#ubuntu-server 2006-07-31
<A-Kaser> hello
<AndreasBe> does anyone have experience using ldap with ubuntu?
<Veselin> hi, can anyone help me with a rather tricky problem dealing with chroot?
<Veselin> seems not to work on my setup (6.06 server i386, kernel 2.6.15-24)
<Ries> AndreasBe: I have
<AndreasBe> Ries: cool.
<AndreasBe> Ries: i'm having issues with the 'admin' group. Users in this group (ldap-posix-group) cannot use sudo. any clues.
<Ries> AndreasBe: I never used it actually for managing posix accounts..... 
<Ries> AndreasBe: I would turn on ldap debugging and see what requests are send the LDAP... maby it doesn't return something correctly...
<Ries> AndreasBe: I use LDAP for a SSO solution in a web application
<AndreasBe> Ries: ah, ok. i have debugging activated. nothing to find there. The other "special" group like cdrom, floppy or audio work fine.
<Ries> are the users really member of the group?
<AndreasBe> Ries: yeah, 'groups' issued by a ldap-user returnes all groups properly.
<Ries> what does sudo say?
<AndreasBe> i suppose it could have something to do with the /etc/pam.d/* files.
<AndreasBe> Ries: sudo asks for the password and then returns with nothing.
<derekS> i have this in my fetchmail rc file 30 nicks (30)] 
<derekS> blah
<derekS> sorry
<derekS>  mda "/usr/bin/procmail -d %s"  
<derekS> -d specifies local user
<derekS> does %s put it in?
<Ries> AndreasBe: when sudo asks for a password... do you see any activity on LDAP after you entered it, and yes.... pam needs to be configured for that... I don't have a aclue if ubuntu well set that up for you.... You can use ldap-tools for that----I think....
<Ries> AndreasBe: Last time I did that was on Debian with Samba
<Ries> AndreasBe: Oo... and that was 3.5 years ago :)
<AndreasBe> Ries: yeah, on samba its pretty nice to configure. I have edited a whole bunch of files in /etc/pam.d/ (as described in the LDAPClientAuthentication wiki article of the ubuntu wiki). There is a special file for sudo as well, but it just includes files. In the included files i have added the ldap-login to be sufficient.
<AndreasBe> Ries: i suppose a reason could be the /etc/nsswitch.conf file. "compat" is looked for before "ldap" for groups. But changing this results in a known bug using gdm to login.
<Ries> who cares about gdm :) Or are you making a thin client situattion?
<AndreasBe> Ries: yes. i'm planning to use ubuntu in a multi-user environment. ~50 PC's and 200 users. shared homes via nfs and authentification via ldap. both clients and server using ubuntu.
<AndreasBe> and yes. i need gdm ;)
<Ries> AndreasBe: Ooo yes ic...
<fryfrog> ah, spiffy
<Spec> hmm, seems like a channel to me.
<fryfrog> hi, i was interested in ubuntu as a server... anyone around?
<Spec> oh, me, me, i'm around.
<fryfrog> ahah
<fryfrog> ever used ubuntu as server distro?
<Spec> yes
<fryfrog> how do you like it as a server os?  ever used other distros?
<Spec> i like it well enough
<fryfrog> i'm getting a bit tired of *gentoo* as my server
<Spec> i've used a lot of distros
<Spec> at work I use debian on our servers though
<Spec> but if it were up to me, i'd use Ubuntu.
<fryfrog> i like the idea of ubuntu cause i'd probably go with debian, if it wasn't so old
<Spec> old is good
<fryfrog> well, that is true
<Spec> it depends on your environment
<fryfrog> i'm not looking to setup microsoft.com or anything, so i prefer a little bit new but still stable
<Spec> ubuntu is good then :)
<fryfrog> debian testing/unstable, i think i'd be happy with
<Spec> just do a minimal install though, you don't want X on a server
<fryfrog> gentoo is just a little *too* unstable :)
<fryfrog> i concur :)
<Spec> i got tired of gentoo :p, i was running it for my home os though
<fryfrog> you ever mess with chroot ssh jails, shared ftp/www, etc?
<Ries> fryfrog: I use EL4 also... and ubuntu... ubuntu is stable... EL4 also ofcourse... however EL4 is horrible support for extra module... wich comes out of the box in ubuntu, for example EL4 doesn't even have php-mcrypt... you need to get it from some DAG repository
<Spec> yes
<Spec> EL4? like RH?
<Ries> fryfrog: if you are planning on outting your server in a DC... then make sure your DC does support ubuntu... :)
<fryfrog> Ries: EL = RH Enterprise Linux (/centos)?
<Ries> Spec: EL4 like in RH enterprice....
<fryfrog> ah, no datacenter.  just my computer room with a window ac unit :)
<Spec> yeah, RHEL4 :), i hate it
<fryfrog> i'm not so fond of the rpm distros, but thats just from old bad experience :)
<Spec> and recent bad experience
<Spec> :p
<Ries> fryfrog: centos is not from RH... just something that looks liek RH... I think, I never used it..... I have a couple of clients that use EL4, and also on one of our prod servers... however I am not to happy with it
<fryfrog> know of anyplace good to read about chroot ssh/ftp?
<fryfrog> Ries: CentOS is RHEL clone
<Spec> centos compiles RHEL rpms into a free version of RHEL
<Spec> it's exactly like RHEL
<fryfrog> yar
<Ries> Spec: I hae up2date myself...... up2date doesn't hardly have any modules... and then you need to get it from some crapy repository
<fryfrog> but it is teh free :)
<Spec> chroot ssh/ftp ... hmm, there might be a page about that on the wiki
<Spec> wiki.ubuntu.com
<Spec> are you talking about UML type chroot?
<Ries> I never used CentOS, why use that when you can have something like Debian... but thn updated?!?!?! :D
<fryfrog> i guess the thing i'd really like to get done right is a proper shared web hosting environment (for my learning)
<fryfrog> i *think* what i mean is having www/ftp/ssh access, like some hosts provide to their customers
<fryfrog> i don't have any customers, but i like to learn how it is done :)
<Ries> fryfrog: ubuntu server 6 works really great out of the box... 2 weeks ago I installed software raid on a server, on top of that LVM... and on top of that XFS... all out of the box during installartion....
<Ries> fryfrog: Whule El4... only supports (Ithink) EXT3 which is to slow for my perpose....
<fryfrog> nice
<fryfrog> my gentoo box is giving my software raid5 grief at boot :(
<fryfrog> and my network cards like to swap at reboot
<fryfrog> its real fun when you reboot remotely :/
<fryfrog> anyway, i think i will snag some spare hardware and see what its like
<fryfrog> don't wanna just jump in and blow away my current server :)
<Ries> fryfrog: hehehe... well that is a config issue I am afraid... then tell teh system which nic should go on what port (eth0 or eth1) all distros can have that issue... you properly have two exact same nics in the server
<fryfrog> Ries: sort of :/
<fryfrog> Ries: they are two totally different nics (an nforce and an nge2)
<fryfrog> but they were ignoring module load order at boot :/
<Ries> fryfrog: you can configure that.... However I like a distry that doesn't overwrite my own settings in /etc... as far as I can see ubuntu doesn't do that... like Debian..
<fryfrog> fortunatly, i don't reboot much :)
<fryfrog> Ries: i ended up just *not* compiling the module for the other nic
<fryfrog> don't need two anyway
<Ries> fryfrog: I have seen it... maby the chipset is the same?? I don't know... but you can configure the system for it..
<fryfrog> and i have to specify my raid5 array on kernel boot :(
<fryfrog> no, two totally different cards
<Ries> odd... never seen that....
<Ries> onkly with teh same nics...
<fryfrog> i set it up to load one module before the other, but never could find a kernel param to force load order
<Ries> ubuntu server let's you caonfigure software raid 1 and 5 out of the box....
<fryfrog> i have the same problem with my 2 sata controllers, but it isn't a big deal
<fryfrog> its weird
<fryfrog> grub sees controller 1 first, and everything works
<fryfrog> but once booted, controller 1 is "second" :)
<Ries> sata is crap... hahahahha...althoug it perofrms nice a dev server (80MB/sec disk to disk)
<Ries> on a prod server with a 3ware it's horrible slow...
<fryfrog> sata > pata
<fryfrog> oh?
<fryfrog> i'm surprised, i've heard nothing but good things about 3ware
<fryfrog> though, sata is no scsi of course!
<fryfrog> i got the free ubuntu dvds :)
<fryfrog> i wonder, does it have the "server" install?
<fryfrog> option
<fryfrog> anyway, thanks for the info
<Spec> fryfrog: re networking cards swapping on boot: look into /etc/iftab
<derekS> procmail pisses me off
<derekS> anyone wanna help me with a "recipe"
<uniq> what's your problem with it? 
<uniq> I only use it for simple filters.. don't know how much i can help.. but anyway.
<_j> hi
<_j> how to enable masquerading or natting ? ive tried this(http://www.rafb.net/paste/results/t69pXZ63.html) but it doesnt work
<Ries> _j: I would suggest install shorewall :)
<Ries> _j: really... I use it for all my server and never did let me down... if you really want to use iptables then I cant help you... it's to cryptic for me
#ubuntu-server 2006-08-01
<_j> thanks ries :)
<derekS> can someone help me with installing a spam filter (like spam assasin)
<derekS> i am not sure where it fits into my system
<Ries> derekS: I remember I followed the spam assasin totorial one day..... and stall it using apt.get and then go...
<Zambezi> derekS, /join #spamassassin
<derekS> Zambezi: my question is more theoretical
<Zambezi> derekS, Or how it's spelled.
<derekS> i am using fetchmail to dl mail from my servers, and procmail to distribute it
<derekS> where does this fit in?
<derekS> it gets distributed to ~/Maildir
<Ries> derekS: Don't you have a mailserver running like postfix?
<Zambezi> derekS, I think they can answer that in spamassain. I think spamassasin make rules and with like fetchmail and fetchmails doesn't "transfer" the mails to your client.
<derekS> Ries: i am pulling from multiple imap accounts that i have no admin control over
<Ries> I do think you can start spamassasin and pasy anything through it...
<Ries> derekS: still if you have a local MTA running... it can take care of distribution... I used to do that when I was on dailup
<Ries> and no MX record pointing to my server......
<derekS> cool
<derekS> i will look into that
<J_P> hi all
<derekS> hi
<J_P> people, I install ubuntu server dapper on the CPU VIA Nehemiah 1.4GHZ, install ubuntu-server was OK, but in first boot ubunut dont boot.. :-(
<J_P> grub start, linux try umpack and stop with this message :
<J_P> "booting kernel linux...." and stop
<J_P> during install ubunut-server use kernel 2.6.15.23-386, but after ubunu server finish to install kernel 2.6.15-23-server is installed right
<J_P> mey this is the problem.. that ...-server kernel is not supported by VIA ?
<J_P> anyone ? any idea ?
<J_P> correct message when stop is : "Uccompressing Linux... OK, bootin the kernel."
<J_P> after this boot prcess stop
<J_P> hey all, anyone can help me ?
<J_P> if is ..-server the problem, that not suppoert VIA... so, are there some alternative ? Like as boot with livecd, mount hda1 as chroot and instal via APT 386 kernel for can boot ?
<skateinmars> don't you have the choici via the grub boot menu ?
<skateinmars> *choice
<J_P> skateinmars: NOT
<J_P> only ...-server one grub
<J_P> after ubunbu-server are installed
<skateinmars> so maybe the problem isnt with this particular kernel
<skateinmars> did you try the livecd on this computer ?
<J_P> skateinmars: yes, live cd are ok
<J_P> skateinmars: I'm doing chrrot and installing linux-386
<J_P> via ubunut livecd desktop
<skateinmars> ok
<J_P> skateinmars: but problema is ...-server don't support via processor :-(
<J_P> this is a very problem, becouse many people use VIa as server..
<J_P> I always use this..
<skateinmars> weird...
<J_P> why ?
<skateinmars> why woudln't it support the via processors ?
<J_P> skateinmars: mey me ububnu server core team know :-)
<skateinmars> :)
<J_P> YES... after install linux-386 via chroot now ubunu-server are booting fine :-)
<skateinmars> ok :)
#ubuntu-server 2006-08-02
<A-Kaser> poy poy
<Astinus-> in which package can i find CC, C compiler? 
<A-Kaser> gcc
<Astinus-> i installed it, but no cc
<A-Kaser> ?
<Astinus-> only gcc
<A-Kaser> what do you try to compile ?
<infinity> Astinus-: /usr/bin/cc sure as heck works over here.
<infinity> (base)adconrad@cthulhu:~$ cc -v 2>&1 | tail -n 1
<infinity> gcc version 4.1.2 20060715 (prerelease) (Ubuntu 4.1.1-9ubuntu1)
<infinity> Of course, that's still gcc, but I'm not sure what you're expecting.  This isn't Solaris, our system compiler *is* GCC.
<J_P> hi all
<A-Kaser> hum
<A-Kaser> I try to remove quagga on ubuntu-server
<A-Kaser> and it's not possible ...
<A-Kaser> dpkg --force-all -purge quagga
<A-Kaser> don't work
<A-Kaser> idea ?
<infinity> A) never use --force-all
<infinity> B) Why are you purging with dpkg directly, instead of a higher-level package manager?
<infinity> C) What's the error message?  "don't work" isn't helpful.
<infinity> D) This isn't a support channel.
<A-Kaser> because I use apt-get and dpkg everytime
<infinity> But I suggest "apt-get --purge remove quagga"
<A-Kaser> never a high level packages
<A-Kaser> apt-get --purge it's same as dpkg
<infinity> No, it's not.
<infinity> It handles dependency removal.
<infinity> dpkg just tries to remove what you tell it to, and fails if that doesn't work.
<A-Kaser> yes 
<A-Kaser> and I prefer
<A-Kaser> because if I have other program which need the lib without depend 
<A-Kaser> apt-get remove the lib
<infinity> Err, come again?
<infinity> quagga's not a library, and no libraries depend on it.
<infinity> If you're talking about automatic removal of "auto-installed packages", you're thinking aptitude, not apt-get, and that's not what I meant.
<A-Kaser> for quagga yes
<A-Kaser> I speak in general
<infinity> If you remove A, and B depends on A, B should be removed also.  Otherwise you just broke your system.
<A-Kaser> the problem is not this
<A-Kaser> I install C
<A-Kaser> C work alone
<A-Kaser> but C can have a new feature if I add another lib
<A-Kaser> So I install lib B without dependecy
<A-Kaser> after I install application A which need lib B
<infinity> Yeah, you're thinking of aptitude.  Not apt-get.  I just said that.
<infinity> apt-get will only remove things to prevent you from breaking stuff, it won't remove things cause it thinks you "don't need them anymore".
<A-Kaser> if you remove A with depedendy B so application C lost is new feature
* infinity gives up.
<A-Kaser> http://pastebin.ca/112022
<infinity> I go back to my statement (D).  This isn't a support channel.
<A-Kaser> it's ubuntu-server
<A-Kaser> and I suppose quagga is not a user service
<infinity> Looks like a bug in quagga.
<A-Kaser> or most of people have BGP at home may be ?
<A-Kaser> so I don't live in the same galaxy as you
<infinity> dpkg-reconfigure quagga, tell it to stop the daemon on package removal, then remove it.
<A-Kaser> same
<infinity> I used to advertise BGP routes at home, actually.
<infinity> Until I moved and seriously downgraded my network.
<A-Kaser> lool
<infinity> Anyhow, file a bug if you'd like to see this properly fixed.  I'll forget about it by morning if you don't.
<infinity> But from the output, I'm guessing that "dpkg-reconfigure quagga", picking a different option, then purging the package will have you happy.
<A-Kaser> I don't want to reconfigure it
<A-Kaser> but I do it before in hope quagga become 'stable' to be unsintalled
<infinity> I know you don't want to reconfigure it, but it appears to be tripping specifically on a stupid debconf setting (and a broken postrm that doesn't deal with it right), so just humour me.
<infinity> And note that these sorts of answers can be given to you in #ubuntu.  The fact that quagga is a daemon has nothing to do with it, this is just a packaging bug, as could be found in any package.
<A-Kaser> sure
<A-Kaser> and for you
<A-Kaser> what is a server question ?
<infinity> This is a development channel.
<infinity> But if you have really fascinating questions that are a bit more than "I can't purge a package, help", we sometimes take pity and have fun debugging.
<A-Kaser> lol
<A-Kaser> -ChanServ- [#ubuntu-server]  Ubuntu Server Discussions (development and support)
<infinity> Yes, ChanServ lies.  I think Fabio created the channel, so I'll make him fix it.
* ..[topic/#ubuntu-server:infinity] : This is a development channel, for the planning and co-ordination of Ubuntu Server CD images, installation methods, kernels, and related package sets || Please take support questions to #ubuntu
<infinity> At least we can have an accurate topic.
* infinity decides to go to bed.
<A-Kaser> gn
#ubuntu-server 2006-08-03
<cha_cha> hey there. would anyone have any good recommendations as to how to set up a mail server?
<Ries> cha_cha: that highly depends on your situation I guess, are you an office, an ISP, home user how much mail, how are you connected etc etc
<cha_cha> just a home user - this will be my personal email for my personal server
<cha_cha> actually let me move forward a bit
<cha_cha> im installing postfix right now,
<cha_cha> and in the question "local networks?" the default is 127.0.0.0/8
<cha_cha> should i leave that alone,
<cha_cha> or set it to the server's IP?
<skateinmars> youcould set your local ip
<skateinmars> something like 192
<skateinmars> 192.168.x.y
<cha_cha> okay
<cha_cha> does it matter though?
<skateinmars> i don't know, but I don't think this is really necessary
<skateinmars> I have a few tutorials about it but, only in french ;)
<cha_cha> haha well okay
<cha_cha> okay, when i try to enter echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf in the command, i get an error that says permission denied
<cha_cha> i tried sudo first
<cha_cha> still didn't work
<skateinmars> the > and >> does not work with sudo
<cha_cha> remove them?
<skateinmars> do a "sudo -s" before to become root and then enter your command with the >
<cha_cha> so it should look like this:
<cha_cha> sudo -s > (command)
<skateinmars> no
<skateinmars> first "sudo -s"
<skateinmars> then
<skateinmars>  echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
<cha_cha> ahh thank you
<skateinmars> and "exit" to become a normal user again
<cha_cha> okay
<skateinmars> nope
* Ries always does sudo sh  :)
#ubuntu-server 2006-08-04
<sanmarcos> ubuntu server rocks :)
<sanmarcos> is there a way to update from normal ubuntu to ubuntu-server?
<NineTeen67Comet> Hello all .. I know I'm missing something simple... I can access my server via https (or http)://192.168.0.2:631 and I get the main CUPS screen. But when I attempt add printer, I get "403 Forbidden" .. what'd I forget to change?
<JamieG> hi
<JamieG> can someone explain why ubuntu-server is better than ubuntu if you want to run a server like computer
<JamieG> ?
#ubuntu-server 2006-08-05
<Linuturk> !LAMP
<Linuturk> and that is why I love a LAMP server :)
<Linuturk> one command
<Linuturk> and it's up and running :)
<sanmarcos> is it possible to update from dapper to ubuntu-server?
<sanmarcos> are there any fundamental changes in packages?
<jimcooncat> how do I take a full dapper installation back down to a "server" install? aptitude purge xserver-xorg?
<infinity> Uhm, you pretty much don't try.
<infinity> But if you look at everything that "ubuntu-desktop" depends on and remove all of those packages, that's a good start.
<infinity> It'll leave a lot of libraries behind, etc.
<jimcooncat> I'm renting a "computer" from a uml web host
<jimcooncat> they have a full dapper install, but they also have debian sarge
<infinity> They seriously do a full install on a colo machine?  That's just wrong.
<jimcooncat> maybe I could work from their little sarge install to upgrade to dapper?
<infinity> We provide the minimal and server installs for that very reason.
<infinity> Can't you just ask them to pick the "server" option on the Ubuntu install CD?
<jimcooncat> I guess some people like to use it for testing, vnc, or whatever
<infinity> (Which doesn't install the server kernel, unless it's a server CD, but it won't install all the desktop junk)
<jimcooncat> I have to use one of the providers custom kernels anyway
<infinity> Anyhow, were I in your place, I wouldn't care what they installed, Debian or Ubuntu, because I'd just debootstrap a new root filesystem, move it into place, make grub happy, and reboot.
<infinity> Oh, right, UML. You can't do that either.
<infinity> Not as easily, anyway.
<infinity> Well, I suppose you can, the steps are just different.
<jimcooncat> maybe I'll just stick with sarge and backports then
<jimcooncat> just would be nice to have all my computers on dapper
<infinity> Well, upgrading a minimal sarge installation to dapper should be fairly drama-free.
<jimcooncat> really. just change repos and dist-upgrade?
<infinity> I did sarge->breezy->dapper with no real issues.
<infinity> Yeah, if it's a base install, there aren't many packages there anyway.  And most of the complex upgrade paths should be skipped.
<jimcooncat> I did a dist-upgrade from warty to breezy with no probs on their system
<jimcooncat> good, I'll give it a shot then. I've no investment in the current install.
<jimcooncat> thanks for your help, infinity 
<infinity> NP
#ubuntu-server 2006-08-06
<NineTeen67Comet> Hi all .. "little" cups problem .. I recently tried to access my server via http://192.168.0.2:631 and it got me to the cups front page, but I can not add printer or anything administrator related with out an Error 403 page .. help? The /etc/cupsd/cupsd.conf page doesn't have /admin on it like the standard page .. How can I allow this computer access to my server's cups screen?
<Ries> NineTeen67Comet: if you try this from your localhost... is it then possible? 8
<NineTeen67Comet> It's a headless server, so no I can not use localhost .. that is what's killing me .. that and there is no /admin section on Ubuntu's /etc/cupsd/cupsd.conf file .. I'm reading a Debian.gz file now that has some examples though ..
<Ries> NineTeen67Comet: then checkout Cups access rights system... I know localhost is enabled by default, anything else needs to be configurated
<Ries> NineTeen67Comet: one hint... you can install vnc on the machine to get a esktop...
<NineTeen67Comet> WooHoo .. got it working .. well, I am in "add a printer" at least .. lol
<NineTeen67Comet> VNC is awesome, but there is no x-server on my server .. it's strictly LAMP / SAMBA / CUPS ..
<Ries> NineTeen67Comet: then indeed you need to configure it by hand... it's not to differcult from what I remember
<NineTeen67Comet> Naw, looks like it's all going to be fine .. Just had to RTFM a little better on my part .. 
<NineTeen67Comet> Thank you for your time Ries .. much appriciated .. 
<jimcooncat> I upgraded a small sarge install to dapper, is there a package for all the tools that would come with a server install: ubuntu-minimal?
#ubuntu-server 2007-08-03
* Starting logfile irclogs/ubuntu-server.log
<kraut> moin
<stiv2k> how do i set a static ip for my server
<stiv2k> nvm
<stiv2k> <3 google
<juliux> ood morning
<Drazha> odd morning
<baggito> odd afternoon
<Drazha> soon enough
<Drazha> it will be day
<Drazha> and then evening
<Drazha> and then....
<Drazha> the night shall fall#
<Drazha> so anyway...
<Drazha> WHY Ubuntu Server?
<baggito> because we're used to ubuntu now?
<baggito> and have faith in their dogma
<Drazha> just because of that?
<Drazha> that dogma being?
<baggito> mmmm
<baggito> something about linux and humans
<juliux> Drazha, ubuntu rocks, that is all, and pls no flamewars;)
<Drazha> actually I am not trying to start a flamewar, honest to god
<Drazha> I am just trying to understand, is all
<juliux> Drazha, i use ubuntu on servers because i have ubuntu on all my desktop computers and i knwo how to work with ubuntu systems, so it is easier for me to have ubuntu on the server then debian or gentoo
<juliux> Drazha, i only have to read one security liste, i only have to test the upgrades on one system
<juliux> so its less work for me
<baggito> that's basically my idea too
<baggito> ubuntu on desktop, ubuntu on server
<baggito> develop on desktop, deploy on server
<baggito> it's much easier if you don't have to start dealing with package-version skew or trans-location of files
<juliux> Drazha, and if i found a problem on my desktop i can fix it theren then i know that this problem can be also on my server but then i know how to fix it
<Drazha> hm, ok, so lets say I find that ubuntu has an old version of some app
<Drazha> i am back to compiling from scatch and sources?
<soren> Drazha: Depends on the app.
<juliux> Drazha, i also compile some apps. for example qmail
<soren> Drazha: Generally, if you're the kind of person who needs a lot of recent software, you *really* want to be running the latest release.
<soren> Drazha: And generally, the software in the lastest release should be quite recent.
<soren> Drazha: Also, for some packages, it not really all that difficult to backport it yourself.
<soren> Drazha: Are you thinking of any particular app or just asking a general question?
<Drazha> just a general question
<Drazha> you see, the only reason why I stay on the edge of development because a lot of security features are intriduced, such as in antispam etc...
<Drazha> sometimes when one needs to upgrade its living hell
<Drazha> so I kinda thought maybe freebsd would be kewl, but i have issues with that...
<Drazha> and I havent used debian nor ubuntu that much in server variant to know much about issues such as upgrading etc
<soren> Drazha: My upgrade habits are not really sane, so I can't say for sure, but I think generally upgrades are pretty smooth with Ubuntu Server.
<soren> (I upgrade at some point during the development cycle, so that doesn't really count)
<Drazha> ok so whats the difference between ubuntu desktop and server? no X stuff?
<soren> Drazha: it's the same software repository, so the only real difference it the selection of software that gets installed by default. X for instance is not installed by default on servers.
<Drazha> I see
<Drazha> so just a package selection that is different
<soren> Drazha: Yes.
<Drazha> if I were silly, I could pretty much easily install just abount anything and make the box everything and nothing
<soren> Drazha: Yes. You can easily take a server install and install gnome on it, and presto, it's a desktop! :)
<soren> Drazha: Except for the different kernel, of course.
<Drazha> a server desktop :)
<soren> Drazha: The servers get a different kernel installed by default.
<Drazha> hm, they develop a server kernel and a desktop kernel?
<Drazha> hehe, this would not have to do with the recent scheduler conflict?
<soren> Drazha: I can't remember all the differences, but stuff like using a different i/o scheduler and a lower HZ.
<Drazha> :))
<Drazha> oh well, I guess it does make sense
<Drazha> but I guess one could install both kernels and switch if one is so concerned about that
<Drazha> not that running a web app on a box with gnome on it makes sense, but what the hey
<soren> Precisely. They share the same repository, so you're not tied into anything.
<Drazha> which basically then boils down to, which default MTA is ubuntu using, for example?
<soren> None :)
<soren> We have a no-open-ports-by-default policy.
<soren> ..so we don't install an MTA by default.
<soren> Exim and Postfix are both in main.
<Nafallo> hmm
<Nafallo> do we still? :-)
<soren> Nafallo: still what?
<Nafallo> soren: have that policy. I thought 5353 had been opened.
<soren> Nafallo: Ah, have a no-open-ports-by-default policy?
<soren> Nafallo: mdns is a bit special :)
<Nafallo> in what ways? :-P
<Nafallo> it
<Nafallo> it's still an open port
<soren> Nafallo: You need to remember that even though we have a no-open-ports-by-default, we still have DNS and DHCP installed, for instance.
<Nafallo> soren: do we really?
<soren> Nafallo: clients.
<soren> Nafallo: They listen for stuff on the network. That's how they work :)
<Nafallo> soren: clients doesn't open ports be default no...
<Nafallo> soren: dns doesn't listen. it asks.
<soren> Nafallo: And how do you think the response gets back?
<Nafallo> same with dhcp
<Nafallo> soren: well, that's not what we mean by no open ports :-)
<Nafallo> soren: ofcourse epiphany open ports when I try to talk to T/80 :-P
<soren> Nafallo: That's different.
<soren> Nafallo: It's TCP connections.
<Drazha> hm
<Drazha> well what about ssh? :) is that closed by default as well? :))
<soren> Nafallo: Hang on, there's a wiki page about all of this.
<soren> Drazha: Not installed.
<Drazha> so how the heck do you get in your box remotely?
<soren> Drazha: We ship it on the CD, so it's super easy to install it, but it's not installed by default.
<Nafallo> soren: there is no open port for DNS on my client.
<soren> Nafallo: Try making a dns query and watch your netstat.
<Nafallo> soren: two udp for mdns and one for dhclient.
<Nafallo> soren: sure, but that's not open by default.
<soren> Nafallo: No, but it's not closed either.
<Nafallo> soren: that's open on request.
<Nafallo> soren: it is closed by default :-)
<Nafallo> soren: if the client does not do a request it's closed.
<soren> Nafallo: Yes, but the point is that when it's open, anyone can send stuff to it that might exploit a security hole.
<Nafallo> agreed. but that's a pretty small chance they'll be able to see the port open and get to send data their in the time-frame :-)
<Nafallo> there even
<Drazha> hm, whats mdns anyway? I've seen it being mentioned before but was to lazy to google it
<Nafallo> automatic service discovery
<soren> Nafallo: A small chance is all a dedicated malicious person needs.
<Nafallo> well, you can't talk to thinks if you don't listen for answers. if you're that paranoid you shouldn't even have the PC connected to electrical power.
<Nafallo> s/nk/ng/
<soren> Nafallo: I'm not suggesting that we should disable dns or dhcp.
<Nafallo> good ;-)
<soren> Nafallo: I'm just pointing out that there *is* in fact stuff that evil-doers can connect to if they want.
<Nafallo> sure, but most scriptkiddies can't :-)
<Nafallo> the chance getting struck by those are fairly much higher.
<soren> Nafallo: Sure they can. Just keep flooding until it opens up.
<soren> Nafallo: a) the code has been audited many times, b) we can't really live without DNS capabilities.
<soren> Nafallo: Hence, we accept this (minimal) risk.
<Nafallo> then scriptkiddies must have became much better in the last years then :-)
<soren> Nafallo: They just have more bandwidth :)
<Nafallo> hm. food. bbl.
<soren> Nafallo: The mdns code has been audited, and the impact of a compromise has been deemed very small.
<soren> Nafallo: On servers, though, we don't install it by default.
* soren -> lunch
<Nafallo> I know :-)
<boxrock> can someone tell me how i play a wav file from shell? i get "oss_audio: failed to open audio device /dev/dsp" from flite
<sommer>  boxrock: you can try aplay.  
<sommer> comes with alsa-utils
<boxrock> aplay x.wav => PULSEAUDIO: Unable to connect: Connection refused
<sommer> is the module for your sound card loaded?
<boxrock> i can play the wav file from GUI
<boxrock> but i need CLI
<sommer> mmmm...mplayer works from CLI.  Kind of a big package though.
<baggito> mplayer is a good choice. it's quite robust
<baggito> esdplay aswell, if you're using ESD
<baggito> wait no. i'm talking crazy
<baggito> yes it's in esound-clients package
<lamont> soren: listening on 127.0.0.1 is allowed under the no-open-ports policyu
<soren> lamont: Right.
<soren> lamont: Have I said otherwise?
<jdstrand> dendrobates: good morning
<jdstrand> dendrobates: got your email about auth-client-config-- thanks
<dendrobates> good morning
<jdstrand> dendrobates: I also go the email about the change in the wiki.  notably:
<jdstrand> wait a sec, I think I misread it
<jdstrand> ok so no migration script?
<dendrobates> no, in the interest of time
<jdstrand> seems reasonable.  your assertion here may be over simplified:
<jdstrand> If /etc/libnss-ldap.conf or /etc/pam_ldap.conf exist, notify user that he must manually migrate the files
<dendrobates> feel free to modify it.
<jdstrand> in the case that the libnss-ldap and libpam-ldap may not be purged
<jdstrand> but removed
<dendrobates> true.
<jdstrand> will ldap-client-config depend, suggest, or recommend one or both of libpam-ldap and libnss-ldap?
<dendrobates> I am working on  a dependency tree now.
<jdstrand> ldap-client-config could conflict with a versioned libnss-ldap and libpam-ldap, then when libnss-ldap and libpam-ldap are upgraded, they can remove those conffiles
<jdstrand> but then you'd need to be sure that they got upgraded before ldap-client-config
<dendrobates> that will work if a user installs ldap-auth-client.  It will install everything.
<dendrobates> But there are some complexities I am still learning.
<jdstrand> right-- but on a standard upgrade, ldap-client-config wouldn't get installed yet
<jdstrand> I am looking at this backward.
<jdstrand> libnss-ldap must depend on ldap-client-config to have any configuration at all
<jdstrand> libnss-ldap gets upgraded, and removes the old conffile
<dendrobates> It does.
<jdstrand> ldap-client-config create /etc/ldap.conf
<jdstrand> ldap-client-config doesn't have to care at all about libnss-ldap.conf 
<jdstrand> it could just warn the user that the confiles have moved around, if they are found
<jdstrand> but the user is forced to use ldap-client-config to configure
<dendrobates> yes.  I think it all works, but I need to look at all the use cases to make sure.
<jdstrand> it does not provide a smooth upgrade though-- meaning pre-existing configuration is not preserved.  :(  But that was punted anyway
<jdstrand> at least for gutsy
<jdstrand> gutsy+1 is LTS?
<dendrobates> yes.
<jdstrand> so work could be done on the migration script for dapper to gutsy+1
<dendrobates> I'm thinking of checking for the old conffiles at preinst, and kicking out before install so the user can fix it. What do you think?
<dendrobates> yes on the dapper to gutsy+1
<dendrobates> the problem is once the new pam_ldap and nss_ldap are installed there old confiles are useless and the system is broken.
<jdstrand> to my thinking, if libnss-ldap and/or libpam-ldap are installed or removed but not purged, you will always hit that condition
<jdstrand> on upgrade of course
<dendrobates> true.  It will require user intervention.  Either migrate or purge than install.
<dendrobates> brb
<jdstrand> maybe for gutsy, an informational message stating the the conffile has moved to /etc/ldap.conf, but that it cannot be migrated and that they will be prompted for configuration via ldap-client-config
<jdstrand> s/migrated/migrated automatically/
<jdstrand> this would have to be done in both libnss-ldap and libpam-ldap
<jdstrand> could also talk about the benefits of using a unified conffile, to make the pill go down easier.  :)
<jdstrand> really-- since libnss-ldap and libpam-ldap will depend on ldap-config-config, you could put that message in ldap-client-config
<jdstrand> as such, maybe rather than removing libnss-ldap.conf and pam-ldap.conf, those should be moved to libnss-ldap.conf.obsolete and pamldap.conf.obsolete, and the user told about that, so that the files are still available to compare with /etc/ldap.conf
<dendrobates> jdstrand: are you talking about gutsy or gutsy +1
<jdstrand> gutsy
<jdstrand> gutsy+1 can keep working on migration script
<jdstrand> for gutsy+1, only give message to user if the migration failed
<jdstrand> these are ideas mind you.  but seems to work
<jdstrand> to summarize my thoughts:
<dendrobates> So you want to rename, and configure no matter what?
<jdstrand> for gutsy-- yes, unless that migration script is ready
<dendrobates> I see what you are saying, but I am not sure that pitti will be satisfied.
<jdstrand> I don't find it particularly satisfying
<jdstrand> :)
<jdstrand> libnss-ldap and libpam-ldap *must* depend on ldap-client-config -- that is a given
<dendrobates> I've already modied them to do that.
<dendrobates> s/modied/modified/
<jdstrand> problem is, on upgrade, without a migration script, I can't see how to do a smooth upgrade, unless you just pick one to copy over
<jdstrand> perhaps that is a solution for gutsy.
<jdstrand> message: I have detected libnss-ldap.conf.  This file is obsoleted by /etc/ldap.conf.  I can copy it over for you, or you can use ldap-client-config to create a new /etc/ldap.conf"
<jdstrand> that is the gist, not the actual message
<dendrobates> But what about pam_ldap.conf? Which do we use?  And we would also have to migrate the *.secret file if it exists. 
<jdstrand> if both libnss-ldap.conf and pam-ldap.conf exist (highly possible with removed but not purged packages), you are in a bind though
<dendrobates> That is the dilemma.  I wish we had more time to solve it, but we need to iron this out so it can get approved for gutsy.
<jdstrand> why did you remove the checks for the .so files from the spec?
<dendrobates> Because that is part of the migration, and I was deferring it.
<jdstrand> deferring to what?
<dendrobates> deferring it to gutsy+1
<jdstrand> checking for the .so solves the purge/remove discrepency
<jdstrand> if .so and conf, then cp
<jdstrand> if !.so and conf, ignore
<jdstrand> that could be optimized...
<jdstrand> if .so, then cp
<jdstrand> if !.so, then ignore
<jdstrand> if libnss.so and libpam.so, then prompt for manual intervention
<jdstrand> (don't know if those are the actual .so filenames off-hand)
<jdstrand> but you get the idea
<dendrobates> I agree with all that you are saying, but I want to get it approved in the simplified way, than if we have time to do a little scope creep before gutsy, fine.
<eikke> grmbl
<eikke> something's doing an invalid "GET /" request (no http version etc) on a regular base to my https server, request coming from localhost going to localhost
<jdstrand> I agree with you too, I just don't think it can be done in a optimal way with conffiles alone
<jdstrand> because of remove vs purge
<eikke> every 10 minutes or so it does 2 consecutive requests, but I got no clue what causes this, and I hate that feeling
<dendrobates> we can check  apt for the status of the packages.
<jdstrand> in my experience (and this is esp true with ldap), many people try libpam-ldap and libnss-ldap (lots of different howtos and docs out there)
<dendrobates> jdstrand: I have to meet some people for lunch.  Will you be around later?
<jdstrand> yes-- after lunch for me too (EST)
<dendrobates> ok later then.
<eikke> ah, I just set up pam/nss-ldap today :)
<lamont> ScottK: you wanna request the 2.4.5-1 sync:?
<ivoks> 'evening
<mathiaz> ivoks: hi
<ivoks> i suggest closing bug 37027
<ubotu> Launchpad bug 37027 in samba "Fails to install" [Medium,New]  https://launchpad.net/bugs/37027
<ivoks> this must be product of some unsupported upgrade/install
<ivoks> and it doesn't happen on dapper->edgy, edgy->feisty and feisty->gutsy
<ivoks> even if it does happen on breezy, oh well, it isn't supported anymore :)
<mathiaz> ivoks: it seems that someone was hit by the bug from dapper -> edgy
<ivoks> i've tested that enviorment
<ivoks> there is no sign of K09samba in /etc/rc*.d/
<ivoks> that must've been some leftover from prerelease versions
<ivoks> or product of some other package
<mathiaz> ivoks: hum. There is a line "samba/generate_smbpasswd doesn't exist"
<mathiaz> ivoks: in the output of one apt-get install
<ivoks> and that's wierd too
<ivoks> cause that exsist on dapper
<ivoks> and all other versions
<ivoks> take a look at
<ivoks> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/45229/comments/1
<ubotu> Launchpad bug 45229 in samba "dangling symlink: /etc/rc2.d/S91samba (dup-of: 37027)" [Medium,Confirmed]  
<ubotu> Launchpad bug 37027 in samba "Fails to install" [Medium,New]  
<ivoks> all reported in may
<ivoks> we had no stable dapper release in may
<infinity> ivoks: That bug's the product of some bizarre breakage in the gnome network applet, from eons ago.
<infinity> ivoks: It keeps cropping up, though, which irks me, because I swear I can't find the offending code anywhere anymore.
<ivoks> i belive you, cause i did almost 100 samba installations
<ivoks> i've never seen this
<ivoks> looking at changelog of sama
<ivoks> you did an upload on may, 17.
<ivoks> all bugs were repotred 17., 18. and 19.
<ivoks> all but this one, which was 2006-03-28
<ivoks> (take a look at duplicates of 37027)
<ivoks> i would close it...
<ivoks> we should have a resolution 'This is alien stuff'
<ivoks> looking at the diff from earlier version, there isn't anything
<ivoks> this isn't samba bug
<ivoks> i'm sure.
<ScottK> lamont: I'll take care of it.
<lamont> ScottK: thanks.
<ScottK> No problem.
<ScottK> lamont: How you spend you time is your business, but in my experience trying to give Kmos help is an extremely unrewarding experience.
<infinity> ScottK: But my debdiff was so CoC-friendly!
<ScottK> I'm just saying.
<infinity> Okay, had the changelog entry had s/\./, asshat./, it may have been better.
<ScottK> I'd appreciate it if a core-dev would ack my Postfix sync bug to the archive.  Bug #130214
<ubotu> Launchpad bug 130214 in postfix "Please sync postfix 2.4.5-1 from Debian Unstable (Main)" [Wishlist,New]  https://launchpad.net/bugs/130214
<infinity> lamont: You aprove of the sync?
<lamont> infinity: yep
<infinity> lamont: If so, I'll sync it right now.
<lamont> it supersedes the ubuntu fixes
<ScottK> Cool.
<lamont> which ScottK did and I merged.
* ScottK likes seeing merged from Ubuntu in Debian debian/changelogs.
* lamont doesn't even have a -2 unreleased in his git tree yet
<lamont> ScottK: debian package, in git on an ubuntu machine... it's all good.
<ScottK> Even better.
<ScottK> I liked that part of debian/changelog too.
<lamont> there was a DD who didn't really like it, pointed out that git.debian.org exists
<ScottK> And why should a DD be upset if Canonical is paying for the web space to host a Debian package?
<infinity> ScottK: Done.
<ScottK> BTW, my only solution so far to the personality we were discussing earlier is to just stay off channels he's active on.
<ScottK> infinity: Cool.  Thanks.
<LiENUS> on a fresh LAMP install how to i use mysql?
<lamont> infinity: thanks
<lamont> ScottK: I refuse to let someone else determine what channels I don't visit.
<infinity> lamont: Don't visit this one ever again.
<infinity> (And I could totally back that up if I knew who owned it..)
<lamont> :-P
<ScottK> In general, I agree, but in his case he does so much damage, it gets me so upset, it's not good for me or Ubuntu.
* lamont considers kick-banning infinity from #ubuntu-devel
<infinity> Oh, FFS, we never registered it.  It has no owner.
<lamont> infinity: fix that or I will
<lamont> oh, and op me. :-0
<lamont> :-*
<ScottK> I've already been way far on the wrong side of CoC for the first time since I've been here.
<soren> infinity: Which channel has no owner?
<soren> infinity: This one? #u-d?
<infinity> Oh, wait, no, it's registered, I'm a muppet.
<soren> infinity: thom owns #u-d.
<soren> someone named troy owns this one.
<soren> No idea who he is.
<ScottK> Yes, but your a muppet that sync'ed Postfix, so I'm happy.
<infinity> Yeah, I noticed.
<infinity> soren: Are you contacting him?  (I was about to, but don't want to flood him with messages)
<lamont> ScottK: infinity is _MY_ muppet, that makes him cool. :-)
<ScottK> Heh.
<ScottK> Well that's the first time I think I've gotten a new bug and fix released in the same bugmail.
<infinity> soren: Getting it fixed now.
<infinity> soren: I'll op you, lamont, and mathiaz when I take ownership.  Deal?
<infinity> Oh, and thom.  Cause thom is love.  Even if he's not idling here right now.
<lamont> infinity: sounds good.  thom is love
<lamont> remember to give him hugs and beer
<infinity> I always try to.
<infinity> He didn't visit me when I was in London, though. :(
<infinity> Some wishy-washy excuse about his wallet disagreeing with the airfare.
<ScottK> Time to go file my launchpad bug of the day.
<ScottK> lamont: When you leave the LP bug numbers in the debian/changelof for a sync, even though those bugs are already fixed, LP sends Fix Release bugmail again.
<ompaul> infinity, you have a pm
<ScottK> Just so you know.
<lamont> ScottK: kewl. :-)
<infinity> ompaul: Noticed. :)
<ompaul> infinity, pas de problem I'm now history ;-)
<ScottK> My theory in LP is that since it's proprietary, I can fix stuff, so the least I can do is complain a lot.
<ScottK> can/can't.  Oops
<soren> infinity: cool. I haven't done anything about it yet.
* mode/#ubuntu-server [+o soren]  by ChanServ
<soren> w00t
* ScottK decides to be nice to soren.
<soren> ScottK: :)
<infinity> soren: It's considered rude to idle with +o on a ChanServ-controlled channel. :)
<soren> infinity: Really? But it looks so shiny!
<soren> Oh, well.
* mode/#ubuntu-server [-o soren]  by soren
<infinity> This ain't EFnet, we'll have no cowboy ops here!
<infinity> Though I do rather like how I managed a channel takeover without a single bit of investigation on the part of the freenode staffer.
<infinity> Makes me feel all warm and fuzzy.
<lamont> infinity: remember, we can only use our superpowers for good.
<infinity> But it's so tempting...
<lamont> ln: creating symbolic link `/home/lamont/gutsy/linux-source-2.6.22-2.6.22/debian/linux-headers-2.6.22-9-hppa32/usr/src/linux-headers-2.6.22-9-hppa32/./.' to `linux-headers-2.6.22-9/.': File exists
<lamont> GAH
* infinity points and laughs.
<infinity> LAMONT IS A KERNAL NOOB LOL!!!111ONE
<lamont> infinity: I'm trying to not clean the tree between builds, that's all
<lamont> and the kernel build uh, stuff, isn't cooperating
<infinity> Clearly, the rules file needs a "kinda-clean" target.
<infinity> debian/rules tidy
<lamont> binary-clean
<lamont> or a -f on that ln -s... :-)
<infinity> I think I'm going to phone HP and tell them that you're not l33t enough for your job.
<infinity> Is there a hotline for that sort of thing?
<lamont> 1 800 EAT .....
<infinity> My phone doesn't have a "." key.
<infinity> Damnit.
* lamont thought '.' was the 1 key about 3 times
<lamont> or was it 2?>
<infinity> Actually, the 1 key 3 times is "..."   Predictive text, FTW.
<lamont> and a 4th time?
<infinity> Another ., apparently.
<infinity> But 5 in a row gives me "...:)"
<infinity> Sony, you never cease to amaze and amuse.
<soren> lamont: You want to look in debian/stamps or something.
<soren> lamont: If you remove the right one, the kernel build system will dtrt and only rebuild what is necessary.
<infinity> soren: No, he wants to not be a muppet that rebuilds the hppa kernel 38 times a day.
<soren> infinity: True that.
#ubuntu-server 2007-08-04
<pipes> v
<mralphabet> w
<ajmitch> hello pipes 
<hansin321> clear
<mattwalston> The dhcpd3 has me confused... the config and lease file test passes, the service can be started via $ sudo dhcpd3 but the init script fails... any suggestions?
<ivoks> start it with init
<ivoks> and check syslog
<mattwalston> ivoks: thanks, i finally found the problem
<mattwalston> ltsp overides the dhcpd.conf with a statically programmed set of c-class private IPs
<ivoks> heh
<ivoks> woof...
* ivoks took a look at couple of samba bugs
<Remo_A> Hi all, I'd like to find out informations about having an own webserver and the pro's and con's of a physically one at home to one hosted remoetly, considering costs, stability issues, control and thelike
<Remo_A> Hi MajorPayne: So the bandwidth is important, you said, what would be a good bandwidth if you want to serve around 1000 visits per day?
<MajorPayne> Remo_A: I doubt you would need much.  Unless they all happen at the same time.
<MajorPayne> Do you have a dynamic IP?
<Remo_A> yes, but that is okay using dyndns or thelike
<Remo_A> (I have a router, which contacts dyndns on a regular basis, if the ip has changed)
<ScottK> Remo_A: Not really.
<ScottK> It sort of works most of the time, but if reliability is important to you, you need a static IP.
<Remo_A> okay
<Remo_A> it sure is.
<ScottK> Additionally, you need to check the terms of service for your account.
<MajorPayne> Remo_A: I have both a server here is my house and a hosted server.  I find they are good for different things.
<ScottK> In many cases terms of service prohibit you from running servers.
<ScottK> You could get your account canceled.
<Remo_A> really? Okay, I'll check on that, thanks!
<ScottK> I run servers from my house quite reliably, but I have business class service with static IPs that permit it.
<MajorPayne> Remo_A: I mentioned that in #ubuntu.  Your ISP sometimes doesn't like that.
<Remo_A> MajorPayne: yes, best thing is I call them on monday, I think
<MajorPayne> Remo_A: For the most part if you run a server and no one uses it they don't care, or would give you a warning before they do anything, but you have to be careful.
<MajorPayne> With 1000 hits/day, they may notice.
<Remo_A> yes, I don't want to keep it secret
<Remo_A> better to be on the safe side
<ScottK> OTOH, unless you have options for another service provider if they do cancel you, you ought to think seriously about the risk.
<Remo_A> hm, no actually this is the only provider, that provides us cable-access, I would have to go back to the ADSL days
<MajorPayne> Yea.  I emailed my service provider.  It says no servers in there TOS, but they responded and told me that as long as it does not use much bandwith they don't care.  And they also told me they would give me a warning before doing anything about it.
<Remo_A> that sounds fair
<Remo_A> but what is "much" bandwidth
<MajorPayne> Remo_A: If you only want webhosting your can very cheap shared hosting.
<MajorPayne> Remo_A: I don't know :-P, but I didn't hit it yet.
<Remo_A> that's my point, I'm trying to figure out, what would be better here, setting up an own server or using shared hosting.
<MajorPayne> Remo_A: If you have to pay for the server in the first place just go with the shared hosting.
<Remo_A> but there will be much traffic, and 10-100 visits at the same time could be possible
<MajorPayne> In most cases shared hosting cost less than $5.  And you can also get a real domain name if you like.
<Remo_A> that's already settled, I was using a lot of shared hosting partners in the past.
<Remo_A> I just wanted to try out something new this time
<MajorPayne> Ahh.  Best talk to your ISP.
<Remo_A> yes I am going to
<Remo_A> it's just, that the bandwidth for private clients have increased insanely and costs dropped proportionally
<Remo_A> example: 10Mbit Down, 1Mbit Up: 48 EUR a month
<Remo_A> and I can't see a way, how a private client can use this amount of upstream-bandwidth without having a server :)
<Nafallo> Remo_A: 10Mbit down is easy to fill, 1Mbit even more so... it only takes a torrent...
<Remo_A> they're slowing down p2p ports, but yes, of course
<MajorPayne> I filled my 1 MB up 10 down all the time when I had it.
<Remo_A> but in terms of server usage, how good would 1Mbit up be, anyway?
<Nafallo> depends on what services, and how busy it would be.
<Remo_A> exactly
<Remo_A> 1000 hits a day and a max of 50 at the same time for starters
<Remo_A> webserver with a highly used database (sql)
<MajorPayne> Remo_A: I don't know.  I never ran a popular web server on my home account.
<Remo_A> me neither, that's why I ask :)
<MajorPayne> Remo_A: If your ISP does not mind, give it a shot and ask the users.  If they say it is too slow move it to shared hosting.
<Remo_A> pretty good idea
<Remo_A> I'd just have to build it very  adaptable (there is a better word, I know *g).
<Remo_A> or setting the server up like the shared hosting company I'd switch to in case of problems
<Remo_A> I think I'll try that way
<boxrock> can someone tell me how to add firefox extensions (like adblock) to my LTSP server so all users will access them by default?
<Remo_A> hm, 1MBit = 0.119209MByte, which would produce in only 24hours fully used: 10'300 MB Traffic
<Remo_A> they will never let me do this *g
<Remo_A> but at least it's good to know, how much traffic could be used there!
<MajorPayne> Remo_A: I doubt it would be fully used all the time.
<Remo_A> of course, I just wanted to see, how much 24hours would be
<Remo_A> it just says: in one second 122KB could be downloaded
<Remo_A> I'm just trying to find out, after how many people accessing at the same time would feel a hard lagging
<Remo_A> I think, using load balancing, 4KB/s should be enough for a not so bloated page.
<Remo_A> hm
<ivoks> a serious bug in samba
* lamont wanders off
<ScottK> ivoks: This is news?
<ivoks> :)
<ivoks> well, it's not quite samba bug
<ivoks> shares-admin delets share, but the share is still available :)
<ivoks> bug 70590
<ubotu> Launchpad bug 70590 in gnome-system-tools "Shares do not get unshared but user is unaware" [High,Confirmed]  https://launchpad.net/bugs/70590
<lamont> so shares-admin should reload samba, eh?
<ivoks> or samba it self
<lamont> as in tell samba to reload...
<ivoks> samba already does that
<ivoks> reloads periodiclt
<ivoks> periodicly
<ivoks> change of config file should trigger that
<infinity> It does it fairly often...
<infinity> Something inotifyish could be retrofitted in there to replace the polling code, I guess.
<ivoks> right
<infinity> But that'd be terribly Linux-specific, and never accepted upstream.
<ivoks> reload isn't good enough
<ivoks_> my kernel exploded :/
<ivoks> so, reload isn't enough, full restart does the job :/
<infinity>        Sending the smbd a SIGHUP will cause it to reload its smb.conf configuration file within a
<infinity>        short period of time.
<infinity> From the manpage...
<infinity> Note "within a short period of time".
<ivoks> hehe
<ivoks> as soon as smb.conf is changed, smbclient doesn't show share
<ivoks> but if you have it mounted, you can still write and read from it
<infinity> I imagine it's something akin to an apache graceful reload, where it tried to not be too disruptive about it.
<infinity> s/tried/tries/
<ivoks> so i guess it does SIGHUP, but...
<ScottK> Can the polling periodicity be reduced?
<infinity> Perhaps, but at an obvious cost.
<infinity> Anyhow, way past bedtime for me.
<ScottK> Right.  But the cost may be less than restarting the whole system.  Just a thought.
<infinity> We can argue about this another time. :)
<ivoks> :)
<ivoks> infinity: good night ;)
<ivoks> or we can talk with people in #samba
<ivoks> <@jelmer> depends on the tool I guess - do you want the changes to be  used immediately? If so, then it should restart the main smbd I guess
<kyled185> anyone here know how to install the 7.04 server with KVM
<kyled185> and when I say KVM, I mean the virtualization
<ivoks> just install 7.04 and kvm package
<ivoks> and that's it
<kyled185> er, I'm running this on my laptop, I want to install the server on a virtual environment
<ivoks> ubuntu server?
<ivoks> it's tricky cause of ubuntu installer's splash, so you should rmmod kvm from kernel first, and install without it
<kyled185> hmm ok
<ivoks> after that, you can normaly use kvm support in kernel
<ivoks> other option is to do installation with qemu+kqemu
<kyled185> how would I do that?
<ivoks> the same way you would do it with kvm
<ivoks> just instead of kvm, you should use qemu+kqemu
<kyled185> ok
<kyled185> alright things are starting to work now
<kyled185> alright thanks
<ivoks> np
<osmosis> kyled185: i was wondering hte same thing.
<osmosis> and whats the difference between  xen-desktop and xen-server ?
<kyled185> I unfortunately don't have much experience with xen (or any kind of virtualualization for that matter) ;(
<osmosis> kyled185: what are you trying to do?
<osmosis> kyled185: I was just reading about Xen and KVM and trying to decide what to play with. I want to see what this virtualization stuff is all about.
<kyled185> I am running a server on my laptop so that I can develop and test server apps without having to be physically connected to a server.
<ivoks> don't know exaclty, i prefere kvm
<kyled185> I am using KVM
<osmosis> kyled185: are you talking about  Ubuntu Server version ?
<kyled185> yeah
<osmosis> kyled185: Well...Ubuntu Server is mostly just ubuntu with Xorg and Gnome installed. I run all the server stuff right on my desktop install. no problems. I admin a bunch of ubuntu server installs also.
<kyled185> the Ubuntu Server will be running in the KVM environment
<osmosis> kyled185: KVM in itself sounds pretty cool though. Id like to know how to set that up.
<ivoks> kvm is great
<kyled185> yeah, I'm partly doing it just to learn some about running VMs and partly so that I can have a level of abstraction between my server and my regular laptop environment
<ivoks> you can migrate virtualized system to another hardware :)
<ivoks> while virtualized system is running ;)
<osmosis> ivoks: do you know how it differse from Xen? or are the different implementations of the same thing?
<ivoks> osmosis: kvm can be used only on new processors
<ivoks> while xen on all
<osmosis> ivoks: so if you have a new processor, there is no reason for Xen ?
<ivoks> osmosis: xen can utilize VT on new processors
<osmosis> ivoks: how about...does KVM support limiting system resources to OS instances like Xen does ?
<kyled185> I heard (can't remember where) that KVM is faster when on the hardware that supports it
<ivoks> osmosis: so it's basicaly, thing of choice
<osmosis> ivoks: okay, so they are the same idea mostly.
<ivoks> osmosis: kvm is normal process on linux, so you can do everything
<ivoks> new version also supports virtualized SMP systems
<osmosis> http://www.gridvm.org/xen-vs-kvm.html
<ivoks> this is rather old :)
<osmosis> yah
<kyled185> from personal experience, when running a computer with Xen, it seems to make things unstable
<kyled185> I had Fedora 7, and things just were not working right when I used the xen enabled kernel
<osmosis> kyled185: that might not be true on newer versions though. I remember that on older versions, but it was because of the libc libraries that the distros were using a year ago.
<osmosis> here is something newer: http://www.osnews.com/permalink.php?news_id=18301&comment_id=256987
<osmosis> sounds like KVM is a newer, fresher design...but Xen is more feature complete.
<kyled185> yeah
<ivoks> i would say it that way, but it's 10:30PM, so i don't care :)
<ivoks> s/would/wouldn't/
<osmosis> KVM can be controlled as a system process with  NICE and whatnot, but the Xen hypervisor allows me to set RAM limits, CPU Limits to guest slices.   1:24 PM here.
<kyled185> bah it looks like that server install is hung up
<ivoks> osmosis: kvm can do that too :)
<osmosis> ivoks: ohhreeeaallly
<ivoks> kyled185: it's not, give it some time :)
<cyclops> hello
<kyled185> I will
<ivoks> osmosis: kvm --help
<osmosis> Why is linux accepting Xen into 2.6.23 then ?
<cyclops> I just installed the amd64-generic and I am trying to set up Internet servers
<cyclops> can anyone be of help
<cyclops> I am currently trying to locate telnet server because I can telnet out but cant recieve any connections at the moment
<osmosis> cyclops: telent is horrible security. why not use ssh ?
<cyclops> ok
<cyclops> I tried ssh also but I think the ports are somehow locked
<cyclops> It is refusing connection even from localhost
<osmosis> cyclops: well you would probably be better to figure out why your ssh isnt working, rather then trying telnet instead.
<kyled185> I don't think the ubuntu server comes with ssh installed by default
<ivoks> osmosis: why not?
<osmosis> ivoks: why not what ?
<ivoks> osmosis: xen in linux
<cyclops> osmosis: I really just want to test the connections but it is telling me that port 22 refused the connection. How do I make it accept connections from localhost
<cyclops> I have not really implemented any kind of firewall
<osmosis> ivoks: because KVM is already in the kernel.
<kyled185> cyclops,  sudo apt-get install openssh-server
<osmosis> cyclops: why dont you check if you ssh server is running.
<cyclops> ok
<cyclops> thanks, let me try that
<ivoks> osmosis: so... we have couple of different schedulers in kernel too, lots of different stuff for same purpose
<ivoks> osmosis: linux is about choice
<kyled185> ivoks, I was under the impression that we don't have multiple schedulers (hence all the bickering)
<osmosis> ivoks: oh yah...then how come the staircase deadline scheduler isnt included in linux ?
<kyled185> haha
<osmosis> high five!
<ivoks> osmosis: i'm not kernel dev :)
* kyled185 wishes he could be a 1337 kernel dev...
<osmosis> ivoks: i hears its not that hard with a little dedication. Its just c code.
<ivoks> osmosis: i code on some other places :)
<osmosis> ivoks: half of the core kernel devs work for IBM, Intel, etc and are employeed...but the other half of the guys have normal day jobs and just kernel dev at night.
<kyled185> I've looked at some of the code, it's very clean
<osmosis> ivoks: yah...im sticking to python.
<cyclops> osmosis: thanks, I didnt really install the ssh-server
<cyclops> But it is working now
<osmosis> ken patches merged into mainline...  http://git.kernel.org/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5ead97c84fa7d63a6a7a2f4e9f18f452bd109045
<osmosis> xen
<kyled185> ivoks, is it normal for an installation in qemu to hang for 10 minutes
<osmosis> in ubuntu, anyone know the difference between  xen-server and xen-desktop ?
<osmosis> ubuntu-xen-desktop - Xen software for running on servers.
<osmosis> ubuntu-xen-server - Xen software for running on servers.
<ivoks> kyled185: i guess not, try alt+f2 and running some commands inside installer
<osmosis> "However, the leader of the open source Xen project, Ian Pratt, said he doesn't see any competitive issues with KVM in the 2.6.20 kernel.
<osmosis> "Xen is a true hypervisor, whereas KVM is a legacy virtualization solution akin to VMware Workstation, VMserver and Microsoft Virtual PC," Pratt told internetnews.com. "It lacks the benefits of para-virtualization performance enhancements that have been pioneered by Xen and are now being copied by VMware and Microsoft." 
<osmosis> and more...  "paravirtualization is a virtualization technique that presents a software interface to virtual machines that is similar but not identical to that of the underlying hardware. This requires operating systems to be explicitly ported to run on top of the virtual machine monitor "
<osmosis> sorry for the big paste, seemed relevant though.
<kyled185> hm
<ivoks> osmosis: that's like asking bill gates does he prefere windows or linux
<ivoks> you tell me what is better
<ivoks> to run unmodified system in virtual env
<osmosis> but it explains what the difference between xen and kvm is.  Xen requires the guest OS to be aware that it is a virtual instance, rather then thinking it is actually running on its own hardware. They can do this because they can modify linux. 
<ivoks> or to run modified ssytem (kernel and libc) in virual env
<kyled185> ivoks, yeah but the project lead should have a pretty good idea as to what is superior in xen's implementation
<osmosis> Thats why the ubuntu wiki recommends KVM for windows emulation...because windows isnt modified to run on xen. Linux is though.
<ivoks> but saying that kvm is legacy... hehe
<osmosis> Yah, its a bit of a cheapshot, but thats business.
<ivoks> you can run unmodified windows on xen too
<ivoks> and linux isn't modified to run on xen
<ivoks> it need special kernel, yes
<osmosis> ivoks: its "special"  ..not modified. hehe.
<ivoks> yeah... for example
<ivoks> let's talk about production enviorment
<ivoks> if you have xen
<ivoks> then you guest system must have xen enabled kernel
<ivoks> you loose security support cause of that
<ivoks> cause xen isn't in kernel (and no, 2.6.23 will not include whole xen)
<ivoks> if you have kvm, you run with normal kernel and have normal security support
<ivoks> + kvm is part of kernel, so you have security support for kvm too
<osmosis> ivoks: there is nothing unsecure about the xen userspace tools not being in the kernel. it doesnt make sense for them to be in the kernel.
<ivoks> and on my tests, kvm had better performance results than xen
<ivoks> i'm not talking about userspace
<ScottK> If there are any lighttpd fans out there, we just got a dapper update pushed out the door....
<ivoks> i'm talking about hypervison
<osmosis> ScottK: backport ?
<osmosis> ivoks: whats the problem with hypervisor ?
<ScottK> No, bugfix in dapper-updates.
<ivoks> ScottK: i was fan, untill i discovered that we ship apache in worst possible state and that it's actually faster :D
<ScottK> Heh.
<osmosis> ivoks: where is security lost ?
<ivoks> osmosis: xen is not part of the kernel
<ivoks> can we agree on that?
<osmosis> ivoks: ok
<ScottK> osmosis: I'm open to a lighttpd backport after we get the latest security fixes done if you want to request it in dapper-backports.
<ivoks> drivers that aren't in kernel require special care
<ivoks> with drivers in kernel, you only keep an eye on kernel
<ivoks> with drivers all over the world, you have to keep an eye on whole wolrd
<ivoks> world
<osmosis> ivoks: there is more Xen code in the linux kernel (2.6.23) then there is KVM code,...but Xen has its userspace tools which are not part of the kernel. hypervisor.
<ivoks> same thing with xen and kvm
<ivoks> osmosis: not whole xen's kernel part is in kernel
<ivoks> and what does more mean?
<osmosis> ivoks: line count.
<ivoks> xen has much more code cause it works other way
<ivoks> kvm doesn't care about old proecessors
<ivoks> and doesn't support them
<osmosis> ivoks: xen has entire x386 architecture in the kernel now.
<ivoks> ofcourse there would be less code
<ivoks> this isn't seriuos conversation
<ivoks> counting lines doesn't mean anything
<kyled185> uh oh... Peer has struck
<osmosis> there is nothing unsecure about xen.
<ivoks> i didn't say it's insecure
<osmosis> ivoks: kvm requires QEMU...and that isnt part of the kernel either.
<ivoks> stop
<ivoks> look
<ivoks> i'm not talking about userspace tools *at all*
<osmosis> whats the sound
<osmosis> everybody look whats going down
<osmosis> your talking about kernel patches ?
<ivoks> i'm talking only about kernel part
<ivoks> on one side is xen
<ivoks> big, but still not whole in kernel
<osmosis> so ever with 2.6.23, kernel patches are still going to be needed ?
<ivoks> when i say that i mean that not whole xen kernel part is now in 2.6.23
<ivoks> there are still parts on xen's kernel part wich aren't in linux
<ivoks> osmosis: yes
<osmosis> ivoks: so the 2.6.23 xen patches are just for guest kernel? 
<ivoks> right
<ivoks> and only i386 client patches
<ivoks> no amd64
<ivoks> no server side
<ivoks> with 2.6.23, you'll be able to use unmodified kernel as a guest
<ivoks> and that's it
<ivoks> still lots of code outside kernel
<ivoks> and just cause xen has bigger line count... well... don't count lines - they don't mean anything
<ivoks> enough for today
<ivoks> 'night all
<osmosis> bye
<kyled185> see ya
<osmosis> http://kerneltrap.org/node/8088
<osmosis> #
<osmosis> Xen is a fairly large project, providing both paravirtualization and full virtualization. It is designed as a standalone kernel, which only requires Linux to perform I/O. This makes it rather large, as it has its own scheduler, memory manager, timer handling, and machine initialization.
<osmosis> kvm, in contrast, uses the standard Linux scheduler, memory management, and other services. This allows the kvm developers to concentrate on virtualization, building on the core kernel instead of replacing it.
<osmosis> #
<osmosis> hmm...that article makes kvm sound pretty good.
<kyled185> yeah, except for Intel's lack of real mode support
<kyled185> which is giving me a headache
<osmosis> kyled185: i get a core dump right after I launch kvm.
<kyled185> what are you trying to virtualize?
<osmosis> kyled185: kvm -no-acpi -m 384 -cdrom /dev/scd0 -boot d windows.img      but i just threw a ubuntu desktop 7.04 cd in the drive to test.
<kyled185> osmosis, you're probably running into the same problem I had
<osmosis> kyled185: cool..whats the solution
<kyled185> osmosis, qemu -no-kqemu -m 512 -cdrom ./ubuntu-7.04-server-i386.iso -boot d ./server.img
<kyled185> osmosis, if you run that, it should be able to install (although I'm on my 4th attempt and it looks like it's hung up again)
<kyled185> osmosis, I'm looking into a fix now for that, because it's apparently not working
<kyled185> osmosis, kvm -no-acpi -m 512 -cdrom /dev/cdrom -boot d windows.img
<kyled185> osmosis, that's what I used to install windows
<osmosis> cool...i think that worked.
<osmosis> kyled185: have any idea what would happen if I launched kvm without xorg? would it just take over my screen ?
<kyled185> osmosis, I don't know, I've never tried it but that's an interesting idea if it works
<osmosis> kyled185: just wondering if I could do a kvm ubuntu server from inside a ubuntu server.
<kyled185> osmosis, yeah, that'd be kind of cool.  I would think it would be possible since VMs are mostly used by servers
<osmosis> kyled185: yah...thats a major point.
<osmosis> kyled185: I got windows running, seems a bit slow though. dunno.
<kyled185> there's a problem with acpi
<osmosis> oh great.... my xorg mouse just stopped when kvm qemu closed. doh!
<kyled185> osmosis, https://help.ubuntu.com/community/KVM
<osmosis> i would click on it if i could.
<kyled185> lol that's rather sad
<kyled185> I hate when weird crap like that happens
<kyled185> osmosis, https://help.ubuntu.com/community/KVM
<kyled185> in case you don't have a log :)
<osmosis> cool
<osmosis> kyled185: did you try and get networking yet ?
<kyled185> osmosis, I did a little bit, but since I primarily use wireless those instructions won't work for me
<kyled185> osmosis, so I've put that on the back-burner for now
<osmosis> too bad the qemu windows isnt resizable.
<kyled185> osmosis, it is if you change the resolution in the guest os
<kyled185> osmosis, otherwise I would think things would look very strange and stretched
<osmosis> ohok
<osmosis> argh...wished i would have hit F7 at boot
<kyled185> what does F7 do?
<osmosis> turns off ACPI at windows boot.  its said...Installing Devices for about 10 minutes now.
<kyled185> oh
<kyled185> I just followed that guide from start to finish and it worked pretty flawlessly...except for networking but my case is a little odd
#ubuntu-server 2007-08-05
<gruelius> Does anyone have experience with apt-cacher? my client computers time out often for some reason.
<lamont> Built successfully
<lamont> Purging chroot-gutsy-stage0/build/buildd/linux-source-2.6.22-2.6.22
<lamont> sometimes walking away for a while helps.
<gruelius> is that in relation to my question? lol
<mralphabet> gruelius: no
<lamont> gruelius: not at all
<lamont> never used apt-cacher
<gruelius> similar apps?
<Remo_A> If by any chance someone in here is from switzerland or knows a good shared/dedicated server providing company or even better: a site, where those get compared to each other, I would greatly appreciate your link, thank you for your consideration :)
<BenC`> mm, well in ch I dunno, but in France you have Dedibox and OVH (with Kimsufi)
<Remo_A> thank you!
<BenC`> http://www.dedibox.fr/ and http://www.kimsufi.com/
<BenC`> you're welcome ;)
<Remo_A> yes, already googled them
<BenC`> ok :)
<Remo_A> that's nice, they give you ssh access on kimsufi
<BenC`> in dedibox too
<BenC`> it's dedicated server ;)
<Remo_A> yes, but that one is quite a bit expensive
<BenC`> yeah, sure
<mattwalston> Why are there so many how-to documents offering a fix for "slow to establish ssh connection" but a patch has not been offered?  Is this a feature that should be solved some other way?
<cyclops> hello all
<mattwalston> Any recomendations for an all-in-one mail server suite?  I do not care about MS Outlook.
<kraut> mattwalston: it could be usefull to explain, for wich operating system you use a MUA. 
<kraut> mattwalston: and there are many reasons, why a ssh connect takes much time.
<kraut> mattwalston: it would be interesting, wich infos you with -v get.
<mattwalston> kraut: as far as mail server, all machines are running 7.04
<kraut> ah, you meant a MTA, not MUA.
<kraut> the question is the same, wich religion you should prefer ;)
<kraut> many people prefer exim, oter ones postfix or sendmail. i am using qmail, but i can't say, that i prefer it.
<mattwalston> kraut: actually, i was wandering if anyone made a prepackaged all-in-one type thing, ala Zimbra or Scalix, i just want less bloat but the ease of administration as I have a lot to do around here
<kraut> and what exactly do you mean with all-in-one?
<kraut> mattwalston: then you need someone, who makes this for you.
<kraut> you can't setup a mail-system within 5 minutes.
<mattwalston> kraut: sure you can, just with about 4 gb of ram and a few headaches next week
<mattwalston> kraut: zimbra is a pretty easy install, just big time bloated and slow to apply security updates
<kraut> yep, but it's a topic wich you should take more seriously
<kraut> wich services are included in zimbra?
<kraut> smtp, pop, imap?
<mattwalston> kraut: yes
<mattwalston> kraut: it is ment more for the server appliance market
<kraut> mattwalston: for what do you need this mail-system exactly?
<kraut> only for a few accounts?
<mattwalston> btw, the ssh -v shows the delay between these two lines: debug1: SSH2_MSG_SERVICE_ACCEPT received
<mattwalston> debug1: Authentications that can continue: publickey,password
<kraut> or do you have severall thousand users on it?
<mattwalston> 25 users
<mattwalston> but they are huge mailboxes
<kraut> then i would take something like exim and put the accounts into a mysql-database
<mattwalston> it is an engeneering firm that saids scans of prints
<kraut> exim is a mostly "easy to use" MUA i think
<kraut> and for such a small system it would be enough
<mattwalston> kraut: so definetly use virtual users?  all mail users have an account on the system
<mattwalston> kraut: thanks, i will definetly look into it
<kraut> hmmmmmm, good question
<kraut> it would be better, to take virtual users, because you can't figure out, if everybody will have an account local in future
<mattwalston> kraut: good point
<kraut> do you want only serve pop?
<mattwalston> kraut: i am doing this one by the seat of my pants, they have win 2k3 on 3 boxes for running autocad and simulation software, 2 application servers using ltsp, and 34 thin clients throughout office
<kraut> or also imap?
<mattwalston> kraut: preferably imap only
<mattwalston> kraut: i hate pop but it may be the easiest
<kraut> then exim+mysql and cyrus would be a nice setup i think
<kraut> and you should also take a look on squirrelmail
<kraut> it's a web-frontend for imap-mailboxes.
<mattwalston> oh, for webmail?
<kraut> perhaps a nice feature for them
<kraut> yes
<mattwalston> yeah
<kraut> it depends on imap. nothing more.
<lcdd> what is the benefit of using sql backend here?
<kraut> lcdd: if you have the accounting data into a mysql-database, it's easier for other applications, to share this informations
<kraut> lcdd: you create a user via exim and cyrus for example could use this information to serve imap-access.
<lcdd> isn't ldap better suited and supported for that?
<mattwalston> is there a way to move all the heavy lifting for the mail server to another machine but still deliver to local users maildir?  like via nfs mounting of /home?
<kraut> lcdd: i think mysql is easier then ldap, but yes, that's also a soloution.
<kraut> mattwalston: heavy lifting?
<kraut> you mean the autocad-data?
<mattwalston> kraut: I guess it is all relative, lol, i mean for isolation
<kraut> don't understand you :/
<mattwalston> kraut: i.e. machine 1 handles mta, mda and machine 2 handles /home's and ltsp with a nfs mounted /home
<kraut> mattwalston: depends on virtual or local users
<kraut> but with some tricks it's possible i think
<mattwalston> kraut: i am liking local users, but am not completely opposed to virtual users, i just have not messed with them
<mattwalston> kraut: ordinarily, i just outsource the email
<kraut> that's a point that only you are able to evaluate ;)
<mattwalston> is nfs still the prefered way to remote mount?
<kraut> for linux/unix, yes.
<kraut> but don't use 2.6.20 or 2.6.21
<kraut> nfs-client is broken in this versions
<mattwalston> great, all machines are 2.6.20
<mattwalston> is that why i can only mount if i set nolock?
<kraut> no, 2.6.20 will corrupt your data.
<kraut> there are issues in write() i think.
<kraut> or file-locking, don't know exactly
<kraut> i am actually using 2.6.17 again and i am testing it now.
<kraut> perhaps on wednesday i could rollout this kernel.
<mattwalston> I know i have not had any problems with 2.6.17, used it awhile on my web servers
<kraut> 2.6.17 has less issues, but forcedeth.c is for example a crappy-version
<kraut> forcedeth.c is interesting for sun M2-series servers.
<lcdd> isolating services is always a good idea, but if you need to set up nfs and shared user accounts because of it, i don't think it's worth the trouble at all
<mattwalston> lcdd: that is what I am thinking... i am just nervous about having a machine handleing up to 14 or so ltsp clients running all sorts of stuff and also using it for email mta and mda
<kraut> mattwalston: i would device this services
<lcdd> mattwalston: i would probably take the lazy route and use the same server, but make sure ltsp clients are under reasonable system resource limits
<mattwalston> lcdd: I think that is what I am going to do
<boxrock> can anyone tell me how to get widescreen resolutions set on a thin-client ?
<lcdd> mattwalston: if you expect the number of systems increase, then there will of course be good reasons to use some kind of central user management, be it ldap or sql or by copying /etc/passwd over the network etc.
<NETWizz> Hello, at work I installed 37 Ubuntu computers on a LAN
<poningru> NETWizz: yeah so the best thing would for you to set up your own repository
<NETWizz> I wish to set them up to install packages automatically
<NETWizz> Okay, that will be easy
<NETWizz> But I still don't have time to go to all the computers and sudo apt-get install package... 37 times
<poningru> there are crazier things like apt-caching across networks
<poningru> NETWizz: oh hmm I see what you are saying
<NETWizz> Can the systems be configured to do an update and upgrade from our own repository?
<poningru> sounds like what you are looking for is ltsp
<NETWizz> I want our systems to get a list of packages they are supposed to have installed and install those that are not installed
<NETWizz> and remove those that are no longer on the list basically
<poningru> right
<NETWizz> ltsp?
* NETWizz Googling
<poningru> yeah dude linux terminal server project
<ivoks> no
<poningru> ivoks: better solution?
<NETWizz> NOpe we don't want to termininal server
<ivoks> setup one machine
<ivoks> and then get run dpkg --get-selections &> template
<NETWizz> Basically I am doing a Windows to Linux Migration in one lab at a High School
<ivoks> and on every computer: dpkg --set-selections < template ; apt-get dselect-upgrade
<NETWizz> Currently our network comprises of 30 sites connected via WAN all running Windows XP Professional
<NETWizz> I got permission to install Ubuntu on 37 machines at a High School
<ivoks> or build your own .iso
<NETWizz> or build my own iso?
<NETWizz> Okay, so I can make a script to get a template every day
<ivoks> no
<ivoks> don't do that
<ivoks> you want regular updates, right?
<NETWizz> SUre
<NETWizz> But I also want to be able to deploy applications
<poningru> NETWizz: take a look at edubuntu
<NETWizz> Right now with Windows, I can deploy applications to computers no problem
<poningru> this sounds like exactly what this is for
<ivoks> then yes, --get-selections
<NETWizz> Does edubuntu support deploying apps
<ivoks> what poningru suggests is diskless clients
<ivoks> there's no deploying apps
<ivoks> all computers use same filesystem
<mattwalston> NETWizz: super easy...
<ivoks> when you install app on one, it's installed on all
<poningru> well you can have it with disks
<NETWizz> What?
<NETWizz> I install an app on one and it gets installed on all
<NETWizz> HOw does that happen?
<mattwalston> NETWizz: set-up a cron job on all machines to wget a script and run it from a central location
<NETWizz> There must be a process
<ivoks> 23:34 < ivoks> all computers use same filesystem
<NETWizz> right they all use the same file system
<ivoks> yes, network file system
<NETWizz> Oh you mean I am going to do a network file system
<NETWizz> and have only one system for all the computers
<ivoks> right
<NETWizz> That won't likely work
<NETWizz> Too much network traffic
<NETWizz> I can install squid
<poningru> ... you can have it with disk
<NETWizz> That would at least allow each computer to get updates without hammering the network
<ivoks> why do you think it is too much network traffic?
<ivoks> they don't send/recive whole filesystem, only needed parts
<NETWizz> Because if this project works, we will probably setup hundreds of computers
<mattwalston> NETWizz: nfs the /var/cache/apt/archives and add a cronjob to run script from server
<NETWizz> okay
<NETWizz> I could just rsync the archives
<mattwalston> NETWizz: yeah
<ivoks> there's always cfengine
<NETWizz> what would the scripts do?
<NETWizz> tell it to install everything in archives?
<ivoks> it would do what you want and write in it
<NETWizz> okay thanks
<mattwalston> NETWizz: whatever you wanted, it would just run on all computer... i.e. apt-get update; apt-get upgrade;
<poningru> NETWizz: http://blog.nixternal.com/stuff/doc/handbook/handbook/C/ltsp-scp.html
<mattwalston> NETWizz: there is probably a better option out there
<ivoks> mattwalston: for that, there's unattended-upgrades
<mattwalston> ivoks: thanks, will look at it, probably much more secure than letting the root user wget a script and run it... time to backup and punt
<poningru> NETWizz: I really think that you should look into edubuntu
<poningru> it is designed for this minus the hdd but that doesnt mean you cnat use it
<NETWizz> I will look into edubuntu
<NETWizz> thanks
<NETWizz> Remote logout!
<NETWizz> That sound snice
<NETWizz> Does edubuntu get installed on dozens of machines?
<poningru> right
<poningru> one server and the rest client
<NETWizz> plessus looks like gpedit
<NETWizz> not quite as much stuff
<mattwalston> NETWizz: edubuntu pushes for thinclient usage
<mattwalston> NETWizz: you might consider running x11vnc on the student machines, then you can snoop, take control and shadow to demonstrate something
<NETWizz> I am not a teacher
<mattwalston> NETWizz: you can also password the screen saver and execute from commandline to blank screens
<NETWizz> Just an IT Person
<NETWizz> I wonder if they have italc
<poningru> italc?
<mattwalston> NETWizz: no
<NETWizz> You have heard of italc then hugh?
<mattwalston> NETWizz: i think it is nt only, we used to piss off our computer teacher by bringing in livecds and booting and his software would not blank us
<mattwalston> NETWizz: yeah, real big on k12 with xp clients and nt server
<NETWizz> What do you mean?
<mattwalston> NETWizz: I spoke too quickly, i think it doea
<NETWizz> did they use Synchroneyes or something silly like that?
<gigabytes> hello everybody
<NETWizz> Regardless, it would be trivial to turn that stuff off
<gigabytes> I think there is a bug in ubuntu server
<mattwalston> NETWizz: i think, italc is aparently open source, they had some propreitary thing
<NETWizz> I am an IT Administrator and found iTalc works well
<NETWizz> sorry
<NETWizz> Beryl Crashed
<NETWizz> Okay
<NETWizz> I will give it a try
<NETWizz> edubutnu
<mattwalston> NETWizz: i have yet to use edubuntu, but essentially it has a lot of features for ltsp built in
<mattwalston> NETWizz: i am on an ltsp client connecting to an ubuntu system right now in a engeneering office that I am implenting a thin client solution for their email, webbrowsing, inter office stuff with rdp connections via rdesktop to win 2k3 machines for autocad and stuff
<mattwalston> NETWizz: for administrative purposes i even run the win2k3 inside of virtual machines on a linux host, much easier to administer and very flexible, maybe your school is able to glean something from this deployment
<NETWizz> I have a full district to work with
<NETWizz> Currently I have moved some Windows Servers to VMWARE
<NETWizz> It was a cakewalk to move them to Ubuntu Server
<mattwalston> NETWizz: definetly, something to look at is rdesktop's SeamlessRDP mode for your clients
<mattwalston> NETWizz: it establishes rdp to a ts server and uses an alternative shell that sends only the application to the linux client
<mattwalston> NETWizz: i have quickbooks ent 7 running that way for a client and it appears native
<maccam912> hello all. I have an ubuntu server set up, and have a few questions to get it running better than it currently is set up for.
<maccam912> right now when remote people try to connect to my server, they have to use port 2010, and it works, but for some reason when I try to set it up for port 80 (so they don't need the :2010 after the url) I can get to my website, but no remote users can.
<NETWizz> I know
<NETWizz> I have been working with that
<maccam912> is there something in the operating system that I dont know about that stops remote people from getting on port 80?
<NETWizz> #!/bin/bash
<NETWizz> rdesktop -rsound -A -s "c:\seamlessrdp\seamlessrdpshell.exe c:\windows\explorer.exe" 10.24.5.25 -u Linux -p ubuntu
<NETWizz> Only thing is that it doesn't seem to support Active Directory
<maccam912> NETWizz are you just an average joe user like me, or are you like a developer that is trying to fix the problem?
<NETWizz> I really need to have it popup an active directory login
<NETWizz> I am an average joe
<maccam912> and you have the same problem with that?
<NETWizz> However, I am a dilettante or you might call me a dabbler 
<maccam912> same here
<mattwalston> NETWizz: i can login using a samba pdc, just set the workgroup option to your domain, as far as prompting for a login, not too sure
<maccam912> do you think it might be something with my router instead?
<NETWizz> I doubt it
<mattwalston> NETWizz: come to think of it, it should be able to prompt
<NETWizz> I wonder if I remove the username and password
<NETWizz> It might prompt
<NETWizz> That is what I need anway
<NETWizz> and Terminal services installed on the 2003 box
#ubuntu-server 2008-07-28
<n-iCe> where can I load the programs(commands) that I want to run when ubuntu starts?
<dthacker> n-iCe: /etc/init.d/rc.local
<hads> Or maybe cron @reboot as an alternative
<n-iCe> dthacker: thanks!
<dthacker> n-iCe: np :)
<n-iCe> buut
<n-iCe> http://www.asdasd.pastebin.com/m1d69fae1
<n-iCe> where do I add it?
<n-iCe> the command is, ddclient
<n-iCe> dthacker: ?
<dthacker> n-iCe: http://ubuntu.wordpress.com/2005/09/07/adding-a-startup-script-to-be-run-at-bootup/
<n-iCe> thanks!
<n-iCe> that's for a script
<n-iCe> this is just a command
<n-iCe> ddlient
<n-iCe> ddclient
<dthacker> n-iCe: please look in /etc/init.d  Is there a file called ddclient?
<n-iCe> uhm
<n-iCe> dthacker: yes
<dthacker> n-iCe: then ddclient is going to run as a daemon.  to start from the command line use "/etc/init.d/ddclient start"  To have ddclient autostart look in system-settings--advanced tab--services.
<n-iCe> thanks
<n-iCe> how do I change the login message?
<n-iCe> when someone join to ssh?
<n-iCe> dthacker: any idea?
<dthacker> nope :)
<duiu> If I specify a command using cron, what happens if I turn the computer off while it's running, or if the computer is off when the command is schedueled to run?
<unewbie> anybody using ebox?
<unewbie> i installed hardy+ebox from cd
<unewbie> my LAMP is not running
<unewbie> looks like ebox only manages the apache2
<unewbie> anyone?
<duiu> You could try being specific
<unewbie> my webserver can't open index.php
<unewbie> what might be wrong?
<ScottK> I don't do PHP, but IIRC when people had asked that before it had something to do with Apache not being restarted after PHP was installed or some such.
<unewbie> still not working
<hads> Yeah, I don't either but `sudo a2enmod php5 && sudo invoke-rc.d apache2 restart` should make things work.
<Sp0tter> Has anyone ever fully automated an ubuntu hardy install?  I've read all the docs i can find on it, and they say you can, but everytiem i try (edit the isolinux.cfg, add my preseeding file, remaster the iso with a new keyring)  all i get is nothing.  Nothing ahppens, nothign will install.
<Sp0tter> I have to go to bed, but please leavea c omment with my name so i can read it tomarrow.  I've tried the custominstall and preseeding tutorials on ubuntu official help, as well as others.  And when i hit enter on my Custom Install menu entry it just nothign hapepns.. Same ifi try to use one of the real ones after i've rmasterd the cd, no response.
<Sp0tter> thanks
<unewbie> anybody installed ebox?
<unewbie> !ebox | unewbie
<ubottu> unewbie, please see my private message
<jmazaredo> if i put a new lan card on ubuntu server on boot will the os detect the new card?
<gladk> jmazaredo: mostly yes
<jmazaredo> if i ifconfig -a it should show right?
<gladk> yes
<jmazaredo> tyvm
<hads> Just beware that interface names are mostly static so if you pull one card and replace it with another then it will be eth1 not eth0
<nxvl> soren: around?
<nxvl> seems not
<nxvl> soren: i've started a workaround on debian support for u-vm-b
<nxvl> soren: it actually need the hardest work
<nxvl> soren: i haven't still check the bootstrap think nor the kernel flavor (which actually only need to be defined
<nxvl> but the structure is already there
<nxvl> from oldstable to experimental
<nxvl> you can find it here if you want to take a look: https://code.launchpad.net/~nvalcarcel/ubuntu-jeos/u-vm-builder
<nxvl> i haven't test it yet
<kdb424> Hi! Is anyone on?
<hads> !ask
<ubottu> Please don't ask to ask a question, ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely answer. :-)
<kdb424> I just wanted to say that I finally got a lot of help, and got this server running (I'm on it now). I just wanted to say thanks again to the developers, and the community for this amazing software. It was truely a learning experience too.
<kdb424> Now I'm stuck in this program. Any suggestions?
<kraut> moin
<kdb424> Hi
<kdb424> I'm on the newest ubuntu server in this IRC chat, no gui. How do I exit this? I'm still learning. Sorry.
<TNKLTSP> Hey! Anyone here with LDAP (or more specific LDAP + AD + LTSP) envinroment?
<TNKLTSP> I'm having bit of a problem here fucking everything up
<hads> !language
<ubottu> Please watch your language and topic to help keep this channel family friendly.
<TNKLTSP> :) sorry
<TNKLTSP> anyone willing to help?
<TNKLTSP> my problem is that it allways seems to be trying to hit my localhost instead the domain controller I have specified into ldap.conf
<TNKLTSP> and I have tryed to type it as ldap://, ldaps:// or host *ip*
<sCOTTo> hey guys - whats the best thing to replace cPanel with??? considering they dont install it on Ubuntu :(
<hads> I think maybe ebox
<hads> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<jmazared1> is there a bug when installing nagios on ubuntu server?
<_ruben> check the bugtracker?
<uvirtbot> New bug: #251998 in samba (main) "package update-manager 1:0.87.27 failed to install/upgrade: ErrorMessage: SystemError in cache.commit(): E:Sub-process /tmp/tmph8Z6zU/backports/usr/bin/dpkg returned an error code (1)" [High,Triaged] https://launchpad.net/bugs/251998
<zul> morning
<sommer> happy monday!
<zul> meh ;)
<Oliber> it's not a happy monday at all
<Oliber> it's a grumpy and angry one
 * dthacker forgot the sarcasm tags
<lamont> hrm.. blue tab and lots of scrollback.  I wonder if it was just someone muttering something about something I care abuot, or if someone was looking for me
<hads> Nothing in my lastlog
<lamont> hads: cool.  I imagine if it matters, someone will track me down
<RockHound> hi everyone. has anyone else had issues when running nscd on a samba/ldap PDC and trying to join domain computers?
<RockHound> it seems to be a bad idea running nscd on the ldap server/samba pdc since nscd prevents the immediate availability of the newly created ldap entry
<RockHound> or maybe it is just me and my setup
<jdstrand> Nafallo: port ranges will be in the next release of ufw
<Nafallo> jdstrand: awesome! will need a ppa later then? ;-)
<jdstrand> Nafallo: actually, once it's in intrepid, you can just install it straight from there on hardy
<jdstrand> (there are non intrepid-dependant deps)
<jdstrand> s/non/no/
<sommer> jdstrand: morning, I had a question about auth-client-config... the kerberos_example profile doesn't work, at least in my testing, and I was wondering if it could be modified?
<jdstrand> sommer: sure-- this is to go along with the server guide?
<sommer> jdstrand: yepper, here's what I was thinking: http://paste.ubuntu.com/31275/
<jdstrand> sommer: that is just what needs to change?
<sommer> jdstrand: I was able to login and get a ticket from the kdc with that :)
<sommer> with "auth    [success=done default=ignore]   pam_unix.so" before the krb5 line it never requests a ticket
<sommer> at least for users in /etc/passwd
<sommer> err, I'll paste the entire file
<jdstrand> sommer: please do
<Nafallo> jdstrand: gdebi? I would prefer PPA TBH :-)
<sommer> jdstrand: http://paste.ubuntu.com/31277/
<jdstrand> sommer: I think that will short-circuit the pam_ccreds stuff- does it still work?
<sommer> jdstrand: ummmm, one sec
<uvirtbot> New bug: #252566 in openvpn (universe) "Please sync openvpn 2.1~rc8-1 (main) from Debian unstable (main)" [Undecided,New] https://launchpad.net/bugs/252566
<sommer> jdstrand: I think ccred still works... I see this in the logs: pam_sm_setcred: entry (0x2)
<sommer> jdstrand: is there a quick test of the ccreds?
<jdstrand> sommer: bring down networking and try to login
<sommer> jdstrand: ah gotcha, yaaa I'll have to get back to you on that... accessing from remote at the moment
<jdstrand> sommer: np
<sommer> well maybe there's a way
<jdstrand> sommer: I am not sure where ccreds stores it's information, but you'll want to try with a new user as well, to make sure that you can login while online, ccreds gets updates, pull the plug, can login offline
<sommer> jdstrand: cool will do
<jdstrand> sommer: you may be able to try some stuff with your firewall
<jdstrand> (on the kdc)
<jdstrand> sommer: the part that I am concerned about is both the logging in while offline, and updating ccreds when online
<sommer> jdstrand: okay, so for a new the kdc password is different from the local shadow password... logs in fine when the kdc is started, but when the kdc is stopped only the local password works, so I guess that means ccreds are borked?
<sommer> new user that is
<jdstrand> sommer: sounds like it
<jdstrand> sommer: it's the 'sufficient' part
<kirkland> zul: thanks for sponsoring some of the init script patches!
<sommer> jdstrand: gar... I'll work on that some more than
<jdstrand> ok
<zul> kirkland: yep no problem
<kirkland> zul: we're making good progress on that front
<kirkland> zul: getting some decent help from the community
<zul> kirkland: yep I saw
<zul> kirkland: but you could rediff your samba patches ;)
<kirkland> zul: i'll try to do that today
<zul> kirkland: np
<kirkland> zul: i'll also review as many of the patches awaiting sponsorship as I can
<flosch> hi all
<zul> kirkland: that would be great...
<zul> kirkland: I would bug the desktop team about those patches as well (dbus, etc)
<kirkland> zul: yeah
<lukehasnoname> Anyone bought or read "Understanding the Linux Kernel" or "Linux Server Hacks"? Both look interesting and useful
<sommer> lukehasnoname: I've read The Linux Kernel in a Nutshell... that's a good one, and online for free :)
<Sp0tter> Has anyone ever fully automated an ubuntu hardy install?  I've read all the docs i can find on it, and they say you can, but everytiem i try (edit the isolinux.cfg, add my preseeding file, remaster the iso with a new keyring)  all i get is nothing.  Nothing ahppens, nothign will install.
<lukehasnoname> sommer: thanks
<lukehasnoname> sommer: they should have called it "Linux Kernel in a shell" <_<
<uvirtbot> New bug: #252617 in mysql-dfsg-5.0 (main) "Installing MySQL-Server in chroot" [Undecided,New] https://launchpad.net/bugs/252617
<uvirtbot> New bug: #251377 in amavisd-new (universe) "Problems with amavisd-new: cannot start the service" [Undecided,New] https://launchpad.net/bugs/251377
<Sp0tter> Has anyone ever fully automated an ubuntu hardy install?  I've read all the docs i can find on it, and they say you can, but everytiem i try (edit the isolinux.cfg, add my preseeding file, remaster the iso with a new keyring)  all i get is nothing.  Nothing ahppens, nothign will install.
<nijaba> Sp0tter: if you pm me your email, I have a white paper on the subject
<Sp0tter> thank you very much
<Sp0tter> I've spent hours and hours reading over and over the docs on ubuntu's site, following step by step to no avail
<lukehasnoname> nijaba: Throw it up on the wiki
<lukehasnoname> nijaba: if it's actually useful
<nijaba> lukehasnoname: long story....
<Sp0tter> Basicly I need a 100% automated disk that is a failsafe, that someone where i host my server could pop in and walk away and it would do a basic install with openssh.   Where i host my server, they have no knowledge of linux and no time to reinstall people's software for them heh, but I'm not looking to make the 4 hour drive there and back
<lukehasnoname> nijaba: o_O
<Sp0tter> nijaba, I have read the paper and notice it doesn't mention anything about recompiling the debian keyring,  is this step not needed with the kickstart method?
<eivindgl> I'm having problems with what appears to be an old bug with libnss-ldap and udev (stall at boot) in hardy. It's written in the ubuntu wiki that i should set "bind_policy soft" in /etc/libnss-conf , this file does not exist in hardy (I've created it, but it doesn't help. anyone who knows a fix?
<mathiaz> eivindgl: try /etc/ldap.conf
<eivindgl> mathiaz: thanks, found an entry here
 * kees is attempting inbox-zero.  ... not easy
<zul> kees: heh
<ScottK-palm> Would someone who knows some Perl look at Bug 251377. I think it's not to hard to figure, but I'm mostly offline the next about 24 hours.
<uvirtbot> Launchpad bug 251377 in amavisd-new "Problems with amavisd-new: cannot start the service" [Undecided,New] https://launchpad.net/bugs/251377
<ScottK-palm> mathiaz: I'm very doubtful for the server team meeting tomorrow.  No progress on Clamav/Spamassassin MIR.  Please apply liberal amounts of guilt to get people to help.
<Sp0tter> nijaba: Is adding your own key and recompiling the debian keyring not part of the kickstart method? From what i've seen so far you can't make any changes to the install iso without doing that?
<nijaba> Sp0tter: not if the only thing you do is changing install parameters.  You will need to fiddle with keyring only if you change the packages AFAIK
<Sp0tter> nijaba: I've tried only changing lines in the isolinux.cfg and the default ubuntu seed file and it gave the MD5 checksum error
<nijaba> Sp0tter: md5sum does NOT use the keyring
<Sp0tter> nijaba: oh, what would cause that then?
<nijaba> Sp0tter: it is only there to verify the integrity of the media
<Sp0tter> nijaba: is there a way to disable that?
<nijaba> Sp0tter: the method I described in the paper to create the iso should recompute the md5 fine
<Sp0tter> nijaba: I haev no need to install any extra packages, just the bare min server
<Sp0tter> nijaba: ok excellent, I'm doing that now thanks
<nijaba> np
<sommer> why would guilt induce people to help???
<sommer> ah well
<Sp0tter> nijaba: when i try to recreate the iso it gives me "genisoimage: Uh oh, I cant find the boot image 'isolinux/isolinux.bin"  but its there, and i can do ls isolinux/isolinux.bin and it pops up
<Sp0tter> also, there is no isolinux.cat which is mentioned in the paper but i cant find it on my cd
<kblin> hi folks
<kblin> I'm trying to set up my bind server to refer requests for a subdomain to the subdomain's name server, but that doesn't seem to be working.
<kblin> I'm getting a log message of zone win2k3.kblin.local/IN: refresh: non-authoritative answer from master 192.168.2.1#53 (source 0.0.0.0#0)
<kblin> hm, never mind, I got slave mode working :)
<Sp0tter> nijaba: Now I have it created, but at install time i'm getting a red screen that says 'The cdrom contains a cd which cannot be used for installation."
<Sp0tter> nijaba: even if i remove the  ks.cfg file, it still gives the cdrom error
<nijaba> Sp0tter: hmmm...  maybe you should go ask in #ubuntu-installer
 * nijaba interested in Sp0tter's finding, though
<Sp0tter> I started in #ubuntu with hundresd of people, they sent me here with like 80 people, now i'm in #ubuntu-installer with 20 people
<Sp0tter> I hope i don't get sent further down the line or there will be nobody left  to help :)
 * delcoyote hi
<Sp0tter> nijaba, in your paper when you say 'copy it over',  a regular cp command leaves out the .disk directory, that was my problem :)
<nijaba> Sp0tter: oh, good catch!
<nijaba> Sp0tter: I'll fix that!
<uvirtbot> New bug: #252675 in bind9 (main) "Please include 9.4.2-P2 patches in Hardy server" [Undecided,New] https://launchpad.net/bugs/252675
<kirkland> mathiaz: hi there....  superm1 asked me about the chances of backporting the status_of_proc() function to hardy
<kirkland> mathiaz: what's your opinion?
<kirkland> mathiaz: it's a relatively easy backport
<kirkland> mathiaz: what do you think are its chances of getting SRU'd?
<kees> kirkland: found a small think-o in mdadm -- it needs to exit 1 at the end of the handler, not just inside the if statement
 * kirkland digs up that patch
<Sp0tter> nijaba: So it installs fine now off the newly made ISO, but it ignores the kickstart / seeding that I do. I still get that terrible 'what language' question twice and the 'detect keyboard' even thoughi  have those in my preseed file
<mathiaz> kirkland: slim - IIUC status_of_proc is a new feature, not a bug fix.
<kirkland> kees: yeah, i see that.  you want to handle that on commit, or shall i respin the patch?
<kees> kirkland: and the mdadm --misc --scan --detail should be silent
<kees> kirkland: I've got it.  gonna reboot once more
<kirkland> kees: silent?  really?
<kees> kirkland: yeah, it's not human-useful information unless something is broken.
<kees> (the proc/mdstat info gets shown on real failure)
<Sp0tter> hey I just thought of a great idea, you know how you can highlight text that has your name in it in the chat here,  there should be a plugin that highlights , but it alternates colors in rotation based on the nick.. so first thing sp0tter says withy our name.. then sp0tter is assined color X, then if someone else says your name he is assigned a different highlight color
<Sp0tter> then you can keep track of everyone's messages by color on topic
<kirkland> kees: okay, fair enough
<kees> kirkland: I'm doing the same for lvm2
<kirkland> kees: cool
 * kees reboots to test again
<kees> (btw, ntpdata filelock appears to be totally broken...)
<kees> s/data/date/
<uvirtbot> New bug: #252686 in nagios2 (universe) "Reload action on init script kills daemon" [Undecided,New] https://launchpad.net/bugs/252686
<kirkland> kees: is there any testing you want/need me to do on my end, or are you just finishing it up?
 * kees -> back and happy
<kees> kirkland: nope, I'm just finishing it up and making sure it worked for me in real-life
<kees> I've uploaded them all now.  \m/
<kirkland> kees: awesome, thanks dude
<kees> kirkland: thank _you_!  it's been a long road.  :)
<kirkland> kees: well, there's more to go, but this is a big help
 * kees nods
<kirkland> kees: being able to tell the kernel on boot to bootdegraded is awesome
<kees> totally
<kirkland> kees: mathiaz asked me to write up a blog post on testing this...  i captured most of my thoughts in that wiki page
<kirkland> kees: did you find the test instructions adequate?
<kees> kirkland: the only thing I'd say to improve it would be to add "expected output" examples
<kees> kirkland: and to add the test-case I just tried: the system and drives are all totally fine, but the root UUID in grub is wrong (i.e. test that the "nothing to do" use-case works and we get a shell)
<kirkland> kees: gotcha, will do, before the blog post
<kirkland> mathiaz: are you still interested in a "Boot Degraded RAID: Call for Testers!" blog post?
<mathiaz> kirkland: sure ! :)
<kirkland> mathiaz: okay, how about I write that one this week, and the Encrypted Private Directory one next week?
<kees> kirkland: I'm also thinking of adding a section to the hooks that say something about "no problems detected with md arrays" or something just to have an "else" section that produces some kind of output.
<kees> kirkland: but that can be done any time.
<kirkland> kees: yeah, just a log_success_msg()?
<kees> kirkland: dunno, it needs some though.
<mathiaz> kirkland: wfm
<lukehasnoname> kirkland: Just curious: If a drive fails in a RAID, how is it currently handled? No need for a huge detailed explanation, just a brief answer
<kees> kirkland: in your blog post you might want to call attention to that fact that grub isn't raid-sane yet, and that testers could run into that problem.
<kirkland> kees: I think i'd also like to see something printed when on your subsequent boots when you're in a degraded RAID (but mdadm expects that)
<kirkland> kees: yeah, i was planning on fixing that this week, but iscsi got promoted
<kees> kirkland: well, that should be "mdadm --daemon"'s problem.
<kirkland> kees: but good point, i'll add that
<kirkland> kees: i think mdadm might send email about that
<kees> it does
<kirkland> lukehasnoname: handled by whom?  the kernel?  mdadm?  the boot processes?
<kirkland> kees: good, that's probably adequate
<lukehasnoname> kirkland: Let me read a bit more before I ask
<kirkland> lukehasnoname: good man ;-)
<kirkland> lukehasnoname: now, i'll give you the briefest answer....
<kirkland> lukehasnoname: the kernel will keep chugging along, reading/writing to the raid device, mdadm will mark the drived 'FAILED', and if configured, send email to the sysadmin about it
<kirkland> lukehasnoname: prior to the work kees and I have been doing, the next boot would dump you to a busybox prompt, saying your RAID couldn't be started because of a failed device
<kirkland> lukehasnoname: but we just added support for the user adding a 'bootdegraded=true' bit to the kernel command line, if you wanted to force the boot of a degraded RAID
<lukehasnoname> ah
<lukehasnoname> >_>
<kirkland> zul: samba/winbind patch updated: https://bugs.launchpad.net/debian/+source/samba/+bug/247087
<uvirtbot> Launchpad bug 247087 in samba "samba init script status action" [Low,Triaged]
<J-_> So, I've put a new USB2.0 PCI card in my server. Now, I've connected my external drive to it. The server doesn't have a GUI, it's running dapper. Usually I would cd to /media/ and the drive would be there. Can anyone suggest anything?
<J-_> lspci shows the usb2.0 card
<J-_> dmesg | less shows the drive
<yareckon> hi guys, I'm migrating from redhat and wanted to put same users on my new debian/ubuntu machine
<yareckon> what is the best way to migrate folks over
<yareckon> is there a tool that folks recommend?
<J-_> my external drive is EXT3
<yareckon> I have seen a guide where you copy the user entries out of /etc/passwd /etc/group /etc/shadow and append them to those files on the new machine
<yareckon> but redhat UIDs start at 500 while debian ones start at 1000, should I just add 500 to everyone's UID or should I leave them as is and hope that debian can cope with Users under the UID 1000 floor
<yareckon> ?
<yareckon> (hoping someone points me at a tool that does this all automagically)
<yareckon> :)
<J-_> sudo fdisk -l doesn't show my external drive.
<J-_> Can I do something else to see if it's there?
<hads> yareckon: It will cope with UIDs under 500 but some things expect UIDs to be over 1000 such as the face chooser at login etc.
<yareckon> J- maybe watch messages to see if something changes when you plug/unplug?
<yareckon> thanks hads, no one logs in with their faces on this box :)   (it's a little workgroup samba server)
<hads> I was using UIDs under 500 up until a short time ago when I changed them
<yareckon> you just went into /etc/passwd /etc/shadow and /etc/groups and did it by hand or scripted something?
<null_vector> Anyone have a link to a rough guide of remotely installing ubuntu/debian?  I did it a few years ago with sarge but it's been a long time.
<hads> yareckon: usermod -u will change a users UID and the files in their home dir but not files outside it. It also won't change their GID
<yareckon> yeah, it's keeping the UID/GID accounting straight across all of those files x30 users that has me nervous doing that by hand
<yareckon> usermod may help
<hads> Also `find / -uid 500`
<hads> That's what I finished mine off with.
<yareckon> thanks for the help!
<hads> No worries
<yareckon> I think this is why server guys stick with one distro :)
<J-_> Here's a pastebin of "dmesg |grep -i usb" http://pastebin.ca/1085636 Does it look proper?
<J-_> I installed a PCI USB 2.0 card in my server.
<yareckon> cause it sure isn't as slick as distro hopping on the desktop
<Kohlra1> problem with postfix, is there a known issue where it never installs properly or is there something i don't know about it?
<Kohlra1> nvm
<Kohlra1> some things just don't install right if you try to set certain values during install
<sCOTTo> i think I just fouind my answer to ubuntu server using cPanel...
<sCOTTo> ~~~ALIEN~~~
<sCOTTo> :D
#ubuntu-server 2008-07-29
<zul> kirkland: I know I regularily get email ;)
<Sp0tter> Why does a guided LVM put all the available space in the / partition?  You can't shrink that while its up, so then whats the pointin the LVM?
<Sp0tter> nijaba: how do i keep my fully auto install from never ending?  install, reboot, install, reboot ?
<twb> How can I find the section (i.e. main, restricted, universe or multiverse) for each installed package?
<twb> (I've been asked for the licensing details for all software on my server.)
<hads> Someone gave me a one-liner for that ages ago let me see if I can find it.
<twb> On Debian I'd just check the Section: for a slash (e.g. admin/non-free), but that doesn't seem to work on Ubuntu.
<hads> comm -12 <(apt-cache dumpavail | grep-dctrl -nsPackage -FSection universe/ |sort) <(dpkg --get-selections | awk '$2 == "install" { print $1 }'|sort)
<hads> Ugly huh
<twb> grep-status probably would be shorter
<ScottK> sommer: I don't know if guilt will work or not, but saying pretty please hasn't gotten anything except from you.
<twb> hads: I'm not convinced its working
<hads> OK
<twb> For example, I'm pretty sure mg is in universe
<twb> Yeah, it is
<twb> hads: this is a shorter version of your original one-liner, but it still has the same problem: grep-status -nsPackage,Section -FStatus "install ok installed" | paste -sd "  \n" | sort | grep universe/
<twb> This has better success: aptitude search ~i~s^universe/
<hads> That's nicer
<twb> Hmm, I'm still a bit suspicious of false negatives, but I've stopped caring.
<twb> Thanks for your time.
<uvirtbot> New bug: #252784 in openldap (main) "ppolicy+smbk5pwd password modify" [Undecided,New] https://launchpad.net/bugs/252784
<twb> Anybody got pam ldap auth working correctly (against slapd, running on the same Ubuntu 8.04 host)?
<twb> I had kerberos working, then I was told to switch it over to ldap (because there are no shiny GUIs for krb).  Now I broke both of `em, and I'm about to blindly follow a zimbra weenie's auth-client-config setup and see if it magically works.
<twb> Last time I looked at this box (some weeks ago), we determined that slapd had the appropriate values in its database (PosixUserAccount, IIRC) but for some reason pam_ldap can't see them.
<HefferMooMo> Does anyone know why postfix hangs in telnet?
<ScottK> It doesn't here.
<HefferMooMo> ScottK: That's odd. It says "Escape character is '^]'. then lets me type in and everything, but nothing works
<ScottK> Do you get a line after that that starts with 220?
<ScottK> HefferMooMo: ^^
<HefferMooMo> nope, that's what i got earlier. it then stopped working
<HefferMooMo> ScottK: i then got despirate enough to reformat
<ScottK> Then your postfix is dieing and you need to be looking in the logs.
<HefferMooMo> i looked in syslog, and it didn't say anything
<ScottK> HefferMooMo: OK.  What's your current situation?
<HefferMooMo> current situation is that i havn't a clue why it hangs like that, and i don't know of any specific log that could help =(
<ScottK> HefferMooMo: As a general rule in Linux and other Unix like operating systems you'll have more luck trying to understand the problem and fix it than nuking it from space everytime it misbehaves.
<hads> :)
<ScottK> Are you logged into the server now?
<ScottK> HefferMooMo: ^^
<HefferMooMo> yea, but not on this computer. Normally i woudln't nuke it, but i just switched the server over from a windows
<ScottK> HefferMooMo: It's past 1AM here, I'm tired, and I'm not paid to do this, so please pay attention.
<HefferMooMo> I am paying attention. I just type slowly sometimes
<ScottK> ssh into the server and do tail -f /var/log/mail.log
<ScottK> OK
<ScottK> HefferMooMo: Once you've done that, telnet to the server again and see what the logs say.
<ScottK> !pastebin | HefferMooMo
<ubottu> HefferMooMo: pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<ScottK> That's where you should put your results
<HefferMooMo> thanks, it's not much, it seems to be something about some /etc/aliases.db
<ScottK> Please pastebin what is says
<ScottK> All of it.
<hads> Being out of date? If so, you need to update it
<ScottK> I'm guessing, but I'd rather read the whole log entry before I get excited.  That shouldn't make Postfix crash.
<hads> Yeah sorry, just interrupting :)
<ScottK> You wanna take over so I can go to bed?
<HefferMooMo> ssh doesn't work (i apparently don't have it setup on my server)
<hads> ScottK: Yah I can.
<hads> (although I'm at work so may be slow)
<HefferMooMo> Thanks ScottK
<ScottK> hads: Please do.
<hads> np
 * ScottK has to be up in ~4 hours.
<ScottK> Thanks.
<hads> Go sleep
<hads> HefferMooMo: So can you pastebin the log?
<HefferMooMo> yea, had to go to pastebin on the server first (i have xubuntu desktop installed)
<HefferMooMo> http://paste.ubuntu.com/31588/
<hads> OK, run `sudo postalias /etc/aliases`
<hads> /etc/aliases is a text format file which is 'compiled' into a binary file for postfix to access.
<hads> You need to run that command any time you update the text file.
<HefferMooMo> ah
<HefferMooMo> thanks, that seemed to work
<hads> Postfix is pretty good at telling you what is wrong so usually if you look in the logs you'll get the idea.
<lamont> hads: or you can be a traditionalist and 'sudo newaliases'
<HefferMooMo> fresh install worked the first time, then it acted up like this, i gotta keep a note of this. Thanks
<hads> lamont: I was going to... but I chose that for consistancy with the other postfix mapping files :)
<HefferMooMo> the newaliases, lots of googling had me look at that, but isn't that automatically run at install?
<lamont> ISTR that I only run it if I created /etc/aliases, or added to it
<lamont> about to face plant into the keyboard though, so I'm not going to go look
<hads> :)
<HefferMooMo> i'm still new to ubuntu some what so it's not real surprise that i didn't know which log file it modified
<HefferMooMo> i thank you all for your help
<lamont> for values of "I" == postfix's postinst script
 * lamont -> bed
<kraut> moin
<uvirtbot> New bug: #252843 in php5 (main) "hardy php5 max execution time" [Undecided,New] https://launchpad.net/bugs/252843
<nandersson> Is the Ubuntu 8.10-release now in sync with Fedora 10 or is it just a coincidence that you release within two days?
<soren> nandersson: What do you mean by "in sync"?
<nandersson> well, like the call Mark did for syncing the releases
<nandersson> i.e the release dates
<nandersson> Marks mark
<soren> I'm not familiar with any alignment of release dates. Ours was set months ago.
<nandersson> soren, either it is happening - or it is just a "happy coincidence"
<nandersson> Could be a coincidence then - or the Fedora team actually likes the idea of aligning the release dates
<nandersson> I think it's a great idea
<soren> nandersson: Apparantly, their release date is at least as old as ours.
<nandersson> looks promising though :)
<nandersson> the release dates are just within a two day time span
<toastmaker> Hello! I plan to run a cluster using Ubuntu 8.04 server edition and I would like ask if there is a support for Infiniband communication and Fibre Channel connection to disk array in Ubuntu or if it is more probably to expect some problems... The only Linux distros which are confirmed by the HW vendors are SLES and RedHat, but I would like to use Ubuntu if it works.. Has anyone some experience with this and could redirect me to propper web resourc
<soren> I've not personally tested it, but both should work just fine.
<soren> toastmaker: ^
<toastmaker> soren: thanks for the comment.
<toastmaker> By the way, don't you know about any HPC (High performance computing) site dedicated to Ubuntu? I've found https://wiki.ubuntu.com/UbuntuClusters, but last edit comes from the year 2006..
<soren> I've heard of some, but I don't remember who they were, and if I did, I'm not sure if I were at liberty to tell you about it :)
<soren> Oh, you mean "site" as in "web site2?
<soren> "?
<toastmaker> web page :)
<toastmaker> soren: or portal
<ghostcube> ahhhhhh
<ghostcube> lol know it makes sense no one answers me in #ubuntu
<ghostcube> ok guys little question about the new kernel updeate
<ghostcube> 2.6.x.20
<ghostcube> no chance to boot it up on my machine 2.6.x.19 does fine
<ghostcube> so can anyone tell me what changed so heavy that it doesnt boot
<_ruben> providing any errors you might be seeing might help
<_ruben> hrm .. i wonder if there's a way to configure a nic to "up" but not get an ip address assigned to it
<_ruben> guess i could configure some bogus ip for it, but that'd be nasty
<ghostcube> _ruben: i get no errors
<ghostcube> it just stops from the 3rd row on startup
<ghostcube> it just freezes
<ghostcube> x.19 works fine
<ghostcube> x.20 not
<ghostcube> anyone an idea  maybe
<ghostcube> its en sempron 2800 + and 2 250 gig sata 2
<ghostcube> with 1 gig ram
<ghostcube> hah
<ghostcube> there is an update
<ghostcube> maybe this fixes it rofl
<sommer> jdstrand: I figured out my issue with the auth-client-config kerberos_example profile... my regular user had the same password as the kerberos principal
<sommer> jdstrand: is there a way for the password to be the same and to get a ticket using pam on login?
<sommer> jdstrand: and have ccreds, heh
<sommer> if not we can always add something to the documentation about it
<jdstrand> sommer: unfortunately I am not a pam stacking expert-- however, I bet slangasek could help you
<jdstrand> sommer: he is writing something that is supposed to get all the stacking right out of the box
<uvirtbot> New bug: #250841 in php-imagick (universe) "Image Magic Libraries missing (dup-of: 203023)" [Undecided,New] https://launchpad.net/bugs/250841
<sommer> jdstrand: ah cool, I'll ping him about it... might do some more reading myself
<sommer> jdstrand: thanks
<jdstrand> np-- thanks for trying to improve this :)
<uvirtbot> New bug: #252980 in postfix (main) "mydestinations can't be preseeded" [Undecided,New] https://launchpad.net/bugs/252980
<nealmcb> server team meeting in 2 min in #ubuntu-meeting
<lukehasnoname> I see someone in the debian-devel ML took up my call for apache www root to be relocated to /srv
<CyberSnooP> Does anyone know if there are any implications of having your BaseDN not be of a "dc=example,dc=com" format?
<sommer> CyberSnooP: I think that's mostly convention, but you may need a dc="something" at the end
 * delcoyote hi#
<nealmcb> nijaba: I'll just miss you at linuxworldexpo in san francisco - I'm in oakland until Saturday, then on to LA etc
<Buzzons> hi -- question :: When i reboot an ubuntu box it gets past grub and hangs just after "Starting up" with a flashing cursor
<Buzzons> if i boot to recovery mode it boots ok -- what could be wrong with the main boot option
<uvirtbot> New bug: #253032 in likewise-open (main) "likewise-open-gui needs a better menu item name" [Undecided,New] https://launchpad.net/bugs/253032
<lukehasnoname> You know what would be interesting? Taking some books that are really popular like "Linux Server Hacks", go through them, "Ubuntuize" them, and get permission to republish them as certified instructions for Ubuntu Server
<nijaba> nealmcb: too bad!  I'll see you in Dec I'm sure
<Bnydell> does anyone know of a tutorial to install a GUI for my server?
<Deeps> apt-get install xubuntu-desktop?
<Bnydell> it says could not open lock file var/lib/dpkg/lock - open (13 Permission denied)
<lukehasnoname> Bnydell: You have a package manager already running, I believe
<lukehasnoname> or you didn't "sudo" that command
<lukehasnoname> you need to run installs with sudo
<Bnydell> i tried sudo apt-get install xubuntu-desktop
<Bnydell> Do i need to have the installation cd in?
<lukehasnoname> as I said, make sure you aren't already running an install, apt-get, or aptitude
<Bnydell> Let me restart the machine. See if it will work
<maw_> Bnydell: if your package manager crashed sometimes the lock file can remain
<maw_> you can remove it
<maw_> and then launch apt again
<lukehasnoname> haha check this: Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/2.5.2 Server at www.washingtontimes.com Port 80
<Bnydell> i am new to ubuntu so i do not know how to do that.
<maw_> lukehasnoname: I tried emailing the webmaster but the mail just came to me... ;)
<maw_> how helpful is that?! :P
<maw_> Bnydell: where you using "apt-get" ?
<Bnydell> yes
<Bnydell> I tried sudo apt-get install xubuntu-desktop
<lukehasnoname> maw_: Ya, pwnt. looks like their site got "Drudged"
<maw_> try a "ps aux | grep -i apt" without quotes, is there anything running?
<maw_> legitimate dDOS situations are funny... damn you ./, digg etc...
<maw_> err /.
<Bnydell> maw it had one line of stuff come up after i typed in the command
<maw_> paste me that line please, it was probably just the result from bash
<Bnydell> Let me type it out, im on my laptop
<Bnydell> 1000 4335 0.0 0.0 3004 824 tty1 S+ 14:22 0:00 grep -i apt
<maw_> ok, so apt isn't running
<maw_> what is in "ls -l /var/lock"
<Bnydell> well i restarted the system.  a while ago. But i just typed in Is -1 /var/lock and it didnt come up with anything
<maw_> and what is the error again when you try "sudo apt-get install <your package>"
<Bnydell> let me retype that command hold on
<Bnydell> Reading package lists... Done
<Bnydell> building dependency tree
<Bnydell> reading state information... Done
<Bnydell> E: couldn't find package xubuntu-desktop
<maw_> the computer you are running that command on has internet access?
<Bnydell> uh.  not currently I would need to disconnect the ethernet from this laptop to do it
<Bnydell> should i run the command after connecting in the cable?
<maw_> well, I think by default it tries to use online repositories
<maw_> unless you modified apt to use local media
<maw_> so just to confirm, you want to install xfce desktop?
<Bnydell> i have not modified anything. I just installed ubuntu server 20 minutes ago
<Bnydell> did nothing to it yet
<Bnydell> its a clean install
<Bnydell> i want to install a GU
<Bnydell> GUI*
<maw_> ok, and you want xfce?
<Bnydell> deeps said to type in apt-get install xubuntu-desktop
<maw_> I see, well that probably won't work on a server install
<Bnydell> If posible.  I do not know the difference between that and other GUI's if there is any at all
<maw_> http://packages.ubuntu.com/hardy/xubuntu-desktop
<maw_> http://packages.ubuntu.com/hardy/xfce4
<jonesy> finally found virtualbox and can install the ubuntu server edition :-D
<maw_> you probably want to do "sudo apt-get install xfce4"
<maw_> xfce is a desktop environment like gnome and KDE
<maw_> it is more lightweight
<Bnydell> so it can insatll on this server, am i correct?
<maw_> and might be better suited for a server install
<Bnydell> ok
<Bnydell> so i should connect the internet cable and then type in the command sudo apt-get install xfce4
<Deeps> there are very few GUI tools to configure server services btw
<maw_> well seeing how the first link I sent you says "This package depends on all of the packages in the Xubuntu desktop system" and you have SERVER... I dont think it will work
<Deeps> it's not like windows, where everything is configured through a gui
<maw_> desktop != server
<maw_> and ya, what Deeps said...
<Bnydell> yea
<maw_> and I agree with Deeps that server install is better to manage from shell
<Bnydell> I do not have any knowledge at all of command line.  and the only reason we are using ubuntu is it is free not like the other servers.      We wanted a gui for it so that we can do things easyer.    we are really only using this server as a file server and maybe printer serveer
<maw_> just use windows then
<maw_> unless your office is all *nix machines
<jonesy> guis are harder.
<maw_> or use "openfiler" if all you need is a filesystem
<maw_> err file server
<jonesy> you'd not spend any more time learning the gui if you're not familiar with the gui.
<jonesy> or... any *less* tiem.
<jonesy> err. time.
<maw_> http://www.openfiler.com/
<maw_> ^ free and is a NAS/SAN
<uvirtbot> maw_: Error: "free" is not a valid command.
<maw_> lol?
<Bnydell> lol
<maw_> anyways.. use openfiler
<Bnydell> any free programs...
<maw_> otherwise you are going to have to setup everything manually on ubuntu to work with your windows environment
<Bnydell> or can i just use something that is already on the ubuntu server
<maw_> and since it sounds like you have limited *nix experience, you might be best with a windows file sevrer
<maw_> Bnydell: what would you use?
<maw_> do you know of something?
<maw_> do you think SMB is ready to sync with your active directory?
<Bnydell> we did not want to pay for a windows file server
<maw_> a W2K3 license is 500-1000$... or just use MSDN license
<maw_> before you totally cheap out you should consider how much time you will need to spend implementing and maintaining your solution
<Bnydell> well thanks for your guys help
<maw_> good luck
<maw_> try openfiler if you dont want to spend any money
<maw_> and you want a out of box solution
<maw_> WITH gui
<Bnydell> ok i will look into that
<maw_> or go buy yourself a "linux system administration" book and start doing it all off ubuntu :)
<Deeps> heh
<maw_> you should learn sometime
<Bnydell> 'holy shit just had a huge earthquake
<Deeps> become an MS partner and get the action pack starter kit
<Deeps> 300 euros
<Bnydell> excuse my french
<Deeps> gets you 2 server licenses, 10 desktop licenses, and a whole bunch more
<maw_> Bnydell: lol? glass shatter?
<Deeps> including office, exchange, visual studio
<maw_> http://www.openfiler.com/products/screenshots/
<Bnydell> no, but everything in the office just started shaking, lated a abou 10-20 seconds
<Deeps> openfiler looks nice
<Bnydell> heh was over 5.0
<Bnydell> looking on http://quake.usgs.gov/recenteqs/ and that big red thing is basicaly covering where i work and live
<lukehasnoname> I just saw
<lukehasnoname> http://earthquake.usgs.gov/eqcenter/recenteqsus/Quakes/ci14383980.php
<Bnydell> we are a few milies from episenter, was 5.8 earthquake
<Bnydell> eh there goes aftershock
<lukehasnoname> that's 4.2 too weak <_<
<Bnydell> what waas 4.x?
<Bnydell> 4.2?
<lukehasnoname> I was implying that a 10.0 would be a sight to see
<Bnydell> yea.  but i would rather not be in one :)
<lukehasnoname> then again that would kill hundreds of thousands
<Bnydell> yea
<Bnydell> well thanks guys again for your help
<Bnydell> I will be sure to pop back in if i need further help on my quest to getting this server fully working
<Bnydell> have a good day.
<lukehasnoname> Anyone know how the Ubuntu engineer spec is coming?
<zul> the what spec?
<lukehasnoname> on the wiki there is a page discussing the development of a certification for Ubuntu users
<lukehasnoname> both server and desktop oriented
<lukehasnoname> holy hell it already exists
<lukehasnoname> to the wiki!
<maw_> Deeps: ya I have used openfiler for DEV purposes and it suits my needs for cheap RAW storage quite well
<maw_> Deeps: http://supermicro.com/products/system/3U/6035/SYS-6035B-8R+.cfm + openfiler = win
<uvirtbot> New bug: #227229 in libnss-ldap (universe) "LDAP and AD connection problem with hardy" [Undecided,New] https://launchpad.net/bugs/227229
<kirkland> mathiaz: hey, do you have any iscsi-initiator experience?
<kirkland> dendrobates: or do you?
<dendrobates> kirkland: my knowledge ends at the definition.  :)
<kirkland> dendrobates: ;-)  okay, well, i'm running an iscsi target in one kvm, and I'm running an iscsi initiator on a second... i can get the second to detect the first...  but I'm trying to figure out the "next step"
<kirkland> dendrobates: should it show up as a block device, or what.....
<dendrobates> kirkland: that is my understanding.  I'd shoot soren an email.
<kirkland> dendrobates: k
<mathiaz> kirkland: it should show up as a standard block device
<mathiaz> kirkland: that you can format, etc...
<kirkland> mathiaz: /dev/.... what?
<mathiaz> kirkland: hm - I don't know exactly - look in dmesg
<mathiaz> kirkland: there may be some clue there
<kirkland> dendrobates: evand is sitting next to me, will give me a d-i architecture tour later today
<kirkland> mathiaz: i looked, nothing yet
<mathiaz> kirkland: it may be an issue with udev then
<mathiaz> kirkland: may be the udev rule is not setup correctly
<kirkland> mathiaz: also, looks like an MIR may be needed for open-iscsi
<mathiaz> kirkland: hm - open-iscsi is already in main
<kirkland> mathiaz: right, nevermind
<dendrobates> kirkland: another thing to about, is a way to allow a user to enter a landscape key in d-i, that would be unobtrusive to those that don't care.
<kirkland> dendrobates: okay
<kirkland> dendrobates: i'm reading about debconf now
<Penol> Jul 29 21:45:39 ubuntu oidentd[13237]: Connection from mediatraffic2.fi.quakenet.org (195.12.59.196):0
<Penol> Jul 29 21:45:39 ubuntu oidentd[13237]: [mediatraffic2.fi.quakenet.org] 53896 , 6667 : ERROR : NO-USER
<Penol> oidentd wont work!
<Penol> somone here that can help?
<nhandler> Could someone give me a hand? I'm trying to add a status function to the init script in openvpn, but I'm having some issues
<zul> Koon: ^^^
<mathiaz> nhandler: what are your issues ?
<nhandler> mathiaz: I was trying to look at some of the other patches that have been prepared to add a status function. However, for openvpn, it looks like it has multiple pid files (/var/run/openvpn.*.pid). This is making it difficult for me to figure out how to add the status_of_proc call.
<mathiaz> nhandler: IIRC kirkland said there was a loop somewhere in the init script
<mathiaz> nhandler: you'd probably need to do something similar and check that every vpn is running
<kirkland> nhandler: you might try something like ....
<kirkland> for i in `ls /var/run/openvpn.*.pid`; do
<kirkland>   status_of_proc -p $i $DAEMON openvpn($pid) || status=$?
<kirkland> done
<kirkland> pulling the pid into $pid
<nhandler> Ok, the part that I was running into issues before were because I was trying to figure out how to have the exit 0 || exit $? part in the loop. I didn't think to use a variable
<kirkland> yeah, don't exit in the loop
<nhandler> :)
<kirkland> start off status=0
<kirkland> set status=$? if any is not running
<kirkland> and exit $status
<kirkland> it'll be 0 if they're all running
<kirkland> non-zero if any one is not
<kirkland> it ain't perfect, but it's the best we've got atm
<mathiaz> right - another option would be to print out which vpns are not running
<nhandler> Ok, so it doesn't need to show the status of each individual one? Because using this method, you won't be able to tell the difference between one not running and 5 not running
<kirkland> mathiaz: status_of_proc() will do that too
<mathiaz> it may require more code to track which are up and which one are down
<mathiaz> kirkland: ah right - with the DESC
<kirkland> mathiaz: i was suggesting identifying each by its pid
<kirkland> output would look like
<kirkland>  * openvpn(2113) is running....
<kirkland>  * openvpn(23938) is not running....
<kirkland> * openvpn(3223) is running...
<mathiaz> kirkland: isn't the name of the vpn in the pid file ?
<kirkland> mathiaz: yup, awk/sed that out
<kirkland> in the for loop I suggested up there
<mathiaz> kirkland: that would be more useful IMO
<kirkland> and pass to status_of_proc as the last argument
<kirkland> mathiaz: instead of a simple "openvpn" as the description, pass "openvpn\($pid\)"
<kirkland> mathiaz: oh, you mean the ***name*** of the vpn?
<mathiaz> I'd rather see something like this:
<kirkland> mathiaz: okay, that works too
<mathiaz>  * openvpn(office1) is running...
<kirkland> mathiaz: sorry, i have no experience with openvpn, no idea what it looks like
<kirkland> mathiaz: yeah, that sounds brilliant
<mathiaz> IIRC the init script is set so that the name of the vpn is in the pid filename
<mathiaz> nhandler: you'd have to check this out
<nhandler> mathiaz: I'll do some tests and see what I can do.
<kirkland> nhandler: the important hints are:
<mathiaz> nhandler: but if you could come up with a patch that results in giving an output similar to the one I mentionned above, it would be perfect
<kirkland> nhandler: a) loop over all the pids
<mathiaz> nhandler: * openvpn(office1) is running...
<kirkland> nhandler: b) identify each vpn uniquely by name or pid
<kirkland> nhandler: c) don't exit inside the loop, but after the loop is done
<nhandler> Strangely, when I run openvpn, it does not create a pid file in /var/run. As a result, the status function will fail to run because the ls command won't find any files
<jdstrand> zul: debdiffs attached to openldap bug #229252 and bug #243525
<uvirtbot> Launchpad bug 229252 in openldap "slapd gssapi failure - apparmor profile doesn't support kerberos gssapi" [Undecided,In progress] https://launchpad.net/bugs/229252
<uvirtbot> Launchpad bug 243525 in openldap2.3 "slapd needs apparmor changes for cn=config" [Medium,In progress] https://launchpad.net/bugs/243525
<jdstrand> zul: these are for hardy SRU
<zul> jdstrand: cool Ill get to them
<jussi01> is there a text based browser in the default install of ubuntu server?
<mathiaz> jussi01: w3m
<jpds> jussi01: w3m
<jussi01> ahh, thanks
<kirkland> woohoo!!!
<nhandler> What kirkland ?
<kirkland> 192.168.122.34:3260,1 iqn.2006-01.com.openfiler:tsn.3713b16e7257
<kirkland> that, my friends, is in fact an iSCSI target.
<kirkland> it's alive
 * kirkland is cooking with grease now
<jdstrand> mathiaz: are you still preparing an openldap update for intrepid?
<uvirtbot> New bug: #253121 in dovecot (main) "dovecot sieve sends vacation messages with null envelope sender" [Undecided,New] https://launchpad.net/bugs/253121
<jdstrand> kirkland: \o/
<kirkland> jdstrand: i even have an /dev/sdb :-)
<kirkland> this is big time
<jdstrand> your *awesome* :)
<jdstrand> s/your/you're/
<kirkland> jdstrand: oh, yeah jdstrand, i have some *awesome* in my possession
<jdstrand> ;)
<kirkland> dendrobates: mathiaz: ^^^  ;-)
<mathiaz> jdstrand: yes
<jdstrand> mathiaz: can you then pull in the apparmor changes I just gave to zul as part of your update?
<mathiaz> jdstrand: yes :)
<kees> zul: if your eyes have uncrossed, can you triage a mess of xen CVEs for me?
<kees> I'm trying to understand which apply to what versions, and if they apply to things beyond xen (like qemu, etc)
<jdstrand> thanks mathiaz!
<zul> kees: got a list for me?
<zul> kees: never mind
#ubuntu-server 2008-07-30
<owh> Running gutsy, trying to figure out why this morning I'm seeing "Cannot start TLS: handshake failure" in my mailq - there have been no changes on my end that I'm aware of - as in, I've not changed configs or updated any software. Of course 12 hours ago it was all working fine. Suggestions?
<owh> Hmm, you should know that I'm connecting to smtp.gmail.com.
<mathiaz> owh: there is an issue with gmail and an expired certificate
<owh> Wonderful.
<mathiaz> owh: http://groups.google.com/group/Gmail-Help-Announcements-and-Alerts-en/browse_thread/thread/0948f4f8b9ddb496/b7c9c363eecb3f32?show_docid=b7c9c363eecb3f32
<owh> Merci
<owh> Hmm, that says that it's fixed :(
<owh> Just in case anyone wondered if I fell off the planet. These meetings at 1500 UTC are waay past my bedtime. It's not that I've lost interest, far from it, but I cannot get there at that time. I'm not going to suggest that you move the meeting time, but I just thought you might be wondering.
<thenewguy> do you guys know how i can change PHP settings on a per directory basis?
<thenewguy> inst there a way to place local php.ini files
<nxvl> kirkland: around?
<tlsarles> I was wondering about the basics of clustering. Does this happen at the kernel level, or application? My goal is to have redundant apache servers for load balance and failover. Anyone got any pointers, or good articles on the basics of doing this?
<compubomb> can ubuntu server install jfs as a default file system in it's file system manager app ?
<hads> Haven't installed a server on bare metal for a while so I'm not sure but the desktop can so I don't see why not.
<compubomb> an you use the desktop install for the server, then somehow change the apt-get source file ?
<hads> You could if you really wanted to but you'd end up with a load of cruft. Wht not use the server CD?
<jonesy> I'm sort of shopping for a project to contribute to. Is there an ubuntu server project that anyone knows of that is primarily written in Python?
<jonesy> preferably one with mentorship available :)
<sommer> jonesy: you might check out rapache: https://launchpad.net/rapache
<jonesy> ok, thanks
<deadlyallance691> i am kind of a newb to linux and was thinking could i install the ubuntu server 64bit base system then add the dreamlinux repos and install the dreamlinux desktop environment so as to end up with a 64 bit dreamlinux?
<kraut> moin
<mdz> soren: does the server seed exist now?  where can I find it?
<soren> mdz: No, it's blocked on a tasksel bug, that I've not yet had time to look at.
 * soren goes back to being on holiday
<compubomb> how do i get ipkungfu service to auto-load ?
<_ruben> sudo update-rc.d ipkungfu defaults
<compubomb> _ruben: it says already exists
<compubomb> problem is, when i booted up my system, ip's were not being forwarded untill i ran ipkungfu --no-caching
<_ruben> dunno then, never used ipkungfu
<compubomb> _ruben: it's an awesome firewall
<compubomb> _ruben: it's probably the easiest firewall ever to run :P
<compubomb> you just set like 8 script variables and you are ready to go.
<Deeps> frontend to iptables
 * _ruben prefers to write his own frontends for iptables
<compubomb> anyways.. this is a bit frustrating
<compubomb> btw, my ipkungfu script it not in rcS.d/
<compubomb> is that why ?
<_ruben> it oughta be in /etc/init.d/ i'd say
<compubomb> _ruben: it is.
<compubomb> _ruben: but it didn't load up when i rebooted ubuntu.
<compubomb> so you tell me.
<compubomb> i haven't a clue.
<Deeps> /etc/init.d/ipkungfu start
<Deeps> if that doesn't do it, then the problem's in your configuration and/or it's init script
<Deeps> becaue thats what's being run on reboot
<compubomb> Deeps: that works.
<compubomb> Deeps: the init.d script works
<compubomb> but how come i had to rerun my inet script, i don't think it loaded.
<compubomb> btw, how do you get ubuntu to boot up in verbose mode ?
<uvirtbot> New bug: #253268 in suphp (main) "php5-cgi not working with suphp in Hardy " [Undecided,New] https://launchpad.net/bugs/253268
<EtienneG> any users of Likewise Open noticed that new group membership do not show up on the Ubuntu side until the winbind cache is refreshed with "lwimsg winbind brl-revalidate" ?
<EtienneG> is that a known behavior ?  (bug ?)
<EtienneG> I am wondering if it is a problem in my setup ... doubtful, as it is pretty vanilla
<sommer> EtienneG: new group as in new AD group?
<sommer> EtienneG: does the winbind cache get refreshed when logging out and back in?
<EtienneG> sommer, yeah, new group in AD
<EtienneG> I will try logging out/in again, but I doubt this is related
<sommer> EtienneG: well I was thinking along the lines that if you join a new Linux group you need to log out and back in for the new permissions to work... or refresh your environmnet, but I always forget the commands
<sommer> EtienneG: so basically I'd think the same would hold true for AD groups
<EtienneG> sommer, I see, but that is not what i was thinking
<EtienneG> basically, I am looged in as a local Unix user (from /etc/passwd), and doing groups/id/getent
<sommer> EtienneG: even from a windows client don't you have to log out and back in for new groups?  been a while since I've admined an AD domain
<EtienneG> but now it seem to work without invalidating the winbind cache, so it must be good
<sommer> heh, interesting
<EtienneG> the problem was probably transient, maybe winbind need to be restarted/reloaded at least once after installation to work properly
<sommer> maybe... windows clients need to restart after joining a domain :-)
<EtienneG> ok, I have isolated the behavior to new AD group
<EtienneG> 1. create new group, 2. add member to group, 3. id and groups user on the Ubuntu side do not show member to newgroup, but getent group newgroup do show user as member
<EtienneG> even invalidating the winbind cache or restarting likewise-open does not work
 * EtienneG scratch head
<ahasenack> EtienneG: nscd running?
<EtienneG> ahasenack, this spawn of the devil?  never!
<ahasenack> :)
<EtienneG> but good catch nonetheless, that's exactly the behavior i would have expected from nscd  :)
<ahasenack> EtienneG: id does enumerate all groups in order to find the members
<ahasenack> EtienneG: I believe winbind has that disabled now (group and user enumeration)
<EtienneG> ahasenack, which is probably the problem indeed
<ahasenack> could that be it?
<ahasenack> getent group <groupname> does a direct call, so it's no enumeration
<EtienneG> let me check how it work if I log on as the user in question in question ...
<ahasenack> groups also does enumeration
<ahasenack> you can quickly check by enabling enumeration in smb.conf and retrying
<EtienneG> (in question in question in question in question .... damn caffeine!)
<EtienneG> I think it would need to be changed in /etc/samba/lwiauthd.conf instead, I do not have a smb.conf (yet)
<ahasenack> hmm, whatever winbind is using
<ahasenack> I never used likewise-open
<EtienneG> ok, group membership show correctly when I log on as the user
<EtienneG> I will brush it off then
<emgent> soren: ping
<ahasenack> I once patched id to use getgrouplist(3) instead of group enumeration to find the members, but never submitted it
<ahasenack> shame on me
<EtienneG> ahasenack, how does id do group enumeration?  initgroup(), something else ...
<ahasenack> EtienneG: setgrent(3),  getgrent(3) in a loop for each group, and endgrent(3) at the end
<ahasenack> EtienneG: it lists all groups and looks in each group if the user is a member
<ahasenack> EtienneG: so, besides enumerating all groups, you also enumerate all members
<EtienneG> ahasenack, basically, it walk trhough the entire group database, right ?
<ahasenack> yes
<ahasenack> recent nss_ldap even has a config option to not return the members in a getgrid() call, for example, to try to avoid that traffic if all you want is the group gid
<EtienneG> ok, that is kinda good
<ahasenack> and prone to break a lot of apps :)
<ahasenack> samba has an option to bypass nss completely when used with ldap
<EtienneG> ok, i see, indeed
<EtienneG> I noticed such a problem recently, where dbus-daemon is calling initgroup()
<EtienneG> if you have set nss_ldap to "bind_policy hard" (which is correct, IMHO), it will block at boot if the LDAP directory is unreachable
<EtienneG> IIUC, that is what led to the nss_initgroups_minimumuid hackery right before release
<EtienneG> in the use case I had, it was not possible to do, as there was many 10K users, and you cannot make the nss_initgroups_ignoreuid that long ... :(
<zul> jdstrand: ping
<jdstrand> zul: pong
<zul> jdstrand: was mathiaz going to do the openldap sru upload or was i?
<jdstrand> zul: you are doing SRU, mathiaz is doing intrepid
<zul> jdstrand: ok :)
<jdstrand> at least that was my understanding
<zul> jdstrand: ill get to it this afternoon hopefully :)
<jdstrand> EtienneG: you had 10K users that you wanted to ignore?
<jdstrand> EtienneG: that option was really meant for system groups, and perhaps some admins with low uids
<jdstrand> EtienneG: so the system would at least get to the login prompt. at that point, the admin can make some decisions about what to do for logins (eg, don't let 'em, use some sort of cache, ...)
<EtienneG> jdstrand, that make sense indeed!
<EtienneG> but no, I was not expecting to ignore a couple 10K users
<jdstrand> :)
<EtienneG> no worry!  :)
<zul> EtienneG: you ignore users? shame on you...:)
<EtienneG> was someone talking to me?
<zul> EtienneG: never mind :)
<EtienneG> :D
<jordancason> hay guys im trying to password protect my server and i have a problem with spaces in the dir so how do i go about doing this <Directory /var/www/this dir has spaces>
<sysdef> ls /var/www/this\ dir\ has\ spaces
<sysdef> ls "/var/www/this dir has spaces"
<zul> mathiaz: there is a new openldap sitting on MoM waiting for so summer lovin'
<mathiaz> zul: right - IIRC the changelog is not so big
<zul> man now I have that song in my head
<mathiaz> zul: and there will be another upload with cn=config support
<jordancason> thanks but that does not work within the diretory tab <Directory /var/www/this dir has spaces > </Directory>
<mathiaz> zul: so there is no point in merging this version
<zul> mathiaz: nifty
<zul> also can we merge the bugs for openldap2.3 and openldap?
<mathiaz> zul: yes - I started to work on that too
<mathiaz> zul: all of the openldap2.2 (dapper) bugs have been done
<zul> cool
<mathiaz> zul: openldap2.3 may require to be copied (instead of moved) to openldap as it may still affect hardy
<mathiaz> zul: OTOH some of them may be close for openldap2.3 as they won't be included in an SRU
<kirkland> dendrobates: mathiaz: looks like we're going to need an open-iscsi udeb package for the installer
<mathiaz> kirkland: isn't there such a package already ?
<mathiaz> kirkland: I remember seing an entry in the changelog refering to a udeb
 * kirkland checks
<kirkland> mathiaz: damn, you're right again :-)
<kirkland> mathiaz: another question about lsb-base:status_of_proc() .... could that go into hardy-backports?  another question from superm1
<mathiaz> kirkland: I don't think so - It doesn't really fit the SRU critiria
<ogra> kirkland, -backports isnt really tied to the distro
<mathiaz> kirkland: oh - -backports
<ogra> so usually everything that builds can go in there
<mathiaz> kirkland: yes - it can go there
<mathiaz> kirkland: I'm not sure if it's worth doing it though
<ogra> you would need the backports team to approve it ... ScottK is on that team afaik
<kirkland> mathiaz: okay, thanks....  he was willing to take the init script patches for mythtv* only *IF* he could make it backport available
<kirkland> ogra: cool, thanks for the pointer
<mathiaz> kirkland: well - if he wants to do the -backport procedure, that's great
<ScottK> kirkland: File a bug in hardy-backports (I assume we're discussing Hardy) and ping me.
