I want to build a dedicated mail server for an ISP for which I don't think that SME is flexible enough.  I have been experimenting with Debian for a while, but like the Ubuntu approach, so want to give that a go.
<mango> Have you any suggestions for an open source ISP billing systems that could be used on the server?
<mralphabet> open source isp billing system?  Is there such a thing?
<mango> I have not found anything so far, but it is an essential requirement for any ISP.  At the moment we are using a very old package written in house in Visual Basic.
<osmosis> anyone know how to reset a drive on a 3ware controller that has timed out ?
<david__> I have some problems with name resolution on my server. My internal network is named "local". When I ping the router, it fails and shows the address 127.0.0.1, any idea?
#ubuntu-server 2007-12-30
<lhoerste> should I use /usr/share/phpmyadmin or /var/lib/phpmyadmin for my phpmyadmin install?
<osmosis> how do I get ride of the  apache2: apr_sockaddr_info_get() failed    when I do  sudo /etc/init.d/apache2 restart
<mralphabet> osmosis: look at your /etc/hosts file
<mralphabet> osmosis: somebody else mentioned that the 127.0.1.1 line does not have a fqdn
<osmosis> mralphabet: uhh  fqdn?
<mralphabet> fully qualified domain name
<osmosis> mralphabet: your right,
<osmosis> mralphabet: i still get this though,  apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
<mralphabet> yup
<mralphabet> that can be forced somewhere in the apache ini files, but that is just a warning, not a failure
<mralphabet> by using the ServerName directive
<nealmcb> osmosis: as they say, IIRC you can sop those apache warnings by putting the right fqdn for 127.0.1.1 (note 1.1) in /etc/hosts
<osmosis> nealmcb: i go that part..im still getting    apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName  though
<nealmcb> osmosis: hmm - well that is what worked for me, using a default apache install
<osmosis> nealmcb: yah...that took away one error, but there is still another. i think its an apache.conf error
<nealmcb> from this blueprint I gather that in gutsy I can't expect my cups printers to be automatically shared via avahi to macs on the local network: https://blueprints.edge.launchpad.net/ubuntu/+spec/printer-sharing   but in hardy that now works.  so what is avahi being used for in gutsy (it is a dependency - libavahi-compat-libdnssd1)?
 * nealmcb succeeds with sudo /usr/share/cups/enable_browsing 1  #edits /etc/cups/cupsd.conf sudo /usr/share/cups/enable_sharing 1
<nealmcb> ...having found the out-of-date advice at https://help.ubuntu.com/community/HOWTO-enable-cups-browsing (which I didn't find earlier since it didn't mention "avahi" - I'll fix that....
<nealmcb> sommer: (ivoks?) more updates of that howto ^ would be good for post-dapper and to answer the questions about security and recommendations
<kraut> moin
<pteague> suggestion for a location to store the library files for vmware server?  /opt/lib/vmware, /usr/lib/vmware, or something else?
<Gh0sty> is there a way to address all disks individualy from a software raid 5 by uuid?
<Gh0sty> i have raid 5 consisting of /dev/sdb up to /dev/sdf which is ofcourse now /dev/md0
<Gh0sty> would like to read out each disks temperature with hddtemp
<Gh0sty> problem is: depending of the startup of my machine sometimes sdf becomes sda and sda becomes sdf ... so i cannot rely on the names. I would like to use UUID. But since i dont mount each disk individually i have no entries for eachc disk under /dev/disk/by-uuid
<tt_> Would 256 MB is enough for unbuntu server?
<tt_> Anyone?!
<tt_> hi stormx :)
<tt_> Would 256 MB ram is enough 2 run Ubuntu Server?
<dthacker> tt_, yes
<dthacker> but beware of swapping if you run heavy loads on it.
<theunixgeek> How do I set up alpine to receive email messages?
<spiekey> hey!
<spiekey> my ubuntu box keeps spaming my tty with logs. How can i disable that?
<spiekey> hi
<spiekey> my ubuntu box logs my iptable stuff to tty0 and i cant use my tty anymore.
<spiekey> any idea where i can change that?
<spiekey> (i just asked this a few mins ago but got disconnected)
<soren> spiekey: Can I see your iptables LOG rules?
<spiekey> example: $IPTABLES -A Out_RULE_3  -j LOG  --log-level 3 --log-prefix "RULE 3 -- ACCEPT " --log-tcp-sequence  --log-tcp-options  --log-ip-options
<spiekey> is that enough?
<soren> spiekey: Yes. Just a sec. (I'm on the phone)
<spiekey> brb, too
<soren> spiekey: Why --log-level 3?
<spiekey> i changed it to info ;)
<spiekey> now it works
<spiekey> i though this was a ubuntu issue
<spiekey> thanks!
<soren> Heh.. np :)
<pteague> anybody know if /usr/lib/xorg/modules/drivers/vmware_drv.so something from the vmware server install?
<mralphabet> pteague: I don't believe so
<pteague> k, for some reason i'm having issues installing vmware & thought i might just try to start over
<mralphabet> it is from x11/xserver-xorg-video-vmware
<pteague> it's just weird cause i didn't have any issues installing vmware server on my box at work & the only difference is intel on this box instead of amd, 2 gigs of ram more, & the 8600gts has 512 instead of 256mb ram
<pteague> any idea which gcc i should be trying to build this with? 4.2?
<pteague> http://hashbin.com/ay
<nealmcb> pteague - /srv/vmware?
<pteague> ah, i figured it out... was trying to install 1.0.3 & should have installed 1.0.4... it seems to be working now
<lifesf> hello :) I need help... i need to install dnsexit and it tells me to run setup.pl .... only typing setup.pl is telling me: [bash: setup.pl: command not found]
<lifesf> Ubuntu Server 7.10
<zul> lifesf: do you hvae perl installed?
<lifesf> not sure...
<lifesf> apt-get install perl?
<zul> yep
<lifesf> oki
<lifesf> yes it was installed
<SweMac> Hi... Having big issues trying to convert avi to 3gp on ubuntu server
<SweMac> get unknown codec error
<SweMac> Tried installing ffmpeg from medibuntu repo, but dont know how
<lifesf> how do i run/install setup.pl?
<SweMac> ./setup.pl
<SweMac> ?!
<SweMac> check that, chmod +x setup.pl
<lifesf> i did ./setup.pl it worked :)
<SweMac> Cool
<lifesf> but now it's asking me if i want to run it as a daemon :S
<soren> SweMac: #ubuntu is the channel for you. This has nothing to do with Ubuntu server.
<SweMac> soren working great on ubuntu-desktop but having problems on ubuntu-server, but try there...
<nealmcb> Gh0sty: e.g. /dev/disk/by-uuid/0b61784e-aec2-4112-b9d7-f1b9b8ee8a52 ?
<nealmcb> or  /dev/disk/by-path/pci-0000:00:1f.1-scsi-0:0:0:0
<soren> SweMac: Doesn't matter. The only difference between ubuntu server and desktop is the kernel and the set of packages installed by default. Neither has software for converting avi to 3gp, so you're not dealing with the default set of software anyway :)
<nealmcb> soren: happy holidays - have you been getting a nice vacation?
<Gh0sty> nealmcb: if i list all under /dev/disk/by-uuid/ my disks dont have individual uuid's
<Gh0sty> since they are part of the array ...
<nealmcb> Gh0sty: how about /dev/disk/by-id etc?
<Gh0sty> how do you give a disk an id? :/
<Gh0sty> remeber vague it was something with partitioning or filesystem based ... :/
<lifesf> what is the difference between runnning in daemon and not?
<soren> nealmcb: I'm completely knackered. I bought a house about a month ago, and I've spent the holiday working on it. As you have probably guessed, I'm not used to handling power tools for 10 hours a day..
<soren> nealmcb: Thanks for asking, though. How about you?
<lifesf> what is the difference between runnning dnsexit in daemon and not?
<soren> lifesf: deamons typically detach from the terminal and keep running in the background.
<soren> Gh0sty: You don't give disk id's yourself. They're automatically set by mkfs.
<Gh0sty> ah really
<Gh0sty> have to check ...
<Gh0sty> woow
<Gh0sty> what an id's :p
<Gh0sty> can i somehow map such id's to something better readable? :p
<Gh0sty> to use with hddtemp ;)
<J_5> anyone ever created a terminal server with ubuntu? is this even possible?
<Gh0sty> why shouldn't it be possible? :p
<J_5> haha well...good point.
<Gh0sty> what do you want? share your linux desktop for multiple clients? :/
<J_5> well, yes. i just want to be able to access a desktop remotely
<soren> J_5: That's even installed by default. Just enable it under System->Settings->Remote desktop or something to that effect.
<J_5> well, can i do this. I have a ubuntu server. can i turn that into a terminal server? and login with RDP/VNC whatever?
<soren> J_5: ...assuming you have a desktop running already and that's what you want to connect to. If not, you probably want to enable a vnc server in gdm or something.
<soren> J_5: Yes. Ask google about vnc and gdm.
<J_5> ok thanks
<J_5> :)
<soren> np :)
 * soren goes to bed
#ubuntu-server 2008-12-22
<uvirtbot> New bug: #307408 in samba (main) "System freeze when working on Samba or Cifs mounted share of NetApp server" [Undecided,New] https://launchpad.net/bugs/307408
<Kevin__> Hi. I just setup ProFTPD and am trying to FTP into my /var/www directory. Whenever I try to make changes, I'm getting a permission denied error.
<Kevin__> Any ideas? I chmoded the www folder to 664 and am still having trouble.
<Xperiment62> ive installed a counter strike 1.6 server onto intrepid ibex server, how can i get it to autostart without having to login and start it via ssh?
<Blaenk> hey guys if I already have php and apache (but I run lighttpd) how can I install mysql, just apt-get mysql?
<Jeeves_> mysql-server
<Blaenk> thank you Jeeves_
<Blaenk> can I install phpmyadmin from the repositories as well or would I have to do that manually since I'm using lighttpd, my web directory is /var/www
<Jeeves_> you can install it
<Jeeves_> it will place a symlink in /var/www
<Blaenk> thanks again Jeeves_
<Blaenk> oh cool it lets one choose what web server they're running
<Blaenk> hmm I don't see a symlink, I did put 'lighttpd' during installation, perhaps I should restart lighttpd
<Jeeves_> Ow, I only installed it with apache (lighty sucks) so i'm not sure how it works with lighty
<Blaenk> haha okay thanks
<Blaenk> Jeeves_: do you know where phpmyadmin is installed to/
<Blaenk> ?
<Blaenk> ah, /etc/phpmyadmin
<Jeeves_> Blaenk: The config files are there
<Blaenk> yeah I get it now thanks :)
<Jeeves_> /usr/share/phpmyadm (or something)
<Blaenk> yeah
<Blaenk> do you know where I go to change my password Jeeves_? for phpmyadmin, I overwrote htpasswd.setup with my credentials in it but it still only accepts user admin and no password
<Jeeves_> In your mysql-config
<Blaenk> hmm
<Jeeves_> mysqladm password
<Jeeves_> orso
<Blaenk> oh thanks
<Blaenk> is there a way I can list users or something, I only know of root and myself, blaenk, somehow though I'm still able to login with user 'admin' and no password
<Blaenk> yeah I even went into mysql database in phpmyadmin, clicked user and it doesn't even show 'admin'
<Blaenk> only trace of 'admin' I see is in htpasswd.setup but I already overwrote that
<Blaenk> oh I figured it out
<Blaenk> it's in the privileges section in phpmyadmin, didn't even know there was such a section
<Blaenk> ugh, I'm still able to login
<Blaenk> it's allowing any user to login without a password
<Blaenk> not just admin
<Blaenk> /but if I login with root I get all privileges
<Blaenk> fixed it :D
<kaushal> hi
<kaushal> when i rebooted Ubuntu Server 8.04 all the /tmp contents got cleared
<Nafallo> yes.
<kaushal> is there a way i can prevent it
<Jeeves_> chmod 000 /tmp :)
<Nafallo> /etc/init.d/bootmisc.sh:rm -f /tmp/.clean /var/run/.clean /var/lock/.clean
<Nafallo> /etc/init.d/mountall-bootclean.sh:	# Clean /tmp, /var/lock, /var/run
<kaushal> Nafallo, so comment it in that bash script
<kaushal> right
<Nafallo> however, if you put stuff you want to keep in /tmp you are probably doing it wrong.
<kaushal> Nafallo, yes
<kaushal> Thanks Nafallo
<Nafallo> nw
<kaushal> so if i comment it in those scripts it would prevent it from clearing the /tmp folders
<kaushal> right
<kaushal> is that what i understand you correctly
<Nafallo> which you shouldn't really, yes :-)
<Nafallo> actually... no.
<Nafallo> leave bootmisc
<Nafallo> /lib/init/bootclean.sh is probably right
<Nafallo> the clean_tmp() function
<Nafallo> evil, evil hack to do it that way though.
<Nafallo> remove it that is
<kaushal> Nafallo, I am running Ubuntu 8.04 Server
<Nafallo> yes. so?
<kaushal> I did find / -name "bootclean.sh" -print
<Nafallo> if you're putting persistant files in /tmp you're doing it wrong :-)
<kaushal> yeah i understand that
<kaushal> there are some application files which is in /tmp folder
<Jeeves_> kaushal: So fix the application
<Jeeves_> next upgrade, you change will probably be overwritten
<Jeeves_> and than, all your data are belong to /tmp
<kaushal> Nafallo, do i have to comment out the function clean_tmp()
<kaushal> in bootclean shell script
<Nafallo> kaushal: wouldn't know. I've told you were to look. I don't want to break your system further :-)
<Jeeves_> Nafallo: :)
<Jeeves_> kaushal: You're fixing symptoms, not the problem
<Jeeves_> why would you want to do that
<didrocks> jamie_: you didn't have too many things to change in my code?
<jdstrand> didrocks: your code seemed it would work fine, but basically wanted things in different places
<jdstrand> s/but/but I/
<didrocks> jdstrand: yeah, I saw it :)
<didrocks> well, glad it can helped a little :)
<jdstrand> didrocks: you helped a lot, thanks!
<jdstrand> :)
<didrocks> you're welcome :)
 * ScottK filed Bug 310599, so here's your chance to scream if you object.
<uvirtbot> Launchpad bug 310599 in ubuntu "Please sync mysql-dfsg-5.1 5.1.30-2 from Debian experimental (main)" [Medium,Confirmed] https://launchpad.net/bugs/310599
<agampher> hello, what is the best way (best practice) to keep Apache from starting automatically on boot?
<Deeps> invoke-rc.d apache[2] remove
<agampher> thanks
<zul> ScottK: have you got 5.1 to build on jaunty?
<ScottK> zul: Yes.
<ScottK> I test built it last night and it succeeded.
<zul> with the mysql-test suite?
<ScottK> There were test suite failures, but they didn't break the build.
<zul> got a log?
<ScottK> No.  I didn't think that far ahead.
<zul> can you send me a log?
<ScottK> No, since I haven't got one.
 * ScottK will toss it at a ppa.
<agampher> Deeps: ok, I can't seem to get that command to work correctly - invoke-rc.d: unknown initscript, /etc/init.d/apache2 not found.
<agampher> using update-rc.d apache2 remove also seems to fail
<ScottK> zul: It should appear here in due course: https://launchpad.net/~kitterman/+archive
<zul> ScottK: k thanks
<Deeps> urr, yeah, not invoke, update
<agampher> update throws this error:\
<agampher> update-rc.d: /etc/init.d/apache2 exists during rc.d purge (use -f to force)
<agampher> should i force it?
<Deeps> yea
<Deeps> it's warning you that the script still exists, are you sure you want to prevent it from starting automatically?
<agampher> thanks for your help, that worked
<Gargoyle> me waves - have a good xmas !
<ScottK> zul: Built on i386 and amd64 (lpia still in progress) so have fun with the build logs: https://launchpad.net/~kitterman/+archive
<LeeQ> I need help with sudo... not sure exactly what i did but now I can't do anything via sudo... says user is not in the sudoers file
<LeeQ> and that is my only user...
<LeeQ> how do I get prcledges back?
<leonel> LeeQ: boot in maintenance  and in the server console  fix the user
<LeeQ> how do I do that?
<leonel> LeeQ:  go to the server  and  in the server keyboard  press   CRTL-ALT-DEL   then the reboot process will be started
<leonel> at the grub prompt select  the    recovery mode
<leonel> that will leave you in a  root  shell
<leonel> there you can fix the user
<leonel> then
<LeeQ> ah, ok, then just add the user back to the admin group?
<leonel> just exit the shell and all will start as normal
<leonel> LeeQ:  I don't know what you did  ...
<leonel> LeeQ:  but you need to fix the user with sudo permissions
<LeeQ> I think I removed the user from the group inadvertantly
<SpaceBass> hey folks
<SpaceBass> i woke up this morning and out of the blue my 8.10 server can no long do user authentication against my OSX Server
<SpaceBass> nothing changed on either end - logs on the apple side don't show any authention errors...any ideas about troubleshooting from the ubuntu side?
<SpaceBass> getent passwd shows the directory users
<zicada> is it straight up samba ?
<SpaceBass> no samba involved
<zicada> gotta know what protocol we're talking about
<zicada> :)
<SpaceBass> ldap+kerberos
<zicada> oh
<zicada> out of the blue is always scary
<zicada> :D
<SpaceBass> exactly
<SpaceBass> no updates, no changes, nothing
<zicada> logically if you didnt do anything, someone or something else did
<zicada> so, might wanna start on that end
<zicada> things dont just happen, except full disks and such, or, well i know nothing of osx,- some sort of auto update feature ?
<SpaceBass> auto-updates are disabled
<SpaceBass> in this case, its easy to think of the osx server as a BSD box
<zicada> and nobody else has access to either box with enough privs ?
<SpaceBass> no
<SpaceBass> looking at the logs now
<SpaceBass> although I suppose if it was hacked then I won't see anything
<zicada> yeah, could be
<zicada> fraid i dont know enough about ldap
<SpaceBass> although I doubt that was the case...but could happen
<uvirtbot> New bug: #236640 in open-iscsi (main) "iSCSI install fails under hardy" [Undecided,New] https://launchpad.net/bugs/236640
<MatBoy> someone here ever used LVM on softraid during an install ?? I'm not able to find any docs about it
<Faust-C> MatBoy: what are you wanting to know
<SpaceBass> zicada, problem solved :D
 * SpaceBass wipes egg from his face
<zicada> ha, what was it ?
<zicada> you did something didnt you ? :D
<SpaceBass> no, lack of something
<SpaceBass> server out of HD space
<SpaceBass> lol
<zicada> haha
<zicada> i actually said that too
<zicada> even tho i didnt really think that was it
<SpaceBass> you did say that...i see that now
<sommer> zul: not sure if you saw my message this weekend, but I have updated ebox packages in my ppa
<MatBoy> Faust-C: how should I set it up ? make 2 raiddisks and set LVM on it ?
<Faust-C> the setting up is up to you
<Faust-C> and yes you make each disk a md and then lay LVM on top
<MatBoy> Faust-C: but each MD is fixed
<MatBoy> so it's not an advantage
<Faust-C> what do you mean each md is fixed
<Faust-C> a hdd (physical or raid) is fixed of course
<Faust-C> LVM deals w/ the file system(s) not the physical aspects of the storage medium
<zul> sommer: cool i didnt see it this weekend but send an email to remind to have a look
<MatBoy> Faust-C: ok, but when I have 2x 250GB in raid1 using softraid I can't put multiple LVM's on it ofcourse :S
<zul> sommer: it probably wont get done til after christmas though since today is my last day at work
<sommer> zul: no problem
<Faust-C> MatBoy: wow you just confused me
<Faust-C> my setup is 4 1Tb disks making 2 TB of usable space
<Faust-C> and multiple lvm volumes (around 8)
<Faust-C> and you dont make a huge ass LVM, you use what you need
<Faust-C> and use the correct file system (xfs doesnt shrink)
<MatBoy> Faust-C: weird, I can make a MD1 raid one, but no LVM on it
<MatBoy> :S
<Faust-C> you have to commit it
<MatBoy> let me look
<Faust-C> MatBoy: each hdd is a md dev
<Faust-C> md-1 and md0 (example)
<MatBoy> Faust-C: yep, have that here
<MatBoy> mhh
<MatBoy> how do you mean than ?
<MatBoy> I have 2 disks, I raid them
<MatBoy> raid1
<MatBoy> and than LVM on it ?
<Faust-C> yes
<MatBoy> weird, I thought the same, but was not possible
<Faust-C> cause you have to commit (write) the changes
<MatBoy> I'm no linux noob, but never used LVM :)
<MatBoy> yes and go back
<Faust-C> then reboot and it will 'see' it
<MatBoy> ok
<Faust-C> remember some things arent as dynamic as you would expect them to be
 * MatBoy is starting the installer
<MatBoy> yes, I had that idea too
<MatBoy> I know that when you lost all MD's you need to create MD and exit directly and everything is back
<MatBoy> example
<MatBoy> mhh, p5K really has a bad onboard nic
<MatBoy> Faust-C: mhh, why Faust ? :)
<Faust-C> what
<MatBoy> where ?
<Faust-C> when
<MatBoy> now ?
<Faust-C> no later
<genii> One of those Yukons ?
<RediXe> sudo chmod -R 2770 /projects/       Two members of the same group can read and write but if one member creates a directory even though the permissions say read write for the group 2nd group member can not read or write.
 * Faust-C uses ug+rwx
<RediXe> We will see if we can break it using that
<MatBoy> Faust-C: OK, I will stretch up than :
<MatBoy> Faust-C: seems to work now
<MatBoy> Faust-C: ever used encrypted LVM ? good performance ?
<Faust-C> not in production no
<Faust-C> too much of a risk
<Faust-C> ill encrypt backups but not the live system
<MatBoy> Faust-C: yes true indeed, my concern too
<Faust-C> hell which should i do first
<Faust-C> postfix or dovecot ?
<JuleTecki> Hi there, can anyone tell me why my /etc/networking/interfaces is read-only as root? 8.10 server
<Faust-C> you mean sudo
<JuleTecki> yeah
<MatBoy> Faust-C: postfix
<MatBoy> Faust-C: why do you want to use dovecot ?
<Faust-C> MatBoy: ty
<MatBoy> Faust-C: NP !
<Faust-C> MatBoy: im just trying to go by docs on website
<RediXe> Faust-C: We ran the ug+rw on the server and both client machines but again have a permission denied error.
<MatBoy> Faust-C: tyhere is a damn good howto on howtoforge
<Faust-C> MatBoy: link
<Faust-C> RediXe: did you restart smb and is smb properly configured?>
<MatBoy> Faust-C: right
<MatBoy> :P
<Delvien> Having a problem with SSH, pubkey auth failure, every other computer can connect to it just fine but when i connect to it from a certain one, it fails everytime (when no in a LAN)
<MatBoy> hehe some loser is explaning here that Windows ME is a previous release in front of XP...
<MatBoy> wtf
<MatBoy> :P
<Faust-C> Delvien: what does log files say
<RediXe> Faust-C: Not using smb - sshfs and git (using git at the moment for testing)
<Delvien> Faust-C: on the client or the hose?
<Delvien> host*
<Faust-C> Delvien: both
<Faust-C> RediXe: oic, what do logs say
<Delvien> Faust-C: where do i see the log :x
<Faust-C> Delvien: /var/log
<MatBoy> hehe, he now is seeing she has an old IE :P
<Faust-C> its amazing, out of all 5 of these ubuntu server books i have
<MatBoy> I doubt if IE7 runs on ME :P
<Faust-C> NONE have info on making mail server
<MatBoy> LOL
<MatBoy> Faust-C: /me is searching for you !!
<Delvien> Faust-C: there is no logfile for ssh in there
<Faust-C> MatBoy: ty
<RediXe> Faust-C: with git it is attempting to create a file and gets a permission denied unless we run the chmod -R 2770 (or ug+rw) ... not sure where a log would be as this is our first time playing with git
<Faust-C> Delvien: messages, auth and daemon logs
<MatBoy> Faust-C: this one is kinda nice for you http://ubuntuforums.org/showthread.php?t=97600
<Faust-C> RediXe: all logs should be /var/log
<RediXe> Faust-C: okay, I will take a look
<MatBoy> Faust-C: damn LVM is really layered :)
<Faust-C> MatBoy: yeah im trying to make it simple
<MatBoy> Faust-C: yeah, I used it to setup a system for... uhm, dunno anymore
<Faust-C> but enterprise lvl as wel
<MatBoy> Faust-C: doable using that howto
<MatBoy> Faust-C: or use qmail
<Faust-C> beb
<MatBoy> damn, why is this chick so hot every time
<MatBoy> http://images.lekkerding.com/cbhjnsdhgsfgh.jpg
<MatBoy> :D
<RediXe> Faust-C: Yes I see some logs but nothing descriptive enough to tell me to look it for errors. eg there is no git.log or anything of the sort
<Delvien> Faust-C: I dont see anything that is remotely close to SSH in auth or daemon *.log
<Delvien> It says this "Host key verification failed
<Delvien> but i connect from the same client inside the lan and it works fine
<JuleTecki> Hi there, can anyone tell me why my /etc/networking/interfaces is read-only (sudo) 8.10 server
<JuleTecki> i cant "touch test" in homedir either
<JuleTecki> all in "mount" are "rw"
<Faust-C> Delvien: does ssh allow outside connections not in lan
<Delvien> Faust-C: Yeah, i do it on my server, but on my desktop im not able to for some reason
<Faust-C> Delvien: get a new key
<Faust-C> see what happens
<LoveGuru> jmedina :)  wC!
<Delvien> Faust-C: Have, still doesnt do it
<Faust-C> Delvien: and the logs have no relevant errors
<Delvien> nope
<Delvien> when i try to connect, just host key verification failed
<Delvien> Only happens on the one client (my phone)
<Faust-C> Delvien: odd
<jmedina> LoveGuru: hi, what is "wC"?
<RediXe> user1 runs sudo chmod -R ug+rw /path/to/dir    run same command on server to it's proper directory and user2 does same for his directory.    User1 shows  user1:developers    server shows root:developers   user2 shows user2:developers     Everything works for a little bit until user1 has to make a change to a directory that user2 created then we have to run the sudo chmod -R ug+rw /path/to/dir all over again to get past a permission
<RediXe>  denied error.
<LoveGuru> jmedina: Welcome :) sorry for shortcut :\
<Faust-C> RediXe: start over
<RediXe> Faust-C: what do you mean by "start over" - like wipe the server and start over? or explain my error again in a different way?
<Faust-C> make a completely new directory
<Faust-C> and give it proper perms
<Faust-C> make sure the folder its in has proper perms as well
<Faust-C> if its in /srv/git make sure /srv has perms set
<RediXe> on the server it's:    /dir1 root:data   (all users are part of data group)   /dir1/a/   root:developers  (only developers are part of this group   /dir1/a/a/  root:developers   /dir1/a/a/a/  root:developers     /dir1/a/a/a/*   root:developers    I really don't want to set up another git repository if i can help it
<Tim__Reichhart> I need help on removing the RSA from my apache server can anybody help?
<Faust-C> RediXe: i dont think you should have root be owner
<Faust-C> considering there is no real root
<Faust-C> also i find that a sercurity risk imo
<Faust-C> but thats me
<RediXe> Well, then who should be the owner?
<Tim__Reichhart> I need help on removing the RSA from my apache server can anybody help?
<Faust-C> RediXe: someone in that group
<RediXe> Faust-C: is there a way to just change the owner and not owner:group? I want to keep the correct groups that it already has
<Faust-C> RediXe: just chown <username>:<whatevergroup>
<RediXe> Faust-C: nvm, chown user1 /dir
<RediXe> Faust-C: I don't want to have to re-assign all the groups to the sub directories :P
<RediXe> Faust-C: Okay, I set my user account as the owner of the directory
<Faust-C> RediXe: next time dont use root
<RediXe> Faust-C: I just went with what I saw :)
<RediXe> Faust-C: So, now that my user is the owner of the root directory and all sub directories is there anything else I need to change so that I don't have to keep running chmod all the time
<Faust-C> RediXe: well now ya know, ive had similar issues
<Faust-C> RediXe: like i said just make sure a normal user owns the top dir
<Faust-C> if it doesnt work start over, make a new dir and go from there
<RediXe> Faust-C: We will give it a shot but if I have to start over it will just be moving all the subdirectories into a temp dir. Deleting the top dir. Making it. Setting perms and then mv all the stuff back into it
<Faust-C> you will have to chown -R and possibly chmod -R all of it
<Faust-C> *maybe*
<MatBoy> mhh, 8.10 is really not better than 8.04
<Delvien> hmm, ive got hits on my firewall from Cheeseworm, when trying to connect from my ssh client. Is someone eavsdropping my connection?
<Faust-C> Delvien: sounds like time to use wireshark
<Delvien> What will that do for me?
<Faust-C> Delvien: i suggest you look into it
<Delvien> There are no interfaces on which a capture can be done
<Delvien> sigh, everything has to be so difficult
<MatBoy> why does 8.10 boots so bad ?
<Faust-C> Delvien: you have to be patient
<Delvien> Faust-C: Sorry, just been trying to fix this for 3 hours
<Faust-C> Delvien: np, i completely understand
<Delvien> Faust-C: figured out what the problem was, the application on my phone was holding an old RSA key.
<Faust-C> Delvien: see i thought so
<coolrazor> will procmail auto create folders in users' maildirs that I specify in .procmailrc?
<henkjan> coolrazor: yes it does
<coolrazor> Thank you.  I just got tasked with setting procmail on a production server and I've only done it twice at home :/
<LoveGuru> how can i check my system configuration ?
<foxytheold> maybe apt-get check will do what u require
<Faust-C> i swear i might get spammed for that email but oh well
<Faust-C> im tired of ppl writing half a** books, charging money and then leaving the end user broke
<tsrk> I have sendmail running to handle php mail() requests but I don't have a FQDN.  In the past I've configured it so that it is tricked into thinking the hostname is the FQDN using the hosts file, but I forgot how to do that.  Does anyone here know how?
<jmedina> tsrk: add an entry to your /etc/hosts file, something like:
<jmedina> 192.168.1.1 mail.domain.tld  mail
<Swiateckix> can anyone tell me what goes wrong here? http://www.swiatechs.com/dmesg.txt
<Kevin__> Hi, I just setup ProFTPD on my Ubuntu web server and am getting permission denied errors every time I try and edit a file from a remote machine. Any ideas?
<Faust-C> Kevin__: edit how?
<Kevin__> via FTP
<Faust-C> like conf files
<Kevin__> no, it is my /var/www/
<Faust-C> Kevin__: are you in www-data group
<Faust-C> and i would use /srv/www (just my opinion)
<Kevin__> I'm not quite sure, any way I can find out?
<Kevin__> ... regarding the www-data group
<Faust-C> groups username
<Faust-C> username being your username
<Kevin__> The server is logged in under my only account and I am logging into FTP via the same account
<Kevin__> also, this is probably an important part -> I can't edit the files without sudo'ing in on the actual machine
<Faust-C> Kevin__: .... is your user in www-data group
<Faust-C> you need to ssh into machine and do 'groups kevin'
<Faust-C> if you arent add yourself to group and make sure the folder has rw permission for group
<Kevin__> ah got it
<Kevin__> one sec
<Kevin__> It is outputting "kevin adm cdrom plugdev lpadmin netdev admin sambashare"
<Kevin__> Faust-C: What is the command I should run to move myself into the www data group?
<Faust-C> Kevin__: to avoid messing you up, man usermod
<Faust-C> usermod -g kevin -G admn cdrom plugdev lpadmin netdev admin sambashare www-data kevin
<Faust-C> READ before you do that
<Kevin__> run "man usermod" and then do that whole string?
<Faust-C> yes
<Faust-C> how does one install a local deb pkg and have it resolve deps as well
<Faust-C> dpkg -i <file> spits unresolved deps but i want them to be pulled in w/ i install the pkg
<Kevin__> Faust-C: When I open up man usermod, I can't type unless I type a few random characters to get the "Log file" prompt to come up at the bottom of the screen. I entered the command and am getting "Cannot write to "<string here>""
<Faust-C> Kevin__: .... you use the arrow keys to move around
<Faust-C> i suggest you read a lil moe
<Faust-C> more*
<Kevin__> alright, I'm just a little bit confused. Is there a way I can easily add my user to the www-data group or not
<foxytheold> i would just ssh into the box and sudo to root then edit the files with vi
<Faust-C> foxytheold: thats not sound advice for a novice user
<Kevin__> the problem is that I have to allow others to FTP into it and they are even less savvy then me
<Kevin__> can I just do sudo adduser kevin www-data??
<Faust-C> Kevin__: that right there is why you need to read
<Faust-C> i gave you the cmd and man page to read
<Kevin__> Faust-C: I'm new to the terminal (and Linux all together) and I really just don't understand what that page is even telling me. I really appreciate the help though, don't get the feeling that I don't!
<foxytheold> Kevin read this http://www.cyberciti.biz/faq/howto-linux-add-user-to-group/  you might find it usefull
<Faust-C> Kevin__: lol i understand
<Faust-C> the wiki is a great place to start
<Faust-C> you want to be careful how you approach problems, could lead you more pain that you want
<Kevin__> by the way, I read online that the files have to be owned by www-data for them to work.. is it okay if they are owned by kevin?
<foxytheold> i found howtoforge to have good guides on server setup's enough to give you a good start for sure
<Faust-C> owned is fine, just as long as group is www-data
<Kevin__> is www-data considered a primary or secondary group.. and how can you tell/
<Kevin__> Before I break anything, will the command # usermod -a -G www-data kevin work?
<foxytheold> it should do
<foxytheold> do a id kevin to see your current groups
<Kevin__> yeah, it added me to the group
<Kevin__> thanks a ton
<Kevin__> one last question - the group on my www folder is "kevin" and www-data isn't an option for me to choose from.
<foxytheold> usergroup -g www-data kevin would probs of been the best way to do what u needed , but i could be wrong
<hads> adduser $USER $GROUP
<Kevin__> wow, it worked. Thanks again guys, I really appreciate it
<Faust-C> foxytheold: his other groups will be gone w/ that cmd
<foxytheold> arrrg! just lost me screen .. loool tpping to many keys at once.. oh well
<foxytheold> tapping even
<Swiateckix> Hi, can anyone see why my boot stops: http://www.swiatechs.com/dmesg.txt
<eolo999> hi, someone has ever used RedHat Spacewalk and can share impressions?
<Faust-C> eolo999: it doesnt work on ubuntu (yet)
<eolo999> i know
<Faust-C> Swiateckix: try testing mem or disabling acpi
<Faust-C> you dont have some odd device in there do ya
<Faust-C> eolo999: i would ask in #centos
<eolo999> i was just curious to hear impressions
<Swiateckix> Faust-C: how do i disable acpi? :)
<eolo999> the underlaying lib is the same of ubuntu kvm-jeos
<Faust-C> Swiateckix: that is something the mighty google will have to answer
<Faust-C> eolo999: idk i looked at it and it seems pretty nice
<Swiateckix> Faust-C: i have a Gigabyte GA-G31M-S2L  ( http://www.linuxhcl.org/browse/product+gigabyte-ga-g31m-s2l?id=6523 ) + a SATA disk, and a dvd drive.. thats it
<Faust-C> supposedly ebox is to be on par w/ it but i dont like ebox all that much
<Faust-C> Swiateckix: could be some piece of hw going out
<Swiateckix> going out?
<Swiateckix> as in failing?
<eolo999> i have to choose a platform tu build some services on and i found spacewalk which i didn't know before... but i would prefer remaining on ubuntu ;)
<Faust-C> Swiateckix: yes
<Faust-C> eolo999: well imo they all add un-needed pkgs
<Faust-C> so they can make a stable system unstable
<Faust-C> but thats my opinion
<Faust-C> i hope to create something similar to NRPE
<Swiateckix> well its a brand new MB, and well the disk and dvd-drive aren't to old.. but it could be
<Faust-C> or whatever nagios calls it
<Faust-C> Swiateckix: test mem and disk
<eolo999> Faust-C: Thx
<Swiateckix> i will try
<eolo999> I'd really like to find a viable way to rapidly deploy and administer a modest range of machines
<eolo999> *virtual
 * eolo999 google for NRPE
<Faust-C> eolo999: what are you using for VM
<Faust-C> i use esx and manually install each VM atm, takes no more than 10-15 mins actually less
<eolo999> now i'm trying xen on 8.04 but it's not a definitive choice... we're just testing
<foxytheold> cant u make one vm then clone it,, just a though , never tried it myself
<Faust-C> vanilla xen has no decent management tools
<Faust-C> foxytheold: yeah but its not that simple
<Faust-C> eolo999: i would suggest looking into how suse does it
<foxytheold> why as long as you dont setup the network setting in the vm to b cloned..
<Faust-C> i forgot what its called but it uses a xml file to store settings and installs w/o user input
<Faust-C> foxytheold: there is more to it than that
 * Faust-C tries to remember wth its called about some "UUID" for the VM, idk if linux suffers from this
<foxytheold> there probs is but that has to be the route for quote "a faster deployment"
<eolo999> the nice thing about spacewalk is that it goes from kickstarting to configuring (cfengine/puppet) and updating packages... that's why i asked for it..
<Faust-C> eolo999: yeah i completely understand
<Faust-C> i plan on makng my own app for administration
<Faust-C> or at least presenting it to someone
<eolo999> if you go ahead...i'm in...at my office asked me to write 'a bunch of scripts' to do it!
<Faust-C> eolo999: heh yeah im wanting to use python for the lang
<Faust-C> a node/hub senerio
<eolo999> Faust-C: really let me know if you open a public project..
<Faust-C> eolo999: PM
<Swiateckix> Faust-C: im performing a memtest now
<Swiateckix> the ACPI disable seems to have removed some debug information, but there still is a problemt
#ubuntu-server 2008-12-23
<eolo999> other topic that annoys me is preseeding... compared to kickstart it seems a mess....
<eolo999> thanks to all.
<Swiateckix> Can anyone find the error http://www.swiatechs.com/dmesg2.txt ? :)
<ad|rig> install issue: after a botched Knoppix HD install, I decided to install Ubuntu as a server...now, I am at the Ubuntu install disk format where it has been at 100% for at least 45 minutes now
<twb> On my Debian servers, I can cherry-pick safely from stable+1 adding the following line to /etc/apt/apt.conf:
<twb> APT::Default-Release "testing";
<twb> Ubuntu doesn't have stable/testing/unstable aliases.  Will this DTRT if I set it to "hardy" ?
<twb> Hmm, http://elliotli.blogspot.com/2008/11/dont-use-aptdefault-release-in-ubuntu.html
<uvirtbot> New bug: #310845 in php5 (main) "php5 serialize() function corrupt strings" [Undecided,New] https://launchpad.net/bugs/310845
<Gargoyle> mornin'
<eolo999> hi, i'm trying to create a preseed config file but i'd like to use apt-cacher-ng to serve packages...someone can give me an example config?
<eolo999> i use an 'ubuntu-minimal' CdRom so I download all the packages from the network and apt-cacher is a must...
<_ruben> if apt-cacher-ng publishes its cache using nfs/http/ftp then you can point to its url in the preseed file just fine
<_ruben> never used such methods though, got my own full local mirror (full, as in all the archs/dists i need)
<eolo999> _ruben: so d-i mirror/http/proxy string 192.168.1.10:3142 should be enough?
<Celephais> Hi, how can i decide which name assign to network interface?
<Gargoyle> Celephais: Start with eth0 and count upwards
<Celephais> Gargoyle, sorry for my poor english, i mean how can i decide which net interface is eth0, which is eth1, ecc
<Gargoyle> Celephais: You mean physically?
<Celephais> Gargoyle, yes, as an example i hace a 3com 100Mbit which now is eth1, put i want to nome it eth0
<maswan> Celephais: /etc/iftab perhaps?
<Celephais> maswan, the file doesnt exists
<Celephais> ops sorry fro grammatical error
<Celephais> for
<Celephais> i mean i have a 3com 100Mbit which is eth1 and i want to name it eth0
<maswan> ah, iftab used to be how you did it. these days it is some kind of arcane stuff in /etc/udev/rules.d/70-persistent-net.rules
<Celephais> ok thanks
<Faust-C> morning
<ghaleb_> hello, I'm trying to configure libnss-ldap to authenticate via ldap, I apt-get install libnss-ldap but can't find /etc/libnss-ldap.conf !!
<Faust-C> ghaleb_: probably have to manually create it
<Faust-C> ghaleb_: if in doubt do 'dpkg -L <pkg name> | more' and look for it
<ghaleb_> Faust-C, thanks
<Faust-C> yw
<ghaleb_> Faust-C, it's not listed
<Faust-C> ghaleb_: looks like youll have to manually configure it
<ghaleb_> Faust-C, aha .. thanks very much .. I will look for template
<ghaleb_> example*
<Faust-C> heh yw, and good luck
<ghaleb_> Faust-C, is it that simple!! http://home.subnet.at/~max/ldap/libnss-ldap.conf_no-ssl
<Faust-C> ghaleb_: yeah but idk if i would not use ssl for ldap
<Faust-C> but thats just me
<ghaleb_> yeah .. I don't want ssl for now
<Faust-C> well then go for it!
<ghaleb_> okay thanks again
<mhz> moin all
<mhz> I have been googling around for a couple of minutes (about 15 minutes) and still can't find good info.
<mhz> I need to install ubuntu server on a Itanium 64 bit box
<mhz> I am not sure just about which flavour to download
<mhz> 64-bit specific
<mhz> generic x86
<mhz> this will be not a testing server but a stable one
<mhz> for production purposes
<mhz> Any hints?
<mhz> (things I should know about, risks, pros, cons, etc)
<geekboxjockey> Howdy
<geekboxjockey> I am having an issue with Ubuntu 8.04 domUs running on an 8.04 dom0 in Xen, does anyone have experience in this department?
<Faust-C> geekboxjockey: you have to be more verbose on your problem
<ghaleb_> Faust-C, it's not working, i tried smbldap-usershow <user> it showed, but using 'id <user>' it's not working,  I guess something wrong in nsswitch
<geekboxjockey> Ok, well I am experiencing locked file issues on group and password files when I try adduser as root on a new domU
<geekboxjockey> IE I go to add a user and I cant, sometimes rebooting the VM fixes it but its a consistent problem on new VMs
<agampher> alright, so... ive done the hands-on thing with a bunch of different linux distros. ive got somewhat of a grasp on linux and the file structure, how it works, etc. if i wanted to really start delving into how linux works (processes, security, networking, etc), what resource would you consider the best?
<agampher> books, sites, whatever, doesnt matter
<geekboxjockey> gentoo
<geekboxjockey> and setup a toy server and learn to admin that
<geekboxjockey> filesharing etc
<jmarsden> agampher: http://tldp.org/HOWTO/Reading-List-HOWTO/
<agampher> jmarsden: thanks, just what i was looking for. most of the books on that list are fairly old, no issues in that regard?
<jmarsden> Not really; maybe in security, but I'm not sure what else I'd recommend.  Check for newer editions for some of the books... these combined with google are a very solid background IMO.
<uvirtbot> New bug: #310941 in samba (main) "Samba crash, no /etc/samba directory, happened without reason, all of sudden, purge / reinstall doesnt work" [Undecided,New] https://launchpad.net/bugs/310941
<jmarsden> The book on the kernel is probably too old now, since I think it deal with 2.4.
<agampher> jmarsden: ok, thanks. sometimes googling linux terms is a bit overwhelming :)
<jmarsden> Understood.  Running Linux and the online guides in the HOWTO should help you quite a bit with that.
<yann2> is there any supported tool that allows to create a local apt repository?
<yann2> ie an apt-proxy like that would be in main?
<agampher> jmarsden: thanks again
<jmarsden> No problem
<jmarsden> yann2: apt-proxy is in Universe and therefore supported by the MOTUs .. why shun Universe?
<yann2> jmarsden > I reporte thjis this morning.. https://bugs.launchpad.net/ubuntu/+source/apt-mirror/+bug/310861 .. shouldnt have happened really :/
<uvirtbot> Launchpad bug 310861 in apt-mirror "APT-proxy fails on single download error" [Undecided,New]
<jmarsden> yann2: OK, so the issue is not supportedness, but one particular issue; I'd say fix apt-proxy or wait for others to look at the bug report and (hopefully) fix it, if you are unable to do that.  apt-proxy is in Python and is fairly small, so it is probably relatively accessible/readable code.
<yann2> jmarsden > so basically I got an apache support case open, but am running an old version of apache for hardy... because I am affected by a bug in a universe package on a separate vm
<yann2> jmarsden > well I've had people investigating a bug which in the end may not have been soved because of a bug in universe, on a different server... i would feel better if that error would have come from main :P
<yann2> jmarsden > but surely there is something in main that does the same? I mean, its quite a small tool, and probably widely used in enterprise
<jmarsden> I think that's not a helpful distinction to make; if you don't trust Universe to be usable, Ubuntu as a whole is IMO pretty limited.  I doubt there would be something in main that does that, but I don't have encyclopediac knowledge of main :)
<yann2> jmarsden > I am a ubuntu support customer.. I don't want to drop it off completely :) what I need should be in main or have an alternative in main (if I understand the idea correctly)
<jmarsden> Then maybe ask Canonical what they recommend for this task?
<yann2> yes I thought I would ask here first :P
<jmarsden> Here I think most people use Universe when it has what they need in it...?  apt-cache search proxy    might reveal something you can use?
<zicada> greg kroa hartman demands to inform the world that cannical does not give back to the community in that google techtalk on the kernel
<zicada> sort of a letdown honestly
<zicada> mayhap things have changed since then tho, havent seen any stats
<uvirtbot> New bug: #305264 in openldap "gnutls regression: failure in certificate chain validation" [Undecided,Confirmed] https://launchpad.net/bugs/305264
<jdstrand> uvirtbot: that is hardly new...
<uvirtbot> jdstrand: Error: "that" is not a valid command.
<jdstrand> uvirtbot: :P
<uvirtbot> jdstrand: Error: ":P" is not a valid command.
<famio> someone with experience mounting samba shares from active directory? i'm having problems regarding uids/gids mapping
<agampher> quick question... any caveats with using likewise open? its in the ubuntu server documentation and seems super easy to use.
<agampher> like, i joined the domain and authenticated in like 2 minutes
<agampher> and mounted a share
<uvirtbot> New bug: #311005 in samba (main) "package samba 2:3.2.3-1ubuntu3.3 failed to install/upgrade: subprocess post-installation script returned error exit status 102" [Undecided,New] https://launchpad.net/bugs/311005
<frippz> has anyone else experienced a similar problem to this one (http://pastebin.com/m11e37b8f) when you're trying to create a vm using vmbuilder?
<frippz> I'm not really sure what the problem is...
<donspaulding> I've just taken the hard drives out of a server that was running 8.10 and put them into an identical machine.  Everything booted up fine but it says it doesn't recognize eth0.
<donspaulding> is there some script I can run to redetect all the hardware?
<jmedina_grinch> donspaulding: look at your /etc/udev/rules.d/70-persistent-net
<jmedina_grinch> and remove the previous entry from the old adapter
<jmedina_grinch> and restart
<donspaulding> jmedina_grinch: thanks.  would there be other udev files I'd need to remove?  or is this typically just an issue with ethernet?
<jmedina_grinch> only that
<jmedina_grinch> yesterday I changed my hard disck
<jmedina_grinch> only removed the line and restarted, and everything is normal
<donspaulding> jmedina_grinch: ok, thanks.
<jmedina_grinch> is the third time I change the HD
<frippz> no one who knows why this is happening? http://pastebin.com/m11e37b8f
<frippz> or if someone might be able to help me decipher the error :)
<Faust-C_> is this correct
<Faust-C_> sec
<Faust-C> find . -type file -iname "*.jpg" -exec scp <im lost right here> {} \; -print
<Faust-C> i want to find all the jpg's then scp or mv them somewhere else
<Faust-C> find . -name "*.jpg" -exec mv {} ../../itdata/lastchance \; -print
<Faust-C> maybe that will work
<N6REJ> hey guys i got a question... i'm trying to upload a svn to my lan server from my vista box directly onto /var/www even though i told samba to share it its not letting me do that
<jmedina> N6REJ: and how did you tell that to samba?
<agampher> lots of yelling and shaking of fists
<N6REJ> through smb.conf
<N6REJ> lol yeah really
<N6REJ> told it to make it a guest ok directory
<jmedina> and the share block is like?
<agampher> vista doesnt really play well with my samba install either
<N6REJ> jmedina: want me to pastebin it or paste it here?
<jmedina> N6REJ: if you want
<N6REJ> [apache]
<N6REJ> path = /var/www/
<N6REJ> browseable = yes
<N6REJ> read only = no
<N6REJ> guest ok = yes
<N6REJ> create mask = 0775
<N6REJ> directory mask = 0755
<jmedina> but one thing, I never used vista
<jmedina> and what about the /var/www permissions?
<N6REJ> vista can see it and read
<jmedina> samba can't override File system control access
<N6REJ> drwxrwsr-x
<jmedina> N6REJ: ls -ld /var/www
<jmedina> I guess you are connecting as guest (without password)
<N6REJ> yeah
<jmedina> well the guess (nobody) can't write in /var/www/
<N6REJ> and the user troy can't write in that folder eirther
<N6REJ> idk how to change it though
<N6REJ> least not properly
<jmedina> when you give guest ok access to a share, samba maps the guest account to nobody by default
<N6REJ> jmedina: i told it to use troy as the guest account
<agampher> for me, vista put the domain/workgroup in no matter what
<N6REJ> agampher: yeah same there
<N6REJ> here
<N6REJ> well domain anyway
<jmedina> N6REJ: well you can change the access mod to the dir /var/www
<N6REJ> not workgroup
<N6REJ> jmedina: how?
<agampher> vista just doesnt play well with samba, i believe i had to use webmin to navigate the samba configuration to get my head around it, i think i finally got it to work, but it was a pain
<N6REJ> agampher: was easy for me.. took my drives with no problem what so ever... this is first time i've had an issue
<N6REJ> anything in /home i can share easily
<N6REJ> don't matter if its  my mac, vista, xp *nix they all play nice together
<agampher> how did you get vista to stop with the workgroup/domain nonsense?
<N6REJ> got 6 shared folders right now
<agampher> for the other shares
<N6REJ> oh let me post my conf
<agampher> pastebin if you will
<agampher> that way i can just copy the whole of it :)
<JuleTecki> Hi th/j qemu
<N6REJ> agampher: http://pastebin.ca/1292665
<agampher> N6REJ: thanks man
<N6REJ> agampher: np
<N6REJ> works fantastic
<N6REJ> i even access my srever via hallhome.lan :D
<agampher> never could get vista to play nice
<agampher> all purdy and everything, were you planning on distributing this? ;)
<N6REJ> lol no, but ny network is stealthed so hopefully it wont' be too bad lol
<N6REJ> forgot about the date
<N6REJ> till i hit send
<N6REJ> oh sweet! i can delete the post :D
<jmedina> for those who have problems with samba and vista take a look
<jmedina> http://www.wikipeando.com/index.php/archives/183
<N6REJ> all gone :D
<jmedina> there are some configs
<agampher> jmedina: thanks
<agampher> or should i say: gracias
<jmedina> in english:
<jmedina> http://www.builderau.com.au/blogs/codemonkeybusiness/viewblogpost.htm?p=339270746
<jmedina> :D
<agampher> haha
<akaritakai> Does anyone have any experience w/ samba on Ubuntu server?
<agampher> akaritakai: welcome to the conversation, we were just talking about it
<akaritakai> o_O
<akaritakai> How likely is that? o_O
<agampher> :)
<agampher> http://www.builderau.com.au/blogs/codemonkeybusiness/viewblogpost.htm?p=339270746
<agampher> was just posted
<agampher> i apologize if you already have that link, i have entry/exit notifications suppressed
<akaritakai> Oh, God...I thought I was just missing something simple...
<N6REJ> lol
<N6REJ> akaritakai: actually it was
<akaritakai> I meant on the Linux end :P
<N6REJ> no seriously i forget how i set it up
<agampher> haha
<N6REJ> but it was quite simple
<N6REJ> agampher: anyway whats the problem?
<N6REJ> ah akaritakai i meant
<N6REJ> lol
<N6REJ> sorry
<agampher> i was trying to think of one
<agampher> i have to work late
<N6REJ> jmedina: can you tell me how to change the permissions to the proper level like you said?
<N6REJ> agampher: lol
<N6REJ> i'm logging soon my new pc just arrived :D MERRY XMAS TO ME
<jmedina> N6REJ: chgrp troy /var/www/
<N6REJ> jmedina: won't that mean troy won't own /home/troy anymore?
<jmedina> N6REJ: nop
<jmedina> chgrp change the group ownership to /var/www
<N6REJ> AH!
<N6REJ> kk
<N6REJ> SWEET!
<N6REJ> jmedina: u rock :D
<N6REJ> jmedina: you do any dev work?
<N6REJ> wahooooooooo its working now :D
<N6REJ> svn checkout of j! underway :D
<JuleTecki> Hi there, any one know why i cant shutdown virtual machines(qemu)? i can pause them and halt then if i logon to them, but not through virsh
<jmedina> N6REJ: nop, I do admin
<N6REJ> jmedina: ok np, i figured it out anyway :D thanks for your help
<N6REJ> ciao
#ubuntu-server 2008-12-24
<y0315219> what should i do if i want to add "show the desktop"ico to AWN ?
<jmedina> awn?
<jmedina> me prefers to use Ctrl+alt+d
<y0315219> oh...
<y0315219> of course , i can use c+a+d
<y0315219> and i want to add a launcher point to a location , but it didn't work
 * ScottK notes /topic and suggest this probably isn't the best channel for this.
<belzoradon> would anyone be able to look at my bind configs and tell me what ive done that would make bind fail?
<alex_21> What is the command to run after installing Ebox? Please
<ghaleb_> hello, I'm trying to use LDAP for authentication,  I get results from ldapsearch -x,   libnss-ldap.conf , ldap.conf and  nsswitch.conf configured this way:   http://rafb.net/p/m0iGQZ77.html
<Mal3ko> anyone still up?
<Mal3ko> does anyone know if a server with 8gb ram needs a 64bit os to fully utilize that amount of memory?
<Deeps> you can use PAE extentions to access anything above 4gb
<Deeps> however no process will be able to allocate more than 4gb
<Mal3ko> that involves recompiling kernel?
<Deeps> i believe PAE options are enabled in the stock kernel
<Deeps> # grep PAE /boot/config-2.6.24-21-server
<Deeps> CONFIG_X86_PAE=y
<Deeps> tis on mine
<Mal3ko> yea it's also CONFIG_X86_PAE=y here
<Deeps> should be all set then
<uvirtbot> New bug: #311152 in samba (main) "Segfault when trying to use ldapsam:trusted=yes option" [Undecided,New] https://launchpad.net/bugs/311152
<AshTray-> Hi guys. I have a little question. After I install and configure postfix, and install for example squirrelmail. Do I have anything else to do ?
<_ruben> sit back and watch the spam arrive
<AshTray-> I wasn't talking about that.
<Chipzz> read the documentation? :>
<Chipzz> which would have told you you need an imap server like courier or dovecot :P
<AshTray-> The squirrelmail in the repos is good ?
<AshTray-> Or do i have to install it manualy from the official website ?
<AshTray-> ERROR: Connection dropped by IMAP server.
<AshTray-> I've installed dovecot...
<zicada> repo one is good
<AshTray-> Ok.
<AshTray-> I've made it... i wanted to send a mail.
<AshTray-> <neardeathexp@yahoo.com>: connect to g.mx.mail.yahoo.com[209.191.118.103]:25:
<AshTray->     Connection timed out
<AshTray-> Undelivered Mail Returned to Sender :|
<zicada> your isp blocks port 25 out i bet
<zicada> its fairly common lately
<zicada> means you have to use your ISPs MX
<AshTray-> Mhzzz.... i think it's from my router...
<zicada> you using postfix ?
<zicada> dpkg-reconfigure postfix
<zicada> and set up your ISPs smtp
<zicada> so it sends via that, instead of acting as its own smtp
<zicada> you likely have a login/pass for it
<zicada> and another port
<zicada> either ssl or some random number
<AshTray-> I've send myself an e-mail and it worked...
<zicada> yea thats internal
<_ruben> or yahoo blocks your dynamic ip address
<zicada> they arent sent out
<zicada> _ruben: it was google
<zicada> oh wait, yahoo sorry
<zicada> they dont block on the network level like that i think
<zicada> easy to find out tho
<zicada> just try to telnet to an smtp that listens on 25
<zicada> $10 says it'll fail
<AshTray-> telnet blt.ath.cx 25
<AshTray-> Do you guys see it ?
<zicada> nope
<zicada> try telnet www.alandfaraway.org 25
<zicada> if that doesnt work, ISP blocks
<AshTray-> Trying...
<AshTray-> And trying...
<AshTray-> I got to make a phonecall.
<zicada> just dpkg-recondigure postfix
<zicada> your isp wont unblock
<zicada> why run a smtp from a homenetwork anyway
<zicada> better to use your ISPs box for that
<AshTray-> I'll ask them.
<zicada> trust me, they wont
<zicada> the callcenter youre getting wont even have the tools for that
<zicada> its blocked on a central office somewhere, by people much higher up
<zicada> get the portnumber they use tho
<AshTray-> Nobody is answering...
<zicada> usually very little action in callcenters on xmas eve
<zicada> odd
<AshTray-> If I change the port of SMTP ?
<AshTray-> From 25 to another ?
<zicada> AshTray-: yeah
<zicada> AshTray-: but its easier to just act like an smtp proxy
<zicada> and just fwd all smtp to your ISPs smtp box
<zicada> on its port
<zicada> all you need is pop/imap right ?
<AshTray-> Yeah
<zicada> youre not gonna use the box as an smtp from other machines outside your net right ?
<zicada> so
<zicada> dpkg-reconfigure postfix
<zicada> and type in your ISPs smtp, and login/pass/port
<zicada> and youre golden
<AshTray-> Except the fact I don't have an e-mail from my ISP :)
<AshTray-> Can i use gmail? :))
<zicada> doesnt matter likely
<zicada> try telneting to your ISPs smtp box
<zicada> might not even require auth
<zicada> since your in their network
<AshTray-> I don't have a clue how my ISP smtp server is called :|
<zicada> yeah, you can use google, but they likely dont have an open port outside 25 that isnt ssl
<zicada> type 'dig MX your-isp-hostname.tld'
<AshTray-> 220 smtp.rdslink.ro ESMTP
<zicada> yup
<AshTray-> RDS is my ISP...
<zicada> could you access it on port 25 ?
<zicada> they might allow that, since youre in their net
<AshTray-> I can access it.
<zicada> ok
<zicada> apt-get install nmap
<zicada> nmap smtp.rdslink.ro -P0
<_ruben> check the docs made available to you by your isp on how to configure your email client .. those tell you which in/outbound servers to use
<AshTray-> Starting Nmap 4.62 ( http://nmap.org ) at 2008-12-24 16:09 EST
<AshTray-> My isp is crap ;)
<AshTray-> The don't give you shit.
<zicada> P0 takes a while
<zicada> itll give you a port
<AshTray-> I see.
<zicada> 587 is fairly common i think
<AshTray-> I hope it's not password protected...
<zicada> nmap scans every port
<zicada> and prints the open ones
<_ruben> it doesnt (by default)
<_ruben> it scans the most common ones
<_ruben> by default
<zicada> yeah <1024
<_ruben> no
<_ruben> also >1024
<zicada> oh yeah ?
<zicada> doubt an ISP will pick a >1024 for smtp tho
<zicada> when blocking 25
<_ruben> i doubt they use another port than 25 (except 465 which is ssl enabled smtp) .. they most likely just filter all port 25 traffic *except* the traffic to/from their own (monitored) mail server(s)
<zicada> _ruben: its not uncommon to block 25
<zicada> for private ISPs
<zicada> we already know his ISP does that
<zicada> and he tried to telnet his own ISPs smtp on that port
<zicada> so they block for internal boxes too
<zicada> hence, he needs to find the real port
<AshTray-> A... i think i have a problem here. I found in my contract an e-mail account. It's @rdslink.ro with username and password. I tried to login and it didn't work...
<zicada> whats the smtp and port ?
<AshTray-> Not written...
<zicada> hehe
<_ruben> zicada: the external inbound mail servers isnt necesarily the same as the internal outbound mail server
<zicada> really ?
<_ruben> perhaps its webmail only
<zicada> _ruben: i know, we did dig MX and got smtp.ispname.tld
<zicada> pretty likely thats the smtp
<zicada> every ISP provides an SMTP obv
<_ruben> zicada: thats the external inbound mail server
<_ruben> which hardly ever is the same as the internal outbound mail server which is to be used by subscribers
<zicada> INBOUND ?
<_ruben> mx records are for inbound mail traffic, not outbound
<zicada> its an smtp server
<zicada> logically from the hostname, its the one to use
<_ruben> it *could* be, but not necesarily
<zicada> true, not necessarily
<zicada> but, pretty good odds
<_ruben> only with small isps, larger ones seperate inbound and outbound over several server(farm)s
<zicada> not necessarily
<zicada> loadbalancing smtp.hostname.tld
<zicada> is not that uncommon
<AshTray-> wizard@metro:~$ telnet www.alandfaraway.org 25
<AshTray-> Trying 85.165.170.15...
<AshTray-> Connected to www.alandfaraway.org.
<AshTray-> Escape character is '^]'.
<AshTray-> 220 zic.darktech.org ESMTP Postfix (Ubuntu)
<zicada> ah
<AshTray-> Same ISP, different account type...
<zicada> you had blocked 25 locally huh
<AshTray-> It's another box.
<zicada> yeah, so the first box blocks 25 out
<AshTray-> No. It's on the same ISP, but my box it's on dynamic ip and that one has a static IP
<AshTray-> For blt i pay 9 euros, for metro i pay 25 :)
<_ruben> so still, there's to find out which outbound mail server you can use (as provided by your isp), which possibly might be none, as in no mail or just webmail only
<zicada> ah
<zicada> so put the box on static
<zicada> obv ips you get dealt from their dhcp are blocked at 25
<AshTray-> Can't afoard :|
<zicada> ok
<zicada> then you need to find their smtp and port
<zicada> :S
<AshTray-> Damn bastards
<zicada> call them again
<zicada> demand smtp and port
<zicada> :D
<_ruben> or search the help section on their website
<zicada> yeah
<AshTray-> I found on their website another smtp server... smtp.rdsmail.ro
<zicada> thats the same one
<zicada> oh
<zicada> rdsmail
<AshTray-> And a phone number....
<zicada> see if you can connect to 25 on that from the dhcpd box
<AshTray-> Noap
<AshTray-> Only the rdslink works.
<zicada> then yer fucked :D
<zicada> oh
<zicada> you can connect to 25 on that ?
<zicada> from then nonstatic one
<zicada> all you really need is to connect to any smtp that allows you to send
<zicada> either by being inside their net, or by auth
<zicada> the smtp.rdsmail.ro one doesnt have anything
<zicada> just 25
<zicada> for smtp
<AshTray-> Oh god...
<AshTray-> What and idiot
<zicada> ?
<AshTray-> He told me to login on my webmail account, and click somwhere to apply for a 25 port unblock
<zicada> really ?
<AshTray-> Yeah
<zicada> you can toggle 25block from your webmail interface ?
<zicada> neat
<Fenix|work> Greetings
<AshTray-> LOL
<AshTray-> If I login :)) It smashes in my face "UMBLOCK SMTP"
<AshTray-> UNBLOCK
<zicada> doh
<zicada> never heard of an ISP that did it like that tho
<zicada> why block 25 when you can just do that
<zicada> odd
<zicada> i guess they figure the njubs who are stupid enough to get horrible malware that spams port 25 arent clever enough to log into webmail
<AshTray-> They is it's not necesarly to umblock the 25 port. I can use smtp.rdslink.ro
<zicada> :D
<zicada> ah, figured
<AshTray-> And they also say I have to give them a good motiv to umblock that port :)))))))))))
<AshTray-> unblock*
<Fenix|work> zicada, AshTray- my home ISP blocks all port 25 connections to any mail server execpt their own...
<AshTray-> Interesting ports on smtp.rdslink.ro (193.231.236.97):
<AshTray-> 25/tcp open  smtp
<Fenix|work> ... I asked them 'why?' and their response was malware that tries to mass-mail with their own SMTP engines
<Fenix|work> which is like... sooooo 90's :)
<AshTray-> Anyway what's the point of mass-mailing ? Anyway most of the people don't read that shit....
<AshTray-> Works now! :D
<AshTray-> It's been a long that.
<AshTray-> day*
<AshTray-> Now the spam-assasin shit...
<zicada> hehe
<Fenix|work> I like SPF... would just wish other mail admins would implement it faster
<Fenix|work> ... and configure their mail servers correctly... grrrr
<Fenix|work> say... anyone know how to ignore socket files with tar?
<Fenix|work> I'm trying to do a backup of / with some excluded directories... but there are a couple of socket files that are in different places and I get emailed ... tar: /var/run/mysqld/mysqld.sock: socket ignored
<Fenix|work> really a waste of an email from cron
<zicada> best mailserver i ever ran was this qmail+vpopmail one on an old gentoo box
<zicada> was up for like 3 years
<zicada> never had a single issue
<Fenix|work> Gentoo goodness ... compiling from source not so goodness
<nomingzi> with VMware server 2.0 virtual machine created for Ubuntu Server 8.10 x86 and the installation no responding at "Configuring apt" with status of "Scanning the mirror"... http://picpaste.com/aaaaa.jpg - please advise, how to fix
<Fenix|work> nomingzi, it's not VMware Server... it's actually scanning the mirror... and most likely a slow mirror... I always have the install hang at 20% 'Scanning the mirror' and have to wait for around 10 minutes
<Fenix|work> afterwards, I switch to better mirrors :)
<nomingzi> Fenix|work: My computer do not have any Mirror/RAID configuration.
<Fenix|work> nomingzi, wrong type of mirror.  It's scanning the packages mirror somewhere on the internet.
<nomingzi> Fenix|work: How do I change the mirror sites to a fast link, prior to the installation ?
<Fenix|work> prior... I don't think you can...
<Fenix|work> you have to wait it out
<Fenix|work> afterwards you can modify /etc/apt/sources.list to a more local mirror that is fast.
<nomingzi> Fenix|work: oh...no... anyway, thanks for your guidance.
<Fenix|work> how long has it been 'Scanning the mirror'?
<nomingzi> Fenix|work: I think now should be more than 15 minutes :-(
<zicada> hehe sup AshTray-
<AshTray-> Damn.. internet cracked :|
<AshTray-> Off making food. Thanks zicada.
<zicada> np
<zicada> marry xmas
<zicada> merry too
<zicada> off to continue making foods
<LeeQ> HALP!! I broke my GRUB!
<LeeQ> I don't know how I did it, but not I am trying to fix it and grub is telling me that it can't mount my partition
<keithclark>  I seem to be having trouble sharing directories/files over samba.  I make the directory shareable and my other user on another computer can see the directory.  They are promted for a username and password and they use the ones that I set up on the host computer but it still does not allow them access.
<keithclark> Not sure what I'm doing wrong here.
<keithclark> Oh yeah, these are both Ubuntu 8.10 machines
<sommer> keithclark: are the user's on the host computer setup for Samba?  if not you can use the "smbpasswd -a username" command to add the user's to the Samba database
<keithclark> sommer, thanks, trying that now.
<keithclark> sommer, thanks!  Perfect.  Still learning here.
<sommer> keithclark: np
<LeeQ> ok, I'm getting a geub error 17
<LeeQ> grub*
<LeeQ> \when I boot from a live cd to fix grub
<LeeQ> it tells me it can't mount the drive
<LeeQ> and I am stuck
<danielm_mc> yo
<danielm_mc> how do you tell if ubuntu server needs a reboot after updating?
<Nafallo> danielm_mc: https://launchpad.net/screen-profiles <-- that's coming soon :-)
<danielm_mc> hah, nice
<danielm_mc> looks like top
<Nafallo> well, yea. it is.
<danielm_mc> i just updated a server and nagios is still screaming that there are updates for it
<Nafallo> I was more about the rest of it ;-)
<danielm_mc> lol, nice
<Nafallo> the colorful stuff at the bottom of the screen
<danielm_mc> ahh
<danielm_mc> small picture
<Nafallo> yea :-/
<Nafallo> http://blog.dustinkirkland.com/2008/12/ubuntu-server-includes-window-manager.html <-- danielm_mc
<danielm_mc> oh nice
<uvirtbot> New bug: #311239 in network-manager (main) "network-manager does not set default route (dup-of: 307204)" [Undecided,New] https://launchpad.net/bugs/311239
<MatBoy> what can be wrong when the nvidia X server settings don't see my second graphical card ?
#ubuntu-server 2008-12-25
<AshTray-> I have a problem with dovecot under Ubuntu Server :|
<AshTray-> The app wont start :(
<AshTray-> root@blt:~# /etc/init.d/dovecot start
<AshTray-> root@blt:~#
<jtaji> AshTray-: that's normal, try /etc/init.d/dovecot status
<AshTray->  * dovecot is running.
<AshTray-> root@blt:~# telnet localhost pop3
<AshTray-> Trying 127.0.0.1...
<AshTray-> telnet: Unable to connect to remote host: Connection refused
<AshTray-> Same with imap
<Deeps> has it been configured to bind to a particular ip, rather than catchall 0.0.0.0?
<Deeps> `netstat -anp` would be useful in this instance to show you what processes are handling what socket connections
<AshTray-> unix  2      [ ]         DGRAM                    1217455  16952/dovecot
<AshTray-> And .. other.
<Deeps> no tcp sockets?
<AshTray-> How do you tell if it's a tcp socket ?
<AshTray-> unix  3      [ ]         STREAM     CONNECTED     1217499  16952/dovecot
<Deeps> first word
<Deeps> shows it's a unix socket, rather than a tcp, tcp6, udp or udp6 socket
<AshTray-> No. No TCP sockets at all.
<Deeps> nothing listening on 110?
<AshTray-> http://paste.ubuntu.com/92479/
<Deeps> oh, you might need to run as sudo/root
<AshTray-> I'm on the root account :)
<Deeps> hmm, no, it should still show you anyway
<Deeps> thats bizarre
<Deeps> what version of ubuntu are you on?
<AshTray-> Last version...
<Deeps> gutsy? hardy? intrepid?
<Deeps> jaunty alpha?
<AshTray-> Linux version 2.6.27-7-server (buildd@palmer) (gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu11) ) #1 SMP Tue Nov 4 20:18:35 UTC 2008
<Deeps> lsb_release -a
<AshTray-> root@blt:~# lsb_release -a
<AshTray-> No LSB modules are available.
<AshTray-> Distributor ID: Ubuntu
<AshTray-> Description:    Ubuntu 8.10
<AshTray-> Release:        8.10
<AshTray-> Codename:       intrepid
<Deeps> intrpid
<Deeps> i dunno, maybe they changed the behaviour of netstat in intrepid, thats mighty weird though
<Deeps> netstat -tanp give you anything?
<AshTray-> Yes :) Enlightement
<AshTray-> tcp6       0      0 :::110                  :::*                    LISTEN      16952/dovecot
<Deeps> and telnet localhost 110 fails
<AshTray-> Yes.
<Deeps> you tried specifying numeric 110 instead of service name pop3?
<AshTray-> Yes.
<Deeps> i'm outta ideas beyond "check the dovecot logs"
<AshTray-> Dec 24 23:03:08 blt dovecot: Killed with signal 15
<AshTray-> This is the only thing i found
<Deeps> to the google machine!
<Deeps> gl!
<Deeps> nn
<AshTray-> nn
<AshTray-> Thanks
<arrrghhh> if i setup samba with security = share is that enough to prevent the password prompt?  or is there something else i should be doing?
<Elite> how do I install SWAT for samba?
<belzoradon> Elite: have you tried google?
<Elite> Yes
<Elite> Actually you know what I haven't but I'm on dial up so this is faster anyways
<belzoradon> what exactly is the problem then? i just found 4 howtos
<Elite> Well I have samba installed but I am not sure if swat is installed
<belzoradon> have you tried typing swat --help?
<Elite> nevermind I got it
<arrrghhh> dial up?  seriously?
<arrrghhh> my free aol hours ran out years ago...
<zicada> dialup ? seriously ?
<zicada> 2009 in like, 7 days
<arrrghhh> lmao
<zicada> http://www.youtube.com/watch?v=c4RY-eJgHHs&eurl=http://www.alandfaraway.org/forums/viewtopic.php?f=4&t=41255&start=15
<zicada> max high in headset
<zicada> yes yes
<zicada> merry xmas :D
<zicada> and if i hit da switch, i can make da ass drop
<zicada> :D
<Elite> od damn linux sucks
<arrrghhh> Elite, then use windoze
<arrrghhh> we don't care
<Elite> Windows sucks too haha
<arrrghhh> yes, which is why i use linux
<arrrghhh> my ubuntu server has been rock solid
<arrrghhh> ah well seems like samba's working now.
<arrrghhh> cya'll
<zicada> Elite: troll
<zicada> firestarter
<zicada> fuck you linux is better
<zicada> :D
<xp_prg> what is the package I need to install to get mkpasswd?
<zicada> type mkpasswd
<zicada> magic ubuntu will inform you
<xp_prg> just says mkpasswd not found
<foxytheold> *sniggers at lst comment and goes off to bed to sleep*
<zicada> night
<xp_prg> hello?
<foxytheold> night everyone merry xmas n happy new year to all
<zicada> google knows all
<xp_prg> I did google it
<zicada> yeah
<xp_prg> it returned a perl module that is all
<zicada> im telling tim
<zicada> :|
<zicada> :D
<Kira> In Intrepid Ibex, which apt package(s) do I need to install so that I can start the GNOME environment when I need it?
<Tim__Reichhart> could anybody tell me how to unmount my whole old hard drive and put it onto a new hard drive
<Tim__Reichhart> if anybody is looking for cheap server here you go: http://www.tigerdirect.com/applications/searchtools/item-details.asp?EdpNo=4133906&Tab=11&NoMapp=
<Anirban1987> What are the basic protection I need to apply on a Ubuntu 8.04 Apache server ?
<jmarsden> Anirban1987: Read some tutorials on hardening Apache adn LAMP installations... maybe look at http://www.freesoftwaremagazine.com/articles/hardening_linux and http://www.us.apachecon.com/presentation/materials/42/Hardening_Enterprise_Apache.pptx ?
<xp_prg> what is the package for mkpasswd?
<Anirban1987> I use APF as firewall . How will you rate it ?
<jmarsden> xp_prg: dpkg -S `which mkpasswd`  will tell you ... the answer is whois
<jmarsden> Anirban1987: It should be fine if property configured, like any sane iptables-based firewall.  But a firewall is only one part of your overall Linux web server security.
<xp_prg> jmarsden that command didn't do anything for me
<xp_prg> but your saying the package is whois that has mkpasswd?
<jmarsden> xp_prg: Hmm, it worked here.  Yes.
<xp_prg> ok cool I have it now!
<xp_prg> how do I make sure my ubuntu-server has security updates?
<jmarsden> xp_prg: Read the Ubuntu Server Guide, but as a quick check, do sudo apt-get update && sudo apt-get upgrade
<Anirban1987> I have a problem . I am running Parallel Plesk 9.0.0 on Ubuntu 8.04 x64. If I try to upgrade it to 8.10 will there be any compatibility problem with Plesk ?
<jmarsden> xp_prg: See https://help.ubuntu.com/8.10/serverguide/C/automatic-updates.html (but read the whole guide it is well worth the time)
<turuburu> merry christmas!
<jmarsden> Anirban1987: It's probably safest to ask Plesk support about that
<Anirban1987> But as I am using the demo version (which allows only 1 domain :( ) . So they just don't care.
<jmarsden> Then maybe you should switch to a free software alternative?  ebox?  webmin/virtmin?  Anything reasonable that you have full source code for and the ability to enhance or fix when it breaks?
<Anirban1987> They are not as glossy as Plesk or CPanel
<jmarsden> OK, then pay for the glossiness and get full support, or hack them to add the desired glossiness :)
<JDStone> what should I set the chunk size to for a RAID 5 array with 3 1TB drives
<JDStone> ??
<Anirban1987> Do u know how to hack it ?
<jmarsden> Anirban1987: I've made a few minor mods to virtualmin for my own purposes... but adding glossiness (beyond choosing a nice looking theme) was not a major goal for me.
<jmarsden> JDStone: There are no hard and fast rules for that, as far as I know... maybe 256K ?
<JDStone> jmarsden: well, the default is 64, right?
<JDStone> what's the advantage/disadvantage of using 256K vs. the default 64K
<jmarsden> Yes, but for a 2TB array that's probably too small.  Those defalts were created a whiel ago, ebfore 1TB drives were common.
<Anirban1987> Then I how can I shift from Plesk to Virtualmin seamlessly without any downtime ?
<JDStone> jmarsden: well, actually, it'd be a 1.5TB array. okay, then I'll take your advice, 256K it is
<jmarsden> JDStone: It's all about performance on different workloads...  and no, RAID 5 across 3 1Tb drives should get you a 2TB array.  One drive for paritym the otehrs for data.
<jmarsden> Anirban1987: I have no idea.  But you can't upgrade to 8.10 with no downtime either.
<JDStone> okay, alright. cool.  thanks.  i'm doing 256K then, cool.  thanks again
<jmarsden> JDStone: No problem.
<Anirban1987> Can u gurantee proper running of Plesk then ? The Plesk site says it supports upto 8.04.
<jmarsden> Plesk is proprietary software, I have not used it.  I can't guarantee anything about it :)  Sounds like maybe you should stick to 8.04 until Plesk say they support 8.10
<JDStone> jmarsden: did I miss something?  I did "sudo mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 -c256 /dev/sdb1 /dev/sdc1 /dev/sdd1"
<JDStone> and I got:
<JDStone> "[ 6961.505394] raid5: raid level 5 set md0 active with 2 out of 3 devices, algorithm 2"
<JDStone> isn't it supposed to use all 3 drive?
<JDStone> *drives
<jmarsden> JDStone: I'm not sure at all, but I think that is an OK result, since if you only had 2 devices you could not have RAID5 at all, by definition.
<JDStone> what are you talking about
<JDStone> I have 3 devices
<JDStone> 3 hard drives
<JDStone> that's what RIAD5 requires
<jmarsden> Right.  So the log message probably means "using 2 of 3 for data, 1 for parity?"  I'm guessing.  It *can't* mean "using two devices total for RAID5", because that is a logical impossibility.
<JDStone> oh, okay
<JDStone> alright, thanks dude
<jmarsden> You can probably do something like sudo cat /proc/mdstat to see what is happening with your software RAID?
<jmarsden> No problem
<JDStone> yep, that's what I'm looking at now, /proc/mdstat/, thanks
<JDStone> jmarsden: when I examine the raid device, it says spares=1
<JDStone> it says 3 devices, 1 spare
<JDStone> active devices: 2
<JDStone> working devices: 3
<JDStone> failed devices: 0
<JDStone> spare devices: 1
<JDStone> i'll wait 'til it's done building
<JDStone> or whatever
<JDStone> and then see what it says
<JDStone> and then I'll ask for help then, if needed
<JDStone> sorry to bother you
<JDStone> thanks
<JDStone> :)
<jmarsden> I don't have a software RAID5 machine I can look at to compare with, unfortunately... but that doesn't sound right.  Sounds like you may have build a RAID1 device with a hot spare?
<JDStone> yeah, i know, it doesn't sound right
<JDStone> but I specified --level=5
<JDStone> weird
<JDStone> i guess we'll see
<jmarsden> Yes, you'll see by the size of the resulting array, I suppose.  What does grep md0 /proc/mdstat say?
<JDStone> md0: active raid5 sdd1[3] sdc1[1] sdb1[0]
<JDStone> unused devices: <none>
<JDStone> 256k chunk, algorithm 2 [3/2] [UU_]
<JDStone> and it's recovering
<jmarsden> That looks fine.  Perhaps the 3rd drive will show normally once the device build completes.
<JDStone> yeah, that's what I'm thinking...
<JDStone> we'll see...
<jmarsden> JDStone: OK, I found a way to create a software RAID5 device on a single HD on this desktop PC I'm using... and the array created (I made a really small one) with the command you posted looks fine (and looks to be RAID5) once the build completes.
<JDStone> alright, cool. thanks for all the help jmarsden
<JDStone> goodnight
<jmarsden> No problem.  Goodnight.
<ghaleb> hello, I'm trying to use LDAP for authentication,  I get results from ldapsearch -x,   libnss-ldap.conf , ldap.conf and  nsswitch.conf configured this way:   http://rafb.net/p/m0iGQZ77.html
<AshTray-> Merry Christmas !!
<WoLf_Loonie> Hello everyone, and merry christmas =)
<WoLf_Loonie> I have an issue (possibly with my router?).. when I check my Apache2 logs, every incoming connection from the WAN side, is recorded as coming from 10.0.0.1 (my router's ip) instead of the normal ip address like it used to do with a different setup.. iptables on the router looks fine, and I've tried to blank out iptables on the server, but I can't find a way to fix this issue..
<jmarsden> WoLf_Loonie: Merry Christmas, and did this used to work correctly... and if so, what did you change?
<WoLf_Loonie> Hello jmarsden, and, I've changed Computer and router =P
<jmarsden> That's... a significant change alright!  I'd suspect the router; can you put the "old" router back in place as a test?
<WoLf_Loonie> sure thing. I'll be back in about 2 minutes, have to physically switch it and come back =)
<WoLf_Loonie> Alright, with the old router, it works as expected.
<WoLf_Loonie> (had to switch back to the new one, missing WiFi on the old)
<jmarsden> OK, cool, so that has reduced the places to look for the problem by 50% :)
<jmarsden> Is the new router a Linux box?  WHat software is it running?
<WoLf_Loonie> yes, it is, but I'm not sure how to say what kind it is. can get to the busybox tho, if needed
<jmarsden> OK, so it is a commercial embedded device, running... dd-wrt or something like that?
<WoLf_Loonie> it's a TP-Link TD-W8920GB
<jmarsden> Not one I have heard of, but OK.  Can you pastebin the current iptables ruleset it is using?
<WoLf_Loonie> sure, in a sec
<jmarsden> Meanwhile I am downloading its PDF manual...
<WoLf_Loonie> http://pastebin.com/d42b7cf3b
<jmarsden> Looks more or less sane.  A couple of odd ports open, but I assume that is deliberate... but it does not seem to be doing NAT??
<WoLf_Loonie> it forwards the port correctly, but any server receiving them, states the connection comes from 10.0.0.1 instead of, let's say, 123.123.123.123
<WoLf_Loonie> and yes, the four ports open are deliberate, and used from my servers.
<WoLf_Loonie> five, forgot ssl irc =P
<jmarsden> OK... there are no NAT related rules in that output... maybe adding something like   iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
<jmarsden>  woudl do the trick, but it is very puzzling as to why the router doesn't do some POSTROUTING stuff already.
<jmarsden> It is almost as though your router is configured as a pure router, not as a NAT firewall.  Is there some checkbox in its user interface for NAT that was forgotten somehow?
<WoLf_Loonie> it should be checked, will double check in a second
<WoLf_Loonie> .. for some reason I can't add that line to iptables.
<WoLf_Loonie> doesn't list any change in iptables -L after adding it.
<jmarsden> OK... well, that's narrowed the area of the probelm down significantly.  I can't tell exactly what your router is doing, but if you can get it to create a suitable POSTROUTING rule, I am pretty sure all will then be fine.
<jmarsden> Ideally get it to create one itself from its GUI, of course, but if that fails, try by hand as above.  Hmmm, you might need to manually create a NAT ruleset so that the -t nat above works?
<WoLf_Loonie> the only checkbox under the nat section in the web configuration is about "ALG: Sip enabled"
<WoLf_Loonie> it's on currently.
<WoLf_Loonie> elsewhere, can't find any other option that could be related
<WoLf_Loonie> (the firmware in this router is really lacking a lot.)
<jmarsden> Strange.  Is there updated firmware for the router you can download, maybe??
<WoLf_Loonie> already running the latest one, I tried that too
<WoLf_Loonie> it gave me telnet access and working UPNP, (that was broken with the old firmware), but still the same behaviour with nat
<WoLf_Loonie> if I can't find a way to fix that issue, I'm going to chuck it and get a new one. the only reason why I got this model is cause it has a 108M wireless.
<WoLf_Loonie> (that is actually working like a wonder, at 150 meters from my home I still get 25% signal >.>)
<jmarsden> OK.  Sadly, a different router may be the quickest way ahead here!  Did running iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE  give you any error messages or anything?  It's definitely the "right basic approach"...
<jmarsden> Hmmm, can you use both -- use the odl router as a router, and use this oen as an access point behind it?  Best of both worlds?
<jmarsden> IF it has an access point mode that could work well for you.
<WoLf_Loonie> after entering the iptables line, it just states "hit enter to continue" as it does after every command it runs.
<WoLf_Loonie> no errors nor outputs.
<jmarsden> Hmm, that's sad.  If you type in junk you get the same thing?
<WoLf_Loonie> -> sdfsdf
<WoLf_Loonie> sdfsdf: not found
<WoLf_Loonie> Hit <enter> to continue
<jmarsden> Hmmm, so at least it recognized the iptables command... just apparently did nothing useful with it.
<WoLf_Loonie> and giving iptables junk flags, it gives me an iptables error line like expected.
<jmarsden> OK.  I'm running out of ideas, in your circumstances I'd be using the old router, and setting up the new one as an access point, I think.
<WoLf_Loonie> or buy a very long ethernet cable for the EEE ;P
<jmarsden> Well, sure, that's one way to avoid the problem ;)
<WoLf_Loonie> hehehe =P
<jmarsden> Well, I need to go AFK and help with breakfast here... but at least we now know the cause of the issue.  Sorry we didn't find a working solution.
<WoLf_Loonie> to think, I was going crazy to understand why Apache2 was not making any difference with the "deny from all, allow from 10.0.0.0".. till I went to check the logs cause I was running out of ideas.
<WoLf_Loonie> alright, thanks a lot for the help anyway =) and have a good breakfast
<jmarsden> Thanks.
<jtaji> WoLf_Loonie: if you do get a new router get a linksys WRT54GL and load tomato or dd-wrt firmware on it
<WoLf_Loonie> I'd like to try a custom firmware for this router too, but I can't find any information on internet about it.
<jtaji> what is it?
<WoLf_Loonie> sounds like TP-Link is some "second brand" from D-Link, but can't find the relative model
<WoLf_Loonie> it's a TP-Link TD-W8920GB
<jtaji> basically unless it's a broadcom based one with enough flash that supports linux you are pretty out of luck
<WoLf_Loonie> well, it's already running a busybox, so I guess it's only a matter of finding which firmware is compatible =P
<jmarsden> WoLf_Loonie: There is an "Enable NAT" checkbox referred to on page 32 of the user manual... might be worth a look?  Figure 5-11
<WoLf_Loonie> Sorry jmarsden, was deep into browsing google trying to find anything related to this issue, and I didn't hear the highlight
<jmarsden> No problem... I was eating :)
<WoLf_Loonie> under which section is the Enable Nat checkbox?
<WoLf_Loonie> don't have the manual handy..
<WoLf_Loonie> downloading the pdf ;P
<WoLf_Loonie> O.o I don't have a figure 5-11 on that manual.. lol. anyway, it may be under the ADSL settings, will try to remake the connection and see what I can find in there.
<WoLf_Loonie> I'll ba back (I hope ;P)
<WoLf_Loonie> be*
<jmarsden> http://www.atel.com.pl/doc/MAN_TD-W8920G.pdf
<WoLf_Loonie> nothing, hmm.
<WoLf_Loonie> but I noticed something in the logs of the router, going to pastebin it
<jmarsden> Did you download the same version of the manual I found?
<WoLf_Loonie> http://pastebin.com/d4f9a7153
<WoLf_Loonie> dunno, I checked on the one from tp-link own website
<WoLf_Loonie> anyway, that's the log of a reboot of the router
<WoLf_Loonie> iptables -L still returns the same as before.
<jmarsden> Ah, http://www.tp-link.com/english/soft/200862154858.pdf has it as Figure 4-11
<WoLf_Loonie> *nods*
<jmarsden> Lines 40 and 41 in your output look like actual errors...
<WoLf_Loonie> I checked on that, re-created the adsl connection, and triple checked it stated nat enabled.
<jmarsden> And the POSTROUTING stuff does seem to be happening at boot, which is interesting.
<WoLf_Loonie> *nods* noticed that and the error. I wonder if it's related?
<WoLf_Loonie> cause iptables then doesn't state anything about it. shouldn't it have a line for that?
<jmarsden> Does    iptables -t nat -n -L   show you anything?
<WoLf_Loonie> http://pastebin.com/d5ed441c5
<WoLf_Loonie> 79.* is my current WAN ip.
<jmarsden> OK.  Well, looks from that as though it really is doing NAT after all.
<jmarsden> I'm not entirely convinced all the SNAT rules are really desirable... if you want to experiment, try deleting them?  Esp line 20, the one for port 80?
<WoLf_Loonie> removing the forwarding?
<Elite> Hey, how do I find out what version of ubuntu server I am running?
<jmarsden> Elite: cat /etc/lsb-release
<Elite> Nice thanks
<jmarsden> WoLf_Loonie: the redirect of line 8 (DNAT) should still get the packets to your server...
<jmarsden> BUt maybe will avoid rewriting the source address if you cn remove the line 20 SNAT
<jmarsden> Elite: No problem.
<WoLf_Loonie> sure thing, how can I do that? on the web interface I can only add or remove the forwarding, and I'm not that close friend with iptables advanced stuff =)
<jmarsden> FInd the rule number from  iptables -t nat -n -L -v and then use iptables -t nat -D POSTROUTING X   # where X is the number of the rule
<jmarsden> BTW, man iptables is your friend for this kind of thing :)
<WoLf_Loonie> =)
<WoLf_Loonie> *bounces around*
<WoLf_Loonie> 72.14.193.67 - - [25/Dec/2008:20:29:51 +0100] "GET / HTTP/1.1" 403 226 "-" "Mozilla/5.0 (Wi
<WoLf_Loonie> that was it
<jmarsden> That worked?  Cool.
<jmarsden> How to keep that from coming back when you reboot is beyond me, but at least you now have a sort-of solution!
<WoLf_Loonie> so I guess I should remove every snat entry?
<jmarsden> Yes, I think so.
<WoLf_Loonie> hmm, the other rules all state 0 as first number O.o
<WoLf_Loonie> where the port 80 one was listing 4 (and I used 4 to remove it) .. if that was just luck, I'm gonna laugh ;P
<jmarsden> Hmmm.  Pastebin iptables -t nat -n -L -v   output for me?
<WoLf_Loonie> http://pastebin.com/d4911c448
<jmarsden> Oh... yes, you can laugh... that was the number of packets not the rule number :)  Just use   iptables -t nat -D POSTROUTING 2   several times and you should be all set
<WoLf_Loonie> hahahaha =P
<WoLf_Loonie> yeah I figured there was something wrong afterward =P but hey, it worked =P it's christmas, after all =P
<WoLf_Loonie> lol
<WoLf_Loonie> Basically, everytime I reboot the router I'll have to remove the snat entries.
<WoLf_Loonie> well, cheaper than having to buy a new one =P
<WoLf_Loonie> hehe
<WoLf_Loonie> Thanks really a lot.
<jmarsden> No problem.  BTW to see the rule numbers you use the --line-numbers option to iptables (I just read man iptables some more)
<WoLf_Loonie> =) will study it, maybe I'll find how to get it to work correctly in first place =)
<jmarsden> OK, I'm going AFK for a bit, almost time to carve a turkey...
<WoLf_Loonie> Have a good turkey! =)
<WoLf_Loonie> hehe
<JDStone> jmarsden: yep, everything looks good now.
<WoLf_Loonie> whee, netsplit.
<LoveGuru> ;\
#ubuntu-server 2008-12-26
<jay2> Merry Christmas everyone
 * genii hands out eggnog
<chilli0> k
<chilli0> does anyone have a link to a tutorial that shows me how to install ftp and lighttpd on ubuntu server?
<jmarsden> chilli0: sudo apt-get install vsftpd lighttpd lighttpd-doc    # should install them; it's too simple to need a tutorial?
<jmarsden> Then read their docs if you want to know how to configure them after they are installed.
<chilli0> k
<chilli0> thanks
<chilli0> and
<jmarsden> No problem.
<chilli0> when i install ubuntu server
<chilli0> is there an option to install X?
<jmarsden> No, by design there is not.
<chilli0> ah
<chilli0> should it be hard to do it in cli?
<jmarsden> Hard to do what?
<chilli0> set up a websever
<chilli0> so i can edit the website from my lappy
<chilli0> atm this computer is the server
<jmarsden> No, as long as you are reasonably comfortable at the command line you can configure stuff easily enough.  And once you have it configured you can use any GUI FTP or SFTP client to upload your web content, etc from your laptop or any other machine.
<chilli0> yeh
<chilli0> i shall give it ago
<chilli0> o and
<chilli0> how can i make a static ip for the server?
<chilli0> its inside the router
<jmarsden> Read the Ubuntu Server Guide for how to give a machine a static IP.  How to tell your router to forward ports depends on the router, but is usually a simple web interface on the router.
<chilli0> ive made the router port forward
<chilli0> just need to static it up a lil
<chilli0> thanks for your help
<jmarsden> No problem.  See https://help.ubuntu.com/8.10/serverguide/C/networking.html
<chilli0> is somba like ftp?
<chilli0> samba*
<jmarsden> Samba is like Microsoft Windows network shares, not really like FTP.  Do not use Samba across the Internet...
<chilli0> kk
<chilli0> i wont then
<chilli0> what is the best version of the server?
<jmarsden> Best for who for doing what? :)
<jmarsden> Are you sure you actually need a server version of Ubuntu... you could just add a web server and FTP to your existing desktop Ubuntu installation...
<chilli0> true
<chilli0> i was thinking about doing it that way
<chilli0> i may aswell do it that way
<chilli0> i know how to set up lighttpd
<jmarsden> If this is just a hobby/experiment thing, do it that way.  If you are building a real production server, use Ubuntu Server.
<chilli0> yeh its hobby thing
<HttpErrors> indeed it is chilli0
<jmarsden> They keep it simple and just add the services you need to your desktop install.
<chilli0> HttpErrors:  ooo
<HttpErrors> it is very easy to do, i can run you along it
<chilli0> HttpErrors:  i got a new lappy today , and mum wont let me have 2 computer so i have to give this to my brother , but i get his old one for a server
<HttpErrors> sweet
<chilli0> HttpErrors:  i need ftp and lighttpd and a static ip
<HttpErrors> uhh.
<chilli0> ?
<HttpErrors> i dont think you can do the static ip bit
<chilli0> LIEs
<HttpErrors> or is it in LAN?
<chilli0> yeh lans
<chilli0> i did it on this computer
<chilli0> but i dont know how i did it
<HttpErrors> ah
<HttpErrors> just click on Network manager
<chilli0> k
<chilli0> edit?
<chilli0> for some reasons
<HttpErrors> indeed
<chilli0> it says its not connected
<HttpErrors> its all greyed?
<HttpErrors> oh
<chilli0> no not greayed
<chilli0> its got a x on the sign
<HttpErrors> are you connected?
 * chilli0 face-desk
<chilli0> dehh
<chilli0> lol
<chilli0> but go on
<HttpErrors> what is your LANs ip range?
<HttpErrors> and subnet mask
<HttpErrors> wait
<HttpErrors> What is your routes IP address in the LAN, and what is your subnet mask?
<chilli0> 192.168.254.254 is my routers thingo
<chilli0> subnet is  254.254.0.0
<chilli0> i think
<HttpErrors> 254.254?
<HttpErrors> O.O
<chilli0> maby?
<HttpErrors> That is SOO wrong
<HttpErrors> its mostlikely 255.255.0.0
<chilli0> Mask:255.255.255.0
<chilli0> yeh
<chilli0> its that
<chilli0> Mask:255.255.255.0
<HttpErrors> ohnoes :<
<HttpErrors> eh
<HttpErrors> ok
<chilli0> ?
<chilli0> why noes
<HttpErrors> untick Roaming mode
<chilli0> i can change
<HttpErrors> dw
<chilli0> im changing it
<HttpErrors> not needed
<chilli0> what should it be?
<HttpErrors> ok
<HttpErrors> 255.255.0.0
<chilli0> k
<HttpErrors> change it on all comps
<HttpErrors> and router
<chilli0> done
<jmarsden> HttpErrors: If the LAN addresses are 192.168.x.0 then subnet is 255.255.255.0 unless you are doing something extremely unusual.
<HttpErrors> in larger networks, it makes it eaiser
<jmarsden> HttpErrors: chili0 can't even have two computers, and you are trying to set up so he can have 65535 of them???
<HttpErrors> jmarsden: i personally use 172.16.1.??? for DHCP .2.??? for Statics and .3.??? for servers
<jmarsden> I really think 255 will be sufficient.  Yes, but he has said that his network is at 192.168
<chilli0_> back
<chilli0_> but
<chilli0_> it didnt work
<chilli0_> it did
<chilli0_> but
<HttpErrors> jmarsden: expandability. and keeps the dhcp range clear of static ips
<chilli0_> my mask is the same on this computer
<HttpErrors> :/
<chilli0_> i think i can fix  give me a min
<chilli0_> or maby not
<HttpErrors> k
<HttpErrors> its not imperative
<chilli0_> k
<HttpErrors> but it is useful
<chilli0_> i see
<jmarsden> HttpErrors: Expandability is gained by using standards appropriately.  You break one if you use 192.168.x.0/16.  Apparently you are not employed as a network admin?  Anyway, your call if you are going to support this strangely configured network for chilli0_
<chilli0_> why is it strange lol
<jmarsden> Read the RFCs about private network address ranges...
<chilli0_> k
<chilli0_> any who
<HttpErrors> jmarsden: overly complex, but it work better than clustering DHCP, Statics and Servers into one range
<chilli0_> HttpErrors:  so when i download ubuntu 8.10 in the morning , ill install it
<chilli0_> and then talk to u
<chilli0_> becasue my internet speed is at dial-ups
<HttpErrors> k
<chilli0_> it gots back to 1.5mps in the morning
<HttpErrors> heheh
<chilli0_> and my brother wants me to install windblows on this computer
 * HttpErrors loves his 24Mbps (11Mbps true)
<chilli0_> so i think ill do that now
<chilli0_> i saw 50mps for $170
<chilli0_> i wants
<HttpErrors> eh
<HttpErrors> silly commercial connections
<HttpErrors> im on a residential conn
<chilli0_> o i see
<chilli0_> whats a good irc client for windows?
<chilli0_> im gonna go on my lappy
<HttpErrors> mirc
<chilli0_> k
<chilli0_> shall do
<HttpErrors> or putty.
<chilli0_> afk
<HttpErrors> k
<chilli0_> putty?
<chilli0_> putty = irc?
<jmarsden> Putty is not an IRC client.
<HttpErrors> yea, ssh to a nix comp and use irssi
<chilli0_> erm
<chilli0_> to complex
<HttpErrors> indeed
<chilli0_> mirc will do the job
<chilli0_> afk naw
<HttpErrors> k
<chilli0> hey im back
<chilli0> on my lapy
<chilli0> lappy
<uvirtbot> New bug: #311393 in net-snmp (main) "package libsnmp15 5.4.1~dfsg-7.1ubuntu6 failed to install/upgrade: il file tar ? rovinato - l'archivio del pacchetto ? rovinato" [Undecided,Incomplete] https://launchpad.net/bugs/311393
<cdshan> Hello Everyone!  I had just completed installing ubuntu-server 8.04.1 with software raid
<cdshan> I had configured Raid1
<cdshan> With 2 physical disks
<cdshan> I have partitioned the disks into partitions like md0 - /; md1-/var md2-/home, etc
<cdshan> Now I want to make sure that if my first disk in the array fails, I am able to boot into using the second disk.
<cdshan> Could someone point me to the documentation for the same or help me in setting it up?
<WoLf_Loonie> I was looking around it too, for something similar (had issues to boot a raid0 setup).. what I found, is that for a raid1 to boot from another disk, you have to install GRUB on the second disk too. (I'm not an official helper nor nothing, just a bystander who stumbled on a similar issue ;P)
<donspaulding> hi all, I'm running a remote ubuntu server that seems to spike to 100% CPU utilization on occasion.  When it does this, I can still ping the server, but can no longer ssh into a terminal.  How can I configure the server so that ssh always has enough resources to log me into the box to see what's going on?
<yann2> maybe some people use nice to give the ssh daemon a higher priority
<donspaulding> yann2: any idea what a "safe" nice value would be for sshd?
<zicada> the open web is a beaitiful soup of barely compatible clients and servers. It comprises billion od pages, millions of users, and thousands of browser based applications. You can access the open web with open source and proprietary browsers, on open source and prorprietary operating systems, on open source and proprietary hardware"
<zicada> :D
<LinuxLover4_> I have ubuntu server 8.10. when I insert a flash drive or cd or dvd, will it automaticly mount? or do I have to use some commands to mount the files?
<LinuxLover4_> anyone. . .?
#ubuntu-server 2008-12-27
<L_Y> what should i do if i want to let a program run by it self in minimize?
<jmarsden> L_Y: minimize?  On a server?  Normally you would just do   nohup programname &    # to run a prog in the background "by itself", is that what you mean?
<L_Y> i want to let the thunderbird run by itself in the background
<jmarsden> Thunderbird needs a GUI... why would you want it in the background?
<jmarsden> Ubuntu server does not come with X and does not come with Gnome or KDE or any other X windowing desktop environment, so Thunderbird won't run on ubuntu server unless you do a lot of manual work to add X... are you sure this is for a server?
<jmarsden> You are in #ubuntu-server :)
<Elite> okay wth, I have samba installed and when I try to go and "connect"(double click the server in windows) and I type in the root user and pass etc then it tells me that the login was not successfu
<kev009_> has anyone here set up ubuntu to do an nfsroot and boot off tftp/pxelinux?
<Blinkiz> After a clean installation of hardy server it took about 20MB of RAM according htop. Intrepid server takes around 100MB of RAM. What is the difference here? What does the 2.6.27 kernel do so htop says it's using 100MB of RAM?
<daaaaniiieeeel> Hello.. I think i've locked myself out from SSH on my server :) It's a blocked port issue.. I'm not sure wether it's my ISP that's blocking the server or if it's something on the server itself
<daaaaniiieeeel> Changed from default port 22 to port 1987 and it basically stopped working
<daaaaniiieeeel> Would anyone like to try to login? so i could see if it's my ISP that's causing the problem
<erichammond> msg me the IP address and I'll check the port.
<daaaaniiieeeel> I did an NMAP scan and port 1987 it returns: Filtered
<erichammond> daaaaniiieeeel: I'm not getting any response (no connection, no rejection) on that port either.
<daaaaniiieeeel> Ok but you can access the server on http (port 80) right?
<erichammond> daaaaniiieeeel: yep, it's good
<daaaaniiieeeel> Ok so did i forget something important when i switched from port 22 to 1987? i edited the /etc/sshd.conf file.. and then restarted ssh deamon
<daaaaniiieeeel> logged out
<daaaaniiieeeel> which was a bad idea :P
<daaaaniiieeeel> now i'm locked out
<erichammond> daaaaniiieeeel: Yep, always verify you can get back in before leaving.
<daaaaniiieeeel> newbie mistake huh ><
<daaaaniiieeeel> bah.. so now i need physical access to the server right?
<erichammond> Folks who really like safety set up a timer which switches back to the old sshd config.
<erichammond> This is also nice for testing iptables changes
<erichammond> yep, unless you can find a security hole in your web server :)
<daaaaniiieeeel> rofl
<daaaaniiieeeel> oh damn
<daaaaniiieeeel> So what do you think may be the issue?
<daaaaniiieeeel> iptables?
<erichammond> Perhaps a firewall on the system or in front of it?
<daaaaniiieeeel> Well as i said i did an nmap scan on the port
<daaaaniiieeeel> and on other ports it says "closed"
<daaaaniiieeeel> but on this it says "filtered"
<daaaaniiieeeel> which makes me wonder
<daaaaniiieeeel> sounds like a firewall issue
<daaaaniiieeeel> but is there a way to find out if it's the actual server or something infront of it?
<daaaaniiieeeel> I'm guessing it's something infront, because i tested switching ports on my local virtual ubuntu server
<daaaaniiieeeel> and it worked just fine with any port
<daaaaniiieeeel> and it's basically the same configuration
<kev009_> how do I create a proper fat client for nfs boot?
<erichammond> daaaaniiieeeel: I'm going to bow out at this point.  It's past 4am and I need a bit of sleep before the kids wake me up.
<daaaaniiieeeel> hehe ok
<daaaaniiieeeel> cheers
<cheetiong> hi, any body know how to modify the initrd file? i have try to use cpio command to extract this file, then modify some thing, then cpio it again to be a initrd file, but boot got kernel panic?
<ogra> you usually dont modify initramfs directly, what exactly do you want to change ?
<cheetiong> ogra: hi thank reply, i need to change some settings inside this initram file, because need to add driver on this live cd? please teach me.
<ogra> so you are remastering a liveCD ?
<ogra> if so, you can just put a line for the driver into /etc/modules ... just make sure you run the update-initramfs command afterwards and the driver will end up in your new initramfs
<ogra> (indeed the driver needs to exist in the /lib/modules dir for your kernel)
<cheetiong> ogra: ic, i have try to open the initrd file by cpio command, then add some file, after that cpio back to initrd file, then cannot boot got errors: kernal panic?
<ogra> right, dont edit it directly
<ogra> update-initramfs will assemble the filesystem for you from the files in the system, just make sure they are there when running that program ...
<ogra> (see man update-initramfs)
<cheetiong> ogra: ok issue the command update-initramfs are already boot into this livecd, then i restart this livecd then the driver still remain same, because the CD is readonly..?
<ogra> right, that wont work
<cheetiong> ogra: u mean cannot change the livecd at all?
<cheetiong> ogra: because that livecd dont have my system latest new network card driver...:-(
<ogra> you cant update a liveCD thats burned already ...
<ogra> see https://help.ubuntu.com/community/LiveCDCustomization
<cheetiong> ogra: ok thank.
<ogra> you can modify the iso ... before you burn it to disk
<cheetiong> ogra: thank you very much.
<AshTray-> Need a little help please. Dovecot it's not working anymore. It's restarting.. http://pastebin.ath.cx/m6021d3d4 but it's not working... http://blt.ath.cx/squirrelmail/src/login.php
 * delcoyote hi
<cheetiong> anybody experience about using linux as a client then connect to openVMS server via telnet, but the keyboard function key for openVMS i cannot find in linux, anybody know the solution?
<AshTray-> Need help making a print server
<AshTray-> Please help. I have a problem with my hp 3320 printer... http://pastebin.com/m23cd9f3b
<AshTray-> How to make an user for vsFTPd ?
<yann2_> when is the next ubuntu-server meeting?
 * yann2_ going to add this to the agenda https://wiki.ubuntu.com/ServerTeam/WebArchitecture
<mcas> if i use /usr/share/doc/exim4-base/examples/exim-gencert to generate a cert for exim then i get the message that the cert was deprecated(?)
<mcas> sorry i don't now the correct word at the moment
<mcas> the cert was valid to AUG of this year
<mcas> but i run the script 5 minutes ago
<mcas> has someone the same bug?
<mcas> its hardy heron server
<uvirtbot> New bug: #311826 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.0.67-0ubuntu6 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,Invalid] https://launchpad.net/bugs/311826
#ubuntu-server 2008-12-28
<Kevin_> Hi Everyone. I'm working on my Wordpress Ubuntu server and am looking for ways to up the performance. I've already installed a PHP accelerator and am wondering if it is worth it to configure MySQL caching.
<nandemonai> Hiya guys. I'm wondering if there are any special steps I need to take in order to get /etc/network/if-up.d(if-down.d)/ scripts working. They're executable but don't seem to be working?
<popcornPanic> is there any way to have a server's monitor show everything being done by all users?
<Kamping_Kaiser> top?
<genii> ps aux ?
<popcornPanic> not top. what's ps aux?
<Kamping_Kaiser> why not top?
<Kamping_Kaiser> what do you actually want to do?
<popcornPanic> i don't want to look at the processes just the commands that have gone through
<popcornPanic> commands and users who issue it
<Kamping_Kaiser> you'd need to customise the user logging
<genii> popcornPanic: Those will be in their repective bash history files however
<popcornPanic> okay. another question. does WinSCP actually send commands to the remote server and if so where would they be stored?
<genii> Try the auth log for that one
<genii> It should tell you the logins anyhow
<popcornPanic> yes it shows logins.
<popcornPanic> but no commands from the users. except for my user.
<Kamping_Kaiser> funny that *g*
<Kamping_Kaiser> being called auth.log and all
<popcornPanic> ??
<genii> popcornPanic: Since secure copy requires a login, it contains the times which scp/winscp etc connected and who connected
<popcornPanic> yes.
<Kamping_Kaiser> i'm sure theres a dozen and four guides on getting all users shell histories logged to a central location
<popcornPanic> perhaps i will look
<genii> popcornPanic: If the user excuted some commands while logged on, those would be shown in: /home/theirname/.bash_history
<genii> And the timestamps will match
<Kamping_Kaiser> genii, as long as they use bash ;d
<genii> Kamping_Kaiser: True, that
<popcornPanic> last command show logins easier to read
<Kamping_Kaiser> iirc if they (eg) run screen not all commands are written on the fly to .b_h.
<genii> I sometimes use like: ps aux | grep $(w -h|cut -d" " -f1)                        to see what currently logged in users are running
<uvirtbot> New bug: #311864 in samba (main) "reports wrong version?" [Undecided,New] https://launchpad.net/bugs/311864
<ropetin> Evening all.  I know the answer to this is out on the Internet, but I can't think of the Google search to find it.  I have a server that is only accessible by ssh.  On the same local subnet as the ssh server I have another server I'd like to get access to the webserver on.  Is there a way for me to set up a tunnel to the webserver via the ssh server?
<Kamping_Kaiser> yes. why not simply ssh to it though?
<Kamping_Kaiser> or lynx
<ropetin> It's running active content that links2 just won't handle (so I presume lynx won't either)
<ropetin> It's a Windows server :)
<Kamping_Kaiser> ah.
<Kamping_Kaiser> well, check the man page for ssh
<ScottK> Put ssh on the windows server.  You can do it cygwin.
<backenfutter> every once in a while mysql-server pushes CPU and RAM usage to 100%, how would I go along and tweak that
<confuded> Problem: I have a bridge set up (not sure how it works), the computer connected to bridge recieves all ip's and gateways, but has no internet still :(
<confuded> anyone?
<incidence> ai sun kaa
<incidence> oho
<Deeps> hmm, i'm attempting to mount a samba share from a windows machine (ntfs disk) on a hardy server using cifs, would like all files that are created to have global rw perms, however mounting with option file_mode=0666 doesn't appear to be doing anything :/
<oxygen> hello
<oxygen> is there any everybody online ?
<balanceK> hello. when i login with ssh my server shows the motd twice, though the /etc/motd file contains the moth only once. The structure of the message looks like: motd\nNo mail\nLast login: ... \n motd. thx
 * Nafallo wonders why he sees this bug...
<Nafallo> nafallo@phoenix:~$ lsb_release -r && do-release-upgrade
<Nafallo> Release:	8.04
<Nafallo> Checking for a new ubuntu release
<Nafallo> No new release found
<Nafallo> ah! found it.
<Nafallo> it have a config file :-P
<axisys> what kind of card I need to feed my surveillance video data into my linux box?
<greenfly> axisys: depends on what kind of outputs your camera has. if it's composite video then you need one of those TV tuner-type cards
<greenfly> you can get them pretty cheap these days
<axisys> greenfly: well I am thinking of getting IP/wireless cameras.. any recom on that?
<greenfly> not really, I found some cheap ones at a local electronics store that just outputted composite video
<jtaji> axisys: I've researched these before and the Panasonics seem good http://www2.panasonic.com/consumer-electronics/shop/Computers-Networking/Network-Cameras/Network-Cameras.list.80002_11002_7000000000000005702
<jtaji> axisys: not requiring IE/activex, etc...
<uvirtbot> New bug: #311350 in samba (main) "Auto mount of windows shares doesn't work." [Undecided,Confirmed] https://launchpad.net/bugs/311350
<gewt> 0.o
<gewt> i egt I/O errors yet everything works fine...
<greenfly> gewt: sometimes that's a precursor to a drive failing. do you have smartd running?
<gewt> no, it was the install cd booting
<greenfly> gewt: ahh, that would have been useful information :)
<greenfly> I'd still scan the install CD for errors before you use it
<uvirtbot> New bug: #311957 in dhcp3 (main) "Please enable support for dummy interfaces" [Undecided,New] https://launchpad.net/bugs/311957
<uvirtbot> New bug: #311961 in samba (main) "8.10 system-config-printer lost SMB connection selection" [Undecided,New] https://launchpad.net/bugs/311961
<backenfutter> does anybody know how to solve this? vzquota : (error) Quota is not running for id 101
#ubuntu-server 2009-12-21
<jmarsden> I tend to disagree, but we'll test and find out...
<JanC> jmarsden: does it add a virtualhost automaticly, or what?
<JanC> (I hope not)
<JanC> or at least not enable it
<jmarsden> The default virtualhost exists "automatically".  phpmyadmin adds a glibal Alias for /phpmyadmin and some config info for the directory where it puts its files, including an AddType.
<jmarsden> I'll have a Hardy 8.04.3 server to test in about 2 more minutes... :)
<JanC> hm, cherokee uses some sort of "wizards" to configure webapps, that sound like a better approach to me (it's still dead-easy to set up something like phpmyadmin, django, drupal, etc., but nothing is set up by default)
<jmarsden> Feel free to create wishlist bugs in LP if you have a workable new approach...
<rootlinuxusr> sorry went to grab a sammich
<rootlinuxusr> per webmin, i have a default, and a virtual.
<jmarsden> Don't use webmin, it is unsupported in Ubuntu.
<jmarsden> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<rootlinuxusr> usermin? then?
<rootlinuxusr> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<jmarsden> Hmmm, I must have used the wrong ISo for my VM installm and got Ubuntu Desktop 8.04.3 instead of server... checking...
<rootlinuxusr> could that be the issue, that's it's desktop not server?
<jmarsden> No, it shoudn't make a difference to how Apache works.
<jmarsden> Although officially you shouldn't be asking for Xubuntu support in #ubuntu-server :)
<rootlinuxusr> didnt think so. i know i used a server install disk, but installed xubuntu cause this thing isn't very powerful. true. but i was referred here from #xubuntu >_>
<JanC> questions about apache are fine here, doesn't matter much which kernel you use (except for performance under high load and certain hardware support maybe)
<jmarsden> rootlinuxusr: OK, I just did a tasksel lamp install, added that phpingo.php file into /var/www/ and browsed to it, and it worked "out of the box".
<jmarsden> So somehow your apache has been configured differently to mine, I would suspect... what have you done to it?
<rootlinuxusr> okay. so abort, retry, fail i guess. should i completely reinstall or just completely remove everything and try that?
<jmarsden> rootlinuxusr: well, that's extreme... what did you change?
<rootlinuxusr> i downloaded phpmyadmin, and im assuming the error occured somewhere around here.. http://pastebin.com/d5498c8f0
<jmarsden> Um.  Why are you manually installing some unusual version of libapache2-mod-php5 ?
<rootlinuxusr> because it wasn't found in the apt archives, so i downloaded it from the debian site?
<jmarsden> Aargh.  so you don't really have a tasksel lamp-server install at all
<jmarsden> It might have been good to mention this earlier :)
<JanC> actually, that's apache 1.x ?
<jmarsden> I just installed things from the 8.04.3 CD and libapache2-mod-php5 most definitely installs just fine (by default as part of the tasksel process)
<JanC> "libapache-mod-php5" I mean
<jmarsden> JanC: Ah, yes, so it may have done nothing useful... but... in principle, this is now one very non-standard setup for no good reason.
<rootlinuxusr> so if libapache-mod-php5 refuses to be downloaded and installed for whatever reason, what should I do? get another disk?
<jmarsden> rootlinuxusr: You should apt-get purge all the apache2 related things you installed, then  sudo tasksel lamp-server
<jmarsden> And it will either find it in the archives, or we will help you debug that issue.
<JanC> jmarsden: I'd say all apache & apache2 related packages
<jmarsden> What you should not do is guess and grab random stuff from Debian and mix it in and hope!
<jmarsden> (and then not tell us you did that!)
<rootlinuxusr> well i thought that when i removed all the files from the website that suggests installing tasksel, that would have been removed; or for that matter Im not even entirely sure that it installed in the first place - so i ran the tasksel install method.
<rootlinuxusr> !lamp
<ubottu> LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<jmarsden> rootlinuxusr: The last command in your pastebin is most definitely not sudo tasksel install lamp-server
<jmarsden> So undo all the weord stuff and do that, and we'll take from there.
<jmarsden> *wierd
<rootlinuxusr> well that wasnt the last from history either, but that was the last related to installing anything related to lamp
<rootlinuxusr> per https://help.ubuntu.com/community/ApacheMySQLPHP  should i remove all of these? will that take care of things - https://help.ubuntu.com/community/ApacheMySQLPHP
<rootlinuxusr> err... apache2 apache2-mpm-prefork apache2-utils apache2.2-common libapache2-mod-php5 libapr1 libaprutil1 libdbd-mysql-perl libdbi-perl libmysqlclient15off libnet-daemon-perl libplrpc-perl libpq5 mysql-client-5.0 mysql-common mysql-server mysql-server-5.0 php5-common php5-mysql
<jmarsden> rootlinuxusr: Sounds reasonable, but purge them, not just remove, so their config info goes away too.
<uvirtbot> New bug: #498907 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.2 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/498907
<rootlinuxusr> http://pastebin.com/d77b75a2a that's the result. is that deb package gone/is my install clean now?
<jmarsden> Mostly... there is still a /etc/php5/apache2 directory apparently?  Can you manually get rid of that?
<jmarsden> Actually all of /etc/php5/ can go
<rootlinuxusr> gone.
<jmarsden> OK.  Now do  sudo tasksel install lamp-server     # and if you get any errors from it, pastebin them.
<rootlinuxusr> asked for pw, and had me retype - normal so far.
<jmarsden> Good.
<rootlinuxusr> exited with no prompt - back to terminal's prompt
<rootlinuxusr> running the echo command from earlier to test.
<rootlinuxusr> localhost/phpinfo.php still tries to download.
<jmarsden> How are you testing this?  From the server using w3m or lynx or what?
<rootlinuxusr> firefox.
<jmarsden> (I forgot you have a GUI on the "server" :)  Something is odd... cached result, I am guessing...
<rootlinuxusr> try rebooting and see if that helps?
<jmarsden> Stop apache2 and then run sudo htcacheclean -rv
<JanC> what do the apache logs say?
<rootlinuxusr> when i tried htcach...(copied and pasted) it brings up the man page for it.
<jmarsden> JanC: I have a feeling this is mod_disk_cache doing more caching than we want...
<jmarsden> rootlinuxusr: My fault, it needs the path to the cache... let me find it...
<JanC> why would that module be loaded anyway?  ;)
<JanC> (or used)
<jmarsden> JanC: I don't know, but I fixed this issue for someone before and I think (memory returning as we go here) it related to this.
<jmarsden> sudo htcacheclean -rv -p /var/cache/apache2/mod_disk_cache
<rootlinuxusr> same thing
<rootlinuxusr> http://pastebin.com/m45c286
<JanC> maybe remove the space between  -p and the URL?
<JanC> er, -p and teh path
<rootlinuxusr> same
<jmarsden> sudo htcacheclean -rv -p /var/cache/apache2/mod_disk_cache -l1
<jmarsden> (It requires the -l option apparently)
<rootlinuxusr> okay now that did something
<jmarsden> OK, now start apache and retest
<rootlinuxusr> stats size limit, total size, and total entries were all 0
<rootlinuxusr> ^_^ sweet.
<uvirtbot> rootlinuxusr: Error: "_^" is not a valid command.
<rootlinuxusr> parses fine, thanks. iunno what the issue was apart from my errant ideas as to downloading stuff.
<jmarsden> OK, we got it :)
<JanC> jmarsden: that sounds like a bug somewhere?
<jmarsden> JanC: Yes, and that's the second or third time I've helped someone with that now (this time I'm writing down what it was, for future reference!)...
<jmarsden> But I don't know how to trigger the bug (over aggressive use of mod_disk_cache)...
<jmarsden> It seems to happen if you do a "confused" apache2/php5 install the first time around, such that even fixing it later using apt-get purge won't clear the problem until you reset that cache.
<JanC> why is it used in the first place?
<jmarsden> Well, presumably it has performance benefits, why else use caching?  But I'm not really sure, it just "is", in Debian/Ubuntu apache2 installations, as far as I know.
<JanC> dynamic content should never be cached by default
<jmarsden> JanC: But the bad install meant it looked like static content (download the file not run it)... that's the whole problem :)
<twb> Presumably over-caching is caused by your applicatin using incorrect HTTP fields, e.g. ETag and Pragma-Cache
<JanC> twb: I doubt phpmyadmin has such obvious bugs after all those years?
<jmarsden> twb: Well, if it is affecting just a one line .php file, that seems unlikely...
<twb> JanC: I don't trust anything that has "php" or "my" in its name :-)
<rootlinuxusr> @twb is there something else i should be using?
<JanC> twb: I'm not a fan of "php" either, but still, I remember patching phpmyadmin in 2000, so it's been around long enough to get the obvious bugs fixed  ;)
<twb> Shrug.
<twb> rootlinuxusr: I encourage administration of databases via the CLI, just like the rest of the system.
<twb> On that basis that 1) sooner or later, you're gonna need to know how to do recovery via a CLI; and 2) exposing ssh alone is better than exposing ssh AND some web-based tool.