<kirkland> ScottK: yes, hardy, thanks, will do.
<mathiaz> kirkland: I don't see why taking the init script patches in intrepid is tied to accepting a hardy backport
<mathiaz> Koon: wrt to bug 253032 - you may wanna checkout the Gnome User Interface guide
<uvirtbot> Launchpad bug 253032 in likewise-open "likewise-open-gui needs a better menu item name" [Low,Confirmed] https://launchpad.net/bugs/253032
<mathiaz> Koon: or one of the debian manuals - IIRC there is a section about naming entries in the menu
 * delcoyote hi
<jmazaredo> are there like audit software for email to see what text, attachment, date it was sent server side
<nandersson> Which is the best webmail found in Ubuntu main? Is squirrelmail the only way to go or is there a better solution?
<jmazaredo> fastest and easy i think
<jmazaredo> for noob like me ;)
<Nafallo> nandersson: none? :-)
<Nafallo> we don't have webmail in main
<Nafallo> at least not as far as I'm aware.
<nandersson> Nafallo, my bad - I meant in universe
<nandersson> I've used Squirrelmail this far, but I wanted to know if there where any other options I was not aware about
<Nafallo> nandersson: roundcube?
<jmazaredo>  can i log "all" things that happen mail server? including all messages and attachments that will be stored in a folder for future reference?
<nandersson> Nafallo, That looked quite neat :)
<Koon> mathiaz: ok, thx for the pointer
<sommer> jdstrand: just pinged slangasek about kerberos_example auth-client-config profile, and this one worked great: http://paste.ubuntu.com/32255/
<sommer> jdstrand: a system user can have the same password as the kerberos principal and receive a ticket
<sommer> jdstrand: and the ccreds work as well
<eikke> does anyone happen to have a build of dovecot-antispam for x86_64?
<eikke> or does anyone have a 64bit machine where it could be built? :)
<gouki> Any ideas of an appliance to create a centralized address book with support to a web interface? (ldap powered)
<ivoks> sommer: can i add some additional chapters to guide?
<sommer> ivoks: absolutely
<sommer> what did you have in mine?
<sommer> er mind
<ivoks> sommer: and, forgive me cause i'm clueless, how do i edit this files? :D
<ivoks> redhat-cluster-suite
<sommer> ivoks: mathiaz wrote up a great guide to getting started with the serverguide: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase#head-0ae127e06ffba31c94b458fbef6eb033e5d8461e
<sommer> basically the serverguide is DocBook xml files, so once you check them out of bzr you can edit them, then make a diff and send it to the doc ml
<ivoks> right... with vim? :)
<ivoks> i hate xml :/
<sommer> vim works, but the spelling didn't work so great for me so I switched to gedit
<sommer> basically whatever your comfortable with
<ivoks> ok, i tought i need some special editor
<ivoks> like conglomerate
<sommer> ya xml isn't the greatest, but there really isn't that many tags
<ivoks> ok... i'll try and see how it goes
<ivoks> thanks
<sommer> ivoks: that's awesome, if you have any questions just let me know
<arakthor> There are some messages appearing in message kern.log syslog that I don't understand - would anyone be able to take a quick peek at it? http://www.pastebin.ca/1087362
<jdstrand> sommer: awesome-- I'll update the file and push it out
<jdstrand> sommer: thanks! :)
<sommer> jdstrand: welcome, and thank you
<sommer> auth-client-config is a great tool :)
<jdstrand> sommer: glad you like it :)
<jdstrand> sommer: are you using libpam-krb5 or libpam-heimdal (I assume the former)
<jdstrand> ?
<sommer> jdstrand: yes libpam-krb5
<sommer> since it's in main
<sommer> or mit kerberos is in main
<jdstrand> sommer: right-- I found it interesting that the options you used are all the same (the one in acc was actually tested with heimdal)
<jdstrand> sommer: so it's good to know that it'll work either way :)
<sommer> cool, I actually started with heimdal and it's somewhat easier to work with IMHO
<sommer> mit isn't that bad though
<sommer> jdstrand: so are you going to rename it from "kerberos_example" ?
<jdstrand> sommer: well, I wasn't planning on it... I suppose I could. I'd like to see what happens with the 'uncomplicated directory services' stuff that's going on...
<sommer> jdstrand: sure that makes sense, I was just thinking of the lac_ldap profile
<jdstrand> sommer: yes-- but that is supplied by ldap-auth-config
<sommer> I guess "example" kind of gives the impression that it may not work as you'd expect
<sommer> either way, not a big deal
<jdstrand> acc doesn't really dictate policy-- just a way to switch stuff around
<jdstrand> sommer: I figure once the directory services is worked out, a profile could be provided be one of those packages
<jdstrand> s/be/by/
<jonesy> score 1 for ubuntu-server. I just booted it for the first time ever and it doesn't launch a gui.
<jonesy> ubuntu-server++
<sommer> jdstrand: so is 'uncomplicated directory services' going to be a utility like ufw?
<sommer> jdstrand: or is it more of a project codename for all the ldap integration stuff
<Fenix|work> Greetings
<jonesy> I have some directory services ideas based on an Ubuntu talk I heard at oscon, but I'm not sure how far they'll get.
<Fenix|work> I'm looking for a RAID driver for a PERC/CERC ATA100/4ch card
<jdstrand> sommer: it was something soren coined-- it's not official or anything-- but it's all based on what we talked about at UDS
<Fenix|work> lspci shows the card as :: RAID bus controller: American Megatrends Inc. MegaRAID (rev02)
<Fenix|work> but megaraid doesn't work
<Fenix|work> any suggestions (besides not using a Dell box) :)
<jdstrand> sommer: basically, deploying a directory server should be as simple as a LAMP stack, and then make client configuration just as easy
<sommer> jdstrand: awesome, I totally agree... I think that could be the 'killer app' for ubuntu server
<sommer> or the app that becomes the reason to deploy an ubuntu server on your network
<jdstrand> sommer: me too-- it's been a long time coming in the free software world
<jonesy> jdstrand++  I'd love to see some kind of DS subsystem pre-installed. Admins new to it would be able to get up to speed if they had something preinstalled they could interact with and poke at.
<jdstrand> there's a blueprint somewhere-- I think mathiaz is heading it up
<jonesy> It should be in the installer next to "DNS Server" and "LAMP Server"
<jonesy> this way you don't have it installed on every box -- just the one acting as the directory server.
<jdstrand> jonesy: I think that's the plan, or at least a very similar experience
<jonesy> that'd be nice. What's the DS philosophy in ubuntu? Is it strict kerberos/ldap, or can you say "I want NIS"?
 * jonesy doesn't want nis, for the record
<jdstrand> jonesy: I'm most confident we won't have NIS, but I think the plan is to support ldap for both authorization and authentication, and also kerberos authentication with ldap authorization
<jonesy> just so I understand, if ubuntu were to create, say, a stupid-easy interface for setting up and managing ldap services (perhaps even federated, remote servers), would that be submitted upstream for use by the rest of the open source community?
<jdstrand> jonesy: it's all open source, so anyone can grub it and use it
<jonesy> because I've used both openldap and FDS extensively, and I'd love to see an optional GUI on top of openldap while still maintaining the CLI interface.
<jdstrand> grab it
<jonesy> grab, grub, what's the difference, really. We're all digital hippies here.
<jonesy> ;-P
<jdstrand> jonesy: keep in mind, all this is in the planning stages with some backend work happening as well
<jonesy> really? Where? Maybe some of my ideas can still be heard!
<jdstrand> jonesy: but I believe the first steps are to get a good CLI experience, maybe with good integration with 'adduser' and friends
<jonesy> yeah, that'd be nice too.
<jdstrand> jonesy: then look at integrating some sort of gui-- I know the FDS frontend has been looked at, but don't know the status
<jonesy> I've used it. I'm not a fan, really.
<jdstrand> jonesy: IIRC, it's fairly tied to the FDS backend, but I haven't looked at it
<jonesy> the features of it are actually nice, but it's all java, and so it's kinda flaky and slow (last I used it), and it was impossible to launch using, say, 'ssh -Y'
<jdstrand> it may be able to be decoupled
<jonesy> really? I thought it was going to use openldap! Interesting news!
<jdstrand> jonesy: hence the 'good CLI experience' :)
<jonesy> I'm agnostic. I hate the openldap community, but I like the tool, and I hate the FDS monstrosity, but love their community.
<jdstrand> jonesy: I think you misunderstood
<jdstrand> jonesy: Ubuntu will use openldap
<jonesy> whoops
<jonesy> oh
<jdstrand> FDS gui is fairly tightly integrated with the FDS backend-- I was saying it might be possible to decouple it
<jonesy> oh.
<jonesy> wow.
<jdstrand> but I am only on the periphery of these discussions, so I may not have the most up to date information :)
<jonesy> Might be easier to write a new one, to be honest. The GUI in FDS, iirc, is integrated not only with the "backend" (a nebulous concept in FDS by itself), but also the web-based org trees and some other stuff.
<jonesy> it also uses the mozilla certdb rather than simple flat files referenced in the config like in openldap
<jonesy> and... did I mention it's java, and slow and flaky? ;-P
<jdstrand> like, I said, it was looked at as on option-- so was developing a gui
<jonesy> no offense to java gui developers.
<jonesy> gotcha
<jdstrand> I don't think any decisions have been made on that front
<jonesy> can I join some list or chan about this stuff?
<jdstrand> jonesy: have you participated in the ubuntu-server meetings?
<jonesy> no, I'm completely new to ubuntu-server, though not unix/linux.
<jonesy> I heard some things that got me interested at oscon.
<jdstrand> jonesy: the mailing list is ubuntu-server (https://lists.ubuntu.com/)
<jonesy> ...where the linux track should've really just been called the ubuntu track.
<jdstrand> jonesy: I recommend you look at https://wiki.ubuntu.com/ServerTeam
<jonesy> oh, ok. I thought all this stuff would be a subproject with its own list. I'll join the ubuntu-server list. Thanks.
<jonesy> I believe I looked at that, but will look again.
<jdstrand> there's all kinds of info, including the next meeting and agenda
<jonesy> yeah, this is not what I saw. Reading now.
<jonesy> thanks
<jdstrand> np
<jonesy> what does "ubuntu server team LP" mean?
<jonesy> from here --> https://wiki.ubuntu.com/ServerTeam/GettingInvolved
<sommer> jonesy: that's the ubuntu server Launch Pad team
<jonesy> acronyms should be defined before use. My $.02
<jonesy> thanks!
<jonesy> er... I'll figure out what that is later I guess.
<jonesy> ;-P
 * EtienneG grumble
<EtienneG> is there a public bug tracker for Likewise Open?  I mean, the project, not the Ubuntu package
<EtienneG> I also cannot seem to find the changelog for 4.1.0 (I would hate to report bugs to LP that are fixed upstream already)
<EtienneG> and while i am there ... do they have a public IRC channel somewhere?
<ScottK> I think it's got a separate project in Launchpad, but I'm not certain.
<EtienneG> ScottK, LP says: 0 projects found  matching âlikewiseâ
<EtienneG> :(
<ScottK> So either it's not there or Launchpad search is buggy.
<ScottK> Not sure which is more likely.
<EtienneG> how dare you suggest Launchpad is BUGGY!!!11
 * EtienneG is just joking
<ScottK> I do it routinely.
<EtienneG> ho well, I will report my bugs against the Ubuntu package then
<jdstrand> sommer: committed your profile to bzr, will upload package soonish
<EtienneG> #253394
<sommer> jdstrand: coolness
<EtienneG> shortest bug report evar
<mathiaz> EtienneG: http://lobugs.likewisesoftware.com/
<mathiaz> EtienneG: ^^ upstream likewise-open bugzilla
<EtienneG> mathiaz, thanks a bunch, matey
<lukehasnoname> bug #253394
<uvirtbot> Launchpad bug 253394 in likewise-open "Typo in Likewise Open GUI (misspelled "privileges")" [Undecided,New] https://launchpad.net/bugs/253394
<EtienneG> mathiaz, would they have a code repository somewhere by any chance (so we can browse code and see history) ?
<mathiaz> EtienneG: I think they're using git - but I don't know if they have an public repository
<EtienneG> git? sacrilege!
<EtienneG> too bad, they have an annoying form to enter to download lw-open from their web site
<ScottK> No, git, used places other than Ubuntu.
<ScottK> I know bazaar is used other places than Ubuntu, just none that I've ever encountered personally.
<uvirtbot> New bug: #253394 in likewise-open (main) "Typo in Likewise Open GUI (misspelled "privileges")" [Undecided,New] https://launchpad.net/bugs/253394
<sommer> ScottK: I'll bet that may increas once LP is open sourced :)
<EtienneG> I guess I will have fill the form ...
<sommer> didn't mysql switch to bzr?
<EtienneG> ScottK, again, I was just joking (i love playing the zealot on the intarweb)
<EtienneG> sommer, right, they did
<EtienneG> and it is a fairly huge codebase at that
<EtienneG> gosh, i hate bugzilla
<jonesy> me too
<jonesy> I wish it would die.
<ScottK> I'll be sacraligeous and say I like it better than Launchpad.
<ScottK> At least it supports basic functions like having bugs block other bugs.
<jonesy> mathiaz: you're doing the openldap cn=config migration and user/group DIT?
<jonesy> launchpad is a little confusing. Is there some link I'm missing to get from a blueprint to the defined tasks to make them reality, so you can see which tasks aren't assigned, and then use that to figure out where one might fit in?
<ScottK> jonesy: I don't think such a thing exists.
<jonesy> ok, thanks. Not surprising. I find that all of the tools similar to this have problems integrating with.... themselves :)
<jonesy> so, is there another tool, or some place I can figure out what tasks have been defined for a blueprint so I can figure out how to help out (if I can)?
<ScottK> jonesy: Generally they are written in the spec or on the associated wiki page if anywhere.
<jonesy> clearly projects can't just fall from the ether complete with team members.
<jonesy> ok, I guess I'll sift. I'm really surprised that this isn't easier given Ubuntu's success at attracting new developers.
<ScottK> jonesy: Here's an example of one (that happens to need help) https://wiki.ubuntu.com/ClamavSpamassassinInMain
<kirkland> mathiaz: hey, can you help me get open-iscsi into the server installer seed?
<kirkland> mathiaz: or point me in the right direction?
<mathiaz> kirkland: hm - I can point you to #ubuntu-installer
<mathiaz> kirkland: I'm not sure exactly what you want to do
<mathiaz> jonesy: yes
<kirkland> mathiaz: okay, thanks, i'm there.
<ScottK> Do we have an explicit server seed yet?
<mathiaz> kirkland: I guess you want to make sure that the deb and udeb are on the cd
<mathiaz> kirkland: to do that I can help
<kirkland> mathiaz: yes, that's what i need
<mathiaz> kirkland: it's a matter of adding the deb to the server-ship seed
<jonesy> mathiaz: well, I'd love to help out, so if there's something I should do or a link besides the blueprints I should see, let me know. The problem is one that interests me, but I don't have a PHd in Launchpad.
<kirkland> mathiaz: cool, pointers?
<ScottK> jonesy: The MIR work needed for the spec I linked you is a good way to learn some things about package and how Ubuntu works.  If you're interested, I can help you.
<mathiaz> kirkland: https://wiki.ubuntu.com/SeedManagement
<mathiaz> kirkland: there is a section about changing the seeds
<kirkland> mathiaz: thanks, i'll go read
<jonesy> ScottK: clamav and spamassassin are really both outside my area of expertise. I only have an end-user familiarity with spamassassin, and have never touched clamav. In general, the further away from email I can be, the better (where servers are concerned).
<mathiaz> kirkland: and the bzr branch you're looking at is https://code.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/ubuntu.intrepid
<jonesy> no offense, of course.
<mathiaz> kirkland: probably the server-ship file
<mathiaz> jonesy: great - I'm about to upload a new package with cn=config migration code enabled - once there I'll send out a call for testing
<mathiaz> jonesy: probably on the ubuntu-server mailing list and the ubuntuserver blog
<jonesy> ok, thanks
<ScottK> jonesy: Know anything about Perl?
<jonesy> so, it's just a one-man dev team?
<ScottK> Most of the stuff needs doing in perl packages.
<jonesy> ScottK: yes. Plenty. It's the reason I use Python! ;-P
<ScottK> ;-)
<jonesy> but seriously, I've been doing admin stuff for like 10+ years, and used perl up until about a year or so ago
<jonesy> then I created Python Magazine. It's all downhill from there.
<jonesy> ;-P
<ScottK> If you're interested in learning more about how Perl is packaged in Debian/Ubuntu, some of the SpamAssassin related MIR could be interesting.
<ScottK> If not, then not so much.
<jonesy> it's just not an area I have much interest in, to be honest. But if all I can do to contribute to the DS-related stuff is test, I might ping you later :)
<ScottK> OK.
<jonesy> I'm sure I just don't understand the development process in use at ubuntu-server. Is there some high-level description of the flow somewhere?
<ScottK> Probably.
<ScottK> Not sure where.
<jonesy> I'm kinda used to just downloading a package, seeing b0rk3dness, fixing it, submitting a patch... this is a whole distro though :)
<ScottK> Right.
<jonesy> maybe I can work on something called "making it stupid-easy for new developers to be productive quickly"
<jonesy> it could probably be a wiki page, if it isn't already.
<ScottK> The basic idea is: Have a developer summit (UDS) - 1 week face to face make a plan, write specs to document the bits of the plan, get them approved, go implement, test, release.
<mathiaz> jonesy: well - it works the same way - you download a package, come across a bug, fix it and submit a patch
<jonesy> oh
<jonesy> does the same go for new features?
<mathiaz> jonesy: you may wanna check out https://wiki.ubuntu.com/MOTU/GettingStarted
<ScottK> Features it depends.  You can write a spec and get it approved (you don't actually have to go to UDS).
<mathiaz> jonesy: and https://wiki.ubuntu.com/UbuntuDevelopers for a better understanding of how the dev community is structured
<Koon> EtienneG: LW git tree : http://git.likewisesoftware.com/?p=likewise-open.git
<ScottK> In general, particularly once you are a developer, if you can do it yourself, you can just do it.
<Koon> EtienneG: also you can download sources at http://archives.likewisesoftware.com/likewise-open/src/
<EtienneG> Koon, thanks a lot, I got the released source tarball
<EtienneG> but i will sure keep the git tree URL handy for future reference
<Koon> EtienneG: you're welcome. Their "community" pages aren't so good as pointers for useful info.
<Fenix|work> Greetings... I need some help in transposing CentOS package names unto Ubuntu names
<Fenix|work> anyone willing to give it a try?
<Fenix|work> httpd-devel, apr-devel and apr-util-devel
<kirkland> Fenix|work: httpd -> apache2
<Fenix|work> expat-devel, krb5-devel, mysql-devel rpm-devel
<kirkland> zul: you still around?
<Fenix|work> what about the apr stuff?
<kirkland> Fenix|work: apt-cache search apr | grep dev
<kirkland> libapr1-dev - The Apache Portable Runtime Library - Development Headers
<Fenix|work> yeah, just remembered cache :)
<kirkland> mathiaz: http://bazaar.launchpad.net/~kirkland/ubuntu-seeds/ubuntu-seeds.intrepid-iscsi/revision/1304
<kirkland> mathiaz: can you merge that into the server-ship seed?
<kirkland> zul: perhaps you could merge that server-ship seed addition for me?
<backenfutter> hey folks... could somebody tell me why this .htaccess just won let me login? I played around with it a bit, but just wont work... http://paste.ubuntuusers.de/391053/
<kirkland> backenfutter: perms on /var/secret/.htusers
<kirkland>  ?
<backenfutter> 644 root:root
<backenfutter> 755?
<zul> kirkland: who do what now?
<backenfutter> kirkland: god damn... that was it... thx so much kirkland
<backenfutter> got it
<backenfutter> 755 brainiac:www-data
<zul> merge the open-iscsi into the seed?
<zul> chuck@krusty:~/work/server/seeds/ubuntu.intrepid$ grep iscsi *
<zul> server-ship: * open-iscsi # ChuckShort
<zul> server-ship: * open-iscsi-udeb # SorenHansen
<kirkland> zul: hmm
<zul> kirkland: what problem are you having?
<kirkland> zul: hmm, let me start an install from scratch
<kirkland> zul: look at that....
<kirkland> zul: okay, yeah, that worked now.... anna-install open-iscsi-udeb
<kirkland> zul: i was missing the -udeb
<zul> kirkland: ah
<zul> bbiab
<ivoks> kirkland: ping
<ivoks> ah, never mind :)
<kirkland> jdstrand: kees: either of you guys (or anyone else) an "nc" expert?
<kirkland> actually, i don't really even need an expert....
<kirkland> how can i use it to see if a given ip/port is open on a remote machine
<kees> kirkland: simplest way would be with nc -v -v -v HOST PORT.  if it connects, it's open.
<kirkland> kees: thx
<kees> kirkland: np
<kirkland> kees: hmm, no -v option in the busybox nc ;-)
<kees> heh -- dunno if you're limited to busy box.  check the klibc toolset?
<kirkland> kees: i'm in the installer shell
<kees> kirkland: iscsi madness?
<kirkland> kees: yeah, i'm getting an ECONNREFUSED
<kees> then it's not listening.  ;)
<kirkland> kees: i'm wondering if the tcp stack in the installer is incomplete?
<kirkland> kees: but it is listening, at least from other clients
<kees> kirkland: what's returning ECONNREFUSED?
<kirkland> kees: at first, iscsiadm, but now, also nc -p 3260 192.168.122.34
<juris> using 8.04 server edition. after apt-get upgrade it seems to upgrade kernel and after restart I have kernel panic. any solution? thanks :)
<kirkland> kees: it appears that the machine in the installer has IP address 192.168.122.254... I wonder if that would present a problem somehow as a client?
<kees> juris: that's a pretty broad problem.  anyone helping to solve that would need to know specifically what the panic reported, then check for bug reports, etc.
<kirkland> that's not a reserved IP, as far as I'm aware
<kees> kirkland: you sure you want -p ?  that's usally the local port not remote port.
<juris> how can I give You more information? What logs should I give? Do i have write all what I see in boot screen? Can I get back my old kernel? :)
<kirkland> kees: okay, good call, now: "nc 192.168.122.34 3260", just sort of hangs, like it's listening, rather than throwing ECONNREFUSED
<kees> kirkland: what's returning ECONNREFUSED?https://wiki.ubuntu.com/DebuggingKernelOops
<kees> kirkland: right, it was trying to connect on the telnet port.  :)
<kees> juris: I personally probably can't help.  I was just saying in generally, if someone can help, they'll need a lot more information.  See https://wiki.ubuntu.com/DebuggingKernelOops
<kirkland> kees: 3260 is a telnet port?
<kirkland> kees: i thought that's an iscsi port
<kees> kirkland: no, you did'nt specify a port, so nc used 23.  (3260 was the _local_ port)
<juris> thanks for link!
<kirkland> kees: connect(3, .....) is returning -1, ECONNREFUSED
<kirkland> kees: according to the strace
<kees> kirkland: right, sorry, I had accidentally scrolled up while pasting the debug link
<kirkland> kees: so I have two different vm's.... one a running intrepid instance, the other, in a shell in the installer
<kees> kirkland: okay
<kirkland> kees: the full os intrepid can lists the iscsi shares just fine
<kirkland> kees: the installer one gets the ECONNREFUSED
<kirkland> kees: i'm looking at each one's strace output
<kees> what is the command that does the iscsi share-looking?
<kirkland> kees: iscsiadm -m discovery -t st -p IP_OF_ISCSI_TARGET
<kees> compare ifconfig -a output?  maybe network mask is hosed?
<kirkland> kees: no ifconfig in the installer ;-)
<kirkland> kees: and I don't see a udeb for net-tools
<juris> OK. It seems it is big problem to debug kernel oops for average Ubuntu users but I am newbie. Can I just use previous kernel? I installed Ubuntu yesterday but I have already configured Virtualmin and uploaded files and I don't want to start from ebginning? I burned fresh .iso file 2 days ago.
<kees> juris: when you boot, grub should give you the option of several kernels.
<juris> LILO :P
<juris> I can't select kernel...
<juris> LILO autoamticaly launches this bad kernel
<kees> lilo?  that's not a very standard install :)
<kirkland> juris: i'd say grub would be recommended for a self-proclaimed 'newbie' :-)
<juris> Yes, I knew but I have some trouble in GRUB and I don''t know how to delete this... I have maaany kernels in it because of this kernel oops
<juris> I figured to install lilo and it was fine for some hours :)
<kees> juris: I would recommend installing grub.
<juris> apt-get install grub?
<kees> juris: if this is an otherwise stock machine, sudo grub-install; sudo update-grub  should work.  however, I can't promise anything, so be careful.
<kees> juris: you should see your available kernels in /boot/vmlinuz*
<juris> I use Windows XP now :D I have only 1 SATA cable and I need to turn off computer to boot in linux (recovery mode?) maybe You think it's little bit strange but i wiil use this server in data center but I will keep one Hard Disk for my new home PC. Do I need to install Other Ubuntu?
<juris> Maybe there is Live CD to fix GRUB?
<juris> small, simple live cd for me :)
<kirkland> kees: funny thing is that i can ping the same host
<kirkland> kees: makes me think it's a problem in the tcp stack
<kees> juris: I really don't know what to say -- you have a very unusual configuration.  perhaps use the Launchpad Answers section?
<kees> kirkland: the kernel is the kernel so probably not the stack.  I would guess misconfigured network settings.  Does the "ip" command exist?
<kirkland> kees: yeah
<kirkland> kees: i'm looking at the busybox manpage now for "ip" info
<kees> kirkland: ip addr show
<kirkland> kees: inet 192.168.122.254/24 brd 192.168.122.255 scope global eth0
<kees> kirkland: and that matches the other vm?
<kirkland> kees: the other vm has a "LOWER_UP" flag
<kirkland> kees: and an inet6 stack, but otherwise, okay
<kees> try other stuff to the target machine, like starting a "nc -l -p 8080 -v -v -v" and seeing if you can connect to it, etc.
<juris> Yes, my situation is little bit strange. Google have many links to "fix GRUB"  :) It's late. I better go to bed now :D
#ubuntu-server 2008-07-31
<kirkland> kees: other ports seem okay
<kees> kirkland: dunno man.
<kirkland> kees: okey doke, thanks
<kees> doesn't sounds like a network problem.
<RainCT> Hi
<kirkland> kees: i'm going to dig deeper on the iscsi target end
<RainCT>  I want to import (and sync from time to time) an user database from some sort of management system to an Ubuntu server and have some of those users have access to different stuff (like FTP/WebDAV to certain directories, etc.). Is there already some (easy to use) system to handle this or would it be better to just create a set of scripts for this myself?
 * kees nods
<kirkland> kees: there might be some crazy network acl that i'm missing
<mathiaz> RainCT: it depends on what do you mean by "some sort of management system"
<RainCT> mathiaz: Well, I don't really know yet what it is, but it has data about people which can be exported (to CVS or something like that, probably).
<RainCT> it's some management software that they use at my school
<kirkland> kees: okay, so i've made some marginal progress
<kirkland> kees: looks like an iscsid needs to be running on the initiator
<kees> kirkland: ah-ha
<kirkland> kees: and i need to generate a unique iscsi iname
<kees> uuid ftw
<kirkland> kees: gotta manually do the init script bits, as the udeb doesn't have one
<kirkland> btw, nano sucks
<kirkland> voila!!!!!
<kees> maybe add uuid-runtime udeb?
<kirkland> kees: nah, there's an iscsi-iname
<kirkland> kees: gotta write that to an /etc file
 * RainCT refrains from saying "nano rocks" ;P
<kirkland> kees: then start iscsid
<kirkland> kees: then run the discovery
<kirkland> kees: i've got ;-)
<kirkland> kees: it's mostly complications on the iscsi server (target) end
<kees> kirkland: cool, great :)
<nxvl> nijaba: are you in SF?
<zul> kirkland: nano is your friend
<nxvl> zul: why if you have vi?
<mathiaz> nxvl: not yet - only next week IIRC
<mathiaz> nxvl: re - your nijaba question
<nxvl> :D
<nxvl> mathiaz: thanx
<nxvl> mathiaz: did you got my e-mail?
<mathiaz> nxvl: which one ?
<nxvl> mathiaz: about Config-Model
<mathiaz> nxvl: yes
<mathiaz> nxvl: do you have problem sending emails ?
<nxvl> nop
<nxvl> but all of you canonical employes are so busy that sometimes it takes 4 days until you read a mail
<stickystyle> Can anyone recommend a vacation auto-reponder script that users could easily configure (like via a web interface)?  I have been using a program called 'vacation' which works fine, but it sucks since I have to set it up and tear it down myself for each user when they want it.
<nxvl> and as i see that you didn't mention it on the meeting yesterday i was making sure
<nxvl> :D
<Sp0tter> anyone run ubuntu server from an SD card on a laptop?
<nxvl> Sp0tter: is it possible?
<Sp0tter> I'm pretty sure its possible
<Sp0tter> I'm curious if it works well
<yell0w> jdstrand: are you there ?
<yell0w> jdstrand: something's very wrong with ufw
<ScottK> yell0w: I think it's pretty well the middle of the night for him.  I'd suggest file a bug.
<yell0w> ScottK: it is for me to, i'll wait for him tomorrow or file a bug tomorrow whichever comes first :)
<uvirtbot> New bug: #253471 in openssh (main) "openssh-client hangs then drops after authenticating" [Undecided,Incomplete] https://launchpad.net/bugs/253471
<kraut> moin
 * rgl waves
<edmoore> If I'm about to spend $500 on building a headless server box, and am new to this kind of thing, are there any pitfalls I should know? Any annoying compatibility issues? It's a general server for some basic web serving, running sims (which could keep one core busy for several days at a time), storing some research work (so software raid 1) and generally being a useful box in the corner for a small research group.
<juris> I have kernel panic. I am using LILO (yes, LILO). I am newbie in Linux things. How Can I get back  GRUB loader? Is it possible with rescue broken system option?
<juris> bump :)
<jdstrand> yell0w: what's the problem?
<edmoore> just reposting my question of this morning (unhelpful timezones, y'see): If I'm about to spend $500 on building a headless server box, and am new to this kind of thing, are there any pitfalls I should know? Any annoying compatibility issues? It's a general server for some basic web serving, running sims (which could keep one core busy for several days at a time), storing some research work (so software raid 1) and generally being a usef
<edmoore> + any advice on the price sweetspots of various components that will sum to $500 would be much appreciated too
<ScottK> Use Google (or your favorite equivalent) and check your compononents (motherboard chipset primarily for a server) to see that people report success with it.
<lukehasnoname> 250GB HD, dvd rom, $40 case (Coolermaster), 350-450W PSU (from Antec, Thermaltake, Corsair), AMD dual core proc ($100), $60-$80 mobo from Gigabyte or Biostar
<ScottK> Personally I have a lot of luck with Intel motherboards and processors, but they aren't the cheapest.
<lukehasnoname> >_>
<lukehasnoname> edmoore: Are you going to need a lot of data storage?
<edmoore> lukehasnoname: not particularly - I was thinking of a pair of 250GB for the raid1
<edmoore> and intel, yeah
<edmoore> whatever dual core $100 gets me
<kaushal> hi
<kaushal> how can i install packages from CD
<kaushal> I did
<kaushal> apt-cdrom add
<kaushal> aptitude update
<kaushal> aptitude install fluxbox slim
<kaushal> basically all the packages are in /mnt/cdrom/pool/main
<kaushal> I have installed Ubuntu 8.04
<kaushal> Server Edition
<kaushal> anybody awake here
<emgent> heya
<_ruben> why install fluxbox on a server?
<lukehasnoname> some people want a gui
<kaushal> _ruben, ok
<kaushal> Basically I have all the packages under /mnt/cdrom/pool/main
<_ruben> lukehasnoname: thats a fact, the question is why ;)
<kaushal> How can i install it
<sommer> kaushal: fluxbox is in universe... and I'll bet not on the cdrom
<_ruben> kaushal: yyou already mentioned the proper commands .. tho thats assuming you are root, which you probably arent, so you need to put 'sudo' in front of those commands
<kaushal> I have logged in as root
<lukehasnoname> edmoore: it can be done in $500. GSkill 4GB ram, 2x250 GB seagate drives, Lite-on dvd burner, Coolermaster Eilite 330 case, Antec Earthwatts 380w psu, (AMD 5400+ 2.8 GHz) or (Intel E2220) and a motherboard.
<_ruben> $500 for server-grade hardware is kinda pushing it though ;)
<uvirtbot> New bug: #253648 in bacula (universe) "bacula-director-pgsql postinst script uses UTF8 to create database instead of SQL_ASCII" [Undecided,New] https://launchpad.net/bugs/253648
<lukehasnoname> psh, I just gave you the list. You aren't going to be running redundant PSUs with octocore 32GB blades here.
<lukehasnoname> I think the virtualisation area of the server guide should move "Virtual Networking" below "installation"
<sommer> lukehasnoname: ya, I thought that myself, but if you setup a bridge then run virt-install the vm will automagically use the bridge... so there's advantage to having it above
<sommer> foolano: at uds prague you mentioned a drink of wine and coke, but I forgot the name?
<zul> disgusting
<zul> thats what its name
<sommer> zul: no, it was a spanish type name... and it's actually quite good, especially with cheap wine, heh :)
<Fenix|work> Greetings!
<Fenix|work> Quick question on Apache
<Fenix|work> I've noticed theres an apache.conf and a blank httpd.conf
<Fenix|work> Do I make custom changes in httpd.conf
<Fenix|work> or in apache.conf
<sommer> Fenix|work: depending on the change, usually the best place is /etc/apache2/sites-available/default
<Fenix|work> what happens when apache gets updated?  does default remain the same?
<sommer> Fenix|work: that way you can configure multiple vhosts seperately
<sommer> Fenix|work: it should ask you if you want to overwrite the config or not
<Fenix|work> alright... I'm just trying to wrap my head around some of these changes
<Fenix|work> another admin at another site uses centos and gave me an httpd.conf to use, so I'm trying to ubuntu-ify it
<sommer> Fenix|work: you'll probably want to focus on any <VitrualHost> settings and migrate those to the <VirtualHost> in the sites-available/default file
<Fenix|work> Ok.  I can stick things like ServerTokens and such in there.
<edmoore> lukehasnoname: appologies for not thanking you earlier - got sidetracked at work (y'know how it is!). Thanks very much for your suggestion, it looks about perfect
<edmoore> however I might s/Coolermaster/antec sonata III
<edmoore> as during the move to new labs it's going to be in my room for several months, and fan whir isn't my thing!
<Eudoxus> how do I add the mod_rewrite module to my current php installation?
<Eudoxus> and then restart php to apply it?
<Eudoxus> yes I'm on Ubuntu
<sommer> Eudoxus: do you mean apache mod_rewrite?  if so do: sudo a2enmod rewrite; sudo /etc/init.d/apache2 restart
<Eudoxus> yeah sorry apache
<Eudoxus> sommer, THANKS!
<sommer> Eudoxus: np
<foolano> hey sommer
<foolano> calimocho
<foolano> calimocho is the name of that spanish drink
<sommer> foolano: awesome!  thanks man
<foolano> and zul: it's not disgusting :P
<sommer> heh, party!
<foolano> sommer: remember, the worse the wine, the better
<sommer> foolano: hehehe... ya what made me think of it is the $3 bottle of red wine I picked up from walmart on impulse the other day, so that should be covered :)
<foolano> sommer: dude that's perfect. that's the real mccoy :P
<Kaushal> hi
<Kaushal> I have installed Ubuntu 8.04 Server Edition on my system
<Kaushal> After the installation I found that most of the packages were not installed
<Kaushal> I did mount /dev/scd0 /mnt/cdrom
<Kaushal> and then cd /mnt/cdrom/pool/main and found that in the directory all the packages
<Kaushal> How can i install these packages on to my system
<Bnydell> hello everyone.  I recently moved my server to a differnt area in my office and the internet will not connect. Before it was working perfect.
<sommer> Kaushal: probably sudo apt-cdrom add; sudo apt-get install package_name
<Kaushal> sommer, ok
<Kaushal> In that case I have to issue several same command to install all the packages
<Kaushal> is there any better method to install all the packages which are found in /mnt/cdrom/pool/main
<sommer> Kaushal: not that I know of... I actually don't think it's possible to install all the packages on one machine, due to conflicts and such
<sommer> Kaushal: what are you trying to accomplish?
<Kaushal> sommer, For example I found that gcc package was missing after installing Ubuntu 8.04 Server Edition
<Kaushal> so like there are several packages missing
<sommer> Kaushal: right, I'd just install what you need as you need it :)
<Kaushal> sommer, so how can i achieve to install the missing packages
<sommer> Kaushal: to get most of the gcc, make, etc type packages try installing build-essential... should grab most of the dependencies your looking for
<Kaushal> sommer, is it sudo apt-get install build-essential
<Bnydell> sudo apt-get update is not working.  I have pluged in my ethernet cable which is connected to the computer but it fails trying to connect to the site to get the updates
<sommer> Kaushal: that should work
<Kaushal> and what about other missing packages
<sommer> Bnydell: do you have an ip addresss, ifconfig should tell you.  also, can you ping anything
<Kaushal> Its nearly impossible to find out what has been installed and what not been installed
<Bnydell> i just restarted the system.  Let me load up and i will let you know
<sommer> Kaushal: which missing packages? the gcc dependencies?
<Kaushal> sommer, I gave as an example
<sommer> Kaushal: dpkg -l will list all the packages installed
<sommer> Kaushal: ubuntu server takes a minimalist approach to what packages get installed
<Bnydell> sommer: it doest seem to have an IP. it has inet addr: 127.0.0.1
<Bnydell> also i tried to ping google and i got nothing
<sommer> Bnydell: does the cable work and what not.... link light, etc
<sommer> Bnydell: you might also check /var/log/syslog for any errors
<Bnydell> yes the cable works.  also the light does blink on back of computer saying stuff is going through
<sommer> Bnydell: try /etc/init.d/network restart and see if it gives you any clues
<Bnydell> ok im using the same ethernet cord so let me plug it into server and do the testing.  I will let you know what i get.
<Bnydell> -bash: cd: /etc/init.d/network: no such file or directory
<sommer> Bnydell: woops.. sudo /etc/init.d/networking
<Bnydell> ok so: sudo /etc/init.d/networking restart?
<Bnydell> or without restart
<Kaushal> Bnydell, yes
<Bnydell> ok
<Kaushal> sudo /etc/init.d/networking restart
<Bnydell> ok, i did the command. and got * Reconfiguring network interfaces [ OK ].
<Bnydell> i then tried: ping google.com
<Kaushal> sommer, whats the purpose of sudo apt-get install build-essential
<ivoks> Kaushal: get the essential stuff for compiling
<Kaushal> ivoks, compiling means using to compile the c program
<Kaushal> ivoks, if u can give me example
<ivoks> compiling = convert human readable code into machine code (aka program)
<Kaushal> ok
<ivoks> mathiaz: ping
<Bnydell> kaushal: I did what you mentioned but i still have no IP
<Kaushal> ivoks, so i have to install manually every package which are there under /mnt/cdrom/pool/main
<Bnydell> ops i ment sommer.  I did what you mentioned.  no IP still
<ivoks> Kaushal: no, just run 'sudo apt-get install build-essential'
<ivoks> it will download packages from the internet
<ivoks> Bnydell: paste your /etc/network/interfaces at pastebin.ubuntu.com
<Kaushal> ivoks, i understood that
<Kaushal> but what about packages which are located under /mnt/cdrom/pool/main
<Kaushal> I mean there are 100's of packages
<ivoks> that's ubuntu cd?
<Kaushal> yeah
<ivoks> why would you mount it?
<ivoks> add it with apt-cdrom
<Bnydell> ivoks: how can i connect to /etc/network/interfaces
<ivoks> and, if there's a package on cdrom, it will download from cd, not the internet
<ivoks> Bnydell: cat /etc/network/interfaces
<ivoks> Bnydell: that's a file, you can't connect to it, you can open it
<ivoks> on unix, everything is a file
<ivoks> even your cdrom is a file
<ivoks> so, you can cat your cdrom into an iso image
<ivoks> or cat your serial port to get communication with serial port
<ivoks> posibilites are endless
<sommer> Kaushal: we may be able to help you better by knowing what services your server is going to serve?  you might also take a look at the serverguide: https://help.ubuntu.com/8.04/serverguide/C/index.html
<Bnydell> ivoks, ok i pasted it there, now what do i do.  i pressed paste! and at the top got Paste from Brandon at Thu, 31 Jul 2008 20:16:15 +0100
<ivoks> Bnydell: give us the link
<Bnydell> http://pastebin.ubuntu.com/32687/plain/
<mathiaz> ivoks: hello - how are you doing today ?
<ivoks> mathiaz: is this an answering machine or a person? :)
<ivoks> Bnydell: so, what are you expeting to get with this kind of network setup? (no network?)
<ivoks> mathiaz: are there plans to 'backport' some changes kirkland is doing with status in init scripts to hardy?
<mathiaz> ivoks: it's a real human being typing at the keyboard ? tu ne me crois pas ?
<Bnydell> what do you mean. I am trying to get this computer connected to internet so i can use update it and install packages with the apt-get
<mathiaz> ivoks: there were some discussion about pushing stuff back to -backports
<ivoks> mathiaz: as i can see, there are two cases
<mathiaz> ivoks: I don't think we could make it into -updates as SRUs though
<mathiaz> ivoks: most of the patches rely on proc_status in the lsb package
<ivoks> mathiaz: one is where we have to update LSB - i don't thnik that's going to happen in stable release
<mathiaz> ivoks: nope - it didn't happen in the dev cycle
<ivoks> mathiaz: right, and the other, like apache, is just a change in init script
<sommer> Bnydell: try adding something like this at the bottom of the /etc/network/interfaces file: http://pastebin.ubuntu.com/32689/
<mathiaz> ivoks: well - that would be hard to justify under a SRU
<ivoks> since cluster suite depends on 'status' from init script, we actualy, can't use rhcs with apache now in 8.04
<sommer> Bnydell: then restart networking with sudo /etc/init.d/networking restart
<Bnydell> sommer: ok, thanks.  let me give this a go. I will let you know what happens
<ivoks> mathiaz: bug #250847
<uvirtbot> Launchpad bug 250847 in redhat-cluster-suite "Apache predefined script in redhat-cluster-suite is not properly setup for Ubuntu" [Medium,Confirmed] https://launchpad.net/bugs/250847
<mathiaz> ivoks: right - we may able to fit it under the following critiria: Bugs which do not fit under above categories, but (1) have an obviously safe patch and (2) affect an application rather than critical infrastructure packages
<ivoks> right
<Bnydell> sommer: how exactly do you edit this file :)
<mathiaz> ivoks: taken https://wiki.ubuntu.com/StableReleaseUpdates
<sommer> Bnydell: with your favorite editor :-)
<ivoks> mathiaz: yeah, i've read it and i'm willing to talk with sru team about it
<Bnydell> well i mean how do i edit it on the server.  i do not know the command to open it
<ivoks> mathiaz: i'm talking about apache only...
<sommer> Bnydell: try sudo nano -w /etc/network/interfaces
<sommer> Bnydell: nano is a pretty simple terminal editor
<Bnydell> sommer: the first command you gave me worked.  thanks
<mathiaz> ivoks: yeah - I think if you have the patch (as the one mentionned in the bug) you've got a better chance with the sru team
<mathiaz> ivoks: or even prepare a debdiff so that it's easy to review
<mathiaz> ivoks: point being: have some working code/patch to present while talking with the SRU team
<ivoks> i will, but i need to report a new bug, since this one is about rhcs
<mathiaz> ivoks: isn't there a bug for apache2 wrt to the init status script spec ?
<ivoks> i didn't check yet
<mathiaz> ivoks: bug 203169
<uvirtbot> Launchpad bug 203169 in samba ""status" function for init scripts" [Wishlist,In progress] https://launchpad.net/bugs/203169
<ivoks> hah, nice :)
<mathiaz> ivoks: hm - it shouldn't be used actually
<mathiaz> ivoks: as pointed out at the end of the bug
<ivoks> right
<mathiaz> ivoks: so yes - file a new bug, attach a debdiff, nominate for hardy and ask the sru team their opinion
<mathiaz> ivoks: refer to the case of rhcs to show that it's useful to fix
<mathiaz> ivoks: basicaly follow the procedure outlined in the StableReleaseUpdate wiki page - https://wiki.ubuntu.com/StableReleaseUpdates
<ivoks> that's why i asked, i think it complies with requirements of SRU
<Bnydell> sommer: i just resarted it and did ifconfig and i still dont see an ip.
<Bnydell> I also tried: ping google.com and got unknown host google.com
<mathiaz> ivoks: well - it's a border case that may need to be argued for
<sommer> Bnydell: do you have dhcp on your network?
<sommer> Bnydell: if not you'll need to configure a static IP, so you'll need to know the IP of your gateway
<Bnydell> sommer. I just reformated today, but before i reformated it was working untill i moved the server to a different area in my office.
<sommer> Bnydell: were you using a static IP before?
<Bnydell> sommer. no
<sommer> Bnydell: try dmesg | grep -i net and pastebin the output
<Bnydell> sommer: it was there already right after reformated.  but this last time i reformated it wouldnt connect to internet at all.
<ivoks> Bnydell: you don't have dhcp server on your netowrk
<ivoks> Bnydell: that problem doesn't have anything to do with your server
<ivoks> Bnydell: if you don't have dhcp (dynamic IP) server, you have to set up an IP by your self
<ivoks> not just an IP, but whole network configuratio
<Bnydell> ivoks: im pretty sure i had a dynamic ip before i reformated.  I could even connect to it through ssh untill i moved the server somewhere els in the office and then i moved it back and it still didnt work
<Bnydell> I didnt ever set a static IP.
<ivoks> maybe you didn't connect ethernet cable
<Bnydell> let me retry
<Bnydell> I just reconnected ethernet and tried again and no luck.
<ivoks> paste 10 last lines from output of 'dmesg' command
<ivoks> on pastebin.ubuntu.com
<Bnydell> ok,  I will need to type it all out.
<ivoks> ok, right...
<Bnydell> hold on while i do that.
<ivoks> then don't do it
<ivoks> look for lines mentioning eth0: link is down
<ivoks> or something like that
<Bnydell> ok etho0 is mentioned two times: (1) eth0: link is not ready (2) eth0: link becomes ready
<ivoks> nice
<ivoks> now run 'sudo dhclient eth0'
<Bnydell> ok let me do that.
<Bnydell> ok it finished.  do you want me to type what it says on ubuntu paste
<ivoks> no
<ivoks> did you get an ip?
<Bnydell> you mean type ifconfig and look for it.  if your talking about the output of the command i just did there is nothing that resembles an ip
<ivoks> just couple of 255.255.255.255?
<sommer> Bnydell: do you have another device on your network providing dhcp?  such as a firewall or wireless access point?
<Bnydell> yes there is 6 lines of that 255 stuff
<Bnydell> sommer: at our office we just plug in ethernet and you get internet. I am not the one who set up the network at the office so i do not exactly know how its setup.
<sommer> Bnydell: okay, well you've configured your server for dhcp and if you're not getting an ip address, there could be something wrong with whatever is handing out IPs on your network
<Bnydell> ivoks: right below the 6 lines of 255.255.255.255 stuff it says: No DHCPOFFERS received. and below that is says No working leases in persistent database - sleeping.
<sommer> Bnydell: at this point you may want to ask whoever setup your network for some help
<Bnydell> sommer: i do not belive there is something wrong with it, as it was workin earlyer today and i did not mess with it.  Would setting a static IP let me connect to ineternet?
<sommer> Bnydell: yes, but you'll need to know the settings dns, gateway, netmask, etc
<sommer> Bnydell: just because *you* didn't mess with it doesn't mean a problem doesn't exist :)
<ivoks> Bnydell: i put my money on your broken network
<sommer> Bnydell: and since dmesg has found eth0 and says it's ready for connection, there doesn't seem to be any issues with your server hardware
<ivoks> i hate nano
<Bnydell> heh, i know. The person who set it up does not work here anymore. how exactly do i set a static IP. i wil give that a go.
<sommer> ivoks: yep, me too
<jdstrand> me three
<ivoks> uh, oh
<ivoks> apache2 source doesn't build-depend on dpatch
<ivoks> hm, it does...
<ivoks> odd
<sommer> Bnydell: here's an example of a static /etc/network/interfaces: http://paste.ubuntu.com/32697/
<sommer> Bnydell: you'll need to change the address, netmask, and gateway to match your network though
<Bnydell> ok thanks. I wil give that a try
<ivoks> sommer: you are missing a dns here
<ivoks> dns-nameservers 192.168.1.1
<emgent> soren: Bug #223759 it`snt really fixxed in intrepid.
<uvirtbot> Launchpad bug 223759 in ifenslave-2.6 "ifupdown integration broken" [Medium,Fix released] https://launchpad.net/bugs/223759
<edmoore|away> can I use server for desktop useage too? what would stop me? what would I miss?
<_ruben> its possible, wouldnt know why tho
<edmoore|away> well, got a server box, quite powerful, got virtual box, would like to run a cad program I have
<edmoore|away> ther server hardware is much better than my laptop
<ivoks> server os or server hardware?
<edmoore|away> server os, commodity hardware
<ivoks> kernel would be a problem
<edmoore|away> how does it differ?
<ivoks> otherwise, desktop and server have exatcly the same packages
<ivoks> it's not very shiny for multimedia
<edmoore|away> I'll have a play - if it's good enough then that's good enough
<edmoore|away> thanks for the advice
<ivoks> np
<ivoks> nijaba: what's with those WP?
<nijaba> ivoks: what do you mean?
<ivoks> for a review, we've talked about WP at the meeting
<ivoks> are they ready for review?
<nijaba> ivoks: yes
<nijaba> ivoks: one is ready, do you want me to send it to you?
<ivoks> yes! :)
<sommer> ivoks: are you sure you're ready? :)
<ivoks> sommer: one can never be sure about those things
<ivoks> but i'm willing to try ;)
<sommer> hehehe true
<ivoks> i hate mosquitos...
<nijaba> ivoks: sent to your init.hr address
<ivoks> thanks
<uvirtbot> New bug: #253743 in apache2 (main) "[SRU] Add status to init script" [Undecided,New] https://launchpad.net/bugs/253743
<ivoks> nijaba: nothing about mysql? :D
<nijaba> ivoks: I have the technical part of the mysql one, but it still needs some love
<ivoks> ok
<nijaba> ivoks: before the end of the month though
<ivoks> that's in 2 hours :D
<nijaba> ivoks: ok, I meant aug ;)
<kirkland> chuck_: is this zul?
<chuck_> kirkland: indeed
<kirkland> zul: ah, okay, i was going to ask you about sponsoring my samba init script change, but it looks like infinity is taking the bait ;-)
<zul> kirkland: coolio
#ubuntu-server 2008-08-01
<kirkland> jdstrand: auth-client-config question
<RoAkSoAx> hey guys has anyone of you set up an active/passive config using heartbeat in HH ?
<kinema> Is there a standard way of loading iptables rules in Ubuntu?
<ScottK> kinema: See the ufw package.
<ScottK> It provides some basic standard settings for such.
<ScottK> Personally I have a shell script I like.
<kinema> Hmmm....denying all traffic when logged in via ssh isn't the smartest thing I've done today.
<ScottK> Trust me, you aren't the first one to do that.
<unewbi1> :)
<kinema> What are the chances there is a decent Ubuntuish script or set of scripts for managing a firewall somewhere online that I could look at?
<kinema> There's something I find unsettling about ufw.
 * hads likes firehol
<ScottK> kinema: If you find problems about ufw, please file bugs.
 * ScottK likes /sh, but probably not what you're after.
<kinema> ScottK: I'm going to give ufw a chance.
<kinema> We'll see.
<kinema> Of course I'll file bugs if necessary.
<ScottK> OK, but please file bugs.  It is actively developed within the Ubuntu Server team, so it's worth doing.
<kinema> ScottK: Would I be correct in assuming that rules are inserted into the various tabes/chains as soon as command is executed?
<ScottK> kinema: I'm not sure, as I've mentioned, I don't use it, but it's the recommended approach in Ubuntu Server for people who don't roll their own.
<kinema> Thanks.
<ScottK> Maybe jdstrand is around and can answer.
<kinema> I thought about it and the fact that running "sudo ufw default deny" killed my ssh connection shows that rules are inserted immediately.
<timboy> I just upgraded my hard drive and I can't resize my partition with my livecd... I can resize my swap just fine but can't do anything with my / partition. can someone give me a hand?
<ScottK> kinema: So I make a bug based on your experience.  See Bug 253840.
<uvirtbot> Launchpad bug 253840 in ufw "ufw should detect if the command being given will cut off SSH access and warn if the user is connected via SSH." [Wishlist,New] https://launchpad.net/bugs/253840
<ScottK> lamont: Ping.
<lamont> eep
<ScottK> lamont: Remember my proposed script for adding stuff to master.cf?
<lamont> yeah
<lamont> were you expanding that to also do chroot vs non-chroot?
<ScottK> Ball's in your court.  What do you think?
<ScottK> There's a couple more I'd like to add, but I was hoping for some feedback on the first one?
<ScottK> I'd figured on doing add policy server next as it's very similar to add smtpd listener.
<lamont> ah, ok
 * lamont goes looking
<ScottK> Then chroot/unchroot.
<lamont> attached to the bug report, yes?
<ScottK> IIRC.
<lamont> well, it wasn't in my  email... :-)
 * lamont looks on L{
<lamont> LP evenb
<lamont> bug 247332
<uvirtbot> Launchpad bug 247332 in postfix "Please add a script to allow filter services to be programatically added to master.cf" [Wishlist,In progress] https://launchpad.net/bugs/247332
<ScottK> Yeah.  In Bug 247332
<ScottK> Heh.
<ScottK> Trust me I understand L followed by unprintable characters because you're cursing.
<lamont> heh
<lamont> 'twould be nice if USAGE were a function, just to have it not evaluate every run - but that's a nit
<lamont> and very minor grumbles about you making me update debian/copyright
<lamont> could you pretty please pick one of the standard licenses, and name it?
<ScottK> OK.
<lamont> I don't care if it's the postfix license, or another non-conflicting one
 * ScottK tries to remember
<ScottK> That's MIT license.
<lamont> and I think PEP-8 (?) or somewhere wants imports to be one per line
<lamont> or such
<lamont> OTOH, you're much closer to PEP-8 that most of my stuff before I started paying attention to it under threat of pain
<lamont> I also tend to make a function called __main__ or such and just say if __name__ == '__main__': \n __main__()
<lamont> which gives me something I can call when I'm playing with python -i and such
<ScottK> Right.
<ScottK> I looked and PEP-8 says one per line.
<lamont> so general feedback would be PEP-8 conformance, the muttering about main() and USAGE, and otherwise a handwavy "looks at least not-unreasonable, if not just plain reasonable, +1"
<lamont> and is shutil all the rage these days?  /me hasn't ever used it
<lamont> while understanding that it may be the new hotness and I'm not. :)
<ScottK> OK.  The one functional shortcut that it takes that might be an excessive one is it just assumes if the name of the smtpd you want setup appears anywhere in master.cf it's a bad idea.
<ScottK> The shutil usage is a result of, "Gee, never had to do that before, let's see what the shiny new edition of Python in a Nutshell has to say about it."
<ScottK> Honestly I don't want to go to the effort to make it smart enough to do the case where it has to find out if it's a duplicative service name or something else.
<ScottK> Maybe I just add MIT to common-licenses and make it easy.
<lamont> anywhere as in anywhere? or anywhere as first token?
<ScottK> Anywhere like it parses line by line through your master.cf and if it finds the string you gave as your desired service name it says no thanks.
<ScottK> And stops.
<ScottK> For a helper script like this I think it's better to bail out in the face of any uncertainty that to try to be to smart about it.
<ScottK> The use case I'm thinking about it you don't want to run it twice by accident and end up adding the same service two times in master.cf.
<lamont> ScottK: makes sense
<kinema> Any ufw people here?
<kaushal> hi
<kraut> moin
<kaushal> hi
<kaushal> I did apt-cdrom add and that got listed in /etc/apt/sources.list
<kaushal> but when i try to add apache2 it gets from Internet
<kaushal> and not from Cdrom
<elnewb> How much more RAM would I need to add a GUI (fluxbox or GNOME) to ubuntu server?
<MenZa> That would depend on how much you have now :P
<elnewb> 384MB (It's a really old Dell)
<_ruben> kaushal: then you need to disable the internet repositories in that file
<kaushal> ok
<elnewb> how do i install fluxbox?  I tried with this "sudo apt-get install fluxbox x-window-system-core xdm"
<MenZa> 384mb ram should run even a light Gnome setup decently
<elnewb> ok
<thefish> hello
<thefish> anyone here use a free landscape alternative for updating multiple servers? i would like to eliminate the need to spend hours ssh'ing into boxes to update them...
<_ruben> we're using an in-house developed script with a cvs backend
<_ruben> far from perfect, but it does its job quite ok
<thefish> _ruben: cool, get updates from cvs?
<_ruben> thefish: the script does a cvs up every 10 mins .. and symlinks the files into place (which is one big downside of it, not all files can be 'replaced' with symlinks (chroots, sudoers file, etc))
<thefish> aah ok, fair enough
<_ruben> writing a replacement for it is on my todo list, along with a gazillion other things :-/
<thefish> i was thinking of something closer to landscape, which will use dpkg on the client with a package
<thefish> hehe i know the feeling
<_ruben> its a rather common one ;)
<thefish> im spending more and more time on just apt-get upgradeing - got to have a better way!
<thefish> redhat/fedora now has free spacewalk
<thefish> which is similar to landscape, but free as in beer as well as speech
<_ruben> thefish: oh, you're talking package management .. i was referring to configuration management .. package managment is smth i do by hand still (and far from as often as i should)
<thefish> _ruben: for configs, have you tried puppet? http://www.howtoforge.com/installing_puppet_on_ubuntu
<thefish> ive not tried, but it looks quite powerful
<uvirtbot> New bug: #253910 in samba (main) "package winbind 2:3.2.0-4ubuntu2 failed to install/upgrade: subprocess post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/253910
<_ruben> thefish: dont know it, so: no ;)
<lch> hi
<lch> I'm having problems setting up the server on my PC, installation goes fine, but when I reboot I get a segfault after Grub initiates booting
<lch> I got the suggestion to use a generic kernel, how can I do that?
<lch> I have installed linux-image-2.6.24-19-generic via apt now
<lch> I suppose I need to get the kernel modules, too?
<Kamping_Kaiser> required modules should be pulled in automatically
<lch> why can't I use "admin" as an account name?
<lch> debian had no trouble with that
<lch> what is it that Ubuntu needs this name for?
<Kamping_Kaiser> what sort of error do you have?
<lch> it doesn't let me create a user with account name "admin" during installation
<lch> claiming that it's used by the system
<lch> or reserved
<Kamping_Kaiser> the group name is in use
<Deeps> sounds like an installer bug
<Kamping_Kaiser> not sure i agree tbh
<lch> I'm using "administrator" as a substitute, but that's kinda unnecessarily long
<Koon> lch: you can rename it afterwards
<Koon> lch: the installer probably tries to create a user and group with the name you provide, and the admin group is already taken
<lch> yup
<Deeps> thats what id susecpt too
<Deeps> as i was able to create a user admin as long as i specified a group for it to go into
<Deeps> hense being an installer bug if it's simply claiming the username is in use/reserved by the system
<lch> why is python installed automatically?
<lch> is it needed?
<lch> same question regarding perl
<sommer> lch: yes
<lch> what is it used for?
<sommer> lots of things... I believe apt needs perl and I'm sure there are multiple apps that need python
<lch> I know that in Gentoo, the system things are programmed in Python
<sommer> don't quote me on the apt thing, but basically they're installed as dependencies
<sommer> and probably most admins would want them :)
<maswan> and some system stuff is written in it
<maswan> go check out file * |grep python in, say, /usr/sbin
<maswan> and the same for perl
<maswan> I'm sure you can recognise some core component
<ScottK> In Ubuntu Python and Perl are both part of the required set of packages.
<ScottK> Just to pick one thing for Python the LSB standard functions for init scripts is written in Python.
<lch> hmm
<lch> I need to shrink my installation, though
<lch> I already threw ppp over board because I don't need it, I'll do the same with the wireless and wpa stuff
<lch> anything else I can throw out?
<zul> kirkland: bad bad
<jdstrand> zul: in your nut work (that sounds a bit odd...) have you come across anything about tripplite UPSs not reporting their battery/line power properly?
<maswan> lch: /usr/share/doc ? :)
<maswan> lch: a bunch of kernel modules?
<jdstrand> zul: specifically, they toggle 'on battery' to 'on line power' and back frequently
<lch> yeah, about that... I installed linux-generic because my system wouldn't boot otherwise
<lch> but it's a hefty 125 MB
<zul> jdstrand: yeah it does sound a bit odd, its suppose to be fixed in intrepid I think but I havent backported the patch to hardy yet
<jdstrand> zul: oh excellent
<jdstrand> it is mighty annoying, and you have an eager tester :)
<zul> jdstrand: nifty are you running intrepid yet?
<jdstrand> zul: no, this is a production hardy machine
<zul> jdstrand: ah ok...
<jdstrand> zul: I don't mind recompiling on hardy though
<lch> maswan, so assuming I don't plan to change my hardware at all for the forseeable future, I suppose I can delete all the kernel modules that aren't in use at the moment? right or wrong?
<jdstrand> zul: or testing an SRU
<zul> jdstrand: I could probably backport it for hardy
<zul> ie: stick it in my ppa
<lch> I have 62M avail :(
<zul> jdstrand: but please open a bug in launchpad as well and I can see about getting a patch as well
<jdstrand> zul: I'm going to recompile intrepid's version on hardy, and let you know how it goes
<zul> jdstrand: sounds good
<kirkland> zul: bad bad, what?
<zul> kirkland: there was a typo in the winbind.init script for samba-3.2
<zul> but it happens
<Koon> mathiaz: about tomcat6, I've written a spec to describe the implementation options I followed (Tomcat6StackSpec). One question is related to the webapp framework, or how we expect it to be
<mathiaz> Koon: I think that is a very good question
<Koon> mathiaz: are we aiming to install all webapps in a common folder ? Or have some kind of registry to point the future webapp framework to the applications wherever they appear to be ?
<mathiaz> Koon: hm - I've been thinking about that lately - I'm thinking about a kind of registery
<mathiaz> Koon: where you'd install a webapp pkg in /usr/share
<mathiaz> Koon: and then deploy it in /var/www, or /var/lib/tomcat6/webapps
<mathiaz> Koon: the way you do with the sample apps in a postinst
<mathiaz> Koon: it would be similar to the way dpkg operates
<mathiaz> Koon: but all this is still a bit fuzzy right now
<Koon> mathiaz: so where should I install the tomcat6 webapps ? Note that most of them are tied to tomcat6
<Koon> (tomcat6-admin and tomcat6-docs)
<Koon> (one may consider the -examples as being usable on another servlet/jsp container)
<chmac> I've got two machines on a network, but only 1 has permission to access the internet. The two can talk to each other though.
<chmac> What's the easiest way to give the second one access to the internet via the first?
<chmac> Host a VPN server?
<Koon> mathiaz: in a common /usr/share/webapps directory ? or leave them under /usr/share/tomcat6/webapps and let the future registering thing handle them there ?
<chmac> Create a virtual interface and then ip masquerade?
<chmac> Any suggestions?
<\sh> Chipzz: NAT
<\sh> sorry
<\sh> chmac: NAT
<chmac> chmac: Create a virtual interface and then nat the second machine through the first?
<\sh> chmac: use two interfaces
<jdstrand> zul: unfortunately nut 2.2.2-6ubuntu1 doesn't fix it
<chmac> Hahaha, I'm talking to myself, DOH! \sh that was for you ^^
<\sh> two real nics
<chmac> \sh: I don't have two nics available unfortunately
<\sh> chmac: if you can't ifconfig eth0:1 192.168.1.1 (or whatever rfc priv addr) and then add some -t nat -A POSTROUTING magic
<zul> jdstrand: crap can you open a bug in launchpad and I can forward it upstream
<chmac> \sh: Ahh, I can create a virtual interface just with ifconfig eth0:1 can I? Or will I need to create that first in /etc/network/interfaces ?
<jdstrand> zul: I sure will
<chmac> My /etc/network/interfaces file doesn't list eth0 currently, it only lists lo and ppp0
<\sh> chmac: oh...the real way to do it is through /etc/network/interfaces (auto eth0:1 \n iface eth0:1 inet static...)
<chmac> \sh: Ok, I found a howto on that, thanks :)
<zul> jdstrand: thanks
<jason__> I
<jason__> I'm not sure how to ask a question here, so I'll just do it.
<jason__> I acedentaly changed the grounps for my main user to just its own group and www-data. Without sudo how can I add the admin and other groups back?
<sommer> jason__: do you have another admin user on the box?  if not you'll need to boot into recovery mode which will allow you to re-add the groups
 * ScottK stops typing because sommer already said it better.
<sommer> :)
<jason__> no, thats the only user, how do I boot into recovery mode, I've never done it before
<sommer> jason__: just reboot and from the grub menu there should be a "recovery" option
<sommer> jason__: I forget the actual verbage, but it should be the one after the current kernel
<jason__> I only have the one install and I dont see a grub loader like when I reboot my laptop with multiple partions. How can I force the grub loader?
<sommer> jason__: press escape right before booting a message should flash with a 3 second counter
<jason__> ok, thanks
<jason__> I'll give it a try
<jason__> once I boot in recovery I just need to type  "sudo usermod -G username,adm,uucp,dialout,cdrom,floppy,audio,dip,video,plugdev,scanner,netdev,lpadmin,powerdev,admin username"
<jason__> is there any other groups to concider?
<billoutre_> hello
<kirkland> dendrobates: mathiaz: fyi, I posted to debian-devel last night, asking for permission to do mass bug filing on the init script status actions
<ScottK> jason__: In the recovery console you'll be root, so no sudo needed.
<jason__> I guess that should have be obvious
<ScottK> Once you're there the prompt will be #, so yes.
<jason__> I'm going to my server room (bedroom closet) to give this a try, any more groups to add?
<ScottK> As long as you get admin, iirc, you can fix the rest later.
<jason__> ok, thanks alot, be back later.. and be fixed I hope
<Koon> mathiaz: got to go now, please comment on the Tomcat6StackSpec directly with the location you prefer for Tomcat6 webapps.
<jdstrand> zul: bug #253999
<uvirtbot> Launchpad bug 253999 in nut "nut with Tripplite UPS fills logs and console with "on battery" and "on line power" messages" [Undecided,New] https://launchpad.net/bugs/253999
<zul> jdstrand: thansk
<jdstrand> np
<uvirtbot> New bug: #253993 in samba (main) "/etc/init.d/winbind has a parse error" [Undecided,Confirmed] https://launchpad.net/bugs/253993
<uvirtbot> New bug: #253999 in nut (universe) "nut with Tripplite UPS fills logs and console with "on battery" and "on line power" messages" [Undecided,New] https://launchpad.net/bugs/253999
<uvirtbot> New bug: #249878 in openldap2.3 (main) "CVE-2008-2952: BER Decoding Remote DoS Vulnerability" [Medium,Fix released] https://launchpad.net/bugs/249878
<kirkland> zul: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/253993
<uvirtbot> Launchpad bug 253993 in samba "/etc/init.d/winbind has a parse error" [Undecided,Confirmed]
<kirkland> zul: can you sponsor?
<edmoore> how is a server cpu different? if I'm building a headless box, should I avoid commodity intel core 2 type stuff?
<zul> kirkland: already fixed
<zul> 3.2.0-4ubuntu3 was uploaded this morning
<kirkland> zul: oh, thanks, you fixed it?
<zul> yep
<kirkland> zul: is there another bug?
<kirkland> zul: should this one be a duplicate?
<zul> it should be a duplicate
<kirkland> jdstrand: can you take a look at https://bugs.launchpad.net/bugs/253816
<uvirtbot> Launchpad bug 253816 in ecryptfs-utils "pam_ecryptfs needs to be added to the common-password stack by auth-client-config" [Medium,Triaged]
<kirkland> jdstrand: i needed to add ecryptfs to the pam password stack, to rewrap your password if you change your login password
<edmoore> can you run different sized drives in raid1? so say i have a pair of 250GB hdds, and in 3 years time one of them falls over, do I have to replace it with a 250gb hdd, or can i get a much larger one?
<jdstrand> kirkland: oh so this is just a change to the ecryptfs-utils acc-profile? yeah, no problem. I assume you have tested the profile and it works in all cases? I was kinda surprised to not see 'use_first_pass'...
<kirkland> jdstrand: actually, that's part of what i wanted you to take a look at that
<kirkland> jdstrand: i'm actually not sure where in the stack it belongs
<kirkland> jdstrand: and if "required" is correct
<jdstrand> kirkland: well, it depends on what you want
<jdstrand> what you have will prompt for the password via pam_unix, if it fails, end pam processing
<jdstrand> if it succeeds, do the smbpass thing
<kirkland> jdstrand: okay, so if a user's password change is successful, we're going to use the old password to unwrap the mount passphrase, and re-wrap it with the new password
<kirkland> jdstrand: this should only run if the full password change is successful
<jdstrand> then ecryptfs-- which prompts theuser again, and if that fails, then pam fails
<kirkland> jdstrand: i tested it, and it did work in my one simple, direct test case
<jdstrand> you were prompted twice-- correct?
<jdstrand> (eg pam_unix and pam_ecryptfs)
<jdstrand> kirkland: does pam_ecryptfs support 'use_first_pass'?
<kirkland> jdstrand: lemme check....
<kirkland> jdstrand: grep turns up no hits to that string in the pam_ecryptfs source code
<jdstrand> kirkland: I haven't done pam programming, but it seems clear that the best user experience is to get the password from pam_unix via 'use_first_pass' and send that to pam_ecryptfs
<jdstrand> kirkland: I wonder if it will just get that by linking into libpam.so.0 and libpam_misc.so.0?
<jdstrand> (which it does)
<kirkland> jdstrand: that's possible
<kirkland> jdstrand: i don't see any references in the pam_ecryptfs source code, but it *works*
<jdstrand> kirkland: so this time you aren't prompted twice?
<kirkland> jdstrand: right, i'm not prompted twice
<jdstrand> kirkland: good-- the last bit is 'required'
<jdstrand> hold on...
<jdstrand> kirkland: do you think it is reasonable that the whole operation fail if ecryptfs fails for some reasn?
<jdstrand> kirkland: I am thinking particularly about password expiration
<kirkland> jdstrand: well, people's data will not be immediately accessible, if their login password changes, but their wrap passphrase doesn't
<jdstrand> kirkland: when might this operation fail? if the passwords are out of sync certainly, any other times?
<jdstrand> kirkland: and does pam_ecryptfs output a helpful message in the case of failure?
<kirkland> jdstrand: i'm trying to think of what failure might occur
<jdstrand> kirkland: what if the user just delete ~/Confidential (or whatever it's called these days)?
<kirkland> jdstrand: ah, right, ~/.ecryptfs/wrapped-passphrase
<kirkland> jdstrand: if that disappears
<jdstrand> kirkland: what if $HOME is nfs/smb mounted and is unavailable?
<jdstrand> kirkland: I didn't actually think about this before, but it seems that in auth it's required, but in session it's optional
<kirkland> jdstrand: yeah, i'm not sure about that either...  sadly, i'm not a PAM expert
<jdstrand> kirkland: that sounds wrong-- in case the user delete ~/.ecryptfs, *boom* no login
<jdstrand> kirkland: np-- I think optional is the way to go for all of them. it'll work when it's supposed to, and fail gracefully
<kirkland> jdstrand: yeah, that does sound better
<jdstrand> kirkland: it will require testing though, in various failure modes
<jdstrand> s/modes/situations/
<kirkland> jdstrand: i'll do some testing here, and resubmit the patch
<jdstrand> kirkland: excellent! :)
 * delcoyote hi
<RainCT> Why does "dpkg-reconfigure slapd" ask for an organization name, if it isn't used for anything?
<sommer> anyone know if there is a way to restrict "sudo bash"?
<Deeps> afaik you can restrict what commands can be run by sudo
<Deeps> man sudoers would know more
<sommer> Deeps: heh, true thanks
<Deeps> happy to help :)
<stiv2k> Does anyone here use ddclient? It's not updating my ***** IP address
<egoleo> is not dd
<egoleo> is dhclient
<egoleo> i gues
<stiv2k> egoleo: No, it's ddclient I'm talking about
<egoleo> oh ok
<egoleo> sorry
<egoleo> never used that
<Deeps>  Description: Update IP addresses at dynamic DNS services
<stiv2k> Deeps: It just isn't updating.  I can't figure out why... it used to though
<Deeps> dont use it either, sorry
 * stiv2k drop kicks his server.
<egoleo> how do i upgrade ubuntu server 6.04 to 8.04 server
<egoleo> any link plse
<kees> winbind status has a typo and is making it uninstallable.
<K-Mile> Hi folks, I am having difficulty with network connectivity using 2 interfaces on an server running in VMware Server (both Ubuntu 7.04). Either LAN works, WAN works, or neither. I can't figure out if the host or the guest drops the connections. VMware (bridged networking) should not get in the way, right?
<kees> kirkland: ^^ (winbind)
<kirkland> kees: it's fixed
<kees> kirkland: ah, okay, I just got unlucky.  :)
<kirkland> kees: needs to be sync'd out
<kirkland> kees: yeah, sorry
<kees> kirkland: np :)
<bamed> K-Mile: I know this is a dumb question, but just to make sure, your WAN and LAN aren't on the same subnet are they?
<K-Mile> bamed: no, both are on a different router, different IP ranges, and I can connect from LAN using either the public or the local IP address..
<K-Mile> but the setup is shaky, since I had some trouble with conflicting DNS settings provided.. they are both on DHCP, that might not be an optimal solution..
<K-Mile> the reason I want the two interfaces is that I want to expose Apache and SSH to the world, but they rely on LDAP authentication to a local server in the LAN
<bamed> VMWare creates a couple of virtual NIC's; make sure those subnets don't conflict with anything, I've seen the vmnet interface cause routing problems in such cases
<K-Mile> thanks.. just found out that my VMware died on me... expired beta it seems
<K-Mile> why do they timebomb that thing?!
<K-Mile> will check those vmnet interfaces though
<K-Mile> the vmware server has 2 default gateways..
<_ruben> they timebomb it so ppl wont end up using beta stuff for ages when better (more) final versions are out
<K-Mile> yeah, figured that out.. I remember how hard it was getting this thing running, so I feel reluctant to go through that again :/
<K-Mile> could be me though...
<_ruben> vmware server 2 is easier to setup than vmware server 1 actually
<_ruben> since ubuntu 7.10 and 8.04 are actually supported for 2 and not for 1
<egoleo> how can i upgrade from 6.04 to 8.04
<egoleo> server
<Deeps> 6.04? o_O
<egoleo> 6
<egoleo> server
<Deeps> oh, dapper
<egoleo> yeah
<egoleo> is that possible
<_ruben> first hit of google: http://www.ubuntu.com/getubuntu/upgrading
<egoleo> is the server
<egoleo> ok
<K-Mile> _ruben: is there a package for VMware, or is it just a install from src from VMware?
<K-Mile> binary from VMware I mean
<bamed> binary vrom VMware is the only way I know to, and it won't run without some tweaking to your system, but there's some good info in the wiki
<bamed> s/vrom/from
<egoleo> hey guys anyone running exim mail server?
<egoleo> i am receiving all sort of junk mails and also getting my IP been blocked all the time
<egoleo> any help on that
<K-Mile> bamed:  thanks.. will take a while before I can get to those networking issues ;)
<K-Mile> vmnets are in different subnets btw
<bamed> if you're wanting data from the WAN to be passed to the LAN then make sure net.ipv4.ip_forward = 0
<bamed> I mean = 1
<K-Mile> bamed: no, I don't want to route from WAN to LAN.. I just want to expose some services over WAN
<K-Mile> I could try just to enable the WAN interface on the guest OS
<K-Mile> but I need apache to authenticate with LDAP in the LAN..
<uvirtbot> New bug: #254053 in samba (main) "[intrepid] winbind /etc/init.d/winbind error during upgrade" [Undecided,New] https://launchpad.net/bugs/254053
<_ruben> K-Mile: the binary package provided by vmare for server 2 (rc1) installs just fine on ubuntu 8.04
<K-Mile> Hmm.. I've got Feisty AFAIK
<_ruben> for 7.04 and 7.10 there's an ubuntu package for server 1 in the partner repo
<_ruben> havent tried server on feisty myself
<_ruben> but it is support by vmware iirc
<K-Mile> yeah, I know, but I already run server 2, so I can't really downgrade
<K-Mile> will try the binary package
<K-Mile> from VMware
<K-Mile> could the fact that I have 2 default gateways on the host interfere with WAN access to the guest OS?
<_ruben> it ougta be pretty painless .. except for you having install a package or two from the ubuntu repos (like a compiler and some libs)
<_ruben> 2 default gateways is asking for troubles, unless configured 'perfectly'
<K-Mile> they probably aren't ;-)
<_ruben> gotta go for now .. might be back in a bit
<K-Mile> will set the wan interface to static
<K-Mile> k, thanks so far!
<Deeps> haha
<Deeps> comparing debian testing with ubuntu hardy
<Deeps> apt-get --help
<Deeps> debian: autoremove - Remove automatically all unused packages
<Deeps> ubuntu: autoremove - Remove all automatic unused packages
<Deeps> brilliant
<ogra> Deeps, and the fun stuff is that its the same maintainer :)
<Deeps> lmao
<ogra> hardy was frozen way before lenny though ... that explains why the fix is in debian testing, unstable and intrepid
<Deeps> safe
<K-Mile> that
<K-Mile> that's weird.. the second time my server freezes while working on the network settinga
<K-Mile> a=s
<K-Mile> got one ssh session still going, two died on me, as well as the local terminal
<K-Mile> and calling ifconfig also screwed my last session :(
<K-Mile> I expected the SSH session to go when I reset my networking, not the entire system EXCEPT the SSH session..
<_ruben> ssh usualy survives a network restart, unless an ip change is involved
<K-Mile> yeah, but two out of three died, as well as the box itself...
<K-Mile> num-lock does not even respond.. cant switch to different terminal with alt-Fx
<K-Mile> I really don;t like hard-resetting the box two times in a row...
<_ruben> strange
<K-Mile> yeah..
<K-Mile> its an almost new dell poweredge.. so far no issues.. except today when I unplugged a network cable, same thing happened
<_ruben> hmm .. scary
<K-Mile> yeah
<K-Mile> does respond to SysReq combinations..
<K-Mile> rebooted..
<K-Mile> http://xkcd.com/349/
<K-Mile> What started out as an attempt to expose Apache over WAN, got me reinstalling VMware and now checking my systems memory and filesystem because of system freezes..
<K-Mile> one of those nights.. ;-)
<hocmin> Does ubuntu support installs on a headless server?  If so, are there any guides?
<hocmin> No one knows?
<kirkland> hocmin: sure
<K-Mile> what are you going to use your server for?
<kirkland> hocmin: can you elaborate?
<hocmin> kirkland: bought a ibm eserver.  I'd like to install ubuntu server on it
<hocmin> kirkland: what other information do you need?
<f11f12> does anyone use anjuta?
<kirkland> hocmin: and you don't have a monitor hooked up to it?
<hocmin> K-Mile: simple web server, file server, maybe e-mail if I'm feeling adventurous
<hocmin> kirkland: right, no monitor
<K-Mile> well, almost everything can be done using SSH, only during installation you'd need to hook up peripherals
<hads> Traditionally you'd just find a monitor to hook up while you are installing.
<hocmin> K-Mile, so then ubuntu does not support a headless install
<hocmin> ok
<K-Mile> I'm not sure if you can install it without
<K-Mile> live CD
<K-Mile> 's don't have a root password set
<hocmin> actually, I need to find some sort of c2t/vga adapter, but ok
<K-Mile> so that makes external access a bit tricky
<hocmin> thanks for the info
<f11f12> hocmin: is the serial port an option?
<K-Mile> maybe use a KVM switch?
<hocmin> f11f12: there is a serial port.  What can I do with that?
<hocmin> (9 pin if it matters)
<f11f12> hocmin: pass this kernel option (in grub): console=ttyS1,9600 console=tty0
<hocmin> f11f12: how do I pass kernel option on a headless box?
<K-Mile> you could create a live cd with the correct settings
<K-Mile> and boot it up and install from there
<f11f12> hocmin: better this one: console=ttyS0,9600
<f11f12> hocmin: you will have to make a special CD for it or boot once with a keyboard/screen
<hocmin> ok, never done this before, but I can look for a guide.  I'm assuming this is pretty easy thing?
<f11f12> hocmin: if you remove the graphics adapter form the machine, it might not boot, depending on your bios, a VGA Card is maybe mandatoty (you get beep codes)
<hocmin> I don't think I got a beep code when I booted it
<f11f12> hocmin: http://tldp.org/HOWTO/Remote-Serial-Console-HOWTO/index.html
<hocmin> it's possible I bought a server that's lacking parts to run, but I think that's a little unlikely
<hocmin> ok cool
<hocmin> I'll read up on that guide and try to connect to the server
<f11f12> hocmin: did you detach the speaker too? ;-)
<hocmin> I haven't detached anything
<hocmin> I just bought the thing
<hads> Finding a monitor to use for an hour or so might be easier :)
<hocmin> it's not the monitor
<hocmin> it's getting an adapter for it
<hocmin> no vga port
<hads> No adapter at all? How odd.
<K-Mile> what kind of server is it?
<K-Mile> you just bought it?
<hocmin> ibm eserver 335
<hocmin> it's got c2t
<hocmin> had to look that up
<hocmin> and it's got serial
<K-Mile> you'd need an IBM kvm switch for that
<f11f12> hocmin: if it is a server w/o vga card, then it usually responds on the serial console, my siemens board does it.
 * hocmin dies a little inside
<hocmin> f11f12, yeah that is sounding like my best option
<hocmin> f11f12, I'll read the guide on making my own live CD, how to work on serial, and then give it my best shot
<K-Mile> good luck with that ;-)
<hocmin> thanks
<K-Mile> ah crap, somebody shoot me...
<K-Mile> i downloaded the 32bit version of VMware
<K-Mile> and I'm behind a slow connection :(
<K-Mile> (and a 64bit box)
<f11f12> hocmin: you do have a serial (null-modem) cable?  :-)
<K-Mile> just a quick question while I download a new VMware...
<K-Mile> i have a server with a wan and lan connection
<duiu> IS there a way to make 'sudo shutdown -h now' to run when I hit the power button?
<K-Mile> i need the DNS lookup of the lan connection, but my preferred gateway is the wan
<K-Mile> is it a bad idea to mix those up too much?
<K-Mile> duiu: do you have ACPI
<duiu> Is that default, I know I don't have APIC?
<K-Mile> duiu: probably, if you have a modern pc
<K-Mile> duiu: you could try modifying /etc/acpi/powerbtn.sh
<K-Mile> duiu: if you have that one
<duiu> K-Mile: thanks
<duiu> K-Mile: It's not there
<duiu> no acpi folder
<K-Mile> duiu: do you have the /etc/acpi folder?
<duiu> no
<K-Mile> k
<K-Mile> and /proc/acpi
<K-Mile> ?
<duiu>  /proc/acpi is there
<K-Mile> you could try installing acpi-support
<duiu> installing...
<K-Mile> see https://help.ubuntu.com/community/SuspendHowto#Event%20Processing
<duiu> K-Mile: that gave me the folder, thanx
<K-Mile> np
<duiu> K-Mile: That did it, thanx again!
<K-Mile> great!
<duiu> I'd help you, but I don't know much about DNS
<duiu> I mean, resolv.conf
<K-Mile> :-)
<K-Mile> yeah, been struggling with getting two interfaces, one LAN, one WAN, to work nicely on a host and VMware guest machine
<duiu> there might be a 'force hostname resolution' parameter
<duiu> you could try that
<kirkland> jdstrand: mathiaz: kees: zul: hey, ecryptfs-utils has been promoted to main and pitti asked me to added to a seed.  i put it in the server-ship seed under filesystems.  who can commit this for me?
<kirkland> https://code.launchpad.net/~kirkland/ubuntu-seeds/ubuntu.intrepid
 * kees leaves seeds to soren and mathiaz.  there are subtlties I'm less aware of.
<mathiaz> kirkland: is there any reason to put it on the cd ?
<kirkland> mathiaz: i have changes in the pipeline that will make 'adduser' depend on ecryptfs-utils
<kirkland> mathiaz: which means that ecryptfs-utils would be used in the installation
<mathiaz> kirkland: for intrepid timeframe ?
<kirkland> mathiaz: yes
<kirkland> mathiaz: those changes have been on ice until the MIR for ecryptfs-utils got approved
<mathiaz> kirkland: well - if it goes into adduser as a dependency it will pulled into main anyway
<kirkland> mathiaz: agreed, but in case that adduser change were controversial, i wanted to make sure it was in the server
<kirkland> jdstrand: you still around?
#ubuntu-server 2008-08-02
<K-Mile> well, that went better than expected
<K-Mile> I reinstalled VMware 2 RC1, set networking on both the host as the guests to use the WAN default gateway and LAN DNS server
<K-Mile> and now it works like a charm from both inside LAN and WAN
<ScottK> lamont: For these scripts I'm doing, would you rather I be branching off your git tree and them push them back to you (my alioth user is kitterma-guest)?
<lamont> ScottK: branch off git and git send-email, I expect
<ScottK> OK.  I guess I have to learn how to do that last bit.
<ScottK> lamont: Do you have an easy hint for teaching get to send you mail from me (if not, I'll consult the oracle at Google)?
<lamont> ScottK: man git-format-patch; man git-send-email
<ScottK> lamont: Thanks.
 * ScottK just learning git ....
<lamont> although if it's just "add these files" there's no reason to go that far... if you're changing files, then it makes sense.
<ScottK> I was going to fix debian/copyright for you since my "Let's add MIT to common-licenses" plan got shot down.
<lamont> also, commits for postfix want to have the first line (short descr) be the changelog entry (minus any bug numbers), and not mix debian and non-debian files in single commits
<ScottK> I'm not touching anything outside debian dir, so no problem there.
<lamont> and no changing changelog... that's done later and semi-automagically
<lamont> based on the commit log
<ScottK> The thing I didn't figure before was what knob to turn to get the files installed.  I'll leave that to you.
<ScottK> Maybe I'll just send you the files and a diff for debian/copyright then.
<lamont> basically, when I get ready to release, then I parse the output of git log and create the changelog entry for the release, broken out by author, and changelog is only in that commit, so the merge pain that changelog causes isn't there if I go cherry-picking fixes to other brnaches
<ScottK> Right.  Tell me how you want it and I
<ScottK> I'll do my best to provide that.
<lamont> after you clone, say 'git log --stats=80' and it's pretty clear from the output, or at least I think it is... :0)
<ScottK> lamont: We'll see.  I'll give it a shot.
<shelby> hey guys how do i load a sound driver in ubuntu server???
<shelby> i need to load a sound driver
<shelby> any ideas?
<shelby> something with alsa?
<lch> modprobe
<shelby> MODPROBE?
<shelby> modprobe?*
<lch> yes, for the kernel module
<lch> what tells you that you need to load a sound driver?
<elnewb> how do i uninstall a package from ubuntu?
<elnewb> by the command line that is
<ScottK> sudo apt-get remove $PACKAGENAME
<elnewb> thanks
<uvirtbot> New bug: #254103 in munin (universe) "munin-node fails to start: Can't connect to TCP port 4949 on * [Bad file descriptor]" [Undecided,New] https://launchpad.net/bugs/254103
<javagamer> If I just installed a server from the CD with Mail Server selected can I just start sending emails though my server as an open relay?
<ScottK> javagamer: Postfix is not an open relay by default.  Note that open relay is a bad thing, so I'm not sure you're using it in the standard way most mail admins use it.
<jjesse> javagamer: plus a lot of mail servers block any email from an open relaay
<jjesse> my corporate email servers subscribes to an open mail relay list
<jjesse> and automatically blocks everyone on it
<uvirtbot> New bug: #254129 in mysql-dfsg-5.0 (main) "Sync with upstream 5.0.51-10 for CVE-2008-2079" [Undecided,New] https://launchpad.net/bugs/254129
<ComputerWolf> anyone here a FTP expert?
<ComputerWolf> anyone here at all? :-P
<ScottK> My advice on ftp is pick something else.
<ComputerWolf> what would you suggest for simple file sharing with those with windows boxes and aren't too computer literate?
<ScottK> sftp.
<ScottK> There are plenty of windows clients for that too.
<ComputerWolf> hmm, what sftp client would you suggest?
<ScottK> Key difference is passwords don't get sent unencrypted.
<ScottK> For Ubuntu it's built in.
<ComputerWolf> sorry, i meant server
<ScottK> For Ubuntu server if you install openssh-server it just works.
<ComputerWolf> interesting... i have ssh installed and working... can you chroot other users using some sort of configuration?
<ScottK> You can.  I haven't had to do it.  If you don't mind giving the people a shell account it's easy and just works.
<ScottK> You can lock it down so that they don't have shell access, but I haven't had to do it.
<ComputerWolf> i just want everyone but me to be stuck in one directory where all the files are
<ScottK> BTW, it's not just the password that's encrypted, the entire session is in an SSH tunnel.
<ScottK> If you make that directory owned by a common special group and put those users in that group, that should be doable.
<hads> I recall a package called scponly or somesuch
<ComputerWolf> but i want to keep them from getting out of that folder though
<ComputerWolf> i'm looking up scponly and it looks like it might do the trick
<uvirtbot> New bug: #254151 in samba (main) "samba fails to install prperly after unnistall+deleting smb.conf" [Undecided,New] https://launchpad.net/bugs/254151
<ErikWestrup> What programs etc. do I need to get the sound to work? The sound card seems to be found by system when I type lspci.
<uvirtbot> New bug: #254215 in php5 (main) "PEAR depends not included" [High,New] https://launchpad.net/bugs/254215
<uvirtbot> New bug: #254217 in samba (main) "winbind last update broken on intrepid" [Undecided,New] https://launchpad.net/bugs/254217
<alpharomeo> how can i install ubuntu-desktop from the ubuntu dvd on my ubuntu server? what do i need to do for that?
<alpharomeo> hello?
<StonedToo> what do you want to hear? just insert your dvd and install
<alpharomeo> i installed the ubuntu server edition, now i want to install gnome on it... i've the ubuntu dvd, and i want to know how i can install gnome from the dvd
<Deeps> use apt-cdrom to add the dvd as an apt source
<Deeps> and then install ubuntu-desktop
<farieh> excuse me..
<farieh> mm..
<farieh> where can I download ubuntu-server  tutorial step by step in pdf format..
<farieh> tq
<alpharomeo> Deeps, ok so i type "apt-cdrom add" and then insert the dvd?
<alpharomeo> and then i type "sudo apt-get install ubuntu-desktop"?
<alpharomeo> and can i do the same using the ubuntu cd?
<Dedi> my backuppc runs with nice -2... and i did no such setting.. any idea on that?
<Dedi> also it does not compress, even its enabled
<Kapli> Hello, I'm wondering how I set a root directory for a specific user, meaning he can not access any other folders
<uvirtbot> New bug: #254253 in dovecot (main) "Still uses multiuser argument to dh_installinit" [Low,Triaged] https://launchpad.net/bugs/254253
<uvirtbot> New bug: #254261 in net-snmp (main) "Still uses multiuser argument to dh_installinit" [Low,Triaged] https://launchpad.net/bugs/254261
<PMantis> dpkg is throwing an out of space error, when there's over 800MB free. Why?  http://pastebin.ubuntu.com/33469/
<Kapli> Hello, I know this might be inappropriate but does anyone have suggestions on a good router for a home network where I have an ubuntu server that runs a few website and a ventrilo server?
<[mbm]> anyone ever heard of a caching filesystem? .. similar concept to a unionfs but a cache-on-read instead of a copy-on-write
<GeekSquadSF> hey guys... i've got ubuntu server edi running LAMP within a vmware environment... I have an ubuntu user box that im trying to play with.. my problem is.. im new to linux.. and I can't get the ssh to let me into the other machine
<ScottK> Did you install ssh in the other machine?
<ScottK> i.e. openssh-server
<GeekSquadSF> yeah.. they both have it installed...
<dusty> Hey guys if using ssh public/private keys for accessing a remote machine - what happens if you loose your public key on your workstation due to hard drive failure - no backup of the key, how can I get access to my vps again ?
<hads> You mean losing the private key? No fix for that.
<Kapli> Did anyone have any suggestions for a router? Lost my connection for  while didn't see
<ScottK> dusty: Talk to people who you rent the VPS from and ask them how to recover access.
<dusty> ok
<dusty> also
<dusty> actually never mind, thanks.
<GeekSquadSF> im trying to build a "microsoft server" environment so I can use BT3 and test it on both areas...
<GeekSquadSF> ofcourse.... I have no idea what im doing with the linux side of the house
#ubuntu-server 2008-08-03
<Kapli> Also, how can i specify a root directory for a specific user?
<ScottK> Kapli: man adduser
<Kapli> will adduser --home restrict the user from every other directory
<Kapli> meaning when he connects with ssh client he will be in that directory and cant go anywhere else
<jamesrfla> Hi
<jamesrfla> wow lots of people
<ErikWestrup> hi there
<Kapli> i dont want a user to go anywhere than his home directory, how to do this?
<jamesrfla> permissions
<jamesrfla> don't share /home
<jamesrfla> hope that helps GTG
<Kapli> home dont understand :S well i found something called jail will try it
<PrivateVoid> http://www.ustream.tv/channel/the-tech-guy-at-work
<PrivateVoid> girls dancing
<PrivateVoid> numa numa at my house
<ErikWestrup> PrivateVoid is that a live thingy? If so: pretty cool
<ErikWestrup> but I hate what it's showing (numa numa)
<PrivateVoid> yea
<PrivateVoid> my daughter and her friends
<PrivateVoid> milk and cereal
 * ScottK notes the topic and is confused about the current discussion.
<TechPepsi> does anyone use Vent?
<TechPepsi> what needs to be in the log  in file for vent to be started?
<Kapli> not much
<Kapli> let me check
<dusty> Is it a clever idea to put your gpg public key on your website? won't that mean that anyone that has that could potentially intercept the email and read it with your public key that you made available to them via your personal website ?
<Kapli> TechPepsi: 3.0 or 2.1 ?
<TechPepsi> 3.0
<Kapli> well then theres basically nothing u need to do in the ini file to make it work
<hads> dusty: That's what public keys are all about. Protect your private key and publish your public key.
<Kapli> but u probably want to edit the name, auth if u want passworded server and the password and also edit the adminpassword
<Kapli> i am off
<TechPepsi> is there any irc server soft we can wget?
<ScottK> TechPepsi: If packages.ubuntu.com weren
<ScottK> weren't down, search it would give you a result similar to http://packages.debian.org/search?keywords=irc+server&searchon=all&suite=unstable&section=all
<ScottK> Have a look there for something that seems right.
<TechPepsi> why is it down?
<TechPepsi> it's down, right now
<ScottK> Dunno.  Just know it's not responding.
<TechPepsi> is there irc server software that we can edit?
<ScottK> Does UFW have an option to block outbound connections?
<javagamer> Can anyone help me setting up a simple mail server?  I've been following https://help.ubuntu.com/community/PostfixBasicSetupHowto#Postfix%20virtual%20Aliases%20for%20separate%20domains%20and%20Linux%20system%20accounts after getting loss on several other guides and I've gottne to switching Postfix to Maildir, but when I go to test it I sent a message to fmaster (the test account) and I can see a new message in
<javagamer> /home/fmaster/Maildir/new/, but when I log in to fmaster and type mail it says fmaster has no mail. What should I do?
<javagamer> Woops, looks like 'mail' doesn't work with Maildir.
<ScottK> I'm guessing configure your mail reader correctly.
<jdstrand> ScottK: ufw the command does not, but you can add stuff in /etc/ufw/*.rules as needed
<ScottK> jdstrand: I'm thinking that would be a good feature.
<ScottK> It's very common in Windows firewalls.
<hads> There is a version of 'mail' that can handle maildir. Can't remember what package provides it right now.
<javagamer> What should I do about "warning: do not list domain javagamer.net in BOTH mydestination and virtual_alias_domains" if I want javagamer@mysite.com, comment@mysite.com, and support@mysite.com all to go to the javagamer account?
<javagamer> It's in the mail.log, reffering to postfix
<ScottK> javagamer is a real account?
<javagamer> Yes, but comment and support aren't.
<ScottK> I see
<ScottK> IIRC make the domain virtual (remove it from mydestination) and then mess with virtual aliases or some such to get javagamer where you want it.
<ScottK> It's been quite some time since I messed with that, so I don't recall for sure.
<javagamer> I'll try that, thanks.
<javagamer> I tried adding javagamer and fmaster to the aliases, but it still complained about them being unknown in the virtual user database.
<javagamer> So I'm just not using virtual users for now
<AndyB> Anyone able to help with an apache issue?
<ScottK> I'm sure not me, but if you ask your actual question your odds go up.
<AndyB> Hm, well im on Ubuntu Desktop 8.4, noone in #ubuntu could help. Im trying to install apache. I have tried both tasksel and apt-get for installing apache
<AndyB> Task sel failed completely and crashed, while sudo apt-get install apache2 worked fine, installed, and started, said it was working, but when i open localhost in my browser i see nothing
<AndyB> It is running, ive restarted, checked configs, nothing in error log.. no idea why its not displaying a page. netstat says nothing is bound to port 80.. but in the config file its set to Listen on 80. Anyone any idea?
<ScottK> My second bit of advice is for patience.
<ScottK> This is a pretty dead time of day here.
<AndyB> I have patience. I will wait for my answer.. most likely get some sleep as its 5:30, but i will wait :)
<javagamer> Certain it's running, when my server has problems it can go down and not come back by a restart command.  Use ps -ax to check if it's running, if not try restarting, then check the error log if it's not up.
<javagamer> I'm far from an expert with apache and I just got my server working properly yesterday, so no guarantee that will work.
<AndyB> hmm
<AndyB> its returning four results for "/usr/sbin/apache2 -k start"
<javagamer> But localhost:80 gives you nothing?
<AndyB> Ok, ive stopped the apache, and re-ran your command, no apache processes now. restarted, got them again. and localhost:80 just times out
<javagamer> I'm stumped, I'm sure once this gets more active someone will be able to help you.
<AndyB> Thanks:)
<javagamer> It wouldn't hurt to do an update with apt-get update and apt-get upgrade
<javagamer> Does javagamer.net display anything for you?  I think my ISP is blocking port 80 :(
<AndyB> Done :) upgrade did nothing but update did some. Going to restart apache and check
<AndyB> No it also times out :(
<AndyB> you forwarded the ports?
<javagamer> Yeah, I can get it on my lan, I have a feeling it's blocked.
<javagamer> My ISP doesn't let me host servers, so I'm switching soon as I get the chance.
<AndyB> :) good idea
<javagamer> Well, night.  Good luck getting apache to work.
<AndyB> Thanks:) NIght
<AndyB> Right well im going to get some sleep, almost 6am and i still cant fix my apache issue. If anyone could offer any advice please, please send me a /msg and ill check again after a few hours sleep.
<ScottK> lamont: RE Bug 247322: I'm too tired to consider dealing with git.  Debiff in the bug has the basic stuff.  Over to you to do some debian/rules magic to shove them in the .deb.
<uvirtbot> Launchpad bug 247322 in qutim "ÐÑÐ¿ÑÐ°Ð²Ð¸ÑÑ Ð½ÐµÑÐºÐ¾Ð»ÑÐºÐ¸Ð¼ ÐºÐ¾Ð½ÑÐ°ÐºÑÐ°Ð¼" [Wishlist,New] https://launchpad.net/bugs/247322
<ScottK> Oops.
<ScottK> That would be Bug 247332.
<uvirtbot> Launchpad bug 247332 in postfix "Please add a script to allow filter services to be programatically added to master.cf" [Wishlist,In progress] https://launchpad.net/bugs/247332
<ScottK> Did I mention I was tired?
<ScottK> Off to bed.
<TechPepsi> haha
<TechPepsi> you are?
<Deeps> javagamer: just run your webserver on a different port?
<AndyB> Gah im back sorry :( Was on maybe six hours ago, anyone any idea on the apache issue?
<javagamer> Hey AndyB
<AndyB> Hii :)
<javagamer> AndyB, why are you putting Apache on a desktop installation?
<AndyB> Because i am a PHP Developer, I only want to test some of my apps on localhost before upping them to my site.
<javagamer> Ah.
<\sh> AndyB: what was the issue?
<AndyB> Apache is not working
<AndyB> Nothing in error logs, install is correct, i have restarted, reinstalled, it is running.. the process is there
<AndyB> But nothing is listening on 80 for netstat. And localhost times out
<\sh> AndyB: checked ports.conf that apache is really trying to listen on port 80?
<AndyB> Yes it is
<javagamer> This might help: http://www.spoffle.com/technical/how-to-set-up-lamp-on-ubuntu-desktop-edition/
<javagamer> Did you start with sudo? Otherwise apache can't get port 80.
<AndyB> Yes i did
<\sh> AndyB: fuser -n tcp 80 does say?
<AndyB> Nothing.. the command runs but doesnt output anything
<\sh> AndyB: ps -ef|grep apache but gives you an output?
<AndyB> http://paste.ubuntu.com/33614/
<\sh> AndyB: and what gives: netstat -anp|grep apache ?
<javagamer> AndyB: Your ps output looks just like mine.  Be sure to do sudo netstat
<AndyB> http://paste.ubuntu.com/33616/
<javagamer> Try adding sudo to see all processes
<\sh> AndyB: sudo netstat -anp|grep apache pls :)
<AndyB> http://paste.ubuntu.com/33618/
<AndyB> Thats sudo
<javagamer> tcp6? Is it running only on IPv6 networks?
<AndyB> I have no idea
<javagamer> Well, that would *might* explain why it's not working.  I'll go look for what configures it for IPv6, this is just as guess though.
<AndyB> ill hit google too
<javagamer> "if you run Apache on systems where IPv6 support exists, Apache gets IPv6 listening sockets by default"
<javagamer> from http://www.linuxjournal.com/article/5451, not sure if that is/isn't backwards compatible
<\sh> javagamer: the output is correct...
<\sh> AndyB: so you apache is listening on port 80 :)
<AndyB> i have no idea why its not working then:(
<javagamer> Does it have a default page?
<\sh> AndyB:  telnet 127.0.0.1 80 ?
<javagamer> Look for anything in apache2/sites-enabled/
<\sh> AndyB: and if this is not working try telnet <your real ip address of eth0> 80
<AndyB> it has a default page in www but thats not loading
<AndyB> and 127.0.0.1 on telnet doesnt load, hold on ill try the other
<AndyB> Real address? as in my real ip? or my internal ip?
<\sh> AndyB: the ip of eth0
<AndyB> Same result
<AndyB> It really has me confused:(
<\sh> well past your /etc/apache2/sites-{available,enabled}/ ls output and the contents of default (when you didn't tweak the config)
<\sh> AndyB: the standard install just works out of the box.
<AndyB> I know :( but it doesnt. Ive tried reinstalling, and i tried tasksel for LMAp
<\sh> AndyB: just increase the loglevel to debug or error in apache2.conf and see then...I wonder if you have no problems with the vhosts stuff
<\sh> no namevirtualhost or something like this
<javagamer> AndyB, unless you did apt-get purge before reinstalling, the reinstallation didn't reset your config files.
<AndyB> I did do a purge
<AndyB> is there any possible firewall getting in the way?
<javagamer> Not by default
<AndyB> Tried editing the loglevel, still nothing
<javagamer> Try doing an nmap scan, nmap -A 127.0.0.1, that should tell you if the port is open.
<AndyB> installing nmap
<AndyB> Starting Nmap 4.53 ( http://insecure.org ) at 2008-08-03 13:45 IST
<AndyB> Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
<AndyB> Nmap done: 1 IP address (0 hosts up) scanned in 2.078 seconds
<javagamer> Can you ping yourself?
<\sh> AndyB: did you enable ufw ?
<AndyB> No i cannot ping myself.
<\sh> sudo ufw disable
<AndyB> sh: no, what is ufw?
<\sh> sudo iptables -F is also working
<\sh> ubuntu firewall
<jdstrand> ufw allows ping by default
<javagamer> Do nmap -PN -A 127.0.0.1
<\sh> AndyB: so ping 127.0.0.1 doesn't work?
<\sh> jdstrand: yes...at least localhost :)
<jdstrand> though the 'disable' command is convenient to flush everything in case there are some errant iptables rules
<AndyB> Firewall is not loaded, Javagamer: I did, and posted the results above.
<AndyB> sh: No, Ping 127.0.0.1 doesnt work
<javagamer> AndyB: Notice the -PN switch this time.  That makes it continue, despite not being able to ping you.
<AndyB> looks like it will take some town
<AndyB> **time
<javagamer> It might, it will scan your computer and try and identify everything running on each port.
<AndyB> Looks to be stuck on 7.58%
<AndyB> Would a complete reinstall of ubuntu fix the issue?
<crypted> Problem: machine refuses to connect to internet
<crypted> Please help! :(
<crypted> I tried everything I know of... :(
<AndyB> just over 2 minutes. . patient
<`ph8> hi guys, i've got a server install that appears to be suddenly dropping network connections (br0 entering disabled state intermittently?) - i'm stuck on how i could possibly debug, there doesn't appear to be any information in log files - does anyone have any ideas?
<`ph8> ah, datacentre's fault!
<`ph8> happy days
<Nafallo> datacenter?
<Nafallo> that sounds weird.
<`ph8> in what way?
<Nafallo> they usually don't care about network that much. rather power and space.
<`ph8> i'm connected to a faulty switch
<Nafallo> ah. ISP then.
<`ph8> but i shouldn't be on that switch in the first place, hence them not realising the problem straight away
<`ph8> sorry, my bad
<exot> hello, how do I configure the routing table to route the traffic came by vpn to the vpn server
<exot> Deeps, I think you will kill me ;)
<Deeps> ?
<Nafallo> ah. BSQ. wouldn't actually have been surprised if it had been the DC then ;-)
<Deeps> oh, did we do this before?
<exot> hehe many :D
<Deeps> route add x.x.x.x/yy gw vpn.server.ip
<Deeps> where x.x.x.x/yy is the vpn ip range
<exot> and about dev ppp
<Deeps> i'm assuming here that the vpn server is in the same subnet
<`ph8> Nafallo, how did you trace that back? :)
<exot> yes it is
<exot> hmm .. the vpn range 192.168.10.0 . and the network 192.168.200.0
<Nafallo> `ph8: ph8's IP, whois and contract information ;-)
<`ph8> ahh
<`ph8> :)
<Nafallo> contact even
<exot> deeps, you assumed a virtual interface holds an ip of the vpn range, right ?
<exot> on each server
<Deeps> no
<exot> deeps, I get the message : route: netmask 000000ff doesn't make sense with host route
<javagamer> Anyone here using FiOS?
<`ph8> javagamer, fiOS?
<javagamer> Verizon FiOS
<ScottK> javagamer: Yes.
<javagamer> ScottK: Do you like it? I've been considering switching to FiOS Business.
<ScottK> That's what I have.
<ScottK> Yes.  I like it.
<ScottK> It's not as reliable as running a server from a well run data center, but very usable for most purposes.
<ScottK> Certainly more reliable than the Comcast Business I used to have.
<ScottK> lamont: Did you see my ping earlier?
<AndyB> I got Apache to work ^^ Did a complete reinstall of ubuntu and apt-get apache2. Works great now
<javagamer> Right now I have Optimum Online and I'm choosing to switch to FiOS for business service.  THe speed is pretty reliable, right?
<javagamer> AndyB: Good to hear.  Reinstalls always seem to fix things.
<ScottK> javagamer: It seems so to me, but I don't take measurements.
<ScottK> AndyB: Do you know what went wrong the first time?
<javagamer> ScottK: Alright, as long as it seems consistent, I know my current internet can drop to sluggish speeds at times.
<ScottK> javagamer: Depending on where you are, I have no idea how reliable their network is nation wide ...
<AndyB> ScottK: No idea. I tried EVERYTHING. It was running, listening on 80.. But timing out. I tried reinstalling apache, restarting, tasksel.. everything. Just a fluke error i guess.
<ScottK> AndyB: OK.  It'd have been useful to know (for docs if nothing else), but I guess it gets written off to "Stuff happens".
<AndyB> Yeah :) I would have liked to know. There are a few topics around on google of people with similar issues. Would have been nice to offer an answer. But i guess im just glad its working now
<`ph8> should I be able to remove hald and dbus on a server machine? (I've converted it from desktop to server)
<dubbers> server unable to do apt-get?
<lamont> ScottK: now that I'm awake, yes I've seen it.
<ScottK> lamont: OK.  Balls in your court now.
<ScottK> Ball's
<lamont> yeah
<ScottK> lamont: What do you think about Russell Cocker's script?
<lamont> I'll make sure I fetch it (and the rest) before I go wandering off to vacation for a week on monday afternoon
<lamont> same bug?
<ScottK> Great.
<ScottK> No.  He mailed it to you.
<ScottK> lamont: http://etbe.coker.com.au/2008/08/02/postfix-and-chroot/ for context.
<lamont> I don't have his email - looking at the URL
<ScottK> It was sent to your debian address.
<ScottK> He cc'ed me.  I can forward.  Where's best?
<lamont> lamont@d.o will go the same place everything else does...
<lamont> mind you , I just went looking for mail with 'russell' in the headers...
<ScottK> Want a message ID?
<lamont> sure
<ScottK> I just forwarded it to you.
<ScottK> Message-Id: <200808021324.30065.russell@coker.com.au>
<lamont> thanks - it wasn't in my inbox
<ScottK> Weird.
<lamont> well, I found the log of it passing through the mail server on Friday...
<ScottK> ;-)
<lamont> and got it
<uvirtbot> New bug: #254434 in samba (main) "package libwbclient0 2:3.2.0-4ubuntu3 failed to install/upgrade: trying to overwrite `/usr/lib/libwbclient.so.0', which is also in package likewise-open" [Undecided,New] https://launchpad.net/bugs/254434
<ZmAY> can someone help me, apache2 wont start, i think its something with that http://pastebin.com/d66c5aeb7
<ZmAY> i am newbie
<Assid> heya
<Assid> can someone pastebin their sources.list please
<Assid> i need 1 more alternate mirror
<dusty> Hey can anyone point out what i'm doing wrong here: http://pastebin.ca/1091930 - this is on Ubuntu 8.04 with iptables v1.3.8, can't see the error i'm making ?
<Deeps> sounds like the error is in line 5 of your httpd.conf
<Deeps> oh, no, sorry, wrong paste
<Kapli> How do I ensure my ubuntu server is up to date on everything? Is it only with apt-get update and apt-get upgrade ?
<dusty> Hey guys, why would this iptables script lock me out of my box: http://paste.stoned-hacker.co.uk/31 i can't access ssh then ?
<soren> ScottK: I'm replacing my homegrown virus/spam filtering magic with amavisd-new, and I'm stumbling a bit. Is it just me or is the documentation absolutely horrendous?
<ScottK> soren: It's essentially written for Perl programmers, so by definition, yes.
<ScottK> Any system where you have to use Perl syntax in the config file is, um, not the most transparent.
<soren> ScottK: I'm not even sure what I'm looking at *is* the documentation.
<soren> Example:
<ScottK> The main trick for modifying your configs is to add whatever you want to 50-user so you don't get bothered on upgrades.
<soren> I'm looking at /etc/amavis/conf.d/15-content_filter_mode..
<soren> It tells me to *add* some *bypass* stuff to *enable* filtering. If that's not confusing, I don't know what is.
<soren> ...so I'm trying to find some documentation on bypass_virus_checks_maps and bypass_spam_checks_maps and I'm just not finding any.
<ScottK> soren: It's been a while since I"ve used it too and so I'm still getting something set up here.
<ScottK> I think what you want is something on policy banks.
<soren> ScottK: I see. Thanks for the pointer.
<soren> ScottK: Perhaps you just know the answer.. I want to not quarantine spam, but just tag it, so that my users can do their own filtering.
<ScottK> It's an interesting package.  The last maintainer upload was in July 2005.
<soren> Since then it's been all NMU's?
<ScottK> soren: No.  I'm in the early stages of getting an install together.  The last time I tried was on Dapper.
<ScottK> There are two uploaders that are active, so not technically NMUs.
<ScottK> Server Guide is very basic on the topic: https://help.ubuntu.com/8.04/serverguide/C/mail-filtering.html
<ScottK> We should fix that for Intrepid.
<soren> amavis' own documentation on the integration between itself and postfix is really quite good, I found.
<soren> amavis' documentation on itself... not so much.
<ScottK> soren: I encourage you to take good notes and push them at sommer so he can shove them into the server guide then.
<ScottK> I plan to do the same.
<ScottK> Actually it's the need to take good notes that's got be stopped.  I want to be methodical and that takes time ...
#ubuntu-server 2009-07-27
<rcsheets> i'm getting a really generic "permission denied" when i try to mount an nfs4 export, even from the nfs server. i'm running out of ideas for what to do. here's the best log output i've found so far: http://pastebin.com/d45780b66
<rcsheets> error 13 is apparently "permission denied" or "access denied" or some such thing.
<artillerytx_> hooray its working
<artillerytx_> so whenever i want to install something that is mysql dependent i just do localhost for the server
<giovani> artillerytx_: well ... the server is there, locally, so yes
<giovani> that's typical on small webservers
<artillerytx_> yea
<artillerytx_> is it bad to have no password on mysql user names
<giovani> artillerytx_: obviously, yes
<artillerytx_> haha
<artillerytx_> trick question
<bsmith_> Is it possible to run a folding at home on a server
<rcsheets> i don't see why not
<bsmith_> Do you have any suggestions for media server?
<twb> bsmith_: apt-get install boinc? (re: folding)
<bsmith_> twb: thanks
<twb> bsmith_: sorry, it's "boinc-client".
<twb> And the GUI is boinc-
<twb> And the GUI is "boinc-manager"
<twb> Strangely, folding@home doesn't appear to be listed there; I can see only "boinc-app-seti" and "boinc-app-milkyway"
<bsmith_> twb: So what is it?
<twb> I suppose it's possible that folding doesn't use the BOINC infrastructure, but that seems unlikely.
<bsmith_> twb: do you have any suggestions for a media server with browser listening?
<twb> I believe MythTV is a widely used media system.
<twb> I cannot vouch for it personally.
<bsmith_> I figured MythTV was designed for tv usage? not computer usage.  Or am I wrong/
<twb> Perhaps you should clarify what you mean by a "media server"
<twb> At its most basic, a media server could simply be a fileserver with video and audio files on it.
<bsmith_> specifically music
<bsmith_> sorry should have been more clear
<twb> bsmith_: are the speakers attached to your "media server", or to your desktop?
<bsmith_> Im looking to do something similar to pandora.com but without the randomness? does this make sense.
<twb> "We are deeply, deeply sorry to say that due to licensing constraints, we can no longer allow access to Pandora for listeners located outside of the U.S."
<twb> Sorry, I can't determine what pandora is.
<rcsheets> he wants a flash app or something to sit in the browser and play music at him, with the music being on the server.
<rcsheets> music on server, web server on server, browser on client, speakers on client. music flows out speakers.
<bsmith_> oh terrible sorry didn't realize you were out of the U.S.  I want to listen to music from any computer without downloading the .m3u for streaming
<twb> I wouldn't know about that.  Probably I would implement something using either xmms2 or by embedding mplayer in a fat browser and just putting an httpd on the server.
<bsmith_> thanks rcsheets.  you have a suggestion
<twb> bsmith_: what's wrong with downloading an m3u?
<rcsheets> bsmith_: could you use itunes rather than a web browser?
<rcsheets> you could use the thing that comes with freenas
<twb> itunes runs on GNU/Linux?
<rcsheets> the name escapes me at the moment
<bsmith_> rcsheets: yes but i would perfer not to
<rcsheets> twb: i assumed that the only linuxy part was likely the server.
<twb> Oh.  Sorry, I'm not used to people still using non-GNU/Linux desktops.
<rcsheets> np, we made different assumptions
<bsmith_> Are there any suggestions?
<abstortedminds1> hi, i cant seem to get a network connect at all from eth0 to the router, other machines are working fine and acquiring a dhcp address.  any idea?
<twb> abstortedminds1: are you running network-manager (NetworkManager) ?
<abstortedminds1> yes i think so, the little icon at the top of the screen
<abstortedminds1> if that is network manager then yes
<twb> abstortedminds1: that sounds like a desktop, not a server.
<abstortedminds1> i tried doing it through editing /etc/network/interfaces to auth eth0; ifface eth0 net dhcp
<bsmith_> abstortedminds1:  what is your os?
<abstortedminds1> yes i installed ubuntu desktop on the server
<abstortedminds1> for gnome
<abstortedminds1> ill remove it later
<twb> abstortedminds1: OK, that's kinda bad juju
<abstortedminds1> hehe
<abstortedminds1> yea
<twb> abstortedminds1: I recommend removing network-manager entirely, and writing a simple /etc/network/interfaces file.
<abstortedminds1> gotcha
<twb> IME most network problems are caused by NM
<abstortedminds1> doing that now
<abstortedminds1> k i removed it, ill let you know if this works
<twb> interfaces should read:
<twb> auto lo \n iface lo inet loopback \n
<twb> allow-hotplug eth0 \n iface eth0 inet dhcp
<twb> Where those \ns are newlines.
<bsmith_> Are there any suggestions for my music server
<abstortedminds1> when i restart networking i get the same problem, DHCPDISCOVER on eth0 to 255.255.255.255 port 67 keeps scrolling until it gives up
<abstortedminds1> allow-hotplug i dont have
<rcsheets> bsmith_: yeah look into freenas like i suggested. it comes with some good stuff.
<bsmith_> will do thanks
<twb> abstortedminds1: make sure that NetworkManager isn't still running
<abstortedminds1> ok, so there is no: auth eth0?
<twb> That would be "auto".
<twb> Changing "auto" to "allow-hotplug" just means, theoretically, that you can unplug and reconnect the cable and it will automatically restart DHCP.
<abstortedminds1> ahh
<abstortedminds1> ok
<artillerytx> So do i need to set up an internet dns server so i can look at the domains im hosting ?
<abstortedminds1> any ideas guys? what other things could prevent this?
<twb> abstortedminds1: no cable, or your DHCP server is picky about who it responds to, or your switch/router needs a reset
<abstortedminds1> ok well, ill reset my router and check those, but its a typical linksys router
<abstortedminds1> so well see
<AdamDV> How come my server install complains it can't find courier-imap courier-pop courier-imap-ssl courier-pop-ssl maildrop and a few other packages?
<twb> Because it's broken?
<AdamDV> Its a linode :/
<ajmitch> because you don't have universe enabled?
<AdamDV> I've tried with 2 different images.
<AdamDV> AH hah!
<AdamDV> THanks :)
<artillerytx> is it bad that my apache2.conf file is missing Servertokens... and ServerSignature
<ajmitch> see /etc/apache2/conf.d/security
<twb> Universe is off by default for a reason :-/
<twb> Why are packages in main allowed to depend/recommend on packages in universe?
<artillerytx> ooo
<ajmitch> twb: they aren't
<twb> So AdamDV is just trying to manually install those packages?
<ajmitch> quite possibly
<AdamDV> No no.
 * ajmitch shrugs
<twb> ajmitch: it's also bloody annoying that depending on which order you install packages, you get a different MTA
<ajmitch> AdamDV: how are you trying to install them, and what is complaining?
<AdamDV> It was the universe repo :D
<twb> ajmitch: I wish packages would consistently depend: exim4 | m-t-a, or postfix | m-t-a
<AdamDV> Thanks
<ajmitch> twb: they are being switched to depend: default-mta | m-t-a now I think
<twb> ajmitch: is there a blueprint or lintian template for that?
<ajmitch> not sure, but it is being taken up in debian as well I believe
<twb> It'd be nice to make a list of people whose fingers I need to jump up and down on :-)
<twb> ajmitch: so default-mta is exim4 on Debian and, what, postfix on Ubuntu?
<ajmitch> yes
<rcsheets> postfix ftw
<twb> Good, good.
<ajmitch> http://packages.debian.org/sid/default-mta
<twb> Thanks
<ajmitch> so it looks to be a virtual package provided by only one MTA on each distribution
<twb> Hmm, no hits for it on p.u.c, though
<ajmitch> p.u.c probably doesn't have a list of virtual packages
<twb> Boo.
<ajmitch> postfix provides default-mta on ubuntu though
<artillerytx> and on shorewall to add ftp i do "FTP/ACCEPT    net    $FW"
<tiger2wander> hi all
 * ball waves
<tiger2wander> could anyone help me to find the way to get RAM manufacturer by command line?
<tiger2wander> I have used dmidecode command but it could not specify that information
<tiger2wander> anyone?
<twb> tiger2wander: try lshw
<twb> But I'm not sure you can ever get that information
<twb> Short of driving out the the site and opening the case
<bsmith_> Anyone here who can help me do a usb install of FreeNAS
<twb> What is a USB install?
<bsmith_> I need to make a bootable usb of FreeNAS. I tried uNETbootin
<twb> Er, FreeNAS is a distro?
<twb> Oh, sorry, you mean network attached storage.  I was thinking network audio server.
<bsmith_> twb: any solution?
<twb> bsmith_: apparently freenas is a FreeBSD distro, so it's not appropriate to discuss it here.
<ball> twb: unless you're mounting it on an Ubuntu Server box
<ball> ...or perhaps migrating or comparing.
<tiger2wander> I tried but no luck
<bsmith_> I am comparing, I currently have ubuntu desktop 9.04 on, but was looking into FreeNAS as an alternate
<bsmith_> I also mentioned this on the freenas channel but no such luch
<twb> bsmith_: then you must stay in the freenas channel nd be patient.
<twb> We cannot provide technical support for freenas
<bsmith_> well what about a working music server in ubuntu 9.04 server or desktop?
<ball> bsmith_: they may be sleeping
<twb> bsmith_: I'm not aware of any free software that meets the requirements you discussed earlier.
<ball> bsmith_: what sort of music server? (What do you want it to do?)
<bsmith_> ball: wish I was!
<bsmith_> ball: I want to listen to music from a web browser.
 * ball stares blankly
<bsmith_> ball:  I don't want to download a streaming file.
<ball> You want the audio amp connected to the server and to use a Web browser running on another box to control music playing software on the server?
<bsmith_> bsmith stares blankly
<bsmith_> I want to be able to listen to music from the server on any computer without having to download the .m3u
<ball> bsmith_: sounds like a job for something like mythbuntu
<bsmith_> Ill check it out, do you have any more details on it?
<twb> ball: let me paraphrase
<twb> ball: he wants to store music on a server which has an httpd.  When he browses to that httpd from his desktop, he wants to download a flash/java app that will play the music on his desktop, without needing to actually set up a normal music player (e.g. winamp or mplayer) on the desktop.
<twb> bsmith_: correct me if I'm wrong.
<ball> http is a peculiar choice for that, but the people in #mythbuntu may be able to steer you right.
<ball> twb: oh, you just want some flash thing then.  I don't do those.
<bsmith_> ball: thanks.  twb: What I want is similar to jinzora jukebox
<twb> ball: indeed, I think the requirements are fundamentally screwy.
<twb> ball: to me it sounds like bsmith_ is yelling "I want to circumvent the lockdowns in my company's SOE!"
<ball> twb: that occurred to me too ;-)
<twb> Because obviously if you have root on the desktop it'd be far simpler to set up xmms2 or mplayer.
<ball> I actually would like to do something similar, but with genuine client software installed on the, erm, clients.
<twb> ball: meaning something that can talk to icecast / http / whatever?
 * ball nods
<ball> Something that can talk to whatever I end up running on the media server
<twb> ball: are you running Ubuntu on the desktops?
<ball> I run Ubuntu on my own desktop and for the set-top boxen in the other rooms I will probably run that or something very much like it.
<ball> (this is a long term project)
<bsmith_> twb: http://en.jinzora.com
<ScottK> mysql 5.1 in Unstable in Debian, so does that mean we're going to make the jump for Karmic?
<twb> bsmith_: I think that's talking about plugging the stereo into the server.  That's easy.
<ball> twb: that's handy because almost any music-playing program for Linux is going to work as a remote X client.
<ball> ...so no fancy streaming stuff required ;-)
<twb> Exactly
<bsmith_> thanks for the help
<artillerytx> why would shorewall prevent my computer locally from access it
<twb> artillerytx: that's a question you should ask shorewall, methinks
<twb> Oh, shorewall is actually in Ubuntu
<artillerytx> well i uninstalled it and its not working
<twb> What does "iptables-save" say?  Pastebin the output
<artillerytx> http://pastebin.com/d7bd7188f
<twb> OK, and what is being blocked?
<artillerytx> i can access the apache server and see that
<artillerytx> but i know you guys don't support webmin but i can't access webmin
<artillerytx> and my domain is no longer working
<artillerytx> only thing i can think of is i recently installed shorewall
<ScottK> You access webmin via your web server, so if you can see web pages, it's not the firewall.
 * ScottK is pretty sure....
<twb> ScottK: webmin sits on its own port, not via apache
<artillerytx> right
<artillerytx> well that sucks
<ScottK> Ah.
<qman__> well, not knowing anything about your particular setup
<qman__> I'd have to assume that shorewall needs exceptions for your other services
<twb> artillerytx: shorewall is still sitting in your firewall.
<artillerytx> i removed it though
<twb> You haven't, according to iptables-save.
<twb> artillerytx: you need to rip it out, or whitelist the appropriate ports and such.
<artillerytx> rip it out
<twb> Incidentally, I think ufw(8) is probably a more approved firewall wrapper than shorewall, around here
<qman__> I put together a bash script to do my firewall
<twb> qman__: I don't even use bash
<artillerytx> so how do i get rid of shorewall completely
<qman__> well
<qman__> sudo apt-get purge shorewall
<twb> Unless you count the (da)sh instance in "pre-up iptables-restore </etc/iptab"
<qman__> ought to clear out all the files
<qman__> and then you need to flush iptables
<qman__> and set the default policies
<artillerytx> hmm
<artillerytx> thats a little more than i know how to do
<qman__> sudo iptales -F
<twb> You'd want to set the policies first
<qman__> sudo iptables -P INPUT ACCEPT
<twb> Otherwise you'll lock yourself out, since they default to DROP
<qman__> sudo iptables -P OUTPUT ACCEPT
<qman__> yes
<qman__> my bad
<artillerytx> okay so run the first one first
<artillerytx> or the second one
<qman__> run the iptables -P ones first
<qman__> then iptables -F
<artillerytx> k output than input
<qman__> either way
<artillerytx> or input than output sorry
<twb> qman__: how about this: iptables-save | sed 's/DROP/ACCEPT/; /^-/d' | iptables-restore ?
<twb> evil enough for ya? ;-)
<qman__> hah
<qman__> that would overcomplicate it
<artillerytx> k ran those commands
<twb> artillerytx: can you still talk to the server?
<qman__> now your firewall should be accepting all traffic
<qman__> unless there's some modules jammed in dropping stuff on you
<twb> artillerytx: at this point, you should unplug your server from the internet because otherwise it will be attacked
<artillerytx> yes
<artillerytx> hooray
<artillerytx> well i have my routers firewall
<qman__> I tried to use moblock once
<qman__> it doesn't use iptables
<error404notfound> how would you grade: http://pastebin.com/m66b41292 ?
<qman__> I couldn't get it to accept LAN traffic
<twb> qman__: I have no "moblock" here
<twb> qman__: URL?
<twb> error404notfound: what are you trying to achieve?
<qman__> it's a peerguiardian-like tool for linux
<twb> error404notfound: setgid is 1000, not 4000
<twb> Sorry, setuid
<qman__> but when I installed it it basically broke all my networking
<error404notfound> twb, assure that no non-neccesaary files has a root bit set...
<error404notfound> twb, you sure?
<twb> I think so
<artillerytx> you guys have a good tutorial for installing a firewall
<twb> Sorry, I'm wrong
<artillerytx> or no of one
<qman__> ufw should be pretty easy
<twb> e.g. /tmp has 1777, which is sticky
<qman__> look for it in the official documentation
<twb> artillerytx: ufw is the recommended firewall wrapper
<qman__> like I said, I wrote mine in a bash script for iptables a long while ago
<artillerytx> alright i will check that one out
<twb> artillerytx: of course hard-core bitches like qman__ and myself tend to do it by hand
<qman__> so I haven't used any of the nice stuff
<qman__> I can show you my script if you want but it probably won't help you, it's tailored to my setup
<twb> Indeed, it'd be quite dangerous to give artillerytx a raw iptables script at this point
<artillerytx> haha yeah not a good idea
<artillerytx> I'm learning slowly
<twb> Like letting your niece handle a blunderbuss
<artillerytx> my house would be on fire
<error404notfound> twb, http://www.faqs.org/faqs/computer-security/most-common-qs/section-15.html
<twb> error404notfound: I used this: sudo find / -xdev -type f \( -perm +4000 -o -perm +2000 \) -ls
<error404notfound> twb, lemme try that...
<twb> error404notfound: as to whether the hits it finds NEED to be setuid/setgid, that is a question I cannot answer easily
<twb> You would need to consult docs on those programs
<twb> But just looking at them, it doesn't surprise me that low-level networking (e.g. ping) and password-related (e.g. passwd) programs are setuid
<qman__> I know that in order for pppd to work, it must be suid
<qman__> but other than that
<twb> error404notfound: it is also obviously a good idea to mount /home and NFS mounts with nodev,noexec,nosuid
<error404notfound> twb, unfortunately i have all structure on a single disk...
<uvirtbot`> New bug: #405185 in samba (main) "wins (dup-of: 288496)" [Undecided,New] https://launchpad.net/bugs/405185
<uvirtbot`> New bug: #405195 in quagga (main) "When stopping a specific daemon, _all_ routes are flushed" [Undecided,New] https://launchpad.net/bugs/405195
<_ruben> ouch, that'd be a severe bug i'd say
<roxy> Hi dears, please sombody can help me...i am having problems ... for somereason I los the comunication among Vlans and I can do ping from one vlan to another one
<roxy> i didn't any change, it just happended
<\sh> roxy: hmmm? trunk or access switch configuration...when you are on trunk, and you're tagging the pakets via 8021q i would say it
<\sh> 's a routing problem more on your router/switch side
<roxy> hi sorry, my internet was down
<roxy> thanks /sh
<roxy> do you mean is a sitch or router problem cause also I have iptables
<\sh> roxy: depending on your vlan setup....normally you need a switch/router with trunk ports to tag your pakets (when you have "vlan" interfaces on your linux machine)...if you have still ethN or bondN interfaces and no vlan interfaces, you are running an accessport configuration on your switch with vlan ids configured per switch port
<\sh> (which means access ports)...if you don't have any tcp connection between your networks, then it could be an access list prob or an iptables prob (when you don't run access lists on your vlan router)
<\sh> actually when you can ping, your interfaces are ok...so it's something else...not the vlan interfaces on your machine
<roxy> no, i can ping from different vlan,..i can ping from the server to soem printer printer (which is in another vlan), but i can ping from my PC to the printer (which are in the same swich but dirrent vlan)
<roxy> when i do tracert (form my windows client) to the server, just show me one route, but when i do to the printer show my extrenal address
<\sh> roxy: as said, it has nothing to do with your machine itself..it's a routing/firewall/paketfilter/access list problem
<\sh> you should consult your network admin
<roxy> you mean in iptables?
<\sh> roxy: I don't know which network infrastructure you are using...if your router uses iptables, most probably
<roxy> well, I am new in that and I need to resolve it
<roxy> yes, I do, but i did not any modification and this just stop today
<\sh> roxy: check your iptables rules then...no problem regarding ubuntu-server or any ubuntu package...local network problem :)
<roxy> do you know which ruler can let me ping betwenn vlans?
<roxy> fro ecample vlan 1 and 2?
<\sh> roxy: I don't know your network infrastructure...ask someone who setup your infrastructure...it's nothing I/we can debug from here...
<roxy> well, this is the problme there ar eno body just me
<roxy> and i dont have any documentation about the configuration
<\sh> roxy: company? or just a hobby setup? if it's a company...kick your manager
<roxy> well, i will try to fin the problem first, thanks any way
<roxy> I have another question, sorry I am new..i am installing a okidata B6300, everything ok, but I don't know how configurate the ppd file, everything in thye file is commented
* You're now known as ubuntulog
<Kira> Which ftp server is the most popular among Ubuntu users?
<Bilge> Why don't you make a poll
<Kira> in the forums?
<Kira> meh
<Bilge> Well not on IRC
<Kira> I think I shoul.
<Kira> When the Ubuntu OS installer asks you for desired server roles, FTP server is one of the choices, right? I don't know how I missed it.
<andol> Kira: I don't know which of ftp servers is the most popular, but I know vsftpd is one of the most popular
<andol> Kira: Regarding the installation, pretty sure there is no FTP server role. The command "sudo tasksel --list-tasks | grep -i ftp" gave me no answers, on an Ubuntu 9.04 system.
<Kira> ah
<Kira> so it's not just me.
<RoyK> erm. when I try to 'halt' my opensolaris vm on virtualbox, it starts shutting down and then it just hangs
<j0nr> trying to get my mail server to allow me to use it to send mail from remote clients... i.e. use it as a smtp server but i keep getting relay access denied. I have set up (i believe) the very basic dovecot and postfix requirements (no certs) but it stil doesnt work
<j0nr> where do i start?
<Sam-I-Am> j0nr: http://www.postfix.org/STANDARD_CONFIGURATION_README.html
<Sam-I-Am> it doesnt consider the machine you're using to send the message as local, hence the error.
<j0nr> Sam-I-Am: slightly confused... the mahcine I am using is my windows mobile device...
<Sam-I-Am> j0nr: so, windows mobile is the client, ubuntu is the server
<Sam-I-Am> is the windows mobile device always on a network you control or somewhere in the world?
<j0nr> Sam-I-Am: just on the orange network
<j0nr> the error i get is "check you have network coverage and account info is correct" .. i know i have coverage as i am able to recieve mail
<Sam-I-Am> since your device is not on a secured network, you'll need to configure authentication on your mail server
<Sam-I-Am> once authenticated, you can originate mail from anywhere.
<j0nr> Sam-I-Am: I am trying to set up authentication suing this guide: https://help.ubuntu.com/community/Postfix but it seems to be not working
<Sam-I-Am> does it return any errors?
<ScottK> j0nr: Look in the server guide.  It's got directions that work.
<Sam-I-Am> ScottK: ha, sounds like we should remove docs that dont work :/
<Sam-I-Am> have the same problem with openldap
<ScottK> j0nr: Which release are you using?
<Sam-I-Am> usually with certs
<ScottK> Sam-I-Am: It's a wiki, so people can fix it.
<Sam-I-Am> ah
<ScottK> ... or remove it.
<ScottK> https://help.ubuntu.com/
<ball> Time for a sandwich.
 * ball returns, avec sandwich
<j0nr> I have it working!!
<j0nr> at last
<j0nr> following many different guides, it finally works
<j0nr> :D
<j0nr> unfortunately 'blindly' following guides but i can;t hope to 'really' understand what I am doing, its not my job
<ball> j0nr: what's working?
<Daviey> j0nr: \o/
<Daviey> j0nr: You could try and re-create it.. following the guide
<ball> Is the on-demand governor a KVM thing, or part of Ubuntu Server?
<ball> (is it specific to Ubuntu?)
<ball> hello Daviey!
<Daviey> hey ball
<Daviey> ball: not exactly sure what you mean tbh.
<ball> Daviey: I'm trying to find out more about things kirland mentioned in the podcast
<Daviey> The Ubuntu kernel includes an on-demand governor
<Daviey> since 2.6.9 iirc
<ball> ...does that Just Work[tm] on suitably-equipped hardware?
<ball> (is there a utility I can use to watch the cpu & bus speed?)
<n8bounds> any Canonical Ubuntu Server support customers in the Room?
<incorrect> hi, can anyone suggest an alternative to dss (darwin streaming server) apple seem to have dropped support for linux
<jpds> icecast?
<incorrect> never tried it
<incorrect> does that only stream mp3's and oggs
 * ball hugs Ogg/Vorbis
 * ball sighs
<ball> I really have to go.
<cypr1nus> has anyone tried installing joomla on ubuntu server? whenever I want to install joomla using address: 192.168.0.1/joomla it wants to download some .phtml file, while simple php file with only phpinf() in different directory, works ok
<cypr1nus> ?
<bitprophet> cypr1nus: your Apache config, or an htaccess file, needs to set some kind of AddHandler so that .phtml files get interpreted as, I guess, php. (Most likely.)
<cypr1nus> most likely not, because it's the second time i install joomla and in the previous case everything hoes fine without any handlers
<ivoks> hello
<sommer> ivoks: yo
<ivoks> sommer: how are you?
<sommer> ivoks: not bad... livin the dream, how bout yourself?
<jmedina> ivoks: helol
<ivoks> livin the dream? what's the dream about? :)
<ivoks> jmedina: hi
<sommer> ivoks: waiting for football season to start again :-)
<ivoks> i'm enjoying the sun :)
<sommer> good times... you on vacation?
<ivoks> working vacation
<ivoks> when you run your own company, there are no vacations any more :/
<sommer> ah, I hear ya
<ivoks> nice... debian moved drbd to dkms
<jmedina> vacation? what is that?
 * jmedina is a robot
<uvirtbot`> New bug: #404917 in samba (main) "mounted samba shares unavailable after suspend" [Undecided,New] https://launchpad.net/bugs/404917
<metalfan_> hi
<metalfan_> is there somewhere a kernel with imq support for ubuntu thats somwhat maintained?
<ball> What's an imq?
<jmedina> a Intermediate queue
<jmedina> used for ingress traffic shapping
<ball> ah, okay.
<jmedina> imq emulates a network interface
<jmedina> Im not sure if IMQ is built in in the kernel
<jmedina> there are other alternatives like IFB (Intermediate Frame Block)
<jmedina> http://www.shorewall.net/traffic_shaping.htm#IFB
<jmedina> we use shorewall for ingress  traffic shapping
<jmedina> it is enable in hardy kernel
<jmedina> $ grep -i iFB /boot/config-2.6.24-24-generic
<jmedina> CONFIG_IFB=m
<jmedina> imq isnt
<metalfan_> yes, modprobe coudnt load imq
<metalfan_> will look into ifb
<uvirtbot`> New bug: #405421 in drbd8 (universe) "Please sync drbd8 8.3.2-2 (main) from Debian unstable" [Medium,Confirmed] https://launchpad.net/bugs/405421
<mathiaz> ivoks: ^^ does this require some work on the kernel part?
<ivoks> no
<ivoks> drbd was removed from kernel
<mathiaz> ivoks: like dropping the drbd module from the u-module?
<mathiaz> ivoks: ah ok - it has already been done
<ivoks> oh, it wasn;t...
<mathiaz> ivoks: I don't know - that's why I ask?
<ivoks> i'm sure i've seen a post that tim removed it...
<ivoks> let me check
<ivoks> i'll file a bug to remove it
<mathiaz> ivoks: change CN_IDX_DRBD to 0x6 in drbd/linux/drbd.h
<ivoks> doh
<mathiaz> ivoks: is this still an issue in Ubuntu?
<ivoks> nope
<ivoks> drbd now can dynamicaly assign cn_idx
<ivoks> and it is provided in modprobe.d/dkms
<ivoks> MODULES_CONF[0]="options drbd cn_idx=7"
<jmedina> :O
<ivoks> hm, tim said that he removed it from kernel
<ivoks> but it's still here
<ivoks> ah, no... i'm running jaunty kernel :)
<mathiaz> ivoks: I've acked your merge request
<ivoks> great... thanks
<mathiaz> ivoks: the new drbd package should in the archive in a few days
<mathiaz> ivoks: will you be around tomorrow for the meeting?
<ivoks> well need to merge corosync, openais and pacemaker in next two weeks
<ivoks> i'll try, but i don't promise anything since i'll be travelling tomorrow
<mathiaz> ivoks: understood :)
<ivoks> i have to get up and go to zagreb, and then back again
<ScottK> mathiaz: Did you see Debian uploaded mysql 5.1 to Unstable?
<mathiaz> ScottK: yes
<mathiaz> ScottK: I need to check if the two blockers I noticed have been fixed
<mathiaz> ScottK: 1. test suite enbaled
<mathiaz> ScottK: 2. cluster support
<mathiaz> ScottK: for the latter, cluster support is not enabled in 5.1
<mathiaz> ScottK: one proposal is to check if the cluster engine is used in the install and not upgrade if so
<mathiaz> ScottK: I'm not sure if this is the best solution though
<ScottK> mysql 5.1 in Main will make it possible to simplify our amarok packaging in Kubuntu.
<mathiaz> ScottK: right. Doesn't akonadi rely on mysql 5.0?
<ScottK> It does.
<mathiaz> ScottK: the plan is to get only one version of MySQL in main
<ScottK> It was using 5.0 due to maturity concerns though.
<ivoks> so it should work with 5.1, right?
<ScottK> AFAIK, yes.
<ivoks> for server, we should move to 5.1
<ivoks> it would be nice if there won't be kde apps that need 5.0
<ScottK> I really don't think it's a problem, but I'll check.
<mathiaz> ScottK: I don't think there should be a problem as akonadi is starting its own mysqld process
<mathiaz> ScottK: rather than using an embedded mysqld
 * ScottK nods
<ScottK> mathiaz: Riddell is going to do some testing, probably tomorrow.
<bitprophet> Anyone here use rsyslog? curious whether the apparently-really-old version shipping with 8.04/Hardy (rsyslog 1.19) even supports the TSL/SSL stuff that seemed to be its big draw
<ScottK> dunno about Hardy, but it's the default syslog starting in Karmic.
<bitprophet> and in the next Debian too, I think.
<bitprophet> Sadly most of my systems -- the *newer* ones, that is -- are on Hardy :(
<bitprophet> wonder if our centos boxes even have rsyslog in yum. bleah.
<jmedina> bitprophet: isnt disabled at compile time? some debian projects disable TLS /SSL because license confilicts or something
<jmedina> or probably compiled agains gnutl
<jmedina> gnutls
<bitprophet> could be
<bitprophet> but I don't think this old rsyslog version even had TLS upstream, so nothing for debian to disable. ha.
<bitprophet> so might be time for me to brush up on my ssh tunneling or stunnel whee.
<jmedina> openssh vpn is easy
<jmedina> no x509 certs involved
<jhrozek_> Hello, anyone using Cobbler for deploying Ubuntu around here?
<quizme> i'm getting permission denied even though I have write access........ anybody know why?   # echo "hi" > /etc/bind9/named.conf.local
<jmedina>  /etc/bind9, that dir exists?
<uvirtbot`> New bug: #405518 in samba (main) "package smbfs 3.0.28a-1ubuntu4.8 failed to install/upgrade: dependency problems - leaving unconfigured" [Undecided,New] https://launchpad.net/bugs/405518
#ubuntu-server 2009-07-28
<uvirtbot`> New bug: #405560 in samba4 (universe) "Sync samba4 4.0.0~alpha8+git20090718-1 (universe) from Debian experimental (main)." [Wishlist,Confirmed] https://launchpad.net/bugs/405560
<van> hello server gurus
<van> do i need to use Ubuntu server to utilize multiple hard drives?
<Samo> you can have multiple HDD in a desktop environment
<van> Using RAID?
<van> RTFM right?
<Samo> then i don't know X)
<van> I was asking if I need to use RAID
<artillerytx> Why are servers so cheap nowdays
<ball> artillerytx: because they're made from cornflakes
<artillerytx> ball: oh yeah
<artillerytx> but seriously i can buy a dell poweredge 6650 for like $300
<ball> Are those 1U?
<artillerytx> no they are 4U
<artillerytx> Quad 3GH
<artillerytx> z
<artillerytx> Xeons
<ball> The last Dell servers I used were very screechy.
<ball> ...perhaps today's are better.
<artillerytx> i have a 1750 and its way toooo loud
 * ball nods
<artillerytx> I just don't know what is good and what is bad etc..
 * genii turns on the Sunfire X2100 and hears it break the sound barrier 
<artillerytx> like this - http://cgi.ebay.com/Dell-PowerEdge-6650-Quad-Xeon-2-7GHZ-3838-RAM-36GB-HD_W0QQitemZ180379157931QQcmdZViewItemQQptZCOMP_EN_Servers?hash=item29ff6f85ab&_trksid=p3286.c0.m14#ht_974wt_1233
<ball> brb
<roxy> Hi please help...I restart my ubuntu server and now i can boot ..it is stoping when is loading NTP and then postreg and just stay there, can not load anything
<roxy> i can't boot
<mushroomtwo> how long is it hanging?
<mushroomtwo> how long have you left it hanging there?
<roxy> if this is fr me just now
<roxy> hi, sorry..me again, now pass the first part but I can not login, aparently the postreg database is corrupt because do es not recongnize my root and user password
<roxy> hey please somebody can helo me...something happen with my server and is not runnung, is very slow...how I can detect which is the problem
<artillerytx> Hey when im setting up my google app mail account and tells me to add mail to CNAME alias and ghs.google.com to CNAME destination
<ball> roxy: does "top" provide any clues?
<ball> I have to go
<roxy> i can access to the server
<roxy> when i boot stop in postregsql then go so slow...
<roxy> and i need to wait for a long time to appear the log promt
<roxy> and then go to the jubuntu windows and then stop, dont do nothing
<roxy> Hi please somebody can help me , my server stop to boot...and is so slow, i dont know what i can do to recover it?
<Bookman> I'm trying to connect to another computer on my local network.  I can ssh into the machine with no issues.  I just cannot see that same machine via smb and nautilus.
<Samo> for smb you need to give access to other pc's
<Bookman> I've done that
<Bookman> There is a little more....
<Bookman> I am going through one router, into another router, into the target machine.  If I connect to the second router, I can connect to the target machine.  If I connect to the first router, I cannot seem to make it through the second router and on to the target machine.
<Bookman> I hope that made sense!
<Samo> in the second router smb and nautilus works?
<Bookman> yes, no problem
<Bookman> I have a DMZ setup from router one to router two
<Samo> hmm
<Bookman> yeah, kind of strange.
<Samo> router manufacturer?
<Bookman> router one is dlink.  Router two is Belkin
<Bookman> Router one also is attached to my cable modem
<Samo> sounds like a port thing to me
<Bookman> Yeah, I just cannot figure it all out
<Bookman> ssh works perfectly
<Samo> let me see if i get it
<Samo> r1 and r2 are directly connected?
<Bookman> Yes
<Bookman> Modem>Router 1>Router 2
<Bookman> Router 1 is also wireless
<Bookman> Router 2 is also wireless
<Bookman> DMZ setup from Router 1 to Router 2
<Samo> where do woy get the internet?
<Samo> sdo you*
<Bookman> Not sure what you mean
<Bookman> I could turn off the internet and would still have the same local network problem
<Bookman> Internet works great from all machines
<Samo> i was thinking that maybe the smb requests were being send out to the internet instead of the next hop router
<Bookman> Ah, got you.
<Bookman> Not sure about that one
<grim76> Assuming this is home networking gear.  It is possible that the router is still blocking the traffic.  Even though it is in a DMZ might have to create specific forwarding rules to get past it.
<genii> Bookman: If you use smb://x.x.x.x             (IP of dest box) can it get there?
<Bookman> genii: no
<genii> Are both routers handing out numbers on same segment? Or is it set statically, etc etc
<Bookman> Same segment?
<Bookman> One is 192.168.0.x
<Bookman> One is 192.168.2.x
<genii> So the netmask is then 255.255.0.0 ?
<genii> 192.168.0.x and 192.168.2.x are NOT on same segment
<Bookman> Router One is 255.255.255.0
<genii> (unless netmask is 255.255.0.0)
<Bookman> Router Two is 255.255.255.0
<Samo> write the command for the SSH you use
<Bookman> ssh user@192.168.0.104
<grim76> Iptables or similar firewall limiting smb traffic to local subnet?
<Bookman> grim76: not on purpose
<Samo> still thinking is a port thing, the ssh is getting there on the LAN IP
<Bookman> smb is 445?
<genii> 135 139 I think
<genii> No, 445 (just checked)
<Bookman> yeah, tried forwarding....no luck
<grim76> Is there a single NIC in the samba server?  Maybe SMB is locked down to a single interface?
<genii> When daisy-chaining routers I usually do something like make router1 192.168.0.1 and give a range like 192.168.0.50-99 and router2 192.168.0.2 and give a range like 192..168.0.100-50
<Bookman> genii: should not matter though, no?
<genii> Bookman: The netmask dictates for instance what IP the smb broadcasts on. So they are broadcasting on 192.168.0.255 on one router and 192.168.2.255 on the other right now
<Bookman> hmmmmm
<Bookman> So the broadcast address is the issue
<Bookman> What if I can change my broadcast address on Router Two to match Router One?
<genii> Bookman: As far as the machine offering a service being immediately seen by other boxes not on it's local subnet.
<Bookman> subnets are the same though
<Bookman> Maybe I'm just not getting it
<genii> 1.1.0.x is not on the same subnet as 1.1.1.x if the netmask is not 255.255.0.0
<Bookman> Ok, not sure what to change here now
<genii> At any rate, almost 1AM and will require sleep here, so will be /away shortly
<Samo> with the SN Mask being 255.255.255.0 ... there is then SN 1 = 192.168.1.0 - 255   ... and SN 2 = 192.168
<Samo> ups
<Samo> ... and SN 2 = 192.168.2.0 - 255
<Bookman> Ok, you have my setup information....I'm just not understanding what to change to get it to work here.
<Samo> a long cable to connect directly to r2
<Samo> there!
<Bookman> Samo: I can do that via wireless
<Samo> xd
<Bookman> But I have to explain that to my users?
<Samo> maybe
<Samo> you should try /j #cisco
<Bookman> ?
<Samo> i'm out of ideas
<Samo> the cisco channel on freenode
<Bookman> Samo: no problem....I guess just not possible under Linux....
<Bookman> Let me try XP on the machines...
<Bookman> See if it can be done at all
<Samo> ok
<Bookman> Gotta break the problem down somehow
<Bookman> Ok, two XP machines see each other with no issues
<Samo> hmmm
<Bookman> Yeah, strange
<Samo> before
<Samo> you were trying to access ubuntu-server with smb with a xp machine?
<Bookman> Nope
<Bookman> Two ubuntu machines
<Samo> is the server supposed to be for linux only?
<Bookman> Yup
<Samo> try NFS
<Samo> know how?
<Samo> on the server
<Samo> cd /etc/
<Samo> nano exports
<Bookman> I tried NFS. I could never get it working at all
<Samo> asdf
<Samo>  /folderyou/want/toshare remotepcname(rw) anotherpc(rw) pcreadonly(ro)
<Bookman> ?
<Samo> nevermind
<Bookman> OK
<Bookman> Local networking does not seem to be a strong point of Linux
<mushroomtwo> haw.
<mushroomtwo> also, linux is terrible for serving web pages
<mushroomtwo> or DHCP
<mushroomtwo> you should go back to windows.
<Bookman> I will change the machines back.  I thank you for the help though
<artillerytx> for some reason my server is not working ... I can still access the apache server all i did was move it to another room
<Bookman> Good try
<artillerytx> anyone know why im getting this http://ubuntu.pastebin.com/m36d41976
<artillerytx> when i type " grep -r -i iptables /etc/
<roxy> hey somebody can give a idea please...my server doesn run...is stopping ..i am trying to boot but stop in NTP and Postreg, please help...
<roxy> well, it look like the Toby's club
<MT-> What questions could I ask somebody to see if they know much about Linux?
<ttx> MT-: explain how it boots ?
<MT-> ttx: I was thinking of questions with multiple choice questions
<MT-> nothing serious - just for fun
<ttx> hm - then you should be able to google some linux quiz
<MT-> !info motif
<ubottu> Package motif does not exist in jaunty
<artillerytx> what do you think the best firewall is ?
<twb> artillerytx: we told you yesterday: use ufw.
<artillerytx> okay
<twb> But the best firewall is two inches of solid air.
<artillerytx> oh yea
<MT-> artillerytx: I like iptables :P
<artillerytx> MT-: i like tables too
<MT-> restrict what has a port open - and the rest is no concern
<artillerytx> yeah
<artillerytx> hey im reading this tutorial - http://ubuntuforums.org/showthread.php?t=2780
<artillerytx> and it says run mkdev.sh script but i creat this file and then later on execute it /
<twb> On a GNU/Linux system, essentially all "firewalls" are really just wrappers on top of iptables.
<roxy> regards, to iptables and firewall i unistall that and my system run again (boot), just to let you know as i am sure you are expert in that
<MT-> twb: I tried using iptables + ufw once - I soon learned not to :P
<MT-> all the errors about conflicts
<twb> MT-: did you file a bug report?
<LiraNuna> postfix doesn't answer to me in telnet, anyone has an idea?
<LiraNuna> telnet localhost 25 // connects but doesn't reply 250 mail.something.com
<LiraNuna> just sits there, sending text (EHLO) won't reply
<LiraNuna> QUIT doesn't work either
<MrGlass_> hai
<MrGlass_> im trying to get a lampstack running
<MrGlass_> on a vps runnign ubuntu 9.04 server
<MrGlass_> but when i try "apt-get install apache2" i get an error that the repository deosnt exist
<twb> LiraNuna: try nc 127.0.0.1 smtp <<<$'HELO google.com'
<twb> Curiously, "nc 127.0.0.1 submission" doesn't respond to me.
<quizme> hi, i can't get two patterns to run with expect..... is anybody familiar with the linux command expect?
<twb> #tcl maybe?
<twb> Or whatever the TCL channel is called
<quizme> echo "wow" | expect -c 'expect {"hi"  { send "You said hi" }}' -c ' expect {"wow" {send "ruff ruff"}} '
<quizme> expect: spawn id exp0 not open
<roxy> somebody know how i can force to my samba member server to validate with ldao accounts?
<MrGlass_> im trying to set up a lamp server. I install php, apache2, etc. When I browse to my site, my browser downloads the php file, instead of the server executing the script
<MrGlass_> any ideas whats wrong?
<_ruben> php module for apache is probably installed, but not enabled
<MrGlass_> gow do i enable it
<_ruben> sudo a2enmod php5
<MrGlass_> says php5 is already enabled
<_ruben> restart apache
<MrGlass_> that did it
<MrGlass_> thanks
<ofnqwop> hi all, im trying to install my firewall using ufw. my server is server and router. i got 2 nic eth0 with 192.168.0.1 (intranet) and eth1 192.168.2.30 (internet). i only whant some specific ports to be open to the net. but there are always all ports open.
<ofnqwop> here my ufw
<ofnqwop> Anywhere                   REJECT  Anywhere
<ofnqwop> 192.168.0.1                ALLOW   192.168.0.0/24
<ofnqwop> 22                         ALLOW   Anywhere
<ofnqwop> 80                         ALLOW   Anywhere
<ofnqwop> 8245                       ALLOW   Anywhere
<ofnqwop> 6667                       ALLOW   Anywhere
<Daviey> ofnqwop: Are you sure you aren't looping back?
<ofnqwop> no, because i dont know what this means :)
<Daviey> ofnqwop: what is the host/ip, so we can check port 80, from outside your network?
<ofnqwop> oh, i am testing from outside the network
<_ruben> its ufw only meant for single host firewalling (protecting the box itself)?
<Daviey> oh good.
<_ruben> s/its/isnt/
<Daviey> _ruben: i assume the box he's quoted is running ssh, httpd.. so that should still be blocked.. surely
<ofnqwop> my results of a portscan to my ip @home
<ofnqwop> 22/tcp   open     ssh           (protocol 2.0)
<ofnqwop> 25/tcp   open     smtp         Postfix smtpd
<ofnqwop> 53/tcp   open     tcpwrapped
<ofnqwop> 80/tcp   open     http         lighttpd 1.4.19
<ofnqwop> 111/tcp  open     rpcbind
<ofnqwop> 135/tcp  filtered msrpc
<ofnqwop> 139/tcp  filtered netbios-ssn
<ofnqwop> 445/tcp  filtered microsoft-ds
<ofnqwop> 901/tcp  open     http         Samba SWAT administration server
<ofnqwop> 2000/tcp open     sieve        Dovecot timsieved
<ofnqwop> 2049/tcp open     rpcbind
<ofnqwop> 5060/tcp open     sip?
<ofnqwop> 6667/tcp open     irc          BitlBee IRCd
<ofnqwop> 8089/tcp open     upnp         Microsoft Windows UPnP
<ofnqwop> any ideas?
<jpds> ofnqwop: And you pastebin: sudo ufw status verbose
<ofnqwop> http://pastebin.com/m42054b9e
<jpds> Hmm, not sure then, maybe jdstrand would be able to help.
<jpds> jdstrand: Also, do you have any opinions on bug #400622 ? :)
<uvirtbot`> Launchpad bug 400622 in ufw "Implement a safe-restart command" [Undecided,New] https://launchpad.net/bugs/400622
<ofnqwop> do i maybe have to "apply" the ufw settins?
<ofnqwop> *settings
<livio> morning
<livio> do you guys think that ubuntu server 8.04 might be incompatible with the new proliant G6 servers ? Has anyone experienced problems with that ?
<RoyK> livio: I have 8.04 running on a few G5 servers, but I don't know about G6
<Tejas> Slow ssh login in 8.10 give me solultion ....
<Tejas> in my server
<RoyK> "give me solution" <-- not really a nice way to ask
<andol> livio: Sounds that way http://www.ubuntu.com/news/hp-proliant-servers-certified-ubuntu
<Tejas> sorry for that
<andol> livio: Sorry, didn't saw you specifying 8.04
<_ruben> slow ssh logins are dns related 90% of time
<_ruben> machine failing to lookup of the hostname corresponding to the connecting ip
<Tejas> i have already add a entry in the sshd_config for GSSAPIAuthentication yes  GSSAPIDelegateCredentials no
<mattt> RoyK: give me solution!!!!
<spiekey> Hi
<spiekey> i would like to have file version 5.x on my system. Right now i have file-4.26.
<spiekey> how would you upgrade this?
<infekted> anyone familiar with mysql
<mattt> infekted: what's the question?  :)
<infekted> I keep getting this
<infekted> Could not connect to the database, see error message below.
<infekted> Access denied for user 'infekted'@'localhost' (using password: YES)
<infekted> im trying to instal phbb3
<spiekey> infekted: this is not really ubuntu related...but check your mysql user permissions
<mattt> access denied
<spiekey> or try 127.0.0.1 instead of localhost
<infekted> ok
<infekted> ill check it out
<spiekey> install phpmyadmin and have a look at the privileges
<mattt> infekted: yeah, your user doesn't have permission
<infekted> well I don't know if I even installed it right on my ubuntu in the first place im new to the mysql thing
<spiekey> it MUST match the hostname, which sometimes is confusing ;) You can set diffrent privileged for diffrent sources
<infekted> I don't even know what my mysql username and password is
<infekted> I was never prmpted
<spiekey> infekted: by default it should work with root and a empty password....install phpmyadmin, thats very useful
<infekted> I tried it came up with errors
<infekted> :9
<infekted> I wish someone could just connect to my server and fixed what I fuggerd up
<spiekey> well, then you would have a working mysql server, but no idea why it is working ;)
<infekted> I think I should just reinstall mysql
<infekted> see if I missed anything
<infekted> could anyone help me set up a decent server for my website with a webmail client I always seem to screw something up
<infekted> or not
<stefanWW> Hello! Did any of you guys experienced any problems with installing and running ubuntu server 804 LTS on proliant servers G6 ?
<stefanWW> it just freezes during the install process
<_ruben> best to talk to the #ubuntu-installer people
<stefanWW> thanks _ruben
<uvirtbot`> New bug: #404321 in likewise-open (main) "gnome-screensaver should allow screen unlock even if account is locked out" [Undecided,Incomplete] https://launchpad.net/bugs/404321
<andol> ttx: Curious about something. Sometimes I see you switch bugs from Incomplete to New. Is that to get them showing up in more searches, or is there some other thought?
<ttx> andol: for me, when there is nothing the reporter can give us it should no longer be in incomplete
<ttx> it should be in status "new" until we decide between invalid/confirmed
<ttx> which in this case is tricky :)
<andol> ttx: I guess that kind of makes sense. Is there any general policy/guideline/wisedom regarding incomplete->new by the way? Thinking of sending an email to ubuntu-bugsquad@ otherwise.
<ttx> andol: ideally it should go incomplete -> confirmed/invalid
<ttx> in this case I wanted it to appear in new lists as needing some attention
<andol> ok
<andol> ttx: Have a few (other) tickets which I'm not really sure what to do with. Perhaps it might be an idea to make them ->new as well?
<ttx> andol: I'd say they should ne longer be in "incomplete" if there is nothing the reporter can do about them. better set them to NEW to bring them to developers attention
<ttx> reporters don't like to see the deprecation countdown while they provided all requested info.
<andol> ttx: Good advice, thanks
<Stronghold_> sa
<ball> I really want to be at the meeting this morning, but fork's on a school field trip and I need to meet her there at 15:00
<vo> i'm trying to use kerberos login on my server. i've set it up and kinit works but krb5_pam doesn't. I get these "krb5_get_init_creds_password: Decrypt integrity check failed" errors in my auth.log. anyone seen that before?
<ball> I'm impressed to see sabdfl in #ubuntu-meeting
<genii> vo: I haven't personally seen that. But there seems something about it here: http://www.cmf.nrl.navy.mil/ccs/people/kenh/kerberos-faq.html#badpass
<vo> hmm thanks. i'm not sure what to check; when setting up a client you don't go through any key generation process or keytabs...
<mdhafen> Hello channel.  I would like help with Gitosis.  I recently upgraded a server from 8.10 to 9.04, and now gitosis won't let me push to it.  The error is 'pkg_resources.DistributionNotFound: gitosis==0.2'  Thanks.
<mdhafen> I get the same error trying to clone from the server too.
<genii> mdhafen: Is python-setuptools installed? This bug report seems to hint it might be required http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473022
<uvirtbot`> Debian bug 473022 in gitosis "gitosis doesn't work without python-setuptools package" [Serious,Fixed]
<mdhafen> yep.  dpkg reports python-setuptools installed at version 0.6c9-0ubuntu4
<genii> mdhafen: See perhaps also http://kylecordes.com/2009/04/30/gitosis-ubuntu-jaunty/   which suggests python version may need to be 2.5 and not later
<mdhafen> I'm looking at that page.  Kyle suggests installing newer packages from the debian pool.  What is your opinion of that suggestion?
<genii> mdhafen: In the posts below, someone just set their default pythin to be 2.5 instead of 2.6 and found it to work
<genii> I'd take that route before installing the debian packages
<mdhafen> so you don't expect any other package to require python being at 2.6?
<genii> You could test whatever apps you have which may expect some latest version. But I don't expect the changes from 2.5 to 2.6 would be so major as to have much impact
<mdhafen> ok.  I'll try shifting python down then.  Thanks.
<mdhafen> yep.  pushes fine now.  Thanks.
<genii> mdhafen: You're welcome
<stercor>  59  <Directory /home/*/public_html>
<stercor>  60    #UserDir public_html
<stercor>  61    Options Indexes FollowSymLinks
<stercor>  62  </Directory>
<stercor> I'm trying to set up user directories for public_html
<genii> stercor: I think all you really need to do is just enable the module userdir
<stercor> genii: How?  I believe I'm using mod_so.
<jdstrand> ofnqwop: the ufw cli command is useful for host-based firewalling, not routing. You can add iptables-restore style rules to /etc/ufw/before.rules for routing if you need routing
<stercor> genii: LoadModule userdir path_to_module.
<ofnqwop> JDStone, why routing? i whant to block everything :/
<ofnqwop> jdstrand, sry
<genii> stercor: Something like sudo a2enmod   and choose userdir
<stercor> genii: that was too easy!  Thanks a bunch.
<jdstrand> ofnqwop: perhaps I didn't read backscroll enough... 'sudo ufw enable' will block all incoming connections, except a few things like certain icmp packets, dhcp client responses and avahi
<genii> stercor: You're welcome
<jdstrand> ofnqwop: you can fine-tune that behavior by updating /etc/ufw/before.rules
<stercor> genii: do I have to do this every time I reboot?
<ofnqwop> oh ok, /etc/ufw/before.rules is the ip-tables script generated by ufw?
<jdstrand> ofnqwop: not exactly
<jdstrand> ofnqwop: see /usr/share/doc/ufw/README.gz for details
<ofnqwop> ok
<jdstrand> ofnqwop: see 'Layout' and possibly 'Chains'
<ofnqwop> k, thx
<genii> stercor: No, it will auto-load now the module every time apache starts normally
<stercor> genii: Thanks again.
<stercor> Of the 193 people in this channel, can someone enlighten me on Ubuntu's mechanism to get Apache2 and PostgreSQL working?
<otacon1221> Which is better at allocating bandwidth, a dedicated router running NAT, DHCP, DNS, and WPA2 or a Linux server gateway running the same services?
<ball> otacon1221: depends.
<ball> ...but the Linux server is going to be more futureproof.
<ball> ...and more flexible.
<giovani|work> so, linux is a dedicated router if you make it one
<giovani|work> many consumer routers run linux
<ball> giovani: good point.
<giovani|work> and a few commercial routers run some unix-type kernel
<giovani|work> at the highest-end, typically the commercial devices will outperform a generic linux kernel
<ball> giovani: BSD?
<giovani|work> but you're not likely to be interested in the highest-end if you're asking
<giovani|work> ball: some, yeah
<giovani|work> your linux device will definitely outperform the features of a typical embedded router
<ball> I have a machine here I've been planning to make a router out of.
<stercor> Can someone enlighten me on Ubuntu's mechanism to get Apache2 and PostgreSQL working?
<refnumzx> i am trying to configure dansguardian filtergroups under ubuntu jaunty. i have followed several how tos and when i set users to filter2 which is  suppoed to be unfiltered, they still get blocked. advice.
<Fenix|work> Greetings and Salutations to one and all.
<Fenix|work> Any Ubuntu admins here who have to deal with Windows boxes?
<giovani|work> Fenix|work: on occasion, sure
 * Fenix|work grumbles about Windows... too bad it pays the bills.
<giovani|work> linux can pay more bills, generally
<Fenix|work> giovani, I want to set up a syslog server and collect logs from all my windows, linux and cisco boxes.
<Fenix|work> the last two are easy... the first, not so much.  I'm looking for suggestions.
<giovani|work> Fenix|work: sounds like a good idea
<ball> Fenix: I probably qualify
<Fenix|work> giovani|work, I think so too... but I have two questions... a) how to get windows to syslog it's logs... and b) how to sort through all this data.
<Fenix|work> ball, qualify for which, windows paying the bills, or dealing with windows boxes?
<ball> Dealing with windows boxen, but at least they're on the desktop.  No Windows servers.
<Fenix|work> yeah, I have the entire windows infrastructure to deal with
<Fenix|work> anyone have any ideas on how to parse through all those syslogs?
<Fenix|work> I think there's an ntsyslog agent so I think I might have that aspect covered... but logs are useless if you can't get anything meaningful from them in a timely manner.
<ball> Fenix: Still, at least you're working, eh?
<Fenix|work> I'm a windows admin who converted
 * ball nods
<ball> I've looked after Windows servers in the past, as part of some database work.  I wasn't that impressed.
<ball> ...for servers that I have control over, Windows isn't on the list.
<Fenix|work> I started playing with linux when the kernel was 0.95 on an IBM AIX server ... couldn't properly compile floppy drivers for it.
<Fenix|work> then I switched to windows from Novell at my place of employ because it made sense
<Fenix|work> but then I became a convert and am slowly moving servers to linux...
<Fenix|work> any recommendations for parsing through syslog files?
<Fenix|work> vast amounts of them too... hehe
<jmedina> Fenix|work: probably using a different syslog daemon like syslog-ng which has more filters than sysklogd
<jmedina> or probably rsyslog
<ball> Fenix: I recommend coffee.
<ball> Currently I run NetBSD on the few production servers I look after, but Ubuntu Server looks very promising indeed, so I'm hoping to migrate to that.
<Fenix|work> I'm using 8.04LTS and it's rock solid
<ball> I've been running it for a while on a casual Web server, but I want to try it on something more modern.
<ball> (something that can virtualise a few of my old boxen)
<Fenix|work> I have Ubuntu server running on several HP ProLiant servers
<Fenix|work> the most powerful one I have now is a ProLiant DL 380 G5 with 32GB RAM and two quad core xeon processors
<Fenix|work> runs my web, database and ftp server
<Fenix|work> I have another DL380 that runs cvs and php/mysql for buzilla and a bunch of other miscellaneous web services that are internal.
<Fenix|work> another is a full on proxy and another a reverse proxy.
 * Fenix|work grumbles about the pain in the ass it was to reverse proxy microsoft exchange web outlook.
<Fenix|work> ball, so what's coffee?
<Fenix|work> besides a tasty beverage that I can't live without
<ball> Fenix: that's the one.
<ball> Fenis: do you use Smart Array RAID controllers at all?
<ball> Our ML110 has a Smart Array E200 that I'm sure will work with Ubuntu, but I want to make sure I can query the health of the array remotely
<ball> (it lives 130 miles away from me)
<ball> (209 km)
<genii> !coffee
<ubottu> coffee is a caffeinated beverage made by filtering hot water through ground up roasted beans of the coffee plant. Flavouring to taste such as milk or cream, sugar or sweetener are often added afterwards. Not to be confused with !java
 * genii decides to have some
<refnumzx> is anyone here familiar with configuring dansguardian and filtergroups? using ubuntu jaunty and stock debian files for dansguardian
<mathiaz> ttx: do you have some time to review the libopendrim-common package on REVU?
<mathiaz> ttx: http://revu.ubuntuwire.com/p/libopendrim-common
<mathiaz> ttx: I've arleady gone back and forth with the uploader and it's in a good shape now
<ttx> mathiaz: I will look into it.
<mathiaz> ttx: merchi!
<Fenix|work> ball, I can't remember exactly what the SmartArray card is, but it's detected in ubuntu
<Fenix|work> ends up as /dev/cciss/c0dx
<Fenix|work> ie... c0d0p1 and c0d0p2 in my case
<ball> Fenix: do you use command-line utilities to check the health of your array?
<refnumzx> 3/quit
<Fenix|work> ball, no not at all...
<Fenix|work> there's LED lights on the chassis that shows if there are problems.
<mathiaz> ttx: hey - how do you test sfcb usually?
<mathiaz> ttx: I'm working on updating cim-schema to the latest version
<ttx> using the test case in WbemStackSpec
<ttx> mathiaz: see Demo/test plan in https://wiki.ubuntu.com/WBEMStackSpec
<mathiaz> ttx: awesome. thanks!
<ttx> First wbemcli query should return the classes for which it has a provider
<ttx> Second one enumerates instances ("ei") of Linux_Processor
<mathiaz> ttx: great - thanks.
<Bookman> How do I share files using NFS instead of SMB?
<Bookman> Or maybe how do I see other computers through a second router?
<sailingboarder> does ubuntu server 9.04 come with any wireless drivers?
<sailingboarder> i installed it on an old laptop, but the wireless card isn't detected
<sailingboarder> are there any packages that come with ubuntu desktop, but not server, that have wireless drivers?
<ball> Daviey: KVM Vs. qemu.  Is one better suited to server use than the other?
<Daviey> ball: KVM..
<jmedina> afaik, kvm uses qemu, kvm for production servers..
<ball> Daviey: thanks
<ball> jmedina too.
<ball> I wish I had a faster machine at home to try this stuff on.
<ball> ...don't want to disturb the production box until I've knocked it around a bit.
<ball> Ooh, monitor just arced
<ball> ...that's not good.
<artillerytx> for some reason my server i sending me an email with this in it - http://paste.ubuntu.com/235464/
<jmedina> artillerytx: I would better ask in ebox mailing lists
<jmedina> that error is ebox specific
<artillerytx> jmedina: well i don't want ebox i want it completely gone
<artillerytx> so i removed it
<jmedina> then remove the cron job
<artillerytx> how do i remove the cron job
<jmedina> just remove the file that trigre the error
<jmedina> that one
<jmedina>  /etc/cron.hourly/99purgeEBoxLogs
<artillerytx> where is the cron file located
<jmedina> did you read my las message?
<artillerytx> oh so just remove that file
<artillerytx> k
<albdum> hello guys i have a problem with 2 of my 4 hard disks at the same pc desktop ubuntu mounts them fine on the other hand server doesn't :(
<jmedina> albdum: how do you mont your disks?
<jmedina> do you get a message when you mount them?
<albdum> yeap
<jmedina> how do you detect that 2 are not mounted?
<jmedina> please give details
<albdum> sure
<albdum> sdc1 and sdd1 arent on /dev althrought sdc and sdd are there
<albdum> also at fdisk -l sdc1 and sdd1 apear as well
<jmedina> that means /dev/sdcc and /dev/sdd doesnt have a partition table
<jmedina> could you pastebin the output from fdisk -l ?
<albdum>  http://paste.ubuntu.com/235482/plain/ <---- fdisk -l
<albdum> http://paste.ubuntu.com/235484/ <------ls -l /dev/disk/*
<jmedina> :)
<jmedina> I see
<albdum> :)
<jmedina> sdc1 and sdd1 are NTFS partitions
<albdum> they were before at raid
<albdum> yeah
<jmedina> ubuntu server wont mount partitions automatically unless you define it in /etc/fstab
<jmedina> it is not a desktop
<jmedina> sorry, Im running out of power
<albdum> yeah but when i try manually to mount them they don't
<albdum> check my fstab
<albdum> http://paste.ubuntu.com/235500/
<albdum> same command three of them sdb1 is mounted ok the other 2 are not....
<albdum> http://paste.ubuntu.com/235502/   <----- sudo mount -a
#ubuntu-server 2009-07-29
<albdum> any ideas why that is happening ? already tried removing dmraid and from gparted at the one of the 2 disk create partition tables again (ms-dos) and create partition ntfs again
<albdum> jmedina are you there ? :)
<albdum> any1 else might can help with this ?
<infinity> albdum: I suspect you answered your own question.  Didn't you say sdc1 and sdd1 were previously raid members?
<albdum> infinity: yeah but before i install server i deleted the raid set...
<albdum> and format the one of them again
<infinity> albdum: If that was NT's software RAID, they're "dynamic disks", in NT parlance, and they can only ever act as the raid members they always were, unless you repartition and reformat them.
<albdum> what i did: hardware raid ->delete then 1 of them -> format,create partition tables msdos and then create partition ntfs
<albdum> shouldn't that work ?
<infinity> Maybe.  I wouldn't hold my breath. :P
<albdum> also those 2 disk i can see them from any other os installed on the same pc
<albdum> including ubuntu desktop
<infinity> dd if=/dev/zero of=/dev/sdc bs=512 count=10
<albdum> just in server edition it seems it can't mount them
<infinity> That's always a nice way to slaughter a disk back to factory fresh.
<infinity> Oh, that's more curious.  I walked in to this in the middle.
<infinity> Desktop automounts them, I imagine?
<albdum> i need the one of them sdc i guess to keep my files
<albdum> i mount them click home--> then the disk
<albdum> yeah the desktop mounts them when i click on it not on load
<albdum> ing
<albdum> maybe server edition missing a package or something and cause of that can't mount them ?
<infinity> The kernel's pretty obviously not even seeing the partitions, as your dev/disk output shows.
<albdum> yeah
<infinity> Are you positive that desktop isn't seeing them through the magic of dmraid?
<albdum> dmraid wasn't installed on desktop
<albdum> and before 3 minutes i unistalled it from server too hoping that would do the charm but :(
<albdum> albus@ubuntu-server:~$ sudo mount /dev/sdd1 /media/HardDisk3
<albdum> mount: special device /dev/sdd1 does not exist
<albdum> albus@ubuntu-server:~$ sudo mount /dev/sdd /media/HardDisk3
<albdum> mount: unknown filesystem type 'isw_raid_member'
<albdum> ---->>>>> these is annoying any ideas ? cause i am out of luck and disk space on the other 2
<infinity> It really does sound like sdc and sdd are still software raid members to me.
<infinity> The dm-uuid-DMRAID-isw.. stuff in /dev/disks points at that too.
<albdum> maybe samba has anything to do with that ?
<infinity> Not much I can tell you except "wipe the first few sectors of the drive and repartition"... But if you can see them from another OS, there might be somehting less drastic you can do.
<infinity> Or, wipe sdd, create sdd1, copy everything from sdc1 to sdd1, then repeat on sdc.
<infinity> Samba has nothing to do with it.
<albdum> how can i do the last part exactly ? :)
<infinity> dd if=/dev/zero of=/dev/sdd bs=512 count=1024 (wipe hard, why not?)
<infinity> fdisk /dev/sdd
<infinity> Create giant partition.
<infinity> Copy everything from sdc1 to sdd1, using whatever works for you.
<infinity> Then do the above with s/sdd/sdc/
 * infinity heads back to work.
<albdum> thnx m8 :)
<albdum> any1 can help me format a ntfs partition with server edition?
<albdum>  Hello any1 might know how can i format a drive to ntfs using shell ?
<marce_> Hello everyone, i need to execute a lynx and close it after it finish loading the website. Which flag should I need?
<baffle> kirkland: Did you still need to play with a rackserver with S3?
<Kira> Hmm, I'm pretty positive that there was a memory leak somewhere in my system. The memory usage % would steadily climb, though rather slowly, about 10% a month.
<Kira> and that's while it's sitting there apparently doing nothing.
<Kira> How shall I track the memory usage of my processes?
<ball> Kira: top?
<uvirtbot`> New bug: #406093 in mysql-dfsg-5.0 (main) "MySQL limiting INT(64) to INT(32)" [Undecided,New] https://launchpad.net/bugs/406093
<Kira> ball: the trouble is, all of the memory usages shown in top are so minuscule.
<Kira> I see lots of 0.0%
<ball> Kira: launch top and then try pressing M (must be capital)
<twb> Kira: take some memory out of your machine, then ;-)
<twb> ball: huh.  I always use > and < to change column
<ball> twb: No idea.  I'm not used to interacting with it.
<ball> ...but I looked that up for Kira
<twb> Righto
<twb> You could also use Z to pick a different display format
 * ball shrugs
<twb> It lets you colour-code the different layouts which is nice if you have a bunch running at once.  FYI.
<ball> twb: thankfully it's black & white on my screen.
<twb> :-)
<unixxx> Hey guys, anyone know whether I should be using /dev/md_d0 or /dev/md/d0 as the device for my RAID array?
<unixxx> I can't find any real documentation on thisl
<mattt> unixxx: you sure they don't map to the same thing?
<unixxx> /dev/md_d0p* symlink to /dev/md/d0p*
<unixxx> But /dev/md_d0 doesn't symlink to /dev/md/d0
<unixxx> I've setup md_d0 as the device using mdadm --assemble but was wondering what the proper practice was.
<mattt> unixxx: yeah, not 100% which is proper ... guessing to use /dev/md, but don't quote me on that :)
<unixxx> Ok, cool, thanks.
<unixxx> All I could gather was that maybe /dev/md was to eliminate some problems with udev
<mattt> unixxx: do you have a /dev/md0?
<unixxx> I did but it was removed when I upgraded from 8.10 to 9.04 last night.
<unixxx> Then I noticed /dev/md_d0 and re-assembled my RAID array to that device, assuming it was the replacement.
<mattt> unixxx: ah, cuz http://tldp.org/HOWTO/Software-RAID-HOWTO.html only refers to /dev/md0 (at first glance) ... maybe it's out-dated
<mattt> unixxx: i think i will withdraw from this conversation, since i know nothing about software raid :)
<unixxx> matt, ok, thanks anyway.  It's working fine now, I just didn't want to pick the "legacy" device that would be removed again
<rosa_> hello...somebody know about amavisd? is using 99% of the CPU...somebody know why could it happen?
<albdum> rosa_ : amavisd is a mail virus scanner....
<albdum> rosa_ : amavis is the name amavisd means the deamon
<rosa_> yes, tahnks..i know that but i do not why is using since yesterday 99% of CPU?
<albdum> There is a known issue with perl-Convert-UUlib that was recently triggered by
<albdum> a mail on one of the ubuntu mailinglists. Which version of uulib do you use?
<albdum> high cpu means that amavis can't finish a process i am guessing that you have spamassassin installed also ?
<albdum> rosa_: if you are having problems with postfix also try rebuilding the amavis database or rebuild it anyway just to make sure i have to go i hope that works...
<rosa_> yes, i have spamassasin
<rosa_> and also i upgrade the last version fro perl
<albdum> i suggest to check amavis database...
<rosa_> how i can check the amavis data base, i mean how i can rebuild that?
<ScottK> albdum: What known issue?  Please point me to the bug.
<rosa_> can be this problem causes by a virus in the network?
<rosa_> yes, please!
<nnull> anyone recommend any good webmin alternatives?
<ball> nnull: learning the command line ;-)
<jtimberman> chef
<jtimberman> (ruby-based configuration management system) :)
<jtimberman> :)
<ScottK> nnull: ebox tends to be somewhat favored here, but I've never used it.
<ScottK> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<nnull> cheers ScottK , i know the command line, but haveto use webmin from time to time as a dread, just looking for some alt's
<uvirtbot`> New bug: #406171 in net-snmp (main) "COUNTER64 broken in NetSNMP::agent" [Undecided,New] https://launchpad.net/bugs/406171
<twb> ebox is what the Ubuntu manual talks about
<twb> I had a quick look at it, and it seems to be about as horrible as all the others.
<nnull> lol yeah im about to try it
<Jeeves_> Hi there
<Jeeves_> ANy Bind maintainers around here? :)
 * ball hides
<Jeeves_> https://www.isc.org/node/474
<Jeeves_> Any clue when a security update will be there?
<kees> Jeeves_: should be out now
<Jeeves_> cool
<Jeeves_> thanks
<_ruben> no mail on -security-announce yet :P
<kees> _ruben: sure there is!  ;)  USNs sometimes lag archive publication a little.
<cef> memtest86+ problem: is the version of memtest86+ that gets installed by default the same as the one in the memtest86+ package? I get an error on an amd64 box when I try and run the default one via grub.
<cef> (using 9.04 server btw)
<cef> never mind. helps if I look at the output from apt/dpkg in the host, and not one of the vm's. :P
<_ruben> hey .. got mail from sec-announce :)
<nnull> *You've got mail!*
<_ruben> lets sync local mirror prior to (trying to) updating my dns servers
<cef> heh.. I'm building new vm's to replace some of our machines.. one of these days they'll get into production.. till then, all I seem to do is upgrade the packages to fix security vuln's
<cef> this morning it was the kernel, now it's bind..  fun fun fun
<mattt> cef: welcome to system administration!
<cef> mattt: I've been doing it since '96.. I'm quite used to it.. it's just very annoying at the moment
<jtimberman> better than having a once a month patch day.
<cef> true true
<rosa_> hi...hi got this error in samba... nsswitch/winbindd_util.c:trustdom_recv(229)
<rosa_> somebody know what is mean?
<twb> Is that an error?
<rosa_> yes, sorry...hi twb, sorry Im crazy...the error is:  Could not receive trustdoms
<uvirtbot`> New bug: #406262 in openipmi (universe) "Please merge openipmi 2.0.16-1(main) from debian unstable(main)" [Undecided,New] https://launchpad.net/bugs/406262
<uvirtbot`> New bug: #406263 in openipmi (universe) "Please merge openipmi 2.0.16-1(main) from debian unstable(main)" [Undecided,Confirmed] https://launchpad.net/bugs/406263
<AnAnt> Hello, can someone help with setting up LDAP service on Ubuntu ?
<AnAnt> is there a wiki doc or so ?
<twb> What LDAP service?
<AnAnt> twb: erm, slapd
<twb> What isn't working?
<AnAnt> I dunno how to set it up, that's why I ask if there's a wiki doc
<_ruben> i think its explained in the server manual?
<AnAnt> in man slapd ?
<twb> Set it up for what?  DNS?
<AnAnt> twb: user authentication
<twb> Ah, libpam_ldap and libnss_ldap.
<AnAnt> twb: aren't those for the client machines ?
<twb> Right.
<kim0> Hi .. I am see'ing traces in google regarding a DRBD pkg, that uses dkms .. is that already released ?
<_ruben> https://help.ubuntu.com/9.04/serverguide/C/network-authentication.html
<twb> Though typically your LDAP server would also be configured as a client machine.
<_ruben> ldap sure is one of many things on my todo list .. wonder if i'll ever get to it :p
<AnAnt> twb: you mean that I add users to the LDAP server via useradd ? then the rest of the clients will be able to see those users?
<twb> I don't think useradd works (waah!) but certainly passwd should
<AnAnt> _ruben: that doc seems useful, thanks !
<rosa_> Hi, Please help...i have 1 week in that...I am gettin this error Not using winbind, requested domain [XXX] was for this SAM
<mattt> rosa_: you should try google'ing these errors, you'd probably have more luck
<rosa_> i tried a lot...but still i can get...
<metalfan_> hi
<metalfan_> sudo tc filter add dev eth2 parent ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action ipt -j MARK --set-mark 1  action mirred egress redirect dev ifb0                   /lib/iptables/libipt_mark.so: cannot open shared object file: No such file or directory                 why does tc or something else search for libipt_mark.so?
<metalfan_> ah crap, my fault
<metalfan_> forgot one tc line before that
<uvirtbot`> New bug: #406276 in munin (universe) "initial munin-node setup misses correct start/stop" [Undecided,New] https://launchpad.net/bugs/406276
<uvirtbot`> New bug: #315591 in openssh (main) "LD_LIBRARY_PATH set in ~/.profile doesn't stick" [Low,New] https://launchpad.net/bugs/315591
<uvirtbot`> New bug: #406303 in php5 (main) "Compiled zip support in PHP 5.2.4 64bit can't open archives with large number of files." [Undecided,New] https://launchpad.net/bugs/406303
<AnAnt> Hello, I think I've successful setup an LDAP server & LDAP authentication now I have a couple of issues:
<AnAnt> 1. when an LDAP user logs in for the first time, the home dir isn't created for him
<AnAnt> 2. LDAP user cannot change his password using passwd
<AnAnt> it just asks for his current password then it terminates saying that his password was changed successfully (although it didn't prompt for new password)
<twb> AnAnt: you need to learn how to drive pam, then
<twb> Re (1), probably pam_mkhomedir
<AnAnt> I just did: sudo pam-auth-update
<twb> I dunno about that
<twb> For the client side, I use auth-client-config lac-thingy
<twb> (Ubuntu 8.04 clients.)
<AnAnt> sudo auth-client-config -t nss -p lac_ldap
<twb> Interesting, pam-auth-update looks to be similar, but not managing libnss
<AnAnt> 2. also needed pam ?
<pmatulis> AnAnt: what doc did you follow and what Ubuntu release are you using?
<AnAnt> 8.10, the doc is https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html
<AnAnt> oops
<AnAnt> I read a doc for a different release
<AnAnt> yet it worked
<AnAnt> gecos field can't be UTF ?
<_ruben> https://help.ubuntu.com/8.10/serverguide/C/network-authentication.html ;)
<refnumzx> I am using dansguardian and trying to setup filtergroups.  I have followed a howto at http://www.opensourcehowto.org/how-to/dansguardian/dansguardian-with-different-filter-groups.html  I am using the dansguardian that is available from the jaunty repository.  Users in groupmode2 and the filtergroups list is setup according to those instructions.  I have also configured the authentication plugins in the main dansguardian configura
<fs_home> hello all
<fs_home> please how i can install openSSH sefver using apt-get? each package name to use?
<AnAnt> openssh-server
<DelphiWorld> AnAnt: ok thanks
<uvirtbot`> New bug: #406360 in likewise-open (main) "menu no longer displays add/remove applications" [Undecided,New] https://launchpad.net/bugs/406360
<ttx> uh
<DelphiWorld> AnAnt: i say that source not found, what's up?
<AnAnt> sudo apt-get install openssh-server
<DelphiWorld> AnAnt: yes, but is saying source not found
<AnAnt> dunno
<refnumzx> I am using dansguardian and trying to setup filtergroups.  I have followed a howto at http://www.opensourcehowto.org/how-to/dansguardian/dansguardian-with-different-filter-groups.html  I am using the dansguardian that is available from the jaunty repository.  Users in groupmode2 and the filtergroups list is setup according to those instructions.  I have also configured the authentication plugins in the main dansguardian configura
<refnumzx> delphiworld: it means your sources.list file is probably either messed up or you need to comment out the cdrom sources.
<DelphiWorld> refnumzx: the cdrom source is commented?
<DelphiWorld> installed, thanks
<AnAnt> ok, I managed the PAM thing (thanks to an IT friend)
<AnAnt> now the passwd change is needed
<pmatulis> AnAnt: let us know of your solution
<AnAnt> in /etc/pam.d/common-auth: session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022
<AnAnt> as for the gecos field I had to edit the schema
 * ball sighs
<AnAnt> replace caseIgnoreIA5Match with caseIgnoreMatch
<AnAnt> now, what's missing is:
<AnAnt> 1. ability for user to change password
<AnAnt> 2. there's GDM login error that the group cannot be set
<AnAnt> 3. how can I give some rights to user X on machine Y (like mounting USB drives,...)
<AnAnt> but the first two are more crucial
<ball> AnAnt: 3) sounds like a job for groups
<ball> Oh, you're doing the PAM thing
<ball> no idea then.
<kirkland> baffle: i actually don't need to play with it...
<kirkland> baffle: i'm just trying to collect a few makes/models
<kirkland> baffle: and, if you could try, run pm-suspend, and then wakeonlan it, to make sure that the s3 works
<ball> I think my firmware's too old for pm-suspend
<ball> It does APM and perhaps ACPI, but not in a way that Ubuntu Server groks
<refnumzx> I am using dansguardian and trying to setup filtergroups.  I have followed a howto at http://www.opensourcehowto.org/how-to/dansguardian/dansguardian-with-different-filter-groups.html  I am using the dansguardian that is available from the jaunty repository.  Users in groupmode2 and the filtergroups list is setup according to those instructions.  I have also configured the authentication plugins in the main dansguardian configura
<ScottK> lamont`: Ping.  I've got a potential BIND regression for you.
<lamont`> meh
<lamont`> what now?
<ScottK> lamont: According to my DNS provider the new BIND release forgot that not all domain names are hostnames, disallowed underscores in domain names (where they are legal) and this was the cause of my domain vanishing of the net last night.
<ScottK> They said it was an upstream issue, so I thought I'd mention it.
<bitprophet> Anyone know of a decent mechanism for trying to shoehorn non-syslogged log files into syslog (outside of doing it by hand, that is)?
<lamont> ScottK: if it's an A RR, then underscores are invalid
<lamont> regardless of component
<ScottK> lamont: The particular use case they broke are TXT records with DKIM selectors.  These are non-hostname domains that are required to be underscored for collision avoidance.
<lamont> right
<ScottK> lamont: Added detail, I think the issue (from the hints the provider was willing to give) may have been related to following a cname that involved an underscore.
<lamont> cnames get into interesting lands
<ScottK> Yep.
 * ScottK has had that particular cname published for two years and this is the first I know of it causing a problem.
<ball> hello bc
<refnumzx> I am using dansguardian and trying to setup filtergroups.  I have followed a howto at http://www.opensourcehowto.org/how-to/dansguardian/dansguardian-with-different-filter-groups.html  I am using the dansguardian that is available from the jaunty repository.  Users in groupmode2 and the filtergroups list is setup according to those instructions.  I have also configured the authentication plugins in the main dansguardian configura
<Sam-I-Am> ScottK: you around?
<ScottK> Sam-I-Am: Vaguely.
<Sam-I-Am> heh
<Sam-I-Am> so... i'm thinking about joining the ubuntu server team
<ScottK> OK
<Sam-I-Am> wondered if theres any specific requirements aside from what i've read on the LP page
<Sam-I-Am> and how i can fit in...
<ScottK> Sam-I-Am: There aren't.  Those of us here who don't work for Canonical are here an a volunteer basis.  We're glad to have anyone help out as the are willing/able.
<ScottK> How you fit in is up to your interests, ability, and time.
<Sam-I-Am> mmkay...
<ivoks> you basicaly do what's of your interest
<ivoks> for example, i don't care about clouds, but i do about clusters - so i work on clusters
<Sam-I-Am> some things i just dont quite know how to get involved in with the big picture... but i do them on the small scale for my employer... like taking recent releases (sometimes from CVS) of openldap and building packages for ubuntu including modifying patches and backporting other stuff.
<ivoks> and email, when i have time :D
<Sam-I-Am> i've been using LP to build and host my packages lately... so others can use my work.
<ScottK> If your changes are generally useful then you should work to get them into the Ubuntu repos.
<Sam-I-Am> also noticed you guys are looking for help writing docs/wikis on centralized authentication and file serving... e.g., openldap+samba+kerberos
<ScottK> Sam-I-Am: Yes.  sommer coordinates most of the docs stuff.
<Sam-I-Am> of course, several (or many) schools of thought exist for configuring all that stuff... so what i do might be different from what others think.
<Sam-I-Am> i get to write detailed docs on how to configure it all for my employer, so i might as well try to get them out to the masses... especially the parts which confuse people the most like... generating certificates.  thats almost 80% of the problems i see in #openldap
<ScottK> Yes.  Please.
<Sam-I-Am> mmkay, just want to make sure i'm heading in the right direction
<mathiaz> ttx: did you see my merge review proposal for cim-schema?
<ttx> mathiaz: I didn't get any notification of it
<ttx> mathiaz: url ?
<mathiaz> ttx: https://code.launchpad.net/ubuntu/+source/cim-schema/
<mathiaz> ttx: https://code.launchpad.net/~mathiaz/ubuntu/karmic/cim-schema/2.22.0-update/+merge/9397
<ttx> will have a look tomorrow
<mathiaz> ttx: so you weren't notified?
<ttx> mathiaz: no
<ttx> gtg, we'll sove that mystery another day :)
<ttx> solve, even
<bobbyw> anyone using skytools on 9.04?
<Sam-I-Am> ScottK: well, i applied for membership
<ScottK> Sam-I-Am: Welcome.
<Sam-I-Am> noticed theres some need for dynamic dns with dhcp docs...
<bobbyw> anyone running postgres on ubuntu with a listen_address?
<Sam-I-Am> ScottK: if you're interested in what i'm packaging... https://launchpad.net/~ionosphere80#ppas
<Sam-I-Am> few backports to hardy... and any required libs... more interesting things are latest releases of openldap bound to gnutls, openssl, and mozilla nss (from cvs head... support isnt in a release yet)
<otacon122> What kind of hardware would I need for Ubuntu 9.04 Server if I run DNS, DHCP, NAT, Firewall, Gateway, routing, remote access, and bandwidth allocation for high-bandwidth-demand devices?  There are five total devices in use on the network that require large amounts of bandwidth and three devices on the network that do not need very much bandwidth, so the server has to also be able to allocate bandwidth between the devices without 
<Sam-I-Am> good question...
<Sam-I-Am> what kind of bandwidth requirements?
<_ruben> define high-bandwidth .. 10Mbps .. 100Mbps .. 10Gbps
<otacon122> High bandwidth meaning LAN Party kind of demand
<otacon122> And online gaming
<Sam-I-Am> lan parties tend to be low bandwidth, high latency tho... unless you get a lot of people.
<Sam-I-Am> er,
<Sam-I-Am> requirements are low latency
<_ruben> low latency :)
<NCommander> kirkland, I"m working on your backport as we speak
<kirkland> NCommander: sweet
<NCommander> kirkland, (sorry on the delay to getting to it, debconf kept me busy)
<Sam-I-Am> _ruben: not enough coffee yet
<_ruben> and indeed, for lan gaming bandwidth doesnt tend to be the limiting factor
<kirkland> NCommander: that libvirt proposed package made it to updates
<otacon122> LAN parties are high-bandwidth low-latency requirements
<NCommander> kirkland, I made one slight change to the debdiff (the versioning scheme for backports is slightly different, we use ~*distro*X vs. another .x)
<otacon122> Online gaming is what puts the most load on my network/internet
<_ruben> depends on the size actually .. which you have given no indication of
<kirkland> NCommander: ah, okay, sorry about that
<kirkland> NCommander: thanks for fixing inline
<NCommander> kirkland, NP, easy to fix, I'll repost the debdiff if I don't have to make any more changes
<kirkland> NCommander: perfect
<_ruben> and still .. "high-bandwidth" doesnt mean shit in the end
<NCommander> kirkland, care to sponsor the upload to intrepid-backports :-)
 * NCommander is somewhat amused how many people will have to touch this single backport
<kirkland> NCommander: sure
<_ruben> some say 1Mbps is high, others see 10Gbps as low bandwidth
<otacon122> there are 8 devices total...Two Mac boxes, an X-Box 360, two Ubuntu boxes, two Windows boxes, and a networked printer
<otacon122> The mac boxes, Ubuntu boxes, and X-Box 360 are all used for online gaming
<kirkland> NCommander: just point me to the debdiff when you have it
<_ruben> 8 devices + online gaming .. not the lan party definition i had in mind :)
<otacon122> The Mac boxes, X-Box 360, and Ubuntu boxes are all on wireless
<_ruben> i'd call it a wan party
<otacon122> ruben, yeah, and that's why I need something that's good at managing bandwidth...I only have 15 megabits available from the ISP
<_ruben> anyways .. a P-200MHz can properly route/firewall a 100Mbps connection from what i recall
<_ruben> managing bandwidth doesnt require power, it requires intelligence
<otacon122> The router, unfortunately, is a hardwired D-Link EBR2310 and it does not have the ability to prioritize traffic based on type or protocol.
<LORDWicho> hi
<LORDWicho> eveypeople
<otacon122> The other problem I'm having is none of the machines on the network can communicate with each other.  My two ubuntu boxes can see and talk to each other, the two Mac boxes can see and talk to each other, and the two Windows boxes can see and talk to each other and the networked printer, but none of them can communicate with the others
<_ruben> define communicate
<otacon122> Well, for example, I can't get my Ubuntu Desktop to even see the Windows machines or access the networked printer
<otacon122> I plan to use Ubuntu Server for routing, but I need it powerful enough to run RIPv2 or OSPF and provide IPv6 support
<otacon122> In addition, I need it to be able to function as a domain controller, run DHCP and DNS, operate as a print server, run NAT and IPTables, operate as the gateway device, and also allocate bandwidth based on application, connection, and/or time of day
<otacon122> I also want to be able to manage the server remotely using SSH
<otacon122> I'm stuck trying to figure out what hardware the server needs...I'm trying to decide between a Kentsfield Intel Core2 Quad with 8GB of RAM or a Prescott P4 with 2GB of RAM
<RoyK> isn't prescott rather ancient?
<otacon122> Prescott is an old Socket 475 3GHz single-core processor
<RoyK> yeah, with the speed of an 1,8GHz xeon these days
<RoyK> or less
<otacon122> The Kentsfield Core2 Quad is 2.4GHz per core, 4 cores total
<RoyK> I was talking per core
<otacon122> Yeah...Kentsfield is 2.4GHz per core
<otacon122> Total of four cores
<RoyK> and the performance is probably 25% higher per core than the old prescott
<madil> hello
<otacon122> Yeah...
<_ruben> both are waay overkill :)
<madil> i need to generate openssl rsa key, i know to use openssl genrsa ecc..
<otacon122> Well, would they be overkill for my needs, though?
<madil> but.. someone can tell to me how to select the primes number for generate it ?
<madil> openssl genrsa -o name_key.pem 4096
<madil> but can i select the primes number for generate it ?
<RoyK> otacon122: for a router, you would need a PIII clocked at 600MHz or so for internet access, perhaps less
<madil> i dont like use random
<otacon122> RoyK, its not JUST going to be a router
<NCommander> kirkland, ready to sponsor?
<NCommander> kirkland, https://bugs.edge.launchpad.net/hardy-backports/+bug/396721
<uvirtbot`> Launchpad bug 396721 in intrepid-backports "backport kvm-84 to hardy and intrepid" [Medium,New]
<RoyK> otacon122: file server?
<kirkland> NCommander: ack
<otacon122> Nope
<RoyK> then what?
<RoyK> web server?
<otacon122> Its got to handle the high demands of online gaming and video streaming
<NCommander> kirkland, I kinda want to wait for intrepid to go through and make sure we haven't broken the world before we backport to hardy if its all the same to you
<madil> kirkland: can you help me ?
<kirkland> NCommander: sounds fine to me
<RoyK> otacon122: in terms of routing, or are you going to serve the video streaming from that that box?
<RoyK> routing traffic is the same whatever the traffic
<madil> NCommander: ?
<otacon122> The video streaming will be from the internet, and the routing will be either OSPF or RIPv2, both of which require a lot of router processing power
<RoyK> not a lot
<RoyK> both are quite cpu cheap
<RoyK> I wouldn't use RIP if I were you
<otacon122> Well, I need at least one of those because of the online gaming and video streaming
<RoyK> how lare is the network?
<RoyK> how large, even
<madil> hey........
<otacon122> Its got two mac boxes, two Ubuntu Boxes, an X-Box 360, two Windows boxes, and a networked Printer, with the macs, ubuntu boxes, and X-Box 360 all being used for online gaming and/or video streaming
<madil> ..............
<madil> ....................................
<kirkland> madil: what is your issue
<otacon122> The mac boxes, ubuntu boxes, and X-Box 360 are all on wireless
<madil> kirkland: i need to generate rsakey for openssl
<RoyK> otacon122: then why do you need RIP or OSPF? that box can just be set as the default gateway, no routing protocols needed
<madil> but i like specify the primes numbers to use..
<kirkland> madil: http://manpages.ubuntu.com/manpages/karmic/en/man1/openssl.1ssl.html
<otacon122> RoyK, I need RIPv2 or OSPF to help manage the high bandwidth demand
<RoyK> they won't help you
<madil> kirkland: do not find the solutions.. i know the manpage.
<RoyK> they are routing protocols
<otacon122> The online gaming and video streaming need low-latency, high-QoS connections, and OSPF provides those
<RoyK> how many wan connections do you have?
<kirkland> madil: i'm sorry, i don't know anything else beyond that
<uvirtbot`> New bug: #406524 in samba (main) "poop" [Undecided,New] https://launchpad.net/bugs/406524
<madil> kirkland: i need to use openssl genrsa  scifting the primes number to use, do not like use pseudo-random functions.
<otacon122> The only WAN connection on the network is used for internet access, and the bandwidth the ISP is giving us is only 15 megabits per second
<RoyK> otacon122: are you connecting a LAN to the internet with one connection?
<RoyK> then you won't need any routing protocols
<otacon122> The gateway router is a D-Link EBR2310 and it is the sole connection between WAN and LAN
<RoyK> so long as the ISP isn't peering with you on BGP or anything, but then you'd have more than one connection
<RoyK> otacon122: forget about those routing protocols - they're not for home use
<otacon122> Well, the problem with RIPv1 is it has zero fault tolerance for routing loops
<kirkland> NCommander: got distracted ... okay, i'm on it now
<RoyK> otacon122: well, you have only one router, right?
<otacon122> and its a classful routing protocol meaning all IP addresses on the network have to be on the same subnet or else it won't route between subnets
<otacon122> Right now as it sits, there are two subnets on this network
<RoyK> how many subnets do you have?
<otacon122> A standard class C subnet and a 255.255.255.240 subnet
<RoyK> and those subnets all have a common router?
<otacon122> No...The 240 subnet has its own router so that I can have internet access...I can't get internet access without the router unless I go back to a /24 subnet
<otacon122> That's the problem with RIPv1 is it cannot route between subnets
<otacon122> That's why I want RIPv2 or OSPF, as both of those do not look at the subnet mask when routing
<otacon122> Unfortunately, both RIPv2 and OSPF require more resources than RIPv1
<kirkland> NCommander: i think your patch is reversed
<RoyK> erm
<RoyK> otacon122:
<RoyK> please explain your setup
<kirkland> NCommander: http://launchpadlibrarian.net/29673257/kvm.debdiff
<NCommander> kirkland, er, oops
<RoyK> I doubt you need a routing protocol
<kirkland> NCommander: throw up a new one, just for clarity
<RoyK> you just need a common gateway
<NCommander> kirkland, yeah, sorry about that
<kirkland> NCommander: no worries... bash globbing * got you?
<NCommander> kirkland, lack of sleep got me
<otacon122> Well, the gateway router, two Windows boxes, and networked printer are all downstairs with the cable modem and are all hardwired.  The router is connected through a wall circuit to the upstairs wireless router, which both of my computers connect to on a /27 subnet, then that router connects to a switch which then is connected to a Linksys access point that the Mac boxes and X-Box 360 connect to
<NCommander> kirkland, reuploaded
<otacon122> All the wireless devices require large amounts of bandwidth for online gaming and/or video streaming, so these machines regularly push the limits of the wireless' capabilities
<otacon122> Unfortunately, there is no possible way to hardwire everything without causing a hazard
<RoyK> otacon122: no routing protocol will help you, but this might http://lartc.org/
<otacon122> That doesn't help...I don't see anything on that site that talks about Linux Advanced Routing...
<RoyK> it's not about routing
<RoyK> it's about traffic control
<otacon122> I shouldn't have to download anything to get that information
<RoyK> well, whatever
<RoyK> I'm just trying to help, ok?
<otacon122> I know...
<otacon122> Basically, I need to know what hardware in the server will be able to handle the high bandwidth demands of my network without issues and still be able to do DHCP, DNS, routing, remote access, NAT, firewall, gateway, and domain controller functions
<RoyK> but you won't get traffic control with RIP or OSPF or something like that
<otacon122> That's not why I intend to use them
<otacon122> I know all about routing protocols
<RoyK> very little hardware will be required for that
<cmelo> Whats the deal with this Bind bug?
<otacon122> I intend to use OSPF or RIPv2 for the redundancy and error correction they provide
<RoyK> cmelo: just a DoS
<cmelo> ahh
<cmelo> thanks
<otacon122> And for the fact they can route between subnets
<cmelo> I see there is a patch - I will be busy for the afternoon :)
<RoyK> otacon122: go on, try, please, I'd stick to a gateway in the middle doing the routing. There is no redundancy in your network anyway, so why bother?
<otacon122> RoyK, well, I don't think you understand
<otacon122> I need the QoS and reliability of the connection to be as high as possible continually because of the online gaming and video streaming
<RoyK> yes
<RoyK> and that is traffic control
<RoyK> not routing
<kirkland> NCommander: looks better
<RoyK> routing is about getting a package the right way
<otacon122> rrrr...You're not reading my statements very well
<kirkland> NCommander: can you do the libvirt one too for intrepid?
<RoyK> yes, I am
<RoyK> QoS is traffic control, not routing
<kirkland> NCommander: these really should be uploaded together
<NCommander> kirkland, libvirt also needs a backport?
 * NCommander must have missed that
<kirkland> NCommander: yes, assigned you the bug
<otacon122> I said the reason I plan to use RIPv2 and OSPF is because they can route between subnets and they have error correction methods built in to prevent routing loops
<kirkland> NCommander: https://bugs.launchpad.net/bugs/404060
<uvirtbot`> Launchpad bug 404060 in intrepid-backports "backport libvirt to hardy and intrepid" [Undecided,New]
<otacon122> The traffic control will be provided by a third-party program like Twinkle
<kirkland> NCommander: kvm uploaded to intrepid-backports
<RoyK> otacon122: you do not need routing protocols for such a small network
<otacon122> You don't understand...Just...nevermind
 * RoyK thinks otacon122 doesn't understand much about routing
<NCommander> kirkland, let me look at that
<kirkland> NCommander: thanks
<otacon122> The routing protocols aren't going to be for traffic control.  They're only going to be used because they can route between subnets and for the error correction they have built-in to prevent routing loops.  A third party program like Twinkle will provide the traffic control and Samba will take over the other duties
<NCommander> This is an automatic backport
<NCommander> kirkland, there are no changes, I'll simply file a normal request, and an archive admin will do it
<kirkland> NCommander: no changes for intrepid
<kirkland> NCommander: there are for hardy
<NCommander> kirkland, right
<otacon122> OSPF is my preference because it automatically chooses the line with the lowest latency first
<NCommander> kirkland, ACK'ed
<kirkland> NCommander: thanks
<RoyK> OSPF is a link state protocol, not vector state
<otacon122> OSPF looks at the latency of the line, or lines that have little traffic
<otacon122> It chooses the least-congested routes first
<RoyK> wtf does that matter so long as you only have one wan connection?
<otacon122> Well, RIPv2 is another one I like because it functions just like RIPv1 but has countermeasures built in against routing loops
<otacon122> And RIPv2 can route between subnets, unlike RIPv1
<otacon122> Another issue I have is the wireless...The wireless access point and router both do not provide CSMA/CD functionality
<otacon122> Anyway, other than those, my main concern is how much processing power Twinkle needs to handle the bandwidth demands of the network
<otacon122> I know Samba can work very well on a 486 and 128MB of RAM, but I'm more concerned with how much CPU and RAM resources Twinkle would need because of the high demands
<otacon122> Samba will take care of the DNS, DCHP, print server, NAT, Gateway, and Firewall duties.  Twinkle will take care of the traffic control, and therefor needs to be able to handle the high bandwidth demands, and then I'll need routing functionality as well
<Jare> I don't understand, why are you trying to do so complicated system for a simple network. I would just put an old pc with pfsense (or similar) between wan/lan and a gigabit switch for lan.
<otacon122> Jare, its because nobody is answering my question...I thought it would be a simple answer that would take less than 30 seconds
<otacon122> I need something capable of handling high bandwidth demands because of online gaming and video streaming/torrents
<otacon122> My original question was what hardware would the server need to be able to handle the demands of online gaming and video streaming or torrents and still provide DNS, DHCP, routing, NAT, gateway, firewall, and print server functionality without issues
<otacon122> Samba will take care of the DNS, DHCP, NAT, gateway, firewall, and print server duties and Twinkle will be used for traffic control
<otacon122> I should not need to give the entire network topology to get an answer to that question
<otacon122> Its not as simple as it seems, either.  I can't just drop a gigabit NIC card in a 486 machine and expect it to be able to handle having 30 megabits per second thrown at it constantly
<otacon122> Something has to process all that data, and a 486 is nowhere near capable
<pmatulis> so use a better machine.  are you asking what machine to buy?
<otacon122> I'm asking what hardware...Like, how powerful the CPU should be and how much RAM the server needs
<pmatulis> nobody knows, set up a test box
<otacon122> I already have an idea of two different configs, but I don't know which of the two would do the job...I have a choice between a 3GHz single-core Pentium 4 or a 2.4GHz quad-core CPU and either 2GB or 8GB of RAM
<genii> otacon122: I recently set up a p3 733 machine with 256Mb which handles traffic for 18-22 inside boxes and it never gets over 5% usage
<otacon122> genii, yeah, but do you do a lot of online gaming and stuff?
<genii> (this is with 2 boxes streaming video 24/7  )
<otacon122> Because that's going to be the determining factor in the hardware I need is the bandwidth load and the processing power to manage the bandwidth
<otacon122> The total bandwidth demand at any given time is around 30 megabits per second
<otacon122> It peaks at 55 megabits per second
<genii> otacon122: It's for an internet tv station. So they have 2 video streams out 24 hrs a day. Also they use incoming voip connections to interview guests (sometimes conferencing up to a dozen of them)
<otacon122> So the P4 with 2GB of RAM, a terabyte hard drive and a gigabit NIC card would work?
<genii> That would be more than adequate, yes
<otacon122> ok...
<otacon122> Thanks
<Jare> now i don't understand, where the hell is he going to need that much power for the use he explained
<Jare> whatever
<genii> Jare: A p3 class box would do fine for him, I'm sure. But people like to go overkill
<leonel> Django 1.1  is now on Debian unstable ..  any eta to get it merged to  karmic ?
<Jare> genii: yeah, and at the same time people are completely okay with their branded home routers :)
<genii> Which are usually some kind of ARM cpu
<Jare> yes, they are usually ARMs around 200MHz with <32MB of ram and software is optimized for that use. I wonder, what would happen if someone told that to them...
<Sam-I-Am> trying to get the ball rolling for merging openldap 2.4.17 into karmic
<otacon122> genii, you still here?
<ivoks> so, php lead developer is looking for a new job
<Sam-I-Am> hmm?
<ivoks> yahoo! is, basicaly, now part of microsoft
<Sam-I-Am> oh boy
<Sam-I-Am> when did that happen?
<otacon122> Anyone know how effective Quagga is at routing for small networks (10 devices)?
<ivoks> Sam-I-Am: http://news.bbc.co.uk/2/hi/business/8174763.stm
<zul_> ivoks: eh?
<Sam-I-Am> ick
<Sam-I-Am> whats php have to do with yahoo again?
<ivoks> Sam-I-Am: it's one of lead contributors to php
<zul_> die php die!
<ivoks> Sam-I-Am: it's employing Rasmus
<ivoks> well, php probably won't die :)
<ivoks> but it should :D
<otacon122> ivoks, its too bad geeks like myself aren't in demand anymore...I got my A+ certification with remote support designation recently but its impossible to find a job that will take the certification
<otacon122> Funny thing was, I scored higher on the remote support technician exam than I did on the A+ Essentials exam
<genii> otacon122: Still here, yes. Apologies on lag, work required me
<otacon122> genii, is Quagga a good routing program for small networks like mine?
<ivoks> i had high opinion about certification
<Sam-I-Am> otacon122: lots of certs went by the wayside once people realized they could just blast away at them without really learning anything
<ivoks> then i got certified
<ivoks> :)
<otacon122> I've been dealing with computers since the Tandy 1000/Commodore 64 days
<Sam-I-Am> in #cisco i routinely see people just begging for answers to practice test questions... not really interested in why.
<otacon122> I can design and build computers for pretty much any purpose even in my sleep
<genii> otacon122: I just looked at the quagga site to get an idea. It looks fine
<ivoks> otacon122: then start your own company
<otacon122> ivoks, I'm trying...I posted fliers up and everything...No responses yet, though
<Sam-I-Am> otacon122: how old are you?
<ivoks> sacrifice and patients are first steps when starting company
<otacon122> 25...I'll be 26 in october
<Sam-I-Am> and money!
<Sam-I-Am> otacon122: did you go to college?
<otacon122> Yeah...Most of my computer skills are self-taught but I went to school for the more advanced stuff like WAN configuration, routing, network security, and VLANs
<otacon122> In school, I learned how to set up and configure wide-area networks, I learned all about routing, NAT and hardware firewall configuration, VLANs and Inter-VLAN routing, and network security
<Sam-I-Am> ok...
<otacon122> I could tell you everything you ever wanted to know about setting up and configuring Cisco routers and Cisco PIX firewalls
<Sam-I-Am> how about getting kerberos working :)
<Sam-I-Am> on cisco...
<otacon122> lol...Not that...I'm talking about CLI configuration stuff
<otacon122> You give me a cisco router and I can write every command needed to get your network functional
<otacon122> I can work on RIPv1, RIPv2, EIGRP, and OSPF, but I specialize in EIGRP
<Sam-I-Am> any linux experience?
<otacon122> I'm using Ubuntu 9.04 Jaunty full-time and have been for almost two months now
<otacon122> Before that, I was a Windows fanboy
<otacon122> Been with Windows since the Windows 3.1/MS-DOS days
<otacon122> Worked on Windows 3.0/3.1, Windows 95, Windows 98, Windows XP, Windows Vista, and Windows Server 2003
<otacon122> Only thing I can't do is set up and configure DNS or DHCP
<Sam-I-Am> in windows or linux?
<otacon122> Windows...And I only briefly touched on Windows Active Directory
<otacon122> I can do users/groups and get domain controllers to talk to each other, but I can't do any of the more advanced AD stuff
<otacon122> I'm still a Linux n00b, so I am not able to use Linux in a corporate environment
<Sam-I-Am> well, getting good at it gives you more geek creds
<otacon122> Yeah, I know...That's one reason I decided to start using it full time
<otacon122> The other reason is because I got tired of having to constantly upgrade just to meet the demands Windows Vista places on machines
<otacon122> Too much money being spent on the damn computer because of Vista's ever-increasing demand for resources
<Sam-I-Am> i'm about opposite of you... way more linux than windows.
<otacon122> Yeah...These days, having experience with both is a huge plus
<otacon122> Funny thing is, a lot of people think Linux is hard to learn
<otacon122> But its really easy if you find the right distro
<otacon122> Heck, my 50 year old father was able to learn Ubuntu without ever asking for help...Mind you, I let him use my laptop for it, which was already fully configured, but you get my point
<otacon122> Only thing I am still a n00b at is doing command line stuff in Linux...I have to learn it for BackTrack 3, but in Ubuntu most of everything I want to do can be done through the GUI
<Sam-I-Am> i'm not much of a gui person
<otacon122> That's the problem with going from Windows to Linux
<otacon122> You're too addicted to having the GUI available that its hard to learn CLI
<Sam-I-Am> i think it depends a lot on where you start... if you started on CLI like me, you tend to gravitate towards CLI.
<otacon122> Yeah...I mostly did GUI stuff...I never did do command line because my specialty is hardware, not software, so I never had to use the command line to configure hardware
<otacon122> Except when I was working on the cisco stuff in school, then it was nothing but command line
<otacon122> A bunch of horror stories came from that...One instructor talked about how he got called up in the middle of the night to fix a Cisco router that went apeshit and when he got there, he typed "Copy Run Start" instead of "Copy Start Run" and completely erased every setting the company needed
<Vog> Sounds liek a good reason why he's a instructor and no longer an admin...
<Vog> Those who can... do those who can't... etc...
<otacon122> Another one was all conspiracy theorist..."I don't believe in 'political correctness'.  'Political Correctness' is politicians and media who make you think it is entirely possible to pick up a turd from the clean end"
<otacon122> My response: "There is no clean end to a turd" and he said "That's my point.  Political Correctness doesn't exist"
<otacon122> A third instructor was a huge Star Wars fan...Every other word out of his mouth had something to do with Star Wars
<otacon122> I decided to come to class wearing a shirt that says "Come to the Dark Side.  We have cookies." and he just looked at me with that "you're crazy" look and said "The prince of Insufficient Light.  Sit down and get to work."
<otacon122> Another shirt I like wearing simply has a picture of all the different heads of a screw driver and says "I void warranties"
<otacon122> I wear that shirt when I have to go fix people's computers because I never use parts from the manufacturer...Takes too damn long to wait for the part to arrive
<otacon122> And most companies these days don't have a supply closet full of spare parts.  I have to carry an entire 100 square foot supply closet in a small 5 square foot tool box
<otacon122> On days where I'm out and about, either running errands or just haunting the local tourist traps, I wear a shirt that says "Wardriver"
<otacon122> True geeks have so many spare parts laying around it would make museums jealous
<otacon122> They're also packrats...If there's a place to put something, they'll find it
<otacon122> Any available space gets used...Hallways, counters, closets, you name it, they'll use it for storage
<otacon122> Those are the kind of geeks who will have a minifridge, microwave, and boxes upon boxes of Bawls caffeine drinks in their cubicle
<otacon122> Then you have the kind of geeks who are so obsessed about security they won't work at all unless their workspace is a hardened panic room with top-of-the-line security systems
<Sam-I-Am> heh
<otacon122> So, yeah...You can tell what kind of skills I have with computers
<otacon122> I'm hoping I can find a job soon...Or that people start responding to the fliers I posted for the computer company I started
<otacon122> My plan is once I get a source of income, build myself a good server and use it as the gateway device then see if the ISP will let me buy and use my own cable modem
<otacon122> Here's the website to my computer company if anyone is interested: http://nainescomputerconsulting.webs.com/
<otacon122> One thing I forgot to add to the website is I do offer custom-built computers...You tell me what its intended use will be and give me your budget and I'll get the best tech available within that price range
<otacon122> I can build heavy-duty backbone servers for around $1,500 or heavy-duty workstations for $900
<otacon122> For example, you give me $1,500 and tell me you need a server to function as a domain controller for a large network or to manage wide-area networks and I'll build you a quad-core system with 8GB of RAM in a case that's not much bigger than a child's lunch box.  The fact I use standard off-the-shelf parts means repair and maintenance is no fuss
<otacon122> I'd come back with the server built and ready for an operating system and I'd hand you the server and about $15 in change
<otacon122> And that would include an uninterruptible power supply that can run the server for up to 140 minutes on a full charge
<otacon122> Two hours should be more than sufficient to get the work you're doing finished and everything saved and uploaded to the server before the server shuts down
<otacon122> The $900 workstations come in the same size case, but instead of a quad core and 8GB of RAM I throw in a dual-core with 4GB of RAM and you don't get the uninterruptible power supply or the PCI Express gigabit adapter
<otacon122> Other than that, I use the same motherboard and same size hard drive
<Sam-I-Am> have you considered redundancy?
<otacon122> That's why I get a UPS system with the server...That way if the power goes out the server won't crash
<Sam-I-Am> and what if the server dies?
<Sam-I-Am> i dont run one of anything when it comes to network services
<otacon122> Yeah...With as cheap as my servers are, its easy to afford more than one
<otacon122> You could get three of them for about the same price you'd pay for a similarly-equipped Dell PowerEdge server
<otacon122> That's one way I deal with redundancy.  The other way is with the UPS system, and the third way is by using standard off-the-shelf parts.  If a part on the server dies, just raid the supply closet if you have one and drop a spare part in and its back up and running
<otacon122> Designed that way intentionally to make maintenance and repair as no-fuss as possible
<otacon122> A quad-core Dell PowerEdge server with 8GB of RAM would easily run you at least $5,000 and you'd have to deal with either proprietary parts or parts that you can only buy from Dell.  You could get three of my servers for around $4,500 and they'd all use standard off-the-shelf parts so that if anything crashes the downtime would be in minutes instead of hours or days
<otacon122> The server itself would come with a single 1TB hard drive, an optical drive, and a PCI Express x4 two-port Gigabit NIC card in addition to the onboard 10/100 NIC card
<otacon122> It would have the capability of running two more External Serial ATA hard drives or multiple USB hard drives
<otacon122> All you'd need is an adapter that mounts in one of the rear slots and converts the onboard SATA ports into eSATA ports
<otacon122> The two eSATA ports can then be used for backups...Have two eSATA hard drives running at the same time to receive the backup and the backups would be so fast that it would only take maybe 2 hours to back up a full 1 terabyte drive
<otacon122> You use a tape drive and that process could take 10 hours or more
<otacon122> Alternately, the motherboard supports PXEBoot and booting from a USB drive in addition to the normal boot options
<otacon122> Easiest configuration for these servers is to use the onboard 10/100 NIC card to connect to the internet or wide-area network and the gigabit ports for the internal network, then running SSH to manage the server remotely.
<otacon122> Their small size would allow you to tuck them away in a dark corner and wire them up that way, or if you need many of them for backbone duties, you could fit 50 of them in a small utility closet
<otacon122> Plus, that small size serves another purpose - it means you do not need a dedicated HVAC system to keep them cool
<otacon122> Save yourself some money on utility bills that way
<otacon122> In addition, that small size means they'd be extremely quiet compared to a Dell PowerEdge server
<otacon122> Put simply, these servers are small enough and quiet enough you won't need a dedicated server room for them
<Sam-I-Am> well, we dont do sales here... only support for ubuntu server.
<otacon122> Yeah, I know...
<otacon122> I'm just saying, I know enough about servers to build them myself
<otacon122> and I can build them for any purpose
<otacon122> All this information was about the computer company I started up, but unfortunately I haven't had any contacts yet
<otacon122> With the way the economy is, though, I'm not surprised
<otacon122> Many people these days are resorting to DIY computer repair projects or they outsource all their tech support
<otacon122> Anyway, I need to get going...Dinnertime
<altf2o> hey all quick question. Postfix is running great, however when i view my mail (mail) it dumps it to /home/uid/mbox. I use an email client from my Desktop sometimes and would like it to stay in /var/mail/uid , anyway i can have it automatically stay? Or kick it back if i happen to SSH in and read it?
<infinity> Don't read you mail with mail(1) would be my suggestion.
<infinity> mutt's nice.
<altf2o> hmm, ok, let me look at that.
<altf2o> cool, that's much nicer cmd line interface, thanks...
#ubuntu-server 2009-07-30
<artillerytx> Hey guys for some reason i keep getting this error sent to my e-mail - http://ubuntu.pastebin.com/m167e03fe
<artillerytx> how can i get rid of it
<sanmarcos> is there a tool to redetect hardware ?
<joejc> i have a stupid question: if u all have servers why is no one seeding the torrent
<sanmarcos> joejc: bandwith isnt free
<sanmarcos> most poeple dont seed
<joejc> im not asking for 100% but maybe like 1kbps from everyone
<joejc> most torrents with no seeders suk is that true for ubuntu server?
<joejc> if ubuntu server isnt worth ur time(to respond to me) or ur bandwidth(to seed) why tf are 187 people here?
<qman__> the torrents are most effective right around release time
<qman__> the rest of the time, the http mirrors are fast, so most people don't seed the torrents
<joejc> torrents = 100% guarantee of perfection, i dont like checking md5s
<sanmarcos> joejc: yep
<sanmarcos> but burning a DVD gave me failed verification don't know why
<sanmarcos> stilled used the DVD
<joejc> i use usb
<joejc> i like perfection
<joejc> failure is for the week
<joejc> perfection is for the weekend and my time off XD
<PsycoGeek> Hi. Do some of you got errors like these on Ubuntu 9.04 AMD64 ? [13653.179309] cron[24381]: segfault at 23fffffff0 ip 00007f715cddda7a sp 00007fff665e7ae0 error 4 in libtalloc.so.1.2.0[7f715cdd8000+8000]
<twb> So has anybody moved their Windows AD server into KVM?
<PsycoGeek> sad
<uvirtbot`> New bug: #406698 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/406698
<uvirtbot`> New bug: #406707 in lsb (main) "lsb_release closed unexpectedly (dup-of: 383697)" [Undecided,New] https://launchpad.net/bugs/406707
<Sandra_> hi...
 * genii makes more coffee
<Sandra_> i have problems to run dpkg-reconfigure libpam-ldap ...doesn't do nothing...somebody know about this problem?
<ball> I mustn't drink coffee right now.
<ball> That would be a recipe for disaster ;-)
<twb> Sandra_: you need ldap-auth-config
<twb> aptitude install ldap-auth-config ldap-utils
<twb> auth-client-config -a -p lac_ldap
<Sandra_> thanks, i got that, but i dont know if nss and pam is running...when i try to config with dpkg-reconfigure libpam-ldap, does not show me nothing
<Sandra_> how i can know if is working and configurate again?
<Sandra_> hi twb, the second command hwt is for?. I got error Error in creating temporary file
<twb> Sandra_: are you root?
<Sandra_> yes
 * genii shivers
<twb> I dunno, then
<Sandra_> hi, i delete pam and nss, but when i try to install again it look like is installed but does not create the files and forldes pam.d...How I can reinstall completelly pam and nss?
<ScottK> purge, don't remove.  If you just remove a package it leaves the config files.  If you remove them by hand, it assumes you don't want them anymore.
<Sandra_> tahnks, i will try again with purge and then re-install
<artillerytx> someone was telling me that there are some UPC management tools built into ubuntu server already
<artillerytx> UPS
<artillerytx> whichever
<Sandra_> whow...now i got something worst ...i try to access like root or my account and i got PAM critical error
<Sandra_> i can not access to the server now, maybe is because i deleted the pam.d folder?
<Sandra_> how i can recover it now?
<twb> You deleted pam.d?
<twb> That's about the dumbest thing you can do
<Sandra_> can I recover a folder deleted with rm?
<twb> By reinstalling your OS, or by restoring from the backups that you make every morning
<twb> artillerytx: nut is the tool typically used to talk to a UPS from unix
<artillerytx> twb: oh okay a
<Sandra_> i dont have backup from the OS
<twb> Sandra_: then you have learnt an important lesson about the value of backups
<Sandra_> but i suppose there is some way to recover it or i can access to the sistem in someway, i have problme with the AM password
<Sandra_> PAM
<mattt> Sandra_: what you trying to do?  why did you remove pam?
<Sandra_> because I tried to reconfigure with dpkg and i couln't so i though if i desinstall that I could install and confgure properly :S
<Sandra_> sorry i was disconected
<Timmy2Tall> waddup bitches
<Sandra_> im getting this error pam_start() failed, error 26 ..somebody kow how recover it?
<_21h_> hi all
<_21h_> i have trouble with dhcp3-server
<_21h_> client discovering dhcp server, server offering ip, client requesting and no DHCPACK as reply
<twb> You mean DHCPDISCOVER (from client), DHCPRESPONSE (from server), followed by a DHCPREQUEST (from client)?
<_21h_> yes
<_21h_> there no DHCPACK after DHCPREQUEST
<_21h_> client just requesting ip again
<_21h_> DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
<_21h_> DHCPOFFER of 172.16.0.99 from 172.16.0.1
<_21h_> DHCPREQUEST of 172.16.0.99 on eth0 to 255.255.255.255 port 67
<_21h_> DHCPREQUEST of 172.16.0.99 on eth0 to 255.255.255.255 port 67
<_21h_> and this again again again...
<twb> There is not supposed to be a DHCPREQUEST
<twb> It indicates that your client is refusing to use the IP allocated to it by DHCPOFFER
<_21h_> Client-Ethernet-Address 00:14:2a:aa:25:44 (oui Unknown) [|bootp]
<_21h_> 17:33:38.009594 IP (tos 0x10, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 328) 172.16.0.1.bootps > 172.16.0.95.bootpc: BOOTP/DHCP, Reply, length 300, xid 0x3b5f3bbd, Flags [none]
<_21h_>    Your-IP 172.16.0.95
<_21h_>    Server-IP 172.16.0.1
<_21h_> i think its reply to client
<twb> Actually... the fact that it's DHCPREQUESTING with .99 is weird.
<twb> Maybe your lease time is ridiculously small?
<_21h_> 7000
<twb> seconds?
<_21h_> its max-lease-time
<_21h_> default-lease-time 600
<twb> Well, I'm out of idea
<twb> *ideas.
<twb> Try hassling the ISC people in their channel?
<_21h_> say their channel
<twb> I've no idea what it is
<_21h_> :)
<_21h_> i found problem
<_21h_> disk full
<ttx> heh
<twb> Ha
<twb> I hate that
<twb> Like one time I had a RHEL box take 30 minutes to boot -- turned out that the actual problem was that /etc/sysconfig/network/thingy-eth0 was owned by a user that didn't exist anymore
<twb> And the start scripts tried to use ls programmatically (stupid), which resulted in it being stat(2)ed, which resulted in libnss trying to talk to an LDAP server on the network that wasn't up yet, and taking ages to time out (due to hard binding).
<quizme> i am using an image from Canonical, which replaces vi with vim.  How can i change back to classic vi ?
<pmatulis> quizme: an 'image'?
<Viltapi> try removing vi and vim with apt-get and then install vi again?
<quizme> pmatulis nm
<quizme> apt-get remove vi vim; apt-get install vi  ?
<Viltapi> quizme: yeah that's what i would do
<quizme> viltapi: it's not finding vi as package
<Viltapi> quizme: what about that vim which you installed?
<twb> quizme: vim is the default vi implementation on Ubuntu
<twb> quizme: you can install nvi, and make vi a symlink to it using update-alternatives(8)
<quizme> i hate vim
<twb> You could also install busybox and alias vi to "busybox vi"
<quizme> nvi...
<quizme> what's busybox ?
<twb> quizme: use "apt-cache show busybox" to find out.
<Bilge> Imagine using vi to edit documents
<twb> I use ed.
<Bilge> The year is 2009
<quizme> twb: that did it.  .  nvi rules
<twb> vi is for wankers with expensive glass ttys
<Bilge> Cool story bro
<quizme> hehe
<quizme> I use vi to edit Microsoft Word documents
<quizme> j/k
<pmatulis> quizme: vi can do more than vim?  why do you want to remove it?
<quizme> pmatulis: i don't like learning new things.
<quizme> pmatulis: actually, i was having trouble with indentation with vim.... i'm just not used to it.
 * pmatulis thought vim is entirely backwards compatible with vi
<quizme> pmatulis: when i pasted text into vim, it added an extra couple of spaces each line.  so my text ended up being indented along a diagonal...
<pmatulis> k, i've had that happen too
<pmatulis> but i didn't think it was vim-specific
<pmatulis> quizme: http://vim.wikia.com/wiki/Toggle_auto-indenting_for_code_paste
<pmatulis> just a simple matter really, thanks for the tip!
<quizme> :pmatulis: thanks
<stas> hi guys, anyone's using zfs on fuse?
<juxta> I'm seeing some weird modprobe lines in my syslog periodically, I'm trying to work out what might be causing them. I've pastebinned them here http://pastebin.com/d36f2ca54. I don't use xen at all, so I'm trying to work out what might be trying to load that module...
<refnumzx> i am getting a [ 3660.842831] dansguardian[16216]: segfault at a7 ip b7d5c5eb sp bfec58bc error 4 in libc-2.9.so[b7ce5000+15c000] from dansguardian in jaunty. anyone know how to fix this?
<ScottK> refnumzx: What version of dansguardian and what version of libclamav do you have installed?
<refnumzx> i have the version that shipped with jaunty. nothing custom.
<refnumzx> dansguardian 2.9.9.7 and liclamav5? not sure how to check for that
<refnumzx> libclamav6.
<refnumzx> i'd really like to try and run the 2.10 series. but i can't get it to compile, nor can i find deb for it.
<\sh> hmm...which version of drbd is being used 0.7 or 0.8? (regarding the kernel modul)
<\sh> (add: jaunty here)
<\sh> ok...version 8
<refnumzx> so i am trying to compile dansguardian.  libpcre doesn't seem to be available. during configure. and apt-cache search doesn't revewal anything promising. ideas?
<mathiaz> ttx: hey
<mathiaz> ttx: thanks for reviewing my cim-schema merge
<ttx> mathiaz: np
<Kira> Has a recent security update disabled dynamic SSH tunnel by default?
<mathiaz> ttx: I'd like to do that kind of practive more often.
<mathiaz> ttx: I've got another package lined up (sblim-cmpi-base) - can I ask you to review the update too?
<Kira> I have a Jaunty server at a data center and I connect to it though SSH, using the -D option so I can use it as a SOCKS5 proxy. It's been working almost flawlessly in the past, but I keep getting "open failed: administratively prohibited: open failed" today, since I applied some updates.
<Kira> I'm starting to suspect that the Great Firewall of China has defeated SSH tunneling.
<refnumzx> heh. al i need is for dansguardian to work on jaunty. other then that. china can firewall all it wants.
<Kira> What's dansguardian?
<refnumzx> a web content filter.
<Kira> seriously, something is messed up.
<refnumzx> i know it keeps segfaulting on me. like crazy
<Kira> Has my SSH keys been cracked or what...
<refnumzx> what is happening with your connection?
<Kira> My SSH session works find as long as I don't make a tunneled http request.
<refnumzx> what happens then?
<Kira> as soon as my web browser makes an http request, which is supposed to be tunneled through my SSH session, my SSH session becomes unresponsive to keyboard input, until the http request is declared timed-out by the web browser + about one minute of idle time.
<Kira> at which point I see messages like "channel 3: open failed: administratively prohibited: open failed" in my SSH session.
<Kira> Which makes me wonder if the connection is being prohibited at my local machine or at the Ubuntu server.
<refnumzx> kira: have you changed hostnames or usernames or something. might be a possibiity.
<Kira> refnumzx: switching hostname seems to work
<Kira> (there are two domain names pointing to my server)
<Kira> work... not
<refnumzx> ah. well, glad it worked.
<Kira> I get SOME responsiveness and tunneled traffic.
<Kira> but it's really slow.
<refnumzx> i duno about speed. if the connections works, ssh tunneling works.
<Kira> Has the Great Firewall gained some deep packet inspection capability so advanced that it can guess tunneled http traffic without cracking the keys?
<Kira> (theoretically, it should be nonsense, I know)
<refnumzx> uh. no idea.
<refnumzx> i saw a bug report about dansguardian, and a release was supposedly fixed.  release. but i can't find the appropriate deb files.
<refnumzx> ideas? compiling latest dansguardian is beyond my skil.
<uvirtbot`> New bug: #406987 in lsb (main) "lsb_release crashed with ImportError in <module>() (dup-of: 383697)" [Undecided,New] https://launchpad.net/bugs/406987
<clusty> hey
<clusty> i was curious about the perfromence I could expect of a NFS server over gigabit ethernet
<clusty> sustained transfer not bursts
<clusty> is it coming even close to the gigabit throughput?
<uvirtbot`> New bug: #399443 in apache2 (main) "package apache2.2-common 2.2.11-2ubuntu2.2 failed to install/upgrade: package apache2.2-common is already installed and configured" [Undecided,Incomplete] https://launchpad.net/bugs/399443
<john_doe> I need to "move" a mail server (including users and their mails) from one ubuntu install to another. Do you know a guide to this? I must not lose data or emails sent in the meantime...
<clusty> hey
<clusty> any1 has some experience with FAI and ubuntu?
<clusty> i can not find any help regarding this
<mm_work> Hey guys, on 8.04, how do I enable lastb?  I've googled around and cant seem to find anything useful.
<KillMeNow> john_doe, i am assuming that your users are local accounts on the box>?
<clusty> mm_work, what is that if i dare ask?
<mathiaz> zul: could you write up an MIR for puppet?
<\sh> mathiaz: puppet in main? sounds google^Wpromising ;)
<mathiaz> \sh: puppet is used in a number of places and google is maintaining in debian/ubuntu
<mathiaz> \sh: so it seems that it's a good candidate to push in main
<mm_work> clusty: it shows bad login attempts.  Like 'last' shows valid logins.
<\sh> mathiaz: yepp...I've chosen puppet, too, over cfengine
<mm_work> I would just like to see if someone is trying to ssh into my box or not.
<mm_work> Im just surprised that its not enabled by default.
<clusty> mm_work, ohh ok. why not grep /var/log/auth ?
<clusty> you get there all possible logins
<mathiaz> \sh: how long have you been using puppet?
<mm_work> clusty: thanks, I forgot about that.  And yep, looks like someone is trying a dictionary attack.
<\sh> mathiaz: started last year...I'm integrating it now with FAI
<mathiaz> \sh: isn't there an overlap between FAI and puppet?
<clusty> mm_work, i used blacklist for that
<clusty> mm_work, i think :D
<clusty> mm_work, the ipchains one seemd very complicated. I used the one that write stuff in hosts/deny
<clusty> hosts.deny
<clusty> bad news is that i dont think you can kill apache access for example (stuff has to support tcp-wrappers)
<\sh> mathiaz: not in the general meaning of configuration management...FAI has a softupdate task, but this is not what you really want when you have different network areas for deployment and production (like native vlan on a trunk for deployment, and your production vlans can't reach your deployment vlan)..you would need a second FAI instance..and there is puppet or cfengine much better...FAI e.g. uses cfengine, too, softupdate is something special for 
<mathiaz> \sh: forgive the simple question, but what is the role of FAI in all that then?
<clusty> mathiaz, my man :D. I was looking into FAI just now :D
<\sh> mathiaz: fully automatic deployment...
<clusty> mathiaz, works ok for ubuntu server?
<mathiaz> \sh: right - so FAI is used up to the point where the puppet client can be run?
<mathiaz> \sh: IOW FAI provides the same functionilities as cobbler?
<\sh> mathiaz: that's the idea
<\sh> mathiaz: dunno what cobbler is...but FAI is more solaris jumpstart...much faster d-i preseed or kickstart/autoyast
<mathiaz> \sh: faster *than* d-i preseed?
<mathiaz> \sh: ok - cobbler is something similar than FAI - https://fedorahosted.org/cobbler/
<\sh> mathiaz: yes...I d-i preseed jaunty, and it took on a normal server 10 minutes...the same install with fai 3 mins
<\sh> (jaunty server)
<mathiaz> \sh: does FAI skip the installer?
<mathiaz> \sh: and uses debootstrap directly?
<\sh> mathiaz: yes...it untars a debootstrap directly on $target partitions (which os partitioned before that)
<\sh> mathiaz: and it works with more then debian alike OS...
<\sh> mathiaz: SLES 9 -> via autoyast deployed: 30 mins...with FAI: 10 mins (including YUM package manager and YUM repos)
<mathiaz> \sh: does FAI provide the same step than the installer?
<\sh> mathiaz: means? it boots a fully functional linux..starts a perl process, which runs some tasks, where you can hook in
<\sh> mathiaz: it's more a deployment framework...ever seen empirum for windows installations?
<mathiaz> \sh: the installer takes care of setting a lot of different part of the system (language, boot, etc..)
<mathiaz> \sh: I wonder if FAI covers all of the quirks that the installer support
<\sh> mathiaz: ah in that meaning...no that you do for yourself...like writing the preseed file...but more easier or more complex then preseed files...
<mathiaz> \sh: and none of the installer component are called.
<mathiaz> \sh: does FAI take care of PXE/dhcp, etc...?
<\sh> mathiaz: none..well I use some debconf magic to get some e.g. non-interactive sun-java* license agreement, but that's only defining a file with the debconf preseeds for the package and a class file for the host
<\sh> mathiaz: you install your own dhcp and your own tftp...and no, it doesn't deal with the management, that's what I'm writing now for FAI with django
<\sh> http://www.sourcecode.de/content/fai-djangofied
<mathiaz> \sh: ok - you may wanna have a look at cobbler - it does cover that part as well
<mathiaz> \sh: cobbler can "import" an release and configure pxe/tftp/dhcp automatically
<mathiaz> \sh: and then you add host to it and it will bootstrap the installation with the right files.
<mathiaz> \sh: I'm not sure if cobbler has a web interface though
<\sh> mathiaz: well...can you add your asset management as cmdb to it?
<RoAkSoAx> mathiaz, it does have a web interface
<RoAkSoAx> though I don't know its complete functionality
<\sh> or better to say: your cmdb is the only base of knowledge ... and you need to tell your deployment tool to use this data
<\sh> and that's easy to accomplish with FAI, as a framework for it...
<mathiaz> \sh: right - it depends which cmdb you're using
<mathiaz> \sh: I don't know how pluggable cobbler is
<\sh> mathiaz: HP openviews e.g. or Idoit, or CAs
<\sh> mathiaz: right:) I couldn't do it with RHN or kickstart or d-i preseed or autoyast :) that's why I choose FAI, which is more debian
<\sh> mathiaz: e.g. the city of munich uses FAI extensively for their school it infrastructure deployment :) gonicus implemented a web ui for it (for this special case, it's named gosa) and they do OS deployment all over their area..
<genii> I used to hate debian-installer preseed because of lack in documentation. But I don't mind it so much now.
<mathiaz> \sh: right - I saw the FAI module when I looked at gosa
<mathiaz> \sh: my main issue with gosa is that the ACL are stored in the objects rather than using the native openldap ACL
<\sh> mathiaz: lycos had all their servers deployed with it...many cluster guys are doing it..just check out http://www.informatik.uni-koeln.de/fai/q-answers.html ...
<\sh> mathiaz: yes..but this is special to gosa...nothing to do with FAI :) but you are free to do what you want with it:) you can plug it into any infrastructure...my hobby fai project is to install windows ;)
<\sh> just like empirum is doing it or altiris
<mathiaz> \sh: right - I was disgressing from the topic of FAI above ;)
<mathiaz> \sh: it has nothing to do with FAI
<\sh> mathiaz: right :) anyways..it's a matter of your taste...there are many solutions out there...and SysADmin should use what she thinks is right for their infrastructure...
<Authority> Is it just me, or does cups needlessly include a conversion to PDF in it's processing now?
<T-Hawk> hey ppl... recently amavis started sending me updates every 3 hours like this: bayes: synced databases from journal in 0 seconds: 298 unique entries (717 total entries)
<T-Hawk> i've looked in the cron job, and in amavisd-new-cronjob and it should pipe stdout to /dev/null, anybody know how i can get rid of these messages?
<T-Hawk> i don't get any output if i run the cronjob by hand either, it's only when cron is running it
<Xlrr8> Hey Guys,  I have a question... I just came from #ubuntu and a really helpful guy there suggested that i ask my question here.  I've got a dell gx620 64bit box with 8gb of ram.  Its running ubuntu 9.04 64bit.  Can someone tell me why it's only addressing 3.4 gb of ram according to gnome system monitor and also according to /proc/meminfo ? I found a thread http://ubuntuforums.org/showthread.php?t=1061673 however, it doesn't look like t
<infinity> Xlrr8: Looks like that thread describes your problem exactly.
<infinity> Xlrr8: dmesg | grep MTRR
<Xlrr8> Yes i agree.   The gentelman from #ubuntu suggested that i pipe out dmesg and i do in fact have this line in there :
<Xlrr8> [    0.000000] WARNING: BIOS bug: CPU MTRRs don't cover all of memory, losing 4096MB of RAM.
<infinity> Xlrr8: Right, well.  Not much I can say about that except "complain to Dell". :/
<Xlrr8> I guess i'm wondering if this is a bug ?  Or a hardware limitation that the bios is recognizing the ram, but not passing it along to ubuntu ?  Is that even a possibility ?
<infinity> It's a hardware/BIOS bug.
<Xlrr8> even though the bios recognizes all 8gb ?
<infinity> Yes.  It's not actually setting it all up.
<Xlrr8> Ok, i was afraid of that. So i removed 4gb and left in 4gb, The system still only addressed 3.4.  Would it be safe to say that this "bios bug" is simply ignoring anything over 3.4gb ram ?
<infinity> Found a few other people with GS620s with the same issue.  *shrug*
<infinity> And yeah, that would be a safe assumption.
<Xlrr8> bummer ! :(
<Xlrr8> Thanks for your help/confirmation ! :)
#ubuntu-server 2009-07-31
<ScottK> infinity: Any word on getting powerpc resurrected?
<Bookman> I have all of my video and audio files on a machine acting as a central file server.  What are some of the choices for my client computers to run to be able to easily get access to those files.....
<Bookman> Do I need to "serve" these files or is there a client that can index them on each individual machine?
<Bookman> Back in a few moments....
<uvirtbot`> New bug: #407166 in lsb (main) "lsb_release crashed with ImportError in <module>() (dup-of: 383697)" [Undecided,New] https://launchpad.net/bugs/407166
<oh_noes> python-vm-builder throws out a line "2009-07-31 10:07:35,343 INFO     grep: /boot/config*: No such file or directory"
<oh_noes> Does this mean I can create a file on my host that its being built on, to configure special grub params?
<oh_noes> II want my timeout to be 0, but I'm not sure where to set it
<uvirtbot`> New bug: #407173 in openssh (main) "openssh: Please set traffic class on IPv6 packets" [Undecided,New] https://launchpad.net/bugs/407173
<infinity> ScottK: powerpc should be fairly happy again by now...
<ScottK> infinity: Apparently not. Looks like still full of chroot problems.
<binzyw> Hi, Im running ubuntu server and trying to setup a network bridge using my wireless card to connect to my wireless router and my ethernet port to let my xbox 360 connect to the internet. I have gotten my computer to connect to the router just fine, but when I try setting up the bridge I lose connection to the router. Im using wpa-supplicant and my network config is as follows: # This file describes the network interfaces avail
<binzyw> # and how to activate them. For more information, see interfaces(5).
<binzyw> # The loopback network interface
<binzyw> auto lo
<binzyw> iface lo inet loopback
<binzyw> #Wireless Connection
<binzyw> auto ra0
<binzyw> iface ra0 inet static
<binzyw>  address 192.168.10.3
<binzyw>  netmask 255.255.255.0
<binzyw>  network 192.168.10.0
<binzyw>  brodcast 192.168.10.255
<binzyw>  gateway 192.168.10.1
<binzyw> #Local Bridge
<binzyw> # The wired network interface
<binzyw> auto eth0
<binzyw> iface eth0 inet manual
<binzyw>  address 192.168.10.4
<binzyw>  netmask 255.255.255.0
<binzyw>  network 192.168.10.0
<binzyw>  broadcast 192.168.10.255
<binzyw>  gateway 192.168.10.1
<binzyw> auto br0
<binzyw> iface br0 inet static
<binzyw>  bridge_ports eth0 ra0
<binzyw>  address 192.168.10.5
<binzyw>  netmask 255.255.255.0
<binzyw> any one have any ideas?
<binzyw> p.s. I'm totaly new to irc, so sorry if I make a fool of myself
<cef> binzyw: you should only need to assign an IP to the br0 interface, not the other individual interfaces. that might be causign you headaches
<cef> binzyw: btw: where possible, use a service like pastebin to put anything over 2 lines for people to view. lots of info appearing suddenly (like you pasted) in a channel can be very conversation disturbing, and is usually considered rather rude (no offence taken btw).
<binzyw> ok, Ill do that next time, and thanks Ill try removing the IPs from the other interfaces
<cef> you don't even need the other interfaces defined in /etc/network/interfaces btw.
<cef> oh and remember to add a gateway to the br0 interface
<binzyw> dont I need ra0 so that my wirless card will connect to my router?
<cef> that in fact is probably your main issue
<cef> as long as ra0 is in the 'bridge_ports' section of br0, then you shouldn't need it.
<chrisellis> for ever domain name i host do i need to create a master zone?
<cef> chrisellis: if you mean bind/dns stuff, then yes, or you need to have a master somewhere that you slave off.
<chrisellis> cef: well i have name servers set up on my server so do i just put my name servers on the domain and then add a new master zone? or how does it work
<cef> chrisellis: as long as it's actually a different 'domain' and just just a different name though' eg: www.ubuntu.com and wiki.ubuntu.com are all the same domain, but different names.
<chrisellis> cef: right yeah these are completely different names
<cef> chrisellis: so you've set up bind (or something similar), yes?
<chrisellis> cef: yes
<cef> ok, you need to look in the bind config (probably /etc/bind/named.conf.local
<infinity> ScottK: Oh, FFS, now that glibc built successfully, it's tripping on the silly kernel version check.  Argh.
<cef> you just need another 'master' entry, and to point it at the correct master file.
<chrisellis> I'm actually using webmin even though its not supported ... but iv'e created a new virtual server with the name of the new domain
<infinity> ScottK: We'll get that sorted...
<cef> chrisellis: ok.. not used webmin in years.. so i've got no idea on that sorry
<chrisellis> cef: i would like to do it with the actual config files so i know exactly whats goin gon
<cef> chrisellis: ok. look in /etc/bind/
<cef> chrisellis: in there are a bunch of config files (named.conf, and a bunch of others, some of them are included into the main one)
<chrisellis> i've got named.conf named.conf.local and longhornrepair.com.hosts
<chrisellis> db.loca, db.root db.127 etc
<cef> in there somewhere should be an entry that starts with 'zone "domain.com" {' or similar (replace domain.com with your known working domain)
<cef> probably in named.conf.local
<chrisellis> cef: if i do this stuff manually will it mess up webmin >?
<cef> chrisellis: I dunno.. if webmin is smart, no. it may even tell you (in comments in those files) how to keep webmin up to date or where in webmin to edit this stuff
<cef> looking won't break anything at any rate
<chrisellis> k
<chrisellis> yeahi have a zones.rfc1918
<cef> look in named.conf.local and look for a text line that starts with 'zone "domain.com" {'
<chrisellis> k yeah i see that in that file
<chrisellis> the type is master
<cef> yup.. says it's authorative for the zone. the 'file' statement tells it where to find the details for the domain (eg: my guess in your case it has 'file "/etc/bind/longhornrepair.com.hosts"'
<chrisellis> yeah
<chrisellis> so do i need to create a slave zone under my master zone?
<cef> slave is if you aren't the master
<cef> ie: you host details, but you're not the one that updates the details
<cef> usually it's a different machine (for the same domain)
<chrisellis> oh ahh gotcha
<chrisellis> well im going to have all my domains in the same folder or their root directorys
<cef> btw: you might want to read up on 'bind', as it's probably going to be much easier
<chrisellis> cef: yeah im pretty sure this is really easy im just an idiot
<chrisellis> cef: i just for some reason can't grasp how this all works...
<binzyw> so when I removed the other two interfaces and added the gatway I lost my connection to the rest of the network. (which really sucks because Im sshing in). any other suggestions?
<chrisellis> i've got longhornpcrepair.com working... and im guessing i can use the same name servers
<cef> but the short version: for every domain you host a DNS for, you need a new file (eg: longhornrepair.com.hosts) and a new entry in named.conf.local that defines the domain details
<chrisellis> okay so if i have a domain using my name servers i need to create a new entry in that file
<chrisellis> by creating a new file ... I would be creating a what?
<pmatulis> a dns zone
<chrisellis> I don't know why i can't understand that
<chrisellis> this
<chrisellis> Do i point the new domain to the same IP and the virtual server will see it and point it to the correct directory
<cef> chrisellis: yup! same ip, different name, the ebserver will see it as the other name
<pmatulis> like cef said, you need to tell bind about the zone file by editing the bind configuration file, named.conf.local.
<chrisellis> would it be a master zone ?
<pmatulis> hey, you need to just read an introduction to dns/bind
<pmatulis> it's not hard
<pmatulis> just relax and find the time to read
<chrisellis> could you point me to any good ones
<pmatulis> google for it
<pmatulis> oreilly has a classic on it, might want to check that
<Byron_> Hello everyone
<rosa> hi, i ma tying to join to the domain a Domain member server but I got error: failed to get machine password for account INTERBASE$: NT_STATUS_LOGON_FAILURE ...somebody know this error?
<Byron_> Quick question. Hope someone can help. I can't seem to FTP with the domain, but I can do so locally only. This is with vsftpd. Is there some special setup for virtual hosting?
<netritious> Hi, I created a CSR using openssl, and have a godaddy.com signed certificate to use for postfix/sasl. I see references to .pem in /etc/postfix/main.cf but I do not have a .pem file nor did I receive one from godaddy ssl -- I only have .key and .crt. How to resolve this?
<jmarsden> netritious: Linux/unix is generally not fussy about file name "extensions".  Try copying the .crt to a .pem file, or if necessary, cat both of the files from godaddy together into a single .pem file.
<netritious> jmarsden: thank you. i did receive another file gd_bundle.crt which has two certificates as one. Should I use that - rename to .pem?
<andol> netritious: Or simply put the .crt as smtpd_tls_cert_file= and .key as smtpd_tls_key_file=.
<andol> netritious: As jmarsden said, the file extessions itself doesn't really matter.
<netritious> andol: that makes sense. I'll give it a shot. thanks
<jmarsden> netritious: Possibly.  As andol said, it depends whether the software needs to see one file with both parts in it, or the key and the public cert separately.
<andol> jmarsden, netritious: postfix can handle the key and cert separate just fine. It is also possible to bundle both the certificate and key in the same file, as the smtpd_tls_key_file=.
<andol> netritious: "man 5 postconf" will provide you with some explainations what those diffrent options in /etc/postfix/main.cf do.
<chrisellis> where can i see apaches httpd.conf file to see my virtual servers
<andol> chrisellis: The normal place to put apache vhosts configuration, on a Debian/Ubuntu system, is under /etc/apache2/sites-available/. No idea where you have put your :)
<Byron> Does anyone know how to setup vsftpd for virtual hosts?
<chrisellis> oh well its set up correctly
<andol> Byron: Not sure if that term really applies on a ftp server. But perhaps I'm misstaken, what functionally are you asking for?
<Byron> andol: I can FTP successfully with the command line (terminal/konsole/yakuake), but when I use FileZilla, I can only do it with the IP address behind my router.
<Byron> This is also behind my own network. Fails outside of the network.
<andol> Byron: Is your network based NAT? In other words, does it use internal ip adresses?
<Byron> andol: yes
<chrisellis> can someone dig wwmcd.org for me por favor
<andol> Byron: Well, seems more like something which you have to configure in your local "router". For that to work well you might also want to tell vsftpd which data ports to use.
<andol> Byron: But I'm off for work now, hopefully someone else can continue to help you.
<Byron> andol: the router knowns to forward IP requests
<jmarsden> chrisellis: http://pastebin.com/f29dbbc55
<chrisellis> jmarsden: thank you... its not seeing my ip for some reason
<jmarsden> Right.  Cgeck your bind config files and log files.
<jmarsden> *Check
<chrisellis> and for each domain i have to set up another master zone
<chrisellis> could you check it again por favor
<jmarsden> Same deal as before.
<jmarsden> Have you run named-checkconf to look for errors in your named config file(s)?
<chrisellis> no
<jmarsden> Might be worth a try.  man named-checkconf
<chrisellis> http://wwmcd.org
<chrisellis> it looks like its working actually
<jmarsden> Not from here.
<chrisellis> whaa
<chrisellis> weird
<jmarsden> Maybe only internally... who are you allowing to query that zone?
<chrisellis> its someone on an outside connection
<chrisellis> there getting the index of the directory
<jmarsden> It works from your DNs server but not from the ns1.everydns.net and ns2.everydns.net ones.
<jmarsden> So it is random whether it works ... depends which DNS server gets picked!
<chrisellis> oh okay
<chrisellis> i actually don't think i've been able to get those stupid dns's to work
<jmarsden> Then don't leave them in the DNS at the registrar :)
<cef> wonderful. build up a machine to host 4 VM's, and the hard drives start failing just as I get close to production.. *sigh*
<chrisellis> are they working on http://longhornpcrepair.com
<jmarsden> dig them yourself to check... dig @ns1.everydns.net longhornpcrepair.com
<jmarsden> Looks broken to me.
<chrisellis> is there any reason you guys know why everydns's name servers wouldn't be able to receive the master record .. just off the top of your head
<jmarsden> Because your named config doesn't allow them AXFR access to that zone on your server?  read your logs...
<rosa> please somebody can help me....im trying to join the domian and I got  :failed to get schannel session key from server XXX fro domain YYY...what it mean?
<twb> rosa: it's not clear what protocol you're using.  There's no way to understand what you're TRYING to do, let alone why it's failing.
<twb> !smart-questions
<ubottu> Sorry, I don't know anything about smart-questions
<twb> http://linuxmafia.com/faq/Essays/smart-questions.html
<twb> rosa: I recommend you read that.
<rosa> thanks a lot i will read
<rosa> well...i said a lot of things before...but i did
<rosa> I am trying to install a Domain member server and I am trying to join it to PDC with net rpc join ... and I got tthe error above
<rosa> for somereason I can't join my Domain member server to the PDC
<rosa> well i got it
<uvirtbot`> New bug: #407248 in php5 (main) "PHP5 crashes after cacti and snmpd installation , and configurations. any idea? Follows error code comÂ´s listing about 20 line if i write command dmesg." [Undecided,New] https://launchpad.net/bugs/407248
<chrislabeard> Hi guys
<drurew> I have been wracking my brain as to why i cant log into my servers mysql user
<chrislabeard> whats the problemo
<drurew> i get : ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
<drurew> when using login : mysql
<drurew> or
<drurew> if i use : mysql -u root -p
<chrislabeard> so you do root are the username and the pass as the root user password
<drurew> ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
<chrislabeard> wtf
<chrislabeard> your using the password you set up when you ran the mysql install
<drurew> the mysql install was done by the host provider
<chrislabeard> oh
<drurew> i already purged it and reset everything .... still
<Nalkem> hello
<chrislabeard> Im not sure
<chrislabeard> sorry i'm a newb too
<chrislabeard> i know when i installed it ... it asked for a password and to login i used root
<Nalkem> i installed a ubuntu server 8.04.2. i want to connect to it as root with public-key, but that don't works. i can make it as user, but not as root. what could it be? (i can connect via password ..)
<drurew> you cannot create a second root account !
<drurew> Nalkem: if your logged in as user then you will not be able to login to root as root login must be executed from the lowest level :sh
<drurew> Nalkem: you should try sudo -s
<drurew> if your user has root permissions then it shouold work
<Nalkem> i make it with root permissions (su - )
<Nalkem> and it don't work .. with different computers
<Nalkem> it works with normal ubuntu 9.04 and 8.04, but not with the server. the sshd_config is the same
<drurew> just try sudo -s
<Nalkem> drurew: the same prob
<drurew> Nalkem: im not sure I understand the problem
<drurew> .....per ssh , youu canot log in as root ?
<drurew> *cannot
<Nalkem> drurew: i'm root on computer A and want to login as root to computer b with puiblickey .... that dont work, only with passwordlogin
<drurew> I think that is pretty standard, tho you could try adding your  A key as B`s pubkey
<drurew> root loging w/o password defeats the whole puorpose of linux security
<Nalkem> normally yes ...  but i need it ... for backups per rsync
<Nalkem> so it's going over a secured network
<drurew> then try that what i said with the key
<drurew> that would allow only box A and box B to connect without manually editing the passwd
<Nalkem> thats what i made
<drurew> *editing=typing
<drurew> have you restarted to allow the conf to take place ?
<Nalkem> restart the sshd .. yes
<drurew> If your only method of access to a server is ssh, and you make a mistake in configuring sshd via the /etc/ssh/sshd_config file, you may find you are locked out of the server upon restarting it, or that the sshd server refuses to start due to an incorrect configuration directive.
<drurew> did you chmod the key ?
<Nalkem> yes, .. (and yes, the server isn't in this room, it is far far away ... so i don't make yust try and hope that it works ;)
<drurew> heh
<Nalkem> and it isn't used productivly ...
<drurew> https://help.ubuntu.com/8.04/serverguide/C/openssh-server.html
<Nalkem> read it .... and was wondering about authorized_keys2 ... the 2
<drurew> differentiate between the original key set and your replacement
<drurew> once the replacemt works you  can remove the old set and rename the key
<Nalkem> its the same ... i really don't know where is the failure ... and it only don't work with ubuntu-server .... it works with other ubuntu and linux-distris ...
<drurew> "sudo"
<Nalkem> solved the prob, but don't know why it was there ... :/
<drurew> does anyone see bad syntax in this : UPDATE user SET Password=PASSWORD'somthingSomthing' WHERE User='root' ; FLUSH PRIVILEGES; exit;
<drurew> mysql
<drurew> does anyone see bad syntax in this : UPDATE user SET Password=PASSWORD 'somthingSomthing' WHERE User='root' ; FLUSH PRIVILEGES; exit;
<_ruben> shouldnt that be something like SET Password=PASSWORD('somethingSomthing') ?
<drurew> UPDATE user SET Password=PASSWORD ('somthingSomthing') WHERE User='root' ; FLUSH PRIVILEGES; exit;
<Nalkem> drurew: the problems could be the ' ... u can make \' ... and at the end limit 0, 1
<drurew> the syntax is correct
<drurew> with  ('somthingSomthing') , but the passwd dosnt work
<Nalkem> drurew: and with escaped '   (\')
<drurew> UPDATE user SET Password=PASSWORD ('somthingSomthing\') WHERE User='root' ; FLUSH PRIVILEGES; exit;
<drurew> so ?
<Nalkem> UPDATE user SET Password=PASSWORD (\'somthingSomthing\') WHERE User='root' ; FLUSH PRIVILEGES; exit;
<drurew> ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near'\'somthingSomthing\') WHERE User='root'' at line 1
<nashSwiss> hi: I just set up bind9 on jaunty and I saw that apparmor just allows ::r for bind in /etc/bind. It says: /var/lib/bind is for dynamically updated zone (and journal) files ...but how to configure bind to put dynamic files to /var/lib/bind ???
<Nalkem> drurew: is it this what u want to do? http://dev.mysql.com/doc/refman/5.0/en/password-hashing.html
<qman__> nashSwiss, place your dynamic zone file in /var/lib/bind, then configure in named.conf.local with absolute path
<qman__> file "/var/lib/bind/my.zone"
<nashSwiss> qman__; thanks, and how to do that for jnl files?
<qman__> I don't know how the configuration goes for jnl files
<qman__> from what I'm reading
<qman__> it appears that the .jnl file is created in the same place as the zone file
<qman__> so it should just work
<nashSwiss> ok... so i have to put all m zones to /var/lib/bind to enable jnl... or change the apparmor config :S
<qman__> looks like it
<nashSwiss> thanks
<qman__> seems a sensible default though
<uvirtbot`> New bug: #407297 in samba (main) "PANIC: internal error (usershare related)" [Undecided,New] https://launchpad.net/bugs/407297
<quizme> is it okay to do chown ubuntu:ubuntu -R /etc ?
<maxb> Really really NO
<drurew> Nalkem: http://ubuntu.flowconsult.at/en/mysql-set-change-reset-root-password/
<_ruben> quizme: why would you want to do that ?!
<Nalkem> drurew: hmm ..
<quizme> cuz i'm having trouble writing to /etc/mailname
<_ruben> use sudo
<quizme> as the ubuntu user
<quizme> i did
<quizme> but it didn't work
<_ruben> what command did you use?
<quizme> echo "asf.com" | sudo tee /etc/mailname
<_ruben> and what's the error you got?
<quizme> permission denied
<_ruben> odd .. what does ls -l /etc/mailname show ?
<quizme> -rw-r--r--
<quizme> root root of course
<quizme> nm it's working now...
<quizme> the sudo tee thing...
<quizme> not sure why i was having trouble earlier...
<T-Hawk> hey, anybody know why amavisd-new is sending me a mail every time the sync cron job is run with one line of contents: bayes: synced databases from journal in 0 seconds: 749 unique entries (1195 total entries)
<T-Hawk> numbers vary, but as far as i can see all output is piped to /dev/null when the cron job i run
<quizme> has anybody ever reset the root mysql password from a script ?
<quizme> i want to do it on one line, but it prompts me for the password
<pmatulis> quizme: yeah, i've done that
<_ruben> add -pyourcurrentpassword as parameter
<quizme> _ruben yeah i figured it out thanks
<Nightlurker> I got a VPS running Ubuntu Server 8.10. I have a problem with cron.* folders in the /etc dir not running. I have checked that it runs when I execute it manually, I have also made sure the cron proccess is running. What would be the next step in finding the error? My crontab file can be seen here: http://nightlurker.pastebin.com/m43dcceac
<Daviey> Nightlurker: check your syslog.
<Daviey> /var/log/syslog
<Nightlurker> There are loads of entries like this: Jul 31 02:08:01 ares /USR/SBIN/CRON[9644]: (root) CMD (test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ))
<Nightlurker> That seems correct right?
<Daviey> yes
<ivoks> yes
<Daviey> Nightlurker: do you have a root mail alias?
<ivoks> should we install headers by default?
<ivoks> kernel headers
<ivoks> disk space is cheap and those often come handy
<Nightlurker> Does not look like it no. This is my /etc/aliases file: http://nightlurker.pastebin.com/m3a66b64c
<_ruben> ivoks: diskspace is "cheap" indeed, but can still very well be limited .. running a server from a 1 or 2GB ssd isn't that uncommon (for us)
<ivoks> well, still, i'd like to see headers installed by default
<ivoks> we got kvm and drbd now depending on it
<ivoks> and there were cases when i had to compile network or/and raid controler modules
<heath|work> can you upgrade libvirt while virts are running, or should I shut them all down ?
<stefan__2> hy
<heath|work> heelo
<uvirtbot`> New bug: #407324 in freeradius (universe) "/etc/init.d/freeradius stop don't work" [Undecided,New] https://launchpad.net/bugs/407324
<_ruben> wonder if the lpk patch for openssh will ever end up upstream .. would be a nice feature i'd say
<Nightlurker> Daviey, I got an root alias setup now
<Daviey> Nightlurker: it will be interesting to see if you get a mail, telling you of failure.
<Nightlurker> Jupp, but from the mail logs no such messages where sent.
<heath|work> can you upgrade libvirt while virts are running, or should I shut them all down ?
<Alexanderfoto> Good day to the Ubuntu server community. I was hoping to get some help :) I'm new to the Ubuntu server, and I'm not used to working without a GUI. I'm trying to setup a server that will work as a shared storage device. I'm unsure how to go on with this cause there are so many different ways to go.
<Nightlurker> Depends on what system you want to reach the storage. What systems will be connecting to it?
<Alexanderfoto> Mac OSX Leopard.
<Nightlurker> In which case you have a choise between using Samba and NFS. I have had the most luck using NFS when it comes to speed, but it can be a bit harder to setup and get working correctly on OSX. Samba is the esiest to setup, but I have personally had some performance problems with it on OSX. They may be resolved now though.
<Alexanderfoto> Great stuff :) We'll be working a lot from the server. Our business is photography and the server will work as storage for our images and projects. So I believe speed is important :)
<Nightlurker> I would try out samba first, if the performance is not good enough switch over to NFS.
<Alexanderfoto> Thank you very much :)
<Alexanderfoto> And one more thing, I'm not sure if Ubuntu is detecting all my HDDs, is there a command line that gives me HD stats?
<aboman> you can see some disk stats for mounted disks with "df -h"
<_ruben> sudo fdisk -l
<aboman> ls /dev/{hd*,sd*} should show the avaiable disks (and optical devices)
<aboman> no need for sudo on any of my systems
<_ruben> you're probably a member of the disk group then
<aboman> nop
<Alexanderfoto> disk group?
<aboman> dont worry about it Alexanderfoto, if you get "permission denied" do the sudo thing _ruben said
<heath|work> My kvm's are going absolutely nuts and now I can't even connect with virsh
<heath|work> they are all tacking out the entire server
<quizme> hi, can somebody help me set up courier ?
<quizme> actually it's set up
<quizme> i just need some help trying to check my mail with a user i created.... can't login ....
<quizme> IMAP/courier kinda stuff
<Alexanderfoto> I'm having trouble making the { char on Ubuntu Server.. I'm using an apple computer.
<quizme> i tried to telnet to 443 and i can, but the login won't work...
<Alexanderfoto> okay, so when I type something in the terminal im suddenly unable to write.. sorry for the stupid questions but im new to this.. are there any keys i've accidently pressed?
<heath|work> Alexanderfoto, what do you mean unable to write?
<poningru> hi quick question
<poningru> is there a tomcat package that sets up everything?
<heath|work> quizme, if you are unfamiliar with the command you can install mutt
<Alexanderfoto> i cant write commands
<Alexanderfoto> only the backspace works
<heath|work> Alexanderfoto, are you at the physical server, or have you ssh'ed ?
<Alexanderfoto> Im at the physical
<quizme> heath|work thanks for the suggestion, but i'm pretty committed to courier cuz of the way postfix and everything is set up.
<heath|work> quizme, mutt is a mail app that runs in a terminal. I use it for testing mutt user@localhost or whatever
<heath|work> Alexanderfoto, that sounds strange, but if you have logged in the keyboard was working
<Alexanderfoto> Yeah, it is working.. If I type numbers I get arg: #
<Alexanderfoto> but normal letters are a no go:p
<Alexanderfoto> ill try a reboot
<Alexanderfoto> same issues, its when i try to make the { the keyboard locks up
<quizme> is mcrypt the standard encryption program for ubuntu ?
<Alexanderfoto> F3 resolved the problem :)
<oioiii> Hi there, I want to monitor apache2 of my lampp box (ubuntu 8.04lts) via http://localhost/server-status?auto , works fine except I'm missing CPU load value, any hints?
<gop> what the command to shut down apache
<gop> or stop it for a second
<_ruben> sudo invoke-rc.d apache stop
<\sh> oioiii: depending on what you want to monitor from apache2...Ithink snmp is what you are looking for
<gop> bah my applaince
<gop> is looping an email
<gop> I don't see documetion how to stop it
<gop> and check logs afterwards
<oioiii> \sh: I just want it to show overall cpu load on the status page. Although there is cpu load on server-status?all
<ScottK> mathiaz: I put out a call for clamav testing for jaunty-proposed to the ML.  Would it be worth a post on the server blog?
<mathiaz> ScottK: hi - sounds like a good plan
<mathiaz> ScottK: I'll write something up
<ScottK> mathiaz: Thanks.
<Sam-I-Am> mathiaz: hey
<Vaine-Dragon> I have installed Ubunto 9.04 Server and now it will not boot after initial install, no errors?????
<Sam-I-Am> do you see grub?
<Vaine-Dragon> Not at all, just a blinking cursor and nothing.
<Sam-I-Am> did grub install ok?
<Vaine-Dragon> As far as I know, did the full install twice and both times removed CD with same results?
<Sam-I-Am> did you install to any sort of raid?
<Vaine-Dragon> The installed asked if I wanted to use RAID and I did use it both times?
<Sam-I-Am> what raid level?
<Vaine-Dragon> 5
<Sam-I-Am> yeah, linux wont boot off a software raid 5
<Sam-I-Am> you'd need to have your boot partition on something else
<Vaine-Dragon> Should I reinstall again and negate that option?
<Sam-I-Am> it will boot off a raid 1 though
<Sam-I-Am> yes
<Sam-I-Am> not sure what your disk configuration is
<Vaine-Dragon> Cool thanks for your input and I will do just that, Have great weekend.
<Vaine-Dragon> I just selected RAID because it has 3 HD's
<Sam-I-Am> ah
<Sam-I-Am> if it has hardware raid, that'll work
<Vaine-Dragon> Yeah I did setup prior in BIOS befor install, will that help?
<Sam-I-Am> depends if its a real hardware raid or not
<Sam-I-Am> if so, it would appear as one disk to the system
<Vaine-Dragon> The MD has hardware RAID available.
<Sam-I-Am> at least as far as the ubuntu installer is concerned, and probably wouldnt let you do raid
<Vaine-Dragon> MB
<Sam-I-Am> you can try configuring that
<Sam-I-Am> but a lot of motherboards are 'fake' raid
<Vaine-Dragon> That's fine I don't need RAID for this system
<uvirtbot`> New bug: #407415 in openldap (main) "slapd2.4.15-1ununtu3 failed to install or upgrade" [Undecided,New] https://launchpad.net/bugs/407415
<Vog> I have a ubuntu linux router that I can sshinto, it can resolve ip addresses but cannot ping them. iptables seems to be fine
<Vog> It just won't let any traffic out...
<jmedina> I there, anyone here hows a recent openvpn version for hardy?
<jmedina> probably a PPA?
<jmedina> I want 2.1rc19, because I need to add "redirect-private" and "auth-user-pass-optional" and thos options are only available starting from 2.1RC14
<jmedina> I know it is really easy compile openvpn by hand
<sonism> man, i've been kicked out of ubuntu because i said to those idiot don't ever type this: sudo rm -rf /. and yet those idiots do that!
<ScottK> jmedina: LP now has a search feature for ppa's.
<ScottK> sonism: #ubuntu-irc if you want to bitch.  This isn't the place.
<ScottK> jmedina: I do not, however, favor installing code from somewhat random sources of indeterminate provenence.
<jmedina> ScottK thanks, probably I dont know how to use LP, bu the search feature only shows me the ppa repositories, and I have to searh PPA by PPA, that is not that easy
<jmedina> :)
<ScottK> jmedina: Did you try https://launchpad.net/ubuntu/+ppas?name_filter=openldap
<sonism> ScottK: i'm not bitchin', some onje messin' with sudo command, and then i told him what he don't do right. and then i told him not to do the previous one also. and yet he do that. it definetelly not my fault....
<ScottK> sonism: How does that relate to Ubuntu Server?
<sonism> ScottK: ok, i know..... sorry....
<jmedina> ScottK, yeap, still I have to search into each PPA
<ScottK> OK
<jmedina> well I finished with 20 results and only one old package
<jmedina> from LaMont Jones
<ScottK> Him I'd trust.
<jmedina> good
<jmedina> I think it is time to lear how to create ubuntu packages and use PPA
 * jmedina comes from pacakage slackware pacakges :)
<ssm> jmedina: http://www.debian.org/doc/maint-guide/ is a good starting point
<jmedina> ssm: thanks
<jmedina> well, time to create 50 openvpn client certs and packs :S
<Vaine-Dragon> I'm trying to Install Perl 5 and Webmin 1.480
<Vaine-Dragon> I'm trying to Install Perl 5 and Webmin 1.480
<Vaine-Dragon> HELP ANYONE
<jmedina> Vaine-Dragon: and what is the problem?
<jmedina> have have you tried?
<jmedina> I think webmin is not supported in ubuntu
<jmedina> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<Vaine-Dragon> Will 8.10 work
<Vaine-Dragon> I found this info on the Official Ubuntu page for configs
<Vaine-Dragon> Or is there another web admin package that will work with 9.04
<jmedina> well I really dont know, last time I used webmin was 5 years ago
<uvirtbot`> New bug: #407428 in openssh (main) "sshd zombie processes and strange behavior after karmic upgrade" [Undecided,New] https://launchpad.net/bugs/407428
<jmedina> Vaine-Dragon: did you read the mmesage frfom ubottu?
<Vaine-Dragon> Yes is there another such package for this type of admin
<Vaine-Dragon> !ebox is that a package or another server?
<jmedina> is that a question?
<Vaine-Dragon> Yes
<jmedina> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<jmedina> they are packages or full distro
<Vaine-Dragon> Ok thats what I need, kinda new sorry for the confusion
<jmedina> dont worry
<jmedina> bu
<_lam> hi
<jmedina> hi
<uvirtbot`> New bug: #407310 in mysql-dfsg-5.0 (main) "Failed to check for installed and available applications" [Undecided,New] https://launchpad.net/bugs/407310
<funkyHat> Stupid question : where do I set the user that spamd should run as?
<funkyHat> Oh got it, I add -u blah to /etc/default/spamassassin
<chadkouse> anyone seen this?  When under a heavy cpu load I can't SSH to the server and if I'm already on the server, I can't su -- it's like authentication is waiting on CPU to free up
#ubuntu-server 2009-08-01
<artillerytx> anyone know why i keep getting these e-mails - http://pastebin.com/d5e753476
<artillerytx> from my server
<artillerytx> or is there a way i could turn this off
<poningru> artillerytx, try crontab -l
<poningru> as root it seems
<artillerytx> k it gives me "54 7 *** /etc/webmin/cron/tempdelete.pl
<poningru> can you check /etc/cron.hourly/
<poningru> is there anything in there?
<artillerytx> no there is nothing in that directory
<poningru> can you check /var/log/mail.log
<poningru> see whats sending the thing
<artillerytx> oh wow
<artillerytx> you want me to pastebin whats in mail.log
<poningru> yeah sure
<artillerytx> ahh it won't let me post it
<artillerytx> poningru: here we go - http://paste.ubuntu.com/240720/
<artillerytx> I've set up the email for the domain with gmail apps and used ssmtp to gmail
<poningru> how often does the emails come in?
<ball> Once a month, on a camel.
<artillerytx> poningru: probly every day 4 or 5 times a day
<artillerytx> im guessing its some sort of error that i haven't set up something correctly
<poningru> hmm
<uvirtbot`> New bug: #407572 in postfix (main) "package postfix 2.5.5-1.1 failed to install/upgrade: subprocess pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/407572
<artillerytx> poningru: i can show you the whole thing
<artillerytx> poningru: http://paste.ubuntu.com/240748/
<poningru> no I dont think I can end
<poningru> err help
<tsrk_> is /root being only accessible by root a new thing in 9.04?
<artillerytx> anyone know anything about cron and ssmtp ?
<Tejas> anyone know how to remove id_rsa key???- Because of the my server IP is change...
<ajmitch> '14
<artillerytx> any know why im getting this emailed to me - http://paste.ubuntu.com/240807/
<DiCK454> xubuntu
<Byron> Hello everyone.
<Byron> andol: I'm not sure what I have done wrong, but I don't really know where to start either. I hope to get better insight with some tools that I'm going to start using. Thanks for guiding me yesterday.
<uvirtbot`> New bug: #407583 in samba (main) "karmic smbclient fails to access NAS box" [Undecided,New] https://launchpad.net/bugs/407583
<andol> Byron: Don't really use FTP much these days. Not sure if I'm the right person to point you in a right direction.
<andol> Byron: Actually, in my book, FTP itself is usually the wrong direction :)
<Byron> andol: No worries. I have yet to figure out why FTP doesn't work outside of my router.
<Byron> andol: I don't even want to begin with my Postfix and Courier issues right now, either.
<chrisellis> how do i delete stuff from cron
<chrisellis> im keep getting all these error emails
<chrisellis> i have no idea what is going on with this
<Byron> chrisellis: what happens if you just delete the pl file?
<chrisellis> do you want to see what the errors are?
<chrisellis> Byron: http://paste.ubuntu.com/240899/
<Byron> 1 sec
<chrisellis> mmk thank you
<Byron> chrisellis: Seems like an hourly cron. Try "sudo rm /etc/cron.hourly/ebox"
<chrisellis> no such file or directory
<Byron> sudo nano /etc/init.d/ebox
<Byron> What's on line 14?
<chrisellis> use Ebox;
<chrisellis> i removed ebox though
<chrisellis> why is this file still here
<Byron> that's probably the issue
<chrisellis> how can i remove all files associated with ebox
<Byron> chrisellis: 'sudo apt-get remove --purge ebox'
<chrisellis> it tells me pacakge ebox is not installed, so not removed
<Byron> sudo apt-get install ebox && sudo apt-get remove --purge ebox
<chrisellis> mmk
<chrisellis> i just did apt-get update
<chrisellis> uno momento
<chrisellis> wow thats alot of updates
<chrisellis> okay i just got the error dropdb: database removal failed: Error datatbase "eboxlogs" does not exist
<chrisellis> dropuser: remocal of role ebox failed ebox does not exisist
<mysteriousdarren> just installed my first server on an old dell
<mysteriousdarren> and now its waiting for me to tell it to do something blicking impaitently
<chrisellis> Byron: that doesn't matter right ... thats good they don't exist
<mysteriousdarren> is there some easter egg commands i can put in to make it look like its doing something
<Byron> chrisellis: the removal I'm providing you removes config files, too.
<Byron> mysteriousdarren: if all else fails, type 'help'
<chrisellis> Byron: k
<chrisellis> Byron: have you ever set up a google apps account ?
<Byron> chrisellis: No, I haven't.
<Byron> Farewell everyone. it's getting late for me and I have a long day tomorrow. Have a great day/night. Bye
<chrisellis> night
<mysteriousdarren> nite
<mysteriousdarren> im going through setting up an server on a dell and wondered what kind of server collections i should install?
<chrisellis> i don't know very much but what kind of server are you setting up
<hammer> funny you should ask that mysteriousdarren, i was wondering the same thing
<jmarsden> Install the ones that will let you do whatever it is you want the server to do :)
<chrisellis> ahh god i hate girl drummers
<mysteriousdarren> a friend and i are using it for a learning experience and were basically gonna use it to access files when traveling and on business trips
<jmarsden> I don't think there is a "girl drummer" task in Ubuntu Server..?
<chrisellis> oh sorry
<chrisellis> haha
<mysteriousdarren> girls drummers are awesome, haha im a drummer. did u get shown up by one or what?
<mysteriousdarren> sorry off topic
<chrisellis> no they look stupid im moving to off topic if you want to continue
<jmarsden> mysteriousdarren: So install whatever things you want to learn about, plus whatever will do the kind of file sharing you have in mind.
<hammer> So are options are dns,lamp,mail, openssh, posgres, print, samba tomcat java , virtual, an manual package selection server
<hammer> I am kinda thinking manual, virtual, and lamp
<hammer> and I hate girl drummers
<jmarsden> Well, if mysteriousdarren wants to access his server remotely, openssh is probably a good start.  After that it all depends what/how he is plannging to do the filesharing.  The set for you depends on what *you* want to do with your server :)
<hammer> but what if the girl drummer is hot
<mysteriousdarren> smoking hott
<jmarsden> hammer: Take that to #offtopic please.
<mysteriousdarren> hammer nice but off topic
<hammer> ok, its late,
<mysteriousdarren> ya no excuses paula
<hammer> whats the downfall of sellecting more than we may need
<jmarsden> You end up with more software on your server that you don't understand, and that you have to back up, and that if it has security issues might in some way aid others trying to break into your server.
<hammer> ah
<jmarsden> Remember you can always use tasksel to add more tasks later anyway.
<jmarsden> man tasksel for details on that.
<hammer> So if we went, openssh, samba, and a lamp. would that be a good start to learn
<jmarsden> It's quite a bit at once, but sure, that could work.  LAMP is Apache, MySQL and PHP so 3 different things right there.
<jmarsden> The L is for Linux... which you already have :)
<hammer> this is just off a ubuntu 9.04 server cd  we downloaded tonight
<hammer> it gives us these options separatly
<jmarsden> OK... let's just say the L (Linux) is not optional if you are installing Ubuntu :)
<jmarsden> Install openssh so you can access the server securely over the network.  Anything else ... install it if you either need it or want to learn it.
<jmarsden> In general, if you do not know what it is, do not install it.
<hammer> good point
<jmarsden> You did read the Server Guide, right?  https://help.ubuntu.com/9.04/serverguide/C/
<hammer> of course we read all 19 chapters
<hammer> (wistles suspicously)
<jmarsden> For mysteriousdarren just openssh may be all he needs, because he can do sshfs for secure remote file access, either from Windows or Linux boxes while on the road.
<hammer> bookmarking now
<jmarsden> There is also a link to the server guide in the /TOPIC of this channel :)  But that's for the 8.04 one not 9.04
<mysteriousdarren> ok, ya ive read most of the links and was wondering from an actual person what i should do. thanks
<jmarsden> For what you are asking for just install openssh and use sshfs (or Dokan, if you use Windows on your travelling notebook instead of Linux)
<mysteriousdarren> nope all ubuntu
<hammer> all ubuntu, and one fedora...
<mysteriousdarren> haha fedora and u hate it sometimes
<hammer> sigh.... yes
<andol> jmarsden: Hmm, Dokan looks intersting. Any personal experieces using Dokan sshfs? Might be a good alternative, recommending to friends instead of expandrive
<jmarsden> andol: I've only played with it, never had to use it for a long period.  For basic file xfer it seems to work.
<andol> jmarsden: Okey, thanks for the indirectly pointing it out to me anyhow.
<jmarsden> :) No problem.
<chrisellis> how do you see what kind of bandwidth you are getting for your server
<uvirtbot`> New bug: #407689 in samba (main) "package libpam-smbpass 2:3.3.2-1ubuntu3.1 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/407689
<vagamente> anyone can help me installing mailman?
<uvirtbot`> New bug: #396632 in lighttpd (universe) "lighttpd init file should not chown or chmod on status check" [Undecided,Incomplete] https://launchpad.net/bugs/396632
<gbear14275> is xen support better in 8.04 or one of the later versions?
<zoopster> gbear14275: define support...not much has changed in xen for a while. 9.04 officially has domU support
<zoopster> gbear14275: you are better off using KVM...it is being maintained much better through 9.04
#ubuntu-server 2009-08-02
<Bilge> Even though I use hardy, can I still install a deb built for intrepid?
<giovani|defcon> Bilge: can you technically? yes -- it's very possible it won't work properly
<Bilge> I wouldn't know why
<Bilge> I can just built it myself though so whatever
<giovani|defcon> Bilge: well why (or if) depends on the exact application -- could depend on library versions that you don't have, for example
<giovani|defcon> it could also place things in directories not used in your version
<giovani|defcon> lots of things change -- many things don't -- which is why there's no generic answer
<tsrk_> anyone have any idea why rsync'ing large amounts of data is causing a kernel panic on the receiving server?
<giovani|defcon> tsrk_: could be lots of things -- bad ram -- bug in kernel, rsync -- etc
<giovani|defcon> I presume you've googled?
<tsrk_> giovani|defcon, yeah, also I should mention it doesn't happen when it goes the other way
<tsrk_> there's some networking related things in the stacktrace though so i'm wondering if it's something with ssh
<nick125> Good evening. I have a quick question: Is it possible to install Ubuntu Server over SSH (once I get the CD in and potentially set a password and start sshd)?
<giovani|defcon> nick125: by "over ssh" you mean what?
<giovani|defcon> doing an interactive install via a pts?
<nick125> giovani|defcon: Going through the interactive prompts over SSH
<nick125> yep
<giovani|defcon> nick125: not that I know of -- not sure why you'd want to
<nick125> Apparently, this piece of documentation says there is a way in the installer menu to do it
<giovani|defcon> serial console, kvmoip, or automated install
<nick125> https://help.ubuntu.com/community/Installation/NetworkConsole
<giovani|defcon> nick125: if it's in the "menu" it sounds like it https://help.ubuntu.com/community/Installation/NetworkConsole
<giovani|defcon> whoops, sorry -- bad paste
<giovani|defcon>  https://help.ubuntu.com/community/Installation/NetworkConsole
<giovani|defcon> hah -- my tablet is failing
<nick125> giovani|defcon: Don't worry, this ducttape will fix it!