<twb> OTOH, IANADBA.
<jongbergs> hi, im on the process to configure a bind server..need some site that offers a step by step howto..thanks
<rootlinuxusr> ianadba?
<twb> I am not a DBA
<JanC> twb: for 2) the alternative is to port-forward the database to your desktop through an ssh tunnel & run whatever fancy GUI tools you want  ;)
<twb> JanC: true
<twb> And I'd prefer THAT over phpmyadmin, too.
<twb> ssh -fX db.debian.org oobase or whatever
<twb> Oh, sorry, like you say - mysql probably listens on ports as well as sockets by default
<JanC> yeah, I just forward the mysqld port if I want to do that (no X on my server)
<jmarsden> jongbergs: First, read the Ubuntu Server Guide, as the /topic here says... https://help.ubuntu.com/9.10/serverguide/C/dns.html has basic info on DNS setup.
<centaur5> I know there is another open source project besides unattended that will manage network installs of windows from Linux. Could anybody tell me the name of it?
<rootlinuxusr> well i totally would prefer to go CLI but im no programmer...and im just doing this to create a db with tables relating to my cards - with a hidden form to add/remove; and a form for viewing what i have so that when im at the card shop i know that i have/dont have the card...etc...or is there a OS project that already does this?
<twb> rootlinuxusr: for CCGs?
<rootlinuxusr> baseball preferably xD
<twb> Dunno
<JanC> you don't need to be a programmer to use the CLI
<rootlinuxusr> true. But its a different mindset than I can get a handle around - the for dummies book stumps me... >_>
<JanC> back when I started using computers all users had to use the CLI as for most of us there was nothing else (well, when I sterted to use DOS, Windows 2.x existed, but there were no applications for it, and & mac was way too expensive ;) )
<twb> There are a bunch of generic asset-tracking utilities, but I can't easily find one geared towards card collections
<jmarsden> JanC: Back when I started using computers they used punched cards and paper tape :)
<JanC> rootlinuxusr: as you have a GUI, why not use GUI tools anyway?  ;)
<JanC> jmarsden: just don't drop those punched cards before numbering them  ;)
<rootlinuxusr> well i have one team all converted to OO.O base, but I'd love to either convert that to mysql; or retype it into mysql for the speed.
<JanC> OOo Base can use MySQL
<rootlinuxusr> sure can, but with an already existing dbase? and how could i convert that web-based so i can view without having to pull out ssh on my phone - G1 rooted.
<JanC> it should be possible to use the same database for all that, but if you don't really want to keep OOo Base around, then just creating a web-based interface might be easier
<rootlinuxusr> i sense a great deal of googlin' ahead.
<JanC> âº
<twb> JanC: you draw a diagonal line across the top
<JanC> twb: ah, should work too indeed (a former teacher of me told me he dropped hours work of punched cards as a student once, which is what I was referrring too)
<JanC> not sure if afterwards he numbered them or used a diagonal line or whatever
<JanC> I heard that story 15 years ago, so don't remember all details
<twb> JanC: everyone drops cards sooner or later
<twb> A diagonal line is like journalling only your metadata -- it's not good enough, but it's fast and it's better than nothing :-)
<jongbergs> jmarsden: if i use ns1.example.com, should i change my dns server hostname to ns1?
<twb> Noooo
<twb> ns is a role, so you make a CNAME to the machine's real name.
 * twb waves around RFC1178-on-a-stick
<twb> (Also, renaming a host while it's in production can be a major pain in the arse, especially if it's running FDS and Domino.)
<jongbergs> twb: i followed the steps in https://help.ubuntu.com/8.10/serverguide/C/dns.html, but when i run  named-checkzone example.com /etc/bind/zones/example.com.db, i got this message zone example.com/IN: NS 'ns1.example.com' has no address records (A or AAAA)
<twb> jongbergs: that's saying that ns1.example.com doesn't resolve.
<jongbergs> twb: what could be wrong?
<twb> Personally I don't use bind as a caching DNS proxy -- I prefer the simplicity of dnsmasq.
<jongbergs> twb: i wanted to do some testing to host our school's domain name
<twb> jongbergs: oh, you want to host records for your own domain?
<twb> BTW, I notice you linked to the 8.10 document.  You probably want to run the latest LTS (8.04) or the latest non-LTS (9.10).
<henriquev> I've set up a Ubuntu instance on Amazon Ec2 and wanted to turn it off. How do I save an image of its current state? I googled and found nothing, but something that isn't useful for me because I don't have this instance in EBS yet
<Zelest> How can I delete/remove a guest that's been created using virt-install? .. I've tried virsh -c qemu:///system destroy <guest> .. but all it does is shutting it down more aggressively, it doesn't remove the actual guest system.
<Zelest> If anyone else wonders the same thing.. use "undefine" instead of "destroy" ;)
<rootlinuxusr> how do i find the host name?
<ScottK> Not very patient that one.
<X-M4-X> Hello
<X-M4-X> is there anything i can put in ufw to block IP's that send LOTS of packets to the server?
<bogeyd6> X-M4-X,  there is a script out there to do just that but the name escapes me
<jtaji> fail2ban, denyhosts?
<bogeyd6> it will cut off an IP that surpasses so many packets
<jtaji> or not, I don't think those work on just packets
<X-M4-X> I blocked the ping of death on port 7. installed denyhosts for brute force attacks upgraded my password with one to 100/100 strength
<X-M4-X> if an ip is rapidly sending packets to my server - it will ban the ip - which is the goal
<MTecknology> Dec 20 20:26:44 emplar kernel: [  342.020945] eth0: increased tx threshold, txcfg 0xd0f01010.  <-- Does this line mean anything to you guys?
<MTecknology> or is it pretty insignificant?
<sub> it looks informational. i wouldn't worry about it unless you're noticing problems with network performance
<MTecknology> ok, thanks
<twb> bogeyd6: -m recent!
<bogeyd6> ???????????/
<bogeyd6> ///
<twb> bogeyd6: instead of fail2ban
<bogeyd6> kk
<X-M4-X> aww
<twb> http://www.debian-administration.org/articles/187
<X-M4-X> something i did blocked connections to the server
<twb> -j TARPIT or -j CHAOS are good, too
<twb> But if you just want to block hosts that send lots of packets, -m limit is sufficient.
<twb> Oops, make that hashlimit.
<X-M4-X> looks like im gonna be reinstalling ubuntu server!
<twb> Hooray!
<X-M4-X> Oh thank you lord in heavan
<X-M4-X> OMFG I FEEL RETARDED!
<bgoldsmith>  newbie question regarding grub2 on karmic server RAID 1 array: if /dev/sdb fails, the system boots with the array in degraded mode. Even if grub-install is used to install grub to /dev/sdb, in case of /dev/sda failure, grub cannot bring up the array as it cant seem to find the root, so ... I found what I need to do on http://riseuplabs.org/grimoire/storage/software-raid/ ... however that is for legacy grub.
<bgoldsmith>  could someone please point me to the correct steps to follow for installing grub2 to /dev/sdb so that even if /dev/sda fails, the system still boots up
<bgoldsmith> installing grub to /dev/md0 does not work
<bgoldsmith>  anyone here with RAID 1 + grub 2 experience on karmic server ?
<twb> bgoldsmith: I last tested that configuration on Lenny, where it completely failed
<twb> #grub told me it was All Much Better NowTM
<twb> I've had more success with extlinux, though.
<bgoldsmith> ouch ... I have to deploy a RAID server in an enterprise environment in the next week, and I've recommended that we go with Ubuntu server
<ball> bgoldsmith: why did you recommend that?
<bgoldsmith> because - people here are familiar with ubuntu
<bgoldsmith> desktop
<bgoldsmith> and I won't be here as an admin for long (I
<bgoldsmith>  have the post of 'principal engg')
<ScottK> bgoldsmith: One way around this would be to install Jaunty and upgrade to Karmic (if you don't want Hardy), then you'll have legacy grub.
<bgoldsmith> hmmm
<bgoldsmith> I was thinking of doing that
<bgoldsmith> but for lack of time, I was wondering if there was a GRUB2+RAID1 howto somewhere google couldn't reach
<twb> Or just manually request legacy grub
<twb> bgoldsmith: it should be about the same as grub legacy + raid1
<ball> Fair enough.  I'm off to bed, anyway.
<bgoldsmith> the only thing that I need to be able to do is fool grub into believing that it is installing on (hd0) when it is installing on sdb.
<bgoldsmith> can grub legacy deal with the boot partition on LVM + RAID ?
<jongbergs> twb: i have successfuly configured bind9 i forgot to edit one of the A name section from ns to ns1
<twb> jongbergs: OK
<jongbergs> twb: thanks for your help
<jongbergs> twb: is there a default log for bind9?
<twb> jongbergs: buggered if I know
<twb> jongbergs: ask /var/log/
<bgoldsmith> making grub believe that it is installing on (hd0) when installing on /dev/sdb can be done with device (hd0) /dev/sdb and root (hd0,0)
<qman__> jongbergs, bind logs to /var/log/syslog IIRC
<qman__> a grep -R should find it
<bgoldsmith> what is the official way of doing that with grub2 ?
<X-M4-X> yay i fixed my server issue by doing ufw allow 80
<jongbergs> qman__: i mean for  bind9 log?
<qman__> jongbergs, so do i
<jongbergs> twb: seems that no log facility for bind9, i can't find it at /var/log
<qman__> it doesn't have its own log by default
<jongbergs> twb: any idea?
<jongbergs> qman__: i see..i'll try to check the ubuntu doc to find out..thanks
<qman__> jongbergs, I'm not sure what sort of logging you're after
<qman__> it logs all errors to either /var/log/syslog or /var/log/messages, can't remember which it is
<marks256> Say if i had a 16TB server for file storage. A few months from now I use up all 16TB of space, so i buy another server with 16TB of storage, so now i have 2 16tb servers. What system would i need to put in place so i can combine those to servers into a single 32tb storage space? Would it be a Cluster File System? LVM? what?
<qman__> marks256, anything like that would have to have been planned ahead of time
<qman__> I don't know how specifically to go about it but I know that much
<marks256> qman__, well of course. that's what i'm asking for. i need to know what infrastructure should be set in place
<baltadt> I set up a server and I can connect by remote desktop viewer but I can't see the windows when they open. Any ideas
<qman__> baltadt, you're going to have to be more specific than that, but by the looks of it, you're in the wrong support channel--this channel only supports ubuntu server edition, meaning no GUIs
<baltadt> i need help with remote desktop viewer any one here
<qman__> baltadt, remote desktop viewer is a GUI application and is not supported here--see #ubuntu instead
<bgoldsmith> marks256 - I was thinking about a drbd based SAN
<bgoldsmith> http://www.springerlink.com/content/n358433838h81458/
<bgoldsmith> on googling
<marks256> bgoldsmith, and what is that exaclty?
<baltadt> ok sorry
<seq> Hi all. I get dumped in my initramfs with an error about not finding my root device (on lvm). I appear to not have any /dev/md* devices (which contain /boot and my lvm pv). Anybody have any ideas on how to fix?
<bgoldsmith> marks256: sorry I
<bgoldsmith> am kinda occupied right now
<bgoldsmith> marks256 could you please google/wikipedia for SAN and DRBD ?
<marks256> bgoldsmith, i did. i'm not sure that's what i need?
<marks256> would the SAN be used with LVM then?
<X-M4-X> whats the best firewall to use?
<seq> Alright, so I think I figured it out. It appears the arrays were not in mdadm.conf. Apparently I can use the output from `mdadm --examine --scan`
<twb> X-M4-X: netfilter/iptables is the only real choice.
<uvirtbot> New bug: #498943 in ntp (main) "ntp-doc not current" [Undecided,New] https://launchpad.net/bugs/498943
<X-M4-X> well i dont care what i have to do, my server and clients will have the best security i can offer.
<X-M4-X>  
<seq> Adding my arrays to mdadm.conf and update-initramfs fixed it.
<cb1147> I have installed Ubuntu 9.10 alongside an existing Windows 7 installation, but I chose not to install Ubuntu's boot loader for various reasons.  When I power on my computer, Windows 7 loads, which is how I want it.  I want to manually boot the Ubuntu system from the installation disc.  Is this possible?  Are there options that I can specify in "Boot Options"?  Any information would be...
<cb1147> ...greatly appreciated.
<twb> You should've asked to install grub in the MBR
<twb> It would then have let you pick either OS, and you would only need to change which was the default
<cb1147> I am not the only user of the computer and I did not want the installation messing with the MBR.  Is it possible to boot it from the installation disc?
<twb> Yes, but it'll involve an awful lot of typing each time
<twb> Oh, not from an install DISC.
<twb> If you had an install KEY, then probably.
<twb> Well, it it was extlinux -- I suppose stock ubuntu install key media use syslinux, which won't be able to get the kernel and ramdisk from an ext /boot any more than isolinux would
<cb1147> I mostly installed it just to play around with it.  I last used Linux many years ago (around 1999) and I just wanted to see what all the Ubuntu hype is about.  I was also planning on introducing it to my girlfriend if it is user-friendly enough.
<cb1147> But, like I said, I didn't want it touching my MBR.
<ScottK> cb1147: The Ubuntu boot loader will let you select Windows to be your default boot.  Doing it the way you are trying too is just way hard.
<cb1147> Is it possible to set the timeout low enough for my girlfriend to not notice it, but still be able to select Ubuntu if I desire?
<ScottK> Yes
<twb> I usually set mine to three seconds
<twb> With extlinux, at least, you can set it to have NO delay, but to open the menu if the Scroll or Caps Lock is on, or if the Shift key is held down.
<twb> Kinda like the OF on the new world macs.
<MTecknology> I have this in my cron; @daily /usr/bin/sudo -u /usr/sbin/logcheck logcheck; I assume it runs 0 0 * * *; but at midnight; no email
<MTecknology> oh....... nevermind /me facepalms
<twb> @daily is documented in the crontab manpage
<twb> You also got sudo's args backwards
<twb> If I were you, I wouldn't give the full path -- instead customize PATH at the top of the crontab if you really must
<jmarsden> MTecknology: More to the point, why not just edit /etc/cron.d/logcheck instead of creating new (incorrect) cron entries by hand?
<MTecknology> jmarsden: I could do that too...
<alkisg> Hi, I've setup samba as a PDC with the default tdb as a user backend. I'm able to join the domain and logon using Windows clients, but I can't do it with Ubuntu clients. I've installed and configured (to the best of my ability) winbind, what else do I need? Do I need Kerberos?
<twb> logcheck already runs daily, doesn't it?
<twb> jmarsden: I assumed he was editing that file already :-)
<jmarsden> twb: Hourly plus at reboot, by default ...
<twb> Oh, I'm confusing it with logwatch
<jmarsden> alkisg: I'm not at expert on that, but take a look at the likewise-open5* packages
<twb> And here, for STUPID reasons logcheck is running every ten minutes :-/
<alkisg> jmarsden: thank you, /me looks...
<twb> How does ufw merge the .rules files?
<twb> It can't be just calling iptables-restore on each one in turn...
<twb> Oh, maybe it's using iptables-restore --noflush
<AlexC_> morning,
<AlexC_> regarding DKIM and multiple domains - I have many domains which use the mail server 'mail.example.com', so do I need to get DKIM to sign for 'mail.example.com' or 'client-domain.com'?
<twb> AlexC_: presumably you can work that out by attempting to validate a test email that comes out of it?
<twb> Bloody hell, do you reckon gufw has enough dependencies?
<twb> Through gksu, it manages to pull in udev and devicekit
<elliotjhug> Hi, quick question which google doesn't seem to provide a quick answer for. I'm getting an error when I try and start bind after an upgrade to Karmic, where do I find its logs? (or make it verbose?)
<twb> elliotjhug: for the latter you presumably want /etc/named/named.conf or something
<twb> (Just a guess)
<elliotjhug> twb, logs would be preferable to changing even more settings (since its likely a config error causing my trouble)
<ttx> mathiaz: apropos https://blueprints.launchpad.net/ubuntu/+spec/server-lucid-puppet-etckeeper-integration
<ttx> mathiaz: There are a few unrealistic expectations there
<ttx> "implement proper file permissions and ownership support in bzr" is quite complex
<ttx> "etckeeper: fix .bazaar/ owned as root bug" is also difficult
<ttx> "implement new features/commands" is doable, but if we want the feature to go back upstream, we'll need to do it in a VCS-agnostic way
<mathiaz> ttx: ok - for the 1st point, I gues this is taken care of by etckeeper
<ttx> mathiaz: hm, I'm not sure I follow you, then
<mathiaz> ttx: the current design solution we've discussed with puppet upstream is to use a pre/post commit hook
<mathiaz> ttx: where puppet would just call etckeeper before/after its run
<ttx> right
<mathiaz> ttx: the same as the apt integration is done
<mathiaz> ttx: etckeeper doesn't keep track of ownership/permissions ?
<ttx> mathiaz: ah, yes it does. Not in the best possible way, but it does
<ttx> (the best possible way being using a VCS that is natively aware of those)
<mathiaz> ttx: right
<ttx> when you said "implement proper file permissions and ownership support in bzr" I thought you meant patching bzr to natively support those
<mathiaz> ttx: AFAIK no VCS support taht
<mathiaz> ttx: correct
<ghostlines> i was having some input output errors with my hdd, now I can't even detect it as a device to partition it, is the hdd just dead now?
<ttx> mathiaz: that's what I found unrealistic, and not necessary to the completion of the spec
<mathiaz> ttx: probably - I was mainly recording the different points of the plan
<mathiaz> ttx: we should at least engaged with the bzr team to see what would be required to have ownership/permissions properly handled by bzr
<ttx> mathiaz: I engaged that discussion with them already
<ttx> mathiaz: they recommended to keep it out of bzr and implement it as a plugin that would integrate the .etckeeper metadata
<ttx> mathiaz: rather than a VCS-native implementation
<ttx> basically they don't see the need for native permissions/ownership support in the VCS, just to cater for a specific VCS use
<mathiaz> ttx: right - I guess that meta-data versioning is not that important
<ttx> mathiaz: the problem is, the non-native approach is bug-prone
<mathiaz> ttx: using a plugin would work - as long as relevant bzr commands handle permission/ownership correctly
<ttx> mathiaz: that's the thing, the plugin has to modify all those commands
<ttx> see comments on https://bugs.launchpad.net/ubuntu/+source/etckeeper/+bug/322327
<uvirtbot> Launchpad bug 322327 in etckeeper "Integrated permissions/ownership diff output for etckeeper/bzr" [Wishlist,Confirmed]
<ttx> and https://bugs.launchpad.net/ubuntu/+source/etckeeper/+bug/322339
<uvirtbot> Launchpad bug 322339 in etckeeper "Integrated permissions/ownership reset on file operations for etckeeper/bzr" [Wishlist,Confirmed]
<ttx> Diff is relatively easy
<ttx> since it's quite limited in scope
<ttx> but getting the permissions/ownership correct on all file operations...
<ttx> mathiaz: anyway, those are etckeeper usability improvements, not /necessary/ to have puppet integration
<mathiaz> ttx: right
<mathiaz> ttx: the specification covers both puppet and etckeeper
<ttx> the .bazaar issue is more pertinent
<ttx> mathiaz: maybe we should split it to have a realistic lucid target
<ttx> or it will just be deferred, methink
<mathiaz> ttx: agreed - the current whiteboard state is more of a dumping ground for high level tasks that need to be done
<ttx> on the etckeeper side I'd keep "in main" and ".bazaar"
<mathiaz> ttx: the actual plan and work items need to be refined
<ttx> mathiaz: I understand, it's just that we tried to review the status of the spec last Friday with jos
 * mathiaz nods
<ttx> to see if it was pertinent for alpha3+
<mathiaz> ttx: ok - so what I could do is to update the whiteboard with a reasonable list of work items for lucid
<mathiaz> ttx: but I'd rather not loose the other things
<ttx> agreed. You can has a "Future work" section in the whiteboard
<ttx> have, even
<mathiaz> ttx: the more high level/blue sky items (such has proper bzr integration)
<mathiaz> ttx: great - I'll update the whiteboard now
<ttx> cool, thx
<ttx> ah, the very fresh daily ISo now has an installable UEC 1.6.2
 * ttx rsyncs
<mathiaz> ttx: whiteboard updated - let me know if it seems a reasonable target for lucid now
<ttx> mathiaz: sure, looks ok for me
<knecht> hi there. i installed a new hardisc in ubuntu server 8.10, create a partition and mkfs.ext3 the new partition. Now i want to mount it via fstab, "blkid /dev/sda1" tell me the uuid, and i want to make an entry in fstab with this uuid, but there is no symlink in /dev/disk/by-uuid for that uuid. Do i need to restart a service? Or should i create it manually? Who creates this symlinks in /dev/disk/by-uuid?  THANKS
<knecht> I want to use uuid to mount a partition via fstab. Should the symlinks in /dev/by-uuid to /dev/sdXX created automaticly when i create/format a partition? Or do i need to create them manually? Cause my new partition is not listed there
<arj> did you mkfs.ext3?
<foolano> hi guys, is there any reason why dansguardian is not built with --enable-clamd in hardy security?
<uvirtbot> New bug: #499029 in eucalyptus (main) "[lucid] eucalyptus-nc upstart script fails to start" [High,Triaged] https://launchpad.net/bugs/499029
<knecht> arj: i do mkfs.ext3, but have no symlink in /dev/by-uuid
<zul> foolano: maybe because its in universe and probably synced from debian? :)
<ScottK> foolano: If it's not, it's a mistake. Please file a bug.
<ScottK> zul: No, both Debian and Ubuntu use clamav.
<ScottK> cemc: ^^^ Could you have a look?
<foolano> IIRC, dansguardian in karmic is built with enable-clamd
<khaladu_kj> what will be the best way to virtualize many physical machine into one?
<cemc> foolano: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533024. as far as i can tell, it was disabled, then re-enabled in dansguardian 2.10 ?
<uvirtbot> Debian bug 533024 in dansguardian "dansguardian: no clamd support" [Important,Fixed]
<ScottK> cemc: We should look into making sure we have it enabled.
<cemc> ScottK: alright. There is clamav support, just not clamd
<ScottK> Ah, I see.
<ScottK> cemc: I'd check hardy-backports and make sure it's enabled there.
<cemc> but I guess we synced that one from debian and it got disabled there
<cemc> nope, it isn't in backports either
<ScottK> We're going to do backports -> security soon, so no point in fixing it security if it's OK in backports
<ScottK> Probably more than just Hardy then
<cemc> ScottK: in backports it's the same package than in security only with some libclamav6 transition stuff
<ScottK> OK.
<cemc> in 2.10 however in Karmic it IS enabled
<ScottK> We should update the backports to match that then.
<a_ok> when I do apt-get install apache2; It installes the mpm-worker. how do I change it to prefork?
<mathiaz> a_ok: try apt-get install apache2-mpm-prefork
<a_ok> mathiaz: rest are deps of course... why didn't I think of that?
<a_ok> thanks
<mathiaz> ttx: hi
<ttx> mathiaz: o/ again
<mathiaz> ttx: I've updated https://wiki.ubuntu.com/ServerLucidCloudConfig with a sample config.yaml file
<mathiaz> ttx: I'd like to get request on the proposal
<ttx> request ?
<mathiaz> ttx: should I send to ubuntu-ec2@? or is there another mailing for that?
<mathiaz> ttx: I'd like to get feedback on the proposal
<ttx> ah
<ttx> mathiaz: I'm not up to date on cloud lists
<mathiaz> ttx: to which mailing list should I send the request for feedback
<mathiaz> ttx: ok
<mathiaz> ttx: I'll email the world then
<ttx> mathiaz: just a sec
<ttx> mathiaz: smoser is working today
<ttx> mathiaz: he should know
<mathiaz> ttx: right
<mathiaz> ttx: I'll track him down
<smoser> hello all
<smoser> kirkland`, ping, bug 498174 . do we still really need to create static dev entries ?
<uvirtbot> Launchpad bug 498174 in eucalyptus "Maximum number of 8 loopback devices low for SC" [High,Fix released] https://launchpad.net/bugs/498174
<mathiaz> smoser: hm - here you are!
<smoser> uhoh
<mathiaz> smoser: I've updated https://wiki.ubuntu.com/ServerLucidCloudConfig with a sample config.yaml file
<mathiaz> smoser: I'd like to get feedback on the proposal
<mathiaz> smoser: to which mailing list should I send the request for feedback?
<mathiaz> smoser: ubuntu-server@? ubuntu-cloud? ubuntu-ec2?
<smoser> what does | do ?
<mathiaz> smoser: http://en.wikipedia.org/wiki/YAML#Block_literals
<ttx> mathiaz: question for you
<ttx> http://bazaar.launchpad.net/~ubuntu-core-dev/eucalyptus/ubuntu/annotate/760/debian/eucalyptus-common.postinst
<mathiaz> smoser: newlines are preserved
<smoser> mathiaz, sure, you can send to those lists. i think that makes sense.
<ttx> apparently the "chmod 04754 /usr/lib/eucalyptus/euca_rootwrap" never gets run on a UEC fresh install
<ttx> what should be $2 in that case ?
<mathiaz> ttx: new install $2 = ""
<ttx> so why oh why
<mathiaz> ttx: is the rest of the code under if [ -z "$2" ]; then fi run?
<mathiaz> ttx: it may be an issue with if ! dpkg-statoverride --list /usr/lib/eucalyptus/euca_rootwrap; then
<ttx> mathiaz: I'm not sure
<ttx> there isn't any dpkg-override in the fresh install
<mathiaz> ttx: right - dpkg-statoverride may be buggy - or the call has changed
<ttx> looks like everything else is alright, but maybe it gets picked up by some other pre-flight check
<ttx> returns the right thing for me
 * ttx enters deep testing mode
<mathiaz> ttx: is something else changing the permission on euca_rootwrap (init script)?
<ttx> mathiaz: I like that idea, but no, not that I can find
 * mathiaz grabs some lunch in the meantime
<smoser> mathiaz, i dont think {{{ are required, are they ?
<smoser> mathiaz, where are you (physically?  lunch? its 9:23 eastern)
<a_ok> can someone help me fix rubygems?
<a_ok> gem install rake gives me a not found error... I find that rather hard to beleave
<StrangeCharm> i'm subscribed to a bug [#454898] in karmic. recently, i got an email saying that the bug's status has changed from 'in progress' to 'fix comitted'. if i download the karmic iso today, will the bug be fixed in that copy?
<cyphermox> StrangeCharm, "fix committed" doesn't mean that it's fixed in an iso or in updates, just that the fix is in a branch or otherwise "ready" to be published
<StrangeCharm> cyphermox, how can i build an iso with the fix in it?
<mathiaz> smoser: I'm in France for christmas
<mathiaz> smoser: so it was 3:23 PM when you asked me.
<mathiaz> smoser: {{{ is part of the wiki markup
<mathiaz> smoser: so no - they're not required
<smoser> oh. thanks. sorry for being dense.
<smoser> duh, smoser
<smoser> (i saw that in the wiki change notification)
<cyphermox> StrangeCharm, you'd have to build one from scratch and include the package from karmic-proposed, afaict; but I'm not sure how you actually remaster an iso -- you can check on https://help.ubuntu.com/community/LiveCDCustomization
<cyphermox> StrangeCharm, it would probably be easier to just make the system boot and update it afterwards...
<StrangeCharm> cyphermox, can't boot the system. the bug is in cryptsetup, preventing the system from booting
<cyphermox> StrangeCharm, there is a workaround described though, do they work for you?
<StrangeCharm> though, someone in #ubuntu told me that it might be possible to remaster the risk
<StrangeCharm> *disk
<cyphermox> yes
<StrangeCharm> i don't recall the workaround. if there was one described in the bug, then i must have concluded that either a) i couldn't implement it, or b) it was not applicable to my situation
<StrangeCharm> cyphermox, ^
<StrangeCharm> though, the livecd might not work for me: i use the server installer disk.
<cyphermox> StrangeCharm, which partition doesn't mount?
<Storm3y> !help
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<StrangeCharm> cyphermox, each partition starting from the thrid. that is: /boot mounts. / mounts. then other disks that contain lvms with subsidiaries of / (like /etc, /var, and /tmp) don't get mounted: another process interrupts the second request for passphrase input
<Storm3y> !op hi
<Thomi> Hi, I'm trying to add a partition to a degraded RAID10 array using mdadm. I'm running "mdadm /dev/md0 --add /dev/sdb3" and it gives the error "/dev/sdb3 not large enough to join array" - but it *is* large enough - it's exactly the same partition layout (and disk model) as the other 3 disks in the array. Am I missing something?
<cyphermox> StrangeCharm, could you get to recovery mode?
<StrangeCharm> yes, absolutely
<cyphermox> ok, from there I guess you still can't manually mount the partitions?
<StrangeCharm> i can
<cyphermox> ok
<StrangeCharm> but i don't want to have to
<cyphermox> all of them?
<StrangeCharm> i can mount all of the disks that i setup in the installer, and boot the system ok from there, and that's how it's running right now
<cyphermox> what I'm getting at is you could mount them, then update cryptsetup, reboot, and see if the updated packages fixes the problem.
<ttx> haha
<ttx> mathiaz: I solved my mystery
<mathiaz> ttx: does this involve some smelly cheeses and wine?
<ttx> nah -- chown root:eucalyptus /usr/lib/eucalyptus/euca_rootwrap clears the setuid
<StrangeCharm> cyphermox, you're right, i probably could. i was hoping for a solution that would allow me to make a clean install, without any faffing about
<ttx> it's run just after
<ttx> question is, how could it work before
<cyphermox> StrangeCharm, it's slightly more work, but I would probably do that before remastering the ISO. at least to be sure that the fix really does correct the issue for you
<ttx> ah, was done through dpkg-statoverride
<StrangeCharm> well, the computer hasn't need a reboot since i installed 9.10, so maybe i should just wait until 10.4lts, where the issue should certainly be fixed
<cyphermox> StrangeCharm, according to the bug report the cryptsetup package in lucid does have the fix already
<cyphermox> however, in my experience, it's best not to rely on hoping a system doesn't need rebooting :)
<StrangeCharm> the alpha/beta for lucid?
<cyphermox> yes
<StrangeCharm> well, it's so infrequent, i'm happy to do it by hand on those occasions, until i can make a clean system that i know will work
<a_ok> I have backports enabled but from one package I want to install the original version how do I do that?
<genii> a_ok: sudo apt-get install packagename=specific-version          also check out pinning versions
<a_ok> genii: thanks
<genii> a_ok: "specific-version" is the version number as like seen in the result of an apt-cache policy packagename      command
<uvirtbot> New bug: #499048 in eucalyptus (main) "[lucid] euca_rootwrap is not installed setuid" [High,In progress] https://launchpad.net/bugs/499048
<a_ok> genii: well it's more the result of if one version does not work than perhaps the other. seems the only solution is stay away from apt and build from source
<genii> a_ok: I'd suggest using the: sudo apt-get install packagename=specific-version   way, then whichever works, pin it
<genii> !pinning
<ubottu> pinning is an advanced feature that APT can use to prefer particular packages over others. See https://help.ubuntu.com/community/PinningHowto
<a_ok> genii: none work. but thanks for the info on versions and pinning though. will use that in the future
<mathiaz> smoser: about server-lucid-ec2-config
<mathiaz> smoser: how about using upstart jobs instead of writing a complete plugin system (where we'll have handle dependencies anyway)?
<mathiaz> smoser: for example, for the sample configuration file I've created
<mathiaz> smoser: there would be two upstart jobs: one that configures all the apt configuration using data from config.yaml
<mathiaz> smoser: and another upstart job to install package once the apt configuration has been done
<mathiaz> smoser: extending the syntax is just a matter of writing an upstart job
<smoser> regarding dependencies. i dont think you necissarily have to deal with them.
<mathiaz> smoser: and sticking it into the right position in the boot process
<smoser> well,  maybe you do. boot hooks processes in order received.
<mathiaz> smoser: well - in my example the package installation needs to be run *after* apt repositories are setup
<smoser> so whatever generated that user data woul dhave to deal with dependencies.
<smoser> i agree that writing upstart jobs is a good way to make sure that things run at the right time.
<smoser> but how are yo ugoing to read that config file and write the upstart jobs?
<mathiaz> smoser: and you can plug them at any point during the boot process
<mathiaz> smoser: I thought that the boot hooks would do a dump of the user-data file
<mathiaz> smoser: or rather of 169.XXX
<smoser> the thing that reads the config file and writes the upstart job stilli needs to be done, and has to have logic for how to handle eahc of those config stanzas, right ? unless i'm missing something.
<mathiaz> smoser: which should contain the user data *date*
<mathiaz> smoser: well - the syntax is YAML
<smoser> the input to the "config" is a config section like you showed
<smoser> boot hooks would take care to feed that config to *some* program
<mathiaz> smoser: how about the following workflow:
<mathiaz> smoser: 1. boot hooks put the user-data yaml file somewhere (ex : /etc/instance_config/config.yaml)
<mathiaz> smoser: 2. apt_setup upstart job runs
<mathiaz> smoser: and parses the the config.yaml fie
<mathiaz> smoser: so we need to write an upstart job that does the right thing with config.yaml
<mathiaz> smoser: boot hooks don't call anything - we rely on upstart to do that
<mathiaz> smoser: it could generate an upstart event
<mathiaz> smoser: the point here is to leverage upstart dependency solver
<mathiaz> smoser: and one can hook anywhere into the boot process
<mathiaz> smoser: so upstart jobs would have to be written to support existing configuration data in config.yaml (like a apt conf upstart job, a package install upstart job)
<smoser> i'm not opposed to the above.
<mathiaz> smoser: but there is no need to write a framework that handles plugins and calls them accordingly.
<mathiaz> smoser: it seems to be the easiest way to implement what we want to me.
<smoser> then to insert a handler ("plugin") boothooks would need to be able to wirte an upstart job, and that upstart job would just read the config from some locaiton.
<smoser> what i dislike of the above is static entries in /etc/init that do nothing
<smoser> unless i'm  missing something
<mathiaz> smoser: how about a handler boothooks that just reads the user-data option and dumps it somewhere?
<mathiaz> smoser: well - you're right. there would be upstart jobs in /etc/init/ that would not be used if there wasn't any config user-data
<smoser> i'm ok with boothooks writing user data to a well known location
<mathiaz> smoser: right - and then all of other upstart jobs could check wether there is a config.yaml file in the user data
<mathiaz> smoser: if not, they don't do anything
<smoser> so, there would be a a .conf file in /etc/init for each "type" of supported config
<mathiaz> smoser: yes - there would be an /etc/init/apt_conf.conf
<smoser> so if you support 75 different config sections, you've got 75 different files in init
<mathiaz> smoser: and /etc/init/packages_install.conf
<smoser> wait
<smoser> i *think* that upstart will read /etc/init/*/.conf (recursively find .conf files in /etc/init)
<mathiaz> smoser: there isn't a 1:1 mapping between section in the config.yaml file and plugins (ie /etc/init/*conf)
<smoser> thats my ony real issue in the above, is a bunch of jobs sitting there doing nothing
<mathiaz> smoser: upstart jobs are free to use whathever part of the configuration files they find useful.
<smoser> no, there isn't a 1:1, i understand that, but whatever have, where you would want to break them up
<smoser> then 1 per *that*
<smoser> which could be lots
<mathiaz> smoser: agreed.
<mathiaz> smoser: another goal of the spec is to *only* support common operation
<mathiaz> smoser: and to help bootstrap an instance into an existing configuration management infrastructure
<mathiaz> smoser: I'm not convinced we would end up with lots of additional upstart jobs
<smoser> fair
<smoser> i'd like to request that upstart jobs at least go into /etc/init/<insert-name>/*.conf. and we should verify the costs of inactive static jobs .
<smoser> my guess is it is small, but at very least for any task that checks for existance of a file (user data) you're goign to spawn a subprocess.
<smoser> i think we're probably not that anal about boot at this point, but it is wasteful
<mathiaz> smoser: right.
<mathiaz> smoser: we could an upstart event to say whether there is a config.yaml file available in user data
<mathiaz> smoser: that way all relevant upstart jobs could depend on a user-data-config upstart event.
<mathiaz> smoser: we could *user* an upstart event
<smoser> true. start on (ec2-config-yaml and whatever else)
<smoser> right. and have boothooks emit that
<smoser> i do like that  mathiaz
<smoser> mathiaz, how do you want to handle multiple configs
<smoser> you want htem all in one file then?
<smoser> my plan was to call the configurator each time there was a 'part' that was a config section
<mathiaz> smoser: what do you mean by multiple configs?
<smoser> user data is multi-part
<mathiaz> smoser: right - so the config.yaml would be a mime part
<smoser> there could be multiple parts that are config type
<mathiaz> smoser: ok - just concatenate them
<mathiaz> smoser: IIRC you can cat multiple yaml file
<mathiaz> smoser: and it will be a valid yaml document
<smoser> yeah. thats fine.
<mathiaz> smoser: could we skip the mimepart document and stick a config.yaml directly in user-data?
<mathiaz> smoser: the same way as scripts are handle for now
<mathiaz> smoser: that way one could actually do things like: --user-data "packages:\n - puppet"
<mathiaz> smoser: or --user-data "packages: [puppet, postfix ]"
<smoser> mathiaz, yes, thats the goal
<smoser> user data is one of 4 types
<smoser> a.) #! script -- its run at S99
<smoser> b.) parseable yaml.conf possibly passing some other test to make sure that we dont mis-fire
<smoser> c.) mime-multipart message
<smoser> d.) unknown - do nothing
<smoser> make sense?
<mathiaz> smoser: yes!
<smoser> thats why its important that the config be human typeable
<mathiaz> smoser: right - I've looked at YAML and came up with the config file I've published
<mathiaz> smoser: I've also looked into ini syntax - but it would require some tricks to be able to express the kind of structure I've put in the example
<mathiaz> smoser: YAML seems very natural for that task IMO
<ScottK> Human readability is a major design goal for YAML.
<mathiaz> smoser: how about using user-data-yaml-config as the upstart event that the boothook would fire?
<mathiaz> smoser: and that other upstart jobs (like apt_conf) would depend on (start on user-data-yaml-config)?
<smoser> right
<smoser> that is fine for a name, mathiaz
<smoser> one other thing i'd like to add  to it
<smoser> is that on first boot boothooks will emit user-data-yaml-config-firstboot
<mathiaz> smoser: hm - I though we would only cover firstboot
<smoser> well, how would you *not* fire every time then?
<mathiaz> smoser: apt configuration, package installation
<mathiaz> smoser: landscape registration, puppet registration
<smoser> generic
<mathiaz> smoser: you'd wanna do that only on first boot
<mathiaz> smoser: not every time the instance reboots
<smoser> it is quote possilbe that something wants to run based on that config every time
<mathiaz> smoser: right - one use case I haven't factored in is ebs
<smoser> in ec2-init, in karmic, there are two types of "how often to run"
<smoser> "once ever"
<smoser> and
<smoser> well, actually 3
<smoser> a.) once-ever
<smoser> b.) once-per-ami
<mathiaz> smoser: that being said we could just emit an upstart event on first boot as wel
<smoser> c.) maybe only 2
<smoser> mathiaz, yes. but it is possible that some config thing would *want* to run every boot
<mathiaz> smoser: and then package_install would start on first-boot and user-data-yaml-config
<smoser> so i'd fire 2 events
<smoser> right
<smoser> and there is also a 'once-ever' event
<mathiaz> smoser: the user data doesn't change between reboots?
<smoser> it does not change between reboots
<smoser> i'll tryo to give an example
<smoser> (and try to type)
<smoser> a.) once-ever
<smoser>  right now, localization (setting of default-locale) and apt mirror is only run once ever. ie, on the first boot. after a rebundle it will not run again.
<smoser> b.) once-per-ami
<smoser>  generate of ssh keys is done once per instance, which in ec2 turns out to be "first boot" because for any given thing that can read that filesystem first boot == instance
<smoser> c.) it doesn't seem at all unreasonable to me that someone wants to writei a plugin that ccan parse user-data config syntax but wants it to run every boot
<smoser>  maybe "call-home-on-boot: http://foo.bar.com/wark/?id=akdkdhjdyek"
 * mathiaz nods
<smoser> mathiaz, i like the upstart jobs. thank you for that idea.
<mathiaz> smoser: for the last use case, wouldn't it make sense to leverage config.yaml?
<mathiaz> smoser: in the sense that one would write an call-home-one-boot upstart job
<mathiaz> smoser: and then start an instance with --user-data "call-home-on-boot: http://foo.bar.com/wark/?id=akdkdhjdyek" ?
<smoser> yes. absolutely.
<smoser> they would
<smoser> or i would want them to
<smoser> but that would then have:
<smoser> start on (local-filesystems and  user-data-yaml-config and  user-data-yaml-config-boot)
<smoser> or what not. ie, some way that it can be called on *every* boot, but the other (apt config and such) run only on first
<mathiaz> smoser: right.
<mathiaz> smoser: I wouldn't call it user-data-yaml-config-boot - first-boot or something shorter
<mathiaz> smoser: it's not really related to user-data-yaml-conig
<smoser> this is true. good point.
<mathiaz> smoser: more related to the instance booting itself.
 * smoser gives mathiaz a high five.  thank you for makign this better.
<mathiaz> smoser: that means you'd have 3 upstart event: first-boot-ever, first-boot, reboot
<mathiaz> smoser: and may be prefix them with cloud-
<mathiaz> smoser: and I don't think you need to have cloud-reboot
<mathiaz> smoser: as jobs using that event would just ... well ... run at every boot
<mathiaz> smoser: which is the default case for upstart jobs
<mathiaz> smoser: I'd suggest to rename user-data-yaml-config to cloud-yaml-config - to make it a little bit more generic
<mathiaz> smoser: and the last bit for the server-lucid-ec2-config spec would be to settle on a local filename
<mathiaz> smoser: where the config.yaml would be stored
<smoser> mathiaz, s/cloud-yaml-config/cloud-config-yaml/ ?
<ttx> smoser: the non-double64-challenged eucalyptus landed in karmic-updates, yay
<mathiaz> smoser: hm - I wonder if we really need the yaml part
<mathiaz> smoser: cloud-config
<ttx> non-double-base64-challenged, to be more exact
<smoser> first mover claims main namespace, i'm good with that
<smoser> mathiaz, regarding location, right now things are ec2
<mathiaz> smoser: the question is what happens if we away from YAML later?
<smoser> so /var/lib/ec2 is where it woudl "fit"
<smoser> err... but i think  maye this is more run-time, so i think
<mathiaz> smoser: right - considering that we're running on UEC (and potentially other clouds) I'd move way from ec2
<mathiaz> smoser: that's I why I suggest cloud
<smoser> /var/run/<something>/ec2/config.yaml
<mathiaz> smoser: as the prefix
<smoser> i agree with the cloud name
<mathiaz> /var/run/cloud/config.yaml
<smoser> err, s/ec2///
<smoser> i like that.
<mathiaz> smoser: is there any reasons to specify that you're running on EC2 rather than UEC?
<smoser> not for this, no.
<smoser> but it is quite reasonable that a job would  need to know that.
<smoser> so it will be availble to jobs
<mathiaz> smoser: agreed.
<mathiaz> smoser: if we provide /var/run/cloud/config.yaml as the standard location for instance configuration - how easy is it to support other Clouds?
<mathiaz> smoser: IIRC the rackspace cloud doesn't use the user-data option
<smoser> they do have per-instance data (i believe)
<mathiaz> smoser: my point here is to try to make config.yaml cloud agnostic so that we don't have to rewrite the upstart jobs
<mathiaz> smoser: right - the mechanism for making it available is different than in EC2/UEC though.
<smoser> and if the end user has the abillity to insert customized per-instance data, then we're good. it is boot hooks job to copy config-yaml instance data to that location
<mathiaz> smoser: right
<smoser> i agreed with your point up there. yes.
<smoser> one thing....i kind of dont like...
<mathiaz> smoser: ok - to summarize: boothooks will provide a cloud config.yaml and then emit an upstart even cloud-config with CFGFILE=/path/to/config.yaml
<mathiaz> smoser: and -ec2-config upstart jobs will start on cloud-config and use CFGFILE to get the configuration file
<smoser> it need to be fixed in upstart.
<smoser> to insert a config handler into an existing instance, the user will then:
<smoser> a.) provide config data
<smoser> b.) provide a mime-part that is recognized by boothooks as a "config handler" and boothooks will then put it into /etc/init/cloud/ with a given nanme
<smoser> the thing that stinks is
<smoser> mathiaz, yes.
<smoser> now, continuing above.
<smoser> the thing that stinks about a and b above is that if they wish to write their config handler in any thing othe rthan posix shell , then they have to
<TeTeT> ttx: will your recent changes in auto detecting the cloud controller make it to tomorrow's image?
<make> i need to set RAID0 in ubuntu server 910.help me.thanks
<smoser> c.) provide a mime-part that is stored in a file and exectued from b.)
<smoser> because 'script' can only posix sh
<ttx> TeTeT: yes it should
<ttx> We should have an intermediary build before that, though
<ttx> TeTeT: the workaround is quite easy, if you need to get passed that
<mathiaz> smoser: right.
<mathiaz> smoser: at least there is a workaround for now
<mathiaz> smoser: and boothooks could probably automatically generate the script part for the upstart job
<mathiaz> smoser: so that the end user would have to generate two mime-parts:
<mathiaz> smoser: 1. an upstart job with the correct dependency line
<mathiaz> smoser: 2. the actuall handler
<ttx> TeTeT: just replace "avahi-publish -s $CLOUD_IP_ADDR" by "avahi-publish -s CLC" in /etc/init/eucalyptus-cloud-publication.conf
<ttx> that will avoid the conflict and let the announce succeed
<ttx> (then sudo stop eucalyptus / sudo start eucalyptus)
<mathiaz> smoser: then the boothook would actually copy the 2nd part to a known place and add the necessary script section to the upstart job
<smoser> well, yeah, but there may be other 'start on' pieces and such
<smoser> its not that bad.
<TeTeT> ttx: thanks! giving the ip address during the install worked fine for me as a work around. Want to test the split of CLC and CC later this week again. didn't work for me last Thursday/
<smoser> heres how you can do it in a #!/bin/sh -e 'script' section
<ttx> TeTeT: at that point I only test the "old world"
<smoser> mathiaz, http://paste.ubuntu.com/344173/
<mathiaz> smoser: right
<mathiaz> smoser: so you could generalize that to: exec /path/to/new/handler
<smoser> :)
<mathiaz> smoser: that would require to have a well-formed script
<mathiaz> smoser: which is reasonable IMO
<TeTeT> ttx: ok, I volunteer to try the new stuff ;)
<ttx> TeTeT: I have yet to look at /what/ the installer is supposed to do
<ttx> TeTeT: like, only sync the keys, or download a preseed
<ttx> and in the latter case, what's in that preseed :)
<ttx> but at this point I'm trying to /not break/ the classic topology
<ttx> ...when introducing the crazy sauce.
<ttx> TeTeT: given that 1.6.2 was pretty broken, I'm busy making it work too :)
<smoser> a well formed sscript, mathiaz ?
<smoser> what?
<mathiaz> smoser: hm - nevermind
<mathiaz> smoser: I've updated https://wiki.ubuntu.com/ServerLucidCloudConfig with what we've discussed above
<smoser> thanks mathiaz
<n1md4> Hello, I'd like to test UEC (see my post  http://ubuntuforums.org/showpost.php?p=8520901&postcount=9), but got stuck on the automated install.  At this stage, can anyone assist, or am I inclined to work through the problem myself.
<xtjacob> I'm currently configuring a DNS server for my server. The guide i'm following tells me to replace ns1 with the DNS server name. Is that the DNS for my ISP or for my server.
<guntbert> xtjacob: configuration of DNS is nothing a beginner should do (except strictly for the local net - for testing purposes only)
<xtjacob> then is there anyway i can get my website with a hostname without paying or using a free online service?
<X-M4-X> anyone know the command for extracting a rar file unrar is installed already
<guntbert> xtjacob: for your own testing or for general availabilty?
<kees> ls
<kees> hah
 * kees tries again...
<guntbert> X-M4-X: did you look at man rar?
<xtjacob> general availability
<X-M4-X> what is that
<kees> is update-notifier-common installed by default on server installs?
<X-M4-X> oh nvm - no i did not
<xtjacob> guntbert: general availability
<guntbert> !info update-notifier-common
<ubottu> update-notifier-common (source: update-notifier): Files shared between update-notifier and adept. In component main, is optional. Version 0.90 (karmic), package size 22 kB, installed size 312 kB
<guntbert> xtjacob: then you will have to register a domain anyway
<xtjacob> gunbert: is there any way to do this for free?
<uvirtbot> New bug: #499128 in samba (main) "package samba 2:3.4.0-3ubuntu5.1 failed to install/upgrade: subprocess installed post-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/499128
<guntbert> xtjacob: yes, several, for instance with no-ip.com or with dydns.org - though they have different targets - but google for "free domain"
<uvirtbot> New bug: #499142 in samba (main) "Dependencies of smbclient remove kubuntu-desktop and prevent its reinstallation" [Undecided,New] https://launchpad.net/bugs/499142
<X-M4-X> i wish i knew who told me to get cpanel on my server - ubuntu isnt a supported OS
<xtjacob> this may seem like a dumb question, but what do i type in to FTP into my server? I keep getting connection refused
<arj> did you install an ftp server?
<xtjacob> i think so how can i tell?
<arj> dpkg -l|grep ftp
<arj> and what does netstat -anp|grep :21 say
<xtjacob> dpkg -l|grep ftp says ii ftp 0.17-19 The FTP client, and netstat -anp|grep :21 says (No info could be read for "-p":geteuid()=100 but you should be root)
<arj> sudo netstat -anp|grep :21
<arj> but it looks like you dont have an ftp server install
<xtjacob> nothing came up
<arj> apt-get install proftpd/pure-ftpd/vsftpd
<arj> one of those
<xtjacob> then do i log in with my username?
<xtjacob> ok it worked thanks
<xtjacob> also how do i figure out the external IP for my server?
<pipedream> ifconfig
<xtjacob> which ip do i look at?
<MTecknology> Any ideas how I can have my backup server pull backups from a windows system?
<MTecknology> I'd prefer not using samba..
<MTecknology> I also need to figure out how to have the windows system sent its logs to the logging server
<simplexio> MTecknology: i thinkk rsync has cient for win, also possible solutions re ftp server or sftp
<genii> MTecknology: I haven't done this for a while now since I don't use Win boxes much anymore. But you can install rsync onto Win boxes using cygwin
<MTecknology> I'll try that out
<MTecknology> thanks
<MTecknology> any ideas about having it send logs to another system?
<MTecknology> brb
<frojnd> I'm grying to build libtorrent
<frojnd> but when I do ./configure I get an error: checking for OPENSSL... configure: error: Package requirements (openssl) were not met:
<frojnd> but i Do have installed openssl
<xperia> hello to all. anybody here that have knoweledge and experience with postfix ?
<andol> !ask | xperia
<ubottu> xperia: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<lamont> frojnd: apt-get build-dep libtorrent
<lamont> or whatever the source package for libtorrent is
<lamont> frojnd: you probably are lacking (at least) libssl-dev
<binhtran> Hello
<frojnd> lamont: how do you know libssl-dev is the one that is lacking? :( I never build before myself I don't really understand what packages is missing
<lamont> frojnd: because that's where openssl delivers its development files
<binhtran> Can someone help me with an issue I'm having?
<frojnd> lamont: ok
<lamont> frojnd: apt-get build-dep $package will install the build-deps for that package
<lamont> binhtran: without knowing the issue, how can we possibly answer that?
<lamont> (don't ask to ask a question, just ask)
<binhtran> i have my server running, and I put it in my router's DMZ for a while to see if I could get outside access, and now all my links reroute to cheapnames.net
<xperia> okay. i need to teach postfix to send mails with smtpauths. i have changed allready the relayhost setting from "relayhost = [mail.myisp.com]" Port 25 that worked till yet great to "relayhost = [smtpauths.myisp.com]" Port 465.
<xperia> For some reason however postfix still send the email to port 25 and not 465. anybody a solution ?
<lamont> sounds like you have dns issues
<frojnd> lamont: and now I typed make and I got an error: ../../../libtool: line 1210: libtool: compile: cannot determine name of library object from `': command not found
<frojnd> make[4]: *** [block.lo] Error 1
<frojnd> and so on
<lamont> frojnd: debuild -b
<lamont> unless you're trying to package unpackaged source
<binhtran> wait, what?
<lamont> frojnd: see also debian/rules (which is a makefile) for exactly how the source wants to be built
<frojnd> lamont: debuild: fatal error at line 606:
<frojnd> lamont: cannot find readable debian/changelog anywhere! Are you in the source tree?
<lamont> binhtran: not sure I know where to start to help you - and pretty much out of time myself
<lamont> frojnd: so you're starting with upstream source, not the debian source package?
<frojnd> lamont: I don't know
<lamont> frojnd: start with apt-get source libtorrrent :-)
<frojnd> lamont: no
<frojnd> I need those versions
<lamont> that has an upstream source, and a diff between that and the debian package
<frojnd> if I wanna to do wtorrent
<lamont> frojnd: ah, then in that case, see the docs inside the source for how to build it.
<frojnd> lamont: yeah
<frojnd> I'm definetally gonna have to learn how to build this
<frojnd> :|
<lamont> frojnd: the debian package will tell you how the debian maintainer decided to do it...
<lamont> but yeah, enjoy
<uvirtbot> New bug: #499129 in samba (main) "package samba 2:3.4.0-3ubuntu5.1 failed to install/upgrade: subprocess installed post-removal script returned error exit status 1 (dup-of: 349469)" [Undecided,Confirmed] https://launchpad.net/bugs/499129
<I-Blocklist069> hello
<I-Blocklist069> I want to run mkdir /home/samba/backups/`date +%Y-%m-%d`
<I-Blocklist069> on a daily cron
<I-Blocklist069> but it doesnt work when i do something like 0 1 * * * mkdir /home/samba/backups/`date +%Y-%m-%d`
<I-Blocklist069> anyone able to help?
<sub> what does it do instead?
<I-Blocklist069> nothing
<I-Blocklist069> running the command, makes the folder
<I-Blocklist069> but in cron
<I-Blocklist069> it creates nothing
<sub> logging cron anywhere?
<I-Blocklist069> dont think so
<qman__> you're missing the user to run the job as
<qman__> should be 0 1 * * * root mkdir /home/samba/backups`date +%Y-%m-%d`
<sub> hm. i had assumed it was in a user's cron but i am wrong to assume anything :D
<qman__> true, that wouldn't be necessary in a user crontab
<qman__> but I always use cron.d
<qman__> easier to manage
<maxb> I-Blocklist069: % is a special character in crontabs
<maxb> You can read about this in 'man 5 crontab'
<I-Blocklist069> so have to comment it out?
<qman__> no, just quote the path
<I-Blocklist069> i tried to put PATH=/usr/sbin:/usr/bin:/sbin:/bin
<I-Blocklist069> at the top
<qman__> that's irrelevant
<qman__> 0 1 * * * root mkdir "/home/samba/backups`date +%Y-%m-%d`"
<qman__> like that
<maxb> qman__: no, that is incorrect
<qman__> oh, need to escape manually?
<maxb> You should read the bit in 'man 5 crontab' about % signs, as I said
<qman__> oh yeah
<qman__> forgot, crontab is tricky there
<Xpistos|work> is it possible to VNC into a headless server without a gui from my laptop?
<Xpistos|work> I can ssh in without issue, but there are still things I am need to do with a gui
<qman__> Xpistos|work, VNC only works when a GUI is running
<qman__> no idea why you'd need one of those stupid things, though ;)
<Xpistos|work> qman__: Thanks for the help. I can't convert .mov's to avi and compress them to the size file I want without the gui. I don't know enough of the commands to do it in the command line . . . yet.
<X-M4-X> anyone know a FREE WORKING solution alternative to cpanel with a filemanager ehcp and net2ftp is just gay
<ScottK> X-M4-X: Looked into ebox?
<foolano> X-M4-X:  ScottK: eBox doesn't have an FTP module. So he will need something else
<MatBoy> someone using fuzzyocr here ?
<donspaulding> so, I stupidly accepted the default partition setup on my 2TB system.  Now I have a 1TB swap partition.  I chose "Default with LVM", how can I reclaim the space from /dev/mapper/files-swap_1 and allocate it to /dev/mapper/files-root ?
<donspaulding> (I'm in parted right now)
<smiter> <--beating his head against the wall right now... (dealing with ubuntu install and black screen)
<smiter> can anyone here give a little advice on how to attack this?
<stgraber> donspaulding: it'd probably be easier with the LVM tools directly
<stgraber> donspaulding: I guess you don't use your swap right now ? (as in, you can temporarily disable it)
<donspaulding> stgraber: yeah, the machine's got 12GB of RAM, swap can be disabled.
<stgraber> ok, so go with: swapoff /dev/mapper/files-swap_1
<stgraber> then: lvreduce /dev/mapper/files-swap_1 -L 2G
<stgraber> if you want it to be 2GB large afterwards
<stgraber> then, you can: mkswap /dev/mapper/files-swap_1 and re-enable it with: swapon /dev/mapper/files-swap_1
<stgraber> that should give you a 2GB large swap if all went well
<stgraber> if that's the case, then we can resize the root partition to use the free space
<donspaulding> stgraber: lvreduce gave meâ¦..   Volume group mapper doesn't exist
<donspaulding> is mapper the logical name of a different device I should be passing in to lvreduce?
<stgraber> donspaulding: did you include the whole path including files-swap_1 ?
<donspaulding> like /dev/files/swap_1?
<donspaulding> stgraber: yes
<poningru> heh
<poningru> quick question for canonical servers what are the naming conventions?
<stgraber> donspaulding: ok, then try with: lvreduce files/swap_1 -L 2G
<poningru> I see updates are element names
<poningru> lithium and germanium
#ubuntu-server 2009-12-22
<donspaulding> stgraber: ok, that all worked, succesfully resized and turned on the swap.
<donspaulding> stgraber: is there an easy command to "grow" my root partition to all available free space?
<stgraber> great, then you can try: lvextend -l +100%FREE files/root
<donspaulding> stgraber: ok, it says it was successfully resized.
<stgraber> if it works, then you can do: resize2fs /dev/mapper/files-root
<stgraber> that'll make your root filesystem grow to use that newly available space
<donspaulding> it says it's currently mounted, so it's doing an on-line resizingâ¦. awesome.
<stgraber> yeah, I only did it once but it's very interesting :)
<stgraber> if you check: df -h
<stgraber> you'll actually see it grow
<donspaulding> hah!
<donspaulding> that's freaking sweet.
<uvirtbot> New bug: #499277 in tomcat6 (main) "Sync tomcat6 6.0.20-9 (main) from Debian testing (main)" [Wishlist,New] https://launchpad.net/bugs/499277
<donspaulding> ok, so once that's done, I'm golden right?  It doesn't even look like I need to reboot.
<stgraber> yep, everything should work just fine after that
<donspaulding> great, thanks for the help stgraber.
<stgraber> np
<xperia> hello to all. i have problems with receiving mails on my postfix server. the mail was send with thunderbird for some reason sucessfull but
<xperia> when i do "cat /var/log/mail.log | tail" there is no info that a mail was received or handled.
<xperia> can somebody maybe help me with finding out the problem ?
<alex_joni> did you try to send one by hand?
<alex_joni> telnet server 25
<alex_joni> HELO whatever.com
<alex_joni> MAIL FROM:<mail@mail.com>
<alex_joni> RCPT TO:<dest@email.com>
<alex_joni> DATA
<alex_joni> Test
<alex_joni> .
<xperia> on the server where postfix run i am able to send emails with no problems. but when i try to receive a mail on my server it fails
<alex_joni> try the above from a box that is on the outside
<I-Blocklist069> hi, using... find /home/samba/backups/ -name "*.txt" -type f -mtime +30 -exec gzip {} \; which .gz's all the .txt files, how can i zip all the txt files individually?
<alex_joni> maybe you're blocking 25
<xperia> alex_joni: hmmm will try
<qman__> I-Blocklist069, do you mean using zip instead of gzip?
<I-Blocklist069> yea
<I-Blocklist069> i tired just zip instead of gzip but it thinks im trying to do .zip files
<I-Blocklist069> insted of zipping each .txt file
<qman__> zip needs a target name
<qman__> err, archive name
<I-Blocklist069> anyway of making it just do it the same as the input name but with .zip at the end
<qman__> gzip defaults to just compressing the given file, but zip doesn't
<I-Blocklist069> i.e. like gzip does
<qman__> I don't know if/how to do that, but reading the manual should help
<I-Blocklist069> i tried -@ on the zip command but that didnt do anything
<alex_joni> zip - doesn't
<xperia> alex_joni: really great howto. i am getting this error after the RCPT TO:<dest@email.com> "554 5.7.1 <root@myserver.com>: Relay access denied"
<alex_joni> it takes the file from input
<qman__> -@ is not relevant to what you want
<alex_joni> you can also use -print from find
<alex_joni> to pass the filename to zip
<qman__> yeah, if you just pass the filename twice, it will work
<alex_joni> xperia: sounds like config issues ;)
<xperia> alex_joni: yeahh this configs of the software drives me crazy :-)
<alex_joni> xperia: the 4th time or so will be easier
<alex_joni> good night & good luck
<xperia> okay thanks a lot for the debugging of the problem
<xperia> and good night alex_joni
<henriquev> On Amazon Ec2 I launched an Ubuntu instance, played with it a little and now I'd like to save my own image. How do I do that?
<erichammond> henriquev: Here are some notes I wrote on the subject: http://alestic.com/2009/06/ec2-ami-bundle
<henriquev> erichammond: thank you
<erichammond> There are a lot of other tutorials if you do a search.  Here's Amazon's: http://ec2gsg-creating.notlong.com
<I-Blocklist069> any her einstalled xz-utils ?
<UnixDawg> hey guys having a issue
<UnixDawg> we installed ubuntu 9.10 server
<UnixDawg> and did apt-get update upgrade
<UnixDawg> then we tru ti install apache and deps fail
<UnixDawg> is there a step we are missing ?
<unit3> nope, that should work fine.
<erichammond> UnixDawg: This should work: apt-get update && apt-get upgrade && apt-get install apache2
<erichammond> What are you doing differently?
<UnixDawg> not working
<unit3> can you pastebin the error?
<UnixDawg> it says it has unmet deps
<unit3> the full error, including what's unmet.
<unit3> into a pastebin, plz.
<UnixDawg> http://pastebin.com/m281ed8af
<unit3> can you pastebin your /etc/apt/sources.list?
<valindil89> can someone help me setup apache, mysql, and php?
<unit3> valindil89: can you be more specific about what you need help with?
<UnixDawg> http://pastebin.com/m198a8fa8
<valindil89> unit3, I just installed ubuntu  and I need php, apache, and mysql to be able to run on the computer.
<unit3> UnixDawg: there's your problem, you only have the security repo. You should also have the normal karmic repo, and the karmic-updates repo enabled.
<UnixDawg> ok what lines
<unit3> UnixDawg: let me make you a more condensed sources.list, I'll pastebin it in a second.
<UnixDawg> ok
<valindil89> unit3, I guess I need help installing those.
<unit3> UnixDawg: http://pastebin.com/m42bbf103
<unit3> valindil89: so, you're having problems with apt-get, then?
<unit3> UnixDawg: note that I changed the PPA line there too, since for some reason you had it pulling packages for hardy. it may be that that PPA isn't even needed on karmic, it might already have the drivers in there.
<valindil89> unit3, I tried to figure out how to do it. But I just cant find what to do. I dont know what apt-get is.. I just started using ubuntu today.
<valindil89> unit3, I am a newb in linux.
<unit3> valindil89: and you decided to jump right into configured a web and database server, hey? well... that's quite the plunge into the deep end, good luck.
<unit3> you may wish to start on the Ubuntu wiki then.
<unit3> https://wiki.ubuntu.com/
<UnixDawg> ok
<unit3> and the official ubuntu docs site: https://help.ubuntu.com/
<unit3> valindil89: use those to get aquainted with Ubuntu, and then once you're more familiar with how things work, see if the docs on there about configuring the server software make sense.
<unit3> if not, come back and ask some specific questions, and we'd be glad to help. ;)
<unit3> UnixDawg: let me know if that works out for you, you shouldn't have any problems once you use that sources.list. :)
<UnixDawg> thanks
<UnixDawg> thats working
<unit3> awesome. :)
<qman__> valindil89, sudo tasksel install lamp
<qman__> but you definitely need to read up on it before you run a production server
<unit3> alright, this day is finally over. time to get home.
<qman__> the ubuntu server guide tells you how to install most of the things you'll want, so read through that as well
<UnixDawg> will do
<valindil89> qman__, I am a programmer, and I am getting on an airplane tomorrow. so if I have it installed I can work on programs while not online :-)
<valindil89> It is the only reason I run those software on my laptop
<UnixDawg> almost  ahve freeswitch installed
<qman__> valindil89, if it's just for private use, and not hosting to the internet, a default setup should be just fine
<qman__> it creates a default site located at /var/www
<valindil89> ok, then only thing I ever do is after I setup these things. Normally in windows I have my firewall block it completely from going outside my computer, Is there a way to do that in linux?
<qman__> valindil89, yes, but it would be easier to configure apache to listen on localhost only
<valindil89> ok
<valindil89> brb
<qman__> valindil89, see /etc/apache2/ports.conf
<qman__> change Listen 80 to Listen 127.0.0.1:80
<qman__> there are other ways to do it too
<valindil89> that file path is not there
<qman__> it must have changed, that was on a hardy server
<qman__> grep -R Listen /etc/apache2
<qman__> that will show you where the Listen directive is
<valindil89> apache2 wasn't there. so I am goign to install them separately.. for some reason lamp didn't install when I did that command. I am getting it now.
<UnixDawg> thanks again freeswitch apache and all needed apps installed.
<UnixDawg> this is why I am liking ubuntu server next to using bsd  server install
<UnixDawg> both small and easy to install
<UnixDawg> frick I forgot the svn brb
<valindil89> qman__, I ran this and it works like a charm... "sudo apt-get install lamp-server^"
<UnixDawg> ok I found a issue
<UnixDawg> it seems the apache2 install is installing a blank  httpd.conf
<nat2610> hey, if I want a user1  (not root) to be able to do sudo su user2 (not root) what am I supposed to add to visudo ?
<UnixDawg> it there one that can be installed ?
<UnixDawg> ?
<UnixDawg> anyone have a default httpd.conf ?
<UnixDawg> is there a pkg I missed ?
<ajmitch> UnixDawg: see apache2.conf instead
<UnixDawg> ok
<UnixDawg> now I need to add php and a site alias
<UnixDawg> got it
<pipedream> .
<FuzzyKittens-TC> my server seems to take forever to reboot. it seems to get stuck on "saving the system clock" any tips on speeding up this process?
<qman__> well it must not have been that big a deal, since he couldn't wait more than five minutes for an answer
<sub> it never is, qman__
<uvirtbot> New bug: #498721 in ntp (main) "package ntp 1:4.2.4p6+dfsg-1ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 127" [Undecided,Incomplete] https://launchpad.net/bugs/498721
<trimeta> Apparently apparmor and glib just had security updates. Two questions: 1. I didn't have /boot mounted when updating; I mounted it afterwards and ran update-initramfs -u, will that do all the necessary work? 2. Should I reboot to get the security updates to apply? There's nothing in USN about this update.
<ScottK> The USN doesn't get published until after all the updates are out, so it's not unusual for them to lag a bit.
<trimeta> I'll see if they come up in a day or two, but in the past I've had updates which seem to never have been published in USN.
<ScottK> From -security if it's in Main, it gets a USN.
<ScottK> In -updates there are non-security bug fixes that don't get a USN.  -security fixes get copied to -updates, so you may get them from there.
<trimeta> I'm not exactly sure where they came from...I mean, I don't have any unusual repositories included here, but I guess both Main and Security are default.
<ScottK> Yes
<trimeta> Hmm, they all came from http://us.archive.ubuntu.com karmic-updates/main, so I guess that means they're not security updates?
<ScottK> Unless they were copied from -security before you updated.
<ScottK> You can look them up on Launchpad and see.
<ScottK> Apparmor was not security, it was a bugfix: https://launchpad.net/ubuntu/+source/apparmor/2.3.1+1403-0ubuntu27.3
<ScottK> Same for glib: https://launchpad.net/ubuntu/+source/glib2.0/2.22.3-0ubuntu1
<trimeta> OK. In general, I find those by looking for the package on Launchpad and then looking for the changelogs?
<ScottK> You can also look on packages.ubuntu.com and it can be easier because it's arranged by binary package and LP is arranged by source package.
<ScottK> The only problem with packages.ubuntu.com is the data tends to lag a little bit.
<twb> ScottK: only by a day or so, surely?
<ScottK> I think so, but if you're wondering about this new update you got, that's likely a problem.
<twb> You can also hit "C" in aptitude's GUI to fetch changelogs
<twb> And IIRC there's a tool to show changelogs as you install packages
<trimeta> twb: GUI? This is a headless server.
<twb> trimeta: aptitude's GUI doesn't use X
<trimeta> So you're referring to an ncurses-based thing, then?
<twb> That's still a GUI
<trimeta> Debatable, but whatever.
<twb> There seems to be a /de facto/ retronymming to "TUI", which I don't hold with.  As you say, "whatever".
<twb> Of course, aptitude 0.6 includes a GTK UI...
<trimeta> Hmm, "aptitude changelog <packagename>" apparently gives me the changelog, though the interface is more like less than it is an ncurses-based interface. Still, that's exactly what I was looking for, and I'll try to remember it in the future.
<twb> There's a perl library that it (can) use to make it put the newer changelog entries in bold, too
<twb> Oh, but "aptitude changelog" uses $PAGER instead of the internal aptitude pager.
<twb> So it probably *is* using less, unless you've customized your pager
<trimeta> Which is fine by me; I like less.
<twb> trimeta: less is ncurses-based, too... :-)
<trimeta> I guess in the sense that it's taking over the whole screen rather than showing stuff line-by-line, but the interactivity consists of scrolling up and down and searching for stuff. Which is nice, but I certainly wouldn't call it a GUI.
<trimeta> I think of make menuconfig as being the quintessential ncurses-based program.
<trimeta> Or maybe the installer on the ubuntu-server CD. That level of interactivity.
<twb> That's the debian-installer, FYI.
<twb> It also has a GTK version, but I don't think Ubuntu provides it
<trimeta> The closest I've come to using Debian (aside from Ubuntu, of course) is using Sidux...I don't remember what that installer was like, though.
<alkisg> Hi, I found the Ubuntu server guide at 2 different pages, and their contents are not syncronized. Which one would be the correct one?
<alkisg> https://help.ubuntu.com/9.10/serverguide/C/index.html
<alkisg> http://doc.ubuntu.com/ubuntu/serverguide/C/
<twb> Well, obviously the former applies to 9.10
<twb> Perhaps the latter applies to ubuntu+1?
<trimeta> The latter has a large Draft watermark, though I'm not sure what that means in this context.
<alkisg> They're both for 9.10
<alkisg> And they're quite similar, but not exactly syncronized
<twb> alkisg: the best version is the one you get via apt-get, I think
<twb> Since that should be the latest stable build that applies to your current installed version
 * trimeta reads the package management section of that document
<alkisg> Heh, right :) I just thought I'd notify you people in case one of them needed to be taken off.
<trimeta> Wow, I never knew that just typing "sudo aptitude" launched an ncurses-based interface.
<twb> alkisg: notification should probably be done as a LP bug report
<twb> alkisg: most of us aren't Ubuntu developers
<alkisg> I'm not sure if that's a bug, so how can I file one?
<alkisg> I tried asking in #ubuntu-doc, but I got no answer yet...
<twb> IIRC, "apport <package name>"
<twb> Yeah, #ubuntu-doc is usually quiet
<twb> Developers hate writing documentation :-)
<ewook> didn't know they knew how to :P
<alkisg> Heh.... sure but I'd expect people in ubuntu-doc *not* to be devs :D
<alkisg> Anyway thank you guys, /me goes back to trying LDAP for the first time...
<twb> alkisg: which release are you doing that on?
<alkisg> I'm on 9.10
<alkisg> sudo apt-get install ubuntu-serverguide :)
<twb> Righto.
<alkisg> Bah.. that's the same as the first link, and it misses the "configuring ldap backend" part :(
<twb> OK, so what makes you think the newer link applies to 9.10?
<alkisg> Because it writes 9.10 on top
<twb> Fair enough
<alkisg> "Ubuntu Documentation > Ubuntu 9.10 > Ubuntu Server Guide"
<twb> The "DRAFT" in CSS makes me suspect it's an unreleased version or something
<twb> And since 9.10 has been released, I was (am?) assuming that it can only apply to the next release
<twb> The sources are available in a (bzr?) repo of docbook files, if you want the utter bleeding edge
<alkisg> Maybe it's how they prepare the next server docs... but then it shouldn't be in that URL imho
<alkisg> Nah, I just thought I'd ask, no need for such extreme measures :)
<tarsman> what is the solution for not detected NIC RTL8102EL for 8.04? thanks.
<arj> loading a driver
<jmarsden> tarsman: Is any of the detail in bug #326891 or bug #240470 relevant to your issue?
<uvirtbot> Launchpad bug 326891 in linux "2.6.27.11 kernel breaks r8169 support for rtl8102e" [High,Fix released] https://launchpad.net/bugs/326891
<uvirtbot> Launchpad bug 240470 in linux "RTL8102EL / Ubuntu 8.04 intermitent failure (dup-of: 326891)" [Undecided,Confirmed] https://launchpad.net/bugs/240470
<tarsman> jmarsden: I'm not sure. I have not read bugs #326891 or bug #240470. I'll check it.
<uvirtbot> Launchpad bug 326891 in linux "2.6.27.11 kernel breaks r8169 support for rtl8102e" [High,Fix released] https://launchpad.net/bugs/326891
<uvirtbot> Launchpad bug 240470 in linux "RTL8102EL / Ubuntu 8.04 intermitent failure (dup-of: 326891)" [Undecided,Confirmed] https://launchpad.net/bugs/240470
<tarsman> thank you guys for your help. I'll check those links you gave.
<twb> Huh, there's a udeb for qnx filesystems
<uvirtbot> New bug: #499367 in eucalyptus (main) "[lucid] On CLC+CC setups, uec-component-listener starts too early" [High,Fix released] https://launchpad.net/bugs/499367
<alvin> Will the new version of mountall be released for Jaunty?
<alvin> It would be nice to be able to boot ubuntu-server without worries, like the previous versions.
<twb> Unless it fixes a critical bug or security vulnerability, new stuff is not usually backported to existing releases.
<alvin> I'd say booting is pretty critical
<twb> Depends on how widespread it is
<alvin> On all my servers (about 10), I see the same issues. Of course, these all use NFS. If you don't use NFS mounts, booting probably works
<twb> alvin: is NM installed?
<twb> I have found that NM doesn't play nice with NIS/NFS
<alvin> What is NM?
<twb> NetworkManager
<alvin> There is an other issue, but I've only seen it on 5 servers: bug 460914 This one actually bugs me most
<uvirtbot> Launchpad bug 460914 in lvm2 "karmic rc: root device sometimes not found" [Undecided,New] https://launchpad.net/bugs/460914
<twb> It's installed by default if you don't use the server media to do the install
<alvin> Ah, no, it isn't
<alvin> All those are just default installes. CD installed, and sometimes ubuntu-vm-server (and nfs-common). That's it.
<twb> These are virtual machines?
<alvin> No, they aren't
<alvin> but sometimes they are virtual hosts
<alvin> Virtual machines have the same problems booting wen NFS is used. Having /home on NFS is tricky now
<alvin> (This all worked very well on previous Ubuntu versions.)
<alvin> I did use the ubuntu-server CD. No network-manager.
<twb> I don't know what's going on there.  I use 8.04, with NFS and md RAID and LVM, and it doesn't exhibit behaviour like that unless the array is degraded (i.e. if I remove on of the nodes in the array).
<twb> s/on/one/
<alvin> Problem is now: I rebooted my remote headless fileserver and bug 460914 is probably active now, so I can't do anything about it. I ordered a KVM switch for that
<uvirtbot> Launchpad bug 460914 in lvm2 "karmic rc: root device sometimes not found" [Undecided,New] https://launchpad.net/bugs/460914
<alvin> Ubuntu 8.04 is working fine with NFS mounts
<alvin> I posted a message on the list with my experiences, but no reactions so far: https://lists.ubuntu.com/archives/ubuntu-server/2009-December/003574.html I can't possibly be the only one with all those problems unless I really do the installations wrong. (I doubt that. It isn't so hard after all.)
<alvin> (ok, I did get one personal reaction with congratulations. At least one other person must have the same experiences.)
<alvin> RedHat doesn't have those problems, but I know Ubuntu far better and I'd rather aid in making Ubuntu work than learning another distribution. There IS being worked on most of those bugs, but Lucid is a bit far off.
<twb> You could be the only one if something obscure is happening, e.g. your network is negotiating 10baseT and thus it's taking much longer than normal to bring up NFS
<alvin> Then why is it working for Solaris and all versions of Ubuntu, except karmic? No, I'm sure there are a whole list of new bugs that where introduced with upstart/mountall/grub2
<alvin> Karmic beta wasn't booting at all. The final version was, but there are problems on every server. I fear for every reboot.
<alvin> A strange thing is: it looks like (difficult to prove) karmic has more problems finding the network 'in time'.
<alvin> There are still Jaunty machines in this network, and they boot a lot faster. They brin up the network, mount the NFS shares and finish bootiing. Karmic tries to brung up the network, then tries to find the NFS server, doesn't find it, throws an error, retries, goes on, might mount the drive, (might not), gives a prompt. You log in and... stil no network. If you wait a bit, the network will come up. The whole process takes a lot longer than Jaunty.
<tenach> What would be different about using Unreal instead of ircd-hybrid or any other ircd?
<alvin> On top of that (most of the time, NFS shares do get mounted, but never without errors), the 'not-finding-the-root-drive' from time to time worries me the most. Jaunty could always find root.
<twb> tenach: they all have different hacks on them
<twb> tenach: for private use, and old ircd will suffice
<tenach> Alright.
<tenach> Thanks twb.
<tenach> I think I'll just go with the ircd-hybrid, as it's the one that IrcServer in Ubuntu help focuses on
<imagodei> I have 9.04 Server, I manually configured DHCP on two interfaces. One is plugged to network, the other not. I get this message (reloading /etc/samba/smb.conf smbd only) every 5 minutes or so. Is there any way to stop smbd from reloading every time dhcp tries to get IP? Or at least decrease the interval? There was a discussion about this issue at http://ubuntuforums.org/showthread.php?t=1140094 but
<imagodei>  no solution...
<fahadsadah> imagodei: put interfaces = eth0 in smb.conf
<fahadsadah> Assuming eth0 is the one that is facing the network
<twb> imagodei: remove it from /etc/dhcp3/dhclient...hooks.d/
<uvirtbot> New bug: #499394 in ntp (main) "ntp server didn't support mssntp" [Undecided,New] https://launchpad.net/bugs/499394
<twb> fahadsadah: ah, that's a better idea
<imagodei> fahadsadah: OK, will try, brb
<imagodei> OK, I should say I'm pretty much n00b... I have a line in the smb.conf, says";    interfaces = 127.0.0.0/8 eth0" The connected interface is eth1
<fahadsadah> interfaces = eth1, it should say
<fahadsadah> Leave the 127.0.0.0/8 bit, actually
<fahadsadah> So interfaces = 127.0.0.0/8 eth1
<imagodei> do I ommit semicolon?
<fahadsadah> Aye
<imagodei> then /etc/init.d/samba restart ?
<fahadsadah> Yes
<imagodei> OK... no message so far at a restart
<imagodei> just wanna wait for a few minutes :)
<imagodei> :(
<imagodei> no joy
<imagodei> the message's back
<fahadsadah> Hmm
<fahadsadah> What are you trying to do?
<imagodei> Generally? I want the message out of console, cause it bugs me there while typing. The link http://ubuntuforums.org/showthread.php?t=1140094 says that there are also network outages every time this happens. Don't wanna have them
<imagodei> I don't understand... is this normal behavior? I have little experience with linux, but I never had this issue. Is this because of dynamic IP config on server?
<frojnd> Hello there
<frojnd> I'm trying ot install ampache
<frojnd> I've downloaded tar.gz extracted it to /var/www/ampache/
<frojnd> as root
<frojnd> but now I have a problem
<frojnd> I think something with file persmissions
<frojnd> like websesrver wouldn't allowe ampache to write or change things
<frojnd> :S
<frojnd> http://90.157.178.175/ampache/test.php
<frojnd> This attempts to read /config/ampache.cfg.php If this fails either the ampache.cfg.php is not in the correct locations or it is not currently readable by your webserver.
<frojnd> ...it is not currently readable by your webserver
<frojnd> what does that mean?
<kervel> hi
<kervel> i'd like to know how i can create a jeOS AMI with some custom stuff installed
<kervel> i don't want to use the standard AMI, because i heard you loose all your configuration when your instance terminates
<kervel> i searched the web for how to create custom AMI but i couldn't find anything recent on ubuntu
<mathiaz> kervel: you'll loose all your configuration when your instance terminates no matter what
<mathiaz> kervel: I'd suggest to look into rebundling your instance to create your own AMI
<kervel> mathiaz: yeah, but if i have a preconfigured AMI then not
<kervel> mathiaz: ah, i tought it was not possible to do that
<mathiaz> kervel: start from one of the official AMI image, log into the running instance, configure it the way you want, then rebundle it
<mathiaz> kervel: rebundled AMI are stored into your own S3 bucket and can be started whenever you want
<kervel> ah, is it really that simple ? great
<kervel> btw mathiaz do you know how frequently an instance gets "terminated" because of external problems ?
<kervel> i mean amazon terminates your instance because of hardware problems / allocation conflicts or so
<mathiaz> kervel: not really
<mathiaz> kervel: you should plan accordingly though
<mathiaz> kervel: ie create an infrastructure where instances can go away at any time
<mathiaz> kervel: and make sure your overall infrastructure can cope with that
<kervel> mathiaz: and that it auto-launches a new instance i guess when something like that happens
<mathiaz> kervel: probably - that includes some monitoring services
<mathiaz> kervel: amazon autoscaling feature may be helpful there
<kervel> mathiaz: the problem is that i'm going to host a complex webapp with complex caching (not only read caching but write caching too)
<kervel> and distributing state over different machines is impossible now
<kervel> eg the webapp doesn't support running on 2 containers
<mathiaz> kervel: well - some applications haven't been designed to run on a cloud
<mathiaz> kervel: with the assumption that instances can go away anytime
<mathiaz> kervel: these apps are not necessarly the best candidates to be run on  a cloud
<kervel> mathiaz: i was thinking the same way.. thing is, i get these requests all the time, a lot of people see a cloud as a really big vmware
<kervel> so i wanted to find out what it takes to get a reliable hosting on EC2
<mathiaz> kervel: it depends how you define reliable
<kervel> and i found out that i can have EBS block storage that doesn't go away
<kervel> mathiaz: we offer SLA
<mathiaz> kervel: hosting on EC2 can be very very reliable
<kervel> mathiaz: i can imagine that if your app is loadbalanced on 5 instances it can be very reliable
<kervel> but i wonder if i can get a "single instance setup" also reliable
<mathiaz> kervel: well - depends how you define reliable - how much downtime can you afford
<kervel> so my current setup ID would be: postgres database on EBS / application state on EBS / basic operating system and application code in AMI
<mathiaz> kervel: you can restart instances in EC2 and monitor whether they go away
<kervel> mathiaz: do you know how long it takes to start an instance ? and do you think my setup with 1 instance and state on EBS makes sense ?
<mathiaz> kervel: it can take a few minutes
<mathiaz> kervel: you usage of EBS makes sense
<mathiaz> kervel: it's one of the use case for EBS.
<kervel> and fast enough for databases ?
<mathiaz> kervel: sure
<kervel> hmm then i'm going to try it
<mathiaz> kervel: you should definetaly test it before going to production
<mathiaz> kervel: it's very application specific
<kervel> yeah
<mathiaz> kervel: and make sure that you web application works correclty (ie data are stored safely) on EC2.
<mathiaz> kervel: and plan for instance termination accordingly
<kervel> ok that seems possible
<kervel> now one thing: i'd like to develop certain features in our webapp that makes it more suitable. eg we have a built-in media asset manager (files/ videos/ pictures) and it would be cool to use S3 for them instead of the filesystem
<kervel> i wonder how to setup a development environment for that
<kervel> because having to deploy my application on EC2 every time i want to do a small test will slow things down
<kervel> anyway mathiaz thanks a lot for your time, i'll figure out i guess
<kervel> you gave me the pointers i needed :)
<mathiaz> kervel: for testing purposes, I'd suggest to look into UEC
<mathiaz> kervel: which is a way to deploy an EC2-compatible cloud on your own servers
<mathiaz> kervel: http://www.ubuntu.com/cloud/private
<mathiaz> ttx: is there a server team meeting tomorrow?
<kervel> just launched my instance ... can't ssh into it, even tho i selected the right key. going to try karmic instead of hardy
<ttx> mathiaz: yes, but it should be fast
<mathiaz> ttx: who's gonna be around? you, me, ??
<ttx> smoser ?
<mathiaz> ttx: I don't think so
<ttx> hmm
<ttx> mathiaz: let me think about it then :)
<mathiaz> ttx: well - we could have a meeting in french!
<mathiaz> ttx: how do you de-register an kernel/image/ramdisk?
<ttx> mathiaz: never tried
<Jare> can i set per user bandwidth limits in ubuntu server? For example one user would have max. 30Mbps/20Mbps and the other 5Mbps/10Mbps
<Jeeves_> Jare: Not that I know off
<ttx> mathiaz: so the current UEC/ISO start and runs. I fail to run an instance, I get a libvirt error.
<ttx> mathiaz: will file bugs
<mathiaz> ttx: ok - I'll stick to 1.6.1 then
<mathiaz> ttx: when doing the stress testing
<teddymills> http://manpages.ubuntu.com/manpages/karmic/man8/tc.8.html
<ttx> mathiaz: yes
<Jeeves_> Jare: http://www.mastershaper.org/index.php/Main_Page maybe?
<ttx> mathiaz: err... the latest from bzr upstream is even more broken, beh
<mathiaz> ttx: that always happen when you're in *bug* *fixing* mode
<ttx> mathiaz: in fact it's not /more broken/.
<ttx> it's just a bug that only affects upgraded installs.
<ttx> mathiaz: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/499480
<uvirtbot> Launchpad bug 499480 in eucalyptus "[lucid] euca_rootwrap setuid status is lost on upgrades" [Undecided,New]
<mathiaz> ttx: could this be related to https://bugs.launchpad.net/bugs/437012?
<uvirtbot> Launchpad bug 437012 in eucalyptus "eucalyptus-common maintainer script should not add dpkg statoverrides" [Low,Fix released]
<ttx> mathiaz: yes, that's a regression introduced in there
<ttx> mathiaz: I just fixed it
<siretart`> hi
<siretart`> how to enable serial console access in grub2?
<uvirtbot> New bug: #499436 in eucalyptus "[lucid] /var/lib/eucalyptus/bukkits created with wrong rights" [High,Triaged] https://launchpad.net/bugs/499436
<mathiaz> smoser: hi - it seems that the latest lucid UEC image requires at least 400M of Ram
<mathiaz> ttx: ^^ have you seen something similar?
<mathiaz> ttx: I can't run the lucid image with c1.medium anymore
<ttx> mathiaz: haven't tried recently
<ttx> or... rather... I can't get to that point anymore :)
<ttx> mathiaz: here he comes again ^
<frojnd> What is the http user?
<frojnd> I need granted the http user to be able to write into /var/log/ampache
<mathiaz> frojnd: www-data
<frojnd> so if www-data needs to write into /var/log/ampache
<frojnd> how can I do that?
<smoser> good morning
<mathiaz> smoser: o/
<frojnd> any ideas?
<frojnd> how can I grant http user in this case www-data to be able to write rad /var/log/amoache?
<mathiaz> frojnd: it depends on the permissions of /var/log/ampache
<mathiaz> frojnd: ls -l /var/log/ampache will give you the permission
<mathiaz> frojnd: and then you'd probably add the www-data user to the correct group, and make sure the group can write to /var/log/ampache
<frojnd> mathiaz: so -rw-r--r-- 1 root   root  25497 2009-12-21 16:41 Xorg.0.log
<frojnd> drwxr-s--- 2 mysql  adm    4096 2009-12-21 01:47 mysql
<frojnd> just chown -R www-data:www-data /var/log/ampache?
<frojnd> now it's drwxr-xr-x 2 root   root   4096 2009-12-22 01:55 ampache
<frojnd> but I manually crated it /var/log/ampache
<mathiaz> frojnd: right chown -R ... should work
<mathiaz> ttx: so you've merged the latest eucalyptus?
<ttx> mathiaz: yes
<mathiaz> ttx: is the package available in the archive?
<ttx> mathiaz: accpeted, building
<mathiaz> ttx: I could test them on some of the machines I have access to
<mathiaz> ttx: ok - I'll monitor it then
<ttx> mathiaz: it's not very different from last week code drop
<ttx> 1.6.2~bzr1103 -> 1.6.2~bzr1113
<mathiaz> ttx: well - I haven't tested any 1.6.2
<ttx> heh
<penta>  hi guys, anybody use scgi module with apache here?
<mathiaz> ttx: I only tested 1.6.1
<ttx> mathiaz: kirkland did, and it worked for him, though I really wonder how it could work. He should have run into the things I had to fix recently
<mathiaz> ttx: I'll give a try to 1.6.2 - as you seemed to be blocked
<ttx> mathiaz: I've to isolate which version broke it, or if it's an issue in my test setup
<ttx> (which is brand new :)
<penta> why it just doesn't wor with my apache? http://pastebin.com/d753c1d07
<mathiaz> smoser: hey - have you looked into the increased memory footprint for the uec-images?
<mathiaz> smoser: it seems that they can't be run as c1.medium on UEC anymore
<smoser> i ran the alpha1 on c1.medium, but i did have issues on c1.small
<smoser> you think that is memory related?
<mathiaz> smoser: http://paste.ubuntu.com/344786/ <- this is the console output of today's image
<mathiaz> smoser: it's running on a c1.medium
<smoser> how much memory do you give? i'm guessing this isn't at all uec-only
<mathiaz> smoser: by default c1.medium is 256M
<mathiaz> smoser: I don't think you'd see that on EC2 - the smallest amount of memory you get there is >1G
<smoser> do you have reason to believe something is uec specific?
<smoser> rather than generic ubuntu
<mathiaz> smoser: well - I think it's related to the uec images we published
<mathiaz> smoser: IIRC the default -server install uses less memory
<mathiaz> smoser: though I had to move to 256M of RAM for my default server installs last release cycle (I was at 128M)
<smoser> yes, its obviously related to uec, but do you thikn that a "normal -server install" will not give the same issue on kvm (or real hardware)
<mathiaz> smoser: under memory pressure, yes it will do the same thing
<mathiaz> smoser: another particularity of uec images is that they don't have swap
<mathiaz> smoser: I'm gonna check how much RAM is used by a default uec image
<smoser> ah. thats it. swap.
<smoser> so
<smoser> above "under memory pressure" i think will occur in "normal -server install" with 256M of memory, i do not think that the -uec images are any more memory hungry than -server in general
<smoser> except, for they do load python early in boot
<smoser> second
<smoser> i recently turned off swap
<smoser> :)
<smoser> which is probably what is causing your problem
<smoser> the goal is to turn it back on if swap is available.
<smoser> so, thats the primary difference i guess.
 * mathiaz nods
<mathiaz> smoser: http://paste.ubuntu.com/344792/
<smoser> yeah, i'm aware
<mathiaz> smoser: ^^ this is the memory on the latest uec image
<smoser> explicitly i took out the /dev/sda3 (i think) entry for swap
<smoser> you probably have a swap partition there
<smoser> can you do me a favor, since you apparently have a uec up ?
<mathiaz> smoser: right - sda3 is a swap partition
<mathiaz> smoser: sure!
<smoser> can you run ec2-get-info --block-device
<mathiaz> ttx: smoser: I don't see a good reason to have such small instances defined in UEC if the default UEC image we provide requires at least 300 M of RAM to run correctly
<smoser> mathiaz, its broke, we'll fix it
<mathiaz> smoser: you mean reanable swap?
<smoser> or are you saying that even with swap you think it doesn't make sense.
<smoser> yes, i was saying re-enable swap
<mathiaz> smoser: even with swap it doesn't really make sense
<smoser> fair
<smoser> its possible that it only sees the memory pressure early in boot
<mathiaz> smoser: you boot a default uec image on m1.small or c1.medium and you're swapping right away
<smoser> some of the new boot stuff is i think fairly memory hungry
<mathiaz> smoser: well - I don't think that the system should be swapping right after boot
<smoser> well, if it swaps on boot, yes, that sucks, but then if it stops swapping, then its not that big of a deal
<mathiaz> smoser: http://paste.ubuntu.com/344792/ <- this is just after boot
<smoser> ie, if it ballooned to 512M during the first 10 seconds of its life, but then trimmed to 128, who cares. thats what swap is for.
<mathiaz> smoser: true
<kirkland`> ttx: howdy
<ttx> kirkland`: yo
<ttx> kirkland: just reading your email
<smoser> mathiaz, can you run the above ? the ec2-get-info
<sub> +1, agreed. swapping is natural, normal behavior. it's thrashing that's bad D:
<kirkland> ttx: <kirkland> saw you had some trouble with the nc upstart script
<kirkland> <kirkland> strange, worked perfectly for me
<kirkland> <kirkland> my testing was from an upgraded system
<kirkland> ttx: also, nurmi and I did go over that diff
<mathiaz> smoser: hm - I don't have the command ec2-get-info
<smoser> i want to know if uec is correctly showing that there is a swap partition, so we could notice that and enable swap
<kirkland> ttx: it's mostly branding and euca_rootwrap that are the diffs
<smoser> hmm...
<smoser> ok
<mathiaz> smoser: this is whith ec2-api-tools 1.3.46266-0ubuntu1
<smoser> its from ec2-init
<smoser> but maybe its not packaged. i was n't lloking at an image, but rather source tree.
<smoser> hold on.
<ttx> kirkland: I think we should have WI covering their transformation into separate patches
<kirkland> ttx: really?  we want separate patches?
<kirkland> ttx: i particularly like using bzr merging
<ttx> hmm
<kirkland> ttx: it's *far* cleaner to me than fuzzing patches
<kirkland> ttx: i dare say that's the power of using a shared bzr source
<mathiaz> kirkland: ttx: you may wanna look at bzr looms if you want both have bzr merge goodness and separate patch
<ttx> kirkland: I agree with that, just thought that wasn't what the spec said
<ttx> kirkland: spec says "Keep debian/patches for ubuntu-specific non-upstreamable patches, merge all others"
<ttx> kirkland: that's why I was wondering
<kirkland> ttx: hrm
<kirkland> ttx: having done the merge many times in the last few weeks, i find it far easier to fix conflicts in the bzr managed source, than re-fuzzing patches
<ttx> kirkland: I agree with that. As long as we don't keep the patchsystem around
<kirkland> ttx: true; shall we try to get rid of the patch system entirely, in favor of inline code changes?
<ttx> kirkland: ...and we don't lose track of what the diff contains
<kirkland> ttx: right, to me, that's the one advantage of debian/patches here
<ttx> kirkland: I think the mix is confusing
<ttx> At least it confused me
<kirkland> ttx: we have a very specific list of what the patches are (and in my ideal world, documentation about the patch above it in the file)
<kirkland> ttx: i agree;  the WSDL issue is still open, though
<ttx> ok.
<kirkland> ttx: we haven't agreed with upstream on the best way to solve that
<kirkland> ttx: well, we sort of have
<kirkland> ttx: there's some build dependency, that if promoted to Main, could generate the diff on the fly during the build
<ttx> kirkland: I think they underestimate the work in there
<ttx> I asked a question on that bug, unasnwered
<kirkland> ttx: i have it in the bug, don't remember it off the top of my head
<mathiaz> smoser: hm - TBH I don't think the guest is just swapping during boot
<ttx> kirkland: I'll reply to thread to make sure jos is in the loop
<ttx> kirkland: no need to interrupt your vacation :)
<kirkland> ttx: heh, well, i just wanted to say hi :-)
<smoser> mathiaz, if thats true, we have generic issues that should be discussed.
<mathiaz> smoser: otherwise why would the OOM killer kick in *after* the instance has successfully booted (http://paste.ubuntu.com/344786/)
<kirkland> ttx: i didn't want you blocking on me, or anything I did (or didn't do)
<ttx> kirkland: it affects a spec contents that he approved. I don't think he would mind, but hey
<smoser> ie, if we care that server doesn't boot in 256M
<smoser> or s/boot/boot and be useful/
<ttx> kirkland: you managed to run an instance ?
<smoser> mathiaz, can you run the following in your instance:
<smoser>  b=http://169.254.169.254/latest/meta-data/block-device-mapping/; for x in $(wget "$b" -O - -q); do v=$(wget "${b}/${x}" -q -O - ) ; echo "${x}:${v}"; done
<ttx> kirkland: with 1.6.2~bzr1103 ?
<smoser> on small on ec2, that gives me:
<smoser> ami:sda1
<smoser> ephemeral0:sda2
<smoser> root:/dev/sda1
<smoser> swap:sda3
<mathiaz> smoser: sure - let me boot a new instance
<kirkland> ttx: yes, absolutley
<ttx> kirkland: beh, couldn't make it run
<kirkland> ttx: well, timeout ...
<kirkland> ttx: with the build i did locally
<ttx> maybe another upgrade vs newinstall
<kirkland> ttx: i ran several instances
<kirkland> ttx: i did not test the soyuz-build deb's
<ttx> issue
<kirkland> ttx: mine were upgrades
<ttx> I'll test again
<kirkland> ttx: i did have to bundle a new image, though
<kirkland> ttx: something about my images were out of sync, or not fully registered or something; there's an open bug on it
<ttx> kirkland: anyway, it's almost working for me :)
<kirkland> ttx: almost?
<ttx> kirkland: well, when the NC is running libvirt, you're pretty close to the end of the test
<ttx> https://bugs.launchpad.net/eucalyptus/+bug/499491
<uvirtbot> Launchpad bug 499491 in eucalyptus "[1.6.2] Fails to boot an instance: Failed to add tap interface to bridge 'br0'" [High,Triaged]
<mathiaz> smoser: http://paste2.org/p/573930
<mathiaz> smoser: there isn't any information there :/
<smoser> can you append a slash
<smoser> hold on
<smoser> b=http://169.254.169.254/latest/meta-data/block-device-mapping/; for x in $(wget "$b" -O - -q); do v=$(wget -q "${b}/${x}/" -O - ) ; echo "${x}:${v}"; done
<smoser> (i added '/' to the wget inside the loop. crossing fingers)
<ttx> kirkland: see https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/487270/comments/2
<uvirtbot> Launchpad bug 487270 in eucalyptus "improve wsdl stubs generation" [Undecided,Confirmed]
<mathiaz> smoser: nope - same result
<ttx> kirkland: it's either too much work or no work at all, based on what dan meant
<mathiaz> smoser: well - I'm not sure if it's relevant to rely on the meta-data service to provide that information
<mathiaz> smoser: IIUC there is a swap partition on /dev/sda
<kirkland> ttx: yeah, i'll touch base with him after the holiday's on this
<mathiaz> smoser: and it's the disk that is mounted as sda
<smoser> there is on i386 small
<kirkland> ttx: this is the biggest piece of work i think i have with that spec
<smoser> there is not on a large
<kirkland> ttx: your new comments not withstanding
<smoser> its dynamic
<ttx> kirkland: new comments ?
<mathiaz> smoser: ah - so on EC2 you may have a swap partition or not
<kirkland> ttx: diff vs. patches
<smoser> right. it changes based on some things
<ttx> kirkland: right
<smoser> ideally the metadata service tells me what to do with things
<kirkland> ttx: it would be nice if you could get clarification on that ;-)
<smoser> but i can instead look at available devices and if one is type swap, then use it
<mathiaz> smoser: it seems that UEC doesn't provide extra devices that could be used as swap
<ttx> kirkland: will try to ping them on it
<smoser> the metadata service is providing more explicit info
<smoser> mathiaz, uec is strnage.
<smoser> :)
<ttx> smoser: UEC is good
<smoser> well, ec2 is strange, and uec is strange differently
<smoser> diversity :)
<mathiaz> kirkland: is there a reason why uec is still using scsi instead of virtio devices?
<smoser> mathiaz, the reason was related to hotplug of ebs volumes
<mathiaz> ah yes - I remember - for compatibility with EC2
<smoser> no, not that
<mathiaz> virtio devices show up as /dev/vd*
<smoser> that may have been a concern. at one point virtio hotplug was broken.  i asked nurmi this once.
<mathiaz> smoser: well - fstab says to mount /dev/sda1 on /
<mathiaz> smoser: ah right.
<smoser> it does, but it doesn't matter.
<smoser> because the kernel or ramdisk is reading the parameter from cmdline
<smoser> so fstab doesn't matter for /
<smoser> which is why i decided to only really put / in fstab, and dynamically write the rest
<kirkland> mathiaz: compatibility with Amazon, I think
<mathiaz> smoser: where should I file bugs related to UEC images?
<mathiaz> smoser: I'd like to keep track of this memory issue
<smoser> ideally from an instance
<smoser> ubuntu-bug
<smoser> will tag it as ec2-images although i dont know if it does that correctly for uec
<smoser> but just file it against ec2-init for now, but really, i dont think its a UEC thing
<smoser> our -server distro will fail to run in 256 M at the moment is my assertion
<smoser> so however you would normally open such a bug
<mathiaz> smoser: right - -server on 256M will be swapping after boot
<smoser> so file that bug, and tag it uec-images ec2-images
<ttx> smoser: are you around tomorrow ?
<smoser> no
<ttx> hmm
<smoser> i could call some where, but i will not be near computer for most of day
<ttx> smoser: no, I have to see if we should cancel the meeting
<ttx> mathiaz: we'll see if anyone else shows up
<ttx> mathiaz: if not, we'll cancel it. 2 is not quorum :)
<kervel> i wonder if it is possible to run an ubuntu enterprise cloud on a single server (documentation mentions you need at least 2 servers) , for testing  / development purposes
<kervel> eg can the node controller and the cluster controller run on the same machine ?
<smoser> mathiaz, if you're still around and have uec up, could you verify that:
<smoser> for x in $(blkid -t TYPE=swap -o device); do sudo swapon ${x}; done
<smoser> will get your swap partitions mounted
 * mathiaz tries
<mathiaz> kervel: nope
<mathiaz> smoser: \o/ - need to run blkid as root though
<smoser> ah. yeah.
<smoser> duh.
<mathiaz> smoser: http://paste.ubuntu.com/344858/
<smoser> so, the goal will be to look at metadata if available, if not, use blkid
<smoser> assuming (possibly hazardly that if blkid finds something it thinks is swap that it is)
<smoser> that is kind of scary
<smoser> mathiaz, what is the default small? m1.small on uec
<smoser> is it 128 ?
<smoser> we used to run on whatever it was (karmic) but in lucid it crashes horribly. and very hard to debug because you can't get console logs because UEC doesn't cache them. so once the thing is dead the log is gone
<mathiaz> smoser: m1.small gives 128 M for ram
<alkisg> I'm having problems setting up my first LDAP. Why would `ldapsearch -x admin` succeed, and `ldapid admin` fail? http://pastebin.com/f5aaa1ee0
<alkisg> Also, `sudo ldapaddgroup george` gives me "ldap_bind: Invalid credentials (49)" in the log file. I'm following this: http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html and I don't think I've missed any required steps... :(
<teddymills> can someone paste bin the partition map of a default ubuntu 8X install?
<teddymills> I am trying to recover my partition map, but I do not know what to put it back to..it was the default install...with ext3 mostly I need to know where root is and what partition number...
<alkisg> teddymills: partition map?! what do you mean? grub device map?
<teddymills> fdisk -l /dev/sda
<smoser> teddymills, its going to be specific to the size of the disk at very least
<teddymills> i dont need the partition sizes..i need the partition types and numbers...
<alkisg> Here's one from Lucid: http://pastebin.com/f5e89205d
<alkisg> But the extended partition has its own partition table, so I wonder how that would help you...
<teddymills> thx lucid that should help...
<gkahla> i'm trying to get fetchmail to pull my mail down onto my laptop, and fetchmail tells me port 25 isn't responding on localhost. Do I *really* need to set up postfix to get rid of this problem? Advice appreciated... destination machine is my laptop - NOT a server.
<ziesemer> I replaced my dead motherboard.  Still an Intel x64, etc., but different on-board network controller.  Still my network (eth0) is working as expected.  However, my VLAN, eth0.5 is sending but not receiving packets.  What do I need to check / change?
<ziesemer> Attempting to ping from this box to another box, the managed network switch shows the packets being sent from local to remote, then the remote to local, but "ifconfig eth0.5" shows only the transmitted packets, with 0 bytes received.
<ziesemer> (I had already removed the existing entries from /etc/udev/rules.d/70-persistent-net.rules , so that the new interface still came up as the old eth0, rather than a new eth1.)
<unit3> what's the best practises way under karmic to adjust which services get started at boot?
<unit3> "update-rc.d cman enable" doesn't seem to get cman to start at boot.
<unit3> hm... looks like "update-rc.d -f cman remove && update-rc.d cman defaults" does what I want. confused as to why enable/disable exist.
<unit3> oh well.
#ubuntu-server 2009-12-23
<davrian> Would anyone happen to know of a decent Subversion web management tool? I looked, tried some solutions that i couldn't get working... anything anyone can recommend?
<jmarsden> davrian: The two straightforward (already packaged for Ubuntu) choices would be viewvc and websvn
<davrian> brilliant, i will look into that, thanks!
<jmarsden> No problem.
<davrian> jmarsden: Would I be right in saying that WebSVN is probably the better option...
<jmarsden> I'm not really sure.  I'd guess I've seen more viewvc installations "out there" on the web, but I'm not really sure which one is "better".  They are free... try both? :)
<davrian> okay, cool! thanks for your help :)
<jmarsden> You're welcome.
<j416> Hi! I just installed Ubuntu 9.10 Server, and realised that this time the installed didn't set up postfix for me, last time it asked a lot of questions like mydestination setting etc. I wonder, why didn't it do that this time I installed?
<j416> s/installed/installer/
<j416> (last install was just a few hours ago, and the only difference was that I had mistakenly set a numeric host name, which it didn't like)
<lamont> base install doesn't install an MTA unless you tell it to
<lamont> OTOH, apt-get install postfix will get you postfix...
<j416> lamont: it installed postfix alright, I did check "Mail server", but it didn't ask me those questions
<j416> I'm just curious why it didn't
<Thugal_> dpkg-reconfigure postfix  ?
<lamont> probably related to debconf priority
<j416> debconf priority..
<j416> there
<j416> dpkg-reconfigure postfix works great :)
<j416> thank you
<Sativa> hey i have a netra T1125 made by Sun, and I'm looking to turn it to a server to host a gameserver from my computer.
<Sativa> the machine doesn't have a monitor hook-up, so i don't know how to see what i'm doing. xD
<ziesemer> Sativa, I'm not at all familiar with the hardware, other than through a quick web search, but I'm guessing it must have some sort of remote interface?  Possibly even just a simple terminal over one of the serial ports?
<ziesemer> Can anyone help me figure out why my VLAN interface is no longer receiving traffic?  Only change is a new motherboard.  The network driver apparently switched from "sky2" to "r8169".
<jmarsden> ziesemer: It's a guess, but perhaps the vlan interface config file(s) have a MAC address in them, or a driver name, and both of those have changed.  Can you just delete the vlan interface and recreate it on your new hardware?
<ziesemer> Where would I find these config files?  As far as I'm aware, the VLAN is more or less just created dynamically through /etc/network/interfaces .
<ziesemer> I was thinking something along those lines, though, and allowed the physical interface to move back to the new eth1, so my VLAN is also eth1.5 instead of eth0.5.  Still have the same issue.  ifconfig eth1.5 shows 0 packets / bytes received, but does show the traffic being sent.
<jmarsden> I'm not sure... if the vlan stuff depends on the NIC being able to deal with tagged frames, then you should perhaps also check that the new r8169 NIC can handle that.  I'm not sure of the current trends, but a couple of years back there were some NICs which could do the tagging and some which could not.
<jmarsden> 802.1q , or something like that?
<ziesemer> That is what I'm afraid of.  It's a Mini ITX system, and other than resorting to USB for a 2nd network interface, I really need the VLAN support to work with my network switch and act as a router.
<ziesemer> Honestly, I'm trying to find more details about the network driver.  The "sky2" and "r8169" I found were only as comments in the 70-persistent-net.rules udev file.
<ziesemer> Searching for "r8169 vlan" online doesn't yield any specific successes or warnings in terms of vlan.  But I'm suprirsed that vconfig doesn't give any errors or warnings, and that the vlan adapter is successful in transmitting, just not receiving.
<jmarsden> Agreed.  r8169 is the Realtek gigabit driver... I think it supports a range of R81xx chips.  Doing   sudo lshw -c net   # could get you more details on the hardware you actually have.
<ziesemer> It's a "RTL8111/8168B PCI Express Gigabit Ethernet controller".  Should I be seeing anything about VLAN in the listed capabilities?
<ziesemer> I did just find http://forums.debian.net/viewtopic.php?f=7&t=28371 , but the symptoms are a bit different.  There, at least, the driver is reporting dropped RX packets.  I've also tried lowering the interface MTU, but I wouldn't think that would be an issue with ping packets.
<jmarsden> I'm not sure; that sounds like reasonably modern hardware, so it really "should" have the vlan tagging capabilty, but I don't know how/whether that capability is announced to the world.
<jmarsden> And yes, by default ping packets are small.
<ziesemer> It's a brand new Intel motherboard.  Not just Intel-based, Intel-branded.  I'm rather surprised it didn't just have an Intel network chip on it as well.
<ziesemer> Should I file a bug report on this?
<jmarsden> You could; it's not clear at this point if it is just a config issue of some sort or a "real" bug, but it can't hurt.
<jmarsden> You could also try setting things up so the other system on the VLAN was a machine on which you could run something like wireshark to "see" the packets at that end, so you know for sure the echo reply packets really are going out destined for that vlan interface.  Probably a pain to set up, but it might tell you something more about what is happening.
<ziesemer> I can do that.  The low tech approach I've already used is that the LED light blinks on the port of this box when it is pinged from another machine on the VLAN, but the box never "sees" the packet.
<jmarsden> OK.  I should go to bed... sorry I can't be more help :)
<ziesemer> Also going to try booting from a Live CD, and see if that helps at all.  A bit of a pain, with an older kernel, etc., that will be in use.  Attempting a re-install might be better, but that's a lot of work...
<ziesemer> np, thanks for your feedback!
<ziesemer> How can I find the version and/or other details of the r8169 driver currently in use?
<_ruben> ziesemer: do you see traffic when monitoring the actual interface (not the vlan)?
<ziesemer> _ruben, what would be the best way to check?  Run Wireshark or tcpdump on eth1?
<ziesemer> Interesting.  tcpdump shows "vlan 5, p 0", with ARP requests.  So eth1 is surely receiving the vlan traffic.
<_ruben> indeed
<_ruben> so if the vlan interface doesnt see the same traffic, you think the problem is in the vlan part, not the driver
<ziesemer> Ran tcpdump against the vlan, and don't see any traffic.  This agreed with the statistics shown on ifconfig.
<ziesemer> The other interesting find:  I just downloaded the r8169 Linux driver available straight from Realtek.  The "DCONFIG_R8169_VLAN" compile flag is disabled in the default makefile.
<ziesemer> So I'm thinking I'll try recompiling that with the flag enabled, and use it as my new driver to see if that helps.  But I'd like to find the details of what I currently have in this aspect...
<ziesemer> Of course it can't be that easy.  Errors compiling...
<ziesemer> It seems I need to have the linux-source packages.  I'm offline, due to the network issue, so I can't just use apt-get.  Apparently, I'm slightly out-of-date with the kernel, at 2.6.31-15, where http://packages.ubuntu.com/karmic/linux-source is showing 2.6.31-16.  Where can I find the -15 to download?
<ScottK> ziesemer: Look on Launchpad.  https://launchpad.net/ubuntu/+source/linux-source
<ziesemer> ScottK: "Error: Page not found".  And browsing http://security.ubuntu.com/ubuntu/pool/main/l/linux/ , I don't see any -15 package...
<ziesemer> I'm assuming I need the -14 or -16 package instead?
<ScottK> https://launchpad.net/ubuntu/karmic/+source/linux/2.6.31-15.50
<ziesemer> Excellent, thanks!
<ziesemer> Err, no *.deb files?
<ScottK> There are links
<ziesemer> Ahh, builds.
<ziesemer> ?  https://launchpad.net/ubuntu/+source/linux/2.6.31-15.50/+build/1339885 has no linux-source-* .
<ziesemer> Sorry, I've really not had to do this offline before...
<ScottK> Now you need me to understand how they build the kernel and I really don't.
<ziesemer> I just used the low-tech approach.  :-)  Ran Synaptic, and told it to install.  Now I have an error dialog showing the file download location:  http://us.archive.ubuntu.com/...
<ziesemer> And it's not there, either.  Ugh...
<ziesemer> It's as if -15 never existed.
<_ruben> -16 is probably a security update, which 'kills' -15 on the mirrors .. atleast, that's what i've been keep telling myself :p
<_ruben> and you most likely dont need the full source, just the headers will do most of the time
<ziesemer> Finally.  https://launchpad.net/ubuntu/+source/linux/2.6.31-15.50/+build/1339887 .
<ziesemer> I had the headers, and had the compile errors.  Driver readme has requirements of "kernel source tree", so I'll give it a try...
<_ruben> ah
<ziesemer> All that, and it still doesn't compile.  A lot of "'struct net_device' has no member named '...'".
<uvirtbot> New bug: #499491 in eucalyptus "[1.6.2] Fails to boot an instance: Failed to add tap interface to bridge 'br0'" [High,Triaged] https://launchpad.net/bugs/499491
<_ruben> ziesemer: sounds like it cant properly handle your kernel version (eg: old driver which doesnt know about recent kernel changes)
<ziesemer> Yep.  :-(
<ziesemer> I just sent an email to Realtek, see what good it does.  Seems related to this:  http://patchwork.ozlabs.org/patch/27566/
<ziesemer> Seems that the r8168 driver may have better overall support.  May have to give that a try...
<_ruben> ziesemer: are you sure that option isnt enabled by default btw? i dont have any karmic boxes handy i think, but hardy-jaunty have it enabled
<ziesemer> Which "option"?
<_ruben> CONFIG_R8169_VLAN .. oh .. you refered to the default of the source provided by realtek, not the actual ubuntu kernels
<ziesemer> Right.  Finding the details of what is used in the actual Ubuntu kernels is something else I was trying to do, though...
<ziesemer> The best I came up with so far was running "strings" against the r8169 .ko file.
<_ruben> check /boot/config* :)
<ziesemer> I didn't know about that.  Very handy - thanks!  Yes, CONFIG_R8169_VLAN=y .
<ziesemer> But it still is certainly not without issue, and I'm guessing due to it being an "older" driver.
<ziesemer> But now I'm finding that maybe r8168 is a better match to my hardware anyway...
<ziesemer> Ugh.  Got r8168 to compile.  Again, seems to be a better match for my hardware anyway.  But still no progress with the VLAN.
<freaky[t]_> is there a default ubuntu setup for mail server with mysql for several domains ?
<_ruben> freaky[t]_: dont think so .. but there's tons of howto's to be found for such a setup
<uvirtbot> New bug: #499621 in samba (main) "nmbd fails to start after Jaunty upgrade to Karmic" [Low,Incomplete] https://launchpad.net/bugs/499621
<uvirtbot> New bug: #495618 in eucalyptus "euca-describe-image-attribute does not show block device mappings" [Undecided,Fix committed] https://launchpad.net/bugs/495618
<uvirtbot> New bug: #496761 in eucalyptus "Walrus IP is not correctly updated in DNS records" [High,Fix committed] https://launchpad.net/bugs/496761
<j416> hi. How can I prevent apt-get from installing things from guessing what I wanted?
<j416> i typed: apt-get install git
<j416> and it seems to have installed something called gnuit o_O
<_ruben> because most likely you want to install git-core instead
<_ruben> !info git
<ubottu> Package git does not exist in karmic
<_ruben> !info git hardy
<ubottu> git (source: git): GNU Interactive Tools, a file browser/viewer and process viewer/killer. In component universe, is optional. Version 4.3.20-12 (hardy), package size 259 kB, installed size 992 kB
<_ruben> j416: it didnt guess, it just didnt install the package you wanted (most likely)
<j416> I want it to at least ask me if I mean gnuit, before installing it by itself
<_ruben> which ubuntu version do you use?
<j416> 9.10 64-bit
<j416> (is 'git' an alias for 'gnuit'? o_O)
<_ruben> yes
<_ruben> Package git
<_ruben>     * karmic: Virtual package
<_ruben>       provided by: gnuit
<j416> oh..
<j416> that explains it
<_ruben> gnuit is new name of git
<j416> ok. well well )
<j416> thanks
<j416> :)
<j416> i thought it was expanding git to gnuit
<j416> i restored it from my vm image backup now anyway, and going to install git-core. Thank you!
<_ruben> wouldnt surprise if lucid or newer would remove the git virtual package (once all dependencies are resolved) .. to avoid the confusing between git (the vcs) and gnuit
<j416> it would be handy if apt-get could always ask though
<j416> apt-get install X; "This will install package X, continue? [y/n]"
<j416> hm. well well
<_ruben> wouldnt surprise if apt's configurable in a way to always ask to continue, not just when additional packages are to be isntalled
<j416> maybe! :)
<imagodei> Ubuntu 9.04 server running on Single Board Computer AMD GEODE Wafer-LX3. I installed festival text-to-speech, but I got error message: "Linux: can't open /dev/dsp". I installed ALSA and set .festivalrc according to these instructions: http://aanugraha.wordpress.com/2008/12/20/festival-cant-open-devdsp/. Still no joy, getting message that aplay does not recognize file format. I'm noob, be gentle :)
<_ruben> when im about to install 'unknown' software, i usualy use -s .. it'll show what'll be installed, but wont do it
<_ruben> text-to-speach on a server .. how odd .. my servers dont even have audio devices
<imagodei> I wouldnt consider using server, but this SBC is not some powerful machine... Can't afford Gnome or KDE
<freaky[t]_> _ruben ok thank you ;)
<katakbuta> how do you prevent users from using ssh to tunnel their application
<_ruben> block ssh traffic
<j416> how can I check if package X is installed?
<alkisg> dpkg -l X ?
<j416> seems to work! thank you! :)
<alkisg> What's a good domain name to use for private sites, e.g. to setup LDAP etc? .local is reserved for mdns (avahi), so what else is commonly used? .localdomain?
<kwork> http://no.life.ee/kvm-error.txt <-- any ideas what could be wrong
<pmatulis> kwork: ensure that virtualization extensions are enabled in your BIOS
<kwork> uh hmmmz
<pmatulis> kwork: what?
<kwork> i dont reboot my boxes :P
<kwork> but okey will give it a try thanks for hint
<uvirtbot> New bug: #499811 in eucalyptus "[1.6.2] Recent euca_conf changes break local key sync" [High,Triaged] https://launchpad.net/bugs/499811
<Shubuntu> hi, where do i go to find help for poptop?
<j416> Shubuntu: google
<j416> Shubuntu: http://poptop.sourceforge.net/dox/
<j416> :)
<Shubuntu> j416, isn't there a chatroom?
<Shubuntu> i'm having difficulty setting it up to use
<Shubuntu> i'm trying to connect from windows clients and browse from my servers instead
<imagodei> Ubuntu 9.04 server running on Single Board Computer AMD GEODE Wafer-LX3. I installed festival text-to-speech, but I got error message: "Linux: can't open /dev/dsp". I installed ALSA and set .festivalrc according to these instructions: http://aanugraha.wordpress.com/2008/12/20/festival-cant-open-devdsp/. Still no joy, getting message that aplay does not recognize file format. I would like to...
<imagodei> ...make this machine speak. I'm noob, be gentle :)
<_ruben> Shubuntu: unless you really want to use windows' builtin vpn client, i'd suggest looking into openvpn, its a breeze to setup
<arj> it's a pain on vista
<arj> and even more so on 7
<Shubuntu> well my clients are kinda limited on installing anything
<Shubuntu> they can only use whatever is there
<Shubuntu> it's a work network
<Shubuntu> and they block everything
<Shubuntu> we want to be able to use skype
<Shubuntu> they could run a standalone skype
<Shubuntu> and i need them to be able to connect through vpn and run skype
<Shubuntu> so they can do voice chat
<Shubuntu> _ruben, if openvpn can do that i'm up for it, I don't have a preference on software, just the end results
<Shubuntu> some companies are just stupid, they lock skype and youtube etc out
<Shubuntu> and I want to be able to communicate with my friends
<alkisg> What's a good domain name to use for private sites, e.g. to setup LDAP etc? .local is reserved for mdns (avahi), so what else is commonly used? .localdomain?
<Sam-I-Am> localdomain works, or localnet
<Sam-I-Am> or just make something up
<alkisg> OK, I was just looking for a common one. Thanks!
<ankit_babbar1> hello
<ankit_babbar1> can any body help me in openldap
<ankit_babbar1> tough this may be not a right place but i have ask many times in forum
<ankit_babbar1> ?
<Sam-I-Am> ankit_babbar1: theres often help in #openldap as well
<bogeyd6> When using apt-get remove, for a bunch of packages. How can you make it ignore any that are missing? I have like 89 packages that i copied from a website to remove the gnome desktop and turn it into a server.