<giovani|defcon> ok
<giovani|defcon> it looks messy
<giovani|defcon> I see no reason to do it
 * nick125 backs the data up from his server
<giovani|defcon> but if you'd like to have your remote hands set that up for you -- go ahead
<nick125> Well, my server isn't remote, it's just that it's too uncomfortable to sit there and work on it for any period of time
<giovani|defcon> then use serial console
<giovani|defcon> that's the proper approach
<giovani|defcon> the install should take minutes
<giovani|defcon> you can also automate it
<nick125> Knowing my luck, it'll take a few hours :p
<giovani|defcon> why?
<nick125> It would find a way to take hours.
<giovani|defcon> if you want to convince yourself of that ... ok
<nick125> Hmm....I wonder if I could setup a serial console to the desktop sitting next to my server, then SSH into that box..hmm
<giovani|defcon> why would you need to do that (I mean, you can ... but)
<nick125> It's going to take a bit of time to initialize the 3x160GB RAID-5 (320GB total volume size), then the LVM PV/VG.....
<nick125> I guess I could just leave it and let it do its thing
<nick125> Should I make a separate partition for /boot that isn't on the RAID?
<giovani|defcon> doesn't sound like a big deal
<giovani|defcon> nick125: is this hardware raid?
<nick125> giovani|defcon: software
<nick125> The motherboard in my server supports fakeraid, but I think I would rather avoid it (especially with the mix of different SATA controllers)
<giovani|defcon> in general, I stay away from software raid
<giovani|defcon> but yeah, I'd keep /boot off of it -- just in case the array is broken
<nick125> And the initrd included with Ubuntu Server works just fine for RAID/LVM?
<ball> I sort of wish I'd gone for software RAID on the last server I put in.
<giovani|defcon> the issue is grub -- grub supports lvm
<giovani|defcon> it seems to support some raid levels (1, notably)
<nick125> The last Linux install I did, I put /boot on RAID 1
<giovani|defcon> ok, well from what I raid, grub will support it
<giovani|defcon> but I see no reason to use it for /boot
<nick125> So if one drive fails, there's another drive to boot from
<giovani|defcon> not if the MBR isn't there ...
<giovani|defcon> which it won't be
<nick125> You can install the MBR to the other drives too
<giovani|defcon> yes, but it wouldn't be there normally
<giovani|defcon> just use real raid
<nick125> I don't have money for a $400-500 RAID controller
<ball> I'm sure ours didn't cost that much.
<giovani|defcon> nick125: try 1/10-1/5th of that
<nick125> A real RAID controller for $50?
<nick125> (or so)
<giovani|defcon> $500 will buy you a high-end 8 port PCI-X controller
<giovani|defcon> nick125: on the low end, yes
<giovani|defcon> somewhere between $50-100
<ball> Ours has batteries on it for some reason.
<giovani|defcon> ball: yeah ... that's normal
<ball> ...to back up the cache RAM I suppose
<giovani|defcon> to make sure the drives don't get corrupted mid power cut
<ball> I need to go and lay down now
<qman__> yeah, I wouldn't bother with anything that wasn't at least $60, and even then, that's usually just a high performance disk controller, no RAID functions
<qman__> you don
<qman__> you don't have to spend a fortune on something really fancy, but at least get something like a highpoint rocketraid
<qman__> if you don't, you're better off just using mdraid than whatever fakeraid controllers you can get
<ball> I like RAID, me.
<gherring> greets - I'm fairly new to ubuntu server, but very familliar with kubuntu and ubuntu...how do I enable remote login to an ubuntu server?
<giovani|defcon> gherring: you install openssh-server
<gherring> ok....thanks for that.
<gherring> I can look up the rest  - thank you
<giovani|defcon> you could've looked that up as well :)
<gherring> well, your correct - but i wanted a somewhat expert opinion and the closest I figured i could get was coming in here and asking  :)
<giovani|defcon> an expert opinion on the ssh server package name?
<gherring> no...i'm no stranger to command line and i can follow a walkthrough
<gherring> i'm not good with servers...yet
<giovani|defcon> uh, ok
<giovani|defcon> so you're not familiar with ssh?
<gherring> or how to log into them remotely
<gherring> no, i've never used it but heard of it
<giovani|defcon> then you probably should be using your desktop more
<giovani|defcon> ssh is hardly limited to "servers"
<gherring> scenario: i can (and do) vpn to a microsoft network every weekend - they want to install an ubuntu server
<gherring> i need to be able to log into it after they install it
<giovani|defcon> you shouldn't be administering a server for a company/organization if you've never done it before ...
<gherring> it's ok...seriously.  the admin is my brother
<giovani|defcon> if you've never used SSH before ... I would advise you to take a huge step backwards
<giovani|defcon> and learn the basics
<gherring> i'm practicing
<gherring> ok, where should i start then?
<giovani|defcon> you should start by learning linux basics
<giovani|defcon> and your desktop is a perfectly fine place to start
<gherring> I know alot of the basics
<gherring> ok
<giovani|defcon> honestly, I beg to differ
<gherring> i'm going to take your word on this
<giovani|defcon> SSH is an extremely basic utility -- if you haven't used it yet -- you probably haven't spent much time with Linux
<gherring> i'm not as 'swift' as i think i am
<gherring> ok...is there a way I can practice using ssh?
<giovani|defcon> sure ... the point wasn't really about SSH, just that it was evidence of your experience level
<gherring> I have an ubuntu server in virtualbox installed and ready
<giovani|defcon> get two linux boxes
<giovani|defcon> use ssh to remotely connect to the other
<giovani|defcon> I'd probably get a book on linux if I were you
<gherring> I have to boxes next to each other right now...and a spare hp hub
<twb`> You could still do that with virtualbox
<giovani|defcon> learning piece-meal is likely to leave a lot of gaps in your knowledge
<gherring> i do have huge gaps in my knowledge...but i can learn
<gherring> what book on linux would you recommend?
<giovani|defcon> I don't have one off-hand
<giovani|defcon> surf amazon for one with a lot of good reviews
<giovani|defcon> ask around
<gherring> something like 'ubuntu server handbook'?
<giovani|defcon> ?
<gherring> i have an amazon account - i can do that tonight
<giovani|defcon> account? browsing books doesn't require one
<gherring> but is there a way I can practice ssh skills using virtualbox ose?
<giovani|defcon> sigh
<gherring> ok - sorry
<giovani|defcon> unfortunately, you seem to be focusing on SSH
<gherring> you brought it up...i'm hooked
<giovani|defcon> which is exactly what I'm trying to tell you not to do -- it was just an -example-
<gherring> ok..letting go of it
<giovani|defcon> start with a basic book ... read the book
<gherring> basic book on server or ubuntu in general?
<gherring> btw, i appreciate your patience
<giovani|defcon> you want something server-oriented -- the first thing you have to understand is that there's nothing that solidly differentiates a "server" from a "desktop"
<giovani|defcon> those distinctions are largely made up -- and have more to do with function than the OS itself
<gherring> ok...
<gherring> ahhhh i see
<giovani|defcon> ubuntu server and ubuntu desktop are the same OS
<gherring> right
<gherring> i've done minimal install before and totally agree with that
<giovani|defcon> they use a different kernel -- that's it -- and that has to do with hardware support, and special features only people running servers typiclaly care about
<giovani|defcon> other than that -- they offer the exact same software
<gherring> right right....
<giovani|defcon> ok, so the knowledge won't differ
<giovani|defcon> between a "desktop" and a "server"
<gherring> i've installed a server kernel before on an xubuntu desktop system
<giovani|defcon> other than application-specific stuff
<gherring> right...i understand
<gherring> so on a minimal install when i choose server it automatically selects a server kernel
<gherring> or i could have chosen ubuntu desktop, but whatever - same frame work
<twb`> Note that support for server software is significantly longer, though
<twb`> Regarding security updates and such
<gherring> twb - ok, understood
<lukehasnoname> <3 Ubuntu server, mostly
<twb`> I imagine the at the desktop kernel also has some basic "tuning" for a desktop role (e.g. more RTOS stuff)
<giovani|defcon> twb`: sure, I don't think that's relevant to a basic understanding of them being the same OS
<twb`> giovani|defcon: granted.
<giovani|defcon> unfortunately, ubuntu has focused on differentiating the products in a marketing sense
<giovani|defcon> which only serves to misinform, imo
<gherring> glovan - oh, i see...causing some confusion
<giovani|defcon> it's a windows thing
<twb`> giovani|defcon: it's a necessary evil when dealing with the corporate space
<giovani|defcon> commercial-focused (read: microsoft market-focused) distros began the whole "desktop" v "server" distinction
<giovani|defcon> twb`: ubuntu isn't accepted in any significant way in the commercial space
<twb`> It is where I hang out
<giovani|defcon> clearly you're not looking at the big picture
<lukehasnoname> Eh, Ubuntu Server is a slightly different product. Different kernel settings and different default packages are a pretty big deal. It's like lamenting over the disinction between Ubuntu and Kubuntu.
<giovani|defcon> how many fortune 1000 run ubuntu as a major part of their infrastrcuture?
<giovani|defcon> lukehasnoname: I've already covered that
<lukehasnoname> I just hopped in
<twb> giovani|defcon: there is a huge difference between multinationals and corporations in general
<giovani|defcon> twb: pick any metric you like
<giovani|defcon> ubuntu is a nonexistant player in the corporate space
<twb> In the SMEs I deal with, CentOS has lost a lot of ground to Ubuntu Server.
<giovani|defcon> show me any evidence to the contrary
<giovani|defcon> SMEs? -- name a few
<twb> Well actually the deployments I'm most familiar with are prisons
<giovani|defcon> prisons are enterprises?
<lukehasnoname> giovani|defcon:
<lukehasnoname> yes
<twb> Here, they're government.
<giovani|defcon> I suppose if they're commercially-owned and leased to the government
<giovani|defcon> how big is the computing infrastrcuture at a prison you're talking about?
<twb> around 300 desktops each
<gherring> wow
<giovani|defcon> that's ...
<giovani|defcon> not an enterprise
<giovani|defcon> that's a small-medium business
<twb> I've lost interest in this discussion.
<giovani|defcon> my company has almost 2000 servers, and we're considered a small business by most standards
<lukehasnoname> giovani|defcon: Most standards is wrong, then
<lukehasnoname> I work at a bank with 4,000 servers running several OSes, a multitude of apps, with a customer base of 6m
<giovani|defcon> lukehasnoname: how any of the 4,000 are ubuntu?
<lukehasnoname> divide that by two and you're still big or medium big
<giovani|defcon> s/any/many/
<lukehasnoname> None. I wasn't making that point, if you're trying to gun after me. I'm arguing that 2k servers is not 'small'
<giovani|defcon> no, I'm not gunning -- I'm using you as a random sample
<lukehasnoname> We run Solaris 9, RHEL 4, AIX, and Windows 2003/2008
<lukehasnoname> mostly
<lukehasnoname> I don't know what else
<giovani|defcon> worse than random, really -- since you're in #ubuntu-server -- and clearly a user
<giovani|defcon> I'm also clearly a user -- I think it's a great distro
<twb> I think it's a horrible distro, but the alternatives are a lot worse.
<giovani|defcon> but I acknowledge its lack of presence in the medium-large commercial space -- which is the market that defines the success of Linux distros, overall
<gherring> i've tried several linux distros - ubuntu has been the most stable for me
<twb> I sure a shit wouldn't want to babysit a bunch of AIX boxes
<lukehasnoname> twb, you don't like Ubuntu?
<gherring> lol @ twb
<twb> I think Ubuntu has a great job of taking Debian and running it into the ground.
<giovani|defcon> heh
<giovani|defcon> then clearly you belong in #debian
<gherring> wow - again
<lukehasnoname> Elaborate. I'm seriously interested in hearing the other side of the fence.
<lukehasnoname> Also, Are you talking about desktop or server space?
<lukehasnoname> I assume server.
<twb> lukehasnoname: it's more from a package maintainer's perspective.
<twb> For example, reportbug(1) on Ubuntu for a long time silently sent email to a subscriber-only mailing list
<twb> launchpad requires you to create an account to report bugs, and isn't AGPLd
<lukehasnoname> Launchpad is AGPLed, isn't it?
<lukehasnoname> recent development.
<andol> twb: I think you inteded to saw wasn't? :)
<andol> s/saw/say/
<twb> lukehasnoname: OK, I must be out of date on that.
<twb> NetworkManager has fucked me repeatedly, and there was a change in d-i in hardy that meant that it tried to talk to archive.ubuntu.com before it asked you about proxies, which meant on a broken network I maintained, that you basically HAD to preseed or d-i would take like eight hours to install
<lukehasnoname> admittedly, I haven't run Ubuntu Server on advanced or troubled configurations
<twb> I don't think I can point to any one huge aggravation
<twb> And Ubuntu have definitely improved some things
<twb> And I prefer Ubuntu in pretty much every way to RHEL or Solaris :-)
<lukehasnoname> I wanted to like Opensolaris, but I just didn't get into it
<lukehasnoname> I think the packaging is a total mess
<lukehasnoname> I even got a book on Osol, I was so interested
<twb> You think that's bad, you should see OS X.
<giovani|defcon> Solaris? -- let's stick to distro comparisons here
<lukehasnoname> Back
<lukehasnoname> Had to get a real IRC client
<lukehasnoname> irc://irc.debian.org
<lukehasnoname> damnit
<giovani|defcon> lukehasnoname: now we know where your loyalties lie :)
<lukehasnoname> I want to ask about some recent Debian news I heard
<lukehasnoname> - kFreeBSD support, introducing the first non-linux architecture into Debian
<lukehasnoname> Does this mean the FreeBSD kernel will be an official branch in the Debian project?
<giovani|defcon> lukehasnoname: as far as I know, yes
<giovani|defcon> not a "branch" but a port, yes
<twb> Debian GNU/kFreeBSD has been around for ages
<lukehasnoname> Ya, I know
<twb> But I think like Debian GNU (as in GNU/Hurd), it has like five people who use it at all
<lukehasnoname> well, since FreeBSD is a technically superior platform...
<lukehasnoname> >_>
<lukehasnoname> <_<
<twb> I just wish the Solaris kernel didn't have the CDDL of death
<twb> By all accounts it's a rockin' kernel
<twb> But Nexenta is too hairy for me, due to CDDL/GPL fights in dpkg and such.
<giovani|defcon> heh -- let's talk about how ssl died circa defcon 2009
<twb> giovani|defcon: openssl?
<giovani|defcon> all major ssl implementations
<giovani|defcon> in one form or another
<giovani|defcon> tons of attacks released
<lukehasnoname> protip: Don't wipe your database until you're sure you don't have any apps using it
<lukehasnoname> ffffffuuuuuuuuuu
<jmarsden> lukehasnoname: And even then, back it up first
<nick125_lappy> lukehasnoname: Ouch. Well, if you didn't have backups before, now you do.
<lukehasnoname> ya, this is kinda lame.
<twb> Taking adequate backups is a lesson EVERYONE learns the hard way
<nick125_lappy> Hm. In /etc/network/interfaces lingo, what is the equivalent to ip addr add <blah> <dev>?
<twb> post-up ip addr add <blah> ?
<twb> You want the interface to have two IPs?
<nick125_lappy> twb: yes
<twb> You could also try just listing two "address" lines
<nick125_lappy> However, for some reason, dhcpd doesn't like serving addresses on the same subnet as a ethN:X alias.
<nick125_lappy> Good idea.
<nick125_lappy> Wait. What if the two addresses have a different netmask?
<twb> Dunno.
<twb> I do not normally do what you're talking about
<nick125_lappy> Nobody seems to. :)
<nick125_lappy> Can I have multiple post-up lines (if needed)?
<twb> Why do you want to?
<twb> Yes, post-up lines are run serially IIUC
<twb> Or you can put stuff in /etc/network/if-up.d/
<nick125_lappy> Great. Thank you.
<lukehasnoname> Good news: I was able to get torrentflux back up and running with minimal pain
<twb> Be nice when apt-torrent gets off the ground
<lukehasnoname> o_O?
<gherring>  
<quizme> http://pastie.org/568384  <---- the permissions are 777 and I'm in the dev group, but I still change chmod g+w that file.... anybody know why not?
<LiraNuna> how do you make rdiff-backup perform full mirror even though there's a previous backup present?
<LiraNuna> the more diffs there are, the slower it is to restore
<lukehasnoname> Wow, so annoying.
<lukehasnoname> I was hoping phpMyBitTorrent would be an all in one solution
<lukehasnoname> I want to choose a file, have a .torrent made, and load it to a tracker and seed, all in one step.
<lukehasnoname> *a private tracker on my server
<twb> Doesn't rdiff-backup just do a cp -al then an rsync, like rsnapshot?
<LiraNuna> twb, no, it saves diffs
<twb> Ew.
<LiraNuna> not really
<LiraNuna> it's pwerful
<twb> Does it use --only-batch?
<LiraNuna> eh?
<twb> rsync --only-write-batch, I mean
<LiraNuna> it uses librsync
<twb> Ah, I didn't know that.
<twb> rsnapshot is just perl or something
<LiraNuna> rdiff-backup is a delicious combination of mirror backup and incremental backup
<twb> So is rsnapshot
<LiraNuna> problem is the more time passes by, there are more diffs to patch against, so restore gets slower
<LiraNuna> I want to put some cron job every month to put a full mirror so it won't be as slow
<twb> rsnapshot assumes you're backing up to a (possibly remote) hard disk, so you can just use hard links to get incrementality at zero cost.
<twb> A restore is as fast as a single backup
<LiraNuna> what about size?
<twb> It wouldn't work with tapes or DVDs, though
<twb> LiraNuna: you mean size of the thing being backed up?  Arbitrary.
<LiraNuna> anyway, I'm just seeking advice of how to overcome this problem
<twb> Sorry, I went off on a tangent
<LiraNuna> no problem, I didn't want to start 'backup warz' here :)
<twb> Mea culpa.
<LiraNuna>        -b, --backup-mode
<LiraNuna>               Force backup mode even if first argument appears to be an increâ
<LiraNuna>               ment or mirror file.
<LiraNuna> whoops
<LiraNuna> will that destroy past diffs?
<twb> At this point I would see if rdiff-backup has a dedicated channel.
<andol> Well, at least there is no official or well known rdiff-backup channel.
<andol> LiraNuna: At current stage, rdiff-backup can only have one full mirror, the rest is reverse diff.
<nick125_lappy> Good evening (or morning) :)
<lukehasnoname> Is there a trick to deploying a war to Tomcat?
<lukehasnoname> I dropped a war in /usr/share/tomcat6/webapps/ like I was told
<uvirtbot`> New bug: #407923 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.1 failed to install/upgrade: Unterprozess post-installation script gab den Fehlerwert 1 zur?ck" [Undecided,New] https://launchpad.net/bugs/407923
<quizme> what does "sudo mount /etc/mysql" do ?
<quizme> in fstab it says "/vol/etc/mysql /etc/mysql none bind"
<andol> quizme: Unless /vol/etc/mysql is mounted at /etc/mysql, that is what will be attempted.
<rosa_> hello...i am having problems with my cups system...i just install that in a new server, when i try to print to one of the printer that I install, doesn't print and shows a message in "processing since" and don't do nothing else...somebody can helo me please
<quizme> andol: i'm totally confused.  i don't know how my mysql database got onto /vol/var/lib/mysql, because my fstab doesn't have such an entry.
<quizme> yet it works
<quizme> and it's there
<andol> quizme: Talk to the person who installed the server?
<nick125_lappy> Hm. Apparently, I broke my networking.
<uvirtbot`> New bug: #397721 in php5 "[needs-packaging] php-fpm" [Wishlist,Confirmed] https://launchpad.net/bugs/397721
<andol> cjwatson: Wondering if you, being Mr. OpenSSH, have any opion on whatever bug #362511 being important enough to backport the upstream patch? Goten the impression what we now don't watch to be to creative with our OpenSSH packages :)
<uvirtbot`> Launchpad bug 362511 in openssh "force-command unable to pass arguments along to internal-sftp" [Low,Confirmed] https://launchpad.net/bugs/362511
<Acs> hey guys
<Acs> I am trying to run this php script and I am getting this Extension './dirtotal.php' not present.
<Acs> I have #!/usr/bin/php -q at the top
<Acs> and change the permissions to +x
<Acs> and I am calling it like ./dirtotal.php
<Acs> am I doing something wrong?
<Acs> I have a php script that is being called in a cronjob and that works fine
<Acs> anyone
<Acs> ?
<andol> Acs: Is "./dirtotal.php" what you have in cron? Is current working directory specified in any way?
<Acs> no no the dirtotal.php is the script I am trying to run in the cli
<Acs> in the cron it's another script
<andol> Acs: Try specifying the full path to dirtotal.php instead
<DiViN3> anyone can help me plz
<Acs> andol I have fixed by calling it with php
<Acs> so php dirtotal.php works
<Acs> thanks for the help
<DiViN3> how to add ips in ubuntu server
<DiViN3> wats the command or where must i add the ips
<DiViN3> anyone can help me plz - how do u add ips in ubuntu server
<giovani|defcon> DiViN3: man interfaces
<DiViN3> giovani|defcon : sorry to say but m not that good with all that stated in there as i cant seem to understand
<DiViN3> giovani|defcon : all i did was read up from internet n setup my server
<DiViN3> giovani|defcon : i found out that  by doing  : ifconfig eth0 add 1.2.3.4     <--- the ip is added
<DiViN3> but some web say that i need to add the additional ips as virtual ips
<DiViN3> so that they can be binded for vhost
<DiViN3> anyone can help me with how to bind vhost for irc
<DiViN3> my revesre is not functioning
<PerryArmstrong> can anyone help me ace this discussion at: http://ubuntuforums.org/showthread.php?t=1228878   its related to servers
<eVo_Divini> My whole file system is mounted read only. Will rebooting fix this?
<giovani|defcon> eVo_Divini: depends on the cause
<andol> eVo_Divini: If the system mount your (root) file system read only it might very well be because it detected some problems at mount time.
<andol> eVo_Divini: If you look in /etc/fstab you might find the mount option "errors=remount-ro".
<uvirtbot`> New bug: #405325 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/405325
<storrgie> I just swapped the processor out on my rig, should I run anything when I boot up to make sure the kernel detects everything properly?
<eVo_Divini> I found it andol
<eVo_Divini> upon rebooting, the server hung
<eVo_Divini> not sure why
<eVo_Divini> the provider is working on it
<nick125> Good afternoon. On a server without VT/SVM, what virtualization method would you guys recommend, other than VMware Server? If I could run full-virtualization guests (i.e., Windows if the need comes up), that's a plus.
<Nafallo> KVM
<incorrect_> i can't get a channel list, but what is the name of the ubuntu kvm channel
<Nafallo> #ubuntu-virt
<incorrect_> is there a way to boot up rescue mode with no networking? or more to the point, how can i stop a module from loading at boot?
<jpds> incorrect_: Add it to /etc/modprobe.d/blacklist.conf .
<incorrect_> jpds, init=/bin/bash and i hacked it out, bonded bridged interfaces = weird kernel panic
<DormantOden> hey, can someone tell me the 32 bit library name? =)
#ubuntu-server 2010-08-02
<kinygos> ok...i finally found the answer to my keyboard layout problem...
<kinygos> simply run sudo dpkg-reconfigure console-setup and make the appropriate selections
<kinygos> thanks for the help :)
<EvilPhoenix> anyone know of any cli tools that can show you active ports things are bound to as well as the number of packets being received/sent on those ports?
<EvilPhoenix> similar to top peraps?
<uvirtbot> New bug: #612380 in php5 (main) "mysqli_ssl_set should not expect MYSQLI_STATUS_INITIALIZED" [Undecided,New] https://launchpad.net/bugs/612380
<progre55> hi guys. I want to add a script in /etc/init.d/ to startup, but only after networking is up. so how do I update-rc.d it?
<progre55> anyone? I'm starting a deamon using "start-stop-daemon --start --quiet --pidfile $SCRIPT_PID --startas $DAEMON -- $DAEMON_OPTS", but it doesnt record the pid in the specified file, so the "stop" option doesnt work. Any suggestions, please?
<rdw200169> EvilPhoenix: netstat -pln --inet
<rdw200169> EvilPhoenix: the only way, that i know of, to get the packet count on ports is by doing some iptables packet counting per port
<rdw200169> EvilPhoenix: or, you could use something like ntop, but that's more of a web-gui type thing
<EvilPhoenix> thanks
<rdw200169> did it work the way you wanted?
<EvilPhoenix> rdw200169:  havent checked, the server's offline for system updates tonight
<EvilPhoenix> ;)
<EvilPhoenix> i can tell you tomorrow if it worked :)
<MTecknology> zul: Hey Chuck... You happen to be around now? I want to thoroughly irritate you. :)
<_Snark> Q - can i softraid across multiple (sata) controllers, or do all raid member disks need to be on the same controller?
<sirninja> How do I run a dummy xserver?
<uvirtbot> New bug: #612428 in dhcp3 (main) "package dhcp3-server 3.1.2-1ubuntu7.1 failed to install/upgrade: ErrorMessage: pacote dhcp3-server jÃ¡ estÃ¡ instalado e configurado" [Undecided,New] https://launchpad.net/bugs/612428
<Yosi123> hi all, new to UB-server...   if I want to change the hostname of a system, can I just edit the hosts and the hostname file in /etc, or it it like windows and i have to change 10000 files?
<Yosi123> new to linux
<Jeeves_> Yosi123: Those files will do indeed. But there are some programs which base stuff in their configfile on the hostname
<Jeeves_> so the best thing to do is:
<Jeeves_> sudo grep -r <your old hostname> /etc
<Jeeves_> that will show all the files that contain your old hostname
<Yosi123> awesome
<Yosi123> thanks
<Yosi123> see the problem i'm running into is when i setup the server, i just maid it the domain of my first domain but now i'm holding tons of virtual apache setups
<Yosi123> note sure how dangerous it is to change the domain name of the machine
<Jeeves_> it itsn't
<Yosi123> see now i would liek to gibve it a more generic name...
<Yosi123> but does the system domain have to be a real world domain?  does it have to match something?
<Jeeves_> No
<Yosi123> thats what i thought...
<Yosi123> i did the grep u mentioned
<Yosi123> and it only came back in the hosts file and the network files
<Yosi123> so it looks pretty clean
<Yosi123> what si the point of giving the machine a domain to begin with?
<Yosi123> does anyone know, does ubuntu-server support phpmyAdmin?
<joschi> Yosi123: yes
<\sh> apt-get install phpmyadmin
<Yosi123> joschi> is it worth to install it...    i need to restore a .sql file..   someone told me its easy with that tool...  is there an easier way without it?
<joschi> Yosi123: you could just use `mysql`
<\sh> Yosi123: restoring an sql file is more easy with the client
<Yosi123> sh - which client?  the gui?
<\sh> mysql -u root -p database_name < filename.sql
<\sh> Yosi123: mysql client
<Yosi123> yeah, they told me its very standard...  so maybe i'll just use that command instead of in stall phpmyadmin just to restore the one file
<\sh> or the much better way: mysql -u root -p \n <login> use <database name> \n set FOREIGN_KEY_CHECKS=0; \n source <filename.sql>; \n set FOREIGN_KEY_CHECKS=0;
<\sh> done
<Yosi123> awesome, thanks...
<\sh> aeh the last set FOREIGN_KEY_CHECKS needs to be =1 ;)
<Yosi123> k
<Yosi123> sh - is there any way to execute the sql from the MySQL Query Tool?  I copy and pasted the file into it, but when I hit the execute button it says "No SQL command"
<Yosi123> sql file*
<\sh> Yosi123: I don't know the mysql query tool....
<twb> \sh: why do you need to disable foreign key checks?  Is the dump you're restoring out-of-order?
<Jeeves_> Yosi123: Why not just use 'mysql
<Jeeves_> '
<Jeeves_> .\ dumpfile
<\sh> twb: we had some problems before, yes :(
 * twb blames mysql
<\sh> twb: no I blame broken software :) magento is one of them (especially
<\sh> when you are using a mysqldump backup of magento dbs... :()
<twb> \sh: what, the dump was created by something other than the database?
<\sh> twb: no but magento is creating new tables during runtime, and adding some foreign keys to other tables...:(
<twb> Surely if myqsl creates a dump, it SHOULD be coherent, regardless of what app(s) use the database
<twb> Oh, I see
<\sh> twb: and sometimes, if not most of the time, the rollback of an mysqldump gives you problems...
<\sh> regarding magento
<twb> Is the lucid partner repo mirrored anywhere?
<\sh> twb: I'm mirroring it locally ;)
<twb> I'm getting 50kiB/s trying to mirror it directly from archive.canonical.com
<twb> \sh: I mean are public mirrors allowed, and if so, where is a list of them
<jpds> twb: It's not designed to be mirrored.
<\sh> twb: dunno...ask one of the canonical sysadmins
<twb> jpds: that's what I figured; I wanted confirmation
<\sh> since the move of sun-java* packages to partner it should be mirrored somewhere publically
<twb> Indeed; I'm pissed because I found that epiphany Just Doesn't Work with icedtea, so I need to do this dance to get $customer's token java applet to work again :-/
<YankDownUnder> Anyone have any luck with a Canon LBP-1120 under 10.04?
<PirosB3> hi all, i have ubuntu server 10.04, have external hd connected that ftab mounts on boot, but if it'snot there... i't won't even start!! anyone??
<PirosB3> UUID=......... /home/external/ vfat ro 0 0
<PirosB3> no hd, no boot :(
<joschi> PirosB3: hdd defect? usb port defect?
<PirosB3> not at all,
<joschi> PirosB3: does it work with another OS?
<PirosB3> as soon as i attach drive it boots correctly
<PirosB3> yes, everything works fine
<PirosB3> i'm afraid it's something to do with fstab
<joschi> PirosB3: check the output of `dmesg`. there should be some entries when you plug the hdd in
<PirosB3> [    6.046500] sd 0:0:0:0: Attached scsi generic sg2 type 0
<PirosB3> [    6.047292] sd 0:0:0:0: [sdb] 488397168 512-byte logical blocks: (250 GB/232 GiB)
<PirosB3> [    6.048528] sd 0:0:0:0: [sdb] Write Protect is off
<PirosB3> [    6.048532] sd 0:0:0:0: [sdb] Mode Sense: 21 00 00 00
<PirosB3> [    6.048535] sd 0:0:0:0: [sdb] Assuming drive cache: write through
<PirosB3> [    6.053044] sd 0:0:0:0: [sdb] Assuming drive cache: write through
<PirosB3> [    6.053073]  sdb: sdb1
<PirosB3> [    6.056795] sd 0:0:0:0: [sdb] Assuming drive cache: write through
<PirosB3> [    6.056825] sd 0:0:0:0: [sdb] Attached SCSI disk
<PirosB3> [    6.476964] usb-storage: device scan complete
<PirosB3> ops, sorry
<joschi> PirosB3: `sudo blkid /dev/sdb1` will show you the correct UUID which you can use in your fstab
<PirosB3> joschi: i have the correct uuid
<joschi> PirosB3:  what does `mount /home/external` tell you then?
<joschi> PirosB3: because the partition has been correctly detected by your system (see `dmesg`)
<PirosB3> mount: secondo mtab, /dev/sdb1 Ã¨ giÃ  montato su /home/external
<PirosB3> mount non riuscito
<PirosB3> lol
<PirosB3> for mtab, it is already mounted
<PirosB3> mount failed
<joschi> PirosB3: please use LANG=C ;)
<joschi> ah, ok
<PirosB3> translate ;)
<joschi> PirosB3: I hope you have run the mount command with sudo and not as your normal user. maybe you have a stale /etc/mtab file
<PirosB3> lol
<PirosB3> ....maybe :)
<PirosB3> ok
<PirosB3> it says mounted
<PirosB3> but it's fstab for me
<joschi> PirosB3: no. fstab is the file you edit, mtab is the file your system generates for it to remember which devices are mounted
<PirosB3> yes, i'm saying my fstab line maybe needs some sort of option
<PirosB3> UUID=......... /home/external/ vfat ro 0 0
<joschi> looks good to me. you *could* add "defaults" to the options ("ro") but the rest is ok
<PirosB3> what does defaults do?
<joschi> add rw, suid, dev, exec, auto, nouser, and async
<joschi> and rw is overridden by your ro
<PirosB3> nono, i need only write
<joschi> -> `man mount` by the way ;)
<PirosB3> :D
<PirosB3> ok 1 sec
<PirosB3> nope :(
<uvirtbot> New bug: #612463 in clamav (main) "Cannot update klamav virus signature" [Undecided,Invalid] https://launchpad.net/bugs/612463
<PirosB3> adding defaults dosen't do it :( sob
<PirosB3> not even with auto!!!
<PirosB3> going nuts
<PirosB3> how can this be so stupid
<bigbrovar> Hi guys I am looking for a system which I could use for centrally administering desktops systems at work. something which would allow me centrally deploy updates and install packages when needed. is there anything which is free (as in beer and speech) which can do this.
<bigbrovar> someone told me about puppet has anyone used it before?
<Jeeves_> bigbrovar: Maybe landscape?
<Jeeves_> Otherwise, cfengine or puppet
<Jeeves_> (i prefer cfengine)
<bigbrovar> Jeeves_: its not free beer.
<Jeeves_> bigbrovar: ?
<uvirtbot> New bug: #612480 in antlr3 (main) "Sync antlr3 3.2-4 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/612480
<bigbrovar> is it possible to configure cfengine or puppet to use as a central update system or mass installation of packages across systems
<bigbrovar> Jeeves_: its not free as in price
<Jeeves_> bigbrovar: cfengine is.
<Jeeves_> puppet is. Only landscape isn't
<bigbrovar> Jeeves_: yeah I know I was asking if if cfengine could be used for updating/updating many systems at once
<Jeeves_> bigbrovar: cfengine has a client-server setup
<Jeeves_> So the client periodically downloads scripts from the server and executes them
<bigbrovar> Jeeves_: oh ok
<bigbrovar> hmm not exactly what I wanted but I would give it a try
<bigbrovar> Jeeves_: might also checkout spicewalk I heard there was plans to make a debian port would see how far that got.
<bigbrovar> Jeeves_: thanks :)
<Jeeves_>  yw
<Zee5han> is it possible to install ubuntu using a virtual drive?
<joschi> Zee5han: define "virtual drive"
<Zee5han> to install ubuntu you need to boot with the CD
<Zee5han> now lets say i dont have a CD and I mount the ISO with PowerISO
<joschi> Zee5han: not necessarily
<joschi> you could install ubuntu over network
<Zee5han> will I still be able to boot and install?
<joschi> or you just use something like wubi
<YankDownUnder> What's wrong with a USB install...?
<joschi> Zee5han: if you have a usb stick and the computer supports booting from usb you could also install ubuntu using unetbootin
<Zee5han> I have tried wubi but when it is downloading the ISO it says itll take around 150hrs
<joschi> Zee5han: so now you have several alternatives: install over network, install over windows, install over usb
<Zee5han> can I also try it out... like Live CD... LIve USB
<joschi> yes
<Zee5han> Thanks
<joschi> Zee5han: unetbootin will just copy the contents of the live cd on a usb drive
<YankDownUnder> Zee5han, The liveUSB is basically the same as the LiveCD - except that you can actually keep changes made to the USB...handy that.
<Zee5han> So I cant make changes on a LiveCD
<Zee5han> lets day my CD is RW
<YankDownUnder> Zee5han, Um...CD's being read-only...
<YankDownUnder> Zee5han, Doesn't matter if your drive is R/W or the CD itself is R/W, doesn't happen like that. However, with the USB, you can make changes...and keep them. Handy for installing clamav and using it for workstations...
<joschi> Zee5han: you can of course remaster a live cd. but on the usb stick you could do changes on the fly
<Zee5han> Thanks
<YankDownUnder> Anyone tried setting up a Canon LBP-1120 on 10.04 server?
<pthsWork> Hi all. I need some help here. I've set up a two node cluster with pacemaker/corosync. Here I'm running DRBD, Samba, Winbind and LDAP (for sid-uid mapping). This works great. Both nodes are member in the AD domain (2008r2) with a virtual IP. The problem is: If I add a user in AD getent passwd wont get the new user (sometimes it does). If I then kill winbindd and change active node it works and the new user is listed. Any ideas
<pthsWork> on what might be going on?
<Roxyhart0>  somebody know how i can capture data with tcpdum in intervales of 5 minutes each 5 min?
<YankDownUnder> Roxyhart0, Couldn't you create a script to do so and use cron to handle the job?
<Roxyhart0> maybe, but i am not sure if i want to add the data to the same file ...how to do that
<YankDownUnder> Roxyhart0, Probably append the date or time or something to the file - so that you're creating a file for that particular time? Just a thought...
<Roxyhart0> yes, i cant use >>
<Roxyhart0> as i tried and the file is not in the format that i want
<YankDownUnder> Roxyhart0, Not sure I understand what you mean by "the file is not in the format that I want" => in what, content? In name?
<Roxyhart0> format as i will read with wireshark...i tried to append with >> but after that wireshark doesn accept the format
<YankDownUnder> Append with >> ? Hmm...not sure I grok this - however, something you might find useful: http://www.cyberciti.biz/tips/shell-scripting-creating-reportlog-file-names-with-date-in-filename.html
<pthsWork> If I simplify my issue: If I add/delete users in Active Directory, getent passwd gets the updates after a few seconds. But for some reason this stops working after some time, so I have to restart windbindd to make it work again.
<TuxSax> big woe!
<uvirtbot> New bug: #612513 in mysql-dfsg-5.1 (main) "package libmysqlclient16 5.1.41-3ubuntu12.6 failed to install/upgrade: erreur lors de l'Ã©criture de Â«Â <sortie standard>Â Â»: SuccÃ¨s" [Undecided,New] https://launchpad.net/bugs/612513
<TuxSax> uvirtbot: !fr
<uvirtbot> TuxSax: Error: "!fr" is not a valid command.
<TuxSax> !fr > uvirtbot
<ubottu> uvirtbot, please see my private message
<uvirtbot> ubottu: Error: "please" is not a valid command.
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<TuxSax> LOL
<pmatulis> having fun?
<TuxSax> yeah
<TuxSax> it has been 10 years since I've left the IRC stuff, I'm back now to find a lot of things evolved in the bots...
<cloakable> heh
<pmatulis> artiifical intelligence has improved somewhat
<TuxSax> still have a lot to find out...
<TuxSax> on how to use those bots...
<pmatulis> *artificial
<pmatulis> TuxSax: you can converse with the bot in private
<cloakable> !botabuse
<ubottu> Please investigate with me only with "/msg ubottu Bot" or in #ubuntu-bots.  Search for factoids with "/msg ubottu !search factoid".
<Pici> !usage
<ubottu> Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://ubottu.com/factoids.cgi - Usage info: http://wiki.ubuntu.com/IRC/Bots
<uvirtbot> New bug: #612525 in openldap (main) "apparmor profile is not good for first backend creation" [Undecided,New] https://launchpad.net/bugs/612525
<blinkiz> Hi there. I would like to edit a line in /etc/ufw/before6.rules. DROP router-advertisement. Should I edit in that file or should I put my own lines somewhere else?
<blinkiz> Put in my own lines.. I mean.. put in some other file?
<simmel> How do I restore the original /etc/init/mysql.conf from mysql-server-5.1 that I accidently removed?
<klaas> simmel just download the package and unzip :)
<simmel> klaas: I'd rather have apt-get/dpkg fix things since it's somewhere in that database. But sure, I've thought about it.
<simmel> I've seen a solution for this before but I can't remember what I searched for then.
<klaas> you can run reinstall
<klaas> or reconfigure
<simmel> aptitude reinstall mysql-server-5.1 ?
<simmel> Because that doesn't solve it.
<ttx> Everyone: You have a few more hours to submit your last papercuts candidates, bugs nomination for the last subcycle is tomorrow !
<sommer> morning :-)
<hggdh> Daviey: good morning, how's eucalyptus doing?
<Daviey> hggdh, Hey!  Not too bad..  Been trying to work with Eucalyptus to get some of our patches merged upstream and raise some kitten killer bugs,
 * hggdh likes kitten killers
<hggdh> or even kitchen, for that matter
<hggdh> Daviey: any expectations (great or otherwise) re. timeframe?
<ttx> hggdh: about milestoning to alpha-3 (bug 610987): if you really mean it, you should also "Target to release" to maverick... and assign someone (be it Canonical Server team if you don't know what to put there)
<uvirtbot> Launchpad bug 610987 in eucalyptus "euca-describe-availability-zones verbose incorrect output" [High,New] https://launchpad.net/bugs/610987
<ttx> otherwise it's just lost
<ttx> I just targeted to maverick
<ttx> and tentatively assigning to Dave (feel free to reassign in UECland)
<Daviey> I've asked Eucalyptus to look into that once.
<hggdh> ttx: thanks. My view right now is that there is nothing to test is these bugs don't get fixed
<Daviey> I'm not entirely convinced it's there issue, it could be one of the patches we are carrying.. but they seemed willing to help debug
<Daviey> I'm scheduling a call with Euca today, i think - to follow up
<hggdh> ttx: I thought that milestoning would be enough, sorry
<Daviey> smoser, free for a quick call?
<smoser> can i have 5 minutes ?
<ttx> Daviey: we should plan to have a "plain" build to reproduce against
<ttx> (even if it's more painful to install)
<ttx> This "must be in the patch you carry" was raised a few times already and was mostly debunked as false in the end
<Daviey> ttx, Yes.. I did for the last Alpha make it only have essential patches in a PPA.. but i don't think that added too much value
<Daviey> Only confirmation, really.
<Daviey> ttx, Actually, euca made no reference to it being our patch - I raised it that out of the patches, this one I wasn't convinced was totally upstreams issue
<Daviey> But they are taking a look regardless.
<ttx> hggdh: for alpha3 IMHO we should concentrate on fixing the basic functionality, like registration and running a single instance.
<ttx> hggdh: there is no way everything will get fixed in the next day
<hggdh> ttx: so just basic functionality tests?
<Daviey> Yes! That is good ttx, i agree...
<hggdh> this is doable, of course. And easy :-)
<ttx> hggdh: well, if that fails, there is no point in fixing how it behaves under load
<hggdh> ttx: ack
<Daviey> The ones that are concerning me at the moment, are "Auto registraion issue" and to a slightly lower priority "instance poor success rate"
<ttx> I think we are spreading thin by trying to fix every regression
 * hggdh will be able to complete tests in about one day \o/
<ttx> and I fear that we won't solve anything if we go that route
<ttx> concentrating on the basic ISO test for alpha3... then fixing everything else after
<Daviey> ttx / hggdh: Euca are quite pleased to get access to the QA machines for this... elmo said it's ok, and i'll file a RT now.
<ttx> at least we'd have something installable
<Daviey> This makes it easy for hggdh to find an issue, ping them - and demostrate via screen etc.
<hggdh> Daviey: GREAT! I think this is an extremely good move
<Daviey> No more faffing with trying to communicate an issue.
<smoser> Daviey, ping
<Daviey> smoser, o/
<ttx> Daviey: could you sum up the key bugs preventing the basic ISO test from succeeding ?
<smoser> mumble
<Daviey> win!
<ttx> Daviey: bug 610987 is clearly *not* one of them
<uvirtbot> Launchpad bug 610987 in eucalyptus "euca-describe-availability-zones verbose incorrect output" [High,New] https://launchpad.net/bugs/610987
<ttx> I want to keep in the A3 radar only those "basic functionality" issues
<SpamapS> ttx: https://launchpad.net/server-papercuts/+milestone/maverick-beta ... 1 bug targeted? Did I put mine in the wrong place?
<ttx> so remilestoning to beta everything that is a regression under load
<hggdh> ttx: this bug only affects (it seems) when running 'euca-run-instances -n <number>
<ttx> SpamapS: the milestone nomination will occur tomorrow
<ttx> SpamapS: your proposlas should be undecided/New
<SpamapS> ttx: oh.. ok, well I jumped the gun a bit, oops. ;)
<ttx> SpamapS: you just overstpped your authority :)
<SpamapS> removed. :-P
 * SpamapS imagines ttx in Cartman's mirrored glasses.. ...... respect mah authoritah
<ttx> SpamapS: though if you want to handle papercuts from now on, just let me know :P
 * SpamapS dives back into spam can
<ttx> Daviey: so, preventing the "basic tset" from succeeding, we have:
<ttx> bug 609112
<uvirtbot> Launchpad bug 609112 in eucalyptus "euca_conf --discover-nodes fails to register nodes" [High,Confirmed] https://launchpad.net/bugs/609112
<Daviey> ttx, 2 mins.... on call with smoser
<hggdh> ttx: I eould add bug 610259 -- it may be a special case of 609112
<uvirtbot> Launchpad bug 610259 in eucalyptus "inconsistent output euca_conf and euca-describe-availability-zones" [High,Confirmed] https://launchpad.net/bugs/610259
<ttx> hggdh: that doesn't prevent the basic test from succeeding, right ?
<hggdh> expect for the fact that you have no clue of what NCs are in, no
<hggdh> ttX ^
<ttx> hggdh: I think it's the same issue
<hggdh> ttx: I think it can, also. I opened separate because there was a chance it was unrelated
<hggdh> s/it can/it is/
<ttx> the key bug is that euca_conf doesn't register nodes anymore
<hggdh> ack
<smoser> ttx, thta isn't correct
<smoser> it doesn't say it did
<hggdh> smoser: when I tested it, I only got the NCs in via 'euca_conf --register-nodes', never via --discover-nodes'
<smoser> ok.
<smoser> so manybe im' wrong then/
<smoser> my experience is that register-nodes works, but --list-nodes shows no nodes
<hggdh> not sure -- I only tested on topo1 (all-in-one, plus 5 NCs)
<smoser> but things run fine, and euca-describe-availability-zones output is correct.
<ttx> Daviey: if you agree that the node registration issue is the key bug, that's something we can investigate on our side
<ttx> Daviey: I'm sure you welcome external help on this one ?
<hggdh> smoser: hum. I will try again, with a current ISO/UEC images
<smoser> well, as of friday, --list-nodes was broken for me
<hggdh> yes, same (from Thurday, and earlier, no changes in euca-2.0)
<MTecknology> How can I put a user inside a chroot when they log in? Moreso, so they're only dropped into it if they're above uid 1000 (if possible)
<Daviey> ttx, The more help the better :)
<ttx> Daviey: ok, I'll try setting up a system to reproduce that
<Daviey> ttx, Awesome!
 * ttx wonders if he could start from an A2 system
<Daviey> ttx, Hmm.. i'm not sure how the libjibx is handled for upgrade.. need to test that
<ttx> Daviey: I'll figure it out
 * ttx pauses while the ISO loads
<hggdh> smoser: I am reloading the whole shebang. This is actually not bad, since I will be able to test the apparmour issue
<poisonborz> Hola... could someone help me? I've installed ubuntu server with gnome and gdm to log in, but when I run gdmsetup, I get these errors... http://pastebin.com/SGDgqs6k
<Daviey> ttx, If i want to get a new upload of euca into A2, guess it needs to be published before Tues early morning?
<kirkland> Daviey: A3?
<ttx> into A3, you mean ? Given the current state of the ISO...
<Daviey> err yeah
<ttx> I'd say that a late Tuesday upload will make it
<Daviey> ttx, Does that mean Wednesday is likely to be the A3 iso?
<hggdh> poisonborz: it seems you are missing some Gnome packages
<ttx> Daviey: I hope so.
<Daviey> ok, super
<ttx> the current ISo is borken, says no kernel, some apt-cdrom failure apparenbtly
<ttx> given that the release team is... fragmented... it should take some time to fix that.
<poisonborz> hggdh: it would be great if that is all whats wrong... could you tell me what those packages are?
<hggdh> poisonborz: unfortunately, no... perhaps you can try the #ubuntu channel?
<MTecknology> How hard is it to write a custom pam module that handles crap when you log in over ssh?
<MTecknology> I want to perform a certain set of commands and then drop the user in a certain chroot
<ttx> Daviey: so I targeted the other bugs to -beta, let's focus on the node registration issue
<Daviey> MTecknology, I'm not sure pam is the best way to achieve that... I would suggest a custom shell, perhaps
<Daviey> ttx, Agreed.. if i can whack out a fix for registration - i'll start tackling the others
<Daviey> I would like to land design refresh for A3.. but not sure that is likely now..
<ttx> this might just snowball-fix the others
<Daviey> snowball-break  the other features:)
<MTecknology> Daviey: What I'm looking for is user| ssh user@host.com -> sshd| cp -r /etc/chroot-skel /tmp/[mktemp]; ln /home/user /tmp/[mktemp]/home/user; mount [stuff]; chroot /tmp/[mktemp] /bin/bash; logount| rm -r /tmp/[mktemp]
<MTecknology> Daviey: unless there's some better option
<Daviey> MTecknology, A throwaway chroot on every login?
<RoyK> MTecknology: erm - is it possible to hardlink directories these days?
<MTecknology> RoyK: ln -s
<MTecknology> Daviey: ya
<RoyK> MTecknology: looked more like you were trying to hardlink it
<MTecknology> RoyK: those were far from complete commands. Sorry about leaving out the -s :)
<MTecknology> Daviey: any ideas if somebody did the hard part of that already?
<AndyGraybeal> how do i set global umask in multi-user setting, we'll be using ubuntu server with LTSP and Gnome.  is it /etc/profile ?
<MTecknology> AndyGraybeal: yuppers
<AndyGraybeal> thank you MTecknology
<MTecknology> AndyGraybeal: after you change that, you need a reboot iirc
<pmatulis> is /etc/profile read for all shells?
<AndyGraybeal> is it possible to have usernames of andy.graybeal in ubuntu?
<Daviey> MTecknology, The cleanest solution may well be PAM.. There is a PAM module for creating a home dir if it doesn't exist
<Daviey> You could adapt that i suppose, but don't expect it to be too trivial
<AndyGraybeal> Daviey: are you talking to me?
<Daviey> AndyGraybeal, no
<AndyGraybeal> Daviey:  :) k
<Daviey> :)
<Daviey> AndyGraybeal, you can have dots in usernames... and it works.. but useradd will complain :)
<MTecknology> Daviey: any ideas for a better solution? My original goal was to just build a whitelist of what apps the user can launch - I'm somewhat considering chmod o-x on everything I don't want them running..
<MTecknology> AndyGraybeal: if you want to avoid headaches.. make sure the first/last character is a letter.. some apps like to complain otherwise. I use dots all the time though.
<MTecknology> some of my user accounts :P -> JF81F5D.s SEF5644E4.s S5A76C029.s SAB0FFB17.s
<Daviey> MTecknology, Not at the moment.. i'm sorry i can't give you more focus atm.. Have lots to do :(
<MTecknology> Daviey: ok, thanks. So far all I've found is libpam-chroot which seems to have no docs.
<pmatulis> MTecknology: why not just create ssh chroots for the users?
<MTecknology> pmatulis: how do I do that?
<MTecknology> pmatulis: I some some docs on it but they weren't very helpful
<pmatulis> MTecknology: there is quite a lot of hits for that.  what didn't work?
<MTecknology> pmatulis: it seemed to be almost all for removing ability to access cli and required making the users home directory owned by root:root
<pmatulis> MTecknology: not sure about that but what specifically is wrong with those solutions?
<ttx> Daviey: arh, I downloaded the wrong A2 ISO.
<Daviey> oh dear
<ttx> looks like I won't have time to try it out today, and I don't work tomorrow morning
<ttx> :/
<ttx> Daviey: we can have a discussion now on how to debug it, like how it's supposed to work, if you need any of that info ?
<MTecknology> pmatulis: I can't have everything owned by root, and they need to have cli access
<pmatulis> MTecknology: ownership changes are top level directories, that should be ok since by nature folks are trapped in the chroot
<pmatulis> MTecknology: re cli access, i don't get it, of course they have cli, can you explain?
<MTecknology> pmatulis: I'm only trying to control what the user can do when logged in. I'll initiate processes as the user than I don't want them to be able to do
<Daviey> ttx, Hmm.. i remember following the initial design of how it should work..  I am a little unsure, so it would help.
<ttx> ok, mumble
 * Daviey enages
<pmatulis> MTecknology: oh ok, not a chroot at all then
<MTecknology> pmatulis: That's just the solution I kept getting pointed at
<pmatulis> MTecknology: and it's not like you know what they will be running, just what you don't want them to run?
<MTecknology> pmatulis: If I can restrict them to a whitelist set of apps, that would be ideal
<pmatulis> MTecknology: apps are cli-based?
<MTecknology> pmatulis: ya
<MTecknology> pmatulis: this is on a server
<pmatulis> MTecknology: so just use ssh remote commands via a forced-command checking script  :)
<pmatulis> MTecknology: are the apps interactive?
<MTecknology> pmatulis: vim is
<MTecknology> pmatulis: You mean like make them run ssh -e for every single command?
<pmatulis> MTecknology: yeah
<pmatulis> MTecknology: but not sure about interactive stuff
<MTecknology> it'll almost all be interactive
<MTecknology> They need to use thigns like vim, ssh, pu, pcd, prush, ls, cat, mv, rm, cd, wget, tar <- which covers probably almost all of it
<Doonz> hey guys im using sshfs to mount a remote directory on my local server. Is there a way to make this mount a constant connection because sometimes it disconnnects and then i have to manually remout it
<papertigers> join #ubuntu-community
<papertigers> opps lol
<rdw200169> Doonz: its probably more of a ssh configuration than a sshfs config... i'm guessing a longer ssh connection timeout or something, check the OpenSSH manual
<Doonz> why would it time out tho
<Doonz> box boxes are running and there hasnt been a disconnect for the internet
<rdw200169> Doonz: lots of reasons.  sometimes the network bogs down, for whatever reason, and the host/guest connection doesn't see any packets for a while
<rdw200169> Doonz: and then the timeout is satisfied, and the connection is closed
<rdw200169> Doonz: you could also look into enabling the keepalive, so that inactivity doesn't shut your ssh connection
<Doonz> uh
 * Doonz is a noob
<rdw200169> Doonz: you're gonna have the best luck reading the man page for ssh_config.  you're looking for 'TCPKeepAlive'
<Doonz> sshfs user@remotehost:/home/user/scripts/ /home/user/scripts/
<Doonz> thats the command i run
<rdw200169> yeah, thats fine, but, on the inside of that command, a 'normal' ssh session is being created, which means your default ssh configuration still applies
<Doonz> k
<Doonz> goind to check it out now
<rdw200169> thus, whatever is causing your ssh connection to be closed, would also affect a normal ssh session
<Doonz> but my normal ssh session never closes
<Doonz> :/
<rdw200169> which is likely due to the fact that, when you have a 'normal' ssh connection, you never stay idle for very long
<ttx> Still downloading, will setup tomorrow.
<rdw200169> keep in mind that, for an sshfs mount, just because the drive is mounted, that your computer isn't necessarily communicating over that connection (unless you're accessing the mount or something)
<Doonz> rdw200169: ok i looked in my ssh_config file and it didnt have TCPKeepAlive so i added it and set it to yes
<Doonz> do i have to do anything now to it?
<rdw200169> you could probably do well to also add it to /etc/ssh/sshd_config on your server too.
<rdw200169> on the server, you could also add ClientAliveInterval 60 to that file as well
<papertigers> I want to buy a new box for ubuntu server..but hmm what to use it for
<Doonz> rdw200169: i cant find clientaliveinterval in the ssh_config man
<hggdh> Doonz: it is actually ServerAliveInterval
<Doonz> well its actuall in the sshd_config
<Doonz> lol
<Doonz> so i set that
<hggdh> and ServerAliveInterval in the client.
<Doonz> not tcpkeepalive?
<AndyGraybeal> MTecknology: hey, about this dots in the name thing, i was reading that the command "chown" doesn;t like it when you need to assign both a username and a groupname like: chown andy.user /srv/userdata
<AndyGraybeal> how would i get around that if i have dots in my name?
<AndyGraybeal> i guess chown gets confused
<AndyGraybeal> aah i guess it's as easy as using a colon to delineate the username from the groupname. peice of cake
<hggdh> Doonz: tcpKeepAlive is, but default, on
<hggdh> s/but/by/
<Doonz> hggdh: it wasnt in my config file tho
<AndyGraybeal> how comfortable do you guys feel about  'automatic security  updates'?
<hggdh> AndyGraybeal: very
<AndyGraybeal> k, thank you.
<hggdh> AndyGraybeal: truth be said, I still prefer to manually apply them. I trust them to be correct, but updates are only applied when *I* decide
<AndyGraybeal> i know that microsoft has made many security updates that mess things up, so the rule in my old job was never automatically update, ever.  wait until you read about the update and only apply it on testing machines, then apply to live boxes and only if you need to or some such.
<hggdh> there you go. I do not believe in witches, but that they exist, they do. Better safe than sorry, and all that
<thesheff17> AndyGraybeal: what I do is create a local ubuntu mirror and update it on the 1st of the month....roll all those patches to the test env.  If anything breaks it doesn't bring down prod.  If the updates don't affect thing for 30 days I update production and repeat.
<MTecknology> AndyGraybeal: yay :)
<MTecknology> I still wish I could figure out how to make a specific set of commands/apps available to users..
<thesheff17> Mtecknology: have you looked at chroot?
<MTecknology> thesheff17: lol... indeed. The available tools for a chroot option seem to not be possible for what I need though. They seem to all require that the files in the chroot need to be root:root and usually don't offer cli.
<MTecknology> thesheff17: unless you know a lot about it - then maybe you could coax a novice through it?
<thesheff17> it is pretty easy...basically you make a chroot jail and only link the commands you want them to use inside there jail
<thesheff17> MTecknology it also has seperate passwd files if you want so only certain people have access to that chroot...I have created ftp & ssh inside chroot jail before
<maek> can anyone explain to me how to use a local mirror of archive.ubuntu.com for an install source from a preseed file? I tried copying the dvd but it said packages.gz was corrupt. now that I point it at my local mirror of archive it says faild to download a file. here is my preseed mirror section and a tree from my local mirror. http://gist.github.com/504960 - thanks!
<MTecknology> thesheff17: I want to make it so /home/user/* is still user:user - then like you said, they only have a few commands available. My thought process was something kinda like this - user| ssh user@host.com -> sshd| cp -r /etc/chroot-skel /tmp/[mktemp]; ln /home/user /tmp/[mktemp]/home/user; mount [stuff]; chroot /tmp/[mktemp] /bin/bash; logount| rm -r /tmp/[mktemp]
<thesheff17> maek https://www.digisoftinc.org/wiki/index.php/Ubuntu_preseed.cfg_installs_off_PXE_Boot I need to renew my ssl cert
<Pici> MTecknology: Why not give them rbash as their shell?
<maek> thesheff17: thanks
<maek> thesheff17: haha, your preseed is what I have copied :)
<MTecknology> !search rbash
<ubottu> Found:
<MTecknology> oh..
<thesheff17> maek: I will pastebin my mirror.list that I use
<Pici> MTecknology: Its part of bash.
<MTecknology> Pici: .... this thing is pretty spiffy :D
<thesheff17> maek: cool ;) I'm glad someone can use it
<maek> thesheff17: thanks, I think im just have a bit flipped someplace.
<maek> thesheff17: yeah, Its been very helpful, thank you.
<MTecknology> Pici: what about this? http://ubuntuforums.org/showpost.php?p=6301166&postcount=2
<thesheff17> maek: http://pastebin.com/c5DdavDq
<maek> thesheff17: do you then install from that apt-mirror created repo?
<Pici> MTecknology: It depends on what commands you are allowed to use within the shell.
<Pici> MTecknology: See http://pentestmonkey.net/blog/rbash-scp/
<thesheff17> maek: like how do I update the mirror?
<thesheff17> maek: pxeboot file points at my local ubuntu mirror http://192.168.1.4/ubuntu
<maek> thesheff17: no how would you install a single client. in your preseed config you are using archive.ubuntu.org not your local mirror - as far as I can tell
<MTecknology> Pici: Is there any way I can configure what the user can do in it? I'm not seeing any configs for it in the places I assumed it would be, like cd - cd is probably one that shouldn't be allowed that will definitely be needed
<maek> thesheff17: in your pxelinux.cfg/default file you point to the install source? I only point to the preseed file
<MTecknology> Pici: aside from that it looks like the defaults are pretty awesome
<Pici> MTecknology: Then maybe it doesn't fit what you need to do.
<thesheff17> maek: oh this is before I had a local ubuntu mirror on the same as the pxeboot laptop
<thesheff17> maek: just change this d-i mirror/http/hostname string archive.ubuntu.com to d-i mirror/http/hostname string 10.1.1.1
<maek> thesheff17: ok, thats what I have pretty much. it keeps saying bad archive. But I see in your mirror list the debian-installer stuff. let me add that and re mirror. thanks
<thesheff17> maek: yea that drove me nuts for a long time :)
<maek> thesheff17: so thats the key to install from your archive local mirror?
<thesheff17> maek: yea the whole install will be off your pxeboot server
<thesheff17> maek: before I was using iptables to forward traffic to that 10.1.1.1 but it was slow and I was doing so many installs it was worth finding out how to get a local mirror working
<MTecknology> Pici: that's the one and only thing I'm seeing not available that I would need. Everything else is to the very dot exactly what I was hoping for.
<maek> thesheff17: thanks. ill give that a go and see if it fixed the "bad archive mirror" screen
<thesheff17> maek: I also have an issue if you have 2 hard drives in the machine it doesn't work.
<thesheff17> maek: I haven't figured out how to fix that yet.
<maek> thesheff17: preseed doesnt work?
<thesheff17> maek: yea it prompts for something...but then continues on
<maek> thesheff17: wonderful :| - this seems like a huge step down in "doneness" from kickstart
<batok> I have Ubuntu 9 server karmic koala.  I wonder if there's a joomla package ?
<batok> how can I know the available packages ? with dpkg ?
<maek> batok apt-cache search joomla
<Pici> !apt
<ubottu> APT is the Advanced Package Tool, which together with dpkg forms the basic Ubuntu package management toolkit. Short apt-get manual: https://help.ubuntu.com/community/AptGetHowto - Also see !Synaptic (Gnome), !Adept (KDE) or !KPackageKit (KDE)
<maek> dpkg -l |grep joomla
<thesheff17> maek: yea I have heard if you have all the same hardware and you are configuring them all the same you can use debconf-get-selections --installer > alloptions.cfg
<batok> tks
<thesheff17> maek: and re use that file but I haven't tried since I have never had all the same hardware :-/
<maek> thesheff17: yeah someone pointed me in that direction as well but I have several "kinds" of boxes im trying to get auto installing.
<thesheff17> maek: well you could always add the second drive after the install...and if it is production you should be using hardware raid and it will only present 1 drive to ubuntu.
<maek> thesheff17: yeah they show up as cciss using the hp raid controller, not a big concern but still thats a bit erksom
<thesheff17> maek: yea I wish I knew how to fix it but I don't even know who to ask and I needed the hardware right away.
<maek> thesheff17: so once you got the debian-installer into your local mirror you were able to install a new host 100% from that local mirror ?
<maek> off pxe
<thesheff17> maek: yup
<maek> thesheff17: thanks!
<thesheff17> maek: np it works really well after you installed ubuntu about 10 million times since 6.04 :)
<maek> thesheff17: do you know of a good place to find an explination or listing off all the d-i options?
<thesheff17> maek: http://d-i.alioth.debian.org/manual/en.i386/apbs04.html  I would almost search debian when looking for d-i stuff if you can't find it for ubuntu.  I think that is how I found the extra settings for my mirror file.
<maek> thesheff17: thanks again
<thesheff17> maek: np glad I could help.
<thesheff17> MTecknology: if you have nice new hardware you could always build virtual machines per function....like ftp server, apache server, etc
<MTecknology> thesheff17: all the need to do is edit files in ~/*
<MTecknology> thesheff17: it looks like rbash won't do what I need - even though it's extremely close - it's simple to break out of
<thesheff17> MTecknology: I think you can only break out of it if you give them access to commands that break it...which commands do you want to restrict to?
<thesheff17> MTecknology: also when a user logs in all file permissions should be user:user
<SpamapS> IIRC, LXC and OpenVZ can do that w/o nice new hardware.
<MTecknology> thesheff17: vim, cd, ls, wget, tar, pcd, pget, prush - I think that's most of it
<thesheff17> MTecknology: well all of those commands are pretty straight forward except vim.  vim they can prob break out of
<smoser> SpamapS is correct that LXC (which enabled in ubuntu kernels, openvz is not) does not need hardware virtualization extensions.
<smoser> that said, lxc is not significantly more secure than a chroot.
<thesheff17> MTecknology: they are already using scp right?  make them use winscp and edit the files :)
<SpamapS> I seem to recall it doesn't provide quite the same host protection as full virtualiztion tho
<aljosa> i need to enable ICMP or monitoring software reports that server is down but /etc/ufw/before.rules have ACCEPT for all icmp-type(s). any idea what i'm doing wrong?
<MTecknology> thesheff17: winscp from a linux machine?
<MTecknology> thesheff17: :P
<aljosa> "iptables --list|grep icmp" returns "REJECT  all  --  anywhere  anywhere  reject-with icmp-port-unreachable" but i can't figure out where is this defined
<thesheff17> MTecknology: true
<thesheff17> MTecknology: let them use gedit
<MTecknology> thesheff17: My devs hate me enough :P
<thesheff17> MTecknology: or nano
<thesheff17> MTecknology: haha :)
<MTecknology> :P
<SpamapS> MTecknology: you might enjoy reading up on the concept of "devops".
<MTecknology> thesheff17: if I could make them use rbash and also keep them from touching a few other commands - this might work nicely enough
<thesheff17> MTecknology: I just think vim is too powerful with too many commands that prob can break out of rbash
<MTecknology> thesheff17: it seems to capture it..
<thesheff17> MTecknology: cool
<aljosa> how can i enable icmp/ping on server?
<MTecknology> thesheff17: now.. what was that other tool mentioned?? I need to go up and find it
<pmatulis> aljosa: read up on ufw and where it stores it's files
<thesheff17> Mtecknology: http://pentestmonkey.net/blog/rbash-scp/
<pmatulis> aljosa: or just 'sudo grep -r REJECT /etc'
<thesheff17> MTecknology: you just have to be careful with what commands you give you devs.  You have to give them a little trust don't you :)
<aljosa> pmatulis: i've just figured out that i can ping localhost but not public address, any idea why? also, i have no REJECT rules in /etc
<MTecknology> thesheff17: ya, but I know what they need to use - the way things are right now (they don't know it) they can become root simply by not completing one of the commands that they use a few times a day.
<pmatulis> aljosa: turn off iptables and make sure you can ping
<thesheff17> MTecknology: well if they aren't running things as root now rbash will be just another layer they will have to "break" to get to root.
<aljosa> pmatulis: i've did ufw disable, iptables --list has no rules. still can't ping public ip address. what else could be a problem?
<thesheff17> MTecknology: and harder in a chroot env
<thesheff17> aljosa: your route
<thesheff17> aljosa: default gateway
<MTecknology> thesheff17: I'm trying to fix the masive gaping security holes.. a chroot as i described earlier would be absolutely perfect - but it doesn't sound like that's possible
<thesheff17> MTecknology: sorry I missed...what was the problem with chroot?
<MTecknology> thesheff17: give me a minute...
<aljosa> can somebody try to ping 79.125.24.103? it's hosted on amazon, do you get any response?
<abrightwell> no response.
<thesheff17> aljosa: doesn't ping you prob don't have icmp enabled in the security group
<abrightwell> has anyone have any experience with openfire or other XMPP server on Ubuntu?
<MTecknology> thesheff17: http://dpaste.com/224302/
<kees> aljosa: "hosted on amazon"? do you mean it's an EC2 instance? you have to open the EC2 firewall to talk to any of your instances there
<SpamapS> ugh.. we're sucking at bug triage again
<MTecknology> SpamapS: reminding me I need to file and fix a bug
<thesheff17> MTecknology: what if you build the chroot env and then do a useradd -m
<thesheff17> MTecknology: to create the home directory
<MTecknology> thesheff17: I have a few hundred users, that would get to be a whole lot of chroots - usually only one or two of the accounts is used on any given day
<MTecknology> thesheff17: usually they also log in at the beginning of the day and they're on for most of it
<aljosa> kees: yes, but does icmp have port? i can't find any info
<thesheff17> MTecknology: I think the problem is that you want a directory outside chroot available in chroot which defeats the purpose.  I would just create a whole chroot env for all user /home/chroot/user
<kees> aljosa: ICMP is a protocol, like UDP and TCP. I don't have the EC2 documentation handy, but I'm pretty  sure you can open that up.
<MTecknology> thesheff17: I'll still need t5o fight with not making the user/group of the home directory not have to be root:root
<thesheff17> MTecknology: I believe you are seeing root:root because it is a symlink but it should still confirm to the link back.  I could be wrong though
<MTecknology> thesheff17: everything I read said that anything that's inside of a chroot need to be root:root on the fs
<hggdh> Daviey: when you installed Euca 2.0, did it identify all components (walrus, cluster, scs)?
<thesheff17> MTecknology: I don't think that is the case.  I have had ftp & scp users send files to the server under chroot and I'm pretty sure the files inside the chroot permissions are correct.
<Daviey> hggdh: Seemed to.. I'll have a better idea in a bit.
<MTecknology> thesheff17: it kinda sucks.. I thought this would be an easy task :P
<thesheff17> MTecknology: Though this was debian and I don't have the server anymore :(
<Daviey> hggdh: There is different behaviour between ubuntu-server -> UEC conversion, and a fresh install of UEC
<thesheff17> MTecknology: I would try one chroot env with all your users inside there with rlogin limited to the commands you want.  also have a separate home directories for the server and chroot env
<thesheff17> MTecknology: rbash I mean
<MTecknology> thesheff17: so make a chroot, ln -s /chroot/home -T /home; and then?
<thesheff17> MTecknology: yea
<MTecknology> thesheff17: what would I do after that to make it work?
<hggdh> Daviey: hum. In my case it is always a new install
<thesheff17> MTecknology: sorry that isn't right....don't have home a symlink.  create a new home dir for the chroot env.
<Daviey> hggdh: What behaviour are you seeing?
<MTecknology> thesheff17: ok, I'll cp it
<AndyGraybeal> MTecknology: back to 'dots' in the username, so you say: adduser andy.graybeal --force-badname  ?
<MTecknology> thesheff17: so then?
<MTecknology> AndyGraybeal: I just do useradd -m -s /bin/bash SOMEUSER.s
<thesheff17> you can just copy /etc/passwd to the chroot
<AndyGraybeal> MTecknology: thank you
<MTecknology> thesheff17: and then?
<MTecknology> thesheff17: That part doesn't seem too hard
<MTecknology> I'm building the chroot now
<thesheff17> MTecknology: there a bunch of files you need for a chroot env...here is a how to: http://www.cyberciti.biz/tips/howto-linux-unix-rssh-chroot-jail-setup.html
<hggdh> Daviey: absolutely no component registered
<thesheff17> MTecknology: then when the users login there is something in /etc/passwd that sends the user into the chroot env...sorry it has been a really long time since I have done all this ;)
<hggdh> Daviey: so I had to euca_conf --register* on each
<Daviey> hggdh: Ok!  Can you pastebin your registraion.log?
<hggdh> Daviey: one more thingy -- current ISO -- libvirt-bin did *not* start up on boot
<MTecknology> thesheff17: I'm using debootstrap now. I figure I can trim that down after things are working..
<Daviey> *sigh*
<Daviey> hggdh: thanks for letting me know
<thesheff17> MTecknology: that will work
<MTecknology> thesheff17: then I need to copy home, resolve.conf, passwd, shadow, and mount proc?
<MTecknology> thesheff17: then.. I've no idea :P
<hggdh> Daviey: http://pastebin.com/mZ1U8GVK
<MTecknology> thesheff17: unpacking this much data takes a while :P
<hggdh> Daviey: my pleasure ;-)
<Daviey> hggdh: I'm somewhat concerned about the cluster not being recognised
<Daviey> I've not seen that issue here :S
<hggdh> Daviey: might be something that changed in the eucalyptus-udeb?
<SpamapS> ugh.. thats 3 times in a row today where I triaged one bug, and in the time it took, another one was reported. >:
<Daviey> hggdh: I think this might be the case
<Daviey> *sigh*
<jord> I've got a problem with Avahi. It starts at boot but does not advertise it's services until I restart it. Any ideas?
<Daviey> hggdh: I'm firing up a cloud in a while from the latest daily, and will report my findings... hopefully they match
<Daviey> jord: No idea.. but please keep me posted about what you find out.  This might be causing me an issue aswell, so i'd appreciate it if you can let me know what happend.
<jord> Daviey: sure, it's pretty annoying!
<MTecknology> thesheff17: another fun issue... out of disk space
<thesheff17> MTecknology: hehe your devs won't be doing much with no disk space :p
<SpamapS> is Avahi an upstart job or rc script still?
<MTecknology> thesheff17: I cleared it up enough that they can - for now
<SpamapS> seems like if anything would need a real IP assigned, it would be avahi
<MTecknology> thesheff17: gotta fix this issue first :P
<hggdh> Daviey: good. I do hope it matches -- I also tested with the current dailies. Meanwhile, time to dig in the installer/syslog
<MTecknology> !kvm
<ubottu> kvm is the preferred virtualization approach in Ubuntu. For more information see https://help.ubuntu.com/community/KVM
<Daviey> hggdh: Cool.. please do let me know what you find. :)
<SpamapS> Daviey: I installed eucalyptus-cc trying to test the ganglia script, but I never got any stats files...
<SpamapS> do I have to spawn nodes to get stats?
<MTecknology> thesheff17: yay, so simple - now for a lot of moving files around
<thesheff17> MTecknology: excellent :)
<Daviey> SpamapS, sadly - you do :/
<Daviey> SpamapS, Is there any thing me or hggdh can do to provide data?
<ivoks> Daviey: no :)
<ivoks> Daviey: but i will start now :D
<MTecknology> I love it when something doesn't die on kill -9...
<Daviey> ivoks, RE: the postfix bug?
<ivoks> Daviey: yes
<Daviey> oh cool!  You rock!
<ivoks> eh? not really
<MTecknology> It'd be great if there was one end-all-be-all command to destroy a process
<batok> is there a default password for user root in mysql ?  First time accesing mysql in ubuntu 9.10
<MTecknology> batok: no, when you install mysql it asks you for that
<ivoks> nope
<Daviey> ivoks, you rock for doing it now :)
<ivoks> batok: if you don't know it, sudo dpkg-reconfigure mysql-server-5.0
<batok> well I just did the apt-get
<batok> ok tks
<Doonz> Hey guys
<Doonz> hey guys im using sshfs to mount a remote directory on my local server. Is there a way to make this mount a constant connection because sometimes it disconnnects and then i have to manually remout it
<Doonz> ive tried the tcpalive and clientinative and serverinactive but its still disconnects
<Doonz> is there something else i could do?
<ivoks> why does it disconnect?
<Doonz> dunno
<Doonz> ls: cannot open directory .: Transport endpoint is not connected
<ivoks> does your internet connection gets disconnected?
<Doonz> nope
<MTecknology> thesheff17: gah! Disk IO needs to become limitless
<ivoks> is there a timeout on ssh server? does it get periodily disconnected or in case on inactivity?
<MTecknology> thesheff17: mkfs has been running for 5min now :(
<MTecknology> on only 30GB
<SpamapS> Daviey: If you wanted to tar up your /var/run/eucalyptus and /var/log/eucalyptus, and send those to me, that would help
<Doonz> i just remount it and everything is good
<SpamapS> Daviey: otherwise I'll just start spawning nodes. ;)
<Doonz> ill check the timeout on the server
<thesheff17> MTecknology: you can run nice before the command so it doesn't stress other things running
<ivoks> Doonz: remounting doesn't answer the question
<Doonz> theres no timeout specified in the sshd_config file
<MTecknology> thesheff17: I'd probably make it not so nice to oth3er things :P
<ivoks> Doonz: is your conenction dropped after period of inactivity or every, let's say, 5 minutes?
<Doonz> nope
<MTecknology> thesheff17: it's only 30GB - it shouldn't take this long :S... it's virtual i guess
<Daviey> SpamapS, It might be a good learning experience to deploy your own cloud. :)
<Daviey> (if you have the time / motivation )
<thesheff17> MTecknology: yea 30GB should be quick
<MTecknology> thesheff17: I'm still waiting
<ivoks> Doonz: 'or' questions can't be answered with yes or no :)
<Doonz> my ssh never drops
<millerd> So I have a computer lab of imaged Ubuntu machines, using cluster ssh how do I connect to them all?
<ivoks> Doonz: what i've asked is:
<ivoks> Doonz: does you connection drops while you are using that mount?
<ivoks> Doonz: or is it just dropping after some time when you aren't using it
<Doonz> its if i havent used it
<ivoks> so, it's timeout
<Doonz> client side or server side?
<ivoks> something kills the connection cause of inactivity
<hggdh> Daviey: I can see no errors on the installer/syslog
<hggdh> Daviey: I think I will reinstall from scratch, and -- before doing anything else -- check on the settings
<lenios> does anyone have experience with encrypted disk (luks) containing LVM? i broke the mbr, and having issues booting it
<lenios> initrd and linux image should be safe, but /boot/grub was overwritten
<ivoks> Doonz: probably client side
<Doonz> well that brok it more
<Doonz> lol
<Doonz> read: Connection reset by peer
<ivoks> what broke it?
<millerd> So I have a computer lab of imaged Ubuntu machines, using cluster ssh how do I connect to them all so I can manage them, update them etc?
<Doonz> connection time
<Doonz> too many 9's
<Doonz> fixed it only one way to see if that fixes it
<ivoks> 9?
<ivoks> i'm not telephatic
<ivoks> or however it is spelled
<Doonz> connection timeout was 99999999999999999
<Doonz> it didnt like that
<ivoks> it could be your gateway that's killing the connection
<thesheff17> millerd: I would use private/public ssh keys and write a script to run commands on the remote servers.
<millerd> How do I do that?
<thesheff17> millerd: search google for ssh keys and learn how they work
<MTecknology> thesheff17: OK! chroot is setup and I can become users inside of it
<MTecknology> thesheff17: now what? :P
<thesheff17> thesheff17: I would get rbash working for each user with each command you want
<MTecknology> thesheff17: rbash won't do what I need it to
<MTecknology> thesheff17: in #bash they even said it's a bad idea to rely on it at all
<thesheff17> MTecknology: with chroot all the commands are disabled....you should symlink the commands you want
<uvirtbot> New bug: #452910 in asm2 "Encoding javac and javadoc warnings during build" [Low,New] https://launchpad.net/bugs/452910
<MTecknology> thesheff17: yup- I have a fully functional chroot right now
<MTecknology> thesheff17: I can ping google and su users from inside of it
<thesheff17> MTecknology: nice what else do you need to do?
<MTecknology> thesheff17: drop the user into that chroot as their user
<thesheff17> MTecknology: its something in the /etc/passwd
<thesheff17> MTecknology: that forwards them into the chroot env
<MTecknology> !search chrootshell
<ubottu> Found:
<thesheff17> MTecknology: Even with the chrooted SSH that we have just installed you can log in without being chrooted (which makes sense if you log in as root, for example). Now, how does the chrooted SSH decide whom to chroot and whom not? That's easy: the chrooted SSH looks up the user who is trying to log in in /etc/passwd. If the user's home directory in /etc/passwd has a . (dot) in it, then the user is going to
<thesheff17> be chrooted.
<MTecknology> thesheff17: This?   /chroot/./home/user ?
<thesheff17> MTecknology: http://www.howtoforge.com/chroot_ssh_sftp_debian_etch yea
<MTecknology> or in my case - SEF5644E4.s:x:1027:1028::/chroot/./home/SEF5644E4.s:/bin/bash
<thesheff17> MTecknology: that is where I got the example
<MTecknology> thesheff17: I tried changing that - but didn't wind up in the chroot
<thesheff17> MTecknology: you are putting the . in the /etc/passwd and not the one in the chroot env right?
<MTecknology> thesheff17: right
<MTecknology> thesheff17: I did it on my own user account - michael:x:1001:1001::/chroot/./home/michael:/bin/bash
<thesheff17> MTecknology: actually it looks like it needs to be in both: I see them do this: grep /etc/passwd -e "^testuser" >> /home/chroot/etc/passwd
<MTecknology> thesheff17: ...
<MTecknology> thesheff17: I landed my user in the chroot - but somehow the php commands are still available :S
<MTecknology> it's like the only thing that changed is my home directory
<thesheff17> MTecknology: is the . in both passwd files?
<MTecknology> yup
<thesheff17> MTecknology: also fix the group file
<MTecknology> thesheff17: What is it I need to change there?
<hggdh> kirkland: there?
<thesheff17> MTecknology: also the .
<kirkland> hggdh: yo
<MTecknology> thesheff17: SEF5644E4.s:x:1028: -> SEF5644E4.s:/chroot/.x:1028: ??
<hggdh> kirkland: on /etc/init/eucalyptus-network.conf: what did you want to do with 'INSTANCE $IFACE'? Can I just replace/take it out?
<thesheff17> MTecknology: nm that isn't right you shoudn't have to do anything /etc/group
<MTecknology> thesheff17: su - SEF5644E4.s
<MTecknology> pwd -> /chroot/./home/SEF5644E4.s
<MTecknology> :S that seems wrong
<thesheff17> MTecknology: do all your home dirs have . in them?
<MTecknology> most all of them
<thesheff17> MTecknology: is that for security?
<kirkland> hggdh: can you pastebin that file for me?
<kirkland> hggdh: i don't have it in front of me
<MTecknology> no, I just have a lot of scripts that parse things and that's one thing they parse on
<MTecknology> I can't imagine adding a dot would make it any more secure
<thesheff17> MTecknology: well usually the home dir is the same as the username :)
<thesheff17> MTecknology: is what I meant for security
<hggdh> kirkland: http://pastebin.ubuntu.com/472341/
<MTecknology> thesheff17: that is the username
<MTecknology> thesheff17: I just tried it with a user w/o a dot and got the same thing
<MTecknology> thesheff17: I'm definitely dropped into the right directory - but this is definitely not a chroot :P
<smoser> Daviey, i tested the package that i have in my ppa
<smoser> so that merge suggestion is good.
<Daviey> smoser: rockin'
<MTecknology> thesheff17: I feel like this has to be increibly close though :)
<thesheff17> MTecknology: yea I think you are really close.
<MTecknology> thesheff17: any app I'm maybe missing to do the rest?
<millerd> Can anyone explain to me how cluster ssh works? Like does anyone know of a good diagram or something?
<AndyGraybeal> how do i list all groups from the command line?  i figure it might be like: groups --list .. but alas..
<thesheff17> MTecknology: i'm not sure I would follow this how to and see if a new user works http://www.howtoforge.com/chroot_ssh_sftp_debian_etch
<MTecknology> AndyGraybeal: cat /etc/group
<MTecknology> thesheff17: I was trying to follow it, I also saw another one very similar
<thesheff17> MTecknology: yea you are really close
<jord> Anyone know about Avahi? It won't start at boot correctly.
<MTecknology> thesheff17: If I manage to get this working I may very well use it on my own system :P
<thesheff17> MTecknology: yea chroot works really well...and it really helps protect the operating system
<MTecknology> thesheff17: :'( Everything I read says that should be it...
<oru_work> is there such thing as "reminder" software by email ?
<MTecknology> thesheff17: same with a new user too
<thesheff17> MTecknology: sounds like it is missing some file maybe....maybe something in the logs?
<MTecknology> thesheff17: nope
<MTecknology> gah... meeting time
<MTecknology> I have to meet with a board - back in a few
<oru_work> can anyone recommend a web based callendar ?
<AndyGraybeal> i've been looking at one that is named after a monk, the name isn't coming to my mind right now.
<AndyGraybeal> bedework
<AndyGraybeal> i've never used it though, it looks like the best group calendar
<AndyGraybeal> oru_work: i've been looking at bedework
<zenmower> ..
<progre55> hi people!  I'm starting a deamon using "start-stop-daemon --start --quiet --pidfile $SCRIPT_PID --startas $DAEMON -- $DAEMON_OPTS", but it doesnt record the pid in the specified file, so the "stop" option doesnt work. Any suggestions, please?
<AndyGraybeal> i have a newb quesiton, sorry for this.  i have a folder that is owned by the group 'tech' and andy.graybeal is in the 'tech' group and has access to write to this folder.  andy.graybeal's primary group is the 'users' group.  infact all the users are a part of the 'user' group so we can share files easily.  when he creates a file in the 'tech' folder that files group is 'user'.  andy doesn't want anyone to edit it because it'
<corpsegrindr> Hey, does anyone know if its possible to put music on an ipod from lucid server?
<cloakable> corpsegrindr: presumably.
<cloakable> corpsegrindr: You'd likely want some way to update the database, though.
<corpsegrindr> just manual adding would be fine. I do not need auto sync. I am just not sure how to add it since the ipod does not show up like an external drive
<ScottK> SpamapS: I got mail over the weekend from the Kolab PHP guy (even though he's on vacation).  The short version is "We want the patches upstream, doing the configure changes is no problem.  We can't promise what upstream will do."
<ScottK> SpamapS: I think that's reasonable.
<SpamapS> ScottK: yeah totally, it looks like the only debate is whether or not upstream of c-client will apply the patches. I think the PHP guys are totally gung-ho and ready to add functionality... its pretty much what the live an breathe. ;)
<ScottK> SpamapS: But with the configure time checks, getting c-client to accept the patches doesn't have to block progress with php.
<ScottK> SpamapS: Any objections if we go ahead and patch c-client/php-imap in Ubuntu?
<SpamapS> ScottK: no objections, but I would like to see the c-client patches pushed hard toward upstream.
<SpamapS> Seems like they're reasonable, if uninterested fellows and will probably apply the patch w/o much fuss.
<ScottK> OK.  I'll follow up with the Kolab folks on that.
<ScottK> I think that just leaves the cyrus-imap patches and those looked pretty safe to me.
<SpamapS> totally
<ScottK> SpamapS: Would you rather prepare the uploads and I'll sponsor them or that I just do it?
<uvirtbot> New bug: #612734 in vm-builder (universe) "linux-ec2 is no longer needed in uec images" [Undecided,New] https://launchpad.net/bugs/612734
<SpamapS> ScottK: I wouldn't count on me having any time before FF.. :-/
<ScottK> OK.  I'll do it then.
<AndyGraybeal> let me reword this:  how do i get it so group ownership of all files under a folder stay to the group.  i know i can 'chgrp -R tech Tech_folder'  but then a user comes in an creates a file, that file is now under group ownership of that person default group.  how do i make it so that the group ownership stays as the folder's group?
<guntbert> AndyGraybeal: I'm not sure but you could give write permissions for the directory only to the group
<AndyGraybeal> aah thank you guntbert, sorry for my newbness
<guntbert> AndyGraybeal: no problem :) and I am not sure if it will work
<AndyGraybeal> i will test it.
<AndyGraybeal> guntbert: yea, i'm not sure how to do that exactly.
<AndyGraybeal> i mean i think it might already be that way, but i'm confused.
<guntbert> AndyGraybeal: paste the output of ls -ld <pathToFolder>
<AndyGraybeal> as it stands the Tech folder is drwxrwxr-x ; the group is 'tech'
<AndyGraybeal> hold lemme paste it
<AndyGraybeal> aah thank you guntbert, sorry for my newbnessandy@buddleia:/srv/Desktop$ ls -ld Tech
<AndyGraybeal> drwxrwxr-x 7 andy tech 4096 2010-08-02 16:41 Tech
<AndyGraybeal> crap
<AndyGraybeal> but anyone there it is
<guntbert> AndyGraybeal: chmod u-w Tech, then you should get dr-xrwxr-x 7 andy tech 4096 2010-08-02 16:41 Tech
<AndyGraybeal> okay, let me test
<AndyGraybeal> guntbert: i made a file as 'andy.graybeal' in the Tech folder.  the user andy.graybeal is in the groups users and tech.  users is his primary group, as well as all the other users.  i logged in and i could edit that file as another user only in the 'user' folder, not the tech folder.   i know this is how it is supposed to work, but how can i accomplish it so when i make a file under the 'tech' folder only the people in the 't
<AndyGraybeal> oh crap.. my words are mixed up.
<AndyGraybeal> i edited that file as another user, in the 'users' group, not the 'tech' group.
<AndyGraybeal> anyway, i don't think there is a way to fix this the way i'm thinking.
<guntbert> AndyGraybeal: please create a new file there and look at its permissions (ls -l newfile)
<AndyGraybeal> andy.graybeal@buddleia:/srv/Desktop/Tech$ touch testing123
<AndyGraybeal> andy.graybeal@buddleia:/srv/Desktop/Tech$ ls -l testing123
<AndyGraybeal> -rw-rw-r-- 1 andy.graybeal users 0 2010-08-02 17:45 testing123
<AndyGraybeal> a person in the 'users' group can edit that file.
<AndyGraybeal> and this is good if the file wasn't under the 'tech' folder,  but maybe say it was under our 'shared_data' folder.
<AndyGraybeal> i have my umask set to 002 btw
<AndyGraybeal> i think what i'm trying to accomplish isn't possible.
<AndyGraybeal> i'm sorry that was so confusing.
<guntbert> AndyGraybeal: might be it is not possible - but ...
<AndyGraybeal> i'm sure that what i'm thinking is somewhat common; we want everything to be able to be read, but want the things under folders protected from writing by those not in the group; people can be in many groups, the folders can only be in one group.  so for instance; if i'm in 'hr' and 'tech' group, i want to be able to read and write things in the 'hr' and 'tech' folders.  and i want everyone else in those folders to be able to 
<AndyGraybeal> i don't know how to accomplish that.
<AndyGraybeal> maybe i'll email the list, it may make more sense if i do that.
#ubuntu-server 2010-08-03
<MTecknology> I'm trying to drop each user into a chroot when they log into the system. I don't want to make it over ssh only. I setup a chroot environment. I changed the users home directory to /chroot/./home/user moved /home/* into /chroot/home/. When I run su - user, I'm dropped into /chroot/home/user and pwd shows /chroot/./home/user/. echo $HOME shows the same thing. I'm really lost figuring out why the user isn't being dropped int
<MTecknology> I'm not sure if that cut off or not..
<smoser> SpamapS, i forgot to pick up your glusterfs merge proposal
<smoser> i uploaded a cloud-init today, and would have picked it up.
<smoser> but i guess given that its doc only,k not a big deal
<thesheff17> MTecknology: i'm building a new virtual machine to test a chroot env.
<MTecknology> thesheff17: awesome - I'm taking a break because I need to do a whole lot of homework in a very short time but that's not to say I won't take a break from it ;)
<MTecknology> thesheff17: I imagine you'll make it work for you just perfect :P - I built the chroot with debootstrap lucid /chroot
<smoser> MTecknology, just because you set the home doesn't mean a chroot is going to occur.
<MTecknology> smoser: and that's what I can't figure out how to make happen - any magical tips, advice, reading?
<smoser> what i would suggest you do is change the users shell to be something that performs a chroot if and only if its not already chrooted.
<smoser> i've done this once before, actually.
<MTecknology> such as?
<smoser> ie, you could add a shell to the "real system" that did something like:
<smoser> #!/bin/sh
 * MTecknology blank stare
<smoser> hm..
<MTecknology> I see that in scripts all the time
<smoser> so you have to deal with permissions to.
<smoser> user can't run chroot.
<smoser> the "shell" that was the users shell (ie, listed in /etc/passwd) in the outside shell would be '/bin/jailer'
<smoser> /bin/jailer then would be either setuid root, or a shell script that called sudo
<MTecknology> you mean I'd need to make my own script to deal with it?
<smoser> hm..
<smoser> i think you'll end up having to write something in C
<smoser> yes, write your own "shell"
<lowridah> in ubuntu is there a script like centos' 'setup' to do postinstall config all from one menu?
<smoser> the rason i thin kyou need C is that you're going to have to chroot, and then drop permissions.
<smoser> dchroot actually does this, its possible you could make use of it.
<MTecknology> I thought that /chroot/./home/user was some awesome tool to drop the user into the chroot
<smoser> maybe i'm just not aware of it.
<lowridah> i have pxe installs of ubuntu going but i want one nice location to do the postinstall without having to hack up a preseed late_command
<smoser> where di dyou see this ?
<smoser> i really have to run...
<smoser> but i'm somewhat intrigued.
<MTecknology> in a few guides online - but those are all for ssh logins using a patched openssh-server
<smoser> hm.. well the patched ssh server might be the thing.
<smoser> lowridah, i'm not aware of anything that does what you really want.  there is no "first boot config" that i'm aware of.
<lowridah> hmm
<lowridah> okay thanks
<MTecknology> there used to be I know.. but I forget its name
<lowridah> i may have to delve into debconf for this =(
<MTecknology> it was used during installation though
<lowridah> during install is debconf
<lowridah> oem-config-firstboot exists in oem installs
<MTecknology> thesheff17: did you get anywhere on that?
<MTecknology> thesheff17: I have almost have of one assignment done :D
<thesheff17> MTecknology: hmm...well I can tell you I'm very rusty with chroot :) I did this on debian about 5 years ago....and the docs are just all over the place on this subject :(
<MTecknology> thesheff17: I noticed :P
<Graves> any1 want to walk me through setting up samba to share the apache folder where my windows box can upload html files
<MTecknology> thesheff17: when I get this I'm going to make a GOOD step by step by step how to on it
<MTecknology> thesheff17: after I tested and retested
<MTecknology> thesheff17: for a novice user such as myself - the scattered and inconsistent docs make it pretty much hell to accomplish. :P
<thesheff17> MTecknology: yea I thought for sure this would be well documented at this point.
<patdk-lap> I have an issue with ipvs I just can't quite figure out, and can't seem to find any ipvs info about it :(
<MTecknology> thesheff17: we'll take care of that, right? You teach me and I'll spend a couple days documenting?
<patdk-lap> I have ipvs ipv4 setup, and working just fine
<patdk-lap> I have had ipv6 using ipvs in nat, working fine
<patdk-lap> just tried ipv6 with ipvs in dr mode, and can't get it to work, ipv6 won't do neighbor descovery
<patdk-lap> I can't ping the ipv6 ip's of the real machines at all, the ipv6 neighbor descovery never can locate the ip
<thesheff17> MTecknology: yea I'm going to keep working on it....it is really bugging me now since I have done it in the past and my linux skills where crap then :)
<MTecknology> thesheff17: mine were crap then too - i don't know that they improved much :P - I can at least make simple packages and complex bash scripts now :)
<thesheff17> MTecknology: got it
<thesheff17> http://www.marthijnvandenheuvel.com/2010/03/10/how-to-create-a-chroot-ssh-user-in-ubuntu/
<thesheff17> this worked perfect
<thesheff17> just have to find the right how to :)
<MTecknology> thesheff17: Need to package jailkit then?
<thesheff17> yea I would use that
<MTecknology> thesheff17: thanks - I wonder why it wasn't packaged yet...
<thesheff17> MTecknology: I'm not sure
<MTecknology> if it's just a config/make/install it should be trivial :P
<MTecknology> thesheff17: I'll look into that and maybe get it into 11.04 - 10.10 very likely won't happen even for universe
<thesheff17> MTecknology: do apt-get install linux-headers-`uname -r` build-essential
<thesheff17> that will give you all the packages you need to build any software for linux
<MTecknology> thesheff17: usually - lal requires a few different ones
<MTecknology> I need to finish writing lal at some point :(
<thesheff17> MTecknology: what is lal?
 * MTecknology so wants to do !info lal
<thesheff17> !info lal
<ubottu> Package lal does not exist in lucid
<MTecknology> http://projects.l3ib.org/lal/
<MTecknology> I need to finish version 2.0 before I'll push for it to be in the repos - I do have a PPA for it though
<MTecknology> thesheff17: https://edge.launchpad.net/~mtecknology/+archive/sysapps
<thesheff17> MTecknology: nice
<thesheff17> MTecknology: there may be a better way to do chroot but that how to got me start to working setup in 5 min...and we have been working on it all day :)
<MTecknology> thesheff17: I may very well love your right now :P I'll have to try this in the morning when I finish homework (hopefully I can)
<MTecknology> thesheff17: you should try out lal :) - that's the version without the calendar feature
<thesheff17> MTecknology: sure I def will
<thesheff17> MTecknology: yea I think chroot has fallen behind since so many people are using virtual machines now but it is def still valid on every systems.
<thesheff17> hehe it works great I removed /home/jail/bin/ls
<thesheff17> and now my testuser can't ls :)
<MTecknology> :D
<MTecknology> thesheff17: in my case I have very few resources to spare but users need to be able to log in and do things to their website. I locked it down so even if they can run php - it won't be able to do things like launch another php-cgi process - I don't think you can do that from inside a php script
<Graves> i rebooted and i cant use vnc to login now
<Graves> so some website told me to delete my keyring files
<Graves> so i did
<Graves> now it still wont work
<MTecknology> thesheff17: that's my whole goal - lock down what the user can do so they can't chew up more resources such as php-cgi
<thesheff17> MTecknology: yea chroot should do the trick :)
<MTecknology> thesheff17: I'm hoping my assumptions are right about the rest of it or I need to take it a step further - and I don't want to :P
<thesheff17> MTecknology: yea that should do the trick with just giving them enough to edit files
<MTecknology> thesheff17: ya, I meant with the web server running outside of that chroot
<MTecknology> thesheff17: unless I knocked that into a chroot too - but that would just get really messy
<MTecknology> which would be the next step.. :P
<thesheff17> MTecknology: well how do you have it setup now?  do you have it pointed to their home dirs?
<thesheff17> MTecknology: with apache?
<MTecknology> nginx
<thesheff17> MTecknology: so nginx is pointing to their home dirs?
<MTecknology> ya
<MTecknology> php-cgi processes running as that user - each site uses the php process to access the home dir as that user
<MTecknology> then nginx can read static content without php but can't run scripts or alter anything in there
<thesheff17> MTecknology: can you just poing nginx to point to the jail?
<MTecknology> ya, it would require sed -i 's/\/home/\/jail\/user/' /etc/nginx/snips/drupal && /etc/init.d/nginx reload
<MTecknology> I think that would cover it..
<MTecknology> granted I'd just edit by hand instead of sed :P
<thesheff17> MTecknology: hehe yup that should all work.
<MTecknology> thesheff17: <?php exec('php-cgi &'); ?> <-- if that fails then I win; if that wins - then I fail and must work harded - probably by tweaking what php can do
<thesheff17> MTecknology: do you have safe mode enabled
<thesheff17> MTecknology: for php I think that disables exec
<MTecknology> thesheff17: I'm not sure but will absolutely check when I get to work - thanks :)
<MTecknology> thesheff17: HUGS! ({)
<thesheff17> MTecknology: I also thinks it disables uploads but yea I def look into safe mode for php
<thesheff17> np
<MTecknology> oh.. uploads might be needed - maybe there's a way around it. I'll test and find out. I'm sure my answer will be somewhere in php.ini
<MTecknology> thesheff17: thanks for putting up with me and helping so much :)
<thesheff17> MTecknology: np glad I could help.  I know chroot gave me a huge headache for days
<thesheff17> MTecknology: I'm signing off tonight but will be back on tomorrow
<MTecknology> thesheff17: alrighty, I'll let you know how it goes when I get there :)
<thesheff17> MTecknology: safe mode is deprecated since 5.3.0...it has been a long time but I would check this out.  http://www.howtoforge.com/forums/showthread.php?t=47
<thesheff17> MTecknology: ttyl
<MTecknology> thesheff17: :D spiffy
<patdk-lap> hmm, no idea what was wrong
<patdk-lap> rebooted the *real server*, and they started working on ipv6 correctly
<MACscr> ok, so apt-get isnt automatically or even asking to install dependencies. How can i change it so that it does?
 * patdk-lap wonders how you managed to break it
<MACscr> patdk-lap: its a very stripped down image for xen. Wasnt provided by me
<MTecknology> MACscr: I know in aptitude it's a simple preference - i don't know about apt-get
<MTecknology> MACscr: it should install deps - but you can tell it not to do recommends
<MACscr> does aptitude and apt-get have access to the same "repos"? not sure exactly what ubuntu/debian calls them
<harrison> Does anyone know of a good webmail guide, I tried squirrel mail but that didn't work.
<patdk-lap> depends what you want
<patdk-lap> simple and easy, or full featured and complex
<MACscr> damnit, i cant get aptitude not apt-get to do dependencies and cant figure a way to fix it. I dont see anything in /etc/apt/apt.conf.d/ that might help me resolve it
<MACscr> grr this is frustrating
<hggdh> Daviey: tomorrow we will talk, BUT: I reinstalled the whole thing 4 times. *ALL* four times, all components -- including NCs -- registered successfully (and by themselves)
<twb> Sounds like a *good* thing
<hggdh> yes, except that without any changes (except for cosmic rays) it was not doing that before...
 * patdk-lap thinks people are paranoid of cosmic rays
 * hggdh brings up witches as possible causes, even if they do not exist
<Graves> sooooo
<Graves> i registerd a domain name
<Graves> but they people cant forward it to a dynamic ip
<Graves> what should i do
<MACscr> what do i have to do to setup mysql so i can just type: mysql -u username -p, etc?
<MACscr> its one of my biggest annoyances of debian/ubuntu is that every service command seems to need a path
<ajmitch> given that it lives in /usr/bin, there should be no path needed for the mysql client
<funkyHat> MACscr: that should work as it is. What's the output of echo $PATH ?
<MACscr> hmm, looks like i have some errors left over from the last install. Check this out http://pastebin.com/PRxcEsNK
<MACscr> guess the baruwa install didnt complete. Part of that actually came up when i was simply trying to install libwww-perl
<ajmitch> judging from the bugs, mysql-cluster-7.0 is a mess
<MACscr> but i just need 5 =P
<ajmitch> did you have a reason for using mysql-cluster?
<rdw200169> Graves: still there?
<MACscr> well it appears that baruwa works with clusters, which is what i want to move to with this setup, but i havent even had a chance ot try out the software on a single server config yet
<bcomp> hi
<ajmitch> then in the meantime you can probably use mysql-server-5.1 and mysql-client-5.1
<bcomp> i'm having a problem accessing my server from the internet
<bcomp> I set up port forwarding on the router and changed from dhcp to static ip on the server
<bcomp> but for some reason I can't ssh from anywhere outside my LAN
<rdw200169> its possible that your ISP may be blocking incoming connections
<bcomp> is there a workaround?
<rdw200169> is your router directly connected to the internet connection, or is there like a DSL modem in between your router and internet connection?
<bcomp> cable internet modem box, then a router, then the server
<rdw200169> sometimes, DSL 'modems' are actually routers
<rdw200169> hmm...
<bcomp> then maybe I have two router and i though i had one hah
<rdw200169> exactly, but cable modems, as far as i know, are always just modems
<rdw200169> at least the cable modems provided by cable companies, like the surfboard
<bcomp> ah good
<ScottK> rdw200169: Sometimes they are routers too.
<rdw200169> ScottK: ok ok, fair enough, thats why i said "as far as i know" ;)
<bcomp> also, would it be bad to set up router port forwarding, and put the server on dmz?
<rdw200169> dmz is like 'total port forwarding'
<ScottK> rdw200169: Sure.  Understood.
<bcomp> well yeah, i just wondered if it would mess things up or something
<rdw200169> nah, its just kinda pointless to do port forwarding if you're gonna put it on a the DMZ
<rdw200169> anyway, i was gonna say, have you tested SSH *without* the modem to verify if it is actually a modem issue?
<bcomp> what do you mean?
<rdw200169> i mean, without the router
<rdw200169> like, plug the server straight into the internet connection
<bcomp> oh no
<bcomp> because then I wouldn't be able to access the internet with other computers to test it hah
<rdw200169> if your server has a firewall, it should be fine on the WWW
<rdw200169> if you want, i can test for you
<bcomp> hmmm
<rdw200169> i *am* on the other side of the internet, so i can test things
<bcomp> lol
<rdw200169> but it doesn't necessarily have to be SSH, just anything, like a webserver or something
<bcomp> well yeah
<bcomp> i weighing the effort needed to walk to my server in the other room
<bcomp> agh ok
<rdw200169> that, or, i can test what you have right now
<bcomp> that might be better
<bcomp> i'm pretty new at this, if it isn't apparent
<bcomp> should i send you the ip, straight up?
<rdw200169> if you want
<rdw200169> i'm assuming that if you're gonna run a server, you're gonna get your IP out there anyway
<MACscr> ajmitch: im not picking what needs to be installed, thats from the .deb i installed
<bcomp> good point
<MACscr> the .deb for baruwa
<MACscr> ok, i got past that stuff and just installed the mysql-client. Now here is my noob question for the day. How do i restart mysql? I dont see anything located in /etc/init.d/ for mysql
<MACscr> nvm
<bcomp_> .
<MTecknology> http://www.tldp.org/HOWTO/Kernel-HOWTO/ - "because it don't fitted the LDP standard." Is English not one of the standards you have?
<MACscr> ha
<twb> MTecknology: submit a patch
<MTecknology> twb: perhaps if I have time at some point in the next year :(
<MTecknology> sleepy time.. I'll talk to you all when the sun comes up again.
<Roxyhart0> hi there, somebody know how work the order form rule in iptables? I mean the the first match stop checking the rest or check every rule in the table?
<rdw200169> Roxyhart0: first match
<Roxyhart0> thanks
<rdw200169> Roxyhart0: if you read some 'standard' firewall configurations, like the 'standard' firewall that firestarter uses, a lot more about iptables makes sense.
<rdw200169> Roxyhart0: on the rule matching, the last word in an iptables command specifies what to do, i.e. the jump part, -j.  this determines the 'next step' in the rules.  for example, the "-j LOG" target allows you to match a packet, log it, and ***continue through the table***
<rdw200169> Roxyhart0: its hard for me to say that *every time the table is first match -> stop* b/c there are so many Target Extensions available for use in iptables...
<Roxyhart0> yes, i know...i am trying to figure out with some rules that i got
<rdw200169> if you need any help, i'm pretty good at iptables/iproute2
<Roxyhart0> it is just i need block port 25 por everybody except 2 Ips
<Roxyhart0> so i did drop port 25 and acet when come form those ips
<rdw200169> ah, easy
<Roxyhart0> but sometimes works and sometimes dont
<rdw200169> first, match for that IP/port combination then ACCEPT
<rdw200169> then, after those rules, drop all other port 25 traffic
<Roxyhart0> i did that but sometime does work..it is like intermitent
<rdw200169> so the table catches that IP address going to that port *first* before dropping the other stuff
<rdw200169> do you have a log target prior to your drop target to catch whats getting dropped?
<rdw200169> is this like your iptables match: -A INPUT -s USER_IP -p tcp -m tcp --dport 25 -j ACCEPT
<Roxyhart0> no but i got a first rule that say, if some ip go to the mail server go to the rule email server and after those rules it the rule to accept port 25 and then
<Roxyhart0> drop everyone else
<rdw200169> so the whole thing starts with something like -A INPUT -d MAIL_SERVER_IP -j MAIL_SERVER_RULES_INCOMING
<rdw200169> right?
<Roxyhart0> to it start a -A FORWARD -s 172.19.0.0/24 -i vlan30 -j Staff
<Roxyhart0> where staff is a rule
<Roxyhart0> then in staff
<Roxyhart0> -A Staff -d 172.20.0.2/32 -o vlan2 -j mailserver
<Roxyhart0> and then bellow that
<rdw200169> ok
<Roxyhart0> -A Staff -s 172.19.0.100/32 -p tcp -m tcp --dport 25 -j ACCEPT
<Roxyhart0> -A Staff -p tcp -m tcp --dport 25 -j DROP
<Roxyhart0> sorry is 20 instead 19
<Roxyhart0> but still dont work
<rdw200169> ah, got it
<rdw200169> ok, i don't see the rest of your rules, obviously, but lets just assume that you *don't* need to specify the interface
<Roxyhart0> so my question is if i send e email from this address first go to the rule emailserver
<Roxyhart0> and then come back to drop the file
<Roxyhart0> the package
<rdw200169> the kernel, if spoofing is enabled, will automatically drop packets if it looks like the traffic is coming from an unlikely location
<Roxyhart0> why?
<rdw200169> the routing table will take care of that
<twb> ITYM Reverse-Path Filtering (net.ipv4.conf.*.rp_filter)
<rdw200169> the kernel knows where the packet originated from and where its going, and the 'hooks' will catch the correct direction
<rdw200169> thanks twb thats what i was thinking of
<twb> raw iptables usage should probably be discussed on #netfilter.
<rdw200169> twb: fair enough, he got me started ;)
<twb> rdw200169: I plonked Roxyhart0 long ago
<Crewsr3> I've been asked to learn about EC2.  Is there a way to set up a local EC2 sever so I could practice setting up instances with out getting charged.  I have a extra box with virtualization CPU
<twb> Crewsr3: I believe so, but I don't do whatever-eucalyptus-is-called-this-week
<Crewsr3> sorry, I'm really new to all of this, what is eucalyptus?
<twb> this whole "cloud computing" thing
<Roxyhart0> well, i dont know why tbw did it, as i still can read his messages. I is rude and not gendelman at all
<Roxyhart0> thanks for your help rdw200169
<twb> cf. http://en.wikipedia.org/wiki/Amazon_EC2, http://en.wikipedia.org/wiki/Eucalyptus_(computing), UEC.
<rdw200169> no problem, if you want to discuss iptables more, you should go to #netfilter.  he's right, this is where we discuss ubuntu server questions, not hardcore firewalling/routing (not really a 'server' function ;))
<Crewsr3> so in theory there is a way to install ubuntu server in the same way the EC2 is setup, so I can learn how to build an instance locally
<Roxyhart0> thanks
<pthsWork> Good morning all. I've sent the following message on #samba, but maybe someone here could help me figure out what is going on:  I've got a winbind problem. I've got a AD 2008r2 Server which I use for user management and a samba 3.4.7 file server. For some reason Winbind stops retrieving user updates (getent passwd). log.smbd says:
<pthsWork>  winbindd/winbindd_user.c:97(winbindd_fill_pwent)
<pthsWork>    error getting user id for sid S-1-5-21-1886463297-1098047934-3826461101-1128
<pthsWork>  [2010/08/03 07:54:30,  1] winbindd/winbindd_user.c:856(winbindd_getpwent)
<pthsWork>    could not lookup domain user ptstest4
<Roxyhart0> still i think he is very rude, i am sure he have at leat a mum, he should not ne rude
<uvirtbot> New bug: #612858 in dovecot (main) "package dovecot-common 1:1.2.9-1ubuntu6.1 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/612858
<blinkiz> Hi there. I have a virtualization cluster (kvm+libvirtd+corosync+iscsi) where I have a problem with cache. Sometimes we clone machines on our storage server. The virtualization server does not see this and has some kind of cache of what it things should exist on storage server. I need a way to flush this cache on the virtualization server. Maybe this cache is within ISCSI?
<blinkiz> A reboot of  the virtualization question and the cache is flushed. So it absolutely some kind of cache effect on the virtualization server
<blinkiz> question = server.. Hmm, interesting typo ;)
<comron> Hello, anyone around this late? :)
<andol> comron: Well, given the earth being round...
<comron> andol: late, early it's all the same :)
<comron> andol: I'm trying to rebundle an AMI from http://alestic.com/, but I'm running into some problems. Think you could help?
<andol> comron: Nope, nothing I am terrible familiar with.
<bcomp> so... i was going to figure this out tmrw, but it's bothering me
<bcomp> my ubuntu server has a filtered port 80
<comron> well, maybe this sounds familiar: When I try an apt-get update, I get an error that says "E: Sub-process returned an error code". Sound like anything you know of?
<bcomp> so all http transfer to anywhere outside my lan doesn't work
<bcomp> i'm using shorewall btw
<bcomp> if anyone can advise I'm eternally grateful
<ttx> Daviey: I'm starting earlier than expected
<ttx> Daviey: any progress on your side, before I start reproducing on my rig ?
<Daviey> ttx: oh.. goody :)
<Daviey> ttx: I would find it handy for you to reproduce with the latest ISO.  I think things might be better than hoped
<ttx> ah.
 * ttx rsyncs
<Daviey> ttx: Good to see this daily is in size \o/
<ttx> it still has hplip though
 * ttx wonders how we shaved those few Mb
<Daviey> ttx: probably no kernel :)
<ttx> Daviey: installing the CLC+WC+CC+SC
<Daviey> ttx, I'm deploying a fresh one now.
<ttx> Daviey: node being installed, stopping for lunch
<Daviey> ttx, super!
<kamaze> sup
<kamaze> someone has a word to: BIND9 vs Unbound?
<twb> I use dnsmasq.
 * Daviey screams
<loma> hi i have a ubuntu server that i access via ssh from a mac
<loma> is there anyway i can see the desktop on the server?
<loma> like graphical desktop...
<twb> Ubuntu Server does not have a graphical desktop.
<loma> o so no way?
<_ruben> if you want one, install the desktop (edition)
<loma> cant i just install ubuntu-desktop?
<twb> You can.
<_ruben> server + desktop = desktop != server ;)
<twb> You could run the X server on your Mac, and install and run X app(s) on the Ubuntu Server.
<ivoks> ttx: we can postpone that bacula 'bug', but the truth is that it really isn't fixable :/
<ivoks> ttx: unless we allow predepend
<ttx> ivoks: ok, I'll unmark it as a papercut then
<ivoks> is there a method to run something after all packages are installed?
<ivoks> like triggers do for kernel and libc
<ttx> ivoks: I don't think so
<ivoks> cause that would solve this issue
<ivoks> otherwise, we can't postpone configuration of bacula, if mysql isn't started
<zash> Hello, my mysql setup is horribly broken, HALP!
<zash> This stuff just forkbombs itself: http://conference.prosody.im:5280/pastebin/4ab10f55-43d5-4cf5-a773-991b4db69dde
<zash> from /etc/mysql/debian-start
<ttx> Daviey: in my A3 test, the node is registering correctly
<Daviey> ttx: in registration.log, what return code are you getting?
<Daviey> ttx: And are you getting errors in registration.log of the $clustername not being found?
<ttx> I'm getting 0
<Daviey> ... clean install.. i just got 1
<ttx> that one is normal
<ivoks> zash: ?
<ttx> Daviey: cluster not found, retrying in 10sec
<ttx> then cluster is found
<ivoks> ah, those clusters :)
<ttx> Daviey: "euca-describe-availability-zones verbose" returns as it should
<zash> ivoks: I get a whole bunch of xargs procs that never finishes, and the load spikes and eventualy something gets oom killed
<ttx> Daviey: euca_conf --list-nodes is the only thing that doesn't work here
<ivoks> zash: what are you doing exactly?
<ttx> Daviey: could you explain to me how you installed it ?
<Daviey> ttx: This is interesting.. clean install gave me a return code of 1 for node registration in registration.log
<zash> ivoks: just plain starting it
<ivoks> mysql?
<Daviey> ttx: fully preseeded..
<zash> ivoks: yes
<ivoks> with 'service mysql start'?
<ttx> Daviey: not an ISO install ?
<Daviey> ttx: no
<ttx> Daviey: then your preseed is wrong
<Daviey> Hmm
<zash> ivoks: /sbin/start
<ttx> Check CC key in the NC /var/lib/eucalyptus/.ssh/authorized_keys
<ttx> is it present ?
<ivoks> zash: /sbin/start mysql
<Daviey> ttx: doing a fresh install as we speak.. will need 20 mins.
<ttx> Daviey: define "fresh install"
<Daviey> ttx: fresh preseeded..
<ttx> Daviey: you should run an ISO install
<ttx> Daviey: to confirm that it's working correctly
<zash> ivoks: the init.d script says to use start at least
<ttx> I'm pretty sure the preseeding can introduce its own set of bugs, and that's not what we are testing for the milestone
<Daviey> ttx: Agreed.. i really want to try and reproduce this install.. see the behaviour i have, then will do an iso manual install.
<Daviey> ttx: Part of the problem, the testing that hggdh does - has to be preseeded.
<ttx> I agree with that... but that's a bug in the testing env, not in UEC
<zash> ivoks: hm, service start and /sbin/start just sits there and does nothing
<ttx> I suspect your preseed fails to deploy the CC key on the NC, so the registration fails
<ttx> If the ISO installer works, that proves that the bug is in the preseeding
<Daviey> yes.. i think this could be the case
<ttx> Commenting on the bug...
<ttx> Now that I'm here, I'll try to run an instance
<zash> gah, now it says mysql is started, except it's not:(
<Daviey> ttx: That failed for me a few mins ago.. but i know it worked yesterday!
<ivoks> zash: stop it
<ivoks> zash: kill all running mysql processes
<Daviey> (ttx: registering an instance)
<Daviey> image*
<zash> ivoks: check
<ivoks> zash: now start it with 'start mysql'
<ivoks> zash: and look into /var/log/syslog
<zash> ivoks: Aug  3 13:47:41 gladius init: mysql post-start process (15082) terminated with status 1
<ivoks> zash: is your database empty or you have something in it?
<zash> ivoks: i have a bunch of wordpresses and some other stuff
<zash> ivoks: it's been broken since upgrade from hardy, and i tried doing a purge and reinstall and putting the dbs back
<zash> ivoks: but it just ended with me giving up and doing sudo -b -u mysql mysqld
<ivoks> khm
<ivoks> that was a bad decission
<ivoks> mysqld is started trough mysqld_safe
<ivoks> now it probably has all the data in wrong places
<ivoks> and that could be a reason why it fails
<ttx> Daviey: instance running
<ttx> Daviey: it works way better than you and Carlos seemed to say
<Daviey> ttx: OK.. this makes NO SENSE.. using identical preseed file, i've just had a return 0 for node registration.log
<Daviey> I'm convinced there is something inconsistent, like a weird race condition - depending when you enter the loop.
<zash> ivoks: hm, just starting mysqld_safe works, but then I can't login
<ivoks> it looks to me that eeverything is broken :)
<ivoks> zash: do you have anything in /etc/mysql/conf.d?
<ttx> Daviey: looks like you'll have to rinse/repeat until you reproduce it :)
<Daviey> oh joy.
<ttx> Daviey: try an ISo install following http://testcases.qa.ubuntu.com/Install/ServerUECTopology1
<ttx> Daviey: if that works for you, its no longer a critical issue for A3
<Daviey> agreed...
 * Daviey does the dance, hoping he doesn't hit that issue :)
<ttx> Daviey: whenever you isolate it, ping me so that we look into it together
<zash> ivoks: empty
<ivoks> zash: how about /var/lib/mysql?
<ivoks> zash: are your databases there?
<zash> ivoks: yes
<waheedi> any one have installed ruby 1.92 on ubuntu 9.10
<waheedi> ?
<waheedi> how can i get it installed ?
<zash> ivoks: how about I run `mysqld`, export everything and then reinstall and restore
<ivoks> you can do that, of course
<ivoks> export all databases
<ivoks> including mysql
<ivoks> and then edit that dump, so that it doesn't contain deleting existing mysql database
<ivoks> and make sure to remove root and debian-sys-maint from mysql.users
<ivoks> or is it mysql.user
<hggdh> Daviey: good morning, I see you and ttx have been playing with UEC
<ttx> hggdh: it works very well for me :P
<hggdh> :-)
<hggdh> I do not doubt
<Daviey> heh
<Daviey> hggdh: You need to learn the dance.
<hggdh> ttx: it does sound like some sort of race -- on the 6 installs I did yesterday, 2 failed to register the components, four succeeded
<hggdh> Daviey: too old to dance ;-)
<zul> ivoks: php has triggers afaik
<Daviey> smoser: Are you around?
<ttx> hggdh: define "fails to register the components"
<ttx> all of them ?
<hggdh> ttx: all of them.
<hggdh> ttx: I had to manually --register-<whatever>
<ttx> hggdh: anything in registration.log ?
<hggdh> ttx: yes, let me see if I find it
<waheedi> how can i install ruby 1.92 on ubuntu ?
<Daviey> smoser: as soon as you are about, can you ping me please?
<Daviey> smoser:  ... i want to talk about your patch
<hggdh> ttx: http://pastebin.com/mZ1U8GVK
<hggdh> ttx: this is a all-in-one install
<Daviey> hggdh: two server deployment?
<ttx> hggdh: euca_conf --register-cluster returned 1
<ttx> hggdh: when you ran that manually it passed ?
<ttx> also, is the CLC key present in the CC's /var/lib/eucalyptus/.ssh/authorized_keys ?
<hggdh> ttx: yes,manual registration passed. And CLC, CC, SC, Walrus on the same machine
<hggdh> keys were in the authorised_keys
<hggdh> authorized_keys
<ttx> rigth, since it's the same machine
<ttx> so euca_conf didn't return 1 because it couldn't scp to the CC
 * ttx curses bad return codes
 * hggdh comiserates
<ttx> Daviey: looks like you should redirect the output of euca_conf to /var/log/eucalyptus/registration.log in /usr/share/eucalyptus/registration/*
<ttx> since "1" is not enough
<Daviey> yeah
<ttx> in hggdh case, it's striking that on the same machine the Walrus registered correctly but not the CC
<ttx> since they are using the same key and the same kind of command
<ttx> maybe some concurrency
<ttx> running them both at the precise same time fails
<ttx> so manually registering afterwards would just work
<Daviey> good theory
<ttx> Daviey: but that wouldn't explain your node registration issue
<ttx> since the node is quite alone when it registers
<Daviey> yeah.. i think euca_conf has some bugs tbh.
<uvirtbot> New bug: #612958 in samba (main) "Please convert winbind init script to upstart." [Undecided,New] https://launchpad.net/bugs/612958
<hggdh> oh boy, this adding return codes is weird
<ttx> Alpha3 Server ISO candidate posted !
<ttx> Please start a reasonable amount of ISo testing, to catch the kitten killers
 * patdk-lap hugs the kitten killers
<ttx> 20100803 was quite OK, but we are now testing 20100803.2 :)
<Daviey> ttx: I thought tomorrows was going to be the candidate?
<ttx> Daviey: you plan a new eucalyptus ?
<Daviey> ttx: yes
<ttx> ETA ?
<Daviey> by end of play today
<Daviey> I wanted to land smosers patch especially
<ttx> The current candidate will *not* be the A3 final
<Daviey> Also, i have a new upstream snapshot waiting
<Daviey> Ahhh
<Daviey> ok.. that is good :)
<ttx> but we still need to tset it reasonably
<Daviey> agreed
<ttx> in order to catch bugs that need to be fixed by A3 (the kitten killers mentioned above)
<ttx> so running /some/ISO testing is necessary
<ttx> otherwise you start testing tomorrow and realize, too late, that it's utterly broken
<ttx> we don't aim for 100% test coverage on the current candidate
<Daviey> yeah
<ttx> we aim for "confidence testing"
 * hggdh goes for yet another install ;-)
<smoser> Daviey, give  me 5 minutes please.
<Daviey> hggdh: Have confidence :)
<Daviey> smoser: ok, cool
 * hggdh has equal measures of confidence, hope, acceptance, and despair
<Daviey> smoser: Does this contain all your changes? http://pb.daviey.com/ZTOb/raw/ .. thanks :)
<smoser> Daviey, looking
<Daviey> ta
<MTecknology> So.. for using Ubuntu.. I do a lot of compiling things :P
<pmatulis> MTecknology: not supposed to
<MTecknology> pmatulis: only on my laptop- I compile vbox modules, a very trimmed down kernel, and a couple other things that don't get installed - then also building packages and coompiling a few things to test source
<pmatulis> MTecknology: and then pray that apt won't get angry?
<MTecknology> pmatulis: I apt'ed removed the kernel so it shouldn't complain about that - I never make install anything else - vbox modules play pretty nicely with it
<MTecknology> pmatulis: It's kinda fun :P I'm on 2.6.35 :)
<MTecknology> pmatulis: not something I would recommend to anyone that wants a stable system of course
<smoser> Daviey, i think it does, yes.
<smoser> did i do something wrong ?
<Daviey> smoser: Hmm.. not really
<Daviey> just want to land it in the ~ubuntu-core-dev devel branch
<Daviey> not to ~ubuntu-branches
<Daviey> you did good :)
<smoser> hm..
<uvirtbot> New bug: #612975 in dhcp3 (main) "Please convert init scripts to upstart." [Undecided,New] https://launchpad.net/bugs/612975
<m_tadeu> hi...I'm trying to install ncurses but apt says that it's not available, but is referenced by another package
<smoser> ttx, are you aware of any reason I should not run tests on ec2 images ?
<ttx> smoser: no
<smoser> alright. then i'm going to kick that off.
<m_tadeu> how can I install ncurses?
<hggdh> m_tadeu: apt-get install ncurses-base ncurses-bin ncurses-term
<ScottK> SpamapS: Kolab uw-imap patches are uploaded.  I'll take a shot at php-imap tonight or tomorrow.
<m_tadeu> hggdh: thanx
<zash> gah, reinstall of mysql failed
<zash> "could not set root password" :(
<zash> okay, reinstalled, no root password
<zash> it still just stops at "start mysql"
<zash> and does nothing
<zash> Aug  3 16:22:45 gladius init: mysql main process ended, respawning
<hggdh> ttx: there?
<zash> http://q.zash.se/bfb697b5.txt
<ttx> hggdh: yes
<hggdh> ttx: did you install UEC on the separate topo?
<ttx> hggdh: I did topology 1
<ttx> I no longer have the hardware for topology2/3
<hggdh> ttx: thanks. On topo2, my CLC does not come up (no walrus, 'do not do what you have done ever again' message)
<ttx> hggdh: you mean: the CLC+Walrus doesn't come up ? I can test that.
<MTecknology> thesheff17: g'morning
<MTecknology> thesheff17: I'm waiting for Launchpad to build it
<hggdh> ttx: just the CLC, fully-separate install
<ttx> hggdh: so you install the CLC, and it doesn't come up ?
<hggdh> ttx: correct
<hggdh> just had it
<ttx> I'll try that
<thesheff17> MTecknology: brb I have to run next door to pick up my paycheck that fedex screwed up :)
<zash> srsly, a clean install of mysql doesn't work
<MTecknology> thesheff17: fine then, don't talk to me :'(
<zash> so, purging mysql-server and reinstaling it results in it asking for a mysql root passwor 3 times, then just freezing
<zash> on start mysql
<zash> which fails
<MTecknology> thesheff17: it built ok on my local system - so... I'm guessing it'll build fine in Launchpad. I setup a recipe for it too. :)
<uvirtbot> New bug: #399546 in samba (main) "Ubuntu does not retain folder share settings." [Undecided,New] https://launchpad.net/bugs/399546
<ttx> zash: which version ?
<zash> ttx: ubuntu 10.04, latest mysql-server
<ttx> zash: define "latest"
<ttx> 5.1.41-3ubuntu12.6 ?
<zash> 5.1.41-3ubuntu12.6
<ttx> zash: could you file a bug about that ?
<ttx> https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.1/+filebug
<ttx> zul: ^ could you look into the bug once it's filed ?
<zash> https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.1/+bug/573318 looks like it
<uvirtbot> Launchpad bug 573318 in mysql-dfsg-5.1 "mysql server will not start" [Low,Invalid]
<zul> ttx: ack
<ttx> zash: except it affects a different version, and the current one is supposed to actually work.
<ttx> zash: please file a new one, we'll make it a duplicate if needed
<zash> k
<zul> wheee...
 * zul kicks launchpad
 * ScottK kicks too.
<uvirtbot> New bug: #613022 in openssh (main) "ssh daemon hangs after publickey packet sent" [Undecided,New] https://launchpad.net/bugs/613022
<SpamapS> ScottK: pretty sweet really.. kolab got me all excited about it when they first released.. maybe now it will actually be easy to deploy. ;)
<Dark-Sun> Hi every1, i'm looking for ubuntu cloud channel, can't find it with google!
<binBASH> you just reached it
 * Dark-Sun guess cat eats the keyboads!
<zul> SpamapS, Scottk: php 5.3.3 wth the kolab patches will be uploaded after alpha3
<Dark-Sun> nice to find you pals
<zul> SpamapS: hey btw
<Dark-Sun> does CLC provide DHCP server by default?
<Dark-Sun> what a stupid question! alright, any idea on how to set ip for a br0 in "interfaces" file? is it like a usual eth0?
<ttx> Dark-Sun: no, it's slightly different
<Dark-Sun> cause i c some other options there
 * ttx recommends following https://help.ubuntu.com/community/UEC/
<e-jat> Failed to bring up eth0 in my guest vm
<ttx> https://help.ubuntu.com/community/UEC/PackageInstall has a bridge config example
<ttx> but I recommend doing an ISO install
<e-jat> any idea ?
<Dark-Sun> ttx: you're the best, thanx bro, i gonna chck it out ;)
<e-jat> i already bridge the interface
<ScottK> zul: I think it just touches php-imap, which is in Universe, but I'll double check.
<ttx> Dark-Sun: np, bro
<zul> ScottK: yep i know...its queued for post-freeze
<e-jat> got some guest running out of the box .. and recently just create a new vm then cant get the network
<ttx> hggdh: CLC install inprogress
<ScottK> zul: If it's in Universe, why wait?
<zul> ScottK: because it depends on 5.3.3
<e-jat> even i already set static IP for the guest vm
<ScottK> zul: OK.  Makes sense.  Thanks.
<e-jat> some one can help me ?
<hggdh> ttx: thanks
<uvirtbot> New bug: #613032 in mysql-dfsg-5.1 (main) "Install broken, won't start" [Undecided,New] https://launchpad.net/bugs/613032
<ejat> i just recreating new vm using virt-clone but suddenly the clone network doesnt working
<ejat> how can i troubleshoot
<ttx> hggdh: reproduced
<ttx> hggdh: looks like the CLC can no longer start if the walrus is not running
<ttx> hggdh: running the two on the same machine actually starts both at the same time
<ttx> hggdh: which must... kinda work
<ttx> hggdh: that's a regression, it used to work.
<SpamapS> zul: howdy
<ttx> hggdh: you'll file it ?
<ttx> or should I ?
<ttx> SpamapS: for cassandra; did you create anything in LP except the team and the PPA ?
<ttx> SpamapS: I'm mimicking your work for Terracotta
<hggdh> ttx: done :-)
<SpamapS> ttx: I created a project too, but it disappeared
<hggdh> ttx: bug 613033
<uvirtbot> Launchpad bug 613033 in eucalyptus "eucalyptus-cloud: cloud fails to start on separate install" [Undecided,New] https://launchpad.net/bugs/613033
<SpamapS> can somebody look at bug 611695 and tell me if the "Won't Fix" status is appropriate? After marking it as such, I'm wondering if maybe I should change it to Triaged and we can SRU it.
<uvirtbot> Launchpad bug 611695 in mysql-5.1 "mysqlhotcopy produces error about log tables" [Low,Fix released] https://launchpad.net/bugs/611695
<a_ok> has anyone here used iozone before?
<ttx> hggdh: commented on the bug
<hggdh> ttx: and I marked it regression-potential/Triaged/High. I am adding the upstream now
<ttx> hggdh: hopefully they don't really need it and can unbreak it
<hggdh> ttx: one can always hope ;-)
<ejat> is there an issue with mysql-server-5.1_5.1.41-3ubuntu12_amd64.deb ?
<ejat> seem like it hang while upgrading it ..
<SpamapS> ejat: https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.1/+bug/613032 ?
<uvirtbot> Launchpad bug 613032 in mysql-dfsg-5.1 "Install broken, won't start" [Undecided,New]
<ejat> SpamapS: thanks
<SpamapS> ejat: thats relatively new
<SpamapS> 50 minutes ago. ;)
<SpamapS> so nobody has really looked at it yet
<ejat> thanks .. bcoz i just create a new image .. then wanna do the update .. suddenly .. looks like it hang :)
<hggdh> Daviey: you have just been given a gift -- another bug to look at ;-)
<Daviey> hggdh, Luck, Lucky me :)
<hggdh> Daviey: I feel your pain...
<SpamapS> woohoo back down to single digit untriaged bugs.
 * SpamapS ^5's kirkland 
<hggdh> ttx: heh. It is completely broken... I just installed CLC+Walrus, and it is failing because there is no SC
<hggdh> ttx: "Do not ever do whatever it is you did: Failed to lookup required component: storage"
<Dark-Sun> alright guys, i gonna go
<Dark-Sun> i love you!
<Dark-Sun> bye
<Daviey> hggdh: oh joy!
<hggdh> Daviey: I should have thought of asking them, sorry
<hggdh> Daviey: htank you very much indeed.
<Daviey> hggdh, Oh, no problem - lets see what they say
<hggdh> I hope it is the Right Thing they say ;-)
<SpamapS> hggdh: should we expect isos for iso testing soon?
 * SpamapS says, knowing full well thats a good question for the meeting in 45 min
<hggdh> SpamapS: I would say yes
 * hggdh also considers it a good Q for the meeting ;-)
<hggdh> but I think we are quite stable now
<ttx> SpamapS: we should be respinning if Daviey commits a new euca
<Daviey> hggdh: ttx may say otherwise, but doing some smoke testing with the current ISO could only be a good thing :)
<Daviey> ttx: Still on track to land later tonight, published in time for the scheudled spin
<ttx> Daviey: the scheduled spin is disabled, you'll have to ask for a respin in #ubuntu-release
<ttx> Daviey: we have reasonable smoketest for an ISO we know is not the final candidate
<Daviey> ttx: Oh.. i didn't know this
<ttx> the daily is usually disabled when you freeze
<Daviey> ttx: I don't want to push this latest change without doing some local testing of the binary debs.  This being the case, it's not likely to need uploading until you have EoD'd
<ttx> Daviey: ideally you'd commit it by your eod, ensure someone in the US shift sponsors it...
<Daviey> ttx: So if my local testing is good, i'll get it uploaded - and you request a respin if this happens tommorrow?
<ttx> and i'll ask for the respin if it's published tiomorrow morning
<Daviey> awesome
<Jason1> anyone know what the apache server userid is in ubuntu after I install it on 10.04 LTS?
<Pici> www-data
<Jason1> thanks!
<kirkland> SpamapS: o/*\o
<smoser> ttx, question: do you think images should be re-spun for https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/613108
<uvirtbot> Launchpad bug 613108 in cloud-init "grub loaders are not present in uec download tarball" [Undecided,New]
<ttx> smoser: yes
<ttx> it's not too late :)
<ttx> another 50$ for amazon in our testing ?
<smoser> yeah. i'll respin for it then.
<thesheff17> MTechnology: did the chroot stuff work for you?
<MTecknology> thesheff17: :(
<MTecknology> thesheff17: sooo close
<MTecknology> thesheff17: Aug  3 13:15:37 incipio jk_lsh[4417]: WARNING: user testuser (1029) tried to get an interactive shell session (/usr/sbin/jk_lsh), which is never allowed by jk_lsh
<nicetry_> I'm about to upgrade my system from 9.10 to 10.4 - does it makes sense to update/upgrade the packages first, then do-release-upgrade? or the other way around?
<MTecknology> nicetry_: 10.04? :P
<MTecknology> !upgrade
<ubottu> For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/desktop/get-ubuntu/upgrade
<Pici> nicetry_: Pesonally I do an update-upgrade and then do-release-upgrade .
<nicetry_> MTecknology: yes 10.04
<thesheff17> MTecknology: you want /bin/bash in your etc/passwd file inside the chroot jail
<nicetry_> thanks Pici
<RoAkSoAx> SpamapS: libesmtp is already in sync with debain btw :)
<MTecknology> thesheff17: grr Aug  3 13:18:43 incipio jk_chrootsh[4489]: ERROR: failed to execute shell /usr/sbin/bash for user testuser (1029), check the permissions and libraries of /home/jail//usr/sbin/bash
<Jason1> a2enmod rewrite isn't working in for 10.04 LTS.  Is the command something differrent to enable re\writes for apache2?
<MTecknology> I ran jk_cp -v -f /home/jail /bin/bash
<thesheff17> MTecknology: that is just copying the executable and binaries required for bash
<Jason1> rewrite.load is available in the mods-avialable
<thesheff17> MTecknology: if you look in your jail dir under etc/passwd you will want to change that to /bin/bash
<MTecknology> thesheff17: I changed that to /bin/bash
<MTecknology> oh...
<thesheff17> MTecknology: you have /usr/sbin/bash in that error
<SpamapS> RoAkSoAx: good to know!
<MTecknology> thesheff17: thanks :D
<SpamapS> RoAkSoAx: I recall now that it was out of sync when I looked at first, may have forgotten to update all the places I wrote that down. ;)
<RoAkSoAx> SpamapS: :) the MIR is also filed, just waiting for review
<Jason1> bump: a2enmod rewrite isn't working for me (10.04 LTS).  Is the command something different to enable rewrites for apache2?
<MTecknology> thesheff17: so now for the rest of using it...
<thesheff17> MTecknology: so your testuser logs in correctly?
<MTecknology> thesheff17: I set it up in launchpad and it should build fine whenever it gets that far
<SpamapS> RoAkSoAx: right, its for cluster tools, right?
<MTecknology> thesheff17: ya :)
<thesheff17> MTecknology: nice
<MTecknology> thesheff17: so now I need to make a script that makes their home directory in /home/jail/user ?
<RoAkSoAx> SpamapS: yes, pacemaker specifically
<thesheff17> MTecknology: yea either cp or mv /home/user to /home/jail/home/user
<thesheff17> MTecknology: you want to preserve permissions to...I'm sure that is some param for cp or mv.
<thesheff17> MTecknology: and then just make sure they are in both /etc/passwd files
<MTecknology> thesheff17: it seems that the permissions just carry over like magic
<thesheff17> MTecknology: ah ok cool
<mathiaz> kim0: hey - we're looking for you in #ubuntu-meeting
<mathiaz> kim0: for the server team meeting
<kim0> mathiaz: joining
<MTecknology> thesheff17: this thing is pretty awesome
<thesheff17> MTecknology: yea it works really well...I think you can use that same program to copy any other executables and binaries into the chroot so they have access...and to remove just remove the executables out of /home/jail/bin/*
<thesheff17> MTecknology: brb
<MTecknology> thesheff17: that's what I just did actually - jk_cp -v -f /home/jail /usr/bin/vim - too easy :P
<MTecknology> thesheff17: this thing definitely needs to find its way into the universe
<thesheff17> MTecknology: yea I would love to just apt-get it :)
<MTecknology> thesheff17: I did :P
<MTecknology> thesheff17: https://code.edge.launchpad.net/~jailkit/+recipe/jailkit
<MTecknology> thesheff17: I'm pretty sure you need the edge link too
<MTecknology> thesheff17: I'm pretty excited now.. after so much fighting - here's the answer
<SpamapS> MTecknology: file an ITP in Debian and package it up! :)
<MTecknology> SpamapS: the debian/ exists in the source - but it's ugly and I doubt somebody would want to accept it which would make it really hard because then I'd need to be altering their source code
<SpamapS> MTecknology: thats actually completely acceptable
<MTecknology> SpamapS: it is?
<SpamapS> MTecknology: certainly. Just send them back a patch, they'd probably be thrilled to include it in their releases.
<MTecknology> SpamapS: alrighty - that could be fun to do - maybe I'll hold off on the ITP until I talk to him
<SpamapS> MTecknology: if you decide not to create the package, you can always withdraw the ITP.
<MTecknology> SpamapS: I have an ITP from over a year ago that I haven't given up on yet :P
<MTecknology> SpamapS: I'll definitely go for getting it into debian and ubuntu - I think this tool is absolutely amazing
<MTecknology> thesheff17: I'm waiting for everyone to have some down time before I try out this last step... moving them into the jail and starting the processes to bring the web services back - if this works then I'm basically done - I just need to write it in my packaging so this can be reproduced easily :)
<MTecknology> Using this ->  /etc/init.d/php-fcgi stop && for user in *.*; do jk_jailuser -m -j /jail $user; done
<ivoks> mrjazzcat: ping?
<thesheff17> MTecknology: do you have a link on how you moved it into universe?
<MTecknology> thesheff17: hm? It's not in universe (yet)
<MTecknology> thesheff17: so.. in addition to what they had - jk_jailuser - I should also add -s /bin/bash
<smoser> anyone see anything wrong with this :
<MTecknology> thesheff17: or maybe rbash :P
<smoser> https://gist.github.com/94058e270a97f1f178cb
<smoser> why the "Sub-process returned an error code"
<MTecknology> smoser: aptitude update tell you anything more descriptive?
<smoser> not my system.
<smoser> so, i dont know.
<MTecknology> I've seen that before... I forgot what I broke to make it do that though.
<MTecknology> thesheff17: I wish there was a defaults file for php.. so you don't need to alter the default config
<thesheff17> MTecknology: yea almost all other software has the config files broken out.
<MTecknology> thesheff17: a 1,637 line config file that I need to change twice (cli/cgi) makes me sad :P
<MTecknology> thesheff17: I took the wrong approac of making one file that I ln -s to in the directories
<thesheff17> MTecknology: yea it would be nice if you could use like include file inside the php.ini file.
<MTecknology> thesheff17: and then just append your changes that way - include /etc/default/php.ini <- put changes here (including changing previous variables)
<MTecknology> zul: would that be an off the wall (tick you off) request? :D
<zul> yes it would
<thesheff17> lol
<MTecknology> zul: I figured :P Probably too much pain?
<zul> yes and too big of a diff
<MTecknology> zul: You think php5-5.3.3 might possibly make it into 11.04? I'm guessing it's way too late for 10.10.
<zul> MTecknology: yes it wont get into 10.10 and yes it will get into 11.04
<MTecknology> zul: yay :D
<MTecknology> zul: You're awesome! o{
<zul> thanks
<MTecknology> I'm excited for easy to use php-fpm
<MTecknology> among other things.. I really like the new php
<smoser> ttx, are you around ?
<papertigers> anyone know of a way to package a KVM vm to give out sort of like a vm appliance
<mrman208> is there any good mouse daemons for pure server (no X) that supports the scroll wheel?
<mrman208> hello?
<mrman208> anyone here?
<mrman208> s
<mrman208> s
<mrman208> s
<mrman208> s
<mrman208> s
<mrman208> s
<mrman208> s
<hggdh> <sigh/>
<ajmitch> seeing a lack of patience there? :)
<qman__> one whole minute, on the money
<qman__> sadly, that's not the shortest I've seen
<MTecknology> qman__: nah, I've seen <15 seconds :P
<kpettit> I'm looking to script some ubuntu installs.  Can anybody point me to some docs that can help me on scripting install?
<uvirtbot> New bug: #613195 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.3 failed to install/upgrade: Package is in a very bad inconsistent state - you should  reinstall it before attempting a removal." [Undecided,New] https://launchpad.net/bugs/613195
<MTecknology> kpettit: this might help - https://help.ubuntu.com/community/InstallCDCustomization/Scripts
<kpettit> thanks.  anything wil help right now
<hggdh> kpettit: if you are looking at preseeding, you should also see http://d-i.alioth.debian.org/manual/en.i386/apb.html
<kpettit> I'm mainly wanting to get packages I normally need installed done and some applications like apache/samba etc configured with a basic setup
<kpettit> I like the idea of ebox and webmin but don't really trust them all that much.  But I at least need to get some basic stuff done
<kpettit> hggdh, thanks that's a good start for me
<hggdh> kpettit: our pleasure
<hggdh> Daviey: still there?
<Daviey> hggdh: sadly.
<hggdh> heh. Why am I not surprised ;-)
<hggdh> Daviey: ok, there is another thingy -- we install /etc/eucalyptus owned by root, but the CLC wants to write to /etc/eucalyptus/cloud.d
<hggdh> Daviey: and -- of course -- barfs profusely. Not a critical issue, it seems, but I will opena bug on it. Just early warning ;-)
<Daviey> hggdh: ok... in what situation is that arising?
<hggdh> on startup, it tries to create a series of .properties files, saving <whatever>
<hggdh> oh, correct location is /etc/eucalyptus/cloud.d/conf
<Daviey> Hmm.. i'm suprised i've not had that problem
<hggdh> you probably had, just did not notice
<Daviey> So what feature is this bug blocking?
<hggdh> it does not seem to affect anything (so it is probably fluff)
<Daviey> I agree it's a valid bug, just wondering if it's one that needs to be fixed now - or post A3
<jord> Daviey: Was it you who I spoke to yesterday about Avahi?