<ankit_babbar1> ny other active irc?
<bogeyd6> Anyone know the command to remove the gnome desktop and just go to a command line install?
<ankit_babbar1> sudo apt-get remove ubuntu-desktop
<ankit_babbar1> or try the server version rather
<bogeyd6> ankit_babbar1, trying to get to server version without uninstalling
<bogeyd6> ankit_babbar1,  that command doesnt work
<bogeyd6> apt-get remove gnome* worked great
<ankit_babbar1> kk
<ankit_babbar1> https://help.ubuntu.com/community/PureKDE
<ankit_babbar1> ldap help plllzz
<alkisg> ankit_babbar1: are you looking for something specific? or just the first steps?
<RoyK> http://rampantgames.com/blog/uploaded_images/redneckchristmas-724870.jpg
<Aison> i've got a nice lvm drive. quite simple setup, just one logical volume with one physical volume
<Aison> but after rebout, it's not available
<Aison> quite strange
<oru_work> for some reason mysql and other services that are associated with it are taking up way more memory than it should
<oru_work> can someone help me resolve this issue ?
<oru_work> a logbot for irc that i am running shows that its using 640 mb of ram
<oru_work> can someone have a look at this and maybe hint me on why this logbot is taking up so much memory http://picasaweb.google.com/pavel.mishuk/Rootforum?authkey=Gv1sRgCM6wxsTCtvLMnAE#slideshow/5418465757081133410
<oru_work> can someone hint me on why this tiny program is taking up so much memory , this is a copy paste from htop http://dpaste.com/137068/
<jpds> oru_work: I think the actual memory usage is the 0.9.
<Aison> how do I setup a syslog server?
<Aison> oh, found it, /etc/rsyslog.conf
<teddymills> Is JEOS considered good enough for production/client vms?
<teddymills> I have been installing full Ubuntu 9.10 installs, but if JEOS is good enough, I would rather install the much smaller JEOS
<jpds> JeOS is really just a stripped down version of Ubuntu.
<blackxored> .hello fellow
<blackxored> I am using backuppc
<blackxored> and worked properly
<blackxored> on a virtual machine
<blackxored> now I started virtualization for real
<blackxored> setting up a server with backuppc
<blackxored> now I get NT_STATUS_BAD_NETWORK_NAME
<blackxored> each time a backup task is run
<blackxored> can you help me to spot why's that? the server is ubuntu 8.04.3 and it's outside the domain BTW
<kantxx> anyone here know if theres a bacula 3.x repo for 9.10?
<fluvvell> I have a problem, after upgrading my raid array and removing old elements, hardy 8.04 fails to  boot the array. I can load it under a live cd and it checks ok, but after grub says its installed on ok, I get no boot
<fluvvell> I can chroot onto the array and run stuff on there too.
<fluvvell> Raid1
<fluvvell> So, in summary, raid1, 8.04 server, data intact but not booting.
<genii> fluvvell: Any grub/mount error messages?
<fluvvell> no, grub-install seemed happy to write to /dev/md0
<genii> fluvvell: During boot attempt from raid1 which fails
<fluvvell> Ah, well no it just sits there with a blinking cursor
<fluvvell> genii: Doesn't get to the grub menu
<genii> Sounds like some mbr issue then. Is one of the drives on the array normally the primary master ?
<genii> ( in the order which bios looks for drives to boot from)
<guntbert> fluvvell: wild guess: did uuids change?
<fluvvell> genii: they're sata, but no I've just looked and fdisk shows them further down
<fluvvell> genii: uuid of the raid array?
<genii> fluvvell: Yes, guntbert means the md0 UUID
<fluvvell> genii: no, i upgraded by adding two new drives one after the other then pulling the old drives once the array was clean.
<genii> fluvvell: My first suspect is that sda is where you want grub and not md0
<fluvvell> genii: yes, but grub complains that it can't mount that when I have the md0 mounted to chroot into
<fluvvell> genii: so should I change the sata plugs so that one of the array elements is sda1 ?
<fluvvell> guntbert: sorry, too quick to type before checking who to reply to :-)
<guntbert> fluvvell: np - please keep to genii - no raid experience here
<fluvvell> I'll reboot with that and see. I've tried so many combinations so far, (thanks guntbert)
<guntbert> fluvvell: Good luck :-)
<fluvvell> guntbert, I need it. I'm onto day 3 of outage and worried.
<genii> Sorry on lag, work requires me for periods here (this why I am mostly /away currently)
<mcas> hi
<Doonz> Hey guys im looking for a tutoreil that would show me the idiot steps (as in every step from a to z) in regards to starting up ubuntu server and have programs auto start in byobu each in their own window
<mcas> is there a package for icinga?
<fluvvell> genii: grub complains that it cannot mount selected partition - I'm chrooted into the md0, trying to install via grub> root (hd0)       then  setup (hd0,0)
<fluvvell> genii: ok, i used grub-install and now its booting! I just have an issue with fsck to work out re uuid,
<Bookman> I was running 9.04 and was able to share my laser printer over the internet with CUPS with no issues.  I recently upgraded to 9.10 and now I can no longer access my printer over the internet.  Not sure what to check.
<Bookman> It allows printers to print to it over the local network with no issues though.
<mrbig4545> hey guys, ive installed ubuntu server, i want to set up apache2 + svn+ dav
<mrbig4545> but i cant find mod_dav_svn anywhere
<mrbig4545> any ideas?
<mrbig4545> hmm, i think its coz universe isnt working proper
<ziesemer> I've been working on getting a similar setup complete.
<ziesemer> As I recall, I just built SVN from the latest source (since the latest available in the Ubuntu repositories always seems a bit dated), and mod_dav_svn is built as part of this.
<mrbig4545> apparently i need libapache2-svn
<mrbig4545> but aptitude says it doesnt exist
<mrbig4545> i think my repos are configured wrong
<mrbig4545> ziesemer: does sound like a plan
<Bookman> Where can I find information on setting up my 9.10 machine for syslog serving?
<guntbert> bookman its rsyslogd now - somewhere I have something
<maxb> man rsyslog.conf would probably be a good start
<guntbert> Bookman: http://www.ubuntu.com/system/files/CentralLogging-v4-20090901-03.pdf and http://kwlug.org/files/2009-08-10-syslog-servers.pdf
<Bookman> guntbert, Thanks!  Perfect documentation.
<Bookman> guntbert, and the kwlug reference is local for me.
<guntbert> Bookman: glad to help - I already made good use of it :)
<da65> hi all
<da65> Deb etc is dead soon
<da65> I need to install another system
<da65> bunt server any good then?
<da65> I need root tho
<da65> well thanks for your help anyway
<irc_newb> can anyone help me with my ssh server?
<jpds> Some people don't know the meaning of patience.
<kees> mathiaz: say, can I give you the exim4 merge?  (or to ttx maybe?)
#ubuntu-server 2009-12-24
<Skaag> I'm trying to install Ubuntu 8.04 on a machine with an Intel 82576 NIC (drive name is 'igb')
<Skaag> It doesn't detect the network card
<Skaag> I can only find a driver for Redhat & Suse, on SuperMicro's site
<ziesemer> Skaag what is SuperMicro? Can't you get a driver directly from Intel?
<Skaag> I don't really know how to do that
<Skaag> what to get
<Skaag> how to prepare it so that Hardy's Install CD will see it
<twb> A driver for what?
<Skaag> for Intel's 82576 network card ('igb' module)
<Skaag> It works in Jaunty
<Skaag> but I'm supposed to install 8.04 LTS on this box
<Skaag> I wish I could just install Karmic on it
<ziesemer> Just install Hardy.  It doesn't need the network to work right away.
<Skaag> and then?
<twb> Skaag: it's part of the mainline kernel
<twb> Skaag: to get it to work on Hardy, you'll need to install a non-Hardy kernel
<Skaag> I see
<ziesemer> Can't he install as a module otherwise?
<Skaag> if I mount the karmic cd?
<twb> ziesemer: if it was packages as a standalone module, perhaps.
<Skaag> can I install its kernel  on hardy?
<twb> ziesemer: as it is, I don't know.
<ziesemer> I'm looking on Intel...
<ziesemer> They always seem to have pretty good Linux support.
<twb> Skaag: it's usually a very bad idea to install packages -- especially low-level packages -- from a different release.
<twb> ziesemer: good support means that it's in the kernel, not that you download a shitty third-party driver.
<twb> Installing third-party drivers is also a good way to make your system unstable.
<ziesemer> Yes, exactly:  http://downloadcenter.intel.com/detail_desc.aspx?agr=Y&DwnldID=13663
<ziesemer> twb:  It may not be exactly desired, but it'll meet his requirements.
<ziesemer> Skaag:  There's a readme in the download.  Just compile and follow the instructions after you install Hardy.
<twb> Skaag: what's your reason for running Hardy?
<ziesemer> It's not like it's a "binary BLOB", as used with some video drivers.
<Skaag> I need to compile this on another 8.04 that works already and is connected, right?
<ziesemer> Hardy is also LTS, remember.
<Skaag> twb: It's requested by some company I work with
<twb> ziesemer: yes, that's my guess.
<Skaag> They want 8.04 because it's LTS
<ziesemer> Skaag:  You could, but I'd just run it on the machine you need it on.
<twb> Skaag: what I'd tell the company is that you can install 8.04, but you'll need an out-of-band driver -- or you can install a non-LTS release and upgrade to 10.04 in a few months.
<twb> Both suck, so IMO it's best to leave the decision to the customer
<ziesemer> I just went through all this on a system with a Realtek network card.  My only issue was that the r8169 driver from Realtek's web site wasn't updated yet for the latest 2.6.31 kernel, so it won't compile without some patchwork, or until Realtek updates it.  In this case, Intel last updated the driver just last month, so I doubt you'll have any issues.
<Skaag> ziesemer: I need to find a way to copy it there... along with build-essential... without a network!
<Skaag> 10.04 is the next LTS?
<Skaag> how long until that's out?
<ziesemer> 10.04 would be roughly April 2010.
<pting> is it just my network, or is amazon.com down?
<ziesemer> Skaag:  Especially if you use the DVD installation of hardy, you should have most everything you need available, including build-essential.
<ziesemer> pting:  It's just your network.  :-)
<ziesemer> Skaag:  Otherwise, you can always "sneaker-net" the packages, using a USB flash drive, etc.  Or just temporarily install a compatible network card.
<Skaag> I don't have physical access to the machine, just IPMI, so I can connect my local cd-rom, and my local flopy
<Skaag> floppy
<Skaag> all the iso files are on my laptop here
<ziesemer> Well, after you complete the initial install, you can always create new .iso's containing the files you need, if necessary.
<twb> Skaag: can you have a waldo add a second NIC to the machine temporarily?
<twb> Skaag: or use IP-over-1394?
<twb> If it has to be via CD, you can use jigdo to create a CD with the packages you need.
<Skaag> jigdo sounds like the only option I have
<twb> What kind of box is this?
<twb> Normally I would just slap in an e100 for a few months, then upgrade to 10.04
<Skaag> 10.04 is available now?
<Skaag> ok sorry
<Skaag> don't answer that
<Skaag> I just re-read what you wrote
<Skaag> I'm just really tired
<Skaag> there's nobody I can speak to right now, so I can't have anything put into the server
<twb> I hate hardware
<Skaag> oh man, so do I
<twb> When computers run entirely in software, I'll be happy
<Skaag> every hardware manufacturer and his own stupid proprietary crap
<ziesemer> They do.  Enter virtualization.  :-)
<twb> ziesemer: SOMEONE is still responsible for the hardware
<Skaag> I actually believe in Open Source hardware
<Skaag> And its adoption by companies
<Skaag> like, ok, here's a standard for implementing a network card
<Skaag> and companies will just make cards to that spec
<twb> There are like four pieces of fully open hardware
<twb> Everything else just has open drivers and -- if you're lucky -- a well-documented ABI
<neezer> hello
<ziesemer> I had to replace a failed motherboard with a different replacement, so a new on-board LAN controller.  My configured VLAN is no longer receiving traffic, but everything else is working.  Just ruled out driver issues, as it works on a reinstall to a different hard drive.  Is there anything else that needs to be cleared out due to this, e.g. a MAC address stored somewhere?
<twb> ziesemer: yes
<twb> ziesemer: udev remembers MAC -> interface name mappings
<twb> ziesemer: delete the relevant file in /etc/udev/rules.d/
<twb> Or reconfigure everything to operate on eth2
<ziesemer> twb: Done, both ways.
<twb> That's the only place the MAC is stored on a typical 8.04 system
<twb> s/system/server/
<ziesemer> Originally tried removing the old rules, to keep everything on eth0 and eth0.*.  Then tried moving to eth1 and eth1.*, in case there was something funny about eth0.
<ziesemer> Is actually a Karmic / 9.10 system.
<ziesemer> Or what else can I do to essentially "reset the network" without having to re-install the entire system?  (It works on a fresh install to a new HD.)
<twb> I have no experience with non-LTS releases, sorry
<ScottK> ziesemer: I'd grep -r "[MAC address]" * in /etc
<ScottK> I think I was running Feisty the last time I had deal with this.
<ziesemer> Only result is in the /etc/udev/rules.d, which I already edited.
<ziesemer> I guess a reinstall won't hurt, except for the time.  But I'll probably make up for it by the time I figure this out.  But I really want to figure this out, in case it happens again...
<ScottK> You did restart the machine after editing that, right?
<ziesemer> Yep.
<neezer> hello
<neezer> does anyone here know much about getting remote desktop to work via ssh?
<ziesemer> By Remote Desktop, do you mean the Windows tool?  I.E., using SSH to secure your RDP traffic?
<neezer> I'm not sure.
<neezer> I just want to be able to see the desktop on my media server and use my mouse on it in a window.
<neezer> I am not exactly sure how I was doing it before, but I had it working with putty on vista. now i just have ubuntu on my laptop with ubuntu also on my server box.
<twb> ziesemer: on Windows, RDP is called "tsclient"
<ziesemer> twb:  Yes, but that's not what he's looking for here.
<twb> neezer: if your media server runs Linux, the easiest thing is to use VNC (over SSH, for security).
<ziesemer> neezer: Well, that's kind of off-topic for here, but especially if you're doing Linux -> Linux, you'd either want X11 forwarding, or probably VNC.  Check out https://help.ubuntu.com/community/VNC .
<neezer> how do I do that?
<twb> "ssh -fX fs oowriter" is also pretty easy, I guess :-)
<neezer> I guess I have been doing x11 forwarding. I have been opening things like gedit, firefox just to test it, fahmon.
<twb> neezer: that's X forwarding, yes
<neezer> I read somewhere that i could use the command gnome-desktop when ssh'd into my server to see the desktop...it gives me errors.
<twb> X forwarding just runs applications (or even an entire desktop) remotely.
<twb> It doesn't let you view what's on another desktop -- for that, you need VNC
<twb> But as ziesemer points out, GUI stuff is off-topic here.
<neezer> I guess I'm missing something. You are saying that x forwarding would allow me to run an entire desktop. then right after it you say it doesn't let me view another desktop.
<twb> neezer: GNU/Linux can display an arbitrary number of desktops concurrently
<neezer> I think I get it.
<neezer> if someone were logged into my server at home while I was away, we couldn't share the same desktop and watch each other do work with x forwarding.
<neezer> in order for two people to view the same desktop you need vnc?
<twb> neezer: or some other desktop *export* system
<twb> VNC is the only one that's widely available
<neezer> i see.
<neezer> so using x forwarding I should be able to pull up a desktop and control it remotely with ssh?
<twb> neezer: yes.
<neezer> cause that is really all I need.
<neezer> thank you.
<twb> For example, you could run Firefox remotely
<neezer> yes. and I have.
<twb> Except for thin clients, you wouldn't normally forward an entire desktop
<neezer> I just run into problems when I try to run the desktop.
<neezer> oh.
<neezer> so I need to go to ubuntu-gui??
<twb> Dunno
<maxgqc> i'm running a wisp (wireless isp). I have a linux bridge proxy cache server between my router and the lan/wlan. I'd like to get statistics on bandwidth usage of each station. Does anyone know something that could do that ?
<ziesemer> So my VLAN issues appear to be due to the physical interface being part of a bridge (bridge_ports in /etc/network/interfaces).  If I remove the bridge, then everything works as expected.  Could this be driver specific?  (It worked with my old motherboard, same installation.)
<twb> I've only ever put a bridge on a vlan, not the other way around
<ziesemer> Well, I need to bridge VirtualBox to the "untagged VLAN".
<ziesemer> So previously, I had eth0 (physical), eth0.5 (vlan), vbox0, and br0.  br0 was made of eth0 and vbox0.
<ziesemer> Right now, VirtualBox isn't even in the equation.  The moment I add only eth0 to a bridge "br0", the VLAN transmits, but no longer receives traffic.
<twb> ziesemer: that would be a bridge on top of eth0.0
<twb> Or eth0.1 or whatever your untagged vlan is
<twb> Hmm, does Linux use raw "eth0" for untagged packets?
<ziesemer> "eth0" was working for me, prior to replacing the Motherboard and getting a new network controller/driver.
<ziesemer> Should eth0.0 work?
<ziesemer> Maybe that's my entire issue?
<twb> As "ip addr" which interfaces have IPs
<twb> Here, eth0.0 and eth0.1 have IPs
<twb> (that's on a 2.4 kernel OpenWRT)
<ziesemer> I'll try declaring my "eth0" as "eth0.0" instead...
<ziesemer> Seems like it must be eth0.0000 .  This fixed communication on my VLAN.  But now I have no communication on the untagged VLAN...
<ziesemer> Basically same as before.  eth0.0000 is transmitting traffic, but not receiving.
<ziesemer> Looks like someone else had my issue:  http://www.mail-archive.com/bridge@lists.linux-foundation.org/msg01269.html
<Jeeves_> ziesemer: Is that box using udev too?
<ziesemer> "that box"?  Yes, I'm using udev, I think...
<ziesemer> Basically, I mostly solved my previous "VLAN" issue.  It appeared that VLAN was broke on my new network controller with different drivers.  However, it is only "broke" when I attempt to bridge the untagged (physical) interface.
<Jeeves_> ziesemer: Udev might be renaming your interface
<Jeeves_> look in /etc/udev/rules.d/70-persistent-net.rules
<ziesemer> I don't think this is the issue here...
<Jeeves_> If your old interface is mentioned in there, you might get weird results
<ziesemer> I've now reinstalled since the motherboard replacement.
<ziesemer> That rule file has only one line for my physical adapter, naming it to eth0, which I believe is correct for my setup (?).
<Jeeves_> Ah ok
<Jeeves_> I've never experienced the issues you describe above
<ziesemer> Do you have a setup with both bridging and vlans?
<Jeeves_> Yes, although without a native vlan
<Jeeves_> But i've had that before
<ziesemer> As did I - before I had to replace hardware...
<Jeeves_> ziesemer: What switching hardware are you using?
<Jeeves_> Should be a real issue if you push it tagged to the switch, iirc
<ziesemer> A Dell PowerConnect.  Guess I could just reconfigure it to send all untagged traffic to this box as a new tag...
<Jeeves_> iirc, with Cisco, if you put the native vlan tagged in the trunk as well, it'll stop using the native vlan and start using the tag
<Jeeves_> Not completely sure though
<Jeeves_> Anyway, have to go
<ziesemer> At least on the PowerConnect, the "untagged" traffic is actually VLAN1 - which is just configured to untag on all ports by default...
<ziesemer> Thanks for the insight.
<Jeeves_> np, good luck
<quietone> newbie here. I'm trying to setup a home network to run a calendar for the family. I followed instructions at UbuntuGeek and it seems to work fine on the host machine (mine). But I can't get another machine to access the calendar or publish.  I've skimmed the server guide but it doesn't seem to fit what I am trying to do.
<twb> quietone: what kind of calendar?
<twb> The traditional kind of email-based BSD calendaring is, I suspect, not what you mean
<Aison> hello
<Aison> how can I bring rsyslogd to accept external logmessages over network?
<Aison> I uncommented this lines in rsyslog.conf
<twb> Aison: isn't that covered in the ubuntu server guide?
<Aison> $ModLoad imudp
<Aison> $UDPServerRun 514
<quietone> I found a page describing how to set up a remote calendar using webDAV and mozilla songbird
<Aison> but it dont help
<twb> quietone: ITYM sunbird (iceowl).
<Aison> twb, maybe? but where?!
<twb> Lemme look...
<quietone> twb: ? new to chat too and don't know what you are saying
<twb> quietone: the Mozilla calendar application is called "sunbird", not "songbird".
<twb> Aison: I can't find a mention of it, so ignore me.
<quietone> twb: yes, it was a typo.
<twb> quietone: where is this page you're reading?
<quietone> twb: i'll be a minute as I figure out tinyurl again ... and help a child who just called....
<quietone> twb: I used this:   http://tinyurl.com/yfc2xpj
<qman__> quietone, well I see the problem
<qman__> that doc is from november 2007
<qman__> stuff has changed a lot in the last two years
<quietone> qman__: ok, where do I start?
<qman__> well, I haven't set anything like that up, but you should always start with official documentation first
<qman__> the ubuntu server guide, official help and wiki, etc
<quietone> qman__: I have read through the ubuntu server guide and it hasn't help me.
<qman__> ok, well it looks like a pretty straightforward setup from what I've read so far
<qman__> I don't know anything about the calendar bit but I know a lot about apache
<qman__> first make sure it's running and what port it's on
<quietone> qman__: thanks, yes apache2 is up and running. I have it on 80 but would like the calendar to use another, if possible so apache is listening on two ports.
<twb> quietone: I kinda suspect you just need to tell apache to allow remote access instead of just localhost
<qman__> quietone, that's possible but it's a little more complicated
<qman__> you will need to create a second site configuration, using another virtualhost for it
<qman__> but first just try to get it working
<twb> I hate vhosting
<quietone> qman__: that's fine I am happy to keep it simple and use 80.
<twb> Because we don't have split-horizon DNS in the office, so the multi-homed server needs at least foo, foo.office.cybersource.com.au and foo.cybersource.com.au for any given vhost, and whoever sets up each vhost usually forgets two of the three.
<twb> That and it means DNS needs to work in order to get to the vhosted pages
<qman__> yeah, it can get frustrating when stuff just doesn't want to work
<qman__> and I always end up having to mess with /etc/hosts to get apache to stop complaining
<qman__> even when DNS is correct
<qman__> quietone, the next step is to make sure you're answering web requests, so open up http://localhost/ on the server if you have a browser on it, and open up the server's name on the other computer
<qman__> if you get an "It Works!" page or a directory listing, you're good
<qman__> on both machines that is, if only localhost works we've narrowed the problem
<quietone> qman__: it works on the host only with 127.0.0.1. Both machines fail with my static ip address.
<qman__> ok
<qman__> I'm guessing you don't have a firewall configured, and in that case apache would only be listening on localhost
<qman__> run the following and paste (or pastebin if it's long) the result
<qman__> grep -R "Listen" /etc/apache2
<quietone> We have three machines behind a router for a firewall.
<qman__> I mean on the machine running the calender
<qman__> are both the server and client behind the same router?
<quietone> yes. since I don't know pastebin yet. Can I just confirm that apache only knows about 127.0.0.1
<qman__> well
<quietone> qman__: Yes server and client (my machine) are behind the same router.
<qman__> if you have any Listen lines (that aren't commented out) that specify an IP address, change them to only specify the port
<qman__> grep -R shows you which file each line is in
<qman__> if none of them are specifying an IP, then you need to check the site virtualhost configuration
<qman__> which, with only one default site, should be *:80
<quietone> ok i'll be a few minutes
<quietone> qman: both my machine and my partner's' now get the "It works" with my static IP. Yippy!
<qman__> great
<qman__> hopefully the calendar will work now
<qman__> DAV and sunbird are beyond my expertise, so if apache's working that's all the help I can provide anyway
<quietone> qman__: you've been extremely helpful. we just tested and hubby got to the calendar! that is all we want to do!
<j416> Hi. Does anyone know of a good guide on how to set up a CA and create a root certificate?
<qman__> j416, https://help.ubuntu.com/9.10/serverguide/C/certificates-and-security.html
<j416> qman__: thank you! reading
<j416> perfect
<j416> this'll do
<j416> I hope
<qman__> it really boils down to just a few commands to get going, but you need to understand what's really going on, that's why it's a bit wordy
<qman__> CA part is below the certificate part
<j416> yeah I found it
<j416> thanks
<j416> I understand the concepts, but not the complicated syntax
<qman__> lots of options
<j416> indeed
<mcas> hi again
<mcas> is there a package for icinga?
<mcas> or is it ok if i try to build one?
<_ruben> !info icinga
<ubottu> Package icinga does not exist in karmic
<Thugal> icinga is an interesting project, adding some functionality to nagios that has been very slow in coming.  But version 1.0 was released on the 16th of this month.  I'm not aware of anyone packaging it yet
<mcas> Thugal: i could try the build
<blistov> anyone have openvas-server running on karmic WITH a plugin feed?
<blistov> I seem to be missing the binaries to sync.
<blistov> nvm.  bug #486790
<uvirtbot> Launchpad bug 486790 in openvas-server "openvas-server is missing openvas-nvt-sync script" [Undecided,New] https://launchpad.net/bugs/486790
<Matuku> I've just made a bit of a boo-boo whilst messing around with my server; I think i've managed to strip my main account of sudo priveleges...
<ScottK> Do you have physical access to the box?
<Matuku> No screen attached atm but if necessary I could get one
<uvirtbot> New bug: #500179 in likewise-open5 (universe) "package likewise-open5-eventlog 5.0.3991.1+krb5-0ubuntu2 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/500179
<Matuku> I was attempting to add the user to a new group but forget the -a so it's stripped it from all the others
<ScottK> You can reboot and locally select the recovery option.  That'll give you a root shell you can fix it with.
<Matuku_14> What do I need to do? Just add them to admin group again?
<ScottK> Should be.
<Matuku_14> Seems to have done it :)
<Mrseek> hello
<Mrseek> is there any good documentation on the upstart process for ubuntu ?
<tesseracter> im putting my 2 ssds on raid0, with backup to a 2tb external, and want to figure out what settings would be best in terms of stripe size and such.
<Hypnoz> in the command "find . -name file -exec chgrp woot {} +"  it seems I need the + at the end, but anyone know what thats for?
<Hypnoz> http://www.linuxjokes.com/
<uvirtbot> New bug: #498152 in samba (main) "Problem with Ubuntu 9.10 to Windows XP file share" [Undecided,New] https://launchpad.net/bugs/498152
#ubuntu-server 2009-12-25
<uvirtbot> New bug: #500272 in qemu-kvm (main) "qemu-kvm 0.12.1.1 needed (KSM not available in current 0.11 version)" [Undecided,Confirmed] https://launchpad.net/bugs/500272
<qman__> anybody here use apcupsd? I have it connected and apparently working, since it detects the model correctly, but it's not showing battery status messages of any kind
<PC_Nerd101> Hi - I'm setting up apt-cacher and thei bug reported in https://bugs.launchpad.net/ubuntu/+source/apt-cacher/+bug/423340 says that the status has been changed to Fix Released - however eth version in the karmic repositories is still 1.6.8 instead of 1.6.9 which is the version in the debian repositories which is the fix....    Does anyone know when this fix will be pushed through the package repository?
<uvirtbot> Launchpad bug 423340 in apt-cacher "Error reading from server - read (104 Connection reset by peer) (dup-of: 83987)" [Undecided,Confirmed]
<uvirtbot> Launchpad bug 83987 in apt-cacher "apt-cacher doesn't know about Translation-[lang].bz2 files" [Medium,Confirmed]
<Psi-Jack> Does anyone here do anything like keepalived, heartbeat, pacemaker, for routers with failover to backup router?
<klear> Hello everyone, I'm having problems SFTP'ing into my server -- Filezilla says "Fatal: unable to initialise SFTP on server: could not connect" -- Can someone help me troubleshoot this?
<qman__> brilliant -- "Terminating due to configuration file errors."
<qman__> yet it provides no functionality for me to find out what the problem is
<klear> I was trying to setup chroot with RSSH and then with SCPONLY and now SFTP is dead
<Psi-Jack> Guessing nobody presently here knows much about clustering routers, eh?
<qman__> no, sorry
<qman__> currently wrestling with apcupsd
<Psi-Jack> heh
<Psi-Jack> I've been trying various methods of router clustering and it's painful.
<Psi-Jack> heartbeat is the easiest of all, but also ANNOYINGLY deprecated.
<qman__> I know about the theory and methods, but no practical application
<Psi-Jack> keepalived is working, but it's causing elections every second, or whatever my advertising interval is set to.
<qman__> learned from cisco stuff
<Psi-Jack> Yeah.
<Psi-Jack> I'm, just finding it very wierd that I'm doing it with keepalived with both routers holding onto my external IP address simaltaneously, and keepalived just pops the internal routing IP on the active node.
<Psi-Jack> heh, and it's not causing a conflict.
<qman__> I guess I'll just let the thing charge up before I mess with it any more
<qman__> I just replaced the battery and got a cable for it at the same time, previously it was just doing its own thing
<qman__> I have full connectivity, I'm just not getting any information about the battery
<qman__> everything is NA or 0
<subanomic> hi
<subanomic> can someone convince me to use Ubuntu on my server rather than Debian?
<jurisz> where can I get fair comparision of virtualisation software for servers? tnx
<cemc> hi. I have an ubuntu hardy server install, and I'm getting this in the mail http://pastebin.ubuntu.com/346371/. how can I get rid of it ?
<Thugal> https://bugs.launchpad.net/ubuntu/+source/apt/+bug/223502
<uvirtbot> Launchpad bug 223502 in apt "apt cron.daily script doesn't check value-existence" [Low,Fix released]
<subanomic> how big should my /var partition be on a debian server (running a webserver, mail server, ftp server)
<subanomic> oh, meant ubuntu server, sorry
<hjmf> subanomic: it depends on how much data are you expecting to store in it
<hjmf> subanomic: if it doesn't need to have much user data you can place 30GB to / maybe some to /tmp and all the rest to /var
<subanomic> kk
<hjmf> subanomic: consider to configure your partitions in LVM, hence you can add disks and resize at pleasure
<hjmf> subanomic: also use at least a raid1 if the data in /var is critical
<hjmf> htht
<hjmf> hth
<Aison> hello ;)
<Aison> i've got a dhcp device on my router (running ubuntu server). how can I avoid that dhcpclient overrides my default route and resolv.conf entries?
<qman__> Aison, I'm not sure if/how to stop it, but I have worked around it by adding a script in /etc/dhcp3/dhclient-exit-hooks.d/
<qman__> that changes settings after each renewal
<Aison> kk
<Aison> qman__, I guess I found a nicer solution ;)
<subanomic1> i there
<subanomic1> hi there*
<ghostlines> anyone know if it's possible to override ethernet duplex speed? Our sys admin changed the the lan speed from 100mbit to 10mbit.
<jmarsden> ghostlines: man ethtool
<ghostlines> thanks alot I'll check it otut
<jmarsden> You're welcome.  Something like sudo ethtool -s eth0 speed 100   # should help
<Neut> in unicode, is valid NFKC also valid NFC?
<jurisz> what virtualization software do You recommend? I want to run now only one guest operating system and virtualization is needed to monitor hardware performance and to ahve ability to restart server if it is overloaded...
<jpds> jurisz: KVM?
<Xodiac13> is there anyway to install ubuntu 8.04 server on a headless machine
<Xodiac13> or latest ubuntu like 9.10 server
<Xodiac13> help plz
<Xodiac13> is there anyway to install ubuntu 9.10 server on a headless machine
<Xodiac13> #Ubuntu
<viezerd> maybe you can try install on a machine with similar hardware and then switch disk into the headless
<Xodiac13> viezerd: yeah im thinking im going to have to find a monitor its going to get to complicated i was thinking i could install it on a thumbdrive and put it in the machine but then how would i be able to boot the flash drive if i cant choose that option and then i want to install it on the hd
<Xodiac13> i installed torrentflux on my ubuntu server but sometimes i will be able to connect to it lastnight i was able to and now i cant is there anyway to get it to work
<Xodiac13> i installed torrentflux on my ubuntu server but sometimes i will be able to connect to it lastnight i was able to and now i cant is there anyway to get it to work
<jpds> Xodiac13: Erm, did you make sure to ratelimit your torrent client?
<Xodiac13> jpds: uh no lol well now i have another problem everything was going good and now when i do file sharing it doesnt show up in networks but i can still connect to it with webmin
#ubuntu-server 2009-12-26
<Xodiac13> jpds: i didnt start downloading anything with torrentflux i just took a look at it
<jpds> OK, no idea what could be the problem.
<Xodiac13> jpds: and one time it switched ip adresses
<marks256> how do i list what file system is on a parition?
<jpds> marks256: 'mount' ?
<marks256> jpds, it's not mounted. i need to know what fs it is so ic an mount it
<jpds> marks256: devkit-disks --show-info /dev/sdNN
<marks256> jpds, devkit-disks errors out
<marks256> something about nto being able to connect to the system bus
<jpds> 13
<jpds> marks256: Hmm, and mount doesn't automatically find the filesystem?
<marks256> jpds, there is no reason it should. the drive is not mounted. i need to know the file system so i can add it to fstab
<marks256> jpds, got it. used parted.
<marks256> m
<Neut>  
<bep> what is a good dlna server app? ive read good things about fuppes but it was last updated in 2007
<uvirtbot> New bug: #500457 in samba (main) "Please backport fix for point&print samba support" [Undecided,New] https://launchpad.net/bugs/500457
<marks256> how can i partition a drive ext4?
<cverde> Hi, I was wondering whether anyone could tell me the difference between `export -a` and `export -r`?
<cverde> exportfs, even.
<cverde> Whoops.. Me being a numpty ^^ Ciao,
<jeeves_Moss> what would cause postfix not to start @ boot, and when I pull a "/etc/init.d/postfix reload" I get "error: unknown command: 'quiet-reload'".   This is a v-hosted system
<jmarsden> jeeves_Moss: Sounds like your postfix init script is trying to run a nonexistent command... did you or someone else modify it?  WHat version of Ubuntu Server are you running?
<jeeves_Moss> jmarsden, I inhearited this mess from another guy.  I think he installed it from source, and I've tried to move it to the repos
<jmarsden> jeeves_Moss: Did you remove /etc/init.d/postfix before you installed the packaged version of postfix?  Or could it still be a "from source" version lurking there?
<jeeves_Moss> jmarsden, I don't remember killing that script.
<jeeves_Moss> jmarsden, let me have a quick look though
<jmarsden> Then I'd suggest going around ( save any custyom config files you need, then sudo apt-get purge postfix, then rm anything left of postfix at all, in /etc and in /usr/local, and then  sudo apt-get install postfix )
<jeeves_Moss> jmarsden, http://moseley.ca/postfix
<jmarsden> That's the same as mine, so the change / error is somewhere else.  Did you remove /etc/postfix/postfix-script before your package install?
<jmarsden> jeeves_Moss: In my /etc/postfix/postfix-script there is code that removes the quiet- prefix from the command arguments sent to postfix; if your postfix-script is different and lacks that code that could explain the error you are seeing.
<jeeves_Moss> jmarsden, ahhhh, thanks.  I'll have a look again
#ubuntu-server 2009-12-27
<blistov> I have an md raid5 of 3 discs sd{d,e,f}1 .  When I boot to my karmic install, there is an incorrect device node /dev/md_d1, which is grabbing 1 of d,e, or f, but not initializing any raid.  one of the 3 drives is bind binded, but not used. this means I can not create a useable array.  anyone know how to make this stop?
<blistov> I've been at this for an hour trying to figure out what is happening.
<lamont> jmarsden: you wound up with upstream's postfix-script, instead of the packaged one
<jmarsden> lamont: Not me... jeeves_Moss is the one with the issue.  I was trying to help.
<lamont> oh. yeah.  him them.
<lamont> s/them/then/
<jmarsden> But yes, that makes perfect sense since jeeves_Moss had an earlier "from source" postfix installation which was being replaced by the packaged one.
<jeeves_Moss> jmarsden, thanks.  I found out what it was.  it was a hooped aliaises.db file
<jmarsden> jeeves_Moss: OK, glad all is now fixed.
<jeeves_Moss> jmarsden, next up, trying to figure out why I can't send e-mail through the Postfix server from my pocketPC
<jmarsden> Can you send mail through it from other devices (such as a local PC other than the server) ?
<jeeves_Moss> jmarsden, yep, everything else sends properly
<jeeves_Moss> on the PPC, I'm getting a connection error using the same settings as the desktop
<jmarsden> Then it sounds like a config issue on the pocketpc... is it authenticating, and how far does it get before it fails?
<jeeves_Moss> on the PPC, there is no way of seeing what it's doing.  I don't even think it logs by default
<jmarsden> So read the postfix logs, and if necessary run tcpdump or wireshark on the server to see what it sees at the network level.
<jeeves_Moss> jmarsden, yea, I know.  I'm not that excited about it.  it's more of a "nice thing" to have
<jeeves_Moss> ok, I think I figured it out.  there was no auth required after pop/impa login
<Aison> evening
<Aison> i'm trying to define some ip routing rules with ip rule add
<Aison> how can I define a rule concerning packets from local processes?
<Aison>  ip rule add from [local]
<Aison> like
<jmarsden> Aison: from 1.2.3.4   # if 1.2.3.4 is your local IPv4 address... or isn't that good enough for whatever you are trying to do?
<Aison> jmarsden, i've got around 8 local addresses ;)
<jmarsden> So write 8 rules :)
<N6REJ> hey guys, this old dinosaur needs a refresher... whats with the "Virtual Machine Host" setting in 9.1 server edition?  Never heard of that b4... don't konw MUCH about VM's either.
<j416> N6REJ: are you referring to the installer?
<N6REJ> j416: yes
<N6REJ> i'm a bit confused
<jmarsden> It's just a selection of packages that will be installed, intended for use if your server will run virtual machines.  If you don't want it or son't understand it, don't check that checkbox.
<N6REJ> I've got a dinorsaur thats been running server edition since before fiesty... and sudenly last nite after the kernel patch, it got very confused and crashed.....
<j416> I'm not entirely sure myself, I read a bit about it before when I installed my machine. My conclusion was that it basically avoids installing things that won't generally be needed for a VM.
<N6REJ> in the process i lost everything in the /home *sigh*
<N6REJ> so I'm reinstalling
<N6REJ> well, if i could pick anything I'd love to be able to "see" the server from my windwos client ( servers desktop ) that is.
<N6REJ> but I don't think thats VM
<jmarsden> N6REJ: See... as in see disk space?  See shared printers?  ssh into it?  what kind of visibility to you have in mind?
<N6REJ> jmarsden: in the past i've always just ssh'd in and done what i needed like a "NORMAL" server
<jmarsden> Then the only selection you need to make for that is openssh-server.
<N6REJ> but there are a few programs, like games, i'd love to have open as a window with that game actually running on the server instead of on my windows box
<N6REJ> i think thats "remote desktop" right?
<N6REJ> the server is our "file server" i.e. backup locatoin... and would make a nice linux Sandbox
<jmarsden> You could run an RDP server on the server machine, or you could run a X display server on the Windows machine, or use any of many remode desptop protocols, VNC would be once choice...
<j416> N6REJ: https://help.ubuntu.com/community/JeOSVMBuilder
<jmarsden> WHich is "best" depends on the nature of the games concerned
<N6REJ> mmmm kk...
<N6REJ> yeah
<N6REJ> i know adobe HATES nix.. and thats one app i'd have to have working 100% but i think i'm xing lines again.
<N6REJ> too many new ways of cooking LOL
<N6REJ> ok, last question i think...
<jmarsden> If you really want to get funky, use the new SPICE remote app which can use the client graphics card to run games etc on the server...
<N6REJ> the server is behind my router NOT accessible to the net anymore so then our clients are...
<N6REJ> OH SWEET
<N6REJ> i'll look that up
<N6REJ> i forget the term on the router but its turned off
<N6REJ> not jailed
<N6REJ> hmmmmmmmmmmmmmmm
<j416> NAT?
<N6REJ> DMZ
<j416> ok
<N6REJ> yeah, the lan is FULLY nat'd
<N6REJ> 192.168.1.x
<N6REJ> all ports closed etc...
<jmarsden> Your server and client PCs are not reachable from the Internet, they are on a private subnet.  OK.
<N6REJ> yep
<N6REJ> ok.. so only thing i need the server to know is how to talk to the clients and check for updates and wget when i ask
<jmarsden> Where's the question?
<N6REJ> stuff like that
<N6REJ> so.... do I need/want a dns server for that? or is it complicating matters
<N6REJ> personally Bind drives me insane
<jmarsden> If you have enough clients on your local LAN, a local DNS server is nice to have.  But it's not a requirement.
<N6REJ> the FQDN we've used in the past is hallhome.lan
<N6REJ> 3 currently and will be 5
<N6REJ> clients that is
<jmarsden> Then it's not worth running DNS, especially if you hate doing so :)
<N6REJ> its just confusing to setup
<j416> N6REJ: if your network is small, it may be easier to just define, say static DHCP IPs in your router, and map them up using hosts files.
<jmarsden> If you had said 50 clients I might have suggested otehrwise :)
<N6REJ> yeah
<N6REJ> ok cool.. and if I do put the dns on is it "caching"?
<N6REJ> there used to be a program where you could config via the web, like cpanel but thats gone
<N6REJ> webmin i believe
<jmarsden> Well, caching is so you can use it to resolve other people's (Internet) DNS names etc.
<N6REJ> well i would need that to get updates right?
<jmarsden> Read the Ubuntu Server Guide.
<jmarsden> No, you can use your ISP's DNS servers for that.
<N6REJ> k, its been a long time so i will
<N6REJ> OH
<N6REJ> ok
<j416> N6REJ: if you don't have your own DNS server, you will connect to a remote DNS server. No problem.
<N6REJ> i'm used to making "real" servers not lan ones... if that makes sense
<j416> the only benefit is that your DNS lookups will work even if your ISPs DNS is down
<j416> and that they will be slightly faster. :)
<N6REJ> and like I said its been almost 7yrs sine i've even touched it other then ssh sudo apt-get update / ugprade LOL
<jmarsden> j416: No, he would also be able to be authoritative for hallhome.lan if he runs his own DNS server...
<j416> jmarsden: I was trying to simplify things :)
<j416> ok :)
<N6REJ> www.hallhome.lan shoudl take me to my sql,mail, what have u
<jmarsden> "The only" is confusing if it is incorrect.
<j416> sorry about that.
<j416> s/The only/The only user-noticable/
<j416> then
<jmarsden> N6REJ: So either you run your own DNS server that knows about *.hallhome.lan, or you use the hosts file on each machine
<N6REJ> ok, so i think the consensus is go ahead and install the dns server.... just use it for *.hallhome.lan as u just said
<j416> ftr, I have three machines in my network, no DNS. It's just a hassle.
<N6REJ> i've been letting the router "assign" it a static ip from the dhcp pool is that ok?
<N6REJ> i understand
<j416> sure.
<jmarsden> Yes, that's OK.  I'd run DNS, but then I run DNS at work for a couple of hundred domains... so bind isn't scary to me :)
<N6REJ> thats why i was grumpy when after almost 12yrs it finally asked to be reinstalled LOL
<N6REJ> well i'm used to setting up LAMP and such.. have for years... but i'm very rusty at server maintence.... last time i did it pro was in 98
<N6REJ> and all the gears dont' mesh these days like they did then
<j416> a server should have a static IP anyway, and the most "correct" way would probably be to set a static IP for the server. I prefer to have settings as central as possible, so I set everything in the router (static DHCP).
<N6REJ> gotcha! same there
<N6REJ> here
<N6REJ> thats why the server holds ALL , music, photos, etc.
<N6REJ> so, no vmh, just lamp,dns,ssh,samba
<N6REJ> sound right?
<j416> if it is VM, why not use the VM installation?
<N6REJ> ?
<N6REJ> wait now i'm confused?
<j416> "Install a minimal virtual machine"
<j416> that one
<N6REJ> the "SERVER" is not virtual
<j416> ok :)
<j416> then I would avoid it
<N6REJ> its a p3-933
<N6REJ> kk
<j416> I'll be running virtual (also reinstalling things here...)
<j416> easier maintenance/backup :)
<N6REJ> i might do that here later but we'll have to see.. right now that spice sounds tasty..
<N6REJ> but it takes me a long time to digest stuff these days
<N6REJ> getting older sucks LOL
<j416> heh
<j416> yeah...
<j416> VM isn't hard though :)
<N6REJ> just think its cause i hav epretty hard wired definitions in my brain... server = hardware...  etc...
<j416> :)
<Zelest> I just replaced my NIC in one of my machines, and now it has eth2 but no eth0 or eth1.. how come it appears as eth2 and how can I rename/make it eth0 again?
<N6REJ> there used to be a step by step walk through guide for server... is it still there?
<j416> N6REJ: there are a few guides on ubuntu.com
<j416> for postfix etc. that seem to work
<j416> helpful.
<N6REJ> j416: ok, i'll look harder
<lamont> Zelest: /etc/udev/rules.d/70-persistent-net.rules or so
<jmarsden> N6REJ: For a basic email setup there is now a postfix-dovecot package
<Aison> Zelest, that's because of a udev rule
<j416> N6-away: start here: https://help.ubuntu.com/community
<N6-away> oh sweet
<N6-away> ty
<N6-away> dovecot is nice.
<j416> jmarsden: cool, didn't know that
<N6-away> tyvm
<j416> thanks
<Zelest> Oh, thanks, I'll look into it. :)
<jmarsden> You're welcome.
<lamont> Zelest: for most personal machines, it's simplest to just remove the file and reboot and let udev figure it out all over from scratch
<Zelest> Aah, nifty! :D
<Zelest> lamont, Yeah, I just saw 2 other NIC's in there and removed those lines.. hopefully that will do it. :)
<lamont> well, fix the remaining one to say eth0....
<Zelest> Yeah
<N6-away> any reason for mysql root pw to NOT be blank in my case?
<N6-away> nm
<N6REJ> jmarsden: u still here?
<jmarsden> Yes
<jmarsden> And you should always put *something* for your MySQL password...
<N6REJ> jmarsden: i'm confused again, i'm sorry... somehow it named itself "server.scrtc.com" not server.hallhome.lan infact it never ask the hallhome.lan question
<jmarsden> But as a network admin I would say that :)
<N6REJ> yeah, thats what i decided
<N6REJ> <==== x network security person
<jmarsden> Most likely you left a box checked so it got its name from your LAN DHCP server
<N6REJ> UGH
<N6REJ> lets c if I remember how to fix this....
<N6REJ> ./etc/hosts i think
<N6REJ> and its at 127.x so thats wrong also
<N6REJ> they've changed the guide... there doesn't appear to be a step-by-step walk through anymore
<jmarsden> Edit there and also hostname -f server.hallhome.lan
<jmarsden> N6REJ: Walkthrough of what?  The basic server install process?
<N6REJ> yeah
<kees> Daviey: say, you been seeing those asterisk emails?
<N6REJ> jmarsden: used to be a step-by-step, do this, then check for this... etc...
<jmarsden> N6REJ: It's not necessary... the basic install is pretty trivial, surely?  What exactly do you need help with?
<N6REJ> jmarsden: after i've got it IN, like i do now....then i need to config samba, dns, etc... there use to be like a checklist kinda thing
<N6REJ> idk how to describe it.
<jmarsden> N6REJ: Ah.  Well... doesn't the Server Guide tell you how to do each one of those things?
<N6REJ> i'm going to look again but i think its more dictionary style then walk through style
<N6REJ> jmarsden: do i remove this line? 127.0.1.1       server.scrtc.com        server
<jmarsden> There are independent "The Perfect Server Guide" type of things but they only work if your needs exactly match those of the guide creator and you don't mind doing exactly what that author thinks is right...
<N6REJ> jmarsden: true
<jmarsden> N6REJ: I'd edit that into  127.0.1.1   server.hallhome.lan server
<N6REJ> jmarsden: i use it as my "gray matter shaker"
<N6REJ> jmarsden: and i need 192.168.1.69 server.hallhome.lan server also don't i?
<N6REJ> so it knows to be on the 192 network?
<N6REJ> althought i'm ssh'd into it now so
<jmarsden> If you have set it up static at that IP, sure.
 * N6REJ is confusing himself
<jmarsden> BTW I just looked, the Server Guide has a chapter on DNS: https://help.ubuntu.com/9.10/serverguide/C/dns.html
<jmarsden> And one on windows networking (SAMA etc): https://help.ubuntu.com/9.10/serverguide/C/windows-networking.html
<jmarsden> *SAMBA
<N6REJ> ty *sigh* i guess i'm not looking hard enough
<N6REJ> probably geting myself overwhelmed
<jmarsden> And a oneliner for installing a postfix and dovecot mail server is there too at https://help.ubuntu.com/9.10/serverguide/C/postfix.html#postfix-dovecot
<jmarsden> Read the Server Guide, all of it, and no other docs.  To get started...
<N6REJ> jmarsden: ok.. ty.. i won't bother you again tonight I don't want to be a troll
<jmarsden> No problem :)
<N6REJ> jmarsden:  i lied i got one last question ( i think ) but it has nothing to do with ubuntu really....... I just found a box labled "domain name" in the router system setup area.... if I put that hallhome.lan will that mess anythign up?
<jmarsden> Not unless your ISP cares about what goes in there, which is very unlikely.
<N6REJ> jmarsden: and then it will automatically be "hallhome.lan on the server and windows machines too right ??
<jmarsden> BTW, general good form here is to ask the question to "the channel" -- whoever is here and knows will try to help you out :)
<N6REJ> ok sorry
<jmarsden> N6REJ: If they all use that DHCP-provided info, yes.
<N6REJ> sweet!
<N6REJ> tyvm!!
<N6REJ> g'nite
<jmarsden> You're welcome.
<uvirtbot> New bug: #499864 in irqbalance (universe) "irqbalance constantly respawning" [Undecided,Fix released] https://launchpad.net/bugs/499864
<blistov> I just build a new md raid5 of three disks using karmic's alternate installer.  When i examine the raid however, i see that there are supposed to be 3 raid devices, but at the bottom there are 4, and one says "faulty removed"
<blistov> anyone know what this is?
<blistov> p.s. one of my 3 disks is being listed as a spare.
<uvirtbot> New bug: #500703 in apache2 (main) "apxs failure regarding httpd.conf and LoadModule " [Undecided,New] https://launchpad.net/bugs/500703
<uvirtbot> New bug: #500746 in postfix (main) "postfix problems, installing wireshark" [Undecided,New] https://launchpad.net/bugs/500746
<Xserver> need a bit of kickstart help with ubuntu on ec2 with persistant filesystem for LAMP
<Xserver> any suggestions
<henriquev> Xserver: is saving a AIM enough for you?
<Xserver> henriquev : I need to save the Mysql files also
<Xserver> saving AIM is a first time job.. but data also needs to be saved for next instances when i reboot the server
<Xserver> maybe some sort of a direct filesystem attached to my instance
<henriquev> Xserver: why not to use the RDS?
<henriquev> I think you can do something with EBS however
<henriquev> not sure
<Xserver> apart from database there are still some custom application on the server
<Xserver> right now ... after googling a lot i found that Booting from EBS will be perfect for me
<Xserver> But there ain't any ubuntu desktop AMI's available on EBS volumes
<AnRkey> i have just booted my server after having to shut it down in a power outage. I noted that my data partition on the server is not mounting. I tried to mount it manually and I get this : mount: /dev/sdb3 already mounted or /media/Data busy
<AnRkey> a reboot results in the same problem
<AnRkey> what can i try?
<RoyK> AnRkey: reboot into single user mode and run fsck on the filesystem
<AnRkey> RoyK, booting live cd now
<AnRkey> and on a friggen sunday :(
<AnRkey> RoyK, i'm a noob :( i should have just done that from the start. I did not do it because I thought it would be the same thing since the partition had not mounted.
<AnRkey> fsck is scanning it now... at last
<AnRkey> and it was a clean shutdown that i did too during a power failure
<AnRkey> how only one partition got damaged in a clean shutdown i will never know
<RoyK> that might happen
<RoyK> but it's RARE
<RoyK> usually something related to hardware
<RoyK> what filesystem?
<RoyK> ext3? ext4?
<RoyK> AnRkey: also, for next time, just boot into safe mode. press <esc> at boot to get the grub menu and choose single from there
<AnRkey> ta RoyK
<RoyK> don't remember what they call it - it's not single - something else
<AnRkey> was not thinking straight, was very very very very very very stressed :D
<RoyK> but is it ext3 or ext4?
<RoyK> understandable :)
<AnRkey> ext3
<RoyK> k
<AnRkey> dont trust 4 just yet
<RoyK> me neither
<AnRkey> hehe
<RoyK> I mostly use ext3 and xfs
<AnRkey> it's pretty crazy out there in fs land right now, with serial killers and fs's being forgotten about
<AnRkey> ext3 has never let me down yet
<RoyK> yeah, wifemurderfs isn't really my thing
<AnRkey> it always comes right no matter what
<RoyK> ext3 isn't very good with large volumes
<RoyK> xfs is better there, just don't use xfs for spool
<AnRkey> it's a bit slow on my ext3 1.5tb volume here
<AnRkey> but runs soooo smooth
<AnRkey> no problems... well until now
<RoyK> I use zfs for large volumes
<RoyK> :D
<AnRkey> fast?
<RoyK> zfs ROCKS
<RoyK> take LVM and a very nice filesystem, some compression, data deduplication, snapshotting, versioning, dynamic expansion etc and add it up
 * RoyK doesn't use linux for large data sets anymore
<AnRkey> ahhh, it's kicking in [the plant :) ]
<AnRkey> yeah, i hate that u have to rape the journal to increase ext3's size
<RoyK> I have this 27TiB zpool on this one box
<AnRkey> nice
<RoyK> 3x7-drive RAID-Z2 (similar to RAID6, only cooler)
<RoyK> with SSDs for caching
<RoyK> do that with linux :D
<AnRkey> wow
<RoyK> total price with lots of redundancy ~ NOK 65k
<AnRkey> what does it store?
<RoyK> that's like $10k
<RoyK> scientific data from satellites, mostly
<RoyK> model data used by the scientists
<AnRkey> i could fill it :P
<RoyK> hehe
<RoyK> pr0n all the way
<laen> RoyK: do the ssd's really cache well enough? I'd expect that to be working better with memory..
<RoyK> laen: heh - 'cept that 250 gigs of memory is a bit more expensive
<qman__> not that much, SSDs are expensive
<RoyK> laen: obviously, 16GB of L1 cache would be nice-to-have for your CPU, but for some reason, people tend to use slower memory for larger amounts of cache
<RoyK> qman__: not really
<RoyK> qman__: you can get a 250GB SSD drive quite cheaply these days
<neonfreon> waaay cheaper than that much DRAM!
<qman__> going with DDR2 ramdisks would only cost ~3x more than intel SSDs
<RoyK> qman__: haha - please show me that
<RoyK> an Intel X25M is quite affordable
<RoyK> X25E is expensive, but then, it's friggin' fast
<qman__> the 6-slot units are 250, and add DDR2
<RoyK> also, if you use DRAM for ZIL (write cache) and power dies, you're fucked
<qman__> they've got batteries and CF slots
<RoyK> qman__: read up about this, please, before you barge in and try to reinvent the wheel
<qman__> I have read up on it
<RoyK> well, shut up, then
<qman__> it is more expensive, but on a grand scale it's not that much
<qman__> SSDs have a long way to come down
<neonfreon> only 3x difference in price according to what you say
<neonfreon> 3x !!
<neonfreon> i'm not sure how you do your budgeting, but 3x is a giant difference in my budgets
<RoyK> still, that calculation doesn't match reality
<neonfreon> yea
<AnRkey> qman__, i'd go with royk on this one... large ram drives suck
<AnRkey> can't get the data off them fast enough when power goes off
<AnRkey> RoyK, it's rebooting now, lets see if it worked
 * AnRkey lights a doobie, ahhh... it's fixed
<AnRkey> RoyK, it's up and running fine
<AnRkey> no data loss from what i can see
<RoyK> :)
<laen> RoyK, qman__: don't know -a- (as in 1) server yet that can hold 250G ram, so.. indeed :)
<laen> Oh nevermind, backlog.
<RoyK> hehe
<RoyK> also, having a battery backup on that memory seems a hard task
<RoyK> some 100-200 gigs for caching seems a good idea to me
<blistov> Anyone know of a repo with zfs-fuse for karmic?
<Letter3> hi. I generated a key pair for ssh, copied the public key to my remote machine to ~/.ssh/blah.pub. However, if I restart my sshd server it complains: "Could not load host key: /etc/ssh/ssh_host_rsa_key" ... I'm confused, I thought it was looking for keys in ~/.ssh/ ? Do I have to copy my public key to /etc/ssh or what?
<guntbert> Letter3: the server needs its own keys
<Letter3> guntbert: okay, but why? as I understand public key encryption, the server generates random blob of data, encrypts it with the public key in ~/.ssh/, send that to the client and since only the client can decrypt it with the private key, it authenticates the client if it is able to send the original blob back. what does the server then need own keys for?
<guntbert> Letter3: the server has to prove to the client that it is who it is saying to be (see man in the middle)
<Letter3> guntbert: oh, yes, of course. do I have to copy the public key of the server back to the client or is this done automatically at first connection attempt?
<guntbert> guntbert: the public key is writtten to .ssh/known_hosts on first connect (you are asked about that every time)
<Letter3> guntbert: okay. I generated my key pairs for RSA and DSA and this in my /var/log/auth.log after restarting the server and trying to connect: sshd[4312]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key ...... sshd[4312]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key .... sshd[4313]: fatal: No supported key exchange algorithms
<Letter3> I used these commands: sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
<Letter3> sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
<guntbert> Letter3: please pastebin the output of ls -l /etc/ssh
<Letter3> guntbert: http://www.pastebin.ca/1728821
<guntbert> Letter3: permission look ok - I have two suggestions - 1) rename the blacklist-files 2) look into sshd_config
<Letter3> guntbert: renaming blacklists doesn't work, and the sshd_config file seems to okay (I basically copied it from a tutorial on this, changed the listening port to a custom port). I checked with iptables and it doesn't block the connection.
<guntbert> Letter3: did'nt you install it from the repos?
<Letter3> guntbert: I did.
<guntbert> Letter3: sorry got to go - bedtime :-)
<Letter3> guntbert: thanks though, good night
<Zelest> I'm running Ubuntu 9.10 and use it as a KVM host, together with libvirt. I'm curious how to do a somewhat more graceful shutdown? Right now it seems like a shutdown of the host system instantly kills the kvm processes and simply "pulling the plug" for the VM's .. can this be avoided/fixed somehow?
<laen> Zelest: thats a #kvm question i guess.
<laen> What you want is the VM to get a signal like pressing the powerbutton on a physical machine, haven't looked that up myself yet, interested though.
<Zelest> laen, Yeah, I guess.. I thought it was a feature or what not with libvirt though, as you're able to specify which machine to autostart when the host starts.. so I figured it would send a "power button press" upon shutdown and wait X seconds before killing the process.. however, it seems like it kills it instantly instead.
#ubuntu-server 2010-12-27
<pting> is there a commandline fastcgi client app? I want something similar to wget but for fastcgi
<Monotoko> how many servers do I need to set up something that will resolve domains to my dedicated server???
<Monotoko> I just want one server...why do I need so many?
<patdk-lap> Monotoko, you only need one, you should have two, and really you should have 3-4 in different locations
<Monotoko> patdk-lap, I see....is it possible to have the server I am hosting on act as a nameserver as well? Then I could have two
<patdk-lap> yep
<Monotoko> patdk-lap, are you still here?
<Monotoko> seem to have got myself into a hole ><
<twb> Monotoko: is there something we can help with?
<Monotoko> nameservers....I have tried to set up bind9 according to the Ubuntu Server Guide. However:
<Monotoko> PING hostinghaven.co.uk (82.165.148.96) 56(84) bytes of data.
<Monotoko> 64 bytes from www.domainname.com (82.165.148.96): icmp_seq=1 ttl=64 time=0.018 ms
<Monotoko> why is it replying from domainname.com?
<twb> I guess because that's the canonical name
<Monotoko> also, I have a domain pointing at the nameservers I just set up and it isn't working
<twb> Test each component in isolation first.
<twb> For example, is the host responding to port 80?  If so, can you manually issue a GET with a Host: foo header?
<Monotoko> no response on port 80 using the new domain
<twb> Don't forget that DNS updates take time to propagate through caches.
<EvilPhoenix> indeed
<twb> Monotoko: test it with IP first, so that you aren't relying on name resolution for that test
<twb> printf 'GET / HTTP/0.9\rHost: example.net\r\r' | nc 1.2.3.4 80
<EvilPhoenix> i'm getting 404 errors for your domain, Monotoko
<Monotoko> EvilPhoenix, hostinghaven.co.uk?
<EvilPhoenix> well i was getting 404s.  Then it shows up some default page
<EvilPhoenix> i'm reading the packets
<twb> EvilPhoenix: he probably censored his real domain with "www.domainname.com" to annoy us and make us less likely to help
<EvilPhoenix> i got this twice: Message: HTTP/1.1 404 Not Found\r\n
<Monotoko> twb, nope
<EvilPhoenix> THEN i got to some landing page
<Monotoko> its actually coming up like that
<EvilPhoenix> titled "Default Web Site Page"
<Monotoko> the landing page is what you should
<Monotoko> get#
<Monotoko> and what I am trying to get using: bestislandmusic.com
<EvilPhoenix> well i use level3's DNS servers, and google's DNS servers (4.2.2.4, and 8.8.8.8 respectively)
<EvilPhoenix> they spit me out on that landing page
<EvilPhoenix> now THAT 404's
<EvilPhoenix> probly because the data hasn't been propagated yet
<twb> http://paste.debian.net/103251/ is what I get for DNS
<Monotoko> hmmm, I'm not sure if I set up bind9 wrongly
<chrislabeard> what do I need to set up on my server so that drupal can send mail and or wordpress?
<chrislabeard> would that be a relay or a gateway
<EvilPhoenix> Monotoko, i'll do a dnsget
<EvilPhoenix> here's the pastebin i'm getting from dnsget using any dnsservers that I use: http://starfleet.pastebin.com/W66j6cfR
<twb> Monotoko: personally I wouldn't bother hosting your own DNS records; someone like zonedit will do a better job
<M4rotku> hey guys.  i have a really easy question.  I'm installing ubuntu server and i'm at the point at which i set up the partitions, and i feel like an idiot, but i can't for the life of me figure out how to set the boot flag for the partition.  I can see whether I should set the flag, but I can't get it to toggle.
<EvilPhoenix> yeah ZoneEdit is good, and pretty free
<Monotoko> twb, I'm trying to set up a host so it isn't an option
<Monotoko> I have everything apart from DNS nailed
<twb> Monotoko: that doesn't make any sense
<EvilPhoenix> Monotoko:  you can EASILY use ZoneEdit for DNS
<EvilPhoenix> its crazy easy
<twb> M4rotku: the "boot flag" is not used by Ubuntu
<Monotoko> hmmmm
<M4rotku> twb, then why does it give me the option to set it within the install process?
<twb> M4rotku: you can turn it on post-install by running "parted /dev/sda set boot 0 on" or so
<twb> M4rotku: AFAIK it doesn't.
<twb> M4rotku: are you using the ubuntu SERVER install media?
<M4rotku> twb, ok, that makes sense.  i'm using the normal install cd for the 32-bit server edition 10.10
<twb> I cannot comment on ubiquity (desktop CD) installs
<twb> M4rotku: verbatim, what is the text you see concerning the boot flag?
<twb> chrislabeard: any MTA will do, but postfix is probably a good choice
<chrislabeard> twb: it seems like php out of the box can send mail from drupal using php sendmail()
<chrislabeard> twb: but my server isn't sending anything out
<twb> You probably have an MTA installed but not configured
<twb> chrislabeard: aptitude search '?installed ?provides(mail-transport-agent)'
<M4rotku> twb, don't worry about it, i think i figured it out.  thanks for your help
<chrislabeard> twb: i   postfix                         - High-performance mail transport agent
<twb> chrislabeard: dpkg-reconfigure -plow postfix
<twb> chrislabeard: if you have a smarthost/gateway MTA on another host, you should pick "satellite"; otherwise you will need to set it up as a proper mailserver
<chrislabeard> twb: oh okay so i need another mail server in conjunction with postfix?
<chrislabeard> twb: I want to be able to get e-mail locally and remotely to other users of my sites
<twb> chrislabeard: only if you run a whole network
<twb> chrislabeard: if your "network" is one box, you just need to set up postfix
<chrislabeard> twb: yeah its just one server, so what config would i pick for my situation.
<twb> chrislabeard: "host on internet" or something?  I forget.
<chrislabeard> internet site/
<chrislabeard> ?
<twb> chrislabeard: go read the ubuntu server guide, it has information about this
<chrislabeard> twb: k
<twb> I wish people wouldn't try to get clever in init.d scripts...
 * twb glares at openvasd
<Monotoko> EvilPhoenix, can I only have one domain in zoneedit before I am charged?
<twb> Monotoko: I think it was about five
<Monotoko> twb, this is no good...I am trying to set up a resellers hosting service for businesses
<Monotoko> they need domains...and lots of them
<Monotoko> which is why I was trying to set up DNS
<twb> So factor that into your prices
<EvilPhoenix> twb they changed it
<EvilPhoenix> Monotoko:  you can have 3 free domains
<EvilPhoenix> Monotoko:  before you need to pay for a plan
<EvilPhoenix> Monotoko:  but i got in when it was 5 free domains so I have 5 :P
<twb> Grr, I can't script openvas-adduser becaus the flipping thing uses stty
<Error404NotFound> I copied mysql data dir from another server running gentoo, now everything is working fine except that when i start mysql i get "ERROR 1045 (28000): Access denied for user 'debian-sys-maint'@'localhost' (using password: YES)"
<Error404NotFound> which is ofcourse true because no such user will exist for a mysql database on a gentoo, how do i fix it?
<gobbe> well you create a new user there
<Error404NotFound> how do i create the debian-system-maint user back in mysql?
<sander^work> How is  it possible to have a  keyboard layout for one user other than the global one?
<uvirtbot> New bug: #694707 in openldap (main) "database doesn't get purged during purge" [Undecided,New] https://launchpad.net/bugs/694707
<joschi> Error404NotFound: like any other user. but since you have some problems with starting your mysqld you should first try http://dev.mysql.com/doc/refman/5.1/en/resetting-permissions.html
<Error404NotFound> joschi, got that figured out, now stuck with: http://pastebin.com/gqmiqPvM
<Error404NotFound> even though mysql.proc is there, its complaining...
<Error404NotFound> also tried mysql_upgrade
<Error404NotFound> joschi, actually this: http://pastebin.com/NbbYba8s is better, sorted, and compressed, deleted irrelevant bits
<joschi> Error404NotFound: does the stored procedure exist?
<Error404NotFound> joschi, it should but lemme reconfirm. I am confident because this a datadir clone of where the stored procedure exists and runs fine.
<Error404NotFound> joschi, yup, it does.
<joschi> Error404NotFound: you could try dumping your databases (e. g. with `mysqldump`, don't copy the datadir), run mysql_secure_install (or `dpkg-reconfigure mysql-server`) and reimport your dump
<joschi> Error404NotFound: otherwise you might have more luck in #mysql
<Error404NotFound> joschi, haven't had any luck there.
<Error404NotFound> also its 30G db, so mysql times out when i try to take a dump after 6G
<joschi> Error404NotFound: raise the timeouts
<the_eye_> I cant mount samba shares from nautilus
<the_eye_> using smb://ip mounts ok
<the_eye_> any help ?
<twb> the_eye_: that's not a server question
<the_eye_> well its about samba server
<RoyK> the_eye_: not really
<the_eye_> ok 2 question, I add a share in smb.conf but I cant access it. The other shares works fine
<the_eye_> any tip here ?
<twb> the_eye_: did you restart or reload samba after editing smb.conf?
<twb> If you can demonstrate the mounting issue using smbclient and/or mount.cifs directly, THEN it might be a server issue.  From the description, it sounds more likely to be client-side, i.e. not-our-problem.
<the_eye_> I restart the service, I can view the share but I cant access it
<twb> the_eye_: perhaps you got the access rules in smb.conf incorrect, then?  Pastebin the entire smb.conf file.
<the_eye_> Its the same configuration, you can see it at the end of file
<the_eye_> http://pastebin.ubuntu-gr.org/m28896ea5
<the_eye_> a,b works. I cant access c
<twb> the_eye_: what are the permissions on each of those dirs?
<the_eye_> al, drwxr-xr-x    b,drwxrwxrwx          c, drwxr-xr-x
<the_eye_> edit a, drwxr-xr-
<RoyK> the_eye_: and owner/group?
<the_eye_> all same user ownership/group
<Skaag> I have installed mysql from binaries, but there seems to be remnants of mysql-server-5.0 which fail to remove with apt-get remove, how do I force remove it?
<woutervddn> skaag, you are root?
<Skaag> yes
<woutervddn> hmm.. maybe force it to quit first..
<Skaag> I think this worked: dpkg -r --force-all mysql-server-5.0
<Skaag> checking..
<Skaag> yes!
<Skaag> excellent :)
<twb> Skaag: remove â  purge
<Skaag> lenny/sid = intrepid ibex?
<twb> Skaag: no.
<twb> "lenny/sid" is where Ubuntu steals most of its code from
<twb> Try "lsb_release -a" to find out what release you're running.
<Skaag> it says intrepid
<Skaag> but my sources.list is all boinxed
<twb> Fix it, then.
<_ruben> !intrepid
<ubottu> Ubuntu 8.10 (Intrepid Ibex) was the ninth release of Ubuntu. End Of Life: April 30th, 2010. See !eol and !upgrade for more details.
<_ruben> time to upgrade ;)
<Skaag> I need to restore it to a sane version of the file so I can do an upgrade
<_ruben> ah
<Skaag> this is an old system of a friend who asked me to help him upgrade
<Skaag> but it looks like apt-get update returns a bunch of 404's
<_ruben> because its eol
<twb> Ugh, openvas-nvt-sync exits with a nonzero status *when it succeeds*?!
<Skaag> possibly because the eol
<Skaag> yah
<Skaag> what do I do then? :)
<twb> _ruben: it's old-releases.u.c, right?
<Skaag> I'll try to do-release-upgrade anyway
<Skaag> see where that leads me
<_ruben> twb: correct
<twb> _ruben: hmm, does the apt mirror method know that?
<_ruben> Skaag: replace whatever.archive.ubuntu.com with old-releases.ubuntu.com
<_ruben> twb: i use debmirror myself, so dunnno
<_ruben> been meaning to switch to plain rsync though
<twb> _ruben: I use both in case the debmirror cron job breaks ;-)
<_ruben> can't rsync old-releases.u.c though (i think)
<_ruben> ah
<twb> I'm talking about /var/lib/apt/methods/mirror, not the apt-mirror package
<Skaag> _ruben: ah, thanks!
<twb> i.e. HTTP with a a geoip dispatch provided by the canonical server
<Skaag> _ruben: does something similar exist for the security updates?
<_ruben> never looked at that
<Skaag> I have this unresolved: deb http://security.ubuntu.com/ubuntu intrepid-security main restricted
<_ruben> Skaag: i highly doubt it, it being eol and all ;)
<Skaag> I will try to also substitute with old-releases
<Skaag> true
<twb> Skaag: -hardened would know
<_ruben> just try it or just disable it
<twb> _ruben: but he ouhght to be able to get the already-issued patches
<Skaag> I think it worked..!!
<Skaag> yah
<_ruben> wouldnt suprise me if they got "merged" into old-rel
<Skaag> excellent :)
<Skaag> yes apparently they merged them.
<twb> Gumph
<twb> Unless by "merged" you mean just the pool and not the Packages
 * _ruben doesn't care either way
<_ruben> one shouldn't have a need for old-releases anyway ;)
 * _ruben makes a note to check for any servers on his network with eol'ed versions
<twb> Granted, though *I* do use snapshots.debian.org for retrospective purposes
<Skaag> _ruben: my own machines are always up to date... but you see, it's possible that some old buddy shows up and says "dude, help!!"
<_ruben> i know of atleast one 7.10 server mucking around ;)
<Skaag> and I gotta help, being a buddy and all ;-)
<twb> e.g. when VCSizing a package, I'll import the old releases' history
<Skaag> so this is very useful for me
<twb> Skaag: that's why REAL sysadmins don't have buddies
<Skaag> LOL!!!! :-)
<_ruben> heheh
<gobbe> :)
<Skaag> Gotta drink beer with someone..!
 * twb looks up definition in Bierce's dictionary...
<twb> Humph.  All that I see is BEFRIEND, v.t. To make an ingrate.
<woutervddn> hey guys, what is (in your opinion) the best FOSS webshop/shoppingcart out there?
<twb> woutervddn: is "ofbiz" one of those?
<twb> woutervddn: I suspect they all suck donkey balls, but I've yet to have the mispleasure of investigating the problem domain.
<woutervddn> I'm testing 12 of them atm and they are all hell in their own way :p
<woutervddn> ofbiz isn't one of those 12 so I'll give that a try also.. :)
<twb> If it's any consolation, the little I've dealt with non-Free ones indicates they're no better
<woutervddn> I just don't like the idea of making one from scratch.. :s
<twb> woutervddn: if you did, you
<woutervddn> it has to be maintained by two female designers with no experience..
<twb> woutervddn: if you did, you'd just end up with 13 crap ones
<twb> That is, the existing twelve, plus yours.
<woutervddn> :p lol is that a compliment? *-)
<woutervddn> what do you suggest then? :p
<twb> woutervddn: my suggestion is: get a new job :-/
<woutervddn> twb: not exactly an option
<yann2> mmh, why would acire and python snippets try to access my keyring?
<Genk1> hello
<Genk1> is there someone who ever worked with openswan ?
<pmatulis> !ask | Genk1
<ubottu> Genk1: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<Genk1> pmatulis, ok
<uvirtbot> New bug: #694754 in apache2 (main) "Apache graceful-stop doesn't end apache processes" [Undecided,New] https://launchpad.net/bugs/694754
<uvirtbot> New bug: #672177 in eglibc (main) "libc6 upgrade causes umount to fail on shutdown" [Critical,Confirmed] https://launchpad.net/bugs/672177
<tf2ftw> ahoy hoy. using apache, If i set htaccess permissions for / , how can i allow other users in a dir such as /website
<tf2ftw> "/" being "/var/www"
<mymrhelpdesk> anyone have ubuntu-ltsp experience?
#ubuntu-server 2010-12-28
<wiiflow> why i cant run this from everywere /var/etc/newcs.x86
<wiiflow> i must do it from folder itself
<wiiflow> ./newcs.86
<wiiflow> ./newcs.x86
<wiiflow> why?
<pmatulis> wiiflow: b/c that executable is not in your PATH
<wiiflow> how can i make this to be runed from rc.local
<WinstonSmith> wiiflow, you can give it the full path eg var/etc/./newcs.x86
<wiiflow> look
<wiiflow> root@Maverick:/var# /var/etc/newcs.x86
<wiiflow> This is NewCS 1.67 RC1 [Build: 95] - the New CardServer by the Butter-team..
<wiiflow> Compiled on Jul 14 2009 at 12:13:18
<wiiflow> Reading Config file from /etc/newcs.xml
<wiiflow> Cannot open config file... quitting
<wiiflow> it opens the newcs.xml just were it is
<wiiflow> dont know why
<WinstonSmith> well it obviously needs to find the config file
<WinstonSmith> copy newcs.xml to /etc?
<wiiflow> the point is how to run itself with ubuntu from rc.local
<wiiflow> because it dont run from nowere just from itself folder
<WinstonSmith> in rc.local do a cd to that folder first
<wiiflow> how?
<wiiflow> this way looks my rc.local
<WinstonSmith> cd /path/to/folder
<wiiflow> sleep 45
<wiiflow> sleep 45
<wiiflow> /var/etc/newcs.x86
<wiiflow> one sleep
<wiiflow> sleep 45
<wiiflow> cd /var/etc/
<wiiflow> /var/etc/newcs.x86
<wiiflow> should look like this?
<wiiflow> or maybe
<WinstonSmith> or just newcs.x86 since ur already in that folder7
<wiiflow> sleep 45
<wiiflow> cd /var/etc/
<wiiflow> ./newcs.x86
<wiiflow> like this
<wiiflow> this looks promising
<wiiflow> lets see
<WinstonSmith> yes try that out? what ur up to? card sharing? ;)
<wiiflow> yea
<WinstonSmith> hehehe
<WinstonSmith> n1
<WinstonSmith> used to do that with some frined
<WinstonSmith> friends*
<WinstonSmith> and a couple of dreamboxes
<WinstonSmith> brb
<wiiflow> worked
<wiiflow> :)
<wiiflow> thanks
<WinstonSmith> ur welcome
<wiiflow> :)
<WinstonSmith> i wish you a lotta channels hehe
<wiiflow> i have my owns cards
<wiiflow> :)
<cn1209> This might be a bit off topic. But... What is the best place to buy a domain at a low price?
<qman__> best is a matter of opinion
<qman__> I use mydomain.com, they've been good so far
<cn1209> cool. I'm looking into getting some kind of affordable cloud hosting to install ubuntu.
<mymrhelpdesk> much ubuntu-ltsp experience here?
<computerwiz_222> hello, i have a support question relating to a boot issue.
<Jeeves_> computerwiz_222: Ask your question, and it might be answered :)
<computerwiz_222> my problem.. i was playing with fstab for nfs. i edited the file and it wouldn't boot anymore. i used a livecd to revert the file and now i get initramfs. my root partition is raided.
<computerwiz_222> raid1
<computerwiz_222> any ideas? im really in a bind.. this is my home server with 2.5tb of data and his issue has stumped me lol
<computerwiz_222> this*
<Jeeves_> What does it say before you go into initramfs?
<computerwiz_222> various mount errors such as: mount: mounting /sys on /root/sys failed. no such file or directory
<computerwiz_222> the livecd revealed that all the partitions appear fine.. no dead hard drives here
<Jeeves_> Maybe your UUID in your fstab is screwed up?
<computerwiz_222> do you have any suggestions for fixing this? or links to point me in the right direction.
<Jeeves_> computerwiz_222: I think you need to have another look at your fstab
<Jeeves_> I think it cannot mount / because there is an error of some sort
<computerwiz_222> sure thing, I'll check it out.
<StrangeCharm> how do i use rm to remove every file whose name matches a particular pattern inside a directory and it's subdirectories? say, i want to remove *.txt in /malarkey , and also /malarkey/stuff, and /malarkey/junk
<Jeeves_> StrangeCharm: man find
<computerwiz_222> Thanks, I'll let you know.
<StrangeCharm> thanks Jeeves_
<Jeeves_> np
<computerwiz_222> oh my god thank you so much!!! I'm back in business.
<Jeeves_> computerwiz_222: Good. What was wrong?
<computerwiz_222> i added a line to fstab to boot from /dev/sdb5 (root) directly. its a hack but it gets me access to my data fast.
<Jeeves_> Ah
<Jeeves_> But now your raid is probably 'broken'
<computerwiz_222> nope mdadm all checks out somehow
<Jeeves_> Well ok :)
<computerwiz_222> boy... dont touch a server for months and the dust really piles up... gotta clean this up tomorrow
<computerwiz_222> this thing went down last night and it was too late to fix it.. so today i went out to ge my new tetra2 android tablet and all my hd media is locked up on the server lol
<computerwiz_222> get*
<Delerium_> Wondering... Does Ubuntu comes built-in some kind of firewall?! I installed apache for my new domain name and I can't see to connect using the domain name, but it works with the IP
<Psi-Jack> Not sure it comes default or not, depends on installation options, but yes, there's that piece of crap ufw.
<Psi-Jack> But, if it works with the IP, it's not firewall.
<Psi-Jack> Check iptables -L -n
<Delerium_> Psi-Jack: can you try www.elezium.com please?
<Psi-Jack> Verify, is 67.70.32.65 correct?
<Delerium_> yup
<Psi-Jack> It works.
<Delerium_> got ya
<Delerium_> Thanks
<Psi-Jack> This is the default web page for this server.
<Delerium_> yes, didn't put much yte
<Psi-Jack> Much? heh, you've not put anything, yet. :p
<Delerium_> hahah!
<Delerium_> Just building a home lab ;)
<Delerium_> Thanks Psi-Jack for you help, I'm leaving
<Psi-Jack> Don't make any meth.
<Delerium_> Just enough ;)
<EvilPhoenix> :P
<jussi> good morning shai
<jussi> :)
<shai__> Hi :)
<shai__> Should I repeat the question from #ubuntu?
<jussi> wait a sec
<shai__> np
<jussi> shai__: you can simulate an apt-get command with -s
<jussi>        -s, --simulate, --just-print, --dry-run, --recon, --no-act
<jussi>            No action; perform a simulation of events that would occur but do not actually change the system. Configuration Item: APT::Get::Simulate.
<shai__> Right, but I would like to read on every update, before actually (even in simulation) installing them
<jussi>        -u, --show-upgraded
<jussi>            Show upgraded packages; Print out a list of all packages that are to be upgraded. Configuration Item: APT::Get::Show-Upgraded.
<shai__> I see...
<jussi> shai__: is that what you are after?  or am I missing your point?
<shai__> And what command would make sure that only those 7 packages are installed and not the rest of the packages?
<shai__> I'm not sure this is what I'm after just yet.. I need to check ...
<twb> shai__: I use -s for that
<shai__> But my main concern is, that I don't want to upgrade packages which are used in production (LAMP), unless those are security updates and then, I want to review them first.
<shai__> But -s is "simulation" and not "security" ...
<twb> shai__: IMO you'd be better off doing the reverse.
<shai__> meaning?
<twb> A security update is unlikely to bring in a bug
<twb> A feature update is VERY likely to bring in a bug
<twb> Thus, reviewing and rejecting updates from the latter category unless you REALLY need them is useful.
<shai__> Exactly!
<shai__> This is why I ONLY want to install security updates on production server.
<shai__> Thus, I want a way to make sure that my update/upgrade/safe-upgrade command will ONLY install security updates and nothing else.
<twb> shai__: then it's simple
<twb> shai__: only refer to lucid and lucid-security in your sources.list
<gcs_> shai__: Let me ask, do you run a non-stable version of Ubuntu on a production server?
<shai__> No.
<twb> shai__: feature updates will never appear in lucid nor in lucid-security -- they appear only in -updates and -backports
<gcs_> shai__: Then all updates you are going to get is security or stability fixes.
<shai__> 20 packages can be updated.
<shai__> 7 updates are security updates.
<twb> *strictly* speaking policy probably allows updates to -security that fix bugs that cause massive data loss, too
<twb> shai__: pastebin the output of "apt-cache policy"
<shai__> http://pastebin.com/Dqb2xk7P
<gcs_> twb: shai__ wants them as well.
<twb> shai__: "Your paste has triggered our automatic SPAM protection filter. This happens when too many links are detected in a paste."
<twb> Try "apt-cache policy | pastebinit -b http://paste.debian.net/"
<shai__> I don't have 'pastebinit'
<gcs_> Also, speaking in Debian terms, security upgrades goes to normal updates on point releases.
<shai__> I'm kinda confused...
<shai__> :)
<twb> shai__: then manually use a different pastebin
<gcs_> twb: Just enter the capcha, you'll see the policy.
<twb> gcs_: I am not able to do that
<gcs_> twb: ?
<shai__> http://paste.debian.net/hidden/f908d6fa/
<twb> shai__: thank you.
<gcs_> twb: Btw, he has a mix of Karmic and Lucid source lines, including updates.
<twb> shai__: see, you have -updates enabled
<shai__> Hmm... this isn't the correct output :)
<shai__> This is an amazon instance and not a production server.. hold on
<twb> shai__: maybe you have stuff in sources.list.d that you forgot about
<shai__> http://paste.debian.net/hidden/fffd9e93/
<shai__> There you go
<twb> shai__: ok, again you have -updates enabled :-)
<shai__> And that's not what I want?
<gcs_> shai__: Stupid idea, but would you subscribe to -security?
<twb> shai__: -updates is feature updates; -security is security updates
<shai__> I have ...
<shai__> I get emails on security updates
<twb> shai__: if you don't want the former, simply remove it from sources.list
<gcs_> shai__: When you get a security notification, you can install that pakcage only after evaluation.
<shai__> I do want to be updates on it...
<shai__> I just don't want to install them when I run my aptitude/apt-get command
<twb> shai__: hm, then I guess you could pin a=lucid-updates to -1, which will prevent them ever being installed without explicit OK
<gcs_> shai__: Well, if you don't want to install them, why have it in sources.list ?
<shai__> It says I have 7 security updates. I want to run my aptitude/apt-get command and have it only install (show me first ie. dry run) the 7 sec. updates
<shai__> gcs_: to be notified. I can't just ignore them. I need to know they are there and are needed.
<shai__> don't cost me none either .. so why not :)
<shai__> lol .. pastebin only wanted me to enter a 3-digit captcha code to authorized the paste...
<shai__> http://pastebin.com/Dqb2xk7P
<shai__> :)
<uvirtbot> New bug: #694953 in samba (main) "missing i386 libraries on amd64" [Undecided,New] https://launchpad.net/bugs/694953
<Error404NotFound> i am getting http://pastebin.com/tQCT5M7s when try to execute a dump of a 27G large DB. I did raise mysql timeout values to 864000 e.g. 10 days. Still no use.
<kaushal> hi
<kaushal> Are there any tools to check for disk errors
<kaushal> I see high wa
<kaushal> I am on Ubuntu 10.04 LTS
<twb> kaushal: smartmontools
<kaushal> ok
<kaushal> I did that
<kaushal> It doesnot start
<twb> kaushal: as the documentation indicates, smartmontools provides both a daemon and a CLI for direct use.
<kaushal> * Restarting S.M.A.R.T. daemon smartd                                                                                                                           [fail]
<twb> Use smartctl as the documentation directs to begin a self-test, then when it has completed use smartctl again to inspect the results
<kaushal> http://pastebin.ubuntu.com/548204/
<twb> kaushal: "/dev/cciss/c0d0p1" means you're running cheapo hardware raid
<twb> i.e. you are fucked.
<kaushal> ok
<kaushal> twb: so what has to be done now ?
<twb> Obviously you can turn the machine off, put the drive in something else, and run smartctl on that
<twb> But I assume you don't want to turn off a production server
<kaushal> yeah
<_ruben> raid implies multiple redundant disks, so if they're hotswappable...
<kaushal> so how would i know whether its a harddisk issue
<kaushal> top says high wa
<kaushal> I ran ./check_cciss-1.8 -v
<kaushal> RAID OK:  Smart Array P410i in Slot 0 (Embedded) array A logicaldrive 1 (279.4 GB, RAID 0, OK) array B logicaldrive 2 (279.4 GB, RAID 0, OK) [Controller Status: OK Cache Status: OK]
<_ruben> high wa has 2 common causes: dying disks or overloaded disks
<kaushal> Please suggest further
<twb> kaushal: presumably you've already checked dmesg for suspicious warnings?
<kaushal> yes
<twb> Ahaha, RAID 0?
<_ruben> raid0 aint raid
<gobbe> raid0 in production server? :-o
<twb> Maybe he's using it for a reeaaaaaly big swap partition
<kaushal> its RAID 10
<twb> Actually never mind, swap stripes internally anyway
<gobbe> well anyway, using cheap raid-cards in production server is quite big mistake
<_ruben> that doesn't say raid10, unless you're doing software raid1 over the raid0 luns
<twb> Technically cciss is expensive, it just isn't any good
<twb> It's HP's line of crappy hardware raid
<kaushal> fuck HP
<gobbe> yep
<twb> hear, hear
<gobbe> either proper raid or then software-raid
<gobbe> proper hw-raid
<kaushal> fuck HP ASSHOLES
<kaushal> gobbe: so what hardware RAID has to be used ?
<kaushal> I mean which make
<gobbe> kaushal: 3ware
<kaushal> ok
<kaushal> what does cciss mean ?
<patdk-lap> cciss is the name of the hp raid stuff
<patdk-lap> I haven't had any issues with my smartarray stuff, but then I don't have any P410's
<patdk-lap> all mine are in raid1 config though, with sas 15k drives, get a good 500iops out of them
<DigitalFlux> Hi Guys
<DigitalFlux> Anybody here worked with KickStart/Ubuntu before ?
<gobbe> ask the question
<DigitalFlux> gobbe: I used the autopart statement in a kickstart file to bootstrap Ubuntu server 10.4.1, however during the installation it stops to ask if this is the correct partition scheme that i want, i want a fully automated installation with no human intervention required
<DigitalFlux> so i need to automatically answer this screen with yes
<pmatulis> DigitalFlux: not sure about kickstart but this is possible with the preseed method
<DigitalFlux> pmatulis: Hmm
<DigitalFlux> Seems like it used to work with 9.10
<DigitalFlux> But not with Lucid
<DigitalFlux> https://bugs.launchpad.net/ubuntu/+source/kickseed/+bug/537421
<uvirtbot> Launchpad bug 537421 in kickseed "automatic partitioning within kickstart does not work" [Undecided,Confirmed]
<gobbe> yep
<gobbe> needs to be fixed
<jussi> hrm, Ive an issue with my server, I can login with sftp, but logging in with ssh it just hangs after I enter the password
<pmatulis> jussi: check the server logs
<jussi> its really strange, /var/log is coming up empty, but Im logged in as root.
<pmatulis> jussi: no files under /var/log?
<jussi> thats correct
<pmatulis> jussi: did you set up this server?
<jussi> pmatulis: no, its a vps, came with ubuntu set up.
<jussi> I did add users etc
<gobbe> jussi: you should turn to your vps provider, /var/log _should_ have several files
<jussi> yes, it should - seems its not loading the content there (Im trying the cli sftp client right now)
<jussi> its hanging on "ls" in /var/log
<gobbe> interesting...
<jussi> yes, its very strange
<pmatulis> jussi: pastebin output to 'dh -Th'?
<jussi> pmatulis: I dont have any shell access...-
<pmatulis> jussi: ah
<jussi> just sftp
<pmatulis> jussi: correction anyway: 'df -Th'
<pmatulis> jussi: i think the provider is shoving all their machine logs somewhere else
<jussi> is there anyway to run a script at boot? (I can reboot the script, perhaps I can drop something somewhere with sftp to get some diagnostics=)
<jussi> err, I can reboot the machine
<pmatulis> jussi: i would just contact your provider
<jussi> ok
<ubuntino> hi
<ubuntino> Ihave problem with server mail
<gobbe> ask the question
<ubuntino> nothing works
<gobbe> please be little bit more specific, it's quite hard to help withoit knowing more :-D
<ubuntino> I' M italian one moment please
<patdk-wk> his server won't power on :)
<patdk-wk> try italian, google language convert :)
<gobbe> patdk-wk: :D
<ubuntino> yes
<ubuntino> ok
<ubuntino> I would try with you the operation of the mail server
<ubuntino> some directive?
<ubuntino> i installed sudo apt-get -y install postfix postfix-ldap spamassassin dovecot-pop3d dovecot-imapd mailscanner
<ubuntino> but certainly misconfigured
<ubuntino> I do not know what the ldap server?
<ubuntino> what is the name
<ubuntino> please help me
<gobbe> why do you want ldap-server?
<gobbe> isn't plain postfix enough?
<binBASH> ubuntino: fix config with dpkg-reconfigure postfix
<binBASH> ;)
<gobbe> well....i don't get idea of installing postfix with ldap, if you don't have any need for that
<ubuntino> ok now to test the proper operation?
<ubuntino> a no ldap with postfix?
<gobbe> well. why did you install it at first?
<gobbe> did you have reason for it?
<gobbe> were you reading somekind of howto?
<ubuntino> ubuntu guide
<gobbe> url?
<ubuntino> http://wiki.ubuntu-it.org/Server/Mail
<ubuntino> now remove ldap ok?
<gobbe> apt-get remove
<ubuntino> ok done
<ubuntino> Now to check the operation?
<gobbe> check what operation?
<ubuntino> what do you think of a 'telnet localhost 25'
<ubuntino> to see if it works
<gobbe> you can do it
<gobbe> if you want
<ubuntino> and now
<ubuntino> I see nothing
<gobbe> well, your server is not up
<gobbe> did you restart it?
<ubuntino> postfix?
<ubuntino> restart postfix?
<gobbe> you should read the whole howto
<gobbe> and do like it says
<ubuntino> already done, but nothing
<ubuntino> url?
<gobbe> so is your postfix running?
<ubuntino> what do you advise me to install up to a mail server?
<gobbe> i advise you to follow that howto
<gobbe> :)
<ubuntino> this is my screen
<ubuntino> ying ::1... Connected to localhost.localdomain. Escape character is '^]'. 220 code-desktop ESMTP Postfix (Ubuntu)
<ubuntino> ):
<gobbe> well it means that your postfix is running
<ubuntino> I am not come to head
<ubuntino> time to enter the users?
<ubuntino> to enter the users?
<gobbe> yep
<ubuntino> ....
<ubuntino> I have account ubuntino
<ubuntino> to make ubuntino@mioserver.com
<ubuntino> to make ubuntino@myserver.com?
<ubuntino> please please
<ubuntino> ):
<pmatulis> ubuntino: please google for 'linux telnet test smtp'
<ubuntino> ok
<gobbe> ubuntino: you need to have domain and correct mx-entries to be able to set up mail server
<ubuntino> I have ivancristina.com
<gobbe> ok
<ubuntino> where I find the entries mx-entries
<gobbe> from your dns-server
<gobbe> if you are not familiar how dns and email-servers work, why you are trying to build on?-)
<pmatulis> ubuntino: please continue with telnet testing.  MX records are not required for such a test
<ubuntino> okok later on / etc / resolv.conf
<ubuntino> this is my nameserver ns1.netsons.com
<ubuntino> and ns2.netsons.com
<pmatulis> oh well.  no more from me
<ubuntino> I do it for study
<ubuntino> I enter them into my server on resolv.conf?
<ubuntino> nameserver?
<gobbe> no
<ubuntino> someone is willing to teach me also to pay?
<ubuntino> no
<ubuntino> someone is willing to teach me also to pay?
<ubuntino> I want to learn
<gobbe> you can learn by starting to read documentation
<gobbe> there's sooooooooo many documents available from google for mailservers
<jpds> ubuntino: https://help.ubuntu.com/10.04/serverguide/C/postfix.html
<ubuntino> already
<gobbe> postfix is quite trivial to setup
<ubuntino> my main job is to repair digital clocks, with a guide you would succeed?
<gobbe> depends on guide
<ubuntino> I installed postfix and it works now I want to go ahead
<gobbe> if it's step by step, then yes
<gobbe> what means go ahead? what do you want to do now?
<gobbe> or what is the goal
<ubuntino> such as ubuntu
<gobbe> you might understand that it's quite hard to give help without enough information
<ubuntino> ok
<ubuntino> After postfix dovecot-common is installed
<ubuntino> right?
<gobbe> ?
<ubuntino> I've posted in the guide is written podo instllare postfix dovecot
<ubuntino> I've posted in the guide that is written after instllare postfix dovecot
<ubuntino> sorry
<ubuntino> I've posted in the guide it says after you install postfix dovecot
<Liked> Ok
<Liked> Hi
<Liked> I need some support for Ubuntu Server
<Liked> so I ordered a VPS off a site
<Liked> and they have given me root
<Liked> and I told them to install
<Liked> Ubuntu Server
<Liked> I think it was Ubuntu 8
<Liked> anyway
<Liked> what commands do I use in SSH
<Liked> to install a decent GUI
<Liked> preferably Gnome
<KurtKraut> Liked, if it is meant to be a server, you should install Gnome.
<Liked> my question is, how?
<Pici> You mean "shouldn't"
<Liked> oh
<Liked> so what would be better?
<KurtKraut> Liked, if it is meant to be a server, you shouldn't install Gnome.
<Liked> What would be the best GUI
<Liked> for a server
<Liked> ?
<Liked> XFCE?
<KurtKraut> Liked, in fact, if it is meant to be a server, you shouldn't install a GUI.
<Liked> but say I felt... compelled to.
<Pici> Most people don't use any graphical environment on a server, especially on a VPS.
<Liked> the VPS is of good spec.
<Liked> 2gb ram
<Pici> How were you going to connect to it to see the screen?
<Liked> through VNC
<Pici> If you're so compelled to do it, then install whatever you want.
<KurtKraut> Liked, many people will point out that withouth GUI, you'd save plenty resources for the daily server activities. But even if performance is not an issue, you shouldn't use GUI in a server.
<gobbe> Liked: well if you want gnome, then install it with apt-get?
<KurtKraut> Liked, none of the tipical server activities (like being an HTTP server, FTP server, e-mail server etc.), none of them you'll be able to administer, configure or even turn on or off throught a GUI. UNIX-like servers weren't made to be used with a GUI.
<patdk-wk> apt-get install ubuntu-desktop
<KurtKraut> Liked, you may install it, you may use it, you may access it remotely but you'll only get a poor desktop experience. If you want to try Ubuntu, just use a LiveCD.
<patdk-wk> but really that isn't a ubuntu-server question
<patdk-wk> unless he wanted a remote desktop, I have done that sometimes, for testing different things, but then, it wasn't meant to be a server anyways
<pmatulis> Liked: 2GB is not a lot for running a graphical environment.  you'll also need memory for the server portion
<Liked> patdk-wk: I was thinking of a remote desktop I guess.
<patdk-wk> ya, not server related question
<pmatulis> Liked: you may consider a light window manager such as openbox but the best option is to learn the command line
<Liked> pmatulis: Thanks I guess
<Liked> I did consider openbox
<AndyGraybeal> maybe o/t but i'd like to rsync some files from a remote host (one i don't control).  it's got our website on it and i want to make sure i have it backed up somewhere.  i'm doing: rsync -avz user@www.remotehost.com:~/directory  /srv/other_host_backup/www.remotehost.com
<AndyGraybeal> one problem i'm having it says "bash: rsync: command not found" on the remote host.  i figured i only needed rsync on my local host to do this operation.
<AndyGraybeal> any ideas?
<uvirtbot> New bug: #695055 in clamav (main) "package clamav-milter 0.96.3 dfsg-2ubuntu1.0.10.04.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/695055
<pmatulis> AndyGraybeal: no, it needs to be installed on both sides
<AndyGraybeal> pmatulis: why do you think it's telling me 'rsync: command not found" do i have some syntax wrong?
<RoyK> AndyGraybeal: unless you're rsyincing over nfs, it needs to be installed on both sides
<AndyGraybeal> not nfs, i don't have control of the remote host :(
<AndyGraybeal> can i do something like a wget instead?  if rsync is out of the question?
<AndyGraybeal> or scp?
<AndyGraybeal> i guess scp would be better.
<pmatulis> AndyGraybeal: scp is a good option, yes
<AndyGraybeal> okay, thank you much.
<pmatulis> AndyGraybeal: but if you will be doing the backup often then rsync is the best.  i'm surprised you have access to back up files but still incapable of installing rsync
<AndyGraybeal> pmatulis: my host i control, i'm trying to rsync the remote host; which doesn't have rsync.  why are you surprised?  is there something i'm missing?
<RoyK> AndyGraybeal: you should be able to compile rsync on the host with only user rights
<RoyK> AndyGraybeal: also, the sysadmin might just have forgotten it
<AndyGraybeal> RoyK: lemme talk to sysadmin, i swear i rsync'd earlier this year.
<pmatulis> AndyGraybeal: is the remote end a ubuntu machine?
<AndyGraybeal> naw, it's some old fedora machine or it used to be... lemme check
<AndyGraybeal> i think they just re-installed
<AndyGraybeal> we had 2 days of downtime just recently,
<AndyGraybeal> i don't even have access to 'who'!
<AndyGraybeal> or uname
<AndyGraybeal> any other commands i can use to find out what my host is running aside from uname?
<AndyGraybeal> it's got bash.
<patdk-wk> heh, doubt you can use cat /etc/issue; cat /etc/motd; cat /etc/lsb-release
<AndyGraybeal> none of them work :)
<AndyGraybeal> okay, unimportant, i asked for perms to rsync.  waiting on response. i'm gonna find something else to do.
<patdk-wk> cat /etc/redhat-release
<patdk-wk> :)
<AndyGraybeal> k lemme try
<AndyGraybeal> nope
<AndyGraybeal> it is redhat based, there is rpms
<AndyGraybeal> it doesnt matter :)
<pmatulis> AndyGraybeal: figure out the release by the rpm versions
<AndyGraybeal> enough stop :)
<AndyGraybeal> i'm going to wrk on something else and hope the admin gives me access to rsync
<AndyGraybeal> thank you though for your persistence
<Karti> Hi all, wondering if someone could give me a few pointers with NFS from a client
<Karti> It is set up on my desktopm but I don't have write access
<gobbe> what does your /etc/exports say
<patdk-wk> gobbe, assuming he is using nfs2/3 :)
<gobbe> patdk-wk: well, same file is used with nfs4, so what's point ;)
<gobbe> what's the point =)
<gobbe> it's hard to type with n900
<patdk-wk> hmm, didn't realized nfs4 used it
<skorv> i'm a newcomer to ubuntu server.... small question: To LVM or not to LVM at install?
<gobbe> lvm
<patdk-wk> I only looked at nfs4 alittle, before I was annoying by how you have to get it working
<Karti> gobbe, it says - /srv/nfs/Linux *(rw,sync)
<gobbe> i don't see any point not to use lvm
<patdk-wk> skorv, what will it be?
<patdk-wk> if your just going make it one big system, just don't bother
<patdk-wk> if you plan to ever expand or resize things, and stuff, defently lvm
<skorv> domain server
<patdk-wk> domain server? you mean, dns server?
<gobbe> Karti: do you get error messages? what are rights to actual directory (/srv/nfs/linux)
<skorv> same role as a windows server
<skorv> primary domain server
<patdk-wk> in that case diskspace won't be an issue, unless your running filesystems on it
<gobbe> well, in server environment i don't see any idea not to use lvm
<patdk-wk> then you probably want lvm
<skorv> web server will work on another machine
<patdk-wk> gobbe, lvm has screwed me over many times, in vm's :)
<gobbe> patdk-wk: :-)
<skorv> i've got a fresh install (no LVM) for my server
<patdk-wk> so most of the time I don't use lvm's, except if I'm working with raw drives that I will want to adjust
<patdk-wk> just the moving lvm from machine to machine, expecially when they are named the same, gets lvm really screwy in the head :)
<gobbe> patdk-wk: i'v been using lvm's for several years, without any problems
<gobbe> problems are 100% times with administrator, not lvm itself :)
<Karti> gobbe, drwxr-xr-x 3 root root
<patdk-wk> ya, been using them for 5 years no, no real issues, except for all the rhel vm's
<gobbe> Karti: and. do you get any errors?
<skorv> well... thanks i'll be ok with no LVM
<Karti> only in the fact that I can't read or write to the folders once it has been mounted in fstab
<gobbe> Karti: what is the mount command?
<skorv> how good will the server work with a modem.... enouth to make it a fax server as well?
<Karti> gobbe, my fstab is:
<Karti> 192.168.220.12:/srv/nfs/Linux /home/jim/Desktop/Network nfs default	0	0
<gobbe> and if you try to write you get error?
<Karti> gobbe, the create folder and document are greyed out
<gobbe> Karti: can you try it from terminal?
<milligan> I have a bunch of 32x32 images. Is there any easy way of combining them into one image so I can use them as a SpriteSheet ?
<Karti> gobbe, mkdir: cannot create directory `John': Permission denied
<gobbe> Karti: whatabout sudo mkdir
<Karti> gobbe, still the same
<patdk-wk> he doesn't have, norootsquash, so root not allowed
<gobbe> uuhyea
<gobbe> sorry
<patdk-wk> check permissions on the nfs server
<gobbe> yep
<patdk-wk> make sure john has write access
<gobbe> it's permission issue
<gobbe> give write permissions to everyone if you want to share it with everyone
<Karti> many thanks I will try and give it to a group of users...
<Karti> brb
<skorv> how do i check the hardware status (fax modem) if its ok and recongized
<skorv> internal modem in my case
<patdk-wk> skorv, hopefully it's a real faxmodem, and not a softmodem
<patdk-wk> oh softmodem, heh, going have to find drivers for it I bet
<gobbe> softmodems are quite hell
<skorv> i really dont know...
<patdk-wk> well, we can't help you if you dn't know the model of the modem
<patdk-wk> lspci lsusb, ... can help with that
<skorv> gimme a sec
<skorv> Communication controller: Conexant Systems, Inc. HSF 56k HSFi Modem
<skorv> thats what it says
<skorv> guess its a soft modem
<gobbe> sounds like
<skorv> but at least its a known one P
<skorv> :P
<skorv> the package available in .deb is x386... and ofc i use amd64
<skorv> still setting up that fax... how faxsetup is asking for port... where do i point it?
<gobbe> the correct port you have, did you find out that is your modem supported?
<gobbe> skorv: http://ubuntuforums.org/showthread.php?t=190728/
<skorv> yea... got the package from http://www.linuxant.com/drivers/hsf/full/downloads.php
<gobbe> read the link i pasted
<skorv> yea... thats for x86... not x64... i had to adapt
<gobbe> yes, 64bit might cause trouble
<patdk-wk> skorv, you didn't use the free package from linuxant did you? no fax support
<sieson> I have this script in the cron folder that I want to run hourly but it might take more than an hour to be completed. Does cron run it even though its still running?
<gobbe> sieson: yes
<gobbe> sieson: unless you do some hacks to script to see that is it still running
<sieson> gobbe: I have to do something in the script? isn't there a way to stop cron from running a script currently running?
<gobbe> no
<gobbe> cron is just scheduler
<gobbe> it doesn't have any ability to see is previous job still running
<sieson> gobbe: thanks, will figure out how to get the PID in PHP
<skorv> i'm phucked
<pmatulis> skorv: ?
<iRabbit> so my boss is a cheap bastard and doesn't want to purchase a Windows Sever license. Here I am learning Ubuntu server on the fly for purposes of hosting a few websites. My first question is... how can I set this thing up for remote access via a VPN?
<gobbe> openvpn
<iRabbit> my second question is, what is the CLI command to see the system specifications
<gobbe> what do you mean with system specifications?
<air^> google it. https://help.ubuntu.com/community/OpenVPN
<gobbe> under /proc you can find several specifications
<patdk-wk> lshw is easier, and better to read :)
<baggar11> iRabbit: check out SSH for remote management
<gobbe> patdk-wk: oh...i forgot lshw totally :-D
<iRabbit> I need to know what kind of POS machine this is. it wouldnt let me install x64 but on it
<iRabbit> how do I scroll up :(
<gobbe> iRabbit: pageup, or just pass output of lshw to file like sudo lshw > something
<iRabbit> page up is a no-go
<soren> iRabbit: shift-pgup
<sherr> shift-pageup
<iRabbit> ah there we go, thank you
<sherr> dmidecode|less is pretty good for h/w (and BIOS) as well.
<sherr> cpu : cat /proc/cpuinfo
<Slyboots> hey
 * Slyboots is wondering; is there a way to get wget to .. eh.. not quite sure how to explain teh problem
<gobbe> well try
<gobbe> without trying it's quite impossible to answer
<Slyboots> Got a link to download something from amazon; so I copied the URL and pasted it into wget but it doesnt seem to follow the "linking" correctly?
<gobbe> unless answer is 42
<gobbe> ;)
<Slyboots> It downloads .. something' but its not teh file I wanted..
<gobbe> Slyboots: use "-marks
<gobbe> Slyboots: wget "http://something"
<Slyboots> Mm.. nope
<Slyboots> Its suppopsed to grab the file "AmazonGSDownloaderSetup.exe"
<gobbe> does it require login?
<Slyboots> But I just get a HTML document
<Slyboots> .. possibly
<gobbe> well that's the reason
<gobbe> you need to get cookie and hack the way
<Slyboots> Hrrr..
<Slyboots> I'll download it here and send it via scp or something; might be simpler
<Slyboots> Pain in the ass.. :P
<gobbe> yes it is
<RoyK> Slyboots: use links
<RoyK> or lynx
<RoyK> or something
<RoyK> wget won't follow javascript redirects
<Slyboots> The things I have to do to commit fraud
<gobbe> RoyK: but still, if site needs login, you need to get cookie before
<Slyboots> I swear :P
<RoyK> apt-get install links
<Slyboots> But at least Amazon is *trusting*
<Slyboots> Wow!
<Slyboots> it.. supports mouse-interactions?!
<Slyboots> ... Thats freaky; I didnt think you could do that in putty
<pmatulis> gobbe: lynx is a web browser
<RoyK> links is nice
<RoyK> lynx is - well - ok
<RoyK> but links is awesome
<gobbe> pmatulis: yes it is
<gobbe> pmatulis: i know :)
<pmatulis> or elinks
<gobbe> pmatulis: but still, you need to login
<pmatulis> gobbe: yes, so?
<gobbe> pmatulis: if you need automate something
<gobbe> i don't know what slyboots was doing
<Slyboots> gobbe: it worked fine
<Slyboots> Clicked the link "Oh please log-in.. "Save"
<gobbe> Slyboots: yes, i thought that you are doing somekind of automation
<gobbe> my mistake
<Slyboots> gobbe: nah..
<Slyboots> Need the Amazon windows client to download games
<gobbe> ok
 * RoyK is waiting for Steam to download Civ V for his mac
<Slyboots> Mm..
<Slyboots> Wait; somethings gone a bit wrong I fear
<Slyboots> Think you need a browser to use this program
<uvirtbot> New bug: #695145 in clamav (main) "package clamav-base 0.96.3 dfsg-2ubuntu1.0.10.04.2 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/695145
<Delerium_> Hi, can someone do 2 little connection test for me?  (http + a telnet)
 * Slyboots Need a really basic web-browser
<Slyboots> Uh..
<Slyboots> Isnt there one called dig or something
<Slyboots> Or Dilo or something stupid like that
<gobbe> dig is not a webbrowser
<gobbe> web-browser
<gobbe> Slyboots: links?
<Slyboots> Needs to be GUI based
<Slyboots> Soemthing wine will link to; and without a ton of crappy dependances like Gnome or KDE
<Slyboots> Chromium; perfect
<Slyboots> Crap!
<Slyboots> Doesnt work
<RoyK> dbpool/bacula              1.61T  92.8T  1.61T  /dbpool/bacula
<Slyboots> May have to setup a virtual-server client.. bleh
<Slyboots> I know this is outside Ubuntu server..
<Slyboots> Well; actually perhaps not; is there a way to setup something like VirtualBox on a headerless server?
<clayd> i am running a ubuntu server to host wordpress sites.  for some reason i can not send emails from with in wordpress.  is the a mod for apache that is needed, or for php?
<clayd> basically do i need something like postfix?
<Slyboots> Crap..
<Slyboots> Anyone know how to tell were all your free-space has gone :P
<patdk-wk> du :)
<Slyboots> .. a *friendly* way lol
<air^> use some nice parameters to du? :)
<air^> "du -h --max-depth 1" ?
<RoyK> Slyboots: try rn
<RoyK> or rm
<air^> ;)
<Slyboots> running du is rather like having someone scream in your face
<Slyboots> Not very plesent..
<air^> as said, just give it right parameters and it acts nicely.
<RoyK> Slyboots: if you don't know where the data is, it's the only way
<Slyboots> Mmm
<RoyK> du -sch /path/*
<patdk-wk> heh, I normally do: du -sc /* | sort -n
<patdk-wk> go into largest *odd* directory, and repeat
<patdk-wk> well, with the / removed
 * Slyboots will just have to dig around.. not 100% whats going on
#ubuntu-server 2010-12-29
<Frenk_> Hey I have a problem with my MySQL - I create the config my.cnf and they get deleted. When I try to start mysqld it stopps: http://paste.ubuntu.com/548399/ | mysql_safe does work for the website but phpmyadmin doesnt work
<Frenk_> For now my /usr/bin/mysqld is running and I can see the website (which uses MySQL) but I can not access MySQL via PHPmyadmin with the same username and pw I use for the website.
<Frenk_> Any ideas>?
<patdk-wk> hmm, more logs would help
<patdk-wk> all you showed is it quiting, not anything before the quit message
<Frenk_> patdk-wk: http://paste.ubuntu.com/548402/ This is all I got
<patdk-wk> 101229 01:45:11 mysqld_safe A mysqld process already exists
<patdk-wk> you can't run mysql, if mysql is ready running :)
<Frenk_> patdk-wk: okay I got it =) But now I have just mysqld running
<patdk-wk> I only have mysqld running also
<Frenk_> and the website gets the connection - i see the data on the website | PHPmyadmin refuses to log me in
<Frenk_> another application on the same server says: Lost connection to MySQL server at 'reading initial communication packet', system error: 0
<patdk-wk> are you sure phpmyadmin is connecting the same way?
<patdk-wk> same ip address, or using socket?
<Frenk_> actually i dont know. where can i check it?
<patdk-wk> I dunno, in your programs, phpmyadmin and website stuff, and whatever else uses mysql
<Frenk_> looks like the same way - both use php and dbhost=localhost and port 3306
<patdk-wk> same or different users?
<patdk-wk> is phpmyadmin attempting to use root login?
<patdk-wk> root login might not be allowed via ip by default, not sure
<Frenk_> im using another login = not root but the same as for the webiste
<Frenk_> let me check the config - one sec
<Frenk_> patdk-wk: the config looks like this> http://paste.ubuntu.com/548406/ so i assume thats okay
<patdk-wk> I have no idea, I would never use phpmyadmin myself
<Frenk_> patdk-wk: I think I found the problem. Maybe both (the second application and phpmyadmin are connecting by IP?) And when I telnet i got: telnet: Unable to connect to remote host: Connection refused
<Frenk_> Should I try to bind mysql to 0.0.0.0?
<patdk-wk> netstat -atnp | grep mysql
<patdk-wk> does that show anything?
<Frenk_> netstat -apn | grep LIST | grep 3306 >> tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      27977/mysqld
<patdk-wk> so it's bound to localhost
<patdk-wk> if you did tell those programs to use localhost, it should work
<patdk-wk> when you login with phpmyadmin, it asks you for the database hostname/ip?
<patdk-wk> use 127.0.0.1
<patdk-wk> does it work?
<Frenk_> mh trying
<Frenk_> nope =( Will try to bound it to 0.0.0.0
<patdk-wk> doubt that will fix it, but will open up mysql to the world though, unless you have firewall rules to block it
<patdk-wk> and then it would be the same as not doing that anyways :)
<Frenk_> tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      19078/mysqld
<Frenk_> If i try to telnet: Escape character is '^]'. Connection closed by foreign host.
<Frenk_> And this still doesnt work >S
<Frenk_> patdk-wk: haha solved that one
<Frenk_> patdk-wk: now everything works
<Frenk_> patdk-wk I googled the error my secont application produced and all i had to do was to add ALL:  localhost, 127.0.0.1 to hosts.allowed
<Frenk_> (Quite paranoic security rules on the server obviously)
<patdk-wk> odd :)
<Frenk_> gn8!
<Frenk_> thx!
<ne7work> how to check file exist ?
<ne7work> which is the command for that for directory is ls -na
<ne7work> please tell me
<The_Tick> http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=linux,+check+file+exists
<The_Tick> I don't know or I'd just tell you
<The_Tick> but google knows all
<ne7work> please tell me
<ne7work> the command
<The_Tick> click on that link
<ne7work> ls what?
<ne7work> I click and I can't understand
<The_Tick> and go read the search results
<The_Tick> I'm sorry I cannot help you
<ne7work> The_Tick
<ne7work> -e: Returns true value if file exists
<ne7work> and how to use that
<ne7work> how to change default directory on proftpd
<ne7work> ne7work DefaultRoot / ?
<ne7work> or how?
<Spirits-Sight> what does LVM do?  I am new to this stuff and trying to setup a server using Ubuntu server 10.04
<Spirits-Sight> anyone here?
<Delerium_> I am
<Delerium_> But I'm a noob ;)
<Spirits-Sight> dunn I am too :-)
<Delerium_> Doh! Any question that I might try to help you out?
<Spirits-Sight> I am trying to figure out what selections I should pick for what I want to do
<Spirits-Sight> I am programing (trying) in python and will also host asterisks and want to be able to host two other small sites but one main site
<Delerium_> Hum... Python come with the basic installation, website need Apache, do you need php/ mysql ?!
<Spirits-Sight> doing mysql for the database
<Spirits-Sight> don't think will need php
<Spirits-Sight> it appears if I use a webframe work then it will come with a server called paste I think
<Spirits-Sight> don't know if it is really good or not as I am new to all this
<Delerium_> Don't know about this one, but if you need apache + mysql, you can do a very basic installation, then apt-get install apache-server / mysql-server
<Spirits-Sight> thats what I am thinking.  do u know what the vitual machion host is?  also I would use openSSH to go into the system right?
<Delerium_> The Virtual Machine Host will let you create VM guest under this "Host" installation, if you don't plan to do any virtualizarion, it's not required
<Delerium_> to install openSSH : apt-get install openssh-serverr
<Spirits-Sight> what the virtual machine host be the thing I use to host the other two sites?
<Spirits-Sight> I have my site web app and then two small organization websites
<Delerium_> Nope, the Virual Machine in the installation menu is more about, let say, One Physical Machine under which are running different Virtual Machine (This is complete, separate OS)
<Spirits-Sight> OK now I got it :-) I was think that but was not sure if it was talking about different website or faking a system :-) nope not need that
<Delerium_> For your dffierent website, there is a couple of way to do it, does your sites will have DNS entry?  Or are they just for testing purposes locally?
<Spirits-Sight> do u know how to setup so that a dymic domain point to the system and the system looks at the domain that was used say person enters site1.com or site2.com or site.com and it would point to the right site but seeing how I have a dynimac IP address I need to use one of the sites that update the DNS information
<Spirits-Sight> wow that was a mouth full
<Delerium_> You can use DynDNS, and get 3 names (you won't be the owner of the domain), and in your apache configuration, use Virtail Host to use the right DocRoot depending on which URL was called
<Spirits-Sight> OK, I have installed the server and now need to setup so I can access the system using my desktop system also Ubuntu Desktop
<Spirits-Sight> DynDNS allows u to use your own domain names I think for a fee now :-)
<Delerium_> Yup, I just bought my domain a few day ago... Domain Name + Custom DNS about 60$ a year
<Spirits-Sight> OK do you know how to get me to be able to log into the system now using my desktop?
<Spirits-Sight> I have openshh installed on both system I believe I kow its on the server as I just did it
<Delerium_> ssh user@hostname (or IP)
<Spirits-Sight> sweet I am in OK
<Spirits-Sight> now here is a dum one, how can I disable the monitor on the other system
<Delerium_> Just close it?! :)
<Spirits-Sight> its a laptop and screen stays on when the lid is closed
<Delerium_> Don't know about this one :(
<kaushal> hi
<kaushal> I am running Ubuntu 10.04 LTS on HP DL 360 G6 server
<kaushal> Can someone please recommend good Hardware Raid Controller card ?
<uvirtbot> New bug: #695256 in samba (main) "samba refuses to show shares" [Undecided,New] https://launchpad.net/bugs/695256
<billybigrigger> how can i setup a git repo in my webroot?
<billybigrigger> webroot=/var/www
<billybigrigger> ie /var/www/billy.git
<kaushal> hi
<joschi> billybigrigger: http://progit.org/2010/03/04/smart-http.html
<gobbe> kaushal: 3ware
<kaushal> gobbe: for HP DL 360 G6 ?
<Spirits-Sight> how do u save changes in VIM
<gobbe> kaushal: well, it's good for every server
<kaushal> ok
<gobbe> kaushal: HP's own raid controller is usable, but not very good
<kaushal> gobbe: is there a wiki for Ubuntu ?
<kaushal> gobbe: so HP's is onboard ?
<gobbe> no, HP's raid is also card, i haven't seen any onboard
<gobbe> kaushal: wiki.ubuntu.com?
<kaushal> ok
<kaushal> gobbe: for Hard Disk Raid Controller card
<gobbe> what kind of wiki?
<kaushal> gobbe: is it http://ubuntuforums.org/showthread.php?t=1224849 ?
<gobbe> i'm not sure what you are looking for
<gobbe> but those 3wares mentioned there are well suitable
<kaushal> gobbe: Thanks
<Slyboots> intresting
<Slyboots> Can SMB not handle files of 6gb or above?
<Slyboots> Or.. some weirdness like that?
<gobbe> what do you mean handle?
<billybigrigger> joschi, thanks
<airtonix> when installing apache2, the user www-data created : << is this given a password ?
<airtonix> i would like to do something similar for a daemon i want to setup, but im am unsure as to what was done in the case of apaches dedicated useraccount
<joschi> airtonix: no, www-data won't have a valid password
<joschi> airtonix: it's not meant to login with
<airtonix> so something like : sudo adduser desired-daemon-name -r -p -s=/dev/null
<airtonix> i am not entirely sure how to specify "no password"
<airtonix> and i am aware that /dev/null as the shell would prevent login abilities
<airtonix> or at least thats what i assume
<joschi> airtonix: use /bin/false or /usr/sbin/nologin as shell, not /dev/null
<_ruben> airtonix: check the manpage of adduser, there's a parameter for "disabled password"
<sabat-laptop> I have a ubuntu server 10.04 system, it has xorg, gnome-desktop-environment and virtualbox. it's meant to be a virtualbox host only, but when I connect via vncviewer, it pops up the gnome-keyring locally, and doesn't let the remote connection work. Any ideas how to fix this? I am fine using anything as long as vnc works
<_ruben> sabat-laptop: well, technically speaking you turned your -server into a -desktop, and thus making your questions offtopic for this channel
<_ruben> server != gui
<sabat-laptop> _ruben: my "server" is a virtualbox devel server, for creating operating systems...
<sabat-laptop> I need virtualbox, via vnc, as part of the server.
<sabat-laptop> it's kindof hard to install an os in a virtual machine without having visual access to it
<sabat-laptop> so virtualbox server := server
<_ruben> not when it comes to ubuntu support
<_ruben> you're having an X/GUI/Gnome related question, which is offtopic for this channel
<sabat-laptop> sigh... I'm running ubuntu server, with stuff installed via apt... so it's not supported.
<sabat-laptop> how quaint.
<sabat-laptop> You can buy a car, but if you put a cd in it, that we gave you access to, you're unsupported.
<sabat-laptop> seriously?
<sabat-laptop> that's asenine.
<_ruben> no, it means the car mechanic at the dealer wont help you with a scratched cd
<_ruben> or just leave :)
<shang> lol
<_ruben> !gui
<ubottu> The graphical user interface (GUI) in Ubuntu is composed of many elements, including the !X server, a window manager, and a desktop environment such as !GNOME or !KDE (which themselves use the !GTK and !Qt toolkits respectively)
<_ruben> hm, no channel specific info
<ways> can anyone help me try to get ubuntu on an ancient laptop?
<lieuwe> i need to run a java program as a daemon on my server, but  i have no idea how to get it to start on startup
<joschi> lieuwe: write an init script for it
<joschi> lieuwe: or if you use vixie-cron, you could write a crontab entry running on @reboot
<lieuwe> joschi: is there an example init script somewhere that i can modify, and where do i place it?
<joschi> lieuwe: normally you'll place it in /etc/init.d/.
<joschi> lieuwe: if it should just run on ubuntu, you can as well write an upstart job. see http://upstart.ubuntu.com/getting-started.html
<lieuwe> joschi: thanks, got it to work with the upstart job
<gobbe> :)
<xampart> hmph....what is wrong with my crontab entry: "5 * * * * /usr/sbin/arping_duplicate 2>/dev/null"? using just /usr/sbin/arping_duplicate 2>/dev/null works fine
<gobbe> xampart: >/dev/null 2>&1
<gobbe> if you mean that you dont want email?
<xampart> gobbe: that's just for the arping_duplicate error message "WARNING: interface is ignored: Operation not permitted" to not be shown
<gobbe> ok, anyway my line should do it
<macno> Hi, I have 2 identical servers (lucid) and on one of them one service doesn't start at boot
<joschi> macno: then they aren't identical by definition
<macno> joschi, you're right
<macno> I tried to configure both at the same way
<joschi> macno: maybe you want to share the error message(s)
<macno> no error
<macno> just don't start
<macno> it's cman
<macno> if is run service cman start , it starts correctly
<macno> s/is/I
<macno> and I see it joining the cluster
<joschi> macno: runlevel for the init script is correct?
<macno> good question, but I don't see any link in /etc/rc2.d
<macno> neither on the node where it starts
<joschi> macno: is it an init script in /etc/init.d/ or an upstart job in /etc/init
<macno> the script is in /etc/init.d
<joschi> macno: /etc/rc2.d is only one runlevel
<joschi> there are more ;)
<joschi> macno: maybe you want to read http://manpages.ubuntu.com/manpages/lucid/en/man8/update-rc.d.8.html
<macno> joschi, is there something like chkconfig in ubuntu? to show me in which runlevel the script is enabled?
<macno> joschi, http://paste.ubuntu.com/548506/
<macno> this is on the node where cman starts at boot
<joschi> macno: and now add the init script on the other node to runlevels 0, 6, and S
<macno> joschi, hum, on the other node I already have them , but only in 0,6
<macno> joschi, well, I manually added the link in rcS.d,  rebooting now
<macno> joshi , thanks it worked. I'm gonna read what rcS.d is
<alkisg> I want to "limit rate of outgoing traffic to 100Mbps per *destination*, not source IP". What qdisc should I be looking at?
<Spirits-Sight> how do I enable ability to use sftp or other protocal to upload and download stuff to my server 10.04
<patdk-wk> install opensshd
<patdk-wk> openssh-server I guess :)
<pmatulis> Spirits-Sight: installing openssh-server will allow clients to upload & download via sftp.  the ssh/sftp *client* is installed by default on any ubuntu machine
<patdk-wk> ya, but normally, to my server, means he is running the client not at the server :)
<pmatulis> ya, but 'download to my server' is also nonsensical.  i gave a generic answer
<patdk-wk> :)
<Psi-Jack> Does Ubuntu have an rsync'able repo so I can archive a local mirror?
<maswan> https://wiki.ubuntu.com/Mirrors
<maswan> basically, just choose a close mirror and hit it with rsync -av host::ubuntu ubuntu for a local mirror of the archive if you just want an occasionally updated one
<patdk-wk> it will do all current versions though, if you don't want to, that method won't work (600gigs about currently?)
<skorv> can bind9 work with 2 subnets (3 ethernet adapters(1wan;2lan)
<Psi-Jack> I have a few things I'd like to do. Keep it trim so it only has the arch's I need, which IIRC Ubuntu only really has i386 and amd64 anyway, and the distributions I want, which will be Lucid/10.04
 * patdk-wk would go for probably an apt-cacher-ng or squid method for that
<Psi-Jack> Nah. Rsync is fine, even if I have to script it to get just what portions I need. ;)
<patdk-wk> I dunno how you would script rsync to do that
<Psi-Jack> Same way I do it with CentOS, likely. :)
<patdk-wk> you would have to download and parse the package list, and have rsync sync once per package
<patdk-wk> no, completely different from centos, it won't work :)
<Psi-Jack> Hmmm. That's right.. They have the whole pool thing, don't they?
<patdk-wk> yep
<Psi-Jack> Ubuntu that is.
<Psi-Jack> Frack! What an annoying method that can be. LOL
<patdk-wk> there are ones that do it, I think apt-mirror does it
<patdk-wk> but apt-mirror annoyed me
<popey> debmirror is also good
<Psi-Jack> yeah, and I wanted to have my storage server download it directly, which is OpenSUSE, so debmirror, and apt-* isn't available.
<Psi-Jack> heh
<patdk-wk> never heard of installing via tar.gz?
<Psi-Jack> Anything else, I'd have to fricken setup an NFS export or something, and bleh, Just bleh. ;)
<patdk-wk> what have people come to these days when they can only use binary packages :)
<Psi-Jack> patdk-wk: Say whaaaaa? Are you cwazy? Don't answer, I already know.
<maswan> skorv: yes
<Psi-Jack> :)
<maswan> skorv: If you want to serve up different views to different networks, that is also possible, but takes some trickery.
<patdk-wk> heh, I'm liking apt-cacher-ng though, works, clean enough, no need to mirror everything like I used to
<patdk-wk> use it for my clusters, and just use squid for my home lan
<Psi-Jack> Heh.
<patdk-wk> I have done apt-mirror and rsync for awhile, just really the unreleased ubuntu version package changes annoyed me with rsync method, downloading a few hundred packages each day I didn't use
<Psi-Jack> Well, If'n I'm gonna do it that route at all, I'ma hafta set it up on a debian server, so dunno how well that'd mix with Debian and Ubuntu both shareing the same cacher method.
<patdk-wk> they shouldn't care at all :)
<Psi-Jack> And I prefered it to be as transparent as possible. heh
<patdk-wk> ya, apt-cacher/apt-mirror I don't think are transparent
<Psi-Jack> Like, able to be performed during installation? ;)
<patdk-wk> but just set a proxy setting in apt and it's good
<patdk-wk> during install, yes, just use the proxy setting during install, it always asks :)
<Psi-Jack> So, apt-cacher-ng could be transparent by using a proxy setting?
<patdk-wk> yep
<patdk-wk> squid is already transparent, or using proxy
<patdk-wk> I haven't done an install yet with apt-cacher-ng, I could try one now just to test :)
<Psi-Jack> Hehe.
<Psi-Jack> Yeah, I've a bit to setup to get that idea rolling. Likely seting up my director vm to NFS mount the storage server to house everything.
<Psi-Jack> patdk-wk: Thanks for the idea of apt-cacher-ng. Looks like it's probably the best route for me, so far. ;)
<patdk-wk> don't use apt-cacher, I tried it, it took 5min to do an apt-get update with it
<Frenk> Hey. I have a Apache2 server and 2 domains. I also have a web-frontend on port 3000. Now I want to configure it that way = I can access the web-frontend by using domain.com but not with anotherdomain.com. How to do that? I already tried that: http://paste.ubuntu.com/548560/
<patdk-wk> yep apt-cacher-ng works fine for install time, mini-iso tested :)
<patdk-wk> frenk, you need to define a virualhost _default_:3000 and have it reject all
<patdk-wk> and then have that virtual host seperate
<Frenk> i have it as a seperate file in sites-enabled... what do you mean?
<Italian_Plumber> greetings... anyone subscribe to the Ubuntu Security Updates RSS feed?  there hasn't been any update for about 2 weeks now.
<pmatulis> Italian_Plumber: guess that's a good thing
<patdk-wk> not really :(
<giovani> Italian_Plumber: mailing lists are typically the prefered notification method for security updates in any community
<giovani> I don't know anything about the RSS feed
<Italian_Plumber> what's the ubuntu mailing list?
<patdk-wk> I have gotten a one email, that didn't popup on the security rss feed
<patdk-wk> but ya, nothing has happened for awhile
<giovani> https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
<Italian_Plumber> according to this page http://www.ubuntu.com/usn the mailing list and the RSS feed are the same...?
<giovani> Dec 16 was the last post
<Italian_Plumber> just kinda wierd to have gone for more than 2 weeks with no notices.
<giovani> Italian_Plumber: you appear to be correct, like I said, I don't know anything about the RSS feed
<giovani> many people are on vacation, etc, it's not terribly surprising
<Italian_Plumber> true
<Italian_Plumber> The last kernel update was 12/15 ... loooks like I didn't install it... my uptime is ~28 days
<giovani> Italian_Plumber: you might've installed it, but not rebooted
<giovani> ksplice ftw
<uvirtbot> New bug: #695138 in clamav (main) "Ubuntu 10.10 screensaver does not work when ClamTK is installed." [Undecided,New] https://launchpad.net/bugs/695138
<_ruben> if only it were free
<jdstrand> giovani, Italian_Plumber: yes, people are on vacation which is why there haven't been USNs. we are monitoring for high priority issues though
<Yizi> anyone can help me with iptables?
<kim0> Yizi: just ask
<Yizi> ok i have a ubuntu machine with 3 network cards
<ish10> hey guys how do u use nagios plugins?
<Yizi> eth0, 1, 2
<Yizi> eth1 is connected to net using a gateway
<Yizi> on eth0 i have intranet where i need them to be able to access the internet
<Yizi> i need to setup the iptables on my ubuntu machine being the middle computer
<kim0> Yizi: so u just want to setup natting ?
<Yizi> so allow intranet users to access the web
<Yizi> what i'm doing is im writting a shell script
<Yizi> can i NAT in that too?
<kim0> Yizi: iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
<kim0> Yizi: this would enable intranet outgoing access to internet
<Yizi> thats amazing
<Yizi> one more question, how will i be able to prevent packets which logically originated from the internet?
<kim0> Yizi: for more details .. might wanna read this https://help.ubuntu.com/10.04/serverguide/C/firewall.html (masquerade section)
<pmatulis> i converted single disk non-raid (A) into raid1 with new disk (B) and managed to boot into B (/ on md0); do i need 'grub-install /dev/A' (or anything else)?
<ish10> does anyone here use nagios?
<eagles0513875> hey guys stupid question probably is it possible to setup quotas on a folder
<pmatulis> eagles0513875: i think it's just per filesystem
<pmatulis> eagles0513875: not 100% sure
<eagles0513875> ok
<eagles0513875> tried googling but not turning up much
<gobbe> yep
<gobbe> i
<gobbe> quotas are per set per filesystem
<eagles0513875> gobbe: is it possible to do per folder?
<eagles0513875> i need that to restrict websites that i have in /var/www
<patdk-wk> eagles0513875, if you mount a filesystem per folder, yep
<patdk-wk> eagles0513875, your thinking about it wrong :)
<eagles0513875> what should i do
<patdk-wk> depends, what is the goal?
<eagles0513875> basically im going to be setting up packages
<patdk-wk> no, explain how you want the quotas to work
<eagles0513875> on a per folder basis
<eagles0513875> depending on the package
<patdk-wk> that makes no sense to me
<eagles0513875> what would oy recommend
<patdk-wk> I can't recommend anything, as I have no clue what you want, except the impossible
<eagles0513875> :-/ ok
<sacarlson> eagles0513875: quotas as Identified by what?
<sacarlson> ip?
<sacarlson> name and user?
<eagles0513875> not ip just size
<eagles0513875> site size
<sacarlson> size to all users
<sacarlson> as measured bytes from a folder
<eagles0513875> each client will have a folder for their site which is setup as a vhost
<eagles0513875> lets say for a site you have 2gb of space have a hard limit on space
<sacarlson> well webalizer tracks that
<sacarlson> so interface to that and you should have it
<eagles0513875> ok but then how does one restrict site size
<sacarlson> rename the dir so they can't get in?
<eagles0513875> for a particulare folder then lets say 2gb for site2
<sacarlson> or redirect to a page that says sorry can't come in
<eagles0513875> ok
<sacarlson> so first look at the code of webalizer and see how they do it
<sacarlson> the rest is easy
<eagles0513875> ok
<eagles0513875> thanks sacarlson
<gobbe> eagles0513875: you could do lvm-volume for www and add it there
<eagles0513875> ya only have 1 hdd not setup as lvm
<gobbe> eagles0513875: and mount it, then you have it per folder
<patdk-wk> :) as long as you have enough diskspace for fullcapacity of all sites
<gobbe> yep
<eagles0513875> right now only 3 clients
<eagles0513875> my site
<eagles0513875> crm
<eagles0513875> and 2 clients
<patdk-wk> use spares file backed lvm?
<eagles0513875> ?
<gobbe> what do you want to achieve?
<gobbe> i dont really get your point
<eagles0513875> im considering renting an offsite server as a roll over if my connection goes down or something
<patdk-wk> he wants quotas, but not via user/group :(
<patdk-wk> or did you mean me, with the sparse file?
<gobbe> ok
<patdk-wk> hmm, 4Tb sparse file, formated lvm, and split into 200mb sections and mounted, should be fun :)
<patdk-wk> hmm, asx works fine for me
<eagles0513875> im strapped for cash atm
<patdk-wk> oh opps :)
<eagles0513875> i woudl buy 2x2tb hdds
<eagles0513875> and mirror them
<patdk-wk> eagles0513875,  the only way to do it without wasting craploads of diskspace is with a sparse file
<eagles0513875> which means
<patdk-wk> google:sparse file
<eagles0513875> ok
<eagles0513875> question webalizer how does one view the information
<sacarlson> I think I still have 3 or 4 still on my server I just link this one
<sacarlson> opps sorry wrong page
<patdk-wk> nice, 100gig sparse file, created lvm with 6 volumes is only 28k :)
<SpamapS> sparse files.. or "how to completely fragment your hard drive twice in under 1 second" ;)
<patdk-wk> SpamapS, that too :)
<gobbe> :D
<gobbe> sparsefiles are quite deadend
<gobbe> :D
<patdk-wk> it fixs a problem, while creating another one down the road
<gobbe> yes
<eagles0513875> !webalizer | eagles0513875
<eagles0513875> how does webalizer   work
<eagles0513875> do i just then configure it?
<gobbe> eagles0513875: www.webalizer.org?
<eagles0513875> there isnt much there
<gobbe> so what are you looking for?
<patdk-wk> a way to use du -s /var/www/*, and disable a folder that has gone over quota :)
<eagles0513875> patdk-wk: in a nutshell yes
<patdk-wk> seems pretty simple :)
<eagles0513875> is webalizer what i want
<gobbe> no
<gobbe> webalizer is just analysis
<eagles0513875> that i do want to keep though
<eagles0513875> so i cen see site stats etc
<gobbe> well, then webalizer is for you
<etcetera> I did a cp -R from a directory to /usr/local/ instead of /usr/local/foo
<etcetera> how do I pipe all the contents from the source directory into an rm-rf
<qman__> probably some sort of loop with a find
<qman__> but unless you have a ton of stuff in there I'd just do it manually, probably would take less time and then you know for sure you don't accidentally delete something you weren't supposed to
<etcetera> I'm sure it's a common occurence.
<gobbe> etcetera: find /some/directory -name '*match*' -exec rm {} \;
<etcetera> gobbe: where /some/directory is the source directory I used to cp?
<gobbe> etcetera: well it's directory where do you want to delete files
<gobbe> but it deletes the original directory
<gobbe> i mean content
<etcetera> ?
<gobbe> i'm not sure what do you want to do
<qman__> he copied recursively to the wrong location, and now he wants to undo
<etcetera> gobbe: I have a source dir ~/foo that I did cp -R to /usr/local/ instead of /usr/local/foo
<gobbe> and you want to do what?
<qman__> so he wants to take the list of files in the original location, and remove them from the new location
<gobbe> aah
<gobbe> well that wont do it then
<etcetera> find all *files* in /usr/local that match ~/foo
<qman__> find is the right tool, but I don't know what sort of statements or loops you'd need to pull it off
<etcetera> but not folders, I will handle that myself.
<gobbe> you could find them, put output to file, change path to /new/folder and pass that to rm
<Slyboots> Anyone here familure with NFS in windows :P
<Slyboots> Set it up' I can connect.. but it keeps complaing that its Read-only (should have rw )
<subrosian> i seem to be having issues with installing openssh-server through apt-get
<giovani> subrosian: can you be specific?
<giovani> (what issues)
<subrosian> package "openssh-server" has no installation candiadate
<giovani> do an apt-get update
<giovani> your package lists are likely out-of-date
<subrosian> very possible, thanks :)
<subrosian> ah, my DNS wasn't working properly which was causing apt-get upgrade issues
<subrosian> seems to be good now, thanks a bunch
<subrosian> apt-get update*
<giovani> subrosian: no problem
<etcetera> wouldnt it be better to do an ls of all the files in the source dir recursively...
<etcetera> and then pipe that to a find which matches those in the /usr/local and issues the -exec rm?
<etcetera> again, my situation is i acidentally did a cp -R ~/foo /usr/local instead of /usr/local/foo
<etcetera> and I want to delete all the *files* in /usr/local that correspond to those found in ~/foo
<etcetera> I will handle deleting the folders myself.
<etcetera> sorry about that, anyone with some insight?
<giovani> etcetera: I don't know what you're asking -- you seemed to have begun talking in the middle of an explanation?
<etcetera> giovani: I asked the question earlier.
<etcetera> I have a directory ~/foo which I accidentally copied to /usr/local instead of /usr/local/foo
<etcetera> I need to figure out a way to delete all the -files- out of /usr/local/ that are in ~/foo
<giovani> you can do an ls ~/foo and then use any kind of stream editor like sed to prepend /usr/local/ to the filenames, then pipe that output to rm
<giovani> that's how I'd do it
<etcetera> ok, obviously my command line fu is lacking.
<etcetera> I cannot for 1 figure out how to get all the files as a list but still recurse the directories.
<giovani> oh, foo is multi-level?
<etcetera> yar.
<giovani> that's a bit more complex, let me think for a sec the best way
<etcetera> I plan on manually rm-ing the dirs.
<giovani> no need
<Pici> find /path/to/stuff/ -type f
<giovani> yeah, that's not enough though
<etcetera> giovani: well there is a need.
<etcetera> I have a ~/foo/bin
<etcetera> and I don't want to delete /usr/local/bin
<giovani> yeah
<giovani> I was saying, you won't delete the dirs
<giovani> just the files that were copied
<etcetera> right.
<giovani> etcetera: find . -type f | sed -e "s/^./\/usr\/local/" | xargs rm
<giovani> you run that in ~/foo
<giovani> or specify ~/foo instead of "." in find
<giovani> I'd run it once without "rm" and instead with "echo" to get a list of all files it's about to delete
<etcetera> giovani: awesome. thanks.
<etcetera> after a really long time in the windows world, I am still to this day glad I never had to learn set.
<etcetera> sed*
<etcetera> that being saidâ¦after all this time it's a damn shame there isnt a more semantic api for filtering.
<RoyK> been entraped on windoze_
<RoyK> ?
<etcetera> entrapped, no.
<giovani> glad he never had to learn sed?
<giovani> that's unfortunate
<giovani> there's nothing illogical about sed's syntax
<chrowe> anyone here use the Landscape service and have issues with the landscape-package-reporter using 99.9% of the CPU?
<pmatulis> chrowe: sounds odd
<chrowe> pmatulis: it looks like this https://bugs.launchpad.net/landscape-client/+bug/675577
<uvirtbot> Launchpad bug 675577 in landscape-client "landsape package reporter takes up too much cpu and memory resources" [Undecided,Incomplete]
#ubuntu-server 2010-12-30
<pmatulis> chrowe: perhaps check logs for anything suspicious (or turn off "psyco" like a bug commenter suggested)
<talntid> on hour 7 of fsck checking my hard drive... anyone think that's too long?
<talntid> it's a 600gb raid6 array
<maswan> talntid: not nevcessarily, depends on the filesystem and what you have stored
<talntid> hmm, ok :(
<talntid> gfs. lots of documents, mp3s of call recordings...
<donvito> how to save a bin bash script
<donvito> its ok ipv6update.sh ?
<donvito> #!/bin/dash
<donvito> or #!/bin/bash
<uvirtbot> New bug: #392968 in beautifulsoup "beautifulsoup 3.1 is buggy, provide 3.0 by default" [Wishlist,Confirmed] https://launchpad.net/bugs/392968
<uvirtbot> New bug: #695557 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/695557
<Psi-Jack> Anyone here know if FC-connected storage to two physical servers could share the same software raid?
<Patrickdk> hmm, you can't share drives that way, unless your using special firmware on the drives, like how gfs was origionally designed to work :)
<Psi-Jack> hehe.
<Psi-Jack> I'm trying to help this guy who's trying to provide redundancy of a single shelf of FC-attached storage to 2 physical servers, those 2 physical servers are what he wants to provide network filesystems from, and NFS we all know sucks at that for fault tolerance. ;)
<Patrickdk> basically, you still need a lock manager, so two drives don't cache/write to the same place at the same time
<Patrickdk> origional gfs put the lock managers on the drives themselfs in the firmware
<Psi-Jack> I'm pretty much at the point of thinking, no matter what, 50% of the shelf is going to be dedicated to each physical server. Correct?
<Patrickdk> depends on how you set it up, but I believe so
<Psi-Jack> Yeah.
<Patrickdk> then if one server dies, the other one can steal those drives
<erfolg> hi. i've got a shorewall routing question if somebody can possibly help.
<c0nv1ct> erfolg, ask it and see
<erfolg> ok. well i've got my firewall/router server. then i've got another server behind it i'm running 2 game servers on. i need to forward 27015 and 27016 to it. in my config i've got DNAT to it tcp and udp but it they never show up on steam or anything.
<erfolg> some of that might confuse you. i can paste my rules into pastebin or something if you need.
<fabiobik> hi there
<fabiobik> ive installed vsftp
<fabiobik> and i want to acess to ftp with local username
<fabiobik> i can acess
<fabiobik> but i cant do nothing
<fabiobik> 500 premission denied
<Delerium_> Probably don't have the good permission
<erfolg> be sure the directory you're in is set to the correct permissions.
<erfolg> sudo chown -R user:group /srv/directory
<Delerium_> if you log with your own ID, you will have access to your home directory, that's about it
<fabiobik> Delerium
<fabiobik> i want to delete a folder inside var/www/
<fabiobik> erfolg
<fabiobik> what i need to do?
<erfolg> cd /var/www
<Delerium_> If you want to work on a remote host to delete / create / manage ... I would suggest SSH instead of ftp
<erfolg> sudo rm -r folder
<Delerium_> erfolf: sudo is supported with ftp!?
<fabiobik> lol
<erfolg> oh ftp?
<erfolg> lol
<Delerium_> yeah. that's what fabiobik said earlier on
<erfolg> be sure you have permissions set in it and then you should just be able to login and hit delete.
<erfolg> srry i'm tired. lol.
<Delerium_> no problem, I was wondering if I missed something too.. Little wine tonight so.... ;)
<erfolg> lol. yeah.
<fabiobik> erfolg and how to be shure i have all premissions
<fabiobik> lol
<Delerium_> ls -al  ;)
<erfolg> do you have access to the server it's hosted on?
<erfolg> or just ftp access?
<fabiobik> all acess
<fabiobik> its mine server lol
<erfolg> ok
<erfolg> login
<fabiobik> ssh?
<erfolg> yeah. or locally.
<erfolg> then type this
<erfolg> cd /var
<erfolg> sudo chown -R username:username www
<erfolg> replace username with your username
<erfolg> then ftp to it and you should be able to have full access to it
<erfolg> be sure to use your username for the ftp
<fabiobik> yes
<Delerium_> also, if /var/www is your apache DocRoot, be sure that the user running the apache process have access ;)
<fabiobik> 250 Directory successfully changed.
<fabiobik> Comando:	RMD projeto
<fabiobik> Resposta:	550 Remove directory operation failed.
<fabiobik> :S
<erfolg> wait. try chown -R username:www-data www instead
<c0nv1ct> erfolg, not sure i get your shorewall problem... have you checked to see if traffic arriving on those ports reach the server? and why dnat?
<erfolg> i think that should work.
<fabiobik> chown: missing operand after `fabiomig:www-data'
<erfolg> c0nvlct, everything i read said to use dnat for it. i tried dnat and just accept and neither one let it work.
<erfolg> sudo chown -R fabiomig:www-data /var/www
<c0nv1ct> erfolg, ah, might be something specific for steam then... you'd think -j FORWARD would work just fine
<erfolg> yeah. well it works on my firewall box with just accept. but then when i try to put it on the other server and port forward it doesn't.
<fabiobik> Comando:	RMD projeto
<fabiobik> Resposta:	550 Remove directory operation failed.
<fabiobik> Estado:	A obter a lista de pastas ...
<fabiobik> -_-
<erfolg> hmm. 1 more try.
<erfolg> sudo chown -R www-data:www-data /var/www
<erfolg> then try to ftp in as root
<erfolg> idk if it'll let you do that. if not i've got a way that'll def let you do it after that.
<fabiobik> noting
<fabiobik> how to remove a pakage
<erfolg> c0nvict, yeah i think i'm probably gonna stop using shorewall and just use iptables. so many things that screw it up.
<erfolg> it wouldn't let you delete it then fabio?
<c0nv1ct> erfolg, check to make sure the ports are working first using netcat
<fabiobik> sudo apt-get install vsftp
<fabiobik> now i want to remove
<erfolg> sudo apt-get purge vsftp
<erfolg> hmm you're right c0nvict. i can't connect from 1 to the other. i can connect from a windows computer on the lan but not from my firewall server to the app server. weird.
<erfolg> i can connect to my mumble server from it but not the steam servers. maybe something in the steam settings.
<erfolg> but from external i can't connect to mumble server. :(
<talntid> Hi all. I know #xen is the recommended chat room for Xen, but the are idle... does anyone here have experience installing Xen on 10.04?
<talntid> Mainly, I am looking for how to do it. I have tried a handfull of times, all unsuccessfully.
<SpamapS> talntid: typically there is better support for kvm than xen in ubuntu
<Syria> Hi, is there a way to list users on my ubuntu lucid server?
<gobbe> cat /etc/passwd
<andol> Syria: getent passwd
<Syria> Thank you guys, how can i change the password for a specific user?
<andol> sudo passwd specific_user
<Syria> andol thnx again.
<Syria> I have installed vsftpd and created a new user but the ftp server does not seem to be working.
<Syria> I am trying to update wordpress which installed on my ubuntu lucid vps server should this be the hostname for example? 109.233.112.154 ?
<Syria> I have created a new user but when i ssh using it all i get is the $  sign!
<nigelb> that's because you don't have the bash shell I think.
<nigelb> The user is probably havng /bin//sh
<nigelb> err /bin/sh
<Syria> nigelb How can I fix this please?
<nigelb> "sudo chsh -s /bin/bash username" perhaps?
<nigelb> I'm not sure.
<Syria> nigelb it works!! thank you.
<nigelb> \o/
<Syria> am I a super user now?
<Syria> opps what does this mean! There is 1 zombie process.
<Syria> nigelb Do you have an idea about what 1 zombie process. is?
<nigelb> I think zombie process would already be dead.
<nigelb> http://www.cyberciti.biz/tips/killing-zombie-process.html
<Syria> nigelb I get this zombie thing only when i ssh using the new user name that i have created! and I am not getting an output using the # top command.
<nigelb> checkout ps ax and see if you have any process with Z in stat column
<Syria> nigelb all I get is a new line.
<nigelb> :(
<nigelb> In that case, I don't know.
<Syria> its okay thnx. :)
<Syria> Hello, is this the right way to make a copy of a folder via ssh? ibrahim@server:/$ cp /var/www/site /var/www/site-backup
<Frenk_> Hey, I have an error using psad: http://paste.ubuntu.com/548783/ Although I set IPTABLES_PREREQ_CHECK to 1; Can I add the chain manually? And how do I ensure that they exist after restart? iptables-save didnt work for me the last time.
<Jeeves_> Syria: add -r
<Syria> Jeeves_ where should I add it please?
<Jeeves_> Syria: Oh wait
<Jeeves_> you want scp -r /var/www/site $user@$remote_host:/var/www/site-backup
<Jeeves_> That copies /var/www/site to the remote hosts directory /var/www/site-backup
<Jeeves_> If you want it to stay on the same server
<Jeeves_> cp -r /var/www/site /var/www/site-backup
<Syria> Jeeves_ It is not a remote host, i want to copy the folder on the same server.
<Syria> Yes thank you.
<Syria> I understand it now.
<Syria> I want to add my username to the sudoers file is this the right way? sudo nano /etc/group
<Jeeves_> Syria: No
<Jeeves_> If you want sudo, just add yourselve to the group admin
<Jeeves_> adduser $username admin
<Syria> Jeeves_ I Thanks again. :)
<gobbe> usermod is correct tool to add users to groups
<talntid> any way to see if fsck is still doing anything? it's been going for about 12 hours...... loads are at exactly 1.0.....
<talntid> and shows it's running in top, too...
<gobbe> are u running it manually?
<Jeeves_> gobbe: adduser is just a wrapper around usermod
<podman99> hey all ... i know this will be something simple... using ubuntu-vm-builder on maverick 10.10 built and installed from ISO a VE, i used virsh to define /etc/libvir....... start bt01 and it waits and tells me : http://pastebin.com/xCDCX5a4 ?? any ideas have followed docs perfectly @ https://help.ubuntu.com/community/KVM/CreateGuests
<gobbe> Jeeves_: oh yeah, my bad.Too used to use usermod ;)
<pmatulis> podman99: looks like you used root to build the vm
<talntid> /sbin/mount.gfs2: error mounting /dev/drbd0 on /home: No such file or directory
<talntid> which one does it think doesn't exist?
<phetips> I have set up a working LAMP stack. Now I want to be able to send mail via PHP. What is the best way to go about this? Any recommendations on send only MTAs or particular setups?
<Jeeves_> 'apt-get install postfix' ?
<phetips> Jeeves_: i've been told that is overkill for what i'm trying to do
<phetips> and apparantly send only MTA's are the way to go
<phetips> i've had trouble setting up postfix in the past, perhaps i just need to look into it a bit more
<patdk-wk> send only mta's can get you into lots of issues though
<patdk-wk> if you care about your email
<patdk-wk> they don't cache/spool, so if the mta they are sending to is down, or something, your emails are lost
<patdk-wk> so I go with postfix instead :)
<phetips> allright, i'll give that another go, any tips on how to set it up in my php.ini?
<qman__> I agree, it may be "overkill" but postfix won't let you down
<qman__> I've run into all sorts of trouble with supposedly simple lightweight MTAs
<patdk-wk> you don't "set it up in php.ini"
<phetips> ; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
<qman__> when you install postfix it becomes the local "sendmail" daemon
<phetips> ; http://php.net/sendmail-path
<phetips> ;sendmail_path =
<qman__> you don't need to configure any of that
<qman__> just use mail()
<qman__> it knows what to do
<phetips> so, "sudo apt-get install postfix; sudo apache2ctl restart;" should allow me to use mail() ?
<qman__> you only need to configure that if you have a botched up install where your system doesn't know where its mail daemon is, or you're using an external mail system directly from PHP
<patdk-wk> apache restart shouldn't be needed
<qman__> just install and configure postfix, it will "just work"
<qman__> be aware though, that your mails will probably get caught by spam filters unless you do it properly
<phetips> allright then, i'm guessing i should pick "Internet site" for the postfix conf?
<gobbe> yep
<qman__> yes
<phetips> system mail name of any particular importance?
<qman__> very
<phetips> by default it is set to my hostname
<qman__> that's the local mail domain
<qman__> e.g. if your website is mysite.com
<qman__> that would be mysite.com
<Jeeves_> phetips: ssmtp works, i think
<phetips> it's a development setup, it runs on my localhost
<qman__> that name is where mail sent by the system comes from, and where reply mail should be sent to
<phetips> so if it's just a local server, what should i set it to?
<qman__> probably the default if it's not going on the internet at all
<phetips> well, i would like to have it send e-mail to my gmail or exchange server
<qman__> if you have a working exchange mail system, you should use the satellite configuration instead
<qman__> and have it forward mail to exchange
<phetips> i'm guessing i should not set the system mail name to the exchange domain then?
<phetips> or should i
<phetips> sorry for being so newbish :)
<phetips> and thanks for being so helpful
<qman__> no, in that case set it to the local host name
<qman__> the way spam filters work, any mail that isn't sent from an apparently legitimate server gets junked
<qman__> so if you want your mail to work on the internet, you can't just set up a simple, unconfigured smtp
<phetips> SMTP relay host should be the exchange server then?
<qman__> it has to go through a properly configured system
<qman__> yes
<qman__> and the exchange server needs to accept relays from your host
<podman99> pmatulis, correct ... i didnt use --dest to move it out of /root as qemu wont load from /root ... resolved not sorry
<pmatulis> podman99: 'resolved not sorry' ?
<phetips> qman__: do you happen to know if i can run that configuration tool again?
<phetips> it aborted
<pmatulis> phetips: 'sudo dpkg-reconfigure postfix' ?
<phetips> pmatulis: awesome, thanks
<phetips> qman__: just setting it up as Internet server and setting mail name to "localhost"
<phetips> was actually sufficient to ahve it send mail to my exchange server
<phetips> without it getting marked as spam or anything :)
<phetips> anyways, thanks for the help!
<Wolfsherz> hey, can someone help me with my virtual hosts? i seem to be doing it wrong somehow...
<pmatulis> !ask | Wolfsherz
<ubottu> Wolfsherz: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<Wolfsherz> well ok, i get the following error when starting apache: [warn] NameVirtualHost *:80 has no VirtualHosts
<pmatulis> Wolfsherz: but does your setup work?
<Wolfsherz> not as it should. beside the default i defined a second virtual host under /etc/apache2/sites/available and enabled it with a2ensite. the default-site i open with the servers ip. the second one is a domain inquirere.de wich works only when i open www.inquirere.de not without www. it then defaults to the default-page
<Wolfsherz> i guess there must be an error with the default or second virtual-host definition
<Wolfsherz> would it help to post the config-files default and inquirere.de?
<pmatulis> Wolfsherz: did you follow any documentation?
<Wolfsherz> yes, i followed a book called ubuntu-server by michael kofler
<Wolfsherz> do I need NameVirtualHost *  at the default-configuration?
<Wolfsherz> it has not been in there, but the book had it in, so i included it.
<_ruben> the warning means that you have a "NameVirtualHost *:80" config directive but no matching "<VirtualHost *:80>" entry or entries
<Wolfsherz> but i can not see any *:80 directive
<_ruben> according the warning, it is *somewhere* :)
<_ruben> might wanna grep for *:80 recursively through /etc/apache2/ :)
<Wolfsherz> what the... its in ports.conf
<Wolfsherz> so i'm going to remove the NameVirtualHost * in the default site configuration
<Wolfsherz> message gone, thanks!
<Wolfsherz> the other problem persists though: when opening inquirere.de it does show the default-site not the configured vhost
<Wolfsherz> i defined ServerName inquirere.de and ServerAlias www.inquirere.de
<_ruben> i've been running into similar issues recently, hadn't had time time to dive in though :/
<_ruben> though in my case, one vhost config seems to trample another, as browsing to the servername of the other, it ends up at the first anyways
<Wolfsherz> this is my vhost:
<Wolfsherz> <VirtualHost *:80 >
<Wolfsherz> 	DocumentRoot	/home/inquirere/www/
<Wolfsherz> 	ServerName	www.inquirere.de
<Wolfsherz> 	ServerAlias	inquirere.de
<Wolfsherz> 	ErrorLog	/home/inquirere/www-log/error.log
<Wolfsherz> 	CustomLog	/home/inquirere/www-log/access.log combined
<Wolfsherz> 	ServerAdmin	webmaster@inquirere.de
<Wolfsherz> 	ErrorDocument	404 /not-found.html
<Wolfsherz> 	
<Wolfsherz> 	<Directory "/home/inquirere/www/" >
<Wolfsherz> 		AllowOverride AuthConfig FileInfo
<Wolfsherz> 	</Directory>
<Wolfsherz> </VirtualHost>
<pmatulis> !paste | Wolfsherz
<ubottu> Wolfsherz: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Wolfsherz> sorry...
<Wolfsherz> ok, this is my vhost: http://paste.ubuntu.com/548860/
<Wolfsherz> i can't make out any errors in there, i wonder why www.domain.de does work, but domain.de goes to the default-site...
<pmatulis> Wolfsherz: maybe try #httpd, no apache experts here right now i guess
<Wolfsherz> will do, thank you
<gobbe> Wolfsherz: have you tried to create it with servername inquirere.de and with alias www
<skorv> i have internet on the server and not on the clients... what is to blame dhcpd our bind9?
<skorv> *or
<skorv> i'm without ideas
<gobbe> well dhcp if your client doesn't get ip
<skorv> the clients get ip
<gobbe> ...and what does mean that client doesn't have internet?
<skorv> no problems with that
<gobbe> can they ping gateway?
<skorv> yea
<gobbe> do they have nameserver in /etc/resolv.conf
<skorv> yes... besides the local.... the opendns onew
<skorv> *ones
<gobbe> so what is the problem?
<skorv> thatz my problem.... everything looks ok
<uvirtbot> New bug: #695718 in squid (main) "squid SIGABRT on bad url_rewriter" [Undecided,New] https://launchpad.net/bugs/695718
<uvirtbot> New bug: #695719 in samba (main) "package samba-common (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/695719
<gobbe> skorv: so what is not working?
<_ruben> does ping 8.8.8.8 work from a client? does host www.google.com work from a client?
<gobbe> and how does your client and server relate each other?
<gobbe> is client connected thru server
<gobbe> or what?
<pmatulis> hmm, after booting a degraded raid1 array from busybox every subsequent reboot (still degraded) proceeds without intervention.  normal?
<pmatulis> md1 (swap) however remains non-active
<skorv> client gets ip... nothing else
<teddymills> I updated my kernel using  wget a new kernel and installed it using dpkg -i.  If I wget the original kernel. can I revert back to the original kernel?
<gobbe> skorv: and how client is connectred to internet?
<gobbe> earlier you answered that it can ping gateway?
<gobbe> and now it cannot?
<skorv> server serves as gateway
<gobbe> do you have ip forwarding there?
<pmatulis> teddymills: that's not the way to update your kernel
<skorv> nop
<skorv> server has dns and dhcp
<gobbe> skorv: well you need that
<skorv> :P
<gobbe> of course it cannot connect without able to forward traffic
<skorv> i'll figure it out
<pmatulis> teddymills: anyway, just remove the newer kernel and you should be good
<skorv> forwarders
<skorv> hummm
<skorv> bind9
<teddymills> what is the proper way to update a ubuntu server kernel?
<gobbe> teddymills: apt-get
<pmatulis> teddymills: perform a system-wide package update
<pmatulis> teddymills: 'sudo aptitude update; sudo aptitude full-upgrade' (or use apt-get)
<teddymills> if i build a ubuntu box, i do apt-get update;apt-get upgrade  on it..what does 'apt-get full-upgrade'  do? (i never saw that before ) I did see 'apt-get upgrade-dist'
<pmatulis> teddymills: 'apt-get dist-upgrade' = 'aptitude full-upgrade'
<teddymills> sorry 'apt-get dist-upgrade'
<pmatulis> Wolfsherz: any luck in #httpd?
<skorv> so far figured out that ping from server works and gets replied... ping from client gets resolved but no reply
<skorv> target was google.com
<pmatulis> skorv: summarise your problem?
<gobbe> skorv: did you setup ipforwarding?
<gobbe> skorv: https://help.ubuntu.com/community/Router
<donvito> hello guys
<gobbe> hello
<donvito> ./ipv6.sh
<donvito> RTNETLINK answers: Operation not permitted
<donvito> RTNETLINK answers: Operation not permitted
<donvito> RTNETLINK answers: Operation not permitted
<donvito> there are 3 ip6 addresses
<donvito> why does i need to be sudo or root to add them?
<giovani> donvito: I don't know what "ipv6.sh" does
<donvito> second
<giovani> could you paste the script into a pastebin?
<donvito> ip addr add 2001:470:d:448::100/64 dev wlan0
<donvito> this what ipv6.sh does
<giovani> oh, you definitely need to be root to change IP addresses of interfaces
<donvito> but i setup this script so i can run it from rc.local
<giovani> alright
<donvito> it will run everytime alone
<donvito> i did chown root:root ipv6.sh
<giovani> you don't need to do it in rc.local, this is what /etc/network/interfaces is for
<donvito> what to do than please
<giovani> /etc/network/interfaces
<giovani> man interfaces
<donvito> nah
<donvito> looks like script works with chown root:root
<giovani> it's the standard debian/ubuntu way to set up network interfaces
<giovani> donvito: it's the improper method for doing this
<donvito> well the scripts works.
<donvito> ;)
<giovani> donvito: that's not the point
 * pennyless is away: Gone away for now
<uvirtbot> New bug: #695825 in qemu-kvm (main) "Ubuntu KVM error with guest memory >4gb ram" [Undecided,New] https://launchpad.net/bugs/695825
<mikeobeda> I need some help with improving file transfer speed to my server.  For some reason I am only getting 100 megabit connection when I have a gigabit card, a gigabit switch, and a gigabit windows machine involved in the transfer.  the transfer seems to be going through my 100 megabit router for some reason
<guntbert> mikeobeda: did you enable jumbo frames on all devices?
<mikeobeda> does anyone know how to see the path that a file takes to get from my xp machine to my ubuntu server?
<lenios> interesting, mikeobeda is asking questions and isn't waiting for answer
<guntbert> mikeobeda: did you enable jumbo frames on all devices?
<Karti_> Hi all, stuck here. I have created a group and added myself to it on a file server. It now seems that I cannot sudo as I am not in the sudors file. I believe that I should delete etc/group- and etc/gshadow- but I can't as I have lost my su ability. Any ideas would be helpful
<Karti_> By teh way I am using putty on a headless server
<AlexMax> What happened to the staff group?
<examancer> wait... you WERE a sudoer, but after adding yourself to another group your no longer a member of sudoers?
<guntbert> Karti: sounds a little strange, how did you create a group without using sudo?
<AlexMax> It's a feature in debian and it at least used to be in ubuntu
<AlexMax> http://ubuntuforums.org/showthread.php?t=693320
<AlexMax> But I just got a new 10.10 server and /usr/local doesn't have any staff permissions, only root:root
<Karti> guntbert, I created teh group with sudo and added myself and another test account. From here I can't do anything (this was after a reboot on my server and client
<Karti> the username jim is teh original one I used when I created the server
<Karti_> sorry....logged in twice
<examancer> Karti_: i'm not sure how adding 'jim' to a group would result in 'jim' being removed from sudoers
<examancer> you sure you didn't do anything else?
<Karti_> examancer, don't believe so :)
<examancer> do you have the root account enabled?
<examancer> any other account in sudoers you can log into?
<Karti_> I am getting "cannot lock /etc/group" please trty later
<examancer> when?
<Karti_> examancer, fraid I am the only admin on teh box. It is a vm that I can reclone but I would rather try to find teh fault first
<Karti_> when I try to delete the original group that I created
<Karti_> examancer, don't believe the root is active (I've not given a password)
<examancer> so you can't do: sudo cat /etc/sudoers ?
<Karti_> examancer, and its a standard install
<examancer> the account your logged into... when you run `groups` you don't see "admin" as one of your groups?
<Karti_> examancer, just says I'm not in sudoers and will be reported
<examancer> lol
 * examancer points finger condescendingly ... *you've been reported*
<examancer> what are your current groups for 'jim'?
<examancer> just run 'groups' or 'groups jim'
<Karti_> examancer, when I groups jim  - I am only in jim and netshare
<examancer> that's the problem
<examancer> sudo priviledge is given to those in the 'admin' group on a standard install
<examancer> you must have done something to remove jim from that group
<examancer> thank goodness for VMs
<Karti_> lol so I actually moved myself to only one group :)
<examancer> yet
<guntbert> Karti_: pastebin /etc/groups (for learning..)
<examancer> *yep
<examancer> i'm sure there is some way to escalate priviledges and get root access... but the fantastic linux/ubuntu community has made that really hard (for me)
<examancer> its not like resetting the admin pass in windows
<examancer> heh
<Karti_> guntbert, any way to copy text from putty?
<examancer> if it were a real machine you might be able to boot into another OS and overwrite a passwd file or something to give root a password
<examancer> Karti_: yes, just highlight
<examancer> anything you highlight is copied
<examancer> instantly
<examancer> kind of annoying sometimes, actually
<Karti_> not working on teh old highlighting side I'm afraid
<examancer> with PuTTY? if you highlight and then while its still highlighted try to paste you don't see what you highlighted?
<examancer> i use it all day at work. maybe i played with the config
<The_Tick> highlight then right click
<examancer> oh. that config sounds better. whatever i did i should undo it :-P
<examancer> oh. the copy action DOES happen just from highlighting. pasting is the right-click
<Karti_> guntbert, http://paste.ubuntu.com/548944/
<Karti_> examancer, I just ssh'd from a terminal and copied
<guntbert> Karti_: so you deleted the admin group and removed jim from almost all groups -- not good :_)
 * pennyless is back.
<Karti_> guntbert, I didnt delete the groups only add myself to netshare (was practicing with nfs
<Karti_> sudo usermod -G netshare jim
<examancer> why'd you use that command
<guntbert> Karti_: you must have -- the quickest way back would be to reinstall - and in the future create a snapshot before experimenting :-)
<Karti_> lol its all from the net - I blame my reading and searching skills :)
<Karti_> I initially wanted a group that had two users inside that I could then give permissions to on nfs share
<examancer> adduser jim netshare
<Karti_> examancer, I will definitely use that next time!!
<examancer> -G: If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be changed via the -a option, which appends the user to the current supplementary group list.
<examancer> usermod -aG is what you wanted
<examancer> -G is what caused your problems
<Karti_> By the way the I have found the assistance from the ubuntu-server channel brilliant - always helpful
<Karti_> I think your adduser will be the easiest in future :)
<examancer> yes, you'd have to be a lot more than one character off to screw things up with adduser
<Karti_> as you said ....not an issue with VMs
<guntbert> Karti_: if you want to experiment with that borked machine further: connect the image of a live CD, boot it, and with chroot change the files in /etc (especially groups...)
<guntbert> would work even without chroot
<examancer> i sure do love VMs... makes driver issues mostly a thing of the past and gives me a valid excuse to have 8GB of RAM in my desktop
<Karti_> guntbert, I will give that a go
<Karti_> examancer, your not wrong.....same excuse i gave to teh wife :)
<Karti_> examancer, just to say I tried guntbert's idea and I managed to use the recovery mode (not the live disk) to give root a password. Once this was done I added jim to admin and all is well.
<Karti_> examancer, thanks for the assistance before
<examancer> no problem :-)
<jdimatteo> good afternoon all
<jdimatteo> please help me find where it is documented what kernel(s) Ubuntu 10.04LTS Server Edition uses.  I'm evaluating whether or not I should install it at my business
<RoyK> jdimatteo: uname -r
<jdimatteo> RoyK, thanks, but that really isn't what I asked for.  I haven't installed it yet, so that really doesn't help much
<jdimatteo> RoyK: do you happen to know *if* this is documented on ubuntu.com at all?
<RoyK> this is 10.04
<RoyK> Linux lamia 2.6.32-27-server #49-Ubuntu SMP Thu Dec 2 02:05:21 UTC 2010 x86_64 GNU/Linux
<jdimatteo> RoyK: thanks very much!  this answers my question sufficiently
<RoyK> this is 10.10
<RoyK> Linux irctos 2.6.35-24-server #42-Ubuntu SMP Thu Dec 2 03:58:11 UTC 2010 x86_64 GNU/Linux
#ubuntu-server 2010-12-31
<quentusrex_> Anyone know how to create a cd that will boot and auto start ssh server?
<quentusrex_> I have a headless server that I need to boot without a keyboard or monitor, that would allow me to ssh into it once it has started.
<Smaug> hey all i can't seem to get exim4 to work
<Smaug> i configured it as per https://help.ubuntu.com/8.04/serverguide/C/exim4.html
<Smaug> and then i typed
<Smaug> >  /usr/sbin/exim -i address@domain.tld
<Smaug> >  message
<Smaug> >  CTRL+D
<Smaug> as i was instructed to in the man page
<Smaug> and nothing occurs
<Smaug> or at least no email sent
<Smaug> any help people can offer?
<Smaug> (exim4 is a sendmail replacement)
<Turl> is there any ubuntu sysadmin (from canonical) in here?
<The_Tick> doubt it
<patdk-wk> isn't that what the payed support option is for?
<Turl> patdk-wk: I don't need support
<Turl> I just want to tell them popcon.ubuntu.com is broken
<SpamapS> Turl: working fine for me
<Turl> SpamapS: yeah, the website is up&running, but it's been like 10 days without refreshing its information
<Smaug> i have trouble beleiving no one ehre knows aobut exim
<Smaug> come on
<patdk-wk> only sendmail and postfix
<Smaug> but ubuntu *comes with* exim
<Smaug> for me
<Smaug> and not sendmail
<patdk-wk> comes with postfix by default
<Smaug> mine doesn't
<Smaug> or at least doesn't have a man for postfix
<Smaug> 8.04
<patdk-wk> probably cause you didn't install postfix :)
<Smaug> ok so I should install postfix and come back
<Smaug> is what you are advising?
<The_Tick> umm
<The_Tick> there's a channel
<patdk-wk> nope :)
<The_Tick> called #exim
<SpamapS> Turl: right.. most of canonical is on holiday this week so it will most likely get looked at on Monday.
<patdk-wk> I'm saying I can't help you with exim :)
<The_Tick> patdk-wk: zomg
<patdk-wk> cause I dunno exim at all
<Smaug> The_Tick: it is dead.  i came here b/c i thought it was a standard enough sort of program
<The_Tick> Smaug: most people don't use exim
<Smaug> patdk-wk: fair enough
<The_Tick> except for spammers
<Smaug> The_Tick: huh
<Smaug> it came with my ubuntu
<Smaug> why
<The_Tick> so what?
<Smaug> would this occur
<The_Tick> apt is so hard to use
<Smaug> i thought i might as well use it
<The_Tick> people couldn't possible install the mta they want
<The_Tick> well then maybe you should ask your question
<Smaug> :)
<Smaug> okay okay
<The_Tick> and if anyone knows
<The_Tick> they'll speak up
<The_Tick> otherwise don't berate the channel
<Turl> SpamapS: right, I just emailed some ubuntu/canonical guys so I guess this will be looked at someday
<Smaug> The_Tick: i apologize to all for my berations
<Smaug> you are all my friends
<Smaug> The_Tick: (already asked my question an hour ago)
<Smaug> anyway
<Smaug> what about
<Smaug> "What MTA should I use?"
<Smaug> i don't want anything fancy
<Smaug> standard
<Smaug> simple
<Smaug> easy
<Smaug> works
<Smaug> since exim seems to be a dead end support wise
<Smaug> this 2nd question of mine is an easy one to answer
<The_Tick> you're asking people the week between christmas and new years
<The_Tick> and expect an irc channel to be alive
<The_Tick> you're hilarious
<The_Tick> you should use the mta you are most comfortable with
<Smaug> The_Tick: oh right
<Smaug> The_Tick: never used an mta before
<The_Tick> well then have you read any documentation?
 * Smaug does not celebrate christmas and has no plans for new years. no hatin
<The_Tick> most people do
<The_Tick> I'm just at work because I ran out of vacation
<Smaug> i know. the former is my choice but the latter is just bad luck. :(
<Smaug> anywayz.  thanks for you being here.
<Smaug> The_Tick: i have.  I read instructions on how to
<The_Tick> read any man pages?
<Smaug> set up and configure exim, and the exim man page
<The_Tick> ok, good
<The_Tick> any errors?
<Smaug> nope. no errors
<Smaug> just doesn't send mail. :)
<The_Tick> ok, then you have it wrong most likely
<The_Tick> see if it's listening
<The_Tick> if not, that's a good indication of the first problem
<Smaug> how should I check that?
<The_Tick> netstat :)
<The_Tick> you'll need some switches
<The_Tick> man netstat to find out which ones
<The_Tick> but it's likely netstat -na
<The_Tick> then you could grep for the right port
<The_Tick> you aren't a computerwiz if you're ircing as root :P
<Smaug> so, exim is not listening (at least nothing called "exim" is listening that I can see.  i do have a saslauthd listening
<computerwiz_222> lol
<computerwiz_222> that is my problem :P
<Smaug> cia.com?
<computerwiz_222> oh yes
<The_Tick> Smaug: and not cia.gov
<computerwiz_222> lol
<patdk-wk> the_tick, and you aren't a scriptkiddie if you haven't hacked his root irc yet :)
<computerwiz_222> alright.. i need some help actually
<The_Tick> patdk-wk: ya, I'd be someone who isn't interested
<computerwiz_222> i am running 10.04 ubuntu server
<The_Tick> that's your first problem
<The_Tick> install windows 2000 advanced edition
<computerwiz_222> i've been running it for about 2 years.. and i know that irssi as root is a bad idea lol
<computerwiz_222> but.. i'm stuck here
<Smaug> how can you have been running 10.04 for 2 years
<The_Tick> some hosting company?
<computerwiz_222> we..
<computerwiz_222> ubuntu server in general
<The_Tick> Smaug: you can update the os
<computerwiz_222> i like to keep current, you know
<computerwiz_222> anyway
<computerwiz_222> so.. i had one of my 1.5TB hard drives die on me today in my RAID array
<Smaug> The_Tick: indeed.  also, responded to your inquiry about the netstat
<The_Tick> Smaug: I'm not going to hand hold you here
<The_Tick> Smaug: you need to learn the ropes
<Smaug> can you point me towards some links at least?
<The_Tick> anything I point you to would be something I found on googl
<The_Tick> google
<computerwiz_222> i had to rewrite my fstab file because it had became corrupted for some reason
<computerwiz_222> so i rewrote it, it works fine, but everytime i reboot it's corrupted
<computerwiz_222> any ideas?
<computerwiz_222> like.. mount -a is fine, no errors
<Smaug> alright then tell me what I should search for at least.  when this problem comes up, what sort of things should be thinking about?  what do I need to learn?
<Smaug> i know to check out error logs if a program has them
<Smaug> i appreciate the time you've spent so far The_Tick
<Delerium_> Smaug: First, do you understand how MTA / mails works?
<computerwiz_222> does anyone have any ideas? My problem boils down to this.. everytime I restart, my fstab becomes corrupted
<The_Tick> computerwiz_222: I've heard of this on clusters, can't remember what the problem is
<computerwiz_222> The_Tick: I've been fighting with it for a while, and google is not much help on the issue
<The_Tick> ya, I remember those things
<The_Tick> I worked at a startup and we had this problem
<The_Tick> but the ceo fixed it
<The_Tick> it was somethinga bout a version of cluster software
<The_Tick> and some other crap
<computerwiz_222> hmm...
<The_Tick> sorry, I'm not being very helpful
<The_Tick> it's been about 2 years
<computerwiz_222> oh no, i appreciate anything you can say about the issue
<The_Tick> may not even be the same thing
<The_Tick> but I remember fstab getting corrupted
<The_Tick> mount working
<The_Tick> and it being a software raid
<The_Tick> ya, that's all I remember
<Smaug> Delerium_: only at the most basic level
<Smaug> i'm only trying to send mail
<The_Tick> you don't need an mta to do that
<computerwiz_222> this is a pretty stock 10.04 server, with 4 hard drives (2 mirrored copies)
<The_Tick> you just need an mua
<computerwiz_222> anyway.. i better go, i cringe running everything as root
<The_Tick> lol
<computerwiz_222> it goes against the fibre of my being :P
<computerwiz_222> cya
<The_Tick> computerwiz_222: errors?
<computerwiz_222> errors
<The_Tick> in dmesg or anything
<The_Tick> before you go
<computerwiz_222> hmm
<Smaug> The_Tick: ty
<The_Tick> that's where I'd start
<computerwiz_222> alright
<Smaug> The_Tick: that is helpful advice
<computerwiz_222> i'll check it out
<The_Tick> Smaug: dmesg was for computerwiz_222
<computerwiz_222> thanks, i'm sure i'll be back, and running irssi in screen next time
<computerwiz_222> cya
<The_Tick> lol
<The_Tick> later
<Delerium_> Smaug: if you only want to send mail, I guess you can use your ISP provider SMTP as the relay
<Smaug> ok
<Delerium_> Never used exim but check this: https://wiki.archlinux.org/index.php/Exim_with_a_remote_SMTP_server
<The_Tick> the problem is the isp probably knows more
<The_Tick> and doesn't allow relay
<Delerium_> Depend of ISP I guess... mine work just fine
<Delerium_> I use it to send mail from my home server
<computerwiz_222> The_Tick: Hey, so I solved my problem -- I had been using "defaults" for the options for mounting my data partition *headbash*
<The_Tick> haha
<The_Tick> what I said got you thinking?
<computerwiz_222> The_Tick: yeah, tbh.. sometimes i just need the moral support that #ubuntu-server gives haha
<The_Tick> ya man
<The_Tick> half the time you stare at it too long
<computerwiz_222> getting frustrated at annoying fstab issues will cause me to do stupid things like run irssi as root
<computerwiz_222> exactlyu
<The_Tick> and then someone says something, not even related
<computerwiz_222> pretty much lol
<The_Tick> seen the tv show house?
<computerwiz_222> yeah, but i'm not a religious watcher or anything
<The_Tick> you know the moment when someone says something stupid
<The_Tick> then he gets a look in his eye
<The_Tick> and dashes off?
<The_Tick> that's that moment :D
<computerwiz_222> lol yep
<computerwiz_222> it's frustrating.. this past fall, I designed a point-of-sale system for a company I work for, entirely based on Ubuntu
<computerwiz_222> when something like this happens, it makes me want to toss my home server out onto the street because I *should* know how to fix it :P
<computerwiz_222> anyway, just thought you might like to know the solution.. pretty simple
<The_Tick> yea
<The_Tick> not bad
<The_Tick> makes me think that there is a need for a "proper configuration scanner" utility
<computerwiz_222> python scripts anyone? lol
<The_Tick> that scans for all hardware and then the software configurations and generates a report
<computerwiz_222> oh that would be a deadly script :P
<The_Tick> yea
<computerwiz_222> anyway, i can finally try streaming to my new android tablet
<The_Tick> oh crap
<The_Tick> I get off work at midnight
<computerwiz_222> the server has been off for about 2 days out of sheer holiday laziness
<The_Tick> fuck
<computerwiz_222> thanks for your help, ttyl
<dschuett> what does everyone use for a packet sniffer on ubuntu server?
<sabgenton> tcpdump
<sabgenton>  tcpdump -i eth0
<sabgenton> eg
<The_Tick> dschuett: wireshark is likely the defacto gui
<sabgenton> tcpdump alone will run the default nick
<sabgenton> yes wire shark if you have grafics
<sabgenton> which ubuntu-server doesn't have by default
<sabgenton> I have a wlan0 nic and an eth0 nic
<sabgenton> I'm trying to make wlan0 my wan and nat eth0 to it
<sabgenton> it doesn't work for ages and then just starts working
<sabgenton> restarting the computer start the proccess all over again
<StrangeCharm> i'm trying to ssh to a machine whose key has changed. how can i override ssh's complain and connect to the machine anyway, saving the new key?
<sabgenton> its  very weird I feel something is wrong with the distro to do this
<qman__> StrangeCharm, remove the offending key from your ~/.ssh/known_hosts
<sabgenton> or the ath5k driver
<qman__> it tells you which line the key is on in the error
<sabgenton> kernell updates haven't fixed this for me
<StrangeCharm> qman__, there isn't a command line instruction for 'ignore this' ?
<qman__> not that I'm aware of
<dschuett> sabgenton: tcpdump works fine, but what i am noticing is that it is getting flooded with ssh packets since i am shh into the server that i am running tcpdump on. Like it literally floods the screen with packets???
<sabgenton> you can grep out the ssh stuff
<sabgenton> but you have to use -l
<sabgenton> it turns off tcpdumps buffering
<sabgenton> buffering stuffs up pipes
<qman__> don't use grep
<sabgenton> it's  a pain in bash
<qman__> use tcpdump's built in filtering
<sabgenton> qman__: -l
<sabgenton> turns it off
<sabgenton> well buffering anyway
<qman__> not needed
<qman__> tcpdump has a built in filtering system designed at choosing the packets you want to see
<sabgenton> oh
<qman__> based on ip, interface, port, etc
<sabgenton> qman__: example
<sabgenton> ssh
<sabgenton> port 22
<sabgenton> ?
<qman__> tcpdump -i eth0 port ! 22
<qman__> would filter out ssh traffic
<sabgenton> cool
<StrangeCharm> qman__, is there a command for 'remove line number # from this text file' ?
<qman__> http://danielmiessler.com/study/tcpdump/
<sabgenton> I  did like tcpdump -li eth0  |grep -v 22
<sabgenton> dschuett: ignore me qman__  is way cooler :)
<sabgenton> -e gives you some good info too
<sabgenton> forget what
<qman__> StrangeCharm, I'm sure it's possible but I don't know off the top of my head, I just use vi
<dschuett> thanks guys!
<StrangeCharm> qman__, surely, you mean emacs
<qman__> no, I mean vi
<qman__> use what you know, and I know vi
<sabgenton> qman__: so an ip would be host ! 10.1.1.5
<sabgenton> ?
<qman__> sabgenton, the ! means not
<qman__> so if you wanted to see all traffic except ssh, you'd use port ! 22
<sabgenton> yeah would that exculed that IP I mean
<qman__> but to see all traffic to a host, you'd use dst 10.1.1.5
<sabgenton> qman__: to see all traffic but 10.1.1.5 would you do  host ! 10.1.1.5
<sabgenton> ?
<qman__> I don't know if "host" works, but yet
<qman__> yes*
<qman__> src and dst work
<sabgenton> ah
<sabgenton> host might be both I think
<sabgenton> could be wrong
<qman__> you can combine with && and ||
<sabgenton> ?
<qman__> criteria
<qman__> the words "and" and "or" also work
<qman__> dst ! 10.1.1.5 && port ! 22
<StrangeCharm> qman__, i just of course to the religious wars of old
<sabgenton> I though bash would  see port as the next command
<StrangeCharm> my server currently gets its ip via dhcp. how can i give it a static ip assignment which will survive a reboot?
<qman__> StrangeCharm, I know all about them, and I still choose vi
<qman__> I much rather its multi press control key style than modifiers
<StrangeCharm> qman__, it makes no difference to me which editor you use, i was just pulling your leg
<qman__> sabgenton, no, that doesn't get interpreted by bash, it's all in a row as part of tcpdump's args
<qman__> if you use & or | it will, though
<qman__> that's why it uses the double form
<qman__> StrangeCharm, configure it in /etc/network/interfaces
<qman__> see man interfaces for details on how
<sabgenton> ok but like cd someware && echo foo
<sabgenton> is two differnet things
<sabgenton>  like cd someware ; echo foo ;
<StrangeCharm> qman__, wonderful
<qman__> sabgenton, yes, but in this case, it all gets interpreted by tcpdump
<qman__> some kind of voodoo or whathaveyou
<sabgenton> interesting
 * sabgenton shakes
<qman__> I am not a programmer, so I couldn't tell you exactly what it does
<qman__> but I'm sure someone can
<sabgenton> has any one had nat issues with the orriganal ubuntu server lts
<sabgenton> 10.04
<qman__> the original LTS is 6.06
<sabgenton> you get wada mean
<sabgenton> before the point release
<qman__> I upgraded my router straight to .1
<qman__> due mostly to procrastination
<qman__> first thing to check
<sabgenton> I might try the new ubuntu just to see if my problem will fix
<qman__> cat /proc/sys/net/ipv4/ip_forward
<qman__> should be 1 for a router, 0 for all others
<sabgenton> qman u name it I checked it
<sabgenton> its 1 promise
<qman__> and you have iptables set up to masquerade?
<sabgenton> nat works affter leaving the computer on for a very long time
<sabgenton> which is totaly werid
<qman__> well, that narrows the scope of the problem slightly
<qman__> do you have networkmanager in any incarnation installed? if so, remove it
<qman__> it causes all sorts of bizarre issues with manual configurations
<StrangeCharm> qman__, how do i apply those changes? can i just put the connection down then up again?
<qman__> StrangeCharm, sudo service networking restart
<sabgenton> qman__: is there one by default?
<sabgenton> other wise no
<qman__> though sometimes dhclient keeps running in the background messing things up
<qman__> so check to make sure it's killed off afterward
<StrangeCharm> qman__, well, this could be entertaining, since i'm sshing to the machine
<qman__> sabgenton, not out of the box, but some packages recommend it, and ubuntu installs recommends by default
<sabgenton> qman__: list some?
<qman__> too many to list
<sabgenton> I haven't installed much so dont' think so
<StrangeCharm> qman__, it complains that "restart: unknown instance"
<qman__> best way to check is `dpkg -l | grep -i networkmanager
<qman__> `
<qman__> StrangeCharm, upstart lost track of it apparently
<sabgenton> no results
<qman__> I run into that a lot
<qman__> rebooting fixes it, but that can be problematic
<StrangeCharm> can i just use an init.d script?
<sabgenton> qman__: do you think theres any chance of the wifi driver refusing netfilter wanting to nat?
<qman__> sabgenton, probably not
<qman__> sabgenton, more likely is that the wifi network is not reporting as up properly and activating the nat
<qman__> how are you activating your nat script?
<sabgenton> shorewall
<qman__> StrangeCharm, I don't know if network still exists in init.d
<qman__> you can try it
<StrangeCharm> qman__, i did, to rapturous success
<qman__> sabgenton, well, I don't know anything about how shorewall works, so I can't really tell you whether that's the problem or not
<qman__> nothing against it, I just don't know what it does under the hood
<sabgenton> qman__: it just basicly types in iptable commands for you
<sabgenton> it doesn't really run as a dameon at all
<qman__> yes, but the key here is when it runs them
<qman__> boot time, if-up.d, dhclient-exit-hooks.d, or elsewhere
<Patrickdk> only when manually told to, or via startup script
<Patrickdk> unless you have shorewall-init installed then I think it will do it via if-up.d also
<sabgenton> iptables -L -v looks good acording to #shorewall
<sabgenton> ok I guess I should do some manual iptables commands
<Patrickdk> shorewall-init doesn't exist in ubuntu yet, so :)
<sabgenton> Patrickdk: what does that do:?
<qman__> well, your nat needs to be flushed and re-applied each time you get a new DHCP lease in order for things to work smoothly
<Patrickdk> it restarts shorewall each time a nic comes online
<qman__> if-up.d is the best place
<Patrickdk> I think
<sabgenton> Patrickdk: who cares I can just shorewall restart right?
<Patrickdk> I also think it sets a default iptables policy on boot too, basically all locked down, till everything is up, and shorewall starts
<Patrickdk> yep
<Patrickdk> assuming you don't use dhcp
<sabgenton> qman__: if you type shorewall clear it removes all the tables it made
<sabgenton> then just run shorewall start again
<sabgenton> puts em back new
<sabgenton> that will flush reaply nat
<Patrickdk> the rules, it won't flush nat
<qman__> yes, but (if you use DHCP) it must be done every time there is a new lease
<Patrickdk> as in conntrack/...
<sabgenton> Patrickdk: shorewall clear && shorewall start
<sabgenton> ?
<qman__> though that would manifest as a working network breaking at regular intervals
<sabgenton> that will fush nat?
<qman__> you seem to have the reverse problem
<qman__> indicating that something else is wrong
<sabgenton> I mean it removes it completely
<sabgenton> Patrickdk: ?
<sabgenton> removes then installs again
<Patrickdk> shorewall clear only removes iptables rules
<Patrickdk> it does nothing about connection tracking tables and other things
<sabgenton> not nat?
<sabgenton> oh
<Patrickdk> it just says not to use nat anymore
<Patrickdk> it doesn't *flush* nat
<sabgenton> ok but didn't it set up nat?
<sabgenton> ok wait
<Patrickdk> you don't setup nat, you make a iptables rule that says to use it :)
<sabgenton> so when you flush nat that doesn't have to be configured to nat apartcicular thing?
<sabgenton> ok
<sabgenton> so yes
<Patrickdk> if your conntrack is broken before you clear iptables, it will be broken afterwards too
<Patrickdk> but normally you can't really break it
<sabgenton> qman__: ok mabye your on to somting pardon me
<Patrickdk> unless you are really trying to
<sabgenton> how do I flush nat?
<Patrickdk> I think you have to install the conntrackd util
<sabgenton> I manually run dhclient well after the computer starts
<sabgenton> could this be my problem?
<qman__> yes
<Patrickdk> heh, configure it with a static ip :) be done with it :)
<qman__> configure /etc/network/interfaces correctly
<qman__> and don't ever run dhcliet manually
<sabgenton> :(
<sabgenton> yeah but you learn more
<qman__> if you need to refresh, ifup/ifdown or service network restart
<sabgenton> like your tcpdump guide :P
<qman__> dhclient is one of those programs that lingers in the background
<sabgenton> (like I'm painfully learning now :P)
<qman__> messing with things long after you're done
<sabgenton> qman__: "if-up.d is the best place"
<qman__> dhclient should only ever be run manually on a non-configured or disabled interface
<sabgenton> for what?
<qman__> for your firewall script
<sabgenton> oh like some iptables lines?
<sabgenton> or stick shorewall in there
<sabgenton> I think the interface does start disabled nonconfiged
<sabgenton> I run wpa_suplicant then dhclient
<sabgenton> by hand
<Patrickdk> and run shorewall start after those?
<Patrickdk> or shorewall restart
<qman__> you should probably place a script which contains "shorewall clean && shorewall start" in /etc/network/if-up.d/
<Patrickdk> no clean needed, just shorewall restart
<Patrickdk> clean basically means, disable firewall
<qman__> as long as it's smart enough to clear out old rules first
<Patrickdk> it's smarter than that, it loads them in the correct order to not kill existing connections :)
<Patrickdk> and clear out the old rules
<qman__> I write mine myself, so they always start with iptables -F, -t F, -X, etc
<sabgenton> gee I'm tring to take in all this dhcp stuff
<qman__> er, -t nat -F
<Patrickdk> qman, ya, that is how I did it for years, I gave up about a year ago or so, my firewalls started getting way too complex
<qman__> my current one reads port forwards from a human-readable list in /etc
<Patrickdk> mine is managing interactions of over 14 different interfaces
<qman__> hah, that's pretty complex
<Patrickdk> it's over 2000 iptables lines
<qman__> mine only has four
<Patrickdk> ya, basic nat firewalls are easy enough by hand :)
<Patrickdk> just accouting for changes and bad interactions when it gets bigger is just too much work
<qman__> I bet, keeping track of that many without some sort of visual aid would be difficult
<qman__> four interfaces, that is, not lines :)
<qman__> I know a simple two-interface nat can be done in four lines
<Patrickdk> ya, my 3 and 4 interfaces by hand I used was about 80 or so iptables lines
<Patrickdk> but then, that is mostly dnat/snat stuff
<Patrickdk> hmm, system happier, gave it one more drive spindle to play with :)
<Patrickdk> 8 drives in my workstation now :(
<qman__> heh
<Patrickdk> wd re4 are freaking fast :)
<Patrickdk> not as good as sas, but close
<qman__> not too many toys to play with here, working with next to nothing budget
<Patrickdk> I'm attempting to build my replacement server, old one needs to die, 10years old almost
<qman__> but every once in a while I get something new, got a new WAP to set up
<Patrickdk> dual 1.4ghz p3, 4gig ram and 8 146g 15k scsi drives
<qman__> nicer than most of mine
<Patrickdk> new system looks to be a dual quad 2.5ghz 48gig ram, 8 300g sas 15k and probably throw some ssd's in there also
<qman__> my web server is a P4 1.4 desktop
<Patrickdk> mine can't do webserving :(
<Patrickdk> had to put the database on another server so it could handle the load
<qman__> monthly hits here are in the 1000-range
<qman__> not exactly high demand, just enough to put off most freebie hosts
<Patrickdk> damn, I hit my own systems up more than 1000 times a month :)
<qman__> and wanting to implement an online reservation system makes hosting it myself more attractive
<qman__> I may be working with old junk, but most if it's old enough junk that it's unlikely to fail
<qman__> built before computers were throw away items :)
<patdk-lap> heh, except for capacitors, they have fixed life spans :(
<patdk-lap> but old enough, it's before the bad knockoff ones where used :)
<qman__> yeah
<qman__> file server is a prime example, system drive is a 4GB quantum fireball, it outlasted two SATA disk arrays in the same system
<patdk-lap> ya, I have some 8gig ide's that where still working perfectly good
<patdk-lap> retired it, cause I don't have a computer with ide anymore
<patdk-lap> I have a 4x8 shelf full of ide/scsi/fc disks
<patdk-lap> all just old and small capacity, still work, but too slow for my usage
<sabgenton> qman__: so why doe nat care about dhcp?
<sabgenton> when it is flushed
<sabgenton> I thought dhcp just gave an ip adress same as if you did it static
<qman__> sabgenton, it doesn't, but when a DHCP lease expires, and you get a new address, your interface goes down and up
<qman__> and your previous nat configuration based on the previous address will no longer work
<sabgenton> oh is that all
<qman__> so it needs to be reloaded
<sabgenton> well my ip hasn't changed at all so then this is not the isuse
<sabgenton> it gets the same ip back
<sabgenton> and has done for the last ever
<sabgenton> besides restarting the computer would flush nat right?
<qman__> yes
<sabgenton> and when i restarted it last it picked up the same ip
<qman__> as I said, this is not likely the problem you're experiencing, since this problem would manifest as a working connection breaking periodically
<sabgenton> hm unless nat was configed for no ip?
<sabgenton> that maybe?
<sabgenton> on boot there will be no ip on the card i think
<qman__> your firewall will need to be run after the network is up
<sabgenton> qman__: so will the nat tables be done to no ip?
<sabgenton> qman__: Im still confused
<sabgenton> if turn the box on there is no nic on wlan0
<sabgenton> no ip I mean
<sabgenton> is there a nat configured to no ip
<sabgenton> I'm tring to understand what nat is if I have no iptables up
<sabgenton> when I  run dhclient is nat someware set with the found ip
<sabgenton> I thought it was when i run iptables  or in my case shorewall
<sabgenton> (after that)
<qman__> it is
<qman__> if you attempt to configure nat while the interface is down, it won't work
<sabgenton>  well I'll try and set it all up in interfaces
<sabgenton> I think i tryed  and gave up
<sabgenton> doing everything there
<sabgenton> just didn't the non-distro independent way
<sabgenton> still feel it won't solve my problem
<patdk-lap> I say, forget dhcp
<patdk-lap> just setup everything in /etc/network/interfaces using static ip
<sabgenton> yeah it's just on a wifi card and its confusing
<sabgenton> patdk-lap: Is there anything I can run to monitor when it just starts working?
<sabgenton> I don't know what I'd be looking for but
<patdk-lap> for basic stuff like that I use:
<patdk-lap> hmm, paste broken :(
<patdk-lap> google: watchping
<_Techie_> i have just setup a third IC in my server and am unable to figure out why i cant get one of my interfaces thats attatched to my internal network working correctly
<_Techie_> if i have eth3 as my external interface, and eth1 and eth0 as my LAN interfaces, can they both have the same ip, or do i need to implement a bridge of some sort, i dont need cross talk betweet eth0 and eth1 yet
<_Techie_> i currently have eth1 working fine, but eth0 doesnt seem t be workin coprrectly
<_Techie_> okay, let me re word things a bit, is there anything special i need to do when setting up a point to point connection between ubuntu-server and a windows machine when using a patch cable and no switch/router?
<gobbe> you cannot have same ip in two interfaces without bonding
<gobbe> if they are attached to same network
<gobbe> _Techie_: no, there's no special things when using patch cable between two computers
<gobbe> so what do you want to do and what is not working
<_Techie_> well i had 2 NIC's in my machine before, one for net and the other for LAN
<_Techie_> worked fine
<_Techie_> added a new NIC in, now totalling 3
<gobbe> yes
<_Techie_> ive shifted the configurations aroud to the new interfaces
<_Techie_> cloned my routing rules t the new interface
<gobbe> can you ping from windows-machine to ubuntu?
<_Techie_> and one of my LAN interfaces is still not functioning properly
<_Techie_> no, i cant ping from windows to anything
<gobbe> so what is configuration in ubuntu at this interface?
<_Techie_> however everything attatched to the other interface is fine
<gobbe> _Techie_: /sbin/ifconfig
<gobbe> and pass that to pastebin
<_Techie_> mind if i ue srunge intead?
<_Techie_> sprunge?
<gobbe> ok
<gobbe> just somewhere else than direct paste here :D
<_Techie_> http://sprunge.us/QNhh
<_Techie_> the only differences between eth0 and eth1, is eth0 is a gigabit direct cable to my pc
<gobbe> well, there's problem
<gobbe> like i told
<gobbe> you cannot have same ip in two interfaces
<gobbe> you need to change eth0 or eth1
<_Techie_> would i have to change the gateway address in my DHCP server aswell?
<_Techie_> i know its a pretty dumb question, but id rather look like a noob than have to do things twice
<gobbe> i don't know what do you try to do?
<gobbe> be able to access internet from windows-machine?
<_Techie_> at this point in time
<_Techie_> i have a networked printer which will call for bridging at a later time
<_Techie_> but getting basic functionality is what i want at the moment
<gobbe> well, you just change other interface IP and do NAT in your ubuntu
<gobbe> ipforward + nat
<gobbe> that's it
<_Techie_> i flicked eth0's ip up by one and still no luck
<gobbe> windows-machine is not able to ping?
<_Techie_> nup, no pinging
<_Techie_> what abot bridging the two interfaces?
<gobbe> _Techie_: so what is IP's now?
<_Techie_> its at 192.168.10.2
<gobbe> no, you need to change whole network
<gobbe> sorry, wait
<gobbe> what is IP in windows-machine?
<_Techie_> 192.168.10.50
<gobbe> change ubuntu to 192.168.11.1 or something and windows to same subnet
<gobbe> i believe that there's still problems with returning packets
<_Techie_> http://sprunge.us/SKQR
<_Techie_> well, taht works
<gobbe> yep
<gobbe> and if you need to connect to internet, check out ip forwarding and NAT
<gobbe> there's good manual for that
<_Techie_> okay, so now that things are functioning, i needa set up a bridge between the two
<_Techie_> ive already setup NAT through iptables
<gobbe> https://help.ubuntu.com/community/Router'
<gobbe> - '-mark
<_Techie_> its a server machine i built awhile back, so everything is already setup
<_Techie_> the only thing new is the interface eth3
<_Techie_> do you know how to set up a bridge between two interfaces?
<gobbe> what kind of bridge?
<_Techie_> well, im able to modify my dhcp server so that it gives my machine a ip on 192.168.11.X
<_Techie_> however i have a networked printer attatched to the other interface @ 192.168.10.90
<_Techie_> oh
<_Techie_> dw
<_Techie_> doesnt seem to be a problem
<gobbe> yep, it should not be if you have ip forwarding
<_Techie_> thanks for your help gobbe
<gobbe> np
<sabgenton> does crontab mynewcronfile
<sabgenton> error check
<sabgenton> or do you have to crontab -e for that
<gobbe> sabgenton: yes it does
<sabgenton> ok so you don't have to use -e
<sabgenton> to be safe
<uvirtbot`> New bug: #695944 in apache2 (main) "update apache2 in lucid or backport some features?" [Undecided,New] https://launchpad.net/bugs/695944
<sabgenton> when a user runs crontab -e where is it installed to?
<sabgenton> the new cron file
<gobbe> yep
<sabgenton> woop
<gobbe> /var/spool/cron/crontabs
<uvirtbot`> New bug: #695968 in krb5 (main) "kerberized telnetd is not working (Error: All terminal ports in use.)" [Undecided,New] https://launchpad.net/bugs/695968
<screen-x> Hi all, which is the recommended slapd configuration method in 10.04, slapd.conf or cn=config?
<thewrath> i used that a while ago i think i used slapd.conf
<thewrath> but wait for a person who has used it more than what I have
<screen-x> thewrath: Yeah, I was using slapd.conf in 8.04, but I recently installed a 10.04 server, which defaulted to cn=config which I don't really understand yet.
<pmatulis> screen-x: ubuntu uses cn=config now
<screen-x> pmatulis: ok, so I should invest time and learn to set it up. I was confused as the debconf stuff didn't prompt for a root password, so I couldn't bind with an ldap browser in order to configure cn=config.
<pmatulis> screen-x: yes, this is the standard now, best to get onboard
<screen-x> ok, I've got a few articles to read, I'll have a go. Thanks pmatulis
<lieuwe[49ft]> is it possible to have an ip whitelist for a specific port?
<lieuwe[49ft]> also, is it possible to stdin/stdout to/from an upstart job? i need to be able to do some server commands
<Frenk> Hey people. I just set up my new server and I want to test how snorby and iptable works. Can you do me a favour and scan 88.198.57.242 (nmap or whatever you like). I dont need the result, just want to see how the server reacts! Would be really kind!
<AndyGraybeal> woh, sorby i never heard of that.. is it something to do with snort?
<AndyGraybeal> snorby
<Frenk> o mean snort >D
<Frenk> I did some configurations and as I dont have a Botnet I kindly ask you to do it.
<AndyGraybeal> how did you get snorby froom snort on the keyboard!  lols
<Frenk> AndyGraybeal: snorby was what i looked for - a ruby application for snort
<AndyGraybeal> aaah
<AndyGraybeal> i nmap a few times to the ip
<AndyGraybeal> i don't kno whow to do anythign too creative
<Frenk> nmap is great
<AndyGraybeal> did your computer respond appropriatly to my nmaps?
<Frenk> lets see >D
<Frenk> nope -(
<Frenk> AndyGraybeal: could you run just like this: nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 88.198.57.242
<nailora> on a fresh install i get the following warning over and over again: "perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: ..." running "sudo locale-gen en_US.UTF-8" fixes it. however i think this is just a workaround. what would be a proper fix?
<RoyK> hi all. anyone here that knows some decent backup software that will allow me to backup remote windows machines to an ubuntu or solaris or something?
<Nafallo> backuppc?
<RoyK> ah
<RoyK> didn't know that one
<Nafallo> hmm. is it still in main even?
<Nafallo> !info backuppc
<ubottu> backuppc (source: backuppc): high-performance, enterprise-grade system for backing up PCs. In component main, is optional. Version 3.1.0-9ubuntu2 (maverick), package size 548 kB, installed size 2376 kB
<Nafallo> \o/
<compdoc> clonezilla
<RoyK> clonezilla doesn't look like a good solution over time (with incremental backups etc)
<thewrath> ?
<compdoc> yeah, its good for monthly images
<RoyK> I don't really need that - just data backup
<compdoc> backula sounds good, but seems a bear to set up
<compdoc> theres another Ive heard of but havent tried: remastersys
<RoyK> I'm running bacula at work with some 100TB storage units, and it works well, but not for clients behind nat - bacula works with a director contacting the clients (file agents), which then contacts the storage agent, and with clients behind nat, it'll require port forwarding for this to work, something I don't want
<FreezingCold_> How do I run ZNC as nobody?
<e_t_> If I delete /etc/udev/rules.d/70-persistent-net.rules, will the file be regenerated. or will I be left without network interfaces?
<RoyK> e_t_: it'll be regenerated
<RoyK> e_t_ phone home...
<cn1209> is there a free gui to manage cron jobs. I want to setup a cron that will ssh into another server and run a command. I can do this the old fashion way but would like to setup a GUI. Any ideas or addons?
<RoyK> cn1209: doing it from the commandline would be quite easy
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<cn1209> RoyK: Understood. But I would like management tool for someone else to manage.
<cn1209> ubottu: Cpanel might do the job but I'm looking for something free / open source.
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<cn1209> lol
<RoyK> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<RoyK> ubottu: no, webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration  files, and is likely to cause unexpected issues with your system
<RoyK> ubottu: no, webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration  files, and is likely to cause unexpected issues with your system, see ebox
<RoyK> ubottu: no, webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration  files, and is likely to cause unexpected issues with your system, see ebox
<cn1209> RoyK: The entire purpose is to ssh into my esxi box an run a backup command. Just want to be able to manage it. I'm looking into ebox. I'll see if that's what I'm looking for. Thanks
<RoyK> cn1209: I'd suggest using the commandline - stuff like webmin or ebox somehow simplifies things, but learning the real stuff takes you longer
<RoyK> that is, it leads to learning more
<StrangeCharm> how do i mount a usb disk? i think it's ntfs or fat32, probably ntfs, since it's used by a windows machine, and probably contains large files
<RoyK> heh - typical newbie idiot - ask a question, part 2 minutes later
<Slyboots> x3HEhh..
<Slyboots> Is there a way to tell what sort of RAM I have installed?
<Slyboots> without shutting down the machine?
<RoyK> prtconf?
<Slyboots> Mm.. no such command? and nothing in apt..
<RoyK> oh
<RoyK> lshw
<RoyK> sorry - was thinking about solaris
<Slyboots> Sweet
<Slyboots> There is a part-number
<Slyboots> TF!
<Slyboots> It costs more than my new DDR3 ram cost!
<qman__> of course, DDR3 is the cheapest you can buy
 * Slyboots mutters under his breath
<Slyboots> The board only takes DDR2 though.. :P
<Slyboots> Plus Im sure mixing DDR3 and 2 is asking for trouble ;)
<qman__> the older it is, the more expensive it is
<qman__> there are exceptions but that's the rule
<RoyK> Slyboots: mixing DDR3 and DDR2 is asking for trouble indeed
<Slyboots> Aye
<Slyboots> Well my poor file-server needs more RAM
<Slyboots> Virtualmachines are pretty demanding
<Slyboots> 16mb free :P
<RoyK> Slyboots: pastebin free
<qman__> my file server is running DDR
<Slyboots> Its in TOP
<RoyK> Slyboots: still, pastebin free output
<Slyboots> Mem:   1538544k total,  1523360k used,    15184k free,    31788k buffers
<Slyboots> Hardly worth pastebinning a single line
<qman__> he meant the command `free`
<Slyboots> Actually I could get more out of the system.. 512mb is allocated to video mem that I wont need..
<RoyK> Slyboots: doesn't say much - linux uses tons of memory for caching
<Slyboots> http://pastebin.ca/2035309
<RoyK> so, 400 megs free
<qman__> yeah
<RoyK> not a lot of memory in there
<Slyboots> 2gb stick;l 512mb allocated to Vidram
<qman__> you're not out of memory yet
<Slyboots> Probelms is I dont have a monitor so I Cant.. acces s the bios
<Slyboots> So hy the hell is virtual machines so slow?
<qman__> but I have to wonder why a file server has more than ~16MB allocated to video
<RoyK> Slyboots: increase swappiness
<RoyK> Slyboots: sysctl vm.swappiness = 100
<Slyboots> qman__: it used to be a xbmc video center
<RoyK> that'll make linux swap out earlier
<Slyboots> .. isng swapping bad?
<RoyK> Slyboots: also, the bios settings should allow for less memory overhead from the graphics card
<RoyK> no, it's not
<RoyK> swapping is good
<Slyboots> RoyK: Odds are it does; but.. I dont have a moniotor x.x
<Slyboots> So I cant access the bios lol
<RoyK> swapping out things that aren't in use is good
<qman__> swapping is good if your disks can keep up
<qman__> it's bad if they can't
<Slyboots> not sure how good my disks are; its a RAID5 array..
<RoyK> qman__: it's mostly good for dead processes
<Slyboots> for my needs its suitable but faster is always better
<Slyboots> how do you benchmark disks anyway?
<Slyboots> In windows there are LOADS of programs for that sort of thing but..
<Slyboots> with linux server Im a bit lost
<qman__> for a simple ballpark, hdparm -tT
<RoyK> Slyboots: a lot of processes allocate memory not needed. this can be swapped out and the memory gained can be used for something useful
<qman__> if you want some write speed estimates, dd some files
<Slyboots> Well if it can make the VM's faster all the better
<RoyK> set swappiness to 100
<RoyK> try that
<Slyboots> /dev/md0: Timing cached reads:   1070 MB in  2.00 seconds = 534.99 MB/sec Timing buffered disk reads:   94 MB in  1.68 seconds =  55.97 MB/sec
<Slyboots> that doesnt seem terribly fast
<qman__> it isn't
<RoyK> it's decent, but not fast
<RoyK> how many drives?
<Slyboots> Eh.. 3?
<Slyboots> in a RAID5 configuration
<Slyboots> Segate.. somethings
<RoyK> not 5k4 drives?
<RoyK> that's asking for trouble
<qman__> /dev/md0: Timing cached reads:   1598 MB in  2.00 seconds = 799.56 MB/sec Timing buffered disk reads:  432 MB in  3.00 seconds = 143.79 MB/sec
<Slyboots> .. wait what?
<qman__> 7 disk raid 6, 7200RPM
<Slyboots> Segate greens
<Slyboots> o.O
<Slyboots> .. wha?!
<qman__> oh boy
<qman__> green drives, that's why
<Slyboots> That *cant* be right
<qman__> anyuway
<Slyboots> Mm.. shit :P Well they work OK for now
<qman__> while not exactly fast, it's not horrendously slow
<qman__> it'll work
<Slyboots> AYe; for file transfers on my need the target machines are going to be the bottlenecks anyway
<Slyboots> Ah windows your busting my fucking balls
<Slyboots> "Junctino does not support remote locations"
<RoyK> hm.. getting 1.5GB/s from this system
<RoyK> happy new year :)
<RoyK> 1099505336320 bytes (1.1 TB) copied, 727.725 s, 1.5 GB/s
<cn1209> RoyK: okay. I decided to create a new VM in my ESXi box using Ubuntu and create two cron jobs that will execute the backup script for both servers. I had to create an ssh key. Runs great. Now to create page that will parse the log file that it generates into a nice looking page for management.
<Slyboots> right.. that all went awfully wrong and show how I lost loads of data
<Slyboots> Mm.. can Rsync copy files as .. mm.. long as the Target destination files are *smaller* than the source?
<Slyboots> <na Im drawing a total blank here
<Slyboots> Trying to check if my CPU supports.. hardware virtualation
<Slyboots> But its not called HyperV
<Slyboots> .. is it?
#ubuntu-server 2011-01-01
<Nafallo> Slyboots: kvm-ok will tell
<Slyboots> heh
<Slyboots> "NO! your system does not support KVM extensions"
<Slyboots> Crap :P
<RoyK> happy new year :)
<Gadu> I have my live cam stream up and running on my website, is there a way I can add my mic to it?
<Gadu> preferably in a way that doesn't cause them to be completely out of sync
<Slyboots> Happy new year all
<Gadu> Happy New Year Slyboots XD
<rdw200169> Gadu: you may enjoy this: http://diveintohtml5.org/video.html
<tux_1234567> hi
<tux_1234567> how do i run php under a different user?
<Nafallo> there is something called suphp. that's about as much details I have though
<tux_1234567> would running php in a su'ed shell script be any good?
<tux_1234567> byebyefn
<Slyboots> fucking ubuntu.. grr
<Slyboots> Is there a way ot see..um..
<Slyboots> What my disk usage is like?
<Slyboots> Sort of like Top? but for Disk/Network utilization?
<Nafallo> iotop?
<Slyboots> Is there just a freaking top program for everything?
<Slyboots> Hmm..
<Slyboots> 30M/sec read
<Slyboots> Which is.. smbf
<Slyboots> Seems slow
<Slyboots> Its hard to know what sort of speed I *should* be expecting though
<Slyboots> I mean.. GigE is about what? 125M/Sec
<Slyboots> A 7200RPM is what.. half that?
<Slyboots> Okay this doesnt really addup
<Slyboots> Hdparm states it can read from the disk at about 75MB/sec
<Slyboots> Its GigE networking
<Slyboots> So whyt does the laptop trasfer files at 20/30M/sec
<pmatulis> Slyboots: compose yourself
<Slyboots> Hm
<Slyboots> Sorry; Im just trying to work out why Im getitng so much (apparent) performance loss on my NAS)
<pmatulis> Slyboots: i've never met anyone who was happy with their i/o
<Slyboots> hehe; But it seems a lot slower than what i should be getting.. 20M/sec over Samba..
<pmatulis> Slyboots: try some other protocol and compare
<Slyboots> AYe; Been trying to get nfs to work but.. meh.. thats another story
<vorian> 7/
<milligan> Morning. Anyone here experienced with wifi networks? I'm having some problems at home .. I'm getting packet loss to the router, and it's working quite unstable in general. I have a D-Link DIR-615. There are about 15 wifi networks in the area, so I'm suspecting interference, but forcing the channel to the most lone one (1) didn't make any noticable difference. Any suggestions ?
<RoyK> milligan: hardly an ubuntu server question, but have you tried to change channel?
<milligan> "but forcing the channel to the most lone one (1) didn't make any noticable difference" :)
<gobbe> g or n wlan?
<milligan> It's set to run b/g or n
<gobbe> ok
<gobbe> have you tried connection with another computer?
<milligan> not at the moment .. this computer has been working fine before though.
<gobbe> seems to be either broken wlan-router or just bad network coverage due walls etc
<milligan> tried booting this computer as well.
<milligan> the router is about 0,5 meter away from me, with absolutely nothing in between us :)
<milligan> and the router is brand new .. got it for me father in law for xmas
<milligan> perhaps it would help setting it to n only.. ? Or would I maybe render the network useless to older machines then ?
<gobbe> well, can you move your computer more away from router, wlan's signal can be poor if you sit too close to router
<gobbe> well, if you change it to n only it gives you better signal, less noise
<gobbe> and ofcourse, if your old computer doesn't support n, you cannot use it
<milligan> What's CTS mdoe?
<milligan> And are long or short preambles best ?
<milligan> Locked it to channel 1 again and made some tweaking to the encrpytion method .. seems better now
<RoyK> hi all. I have a private server at an ISP, and I want to setup a tunnel between my laptop and that server. server runs ubuntu 10.04.1LTS and client is OS X. Is it possible/trivial to do this with strongswan or something?
<gobbe> i would use openvpn
<RoyK> ok
<RoyK> erm.. any idea where to find a howto on that?
<gobbe> google?-)
<gobbe> https://help.ubuntu.com/community/OpenVPN
<RoyK> thanks
<shaggy2> I have ubuntu 10.10 server with Apache2, I have installed and configured awstats for use on multiple domains, how ever I get th error "Error: SiteDomain parameter not defined in your config/domain file. You must edit it for using this version of AWStats." when I navigate to www.mydomain.net/awstats/awstats.pl, Can anyone assist me with this error? I have googled the error and found no
<shaggy2> reference to this error
<shaggy2> I have ubuntu 10.10 server with Apache2, I have installed and configured awstats for use on multiple domains, how ever I get th error "Error: SiteDomain parameter not defined in your config/domain file. You must edit it for using this version of AWStats." when I navigate to www.mydomain.net/awstats/awstats.pl, Can anyone assist me with this error? I have googled the error and found no
<shaggy2> reference to this error
<gobbe> you should contact craetor of that perl script
<shaggy2> gobbe: I have searched everywhere I have e-mail awstats and still waitting reply, was hoping I might be able to find an answer sooner, and I think I have, hopfully
<shaggy2> do you know the command to rename a file, I need to change the file awstats.conf to sample.stat
<RoyK> mv
<gobbe> mv awstats.conf sample.stat
<shaggy2> thank you
<shaggy2> I know I have done it before but I can not remember, I need to add a cron job, what is the file I need to nano
<gobbe> crontab -e
<gobbe> opens file
<shaggy2> thank you and hopefully one last question I need to install geoip is it in the aptitude or do I need to do a wget from a website, I am following a tutorial however I find that apt-get is so much easier and just wondering if it is or not
<qman__> shaggy2, use apt-cache search
<shaggy2> hello I am installing geoip on my ubuntu 10.10 server, just got a little confused, the tutorial say's "Add the directory libGeoIP was installed in, i.e. /usr/local/lib (and that is correct) to /etc/ld.so.conf, and exclude ldconfig. my confusion comes from "include /etc/ld.so.conf.d/*.conf" is currently in the ld.so.conf and nothing else
<shaggy2> do I just write include /usr/local/lib or do I add to that /libGeoIP.so and leave include /etc/ld.so.conf.d/*.conf in it or remove include /etc/ld.so.conf.d/*.conf and input something else to exclude the file
<uvirtbot`> New bug: #696262 in mysql-dfsg-5.0 (universe) "package mysql-server 5.0.51a-3ubuntu5 failed to install/upgrade: dependency problems - leaving unconfigured" [Undecided,New] https://launchpad.net/bugs/696262
<Procik> ÃÃ°Ã¨Ã¢Ã¥Ã²
<Procik> ÃÃ³Ã¦Ã¥Ã­ Ã±Ã®Ã¢Ã¥Ã²
<Procik> ÃÃ¥Ã¬ Ã«Ã³Ã·Ã¸Ã¥ Ã«Ã®Ã£Ã¨Ã°Ã®Ã¢Ã Ã²Ã¼ Ã²Ã°Ã Ã´Ã¨Ãª?
<Procik> Ã¯Ã°Ã®Ã¡Ã®Ã¢Ã Ã« ipcad, Ã­Ã¥ Ã¯Ã®Ã­Ã°Ã Ã¢Ã¨Ã«Ã±Ã¿, Ã°Ã¥Ã±Ã³Ã°Ã±Ã®Ã¢ Ã¬Ã­Ã®Ã£Ã® Ã¦Ã°Â¸Ã²
<Procik> only english?
<compdoc> yes
<compdoc> well, for most
<compdoc> for me :)
<guntbert> !en | Procik
<ubottu> Procik: The #ubuntu, #kubuntu and #xubuntu channels are English only. For a complete list of channels in other languages, please visit https://wiki.ubuntu.com/IRC/ChannelList
<guntbert> !ua | Procik
<Procik> thanks
<guntbert> Procik: try #ubuntu-ua too
 * Slyboots gets fed up
<Slyboots> Alright; Anyone have any notion how to get "Xrender" working in VNC? (Using vnc4server)
<Slyboots> Trying to run Steam inside a Wine enviroment; but its rendering a lot of garbage and pumping the same error message into the log over and over
<Slyboots> fixmexrender:XRender_AlphaBlend Unable to AlphaBlend without Xrender
<Slyboots> But I can find bugger all usful online about getting this to work correctly
<gobbe> steam has nothing to do with servers
<Slyboots> i know; but thats incedental
<Slyboots> Its VNC :P
<Slyboots> .. on ubuntu server
<Slyboots> :D
<gobbe> it's not same thing
<gobbe> tho
<Error404NotFound> any ideas of whats going on here: http://pastebin.com/MixsmQ1M
<RoyK> seems like your mysql server is in desperate need for being replaced with a postgresql server :P
<Error404NotFound> RoyK, nope, was apparmor's fault
<dob_> hello guys, i have BIG problems with raid and lvm. I created a raid5 with sda5 sdb5 sdc5. Then i run pvcreate /dev/md2 (my created raid). Then this appears: Wiping software RAID md superblock on After a reboot the system is not able to boot anymore. Then in mdstat there is a new array md2 which has sda sdb sdc as drives. What da hell is going on with it? I am using ubuntu 10.04
<dob_> and if it's important: I am using GPT.
<gobbe> did you create raid on running system or in installation?
<dob_> i tried both
<gobbe> https://help.ubuntu.com/community/Installation/SoftwareRAID
<dob_> There is no hint about that problem....
<gobbe> well, did you do it like that document tells you to do?
<dob_> Yes i created it like that and everything works fine until i execute pvcreate /dev/md2. After that the system thinks the raid is based on physical devices not the sda5 , sdb5 and sdc5 partitions. So after coming up (after pvcreate) the whole system is killed by mdadm, cause all my partitions are overwritten by the sync.
<dob_> i am using three 2TB WD HDD's. So i also have to use GPT as partition table format.
<dob_> I often created raid arrays, but never had such strange problems.
<RoyK> what does GPT have to do with MD?
<RoyK> just use the disk devices
<RoyK> no need to partition them
<RoyK> sda,sdb...
<dob_> I want my system partitions in a raid1 configuration and only my data partitions in raid5
<RoyK> on the same drives?
<dob_> yes
<RoyK> bad idea imho
<RoyK> get some old 20GB ATA drives for the root
<RoyK> use new stuff for the data
<RoyK> a couple of usb pen drives will work well for the root
<dob_> I ony have 4 sata ports 3 for my drives and 1 for DVD. So i can't add another hdd.
<dob_> okay, i will try with USB. Is the boot time slow with USB?
<RoyK> doesn't matter much - how often do you reboot?
<RoyK> usb pen drives will probaly work as fast as your spinning ones for that use
<RoyK> also, a new sata controller will probably cost you $50 or less :P
<dob_> but i need the only pci-e slot i have for another card....
<RoyK> just use a pen drive for the root
<RoyK> or two
<dob_> Yes, i am currently installing on the pen drive. Hope it will work! Should i add swapspace on the pendrive?
<dob_> And i will have to do a normal installation no special pen drive stuff or something else, right?
<dob_> pen drive installation is really slow an i was reading that the boot time is about 60 seconds or more
<dob_> but i still think it's a big bug that the lvm wipes my md superblock and then the system thinks the array is based on the physical drives
<RoyK> dob_: it doesn't matter much - once the system has booted, everything will be in ram
<gobbe> dob_: well, it works like it should
 * RoyK would recommend something like openindiana and zfs for data storage, though
<gobbe> yea
<gobbe> zfs is amazing for data storage
 * RoyK has a couple of 100TB systems running on openindiana
<dob_> Can i create a raid5 and then place my root on it? Is it possible to boot from a software raid5?
<gobbe> no
<gobbe> it's only possible to boot from raid1
<gobbe> when using software-raid
<RoyK> http://pastebin.com/p3ids68M
<RoyK> dob_: if this is a storage machine, please consider using something with native zfs - it rocks
<RoyK> if it's a general purpose machine, openindiana and the likes will be harder to manage than ubuntu
<dob_> nice, but i need linux, cause i want to create a TV-Streaming server for my homenetwork. So i need DVB devices etc.
<RoyK> ic
<RoyK> then perhaps zfs fuse
<RoyK> it's quite bad on write performance, but good on reads
<RoyK> apt-get install zfs-fuse
<dob_> i worked with opensolaris for a storage system
<RoyK> ok
<dob_> wasn't there any native implementation?
<dob_> I heared about that...
<RoyK> there's one in the works, but I guess it takes some months for it to finish
<RoyK> but recent zfs-fuse should be quite good for read performance
<RoyK> albeit a bit low on the writes
<gobbe> RoyK: but it doesn't support all zfs features
<gobbe> like snapshots
<RoyK> huh? I'm quite sure it does
<dob_> https://github.com/behlendorf/zfs/
<gobbe> RoyK: at least it didn't support snapshot etc earlier when i tried it
<gobbe> i'm not sure do they have implemented them yet
<gobbe> there's issues with zfs and linux, because zfs's license isn't good enough for linux kernel
 * RoyK checks
<RoyK> with zfs in userspace, there's no problem
<dob_> what about btrfs?
<RoyK> not stable
<RoyK> btw, zfs snapshots work with ubuntu 10.10
<RoyK> just tested
<gobbe> ok
<gobbe> so they have implemented it
<gobbe> great
<gobbe> :)
<RoyK> dob_: using btrfs in production is playing with matches and gazoline
<dob_> i am not sure what i should do now.... USB pen drive seems to slow for regular boot. BTRFS is unstable, ZFS with fuse looks a bit like a hack, mdadm raid5 does not work with lvm in my configuration.
<dob_> Can i grow/resize the md2 partition without lvm?
<RoyK> zfs fuse is quite stable
<RoyK> no
<RoyK> don't think so
<RoyK> boot time shouldn't be a problem - how often do you really boot the system? after bootup, most of the stuff is cached in ram
<dob_> with zfs fuse i can create a raid-Z?
<RoyK> yes
<RoyK> zpool create mypool raidz somedev anotherdev ....
<dob_> i am booting very often
<RoyK> why?
<dob_> the system is going to S3 if not used.
<RoyK> the important thing is data access, not boot times
<RoyK> s3?
<dob_> suspend mode
<dob_> it's a home server, media, video, streaming system
<RoyK> that doesn't mean it's being rebooted
<dob_> the system is turned off, everything will be removed from RAM
<RoyK> please try zfs - see how it works
<dob_> okay, thank u, i will try that!!!
<RoyK> zpool create somepool raidz2 sda sdb sdc
<RoyK> something like that
<RoyK> erm - or raidz
<RoyK> raidz2 is double parity
<dob_> zpool create somepool raidz2 sda5 sdb5 sdc5 should also work, right?
<dob_> erm raidz
<RoyK> it should, yes, but aren't you booting on an usb stick?
<dob_> thinking about creating raid1 on boot and root and use zfs for my data, so i would not need to install on usb ( read performance )
<dob_> i will try both solutions....
<dob_> thank u!
<RoyK> performance is what you need for data, not system
<RoyK> the system will boot up quite quickly on usb
<RoyK> and using whole drives will help you move the system to something new when that's needed
<RoyK> imho Never mix system and data drives
<dob_> okay, i will try that. Thanks a lot!
<RoyK> dob_: also, if you find zfs-fuse to be too slow, keeping the data drives alone is still a good thing, even with md or lvm
<_Techie_> is it possible to take a pre existing drive with data, and add a new drive and JBOD them together and expand the partition to cover the full JBOD?
<_Techie_> or does this require backing up the data, creating the JBOD and re formatting the drives
<pmatulis> _Techie_: first question, are you using LVM?
<_Techie_> pmatulis, no
<_Techie_> i would like to point out that its just an idea at the moment, i dont have an extra drive at the moment, i just want to discuss ways of doing it so i can backup data in advance if need be
<RoyK> _Techie_: with lvm it's possible, not without it
<_Techie_> also, what are the extents of ext2, how large can a single partition be, and what are the limits on file size?
<gobbe> _Techie_: http://en.wikipedia.org/wiki/Ext2
<_Techie_> tyvm gobbe
<RoyK> my little souvenirs from my last trip to iceland http://karlsbakk.net/xray.png
<gobbe> what did you do?-)
<_Techie_> RoyK, just incase you hadnt noticed, you have a metal mar and a bunch of screws in your ankle =P
 * RoyK did notice
#ubuntu-server 2011-01-02
<dob_> is it correct that i can't grow a raidz pool?
<dob_> hello guys, i have BIG problems with raid and lvm. I created a raid5 with sda5 sdb5 sdc5. Then i run pvcreate /dev/md2 (my created raid). Then this appears: Wiping software RAID md superblock on After a reboot the system is not able to boot anymore. Then in mdstat there is a new array md2 which has sda sdb sdc as drives. What da hell is going on with it? I am using ubuntu 10.04. Why does the system want to sync my
<dob_> physical drives?
<dob_> is it possible that the problem is that i did a pvcreate before the raid was synced?
<_schism_> can someone point me to a dead easy email server (preferably with a gui) for 10.04?  I have been trying to get one set up for goofing around here at the house and am just stuck on stupid
<KurtKraut> _schism_, I'm sorry, but I don't think there is an e-mail server with a GUI in the UNIX-like ecosystem.
<KurtKraut> _schism_, there are some control panels that deals with that. You should try ispconfig (not packaged in Ubuntu)
<KurtKraut> _schism_, but they don't work very well, but may suit your needs. I think you should try.
<_schism_> KurtKraut, thank you for the info.  not trying to do anything fancy. just have a couple of young kids trying to introduce them to email and  the like in a safe enviroment
<KurtKraut> _schism_, just for curiosity: why not Gmail or 'Gmail for Google Apps'?
<_schism_> KurtKraut, I have gmaila nd use it.  want to teach the kids how to email but in an enviroment where it is totaly controlled
<draven_sol> can anyone help me troubleshoot why my cups service keeps stopping?
<skorv> i'm having a recurrent problem, my ubuntu server stalls from time to time its dhcp, dns and will only work after reboot
<Tankenator> hello all
<Tankenator> i have a question
<sk0rv> 	Cs
<patdk-lap> don't we all
<sk0rv> oops
<sk0rv> sorry about that
<Tankenator> is there a way to ssh into a cd install of server edition?
<patdk-lap> Tankenator, if you run sshd, should be able to
<Tankenator> so
<Tankenator> i have a headless machine
<patdk-lap> dunno if sshd is in the image or not
<Tankenator> if i boot the buntu server cd, can i expect to discover the machine on the network then be able to ssh into it?
<patdk-lap> nope
<patdk-lap> it's a few menu's in, till it gets to the network config setup
<Tankenator> so i have to have keyboard and montitor attached...
<patdk-lap> for the server iso image, yep
<patdk-lap> not sure if like the alternate image would do that or not
<Tankenator> sux
<Tankenator> i dont want to have to disconnect my desktop....sigh
<patdk-lap> never used the alt image, normally use netboot image, or modified server image on usb
<Tankenator> either one will not do what i want tho...
<e_t_> I have installed to a hard drive through VirtualBox (and KVM). I can then plug the drive into a headless computer and boot it.
<Tankenator> hm
<Tankenator> more bother than pulling the machine and attaching flat panel and keyboard to it in-situ
<Tankenator> thanks anyway
<patdk-lap> e_t_ only if you remember to wipe out the udev net config file :)
<e_t_> Well, my problem is that the computer in question lacks a (working) graphics card.
<patdk-lap> done that, forgot, and couldn't access the thing :(
<e_t_> patdk-lap: Yes. I did that the first time too.
<patdk-lap> I did it the first, second, third, just about every time :)
<patdk-lap> I generally setup systems in pairs, get first one how I want it, mirror it to a second system
<patdk-lap> always forget about that
<e_t_> The second time, I created /etc/network/interfaces entries for non-existent eth1,eth2,eth3 set to DHCP. That way, I knew one would work.
<uvirtbot`> New bug: #383546 in cifs-utils (main) "mount.cifs i.c.w. autofs can stop working" [Low,Triaged] https://launchpad.net/bugs/383546
<UBUxUBU> good morning ubuntu-server.
<Syria> Hi, I have installed Ubuntu server 10.4.1 lucid on my vps, where can I find the .htaccess file please?
<Delerium_> I guess it would be in /var/www
<Delerium_> if not, do a find ... "find / -name .htaccess
<Syria> Delerium_ Is it visible if i am using sftp?
<Delerium_> file starting with a dot are "hidden file", with sftp. doing a "ls -al" might show it up, don't remember
<Syria> Delerium_ Thank you.
<Delerium_> welcome
<gobbe> Syria: .htaccess -files are created by you, not by installer
<Syria> gobbe i have created one in the "site" folder but it is not changing anything!
<Syria> gobbe typing deny from all should prevent everybody from visitng the site right?
<Error404NotFound> anyone who can give me ideas on how would upgrade a Lucid Lynx Amazon Micro Instance to medium one?
<gobbe> Syria: please upload content of .htaccess to pastebin
<Syria> gobbe pelase visit this link http://pastie.org/1422831
<Syria> gobbe and when I change its content to "deny from all" nothing is changing and I can still visit the site.
<gobbe> Syria: so you just have only one line in file "deny from all" ?
<Syria> gobbe Yes, in a folder called .htaccess in the site folder.
<gobbe> .htaccess is file, not folder
<Syria> gobbe Sorry, I mean a file.
<Bilge> Why is `less` gimped on my system such that I have to press enter after every option to make it take effect? On 8.04 LTS I could just press the key and it acted upon it immediately. Now that I migrated to 10.04 LTS I'm screwed
<gobbe> Bilge: hmmh? i can press space eth
<gobbe> etc
<gobbe> no need to use enter
<Bilge> I shouldn't need to press a key after
<Bilge> It actually makes it unusable
<Bilge> It doesn't properly go back to the top of the document even
<gobbe> hmmh?
<gobbe> what is your problem?
<gobbe> you open file with less
<gobbe> and then?
<shaggy2> hey got a question, might be the wrong place to ask, but I have password protect the cgi-bin derectory using .htaccess, I have 2 domains pointing to it, I would like to be able to set it so if the user on www.domain.com logged in via www.domain.net he would be rejected, but if he logged in via www.domain.com he would be allowed. is that posible using .htaaccess
<uvirtbot`> New bug: #696460 in squid (main) "package squid 2.7.STABLE9-2ubuntu5 failed to install/upgrade: ErrorMessage: podproces instalovanÃ½ post-installation skript vrÃ¡til chybovÃ½ status 1" [Undecided,New] https://launchpad.net/bugs/696460
<Rogier> Hi all
<gobbe> hi
<Rogier> just testing irc on my new macâ¦ works fine I think
<Yann2> hello! I am trying to change the motd, but it seems it is now being dynamically generated by files in /etc/update.motd.d/
<Yann2> what script runs this?
<qman__> Yann2, https://help.ubuntu.com/10.04/serverguide/C/pam_motd.html
<Yann2> thanks that explains it
<Yann2> seems a bit overkill still but well :)
<gobbe> :)
<Yann2> sounds to me that people who want to have the weather when they log in (what a weird thing) should use their bashrc or so instead  though :P
<gobbe> well that's also used for landscape
<compdoc> does anyone know what bridge_maxage means?
<compdoc> nm
<uvirtbot`> New bug: #696586 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1" [Undecided,New] https://launchpad.net/bugs/696586
<mrroth> how do I tell if a ProLiant ML350 Server is dual core
<gobbe> cat /proc/cpuinfo
<Rahmat> hallo
<Rahmat> how to install ISPConfig on ubuntu server
<mrroth> I don't have it, I want to buy it
<gobbe> mrroth: ask to open it and see
<mrroth> I see on their stie
<mrroth> but I am not at the store
<mrroth> 200 bucks for a server, NO OS, but that fine fo rme
<davidlenwell> Can anyone in here help with a kvm .. ubuntu-vm-builder?
<MigrationKing> oops
#ubuntu-server 2011-12-26
<zastaph> Maybe https://help.ubuntu.com/community/KVM/Networking needs to be updated .. because the CAP_NET_ADMIN section refers to Sep 2006
<sw0rdfish> hey
<pmatulis> zastaph: please proceed
<zastaph> I'm just a user of KVM
<njacinto> quit
<qman__> that's where ubuntu community docs come from, users
<zastaph> yep and then I'm a kvm n00b too :)
<deviantgeek> Ok, is there any guides to getting ftp working on oneric?
<TJRana> Um...
<TJRana> What's oneric?
<deviantgeek> 11.10
<deviantgeek> ubuntu server
<TJRana> Oh Ubuntu 11.10 Oneiric Ocelot
<deviantgeek> yeah
<TJRana> These namesâ¦ geez
<TJRana> I'm no expert, but I managed to set up ftp for my server, which I then got rid of and had to start all over.
<TJRana> I'll try to help.
<TJRana> I don't think there's a guide, but do you use a program to access your server? Like Dreamweaver or something?
<deviantgeek> well, its currently running on ESXi (virtulization)
<qman__> FTP should never be used
<deviantgeek> if that matters
<qman__> SFTP is superior in all ways
<deviantgeek> qman__: then how do I get sftp working
<deviantgeek> does it come with openssh?
<qman__> apt-get install openssh-server
<qman__> the default sshd configuration allows all users standard SFTP access to anywhere on the system they have permission
<TJRana> yeah, go and log onto your server
<TJRana> type in "sudo apt-get install openssh-server"
<qman__> if you need more control, you can configure chroots in the config
<TJRana> what qman__ said
<deviantgeek> what is the default sftp port?
<qman__> 22
<patdk-lap> it' basically kindof ftp tunneled over ssh
<qman__> it's actually nothing like FTP on a technical level
<patdk-lap> ya
<qman__> the command syntax and general purpose are the only similarities
<patdk-lap> but only way to explain it easily
<patdk-lap> it's unlike scp though, that works at the command/shell level
<qman__> and for good reason, FTP is, was, and always will be a stupid protocol
<deviantgeek> I currently am using root to login to the SSH, I need full filesystem access though, any way I can do that without root?
<deviantgeek> *make ssh sftp
<qman__> why do you need full access?
<qman__> it's much easier to solve that problem than safely allow full access
<deviantgeek> well, so I can edit every aspect of the server from sftp
<qman__> use ssh for that
<deviantgeek> ok
<qman__> shell in, do your editing directly on the server
<qman__> SFTP is for transferring files
<deviantgeek> qman__: ok
<deviantgeek> what about getting xfce installed?
<qman__> don't know why you'd want to do that
<qman__> but you'd do it with apt-get
<deviantgeek> (just makes moving files around easier, I dislike doing everything through ssh)
<qman__> just FYI, as a general rule GUIs and the associated packages aren't supported in this channel, since this is the server channel
<TJRana> deviantgeek, so you want some type of GUI instead of looking at lines of code?
<qman__> you'll get more help on that subject in the desktop channels
<deviantgeek> well, I do use ssh, but if I need to move lots of files, the gui helps
<deviantgeek> (Probably because I need to learn more linux commands)
<qman__> this
<patdk-lap> heh, I normally drop to a shell to move files around
<TJRana> deviantgeek, not when you have some type of FTP or SFTP and a program
<patdk-lap> gui is so ugly at it
<qman__> same
<qman__> file operations are easier from the shell
<deviantgeek> sftp works too.
<deviantgeek> qman__: I download everything from shell
<TJRana> deviantgeek, you can use Dreamweaver, and it's great for moving lots of files
<deviantgeek> wget is awesome
<qman__> I do most of my work in the shell, only reason I have a GUI is for easier web browsing and such
<patdk-lap> I use gui to manage my xterms :)
<TJRana> deviantgeek, I use Dreamweaver all the time and it's a great and powerful tool
<deviantgeek> Dreamweaver looks good
<TJRana> deviantgeek, do you have dreamweaver?
<deviantgeek> yeah
<TJRana> deviantgeek, then use it! lol
<deviantgeek> I use filezilla for all my sftp
<deviantgeek> too lazy to set up dreamweaver
<qman__> I usually use scp
<patdk-lap> I normally use rsync
<TJRana> same difference
<TJRana> it doesn't really matter, you still get the point
<patdk-lap> unison?
<TJRana> deviantgeek, what's the point of putting a GUI on the server when you have something like filezilla?
<qman__> precisely, GUIs belong on desktops, not servers
<qman__> with the exception of LTSP and similar
<TJRana> yeah, putting a GUI just slows the server down
<TJRana> uses more memory and whatnot
<Resistance> anyone able to help me diagnose fcgiwrap / spawn-fcgi when trying to run the apcupsd cgi scripts (for internet monitoring of the apcupsd status data): https://pastebin.com/tBTPSeSg
<patdk-lap> hmm? cgi isn't fcgi compatable
<Resistance> patdk-lap:  give me a working nginx & cgi setup then
<patdk-lap> heh?
<patdk-lap> cgi is so straight forward, there really isn't any setup needed
<Resistance> patdk-lap:  okay, you're no help...
<Resistance> patdk-lap:  nginx has no ootb support for serving CGI content
<patdk-lap> nope, I don't do nginx
<Resistance> their examples and their wiki said to use fastcgi / fcgiwrap to serve cgi content
<Resistance> *grumbles something about downsides to nginx*
<patdk-lap> well, why not use a webserver that supports what you mean?
<patdk-lap> I don't get why people attempt to shove square box's though round holes
<Resistance> system resources are the issue
<Resistance> apache's too mem-intensive
<patdk-lap> that is 2, out of atleast 100 webservers
<Resistance> *yawn* cba to try *all* of them
<Resistance> *goes back to testing package backports*
<qman__> you have to be dealing with a huge volume for that to matter
<qman__> I've been using apache for years and never had a problem with its resource usage
<Resistance> qman__:  did i mention this is a 128MB RAM VM?
<Resistance> :/
<patdk-lap> unless you really messup the apache config, it should only need 20megs of ram, or so
<qman__> yeah
<patdk-lap> much more than nginx at 3megs or whatever it is
<Resistance> there's not even 10 megs available atm :/
<Resistance> anyway its not super important, i've got other things to be fixing/testing anyways
<patdk-lap> I would say, install lighttpd
<qman__> personally I'd just get more RAM
<qman__> not worth the hassle
<TJRana> I'm going to leave now. I might be back later. Bye everyone. And Merry Christmas!!!!!
<qman__> don't get me wrong, I appreciate efficient software
<qman__> but time spent working on it is valuable too
<patdk-lap> heh
<patdk-lap> dunno, I've been running lighttpd since 2006
<patdk-lap> switch off between it and apache often, depending on needs
<qman__> I've just been using apache since forever, and I don't know anything else
<qman__> even if it was a couple bucks a month on a hosted VPS, I'd pay it, not worth the time learning a whole new package to solve a problem I already know how to solve
<patdk-lap> for me, defently a performance issue
<patdk-lap> atleast one place I switched it too
<qman__> on the other hand, if it's a genuine performance problem, it'd be worth looking into
<patdk-lap> something in apache kept going nuts and using 400mb ram, randomly
<patdk-lap> but normally unless there is something I specifically need apache for, I use lighttpd instead
<TJRana> Hello, now I am stuck setting up ubuntu. I wanted to make a DNS Server so I am using the following website for a step-by-step tutorial: http://www.server-world.info/en/note?os=Ubuntu_11.04&p=dns&f=1 The only problem is I don't know what my global IP address is in brackets. I do know my global IP adress but not the one in brackets. And what is my private IP adress? and what would it look like in brackets?