<hggdh> none, apart from my sense of correctness :-)
<hggdh> I *think*
<Daviey> jord: I asked for info about how you get/got on.. yes :)
<Daviey> hggdh: heh
<hggdh> Daviey: AFAICU, there is no rush. Sounds like a packaging issue
<jord> Daviey: well, kind of "fixed" it by setting a static ip, which in my case is fine because I wanted that anyway
<Daviey> hggdh: well the good news is, my current branch FTBFS
<hggdh> bloody hell
<Daviey> .. and i can't go to bed until it's fixed.. oh joy.
<hggdh> anything I can help with?
<Daviey> jord: Oh.. not as clean as i had hoped then
<Daviey> hggdh: I don't think so.. unless you have a remedy for headache and eye strain? :)
<jord> Daviey: no, I think it must be an ordering problem, maybe Avahi tries to start before the machine has an ip or something
<Daviey> Hmm.. thanks jord - i'll keep that in mind for something to investigate for future
<jord> Daviey: no problem :)
<hggdh> Daviey: well, in fact I have both, since I got both maladies
<Daviey> hggdh: :(
 * Daviey takes a break.
<Crewsr3> I installed ubuntu server and the grub menu is not showing up, how do I adjust the grub to show up
<klaas> I think standard is that you need to press shift while booting
<klaas> and the setup is in /etc/default/grub or something like that
<hggdh> adjust as needed /etc/default/grub, then run 'sudo update-grub'
<hggdh> and any key while booting should show the menu (I personally use Esc, but just because)
<Crewsr3> I'm having a hard time getting to the grub folder
<Crewsr3> I'm in /etc/default
<Crewsr3> and I type ls
<Crewsr3> and I can see the grub folder
<Crewsr3> but when I type cd /grub
<_Techie_> Crewsr3: cd /boot/grub/
<Crewsr3> I get an error saying no such file or directory
<_Techie_> Crewsr3: actuall sorry cd /etc/default/grub
<Crewsr3> how do I exit vim
<Crewsr3> :q figured it out
<Crewsr3> _Techie_ it wont let me go to that directory
<hggdh> Crewsr3: there is nothing to be done under /boot/grub
<hggdh> and what you need to do is *edit* /etc/default/grub
<Crewsr3> hggdh, ok, I'm in the file using nano
<hggdh> this is not a directory, but a file
<Crewsr3> GRUB_HIDDEN_TIMEOUT=0    Should I comment this out?
<Crewsr3> what I want is to be able to see the grub menu
<hggdh> Crewsr3: it would be a very good move to read the documentation on grub -- 'info grub', mostly the the simple configuration chapter
<Crewsr3> ok, I will do that, thanks for your help
#ubuntu-server 2010-08-04
<MTecknology> :S
<MTecknology> is kill built into the kernel?
<MTecknology> it can't be.. but I can't figure out how the command is available in my chroot
<jpds> MTecknology: procps
<MTecknology> jpds: thanks
<MTecknology> thesheff17: https://code.edge.launchpad.net/~jailkit/+archive/ppa/+builds?build_state=pending
<MTecknology> thesheff17: it progressed to the next step... already....
<thesheff17> MTecknology: nice
<thesheff17> MTecknology: I'm really new to the launch pad stuff...how did you get that in there?  or can you link me to how to?
<MTecknology> thesheff17: made a team, project, registered an upstream import, created a recipe, told the recipe to build
<MTecknology> thesheff17: kind of a lot of stuff - you'd want to start with building your own packages in your own ppa - #ubuntu-packaging can help with that
<thesheff17> MTecknology: ok cool...I will have to take a look thx
<MTecknology> thesheff17: if the package works nice and perfect - I'll look into getting it into debian/ubuntu
<thesheff17> MTecknology: excellent I think a chroot implementation through apt-get would be excellent.
<MTecknology> thesheff17: this thing is already amazingly easy.. my how to is going to make it even easier :)
<thesheff17> MTecknology: nice
<MTecknology> thesheff17: I'll add two things that were missing and expand. I feel like I have a clue now. :)
<MTecknology> I'm going to start on homework thouhg. :'(
<MTecknology> This'll be the worst 5 hours of the day
<MTecknology> probably longer actually
<thesheff17> MTecknology: yea I'm in class right now :(
<MTecknology> :P
<MTecknology> paying attention I see
<thesheff17> MTecknology: hehe yea
<MTecknology> thesheff17: thanks again - I'll ping you when I get somewhere
 * MTecknology runs off now..
<thesheff17> MTecknology: np ttyl
<MTecknology> ttyl
<blackstar256> iwconfig
<Roxyhart0> hi there, somebody know how to stop tcpdump automatically? when i do crl -c it stop but the process still appear in the system
<thebwt> Roxyhart0: can you get it's pid and `kill -9` it?
<Roxyhart0> yes, but is not the idea as when i try then to merge files that i got with tcpdump give me errors as the file was cut
<papertigers> Roxyhart0: tcpdump is staying open?
<Roxyhart0> when i do crt C, still is running...
<Roxyhart0> i woudl like to stop with some condition
<papertigers> Roxyhart0: are you giving it an option to run in the background at all
<Roxyhart0> no, i just do tcpdump -i van2 scr portrange 2000 -65535
<papertigers> you have an interface named van2?
<Roxyhart0> yes
<Roxyhart0> it is running ok
<papertigers> Roxyhart0: interesting so when you run that and you hit ctrl c it continues to run
<Roxyhart0> yes
<papertigers> Roxyhart0: how are you checking for it? ps aux | grep tcpdump
<Roxyhart0> i do ps -fea |grep tcpdump and still ahow me the pdid
<papertigers> ahh
<papertigers> do a ps aux | grep tcpdump
<Roxyhart0> i did and still shows me the pdid from tcpdump
<papertigers> is it there?
<Roxyhart0> yes
<papertigers> pastebin the output to me
<papertigers> ps aux | grep tcpdump | grep -v grep
<papertigers> youre not seeing the grep output and thinking its tcpdump are you
<Roxyhart0> i know was i did wrong i did cr z and not cr c, but still i would like to stop it automatically as i am running the comand with cron each 5 minutes for 1 minute
<Roxyhart0> and i just can stp with killall -9 tcpdump
<papertigers> yeah ctrl z will let you type bg to background it
<papertigers> or fg to forground it
<papertigers> tcpdump -G will let you rotate files
<Roxyhart0> i tried to use that, i will check a little bit more
<Roxyhart0> thanks
<papertigers> Roxyhart0: if not the best bet it to run it from a script that will run it record the pid and kill it after a min
<papertigers> easiest way
<Roxyhart0> yes, i did it
<papertigers> okay sweet
<Roxyhart0> thanks :)
<reverseblade> If i wanted to setup up central authentication for a small company network from scratch, which way should I go,  openldap, samba, kerberos, or samba 4 ?
<smoser> Daviey, i dont see a eucalyptus release or build, were you still expecting one ?
<MTecknology> How can I chain SSH logins? Like.. ssh user1@domain1.com ssh user2@domain2.com
<MTecknology> I do it - but then I can't type anything
<MTecknology> I can see I get logged in through the chain
<MTecknology> heh.. got it
<smoser> MTecknology, what did you find ?
<smoser> you can do it 2 ways.
<smoser> robably by forcing the terminal on the first 'ssh -t user1@domain1.com ssh user2@domain2.com'
<MTecknology> smoser: -t is what I found
<MTecknology> smoser: is there something better?
<smoser> probably
<smoser> hold on
<smoser> in .ssh/config
<smoser> Host domain2.com
<smoser>     ProxyCommand ssh user1@domain1.com nc -q0 %h %p
<smoser> that Proxies you through the domain1 to get to domain2
<MTecknology> cool
<MTecknology> .ssh/config has a lot of little gems, huh?
<taget> I am having a problem configuring my interfaces, i have a block of static ip's and 2 netowrk cards in my server. one has a internal ip in the 192.168.2. subnet and the other is in my public pool of addresses. the problem is i cannot access my interface with the public ip outside of my local network. any ideas ?
<thesheff17> taget: sounds like a route problem
<taget> thats kind of what i thought also, but i am unsure of how to fix it
<thesheff17> taget: can you server ping the outside?
<thesheff17> taget: you can adjust your route by doing "route del default gw x.x.x.x" and "route add default gw x.x.x.x"
<thesheff17> taget: first get your box to reach the internet.
<thesheff17> taget: and the private network shouldn't have any routes.
<tarvid> found TraceEnable Off in security.dpkg-dist but I think TRACE is still enabled
<taget> sorry, i was disconnected
<taget> i can ping the outside, but i hace not tried disabling the internal network interface
<thesheff17> taget: you shouldn't have to disable the private network interface
<taget> how can i be sure i am accessing outside of my network with the correct interface ?
<thesheff17> taget: as root type route and is that IP in the same subnet as the public network?
<taget> thesheff17: the first destination is in the correct subnet, but the gateway is an *
<taget> after the first entry i have a 192.168.2.0 dest to * entry and a default to 192.168.2.10 entry
<thesheff17> taget: can you paste all the output to pastebin
<taget> sure
<taget> http://pastebin.com/WFaU1V6v
<MTecknology> thesheff17: oh ya.. it built - https://code.edge.launchpad.net/~jailkit/+archive/ppa
<thesheff17> MTecknology: nice
<thesheff17> taget: so this is the private network? 192.168.2.100
<taget> correct
<thesheff17> taget: your route should be something on the public side.
<thesheff17> taget: which is the last entry
<taget> thats kind of what i was thinking but i am unsure of how to change it
<thesheff17> taget: /etc/network/interfaces controls your interfaces
<taget> yup
<taget> but just adding the interface will not adjust the routing, correct ?
<thesheff17> taget: correct
<thesheff17> taget: I will pastebin my dual network /etc/network/interface
<taget> i have eth0 configured for static with all of the correct info
<taget> ty
<thesheff17> http://pastebin.com/Vp2BekR9
<thesheff17> taget: so all you should need for the private network is ip and subnet
<thesheff17> taget: and when you type route the only entry in gateway should be the IP of your public gateway.
<taget> thanks for the help, i will make some corrections and try it. i am looking at my interfaces file right now and for some reason while using nano it removed all the text that wasnt currently in view of the terminal
<taget> and one of the lines it cut out was the gateway
<thesheff17> taget: yea be careful if you only have remote access.  also vim is a great text editor
<taget> that is what i have heard, i just have never taken the time to learn how to use it. also the server is only 15 minutes away from my home :)
<taget> so i ma fortunate in this case
<thesheff17> taget: cool yea most of the machines I manage are hours away if not states away :)
<taget> thesheff17: i hear you on that, i am fortunate in this case, id hate to have to jump in the car to go and reset a server in this instance.
<taget> On another topic, i am looking for a solution for a web based file access with a nice login and ui for downloading and uploading files to  a server. (family file server)
<taget> any ideas ?
<thesheff17> taget: what I do is create a cronjob that runs every hour and restores the original network config regardless of what I do.....so if and when I do break it I know within the hour it will be fixed.  Just remember though when the hour comes around your config file will change regardless of what you do.
<thesheff17> taget: I would use apache with php
<taget> thesheff17: good idea.
<thesheff17> taget: apache can easily do https/login/download... php is good for uploads and moving the files around where you want them.....though there is a couple of places to adjust php in order to upload big files but it is well documented.
<thesheff17> MTecknology: so that built package is that a manually approved process or is that automatic?
<taget> thesheff17: i will look into that in the morning. thank you for the help
<thesheff17> taget: no problem I should be around if you need more help
<Roxyhart0> somebody know any good solution to block P2P traffic?
<thesheff17> Roxyhart0: I have create a linux based router and then you can forward all the traffic through that box and filter what you want and don't want.
<MTecknology> thesheff17: that's just a normal build. It could keep building there forever and never make it into ubuntu. There's a couple different processes that you need to go through to get it included
<Roxyhart0> thesheff17, do you post that solution in somewhere?
<Roxyhart0> did
<thesheff17> Roxyhart0: http://www.gentoo.org/doc/en/home-router-howto.xml this one is based on iptables that I have used and you have to adjust for ubuntu but it is pretty straight forward
<Roxyhart0> thanks a lot
<thesheff17> Roxyhart0: np
<thesheff17> Roxyhart0: you don't have to anything with the kernel...that is all built into ubuntu
<Roxyhart0> ok, thanks ..i will have a look
<thesheff17> Roxyhart0: I actually just let all the traffic through on the router and then install a monitoring tool on the private interface to see what clowns where using P2P stuff...because sometimes I would use bittorent stuff to download ISO and other important data.
<thesheff17> MTecknology: well I hope it makes it into universe...but I can tell you I have no clue how all this works :)
<MTecknology> thesheff17: me either :P
<MTecknology> thesheff17: I think only about 1 or 2 actually do :P (or a few more-but it's not a lot that really understand it all)
<MTecknology> thesheff17: 1) if it gets into debian, it'll be in ubuntu 2) if not, then you need to get it into ubuntu directy 3) sometimes debian realizes it's good and then brings it in
<thesheff17> MTecknology: ah ok
<MTecknology> thesheff17: all three ways are a different process and have pros/cons
<MTecknology> thesheff17: I'm actually considering just helping the developer get it into debian - they're so close to being able to do it easily
<MTecknology> thesheff17: for now.. You can install from that PPA I linked you to
<thesheff17> MTecknology: excellent yea I feel like I haven't contributed much to ubuntu yet...hopefully that will change :)
<MTecknology> thesheff17: I feel the same :P
<MTecknology> thesheff17: You offer support in here which already helps a lot. You could also check out https://answers.launchpad.net/ubuntu (and also https://answers.launchpad.net/launchpad - a lot get incorrectly put here)
<thesheff17> MTecknology: I haven't been in a irc chat room since the early 90's of the aol days for who knows what.  Its great to be back.  I also feel like the forums for ubuntu aren't great...most of the questions go un answered which is disappointing.  When I was big into gentoo (before I found ubuntu) I would answer as much as I could on the forums.
<thesheff17> MTecknology: it could though just be the sheer volume of ubuntu users vs gentoo users.
<MTecknology> thesheff17: it is indeed. Ubuntu is geared toward easing the enterance barrier where Gentoo is absolutely not out to do that.
<thesheff17> MTecknology: haha I know...gentoo was the first linux distro I found and I thought all linux distos where like that :) how wrong I was.
<MTecknology> thesheff17: Ubuntu and Fedora are usually the first distros a person tries. That comes with "Where did my Start button go?" and "Where is my Outlooks?" which are so obviou to us, but not someone who's never tried something different. (I hate the pluraization of outlook) I don't think it's possible to eliminate most of the support without looking and acting exactly like windows. Problem is that the efforts to do that wound 
<MTecknology> thesheff17: #ubuntu, #ubuntu-server, answers.launchpad.net/ubuntu, and ubuntuforums.com and the bestest best places to help new users.
<MTecknology> thesheff17: You helped me out a massive amount today. Where did that go? The tool you showed me to may now wind up in the repositories. :D
<MTecknology> today and yesterday*
<thesheff17> MTecknology: yea I have no problem helping as much as I can...because I wouldn't know anything without the help of everyone else....I never touched a linux machine in college and I graduated with a comp sci degree which is sad
<MTecknology> thesheff17: oh.. and if you really want to get ambitious... https://answers.edge.launchpad.net/ubuntu/+questions?field.search_text=&field.sort=RELEVANCY&field.sort-empty-marker=1&field.actions.search=Search&field.language=en&field.language-empty-marker=1&field.status=OPEN&field.status-empty-marker=1
<Roxyhart0> hi thesheff17, sorry my question i did capture package with tcpdump and then analyze with wireshark and i got some pakages that are recognized by wireshark as bittorrent, but the port that shows me for that oacjages are > 50000 usually, and the rule that your shows me iptables -t nat -A PREROUTING -p tcp --dport 6881:6889 -i ${WAN} -j DNAT --to 192.168.0.2
<Roxyhart0> the port say 6881:6889, maybe i am confuse?
<MTecknology> thesheff17: that's about how my university is. <20 people actually understand linux at any depth in the entire university including both faculty and students
<thesheff17> Roxyhart0: all ports over 1024 are unprivileged ports and P2P can run on all of them...so only enable what you want.
<thesheff17> Roxyhart0: I think :)
<Roxyhart0> yes, i think so...just was confuse with the rule that said for bittorent, why say port 6881:6889
<thesheff17> Roxyhart0: prob just what is standard but feel free to adjust.
<Roxyhart0> ok, thanks a lot!
<Roxyhart0> do you know ipp2p?
<Roxyhart0> im wondering how as good it is?
<thesheff17> Roxyhart0: I do not...reading a little about it now
<thesheff17> Roxyhart0: sounds like that is still under massive development and has moved to http://www.ipp2p.org/
<Roxyhart0> so, still wait to use it
<thesheff17> Roxyhart0: well I would just do extensive testing before moving into production where ever you are using it.  Though that is pretty much anything I use on linux :)
<Roxyhart0> thanks :)
<Daviey> ttx: Don't suppose you are around yet? :)
<rdw200169> Roxyhart0: with my experience with ipp2p is that you just can't keep up with the tricks p2p software will throw at you
<rdw200169> Roxyhart0: instead, go about it another way: use HTB+SFQ to throttle subscribers (tc) and keep track of heavy abusers by logging b/w per IP in some way.  if someone is downloading (anything really) too much, blast them @ tc
<rdw200169> Roxyhart0: p2p software, or any software for that matter, can't download through a pipe bigger than the one you give it, so its most reliable to manage your problem that way
<ttx> Daviey: I'm here
<Roxyhart0> sorry drw200169, i was away ...im interested in your sugestion, do you know some page how to?
<blackstar256> does anyone know if its possible to      â
<blackstar256>                       | connect to an ssl vpn on a headless      â
<blackstar256> Does anyone know if it is possible to connect to a ssl vpn on a headless linux box?
 * Roxyhart0 slaps Roxyhart0 around a bit with a large trout
<rdw200169> Roxyhart0: haha, i'm looking for something for you;)
<rdw200169> Roxyhart0: see, the problem with doing traffic shaping, is that there is no easy way to do it
<rdw200169> Roxyhart0: i ran into the same problem(s) with p2p traffic in the past, and ended up using traffic shaping to do all my dirty work
<rdw200169> Roxyhart0: you may be interested in reading http://voxel.dl.sourceforge.net/project/htbinit/HTB.init/0.8.5/htb.init-v0.8.5 , the man pages for tc, tc-tbf, tc-htb, tc-sfq, and of course the manual on http://lartc.org
<rdw200169> Roxyhart0: note, also, that iptables and tc can work together using fw marks (which means tc filtering can be endless ...)
<Roxyhart0> somebdy know how i can copy from a server to another files and folder preservating permisions?
<\sh> rsync with preserve permissions
<Roxyhart0> do i need to install that tool?
<\sh> if it's not already installed, then yes
<Roxyhart0> thanks a lot
<cwillu_at_work> xserver on windows machine, or rdp server on the linux server?
<Roxyhart0> thanks a lot sh..it work perfect..
 * cwillu_at_work feels an urge to introduce sh to \sh, and watch the fireworks fly
<cwillu_at_work> -> #lesswrong :)
<cwillu_at_work> although he doesn't seem to be around at the moment :/
<huats> morning
<StefanMonov> Hi. Is there a difference between doing "ifconfig ... up" in /etc/rc.local, and having "auto eth0..." in /etc/network/interfaces?
<\sh> cwillu_at_work: hmm?
<soren> StefanMonov: Yes.
<soren> StefanMonov: Numerous differences.
<cwillu_at_work> \sh, other sh
<_ruben> ifconfig .. yuck
<ttx> supposedly-final Maverick alpha3 server ISO candidates posted at http://iso.qa.ubuntu.com/qatracker/build/ubuntuserver/all
<ttx> let's test the heck out of them !
 * Daviey grabs his heck removal tool.
<maswan> ttx: do you have a netboot environment too (pxe stuff), then I might try them.
<maswan> I have a few lucid annoyances that I wouldn't mind testing to see if they are gone
<ttx> We have some netboot tests in http://iso.qa.ubuntu.com/qatracker/build/ubuntuserver/all
<ttx> they are not that well documented though
<maswan> ah, excellent. let me see if I can get the time this afternoon to do an intsall test, or not.
<Daviey> maswan: We are all very keen to get PXE booting solid, so if there are some quirks you have discovered - do please raise them :)
<\sh> hmm...why don't we install ifenslave-2.6 during server install? bonding is not that uncommon for servers...
<Daviey> \sh: I think we'd need to drop something else to get that on there.. but you could raise a blueprint for maverick+1,  "Making bonding rock" meaning it's at least proposed for discussion.
<maswan> the most annoying lucid (and karmic before that) bug for intsalling for me is certainly 415353/571872.
<\sh> bug #415353
<uvirtbot> Launchpad bug 415353 in linux "karmic installation slow on "detecting network hardware" with bnx2x" [Undecided,Incomplete] https://launchpad.net/bugs/415353
<Daviey> bug #415353
<Daviey> hah, \sh you are as lazy as me :)
<\sh> bug #571872
<uvirtbot> Launchpad bug 571872 in debian-installer "bnx2x drivers take 100 seconds to initialize" [Undecided,New] https://launchpad.net/bugs/571872
<\sh> Daviey: I'm sysadmin, I have to be lazy ;)
<maswan> It makes install's "detecting network hardware" step for me take ~20 minutes.
<Daviey> \sh: http://twitter.com/Daviey/status/15926972131
<\sh> maswan: these are not those new HP Flex10 NICs for the new blade server series?
<maswan> \sh: uip
<maswan> yup even
<\sh> maswan: oh shit
<maswan> \sh: booting them when installed isn't that bad, but the installer part is rather annoying.
<Daviey> Hmm
<maswan> anyway, I was going to relocate myself. bbiab.
<\sh> maswan: also during PXE boot and nfs root mounts? I mean, ipconfig inside initramfs is hell alone...
<maswan> \sh: dunno, haven't tried that. but it takes a couple of minutes to get the interfaces up during a normal boot.
<maswan> (after the console gets to the login: prompt you have a minute or two before networking)
<maswan> ugh, really should run, back in 30
<\sh> maswan: lovely...that sounds like fun for me during the next couple of months of HW testing
<ttx> Daviey: starting a UEC/amd64/topo1 test
<Daviey> ttx: Same here.. having to use a CD-R - as my usual pendrive for this is U/S
<ttx> Daviey: arh, its broken
<ttx> tgt deps not on CD
<ttx> ISO testing news: looks like we'll have to respin again
<ttx> ETA for new spin is ~2 hours
<maswan> \sh: yup. it's "slightly" annoying when you run into disk numbering issues and grubs that fail to boot, which you "just" need to boot a rescue environment to fix.
<psteyn> Hi.  I'm porting my mailserver from centos to ubuntu server, but one of my scripts use 'passwd --stdin' functionality which ubuntu's passwd command doesn't have.  Is there any alternatives? / A way to get the same passwd functionality?
<Jeeves_> psteyn: Ehm, usermod, IIRC
<psteyn> ahh
<Jeeves_> But that only takes the crypted user
<Jeeves_> But that only takes the crypted password
<Jeeves_> Just a sec, I should have it somewhere
<Jeeves_> I only have versions where a crypted password is used
<Jeeves_> chpasswd worked for older Ubuntu's
<Jeeves_> usermod -p is needed for > karmic
<psteyn> I see, how would I encrypt the password?  I tried with mcrypt..but it doesn't seem right.
<psteyn> nm
<psteyn>  usermod -p `mkpasswd -H md5 newpass` username
<psteyn> :")
<Jeeves_> :)
<Daviey> err!
<Daviey> Hmm.. i had a script for just that purpose.. just looked it up..  and it's not as clean as i had hoped either :)
<Daviey> http://pb.daviey.com/JvD4/
<Jeeves_> Daviey: That looks like a wrapper around passwd, what's the use?
<Daviey> Jeeves_: being able to set the passwd from a script
<maswan> Hm. Maverick looks much better, only 5 seconds per interface. Still takes a bit over a minute for the installer to cycle through them all, but much better.
<Jeeves_> maswan: The installer?
<Daviey> maswan: Can you mention that on the bug report please?
<maswan> Yeah, I am going to
<maswan> I'm just busy runnign through a full install first. The boot screen was weird, I had to hit F1 for help before I could hit enter to boot the installer, and there were no "Advanced" choices either
<Daviey> hmm.. interesting
<maswan> Yeah, I was wondering if I had messed up my download of the ubuntu-installer directory, but I could hit F1 for the normal help and then enter to install from that screen..
<maswan> \sh: so, good news, assuming you're planning on running the maverick instead of the lts. ;)
<maswan> oh, wait, my mistake
<maswan> I had messed up, the wrong pxelinux.cfg file.
<Genk1> hello
<Genk1> is there a way to force postfix to use only TLS in his communications ?
<ttx> ETA for new Maverick Alpha3 ISO candidates for server: 30min
<uvirtbot> New bug: #613414 in dhcp3 (main) "package dhcp3-server 3.1.3-2ubuntu3 failed to install/upgrade: subprocess installed pre-removal script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/613414
<\sh> maswan: no...it has to be lucid for the next 2 years until next LTS release ;)
<zul> ttx: goody i can slack off then :)
<ttx> zul: for 5 more minutes :)
<maswan> Hm. Is there a reason why vmbuilder wgets files one by one instead of grabbing a big set of them at once? The second is much likely to get large tcp windows and throughput...
<ttx> ISO testing update: supposedly-final Alpha3 candidates posted on http://iso.qa.ubuntu.com/qatracker/build/ubuntuserver/all
<ttx> let's get crackin
<ttx> Daviey: about the registration failure
<ttx> you reported one test ok and one test failing
<Daviey> ttx: Reproducing here
<ttx> was it under the same conditions ?
<Daviey> identical.
<ttx> or one was netbootpreseeded and one was ISo ?
<ttx> it's quite steadily failing now
<ttx> so I wonder if there is not something else taht regressed
<ttx> hmm
<ttx> the web UI says it's already registered
<ttx> Daviey: then I deregister them in the web UI and restart...
<ttx> and now it says it's already registered in the euca_conf calls
 * ttx sighs
<Daviey> ttx, oh joy
 * ttx logs in again on the web UI for fun
<ttx> and sure, it's registered again
<ttx> Daviey: so actually it looks like though there are errors in registration.log, the registration succeeds
<ttx> ... as long as you log in on the web UI ?
 * ttx tries to make some sense out of that
<Daviey> heh
<ttx> Daviey: could you try adding a node ?
 * ttx will restart to test
<ttx> reinstall
 * Daviey notes that CD's are much slower than USB sticks.
<DrPoO> how do I prevent a process such as apache or mysql from starting next time I reboot my computer?
<csdco> anyone have experience with DoS on ubuntu server?
<hggdh> ttx, Daviey: so auto-registration is failing? It failed on my all-in-one install
<Daviey> hggdh, Will confirm in a few mins my results
<ttx> hggdh: well "failing" might not be the right word
<ttx> hggdh: euca_conf seems completely borked and reports crap
<ttx> and since we trust it to assess success/failure...
<Daviey> ttx, Have you succeed in registering an image before there is an NC avaliable?
<ttx> I did nothing and it fell into place
<ttx> Daviey: hav,'t tried
<hggdh> oh joy, joy, joy
<ttx> unfortunately I'm completely useless due to major headache today
<Daviey> http://pb.daviey.com/7B0J/raw/
<Daviey> I had that yesterday aswell.. but it fixed itself
<hggdh> ttx: in my case it actually failed to register on install (registration.log shows the failure). manually --register-* succeeded
<hggdh> weirdest thing is the SCS *did* get registered, even without a cluster
<hggdh> of course, it was not reported registered until I registered the cluster
<Daviey> I'm thinking it's pot luck, at the time you fire the command :(
<ttx> hggdh: in my case registration.log shows a failure, euca_conf says "can't register, login on web UI, web UI says "it's registered"
<hggdh> oh different
<hggdh> Daviey: pot luck, with replacements, and many options
<ttx> I'm not that sure. If you consider euca_conf reports incorrectly success/failure, it makes (some) sense
<hggdh> I agree we cannot trust euca_conf right now, but the registration log *does* show the failure
<hggdh> oh
<hggdh> if the reg.log maintained by euca_conf?
<ttx> hggdh: I'm starting to suspect it actually registers, despite registration.log showing failure
<hggdh> ttx: ack
<ttx> no, it's maintained by the uec-component-listener scripts
<ttx> it just reports the return code of euca_conf
<hggdh> yeah, so it is unreliable as well
<Daviey> hggdh, I'm sure we'll get a fix :)
<ttx> hggdh: apparently "registered" means different things to different pieces of the eucalyptus puzzle
<hggdh> Daviey: yes. Pigs *do* fly, only catch is when they land
<ttx> the UI says "yes", euca_conf says "screw you"
<hggdh> heh
<Daviey> ttx, On your NC install... did you get grub asking you to check the "Linux command line" it apparently extracted from /etc/default/grub?
<Daviey> entry = blank
<ttx> haven't installed NC yet, reinstalling all-in-one
<hggdh> Daviey: on install?
<Daviey> hggdh, yes, from the iso span today
<Daviey> (not preseeded)
<ttx> starting one right now
<hggdh> will look at the serial cons of all NCs
<Daviey> hggdh, during debian-installer
<Daviey> This registering an image is interesting...
<ttx> and then... registration works
<ttx> ...
<ttx> it's one of those days I should really consider working from hoime shouldn't prevent me from calling sick
<smoser> ttx, ping.
<hggdh> weird. I am opening a console on all, all all show me at a d-i screen "Configuring grub-pc"
<smoser> so you want some little blurb about kernel upgrades ?
<Daviey> ttx, Agreed - me and hggdh can keep cracking on. "Go Home" :)
<ttx> hggdh, Daviey: so the workaround seems to be: keep trying
<Daviey> exactly!
<ttx> smoser: can be done tomorrow
<ttx> ... I think
<ttx> ... I hope
<Daviey> dammit.. i intended to make the registration.log more useful in the last upload
<smoser> ttx, well, http://bazaar.launchpad.net/~ubuntu-on-ec2/ubuntu-on-ec2/ami-pages/annotate/head%3A/maverick-i386.body.html
<ttx> hggdh: so the onoly thing I did differently this time was to login immediately and keep doing netstat -tl to check services going up
<smoser> has something (See 'Changelog')
<smoser> Daviey, so what is up with grub causing problems ?
<ttx> maybe it slowed down the stuff sufficiently to win whatever race
<smoser> i'm thinking this is likely related to my addition of dependencies in eucalyptus-nc
<hggdh> ttx: I had a similar thingy yesterday -- of the 6 installs I did, 4 worked OK, two failed to register
<ttx> hggdh: did they actually not work ? Or you supposed they were broken by looking at euca_conf output and ergistration.log ?
<hggdh> I trashed all my NCs installs, and I am reinstalling & monitoring the serial console. All of them got stuck in d-i on grub
<Daviey> smoser, not entirely sure.. doing a fresh install to check
<Daviey> smoser, certainly *not* the changes you introduced.. So don't worry
<smoser> ok.
 * ttx wonders if everything does not come from the new "I need walrus up first" type of constraints
<Daviey> hggdh, Oh good.. it's not only me
 * ttx finishes his test and preps a long pause
<Daviey> I think grub is poorly. :(
<hggdh> ttx: they all worked after *manually* registering the cc, walrus, and sc
<ttx> hggdh: but not before ?
<Daviey> smoser, Actually.. i take that back.. it could be the depends change.. i was thinking in code changes.
<hggdh> ttx: but not before (these two I pointed as failing)
<hggdh> the other fours worked perfectly with auto-reg
<AndyGraybeal> samba  isn't in my /etc/init.d .. i selected to install samba from the ubuntu server install.. i'm wondering what i'm doing wrong.
<Daviey> ttx, Seems my walrus and cluster failed to auto register
<ttx> Daviey: got that grub-pc question as well
<AndyGraybeal> ah is it called smbd ?
<Daviey> ttx, oh good
<hggdh> Daviey: see if they got registered in secret
<Daviey> ttx, In a few steps.. see if grub fails to install
<ttx> DavidLevin: does entry=blank work ?
<ttx> Daviey: ^
<Daviey> ttx, I just pressed return
<ttx> Daviey: ok
<Daviey> (which didn't work)
<ttx> Daviey: please check netstat -tl
<smoser> i dont understand though.
<ttx> to see if you have 8773 8774 8443 and 9001
<smoser> wouldn't grub-pc have been installed before as the boot loader ?
<Daviey> dammit, i've just euca_conf --registered
<smoser> i wouldn't have thought that would have been a new dependency there.
<Daviey> smoser, i agree
<Daviey> smoser, I don't know if it's a recent change with our stuff.. or foundations
<ttx> smoser: any clue what I should answer to that boot line question ?
<smoser> i didnt see it.
<ttx> it wasn't there yesterday
<smoser> oh.
<smoser> wait. whats the question ?
<hggdh> Daviey: did you get a similar Q when installing the CLC/Walrus/etc? I did not
<ttx> Linux command line:
<Daviey> <Daviey> ttx, On your NC install... did you get grub asking you to check the "Linux command line" it apparently extracted from /etc/default/grub?
<Daviey> smoser, ^^
<smoser> i think you can probably leave it blank.
<Daviey> i left it balnk
<ttx> Daviey: I somehow regret that we introduced that version with new depends now
<ttx> Daviey: and it failed, right
<Daviey> ttx, That might not be the issue.. ofc
<smoser> my functional laptop has: GRUB_CMDLINE_LINUX=""
<Daviey> ttx, yes.. grub didn't handle the question well asking me which device to put it on
<hggdh> ttx: on the single install I let proceed, CMDLINE="" also
<hggdh> and it booted oK
<hggdh> whatever is it being asked for now
<ttx> Daviey: ok, so that's another issue, trying with empty
<smoser> hm.. that is strange.
<ttx> Daviey: could you file a bug about that, we need to find a way to not have that question asked
<smoser> i get annoyed by that in cloud images also
<hggdh> ttx: why did I *not* get this Q on the CLC install?
<Daviey> ttx, yup
<Daviey> hggdh, I didn't either
<ttx> hggdh: it's a NC dep
<hggdh> ttx: what dep?
<smoser> so, seriously, grub-pc is not installed on your CLC ?
 * hggdh doubts
<smoser> that question is coming from grub-pc
<Daviey> Hmm grub != grub-pc
<hggdh> smoser: it *is* installed, 1.98+20100722-1ubuntu1
<ttx> smoser: grub-pc is installed later in the process, by making the NC depend on it you force earlier install
<smoser> ah. thats what i was thinking.
<smoser> :-(
<smoser> i'm sorry for the pain.
<Daviey> smoser, don't be
<smoser> i'm going to run, thoguh, if i am needed, please call me.
<hggdh> smoser: makes life interesting ;-)
<smoser> and if the solution is "drop out smoser's changes", i wont cry too much.
<Daviey> smoser, Before you go..
<smoser> so this is on preseeded install that we're hitting it ?
<Daviey> smoser, What would happen if grub was removed from a depends?
<Daviey> just assume it's already installed?
<Daviey> smoser, and ISO
<smoser> well, grub-mkrescue will fail.
<hggdh> now, I did not get Q-ed on the linuxc cmdline, but on whether I wanted or not to install grub
<csdco> is there any addtl firewall on top of apache in an ubuntu server?
<smoser> i dont know.
<smoser> i mean if everything is truely there, then it should have no problem.s
<Daviey> smoser, ok, cheers.
<ttx> Daviey: I can't make it install
<Daviey> ttx, same here :(
<smoser> silly me thought that putting it in depends was right, since it depended on it :)
<ttx> I'm stuck at the grub-pc "upgrade"
<Daviey> i just started my NC install again to see
<smoser> you can probably put anything in that string
<Daviey> ttx, Keeps telling you that you have chosen not to install grub?
<smoser> its just going to get onto the linux command line
<smoser> which, who cares.
<Daviey> smoser, That is isn't the killer issue
<ttx> Daviey: yes
<smoser> grub-pc/install_devices is your issue?
<ttx> Daviey: that's actually a problem. The NC is completely uninstallable
<Daviey> smoser, Near the end.. grub asks you waht device you want it on
<smoser> well, you can tell it.
<ttx> or maybe not
<Daviey> you select a device
<Daviey> and press continue
<smoser> oh.
<smoser> :-(
<Daviey> grub then returns "Are you sure you don't want to install grub?"
<smoser> well, i'm sorry for this. i have to run. again, if "back out those changes" is the solutuion, then thats fine.
<Daviey> I thought i was being a plum, so started the install again to reproduce..
<Daviey> seems ttx has just hit the same behaviour
<ttx> Daviey: apparently if you let it continue it works
<smoser> i admit to not ever tested an full install with those packages.
<hggdh> ttx, Daviey: the NC *is* installable, I just installed two of them
<Daviey> smoser, Well it's not terribly easy to test packages at install time..
<ttx> hggdh: I was fearing it was not installable from ISO
<ttx> hggdh: apparently it's just a misleading message
<Daviey> i made a seperate local repo for doing this.. and it's not ideal
<ttx> Daviey: could you file a bug ?
<Daviey> ttx, yes
<hggdh> yes. I tried to say I did *not* want grub, and it kept on hapilly
<ttx> Daviey: so that the message is in english :)
<ttx> rigth, we need to document that
<Daviey> hggdh, crikey
<Daviey> well it's not as bad as we were thinking then
<ttx> Daviey: in fact the last install step catches back and installs it
<Daviey> i just killed the install and started again
 * ttx runs an instance
<Daviey> ttx, good luck.
<Daviey> oh noes, robbiew is here.
 * hggdh crosses fingers and toes
<ttx> everyone, make as if eucalyptus was working !
 * hggdh starts behaving nicely
<ttx> hggdh: I'm using your registration bug to as a metabug
<hggdh> ttx: roj
<ttx> instance running
<Daviey> hmm
<Daviey> i'm still getting the traceback
<Daviey> when registering an image
<ttx> works for me
<ttx> what iumage are you using ?
<ttx> Daviey: have a bug number for the grub-pc issue ?
<ttx> I'll mention it on my test report
<Daviey> ttx, I'll generate one now
<Daviey> ttx, Are both issues the same bug IYO?
<ttx> both ?
<Daviey> Linux Command Line one and the "Sure you don't want grub?"?
<ttx> you just shouldn't get prompted
<ttx> so its the same issue
<hggdh> they do sound related, but I did not get the cmdline
<ttx> file just one, we'll fix it by removing that depends
 * ttx really needs a pause now
<ttx> Daviey: let me know the bug number when its in
 * ttx pauses
<MTecknology> Any ideas how I can make ssh log into a user so it has all the users aliases and functions defined for it?
<MTecknology> so then I can do ssh server.com bash_alias
<pmatulis> MTecknology: search for 'environment' in sshd_config man page
<thesheff17> MTecknology: if you put your public key inside their authorized_keys you can go right into that account.
<Daviey> ttx, Sorry for the delay.
<Daviey> bug #613463
<uvirtbot> Launchpad bug 613463 in eucalyptus "[10.10 - Alpha 3 (candidate)] Prompts misleading grub dialogs during UEC Node installation." [Undecided,New] https://launchpad.net/bugs/613463
<hggdh> Daviey: no errors registering (lucid|maverick) (amd64|i386)
<hggdh> I mean, images
<Daviey> pah
<Daviey> I experienced this yesterday, and it fixed itself
<MTecknology> pmatulis: I must be missing it. I tried AcceptEnv *
<Daviey> ttx, Ok.. i've been infront of the computer for 9 hours now.. i need a break :/
<MTecknology> I also tried out PermitUserEnvironment
<hggdh> Daviey, ttx: I will go now for a (CLC+Walrus), (CC+SC), (NC)+ install. Who knows, the "Walrus first" may have been fixed...
<ttx> hggdh: or you might get lucky, if you do the right dance
<hggdh> heh.
 * ttx will lay down a little longer to let the meds calm down the fever
 * hggdh picks up the "Great Book of Magical Dances"
<ttx> I plan to run a UEC image on the cloud I luckily got running
<MTecknology> oh... it's trying to execute the alias on the local system instead of the remote system....
<ttx> and a tomcat6/amd64 test
<ttx> mathiaz_: I'll let you coordinate the rest of regular ISO testing
<ttx> mathiaz_: with zul and spamaps
<mathiaz_> ttx: okdiko
<mathiaz_> ttx: good luck with your dinosaurs battle
 * ttx is back, fully drugged.
<smoser> ttx, Daviey s were ok
<Daviey> smoser: ?
<smoser> ? with a wierd workaround?
<smoser> so we're ok? on euca-nc install
<Daviey> yeah!
<Daviey> so no kittens have been killed :)
<smoser> hs any one done euca\
<smoser> err  uec-provisioning?
 * Daviey gives smoser a new keyboard
<Daviey> smoser: yesterday, not today
<Daviey> smoser: But that isn't a concern for A3
<smoser> if you just took the 2 month old from my arm i might not need anothr keyboard :)
<smoser> alright. me is off again. later
<ttx> Daviey: I'm going to scrap my working UEC setup, unless you need it for some tests
<Daviey> ttx: sounds fine with me.
<Daviey> thanks for jumping in ttx !
<ttx> I'll run a few regular ISO tests, then be back with i386 topology1... and maybe more details on that strange registration issue
<ttx> I want to be able to clearly point to euca_conf behaving strangely, keep the autoreg stuff out of the equation
<ttx> so that we can push it upstream
<ttx> Daviey: tomorrow morning we'll have to come up with release notes for those funny bugs
<Daviey> funny release notes for the bugs.. got it!
<tesseracter> im going nuts trying to setup a NFS server that osx 10.6 can connect to. is there some sort of magicial param that i'm missing?
<papertigers> tesseracter: nfs3?
<papertigers> give it the insecure option in exports
<papertigers> the insecure option in this entry also allows clients with NFS implementations that don't use a reserved port for NFS.
<MTecknology> thesheff17: You available for a little help?
<tesseracter> /home/steven    foo.bar.0.0/16(rw,sync,no_subtree_check,insecure) is the line
<tesseracter> papertigers, ^
<thesheff17> MTecknology: yup
<MTecknology> jk_cp -f /jail /usr/bin/{vim,vim.basic,vimdiff,vimtutor}
<MTecknology> thesheff17: ^ I run those commands and then vim is available - but broken
<papertigers> tesseracter: try this on mac sudo mount -o -P server:/exported/path /local/path
<papertigers> I used to have to do that
<thesheff17> MTecknology: haha I think because vi isn't an alias to vim :)
<MTecknology> thesheff17: hm?
<thesheff17> MTecknology: so vi is really vim
<MTecknology> thesheff17: I never typed vi without the m right after
<thesheff17> MTecknology: right I wonder where they make that alias
<MTecknology> thesheff17: I'm considering making a really big chroot... then using that
<papertigers> 'which vi'
<MTecknology> /usr/bin/vi
<todd> vi != vim
<zul> yay! bacula 5.0.3 next week...WOHOO!
<MTecknology> right.. which is why I always type vim
<thesheff17> MTecknology: I would just create an alias from vi to vim
<ttx> hggdh: you mind if I rewrite the desc. for bug 609112 to talk about component resgitration rather than node registration ?
<uvirtbot> Launchpad bug 609112 in eucalyptus "[maverick] Registration unreliable" [High,Confirmed] https://launchpad.net/bugs/609112
<papertigers> thesheff17: /etc/alternatives/vi and that is vi -> /usr/bin/vim.basic
<ttx> hggdh: I think the current desc is misleading
<MTecknology> thesheff17: did that - no difference
<binBASH> someone knows what could be wrong?
<binBASH> modprobe kvm_intel
<binBASH> FATAL: Error inserting kvm_intel (/lib/modules/2.6.32-24-server/kernel/arch/x86/kvm/kvm-intel.ko): Operation not supported
<papertigers> binBASH: sudo?
<binBASH> I'm root ;)
<Daviey> binBASH: see if $ kvm-ok , gives an insight
<binBASH> Ahh
<binBASH> thx Daviey
<thesheff17> MTecknology:  /usr/bin/vi -> /etc/alternatives/vi
<binBASH> So that provider disabled virtualization in BIOS, bwarg :D
<Daviey> heh
<thesheff17> and then /etc/alternatives/vi points to  /usr/bin/vim.basic
<MTecknology> thesheff17: the problem is a lot of undefined functions inside vim
<thesheff17> MTecknology: what function isn't working
<papertigers> thesheff17: I just gave you that vi link, it goes to vim.basic
<MTecknology> thesheff17: E388: Couldn't find definition <- one - but I get a lot of them
<MTecknology> thesheff17: and the display is pretty mucked up
<RoyK> thesheff17: perhaps vim-nox has more
<RoyK> papertigers: ^^ that was for you
<pmatulis> MTecknology: maybe try vim-tiny
<MTecknology> pmatulis: spiffy idea..
<thesheff17> MTecknology:  /usr/bin/vi -> /etc/alternatives/vi ->  /usr/bin/vim.basic
<tesseracter> papertigers, just hangs, are there logs i can tail to see if the mac is hitting the server?
<MTecknology> pmatulis: still messed up - but much better
<RoyK> tesseracter: nfs?
<MTecknology> pmatulis: I keep thinking I'm probably missing some files that it wants
<pmatulis> MTecknology: yes, probably some libraries
<papertigers> tesseracter: from the mac when you mount give it the -v
<papertigers> for verbose see what its waiting on
<thesheff17> MTecknology: /usr/share/vim/ you might want to copy all this into the chroot env
<thesheff17> MTecknology: I wonder though how much of that is symlinked around :(
<MTecknology> thesheff17: easy enoguh...
<papertigers> Why not take the vim tar ball and compile it in the chroot :) haha
<pmatulis> MTecknology: use ldd to determine what libraries you need
<MTecknology> thesheff17: find /usr/share/vim/ -exec jk_cp -f /jail {} +; :D
<thesheff17> papertigers: that is what I was thinking...maybe even add sudo and apt-get into chroot and could you apt-get vim :)
<MTecknology> thesheff17: if you had the tools in there to do that :P
<tesseracter> papertigers, 1. -P wasn't considered a valid option, 2. v, vv ,vvv aren't giving any text at all, 3. it returns mount_nfs:cannot access /home/steven: Permission denied when it did return after the hang.
<tesseracter> papertigers, although without -v, -P seemed to work, thats when i got permission denied.
<MTecknology> I just made a really hefty chroot - we'll see how that works
<papertigers> tesseracter: hmm you are on server, do you ahve a gui or just cli
<tesseracter> papertigers, just GUI on server.
<papertigers> tesseracter: okay go to finder
<tesseracter> papertigers, heh, i meant to say just cli
<papertigers> and then go to file connect to server and do nfs://myip:/path/to/share
<tesseracter>  /facepalm
<papertigers> tesseracter: ahh okay, I was gonna say I know the gui way works on my mac
<tesseracter> thats frustrating...
<MTecknology> there we go.....
<tesseracter> papertigers, now youve got me confused. the server is on ubuntu, the client is a mac. the finder connect to server thing hasn't worked....although it worked a while ago with a different guys laptop. it just hasnt been consistent between macs.
<MTecknology> thesheff17: pmatulis: Fixed... debootstrap lucid dir; chroot dir; aptitude install vim
<MTecknology> :D
<thesheff17> MTecknology: sweet :)
<MTecknology> less secure chroot becuase you can do more in it.. but...
<MTecknology> it's working
<MTecknology> what's the stable version of debian?
<MTecknology> lenny.. there we go
<MTecknology> If I go with a complete chroot, I may as well go with one that doesn't change much
<RoyK> is there anything in the works for making ubuntu virtualisation work like vmware or hyper-v where you can setup 2-3 boxes and have them work as a HA-cluster without anything in front?
<MTecknology> Any ideas how to stop these messages?  http://dpaste.com/224964/
<MTecknology> heh... simple enough
<MTecknology> pmatulis: still doesn't work exactly right - vim acts more like vi
<MTecknology> pmatulis: actually.. it acts more like some of the keys are messed up.. I press I, Delete and the position turns into a ~ and then the letter I was on comes back and the case of the previous letter changes
<pmatulis> MTecknology: why not set up a machine for this express user-login purpose?  i still don't know much details of what you're doing
<MTecknology> pmatulis: hm?
<MTecknology> pmatulis: just setting up user jails
<pmatulis> MTecknology: seems like it not working out
<MTecknology> pmatulis: my question about ssh is completely different
<MTecknology> It seems like it's something with escape sequences of special chars
<MTecknology> I like Delete but if I can't use it I guess that's fine - it seems like that's the only issue with it
<ttx> mathiaz: is kirkland with you today ?
<ttx> mathiaz: see why I want a presence tool :)
<thesheff17> MTecknology: I wonder if vim is just confused on what keyboard you are using.  I have seen del and backspace both break on vim before
<mathiaz> ttx: yes - he is busy
<ttx> mathiaz: right, he synced with me
<mathiaz> ttx: good :)
<MTecknology> thesheff17: any ideas hwo to fix it?
<ttx> Daviey: got my i386 setup working the first time I tried
<Daviey> ttx: you should enter the Lotto
<Daviey> sounds like your numbers came in!
<ttx> SpamapS: please coordinate with mathiaz to get some ISO testing coverage today
 * ttx completes one last test and jumps directly to bed to heal that headache
<mathiaz> SpamapS: I'd suggest you to start with the i386 images
<mathiaz> SpamapS: as I'm testing amd64 right now
<ttx> mathiaz: we'll need coverage on the upgrade and netboot side as well
<mathiaz> ttx: upgrade?
<mathiaz> ttx: we're already testing upgrade in alpha3?
<uvirtbot> New bug: #613309 in cloud-init (main) "upstart scripts do not wait for 'cloud-config' status" [Undecided,New] https://launchpad.net/bugs/613309
<ttx> mathiaz: dunno, it shows up in http://iso.qa.ubuntu.com/qatracker/build/ubuntuserver/all
<mathiaz> ttx: I thought upgrade started to be tested at beta time
<ttx> mathiaz: see with ara if it's superfluous ?
<mathiaz> ttx: ok - I'll sync up with ara
<mathiaz> ttx: have a good night
<ttx> not before I can start an instance on that UEC :)Ã 
<Daviey> upgrading uec from lucid was known to be broken
<Daviey> The recent upload has hopefully addressed this, but i haven't tested it
<thesheff17> MTecknology :fixdel does that help at all?
<ttx> arh
<ttx> instance automatically shutting down
<ttx> ...
<MTecknology> thesheff17: *blink* :D
<ttx> let's say its a dupe of bug 610479
<uvirtbot> Launchpad bug 610479 in eucalyptus "Instance fails to start" [High,Confirmed] https://launchpad.net/bugs/610479
<thesheff17> MTecknology: so del is the only key not working?  Sorry a developer was bugging me about something :)
<MTecknology> thesheff17: I think so.. that's kinda interesting
<thesheff17> MTecknology: http://vim.wikia.com/wiki/Backspace_and_delete_problems
<MTecknology> thesheff17: thanks :)
<hggdh> ttx: nope, you cannot manually register the walrus on a separate install -- euca_conf requires the CLC to be running
<hggdh> ttx: so... this really breaks eucalyptus on distributed installs
<qman__> yeah, I've run into those issues with backspace and delete on solaris, though I've never run into them on linux
<qman__> good document there
<ttx> hggdh, Daviey: ran into bug 613514 trying to start instances on my i386 UEC setup
<uvirtbot> Launchpad bug 613514 in eucalyptus "Instance does not start" [Undecided,New] https://launchpad.net/bugs/613514
<ttx> and now eod
<hggdh> ttx: I am going back to an all-in-one, and will check it
<Daviey> Registering images would be nice :)
<nicetry> Hello, I'm trying to install php5-mcrypt in ubuntu server 10.04 - but I'm getting this message: The following packages have unmet dependencies: php5-mcrypt: Depends: phpapi-20060613+lfs -- However http://packages.ubuntu.com/lucid/php5-mcrypt says the phpapi-20090626+lfs is a virtual package provided by packages I already have... So whats going on here?
<nicetry> Can anyone help me install php5-mycrpt?
<jetole> Does anyone know how I can query a DHCP server without having any of the settings take effect on my system but where I can have it display everything it says?
<MTecknology> I forgot a hard link can't cross partitions
<MTecknology> fooye :P
<SpamapS> mathiaz: ok, will start i386 stuff. :)
<mathiaz> SpamapS: hm - well - I'm about start i386 tests
<mathiaz> SpamapS: I'll be finished in 30 minutes
<mathiaz> SpamapS: http://iso.qa.ubuntu.com/qatracker/build/ubuntuserver/all
<hggdh> Daviey: still awake?
<mathiaz> SpamapS: netboot seems to be the main part missing test coverage
<Daviey> hggdh: sadly
<mathiaz> SpamapS: I'd suggest to take the amd64 netboot tests
<mathiaz> SpamapS: and check whether you can run them
<Daviey> mathiaz: I'm pretty sure ttx said netbooting isn't a priority for A3 tests
<hggdh> Daviey: have you ever heard of a programme called 'bttrack'? I see an error in the cloud-debug.log stating it cannot find it
<nicetry> Can anyone help me figure out why ubuntu server refuses to install php5-mcrypt?
<hggdh> nicetry: what is the exact error you get? pastebin it if necessary
<Daviey> hggdh: interesting.. that is a torrent client
<SpamapS> mathiaz: I don't have any way to test net boot
<SpamapS> BTW was there some email I missed saying the iso's were out?
<Daviey> hggdh: I suspect that is a new feature he hadn't yet heard of
<hggdh> Daviey: I know of 'bttrack.bittorrent', but not of just 'bttrack'
<hggdh> at least we are not packaging anything with this name right now for Maverick
<Daviey> hggdh: hmm.. it's provided with both bittornado and bitttorent packages
<nicetry> hggdh:  http://pastebin.com/VZdkYmgb
<Daviey> hggdh: Thankfully, they are both main - so it's not a biggy if we need to add them..
<Daviey> hggdh: I sort of expect it's a feature of distributing the images via torrent to the nc's.. but this is nothing more than a hunch
<mathiaz> SpamapS: I'm subscribed to test cases in the iso tracker
<mathiaz> SpamapS: that's how I get notified whenever new images are waiting to be tested
<Daviey> SpamapS: The ISO's aren't out.. we are testing the candidates :)
<mathiaz> SpamapS: http://testcases.qa.ubuntu.com/Install/NetBoot
<mathiaz> SpamapS: ^^ this outlines net boot
<mathiaz> SpamapS: it turns out that netboot is actually about testing the mini.iso
<nicetry> hggdh: Any ideas?
<Daviey> I guess mini.iso is pretty close to a PXE enviroment, if you can't change your dhcpd settings
<Daviey> Although.... a valid test could be using gpxe
<SpamapS> mathiaz: ah
<SpamapS> I have a laptop
<SpamapS> nothing else
<SpamapS> not really interested in risking accidentally wiping it with a pxe install. ;)
<Daviey> SpamapS: virtulisation baby!
<Daviey> kvm and virtualbox can both PXE boot :)
<zul> SpamapS: time to get some more hardware
<SpamapS> zul: I spent years kicking all the hardware out of my house
<mathiaz> Daviey: right - we should add some pxe testing as well
<SpamapS> its nice and quiet
<SpamapS> and cool
<mathiaz> SpamapS: I hear you ;)
<zul> SpamapS: heh....well different career path requires different hardware :)
<SpamapS> I do have an old G5 mac but I doubt people care about powerpc testing. :)
<mathiaz> SpamapS: I was able to setup a netboot installation environement using vm only and libvirt
<Daviey> mathiaz:  i can't, over the noise of these servers
<mathiaz> SpamapS: I have a virtual network within libvirt where i have an pxe server running
<mathiaz> SpamapS: that how I can test network installation within my laptop
<SpamapS> zul: true, I have the whole cloud at my fingertips though.. who runs real servers anymore anyway? ;)
<hggdh> nicetry: what version of Ubuntu?
<zul> SpamapS: umm...when you are needed to test isos perhaps? ;)
<SpamapS> Its an interesting idea to create a virtual netboot test env.
<SpamapS> seems like cheating. ;)
<nicetry> hggdh: 10.04
<nicetry> hggdh: but this also happend before I upgraded in 9.10
<SpamapS> mathiaz: so I shouldn't bother downloading the i386 iso then?
 * SpamapS only has the amd64 isos
<mathiaz> SpamapS: nope
<mathiaz> SpamapS: if you have amd64, you could also run through the raid1 install: http://iso.qa.ubuntu.com/qatracker/result/4389/286
<mathiaz> SpamapS: and report it to http://iso.qa.ubuntu.com/qatracker/test/4389
<hggdh> nicetry: phpapi-20060613+lfs does not exist on Lucid
<hggdh> nicetry: but there is phpapi-20090626+lfs
<hggdh> nicetry: are you sure you are using the Lucid repositories?
<SpamapS> Read maverick-server-amd64.iso. Target 41.7% complete.
<SpamapS> Wow we changed a lot. ;)
<nicetry> hggdh: no! the universe/multiverse were still karmic for some reason
<nicetry> hggdh: thank you - that did it
<hggdh> nicetry: welcome, glad to be able to help
<thesheff17> would anyone suggest a reverse proxy?  I know there is squid, pound, apache, nginx and basically just looking for high performance active checks on the backend and sticky persistence.
<Jeeves_> nginx doesn't do sticky persistance, IIRC
<thesheff17> Jeeves_: thx
<Jeeves_> Oh, wait.
<Jeeves_> It does
<Jeeves_> It was varnish that didn't
<thesheff17> ah ok...I just actually started looking at that.
<SpamapS> varnish is really high performance
<SpamapS> and I believe while it doesn't do session persistence, it does utilize keepalives on the backend connections
<SpamapS> haproxy is also really nice
<SpamapS> IMO, needing sticky persistence means limiting your application quite a bit.
<SpamapS> thesheff17: Do you really need sticky persistence, or just think it will improve performance?
<thesheff17> SpamapS: well I did in the past but the developers might have fixed their crappy cache system on the code side :)
<MTecknology> I get this http://dpaste.com/224992/ from doing this --> sudo -s /bin/dash -n -H -u demo.kalliki.com -i -- yes y | /usr/local/sbin/drush/drush -r /jail/home/demo.kalliki.com/drupal -l demo.kalliki.com up
<MTecknology> GRR
<SpamapS> thesheff17: www.memcached.org :-D
<MTecknology> thesheff17: I'm trying to make something happen outside of the chroot as that user
<thesheff17> SpamapS: thx I sent it to the developer...I'm sure he will love that link :)
<thesheff17> MTecknology: what are you trying to do?
<SpamapS> thesheff17: honestly, if they are in a web environment, and they haven't heard of it yet.. they're fired. ;)
<MTecknology> thesheff17: I want to run a php process as that user - but I want to not be confined to their chroot
<MTecknology> thesheff17: if I could change their shell to /bin/bash and their home dir to /jail/home/user instead of /jail/./home/user it might work..
<SpamapS> MTecknology: -f you drop -H, you won't inherit the user's whole login environment, you'll just get their uid/gid
<SpamapS> s/-f/if/
<thesheff17> MTecknology:  you could write some script to check for something within the chroot to let them run something on the main server.
<MTecknology> SpamapS: I tried without the -H too
<MTecknology> root@incipio:~# sudo -s /bin/bash -n -u demo.kalliki.com -i -- "/usr/local/sbin/drush/drush -r /jail/home/demo.kalliki.com/pressflow -l http://demo.kalliki.com up"
<MTecknology> /bin/bash: demo.kalliki.com: No such file or directory
<MTecknology> I'll have to finish fighting this when I get back.
<axisys> is there a channel to discuss type 1 virtualization with ubuntu ?
<pmatulis> axisys: type 1?
<axisys> pmatulis: like xen .. hypervisor.. not virtualbox (type 2)
<pmatulis> axisys: try #ubuntu-virt for any "types"
<axisys> pmatulis: thanks
<hggdh> Daviey: rejoyce! I ran 81 instances on an all-in-one + 5 NCs, and 78 succeeded!
<Daviey> hggdh: \o/
<hggdh> yeah... who would have said...
<Daviey> hggdh: what was your sleep interval between starting instances?
<hggdh> Daviey: the usual ramdon between 5 and 11 seconds
<Daviey> ok, thanks
<Daviey> hggdh: If you fancy testing it when you go to bed, fancy leaving it at ~60 seconds?
<hggdh> on my rig, this guarantees I will be usually getting all possible instances to run
<Daviey> (or more)
<hggdh> Daviey: yes, no prob. Any special reason?
<Daviey> hggdh: I am interested to see if it's just a bad timing issue, or if spawning too fast causes it
<Daviey> i suspect it's the luck of the draw issue we've been experiencing with a few parts of the stack
<hggdh> Daviey: oh. OK. I will change the test not to do a -n on euca-run-instances
<Daviey> super!
<hggdh> Daviey: how many? Fancy 1000?
<hggdh> (we will be sleeping, after all)
<Daviey> hggdh: while true:
<Daviey> :)
<Daviey> 99999999999999999999 should cover it.. the kill it when you start tomorrow
<Daviey> is that ok?
<hggdh> yes, no prob (but I could never run more than 10k before having som many errors that I would kill it
<hggdh> MAX_INT64 it is
<Daviey> Oh, sorry - pick a suitable value then :)
<hggdh> running the beast now, Daviey
<hggdh> (we actually will not get much done, one every 60sec == 1440 in 24 hours)
<Daviey> yeah :/
<Daviey> thanks hggdh !
<hggdh> Daviey: my pleasure. I believe you ar now due for bed, correct ;-)?
<Daviey> hggdh: yeah right!
<Daviey> sleep is a commodity that Ubuntu doesn't like :)
<hggdh> heh
<Kaffien> how can you resize a XFS partition?
<ivoks> you can only extend it
<ivoks> and, notice that XFS is file system, not a partition
<Sander_> can i use ftp client on a ubuntu server?
<iowahc> hy there. anyone know how to configure tomcat on 8.04 to listen in ipv4? it only listens on ipv6 :(
<iowahc> Sander_: there is the ftp - CLI client
<iowahc> so why not?
<ivoks> Sander_: lftp is a great CLI client
<Sander_> apt-get lftp ?
<ivoks> iowahc: it should listen on ipv4 by default
<ivoks> iowahc: if you have ipv4 address
<ivoks> Sander_: you already have ftp client installed
<ivoks> Sander_: just type ftp and hit enter
<iowahc> ivoks: well. should :D it doesn't
<Sander_> done
<Sander_> but i don understand that ftp client :$
<Kaffien> you cannot shrink the xfs filesystem?
<ivoks> Kaffien: nope
<Kaffien> that is retarded
<ivoks> Sander_: open ftp.server.com
<Sander_> thanks <3 ;p
<ivoks> ftp --help would help
<ivoks> er... man ftp
<ivoks> iowahc: i have 0 experience with tomcat configs :/
<iowahc> np. thx anyway :)
<AlexMax> Where can I find the Sun JRE package for Ubuntu Server?  I thought it used to be in the repos as sun-java-jre-whatever but I don't see any sign of it in karmic
<AlexMax> erm
<iowahc> AlexMax: sun-java5-jre
<AlexMax> make that lucid
<ivoks> apt-cache search sun jre
<iowahc> or sun-java6-jre
<guntbert> !java
<ubottu> To install a Java runtime on Ubuntu, see https://help.ubuntu.com/community/Java. For the Sun Java products and browser plugin, search for the sun-java6- packages in the !partner repository on Lucid (which must be enabled), or !multiverse repository on older releases.
<AlexMax> AH!
<AlexMax> partner repos
<guntbert> AlexMax: you need the partner repo enabled
<ivoks> i don't have it enabled
<ivoks> but i have sun jre
<ivoks> hm?
<ivoks> oh, i have :D
<AlexMax> thanks
<hggdh> Daviey: I just noticed you applied for bug-control last year (!!)
<Daviey> hggdh: Yeah.. probably did
<AlexMax> heh reason i said karmic was that this box has been upgraded from karmic to lucid and parts of the sources (commented out) still said karmic :P
<AlexMax> sources.list
<hggdh> AlexMax: this hould not have happened on a kosher upgrade
<Daviey> hggdh: Decided to just be a member of ~ubuntu-dev instead :)
<hggdh> and got your -control as bonus :-)
<hggdh> Daviey: OK. I am considering cleaning up the cruft on the -control proposed list... I will start by declining you (since you have it via -devs)
<Daviey> hggdh: feel free :)
 * hggdh goes on. One down, 300 to go
<hggdh> Daviey: interestingly, with interval betwee submissions ~60 sec, I already got 11 failures in 81 tries
<Daviey> pah
<Daviey> hggdh meet LP-API
<Daviey> i'm pretty sure could could auto decline if left idle for 30 days :)
<hggdh> yes... but we did not have it, and there are requests pending from 2008 or earlier...
<hggdh> I am considering writing a hack to clean it up
<Daviey> hggdh: Oh aye.. i'm just saying rather than spend the time declining them manually.. the same time on a little python.. :)
<hggdh> :-)
<idlemind> hello. i'm running 10.04 server i'm wondering if there is any issue with running ACL's on my filesystems. i'm using the server as a web-hosting server. in particular LAMP services
<RyanP> I have a setup with users authenticating via LDAP. How can I force a password change on first logon?
<soren> RyanP: Set the "lastChanged" field to 0.
<soren> ...or whatever it's called.
<RyanP> soren, Thanks. What would you consider to be the easiest way to do that?
<soren> RyanP: Using whatever tool you use to deal with other aspects of user management.
<idlemind> what user does apache run as in ubuntu 10.04 lts server by default/
<idlemind> * ?
<idlemind> nm it's www-data
<soren> idlemind: www-data
<mathiaz> SpamapS: any progress on the raid1 iso test?
<SpamapS> mathiaz: My internet connection went down 2 hours ago, just came back up so I am just now finishing the download and starting on it. :(
<mathiaz> SpamapS: ok - cool
<mathiaz> SpamapS: are you doing amd64 or i386?
<SpamapS> mathiaz: I have the amd64 iso downloaded... so I'll start there. i386 has 11m left on the download
<mathiaz> SpamapS: 11 *months* - where do you live?
<SpamapS> mathiaz: Alpha Centauri
<SpamapS> mathiaz: once the bits start flowing, it will be over in 5 minutes.. but the latency is AWFUL
<mathiaz> SpamapS: no wonder that your internet connection breaks down once in ahiwl
<comron> Anyone have experience with http://libslack.org/daemon/ ?
<SpamapS> libslack?
<EvilPhoenix> heh
<EvilPhoenix> comron:  guess not
<comron> EvilPhoenix: heh. It was worth a try :)
<n00b3rz> Hey all
<n00b3rz> I was wondering if anyone had some thoughts for me...I have a Dell Rackmount server (2850) and it's on the network with two IPs and receives pings, ssh, etc, but cannot connect out, no ping, looks like no dns
<n00b3rz> can't even hit the gateway
<guntbert> n00b3rz: can it ping itself? both IP adresses?
<n00b3rz> guntbert: Yes it can
<guntbert> n00b3rz: please pastebin the output of: ip ad   and of: ip r
<n00b3rz> I'm using static IPs, under /etc/network/interfaces I have auto eth0
<n00b3rz> iface eth0 inet static
<n00b3rz> should the first line have static eth0 ?
<guntbert> n00b3rz: no, those are actually commands you should enter
<guntbert> !pastebin | n00b3rz
<ubottu> n00b3rz: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<n00b3rz> http://pastebin.com/mn32WyBr
<n00b3rz> thanks BTW
<n00b3rz> I've been googling around and haven't run across anything that seemed to describe my situation, my google-fu must be weak :-|
<guntbert> n00b3rz: 1) whats the idea of 2 nics in the same network? 2) you should always have only one default route
<SpamapS> guntbert: I don't believe that #2 is true. its perfectly fine to have multiple routes to any destination
<SpamapS> as long as the gateway knows how to get to the destination
<n00b3rz> guntbert: 1) No point right now, only one network to work with and I believe one is unplugged. 2) I can see about disabling the second default route if necessary
<n00b3rz> that could be it though, if one cable isn't connected and that default is used first...I did try swapping cables and it still had no connectivity
<guntbert> n00b3rz: could be :-)
<SpamapS> if one is down, the routing layer won't use it.
<SpamapS> n00b3rz: why is one disconnected?
<n00b3rz> yea, that fixed it, thank you guntbert and SpamapS
<guntbert> SpamapS: in my experience multiple default routes lead to trouble
<guntbert> !yay | n00b3rz
<ubottu> n00b3rz: Glad you made it! :-)
<SpamapS> guntbert: yeah, it doesn't do what most people think it does, but it should work fine.
<n00b3rz> SpamapS: I only have one place to connect the server to
<SpamapS> n00b3rz: you can put two IP's on one interface, if you need both IP's
<n00b3rz> only one network here at work, only need one IP too
<guntbert> SpamapS: not with default route - it doesn't
<SpamapS> well then stop doing weird stuff with two IP's ;)
<n00b3rz> hehe, good to know!
<guntbert> I'm on my way to bed - glad it works now :-)
<n00b3rz> if I want to disable the second interface would the best place be under /etc/network/interfaces?
<n00b3rz> removing the entry for that connection?
<SpamapS> n00b3rz: yes
<SpamapS> http://penguindroppings.wordpress.com/2010/08/04/fsck-mountall-var-and-lucid/
<SpamapS> ugh
<SpamapS> we gotta fix stuff like that :-P
<klaas> I would like ubuntu without plymouth as a possibility
<SpamapS> or a "server mode" for plymouth
<klaas> especially cause I never see my server boot anyways :)
<SpamapS> When you are watching your server boot..
<SpamapS> its usually because something hit the fan
#ubuntu-server 2010-08-05
<jose120photo> Does anyone know of any good reading material on good practices for setting up a Ubuntu Server as a guest VM?
<jose120photo> I have setup Ubuntu Server VMs before, but I will be setting one up for production and I just want to make sure I don't run into any gotchas down the road
<YankDownUnder> jose120photo, On what - an MS box?
<MTecknology> SpamapS: I'm back - to fight this some more..
<MTecknology> Is it possible to not actually become the user but run a command with their uid?
<SpamapS> MTecknology: :)
<SpamapS> MTecknology: thats what sudo -u does
<MTecknology> SpamapS: sudo -n -u demo.kalliki.com -i -- "ls /home"
<MTecknology> SpamapS: Doing that shows me a listing of users inside of the jail
<SpamapS> MTecknology: -i ?
<MTecknology> ...
<SpamapS> MTecknology: why?
<MTecknology> to to run that command
<SpamapS> MTecknology: thats for simulating their login .. as in, running their specified shell (probably your chroot)
<MTecknology> that would make sense why it's not working for me :P
<SpamapS> Indeed
<MTecknology> How can I execute a command without them logging in?
<SpamapS> MTecknology: take off -i
<MTecknology> SpamapS: have you ever had a huge face moment that involved your palm?
<uvirtbot> New bug: #613671 in puppet (main) ""undefined method `closed?' for nil:NilClass" when signing certificate" [Undecided,New] https://launchpad.net/bugs/613671
<MTecknology> I think I stuck this in a loop :S
<MTecknology> SpamapS: thanks :D
<SpamapS> http://www.lostrepublic.us/Graphics/DoubleFacePalm.jpg
<MTecknology> :P
<MTecknology> weird...
<MTecknology> somehow the yes command is taking EVERYTHING after it as input
<MTecknology> yes y | /usr/local/sbin/drush/drush -r $base $oper" - keeps repeating this -   y | /usr/local/sbin/drush/drush -r /jail/home/accents3101.com/pressflow -l accents3101.com up
<hggdh> MTecknology: not here :-)
<MTecknology> SpamapS: THERE! I needed -s instead of -i
<SpamapS> MTecknology: if you're running it without a shell, thats why.
<SpamapS> MTecknology: ah, yes, -s
<MTecknology> hggdh: you're not here?
<hggdh> MTecknology: no, 'yes' behaves sensibly here
<hggdh> I *am* here. I think.
<MTecknology> :P
<MTecknology> woohoo - this is awesome my big massive fight with jails is coming to an end
<MTecknology> hggdh: It kind of makes sense that it acted like that - just weird
<uvirtbot> New bug: #613683 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.3 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/613683
<MTecknology> Dangit.. I thought I had this puppy licked
<papertigers> MTecknology: what puppy!
<MTecknology> papertigers: moving all users into a jail but having the system work as the users outside of the jail
<papertigers> MTecknology: oh thats right you wanted to move vim haha
<MTecknology> papertigers: vim is the least of the battles :P
<MTecknology> papertigers: was one though. debootstrap lenny + removing packages I didn't need proved to be MUCH easier for this particular use. However.. jailkit was amazing and light.
<MTecknology> papertigers: WOW! Somehow I just managed to loop into becoming a user - basically   for i in {1..10}; do su - user$i; su - user$i; su - user$i; done
<MTecknology> papertigers: and to type exit a lotta times :P - I think that means my sudo command is wrong :P
<papertigers> MTecknology: you are crazy, whats this jail for
<MTecknology> papertigers: so no user can start php processes - there's a few other things I don't want them touching if they have a shell account
<papertigers> hmm
<papertigers> MTecknology: why not just give them rbash
<papertigers> of some sort
<papertigers> restrictive bash
<papertigers> haha
<MTecknology> papertigers: tried that route - sum it up.. people rarely use rbash in real life because it doesn't really work
<papertigers> the other option id say would be pam
<papertigers> pam seems perfect for this
<MTecknology> papertigers: The monday I decided to fix the big massive gaping security hjoles that I knew about for a while.
<MTecknology> I thought so too.. turns out it wasn't :P
<MTecknology> It could help, but only do half of what I want
<MTecknology> papertigers: Monday morning I'd known about many holes for a while. Some of which allowed any remote user to entirely wipe the system
<MTecknology> papertigers: I'm curious - MTecknology: you are crazy, <-- what do you mean by that?
<MTecknology> papertigers: I kind of ignored it because I hear it so much :P
<papertigers> haha
<papertigers> what wholes?
<MTecknology> way too many to count
<[IA]Zealot> Question: In 10.04 Server, how to I permanently disable screen blanking for all the ttys ?
<rdw200169> [IA]Zealot: this was mentioned before (hold on)
<rdw200169> [IA]Zealot: i believe this is what you want: http://superuser.com/questions/152347/change-linux-console-screen-blanking-behavior
<[IA]Zealot> rdw200169: I'll read it thanks :)
<TheJ3ckyl> ?? Ubuntu 10.04   syslogd equal to rsyslogd in /etc/default so that if I add the "-r"  it will allow remote syslog messages?
<TheJ3ckyl> anyone??
<Roxyhart0> Hi there... i need to add the record A from my domain controler to bind, i am not sure how to do that. somebody know?
<ivoks> it's process of editing a file
<Roxyhart0> thanks ivoks, i know but i dont know what i need to write there as is a domain controler..i already write in it @ in A 127.0.0.1 as the same server is the domain controler, but still i got the error
<Roxyhart0> so, maybe do i need to write something different?
<ivoks> did you raise serial?
<Roxyhart0> sorry what do you mean?
<ttx> Daviey: o/
<ivoks> Roxyhart0: in that file where you added A record, there's a line that has string 'serial'
<ivoks> or 'Serial'
<ivoks> do you see it?
<Roxyhart0> no ?
<ivoks> could you paste that file on pastebin?
<Roxyhart0> sorry yes, it say erial 2
<ivoks> raise it to 3 and reload bind
<Roxyhart0> ok, i will try tahnks
<Roxyhart0> hi there, i im writing 2 domains in the dns...one is mydomian.com and the another one is myseconddomain.com. for some reason the client just can do nslookup to the first one. What cpuld be the error? I am able to do nslookup to the second one but just form the same dns server, no form clients
<g0rd0n> maybe some error in the zone? reload bind and check syslog
<Jeeves_> Roxyhart08: Which domains?
<Roxyhart08> well, my domain controler which in samba is called MYDOMAIN and the  domain name which is mydomain.com
<Jeeves_> Which one doesn't work?
<Roxyhart08> apparetly i need to set it for both in dns, but the client just look for mydomain.com
<Roxyhart08> MYDOMAIN
<Roxyhart08> doesn work
<Jeeves_> Do you actually own mydomain.com ?
<Roxyhart08> i can see it form the our dns server
<Jeeves_> That's not what I asked :)
<Roxyhart08> is ujst a name...the name is WHcollege, but is just internal
<Jeeves_> Roxyhart08: It does exist in the real world.
<Roxyhart08> no
<Jeeves_> It's always a bad idea to use real existing names internally.
<Roxyhart08> doesn exist
<Jeeves_>    Domain Name: MYDOMAIN.COM
<Jeeves_>    Registrar: MYDOMAIN, INC.
<Roxyhart08> the problem is i want to join windows client to the domain controler
<Roxyhart08> is not the name ...the name that im using is WHCollege
<Roxyhart08> it is not in the real world
<Jeeves_> 'called MYDOMAIN and the  domain name which is mydomain.com'
<Jeeves_> Anyhow, which resolving nameserver is the client using?
<Roxyhart08> it is using mydomain.com but when i do nslookup from the machines tell me mydomain.com doesnt find MYDOMAIN
<Jeeves_> Anyhow, which resolving nameserver is the client using?
<Roxyhart08> but if i do it form the ouw dns server it give me result
<Roxyhart08> is using mydomain.com
<Jeeves_> No, a nameserver cannot be 'mydomain.com'
<Roxyhart08> what do you mean
<Jeeves_> First of all, mydomain.com exists. Thus should not be use ny you unless you own it. Second of all, a resolving nameserver is an ip-addres, since it is the start of the DNS-chain.
<Roxyhart08> im just sayind this name, but i got one different but is too long to write, that is why is tell you mydomain as a "X" name
<Roxyhart08> it give the internal ip which is the ip for dns server 172.16.0.3
<Jeeves_> If you query that server from another client, does everything work?
<Roxyhart08> same error
<Roxyhart08> i would likt to have 2 domains ..but it just see one
<bcomp> hi, newbie here. i'm setting up apache on a server i just made, but i have no idea how to create a mysql server that can modify databases. can anyone help me?
<Jeeves_> And if you query that IP from the server itself, does it work?
<Roxyhart08> yes
<Roxyhart08> excactly
<Jeeves_> so 'dig @172.16.0.3 <thing that isn't working> A' works?
<Roxyhart08> i do not have this tool from windows clients
<Roxyhart08> i will try form a mac
<Jeeves_> I asked you if it works from the server, you say yes, and now you say you have to try a mac
<Jeeves_> omg, I'm going for a smoke
<Jeeves_> Are you even using Ubuntu?
<Roxyhart08> yes as server
<Roxyhart08> but clients are windows and mac
<Roxyhart08> the problem is with windows to join in the domain
<Jeeves_> Yes, and I asked you to run the query *from* the server
<Roxyhart08> (re join)
<Jeeves_> 'the problem is with windows'
<Roxyhart08> ok, i did form a mac and it works
<Jeeves_> That could be in the topic
<Jeeves_> But that's not what I asked
<Jeeves_> I give up
<bcomp> Roxyhart08: I'm on a mac now, if you need someone to test a site
<bcomp> jk
<Roxyhart08> Jeeves, yes it work from the server
<bcomp> could anyone help me with setting up a mysql server?
<Black_Prince> !mysql
<ubottu> LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<bcomp> thx
<Black_Prince> or this
<Black_Prince> https://help.ubuntu.com/10.04/serverguide/C/mysql.html
<bcomp> ok so i just set up a database for use with ampache, but i'm getting an error for ampache
<bcomp> "unable to make database ConnectionAccess denied for user 'ampache-user'@'localhost'"
<bcomp> ...
<Jeeves_> bcomp: Have you done some 'grant'-stuff?
<bcomp> yeah i granted all the access i needed too
<bcomp> or so i thought
<bcomp> i might just make a user with full priviledges to see it if works
<bcomp> ok what the hell
<Jeeves_> bcomp: Have you done a 'flush privileges' ?
<bcomp> would "CREATE DATABASE /media/ampache-musiclib;" be a valid command in mysql or not?
<Jeeves_> No
<bcomp> what's wrong with the syntax?
<Jeeves_>  /'s aren't allowed
<Jeeves_> CREATE DATABASE ampache;
<bcomp> are '-'s not cool either?
<Jeeves_> GRANT USAGE ON *.* to `ampache`@`localhost` identified by 'password' with grant option;
<Jeeves_> GRANT ALL ON ampache.* to `ampache`@`localhost` with grant option;
<Jeeves_> flush privileges;
<bcomp> what exactly does flush priviledges do?
<bcomp> out of interest
<Jeeves_> It is (unfortunatly) needed by mysql to reread it's permission table
<bcomp> ah
<bcomp> thanks
<huats> morning
<bcomp> still unable to make database connection
<Jeeves_> bcomp: The server and client do run on the same machine, right?
<bcomp> yes
<Jeeves_> And what error do you get?
<bcomp> "Error: Unable to make Database ConnectionAccess denied for user 'ampache'@'localhost' (using password: YES)" from the client program
<Jeeves_> and how did you call the database?
<bcomp> the program allows you to set it up through a web interface
<Roxyhart08> sombosy have exerience with samba? I mean what could happen if i change the workgroup name on smb.conf ?
<Black_Prince> Nothing
<Roxyhart08> cool!
<uvirtbot> New bug: #577041 in mysql-cluster-7.0 (universe) "package mysql-cluster-client-5.1 (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/mysql', which is also in package mysql-client-core-5.1 0:5.1.41-3ubuntu12" [High,Triaged] https://launchpad.net/bugs/577041
<xampart> i have 1TB raid1 with 2 1TB hdds. i replaced the other with 2TB hdd, and it's now syncing. after that i mean to replace the other 1TB hdd too. how do i grow the raid-device correctly?
<twb> AFAIK you can't grow arrays
<twb> You would normally assemble a new (possibly degraded array), pvcreate it, move the LVs onto it, then decommission the old array.
<xampart> twb: how about "mdadm --grow" option?
<twb> xampart: oh, cool
<twb> That would've saved me some hassle last month
<xampart> so no experiences anyone?
<twb> In that case I imagine you replace sdb (1TB) with sdb (2TB), resync, swap sda (1TB) for sda (2TB), then mdadm /dev/md0 --grow max
<xampart> my thoughts exactly. would be nice though, to have some information before messing my system up
<bcomp> so i'm trying to set up an irc server for the hell of it, but i'm getting lost and can't find any documentation
<twb> apt-get install ircd?
<bcomp> i'm using ircd-ircu off aptitude
<twb> There should be documentation in manpages and/or /usr/share/doc/<package name>/, and possibly in comments at the top of /etc/<package name>.conf
<bcomp> ah
<bcomp> would straight-up ircd be a better choice?
<bcomp> i'm getting tired of having to type ircd-ircu, instead of just ircd
<bcomp> what's an easy way to uninstall programs?
<bcomp> ...
<xampart> aptitude remove <package>
<bcomp> thanks
<sommer> morning
<bcomp> hello
<xampart> evening
<hggdh> Daviey: good morning/afternoon, I hope you did get some sleep
<Daviey> hggdh, heh
<Daviey> how are you doing?
<smoser> so is all this my fault ?
<hggdh> Life is good. Euca is not
<smoser> cause i slept good last night :)
<hggdh> :-)
<smoser> i really am sorry.
<Daviey> smoser, yeah - UEC was running perfectly before you touched it :P
<Daviey> now it's busted beyond repair :)
<hggdh> smoser: life sucks, then you die ;-)
<hggdh> Daviey: I am cancelling the 60-sec interval run
<hggdh> right now, 42% success
<smoser> Daviey, did you open a grub bug ?
<smoser> i'd like to look / comment at it
<hggdh> smoser: yes, there is one open
<Daviey> smoser, yes
 * hggdh goes digging it
<smoser> bug 612731
<uvirtbot> Launchpad bug 612731 in cloud-init "uec images and update-grub will have issues with virtio root" [Undecided,New] https://launchpad.net/bugs/612731
<Daviey> erm
<smoser> google rocks. i typed "grub bug uec"
<smoser> oops
<smoser> wrong one
<Daviey> bug 613463
<hggdh> heh
<uvirtbot> Launchpad bug 613463 in eucalyptus "[10.10 - Alpha 3 (candidate)] Prompts misleading grub dialogs during UEC Node installation." [High,Confirmed] https://launchpad.net/bugs/613463
<hggdh> now
<bcomp> anyone here use zoneedit?
<bcomp> for dns
<bcomp> or does anyone know anything about dns
<bcomp> in general
<hggdh> Daviey: I am uploading the logs to lp:~hggdh2/uec-qa
<hggdh> it seems most of the instance starts after a while failed on IP allocation
<Daviey> hggdh, OK.. that sounds good.. I suspect that can be fixed reasonably trivially by upstream..
<hggdh> bcomp: your best bet is to ask your question, and wait for someone to chime in
<hggdh> Daviey: right-o. As long as thy are interested in it
<bcomp> thing is i don't really know where to start with the whole thing
<bcomp> i made a dns zone and linked it to a domain name, but i have no idea how to get my webserver connected to it
<thesheff17> bcomp: you need dns on the domain to point to a web server www.google.com -> ip.
<thesheff17> bcomp: usually you do this on your isp...godaddy etc.
<bcomp> how do i make it do that?
<bcomp> ohhh jk i totally didn't notice one of the settings
<hggdh> Daviey: bug 613832 opened
<uvirtbot> Launchpad bug 613832 in eucalyptus "Cannot mark address as allocating[unallocated.false->allocated.true] when it is assigned.true:" [Undecided,New] https://launchpad.net/bugs/613832
<Daviey> hggdh, Good bug!  Can you add it to the call agenda please?
<hggdh> Daviey: will do. Mind reminding me where the agenda is?
<hggdh> Daviey: Evo bit the dust again here :-(
<Daviey> hggdh, Sorry.. frantically looking for something else
<hggdh> Daviey: NP, got Evo back. For now ;-)
<Daviey> :)
<hggdh> Daviey: I added the 3 high/critical we have for v2.0, plust a tinyurl for euca bug ordered newest-first
<Daviey> hggdh, you rock
<hggdh> I hope this will give us what we need
<ssureshot> anyone ever have issues with samba not cleaning up the print queue in /var/lib/samba/printing ? The windows queue never lets go of the print job
<smoser> i
<smoser> i'm out for an hour or so. will be back later.
<ttx> hggdh, Daviey up for a coordination Mumble, before the call ?
<Daviey> ttx, yes
<SpamapS> Daviey: will you guys be discussing the monitoring stuff?
<Daviey> SpamapS, Hmm - Dimitri is on leave this week.. he is the best person to be disucssiong it with
<Daviey> SpamapS, If i arrange a call for Monday - would you like to join?
<SpamapS> Daviey: I think not actually, I just want to make sure its being pushed. Seems rather late to be adding a feature, even if it is just a tab that displays an html file of our choosing.
<jdstrand> kirkland: hi!
<kirkland> jdstrand: hi!
<kirkland> jdstrand: you going to BB Rovers today?
<jdstrand> kirkland: two questions for you: a) if I have logged in with my encrypted HOME (ie, $HOME is mounted), how can I see what encrypted filename a particular path is using (eg /home/jamie/tmp maps to /home/.ecryptfs/jamie/.Private/? and b) can I specify to *not* do filename encyption via adduser/pam configuration?
<jdstrand> kirkland: re BB Rovers> I'm going to try, but may not be able to
<kirkland> jdstrand: okay, i won't be there;  i'm in montreal right now
<kirkland> jdstrand: here's what i do ....
<kirkland> jdstrand: chmod 123 path/to/unencrypted/foo
<jdstrand> heh
<jdstrand> sneaky
<kirkland> jdstrand: find $HOME/.Private -perm 123
<kirkland> jdstrand: yeah :-)
<kirkland> jdstrand: turns out perms 123 are pretty rare :-)
<jdstrand> yeah :)
<kirkland> jdstrand: as for turning off filename encryption, you can do that by deleting the 2nd line from $HOME/.ecryptfs/Private.sig
<kirkland> jdstrand: (back up that file, first)
<kirkland> jdstrand: i'm not sure how encrypted, and non-encrypted filenames in the same structure behaves right now
<Dark-Sun> hello people
<jdstrand> kirkland: tyhicks mentioned that it should just start using unencrypted from that point forward, but it would be mixed
<Dark-Sun> i tried to run an instance of ubuntu 10.4
<jdstrand> kirkland: iirc
<Dark-Sun> got this error
<Dark-Sun> FinishedVerify: Not enough resources (VmTypeAvailability{type=VmType{name='m1.small', cpu=1, disk=2, mem=192}, max=0, available=0} < 1: vm instances.
<jdstrand> kirkland: but that is untested by me
<GeekSquid> So, I borked my desktop by trying to install UEC, currently chrooted to it from live disk, ... How to fix, ... the error I get when I try to boot is 'eucalyptus-network (lo) main (755) killed by TERM signal' ... any quick fixes or workarounds to stop whatever is loading from freezing the system during boot, or should I go with an apt removal????
<jdstrand> kirkland: I know that rtg hopes to look into the filename length issue with tyhicks, but it might be worthwhile to make turning it off configurable via pam or something... my two cents
<kirkland> jdstrand: yeah, i'm very excited about rtg helping fix this
<jdstrand> kirkland: anyhoo, thanks for the tips and have a good time in montreal :)
<kirkland> jdstrand: you bet
<Dark-Sun> any idea about uec's deploying vm error: FinishedVerify: Not enough resources (VmTypeAvailability{type=VmType{name='m1.small', cpu=1, disk=2, mem=192}, max=0, available=0} < 1: vm instances.
<Dark-Sun> ttx: i just following ur yesterday link, in deploying an instance of "ubuntu 10.4" got this error: FinishedVerify: Not enough resources (VmTypeAvailability{type=VmType{name='m1.small', cpu=1, disk=2, mem=192}, max=0, available=0} < 1: vm instances.
<Dark-Sun> ttx: oppss! forgot to say hello!
<ttx> Dark-Sun: looks like you don't have enough resources on your Node controller to run the type of instance you're asking for
<ttx> like, no node controller at all
<GeekSquid> Sorry, somehow I lost connectivity, repeat if anybody responded
<Dark-Sun> ttx: yes, it's probably true, cause it's on a virtual box.
<ttx> Dark-Sun: riught -- it doesn't really work on virtualized hardware.
<thesheff17> Dark-Sun: on UEC you could edit a file on the node to adjust how many virtual machines it would run.
<Dark-Sun> ttx: how can i find out if NC is detected by CLC or not
<ttx> gtg, sorry
<Dark-Sun> thesheff17: nice, but it's my first VM!
<thesheff17> Dark-Sun: sorry don't know much about virtual box...can you confirm the node is connected.
<thesheff17> or is it just running on localhost?
<Dark-Sun> thesheff17: that's right! everything is on my localhost.
<Dark-Sun> thesheff17: is pinging enough?
<thesheff17> I'm assuming you are running virtual box on what hypervisor?
<thesheff17> on kvm
<Dark-Sun> thesheff17: sorry but i got a linux mint here, with CLC,CC,Walrus installed on a VirtualBox and a NC on another VirutalBox machine.
<Dark-Sun> thesheff17: it's KVM by default i guess
 * Dark-Sun hates cloud(s)! 
<thesheff17> Dark-Sun what does kvm-ok say?
<Dark-Sun> oh w8 a minute, i didn't installed anything about kvm on my client!
<Dark-Sun> what was that package name?
<Dark-Sun> sorry
<Dark-Sun> yeah! it was qemu-kvm
<thesheff17> apt-get install kvm libvirt-bin python-virtinst virt-manager virt-viewer kvm libvirt-bin ubuntu-vm-builder qemu bridge-utils
<Dark-Sun> thesheff17: thanks bro, it's on installing now ;)
<thesheff17> Dark-Sun: you should also bridge eth0 to br0
<Dark-Sun> thesheff17: yep, i guess it's done automatically on the NC
<thesheff17> Dark-Sun ah ok
<Dark-Sun> cause i got a br0 with a different ip address range there ;)
<Dark-Sun> thesheff17: problem persists! shall i do a restart?
<Dark-Sun> :(
<thesheff17> try to create a virtual machine with virt-manager
<Dark-Sun> thesheff17: no idea how 2 do it
<Dark-Sun> :(
<thesheff17> Dark-Sun bring up a terminal and just type virt-manager
<thesheff17> Dark-Sun it is a front end GUI for kvm.
<Dark-Sun> thesheff17: yep, it's right here
<Dark-Sun> thesheff17: humm... now i'm connected.
<Dark-Sun> how to install the operating system?
<thesheff17> Dark-Sun: once connect you can create machines based on iso or cd-rom
<thesheff17> Dark-Sun the first icon is to create a virtual machine.
<Dark-Sun> thesheff17: yep, but how should i install images which i've installed on the cloud?
<thesheff17> Dark-Sun: oh virt-manager doesn't support that
<thesheff17> Dark-Sun: Does virtual box even?
<Dark-Sun> thesheff17: no man! my cloud is deployed on VirtualBox
<thesheff17> Dark-Sun: oh ok
<Dark-Sun> thesheff17: alright, thanks 4 help anyway
<thesheff17> Dark-Sun: try kvm-ok if that output is good then your virtual box isn't connected correctly to localhost
<Dark-Sun> thesheff17: here's output: INFO: Your CPU supports KVM extensions INFO: /dev/kvm exists KVM acceleration can be used
<thesheff17> Dark-Sun: yea then you are good...I would look at virtual-box config.  Also try to create a new vm with virtual box.  Maybe that is what you are trying to do when you get that error, but I have seen that error on UEC.
<Dark-Sun> deamn! it's a crazy uec!
<Dark-Sun> sending SIGTERM... bye every1
<zul> SpamapS: alot of the test suite has been fixed in 5.3.3 i think
<SpamapS> zul: rhe-he-heeeaallly
<therobot> Hi, I am having problems setting hostname (ubuntu 10.04), see this gist: https://gist.github.com/984bc6c15ea9abf84ba4
<therobot> I can't make hostname -f return the fqdn of the machine
<wieshka> hi - i have question about networking on my ubuntu for my virtual servers, runned on kvm - i am going to set up bind name server on my base system, what gives each virtual host a name, so in that way i am going to handle what connection goes where - un front of my server i have router with NAT.
<wieshka> will this idea/workaround work for me
<wieshka> or i have to make tap netwrking on bridges
<wieshka> ?
<Dark-Sun> hi people
<Dark-Sun> i'm going insane! i run eucarc script, but euca-describe-availibility-zone returns: EC2_ACCESS_KEY environment variable must be set. Connection failed
<Dark-Sun> any guru 2 help?
<hggdh> oh hasty people
<uvirtbot> New bug: #613940 in euca2ools (main) "euca-terminate-instances returns success on bogus input" [Undecided,New] https://launchpad.net/bugs/613940
<SpamapS> would somebody who has a running eucalyptus please be so kind as to post their /var/run/eucalyptus/nc-stats file somewhere?
<SpamapS> mathiaz: is rrdtool failing to build because libdbi isn't in main yet?
<hggdh> SpamapS: http://pastebin.ubuntu.com/473637/
<SpamapS> hggdh: :) thank you
<thesheff17> !ruby
<thesheff17> any reason ruby hangs on 10.04?
<SpamapS> thesheff17: its not hanging, thats its normal processing time
<thesheff17> nm it is fine
<SpamapS> thesheff17: ruby devs get lots of cups of coffee. ;)
<thesheff17> SpamapS: the book just had # and I was used to python showing something :)
<thesheff17> SpamapS: thx
<Tohuw> I have an Ubuntu server and two machines, one Windows and one Ubuntu Desktop. How do I setup the server so that it can ping these machines by their hostnames?
<Tohuw> It's probably worth mentioning that the server is functioning as a DNS server right now, so it has all those packages
<cloakable> Tohuw: DNS with what server?
<cloakable> Tohuw: It's fairly simple with DNSmasq
<papertigers> Tohuw: you need to setup dns files
<papertigers> Tohuw: are you using bind9
<papertigers> thesheff17: ruby? are you setting up puppet
<thesheff17> papertigers: yea I'm slowely going through the book
<papertigers> I really want to learn UEC and puppet
<MTecknology> You guys have any idea what could be going on here? http://dpaste.com/225392/ I'm working, working working, NOT working. The ethernet seems to just randomly die. I don't know where to look other than dmesg.
<thesheff17> MTecknology: did you mess with the /etc/hosts file at all?
<MTecknology> thesheff17: some- I added   10.41.0.5 dev.site.com
<thesheff17> MTecknology: you have all the ip6 stuff in there?
<MTecknology> thesheff17: ya
<thesheff17> hmm..weird
<MTecknology> I'm not outside of considering bad hardware
<thesheff17> MTecknology: yea if you can't think of anything crazy setup with the nic it may be.
<thesheff17> MTecknology: does it have another port on the server?  I would try that one and see if you get the same results.
<MTecknology> thesheff17: this is just a desktop
<MTecknology> thesheff17: I wish I had another nic.. I might just pick one up
<papertigers> MTecknology: they are cheap
<MTecknology> papertigers: if you have any amount of money they are
<papertigers> MTecknology: I wish I had any amount of money
<MTecknology> papertigers: me too
<SpamapS> I remember back in the day when I had a box of old NIC's
<mathiaz> SpamapS: right
<mathiaz> SpamapS: at least libdbi is now pulled into main
<mathiaz> SpamapS: http://people.canonical.com/~ubuntu-archive/component-mismatches.txt
<mathiaz> SpamapS: ^^ it shows up in the list
<mathiaz> SpamapS: once the MIR approved an archive admin can process it
<SpamapS> mathiaz: such a tiny little library. ;)
<mathiaz> SpamapS: once libdbi is in main then rrdtool needs to be rebuilt
<SpamapS> mathiaz: we're soooo close. ;)
<SpamapS> mathiaz: so I've given up on getting collectd into main. I refactored eucalyptus's ganglia script to work for ganglia or munin..
<mathiaz> SpamapS: we've got until october to fix it :)
<mathiaz> SpamapS: ok
<SpamapS> mathiaz: I really hope we can spend the next two months being fire inspectors and not fire fighters. :-D
<mathiaz> SpamapS: next UDS we can discuss it again
<SpamapS> mathiaz: I think collectd is the right way to go. I'm just not crazy about dumping it in so close to the FF when everybody is way over taxed and munin gets the job done for now.
 * mathiaz nods
<SpamapS> If somebody needs to build a UEC w/ > 100 nodes.. I'll stay up all night helping them get collectd working for it. :-D
 * mathiaz reminds SpamapS that this channel is archived and logs are available publicly *forever*
<hggdh> smoser: I remember you had a similar problem, have you seen bug  613969?
<uvirtbot> Launchpad bug 613969 in libvirt "Uninformative libvirt error message when a virtual disk source is unavailable" [Undecided,New] https://launchpad.net/bugs/613969
<SpamapS> mathiaz: every party needs a pooper thats what we invited you for
<smoser> i have no problems.
<mathiaz> SpamapS: lol
<hggdh> oh boy, TMI...
<smoser> you must be thinking of someone else
<smoser> :)
<hggdh> smoser: probably... I am getting confused nowadays... ;-)
<smoser> i'm looking, though, just a minute
<SpamapS> so I actually did my changes to the 'extras/ganglia.sh' script in eucalyptus.. so its effectively 'ganglia_or_munin.sh' now .. I wonder, will eucalyptus accept this as a patch, or will we have to continue maintaining it forever?
<smoser> hggdh, that bug is just bad error messages
<hggdh> SpamapS: we can hope they will
<smoser> i dont know that i've seen this explicilty, most of the time my libvirt issues are around app armour
<hggdh> smoser: ah, OK.
<smoser> hggdh, i triaged that to 'triaged' and 'wishlist'
<mathiaz> SpamapS: it seems that there are still some local changes in the bzr branches that are not in the upstream release tarball: http://paste.ubuntu.com/473672/
<mathiaz> SpamapS: ^^ - re ceph packaging
<android60> is it better to have the ubuntu on a different drive than data drives? or does it matter?
<SpamapS> mathiaz: now why doesn't mine detect those?
<SpamapS> hm
<SpamapS> >:
<mathiaz> SpamapS: how do you detect them?
 * SpamapS branches anew
<mathiaz> SpamapS: lsdiff won't work
<mathiaz> SpamapS: yeah - you probably wanna do that
<mathiaz> SpamapS: start from scratch
<mathiaz> SpamapS: 1. import official 0.21 release tarball
<mathiaz> 2. copy over patches and debian/
<SpamapS> mathiaz: well first I want to figure out why yours sees changes, and mine does not
<mathiaz> SpamapS: are you using a maverick system/chroot to build the source package?
<mathiaz> SpamapS: the message I've pasted is part of the source build log
<SpamapS> mathiaz: a maverick pbuilder yes
<SpamapS> sbuild is still too scary for me. ;)
<mathiaz> SpamapS: :) - I'm also using bzr bd
<mathiaz> SpamapS: http://paste.ubuntu.com/473677/
<mathiaz> SpamapS: ^^ this is the full build log from the bzr branch to the source pacakge
<SpamapS> mathiaz: http://paste.ubuntu.com/473678/
<SpamapS> mathiaz: just checking the source build.. I get no differences
<SpamapS> mathiaz: md5sum your orig tarball
<smoser> mathiaz, ping
<SpamapS> clint@ubuntu:~/pkg/ceph/bzr/ceph-new-pkg-2$ md5sum ../ceph_0.21.orig.tar.gz
<smoser> for a native package:
<mathiaz> SpamapS: 3799fa5c51f092de2878fbcccc2bd71a
<SpamapS> 9ecbaf9975aa4d2afcaa2f14e8d21e73  ../ceph_0.21.orig.tar.gz
<SpamapS> AHA
<mathiaz> smoser: o/
<smoser> 0.14-0ubuntu1 or 0.14ubuntu1
<smoser> i believe the second
<SpamapS> mathiaz: http://ceph.newdream.net/download/ceph-0.21.tar.gz
<mathiaz> SpamapS: yes - that's the one I've downloaded
<SpamapS> mathiaz: and yet, our md5sums are different?
<mathiaz> SpamapS: http://ceph.newdream.net/download/ceph-0.21.tar.gz
<SpamapS> I jsut re-wgot it   9ecbaf9975aa4d2afcaa2f14e8d21e73  ceph-0.21.tar.gz
<SpamapS> 9ecbaf9975aa4d2afcaa2f14e8d21e73  ceph-0.21.tar.gz.1
<mathiaz> SpamapS: hm - let me retry
<SpamapS> mathiaz: remember, I was a little concerned about the carelessness in licensing? I think Sage may be a little bit loose w/ names and versions... so maybe there are two ceph-0.21.tar.gz files running around
<mathiaz> SpamapS: ok - I fixed my problem
<mathiaz> SpamapS: it was using the .orig file from the build-area/
<SpamapS> mathiaz: that one bit me earlier too
<mathiaz> SpamapS: and the .orig. that was in the parent directory got overwritten
<mathiaz> SpamapS: yeah - it's not the first time
<SpamapS> mathiaz: I went through and cleared out all ceph*.tar.gz's and started over. :-P
<mathiaz> SpamapS: we should probably file a bug against bzr-builddeb against that
<mathiaz> SpamapS: :)
<SpamapS> mathiaz: I don't know if they can do anything short of md5sum'ing every time
<mathiaz> SpamapS: well - I would start by putting files in *one* place only
<mathiaz> SpamapS: I don't see the reason for keeping files in both .. and ../build-area/
<SpamapS> true, just symlink it
<SpamapS> is there a way, in a .install file, to create a symlink?
<smoser> mathiaz, did you see my question above? which is correct for native packaging version. 0.14-0ubuntu1 or 0.14ubuntu1
<mathiaz> SpamapS: you wanna use pkg-name.links
<SpamapS> mathiaz: ahh perfect. :)
<mathiaz> smoser: 0.14ubuntu1
<smoser> thanks.
<mathiaz> smoser: sorry for not answering right away
<smoser> no problem . just htought you missed it.
<smoser> do you know if there is something i can do that would make 'dch -i' do that ?
<mathiaz> smoser: native packages are packages that don't have a revision - just an upstream version
<smoser> i'm hoping something i could check in that would stick with that branch checkout
<mathiaz> smoser: I don't know
<mathiaz> smoser: native packages are quite unusual
<mathiaz> smoser: what's the name of the package?
<smoser> cloud-utils
<smoser> the problem is that someone does a checkout, then 'dch -i' and they get the wrong numbering.
<mathiaz> smoser: is there a reason why you wanna use a native package?
<smoser> there are lots of reasons to use native packages :)
<smoser> there is no point in releasing a tarball is the primary reason
<mathiaz> smoser: fair enough
<smoser> hm... 'man dch' indicates that it should do the right thing. "or, if this is a native Debian package, the version number."
<smoser> but it doesn't
<smoser> hm.. or maybe it does.
<smoser> anywya, htanks for the clarification, mathiaz
<mathiaz> SpamapS: what's the state of https://code.launchpad.net/~clint-fewbar/ubuntu/maverick/cloud-init/glusterfs-mount-example/+merge/29490?
<smoser> dustin merged that into upstream cloud-init.
<kirkland> smoser: hope you don't mind ...
<smoser> i missed it in my latest upload of cloud-init
<kirkland> smoser: was trying to clean out some email backlog;  looked harmless
<smoser> i would have picked it up if it were a native package :)
<kirkland> smoser: go native, dood
<smoser> yeah, its harmless. just doc, which is fine.
<SpamapS> Right so it should be status = merged
<kirkland> colonel kurtz style
<smoser> done.
<smoser> merged
<smoser> so, i have work to do in the next couple days in cloud-init, so i'll get that into the ubuntu package too.
<smoser> SpamapS, just an fyi, the example you give wont work for lucid
<therobot> sorry to ask again, what is the proper way to set a fqdn on ubunt 10.04 ? thanks
<SpamapS> smoser: right, because of the issue w/ mount?
<smoser> as for why, see last comment: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/613309
<uvirtbot> Launchpad bug 613309 in cloud-init "upstart scripts do not wait for 'cloud-config' status" [Undecided,New]
<smoser> what is the mount issue ?
<SpamapS> smoser: its the one you fixed, isn't it?
<smoser> hm... i forget.
<smoser> what i fixed
<SpamapS> yeah it was a while ago
<smoser> but in lucid, the runcmd isn't guaranteed to run after packages are installed
<smoser> :-(
<SpamapS> mounts were only being respected for device names
<jbernard> kirkland: byobu: Cannot make directory '/var/run/screen': Permission denied
<smoser> but on maverick they it will.
<jbernard> kirkland: i just started to see this
<SpamapS> smoser: well thats just annoying. ;)
<kirkland> jbernard: lucid?  or maverick?
<smoser> yeah, stupid parrallelism
<SpamapS> Why isn't the whole cloud-config run in one serial process?
<jbernard> kirkland: lucid, ppa, 3.1-0ubuntu1~ppa4
<smoser> because, didn't you know ? parallel is better!
<smoser> :)
<smoser> in maverick, it does run serial. and the user can even modify the order if my chosen order is not sufficient for them.
<kirkland> jbernard: dpkg -l screen
<jbernard> kirkland: 4.0.3-14ubuntu1
<jbernard> kirkland: /var/run is on tmpfs
<jbernard> kirkland: i remember seeing this before, but haven't in a while,  are others seeing this?
<smoser> you're seeing bug https://bugs.launchpad.net/ubuntu/+source/screen/+bug/574773
<uvirtbot> Launchpad bug 574773 in screen "Cannot make directory '/var/run/screen': Permission denied (convert init to upstart)" [Medium,Fix committed]
<jbernard> ah ha
<smoser> there is a fix.
<smoser> but its not in -proposed or -updates... kirkland what is your feeling on that ? loic kind of nixed it
<smoser> or suggested that it should be nixed.
<smoser> i think it is very low risk SRU
<uvirtbot> New bug: #613999 in openvpn (main) "openvpn is started after samba (smbd, nmbd)" [Undecided,New] https://launchpad.net/bugs/613999
<kirkland> jbernard: i think that's https://bugs.edge.launchpad.net/ubuntu/+source/screen/+bug/574773
<uvirtbot> Launchpad bug 574773 in screen "Cannot make directory '/var/run/screen': Permission denied (convert init to upstart)" [Medium,Fix committed]
<smoser> is there an echo in here, kirkland ? :)
<kirkland> smoser: i just pasted a response to loic ...  we could add a mount/grep/sleep loop, that waits until /var/run is mounted
<smoser> yeah, cause that would be cleaner
<kirkland> smoser: you found it faster than me ;-)
<smoser> :)
<kirkland> smoser: yeah;  i like the upstart job
<kirkland> jbernard: can you test the fix in -proposed?
<kirkland> jbernard: and note in the bug if that fixes your problem?
<smoser> the awesome bar is awesome. folks that have jumped to other browsers don't get it. i just type 'bug screen' and then tab.
<jbernard> sure, it's a race against /var/run being mounted, now?
<jbernard> s/now/no
<smoser> not mounted
<smoser> cleaned
<smoser> so, kirkland, your fix wont work.
<smoser> the 'wait til mounted'
<SpamapS> kirkland: I'm wrapping up the finishing touches on making eucalyptus munin-friendly .. collectd seems to be a long shot at this point. I'll propose a merge as soon as I've tested it out, but if nothing else, it graphs NC/SC/Walrus stats using the ganglia plugin eucalyptus puts out (patched for munin) ...
<smoser> the problem is that screen's sysvinit job sets up /var/run and then some other upstart job comes through and cleans out /var/run
<SpamapS> smoser: ew!
<smoser> but, kirkland, the patch you have in comment 13 is wrong
<smoser> it will never run
<SpamapS> Seems like there need to be some fences between classes of upstart jobs
<smoser> there is no job 'filesystems'
<smoser> or... no event.
<smoser> you would want 'filesystem'
<kirkland> smoser: yeah, that was fixed in maverick
<smoser> oh. ok.
<kirkland> smoser: let me see what landed in -proposed;  i think i fixed it before it uploaded
<SpamapS> mathiaz: I'm about to head ot lunch. Whats the status on ceph?
<kirkland> smoser: hmm, hasn't been accepted to proposed yet
<smoser> now that i'm thinking about it.. i have to read this again
<ScottK> zul: Is it you or SpamapS that's going to prepare the php-imap update for 5.3.3?
 * SpamapS spots the bus coming, and prepares to judo-throw zul
<smoser> i'm wrong about cleaning
<smoser> i think
<ScottK> SpamapS or zul: uw-imap is FTBFS on armel due to build system regressions, so please version the build-dep so it doens't risk getting misbuilt.
<smoser> so, there is no cleaning of /var/run, its a tmpfs mount point. and the problem is that screen's job was running befre that is mounted (sometimes). so its work gets mounted over.
<smoser> i'm not really sure what does the mount
<jbernard> smoser: that's what i was thinking also
<jbernard> smoser: what about adding 'local_fs' to Required_Start for /etc/init.d/screen-cleanup ?
<SJr> Hmmmm I'm trynig to get autofs to work with 10.04, but it doesn't seem to work anymore. I'm following this guide: http://www.tjansson.dk/?p=84, but I only seem to get this error in the logs: automount[6907]: syntax error in nsswitch config near [ syntax error ]
<smoser> jbernard, i dont think it would fix it.  in ubuntu, i could be wrong, but i dont think those lsb headers do anything.
<smoser> i retract my statement to kirkland though i think the "while ! grep -q /var/run /proc/mounts && sleep 1; :; done" style wait would work fine
<SpamapS> smoser: wouldn't start on filesystem handle that as well?
<RoyK> anyone here that knows about btrfs progress?
<RoyK> it'd be nice to have something like zfs lite :Ã¾
<smoser> SpamapS, yes, it would.
<smoser> the suggestion of the sleep and grep is to not do an upstart job, but remain sysvinit
<smoser> as loic suggested he didn't like the conversion to upstart in an SRU
<FunnyLookinHat> I'm having some issues with the copy of libfaac in the repos ( 10.04 ) - is there a way that i can tell what version is in the repos ?
<jbernard> smoser: is that fix currently in -proposed?
<smoser> i see no indication of that.
<Black_Prince> !info libfaac
<ubottu> Package libfaac does not exist in lucid
<smoser> but kirkland said it was.
<FunnyLookinHat> !info libfaac0
<FunnyLookinHat> ???
<Black_Prince> !info libfaac0
<ubottu> libfaac0 (source: faac): an AAC audio encoder - library files. In component multiverse, is optional. Version 1.26-0.1ubuntu2 (lucid), package size 59 kB, installed size 152 kB
<FunnyLookinHat> Ah ok
<papertigers> I need to try this ubuntu font
<bahamas10> papertigers: its closed-source and proprietary
<papertigers> bahamas10: I wish, i hope i have to go to windows update to get it
<bahamas10> papertigers: it should prompt you with the update after you reboot twice.. don't forget your serial key
<kirkland> jbernard: smoser: its not been accepted into proposed yet
<kirkland> smoser: yeah, that would be the easiest and most appropriate fix for lucid, probably
<kirkland> smoser: while/grep/sleep
<kirkland> smoser: i'll ditty up another package and upload to proposed, see if lool likes it any better :-)
<smoser> i think you should push on the upstart job being the correct thing.
<smoser> and even ask mr Keybuk to read it.
<smoser> that is the right solution
<smoser> as the sleep grep ... would fail if for some reason /var/run is not on its own filesystem
<smoser> (it will be in all of lucid unless modified by the user, but still)
<smoser> i see now, /lib/init/fstab is what tells mountall to mount /var/run as a tmpfs
<wieshka> how can i install ACPI on ubuntu ?
<kirkland> smoser: i have asked keybuk REPEATEDLY to review that script
<lavish> hi all. I've put a script into /etc/cron.hourly/ but it doesn't seem to be executed. Cron is running according to `service cron status'. Am I missing something?
<guntbert> lavish: did you make it executable?
<lavish> sure
<lavish> root@studenti:/backup# ls -l /etc/cron.hourly/
<lavish> total 4
<lavish> -rwxr-xr-x 1 root root 243 2010-08-05 20:53 backup.sh
<mathiaz> SpamapS: looks good now - I've uploaded the ceph package to maverick
<mathiaz> SpamapS: it should be sitting in the NEW queue to be reviewed by an archive admin
<MTecknology> thesheff17: http://profarius.com/content/secure-websites
<MTecknology> thesheff17: not the 'best' article but I hope it's ok
<guntbert> lavish: does your script start with a line #!/bin/sh ?
<smoser> MTecknology, nice article.
<smoser> the time when I did something like this, I was playing with unionfs and jailing a root user (for testing, not entirely safe).
<smoser> i'd chroot the user into a directory that had a unionfs mounted over the top of /.
<smoser> so they could 'rm -Rf /' and see what would happen.
<smoser> or 'rpm -e --force glibc'
<MTecknology> sounds like fun
<MTecknology> sounds like what i originally wanted but I think I'd prefer what I have now
<lavish> guntbert: http://paste.pocoo.org/show/246526/ executed directly it works fine
<MTecknology> smoser: why jail root? what does that offer?
<MTecknology> smoser: btw - thanks
<guntbert> lavish: use full paths for all executables you are calling (i.e /bin/bzip2)
<lavish> guntbert: oky, let's wait ~1h ;)
<MTecknology> So.. If I want to specify a few cron tasks in a file, I can just put that file in /etc/cron.d/foo and it'll work like magic?
<MTecknology> I love simple
<guntbert> MTecknology: look at the files in /etc/cron.d    -- they are crontabs
<MTecknology> guntbert: simple is awesome :D
<guntbert> MTecknology: :)
<papertigers> who needs cron when you have the sleep command
<lavish> guntbert: isn't anyway any log messages about failed cron scripts?
<lavish> MTecknology: interesting post. I use hardened gentoo + grsecurity with an active RBAC policy on critical production servers
<lavish> rbac is much simpler than selinux, really
<guntbert> lavish: I'm not sure to be honest, if I remember correctly you can turn mails/logs on or off
<MTecknology> lavish: I never looked at grsecurity much.
<lavish> and it's simpler because the generated policy fits exactly your system, it's not developed by another company (like tresys ;)
<lavish> MTecknology: give it a look
<lavish> you'll love it :D
<MTecknology> nice
<MTecknology> how much do you have to modify the default system to use it?
<lavish> and most of the featuers of grsecurity come gratis. Only rbac needs some time to understand
<lavish> MTecknology: nothing, it's not label based like selinux
<MTecknology> lavish: spiffy
<MTecknology> maybe that'll be my next posting
<lavish> MTecknology: if you need some help understanding rbac, feel free to hit me. I like mandatory control access systems a lot ;)
<MTecknology> lavish: ok, thanks :)
<lavish> (Oh, and apparmor will be merged into vanilla on 2.6.36. Canonical is just crazy. :P )
<lavish> apparmor was left alone by novell. Then suse and ubuntu started switching from apparmor to selinux... and now what? Canonical developed apparmor in order to be included into vanilla... I don't really understand :P
<jdstrand> lavish: ubuntu never switched to selinux
<lavish> jdstrand: but it started to
<jdstrand> lavish: we have selinux available for people to use
<jdstrand> lavish: you are mistaken
<zul> ScottK: yes i know
<jdstrand> lavish: we made selinux available to use, and continued to develop apparmor
<jjohansen> lavish: actual its some what the same with suse, both are available to use
<jdstrand> like any technology, we reviewed the various MACs and found AppArmor to best fit with Ubuntu
<jdstrand> and stuck with it
<lavish> jdstrand: exactly, but for me starting to support selinux with apparmor abandoned by novell ment ubunt was starting to switch to selinux
<lavish> I agree that apparmor fits ubuntu
<jdstrand> lavish: I'm not sure how to respond to that. Ubuntu and Suse are different, and we make different decisions. at the time in question, we decided to stay with AppArmor
<jdstrand> anyhoo, yea that apparmor is going upstream!
 * jdstrand continues to keep fingers and toes crossed
<jcastro> \o/
<lavish> :D
<ScottK> zul: OK.  Just making sure.
<ScottK> http://www.depesz.com/index.php/2010/08/05/how-to-make-sure-you-will-not-get-any-help-on-irc/
<lavish> ScottK: shit happens
<ScottK> I've run into people like that myself.
<lavish> ScottK: I'm one of "like that" ppl, so stop bothering. Kthxbye.
<lavish> j/k :P :P :P
<patdk-lap> ubuntu doesn't boot for me :)
<Tohuw> I don't have an "admin" group on my new ubuntu server install. I created one and added my user to it (echo "admin:x:119:ron" >> /etc/group) and then added "User_Alias ADMINS = %admin" using visudo, but I still cannot sudo as user ron. Why?
<patdk-lap> dunno what visudo is
<patdk-lap> but how about editing /etc/sudoers
<patdk-lap> and putting in like: %admin ALL=(ALL) ALL
<Tohuw> patdk-lap: "# This file MUST be edited with the 'visudo' command as root."
<Tohuw> (from /etc/sudoers)
<patdk-lap> heh, I never edit it with visudo :)
<patdk-lap> never knew visudo existed
<Tohuw> patdk-lap: hm. well, do I even need the user_alias line then?
<Tohuw> or just the line you suggested
<patdk-lap> I only have the line I said in mine
<Tohuw> ah, and it works. Thank you sir
<hggdh> visudo tries to make sudo survive a bad change -- like syntax error
 * patdk-lap should figure out why his ubuntu test server won't boot anymore
<patdk-lap> hangs doing some plymouth stuff
<patdk-lap> all I did was add some ipv6 stuff into network/interfaces
<wieshka> hey, is there somebody, who is using apache + mod_proxy ?
<Tohuw> !anyone | wieshka
<ubottu> wieshka: A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<wieshka> Tohuw: :)
<wieshka> the problem is that i have only one IP address from my ISP, and i am ruuning severeal virtual machines on server, using the public bridge
<wieshka> so i have to route 80 port traffic for each vh
<patdk-lap> all that, and we still don't know the question
<kirkland> jdstrand: howdy!  do you know how to disable the virtio-balloon driver in libvirt?
<jdstrand> kirkland: not otoh, no
<kirkland> jdstrand: mkay
<jdstrand> (I've never messed with it at all)
<kirkland> jdstrand: do you know of a reason why libvirt would prevent you from assigning more than 16 cpus to a guest?
<kirkland> jdstrand: the error i'm getting is about virtio balloon when i add the 17th cpu
<kirkland> jdstrand: kvm alone can do -smp 17 just fine
<jdstrand> sorry no-- I'd just compare the kvm invocations between the two. you might check kern.log to make sure libvirt isn't try to make some sort of an adjustment that is denied by apparmor
#ubuntu-server 2010-08-06
<jeeves_Moss> how can I fix this?  http://pastebin.com/rsPsg49i
<tarvid> cacti and phpmyadmin insert configuration in /etc/apache2/conf.d and thus become part of every virtualhost. That should not be
<thesheff17> MTecknology: nice looks good :)
<Roxyhart0>  hi there, i just changed my domain controler to another subject but the machines that where already joined can't see the domain any more. the firewall is open. What coudl be the problem?. they can see the DC if they are just in the same subnet but no different.
<zul> ScottK: should be fixed now
<Guest89249> I am doing combined work on various USERDir accounts on Ubuntu, but my files are getting written by apache as www-data rather than as those userdir accounts.  How do I get file access for the UserDir accounts through those accounts rather than www-data?
<ri_>  I am doing combined work on various USERDir accounts on Ubuntu, but my files are getting written by apache as www-data rather than as those userdir accounts.  How do I get file access for the UserDir accounts through those accounts rather than www-data?
<zash> ri_: look into suexec or some such
<zash> ri_: sounds dangerous anyways
 * zash goes to sleep
<corpse> whats the best way to go about cleaning up a server (temp, bulky log files etc) my root drive seems to be filled up a bit more then it should be
<patdk-lap> heh, shove /var on it's own drive :)
<patdk-lap> apt-get clean, helps too
<corpse> Thanks
<corpse> do i have to symlink to the new /var location?
<patdk-lap> heh
<patdk-lap> how large is your root?
<corpse> 31GB
<patdk-lap> should be more than enough, what are you doing? :)
<patdk-lap> I only normally do 5gigs
<corpse> not sure were all the space is being used at, all of my media are on seperate drives
<patdk-lap> guess it's time to use du to find out
<corpse> but I am 71% right now
<patdk-lap> du -sxc * | sort -n -k1
<patdk-lap> I would start at /
<ri_> zash:  I don't even have to worry about this on CentOS.  It just works.
<patdk-lap> and work my way into each large dir
<patdk-lap> ri_, that is cause it used suexec by default :)
<ri_> When I use userdir, it naturally is configured to think in terms of that user and do all work for that user and not the general apache user on CentOS, but now with this latest Ubuntu server, that aspect is broken.
<patdk-lap> not sure about ubuntu, I don't use apache much
<corpse> patdk-lap: Thanks for that, was not aware of that command. That was exatcly what i needed
<ri_> Well, I have been looking at suexec  stuff for about an hour, and nothing shows me how to do it except an apparent daemon specific command line switch.
<ri_> It mentions doing something in the virtual host, but doesn't show you what.
<patdk-lap> well, I wouldn't know about userdir's, as I never use them
<patdk-lap> but using it in virtual host is easy, just add a user and group command, and it's good
<ri_> patdk-lap:  Okay, sorry.  I'm sorry if I'm impatient here.
<corpse> got it down to 5.4GB used =D
<patdk-lap> where did it all go? :)
<corpse> I must have put in a few bad directory lines when i was transfering from one server to another, I had a few movies hiding in the home folder
<patdk-lap> heh
<patdk-lap> I normally put /home and /var on their own drives
<corpse> yeah i normaly have /home on its own. for some reason i skipped it this time around
<ri_> This has no syntax chart for the User directive:  http://httpd.apache.org/docs/2.0/mod/core.html
<corpse> I have 4 other drives for differnt media so i figured i would really need to use /home much
<patdk-lap> ri_, it's not part of core
<ri_> Is it possible to find it?
<patdk-lap> http://httpd.apache.org/docs/2.0/mod/mod_suexec.html
<patdk-lap> heh, my suexec and apache's suexec look nothing alike :)
<patdk-lap> I've so twisted it over the years
<ri_> patdk-lap:  I appreciate it.  I'll look at that too.  Thank you.
<patdk-lap> I dunno about that helping userdir's but
<patdk-lap> that is what does it for cgi's
<ri_> Okay, I have many directories specified for one virtual host, where one <Directory...> stanza corresponds to a UserDir area.  That's also what I have on CentOs, ...may I just put int he suexecusergroup thing to each directory stanza?
<darkpixel> mdadm --auto-detect creates my array minus one drive.  When I manually try to add the drive to the array (mdadm --add /dev/md0 /dev/sdd1), it returns 'mdadm: Cannot open /dev/sdd1: Device or resource busy' and syslog contains 'could not bd_claim sdd1'.  I don't see the drive as being in use when looking at the output of 'mount' or 'lsof'.  Any pointers?
<twb> You've booted off sdd1
<twb> You should look at /proc/mounts; "mount" returns the contents of /etc/mtab, which isn't accurate.
<patdk-lap> hehe :)
<darkpixel> twb: My boot drive shows up as /dev/sda when I run either 'mount' or 'fdisk -l'.  /proc/mounts shows me the root volume id.  What's the new replacement for the 'vol_id' command that was present in 9.04?
<darkpixel> (Also, I should say that fdisk correctly shows that /dev/sdd has one partition that is of the type 'Linux Raid Autodetect' and /dev/sda has my standard linux and swap partitions.
<twb> Urk.
<twb> What does the UUID resolve to in /dev/disk/by-uuid/, then?
<twb> Fuck it, just pastebin the contents of /proc/mounts, /proc/mdstat, /etc/fstab and "ls -lids /dev/disk/by-*/*"
<darkpixel> It resolves to /dev/sda.
<darkpixel> Weird--found it.
<darkpixel> I didn't think to look at mdstat.  It shows /dev/md0 and /dev/md_d0.  /dev/md_d0 contains /dev/sdd1.  mdadm --detail /dev/md_d0 says it isn't active.  mdadm --stop /dev/md_d0 returns successfully and I can now add /dev/sdd1 into /dev/md0.  Odd.
<darkpixel> Thanks for the pointer twb.
<twb> Oh, it's *that*.
<twb> What happens is: you configure a two-disk system with two partitions each, then RAID /dev/sd[ab]1 and /dev/sd[ab]2 as separate RAID1 arrays -- right?
<twb> Then you reboot and find that the idiotic mdadm -A --scan has decided that you ACTUALLY have a whole-disk RAID1 array which contains two partitions, but boot fails because the second RAID1 array fails to assemble
<twb> ...I got that when I tried to install lucid on a server, and I couldn't fix it, so I gave up and installed 8.04.
<darkpixel> The system has a single SSD which is root, and then 5 SATA WD 1 TB drives which I put into a RAID6.  The system doesn't auto-detect the RAID on startup (probably because I haven't told it to), so I just run 'mdadm --auto-discover'.  That's what it came up with.
<darkpixel> I've always has weird issues like this with mdadm.  I ended up switching one of my other servers over to Debian stable and I haven't had a single problem with the array since.  With Ubuntu I seem to run into problems every other upgrade or so.
<MTecknology> This is irritating. I have a cron job that runs sudo. I keep getting these errors "cd: 22: can't cd to /root" Everything else in the script works perfect so I don't understand where those errors are coming from..
<SpamapS> MTecknology: cron runs using the default shell of the user running the cron job...
<SpamapS> MTecknology: unless you set SHELL=xxx
<MTecknology> SpamapS: so I should just toss set SHELL=/bin/bash in there?
<MTecknology> err... s/set/export/
<MTecknology> What's the difference between set and export anyway?
<MTecknology> And what makes that different from just foo="bar"
<SpamapS> not export
<SpamapS> its a crontab, so actually precede the cron jobs with
<SpamapS> SHELL=/bin/bash
<MTecknology> oh
<SpamapS> set only sets the variable in the current shell.. sub-shells and executed programs won't get that variable
<SpamapS> export will put it into the actual process environment, so fork() will retain it.
<MTecknology> With "SHELL=/bin/bash /usr/local/sbin/site-drush cron" I still get "cd: 22: can't cd to /root"
<MTecknology> SpamapS: any other ideas? :)
<MTecknology> SpamapS: Oh - the command looks like this -> sudo -n -H -u USFCWQG.s -s yes y | /usr/local/sbin/drush/drush -r /jail/home/USFCWQG.s/pressflow -l profarius.com cron
<SpamapS> MTecknology: why would you pass the entire script path into SHELL= ?
<SpamapS> MTecknology: SHELL= tells it which shell to run, the actual cron line gives it the script to pass to the shell
<SpamapS> MTecknology: I'd have to guess though, that your script is trying to chdir into /root and cannot, given the error message.
<MTecknology> SpamapS: oh.. I did it because of echo $SHELL
<MTecknology> SpamapS: same thing happens though
<MTecknology> SpamapS: I keep looking through man sudo without luck
<MTecknology> SpamapS: The -H is supposed to read $HOME from /etc/passwd... but I think the jail is mucking with that.. so it defaults back to the $HOME of root (/root)
<SpamapS> MTecknology: indeed it does.
<SpamapS> MTecknology: but.. you shouldn't be running a login shell.. so its fairly confusing.
<SpamapS> MTecknology: its not sudo that defaults back, its the shell trying to start from $HOME...
<SpamapS> MTecknology: you might actually try setting HOME=/tmp in the crontab as well. I don't know if that works though
<uvirtbot> New bug: #614225 in postfix (main) "package postfix 2.7.0-1 failed to install status 75 setgid_group Local only" [Undecided,New] https://launchpad.net/bugs/614225
<mase_wk> lo all, was wondering how I get a 10.04 system to create a config.new file for the automatic security updates rather than blatting my configuration ?
<MTecknology> SpamapS: we'll try that too :)
<MTecknology> SpamapS: nope..
<MTecknology> SpamapS: I also tried sudo -s HOME=/tmp command
<MTecknology> SpamapS: It's irritating because it's a completely meaningless error to me. The user doesn't need HOME set at all.. If I run this outside of CRON (as root) it'll work fine.
<twb> mase_wk: configuration of what?
<mase_wk> twb: well today base-files was updated
<mase_wk> a security update, so it's fine that it did it automagically
<mase_wk> but it overwrote my /etc/motd.d/ changes
<mase_wk> which i wouldn't have minded so much if it had at least created a .old file or something
<twb> If it did so without prompting you, that's a bug
<MTecknology> SpamapS: I'm considering chmod +rx /root
<mase_wk> twb: well it was an automated upgrade i believe
<mase_wk> so there was nothing to prompt
<mase_wk> unattended
<twb> I don't know, then
<twb> I'd have expected it to create a .dpkg-old or .dpkg-new
<mase_wk> ok thats what i was expecting.
<MTecknology> SpamapS: Sounds like a crappy enough solution?
<twb> Hm... except base-files is special in some ways, because it has to do that sort of thing before most of the system is installed
<twb> I'd still report it as a bug
<MTecknology> SpamapS: I guess it'll work until I can actually figure out how to make it work right.. HOME=/tmp sounds great if I could set it. Maybe a feature request for sudo? :P
<MTecknology> I guess I should go sleepy now
<MTecknology> SpamapS: thanks
<SpamapS> MTecknology: I meant HOME=/tmp in the crontab.
<SpamapS> mase_wk: anything in /etc should be treated as a conffile ..
<SpamapS> twb: agreed that base-files is a bit special.. so it may not be so cut and dry
<chrislabeard> What is the best web control panel now days?
<SpamapS> chrislabeard: landscape! oh wait.. no pimping the company products..  bad.. bad SpamapS
<mase_wk> SpamapS: yeh i think i'll add a bug report and see what people say. i think even if it has a good reason for overwriting them it should still leave me a copy of the old ones
<chrislabeard> uhh yeah so a free one
<mase_wk> chrislabeard: do you want a Free one or a $free one ?
<chrislabeard> good question
<SpamapS> chrislabeard: also do you mean for one server, or for a larger environment?
<chrislabeard> one server
<chrislabeard> At one time webmin was not supported so I got crap for using it
<chrislabeard> I want to do it right now, Which once should i use.
<mase_wk> webmin ? what kind of control panel are you after ?
<chrislabeard> kinda like cpanel
<chrislabeard> manage virtual hosts, dns
<chrislabeard> users
<mase_wk> ah k.
<chrislabeard> I tried ehcp back in the day and hated it, has it gotten any better?
<SpamapS> I've heard good things about ebox
<SpamapS> and a friend of mine is the author of gnu hosting helper
<SpamapS> I guess its just hostinghelper now
<SpamapS> http://hostingsoftware.net/
<chrislabeard> is this a panel ?
<chrislabeard> wow its ugly
<chrislabeard> what was this made in 1998
<mase_wk> probably. i think the majority of people who knew what they were doing gave up on shared hosting long ago
<mase_wk> you can get such cheap virtual machines now it's hardly worth it
<chrislabeard> Except its fun
<mase_wk> each to their own
<chrislabeard> I'm running Mac OS X server right now and I hate it
<mase_wk> i'm not surprised
<chrislabeard> its supposed to make it all easy but it just ends up being retarded hard
<mase_wk> i think thats because a server != desktop
<SpamapS> chrislabeard: if you don't like mac os x server why would you want a web control panel for linux? just get really good with vi ;)
<chrislabeard> Well i do some on the command line and some with webmin its just a tool to manage things with a gui
<mase_wk> there is a reason why linux/bsd/solaris etc.. don't have a gui by default on the server :)
<twb> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<alcuadrado> !mailbox
<alcuadrado> hi, anyone online?
<chrislabeard> wow my computer sounds like its trying to take off
<chrislabeard> Anyone else every had that problem with a computer
<Jeeves_> chrislabeard: Usually a fan. Or worse, a disc
<Jeeves_> disk
<chrislabeard> My computer has 8 fans in it
<chrislabeard> can ubuntu not manage those or something
<Jeeves_> That depends on your motherboard, I think.
<chrislabeard> well its a mac
<Jeeves_> No clue if that's supported. Why don't you ask Steve what's wrong with it?
<Jeeves_> He can probably sell you a condom to put around it and filter the annoying noise ;)
<chrislabeard> yeah hey steve I'm installing ubuntu on my computer and its like really loud
<twb> Jeeves_: more like earmuffs
<chrislabeard> OH and its a PPC
<Jeeves_> But, the good news is, the condom will only cost you $3498 !
<Jeeves_> But it's a shiny one! :)
<Jeeves_> ok, I'll stop Apple-bashing now. ;P
<twb> chrislabeard: most rackmount kit I see is SUPPOSED to sound like a jet taking off when it boots
<chrislabeard> I have a rack mount it sounds like this
<twb> chrislabeard: it's also supposed to reduce the fan speed once the BIOS finished loading
<chrislabeard> It was fine till it started installing
<xampart> that reminds me http://bash.org/?285255
<Jeeves_> :)
<twb> Heh.  Britain has C-cup, we have 4RU
<xampart> =)
<chrislabeard> So I guess I'm just SOL
<Jeeves_> chrislabeard: No
<Jeeves_> Finish the installation and install acpid
<chrislabeard> k
<Jeeves_> That might help
<chrislabeard> its weird it didn't ask me what I wanted on my server
<chrislabeard> or is that after it installs the base system
<chrislabeard> I can't remember
<xampart> anyone had problem with 64bit chromium not having flash?
<mase_wk> xampart: i've experienced it but i saw it as a feature :P
<xampart> =)
<xampart> the only problem with that is my consumption of y-tube
<twb> xampart: install youtube-dl, clive, or some other equivalent
<twb> xampart: or use a webkit-based browser, which will just use HTML5 instead of flash
<Jeeves_> twb: Isn't chromium webkit?
<SpamapS> xampart: good one, but http://bash.org/?925050 is better. :)
<twb> No idea
<twb> I try not to endorse evil empires
<Jeeves_> twb: Google is not evil! The rest of the world is just paranoid!
<xampart> SpamapS: :D [sic]
<mase_wk> pft
<alcuadrado> hi, I'm trying to configure an email server in ubuntu server 10.04 but I having some problems, can anyone help me please? :)
<mase_wk> alcuadrado: sure
<mase_wk> just let us know what problem your having
<alcuadrado> I mannaged to configure postfix and dovecot following the ubuntu official (i think it's official) guide
<alcuadrado> and that worked fine
<alcuadrado> but I can't realize how to manage multiple domains and accounts
<SpamapS> twb: by communicating on the internet, you're most certainly supporting AT&T, Savvis, or Level3 ... maybe not evil empires, but certainly terrorist states when it comes to ripping people off and misusing personal data.
<xampart> twb: after changing my 10.04 servers 2 1TB hdd's to 2TB. i did "mdadm --grow /dev/md0 --size=max". it's now syncing nicely. maybe the best feeling as a admin yet
<alcuadrado> as everything seems to be center in the unix users of the system
<twb> SpamapS: I did say "TRY not to"
<SpamapS> twb: maybe you could try a little harder, and start digging "Free Trenches" for the "Free Fiber" ;)
<twb> SpamapS: wouldn't help, because the USEFUL parts of Inter-net are in .us, which requires undersea cabling.
<SpamapS> twb: not to mention supporting our *actual* evil empire. ;-)
<twb> Nod
 * SpamapS imagines a very concerned and upstanding twb weighing options ... fun... principles.. tweets.. principles.. farm ville.. oh sod the principles!
<twb> I have high hopes for the mesh networking drafts
<twb> I don't "tweet" or "blog"
<alcuadrado> anyone?
<twb> My internet doesn't include pointless bandwidth-wasting shite like images, but it *does* include .edu and .net and .org
<SpamapS> alcuadrado: the postfix documentation has a lot of information on managing virtual domains
<SpamapS> http://www.postfix.org/VIRTUAL_README.html
<alcuadrado> great, that will help... i didn't know if it was a postfix or dovecot issue :$
<SpamapS> alcuadrado: http://wiki.dovecot.org/VirtualUsers
<chrislabeard> look at that it fixed it self
<alcuadrado> thanks, I'll read that now :)
<chrislabeard> Alright ready for the noob questions, How can I enable ssh
<chrislabeard> well look at that
<chrislabeard> I am an idiot
<Jeeves_> 'apt-get install ssh'? :)
<chrislabeard> it was already installed
<chrislabeard> So just to be clear webmin is no longer supported
<xampart> anyone get "uc_update: Value too old: name" -type of messages with logcheck + collectd? i found the problem there: http://collectd.org/faq.shtml , but no solution
<alcuadrado> SpamapS, I've been reading the postfix documentation, and I have a doubt again :p
<scoopex> i created a preseed file, how can i load this file from a webserver using the standard alternate-installer-cdrom - i discovered https://help.ubuntu.com/10.04/installation-guide/powerpc/preseed-using.html....
<scoopex> do i really need to add preseed/url/checksum=...
<scoopex> ?
<wieshka> i have ubuntu server installed on one 500 Gb hdd, so now i have 2 new HDD disks .... what are my options, to migrate all system to new two disks with RAID 1 ?
<binBASH> scoopex: your nick is inspired by ScoopeX Amiga Demo Group? ;)
<scoopex> what should i exactly enter on the installer-boot-prompt to load the preseed file...
<scoopex> binBASH: sure ;-)
<binBASH> nice ;)
<a_ok> can someone point me to a page with the diferences in ubuntu kernels
<twb> a_ok: install them and diff /boot/config-*
<a_ok> twb: i just waned to see the features page to see the major diffenences between server and generic
<a_ok> and I thought there was one for virtual guests too
<twb> I'm not stopping you
<a_ok> page has been removed...
<a_ok> at least all references I can find of it end up in a 404
<twb> If apt-get is giving you 404, you have bigger issues than picking a kernel
<a_ok> twb: erm not talking about apt
<a_ok> I know there was a page stating the differences in the kernels and all available kernels but simply can't find it anymore
<xampart> need help with collectd http://efwsupport.com/index.php?action=printpage;topic=988.0 -type errors. plugin ntpd is *not* enabled
<a_ok> what is GB in the installer by the way? the SI or GiB?
<wieshka> i need a help - i have installed UBuntu on single HDD, now i want to migrate to RAID 1
<wieshka> i have prepared new 2 hard disks
<wieshka> with the same size
<wieshka> 500 Gb
<wieshka> can i do it from my existing system or i have to use live cd ?
<MACscr> why would i be seeing a different time in my /var/log/messages log versus the time showing when i type in 'date'
<cloakable> wieshka, if I recall, ubuntu installs by default onto a degraded RAID1.
<MACscr> its almost as if my logs are in UTC
<wieshka> so i just need to enable RAID 1?
<wieshka> how can i check it out ?
<cloakable> wieshka: I'm trying to find information where it says that, I might be wrong.
<wieshka> fuck, why i didnt seted up raid on installation
<wieshka> i have already installed plenty of system software on existing system
<wieshka> heh, what will be faster - setting up RAID 1 on existing system or reinstall with RAID ?
<cloakable> Hmmmm.
<wieshka> any ideas ?
<wieshka> so i need reinstall system with degraded RAID 1 ?
<wieshka> now i am running just lvm, so it looksl ike for me
<wieshka> cloakable: still here ?
<cloakable> wieshka: Yeah
<wieshka> any ideas ?
<wieshka> hmmm, full reinstall with already RAID 1 enabled will take me aprox 4 hours
<cloakable> Mmmm
<wieshka> maybe it is better way ? :(
<pmatulis> wieshka: 4 hours to install, why?
<wieshka> pmatulis: 5 virtual hosts ...... on the system
<wieshka> already installed
<pmatulis> wieshka: what kind of virtual host?
<wieshka> kvm
<pmatulis> wieshka: so 5 virtual machines
<wieshka> phhh, i am confused now - what to do
<pmatulis> wieshka: are they using image files as their disks?
<wieshka> no - LVM partitions
<pmatulis> wieshka: so LVM logical volumes
<wieshka> aha
<pmatulis> wieshka: so copy them over the network, reinstall, and copy them back
<pmatulis> wieshka: how large are they?
<wieshka> i have one HDD with my system already installed - now i have extra 2 HDD the same size - and i need RAID
<wieshka> maybe i can just migrate
<wieshka> pmatulis: they are allocated on more then a half HDD
<wieshka> 500 Gb
<wieshka> aprox 270 Gb
<pmatulis> wieshka: yeah, that's a bit large
<pmatulis> wieshka: what do you want to RAID?
<wieshka> i want to setup RAID 1
<pmatulis> wieshka: yeah, but apply that to what?
<wieshka> simple one disk installation
<pmatulis> wieshka: the whole disk?
<wieshka> migrate from single HDD to RAID 1
<wieshka> yeah, he whole disk
<wieshka> the
<pmatulis> wieshka: i would install on the 2 new RAIDed disks and then copy the machines over from the 1st disk
<wieshka> you mean - put in new two disks, boot live cd, setup a RAID 1 on this 2 disks and then copy data ?
<pmatulis> wieshka: yes
<wieshka> what abaout partitiong ?
<wieshka> hmm, i havent ever done something like that
<pmatulis> wieshka: yes, what about it?
<wieshka> but looks like i have to
<wieshka> firs of all i have to copy exact partitioning table on disks ?
<wieshka> i am correct ?
<pmatulis> wieshka: no
<wieshka> brrr, my brain is not working anymore ....
<pmatulis> wieshka: just install normally on the 2 new disks
<wieshka> just install RAID on two disks, that all
<wieshka> ?
<pmatulis> wieshka: install Ubuntu on the 2 new disks, specify RAID 1 in the installer
<wieshka> after that, mount old one HDD ?
<wieshka> and copy old data ?
<pmatulis> wieshka: yes
<wieshka> ok - now i removed old HDD, puted in two new HDD disks, waiting for boot ..... than i install new fresh installation of ubuntu
<wieshka> on RAID 1
<wieshka> via install menu
<wieshka> in partitioning step
<thesheff17> has anyone successfully bridged to a br0 device from a wlan device?  Just bought a new i7 laptop and would love to test KVM on my machine but I don't always have it wired.  Any suggestions?
<thesheff17> could I bridge eth0 to br0 and use iptables to forward traffic to wlan?  hmmm...just trying to think how I could get kvm testing done on my laptop when it is wireless.
<pmatulis> wieshka: make sure you reserve a lot of space on the LVM physical volumes for your old volume group(s)
<pmatulis> wieshka: recall that you will need to export them
<uvirtbot> New bug: #614320 in bacula "bacula awk script for sqlite catalog backup broken" [Undecided,New] https://launchpad.net/bugs/614320
<jimcooncat> If I install UEC in my office, does that give me fault tolerance on storage or services?
<ttx> smoser, hggdh: ping
<FDX> Hey guys, please help me, i desperately need help.
<FDX> My domain is not working on my server, and i have no idea why
<Jeeves_> FDX: It might help if you say what your problem is :)
<hggdh> ttx: here
<FDX> I already have my main domain working
<Jeeves_> Ah, I've got no clue about that.
<ttx> hggdh: you still have 2 work items marked TODO/INPROGRESS for alpha3 in https://blueprints.launchpad.net/ubuntu/+spec/server-maverick-uec-testing
<hggdh> hell
<ttx> hggdh: could you mark them DONE or POSTPONED (and potentially copied to beta if they apply there ?)
<hggdh> looking it up & correcting as needed
<hggdh> ttx: sorry
<FDX> oh god. Jeeves_ you know how to set a secondary domain on an apache server?
<FDX> I have webmin.
<ttx> hggdh: no problem, just a cleanup :)
<Jeeves_> Ah, Apache.
<Jeeves_> And webmin
<Jeeves_> There's your problem...
<ttx> Ah, Webmin.
<FDX> ?? i'm lost
<Jeeves_> Anyway, have a look at /etc/apache2/sites-enabled/
<FDX> There is nothing there.
<Jeeves_> Hmmm
<Jeeves_>  /etc/apache2/conf.d ?
<FDX> Yes, my domains are set there, want it pastebinned?
<jimcooncat> FDX: do you have any /etc/apache2/sites-available?
<Jeeves_> FDX: Sure.
<MTecknology> SpamapS: Ya, I tried HOME=/tmp in the command and the cron
<FDX> I'll check it.
<hggdh> ttx: done, I think. spineau's vol testing postponed, A3 tests done
<ttx> ok, thx
<zul> jdstrand: ping i just noticed this on maverick: http://pastebin.ubuntu.com/474030/
<FDX> oh damn, now i cant ssh. i'm getting wrong password but i'm damn sure its right
<MTecknology> FDX: language
<jdstrand> zul: that is very odd. can you give the file DpkgTerminal output?
<zul> sure gimme a sec
<zul> actually that was the dpkgterminal output
<jdstrand> zul: all of it?
<zul> hold on
<zul> jdstrand: http://pastebin.ubuntu.com/474032/
<FDX> Guys, this is my apache2 config: http://pastebin.com/JL8rGJZZ
<FDX> jimcooncat, there is only "default-ssl" on sites-available folder
<jdstrand> zul: I'll have to look into it
<jdstrand> zul: thanks
<zul> jdstrand: no thank you
<Jeeves_> FDX: I miss some statements in that config
<Jeeves_> <VirtualHost> stuff
<Jeeves_> Did the pastebin break that? Or is it really not there?
<FDX> Its really not there
<FDX> I configged it with webmin
<Pici> Oh dear.
<jimcooncat> that counts me out :-(
<Pici> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<FDX> z0mg
<Jeeves_> FDX: http://pastebin.com/wHEvm8BN
<Jeeves_> What happens if you change it to that
<jimcooncat> perhaps starting over would be best? apache2 is dead simple now.
<FDX> i'll try that
<FDX> Many thanx Jeeves_
<fidelix> I was FDX, my net went down
<fidelix> Jeeves_: could you please give-me that pastebin again?
<Jeeves_> 15:20 < Jeeves_> FDX: http://pastebin.com/wHEvm8BN
<fidelix> thanx
<Jeeves_> yw
<fidelix> when installing ebox, it asks me for a Dynamic DNS provider
<fidelix> What should i do about that?
<fidelix> And from what i see, ebox cant manage apache, postfix and other servers
<fidelix> Am i wrong?
<Jeeves_> Ehm, I think that correct.
<Jeeves_> I really don't use that kind of stuff.
<fidelix> hmm... you do everything with ssh and vi?
<Jeeves_> Since it usually makes sure you've got no clue what you're doing and they usually do it wrong.
<Jeeves_> And when they do, you don't know why. Because you've got no clue what you're doing :)
<Jeeves_> ssh+vim is the best combination ever
<jimcooncat> don't forget screen!
<jimcooncat> I use ssh+screen+mcedit myself
<fidelix> screen?
<fidelix> Whats screen?
<jimcooncat> fidelix: if you're in the middle of something on your remote box, and your ssh connection drops, you can get right back to where you left off
<fidelix> thats... excelent.
<fidelix> jimcooncat: know why ebox is asking me for a Dynamic DNS provider?
<jimcooncat> fidelix: I don't use things like ebox. sorry
<fidelix> well, i'll remove it too
<grante> Help!  SSHd keeps dying on my remote server.  And now commands like ls and find don't work anymore.  what happened?
<fidelix> grante, check if there's enough free memory
<grante> sshd says this after I try to login: *** invalid open64 call: O_CREAT without mode ***: /usr/sbin/sshd terminated
<grante> free -m shows 311mb free, 3290 free w/o buffers
<grante> the only reason i'm still able to access the server is because i had an ssh session open from yesterday.
<grante> i keep getting emails from cron jobs saying scary things like "/bin/sh: find: not found"
<grante> although find is actually there.  I'm guessing something it depends on isn't.
<grante> the only thing I can think of is maybe an automatic security update broke something.
<Jeeves_> grante: what does dmesg say?
<grante> the command or the file?  the command just shows firewall logs, nothing else.  the file doesn't show anything out of the ordinary afaict.
<qbitza> Any idea how I can install Firebird1.5-super?
<Jeeves_> grante: what does the command say after you filter out the firewall stuff?
<Jeeves_> qbitza: Try #ubuntu
<qbitza> It used to be distributed with Hardy, but I think it was dropped in Lucid
<Jeeves_> grante: so 'dmesg | grep -v firewallstuffthatmatches'
<Jeeves_> qbitza: Try #ubuntu
<qbitza> Jeeves_, Tx, but no answer there, so I thought I'd ask here
<fidelix> Jeeves_: try accessing www.felipefidelix.com and see what happens
<grante> Jeeves_: http://pastebin.com/T4ZyCW6j ... the 3w-9xxx errors are from my attempt at using smartctl.  But there's also a message about mysqld.
<qbitza> How do I install a package from a previous distribution?
<Jeeves_> fidelix: Host www.felipefidelix.com not found: 3(NXDOMAIN)
<Jeeves_> That might cause you some issues :
<Jeeves_> :)
<hggdh> Daviey: good morning. May I be just a bit of a bother, and ask you where is the current bzr branch for Euca upstream?
<fidelix> what?
<Jeeves_> grante: Hmm.
<Jeeves_> I'd say your fs is fsckt
<idlemind> any ideas on a lamp server hosting virtual hosts. how do you handle user permissions so apache can read the files but the end-user still has permission to add / remove delete?
<grante> Jeeves_: well that's not good.  I have backups...but that's going to make my day very stressful.
<Jeeves_> idlemind: mod-itk
<idlemind> jeeves_: thanks. off 2 google on that
<Jeeves_> grante: If you dare, i'd try a reboot
<Jeeves_> *if* the filesystem is broken, keeping it running will only make things worse in the end
<idlemind> zomg ... mpm-tik = allowing each vhost to run under a seperate gid / uid ... <3
<grante> Jeeves_:  I've considered it.  But that means if it doesn't come back up perfectly, I lose all access.  And the datacenter it's at is super slow responding to issues.
<Jeeves_> grante: It's either that, or waiting for it to happen when you're asleep :)
<grante> Jeeves_: and no ip kvm's, despite my repeated requests they get some of them.
<fidelix> -bash : fork : not possible to alocate memory.
<grante> Jeeves_:  Yeah, I know.  But this is a voip server running a bunch of client's phones.  They are not going to be happy today.
<Jeeves_> grante: It's up to you. I just say what I would do
<fidelix> how do i set apache not to use 100% of system memory?
<Jeeves_> fidelix: :)
<Jeeves_> It shouldn't really :)
<grante> Jeeves_:  ya.  thanks for the help.
<fidelix> well, the system has no memory even to run "top"
<fidelix> or list a folder.
<grante> fidelix:  how much ram is in the system?
<fidelix> 1g
<fidelix> any tips, grante?
<grante> google apache2 low memory system, you'll find a few guides to tweaking apache to use less ram
<fidelix> thanx man
<jetole> Hey guys. I set eth1 as a static interface in my /etc/network/interfaces file and yet it's still being configured by dhcp (which runs on this same host). Did I miss something? http://pastebin.org/451001
<binBASH> fidelix: Why not using an alternative Webserver?
<fidelix> like?
<binBASH> I can suggest Cherokee Webserver
<fidelix> Is it easy to setup?
<grante> fidelix: lighttpd works well too.
<jetole> nginx
<binBASH> yup, it has Webinterface Admin tool as well :)
<jetole> nginx @ fidelix @ alternate web server
<jetole> google uses nginx a lot
<fidelix> Well, there are people saying on the internet that apache2 is faster than lighthttpd
<fidelix> At least for dynamic content.
<jetole> possibly
<binBASH> fidelix: It's true when using mod_php for example
<fidelix> What about compatibility binBASH?
<fidelix> mod_rewrite is 100% needed.
<fidelix> I run joomla and drupal sites.
<binBASH> Cherokee supports rewrites
<jetole> fidelix: look at nginx
<jetole> fidelix: also here is a list of module comparison (this includes apache, lighttpd and nginx): http://wiki.nginx.org/NginxModuleComparisonMatrix
<fidelix> I'm more worried about how my systems will behave with different servers.
<jetole> oh neat. I didn't know nginx had a memcached module
<jetole> binBASH: I don't suppose you could do a quick double check of my /etc/network/interfaces file (http://pastebin.org/451001) ?
<jetole> or anyone else?
<jetole> fidelix: as per server, I don't know what you mean on how it will behave differently but it's a different web server. nginx though (pronounced engine X) is used a lot by google, almost exclusively
<binBASH> jetole: What is your exact problem with the file?
<fidelix> jetole: i'm worried if joomla/drupal will work well with nginx
<jetole> binBASH: eth1 is being set by dhcp when I call ifup on it
<Tohuw> Passenger 2.0.3 installed from the repo on Ubuntu Server 9.10 crashes whenever a rails app is called. Unexpected error in Passenger: The ApplicationPool server exited unexpectedly." in apache error.log. Any troubleshooting ideas?
<jetole> fidelix: they will both work with php. They don't care nor do they talk to the web server
<jetole> binBASH: Hey guys. I set eth1 as a static interface in my /etc/network/interfaces file and yet it's still being configured by dhcp (which runs on this same host). Did I miss something? http://pastebin.org/451001
<fidelix> Yes, but what about rewrites and caching?
<jetole> binBASH: that was the original question
<fidelix> does nginx have APC?
<jetole> rewrites have to be configured
<jetole> caching I don't think will make a difference
<binBASH> fidelix: you load apc in php
<binBASH> has nothing to do with nginx ;)
<fidelix> true...
<fidelix> OK. I will adventure.
<binBASH> fidelix: You need php-cgi for having php via fcgi
<jetole> fidelix: http://wiki.nginx.org/NginxHttpRewriteModule
<jetole> http://wiki.nginx.org/NginxHttpFcgiModule
<binBASH> jetole: Google doesn't use nginx, at least not that I know:)
<binBASH> They're using custom patches with apache servers.
<jetole> binBASH: I read about a year ago that they moved to nginx
<jetole> binBASH: you may be correct
<fidelix> So, i just have to apt-get install nginx? Or should i compile something?
<binBASH> fidelix: http://www.cherokee-project.com/doc/modules_handlers_redir.html
<binBASH> btw. :)
<fidelix> binBASH: you think Cherokee is lighter than nginx?
<jetole> binBASH: so no idea about the interfaces file eh?
<binBASH> fidelix: Well, personally I'm using cherokee.
<binBASH> it's a bit faster for static files
<binBASH> jetole: Let me have a look ;)
<jetole> binBASH: http://pastebin.org/451001
<fidelix> binBASH: what about dynamic files?
<jetole> fidelix: "Apache is like Microsoft Word, it has a million options but you only need six. Nginx does those six things, and it does five of them 50 times faster than Apache." http://wiki.nginx.org/NginxWhyUseIt
<fidelix> I am already convinced by nginx
<fidelix> I even apt-getted it
<fidelix> But i want to know about cherokee
<fidelix> It seems really good too
<jetole> wordpress.com uses nginx too I just noticed
<binBASH> fidelix: it should be the same for both servers about fcgi;)
<binBASH> nginx has a bit more features I think though
<fidelix> ok, i'll go with nginx because it seems more mature
<binBASH> fidelix: enjoy ;)
<jetole> binBASH: don't worry. I just rebooted this machine and it doesn't seem to be an issue anymore
<scoopex> i created a preseed file, how can i load this file from a webserver using the standard alternate-installer-cdrom - i discovered https://help.ubuntu.com/10.04/installation-guide/powerpc/preseed-using.html....
<scoopex> what should i exactly enter on the installer-boot-prompt to load the preseed file...?
<scoopex> do i need the checksum?
<jetole> no you don't need the checksum
<jetole> one sec while I ssh to my preseed server and look
<scoopex> jetole: can i boot a alternate installer cd and fetch the preseed file by a url?
<jetole> scoopex: url=http://preseed.url
<jetole> start the CD, go to the section where you apply advanced options
<jetole> er, more options
<scoopex> jetole: do i need some ip-configuration?
<jetole> it's at the start when it asks you to install ubuntu, run memcheck, oem install etc, right after you select a language
<jetole> scoopex: yes but if you have dhcp then no
<jetole> I also use locale=en_US console-setup/layoutcode=us netcfg/get_hostname=
<binBASH> jetole: It will be an issue again, if there are a lot of apache workers :D
<jetole> huh?
<jetole> oh
<jetole> wait what?
<binBASH> apache memory footprint with php module is usually huge;)
<binBASH> do you run a vserver?
<jetole> binBASH: I didn't ask any questions about apache or a server
<jetole> although I run many if you must know
<binBASH> jetole: hhe, I'm currently thinking about your file
<jetole> from apache to nginx to IIS 7 (yes I just said IIS 7)
<binBASH> I think the problem maybe doesn't rely on that file
<jetole> binBASH: my file was an /etc/network/interfaces file
 * jetole is confused 
<binBASH> can you paste /etc/udev/rules.d/70-persistent-net.rules
<jetole> no
<jetole> 10:33 < jetole> binBASH: don't worry. I just rebooted this machine and it doesn't seem to be an issue anymore
<binBASH> ahh ok :D
<jetole> lol
<fidelix> Nice. I installed nginx and now i have bad gateway
<binBASH> jetole: I didn't read right, thought it's fidelix
<jetole> lol. It's cool
<jetole> fidelix: that sounds odd
<binBASH> jetole: I'm currently very busy with evaluating alternative Storage Engines for mysql ;)
<jetole> binBASH: oh really
<jetole> like what?
<binBASH> XtraDB
 * jetole wants to try the maria engine when I get time 
<jetole> I have to google that one
<jetole> If I had my way, we'd move to an oracle / cassandra mix using memcached and varnish with nginx as the server
<binBASH> jetole: http://www.percona.com/downloads/Percona-Server-5.1/Percona-Server-5.1.47-11.2/deb/lucid/x86_64/
<binBASH> that one I'm evaluating currently ;)
<binBASH> MariaDB has XtraDB as well.
<fidelix> Could you people please help me with this error?
<fidelix> http://www.anbient.net/
<jetole> blazing fast is a catch word though, blazing fast usually means not ACID compliant since it often removes transactions
<binBASH> fidelix: Sorry, don't speak spanish?
<jetole> binBASH: ah it's based on InnoDB
<jetole> I like InnoDB
<binBASH> Well using MyISAM atm
<jetole> yeah MyISAM is not ACID
<Tohuw> Best practices/opinion question for an Ubuntu webserver: /etc/adduser.conf: USERGROUPS=yes or no?
<binBASH> but table sizes is an issue now ;)
<jetole> what size tables?
<fidelix> How do i redirect everything under anbient.net* to http://anbient.net/ ?
<binBASH> jetole: We have tables with 4,1 Mio rows
<binBASH> no wrong
<binBASH> :D
<binBASH> 280 Mio. Rows
<jetole> thats a lot
<binBASH> Joins and Group By are becomming show stopper........
<jetole> our largest is 29 mil
<jetole> binBASH: what about partitions
<fidelix> Does nginx have an Admin Interface?
<binBASH> fidelix: no
<fidelix> hmm.. ok.
<jetole> binBASH: partitions can help but still, I would advise against MyISAM for large scale corporate sites
<binBASH> jetole: Going to shard the data in future, but atm we need a solution to not change the application a lot.
<jetole> binBASH: also, make sure you have disk space, InnoDB can use a lot more for the same files and XtraDB is based on InnoDB so probably the same
<Guest54693> I am trying to find something on suexecusergroup.  I have looked at the basic document page, but I cannot figure out the context of where it is used.  I put together a bunch of virtualhost stanzas to replace my old directory stanzas, but I am getting a cgi exec privilege problem now.
<jetole> binBASH: I meant mysql vertical partitions
<jetole> Guest54693: you should fix that then
<Tohuw> Best practices/opinion question for an Ubuntu webserver: /etc/adduser.conf: USERGROUPS=yes or no? (In other words, should I force new user john to belong to a group called john. Is there any compelling reason why I can't have him just be added to the standard users group?) It's probably worth noting that I use UserDir public_html
<Guest54693> I am talking about apache2 specific cfg specific to Ubuntu server.
<axisys> we are running lucid server on sun fire x2250 .. is there a way to find out, short from installing ubuntu, if ubuntu server will run on x2270 m2? it is not listed in certified hardware list here http://webapps.ubuntu.com/certification/make/Sun/servers/
<binBASH> jetole: We're currently changing App so it can horizontally scale out
<binBASH> however it will be a lot work for db things.
<Guest54693> tohuw:  Is that something I should look up?  I just emailed the not to myself so I can do so at work...?
<Guest54693> Tohuw:  Is that something I should look up?  I just emailed the not to myself so I can do so at work...?
<Tohuw> Guest54693: I more or less got the answer I was looking for in #httpd, but thanks
<Guest54693> Tohuw:  Okay, I was trying there too last night.  Thanks.  I gotta quit and I'll start again on #httpd at work.  Thank you.
<binBASH> jetole: we expect more than 1 Bio Rows / Table
<ttx> mathiaz: o/
<arvind_khadri> hi, anyone who has used sogo here?
<uvirtbot> New bug: #614393 in antlr3 (main) "[maverick] antlr3 3.2-4 FTBFS due to missing deps in main" [Undecided,Confirmed] https://launchpad.net/bugs/614393
<mathiaz> ttx: hi
<mathiaz> ttx: I've switched networks and haven't any questions
<ttx> mathiaz: you still have 1 TODO and 2 INPROGRESS against alpha3
<ttx> mathiaz: could you review them , mark DONE or POSTPONED ?
<mathiaz> ttx: yop
<arvind_khadri> Hi, when I have dovecot running, its address will be localhost:143 ??
<Tohuw> is the pwd for adduser.local automatically the user's home directory, or do you have to set it as so? And if it has to be set, how do you tell it to change to that users homedir?
<fidelix> Anyone knows why one could get white pages with nginx and php-fpm?
<Daviey> hey hggdh, Are you  alive?
<mathiaz> ttx: WI updated
<ttx> mathiaz: cool, thanks !
<ttx> and happy start of beta subcycle !
<mathiaz> ttx: hein - what? already??
<ttx> We are late already ! http://people.canonical.com/~pitti/workitems/maverick/canonical-server-ubuntu-10.10-beta.html
<SpamapS> ttx: feeling better?
<SpamapS> ttx: don't blame me, I'm at 14%!
<Ganymede> Does anyone know a good long-running bandwidth monitor with an HTTP frontend for creating graphs of usage for, say, over a month for an Ubuntu router? I was looking at vnstat but it looks like it needs a PHP-based webserver also running. I was hoping for something self-contained that contains its own built-in webserver for the HTTP frontend.
<zul> catci, munin, mrtg
<Ganymede> Thanks, I'll look at those one by one.
<qman__> Ganymede, pretty much anything you choose is going to require a separate web server
<Ganymede> I think I'll skip cacti though, it looks heavyweight.
<MTecknology> I'm trying to do this -> start-stop-daemon --start --chuid "kalliki.com" --exec /usr/bin/env -- - USER="kalliki.com" PATH=/usr/bin PHP_FCGI_CHILDREN=0 PHP_FCGI_MAX_REQUESTS=500 php-cgi -b /tmp/phpcgi-kalliki.com.socket
<MTecknology> I'm getting the error -> start-stop-daemon: Unable to start /usr/bin/env: Permission denied (Permission denied)
<qman__> I use vnstat with the PHP frontend
<MTecknology> This works perfect in my dev box - any idea why it won't on my production box?
<SpamapS> MTecknology: thank you, for doing crazy stuff, so we can all learn. ;)
<SpamapS> Ganymede: munin is light weight, but it won't scale past 100 or so devices to query
<hggdh> Daviey: sorry, was sort of off for a while
<SpamapS> zul: server team should subscribe to rrdtool bugs, shouldn't we?
<Ganymede> SpamapS: Thanks, I was leaning towards munin currently. I only have about five devices though.
<MTecknology> SpamapS: learn what?
<zul> SpamapS: probably yes do we maintain it?
<SpamapS> zul: no.. "Ubuntu Development" maintains it. But seeing as it is a cornerstone of munin.. which we do maintain..
<zul> SpamapS: yeah go ahead and add it
<SpamapS> actually I guess technicall Ubuntu Development handles munin
<SpamapS> zul: I cannot
<zul> SpamapS: gah
<SpamapS> It does have 3 untriaged bugs..
<SpamapS> and today is my triage day..
<SpamapS> so maybe we can add it Monday? ;-)
<Enrique2010> Hello People. I run Ubu_Server_10.04 and installed PostgreSQL 8.4 with apt-get. PostgreSQL installation seems OK, since I can login locally as "postgres" and change my password, and log in later with the new password. I disabled the Ubu_Server_10.04 firewall with "sudo ufw disable". I can ping my Ubuntu Server from my desktop machine. But I can't make PgAdmin III on my desktop machine, connect to my PostgreSQL on my Ubuntu S
<Enrique2010> When I run "nmap ip_of_ubuntu_server -p 5432" then nmap tells me "5432/tcp closed postgresql". So nmap tells me the 5432-port on my server is closed, but the firewall of the server isn't enabled ?! I think that blocks PgAdmin III on my desktop to connect to my server. Any idea's ? (I'm not super technical.)
<zul> SpamapS: my web browser says done, but all the new bugs will show up on monday anyways so yeah thanks
<zul> SpamapS: bitch ;)
<SpamapS> ;-)
<zul> Enrique2010: postgresql only listens to localhost by default so you will have to check the postgresql documenation to make it listen to an ip address as well
<Enrique2010> zul: I did adapt the setting "listen_addresses = '*' " so he should listen to all ip-adresses
<zul> Enrique2010: did you restart postgresql
<Enrique2010> zul: I did
<Enrique2010> zul: with " sudo /etc/init.d/postgresql-8.4 restart "
<zul> Enrique2010: you might want to check the postgresql channel
<Enrique2010> zul: good idea ! will do, thx !
<Daviey> hggdh: Hey!  Just to let you know, if you are planning to do some UEC testing, my devel PPA has the latest upstream snapshot
<SpamapS> Daviey: I sent you a merge proposal with munin capabilities for eucalyptus... I think we'll still need to have munin build an html page special just for eucalyptus, but thats easy.
<SpamapS> can somebody please do a noop rebuild of pgadmin3  bug #610975
<uvirtbot> Launchpad bug 610975 in server-papercuts "Can not start pgadmin3" [High,Confirmed] https://launchpad.net/bugs/610975
<SpamapS> bonus, its a server papercut, so you can use it as a shield for ttx's lazer stare.
<wieshka> NEED HELP: after install of ubuntu-server 10.04 i got HDIO_GET_IDENTITY failed fro '/dev/sda' also for sdb .... installed RAID 1 + LVM
<MTecknology> Something is really screwed up :(
<ttx> SpamapS: did you confirm it was happening in maverick ?
<ttx> for lucid it's slightly more complex as we need to coordinate with the fate of wxwidgets2.8 in -proposed
<SpamapS> ttx: I've never been able to reproduce it.
<ttx> looking at the bugs that sent it to -proposed it might not solve the issue there
<ttx> $if it's reverted, then we should NOT do a noop rebuild :)
<uvirtbot> New bug: #286592 in rrdtool "No graph with a stream of constant negative numbers" [Low,Fix released] https://launchpad.net/bugs/286592
<ttx> We could do the noop rebuild for the mavreick package though. I'm just unsure it applies to that one as well.
<wieshka> anybody ? NEED HELP: after install of ubuntu-server 10.04 i got HDIO_GET_IDENTITY failed fro '/dev/sda' also for sdb .... installed RAID 1 + LVM
<ttx> I linked that bug from the wxwidgets2.8 bugs, so that theur fates are linked in -proposed
<SpamapS> ttx: right, so there are people out there running lucid-proposed ?
<ttx> apparently most of the commenters on that bug
<SpamapS> I wish they'd just say that. ;)
<ttx> SpamapS: they apparently prefer rto say "could someone just upload the deb to the sever"
<ttx> ok, time to eow
<hggdh> Daviey: great! I will update the packages and get on it
<Daviey> hggdh: super!
<Daviey> hggdh: I'm gonna try to go afk for a bit.. If you have some news, it might be good to email it directly to the mailing list :)
<wieshka> hmmmm after install of ubuntu-server 10.04 i got HDIO_GET_IDENTITY failed fro '/dev/sda' also for sdb .... installed RAID 1 + LVM
<wieshka> any ideas ?
<jimcooncat> If I install UEC in my office, does that give me fault tolerance on storage or services?
<pmatulis> wieshka: does the machine boot ok?
<SpamapS> jimcooncat: UEC doesn't reall address "fault tolerance"
<karlhunt> I have no minimal install option (under f4) on the iso I just downloaded. Do I need a specific version?
<wieshka> pmatulis: it is while booting
<wieshka> booting hangs up
<wieshka> so - no - it isnt booting correctly
<lucenut> I installed Eclipse in my ubuntu and am trying to create a new "project", but I can't browse to my windows shares on the server from the New Project wizard.
<SpamapS> jimcooncat: UEC provides a way to spawn virtual hosts, but the machine they run on must use traditional methods to achieve fault tolerance.
<lucenut> In a File Browser I can go to the windows shares.
<wieshka> pmatulis: i have to reinstall ?
<wieshka> or i can do something from rescue mode to fix this problen
<jimcooncat> SpamapS: thanks. I was hoping it was a simple way to avoid drbd/heartbeat/etc.
<pmatulis> wieshka: many people, including myself, see such a msg on bootup.  your boot fails however.  so the failure may be due to something else
<jimcooncat> SpamapS: Are there any use cases for in-house UEC setups? I love to read about what it CAN do for people
<uvirtbot> New bug: #344096 in rrdtool (main) "library for rrd develop" [Undecided,Fix released] https://launchpad.net/bugs/344096
<Tohuw> i've got an ubuntu server running apache. if I wanted to be able to make my own zone files, so that I could take mydomain.com and point it to ns1.myserver.com or so, would I use BIND9 for that?
<jimcooncat> ... other than being able to say, "I got a cloud in my basement". )
<pmatulis> wieshka: enter GRUB2 menu and remove 'splash, quiet' from the kernel boot options
<pmatulis> wieshka: you can also put in 'debug' to get more information
<wieshka> i will give a try
<pmatulis> wieshka: where are you from anyway?
<wieshka> latvia
<pmatulis> wieshka: ok
<pmatulis> wieshka: my name is Lithuanian
<wieshka> :)
<pmatulis> wieshka: but i don't speak the language
<SpamapS> jimcooncat: I know a previous employer of mine is currently evaluating it for use to spawn automated testing clusters.
<wieshka> brother :)
<pmatulis> wieshka: canada here
<jimcooncat> Tohuw: it's a possibility. Most people I know use third-party name servers, such as those provided by their registrar or ZoneEdit
<SpamapS> jimcooncat: so their QA people can spawn a cluster with one of every type of server they need, deploy their latest features/fixes/etc. to it, then run automated tests, then tear the whole thing down again.
<Tohuw> jimcooncat: yeah, I just like centralizing that management, so I can quickly add mx and A records and such
<wieshka> pmatulis: - the same again
<wieshka> maybe try recovery mode ?
<jimcooncat> SpamapS: Thanks. I've been trying to figure out why anyone would want it for a while
<hggdh> Daviey: new dependency for Eucalyptus: tgt (in main)
<SpamapS> jimcooncat: its especially attractive in that sense if you are already using Amazon EC2, as the API is the same.
<MTecknology> root@li35-54:~# chroot /jail /bin/bash
<MTecknology> /bin/bash: relocation error: /bin/bash: symbol memset, version GLIBC_2.0 not defined in file libc.so.6 with link time reference
<MTecknology> Any ideas what I can do to fix that?
<MTecknology> I just wiped my whole system
<SpamapS> MTecknology: how did you build /jail ?
<MTecknology> SpamapS: ya
<jimcooncat> Tohuw: I believe you may need to have two static IP's to do proper nameservers, but I'll defer to those here who know more about it
<wieshka> looks like something is really wrong with my software RAID
<hggdh> Daviey: weird. tgt *is* installed, and still I got a failure to start. I wonder if, on upgrade, we are starting the components at the right time
<wieshka> ... going to resintall
<Tohuw> jimcooncat: yes, I have two. I'm perusing https://help.ubuntu.com/9.10/serverguide/C/dns-configuration.html, this seems to be what I want
<uvirtbot> New bug: #388700 in rrdtool (main) "rrdgraph: filename in imginfo param is incorrect" [Low,Fix released] https://launchpad.net/bugs/388700
<pmatulis> wieshka: were you asked to activate raid during the install?
<wieshka> yes
<wieshka> i pressed yes
<pmatulis> wieshka: it could be that there is some fakeraid metadata residing on your drives
<wieshka> hmmmm hardware RAID i already disabled
<wieshka> pmatulis:  can i fully format HDD's with busybox ?
<wieshka> like from factory - with no any data
<wieshka> so then split in two parts
<wieshka> set up raid 1
<wieshka> and then set up LVM
<pmatulis> wieshka: enter BIOS, enable RAID, then delete all RAID array info
<pmatulis> wieshka: right now it's disabled but the metadata remains, installer gets confused
<wieshka> so then i will have a hardware RAID
<wieshka> ?
<Daviey> hggdh: interesting...
<Daviey> hggdh: That Depends was also in Maverick A3... so i'm sorta confused.
<wieshka> pmatulis: ok - now i am really confused
<wieshka> :D
<jimcooncat> wieshka: I'd guess the answer is no, it's a software raid
<hggdh> Daviey: I was wrong, it is a different error
<hggdh> it is a 'sudo' error. Rebooting now
<wieshka> so - i have to enable hardware raid in bios
<wieshka> and delete software array data ?
<zul> SpamapS: if a bug is fixed released then you dont have to set the priority....one extra step you dont have to do :)
<jimcooncat> wieshka: am I understanding you want to RAID 1 two partitions of the same drive?
<wieshka> aha
<wieshka> one as swap
<wieshka> seond as LVM
<wieshka> and then LVM partition tables
<wieshka> .... i splited both HDD in two partition, 20 Gb as swap, 400+ as data
<SpamapS> zul: I like to be complete. ;)
<wieshka> both paired as RAID 1
<wieshka> then on RAID interface i setted up LVM
<wieshka> and then in one volume group added 8 partitions
<wieshka> 6 ext4
<wieshka> 2 xfs
<wieshka> so whats wrong ?\
<wieshka> correction - in volume group i added 8 logical volumes
<wieshka> so where is the problem/whats wrong ?
<pmatulis> wieshka: you disable the fakeraid after deleting all arrays
<wieshka> eem, what is fakeraid ? :)
<wieshka> sorry, unslept night so my brain is already fucked up
<wieshka> but i have to finish server today :)
<pmatulis> wieshka: it's the raid you are configuring in BIOS, however you may have real h/w raid which i doubt since you are originally using s/w raid
<wieshka> so now i have to do what ? stay disabled hardware raid
<wieshka> or enable it ?
<pmatulis> wieshka: again, enter BIOS, enable RAID, delete RAID array/info, disable RAID
<wieshka> and the s/w raid will work for me ?
<wieshka> ok i will give a try
<pmatulis> wieshka: right, give it a try
<wieshka> pmatulis: i have SATA 1 & Sata 2 each has primary and secondary chanell (in BIOS) - what i have to enable ?
<uvirtbot> New bug: #327920 in rrdtool (main) "Wrong "last updated time" with option "--start 0" on 64bit Ubuntu Hardy" [Low,Fix released] https://launchpad.net/bugs/327920
<pmatulis> wieshka: there should be a central RAID config somewhere.  it could be that you do not have fakeraid RAID at all.  this is just an idea
<wieshka> option in BIOS
<wieshka> is nVidai RAID
<pmatulis> wieshka: bingo
<wieshka> what exactly is bingo ? :)
<pmatulis> wieshka: "loto"
<jpds> nvidia RAID sounds like a nightmare
<wieshka> why ?
<pmatulis> jpds: it's extremely common fakeraid
<wieshka> pmatulis:  so what to do now ?
<pmatulis> wieshka: was there an existing array?
<wieshka> question: if i will fully format hdd and reinstall my OS i will have the same problem ?
<wieshka> pmatulis: i cant still boot
<wieshka> with h/w raid enabled also
<uvirtbot> New bug: #414010 in rrdtool "rrdtool .pot template is missing, existing .po files not imported" [Low,Confirmed] https://launchpad.net/bugs/414010
<wieshka> only rescue mode from cd
<pmatulis> wieshka: i said you need to disable it
<wieshka> it was all the time disabled
<pmatulis> wieshka: was there an existing array?
<wieshka> no there wasnt
<pmatulis> wieshka: you enabled it and looked?
<wieshka> i enebled and tried to boot
<pmatulis> sigh
<wieshka> the same error
<pmatulis> wieshka: disable it i said!
<wieshka> ia have it disabled it!
<wieshka> :)
<wieshka> and error is back
<pmatulis> wieshka: when you enabled it and looked, there was no array defined?
<wieshka> correction - there is still error
<wieshka> aha
<hggdh> <sigh/>. Now eucalyptus runs 'sudo'.
<pmatulis> when i do 'apt-get -f install' i get no actions suggested (good) but when i do the same with aptitude the suggested action is to install libjs-jquery.  this is fresh karmic vm that has been immediately upgraded to lucid
<SpamapS> pmatulis: I believe aptitude uses different rules to try and resolve dependencies.
<zul> SpamapS, can you do me a favor? can you fix #564920 for maverick and do the SRU for lucid please?
<MTecknology> GAH!
<MTecknology> Now I can't start mysql
<MTecknology> I'm rebuilding the server and trying to restore from backups
<SpamapS> uvirtbot: hey he said #564920
<uvirtbot> SpamapS: Error: "hey" is not a valid command.
<MTecknology> bug 564920
<uvirtbot> Launchpad bug 564920 in php5 "PHP5 under Apache2 on 64 bit system is not completely 64 bit " [Low,Confirmed] https://launchpad.net/bugs/564920
<MTecknology> woohoo, it's running :S
<MTecknology> kinda
<MTecknology> no errors from start mysql
<SpamapS> zul: I already fixed that one. Last night, right before I launched my space ship that took me to school where I forgot my homework and my pants.. oh wait..
<MTecknology> also not listed in top
<zul> SpamapS: dude layoff the crack :)
<SpamapS> zul: I can't.. its .. so.. good
<pmatulis> who is in charge of the uvirtbot? soren?
<pmatulis> disregard
<Pici> pmatulis: yes. (according to https://wiki.ubuntu.com/IRC/Bots)
<pmatulis> Pici: k
<MTecknology> You guys have any idea how I could fix this error? http://dpaste.com/225691/
<MTecknology> It's on a fresh system
<MTecknology> It works fine in my development environment - but not in my new system
<elms> was wondering if someone could help me with an interesting problem, i also need a good tool like windows7 resource monitor which might help a lot
<elms> i'm using wine on ubuntu server with XFCE and tightvnc as a viewer, but if i close the viewer my windows programs are no longer able to access any files on a truecrypted encrypted drive
<elms> any advice would be appreciated
<SpamapS> :q
<SpamapS> haha
<SpamapS> vi strikes again
<hggdh> Daviey: for your joy, we now have bug 614488 (which is no big deal, but we will have to fix it)
<uvirtbot> Launchpad bug 614488 in eucalyptus "Eucalyptus should not run 'sudo'" [Undecided,New] https://launchpad.net/bugs/614488
<mina> hi, I want to configure dav_svn module to allow only https access, allow anonymous read-only access on some dirs and require login for others. anyone can help?
<mina> anyone can help?
<elms> i think most are afk, i asked a question about 20mins ago
<Dark-Sun> hi every1
<Carleas> How/where do I add rules to iptables to allow DNS?
<Dark-Sun> can an ubuntu enterprise cloud used as a HPC?
<remix_tj> Carleas: only using iptables?
<remix_tj> and DNS in input or output?
<Carleas> Well, using bind, but letting the DNS requests through.
<Carleas> I'm not sure about input or output.  I'm setting up a primary, and I'll need to do zone transfers
<uvirtbot> New bug: #614488 in eucalyptus "Eucalyptus should not run 'sudo'" [Undecided,New] https://launchpad.net/bugs/614488
<elms> Carleas: you can use a program like Firewall Builder or FireStarter to help make rules
<elms> i've messed with both firestarter is pretty basic and fwbuilder is pretty robust
<Dark-Sun> can an ubuntu enterprise cloud host a HPC cluster?
<Carleas> I've already got iptables installed, but it's set up to deny everything that isn't ssh and www.  It's also integrated with fail2ban, so I'd rather not install a different firewall setup.  I know I need to allow requests to or from port 53, and using both tcp and udp, but I don't know how to do that.
<ScottK> Carleas: Same way you allowed ssh except on a different port.
<Dark-Sun> ScottK: do u mean sth like this: euca-authorize default -P tcp -p 22 -s 0.0.0.0/0
<ScottK> I'm not familiar with that tool, but it sounds likely.  Just port 53 and do both UDP and TCP.
<MTecknology> thesheff17: Help :(
<GeekSquid> So I installed UEC, and completly Borked my system, currently running via live disk and chrooted into my drive, ... what is the best method of reversing what eucalyptus and UEC have done to make my machine unbootable... not even in recovery mode,
<Carleas> Thanks ScottK, that put me on the right track for INPUT.  I added it with "sudo iptables -I INPUT 7 -p udp --dport 53  -j ACCEPT".  But I probably need and OUTPUT rule too, right?  will the same rule work on a different chain?
<ScottK> I don't recall and don't have time to check.  Probably not.  You will want to allow TCP too.
<elms> can anybody help me with my wine problem?
<elms> i'm using wine on ubuntu server with XFCE and tightvnc as a viewer, but if i close the viewer my windows programs are no longer able to access any files on a truecrypted encrypted drive
<thesheff17> MTecknology: whats up?
<MTecknology> thesheff17: I tried mvoing this jail to production
<MTecknology> thesheff17: http://dpaste.com/225726/
<MTecknology> thesheff17: I'm hoping I don't get fired - but basically all auth winds up like that - nothing is working right
<MTecknology> thesheff17: I'm kinda in deep doo doo right now and if you can please possible help me, I'd love you for life
<thesheff17> so all the users are like that?  do the permissions of bin/bash match the permissions of bin/bash
<thesheff17> inside the chroot?
<thesheff17> basically it looked like that user ins't able to execute bin/bash
<MTecknology> thesheff17: I'm trying to ssh in as a user that shouldn't be jailed
<thesheff17> MTecknology: so the users not in the chroot are also having the same problem?
<MTecknology> thesheff17: yup
<thesheff17> even root?
<thesheff17> my bin bash looks like this: -rwxr-xr-x 1 root root 934336 2010-04-18 21:16 /bin/bash
<thesheff17> try to use a different shell like /bin/sh
<thesheff17> and see what happens.
<MTecknology> thesheff17: root is the ONLY user that works
<thesheff17> also I would check your /etc/passwd and /home/jail/etc/passwd files and make sure everything looks ok
<MTecknology> it does look ok
<MTecknology>  /bin/bash looks ok too
<thesheff17> so /home/michael in side the chroot or no.  I would check ls -la /home/michael
<MTecknology> no, it's not
<MTecknology> it shouldn't be either
<MTecknology> drwxr-xr-x 2 michael michael 4096 2010-08-06 18:48
<thesheff17> ok as root do chown -R michael:michael /home/michael
<MTecknology> root@insto:/home# su - michael
<MTecknology> Unable to cd to '/home/michael'
<MTecknology> I did that too
<thesheff17> hmm...
<MTecknology> root@insto:/home# su - kalliki.com
<MTecknology> Unable to cd to '/jail/./home/kalliki.com'
<fidelix> I'm getting 404 how do i clean nginx's cache?
<fidelix> sorry, i'll write again
<fidelix> How do i clean nginx's cache?
<thesheff17> it says /jail/ isn't it should be /home/jail/ or no?
<MTecknology> thesheff17: no
<Daviey> hggdh: Whilst you are testing Depends vs Recommends, can you try removing open-iscsi please?
<MTecknology> thesheff17: this is working perfect in my dev box - I can't see anything different
<thesheff17> MTecknology: adding a new user have the same problem? I'm not sure if it is bin/bash giving the problems or permissions.
<hggdh> Daviey: give me 10 min, a test is finishing
<Daviey> hggdh: no hurry :)
<MTecknology> thesheff17: it's not bash that's the issue
<thesheff17> MTecknology: the error is mis leading
<hggdh> Daviey: lovely... new revision, new issues. But perhaps I am getting cynical
<Daviey> hggdh: We are at the peak of the hill :)
<hggdh> Daviey: *now* am I worried
<Daviey> hggdh: Nah.. we can ski down the other side... easy going :)
<thesheff17> you aren't running selinux are you?
<MTecknology> no
<MTecknology> thesheff17: Could not chdir to home directory /home/michael: Permission denied <-- this is the part that's muffed - but I have no idea how
<thesheff17> MTecknology: how about creating a new user...same problem?
<MTecknology> thesheff17: yup
<thesheff17> I see tons of stuff pointing to selinux
<MTecknology> libselinux1 is the only selinux package installed
<MTecknology> that's a default package
<MTecknology> thesheff17: wanna join me?
<thesheff17> sure
<hggdh> Daviey: oooh, cool, 'stop eucalyptus now seems to stop the -publication also
<hggdh> Daviey: OTOH, 'start eucalyptus' did *not* start the -publication :-(
<fidelix> whats the best way to visually manage Bind?
<hggdh> Daviey: I purged open-iscsi and open-iscsi-utis, then restarted the beast. Comes up nicely (except the - publications)
<CppIsWeird> i have grails in a folder, and it doesnt install like everything else, where is the logical place to put it in the filesystem? /bin, /usr/bin?
<pmatulis> CppIsWeird: /usr/local/bin or /opt/grails/bin
<MTecknology> thesheff17: you still around?
<CppIsWeird> and when it asks me to "Set GRAILS_HOME environment, it means $GRAILS_HOME = /path/to/grails, EXPORT GRAILS_HOME in my profile file right?
<incorrect> weird i can't connect to my tftpd server
<incorrect> i wonder if its an apparmour thing
<fidelix> Guys, for the love of god, help me with my site, its not accessible by some
<incorrect> what do you think we can do for you?
<fidelix> I dont understand very well how dns's and stuff works.
<incorrect> well get reading
<fidelix> Well, i already did that.
<fidelix> I set my ns1.mydomain.net and ns2.mydomain.net
<fidelix> And i can access it from my pc
<fidelix> But some others cant
<incorrect> what is your domain name
<fidelix> www.anbient.net
<Daviey> hggdh: ok, thanks for your awesome testing
<incorrect> fidelix, seems ok to me, i don't see a www record
<incorrect> but you have an MX record
<fidelix> Can you access the site?
<incorrect> anbient.net has address 184.82.3.64
<fidelix> Exactly.
<incorrect> so if http://anbient.net/ is the site then yes
<incorrect> however the site looks a little broke
<fidelix> how so?
<incorrect> its trying to use http://www.anbient.net/plugins/system/pc_includes/ajax_1.3.js
<incorrect> and like i said there is no www entry
<incorrect> so make one
<fidelix> How do i make one? In alternative addresses?
<fidelix> or is a new A record?
<incorrect> yes an A record
<incorrect> clearly you haven't read anything
<fidelix> done.
<Guest68980> I need help with the newest version of UbuntuServer's Apache2 behavior, as it is precluding me from doing certain kinds of file accesses nicely.  I tried setting it up with suexec to get access to SUExecUserGroup, but the Directory usage of the latter directive is not in the standard install.
<incorrect> damn you tftp
<uvirtbot> New bug: #614550 in postfix (main) "Invalid warning do not list domain domain.com in BOTH mydestination and virtual_mailbox_domains" [Undecided,New] https://launchpad.net/bugs/614550
<jdstrand> lamont: hey. in the interest of time I uploaded the following debdiff to Ubuntu http://people.canonical.com/~jamie/bind9_9.7.1.dfsg.P2-2ubuntu1.debdiff
<jdstrand> lamont: that can be merged into 1:9.7.1.dfsg.P2-3 (or later) whenever you want
<jdstrand> lamont: it updates the apparmor profile to pull in a local include (that is not a conffile), makes sure to remove some stuff on purge and cleaned out all the old apparmor bind9.preinst upgrade logic (no longer required)
<jdstrand> lamont: now, I did upload a new debhelper today with dh_apparmor that could clean it up even more, but you won't be able to use that in Debian until they get apparmor and I push that change there
<jdstrand> lamont: if you are interested in a patch using that, let me know
<fidelix> Guys, check if you can access www.anbient.net
<elms> i can't get to it
<SpamapS> heh.. I just typed 'ack awk'
<fidelix> elms, you get a white page or what?
<SpamapS> jdstrand: curious, is there a reason you aren't documenting these things in bug reports?
<jdstrand> SpamapS: it is in a blueprint and we aren't frozen so I wasn't thinking about bugs
<jdstrand> I suppose I could have...
<incorrect> if i stop apparmor will that remove any security it might have put in place?
<jdstrand> incorrect: it will unload the profiles, yes
<incorrect> hmm well that can't be why i am getting tftp transfer problems
<jdstrand> incorrect: check dmesg and 'sudo aa-status' to see if AppArmor is blocking it. that said, tftp doesn't ship with a profile by default, so it shouldn't be aa anyway
<incorrect> i couldn't see one so i am sure its not that
<incorrect> my files are owned as root so that is ok too
<incorrect> i don't really want to have to do a tcpdump
 * incorrect goes to beat his head against the wall
<incorrect> doh
<incorrect> rule 1, do not try and pxe install on a friday at 9pm
<incorrect> because you will waste time with the wrong ip address
<SpamapS> jdstrand: Really just curious, as I tend to look at everything as bugs or merge proposals. :)
<lamont> jdstrand: less forked is better, imo.  one source to rule them all
<lamont> and sounds good
<jdstrand> cool
<alex88> hi guys..is normal that i'm downloading from de.archive.ubuntu.com at 70kbyte/s?
<guntbert> alex88: try another mirror - maybe its your ISP?
<alex88> i'm on a vps with 100mbit line..i download normally at 10-15mbyte/s, and it's in germany..but it's from days that's like now..
<guntbert> like I said, try another mirror -- if I remember correctly the *.archive.ubuntu.com are not always located in the respective country
<alex88> O.o...oh...well i'll use archive.ubuntu instead..now i've a problem, i'm following this guide https://help.ubuntu.com/community/Postfix
<alex88> it goes everything as expected, but in the testing part, when i telnet localhost 25 i get connection close, second time it doesn't respond..any clue?
<guntbert> alex88: look into the logs of postfix
<alex88> guntbert: sorry, i've re-started using the https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto that's exactly what i wnat..
<alex88> btw, using archive.ubuntu.com still 70k, maybe hoster limit it..
<alex88> in this candidate it says to install mailx, should i use mailutils? mailx has no candidate
<guntbert> alex88: visit http://www.ubuntu.com/getubuntu/downloadmirrors#mirrors  and pick a german one
<alex88> guntbert: i'll do it
<alex88> what about mailx
<guntbert> "mailx" is a virtual package provided by:  mailutils heirloom-mailx bsd-mailx. You must choose one to install.
<alex88> ok, i'll install mailutils :)
<alex88> btw, that's the list of mirror where download cd, not updates
<alex88> in mail command, after typed the letter...to exit?
<alex88> ok, ctrl-d
<CppIsWeird> just for a sanity check, i ran diff -rqd /dir1 /dir2, and it didnt report anything, this means that those directories are EXACTLY the same byte for byte, bit for bit, content and structure?
<CppIsWeird> im confused, i ran the .bin for the java jdk and it just dumped everything in a folder in that current directory. where do i put this and how do i get the system to use it as the default and all that stuff?
<Jordan_U> !java | CppIsWeird
<ubottu> CppIsWeird: To install a Java runtime on Ubuntu, see https://help.ubuntu.com/community/Java. For the Sun Java products and browser plugin, search for the sun-java6- packages in the !partner repository on Lucid (which must be enabled), or !multiverse repository on older releases.
<CppIsWeird> yeah, thats not a java question.
<CppIsWeird> because you could remove java and replace it with any other program and it would be the same question.
<CppIsWeird> oh, sorry, thought you were crucifying me for asking a java question in a ubuntu channel.
<CppIsWeird> forgot for a minute i wasn't in ##java :P
<EvilPhoenix> where's  Apache's config files stored?
<jmarsden|work> EvilPhoenix: Under /etc/apache2/
<EvilPhoenix> okay
<CppIsWeird> hmm, i don't see the sun java under the alternatives
<EvilPhoenix> seems someone who is another admin on my system messed up apache not letting it redir right
<EvilPhoenix> so i'm probly going to need help fixing it
<EvilPhoenix> where can I get that?
<jmarsden|work> That depends on how messed up it is... can you not restore the relevant configs from backups?  This is a server, so you do make backups, right?
<EvilPhoenix> jmarsden|work:  yeah weekly
<EvilPhoenix> and i restored
<EvilPhoenix> but it s not working ...
<EvilPhoenix> whats the command to restart apache
<jmarsden|work> sudo service apache2 restart      # just like you restart any other service :)
<EvilPhoenix> jmarsden|work:  can you get to trekweb.org without errors?
<EvilPhoenix> and without redirs
<EvilPhoenix> thats my site
<EvilPhoenix> the one which wasnt working
<CppIsWeird> so lets say i want to change whatever update-alternatives changes myself, how would i do this?
<jmarsden|work> EvilPhoenix: Seems to work fine, although the page does say "Please excuse our appearance, as we are under maintenance at this time." :)
<EvilPhoenix> yeah that's true
<EvilPhoenix> i have been busy
<EvilPhoenix> ;)
<EvilPhoenix> jmarsden|work:  it used to redir to a different location and deny connections
<jmarsden|work> OK, looks like you fixed it then.
<jmarsden|work> CppIsWeird: Use sudo update-java-alternavives   # for java alternatives :)
<jmarsden|work> CppIsWeird: Use   sudo update-alternatives   # for non-java ones
<CppIsWeird> it doesnt list the java i just installed
<CppIsWeird> so im guessing it wont if i dont install it from a package
<CppIsWeird> so since i didnt how can i manually edit the things that update-alternatives does?
<jmarsden|work> CppIsWeird: Correct.  The Sun JDK is packaged for Ubuntu, so why would you install it from anything else?
<CppIsWeird> call me stubborn
<jmarsden|work> You can manually muck around with symlinks if you really want to, look under /etc/alternatives for some ideas...
<jmarsden|work> But don't ask for any support of anything related to alternatives if you are that "stubborn"
<jmarsden|work> It is *always* preferable to work with your chosen OS, not against it.
<CppIsWeird> how do i find where a symlink points to? symlink command is not found
<jmarsden|work> CppIsWeird: ls -l /path/to/the/symlink
<Ganymede> Hi, I was having some trouble getting munin-node to start up. Here is the message in /var/log/munin/munin-node.log: 2010/08/06-18:33:44 Unsecure host "2001:470:1f07:767::1" at line 359 in file /usr/share/perl5/Net/Server.pm
<Ganymede> I found that message particularly uninformative and Google didn't have much to say about it either.
<Insyte> Can vmbuilder target a device instead of a file?
<jmarsden|work> Insyte: Not sure, try asking in #ubuntu-virt
<Insyte> 10-4
<CppIsWeird> any way that i can get the update-java-alternatives to see the java installation? i moved it in with the others and created a symbolic link, etc.
<jmarsden|work> CppIsWeird: No idea.  Easier and faster and safer to just install Java from a package than to figure that out :)
<MTecknology> thesheff17: You around as much as me?
<MTecknology> jmarsden: Where are you?
<jmarsden|work> At my desk :)
<jmarsden|work> Southern California
<MTecknology> jmarsden: any special nome for that place?
<MTecknology> :P
<CppIsWeird> sudo update-alternatives --install "/usr/bin/java" "java" "/opt/java/32/jre1.6.0_21/bin/java" 1 ;-)
<jmarsden|work> A name for my desk?  "work"?  WHich is why I am using a nick of jmarsden|work :)
<MTecknology> jmarsden: You're a super awesome security guy..
<MTecknology> right?
<MTecknology> jmarsden|work: *
<CppIsWeird> ut-oh. statements like that usually follow with complicated questions
<MTecknology> CppIsWeird: easy question
<MTecknology> complicated answer
<MTecknology> I
<jmarsden|work> MTecknology: If you already know the answer, no need to ask the question :)
<MTecknology> I'm doing web hosting. My company is anyway. I toasted a server. I need to rebuild it. The trick here is how I'm going to rebuild it. I want to host a lot of websites but I need to do it on pretty limited resources. This means Apache isn't going to work. I want to make sure no website can touch another website at all. One option here is to run each php process (all php sites) as a separate user. I can do this easily. In de
<MTecknology> heh.. where did that cut off at?
<jmarsden|work> MTecknology: "I can do this easily. In de"
<MTecknology> I can do this easily. In development I also jail those users so they can't directly access PHP. I don't know if this is the best or not but it takes no extra resources. It breaks my linode though. What I can't figure out though - is how do you limit resources available for a website and/or user and keep them from touching anything else.
#ubuntu-server 2010-08-07
<jmarsden|work> MTecknology: well, one virtual machine per website would be one way do to it with decent separation between each site, but that might blow your budget if you pay per VM.
<MTecknology> jmarsden|work: we do, we pay a lot each
<jmarsden|work> You couldn't lease a single physical server and divide it up into VMs yourselves?  There's a conflict between "make sure no website can touch another website at all" and having them all run on one webserver...
<Fidelix> Guys, i hired a VPS plan from some company. Now, question: Do i need bind?
<jmarsden|work> Fidelix: Only if you want to run yur own DNS server and choose bind for that role.
<Fidelix> Oh, got it.
<MTecknology> jmarsden|work: ya.. I was able to do a pretty decent job with what I had, really the only issue was eating resources with php-cgi running for each user - but the user could (and still can) run any php process. The way I have things now, a logged in user can't even touch the database - only the php process can. But doing it that way doesn't work on linude and i have no idea why.
<Fidelix> So, if i just set my registrar to point ns1.mydomain.com to my domain's ip it'll work automatically, right?
<jmarsden|work> MTecknology: Ask the linode sysasdmins for advice, they know how they do their VMs.
<jmarsden|work> Fidelix: No.  Someone somewhere needs to run a DNS server for your domain.
<Fidelix> oh... so thats the problem.
<jmarsden|work> That can be you, or an ISP, or a dedicated DNS provider, or a friend of yours...
<Fidelix> Know any free ones?
<MTecknology> I use active-domain as my registrar and linode as my dns server
<jmarsden|work> It's been years... granitecanyon used to do free DNS, I think??
<jmarsden|work> MTecknology: Right, generally the VPS provider will do DNS for you.
<Fidelix> well, burstnet wont (i think).
<MTecknology> jmarsden|work: I was just letting Fidelix know what i do - didn't know if it'd help
<jmarsden|work> Makes sense.
<jmarsden|work> Fidelix: Then you can run bind or another DNS server and learn how to configure it, or you can pay someone to run DNS for you.
<jmarsden|work> Fidelix: I have never tried it and so can't say how good they are, but perhaps http://www.zoneedit.com/ would do what you need?
<Fidelix> Thanks
<jmarsden|work> Fidelix: You're welcome.
<Tohuw> Is the @ in a BIND9 zone file just a shortcut for the FQDN the file is for? so like example.com. might have an "@ IN NS ns.example.com.", which is the same as "example.com. IN NS ns.example.com."
<jmarsden|work> Tohuw: Correct.
<Tohuw> jmarsden|work: splendid, thanks
<jmarsden|work> Tohuw: You're welcome.
<uvirtbot> New bug: #614620 in bacula (main) "package bacula-director-mysql 2.4.4-1ubuntu9 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/614620
<MTecknology> thesheff17: ping?
<thesheff17> MTecknology: I
<thesheff17> m' here
<MTecknology> thesheff17: you willing to help me set that dang thing up?
<thesheff17> MTecknology: sure what do you need me to do ?
<MTecknology> thesheff17: I'll rebuild that VM and you can help me setup the jailkit :P
<thesheff17> MTecknology: sure at 8 CST I have to do some homework for school due at midnight :)
<MTecknology> oh
<thesheff17> but I will be around
<MTecknology> that's about 45min
<thesheff17> MTecknology: I still have no clue what would cause that terrible error :(
<MTecknology> thesheff17: me either - maybe working with you we'll know what did it - otherwise it could be an issue with xen
<MTecknology> thesheff17: I think I might do debian 4.0 this time - just for default resource usage
<MTecknology> thesheff17: it's being created
<thesheff17> MTecknology: sounds good.....so executed everything over again with your script and same results so said?
<thesheff17> you said I mean?
<Tohuw> jmarsden|work (or anyone): If I have a "master" domain setup using BIND9 already and the ns records are configured, is adding another domain just a matter of using a similar entry in named.local.conf, substituting the new domain name? Then I just have to make a new db.newdomainname.com file, using similar settings to the old one. Is that right, or is there something different you do for additional domains once the first one is setup?
<MTecknology> thesheff17: last time ya - but now I'm starting fresh again
<thesheff17> MTecknology: k
<jmarsden|work> Tohuw: You have the right idea.  After making those changes either restart bind or else do rndc reload to cause it to reread the config files.
<thesheff17> Tohuw: I think you can even just make it a slave and it replicated all the dns records.
<thesheff17> Tohuw: but yea either way should work
<jmarsden|work> thesheff17: That would be for a second DNS server on a different machine, for redundancy.  Tohuw was asking about adding a new domain to one single DNS server.
<thesheff17> MTecknology: ah ok
<MTecknology> thesheff17: ssh michael@72.14.187.192
<MTecknology> thesheff17: same pass as before
<thesheff17> MTecknology: k i'm in...you want to install screen?
<MTecknology> thesheff17: nevermind... I'm going back to ubuntu....
<thesheff17> MTecknology: haha ok :)
<MTecknology> thesheff17: I'm already too irritated :P
<thesheff17> MTecknology: I don't blame you :)
<MTecknology> thesheff17: :P
<MTecknology> thesheff17: ya.. if I can't 'aptitude update && aptitude install screen' .... there's something to be irritated by :P
<thesheff17> MTecknology: debian complained about that?
<MTecknology> thesheff17: 404
<thesheff17> MTecknology: jeeze :)
<MTecknology> thesheff17: k - go back out there
<thesheff17> MTecknology: k...you start screen under root?
<MTecknology> thesheff17: nope, connect now
<hggdh> MTecknology: out of sheer curiosity -- why not use byobu instead of plain screen?
<MTecknology> hggdh: I'm planningon looking at that soon - once I have time - peak at my latest blog
<MTecknology> seconds to latest
<MTecknology> thesheff17: yay updates :P
<thesheff17> MTecknology: you have a local mirror?  it is really nice
<MTecknology> thesheff17: this isn't a local server
<thesheff17> MTecknology: ah true...wish the datacenters had mirrors :)
<MTecknology> ya :P
<Tohuw> I have a domain, lazarwolf.com. I have it setup at the registrar to point to ns3.constellationmedia.com and ns4.constellationmedia.com. I thought I had these nameservers setup correctly on my server, but I guess not, because if I query lazarwolf.com on www.intodns.com, I get "WARNING: One or more of your nameservers did not return any of your NS records." and pinging lazarwolf.com fails. What am I doing wrong? db.lazarwolf.com: http://
<MTecknology> thesheff17: you watching what I'm doing still?
<thesheff17> MTecknology: yea you want lenny instead of lucid?
<MTecknology> thesheff17: ya, it's smaller - in my dev environment I even trimmed down lenny
<thesheff17> ah ok
<MTecknology> thesheff17: should I reboot after installing this?
<Tohuw> oh, lots of this in syslog: Aug  7 00:23:05 nebula named[28749]: client 192.221.164.189#23409: query (cache) 'www.lazarwolf.com/AAAA/IN' denied
<MTecknology> thesheff17: oh! Does any kernel module come along with this thing either?
<thesheff17> I'm not sure :-/
<MTecknology> thesheff17: I just logged in successfuly - let's reboot and be sure..
<MTecknology> thesheff17: I didn't do that before - maybe it's the ticket :P
<Tohuw> jmarsden|work: I hate to bother you again, but if you get a moment, can you scroll up and take a look at my current issue? I'm a bit lost... new to BIND D:
<jmarsden|work> Tohuw: Let me take a look...
<Tohuw> Thank you, I greatly appreciate it
<MTecknology> thesheff17: k, it's back up
<thesheff17> I'm not sure :-/
<thesheff17> k
<Tohuw> jmarsden|work: here's a tail of syslog that may prove informative: http://pastebin.com/T38KWK9z
<jmarsden|work> Tohuw: whois lazarwolf.com shows that the authoritative DNS servers for that domain are ns3.constellationmedia.com and ns4.constellataionmedia.com.  However both those machines refuse my DNS queries about lazarwolf.com.
<jmarsden|work> Does your bind config file allow everyone to query that lazarwolf.com zone ?
<Tohuw> jmarsden|work: I don't know :( Here it is: http://pastebin.com/QpW3c1zb
<Tohuw> (that's named.conf.local)
<MTecknology> thesheff17: sorry, reconnect to screen
<jmarsden|work> Tohuw: There does not seem to be a config entry for lazarwolf.com in that file at all ... ?
<Tohuw> jmarsden|work: oops! Let me add it back in... >.<
<jmarsden|work> Tohuw: In about ten minutes or so I will have to get back to "real work"... will try to help you until then.
<Tohuw> jmarsden|work: oh awesome it worked that time, though the zone file is still a mess (missing mx and stuff, but that's easy to fix). Now I'm having an apache problem (I think): it's going to the default site, not the lazarwolf.com vhost entry I set. Feel up to assisting me with that?
<jmarsden|work> In 7 minutes? :)  We can try.  Did you set a ServerName and ServerAlias for lazarwolf.com and www.lazarwolf.com in the vhost entry?  Can you pastebin it for me to read?
<thesheff17> MTecknology: you think it is anything to do with using lenny?
<Tohuw> jmarsden|work: the clock is ticking! ;) http://pastebin.com/j4YX7T8N
<MTecknology> thesheff17: that error for apt - yes
<MTecknology> thesheff17: the rest - it's working perfect
<MTecknology> thesheff17: NO explanation of why though
<Tohuw> jmarsden|work: I have a separate vhosts file for each site (because I like utilizing the a2ensite tool), so if you need my default vhosts or my apache2.conf, let me know
<thesheff17> MTecknology: through the reboot fine as well
<MTecknology> thesheff17: yup
<jmarsden|work> Tohuw: The lazarwolf.com one looks fine to me.  I'm seeing a "Hello world" page when I browse to http://lazarwolf.com, is that your default vhost?
<Tohuw> yes
<MTecknology> thesheff17: it's perfect as far as i can see.....
<jmarsden|work> OK.  But there are other working vhosts on the machine?  Or is the lazarwolf.com one the only 'real' vhost so far?
<thesheff17> MTecknology: yea everything you did looked good?  not sure what happened with the other
<thesheff17> hehe not a question.
<thesheff17> MTecknology: you think it has to do with moving over the other home dirs?
<jmarsden|work> Tohuw: I'm wondering if virtual named hosts are enabled for the IP address concerned?  Looks like an issue of that sort, but I'm guessing and about out of time for now...
<Tohuw> jmarsden|work: http://lazarwolf.com/~lazarwolf/ (mod_userdir is on) works, this is where lazarwolf.com is supposed to be pointing. There is another site running, http://projects.constellationmedia.com. And actually, that's where that hello world is from... hmmmm
<Tohuw> jmarsden|work: understood. I'll research virtual named hosts
<MTecknology> thesheff17: it could.. then I'll find out..
<jmarsden|work> Tohuw: OK, sorry to run away but... real work is what I get paid for, and why I am still at work at 6pm local time :)
<Tohuw> jmarsden|work: completely understood... reading http://httpd.apache.org/docs/2.2/vhosts/name-based.html now
<jmarsden|work> Tohuw: OK.  I may be back here from home as jmarsden in a couple of hours... but hopefully you'll have it all working before that.
<Tohuw> hopefully! thanks again :)
<jmarsden|work> Tohuw: You're welcome.
<thesheff17> MTecknology: also I would check what you ran to move your users over when you do that.
<thesheff17> MTecknology: to the chroot
<thesheff17> MTecknology: not you don't already know that :)
<MTecknology> thesheff17: same thing I used to more testuser1 :P
<MTecknology> cd /home/ && for i in *.*; do jk_jailuser -m -j /jail -s /bin/bash -$i; done
<MTecknology> thesheff17: each web user has a period in the username - no others do
<thesheff17> MTecknology: ah ok
<MTecknology> thesheff17: http://dpaste.com/225836/
<MTecknology> thesheff17: it didn't like profarius.com
<MTecknology> thesheff17: but... I can still log in
<MTecknology> thesheff17: I'm gonan reboot and see how long my luck lasts
<thesheff17> MTecknology: k
<MTecknology> thesheff17: I want to know what it wasn't working - but at the same time I care very little right now.. it's working...
<MTecknology> yay
<thesheff17> nice
<thesheff17> MTecknology: you are running it inside xen right? can you take snapshots of your image in case it breaks again and then you can at least roll back to that moment in time.
<MTecknology> thesheff17: no :(
<thesheff17> MTecknology: ug...that is why I like kvm and virt-clone :-/
<MTecknology> thesheff17: I could do it if i had posession of the host
<MTecknology> thesheff17: ......
<MTecknology> YES!
<thesheff17> working good?
<MTecknology> thesheff17: yuppers - flawless
<MTecknology> thesheff17: now to move all DNS back and touch up settings and crap
<thesheff17> good to hear...hopefully that problem was just a fluke :)
<MTecknology> thesheff17: ya, one that only happened twice
<tschundeee> how do I add a user to sudoers?
<tschundeee> adduser username admin doesn't work
<tschundeee> I get: adduser: The group `admin' does not exist.
<tschundeee> wtf?! has that changed in 10.04 server?
<MTecknology> thesheff17: usermod -a -G sudo USER
<MTecknology> thesheff17: cat /etc/group
<MTecknology> tschundeee: **
<tschundeee> MTecknology: thx
<tschundeee> that worked well :)
<tschundeee> when I do sudo su with my user I get: sudo: "unable to resolve host myhostname" and then I get su o_O
<tschundeee> whoa guys ubuntu server is so great!!! I love it
<tschundeee> :D
<MTecknology> tschundeee: get it?
<tschundeee> MTecknology: jupp ... my /etc/hosts was a little mess
<gfx0> hi there
<MTecknology> g'day
<gfx0> I've assembled a nice little NAS, currently running on ubuntu. Any Ideas what services I should install beside samba, ftp and ssh?
<MTecknology> oh...
<MTecknology> I get what that emergency sync is now...
<gfx0> emergency sync?
<jmarsden> gfx0: Making sure everyone has an emergency at *exactly* the same time? :)
<jmarsden> gfx0: You could probably run ntp so it acts as a time server for your local LAN.
<MTecknology> gfx0: sorry, wrong channel
<MTecknology> jmarsden|OffWork: HI!
<jmarsden> MTecknology: Hi.  Yes, I'm at home now, but that's my default location, so I'm plain jmarsden :)
<MTecknology> jmarsden|plain: oh, ok :)
<MTecknology> jmarsden: :P
 * jmarsden should probably learn the quassel approach to IRC use, but xchat works fine
<MTecknology> jmarsden: I use irssi :) - I just wanted to have some fun
<MTecknology> very very VEERRRY crappy day
<jmarsden> MTecknology: Understood.  I hope the misery was not caused by Ubuntu -- if it was, file a bug :)
<MTecknology> jmarsden: nah - it had to do with a combination of black magic mixed with white hope and unicorn souls were needed
<MTecknology> jmarsden: in short... I know what broke - but I don't knwo how or why
<jmarsden> OK... I don't have any spare unicorns you can sacrifice, I'm afraid :)
<axisys> i am pretty sure it will.. but is there a way to check if debian will run on sun x86 x2270 m2 with 2 Intel 2.40GHz Quad-Core Xeon E5620 and Dual 10-Gigabit Ethernet SFP+ LP
<axisys> i meant ubuntu*
<jmarsden> axisys: Stick a LiveCD in the machine and press the reset button? :)
<axisys> i guess as long as I use latest kernel I should be good
<axisys> http://kmuto.jp/debian/hcl/Sun/SunFire+X2270
<Tohuw> jmarsden: you around by any chance?
<jmarsden> Tohuw: Yes, but somewhat involved helping others in other channels right now... ask away, just don't expect fast responses.
<Tohuw> jmarsden: understood. I'm heart-stoppingly close to having my DNS setup kosher, but I've got a little glitch: http://www.intodns.com/constellationmedia.com complains that there are no Reverse MX A records. Here's my named.conf.local: http://pastebin.com/6vRxpRmR And my db.69 (reverse ptr): http://pastebin.com/dmWKFij6
<jmarsden> For PTR records, ask the ISP (or are you the ISP)?  It is very unlikely your newly created DNS server will have been delegated authority for reverse DNS for a chunk of public IP address space.
<jmarsden> The PTR record needs to be done by whoever "owns" the IP space, not by a normal user like you.
<Tohuw> jmarsden: oh! okay, then I need to have the data center (or their backbone providers) handle that. Gotcha. Should I remove my reverse info then?
<jmarsden> Probably, it won't do any good for you to publish that from your server, noone will every query your server for that info :)
<Tohuw> gotcha. I was just following https://help.ubuntu.com/9.10/serverguide/C/dns-configuration.html D:
<jmarsden> For reverse DNS on a LAN, you can do your own thing.  But in general, not for reverse DNS on the public Internet, unless you have been allocated that chunk of IP addresses... they belong to your ISP, not to you, most likely.
 * patdk-lap volunteers to query his server for that info :)
<Tohuw> jmarsden: makes perfect sense. Thanks!
<jmarsden> Tohuw: You're welcome.
<patdk-lap> man, I dunno what my colo center did, but they attempt to change the port an for one of their backbone lines
<patdk-lap> and everything broke, including all the other backbones
<Tohuw> D:
 * patdk-lap notes I can ping their stuff now
<patdk-lap> hmm, so world to them works again
<patdk-lap> them to nyc still broken
<Tohuw> patdk-lap: someone over there is hastily correcting a missing "." in a zone file right now
<patdk-lap> no
<Tohuw> >.>
<patdk-lap> not dns issue, this is much more serious
<Tohuw> Oh wait, that was me earlier today
<patdk-lap> bgp
<jmarsden> patdk-lap: If you radically change how you connect to the backbone, it can take a while for dynamic routing tables to recognize the change and stabilize...
<jmarsden> Yup, BGP.
<patdk-lap> and broken routers
<ppher> After installing an ircd, what else need to be done to access it?
<patdk-lap> jmarsden, ya, but they have 12 different providers
 * Tohuw reads http://en.wikipedia.org/wiki/Border_Gateway_Protocol
<patdk-lap> and I tried to get to them over 4 different ones
<patdk-lap> their report said they only changed one, the one I had been having issues with from them to nyc
<patdk-lap> and after they reported, all complete, working fine, it started to go down
 * patdk-lap guesses the replacement couldn't handle the load or something
<jmarsden> ppher: telnet or nc to the port it is listening on, if you speak IRC protocol.   Normal humans usually use an IRC client program (xchat, or irssi, or whatever) to talk to it instead.  But for testing whether the ircd is alive, telnet or nc works fine :)
<patdk-lap> and started to cause other issues for things that where fine
<bcomp> jmarsden: ha thanks.
 * patdk-lap is like 4hours late to bed
<patdk-lap> it looks like they shutdown the dc -> ny connection, but they still have their ny router advertizing on bgp, causing the issue
<Tohuw> jmarsden: http://www.intodns.com/lazarwolf.com reports there are no MX records, but I set some in the zone file: http://pastebin.com/VTheN3Rm
<jmarsden> patdk-lap: Stay up another 4 and it will no longer be a problem ... you won't even need to get up :)
<patdk-lap> Tohuw, is that valid?
<patdk-lap> it's tricky when you edit zone files like that
<Tohuw> patdk-lap: can you elaborate? Am I doing that part wrongly?
 * patdk-lap also wonders how you have lazarwolf.com. for an A record
<Tohuw> I just learned how to use bind today
<patdk-lap> what domain is that suppost to be for?
<Tohuw> lazarwolf.com
<jmarsden> Tohuw: Looks OK, when you made your last change to the zone file did you also increase the serial number in it and reload/restart bind?
<patdk-lap> would be much *safer* to use @ instead of the lazarwolf.com. for that MX entry
<patdk-lap> but the www in a lazarwolf.com. is invalid
<Tohuw> jmarsden: yes, but i can increment/restart bind again patdk-lap: why? (to both of your statements)
<patdk-lap> I wonder if named bombs out on that, not sure, I haven't used named forever
<patdk-lap> well, you already use @ everywhere else, why not keep it the same, less chances of human mistakes
<jmarsden> patdk-lap: www should have the domain auto added to it, should work great.
<patdk-lap> though it's technically correct
<patdk-lap> named auto changes the dns name to an ip?
<patdk-lap> cause A records can only have ip's
<jmarsden> ah... sorry.  I see what you mean now.  I though it was the www you were concerned about...
<patdk-lap> I think he wanted a cname, though I perfer to put the ip in there and use an A
<jmarsden> Tohuw: www should either be a cname for lazarwolf.com, or an A record pointing to an IP address.  Right now it seems to be sort of half andf half.
<bcomp> Jmarsden: I just tried telneting in, but got a fat access denied
<jmarsden> bcomp: Then either there is a firewall in the way, or you telnetted to the wrong port, or the ircd isn't running and listening on the port you think it is... usual network server debugging.
<Tohuw> jmarsden: is one "better" than the other (making it an A and changing it to IP or making it CNAME and keeping it hostname). I personally like the latter idea, only because it's less likely I will change the hostname it points to than the IP it should point to.
<patdk-lap> cname causes an extra lookup
<bcomp> jmarsden: opened the firewall on 6667, which I thought was the default irc port, but maybe I should check that...
<jmarsden> bcomp: So use netstat or similar to check what ports are being listened to, on the server
<Tohuw> patdk-lap: how "bad" is an extra lookup?
<jmarsden> Tohuw: patdk-lap is right, using a CNAME can lead to an extra DNS query being required, although I think in this case bind will do the smart think and include the necessary A record info as additional info in the first answer it gives.
<patdk-lap> depends on the clients dns location and stuff
<patdk-lap> 20ms to 300ms
<patdk-lap> but only for the first time they access your site
<patdk-lap> after that, it doesn't
<jmarsden> In fact, I think your web based dns checking tool was telling you that it *did* avoid the extra lookup, earlier on.
<Tohuw> so just use an a and call it a day, in your opinion?
<patdk-lap> so it depends on how paranoid you are about first page load times
<Tohuw> not very, tbh
<jmarsden> Then CNAME is fine, just do it :)
<Tohuw> ok!
<patdk-lap> it's alittle depressing more and more dns is being done over tcp :(
<patdk-lap> makes it slower :(
 * Tohuw like being told to do what he was going to do anyway
 * patdk-lap thinks he will passout in 5min or less
<Tohuw> Still getting a "no MX record" error. Updated the zone file: http://pastebin.com/3Kw1E9qn
<bcomp> well nmap says the ircd isn't listening on any port, and I started it per the man instructions
<patdk-lap> you queried the server directly?
<bcomp> Too bad there's no documentation
<patdk-lap> not using a dns proxy/recursor?
<bcomp> I did it via ssh on the server itself
<Tohuw> patdk-lap: using http://www.intodns.com/lazarwolf.com
<patdk-lap> that is no good
<bcomp> :x
<patdk-lap> dns negative cache, of 1hour :)
<patdk-lap> so that check won't work for an hour from now :)
<patdk-lap> to test your changes
<Tohuw> oh
<Tohuw> D:
<patdk-lap> change your negative cache ttl to like 60 if you want it faster (still have to wait an hour this first time though)
<bcomp> jmarsden: well apparently I didn't start the ircd even though I thought I did because the documentation sucks
<jmarsden> bcomp: Check on the server itself, using netstat or ss or similar tools.  Yes, that would explain it.
<bcomp> Yeah I ssh'd and ran nmap
<Tohuw> patdk-lap: is there a way to run tests inside of the negative cache time? install dnsutils on the local server and use dig or something?
<bcomp> It wasn't listening to any port
<patdk-lap> I don't see any mx direct
<jmarsden> OK, I need to get some sleep... goodnight all.
 * patdk-lap is confused though, ns3.constellationmedia.com is saying you have an AAAA record, but I don't see one in what you posted
<bcomp> Night
<Tohuw> patdk-lap: I deleted it. Is there any reason to keep it? I know it's for IPv6, but I'm not really using that for any interfaces, etc. Should I still bother with AAAA records
<patdk-lap> you should only ever use aaaa if you have a working ipv6 running your services
<patdk-lap> otherwise people with ipv6 will attempt to use it, and never use ipv4
<Tohuw> makes sense. I don't.
<patdk-lap> well, I guess your dns servers are not up to date
<patdk-lap> guess you are playing with a hidden-master server
<patdk-lap> and those two servers are slaves, and out of date
<patdk-lap> the ns3 and ns4.constellationmedia.com ones
<patdk-lap> hmm, actually, I think your soa went back in time
<patdk-lap> cause those have 2010080711, but your post says 2010080706
<patdk-lap> need to incrase your soa in your server to be higher
<patdk-lap> or they will never get updated
<Tohuw> patdk-lap: I am manually sync'ing the server with ns1. and ns2. It can't be set as a slave because it has WHM on it, and I can't heavily interfere with it or cause downtime. It's scheduled for very soon deprecation anyway. So technically ns1. and ns3. are both masters (yes I know that's sort of bad)
<patdk-lap> well, it still doesn't help that your soa values are out of order
<patdk-lap> the ones you posted you said you fixed those issues
<patdk-lap> but it's soa value is smaller
<Tohuw> patdk-lap: db.lazarwolf.com is 201080706, db.constellationmedia.com. is 2010080711
<chrislabeard> Hey guys, how would I allow my server to be shared across the network ?
<chrislabeard> So you can access it
<Callum__> chrislabeard: use Samba and/or NFS
<MACscr> how can i uninstall something with aptitude, but keep all its dependencies?
<Tohuw> Any idea why http://www.intodns.com/lazarwolf.com would report there are no MX records? My zone file for lazarwolf.com: http://pastebin.com/3Kw1E9qn
<Tohuw> All fixed now; PEBKAC
<uvirtbot> New bug: #614691 in excalibur-logkit (main) "Merge excalibur-logkit 2.0-4 (main) from Debian unstable (main)" [Undecided,Confirmed] https://launchpad.net/bugs/614691
<robertpayne> Is there any complete guides on the Ubuntu wiki for 10.4 Postfix/Dovecot mail server by chance?
<Tohuw> robertpayne: have you looked at https://help.ubuntu.com/10.04/serverguide/C/email-services.html ?
<robertpayne> Tohuw: not specifically..I think I'm getting caught up in details when I install everything
<Tohuw> robertpayne: check out the docs listed there; it's a good place to start and get a walkthrough of initial configuration
<robertpayne> Tohuw: Setting up a full mail stack with virtual box and trying to get TLS/SASL ontop of it...
<robertpayne> Tohuw: Yeah thanks, The part that gets confusing for me is TLS/SASL. Do you need both installed? I'm planning on only allowing connections through TLS but the password is still sent as plain text then correct?
<Tohuw> You need a mechanism. TLS is just what it says it is: a layer for secure transport. SASL is how you authenticate, TLS is how it is secured. See https://help.ubuntu.com/10.04/serverguide/C/postfix.html#postfix-smtp-authentication
<Callum__> hmmm, I wonder where I can buy some gigabit ethernet cards at a decent price
<Callum__> damn no money being non-profit
<mina> hi, anybody can answer an apache related question?
<MACscr> i have my swap partition created and setup within fstab, but it doesnt seem to be working as swap is showing 0k available. What log should i look at to see why its not being mounted ot boot or what might be wrong?
<zash> MACscr: try grep swap /var/log/messages
<oCean_> MACscr: what does "swapon -s" output?
<MACscr> doesnt show anything listed
<oCean_> MACscr: have you added the swap partition in /etc/fstab using its UUID?
<MACscr> i just have /dev/sda2	swap	swap	defaults	0	0
<oCean_> MACscr: and after editin /etc/fstab, you did 'swapon -a' ?
<MACscr> oCean_: thanks, looks like the server image had the partition names wrong. I should have checked that. It should have been xvda2
<MACscr> fixed and thanks
<MACscr> btw, i just had another user login as root while i was logged into root. How do i view that users history?
<oCean_> MACscr: you could set it up using the device's UUID, that way you know it's always the correct device. Use 'sudo blkid' to identify partitions by UUID
<oCean_> MACscr: the history gets "mixed" in with yours (in ~/.bash_history) after exiting the shell
<MACscr> oCean_: i ran history and its only showing my stuff
<oCean_> MACscr: is the other user logged out yet?
<MACscr> yes
<oCean_> hmm.. I'd say in that case you would see his history too. Maybe you should logout also (and in again ofcourse)
<oCean_> I didn't think that necessary
<MACscr> loooks like just doing 'cat ~/.bash_history' worked. Thought i could just do 'history'
<oCean_> MACscr: I guess when you log in again, you'll see it in 'history' command
<MACscr> ok, last question for awhile. I installed a deb using dpkg and it installed a bunch of dependencies like apache, mysql, etc. Anyway, i removed just the main app by doing dpkg -r name. Now anytime i try to do anything with aptitude, its saying its going to remove apache, mysql, etc. How can i stop that?
<oCean_> MACscr: dpkg --get-selections | grep apache2 shows "deinstall" ? You could use --set-selections to change it to "install". I don't exactly know in what state the package becomes. (configure-file wise I mean) a 'dpkg -l apache2' shows "rc" at starting of line?
<CppIsWeird> how does a package install into the update-java-alternatives list?
<uvirtbot> New bug: #614731 in autofs5 (main) "shutdown hangs with wlan autofs/nfs mounted homedirs" [Undecided,New] https://launchpad.net/bugs/614731
<stavi2> anyone have experiencing diagnosing grub issues remotely?  I can reboot to a rescue environment, but can't see the screen.  datacenter is useless.  does grub keep any logs?
<patdk-lap> what kind of video card in it?
<stavi2> its at datacenter far away...that's why i can't see the screen.
<patdk-lap> oh
<patdk-lap> I thought you meant the datacenter people wouldn't read the screen also
<patdk-lap> lucid?
<stavi2> oh, they will read the screen for me.  with a 3 hour turn around time to find out what message it says.
<stavi2> 10.04
<patdk-lap> this is where asking them to plug in a ip-kvm is nice
<stavi2> this is where they having ipkvms would be awesome, I agree.  I'm actually probably switching hosts over that issue.
<stavi2> I can't fix bootloader/kernel stuff without it...and they can't fix it because they don't know how.
<patdk-lap> heh
<patdk-lap> I can think of several different issues
<patdk-lap> but hard to say what is your issue without any info :(
<stavi2> well, let me tell you the full story about what I did.
<stavi2> this server had 10.04 installed on it.  But I wasn't really using it.  Another of my servers crashed, so I am trying to restore that server to this one.  I basically rsynced the entire hard drive over to this server.
<stavi2> all the permissions have been preserved, everything looks ok.  But according to the datacenter people, when it boots, it just hangs saying "GRUB"
<patdk-lap> was grub2 on it? or old grub?
<stavi2> old grub.  I've chroot'ed from the rescue env. to the real system.  grub says version 0.97
<patdk-lap> heh, evil
<patdk-lap> that is probably why it broke
<patdk-lap> never ran update-grub after the restore?
<stavi2> I did, actually.  but I'll try it again.
<patdk-lap> grub depends on knowing where the files are on the disk
<patdk-lap> grub2 doesn't
<stavi2> ya, I wish it was grub2, but again, datacenter does weird things...this is how they fixed it when a kernel update broke my server.
<stavi2> I'd kill for an IPKVM right now.
<stavi2> update-grub seemed to do something....i'll try rebooting again :)
<patdk-lap> wait, maybe
<patdk-lap> might want to check what it did :)
<stavi2> it asked me if my changes to menu.lst were ok (they are).
<patdk-lap> what is in /boot/grub/device.map?
<stavi2> (fd0)   /dev/fd0
<stavi2> (hd0)   /dev/sda
<stavi2> which looks ok.  /boot is on sda1.  / is on sda5
<patdk-lap> want to pastebin /boot/grub/menu.1st
<stavi2> http://pastebin.com/sGbKmE5L
<patdk-lap> hmm, you have grub2 chainload installed
<stavi2> grub2 was installed at one point...but that broke things, so they (datacenter) switched it back to grub1
<patdk-lap> heh, I love the def of broke things
<patdk-lap> don't fix, replace :)
<stavi2> without an ipkvm, i got no choice but to have them fix it...it's not the way I would have gone.
<patdk-lap> hmm, looks ok, your is missing groot option that mine has
<patdk-lap> but I don't *think* it's required
<stavi2> hmm...that's weird.  /tmp was empty before I tried booting it.  now it has a couple files in it...maybe it's getting at least part way through the boot process now.
<patdk-lap> heh, my hardy and gusty systems both have it though
<patdk-lap> heh, if tmp has anything
<patdk-lap> it was atleast remounted rw
<patdk-lap> so it's upto/paste initrd atleast
<patdk-lap> past
<stavi2> I've got two dir's .ICE-unix and .X11-unix, and a hsperfdata_root folder
<patdk-lap> hmm, that would be booted
<stavi2> yeah...maybe the update-grub did fix it.
<stavi2> hey!  there's stuff in /var/log that has a recent timestamp!
<patdk-lap> you didn't use update-grub2 last time by mistake? :)
<stavi2> nope, i'm sure I didn't./
<wieshka> HELP: i installled ubuntu 10.04 lucid server on RAID 1 + LVM (each physical disk, contains one big RAID partition, and after that, on RAID device #0 i setted up LVM with 1 volume group with 8 logical volumes) ... now i am trying to boot my fresh install - i have error and boot fails. Error data: http://wieshka.pastebin.com/mv1yuusb
<stavi2> but I might have run the one from the rescue environment instead of running it after chrooting.
<stavi2> lets reboot and see if it works...
<patdk-lap> ureadahead exit code 4 isn't an issue
<patdk-lap> ata_id[680]: HDIO_GET_IDENTITY failed for '/dev/sda', I dunno if it's an issue or not, dunno what it means
<patdk-lap> but your lvm mounted just fine
<wieshka> patdk-lap: i dont have any idea what ata_id[664]: HDIO_GET_IDENTITY failed for '/dev/sdb' means ....
<wieshka> h/w RAID is disabled in BIOS
<wieshka> so there is no fakeRAID, what makies mess
<stavi2> wieshka:  the HDIO_GET_IDENTIFY failed appears to mean that hdparam can't identify the drive.  that's usually normal for SCSI/SATA drives.  Might prevent things liks SMART from working, but shouldn't be a show stopping issue.
<wieshka> SMART - it was a BIOS option ?
<stavi2> at least that's what my googling shows.
<wieshka> S.M.A.R.T if i remember correctly
<stavi2> smart tells you if a hard drive is showing signs of failing soon.
<patdk-lap> the bios option for it, just makes your computer not boot, if the drives smart says a drive is bad
<wieshka> ok - what are my opions now
<wieshka> HDD's are identical and directly from shop
<wieshka> i can boot in rescue mode, but what i need to check out ? hdparm output ? what it will give for me
<stavi2> what's the last thing on the screen when you try to boot it?
<wieshka> init: unreadahead-other main process (992) terminated with status 4
<stavi2> http://techblogparade.blogspot.com/2010/05/howto-fix-ureadahead-problem-after.html
<wieshka> stavi2: thx - i will give a try!
<wieshka> rebooting in rescue mode
<stavi2> wieshka:  hope it works
<stavi2> patdk-lap: well, tried rebooting the server.  still not responding to ping.  maybe it's running fsck, so I'll give it a little while before going back to rescue mode and looking at the logs.
<wieshka> stavi2: i hope to - anyway better have a option to check out, then no ideas :)
<wieshka> ok - so now i am in rescue mode
<wieshka> becouse rescue didnt found my raid device to mount
<wieshka> stavi2: i cant mount my system
<wieshka> from busybox
<wieshka> fdisk -l lists two identical disks as Linux raid autodetect
<wieshka> how can i access my RAID disk (mount) using rescue mode .... rescue mode offers me only two options - try to mount /dev/sda1 what fails, or do not usa a root file system, so, i have only BusyBox
<wieshka> stavi2: still here ?
<carleas> I've set up bind9 on my server, and I want to make sure it's serving the right stuff before I have my secondaries start transfering it.  How can I query that?  I know dig looks that stuff up for a live server, but as of now it's not serving to anyone, so dig pulls up info from my old nameserver
<hggdh> carleas: dig @<your server> <query where <your server> points to your server
<carleas> But I currently have mydomain.com being set up through another nameserver.  When I use dig, it gives me information from that server.
<carleas> Currently, a server rsyncs the zone file for my domain from myserver1.  I'm setting up a primary DNS server on myserver2, and I want to test that I've configured it right before I switch between them.
<hggdh> carleas: dig@myserver2 something
<hggdh> carleas: dig @myserver2 something
<hggdh> if myserver2 has the data, you will get it (or it may forward therequest, depends on your settings)
<carleas> OK, cool.  Thanks, hggdh.
<ruben23>  hi guys
<ruben23> does anyone know how to correct this error----> http://pastebin.com/eFZgtGQa
<Black_Prince> rm -rf ~/.ssh
<ruben23> on the server.>?
<Black_Prince> on the system you are trying to connect FROM
<ruben23> Black_Prince::-D sorry im confused, this errors occur on client.. while connecting to server, whihc i set this.
<Black_Prince> root@chris-laptop:~#
<Black_Prince> on this terminal
<Black_Prince> you type rm -rf ~/.ssh
<Black_Prince> on your client computer
<ruben23>  Black_Prince:still the same as i run that...
<Black_Prince> you typed it on laptop or on server?
<ruben23> on the altop
<ruben23> laptop i mena
<Black_Prince> rm /root/.ssh/known_hosts
<guntbert> Black_Prince: both statements might be bad advice â¢
<ruben23> guntbert:why..?
<patdk-lap> did you recently reinstall that computer your attempting to connect to?
 * patdk-lap would just delete the first line, if it's known it should change
<ruben23> patdk-lap: no
<guntbert> ruben23: because 1) it might be possible that you have really a "man in the middle", 2) you might have other known hosts too -- so you should look into it and the decide how to go on
<patdk-lap> well, that message is saying something changed
<patdk-lap> if you didn't change it, well
<guntbert> *then
<chrislabeard> hey, guys I'm using ehcp for my server and for some reason apache can't write to the user's directory is there a way that I can set this up to work for every user.
<guntbert> ruben23: it works this way: whenever you connect to some machine for the first time you are asked if you trust its signature
 * patdk-lap started putting all his thumbprints in dns, makes it nice
<guntbert> ruben23: if you say "yes" the key is added to .ssh/known_hosts
<ruben23> ok
<ruben23> then
<guntbert> whenever the same host presents a different key you are alerted
<guntbert> thats why patdk-lap asked if *you* changed something
<ruben23> oh.., host key chnages when changed IP..? and what others task triggers for the jey to change..?
<guntbert> ruben23: no, the hostkey is usually not changed by address changes
<guntbert> ruben23: but for (2): you may have many keys in .ssh/known_hosts, you can see from the error that in this case it is the first entry (each entry is 1 line in the file), so you *can* delete just that line when you are certain that it is ok
<ruben23> ok clear now
<guntbert> ruben23: please see http://www.thegeekstuff.com/2010/04/how-to-fix-offending-key-in-sshknown_hosts-file/
<stavi2> So I got hacked...found SHV5 rootkit.  How do I figure out how they got in in the first place, to make sure it doesn't happen again?
<patdk-lap> disconnect the network cable and never plug it in again :)
<stavi2> patdk-lap:  lol.  I restored it from a backup from before they got in...but that means whatever vulnerability they used in the first place is still there.
<patdk-lap> I find almost all issues relate to crappy cgi or ftp
<stavi2> no ftp server.  apache runs on this server, but the entire thing requires a password.
<patdk-lap> requires a password over ssl?
<patdk-lap> or none-ssl
<stavi2> patdk-lap: no ssl :(
<patdk-lap> if non-ssl, then the password is mostly useless
<stavi2> guess all I can do it go searching through logs and hope they didn't clean up after themselves very well.
<patdk-lap> any public wifi, private wifi, ...., hacked home router, ...., could of recorded it
<patdk-lap> happens all the time for ftp
<stavi2> it's a server in a datacenter.
<patdk-lap> no, I mean for where you accessed it from
<stavi2> oh, right
<patdk-lap> or where anyone accessed it from
<uvirtbot> New bug: #614825 in mysql-dfsg-5.1 (main) "upstart fails to start mysql in mysql-server-core-5.1.41-3ubuntu12.6, downgrading fixed " [Undecided,New] https://launchpad.net/bugs/614825
<fidelix_> Hey guys, i created my mail server, and i can send emails and connect to it with Thunderbird.
<fidelix_> However, sending mails to my account from outside bounces the message back.
<fidelix_> What could be happening?
<fidelix_> Can you guys help me to set my DNS server?
<Joshua1983> Hello
<Joshua1983>  
<Callum__> okay, so I retired my last SCSI drives out of my server, since they are pretty much dead and I have enough SATA drive capacity to replace them with
<Callum__> they were good to me for a good while, shame they had to die
#ubuntu-server 2010-08-08
<Callum__> aaand I broke the Ubuntu install on it
<Callum__> *fixes*
<chrislabeard> anyone alive in here today?
<patdk-lap> chrislabeard, depends
<chrislabeard> I need help with figuring out how to let the server write to directories
<patdk-lap> I'm pretty sure we answer questions in here, not statements
<chrislabeard> alright.
<chrislabeard> I'm using EHCP I create a domain add files and the server does not have write access to the directory
<chrislabeard> how can I fix this ?
<patdk-lap> ehcp?
<chrislabeard> easy hosting control panel
<chrislabeard> its just a web panel
<patdk-lap> dunno anything about it
<patdk-lap> check your directory permissions
<patdk-lap> there should be isntallation documentation for that
<patdk-lap> if not, that sucks
<chrislabeard> lol k
<patdk-lap> sorry, I'm just not in the mood to learn about ehcp to really help you
<chrislabeard> Right i gotcha
<Callum__> man, rsync is really slow, even with copying from one drive to another...
<Callum__> in the same machine
<Jason1> anyone have vsftp running on their system?  I'm getting this after trying to init.d restart
<Jason1> Rather than invoking init scripts through /etc/init.d, use the service(8)
<Jason1> utility, e.g. service vsftpd restart
<Jason1> Since the script you are attempting to invoke has been converted to an
<Jason1> Upstart job, you may also use the restart(8) utility, e.g. restart vsftpd
<Jason1> vsftpd start/running, process 12030
<patdk-lap> ya, just do what it says :)
<Jason1> im not familiar with the restart utility.  I tried typing restart vsftpd and that didn't work either.
<patdk-lap> restart utility?
<patdk-lap> I'm pretty sure it says
<patdk-lap> service vsftpd restart
<Jason1> yes thats what I typed.,  here is the response:
<Jason1> restart: Unknown instance:
<patdk-lap> service vsftpd start
<patdk-lap> maybe it wasn't running, so restart failed
<Jason1> tried that as well...
<patdk-lap> strange, I have no issue with it on my system
<Jason1> also tried with sudo
<patdk-lap> oh, you have to use sudo
<Jason1> i had vsftpd running the other day.  Reformatted my system and started from scratch. I didn't have this issue before.
<clusty> curious how bad is the TLER issue with raid cards these days
<clusty> any experiences ?
<ScottK> sommer: Bug #614897
<uvirtbot> Launchpad bug 614897 in ubuntu-docs "bind9 instructions should use relative paths for files" [Undecided,New] https://launchpad.net/bugs/614897
<Tohuw> Apache problem on my Ubuntu 9.10 server: I'm trying to get a subdomain to point to the right DocumentRoot, but it isn't working. Here's the vhost file in question: http://pastebin.com/S4tkm9F4 What am I missing?
<rampr> monit stopped monitoring one of my services and I fixed the problem. how do I let monit start remonitoring the services ?
<qman__> Tohuw, there are no directories defined in that virtualhost
<Tohuw> qman__: oh, defining the dir is required? :(
<patdk-lap> na, it's magic :)
<Tohuw> well, i just thought it could infer it from the docroot
<Tohuw> or something
<patdk-lap> that would be, simple_vhost, not normal vhost
<Tohuw> ok obviously not, adding directory and testing
<Tohuw> oh
<Tohuw> when i define the directory, do i start from the docroot defined by that vhost, or the docroot in my apache2.conf?
<qman__> directory statements use absolute paths, last I knew
<qman__> at least if you start them with a /
<Tohuw> oh
<Tohuw> I changed the vhost file to http://pastebin.com/hhnVGksC, but still no dice :\
<qman__> the other problem I see is that the second domain name falls under the first domain name
<Tohuw> what do you mean?
<Tohuw> just that projects.constellationmedia.com is a subdomain of constellationmedia.com? Am I going about a subdomain setup wrongly?
<qman__> I'm looking it up to confirm, but that's what I think the problem is
<Tohuw> Thank you, I appreciate your help
<Jason1> how do I change a users home directory and make sure they only have access to that directory and what is below it?  Im not quite following the chroot topic.
<qman__> Tohuw, well, I can't find a configuration set up similarly to yours to confirm, what incorrect behavior is it showing?
<qman__> if it's rendering the main site instead of the subdomain, or not rendering the subdomain at all, this is probably the case
<Tohuw> qman__: if you go to http://projects.constellationmedia.com, you'll see it goes to the same page as http://constellationmedia.com. It should be rendering http://constellationmedia.com/projects
<qman__> Tohuw, try commenting line 4
<Tohuw> oh, that worked
<Tohuw> makes sense
<Tohuw> now the question is: how do i allow www.constellationmedia.com to point to the parent domain, since the wildcard screws things up?
<qman__> serveralias www.constellationmedia.com
<Tohuw> fair enough
<qman__> though to avoid problems with cookies or SSL, I'd suggest doing a redirect or mod_rewrite instead
<Tohuw> yeah, makes sense
<Tohuw> i'll make a .htaccess with the appropriate directives
<Tohuw> I have a rails app located at /home/cmg/redmine/1.0-stable and symlinked to /home/cmg/public_html/projects. It's not working. http://projects.constellationmedia.com/ isn't working -- I just get a directory index. Neither is http://constellationmedia.com/projects (the same place) My vhost file: http://pastebin.com/U1K4V0d0 (using Passenger)
<qman__> I don't know anything about rails, but I'd double check to make sure it's enabled in apache
<qman__> and check the file association too
<Tohuw> It is. It was working before I moved it from another directory. I updated the .yml files and environment.rb
<qman__> ok
<Tohuw> oh
<Tohuw> wait
<Tohuw> d'oh
<Tohuw> forgot to chown the application directory
<qman__> ah, that'll do it
<Tohuw> actually, apparently it won't :(
<qman__> hmm
<qman__> I don't remember if FollowSymlinks is on by default
<qman__> but if your directory listing is of the correct directory, I guess it's on
<Tohuw> I have it on http://pastebin.com/U1K4V0d0
<Tohuw> yeah
<deco> why is the server iso around 600mb ?
<qman__> deco, to contain as many popular packages as will fit on a CD
<deco> qman__: thanks
<Tohuw> deco: just because the package is on the cd doesn't mean it's installed by default
<deco> Tohuw: ah ok
<deco> been wanting to setup a vps , why would somone use ubuntu-server instead of debian ?
<deco> i know there's a reason for the desktop
<deco> version of ubuntu
<qman__> my main reason is tasksel
<deco> but i don't know why for the server
<qman__> makes a lot of things really easy
<deco> qman__: like what for example
<Tohuw> deco: for the same reason you would prefer ubuntu for your desktop over debian
<qman__> LAMP
<qman__> single checkbox for a working system
<deco> hmmm
<qman__> could you do it on debian? sure
<qman__> but ubuntu has a very quick and simple way to do it
<Tohuw> ubuntu server, like its desktop counterpart, does a great job at vastly simplifying and streamlining deployment and operation without sacrificing power and configurability (or at least, not too much)
<deco> Tohuw: okay thanks
<Tohuw> hence the old joke, "ubuntu is an African word meaning 'I can't configure Debian'."
<deco> haha
<qman__> when you need a web server in ten minutes flat, ubuntu is the answer
<deco> same with the desktop version :p
<deco> i like that
<deco> oh well i should really just download the iso and test it in vbox
<qman__> the only difference between the two is the default package set
<qman__> I think they even use the same kernel now
<qman__> desktop and server, that is
<qman__> oh, and the installer
<deco> qman__: installer is ncurses right ?
<qman__> server uses a menu instead of a graphical environment
<deco> yeah
<Tohuw> qman__: as of 10.10 beta, the kernel is still -server as opposed to -generic, the default in Ubuntu Desktop.
<Tohuw> Though the versions are the same, at least currently. (2.6.35-14)
<qman__> guess they decided not to merge the two, then
<qman__> it was in the plan at one point or another
<qman__> even so, it's just some minor changes
<Tohuw> what's the advantage to unifying them?
<qman__> one less kernel to bug test, patch, and maintain
<Tohuw> fair enough. I don't know enough about the tunings between the two to comment on it, was just curious
<qman__> they're not very different
<qman__> but the fact that they're not the same one means extra work
<qman__> one thing that does bother me is that they call the 32-bit version i386, when it requires an i686 CPU
<qman__> guess it doesn't matter for most people
<qman__> just me and the other two guys still running an i586 ;)
<Tohuw> Tandy called, they have a new model to sell you. It's ready for pick-up at your local Radio Shak
<clab> harsh ;)
<qman__> I would replace it, but every time I go to do it, one of the newer machines fails
<qman__> it just won't die, can't argue with that
<ball> qman__: I know one of my machines has an AMD K6-2+, which was i586 in terms of instruction set.  Upgraded from a Cyrix MII that was i686.
<ball> I have to go.
<qman__> yeah, this is a K6
<Tohuw> qman__: fixed my problem! it was a simple matter of moving the RailsBaseURI directive to the parent vhost entry (the first one in the file). Why that worked, or rather why having it in the vhost entry for projects.constellationmedia.com didn't work, I don't know
<Tohuw> Rails is very black box to me sometimes.
<qman__> hah
<qman__> yeah, that doesn't make a lot of sense
<Tohuw> it's working, i'll just smile and not
<Tohuw> s/not/nod
<Tohuw> I wonder what clever trick I can use to get http://projects.constellationmedia.com to work (http://constellationmedia.com/projects works)
<qman__> maybe put it in both?
<Tohuw> nope, that was too easy to work
<Tohuw> this is rails: it has to be difficult and obscure to deploy. get real, man!
<Tohuw> related: I delight in antagonizing rails fanatics, even though I don't have (many) specific complaints or even useful knowledge of rails itself
<qman__> heh
<qman__> I've never used it myself, I learned PHP years ago and stuck to that
<qman__> though python has caught my interest, if I ever get some time
<WalterN> how do I copy the partition map over from one drive to another?
<joschi> WalterN: you can use `sfdisk` for that.
<MACscr> Im running ubuntu 10.4, but cant seem to use last or lastlog commands: last: /var/log/wtmp: No such file or directory
<MACscr> do i just need to create the file and it will start working? i doubt it as i would think it would automatically be created if it wasnt
<Tohuw> I'm having an odd issue with my Ubuntu Server running Apache 2.2.11: I have several vhosts files, one of which contains <VirtualHost *:80>, the rest contain VirtualHost directives that are domain-name specific and include ServerName entries. So if I go to something that hits the server but not any of the domains specified in the other vhost files, why don't I get the documentroot for the default vhost? It seems to go through the other 
<Tohuw> Ah, now I get it: http://www.onlamp.com/pub/a/apache/2004/01/08/apacheckbk.html
<Tohuw> does anyone else ever have a problem where an ssh suddenly becomes very very slow, even though nothing significant has changed in terms of load on the localhost/ssh target/available bandwidth on either end?
<uvirtbot> New bug: #614939 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.3 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1 stop: Job has already been stoped: mysql" [Undecided,New] https://launchpad.net/bugs/614939
<Tohuw> an ssh session, I should have said
<FireCrotch> Tohuw: I've experienced it. I never really thought much about it.
<Tohuw> FireCrotch: it drives me insane... and I can't determine why it might be happening
<FireCrotch> Tohuw: It usually goes back to normal after a few seconds for me.  I usually assume that its due to a load spike on the local machine or the remote box
<Tohuw> FireCrotch: yeah... but the odd thing is, when it happens for me, I don't observe a load spike on either end... I was guessing some flakiness in connection on my end (not that I've observed any directly)
<FireCrotch> I assume this is over the internet, not the local network
<Tohuw> yes
<FireCrotch> Could definitely be internet lag.  The internet is a complicated beast, sometimes it just... slows down for no reason
<robertpayne> Tohuw: thanks for the help earlier with SASL stuff might've been last night actually I finally got it all working
<Tohuw> robertpayne: excellent :)
<robertpayne> Tohuw: turns out using postfix + dovecot you don't need sasl2-bin at all or any of it's configured stuff.. dovecot provides it's own implementation
<Tohuw> robertpayne: really? Interesting. I'll make a note of that... I'm setting up dovecot on a server soon (I'm used to Courier).
<robertpayne> Tohuw: yeah. I'm trying to make a shell script now to install the base server setup ( lamp, phpmyadmin, postfix, dovecot, postfixmyadmin, ssl certs ) etc.. having trouble getting sed to replace some variables in the config files though
<robertpayne> sed script seems to expand variables only when not inside a recursive loop like this: http://pastebin.com/UdFk2ZwP
<joebobjoe> any opinions regarding ebox vs pfSense?
<Tohuw> robertpayne: if you're scripting that large of a deployment, you might want to consider using a "golden image" type approach instead
<robertpayne> Tohuw: It's for my webhost's VPS I don't think I can go that route
<Tohuw> understood
<robertpayne> I wish though would make life a ton easier :(
<robertpayne> Tohuw: actually you have a link with info about a golden image? I might look into it I might be able to hook it up
<joschi> robertpayne: maybe cfengine, puppet or chef might be worth a look for you
<joschi> robertpayne: golden image just means that you have a master image (which you maintain) and can just deploy when you need a new vps
<robertpayne> joschi: ahh I figured as much yea heh no I have to reinstall the whole thing
<robertpayne> joschi: they offer snapshots but you can't move them across different servers ( setting up a dev box now then will migrate to production box )
<robertpayne> the shell script isn't too heavy
<Tohuw> robertpayne: that was one of my complaints about my former vps setup. I went with a cloud-based solution from the same data center, and now i can make my own images, roll them out as I please in minutes, clone them, roll out premade (by the data center) images, etc. Not to mention I can dynamically allocate resources and only pay for what I need in most regards.
<robertpayne> Tohuw: very interesting.. what hosting solution are you using?
<Tohuw> robertpayne: you might consider doing it more "the unix way": create several small scripts to configure the different parts. This allows for scaling and interchanging parts. You could still have a master script that includes which scripts you want to run
<Tohuw> robertpayne: www.stormondemand.com
<robertpayne> Tohuw: yea true.. I doubt I'll ever really have to use these that often though.. mostly just once on the dev/production box and if they ever completely fail I'd have to do it again
<Tohuw> fair enough. sometimes, quick and dirty is completely called for
<robertpayne> Tohuw: this sed problem is the only one still remaining.. I can't understand why it's not expand the env variable unless it's used standalone
<Tohuw> robertpayne: I'm not sure why either... try asking #bash
<joschi> robertpayne: example?
<robertpayne> http://pastebin.com/UdFk2ZwP
<robertpayne> the sed command replacement is always resulting as empty string.. tried several different methods
<robertpayne> works if I don't use a env var inside the replacement
<joschi> robertpayne: you're missing -i for in place editing of the files
<robertpayne> joschi: oh right now I'm just testing.. printing it to stdout
<robertpayne> anyways turns out on my local machine I'm running /bin/bash
<robertpayne> server is using /bin/dash
<robertpayne> $HOSTNAME isn't set as env for /bin/dash
<joschi> robertpayne: also `set` is IMHO wrong is this context
<robertpayne> joschi: yes that is wrong too I've tried that many different ways
<joschi> robertpayne: just write USE_HOSTNAME="$HOSTNAME"
<robertpayne> yeah
<robertpayne> I'll have to create a second script and run it as /bin/bash
<robertpayne> to setup the files
<robertpayne> not sure how the rest of the script will run under bash instead of dash
<joschi> just use `hostname` instead of $HOSTNAME
<robertpayne> for dash?
<robertpayne> er bash
<joschi> both
<robertpayne> here is what I don't get
<joschi> bash supports $HOSTNAME, but not every shell does
<robertpayne> actually.. wait a sec
<robertpayne> maybe I do need to run it as bash.. because command line ubuntu echo $HOSTNAME works but /bin/sh is dash and doesn't so..
<robertpayne> yeah I just have to run it as bash.. argggg! thx
<MACscr> even after rebooting, i still cant run apt-get. im getting: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
<MACscr> and no, i dont have apt running, etc
<blue-frog> MACscr, try  sudo lsof /var/lib/dpkg/lock   or    sudo sudo lsof /var/lib/dpkg/status
<MACscr> blue-frog: thanks, i got it fixed. Removed the lock file. No idea why it didnt work the first time, but it did after reboot and i rm'ed it again
<blue-frog> MACscr, there's a process looking for updates. certainly this one.
<blue-frog> update-manager apt-get and so on
<blue-frog> if you want to be sure use lsof. it will tell you what is using it
<blue-frog> so give it time to finish what it has to do and then issue your commands
<cemc> any LTSP gurus around?
<CppIsWeird> are there only UUID's for partitions or can you get some unique identifier of the drive itself?
<CppIsWeird> in other words, is there any information i can get from /dev/hda to differentiate it uniquely from /dev/hdb given that they are identical drive models?
<uvirtbot> New bug: #614981 in groovy (main) "Please sync groovy 1.7.4-1 (main) from Debian unstable (main)." [Wishlist,New] https://launchpad.net/bugs/614981
<soren> CppIsWeird: There might be.. What do you need it for?
<CppIsWeird> well i was running along the street with a big red bag full of western digital hard drives stacked in a specific order from 1 to 1 million. All the sudden a big gust of wind blew me over and the hard drives fell all over the place.
<soren> I hate that.
<CppIsWeird> so now i need to put them back in the right order.
<soren> Why?
<CppIsWeird> god told me i had to or the world would come to an end.
<CppIsWeird> you have to help me save the world.
<soren> Why do they need to be in the right order.
<soren> *shrug*
<soren> Maybe today is the day where I stop bothering to respond to anything in this channel.
<soren> 5 years seems like a pretty good run.
 * soren makes a rude gesture and wanders off
<CppIsWeird> lol, wow, someone needs to get out of their cubicle more often.
<Jeeves_> CppIsWeird: You might also think about the fact that people in here have things to do, and that they're here to help people as well.
<Jeeves_> You trying to be funny isn't very helpfull (nor funny)
<incorrect> damn i hate grub2
 * Jeeves_ too :)
<incorrect> i have software raid on a dual boot machine, update-grub seems to generate a valid grub.cfg but i only see the win7 option when i reboot
<incorrect> so what other options are there
<incorrect> in terms of bootloaders
<Jeeves_> incorrect: There's also Grub.
<incorrect> i didn't see it in 10.04
<Jeeves_> But i'd try to find out what is wrong with grub2
<incorrect> i think its something to do with the software raid
<Jeeves_> Is grub being installed on both your disks?
<incorrect> well i get a grub2 menu
<incorrect> but it only has win7 as an options
<incorrect> so i pxe boot rescue, chroot in
<incorrect> do an update-grub
<incorrect> it moans about a memory leak
<incorrect> however the /boot/grub/grub.cfg seems to have everything in i would want
<Jeeves_> Is grub being installed on both your disks?
<incorrect> well i did manually force to do an install
<Jeeves_> So grub is probably on only one of your disks
<incorrect> does grub2 not just read the .cfg file at boot like grub2
<incorrect> err grub1
<Jeeves_> what happens if you tell the bios to boot from the other disk?
<incorrect> can't do that without stuffing the software raid
<incorrect> then all the UUID's get stuffed
<Jeeves_> huh?
<Jeeves_> uuid's don't get stuffed based on settings in your bios
<incorrect> the nvidia software raid is a bit weird
<Jeeves_> that's the whole idea with uuid's
<incorrect> they just did
<Jeeves_> Ah, it's not software raid
<Jeeves_> it's hostraid
<incorrect> ah
<Jeeves_> which sucks, usually
<Jeeves_> And usually creates more issues than it solves :)
<incorrect> well i tried disabling it and installing but that caused more problems
<Jeeves_> Why?
<CppIsWeird> are there only UUID's for partitions or can you get some unique identifier of the drive itself? is there any information i can get from /dev/hda to differentiate it uniquely from /dev/hdb given that they are identical drive models?
<incorrect> got it, it needed a manual on both drives
<incorrect> oh thats is awesome dmraid didn't start so the /dev/mapper devices it wants to use aren't there at boot
<incorrect> sigh
<incorrect> hmm what to do
<incorrect> fine reinstall using mdadm
<incorrect> but i bet it won't find the windows install
<robertpayne> are self-signed certificates any less secure than using one signed by a CA?
<RoyK> robertpayne: no, but they can't be verified - security is the same if you trust the certificate
<patdk-lap> the difference is you have to verify it manually, like you should be doing your ssh keys :)
<robertpayne> RoyK: ok just wanted to make sure.. yeah it's for mail server
<patdk-lap> no it's not the same still
<patdk-lap> cause you can't verify the revoke status
<RoyK> well, for a private setup, it won't matter
<robertpayne_> blah patdk-lap sorry missed anything past "cause you can't verify the revoke status"
<ruben23> hi guys how to check the ubuntu version is being usede by my server
<ruben23> any idea..?
<patdk-lap> cat /etc/lsb-release
<anarki> How can I create a second qcow2 image for my windows guest? I did do "qemu-img create -f qcow2 win2k3-ext.qcow2 20GB" and edit the .xml, but when I start windows again i'm not able to format the new disk. The disk in Disk managment is only 1MB?
<robertpayne> any package that has a bit of a gui for iptables on server edition?
<papertigers> robertpayne: any of the firewall gui programs can be X11 forwarded over ssh
<robertpayne> papertigers: ahh didn't realize that thx
<papertigers> robertpayne: if you do ssh -Y user@server
<papertigers> then you could run something like firewallbuilder
<incorrect> damn it i think i will buy a hardware raid controller
<papertigers> incorrect: and use it to do JBOD and then do mdadm? :P
<incorrect> mdadm is the pain
<incorrect> i just put a 3ware 8 disk raid10 setup in my server, much nicer than mdadm
<papertigers> incorrect: I love mdadm
<papertigers> I have a rocketraid 2320 hardware card in mine
<papertigers> using mdadm for raid6
<papertigers> i have 8 disks 5.4TB usable
<incorrect> papertigers, i guess you only use it for a file server not a vm host
<Phantomas> Hello, is this the right place to discuss server documentation bugs?
<papertigers> incorrect: I use it for storave for mv VM's as well, linux kvm
<papertigers> kvm server is seperate, but is trunk linked point to point ip and mounted over nfs for storage
<thesheff17> papertigers: ping
<caution> I'm getting "fuse: failed to open /dev/fuse: Permission denied" when I try to use sshfs
<caution> is there an alternative to sshfs?
<zash> caution: adduser $USER fuse
<zash> i think
<caution> I've tried that
<gnoob> I want to make a login script that all users run on logon.  Where is the file where i need to link script? :)
<zash> caution: have you logged out and in?
<caution> yes, `id` shows the group
<caution> I also changed the group of /dev/fuse to fuse
<zash> caution: what permisions are on /dev/fuse
<caution> crwxrwxrwx 1 root fuse 10, 229 2010-08-08 19:33 /dev/fuse
<caution> what are my alternatives? I only want to securely share a file across two computers
<caution> fuse probably isn't supported by my host or something
<zash> caution: nfs over vpn should be pretty secure
<zash> or something with unison or rsync over ssh
<caution> nfs also uses fuse?
<RoyK> top - 21:37:11 up 9 days, 10:08,  2 users,  load average: 24.20, 24.14, 24.10
<RoyK> caution: nfs is usually in kernel
<RoyK> no fuse there
<caution> trying to install nfs-kernel-server tried to install fuse
<qman__> caution, did you use --no-install-recommends?
<caution> no
<steve__> Does anyone have any good suggestions for a password management solution for ubuntu-server? I have been mounting a encrypted image of a filesystem onto /mnt. Its not very elegant - Any suggestions?
<giovani> steve__: I'm unclear on what password management has to do with mounting a filesystem ... can you elaborate?
#ubuntu-server 2011-08-01
<lickalott> gents has anyone seen leguin.acc.umu.se within a netstat on their rigs?  I did netstat -a | grep 127.0.0.1 and that came up.
<patdk-lap> lickalott, why would we?
<KM0201> does a user need to be logged in on the server, for samba to be running?  (i want to set samba to share /media/drive1, /media/drive2)
<patdk-lap> I'm suprised that worked at all
<patdk-lap> cause that means your rdns is broken that grep matched 127.0.0.1 on any line
<patdk-lap> km0201, nope
<KM0201> hmm
<KM0201> cuz freenas has irritated me for the last time, and i'm seriously considering putting ubuntu server on a flash drive, booting it and just using it as my file server.
<KM0201> i'm pretty familiar w/ Ubuntu, and i've successfully done what I want to do, in Vbox, but I done it w/ a GUI... not sure I know how to do it w/ a CLI.
<KM0201> i guess i'll practice doing it w/ ubuntu server in vbox now.. :)
<KM0201> patdk-lap, the other question i have though... i have two drives on my NAS/File Server... (one is a mirror of the other).. i'm pretty sure i can figure out how to mirror them, but i don't need to be logged in, for those drives to auto mount (i'll add them to fstab) right?
<patdk-lap> ya
<KM0201> ya...  i don't need to log in, or ya.. i do... ?
<patdk-lap> heh?
<patdk-lap> for what?
<KM0201> do i need to log in, for the drives to automount
<patdk-lap> the only reason to ever log in, is to perform mantaince
<KM0201> well, i can ssh in and do maintenance right? (this will be headless)
<patdk-lap> ya
<KM0201> ok.
<patdk-lap> add drives to fstab
<KM0201> ok...
<patdk-lap> configure samba normally using smb.conf
<KM0201> its smb.conf i'm not sure how to configure.
<patdk-lap> not hard, mainly depends on what kind of security your going for
<KM0201> just basic stuff.. user login w/ a password.... i'm used to the easy way with Nautilus (right click, sharing options, )..
<KM0201> never done it by CLI
<patdk-lap> with or without an AD server?
<KM0201> AD server?
<patdk-lap> guess without
<KM0201> i guess i'll say w/o, cuz i don't know what that is.
<KM0201> this is just a home file server, no outside access, etc.
<KM0201> storage, etc.
<patdk-lap> then your going have to build a user database for samba, and users on the system
<patdk-lap> that is the most annoying mode I find
<KM0201> what do you mean?.. using it as a file server is annoying?
<patdk-lap> using samba in user login mode
<patdk-lap> security=user
<KM0201> oh ok... yeah, i'd like to have a user log in though, why.. i dunno.. but i would likee that
<KM0201> i'll cross that bridge when i come to it.
<patdk-lap> the only point of it is if you want people to have different rights to different folders on a share
<KM0201> and i don't.
<KM0201> you're actually right, there's no real point to it, now that i think about it.
<patdk-lap> you want everyone to just have access to everything?
<KM0201> well "everyone" is really only 2-3 people.
<patdk-lap> doesn't matter how many everyone is
<KM0201> 2 adults, one teen, and there's nothing on there that is compromising... home movies, music, family pics, etc.
<KM0201> i think thats what i'll do, is just allow anyone to access it.
<patdk-lap> normally that is easy then
<patdk-lap> use security=share
<patdk-lap> and just use guest access on the shares
<KM0201> well, i'll cross that bridge when i come to it.
<patdk-lap> and everyone logs in as guest :)
<KM0201> hmm
<KM0201> ok.
<KM0201> well, i'll cross that bridge when i come to it.
<KM0201> right now, i'm perfecting my testing in Vbox (5gig install drive, 2x5gig virtual drives, basically my setup on a much smaller scale)...
<KM0201> call me anal, i hate rolling stuff out w/ testing, i made that mistake going from freenas 6-8
<Shaggy2> I have been using ispcp, just done a format and installed 10.10. I done apt-cache search control | grep panel and found out that dtc is included in the apt-cache, how ever I can not find any help docs on this. could someone please point me in the right direction
<SpamapS> lifeless: good point
<SpamapS> lifeless: `~/.ensemble/$envname is probably a sane default..
<lifeless> SpamapS: apt is bust in oneiric atm for debootstrapping :(
<lifeless> SpamapS: also, that mail I sent you with friction - did you convert it to bugs, or should I, or are they all known ?
<SpamapS> lifeless: I believe serge and I fixed that last Tuesday
<SpamapS> lifeless: I fixed getall to be more sane...
<SpamapS> lifeless: the rest I don't recall.. let me look it back up
<lifeless> bug 816606
<uvirtbot> Launchpad bug 816606 in apt "apt postinst failure if ubuntu-keyring not installed" [Undecided,Confirmed] https://launchpad.net/bugs/816606
<lifeless> is the apt thing
<SpamapS> lifeless: yeah we worked around it by adding ubuntu-keyring as an explicit package to debootstrap
<lifeless> SpamapS: except ensemble-lxc doesn't seem to be nabbing it
<SpamapS> tho I think I'll mark our bug, 817233, as a dupe of that one
<SpamapS> lifeless: you have to rm -rf /var/cache/lxc/oneiric
<lickalott> sry patdk-lap got pulled away for a sec.
<lickalott> i have no idea what that host is.  I saw "acc" and got a little worried.
<lifeless> SpamapS: trying
<lifeless> SpamapS: also, probably need to handle lxc containers already existing - e.g. ensemble-0 existing
<lifeless> bbiab, gotta run cat to vey
<SpamapS> lifeless: right.. I have thought about changing to use a UUID.
<lifeless> SpamapS: or make it in  /tmp ? :P
<SpamapS> lifeless: hm.. it does just have to store a tiny state yaml and the formula zips
<uvirtbot> New bug: #817233 in lxc (main) "oneiric containers need ubuntu-keyring package (dup-of: 816606)" [High,Fix released] https://launchpad.net/bugs/817233
<KM0201> patdk-lap, u still around?
<KM0201> anybody know a halfway decent samba tutorial?
<SpamapS> !serverguide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<SpamapS> KM0201: ^^
<KM0201> SpamapS, thanks...
<KM0201> i actually found that via google.. but it's telling me to find "security=user" in smb.conf  in the global section, and i don't see it.
<KM0201> nevermind
<KM0201> its not under global, its under authentication
<twb> If the documentation has a bug, you should report it
<SpamapS> doc bugs are arguably the worst kind
<KM0201> yeah, they are... thats why i'm fed up w/ freenas
<SpamapS> they are viral.. copying themselves into peoples' memories
<KM0201> my needs are minimal, and i don't know why i never considered just using Ubuntu server (i'm pretty famiiliar w/ the Ubuntu OS, but.. never ran a completley CLI system, so im testing it in Vbox right now... with a GUI..lol)
<SpamapS> lifeless: btw, the last time I was messing with that branch.. I had problems with the oneiric bootup.. something was borking hard
<twb> KM0201: you can run a GUI on a server, but we don't recommend it -- and that applies to ANY server, not just Ubuntu Server.
<KM0201> twb, yeah, i know.. but.. i know my way around the various GUI's... so i'm setting it up w/ an LXDE front in Vbox now.. (total of 3 virtual drives, to simulate my NAS on a smaller scale)... once i've taken good notes on what i done in the GUI, etc.. I'll test it w/ the server ISO.
<KM0201> honestly, as long as i've been using Linux, i should be a lot more comfortable in CLI than I am.. i've been spoiled by GUI tools.
<KM0201> what is nmbd, by the way?.. never heard of that one
<twb> nmbd is part of samba
<twb> Probably stands for something like "netbios message bus daemon"
<KM0201> oh ok.
<twb> See, Windows' filesharing was devised before TCP/IP and DNS had won
<twb> So Windows has its own alternative to DNS: netbios
<KM0201> windows has its own alternative to everything
<twb> And until XP, if not later, you need to have this complete replacement for netbios around, and what nmbd does is translate between NetBIOS and DNS
<Delerium_> Is that still true with Win 2008 ?
<twb> SMB2 is allegedly MUCH better, on par with NFSv4, but I haven't looked at it.
<twb> Delerium_: I believe DNS is the default as at Vista or 7, but I don't know if netbios needs to still be there in the background
<twb> Delerium_: ##windows probably knows
<twb> "nmbd, which provides the NetBIOS-to-IP-address name service. NetBIOS over TCP/IP requires some method for mapping NetBIOS computer names to the IP addresses of a TCP/IP network."
<twb> https://secure.wikimedia.org/wikipedia/en/wiki/nmbd
<Delerium_> twb, Thanks, I was just curious ;)
<twb> https://secure.wikimedia.org/wikipedia/en/wiki/Server_Message_Block#SMB2
<Delerium_> twb, didn't work with as a SysAdm on Windows for about 10 years...
<twb> Delerium_: I haven't even *used* Windows for about eight years
<Delerium_> twb, Lucky you... I still support WAS on a couple of Windows boxes, but I don't support windows itself
<Delerium_> twb, and I'm force to use a WinXP Laptop for "Windows Only" software... puke
<cjohnston> I'm trying to setup a static ip on my server.. I'm curious on what a couple of the settings should be.. address is the IP address that I want it to set, subnet is the subnet of the network, what do I need to put into network, broadcast and gateway
<twb> On a trusted network, I would use DHCP for everything except the DHCP server itself.
<twb> (And instruct the DHCP server to assign fixed addresses to other servers.)
<cjohnston> twb: I want to be able to ssh into the server not having to figure out what the ip address is
<twb> cjohnston: 11:57 <twb> (And instruct the DHCP server to assign fixed addresses to other servers.)
<cjohnston> I'm not sure on my router how to do that
<twb> Well, if the router isn't running Ubuntu, you'd turn it off and have your server handle DHCP
<twb> (And DNS)
<twb> But if you want to go static, we can talk about that instead
<cjohnston> twb: I have some stupid router provided by the provider.. its a modem/router in one that takes care of the TVs and everything.. I think I may have just figured it out tho.. 1 sec
<KM0201> what's a good tool to mirror a drive automatically.
<twb> dd
<cjohnston> twb: I think I figured it out.. thanks
<KM0201> is there a SWAT alternative? (since it doesn't seem to be supported anymore)
<twb> An alternative to what?
<twb> Sorry, misread.  IMO you should learn to manage samba from its config files.
<KM0201> ok, i figured that would be your position, cuz thats what the FAQ said..lol
<KM0201> i think i've about got it anyway, but it's all set up w/ a GUI front, so i'm gonna reboot, and set it up w/ server edition by my notes.
<KM0201> only thing i need to figure out is mirroring 1 drive to another.
<KM0201> back ina  few..
<Delerium_> KM0201, One time deal?  Or live mirror on 2 drives?
<KM0201> Delerium_, live mirror
<KM0201> i think i read about rsync
<KM0201> but thats the next thing i want to look ati.
<Delerium_> KM0201, or use Software RAID 1
<KM0201> can you hoold that htought?.. i'll be back in about 2min
<Delerium_> check this out: http://advosys.ca/viewpoints/2007/04/setting-up-software-raid-in-ubuntu-server/
<KM0201> oh, awesome.
<Delerium_> Not sure how complete it is .. but looks pretty good at first sigh
<Delerium_> sight...
<KM0201> well, i guarantee i will find errors..lol
<Delerium_> KM0201, yeah ... Just found that this article date from 2007.. might be a bit old and maybe it has changes since then
<twb> If you want a live mirror you should be using either linux md RAID1, or a $500 raid card.
<KM0201> well, i'm definitely not using a $500 raid card
<KM0201> well, maybe "live raid".. isn't the exact word i was looking for.
<KM0201> maybe something that sync's once a day?
<twb> KM0201: if you want an archive of what the files were as at <date>, you want something more like rsnapshot
<KM0201> hmm, ok.. well, hold that thought, i'll be back in 2min.
<twb> Which is the hard disk equivalent of rotating incremental tape archives.
<KM0201> so... rsnapshot?
<twb> It depends whether your goal is disaster recovery or archival
<Delerium_> or live redundancy
<twb> Delerium_: I was folding that into DRP
<Delerium_> twb, k ;) We often have our own wording depending of the infrastructes
<Delerium_> er.. infrastructures
<twb> What I would do would be something like md RAID1 a pair of disks, then on it have /boot md0, LVM PV md1, LV root filesystem and LV rsnapshot filesystem.  rsnapshot performs a nightly cp -al and rsync from the former two to the latter, you end up with incremental daily/weekly/monthly/yearly archives, and up to one disk can die.
<twb> To guard against *real* disasters (as oppose to SPOF of a HDD); I would probably also/instead have rsnapshot backing up to an offsite medium.
<patdk-lap> offsite or online backup is always good, incase of lightening strikes and other power issues
<twb> I was thinking more "building burns down"
<KM0201> twb: this is a simple file server man... lol, i just want a mirror of the drive in case of drive failure, i back up to a large USB drive once a week also, so..
<twb> KM0201: well, that sounds more like RAID1
<KM0201> twb: ok, how would i set that up?
<patdk-lap> ya, but power issues taking out all drives is more common than buildings, I would think
<twb> KM0201: you need to do it at install time
<KM0201> oh really?
<KM0201> hmmm,
<KM0201> ok.
<twb> (Technically you can probably do it post-facto, but it's a huge pain in the arse)
<patdk-lap> it's easiest at install time :)
<twb> Mainly because grub is such a bastard
<KM0201> gotcha, so when its asking all that install crazyness, choose a "raid"
<KM0201> i remember seeing that during the install process.
<twb> KM0201: when it asks you about HDD partitioning, you need to choose "manual" and set up the disks appropriately.
<KM0201> right.
<KM0201> i've done manual set up a lot.
<twb> Unfortunately there is no "Automatic - use RAID1 entire hard disks" choice
<KM0201> understood.
<twb> I should probably complain about that to the d-i maintainers -- surely 2ÃRAID1 and 3ÃRAID5 are common enough occurrences to automate
<Delerium_> Speaking of HDD management, I didn't check lately, does ZFS makes its way to Linux!?
<twb> ZFS has the cuddle of death
<twb> Wait for BTRFS
<Delerium_> hummm BTRFS is from Oracle, right?
<twb> Technically both zfs and btrfs are from oracle.
<KM0201> well, other than rsnapshot, i think i got all this figured out
<twb> KM0201: rsnapshot is not very complex; it basically just does a nightly cp -al, then rsync
<KM0201> twb: and i can schedule that?
<KM0201> i guss my final question is (and i'm pretty sure i know the answer..)..
<KM0201> should i install Ubuntu Server, onto a Thumb drive, the way I did freenas... or knock off about 10-15gigs of one of my drives, and put the OS there
<twb> rsnapshot is triggered by cron, so sure
<KM0201> i know squat about cron
<twb> Ubuntu will run off a USB key, though not very fast for writes
<twb> It makes e.g. "apt-get update" a pain in the arse
<KM0201> well, honestly, i dont plan on updating this, etc..
<KM0201> i might even go through my router, and block the server from accessing the internet
<twb> I would probably allocate 256MB /boot, 2 to 8GiB / and (to begin with) 128GiB /srv for your data
<KM0201> ooh i'm not gonna do all that craziness
<twb> Assuming you're using LVM, you can expand the latter two as needed.
<Delerium_> twb, LVM can't expend /boot ?!
<Delerium_> (just wondering...)
<twb> Delerium_: not if it's not on LVM
<Delerium_> twb, make sense
<twb> And IMO it is more dangerous than helpful to put /boot on LVM, particularly since it should have negligible growth -- 256MB is enough for (say) a dozen kernels.
<Delerium_> twb, but can Linux boot on a LV ?
<twb> grub2 can boot from a RAID1 LVM /boot, at least, but it's flaky and fugly.
<Delerium_> twb, thanks ... I was a SysAdmin in the past, but I now mostly support Middleware product... I'm just trying to catch up with all those lost years..
<KM0201> ok, downloading the server ISO
<twb> A mini.iso will be faster, because it'll only download what you need
<KM0201> hmm, good point
<cjohnston> twb: that doesnt seem to be working. i think i need to property setup static address.. i have the hdd right now in a machine that has a head, however the HDD will go to a headless machine when it starts working
<twb> http://archive.ubuntu.com/ubuntu/dists/lucid/main/installer-amd64/current/images/netboot/mini.iso
<twb> cjohnston: OK
<twb> cjohnston: so what do you need help with?
<KM0201> i'm gnna use 11.04
<twb> KM0201: I recommend you deploy LTS in production
<KM0201> twb: naa.
<twb> Shrug.  On your own head be it.
<KM0201> i'll deploy LTS when 12.04 comes out.
<KM0201> yeah, i won't hold you accountable.. :)
<KM0201> i've been testing all this in vbox on 11.04
<cjohnston> twb: I have auto etho \ iface eth0 inet static \ address 192.168.1.100 \ netmask 255.255.255.0
<KM0201> you know what though
<KM0201> i think i'm gonna do a server install, cuz i'm gonna try to set up a raid i think
<cjohnston> twb: I guess there are network broadcast and gateway tha im not sure about
<twb> cjohnston: one moment
<twb> cjohnston: I think you only need address, netmask and gateway
<twb> (gateway only if you want to be able to access other networks.)
<cjohnston> what would I put in gateway? the address of the router?
<twb> yes
<cjohnston> ok... let me switch the hdd to the other computer and see if itll work
<twb> cjohnston: you should check /etc/udev/rules.d/70-persistent-net.rules first
<twb> cjohnston: make sure the MAC for (say) eth0 is right
<cjohnston> o
<twb> Or just delete that file entriely, which shoudl result in eth0 being the iface on next boot
<KM0201> twb: if i install server in a Raid1, is there a way to verify it is working properly, and is being properly mirrored to the "second" drive?
<twb> KM0201: cat /proc/mdstat
<twb> http://paste.debian.net/124729/ shows a synced three-disk RAID1 array, md0 /boot, md1 LVM
<twb> When the drives are out of sync, there will be a progress bar instead and an ETA.
<KM0201> hmm, ok
<KM0201> thanks
<twb> Note that immediately after install they *will* be syncing; this is because it has to sync even the unused blocks, because the md layer can't tell which blocks are important
<KM0201> ok...
<twb> (an ATA TRIM-like syscall to md, or btrfs' built in RAID layer, would fix that.)
<KM0201> hmm, ok.
<twb> Also, write-intent bitmaps are off, so if you reboot the box before the sync finishes, it'll start over again from scratch.
<KM0201> well, i'm gonna try it in vbox first... i hope it works.
<twb> *bitmaps are off _by default*
<KM0201> ok, thats good info, thanks
<KM0201> i think i'm gonna like this a lot better than FreeNas.
<KM0201> should've done it a while ago, but Freenas 8 finally pushed me over the edge
<KM0201> twb: and when i set up samba, i only need to set setup samba to see Drive 1, right? (since the server will handle syncing the two drives "behind the scenes")
<twb> KM0201: md RAID will mean your system sees three drives -- the sda and sdb low-level drives, and the md0 RAID pseudo drive.
<twb> Only the md drives will be mounted.
<twb> Samba itself doesn't care about that, because it just deals with the VFS layer -- i.e. files and directories, not drives.
<KM0201> ok..
<KM0201> twb: got time for a quick question?
<twb> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<KM0201> i know, i know, i didn't know if you were still here..
<KM0201> ok
<KM0201> i've got scsi3     /swap, / and /media/Disk
<KM0201> scsi4, is currently unformatted.
<KM0201> i want scsi4, to be th emirror.
<KM0201> so i go up to "configure software raid"
<KM0201> then create MD device
<KM0201> raid 1, which is mirror.
<KM0201> now, this is where i get confused, its asking for "active devices in the raid1 array"...
<KM0201> it's set to 2.. (which is minimum)
<KM0201> i guess if i choose 3, then it will mirror the entire drive.. right?
<lifeless> KM0201: what scsi drives do you have ?
<KM0201> i'm testing this in vbox.
<twb> KM0201: uh, the two nodes should be your two hard disks
<twb> Or two partitions, one on each disk
<twb> You will need to move any data on those disks elsewhere before you do the install
<KM0201> ok.
<KM0201> right, i understand that (the virtual disks are blank)
<KM0201> hmm
<KM0201> twb: i don't ned to set up swap space to be mirroed do i?.. i just set my ext 4 / to mirror, and that was it. (but both drives have a swap partition)
<KM0201> twb: it worked! (at least in vbox)
<KM0201> now i just gotta do it again, and take detailed notes
<jane1> hey guys. i want  a root shell. vps i think. where i can do anything with root acces. install apps. do anything.    do i need vps hosting . thats what i see always. i thing its just for hosting websites with some additional acces..?   so what do i need. and i want a cheap one. 15 dollars / mo ?
<greppy> jane1: take a look at http://prgmr.com
<jane1> greppy is it yours?
<defunct> hi, does anyone know if I need udev (udevd) on a VPS?
<bkerensa> janel: If you need root shell access a VPS will work... There are lots of providers Linode.com, MediaTemple.com, Prgmr.com, VPS.net the list is long :)
<jane1> greppy is it yours?
<bkerensa> defunct: I suggest you keep it... udevd handles events and such
<rww> I personally love Linode.
<jane1> greppy ahem
<bkerensa> rww: I second that although MediaTemple gave me thousands of dollars in free hosting at OSCON :P
<bkerensa> Free VPS even :P
<bkerensa> janel: Probably not his and he is likely idling
<bkerensa> rww: Can I PM you?
<defunct> bkerensa: hrmm. I was hoping I could free up some memory by removing it
<rww> bkerensa: about?
<bkerensa> rww: #ubuntu-server contributions :)
<rww> I've only been in here for four hours, but sure, why not.
<greppy> jane1: no, but I am a customer of theirs :)
<bkerensa> defunct: I would not suggest it... It does use a bit of memory but likely you can make other optimizations to reduce memory usage
<bkerensa> janel: Linode has the best benchmarks and likely the most economical pricing model (Google)
<defunct> bkerensa: alright, thank you :)
<jane1> greppy if ineed 512 or ram. it will be?
<bkerensa> defunct: Is your VPS for web stuff?
<greppy> jane1: they offer that as an option, yes.
<jane1> greppy 4 dollars + 512/64?
<jane1> k
<defunct> defunct: I just have lighhttpd running on it, but mostly it's for irc and and a ts3 server
<defunct> defunct: but still, only 100mb ram free atm (from 512)
<defunct> whoops meant bkerensa :P
<bkerensa> defunct: No MySQL?
<defunct> bkerensa: not yet, no php or mysql
<defunct> bkerensa: hrmm I can probably shut off getty
<bkerensa> defunct: Well just make sure your swap is good so you dont thrash
<defunct> defunct: 1gb swap should do...
<defunct> I'll just leave it all for now, until swamp is actually getting used, so far it hasn't
<defunct> syslog     439  0.0  0.2  34452  1476 ?        Sl   Jul30   0:00 rsyslogd -c4
<defunct> doesn't syslog use like less than half of that normally
<lifeless> hallyn: around ?
<SpamapS> lifeless: still banging away on it?
<lifeless> SpamapS: put ensemble on hold till apt is fixed (because ensemble wants oneiric)
<lifeless> SpamapS: but I plan to nab mvo soon to talk about the apt-key postinst script call
<lifeless> SpamapS: right now I'm running into
<lifeless> lxc-start: Device or resource busy - failed to remove previous cgroup
<lifeless> on start
<lifeless> after a clean vm boot
<SpamapS> using cgroup-bin?
<lifeless> it is present, yes.
<SpamapS> I have yet to be successful w/ that installed
<lifeless> worked fine on natty. Will try removing it.
<lifeless> it kindof sucks though, to have a nice helper and have it be incompatible.
<lifeless> so the thing I was trying next was back to 'why does echo /dev/null | sudo lxc-start -n ,,, -d ' reset my sudo password ticket
<lifeless> which I'm hoping oneiric fixes.
<SpamapS> :-P
<huats> morning
<blizzkid> Hi all, I have an udev rule: ACTION=="add", SYSFS{model}=="RD1000", NAME="RD1000%n" Now, when I insert the first RD1000 (internal), it becomes /dev/RD10001, I then insert the second RD1000 (usb), and it becomes... /dev/RD10001, while I was presuming the %n would make it RD10002. What am I grossly overlooking?
<_ruben> hmm, what takes care of displaying the motd on login via ssh? PrintMotd in /etc/ssh/sshd_config is set to "no", yet it is displayed on each *first* login, tho i'd like to show it on *all* logins
<lifeless> SpamapS: yeah, removed cgroup-bin, works. >< >< >< >< >< >< ><
<_johnny> perhabs your keyboard is broken
<jane1> why centos is considered a better server than ubuntu?
<_ruben> ask the centos ppl
<jane1> whats your choice in ranking
<_ruben> 1. ubuntu
<_ruben> <end>
<_ruben> never used centos
<jane1> hm
<jane1> fedora ?
<jane1> _ruben
<jane1> debian
<_ruben> in the past i've used slackware/debian/suse (roughly in that order)
<maxb> The question "why centos is considered a better server than ubuntu?" is essentially meaningless, since it fails to specify who is doing the considering
<maxb> I doubt most of us would be on this channel if we upheld that opinion
<_ruben> exactly
<jane1> any suggestions for a domain name that has music, education, videos, students , chating , bloging... video chats. text chats.. etc. multi purpose communication  .   ?
<Daviey> _ruben: I suspect many people really appreciate the lack of predictable release schedule, and a not having much confidence in the future stability.
<Daviey> </troll>
<_ruben> Daviey: agreed :)
<Ursinha> buenos dias
<Daviey> Ursinha: Salem!
<jane1> any suggestions for a domain name that has music, education, videos, students , chating , bloging... video chats. text chats.. etc. multi purpose communication  .   ?
<Daviey> jane1: no
<Daviey> (you don't need to keep asking, people will respond if they do... )
<jane1> 'no' is nice but it makes a negative sence
<jane1> oh ok.
<Daviey> Although, it is pretty Off Topic for here.
<jane1> ya.. only the website is in ubuntu hosting
<Shaggy2> apt-get update
 * _ruben redirects Shaggy2's terminal
<_ruben> jane1: music-education-videos-students-chating-bloging-videochats-textchats-etc-mulit-purpose-communication.{org,net,com,...}
<trapmax_> i have a script which runs /etc/init.d/nfs-kernel-server. when running the script from roots crontab it fails to start.
<_ruben> trapmax_: quite likely an environment varaible thing, like lack of /sbin in the path
<trapmax_> k, thanks. i'll look into that
<Pici> trapmax_: You may want to make sure that the cron line is running at all, check /var/log/syslog for an entry.