<TJRana>  Thank you.
<twb> Are you using 11.04?
<TJRana> no I'm using 11.10
<twb> Then why are you reading documentation for 11.04?
<TJRana> I had to compromise, and I was hoping the code would be similar so there would be little to no difference
<twb> Have you tried the 11.10 server guide?
<TJRana> and there aren't many tutorials out thereâ¦ the server guide?
<twb> https://help.ubuntu.com/11.10/serverguide/C/
<twb> It's mentioned in the /topic
<twb> (That's the thing at the top of the screen, that you're supposed to read before commenting)
<TJRana> oh thatâ¦ oneâ¦
<TJRana> I'll take another look and see what I can do.
<twb> Of course if you have read that and are still having problems, then we can talk abut it
<TJRana> Hi um, I have a question. How do I find the IP Address of my ISP's DNS servers?
<TJRana> *IP addresses
<twb> Call your ISP's tech support
<twb> If you have working internet elsewhere, google for "<ISP name> nameserver" or something
<TJRana> okay
<twb> There's no form of in-band discover of nameservers out on the internet
<twb> (DNSSD/MDNS, but that doesn't normally propagate across routers.)
<TJRana> okay so I got more information
<TJRana> ISP : Optimum Online
<TJRana> Host : ool-44c5ee43.dyn.optonline.net
<TJRana> That's all I know
<twb> 18:22 <twb> Call your ISP's tech support
<TJRana> I have another question
<TJRana> See on the following page: https://help.ubuntu.com/11.10/serverguide/C/dns-configuration.html it says that
<TJRana> "The DNS configuration files are stored in the /etc/bind directory. The primary configuration file is /etc/bind/named.conf."
<TJRana> Now, there are probably changes made to those configuration filesâ¦ so how do I restore the default files?
<twb> purge and install the package
<twb> And learn etckeeper and git so you can avoid that next time
<TJRana> okay
<twb> Why do you want a DNS server
<TJRana> umâ¦â¦..............
<TJRana> wait, what does a DNS server do again?
<twb> Serves a zone to DNS clients.
<TJRana> umâ¦ Okay, so I used to use a free hosting server and I thought it would be more efficient if I had my own server, so I wouldn't have limitations to a bunch of stuff
<twb> If it's an authoritative nameserver.  If it's a caching resolver, then it basically acts as a proxy for name resolution requests between clients and authoritative servers (or other resolvers).
<twb> Typically a home network will have a caching resolver in the router, and at the ISP, and that will talk to the various authoritative servers out on the internet.
<TJRana> so I thought maybe I needed to do a bunch of stuff to the serverâ¦ like NTP, SSH, DNS, DHCP, Virtualization, NFS, NIS, LDAP, WEB, database, FTP, MAIL, Samba, Proxy, Desktop env to the server
<twb> Unless you own a domain like dick.head.name or example.net, you do not need an authoritative nameserver.
<TJRana> oh
<TJRana> so a dns server is unnecessary?
<twb> A network should have at least one caching resolver, but your ISP typically provides this for you.
<TJRana> I own a domain. It's tjrana.com
<TJRana> So since I own a domain, it's necessary?
<twb> Or you could just pay someone like zoneedit to host it for ou
<twb> Which for one domain will be $0/mo
<TJRana> okay I went onto zoneedit.com and signed up
<TJRana> what do I do next?
<TJRana> What is a zone name?
<TJRana> I keep on getting the same error, I got it before.
<TJRana> http://paste.ubuntu.com/783147/
<TJRana> http://pastebin.com/TFSL4tsz
<TJRana> Hello?
<TJRana> twb are you there?
<arooni-mobile> for some reason i'm kinda locked out of my server... i could ssh into before rebooting... now i see: https://gist.github.com/1520745 ... when i try to connect.  i didnt change ssh or anything as far as i know
<lalagirl> is anyone there?
<linxeh> Is there a recommended RADIUS server package to use on Ubuntu LTS? Is FreeRADIUS the way to go?
<arooni-mobile> hi folks; for some stupid reason i can't ssh into my server; so the server support people gave me access to KVM.  how can i use KVM in orerder to recover my server and be able to SSH into it again?  running ubuntu 11.10.  i have an admin account and a root account but I believe i have disabled root login via ssh
<raubvogel> arooni-mobile: can you vpn into your server's console?
<arooni-mobile> raubvogel, this is what i have access to now: http://global.avocent.com/us/olh/dsr/v_3.7.1/global/en/index.html
<arooni-mobile> not sur eif thats different than kvm
<raubvogel> Oh
<raubvogel> so by KVM you mean the switch, not the emulator :)
<StevenR> arooni-mobile: can you login to the server using the KVM ?
<arooni-mobile> im not sure how to use the switch software i have now to connect ot the server
<arooni-mobile> any suggestions?
<raubvogel> arooni-mobile: Take a look under "The Video Viewer->Launching a KVM Session"
<raubvogel> In http://manpages.ubuntu.com/manpages/oneiric/man5/nss_ldap.5.html they mention some features require schema  mapping  support. How to find out if the libnss-ldap package has that?
<arooni-mobile> hi folks; for some stupid reason i cant ssh to my server:  https://gist.github.com/1521495 ... no idea what to do now.
<SpamapS> arooni-mobile: your key may be in the wrong format, ssh-keygen can convert it
<SpamapS> arooni-mobile: man ssh-keygen
<arooni-mobile> SpamapS, key on the side trying to connect?
<qman__> you're not supposed to include the ----BEGIN---- -----END---- lines
<qman__> but yeah, it could be totally wrong
<qman__> take that back, id_rsa does have those
<qman__> thinking of authorized_keys, which has a one key per line format
<raubvogel> arooni-mobile did you try to ssh -vvv and watch the messages?
<arooni-mobile> i have done that yes
<arooni-mobile> this is sooo weird
<arooni-mobile> everything was setup on the server
<arooni-mobile> and alli did was reboot it to test it
<arooni-mobile> waiting on a kvm recovery session
<arooni-mobile> dedicated server support people claim they can ssh with same creds
<arooni-mobile__> hi folks;  i'm trying to ssh into my server; but when i use the correct username
<arooni-mobile__> nothing happens
<arooni-mobile> re-setting up my ssh config.  is there any problem with putting the SSH port at 22222 ?
<uvirtbot> New bug: #908824 in openvpn (main) "Unable to connect to VPN as a non-admin user" [Undecided,New] https://launchpad.net/bugs/908824
<uvirtbot> New bug: #908833 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/908833
<JoshuaP> How do I keep the SSH MOTD from updating itself?
<smw> JoshuaP, I think it is a cron job.
<smw> JoshuaP, it uses /etc/motd.d or something like that, let me check
<JoshuaP> k
<smw> /etc/update-motd.d/ controls it
<smw> you may want to leave it and just change the footer
<smw> that is what I do
<JoshuaP> Okay
<JoshuaP> Does that make the MOTD not update?
<rbasak> I think /etc/motd is a symlink and if you replace it with a normal file then it won't auto-update. IIRC. I may be wrong.
<JoshuaP> When I put my own text in there, it earases.
<rbasak> Have you replaced the symlink with a normal file?
<JoshuaP> How do I set write permissions of a file to a user?
<koolhead17> hi all
<Warp4> hi
<koolhead17> supp Warp4
<Warp4> not much
<Warp4> just sitting on the channel in case i or anyone else needs help :)
<koolhead17> Warp4, great. ^^
#ubuntu-server 2011-12-27
<uvirtbot> New bug: #908901 in awstats (main) "awstats confused by 408 entries in apache log files" [Undecided,New] https://launchpad.net/bugs/908901
<uvirtbot> New bug: #908905 in squid (main) "upstart problems with S20squid script" [Undecided,New] https://launchpad.net/bugs/908905
<GRMrGecko> How can I install Ubuntu Server on Parallels Desktop? I keep getting a purple screen and see no more progress.
<Warp4> GRMrGecko, what version of ubuntu server?
<GRMrGecko> 11.10
<uvirtbot> New bug: #908908 in squid (main) "uninitialized variable in wbinfo_group.pl causes false authentication results" [Undecided,New] https://launchpad.net/bugs/908908
<Warp4> that may be part of the problem
<Warp4> try 10.04.3 instead
<Warp4> i never had any luck with anything later
<GRMrGecko> ok
<Warp4> thinking about recommissioning a windows server in my rack and making it a news/email server
<GRMrGecko> thinking what might happen if my server had a virus.
<arooni-mobile> i have set up key based authentication on a ubuntu 11.10 server.  however; when i try to login with my key.... i get asked for my password.  anyway to determine why this is happening and then solve it?
<patdk-lap> what do you mean by, key based authenication
<patdk-lap> using ssh public key?
<arooni-mobile> anyone ever see this error?  SocketError: getaddrinfo: Temporary failure in name resolution  ... when i'm trying to parse a rss feed
<arooni-mobile> i think my dns is messed up... how can i fix that?
<arooni-mobile> hi folks;  have a ubuntu 11.10 server where i believe DNS is messed up on.  i can't ping or wget any url.  i get "wget URLONSTACKOVERFLOW => Resolving stackoverflow.com... failed: Temporary failure in name resolution."    or "ping: unknown host yahoo.com"
<lalagirl> Hi there, I have a question.
<lalagirl> What should I consider?
<lalagirl> DMZ enabled or Firewall Ports?
<lalagirl> Hello?
<greppy> lalagirl: in general, unless you have reasons to turn on DMZ, go with port forwards.
<lalagirl> okay
<greppy> Expose the least amount that you have to.
<greppy> If you only need mail, web and dns, only expose those ports.
<greppy> still run a firewall, host based intrusion detection, etc.
<greppy> fail2ban or the like, configured to look at apache logs and/or pop3/imap logins can also help limit your exposure to brute force attacks.
<alex88> hi guys, i'm trying to create a oneiric openvz template, but running schroot says "W: Failed to change to directory â/var/lib/vz/private/777â: No such file or directory" but the dir is there :/
<koolhead11> hi all
<lalagirl> hi
<koolhead11> Daviey: hello sir
<lalagirl> hi?
<koolhead11> hi lalagirl
<lalagirl> hi koolhead11
<uvirtbot> New bug: #909027 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/909027
<uvirtbot> New bug: #909029 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/909029
<Danielc1234241> Hi all, trying to run sudo apt-get install opendkim-2.4.3.tar.gz, I get this error
<Danielc1234241> Reading package lists... Done
<Danielc1234241> Building dependency tree
<Danielc1234241> Reading state information... Done
<Danielc1234241> E: Couldn't find package opendkim-2.4.2.tar.gz
<Danielc1234241> well it is the 2.4.3 version...I tried both
<StevenR_> Danielc1234241: what precisely are you trying to do?
<Danielc1234241> Install the DKIM
<Danielc1234241> for our mailserver http://www.opendkim.org/docs.html
<StevenR_> you're going to need to be more precise than that.
<Danielc1234241> trying to install that package
<StevenR_> it's not a package
<Danielc1234241> how would I install this? opendkim-2.4.3.tar.gz
<StevenR_> opendkim-2.4.3.tar.gz is a source tarball. It is not a deb package that apt-get can use
<Danielc1234241> ahhh, then how would I get this installed on our server then? On the developing site, that is what they offer as a download.
<StevenR_> use the package; i.e.  sudo apt-get install opendkim
<StevenR_> it'll pull the latest version available in the Ubuntu repositories
<Danielc1234241> let me try...thanks
<squidly> is there a fix for Oneric's OCFS2 console?
<squidly> I keep getting the popen2 errors
<JoshuaP> Anyone around to help?
<Danielc1234976> Hi all..just wondering if anyone has ever installed openDKIM on their ubuntu server?
<Doodie> hi, I am having permission denied error when I try to login to my server via ssh. Password is turned off and public key has been uploaded. I can login via password only.
<SpamapS> Doodie: anything in /var/log/secure ?
<Doodie> SpamapS, secure file is not there.
 * SpamapS wonders if his years of redhat have polluted his thinking
<SpamapS> Doodie: oops, I meant /var/log/auth.log
<Doodie> SpamapS, this file is so huge. dont know what to look at..
<SpamapS> Doodie: its a log file, usually you use something like 'tail' or 'less' to look at the end of it.
<SpamapS> Doodie: sorry to leave you without anymore answers but I have to go.
 * SpamapS disappears
<huslage> i would like to use NetworkManager/nmcli without installing X. There is a dependency-tree-from-hell in the existing packages though. What's the secret?
<deckard> hi all :)
<deckard> anyone knows how to specify the listening interfaces in ntp.conf ?
<patdk-wk> you don't
<deckard> you mean i can't  avoid theses "Listening on interface #4" statements ?
<deckard> is there any "listen" or "interface" command to restrict ntpd locally ?
<osmosis> what does this /var/log/messages  kernel msg mean?  http://dpaste.com/678382/
<patdk-wk> crashed :)
<osmosis> strange, out of the blue. had a lot of uptime before that.
<osmosis> how do I check what is the in the  qemu-kvm  updated package?
<osmosis> I can get it from the web,  http://changelogs.ubuntu.com/changelogs/pool/main/q/qemu-kvm/qemu-kvm_0.12.3+noroms-0ubuntu9.15/changelog
<osmosis> is there an easy command line way?
<osmosis> hmm...web changelog doesnt even show the latest update
<osmosis> http://changelogs.ubuntu.com/changelogs/pool/main/q/qemu-kvm/qemu-kvm_0.12.3+noroms-0ubuntu9.16/changelog    shows it
<Daviey> koolhead17: hey
<xperia2> hi to all. small question. where can i find the package libapache2-mod-spdy
<xperia2> i want install this apache modul on my ubuntu server but can not find it in the package list
<ajmitch> it looks like it isn't packaged yet
<xperia2> that is really pity. i am interessted to package it if anybody will help me
<ajmitch> you could follow up on http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628643 & offer to help him there
<uvirtbot> Debian bug 628643 in wnpp "RFP: libapache2-mod-spdy -- Apache module for the SPDY (HTTPS-like) protocol implemented in chromium" [Wishlist,Open]
<xperia2> ohh such cool thank you a lot ajmitch. you are great !
<uvirtbot> New bug: #909181 in squid (main) "wbinfo_group.pl does not recognize domain names containing spaces" [Undecided,New] https://launchpad.net/bugs/909181
<lalagirl> hi there, I'm having a warning
<lalagirl> hi i'm getting this warning when i'm going through the installation process of mediawiki 1.18.0: "Warning: The intl PECL extension is not available to handle Unicode normalization, falling back to slow pure-PHP implementation." what should I do?
<lalagirl> http://s13.postimage.org/lmoue237r/Screen_Shot_2011_12_27_at_6_44_22_PM.png
#ubuntu-server 2011-12-28
<pythonirc1011> If I want my ubuntu-server to not connect (on http) -- to any particular ip, for more than 10 times a minute, can this be done? how?
<qman__> lalagirl, no action is required, that can be safely ignored
<qman__> if you want the warning to go away, install the PECL extension it's looking for
<trevorj> pythonirc1011: iptables
<trevorj> pythonirc1011: connlimit iirc
<trevorj> pythonirc1011: ie, iptables -A INPUT -p tcp --dport 80 -m limit --limit 10/min -j ACCEPT
<trevorj> pythonirc1011: actually use conntrack to only accept 10 new connections: iptables -A INPUT -p tcp --dport 80 -m limit --limit 10/min -m state --state NEW -j ACCEPT
<trevorj> pythonirc1011: you'll also want to ensure you have a rule in to allow the rest of the connection as well, ie: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
<trevorj> pythonirc1011: then either deny traffic by default on INPUT and enable any other services you'll need, or put a rule at the end like: iptables -A INPUT -p tcp --dport 80 -j REJECT
<trevorj> pythonirc1011: if you're new to iptables, check out firehol.
<uvirtbot> New bug: #909203 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/909203
<amstan_> how can i get a process like bash to read and write to /dev/ttyUSB0(as stdin and stdout)
<amstan_> i tried named pipes, like this: http://pastebin.com/itDi8LL5
<amstan_> but it doesn't seem to work
<Xqtftqx> Hey, i need some help configuring squid, specifically ACL.
<ovhan> anyone here who is running or has run a minecraft server?
<MTecknology> So.. with kvm, am I going to get better performance from a raw or qcow2 formatted disk?
<MTecknology> ooooh... nevermind; sounds like qcow2 is more stable but raw is much more flexible
<Yuyo> does anyone know what files does ufw edit?
<twb> Yuyo: /etc/ufw, I expect
<Yuyo> i can't access my remote machine because the firewall is blocking ssh.. so i'll have to attach the hard drive to another system, and edit the files there..
<twb> chroot in and run ufw, then
<Yuyo> twb, what do you mean?
<Yuyo> chroot to the attached hard drive?
<twb> yes
<Yuyo> ok, sounds good. thanks
<Yuyo> twb: i chrooted into the mounted hard drive, then did "sudo ufw allow 22" and said "Rules Updated"
<Yuyo> then i reattached it to the other machine, and still i can't get in through ssh
<Yuyo> any clues?
<Yuyo> running sudo ufw disable told me "ERROR: problem running ufw-init" however
<RoyK> anyone that knows how I can setup a solaris 10 SPARC VM on linux x86_64?
<abhinavmehta> hello everyone...
<ovhan1> hi
<patdk-wk> royk, wouldn't that be hard? I didn't think sparc was x86 compatable
<abhinavmehta> I'm installing mini.iso(mini ubuntu 32bit, some 13mb) on VMWareâ¦.and everything is working fine..
<patdk-wk> I should hope so, I test those
<abhinavmehta> problem isâ¦it retrieves many packages from the internet in-course of installationâ¦which I'm looking to avoid..so any pointersâ¦how to avoid other stuff..
<patdk-wk> don't use the mini-iso
<abhinavmehta> patdk-lap: than..?
<patdk-wk> the whole point of the mini-iso is it gets EVERYTHING from the internet
<patdk-wk> the other option you have, is to install a caching web proxy, or apt cache proxy
<abhinavmehta> patdk-lap: ohh, I seeâ¦.I thought this is just the bare minimum linux distroâ¦and capable to give me the basic shell.
<patdk-wk> bare min install is about 450megs or so
<abhinavmehta> patdk-lap: any pointers, which will be good bare-minimum linux distro for making ec2-images(cloud intances)
<abhinavmehta> ok
<patdk-wk> that is really a pointless question
<patdk-wk> cause normally, that is NOT something you want to do
<patdk-wk> even for cloud stuff, normal rules still apply, like, lifetime of security patchs, how used to the distro you are, ...
<patdk-wk> it does no good to have an awesome ec2 intergrated image, if you can't use it
<koolhead11> abhinavmehta: http://uec-images.ubuntu.com/ this is what your looking for i assume :)
<RoyK> patdk-wk: that's the job of qemu...
<patdk-wk> royk, never knew qemu was suppost to emulate totally different cpu's
<abhinavmehta> patdk-lap: why notâ¦I agree with you at some-points, but what if someone wants to build simple os, with taking care of all security-checks and all other.
<abhinavmehta> Well, I'm thinking to build a os-instance using VMBuilder, and than patching all security checks with some recipe-tools(Puppet/Chef) and thats how making a private cluster of custom-operating-systems. Please correct me if I'm wrong somewhere.
<patdk-wk> I don't know of anything like that
<abhinavmehta> patdk-lap: sorry, I was too verboseâ¦
<RoyK> patdk-wk: that's what it does - I've used it for ARM emulation, but not sparc
<patdk-wk> http://gunkies.org/wiki/Installing_Solaris_2.4_on_Qemu_SPARC
<RoyK> patdk-wk: good 'un, but without ss5.bin, I'm rather lost...
<maswan> Hm. With the soon to be removed sun-java, anyone know of plans to backport a newer openjdk to LTSes? It would be nice with one that segfaulted less often on our load...
<Doonz> hey guys, I have two ethernet ports in my server eth0 is assigned to 192.168.*.* and when i try to assign eth1 to 10.0.1.* the network stops working as in i cant talk to the box anymore. Any ideas
<alex88> http://pastebin.com/MEkBwgDC someone can help me with this error? i'm trying to install mysql-cluster-server
<raubvogel> alex88: is there a /etc/mysql/debian-start file there?
<alex88> raubvogel: nope..but seems a common bug
<alex88> https://bugs.launchpad.net/ubuntu/+source/mysql-cluster-7.0/+bug/579732
<uvirtbot> Launchpad bug 579732 in mysql-cluster-7.0 "package mysql-cluster-server-5.1 7.0.9-1ubuntu7 failed to install/upgrade: subprocess installed pre-removal script returned error exit status 1" [Medium,Fix released]
<alex88> it says fix released but not in my case
<raubvogel> Which ubuntu release are you running? You might need to ask for a backport
<alex88> natty
<raubvogel> Also, the last entry (someone with 11.10) in that says it has not been released yet
<raubvogel> There is a link for the patch though
<alex88> well, i won't recompile it
<alex88> for now i used the fix someone said before
<iggi> So was following this guide: http://itsignals.cascadia.com.au/?p=28 to resize a KVM drive, but since I'm running LVM I'm having some difficulty growing the volume. I did a pvresize on the volume, but it says there is no PE free to expand the current logical volume. I assume I have to grow the VG as well or should pvresize take care of that?
<iggi> Ok so I think I may have found part of the issue. I have an extended partition contains the vg and unallocated space, but for some reason pvresize is not resizing the vg (/dev/vda5) to fill the space.
<iggi> ahh I had to manually set the physicalvolumesize, I guess my google-fu isn't the best today I couldn't find that, I had to RTFM
<patdk-wk> royk, why without ss5.bin? there is a link to download it on that page
<patdk-wk> the link even works :)
<chuck580> hi all
<strickly> hello chuck580
<chuck580> Is it possible to find an irc channel where people are talmking?
<_johnny> yes
<chuck580> I'm really looking after such chat whatever the subjet, actually I'd like improve my english skill and as I'm a developer it would be more interessant for me if the conversation was about development
<ovhan> chuck580:  developing as in programming? what language
<ovhan> if your looking for java for example try #java
<chuck580> Java/J2EE especialy Spring
<jmarsden|work> chuck580: If you want to join a busy channel with lots of chatter, try #ubuntu
<chuck580> yes it's what I do but I've not find a channel where there is a discussion
<ovhan> try ##java
<chuck580> kk tks :)
<peterrus> hey, booting my ubuntu server 11.10 install seems to hang at 'running init-bottom'. Is there  some way I can check whats going wrong?Ã¥Ã¥
<guntbert> peterrus: are there already other virtual terminlas available? try with <alt><left> (several times)
<guntbert> *terminals
<peterrus> guntbert: no
<peterrus> my services arent started either
<peterrus> currently running a bad block test
<guntbert> peterrus: did you mean "during install" or "after installation"?
<peterrus> guntbert: after
<peterrus> the server has booted several times
<ChmEarl> peterrus, try on your vmlinuz cmdline `nopat nomodeset`
<peterrus> ok lets try that
<ChmEarl> that might stop it from hanging.. or better yet, append `text`
<guntbert> ChmEarl: he is running server
<ChmEarl> modeset is active in server too
<guntbert> peterrus: boot into recovery system
<guntbert> ChmEarl: yes, but 'text'?
<peterrus> guntbert: ChmEarl I currently am in recovery
<peterrus> shall I reboot to add those arguments?
<peterrus> text might do something indeed
<peterrus> as it hangs exactly before switching to framebuffer
<peterrus> ok
<peterrus> text did nothing
<peterrus> ah nice
<peterrus> I removed the set_gfxmode line
<peterrus> and now it boots
<peterrus> lets find a method to make this permanent
<Ynodde> mogguh
<pdtpatrick1> Question .. why is it after creating a chroot environment .. each time i try to switch to it it keeps saying
<pdtpatrick1> http://paste.pocoo.org/show/527079/
<myjimmyweb> hello all, looking for some help with bind via webmin
<myjimmyweb> no?
<Patrickdk> via webmin? not here
<myjimmyweb> kk
<myjimmyweb> well lemme ask a general server question then
<myjimmyweb> I installed server 11.10 to be a virtual machine host
<myjimmyweb> and i have a number of virtual ubuntu server machines
<myjimmyweb> basically, jw how/if i can make the host direct to example.com  while each virtual guest server would be guestx.example.com
<myjimmyweb> can anyone point me in the right direction?
<pdtpatrick1> so u wan the hos to be the gateway? if ur using KVM, i believe it will create the bridge connections. You can then create an iptables rule to allow forwarding via the host. This way your host can be your DNS box. If that's what your asking
<myjimmyweb> yes
<pdtpatrick1> http://www.google.com/url?sa=t&rct=j&q=kvm%20ubuntu%20&source=web&cd=1&ved=0CCUQFjAA&url=https%3A%2F%2Fhelp.ubuntu.com%2Fcommunity%2FKVM&ei=g5f7TunEHJHRrQfx8dihCA&usg=AFQjCNFT_YghZ2c5vUnX72lWgCNvqEAB5A
<pdtpatrick1> whoops
<myjimmyweb> i'm using virtualbox on a headless system with phpvirtualbox
<pdtpatrick1> oh
<pdtpatrick1> virtualbox should have a bridge connection
<myjimmyweb> yup
<myjimmyweb> it does
<pdtpatrick1> right so in ur /etc/resolv.conf for your hosts file
<myjimmyweb> mmhmm
<pdtpatrick1> just make ur host as the gateway
<myjimmyweb> kk
<myjimmyweb> on the vm right
<pdtpatrick1> right so on serv1.example.com
<myjimmyweb> yes
<pdtpatrick1> edit the /etc/resolv.conf and point that to example.com
<pdtpatrick1> and on example.com -- you'll have the DNS running there
<myjimmyweb> so i don't need bind on any of the vms?
<pdtpatrick1> also make sure ur forwarding chain is set to accept
<pdtpatrick1> on the host
<myjimmyweb> k
<myjimmyweb> any good reading for this stuff?
<pdtpatrick1> oh and then make sure ur kernel has forwarding set.
<pdtpatrick1> just google - forward ipv4 on ubuntu
<pdtpatrick1> you'll find tons of stuff
<myjimmyweb> k
<myjimmyweb> i've just been used to using dyndns.org for my dns stuff, but will be purchasing a business account to get around webhop redirects to a dif port than 80
<pdtpatrick1> :)
<Lcawte> Hi, I'm having problems installing LAMP with tasksel, it messes up at mysql-server-5.1
<pdtpatrick1> you could also try installing it yourself?
<pdtpatrick1> sudo apt-get install mysql-server
<pdtpatrick1> see if it gives you an error
<pdtpatrick1> or try install 5.1 but the server package should pull that in
<Lcawte> I have, still seems to freeze up
<pdtpatrick1> freeze up on what? On installing? or downloading the package ?
<pdtpatrick1> update your repo and try again
<pdtpatrick1> sudo apt-get update && sudo apt-get install mysql-server
<Lcawte> installing
<pdtpatrick1> dpkg -l mysql*
<pdtpatrick1> what does that show ?
<BEZ|Kevin> how can I downgrade a 10.04 server to php 5.2.x?
<uvirtbot> New bug: #482986 in etckeeper (main) "Tracks some unnecessary/autogenerated files" [Wishlist,Triaged] https://launchpad.net/bugs/482986
<uvirtbot> New bug: #603738 in bzr (main) "etckeeper should not warn about ignored special files / hardlinks" [Wishlist,Fix released] https://launchpad.net/bugs/603738
<Lcawte> pdtpatrick1: http://pastebin.ubuntu.com/786324/ (its still running the isntall)
<pdtpatrick1> Lcawte, looks like mysql-server is half installed. So do this then. sudo apt-get remove --purge mysql-server-5.1
<Lcawte> I get a pop up debconf type thing telling me that it can't copy the root password or something
<Lcawte> pdtpatrick1: ok, purged that
<Lcawte> now do I reinstall it?
<pdtpatrick1> yup
<pdtpatrick1> sudo apt-get install mysql-server
<Lcawte> pdtpatrick1: http://pastebin.ubuntu.com/786325/
<Lcawte> wow, its stalling on purging that
<pdtpatrick1> sudo dpkg-reconfigure mysql-server-5.1 .. it should ask you to set the root password
<RoyK> Lcawte: if you need to recover the root password, start the daemon with --skip-grant-tables
<Lcawte> pdtpatrick1: tried that earlier, didn't work, same error
<Lcawte> RoyK: full command?
<Lcawte> Wow, I purge all the mysql, delete /etc/mysql and reinstall the lot, still that same error
<patdk-lap> lcawte, why would you expect different?
<Lcawte> patdk-lap: fresh install, possible chance that there could of been something messed up in the old one?
<RoyK> Lcawte: mysqld --skip-grant-tables
<Lcawte> Where are mysql databases stored on the disk?
<Madonna__> oi
<Lcawte> horrah! finally fixed it
<Lcawte> purging all the sql packages and rm -rf ing the db dir & mysql conf
#ubuntu-server 2011-12-29
<Lcawte> hmm, next problem
<RoyK> Lcawte: why didn't you just start it without grant tables?
<Lcawte> RoyK: because that just hung
<RoyK> no, it did't, it just didn't fork into the background
 * RoyK labels Lcawte NOOB
 * Lcawte takes off the duplicate label
<Lcawte> Hmm, now, I can't seem to mount my other disk thats attached to the server (its my 80GB desktop 11.10 disk) but I can't take it out because its needed for grub... I need to grab my sql databases from that one, but I can't seem to mount it...
<RoyK> Lcawte: grub isn't needed to mount anything
<RoyK> Lcawte: pastebin your /proc/partitions, please
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Lcawte> RoyK: I know that... and I know about pastebining :P  But I meant, I can't take the disk out and put it in another machine to get the stuff because if I do, I break booting on the server, and have to spend another week fixing it
<Lcawte> hmm, whats the output of /proc/partitions supposed to look like?
<Lcawte> or, what command do I run to get the inteded output
<RoyK> you may want to dump the db on that machine, then
<RoyK> mysqldump etc
<Lcawte> ok, but I still can't mount that disk
<Lcawte> "mount: can't find /dev/sdb1 in /etc/fstab or /etc/mtab" (it shows up in fdisk -l though)
<RoyK> Lcawte: man mount
<Lcawte> RoyK: ah, thanks ... mount -t ext4 is the command :D
<Lcawte> RoyK: I probably want to dump all the databases with all the info right? Then would it be "mysqldump -A"?
<RoyK> mysqldump --all-databases
<RoyK> which is -A, yes
<RoyK> same thing
<Lcawte> Where does it get dumped to & in what format?
<RoyK> that dumps to standard output in SQL format
<RoyK> just dump every database you need
<RoyK> mysqldump mydb > mydb.sql
<RoyK> the mysql database (system db) may be moved as well, but if you don't have too much grants etc, you might want to add those manually to the new system db
<Lcawte> v
<Lcawte> "mysqldump: Got error: 2002: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) when trying to connect" and "service mysql start" gives me a job failed to start message
<strickly> whats the job error message you get when starting the daemon?
<pdtpatrick1> Question .. why does schroot fail to recognize that a path exists?
<pdtpatrick1> http://paste.pocoo.org/show/0jlqgcqNoJthJxjnvYUW/
<Lcawte> root@lcserv:/# service mysql start
<Lcawte> start: Job failed to start
<Lcawte> (chrooted into the disk right?)
<strickly> try this
<strickly> cd /usr/local/
<strickly> cd /usr/local/mysql
<strickly> ./bin/mysqld_safe --user=mysql &
<strickly> or /usr/local/mysql/bin/mysqld_safe --user=mysql &
<strickly> directly
<Lcawte> strickly: hmm, theres no mysql in /usr/local
<strickly> did you install it manually?
<strickly> or via a package manager?
<strickly> the mysql app
<Lcawte> tasksel or aptitude
<Lcawte> may of been in an earlier version of ubuntu though, can't remember
<strickly> did you try a
<strickly> sudo aptitude reinstall
<strickly> maybe its the fastest way to get it corrected
<strickly> it shouldnt be such big deal to restart the daemon
<strickly> so maybe something wrong in the install/config process
<RoyK> wtf is wrong with people? reinstalling things normally doesn't help - fixing things does
<Lcawte> Well I am chrooted into the disk remember
<Lcawte> which, either means I don't chroot properly or..
<RoyK> Lcawte: move the db files away, copy the old ones in, start the db
<strickly> well it's about making things easy at times
<strickly> not spending hours and more hours figuring it out, when theres no need
<RoyK> Lcawte: dump the db, move the old ones away, move the originals back, start dbms, restore
<Lcawte> RoyK: problem is, can't dump the old stuff because the old db won't start in chroot :)
<RoyK> Lcawte: did you try to read what I just wrote?
<strickly> RoyK easy
<strickly> :)
<Lcawte> ok, I think I've got you...
<Lcawte> Old database files... hmm...
 * Lcawte goes hunting
<MTecknology> hm... So if you have your home directory encrypted using ecryptfs, how can you ssh into that system with shared keys?... you're ~/.ssh/authorized_keys is encrypted until you log in...
<MTecknology> heh... that was an easy solution... sorry for not thinking through it before asking
<Lcawte> Where exactly is the data for mysql stored, I'm trying to copy the databases from a disk, but my first attempt seems to have left me with an empty database with the correct name
<Lcawte> got it, just had to chown the files
<uvirtbot> New bug: #909558 in etckeeper (main) "Default conffile change in hardy -> lucid transition silently stops etckeeper hooks" [Undecided,New] https://launchpad.net/bugs/909558
<squidly> yep../wib
<Zanzacar> exit
<Zanzacar> exit
<Zanzacar> whoops
<koolhead17> hi all
<uvirtbot> New bug: #909592 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: subprocess new post-removal script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/909592
<lalagirl> hi everyone
<lalagirl> !hi
<lalagirl> !hello
<Guest21672> hello oratedq
<codeflux> stupid question: I added a rule to iptables to drop all traffic after the rules for 443, 80 and 22. If I now add a rule for port 21, will it work or does it have to be before the "drop all traffic" rule?
<magicblaze007> I'm trying to set some headers on my webserver, and for some reason, cant get the header out to the link at all, had anyone had this problem before?
<patdk-wk> magicblaze007, nope
<uvirtbot> New bug: #909828 in tomcat6 (main) "Tomcat needs update to prevent hash function DoS attack" [Undecided,New] https://launchpad.net/bugs/909828
<fishscene> Greetings
<fishscene> We use gmail for our corporate e-mail, and as such, some applications that depend on a local e-mail server can not use our e-mail system. I would like to set up an internal e-mail server that these applications can use that ties into our gmail system. What would be the best way to do this?
<fishscene> I have looked in to postfix, but it is absolutely horrid to set up with many features and options I don't understand, nor do they seem necessary for what I am looking to do.
<matoc> What do you mean by tie-in?
<fishscene> Essentially, the internal e-mail server would receive messages, and forward them to gmail to the approrpiate address. For example, if I received an e-mail, it would be from "noreply@mydomain.net" going to "fishscene@mydomain.net"
<matoc> Not sure about automating this, but a postfix server with PostfixAdmin for web administration could work well for you.
<fishscene> hmmm I haven't run across PostfixAdmin yet.
<matoc> fishscene: I believe this howto worked for me on 10.04 http://postfixmail.com/blog/index.php/postfixadmin-on-ubuntu-9-10/
<fishscene> Thanks matoc
<iBaer> Hello
<fishscene> Hi
<iBaer> I want to access my Samba server from outside my home network, is that possible?
<fishscene> iBaer: By connecting to the samba shares directly? I normally use SSH to gain access to my home directory.
<matoc> Yes. There are a few different ways. I would use OpenVPN to setup a secure VPN to you home network.
<matoc> I have found that many home ISP block port 22 for SSH which makes it a problem. If it's just me and SSH work though, that what I use too.
<fishscene> My ISP blocks port 22 as well, so I changed the port :) But yea.
<matoc> I've never tried Samba directly over the internet, I'm a little curious how well this works actually.
<iBaer> I can access the server via OpenSSH just fine from outside the home, but I can not access the samba
<fishscene> Sounds like a DNS/IP routing issue
<fishscene> Exposing your samba server to the Internet is not advised.
<iBaer> When I'm at home, behind the router, all I have to do is open Windows explorer and the Server box is listed with the samba shares available
<matoc> iBaer: I think what was meant about using SSH was that it is used instead (with SSHFS perhaps?) or SMB.
<fishscene> iBaer: Have you tried connecting to your samba server over OpenSSH by going to (Windows) start > run > \\(ipaddress of your samba server)
<matoc> fishscene: how are you establishing the OpenSSH session in windows first? Does Putty do this?
<iBaer> Fishscene: I've tried the \\IP thing, doesnt seem to work
<fishscene> wait. I'm an airhead. I was reading openssh as openvpn. I'll shutup now :P
<iBaer> I use Putty to connect through SSH
<matoc> that's because SMB would need to be piped over SSH first, which I've never done.
<iBaer> OpenVPN, I havent tried that, is that trouble to setup
<iBaer> any tutorials site for it?
<patdk-lap> thousands
<patdk-lap> piping smb over ssh? is that possible?
<matoc> I believe the official ubuntu wiki serverguide has a tutorial
<iBaer> Yes, but are those thousands aimed towards newbies
<patdk-lap> ibear, atleast 98% of them are
<fishscene> patdk-lap: Only if you pipe openvpn over your SSH connection, which begs the question again, is that possible?
<patdk-lap> I can never find ones doing strange things like I do with it
<patdk-lap> fishscene, sure
<patdk-lap> but I was thinking of ppp over ssh, since poeple love that
<fishscene> ah
<iBaer> okay now im getting lost with all this piping, ppp, ssh, qqq stuff
<qman__> running samba over the internet is unlikely to work and ill-advised
<iBaer> Will OpenVPN allow me to access the samba shares?
<qman__> most ISPs block it
<patdk-lap> openvpn lets you access networks
<patdk-lap> samba runs on networks
<qman__> yes, openvpn will allow access to samba
<patdk-lap> therefor, openvpn lets you access samba :)
<fishscene> VPN = virtual private networking (It's as if you're physically plugged in to your remote network)
<patdk-lap> and here I thought it was virtual public networking
<iBaer> I can access my samba shares via FTP too, but inorder to use the files, the have to be downloaded to the computer I'm accessing the server from.
<iBaer> OpenVPN doesn work the same way does it?
<iBaer> ?
<matoc> SMB over SSH: http://www.blisstonia.com/eolson/notes/smboverssh.php
<matoc> I wonder if "ssh -D 445 myserver.com" would work...
<iBaer> OKay, well thank you everyone for the suggestions. I'm going to go research all this now.
<iBaer> Oh, wait, one last question sorry. I have a dynamic IP, using OpenVPN require the use of ddclient to set a staticip/or domain address?
<patdk-lap> depends on how you do i
<patdk-lap> it
<patdk-lap> but probably yes
<patdk-lap> I personally run it at a colo, and my home system vpn's into the colo, so not needed
<iBaer> OpenVPN is a paid service?
<matoc> there is a community version
<patdk-lap> if you want to pay them, sure
<fishscene> ok. This e-mail stuff isn't working out very well.
<fishscene> I need a simple email server that can bounce messages to gmail.
#ubuntu-server 2011-12-30
<iBaer>   So this OpenVPN seems pretty difficult - When reading 1 article, mid way through, it directs me to do something with requires more research, which then that research directs me else where
<fishscene> I never did get openVPN working, but that was a few years ago.
<iBaer> so far I've gone from OpenVPN, to Bridge VPN ...
<fishscene> I haven't bothered since as I've found other ways (like SSH) which are far easier for me.
<matoc> maybe you guys need to try ebox or something...
<matoc> or webmin...
<iBaer> Like i mentioned, I can access my home server via SSH through putty on client machine.
<iBaer> but that doesnt give access the the samba share or file
<matoc> iBaer: did you follow the SMB over SSH guide I posted earlier?
<iBaer> and with all the garbage on the internet its becoming more and more difficult to find useful informtion
<iBaer> Matoc: Im sorry, i must have missed that
<HaltingState> help; during installation, it hit enter at the screen "install common servers" and did not select lamp/ssh; is there a tool i can run to have those installed or do i have to redo installation or
<KoolaidJunkie> use sudo apt-get install lamp
<iBaer> should run apt-get update
<iBaer> and apt-get upgrade
<iBaer> first
<HaltingState> thanks
<KoolaidJunkie> np
<KoolaidJunkie> SSH would be sudo apt-get install openssh
<matoc> HaltingState: I usually use sudo tasksel
<KoolaidJunkie> or that
<HaltingState> matoc, thx; exactly what i was looking for
<HaltingState> what is the command line gui app for configuring network with dhcp
<matoc> HaltingState: "dhclient eht0" but you need to set it in /etc/network/interface for it to stick after reboot
<japr> hello everyone, does anyone know how to remedy this dhcpd error "unable to add reverse map from 103.2.168.192.in-addr.arpa to X.juanito.home.net: timed out"
<japr> I've tried without success the solutions listed here: http://www.linuxquestions.org/questions/showthread.php?p=4560802#post4560802
<japr> Basically added ddns-rev-domainname "2.168.192.in-addr.arpa" to my dhcpd.conf file but no luck. Thanks
<needhelp1> how do i install a gui on ubuntu server?
<needhelp1> im trying sudo apt-get install ubuntu-desktop
<needhelp1> but i get "E: Couldn't find the package ubuntu-desktop
<needhelp1> anyone up
<koolhead11> !server-gui
<koolhead11> !servergui
<ubottu> Ubuntu server does not install a desktop environment or X11 by default in order to enhance security, efficiency and performance.  !eBox provides a GUI system management option via a web interface.  See https://help.ubuntu.com/community/ServerGUI for more background and options.
<koolhead11> needhelp1: hope this helps!! :)
<needhelp1> koolhead11, shouldnt i be able to run sudo apt-get update and sudo apt-get install ubuntu-desktop
<needhelp1> without error?
<_ruben> why not just (re)install using the ubuntu desktop cd instead of server, as you seem to want to turn it into a desktop anyway?
<magicblaze007> any apache gurus here? Does anyone know how to point http://myapp.example.com to http://localhost:8012 when both these are known after the webserver has starteed, and i dont want to restart the webserver.
<skyion> Hi There, does anyone know if there is a ubuntu equivalent to http://en.opensuse.org/Portal:KIWI that acts as an imaging system?
<_ruben> magicblaze007: edit config and reload instead of restart apache?
<danthemannn> hi
<danthemannn> despite changing the time zone on the server, the time stamps in var/messages are still wrong
<danthemannn> any idea?
<danthemannn> if i type date, it shows correct time
<_ruben> did you restart your syslog daemon after the TZ change?
<S0ME1> anyone able to help me with Cobbler?
<thesheff17> is it possible to have KVM pass through CPU virtualization to the guest OS?
<_ruben> rather doubt that
<thesheff17> it just for testing
<thesheff17> basically need to test windows 2008 hyper V crap
<thesheff17> and I don't have an extra machine
<thesheff17> I actually have seen an amazon EC2 instance running KVM so I know it is possible...but maybe it is just a feature of xen.
<uksysadmin> thesheff17, you need to have an amd chip to do nested virtualization
<uksysadmin> not sure if kvm specifically supports it - but you also need the underlying hardware to support it first
<thesheff17> uksysadmin, ah cool
<thesheff17> of course I have a ton of Intel chips :-/
<thesheff17> actually I do have some AMD servers with Ubuntu...I will have to test it. Thanks.
<patdk-wk> heh? all intel chips that do VT support it
<patdk-wk> pretty sure amd does also, but not so sure about them
<patdk-wk> the issue is, how the vm software was made, it has to be adjusted to do that
<uksysadmin> patdk-wk, its not VT, its nested virtualization support under Linux.  AMD yes, Intel, not yet.
<patdk-wk> that isn't the fault of the hardware though
<patdk-wk> intel has always supported 3 or was it 4 rings
<uksysadmin> nobody said it was - its kernel support
<codeflux> need some help setting up users for vsftpd..anyone willing?
<codeflux> when i connect to ftp (vsftpd) i can login and all but when I try ls my connection times out..any ideas?
<patdk-wk> your messed up the data connection for ftp
<pythonirc101> I would like to let any openid user open a ssh  tunnel thru my machine.  Can anyone point me to what I should read for this? or how I can do this?
<andol> pythonirc101: May I ask why on earth you feel it is a good idea to allow any random Internet user tunnel thru your machine?
<patdk-wk> how else can I safely get my ****?
<pythonirc101> andol: I don't see any other way out -- I need to let my users run webservers and point to them using my server
<cwillu_at_work> pythonirc101, what is it you're actually trying to accomplish?
<cwillu_at_work> pythonirc101, because judging from the questions you've asked here and in #python over the last few days, you seem to be trying to solve some problem, but you haven't told anyone what it is yet
<iggi_> I'm having some trouble resizing an Ubuntu-Server LVM, I resized the partition and it is in fact bigger, but when I run pvresize I get that the physical volume changed, but when I run pvdisplay it still shows that it is the original (non-expanded) size.
<iggi_> I should clarify I'm using gparted live CD to expand the LVM, latest version. and the machine is a Ubuntu 10.04 LTS machine.
<matoc> I've never had much luck with gparted. Never seemed to do what it advertised... I would use the command line to do what you're trying.
<iggi_> I am using the command line, gparted just happens to be the only live cd I have on hand without downloading another iso
<cwillu_at_work> ah, gparted as in the livecd, not the program
<iggi_> yeah since gparted does not allow you to mess with LVM's directly. The only thing I used gparted for was to expand the extended partition.
<iggi_> or at least on the version included in the live cd
<eagles0513875_> hey guys
<eagles0513875_> anyone a squirrelmail pro here
<mgw> hi, cobbler question
<mgw> where is the pxe boot file specified?
<mgw> "filename": "gpxe/menu.gpxe" is in the json, but I can't find an option to set it
<eagles0513875_> anyone in here worked with squirrelmail as I am having issues with it running on my webserver and loading the login screen for some reason
<RoyK> anyone that knows good slideshow software? I want to show a few pics to music with variable delay between the pics, preferably exportable to some movie format
<matoc> RoyK: you may want to ask this question on the ubundu-desktop channel.
<uvirtbot> New bug: #909941 in keystone "keystone package needs sqlalchemy-migrate dependency" [Undecided,New] https://launchpad.net/bugs/909941
<uvirtbot> New bug: #910098 in ubuntu (main) "Ubuntu 11.10 cannot create a network share on a drive that needs to be mounted" [Undecided,New] https://launchpad.net/bugs/910098
<RoyK> matoc: I do..
<Resistance> anyone know how I can manually map a sector on a drive as bad?  an individual sector, not a partition.
<Resistance> i have the sector number from the kernel yelling about I/O errors on a sector
<matoc> RoyK: I would recommend going straight to a movie editor and making a movie. Maybe try PiTiVi or Kdenlive...
<matoc> Resistance: I've often found that it's a good practice to replace a drive with bad sectors on a server. I've seen it before where just a few bad sectors became a lot of bad sectors very quickly. Other than that, I don't know how to do what you're asking.
<Resistance> matoc:  this isnt necessarily for a server, but if it were on my server, i'd have swapped out the bad drive (because the RAID array would be degraded)
<matoc> can you not just run fsck and let it automatically find and mark the bad sectors?
<Resistance> if you give me the fsck command to run, sure... lemme find my liveusb though so i'm not running on the active partition ;P
<matoc> what is the filesystem type? ext_, xfs?
<Resistance> matoc:  ext4
<Resistance> the system i'm running this on isnt the RAID array ;P
<Resistance> matoc:  i'm going to reboot, but my ZNC will log the messages you send me :)
<matoc> I think this should work: fsck.ext4 -p /dev/sdX
<Resistance> oh... i remember this issue i'm having now
<Resistance> damn it, the liveusb is mounting things
<matoc> "umount" them once it's booted.
<Resistance> system's returning them as "not mounted"
<Resistance> still wont let me run
<Resistance> i've seen this before
<Resistance> i think i ended up hooking the drive up via USB to another system to make this work
<matoc> why not run repair mode from the alternate CD or something?
 * Resistance grumbles
<Resistance> matoc, i am running a smart self-test via disk utility in the liveusb
<Resistance> hopefully all goes well
<matoc> I'm not sure that a SMART test will actually "fix" the problem... It usually just tells you if there's a problem or not.
<Resistance> well if there is a problem it'll find it, considering its reporting 0 bad sectors as it is
<Resistance> grrr
<Resistance> its automounting /cdrom
<Resistance> that's a problem
<matoc> weird. what live-cd(USB) are you running?
<Resistance> matoc, natty, same as the system is running
<matoc> Rsistence: in this the server or desktop edition?
<Resistance> this is running off of desktop edition, but the answer i got in #ubuntu was "We don't know"
<Resistance> ah, wait a second, there...
<matoc> I would be using the alternate or server ISO and booting up in rescue mode. That way nothing on your system get mounted unless you manually tell it to.
<Resistance> yeah its not mounting anymore
<matoc> you do have to be a little familiar with the command line though.
 * Resistance fixed that by removing the hot-swappable CDROM
<Resistance> matoc, found an fsck.ext4 flag which tells it to use badblocks to check
<Resistance> readonly scan for bad blocks
<matoc> well there you go :)
<Resistance> it'll update the bad blocks inode of which blocks are bad...
 * Resistance should just read the manpages :P
<Resistance> i'll just let this run :P
#ubuntu-server 2011-12-31
<mgw> is there a way to instruct the installer (from a preseed file) to immediately expire the password?
<mgw> that is, require a change on first login
<matoc> mgw: you could set up a custom command in you preseed: http://d-i.alioth.debian.org/manual/en.i386/apbs05.html#preseed-hooks
<matoc> mgw: usermod -p ââ foo
<matoc>  chage -d 0 foo
<mgw> matoc: thank you
<bitmonk> anyone have a working policy-rc.d script? i tried the base example to just return 101, as if in a chroot, but services are still autostarted when their package is installed.  concrete, recent docs seem a bit of vapor here.
<matoc> bitmonk: did you make sure to "chmod 755 /usr/sbin/policy-rc.d" ?
<matoc> Just having the following in the policy-rc.d file has worked for me in the past:
<matoc> #!/bin/sh
<matoc> exit 101
<bitmonk> i'm not sure it was in /usr/sbin, i think i put it in /usr/bin, hm.. it's been a while since i tried, i can give it another shot. :)
<Resistance> whoo...
<Resistance> matoc is a useful person...
 * Resistance fixed the issues :)
<AlexForce22> hello
<AlexForce22> anyone got a min for question
<pythonirc101> is there a way to allow a user to open a ssh tunnel to my box, but not allowed regular login?
<MTecknology> virt-manager doesn't want to respect my keyboard layout. :(   There's no option for a dvorak layout either. I have to use a chart of a qwerty board to figure out what keys to push....
<MTecknology> I tried to create a keymap, but that doesn't seem to have any effect
<MTecknology> Any ideas how I could get it to work?
<JoshuaP> I'm about to do a server reboot and will be right back. :)
<JoshuaP> I AMSG'D
<myjimmyweb> hello?
<Resistance> ohai
<arrrghhh> myjimmyweb, hi.  if you have a question, feel free to ask.
<myjimmyweb> cool coo! : )
<myjimmyweb> i'm trying to set up my host dns server
<arrrghhh> for a local area network i assume?
<myjimmyweb> but i'm on a residential account that blocks port 80
<arrrghhh> er
<Resistance> myjimmyweb:  DNS doesnt run on port 80...?
<myjimmyweb> well, i'd like to get this set up and ready to run on a business line
<arrrghhh> dns isn't 80, and that shouldn't matter for WAN
<myjimmyweb> DNS on port 53
<myjimmyweb> which my isp does not block
<arrrghhh> yea why would you worry about DNS over the WAN tho
<arrrghhh> sounds like you want to setup a websit?
<arrrghhh> website*
<myjimmyweb> well, my host machine has several guest instances of ubuntu server
<myjimmyweb> i do want a website
<arrrghhh> honestly it would be more efficient for you to pay for a hosted solution...
<arrrghhh> but we can still help you get it setup
<myjimmyweb> i want example.com to be hosted on the host machine
<arrrghhh> just sayin, cost vs benefit
<myjimmyweb> and then each VM server to be client.example.com
<arrrghhh> you've paid for example.com?
<myjimmyweb> haha, no
<arrrghhh> well
<myjimmyweb> well, yes, it's a dif name but i have it
<arrrghhh> you know what i mean
<myjimmyweb> yes
<arrrghhh> whatever the example is lol
<myjimmyweb> lol, yeah
<arrrghhh> you've paid for it, it's yours
<myjimmyweb> yup
<arrrghhh> you have a static IP from your provider/ISP?
<myjimmyweb> no, it's dynamic
<myjimmyweb> that's thething
<arrrghhh> well
<arrrghhh> dyndns
<myjimmyweb> i got an account with custom dns routing
<arrrghhh> hrm
<myjimmyweb> and route it to an alternate port
<myjimmyweb> wait, no
<arrrghhh> well
<arrrghhh> customers won't be able to use it if 80 is blocked
<arrrghhh> you're going to need to talk to your ISP or host it elsewhere
<myjimmyweb> yeah, i can access it from a dif port that i forward to port 80 on the host machine
<arrrghhh> seriously, even if you've already purchased the domain name it'll be cheaper in the long run to just pay a vps or something to host the actual site.
<myjimmyweb> my main question is if i can get the subdomins working with my BIND server on the host machine, routing each clientx.example.com
<arrrghhh> oh
<arrrghhh> that's local
<arrrghhh> and i used dnsmasq when i set that up cuz i was lazy...
<arrrghhh> i could just point you and some bind docs, which i assume you've read.
<myjimmyweb> the reason i want to host it is it's not just a website, it's kind of a media cloud portal so i need local access to it to upload 100s of gigs of vides/music
<myjimmyweb> yes
<arrrghhh> heh
<myjimmyweb> so like, i made a new master zone
<myjimmyweb> demo.example.com
<arrrghhh> and you're trying to do this on an ISP that blocks port 80...
<myjimmyweb> yes
<myjimmyweb> well, I'll be moving it to a business line soon
<arrrghhh> cool
<myjimmyweb> but I can't justify paying for one at the moment
<myjimmyweb> so i wanted to get it running to some extent on my residential account, then move it over
<arrrghhh> yea
<arrrghhh> you can just change the port on apache
<arrrghhh> or wherever you forward it.  i do it on my router.
<myjimmyweb> i get that.... and i know how to
<arrrghhh> k
<myjimmyweb> but idk how to implement the subdomains running on different apache servers
<myjimmyweb> like, example.com is the host server
<myjimmyweb> and clientx.example.com is running on as a guest on example.com
<arrrghhh> have you seen this?
<arrrghhh> http://content.websitegear.com/article/subdomain_setup.htm
<myjimmyweb> yes
<myjimmyweb> and i think i'm close
<arrrghhh> k
<arrrghhh> so what's not working
<myjimmyweb> so what i've done is set up the hostname following the howtoforge perfect server ubuntu 11.10
<myjimmyweb> on the guest machine
<arrrghhh> heh
<arrrghhh> ok
<subman> I am having trouble getting webmin to work over the internet.  I can access it from within my LAN, but not from outside.  The port is open on my router.  FTP  and SSH services work from from both LAN and WAN
<myjimmyweb> and on the host BIND server i set up the zone clientx.example.com pointing to the internal server address of the guest machine
<arrrghhh> subman, have you tried nmapping the port over the WAN?
<arrrghhh> you're not trying this locally, to your external 'site' address are you?
<arrrghhh> myjimmyweb, ok
<myjimmyweb> yeah?
<myjimmyweb> so do i really just need to change the virtual server address of clienx.example.com to that address?
<myjimmyweb> according to that link you sent me
<arrrghhh> myjimmyweb, i'm missing something.  what's not working
<myjimmyweb> i can't access the subdomains
<myjimmyweb> like, if i go to example.com:myport
<myjimmyweb> it works
<myjimmyweb> but i can't go to clientx.example.com:myport
<arrrghhh> externally or internally
<myjimmyweb> well, both i guess
<arrrghhh> lol
<arrrghhh> might want to make this all work on the LAN
<arrrghhh> then worry about the WAN
<myjimmyweb> yeah
<myjimmyweb> that would be nice
<arrrghhh> start small, work bigger.
<arrrghhh> but what you're doing is over mah head.  plus i have to go.  sorry... good luck.
<myjimmyweb> cool
<myjimmyweb> thanks tho
<subman> hmmm, using nmap to check for open ports, and 10000 does not show up.  The other ports that should be open do show up.
<Resistance> 10000 is probably eithier closed at the firewall, closed at NAT, or not used
<Resistance> if i remember right, webmin does not autobind to 0.0.0.0:10000
<Resistance> (aka the internet)
<Resistance> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<Resistance> ^ and that, btw
<uvirtbot> Resistance: Error: "and" is not a valid command.
<subman> Resistance, what is a supported alternative?
<subman> Resistance, it works great from within my LAN
<Resistance> subman:  i assume you're behind a NAT then?
<subman> Resistance, I am behind my router
<Resistance> then that's a yse
<Resistance> yes*
<Resistance> when I say NAT, I mean routers
<Resistance> the issue with NATs...
<Resistance> is that they hide all ports that are open...
<Resistance> in a sense, they have their own firewall
<Resistance> you need to go into the router's settings and portforward port 10000 at the router to port 10000 at your machine
<Resistance> but i still do not recommend webmin
<Resistance> i'm not sure there *is* a supported alternative...
<Resistance> lemme check
<subman> Resistance, thanks.  I have forwarded port 10000 to the machine.  I did the same with FTP/SSH/http and they work fine over WAN
<subman> Ah, this might be an ISP problem with blocking ports....at least that is what my research is pointing to.
<iBaer>  
<root> .
<subman> So, any supported alternatives to webmin?
<subman> I don't find any in the software manager
<matoc> subman: I think ebox was support and thought to be the alternative for a while. No idea if that's still the case.
<subman> matoc, found it, thanks!
<Resistance> is there any good alternative to webmin?
<Resistance> ebox perhaps, but anything else?
<hidensoft> i can't connect to my server via ssh , i don't see any prompt about password and i got no error , any idea what happened ?
<matoc> hidensoft: what's the error?
<matoc> hidensoft: sorry, missread that. Do you know if the port is open?
<hidensoft> matoc: http://paste.sternix.net/6
<matoc> hidensoft: I've seen issues with SSHD not letting you connect if it can't resolve the IP (reverse DNS). It can be turned of in the config file.
<matoc> *off
<hidensoft> matoc: where is the config file ?
<matoc> hidensoft: /etc/ssh/sshd_config
<hidensoft> matoc: so how i can change config file while i can't use ssh ?
<matoc> hidensoft: the config is needs to be added to the file, I'll look it up for you...
<matoc> hidensoft: you don't have some sort of consol access?
<hidensoft> matoc: no :(
<amstan> hello, i would like some help with smartctl, i'm trying to debug this one bad sector
<amstan> for my reallocated_sector_ct i have a raw value of "27 (0, 15)"
<amstan> what does it mean?
<hidensoft> i think its impossible :( shit
<matoc> hidensoft: are all the other services accessible? I suppose you've tried a reboot...
<amstan> what's with the numbers in the brackets and what's the max sectors i can reallocate
<matoc> hidensoft: does your ISP provide KVMoIP
<hidensoft> matoc: currently i have not access to server management panel , did you think its can be ok with reboot ?
<hidensoft> matoc: i don't know about KVMoIP
<matoc> it might reset the service.
<hidensoft> hm
<KoolaidJunkie> Can someone help me with OpenVPN? When I try to connect from client to server OpenVPN on client machine says connection failed
<KoolaidJunkie> http://screensnapr.com/v/3CetJQ.png
<KoolaidJunkie> Okay, nevermind - stupid spellin error
<KoolaidJunkie> Now it says "Sat Dec 31 17:37:39 2011 Need hold release from management interface, waiting..." and has been so for several min
<KoolaidJunkie> Okay, resolved that..
<KoolaidJunkie> Now I had intended on using OpenVPN so I could access my Samba Shares (OpenVPN is suppose to make it so that the client thinks its part of the network that has the Server Running Samba) but I'm unable to see Samaba Shares
#ubuntu-server 2012-01-01
<aarcane> so I'm running a few different OS' in a virsh/kvm+qemu virtual machine, and using virt-manager, I see some fields that I believe should NOT be empty, but they are for some reason.  Namely, the Overview page doesn't tell me the hostname or product name, nor does it list the application versions.  Is there somethng I need to do to enable this information, or is it simply not functional yet ?
<osmosis> Im having difficulty understanding how encrypted home dirs work. The process is so transparent, so I have no idea what its doing.
<pukeko> howdy
<pukeko> i scp -r -p /folder/ host:/folder and it appeared that the ownership was preserved ( until i rebooted !! ) there was a lot of data with different users and groups ....
<pukeko> question: can i fix this with rsync ?
<pukeko> by "fix" i mean use rsync to restore the original ownership permissions
<freenodiz> hi
<freenodiz> settingup a lucid here :)
<pukeko> it looks like rsync -av sorted it
<freenodiz> hey!any guide up to date installing rvm single user to lucid?
<freenodiz> nvm
<freenodiz> got it
<pukeko> whats nvm ?
<freenodiz> never mind
<freenodiz> pukeko
 * pukeko does mind googles and discovers node
<pukeko> : )
<uvirtbot> New bug: #910525 in samba (main) "Smbd crash" [Undecided,New] https://launchpad.net/bugs/910525
<uvirtbot> New bug: #910563 in munin (main) "munin amavis: Malformed configuration line in munin amavis file" [Undecided,New] https://launchpad.net/bugs/910563
<uvirtbot> New bug: #910566 in munin (main) "munin does not depend on libcache-cache-perl" [Undecided,New] https://launchpad.net/bugs/910566
<sirushti> So i've been following this tutorial http://cloud.ubuntu.com/2011/09/oneiric-server-deploy-server-fleets-p1/ and id like to know why they two NIC's on the virtual machine..if i'd have to do it on a physical machine..would i need two NIC's there or is there a possible workaround?
<sirushti> :)
<uvirtbot> New bug: #910579 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/910579
<pangolin> Does ubuntu server have root enabled default?
<strickly> no I dont think, you go with sudo first
<pangolin> ok thank you.
<arrrghhh> i think you can sudo su or smth
<arrrghhh> but yea, sudo every command you want run as root.  minor inconvenience IMHO.
<freenodiz> are you guys using this cookbooks in production? http://community.opscode.com/cookbooks
<freenodiz> #chef
<KoolaidJunkie> Hello Everyone.
<KoolaidJunkie> Is there someone that could help me with a Samba Issue?
<KoolaidJunkie> I changed my samba password via the serverbox, but its not requiring users from windows to enter the new password
<matoc> KoolaidJunkie: what do you mean by "serverbox"
<KoolaidJunkie> sorry that just what I call the pc running ubuntu server
<KoolaidJunkie> im trying to map the Samba user to the Windows User, but I'm not having any luck
<KoolaidJunkie> and the only instructions/tutorial I can find are explaining how to do it through a GUI Interface
<matoc> KoolaidJunkie: are you using some form of centralized authentication server (AD, LDAP)?
<matoc> or are they just local windows accounts?
<KoolaidJunkie> Just local windows accounts. One machine runs Vista, and 2 have Win7
<KoolaidJunkie> I'm trying to map a Samba user to the user on the Vista machine, and then allow that user Read Only
<matoc> KoolaidJunkie: have you restarted the smbd and nmdb? this should close existing connections
<KoolaidJunkie> Yes, i ran "Restart smbd" and "Restart nmbd"
<KoolaidJunkie> I had to restart the Vista machine for it to close out the connection and request the new password
<matoc> KoolaidJunkie: Ok. So the you've created an account on the Samba machine that has the same username and password as the account Windows comptuer? Correct?
<KoolaidJunkie> No, the original account connect to the Samba Share was my root account, thats why I changed the password.
<KoolaidJunkie> I have not created a new Samba user, outside the admin group, which I'm trying to map to the Windows user
<KoolaidJunkie> Does the Samba username have to match username as the Windows user?
<KoolaidJunkie> I have now*
<matoc> no. Windows should store the username in the profile once you connect the first time and hit the remember password button.
<matoc> *and password.
<KoolaidJunkie> Okay, so I dont have to  map the Samba user and windows users?
<KoolaidJunkie> I can just use any samba user on any windows machine?
<matoc> yes
<KoolaidJunkie> Okay, well that makes things a lot easier, thank you
<matoc> No problem.
<KoolaidJunkie> am I correct that "read list = username" will only give that user read access?
<matoc> I should. But it might depend on the rest of your configuration.
<matoc> you need to make sure that user also read access on the file level permissions.
<matoc> among other things...
<matoc> I think of network shares with 2 levels of access: SMB, you grant access to view the share, and file permissions, you grant access to view the contents of that share.
<KoolaidJunkie> I set "write list = @sysadmin" "browseable = yes"   - and now the user is unable to write to that share
<matoc> Is this a problem? is "the user" part of the sysadmin group?
<KoolaidJunkie> No problem, user is not part of the sysadmin group, just as intended.
<KoolaidJunkie> I don't want the user to have write access
<KoolaidJunkie> Thank you for your help
<uvirtbot> New bug: #910666 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/910666
<uvirtbot> New bug: #910668 in clamav (main) "RTL8192 driver  hangs system" [Undecided,New] https://launchpad.net/bugs/910668
#ubuntu-server 2012-12-24
<lvmer> I guess I'd perfer it to be in a volume group and lv0 so I don't have to split upfiles so much on the share
<lvmer> I'm trying to formate a 3TB HD ->  $ parted /dev/sdb     mklabel gpt     mkpart primary  [start]  [end]
<lvmer> What should I use for the [start] and [end] values to make sure everything is aligned?
<lvmer> is there an easy way to partition and format a bunch of disks at once? ie: sd[b,c,d,e,f,g,h,i] ?
<akerok_> Hello everyone.
<akerok_> I need some help with my server.
<yeats> akerok_: just ask and someone may be able to help
<akerok_> All right.  I have a Ubuntu 12.04 server running right now.    My friend and I are trying to get it to allow her to remote desktop login to  the account I have on the server for her.  I have the open ssh server running on it right now, but it still will not allow her to access it from her computer running windows.  How can I get it to allow her to access it?
<QnD> hey all
<yeats> akerok_: how is she trying to access it?  what program and what command?
<QnD> I installed ubuntu 12.04.1 Server and I need a head on it for eclipse and such..... tried aptitude install gnome and it screwed up all of my services like apache and such
<QnD> any ideas on how to add a head to ubuntu server without any impact to services
<akerok_> She is trying to use windows remote desktop software.  I have her trying to use the static ip address of my comptuter (we are on the same network).  Also, there seems to be a problem with the "/var/lib/dpkg/lock" directory.
<yeats> QnD: can you provide details about why you believe installing gnome affected services?
<yeats> akerok_: okay - that would be a separate issue (dpkg).  I would recommend she use PuTTY
<akerok_> We are trying that one as well.  It's saying it cannot find the server.
<yeats> akerok_: it may be a windows firewall issue (obviously beyond the topic here) - have you verified that ssh can get out?
<akerok_> To be honest, I don't know how to do that.
<akerok_> I don't remember.
<QnD> well when aptitude gave me output several services such as apache2 was listed under REMOVE:
<akerok_> The Windows firewall is off.
<yeats> akerok_: you might need to ask in ##windows about why that's not working... what's the dpkg/apt problem?
<QnD> any ideas on why it would attempt to impact services ? during the install I noticed it stopped and started the apache2 service
<akerok_> It tells me that the directory is unreachable, and asks if another program is using it.
<akerok_> My friend has joined this IRC channel now.
<yeats> QnD: because there must be conflicting dependencies between gnome and what you already had installed
<QnD> @yeats is there a way of adding some sort of head to server.  i just need it for some dev stuff and such
<yeats> akerok_: there might be another package manager program open?
<yeats> akerok_: you could try 'lsof | grep dpkg'?
<akerok_> I will try that.  One sec.
<akerok_> I just rebooted the server.  It didn't give me the problem again.
<yeats> QnD: no way to use another station for that?
<yeats> QnD: LXDE would be the lightest desktop if you decide one is necessary
<QnD> nah I only have one box for both
<QnD> will LXDE impact my services
<yeats> QnD: no idea
<QnD> install complete and booted...   trying now
<QnD> BTW thanks for your help
<yeats> QnD: sure
<lvmer> I am having trouble aligning the primary partition on a 3TB HDD [sdb]. I receive the error: Partition 1 does not start on physical sector boundary. How can I make sure it lines up correctly? It is important because these disks will be used in an important RAID 10 Array. Thanks.
<ikonia> lvmer: what tool are you using ?
<lvmer> parted, because fdisk doesn't do >2.2TB
<ikonia> perfect
<ikonia> just checking, good call
<lvmer> I ran parted -a optimize /dev/sdb
<lvmer> but I still get the error
<QnD> @yeats what packages should i install from lxde.  I did a search and lxde, lxde-common .... came up.   also do I need anything else installed like Xwindows framework or stuff along those lines
<yeats> QnD: lxde-core is the lightest, but lxde is not much more
<yeats> QnD: this is a very useful page: http://wiki.lxde.org/en/Ubuntu
<QnD> just install lxde-metapackage and let aptitude figure out the dependancies
<yeats> QnD: just watch that apt doesn't try to remove anything you're using
<QnD> im not too woried about size.... just like you just said... it is the services im worried about...
<QnD> it looks like nothing is scheduled for removal
<yeats> QnD: good
<QnD> will most apps like eclipse run on lxde ?
<yeats> QnD: you'll need java for eclipse, but yes
<QnD> hmmm transmission (torrent engine) would be nice on a linux tcp stack :)
<QnD> pulled the trigger ! installing :)
<QnD> @yeats how do I start it.  no lxde file in /etc.init.d and "service" doesnt recognize it
<yeats> QnD: see the wiki link I shared above
<QnD> k
<QnD> could not open display :(  rebooting
<QnD> trying aptitude install ldxe.... seems to have xorg stuff.  probably easier to tweek
<Saronasilverwolf> Hi, I'm working with akerok_ on here. We were able to get to where it asks for my password using ssh, but it keeps saying access denied.
<QnD> @yeats unable to open display... any ideas...  internet docs seem ambiguous
<QnD> got it so far... had to install xinit and go through startx
<mike024> Hello. I am creating a homelab/bunch of services for my personal use. Because AD is ubiquitous, I want to use it. What is the best way to implement single sign on on all of my ubuntu/linux servers and desktops that I have set up? Should I use an OpenLDAP server as a 'go-between' or do something else? This will be a mostly Linux set up, but there will be Windows clients(another reason for using AD)
<highvoltage> mike024: check out SSSD
<highvoltage> mike024: it does almost everything for you. if you look up the edubuntu-devel mailing list on lists.ubuntu.com, there's an email not to long ago that basically outlines how to configure sssd (it has a man page too)
<akerok_> We were able to get SSH server to allow me to connect using my compters terminal remotely to our server, but she cannot connect using SSH on her computer.  We cannot figure out why it will not allow any other computer to connect to the server.  The server is running as a VM on my computer.
<ikonia> akerok_: probably a route
<akerok_> I honestly don't know how to fix this issue.
<mike024> highvoltage: neato. Looks very useful. Thanks for another way to solve the problem to look into!
<mike024> akerok_ Saronasilverwolf: You get the login prompt? It asks for your password?
<akerok_> Yes.
<Saronasilverwolf> yes it does
<akerok_> There are 2 user accounts on the server.  Mine and hers.  Both have passwords.
<mike024> Are you sure the username and password is correct? can her account log in locally?
<akerok_> I can log into her account directly on the server.
<akerok_> It's Ubuntu server 12.04
<mike024> can you pastebin your sshd.config?
<akerok_> I might be able to.  The server is running as a VM on my computer.
<mike024> Please do. The configuration of the machine/vm you're trying to log into is important. :)
<akerok_> All right.  I'll try.
<mike024> You sound like you don't know exactly how to do it. There are a couple easy ways. change ssh in your commandline to log in to sftp and then type get /etc/ssh/sshd_config
<mike024> or just ssh in and cat it then copy and paste
<pmatulis> start by looking at your server's logs (auth.log)
<QnD> @yeats all successful so far.  once I installed lxde i installed xinit then firefox,transmission,  and now going to try to create my dev environment with rclipse....  Thanks for all of your help.  will post any problems for FYI purposes.  have a good night !
<QnD> lightweight head on server accomplished !  a bit of a conflict of interest but needed :)
<akerok_>  Are you saying to try to log into the server using sftp?
<mike024> I'm saying for you to get the sshd_config, you could use sftp
<akerok_> Oh, ok.
<akerok_> Do you want me to copy and paste the doc info in here, or share the file?
<mike024> http://pastebin.com/
<akerok_> http://pastebin.com/9cgzrWCv
<mike024> everything looks fine. get the output of: cat /etc/passwd | grep USERNAME
<akerok_> AmandaClements,,,:/home/amandaclements:/bin/bash
<akerok_> amandaclements:x:1001:1001:AmandaClements,,,:/home/amandaclements:/bin/bash
<mike024> Saronasilverwolf: what is the command you put in to log in?
<Saronasilverwolf> ssh AmandaClements@192.168.1.18
<mike024> remove the capitals
<akerok_> 192.168.1.18 is the static ip
<mike024> ssh amandaclements@ip
<akerok_> It gave her access.  Thank you very much.
<mike024> yarp
<akerok_> Will that work the same with remote desktop?
<sesstreets> m trying to make a samba share follow a specific protocol. When a windows client maps the drive, I want them to be able to read files, execute files, and create new files but I do not want them to be able to delete either folders or files. Will this result in the client being able to open a file and then save a new copy?
<akerok_> nvm.  It did.
<mike024> that will work for ssh
<sesstreets> I know its an ACL setting but which one
<mike024> sesstreets: you are using extended acl's, right?
<sesstreets> I believe so
<mike024> sesstreets: you would know, you have to set that as a mount option
<sesstreets> Oh... yes I do remember it is using extedned acl's
<sesstreets> any clue?
<mike024> I don't have much knowledge of them. But it shouldn't be to hard looking through the man page or google :)
<sesstreets> I honestly have spent the last few weeks looking through both. I added a deny: delete, delete files and subfolders
<sesstreets> but that stopped read access
<mike024> can you add read?
<sesstreets> add read to what?
<mike024> and I think I meant extended attributes, not acl
<mike024> you added a deny. Can you add a allow: read
<sesstreets> hold on let me log on to my server
<sesstreets> Ok so, which order do i add it
<sesstreets> as in, do i do deny id = 0 or allow id = 0
<mike024> Try and see what happens. I don't pretend to have much knowledge in xattr, just a little linux/ubuntu experience
<sesstreets> I'm going to do deny first and allow second
<sesstreets> ok, so i can't delete.
<mike024> thats what you want, right?
<sesstreets> but now i can't write
<sesstreets> IE i've opened a word doc but i can't even save as
<mike024> can you create a file
<mike024> just a notepad file?
<sesstreets> nope
<mike024> so add a allow: create?
<sesstreets> thats already there
<mike024> also word is an interesting case(office as a whole actually) when you open it, it creates a ~myfile file as temporary, then when you save it deletes your myfile and renames your ~myfile to myfile. Think about the issues involved with that. You need rename, delete, and create permissions just to open and save an office file
<sesstreets> I've noticed that
<sesstreets> but if i'm opening a file as read only shouldn't it only be making a new one?
<sesstreets> thats what i want'
<sesstreets> there was a time when i would open a word doc and it would say "this is a read only copy"
<mike024> it would make the new file, but when you quit without saving it will delete that temporary file
<mike024> so you would need delete perms too
<sesstreets> ugh
<mike024> unless there is a newer way to open read only in a more recent office
<mike024> that I don't know about
<sesstreets> it lets you do that in 2010
<sesstreets> it happens when another user has the file open
<sesstreets> it says "this file is currently open by another user would you like to open as read only"
<sesstreets> maybe thast what i've been thinking of :/
<mike024> it probably sees that that ~myfile is there and then does that
<sesstreets> egh
<sesstreets> i think i'm gonna just have to redesign the system in some way
<mike024> So I have somewhat the same issue as you
<mike024> I don't want people to be able to delete my movies on my file server
<sesstreets> why would they delete it?
<mike024> users are idiots
<sesstreets> no i mean
<mike024> My solution: chattr -i all of the things everyonce in a while
<sesstreets> just make it read only not?
<sesstreets> what is chattr -i?
<mike024> makes things immutable(unchangeable)
<mike024> it is pretty neat
<mike024> basically has precedence over perms
<sesstreets> i wonder how this plays with word and friends
<sesstreets> wait
<mike024> word still wouldn't work
<sesstreets> don't you mean +i?
<mike024> but it forces files to be read only - no way to get around it
<mike024> i do mean +i good catch :)
<sesstreets> well... let me try
<mike024> word would probably open the files, but not be able to change them. So I think that would satisfy your need
<sesstreets> how are you applying it?
<sesstreets> file by file or
<sesstreets> can you do it recursilvy
<sesstreets> oh i see -R
<mike024> Always be careful with recursive things. :)
<sesstreets> no this wont work without doing it all the time constantly
<sesstreets> im thankful for the help but i think the only way to do this is to redesign the share structure so that people can only damage their own files
<sesstreets> its much easier to restore a singer user than 40 users
<sesstreets> but thanks
<uvirtbot`> New bug: #1093428 in php5 (main) "Cron job reports unable to load pdo_mysql.so" [Undecided,New] https://launchpad.net/bugs/1093428
<ejnahc> ì´ë¸ì ìë¬´ ì´ì  ìì´ ë§ì¸í¬ ëêµ´ íì¤ë¶
<uvirtbot`> New bug: #1070078 in autofs (main) "autofs does not work with directory after mount point" [Undecided,New] https://launchpad.net/bugs/1070078
<uvirtbot`> New bug: #1093473 in munin (main) "munin does not depend on libcgi-fast-perl" [Undecided,New] https://launchpad.net/bugs/1093473
<samba35> hi
<samba35> :p
<TheLordOfTime> geez, php5 takes AGES to build :/
<patdk-lap> like 15min
<TheLordOfTime> its been at it for at least 30 on the PPA builders...
<TheLordOfTime> eesh...
<TheLordOfTime> patdk-lap, took an hour and 30 minutes to build o.O
<koolhead17> Its already 25 Dec for me hence am wishing all my fellow server team folks happy Christmas :)
<lvmer> I seem to have forgotten the command to rmdir   for a directory that is not empty.   rmdir -R -ignore.....  /directory   does not work
<lvmer> ah found it:   rm -rf /directory    for anyone that has the problem in the future
<lvmer> 1 more question: I'm mounting a Raid10 logical volume in /etc/fstab. Should I set the dump to 0 or 1? Is there a purpose to this backing up option?
<lvmer> Am I invisible or does no one like my questions? :p
#ubuntu-server 2012-12-25
<elkingrey> Umm, my server appears to be operating very sluggishly. Can someone help me figure out if my server is thrashing
<wanfuse> hello ... i havent had much experience with bind in many years. I need to setup a dns server (external facing) for a couple web server entries. Anyone able to point me to a good doc on setting this up. I would like to make sure its secure.
<wanfuse> i have a seperate IP address (external) for pointing to the dns server
<wanfuse> hello ... i havent had much experience with bind in many years. I need to setup a dns server (external facing) for a couple web server entries. Anyone able to point me to a good doc on setting this up. I would like to make sure its secure. so if the directions contain setting it up in a chroot all the better
<TheLordOfTime> !bind
<TheLordOfTime> bleh
<TheLordOfTime> i assume this has some data then...
<TheLordOfTime> !dns
<ubottu> To set up a Domain Name Service see the !serverguide - https://help.ubuntu.com/12.04/serverguide/C/dns.html
<TheLordOfTime> not sure though
<TheLordOfTime> you may be looking for bind9 setupd docs.
<qman__> actually that just about covers it
<qman__> follow that guide first, then if you're still concerned, look for something on security tips and go from there
<qman__> but ubuntu sandboxes bind out of the box with apparmor, and has good defaults
<uvirtbot`> New bug: #1093647 in amavisd-new (main) "package amavisd-new-postfix 1:2.6.5-0ubuntu3.2 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/1093647
<Thorn> hello
<Thorn> my 10.04 server refused to boot, I booted with previous kernel and found no initrd for the latest kernel. is there a way to recreate it manually?
<aarcane> Merry Christmas and Happy Miscelaneous Other Holidays!
<petersaints> I have a server running Ubuntu 10.04 LTS with 4 disks in RAID5 using mdadm. I'd like to eventually upgrade it to 12.04, and of course I have backups for all important data. However I'm afraid that the upgrade may break the RAID and since this is a headless server that I don't have easy physical access to I'd just like to know if this kind of upgrade is USUALLY smooth or if it known to cause problems. I'm not looking for an
<petersaints> absolute answer just what is most common from your experience.
#ubuntu-server 2012-12-26
<uncledeath> Hi folks, I have a strange problem. I am upgrading my home server (Core2Duo E6600, 4GB DDR2, 2x 500GB SATA HDD). A few days ago I set it up with software raid and lvm and it worked fine until it started freezing on any IO related stuff. I have 0,1% CPU usage and loads greater than 10! If any disk operation occurs my system is inresponsive, it takes 5 minutes to log onto it.
<uncledeath>  I am reinstalling my system for the 10-th time and still no success. Now it is stuck on "setting mdadm"
<uncledeath> I can see that /proc/mdadm is showing resync
<uncledeath> and what is strange is the fact, that if resync is the only disk job it works fast (calculated 1 hour for 500GB) but as soon as any other disk operation is in progress resync goes down to 5Kb/s and other disk operations are also 5-10 K/s
<uncledeath> when that happens system is totally unresponsive, avarage load is more than 10 (core2duo) and cpu usage is less than 1%
<uncledeath> I tried ubuntu server 12.10 64b, 12.10 32b and 12.04 32b
<uncledeath> still the same
<uncledeath> At this point installer gets stuck at configuring mdadm for long time
<uncledeath> anyone?
<uncledeath> I limited my raid to 20G and as soon as resync is complete system works again but it isn't as fast as it used to be a few days ago
<railsraider> anyone using collectd?
<pmatulis> hmmm, http://paste.ubuntu.com/1467219/
<uncledeath> my ubuntu server installer takes forever at "configuring mdadm". CPU almost idle, system load very high and everything unresponsive. Any ideas?
<pmatulis> uncledeath: during bootup you mean?
<allSeeingEye> anyone here have the LPIC certs?
<allSeeingEye> anyone in here think having LPIC certs are helpful to have on your resume?
<pmatulis> allSeeingEye: certainly helpful, but by how much depends on the reader of the resume
<pmatulis> allSeeingEye: when i help hire, it demonstrates to me the candidate has an eagerness/motivation to actually go through the process.  so to me, it's less a technical and more a personal merit
<pmatulis> allSeeingEye: however, LPI3 is fairly technically-worthy i believe
<LuizAngioletti> how do I find out which package provided a certain file?
<TheLordOfTime> LuizAngioletti, sudo apt-get install apt-file
<TheLordOfTime> sudo apt-file update
<TheLordOfTime> apt-file search [file]
<LuizAngioletti> TheLordOfTime: Thanks
<TheLordOfTime> i think that's the full string of things.
<TheLordOfTime> at least ofr updating apt-file, and installing it
<TheLordOfTime> i rarely use apt-file so...
 * TheLordOfTime isn't 100% certain
<LuizAngioletti> TheLordOfTime: what do you use than?
<LuizAngioletti> dpkg
<LuizAngioletti> ?
<LuizAngioletti> *then
<pmatulis> looks good to me but no need to use sudo with 'apt-file update'.  i recommend a cron job for updating
<LuizAngioletti> I know that for rpm packages there is some rpm-ish string to find file affiliations to packages... isn't there something dpkg-ish for that?
<pmatulis> what is file affiliations?
<TheLordOfTime> LuizAngioletti, usually i don't bother to care, because most of the core stuff I need i know where it came from, and only in very rare cases do i use apt-file
<TheLordOfTime> (usually for package debugging)
<LuizAngioletti> pmatulis: which package provides wich file.
<TheLordOfTime> LuizAngioletti, what were you looking for?
<LuizAngioletti> there is a binary called "daemon" under /usr/bin
<LuizAngioletti> I want to know what it does. =)
<LuizAngioletti> and maybe where I can find more info about it... it seems to be a wrapper for some operations, like 'start-stop' services...
<LuizAngioletti> (I encountered reference to it in a script I'm reading)
<pmatulis> LuizAngioletti: dpkg -S file
<LuizAngioletti> pmatulis: that simply returns the name of the package, not something like package<version>.deb
<LuizAngioletti> You see? I want to get what .deb gave me that file.
<TheLordOfTime> LuizAngioletti, then use apt-file'
<TheLordOfTime> which i just told you to do?
<TheLordOfTime> apt-file search daemon
<LuizAngioletti> I just found out what 'daemon' does, but now I'm curious about that now. =)
<TheLordOfTime> and find the path in its output and then the first word(s) on the line are what package it comes from.
<LuizAngioletti> TheLordOfTime: It helped me already. =)
<allSeeingEye> pmatulis: do you have any LPI certs?
<pmatulis> allSeeingEye: yes, levels 1 & 2
<allSeeingEye> pmatulis: I'm working on 1. Did you use the practice exams at penguintutor.com to help?
<allSeeingEye> I'm actually quite surprised at some of the questions. I've been managing linux systems for a few years now and it seems rather difficult to pass the practice exams @ penguintutor. I wonder how close they are to the actual exam.
<pmatulis> allSeeingEye: no, just online info based on the outline given on the LPI site.  for me, 1 and 2 were pretty basic.  but you can be tripped up by inane questions
<allSeeingEye> I'm hoping there aren't questions that have a potential of several answers, and you get it wrong b/c you don't answer it the way they want.
<pmatulis> like multiple choice questions where each answer differs by a '.' or a '-'
<allSeeingEye> are questions mostly multiple choice & true/false?
<pmatulis> they are all multiple choice for 1 and 2 iirc.  things change though.  it was a few years ago
<allSeeingEye> yeah
<LuizAngioletti> I've done 101;]
<LuizAngioletti> a few months back.
<allSeeingEye> how was it LuizAngiloetti?
<LuizAngioletti> Still multiple choice... and still some insane questions.
<allSeeingEye> do you recall how many questions?
<LuizAngioletti> I think that is described in the lpi.org page, isn't it?
<allSeeingEye> probably, going to check
<Feri_> Hi. Sometimes I need make a copy from a hard drive onto a new one. To do that I boot Knoppix live, make partitions in a new disk, format them, and copy all files with rsync. I can make the new disk bootable, but in the fstab I must change UUID lines manually. Is there a method what can do that automatically? Eg. change /dev/sda1 to UUID=...?
#ubuntu-server 2012-12-27
<uvirtbot`> New bug: #1093934 in puppet (main) "puppetmaster-passenger fails to run" [Undecided,New] https://launchpad.net/bugs/1093934
<StashBox> Hi Everyone, is there anyone here that could help me with Samba?
<highvoltage> I guess no one will know until you ask your question.
<StashBox> not sure if there is an exact question to ask.. I've gone through all the standard setup. Config smb.conf, smbd service is running, but unable to connect from win7 computer.
<StashBox> The Win7 computer won't even detect the samba share, entering \\HOSTNAME fails to connect
<samba35> i have install tftpd-hpa server and get installed and netstat and service is saying  tftpd ("she") is running but when i try  to telnet localhost 69 its not working why ?
<samba35> telnet: Unable to connect to remote host: Connection refused
<uvirtbot`> New bug: #1094019 in lxc (universe) "Linux's getdents gets /.. inode number from host system under LXC" [Undecided,New] https://launchpad.net/bugs/1094019
<freesbie> tftpd listens on UDP
<Error404NotFound> Shameless marketing message: Do you manage backups? Help me by providing your feedback: http://goo.gl/gmmLs
<uvirtbot`> New bug: #1094052 in net-snmp (main) "default install of snmpd leaks memory when VLAN interfaces present" [Undecided,New] https://launchpad.net/bugs/1094052
<uvirtbot`> New bug: #1094057 in memcached (main) "package memcached 1.4.14-0ubuntu1 failed to install/upgrade: el subproceso instalado el script pre-removal devolviÃ³ el cÃ³digo de salida de error 2" [Undecided,New] https://launchpad.net/bugs/1094057
<slyboots> Hello
<slyboots> Im curious, anyone here using ZFS within Ubuntu server?  Setting up a fileserver and wondering if its worthwhile going down the zfs route.  ITs for a home-enviroment but still, dont want something thats going to fall over on me
<patdk-lap> slyboots, #zfsonlinux
 * slyboots nods
<Industrial> I have several NodeJS services to run, these are just TCP servers listening on ports. Should I create a new user called web or something to run these servers with? the user needs access to port 80. How do I do that? Can I shield the user from logging in or going anywhere else then the directories where these websites run?
<maco> if you set a user's default shell in /etc/passwd to /bin/false they can't get a shell
<Industrial> ok
<maco> there's also rbash for a restricted bash shell
<maco> i believe it restricts them to their home directory
<Industrial> but say one of my servers is breached and allows the script to call e.g. child_process.exec(shellcmd)
<Industrial> I guess thats not an OS problem ;P
<maco> if you "man rbash" there's actually quite a few more restrictions it does
<Industrial> maco: if I can't log in with the users, how do I actually run the services with the user?
<Industrial> ok
<maco> no cd, no commands using a /,  no redirects...
<maco> su - user -c command
<maco> or sudo -u user command
<Industrial> okay
<Industrial> maco: so then I just create a /var/www and chown it to the web user?
<Industrial> (I won't ever run an apache so I don't think the name clash will matter.. alternatively should I use /var/node or something?)
<maco> Industrial: should work. i tend to add a sticky bit and group write so i can add/modify files as my user. the dir doesn't really matter--apache could be configured to some other dir too, after all. i tend to make mine under /srv
<Industrial> Right. I'm using a git based deploy system anyway, so I just do the final deploy and run steps with the web user I think ..
<PryMar56> using recent lucid, anyway to get KMS with Matrox g550? any vga code on kernel cmdline is ignored also
<RoyK> what's kms?
<PryMar56> need 1360x768 (LCD TV)
<PryMar56> kernel mode setting
<RoyK> dunno - sorry
<PryMar56> I run ubuntu-server gateway/router/web on a box next to my TV and it does mp3 into my home theatre also
<PryMar56> abraca/xmmsd
<salik> hi all!
#ubuntu-server 2012-12-28
<qman__> I created a VM with ubuntu-vm-builder, and now I want to move it to another server
<qman__> is there anything special? where are the files stored?
<patdk-lap> dunno
<patdk-lap> it all depends how you built it :)
<patdk-lap> generally just move the disk image, cow2? then the config, libvirt export?
<qman__> sudo ubuntu-vm-builder kvm lucid --arch 'i386'  --mem '512'  --rootsize '10240'  --swapsize '512'  --kernel-flavour 'server'  --hostname 'omegarelay'  --domain 'home.hilltop.local'  --mirror 'http://archive.ubuntu.com/ubuntu'  --components 'main,universe'  --addpkg 'openssh-server'  --name 'ryan'  --user 'ryan'  --pass 'ubuntu'  --ip '192.168.1.4'  --mask '255.255.255.0'  --net '192.168.1.0'  --bcast '192.168.1.255'  --gw '192
<qman__> .168.1.1'  --dns '192.168.1.1'  --bridge 'br0'  --libvirt 'qemu:///system'
<qman__> that's how I built it
<qman__> ah, I see
<qman__> it made a directory called ubuntu-kvm in the current directory
<qman__> and a run.sh
<goddard> i want to setup a php/apache server but no mysql
<anepanal1ptos> can 32bit ubuntu see more than 4Go of ram?
<blkperl> anepanal1ptos: no you should use 64bit ubuntu
<anepanal1ptos> well, i RTFM'd it, and the answer is yes and no.
<anepanal1ptos> gotta see if i have PAE
<anepanal1ptos> yeah my problem is someone has compiled a shitty driver and it doesnt work with linux x64
<anepanal1ptos> and woohoo i have pae
<samba35> i have two lun /volume for iscsi 1st is regular iscsi (mpio) and another is sanboot while insallting ubuntu on sanboot volume/lun1 ,every thing was good but while installing grub it give error so and cant proceed to install grub ,how i should fix this issuse
<RoyK> samba35: did you have both luns connected during install? the installer can sometimes be a bit confused and install grub in the wrong place. I've seen that happen. if that's what happens, try to disconnect all but one lun and reinstall
<samba35> ok
<samba35> when i was trying to install 2nd ubuntu installtion that time my 1st ubuntu was off
<RoyK> but... was both iscsi luns connected?
<samba35> i am trying to installed this on vmware
<RoyK> and btw, aren't you using vmware for this? wouldn't a vmfs make things a bit easier?
<samba35> point
<samba35> how do i make vmfs to get installed grub ?
<RoyK> vmfs doesn't care, but it's probably easier for the ubuntu installer to install on a virtual disk instead of handling iscsi itself
<samba35> ic
<samba35> how to fix this?
<RoyK> I'd try to install as normal on vmfs
<RoyK> single virtual drive
<RoyK> expand as needed later
<RoyK> you'd probably want to use lvm on top of that
<samba35> sorry no idea of lvm
<RoyK> well, never mind
<RoyK> it's not needed, but makes things a bit easier to resize / reallocate space in linux later
<RoyK> google it
<samba35> learning lvm is complex ?
<RoyK> no, it's easy
<samba35> ok
<samba35> ok thanks will get back to you
<samba35> do you have any idea on dhcp options
<RoyK> maybe...
<samba35> i was trying tftp boot from dhcp server which option i have to use 66 and 67 ?
<samba35> how do i test tftp server is running ,when i check the serice and netstat it say its working/running but when i tryed to telnet localhost port/service of tftpd it did not work
<RoyK> telnet won't work, since tftp is udp
<RoyK> tftp localhost
<RoyK> get /somefile
<RoyK> that file must exist, obviously
<samba35> ok
<RoyK> under the tftp root
<samba35> telnet doesnt work on udp ports ?
<RoyK> telnet uses tcp
<samba35> ahh ok thank you adding for my knowledge
<RoyK> you can use netcat or nmap to probe udp ports
<RoyK> nmap is usually easiest
<samba35> ok
<samba35> brb
<jeeves_moss> how do I setup my bind server to be a slave with no upstream replication to my windows servers?
<vezq> jeeves_moss: slave or cache-only?
<jeeves_moss> veq, I think it'll be a cache only, but in the future, I'd like to be able to dynamically update the Windows boxes with external dynamic clients.
<jeeves_moss> vezq, is it simple, or a huge pain in the butt to make work?
<vezq> vezq: cache-only is easy: https://help.ubuntu.com/community/BIND9ServerHowto#Caching_Server_configuration
<jeeves_moss> and allowing bidirectional dynamic updates?
<vezq> jeeves_moss: http://support.microsoft.com/kb/275866 (funny place to find instructions) :)
<jeeves_moss> vezq, lol  thanks.  I have a RADIUS server that will be taking care of some WiFi access points, and I would like to make sure that they dynamically update the DNS IP entries
<vezq> jeeves_moss: ok, haven't done dynamic setup myself
<jeeves_moss> vezq, neither have I, but I think it'll be a million times easier for administration when I have to deal with issues instead of looking up IPs, etc
<vezq> jeeves_moss: yep sounds wise
<jeeves_moss> vezq, I just need to make sure that things work.   But........
<jeeves_moss> vezq, I'm just waiting for parts to arrive from ebay
<vezq> vezq: what WiFi APs you are using?
<vezq> meant jeeves_moss
<jeeves_moss> vezq, it's a toss up right now if I should buy MikroTik APs or build up some Raspberry Pis with all the parts.  It's all the same price, but with the Raspberry Pis, I can do a lot more
<vezq> jeeves_moss: will there be many APs?
<jeeves_moss> vezq, if my marketing plan goes well, that's the hope
<vezq> recommend to check out also this http://www.ubnt.com/unifi
<jeeves_moss> vezq, free?
<vezq> nope, just cheap with good features
<jeeves_moss> vezq, thanks!  I'll have a look.  I was thinking using the MikroTik hardware, and a RADIUS backend
<vezq> it has a nice management software which supports Ubuntu too
<vezq> also supports RADIUS
<jeeves_moss> vezq, I'll have a look.  My biggest issue right now is making sure I subnet the APs out correctly
<jeeves_moss> vezq, and making sure that the DNS servers dynamically updates correctly
<uvirtbot`> New bug: #1094271 in autofs (main) "autofs missing directory" [Undecided,New] https://launchpad.net/bugs/1094271
<RoyK> samba35, the troubled iscsi master? ;)
<samba35> no
<RoyK> ;)
<samba35> was playing till now
<samba35> now googleing
<samba35> thanks
<lvmer> I can't seem to search a folder server-side with the find command, even though the folder is visible on my samba and I can search it in windows explore. $ find /share/pictures -name dscn
<lvmer> does the find command not work within subfolders?
<lvmer> I feel like it obviously has before
<lvmer> nevermind there must have been a syntax error somewhere
<uvirtbot`> New bug: #1094310 in nova (main) "package nova-compute-kvm 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1094310
<lvmer> There does not appear to be a minidlna channel; so, is there a limit on the # of files minidlna can store in the database? I was trying to 'force-reload' a music folder with 65,000 & it keeps stopping at 9443, and it doesn't even bother to get the image files at all.
<lvmer> How do I increase the Inotify max_user_watches for minidlna?
<RoyK> lvmer: it's probably in /proc/sys/fs/inotify/max_user_watches
<lvmer> royk: and I can change that permanently in /etc/sysctl.conf ?
<lvmer> by just adding fs.inotify.max_user_watches =  #
<RoyK> yes
<lvmer> royk: default seems to be 8192, what exactly does this change? folder update notifications?
<lvmer> I can't seem to get minidlna to get picture files. There is no mention of an error in the log file for the pictures directory. It just seems to ignore it
<lvmer> as far as I can tell everything is spelled correctly
<lvmer> is it possible to have more than 1 media directory?
<lvmer> it seems anything after #1 is ignored
<lvmer> media_dir=A,/share/music media_dir=P,/share/pictures media_dir=V,/share/pictures media_dir=V,/share/movies media_dir=V,/share/tv
<mikeroth> I'm having an issue with security groups in eucalyptus can anyone help?
<Plizzo> Hello, I have an issue with my server and I'm afraid my SSD is broken. Anyone care to hear me out? :)
<TheLordOfTime> nope.  not individually, just ask your real questions in the channel.
<Plizzo> I have a server running 11.10. My system and all swap partitions are on the SSD but all storage etc is done to a RAID5 volume. I'm trying to transfer a 12MB file to my SSD but it keeps telling me it doesn't want to write and that the disk is full. Although, when I run "df -Th" I can't see the disk in the output
<Plizzo> So I'm afraid that my SSD has somehow broken, and that if I reboot I cant start again
<Plizzo> Is there another command I could use, because I can't seem to check if the disk is full or not
<_ruben> Plizzo: how about df -i, perhaps you ran out of inodes?
<Plizzo> _ruben: I tried running multiple commands, but neither of them display my system partition
<Plizzo> _ruben: What else can I do, should I start a dd to an image on my RAID?
<_ruben> oh, i missed the part it missing from the output
<_ruben> does it show in 'mount' ?
<_ruben> anything odd in 'dmesg' ?
<Plizzo> Do I just type "mount"? (without quotations=
<_ruben> yeah
<maco> yep
<maxb> And you might want to pastebin the full result of mount, just to provide extra context on your system's filesystem setup.
<maxb> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Plizzo> This is what mount gives me:
<Plizzo> http://paste.ubuntu.com/1473739/
<Plizzo> My SDD is /dev/sdb, but only sdb1 is mounted, and that's /boot
<_ruben> line 1 shows / being mounted
<_ruben> pastbin df -h and df -i as well
<Plizzo> df -h: http://paste.ubuntu.com/1473742/, df -i: http://paste.ubuntu.com/1473744/
<_ruben> / is full
<_ruben> 100% use
<Plizzo> In see that now, I actually misstook the first entry :/
<Plizzo> Is there a smart way to check where all space is?
<_ruben> i tend to use ncdu for that, but that's not installed by default
<Plizzo> And my disk is full so I can't install it
<_ruben> might need to free up some space before being able to install it
<_ruben> yeah :)
<Plizzo> hehe, yep
<Plizzo> On it!
<_ruben> check for old kernels .. those tend to pile up and take a fair chunk of space
<_ruben> and /var/log might be a good start as well, logs can grow fast unexpectedly, i always put them on a seprate lv/partition
<Plizzo> _ruben: I'm checking logs, but the syslog is just about 12MB etc, and the others are way lower
<Plizzo> _ruben: I have the webserver on the raid, so that's not it
<Plizzo> _ruben: Maybe the Plex database has somehow expanded weirdly
<Plizzo> found it!
<Plizzo> The plex Media server log is 41GB....
<Plizzo> What the hell...
<Plizzo> _ruben: Is there some way to limit file sizes?
<Plizzo> _ruben: You on?
<Plizzo> I've removed the file that was clogging the file system, but df -h still shows 100% used
<Plizzo> Everything works again, thanks guys! :)
<_ruben> Plizzo: plex probably had the file still open :)
<Plizzo> _ruben: Yeah, I noticed that I had a debug setting checked in PMS which is why it was filling up the file so badly
<Plizzo> _ruben: It debug logged all transcoding as well :P
<_ruben> limiting filesizes isn't a trivial task afaik, one usually uses logrotate software to limit the growing
<triton_> Hello
<triton_> I was wondering if anybody here is familiar enough with iptables and networking, I am trying to figure out a port forwarding problem.
<thufir_> I installed 12.04 a while back, then added lxfe and ruby rvm.  now some rvm gems won't build, missing dependencies. is there anything weird about ubuntu server which would cause that?  or, just broken packages?
<_ruben> triton_: try asking the actual question(s) :)
<triton_> Ok, so I have 3 remote installations, each one uses the same ubuntu OS as a firewall, router, nat.  I needed to forward ports from inside the local network to the Internet. On 2 installations out of 3 it worked (same exact configurations) on 1 I can't open the port forwarding though the iptables rules are the same.
<triton_> I am looking for some hint on how to analyze a problem where I am trying to do port forwarding and it's not doing the job though iptables have the rules, /proc/sys/net/ipv4/ip_forward is 1, /etc/hosts.allow and hosts.deny only deal with sshd and not these ports (44,55)
<_ruben> triton_: 1st step, do sudo iptables-save -c and see if those rules ever got matches (as in, are not showing [0:0])
<triton_> Is it against the rules to paste output of such commands in the channel?
<thufir_> how do I install xfce onto ubuntu server?  I have lxde but cannot seem to get xfce.
<triton_> pastebin?
<_ruben> triton_: pastebin indeed
<triton_> _ruben: http://pastebin.com/db3AvqQs
<thufir_> triton_: on the cli, you can say "cat foo.txt | pastebinit" and it will do it for you, automagically :)
<triton_> thufir_ : crazy stuff!
<thufir_> triton_: :)
<thufir_> triton_: you might have to install something to get that to work, just takes a sec, tho.
<triton_> yeah, it's not installed here, wants me to apt-get install.
<_ruben> triton_: use tcpdump/wireshark/etc to determine where things go wrong, could be the dnat itslef, or the reply traffic for instance
<_ruben> triton_: and i assume you're not testing from the box itself?
<triton_> _ruben: no, I am not testing from the box
<_ruben> ok, good
<triton_> _ruben: but what about that iptables output, it had [73:4384] and [4:228], not 0:0
<_ruben> and you do can reach 192.168.10.100:44/55 from that box
<_ruben> those are packet/byte counters .. when it says 0:0, that rule never matched any packets
<triton_> _ruben: yes, the video camera is reachable from the ubuntu box that is the router, I can even vnc and view the camera output while on that machine
<_ruben> ok
<_ruben> depending on your network layout, it could be a case of triangle routing, where the return traffic from the camera is going through the box running iptables
<triton_> _ruben: well, yes, one thing I cannot confirm is the physical layout of anything in either of those 3 installations. The only thing I know that IS different in this case is that they have some sort of a repeater in the LAN because in that location the cameras are so far away (more than 40 meters I think) and they couldn't get this to work without another powered switch or repeater somewhere...
<triton_> ...in the middle
<triton_> though I thought that if I can already view the output from camera on the machine itself, the repeater in the middle is probably nothing of consequence?
<triton_> ok, thanks
<_ruben> triton_: doubt that as well .. done any sniffing yet with tcpdump/wireshark/... ?
<triton_> _ruben: looking with tcpdump
<triton_> _ruben: well, I can see with tcpdump -n -e -ttt -i eth1 that when I hit the box, it is actually forwarding from the external IP to the 192.168.10.100:44
<triton_> _ruben: http://pastebin.com/3AN4Pk79  - this is what tcpdump is telling me
<triton_> _ruben: and I replaced my IP with 'my.own.ip.address' though :)
<_ruben> triton_: is 192.168.10.100 reachable through eth0 by any chance? in that case it's the MASQ rule interfering
<triton_> _ruben: that would be strange, the eth0 is the Internet nic.  I do have that rule though: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE (but in all 3 installations)
<triton_> I am going to drop that rule, see what happens
<triton_> _ruben: no, the address isn't reachable through eth0 and without the masq rule nothing really changed (for the forwarding)
<_ruben> wonder why it shows up with external ip then
<_ruben> triton_: try sudo iptables -t raw -I PREROUTING -p tcp --dport 44:55 -j TRACE .. that should give detailed logging as to which rules are being matched
<triton_> _ruben: I guess I missed something, how does it show with external ip?  tcpdump shows: my-ip-address.54354 > 192.168.10.100.44, that's all where it shows.  But this: 192.168.10.100.34239 > 239.255.255.250.1900 I don't understand.
<longdays> I have a logrotate question. Tomcat is configure to rotate catalina logs daily but it does not compress them. I want logrotate to compress these old log files if they are found. I have found that I can do this with the size parameter, but I would rather do it based on a time stamp older than when the log rotate was last run. is this possible?
<_ruben> triton_: that's traffic originated by the camera itself, probably looking for upnp stuff
<triton_> _ruben: I wonder.. maybe upnp should be turned off
<_ruben> triton_: perhaps, but it shouldnt interfere with the actual probloem
<triton_> _ruben: so I added that iptables trace line
<_ruben> triton_: also, not much sane can be said about this without knowing the exact network layout (interfaces, subnets, etc)
<triton_> _ruben: that's true. There are 4 computers, 1 is the ubuntu machine, 3 others are local network, all windows xp. There are 4 cameras (the 10.100 is the master and thus server). The ubuntu machine is the gateway. The ip addresses are all assigned statically.
<triton_> it's a small store actually
<_ruben> triton_: xp machines are in 192.168.10.0/24 as well? and if so, why use port forwarding? :)
<triton_> I guess the weird part is only that 2 others are fine, forwarding, translating with the same iptables rules and settings
<triton_> _ruben: the xp machines are 192.168.10.2, .11, .12, yes.  Why not use port forwarding?  What's  a better way?
<_ruben> triton_: if they're in the same subnet, why not connect directly to 192.168.10.100?
<triton_> _ruben: oh, but the camera is supposed to be visible to the outside.  The port 44 allows viewing what's happening inside the store from a browser (with some activex or java applet) and port 55 allows the same for a smartphoen
<triton_> _ruben: you are right, when they connect to the camera on any one of the windows machines inside for example, they just go to the local address of the camera and it works
<_ruben> triton_: do you want to reach those cams from those xp boxes or from outside that netwrk?
<triton_> _ruben: from the outside, the inside is not important at all
<_ruben> ah ok
<triton_> they can see what's happening inside without cameras : ) it's a small store, maybe 100 square meters.
<_ruben> hehe
<triton_> it's like a security service, when you have a few stores in one network, then it makes sense
<_ruben> triton_: one possibility, is the default gateway configured correctly on the camera?
<triton_> I have to check on that.  I'll try
<triton_> _ruben: I'll have to ask the service guy who installed this for some credentials to get into the admin interface, I only can get as far as using vnc now to open a browser on that ubuntu machine and hit the 192.168.10.100 :44 (this does give me a correct response) but I don't know how to administer the cameras without camera server credentials.
<triton_> _ruben: thank you for all the help that you provided really
<triton_> I think it's time for me to ask somebody who is physically there to help out
<triton_> it's another country :)
<triton_> _ruben: I only build and supply store and chain management software, supply chain management, resource planning and such.  They asked me to help them with the cameras and I was able to in other stores, but this one is giving me too much headache
<triton_> it's also crazy funny (or not) to observe immediately attempts by some hostile machines to break into the vnc session that I opened temporarily via ssh. It's crazy how infested the Internet is
<_ruben> hehe, yeah
<triton_> Ok, have a good day, night, morning or evening!
<triton_> bye
<cwillu> for future reference, if one is using ssh to start a vnc server, one might as well tunnel the vnc connection through ssh as well
<cwillu> friends don't let friends send keystrokes over the internet unencrypted
<jak2000> hi all
<jak2000> here my partitions: http://pastebin.com/bwtLzf7t   when i try access to: cd /var/lib/mysql show me a Error Message: "Permission Deneied"  i try with: sudo cd /var/lib/mysql   but show me thesee rror: sudo: cd: command not found   why? need format or unmount or? thanks
<TheLordOfTime> any way to pin a package from autoupgrading?
<TheLordOfTime> i.e. i have to either dist-upgrade or install [package] to force it to upgrade
<TheLordOfTime> or in other words, is there a way to hold back a package when i do apt-get upgrade
#ubuntu-server 2012-12-29
<daff> is it possible to configure and use (tagged) VLAN support in the ubuntu installer when running from PXE? if so, how? this is on 12.04.
<pmatulis> TheLordOfTime: of course, with apt pinning (or aptitude holding)
<_thufir> hello.  I can use finch but cannot start xwindows properly.  running ubuntu server 12.10
<_thufir> hmm, am I known as password? LOL.
<_thufir> I don't have access to the web.  how can I run startx so that lxde starts pls?
<lickalott> wrecker
<Flynsarmy> I created an array with sudo mdadm --create /dev/md0 --level=5 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1 and rebooted. /dev/md0 no longer exists after reboot but /dev/md127 and /dev/md/xbmc:0 doâ¦why is that? I've added ARRAY /dev/md0 metadata=1.2 name=xbmc:0 UUID=3dcfe843:c2300a40:75190922:f6caf9c7 to /etc/mdadm/mdadm.conf
<uvirtbot`> New bug: #1094438 in samba (main) "Samba crashes invalid pointer: 0x00007f0bc3de7590" [Undecided,New] https://launchpad.net/bugs/1094438
<samba35> RoyK: hi
<RoyK> samba35: hi
<samba35> how r u
<samba35> brb
<RoyK> fine, or ok, or something :P a few beers last night
<samba35> i need rum ,to kill chill
<samba35> need some thing wrorm
<samba35> worm
<samba35> do you have any idea on nagios ,once i login with user how do logout and login with admin
<RoyK> iirc, you need to kill the browser
<samba35> i reset cache
<samba35> it did not help me
 * RoyK replaced nagios with icinga
<RoyK> nagios development halted around 2006 or so
<samba35> icinga ?
<RoyK> dot org
<samba35> ok
<samba35> let me check that thanks
<RoyK> nagios development halted when Ethan Galstad found out he could release Nagios IV and charge money for it. The Nagios code belongs to the early copper ages
<samba35> ic
<samba35> using it ?
<RoyK> not currently - but I was running it for a couple of years until I got a new job
<samba35> ok
<uvirtbot`> New bug: #1094461 in irqbalance (main) "irqbalance spamming syslogd. Higher than normal system load." [Undecided,New] https://launchpad.net/bugs/1094461
<Heart^Killer> hi anyone here
<RoyK> mhm
<babba> join #WiiNintendo
<tdn> Can I install Ubuntu Server on a USB pendrive so that I can use it on a computer with no hard drive?
<maswan> sure
<RoyK> tdn: no problem
<RoyK> tdn: there are apps for windows and linux to do that
<tdn> RoyK, which ones for linux? (KDE=
<tdn> )
<tdn> RoyK, what do I need to consider in order to optimize performance when installing linux on a USB flash drive?
<RoyK> get a fasat pendrive
<mfraz74> is it possible to purge packages from squid deb proxy's cache?
<samba35> i am trying to extract .gz which is 24 mb but it could not unzup the file even after 20 mints  and check with ubuntu desktop it show that folder is locked and cross
<RoyK> mfraz74: as in "apt-get purge squid3" ?
<RoyK> samba35: no idea about desktop icons etc - I don't use that on servers :P
<samba35> you are one of the true server user :)
 * RoyK uses a mac for desktop things ;)
<samba35> but any idea why does it so much of time ,seems locked
<samba35> max file reached ?
<samba35> which version osx on mac
<mfraz74> RoyK: No, I want to get rid of the old packages that squid-deb-proxy has cached
<RoyK> no idea - is this a single gz file or a gzipped tar ball?
<samba35> ok
<RoyK> mfraz74: oh, you mean empty the squid cache+
<RoyK> ?
<mfraz74> RoyK: yes
<mfraz74> but not remove all of them
<samba35> RoyK: which version os mac osx ?
<RoyK> mfraz74: not sure, but the store log may tell
<tdn> Where do I get an install image that does not require PAE?
<RoyK> erm... 8.04? ;)
<RoyK> tdn: got an old pc?
<RoyK> tdn: just tested a bit here, and lucid seems to boot without PAE
<RoyK> requirung PAE seems a bit silly, though, although from 12.10 there's no 32bit server install
<samba35> RoyK: ubuntu owe you ??? us$/day
<samba35> ??? ==how much dont know
<TheLordOfTime> tdn, Lucid.
<TheLordOfTime> 10.04 :P
<TheLordOfTime> i'm not sure if 12.04 requires PAE or not.  I didn't check :P
<TheLordOfTime> since all my servers run 64bit.
<RoyK> TheLordOfTime: I just tried with virtualbox - it doesn't work without PAE. Lucid and back works well
<TheLordOfTime> RoyK, okay, so 12.04 required PAE.
<TheLordOfTime> good to know
<RoyK> and 12.10 server does not (since it requires 64bit instead :P)
<TheLordOfTime> indeed.
<TheLordOfTime> RoyK, to confirm my knowledge, any EOL release's repositories disappearify from the mirrorsright?  therefore bugs against EOL releases about not installiung software are Invalid?
<TheLordOfTime> (if you know)
<TheLordOfTime> nevermind, got an answer :P
<RoyK> TheLordOfTime: what was the answer?
<patdk-lap> hmm?
<patdk-lap> 12.04 dumped the non-pae kernel
<patdk-lap> the 32bit pae kernel should work for most all systems, if they do or don't support pae
<patdk-lap> the only known exception to that, that I know of, is if the cpu supports pae, but the motherboard screws it over, I have a motherboard like that
<RoyK> patdk-lap: non-pae cpus won't boot with 12.04
<RoyK> but then, pae saw light first in the PentiumII days around 1995, so I guess it shouldn't be a problem for most users
<patdk-lap> I thought I had it booting on non-pae cpu's
<patdk-lap> but I can't claim I own any anymore, and I finished dumping all 32bit installs a few months ago
<RoyK> I just tried with 12.04.1 on vbox, disabling PAE
<patdk-lap> dunno about vbox, I would have done a real system
<RoyK> amount of users on 32bit is rather low these days
<RoyK> heh
<patdk-lap> but it would have been about a year ago, closer to 12.04 release time
<RoyK> I don't own a 32bit machine (well, one, but that's ARM)
<qman__> that's not a pae issue, it's an i686 issue
<qman__> really old chips aren't i686, so they need the linux-386 kernel to work
<qman__> but yeah, it's a non-issue PII and newer
<patdk-lap> qman, you calling my pentium D 930, non i686?
<qman__> no, I was referring to the old chips
<patdk-lap> supports pae :0
<patdk-lap> win't boot a pae eneabled kernel
<patdk-lap> cause motherboard is funky
<qman__> for example, the AMD K6 series is only i586
<patdk-lap> motherboard won't allow me to boot with pae or 64bit, though cpu supports both
<qman__> 12.04 doesn't have the -386 kernel anymore
<patdk-lap> -386 was dropped long before 12.04
<qman__> it's in 10.04, which is what I'm running on my K6
<RoyK> qman__: well, testing 12.04 with virtualbox, it fails to boot if I disable PAE, works well with PAE
<qman__> hmm
<qman__> all of my non-pae systems died recently, except for the K6
<RoyK> the y2012 problem, I guess
<qman__> heh, not really
<qman__> I had a couple old P4s still running but they crapped out
<RoyK> y2old
<patdk-lap> I dropped support for all non-pcie only systems personally
<qman__> I keep the K6 because it will outlast the rest
<qman__> everything else is being replaced though
<qman__> in fact I just put together a new one to virtualize the ones that died
 * RoyK disassembles old harddisks to make nice presents
<javaJake> I've got SSH access to remote hardware running XenServer, and I'm attempting to do a fresh Ubuntu Server installation.
<javaJake> (oops, ruined the one-line rule) What's the best way to install Ubuntu Server if all I have is SSH via XenServer? There doesn't appear to be a serial console either, but I bet I could get one if you guys think SSH is a bad idea.
<uvirtbot`> New bug: #1094547 in ipsec-tools (main) "setkey fails to detect invalid use of esp-udp with IPv6" [Undecided,New] https://launchpad.net/bugs/1094547
<patdk-lap> well, it could be possible, but the issue is, if something goes wrong, your normally screwed
<patdk-lap> ideally you can install it to a seperate partition/drive
<patdk-lap> then install grub on the boot drive
<patdk-lap> then reboot
<javaJake> patdk-lap: so let's say I use a ramdisk...
<uvirtbot`> New bug: #1094556 in openvswitch (main) "confusing typo in /etc/default/openvswitch-controller" [Undecided,New] https://launchpad.net/bugs/1094556
<jn_> Hi awstats trouble.. I have the application working and I can access the overview page in my browser. Some statistics such as country/hits are working but I have noticed that visitors show 3 and does not update as other parameters when I browse my testsite
<jn_> and idea what this could be ? perhaps some file permission or logformat issue ?
<jn_> any *
<jn_> think it is only showing unique visitors for some reason
<SpamapS> jn_: honestly.. awstats.. so 2006. :) Just use google analytics :p
<patdk-lap> spamaps, some people don't want google to own their lives :)
<ikonia> I'd harldy call a web trend tool "owning their life"
#ubuntu-server 2012-12-30
<SpamapS> patdk-lap: for those people, piwik works
<jn_> It would appear there are some time interval, if a user visit my site with 10 minutes in-between only the first visit is added to the visit statistic's, while BW etc. is updated.  Must be a parameter somewhere ?
<SpamapS> patdk-lap: I understand that desire, I refuse to give google my MX for instance. ;)
<SpamapS> jn_: probably caching
<jn_> I'am manually manipulating the access log
<jn_> http://awstats.sourceforge.net/docs/awstats_glossary.html if you read under "visits" I think an hour is the time interval. Seems strange to me though
<jn_> I should read official documentation more often -_-
<lickalott> hello all!  I've just rebuild my server and threw 12.10 on it.  When i do a uname-a i get (whats expected) the name of the rig that I chose during installation.  Consequently it's the same name prior to the rebuild.  i've set it up as an samba server (like before) but the hostname isn't being resolved.  i can only \\<IPADDRESS> to access it.  what can i do so that the hostname is recognized?
<SpamapS> lickalott: is nmbd running?
<lickalott> yes
<lickalott> nmbd -D
<lickalott> restart it?
<lickalott> i also have nscd running
<SpamapS> lickalott: nscd doesn't mean anything. you can try restarting nmbd
<lickalott> i'm sorry...my client dc'd.  If anyone responded can you please re paste it for me
<TheLordOfTime> SpamapS> [12/29/12 19:37:10] lickalott: nscd doesn't mean anything. you can try restarting nmbd
<lickalott> ahh..thank you!
<lickalott> I've done that.
<lickalott> here's the weird thing...  I have a batch file that mounts the nfs shares using the hostname  but I can't get to the /servername by itself
<lickalott> SpamapS, i'm just gonna go with the script to auto mount.  seems to work with the path.  I may keep diggin but i'm happy for now.  Thanks for the assit!
<qman__> Where's the best document on setting up openstack on ubuntu? I've tried it twice now with poor results. The main problem is I only have one server, I just want the tools and system to add more later. And I don't want devstack, I want something designed for production.
<pmatulis> qman__: openstack for production would not have just one physical machine so what you're saying doesn't make much sense
<qman__> what I mean by that is
<qman__> I don't want some cheap hack that can't be patched and maintained
<qman__> which is what devstack is
<qman__> I want to use updateable, serviceable packages
<pmatulis> i've never used devstack so it's hard for me to comment.  it doesn't use regular packages?