<trapmax_> Pici: i used "0 * * * * /path/to/my/script > /path/to/script/log", and got nfs output as log, so i know it ran, but errors were sent via email concerning the modprobe and start-stop-daemons. it would make sense that env vars are not set properly
<Pici> trapmax_: Put 2>&1 at the end of that.  That will ensure that anything that was sent to stderr will be redirected to stdout, which you've already directed to the logfile.
<jane1> Pici
<jane1> any suggestions for a domain name that has music, education, videos, students , chating , bloging... video chats. text chats.. etc. multi purpose communication  .   ? something that have hub or communications... gatway...
<Pici> jane1: no.  And I don't understand what that question has to do with Ubuntu either.
<jane1> its offtopic
<jane1> and thx
<Pici> jane1: Try #ubuntu-offtopic then
<jane1> no response
<_ruben> probably noone cares there either :)
<jane1> ya
<allo> hi
<allo> Can someone help with krb5 and nfs4?
<allo> when i touch a file on the mount, it is owned by nobody, even when the user has his kerberos ticket and a ticket for the nfs-server principal
<jane1> what is the ram and proccesor requirments for ubuntu server?
<smoser> jane1, the base system will boot and run in 256
<smoser> after that, it really depends on what you're hoping to do with it.
<jane1> gui . gnome or kde will run in 256 too ?
<jane1> smoser ?
<smoser> jane1, i dont really know.  gnome or kde are not really ubuntu server.
<jane1> i only have 256 of ram at a vps.  need to run apache, mysql, and an ircd. will do ?
<smoser> jane1, most certainly people do that.
<jane1> jit wil run
<jane1> ?
<smoser> those people don't run cnn.com or slashdot.org
<smoser> but it will run.
<allo> jane1: yes, it will run
<allo> if you expect high load, get a better server
<smoser> jane1, i would suggest not running an X stack there though
<smoser> that is just going to waste precious memory
<jane1> smoser x stack?
<smoser> X11
<smoser> (you mentioned gnome and kde)
<jane1> ya. but whats x11?
<hallyn> lifeless: i'm around now.   what's up?
<sw0rdfish> hey is there a way to limit /home/user1 and /home/user2 each to a certain limit of size
<sw0rdfish> ex: each to 50GB in an OpenVZ vps?
<Jeeves_> sw0rdfish: if you want it independent of the owners of the files
<Jeeves_> xfs projectquota can do that
<Jeeves_> Otherwise, normal kernel-quota stuff
<smoser> lynxman, cloud-init test ?
<lynxman> smoser: looks okay here
<smoser> you tested ?
<smoser> trunk for your changes
<maswan> or two separate filesystems
<maswan> sw0rdfish: that was for you as another suggestion
<maswan> (context was perfectly fine inside my head)
<sw0rdfish> hmmmmmm
<mjeanson> sw0rdfish, openvz supports user quotas inside a container, but it's global not path specific
<lynxman> smoser: yes sir I did
<sw0rdfish> I see.
<lynxman> smoser: maybe the permissions could be an issue but tbh not too concerned
<smoser> the permissions in trunk on the private key are 600 or 400
<smoser> no way should a file with credentials have 644 perms
<smoser> SpamapS, ping when you're in
<lynxman> smoser: they should be 400 I do agree
<uvirtbot> New bug: #815504 in bind9 (main) "glibc double free when using postgres dlz" [Undecided,New] https://launchpad.net/bugs/815504
<uvirtbot> New bug: #819319 in lxc (main) "more lxc scripts are broken with multiple cgroup mounts" [High,In progress] https://launchpad.net/bugs/819319
<uvirtbot> New bug: #817220 in bacula (main) "package bacula-director-common 5.0.3-0ubuntu2 failed to install/upgrade: problÃ¨mes de dÃ©pendances - laissÃ© non configurÃ©" [Undecided,New] https://launchpad.net/bugs/817220
<uvirtbot> New bug: #817779 in mysql-dfsg-5.1 (main) "package libmysqlclient16 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/libmysqlclient.so.16.0.0', which is also in package mysql-cluster-client-5.1 0:7.0.9-1ubuntu7" [Undecided,New] https://launchpad.net/bugs/817779
<uvirtbot> New bug: #818105 in qemu-kvm (main) "package qemu-kvm 0.14.0 noroms-0ubuntu4.4 failed to install/upgrade: erro ao escrever para '<saÃ­da standard>': Arquivo ou diretÃ³rio nÃ£o encontrado" [Undecided,New] https://launchpad.net/bugs/818105
<patrickmw> robbiew: http://ubuntuqa.wordpress.com/
<robbiew> patrickmw: sorry, but what am I supposed to notice exactly :/
<patrickmw> robbiew: this is the qa automation status report. you had asked about the package testing.  its on the backlog at the moment
<patrickmw> I will be adding dates soon
<robbiew> patrickmw: ah...so basically a wiki to tell me the same info...heh
<patrickmw> robbiew: yup.  but when we start on the package stuff, this will be the link that will show what packages have been "checked off".  I will keep you posted
<robbiew> ah...gotcha
<jj995> I'm trying to find the users using the most disk space on a server -- is there a quick command to do this?  e.g. like "du /*/* -s --block-size=1G | sort -g" except for sorting by user instead of file
<SpamapS> smoser: pong, I'm in
<smoser> SpamapS, updates to https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/810044
<uvirtbot> Launchpad bug 810044 in cloud-init "cloud-init will have race conditions for cloud-config with multiple network adapters" [Medium,Confirmed]
<patdk-lap> that is one big block
<luigi> Hey guys, I'm getting increasingly more angry with the dhcp3-server.
<SpamapS> smoser: so.. I've been thinking hard about how that works.. and I'm worried that the event will be too rigid for my eventual intended use (as a part of rc-sysinit)
<luigi> It's not reading any configuration files.
<luigi> Anywhere.
<smoser> SpamapS, why to rigid?
<SpamapS> smoser: because one can have an interface in /etc/network/interfaces that comes and goes..
<luigi> There's no /etc/default/dhcp3 , first off, and all the guides I've seen tell me there should be...
<SpamapS> smoser: for instance, one could list a USB network interface as "auto" .. that just means "when its there, bring it up"
<SpamapS> smoser: its a bit of a corner case, but I think we can handle it gracefully
<smoser> well..
<smoser> i think the implementation i have there is corredt for that
<smoser> your case is handled (i think) best by the user not using 'auto'
<smoser> but 'auto-hotplug'
<smoser> in which case, the code i have there right now works correctly
<SpamapS> smoser: I was thinking after networking (ifup -a), if static-networking-up hasn't been emitted, we need to make some kind of call about the remaining interfaces.. not sure what though.
<smoser> as it would be ignored as "auto" but still brought up on hotplug
<SpamapS> smoser: is auto-hotplug already a thing?
<smoser> i am going off what i read in interfaces(5) only
 * SpamapS should read it again. ;)
<smoser> sorry
<smoser> allow-hotplug
<SpamapS> Right, ok
<SpamapS> that makes sense.
<smoser> yes, but whether or not it actually happens, i dont know
<smoser> :)
<smoser> it makes for good doc
<SpamapS> How about a timeout that drops you to single user mode if the "auto" interfaces haven't all come up?
<smoser> the other thing is that your event will possibly fire multiple times in the lifetime of a sytem
<smoser> ie, if i : ifdown eth0 ; ifup eth0
<smoser> it will fire again
<SpamapS>     exec ifup --allow auto $INTERFACE
<SpamapS> That is what happens *now* on net-device-added
<SpamapS> which is basically "hotplug"
<smoser> well that sucks.
<SpamapS> smoser: I was thinking about using a job, 'static-networking' instead of the event.
<SpamapS> smoser: well we could do if ! ifup --allow auto $INTERFACE ; then ifup --allow hotplug $INTERFACE
<SpamapS> smoser: ifquery may help here tho
<smoser> ifquery is broken
<smoser> for mapping devices
<smoser> so i dont trust it
<SpamapS> smoser: are you sure the mapping interfaces is a problem? Don't all mapped interfaces show up as real=mapped in ifquery --list ?
<SpamapS> smoser: ahh, reading the comment now
<smoser> SpamapS, did you read what i wrote there?
<smoser> yeah
<smoser> ok.
<smoser> i'll be back in 10 minues
<smoser> SpamapS, so i suspect that in ubuntu 'allow-hotplug' would be difficult to implement.
<smoser> as that is basically how *all* interfaces are brought up
<smoser> on udev events at startup
<SpamapS> smoser: well ifup -a will try to bring up all that exist, in case they don't emit a udev event
<smoser> SpamapS, probably not
<SpamapS> smoser: since that starts on stopped udevtrigger .. that should be sufficient for any servers.
<smoser> or it could be considered a bug if it did
<SpamapS> smoser: it does. the point of /etc/init/networking.conf is a "last ditch" to bring up any critical networking pieces
<smoser> should 'ifup -a' try to bring up a device that was listed in interfaces with 'allow-hotplug'
<SpamapS> no
<SpamapS> auto
<smoser> right. you said "all that exist", which is what i was confused by.
<smoser> so anyway, i think what i have there in my branch should work for all cases other than the usb case.
<smoser> and ofr my use, that is not a big deal.
<SpamapS> For the USB case I'm ok w/ release notes saying "use conman for usb interfaces that you want to bring up automatically"
<SpamapS> smoser: appreciate you completing my work.. I've been fretting over this for a week trying to think of all the error conditions
<smoser> connman or network-manager ?
<SpamapS> nI guess network-manager --no-install-recommends won't bring in anything evil
<smoser> SpamapS, i pinged slangasek in -devel hoping to ask about the intent of 'ifquery --list'
<smoser> it generally seems broken to me
<SpamapS> smoser: ifupdown is *evil*
<SpamapS> smoser: did you try to read the code?
<smoser> main.c ?
<SpamapS> smoser: that is not the code
<SpamapS> :-/
<smoser> yeah, and i thought WTH
<SpamapS> smoser: that is generated
<smoser> well, obviously.
<smoser> but it wasn't clear from where.
<SpamapS> ifupdown.nw
<SpamapS> Which is written in some weird "literate programming" language
<SpamapS> Some crazy idea where you write code and a postscript doc together
<smoser> what processes .nw -> main.c ?
<SpamapS> 'nowebm'
<smoser> wow.
<smoser> ok
<smoser> so where do you think we are ?
<smoser> oh..
<smoser> th eothe rissue i had to talk to you about SpamapS in this regrad
<SpamapS> smoser: well I have oft wondered if we wouldn't be better off abandoning the ifupdown code base and just re-implementing it with C++ or python or something.
<smoser> i *think* that my need for blocking is handled fine.
<smoser> a diff to cloud-init like:
<smoser>  http://paste.ubuntu.com/656489/
<smoser> SpamapS, it can't be python
<smoser> it has to be /bin or /sbin
<smoser> (which my removal of 'cut' was good for that too)
<SpamapS> smoser: yeah I actually have a branch that cleaned that up too w/ shell only
<smoser> SpamapS, in theory, would you tink my cloud-init-nonet would function the same with this change?
<SpamapS> smoser: but I was definitely relying on ifquery --list
<smoser> ie, it shoudl block for me
<SpamapS> smoser: and don't feel bad that we've been working in parallel. The amount of knowledge we've gained is enormously valuable. :)
<SpamapS> smoser: I'm not sure, what were you going to change the start on to?
<SpamapS> smoser: or wait, its the stop on that you want to change right?
<smoser> (i just started looking at this this morning, hoping i could shove something in before alpha3)
<smoser> see pastebin above.
<smoser> right.
<SpamapS> on a single instance system that should be the same moment
<SpamapS> err
<SpamapS> interface
<smoser> right.
<smoser> but i need to handle multiple interfaces
<SpamapS> And if you have 3 interfaces and a bridge, then it would be a more correct version of the same moment. :)
<SpamapS> smoser: it would make your comment wrong.. you'd be blocking until all auto interfaces are up, not just a non lo interface
<smoser> i'm concerned about blockign system boot
<smoser> thats what i *want*
<smoser> i think i get that because of cloud-init.conf is 'start on mounted MOUNTPOINT=/ and stopped cloud-init-nonet
<smoser> '
<SpamapS> smoser: I'd like to see this accompanied by a test case in the build... I'm worried about weird /etc/network/interfaces files that work w/ ifupdown but not with your ghetto parser. ;)
<SpamapS> smoser: for your purposes though.. yes I think this solves your case.
<smoser> i dont really  know how the parser could go wrong
<SpamapS> smoser: for the purpose of delaying rc-sysinit's switch to runlevel 2.. I'm not entirely sure about it.
<smoser> white space delimited first field is "auto"
<smoser> (or allow-auto)
<smoser> anything after a '#' is stripped
<SpamapS> smoser: "       A line may be extended across multiple lines by making the last character a backslash.
<smoser> take all the other tokens
<smoser> actually, readline works then.
<smoser> interestingly
<SpamapS> OH cool
<smoser> i'm pretty sure. let me test that though.
<smoser> i think i've beeen pissed off by that before
<smoser> :)
<SpamapS> ok reading the man page, I think you're covered if read line works
<SpamapS> So, I'm willing to upload this for A3
<SpamapS> let me test it out on a VM tho. :)
<smoser> SpamapS,  http://paste.ubuntu.com/656500/
<smoser> just run that, you get the 3 lines concat'd
<SpamapS> yeah that makes sense
<smoser> SpamapS, you build this, i'll build a cloud-init and give you a ec2 instance to play with
<smoser> build for amd64
<SpamapS> ok, I'm also going to configure a VM with 3 interfaces and a bridge.. ;)
<SpamapS> hrm.. why haven't we dropped the size of the server iso yet?
<hallyn> RoAkSoAx: hey
<RoAkSoAx> hallyn: hey
<RoAkSoAx> hallyn: what's up
<SpamapS> smoser: built, seems to emit on my laptop which has only lo.. :)
<hallyn> RoAkSoAx: hey, cani get some sponsorin luv? :)
<hallyn> RoAkSoAx: http://people.canonical.com/~serge/lxc.debdiff
<RoAkSoAx> hallyn: sure
<hallyn> RoAkSoAx: thanks
<SpamapS> smoser: were you thinking that we should touch a file in /var/run or something so we don't emit this twice?
<smoser> SpamapS, i dont know. it seems like it may be ok to emit twice
<smoser> right?
<SpamapS> smoser: since its not waited on, it won't affect ifup/ifdown commands
<SpamapS> smoser: but it could cause issues for things that  'start on x and static-networking-up'
<smoser> SpamapS, i can defer to you on that.
<smoser> what will happen for my case?
<SpamapS> smoser: for yours nothing, because yours only runs at start
<SpamapS> smoser: I think the right thing to do is to view this as a singular event, much like mountall does.. and never emit it again
<SpamapS> smoser: Otherwise the system gets super reactive to any admin activity
<smoser> well, not so much, SpamapS
<smoser> on 'start on x and static-network-up'
<smoser> those would not really fire more than once, right?
<SpamapS> smoser: ifdown eth0, ifup eth0 .. would emit it again on a system with auto eth0
<SpamapS> smoser: so if thats a task, its now waiting for 'x' to happen again
<smoser> ok.
<SpamapS> I can't see a time where this needs to happene very time the static network comes up
<smoser> so then, we can touch a file that said its been done
<SpamapS> This is an event to boot things.. the "state" we're looking for is runlevel 2
<SpamapS> smoser: I'll actually touch a file before emitting.. as thats more atomically correct. :)
<SpamapS> It would be interesting to look at how ChromeOS is doing their upstart boot now..
<smoser> SpamapS, http://paste.ubuntu.com/656507/
<smoser> don't touch
<smoser> use : >
<smoser> or something else
<SpamapS> Keybuk was saying they just have two jobs .. boot-services and services .. and everything follows those two jobs' starting and stopping events
<smoser> touch is /usr/bin/touch
<SpamapS> damnit! ;)
<SpamapS> no, no no no not return 1
<RoAkSoAx> hallyn: done!
<SpamapS> smoser: this is a racey lock..
<smoser> true
<smoser> you want me to un-racify it ?
<smoser> (i think return 1 is correct, htough)
<SpamapS> its not an error
<SpamapS> smoser: we're just choosing not to emit
<SpamapS>     : > /var/run/network/static-network-up-emitted || exit 0
<SpamapS> something like that
<smoser> returning 1 is not an error.
<SpamapS> oh, you can't do it there. ;)
<smoser> i'm confused.
<SpamapS> thats the race
<smoser> yes i can fix a race there.
<SpamapS> you check the lock in all_interfaces_up, but create it blindly later
<smoser> i or you are missing something
<SpamapS> hmm.. : > doesn't error if the file exists already.. :-/
<smoser> there *is* a race condition there, you are correct
<smoser> doesn't matter.
<smoser> you dont get there unless you had the lock
<smoser> but we dont have a lock
<smoser> for a lock, the easiest thing to do is 'mkdir'
<SpamapS> ahh good point it is atomic
<SpamapS>     mkdir /var/run/network/static-network-up-emitted || exit 0
<hallyn> RoAkSoAx: thanks!
<SpamapS> http://paste.ubuntu.com/656510/
<smoser> http://paste.ubuntu.com/656513/
<smoser> yeah.
<SpamapS> 6
<SpamapS> 1/2 dozen
<SpamapS> hmmmm which is better?
<SpamapS> I like the &&
<SpamapS> one exit is simpler to read
<smoser> the only issue is that we're taking the lock before we've emitted the event
<smoser> so at very least we should rmdir on failure of the event to emit
<smoser> but...
<smoser> we're kinda screwed in that scenario
<SpamapS> yep
<SpamapS> all kinds of stuff breaks if initctl doesn't work right .. all over the place
<SpamapS> we've stipulated that it works
<SpamapS> and its authors are careful to make it as reliable as possible
<SpamapS> smoser: push that, I'll merge it
<orudie> when I upgraded from 9.10 to 10.04, there was a bug with dovecot
<orudie> what is a good way to reinstall dovecot on 10.04
<smoser> SpamapS, pushed.
<orudie> I want to completely whipe out the configs for it etc...
<orudie> and start fresh on 10.04
<smoser> SpamapS, lets test it a bit, and then go with it
<SpamapS> orudie: apt-get purge name_of_package_to_remove
<SpamapS> orudie: note that that will also remove all the *data* that belongs to said package
<orudie> SpamapS, thanks it worked
<SpamapS> orudie: so, just make a backup first :)
<orudie> SpamapS, :)
<hallyn> SpamapS: I don't have write access to lxc tree yet.  Any chance I could convince you to do 'pull-lp-source lxc natty; bzr branch lp:ubuntu/natty/lxc; cd lxc; bzr import-dsc ../lxc*.dsc; bzr push' and do that for lucid, maveirck, and natty?  (when you get a chance)
<Daviey> hallyn: importer not working?
<hallyn> Daviey: apparently
<hallyn> at least for natty it is one changelog entry behind
<Daviey> hallyn: are you sure?
<Daviey> hallyn: ahh, using the wrong pocket..
<Daviey> natty-updates
<Daviey> hallyn: lp:ubuntu/natty-updates/lxc
<hallyn> Daviey: damn.  i was thinking bzr trees just tracked updates
<hallyn> Daviey: thx
<Daviey> hallyn: it would make sense, would it not? :)
<hallyn> Daviey: how it's done makes sense :)
<robos> hello: when doing a large file copy across a NFS mount I see around 80% of load (according to top) is in iowait. Does this sound right to you?
<patdk-lap> only 80%, wonder why it's not 100%
<KM0201> i've got two disks mounted under /media (Disk_1, Disk_2).. both are ext4, i can read/write them from the server, but not via samba, i always get permission denied.
<KM0201> i've got two disks mounted under /media (Disk_1, Disk_2).. both are ext4, i can read/write them from the server, but not via samba, i always get permission denied.
<hggdh> Daviey: there?
<Daviey> hggdh: always
 * negronjl is away: out to lunch
<RoAkSoAx> smoser: any ideias? http://paste.ubuntu.com/656580/
<KM0201> i've got two disks mounted under /media (Disk_1, Disk_2).. both are ext4, i can read/write them from the server, but not via samba, i always get permission denied.
<KM0201> i'm assuming this is something i've done in smb.conf  , but i don't know what.
<smoser> RoAkSoAx, looking
<KillMeNow> KM0201:  I assume you have verified the Samba share permissions?
<smoser> where do you see that ?
<smoser> what is the metadata, RoAkSoAx
<KM0201> KillMeNow: how would i check that? (no i don't think i have, i just followed a basic tutorial)
<KM0201> obviously its a permission error, just.. not sure how to fix it.
<smoser> RoAkSoAx, i suspect that you have a dict in the yaml that you gave it for cloud-config rather than a list
<KM0201> i can do this no prob w/ NTFS..
<KM0201> so it's obviously something i'm doing wrong
<RoAkSoAx> smoser give me a sec and ill send u the late command using that
<smoser> RoAkSoAx, am i right in guessing it has 'ssh_authorized_keys'
<smoser> ?
<RoAkSoAx> smoser give me a.sec as im reinstalling should be done in ~4
<RoAkSoAx> smoser: so this would be the error: not an array right?
<smoser> right. i suspect that your meta-data or user-data is incorrectly formed
<RoAkSoAx> smoser: yeah I guess that came from changes made to ensemble
<KillMeNow> KM0201:  IIRC it should be ls -la /path/to/share
<hallyn> Daviey: are you still around?
<smoser> RoAkSoAx, note, that ssh keys is strange in metadata
<KM0201> KillMeNow: what does that do?
<KillMeNow> KM0201:  you should see the typical file permissions but instead of a drwx it should show srwx or something like that
<KillMeNow> been a while since i dinked with samba
<KM0201> oh ok.
<KillMeNow> then you can set up permissions like any other directory using chmod
<smoser> RoAkSoAx, http://paste.ubuntu.com/656588/
<KillMeNow> and chown if necessary
<josePhoenix> hello all
<smoser> if you're feeding it meta-data and putting ssh keys in it, you'll have to do like that
<KM0201> KillMeNow: i have the directory right.. (like i said, i can create files in it from the server, and browse from a network machine).. wha ti can't figure out, is how to write from a network machine
<KM0201> i've tried several chown/chmod commands
<RoAkSoAx> smoser: ok cool. I think it's just a change on the way of doing things cause it was working just fine
<smoser> are you doing it in user-data or meta-data ?
<josePhoenix> I was asked by #httpd to show the output of 'apache2 -S' but I get the error  "apache2: bad user name ${APACHE_RUN_USER}"
<RoAkSoAx> smoser: fwereade was working on some changes to convert stuff to twisted so he might have changed that
<RoAkSoAx> smoser: user-data
<josePhoenix> How can I get that to work?
<hallyn> RoAkSoAx: do you have a few more minutes?  (and are you sufficiently familiar with UDD?)
<hallyn> RoAkSoAx: if you'd be so inclined, there are two bzr trees linked to bug 753308.  they need to be pushed to -proposed.
<uvirtbot> Launchpad bug 753308 in lxc "Restart containers on upgrade" [High,Fix released] https://launchpad.net/bugs/753308
<Daviey> hallyn: i am indeed
<RoAkSoAx> hallyn: i'm actually on my way out but can take a look at them when I get back unless someone beats me to it
<hallyn> RoAkSoAx: then i'll ask Daviey, thanks :)
<hallyn> Daviey: can I get 3 minutes of your time?  there are two bzr trees linked to bug 753308.  they need to be pushed to -proposed.
<uvirtbot> Launchpad bug 753308 in lxc "Restart containers on upgrade" [High,Fix released] https://launchpad.net/bugs/753308
<hallyn> Daviey: and before complain, I'm working on https://wiki.ubuntu.com/SergeHallyn/ServerDeveloperApplication  :-)
<Daviey> \o/
<Daviey> hallyn: not to be a wet blanket, but wouldn't this be suitable to add to a future SRU?
<Daviey> as in, it has no change except not restarting containers on package upgrade?
<Daviey> the impact of the current packages is 0, it's a -security or -updates future issue?
<hallyn> Daviey: i dont' grok your last sentence?
<hallyn> as for 'future SRU', not to sound naive :) but I don't really expect any, especially for maverick (note it is as present the -unstable package)
<Daviey> hallyn: this bug doesn't cause upset with packages *currently* in -updates, right?
<hallyn> lxc is not in -updates yet, is that what you mean?
<Daviey> it's if the packages get upgraded in the future, the containers restart?
<hallyn> ah
<hallyn> yes, or on a do-release-upgrade i guess
<hallyn> your point makes sense;  only if osmeone upgrades to natty from maverick would they see this
<Daviey> you sort of expect to reboot following a do-release-upgrade
<Daviey> infact the user is prompted to
<hallyn> natty might have more I suppose.
<hallyn> Daviey: do you have a good idea for how to make sure thi schange would make it into the next SRU?
<Daviey> hallyn: funny you say that...
<hallyn> if we could be sure UDD was going to be used, we could just commit it to bzr but not push a package
<Daviey> technically, staging it in the udd branch *should* be enough
<hallyn> Daviey: i'm a comedian, you just didn't know it
<Daviey> but nobody checks the udd branch before they upload their latest kick
<hallyn> eh, i do :)
<hallyn> we can ask stgraber  and zul to.  tha tshould cover it
<KillMeNow> KM0201:  here is a article for quick samba permissions:  http://www.cyberciti.biz/tips/how-do-i-set-permissions-to-samba-shares.html
<Daviey> -security do maintain a list of things they need to do when touching some packages.
<hallyn> where?
<Daviey> hallyn: good question.. trying to find it
<hallyn> Daviey: of course i still don't have write access to that tree.  I don't mind if you just remove the release tag and push to {maverick,natty}-proposed
<KM0201> KillMeNow: thanms
<KM0201> *thanks
<Daviey> hallyn: if you still have the tree on your local machine, fancy changing the pocket to UNRELEASED and submitting a merge proposal? :)
<hallyn> Daviey: will do
<hallyn> (in about 10 mins)  shoudl i assign to you?
<hallyn> assign the review to you, that is
<Daviey> the default should be good
<hallyn> ok, thanks.  ttyl
<axisys_> i just upgrade the to the latest linux kernel on lucid and now I am getting this error
<axisys_> [  402.925779] bonding: bond0: Warning: the permanent HWaddr of eth0 - 00:23:8b:11:22:10 - is still in use by bond0. Set the HWaddr of eth0 to a different address to avoid conflicts.
<axisys_> do I need to revert to the prev linux kernel ?
<axisys_> I did not see this alert before.. I have this bonding setup for a month now
<hallyn> Daviey: done
<Daviey> hallyn: -security have added an alert to include this fix if they touch the package
<SpamapS>      Subject: [ubuntu/oneiric] jenkins 1.409.1-0ubuntu1 (Accepted)
<SpamapS> !!!!!
<SpamapS> w00t
<Daviey> SpamapS: would be better if it wasin't in dep-wait :P
<SpamapS> something get rejected or just many things in NEW?
<Daviey> NEW queue :(
<hallyn> Daviey: cool, thanks
<lifeless> hallyn: just more lxc shenanigans
<lifeless> hallyn: e.g. on oneiric cgroups-bin does something to make lxc startup fail
<Daviey> hallyn: https://code.launchpad.net/~serge-hallyn/ubuntu/natty/lxc/fix-restart/+merge/70064 .. is showing two commits, stgrabbers aswell?
<Daviey> stgraber rather
<Daviey> hallyn: Ahhh!
<Daviey> your target is the release pocket, not -proposed
<skaet> Daviey,  https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/791607,  any chance we'll have a fix for A3?
<uvirtbot> Launchpad bug 791607 in eucalyptus "Oneiric Eucalyptus fails to start up" [High,Confirmed]
<Daviey> skaet: with no doubt, no.
<Daviey> skaet: That package should be in universe by then.
<skaet> Daviey,  have the mandatory tests been updated?
<Daviey> it's not something that will be tested as part of the A3 QA, skaet
<Daviey> skaet: yus
<Daviey> :)
<skaet> :)
<Daviey> skaet: the A3 release will be an easy ride for us.. you read it here first!
<Daviey> If we come across difficult bugs, we just rip it off the cd.. that is how we roll.
<skaet> Daviey, fingers crossed.
<skaet> lol
<Daviey> skaet: bug #767225, is still of *major* concern to me tho.
<uvirtbot> Launchpad bug 767225 in fortune-mod "Slightly incorrect attribution in a fortune" [Wishlist,Incomplete] https://launchpad.net/bugs/767225
<skaet> LOL
<skaet> :)
<jcastro> Daviey: I've done one of those before: https://bugs.launchpad.net/ubuntu/+source/fortune-mod/+bug/184824
<uvirtbot> Launchpad bug 184824 in fortune-mod "Oxford Union rules out of date" [Undecided,Fix released]
<skaet> There's a couple of others that are still open reported with A2,  any of them likely to get fixed?
<Daviey> jcastro: Looks like it was resolved promptly, but this Oneiric release critical issue is still unresolved. :(
 * skaet notes that Daviey considers a wishlist bug as release critical - hmm...   could make for a rather long list for next agenda 
<hallyn> lifeless: are you sure you are fully uptodate?  (bc this weekend you reported a bug that i'd already worked around in the lxc package in archive)
<hallyn> Daviey: you want me to try an dtarget the merge request to -proposed?  (not sure it will let me as that doesn't exist right now)
<lifeless> hallyn: yes, I'm sure.
<lifeless> hallyn: the workaround you have doesn't work.
<hallyn> oh?  It worked on my system...
<hallyn> but that's not what you're asking me about right now - what's gong on with cgroups-bin?
<lifeless> your adding of ubuntu-keyring to the install line? doesn't work if apt decides to do two runs, because its a recommends not a depends
<lifeless> so it may work.
<lifeless> It may not.
<hallyn> hm
<lifeless> the right fix (just discussed in ubuntu-devel now) is changing apt.
<hallyn> ok.  (regardless it still would have needed to have a *real* fix, for non-lxc users)
<lifeless> well, I don't know whats up with cgroups-bin, on natty it didn't /stop/ lxc working, now it does. I haven't got a cause yet.
<hallyn> can you list any variables from when it worked to now?
<lifeless> it shows up as 'failure to remove previous cgroup' which appears to be a generic failure mode when something is messing with new namespaces
<hallyn> with what commands?
<lifeless> lxc-start -n foo
<hallyn> lemme try to reproduce on ec2
<lifeless> I have a clean oneiric vm; installed lxc, cgroups-bin, changed the conf file for it to be all ../cpu (carrying over the workaround from natty)
<lifeless> and yeah, ENOTWORKY
<hallyn> what does 'all ../cpu' mean?
<hallyn> (vaio overheated.  grr)
<lifeless> hallyn: https://dev.launchpad.net/Running/LXC step 3
<hallyn> lifeless: step 3 shouldn't be needed in oneiric...
<hallyn> lifeless: if you add freezer to that list, does it work?
<lifeless> will try later, have to run, sorry.
<lifeless> I'll try skipping step 3 first in fact.
<uvirtbot> New bug: #819507 in cloud-init (main) "consume_userdata is only called once per instance" [Undecided,New] https://launchpad.net/bugs/819507
<hallyn> lifeless: yeah, i can reproduce with your step 3, not without.
<hallyn> lifeless: ttyl :)
<lifeless> hallyn: awesome! thanks.
<r4__> is there somewhere i can look to see if slapd is compiled with tcp wrappers support or not?
<r4__> for 10.04
<r4__> other than getting the source and digging thru it
<patdk-lap> r4__ digging through debian/rules
<r4__> thanks
<r4__> looking
<Aleuck> does anybody know a ncurses app to manage users and groups?
<uvirtbot> New bug: #819535 in mysql-5.1 (main) "mysqldumpslow looking for slow.log file on an incorrect directory" [Undecided,New] https://launchpad.net/bugs/819535
<sidnei> how can i mount a folder from the host into an lxc container? seems like simply adding a bind mount to the container's fstab is not possible.
<sidnei> lifeless, ever tried that? ^^
<uvirtbot> New bug: #810731 in mysql-5.1 (main) "MySQL Server installation crashed, now unable to remove MySQL server and Client Binaries" [Undecided,New] https://launchpad.net/bugs/810731
<r4__> can apt-get -o pass CFLAG options?
<r4__> it seems so
<bkerensa> I wonder why neither cPanel or Plesk support Ubuntu Server :P
<JanC> bkerensa: why do you want them?
<bkerensa> JanC: Clients want panel :P you know how it goes ;)
<JanC> well, I have seens hosting providers offering cpanel & plesk on Ubuntu
<JanC> but I guess the issue is that in general, Debian/Ubuntu have more strict rules about how apps can change config files etc., and those panels often don't obey those rules, which might cause problems
<zoopster> and where Ubuntu Server is used in hosting environments, plesk and cpanel are not capable enough
<fosterdv> Hello all...
#ubuntu-server 2011-08-02
<JanC> zoopster: you have some experience with them?
<zoopster> not with using them. in a sysadmin fashion, no
<lifeless> sidnei: yes
<lifeless> sidnei: https://dev.launchpad.net/Running/LXC
<lifeless> sidnei: did you see my reply ?
<sidnei> lifeless, no, but i figured it out. i forgot to create the target directory for the mount.
<sidnei> the error i got was complete nonsense. :/
<lifeless> sidnei: shouldnt be needed with bind mount
<lifeless> *shrug*
<lifeless> sidnei: anyhow with oneiric its just -b sidnei to lxc-create :)
<sidnei> lifeless, i was trying to mount /src in the host as /src in the container.
<sidnei> lifeless, it's where i keep all my checkouts.
<sidnei> lifeless, and /src didn't exist in /var/lib/lxc/<container>/rootfs/src
<sidnei> lifeless, so lxc-start failed in obscure ways
<zul> RoAkSoAx_: you can do usb power on the pandaboard fyi
<Martyn> sort of
<Martyn> it needs slightly more than USB is designed to give to run
<zul> looks fine to me
<Martyn> so you can run the CPU, but when you have to power the USB network device at the same time you'll brown out the CPU slightly
<Martyn> If you are using the WiFi, you'll be fine (but only just)
<Martyn> USB can provide about ~80% of the power the board needs
<Pilif12p> Why would my server be showing just $ when I ssh in, not tanner@server~$ or whatever
<twb> Pilif12p: because /bin/sh is your login shell
<twb> Pilif12p: I would guess because you are creating users with (say) webmin instead of adduser.
<Pilif12p> no, i did "useradd tanner"
<twb> Do not use useradd
<Pilif12p> What shall I use instead?
<twb> adduser
<twb> useradd is a low-level command invoked by adduser
<Pilif12p> oh
<octillion> I don't see anything wrong with using useradd.  If you want to change the default shell, just use the -s option
<octillion> or use usermod to change the shell after the fact
<octillion> Pilif12p, do "sudo usermod -s /bin/bash tanner" to change the default shell for tanner to bash
<Pilif12p> urgh, i can't delete users now
<Pilif12p> meh. fixed it
<Pilif12p> thanks octanium
<Pilif12p> and octillion
<twb> octillion: yes, but presumably he's enough of a newbie that adduser's hand-holding is beneficial
<twb> You're right that I should've mentioned chsh (or usermod -s), though.
<octillion> twb, fair enough, though reading through the man page for useradd shouldn't be too difficult
<twb> octillion: if he could read a damn manpage he wouldn't have asked us :-/
<RoAkSoAx_> zul: cool!! no power supply then
<RoAkSoAx_> zul: what type of cable ar eyou using?
<philipballew> how do i find all open ports on an ip address
<philipballew> need to scan my remote server
<qman__> philipballew, nmap, but be forewarned, using this tool wrong over the net can be illegal
<qman__> so make sure you RTFM and know exactly what you're doing
<philipballew> for sure. qman__  its just my friends server i am troubleshooting for him. doing it to unknown random people is usually bad
<philipballew> those damn blackhats!
<twb> Crossing the street can be illegal
<philipballew> twb have you ever "crossed the street"?
<twb> philipballew: sure; https://secure.wikimedia.org/wikipedia/en/wiki/Jaywalking
<philipballew> the cops have better things to do then bug people for jwalking'
<twb> And there are enough dumbasses running nmap on 0/0 that probably nobody is going to knock on your door for doing it
<twb> Although I suppose your ISP might cut off your tubes for violating AUP
<philipballew> depends on the isp probably
<twb> Yeah, definitely
<philipballew> att are the worst
<lifeless> hallyn: well, it tries to start now (without step 3)
<lifeless>  sudo lxc-start -n lucid-test-lp
<lifeless> init: plymouth-splash main process (155) terminated with status 2
<lifeless> init: plymouth main process (7) killed by ABRT signal
<lifeless> hallyn: but its a little unhappy ;)
<lifeless> hallyn: though that looks like it might be a container glitch; investigating
<lifeless> hallyn: yes, looks like a container glitch
<lifeless> hallyn: ahh, I can reliably nuke an lucid container :(
<uvirtbot> New bug: #819621 in lxc (main) "container start failure after calling poweroff -n" [Undecided,New] https://launchpad.net/bugs/819621
<sw0rdfish> how to check what my friend is doing? I gave him ssh access to do something for me in my vps?
<RoyK> sw0rdfish: ttysnoop?
<huats> morning !
<bkerensa> good morning :)
<_ruben> *yawn*
<tiphares> can someone name a simple, yet good, text editor witha gui for ubuntuserver?
<_ruben> gui and server don't go along very well usualy
<greppy> gvim
<greppy> or just use nano in an xterm.
<tiphares> i have fluxbox on it because i find coding easier with a gui
<tiphares> i use nano for 'everyday use'
<incidence> Hi, I'm installing openvpn but I keep getting error: "Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.128) that looks more like a netmask."
<incidence> when connecting with a client
<incidence> http://pastie.org/private/pwoyp62ifmdpayl7ldxg - there's my server config file
<incidence> I'm trying to access our offices 10.0.1.1 network via openvpn
<uvirtbot> New bug: #819791 in setserial (main) "Sync setserial 2.17-46 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/819791
<hallyn> SpamapS: I know you're uber-busy, but have you had any cycles to think about bug 350936 ?
<uvirtbot> Launchpad bug 350936 in libvirt "Should shut down domains on system shutdown" [Medium,Triaged] https://launchpad.net/bugs/350936
<hallyn> I'm tempted to say let's create a libvirt-shutdown.conf, startig on start runlevel 06, which shuts down the domains, and having qemu-kvm wiat on that one to finish before stopping
<hallyn> though I guess sendsigs is still a problem;  so that's the main reason I'm pinging you :)
<r4__> so im trying to build slapd with tcp wrappers support....im issuing the command "dpkg -b openldap-2.4.21/" but im getting the error "dpkg-deb: failed to open package info file `openldap-2.4.21//DEBIAN/control' for reading: No such file or directory"
<r4__> however... openldap-2.4.21/debian/control exists
<r4__> the only modification i did to the source was adding "--enable-wrappers" to the "CFLAGS = ..." line in openldap-2.4.21/debian/rules
<r4__> any suggestions? the man page failed me
<patdk-wk> r4__ I seriously doubt c supports the --enable-wrappers command
<r4__> c?
<patdk-wk> yes, you added it to CFLAGS
<patdk-wk> flags used when running c (or gcc)
<r4__> hrm...then im not too sure where i need to add that command :(
<patdk-wk> well, something told you to add --enable-wrappers, what told you that?
<r4__> i could of sworn it was a CFLAG
<patdk-wk> I will bet you it isn't :)
<r4__> digging thru the source...lemme find a link
<r4__> http://tinyurl.com/3ufw4hg
<r4__> line 279
<patdk-wk> oh, 3 things
<patdk-wk> I don't see anything about CFLAGS there
<patdk-wk> that isn't instructions
<patdk-wk> and you should atleast google this, or do what I told you days ago, and not go greping the source
<patdk-wk> like I told you a few days ago, edit debian/rules
<patdk-wk> and add the --enable-wrappers in there to the configure command
<patdk-wk> heh useless, openslap has --enable-wrappers by default
<r4__> patdk-wk: thats what i did
<r4__> i edited rules
<patdk-wk> well, it's already enabled
<patdk-wk> so I dunno why you need to *redo it* to enable it
<r4__> but thanks for telling me it has it by defualt...i did not see it in rules
<r4__> i dont...i couldnt find it in there, so i assumed it wasnt
<patdk-wk> the rules file imports configure.options
<r4__> ahh...so that is the file where i would find if such flags were set
<r4__> patdk-wk: thanks for dealing with my ignorance :)
<SpamapS> hallyn: I did spend some time on it last cycle but got distracted
<SpamapS> hallyn: re bug 350936
<uvirtbot> Launchpad bug 350936 in libvirt "Should shut down domains on system shutdown" [Medium,Triaged] https://launchpad.net/bugs/350936
<SpamapS> hallyn: I seem to be caught in a cycle where I go "oh thats a bug I'll do that after Feature Freeze" and then after feature freeze I go "oh there are bugs in my new features I have to fix those" and then I never get to these important ones. :-P
<hallyn> SpamapS: I wonder if we can work aroudn it for libvirt by having it start on starting (whatever starts sendsigs)
<hallyn> I think I might have to pursue that.  I feel like this is something that needs to be solved.  soon.
<SpamapS> hallyn: I believe the appropriate thing to do is to have the thing that shuts down all vms start on starting rc RUNLEVEL=[016]
<SpamapS> hallyn: once rc has started, its kind of over. :-P
<hallyn> right
<hallyn> since sendsigs is initscripts, that's what i meant :)
<hallyn> SpamapS: i think i'll work on a proposal
<hallyn> lemme rephrase more assertively.  I will work on a proposal :)
<SpamapS> hallyn: cool.. appreciate it, I think that bug is important too. :)
<hallyn> thx, ttyl
<SpamapS> hallyn: reassign the bug to yourself and mark it In Progress then.
<zul> hallyn: did you run the last meeting?
<hallyn> zul: no i didn't, though i did pretty recnetly
<hallyn> SpamapS: yup, soon as i get started
<hallyn> zul: what no agenda updates?
<potatoe> I added new modules to /lib/modules, what is the command that I must run after I add these modules ( before I start doing modprobes )
<patdk-wk> depmod?
<Daviey> zul: Can you add ipxe to server-supported for now, and we'll think about adding it to another post A3.
<zul> Daviey: yep
<Daviey> cool
<zul> Daviey: umm already there: http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/ubuntu.oneiric/view/head:/server-ship
<Daviey> zul: so it is..
<Daviey> :)
<Daviey> annnnd. it's showing.. we are just blocked on AA.
<hallyn> SpamapS: if i do 'stop on starting runlevel [016]', will that DTRT?
<hallyn> eh - let's try
<potatoe> THANKs :D patdk-wk
<SpamapS> hallyn: no
<SpamapS> hallyn: stop on starting rc RUNLEVEL=[016]
<h4lfl1ng> hello all, i'm running ubuntu server 11.04 and I cant seem to get sudo to keep environmental variables that were exported either as sudo or su or sudo -i
<RoyK> h4lfl1ng: su alone should keep your environment, I don't think sudo will
<Pici> h4lfl1ng: What about sudo -s ?
<RoyK> dunno - try it
<RoyK> doesn't look like it
<RoyK> Pici: man sudo
<RoyK> Pici: there's a -E flag
<h4lfl1ng> Pici: noope..
 * RoyK throws an RTFM in Pici's direction
<Pici> RoyK: throw it at h4lfl1ng
<RoyK> h4lfl1ng: see above, please :P
<RoyK> Pici: sorry
<Pici> RoyK: its okay.
<h4lfl1ng> RoyK: -E for what command?
<h4lfl1ng> sudo?
<RoyK> h4lfl1ng: man sudo
<RoyK> h4lfl1ng: man sudo # RTFM
<h4lfl1ng> RoyK: How do I use the SETENV tag? When I try to do sudo -E export ASD="stuff" I get export not found..
<Pici> export is a shell builtin
<RoyK> h4lfl1ng: export somevar=asdf; sudo -E ... echo $somevar
<RoyK> sudo -Ei should work well, preseving the old variables
<RoyK> h4lfl1ng: it's all in the docs ;)
<Velmont> Problem: multiple computers with multiple users. They "lock screen" and sometimes ppl have to turn computer off (cutting power). That makes Firefox go batshit crazy because of .lock-files, so it never starts again.
<Velmont> Problem 2: If you login on two computers, and open LibreOffice on both, LO will destroy its own profile. Never starting again (until you delete the profile).
<Velmont> So. Possible fix 1 to problem 2: How can I only allow people to login ONCE? I'm using OpenLDAP and pam_ldap.
<Velmont> Possible fix for problem 1: How can I NOT allow people to lock the computers? Only logout?
<Pici> Depending on what desktop environment you're using, and how updated these links are...
<Pici> !lockdown
<ubottu> Looking to lockdown your users' GNOME environment? Check out http://library.gnome.org/admin/deployment-guide/ - GNOME's Sysadmin guide may also be helpful: http://library.gnome.org/admin/system-admin-guide/stable/
<Pici> That *might* help.
<Velmont> Pici: Yes pessulusus or what's it's name. I can see if it has anything that can help :-D
<Velmont> Trying to force everyone to use gnome-desktop by default, because Unity crashes so badly and only allows people to login 2/3 of the times they try (or else they have to reboot). It's a problem with either compiz, or unity and ldap. Or maybe NFS. I have no idea after trying to find out why. :-)
<Velmont> Pici: Disable Lock Screen and Disable User Switching will work. -- Great, that should help with the Firefox and Thunderbird lock problem.  --  It won't help with the OpenOffice problem though. But a step closer to more sane computing (and less yelling at the Linux machines)
<OsakaFoo> hi, just got all the way though to "configure package manager" and for some reason it decided to disconnect the usb which it was installing to. Is there any way to continue the install?
<miceiken> Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) - I am getting this error when trying to make a gameserver connect with the mysql-server. It works fine other than that with for example PHP.
<patdk-wk> miceiken, heh, that shouldn't work :) that is a huge security issue
<r4__> ugh i cannot figure out for the life of me why the ldap daemon won't start after i enable SSL authentication
<r4__> following this guide, http://tinyurl.com/3fmbtt8
<r4__> At the end of the section...that is the error i get.
<patdk-wk> probably broken cert
<caaakeeey> hey, whats the best ami to use on amazon?
<patdk-wk> personally, I perfer one that works :)
<caaakeeey> which one would that be?
<r4__> patdk-wk: probably...fun!
<lifeless> hallyn: hiya
<hallyn> lifeless: hey
<lifeless> hallyn: hey
<hallyn> (doing some tests involving rebooting my laptop right now, apologies in advance for delays)
<lifeless> hallyn: seen my omgwtf bug ?
<lifeless> https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/819621
<uvirtbot> Launchpad bug 819621 in lxc "lucid container start failure after calling lxc-stop (fails across reboots)" [High,Confirmed]
<skaet> Daviey,  hggdh - are you good with the current Ubuntu server images, or do you want to pick up the new images that were part of the respin?
<hallyn> lifeless: yup
<hallyn> lifeless: the workaround there should fix the wrost part (the not restarting)
<lifeless> ah, thanks! will try after I get off the call I'm on
<lifeless> hallyn: and so ssh was blocking getty ?
<hallyn> no, but networking was
<lifeless> thanks!
<hallyn> lifeless: i'm really hoping that next week we can get real reboot support so we can stop having all these issues
<lifeless> that would be cool
 * hallyn reboots
<lifeless> is my playing with this helping you at all?
<stgraber> hallyn: getting reboot working and getting closer to having the user namespaces would be awesome :) then we'd have good hopes of having close to OpenVZ's feature set for the next LTS
<uvirtbot> New bug: #820023 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/820023
<lifeless> hallyn: back ?
<Bernhard> Any dutch people ?????
<genii-around> !nl
<ubottu> Nederlandstalige ondersteuning voor Ubuntu (en vers gezette koffie) is te vinden in #ubuntu-nl
<hallyn> lifeless: what's up?
<hallyn> stgraber: user namespace won't be ready :(  unless a miracle happens, I expect the vfs support to tak ea long time
<lifeless> hallyn: just wondering if my experiments are helpful to you, or I'm just finding issues you already know about ?
<hallyn> lifeless: they are helpful to me, definately
<photon> hi
<hallyn> (time for another sync and reboot)
<skaet> hmm.. haven't heard back on those Server images so going to post the latest.
<uvirtbot> New bug: #820054 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/820054
<hggdh> skaet: I have not looked at the server images; it is probably not a bad idea to get the latest respin
<skaet> thanks hggdh
<lifeless> hallyn: cool; I shall persevere then!
<photon> hey. can anyone recommend a good book on Linux server administration, Ubuntu Server specifically, that focuses on security and efficient administration? I need something to read on my 10 hour plane ride.
<hallyn> lifeless: I appreciate it
<Bernhard> when i install a prog with for example apt-get install nginx
<Bernhard> then it does not install automaticly the latest version.. how can i update and install in the same path ?
<Daviey> skaet: I don't think significant testing has yet been achieved, thereore i'd like to stay as current with the other flavours as possible.
<skaet> Daviey,  goodness since I just finished updating ;)
<Daviey> hah, glad you thought to ask tho :P
<skaet> Daviey,  well hggdh did say it was ok.  ;)
<skaet> Daviey, I'm looking to see if the arm server images are off the builder,  and if so, unless you tell me otherwise,  I think you've got your images.
<Daviey> skaet: good stuff!
<Daviey> skaet: I will sign off amd64 and i386, NCommander needs to sign off the arm delieverables.
<skaet> Daviey,  gotcha.
<lifeless> SpamapS: hallyn's lxcmount.conf patch should fixup lxc starting up for you on oneiric
<lifeless> SpamapS: I suspect it was the same issue
<SpamapS> lifeless: sweet
<SpamapS> lifeless: any other gotchyas?
<lifeless> SpamapS: see my running docs - ./lucid-test-lp/rootfs/etc/init/lxcmount.conf
<lifeless> bah
<lifeless> https://dev.launchpad.net/Running/LXC#preview
<lifeless> SpamapS: anything [oneiric only] is a gotcha :P
<SpamapS> lifeless: we can likely backport lxcguest to lucid for these purposes.
<lifeless> SpamapS: yes, see https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/819621/comments/12 :P
<uvirtbot> Launchpad bug 819621 in lxc "lucid container start failure after calling lxc-stop (fails across reboots)" [High,Confirmed]
<lifeless> SpamapS: that said, we should fix oneiric as much as possible to avoid -faarghly- workarounds.
<Velmont> What? LXC? How new is that? Is it former vserver? I've tried Xen, KVM, usermode linux, openvz and vserver. But never seen LXC.
<Velmont> In mainstream kernel since 2.6.29. Hmm. Ohwell. Need to look that up then :]
<SpamapS> Velmont: LXC is most like OpenVZ
<patdk-lap> lxc is much better then openvz
<Velmont> SpamapS, patdk-lap: Yes, I'm reading some of the guide. Although I should be asleep, seeing as I've got a job interview tomorrow :-)
<SpamapS> Velmont: 5 hour energy FTW
#ubuntu-server 2011-08-03
<Ursinha> who takes care of uvirtbot?
<rsalveti> does anyone knows who maintains uvirtbot?
<rsalveti> :-)
<Ursinha> rÃ¡
<rsalveti> just wanted to check the code
<Ursinha> it's supybot rsalveti
<rsalveti> Ursinha: that I know, just wanted to know where is the code of the specific plugin that probes for bugs
<rsalveti> seems soren is the contact guy for this bot
<rww> what does uvirtbot do that ubottu doesn't do?
<Ursinha> rww: shows here when new bugs are filed
<rww> ah, shiny
<Ursinha> uvirtbot: hi
<uvirtbot> Ursinha: Error: "hi" is not a valid command.
<Ursinha> uvirtbot: owner
<uvirtbot> Ursinha: Error: "owner" is not a valid command.
<Ursinha> meh
<zroysch> is it possible to mount and use the data from just one of the partitions in an mdadm raid-1 ?
<zroysch> i mean. one of the drives in the raid-1 has failed. one is remaining. the mdadm device is /dev/md0 but I am unable to mount it.
<patdk-lap> just tell mdadm to mount it in failed mode
<fluvvell> I'm running dhcpd and several client machines on the network are dallying over receiving an IP address. One such incident was at 4am this morning, a cycle of DHCPINFORM and DHCPACK of at least 4 machines.
<twb> ITYM "delaying"
<twb> Dallying is what you do with a girl in the back of a car
<twb> fluvvell: are you nearly out of leases?  If you tcpdump, do you see floods of DHCPREQUESTs for a single response?
<twb> I should say: do you see floods of DHCPREQUESTs at all
<fluvvell> twb, I've expanded the leases recently, but might need to grow a few more. Not lots of DHCPREQUESTS but I increased by 20 last term and solved some of the issues.
<fluvvell> some machines ask twice or 3 times for a lease.
<hallyn> SpamapS: don't suppose you're hanging around for a late night?
<FIXEDMYNAS> UBUNTU SERVER SAVED MY DAY!
<rokr1> hi there !
<rokr1> I have just installed kernel 3.0-oneiric
<rokr1> The kernel seems to support dom0
<rokr1> is there any binary of xen 4.1 in ubuntu
<rokr1> natty
<rokr1> ?
<rokr1> I am running desktop 64bit
<rokr1> kernel seems to be generic
<twb> Ubuntu doesn't support Xen at all
<twb> Everybody has to use kvm or else
<rokr1> then why is dom0 support included in ubuntu version of kernel ?
<rokr1> if xen is not supported
<rokr1> It seems like dependency issue in repository
<rokr1> but will it work if I build from XEN-tools source...?
<rokr1> is there any reason that ubuntu keeps away from XEN ?
<twb> rokr1: because dom0 support is built into 3.0 kernels upstream
<twb> I assume they dropped support for everything but kvm because it makes their support contracts cheaper, but it could be just to annoy me
<twb> They dropped openvz and vserver from universe in lucid, despite LXC not really being ready to replace them as at .32
<KM0201> twb: how would ubuntu server run from an 8gig thumb drive (all i'm doing with it, using 2, 2TB drives as a NAS)
<twb> KM0201: in the naÃ¯ve case, the same as booting from a hard disk.
<KM0201> that didn't sound very encouraging..lol
<twb> KM0201: if you wanted to get fancy you could do SSD-style optimizations, like not putting swap on there
<rokr1> use unetbootin KM0201
<rokr1> and change BIOS settings to boot from USB
<twb> rokr1: he wants to boot off the USB key, not boot an *installer* off it
<KM0201> rokr1: putting it on the USB is not the problem.. i know how to do that...
<rokr1> use Windows Version
<rokr1> of Unetbootin
<KM0201> i'm more curious about performance
<twb> And in any case, unetbootin is for retards who are ignorant of both the Ubuntu-provided USB boot images, and isohybrid.
<rokr1> performance depends on the I/O
<KM0201> considering the USB will almost never be accessed/written to, i can't imagine it being much of an issue.
<KM0201> twb: i kinda agree w/ that..
<twb> KM0201: FWIW I ship systems that boot from a stock ubuntu install onto USB keys
<twb> KM0201: they haven't, you know, exploded or anything
<twb> rokr1: http://archive.ubuntu.com/ubuntu/dists/lucid/main/installer-amd64/current/images/netboot/boot.img.gz
<twb> None of this Qt GUI wank
<KM0201> twb: yeah... one final question... I probably won't roll this out onto my server till end of this week, but.. how difficult would it be to install server to SDA(usb drive), then put SDB and SDC(internal 2tb drives) into a software raid 1?
<twb> KM0201: if the array is only used for (say) /srv or /opt, it's trivial
<twb> KM0201: if you put /boot or / on the array, you need to do a little dancing, which is why it's easiest to set it up at install time from the debian-installer UI
<KM0201> twb: nope, they're just two big storage drives thats it... right now they're mounted at /media/drive 1, and media/drive 2
<KM0201> the "OS" partitions, will be on the 8gig usb.
<rokr1> KM0201 do you mean to have a persistent then use uuid
<rokr1> for drive
<rokr1> that will solve the issue
<twb> KM0201: incidentally, it would be a good idea to back up the USB's filesystem onto the RAID array
<twb> KM0201: in case e.g. someone snaps the USB key
<KM0201> twb: i'm not concerned about that, this sits on the top shelf of a closet.
<twb> I still advise you to do it
<KM0201> rokr1: i'm not concerned about the USB drive install, i can do that, not an issue, i'm curious about Raid1 and the internal drives, would that be possible.
<twb> You'll look bloody silly if you need to rebuild the USB key in a hurry from scratch, because you didn't and something goes wrong
<KM0201> twb: i'll take your advice under consideration on that, or maybe I'll just do a full copy of the drive onto another thumb drive, and store that thumb drive somewhere..lol
<KM0201> twb: so again, my question, is how difficult would that be?..
<rokr1> I didnt say about USB at all
<KM0201> rokr1: you're talking about a persistant install, my question has nothing to do w/ installing
<KM0201> i know how to install ubuntu server to a pen drive.
<KM0201> my question, has to do w/ how difficult will it be to make sdb and sdc, part of a raid 1, so they mirror each other
<twb> KM0201: I would just have a nightly cronjob that makes a cpio archive of the USB key or similar
<twb> I already said the RAID part will be trivial
<KM0201> twb: you said it would be trivial if i'm keeping various folders on the hard drive, i'm not.. it's just data (movies, music, etc.)
<rokr1> :) never ending
<KM0201> ..
<KM0201> everybody has either discusssed my usb drive, or a problem that is not going to exist on my system, but not really answered the question, has nothing to do w/ "never ending"
<rokr1> okay lets make it simple KM0201
<KM0201> it has nothing to do w/ simplicity, you're answering my question, w/ answers that do not apply to my question
<rokr1> you need 2 drives sdb and sdc as Linux software raid 1
<rokr1> right ?
<KM0201> yes
<twb> rokr1: he has his answer.  Let him try it; just ignore him until he does.
<rokr1> do u have data on existing HDD sdb and sdc ?
<KM0201> not right now, no
<rokr1> okay use fdisk and format it to raid
<KM0201> twb: and no, i don't have my answer, all you've discussed is either backing up my usb drive, or keeping other files on the two large drives, which i am not interested in doing.
<rokr1> so MBR is re written
<KM0201> ok.
<rokr1> then use mdadm to create software raid
<KM0201> ok
<rokr1> to make it boot as normal raid 1 next time
<KM0201> right.
<KM0201> the internal drives though, don't boot anyway, (just the external)..
<rokr1> no I did not mean that
<rokr1> I mean Linux sees the array as a logical drive
<rokr1> 2 => 1
<KM0201> right... i understand
<KM0201> sounds simple enough
<KM0201> after what i've been through this past week, i think i'll be able to do it no prob, but i'll do a test run
<rokr1> sorry my gnome crashed
<rokr1> you there?
<rokr1> just have a look at this http://tldp.org/HOWTO/Software-RAID-HOWTO.html
<rokr1> bye got to restart
<KM0201> rokr1: having probs?
<rokr1> yes
<KM0201> sorry to hear
<rokr1> Just updated to kernel 3.0-oneiric
<rokr1> just a stability issue
<rokr1> still on the same kernel
<rokr1> so did my last message help you ?
<KM0201> yeah, i'm not "live" on my server yet.. but.. i've got everything running exactly how i want it (just on a much smaller scale) in vbox, and have been taking serious notes while setting all this up.
<KM0201> right now, it seems to be working perfectly.
<rokr1> :)
<rokr1> Hardware RAID is faster than SoftRAID
<rokr1> so y do u want to be with software raid ?
<KM0201> well, mainly, cuz i don't have a RAID card..lol, but i was looking at some the other day, i thought they were super expensive, but they aren't at all, i'll probably pick one up before I take this thing "live"
<KM0201> how do you configure a "hardware" raid though?
<KM0201> i was gonna do some googling on that tomorrow.
<rokr1> Yes but I would prefer softraid
<KM0201> then why are you asking me why i'd prefer softraid?
<KM0201> i'd like a hardware raid, but.. i'm not deadset on it.
<rokr1> newer mobos support raid 0 + 1
<rokr1> etc
<KM0201> yeah, my mobo.. it's kinda old.
<rokr1> those are not true hardware raid
<rokr1> like intel matrix storage
<rokr1> etc
<KM0201> hmm, do you know much about rsync?
<rokr1> never used it ...! but planning to learn to implement backuppc
<KM0201> i'm syncing "folder a" from drive a, to drive b... say I synced it yesterday, then today, i deleted a file in "folder a" on drive a, i want it so that when i sync that folder to drive b, that file also gets deleted
<rokr1> not really a case
<rokr1> its like RAID 1
<KM0201> yeah.
<KM0201> i'll just set up a raid... i've got great notes on getting this system exactly back to how i have it now..
<rokr1> Full backup + incremental = Delta backup, I prefer it
<KM0201> is that in the repos?
<rokr1> not really
<rokr1> its just a concept
<rokr1> of backup
<KM0201> oh
<rokr1> best thing is to use amanda backup tool or backuppc
<rokr1> they have ready made scripts which may suit your needs
<rokr1> Auto backup
<KM0201> HMM
<rokr1> yes based on cron
<KM0201> i know nothing about cron
<rokr1> its just like scheduler in windows
<rokr1> runs app in a regular interval
<KM0201> so I could set it to run like, daily at 4am
<rokr1> Yes
<rokr1> also like every 5 mins do this do that
<rokr1> etc
<rokr1> wikipedia cron to learn more
<rokr1> good thing about backuppc is that it has web GUI
<rokr1> and uses samba shares to backup
<rokr1> modified version of backuppc is available with zamanda website which includes the ftp support
<rokr1> But I dont say rsync is not good
<rokr1> its just the way you use
<KM0201> right
<rokr1> rsync is a base app for backup
<rokr1> like xcopy
<rokr1> in windows
<KM0201> i'm gonna try a software raid.
<rokr1> good luck
<rokr1> steps are simple 1. format HDD to Linux RAID using Fdisk 2. use mdadm to create raid drive like /dev/md0
<KM0201> just gonna do it on a clean install, so it should be easy enough.
<KM0201> here we go.. :)
<rokr1> also remember chunck size that really improves or degrades the performance of the raid
<rokr1> have a eye on it
<KM0201> what do you meann "chunk size"
<rokr1> its just a small portion of space utilized by raid array to have its parity bits ...! it doesnt matter for RAID1 but it does for RAID 0
<rokr1> you can also do RAID5 on 2 disk with mdadm
<KM0201> got it installing now...
<KM0201> raid1.
<rokr1> :)
<KM0201> shouldn't take to long, my drives on vbox are small (5gig OS drive, 10gig "storage" drives)
<KM0201> only thing I'm not 100% sure on, is how to mount the raid in Samba
<rokr1> just use the mounted path
<KM0201> actually, i'm not sure how to mount the raid period...lol, so i'll have to figure tha tout.
<KM0201> where are they usually mounted by default?
<rokr1> its simple
<rokr1> you are combining /dev/sdb and /dev/sdc as a singke /dev/md0
<KM0201> ok..
<rokr1> just mount /dev/md0
<KM0201> oh ok.
<rokr1> that will do
<KM0201> then just add that to Samba.
<KM0201> .conf
<rokr1> :)
<KM0201> and fstab
<rokr1> no its raidtab now
<KM0201> oh ok.
<rokr1> yes also fstab
<KM0201> so do i have to add it to fstab, or raidtab?
<rokr1> not really look for the instructions in the link which I gave you
<rokr1> do not touch raidtab
<rokr1> it contains the instructions which you gave in cli
<rokr1> if you donot know any config then use cli
<rokr1> just mount resulting raid device in fstab
<rokr1> simple
<rokr1> okay community coming back to my problem
<rokr1> with XEN on UBUNTU
<rokr1> will try to install XEN from Source
<KM0201> what filesystem is on RAID drives?
<rokr1> its something like LINUX
<rokr1> look for it in instructions
<pythonirc101> is there any tool in ubuntu that lets me administer 10 or more fedora machines using one shell? I dont want to ssh to each and execute commands. I was tyring mussh, any other recommendations?
<SuperLag> How do you expect to administer them, if you're not connected to them? :)
<twb> pythonirc101: puppet
<twb> SuperLag: he's asking for a SIMO multiplexer for his ssh sessions, but really he wants change management infrastructure.
<twb> Unless, perhaps, his nodes are strictly homogeneous, in which case he wants more like a cloud SOE.
<pythonirc101> twb: my nodes are homogeneous
<twb> lucky bastard
<pythonirc101> twb: I would prefer not to write puppet scripts...
<twb> I hear ya, buddy
<pythonirc101> If I worked that hard, i wud write it in python
<pythonirc101> any other suggestions?
<twb> There are things that do what you want, but I'm not familiar with any of them
<pythonirc101> I tried mussh
<pythonirc101> I would prefer something more user friendly
<KM0201> twb: got it working... i've got Server running of a 6gig virtual drive, virtual drive b and c(10gigs each) are set up in Raid 1, and I can access it through Samba.
<KM0201> twb`:  got it working... i've got Server running of a 6gig virtual drive, virtual drive b and c(10gigs each) are set up in Raid 1, and I can access it through Samba.
<KM0201> ive got all my notes, i should be able to roll this out on my server this weekend w/ little fuss.
<args[0]> hey, i installed vsftpd on my ubuntu server, edited the .conf file but can't connect, always getting: 530 Login incorrect. The user I'm using is 'root', is it illegal to connect to ftp using root? thanks
<twb> args[0]: vsftpd only allows anonymous access by default.
<args[0]> twb: i disabled that
<twb> If you want to upload files as root, you should use SFTP
<args[0]> so i should install sftp?
<twb> It's built into SSH
<args[0]> i need ftp, i dont want encryption/decryption
<args[0]> just pure old ftp
<twb> Well, IMO that's bloody stupid, and since I don't know much about vsftpd anymore, I can't help you do that in any case.
<args[0]> i am transferring huge files, enc/dec consumes lots of CPU usage and slows down transfers
<args[0]> still bloody stupid?>
<twb> Yes; doing that on a trusted network, you should use netcat
<twb> Although I am not convinced the encryption and decryption overhead are significant; it is very likely to be I/O bound unless your systems are Pentium II vintage, or embedded.
<args[0]> i did some research on that, sftp < ftp when it comes to transfers of huge files
<args[0]> varies up to 30% in speed
<twb> source# nc -l -p 12345 < /dev/sda
<twb> sink#   nc -w3 source 12345 > /dev/sda
<twb> Can't remember if that's traditional or OpenBSD netcat, but the difference is minimal; an extra -q 0 or so.
<args[0]> thanks for your input
<greppy> args[0]: doing things over the network as root is generally frowned upon, ftp as another user or use a different transfer method.
<twb> That, too.
<args[0]> greppy: i've created new users, but still getting 530 Login incorrect
<args[0]> not the first time i use vsftpd though, not sure what's happening
<greppy> just on a hunch, sudo /etc/init.d/vsftpd stop; sudo /etc/init.d/vsftpd start
<greppy> then try to ftp as one of those new users again.
<twb> greppy: as opposed to force-reload?
<twb> Looking at the logs on the server side would obviously be a good idea, too.
<greppy> twb: I'm old fashioned :)
<args[0]> this is my /etc/vstfpd.conf file: http://paste.ubuntu.com/657683/
<twb> By design, a client is rarely told *why* it was denied access.
<greppy> that was my next suggestion, check the logs, see what errors, if any are being given.
<greppy>  /var/log/daemon.log and/or /var/log/auth.log
<twb> FFS, why does ubuntu pastebin's "download as text" link want me to give a flipping openid
<twb> greppy: by default, absolutely everything that passes through syslog will hit either auth.log or messages.
<twb> Thus "tail -fn0 /var/log/auth.log /var/log/syslog &"
<args[0]> greppy: still, getting 530
<twb> Which I write nearly as much as egrep -v '^[[:space:]]*(#|$)' foo.conf
<greppy> twb: you haven't setup that egrep as an alias yet? :)
<greppy> args[0]: anything in the error logs?
<twb> greppy: not on the hundreds of hosts I connect to on an ad-hoc basis, over which I have no authority to reconfigure root's dotfiles
<twb> Assuming they're even smart enough to have a persistent root home directory, and not say a flipping Thecus NAS
<greppy> ugh
<greppy> to keep the root env "clean" I have setup my own .file to source to have my aliases and stuff set
<greppy> for instance, EDITOR=nano drives me a little buggy most of the time.
<twb> greppy: yes, in principle I'm allowed to do that but ICBF
<twb> It's easier to just memorize a few handy commands.
<incidence> Hey, I installed OpenVPN. It works flawleslly, but now I can't connect outside, Like www.google.com goes to 10.0.1.7 (openvpn server)
<args[0]> greppy: Aug  3 02:19:33 w00dy vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=args rhost=173.178.xxx.xxx  user=args
<greppy> due to having to work on a variety of different systems, where the versions of tools may or may not be the same, I end up writing scripts/aliases to be as portable as possible.
<twb> incidence: so, your DNS resolver is buggered?
<args[0]> just created another new user right now, and still getting 530 Login incorrect
<twb> greppy: I gave up on that; now I target bash 3.0+ and GNU coreutils 6+, and anyone on somethign stupider can pay me to workaround their box
<args[0]> what's a good alternative for vsftpd?
<twb> Like that thecus box, which had xargs -0, but not find -print0
<greppy> twb: I get to play on debian, ubuntu, cygwin and sun :)
<twb> Poor bastard
<twb> If I get lumped with the latter two, I hand them off to an intern
<twb> FSVO cygwin = windows
<greppy> it's lead to me learning a bit more about different utils, or writing perl5 for something instead of using grep/sed/awk
<twb> Non-GNU userlands are a joke
<args[0]> off to sleep, goodnight
 * args[0] ZZzzzzzzzzzz
<pcnerd> Hi, has anyone upgraded from 9.04->9.10 and beyond given both are now EOL upgrades?
<_ruben> use old-archives.ubuntu.com to fetch updates and upgrades
<pcnerd> I've followed both methods listed here (http://mreschke.com/topic/254/Ubuntu+End+of+Life+and+Upgrades)  and both times I receive either no upgrade or "not supported for jaunty to lucid" etc... (++ followed EOL upgrades from ubuntu documentation
<Jeeves_> pcnerd: You shouldn't skip karmic
<pcnerd> I see, so how cna I tell it not to skip ?
<Jeeves_> You just change the values in /etc/apt/sources.list
<Jeeves_> type apt-get update
<Jeeves_> type apt-get dist-upgrade
<pcnerd> 0 upgraded, 0 newly installed 0 to remove adn 0 not upgraded.
<RoyK> do-release-upgrade
<pcnerd> same, jaunty to lucid not supported.
<pcnerd> its dl'ing lucid.tar.gz so clearly somewhere lucid is set to the next version :'(
<RoyK> pcnerd: in /etc/update-manager/release-upgrades, what's Prompt set to?
<pcnerd> have tried normal and default
<pcnerd> currently set to default
<pcnerd> and have jsut tried normal as well with the same result.
<pcnerd> RoyK:  Should have clarified, thats Prompt set to default and normal.. currently at default.
<alshain> hi, I have installed ubuntu server last week. Now when I boot my computer, caps lock and scroll-lock are flashing :S I've read that this indicates "kernel panic" and can be caused by faulty hardware. How would I best track down the issue?
<shauno> can you hook a screen up to it for more hints?
<alshain> shauno: yes, I did. I don't get _any_ output after GRUB
<alshain> also, it seems to hang in the GRUB part for a considerable amount of time, >5 seconds after Ubuntu Server has been selected
<alshain> also, upon previous boots, I never had any output
<shauno> I'd be tempted to edit the command line on grub to make sure the word 'quiet' doesn't appear in it.  otherwise, it's been far too long since I've done bare-metal boots :/
<alshain> ok, I can try that
<alshain> now I get "alloc magic is broken at <address>", this message is still in GRUB
<alshain> it says: "press any key to exit" <-- that doesn't work
<alshain> I'm now running memtest for the time being...
<shauno> not heard that one before, but atleast we found you some google-fodder.  hopefully you can find someone who's a little more intimate with grub
<alshain> I wonder GRUB would work as long as I don't edit any commands...
<Narc> Hey everyone. I realized yesterday, when I wanted to access the website, that my 10.04 box (VPS XEN hosting) was unresponsive. No ssh access so I did a restart via the hosting web interface. I then realized that the logs (auth.log, syslog...) stopped suddenly 15 days ago. No intrusion as far as I can tell but I'm not sure. I'm puzzled. syslog shows "rsyslogd: [origin software="rsyslogd" swVersion="4.2.0" x-pid="2143" x-inf
<Narc> o="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight' and stops logging a few hours later. Any advice anyone ? Thanks
<patdk-wk> did it go out of diskspace?
<Narc> No, I'm 3GB used on 8GB allowed.
<patdk-wk> yes, but what where you back then?
<patdk-wk> I have had systems fill up with like ssh attacks, and the log fill the drive, then logrotation cleans it up later
<Narc> Interresting. I'm going to check that. Thanks.
<Ynodde> join #ubuntu-nl
<Ynodde> oops
<patdk-wk> don't wanna
<Ynodde> gotta use them / signs first i know, soz for spam
<wtham> hiya
<Narc> patdk-wk:  Apparently, probe says no disk usage problem.
<patdk-wk> hmm
<patdk-wk> I dunno if dmesg logs go back forenough, maybe rsyslog crashed?
<Narc> Maybe, but I think the whole system crashed, because apache was down and sshd too. I just wanted to be sure. Paranoia :D
<patdk-wk> oh, if that much was down
<patdk-wk> sounds more like OOM
<patdk-wk> when you go out of memory, the kernel starts killing random programs
<Narc> Oh... I didn't think about that. 256MB. Possible.
<StucKman> I have problems with upstart and two /etc/init scripts. thereÂ´s a bug report for one of those, rsyslog, here: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/498531 , but if you look closer, youÂ´ll find several similar errors: https://launchpad.net/+search?field.text=upstart+start+uknown+job . any ideas how to fix it?
<uvirtbot> Launchpad bug 498531 in rsyslog "package rsyslog 4.2.0-2ubuntu5.1 failed to upgrade: exit status 1. start: Unknown job: rsyslog" [Undecided,Confirmed]
<Tommy_nmw> hi
<Tommy_nmw> how can we copy image of one server to another?
<StucKman> Tommy_nmw: you mean, all the files?
<Tommy_nmw> yes
<Tommy_nmw> StucKman: yes. I have test server at work and which is installed with most packages. I want to create image of that and deploy on my home server where there is no internet. my home server is just not installed with ubuntu
<StucKman> rsync can be your friend, or tar
<StucKman> ah, hmm
<StucKman> well, either you just rsync/tar the files to your server and then do the grub instalation by hand
<StucKman> or you install ubuntu and then rsync/tar the user and config files
<Tommy_nmw> StucKman: how to rsync ?
<StucKman> Tommy_nmw: I think you will need a intermediate media for transporting the files
<Tommy_nmw> StucKman: live Ubuntu CD of any version?
<jdevel> hey, hope all are doing well.
<jdevel> does anyone here have a fair amount of experience with mail servers?
<patdk-wk> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<jdevel> I'm looking to build one out and wanted to get some opinions
<jdevel> I'm of course running this on ubuntu
<jdevel> 10.04 server, and I'm thinking about using Postfix to take care of things
<patdk-wk> do you have a good reason why you need your own email server?
<patdk-wk> cause getting other people to accept email from you, normally is not an easy task
<jdevel> because I don't want to pay a provider for it
<jdevel> ahh
<jdevel> that is a great point
<patdk-wk> email is one thing that is unlike anything else a server does, cause it's blocked on so many levels :)
<jdevel> yea.. it's true.  I might just forge ahead on a virtual machine and see how things go.. at least as a learning experience
<jdevel> use one of my more obscure low traffic domains
<jdevel> or no-traffic
 * patdk-wk perfers to use postfix + dovecot + amavisd-new
<patdk-wk> but then, I'm using versions that aren't in ubuntu yet
<jdevel> yea the prototype virtual machine I have setup for servers is U10.04
<patdk-wk> mine are 10.04 too, but just using much newer postfix+dovecot+amavis
<jdevel> amavis, is that spam/virus management?
<jdevel> i see many setups using clamav and spamassassin
<Jeeves_> jdevel: It scan's and takes action based on configuration
<patdk-wk> it's more of a wrapper, to help intergrade virus and spamfiltering
<jdevel> like ufw to iptables
<Jeeves_> No
<jdevel> k
<Jeeves_> It does a lot more
<jdevel> I will certainly have to take a look
<huats> does anyone have an made some experiment with glusterfs ? well I was wondering if it could be used to "share" files automatically  over a few computers
<jdevel> why not just use nfs or something?
<huats> jdevel, I'd like to have an offline option and it was my understanding that I could do that with gluster
<patdk-wk> heh, glusterfs documentation is sparse :(
<jdevel> huats, I'm not sure what you mean by offline..
<jdevel> even in a cluster you need the machines to be up and connected..
<huats> jdevel,  I am just saying non sense :)
<patdk-wk> he wants a cluster of servers, if anyone dies, you can still access all data
<huats> I had made wrong assumptions on the gluster role :)
<huats> (I have continued to look at some docs since my question)
<jdevel> you could have an nfs and script something to mirror the files on each machine
<jdevel> i bet there is something else out there that would handle what you want to do
<patdk-wk> unisom :)
<huats> patdk-wk unison was our former solution but it gets very very confusing with more than 4 people :)
<huats> thanks anyway
<patdk-wk> I only used it up to 3 servers at a single time
<patdk-wk> and I had it running every 28seconds
<zul> NCommander: PING
<Ursinha> Daviey!
<Daviey> Ursinha: !!
<Tommy_nmw> hi
<zul> hallyn: ping
<hallyn> zul: yo
<zul> hallyn: i just checked the omap4 kernel and the lxc is not enabled :(
<hallyn> I'm just having no end of tiny little nuisance troubles :)  offlineimap won't work; natty ideapad takes 10 secs to pull up xterm; sigh
<hallyn> oh look, mutt just crashed
<hallyn> zul: which parts are not enabled?
<zul> cgroups looks like it im going through it now
<Daviey> hallyn: offlineimap works for me here :/
<Daviey> hallyn: using mutt-patched ?
<hallyn> wtf is mutt-patched
<hallyn> no i guess i'm using mutt 1.5.21-5
<hallyn> offlineimap was just copying back my local copies of msgs back to imap!  So I kept getting more and more dups
<hallyn> thank god for mut's 'D~='  :)
<hallyn> Daviey: oh, mutt-patched *only* adds the sidebar?  no correctness fixes?
<hallyn> heh, if i want evolution i'll run evolution :)
<Daviey> hallyn: heh, yes - i just wanted to compare fail.
<hallyn> Daviey: it was a segfault.  ulimit was default, so no coredump :(
<Daviey> ah, i had to raise my ulimit due to thunderbird sucking.
<alonswartz> Hi folks. What kernel package is recommend to be used for Xen hosting? In the past (i.e., Hardy) is was linux-image-xen, but that package no longer exists in Lucid+. Is linux-image-virtual the way to go?
<smb> alonswartz, for 64bit it would be the server image
<alonswartz> smb: linux-image-server, thanks. What about 32bit?
<smb> alonswartz, There do not seem to be hypervisor/utils there right now for 32bit. zul you know why?
<smb> Otherwise I would use the generic-pae flavour
<zul> because you need pae in order to run zen
<zul> xen even
<smb> zul, Right, does the server install not default to generic-pae?
 * smb must admit he has not looked closely yet
<Pici> Is linux-image-virtual intended for installs running under a vm?
<zul> smb: it should but i havent run 32bit for like ever..
<smb> Pici, yes
<smb> zul, Hm, maybe something we should think of looking at before release...
<alonswartz> I've used linux-image-virtual for our VM optimized images (ie. TurnKey Linux), and when building the vmtools they are actually built against linux-image-generic-pae
<zul> smb: yeah...throw it on the list ;)
<Pici> smb: thanks, the package description isn't particularly detailed.
<alonswartz> in the passed we've optimized our images for Xen hosting providers using linux-image-xen, but now for Lucid I'm looking for the best equivalent - at least that is until we add support for 64bit
<alonswartz> which will hopefully be in time for the next LTS
<alonswartz> but in the meantime, for 32bit Xen, which kernel is recommended? zul, smb?
<smb> alonswartz, Well, tbh Hardy is the only current release usable for hosting xen. And yes, we try to get it right for the next lts
<alonswartz> smb: just to be clear, I mean as the guest, not the host
<smb> alonswartz, Ah, well as guest either generic-pae or the ec2 images
<smb> (that is for lucid)
<alonswartz> at the risk of sounding ignorant, what is the difference between linux-image-virtual and linux-image-ec2?
<smb> After that the -virtual flavors are meant for guests
<smb> alonswartz, In Lucid it is a complete different xen patchset (so not using the codefrom 2.6.32)
<alonswartz> smb: so which would you recommend for our use case?
<smb> alonswartz, For running as domU I would for Lucid use ec2, for releases after that virtual
<alonswartz> smb: excellent, thanks for the help!
<alonswartz> smb: quick follow up question. In Hardy there was linux-ubuntu-modules-VER-xen, anything similar for Lucid?
<smb> alonswartz, No, there is generally no l-u-m other than hardy
<smb> (well anything still supported that is)
<alonswartz> smb: ok, thanks
<hggdh> folks, I am getting a failure on RAID1 i386
<SpamapS> hallyn: what were you up to last night? did you get it sorted? I saw your merge proposal.. will take a look as soon as I get through the morning deluge of email
<baffle> Anyone know of any TFTP server that reply on port 69 instead of a random sourceport? I.e. to punch thru firewalls/NAT. I've found "Open TFTP Server" on SF, but it doesn't work.
<Ursinha> soren: hi, can you please set the importance/status of bug 809646? as you're the assignee I believe you know how to triage that correctly :)
<uvirtbot> Launchpad bug 809646 in swift "Init Script Problems" [Undecided,New] https://launchpad.net/bugs/809646
<hggdh> Daviey: do you need to worry about bug 820469?
<uvirtbot> Launchpad bug 820469 in mdadm "RAID1 -- after degraded boot, not all disks are recognised" [Undecided,New] https://launchpad.net/bugs/820469
 * SpamapS will be fixing that one
<hggdh> SpamapS: you knew about this one?
<Daviey> hggdh: i rarely worry
<SpamapS> hggdh: saw it
<hggdh> heh
<SpamapS> hggdh: I'm pretty sure though, that this has been the case since lucid
<SpamapS> hggdh: the test case specifically says you may have to re-assemble the arrays
<Daviey> Hmm
<Daviey> is this a dupe of the one jamespage raised?
<SpamapS> hggdh: well, step 16 does
<Daviey> which i thought we left in WON'T FIX?
<SpamapS> Wait..
<SpamapS> There should be no need to add any missing devices back to the RAIDs manually. Otherwise, there is a bug! A manual addition would be:
<SpamapS> Did we change the test?
<SpamapS> Or have I always been reading it wrong?
<hggdh> no, we did not change it
<Daviey> Lets put this into a real situation.
<hggdh> it _should_ be automagic
<Daviey> Server running..
<Daviey> disk becomes degraded why?
<hggdh> disk fails. You stop the system,, remove it, but you do not have a backup disk to insert. You reboot degraded
<Daviey> Then you reinsert the *broken* disk?
<Daviey> and expect it to be added automagically?
 * SpamapS has seen that scenario play out to sinister consequences
<hggdh> later on you find there was a moth on the printed circuit of the failing disk, and reinserts it
<hggdh> (after taking off the moth)
<Daviey> hggdh: sure thing, but i think it should require re-adding manually... there is clearly an issue that requires a sysadmin to intervene
<SpamapS> An admin I worked with saw a failed drive light.. pulled it, pushed it back in.. and said "sometimes they do that, just pull/push it, it goes back to green"
<hggdh> you reboot. One md device is recognised. Two are not
<hggdh> SpamapS: seen this happen, did it myself
<SpamapS> That led to a most awesome multi-drive failure costing the company 1 week of transactional data.
<hggdh> heh, not with me ;-)
<hggdh> Daviey: why *one* md would be recognised, and two not? Same disk, same partition table
<Daviey> bug #791454
<uvirtbot> Launchpad bug 791454 in mdadm "RAID1 Test Failed: Device need to be readded manually" [High,Opinion] https://launchpad.net/bugs/791454
<SpamapS> I believe this is actually a problem in the test case. I would fully expect that a degraded array would require me to re-add any failed disks.
 * SpamapS said he'd fix it because he thoguht it was the other bug
<hggdh> SpamapS: we might need to look at it, it never happened with me on amd64
<hggdh> but it is the same scenario, indeed. So I will close it dup, and get back to the test
<Daviey> it's not like it's hard to re-add to mdad, and booting degraded works.
<Daviey> hggdh: Can you update the test case aswell please?
<jamespage> Daviey, SpamapS, hggdh: I did have a dig around in the md-ressemble code when I encounted the issue
<hggdh> and?
<jamespage> I think if was something todo with ext4 filesystem checkpointing not matching - which is why the swap auto-resyncs
<jamespage> and the filesystems don't
<jamespage> it looked like the behaviour as coded - but that does not mean its a bug
<hggdh> oh, this might be it
<hggdh> I agree
<Daviey> nobody disagrees that the current behaviour is a problem?
<hggdh> Daviey: I will update the test with a statement that it will probably fail, and the mds will have to be manually added back
<hggdh> I do not disagree
<Daviey> hggdh: rocking!
<hggdh> Daviey: test instructions & result update
<hggdh> d
<Daviey> hggdh: thanks!
<SpamapS> hallyn: reviewing your libvirt change.. nicely done.. its intended to only stop on *shutdown* or *reboot* right, like, you don't want to shutdown domains if somebody says 'stop libvirt-bin' right?
<hallyn> SpamapS: exactly
<hallyn> SpamapS: I was a bit torn on runlevel 1, but shutting them down there seems right
<hallyn> (so i'm doing it)
<SpamapS> hallyn: agreed
<SpamapS> hallyn: this is also indepenent enough of a change that I think its 100% SRU'able
<hallyn> SpamapS: people will be glad to hear that :)
<hallyn> SpamapS: though, if the script goes wrong, it could prevent systems from shutting down
<hallyn> (as it did for me when I didn't have the 'break' at end of loop :)
<SpamapS> hallyn: no an error won't cancel shutdown
<SpamapS> hallyn: oh so it just went forever? ;)
<hallyn> :)
<hallyn> yup
<hallyn> do you think it should sit in oneiric for a week or so before we try to sru?
<AceKing> I tried to setup Ubuntu Server 11.04 on one of my PC's. I am trying to set it up where I can share files with family in another state. I installed it, but when it was time to restart it boots to a black screen and just sits there. This is the first time attempting to setup a server, so I'm not familiar with getting it to work
<AceKing> Can someone help me to get it up and running?
<SpamapS> hallyn: yes
<SpamapS> hallyn: libvirt sees enough usage in the platform team (and we all reboot enough) .. we should root out any bugs rather quickly
<SpamapS> AceKing: it should have a login screen for you
<SpamapS> AceKing: do you get the menu where you can select booting into a recovery console?
<AceKing> SpamapS, It just comes up to a flashing prompt.. Nothing written at all
<AceKing> SpamapS, I tried reinstalling, because I thought it didn't install correctly, but it's doing the same thing
<SpamapS> AceKing: hold down left shift after the BIOS .. no menu?
<AceKing> SpamapS, I'll check
<AceKing> SpamapS, No, right after the BIOS I held down the left shift and it still went right to the flashing prompt
<SpamapS> AceKing: during install, did you install GRUB to the MBR ?
<SpamapS> AceKing: also what kind of computer is it?
<AceKing> SpamapS, Yes, GRUB is installed
<AceKing> SpamapS, It is a Dell
<AceKing> SpamapS, Dell XPS 400 to be more specific
<SpamapS> hallyn: do you have upload rights to libvirt ?
<SpamapS> AceKing: thats very strange, you should be getting a grub menu.
<SpamapS> AceKing: just regular SATA disks?
<AceKing> SpamapS, Yes
<AceKing> SpamapS, I installed it from a USB drive that I setup with UNETbootin. Does that make a difference?
<SpamapS> AceKing: shouldn't
<SpamapS> AceKing: but its possible that it installed grub to the USB drive instead of to your install disk.. which would be a bug.
<pmatulis> SpamapS, AceKing: installing from USB key can be problematic.  GRUB may end up... meh
<SpamapS> how to fix that though? drop to a console and manually grub-install ?
<AceKing> SpamapS, I am going to burn it to a CD and see if that works
<AceKing> pmatulis, How do I do that?
<pmatulis> AceKing: can try booting with the key in, see if it comes up
<pmatulis> :)
<SpamapS> AceKing: if that does work, thats probably worth reporting a bug against the installer
<AceKing> pmatulis, I'll give that a shot
<AceKing> SpamapS, Ok
<SpamapS> https://bugs.launchpad.net/ubuntu/+source/debian-installer/+filebug
<AceKing> SpamapS, pmatulis, I tried with the key in, and it went back to the install screen. When I installed it, I just let it run from the Default setting. Should I have tried a different setting?
<pmatulis> https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/752694  <--- this seems to pertain more to HP and RAID devices but someone does mention a "dell"
<uvirtbot> Launchpad bug 752694 in grub2 "Grub2 installs on the wrong device if in a RAID config" [High,Confirmed]
<AceKing> Is it a pain in the ass to move over from the key?
<AceKing> Or is it worth just reinstalling with the CD?
<pmatulis> AceKing: depends if you want to learn something.  if you just want to get it to work i would use a cd
<AceKing> pmatulis, I would love to learn how to do that :)
<pmatulis> AceKing: go for it
<SpamapS> I think the work around is to switch to a console before the first reboot, and grub-install onto the root device
<hallyn> SpamapS: I do (have libvirt upload rights)
<SpamapS> hallyn: looks good.. I haven't tested it, but I think its likely to suceed. :)
<SpamapS> succeed even
<AceKing> How do I know if GRUB installed on the key? where would I look?
<AceKing> Sorry if my question sounds dumb, this is new to me
<SpamapS> AceKing: it would have booted to your new system if it did
<SpamapS> I think
<SpamapS> AceKing: still its worth reporting as a bug if your CD install works
<AceKing> SpamapS, ok, thanks. I think I'm going to try installing from the CD. I will report it.
<SpamapS> AceKing: sweet
<AceKing> SpamapS, I'll problably be back in to figure out how to setup a file server if I get too confused.
<hallyn> SpamapS: thanks for looking.  will push it.
<AceKing> Thank you both helping me!
<NCommander> zul: pong
<zul> NCommander: i forgot what i was going to ask
<NCommander> zul: thats the problem with contentless pings
<hggdh> SpamapS: can you please mark your raid test completed?
<sneakyimp> I'm trying to set up an Amazon EC2 compute instance to send postfix mail using Amazon SES mail service.  I do not want any mail (local or otherwise) to be delivered to mailboxes on this machine and want all mail instead to be sent to mydomain.com.  I've got this mostly working.  mail to "root" is properly redirected to root@mydomain.com.  However, root@localhost gets sent to root@localhost.mydomai
<sneakyimp> n.com and fails with the message "local delivery is disabled"
<sneakyimp> Any postfix pros around?
<RoAkSoAx> adam_g: did do you write a puppet ensemble formula?
<hggdh> SpamapS: duh. Forget, read it wrong
<sneakyimp> I'm sincerely hoping someone can help me with this problem: http://paste.ubuntu.com/658159/
<AceKing> SpamapS, are you still here?
<SpamapS> AceKing: about to step out for lunch
<AceKing> SpamapS, ok, I'll just ask my question in the room.. Thanks
<AceKing> I installed Ubuntu Server from the CD. It started up to a command prompt asking for my username, then the password. It then drops to a command prompt. I tried to type startx like I would normally do on Ubuntu, but that obviously did not work. How do I boot to a desktop?
<smoser> where is the jenkins server ?
<smoser> zul, hggdh ?
<smoser> bueller ?
<hggdh> smoser: on the internal QA lab (access to it is still restricted, public-facing instance is being built
<hggdh> smoser: PM
<lifeless> hallyn: hi
<lifeless> hallyn: do you know any reason why lxc containers cannot nest? [other than shallow bugs like 'noone has tried it']
<AceKing> I am a total beginner with Ubuntu Server. All I am trying to do is setup a simple file server to share large files (video) to family in different states. Is there a tutorial that can tell me how to accomplish this? I installed the server software, and I am LOST to say the least.
<JanC> AceKing: share in what way?  (for what purpose?)
<alshain> shauno: memtest was running all day, no error :S I really hoped the faulty, as suggested in some threads as possible cause, well, I'll continue my search tomorrow
<AceKing> JanC, I converted a lot of home videos, and my family is scattered all over the states. Instead of putting them on DVD's and mailing them out, I want to be able to set it up where I can send them a link and they can download them
<JanC> AceKing: home videos, so I guess you want some privacy too...
<AceKing> JanC, That's not too important.. A lot of holiday get togethers. It would be boring for anyone else to watch. LOL
<patdk-wk> aceking hope you have a crapload of bandwidth
<patdk-wk> normal videos are like 1-3mbit upload speeds, for a single user
<JanC> patdk-wk: for streaming, you mean?
<JanC> not sure that's what AceKing wants?
<AceKing> patdk-wk, they all wont be downloading at the same time
<patdk-wk> janc, that is what it sounds like to me, make like a youtube site for himself
<Bernhard> just set up  a webserver .. so they can donwload the files from your webserver.
<patdk-wk> doesn't gallery2 support videos?
<Bernhard> apt-get install apache2
<AceKing> JanC, I want them to be able to download the vids and burn them, or just play them off their HDD
<JanC> if privacy isn't all that important, just serving them over http should be okay
<Bernhard> apt-get install apache2
<AceKing> JanC, I'm not even sure where to begin. At the risk of sounding stupid, I thought after install it would boot to a desktop
<patdk-wk> server edition? to have a desktop?
<JanC> AceKing: if you want a desktop, install the desktop version
<JanC> you can use it as a server too
<patdk-wk> desktop version isn't going really help you setup and configure this though
<AceKing> JanC, You mean Ubuntu can be used as a server? That is what I am on right now
<JanC> patdk-wk: there is some GUI tool to configure apache IIRC
 * patdk-wk runs scared
<AceKing> patdk-wk, like I said, I'm new to this and don't have a clue
<Pici> AceKing: They use the same package repositories. 99.9% of the things you'd do on a 'server' you can also do on the desktop, although there normally aren't graphical configuration tools.
<AceKing> Pici, OK, is there somewhere I can find a tutorial to learn how to accomplish what I am trying to do?
<Pici> !serverguide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<AceKing> Pici, thanks!
<JanC> patdk-wk: hm, I thought there was a gadmin-* tool for it, but apparently not  âº
 * patdk-wk would be supper lazy
<patdk-wk> install gallery2 for apache/php
<patdk-wk> and just setup a password protected folder in gallery2
<patdk-wk> then upload videos to it
<patdk-wk> since it's all webased, would be easy to use
<patdk-wk> even for other people to load up stuff
<AceKing> patdk-wk, I know how to install gallery2, but how do I upload the vids?
<patdk-wk> you have to configure gallery2
<patdk-wk> and make sure you have ffmpeg installed
<patdk-wk> you upload a video just like you would upload a picture
<patdk-wk> when gallery2 says add picture just take that as, add new object
<JanC> so, sort of a private youtube?  âº
<patdk-wk> yep
<AceKing> Ahhhh, OK
<patdk-wk> http://codex.gallery2.org/Gallery2:Features#Supported_MIME_Types
 * JanC never used gallery2
<patdk-wk> janc, I have all my kids pics and stuff in it
<patdk-wk> also makes it easy to backup/store :)
<patdk-wk> also nice that it does all the conversions for me, since I always take raw pics, it converts to jpeg, and auto-rotates them for me :)
<AceKing> JanC, patdk-wk, Pici, Thank you for helping!
<photon> hi. I'm planning on buying a 3TB drive. will it work with ubuntu, ext4?
<Ursinha> zul: hi, are you there by chance?
<RoyK> it will
<photon> RoyK: will I have to use GPT?
<RoyK> photon: to boot from it, I guess yes
<RoyK> photon: but for storage, that won't matter
<photon> ok
<RoyK> just use an old drive or two (in a mirror) for the boot
<RoyK> then use the rest for storage
<zul> Ursinha: barely
<Ursinha> zul: just wondering if you could give some input in bug https://bugs.launchpad.net/ubuntu/+source/backuppc/+bug/782890
<uvirtbot> Launchpad bug 782890 in backuppc "no ping response on all hosts after upgrade" [Low,Incomplete]
<Ursinha> it's marked to expire soon and I wasn't sure how to bring your attention to that bug without directly pinging you
<Ursinha> (that might be the reason people assign others for them to comment, I guess I get it now Daviey)
<hallyn> lifeless: I dunno.  hav eyou tried it?  :)
<hallyn> lifeless:  a few things I can think of:
<hallyn>  1. our cgroups handling may not be sufficient.  In fact I'm pretty sure it's not
<hallyn>  2. the lxc monitor may want access to a device that we don't normally grant access to (which would be easily fixable)
<hallyn> It's a known TODO to make lxc more flexible with respect to where it tries to put its cgroups.  So if that's stopping nested containers, we can bump teh priority of that.
<lifeless> so conceptually it should be fine ?
<lifeless> i.e. just some expected bugs rather than a inherent design issue
<hallyn> lifeless: yeah...
<hallyn> lifeless: cgroups are nestable, and namespaces are all either nestable or fully isolated...  so there *shoudl* be no problems
<lifeless> (this is relevant to ensemble)
<Ursinha> zul: thanks
<zul> Ursinha-afk: n
<hallyn> jdstrand: are you around?  (I *think* he's out this week, just checking...)
<hallyn> SpamapS: in that libvirt-bin.upstart...  I'm using RUNLEVEL (and it seems to work), but am I supposed to be declaring 'env RUNLEVEL' at top?  Or is that only to give it a default if it's not defined by the 'stop on' line?
<hallyn> (working on a version for lucid right now)
<lifeless> hallyn: apt is fixed :)
<hallyn> lifeless: woohoo
<hallyn> I wonder if I should then remove that new package requirement...
<lifeless> less cruft is less cruft
<hallyn> true.  i'll remove it when i add your lxc-start-aufs script
<hallyn> any ideas what i should call that?
<hallyn> lxc-start-once?  lxc-start-ephemeral?
<SpamapS> hallyn: I don't believe script sections are run with set -u .. so you should be ok
<hallyn> lifeless: (i don't want to do -afs bc I'd like to reuse it with -overlayfs)
<lifeless> hallyn: ephemeral sounds good
<hallyn> a bit long for people whose tab key doesn't work, maybe
<lifeless> now, I need to debug why postgresql isn't starting with ...-aufs - may be more shutdown-race damage
<lifeless> hallyn: its mostly going to be inside other scripts that it gets used.
<lifeless> hallyn: what might be really neat is a no-baseline version of it, for hard-core-ephemeral, run-until-reboot, no-trace-left kindof stuff.
<lifeless> but thats probably you-ain't-gonna-need-it territory
<SpamapS> hallyn: oh, and to be clear, you're covered using RUNLEVEL on the stop on condition because rc exports it.
<hallyn> SpamapS: thx
<lifeless> hallyn: so you've mentioned poweroff support
<lifeless> hallyn: how deep does that go ?
<lifeless> brb
<hallyn> kernel
<hallyn> lemme find a url
<hallyn> lifeless: here is the middle of a long discussion about kernel support: http://lkml.indiana.edu/hypermail/linux/kernel/1101.1/02730.html
<hallyn> lifeless: http://lkml.indiana.edu/hypermail/linux/kernel/1101.1/01973.html   is the problem description
<SpamapS> hallyn: hey, looking at /etc/init/cgconfig.conf ... why doesn't it have a stop on ?
<adac> Hi guys. I installed denyhosts and added a hostname in hosts.allow but it still get blocked from time to time. any ideas whats wrong? shouldn't it be whitelisted when its in hosts.allow?
<hallyn> SpamapS: I guess bc you can safely shut down with cgroups mounted?
<SpamapS> hallyn: mk, will leave it alone
<hallyn> SpamapS: perhaps we shoudl ask jbernard if he thinks we should make it stop at some point
<SpamapS> hallyn: I think the regular late shutdown umount will probably do it, but it won't run 'cgclear' so not sure if thats enough
<hallyn> SpamapS: yeah, umount is all it would do anyway i think
<hallyn> oh no, i guess cgclear actually moves all tasks to root cgroup first
<hallyn> SpamapS: so to be sure, you want me to wait a week on the SRU, or should i just go ahead and request it now?
<hallyn> (I'm fine either way)
<SpamapS> hallyn: I figured you could wait a week just to see if there's anything fundamentally wrong with it. If you want to request it now, and let that happen in parallel w/ the SRU.. thats fine too
<hallyn> ok
<hallyn> i guess i'll push the tree to lp:~serge-hallyn and let it sit
<Demosthenes> so what's the preferred package for monitoring syslog nowadays?
<SpamapS> hallyn: I do think we need to fix it for maverick and natty too.. the upstart job didn't really change in those releases much/at all, so should be a straight accross the board update
<SpamapS> Demosthenes: define "monitoring" :)
<hallyn> SpamapS: yeah, i'll do them too
<Demosthenes> SpamapS: pattern matchign & email
<SpamapS> Demosthenes: I used to use 'swatch' a lot.
<SpamapS> Demosthenes: but thats more real-time...
<SpamapS> Demosthenes: logwatch is good for a daily summary
<Demosthenes> i tend to prefer logmuncher, but its not in apt
<Demosthenes> logcheck appears to be its closest kin
<SpamapS> package it up, we'll sponsor it. :)
<Demosthenes> just don't look it up in the urban dictionary ;]
<SpamapS> lol.. now I *have* to
<SpamapS> err.. on 2nd thought, no thanks
<Demosthenes> *laugh*
<n2deep> Hi, does anyone know of any System 76 competitors?
<jbernard> hallyn: that's the upstart script, no?
<jbernard> hallyn: if policy calls for having a stop on, I have no objections
<hallyn> jbernard: but is there any point to it?
<hallyn> hm, well maybe there is -
<hallyn> if you enter runlevel 2, then runlevel 1, then 2 again,
<hallyn> cgconfig may fail to restart without first being stopped?
<jbernard> if you switch runlevels, you may want that behaviour
<hallyn> which?
<hallyn> meaning you think there should be a stop-on?
<jbernard> proper stopping
<hallyn> ok
<hallyn> SpamapS: ^
<hallyn> so that suggests a simple stop on runlevel [016]
<hallyn> jbernard: thx
<SpamapS> hallyn: yes
<SpamapS> hallyn: tho if you switch to 1, since there's no stop on, it just won't stop.
<lifeless> hallyn: oh that reminds me, did you see the need to touch utmp ?
<SpamapS> its totally acceptable to have no stop on when you leave no process running.. but if you cause umounts to fail, that could be a problem.
<Demosthenes> woot. i have a debian fileserver, 5 years old, with raid5... i just bought a new fileserver running ubuntu LTS, raid6, and was setting it up... when i had my first drive failure on the old one ;]
<Demosthenes> talk about timing
<Demosthenes> oh, and i must report, that running ubuntu booting from a pair of 16 GB USB keys with raid0, encryption, and LVM works great.
<hallyn> lifeless: yes i did, i'll toss that in.
<hallyn> SpamapS: not sure what you're saying
<lifeless> hallyn: I'm not sure why its not auto created, but it didn't seem to be
<hallyn> lifeless: i'm hoping to throw out a new package tonight
<lifeless> \o/
<hallyn> SpamapS: what would you say would be the best channel on which to ask UDD questions (i.e. about lp:ubuntu/*-updates)
<hallyn> there's no ubuntu-udd...  i thought there was...
<SpamapS> hallyn: I usually ask in #ubuntu-devel
<SpamapS> hallyn: but I feel knowledge on the deeper parts of it is hard to come by
<hallyn> SpamapS: ok.  i suppose i jsut need to wait for just the right one of two people to come by and see the q :)
<hallyn> lifeless: actually i think i'm going to move the varrun+utmp tweaking into /etc/init/lxcguest.conf.  It doesnt' seem to belong in lxcmount.conf
<adam_g> RoAkSoAx: no, i didn't
<adam_g> RoAkSoAx: (write a puppet formula)
#ubuntu-server 2011-08-04
<lifeless> hallyn: I have no opinion :P
<lifeless> hallyn: #ubuntu-devel; feel free to ping poolie, jam, jelmer, james_w, barry as particular udd champions
<hallyn> lifeless: actually, assuming you don't see that problem with oneiric containers (i don't), I guess we'd have to get that bug SRUd for it to help you out
<hallyn> oh yeah.  that lxcguest comes from ppa anywa!  (for lucid)
<lifeless> hallyn: :)
<DanaG> hmm, trying to run byobu on serial console, just for the heck of it.
<DanaG> It just silently hangs.
<twb> byobu /dev/ttyS0 115200
<DanaG> No, I mean, the server is the target.
<twb> Can't remember if I've done that before
<twb> I don't see why it wouldn't work
<DanaG> I mean, I have getty listening on the tty.
<DanaG> Oh, and aptitude also hangs.
<DanaG> Looks like it's anything ncurses.
<DanaG> Not that I need serial console very often, when I have SSH.
<lifeless> hallyn: hey, so inside the container what is poweroff *expected* to do today? nothing? poweroff successfully, but slowly? something else?
<hallyn> lifeless: it tells init to kill all tasks, and when utmp reflects poweroff, the lxc monitor (parent of its init) kills init and cleans up the container
<DanaG> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/329012?comments=all
<uvirtbot> Launchpad bug 329012 in linux "Add ipmisensors module to ubuntu kernel" [Undecided,Expired]
<hallyn> what we want is for a way for init to just tell the kernel 'i'm shutting down" and the kernel knows to either shut down the hardware, or kill init
<DanaG> Should I un-expire that?
<lifeless> hallyn: ok, so if its not doing that and is just hanging, thats a bug right ?
<lifeless> hallyn: [which the workaround of zerging /run is dealing with]
<twb> DanaG: I have *definitely* run curses apps, including aptitude, over serial
<twb> DanaG: so you have fucked up something -- perhaps the baud rate or parity bits are most likely
<hallyn> lifeless: yes
<lifeless> hallyn: should I file a separate bug about that, or is the current 'cannot restart' sufficient ?
<TheEvilPhoenix> is there a guide for setting up a git repository system on ubuntu server somewhere?
<hallyn> lifeless: I'm doing some changes to your lxc-start-aufs script, think i'll be pushing tomorrow
<lifeless> hallyn: cool
<hallyn> lifeless: if there is a different cause, pls file a new bug
<hallyn> though i may ignore it until next week (lxc sprint)
<lifeless> hallyn: I think there are two bugs (A: sudo poweroff -n doing nothing inside the container, and B: lxc-stop -n container breaking things)
<lifeless> I haven't explicitly filed A at the moment.
<twb> lifeless: the latter does a hard stop; it doesn't telinit 0 or anything
<twb> Of course it breaks things
<lifeless> twb: sure, which is the whole power management thing
<twb> lifeless: hm, you do it via acpid signalling?
<lifeless> twb: no, but I believe that is the plan
<twb> I'm doing it by sending a signal to upstart
<hallyn> lifeless: do you know of a generic way to know whether dhcp info will be in /etc/dhcp or /etc/dhcp3?
<lifeless> twb: I'm just using lxc as provided, running it into the group, and then whinging to serge :)
<hallyn> lucid keeps them under dhcp3, oneiric under dhcp...
<lifeless> s/group/ground/
<hallyn> but wondering how to be smarter about know where to check
<twb> http://paste.debian.net/125045/
<lifeless> hallyn: ideally we'd get it from libvirt, but libvirt doesn't recognise containers as domains yet.
<twb> pkill -INT lxc-start   # Sends a ctrl-alt-del to containers' upstarts.
<hallyn> eh i'll just do the other if the one doesn't exist
<twb> Then, IIRC, I have upstart patched to make ctrl-alt-del.conf enter runlevel 0, not 6
<qman__> so, my ntp stopped working
<lifeless> (libvirt would know the ethernet address -> ip mapping from its dhcp server, and we should probably have the ethernet address in the external config
<qman__> at some point, with no changes made by me
<lifeless> hallyn: yeah, direct lookup works for me :>
<Martyn> evening
<qman__> and my clients say 'no server suitable for synchronization found' when I try to sync to it
<twb> qman__: doing a long step or a short step?
<qman__> not sure
<twb> (-g)
<qman__> the time difference is only a few minutes
<twb> Dunno then
<qman__> -g isn't a valid option to ntpdate
<twb> tcpdump
<twb> qman__: ntp isn't ntpdate.  ntpdate is obsoleted by current ntpd
<qman__> well, I was trying to sync clients (ntpdate) to the server (ntpd)
<qman__> but ntpd clients are also not syncing
<twb> qman__: that's not how it works
<twb> ntpdate sets the clock ONCE, and then it drifts out of sync forever.
<twb> ntpd contains both client and server parts; you're supposed to install it on every host.
<qman__> I did, and it was working, for a couple years
<qman__> but it has suddenly stopped
<twb> Historically you'd have to use BOTH ntpdate (once, at boot) to get the clocks set up, and then run ntpd to keep them in sync.  Nowadays you can just use ntpd -q -g or so for the initial large step.
<qman__> guessing at the server side since all my clients are all over the place
<lifeless> hallyn: I'll file a separate one for A.
<lifeless> hallyn: I think the -n on ssh in that script is a mistake
<lifeless> hallyn: as it will prevent interactive use if someone wants that
<lifeless> hallyn: you might like to drop it as you edit
<qman__> stopping ntp, running ntpd -q -g, then starting ntp again seems to have fixed the problem
<qman__> not sure what happened
<twb> qman__: your clocks are presumably more out-of-sync than you realized
<DanaG> twb: it was working a little while ago, and then stopped working when I tried to launch a new instance.
<qman__> that was on the server, now all the clients are able to sync
<DanaG> Or rather, a session started on local tty (uvesafb), then attached via serial, worked.
<qman__> the server's clock was actually accurate within a minute
<qman__> it was some of the clients that were off by as much as five or ten minutes
<twb> Isn't uvesafb that really horrible pre-KMS one from the gentoo guy?
<DanaG> Yeah, but it's on a server with an ASPEED graphics chip.
<DanaG> I really wish ATI/AMD would make an IPMI ES1000.
<DanaG> Or such.
<DanaG> Heck, ASPEED doesn't even offer EDID.
<twb> qman__: dunno, man
<twb> qman__: ntpd is supposed to restart automagically whenever the network interfaces change, maybe that hook isn't there
<twb> And you can't use the normal vesafb driver?
<DanaG> uvesafb is more flexible.
<DanaG> So I can do fbset.
<twb> OK, I didn't think anyone would bother to rice a server that much
<twb> But fair enough
<DanaG> Well, it's useful in the rare case I want to connect using my netbook.
<DanaG> I have it go to 1024 by default.
<qman__> I only have one system I actually connect to the local console with
<qman__> the rest I just SSH
<DanaG> And unfortunately, HP didn't give us the serial-over-lan feature the ASPEED chip supports.
<qman__> and the only reason I use that one's local console is IRC
<DanaG> Yeah, ssh most of the time for me, too.
<DanaG> With my laptop, I often connect to its serial-over-lan port to grab kernel stacktraces.
<DanaG> But the server shouldn't be panicing. =P
<DanaG> http://paste.ubuntu.com/658358/
<DanaG> Oh, and lemme' see if it works via ssh.
<twb> DanaG: for oopses, you could use netconsole
<twb> DanaG: that basically just sends printks to a specified IP as UDP packets, and you can netcat them out
<DanaG> Once, I had a panic on my netbook, before it even initialized intel KMS.
<DanaG> Okay, so starting byobu via ssh, detaching, and reattaching via serial works.
<DanaG> Well, aside from drawing glitches.
<twb> I'd be interested to know if this is screen's fault, or byobu's
<DanaG> ah, glitches were due to putty window being smaller than the console.
<kirkland> me too
<DanaG> Aptitude is doing the same thing.
<DanaG> Aptitude within the reattached byobu, works.
<twb> I wish tmux would magically do everything I use in screen, so I could switch to it
<twb> ICBF doing all that C coding myself
<DanaG> oh yeah, so I managed to work around HP's SMBIOS error, and get ipmi_si to load with a manually specified address.
<DanaG> Now, what useful things can I do with it, in-band?
<DanaG> hmm, ipmievd doesn't see the ecc event I inject.
<hallyn> lifeless: yeah, tough call.  Interative may get confusing.
<lifeless> hallyn: indeed ;)
<lifeless> found out postgresql-8.4 was also nerfed by the lxc-stop thing
<lifeless> now I have to figure out why sshd in the container isn't detecting the end-of-process at the far end
<hallyn> lifeless: so after you do 'poweroff', if you do 'lxc-ps --name <container>', does it show postgresql still running?
<DanaG> Yup, no log of events I inject.
<lifeless> hallyn: let me fire it up
<DanaG> okay, nothing on ipmievd.
<lifeless> hallyn: is this relevant ? :
<lifeless>  sudo lxc-start -n lucid-test-lp3
<lifeless> lxc-start: No such file or directory - inotify event with no name (mask 32768)
<lifeless>  * Setting up resolvconf...
<lifeless> hallyn: sudo lxc-ps -n lucid-test-lp3
<lifeless> CONTAINER    PID TTY          TIME CMD
<lifeless>             7633 pts/6    00:00:00 sudo
<lifeless>             7634 pts/6    00:00:00 lxc-ps
<lifeless>             7635 pts/6    00:00:00 ps
<hallyn> i think you have to do --name
<lifeless>  sudo lxc-ps --name lucid-test-lp3
<lifeless> CONTAINER    PID TTY          TIME CMD
<lifeless> lucid-test-lp3  6878 ?        00:00:00 init
<lifeless> lucid-test-lp3  7400 ?        00:00:00 sshd
<hallyn> we shoudl really make -n work for consistency
<hallyn> ok
<lifeless> I'll file a bug on -n
<hallyn> thanks - it's annoying
<hallyn> i don't know what the inotify thing means
<lifeless> bug 820720
<uvirtbot> Launchpad bug 820720 in lxc "lxc-ps -n NAME does not work (but --name NAME does)" [Undecided,New] https://launchpad.net/bugs/820720
<hallyn> thx i'll add that to the pile
<hallyn> drat, no aufs in ec2 (and i just lost my other box for a bit)
<lifeless> doh!
<lifeless> this poweroff thing is baseline lxc - not the aufs script
<hallyn> yeah
<hallyn> but i wanted to test the aufs script some more before shipping :)
<lifeless> of course :)
<hallyn> i'll start working on the -n thing meanwhile :)
<DanaG> okay, got ipmievd to work.
<DanaG> so anyway, my pastebin was strace of byobu.
<DanaG> And it says it wrote a message to stdout, but actually didn't.
<DanaG> And when I did as it said, and chmodded /var/run/screen/ to 777, it told me to chmod it to 775.
<DanaG> if I sudo strace -F fgconsole, it hangs here:
<DanaG> open("/proc/self/fd/0", O_RDWR
<DanaG> and aptitude does this:
<DanaG> readlink("/proc/self/fd/0", "/dev/ttyS5", 4095) = 10                    stat("/dev/ttyS5", {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 69), ...}) = 0                        open("/dev/ttyS5", O_WRONLY
<lifeless> hallyn: I've just switched to ssh  -q -n -T
<lifeless> hallyn: stops a hang on the ssh process if its output is a little racy, and squelches the 'added ... to hosts file'
<lifeless> bah, the -T isn't sufficient
<DanaG> hmm, off to walk the dogs.
<twb> Ugh.  xdm's postinst assumes it's *running* at configure time (as at lucid):
<twb> (transmute)root@trimserver:/# dpkg-reconfigure xdm System start/stop links for /etc/init.d/xdm already exist.  cat: /var/run/xdm.pid: No such file or directory
<hallyn> lifeless: actually i think i'm going to drop the 'ssh' bit in there and use lxc-monitor instead
<hallyn> trick is i need to tweak lxc-monitor to be willing to exit when the container stops :)
<jdevel> i'm setting up a mail server and I wanted to know some personall favorite spam filters if anyone would share.
<twb> jdevel: postgrey
<twb> If you are reading the payload to detect spam, you've lost
<twb> But we do also run crm114 for a couple of abysmally stupid users, for whom handfuls of spam a day get past non-payload techniques.
<twb> jdevel: checking SPF records, and adding one to your own domain, is also obviously a Good Thing
<jdevel> twb, I appreciate your feedback
<jdevel> I was reading that spamassassin is a resource hog
<twb> it is
<jdevel> postgrey isn't that just a white/grey/black list type of filter?
<jdevel> seems a lot of people use seperate machines for filtering spam
<DanaG> weird... I just got a spew of the banlist.
<twb> jdevel: https://secure.wikimedia.org/wikipedia/en/wiki/Greylisting
<jdevel> i'll check it out
<twb> jdevel: it drops messages from peers that do not adhere to the SMTP specifications.
<jdevel> also, for virus detection.. integrated into postfix I'm guessing clamav?
<twb> Unless you have windows users, you don't need virus detection
<twb> http://linuxmafia.com/~rick/faq/index.php?page=virus
<jdevel> yes could be a number of system types
<twb> https://secure.wikimedia.org/wikipedia/en/wiki/SPF_record if you missed that comment.
<ScottK> jdevel: The standard Ubuntu server setup is amavisd-new + clamav + spamassassin - see the server guide in /topic for information on setting it up.
<ScottK> postgrey is a good addon if you want greylisting.
<jdevel> I honestly think I may just forgo the spam filtering and virus scanning
<jdevel> If I need to deploy this in a more production like environment with considerable traffic I'll approach those avenues
<twb> more traffic = more load
<jdevel> I'll just roll with postfix, dovecot, mysql, virtual
<twb> payload scanning doesn't scale, which is why it *isn't* useful for high-traffic environments.
<jdevel> which is why I'll check out postgrey when I need to get into spam filtering
<twb> jdevel: and SPF
<DanaG> Say, is there some package I can install to have my system e-mail me if major stuff happens in syslog?
<hallyn> lifeless: ok, i've got lxc-start-ephemeral mostly working (for oneiric-on-oneiric containers).  Only hitch is dhclient is failing with some error about libc.  aufs-related, I woudl assume.
<DanaG> Major stuff would be, say, ECC errors.
<hallyn> Daviey: (going by most likely to be helpful timezone :)  Any chance I could get a push to lxc with http://people.canonical.com/~serge/lxc_0.7.4.2-3ubuntu6.debdiff   ?
<lifeless> hallyn: interesting
<hallyn> lifeless: you didn't see that at all?
<lifeless> hallyn: nope
<lifeless> hallyn: but for ephemeral I've only tried lucid on (natty, oneiric)
<hallyn> dhclient: error while loading shared libraries: libc.so.6: cannot open shared object file: Error 116
<ScottK> hallyn: It should probably wait until after Alpha 3 is out since it's in Main.
<DanaG> ah: https://help.ubuntu.com/community/Smartmontools
<hallyn> ScottK: drat, good point, thanks
<jdevel> twb, would you recommend using fail2ban on postfix/dovecot?
<twb> I don't know about postfix/dovecot, but I would not use fail2ban for SSH
<twb> http://cyber.com.au/~twb/doc/iptab
<hallyn> lifeless: go figure!  an ephemeral lucid container on oneiric can dhclient jsut fine!
<lifeless> hallyn: \o/
<DanaG> Say, how can I make my server shut down upon, say, the 5th time of pressing the power button?
<jdevel> twb, thanks
<twb> DanaG: what's wrong with doing it on the first press?
<DanaG> It's too easy to hit accidentally, when I'm shoving the server around on the floor.
<DanaG> Actually, second time would be better than fifth time.
<twb> DanaG: buy a molly guard.
<DanaG> hmm, I could tweak /etc/acpi/shutdown.sh to write a count to /tmp.
<DanaG> Some file in /tmp.
<twb> https://secure.wikimedia.org/wikipedia/en/wiki/Molly_guard
<DanaG> Har, my 8GB Patriot drive is: Kingston Technology Company Inc. 2 GB USB stick
<DanaG> Oh yeah, and my server has a jumper (that I attached a button to), to inject an NMI into the system.
<DanaG> All I get in dmesg is "Uhhuh.  NMI received for unknown reason 2c.  Stumbling, but attempting to continue."
<jmazaredo> can i see the ftp uploads of files, creation of folder in my ftp log or just the login/fail/ip only?
<hallyn> lifeless: the lxcguest for lucid is waiting to build in ubuntu-virt ppa (which is where the ubuntu template grabs it from).  That ppa also will have the proposed lxc package with lxc-start-ephemeral.
<lifeless> hallyn: very cool
<hallyn> I did just also see the 'lucid-won't-shutdown' - I don't always see it though.  unsure what's the problem
<lifeless> hallyn: I will give it a spin and get you some feedback
<hallyn> lifeless: could be awhile before it gets built :)  but thx.  Oh, pls do look at the usage help (i changed it)
<hallyn> good night
<lifeless> ciao
<jdevel> anyone feel free to chime in... I have ufw used to setup the chains for iptables etc.. ports I want open etc.. the usual FW stuff.  I also added fail2ban to the server.  I'm still a bit new to iptables and chains etc.. will the fail2ban chain rules interfere with the ufw chain rules?
<jdevel> or can they co-exist together without issues
<jdevel> I imagine it comes down to which is stacked on the top/bottom regarding enforcing rules
<ScottK> Since they both modify the iptables config, you'd have to look at the results and evaluate if they were llikely to interfere.
<ScottK> I don't use either, so no idea.
<nandemonai> Hey guys. I don't suppose anyone knows if there is a working headless ps3 media server?
<nandemonai> Ooo hang on, looks like ps3mediaserver can be run gui-less.
<twb> nandemonai: if it needs X, there's Xvfb to make it headless
<nandemonai> Hmm also a good idea. Thanks twb
<nandemonai> I assume (haven't used it before) that I'd have to use ssh x forwarding to use it if going down the xvfb route?
<twb> No, with xvfb the GUI is never displayed anywhere
<twb> The client just thinks it is
<nandemonai> Ahh ok.
<nandemonai> Hmm thanks again, I'll look into it.
<twb> If you actually need to interact with the GUI, you could of course use something like ssh -X or X0rfbserver
<twb> The latter exports the X session over VNC, and it probably most appropriate.  Note that unlike Windows/OS X VNC servers, it exports a *new* session, and isn't tied to what's on the local display (if anything).
<jamey-uk> I tried setting up a bridge as listed here https://help.ubuntu.com/11.04/serverguide/C/network-configuration.html but then I can't access the internet any more. What am I doing wrong here?
<twb> jamey-uk: pastebin your network/interfaces
<Daviey> hallyn: Just had a quick look... the /var/run entries should be /run, no?
<twb> jamey-uk: here's a working one: http://paste.debian.net/125063/
<Daviey> hallyn: and 'binary-install/lxc::" /could/ be handled by a .install file?  dh_fixperms should chmod it automagically, i'd have thought
<jamey-uk> twb: http://pastebin.com/USUPKYrZ yeah I've immediately noticed that I spelt 'broadcast' wrong for br0, and my network parameter is 192.168.1.0 whereas I'm assuming it should be 192.168.1.1 (or should they both end in 0?)
<twb> jamey-uk: you shouldn't be raising both br0 and eth0
<jamey-uk> twb: oh, I clearly misunderstood it thenâ¦ what should I be doing?
<twb> jamey-uk: if eth0 is participating in the bridge, you just raise the bridge
<twb> jamey-uk: see how I have no stanza at all for dmz or managed (which are my eth0 and eth1)?
<jamey-uk> twb:	sorry, haven't edited interfaces much before, is raising when you put in the 'auto eth0' line?
<twb> Basically, yes
<jamey-uk> so something more like the example here? https://help.ubuntu.com/community/KVM/Networking#Creating a network bridge on the host
<twb> If you don't have that the associated iface foo stanza doesn't matter
<twb> Yes
<twb> Not sure why they turn STP off, but whatever
<jamey-uk> twb: so basically, br0 becomes what my eth0 was, and then a bridge will exist?
<twb> Ye
<twb> Yes
<jamey-uk> Thanks, I'll give it a go :)
<andyw> o/
<Loocy> there are many apps and script but can any one recommend a good php or something stable userfriendly script for webbased 1.voice 2. video chat ? 3. i need some face book like bloging script. similer or which integrates with facebook accounts and its blogs.?
<adac> hi guys. I've set up denyhosts and added a host of mine in the whitelist (hosts.allow: All: vhost.example.com) but denyhosts does not recognize the hosts DNS. It only works with IP... any ideas whats might wrong?
<twb> netfilter doesn't support hostnames.
<twb> iptables-restore and ipset will resolve them, but only once, at load time.
<adac> twb, but it works on my other linux server and on my centos host.
<jamey-uk> twb: so that seems to have worked, my original connection works and the bridge seems active. I've following the instructions at https://help.ubuntu.com/community/KVM/Networking#Converting an existing guest but the guest doesn't pick up an address. Do I have to follow the next steps re. DHCP?
<twb> Sorry, I'm going home in a minute and I can't be bothered helping
<jamey-uk> Okay, thanks anyway
<jamey-uk> Could anyone else help me with getting my KVM bridged network working?
<Loocy> there are many apps and script but can any one recommend a good php or something stable userfriendly script similer to face book like bloging script. similer or which integrates with facebook accounts and its blogs.?
<jamespage> Daviey: iscsi target tests for i386 and amd64 completed OK for oneiric - I've updated the test tracker
<Daviey> jamespage: you rock star.
<_ruben> which iscsi target would that be? just curious
<jamespage> _ruben: well I just tested against the iscsitarget package - http://iscsitarget.sourceforge.net/
<_ruben> ah ietd
<_ruben> (using scst.sf.net myself)
<marshall> hey ubuntu
<smb> smoser, utlemming FYI, bug 791850 bisected. I posted to xen-devel as I would not be completely at the bottom of "why". But in doubt/emergency we seem to have the option of reverting one patch for PV on HVM to be able to boot. But I am sure there should be a better solution.
<uvirtbot> Launchpad bug 791850 in linux "oneiric cluster compute (hvm) instances do not boot" [High,Triaged] https://launchpad.net/bugs/791850
<RoAkSoAx> adam_g: for some reason i though you were writing one
<KM0201> how can i add a current raid (/dev/md0) to fstab?.. if i manually mount it (sudo mount /dev/md0 /mt/mtpoint) it mounts just fine... when i try to add its uuid to fstab, i always get an error and have to "Skip or Manually recover".. if I delete the UUID i add to fstab, my machine boots normal, and I can manually mount the disk no problem...   http://pastebin.com/1yRNDGpy           if there's other info you need, just ask.
<hallyn> Daviey: first off, as ScottK pointed out, we're in ffe, so pls dont' push anyway :)  I'll ask again on monday
<hallyn> Daviey: secondly, my moral objections to /run aside, I think it's unnecesary and too early to switch the entries.  (It would make more delta between natty packages etc)
<hallyn> Daviey: lastly, for the .install file, it would be nice.  I was thinking I couldn't do that one with .install, but maybe it's only renaming that doesn't work?
 * hallyn looks at the manpage
<hallyn> Daviey: yeah, .install should work.  I'll give that a shot.
<Daviey> hallyn: Yeah, planend to queue it up.
<hallyn> Daviey: ?
<KM0201> how can i add a current raid (/dev/md0) to fstab?.. if i manually mount it (sudo mount /dev/md0 /mt/mtpoint) it mounts just fine... when i try to add its uuid to fstab, i always get an error and have to "Skip or Manually recover".. if I delete the UUID i add to fstab, my machine boots normal, and I can manually mount the disk no problem...   http://pastebin.com/1yRNDGpy           if there's other info you need, just ask.
<hallyn> Daviey: not sure what you mean by 'queue it up'.  AIUI the FFE is voluntary, so if you dput it'll go through.
<hallyn> Daviey: updated http://people.canonical.com/~serge/lxc_0.7.4.2-3ubuntu6.debdiff .  Will let it sit till monday now.
<jdevel> hey twb
<jdevel> you around here?
<marshall> I've got an LDAP client that seems to cache ldap groups. When I restart nscd, it doesn't seem to recognize ldap groups.
<hallyn> SpamapS: regarding bug 820675 (and all the others :)  I assume those are something you're going to track as you implement the upstart runlevel 1 nuttiness?  :)
<uvirtbot> Launchpad bug 820675 in libvirt "libvirt-bin upstart job will not be started again on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820675
<zul> jamespage: ping how is the octopussy stuff coming?
<jamespage> zul: Daviey is reviewing ATM pre-upload to NEW
<jamespage> its OK and working
<zul> jamespage: k the rsyslog ensemble stuff is almost done server done...need to write the client
<Daviey> zul: whats that you are doing?
<zul> writing ensemble formulas for rsyslog
<Daviey> zul: What WI is that part of?
<zul> the syslog one
<zul> i probably should add that
<Daviey> zul: the firehose?
<zul> yeah or it could be in the orchestra one
<Daviey> zul: erm, adam is already working on that
<zul> erm...i didnt know that
<Daviey> I might be wrong...
<zul> i thought he was doing the nova ensemble formulas
<lynxman> zul: hey :)
<lynxman> zul: have you seen this one before? http://pastebin.ubuntu.com/658695/
<Daviey> zul: He wrote puppet ones, but was then looking to also write ensemble ones
<zul> lynxman: no have you tried nova-manage help?
<zul> Daviey: hmmm....
<lynxman> zul: yes, same result no matter which command I feed
<zul> lynxman: open up a bug in launchpad for the nova project then
<lynxman> zul: hah, it was the lxc line in nova.conf
<lynxman> zul: which one is used now to enable lxc?
<zul> --libvirt_type=lxc
<lynxman> exactly what I was using, hmm...
<lynxman> and now it works, I'll be damned
<lynxman> zul: thanks
<zul> smoser: have you seen this?  ssh -v ubuntu@pegasus.trellisnet.co.uk -p 8773
<zul> damn it
<zul> smoser:  https://bugs.launchpad.net/nova/+bug/820962
<uvirtbot> Launchpad bug 820962 in nova "Generating hostname from display name incorrect" [Undecided,New]
<TREllis> zul: LOL
<adam_g> zul: i had done the puppet modules for rsyslog and was considering redoing them in ensemble, cause it would be great to have along openstack stuff
<adam_g> Daviey: ^
<adam_g> i haven't started them yet, and if you have something ill use that instead, or help work on it with you if you'd like
<Daviey> adam_g: Ah, i thought you had started them.
<adam_g> Daviey: not yet, i did start a collectd formula, tho.. which'll compliment openstack similarly
<CharlieSu> Hi. I'm on Ubuntu 10.04.1 LTS and when I install the CouchDB package and then try to run /etc/init.d/couchdb stop I get 'cd: 88: can't cd to /root' and the service never stops.  Anyone know what this may be?
<Daviey> adam_g: What is the sitrep of the openstack formula's?  Are they good for next week?
<Daviey> multi-node?
<Daviey> CharlieSu: that looks like a bug :)
<CharlieSu> Daviey: yeah I know it.  Do you know if there is a way to install a package like CouchDB and have it not automatically start after it is installed?
<zul> adam_g: we need to work on the openstack/orchestra integration at the same time i think
<zul> adam_g: i already have an ensemble formula for nagios at least
<adam_g> Daviey: i want to modify them to make use of the new formula config stuff.. but yea, http://no-carrier.net/openstack.svg
<adam_g> zul: cool, we can do that next week for sure
<zul> adam_g: we can start on monday even ;)
<adam_g> zul: is that rsyslog formula branch pushed anywhere?
<zul> adam_g: not yet...i got pulled into something else
<zul> adam_g: ill push it this afternoon (just about to go for lunch)
<adam_g> k
<Daviey> adam_g: diagram looks good!
<adam_g> Daviey: there's still a couple of things i need to work out with scaling the swift storage up and down, but i hope to address those next week.
<Daviey> adam_g / RoAkSoAx: Do i understand correctly that the formula needs to only reside on the consumer/user's machine.. not on the cobbler server?
<Daviey> adam_g: sounds good.
<adam_g> Daviey: using orchestra? i dont know. on ec2 its pushed to a S3 bucket for agent consumption. i think they're using webdav for that, running alongside cobbler?
<Daviey> yeah.. webdav is the data store.
<Daviey> I'm trying to make sure we haven't missed anything in the use case.
<adam_g> is deploying via orchestra ready to go? is it available on any test cluster yet?
<lynxman> Daviey: hey, I need sponsoring for ruby-bundler, it needs to go to universe
<Daviey> lynxman: it's on my todo.
<lynxman> Daviey: thanks a big bunch sir :)
<SpamapS> Daviey: the formulas do only need to live on your local machine but are copied to the webdav service on deploy
<Daviey> SpamapS: Great!  thanks.
 * Daviey screams a little.
 * SpamapS tries to toss M&M's into Daviey's gaping mouth
<Daviey> CharlieSu: different packages do it in different ways, sadly i don't know off the top of my head on that one.  Please do raise a bug regarding the issue you encountered tho
 * TheEvilPhoenix yawns and throws balls of paint at Daivey and SpamapS
<Daviey> SpamapS: that would be wonderful.
<Daviey> TheEvilPhoenix: That isn't very nice :(
<TheEvilPhoenix> *cough* The ***Evil*** Phoenix *cough*
<lynxman> TheEvilPhoenix: so... chaotic neutral or lawful evil? :)
<robbiew> kim0: ping
<MoooookiE> Hello, I changed the default ubuntu mysql config. But now if i want to start mysql with "service mysql start" i just geht this errors: http://privatepaste.com/4d276bd1a3 here is my config: http://privatepaste.com/ba2bdd68f6
<aurigus> what happens if you simply run mysql?
<aurigus> im too slow :/
<ewj> I'm trying to upgrade an Ubuntu 8.04 server to new OpenSSH/OpenSSL/Apache versions for security reasons, but it looks like the 8.04 repos don't have them - is it possible to install newer versions of just those packages without doing a full distro upgrade?
<astrostl> "maybe"
<astrostl> you can find out by adding the repos for a higher version, and modeling it in aptitude
<astrostl> e.g. add the lucid repo, and then aptitude -sy install openssh
<patdk-wk> ewj, your going about it wrong :)
<patdk-wk> the whole point of using an LTS release, is there is no security concerns
<ewj> I'm sort of new to this, so that's def. possible, patdk-wk :)
<astrostl> shouldn't 8 LTS have SECURITY patches though?
<astrostl> i run into bugs constantly on lucid, but security stuff always seems to be backported
<ewj> yes, I think it does, but I'm not seeing recent versions of, for instance, the OpenSSL libs showing up through aptitude
<patdk-wk> you won't see recent versions
<patdk-wk> cause the security issues are BACKPORTED
<patdk-wk> you got audited? and they said you have old insecure crap?
<ewj> shouldn't they be showing up as some sort of update, though? for instance, 'openssl version' tells me 'OpenSSL 0.9.8g 19 Oct 2007'
<astrostl> look at the actual package changes on the repo web sites
<ewj> yup, basically, an audit
<astrostl> something can stay at version g and still have, say, security features from h rolled into it
<patdk-wk> the audit should link you to the CSE's
<patdk-wk> and you just cross reference them wit hthe ubuntu cse's that show it fixed
<davros> lol isnt ubuntu supposed to be easy :/
<ewj> http://packages.ubuntu.com/hardy/openssl says 0.9.8g-4ubuntu3.13 should be the most recent - is there a way I can verify that's the version we're running?
<mdeslaur> ewj: your auditor is doing it wrong. Most linux distros backport security fixes to old versions. See https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions
<patdk-wk> mdeslaur, all auditors do it wrong :)
<mdeslaur> patdk-wk: yeah, most of them :P
 * patdk-wk swears auditors are people that are unable to maintain things anymore
<mdeslaur> hehe
<MoooookiE> Hello, I have a problem with mysql. Someone tell me that the problem could come from apparmor. I have change this file: /etc/apparmor.d/usr.sbin.mysqld but i have no init.d script to restart apparmor. i'm not sure if i have apparmor
<mdeslaur> MoooookiE: what version of Ubuntu are you running?
<mdeslaur> MoooookiE: did you have apparmor denied messages in dmesg?
<MoooookiE> DISTRIB_DESCRIPTION="Ubuntu 10.04.2 LTS"
<MoooookiE> no I don't have denied messages
<mdeslaur> MoooookiE: if you don't see denied messages in dmesg, your problem isn't coming from apparmor
<MoooookiE> mdeslaur: ok, thanks :)
<MoooookiE> mdeslaur: have you an idea what my mysql problem could be? i just geht this errors: http://privatepaste.com/4d276bd1a3 here is my config: http://privatepaste.com/ba2bdd68f6
<mdeslaur> MoooookiE: see here for more info about debugging apparmor: http://wiki.apparmor.net/index.php/AppArmor_Failures
<mdeslaur> MoooookiE: oh, hmm...you did change a bunch of default file locations
<mdeslaur> MoooookiE: in that case, maybe you are being blocked by apparmor
<MoooookiE> mdeslaur: yes but I don't have denied messages :)
<mdeslaur> MoooookiE: are you sure you don't have denied messages in /var/log/kern.log?
<mdeslaur> MoooookiE: does aa-status show mysql as being confined?
<MoooookiE> mdeslaur: yes I'm sure
<MoooookiE> mdeslaur: I also don't have aa* tools
<mdeslaur> MoooookiE: do you have the "auditd" package installed?
<DanaG> argh, can't use zfs and forked-daapd.
<DanaG> libavl1/libzavl1 conflict.
<mdeslaur> MoooookiE: you don't have the aa tools? oh, that's pretty odd
<MoooookiE> mdeslaur: I don't need apparmor . Just thougt it could be default on ubuntu.
<mdeslaur> MoooookiE: it definitely is by default, which is why it's odd you don't have it installed
<patdk-wk> not if you do min-install
<mdeslaur> well, if you don't have the tools, and you don't see denied messages, it may not be apparmor
<mdeslaur> patdk-wk: seriously? I'll have to fix that...
<MoooookiE> mdeslaur: do you have an idea what it could be instead of apparmor?
<patdk-wk> pretty sure, never installed on any of my installs
<mdeslaur> MoooookiE: sorry, no
<MoooookiE> someone else here who can help me with ubuntu+mysql?
<KM0201> is there something i can install on my server, so i can use a web browser to view details of the server (i read about SWAT, but it seems unsupported now).. i just wann asee details like disk use, processes, etc.
<sbeattie> MoooookiE: the contents of /var/log/mysql/server1.err or some of the other /var/log/mysql* may be of interest.
<hggdh> Daviey: there?
<ewj> if 'apt-cache show openssl' is showing me two versions of the package (one of which is "fixed" and the other not), can I be confident that the fixed one is the one currently in use?
<mdeslaur> ewj: dpkg -l | grep openssl will show you what's installed
<MoooookiE> sbeattie: all empty
<MoooookiE> sbeattie: and /var/log/mysql/server1.err is not created
<ewj> mdeslaur: ah, excellent, thank you, that's what I was looking for!
<MoooookiE> sbeattie: there are just this entrys in /var/log/syslog
<sbeattie> ewj: 'apt-cache policy openssl' will also show you which version is installed
<ewj> sbeattie: also good to know, thanks :)
<renatocan_> Hello! I need a web interface to change smbpasswd passwords. Any suggestions ?
<patdk-wk> use command line instead?
<KM0201> patdk-lap: any idea on like a general WebUI to view performance oof the server>?
<KM0201> woops
<KM0201> patdk-wk: see above.
 * patdk-wk just uses munin
<genii-around> renatocan_: ebox has a samba module
<KM0201> patdk-wk: munin?.. is tha tin the repos.
<patdk-wk> yep
<patdk-wk> or cacti, or ...
<patdk-wk> I would say munin is the most painless to install, cause it mostly autoconfigures itself
<KM0201> munin it is!..lol
<renatocan_> thanks. I'll take a look at ebox.
<philipballew> if I want to have my comp run rsync -azv  /home /myusername  /path/to/externalharddrive once a week how would i do that with a script and a cron job?
<patdk-wk> why use a script
<patdk-wk> just shove that in cron
<JoeGazz84> Hello. Anyone know of any good panels I can use on ubuntu webserver 10.04? EHCP messes up nginx files and webmin is ugly and it doesnt work very well...
<JoeGazz84> Any others?
<JoeGazz84> free of course
<patdk-wk> JoeGazz84, I always enjoyed vi
<philipballew> i just make a text file with that command and set the file with root privileges? patdk-wk
<patdk-wk> philipballew, no
<patdk-wk> you use crontab -e, probably after you use man crontab
<JoeGazz84> patdk-lap: vi? is that the full name?
<philipballew> gonna need to look into this
<patdk-wk> well, man 5 contrab
<patdk-wk> JoeGazz84, it's a joke, none of them are really any good, cause if you make any changes from what it wants for a default, it gets screwed all up
<patdk-wk> so it's best to just do it manually
<JoeGazz84> Oh, but the thing is, there are a multitute of us who are clueless to all the shell commands... Are there any other panels, IDC if the y are necessarily /good/, we just need a decent one
<patdk-wk> you don't need any shellcommands, it's just editing text files
<JoeGazz84> wait wait, what?
<patdk-wk> that is all the panels do, edit text file, restart program
<Daviey> hggdh: hey.. i got your email.. good stuff!
<hggdh> Daviey: thanks. I am now looking into the udeb integrations
<Daviey> hggdh: do you want to raise a merge proposal against my branch?
<hggdh> Daviey: will do, I was not aware we could request mergers to ./+junk
<Daviey> hggdh: Yeah, i am kinda concerned that the d-i integration *might* need to be within the app.
<guntbert> renatocan_:  be warned, ebox does its own thing, it doesn't work with the system's config files
<Daviey> cjwatson suggested referecing against netcfg.
<hggdh> Daviey: yes, I was wondering... libxmlrpc... are they available on install?
<hggdh> Daviey: yes, I added it this way to ./debian/control (and depending on network-integration)
<hggdh> cjwatson's work on Eucalyptus udeb is not going to waste ;-)
<adam_g> zul: did glance-api.conf + glance-registry.conf get moved to a single glance.conf in the last week or so?
<zul> dont think so
<zul> why?
<adam_g> installing from trunk for the first time since last week, and it looks like thats whats goin on. ugh
<Daviey> hggdh: libxml can be, that isn't a concern
<hggdh> Daviey: ack
<Daviey> adam_g: AFAIK they are still seperate, there is a NEW one called glance-scrubber.conf which utlemming is working on atm
<adam_g> hmm
<Daviey> adam_g: you might be having pain if that is missing?
<adam_g> not having any pain yet.. just wondering what the hell has happened in the last 4 days :)
<adam_g> the ensemble formulas need to be updated accordingly.. next week we should discuss how this is going to maintained moving forward. is there an agenda up anywhere?
<hggdh> Daviey: I really do not know how to propose a merge to ./+junk/cobbler-enable. Is it possible?
<Daviey> hggdh: should be possible.. :/
<Daviey> hggdh: push it up to your +junk/$something
<hggdh> Daviey: ack
<hggdh> Daviey: lp:~hggdh2/+junk/cobbler-enroll2
<Daviey> hggdh: pah, you are quite right - you can't merge proposal +junk branches
<Daviey> that sucks.
<Daviey> hggdh: I'll merge locally
<Daviey> thanks
<Daviey> hggdh: linking against debian-installer, but doesn't use it?
<hggdh_> Daviey: I forgot to add an include <debian-installer.h>
<hggdh_> I am *guessing* d-i intercepts/wraps some common calls, like printf
<hggdh> Daviey: I am going to build the packages now, and see what happens
<Daviey> hggdh: nfi
<hggdh> heh?
<Daviey> hggdh: I don't know of a better of testing udebs.. the way i did it with euca was to netinstall, and have an addional archive with my udeb
<Daviey> a real PITA to setup
<Daviey> there must be a simplier way
<hggdh> I agree, something simpler must exist. I hope...
<Daviey> hggdh: You also have to fude the Contents.gz IIRC to include udebs.
<Daviey> fudge*
<Daviey> really not very awesome.
<hggdh> indeed :-(
<Daviey> hggdh: I'm tempted to have two cobbler-enrolls.. one for general consumption, and one for installer
<Daviey> ideally, code sharing.
<hggdh> Daviey: does not sounds like a bad idea
<hggdh> Daviey: let me see if I can build the momster, at least
<Daviey> hggdh: good cookies
<hggdh> :-)
<Daviey> RoAkSoAx: How much do you have on your plate atm?