<qman__> no
<pmatulis> strange
<qman__> it uses some, but most of it is just a big messy download into /opt
<pmatulis> i put o/s on one machine using some instructions i found on the net.  i forget where.  seems to work
<mikal> devstack is aimed at developers testing code changes, its really not intended for deployers at all
<mikal> qman__: you should be just able to setup each component from packages on the single machine
<qman__> I tried devstack first and it was a huge mess and didn't work, so I tried again following a guide on openstack's site, but that didn't work either
<mikal> qman__: most of the defaults are reasonable in the packages. The most obvious thing to look at is that some of the packages default to sqlite databases, which wouldn't be a good choice if you intend to grow the deployment
<qman__> yeah, I hate sqlite
<qman__> the guide I followed was missing pieces of information I had to google for
<qman__> and I never did get it working in the end
<qman__> so I was hoping someone else has a better one, I found this which looks more promising: http://docs.openstack.org/folsom/basic-install/content/
<qman__> but I'd obviously have to modify it for one server
<pmatulis> on my todo list is to script-install the thing.  there is an absurd amount of commands to issue
<mikal> pmatulis: I think you'll find most configuration management vendors have already done that
<mikal> There's existing puppet / chef / juju configs
<qman__> the main problem is that, since I've never used it before, I don't know what all the pieces specifically do and how the interact
<qman__> so when it's broken, it's just broken
<pmatulis> mikal: ah yes, juju.  saw it done.  problem is, you need to understand it first if you intend to maintain it
<mikal> qman__: well... that's a much easier question to answer with specifics
<mikal> qman__: if you have specific error messages, or questions, then that would be easier
<qman__> I got the last one to the point where it was giving me some weird error page in a web browser, that google had no help for
<mikal> (Although https://help.ubuntu.com/community/UbuntuCloudInfrastructure is a reasonable guide)
<qman__> I was at the point where everything was installed and I was trying to get a VM started up
<mikal> Ok, that sounds like a horizon problem
<mikal> Horizon isn't _required_ for a working deployment though
<qman__> right
<mikal> Install keystone / glance and nova first
<pmatulis> qman__: i suggest using cli before horizon
<mikal> Then fancy it up
<qman__> I had all the other parts in (I think) and I couldn't get the CLI to load a VM
<qman__> so I tried to install horizon and that didn't work
<qman__> I had glance and nova and keystone
<mikal> qman__: when that happens, the contents of /var/log/nova/nova-*.log is the place to be
<mikal> Anyways, I'd start from scratch. Install glance and keystone. Get those working. Then install nova and get it working.
<qman__> yeah, I'm going to
<qman__> thanks for that link, I'll try that first
<mikal> Well, I now realize that link requires maas / juju, so it requires buying into that methodology
<mikal> If that doesn't work, you should just be able to install the packages and then configure them
<qman__> well, this time I have a whole day to work on it and physical access to the server, so I can start over if things get completely effed
<mikal> Cool
<mikal> Good luck then
<qman__> any known bugs with UEFI causing networking to not work? I'm trying to install from a flash drive because my USB-IDE adapter connected to a CD drive won't boot with the board, and it boots but it won't get a DHCP lease and won't communicate when there's a static IP
<qman__> and I put in an old 10/100 card to make sure it wasn't just the onboard card
<Skaag> I just upgraded to Precise from Lucid, the machine booted and reached the login prompt, but looks like both the network is down and somehow screwed, and pam is also screwed since I can't login... what might be causing this?
<patdk-lap> who knows
<patdk-lap> could make guesses all day, but we can't see inside your server from this side of irc
<Skaag> I can't either :-)
<Skaag> my plan is to ask a friend to go there, boot from the CD and run a rescue
<strixbg> hi all
<strixbg> I have network config problem with Ubuntu server 12.04 guest in virtual box: RTNETLINK answers: File exists
<strixbg> Failed to bring up eth0., when trying to restart networking
<strixbg> anyone?
<samba35> RoyK: hi
<Guest53336> i'm just testing lxc on 12.10. How can I configure it to a simple bridge without NAT and DHCP and stuff?
<uvirtbot`> New bug: #1039598 in krb5 (main) "dependency problems - leaving unconfigured" [Undecided,New] https://launchpad.net/bugs/1039598
<RoyK> samba35: hi
<samba35> how r u
<RoyK> http://what-if.xkcd.com/25/ <-- flire
<RoyK> oops
<RoyK> wrong channel
<uvirtbot`> New bug: #918791 in qemu-kvm "qemu-kvm dies when using vmvga driver and unity in the guest" [Undecided,Fix committed] https://launchpad.net/bugs/918791
<Joe1301> anyone good at setting up dns I have 3 domains on a ispconfig server I have 2 of them resolve but the 1 domain that is attached to the server name will not resolve....Anyone can help?
<Joe1301> the domain is joepros.com
<SpamapS> Joe1301: the root servers think joepros.com has its name servers at 184.95.45.39
<SpamapS> Joe1301: but 184.95.45.39 doesn't reply to queries about joepros.com
<SpamapS> Joe1301: it can take up to 3 days for changes to propagate fully due to caching
<SpamapS> Joe1301: though the root servers usually are all up to date much quicker than that
<SpamapS> Joe1301: so once you change your dns server IP's at the registrar, you can monitor the root servers by doing 'dig joepros.com @k.gtld-servers.net ns'
<Joe1301> yes thats the correct ip of the serverer....the server name is ws1.joepros.com I have a joepros.com zone with a record of ws1... I had it resolving yesterday for about 8 hours then it crashed
<Rar9> can someone help with dpkg : warning: thereÂ´s no installed package matchine nginx:amd64
<SpamapS> Joe1301: note that k.gtld-servers.net can be a-l .. I just chose k randomly
<andol> Joe1301: Also, pointing ns1. and ns2. to the same ip kind of defeats the whole purpose.
<TheLordOfTime> Rar9, did you install nginx?
<SpamapS> Rar9: probably a confused dpkg. perhaps try backing up the configs (all in /etc/nginx IIRC) and then installing the package manually (apt-get download nginx:amd64 ; dpkg -i nginx_*_amd64.deb)
<Rar9> no I didnÂ´t but I believe it cam with the Plesk Iso that I installed
<Rar9> plesk 11
<Joe1301> well godaddy wants 2 nameservers and I have only 1 ip
<SpamapS> Joe1301: you should really find another server to be your #2. It *sucks* to not have DNS. :)
<SpamapS> Joe1301: I've been using twisted4life for a few years, they're fine
<TheLordOfTime> Rar9, eww plesk.
<SpamapS> Joe1301: also, even better, why not just let professionals run your DNS?
<Rar9> yes :-)
<TheLordOfTime> Rar9, sudo apt-get install nginx-full
<TheLordOfTime> do that
<SpamapS> Joe1301: godaddy's hosted DNS (which is free) is fine for all but the most demanding needs.
<maswan> If you want to run your own DNS, I strongly recommend reading DNS&Bind
<Rar9> TheLordOfTime:  nginx-full : Depends: nginx-common (= 1.1.19-1ubuntu0.1) but it is not going to be installed
<Rar9> E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).
<TheLordOfTime> ...
<TheLordOfTime> Rar9, your system is screwy
<TheLordOfTime> did i mention plesk needs to die?
<TheLordOfTime> Rar9, sudo apt-get install nginx-full nginx-common
<Rar9> NO
 * SpamapS actually prefers djbdns personally.. but has given in to the fact that BIND will always dominate :-P
<Joe1301> godaddy only does dns with hosting Im not hosting
<SpamapS> TheLordOfTime: plesk makes a lot of money for a lot of people. :p
<Rar9> E: Sub-process /usr/bin/dpkg returned an error code (1)
<TheLordOfTime> SpamapS, you're saying GUI management of a server is decent?
<TheLordOfTime> SpamapS, you and i need to argue in -offtopic about that then.
<SpamapS> Joe1301: I have free DNS from godaddy and all I did was register the domain
<TheLordOfTime> someday.
<TheLordOfTime> Rar9, pastebin the full output
<SpamapS> TheLordOfTime: yes I'm saying GUI management of a server when it enables you to charge money and make a living, is excellent.
<TheLordOfTime> just giving me the error line sucks.
<TheLordOfTime> s/sucks/isnt useful/
 * TheLordOfTime yawns
<TheLordOfTime> i need coffee.
 * TheLordOfTime shall return
<Joe1301> hmm Ill look into it
<Rar9> TheLordOfTime http://pastebin.com/QFJ1dPTp
<TheLordOfTime> "sw-nginx"
<TheLordOfTime> the hell is that
<qman__> plesk breaking his system
<qman__> because plesk is garbage
<TheLordOfTime> what qman__ said
<TheLordOfTime> "sw-nginx"
<TheLordOfTime> that's not even OFFICIAL
<TheLordOfTime> plesk broke it, dude.
<qman__> they don't even try to fit within the structure of the operating system
<TheLordOfTime> Rar9, plesk broke it, man, i can't help you with that one.
<TheLordOfTime> ... although i can fix this php5 FTBFS on my local builders.  that's the sixth time this week...  *diverts attention*
<SpamapS> yeah if you're using plesk, you're using plesk's software, not Ubuntu's
<Rar9> TheLordOfTime thanks :_(
<TheLordOfTime> eeyup
<TheLordOfTime> and we can't help you there
<samba35> RoyK:
<samba35> RoyK: hi
<RoyK> ding
<samba35> dong
<RoyK> what's up?
<samba35> how to use dmg to iso getting error ERROR: Inflation failed
<jeeves_moss> what is the best way to externally log for routers?  I would like to set up a syslog server on a Linux box.
<patdk-lap> heh? isn't that the best way?
<patdk-lap> just configure rsyslog to listen on udp (and maybe tcp), and then have your routers/firewalls/... stream to it
<samba35> RoyK: r u there ?
<samba35> or any idea on
<patdk-lap> personally that is what I do, but in my case rsyslog streams into mysql, and I use a webinterface to search/view it, also several scripts monitor it for stuff, like dos/attacks/...
<RoyK> !ask | samba35
<ubottu> samba35: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<qman__> speaking of that, is there a good tool for viewing syslogs like that? every time I've set up syslog to one place it always gets too messy to be useful
<patdk-lap> qman, splunk? logzilla? I'm not sure of any current free ones
<patdk-lap> php-syslog-ng was free, but it's old now, and not really performance friendly
<samba35> when i tryed to convert dmg (apple) image to iso with dmg2img it give me error  "Error:inflation failed "
<qman__> hmm, apparently php-syslog-ng became logzilla
<patdk-lap> yep
<qman__> this one looks alright: http://demo.phplogcon.org/index.php?filter=&search=Search&highlight=
<patdk-lap> not sure I have seen that one
<patdk-lap> looks alittle raw
<RoyK> qman__: seems virtualbox eats thos dmg's nicely without conversion
<patdk-lap> samba35 you mean
<RoyK> yes, I do
<RoyK> but it sent me into an EFI console and failed to install
<phillw> a very quick n00b question, if I may.. Why when updating a ubuntu server do I get the message that the linux-header-server, linux-image-server and linux-server are being held back?
<patdk-lap> cause your not updating them :)
<patdk-lap> upgrade only upgrades things that don't bring in new packages
<patdk-lap> those are new, so they are held back
<patdk-lap> dist-upgrade brings in new stuff
<phillw> patdk-lap: So, as I'm running an 12.04 LTS server, it is pointing out that there is a 12.10 version available?
<patdk-lap> phillw, just ignore that, unless you want 12.10
<phillw> patdk-lap: the people to whom the VM belongs (Tor) have asked it to run on 12.04 LTS :)
<phillw> thanks for explaining :)
<qman__> yeah, dist-upgrade is not a release upgrade
<TheLordOfTime> phillw, you can always force those three to install, either with dist-upgrade or specifying sudo apt-get install [packges]
<TheLordOfTime> if it pulls in new packages though it holds back
<phillw> TheLordOfTime: is there a gain to grabbing the kernel upgrades? I am allowed to reboot the Tor VM when it needs it, but as with servers.... I do prefer 'uptime'.
<patdk-lap> uptime is highly overrated
<patdk-lap> installing new kernels most of the time means patching root escalation issues
<patdk-lap> so normally something you want to do
<phillw> patdk-lap: Oooh, when you have a server with hundreds of users, such as an znc-bouncer... they prefer uptime :P
<TheLordOfTime> phillw, i don't bother updating the kernel on systems that need to be online.
<TheLordOfTime> phillw, you know which system i'm talking about :P
<phillw> TheLordOfTime: ^^ :P
<patdk-lap> if there is no way a user can run code on the system, and your services are secure
<patdk-lap> but if the user can get their code to run on the system, I would be more paranoid of updating the kernel and libs
<TheLordOfTime> mhm
<qman__> ksplice uptrack
<qman__> no compromise, stay up and update at the same time
<phillw> qman__: thanks, I'll have a look into that :)
<qman__> oracle ruined the website but it's still free for ubuntu and fedora
<phillw> qman__: I'm just reading the wiki page. Indeed oracle are trying moneterise a free system that is part of the system :) Next up, they'll be offerring paid for support for MySQL :D
<patdk-lap> mysql has always offered payed support for mysql
<RoyK> mysql is like "I want to be a RDBMS"
<RoyK> postgresql is a bit better ;)
<patdk-lap> royk, use oracle sql instead then
<RoyK> heh - oracle costs a wee bit more
<jeeves_moss> how do I setup syslog so I can log my external routers, etc?
<patdk-lap> jeeves_moss, dunno, what syslog do you use?
<patdk-lap> and did you attempt to read it's manual?
<RoyK> jeeves_moss: modify /etc/rsyslog.conf to listen
<RoyK> then your routers can log to t
<RoyK> then your routers can log to it
#ubuntu-server 2013-12-23
<Diegonat> hi guys... I have a question. I have an apache server, behind another ubuntu server which forwards requests to port 80 to apache server. However, whatever domains I try to reach, apache server gives me back always the default website. Why?
<thebwt> Diegonat: how are you doing the forward?
<thebwt> and he's gone
<mickkie> Hi All, I'm running 12.04.3 LTS and would like to install strongswan-5.1.1 which seems to be available in trusty universe. How can I go about installing it on my server? Current repos only show strongswan-4.5.2-1.2
<remix_tj> mickkie: wait for a backport or look if is already available. I suggest to not install unsupported packages on a server, you will leave a door open with possible security holes
<mickkie> Thanks remix_tj, can you please tell where I could look for backports?
<mickkie> I'm not familiar with Ubuntu ...
<remix_tj> mickkie: https://help.ubuntu.com/community/UbuntuBackports
<mickkie> Thanks!  I had a quick look in /etc/apt/sources.list and it seems that precise-backports are listed.  Still no recent version of strongswan showing.  :-(  Does this mean that no one has developed the latest version yet?
<remix_tj> mickkie: no one has backported it. If you really think it could be useful you can ask for a backport, but i do not know what's the correct procedure. Ask google, in case.
<mickkie> Cool, thanks for your help remix_tj.
<aslaen> Hello, has anyone here successfully setup cobbler for pxe boot?
<gsdhgcvertgrjh> WARNING       WARNING      WARNING,                       WARNING
<gsdhgcvertgrjh> WARNING             WARNING              WARNING,     WARNING         WARNING
<gsdhgcvertgrjh>  YOU MAY BE WATCHED
<gsdhgcvertgrjh> YOU MAY BE WATCHED
<gsdhgcvertgrjh>                 YOU MAY BE WATCHED
<nwilson5> anyone have an example for /etc/network/interfaces for assigning static ip's for multiple interfaces. I can get it to work with just one interface, but mess it up when I try to add others
<pmatulis> nwilson5: pastebin what you have
<nwilson5> pmatulis: thanks but got it figured out. Set one of the static ip's gateways to 0.0.0.0
<zotta> Is there a way to allow a non root user to restart a service running as root in such a way that the user doing it does not need to become root himself?
<ddsss> if I add a system user (the one without home directory) - can ssh keys be created for that user?
<melmoth> zotta, sudo is probably the tool you are looking for.
<zerick> yes, sudo will let users do that
<zotta> ok, i did not realize i could whitelist single commands
<zotta> lulz: "-bash: man: command not found"
<markthomas> nwilson5: I'm a little late to your routing conversation, but in /etc/network/interfaces, you do not need to assign a default gateway for each interface, to 0.0.0.0 or otherwise.
<mgw> Which is the appropriate dpkg script for adding a user? preinst or postinst?
<androidbruce> hey guys trying to do an install, grabbed 12.04 i'm having an issue grabbing from the mirror
<androidbruce> mirror doesn't support specified release
<androidbruce> which seems weird
<orogor> hi
<orogor> http://pastebin.com/QqmwWcLN
<orogor> on 8gb there s only 256M free with maybe 2gb of resident memory for apps and 1gb of cache
<orogor> anyone knows where the rest of the memory is ?
<nwilson5> thanks markthomas, yeah I thought you had to. if you have multiple network interfaces is there a definitive way to tell the system which one to use by default for internet connectivity if it doesn't match the other subnets
<nwilson5> maybe by defining the gateway, it seems to have done it on this setup
<markthomas> nwilson5, By default, you only have one "default" route.
<markthomas> nwilson5, If you can conceive of a case with more than one default route, please let me know.
<markthomas> nwilson5, Are you clear on what a default gateway is for?
<nwilson5> wasn't sure how the default gateway was determined, if you define a gateway for your interfaces
<nwilson5> I currently have the gateway defined on one of my interfaces and it seems to be using that as default as I wanted
<Ontani> Hi i've downloaded a preinstalled armel+omap4 image
<nwilson5> if neither interfaces had a gateway defined in /etc/network/interfaces I'm assuming it'd use the first interface... although that's obviously a total guess
<Ontani> but I don't know the default login and password
<Ontani> http://ftp.fi.debian.org/ubuntu-dvd/11.10/release/
<Ontani> it's not described anywhere
<orogor> Ontani, ubuntu/ubuntu
<Ontani> tried that already
<orogor> single user mode ?
<orogor> ... then reset the pass
<Ontani> that worked orogor thanks
#ubuntu-server 2013-12-24
<markthomas> nwilson5, The default gateway is the destination for all packets not bound for 1) a local subnet, or 2) a network with an explicitly-defined route.
<markthomas> nwilson5, So you wouldn't really need more than one.  If you need finer-grained control over routing, you need to define routing table entries other than the default route.
<bitbyte> Hey guys do you know if bug report #728666 has been resolved ?
<bitbyte> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728666
<uvirtbot> Debian bug 728666 in libpam-smbpass "libpam-smbpass: No talloc stackframe at ../source3/param/loadparm.c:4831, leaking memory" [Normal,Open]
<bitbyte> i take the "normal, open" as no still under going root cause ?
<bitbyte> mr bot?
<nyRednek> hey, can i define multiple ssl keys to be used by one instance of postfix?
<lamont> nyRednek: ssl is negotatied fairly early, which makes it hard to use more than one SSL key on any given {IP,Port}   Having said that, if you want them on different IPs or Ports, that could be done with -o options inside of master.cf
<nyRednek> lamont: thanks
<ice9> what is the best way to backup the whole system, by making an archive of it or just copying the whole files with ordinary cp or rsync?
<RoyK> ice9: I'd use rsync
<RoyK> or perhaps tar
<RoyK> but rsync works well
<Ontani> its strange, the device is booted completely but the splashscreen doesn't go away
<orogor> hi
<orogor> may somone enlighten me on a not so simple memory usage question ?
<orogor> all swap is off, sum of rss memory is 2G , 1G is cache , yet i have 7gb used , 1gb free
<orogor> blender trying to allowate more than 1gb get oom killed, so thats  really 1gb free
<RoyK> blender on a server?
<orogor> well...no
<orogor> but #blender is often a bit childish so i dont hang there too much
<eagles0513875> hey guys I have a question im trying to set a user through ACL to have access to /var/log yet i get a message setfacl -m u:jaquilina:rx /var/log setfacl: /var/log: Operation not supported
<eagles0513875> what am I missing?
<orogor> setfacl -m u:jaquilina:r ; setfacl -m u:jaquilina:x  works ?
<jrwren_> eagles0513875: do you have permissions to /var/log to set a facl to it?
<jrwren_> orogor: is blender trying to allocate huge chunk of contiguous memory?
<eagles0513875> jrwren_: im trying to set the permissions for my user using root
<eagles0513875> i should be able to do so as root no?
<orogor> i am unsure your syntax is good
<jrwren_> eagles0513875: yes.
<eagles0513875> well its not letting me
<eagles0513875> is the syntax i have above right or am i missing something
<jrwren_> eagles0513875: try r-x instead of rx
<orogor> jrwren_, noidea
<eagles0513875> jrwren_: nope with r-x it still gives me the operation not supported issue
<jrwren_> sudo setfacl -m u:jrwren:r-x /var/log #WFM
<jrwren_> eagles0513875: oh! is the filesystem mounted with acl?
<eagles0513875> oh crap i think that is what im missing
<eagles0513875> ahh that is what i forgot doh
<eagles0513875> brb
<jrwren_> sudo mount -o remount,acl /
<jrwren_> :)
<eagles0513875> thanks jrwren_
<harushimo> openstack question: has anyone set it up here?
<harushimo> I'm using ubuntu server
<jrwren_> harushimo: yes, a bit.
<jrwren_> harushimo: one does not simply setup openstack :)
<harushimo> jwren: they are missing packages that i'm encountering
<jrwren_> which pkgs?
<jrwren_> are you using cloud archive?
<harushimo> jrwren: no
<jrwren_> use cloud archive
<harushimo> thank you. Is that where all the files are
<harushimo> jrwren: the packages are nova-conductor and neutron-server
<harushimo> I didn't get the keystone-all either
<jrwren_> given that neutro didn't exist until havana (rename), yes, you MUST use cloud archive to get those.
<harushimo> thank you so much. I'll add it to the source list
<jrwren_> the guide should have said to use cloud arhive
<harushimo> no it didn't
<harushimo> I'm using the one from openstack foundation
<harushimo> when I add the new site to get the application, add it to my source list and then do I need to do apt-get update
<jrwren_> http://docs.openstack.org/havana/install-guide/install/apt/content/basics-packages.html  says it is optional
<jrwren_> but its required to use a version newer than what shipped with that version of ubuntu server.
<harushimo> so I pretty much need to get everything again
<harushimo> I got most of the packages from ubuntu repository not the cloud repository correct?
<jrwren_> i think 12.04 shipped with folsom or maybe essex
<jrwren_> yes, if you didn't configure any other repo, then you got it from ubuntu repository
<harushimo> jrwren: I should be able update those packages even if I download them from cloud archive correct?
<jrwren_> yes
<harushimo> jrwren: perfect. let me try all of this. if I get anymore questions, I'll ask you. thanks
<jrwren_> yw
<eagles0513875> jrwren_: even with ACL permissions on /var/log i am not able to copy them on to my local machine :(
<jrwren_> eagles0513875: i'm not sure what copy you are trying
<eagles0513875> jrwren_: just drag and drop im on dolphin in this laptop as im running kde. im using the fish protocol
<eagles0513875> which is a fancy way to do sftp
<jrwren_> some files are still not readable. e.g. /var/log/syslog is 640 not 644 by default.
<jrwren_> eagles0513875: what exactly are you trying to do?
<eagles0513875> jrwren_: basically sftp the syslogs from this system for indepth analysis
<jrwren_> just syslogs? those get rotated, maybe setup a cron job to setfacl on them? or change logrotate to setfacl after rotating
<eagles0513875> jrwren_: i know they get rotated im wanting to pull the current syslog and the rotated ones
<jrwren_> sudo setfacl -m u:jrwren:r-- /var/log/syslog*
<jrwren_> and add setfacl -m u:jrwren:r-- /var/log/syslog to the postrotate section of /etc/logrotate.d/rsyslog
<eagles0513875> jrwren_: i have rx on /var/log
<jrwren_> so the permissions stay
<jrwren_> yes, that lets you read the contents of that directory. it means nothing about the individual files.
<eagles0513875> ahh ok
<eagles0513875> ok lets back track lol
<jrwren_> https://en.wikipedia.org/wiki/File_system_permissions
<eagles0513875> jrwren_:
<eagles0513875> would i need sudo in front of setfacl -m u:jrwren:r-- /var/log/syslog
<jrwren_> not in the postrotate section, no
<jrwren_> the rotate script already runs as root
<mgw> does dpkg-buildpackage automatically run make all?
<rbasak> mgw: not really. It runs "debian/rules build". What that does is down to debian/rules.
<rbasak> mgw: see: http://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules
<mgw> rbasak: that's what I thought too, but something seems to be calling "make all" during the build process
<rbasak> mgw: that's down to what debian/rules does. Often it uses debhelper, which ends up calling dh_autobuild or something
<mgw> yep
<mgw> dh build calls dh_autobuild
<mgw> which calls make
<mgw> so I can just override dh_autobuild
<mgw> right?
<rbasak> You can define a rule called override_dh_auto_build or something.
<rbasak> In there you can choose to call dh_auto_build or something else entirely.
<mgw> rbasak: yeah, that works. what about calling dh $@ --without auto_clean?
<mgw> (and auto_build)
<mgw> man dh seems to indicate you could do that, but it doesn't work
<mgw> looks like auto_clean doesn't count as an addon
<mgw> dh âlist does not include it
<rbasak> mgw: we're at the limit of my dh sequencer knowledge, sorry.
<rbasak> mgw: AIUI, using override_dh_auto_build is the accepted/recommended way of doing it.
<mgw> rbasak: thanks, I read man dh again and saw that, thanks
<rbasak> np
<mgw> I'm packaging a project. Can one package install multiple daemons, each with their own upstart config?
#ubuntu-server 2013-12-25
<jrwren_> mgw: yes
<mgw> jrwren_: are there docs somewhere on that? Do I just put multiple *.upstart scripts in debian dir?
<jrwren_> debian packaging docs are pretty good
<mgw> jrwren_: I'm looking at the man page for dh_installinit
<mgw> It looks to me like you'd do an override and then call it multiple times in the override
<jrwren_> sounds good. I don't knwo off hand
<sheptard> so does anyone have an idea as to why when I have 2 hosts use jumbo frames I get NFS server timeouts?
<sheptard> 2 hosts being server, client
<sheptard> everything else network related seems fine, I was able to move ~40TB of data without incident via zfs send over the network
<sheptard> both are running 13.10, 3.11.0-14-generic kernels
<pmatulis> sheptard: because your network cannot handle jumbo frames?
<sheptard> lol
<sheptard> derp
<sheptard> pmatulis: jumbo frames was turned off in the switch
<pmatulis> sheptard: bingo
<sheptard> pmatulis: tyvm
<pmatulis> sheptard: yw, merry xmas
<Smedles> wondering if anyone can help me diagnose an issue I periodically experience with my Ubuntu Server running 13.10...
<Smedles> every few weeks I experience issues where machine on the local LAN cannot connect to the server using it's internal LAN address - no matter which port - whether it be ssh, samba, webmin, http, etc
<Smedles> around the same time, server connections over the internet momentarily drop out (so quasselcore connection drops out)
<Smedles> sometimes these just go away, others I need to reboot the server then everything is good.
<Smedles> Any ideas?
<XATRIX> I think networking script is broken
<XATRIX> Hi
<XATRIX> xatrix@vox1-ua:~$ sudo service networking restart
<XATRIX> stop: Unknown instance:
<XATRIX> networking stop/waiting
<XATRIX> No way to fix it
<Ontani> Hi i'm trying to make an vpn connection but constantly getting: Couldn't set tty to PPP discipline: Invalid argument, i'm using the following config: http://paste.ubuntu.com/6633520/
<Ontani> http://paste.ubuntu.com/6633542/ my output while connecting
<Skinner> any recommended honeypot software to deploy on 12.04?
<bigie> hi guys..
<bigie> is there any app on ubuntu can centralized user authentication ?
<jpds> Why do they never stay for more than 5 minutes.
<jpds> Skinner> honeyd would of been your answer, bigie> LDAP and Kerberos exist for a reason.
<cfhowlett> jpds, OCD make the best sysadmins ...
<jpds> bigie> LDAP and Kerberos exist for a reason
<bigie> can you give me good step by step to do it? I'm new user in ubuntu :)
<jpds> bigie: It's not trivial to set up.
<jpds> bigie: https://help.ubuntu.com/12.04/serverguide/network-authentication.html
<bigie> jpds : thank's i'll give a try :)
<mrrothhcloud___> Any open source Dropbox like package that will allow me to roll my own private cloud
<thebwt> that.. marginally makes sense.
<thebwt> you mean private cloud-liek storage?
<thebwt> cloud-like?
<mrrothhcloud___> Yea
<mrrothhcloud___> And access my files anywhere like Dropbox
<thebwt> hmm not sure of any prepackaged solutions.. except like straight up ftp
<thebwt> is that undesirable?
<thebwt> sftp is super easy and can by mounted by various applications
<mrrothhcloud___> Oh how about owncloud
<thebwt> looks liek that works for a web interface
<mrrothhcloud___> Lame
<mrrothhcloud___> What mobile os do you use thebwt
<rbasak> mrrothhcloud___: owncloud as you've found. Also look into git-annex.
<mrrothhcloud___> Thanks
<vedic> I am running 3 servers on aws. Among these 3, one (the main) is accessible by the users over https connection. Remaining 2 I want to connect to the main via VPN. Is it possible?
<vedic> users <--https--> Main <--VPN--> Database server and Main <--VPN--> Data processing Server
<pmatulis> vedic: try openvpn
<vedic> pmatulis: Using openvpn, is that possible to have that sort of topology?
<pmatulis> vedic: sure, why not?
<vedic> pmatulis: Instead of establishing https connection for every database transaction I think vpn is much cheaper in that case
<vedic> ok
<vedic> Thanks
<pmatulis> vedic: a tunnel between 'main' & 'db' and a tunnel between 'main' & 'processing'
<vedic> pmatulis: yea
<pmatulis> vedic: if 'db' and 'processing' are on the same lan you can prolly do it with a single tunnel
<vedic> pmatulis: how?
<pmatulis> vedic: but since these are cloud instances i think 2 tunnels is the way to go
<vedic> pmatulis: yea, I was thinking the same
<pmatulis> vedic: are these servers and tunnels long term?
<pmatulis> vedic: if not, you may consider SSH-based VPNs
<vedic> pmatulis: yea, all 3 servers and tunnels needs to run 24x7
<pmatulis> vedic: ok
<jpds> vedic: openvpn/strongswan ipsec, they'd both work.
<vedic> jpds: Thanks. Didn't know about strongswan
<jpds> vedic: Otherwise, you can consider https://aws.amazon.com/vpc/ as an option.
<vedic> jpds: Wow. vpc seems the option I am looking for
<jpds> It does kind of tie you into Amazon though, but those are the three I would consider.
<jpds> And if you're paranoid as I am, you need to consider how your bits are flowing over the VPC.
<vedic> jpds: Didn't get what you mean by 'how your bits are flowing over the vpc'
<jpds> vedic: How do you know how Amazon are handling the packets going through the network?
<jpds> vedic: If there's any encryption, etc.
<vedic> jpds: Does that matter when tunnel is set between two end points.
<vedic> jpds: For VPC, I think they will be taking least path. Thought its assumption as I haven't read what aws does for VPC
<jpds> vedic: Is the tunnel encrypted? That's the thing.
<vedic> jpds: Hmm... that has point. If its not encrypted, its useless for me. I won't even opt for this. You never know if internally they change the routing mechanism
#ubuntu-server 2013-12-26
<ccha4> hello, about unattended-upgrades, how to set Unattended-Upgrade::Allowed-Origins for all origins ?
<ddsss> is there a way to prevent a program from accessing the internet?
<ewook> several. but, are you refering to simply blocking a sertain pid?
<ddsss> ewook, I know about apparmor - but is there some tool that would ask me if
<ddsss> ewook, as in "some gui tool" (blasphemy)
<yfgyugs87fy> WARNING       WARNING      WARNING,                       WARNING
<yfgyugs87fy> WARNING             WARNING              WARNING,     WARNING         WARNING
<yfgyugs87fy>  YOU MAY BE WATCHED
<yfgyugs87fy> YOU MAY BE WATCHED
<yfgyugs87fy>                 YOU MAY BE WATCHED
<yfgyugs87fy> Do usa&israel use chat&social communication prog(facebook&twitter) to collect informations,,,,can we call that spying!!!!
<yfgyugs87fy> Do usa&Israel use chat &facebook 2 spy?!?!?!?
<binaryhat> im trying to Log ufw to a seperate logfile--->http://vincom2.wordpress.com/2010/04/07/logging-ufw-to-a-seperate-logfile/ but no luck
<RoyK> binaryhat: tried ulog?
<binaryhat> ulog?
<RoyK> userspace logging from iptables
<binaryhat> how?
<RoyK> google it
<binaryhat> ok
<Diegonat> hi guys? I have an error with courier-imap. Basically, although everything seems to work, I have an error on my log file which is: imapd: Failed to connect to socket /tmp/fam-- . Any idea?
<koolhead17> zul: around
<Diegonat> hi guys? I have an error with courier-imap. Basically, although everything seems to work, I have an error on my log file which is: imapd: Failed to connect to socket /tmp/fam-- . Any idea?
<norkakn> If I change a forward rule in iptables, will it drop connections in progress?
<ewook> norkakn: do you have a separate rule for current (established) connections?
<norkakn> So, the goal is to create a mutex that will forward http requests to other ports, so it might be 80->8003, and I want to move that to 80->8004 without dropping any connections, and I'm wondering if that is possible
<norkakn> My hope is that switching around the forward rules in iptables will just kind of magically work, but it's been a long time since I've touched any of that stuff, and my brain is rusy
<patdk-lap> norkakn, if the change affects in progress connections, depends on how you setup your rules
<Markus84> Hey, I'm trying to launch a script I've witten with crontab. I want to submit a parameter for this script (e.g. * * * * * /home/markus/meh.sh myfunnyparameter) But this results in /bin/sh: 1: /home/markus/meh.sh myfunnyparameter not found. I checked the path several times, it is right. Is cron not able to pass the parameter?
<ewook> Markus84: yepp. check your quotation.
<ewook> Markus84: here's an example: http://stackoverflow.com/questions/5977923/multiple-query-string-items-in-crontab-job
<Markus84> ewook: I tried * * * * * "script.sh something". That's wrong I guess?
<Markus84> ewook: oh, I look at the link, thanks
#ubuntu-server 2013-12-27
<ewook> Markus84: I think that should contain an answer.
<ewook> Markus84: either way, it's a matter of the need to use qoutes.
<Markus84> ewook: thanks, hm, this confuses me. I tried this with the quotes, but no change. Still doing something wront. Just read about { script.sh parameter }
<Markus84> ewook: don't know what this does, but I'll give it a shot :)
<ewook> Markus84: I don't know exactly how cron interpets " , ' , ` . And I cannot recall how I do it :p.
<Markus84> ewook: thanks. This is so strange. Can't pass that one stupid parameter. Calling the script without any parameter just works fine. Meh
<ewook> Markus84: rework the script to if $1 = ' ' , $1 = whatever ? :p
<Markus84> ewook: finally. Got it. If this is somehow interesting for the log: -> * * * * * myscript.sh "parameter" <- in crontab and setting PATH in my script done the job
<ewook> aaaah
<ewook> Markus84: Nice one!
<Rallias> Is there a way to make my xen instance ONLY run with free CPU cycles?
<yfgyugs87> WARNING       WARNING      WARNING,                       WARNING
<yfgyugs87> WARNING             WARNING              WARNING,     WARNING         WARNING
<yfgyugs87>  YOU MAY BE WATCHED
<yfgyugs87> YOU MAY BE WATCHED
<yfgyugs87>                 YOU MAY BE WATCHED
<wo0f> my 13.10 installed on KVM is running the generic kernel (unlike the LTS, which runs with a 'virtual' kernel) is this normal?
<sarnold> wo0f: you can install the linux-image-virtual package if you'd rather have the 'virtual' variant; I can't recall what options are changed though, it may or may not be worthwhile if you only have a few instances running.
<wo0f> sarnold: ty
<SiliconG> Hello all -- I am trying to get apache 2.4.7 installed and running -
<SiliconG> I built it from source
<SiliconG> it is installed in the /opt/httpd/ directory
<SiliconG> when I try to start it I am getting an error
<SiliconG> Invalid command 'WSGIScriptAlias', perhaps misspelled or defined by a module not included in the server configuration
<SiliconG> I have determined that it means mod-wsgi is not installed -- I am struggling here
<sarnold> SiliconG: if you type 'which apachectl' do you get the path to the version you recently installed? does 'apachectl configtest' report the path to the configuration file that is being used?
<sarnold> SiliconG: I'm curious if the compiled apache is using e.g. config files in /etc/ or in /opt/ -- it is well worth finding out for sure which configuration file is being loaded :)
<SiliconG> well when I do which apachectl it shows the one that is installed in the /usr/sbin/apachectl folder
<SiliconG> it is using the config file in /opt/
<sarnold> SiliconG: okay, cool; you can find the 'WSGIScriptAlias' command in your config file and remove it, if you don't want wsgi support
<SiliconG> I do want support -- I want to have it included
<sarnold> aha; do you need to compile your apache with a specific ./configure --with-wsgi-support or similar command line option?
<SiliconG> so I do have to recompile
<SiliconG> that sucks
<sarnold> if you're lucky their makefiles will only recompile what's necessary..
<SiliconG> so I am a bit new to apache 2.4.7 -- what are the most common lamp stack modules that are needed
<SiliconG> sarnold:  are you running 2.4.7?
<SiliconG> I am wondering if there is a base starting point of modules
<sarnold> SiliconG: sorry, no, I tend to use nginx for my own servers, I find the syntax a little less annoying.
<sarnold> SiliconG: since I've done battle with apache configuration before, I often go hunting down relevant urls for folks in the apache documentation, that can be baffling for first-time users..
<SiliconG> got it - thanks
<sarnold> SiliconG: usually your application will need e.g. fastcgi or RACK or mod_php and you'll just have to install whatevre it is the application needs..
<SiliconG> I need mod_php also -- but that doesnt have to be included when building from source does it?
<sarnold> trying to plan for the common case up front will probably be enough to drive someone insane :) that gets you the moral equivalent of distro-packages, of course, they've got to be prepared to handle 95% of what users need...
<sarnold> I know some of the modules can be built after-the-fact, if you've got the headers around, but I don't know details there. sorry.
<SiliconG> sarnold: this is stupid the documentation on apache sucks so bad
<SiliconG> I cant get the configuration to work
<SiliconG> where the hell do they list what the options are so I can see what I can add to get this working
<SiliconG> there is no mod_wsgi anywhere in the httpd.conf
<SiliconG> this sucks
<tiblock> I have 8-10 ubuntu servers, is there any software that can send information (ram/cpu/hdd/swap/network usage,avg connections,hdd i/o speed,etc) to some software on windows?
<tiblock> so i can see what happens with servers
<koolhead17> zul: ping
<cfhowlett> koolhead17, pong
<koolhead17> cfhowlett: hellos
<cfhowlett> koolhead17, greetings
<chrisan> if i installed Redis via `sudo apt-get install redis-server` do I need to use God/Monit to make sure it stays running as daemon?
<chrisan> ubuntu 12.04
<triven> I am trying to implement NIC bonding but not able to find directory /etc/modprobe.d/arch  . Please guide me what is missing.
<TJ-> triven: What reference are you using that mandates using that location?
<triven> One moment please.. let me share the pdf with your
<triven> with you*
<triven> https://www.dropbox.com/s/rvgz38abzwhkger/pro_ubuntu_server_administration.pdf
<triven> page 25 bottom
<triven> I dont know weather I am allowed to share e-books here.
<triven> I am new here.
<TJ-> "25" ?
<triven> page 43(index 25) of pdf that I shared via dropbox
<TJ-> triven: thanks! I just noticed the PDF page numbers don't match
<triven> Listing 1-2
<TJ-> triven: which version of Ubuntu are you working with?
<TJ-> triven: That guide is 4 years old and somewhat out-of-date. I'd suggest you work from https://help.ubuntu.com/community/UbuntuBonding
<triven> I just downloaded ubuntu lts server iso from website .I  think its the latest one.
<TJ-> triven: I use bonding myself and the online guide is accurate
<triven> Okay ..:)
<triven> Even when i faced so many issues in first 25 pages as well. I will go with online mannual
<triven> you are so helpful
<oblivian> Anyone using postfix and dovecot on separate servers?
<pmatulis> oblivian: sounds pretty standard
<oblivian> Thought so, but what it the general approach, does Postfix deliver to a Dovecot server or does the Dovecot server fetch from the Postfix server?
<pmatulis> oblivian: the former
<TJ-> oblivian: Postfix delivers to mailboxes; Dovecot reads mailboxes, it is a 3-step process. The mailboxes can be read by many mail clients
<oblivian> Yes, I know. And it is easy to set up as long as everything is one the same host. I am wondering how Postfix delivers to mailboxes on remote servers.
<bekks> oblivian: That mechanism is called SMTP.
<oblivian> Well, here's my case. I need to set up a postfix server on server a which will be the MX for the domain, but all the actual mailbozxes (maildir) will be on a separate server in a different country. How to I deliver the emails received on the MX server (postfix) to the other server (dovecot). Are you saying I will have to use Postfix (SMTP) on both servers?
<TJ-> oblivian: Yes. The public SMTP will need to remote-relay to the private server's Postfix instance which will deliver to the local mailboxes
<oblivian> I.e. Server A (MX) Postfix, Server B Postfix/Dovecot?
<oblivian> OK, thanks that answers my question perfectly. Tnx.
<RoyK> rene_: hi
<renebarbosa> RoyK, hi
<catalase_> hello
<catalase_> i am attempting to install ubuntu server from usb stick
<catalase_> i copied the contents of the .iso to the usb stick
<catalase_> but there is no operating system found apparently lol
<JanC> catalase_: there is info on the download page about how to properly create an install stick...
<catalase_> can you please direct me to a page without using that shitty pendrive installer
<JanC> what's wrong with the "shitty pendrive installer"?
<catalase_> it has a penguin on it
<JanC> sorry, but I can't help with removing penguins
<shauno> I don't think you're meant to copy the *contents* of the iso.  you just write it directly to the device
<jpds> catalase_: Have you tried just using dd? There's a reason the images are hybird ISOs.
<jrgifford> anyone else getting fun mount errors with virtualbox, vagrant and the latest precise cloud images?
<vlad_starkov> Question: Installing 12.04 LTS 64bit. While installing it asked to choose the kernel. What should I choose? See sccreenshot http://cl.ly/image/1p2c0w043V3V
<vlad_starkov> *Ubuntu Server
<pmatulis> vlad_starkov: https://wiki.ubuntu.com/SecurityTeam/SecureBoot
<vlad_starkov> pmatulis: should I use Secure Boot?
<patdk-lap> can someone fix josephduffy
<patdk-lap> it's not his connection
<patdk-lap> remote host closed the connection != network loss :)
<JanC> patdk-lap: depends on what packets get lost  :)
<patdk-lap> :)
<vlad_starkov> Question: After install Ubuntu Server 12.04 64bit, got messages like "BUG: soft lockup â CPU#7 stuck for 22s". I can't even boot the system. Is it a known bug? Screenshot http://cl.ly/image/221D100o3W3S/o
<TJ-> vlad_starkov: looks like bad hardware; the driver loading is getting stuck
<TJ-> vlad_starkov: is that a Dell PowerEdge 1955 ?
<batta> ciao a tutti
#ubuntu-server 2013-12-28
<netritious> Hi, I'm currently in the middle of an apt-get upgrade and being prompted to select a disk to install grub to since the disk that grub was originally installed to is unavailable. I would like to stop the upgrade and insert the disk that has grub installed and used to boot the system, then restart the upgrade process. I'm assuming CTRL+Z, insert and mount disk, restart apt-get? Is there a safer way?
<patdk-lap> your method wouldn't work
<patdk-lap> ctrl-z is send to background, not quit
<netritious> patdk-lap: I just killed the dpkg process/sub-processes (not with CTRL+C -- you are right, that didn't work), inserted and mounted disk, and ran sudo dpkg --configure -a ... came back with no errors.
<netritious> How do I verify the version of grub installed on the device?
<netritious> I found it... grub-install -v . Apologies for the rookie questions. It's very early morning here and I'm usually asleep by now. Happy Holidays!
<krababbel> Hi, I want to create an LDAP server for central user management and a separate NFS server for serving home directories. I usually see tutorial about having the NFS server on the same machine as the LDAP server. In my case, should I simply setup the NFS server as an LDAP client (for auth), or are there some other issues to know about_
<bekks> krababbel: If you want authentication for NFS, you have to use NFSv4, and technically it doesnt matter where the NFS server is running then.
<krababbel> bekks: Does this mean, I'd need Kerberos as well please?
<bekks> krababbel: Yes.
<krababbel> bekks: I see, thank you very much.
<LeMike> hello. is it possible to have only access to the ssh root via a certain network while all other user can login as they like?
<RoyK> LeMike: see Match in the sshd_config manual
<RoyK> LeMike: found some info here http://blog.dhampir.no/content/ssh-how-to-permit-root-login-only-from-local-network-ip
<LeMike> thanks RoyK ! :)
<TJ-> LeMike: See sshd_config's "AllowUsers" and "DenyUsers", specifically the form "AllowUsers root@remote-hostname-or-IP"
<TJ-> LeMike: You can also use "AllowHosts" if you want a global restriction
<LeMike> I want only one network to allow logging in as root. I guess AllowUsers might do.
<LeMike> thanks :)
<hadifarnoud> when I use ssh tunnel, I get errors like this after a while. channel 27: open failed: administratively prohibited: open failed
<hadifarnoud> I used root account btw
<holstein> !root
<ubottu> Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<TheLordOfTime> hadifarn_: don't try and tunnel over the root acount
<TheLordOfTime> that will usually run into problems.
<hadifarn_> TheLordOfTime: I was trying to see if errors go away
<TheLordOfTime> as holstein said:
<TheLordOfTime> !root
<ubottu> Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<hadifarn_> I get same errors regardless TheLordOfTime
<holstein> i was thinking maybe its not really ubuntu.. maybe its a spin by a provider
<TheLordOfTime> could be
<hadifarn_> well, I have two providers. Linode and Rackspace. both are the same.
<hadifarn_> this is my ssh command : ssh -C -D 8080 user@domain.com
<hadifarn_> I don't understand what that error even means. channel 27: open failed: administratively prohibited: open failed
<holstein> hadifarn_: i would try as a normal user with no or less flags
<hadifarn_> holstein: you mean no -C then?
<holstein> hadifarn_: dropping -C should be easy enough
<hadifarn_> will give it a shot.
<holstein> hadifarn_: did you enable a root account?
<hadifarn_> holstein: yeah.
<hadifarn_> even tried with root accont holstein
<holstein> hadifarn_: i havent used a root account like that.. only as normal user from stock machines that i have installed to
<esde> I'd like to setup SSD Caching with a 60GB SSD and 1TB HDD, then install Ubuntu Server 12.04. I found this guide http://askubuntu.com/questions/252140/how-do-i-install-and-use-flashcache-bcache-to-cache-hdd-to-ssd/314464#314464 to set up bcache, but I do not understand the caveat at the end of the user's steps
<esde> *flashcache
<holstein> esde: the installation of grub is what is mentioned there
<holstein> manually dealing with that should be easy compared to the rest of it
<esde> ok, so dont worry until it's setup, then work on resolving that issue?
<holstein> esde: thats the way i read it.. but, i might personally prefer trying to covert a system that i have backed up or dont care if it gets messed up
<esde> thank you
#ubuntu-server 2013-12-29
<Nautilus> i am setting up a ubunter-server VPS app by app, (LAMP stack, postfix+dovecot, etc).   Now I'm wondering if theres a good preconfigured install out there. I'm probably just going to put a few personal sites on it but it might be neat if it was more shared hosting like, with separate logins to a control panel, etc.
<bekks> there are software solutions out there that may fit your needs, like cpanel, etc. - Personally, I wont recommend any of them.
<Nautilus> I was thinking that might be the case
<Nautilus> right now I've got nginx, MySQL, PHP, postfix+dovecot+spamassasin but still need to work on the authentication (LDS/something) for that.
<Nautilus> TLS? can't remember, kind of dropped the project as xmas came up
<mardraum> the authentication for what?
<TJ-> Nautilus: I've used VirtualMin with Webmin for years for the same purpose without any problems, with one user account per domain, and it doesn't interfere with any manual admin I do.
<Nautilus> mardraum: iirc, IMAP etc
<bekks> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<mardraum> Nautilus: add a user to the system?
<TJ-> bekks: That factoid is so wrong! I use webmin to manage many services on several serves and its never upset the Debian/Ubuntu way of doing things
<Nautilus> already have me and my brother, which is probably all it will have
<bekks> TJ-: That factoid is oh so true for a decade now.
<mardraum> Nautilus: then you should be able to use dovecot for imap just fine.
<TJ-> bekks: Not for the last 7 years that I've been using it
<bekks> TJ-: Just because you personally never experienced any issues it doesnt mean that webmin isnt known for breaking setups.
<Nautilus> mardraum: at this point I think it sends the password in clear text (without the auth stuff)?
<bekks> TJ-: And desupporting it wasnt a decision of a single person but a decision of several people more deep into the caveats of webmin than me.
<TJ-> bekks: Same can be said for update-manager, release-upgrade, et al. Maybe since that decision was made things have improved. I certainly stress-test it with unusual scenarios and webmin/virtualmin/usermin have never broken.
<bekks> TJ-: Well, it wasnt my decision. ButI strongly support it since I have seen too much setups broken by webmin.
<mardraum> Nautilus: setup a self signed cert and do SSL then
<Nautilus> yea I found what I was thinking of, SSL/TLS
<Nautilus> I think I'm pretty much setup at that point?
<Nautilus> hm, actually it would be nice to have some monitoring of the box, not sure what that would be exactly...
<TJ-> Nautilus: You can get as many TLS certs as you need for your domains from startSSL, and their CA widely recognised
<bekks> Nautilus: Use nagios for monitoring.
<Nautilus> aha, I've heard of that
<TJ-> Or Icinga, the nagios fork
<bekks> Or that, yes.
<TJ-> Cacti is useful for historic graphing, with SNMP and other sources
<Nautilus> ah, one TLS cert per domain?
<bekks> Sure.
<Nautilus> for what reason would I pick nagios or icinga?
<mardraum> the one you like the most?
<Nautilus> knowing 0% about each
<bekks> Nautilus: Personal preference.
<Nautilus> is one lighter weight than the other?  I suppose I mean CPU usage
<bekks> Depends on your configuration.
<Nautilus> gotcha
<TJ-> icinga when forked was intended to be more responsive to user requests, and implemented more client-side Javascript code for the UI, but remains backward compatible with nagios 3.x last time I tested it
<Nautilus> ok
<forresthopkinsa> Hi ppl
<forresthopkinsa> I have a quick question that I can't figure out
<forresthopkinsa> you know how, in the default command line, it shows $path $ <what you're typing>
<mardraum> the prompt
<forresthopkinsa> yesh
<forresthopkinsa> I just made a new user, and when I log into it using SSH, it doesn't show that.
<forresthopkinsa> It just shows the $
<forresthopkinsa> and it can't seem to access bash.bashrc aliases
<forresthopkinsa> ._.
<forresthopkinsa> when I use an alias, it says:
<forresthopkinsa> -sh: 1: <alias>: not found
<forresthopkinsa> the second time, it's
<forresthopkinsa> -sh: 2: <alias>: not found
<forresthopkinsa> etc.
<forresthopkinsa> would screenshots help?
<mardraum> what is their shell set to?
<forresthopkinsa> sorry I'm relatively new to this
<forresthopkinsa> only been doing it for a month or two
<forresthopkinsa> I don't know all the terminology, sorry to be a noob :/
<forresthopkinsa> uhm, their primary group is not their username
<forresthopkinsa> and their $PATH is /home/jacob
<forresthopkinsa> (username is jacob)
<forresthopkinsa> would screenshots help?
<forresthopkinsa> oh, ok so normally the prompt looks like this:
<forresthopkinsa> forrest@Neptune:~$
<forresthopkinsa> but on Jacob's profile, it's
<forresthopkinsa> $
<forresthopkinsa> http://imgur.com/ioU5RJ2
<forresthopkinsa> you will need to zoom in a bit, I know it's not high quality
<forresthopkinsa> as you can see, Jacob's prompt does nto contain the <user>@Neptune:~$
<forresthopkinsa> mardraum: help pls
<forresthopkinsa> http://imgur.com/ioU5RJ2
<triven> I have Ubuntu lts server installed on vbox on windows xp. When i run "sudo apt-get install apticron" I get "E:unable to get package apticorn". I have Ubuntu iso on virtual cd drive. Is it necessary to be connected on Internet to install package.
<triven> I think the package will get installed from iso file.
<bekks> That package does not exist. And for getting updated package lists, you need an internet connection.
<bekks> Well, it does exist, but isnt part of the installation cd.
<triven> okay thank :).. I am learning linux and quick response to my problems over here gives me more motivations . Everyone here is very helpful:):):)
<triven> bekks , I connected to Internet but still I am getting same message.. Please help me how I can I install this package.
<RoyK> triven: try apt-get update to update the index
<triven> RoyK, I think I am not properly connect to Internet. Let me try to fix it first.
<RoyK> triven: that would probably help, yes ;)
<aFeijo> I added a line to mount my www.box.com account using webdav, when I boot the server it asks for user and password, but it wont go thru it and the server never finish booting!!!
<Alina-malina> how can i run a virtual machine in ubuntu-server? is it possible to do?
<bekks> Sure.
<Alina-malina> is there any papers on how i may do that?
<bekks> Just install the hypervisor of your choice and create a virtual machine. I's recommend installing virtualbox, which has a very good documentation on www.virtualbox.org
<Alina-malina> bekks, virtalbox that with gui?
<bekks> Yes.
<bekks> It works without a GUI, too.
<Alina-malina> oh no i am not about gui, i need it all to be working in console mode
<bekks> Then use Virtualbox on console.
<Alina-malina> hmm, ok not sure if i am on my righ way but thanks, any other examples would be apreciated
<MrAndy> Editing the network/interfaces file to make a static LAN IP - do I have to add 'dns-nameservers' to that file aswell? The wanted dns servers have been setup in the router, however thinking logicly - how does it recive the dns setup if the settings in the server are static and no more uses DHCP to catch the DNS from.
<bekks> Alina-malina: xen, kvm, vmware.
<Alina-malina> as i have only ubuntu-server installed on my machine with console mode
<bekks> Alina-malina: I'd just use Virtualbox in console mode.
<Alina-malina> bekks, are those virtual machines ?
<Alina-malina> ok
<Alina-malina> need to practice with virtualbox
<bekks> Those are hypervisors.
<Alina-malina> i need virtual machine
<Alina-malina> should i install it with apt-get virtualbox?
<bekks> No. Follow the installation instructions in the virtualbox manual.
<Alina-malina> oh ok, thanks for information
<Alina-malina> hypervisors and virtual machine are not the same things right?
<bekks> No. A hypervisor runs virtual machines.
<Alina-malina> oh
<MrAndy> Pardon me for highlightning you bekks - but do you know the answer to my question?
<bekks> MrAndy: If you want a statically defined DNS server - yes, add that entry too.
<MrAndy> bekks - but if I dont, it'll just fetch it from the router, yes?
<bekks> MrAndy: No, then simply no DNS server will be used.
<MrAndy> bekks - Alright, thanks for your help and time.
<bekks> MrAndy: you're welcome.
#ubuntu-server 2014-12-22
<thor77> i added the universe-repos to my sources.list to install swig3.0 but it still doesn't work after sudo apt-get update, what's wrong?
<thor77> paste of my sources.list is following
<ikonia> !info swig3.0
<ubottu> swig3.0 (source: swig): Generate scripting interfaces to C/C++ code. In component universe, is optional. Version 3.0.2-1ubuntu1 (utopic), package size 902 kB, installed size 4435 kB
<thor77> http://pastie.org/private/otpc5oigb3dkbxpxkjbjq
<ikonia> thor77: can you pastebin the output of "sudo apt-get update" please.
<thor77> http://pastie.org/private/rqvqycqikkoqebqka1loa
<ikonia> and now apt-cache search swig please
<thor77> http://pastie.org/private/ph6zivoo71njrlk917oewq
<thor77> only swig and swig2.0 :/
<thor77> looks like there was an error adding the universe-repo
<ikonia> where ?
<thor77> _i_ think there was an error
<ikonia> ahhhh hang on
<ikonia> !info swig3.0 trusty
<ubottu> Package swig3.0 does not exist in trusty
<ikonia> yeah, it's not in trusty
<thor77> :O
<ikonia> it's in utopic
<thor77> what can i do now?
<ikonia> thats why you can't see it
<ikonia> sorry, missed that you where not on the current release
<thor77> http://img.thor77.org/22-12-14_01-36.png its the latest available at my hoster :(
<ikonia> 14.04 should have it
<ikonia> ahh wait
<ikonia> no it doesn't
<ikonia> sorry
<ikonia> utopic is the first to get it
<thor77> i have 14.04 installed
<ikonia> yeah, and it doesn't have it
<thor77> yes
<thor77> what can i do know?
<ikonia> so 14.10 is the first
<thor77> the only option is begging my server-provider to provide 14.10 images?
<ikonia> realistically
<ikonia> if you want to use stable supported repos
<thor77> :/
<thor77> can i download this package somewhere?
<thor77> i think i only need this one
<thor77> uhm, okey, i will start begging at my hoster to provide me a 14.10 image, thanks for your help ikonia :)
<teward> thor77: i could try and backport the package - it'd be in a ppa and i cant guarantee functionality but...
<kasad> aloha
<stbaby> rabbitmq
<LucidGuy> I have a linux server with an xfs filesystem thats access by both windows clients and linux nfs clients.  Does this mean that each file/directory contains both windows ACL and Linux ownership/permission information?
<lordievader> Good morning.
<thor77> yey, begging was successfull, i got an 14.10 image \o/
<esde> i've got 14.04 in read-only mode, logged in as a non-root user. im at a remote location currently. is there any hope for rebooting the machine or will i need to wait until i can physically reset the machine? (i can't switch user to root or use sudo)
<ikonia> esde: sudo reboot should still work
<ikonia> it doesn't require any write access apart from the securiy log which it should just warn on
<esde> http://pastebin.com/7znUhpJZ
<esde> ikonia, ^
<ikonia> what ?
<hariom> Hi, I am trying to create an upstart script on my remote server (on cli, no GUI). When I check the syntax using init-checkconfig I get this error: ERROR: failed to ask Upstart to check conf file
<LarsN> kirkland`: I have an orange box, and I'm having a small problem I hoped you could help me with.  Two of the 10 nodes aren't responding to the out of band tools.  one of them (node 7) powers on on AC restore, and since it doesn't respond out of band I can't power it off.
<LarsN> node 4 doesn't appear to be powering on (but  also isn't responding to the Out of band bits)
<LarsN> based on LEDs on the front of the chassis.
<MagicMystic> has NTP been updated for 14.04?
<MagicMystic> just saw the post about it...
<Pici> MagicMystic: I just ran an update a few hours ago and got it.
<MagicMystic> Pici: let the upgrade process begin! Just updated on 2 of 4 machines :-(
<LarsN> Is that NTP update "security" related?
<LarsN> is there a bulletin someone can point me at please?
<patdk-lap> do people not bother to read?
<LarsN> patdk-lap: I'd be happy to read.  I however don't read every page on the internet.
<LarsN> I guess I'll add http://www.ubuntu.com/usn/ to the list of daily pages
<MagicMystic> i don't read that's what #ubuntu-server i sfor :-P
<LarsN> for the most part, I pay the junior guys to read for me. ;)
<LarsN> looks like my nodes will all update between 23:00 and 01:00 tonight.
<LarsN> and firewall rules should prevent any badness between then and now.
<MagicMystic> so many of the issues seem theoretical...the chances of my little machines getting hit seem small
<MagicMystic> seem like someone attempting the attack would go after bigger fish
<MagicMystic> nonetheless, upgrading is a good idea
<patdk-lap> well, ubuntu sends out email alerts for all security updates
<patdk-lap> and it's posted
<patdk-lap> and well, kindof all over the place
<MagicMystic> patdk-lap: yeah...saw it first posted on ars a couple days ago or was it yesterday
<patdk-lap> ars?
<LarsN> I first saw it posted by MagicMystic about 30 minutes ago, above.
<LarsN> ars technica.
<patdk-lap> dunno, been posted all over the place, first saw it on the ntp mailing list
<LarsN> I can't join any more lists. they all get the same level of attention, which is filtered to another folder that hasn't been looked at in months.
<patdk-lap> same here, but attempts to read daily :)
<LarsN> that's what the Junior guys are for ;)
<patdk-lap> though, the unread count going up fast, is normally a given it needs to be read
<patdk-lap> or a flamewar
<thor77> i forgot to check the "install openssh server"-option on installation of my ubuntu-server, how can i reproduce it after installation?
<bekks> thor77: "sudo apt-get install openssh-server"
<thor77> it doesn't do anythin else?
<bekks> Hmm?
<thor77> i think it could be it would configure smth
<bekks> Thats done by installing it.
<iman> Hi, is that possible to close root user in ubuntu server, because every day i see a lot of logs hackers are trying to my server with root user and different password
<LarsN> iman: by default the root user doesn't have a password, and can't be accessed.
<LarsN> iman: you can further improve security by disabling password auth in ssh.  (/etc/ssh/sshd_config) and installing/configuring something like fail2ban or denyhosts
<LarsN> disabling password auth would require you to use ssh keys to log in remotely
<iman> LarsN: I have another username as root and i dont use root at all, can i do "sudo passwd -l root" ?
<LarsN> iman: unless I'm mistaken, that's the default state of the root users's password.
<LarsN> user's...
<bekks> iman: By default, you dont need to do that, because that would make using sudo impossible.
<bekks> LarsN: You are mistaken :) The root account is not locked, but it has no password "only". :)
<LarsN> bekks: rgr, yeah I opened man passwd, AFTER i typed that
<LarsN> you verified, before I got back here.
<dasjoe> bekks: locking the root account doesn't make sudo impossible by default, only if sudo always asks for the root user's password
<LarsN> the default state for user root however, is a "passwd -d"
<bekks> dasjoe: Locking the root user would mean that you cant get a root environment anymore, wouldnt it?
<bekks> dasjoe: So that effectively makes using sudo impossible.
<LarsN> bekks: the passwd -l just locks the password, not the account.
<LarsN> at least as I read the man page.
<dasjoe> bekks: afaik "locking" only means setting the /etc/passwd password field to x, which disables the password but not the account
<dasjoe> You can still log in via key files
<dasjoe> Or by using sudo when configured to ask for the sudoing user's password
<bekks> I have to test that out, for my own curiousity :)
<LarsN> iman: for your underlying problem of brute force attempts against ssh.  the two things I'd suggest are.  1: set password login to false in sshd_config
<LarsN> and 2: turn on either fail2ban or denyhosts
<dasjoe> bekks: I'm pretty sure, as somebody locked my account on a box but forgot to remove my authorized_keys file
<LarsN> this will help secure ALL the user's accounts against brute force.
<davidbowlby> hello all
<davidbowlby> I have a 14.04.1 LTS server that has a drive going bad and apparently I set it up to use LVM.  I'm trying to migrate the data (fully bootable move would be nice) to a smaller drive.  I've confirmed I'm nowhere near the space limit of the new drive, but since it's LVM, I'm afraid of missing something.  I have already created partitions, but am kinda clueless on what to do next.
<davidbowlby> if they were the same size I would just DD it
<dasjoe> davidbowlby: mount the old and new partitions, then rsync the data over?
<moonlight> anyone used kernel 3.18.1 on ubuntu server 14.04.1 lts?
<moonlight> http://www.yourownlinux.com/2014/12/how-to-install-linux-kernel-3-18-1-in-linux.html
<moonlight> i tried it but when i noticed, kern.log and syslog files grow in size
#ubuntu-server 2014-12-23
<moonlight> i also upgraded to linux-firmware to the latest cos the kern/syslog were mentioning ath9k
<moonlight> reinstalling 3.18.1 didnt do anything, files kept growing
<moonlight> had to go back to 3.13.0
<moonlight> i can reproduce the situation again, if anyone wants
<moonlight> i had to delete the kern/syslog files, they were like over 15gb each
<moonlight> and syslog was taking some cpu time
<moonlight> i should get back tomorrow, have a great night/day
<thor77> what can i do if the installation-setup says "couldnt install grup-pc to /target/"?
<thor77> what could be the problem?
<thor77> how can i solve it?
<moonlight> use grub2
<thor77> how can i do that?
<thor77> i only see this http://img.thor77.org/23-12-14_01-11.png
<thor77> but i could continue without installing a bootloader
<moonlight> you are probably attempting to install in a weird way maybe
<thor77> ?
<thor77> everything worked fine until this
<thor77> maybe something with partitioning went wrong?
<moonlight> probably
<moonlight> if ubuntu is the only os in the hdd, wipe the whole disk, setup one / and one sawp
<moonlight> and install normally
<thor77> okey, will try
<moonlight> also check the iso for burning/download errors
<moonlight> anyways, im out
<thor77> cant check the iso, its provided by my hoster
<thor77> if my server hoster uses lvm, have i to choose it at partitioning-time?
<davidbowlby> dasjoe, that's what I was thinking, but this LVM stuff makes me nervous
<davidbowlby> dasjoe, don't I have to do something to make the new drive LVM?
<dasjoe> davidbowlby: sure, if you want to use LVM on it
<davidbowlby> dasjoe, I want it to be a like for like, so I need to know how to set up the LVM
<davidbowlby> I created the partitions to match
<davidbowlby> just not sure how to do the LVM pieces
<thor77> is someone here hosting on 1fire?
<dasjoe> davidbowlby: sorry, I've got to go. Check https://wiki.ubuntu.com/Lvm
<TheRinger_> anyone here use ispconfig to manage their server ?
<hariom> How to check if upstart script is without syntax errors?
<lordievader> Good morning.
<Sling> in my /etc/network/interfaces I have an 'iface eth0 inet6 static' entry with a gateway, but the default route is not added on boot
<Sling> after manually doing 'ip -6 route add default via <ip> dev eth0 metric 1024' it works fine
<Sling> what is the proper way of adding a default route for a static native ipv6 configuration on ubuntu?
<thor77> rtzuioÃ¤#
<YamakasY> mhh does a nfsshare need full path rights ?
<thor77> WTF
<Noel> anyone know how to get ubuntu to boot on its own without flash drive
<White_Cat> hi
<White_Cat> I am trying to install ubuntu server to a new hp server
<White_Cat> I am able to boot into the installer and install ubuntu-server to the raid 5 array
<White_Cat> however it will not boot from the said array
<White_Cat> it did install grub
<White_Cat> It is an HP ProLiant DL380 Gen9
<White_Cat> I dont understand the problem since it is possible to write to the drives...
<White_Cat> http://www.ubuntu.com/certification/hardware/201409-15510/ <- it appears to be Ubuntu certifie
<pmatulis> White_Cat: any firmware updates for the raid controller available?
<pmatulis> White_Cat: or the BIOS
<pmatulis> White_Cat: do you have a single such machine with this problem or multiple?
<White_Cat> I have a single device so on a single device :)
<White_Cat> pmatulis before I mess with the firmware
<White_Cat> mind that ubuntu can install to the raid5 array
<White_Cat> it correctly identifies its size and installation completes fine, even intsalls grub
<White_Cat> what must I do for it to boot from the raid 5 array
<White_Cat> aside from possibly panicing
<thor77> which sftp-server is recomment for ubuntu-server 14.10?
<thor77> *recommend
<White_Cat> yeah
<White_Cat> 14.04.1
<White_Cat> sorry no that version above
<White_Cat> LTS
<White_Cat> oh
<White_Cat> I misread that entirely
<White_Cat> :(
<pmatulis> thor77: sftp is a subystem of openssh
<pmatulis> White_Cat: it sounds like you need to troubleshoot GRUB
<White_Cat> yeah
<pmatulis> White_Cat: so you only have one such machine?
<White_Cat> yes
<Sling> in my /etc/network/interfaces I have an 'iface eth0 inet6 static' entry with a gateway, but the default route is not added on boot, after manually doing 'ip -6 route add default via <ip> dev eth0 metric 1024' it works fine, question now is: what is the proper way of adding a default route for a static native ipv6 configuration on ubuntu?
<White_Cat> all I did was instert usb and install ubuntu server 14.04.1 LTS
<pmatulis> White_Cat: what actual error do you see?
<White_Cat> no error
<White_Cat> it just deosnt boor
<White_Cat> *boot
<White_Cat> as if no drive is inserted
<pmatulis> White_Cat: well get rid of the splash screen and get something onscreen
<White_Cat> I am completely lost
<moonlight> yellow, its me again, tried a different approach to get a latest kernel for my machine 3.13 to something more recent
<moonlight> http://www.wikihow.com/Update-Ubuntu-Kernel
<moonlight> found 3.16 listed
<pmatulis> White_Cat: then a easy to understand idea is to re-install with a non-debian-based OS.  if it works we can point at debian/ubuntu, if it doesn't we can point at the hardware/firmware
<White_Cat> pmatulis the only error like thing is it is demanding a UEFI enabled device or something like that
<Sling> ah nvm fixed my route issue
<moonlight> but same thing, installs the kernel, boots, and the syslog/kern logs get big over time
<pmatulis> White_Cat: ah EFI
<Sling> i had a typo in my /etc/network/interfaces -_-
<White_Cat> emphasis on the F in the abriviation
<pmatulis> White_Cat: turn it off in the BIOS
<White_Cat> it didnt boot with legacy either but I can give it a second attempt
<White_Cat> I imagine ubuntu does not support UEFI
<pmatulis> White_Cat: in theory it does, but hardware/firmware vendors can use a different implementation of it that can screw things up
<White_Cat> ah okay
<White_Cat> so good practice to disbale it then
<White_Cat> I was hesitant a bit but not anymore
<thor77> any idea why i cant connect to my vsftpd-server? vsftpd.conf: http://paste.ubuntu.com/9604019/
<thor77> filezilla says "connection timed out" after a few seconds
<thor77> it tries to connect through port 21
<Kartagis> thor77: try passive method
<White_Cat> pmatulis it somehow booted :o
<thor77> Kartagis: change "listen=NO" to "listen=YES" ?
<thor77> => still doesn't work
<Kartagis> no, that's not it. try using passive method in your ftp client, and if you can connect, try to figure out how to set the connection to passive in the conf file. unfortunately I can't help further, I'm busy
<pmatulis> White_Cat: w/o doing the BIOS stuff?
<White_Cat> pmatulis I did disable UEFI
<White_Cat> F*** UEFI :p
<pmatulis> White_Cat: ah ok, disabling it allowed it to boot
<White_Cat> not entirely
<White_Cat> I had to then select manual boot
<White_Cat> I selected hdd and it magically booted
<pmatulis> White_Cat: ok, the next boot should proceed w/o intervention
<White_Cat> just to make sure I am going to sacrifice a rubber chicken
<hariom> Hi guys, I am getting errors when I run this bash script from supervisord. http://paste.ubuntu.com/9604227/    touch: cannot touch   .../logs/gunicorn.log: Permission denied
<hariom> chown: cannot access .../logs/gunicorn.log: No such file or directory
<hariom> Hi guys, I am getting errors when I run this bash script from supervisord for running django app with gunicorn. http://paste.ubuntu.com/9604227/    touch: cannot touch   .../logs/gunicorn.log: Permission denied . I know its not django issue but if anybody who has encoutered this and resolved?
<shauno> hariom: if I read that correctly, your 'gunicorn.log' already exists, is owned by 'nobody', so 'adminuser1' can't touch it? (no write access)
<sergey_> How to disable directory index? I added "Options -Indexes" to my /etc/apache2/sites-available/site.conf, restarted apache but no result
<crazyhead42> I'm having trouble actually modifying my server from my phone, and my Dad had a similar problem on his computer. I'm getting an error 550 when I try to add a new folder. What should I do?
<Sling> crazyhead42: how are you modifying your server? trough what service? what modification?
<crazyhead42> adding another "directory" using FTP Cafe
<crazyhead42> or uploading files.
<crazyhead42> I am logged in as myself, and it works just fine for filezilla, but Filezilla is on my PC where my files are not.
<Sling> does your ftp server have logging? best to check those
<crazyhead42> ummmm... not if I have to set it up
<Sling> it's usually logging by default, if not to syslog then to its own log somewhere in /var/log/
<Sling> a 550 can be many things
<Sling> (if i were to guess though, filesystem permissions)
<crazyhead42> So why could Filezilla work then?
<crazyhead42> ummm, I see this, but I have no idea what I'm looking at
<crazyhead42> It looks almost like a list of commands?
<Sling> sure, that would make sense
<Sling> since your ftp client just issues series of commands
<Sling> what happens in those logs when you recreate the 550 error?
<Sling> (tip: tail -f /var/log/yourlogfilehere.log)
<crazyhead42> Let me reset that, because I just did something
<crazyhead42> Okay, it looks like it was just checking stuff
<crazyhead42> <noop
<crazyhead42> happened on my phone
<Sling> those are just keepalive commands, to keep the connection open
<crazyhead42> Oh.
<crazyhead42> I'm just viewing the dir, so I'm not sure I'm looking at the right stuff
<crazyhead42> Darn it, I have to go.
<crazyhead42> Bye
<Sling> ok, gl
<Prezident> How can i get tabs in ubuntu-server terminal?
<Prezident> is it possible?
<Sling> Prezident: ctrl+shift+t
<Prezident> thank you
<thor77> hi, i want to use owncloud 7 with ssl at a subdomain => i replaced the default-ssl.conf with the one from owncloud and i created a site to use the subdomain: http://paste.ubuntu.com/9606890/, how can i access the site with https now?
<Sling> thor77: so which vhosts do you have right now? could you paste the output of apache2ctl -S ?
<crazyhead42> Were you talking to me a minute ago, or is someone else active?
<Sling> you had the ftp issues right?
<Sling> but yes, the previous question was for somebody else
<crazyhead42> Yep, but now I have to reset up all my tools.
<thor77> Sling: http://paste.ubuntu.com/9607167/
<Sling> thor77: and SSL is working on that one *:443 vhost, and you want to enable it as well on the one you pasted before?
<crazyhead42> what was the address you gave me earlier?
<thor77> Sling: yes
<crazyhead42> "/var/" something I think
<Sling> thor77: so change the *:80 to *:443, copy the SSL* directives from your default ssl vhost to your cloud.crapwa.re vhost, and restart httpd
<Sling> crazyhead42: i don't think I gave an exact address, just an example like /var/log/logfile.log
<Sling> thor77: you could also make the *:80 vhost redirect to https automatically, just remove the documentroot in that case and put 'Redirect / https://cloud.crapwa.re/' there instead
<crazyhead42> I see a couple of things that say log, but not exactly sure which one I want. I have auth.log which I'm guessing have to do with logging on, syslog, kern.log and vsftpd.log
<Sling> crazyhead42: you were already looking at your ftp logs right? with commands in it
<thor77> Sling: like this http://paste.ubuntu.com/9607224/ ?
<thor77> it doesnt work..
<thor77> error: http://img.thor77.org/24-12-14_00-09.png
<Sling> thor77: yup, what is happening?
<crazyhead42> I don't think so, I was looking at the files in the folder
<Sling> thor77: what does the errorlog say?
<thor77> Sling: nothing
<Sling> thor77: is your certificate in /etc/ssl/private/ btw ?
<thor77> yes
<Sling> thats not the usual location, they are normally in /etc/ssl/ or /etc/ssl/certs/
<thor77> https://new.crapwa.re/ works, too
<Sling> so how does that vhost configuration differ from the one you just created?
<thor77> oh... looks like none of my ssl-sites work anymore...
<Sling> if you have more details than that, we could take a look :)
<crazyhead42> Okay, so I'm opening the logs, I think successfully, but they don't seem to be giving me any help. One, called faillog, just has ^@^@ repeated. Is there a way for me to watch my system's communications in action?
<Sling> crazyhead42: sure, you could 'tcpflow -c port ftp or ftp-data'
<Sling> might need to apt-get install tcpflow
<crazyhead42> "port" as in "port", or "port" as in the port?
<Sling> thats the literal command
<Sling> it will show all traffic over ports 20+21
<crazyhead42> wait, I think I'm using port 22 on filezilla and on this
<crazyhead42> I think.
<Sling> that would be scp then, over the ssh port
<crazyhead42> Oh, that would explain why only those two seem to work.
<crazyhead42> Okay, so what do I need to do to make my server allow file transfers and new directories being made from other ports?
<Sling> so you don't want to use scp? why not/
<Sling> I would advise using scp over ftp anytime
<crazyhead42> I want my ftp program on my phone to function.
<Sling> what do you want to accomplish with all this?
<qman> AndFTP supports SFTP
<crazyhead42> scp can remain active, but I kinda have files on my phone that I need to get off. Preferably without a USB port, cause that doesn't seem to work
<crazyhead42> And I want to be able to recieve files from other people's computers (such as my dad's)
<Sling> you don't need ftp for that
<Sling> plenty of apps on phones that support scp/sftp
<Sling> also on windows/linux/osx
<qman> FileZilla for windows
<Sling> or winscp
<crazyhead42> Well, my Filezilla seems to be working, but I'm not going to be able to dictate what my dad puts on his computer.
<qman> And its pretty much native on linux, almost all file managers have sftp/scp support
<Sling> crazyhead42: check what your dad has on his computer then, I'm sure its not a ftp-only client
<qman> For windows support specifically, samba is the best and most native option
<Sling> plain ftp is something people used 10 years ago, its insecure
<qman> *30 years ago
<Sling> also owncloud might be something you could look into
<Sling> if you want to sync files between devices
<qman> FTP should not be used in any situation today, with few exceptions
<qman> And even in those exception cases it's still far from optimal
<qman> For a detailed explanation why, http://mywiki.wooledge.org/FtpMustDie
<crazyhead42> I don't think I can just download another server software, I'd have to redownload everything I've uploaded, try to figure out how to get a boot-able writer on a flashdrive, physically remove my other harddrive to avoid corruption, and reset my Grub, if it doesn't get damaged in the process
<crazyhead42> I would prefer to avoid that if possible
<qman> Why would any of that be necessary?
<crazyhead42> Isn't owncloud a server os?
<qman> No
<qman> Its a web application
<crazyhead42> So it does what?
<qman> Provide an http interface to upload and download files
<Sling> im not sure if owncloud has proper mobile support though, never used it for that
<crazyhead42> okay, I suppose that makes sense...
<Sling> but lets try the easiest way first, check what protocols the software your dad uses supports
<crazyhead42> And it probably wouldn't for me. I'm still running gingerbread.
<crazyhead42> Not easiest.
<Sling> if it supports scp, you're good
<crazyhead42> I'd have to hack into his computer at the moment, he's not home
<Sling> okay, wait then ;)
<crazyhead42> Too much going on after he gets off.
<crazyhead42> The web interface does sound good, which I probably will want set up later
<crazyhead42> But can we work with my phone first?
<qman> There are other softwares to accomplish that task as well
<qman> For android, get andftp
<qman> Or any other sftp/scp capable client app
<qman> I'm sure there are many
<crazyhead42> is ftpcafe okay?
<crazyhead42> OH, sftp, right?
 * Sling is calling it a day, gn
<crazyhead42> uh oh, what's this "private key"?
<Sling> an alternative to using username&password
<crazyhead42> okay? so if I haven't done special configuration yet, can I ignore it?
#ubuntu-server 2014-12-24
<lordievader> Good morning.
<White_Cat> Hi, I have an ubuntu-server installation (14.04.1). My df -h looks like this: http://pastebin.com/yEsPAShd I installed with a usb flashdisk. Currently the computer does not boot without the flashdrive.
<bekks> What happens without the USB flashdrive?
<White_Cat> it cannot find an os to boot to
<bekks> Whats the exact error message?
<White_Cat> no boot disk
<White_Cat> its not an error from ubuntu
<bekks> Whats the _exact_ error, please?
<bekks> Not just parts of it.
<White_Cat> http://www.ubuntu.com/certification/hardware/201409-15510/
<White_Cat> My server seems to be ubuntu certified
<bekks> Can you please answer my question?
<White_Cat> bekks the exact error is that it cannot find a boot device
<White_Cat> it is configured to only look for cds, usb and hdds
<bekks> No.
<bekks> Just type the EXACT error. Dont tell us what you read there, or what you think the error is. Please just type the exact, unchanged error in here.
<White_Cat> I dont want to walk to the server room to paraphrase the exact error
<White_Cat> it is complaining about the absence of a valid boot drive
<White_Cat> as if grub doesnt exist
<bekks> Then install grub on a valid boot device instead of your USB flash.
<White_Cat> I have no idea how to do that
<White_Cat> it is on a raid 5 so I wonder if that is the problem
<White_Cat> but then it shouldnt boot with the usb drive either
<bekks> Hardware or Software RAID?
<lordievader> Is your bios capable of booting from raid5 (note I have no experience with raids)
<bekks> If it is a HW RAID controller, the BIOS/EFI can boot from it.
<White_Cat> it is hardware raid
<White_Cat> lordievader I am pretty sure bios should be able to boot from raid 5
<White_Cat> it had UEFI which I had to disable to boot at all
<White_Cat> I currently have ubuntu-server running
<White_Cat> but it will not reboot if I remove the USB flash drive
<White_Cat> I have too boot from the usb flash drive to boot from the hdds
<White_Cat> at first I thought I installed to the usb drive somehow but that doesnt seem to be the case based on df -h
<lordievader> Seems to me like you are piggybacking on the bootloader that is installed on the usb drive.
<White_Cat> I imagine so
<White_Cat> is there an ubuntu command to instll a boot loader
<bekks> Which Ubuntu release do you use?
<White_Cat> Ubuntu Server 14.04.1 LTS
<White_Cat> 64bit
<White_Cat> http://superuser.com/questions/176050/ubuntu-server-installed-from-usb-puts-grub-on-the-usb-drive-instead-of-the-hard
<White_Cat> is that something I should try?
<White_Cat> I really do not want to destroy my system :/
<bekks> !grub2
<ubottu> GRUB2 is the default Ubuntu boot manager. Lost GRUB after installing Windows? See https://help.ubuntu.com/community/RestoreGrub - For more information and troubleshooting for GRUB2 please refer to https://help.ubuntu.com/community/Grub2
<White_Cat> I havent installed windows
<White_Cat> I know what grub is
<White_Cat> all I ask is if the link I provide something raitonal for the problem i have
<bekks> White_Cat: So read what ubottu told you: "For more information and roubleshooting for GRUB2 please refer to https://help.ubuntu.com/community/Grub2".
<White_Cat> I just asked you if I should follow the information on the website I provided or not
<White_Cat> its 3 commands
<White_Cat> wouldnt it be easier just to specify that
<White_Cat> rather than dumping me an entire man page
<bekks> Well, I cant help you if you are refusing everything told. Good luck in soving your issue.
<White_Cat> a simple yes no is all I expect
<bekks> Since I gave you another link, the answer is "no".
<bekks> It is up to you.
<White_Cat> in that case possibly https://help.ubuntu.com/community/Grub2/Upgrading ?
<bekks> No
<White_Cat> so my only option is to read the entire Grub2 page and hope to the linux gods I do not break the machine entirey
<bekks> No. Your only option is to use your brain and find the section "Installing/Reinstalling/Moving GRUB2"
<bekks> Which is referenced in the TOC.
<White_Cat> it isnt a matter of brain power
<White_Cat> anyone with half a brain would be very hesitant to try things with the bootloader
<bekks> However. You got everything you need. I gotta run.
<White_Cat> I wish I had your confidence :)
<linuxmint> Hi, I have 3 HDDs. # df -h only shows /dev/sda and not /dev/sdb and /dev/sdc. Do I need to reformat HDD b and C?
<thor77> hi, i cant connect to my owncloud running on apache via https, my apache-site: http://paste.ubuntu.com/9610279/ yes, i enabled it, every https://... is redirected to my default site
<thor77> apache2ctl -S -> http://paste.ubuntu.com/9610304/
<MaasTic> Hello all
<MaasTic> Do anyone was able to submit a Windows 2012 image to the new MAAS (1.7) ? If yes, can you help me ?
<linuxmint> How can I setup multiple hard drives for storage? Parition wit LVM, mhddfs or RAID? I would like 1 HDD to store, then when full, I use the 2nd HDD. I am trying to avoid if 1 HDD breaks, the other HDDs won't work too.
<ikonia> linuxmint: you're looking for aa very bad way of storing data
<ikonia> linuxmint: the easy way would be to mount disk1, then when iit's filling up, mount disk2 under it
<linuxmint> ikonia: really, I don't know what the best idea is?
<ikonia> however lvm / raid would be a better approach, but as you want to stripe, that is a risk
<linuxmint> ikonia: yes, your idea sounds like what I'm looking for.
<linuxmint> ikonia: but doesn't lvm / raid make the HDDs vulnerable...if one breaks, they all break?
<ikonia> if you stripe, yes
<ikonia> as I said, "that is a risk"
<ikonia> this is why I said it's a very bad way of storing data at the start of the question
<linuxmint> ikonia: sorry, I'm confused. Does stripe mean when I run HDD1, then HDD2 when HDD1 is full. This seems safe to me?
<ikonia> linuxmint: it doesn't work like that
<ikonia> linuxmint: stripe means make the 2 disks into 1 big virtual disk
<linuxmint> ikonia: ok, well I think your idea of me just mounting HDD1, then mounting HDD2 when HDD1 is full. As long as HDD1 can still run the Ubuntu server OS.
<ikonia> linuxmint: it can
<linuxmint> ikonia: ok, well, I think manually mounting HDDs seems best for me for now, unless there's another possibility.
<ikonia> seems the most logical simple solution
<tom[]> how to install megactl, megacli etc. on 14.04?
<tom[]> http://hwraid.le-vert.net/wiki/DebianPackages
<kevindf> When starting my teamspeak server I get the error "sh: echo I/O error"
<kevindf> when excecuting the startup shell
<kevindf> Anyone know what might be the cause of that?
<hariom> I have ntp installed but my server clock is lagging about 8 minutes. How to fix this?
<Crell> Hi folks. I have a newly installed 14.04 ubuntu-server.  So far there's nothing on it but SSH and basic LAMP.  I am trying to copy old backup files over to it, but the server keeps losing its network connection.
<Crell> It will be fine for a while, then suddenly stop connecting mid-transfer (via rsync).  I need to reboot, and then it connects to the network fine again.
<Crell> Any idea what I should be checking?  syslog and dmesg didn't suggest anything obvious so far...  Running dhclient just pauses for a while then gives no output.
<Stuxnet> Hi everyone. Easy newbie question here due to lack of linux terminal navigational skills. My server was going through do-release-upgrade for 14.04 and before choosing Yes to download, I typed "D" for details. Now I don't know how to exit and go back to where I was so I can choose Yes to proceed.
<Stuxnet> I scrolled down to "END" and I'm stuck.
<Crell> Stuxnet: Is there a "back" anywhere on the screen?
<Stuxnet> No.
<Stuxnet> It doesn't appear to be vim or nano or anything.
<Crell> Is it a gui-ish window or just raw text?
<Stuxnet> raw text.
<Crell> Is there a colon at the bottom of the screen?
<Stuxnet> Yes!
<Crell> Then it's using "less".
<Crell> Try hitting Q
<Stuxnet> Awesome, thanks Crell
<Stuxnet> Worked.
<Crell> Sometime later type "man less" for more details on less.  Useful little tool.
<Crell> Use Q to get out of the man page then, too. :-)
<Stuxnet> Okay thanks. Is less the default ubuntu server text editor?
<Crell> It's not an editor; it's a text file viewer.
<Stuxnet> or viewer..
<Stuxnet> oh okay.
<Crell> It's the default viewer on... every system I've used in the last 10 years.
<Stuxnet> Ah.
<Crell> Lets you scroll up, down, search, and quit.
<Crell> And that's about all I ever do with it. :-)
<Stuxnet> Understood. I am Windows native and "grew up" with GUIs, I am even a newbie with command prompt, but I am experimenting with a home server so I am learning the terminal commands, it's fun though. Linux seems to be extremely easy and efficient.
<Crell> Once you get the hang of it, it usually is.
<Crell> Except when mystery errors happen, which has been my last 2-3 days. :-(
<Stuxnet> I knew I was stuck in some type of text file, just didn't know the commands. If I'm editing I'm usually in nano.
<Stuxnet> heh wow.
<Crell> A lot of linux commands are written on the assumption that you already know how to use them.
<Crell> That makes them very very efficient and fast to use once you do, but harder to pick up in the first place.
<Crell> Contrast with a typical GUI approach which emphasizes learnability over expert-efficiency.
<Crell> Different tradeoffs for different use cases.
<Stuxnet> Now that I am here, before I go, maybe somebody can point me in the right direction as this is probably a common thing: The server is headless and I manage it by SSH with PuTTY. It's my understanding that if you reboot the services like open-ssh don't start until you log in.
<Crell> Depends how they're configured.
<Crell> The default ssh configuration does start on boot.
<Crell> I think most that you install via apt start on boot by default...
<Stuxnet> Okay. I seem to rememebr not being able to log in again after reboot but I will test it and make sure.
<Crell> You definitely want to setup ssh keys, though, while you're there.
<Stuxnet> Right. That was approaching on my to do list :P
#ubuntu-server 2014-12-25
<shellox> hi
<shellox> I've just installed a ubuntu 14.04 vm and was wondering why the dynamic motd doesn't show the memory usage anymore
<shellox> does anyone know the reason behind that?
<patdk-lap> doesnt on 12.04 either
<shellox> really? i thought it looked like that by default
<shellox> https://scotte.github.io/images/dynamic-motd.png
<patdk-lap> it's never looked like that for me
<shellox> i see thanks
<Tobbe82> Hi Everyone, I just want to confirm if i'm in the right channel. I'm currently trying to set up a webserver using Ubuntu Server 14.04 & LAMP and having some issues. Is this the channel were I should ask for help about this issue?
<Tobbe82> And Merry Christmas btw ;)
<bekks> This is the channel to ask - merry christmas :)
<Tobbe82> Excellent :) I will be back later (Time for breakfast noms) :)
<lordievader> Tobbe82: What issues are you facing?
<Tobbe82> Well I am following a guide and I update /etc/apache2/sites-available/000-default.conf     & /etc/apache2/apache2.conf  to reflect my vsftpd priviliages to basically try and set the webserver site folder to my /home/user/www folder from the standard default /var/ folder.
<Tobbe82> now with the standard folder I can access the website from the webbrowser.
<Tobbe82> when I change it I get an "Access not permitted" issue in the browser
<Tobbe82> Is running a webserver from your /home directory disappreciated in Ubuntu server 14.04?
<Tobbe82> (I'm guessing there might also be a permission issue but I'm rather new to Ubuntu to troubleshoot myself)
<Tobbe82> any ideas on how to fix this?
<Tobbe82> gaming4life
<Tobbe82> lolz that was wrong chat window
<Novice201y> Hello. Where can I find tasks to do as a volunteer Ubuntu sysadmin?
<lordievader> Tobbe82: For home dir shares you might want to look into the userdir module: http://httpd.apache.org/docs/2.4/mod/mod_userdir.html
<Tobbe82> lordievader: thanks I'll look into that :)
<esde> merry christmas!
<Voyage> Hi
<Voyage> I have apache2 but want different users to see different websites. I think pointing apache for each site to a /home/user/www directory would be a good idea, where /home/user is the directory of that user who can view / change site files?. Ok, If I have a site.com at some /home/user1/www and want to point site.com/demo2 to /home/user2/www; is it possible?
<patdk-lap> look at using virtualhost
<patdk-lap> or maybe hmm, what is that plugin
<Voyage> yes, I know
<Voyage> is it possible by using virtaul hosts?
<patdk-lap> mod_vhost_alias
<patdk-lap> heh?
<patdk-lap> that is the definition of virtualhost
<Voyage> I thought it was only possible for subdomains
<Voyage> site.com/dir2      and site.com/dir2  can be of difference places. entirely different I mean
<Voyage> ?
<patdk-lap> what do subdomains have to do with anything?
<Voyage> hm
<patdk-lap> apache can only serve websites to ip addresses and hostnames
<Voyage>  I am installing a software that requirest json_extention. How can I install it on ubuntu? http://php.net/manual/en/function.json-decode.php
<Voyage> nevermind ^
<kaka> my ubuntu 14.04 x64 server showing 69 packages can be updated  30 updates are security updates
<kaka> how to do thsi
<kaka> how to do this
<kaka> please anyone help me
<queeq> This? http://serverfault.com/questions/270260/how-do-you-use-apt-get-to-only-install-critical-security-updates-on-ubuntu
<kaka> sorry but i am new in this can you please give command :)
<kaka> i read that article before
<queeq> Never did it myself, have just duck-duck-go'ed it for you
<queeq> As far as I see there's no simple command to install only security updates
<queeq> Ah, there's a one-liner in the end of this article: http://kx.cloudingenium.com/linux/ubuntu/install-security-updates-command-line-ubuntu/
<queeq> apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {'print $2'} | xargs apt-get install
<RoyK> kaka: or just "apt-get update && apt-get -y dist-upgrade && apt-get -y autoremove"
<RoyK> kaka: you can run those commands (separated by &&) separately if you like, and -y isn't needed for the last two, but I'm lazy
<kaka> i find this command somewhere on internet apt-get update && apt-get upgrade
<kaka> is this right
<RoyK> it is
<queeq> kaka, it will update everything, not only security updates
<RoyK> but I tend to use dist-upgrade
<RoyK> kaka: see the apt-get manual to see the difference
<kaka> what about this apt-get update && apt-get upgrade && apt-get dist-upgrade
<queeq> overkill
<RoyK> kaka: dist-upgrade implies upgrade
<queeq> dist-upgrade implies upgrade
<queeq> ha
<RoyK> :)
<queeq> :)
<queeq> Has been typing and not reading :D
<RoyK> hehe
<queeq> I know that theoretically dist-upgrade may cause some troubles. Never faced them though
<RoyK> haven't seen it either
<RoyK> and I manage a few servers...
<kaka> thanks for your help @queeq, @royK
<queeq> welcome
<JanC> actually, it is often a good idea to do an upgrade before you do a dist-upgrade
<RoyK> JanC: how come?
<JanC> less likely to get conflicts in dependency solving, I guess?
<JanC> in any case, it's what Debian's distro upgrade manual recommends IIRC
<RoyK> {{citation-needed}}
<JanC> or at least, they did in the past
<shauno> I believe they still do.  'citation' would be 4.4.5 in https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.en.html#upgrading-full
<JanC> """In some cases, doing the full upgrade (as described below) directly might remove large numbers of packages that you will want to keep. We therefore recommend a two-part upgrade process: first a minimal upgrade to overcome these conflicts, then a full upgrade [â¦]"""
<RoyK> thanks
<JanC> if APT doesn't propose to remove package on dist-upgrade it should be fine to use it immediately
<JanC> (and sometimes removing packages is right, of course)
<patdk-lap> the only time removing a package matters, is if you installed software not under the control of apt
<patdk-lap> like download/compiled/...
<patdk-lap> you might remove a dependence for it
<patel>  In ubuntu 14.04 x64 server how to run below command as root
<patel> apt-get update  apt-get -y upgrade
<patdk-lap> sudo
<patel> you mean to say sudo apt-get update and sudo apt-get -y upgrade
<patdk-lap> sure
<patel> i use digitalocean with ubuntu 14.04 x64 so how i reboot droplet by command
<patdk-lap> ask digitalocean?
<patel> thanks @pardk-lap
<kris|2> Ð¿ÑÐ¸Ð²ÐµÑ!
<kris|2> ÐµÑÑÑ ÐºÑÐ¾ ÑÑÑÑÐºÐ¸Ð¹?
<guntbert> !ru | kris|2
<ubottu> kris|2: ÐÐ¾Ð¶Ð°Ð»ÑÐ¹ÑÑÐ° Ð½Ð°Ð±ÐµÑÐ¸ÑÐµ /join #ubuntu-ru Ð´Ð»Ñ Ð¿Ð¾Ð»ÑÑÐµÐ½Ð¸Ñ Ð¿Ð¾Ð¼Ð¾ÑÐ¸ Ð½Ð° ÑÑÑÑÐºÐ¾Ð¼ ÑÐ·ÑÐºÐµ. | Pozhalujsta naberite /join #ubuntu-ru dlya polucheniya pomoshi na russkom yazyke.
<acmehandle> I can read Russian and communicate.  But I dont have russian fonts.  Would be cool if I could get those.
#ubuntu-server 2014-12-26
<acmehandle> I know I can use netstat to check network connections but how can I check say for example unix socket connections between applications?
<pmatulis> acmehandle: try lsof
<sergey> How to setup PHP's "mail" function to make it sending emails?
<bekks> sergey: you need to setup your mailserver, not "mail()" :)
<ikonia> "how do I do that...."
<sergey> bekks: How can I do it?
<ikonia> seems to be a large ammount of people at the moment seeming to be trying to setup php spam mailers
<sergey> ikonia: I need it for testing. It will spam only my email
<sergey> needed for "Contact Us" form on web site
<bekks> sergey: By carefully working through https://help.ubuntu.com/community/Postfix and setting up a mail server instance - and never ever forgetting to secure it and not turn it into a spam bot.
<ikonia> I wasn't talking about you specfically
<sergey> bekks: thanks
<linuxmint> I've tried fixing apache, but error: http://dpaste.com/1SM3B6R
<linuxmint> Oops, easy error. I fixed that, but web interface still doesn't load?
<jerrcs> uh, the config doesn't exist?
<jerrcs> can httpd read it?
<linuxmint> jerrcs: how can I test if httpd can read apache2.conf?
<jerrcs> look at the permissions. look at the error log files in /var/log/apache2 ?
<linuxmint> jerrcs: hmm, in /var/log/apache2/error.log, I see error: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message. I fixed this error, but web interface won't load. Logs shows http://dpaste.com/02PTV69
<jerrcs> okay, so the error on the actual terminal is probably the one you want to look at. have you reviewed the permissions?
<linuxmint> jerrcs: no, I'll check the apache2.conf permissions?
<jerrcs> yeah
<linuxmint> jerrcs: permissions seem fine and web interface loaded before. Not sure why its stopped yet? -rw-r--r-- 1 root root  7135 Dec 26 22:55 apache2.conf
<jerrcs> That looks fine. I'm not sure, sorry.
<jerrcs> You might have more luck in the Apache channel
<linuxmint> jerrcs: ok, thanks.
<jerrcs> linuxmint: try #httpd
<jerrcs> You'll get a lot better help in there
<YamakasY> jerrcs: hell no
<linuxmint> well, no action in #httpd, so still trying to make the web interface work on Ubuntu.
<linuxmint> I ran a command # apachectl -S, which output showed ok results I think. http://dpaste.com/0J36EPZ
<teward> it's called 'patience'
<linuxmint> teward: yes, well I have to go to bed now. It seems my IT issues are advanced and a bit too difficult for chat rooms to fix. I usually end up fixing on my own. Have another Ubuntu issue I'm working on since 20/09/2014.
<teward> that's the patience problem - he's not patient enough to get help
<teward> or chooses bad hours
<teward> anyways, back to beatin gthe command line >.>
<queeq> Does anyone has experience with streaming from webcam? I'm trying to use ffmpeg though standard configs give errors.
<teward> queeq: probably better to ask that in #ubuntu because webcams
<teward> (they're not typical with servers)
<queeq> Maybe...
<teward> but you could also wait here, just sayin.  :)
 * teward lurks
<linuxmint> I tried # /etc/init.d/apache2 status > # apache2 is running. But I can't tell if there's a fault there, as web interface still doesn't load?
<ikonia> web interface ?
<ikonia> what web interface ?
<linuxmint> ikonia: ZoneMinder web interface.
<ikonia> but that won't work if apache isn't running
<linuxmint> ikonia: yes, I suppose so. I have tested the ZoneMinder server with command # /etc/init.d/apache2 status, which shows output * apache2 is running.
<linuxmint> ikonia: I did find /etc/network/interfaces had the router old IP address, (I could still ping 192.168.1.163), so updated gateway IP and reboot, but same issue.
<linuxmint> ikonia: unless the device is on but faulty, or the device reset its IP address which I can't access. Anyway, I should still be able to see the ZoneMinder's web interaces as ZoneMinder server is running and I can ping the ZoneMinder server.
<linuxmint> ikonia: well, only other option is to rebuild the whole server again and test if it works and find the error, as noone seems to know how to find the problem?
<linuxmint> ikonia: a rebuild might take 3 hours, but finding the error (which I prefer to do) might take weeks or months.
<ikonia> linuxmint: I'm missing the point here
<ikonia> have you verified that apache is actually responding on the IP address you think it should
<linuxmint> ikonia: sorry, just trying to make the web interface show.
<ikonia> yes, but the web interface NEEDS apache
<linuxmint> ikonia: no, I didn't know that could be checked.
<ikonia> so that would seem a basic check
<ikonia> can you connect to port 80 on the ip address you think you should be able to
<linuxmint> ikonia: I'm not sure how to do that. I think I changed the port from 80 to 8063, to allow remote access.
<ikonia> linuxmint: "you think" - you need to be sure of that
<ikonia> attention to detail is critical, and it's pointless to debug things unless you know basic details as fact
<linuxmint> ikonia: well, yes, the port was changed from 80 to 8063, but I can't remember how to check that, unless it's in httpd.config or a file like that.
<ikonia> linuxmint: knowing how you changed the port is crital
<ikonia> but either way you can confirm you can connect to port 8063 on the IP you think it should be available on
<linuxmint> ikonia: yes, you're right. I referred to my history notes. /etc/apache2/ports.conf show syntax: Listen 8063. The URL worked. I tried before but maybe I made a typo.
<linuxmint> So, now the final issue is connecting to the actual camera, which isn't loading, but the camera is turned on.
<linuxmint> It is possible the camera reset its IP, but I need to think how to access the camera's set or default IP address.
<ikonia> is the carmera wireless/networked or connected via usb
<linuxmint> ikonia: networked.
<ikonia> ok - so thats just going to be accessed via web/url forwarding
<linuxmint> ikonia: ok. I typed in the camera's IP http://192.168.1.200:88, but error: This web page is not available. I can't do a ping test on the camera.
<linuxmint> The power is on.
<ikonia> so thats up to you to solve with the camera
<ikonia> thats not really anything to do with ubuntu
<linuxmint> ikonia: I did notice when plugging the PoE with LAN cable to WAN the wrong way around, it made a difference, but I'm pretty sure the cable is the right way around now.
<linuxmint> ikonia: ok then. Thank you.
#ubuntu-server 2014-12-27
<geoffmcc> join #ubuntu-bugs
<geoffmcc> clear
<notfadssss> having trouble getting past initial install of server on raid 1 hardware ;\ any help would be appreciated
<notfadssss> http://paste.ubuntu.com/9629215/  my boot logs
<notfadssss> if anyone can help me solve my initial reboot issues with my server I will paypal them or bitcoin them - http://paste.ubuntu.com/9629215/
<notfadssss> if anyone can help me solve my initial reboot issues with my server I will paypal them or bitcoin them - http://paste.ubuntu.com/9629215/
#ubuntu-server 2014-12-28
<DonRichie> Is it right that the file /etc/resolvconf/interface-order is only relevant when I configure multiple dns server in /etc/network/interfaces (including for example nameservers from dhcp)
<DonRichie> ?
<jak2000> hi all
<grendal_prime> can anyone help me out with configureing a simple dns server
<grendal_prime> that was a question
<grendal_prime> not a challenge
<grendal_prime> unless a challenge works faster
<DonRichie> grendal_prima: I have the same task at the moment :P
<grendal_prime> its all up and i can see requests in the server log, but it is just not sending the info back.
<grendal_prime> DonRichie, we can beat it up together
<teward> grendal_prime: perhaps https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-an-authoritative-only-dns-server-on-ubuntu-14-04 ?
<teward> or https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-14-04 even
<DonRichie> grendal_prime: do you use dnsmasq or bind?
<grendal_prime> bind9
<teward> (note of course they suggest using their DNS stuff, but still, the guide might work)
<DonRichie> me2
<grendal_prime> have2pbrb
<DonRichie> I recently mastered the client side dns configuration and digged deep enough to fully understand the resolvconf program.
<DonRichie> My bind9 is resolving domains out of the box after I installed and started it. Now I am at the point to tell bind something about my domain to make it "authorative" :)
<jak2000> not know why cant save a file on home of the user: see: http://pastie.org/9801426  any advice?
<grendal_prime> chmod that dir recursively to 775
<grendal_prime> chmod -R 775 usernamegoeshere
<DonRichie> grendal_prime: he uses sudo in that paste. I think he shoudl be able to write
<jak2000> grendal_prime?
<grendal_prime> syntax may be off...
<grendal_prime> sorry still cleaning up the box wine from christmass
<grendal_prime> DonRichie,  ya well i always assume at that point a person has sudo -s
<grendal_prime> sorry jak2000  did that work?
<grendal_prime> DonRichie,  you have teamviewer client?
<teward> i don't think it's safe or sane to use teamviewer over irc
<grendal_prime> ?
<DonRichie> grendal_prime: yes, but I am not sure if I can help you with your problem. I am also still learning
<grendal_prime> im not going to do that over irc
<grendal_prime> done are you getting resolution of local hosts?
<grendal_prime> sorry i meant DonRichie
<DonRichie> I get resolution of internet hosts, but didn't define a local zone yet
<grendal_prime> ya that aparently is the bitch
<grendal_prime> weird i cant believe this so complicated.
<DonRichie> I already did it a time ago and remember it was a little bit difficult. I will look in my old config files
<DonRichie> I think something changed. There are "db." files now. In my old config i used ".zone" files
<DonRichie> But maybe it is an operating system related behavior
<grendal_prime> DonRichie,  hey  im gonna try something a little bit unconventional...or just ill advised for a second.
<jak2000> grendal_prime: http://pastie.org/9801439
<grendal_prime> touch: cannot touch ârtom.shâ: Read-only file system
<grendal_prime> thats the biggie on that
<grendal_prime> reboot the machine.   is it a vm by chance?
<grendal_prime> you will get that with a bad live migration.
<grendal_prime> also a drive that is fked
<grendal_prime> ummm there are a few other things that will cause it, none of them a good idea. thing is jak2000 a typical reboot will usually fix it.  there was  some sort of threat to file integrity that apparomor or the kernel picked up. It put the entire drive into read only mode.
<grendal_prime> that way you dont loose your important shit.
<grendal_prime> Most default drive mounts are set up to remount into ro (read only) when serious file system issues arise.
<grendal_prime> jak2000,  ARE YOU READING THE WORDS COMING OFF OF MY FINGER TIPS?!!!
<jak2000> grendal_prime yes
<jak2000> rebooting. is a vps server
<jak2000> :)
<grendal_prime> vps?
<grendal_prime> whats a vps?
<DonRichie> virtual private serer
<DonRichie> *v
<jak2000> a server on the cloud
<grendal_prime> ooooo....ya those are sucky for alot of reasons.
<grendal_prime> well i mean unless you have a great idea for a startup
<grendal_prime> jake2000 did that work?
<grendal_prime> grrr..ya your welcome
<DonRichie> grendal_prime: how is it going? Did you beat up your DNS problem?
<grendal_prime> possibly
<grendal_prime> im starting from the gound up with an old friend
<grendal_prime> administrative spider
<DonRichie> I also needed to refresh my dns knowledge a bit. I am currently reading some stuff
<grendal_prime> had to clone a generic server
<grendal_prime> adding the typical bs to get it where i want it.
<grendal_prime> I WILL SLAY THIS DRAGON!!
<grendal_prime> I AM THE GRENDAL!!
<DonRichie> What do you mean with bs?
<grendal_prime> AH  you now..i like my servers very generic..so i have to set up authorized keys,
<DonRichie> grendal_prime: go and get that xp and loot
<grendal_prime> xp?
<DonRichie> experience points
<grendal_prime> I KILL THIS BS ON A DAILY BASIS....WOOP WOOP.. also fish i kill those allot as well.
<DonRichie> still dont know the abbreviation bs ^^
<grendal_prime> oh sorry. Bull shit.
<grendal_prime> its a rancher phrase.  commonly pronounced Booowl shit
<DonRichie> Ahhh, now I understand :)
<grendal_prime> what are you from england?
<DonRichie> Germany
<grendal_prime> ahhh...there ya have it...you guys blood pudding, warm beer and hot chicks with big tits.....precision, calipers and metric system.
<grendal_prime> here in americal we adjust things with an 8 pound hammer.
<grendal_prime> important stuff....while we are drunk.
<DonRichie> never ate blood pudding, drink  my beer cold, like big tits and also like the metric system
<grendal_prime> Not me mind you im a model citizen.   Im differnt.
<grendal_prime> dude...we should hang out...i like big tits and the metric system TOO!!!
<DonRichie> Sure, come over!
<grendal_prime> you got Xtra big tits and metric system stuff to go around?
<DonRichie> We should go to a club and measure the size of tits with the metric system.
<DonRichie> mÂ³
<grendal_prime> more importantly, there is density and gravitational equation to take into account
<grendal_prime> obviously you are dealing with the same dns issues im dealing with!
<DonRichie> I am currently at the point I should be able to try defining a zone
<grendal_prime> im using a tool
<grendal_prime> ill let you know how it goes
<DonRichie> okay :)
<grendal_prime> im kinda ending up at the same place...im missing something simple here
<DonRichie> If you weren't already using it u maybe can debug your problem by using "dig +trace +additional"
<DonRichie> To see where the resolution is hanging
<grendal_prime> this tool im trying makes the settings pretty simple. but im running into the same issue ihad before
<grendal_prime> so basically i just want a zone for my local network.  say i want that to be.  booksnmore.lan
<DonRichie> Okay. what is your problem at the moment?
<grendal_prime> so do i want a master slave stub forward or deligation zone?
<grendal_prime> it just doesnt seem to me it should be so damn hard
<DonRichie> Don't know if it helps but here is an old configuration I wrote: http://paste.ricl.de/?0f32918f75e7ef8d#V9v+5JJ1jVKCqdw1VPn+YBjMtQa3GYYnguEFmsLx1Bo=
<grendal_prime> its working as a cacheing server basically at this point. it is forwarding on dns requests to like google.
<grendal_prime> its just not seeing my local records.
<DonRichie> Can you show me your zone configuration? Maybe I have an idea what to do
<grendal_prime> if i have the clients network settings pointed to 192.168.15.250 as the dns server. and on that server there is an entry stating that zimbra1 is located at 192.168.15.249 than i should be able to ping that address
<DonRichie> grendal_prima: First, are you sure you speak to the correct DNS-Server?
<DonRichie> If yes: did you define search domain?
<DonRichie> on your clients
<DonRichie> If not you need to resolv the fqdn for example zimbra1.domain
<DonRichie> grendal_prime: And check that you did not forget the tailing "." in your domains
<grendal_prime> fuck
<grendal_prime> this is crazy.
<grendal_prime> now i remember why i have avoided this for so many years
<grendal_prime> oops did i think that or actually type it?
<grendal_prime> ok one step at a time...bind is installed.
<DonRichie> dns is fun :)
<grendal_prime> first thing i need is a forwarding zone right?
<grendal_prime> that way anything that is not in a local zone will be moved on to some other server correct?
<grendal_prime> im gonna use google.
<grendal_prime> by the way im trying to use the webmin module at this point.
<grendal_prime> that part works
<grendal_prime> i can ping things and it figures out what the addreses are. next. I need to set up a zone for internal addresses.
<grendal_prime> another master zone?
<DonRichie> you need 2 zones. 1 for forward lookups and 1 for reverse lookup
<grendal_prime> no reverse if for addresses to names. I dont care about that
<grendal_prime> i just need names to addresses
<grendal_prime> here is where this gets frustrating, this is pretty simple when dealing with a hosts file,
<grendal_prime> why it is that the server needs to be complicated about this in the first place makes no since to me.
<grendal_prime> this is rediculas
<grendal_prime> there are a hudred howtos on this..i cant find a single one that works
<grendal_prime> im starting over..setting up a small virtual network with one router as a gateway.  privete isolated netwrk that will have to go through that device,
<grendal_prime> it will act as the router/dns server.
<grendal_prime> one client.
<DonRichie> if you want I can take a look at your config files
<grendal_prime> give me 10 min
<DonRichie> k
<gblfxt_> hah, sounds like setting up zabbix, have to try different working methods at different points from different howto's.....
<grendal_prime> zabbix is easy
<grendal_prime> dude
<grendal_prime> DonRichie, prvt chat
<grendal_prime> we will need screen shareing and whatnot.
<jerrcs> why don't you just pastebin them?
<grendal_prime> that is slow
<jerrcs> no it's not?
<grendal_prime> direct screen access
<jerrcs> yeah, that's something i would never do
<grendal_prime> im not talking to you
<jerrcs> you're in a public channel, yes, you're talking to everyone, including me.
<jerrcs> don't be rude.
<grendal_prime> dude...im not going to screen share with you
<grendal_prime> or everone else here.
<grendal_prime> you obviously have not used the app before
<grendal_prime> it does not give the other individual any access other than viewing what you have on screen
<jerrcs> i'm saying you could just pastebin your configs (using something like wgetpaste, makes it <30 seconds to share that) and someone could help you
<grendal_prime> this requires a bit more than that
<grendal_prime> a birdseye view of the network creation and servers is sometiemes required...and you dont get it..this is all in a disposable environment
<grendal_prime> its all virtual on my own isolated dev network
<grendal_prime> i appreciate your concern.. however i do know what i am doing.
<jerrcs> no, it doesn't. it requires me to download proprietary software to establish a connection to your screen
<grendal_prime> im not talking to you
<jerrcs> which many work firewalls even block
<grendal_prime> i own my own nework. and blocking outbound connections on random ports is rather difficult.
<jerrcs> i'm not going to "force" to help you, but you shouldn't be so rude to people who are more than willing to help. in addition, not many people like unsolicited PMs. it helps other people resolve their issues if you express the concern publicly, especially since the channel is logged and someone might be able to find it useful in the future.
<grendal_prime> ill gladly post how we did this in the end
<grendal_prime> im going to show him the environment im building he will more than likely point out what im doing wrong.
<grendal_prime> i wasnt trying to be rude. I asked him to a private chate so as not to imposing on anyone else
<jerrcs> hopefully he's able to help. have fun
<grendal_prime> we have work to do i will talk to you later
<DonRichie> "more than likely": I am also still learning
<gblfxt_> ubuntu does not seem to like the external switch in hyperv
<grendal_prime> jerrcs,  this seems to be working really well so far we will let you know if we trip on our dicks
<jerrcs> um thanks for the update. i really don't need them though, thanks
<grendal_prime> he nailed it
<grendal_prime> we will be giving you an entire briefing in the mourning.
<grendal_prime> not your mourning though...ours
<grendal_prime> also i have to buy a new motorcycle for my kid tomorro, the report may be a day late
<grendal_prime> possibly 2
<grendal_prime> also i didnt get hacked, and i didnt have to hack anyone else, so i think its safe to say...in the end, we are both happy and un infected.
<grendal_prime> PEACE!!!
<jefinc> okay so at work I login to a domain with my username and password, and no matter what computer I login to all my stuff is the same... how do I create a server like that?
<kasad> aloha
<kasad> nobody seems to have idea so I came here to cry for  halp
<kasad> I am doing friend a favour, and due to change of plans, I now have  ~100GB ntfs partition that is unused, so I was thinking of formatting it to ext4 and mounting it as /home
<kasad> so my train of thought was like, format to ext4, mount it somewhere as say tmphome
<kasad> rsync, edit fstab, reboot & profit
<kasad> problem is home dir is encrypted
<kasad> will that affect the procedure or it doesn't matter since I am doing everything with appropriate privileges anyway
<Tobbe-82|Reinsta> Hi guys, so after having rebroken the server (ftp filepermissions) due to following a patchwork of online tutorials I figured I'd to a clean re-install of ubuntu server 14.04 and then ask you guys for block by block help to set up a webserver following industry standards.
<Tobbe-82|Reinsta> So far I have re-installed a clean install using disk lvm partitioning and just run apt-get update   &   apt-get upgrade.
<Tobbe-82|Reinsta> I'm guessing the first thing is to set up so I can telnet into the server using putty? If so, then how would I set it up using industry standards?
<kasad> Tobbe-82|Reinsta: I suggest you start from http://www.howtoforge.com/perfect-server-ubuntu-14.04-apache2-php-mysql-pureftpd-bind-dovecot-ispconfig-3
<kasad> there is step by step everything, leave out things like dovecot if you don't want imap/pop3
<kasad> or ispconfig if you plan to do everything by hand/scripts or maybe use some other solutions
<kasad> s/solutions/solution
<kasad> that's the easiest most straightforward guide I can think of right now for someone who is asking question which has "telnet into the server" in it. no offense
<kasad> anyone got idea how to rsync/copy/whatever encrypted home to new partition
<kasad> will it just be unencrypted?
<kasad> after copying
<kasad> or will I botch everything
<YamakasY> ah no! I get a 503 on my fpm install
<YamakasY> php-fpm and we cannot get it solved, just a basic setup
<Patrickdk> yay!
<YamakasY> no noy yay
<Patrickdk> exactly what does apt-get say when you install it?
<Patrickdk> I mean, you posted nothing, how can you expect results?
<YamakasY> Patrickdk: the only thing I get is  AH01074: Failed writing Environment to :
<YamakasY> Patrickdk: this is a good example http://www.binarytides.com/setup-apache-php-fpm-mod-proxy-fcgi-ubuntu/
<Patrickdk> what happened to all the stuff around that message
<YamakasY> nothing
<Tobbe-82|Reinsta> Is there a significant difference to running a MySql server or a MariaDB database?
<Patrickdk> define, good example? that looks like a tutorial
<YamakasY> Patrickdk: yes and we tested it, at least someone on ##php and that worked
<YamakasY> 14.04
<YamakasY> so I wonder what goes wrong, or what I can check on apache
<Patrickdk> check apache?
<Patrickdk> you said you got a 503 when installing fpm
<Patrickdk> so what is going on with apt-get?
<Patrickdk> how exactly is apt-get failing?
<Patrickdk> it is normally very verbose
<YamakasY> Patrickdk: huh what has apt-get to do with it ?
<YamakasY> my webbrowser says 503 on it :)
<Patrickdk> dunno about your webbrowser
<Patrickdk> you said you got a 503 on your fpm install
<Patrickdk> so what is wrong with the install?
<Patrickdk> I guess your not talking about the install at all
<Patrickdk> but in your php/apache config?
<Patrickdk> in that case, well, consult whatever php application your attempting to use
<YamakasY> nevermind
<grendal_prime> hey DonRichie pretty sure the entire issue was with the client and that dns-localdomain setting
<grendal_prime> i have a really great app for managing that entire process now that we know what needs to be dont...very slick server side application and web interface
<frain> Hello. I have just installed ubuntu server and faced and problem
<frain>  with Foregin keyboard layout , can't fix my configs with VI or anything :\
<frain> How does one install new layout?
<Patrickdk> define, layout
<Patrickdk> oh, keyboard
<frain> yeah
<Patrickdk> it asks you that at install time
<frain> Nope
<frain> VM
<Patrickdk> vm still has an installer
<Patrickdk> unless you mean some kind of vms
<frain> VM that automaticly installs os
<frain> no user install
<frain> :\
<Patrickdk> http://askubuntu.com/questions/155424/changing-tty-keyboard-layout-on-a-server
<frain> Thanks a bunch man
<Overand> So, I'm trying to figure something out.  (I'm looking at this on a 12.04 machine by the way) - is the linux-image-virtual kernel actually any different from the standard one?  I'm comparing a 3.2.0 kernel on my 12.04 machine with a 3.17 standard kernel on my (different distro) workstation, and the "virtual" 3.2 kernel is actually significantly larger
<Overand> based on a *very* brief overview of the kernel config, it doesn't look like there's actually any real difference in terms of what support is enabled.
<Overand> ugh, WOW.  there's almost no difference at all in the kernel config.  http://sprunge.us/RaAT?diff
<Patrickdk> there is a huge difference
<Patrickdk> they are the same exact kernel
<Patrickdk> except the virtual one, doesn't pull in all the extra kernel modules
<Overand> different scheduler, different number of max CPUs, a couple other things
<Overand> hm.  how so?
<grendal_prime> there is considerably less needed for the virtual kernels
<Overand> the config file is basically identical, folks
<Patrickdk> no ocfs module, I forget what else
<Overand> take a look at that diff i shared
<Patrickdk> who said the difference had ANYTHING to do with the kernel config file?
<Overand> that's the config of a -generic vs a -virtual
<Overand> ... then I'm confused.
<grendal_prime> because the hardware options are much less for the virtual ones.  remember one of the biggest things about virtualization is that the hardware appears to be the same no matter what arichtecture you are working on.
<Patrickdk> who said that -generic vs -virtual where compiled from different kernels?
<Overand> Folks, I understand what virtualization is.
<Overand> And I understand the idea of having less stuff.
<grendal_prime> you dont need a tone of different network card information to be in the kernel
<Overand> What I'm *not* understanding is where that difference is, if the kernel config files are almost identical
<Overand> There's no difference in what's compiled as a module or installed or what - unless that's NOT happening in the kernel config
<Patrickdk> Overand, again, what does the kernel config file have to do with anything?
<Patrickdk> what does the kernel config file have to do with package management?
<Overand> Patrickdk: Like I said - maybe I'm missing something, but my understanding is that the config file is what defines what modules get compuiled etc
<Patrickdk> Overand, it is
<Overand> Ok, what does package management have to do with anything?
<Patrickdk> but that has nothing to do with the -generic and -virtual packages
<Patrickdk> the modules are compiled
<Patrickdk> but they are not *included* into the package
<Patrickdk> you can add them if you want, or need them
<Patrickdk> but by default, they are not installed
<Patrickdk> where with -generic, they are
<Overand> hmm
<Overand> alright, that makes more sense
<Patrickdk> that is why the kernel made modules to start with
<Overand> I understand the idea of modules, I just hadn't considered that the primary difference between the virtual kernel and the generic one is the schedulers used and the inclusion of modules in the main package
<Patrickdk> the size difference is all cause of the modules not installed by default
<Overand> I understand that.
<Overand> I'd just figured there'd be a bit less stuff compiled into the kernel itself - both are 4.8 MB
<Annoyed> Greetings
<Overand> A lot of stuff I wouldn't expect, like CONFIG_BACKLIGHT_LCD_SUPPORT=y CONFIG_DRM_NOUVEAU_DEBUG=y - but that's likely just my lack of kernel internals understanding.
<Overand> I think I've probably literally reconfigured & compiled a 2.6 line kernel maybe 3 or 4 times, total.
<Annoyed> Seems to be some confusing things about server configuration. For example, ddclient. Installed ok, but it seems that you aren't supposed to directly edit config files, such as /etc/ddclient.conf ??
<Patrickdk> well, nouveau won't matter in a vm, cause nouveau won't be used
<Overand> I guess this all comes down to me wondering why the boot times seem so diffrent now than in the first JeOS releases I used (which may well have been 8.04?)  And it's likely not all that much kernel-related.
<Patrickdk> unless you passthough a video card, but then you probably want it then
<Patrickdk> how is it different?
<Overand> One thing I've never been quite clear on re: the kernel is actually how much impact having device support compiled in has on ANYTHING if the device isn't present.
<Patrickdk> 12.04 uses upstart, instead of sysv in 8.04
<Overand> (minus the increased security attack surface, kernel file size, etc)
<Patrickdk> that depends on the module
<Patrickdk> the module might be 100% outside the kernel, or 90%, or like 50%
<Overand> well, i may not have been clear.
<Overand> Let's say I went through that virtual kernel config, and took out *everything* compiled in or set up as a module that isn't relevant to - say - running on KVM with virtio devices.
<Annoyed> I am used to editing config files  by hand.  Is this going to be a problem with Ubuntu server ?
<Overand> How much impact would that *actually* have on stuff like boot time?  (or even performance)
<Overand> Annoyed: not in my experience.  I edit plenty of stuff by hand.
<Patrickdk> you can edit anything you want
<Patrickdk> the problem is when you upgrade/update :)
<Overand> Annoyed: there are *some* things that y ou don't want to edit by hand even in most distros, if the config files are generated by something.  Like on Arch, which is EXTREMELY "do it yourself," you don't want to edit grub config by hand, generally, because there's a whoel grub detection thing most people use
<Overand> but i don't recall anything of the sort on Ubuntu other than exim config if you set it up that way, and maybe grub
<Patrickdk> overand, if your thinking the modules are affecting boot time, your off the mark
<Patrickdk> normally what affects 95% of your boot time, is starting up all the init scripts
<Overand> Patrickdk: modules i'd not expect as much.  compiled-in stuff i'm not sure about but yeah
<Patrickdk> this is why upstart was made, and why systemd was created
<Overand> it doesm ake sense that everything's scripts
<Overand> One thing I like about systemd is that it's got the "bootchart" functionality built in
<Overand> that's SO nice
<Patrickdk> last I looked, systemd was still a collection of scripts
<Patrickdk> atleast for startup scripts
<Patrickdk> in my little usage of rhel7
<Annoyed> That's what I'm concerned with. For example, ddclient. will debconf (or something else) change /etc/ddclient.conf  if I set it up manually?
<Overand> " systemd-analyze" etc
<Overand> Annoyed: i cannot imagine why debconf would upadte it and not ask you
<Overand> Can you provide context for "it seems you're not supposed to edit it directly?"
<Patrickdk> I don't see anything that says don't edit it
<Patrickdk> it only says, THIS IS AN EXAMPLE FILE
<Annoyed> Well, for example. ddclient. the top of the file says "Configuration file for ddclient generated by debconf"
<Patrickdk> mine doesn't say that
<Annoyed> file is /etc/ddclient.conf
<Overand> when you installed, did you get a whole debconf prompt?
<Annoyed> No, used a GUI installer. The apt-get system seems very difficult to use from command line..
<Patrickdk> apt-get install ddclient
<Patrickdk> seems much more simpler than gui :)
<Overand> ...
<Overand> Annoyed: Is there a good reason for you to be using a GUI on your server?
<Overand> anyway - https://wiki.debian.org/debconf
<Annoyed> Overand : Yes, it seems that command line is crazy convoluted for some things.. For example, many packages have numerous optional components. No idea how you select options using command-line apt-get
 * RoyK doesn't like systemd
<Annoyed> So I chose to install a bare bones GUI to get some of the GUI tools, such as software center
<Patrickdk> you just install the optional components
<Annoyed> And how do you know what they are?
<Patrickdk> normally when you install the main package, it says, suggested install, xxxx
<Patrickdk> search for them?
<Patrickdk> apt-cache search xxxx
<Patrickdk> apt-cache show yyyy (of the main package)
<Annoyed> Hmmm... didn't have much luck  with that earlier
<Annoyed> But I've got that part solved with the GUI, which is not running all the time anyway.
<Overand> meh
<Overand> Annoyed: if you want a 'gui' maybe use 'aptitude'
<Overand> software-center seems insane, to me, to use on a server
<Overand> at least use synaptic, maybe?  (is that included, still?
<Annoyed> And how do you go about controlling services? what runs at startup, what doesn't.  It seems to be running more than one way to control this. something called upstart...., as well as the older rc-update style
<Overand> aptitude is a CLI 'gui'
<Annoyed> Yeah, I tried  Aptitude, some success with that.
<Overand> https://www.google.com/search?q=ubuntu+server+control+startup+services result 3 is https://www.google.com/search?q=ubuntu+server+control+startup+services which suggests 'bum' or 'rconf' but i'v never used either
<Annoyed> Hmmm.. that looks interesting.   So the old update-rc.d  is out the window?
<Overand> TBH I have no idea, I haven't had to enable or disable anything on my few 14.04 machines
<Annoyed> One other silly question for now, anyway... It's not referring to network interfaces by the usual eth(x) terms... it calls my uplink interface " p2p1" for example.
<Annoyed> Can I use that name whereever I would  normally have used eth0 for example?
<Patrickdk> sure
<Patrickdk> that name is what the nic calls itself
<teward> or rather, what the system calls the nick
<Annoyed> What is the point of making changes like this? Why not just call it eth(x) ? seems to be unneeded complexity
<Overand> Annoyed: Yeah.  That's been a long time coming - it's "predictable, reliable nic names"
<Overand> Annoyed: eth0 is great if you only ever have one NIC
<Patrickdk> eth has worked fine for me, with 12+ nics
<Patrickdk> this new nic naming has caused me nothing but problems
<Overand> eth0 is terrible if you have multiple NICs and your boot performance changes a tiny bit and a different NIC gets eth0 vs eth1 each time
<Patrickdk> due to the renaming not working, due to conflicts
<Annoyed> It's got 3... but i've always been able to tell 'em apart.
<Patrickdk> then I end up with nics randmoly called renamex
<Overand> does ubuntu use the same nic naming stuff as arch?
<Patrickdk> udev is the reliable way to name them
<Overand> and udev is fine
<Patrickdk> if you don't like it, uninstall that biosdevname package
<Overand> If anyone wants to read about it in SystemD:  http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
<Patrickdk> don't want to read anything about systemd
<Overand> (I have no diea if 14.04 is on systemd - i didn't think it was)
<Overand> Patrickdk: heh - I feel you on that.
<Patrickdk> 14.04 plays with systemd, but doesn't really use it
<Overand> Though the justification for predictable nic names is worthwhile
<maswan> I found that the new names were less stable than the old ones
<Overand> i've had no issues with it on arch w/systemd, haven't tried it on ubuntu
<Overand> and i've got a weird mix of nics, PCI, PCIe, onboard, addon, etc
<maswan> I hope this will be better in future LTSen than 14.04
<Patrickdk> how *much* of systemd does arch use?
<Patrickdk> I have noticed systemd has been recreating every single cve that other programs have solved for years, all over again
<Overand> Patrickdk: Yeah.  SystemD is...
<Patrickdk> in it's attempt to, merge everything
<Overand> well, let's just say it's contentious
<Overand> and obviously there are some implementation problems
<Annoyed> Hmmm... I don't have any more  time to play with this now... but I think the  devs could learn a thing for Star Trek's "Scotty"... The more you overthink the plumbing, the easier it is to stop up the drain.
<Overand> i'm not sure that the problems it's solving are worth the hassle
<Overand> Annoyed: Honestly, I'm fine with the way persistent nic naming has been handled on my (non-ubuntu) systems.  I think it's great.
<Overand> I think anyone using /dev/sda / eth0 type naming on a system that might ever have more than one nic or disk is insane
<Patrickdk> how so?
<Patrickdk> this is what udev is for
<Patrickdk> when the system find a nic, it consults udev to name it
<Patrickdk> and udev gives it a name
<Annoyed> I'm fine with the old way.. hell, the disk formatting utility  thought the first drive in the system was sdb, for example. Scared the shiznit out me when I spotted that
<Patrickdk> no conflicts, no issues, it just works
<Annoyed> Anyway, thanks for the info.
<Patrickdk> now, if you replace a nic, then you just update your udev with the new mac, and it's all good again
<Patrickdk> with this new naming
<Patrickdk> who knows what it will be called
<Patrickdk> and I don't want to change it in 20+ different config files
<Overand> Patrickdk: that does work 'fine'
<Overand> But it's also more work, in some ways
<Patrickdk> how is it more work?
<Overand> tracking - and even touching - udev.  at all, ever
<Patrickdk> ubuntu adds new persistant entries to udev for each nic, since, well, as long as I can remember
<Patrickdk> you only have to edit 1 single file :)
<Patrickdk> in /etc/udev/rules.d/70-persistant-net
<Overand> so i suppose you could always just repoint stuff to 'eth7' when you replace your primary nic etc etc
<Overand> yes, i'm familiar with it
<Overand> let me rephrase:
<Overand> I think anyone using /dev/sda / eth0 type naming on a system that might ever have more than one nic or disk is insane, *if they're not using and familiar with udev*
<Overand> I suppose the idea of systemd/nic naming/etc stuff is to 'hide' udev
<Annoyed> Have a good afternoon
<YamakasY> more people having issues with php-fpm on 14.04 ?
 * Patrickdk is having no issues
<teward> YamakasY: no issues here
<teward> except when i screw up my chmod commands :P
<YamakasY> mhh I'm having 503's and some strange  AH01075: Error dispatching request to :
<YamakasY> teward: you connect on IP or socket ?
<teward> YamakasY: depends on the server, on my 12.04 one, both, 14.04 and later, socket only since that patch that made php5-fpm socket-listen by default in Debian with 5.4 i think it was was mine
<teward> (I have multiple 12.04 servers ;P)
<YamakasY> yeah I'm on 14.04 so I use IP
<YamakasY> and socket seems to have some performance issues ?
<teward> YamakasY: haven't seen any performance issues comparatively
<YamakasY> teward: I have read about them
<YamakasY> bu ok
<YamakasY> but
<teward> YamakasY: read, or witnessed?
<YamakasY> teward: yeah there were some tests with it
<teward> i said *witnessed* as in witnessed it yourself :P
<YamakasY> teward: nope but I din't want to go the wrong path :)
<YamakasY> but I wonder wht I cannot telnet my local port 9000
<teward> because telnet is evil
<teward> not sure why you'd be telnetting to php though
<YamakasY> no to see of the port responds
<YamakasY> teward: but ok, this was the idea, but I get these errors :S
<teward> YamakasY: in telnet?
<YamakasY> teward: no to see why it doesn't connect to my listening IP
<YamakasY> debugging already all day
<jerrcs> netstat -tunap | grep :80
<jerrcs> ?
<YamakasY> no 9000 :)
<teward> YamakasY: netstat -tunap | grep :9000
<teward> ^ maybe that?
<jerrcs> you weren't specific enough.
<YamakasY> teward: yes it listens
<jerrcs> you said it wasn't connecting to your listening IP
<teward> jerrcs: for PHP
<teward> (scroll up)
<YamakasY> uhm
<jerrcs> I did
<YamakasY> yes
<jerrcs> In that case, he needs to be more specific that he cannot conect to his php-fpm socket.
<YamakasY> indeed
<YamakasY> I have it listen on 9000 on localhost
<jerrcs> ah ok
<teward> YamakasY: what's returning the 503s?
<YamakasY> and when I access a page I get a 503 and:
<YamakasY> [Sun Dec 28 21:48:42.928672 2014] [proxy_fcgi:error] [pid 4924] [client 172.16.29.6:53211] AH01067: Failed to read FastCGI header
<YamakasY> [Sun Dec 28 21:48:42.928757 2014] [proxy_fcgi:error] [pid 4924] (104)Connection reset by peer: [client 172.16.29.6:53211] AH01075: Error dispatching request to :
<teward> doesn't answer what's actually returning the 503s
<YamakasY> apache I guess ?
<Patrickdk> that says port 9000 is working fine
<Patrickdk> but that your not TALKING fcgi
<jerrcs> maybe this is a dumb question, but are your PHP scripts working just fine? as in, using php-cli (php index.php)
<YamakasY> they were, will check a simple one
<jerrcs> ok
<jerrcs> the other thing I could think of that causes me grief sometimes, is the open tags. sometimes php-fpm reads a different php.ini than the CLI version of PHP.
<YamakasY> yap parses well
<jerrcs> ok just checking
<YamakasY> always good
<jerrcs> can php-fpm give you any logs/debug info?
<YamakasY> jerrcs: what I just pasted
<jerrcs> that's apache.
<jerrcs> php-fpm.log, or something like that.
<YamakasY> oh dan indeed
<YamakasY> sorry
<YamakasY> jerrcs: the test performs well on start it says
<jerrcs> hmm, it's been awhile since I used php-fpm, but I believe you can increase the verbosity of the log files to perhaps show you php errors or failures in php-fpm
<YamakasY> mhh testing out
<YamakasY> nope nothing and strace didn't gave me anything
<YamakasY> jerrcs: mhh what shall I try
<jerrcs> i'm not sure, sorry
<YamakasY> me neither
<jerrcs> the only thing I could think of is maybe asking in a more specific channel, if they have any PHP or PHP-FPM channels.
<YamakasY> yes we did debug on ##php but same issue we cannot find it
<YamakasY> fpm seems to be a pain following the guys there
<YamakasY> Patrickdk: you any clue ?
<Patrickdk> without any info or context? no
<YamakasY> Patrickdk: I have you the tut earlier, just using those settings and getting what I showed here
<Patrickdk> posting a tutorial to me does not help
<Patrickdk> I cannot see the logs you have
<Patrickdk> I can not see if you FOLLOWED the tutorial correctly
<Patrickdk> and I can not see if there is anything else going on, outside of the scope of the tutorial
<Patrickdk> I am clearly not going assume you did everything the way the tutorial says to do it, and setup your system the exact same way
<Patrickdk> cause if that was the case, there wouldn't be any problems
<Patrickdk> and if that was the case, there would only be 1 tutorial existing to setup php, not millions
<YamakasY> Patrickdk: that tut works, we tested it on ##php, I pasted the logs here, I don't have anything else, I cannot provide you what I don't have
<YamakasY> Patrickdk: you say it cannot connect to fastcgi... so we should debug that I hies
<YamakasY> guess
<Patrickdk> I never said that
<Patrickdk> I said it clearly can connect
<YamakasY> ok, it does not talk cgi, so
<YamakasY> how to check why it doesn't ?
<Patrickdk> your config?
<Patrickdk> I can't see it
<Patrickdk> and as the other guy said
<Patrickdk> check your logs
<Patrickdk> on both sides
<Patrickdk> apache and php
<YamakasY> yes I di and pasted what I have... but modules are loaded, so I want to test them in some way
<Patrickdk> you posted them?
<Patrickdk> I saw two log lines from apache
<Patrickdk> nothing from php
<Patrickdk> and no configs
<YamakasY> no PHP doesn;t log a thing
<Patrickdk> it does
<YamakasY> only on startup that the test is OK
<YamakasY> no it doesn't
<Patrickdk> then you have php configured wrong
<jerrcs> PHP logs as well as PHP-FPM. They both need to be logged.
<Patrickdk> or, the request is never making it to php at all
<YamakasY> Patrickdk: that is what I tjink
<Patrickdk> in that case, heh, something else is blocking it or is on port 9000
<YamakasY> yes, I have seen people running on other ports because of that
<Patrickdk> this is what configs help to confirm
<Patrickdk> but no configs posted
<YamakasY> yes I know but I need to consolidate them, I don't use small configs and have comments in it
<Patrickdk> I will not sit here and attempt to guess at the issues you have
<Patrickdk> I will find the issue, if info is supplied
<Patrickdk> we could easily spend weeks debugging this at this rate
<YamakasY> yeah yea I know... but I hope you are sitting :D
<YamakasY> Patrickdk: it's working!
<YamakasY> I need to reviews my config again
<YamakasY> *review
<YamakasY> oh yes :D
<Patrickdk> :)
<Crell> OK, the saga continues.  I am now trying to install 14.04 server on a single hard drive, no RAID or anything.  The partitioning step in the installer however is failing with an error that /dev/sda1 "is apparently in use by the system", and so it won't create a partition there.
<Crell> Why would that be?  The drive was formerly part of a RAID setup but I'm installing from a USB key and telling it to blast the drive entirely and repartition.
<YamakasY> Patrickdk: it fails on dynamic
<YamakasY> pm = dynamic
<Patrickdk> well, that is clearly a php config issue
<YamakasY> Patrickdk: you mean real php, so no fpm ?
<Crell> fpm is real PHP. :-)
<YamakasY> heh I ment php.ini or so, so no php-fpm config
<Patrickdk> well, where is pm=dynamic
<YamakasY> Patrickdk: oh wrong! on socket it works
#ubuntu-server 2015-12-21
<ren0v0> hi, can someone tell me where LXD images are stored when you run  "lxc publish" ?
<teward> I need some update/upgrade opinions.  Got an ancient 8.04 box that we've scheduled for migration to a newer OS, but we've got limited time, and not enough time to install clean 14.04 and then migrate everything.  Would a sane solution be to, for now, upgrade the box to 12.04 in place after taking a backup of the machine, and then in the summer when we have our next maintenance period (and two - three months to complete the update instead of
<teward> two weeks), do the clean 14.04 install and migrate data over?
<teward> or would it be more sane to start fresh anyways
<maxb> I don't think anyone can suggest anything without knowing more about what migration means to you
<jelly> don't you need to do release upgrades 8.04 -> 10.04 -> 12.04, going from hardy to precise directly would not be supported?
<teward> jelly: well, i meant that :P
<teward> maxb: that's up to the people above me in the pay chain :/
<teward> and they said "Research potential courses of action, present them today"
<teward> so :/
<maxb> For example, it's unclear to me why you'd have time to upgrade some versions but not all the way to 14.04
<jelly> it's hard to say what might break without knowing what services and apps you're actually running there, and which infrastructure (database, language versions) they depend on
<jelly> right, going up to 12.04 and fixing everything, but not 14.04 seems somewhat arbitrary
<maxb> Indeed. The practicality of in place upgrade varies widely depending on what services you're running, and how long they can be down whilst you deal with any oddities such as configuration changes that end up being needed
<jelly> teward: see if you have... time to clone the machine into a VM, then test your desired course of action
<maxb> We also need to know your uptime requirements - because if you're aiming for minimal downtime you'd be a lot safer just building out a replacement
<tansy> Hi Guys,, anyone knows if i can change device name from /dev/sda to  /dev/sdb
<tansy> ?
<teward> jelly: that's actually my plan there xD
<teward> (to clone the VM to another VM, and then test the upgrade paths)
<TJ-> tansy: I just answered you in #ubuntu
<TJ-> tansy: use the symlinks in /dev/disk/by-*/*
<TJ-> tansy: that's the entire point of them; there is by-uuid, by-id, and a couple of useful others
<teward> jelly: the main reason to 12.04 and not 14.04 is because we need a 'temporary' solution, and i know one of the things won't run on 14.04 (in-house program)
<tansy> Hi TJ... i have 15 raw disks attached to server...
<tansy> on 1 disk say /dev/sde my OS is installed.
<tansy> but after reboot the name changes..
<tansy> i am creating some storage cluster with disk names.
<tansy> so i need persistent disk names
<TJ-> tansy: right, which is what the persistent naming under /dev/disk/by-uuid/ is designed for
<tansy> TJ.. by uuid is only if i create partitions or lvols..
<tansy> but raw disks are not under uuid..
<TJ-> tansy: then use by-id
<TJ-> tansy: in some Ubuntu releases we used to have by-path too
<tansy> so TJ the id's are consistens you mean.. and /dev/sd* can change ?
<TJ-> tansy: correct, the nodes under /dev/disk/by*/* are symlinks to the actual block device nodes
<TJ-> tansy: you could create your own udevd rule to create, for example, /dev/disk/by-serial/<disk-serial-number> sym-links
<tansy> yes .. i see
<tansy> wwn-0x678da6e715bce5201e04a7afa762365e -> ../../sdq
<tansy> lets say after reboot the sdq starts poing to another block disk..
<tansy> then what would happen
<TJ-> tansy: right, those are the WWN namings so will be unique
<tansy> Hi TJ..I got your point..
<tansy> i was creating a storage cluster in which i was combinging /dev/sda of 10 nodes in 1 cluster...
<tansy> so my script was expecting a single name accross all nodes..
<tansy> otherwise it would be quite difficult to manage in my script..
<TJ-> so the device presented by the cluster should be consistent? What are you using, iSCSI ?
<tansy> yes it should be consistent.
<tansy> TJ. i am actually not doing that... my storage colleague is creating ceph cluster and facing issue.
<IIT> in installation of ubuntu server..
<IIT> it is asking me to select the kernel so i am confused which one to select ?
<IIT> by default it's highlighting vivid, which is 15.04 and i am installing linux 14.04.3 so how's that possible ?
<IIT> and which kernel to choose ?
<IIT> generic, virtula, signed ? which one to select
<IIT> what's the difference between each of them
<jelly> IIT: I think "vivid" means the "hardware enablement stack" of kernel for your release that's exactly the same version as comes with vivid.  Pick that and generic if you don't know better.
<teward> jelly: they got an answer in #ubuntu i believe
<jelly> ah.  Usually there's so much traffic there, I don't even bother trying to check
<teward> :P
<IIT> jelly, thanks for the reply :) yeah i got the point with the help of Pici :)
<nacc> rharper: ping
<Logos01> Is there any chance anyone here is already using Pulp for repository mirroring?
<IIT> for server which repos should i enable ?
<IIT> and which one i shouldn't
<teward> IIT: that's really your call.  On my servers, I want things to get bug fixes as well as Security fixes, so I keep the -updates and -security repositories enabled
<teward> and my applications on there have Universe dependencies, so i enable the Universe repositories too
<teward> (but what you should enable is up to you and your needs)
<IIT> teward, can you share your sources.list file ?
<teward> Not from here I can't, no SSH to my servers
<teward> (my keys are unfortunately back at home :/)
<IIT> np :)
<IIT> anyone who read the msg can share their source.list :)
<patdk-wk> hmm, don't care
<patdk-wk> share
<patdk-wk> just go into your sources.list and edit it
<patdk-wk> and if you want security updates, do not enable backtrack
<patdk-wk> or backport, whatever it is called :)
<IIT> patdk-wk, okay :)
<IIT> the prob was when i installed a new ubuntu-server there were no repos listed in sources.list and i was curious to learn different repos meant and started googling out..
<patdk-wk> none at all?
<patdk-wk> I wonder how you managed that
<IIT> yes none
<Logos01> patdk-wk: What makes you say that about ${release}-backports vs ${release}-security ?
<Logos01> Do they have naming conflicts or something?
<IIT> and the cd-rom repo was the single line that too uncommented..
<IIT> it was really hard time typing out the long list of all the repos. :/
<patdk-wk> -security is security only, not updates
<patdk-wk> -updates, not too sure
<patdk-wk> -backport is NEW VERSIONS, security updates are not done for these, except by chance
<patdk-wk> say like, you need a newer version of dovecot, for a new feature, it might be in backports
<patdk-wk> but if there is ever a security issue with it, you are not guarrenteed to ever get that security issue patched
<IIT> so it's better not to use backports..
<patdk-wk> or only on a package by package bases if you must
<Logos01> patdk-wk: Unless it's updated in the later release and backport is renewed.
<patdk-wk> or if the server that security doesn't matter
<Logos01> Since that's what backports are.
<IIT> okay :)
<IIT> Logos01, can you share sources.list ? if possible
<patdk-wk> Logos01, heh?
<patdk-wk> they don't respin everything on newer releases into backports
<Logos01> IIT: You probably don't want to copy mine. I do ... stuff, and things.
<patdk-wk> https://wiki.ubuntu.com/UbuntuBackports
<IIT> just for learning purpose Logos01 :)
<Logos01> https://help.ubuntu.com/lts/serverguide/configuration.html
<IIT> ideally i should have this enabled ?
<IIT> frankly i am going to use ssh and qemu that's it ..
<slidinghorn> IIT: Have you come across this answer yet?  http://askubuntu.com/questions/586595/restore-default-apt-repositories-in-sources-list-from-command-line
<IIT> slidinghorn, no, this seems to be useful
<Jeeves_Moss> do I only need the SNMP daemon if I'm not running the server?
<Logos01> patdk-wk: "When a package which has been backported receives a security update, the Ubuntu Backporters will make a best-effort attempt to update the backport."
<Logos01> patdk-wk: Most of the times it's pretty automatic.
<Logos01> Jeeves_Moss: You need the snmp daemon if you're running a service that uses snmp to communicate with the server.
<Logos01> That could for example be a nagios server.
<Jeeves_Moss> Logos01, thanks!  that's what I'm looking to do!  I'm just testing right now, then I'll use chef to roll it out
<Logos01> Re-asking for consistency's sake and because it's semi-relevant; has anyone here done any groundwork for enabling .deb support in Pulp for their local usage?
<micahg> if you don't see a backport request for a relevant security update, feel free to file a new backport request for it
<micahg> sorry, I meant to say if you don't see a backport updated in a timely manner, feel free to request a new backport that includes the security update
<TJ-> 12.04, apache2, listening on an IPv6 address (confirmed with 'ss' and 'netstat'), ip6tables shows port 80/443 allowed in, but unable to make IPv6 connections from external networks, or even from the host itself. manual 'telnet' connections timeout without connecting. Any ideas?
<jrwren> TJ-: do you have a return route?
<ianorlin> TJ-: traceroute6?
<TJ-> jrwren: ianorlin it fails on the host itself; but route is fine, icmpv6 pings OK
<ianorlin> I do not know how to help you then
<TJ-> it's puzzling me terribly! ssh on IPv6 is fine too
<ianorlin> TJ-: wget -6 ?
<TJ-> ianorlin: well telnet fails so wget does too
<genii> Maybe only udp forwarding is on
<patdk-wk> define ssh is fine
<patdk-wk> do you have a pmtu problem?
<patdk-wk> mtu issue?
<patdk-wk> you didn't block icmp6 did you?
<DammitJim> is there a way to install ubuntu and set up LVM?
<DammitJim> I"m confused about the installer
<Logos01> DammitJim: I ran into that problem, sort of, just recently -- the installer had a serious hate-on for my LVM config.
<Logos01> Had to do a manual install, which was all sorts of headache.
<Logos01> TJ-: is there anything in sysctl -a | grep -i tcp that might indicate ipv6 is disallowed?
<Logos01> TJ-: Also, are you getting any DEN errors in dmesg/auditd ?
<DammitJim> so, i need to do a manual partition?
<DammitJim> it doesn't revert the stupid thing
<TJ-> Logos01: ssh/icmpv6 are all working fine
<Logos01> TJ-: That doesn't answer my question.
<DammitJim> I am installing now, but I let the system do LVM automatically
<Logos01> DammitJim: I'm not saying that -- I'm saying that *I* wound up doing what I did.
<DammitJim> oh
<DammitJim> Dammit... I"m such an idiot
<DammitJim> I was installing ubuntu desktop
<TJ-> IPv6/Apache diags/config: http://paste.ubuntu.com/14132555/
<Logos01> ...
<Logos01> TJ-: Is there anything in "sysctl -a | grep -i tcp" or "dmesg | grep DEN" that might appear to be related to your http traffic?
<TJ-> Logos01: no, nothing
<Logos01> TJ-: So in your netstat and iptables output I see that traffic is hitting the port and that there's actually a daemon listening.
<RoyK> Logos01: you have to do manual installation with existing lvm setup
<TJ-> Logos01: correct; although the port 80 count is not increasing, and nor is my remote host count for 2a02:8011:2007::/48
<Logos01> TJ-: what happens when you run "tail -f /var/log/apache2/*.log & curl -X HEAD http://::1"
<Logos01> Err, sorry, that'd be curl -X HEAD -i
<TJ-> Logos01: no such logs; its vhosts; each domain under /home/<domainname>/logs/ for that
<RoyK> TJ-: erm - are you using a /48 mask for a host?
<TJ-> RoyK: /64
<RoyK> makes more sense :P
<Logos01> TJ-: "17  1360 ACCEPT     tcp      eth0   *       ::/0                 ::/0                 tcp dpt:80 /* HTTP *"
<Logos01> Shows 17 unique connections historically having hit.
<TJ-> more configs: http://paste.ubuntu.com/14132647/
<Logos01> The established connections would go to the "state RELATED,ESTABLISHED", right, so you wouldn't see packet increases except for unique connection attempts.
<Logos01> As to the /home/<domainname>/logs/
<Logos01> ... why in the hell would you do that?
<Logos01> Logfiles shouldn't go to /home/
<TJ-> Yes, they should
<RoyK> no, they shouldn't
<TJ-> apache2 is using suexec, each domain is a separate user account, and the server spawns a separate process for each uid
<Logos01> RoyK: Yeah, I didn't want to but the desktop installer wouldn't let me do anything but /boot and a single logvol for /
<Logos01> RoyK: Which is quite the opposite of CIS compliance.
<Logos01> TJ-: ... even so, daemons should not log to /home
<RoyK> Logos01: in his setting, it makes sense
<Logos01> Case in point; where are the logfiles for the global/parent daemon itself?
<TJ-> Logos01: the 'daemons' are running as the user itself
<TJ-> that's the point of apache's suexec
<Logos01> ...
<Logos01> Where are the logfiles for the global/parent daemon itself?
<Logos01> Furthermore; doesn't matter that the individual domains' workers are running as a specific user; they should still be logging in FHS-compliant manner, tbqh.
<TJ-> Logos01: the usual place; and there's nothing in error.log or suexec.log indicating an issue. This was working fine for years, until about 3 hours ago, when there was a minor change in a site config that required a service restart. I suspect some recent package updates have caused this, since the service had been running for several months before that
<Logos01> And does apachectl configtest return anything problematic?
<TJ-> "Syntax OK"
<Logos01> So according to your ip6tables config, you're allowing and receiving traffic on port 80 and port 443
<TJ-> I'm not sure if this excludes apache2 or not, as yet, but I wanted to have 'nc' listen on the port but it seems to be so old as to not parse IPv6, but I tried bash with "cat </dev/tcp/<ipv6-address>/80" and clients couldn't connect either
<Logos01> According to your netstat/ss output, you have listeners.
<Logos01> So there's something already handling your ::*:80 and ::*:443
<Logos01> And what do you get when you use "nc -6 -vv ::* 443" ?
<Logos01> Err, ::1
<RoyK> TJ-: try wireshark
<TJ-> Logos01: there is no IPv6 support in 'nc' on 12.04
<TJ-> RoyK: for what?
<RoyK> TJ-: for seeing what's going over the wire
<TJ-> RoyK: I'll run tcpdump on the server, if thats what you mean
<patdk-wk> logos01, I dunno what you mean by state RELATED,ESTABLISHED
<patdk-wk> oh wait, I misread that
<patdk-wk> odd config, from what I am used to
<patdk-wk> what doesn't work about ipv6?
<patdk-wk> it works for me atleast
<patdk-wk> https://[2a01:7e00:e000:151:0:1:1:2]/
<patdk-wk> Squoo.sh those bugs
<patdk-wk> Automated Diagnostic and Repair services for GNU/Linux systems
<TJ-> patdk-wk: you just hit it from  2001:470:e0ba:5:f500:78f6:322c:9e86.52642 ?
<patdk-wk> yes
<TJ-> patdk-wk: in which case something very weird is happening on my local end; doesn't explain why I couldn't get it to operate on the host itself though! *head spinning*
<TJ-> patdk-wk: I've got a telnet still waiting to connect, but I have an SSH and a ping both working to that same IPv6 address
<Logos01> TJ-: ... why are you on 12.04 ?
<TJ-> Logos01: why not? it's supported
<ianorlin> I don't think 12.04 supported ipv6 well
<patdk-wk> it supports it, but ya, lots of programs didn't
<Logos01> There's a clean/sane upgrade path from 12.04 to 14.04; 16.04 is about to come out, ipv6 in particular was not really as much of a "thing" three years ago -- the system support for things like the apache version was not so hot
<patdk-wk> I am having a horrible time attempting to upgrade from 12.04 to 14.04
<patdk-wk> all kind of php upgrade issues
<Logos01> patdk-wk: It's nothing like 10.04 to 12.04 though.
<patdk-wk> I have no issues from 10.04 to 12.04
<Logos01> patdk-wk: They changed toplevel directories.
<TJ-> patdk-wk: I'm doing a clean install in a chroot alongside to 16.04 :)
<patdk-wk> heh?
<patdk-wk> that iddn't affect me at all
<Logos01> 16.04 is gonna be a headache upgrade, though.
<Logos01> upstart -> systemd
<TJ-> I don't allow php on the server
<ianorlin> I like static site generators
<Logos01> I mean, compared between the two -- Loennart notwithstanding -- systemd is better than upstart.
<RoyK> Logos01: fresh install may be easier
<Logos01> RoyK: True.
<RoyK> Logos01: but last time I tried upgrading to debian 8, it worked flawlessly
<Logos01> RoyK: I have a bunch of desktop/physical-server installs that use ZFS as root filesystem, as well.
<patdk-wk> Logos01, depends on the scope of systemd :)
<RoyK> Logos01: not from upstart, though, from sysV to systemd
<TJ-> I've had this server operating since 2007, starting with hardy-heron and upgraded since; time for a fresh install to abandon the cruft
<RoyK> Logos01: sounds like a pita
<Logos01> RoyK: I expect it to be. But then again it may be far less of one, considering the 16.04 version should have native support for ZFS baked-in.
<Logos01> And I'll finally have a distro-release stable driver of ZFS to play with, if all goes well.
<Logos01> The trick is gonna be seeing how the systemd bits play with all the crap I have on my laptop for example -- I've been carrying basically the same install since 2009.
<Logos01> The servers... well, if I have to blow them up, then I have to blow them up.
<RoyK> Logos01: 15.10 has zfs support, but a very old version
<Logos01> RoyK: Right, which might come back to bite me considering I'm running relatively recent feature-flags.
<Logos01> Had to patch and compile GRUB myself.
<RoyK> Logos01: I was thinking more about bugs than features
<RoyK> Logos01: zol isn't really stable as in stable. I've used it in production for a year without issues, but there are several unresolved issues known
<RoyK> Logos01: I have a 60TiB pool (two raidz2 vdevs with 11+12 drives) at work scheduled for demolishment to be replaced by striped mirrors (23 mirrors, 4TB each, plus two spares)
<RoyK> Logos01: I've been working with zfs for 5+ years and although there are issues with zol, I'd rather use that than illumos because of the userspace
<Logos01> http://paste.ubuntu.com/14132856/
<RoyK> Logos01: zpool status?
<Logos01> RoyK: It's just a single backing drive.
 * patdk-wk can't wait
<Logos01> I have larger setups but this is just a desktop.
 * patdk-wk wants to play with 500gig m.2 nvme
<patdk-wk> should have been here, but isn't yet :(
<Logos01> W/ a 500GB desktop hybrid drive ... I'm not really worried about checksum failures/errors
<patdk-wk> probably got delayed somehow
<patdk-wk> problem with ordering new crap
<RoyK> Logos01: zfs will find the checsum errors, but won't be able to do anything about them without redundancy
<wafflejock> trying to build the latest apache (on Ubuntu Server 14.04) but when trying to get the libapr1-dev dependency for building I'm getting an error libapr1-dev : Depends: libapr1 (= 1.5.0-1) but 1.5.1-2+deb.sury.org~precise+1 is to be installed, what to do? need to get the latest Apache for PCI compliance (or at least version 2.4.16, right now have downloaded source for 2.4.18)
<patdk-wk> wafflejock, you don't understand pci compliance then
<patdk-wk> WHAT is it that isn't compliant?
<ianorlin> also doesn't the packages in archives have backports
<ianorlin> for vulnverabilities?
<wafflejock> Details: Multiple vulnerabilities fixed in Apache HTTP Server 2.4.16, 07/20/15 CVE 2015-0228 CVE 2015-0253 CVE 2015-3183 CVE 2015-3185 Apache HTTP Server 2.4.16 fixed multiple vulnerabilities.
<wafflejock> yup
<patdk-wk> and those affect ubuntu?
<wafflejock> there's more
<wafflejock> one sec will paste
<patdk-wk> http://www.ubuntu.com/usn/usn-2523-1/
<patdk-wk> according to that url, it was fixed, you should NOT upgrade to 2.4.16
<wafflejock> http://paste.ubuntu.com/14132939/
<ianorlin> apt-get chanelog apache2 show having stuff backported to fix cve's
<wafflejock> well I did sudo apt-get update and sudo apt-get upgrade and the latest apache I have says it's 2.4.10 so the PCI scan appears to be correct
<patdk-wk> no
<patdk-wk> you read that wrong
<patdk-wk> you do not have apache 2.4.10
<wafflejock> ?
<patdk-wk> you have apache 2.4.10+ubuntu-updates-and-security-patches
<wafflejock> I did apache2 -version it says 2.4.10
<wafflejock> ah okay
<patdk-wk> so?
<wafflejock> well
<patdk-wk> what package do you have installed?
<wafflejock> how do I fix this?
<patdk-wk> you don't fix it
<patdk-wk> what apache is ACTUALLY installed?
<patdk-wk> using dpkg
<patdk-wk> dpkg -l apache2
<wafflejock> apache2
<TJ-> apt-cache policy apache2
<ianorlin> why not try apt-get changelog apache2 and see what things have been patched
<patdk-wk> could probably do that
<wafflejock> 2.4.10-1+deb.sury.org~precise+1
<TJ-> huh? that's not the 14.04 apache2
<patdk-wk> nope, looks like he already started down the bad pci road
<patdk-wk> and found random ppa's to upgrade apache with
<TJ-> the latest in 14.04 is " 2.4.7-1ubuntu4.5 " from ubuntu-security
<wafflejock> I'm on 14.04.3 but this server was upgraded from 12.04 I'm almost positive
<wafflejock> patdk-wk: nope
<patdk-wk> yes :)
<TJ-> changelog for Trusty here http://changelogs.ubuntu.com/changelogs/pool/main/a/apache2/apache2_2.4.7-1ubuntu4.5/changelog
<patdk-wk> https://launchpad.net/~ondrej/+archive/ubuntu/php5/+index?field.series_filter=precise
<wafflejock> eh well didn't do it recently then patdk-wk :)
<patdk-wk> well, the problem is now, you no long are using ubunt usecurity updates, but depending on that person to do them for you
<ianorlin> !ppa
<ubottu> A Personal Package Archive (PPA) can provide alternate software not normally available in the offical Ubuntu repositories - Looking for a PPA? See https://launchpad.net/ubuntu/+ppas - WARNING: PPAs are unsupported third-party packages, and you use them at your own risk. See also !addppa and !ppa-purge
<patdk-wk> personally, I would find out if you REALLY REALLY need 2.4.10 (doubtful)
<patdk-wk> and if not, go back to stock ubuntu apache2
<wafflejock> yup well aware of PPAs I typically don't add them
<wafflejock> maybe was daft in this case
<patdk-wk> then you just post the changelog as the, why this case is solved and mitigated to your pci compliance service
<ianorlin> unsupported stuff on things you want pci compliance for o.0
<TJ-> looks like that came in due to adding a PPA that is primarily for PHP 5.6
<ianorlin> this is why I don't apt-get install -y
<TJ-> I use apt-changelog - its extremely useful for keeping up
<TJ-> so you get to see the changelogs of each upgrading package before it is installed
<patdk-wk> I use apt-cahangelog to know if I should bother or not :)
<patdk-wk> if so, on the test machine, roll to production
<TJ-> it looks like my IPv6 issue may be due to a failure on my ISPs network; looks like they installed a transparent proxy that isn't transparent, and is failing too
<wafflejock> alright well thanks patdk-wk, TJ, and ianorlin time to clean up my stupid mess
<patdk-wk> pci compliance people are lazy :)
<patdk-wk> they just attempt to figure out what version you have, not if you are vaunerable
<patdk-wk> so you just have to reply, yes, my version is old, but it was patched for this issue, see here
<TJ-> whats with the terrible letsencrypt scripts!? I ran it, it reports an error from 1 of the scripts, which is under /tmp/   which it immediately deletes so I cannot investigate!
<zune> hey anyone got an idea on how to make cs-go servers work after last update...
<zune> mine is restricted to local access
<wafflejock> patdk-wk: sorry for the attitude can't believe I had installed that via PPA, have it fixed now thanks again
#ubuntu-server 2015-12-22
<pr3d4t0r> Greetings.
<pr3d4t0r> I screwed up my admin account on an up-to-date Ubuntu 14.04 LTS - I mistyped the password during password change and now I can't recall which character I might have transposed.
<pr3d4t0r> I'm trying to recover via http://linuxconfig.org/ubuntu-14-04-lost-password-recovery -- the GRUB2 menu flashes by way too fast to even read it, so I can't drop to recovery mode during boot.
<patdk-lap> reboot with iso and replace the password
<pr3d4t0r> patdk-lap: OKi - so no difference between ISO bootstrapping and SSD media?  Please confirm, hunting for the ISO now :)
<pr3d4t0r> patdk-lap: Please confirm.
<sarnold> iirc holding down left shift helps with that menu
<patdk-lap> well, if recovery mode will let you
<patdk-lap> I know for me it normally asks for root password
<patdk-lap> or maybe that is a different os
<sarnold> probably different os, ubuntu has no root passwd by default :)
<pr3d4t0r> sarnold: Left-shift -- I will try that first, thanks (I was trhying the right Shift key).
<patdk-lap> I tent to set root passwords
<pr3d4t0r> sarnold, patdk-lap: Trying both of these in a bit, thanks for your help.
<sarnold> pr3d4t0r: fwiw, I haven't burned an ISO to cd in forever, I just dd the things to USB memory sticks. Probably it'd work fine on an ssd too.
<pr3d4t0r> sarnold: Yeah.  I installed off a USB drive originally.
<pr3d4t0r> sarnold: On this box.
<pr3d4t0r> sarnold: Checking first if I have the install image I used -- save some time.
<sarnold> *nod*
<sarnold> with as cheap as they are these days I've thought  about buying a few and just using them as write-once disks.. but i'm too lazy to get around to even that.
<ianorlin> sarnold: I write to mine multiple times but they have gotten too small in my opinion
<sarnold> ianorlin: hehe, yeah, my first usb stick looks adorable at 256 megs now :)
<ianorlin> finding something tiny is the last thing you want to do when you need to reinstall
<pr3d4t0r> sarnold: I think I found it.  Back in a bit, thanks again.
<ianorlin> I think I bought some usb 3.0 ones off newegg for like 8 us dollars that I reusue but don't take too much power so boot of usb 2.0 ports fine as well and large enough and are yellow and black so it won't blend in with a surface
<pr3d4t0r> sarnold: Trying Left-Shift first, then boot/recovery (hoping that 14.04 LTS Server ISO will have the option front and center).
<pr3d4t0r> Cheers.
<pr3d4t0r> Hola.
<sarnold> pr3d4t0r: how'd it go?
<pr3d4t0r> sarnold: Not good.
<pr3d4t0r> sarnold: /dev/mapper/varenka--vg-root on / type ext4 (rw,errors=remount-ro)
<pr3d4t0r> sarnold: I couldn't mount this partition for recovery :\
<pr3d4t0r> sarnold: It tells me that no suitable shell was found, yada yada yada.
<pr3d4t0r> sarnold: The GRUB screen still goes by super-fast (less than a second) so I can't select anything from it :\
<pr3d4t0r> sarnold: I need to find a recovery guide that tells me how to mount that virtual volume during recovery :\
<pr3d4t0r> sarnold: Right now I have no idea of how to recover, though :(
 * pr3d4t0r googles how to slow GRUB2's screen down if Left-Shift isn't working (or Right-Shift, for that matter).
<sarnold> pr3d4t0r: this site http://labs.bjfocus.co.uk/2013/04/ubuntu-recovery-mode-with-lvm-drives/ suggests it's "lvm vgscan âv ; lvm vgchange âa y ; lvm lvs âall; issue mount commands as needed"
<pr3d4t0r> sarnold: Checking, thanks.
<pr3d4t0r> sarnold: My network is crippled too because the same server acts as a gateway :\ so getting infos/checking/validating/etc. -- long cycle :)
<sarnold> pr3d4t0r: ouch. cell phone?
<sarnold> pr3d4t0r: http://tinyurl.com/gpkojuv   tinyurl for the above big url :)
<pr3d4t0r> sarnold: I can run a physical cable to the front end gateway and connect from there, but then I'll have to both strengthen my workstation's firewall rules and go under the rack to rewire; trying to avoid doing that but oh, well :) if that's what it takes... :)
<sarnold> pr3d4t0r: ugh :) yes that sounds terrible :)
<pr3d4t0r> sarnold: The LVM instructions seem to be solid.  I'm just double-checking now that all the LVM commands are where they need to be and etc.
<sarnold> pr3d4t0r: definitely a good idea :)
<pr3d4t0r> sarnold: This is when I should bitch about Linux being so robust that I don't have to screw with any of these commands for years at a time, unlike Windows Servers which require you to know how to recover a server no matter what because who knows what a service release or patch will do! :D
<sarnold> pr3d4t0r: hah, yeah; I only ever see my grub menu two or three times each year :)
<pr3d4t0r> sarnold: I'd be happy if I could just get to read it *once* today... :D /first_world_technical_problem_fast_booting_server
<sarnold> haha
<pr3d4t0r> sarnold: I have a vague memory of me tweaking the start up at some point to make the GRUB menu last as little as possible -- I'll eventually catch up and figure out what I did and increase the interval before boot.  Anyway, starting recovery again <crossed-fingers />
<pr3d4t0r> Cheers...
<pr3d4t0r> sarnold: Almost there - question:  is it possible to umount /, then mount the alternate file system there, from the recovery shell?
<pr3d4t0r> sarnold: Also checking the passwd man page to see if I can specify which passwd file to modify (including shadow password), if I need to mount this in a separate volume.
<sarnold> pr3d4t0r: a few approaches.. you can use pivot_root to swap it over for everything, or you can use chroot to do something very similar but for specific processes
<sarnold> pr3d4t0r: I'm pretty sure I used the chroot approach inthe past; mount /dev/whatever/ /mnt/root ; chroot /mnt/root " then fix it up in that shell
<ianorlin> I don't chroot often enough to remmber how to do it
<pr3d4t0r> sarnold: Checking if pivot_root is in the recovery image.
<sarnold> ianorlin: indeed, me neither, i had to look it up in the manpages just now to make sure I got it right :)
<sarnold> pr3d4t0r: it may also be in the mounted images, /mnt/whatever/sbin/pivot_root
<pr3d4t0r> sarnold: /mnt is empty.
<sarnold> pr3d4t0r: then mkdir /mnt/whatever ; mount /dev/mapper/whatever /mnt/whatever
<pr3d4t0r> sarnold: Reading man page to understand how that'd work.
<pr3d4t0r> sarnold: I'm wondering if chroot /mnt/real_server_root_here /bin/sh will be enough.  Then run the passwd command from there and hope that /etc/passwd will be updated.  Thoughts?
<sarnold> pr3d4t0r: that should do the job
<pr3d4t0r> sarnold: If you're in the Bay Area (or plan to visit soon), the next beer is on me.  Or let me know if you have a tip jar somewhere :)
<sarnold> pr3d4t0r: hehe, no trips planned; thanks though :)
<pr3d4t0r> Back soon...
<pr3d4t0r> sarnold: Almost there.  Neither chroot nor pivot_root seem to be doing the job.
<pr3d4t0r> sarnold: chroot tells me either "can't execute '/bin/sh'" or "Exec format error" depending on chroot w/o a command or if I try to specify the shell to use.  All shells are sym-linked to /bin/busybox anyway, (ash -> /bin/busybox, sh -> /bin/busybox) and so on.  Googling now to see if there's some other way.
<pr3d4t0r> Dammit.  The issue is that the recovery disk and the OS aren't using the same architecture (probably a long due change after six months of patches and updates?).
<patdk-lap> heh?
<patdk-lap> boot the right one?
<patdk-lap> it should be either 64bit or 32bit
<patdk-lap> not too many architectures to worry about
<pr3d4t0r> Oh, shit.
<pr3d4t0r> patdk-lap: You're right - this image is probably for a 32-bit box I have somewhere else.  Thanks.
<pr3d4t0r> Dammit, pressure :(
<pr3d4t0r> Shit, I forgot that.
<pr3d4t0r> patdk-lap: You were oh, so right kind sir.  I was using the wrong ISO image -- everything just workedâ¢ as soon as I used the right image :)
<pr3d4t0r> patdk-lap, sarnold: Thanks a whole bunch guys :)
<IIT> can anyone confirm the permissions and ownership of qemu images under /var/lib/libvirt/images ?
<IIT> i copied from my external drive to the new installation of ubuntu server, which has 777 and user ownership
<ianorlin> argh IIT left but I would have liked to know which file system
<ianorlin> also I think usually they are owned by root\
<rinpoo> I've just installed ubuntu 15 server and wanted to ask what software I should install to make the server more secure. Maybe someboy knows a good tutorial for beginners?
<rinpoo> somebody
<Walex2> rinpoo: "security for beginners" is a bit a contradiction in terms...
<Walex2> rinpoo: also response times under 1 minute are given only to heads of state :-)
<rinpoo> sry was afk since it took so long to get an answer
<rinpoo> why is security for beginners a contradiction? Everyone starts as a beginner with something
<rinpoo> was asking for something like this: https://www.linode.com/docs/security/securing-your-server
<rinpoo> just not for linode
<rinpoo> 450 ppl in here and nobody knows or cares.....
<Lightsword> Iâm running 14.04 LTS and am trying to make an upstart script for a custom service, any idea how I would go about customizing handling for âservice servicename restartâ? the application has a socket handoff feature so that connections donât get interrupted but I need to have it send a special flag for that, sending the flag should automatically terminate the old instance
<patdk-wk> heh? you don't customize handling
<Lightsword> patdk-wk, is there a way to just make it so that doing a service restart doesnât terminate the first instance of the service?
<patdk-wk> use the reload command
<patdk-wk> that is what it was made for
<Lightsword> patdk-wk how does the application know what to do for a reload?
<JanC> Lightsword: reload sends SIGHUP
<Lightsword> JanC, is it possible to make it do something else like start a new process with a special flag?
<JanC> (or whatever signal you configure with 'reload signal')
<Lightsword> hmm, so it only allows you to specify a signal?
<JanC> Lightsword: many applications allow you to reload with a signal
<JanC> but AFAIK only with a signal, yes
<Lightsword> JanC, this one is a bit weird the reload process for it is to spin up a new process and then handover the connections using an initialization flag
<rinpoo> I have a test server at home and I want to disable all ports, then just open port 80 is there a terminal command to block all ports?
<rinpoo> would sudo ufw block all work?
<Icey> rinpoo if there's nothing listening on a port, it won't be open in the first place?
<rinpoo> Well Im n00b so I dont know Ill be doing this: http://serverfault.com/questions/363741/how-can-i-block-all-but-three-ports-in-ubuntu
<rinpoo> I'm getting: /etc/bind/named.conf.options e212 can't open file for writing
<rinpoo> after adding: recursion no; and version "Not Disclosed"
<rinpoo> Im using vi
<rinpoo> anyone know what I can do?
<rinpoo> found the problem the file doesnt exist
<EmilienM> coreycb: hey, do you know if I can try mitaka now?
<EmilienM> you told me this week
<Beret> EmilienM, I don't see it in the archive yet
<EmilienM> Beret: it's not in -proposed?
<devster31> is there a way to scan packages before installing to see if they will require a reboot after being installed?
<patdk-wk> the only thing that requires a reboot is kernel
<patdk-wk> or if you have some program that uses a lib that cannot be restart, except via a reboot
<devster31> libssl requires a reboot
<devster31> for example
<patdk-wk> only to be sure every program that is using it, is restarted
<patdk-wk> it doesn't technically require a reboot
<devster31> maybe if there's a way to scan all packages that need to be upgraded for a hook that creates /var/run/reboot-required
<devster31> oh, then if I lsof all files that use the old ssl version and restart those services I'm golden
<patdk-wk> yes
<devster31> thanks
#ubuntu-server 2015-12-23
<iotapi322> Hi All anyone have any webpages other than http://astokes.org/openstack/installer/customize-single-install in terms of configuring the root disk size and memory of some of the nodes for the single installer for the openstack-install?  I've followed the directions on 15.10 and I'm not seeing my VM's being created with the specs I've put in the config.yaml file.
<IIT> on my ubuntu server i am getting couple of errors 1. init: plymouth-upstart-bridge main process ended, respawning 2. [drm:vmw_driver_load [vmwgfx]] *ERROR* Hardware has no pitchlock 3. systemd-udevd[372]: Failed to apply ACL on /dev/dri/card0: No such file or directory
<IIT> how to fix this prob or i should ignore them ?
<IIT> i am using a ubuntu vm on qemu/kvm
<IIT> will be back in a sec..
<IIT> i m back..
<tansy> Hi ubuntu experts.. Can anyone let me know how can i prevent symlink from deletion by a program ?
<tansy> I have created /dev/disk1 symlink to /dev/sde disk from UDEV rules..
<maswan> do not give write access to the uid that the program is running as to the symlink/directory
<tansy> but when i run sgdisk to format the disk the /dev/disk1 also gets de;eted
<maswan> if as root, you're in trouble
<tansy> with root..
<tansy> there are already some symlinks /dev/disk/by-id/wwn*  to my disks /dev/sd*
<tansy> if i run sgdisk  on these links they dont get deleted.//
<tansy> so not able to understand whats happening here.
<maswan> sorry, I'm of no help there
<shadx> 7quit
<LifeLibertyHappi> hey guys, how do i configure ubuntu server 15.10 to allow sound through firefox ssh tunnel
<LifeLibertyHappi> i mean to say i have firefox running off the server with X11 forwarding..how do i also allow the sound through
<ikonia> LifeLibertyHappi: didn't we talk about this before ?
<LifeLibertyHappi> nope not with me
<ikonia> isn't this some sort of firewall security thing you're trying to do ?
<LifeLibertyHappi> no sir got the wrong guy
<ikonia> ok, well you need a sound server,
<ikonia> X11 can't do sound
<LifeLibertyHappi> i see
<LifeLibertyHappi> pulseaudio?
<ikonia> so you need a sound server like pulse audio (for example)
<ikonia> thats it, you got it
<LifeLibertyHappi> okay..i installed pulse audio but dont know what to do from there actually
<ikonia> so you need to tell it to forward it's sound over the ssh tunnel
<ikonia> and connect to your local sound server
<LifeLibertyHappi> oh i see. my client is windows and server ubuntu 15.10..i would need pulse audio client on windows then
<rinpoo> Ive just installed iptables-persistent with "sudo apt-get install". But when I try "sudo service iptables-persistent start" I get No such file....
<rinpoo> should I set AUTO_IDS_DANGER_LEVEL lower than 5 to block offending IPs?
<edfinch> I'm setting up a server. I have an SSD for /, and a RAID 1 HDD for /var /home and /tmp. How do I make all three in the same md0 partition in gparted?
#ubuntu-server 2015-12-24
<Delemas> Is there any way to see "journalctl -xe" output on failed upgrade root? I tried upgrading a server from 15.04 to 15.10 and it turned itself off at 85% done resulting in an unbootable mess.
<Delemas> Neither chooting to /mnt/root/@_failed_upgrade before running journalctl -xe nor using jornalctl --root option see the old files...
<mafoelffen> when is the next scheduled server team meeting?
<lordievader> Good morning.
<ren0v0> why does php5 install apache2...
<maxb> Because that's the default (first) implementation listed in the Depends line
<maxb> Install some other variant and uninstall apache2, if you want
<lordievader> Console only php ain't possible?
<Ben64> php5-cli
<lordievader> ren0v0: Install ^ if you just want php.
<andol> Or some other package, depending on what context you want to use php.
<andol> Example php5-cgi or php5-fpm
<ren0v0> Ben64, lordievader thanks
<ren0v0> maxb, it shouldn't have deps, should it
<ren0v0> it doesn't depend on apache2, i don't know why its installed with it
<ren0v0> Does anyone know if php5-fpm service should always be running once started? i assume so, just that mind is stopping itself right away, and i have nothing in its logs t say there is an issue, and i've turned logging level to debug
<coreycb> EmilienM, everything is in xenial-proposed right now except for neutron-vpnaas, murano, murano-dashboard, and aodh which are just waiting on a sponsor to upload
<coreycb> EmilienM, a little work is left to get everything backported to trusty-xenial-proposed
<EmilienM> coreycb: yeah, our CI is running LTS, trusty for now
<EmilienM> coreycb: do you know when ~ can I run mitaka on trusty?
<jvwjgames> Is there a way to reinstall the networking in Ubuntu server 14.04
<tsimonq2> +1
<ikonia> why do you need to re-install it ?
<ikonia> as the common sense approach would be to re-install the package
 * tsimonq2 uninstalled network packages once and it would be good to know how to recover them
<ikonia> what do you mean recover them
<ikonia> you just install the packages you want
<tsimonq2> but you can't if networking is gone
<ikonia> if you uninstall them and want them back, reinstall the package you just removed
<ikonia> you can, download them and move them on , or manually configure your networking temporary
<jvwjgames> My networking keeps on cutting out and I know it is not my internet it is my server
<jvwjgames> That's why I need to reinstall networking
<jvwjgames> Also if I have static ip's do I really need network manager
<ikonia> jvwjgames: that is not a solution
<ikonia> jvwjgames: your network keeps dropping so you'll re-install network manager ???
<ikonia> that is not debugging or a solution, thats just random guessing
<jvwjgames> I have checked everything though that I can think of
<ikonia> why do you think it's network manager ?
<ikonia> what suggests it is
<jvwjgames> I don't think that but I just thought that if I refreshed it it would help
<ikonia> why would it help ?
<ikonia> reinstalling a bit of software thats working fine
<ikonia> what benifit will that do ?
<ikonia> why don't you focus on understanding what's going on
<jvwjgames> I am trying to
<ikonia> ok - what have you learnt as fact so far
<jvwjgames> My /etc/network/interfaces file is correct
<jvwjgames> My IP routes are fine
<ikonia> well you shouldn't be using that if you're using network manager
<ikonia> so I think we've found one problems straight away
<ikonia> you've configured the networking file and network manager
<ikonia> that will create a conflict
<jvwjgames> Ok
<ikonia> ( a conflict that should be managed to be fair - but often doesn't )
<jvwjgames> So then yes uninstall network manager
<ikonia> if you don't want network manager, sure
<jvwjgames> How would that create a conflict
<ikonia> jvwjgames: so the legacy scripts will parse the networking file and configure the interface, while network manager will also want to create/manage the interface
<ikonia> network manager "should" ignore the interfaces file if it's populated, but that doesn't always work
<jvwjgames> Ah Ok
<jvwjgames> Well I nuked network manager I am crossing my fingers I will still have connectivity
<ikonia> if your interfaces file is correct, you should have zero issue
<jvwjgames> Interfaces failed to come up
<ikonia> ok - so walk the init process,
<ikonia> try bringing it up manually
<jvwjgames> OK I think they are up but no network connectivity
<ikonia> then they are not up
<ikonia> or you have a serious problem with your network
<jvwjgames> http://picpaste.com/pics/IMAG0250-ZQCQ3fnS.1450984161.jpg
<ikonia> thats a file
<ikonia> that doesn't show if they are up or their status
<jvwjgames> http://picpaste.com/pics/IMAG0251-4jn39e3q.1450984381.jpg
<ikonia> jvwjgames: so that means it's got a static IP address, is the inteface actually up, can it talk to anything else at an IP level ?
<jvwjgames> http://picpaste.com/pics/IMAG0253-myXabBbX.1450984739.jpg
<ikonia> there you go then
<ikonia> it's up and working on the network
<jvwjgames> But as you can see it can't get out to the internet
<ikonia> because your firewall is blocking it
<jvwjgames> No firewall on the network
<ikonia> you can see it's getting to your firewall and the firewall is blocking the next hop
<jvwjgames> That domain I assigned by Comcast
<ikonia> not sure what thats got to do with anything ?
<jvwjgames> That is the interface that is still on the local network
<ikonia> what ?
<jvwjgames> Meaning that interface is on my server I am pinging from
<ikonia> jvwjgames: it's still trying to get out of that device
<ikonia> look at the gateway that device is trying to use
<ikonia> it's clear DNS is working as it's getting IP's so it's on the network
<ikonia> I suspect your router/firewall is screwed
<ikonia> routing / firewal
<ikonia> firewall
<jvwjgames> The only thing is I don't have a router on the servers network
<jvwjgames> And the modem is in pass-through mode
<ikonia> there must be a gateway to connect you to the internet
<jvwjgames> The gateway is on 96.92.80.222 so the gateway is on Comcast side
<ikonia> it still has to reach that gateway to get out onto the internet
<jvwjgames> True
<jvwjgames> That's weird I can ping and traceroute to 222 but can't get past that
<ikonia> what is 222 ?
<jvwjgames> The gateway
<ikonia> ok, so if you can reach the gateway but can't get past it, that suggests it's blocking icmp
<jvwjgames> But if I try to do apt it says can't connect
<ikonia> ok - so if you can get to the gateway but the gateway won't let you out, the gateway is the problem
<jvwjgames> OK
<jvwjgames> But one last thing I have other devices that can reach the internet on the same modem
<ikonia> what is their gateway ?
<jvwjgames> Sorry about that
<jvwjgames> There gateway is also 96.92.80.222
<jvwjgames> Plus my mac works and it is staticly assigned with 96.92.80.222
<jvwjgames> ikonia: uh-oh oh no this is bad I think
<ikonia> jvwjgames: ?
#ubuntu-server 2015-12-25
<rinpoo> I have the following problem when I started my server today my router seems to have have -sU scanned me. Since there were more than 5 attempts Psad banned my router for 1 hour.
<rinpoo> The router hasn't done this before so was that an attempt to scan my server from the www?
<lordievader> Good morning.
<Walex2> rinpoo: maybe, but then the source addresses should have been not your router. Unless the scanner figured out what your router's internal address was, which often is a default
<Walex2> rinpoo: but then the scan would have been pointless
<rinpoo> well psad blocked it
<rinpoo> and now I cant use apt-get T_T
<rinpoo> well it was strange the router didnt do that in the week psad was running
<rinpoo> just today
<rinpoo> and enough to get banned
<rinpoo> now Im struggling to unban it
<rinpoo> found the problem router had dhcp on and server had a static ip
<rinpoo> that was in the dhcp ip range
<ikonia> rinpoo: maybe worth setting a smaller range on the dhcp scope
<ikonia> eg: starting at say .20 of the range
<ikonia> so you always have 1-20 free if you need non-dhcp addressing
<rinpoo> yes I did that now
<Walex2> rinpoo: as to home routers I find that they ban my desktops in a different case
<Walex2> rinpoo: most of them have "denial of service" detectors. Very stupidly they work *both ways*. So if I open a web page with a lot of images, or if I download a directory with a lot of small files, the high rate of connections coming from the desktop to the internet gets its banned by the router.
<rinpoo> I never had that problem with my router
<rinpoo> Im still gonna replace it with my server and use the server as router
<bekks> Never had such issues, either.
<rinpoo> but first I need to get the server running flawlessly
<Kartagis> hi
<teward> hello!
<Kartagis> if I have a site on a separate server and it doesn't have an MTA on it, can I still tell it to use my mail server?
<Kartagis> the domain's MX is pointing to my own server which actually has an MTA on it
<Kartagis> only the website is there
#ubuntu-server 2015-12-26
<JanC> Kartagis: it depends on the web software you use, but I would be surprised if the web server has no (simple) MTA on it, and if not you should probably be able to install one that only relays local mail to your mail server (e.g. nullmailer)
<[Mew2]> hhey guys, how to backup an ubuntu server?
<patdk-lap> hundreds of ways
<lordievader> Good morning
<rinpoo> I have tried to use service iptables restart but I get faild no such file ....   I also have ufw running I thought that using both would be more secure, but I get the feeling that ufw interferes with my iptables config
<rinpoo> should I keep both or use ufw only or iptables only?
<jdstrand> rinpoo: you can use both, but you need to know what you are doing. in terms of being more secure, it is fine to use just ufw. You may want to look in /etc/ufw/before*.rules if you want to change defaults. I suggest reading 'man ufw-framework' for details
<rinpoo> Ive read that ufw is just a frontend for iptables, I thought they were 2 separate programs. Ill be purging ufw, Im pretty much doing everything myself in the iptables files anyway.
<jdstrand> ufw is a frontend for iptables. if you are configuring iptables directly, there is no reason to use ufw
<rinpoo> is there a better alternative to tiger?
<rinpoo> Im just using it as security audit
<rinpoo> is it possible to use an ip range with ListenAddress in sshd_config?
<rinpoo> there is this 192.168.0.1/24 which gives full range from 192.168.0.1 to 255 but I dont really understand how it works and how I can just do 1 to 50 or if it works in the sshd_config
<jrwren> rinpoo: 24 is a bitmask. look up CIDR notation.
<jrwren> rinpoo: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation
<rinpoo> thx
<rinpoo> so if I want an address range of 32 I need to use 192.168.0.1/27 with an 255.255.255.224 mask is this correct?
<rinpoo> isnt there something like 192.168.0.1 to 192.168.0.23?
<teward> rinpoo: by 'range' you mean exactly 32 addresses?
<teward> because a /27 (255.255.255.224) will give you *30* addresses, I believe, usable
<teward> and no there's no range that'll cover .1 to .23
<jrwren> rinpoo: well, ListenAddress in sshd_config is which addresses to bind on. Its not likely you have 30 addresses on one server, or do you?
<teward> also, ^
<jrwren> rinpoo: what are you trying to do?
<rinpoo> well Im using dhcp so the ip might change thats why
<rinpoo> also when friends come over and connect they get different ips
<teward> um...
<teward> rinpoo: suggestion:
<teward> (1) set your DHCP range that DHCP serves from *outside* the entire /24 or whatever's on your net
<teward> (2) set your server to have a static IP within the /24 that's not in the DHCP range
<rinpoo> server has static ip
<teward> ListenAddress should then be that Static IP
<teward> done
<rinpoo> ohh ok
<teward> rinpoo:
<teward> [2015-12-26 13:32:42] <rinpoo> well Im using dhcp so the ip might change thats why  <-- if this is the case then it is NOT static
<rinpoo> then I missunderstood the whole thing
<teward> erm i misspoke
<teward> rinpoo: I meant tell DHCP to serve a specific range of addresses in your /24, and NOT the whole subnet
<teward> then set the static to an IP not in the DHCP range
<teward> which, strangely enough, is how I achieve a mix of static AND dynamic addresses on wifi and LAN in my network :P
<teward> so, .100 - .200 would be the DHCP range
<rinpoo> no I thought ListenAddress are the IPs the server lsitens too XD
<rinpoo> listens
<teward> rinpoo: ListenAddress is the IP of the server itself
<teward> i.e. what static address it is assigned
<teward> so if your system gets 192.168.1.150 all the time
<teward> then ListenAddress is likely 192.168.1.150
<teward> so the SSH server binds to that port.
<teward> for that IP address
<teward> (so if Port is 22, and ListenAddress is 192.168.1.150, then it will bind to 192.168.1.150:22
<teward> and listen there for all incoming connection attempts)
<jrwren> good dhcp servers bing before assigning address. I use a pretty wide range and a mix of static addresses in that range. YMMV
<teward> that as wel
<teward> well*
<rinpoo> thx a lot
<teward> jrwren: i take a different approach, either Static DHCP reservations outside the dynamic DHCP range for my static IP things, or static on the servers/systems themselves
<rinpoo> this would have taken me a whole day otherwise XD
<teward> in either case *those* systems are always on but meh
<teward> rinpoo: this is why we're here
<teward> rinpoo: note that ListenAddress is always the IP of the server, or multiple ListenAddress lines if it's on different LANs or subnets and listens on those, and such.  the IP of your other machines on your network getting DHCP should never be an issue
<jrwren> teward: me too. I was remembering my config wrong. 120-150 dynamic. my static stuff is less than 120.
<teward> rinpoo: though, if you are getting a dynamic IP, you shouldn't be using a ListenAddress IMO
<teward> because your IP may change
<teward> (but if your Server on that network is always getting the same IP (either a static DHCP reservation, or a static IP specifically specified in the server config), then you can set ListenAddress)
<rinpoo> nono server and router are static, just the client pcs are dynamic
<teward> rinpoo: OK, that was vague earlier ;)
<teward> (these kinds of details help expedite identification of answers :P)
<rinpoo> well I would have told you earlier but you type rly fast
<rinpoo> but thank you a bunch this was really confusing me
<rinpoo> or better you two
#ubuntu-server 2015-12-27
<nk1> does anyone know a way to push irc messages to terminal
<grendal_prime> openfire
<ikonia> ?
<littlebit> hi poeple, i have setup and configured dnsmasq successfully with a range of x.x.x.100 - x.x.x.200 . usually when someone requests for an ip address it should be x.x.x.100 and so on, in my case I got x.x.x.179 how come?
<bekks> littlebit: .179 is in the range of .100-.200
<littlebit> bekks: i know, but y not start 100?
<bekks> littlebit: No. Why should it?
<littlebit> bekks: out of curiosity
<bekks> littlebit: Actually no. The according RFC do not define the order of address to be given to clients.
<littlebit> bekks: ok, thx
<CiPi> ââ¢ââ°â°â°â°â°â
<devster31> so, I know sudo replaces path usually, but this puzzles me, I have the same output of echo $PATH and sudo -u git echo $PATH, and I even tried with  -E flag, that should preserve environment, and it still can't find an executable that clearly is in the path
<[Mew2]> hello
<[Mew2]> anyone here?
<ikonia> yes
<ikonia> quite a lot of people
<[Mew2]> hey
<[Mew2]> so i am concerned
<[Mew2]> about a server owner of a ubuntu server vps
<[Mew2]> i hear that nothign can be done
<[Mew2]> because the ram is exploitable?
<ikonia> what ?
<[Mew2]> ok let me restart
<ikonia> what are you talking about
<[Mew2]> say i have a ubuntu-server
<ikonia> ok
<ikonia> do you hava an ubuntu server ?
<[Mew2]> and i want to be 100% secure against the person who hosts that server
<[Mew2]> this is not possible?
<ikonia> within reason
<[Mew2]> like if i run a vpn thru it
<ikonia> depends on a lot of things
<[Mew2]> theres some important info in that traffic going
<[Mew2]> and i dont want to be exposed to the server host
<ikonia> it's not that simple a question
<ikonia> but vpn traffic is encypted
<[Mew2]> someone was telling me that the ram buffer is exploitable?
<ikonia> and based on the fact that I see you asking in openvpn channels about this sort of thing - you know it's encrypted
<[Mew2]> dont even know what that means tho
<ikonia> then forget about it
<[Mew2]> say the server admin wanted to sniff out my data
<[Mew2]> they could do it?
<ikonia> lets not say that
<[Mew2]> why?
<ikonia> as I've said 3 times it depends on quite a few things
<ikonia> you seem to want a yes/no answer to something that is quite a complex set of options
<[Mew2]> well ok
<[Mew2]> lets say i start up a fresh ubuntu server and configure openvpn on it
<[Mew2]> what can i do to protect my self from server admin
<ikonia> as I've now said 4 times - it depends on a lot of things
<ikonia> and vpn traffic is encypted, as you've been told at least 8 teims
<ikonia> times
<[Mew2]> ill gladly take ANY suggestions
<ikonia> use the vpn and don't worry about it
<ikonia> there is your suggestion
<[Mew2]> i dont want to get compromised
<ikonia> then use the vpn and don't worry about it
<[Mew2]> how about things like encrypting the vps hard drive?
<ikonia> what will that do ?
<[Mew2]> i dont know, encryption must exist for a reason?
<ikonia> I'll say again "your vpn taffic is encypted"
<[Mew2]> from me to vpn server is encrypted, from vpn server to destination is not
<[Mew2]> right?
<ikonia> your vpn communication is encypted
<ikonia> what happens after that depends on your server setup
<[Mew2]> right so this means that the outgoign traffic is available as plain text to the server admin
<[Mew2]> which is the reason im hee
<ikonia> no
<ikonia> "it will depend on your server config"
<[Mew2]> explain please?
<[Mew2]> i am new at this
<ikonia> "what happens after you VPN exit point will depend on how your server is configured"
<[Mew2]> thats a vague statement
<[Mew2]> i didnt know that there was different configs available
<[Mew2]> ok
<[Mew2]> nevermind
<[Mew2]> i dont think we are going anywhere wiht this
<[Mew2]> lets just forget about it
<[Mew2]> i have a more important question
<[Mew2]> i have a current ubuntu server
<[Mew2]> and i am going to cancel it and get a different one
<ikonia> ok
<[Mew2]> is there ane asy way to transfer the thing over?
<[Mew2]> easy*
<ikonia> "the thing" ??
<ikonia> what is "the thing"
<[Mew2]> the entire thing
<[Mew2]> the ubu server
<ikonia> no
<[Mew2]> ?
<ikonia> "no"
<[Mew2]> lol
<[Mew2]> there must be
<[Mew2]> i have only one app running on it
<ikonia> no there mustent
<[Mew2]> and some crontab entries
<ikonia> you ask a question, I tell hyou the answer you deny it
<[Mew2]> ok so tell me
<[Mew2]> how should i go about this
<ikonia> if you are sure I'm wrong - do it, rather than asking if its possible
<[Mew2]> start from scratch on the new server?
<ikonia> why do you want to change the server ?
<[Mew2]> better deal on new server
<ikonia> backup the data you want, and copy it to your new host,
<[Mew2]> can i backup everything?
<ikonia> no
<ikonia> as I said earlier
<ikonia> and you ignored and asked again
<[Mew2]> ok
<[Mew2]> what can i backup
<ikonia> your data
<ikonia> and possible some configs depending on the target server
<[Mew2]> is crontab entry count as data?
<ikonia> you can back up a corontab
<ikonia> but as it's just a few lines of text, why bother
<ikonia> it's hardly a problem
<[Mew2]> well i mean if i do this then what if some problems arise, maybe its easier to just start from scratch again
<ikonia> do what works best for you
<[Mew2]> i dont even know what will work best
<[Mew2]> as i said i am veyr new to this
<ikonia> so backup the user data you want, get a new server, and put the data back
<[Mew2]> by doing this i dont know what things wont backup tho
<ikonia> what does your server do ?
<[Mew2]> it runs a bnc
<ikonia> so you could backup the bnc config
<ikonia> install bnc on the new server and use the old config if the version is the same
<[Mew2]> what about the irc logs, user config, cron tab entry, maybe some other things im forgetting
<ikonia> backup any of that you want
<[Mew2]> i dont even know where its located
<[Mew2]> i think i will just start over
<[Mew2]> but like
<[Mew2]> making an image
<[Mew2]> ot an iso or something
<[Mew2]> i cant do that?
<ikonia> no
<ikonia> for the 4th time
<[Mew2]> hmm ok
<[Mew2]> i guess i expected it to be easier
<[Mew2]> now i know
<[Mew2]> thanks ikonia
<[Mew2]> i appriciate it
<[Mew2]> <333
#ubuntu-server 2016-12-26
<coetry> Can someone help me out with scp? I'm trying to transfer an entire directory from one server to another. I've modified the ssh port for the server that i'm transferring to, but scp keeps trying to connect through port 22
<coetry> https://paste.ubuntu.com/23687721/
<coetry> nvm I got it. The -P *** should come before the -r
#ubuntu-server 2016-12-27
<GALL0> Ubuntu 16.04.1 server, no GUI. edit `/etc/samba/smb.conf`  with http://pastebin.com/Rb5rVSU7 at the end. restarted samba service, can't connect via finder/OS X
<sarnold> GALL0: check logs on both systems
<GALL0> error	19:54:03.076550 -0600	kernel	loginwindow is not entitled
<GALL0> error	19:54:03.076678 -0600	kernel	UserEventAgent is not entitled
<GALL0> on mac
<GALL0> what log would it be in ubunu?
<tomreyn> /var/log/syslog i guess
<sarnold> sorry, it's been ages since I've dealt with samba issues.. look around for nmbd or smbd logs, auth logs, etc..
<patdk-lap> or one of the many samba log files
<patdk-lap> who knows, cause samba names it all kinds of crazy things, based on the name and ip of your mac
<sarnold> I suspect those mac events aren't related to the issue, they feel kinda vague and unrelated
<sarnold> heh so true
<sarnold> it can fail at basically all levels of the networking stack. it's not an easy thing to troubleshoot
<patdk-lap> ya, I found mine failing in odd ways
<patdk-lap> I can copy files to and from mine
<patdk-lap> but I cannot mount the drive
<sarnold> *snort*
<patdk-lap> log fails, due to unsupported encryption data connection
<sarnold> where do you even start? :)
<patdk-lap> the samba host doesn't do encrypted data, only signed
<patdk-lap> and I have enforce encryption set on all the machines
<patdk-lap> funny it even works at all
<patdk-lap> that system just needs to be upgraded
<GALL0> var/../log.smbd https://hastebin.com/gusuzobicu.pas
<sarnold> that's it? that's .. not much to work with.
<GALL0> new install
<GALL0> syslog only has services started/stopped
<sarnold> you can try something like tail -F /var/log/* and try the operation again, that might give you something to work with. Without a concrete error message from _something_ you're basically lost.
<GALL0> well, seems like someone is trying to brute force
<GALL0> fail2ban and auth.log printing out a lot
<sarnold> if it's reachable on the internet, that's practically a given these days
<tomreyn> that's gonna be ssh. hopefully you dont have samba shares on the internet
<sarnold> ^^ yes. that. don't put samba on the internet. :)
<compdoc> the last man to put samba on the internet became known as PirateBay, and he made millions
<charlie2> Have a server I haven't touched in years having problems now.
<charlie2> Seems like a disk space utilization issue and can't seem to free up space.  I know I solved this years ago and can't remember what the heck I did.
<charlie2> Here's my df - h:  https://paste.ubuntu.com/23692705/
<patdk-lap> well, start with, du -shx /*
<patdk-lap> and keep moving around based on what you find
<charlie2> Thanks.  Looks like a cloud backup program gone awry....
<charlie2> Uninstalled and all seems to be good now.
<ducasse> i'm setting up exim on 16.04, but all mail is sent from user@hostname.domain.com even though /etc/mailname is set to domain.com - any ideas what i'm doing wrong?
<lordievader> Good morning
<Genk1> what is the best strategy to implement high avaibility in Postfix servers
<Genk1> ?
<blackflow> what kind of HA do you need specific to Postfix, that's not general HA like a distributed storage + IP failover?
<blackflow> also keep in mind that the mail protocol is designed for transitional issues so you don't really need 100% uptime, meaning much simpler failover solutions are acceptable
<Genk1> blackflow, hmm I see
<Genk1> blackflow, so how to implement the first use case you suggested
<Genk1> please
<ziyourenxiang> set up two instances, point MX at them
<blackflow> people use glusterfs in production for storage redundancy in combination with IP failover that is not specific to OS but to the hosting infrastructure. Tools like "heartbeat" help with that.
<blackflow> there's also DRBD but I don't know much more about that part.
<Genk1> blackflow, I see
<Genk1> so you are talking about traditional HA here
<blackflow> or simply outsource that to a hosting company that does proper "cloud" service (automatic storage failover + VM migration) so you don't need to think of the hardware at all.
<blackflow> Genk1: yeah.
<Genk1> blackflow, absulotely right
<Genk1> thank you
<MASM> there is some command here to skip  user has joined o has quit?
<Poster> That would be in your client itself
<blackflow> MASM: http://wiki.xkcd.com/irc/Hide_join_part_messages
<MASM> blackflow: Thanks a lot :like:
<MASM> Hide Join
<MASM> Ã:;S
<MASM> :s i use this command to ignore quit and joins /ignore * JOINS PARTS QUITS
<MASM> but it didn't work
<MASM> :s hello some one help me, i wan't to ignore 'quit' or 'joined' in this chat i use '/ignore * JOINS PARTS QUITS'  but it didn't work, and '/ignore #ubuntu-server JOINS PARTS QUITS' but it didn't work
<MASM_> .
<MASM> ..
<MASM_> .
<MASM_> .
<MASM_> .
<MASM_> .
<MASM_> .
<MASM_> :S
<Smokie> hey guys, got an issue with an ubuntu server im running, for some reason it does not want to resolve any hostnames
<Smokie> this is my interface settings https://paste.ubuntu.com/23697252/
<patdk-lap> ya, that shouldn't resolve hostnames, need a dns search param
<patdk-lap> but I think you mean general dns names
<patdk-lap> you *sure* that mtu is right?
<patdk-lap> everything on that network has mtu 1492 configured on it?
<Smokie> patdk-lap, yeah
<Smokie> what do you mean it shouldnt resolve hostnames though?
<patdk-lap> a hostname is something like, server1
<patdk-lap> a fqdn is what your looking for, server1.example.com
<patdk-lap> dns doesn't work with hostnames, unless you use a search param
<Smokie> well, it wont resolve google.com with that setting
<Smokie> dns-nameservers is the right one, right?
<patdk-lap> "search Search list for host-name lookup."
<patdk-lap> what does /etc/resolv.conf contain?
<Smokie> patdk-lap, nothing.. it says not to manually edit that file
<patdk-lap> you do have in that file, auto eth0, somewhere right?
<patdk-lap> or did a ifup eth0 manually?
<Smokie> i just checked, yes :p
<Smokie> im connected to the server using that ip actually
<Smokie> ssh
<patdk-lap> is /etc/resolv.conf a link?
<patdk-lap> just cause your using that ip and it's configured that way, doesn't mean it was not manually configured cause that file didn't work :)
<patdk-lap> well, if /etc/resolv.conf is a link and it sounds like it probably is
<Smokie> patdk-lap, here is the full file https://paste.ubuntu.com/23697290/
<patdk-lap> I can only help more with a complete unedited /etc/network/interfaces file
<patdk-lap> I guess it might be something with the ipv6 address
<patdk-lap> it's not in an ipv6 section at all, it might be syntax checking it
<patdk-lap> since it's not valid for the ipv4 config block
<Smokie> i tried without it, will try again now
<Smokie> still says ping: unknown host google.com
<patdk-lap> how did you test?
<patdk-lap> ifdown/ifup, or reboot?
<Smokie>  /etc/init.d/networking restart
<patdk-lap> hmm, strange, that has never been supported, and I don't think has worked since 12.04
<Smokie> this is 12.04.5 hehehe
<Smokie> no dice
#ubuntu-server 2016-12-28
<lordievader> Good morning
<Onepamopa> question - /proc/sys/kernel/core_pattern is set to /tmp/core.%e.%p.%t, * soft core 500000 & root hard core 1000000 in limits.conf, the application segfaults and no corefile is found anywhere
<Onepamopa> ubuntu server 16.04 x64
<Onepamopa> so, how do I go about enabling core dump files ?
<Genk1> Hello all
<Genk1>  what is the fast  way to backup/recover a mysql database using MyISAM engine ?
<Genk1> I've found mysqldump to be very slow
<ddellav> with myisam thats kinda all you go
<ddellav> *got
<ddellav> with innodb you can do incremental backups but myisam is not transactional so your only choice is a full table dump
<Genk1> ddellav, I see thanks for your your answer
<ddellav> you're welcome Genk1
<JanC> also depends on database size how fast it is of course...
<patdk-lap> and what filesystem your using
<patdk-lap> personally, I had always used lvm snapshots to backup mysql myisam
<patdk-lap> but it has been awhile, and use innodb for just about everything now
<Walex> patdk-lap: even LVM2 snapshots are not that good for consistent MyISAM state, but they usually work.
<Walex> Genk1: you should really ask in #MySQL or #MariaDB for faster alternatives to 'mysqldump'. But that's really the right way to do it. If it is slow that may mean that your MyISAM files need compacting
<blackflow> depends on the definition of "slow" and considering database size
<blackflow> meanwhile, like Walex said, using fs snapshots to back up the database is illadvised as the database has its own regime of syncing states with the underlying fs, so you might be snapshotting incomplete states.
<blackflow> postgres has the ability to do WAL archiving. I don't know if that's possible with MySQL. Also, consider using real time replication for backup.
<maswan> eh, if it is an atomic snapshot, it is no more unsafe than handling an unscheduled power loss
<blackflow> correct, but "unschedules power loss" is not a "consistent backup state" that you want your data BACK UP to be in :)
<blackflow> *d
<blackflow> and iirc, "unscheduled power loss" with MyISAM tables leads to "lots of corruption and pain". :)
<maswan> well, then i'd certainly not use that for any data i'd like to keep. :)
<blackflow> if dumps are inadequate, replication is really the best, consistent form of back up.
<maswan> dumps were hard for us, so we setup replication, then tuned that to the point that we could get dumps made on the replica so we had both
<patdk-wk> hmm, the database doesn't have it's own syning time, that is what a flush command is for
<patdk-wk> now if the filesystem supports flushing also, would be requred for lvm snapshot to work
<patdk-wk> but if every level is flushed, it's a perfect usable method
<patdk-wk> though personally, using a mysql slave database, and doing your backups on there, is better, if your concerned about downtime
<JanC> depending on the dependencies, you could possibly dump some tables separately too...
<blackflow> patdk-wk: the files are mmaped and there's no guarantee that at every given moment, data in files represents 100% the in-memory state.
<patdk-wk> blackflow, did the default change? it was not using mmap by default normally
<blackflow> patdk-wk: afaik it mmaps since 5.1. but now that you mention it, I could be wrong, yes.
<patdk-wk> I see support for mmap in 5.1
<patdk-wk> but it is not enabled, except for packed myisam files, and those are read-only
<erick3k> hi
<erick3k> can someone help me with a routing problem?
<erick3k> anyone in here?
<Pici> kinda
<erick3k> haha
<erick3k> is there a way to force a different subnet gateway to work instead of using the route command or post up?
<erick3k> anyone
<erick3k> ?
<jelly> what's a subnet gateway?
<jelly> show an example.  Explain what it's doing, what the actual results are, what you'd want it to do instead
<jelly> eg. pastebin current outputs of "ip a" and "ip r" and your network config (/etc/network/interfaces, or whatever else you use)
<maxb> Also, don't say "instead of using (some perfectly reasonable options)" without explaining why you propose not to use them
<erick3k> well am going to try
<erick3k> the ip and gateway are on different subnet
<erick3k> so if i put gateway on the /etc/network/interfaces it can not be bring up
<erick3k> now if i remove it and add route add default gw (gw ip)
<erick3k> as a command it works
<erick3k> now i have to through cloud-init add default gateway to the /etc/network/interfaces due to automation
<erick3k> so basically a fix could be adding a command before the network starts to delete the line gateway xxx.xxx.xxx.xxx from /etc/network/interfaces before bringing it up on boot
<maxb> This sounds a bit scary and broken
<erick3k> i know
<erick3k> thats why am trying to find a better solution
<erick3k> since ubuntu doesnt allow a different subnet gateway on /etc/network/interfaces
<maxb> I think you will need to paste the output of "ip route" if we are to have any hope of understanding your network setup
<erick3k> ok am gonna show with pics
<erick3k> maxb here is not working
<erick3k> https://i.imgur.com/z91hKJR.png
<erick3k> hold on
<maxb> This is not a sensible configuration
<maxb> You can't use an address outside the subnet as a default gateway unless there's some other special routing going on
<robert45> hi guys, after a dist-upgrade process my server is unbootable, Im getting this on the screen, any advice? http://imgur.com/a/l1hvV
<tomreyn> robert45: press enter and examine?
<tomreyn> for a (n entirely blind) guess: zfs related
<robert45> tomreyn I appreciate the quick reply, Im now inside the shell. I did a service networking status and this is what I get, ifconfig shows correct network setup: http://imgur.com/a/bY7yz
<tomreyn> robert45: you should start examingn the cause of the first error, not the last
<tomreyn> robert45: on the screen shot you posted, the first error (which has not scroll off screen, i.e. there may have been others before this one) is about systems-tmpfiles-setup.service
<tomreyn> the temporary / volatile file storage service did not start up properly.
<tomreyn> it is suggested that you should run "systemctl status systems-tmpfiles-setup.service" to examine this issue.
<tomreyn> note how the message right before this is about starting ZFS support via FUSE
<robert45> tomreyn tx, Im running that command now
<tomreyn> also note that ZFS-fuse is considered deprecated
<tomreyn> use the native module instead
<Curiontice> Hi! I want to cache HTTPS site contents such as Facebook Images and etc. I have added the following https_port 3126 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/lib/ssl_db/certs/myCA.pem connection-auth=off. This gives me errors. Is squid can not be run this way?
<Curiontice> Please if anyone know the answer, PM me.
<tomreyn> you might want to discuss the errors you get there.
<MASM> in logs?
<Curiontice> It just crashes. Segfault at xx.xx.xx
<Curiontice> Can squid be run with Tproxy target for HTTPS traffic?
<Curiontice> \
<Curiontice> Can you pls confim me that ^
 * tomreyn lacks Squid experience, can't tell
<Curiontice> MASM: Can squid be run with Tproxy target for HTTPS traffic?
<tomreyn> All I can tell is that caching SSL content contradicts with the idea of end-to-end encryption, it is only possible by creating a man-in-the-middle. Some companies and ... ISPs in some countries ... still do it anyways.
<MASM> i don't know men, sorry...
<tomreyn> http://wiki.squid-cache.org/Features/HTTPS
<tomreyn> i assume "tproxy" stands for 'transparent proxy'.
<robert45> tomreyn sorry I had some troubles with the systemctl command, this is what I get: http://imgur.com/a/x7p6l
<robert45> I assume its because the filesystem is mounted as readonly
<tomreyn> robert45: same here
<robert45> Im rebooting it again to see if get why its not mounting properly
<tomreyn> robert45: i would check syslog, go back to when you booted, then look through those lines until you hit the first error.
<tomreyn> or start with "dmesg -T | less" - sometimes this is faster
<robert45> tomreyn tx, doing that now
<tomreyn> one (of many) possible explanation might be file system corruption on /etc or / (i do not know your partitioning scheme)
<robert45> tomreyn ugh! I hope not, its a production server :(
<robert45> tomreyn ok I caught the first error, I dont think it could be related, do you? http://imgur.com/a/p0OXS
<tomreyn> apparmor failing could be related, yes
<robert45> tomreyn well, its the same error, systemctl shows a read-only filesystem
<tomreyn> you surely have current backups, and if it's an important system you surely considered a HA configuration?
<robert45> when systemctl apparmor thing
<tomreyn> so check dmesg + syslog, find out why it's r/o
<robert45> tomreyn tx, I was able to bring it online, few service still failing though
<robert45> tomreyn for some reason its mounting /dev/sda1 as ro, but if I use mount -o remount,tw it mounts it ok, any ideas?
<robert45> tomreyn nevermind, I was able to fix it, it was all fstab related
<robert45> its showing 16.04 instead of 16.10, not sure it didnt upgrade all the way through
<tomreyn> robert45: so you upgraded from 16.04 to 16.10 recently, or tried to? appartenly it didn't happen if lsb_release -sd still shows 16.04
<robert45> tomreyn I upgraded from 14.04, it shows 16.04 now
<robert45> first time
<tomreyn> <robert45> its showing 16.04 instead of 16.10, not sure it didnt upgrade all the way through
<tomreyn> this is contradictionary
<robert45> tomreyn not sure if I understood. I was looking to upgrade to 16.10
<robert45> tomreyn so I upgraded from 14.04, do I need to run another upgrade?
<tomreyn> either you last upgraded from 14.04 to 16.04, or from 16.04 to 16.10
<tomreyn> only one of them can be correct
<robert45> tomreyn I upgraded from 14.04 to 16.04
<robert45> Im looking to upgrade to the latest version 16.10, is it possible?
<tomreyn> yes, personally i prefer to run LTS releases on servers, whoever, do not like to have to upgrade every 6 months
<tomreyn> s/whoever/however/
<tomreyn> also LTS releases tend to be a lot more stable
<robert45> tomreyn I see. I ran do-release-upgrade and got "No new release found"
<robert45> tomreyn oh I just noticed 16.10 its not a LTS release
<robert45> tomreyn so you dont recommend to upgrade from LTS to latest non LTS ?
<tomreyn> correct, 16.10 is not LTS. and personally i prefer to only run LTS on servers. in even more so in your case. ;)
<tomreyn> correct, 16.10 is not LTS. and personally i prefer to only run LTS on servers. and even more so in your case. ;)
<tomreyn> ^typo fixed
<tomreyn> first of all, i would suggest you ensure your previous upgrade succeeded, and the system is in a good condition.
<tomreyn> !lts | robert45
<ubottu> robert45: LTS means Long Term Support. Until 12.04 LTS versions of Ubuntu were supported for 3 years on the desktop, and 5 years on the server; since 12.04 (Precise Pangolin) LTS versions will be supported for 5 years on the desktop and server. The latest LTS version of Ubuntu is !Xenial (Xenial Xerus 16.04.1)
<robert45> tomreyn yes I think I wont upgrade it, Im scary to suffer any other downtime like this one
<robert45> tomreyn understood, so far everything looks good! :)
<patdk-lp> also be very sure of the non-lts support lifetime
<patdk-lp> it used to be 18months, but now is like 9 I think, or maybe 6
<tomreyn> and system upgrades mean downtime
<tomreyn> robert45: if you like i can check your output of "apt-get update", "apt-cache policy", "apt-get -V -f install", "apt-get -V -y --simulate dist-upgrade" later.
<patdk-lp> or worse, a broken package during upgrade
<tomreyn> robert45: .. post them to a pastebin if so, e.g. using !pastebinit
<tomreyn> !pastebinit | robert45
<ubottu> robert45: pastebinit is the command-line equivalent of !pastebin - Command output, or other text can be redirected to pastebinit, which then reports an URL containing the output - To use pastebinit, install the Â« pastebinit Â» package from a package manager - Simple usage: command | pastebinit -b http://paste.ubuntu.com
 * tomreyn taking a shower now
<robert45> sure, running those now
<robert45> tomreyn patdk-lap looks like some errors indeed: http://paste.ubuntu.com/23701740/
<robert45> how should I proceed?
<erick3k> how can i run post-up command outside of /etc/network/interfaces?
<andol> erick3k: cut-n-paste to the shell?
<erick3k> andol i meant to run on startup outside interfaces,
<erick3k> in shell says command not found
<MASM> erick3k maybe put link in bin path
<MASM> erick3k, maybe create a shortcuts in local/bin
<erick3k> MASM can you link me to an example and a little newbie
<MASM> erick3k,  shortcuts : http://unix.stackexchange.com/questions/226315/how-to-use-ln-s-to-create-a-command-line-shortcut
<MASM> erick3k, program executable everywhere : http://unix.stackexchange.com/questions/3809/how-can-i-make-a-program-executable-from-everywhere
<erick3k> MASM am not sure that would work i want  post-up route add xxx.xxx.xxx.xxx dev eth0 to run outside /etc/network/interfaces file
<erick3k> just that command
<erick3k> because /interfaces will be modified by cloud-init
<maxb> If cloud-init is incorrectly changing your config, then fix that, rather than trying to paper over it elsewhere
<erick3k> huh if i knew how
<erick3k> i would
<erick3k> is it possible to run that command outside interface or not?
<erick3k> like on centos
<erick3k> you just add route-eth0 file
<maxb> Ubuntu's network configuration chooses to give you one readable file rather than littering bits and pieces across multiple files like CentOS
<tomreyn> robert45: i don't see errors there. I see a notice, "N: Ignoring file '50unattended-upgrades.ucf-dist' in directory '/etc/apt/apt.conf.d/' as it has an invalid filename extension", and i see a lot of no longer needed (due to changed dependencies) packages which can likely be removed (using apt-get --purge autoremove)
<erick3k> maxb so only solution is to have a custom script or have cloud-init run it?
<robert45> tomreyn ok do you recommend to --purge autoremove or should I kept those for just inc ase?
<maxb> yes
<maxb> If you're using cloud-init to configure your networking, it needs to do it *right*
<maxb> If it isn't, you need to work on addressing that
<tomreyn> robert45: yes maybe dont purge immediately
<tomreyn> there's zfs-fuse in there
<erick3k> got it, maxb what about if i make a file executable here /etc/network/if-up/ with that command?
<erick3k> would that work?
<robert45> tomreyn sorry got dc'ed, thanks so much for your help, wish you a happy new year!
<erick3k> maxb you still here?
<erick3k> remember about the network?
<erick3k> found a solution :)
#ubuntu-server 2016-12-29
<Sircle> If squid cannot cache https traffic, what is the solution?
<lordievader> Good morning
<Sircle> mmlj4:  why go all through the trouble of mitm. No easy way? Almost all websites these days are https. So if its unable to be cached, its useless for having squid. no?
<Sircle> If squid cannot cache https traffic, what is the solution?
<blackflow> Sircle: I don't have the entire backlog, what was the issue?
<JanC> blackflow: from what I can tell, he's wondering what use it has to run squid when more and more sites use HTTPS
<JanC> he/she
<AnotherGuyver> Hi guys, quick question regarding ssh on Ubuntu server:
<AnotherGuyver> I have my key in the authorized_keys file. When I try to log in, it asks for a password and the log tells me, that the file con not be found. However, if I already have a window open and try to log in a second time from the Terminal, it log in without any problems.
<JanC> ssh can share connections
<maxb> Or, perhaps you're using encrypted home directories, such that the ssh server cannot see the authorized_keys file unless it has been unlocked by another session
<AnotherGuyver> Ah, yes, I do. So after I log in the first time, the home directory becomes visible?
<JanC> in that case you need to move the key outside the encrypted home
<AnotherGuyver> Ah I see. Ok, thank you, I'll try that.
<AnotherGuyver> Ok, it worked. However, I get a strange phenomenom. When I logged in with the password, i got the usual shell(zsh in my case): [user:~]$      Now I get user-www%
<AnotherGuyver> Ah, and I also get a message in the beginning "The programs included with the Ubuntu system are free software; ...."
<AnotherGuyver> So did it revert me to the bash shell? echo $0 still outputs -zsh
<AnotherGuyver> And it seems the home folder has changed to include only: "Access-Your-Private-Data.desktop  README.txt"
<JanC> AnotherGuyver: you probably need some fiddling with PAM or the like
<AnotherGuyver> Is it possible to auto-login without a password if you have an encrypted directory? I can do an 'ecryptfs-mount-private' and then a 'exec zsh' (not ... && ... though) to get back to my shell.
<JanC> technically it should be possible
<JanC> not sure if it's implemented  :)
<JanC> basically, you need a way to unlock the key for the encrypted file system
<AnotherGuyver> You mean before I log into the system?
<JanC> just after you log in
<JanC> but before you run anything else
<Sircle> squid cannot cache https traffic, what is the solution?
<JanC> Sircle: why do you need a "solution"
<Sircle> JanC:  of course to cache https traffic
<Sircle> to save bandwidth and data transfer
<AnotherGuyver> JanC: could I just autorun the ecrypt... and so on?
<JanC> for most sites that use HTTPS (properly), you wouldn't cache much anyway
<JanC> AnotherGuyver: I think that can happen with some help from PAM...
<JanC> but I never tried that  :)
<blackflow> Sircle: http://wiki.squid-cache.org/Features/HTTPS
<Sircle> blackflow:  have yo uimplemented and agree its simple enough?
<AnotherGuyver> JanC: Would something like that work: http://askubuntu.com/questions/115497/encrypted-home-directory-not-auto-mounting (the second solution with the 2 thumbs-ups)?
<blackflow> Sircle: no, it's a pain and basically futile imho
<Sircle> blackflow:  exactly my  point.
<Sircle> blackflow:  is there a seamless solution?
<blackflow> Sircle: no, it's the nature of SSL traffic. Uncacheable unless you break SSL
<JanC> the whole point of HTTPS traffic is that it's not cacheable between server & client...
<Sircle> blackflow:  JanC   don't you think it should be cacheable (as encrypted data). The browser decrypts it.
<blackflow> Sircle: no because that't the nature of encryption. perfect encryption is indistinguishable form random noise.
<JanC> the server & the client (browser) can cache it
<blackflow> random noise cannot be compressed nor cached.
<blackflow> JanC: "it" being content after decryption :)   so back to "unless you break SSL"
<Sircle> hm
<JanC> e.g. if the servers says a particular resource (e.g. an image) will never get changed, a browser should only fetch it if it's not in its cache
<blackflow> note that properly done sites will return 304 for unmodified content, which is the best they can do do reduce encrypted traffic, aside from compression.
<JanC> blackflow: it's not about breaking SSL, it's about using HTTP properly
<JanC> of course you don't have much control over that as a user
<blackflow> JanC: no, you're looking at two different OSI layers. You want to cache one level higher, with the infra that transports it (the cache in the middle) oblivious to those higher levels (beyond encryption)
<blackflow> HTTP is not used improperly
<blackflow> You can terminate SSL, cache content and serve cached content to your clients with your own certificate
<JanC> of course those are different OSI layers
<blackflow> But imho it's futile, the nature of modern web is not cacheable in that way, the best you can do, and that part works, is browsers asking if content they saw before has changed, and they receive it only if changed. that's the PROPER way to use http :)
<blackflow> so browsers cache locally. Use the developer tool of your browser, eg. hit F12 in FireFox, and observe how much of it is responded with 304
<JanC> for most sites there is no need to ask if content changed for most of their content
<JanC> especially not for their big content
<JanC> like images
<blackflow> the sites decide that and can set very long timeout. that's what we do on images, for example. if the images change, they get new URLs, so we don' thave to play the cache invalidation game.
<JanC> blackflow: exactly
<JanC> blackflow: that's what I mean by sites using HTTP properly
<JanC> which most don't
<blackflow> JanC: ah yes. And sorry, I confused you with Sircle, thouhgt you were talking about using the cache directives of http even through https. That's why I mentioned different OSI layers :)
<JanC> cache directives in HTTPS work the same as in HTTP (although browsers might use them differently)
<blackflow> sure, but intermediate caches (eg the Squid in question) can't, unless they terminate SSL
<blackflow> In fact that is what antiviruses on Windows do in order to inspect https, imaps and pop3s traffic.
<blackflow> At least some that I've seen.
<JanC> when using client keys, they can't intermediate at all
<blackflow> true.
<JanC> and those Windows antivirus have been abused
<blackflow> yup.
<JanC> to do pretty much what they are supposed to avoid
<blackflow> It's MITM for all intents and purposes, benign or not.
<JanC> but then again, the whole SSL model is flawed  :-(
<JanC> well, not the whole model, but at the very least how it has been implemented
<blackflow> Yeah, especially since we're still calling in SSL and nobody should be using SSL anyway.
<JanC> doesn't matter if it's SSL or TLS
<JanC> it's the trust model that is broken
<blackflow> Yeah I know what you're talking about. Case in point: recent dropping of StartSSL from Chrome and FF.
<JanC> they still support most country CAs
<blackflow> those are cases that are detected, acted upon and publicized. But how many abuse cases are there that go undetected, unmitigated and silent.
<JanC> they are unlikely to be detected if they are isolated
<JanC> to be fair: I think it's great to have country CAs included, but there should be some way to make sure those are only used to sign government site certificates
<JanC> and I doubt most SSL/TLS libraries do that right now...
<jak2000> ow to know why my networkcard not up?
<jak2000> when startup the linux i get this: http://postimg.org/image/8xsh3mmzd/   run the command and get this: https://postimg.org/image/eiyv6tnkv/   how to fix, why cant ping out the box thanks
<pk2x3> open /etc/rc.local with root permissions and comment all lines except "exit 0", then restart the server.
<pk2x3> "sudo nano /etc/rc.local"
<pk2x3> 52/5000
<pk2x3> Comment the lines by putting # in front of each line.
<jak2000> ok
<jaguardown> Hi all
<jaguardown> I have Ubuntu Server 16.04.1 i386 installed on an old, home box. I set up encrypted LVM. Is there a way to automatically provide the passphrase to decrypt on boot so that rebooting won't cut off remote ssh access? I tried to search but wasn't sure exactly how to find it.
<jaguardown> If not I suppose I will just reinstall without encrypted LVM
<jaguardown> But the fact that it is an option on a server installation leads me to believe there is a way to handle this issue.
<gorelative> hey folks, on ubuntu 16.04.01 LTS, apt-get upgrade tells me these packagse are held back... linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual
<gorelative> #1 can i find out WHY, #2 how can i apply them?
<rattking> gorelative: those packages probably require a new package being installed. 'upgrade' wont do that but a 'dist-upgrade' will
<gorelative> ah ok thanks rattking do sudo apt-get upgrade linux-virtual looks to have resolved it :P
<rattking> Ubuntu puts the kernel version in the package name, so apt considers them new packages.
<jaguardown> Anyone? :-)
<tomreyn> jaguardown: automatically providing the passphrase would defeat the purpose
<jaguardown> I figured as much. Why would anyone even set up encrypted LVM on a server, then?
<jaguardown> Unless there is a way to provide the passphrase via SSH
<blackflow> jaguardown: there is, dropbox in initramfs and a custom init script hook. it's a manual set up tho'
<jaguardown> ok
<blackflow> uhm... dropbear... sorry, my mind was elsewhere :)
<blackflow> dropbear SSH
<jaguardown> np
<jaguardown> of course I install dropbear via apt and I get an error at the end of configuration that says invalid authorized key file, and that remote unlocking of cryptroot via ssh won't work
<jaguardown> -_- time to do some investigative work I guess
<jaguardown> This is basically a fresh install apart from a static ip, openssh, and ufw
<blackflow> jaguardown: yeah I got that too, but I left that task for some time later. There are a few guides online with various reported success rates, like http://unix.stackexchange.com/questions/5017/ssh-to-decrypt-encrypted-lvm-during-headless-server-boot
<blackflow> and further links on that page
<jaguardown> Thank you!
<blackflow> jaguardown: in theory it's straightforward, and the only "dubious" part is setting up dropbear to work with the same keys, and having the same signature so you can locally keep the same known_hosts sig and private key.
<jaguardown> ah
<blackflow> yeah otherwise you install cryptsetup, it'll get included in initramfs by default (/etc/initramfs-tools/initramfs.conf  MODULES=most  I believe does it, which is default)
<blackflow> and you need a hook that will hold mounting root until you ssh in and manually set it in motion by calling cryptsetup to unlock root and proceed with normal mounting and switching root.
<blackflow> the only other gotcha I saw in that procedure is killing dropbear before root mounts so there's no lingering process occupying the ssh port, so OpenSSH can normally start and continue providing sshd service
<blackflow> and frankly I'm wondering why is dropbear even used, why can't it just be openssh. It has exactly the same requirements: all binaries and libraries involved have to be present in initramfs or built statically, just like dropbear.
<jaguardown> Okay sounds pretty straight forward. I'm gonna start by reading the document they talked about /usr/share/cryptsetup/README.remote.gz
<jaguardown> er /usr/share/doc/cryptsetup/README.remote.gz*
<blackflow> jaguardown: the initramfs is basically just a simple tarball containing a file called "init" that gets executed. In its most basic form, that script only has to call "exec switch_root /path/to/root-filesystem /sbin/init" (or systemd instead of that sbin/init). That's all there is conceptually. Everything else in the init script is procedure needed to find and mount root, before the switch.
<blackflow> Ubuntu's initramfs scripts are big because they contain lots of tests and sub-scripts to automate all this for various scenarios, so it all works automatically regardless of filesystems used, LVM, Raid, etc...
<blackflow> and of course all the binaries used (like cryptsetup) have to be present in the initramfs, so initramfs is a tarball of a "mini root filesystem" containing the tools to find and mount the real root.
<GALL0> on 16.04.1 server, installed ZFS, created a pool which Plex could see/read for the past week. after reboot, Plex can no longer see contents.
<GALL0> was set to `/mnt/data` but now seems to be attached to `/data` although Plex can see both folders they appear to be empty. however if I connect to `/mnt` from my Mac I can see all the contents in findr
<blackflow> GALL0: "zfs list -o name,mountpoint" will show you where the datasets will automatically mount on import
<teward> rbasak: if you're around, any idea how to force a package to *not* build with PIE?
<blackflow> GALL0: also consider those are modulated with pool's altroot attribute, so eg. if the altroot is /mnt and a dataset is to mount in /data, it'll mount in /mnt/data
<teward> or anyone on the server team
<blackflow> teward: -nopie ?
<GALL0> https://hastebin.com/duhobeqoni.hs
<teward> blackflow: seems to be being ignored in the build flags :/
<blackflow> teward: sorry, -no-pie
<teward> didn't work either, I'll have to poke further once I'm not angry at sbuild >.>
<GALL0> don't recall making `data/data` nor `six/backup`
<blackflow> GALL0: so you have double mountpoints, not good
<blackflow> set mountpoint=none   on six and data, I'm guessing that's what you want, so only data/data is mounted and six/six
<blackflow> GALL0: it's not bad to have a dataset under the pool and not use the pool directly, so you can leave it that and just disable mounts for the pool roots
<GALL0> blackflow  how can I delete `data/data` and `six/backup`? if I lose all data its a non issue, backed up elsewhere.
<blackflow> GALL0: "zfs destroy data/data"   but CAREFUL, it'll destroy, won't ask "Are you sure"
<blackflow> might need -r if you have snapshots in them
<GALL0> havent done any snapshots yet, just created these pools a few days ago
<blackflow> teward: possibly enviornment flags are added first, so package intrinsic flags override them?
<GALL0> (1:523)$ sudo zfs destroy -r data/data
<GALL0> umount: /mnt/data: target is busy
<GALL0>         (In some cases useful info about processes that
<GALL0>          use the device is found by lsof(8) or fuser(1).)
<GALL0> sorry, thought it'd be one line
<blackflow> are you currently in that path? or have something else from it mounted? a process has open files in it?
<GALL0> ah, rclone, forgot I'm copying from Amazon Cloud Drive
#ubuntu-server 2016-12-30
<Phanes> hello
<Phanes> where is the ubuntu maintainer and developer channel
<teward> Phanes: the general development channel is #ubuntu-devel, but if you're trying to reach the maintainer of a specific package, filing a bug is more useful
<teward> anything under the Server Team's purview, we can poke here
<Phanes> teward, im building a new distro so was looking for a doc that outlined the considerations made when deciding the components of the system and how they'd be implemented
<Phanes> or a channel to spray questions into
<teward> Phanes: not sure what kind of support you'll get from Ubuntu with that, just saying.
<Phanes> what
<Phanes> why
<teward> there's really no specific channel I can direct you to for that...
<teward> because there's more than just the "maintainer" and "Developer" aspect
<Phanes> if it is worth a damn, they'll have documented it
<Phanes> surely
<tomreyn> i would bet that not all stretegic documents are open for the general public.
<tomreyn> *strAtegic
<tomreyn> there are those blueprints on launchpad, however, but that's mostly drafts.
<Phanes> surely they're not just hoping good will somehow makes engineering happen
<Phanes> please tell me canonical is smarter than that
<DK2> what is "killall -0" doing?
<Genk1> hello folks
<Genk1> I have a basic question. I want to synchronize two web repertories /var/www on server 1 and /var/www on server 2
<Genk1> I have choosed to use unison for two-direction synchro feature
<Genk1> my problem is how to figure out the best strategy to deal with permissions in such situations ?
<Genk1> do I have to set www-data as an ssh account in both servers ?
<Genk1> Do I need to setup a new account who has r/w access to /var/www ? and use it for the synchronization ?
<Genk1> what kind of stuff do people choose in such situations ?
<Genk1> some documentation suggest to use sudo ?
<Genk1> is this a healthy way to deal with such problems ?
<ziyourenxiang> better to use a new account and keep www-data read only (assuming your web server is running as www-data)
<maxb> unison sounds like a bad idea because it inherently requires human interaction to resolve in which direction changes need to be propagated
<Genk1> ziyourenxiang, OK thanks for your advice
<Genk1> maxb, you're some how right but can you suggest a better option ?
<Genk1> maxb, I was thinking about distrubuted FS like Gluster and CEPH but it seems to me that it's a little bit complex to manage
<ziyourenxiang> other possibilities: if all your content are public then just mirror one of your web server from the other web server using wget or similar
<ziyourenxiang> or use rsync driven by one side
<ziyourenxiang> or follow any number of tutorials you can find to use git to 'publish'
<tomreyn> NFS would have been an option, but he left
<MASM> someone here, i have a problem with mdadm resync, the speed y so slow, '  finish=95954.6min speed=168K/sec '
<Poster> In my experience, slow resync with mdadm is generally caused by moderate/high IO to the device in question
<MASM> when i start sync all system, the speed decreased, but i cancel the resync of mdadm and speed of hard disk get normal right now
<MASM> i change the dev.raid.speed_limit_min
<MASM> and it didn't change anything
<Poster> There is a finite amount of bandwidth available to each device that makes up your mdN ; if you are writing to either the md or any other partitions on the physical disk, all contribute to the total amount of bandwidth to the device
<MASM> Poster: you mean that will be the connector of the raid that is damaged?
<MASM> when i start the sync all speed decrease in both disk, but when i stop, i check speed in both but it is ok
<lordievader> MASM: What Poster means is that the available bandwidth of the drives is shared over the sync action and any other action it performs. Hence the speed dwindles if a sync action is going on.
<Vamp898> Hi there. I used this guide to setup SSSD on Ubuntu 14.04 https://help.ubuntu.com/lts/serverguide/sssd-ad.html and everything works perfect. But when i use the exact same guide for Ubuntu 16.04, i can join the AD, i can use getent to get user ids and groups and so on, everything works almost fine. Everythig except logging in (no matter if i use su,
<Vamp898>  ssh or an DM) does work. Login as an user does not work (i type the password an then get "System error". When i switch user with root it works, but i also get there "su: system error"
<Vamp898> I tried this on a completely new/fresh Ubuntu 16.04 installation
<MASM> lordievader: the only solution is?, restart in security mode, and do it?
<lordievader> MASM: What? There is no solution, this is a hardware limitation. Each drive has a maximum bandwidth...
<MASM> lorddievader: but "speed=168K/sec" is so slow, i saw in internet that the speed is more than this :S
<lordievader> MASM: Oh, it could very well be that mdadm limits the sync speed in order to keep the raid usable.
<Poster> I don't think it's that low by default
<Poster> if you really want it to speed up, consider booting into single user mode to allow the resync to be (more or less) the only thing accessing the disks
<MASM> the problem is hosting :S and don't see directly
<MASM> i have a server dedicate
<MASM> it is possible?
<Poster> I don't understand the question or solution you are proposing
<MASM> sorry, English isn't my native lenguaje, to consider booting into single user mode, is posible if i have a server dedicate, if the server isn't here with me?
<MASM> the ssh will work?
<Poster> single user mode has no network connectivity, you would need console access
<Poster> well, you could start it I think
<Poster> but generally console access is what you would need
<Poster> either via KVM switch or if your system is virtualized, via whatever virtualization manager
<MASM> Poster: i understand.
<jge> anyone used chrony before? I'm trying to figure out how I would query another client for stats
<jge> looking for an equivelant of ntpq -p
<soop> anyone familiar with the official ubuntu mail-filter howto (spamassassin/amavis/postfix)?
<tomreyn> where is that?
<soop> https://help.ubuntu.com/lts/serverguide/mail-filtering.html
<soop> there
<tomreyn> i guess my question already indicated that i am not familiar with it.
<jge> nvm, looks like chronyc -h someip tracking does what I want
<ws2k3> my ubuntu machine has a gigabit nic and is connected to a gigabit switch but it still shows 100Mb/s what can this be?
<mybalzitch> failed autonegotiation, bad cable would be my guesses
<soop> are you sure your port is gigabit?
<ws2k3> soop yes
<ws2k3> soop i probarly need to find the source of the issue on the cisco switch
<JanC> can be a driver issue too
<patdk-lap> can be most anything
<patdk-lap> every wire must work, and configs set to autodetect
<patdk-lap> or you dont' get gigabit
<JanC> I've seen a NIC fall back to 100 or 10 Mbit/s depending on the kernel (& thus driver) version used
<JanC> or Gbit/s
<compdoc> it does need all 8 wires in the connectors. if you made any of the cables, then you are likely the cause
<ws2k3> compdoc they are not self made connectors just patch cable from factory so unlikeley the issue is in the cable
<patdk-lap> unlikely? I receive lots of bad patch cables
<patdk-lap> like 100 bad black patch cables, I don't use black ones anymore
<patdk-lap> funny only black, the grey, blue, green, red, where all fine
#ubuntu-server 2016-12-31
<ekim> hello all.
<MASM> Hello
<MASM_> Hellos, someone help me with mdadm problem, i want to add a disk to my new mdadm array but it run so slow, and the system freeze... https://hastebin.com/etivovonar.sql
<NwS> Heya guys, Is there any good guide on how to create a self-signed certificate for TLS use?
<andol> NwS: Self-signed as in directly self-signed, or as in self-signed using your own CA?
<NwS> andol, I have no idea tbh.. -.-" I just want to make the mails use TLS instead of nothing atm..
<andol> NwS: Might as well grab a "real" certificate from Let's Encrypt then?
<NwS> andol, As far as I remember that only lasts for a few months or something?
<andol> NwS: Yepp, hence the automated renewal
<NwS> Ok will check it out. Thanks!
<ikonia> NwS: most mail servers will reject self signed certs
<ikonia> keep that in mind
<NwS> Thank you for the info ikonia!
<tomreyn> MASM_: the reason why your RAID array (in a mirroring configuration) goes slower when you add a new member is that data is synched initially. See line 18 for the initiated synjch process. Once this is complete, operation should be as fast as before or faster.
<tomreyn> oh okay, i missed the very low synch speed of 541K/sec
<MASM_> tomreyn: and what i need to do?, it is so slow, 200 k/s
<MASM_> tomreyn: right now it was 94k/s
<tomreyn> yes this suggests something is not right - unless you have ongoing massive reads / writes?
<MASM_> tomreyn: the server is in runtime, but when i stop mysql, apache, it was the same...
<tomreyn> bad partition alignment could cause reduced performance, but usually not that much.
<MASM_> tomreyn: You recomend me that run server in recovery mode and do it?,
<tomreyn> MASM_: if you removed the production workload off the disks and the performance remained in the KB/s area then this won't help.
<tomreyn> MASM_: but you can try the laignment check: "sudo parted /dev/sdX align-check optimal N" where X is the block device (such as "sda") and N is the partition number.
<MASM_> tomreyn: 3 partitions said aligned
<MASM_> tomreyn: from actual disk and new disk, i start a check in new disck with smartclt, maybe the new disk is failing
<tomreyn> MASM_: yes, you can run a -t long on those
<tomreyn> MASM_: are sdb and sdc the same disk model?
<tomreyn> which disk models are those anyways?
<MASM_> tomreyn: who i find it?
<tomreyn> sudo hdparm -i /dev/sd{a,b,c}
<MASM_> tomreyn: new disk is ST1000DM003-1SB102 ,   second ST1000DM003-1CH162
<tomreyn> "sudo smartctl --info /dev/sdX" provides more readable output
<MASM_> tomreyn: https://hastebin.com/widimelihi.vbs
<MASM_> tomreyn: https://hastebin.com/vigumokufe.vbs
<MASM_> tomreyn: https://hastebin.com/biquxedike.cs
<tomreyn> so those are seagate barracudas 1TB, different generations apparently
<tomreyn> i'm trying to understand what the difference between 1SB102 and 1CH162 is
<MASM_> tomreyn: i think its the generation of disk...Â¿?Â¿?
<tomreyn> MASM_: yes, probably, it's the same marketing model, just different firmware versions. have you looked at the firmware updates information?
<MASM_> tomreyn: no, I intuited
<MASM_> tomreyn: i was searching that, i only found a pdf with first disk, the new
<tomreyn> MASM_: so read those links which are found in the smartctl -i output you posted
<tomreyn> (or rather the web pages these links point to)
<teward> is there an easy way in Postfix to tell it to deliver mail for a given email address to a specific user on the system?
<teward> maybe in aliases somewhere?
<MASM_> teward: http://serverfault.com/questions/144325/how-to-redirect-all-postfix-emails-to-one-external-email-address
<tomreyn> teward: virtual mail domains or just a single (system) domain?
<teward> tomreyn: ultimately irrelevant, because all domains on this box would point to the same user(s).
<teward> tomreyn: though, if we're being specific, for now a single system domain
<teward> tomreyn: as in, mail to foo@bar.baz and foo@bar.baz.bash would both to to user foobar instead fo 'foo'
<tomreyn> teward: well then just add an alias mapping, rad aliases (5)
<teward> basically, just trying to map a specific address to a specific local user mailbox
<teward> thanks
<tomreyn> i.e. you probably will just end up editing /etc/aliases or /etc/postfix/aliases and add somethign along the lines of:
<teward> I sometimes forget my aliases knowledge :)
<tomreyn> originalrecipient: newrecipient@example.org
<tomreyn> or, in your case:
<tomreyn> originallocaluser: newlocaluser
<tomreyn> my postfix is rusty, though, i hope that's correct OTOH.
<tomreyn> MASM_: in case you're not happy to do the firmware updates you may be able to have the disks replaced instead. also, did the long self tests complete, yet?
<MASM_> tomreyn: i see it will last 108 minutes, it finish in 45 minutes
<MASM_> tomreyn: i have server dedicate, i saw one disk is failing, mdadm raid send me mails about it, i send to hosting, but i think they didn't change it...
<tomreyn> MASM_: you should note down serial numbers when this happens
<tomreyn> also "sudo smartctl -a /dev/sdX" may tell
<tomreyn> and surely dmesg -T
<tomreyn> if a disk is broken this could very well explain the bad performance you see
<MASM_> tomreyn: i was searching about the ids i take noete, yes they change it
<MASM_> tomreyn: i need wait to finish long test in /dev/sda for do a  "sudo smartctl -a /dev/sdX"
<tomreyn> MASM_: you should already be able to run it now, getting the latest information
<MASM_> tomreyn: this is the result https://hastebin.com/uxusopabux.erl
<tomreyn> MASM_: thats the ST1000DM003-1SB102 - your newest HDD, i guess
<tomreyn> it's only been powered on for 65 hours
<tomreyn> what about the other two (? I saw you had sda, sdb, sdc) disks?
<MASM_> sorry i didn't say you, when i start i saw /dev/sdb and /dev/sdc
<MASM_> tomreyn:  and then when i reboot the server the /dev/sdc change to /dev/sda
<MASM_> tomreyn: and yes /dev/sda was /dev/sdc, and it is the new disk, i confirm the device serial number
<qman> that's why you should always use /dev/disk/by-id in scripts and config files
<qman> the other names are fine for humans who know they change
<tomreyn> i see. so what's the output of "sudo smartctl -a /dev/disk/by-id/ata-ST1000DM003-1CH162_S1D9YSS6"
<MASM_> qman: thank for the information, I did not know it, i'm a beginner in this
<tomreyn> that's probably sdb now
<tomreyn> and are there any ata errors in dmesg
<MASM_> tomreyn: https://hastebin.com/iluvizafob.erl
<tomreyn> okay, so both disks look alright for now, except the possible need for a firmware upgrade, except the unfinished long offline test.
<tomreyn> there were, however, ATA ABRT errors on ST1000DM003-1SB102_Z9A4SRJX when it had 58 hours of uptime (currently 7 hours uptime ago).
<tomreyn> this could point to bad wires, connectors, disk issues, controller issues.
<tomreyn> also power supply and thermal issues, but less likely.
<MASM_> tomreyn: maybe because i reboot server, with panel from hosting, because it was freezing, like when they are resync :S <-- Could this have been?
<tomreyn> MASM_: no, rebooting the server should not normally result in aborted ATA commands,
<MASM_> tomreyn: okey, i'm waiting for test it have 50% of it. , changin conversation, i remember that before some one help me and i think that person was you, 3 or 4 months ago, xD
<tomreyn> i wouldnt remember
<MASM_> tomreyn: don't remember this :http://askubuntu.com/questions/809823/error-raid1-not-unsynchronized-a-degradedarray-event-had-been-detected-on-md-d
<tomreyn> i'm afraid i don't
<tomreyn> but my memory is not very good.
<MASM_> tomreyn: don't worry, your memory is selective
<tomreyn> ok ;)
<MASM> tomreyn:  https://hastebin.com/orocenocab.sql this is the new information about smartctl check with long test
<tomreyn> MASM: one of them hadn't finished, yet: "# 1  Extended offline    Self-test routine in progress 10%        70         -"
<tomreyn> 10% lef to be checked
<tomreyn> the other jdd looks fine, though
<tomreyn> *hdd
<rhigby> hello.
<rhigby> I found this irc channel from the conjure-up.io page
<rhigby> Is this a room that provides guidance with openstack deployment?
<rhigby> I have been trying to get a POC off the ground.  I have a beefy 56core/256ram physical box with vmware running.
<rhigby> I have been deploying 16.04 over and over trying to use the conjure-up method but I keep running into issue.  The first was the accounts.yam file missing.
<rhigby> I was able to get past that and now I had around 5 of my vm instances running, then it bombed out due to a "handoff error"
<rhigby> So is that a no on the assistance?
<MASM> tomreyn: https://hastebin.com/ipazeteguv.sql it finish, it isn't with errors
<MASM> tomreyn it will be the firmware ? :S i never change firmware of hard disk
<tomreyn> MASM: might be, might not be. could also be the controller, or bios, or something else entirely. you shouldn't do it yourself if this is a rented server
<tomreyn> at least not before checking with support
<MASM> tomreyn: yes it is a rented server
<MASM> tomreyn: the slow resync will be because i didn't  use   "     fdisk /dev/sda   "  to format disk?
<tomreyn> MASM: the sfdisk export and reimport method should be fine for duplicating the partition table
<tomreyn> MASM: check the output of "blkid" for duplicate id's, just in case
<tomreyn> this shouldn't have created any, though, since partition tables and partitioned block devices don't have uuids assigned, just the partitions themselves.
<adrian_1908> what is the purpose of the "ubuntu" user? I've started using my first VPS and was surprised to find a user under this name.
<tomreyn> adrian_1908: this will be specific to the images your host provides
<tomreyn> it is not a default user account
<adrian_1908> tomreyn: ah ok, thanks. I'm using OVH.
<tomreyn> you could try asking in the unofficial #ovh channel then
<adrian_1908> I didn't even know that channel existed. Happy new year!
<MASM> tomreyn: https://hastebin.com/apuxejucot.sql i find some uuid duplicate, but it was similar than another server that my friend have
<MASM> *has
<tomreyn> right, raid members in a mirror setup actually need to have the same uuid
<tomreyn> *active
#ubuntu-server 2017-01-01
<JanC> adrian_1908: you might also want to consider that there currently is a dispute between Canonical & OVH over the fact that OVH provides defective Ubuntu images (according to Canonical)
<JanC> or there was a dispute some time ago, I'm not sure if they fixed that by now  :)
<adrian_1908> JanC: I heard something about that. I need things really cheap right now, so I'll live with that possibility for the time being. Thanks for the pointer.
<JanC> you can always create other users
<JanC> and should be able to remove the ubuntu user
<JanC> (after creating your own user)
<adrian_1908> yes, i someone in another chatroom said so too, and I'm trying that right now to see how it goes. I got nothing set up yet, so I can start over if that "ubuntu" user was special somehow :Ã¾
<JanC> right
<JanC> there are other cheap providers BTW
<MASM> tomreyn: the slow speed in resync will be for all services that are running?, apache, mysql, supervisor, postgret, nodejs??
<MASM> tomreyn: the slow speed in resync will be for disk new, that isn't same device model, before was two disk ST1000DM003-1CH162, but with this new model are ST1000DM003-1CH162 and new disk ST1000DM003-1SB102)
<MASM> tomreyn: I sent a mail to my hosting support and I put all this information about my problem i hope they help me, ;S if not, i will have to do a backup Scheduled, every x time...
<tomreyn> MASM: good luck. no need to ping me about everything you do, though. ;)
<tomreyn> JanC: defective how? i only know ovh's perspective on that issue so far.
<tomreyn> (but would like to read up on it if there' anything public on it)
<tomreyn> okay i found this https://insights.ubuntu.com/2016/12/01/taking-a-stand-against-unstable-risky-unofficial-ubuntu-images/
<tomreyn> it's sadly not specific in what the issues are (but i don't mean to insinuate it could not be correct).
<MASM> happy new year for all
<MASM> happy new year for all
<MASM> happy new year for all
<MASM> thanks for your help tomreyn
<MASM> and happy new year
<spammy> happy new year :P
<SamuelMarks> hi
<SamuelMarks> I've developed a new DSL for orchestrating deployments of distributed-systems. It's terrible. What makes a good one? - http://softwareengineering.stackexchange.com/q/339223
#ubuntu-server 2017-12-25
<fstoltz> Hey, is there anyone who is familiar with using the following setup (linux, apache, WSGI, python, flask, virtualenv). I don't have a specific question, I'm just having troubles understanding how the pieces fit together.
<ikonia> fstoltz: you may get some better output from software development channels on the interactions
<fstoltz> ikonia: Ok thanks
#ubuntu-server 2017-12-26
<lucas_ai> I want to run a simple command to start a proxy server, when my ubuntu server instance starts up or reboots. How can I do this VERY EASILY?
<Tzunamii> lucas_ai: https://www.cyberciti.biz/faq/linux-execute-cron-job-after-system-reboot/
#ubuntu-server 2017-12-27
<orizzle> hello everyone - i think i've read just about every tutorial online to get bind to work with nsupdate but no luck. my end goal is to make my own dynamic dns server on a subdomain. i am getting mixed results from update failed: SERVFAIL to update failed: REFUSED. can anyone assist?
<tobasco> jamespage: coreycb is gnocchi-indexer-sqlalchemy not packaged for ubuntu anymore? package does not exist in queens cloud archieve repo
<tobasco> https://answers.launchpad.net/ubuntu/+source/gnocchi/+question/662285
<Epx998> anyone know if cron handles postfix sendmail different than if you run it manually?  i am seeing some funny business in reports i send out through cron, that do not duplicate when sending manually
<nchambers> perhaps PATH and/or other environment variables are different for you than it is for cron
<Epx998> not sure, when I send the email - i cat in 4 text files, that makes up the entire report, the text files look fine, but the email when sent from the script consistantly leaves out specific portions of variable generated data
<Epx998> though the text files have it just fine
<Epx998> so weird
<Epx998> oh I think I see why
<Epx998> in cron, my awk command within the script is failing
<Epx998> its how im calcuating percentages too hmm
<qman__> cron has a different PATH which often causes commands to not work without specifying full paths, so make sure you're either setting PATH or using full names
<qman__> that's by far the most common issue when running stuff with cron
<Ussat> I HATE that about cron also
<Ussat> I just write a scriopt for cron to call, define the path there
<Ussat> then the command I want it to run
<qman__> yep, that's what I normally do
<Ussat> have all my scripts in /usr/local/scripts
#ubuntu-server 2017-12-28
<m15k> Is it possible to launch the installer from cli (e.g from a rescue os)
<nchambers> m15k: its been a while, but I believe its something like ubuntu-installer
<m15k> I'm in rescue mode and I want to trigger an installation
<nayKang_> hi.I meet a problem.there is a special user on my server A.when a "config" file under ~/.ssh/ dir.it will slow down the ssh speed.
<nayKang_> only one user has problem.other user if fine
<nayKang_> other user is fine
<nayKang_> OK,I found the problem. is nslcd caused
<Neo2> Hi
<Neo2> how often should restart apache2?
<Neo2> ones per hour or per day?
<andol> Neo2: Ideally only when something like a software upgrade requires it.
<Neo2> andol: or when mysql is hanging?
<Neo2> who know how to create mail server?
<Neo2> I want set up my own mail server and send massages
<Neo2> I see some sites has this name of mails name@site_name
<Neo2> is I set new server can I send spam?
<Neo2> I saw one server in one guy, hi give me his email address, recently was need email and I can't get it without fill out mobile phone....
<Neo2> domain cost 3$ for a year, server 5$, for 8$ you can make mail server and start to send spam? Is it possible send spam if I have my mail server? I'm newbie and know nothing :(
<andol> Yes, *sending* spam is easy. Getting past spam filter and block lists, not so much.
<andol> Also, don't send spam.
<Neo2> andol: I don't know how to do it :(
<Neo2> andol: need to install mail server?
<Neo2> andol: I have VPS on digital ocean and can't join on one site in Ukraine, they blocked me, TOR now doesn't help:(
<andol> First of all, don't send spam.
<Neo2> I've read about VPN and partially understand what is it
<Neo2> andol: ok, I've accepted your suggest....
<andol> ...and for legitimate mail you are still likely better of going through a "real" mail provider. Both in regards to deliverability and in regards to putting something insecure on the net.
<Neo2> andol: see I have my site, and I can create my own mail? What I need for this?
<Neo2> andol: this is my site http://american-chat.ru , I'm going to do chat in future soon when learned node.js
<Neo2> How I can create mail admin@american-chat.ru ???
<Neo2> andol: see this https://roundcube.net/ ???
<Neo2> andol: I see this panel, one guy use it, he has created for me email on his server
<andol> Neo2: Not sure if there are any short/easy answers to your questions, and sadly I don't have the time to provide any long answers right now.
<Neo2> andol: I understand, it broad theme, and should read in google articles and watch video lessons
<Neo2> andol: I'll collect information about it for a while
<m15k> When I deboostrap ubuntu is there a default root password?
<Olanzapin> how do you merge disks?
<ikonia> merge disks ?
<Olanzapin> put them togheter as one
<andol> Olanzapin: Existing disks with existing data, or will they be blank slates for the new combined disk?
<Olanzapin> blank
<andol> Olanzapin: Either RAID (if you want redundancy) or LVM (if you mostly want to combine the space).
<Olanzapin> raid does not exist
<andol> Software RAID, as in mdadm.
<Olanzapin> it's an older computer
<Olanzapin> ahh ok
<Olanzapin> but it's supposed to work whitout using raid like in M$
<ikonia> it's called MS or microsoft
<ikonia> not M$
<mike-zal> ikonia: what's the difference ;)?
<Ussat> one is accurate, one makes you look like a juveline idiot
<Ussat> juvenile
<ChmEarl> there is no `/usr/bin/python` in Artful? I need to shebang by version? /usr/bin/python2.7 ?
<nchambers> you should be putting in your version anyways
<nchambers> for best compatibility, #!/usr/bin/env python$VERSION
<andol> ChmEarl: If you install the package python-minimal you do get a /usr/bin/python symlink.
<ChmEarl> andol, nchambers thanks
<andol> ...which you of course could have created by yourselves as well. But everything else equals it's preferable to let apt manage /usr
<andol> There is of course also the even better option of sticking to python3 :-)
<ChmEarl> andol, I don't know how my python-minimal went missing. I'm sure I had it installed
#ubuntu-server 2017-12-29
<blackflow> Thoughts, suggestions?  https://github.com/acheronmedia/ubuntu-bootstrap
<ikonia> thoughts, don't use it
<blackflow> ikonia: don't use it, or you're not using it so you can't give any thought?
<ikonia> blackflow: my thoughts are to not use this
<blackflow> why not?
<ikonia> looks a bad idea,
<blackflow> ikonia: why?
<blackflow> or are you just giving random, unsubstantiated opinions with zero experience on the subject?
<ikonia> you ask for an opinion, I give you my opinion, and you call it random and unsubstantied
<blackflow> because you gave no opinion. if you think it's bad, please elaborate why.
<ikonia> I did give an opinion, I said my opinion is not to use it, it looks a bad idea
<ikonia> you could have just asked for more information if you wanted
<ikonia> I can't be bothered any more
<blackflow> good idea.
<ikonia> (sorry that wasn't meant to sound as door slamming as it came across)
<blackflow> I'm okay with criticism if it's "it's bad because x, y, z". saying "it's just a bad idea", with no explanation as to why you think that is just... empty words.
<ikonia> thats fine, and you just had to ask for it to be expanded on
<blackflow> Yes, because when people ask for opinions they don't want to hear proper opinons, just empty "it's good" or "it's bad", and jump right on it as a legit answer.
<blackflow> especially when someone says "don't use it", you ask "why" and they don't give an explanation, just another empty "bad idea". Perhaps I should've written a printed letter, kindly asking for your highness' thoughts on the matter, if, perhaps, you'd kindly elaborate on your very thoughtful and descriptive suggestion of "it's bad idea".
<ikonia> blackflow: you'd be surprised how many people want a yes/no answer "is this a good idea"
<ikonia> blackflow: however, I'm aware of your contirbution in the BSD world in the past, so I fully appreciate you'd value a proper discussion on it
<blackflow> not neccessarily a discussion. but at least more than "hurr, bad."
#ubuntu-server 2017-12-31
<apb1963> 16.04 Is it possible to setup a dhcpd server with 1 ethernet card, or must I have 2?
<apb1963> I'm running into this error: No subnet declaration for enp5s0 (external IP redacted) and I can't help but wonder if it's because I don't have two ethernet cards.
<apb1963> Or if perhaps this error " Not configured to listen on any interfaces!" is more relevant even though it comes after the above.  The odd thing is, I do in fact setup the Listen device in /etc/default/isc-dhcp-server
<apb1963> Yeah... I'm starting to think it's because I only have the one card... so the external address is not on the same network, so it has no device to use on the local net.
<apb1963> Which is of course the network I need to allocate IPs on.
<apb1963> Maybe I can get the one card to respond to both internal and external addresses?
<apb1963> I'm sure there's a way to do that.  OK, thanks!
<_KaszpiR_> apb1963 sure you can have dhcp with 1 card
<_KaszpiR_> and it looks liek you're missing config section for the subnet
<_KaszpiR_> you may also vlans to separate public and private network
<_KaszpiR_> *also use vlans
<_KaszpiR_> but it may require additional network configuration on the switch level and so on
<apb1963> _KaszpiR_, That's just it... I'm not missing a config section for the 192.168.1 network.  But the card is an external IP.  My router died and I figured I'd just setup the software to replace it.
<apb1963> i'm not all that familiar with vlans and I suspect it's overkill for my  home network.
<apb1963> So, it wants a config section for the IP associated with the card - an external address.  From the network's point of view, that same machine is NOT on the 192.168.1 network.
<apb1963> Which I suspect is why it's giving me the errors.
<apb1963> Because there is no interface associated with that subnet.
<apb1963> And so, I'm guessing I need to use a virtual IP for the internal address.
<apb1963> But then it occurred to me that I have a wireless card installed.  And that's where I'm at now... looking at how to set the wireless card for the internal subnet.
<apb1963> Oh... I was looking at how to setup virtual IPs... it requires disabling network manager, or modifying one of its file after first messing with the GUI - I need a pure cli solution.
<apb1963> Which is why I'm leaning towards two cards.
<_KaszpiR_> apb1963 better get second card
<_KaszpiR_> especially if you do not have a router
<_KaszpiR_> nor manageable switch
<apb1963> no router, no switch... well there's a router from my ISP but it's a black box.
<apb1963> _KaszpiR_, by second card, you mean a second ethernet card or is the wireless card sufficient?
<_KaszpiR_> I'd sujggest second ethernet card
<_KaszpiR_> unless all the other devices are wireless only
<apb1963> Yes, except one is both wired & wireless...  Once I bring it up, it will be swapping roles with this machine.
<apb1963> I'm unclear as to why it's an issue.  They protocol should really be relevant as long as they can talk to each other.  By protocol I mean tcp/ip.
<apb1963> sorry, that last sentence was confused.
<apb1963> I'm unclear as to why it's an issue.  As long as they both speak the same protocol (tcp/ip) then whether wired or wireless I wouldn't expect to make a difference.  Or am I wrong?
#ubuntu-server 2018-12-24
<tomreyn> the "green bar" requires EV (class 2), which LE doesn't provide
<tomreyn> also, chrome plans to remove all indications of "secure" anyways, since their take is that (properly done) HTTPS must be the default, anything else is insecure.
<tomreyn> and in te past mozilla has usually followed up on their lead with some delay. often IE, too, but that's no longer relevant since they'll use chromium anyways.
<tomreyn> https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html
<tomreyn> Checkmate, mybalzitch: ^
<bindi> is it possible to create encrypted raid1 for system disk with the installer?
<tomreyn> bindi: yes, but you need to use the alternative server installer or mini.iso.
<bindi> yeah i got that far
<bindi> now i'm not sure how I should continue, testing out in a VM atm
<tomreyn> bindi: dpends a bit on whether you're UEFI or BIOS booting. also the order of crypt layer and raid (and maybe lvm) is something to consider
<bindi> bios
<bindi> well my test failed :P
<tomreyn> in the end it all boils down to how many crypto containers you want to end up with (and how many passwords / keys you'll want to have to provide)
<bindi> https://i.imgur.com/GNOZ0pK.png
<tomreyn> for a desktop like computer you probably want just one, maximum 2 crypto containers.
<bindi> ideally 1 key for all of it
<tomreyn> then you want raid, then crypto on top, then lvm on top.
<tomreyn> you may want to have another, smaller raid, just for boot
<bindi> x_x
<tomreyn> how large are you storages?
<bindi> 2x 120GB
<tomreyn> on the final system, too?
<bindi> hmm? 2x 20GB i'm testing with in the VM, the final system has two 120GB SSDs I want the system to be installed on
<tomreyn> i assume lack of separate /boot is what caused your failure here, but i can only guess since i dont know how you partitioned
<bindi> yeah probably
<tomreyn> in case you have more than just those two disks on this computer (i.e. separate storages for data), now is the time to think about whether you want 1 crypto container for everything, or one for the Os, and maybe another later for data (or unencrypted there)
<bindi> I have 8x 2TB but I'm gonna use zfs for those
<bindi> and I don't feel like zfs on root :P
<tomreyn> okay, then its just the OS now.
<tomreyn> take a screen shot of how you partitioned on the next go.
<bindi> you want me to try and fail again? :D
<TJ-> bindi: you've got access to the shell haven't you?
<bindi> sure
<tomreyn> in the end it's my more and more my impression that you are actually faster if you boot from a live system, do the parititoning with gparted, create and mount all block storage layers (raid and crypto and lvm), then debootstrap, chroot into it, install the kernel.
<TJ-> bindi: so you can fix-up manually. What layout are you using?
<bindi> i don't understand the question, i don't know how I should mix lvm+mdadm+whatever to make this work :P
<bindi> previously I just used the guided FDE with LVM, but now I'd raid1 as well so it can survive a disk failure
<TJ-> Why not use LVM's own RAID support rather than adding it on top of MD RAID?
<bindi> I read that that's just mdadm in disguise, but sure
<bindi> anything that works and anything that *I* can get to work :D
<bindi> if you could point me to a guide or perhaps do some handholding and guide me through this :P
<TJ-> You want LUKS to protect the OS root file-system?
<bindi> yes
<TJ-> Do you also want LUKS to protect GRUB's /boot/ file-system (prevents someone tampering with the kernel and initrd.img)
<bindi> nah
<TJ-> So that leave it vulnerable to a man-in-the-middle attack, you realise?
<bindi> if its not too complex, could use it
<bindi> i'm just mostly interested protecting my data against physical attacks
<TJ-> right, but if you're needing encryption you need to be clear about the attack scenarios you're protecting against. If someone could get physical access to the system, even when powered off, without /boot/ being encrypted they could trivially install a MITM that could log the LUKS passphrase/key-file
<bindi> sure, encrypted /boot/ it is then, if it doesn't get too complex (in terms of stability and surviving updates :D)
<TJ-> There's a single setting added to /etc/default/grub "GRUB_ENABLE_CRYPTODISK=y"
<TJ-> Because of your mirrors I'm trying to figure out the simplest way to arrange things. Are you going to have some LVs/file-systems that won't be encrypted?
<bindi> no, full disk encryption
<TJ-> e.g. I have an LV for SourceCode (F/OSS projects I clone/pull in) so I don't bother encrypting that
<TJ-> bindi: considering easiest first, it'd be LVM first, encryption second so there is only one set of logical volumes to unlock. If it were encryption first, you'd need to arrange for each disk to be unlocked before gaining access to the LVM
<TJ-> bindi: but that exposes the LVM metadata so is not strictly FDE
<TJ-> bindi: but if you're only after protecting data (in LVs) then it doesn't sound like you need FDE in its fullest sense
<TJ-> I'd describe it as needing F.BD.E (Full Block-Device Encryption)
<bindi> how does the metadata look like?
<bindi> i probably don't care if anyone sees that :P
<TJ-> it's the stuff needed by GRUB/OS to discover the LVM PVs VGs and LVs
<bindi> well as long as it doesnt expose directory structures, i guess its ok
<bindi> other than maybe /home and / and so on
<bindi> if you're not 100% sure about how to do this I have a VM I can test everything in before
<TJ-> so, thinking about OS only (not data)  you could do minimal partitioning ( 3 partitions = BIOS Boot, /boot/ file-system, and LVM PV)
<TJ-> bindi: I've been doing this stuff for 10 years :) It's just a case of thinking of the simplest way to do it including the RAID-1
<bindi> btw I don't even necessarily need LVM. I just want raid-1 and FDE :p I never used the features that LVM gives you
<bindi> if it makes things simpler :D
<bindi> not 100% sure if its possible without LVM
<TJ-> I've got a diagram for an arragement like this I wrote 10 years ago, for RAID-5, but it's on a domain I no longer operate; Trying to see if I can jury-rig it so you can see it
<TJ-> Too much trouble to get that accessible.
<bindi> :p
<TJ-> There are pros and cons to using mdadm or pure LVM for the mirror facility. In terms of ease of management if something goes wrong I /think/ mdadm is probably the way to go
<bindi> so what's next
<TJ-> I think what you need is something like disks > GPT > partitions (3 of:  1=BIOS Boot, 2=/boot/ for GRUB, 3=LVM) > 3 x RAID-1 (md0=sda1+sdb1, md1=sda2+sdb2, md2=sda3+sdb3), then LUKS encrypt: md1=LUKS_BOOT, md2=LUKS_LVM, then create the LVM with 'pvcreate /dev/mapper/LUKS_LVM' and 'vgcreate VG_OS /dev/mapper/LUKS_LVM' then e.g. 'lvcreate -L 12G -n rootfs VG_OS'
<bindi> GPT? isn't that related to EFI
<TJ-> once those are configured and ready the installer partitioner can be used to select the /dev/mapper/LUKS_BOOT for /boot/ FS and /dev/mapper/VG_OS-rootfs for /  and at the boot-loader stage dpkg configure step should pop up a dialog asking which devices to install GRUB to, and you choose the two native disk partitions (/dev/sda1, /dev/sdb1)
<TJ-> GPT makes sense since for your larger disks you'll likely need it anyhow
<TJ-> so may as well use it across all disks
<bindi> 120GB? :P
<TJ-> So?
<TJ-> I thought you had a bunch of other disks?
<bindi> they're handled by ZFS
<TJ-> OK, well still, no reason not to use GPT
<bindi> but can my BIOS system use that to boot?
<TJ-> I've not met any that don't in the last decade but you can obviously easily test that with a quick GPT partitioning and grub-install to a USB storage device, for example - doesn't need any OS, just prove BIOS loads GRUB
<TJ-> benefit of GPT is the secondary back-up table, and you can also create a hybrid MBR if necessary
<bindi> ok well I don't know how to translate everything you said into actual commands :P
<TJ-> I have to go out now, if you're still wondering when I get back I can drop a script into a pastebin to help
<bindi> ok then
<bindi> TJ-: got my VM to install without errors
<TJ-> bindi: oh, great, you don't need me then :)
<bindi> im not just sure if i did it "right". one thing that caused confusion was that "bios boot" partition, as it seems to be a GPT only thing
<bindi> my VM was Gen1 (BIOS) so there's no such option
<bindi> I checked an Gen2 VMs have that
<bindi> but I won't see that in the ubuntu installer then anyway on my bios pc
<bindi> https://imgur.com/a/7c8DmuC
<TJ-> Yes, it is where GRUB writes its core image, instead of in the possibly-spare sectors before partition #1 for msdos/MBR partitioning
<bindi> not sure how I should have named the LV and VG :D
<bindi> i'm gonna see if this survives a disk failure
<TJ-> bindi: any way you prefer :)
<bindi> hm
<TJ-> bindi: I use LVM extensively so typically I have at least 2 VGs, VG_OS and VG_DATA. VG_OS will have LVs for rootfs, /var/ and /usr/local/, VG_DATA will have an LV for /home/ + several others (I have a generalised mount-point at /home/all/ for things like SourceCode, Projects, Hacking all in their own LVs and with their own /home/all/XXXX mountppoint
<bindi> looks like it doesnt survive a reboot
<bindi> err
<bindi> disk failure
<bindi> https://i.imgur.com/AewxMlE.png
<bindi> so my process was flawed :p
<TJ-> you many not have configured mdadm for boot-degraded, assuming you've got LVM inside MD RAID
<bindi> check my first imgur link album, 2nd picture 'lsblk'
<bindi> well I reattached the disk but its not happy
<bindi> :-D
<bindi> not sure what went wrong
<bindi> yeah i think my process is wrong, i dunno how but just removing the disk = no go
<bindi> i added boot_degraded=true if it even is supported anymore
<bindi> in /etc/initramfs-tools/conf.d/mdadm
<bindi> https://ubuntuforums.org/showthread.php?t=2401615
<TJ-> Thinking hard about that, I seem to recall it was supposedly made the default, although reading /usr/share/initramfs-tools/scripts/local-block/mdadm the initial assemble command there uses --no-degraded
<bindi> i just tried to remove --no-degraded from there and update-initramfs, no go
<bindi> sigh :P
<bindi> guess i'm not gonna use raid1 then
<TJ-> bindi: I have servers with mdadm RAID-1 by default and they boot degraded fine, so it's not a general problem.
<bindi> its the encrypted part
<TJ-> Yes, LUKS encrypted
<bindi> well if you can tell me how to get this working it would be neat
<bindi> if not, im gonna start configuring the server with single disk install
<TJ-> bindi: well, I have a script that is building a test/demo but just started getting cryptic I/O errors for a non-existent device :s
#ubuntu-server 2018-12-25
<Checkmate> join /php
<mojtaba> Hello, (It might not be related to this topic. It is more network based problem.) I have a raspberry pi which is connected to the router wirelessly, and I have a vpn client configured on it. My router is very old, and I cannot install a new firmware on it. I just wanted to know that if it could be possible to route all the chromecast traffic through raspberry pi? (Through VPN?) I can connect Chromcast to the raspberry pi, using a LAN cable.
<TJ-> bindi: probably too late but if you're around here's a package of scripts that automate building and testing RAID-1 + LUKS + LVM in a virtual machine  http://iam.tj/projects/ubuntu/raid1-luks-lvm-test.tar.gz
<mojtaba> I have just deployed an Ubuntu machine, it shows '9 packages can be updated. 7 updates are security updates.' but when I run sudo apt-ge t update; sudo apt-get upgrade, nothing happens. Do you know what should I do?
<mojtaba> When I log back in again, it shows me the same messages.
<mojtaba> I have asked the same question in #ubuntu, but no I have received no response back.
<mojtaba> TJ- respond me back in #Ubuntu. Thanks again.
<lotuspsychje> fleabeard: place your details here fleabeard
<fleabeard> hiya lotuspsychje: my issue is my Ethernet controller: Intel Corporation 82566DM-2 Gigabit Network Connection (rev 02)
<fleabeard>  is only running in 100 Mbps mode instead of 1000 Mbps mode. I'm currently using Ubuntu Server 18.04 LTS.
<lotuspsychje> system up to date fleabeard ?
<TJ-> fleabeard: show us "lspci -nnk -d::0200"
<fleabeard> TJ-, https://pastebin.ubuntu.com/p/8KpRSVK67x/
<fleabeard> lotuspsychje, yes, updated this morning (fresh install)
<lotuspsychje> allright tnx fleabeard
<TJ-> fleabeard: and check what the link is advertising with "sudo ethtool <IF>"
<TJ-> Compare the advertised, supported, and actual "Speed:"
<fleabeard> TJ-, https://pastebin.ubuntu.com/p/vZYHN33qyR/
<TJ-> fleabeard: it has auto-negotiated with the switch, so either a poor connection somewhere (Gigabit needs all 8 cores working) or the switch doesn't agree :)
<fleabeard> TJ-, thanks, I'm trying to confirm with the router I'm using (TP-Link Archer C9) that the ports are gigabit.
<TJ-> fleabeard: "4 10/100/1000Mbps LAN Ports,"
<fleabeard> TJ-, thank you! my goodness I was having so much trouble verifying this for some reason! So I'm guessing all 4 ports support gigabit?
<TJ-> yes, and the WAN port, according to  https://www.tp-link.com/us/products/details/cat-5506_Archer-C9.html#specifications
<TJ-> fleabeard: I'm finding a lot of reports from several years ago about this same symptom with that chipset, and its predecessor, affecting Windows, but I'd have thought it was resolved by now
<TJ-> one person says, "unplug and replug after initial negotiation (of 100Mbps) sometimes fixes it"
<cryptodan_mobile> fleabeard: what kind cable and how long?
<fleabeard> TJ-, I'll give that a try then.
<fleabeard> cryptodan_mobile, it's a hand-made cat6 cable about 5' long
<Glorfindel> I've reinstalled libssl1.0.0 and libssl-dev, but I'm still getting errors about "error while loading shared libraries: libssl.so.1.1: cannot open shared object file: no such file or directory"
<Glorfindel> what's the process to fix this?
<cryptodan_mobile> fleabeard: if ya can go buy a premade 10foot one to see if it's your cable
<fleabeard> TJ-, the unplug/re-plug trick didn't do the trick :(
<fleabeard> cryptodan_mobile, I tried a purchased cat5e cable and had the same issue (which is why I created the cat6 cable last night) :)
<cryptodan_mobile> Wow
<Annoyed> Greetingws
<Annoyed> Greetings, rather.
<Annoyed> I've got a 14.04 LTS server that's been up and doing its job for 4 years now.. looking at rebuilding. I've seen that there seem to be a number of changes to networking in 18.04.1... And that some folks are having headaches with it...
<Annoyed> is 18.04.1 stable enough to put in and expect to behave itself ?
<TJ-> Annoyed: the issues are generally around converting ifupdown to netplan/systemd-networkd configs
<TJ-> Annoyed: so really it's mostly more about the learning curve
<TJ-> Annoyed: plus of course, for 14.04>18.04 the init system changes from upstart to systemd
<Annoyed> That's one of my concerns. I've been using this thing as a router; 2 interfaces, configured in /etc/network/interfaces. In my setup, the inside interface doesn't need gateway or DNS info, it's the uplink for the inside network. But looking at setting up the file in /etc/netplan, everything I've read says you have to set a DG & DNS in that file...
<Annoyed> I don't want to set amachine 2nd DG for this
<Annoyed> err... I don't want to set a 2nd default gateway for this machine.
<mybalzitch> netplan is junk, stick with ifupdown
<Annoyed> Can you still use the old way ?
<Annoyed> Or maybe just 16.04.5 instead?
<mybalzitch> yes you can still do it the old way and maintain your /etc/network/interfaces file
<Annoyed> I've set up VM's for both and I really don't like the look of netplan either.. Is there a howto or docs someplace on using 18.04 with the old setup?
<TJ-> Annoyed: netplan interfaces don't need  a default gateway setting
<Annoyed> T3- So I can try to just set it up w/out that info in the yaml file?
<Annoyed> The more I read on this, the more I think I'm better off installing 16.04.5 and wait for the dust to settle on this new crap.. I don't want to spend a lot of time figuring out netplan if it's a problem child.
<TJ-> Annoyed: recall that netplan is designed to *generate a run-time config* - if the config is static then netplan isn't needed, you can directly create a systemd-networkd config
<TJ-> Annoyed: the point of netplan was to support 'cloud' containerised devices via cloud-init but it seems to have leaked back to bare-metal/long-running 'traditional' servers
<Annoyed> Outside interface is DHCP, but inside is static.
<cryptodan_mobile> Netplan should only be on the cloud instance then
<Annoyed> So how do I configure the inside interface?
<TJ-> Annoyed: if you want to see a systemd-networkd config for a server with 2 logical interfaces (1 x VLAN, 1 x LACP bond) see http://iam.tj/projects/ubuntu/systemd-networkd-bonding.txt
<TJ-> Annoyed: for your needs you'd only need 2 basic .network descriptions, 1 for static, and 1 for DHCP
<Annoyed> I gather I can leave whatever the installer sets up for the outside interface, cause it seems to work, at least on the VM, but how do I set up the inside static?
<Annoyed> \ /etc/systemd/network seems to be empty on my VM of 18.04
<TJ-> Annoyed: look at my "/etc/systemd/network/LAN_Aggregate.network" you'd just alter the "Name=bond0" to be the name of the LAN NIC
<TJ-> Annoyed: yes, it will be, that is where the sysadmin puts the static config
<TJ-> Annoyed: if a runtime config is being generated (by netplan) it'll be in /run/systemd/network/
<TJ-> Annoyed: and you can directly copy a file from there to /etc/systemd/network/ and remove the netplan config so netplan no longer generates a boot-time config under /run/
<Annoyed> Oh, so I create a devicename.network file in /etc/systemd/network, and treat that as /etc/network/interfaces?
<TJ-> Annoyed: :D yup
<Annoyed> Ok, that makes sense
<TJ-> Annoyed: and remove any /etc/network/interfaces entries/file(s) so that the sysv ifupdown compatibility systemd units don't try to create an additional config!
<Annoyed> This is gonna be a clean install
<Annoyed> so there shouldn't be any
<Annoyed> Hmmm is one, but it's all comments
<TJ-> Right; with you mentioning the 14.04 I just wanted to be clear - we've seen people caught out by systemd playing nice with the existing ifupdown config and the sysadm also creating a systemd config, and the 2 clashing
<Annoyed> Ok, thanks
<Annoyed> That makes sense
<Annoyed> Thanks for the help. Much appreciated
<bindi> TJ-: currently rocking Debian on the machine :D
<TJ-> bindi: I've been updating the scripts, and you can now see an ascii-cast of it at work: http://iam.tj/projects/raid-vm/
<TJ-> bindi: I've been playing with it in the VM, detaching disks etc. It boots perfectly degraded without me even realising :D
<bindi> nice
<TJ-> I integrated the LUKS unlocking into the initrd.img so the passphrase only needs typing once, for GRUB
#ubuntu-server 2018-12-26
<bipul> Hi, could anyone help me to know why i'm not able to ping from A to D, since A, C and D all are running on Ubuntu-server. Is it a flaw in OpenVPN tap or? in routing https://pastebin.com/raw/fje2RFhc
<cryptodan_mobile> bipul: are they pingable off openvpn
<jlacroix> Hello eveyrone. I am in the process of creating a VM template for Ubuntu Server 18.04. For some reason, if I delete /etc/machine-id, it's not regenerated automatically when the VM is started. I can regenerate it manually, but I was hoping there was a way for this to happen automatically at first boot.
<OerHeks> i think dbus-uuidgen --ensure=/etc/machine-id is your answer https://unix.stackexchange.com/questions/402999/it-is-ok-to-change-etc-machine-id
<OerHeks> systemd-machine-id-setup
<jlacroix> Thanks OerHeks, but that was the article I was already looking at. I know how to generate the machine ID manually, I was hoping to make it automatically happen. I tried deleting it but it doesn't create it when it starts. As for the systemd-machine-id-setup service, that's not available in Ubuntu 18.04 unless it requires a package to be installed
<TJ-> jlacroix: systemd-machine-id-setup is in 18.04's systemd package, in /bin/
<OerHeks> ah hard linking
<jlacroix> Ah, I was able to find the systemd-machine-id now, thanks.
<jlacroix> The problem though is that it's always generating the same id each time I run it, despite me deleting /etc/machine-id first
<TJ-> did you read the man-page?
<OerHeks> If this file is empty
<OerHeks>        or missing, systemd will attempt to use the D-Bus machine ID from /var/lib/dbus/machine-id, the value of the kernel command line option container_uuid, the  KVM DMI product_uuid (on KVM systems), and finally a randomly generated UUID.
<jlacroix> Yes, I read it.
<jlacroix> /var/lib/dbus/machine-id is simply a link to /etc/machine-id
<bipul> cryptodan_mobile, Yes, at least the virtual interface created by OpenVPN from that i'm able to ping each others client/server and vice versa.
<cryptodan> bipul: yes your issue would appear to be routing
<cryptodan> bipul: i would ask in ##networking
<bipul> i have asked, and it was not related to routing, all routing is seems okay
<cryptodan> if it was then you would be able to ping  from a to d
<cryptodan> and d to a
<bipul> exactly. it was working well in tun mode, but not with tap mode
<cryptodan> or maybe ask the OpenVPN people
<bipul> I have asked and raise a bug as well
<bipul> do we need to do bridging here??? i don't think so
<cryptodan> id wait till openvpn gets back unless its mission critical
<TJ-> bipul: what was the issue? I've seen you mention it in various channels over the last few days
<bipul> TJ-, It was related to tap mode in OpenVPN . Please find the diagram. https://pastebin.com/raw/fje2RFhc
<bipul> May be i should check the mac address of D at C, while pinging from A to D
<TJ-> yeah, just got the pastebin link in ##networking... seems to me the problem is on A's routing table...
<TJ-> bindi: "10.4.0.0/24 dev tap0 proto kernel scope link src 10.4.0.2 " <--- looks wrong!
<bipul> TJ-, So what would be the correct one??
<bindi> wat
<bindi> hi
<bipul> I believe the gateway would be the tap0 IP on the client as well as on the server.
<TJ-> bipul: In other words, have you checked whether C/D receive the pings from A using tcpdump? even if the reply doesn't get back to A?
<bipul> Because this is the virtual interface created during running on OpenVPN
<TJ-> bipul: also, double-check on C that forwarding is enabled on all the interfaces
<bipul> TJ-, Yes, it's enabled inside /etc/sysctl.conf net.ipv4.ip_forward=1
<TJ-> bipul: how about "for n in /proc/sys/net/ipv4/conf/*/forwarding; do echo $n=$(cat $n); done "
<bipul> wait let me check,and share with you.
<bipul> TJ-, The problem is with tap mode , not with tun mode.
<TJ-> bipul: my strong recommendation is to deploy tcpdump on C, and later on D, and check whether it is replying, and if so, on which interface
<bipul> sure i would definitely follow your suggestion. And get back to you.
<TJ-> bipul: I realise that; tap is a virtual ethernet interface, but I'm recommending you check other things around this in case it gives clues.
<bipul> I'm new to this tcpdump, would you suggest any link to go with it.
<TJ-> bipul: wooa, on C, what is this about!? "route add -net 10.216.0.0 netmask 255.255.0.0 gw 10.4.0.1" ?
<bipul> https://paste.ubuntu.com/p/HNy6m59jc8/
<TJ-> bipul: that is going to conflict with "10.216.21.0/24 dev enp0s3 proto kernel scope link src 10.216.21.1 "
<bipul> I believe 10.216.0.0/16 is network inside it i.e 10.216.0.0/16 { 10.216.21.0/24 }
<TJ-> bipul: on C: "sudo tcpdump -ni tap0 icmp"
<jelly> more specific routes take precedence, a route for /16 won't override a nested route for /24
<TJ-> bipul: that 10.216.0.0/16 does NOT look correct; you're telling it to send packets for that subnet down tap0 (to A)
<TJ-> bipul: THAT rule should be executed on A, not C
<bipul> okay. So what would be for {C,D} to A
<jelly> TJ-: oh, here, have an idiom: grep . /proc/sys/net/ipv4/conf/*/forwarding
<bipul> okay. So what would be for {C,D} to A at C?
<TJ-> bipul: sorry, been at dinner; have you made progress. Just looked at A and I think this is wrong too (wrong gateway - should be the IP address of the interface at the far end of the tunnel) "route add -net 10.216.0.0 netmask 255.255.0.0 gw 10.4.0.2" so I'd expect it to be "route add -net 10.216.0.0 netmask 255.255.0.0 gw 10.4.0.1"
<bipul> okay, sure, i will try with your given solution.
<bipul> TJ-, Thank you. And i would let you know the outcome :)
<TJ-> bipul: I'll simulate your network in marionnet, see if I can reproduce
<bipul> Oh thank you very much. At this moment i'm  doing some cryptanalysis,whole my vm  is busy , i have less resource. Otherwise i would let you know the result.
<bipul> wow nice marionnet
<bipul> s/cryptanalysis/ studying crypto
<bipul> I will do it later, and let you know. :)
<bipul> TJ-, YES, it works
<bipul> it was routing issue :)
<TJ-> bipul: :)
<TJ-> bipul: simple when you think it through :P
<bipul> :) wow thank you very much sir
<cryptodan> you are welcome bipul
<kinghat> is there another way to mount a share other than cifs?
<kinghat> i guess node/npm over cifs doesnt function properly.
<kinghat> just wondering if mounting it via some other method would be a workaround?
<kinghat> specifically what happens when i try to install packages over the share: https://paste.debian.net/hidden/b15c702d/
#ubuntu-server 2018-12-27
<maeud> Hi, can anyone help me with a preseed issue, it fails when trying to install the grub bootloader. Here is the partman section of my preseed file: https://pastebin.com/raw/F265bZgw  - The error is: "Volume group sda not found" then next line "Cannot process volume group sda" - I also have in my preseed: "d-i grub-installer/bootdev string /dev/sda1" but that's ignored if I chroot into /target and run parted, I can see /boot is on /d
<maeud> ran out of bug reports to read, nothing to go on
<TJ-> maeud: looks wrong to me; you're mixing LVM and raw partitioning
<maeud> I thought I needed /boot like that as everything else is encrypted TJ-
<TJ-> maeud: that's not what I mean; you've done d-i partman-auto-lvm/... so it assumes an LVM layout but then d-i partman-auto/disk string /dev/sda so it expects an LVM VG 'sda'
<TJ-> maeud: if you want LVM it needs to be in one or more of the partitions
<maeud> from the docs that's meant to be used in conjunction TJ- ?
<maeud> that option sets the disk to use (if more than one) then you set the method to use
<TJ-> maeud: but for the /boot/ file-system don't you need $lvmignore{ }  ?
<maeud> I'll try it TJ- see if that helps
<maeud> ok running through now, see in 5 min or so
<TJ-> maeud: also, is this creating MBR or GPT? IF GPT there needs to be a BIOS-boot partition for GRUB's core image
<maeud> How would I see that TJ- ?
<maeud> it should be MBR, how can I confirm?
<maeud> 150GB disk
<TJ-> maeud: examine the result when it works/fails :)
<cryptodan> go into bios and see if efi is enabled and if it is then likely it will be gpt
<TJ-> maeud: as in "sudo blkid /dev/sda" should show PTTYPE=
<maeud> yeah it's MBR
<maeud> I saw msdos disk before
<maeud> in parted
<maeud> it's a VM cryptodan, but it's MBR
<maeud> gen 1 VM in hyper-v
<TJ-> maeud: OK, so grub-install will write the core.image to the spare sectors from #1 to just before the start of partition #1
<maeud> OK, it's working through the install, see in a min
<maeud> no luck TJ-, it's still giving me the same error: "Volume group "sda" not found"
<TJ-> maeud: so you need to capture debug logging, plus examine what has been created on disk, to figure out how it differs from your intention.
<TJ-> I presume you're expecting sda1{ext4} sda2{LUKS->LVM}
<maeud> pretty much, sda1 /boot, sda5 crypt
<TJ-> sda5 implies an extended partition
<TJ-> presumably partman creates that by default no matter how many partitions you configure
<maeud> TJ-: https://imgur.com/a/yNmeHZl
<maeud> does that look right?
<TJ-> maeud: not really much use; use "lsblk /dev/sda"
<maeud> lsblk doesn't exist in target TJ-
<maeud> sorry, it does exist but can't read
<maeud> it doesn't exist outside of target but if I copy it from target it doesn't have access to libs, sec
<maeud> TJ-:  here's lsblk of /dev/sda: https://i.imgur.com/gvrklAB.png
<TJ-> maeud: so the disk layout is correct; therefore there must be something affecting the LVM VG name for it to decide on 'sda'! does "sda" exist anywhere else in the preseed file?
<maeud> just "d-i partman-auto/disk string /dev/sda
<maeud> "
<maeud> If I comment that line out TJ- it prompts for me to select partitioning method, then if I select manual, it says no root file system defined
<TJ-> maeud: then there's something else going on your preseed file. If I were you I'd test it in a virtual machine to make investigation/examination easier
<maeud> I am testing in a VM
<maeud> sec let me post it
<maeud> TJ-: https://pastebin.com/raw/6f3Anx4f
<maeud> nothing else referencing it
<TJ-> maeud: if it's a VM then you chroot mount the install and look at the debian-installer/partman  log files
<maeud> I can't complete the install, do you mean in the vt?
<maeud>  /var/log/partman
<maeud> I'll look there
<TJ-> You're using a VM to test, so you can shut down the VM, and chroot-mount the disk-images
<TJ-> I've never liked d-i preseeding, especially partman; I prefer scripts I can control
<maeud> I'm using preseeding to do the minimal amount as possible as it's a bit of a nightmare
<maeud> playbook doing the rest
<maeud> just need to get an install up and running
<TJ-> I wrote scripts to test a RAID+LUKS+LVM install this week
<maeud> so how do I see what's going on here TJ-, I can see the debug logs for partman and syslog, hw
<maeud> it's specifically grub install where it fails
<maeud> I've pointed it to sda1 which we've confirmed is /boot
<TJ-> how do you mean, you've pointed it to sda1 ?
<maeud> remember with the bootdev option which seems to be ignored
<TJ-> I'd check the d-i log see what command line it is using for grub-install, because it /should/ be "grub-install /dev/sda"
<maeud> where about is that one, I chose the menu item for debug logs, it gives me hardware-summary, partman and syslog
<Ussat> anyone here run a gitlab server that uses LDAP ?
<TJ-> maeud: I'd suspect syslog
<maeud> nothing in syslog, that's what I posted before, it literally just gives me those 2 errors about sda vg
<TJ-> The joys of d-i !
<maeud> that's it
<maeud> ok it's in debug mode now
<lotuspsychje> place your details here qwebirc16206
<qwebirc16206> Hi! I can't install Ubuntu Server 18.04 on my machine.
<qwebirc16206> I have 2 HDDs and want t setup RAID1.
<qwebirc16206> Here is the error image: https://drive.google.com/file/d/1dfw_TpcUDGbepl4sO5arQ97Tc-SNUrHn/view
<qwebirc16206> It says curtin command block-meta
<qwebirc16206> and the step is 9/11
<Ussat> did you try to install ON the raid or make raid after ?
<qwebirc16206> I tried to create RAID during the installation. Manual partitioning, like this:
<bipul> qwebirc16206, Just share the steps of installation. And where are you installing it?
<qwebirc16206> bipul: nothing special
<qwebirc16206> https://drive.google.com/open?id=1kroSfFCI5Su1ODcdzkCncXo_Hj2lD7sV
<Ussat> Peronsally, I would raid after...
<maeud> TJ-: the install process is using "grub-installer", it takes /target as an argument then throws that error about sda vg unknown
<maeud> it's a udeb pkg
<qwebirc16206> bipul: standard configuration up to partitioning
<qwebirc16206> I have attached an image of what the partitions looked like
<TJ-> maeud: so something in the configuration is confusing it into thinking the VG name is the raw disk name - no idea!
<qwebirc16206> tomreyn: here is the info: Ubuntu-Server 18.04.1.0 LTS "Bionic Beaver" - Release amd64 (20180725.1+apt)
<qwebirc16206> Ussat: what? how?
<tomreyn> qwebirc16206: ok. based on your screenshot, the installer seems to be trying to create a RAID-0 array, not RAID-1. are you sure you configured RAID-1?
<maeud> and grub-installer is a 1.3k line bash script
<maeud> awesome
<qwebirc16206> tomreyn: yes, I have configured RAID1
<qwebirc16206> see this: https://drive.google.com/file/d/1kroSfFCI5Su1ODcdzkCncXo_Hj2lD7sV/view
<qwebirc16206> where did you find RAID0?
<qwebirc16206> Oh, indeed, I see it...
<Ussat> qwebirc16206, https://www.digitalocean.com/community/tutorials/how-to-create-raid-arrays-with-mdadm-on-ubuntu-18-04
<tomreyn> qwebirc16206: this mentioned "raid-0", but maybe that's just the name of the curtin module: https://lh6.googleusercontent.com/6xRkZPJHz1IUEV4TZ8KLyK43BHrTFGSxRgkVdlkfrXUAxSV8bHKLXTHjgJRn0E90b4GPpyLYad5Qbw=w1720-h1242
<Ussat> To be fair, I dont raid much most of my servers are SAN connected to an isilon
<tomreyn> or maybe it's yet another curtion / subiquity bug.
<tomreyn> qwebirc16206: use the alternative (classic, debian) installer
<qwebirc16206> I haven't seen that option...
<qwebirc16206> There is this installation, OEM installation and check disk.
<qwebirc16206> Is it this OEM installation that you meant?
<tomreyn> qwebirc16206: no, i'm referring to a different ISO download
<tomreyn> qwebirc16206: see "alterantive downloads" at https://www.ubuntu.com/download/server
<tomreyn> qwebirc16206: can you confirm that this system boots in UEFI mode?
<TJ-> So much easier with scripts and deboostrap! :)
<tomreyn> i'm actually considering to write a new installer in bash
<tomreyn> maybe someone did this already.
<qwebirc16206> yes, it boots in UEFI
<qwebirc16206> there is also a /boot/efi partition
<tomreyn> i noticed. i'm just thinking about reproducing it. i was hoping the latest build of the default server installer would fix most issues, but i guess many remain unfixed.
<kinghat> is this odd that it shows i have 1 security update when i log in and when i search for updates it says up2date? https://paste.debian.net/hidden/d99e2318/
<TJ-> kinghat: no, the motd may not have been updated yet
<tomreyn> right, there's some 'caching' involved
<kinghat> oh. its been a few days iirc.
<TJ-> update-motd I think
<kinghat> as an extra package? will it work itself out?
<TJ-> kinghat: there's a tool you can execute "update-motd" that runs all the scripts that add their bits to the MOTD
<TJ-> kinghat: scripts are dropped in /etc/update-motd.d/ and those are run and their output gathered by update-motd
<kinghat> hmm this is odd: https://paste.debian.net/hidden/e994c8c2/
<TJ-> kinghat: it could be due to the specific script, from update-notifier-common,  /usr/lib/update-notifier/update-motd-updates-available
<kinghat> i had messed with grub when i had to take over the machine to get my user back into the sudo group/sudoers file.
<TJ-> kinghat: oh, that looks like something caused by curtin/containers stuff, check if there's files in /etc/default/grub.d/
<kinghat> kinghat@kinghat-server:/etc/default/grub.d$ ls -ln
<kinghat> total 4
<kinghat> -rw-r--r-- 1 0 0 140 Aug 21 20:42 50-curtin-settings.cfg
<tomreyn> menu.lst? sounds like grub1 (AKA 0.98) when it should be grub2
<kinghat> i cant remember what i did to grub because it wasnt formatting correctly on the screen or something like that when i was trying to get into recovery. then i just used a live cd to get sudo to change the sudoers file.
<kinghat> maybe i did that grub-boot-repair thing. its been a month or more.
<tomreyn> pastebinit <( cat /etc/os-release; echo; dpkg -l | grep grub)
<tomreyn> i see. maybe the above output is irrelevant then
<kinghat> https://paste.ubuntu.com/p/9mmJ5S5JSs/
<tomreyn> just install grub2 to the boot disk
<tomreyn> is this an AWS system?
<kinghat> nah just ubuntu server on a thumb drive in the house.
<tomreyn> i'm not sure what grub-legacy-ec2 actually does but i guess i would just remove it then
<tomreyn> also purge the bios variant of grub2 if you use efi
<TJ-> There's a postinst script that runs and generates that /etc/default/grub.d/50-curtin-settings.cfg which causes some GRUB v1 crud to be done; I seem to recall it is due to some weirdness on AWS or some other 'cloud'
<tomreyn> i.e. sudo apt purge grub-pc grub-legacy-ec2
<TJ-> I can't find the bug now but I was dealing with that issue some time ago
<tomreyn> and then sudo grub-install /dev/whereever
<tomreyn> ok TJ-
<kinghat> i dont know for sure if its efi or not. its an old HP workstation board that has a bunch of stuff turned off to be able to run outside of an HP chassis and a PSU converter etc.
<tomreyn> i remember that Xen PV systems always had trouble booting with grub2
<tomreyn> IIRC there's some environment variable which can tell you how the system booted (UEFI vs BIOS), but i forgot the details and cant find it now
<TJ-> hmmm, maybe it was something else, maybe to do with /etc/cloud/cloud.cfg.d/
<kinghat> ill look tomreyn
<tomreyn> if you have a /sys/firmware/efi directory then you have uefi
<TJ-> tomreyn: I generally check sysfs /sys/firmware/efi/
<tomreyn> :) thanks
<TJ-> tomreyn: right, but it may not have booted with legacy mode, I seem to recall, there's a subtlety to it - checking the efivars I think
<tomreyn> actually i made this up about the environment variable.
<TJ-> oops, lose the "not" from that last line
<kinghat> kinghat@kinghat-server:/sys/firmware/efi$ ls
<kinghat> config_table  efivars  fw_platform_size  fw_vendor  runtime  runtime-map  systab  vars
<tomreyn> kinghat: so thats a system which booted in uefi mode
<kinghat> got ya. so do i need to check `efivars` or just that i have `efivars`?
<tomreyn> unless TJ-'s subtlety applies, which i'm not aware of
<tomreyn> kinghat: given that sysfs is present / mounted, if you have a directory /sys/firmware/efi then you booted in uefi mode.
<tomreyn> i assume this is what you were asking?
<kinghat> tomreyn: yes basically.
<kinghat> so still run the purges and sudo grub-install?
<tomreyn> kinghat: personally, in a situation where "i cant remember what i did to grub [..] maybe i did that grub-boot-repair thing", i would, yes.
<TJ-> tomreyn: it would be really useful to have a /proc/sys/kernel/bootloader_method
<kinghat> is there a default dir grub installs to or i should put it in dev/?
<kinghat> https://paste.debian.net/hidden/10785d0e/
<tomreyn> TJ-: yes, indeed.
 * TJ- considers a patch and what Linus' reaction would be :)
<tomreyn> ROOOOAR!
<kinghat> lel
<tomreyn> kinghat: looks fine to me, if it does to you?
<tomreyn> kinghat: you run grub.install against a storage, not a directory.
<kinghat> what does the 2 not fully installed or removed means?
<TJ-> have you ever tried to grep for 'efi' or 'EFI' in kernel where #define and  #DEFINE are everywhere!?
<tomreyn> kinghat: that you have 2 packages which are neither in state 'ii' not in state 'un'
<tomreyn> dpkg -l | grep -Ev '^(un|ii)'
<kinghat> https://paste.debian.net/hidden/d7ec8494/
<kinghat> here is the dpkg grep: https://paste.debian.net/hidden/2ad5d621/
<tomreyn> just "touch /boot/grub/menu.lst" and run it again, looks like the post removal script is buggy
<kinghat> touch needs permission?
<tomreyn> depends on what it wants to touch
<tomreyn> for touching /boot/grub/menu.lst it'll need sudo
<tomreyn> also make sure /boot is actaully mounted
<kinghat> https://usercontent.irccloud-cdn.com/file/1SP5V3OX/image.png
<tomreyn> why grub2? thats new
<tomreyn> but i guess you can just agree and then reinstall anything thats missing
<kinghat> ummmm lol
<kinghat> so this is effectively starting fresh with grub?
<kinghat> i havent clicked yes yet.
<TJ-> tomreyn: looks like we can rely on the sysfs node: https://paste.ubuntu.com/p/5qYCCWm2C5/
<kinghat> should everything grub related on my system be removed and then added back?
<kinghat> tomreyn: https://paste.debian.net/hidden/08e4e972/
<tomreyn> TJ-: thanks for looking this up
<tomreyn> kinghat: such a nicely broken package. maybe just purge "dpkg --purge" grub-pc and grub-legacy-ec2. or purge all of grub , then reinstall grub-efi-amd64 grub-common
<tomreyn> * grub2-common
<kinghat> tomreyn: `dpkg --purge grub*` ?
<tomreyn> kinghat: i think dpkg only handles one package at a time, but not sure
<tomreyn> other than that, yes
<kinghat> youre correct. try with apt purge?
<teward> anyone know if it's possible to boot an ISO stored within an LVM partition into RAM at grub launch time?
<tomreyn> kinghat: apt purge didnt seem to work, so i suggested dpkg --purge
<teward> asking because I need to weekly Clonezilla this system to a backup disk and i need some GRUB guidance :|
<teward> (they give me an ISO)
<tomreyn> teward: there's "grub-imageboot" ("boot iso, harddisk and floppy images with grub2 and syslinux memdisk") and "grml-rescueboot" ("Integrates Grml ISO booting into GRUB"). i had mixes results with those on an uefi booting system (have not tried legacy bios). i think the grml ones worked with some iso's but not others.
<tomreyn> generally grub can boot from an iso
<tomreyn> (but maybe not all of them, not sure)
<teward> tomreyn: right, but the tricky part is, the documentation I found doesn't anticipate the ISO being inside an LVM LV
<teward> it anticipates it being on a physical partition somewhere
<teward> ... which... I don't actually have at the moment.
<teward> since this system is full-disk LVM.
<teward> since this system is full-disk LVM except for 512MB at the start for a boot partition.
<tomreyn> oh, yes, you said LVM, sorry, no idea then
<teward> yeah that's where I'm getting stuck :|
<teward> I mean TO BE FAIR
<teward> I could probably replicate this in an LV
<tomreyn> shrink the PV, i guess
<teward> tomreyn: last time I did that I torched the partition table LOL
<teward> I'll do that after I take a Full Disk Image later :P
<teward> and i'll just USB boot for that ;P
<teward> ... remind me how to shrink a PV again xD
<teward> shrink a PV safely*
<tomreyn> i wouldnt dare doing it live either
<tomreyn> and i'd need to look up how to do it, too
<tomreyn> i did it before, and it worked, that's all i rmeember
<teward> i only need like 300MB so eh
<teward> i'mma backup my system with a full disk image first though
<teward> that way if I fubar it i can restore it
<teward> again
<teward> it shouldn't be hard to shrink the LVs.  I'll have to recreate the swap LV though
<teward> but that won't be a problem.
<tomreyn> IIRC when you shrink the PV (after shrinking the LVs) you have to provide the target size explicitly, which is silly, it doesn'T have anything like ext4's "minimal size" option where it shrinks to the smallest possible size automatically
<tomreyn> so it's a bit of try and error: you guess the new size, then have lvm resize the PV, then it either prints a warning saying the ewuivalent of "this looks to small but it did it anyways" or the equivalent of "all fine".
<kinghat> tomreyn: i ran it again anyways and got this: https://paste.debian.net/hidden/e6779eea/
<tomreyn> in the former case you re-reun it with a slightly larger size
<tomreyn> ...until oyu get rid f the warning
<tomreyn> kinghat: yeay, this actually worked
<kinghat> it didnt remove `grub.d` though.
<tomreyn> whats left in /etc/grub.d ?
<kinghat> kinghat@kinghat-server:/etc/grub.d$ ls -ln
<kinghat> total 4
<kinghat> -rwxr-xr-x 1 0 0 424 Dec 10 02:00 25_custom
<tomreyn> kinghat: and that contains?
<tomreyn> i have 40_custom and 41_custom on this bionic
<kinghat> tomreyn: https://paste.debian.net/hidden/73c80033/
<tomreyn> kinghat: did you or some other admin of this system create this file?
<kinghat> im the only one. not that i remember.
<tomreyn> kinghat: and do those files actually exist on /boot/efi/EFI/ubuntu/ ?
<tomreyn> ...or in /boot/efi/EFI/BOOT
<kinghat> yes. among others
<tomreyn> and blkid reports that your ESP'S UUID is 84C3-4FDF ?
<kinghat> https://paste.debian.net/hidden/adb4e53c/
<tomreyn> blkid | grep 'PARTLABEL="efi"'
<tomreyn> sdc1 is UUID 84C3-4FDF
<tomreyn> and is potentially your ESP
<tomreyn> so i guess you can keep it, or remove it, whatever you like
<tomreyn> it shouldnt do any harm
<tomreyn> just adds 3 extra entries on your grub menu
<kinghat> wont grub install just make a new one?
<tomreyn> a new what?
<kinghat> `grub.d`
<tomreyn> not if it's already there, otherwise it'll add to what's already there
<tomreyn> i mean: not if it's already there, it'll add to what's already there
<kinghat> but if its not there it will just start fresh?
<teward> tomreyn: the alternative is I shrink the LV's down considerably to make sure there's enough space and leftover extents to not deal with anything
<teward> but then shrink the PV from there, but that's... tricky.
<tomreyn> teward: i don't think i'm getting the alternatives you're dioscussing. one is to shrink LVs, then the PV, the other is...?
<teward> tomreyn: > you guess the new size, then have lvm resize the PV, then it either prints a warning saying the ewuivalent of "this looks to small but it did it anyways" or the equivalent of "all fine".
<teward> ^ avoid this by ultrashrinking :P
<kinghat> there is actually a bunch of stuff still in `/boot`: https://paste.debian.net/hidden/f3ab06d3/
<teward> shrink the LV way smaller than it needs to be but meh
<teward> tomreyn: i'mma do a Full Disk Backup now then attempt to NOT explode the system heh
<tomreyn> teward: if you have unpartitioned space on the VG which is backed by exactly one PV then you can just pvresize with the trial-and-error approach. if you have a VG backed by multiple PVs youmay have to pvmove (to move VG data (extents) off one of the PVs) first, so you can remove this PV.
<tomreyn> and i dont think you need to do it 'way smaller', no
<kinghat> im not sure if its ready to be 'regrubbed' or not but shouldnt `grub-pc` add everything back like the efi stuffs or does that have to be installed manually as well?
<tomreyn> kinghat: if those /boot/grub* are there while all the grub* packages are purged, then you should proibably purge those untracked files.
<tomreyn> "dpkg -S /path/to/directoryorfile" to check whether its part of a package
<teward> tomreyn: i ALMOST deleted the wrong thing lol
<teward> switched the lvremove options xD
<tomreyn> teward: whoops
<teward> that could've been bad xD
<tomreyn> i think you real yjust want to test whether you bare metal recovery procedure works
<teward> considering i've already restored this twice before... :P
<kinghat> kinghat@kinghat-server:/etc/grub.d$ dpkg -S /boot/grub
<kinghat> dpkg-query: no path found matching pattern /boot/grub
<tomreyn> kinghat: congratulations for testing it.
<kinghat> remove those as well?
<tomreyn> kinghat: i run an ubuntu 18.04 desktop which does uefi booting and don't have /boot/grub
<tomreyn> so i guess you dont need it. after all its not part of any package you have installed. so, yes, i guess it can go.
<kinghat> ill get rid of the `grub.bak` dir as well
<tomreyn> it would help if you knew what you did to your system :)
<tomreyn> i assuem this is a result of running "boot repair"
<kinghat> ya. then i manually went in via livecd sudo and fixed the sudoers file
<kinghat> should have just done that from the start
<kinghat> but i thought there was a problem with grub.
<kinghat> there wasnt.
<kinghat> i made a problem though. :P
<teward> tomreyn: another stupid quesiton, but is there a way to map known partitions to what their GRUB root= equivalents are :|
<teward> or do I have to drop to the grub cli to do that
<tomreyn> teward: the UUIDs? those are printed by blkid
<tomreyn> teward: is this what you meant?
<teward> tomreyn: close enough
<teward> i'll read the grub manpage
<teward> i have to full disk image this first
<kinghat> tomreyn: https://paste.debian.net/hidden/f250554c/
<teward> back in a bit.
<kinghat> not sure about the `/efi/ubuntu/` `grub.cfg` and `grubx64.efi` files
<tomreyn> kinghat: grub-install should replace them when you run it.
<kinghat> ok. can i remove the `grub.d` dir or just the `25_custom` file in it?
<tomreyn>  /boot/efi/ubuntu/grubx64.efi is stage1 of grub, grub.cfg points it to where stage2 is located
<tomreyn> kinghat: if you still dont have any grub packages installed, you can just remove all of /etc/grub.d/
<kinghat> ok its gone.
<kinghat> so `grub-install` or `grub-pc`?
<tomreyn> be sure to install grub2 and grub2-common and to run update-grub and grub-install soon, though, or you wont be able to boot.
<tomreyn> those are apples and oranges: grub-install is a command, grub-pc is a package name.
<tomreyn> sorry, it's not "grub2 and grub2-common" but "grub-efi-amd64 and grub2-common"
<kinghat> i mean do i need to have grub before i can `grub-install`?
<tomreyn> although this may actually both work
<tomreyn> kinghat: yes, you wont have the grub-install command before you installed the package which provides it.
<tomreyn> so install it
<kinghat> doesnt one of the grub packages already bring in `grub-efi-amd64`?
<tomreyn> if you install "grub2" or "grub" this may depend on / install grub-efi-amd64, i have not checked
<kinghat> regardless: https://paste.debian.net/hidden/a5456c62/
<tomreyn> what matters is that you'll have grub-efi-amd64 and grub-efi-amd64-bin and grub2-common in the end
<tomreyn> i dont see any errors on the output, do you have any questions?
<kinghat> so now `update-grub` and then `grub-install`?
<tomreyn> corret
<tomreyn> correct
<tomreyn> "grub-install" takes one argument, the destination device.
<kinghat> ok i dont want to mess that one up.
<tomreyn> i usually install to multiple devices, just in case one breaks.
<kinghat> so `grub-install /dev/sdc` via the blkid output here: https://paste.debian.net/hidden/adb4e53c/
<tomreyn> ignore what i just said, this doesn'T apply to uefi (unless you have multiple ESPs)
<tomreyn> yes, "grub-install /dev/sdc" is probably correct.
<tomreyn> i'm a bit puzzled why this is not sda, though
<kinghat> i did `grub-probe -t device /boot/grub` and it says /dev/sdc2 but i only need the sdc?
<kinghat> me too lol
<tomreyn> you seem to have zfs on sda and sdb, i'm not into this
<kinghat> i dont know how that happened tbh.
<tomreyn> there's a lot of rather relevant things you should try to be more in the know of. ;-)
<tomreyn> kinghat: it's good to know or be able to tell, by yourself, how the boot process works, in case it breaks
<kinghat> https://paste.debian.net/hidden/d27c8455/
<kinghat> do i need to `grub-update` again?
<kinghat> i havent restarted but i logged out of the session and back in and im not seeing any updates like before. so
<tomreyn> kinghat: no. check the files and modification dates in /boot/efi/EFI/ubuntu/
<tomreyn> i'd expect that at least grubx64.efi has a current file modification time
<tomreyn> maybe grub.cfg also
<kinghat> https://paste.debian.net/hidden/d972f2cb/
<kinghat> just `grubx64.efi`
<tomreyn> ok. that's fine. we already looked at grub.cfg and it pointed at the correct ESP
<kinghat> scared to reboot
<tomreyn> you shouild be able to reboot fine.
<kinghat> here goes
<tomreyn> if it doesn't work immediately, see if you can pick this grubx64.efi on your uefi configuration interface
<kinghat> you mean from the bios?
<tomreyn> yes
<kinghat> im remote atm.
<tomreyn> oh, good luck then
<tomreyn> i'd rather wait unil i'd be back on site
<tomreyn> unless i had out of band management
<tomreyn> or remote hands
<kinghat> physical access is... all the way downstairs..
<tomreyn> that sounds acceptable, if you're not in a 64 floor skyscraper without a lift.
<kinghat> lol
<kinghat> `reboot` initiated!
<kinghat> im in!
<kinghat> yay!
<kinghat> tyvm tomreyn!
<tomreyn> :)
<maeud> just can't get past this stupid grub issue at all
<teward> tomreyn: well... that didn't go well.  Managed to restore, but I had to do some... not cool tactics.
<teward> Ultimately just GUI booted to a Live Desktop USB with a patched gparted and did the LVM resize
<teward> which apparently WORKS when the right patch is applied
<teward> i'll have to bug the Desktop team at some point to fix this.
<maeud> re-did the whole process and it starts the grub install, screen goes black and it loops trying to restart the screen
<maeud> can't win
<maeud> lol
<Checkmate> is there any tools to block bots ?
<Checkmate> on website
<CodeMouse92> Checkmate: fail2ban works pretty well, as far as blocking malicious bots and other attacks
<CodeMouse92> In terms of valid search engine bots, robots.txt is how you control what they crawl.
<Intelo> is it possible to buy ip from somewere and use that ip in your vps provider (and not the ip of vps host it self)? You own the ip and can attach it to anywhere?
<mybalzitch> you'd need an ASN, and for your VPS provider to allow you to announce your ASN within their network. Not impossible but usually costly
<mybalzitch> and I'm not sure they (ARIN) would sell you a /24 (255 IP's) let alone a single ip
<Intelo> where to get ip ?
<maeud> type "buy ip space" into Google
<Intelo> k
#ubuntu-server 2018-12-28
<AllanLinux> Hey guys. I'm running a script to get files from a server to Linux, but I always get: scp: ambiguous target. The file path has no spaces, very strange.
<AllanLinux> sshpass -p "$PASSW" scp -v -d -t $USER@$SERVER:"E:/Backup/PortalComunicacao/PortalComunicacao_backup_`date +%d-%m-%Y`*.bak" /opt/Allan
<tomreyn> AllanLinux: are you sure there's a '-d' option to scp?
<tomreyn> What is the remote scp server, eopnssh on WSL? Is the remote path format acceptable to the remote server?
<TJ-> scp doesn't have -t (tty force) either
<tomreyn> the actual issue is probably the lacking trailing slash on the local path, though: if /opt/Allan is a directory, then make it /opt/Allan/ instead
<TJ-> won't the *.bak get expanded by the local shell?
<tomreyn> probably that, too, due to double quotes.
<TJ-> the remote syntax threw me but I assume it is just the Windows/CIFs way
<Annoyed> Greetings.  I'm in the process of moving from 14.04 LTS to 18.04, and I'm finding a number of strange things
<ikonia> Annoyed: just explain what you're struggling with and people will help if they can
<Annoyed> The current question is name resolution. This is gonna be a nameserver for my local network, but it doesn't seem to have BIND installed by default. Is that correct?
<teward> Annoyed: by default BIND is not installed, correct.
<teward> you would have to install BIND and set it up accordingly
<Annoyed> That I expect to have to do. Byt I have not yet installed it. AS of now, nslookup at the command prompt gives me 127.0.0.53 as the responding server.. IS there already another DNS server that comes with this ?
<TJ-> Annoyed: 127.0.0.53 tells us that systemd-resolved is in use
<Annoyed> So, there is another nameserver installed
<teward> Annoyed: no
<teward> that's a local resolver system inbuilt to the systemd locally
<teward> it's *not* a NameServer that you would want to use to serve DNS to the local network itself
<Annoyed> or is that forwarding to the ISP's servers and claiming to do it itself?
<teward> you can configure it to use your BIND instance once you set it up for recursive DNS
<teward> Annoyed: forwarding to the ISP servers configured by DHCP or in your static netowrk config
<Annoyed> Ok, will bind's install scripts change that? or how do I tell it to use BIND instead of whatever it is using. I've gathered that it's not as simple as a simple file edit as it was in 14.04
<teward> Annoyed: you would configure your network settings to use 127.0.0.1:53 as your nameserver - that should make it point to BIND
<teward> your computer would still use systemd-resolved to issue DNS quereies, but it'll just query your BIND server directly localy
<teward> but configure the BIND server first and make sure lookups work right ;)
<teward> THEN mess with the local system's DNS
<Annoyed> I've still got all the config (actually, the entire old hard drive) stored on this, so I can copy the old config directly, that has worked for years. So that's not an issue.. problem is telling the damned system to use it
<Annoyed> Thanks
<Annoyed> I'll see what happens when I try to set it up.
<Annoyed> Oh, PS: TJ- what you were helping me w/ earlier is a PITA. Nothing that uses that inside interface works if nothing is plugged into it.. Had to get an old router to plug into it to keep it up.
<DammitJim> I am  trying to join my Ubuntu 18.04 LTS server to an AD
<DammitJim> net join works
<DammitJim> but I can't log on to the server with credentials of a domain user
<DammitJim> I'm using sssd + realmd and stuff
#ubuntu-server 2018-12-29
<seekr> I am attempting to configure a cloud-based Ubuntu system for web hosting purposes.  I've run into a problem which I think may be related to a bug reported at https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1787886 .  One of the first things I did in configuring the server was to do an upgrade to what I think is the system described in this bug report.  Since I'm unfamiliar with Ubuntu itself, I didn't even know how to determine what LTS
<seekr> release I'm running.  Since I see no resolution posted for this bug, it would seem it has not yet been resolved, though the bug report was filed four months ago.  Can anyone help?
<ubottu> Launchpad bug 1787886 in apache2 (Ubuntu) "Upgrade from 16LTS to 18LTS breaks Apache2" [Undecided,New]
<ikonia> seekr: what's your actual problem
<seekr> ikonia: I'm trying to restore a Joomla!-based site.
<seekr> I've installed Apache and MySQL and PHP, all of which are required.
<ikonia> right, what's the actual problem
<ikonia> yeah, I get how Joomla works
<ikonia> what's your actual problem
<seekr> The problem is that there's a failure in executing index.php a few lines from the end of that file.
<ikonia> ok, what failure
<ikonia> what problem
<seekr> I put print statements in the index.php file to determine where the failure occurs.
<seekr> It's the one described in the bug report.
<ikonia> I'm not interested in the bug report
<ikonia> I'm interested in the information you can give me
<ikonia> what's teh actual problem
<seekr> It appears to be failing on the line:   $app = JFactory::getApplication('site');
<seekr> That's the actual problem at this point.
<ikonia> what does the apache error logs show
<seekr> nothing useful - I'll take another look...
<ikonia> and when you said you upgraded to 18.04 did you move the site to an 18.04 host, or actually upgrade in situ an 16.04 host
<seekr> in situ, afaik
<ikonia> what do you mean as far as you know
<ikonia> you said "the first thing I did was upgrade" you must know how you did it
<seekr> I don't even know what it means to move the site to an 18.04 host.
<ikonia> why did you upgrade to 18.04 then ?
<ikonia> if you don't know how to upgrade / how to use the upgrade process, why did you upgrade and not just continue on 16.04
<seekr> Yes, I followed an instruction that was displayed when I logged in as root.
<seekr> I'll see if I can find it.
<ikonia> there is an offer to upgrade, not a mandate
<ikonia> either way, what does the apache logs show when you try to parse the index.php
<seekr> will look
<seekr> ikonia: https://termbin.com/g5t0
<ikonia> seekr: what log is that ?
<seekr> ikonia: error.log
<ikonia> seekr: what does the access log show
<ikonia> is this the default site or is it a named site
<seekr> well, it does have a domain pointing to it, but I'm accessing it via IP address
<seekr> It's the site defined by what's in /var/www/html
<ikonia> are you using the default site or a name based host
<seekr> access log shows nothing interesting - just GETs
<seekr> I don't quite know what you mean by "default site"
<ikonia> there is a default config for apache or there is a config you can use to build/define a name based host
<ikonia> which are you doing, using the default or defining a name based host
<seekr> I haven't touched the Apache config file, except to move the PHP thing closer to the front of the line that indicates what file name suffices will be recognised and processed
<ikonia> which apache file have you touched
<ikonia> what is the name of the file that defines the site you are looking at
<seekr> /etc/apache2/apache2.conf, I think it's called.
<ikonia> you think ?
<ikonia> please be sure
<seekr> yes, that's it
<ikonia> ok - so are you view the correct access/error logs defined in that file ?
<seekr> no - wait - that's not the file - hmmm
<seekr> ikonia: I changed /etc/apache2/mods-available/dir.conf
<ikonia> why ?
<tomreyn> chances are it's a php (5->7) upgrade issues, missing modules or general webapp incompatibility / need for webapp upgrade.
<ikonia> tomreyn: yup, php-curl is the likley candidate
<seekr> The line I changed now reads:  DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
<ikonia> but based on the total lack of solid information I want to be sure before suggesting package changes
<ikonia> seekr: no no, "why" did you change it
<tomreyn> ikonia: yes, details are needed.
<seekr> I changed it because it appeared that the index.php file was not being recognised and processed - but I could be wrong - I'm a bit fuzzy now on the order of events - but I'm sure that's not where the problem lies
<seekr> I just told you why I changed it.
<ikonia> seekr: if you're sure that's not where the problem lies, why did you change it
<ikonia> you didn't tell me why you changed it
<seekr> look - it's easy to change it back to what it was, if only to prove to you that that's not the cause of the problem
<ikonia> seekr: I didn't say it was the cause of the problem
<seekr> I know you didn't - but this thing is a red herring
<ikonia> I'm just trying to understand what you've done and why as you don't seem very clear on a lot of things
<seekr> I'm clear that the problem I'm experiencing is the one cited in the bug report!
<ikonia> seekr: please don't state that, as it's clear you have no idea what you're doing or you wouldn't have blindly changed a file
<ikonia> seekr: right - have you done what the bug report says then ?
<ikonia> if it's that clear
<seekr> I don't need to deal with this sort of attitude - I'll come back later when things may be different.  Thanks anyway.
<seekr> The bug report only talks about adding some modules, and yes, I did follow that advice.
<seekr> PHP 7.2 modules
<ikonia> seekr: so what modules have you added
<ikonia> and how did you add the
<ikonia> which ones
<ikonia> specifically which modules by which packages
<seekr> It really doesn't much matter, since adding those modules made no difference - didn't make the problem either better or worse.
<ikonia> it really does matter
<ikonia> hence why I'm asking
<seekr> It may matter to you, since you seem to be trying to make the point that I'm completely confused.
<ikonia> no
<ikonia> it matters to fixing the problem
<ikonia> hence why I'm asking
<seekr> I'm not finding your questioning to be at all helpful.
<ikonia> because you don't understand the problem
<ikonia> which is fine
<ikonia> however, if you give us the info, I'm sure it can be fixed
<seekr> My problem, as I originally stated, is what's described in the bug report.
<ikonia> which modules did you add via which packages
<seekr> I want to know how to find out whether the bug has been fixed, and what I need to do to take advantage of that fix.
<ikonia> seekr: right, they are the same symptoms, so lets see what the problem is
<ikonia> which packages have you added
<ikonia> seekr: we can work that out now
<ikonia> it doesn't look like an actual "bug"
<ikonia> (if it's the same as that bug report)
<seekr> Clearly you are not willing to pursue that line of inquiry, so I don't find your questioning to be helpful.
<ikonia> it looks like a difference in how the packages are broken up in php7
<ikonia> seekr: I am pursuing it exactly
<seekr> I need to know why the statement I showed you, which is the same one shown in the bug report, is failing.
<ikonia> right, and I'm trying to explain that to you
<ikonia> but I need to know what packages you have so I can understand which ones may be missing and required by your web app
<seekr> If you can give me a way to list the installed PHP modules, please do so.
<ikonia> seekr: you said you manaully installed some - those are the key ones
<ikonia> tell me which ones you installed and how
<ikonia> (or the key ones to understanding the delta in that bug report I should say)
<seekr> It's not relevant to the problem solution - but if only to satisfy you, I'll find the statement I used.
<ikonia> it is relevant
<ikonia> it's really important to understand what packages you've added in and how you did it
<ikonia> as that bug report is showing that the upgrade process may miss packages due to the way the packges are broke down different in later versions of php
<ikonia> seekr: it's clear you're going to fight giving the information so I'll leave you to it
<seekr> ikonia: apt-get install -y libapache2-mod-php7.2 php7.2-cli php7.2-common php7.2-mbstring php7.2-gd php7.2-intl php7.2-xml php7.2-mysql php7.2-zip
<seekr> That's fine, ikonia - I don't see the logic in your inquiry.
<ikonia> no problem then
<seekr> The problem was not caused by my installation of modules.
<ikonia> no, if you have the same problem as that bug report, it's most likley cause by missing modules
<ikonia> that are not installed as part of the 16.04 -> 18.04 upgrade process
<ikonia> (if it's the same as that bug report - if it's not it will need to be worked through)
<seekr> which is why I asked you how to display what PHP modules are installed - perhaps you don't know
<ikonia> seekr: I do know, but what mattered what you manually installed and how as that is the "delta"
<seekr> delta between what and what?
<ikonia> and that will tell us what maybe missing as part of the upgrade or if it's the same symptom, but a different bug
<ikonia> seekr: between would should be installed as part of the upgrade and what changes due to package name/version changes
<seekr> We don't have enough info to be able to tell what modules are required - we have only that bug report.
<seekr> I need to find some later report that describes the real cause of the problem and how to solve it.
<ikonia> seekr: it can be worked out
<seekr> how?
<ikonia> it's not hard, jamoola is pretty basic
<ikonia> by understanding the delta between the old working php packages and the new ones
<seekr> It's not about Joomla! per se - it's just that that instruction is failing.
<ikonia> hence why I was asking for the info I was asking for
<ikonia> seekr: it's about php - and joomla is your example in this case
<ikonia> the cause will be different depending on the app and what the app needs
<ikonia> so it sort of does matter what your usecase is (joomla in this case)
<seekr> I think I'll be better off just searching for later reports, because I think this sort of debugging exceeds the knowledge of either of us.
<ikonia> as different web apps will have different dependencies
<ikonia> and those packages will differ in name/version in different php versions
<ikonia> seekr: doesn't exceed my knowledge
<ikonia> but nice try at a sly insult though
<seekr> Well, I'm still looking for something genuinely useful from you.
<ikonia> all of it was useful
<seekr> So far, I've only heard criticism and slurs.
<ikonia> you've seen requests for debug information so that I can get to the answer as quick as possible for you
<ikonia> but even if what you said where true, it doesn't mean I don't know how to resolve it
<seekr> The thing is that neither of us has a way to know what might be missing that's causing that instruction to fail.
<ikonia> I'm pretty sure I can figure it out quickly
<ikonia> hence why I was asking for some information
<ikonia> it's not hard with php - it's just going to be package version/name changes most likley
<ikonia> the other thing you'll need to explain to others is if you are using 18.10 or 18.04 as php 7.2 is default in 18.10
<ikonia> and you said you where using 7.2
<ikonia> not 7.2
<ikonia> I'm not %100 sure without looking if that's true of 18.04 which I think was 7
<ikonia> (but I'd need to check that)
<ikonia> (again this matters due to package names)
<seekr> but the information you're asking for doesn't bear on the problem - I installed a few PHP modules, but the fact of their being there didn't help.  The task is to figure out what module(s) might be needed -- IF that's the cause of the problem, which I doubt either of us has any way to say is what's causing the failure.
<ikonia> seekr: it does matter to the problem
<ikonia> if you assume you don't know how to fix it, and assume I do, I'm telling you it does matter which modules are installed and which ones are missing by default
<seekr> Well, tell me what you think you need.
<ikonia> rather than argue you it, why not just provide the information to the person trying to help
<ikonia> even if you don't understand it, it's a good way to learn
<ikonia> (it's fine to not understand it by the way)
<seekr> It may well matter, but I don't see how we can figure out what's wrong with respect to missing or incorrect version modules/packages or whatever they're called.
<ikonia> I've told you it's pretty straight forward
<ikonia> you just need to work the packages through
<seekr> I admit my lack of understanding, but I'm not hearing any useful questions from you - only meta-chat criticising my logic.
<ikonia> again, if you assume you don't know, and I do, rather than constantly saying "you can't work it out" why don't you work with someone to actually work it out who is saying they can
<ikonia> seekr: then read back all the lines I've typed, I've explained multiple times why I'm asking for what I'm asking for
<seekr> Give me what you think to be a relevant question!
<ikonia> understanding the version of ubuntu, understanding what packges you added and how, knowing the php app (to work out deps)
<ikonia> understanding if it was a clean install or an upgrade
<seekr> your question??
<ikonia> those are all pretty key questions, you can then work out the package deltas
<ikonia> I've already asked them
<seekr> I need a command to use to determine version, etc.
<ikonia> you don't
<ikonia> well, hang on
<ikonia> versions of what ?
<seekr> I'm not a regular Ubuntu user (I use Linux Mint, which is based on Ubuntu, as I'm sure you know).
<ikonia> actually, I apologies, I'm taking up your time
<ikonia> I'll leave you to it, but that maybe info that helps whomever helps you
<ikonia> and it may help you get to the chase quicker
<seekr> Well, you are as long as you're give me nothing useful, including useful questions.
<ikonia> please try not to argue that it doesn't matter with those trying to help - they are normally asking for good reasons
<ikonia> seekr: I've given you multiple useful questions to debug it
<ikonia> so that you can get a quick and fatual resoution
<seekr> I'm prepared to accept that possibility, but I need a better demonstration than what you've given me thus far.
<ikonia> I don't have to demonstrate anything to you
<ikonia> I know what I'm doing
<ikonia> I've offered help
<ikonia> you don't want it (which is fine)
<seekr> You've given me nothing useful, I'm afraid.  :(
<ikonia> I'm pretty sure I have
<seekr> Well, I don't know what it is.
<ikonia> but if you can't see the importance of that information, that's fine,
<seekr> You're not talking about the actual problem, only trying to convince me of something, and I'm not even sure what it is at this point.  Thanks anyway.
<ikonia> I'm talking about the exact problem
<ikonia> it can't fully parse the index.php most likely (according to the bug report you posted) due to a missing package
<ikonia> hence why I asked for the error log to see if we could get there quicker/easier
<ikonia> and a quick search of ubuntu packages (which I did while we where talking) shows multiple package name differences between php versions
<ikonia> which backs up the basic principal of the bug report
<ikonia> so then it's just the question of which packages you need
<ikonia> (as each use case will be different due to different dependencies)
<seekr> It's "principle," actually, and as I said, there's nothing interesting in the Apache log file.
<ikonia> hence why that bug isn't really a "bug" it's just a difference between PHP versions
<ikonia> seekr: nope, fine there is nothing interesting in the logs (hence why I asked you to check it was the right file)
<ikonia> it's a hope that you get a clue to short cut debugging
<ikonia> don't always get it from the error log (although I'm very surprised you got nothing - I'd check for sure if that is the right log file)
<seekr> I looked in both error.log and access.log - which are the only ones being written to, based on their timestamps.
<ikonia> that's fine, you don't always get the answer from them, it's just a good tool to check and cut to the chase quicker
<seekr> /var/log/apache2/error.log
<ikonia> sometimes you'll see something like "could not find libphpbc.so" so you know straight away it's the bc-math package
<ikonia> which you can them map to your php version
<ikonia> (as an example)
<seekr> yes, fine, but that's not the situation here!
<ikonia> no, you don't get the output, which is why you need to work out the packages
<ikonia> the log file is just a useful short cut
<ikonia> again "useful information" and "useful questions"
<ikonia> I'll leave you to it, sorry, didn't mean to harp on
<seekr> whatever
<ikonia> ?
<ikonia> look - drop the attitude
<ikonia> if you want to use this channel, this attitude can't continue
<ikonia> (for the record 18.04 is php 7.2 too - so you're ok on that front)
<mybalzitch> is the docker snap considered production ready? I'd imagine so given how hard canonical is pushing snap
<ikonia> mybalzitch: I certainly am not confident with it
#ubuntu-server 2018-12-30
<Annoyed> Greetings. Server 18.04.1 - How do I completely disable the systemd process that does DNS for this machine? It clobbers /etc/resolv.conf upon reboot.. All I want to do is set the machine's DNS to 127.0.0.1 (Yes, BIND is running on this)
<RoyK> Annoyed: iirc that's not systemd, it's resolvconf - configure it
<Annoyed> Ok... where do you do it? I haven't found a lot of docs on this
<Annoyed> and there doesn't seem to be a command "resolveconf" installed. Or is that something else?
<RoyK> is the resolvconf package installed?
<Annoyed> Not if it doesn't come with the default install.
<RoyK> well, did you check if it's installed?
<Annoyed> But I wouldn't think you would need another package to do this. All I want to do is set the system nameserver to 127.0.0.1. I've got BIND installed, set up, and not only does it resolve my inside network seamlessly, it's also a LOT faster than tbe default DNS on this, which looks to be 127.0.0.53
<seekr> I'm finding myself unable to restore a MySQL database for a Joomla!-based site using the Akeeba backup system.  It complains that it's unable to connect to MySQL (actually, I installed the newer, better and compatible MariaDB package).  I've established that it's not a permissions problem, since I've granted access to the database for www-data, which is the UID under which Apache is running Akeeba (and everything else).  I've granted full
<seekr> permissions to that user on the database, so it should be able to create and populate tables.  In fact, I tested that capability via a terminal command (mysql --user=www-data --password=mypass dbname).  Any suggestions?
<tomreyn> find our how this software connects to databases, and enable it to do so
<seekr> oooo - I just changed the hostname to "localhost" - and got it to work - thanks tomreyn
<seekr> okay - I'm able to administer the site, but am getting a warning: "We have detected that your server is using PHP 7.0.32-0ubuntu0.16.04.1 which is obsolete and no longer receives official security updates by its developers. The Joomla! Project recommends upgrading your site to PHP 7.1 or later which will receive security updates at least until 2019-12-01."  Is PHP 7.1 compatible with 16LTS?  I'd assume so.  I tried running 18LTS but ran into a
<seekr> serious problem and had to fall back to the earlier Ubuntu release.
<teward> seekr: there's PPAs that provide 'newer' PHP versions
<teward> but you'd have to go hunting to find them, and we don't support them here technically
<seekr> hmmm, teward
<seekr> Do you think maybe it's best to just live with the warning?  (I'm probably only going to run the site on this server temporarily.)
<teward> seekr: if you're asking my opinion as a security professional, then yes, only so long as this is a 'temporary' server deployment to get things 'ready' for a production environment
<teward> if this is going to be used as production even temporarily then i would be wary
<teward> but that's the security opinion of me
<teward> the PHP code that's on 16.04 still gets Security Team updates
<teward> regularly
<teward> so I'm more inclined to ignore the warning as well because I know the Sec Team is on top of PHP security vulns
<seekr> teward: well, it kinda is going to be a production site for some indeterminate amount of time (I had problems with the server on which the site was running)
<teward> seekr: then it's up to you
<teward> but the PPAs *don't* get updates most likely so you're going to have to just ignore hte warnings if you want regular security patching
<teward> and make sure to actually DO the patching regularly :P
<seekr> okay - security is of some concern to me, since the problem I had on the previous site resulted from a PHP infection
<teward> > problem on the previous site resulted from a PHP infection
<seekr> teward: however, I don't think it entered the system via Joomla!
<teward> that means you didn't apply security patches OR there were other infection vectors
<teward> seekr: if Joomla's the only PHP thing facing the 'net then yes that was the attack vector
<teward> PHP or otherwise
<seekr> teward: Well, it's a bit more complex.  The hosting company did a clamav scan, which showed infection from a few years ago, long before I began using Joomla!, though I did run a forum under a plain old HTML based site that I think was the means by which that injection/infection entered.
<teward> seekr: also irrelevant in the long term
<seekr> teward: There may have been a second attack via a forum component, though - but clamav didn't show evidence thereof.
<teward> clamav is only good at virus scans
<teward> not vulnerabilities which is what PHP updates patch
<teward> you need more intense stuff to scan that :P
<teward> but point is
<seekr> teward: I certainly would prefer using a PHP version that's more hardened against attacks, if there is such a thing.
<teward> the security team patches the PHP binaries
<seekr> teward: sounds now as if you would recommend a PHP update
<seekr> teward: but you seem also to be saying that getting that update for 16LTS is problematical
<teward> seekr: my true opinion will take about 20 minutes to voice here
<teward> so i'll give you the cliffs notes:
<seekr> thanks
<tomreyn> seekr: teward is saying that as long as you install phph from ubuntu and your ubuntu version is supported by canoniocal, while the base php versionremains the same, security patches are backported to these older php versions.
<tomreyn> so then you have no reason to be worried.
<teward> tomreyn: his concern is PHP 7.0 vs. newer PHP rev numbers
<teward> but you're essentially correct
<teward> seekr: tomreyn did a good job with the cliffs notes.
<seekr> teward, tomreyn - right - the question is whether and how I can upgrade to 7.1 or higher under 16LTS
<teward> seekr: not while guaranteeing regular security updates
<teward> which is what I was saying
<teward> PPAs are the only way to find newer versions, and those aren't updated by the Security Team, etc.
<teward> !ppa
<ubottu> A Personal Package Archive (PPA) can provide alternate software not normally available in the offical Ubuntu repositories - Looking for a PPA? See https://launchpad.net/ubuntu/+ppas - WARNING: PPAs are unsupported third-party packages, and you use them at your own risk. See also !addppa and !ppa-purge
<teward> ^ this
<tomreyn> seekr: why is it you cannot upgrade to 18.04? i may have missed you saying this
<seekr> Let me ask a simple, if naiive question.  Is it out of the question - or just impossible, since they're not in the regular repos, to install PHP 7.1 or 7.2 on this 16LTS system?
<tomreyn> no, this was already said.
<tomreyn> it is possible.
<seekr> tomreyn: I had a long chat with someone else yesterday in which I described the problem with 18LTS.  There's apparent bug (trying to remember where) that prevents me from running an installed Joomla! site.
<tomreyn> i remember you or someone else asking why joomla does not work on an ubuntu 18.04 LTS here yesterday.
<tomreyn> but there was not much info provided, so it was not really possible to help
<teward> i'mma try and local-install Joomla in an 18.04 container
<seekr> Seems that 18 LTS doesn't have all the right support packages - or there's a flaw in the ones it installs:  https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1787886
<teward> maybe they 'patched' it :P
<ubottu> Launchpad bug 1787886 in apache2 (Ubuntu) "Upgrade from 16LTS to 18LTS breaks Apache2" [Undecided,New]
<seekr> tomreyn: yeah, it was me
<seekr> tomreyn: I decided it was too much trouble - and maybe impossible - to find a fix for that bug, since it seems the case remains open as of this date - so I downgraded to 16 LTS.
<tomreyn> seekr: do you run the latest joomla version there?
<seekr> tomreyn: yes - in fact, I just upgraded the site a few minutes ago
<tomreyn> seekr: were you running the latest joomla version before you upgraded to 18.04 yesterday?
<seekr> tomreyn: negative - but I had no way to do so, since upgrades are possible only on running sites, afaik
<tomreyn> so it wasnt working on 16.04 either?
<seekr> I never tried - I upgraded to 18 prior to restoring the site to the server
<teward> tomreyn: it looks to mel ike this is an Apache2 update breakage not a Joomla breakage if I'm reading the bug right
<teward> but...
<tomreyn> well this bug report is not... too telling
<tomreyn> seekr so which is the latest ubuntu version you had your site running on?
<tomreyn> you said you downgraded to ubuntu 16.04 (you can't downgrade releases, i assume you reinstalled and restored backups?) to make joomla work, so i assume you got it working on 16.04?
<seekr> Yes - it's on a cloud server - I just re-built the system from scratch, which the installer did using 16.04.
<seekr> tomreyn: ^^
<tomreyn> seekr: and now joomla works there, or not?
<seekr> Joomla! appears to be working just fine.
<seekr> My only possible concern is the PHP security one at this point.
<tomreyn> and you're using the default php version ubuntu 16.04 provides, right?
<seekr> I'm using 7.0, which I had to install.
<seekr> I installed 7.2 under 16.04 LTS earlier.
<tomreyn> okay, and according to https://www.joomla.org/announcements/general-news/5719-4-reasons-why-you-should-get-php-7.html joonmla supports 7.x
<teward> i feel like we're going in circles... the version of 7.0 in the repositories **does receive security updates regularly**
<teward> but not from PHP Upstream - the Ubuntu Security Team does it
<teward> sarnold among others.
<seekr> teward: you think that's good enough, then?
<teward> for the average site? yes.
<teward> but there's about 500 other hardening steps NOT RELATED to PHP that I"d do
<teward> since PHP is *not* the only attack vector
<teward> Unrelated, I have Joomla latest working Out Of The Box on a fresh 18.04 install
<seekr> teward: interesting
<seekr> teward: I wonder how you managed to avoid the bug
<tomreyn> seekr: i think if you review your upgrade strategy before you plan the newxt upgrade you'll be more successfull.
<seekr> tomreyn: I'm all ears.  :)  I'm not sure I know all the right questions to ask and actions to take.
<tomreyn> if you're considering to upgrade a server running a web application, first of all you should read up on the limits and requirements of the web application.
<tomreyn> those are suually documented, with the lowest and highest version of everything it depends on
<tomreyn> ...for every version of the web application
<teward> seekr: because I didn't upgrade 16.04 -> 18.04, I did fresh 18.04 :P
<tomreyn> i.e. joomla 3.3 probably had different requirements for the server versions than the latest joomla has
<teward> yep and you're fairly behind
<teward> it's 3.9 now heh
<tomreyn> usually you'll need to upgrade the web application first, upgrading it to the newest version available
<teward> yep
<tomreyn> if you then upgrade the server, it will often just work.
<tomreyn> but it's a matter of trying before you do it on the live site
<tomreyn> so you just clone the server first, and then try it there
<seekr> tomreyn: If it turns out I'm gonna have to run on this server for more than a week or so, I will do a careful review.  On the other server, which I hope to be able to move the site back to soon (though it's a crummy company that runs it now - used to be quite good).  In fact, I'll do that review in any case, though I have far less control on that other (shared hosting) server.
<tomreyn> and do it on the real website only if this semedd to work out and you have taken notes on what to look out for
<seekr> Well, I'm certainly learning a lot in this process.  I've never configured a server from scratch before, so it's quite an adventure!  :)
<tomreyn> the cloned site should be with the same host, in an environment as similar as possible
<tomreyn> cool, you're surely making good progress with this adventure ;)
<seekr> tomreyn: yeah - under different circumstances (like I had an actual budget to support the activity), what you're suggesting about the cloned site sounds great.
<tomreyn> the other thing to know is that there are also upgrade guides for ubuntu server, and for services you run on your ubuntu server, such as apache httpd.
<seekr> tomreyn: As things stand, I'm using an account on a freebie server - they lure in new customers by giving them a three month free trial.  Were I to configure a second virtual server, I'd no doubt get charged for it.
<tomreyn> seekr: i see. you'll have better budgets in the future if work towards doing this stuff on a professional level. but even on a low budget you can prevent most pitfalls, so the clone is not *that* important.
<tomreyn> i see what you mean
<seekr> Well, at this point, I think I'd best get back to the actual site, now that it's running -- and I'm anxious to announce it, since the site's been down now for over a week.  I'll come back and maybe have further questions as I play more with the server.  It's very good to know there's such a supportive community here (which is more than I can say for Joomla!, sadly).
<tomreyn> i think you'll be fine on ubuntu 16.04 LTS as long as you keep upgrading joomla whenever they release security fixes (be sure to know when that happens, subscribe their mailing list or whatever they have) and you keep installing security patches on ubuntu
<tomreyn> the latter can be automated (but you still need to restart affected services and reboot after kernel updates manually)
<tomreyn> to automate it, look into unattended-upgrades.
<seekr> tomreyn, teward - thanks very much for your kind assistance - I will continue to log this channel and will look forward to perusing the log.  Actually, I must confess that I'm actually a Linux Mint user.  I chose Ubuntu over Debian (on which I know Ubuntu is based) and the other alternatives since I'm somewhat familiar with the Debian/Ubuntu way of doing things.  :)
<tomreyn> for general information on running a server, read (only the parts you need, such as on web servers) https://help.ubuntu.com/lts/serverguide/
<seekr> yes, tomreyn - I always install the latest Joomla! release as soon as I get an alert that one is available, as I did just a while ago today.
<tomreyn> and reas this about upgrades and what to watch out for there https://help.ubuntu.com/community/UpgradeNotes
<tomreyn> *read
<tomreyn> good, its indeed very important to stay up to date with webapps.
<seekr> tomreyn: re "unattended-upgrades" you mean just search for that term in web-space, or what?
<seekr> tomreyn: will look at the server guide - thanks!
<tomreyn> "unattended-upgrades" is the name of an ubuntu package, which you can install ()in fact it probably already is, but not doing much by default) and can configure to install security patches automatically
<seekr> tomreyn: I'll follow all your advice.
<seekr> tomreyn: ahh - I'll look into it right away - thanks again!
<tomreyn> there is also live kernel patching, which can give you more time before you have to reboot
<tomreyn> https://www.ubuntu.com/livepatch
<seekr> tomreyn: how critical are kernel upgrades?
<tomreyn> depends on the kernel upgrade ;)
<seekr> yeah, figures  :)
<tomreyn> or rather on the vulnerabilities that got patched
<seekr> indeed
<JanC> for most websites just rebooting is probably sufficient
<tomreyn> some are critical, many are not so much. but you can only decide this if you review them every time
<tomreyn> and rebooting is usually quite quick and a minor nuisance for your users
<seekr> tomreyn: yeah - there's not that much site usage at present, so I have no qualms about rebooting as often as necessary.
<tomreyn> seekr: this lists security updates for ubuntu 16.04 LTS: https://usn.ubuntu.com/releases/ubuntu-16.04-lts/
<seekr> great - thanks again!  You're a real fount of info!  :)  I really appreciate your kindness.
<tomreyn> you can subscribe to all ubuntu security advisories here https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
<seekr> okay
<tomreyn> but you dont dtrictly have to if you have unattended-.upgrades setup properly
<tomreyn> you're welcome.
<seekr> I'll save all these links and will look at those resources just ASAP.
<tomreyn> take your time, they're not going away ;)
<seekr> Well, I'd best shove off now - but, as I said, I'll continue to log the channel.  I'll look forward to our next encounter, tomreyn & teward!
<tomreyn> alright, you'Re welcome, ask when you'll have more questions.
<seekr> will do
<JanC> it's been a long time since I looked at it; is joomla still such a security nightmare as it used to be?
<tomreyn> teward: sorry for interpreting you there earlier, i just like to try to explain things in "layman's terms" when i'm under the impression that a more precise and better language explanation may actually create a gap.
<teward> tomreyn: no problem :)
<teward> tomreyn: if you had misinterpreted I'd have thrown these ancient floppy disk ninja stars at you :p
<tomreyn> oh the ones with the sharp edges!
<teward> tomreyn: yep
<tomreyn> and with the copy protection flip thing switched so they work like barbs
<tomreyn> or was it 5 1/4 in? with the cut out? even meaner!
<teward> tomreyn: both >:D
<tomreyn> :)
<teward> ... and the few 3.5inch ones I have, i kinda squished them so the metal slide cover protecting the magnetic film inside is as flat as a blade heh
<teward> muahahahahahah
<teward> ... I also have a full printed copy of the Bash manpage that's about 50 binders thick...
<teward> ... so I can chuck those around as bricks ;P
<teward> but meh
<teward> (I need a nap, my allergies are messing with me... back later0
<tomreyn> i might respond with the ibm dos 3.2 handbook
<tomreyn> much lighter, though. and with a beautiful ascii table.
<tomreyn> ttyl
<JanC> does it include BASIC or was that a separate book?
<tomreyn> i think there was a separate book for it
<tomreyn> as well as plenty of listings in journals
<tomreyn> i wrote some games of my own back then, much fun :)
<tomreyn> just the audio situation was non satisfactory
<mybalzitch> arg, one day I'll remember how I have my network configured and learn the correct bridge to hook my docker network up to
#ubuntu-server 2019-12-24
<kinghat> what are the odds of being able to recover missing data from a drive? i hardly write anything to it
<OerHeks> testdisk gives a good chance, it finds the stuff directly .. or never again
<OerHeks> photorec, extundelete, ubcd toold
<kinghat> OerHeks: more info, my drives are in a mirror zfs pool. there's only 2 drives. dont know if that matters.
<kinghat> i have no idea when the data went missing. seems odd i mistakenly deleted it. feel like it didnt get transferred but i dont know for sure.
<OerHeks> oh, such info is important yes
<OerHeks> i have no clue about zfs and recue
<kinghat> i feel like it would be the same but i could be wrong
<kinghat> what do you mean testdisk finds stuffs directly or never again?
<OerHeks> it finds a copy of the files index, and can recover, or not
<kinghat> wouldnt the files index get updated if you deleted the files?
<OerHeks> so you have to wait for someone else with zfs, i think it is gone
<kinghat> most of the stuffs im finding is zfs specific and working with data, not like recovering data that was deleted.
<kinghat> ya testdisk says it can "Undelete files from FAT, exFAT, NTFS and ext2 filesystem"
<kinghat> ð
#ubuntu-server 2019-12-26
<kinghat> anyone around with zfs chops?
<compdoc> I use it, but it needs so little care, that years go by without messing with it
<compdoc> there are zfs channels here on freenode
<kinghat> i have found a couple. ill go see whats up over there.
<kinghat> btw, i found the data ð¤¦ââï¸
<kinghat> now i need to figure out how to utilize my 3rd drive
<ahasenack> kinghat: how so?
<kinghat> i made a dir where i thought i put the data into earlier this year. went looking for it and it wasnt there. turns out i never moved it and forgot where it was originally located.
<evit> I turned up Ipv6 on a webserver I have and I set up a AAAA for www. Do I need to create any others for it?
<tds> evit: if that's all the sites the webserver hosts, that should do - but please make sure you test it, I've seen a number of issues caused by broken IPv6 on servers
<evit> tds, IPV6 is really only for the webserver. How to test on CLI?
<tds> evit: on another machine with ipv6 connectivity, `curl -6 -v example.com` should do
<tds> evit: oh, or if you don't have connectivity yourself, there are testers you can use eg https://www.mythic-beasts.com/ipv6/health-check
<evit> There is no need to create the subdomain ipv6 anymore or is that required?
<evit> tds, thanks
<tds> if your site is example.com, you could make a subdomain ipv6.example.com just for testing, but there's no real need
#ubuntu-server 2019-12-27
<Skyrider> Greetings all
<Skyrider> Can someone tell me an alternative to cron which has the ability to do jobs in a specific year?
<jelly> apart from the obvious workaround, checking the year inside the job?
<Skyrider> Mh, didn't considering using year check in the script.
<jelly> systemd.timer(5) units seem to be able to specify an absolute timestamp with OnCalendar=
<Skyrider> Thanks, will check it out :)
<Skyrider> Lovely.. Attempted to remove disk file system, and we can't allow that
<Skyrider> https://paste.ubuntu.com/p/CsgTnb39p7/ - What I have thus far. Could be wrong, but still attempting to improve it.
<Skyrider> But thus far, getting: /etc/systemd/system/./inferno-daily.timer:8: Unknown section 'Service'. Ignoring. Attempted to remove disk file system, and we can't allow that.
<Orcs53> Hi! I've got a question for you guys. I have a Raspberry Pi 3B+ with Ubuntu Server 18.04 LTS installed, and USB webcam attached. I am trying to stream the webcam A/V using VLC, thus far I have had success streaming the Video, but not yet the audio, I note no audio device are registered in the system. What software would I need to install to get the
<Orcs53> microphone from the webcam to show as an audio device?
<Orcs53> Any help would be greatly appreciated!
<Skyrider> Wow this systemd timer is annoying...
<Skyrider> enable name.timer works just fine, but when I attempt to start it getting error printed out "Refusing to start, unit to trigger not loaded"
<ahasenack> Skyrider: a timer needs a service unit as well, do you have that, with the same name?
 * ahasenack reads up
<Skyrider> Ya, I do. Otherwise the SH file couldn't run with enable.
<Skyrider> When I run the enable command, the sh from service is being run. Just can't start it.
<ahasenack> the service has to stay put, not started. On what do you run the enable command?
<Skyrider> `systemctl enable backup.timer` - `systemctl start backup.timer`
<Skyrider> Only trying to start the timer file.
<ahasenack> and what does "systemctl list-timers" say about the backup timer?
<ahasenack> I don't remember now if one has to "start" the timer
<Skyrider> 0 listed timers, using --all it shows the inactive timer I setup, all with n/a
<ahasenack> 0 timers? Is this a normal ubuntu system, or something stripped down?
<ahasenack> you should have many timers listed, without --all
<Skyrider> I filtered by my timer name.
<Skyrider> Without any filters, the rest of the system timers shows up in the list :)
<ahasenack> ok, good :)
<Skyrider> I'll pastebin the 2 files :p might make it easier.. maybe I messed up.
<ahasenack> lemme see your paste
<ahasenack> https://paste.ubuntu.com/p/CsgTnb39p7/ is what you pasted before, right
<Skyrider> Ya, I messed up the above paste. Wasn't aware service & timer had to be there as 2 files. I assumed timer was one.
<ahasenack> a timer doesn't have... ah, ok
<Skyrider> 1 sec
<ahasenack> a timer is just another way to start a service, in the end
<Skyrider> Service file: https://paste.ubuntu.com/p/vydKfxjQzY/
<Skyrider> Timer: https://paste.ubuntu.com/p/zQWSBfxvJF/
<Skyrider> I included "requires" on a later time when it wasn't working. I often check google for some help.
<Skyrider> Still doesn't work I might add ^_^
<Skyrider> Aw, crap.. I see why it doesn't work now.. I'm stupid
<ahasenack> I think type should be oneshot
<Skyrider> Got it to work. Thanks for your assistance. I was stupid that I didn't catch on the unit name.
<ahasenack> happy to help :)
<Skyrider> Systemd has no specific seconds that it can time, does it?
<ahasenack> what do you mean?
<Skyrider> I'll ask again later when I remember what I wanted to ask ^_^, thanks.
<ahasenack> :)
<ahasenack> systemd.timer(5) has tons of options, as usual
<ahasenack> not easily digestable in one go
<Skyrider> Noticed, just a shame it takes up extra files rather than a single user cron file ^_^
<Skyrider> Ah, right.. think I know what to ask.. I think with cron, it's impossible to run cron jobs at 59's second of each minute. (1 second before hitting 1 minute)
<Skyrider> Wonder if you can do that with systemd.
<Skyrider> I use this https://crontab.guru/ to double check the cron timers in the past. Does something similar exists for systemd timer?
<Skyrider> ahasenack: Do you happen to know if I wish to make a systemd timer to run between 9 and 59 at every 10 minutes, it checks at every 10 min? Systemd seems to check only the first 9th min to run, and start after that. But doesn't check every 10 minute when to run after when its past that 9th minute.
<Skyrider> With cron I was able to use 9-59/10 * * * * for that
<Skyrider> maybe 09/10 will do the trick
<ahasenack> Skyrider: timers have a random "fuzz" added to the time, so they don't always run at the exact same time
<ahasenack> Skyrider: that is configurable, but there are many options about it and it can be confusing
#ubuntu-server 2019-12-28
<Skyrider> ahasenack: No worries, I got it.
<Skyrider> At least you can set seconds with systemd timer, you can't with cron.
<Skyrider> Thanks :)
<Skyrider> What do you mean with the random fuzz btw?
<brobert> hi, Im running 19.10.1 and Im trying to restart networking
<brobert> I read instructions to do,  systemctl restart system-networkd
<brobert> but ubuntu 19.10 complains there is no system-networkd service
<brobert> did the service name change?
<tomreyn> you're missing a 'd' there
<tomreyn> systemd-networkd
<brobert> aw
<brobert> lol
<brobert> ok that works
<brobert> Im using netplan
<tomreyn> so which instructions did you read, did they have a typo?
<brobert> or rather I was, ... but now Im afraid I screwed things up,,, because got fed up with it and uninstalled it
<brobert> tomreyn, yeah not official
<brobert> https://vitux.com/how-to-configure-networking-with-netplan-on-ubuntu/
<tomreyn> maybe contact them and tell them about it to save others if you feel like it
<brobert> So I made my netplan... and applied it... now I restarted the systemd-networkd...
<brobert> tomreyn, yeah I will set a comment
<brobert> im a little confused, I dont get anny errors from my netplan settings... Im not sure what the systemd-networkd   is doing with the config... if it fails or not
<brobert> certainly I dont get an ip or anything
<shibboleth> i was referred due to any complication caused by a default component of ubuntu supposedly being offtopic in there.
<tomreyn> brobert: so what does      systemctl status systemd-networkd     have to say, what does    networkctl    say, how about     ip link    and    ip a    , how about the systemd journal in general?
<tomreyn> shibboleth: that's untrue, i referred you here because you run ubuntu server and have questions regarding it.
<shibboleth> do any configs govern "cloud-initramfs-copymods". i has somehow managed to mount some overlay onto "/lib/modules" for several months. this has caused a lot of issues
<brobert> tomreyn, thanks..yes systemctl status gives me something
<shibboleth> it has
<brobert> wlan0 could not bring up interface
<brobert> so seems the netplan was received... but not working
<brobert> my netplan was for wlan0
<shibboleth> removing "cloud-initramfs-copymods" leaves me with a "/lib/modules" for the kernel bionic was installed with
<tomreyn> brobert: so      netplan apply     ran without errors?
<shibboleth> which is not the same kernel i'm running a year later
<brobert> tomreyn, yes
<brobert> netplan -d apply no errors
<shibboleth> which presents me with an issue if i now hope to generate a new initramfs?
<tomreyn> brobert: i'd check the journal about what's not working.
<brobert> tomreyn, how do I read the systemd journal is it in var/log?
<tomreyn> brobert: journalctl
<shibboleth> <tomreyn> shibboleth: that's untrue, i referred you here because you run ubuntu server and have questions regarding it.
<shibboleth> oh really?
<tomreyn> yes, you really weren't referred here because you were chatting "supposedly offtopic"
<tomreyn> that was entirely separate.
<OerHeks> <shibboleth> so, i remove "cloud-initramfs-copymods" .. why?
<brobert> last line of journal is   one hour ago... systemd-journald: Journal stopped
<brobert> so it crashed?
<brobert> I guess I'll reboot and try again
<shibboleth> OerHeks, to make it stop forcing an overlayfs onto /lib/modules
<shibboleth> which has given me an ulcer by now
<shibboleth> <shibboleth> do any configs govern "cloud-initramfs-copymods". i has somehow managed to mount some overlay onto "/lib/modules" for several months. this has caused a lot of issues
<shibboleth> OerHeks, uninstalling it was apparently the wrong way to handle this, are there any docs outlining anything at all re this?
<OerHeks> or what modules caused this to happen, i think "cloud-initramfs-copymods" should be possible.
<shibboleth> that isn't a valid command neither with or without that package installed
<OerHeks> yeah, curious, this last post says install it, and remove & reboot fixed it.
<OerHeks> https://unix.stackexchange.com/questions/405146/removed-lib-modules-folder-after-every-reboot
<shibboleth> yeah, same issue i read
<OerHeks> anything special, installed HWE?
<shibboleth> the other person was fortunate enough to not have updated his kernel
<shibboleth> nope
<shibboleth> i was able to resolve this by dropping the kernel, module and header .debs in /var/cache/apt/archives and reinstall the running verions
<shibboleth> but my question remains: what is the purpose of "cloud-initramfs-copymods", is it governed by any configs and who thought it would be a good idea to break the install if it is removed?
<OerHeks> UEFI?
<shibboleth> yes
<OerHeks> this is maybe one step closer
<shibboleth> the only way this was at all visible was a line in the output of "df"
<shibboleth> "copymods 1234    78780  1234   1% /lib/modules"
<OerHeks> this bugreport gives copymod could not find modules https://bugs.launchpad.net/cloud-initramfs-tools/+bug/1766723
<ubottu> Launchpad bug 1766723 in cloud-initramfs-tools "copymods puts modules out of modprobe's path" [Medium,Fix committed]
<shibboleth> it is not at all apparent how and how this overlayfs is configured and forced upon the user
<shibboleth> OerHeks, ?
<OerHeks> same as yours, cruft left so  unable to generate a initramfs
<shibboleth> "After copymods runs, modules can be found under /lib/modules/$(uname -r)/$(uname -r):"
<shibboleth> how so?
<OerHeks> this is fixed in 0.44 http://ubuntudiff.debian.net/q/uploaders/goneri%40debian.org
<shibboleth> yes still affects a fully updated bionic?
<shibboleth> question remains: do any configs govern this ubuntu-only "feature"? how/where does it force an overlayfs onto the rootfs
<shibboleth> and if it has been known to be broken on bionic, what's up with it still being broken on bionic?
<albech> what is the best practise to secure a running system. I know encryption like LUKS only secure systems at rest, but what if I wanted to secure the system from physical access while its running?
<maswan> sturdy cabinet with a good lock
<albech> where I come from the government loves to request access to digital equipment even with no or very little proof. I was wondering if it was possible to make their life harder.
<maswan> well, if you manage to cut power to the server, encryption at rest is pretty sturdy
<albech> maswan: aye, i am wondering if some door sensor to the dc could unmount the encrypted volumes and possible some internal network check if fails also could unmount.
<bipul> I have simple query to know , How to update Packages.gz file{Metadata information regarding /pool packages} inside the .iso ?
<shibboleth> i was asking some questions about "cloud-initramfs-copymods" and how it by default mounts an overlayfs at /lib/modules. this has caused quite a few issues for me over the last months and when removed managed to break the install since what's left doesn't match the running kernel
<shibboleth> OerHeks suggested that the issue has been known and fixed in v0.44 yet bionic is still at 0.40
<shibboleth> now, are there any configs governing this behavior?
<shibboleth> basically, what i'm asking is: how do i disable this behavior so that i may back up content of the overlay?
#ubuntu-server 2019-12-29
<Skyrider> Quick question if anyone is around. I'm trying to create a simple  sh script file to remove files in a certain directory on a weekly basis. While it removes the file(s) just fine, it also leave an error output in the console when I run it manually:  --> rm: cannot remove 'directory/*': No such file or directory
<Skyrider> With using a simple script line --> rm /directory/*
<Skyrider> Guess I can use -f to ignore it.
<Skyrider> Can someone point me to the right direction how to create a mv script if the file does not exist?
<Skyrider> I tried using "if [ ! -f directory/file ]; then mv directory/file fi" but that doesn't appear to work either. Still same file does not exist error.
<weedmic> how would you move a file that is not there?  can you explain it a different way and by "script" do you mean a "bash script"?
<weedmic> Skyrider: ^
<Skyrider> .sh shell script, and would only like to move the file if it exists.
<weedmic> ok, so IF it exists, then move.
<weedmic> I saw this one (I think is best)... [ ! -f src ] || mv src dest
<Skyrider> Think I tried that as well before I used if [ ! -f directory/file ]; then mv
<Skyrider> moment ^^
<Skyrider> Interesting, that worked. Wonder why the if statement didn't.
<weedmic> odd, i did this verbatim and it worked - [ ! -f del.src ] || mv del.src Documents/
<weedmic> maybe you did not understnad, this will not crash a script if the document is not found and will continue, but it will not "try" to move a non-existing document
<weedmic> i mean it will appear to work whether the doc is there or not, but not throw an exception if no document is there - it will just go to the next line (doing nothing after theh pipe)
<Skyrider> It did work for me as well, but I also found the IF [ -f src ]; then FI statement online, which didn't ^^.
<Skyrider> Making sure it doesn't throw out errors, as systemd timers loves to pop up errors if something fails.
<weedmic> :D - must be why I did not like it (nor recommend it) - i tested the one I liked before showing you
<weedmic> to me it is odd, b/c I love/need/hopefor errors - w/o them I can't fix things.
<Skyrider> ^_^ appreciate it btw, thanks :D