<hggdh> Daviey: OK, beginner's question, chicken&egg: how can I bzr bd if there is no .tar.gz, and quilt is complaining about that?
<maxb> *quilt* is complaining about that?
<Daviey> hggdh: bzr bd --split
<Daviey> hggdh: there isn't yet an upstream tarball, so splitting by /debian and assuming everything above it is upstream is safe.
<Daviey> hggdh: --split does that for you
<hggdh> Daviey: ah, my fault, I also had --native there
<hggdh> works like a champ (mind you *not* a chimp)
 * zul thinks its time to roll a new cobbler tarball
<Daviey> zul: best wait a few hours to dput, just incase.
<RoAkSoAx> Daviey: right now im working on ensemble/orchestra, need to review/postpone some workitems related to cluster/powernap need to do a few testdrive fixes, and need to start with the arm/cobbler stuf
<RoAkSoAx> Daviey: what do you hve in mind?
<kirkland> RoAkSoAx sounds *very* busy :-)
<RoAkSoAx> kirkland: it is :) :(
<HotPornYo> Check it out: http://bit.ly/HotPornYo
<kirkland> moderator???
<RoAkSoAx> !ops
<ubottu> Help! Channel emergency! soren, lamont, mathiaz or tom
<RoAkSoAx> heh i think we need new moderatos
<HotPornYo> lol
<HotPornYo> it's a joke guys
<oCean> HotPornYo: not funny, not acceptable
<HotPornYo> I'm tracking to see how many people actually click it as part of a field study.  It just takes you to a page that says "Thanks for your vote"
<Daviey> RoAkSoAx: I wondered if you wanted to setup a fresh oneiric machine in the lab for usage next week?
<Daviey> (as a cobbler server)
<r4__> I have a working master LDAP server and a slave server...is there a way i can force an update on the slave?
<HotPornYo> ...and how fast I get booted.
<tkeith> How is the private cloud software for Ubuntu Server? Does it all work well? Is it production-ready?
<RoAkSoAx> Daviey: I guess I could do that tomorrow... remind me please :)
<Daviey> RoAkSoAx: sure thing! Great news
<hggdh> Daviey: conditional compilation could do the trick, but I guess we have to move out of the simple ./rules you have
<cemerick> Just getting started in ubuntu 11.04 â I'm attempting to set PGDATA in /etc/postgresql/8.4/main/environment (as recommended in /etc/init.d/postgresql), but that does not seem to impact the value provided to postmaster via -D.  Any thoughts?
<Daviey> hggdh: Hmm
<Daviey> hggdh: I wondered if the udeb version could not just make use of the functions in the primary one?
<Daviey> link against it?
<hggdh> IDK. I was basing on the eucalyptus work, but there the udeb is simply for, ah, udeb
 * RoAkSoAx goes on the hunt for pandboard's accessories
<hggdh> but it explicitly links against debian-installer, and has this #include <d-i.h>
<Daviey> hggdh: Yeah, it might just be easier to duplicate the code for this cycle.  We can't spend too much time on it atm.
<Daviey> working > ideal
<hggdh> agree
<hggdh> and (just looked) has a few di_* calls in there, doing some sort of magic that I guess only Colin can decipher
<Daviey> Yeah, the docs are not good for drive by contributors
<hggdh> aye
<Daviey> hggdh: BTW, did you see the last debconf template question?
<Daviey> the shutdown note?
 * hggdh considers secluding self in a small shell on a frigid northen beach
<hggdh> Daviey: let me get the details
<Daviey> hggdh: It needs to halt following executing this code..
<hggdh> Daviey: what, trhe install?
<Daviey> hggdh: yah
<Daviey> hggdh: We are abusing d-i to execute this code, purely to get it registered with cobbler.
<Daviey> cobbler then decides how/if to install the node.
<hggdh> this is fun
<Daviey> hggdh: sarcaism isn't good :)
<hggdh> ah, sorry
 * hggdh runs in circles, screaming
<hggdh> Daviey: OK. let's get back to beginning. We are considering two packages, one run-time, one d-i
<hggdh> on the d-i, we need to have -- somewhat magically -- to have the templates & questions & results integrated with the call to cobbler-enroll, and *then* d-i must stop
<Daviey> hggdh: yeah, the standalone is purely a want.. the udeb is a need.
<Daviey> hggdh: yeah, calling halt.
<Daviey> Could do with colins help here.. it might be possible to skip directly to halt in the installer
<Daviey> i honestly don't know
<hggdh> yes
<Daviey> if not, we need to implement that
<hggdh> there are at least two "halts"
<hggdh> one -- d-i stops churning, but the machine is still alive (something else running?)
<hggdh> the other is a real, honest-to-god, halt. I guess you mean the first one
<Daviey> hggdh: no, i mean a power off, hard halt.
<hggdh> oh, that should be easier
<Daviey> hggdh: This work is purely for hardware discovery.
<hggdh> ok
<hggdh> huh
<hggdh> so someone powers on a new machine, boots an ISO (or preseed), this code gets run, and the machines poffs
<hggdh> or PXE-started?
<Daviey> hggdh: well the beauty of it being on the iso, means it can be PXE started.
<Daviey> The real use case is PX starting, but on the iso for smaller shops and for example
<Daviey> The larger outfits would never fill in the fields we are adding, that would all come down the pipe from a preseed
<hggdh> yes, makes sense
<hggdh> OK. We are back to the udeb
<zul> has anyone tried the ipmi stuff out in cobbler yet?
<hggdh> will look for mor examples, but I would say the code right now is missing the integration completely
<hggdh> ah, cool, starting to understand how it works
<Daviey> zul: I don't have any 'spare' IPMI enabled servers.
<Daviey> hggdh: do you know if the lab machines have IPMI?
<Daviey> ah crap, they are HP so iLo.
<kirkland> RoAkSoAx: ivoks: this makes me sad: http://lwn.net/Articles/452949/
<kirkland> "(The free service for Fedora and Ubuntu appears to still be functioning, for now - but who builds a high-availability system on those distributions?). "
<mdeslaur> kirkland: so much for impartial journalism :P
<hggdh> Daviey: the server lab is HP, the QA is Dell
<Daviey> kirkland: *sigh*
<kirkland> mdeslaur: par for the course for LWN
<Daviey> hggdh: Interesting, might try to get some testing in the QA lab then :)..  ISTR Dell's IPMI standard was different to the vendor i used to use, using the same standard :o
<hggdh> heh
<hggdh> Daviey: depending on how much/long you need it, we can arrange something
<Daviey> hggdh: 2 machines, min 2 hours.. I'd quite like the various out of band stuff to be checked with as much as we can pre-release
<lau> is there any issues with launchpad browsing code ? it returns 503...
<StevenR> lau: link?
<DanaG> Say, why would bonjour/avahi not work over ppp0 (ipsec+l2tp)?
<lau> StevenR: http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/files
<_johnny> anyone know if there's a photoshop helpchan on freenode?
<StevenR> lau: yeah, broken here too. File a support request maybe? https://answers.launchpad.net/launchpad
<Jare> _johnny: dunno, but what's the issue?
<Martyn> what's the expected behavior after installing postgresql on Oneric?
<Martyn> Should it automatically start the daemon?
<_johnny> i've created a vector (path/whatever you call it) cutout which should be a pattern. so what i want to do is use it to create a cirlce, as in, it should repeat it all the way around. i'm 99% sure i've seen it done before, but i'm not very good at google for my situation ;)
<_johnny> (i'm not a professional)
<RoAkSoAx> kirkland regarless.of.thst comment you would be surprised thst theres quite a.few ppl building ha in LTS
<RoAkSoAx> kirkland but the upcoming LTS will be better as past.releases had very updated and fully working ha services/infrastructure
<Martyn> okay, something +is+ wrong with the Oneric postgres package
<Martyn> it's not starting after install and it didn't start after I rebooted
<Martyn> it does run if I manually service posgresql start
<_johnny> Jare: http://www.max-realms.com/modules/newbb/dl_attachment.php?attachid=1293562213&post_id=10775 (it's a download as .zip, containing a pdf) :) in case you ever need something similar
 * RoAkSoAx cant believe he has spent 100bucks on cables for one pandaboars
<Martyn> what the heck did you buy?
<adam_g> zul: ping
<RoAkSoAx> Martyn: mini usb to usb, hdmi to dvi, and usb to serial
<Martyn> Why didn't you buy them from monoprice.com?
<RoAkSoAx> Martyn: can't seriously believe cables there are so damn expensive
<RoAkSoAx> Martyn: cause wanted to work on it this week but giving  a second though I thingk I'd just return them and buy online
<Martyn> I have 6 pandaboards here, pretty much the same setup, and -all- the cables combined didn't come up to $100.
<Martyn> Yeah, that would probably be a good idea.
<Martyn> That's just a waste of money
<kirkland> RoAkSoAx: word
<kirkland> RoAkSoAx: throw up a comment to my blog post to that affect ;-)
<frumin> hello
<RoAkSoAx> Martyn: indeed!!
<RoAkSoAx> kirkland: will do... looking at it now
<frumin> does anyone know the best way to upgrade from ubuntu server 6 to the latest version?
<RoAkSoAx> Martyn: do you recommend using the recommended digikey power supply or just the mini usb to usb?
<Martyn> use the right power supply
<Martyn> USB tends to brown out
<Martyn> it just can't supply the power the panda really wants
<Martyn> I actually have mine hooked to a more robust bench power supply now...
<RoAkSoAx> Martyn: ok cool, thanks for the advice
<RoAkSoAx> Martyn: 4gb of storage is enought right?
<RoAkSoAx> 4gb sd cards
<RoAkSoAx> Martyn: or will micro sd with adapter work too?
<Martyn> more than enough
#ubuntu-server 2011-08-05
<jdevel> This is a config for dovecot, in the example at http://pastebin.com/rWJSSuXk in the auth default{user = root} does this user really need to be root?  Why not the virtual_mail user?
<bkerensa> jdevel: I dont think it requires root
<patdk-lap> jdevel, what kind of example is that? looks very old
<jdevel> I found it on the web
<jdevel> I'm sure it is old
<patdk-lap> well, if you need root or not all depends on how you have the sql setup
<patdk-lap> does it need root to access the sql server?
<jdevel> it shouldn't, I have all the postfix virtual user/domain data in a database with it's own user
<jdevel> and that user is used to do the authentication
<patdk-lap> yes, but how does it access it? socket? tcp? ...
<jdevel> I believe it's using a socket
<jdevel> so it's a postfix, dovecot, saslauthd, mysql setup
<jdevel> using mysql to handle the virtual users
<patdk-lap> just make it whatever you want, like, dovecot
<jdevel> anyone know a good open relay test?
<jdevel> something fast
<jdevel> other than telnet
<rww> jdevel: as in mailserver open relay?
<alamar> there's one from abuse.com iirc
<alamar> er.. abuse.net
<rww> http://www.abuse.net/relay.html (first Google result for "open relay test")
<alamar> that's the one %)
<zul> adam_g: dealing with tired 4 year old whats up?
<DanaG> argh, stupid forked-daapd... doesn't respond to sigterm.
<twb> offtopic, but I have a strange behaviour -- wine1.2 is installed (from lucid-updates), but dpkg -L says that package doesn't contain wineprefixcreate.  WTF.
<twb> and yet packages.ubuntu.com lists it in wine1.0 and wine1.2's Contents files for i386 lucid
<twb> http://packages.ubuntu.com/search?searchon=contents&keywords=wineprefixcreate&mode=exactfilename&suite=lucid&arch=i386
<rww> It's in lucid's and not lucid-update's, according to packages.ubuntu.com.
 * rww pages through changelogs
<rww> ah. http://wiki.jswindle.com/index.php/Wineprefixcreate says it's deprecated
<twb> rww: thanks.
<twb> rww: that's gonna screw with me because I'm create a partial wine skeleton, and I'm using wineprefixcreate to finish populating .wine with default values
<twb> Is there another way in e.g. /etc/skel to set up wine registry and drive letter mappings, without having to have an entire .wine in /etc/skel?
<twb> Having the whole .wine in there is problematic because it e.g. includes user-specific /home/fred paths
<twb> Hmm, that page mentions using wineboot instead; I'll play with that
<braxton> Heeeeeello gents.
<braxton> I just installed a mail server via tasksel.
<braxton> I was able to send a message to my gmail, which was weird enough
<braxton> But then when I replied, I couldn't figure out how to receive my mail on the server.
<Delerium_> braxton, Replying from gmail to your server?
<braxton> Yeah.
<braxton> I was a bit confused during the setup in tasksel.
<Delerium_> braxton, Do you have you own domain with a MX records?
<braxton> It asked me which type of mail server I wanted, or the configuration, that is, and I chose the second from the top--Internet.
<braxton> No, I don't. I just used my IP address to reply.
<Delerium_> (never use tasksel... I only install Zimbra ... So I'm just trying to help you out with the best of my knowledge)
<Delerium_> braxton, that's probably the reason why ... when a email server is trying to "route" the email, it will look at the DNS to see if your domain have a MX records (which points to the mail server for your domain)
<braxton> I don't have a domain for the computer I used.
<braxton> Er...
<braxton> So, you're saying I can't just send an email to me@xxx.xxx.xxx.xxx?
<braxton> OH!
<braxton> I think I know why!
<Delerium_> braxton, Not using gmail, since I ***THINK** it will try to resolve the MX record in the DNS.  And if it's a local server (home), I guess port 25 might be blocked
<braxton> I didn't set up the port forwarding on my router and modem so that it would get to my computer.
<Delerium_> braxton, indeed, that's something to tet
<braxton> I'm such a dunce. That's why it could get out but not back in.
<Delerium_> .. test..
<Delerium_> braxton, try it.. but I doubt ;)
<braxton> I think it might work, I can be hopeful :D
<Delerium_> braxton, but again, I'm no expert
<braxton> Port 25, you say?
<twb> The obvious first question is: have you set up a mail server before?
<Delerium_> SMTP: Port 25 - POP3 - Port 110 (if I remember correctly)
<twb> Then: have you read what the Ubuntu Server Guide has to say about doing so?
<twb> Delerium_: yes, MTAs will speak to one another using SMTP on port 25/tcp by default.
<Delerium_> twb: and AFAIK, you need a MX record in a DNS ?  If not, you can't only "reply" to a IP Adress on which a SMTP is listening!?
<braxton> It sort of worked, but not really.
<braxton> This time, my server gave me an error code.
<Delerium_> Which is?
<braxton> The error that the other server returned was: 501 501 5.1.3 Bad recipient address syntax (state 14).
<braxton> So...
<twb> You need an MX RR, yes.
<braxton> Is it even possible to run a little mailserver from a home computer without a fqdn?
<twb> braxton: yes, but unless you own a domain, nobody will send it any email
<braxton> I'm just doing it as an experiment.
<braxton> I'd still like to know how, if at all, I can send an e-mail to it.
<DanaG> Could you do it with dyndns?
<braxton> Oh, well, yeah.
<braxton> I do have that set up already.
<braxton> Okay, at DynDNS, there's an option that says,
<braxton> "I have mail server with another name and would like to add MX hostname..."
<braxton> Should I select that and what does it mean?
<DanaG> Try without that option, with your dyndns.
<braxton> MMmmkay.
<DanaG> You might as well, before enabling that option.
<braxton> Okay, so I sent it to the DynDNS address I already set up for web hosting.
<twb> You might as well ensure you can manually speak SMTP to it from the outside world before you bother with DNS
<braxton> Great, that failed.
<braxton> The error that the other server returned was: 554 554 5.7.1 <root@braxton-comic.dyndns.org>: Relay access denied (state 14).
<braxton> Okay, how should I go about doing that, twb?
<twb> braxton: relay means you asked it to deliver mail for a domain for which it is not responsible
<braxton> What?
<twb> e.g. connecting to gmail and saying "hi, please accept this message for fred@example.com and send it on to him"
<braxton> Sorry if I'm bothering you guys.
<braxton> Oh.
<twb> Doing so would be an "open relay", which is not done these days because it's carte blanche for spammers.
<braxton> So maybe that option should be selected?
<rww> braxton: mailservers are hard. I spent a lot of hours scratching my head when I first started rolling my own ;)
<twb> rww: hear, hear
<braxton> Quite.
<braxton> Now that you explain that error, twb, I think that option does make more sense now.
<braxton> I just don't know what to put there.
<twb> What option?
<braxton> It says, "I have mail server with another name and would like to add MX hostname..."
<braxton> And then below that it says, "Use this as my primary relay..."
<braxton> But I don't know what an MX hostname is.
<twb> braxton: suppose you want to send mail to fred@example.net.  You do this by looking up the DNS MX RR(s) for "example.net" -- dig -t MX example.net +short
<twb> braxton: that tells you what host to connect to to send it mail
<braxton> Okay.
<braxton> So what should I put in that field?
<twb> rww: re wineprefixcreate vs. wineboot -- worked out how to use the latter, it's working better than before.  Thanks for your input.
<rww> welcome
<twb> braxton: well, you can have a look at my MXs -- prisonpc.com and cyber.com.au
<braxton> twb: I don't have an MX hostname, do I? :c
<twb> I don't know what "MX hostname" means
<braxton> Neither do I.
<braxton> It's asking for one, though.
<twb> I can tell you about DNS zones, but I don't know what random DNS web frontends want
<rww> presumably it means the hostname to put in the MX record
<twb> Probably
<braxton> I'm really sorry for my ignorance, and I appreciate your help.
<DanaG> You might make it the same as your http server.
<braxton> So what, just put in the xxx.dyndns.org address in there?
<rww> but yeah, I'm limited to what I know from experience with Real DNSâ¢, not dynamic DNS :\
<twb> As rww said, setting up your own MTA is hard work.
<rww> braxton: I'd probably try that, yes
<twb> rww: eh, dynamic DNS is just short TTLs
<twb> rww: dyndns.org OTOH have a bunch of "value adding" on top of that.
<braxton> I don't think it's going to let me do this. I'm just disappointed now.
<DanaG> I use a dyndns that's .mooo.com
<DanaG> Or rather, a dyndns competitor.
<Bernhard> How do i create a hard link to this directory /usr/share/nginx/www/site/userfiles from this directory /usr/share/nginx/www/site2/             So when the website script on site2 want to create files in dir /userfiles it will be done in /usr/share/nginx/www/site/userfiles
<braxton> Isn't that done using ln or something?
<twb> Bernhard: you cannot hard-link directories.
<twb> Bernhard: well, technically, some filesystems allow you to do so, but it's still super bad juju
<Bernhard> oke.. or symlink ?
<rww> cd /usr/share/nginx/www/site2/, then ln -s ../site/userfiles
<rww> I don't know whether this will actually achieve the end result you want, as I only use apache and it gets grumpy about symlinks at times, but that's how to do it ;)
<Bernhard> should that newly created symlink have the name of the directory it orginally to go to ?
<free99> hey all, seemingly random question: I have an encrypted home directory on my 11.04 server, when I logout, then log back in, I am getting an error regarding .gvfs
<free99> apparently this is a problem that's been around for a while, someone suggested putting this into .logout: /bin/fusermount -zu "$HOME/.gvfs" 1>/dev/null 2>&1 || true
<free99> is there perhaps a better method? I have also heard that (because I'm running GDM) I can put it into /etc/gd/PostSession/Default
<hggdh> Daviey: when you wake up -- a bit more done, missing pretty much just the postinst, on my ~/+junk/cobbler-enroll2
<hggdh> Daviey: now I will hit the bed... back in 7 hours
<ewj> I have to upgrade Apache and OpenSSH to versions ahead of the ones that come through apt-get in 8.04 - what's the easiest path there (i.e. the one that least likely involves me re-setting up the whole server from scratch while everyone complains about the services being down)?  Upgrade the distro altogether, compile from source, add a repo from a more recent distro?
<jmarsden> ewj: Easiest is to see if the versions you need are already in hardy-backports -- if they are, use that repo and install the updated packages.
<ewj> jmarsden: hmm, no, backports doesn't seem to have them, unfortunately
<jmarsden> Then you need to decide which is lower risk for you: (a) upgrade the server to a new distro or (b) backport them yourself.
<ewj> what's involved in a backport?
<ewj> I realize that by asking that, it probably proves that it'll be too tough for me :)
<jmarsden> ewj grab source package, unpack, change version, debuild, see what broke if anything (may new newer versions of other related packages, for instance), fix those things, retest... usual packaging stuff.
<ewj> yeah, ok
<jmarsden> if you've never created a package, that's a high risk task.
<ewj> how risky is it to upgrade the distribution altogether?
<jmarsden> So... back up the server and verify the backups, then do the upgrade.   How risky that is depends on what else the server does and how much its setup was customized in "interesting" ways in the past...
<ewj> I've done it on desktop ubuntu before without much trouble, but this is a remote box that I have to ssh into, which makes it trickier
<jmarsden> ewj: If your provider offers remote console stuff, and ideally a "boot rescue distribution" capability, it's safe enough.
<ewj> sadly, there's no provider, it's a box sitting in someone's office on the other side of the country :(
<jmarsden> Then best you can do is do it when the other person is physically present at the box, in case you need someone to push buttons/tell you what is on the screen/etc.
<ewj> this damn box pretty much just serves up svn, I'm thinking it might be less trouble to yank that stuff off of it and set up a fresh svn server in the cloud, switch dns when it's working
<jmarsden> Replacing it with something more manageable sounds a good idea to me.  If you need a cheap virtual private server, look at linode.com or similar offerings...
<jmarsden> But if it only servs up svn, why does it need ultra new ssh and apache???
<ewj> yeah, the company has most of their servers running on a service like that, it'd probably be best to bring it all in line
<ewj> eh, typical security audit stuff
<jmarsden> 8.04 server is still supported, shouldn't be any known security issues in ssh or apache on it...
<ewj> someone in security ran a scan of the public ip, found old versions of apache/ssh
<ewj> I know, that's what I thought, too
<jmarsden> But did they find *vulnerabilities* in it?  That's the question.
<ewj> No, they found version numbers that suggest vulnerabilities, I think
<ewj> But try explaining the difference to a scanbot... :)
<jmarsden> Then you can just look up the possible vulbnerabilities, point them to the updates in the changelogs for those packages where the fixes were added...
<ewj> there's some stuff in there that's just DOS-related that actually doesn't appear to be patched in Hardy, at least as far as I could tell, too
<jmarsden> OK.  Anyway... your company politics, not mine :)
<ewj> yeah, you know how it goes sometimes...the overlord in this case is a biggish one, and I'm several steps removed (I'm just a consultant that would have been writing normal code if the company didn't have a hands-on-deck shortage at the moment), so I've gotta go with what they're asking for...
<ewj> I'll figure it out one way or another, thanks for the advice :)
<jmarsden> ewj: You're welcome.
<Daviey> hggdh: you rock! :)
<smb> Daviey, Do you think we get the MIR for ipxe sorted before feature freeze... Ok, I admit this is a bit of a put salt into open wound question and the we is rather a you of sorts...
<Macer> hello. it appears that when my server crashed grub just sat there at the menu. i edited grub.cfg and changed the -1 to 10 for recordfail. is this the right way to prevent it from just not booting if it crashes or loses power?
<uvirtbot> New bug: #820101 in lm-sensors (main) "package libsensors3 1:2.10.8-2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Medium,New] https://launchpad.net/bugs/820101
<Ursinha> bom dia
<Daviey> Ursinha: o/
<Ursinha> Daviey: morning, sir
<Daviey> just about.. almost afternoon ma'am.
<Dori922> what does the "Source" command do?
<uvirtbot> New bug: #821077 in apache2 "Apache2 segfault with SSLProxyMachineCertificateFile (upstream patch not applied in ubuntu)" [Undecided,New] https://launchpad.net/bugs/821077
<uvirtbot> New bug: #821183 in samba (main) "winbind won't connect to server during startup" [Undecided,New] https://launchpad.net/bugs/821183
<uvirtbot> New bug: #820540 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.7 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Medium,Incomplete] https://launchpad.net/bugs/820540
<uvirtbot> New bug: #820953 in mysql-5.1 (main) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/820953
<uvirtbot> New bug: #820968 in nova (universe) "nova-objectstore runs as root" [Undecided,New] https://launchpad.net/bugs/820968
<uvirtbot> New bug: #820997 in eucalyptus (main) "instances lose public IP" [Undecided,New] https://launchpad.net/bugs/820997
<uvirtbot> New bug: #821003 in eucalyptus (main) "UEC Node controller loses connectivity" [Undecided,Confirmed] https://launchpad.net/bugs/821003
<uvirtbot> New bug: #821026 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.7 failed to install/upgrade: subprocesul s-a instalat scriptul post-installation returneazÄ starea de eroare la ieÈire 1" [Undecided,New] https://launchpad.net/bugs/821026
<uvirtbot> New bug: #821047 in exim4 (main) "package exim4-config 4.71-3ubuntu1.3 failed to install/upgrade: subprocesul s-a instalat scriptul post-installation returneazÄ starea de eroare la ieÈire 1" [Undecided,New] https://launchpad.net/bugs/821047
<Daviey> oh golly.
<uvirtbot> New bug: #820527 in backuppc (main) "package backuppc 3.2.0-3ubuntu4~lucid1 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurÃ¼ck" [Medium,New] https://launchpad.net/bugs/820527
<uvirtbot> New bug: #820692 in bacula (main) "package bacula-director-mysql 5.0.3-0ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 (dup-of: 563039)" [Undecided,New] https://launchpad.net/bugs/820692
<uvirtbot> New bug: #820785 in samba (main) "package samba (not installed) failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/820785
<uvirtbot> New bug: #820866 in vlan (main) "ISO install problem: package vlan is missing" [Undecided,Confirmed] https://launchpad.net/bugs/820866
<uvirtbot> New bug: #820867 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.7 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 10" [Undecided,New] https://launchpad.net/bugs/820867
<uvirtbot> New bug: #820870 in postfix (main) "package postfix 2.8.1-1~lucid1 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 75" [Undecided,New] https://launchpad.net/bugs/820870
<uvirtbot> New bug: #820896 in clamav (main) "freshclam ERROR: Database load killed by signal 11" [Undecided,New] https://launchpad.net/bugs/820896
<uvirtbot> New bug: #820936 in apache2 (main) "Virtual server setup breaks Rewrite Rules" [Undecided,New] https://launchpad.net/bugs/820936
<Daviey> Ursinha: Having a good day? ^^ :)
<uvirtbot> New bug: #820239 in rabbitmq-server (main) "rabbitmq still being shown up from lightdm " [Low,New] https://launchpad.net/bugs/820239
<uvirtbot> New bug: #820339 in libvirt (main) "Live migration fails" [Medium,Incomplete] https://launchpad.net/bugs/820339
<uvirtbot> New bug: #820606 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 (not installed) failed to install/upgrade: podproces nowy skrypt pre-installation zwrÃ³ciÅ kod bÅÄdu 1" [Medium,New] https://launchpad.net/bugs/820606
<uvirtbot> New bug: #820691 in mysql-5.1 (main) "mysql will be stopped, but not started again, on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820691
<uvirtbot> New bug: #820700 in vsftpd (main) "vsftpd will be stopped, but not restarted, on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820700
<uvirtbot> New bug: #820715 in lxc (main) "sudo poweroff -n within a container just hangs" [Low,Confirmed] https://launchpad.net/bugs/820715
<uvirtbot> New bug: #820743 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Medium,New] https://launchpad.net/bugs/820743
<uvirtbot> New bug: #820675 in libvirt (main) "libvirt-bin upstart job will not be started again on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820675
<uvirtbot> New bug: #820679 in samba (main) "nmbd and smbd will not be started again on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820679
<uvirtbot> New bug: #820683 in autofs (main) "autofs will not be started again on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820683
<uvirtbot> New bug: #820685 in dovecot (main) "dovecot does not start again on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820685
<uvirtbot> New bug: #820687 in eucalyptus (main) "eucalyptus services will not be started again on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820687
<uvirtbot> New bug: #820690 in munin (main) "munin-node will be stopped but not re-started on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820690
<uvirtbot> New bug: #820694 in nova (universe) "nova upstart jobs will be stopped but not restarted on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820694
<uvirtbot> New bug: #820696 in sheepdog (universe) "sheepdog will be stopped but not restarted on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820696
<uvirtbot> New bug: #820698 in tftp-hpa (main) "tftpd-hpa will be stopped but not restarted on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820698
<uvirtbot> New bug: #820699 in tgt (main) "tgt will be stopped but not restarted on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820699
<uvirtbot> New bug: #820720 in lxc (main) "lxc-ps -n NAME does not work (but --name NAME does)" [Low,Triaged] https://launchpad.net/bugs/820720
<uvirtbot> New bug: #820483 in samba (main) "package smbclient 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocesso dpkg-deb --fsys-tarfile retornou erro do status de saÃ­da 2" [Medium,Invalid] https://launchpad.net/bugs/820483
<uvirtbot> New bug: #820533 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Medium,Incomplete] https://launchpad.net/bugs/820533
<uvirtbot> New bug: #820668 in cobbler (universe) "cobbler does not start on transition from runlevel 1 to 2" [Undecided,New] https://launchpad.net/bugs/820668
<Ursinha> kik
<Ursinha> lol
<Jeeves_> Someone woke up :)
<uvirtbot> New bug: #820432 in eucalyptus "using name in register causes internal server error" [Low,Fix released] https://launchpad.net/bugs/820432
<Ursinha> all of those bugs were already opened
<Ursinha> maybe the bot is crazy
<Ursinha> Daviey: can you access http://status.qa.ubuntu.com/reports/ubuntu-server/triage-report.html normally?
<uvirtbot> New bug: #807351 in lxc (main) "it would be cool to be able to clone an lxc container onto aufs for test runs - ephemeral containers" [Low,Confirmed] https://launchpad.net/bugs/807351
<Ursinha> I can ping it bug I can't access via webbrowser
<Daviey> Ursinha: no, it's down
<Ursinha> oh, wtf
<Daviey> Ursinha: ask IS
<Ursinha> Daviey: just did that
<Daviey> cool
<Ursinha> Daviey: I've been triaging a lot of bugs, it turns out that the sooner you reply the person that filed the bug, more the chances he actually replies that...
<Ursinha> and also... incomplete with response means that at least once the reporter replied
<Ursinha> so not really accurate for what I want that to mean
<Ursinha> so I've been asking them to set the bug back to new
<Ursinha> and that's helping
<Daviey> Ursinha: rocking!
<Ursinha> Daviey: can we have a call today? :)
<Daviey> Ursinha: sure, i'd like that.
<Bernhard> is it possible to make an image from my 74 GB system disk and put in on an 300 GB harddisk so that it can boot from that 300 GB ???
<KM0201> Bernhard: clonezilla?
<hggdh> mornings, mostly good, to all
<hggdh> Daviey: dear sir, comments?
<Daviey> hggdh: looked good so far!
<Daviey> hggdh: I'm not quite sure how post-install works in d-i
<jpds> Daviey got knighted?
<Daviey> jpds: Yes.. i tend not to use it in public tho.
<Daviey> hggdh: we don't have a /target i hope.. and that might be a requirement of post-install maintainer scripts.
<hggdh> Daviey: IDK either, docs sucks to a sublime level on that. But it would make sense
<hggdh> yeah
<hggdh> but it has to be driven from something like that, somewhere
<hggdh> Daviey: the other point of doubt is on ./debian/control, the udeb package, the XB-Installer-Menu-Item
<Daviey> hggdh: yeah.. i just don't think it can be configured.
<Daviey> as in dpkg --configure
<hggdh> aye
 * hggdh had forgotten dpkg --configure
<hggdh> Daviey: although --configure would drive the same questions we have to ask on install
<Daviey> hggdh: Yeah, my knowledge of udebs isn't as strong as i need it
<hggdh> there is also a finish-install
<Daviey> hggdh: yeah.. might need to block on Colin returning
<hggdh> heh
<Ursinha> Daviey: status.qa is back
<Ursinha> \o/
<Daviey> \o/
<Ursinha> SpamapS: hey, I see you filed a lot of runlevel1 bugs, what's the importance of them?
<hggdh> Daviey: http://d-i.alioth.debian.org/doc/internals/ch03.html at 3.1
<Daviey> hggdh: yeah, not helpful enough :(
<Dori922> what does the "Source" command do?
<Daviey> Dori922: 'source' ?  It is usually used for loading enviromental variables from a file
<Dori922> Daviey:  thanks bro :D
<Daviey>  such as source ~/.bash_rc (PRO TIP.. people tend to use "." for source)
<Daviey> Wow, Dori922, are you my long lost brother i've been searching for all these years?
<Dori922> Daviey:  i dont know.. am i? ;D
<hggdh> Daviey: dpkg --configure will not matter for a udeb, udebs are not installed on running systems
<Daviey> hggdh: top banana, that was my hope - but i didn't know
<Daviey> I did think it would require a /target tho
<hggdh>  /target, if I understand it correctly, will only be available when the base system is installed -- and I know there are udebs that process earlier, like euca (with a postinst and a finish-install scripts
<AceKing> I was in yesterday asking how to setup a file server. I received a lot of help in here, but with everything I tried on my own, I didn't accomplish anything. I tried setting up an FTP server using GADMIN-ProFTPD, and again just wasted a lot of time and got nowhere. Can someone attempt to help my sorry ass?
<AceKing> What I am trying to do is this, I want to be able to setup a  folder with files, and have family to be able to log in and download from me.
<patdk-wk> heh?
<patdk-wk> oh, so you dumped the gallery2 idea
<AceKing> patdk-wk, you were helping me yesterday
<patdk-wk> dunno what gadmin-proftpd is at all
<AceKing> patdk-wk, yes, I got way too confused
<patdk-wk> but normal proftpd works easily enough
<AceKing> patdk-wk, This is all new too me
<patdk-wk> personally, using ftp over the internet isn't so easy, cause of nat
<AceKing> So I shouldn't be using the GADMIN-ProFTPD?
<patdk-wk> oh, it's a gui configuration tool for proftpd
<patdk-wk> dunno anything about it
<AceKing> Yes, I need a GUI
<AceKing> I tried going to youtube and finding videos to help... That didn't help either.
<AceKing> And you said with gallery2, they would be able to download, or just view the files?
<patdk-wk> both really
<patdk-wk> if you configure mime types correctly
<_ruben> what's the difference between downloading and viewing images ? :P
<patdk-wk> videos
<AceKing> If they wanted to put them on DVD
<patdk-wk> no one said images :)
<AceKing> I know it would be a pain in the ass for you to give me a step by step. Is there any tutorials that can walk me though?
<_ruben> didnt know gallery2 also did video, only used it for images myself :)
<patdk-wk> gallery2 does anything
<patdk-wk> text files, pics, videos, binary, ...
<patdk-wk> it doesn't care what you upload to it at all, it just has special cases for pics, and alittle for video
<_ruben> ah
<AceKing> How did you guys learn this stuff?
<patdk-wk> I took the pain in the ass method :)
<patdk-wk> when I want to learn something, I want to learn it from the ground up
<_ruben> try, fail, read, try again, fail again, read more, ...., try again, succeed + remember
<AceKing> That's what I want to do, but I can't find where to get started
<patdk-wk> there is lots of info on gallery2's website on it
<patdk-wk> should be enough to get it setup and working
<patdk-wk> the issue is, 3 layers of other stuff under it
<patdk-wk> getting apache and php setup
<patdk-wk> so if you don't want to just hope it works
<AceKing> patdk-wk, Does php install with apache, or by itself?
<patdk-wk> you would have to learn about apache and php also
<patdk-wk> itself
<AceKing> ah, ok
<AceKing> I never installed that
<patdk-wk> it should autoinstall if you installed gallery2
<AceKing> Ok, I did install gallery2
<patdk-wk> I have never installed gallery2 using ubuntu though
<AceKing> I guess I have a lot of reading to do
<patdk-wk> most likely you only have a few small issues to fix
<patdk-wk> the issue is knowing what those issues are :)
<AceKing> LOL :)
<AceKing> patdk-wk, thanks again... Off I go
<uvirtbot> New bug: #821474 in openldap (main) "package slapd 2.4.23-6ubuntu6 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/821474
<hallyn> lifeless: did you ever try out the lxc package from ubuntu-virt ppa?  (i'm about to ask Daviey to push to the archive)
<hallyn> eh, works over here...
<hallyn> Daviey: http://people.canonical.com/~serge/lxc_0.7.4.2-3ubuntu6.debdiff    if that looks ok, do you mind pushing?
<Daviey> hallyn: looking
<Daviey> hallyn: What was the deal with switching out to /run ?
<Daviey> I know you nacked that the other day, but wondered why?
<Daviey> hallyn: do you reall want to rm -rf /var/run ?
<hallyn> Daviey: I nacked it bc switching to /run will be less backward compatible
<hallyn> Daviey: on a regular system, /var/run is tmpfs.  So yeah, there is nothing under /var/run that normally survives reboot.
<hallyn> no nreason not to rm -rf
<hallyn> If we get real reboot support next week, then (a) we can mount tmpfs on /var/run and (b) we can get rid of the rm -rf
<hallyn> this is all a side effect of having to allow the host to see the guest's utmp :(
<Daviey> hallyn: ok
<RoyK> hallyn: iirc /var/run is tmpfs by default at least on lucid
<robbiew> Daviey: hey...you planning on going to the release sprint?
<Daviey> robbiew: yah
<robbiew> cool...I'll be there, but I'm no help to the actual release any more
<robbiew> :P
<Daviey> RoyK: Yes, but in oneiric /var/run has been replaced by /run
<Daviey> robbiew: Ah, if you are going.. i don't need to. :D
<hallyn> RoyK: yup
<hallyn> RoyK: but on containers, we disable that mount
<robbiew> Daviey: that works too...given you're in the same TZ...your call
<pythonirc1012> how can i output the exact command that was used to start a process using "ps"? I see "python", but would like to see "python myscript.py"-- the one that top shows.
<hallyn> pythonirc1012: well you can look at /proc/$$/cmdline (words are separated by \0)
<hallyn> WTF?  I 'apt-get remove qemu-kvm qemu-common kvm-pxe', and apt decides that means it has to install virtualbox?
<Ursinha> pythonirc1012: I use ps aux and it shows pretty complete info
<hallyn> especially with auxw :)
<SpamapS> Ursinha: Medium.. should have set that when I created them.
<Ursinha> SpamapS: should we consider those confirmed already?
<SpamapS> Ursinha: I'd like to see somebody confirm them other than myself.. sanity checks and all. :)
<hallyn> mdeslaur: question on vm-new.  Is there a reason you use the full iso rather than the mini.iso from http://archive.ubuntu.com/ubuntu/dists/$release/main/installer-amd64/current/images/netboot/mini.iso ?  (I assume so, i.e. better for security team processes)
<mdeslaur> hallyn: so it reproduces most users installations, and also because I want a full desktop
<mdeslaur> I never actually managed to get the mini.iso working btw, but that's unrelated
<hallyn> mdeslaur: ok.  It does work for me (http://s3hh.wordpress.com/2011/08/05/quick-vm-installations/) but if it's not appropriate for vm-tools that's ok :)
<hallyn> mdeslaur: though perhaps I'll hack up vm-new-mini
<mdeslaur> hallyn: what do you typically install with that? I have no objections to adding a -t mini to vm-new
<hallyn> mdeslaur: my goal with thatusually is just to have something to run tests on.
<hallyn> i.e. i don't much care so long as it's uptodate and boots
<mdeslaur> hallyn: well, add it as -t mini, and I'll merge it in
<hallyn> mdeslaur: thx.  will do.
<mdeslaur> hallyn: cool, thanks
<mdeslaur> hallyn: I'd add it to my todo list, but I still have "Update main laptop to gutsy" on my todo list, so it may take a while :)
<nigelb> is there an easy way to say "I accept" to the sun jdk install?
<nigelb> my script blocks because of that
<Ursinha> SpamapS: fair enough :)
<lynxman> RoAkSoAx: ping
<rww> nigelb: I haven't looked, but I imagine it's deliberately not programmatic :P
<nigelb> rww: hah. *dislike*
<nigelb> :)
<Daviey> nigelb: I thought you could preseed that
<nigelb> Daviey: hm, how? create an AMI with it?
<Daviey> nigelb: sun-java6-bin	shared/accepted-sun-dlj-v1-1	boolean	true
<Daviey> sun-java6-jre	shared/accepted-sun-dlj-v1-1	boolean	true
<Daviey> bah, tab fail
<Daviey> preseed those values and you won't be prompted to accept.
 * nigelb tries
<Daviey> echo "sun-java6-jre shared/accepted-sun-dlj-v1-1 boolean true" | debconf-set-selections ; apt-get install sun-jd*-etc
<Daviey> nigelb: ^^
<nigelb> Daviey: Gosh, that's awesome :)
<nigelb> Thank you!
<Daviey> good stuff, hope it work
<Daviey> s
<lickalott> guys i'm having an issue that i can't seem to pinpoint.    I'm running znc on my server.  the server has an uptime of Running for 1w 4d 23h 25m 13s right now, but my znc/clients seems to drop off line, randomly.  I didn't see anything in /var/log that would lead me to anything i could troubleshoot.   has any one seen this or have any idea what i could do to fix it?
<pythonirc1012> Ursinha: Thanks.
<pythonirc1012> Is there an automatic way to grep on ps aux and kill all processes that match a certain pattern?
<lickalott> xargs
<Ursinha> pythonirc1012: you might want to look at pgrep and pkill
<lickalott> is it something you want to do all the time pythonirc1012?
<bkerensa> lickalott: Nothing at all showing up in logs?
<lickalott> not that i'm seeing.
<lickalott> i see some updates coming in and was wondering if it was knocking my interface off to secure more bandwidth, but not all the users get dc'd.
<bkerensa> odd
<bkerensa> lickalott: I personally dont have a lot of experience with znc but I do use PsyBNC which is stable
<lickalott> yeah...  i've been battling this for about a month now.  Looked up bugs in 11.04 and found nothing, scoured forums for similar issues and found nothing.  I'm almost at the point of a wipe and reload, but i'm not 100% convinced that it will help
<SJr> Um my server's filesystem seems to have disappeared
<lickalott> ?
<SJr> bash: /bin/ls: No such file or directory
<lickalott> can you cd to it?
<SJr> yeah
<lickalott> you see anything?
<SJr> nope
<lickalott> just bin?
<SJr> no every folder seems empty
<SJr> except for other directories
<bkerensa> SJr: Can you cd / and paste results to paste.ubuntu.com
<SJr> apache2 says the same thing (one of my webapps)
<SJr> results of what, the cd?
<bkerensa> better yet
<lickalott> ls
<bkerensa> SJr: You said ls is not workin
<bkerensa> ?
<SJr> yeah
<bkerensa> hmm
<SJr> hmmmm
<bkerensa> SJr: Run any weird commands?
<bkerensa> SJr: Are you able to look at bash history
<lickalott> maybe load live cd, mount your parition and copy over bin from cd as a start
<SJr> no I just got up
<SJr> no it's worse than that, everything seems gone
<lickalott> those mice ran a rm -rf *
<SJr> No I doubt it
<SJr> the directories seem to be there
<lickalott> has it been on this whole time?
<SJr> lol typing 'help' kills whatever session I'm in
<lickalott> sorry bkerensa...don't want to step on your toes man.  you want this?
<SJr> one of them said "Bus Error"
<bkerensa> no go ahead I have to run anyways
<lickalott> can you see history?
<SJr> I think I've lost every session
<SJr> samba seems to work for different drives, I think the hard drive may have just tanked
<SJr> one of the mounted drives still has data in it.
<SJr> and I'm watching an episode of Curb and it seems to work
<SJr> I suspect rebooting is the end of this server
<lickalott> are you running straight server or did you grab the GUI package?
<SJr> straight server
<lickalott> wait 1
<lickalott> have you checked the lost+found dir?
<lickalott> http://www.techtalkz.com/ubuntu-linux/383482-access-lost-found-directory.html
<SJr> I think I have to reboot
<lickalott> maybe run an fsck?
<SJr> I suspect that the drive is dead
<SJr> anyway since this is a bouncer I have to try and reboot
<SJr> back
<RoyK> front
<SJr> what should I check in terms of files, the system came back up
<lickalott> which ifconfig
<lickalott> does it return anything?
<SJr> me?
<lickalott> yes
<lickalott> lemme ask you this first...  what's your unix knowledge level?  1 - 10 (10 being highest)
<SJr> /sbin/ifconfig
<lickalott> don't want to offend/talk to you like a 3 y/o if i don't have to
<SJr> I guess a 7 probably
<lickalott> k
<SJr> Comp Sci Major, studied operating systems :)
<lickalott> ls works now?
<SJr> yeah
<lickalott> did you run fsck?
<SJr> not yet, I was having some problems running it before
<RoyK> SJr: remount the root read only (mount -o ro,remount /) and fsck it
<SJr> I had some other disk issue recently, I don't remember the specifics
<SJr> do I switch runlevels first?
<lickalott> i would back up your important stuff now while you can, then start some PMI
<SJr> PMI?
<RoyK> SJr: runlevels?
<lickalott> maintenance
<SJr> this would be the root drive, that has nothing of importance on it at the moment
<RoyK> SJr: it's safe to fsck a filesystem once it's remounted ro
<SJr> yes but I can't actually remount it, while I'm in the default runlevel as too much stuff is open
<RoyK> runlevels are just sets of whatever should be started etc
<SJr> mount: / is busy
<RoyK> SJr: mount -o remount,ro
<RoyK> with -o remount it should never say it's busy
<SJr>  mount -o remount,ro / responds with  mount: / is busy
<genii-around> Might need --force
<genii-around> or equiv
<RoyK> if that doesn't work, init s
<RoyK> or reboot in single mode
<SJr> will that kill ssh?
<RoyK> it will indeed
<RoyK> SJr: you might want to touch /forcefsck; reboot
<RoyK> but if you don't have a remote console on that, it might stay down if it finds something bad
<SJr> I just don't want to hook up a monitor to it
<RoyK> is this a remote server?
<lickalott> do you have  ubuntu on a laptop?
<lickalott> and a serial cable?
<hallyn> feh, 10 mins wasted due to -o/-O wget mixup :)
<SJr> I don't have a serial port on the laptop :)
<SJr> or perhaps on the server
<lickalott> sounds like you're going to have to throw a monitor in it then.
<lickalott> there is a app (minicomm) that you could've used.
<geekbri> Does anybody know where I can get a list of the AMI ID's for the official ubuntu EC2 instances in the asia-pacific region
<lickalott> geekbri - http://uec-images.ubuntu.com/
<geekbri> lickalott: thanks, love you
<lickalott> np
 * lickalott blushes
<geekbri> hehe
<geekbri> although, the image ID im looking for isn't appearing when i search for it in the gui,, very strange
<geekbri> ami-34295266
<geekbri> oh i take it back :)
<FFForever> Anyone run a pptpd server?
<uvirtbot> New bug: #821605 in samba (main) "package smbclient 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: problemas de dependencias - se deja sin configurar" [Undecided,New] https://launchpad.net/bugs/821605
<RoAkSoAx> lynxman whats up?
<lynxman> RoAkSoAx: naah too late ;)
<lynxman> RoAkSoAx: thanks anyway mate
<RoAkSoAx> lynxmanhehe sorry was running errands
<lynxman> RoAkSoAx: hey no worries at all :)
<uvirtbot> New bug: #821609 in postfix (main) "FTBFS w/ 3.0 linux kernel" [Undecided,In progress] https://launchpad.net/bugs/821609
<Ursinha> Daviey: how often do you need release-bugs.html to be updated?
<jdevel> anyone able to test if a mail server has an open relay?
<rww> http://www.abuse.net/relay.html
<Ursinha> Daviey: http://status.qa.ubuntu.com/reports/ubuntu-server/release-bugs.html
<urosn> hi guys, i need help regarding vmbuild
<urosn> when I want to add a package with -addpkg build just breaks
<jdevel> rww, is that something that can be trusted?
<jdevel>  rww, it looks like they are just doing a telnet test..
<jdevel> haven't found anything much more sophisticated than the link you provided.. thanks though
<urosn> help?
<Daviey> Ursinha: I am still updating it every 4 hours.. that is ample for my needs.
<Daviey> I'll take mine offline and use the team one
<Ursinha> Daviey: yay :) how do you like the table? I have a template exactly as it was before, if you prefer
<Daviey> Ursinha: i did fire a manual update just before the release meeting.. so it's useful if i can still ssh in and update it myself.
<Ursinha> Daviey: it can be updated every five minutes automatically if you want
<Ursinha> takes about three to run
<Daviey> Ursinha: ooo, i like what you have done with it
<Daviey> have you polished up my code?
<Ursinha> Daviey: yes :)
<Daviey> Ursinha: good, it was crap.
<Ursinha> no, I just refactored a bit
<Daviey> Ursinha: For extra brownie points, fancy making a moin output? :)
<Ursinha> sure :)
<Daviey> \o/
<Ursinha> Daviey: as a table or a list?
<Daviey> Ursinha: a list, that i can copy and paste elsewhere.
<Daviey> on the wiki :)
<Ursinha> okay
<Ursinha> Daviey: which wiki page?
<Daviey> Ursinha: TechnicalOverview
<kirkland> zul: ping
<zul> kirkland: yep?
<kirkland> zul: reviewing the openstackx binaries for the new queue
<zul> kirkland: yep
<kirkland> zul: i'm curious why they're not arch=all?
<kirkland> zul: looks like just python libraries -- do you different builds per arch?
<zul> kirkland: they should probably be...i can fix that after
<kirkland> zul: source is accepted
<zul> kirkland: thanks
<kirkland> zul: i'm going to reject the binary;  re-upload the source with that change and i'll accept the new _all.deb binary
<zul> k
<kirkland> zul: https://bugs.launchpad.net/ubuntu/+source/openstackx/+bug/821632 when you're fixing it
<uvirtbot> Launchpad bug 821632 in openstackx ""Architecture: any" when it seems to be Arch independent." [Undecided,New]
 * RoyK listens to Is this desire?
<Ursinha> Daviey: http://status.qa.ubuntu.com/reports/ubuntu-server/release-bugs.txt
<Krakish> Evening
<Krakish> is there any way i can make my ubuntu team speak server wireless access point
<Krakish> when i bridge the wlan with eth0 and i am losing connectivity to the machine via ssh
<Krakish> i want to set up a small wlan behind the machine for less then 5 machines and use same server for VoIP if Team Speak can be called VoIP :)
<Determinist> hello gents. what would be a sensible place to put shared files on a SMB file server?
<KM0201> is there a good way to install webmin on 11.04
<Joeman1> KM0201, Try this - Just googled for it - http://www.ubuntugeek.com/how-to-install-webmin-on-ubuntu-11-04-natty-server.html
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<RoyK> !ebox
<ubottu> zentyal is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/Zentyal (Project formally known as eBox - including in Lucid/10.04).
<KM0201> Joeman1: i found that just a minute ago.
<KM0201> hmm
<KM0201> i have 11.04 though
<RoyK> using 11.04 for a server isn't what I'd recommend unless you need bleeding edge software
<RoyK> 10.04 works and is stable
<Joeman1> KM0201, yeah, that document is for 11.04
<RoyK> !LTS
<ubottu> LTS means Long Term Support. LTS versions of Ubuntu will be supported for 3 years on the desktop, and 5 years on the server. The current LTS version of Ubuntu is !Lucid (Lucid Lynx 10.04)
<KM0201> RoyK: don't need bleeding edge.. i'll go LTS when 12.04 rolls out.
<RoyK> KM0201: why are you using 11.04?
<KM0201> no particular reason, that just what i installed
<RoyK> well, use the LTS releases for servers
<RoyK> they are stable
<RoyK> the non-lts releases tend to be a bit buggy
<KM0201> well, it works fine.
<KM0201> !info ebox
<ubottu> ebox (source: ebox): Zentyal - Core. In component universe, is optional. Version 2.0.16-0ubuntu1 (natty), package size 666 kB, installed size 4040 kB
<cwassant> howdy folks
<cwassant> I am a programmingnub, and I was hoping to learn some php
<cwassant> but i need a server for that...
<cwassant> and i forgot the command that set up the virtual host
<cwassant> ahh nvm
<cwassant> google is your friend
<hallyn> mdeslaur: well, i don't get it.  When I run kvm by hand with the mini.iso and my preseed.cfg, it works.  When I do it through virtinst through vm-new (with mini.iso and my preseed.cfg, or any preseed.cfg i've tried) it asks for my input at partman.
<robbiew> RoAkSoAx: do you know if we still need capistrano in ubuntu-orchestra-client?
<args[0]> I have a 10.04 LTS, can I upgrade to 12.04 LTS using just a couple of commands from Terminal? thanks
<genii-around> args[0]: Yes, after it becomes released.
<Krakish> i missconfigures interfaces file
<rww> 12.04 doesn't exist yet, as it's not currently April 2012, but yes.
<Krakish> and after reboot i am not able to see eth0 when enter ifconfig
<Krakish> i repaired the interfaces file but i am still not able to see eth0
<Krakish> any ideas ?
<args[0]> genii-around: so I don't lose anything, no need to re-install the OS?
<rww> correct
<genii-around> args[0]: Yes, what rww just said
<hggdh> Daviey: I really do not know how to deal with the postinst for cobbler-enroll, there seems to be a lot of internal knowledge needed
<hggdh> Daviey: this is the only thing we are missing, I think. Unfortunately, the most important piece, sorry
<Daviey> hggdh: No, you have done great!  It just needs some banging donk.  We'll see what Colin has to say Monday.
<Daviey> Ursinha: You are my superhero!  The only thing it needs is [Bug:XXXXXX] for moin to render it as a short link
<Ursinha> Daviey: test there, it works now
<Ursinha> it renders already
<Daviey> Ursinha: are you sure?
<Ursinha> I thought that too, then I tested and the [] weren't needed
<Ursinha> Daviey: yes, I've tested on wiki.ubuntu.com
<Daviey> Ursinha: Superduper!  Minor improvement might be to use the syntax to link to lp.person and maybe use moin tabls
<Daviey> tables*
<Daviey> but that really isn't essential, that is great stuff.. Makes reporting much easier.
<Ursinha> Daviey: I'd prefer tables, for sure, but you asked for a list :P
<Daviey> Ursinha: bah, i'm fickle like that.
<Ursinha> lol
<args[0]> genii-around: yes, I know that it is not released yet.. just asking for future reference.
<args[0]> How can I remove files from showing on my /var/www directory listing when accessing it via a browser?
<args[0]> Directories not files
<Daviey> args[0]: Options -Indexes
<args[0]> Daviey: what is that? where?
<args[0]> Daviey: htaccess?
<args[0]> I wan to disable some specific Directories from showing in the auto-generated directory listing
<Daviey> args[0]: why?
<RoAkSoAx> robbiew i havent plated with capistrano but i think that we need to discuss all that next week
<robbiew> cool
<RoAkSoAx> robbiew all the orchestra stuff should be done next week... at least i hope so
<Daviey> args[0]: anyway, you probably want to read up on 'IndexIgnore'
<robbiew> RoAkSoAx: me too ;)
<args[0]> Daviey: I dont want it to show the robot.txt file and some other directories
<RoAkSoAx> but in reality theres just few pieces from the cobbler side and it is basicslly a stock cobbler that we are using
<RoAkSoAx> we do need though to have a wqy to have fobbler be more aware about the status of deployed machines
<RoAkSoAx> robbie ^^
<Daviey> RoAkSoAx: status?
<RoAkSoAx> Daviey status as in deploying runnin off etc
<Daviey> RoAkSoAx: as in | unprovisoned/raw hardware | fresh installed | configured/in use
<RoAkSoAx> Daviey yeah
<Daviey> RoAkSoAx: Yeah, i've been toying with adding fields to cobbler just for that.
<RoAkSoAx> Daviey running install / install finished / etc or dimilar
<RoAkSoAx> Daviey or use mgmt classes
<Daviey> RoAkSoAx: Not thought about 'installed finished' | 'running install' .. but that should be possible with 'seed retrieval' and post-install call home
<Daviey> RoAkSoAx: Not looked at mgmt classes
<RoAkSoAx> Daviey i think it is important to know if it is running install or know when the installation is done
<Daviey> RoAkSoAx: gah, i forgot you were not going to be with us next week.
<RoAkSoAx> theres ways to know though
<RoAkSoAx> Daviey i wont but i will be at the ensemble one so i was planning to fogure things
<RoAkSoAx> out with kirkland
<Daviey> RoAkSoAx: sure.  I'm setting up that cobbler server on Monday in the lab.. hopefully we'll be able to use it constantly, and find weakness points
<kirkland> RoAkSoAx: \o/
<Daviey> james page is probably going to be working with QA to work through using it for contant testing.
<Daviey> (in the QA lab)
<RoAkSoAx> kirkland \o/
<lifeless> hallyn: sorry, was asleep.
<RoAkSoAx> Daviey cool keep.me plsted about the prchestra things u guys think to be in the same page and i will do the same
<Daviey> RoAkSoAx: I think we'll need to all sync up during the week.  Need to work out time overlap for good conference times
<RoAkSoAx> Daviey sure lets talk 9est which is 3 ur time
<RoAkSoAx> or 4
<RoAkSoAx> Daviey i already have a list of things thhat need to be addressed whithin cfobbler for orchestra / ensemble
<Daviey> RoAkSoAx: lists are of more use if shared :)
<RoAkSoAx> Daviey i am preparing the list for monday but will make sure to fordward it ;)
<Daviey> RoAkSoAx: I need to look into management classes, the stuff i was sniffing might be rubbish if it's what we want.
<Daviey> RoAkSoAx: splendid!
<Ursinha> Daviey: http://status.qa.ubuntu.com/reports/ubuntu-server/release-bugs.txt
<Daviey> Ursinha: Great, you know what might be better?  I nice linear list.
<Daviey> </meanie>
<Daviey> Ursinha: seriously, that is really nice
<Ursinha> Daviey: it's updated every five minutes
<Daviey> Ursinha: are you using a cache?
<Ursinha> Daviey: only lplib cache
<Daviey> oh sure
<Daviey> every 5 mins might be a bit excess TBH - i'm probably only going to use the moin output 1-3 times a week
<Ursinha> Daviey: it's generated every time I generate the html report
<Ursinha> it would be more complicated to separate them then to do how I'm doing now :)
<Daviey> ah ok.. Ursinha Great. Stuff.
<Easyish> Hey, I'm trying to get a SSL cert signed by thesslstore.com
<Easyish> But I want it for a subdomain
<Easyish> I'm not sure what I need to do
<Easyish> Has anyone else done this before?
<robbiew> Daviey: https://wiki.ubuntu.com/ServerTeam/Orchestra
<Daviey> Easyish: you need a wildcard cert (hint, expensive) or buy an extra one for that subdomain
<kirkland> robbiew: sweet, thanks, will look
<Daviey> robbiew: Go away, it's the weekend. :P
<robbiew> lol
<Daviey> robbiew: looks good!
<Daviey> end of next week, we'll throw some more love on it.
<Easyish> Daviey: I'm going to use a freebie that they offer
<Easyish> I want to get *\0.mydomain.com  :)
<Daviey> Easyish: good luck with that.
<Easyish> Why not?
<Daviey> Easyish: if it works out, please come back to let us know.
<Easyish> Uhhh, didn't you watch moxie marlinspike at DEFCON?
<Easyish> worked for him
<hallyn> should the order of entries in a  preseed fil matter?
<Easyish> awww crap
<Easyish> My free cert won't let me get a wildcard! =(
<Easyish> apparlly most CA certs have fixed the common name wildcard trick =(
<RoyK> Easyish: most CA authorities charge rather a lot, ye
<RoyK> Easyish: most CA authorities charge rather a lot, yes
<Daviey> Easyish: I thought it was unlikely :(
<Daviey> Easyish: It will be cheaper to buy a second ssl cert.
<hallyn> mdeslaur: vm-new -t mini is working for me.  It auto-fetches the mini iso if not already there (that's really my motivation here :)  But I can't seem to request a merge against the ubuntu-qa-tools trunk
<hallyn> mdeslaur: https://code.launchpad.net/~serge-hallyn/%2Bjunk/ubuntu-qa-tools/  has my code
<hallyn> only vm-new was changed
 * hallyn sneaks out
#ubuntu-server 2011-08-06
<args[0]> I need to rsync files between my server and my own machine once every 6hrs, how can I pass the password since this will be handled by a cron?
<mdeslaur> hallyn: thanks! I'll give it a look this we
<baffle> I'm trying to rewrite payload-packets from a tftpd-server, anyone have any hints? The tftp-client will connect from random hiport (ex: 2000) to tftpd at port 69. TFTP will then send payload from ports 1400:1499 to the random client highport. The problem is that this doesn't pass a NAT-firewall on the client side.
<baffle> I've tried the following IPtable rule: iptables -t nat -A POSTROUTING -p udp --sport 1400:1499 -j SNAT --to-source :69
<mdeslaur> hallyn: oooh! putting the latecommand.sh in the initrd is a great idea
<baffle> But it doesn't work. If I set SNAT to "--to-source :70", it will work, except that replies will come from port 70, not port 69, and thus will not pass the firewall. It seems no packets will flow if I rewrite to sorceport 69.
<mdeslaur> hallyn: If you don't mind, I'm going to start by trying to not repack the isos, and then I'll incorporate your changes, but will make most of them apply to the other install types as well
<baffle> Any ideas?
<mdeslaur> hallyn: thanks for all of that, lots of great stuff there
<baffle> args[0]: You don't, you use public/private ssh keys either without a password, or with the password inside an ssh-agent.
<hallyn> mdeslaur: cool, thx.  give the credit to smoser, i only spent a few hours figuring out that i needed to rip off his idea :)
<hallyn> i'll be offline most of weekend, ttyl
<hallyn> oh, actually - it did occur to me that it would probably work just as well to hack initrd's /init to modprobe iso, mount /cdrom, and then proceed as the others do.  Dunno which is cleaner.
<swimfins> busy night?
<swimfins> I ran an install of 10.10 LTS and everything seemed okay until I rebooted. I'm getting an (initramfs) prompt.  Any ideas?
<swimfins> Ahhh huhuh... is this thing on?
<patdk-lap> sounds like it can't locate your root drive
<swimfins> right, I can boot with the cd into recovery and I can get to the partition
<swimfins> Been working on this for a couple weeks now.  When I go to 11.04, it won't see the dirves at all
<jmarsden> swimfins: So, what strange disk controller does your server have in it?
<swimfins> I'm sure it's a SCSI issue, but I don't know how to troubleshoot it from here.
<swimfins> Its an LSI MPT Fusion
<swimfins> I found lots of posts on google, but nothing that helped.
<patdk-lap> what model?
<swimfins> 1030
<patdk-lap> ah a lsi 1030
<swimfins> ha, you've stepped in this before?
<patdk-lap> don't have that one, I have a machine with an 3008 in it, it works fine
<swimfins> strange thing is that it installs just fine. it just won't boot
<patdk-lap> I have seen a few times here the system forgets what driver it needs
<patdk-lap> if you can boot using a cd, to get into the install
<patdk-lap> try adding the modules needed to /etc/initramfs-tools/modules
<swimfins> once it boots go to busybox with alt-F2?
<patdk-lap> dunno what that is
<swimfins> before it checks for hardware?
<swimfins> I thought you meant during the install
<swimfins> boot into the recovery and modify the /modules?
<patdk-lap> na
<patdk-lap> hmm, I can only find into up to kernel 2.6.23
<swimfins> I think I'm at 2.6.23-33
<patdk-lap> mptsas module
<patdk-lap> you should be on 2.6.32 for lucid
<swimfins> my mistake
<swimfins> will the mptsas work for scsi?
<patdk-lap> you don't have sas?
<swimfins> no, it's scsi
<patdk-lap> actually here you go
<patdk-lap> bug #579572
<uvirtbot> Launchpad bug 579572 in linux "Lucid: Gave up waiting for root device (mptsas) resolved by rootdelay" [Undecided,Confirmed] https://launchpad.net/bugs/579572
<swimfins> booting to rescue to try.
<swimfins> nope, I modified the /etc/defaullt/grub and did update-grub and it still does the same thing
<jmarsden> swimfins: Just in case, wait 3 minutes at the initramfs shell prompt and then type exit and see if it then boots?
<jmarsden> Otherwise you will want to look for other info about what is happening, either on screen or in log files, to troubleshoot this further, I think.
<swimfins> yes, it boots.
<swimfins> to x but it boots
<swimfins> do I need to extend the rootdelay?
<jmarsden> Sounds like it to me.  Try 180 which is 3 minutes
<jmarsden> Wait... this is a server install, and it boots to X ?  A server install doesn't *install* X by default... ?
<swimfins> That's what I thought
<jmarsden> Sounds like you used a Desktop CD by accident?
<swimfins> the last install I did was from the alternate cd
<jmarsden> alternace CD is a desktop image.
<swimfins> my bad, I'll have to reinstall
<swimfins> I'll try the rootdelay first.
<swimfins> there is still a disk problem because it tells me I only have 2GB left in /
<swimfins> it's like a 40Gb raid partition
<swimfins> it's like its booting to the wrong partition
<swimfins> so the boot was ugly and it looked like it was going back to the initramfs prompt, but it did eventually boot
<swimfins> you rock jmarsden
<jmarsden> You're welcome.  OK, so now you have a running system which you can use to debug/troubleshoot further with if you need to do that.
<swimfins> yep
<swimfins> just need to figure out why the partition is not right.  Maybe I need to do a manual part instead of the guided with LVM?
<jmarsden> It should work either way.  But since you will reinstall anyway to get server not desktop, you can test that as part of the reinstall.
<swimfins> Thanks again for the help.
<jmarsden> You're welcome.
<swimfins> looks like what I needed to do was to delete all existing partitions first.
<swimfins> for some reason I thought a fresh install would do that.
<DanaG> okay, finally got the stupid remote to pair with forked-daapd.
<swimfins> jmarsden, it's an ugly boot with lots of failures and nasty messages, but it eventually boots
<jmarsden> OK.  You can pastebin logs of the ugly msgs and ask for help with them if you need to.  At least you have a bootable Ubuntu server now :)
<swimfins> it looks like its about to go to the initramfs prompt when the screen blinks and it goes to a login prompt
<swimfins> you rock
<swimfins> by he way
<swimfins> the
<jmarsden> :)  Thanks.
<uvirtbot> New bug: #821830 in postfix (main) "package postfix 2.8.2-1ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/821830
<Guest21798> which has more features and which is more easy to install and handle? drupal, elgg, or wordpress/buddy press ? any suggestions please.?
<uvirtbot> New bug: #821840 in samba (main) "package samba-common-bin 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: AbhÃ¤ngigkeitsprobleme - verbleibt unkonfiguriert" [Undecided,New] https://launchpad.net/bugs/821840
<jared555> Does anyone know if it is possible to configure dhcpd to handle a dynamic 6to4 IPv6 address (comcast); or would I have to either use scripts to generate the config file or use something like he tunnelbroker?
<Guest21798> i have heard buddypress cannot work for heavy load. or not suitable for facebook similer social networking sites as contrasted to drupal ?
<bernhard1> when i boot the server cd 11.4 in rescue mode to be able to make an image with DD the prompt has only a few commands: i need to be able to see the harddrives first to see which to clone to which drive.
<bernhard1> booted with knoppix and through fdisk -l i see my two disks. i want to clone the installed disk to the other disk with dd. But how do i know which is the empty disk ?
<bernhard1> On disk /dev/sda it says.. doesnt contain a valid partition table..
<patdk-lap> so?
<patdk-lap> what one did you want to clone from?
<patdk-lap> sda? or sdb?
<bernhard1> thats my question. how can i see which is the drive i want to clone when they are unmounted ? they have the same size..
<patdk-lap> serial number? model number?
<patdk-lap> checking what one is configured with fdisk?
<StevenR> bernhard1: does fdisk -l show you what you need?
<StevenR> or at least enough to identify
<StevenR> why do you want to clone with dd ?
<bernhard1> those disks are identical 300gb velociraptor. On one is my server install. i want to clone that to the second disk.
<bernhard1> when i use fdsk -l i get sda and sdb but with same details
<bernhard1> only on sda it says that it does not contain a valid partition table.
<StevenR> bernhard1: that's not the same then
<StevenR> but still, why do you want to do this?
<StevenR> if you know physically which disk is which, you could use the serial numbers to tell them apart, and look at dmesg or maybe fdisk -l to work out which is which
<patdk-lap> hmm :(
<patdk-lap> 24 port 10gig switch is 8k :(
<bernhard1> i want to clone disk to have a spare disk which can boot my same server (for instance disk is broken. Then i have a spare working one.
<bernhard1> oke i found out which is which.. the one whith indentifier 0000 is the empty disk it also gives the message doesnt contain valid partition table.
<patdk-lap> dd if=/dev/sdb of=/dev/sda bs=1M
<patdk-lap> still seems alittle pointless though
<bernhard1> so my empty disk is sda and my installed disk (source) is sdb
<patdk-lap> your going have to keep them updated somehow
<bernhard1> thats true.. but when the disk is broken i have still got a working disk and i can do this one a month for instance..
<bernhard1> sda is empty sdb = server
<bernhard1> commando: dd if/dev/sdb of=/dev/sda                 is correct?
<patdk-lap> that will take all day
<patdk-lap> use the command I said
<bernhard1> bs=4m not better
<bernhard1> ?
<patdk-lap> technically, anything larger than 64k is likely to not matter
<uvirtbot> New bug: #821963 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/821963
<cjs226> i have ubuntu-desktop 11.04 installed in a vm i'm using to tinker with. Â how can i disable X from starting? Â google's not returning working solutions
<bernhard1> when ubuntu server boot it gives some choices to boot: recovery mode etc. How can i disable these choices and make it just boot the ubuntu server?   (i noticed that it does not have the countdown and booting unbuntu normally when i make the boot partition read only).
<Patrickdk> anyone know a commandline utility I can use to generate $6$ type hashs?
<philipballew> if i want to accsess a server via ssh from outside the network do I type "ssh domain computer name@user" ?
<Patrickdk> ssh user@servername
#ubuntu-server 2011-08-07
<RoAkSoAx> kirkland: ping?
<KM0201> riddle me this:  My NAS, I can access the samba share no problem at all.  I can reboot the NAS 50x, no problem... Give it a second, and I can get right back on my shares... the second I reboot my Laptop (running lubuntu 11.04).. i can't access the share... i can browse to it, then I get failed to retrieve list from server, specified location is not mounted, but when i ssh my server, the location is mounted
<swimfins> dns?
<KM0201> i honestly don't know.
<KM0201> clarify your question, and i'll try to answer it
<swimfins> did you try accessing via ip address or dns name?
<KM0201> um, i just go to Networks, Navigate to my Share, and then click on the folderr, and i get the message above, so I assume, DNS name is the answer you're looking for
<KM0201> the strange thing is.. it sees the server, and it lets me double click the server name, but as soon as i try to access a folder, i get the not mounted, etc.. error
<KM0201> how would i access the share via IP?
<swimfins> so when you reboot your laptop, all other clients can't access?
<KM0201> i've honestly not checked other clients, when I reboot my Laptop, i can no longer access the samba share, even though i can browse to the "Top" folder, then i get the message its not mounted
<KM0201> lemme see if one of the other machines can real quick.
<swimfins> on ubuntu, I suppose that you could do the equivalent of a mapped drive for samba access
<KM0201> how would i do that?
<swimfins> when does it let you back on, or does it at all?
<KM0201> it doesn't
<KM0201> thats the thing
<swimfins> I'm not sure, one sec
<KM0201> ok.. appreciate the help by the way
<KM0201> lemme go see if i can get on from another pc, brb
<swimfins> okay.
<KM0201> now this is weird, all of a sudden, its letting me on the share
<swimfins> strange
<KM0201> i bet mmy server has been on like 15min
<KM0201> *sorry, laptop
<swimfins> to see what shares are available, you would use the smbclient command.
<swimfins> /usr/bin/smbclient -L host
<KM0201> on the server, or host?
<swimfins> after a reboot, try by hostname and then by ip address
<swimfins> you might just need to add an entry to /etc/hosts
<swimfins> on the laptop
<KM0201> Connection to host failed (Error NT_STATUS_BAD_NETWORK_NAME
<swimfins> it could also be that it took that long in order for the nas to advertize
<KM0201> i just got that, but i can browse the share no problem
<KM0201> 20min?
<swimfins> no, it shouldn't... what kind of nas?
<KM0201> it's just a box i built
<swimfins> ok
<swimfins> did you try with the ip address?
<KM0201> so /usr/bin/smbclient -L ipaddress    right?
<swimfins> yes
<KM0201> session setup failed: NT_STATUS_LOGON_FAILURE
<elz89> Anyone here know anything of fuppes. I have used it as part of FreeNAS, but now I run ubuntu on almost everything in my home network, but I can't get 'fuppes' working from the GetDeb Apps PPA? I'm not sure what information I would need to provide in order to help diagnose the problem. I have tried looking for log files but no luck.
<ScottK> elz89: You should ask someone from getdeb.  Their package aren't done by the Ubuntu developers.
<KM0201> swimfins: now why would i get that error, if i'm not having trouble browsing/usign the share.. once it finally got on, i can watch a movie on the share, etc.
<swimfins> not sure, I just figured that should work.  Does your client have an lmhosts file?
<swimfins> what client is it?
<KM0201> it should i would imagine, where is that located on ubuntU?
<swimfins> sorry, kind of rusty here, one second.
<KM0201> swimfins: someone juts suggested something to me, i wanna see if thats part of the issue, brb, gonna start my laptop.
<swimfins> any luck?
<elz89> ScottK: Do they have a channel?
<KM0201> now that was interesting
<elz89> found it :-)
<KM0201> someone in another channel, suggested it might be because I have Guest set to "YES" rather than requiring someone to log on to the share (password/username)
<KM0201> so i edited smb.conf, changed that to no, restarted samba on the server, then restarted my laptp
<KM0201> and i'll be darned, i got on in 5sec
<swimfins> excellent
<KM0201> but.. why would tha tdo that?
<swimfins> because it was confused as to how you wanted to login
<swimfins> just a guess
<KM0201> hm
<KM0201> any idea on what i could change, to allow me "Guest" login? is that sometihng in smb.conf
<Patrickdk> something with you somehow
<Patrickdk> I have guest in many shares, and it works ok
<KM0201> Patrickdk: yeah.. i'm not disputing that
<swimfins> both guest and credentials at the same time?  Is that what I heard?
<Patrickdk> yep
<Patrickdk> on mine, users get read/write, guest gets read only
 * elz89 thinks #getdeb is a little too quiet to get an answer before bed :-(
<jmarsden> KM0201: If you do something like      egrep -v '^#|^;|^ *$' /etc/samba/smb.conf |pastebinit -b http://paste.ubuntu.com      others could see your smb.conf and might have more clue what you are doing differently?
<KM0201> jmarsden: yeah, i'm getting ready to pastebin it now
<KM0201> http://pastebin.com/mRGsRpVN\
<KM0201> woops
<KM0201> http://pastebin.com/mRGsRpVN
<KM0201> loose the last \  sorry
<KM0201> jmarsden: when i set guest ok=   to no.. it seems to have resolved the problem, but then of course, everyone needs a password to access the share.
<jmarsden> Are both server and client in the same workgroup (MSHOME) ?
<KM0201> negative
<KM0201> at least i don't think my client is in HOME
<KM0201> how would i check the work group my laptop is under?
<KM0201> nothing revvealing in smb.conf?
<jmarsden> well, I don't like the force user stuff, but I don't think that should be causing the issue with guests...
<KM0201> jmarsden: i just went off a "samba walkthrough" i read, and it said to use that.
<KM0201> so i did.
<jmarsden> Why do people so often follow random documents from the web...?  man smb.conf, read the official Samba docs, learn this stuff, *then* set it up when you know what you are doing :)
<KM0201> jmarsden: well, unfortunately, i was kinda pushed into learning ubuntu server, so..
<jmarsden> So now setlle down and take your time and learn it right :)
<KM0201> i probably will, i might even buy a NAS solution, i didn't like the idea of that, but maybe its a better idea.
<jmarsden> Time for me to go eat, back later...
<KM0201> later
<KM0201> naslite is only $30....
<lickalott> KM0201 do you have an actual account named guest?
<KM0201> lickalott: negative.
<lickalott> lemme check something
<KM0201> k.. appreciated
<lickalott> have you connected/used successfully with anyone yet?
<KM0201> lickalott: not really sure i understand that question
<KM0201> oh have i connected to the server?
<KM0201> yes, i'm connected right now.
<lickalott> as?
<lickalott> which user?
<KM0201> the default username i created on the server
<KM0201> "joe" in that smb.conf
<lickalott> cat /etc/samba/smbusers
<lickalott> what does that say?
<KM0201> hmm, no such file or directory
<KM0201> but i know i added "joe" to the samba users group
<lickalott> where is your smb.conf?
<KM0201> /etc/samba/smb.conf
<lickalott> k
<lickalott> are you pretty good with vi/
<lickalott> ?
<TheEvilPhoenix> if not vi, then nano :P
<KM0201> ah, i use nano.. ? never really used vi
<KM0201> i'm ok w/ nano.
<lickalott> not sure how to search with nano.   open that smb.conf and search for "usershare  allow guests"
<KM0201> not htere
<KM0201> *there
<lickalott> ?
<KM0201> there is no "usershare allow guests" there
<KM0201> in my smb.conf
<KM0201> i pastebin'd my smb.conf above
<lickalott> http://pastebin.com/mRGsRpVN ?
<KM0201> correct
<KM0201> i don't see usershare allow guests
<lickalott> [NAS]
<lickalott>     path = /media/NAS
<lickalott>     browseable = yes
<lickalott>     read only = no
<lickalott>     guest ok = no
<lickalott>     create mask = 0644
<lickalott>     directory mask = 0755
<lickalott>     force user = joe
<lickalott>     force group = joe
<KM0201> unless you mean the "guest ok = no" at the bottom
<lickalott> have you changed that to yest?
<lickalott> *yes?
<KM0201> ok, well yes, i know thats there.. that seems to be what was causing my original problem.. i had it set to Yes, and it would take like 20min for my laptop to have access to the share.
<lickalott> this is all i have for one of my shares - [SDA_STORAGE]
<lickalott> path = /SDA_STORAGE
<lickalott> available = yes
<lickalott> valid users = weed
<lickalott> read only = no
<lickalott> browsable = yes
<lickalott> public = yes
<lickalott> writable = yes
<KM0201> yeah, jmarsden didn't like the force user/group either, i just was going off a walkthrough with it.
<KM0201> lemme change that, see if it changes everything upon reboot
<KM0201> brb
<lickalott> no need to reboot
<lickalott> just stop and restart the process/service
<KM0201> lickalott: well, the problem would manifest itself, when i rebooted my laptop
<FFForever> Anyone in here running a pptpd server? I can't seem to make any external network calls
<KM0201> i could start/samba a million times, or rebooot the server, and it would b efine, this issue would occur, when i rebooted my server
<KM0201> brb
<KM0201> hmm, well, that seems to work about the same (still requires me to enter my server username/password)
<KM0201> thats really no big deal though, i can set up other users, i guess.
<KM0201> just i have family that remembering a password is an exercise in futility
<KM0201> and there's nothing on the NAS i'm trying to hide (just movies, family pics, videos, etc.)
<KM0201> lickalott: any other ideas?
<lickalott> nah man.  I always authenticate.  Just security conscience i guess
<KM0201> yeah
<pukeko> i have a lucid desktop and need to configure rdesktop to it on a non-standard port -- id there a config file for it ( the GUI seems to lack the option to set the port )?
<\DSAFEW\> Can anyone please link me to a good image for VMware?
<elz89> \DSAFEW\: what exactly are you looking for?
<\DSAFEW\> I'm fine with virtualbox vms too if those would be available
<\DSAFEW\> a new install for VMware player or workstation
<\DSAFEW\> this is for a friend and we want to do this quickly, so installing from CD isn't really ideal
<\DSAFEW\> I found a VM for ubuntu 9, but that is a bit too old for my taste
<uvirtbot> New bug: #822142 in openvswitch (universe) "package openvswitch-controller 1.1.0~pre2.g2.ea763e0e-1ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/822142
<elz89> \DSAFEW\: could use unetbootin?
<pukeko> surely it does'nt take that long to create a minimal ubuntu-server VM in VBox
<Xptical> Hi all.  New server admin here.  I got a static IP address and a vanity domain name.  I'd like some ideas on what to do next.
<Xptical> Run a simple server with wordpress?
<pukeko> lock it down
<Xptical> lol
<Xptical> right now, my router isn't forwarding anything
<elz89> Xptical: http://www.cyberciti.biz/tips/linux-security.html
<pukeko> install midnight commander
<\DSAFEW\> ahh I'm gonna try http://mirrorhosts.com/downloads/vmplanet/VMplanet-Ubuntu11.04 thanks for your time
<Xptical> elz89  Thanks for the link.  I'm a network engineer, mostly working on cisco kit.  So I'm not looking for a nitty-gritty how to not be a newb thing.  I'm more or less looking for over-arching ideas on what to do with my new-found power...
<Xptical> At the very least, I want a www server and possibly a MySQL server.
<pukeko> don't trust anything you have'nt "built" yourself
<Demosthenes> so, squid. content filtering. what's a good option?
<Demosthenes> squidguard crashed under my testing :P
<Xptical> I'm reading over "the perfect setup" article now. But I really don't know if I need ISPConfig and all...
<Demosthenes> Xptical: bastille.
<Xptical> again, not really what I'm looking for.  I can deal with the details of hardening and such.  Just wondering about good ideas like email, personal website, etc...
<Xptical> Anyone ever worked with gmail for domains?>
<Delerium_> Xptical, First of all... think about what your needs are...
<Xptical> well, I'm a heavy google user.  Google docs, gmail, google calendar.
<Xptical> I'd like to be able to send and receive mail at my domain.
<Xptical> I'd like a personal blog
<Xptical> and I'd like a professional site for advertising my services
<Xptical> as of now, I have a bone-stock Ubuntu 11.04 server with SSH added
<Xptical> and a static IP set
<Delerium_> Xptical, And a a DNS domain pointing to your static IP?
<elz89> I am in a similar situation to Xptical, but I don't have a static ip. Instead i have my domain forwarded to a dyndns address.
<Xptical> Godaddy has a single A record pointing to my IP and a CNAME for www pointing to @ (or the a-record)
<Delerium_> Xptical, And this server is at home?  If so, be sure your ISP is not blocking some ports
<Xptical> It's at home, but it's a business connection.  ATM, I think the only thing blocked is outbound SMTP
<Xptical> for obvious resons
<Xptical> reasons
<Xptical> But a simple phone call will open that port
<Delerium_> Indeed, Xptical, so, maybe you should setup a simple website at first to sea if DNS / IP works well
<Delerium_> errr... see
<Xptical> already tested it
<Xptical> I installed ubuntu in a VM and used the "perfect setup" guide to install some crap.  I could see it internally and from an external network
<Delerium_> Personally I'm using Zimbra for my mail (in and out) .. works pretty well
<Xptical> I think my main concerns are sftp and https
<Xptical> with self-signes certs, of course
<Xptical> also, I'm about 8 shots into a bottle of absolute, so forgive any spelling errors
<Xptical> :0
<Delerium_> Xptical, indeed, but for a personnal server, would it be that bad to have a Self-Sign cert?
<Xptical> not at all
<Delerium_> Xptical, And about done with my bottle of Wine ;)
<Xptical> A personal CMS that cross-posts to FB and Google+ would be nice...
<Delerium_> Xptical, I can't help there... I don't use FB and Google+
<Xptical> yeppers
<rww> There's no API to post to Google+.
<Delerium_> I'm not into social network very much
<Xptical> I'm moving away from it, but I still keep them to connect with professional friends
<Xptical> and mom....
<Delerium_> I prefer to use LinkedIn for pro connection
<Delerium_> But I guess your Mom is not on LinkedIn ;) :)
<Xptical> if she was, it'd be a sure sign that it's jumped the shark week...
<Xptical> Should I tell my router to respond to ping?
<Xptical> and what the hell is apparmour
<jmarsden> Xptical: Only if you want to ping it :)
<jmarsden> http://en.wikipedia.org/wiki/AppArmor
<Xptical> Yeah.  I don't think there are any down-sides to ICMP
<Delerium_> Got paged ... Gotta go guys... bbl
<Xptical> I hate getting paged.  Haven't been on call over the last 6 months though.
<Xptical> My minions are taking care of it
<jmarsden> Xptical: Why aren't your minions setting up your router and server for you too? :)
<Xptical> Overtime pay is hell... :)
<elz89> Anyone here have any experience with 'fuppes' on ubuntu server?
<lickalott> not me elz89
<cismo> Is someone available to help me on how to configure a Wireless usb adapter in Ubuntu server 10.4?
<jmarsden> cismo: I have not done this, but http://paste.ubuntu.com/660275/ has info on the two files you need to set up, I think I got it from twb, who frequents this channel.
<cismo> jmarsden: I'll try that. Thanks for the tip
<jmarsden> cismo: You're welcome.
<args[0]> Hi guys, what do you suggest as a cheap and 'considerably good' VPS? I need it for personal use and nothing more
<jmarsden> args[0]: Many folks like linode.com -- I don't use them myself though.
<jmarsden> However, this is offtopic for #ubuntu-server.
<args[0]> jmarsden: where is a good channel for this?
<jmarsden> args[0]: Not sure... freenode is more about working with and supporting free software than choosing a provider...
<args[0]> jmarsden: no doubt, thanks for your answer will check linode
<jmarsden> args[0]: You're welcome.  Maybe #servergeeks would be a place to ask?
<args[0]> jmarsden: yep, seems that's a good place. thanks again.
<jane--> hi, if i have a domain withsome registrar like godaddy.com and i want to shift to a new local registrar in my place (after or before a year) is it possible?
<jmarsden> jane--: Not exactly a ubuntu-server question, but yes, you can transfer domains from one registrar to another.  Exact process depends on the registrars concerned, but it's not supposed to be difficult to do.
<jane--> jmarsden how will the new registrar confirm that iam a legitimate user? and how the old registrar be satisfied that its me who changed the domain registrar?
<jmarsden> jane--: This is *not* a ubuntu-server question... please try to stay on topic here.  Only you have the login for the old registrars system.  So you can prove you are you to them.  You can set the status of your domain to allow transfer requests, then use your new account at the new registrat to make a transfer request.  Most likely you will get email from the old registrar for extra confirmation you are allowing the change, and then... it
<jmarsden>  happens.
<jmarsden> All the details vary, depending on what "security" measures the two (mainly the old) registrar have put in place.
<jmarsden> But it is after midnight here, so I'm off to bed... :)
<jane--> thx
<jane--> is it a good practice (if you dont find your desiredname.com to register as desired-name.com) with an -   ?
<wrtiii> Any large changes for a small home based server between 10.04 LTS and 11.04 versions that I should take into consideration before removing 11.04 to switch to the LTS version?
<wrtiii> I have installed 2 x 160 GB Sata Drives in my server. My intention is to use clonezilla to create an image of the primary drive on the second drive once I have my installation stable but before I attempt anything new.  Is clonezilla the best route for this?  Is there a way to have the drive in the system at all times but have linux not recognize/mount? it as to ensure there is noway that
<wrtiii> disk could get corrupted but still have it easily accesible when I boot to clonezilla for either restoring or saving an image?
<_johnny> i'm trying to have a crontab job running the first wednesday of the month. some say you can't do this, but what about setting month to *, day of month to 1-7, day of week to 3 fix this? (as the first wednesday could be anywhere from the 1st to the 7th)
<_johnny> or would it also be triggered the other days?
<_johnny> can anyone tell me how disk size works in a software raid 5 (mdadm)? say i buy another disk and want to add it. if it's the same model i'd think nothing of it, just wondering.. if it's a differend brand and the size is slightlight higher/lower than the others, what would happen?
<patdk-lap> it would or wouldn't work :)
<patdk-lap> it must always be the same or larger
<patdk-lap> so if your paranoid about that, you should normally subtract 1% or so of the disk size when you create the partition mdadm uses
<RoyK> _johnny: if it's smaller, it won't work. if it's larger, it will work
<RoyK> _johnny: but new drives have standardised sizes - older/smaller drives may vary a bit
<_johnny> thanks guys
<_johnny> so it would basically just tell me i can't add it
<_johnny> right?
<_johnny> and similarly if i add a drive which is twice the size, it'd only utilize half of it (short of parititioning etc)
<RoyK> right
<_johnny> ok, thanks :)
<RoyK> also, if you have a RAID with 1TB drives and replace them with 2TB drives, you should be able to grow the RAID
<patdk-lap> after all are replaced
<RoyK> yeah
<patdk-lap> until they are all replaced, it's just dead space that can't be used (without partitioning), but then if you partition it, you couldn't grow it
<RoyK> I wouldn't recommend using partitions for a data RAID
 * patdk-lap wonders about doing a raid 15
<RoyK> patdk-lap: paranoid? :)
<patdk-lap> beening thinking about putting my mailstore on it
<patdk-lap> royk, alittle
<patdk-lap> it's not going be very accessable
<RoyK> striped 3-way mirrors? :D
<patdk-lap> I figured that would be very bad write performance
<patdk-lap> and the mailstore needs good random write
<RoyK> striped mirrors is good for random i/o
 * RoyK installed a new server some months back with 14 1TB drives in striped mirrors on ZFS
<RoyK> that server rocks
<patdk-lap> ya, looking at doing this on 14 drives
<patdk-lap> with 2 hot spares
<RoyK> that's what I have too
<RoyK> and some SSDs for caching...
<RoyK> not linux, though
 * patdk-lap would really love to put btrfs on it
<patdk-lap> haven't played with that since maverick beta's
<patdk-lap> wonder if it's made progress
<RoyK> not much
<RoyK> still no fsck
<RoyK> so it's not really safe
<patdk-lap> mine worked good for many months, ever from random power outages and stuff
<patdk-lap> then just wouldn't work at all one day
<RoyK> patdk-lap: played with zfs yet?
<RoyK> we're using openindiana for storage these days
<RoyK> rock stable and quite admin-friendly (although, yes, it's solaris, so it's a bit different from linux)
<RoyK> just don't try to use WD desktop drives on a SAS expander
<RoyK> just DON'T
<RoyK> seems WD at some point decided to make their desktop drive's firmware incompatible with RAID systems and even SAS attachment
<RoyK> that point being about a year ago
<_johnny> RoyK: heh, i'll keep that in mind ;)
<_johnny> and yeah zfs is awesome
<_johnny> patdk-lap: how would replacing like that work? i "simulate" a dead drive, by simply replacing one and have it rebuild, then replace another, rebuild, repeat?
<RoyK> _johnny: we're replacing 24 WD drives these days - if that solve our problems, we'll replace another 160 2TB drives soon :P
<_johnny> by this approach? not to sound wisecracking, but hotswap anyone? :D
<_johnny> the reason i'm asking is, i have 5 slots, so offline is not a big deal for me. just wondering if that's how you'd go about replacing (or how _I_'d go about it anyway)
<RoyK> you get hotswap chassises for internal mounting (3 x 5 1/4" slots) quite cheap
<RoyK> and for hotswap to work, you need a sata controller with hotswap abilities
<RoyK> and hotswap support in the driver..
<bernhard1> After installing Ubuntu 11.4 server i get errors when booting. I have this issue on several disks (new and old one). It gives errors on the filesystem /boot . rdev/sda1 mountall fsck /boot [344] terminated with status 1 then: cannot write bytes: broke pipe (many times)then it boots to prompt and i can login: So i repair the hd with Knoppix cd. It says the /boot was unmounted not not
<bernhard1> cleanly. then it repairs. When i repair sda1 with the knoppix cd with the command fsck /dev/sda1 it is fixed. So the server boots fine. But once the server is shutdown once it will startup again with these same message: mountall fsck /boot [344] terminated with status 1 cannot write bytes: broke pipe Any clue how i can fix this ????
<RoyK> _johnny: http://cgi.ebay.com/Lsi-Logic-SAS-3081E-R-Sas-Raid-Controller-PCI-E-/110723040207?pt=AU_Computer_Components_Controller_Cards&hash=item19c79b83cf <-- something like that :P
<_johnny> i haven't even begun to look at raid controllers yet - partially because i have no pci/pci-e support in my current server :p
<_johnny> just finished sync check. no errors. yay
<RoyK> _johnny: neither pci nor pci-e?
<_johnny> it's a small media center. just usb and e-sata
<RoyK> k
<pukeko>  hi - i have been migrating users to a new ubuntu server -- moved smb.conf and smbpasswd but am having problems connecting as a "user" -- getting check_ntlm_password errors in the logs ... is there some other file i need to migrate ?
<RoyK> _johnny: not quite your average SC847 :P
<RoyK> pukeko: can you pastebin the logs, please?
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
 * pukeko is typing
<Doonz> hey guys. I have a Hardware Raid Array that was 9tb. I expanded it to 12tb. How do I go about formatting the last 3TB into its own partition. This has to be done through the cli
<pukeko> if i do a smbpasswd -a and reenter the smb passwd its cool , but i don't want to do that for all my users
<RoyK> Doonz: if you have an ext[234] filesystem on it, just resize2fs
<RoyK> Doonz: if you have a partition on it with a filesystem, that partition needs to be extended first
<StevenR> RoyK: "own partition"
<RoyK> own?
<Doonz> yeah
<StevenR> Doonz: you want a new partition for that 3TB, rather than extending the existing?
<Doonz> Steven i tried extending using gparted through the live cd
<RoyK> Doonz: do you have a partition table on that raid?
<Doonz> and it failed
<StevenR> fdisk -l /dev/raiddevicenamehere in a pastebin please
<Doonz> http://pastebin.com/8SfFsaUX
<StevenR> are you using LVM?
<Doonz> not on that drive
<Doonz> sda is an lvm drive
<RoyK> Doonz: you'll need to extend the partition or create a new partition for the new data
<RoyK> Doonz: that should be possible with parted and possibly with gparted (but as you said, it failed). Before using parted, make sure you have a good backup, in case something goes bad
<Doonz> yeah im going to have to wait till i get home
<Doonz> i have a new 12tb array that im going to bring online when the cable get hear so i can make a back up of the current array to it
<ScottK> elz89: No idea.
<sw0rdfish> is this the best way to join two .avi files in a vps, guys?
<sw0rdfish> http://ubuntuhowtos.com/howtos/merge_avi_files_with_mencoder
<sw0rdfish> using mencoder?
<beric> Hello. I need help with remastering the installation. I need to have sun-java6-jdk preinstalled but can't find a decent way to enable the partner repository. Can anyone tell me how to do it ?
<RoyK> sw0rdfish: I guess both mencoder and ffmpeg could do the job
<sw0rdfish> RoyK, well when I googled "merging .avi files ubuntu" mencoder showed up at the top and it looks fairly simple to use :)
<RoyK> mencoder is a bit more userfriendly than ffmpeg, yes
<josePhoenix> Hello all
<sw0rdfish> hi
<josePhoenix> How can I install PHP without installing apache2? I tried --no-install-recommends but it still wants to install apache2
<sw0rdfish> I think sudo apt-get install php5 should do it
<sw0rdfish>  and do you really want to avoid installing apache2?
<sw0rdfish> josePhoenix, ^^
<josePhoenix> Yes, I'm not using apache2
<josePhoenix> When I try apt-get install php5 it says it will also install "apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common libapache2-mod-php5"
<josePhoenix> Ah, installing php5-cli seems to do it
<sw0rdfish> really
<sw0rdfish> ask in #ubuntu and #php too
<sw0rdfish> i'm not a pro really
<josePhoenix> now to get php5-fpm pools spawning by individual users instead of being centrally managed...
<JRWR> on Ubuntu 10.04.3 LTS, I would like to strip out (configs also) of all packages there where not in the base install of ubuntu, also to reset all other config files to defaults as well (Its on a VPS) - I wish to do this to get a clean start on a new project, without having to bug the BOFH
<uvirtbot> New bug: #822329 in samba (main) "package winbind 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 255" [Undecided,New] https://launchpad.net/bugs/822329
<uvirtbot> New bug: #822361 in postfix (main) "package postfix-pcre 2.8.3-1ubuntu1 failed to install/upgrade: a tentar sobre-escrever '/usr/share/apport/package-hooks/source_postfix.py', que tambÃ©m estÃ¡ no pacote postfix-cdb 2.8.3-1ubuntu1" [Undecided,New] https://launchpad.net/bugs/822361
<uvirtbot> New bug: #822362 in postfix (main) "package postfix-cdb (not installed) failed to install/upgrade: a tentar sobre-escrever '/usr/share/apport/package-hooks/source_postfix.py', que tambÃ©m estÃ¡ no pacote postfix-pcre 2.8.3-1ubuntu1" [Undecided,New] https://launchpad.net/bugs/822362
<uvirtbot> New bug: #822364 in postfix (main) "package postfix 2.8.3-1 failed to install/upgrade: a tentar sobre-escrever '/usr/share/apport/package-hooks/source_postfix.py', que tambÃ©m estÃ¡ no pacote postfix-cdb 2.8.3-1ubuntu1" [Undecided,New] https://launchpad.net/bugs/822364
<FreezingCold> Anybody here know how to setup BIND9?
<KM0201> sorry..
<KM0201> no idea
<FreezingCold> I want to set it up so I can locally cache DNS records
<FreezingCold> and use it as a nameserver for my domain
<FreezingCold> Anyone know?
<josePhoenix> Hey all
<josePhoenix> What's the most widely used server monitoring software? Something that can restart daemons if they hang, show status, etc
<Bilge> >hanging daemons
<Bilge> You're doing it wrong
<josePhoenix> Well they haven't done that
<Bilge> This isn't #windows-server
<josePhoenix> But I'd like to know if they do :P
<jmarsden> josePhoenix: There are many, nagios, zenoss, zabbix, monit ...
<josePhoenix> jmarsden: I was looking at nagios and monit. Mainly asking here to find out if anyone knew about their relative strengths and shortcomings
<josePhoenix> Have you used any/all of those?
<JanC> plus several commercial solutions too
<jmarsden> I've used nagios a lot anf zenoss a little, plus some commercial ones.
<jmarsden> josePhoenix: It depends what you already know and what you want to monitor... nagios is a decent place to start for general purpose network monitoring, although learning to configure it can take some time.
<StevenR> monitoring is work, too. It's not something you can just install and expect to just work.
<josePhoenix> I have a kind of unusual setup, where a front-end server proxies to a few different services managed by different users. I was hoping to find some monitoring solution that could bring together status information for the different services and not require me to manage a monolithic config as root
<StevenR> josePhoenix: maybe try something like icinga or centreon then (nagios+frontend)
<josePhoenix> StevenR: naturally. I'm hoping to avoid work later on by doing this work up front :]
<StevenR> josePhoenix: exactly :)
 * StevenR does alot with monitoring at work
<JanC> which one to use might also depends on whether you need to support certain proprietary OSs etc. ;)
<josePhoenix> Can I specify the individual services in a user-owned config file, then have nagios load it? Or something along those lines?
<StevenR> josePhoenix: icinga and centreon all you to manage the config via the web
<StevenR> at least centreon certainly does
<josePhoenix> Well my provisioning script creates a skeleton for each service with some config files, so it would be a good place to put a skeleton config file
<josePhoenix> though if users can break the monitoring daemon with bad syntax or something I guess I wouldn't want to load their config files
<StevenR> josePhoenix: that's what centreon protects against
<StevenR> it's quite hard to break it via the web interface, but it does a config check before a restart as well, just to be sure
<josePhoenix> Hmm.. well I'd like to automate it as much as I can
<StevenR> we do that too.
<StevenR> I'm not sure how, but our prov system automatically adds hosts to centreon
<josePhoenix> Really, I'm just lazy. I don't want to edit things in the web interface if someone adds a gunicorn server that they want to monitor or something
<josePhoenix> Maybe I can use some shell script and sudoers to keep improper config files from being saved
<josePhoenix> It's more of a sanity check than anything. I don't think someone will try to do something malicious with nagios, but I don't want them to break it by accident ;]
<StevenR> josePhoenix: script the restart, so it won't restart if the config is wrong
<StevenR> (nagios can do a check-config-is-sane thing)
<josePhoenix> hmm this guy sounds like he has it figured out http://www.standalone-sysadmin.com/blog/2009/07/nagios-config/
<josePhoenix> Okay, I'll start reading up on nagios config files. Fun afternoon xD
<josePhoenix> Thanks for your advice StevenR
<StevenR> np
<hallyn> lifeless: yay, overlayfs ephemeral containers are working (with something like a 4 line diff against the aufs-only one :)
<lifeless> \o/
<hallyn> pad.lv down?  :(
<swimfins> I'm a lumberjack and I'm okay....
#ubuntu-server 2012-07-30
<koolhead17> hi all
<halvors1> I experiencing a issue here. When trying to setup IPv6 dhcp ("iface eth0 inet6 dhcp"). It doesn't work, and my mtu drops to 576.
<uvirtbot> New bug: #993249 in activemq (universe) "[SRU] activemq fails to start on Ubuntu 12.04" [High,Fix released] https://launchpad.net/bugs/993249
<halvors1> Anyone knows why?
<halvors1> Anyone knows howto setup dhcp client to request IPv6 Prefix Delegation in /etc/network/interfaces?
<Katronix> Hi all, can someone point me in the right direction as to how to do subdomains in bind? I can't seem to locate it
<franklinux> hello my friens, i hava a problem!, my iptables dont functions, My browser says "connecting ..." and then get "the connection has been reset"
<Katronix> franklinux I don't think anyone is actually here :(
<franklinux> I have a squid server, the network has configured the proxy works, but when I create iptables rules to enable direct ips and open ports, the browser says "connecting ..." load and at the end says the connection has been reset
<bitfury> hey guys, I just bought a 4 port PCI RS232 card for an ubuntu server but I'm not getting any connectivity using minicom
<franklinux> Katronix, you can help me???
<nibalizer> I'm here
<Katronix> I might be able to, put your iptables on to pastbin
<Katronix> nibalizer do you know anything about manually adding a subdomain to bind?
<bitfury> pastebin: http://pastebin.com/nVH6Mh1Y
<franklinux> ok
<nibalizer> Katronix: I can go look at my bind config if you want
<bitfury> I have an onboard serial port which works fine (ttyS0)
<nibalizer> this should be absurdly well documented online
<Katronix> nibalizer if you know where that would be fine, I find a ton of stuff about adding a domain, but not subdomains
<nibalizer> are you trying to delegate to another server?
<Katronix> nibalizer no same server
<nibalizer> http://www.zytrax.com/books/dns/ch9/subdomain.html
<nibalizer> does that help?
<mardraum> yes, $ORIGIN is what you need
<mardraum> also, probably #bind (and some google-fu as hinted)
<franklinux> Katronix, http://pastebin.com/aVqaQW3t
<Katronix> nibalizer so basically the name of the subdomain followed by IN A and the IP?
<franklinux> there are my iptables
<franklinux> Katronix, there are my iptables: http://pastebin.com/aVqaQW3t
<Katronix> franklinux is this your result of using iptables -L ?
<nibalizer> bitfury: is therer linux support for your pci card?
<nibalizer> do you have whatever driver you need for it loaded?
<franklinux> Katronix, there are the results with iptables -L
<franklinux> Katronix,  http://pastebin.com/ACYmGDMG
<franklinux> Katronix, For example, I try to open a site that is under https:// and not let me, I say connecting .... load and at the end says "the connection has been reset"
<bitfury> nibalizer: I guess it's not compatible, bought this card: http://www.geeks.com/details.asp?invtid=1001-0168-000A
<bitfury> :(
<Katronix> franklinux does it have an SSL on it?
<bitfury> I blindly bought it..
<franklinux> Katronix,
<franklinux> Katronix, no, that page is external, but I try to open or under enable iptables and I can not, I get in the browser is "connecting ..." for a while, and finally says "the connection has been reset"
<Katronix> you might need to tell it what to do with traffic on the web ports
<franklinux> Katronix, How can you to go it?
<Katronix> franklinux honestly I don't worry about it much as I'm behind a hardware firewall
<Katronix> nibalizer do you know of something I can use on the server to tell me how much bandwidth I've used? though I doubt I would ever come close to the 10 tb they give me, would be nice to keep track of it
<nibalizer> ifconfig shows you
<nibalizer> RX bytes:607371618079 (607.3 GB)  TX bytes:366623558692 (366.6 GB)
<Katronix> nibalizer would it know when to reset?
<nibalizer> i'm not sure how smart it is about that kind of stuff
<Katronix> k
<nibalizer> if you could reset it, a cron to run it montly would be cool
<Katronix> yeah
<nibalizer> or simply a cron to take the numbers and write to a file
<nibalizer> maybe a little script to do some math
<Katronix> true
<nibalizer> or maybe this is the wrong tool for the job
<Katronix> it would depend on if ifconfig is all time, or just since last boot lol
<nibalizer> iptraf is cool too
<Katronix> well I seemed to have solved the subdomain issue, now just need to figure out getting apache to work with it.. but for now sleep
<Katronix> nibalizer thanks for the help
<uvirtbot> New bug: #1006447 in spamassassin (main) "backport _SCORE(pad)_ fix (upstream #6651)" [Low,Expired] https://launchpad.net/bugs/1006447
<esuave> how come when i recompile apache with a newer version of openssl installed it keeps showing the old version is installed? can anyone help me out please?
<RoyK> anyone here that knows if iscsiadm and friends support using an iscsi hba and actually offloading the iscsi parts to it, rather than just using it for transport
<RoyK> ?
<Pupeno_W> Is there some way to specify what to do on reload in upstart? I want to send HUP to a specific process.
<atul_> ola zul
<koolhead17> hola zul
<zul> hi
<koolhead17> how is your knee sir ?
<zul> koolhead17: fine thanks for asking
<koolhead17> adam_g, are you awake?
<ironm> Hello. I am not sure if it is a bug in ubuntu-server or just wrong settings on my fresh ubuntu-server 12.04 box. I use encryption for the boot drive and also an additional encrypted volume due to the entries in /etc/crypttab and /etc/fstab (see. http://paste.debian.net/181178/ ). When I open the luks volume manually with "tcryptsetup luksOpen /dev/sdb secret" he passphrase input is "hidden". During the boot the passphrase input for th
<ironm> e additional volume is "echoed" to the display what I don't want.
<ironm> is it a know bug or do I need to modify the setting? Thank you in advance for any hints.
<uvirtbot> New bug: #1030860 in maas (main) "DNS is not enabled." [Undecided,New] https://launchpad.net/bugs/1030860
<blizzkid> Hi all, does anyone have a (link to a) good description of how the mechanism works that mounts a USB-key in /media/[USB-key-ID]? I can't seem to find any *decent* documentation about it.
<lordievader> blizzkid: Not entirely sure, but I think udev deals with those kind of things, perhaps that is a start.
<blizzkid> lordievader: nope, that was my initial thought.
<lordievader> blizzkid: It also does not give you a hint to something that udev calls to do it for him?
<blizzkid> lordievader: nope. AFAIK it used to be that way, but seems things have changed. Nothing in udev points me even slightly in the right direction.
<halvors> Seems like opendchub is no longer avaliable in the Ubuntu repositories. Is there an alternative DC Hub i can use?
<glosoli> Is there any easy way of having mail server, some kind of all in one DEB Package from APT ?
<ironm> glosoli, have you checked postfix?
<_ruben> install "Mail server" using tasksel?
<glosoli> ironm: too complated to configure
<glosoli> _ruben: hmm will it configure everything ?
<glosoli> most of the things I meant
<_ruben> glosoli: define "everything"
<glosoli> like configure needed parts, and I will be left of only setting domains and then creating addresses and emaisl
<_ruben> glosoli: i'd expect so, never tried it myself tho
<ironm> glosoli, the default mail server of ubuntu is postfix
<glosoli> ironm: which requires a lot of configuring by hand
<ironm> glosoli, most of configuration questions have to be answered during the installation
<ironm> glosoli, you have to know how to use text editor however .. and understand what you are doing
<glosoli> ironm: what about smth like cyrus ?
<ironm> more complicated than postfix ... even it is not real smtp-server
<ScottK> sudo apt-get install dovecot-postfix amavisd-new-postfix will get you 99% of the way there, however amavisd-new-postfix has a signficant bug, so if you're on 12.04, want the version from precise-proposed.
<glosoli> ScottK:  well I had hard time with dovecot before...
<ScottK> dovecot-postfix will do a lot of the configuring for you.
<ironm> glosoli, that is true .. dovecot is a bit hard to configure (due to the understanding what is there going on ... )
<ScottK> And ironm is right, you'll need to understand what's going on.  Those packages are just to get you started with a generally working configuration.
<ironm> ScottK, I guess that amavisd is a antivirus filter software .. right?
<ScottK> That pulls in, in addition to itself, clamav and spamassassin and together they do A/V and spam detection.
<ironm> thank you ScottK
<ironm> I don't use any (as I use linux everywhere on my desktops)
<glosoli> ok thanks..
<glosoli> ironm: in btw, what's wrong with Cyrus
<glosoli>  ?
<ironm> glosoli, it is not up to date anymore
<ironm> in my opinion ...
<ironm> glosoli, you have two main choices 1. postfix and 2. sendmail. all other stuff is nor really that what I want.
<glosoli> ironm:  Dunno, I had so much time wasting tryting to configure either, documentations are not up to date
<glosoli> tutorials too
<ironm> and sendmail is more complicated to configure
<ironm> glosoli, yes .. the documentation is a bottleneck
<glosoli> ironm: Can you point me to any good resources for Postfixâ¦ ?
<ironm> glosoli, http://www.postfix.org/documentation.html
<ironm> http://www.postfix.org/docs.html
<ScottK> The Ubuntu Server Guide has good step by step instructions.
<glosoli> So basically to setup something like Roundcube for working and etc, I will need Postfix, RoundCube itself, and some web interface would be cool for creating emails
<glosoli> what could you recommend
<glosoli>  ?
<ironm> glosoli, in my opinion web-interface for email-client is not recommended due to security reasons. I use icedove myself (with dovecot/postfix)
<mardraum> roundcube is php software, so you'll need postfix, dovecot (or similar), apache (or similar) and some php provider
<glosoli> mardraum:  I have seen it's possible to set up it iwth Cyrus hm
<mardraum> why would you
<glosoli> Things like dovecot drives me nuts.
<mardraum> things like?
<ironm> glosoli, you are not alone ;) ... <glosoli> Things like dovecot drives me nuts.
<glosoli> mardraum: like being some kidn of package meant for linux hackers to configure, spending days by days for daily user tryed to get it working withou ability to find any proper tutorial or documentation
<mardraum> you were probably trying to setup some dumb design with vhosts and mysql and some random library a dude with a blog told you that you totally needed
<glosoli> mardraum:  might be, the official documentations are even more mess
<mardraum> the dovecot config file is entirely readable
<glosoli> readable for Linux hackers as I mentioned above
<mardraum> linux hackers?
<glosoli> the people who are a lot of into console
<mardraum> if you find dovecot hard, you may be in ther wrong channel, just sayin.
<mardraum> the*
<glosoli> ah ok, I forgot that' sorry  if some documentation is too hard to follow, it's likely user who is stupid :)
<glosoli> Anyway thanks for help :)
<ironm> glosoli, you have two IRC channels: #dovecot and #postfix
<glosoli> ironm: Tryed out they "awesome" support already
<glosoli> :)
<pmatulis> glosoli: i'm not sure what you meant by 'daily user' but setting up a mail infrastructure for the first time will require a fair amount of study and perseverance
<glosoli> pmatulis:  yeah, I understand that  : >
<uvirtbot> New bug: #1030911 in horizon (main) "traceback after install: No module named glanceclient.common" [High,New] https://launchpad.net/bugs/1030911
<pmatulis> glosoli: it's a strange paradox that the technology that an end-user first latches onto (easy from their pov) is a technology that is actually one of the most challenging from an admin's pov
<pmatulis> (technology being 'email' in this case)
<uvirtbot> New bug: #1030928 in horizon (main) "AttributeError: 'module' object has no attribute 'urls'" [High,New] https://launchpad.net/bugs/1030928
<Kingsy> does anyone know of a working ppa that has the latest version of xdebug in it ?
<Daviey> smoser: uho.. am i the new jamespage?
<Daviey> daviey@smithers:~$ ssh-import-lp-id davewalker
<Daviey> WARNING: Invalid keys at [https://launchpad.net/~davewalker/+sshkeys]
<Daviey> (lucid)
<jamespage> Daviey, lol
<smoser> Daviey, you'll need to file a bug on windows 8, which i presume is your new OS.
<smoser> or, lucid sucks. we released a new LTS. you should use it.
<Daviey> smoser: No, it's the new OSX.
<Daviey> smoser: I demand te full 5 year support.
<Daviey> (only updated this box from hardy a few weeks ago :)
<Daviey> smoser: it's one of the build boxes for mythbuntu... and smithers doesn't look happy.. http://smithers.mythbuntu.org/
<smoser> Daviey, we can SRU that to lucid if you'd like.
<smoser> and i will again state, that i found the checking of keys to be stupid and did not write it.
<Daviey> smoser: but what is my issue?!!??!!?!
<tgm4883> Daviey, you have invalid keys
<tgm4883> ;)
<smoser> Daviey, its either the blank lines or the ^M
<Daviey> bah
<smoser> or the fact that you have a public key whose private key is widely distributed in there.
<smoser> yeah, i remember ...P4WX3f0bEmkkluw== well.
<smoser> ok, i just wanted to see if i could see you jump. thats not the case (that i know of).
<RoyK> Daviey: perl -pe 's/\r//g' -i somefile # :-Ã¾
<jdstrand> adam_g: hi! do have any idea why I might be seeing this in /var/log/keystone/keystone.log (set logging to DEBUG) when using euca-describe-instances:
<jdstrand> (eventlet.wsgi.server): 2012-07-30 10:59:16,602 DEBUG 127.0.0.1 - - [30/Jul/2012 10:59:16] "POST /v2.0/ec2tokens HTTP/1.1" 404 274 0.008214
<zul> jamespage: what do i need to do to the MIR to get it on your list?
<jamespage> zul, if its on this list http://reports.qa.ubuntu.com/reports/ubuntu-server/release-bugs.html
<jamespage> I have one eye on it
<zul> jamespage: ok how do i get it on yruo list
<jamespage> zul, do you want me to pickup the openvswitch MIR?
<zul> jamespage:  sure if you want
<jamespage> zul, well I'm not sure I 'want' but I 'can'
<jamespage> :-)
<zul> jamespage: sure you can :)
<jamespage> lol
<jamespage> zul, it looks like its be assigned to jdstrand anyway - what needs doing to it?
 * jamespage looks
<zul> jamespage: looks like security review
<jamespage> zul, agreed
<jdstrand> zul, jamespage: it's in progress. if I can get openstack working on quantal I might be able to get somewhere
<jdstrand> adam_g: keystone service-list and keystone endpoint-list look ok
<jdstrand> adam_g: ah! I think I found it. nm
<Daviey> jdstrand: I really think openvswitch should be considered for MIR outside of openstack.
<Daviey> It has real life use cases not directly associated with openstack.
<ScottK> "Has real life uses" isn't a criteria for main.
<jdstrand> Daviey: that's fine, but quantum wants it and that is presumably the main use case (at least as described to me)
<jdstrand> (both openvswitch and quantum are in progress)
<Daviey> ScottK: Please feel free to inspect each of my sentences, and misinterpret them as you see fit.
<ScottK> Thanks.
<jdstrand> ok, I think I finally have my openstack issues worked out
 * jdstrand crosses fingers
<glosoli> how can I get the date of package installation
<glosoli>  ?
<RoyK> glosoli: I don't think that's recorded, but if you haven't done an "apt-get clean", the packages should be in /var/spool/cache/apt/archives, and the file date there should say when the package was downloaded, which may be the same as when it was installed
<glosoli> eh
<glosoli> it's a pity then
<RoyK> heh - running apt-get clean regularly?
<glosoli> dunno I don't remember might have run some weeks ago
<glosoli> :D
<glosoli> RoyK: ah wrong dir it was /var/cache/apt/archives
<RoyK> glosoli: ah - sorry
<smoser> stgraber, around ?
<stgraber> smoser: yep
<smoser> i'm having an issue with reoslvconf wrt overlayroot
<smoser> /etc/resolv.conf is not getting updated
<smoser> stgraber, could you take a look at ubuntu@ec2-107-22-60-153.compute-1.amazonaws.com and see if anything sticks out to you as broken ?
<smoser> (you should be able to get in with stgraber@castiana)
<stgraber> smoser: so resolvconf is working properly but nothing has populated resolvconf... (/run/resolvconf/interface/ is empty)
<stgraber> checking if I can figure out why
<smoser> so without the overlayroot, it works fine.
<stgraber> smoser: I think I see the problem, you're mounting the overlay after /run was mounted, it should be the other way around
<smoser> well that is what i thought was the issue to, but i dont know why that would be.
<smoser> the overlay is the root filesystem
<smoser> (set up by initramfs)
<stgraber> according to /proc/mounts, / was mounted after /run, so if the resolvconf/interface entry was added to /run before / was mounted over it, it'd be hidden, explaining the current behaviour
<RoyK> sounds like insanity to me...
<stgraber> smoser: how likely am I to loose access to the instance if I kill and respawn dhclient?
<smoser> no. magically not. and you will get the update.
<smoser> (i tried that)
<smoser> i think you'r eright aobut /run.
<smoser> i'll have to muck around in the initramfs
<stgraber> smoser: what we do in casper is setup /root as overlayfs, then use "mount --move /run/ /root/run" before the pivot_root + init call
<smoser> which is what the initramfs ususally does
<smoser> stgraber, thanks for pointing me in the right direction. i can likely figure it out.
<stgraber> smoser: np. let me know if I was wrong and it needs more investigation on resolvconf's side
<zastaph> I installed xorg, and ran sudo xstart .. does that mean x server is running?
<zastaph> because an app that depends on it says it isnt
 * genii-around ponders why this app which needs X is running on a server
<zastaph> http://cutycapt.sourceforge.net/
<zastaph> "You cannot use CutyCapt without an X server"
<zastaph> does it even make sense to use x server on ubuntu server ?
<genii-around> zastaph: Not usually, since the idea is it is supposed to be a box dedicated to to doing something like feeding out pages or files or data...so the client is where the gui is. And then you ssh in and administer, or use web-based control like ebox
<genii-around> In thin-client server scenario different of course
<zastaph> will try from desktop then
<smoser> stgraber, your argument was that /proc/mounts eclared that /run was mounted before /, right?
<smoser> but that is "normal"
<stgraber> smoser: hmm, indeed, I guess /proc/mounts won't change ordering after the --move call...
<smoser> right.
<smoser> so i dont think that that was the issue.
<smoser> its possible (but hard to tell) that /run is not really a tmpfs, but it is surely writable
<stgraber> smoser: can you pastebin /proc/<pid of dhclient>/mountinfo?
<stgraber> that should make it possible to figure out the stacking of the various fs and know exactly what /run is supposed to be at that point
<smoser> http://paste.ubuntu.com/1119965/
<skrite> hey all.
<stgraber> hmm, that looks good
<moxie_man> I have a dd-wrt router and a linux mint server which has a heavy network load. I want to dynamically throttle back the linux mint server /only/ when other computers on the network experience low throughput.
<stgraber> smoser: can you get me access to that instance again?
<smoser> well, that one is dead :)
<smoser> but to another, sure.
<moxie_man> I am wondering if there is a direction you could point me in
<skrite> is it possible, with one sql-server, to run cluster tables (ndb) and another type of database engine (innodb or myisam) in the same sql server? i only need to cluster often-used tables
<smoser> stgraber, ubuntu@ec2-50-16-102-212.compute-1.amazonaws.com
<stgraber> smoser: missing my ssh key apparently?
<smoser> try again
<moxie_man> the keyword I was looking for was "prioritize"
<stgraber> smoser: ok, worked now
<stgraber> smoser: hmm, what happened to /var/log/upstart in there? :)
<smoser> what do you mean?
<smoser> its a new instance.
<stgraber> yeah, I guess I'm too used to systems producing some kind of job output, so finding a system with missing or empty /var/log/upstart just looks weird
<jdstrand> aha!
<jdstrand> Daviey, adam_g: so, if I do 'keystone ec2-credentials-create' and then 'keystone ec2-credentials-list', I can see my new credential. if I reboot then do 'keystone ec2-credentials-list', then it is gone
<smoser> stgraber, what is it that actually /etc/resolv.conf . is it /etc/resolvconf/update.d/libc ?
 * jdstrand files a bug
<Daviey> jdstrand: we don't do any reboot testing really :/
<zul> but we do test :)
<stgraber> smoser: yeah, in theory you dhclient should trigger /etc/dhcp/dhclient-enter-hooks.d/resolvconf that creates a file in /run/resolvconf/interface and triggers resolvconf which will then call /etc/resolvconf/update.d/libc to generate /run/resolvconf/resolv.conf
<jdstrand> well, at least I know what the problem is
<stgraber> smoser: in a regular instance, do you usually get dhclient to log to syslog? (just noticed it didn't in the overlay one)
<jdstrand> now I can work around it be creating them each time
<adam_g> jdstrand: that may not be a bug, ec2-credentials may be meant to be epehemeral
<adam_g> im not sure, tbh
<jdstrand> adam_g: they persisted on precise
 * jdstrand just verified that
<smoser> stgraber, checking
<jdstrand> but, I'll see if I can find a config option
<smoser> stgraber, http://paste.ubuntu.com/1120012/
<smoser> thats a fresh pure instance
<smoser> /var/log/syslog
<stgraber> ok, so dhclient always fails to log to syslog in the cloud instances, not specific to overlay
<jdstrand> this kinda implies they are persistent as well: "Migration of users, projects (aka tenants), roles and EC2 credentials is supported for the Essex release of Nova. To migrate your auth data from Nova, use the following steps:..."
<adam_g> jdstrand: what is your ec2 driver set to in keystone.conf?
<jdstrand> keystone.contrib.ec2.backends.kvs.Ec2
<jdstrand> (whatever the default is)
<adam_g> jdstrand: set that to ...sql.Ec2
<jdstrand> (this is not an upgrade-- I abandoned that idea and this is a fresh nistall with just 12.10 packages)
<adam_g> jdstrand: kvs = in-memory key value store, totally lost on restart, not sure why it exists
<jdstrand> adam_g: oh wow-- or that it is the default! :)
<adam_g> jdstrand: yup
<jdstrand> adam_g: that was it exactly. on reboot, they are still there
<adam_g> jdstrand: i believe we carried a patch on precise to set all backends to sql by default. we'll do the same this time around, im sure
<Daviey> adam_g: that was the only option until you added persistence, no?
<adam_g> Daviey: for the service catalog, yea. well, the other option for persistence is a flat config file
<jdstrand> adam_g: fyi, bug 1031012. I updated with your find
<uvirtbot> Launchpad bug 1031012 in keystone "ec2-credentials are not persistent across reboots" [High,Triaged] https://launchpad.net/bugs/1031012
<adam_g> jdstrand: thanks
<jdstrand> adam_g: thank you! :)
<stgraber> smoser: can you do a test boot with the file I put in /etc/dhcp/dhclient-enter-hooks.d/run? I used /tmp for the debug data but I'm not sure it's going to be writable whenever dhclient will get spawned but at the same time I don't quite trust /run at that point either ;)
<uvirtbot> New bug: #1031012 in keystone (main) "ec2-credentials are not persistent across reboots" [High,In progress] https://launchpad.net/bugs/1031012
<smoser> stgraber, you can do whatever you want there.
<smoser> if you want something to stick across boot, edit it in /media/root-ro, use 'sudo overlayroot-chroot vi /etc/dhcp/dhclient-enter-hooks.d/run'
<jdstrand> adam_g: not sure what you think about this, but I set:
<jdstrand> [logger_root]
<jdstrand> level=DEBUG
<jdstrand> in logging.conf
<smoser> (i can do it if you'd like, but feel free to own that instance. i'm debugging on another)
<jdstrand> adam_g: I found it hard to debug keystone with WARNING
<jdstrand> adam_g: 2 cents
<adam_g> jdstrand: agreed
<stgraber> smoser: ok, will do that then
<stgraber> smoser: abusing the kernel log buffer as a way of getting reliable storage ;)
<smoser> stgraber, well, hmm..
<smoser> maybe this is not unrelated.
<smoser> but in the initramfs ii'm wiring to /dev/.initramfs/overlayroot.txt
<smoser> or something
<smoser> ie, using the devtmpfs mount for that.
<stgraber> smoser: based on my debug, it looks like dhclient is ran in initramfs before anything is really mounted?
<stgraber> smoser: http://paste.ubuntu.com/1120037/
<smoser> lsinitramfs /boot/initrd.img-3.5.0-6-generic | grep dh
<smoser> seems to imply otherwise
<smoser> stgraber, ^
<stgraber> yeah, not sure what's going on, but the /proc/mounts is definitely completely wrong at that point in the boot sequence
<stgraber> adding some more debug in there, that kernel log is starting to get quite long ;)
<smoser> stgraber, resolvconf.conf (from upstart) is expected to run before anything else, right?
<smoser> i logged command and parameters for the files shown http://paste.ubuntu.com/1120065/
<smoser> and thats the order they're getting called in.
<stgraber> smoser: in most cases it'll be run before anything else, but it shouldn't be a requirement or that'd cause a race
<stgraber> though it indeed looks like that's the reason of the failure...
<stgraber> resolvconf: Error: /run/resolvconf/interface either does not exist or is not a directory
<stgraber> smoser: ^
<uvirtbot> New bug: #1031021 in nova (main) "nova x509-create-cert times out" [Undecided,New] https://launchpad.net/bugs/1031021
<smoser> stgraber, so 'start on mounted MOUNTPOINT=/run' (/etc/init/resolvconf.conf) must not block
<stgraber> smoser: yeah, that's it... adding "mkdir -p /run/resolvconf/interface" to /etc/dhcp/dhclient-enter-hooks.d/resolvconf fixes it. Not sure it's the right fix though
<smoser> so that job doesn't block
<smoser> and /etc/init/networking.conf is then running
<smoser> before /etc/init/resolvconf.conf ever ran
<r3dLunchb0x> how can I setup out put of someones home directory when they login or make it part of their prompt?
<stgraber> smoser: only the start on *ing (starting, stopping, ...) are blocking and they're only blocking for something that depend on them, which isn't the case of networking.conf or network-interface.conf
<smoser> um..
<smoser> man mounted
<smoser> that should block
<smoser> so maybe mountall is confused by the overlayfs mounts.
<stgraber> that or it's not networking.conf bringing the interface up
<stgraber> "block" in upstart term means blocking the emission of the started event, so it's only blocking stuff that depends on it
<stgraber> network-interface.conf only depends on the kernel
<stgraber> hmm, that's a bit wrong actually, network-interface.conf can only be triggered once upstart-udev-bridge is started
<stgraber> and upstart-udev-bridge is "start on starting udev" and udev is "start on virtual-filesystems"
<smoser> stgraber, well, networking.conf is start on local-filesystems
<smoser> which, per man page, cannot occur until after virtual filesystems
<smoser> which shouldn't occur until after MOUNTED=/run
<smoser> (or i thought that is what was guaranteeing this)
<off_om> hi
 * stgraber tests to know which of network-interface.conf or networking.conf is configuring eth0 (or if it makes any difference)
<off_om> anyone  configured successfully with ddcliente joker.com? ubuntuserver 12.04
<off_om> *
<smoser> stgraber, i think you're right. its probably network-interface.conf that is bringing it up.
<stgraber> smoser: apparently. I disabled /etc/init/networking.conf and I'm still getting the same behaviour
<smoser> /sbin/resolvconf is just assuming that IFACE_DIR="${RUN_DIR}/interface" exists.
<smoser> and the only thing thats going to make that is /etc/init/resolvconf.conf
<stgraber> smoser: can you diff "mountall -v" between an overlay and standard instance?
<esuave> so how can i create an image of a running ubuntu server VM? i wanna create a USB restore install
<smoser> you mean just run ?
<smoser> stgraber, you just want hte output of those ?
<esuave> basically just wanna have a custom build of ubuntu to deploy to any server
<smoser> or you want output of mountall --debug
<stgraber> smoser: comparing the output of "mountall -v" should let you know what's considered local, virtual, ... by mountall
<smoser> stgraber, normal: http://paste.ubuntu.com/1120127/  overlayroot: http://paste.ubuntu.com/1120128/
<uvirtbot> New bug: #1031043 in lxc (universe) "-t ubuntu -- -h still creates container" [Undecided,New] https://launchpad.net/bugs/1031043
<smoser> stgraber, i'm pretty sure its just a race condition.
<smoser> here is mountall --debug output from overlay: http://paste.ubuntu.com/1120170/ , normal: /tmp/mountall-debug-normal.txt
<smoser> the idfference is that in the overlayroot case, / is mounted readwrite (i wasn't the overlayfs mount read-only).
<smoser> and that is causing a different path through different events, exposing the resolvconf race condition.
<stgraber> hallyn: pushed a simple bugfix to ubuntu:lxc (wrong echo call in lxc-start-ephemeral). Won't upload for something that trivial though.
<uvirtbot> New bug: #1031063 in nova (main) "libvirt_type=qemu is not honored" [Undecided,New] https://launchpad.net/bugs/1031063
<stgraber> smoser: sounds like a bug that we should be discussing with slangasek at least. One idea would be to change network-interface.conf to include "and mounted MOUNTPOINT=/run" and then change resolvconf to include "or starting network-interface"
<smoser> bug 1031065
<uvirtbot> Launchpad bug 1031065 in resolvconf "/sbin/resolvconf -a depends on /run/resolvconf/interface but it may not exist" [Undecided,New] https://launchpad.net/bugs/1031065
<stgraber> which should ensure that resolvconf is always started before an interface is brought up and should also make sure we won't start resolvconf before /run is mounted
<Daviey> jdstrand: 1031063.. what CPU do you have?
<jdstrand> kvm_intel
<jdstrand> I am trying with nested=0 now
<Daviey> jdstrand: Well, we nest by default.. and that is what it is trying
<jdstrand> yes, but I tried to override that
<jdstrand> libvirt_type=qemu is what I thought that would do
<Daviey> jdstrand: i /think/ qemu==kvm
<Daviey> if you don't have kvm kernel support, then it should fallback to qemu.
<jdstrand> well, I couldn't load kvm_intel in the guest at all, even if the host has nested=1. this might end up being a won't fix or a kernel bug
<jdstrand> 'vmx' would show up in the virsh capabilities of my openstack guest
<jdstrand> so it was probably fooled
<jdstrand> even though I couldn't load kvm_intel in there
<Daviey> jdstrand: what is the host CPU model?
<jdstrand> i7
<Daviey> jdstrand: ahhhh.. i bet you don't have the kernel extras?
<jdstrand> kernel extras?
<Daviey> jdstrand:  in the instance, are you runnig -virtual or -generic?
<Daviey> precise or quantal? ;)
<jdstrand> oh, probably generic
<jdstrand> yes
<jdstrand> -generic
<Daviey> gah, dammit.. the virtual kernel didn't include the kvm kernel support, and needed the -virtual-extra's package
<jdstrand> precise host (-generic), quantal openstack guest (-generic) trying to start an instance
<jdstrand> Daviey: should my openstack server being running -virtual?
<jdstrand> (ie, it is a guest)
<Daviey> no
<Daviey> well, if it is.. you need the extras package to modprobe kv,
<Daviey> kvm*
<jdstrand> Daviey: I'm confused-- my host is precise. it is running an openstack quantal server
<jdstrand> Daviey: I installed in the openstack quantal server linux-virtual and linux-image-extra-virtual, but it doesn't seem to do anything
<jdstrand> ie, I only have /lib/modules/3.5.0-6-generic, nothing else
<jdstrand> if I try to remove -generic, it tries to remove everything
<Daviey> jdstrand: no.. sorry, perhaps i wasn't clear
<jdstrand> I cannot load the kvm_intel module in the openstack quantal server, even though my host used nested=1
<Daviey> -virtual is a minimal kernel with less support.
<Daviey> -generic is ideal
<jdstrand> ok
<Daviey> jdstrand: So, your host machine is precise, and you are running quantal in kvm, outside of openstack.
<jdstrand> so reloading with nested=0 and then booting the openstack quantal server resulted in it not working either
<Daviey> In that VM, you are running nova?
<albert23> with generic you need -extra too? (linux-image-extra-3.5.0-6-generic: /lib/modules/3.5.0-6-generic/kernel/arch/x86/kvm/kvm-intel.ko)
<jdstrand> Daviey: yes. virtualized openstack, as per https://wiki.ubuntu.com/SecurityTeam/TestingOpenStack
<jdstrand> albert23: I have that file, I can't load it
<jdstrand> FATAL: Error inserting kvm_intel (/lib/modules/3.5.0-6-generic/kernel/arch/x86/kvm/kvm-intel.ko): Input/output error
<Daviey> no, -extra is JUST for virtual to give you a fuller kernel
<jdstrand> I see
<jdstrand> let me double chek my virtualized precise openstack could launch an instance
<Daviey> jdstrand: in precise, $ grep -i ^KVM_NESTED /etc/default/qemu-kvm
<Daviey> KVM_NESTED=" nested=1"
<Daviey> right?
<jdstrand> yes, my precise openstack launches it fine
 * jdstrand checks
<jdstrand> Daviey: yes (this is a default install)
<Daviey> hmm
<jdstrand> I think it might be a kernel issue
<Daviey> So to clarify, precise host.. launching precise openstack, it works as expected... launching quantal openstack, it fails?
<jdstrand> the precise openstack can load the kvm_intel module fine
<jdstrand> Daviey: yes. <myhost> -> <precise openstack> -> instance = instance runs
<jdstrand> Daviey: yes. <myhost> -> <quantal openstack> -> instance = instance fails
<jdstrand> s/yes.//
<jdstrand> <precise openstack> has kvm_intel loaded
<jdstrand> <quantal openstack> does not
<Daviey> jdstrand: suck.  This isn't something that is currently tested...
<jdstrand> (and I can't)
<jdstrand> this sounds like maybe hallyn's area-- I know he tests qemu quite a bit and thought it was with nested virtualization
<Daviey> So this isn't really an openstack issue as such.. (although, ungracefully failing is).. but a direct kvm/kernel issue?
<jdstrand> Daviey: that is what I am thinking now
<jdstrand> I thought 'qemu' meant, you know qemu
<jdstrand> :)
<jdstrand> Daviey: but there is likely another bug there where openstack doesn't fallback to qemu when the cpu doesn't support it, but I understand that is not a priority
<Daviey> jdstrand: Well, you can blame me for exposing it by default.. https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu7 ;)
<jdstrand> Daviey: it works beautifully on precise :)
<Daviey> jdstrand: well, so.. lets look at this another way.. If i start a quantal kvm instance on precise, i should be able to modprobe kvm.. but currently failing?
<aarcane> I'm trying to decide between ssmtp and nullmailer for my LAMP server, and I remember the primary difference is that one works in offline mode by storing messages to send later, and the other works only when the target SMTP server is readily available, but I don't remember which is which.  Does anyone know?
<jdstrand> Daviey: kvm*_intel*. kvm loaded fine
<Daviey> jdstrand: right
<Daviey> jdstrand: amd64 all the way, right?
<jdstrand> the host and guest are both amd64 installs, yes
<Daviey> huh
<Daviey> ubuntu@server-378:~$ sudo apt-get install qemu-kvm ; sudo modprobe kvm-intel
<Daviey> FATAL: Module kvm_intel not found.
<Daviey> confirmed.
<jdstrand> Daviey: that is a different error than I get
<jdstrand> here it finds the module
<jdstrand> but can't load it
<Daviey> jdstrand: Ah, IS pulled the rug out from under me..
<Daviey> this is an AMD server.
<jdstrand> Daviey: fyi, bug #1031090
<uvirtbot> Launchpad bug 1031090 in linux "kvm_intel not loadable in a quantal guest" [Undecided,New] https://launchpad.net/bugs/1031090
<Daviey> jdstrand: apt-get install linux-image , in guest.. doesn't give anything?
<jdstrand> Daviey: I didn't have linux-image installed. I just installed it and it worked fine
<jdstrand> (ie package install, not kvm_intel loading, which still fails)
<jdstrand> dmesg is silent on the issue
<r3dLunchb0x> trying to setup quotas for user home directories on 12.04, but not working.
<Daviey> jdstrand: confimed, it's an intel only issue
<jdstrand> Daviey: I guess it is good that it is confirmed, unfortunately for me, the combination of the openstack and the kernel bug means I can't launch instances :\
<jdstrand> Daviey: how important is nested virtualization to you guys?
 * jdstrand is trying to figure out if he is on his own here...
<Daviey> jdstrand: well, it really makes life good.
<Daviey> but not vital
<Daviey> jdstrand: I've been using AMD as of late, so not noticed it.
 * jdstrand nods
<Daviey> canonistack region 2 seems to be AMD, region 1 Intel
<jdstrand> Daviey: yeah, reloading kvm_intel nested=0 and booting my quantal openstack vm, I see no kvm module loaded, but <domain type="kvm">
<Daviey> jdstrand: okay, well.. i'm not sure if it's an openstack bug, or a libvirt bug then.
<Daviey> hmm
<jdstrand> I agree (I don't know either)
<Daviey> with nested on the host OFF.. it should fall back from kvm to qemu under the scenes.. does it not?
<Daviey> ie, it should start an unaccelerated guest.
<jdstrand> that is what I am testing and didn't think it did-- but I might have messed something up. hold on
<Daviey> s/guest/instance
<jdstrand> ok <domain type="kvm"> is confirmed
<jdstrand> but no guest. let me see why
<jdstrand> 2012-07-30 16:31:13 TRACE nova.compute.manager [instance: f90f97cc-3d75-48d0-9eab-b2aa2aae8ee2] libvirtError: internal error no supported architecture for os type 'hvm'
<jdstrand> Daviey: it is not falling back
<Daviey> *sigh*, the kernel team don't have a git bisect script.. :/
<Daviey> jdstrand: Well, the libvirt xml generation was re-written for quantal.. seems this *could* be a regression.
<Daviey> or.. still, a libvirt one.
<Daviey> or even a qemu one
<Daviey> Or i have NFI.
<Daviey> :)
<jdstrand> shoot, it could be qemu-kvm too-- depending on how it was invoked
<jdstrand> heh
<jdstrand> good times
<Daviey> traditionally, we stopped the lbvirt xml generation not include the line.. allowing libvirt to fill it in, depending on what it felt best suited.
<jdstrand> libvirtd.log is not super helpful. it clearly wants pm-utils
<jdstrand> oh, wait
<jdstrand> nm
<jdstrand> <type>hvm</type> is all it has
<jdstrand> let's see if I can force it
<jdstrand> Daviey: I think it might be a libvirt thing
<jdstrand> Daviey: if I copy/paste the cml from nova-compute.log I can shove it into precise's libvirt no problem
<jdstrand> Daviey: xml
<jdstrand> Daviey: however, if I take the same xml, I get an error on quantal's libvirt
<jdstrand> Daviey: if I change this line:
<jdstrand> <type>hvm</type>
<jdstrand> to be:
<jdstrand> <type arch='x86_64'>hvm</type>
<jdstrand> Daviey: then it works on quantal
<uvirtbot> New bug: #1031065 in cloud-init (main) "/sbin/resolvconf -a depends on /run/resolvconf/interface but it may not exist" [Undecided,New] https://launchpad.net/bugs/1031065
<Daviey> jdstrand: good find!
<JonEdney> Anyone familiar with a way to uninstall sendmail?  I installed dovecot and postfix, and sendmail is causing a problem, but apt-get remove isn't working, says no sendmail package.
<lamont> postfix delivers a binary called "sendmail", as required by policy.  It also forces the removal of sendmail (via Conflicts: sendmail)
<JonEdney> I see, I kinda figured it was something attached somewhere; I had to stop the service 'sendmail' to continue troubleshooting.
<ScottK> JonEdney: sudo apt-get remove postfix will actually remove it.
<JonEdney> ScottK - I think I need postfix; I'm learning working on my VPS.
<ScottK> So if you think you don't need sendmail, you're probably not looking at the problem correctly.
<ScottK> I'd suggest "sendmail causing problems" was a symptom, not a cause.
<JonEdney> Thats what Im trying to get to the bottom of the problem; I installed ISPConfig on my VPS the other day, and the mail server is giving me access errors when trying to send mail, someone said sendmail needed to be removed after I showed my logs, and thats where I'm at.
<ScottK> No, your problems started at "I installed ISPConfig".
<JonEdney> I'm hearing that also tbh - of course it was after the fact.
<PatrickDK> you should ask the ispconfig people how to fix your issues
<PatrickDK> as help in here, while *will fix* the issues, will probably break ispconfig
<ScottK> These huge mega-control systems don't work well and AFAIK, most any of them that have been packaged for Debian/Ubuntu have been removed as irredeemably buggy.
<JonEdney> Yeah thats what I'm doing also PatrickDK - this is a learning curve for me, I'm considering getting rid and starting fresh.
<ScottK> Zentayl (or something similar) is AFAIK, the only exception.
<PatrickDK> the biggest issue is, if something goes wrong, you have no place to go
<ScottK> JonEdney: You'll learn a lot more and have a more secure/stable system if you do it without such a package.
<PatrickDK> you need to learn it all anyways
<JonEdney> Yeah, and thats my goal is to learn and continue to do so.  ISPConfig just seemed like a neat installer.
<JonEdney> Thanks for the tid-bits guys.
<PatrickDK> there is the joined dovecot-postfix package
#ubuntu-server 2012-07-31
<miceiken> anyone up at this hour?
<miceiken> trying to set up pptpd server
<miceiken> anyone able to assist me?
<hallyn> stgraber: ok - i'm out this week so i'm unlikely to be pushing anything.  but will look for it when i do.
<huhongbo> i mount the 12.04 iso to /media/cdrom then run apt-cdrom ,nothing happened .just say "Repeat this process for the rest of the CDs in your set"
<huhongbo> the sources.list is nothing added
<uvirtbot> New bug: #1004494 in bacula (main) ""Job not run" message after any attempt to run a job using bconsole" [Medium,Expired] https://launchpad.net/bugs/1004494
<undecim_> How can I verify that no files are missing from installed packages?
<mvp> undecim_ maybe apt-get check would do
<undecim_> mvp: I don't see anything in the man page that does what I'm looking for
<syria> hello, I can not restart the network interfaces! i have assigned multiple IP addresses http://paste.ubuntu.com/1120895/
<RoyK> morning
<RoyK> I wish there had been a way to do caching with SSD on linux, like there is on ZFS...
<Pupeno_W> When I run crontab -e, it opens it with nano, how do I change it to vim?
<Pupeno_W> found itâ¦ ~/.selected_editor :)
<melmoth> Pupeno_W, i was not aware of this file, usually i just set the EDITOR env variable
<Pupeno_W> melmoth: seems to be new, on ubuntu 12.04, when I run crontab -e, it asks me which editor I want, and then it configures the editor env variable in .selected_editor.
<koolhead11> Pupeno_W: thats how it works i suppose :P
<koolhead11> melmoth: hello btw :)
<melmoth> hola koolhead11
<koolhead11> melmoth: reading up on quantum
<melmoth> good luck
<melmoth> i played with it a bit, but not long enough to understand
<Daviey> Pupeno_W: no, that is 'sensible-editor'
<koolhead11> melmoth: and how far you reached?
<koolhead11> Daviey: hello sir
<melmoth> not far :) Just reading some doc, trying to play with it, realising i had no idea what i was doing
<melmoth> and then i had to go back to something else.
<koolhead11> melmoth: http://networkstatic.net/2012/05/openstack-essex-and-quantum-installation-using-openvswitch-from-scratch/#comments
<koolhead11> this might help
<melmoth> not on my radar anymore.
<freakynl> hi, having serious issues with raid performance on 12.04
<koolhead11> melmoth: what are you on these days :P
<melmoth> as yesterday, i cannot make a single host openstack install work.
<melmoth> s/single host/single_host mode/
<freakynl> this seems to be related to a kernel bug? quite amazed it's not solved yet... anyways, max_hw_sectors_kb is set to 127 which is, to say the least, a pretty inefficient number
<koolhead11> melmoth: lol. what was the issue. are yu on folsom
<freakynl> on all the disks below it, it's 512 (a nice binary multiple)
<Daviey> hey koolhead11
<melmoth> am on essex. I cannot reach floating ip for vms that are hosted on another node that the one running nova-network.
<freakynl> it's a 7 disk raid-5, so I assume 6*512 (the parity disk shouldn't be counted I presume) would be the optimal value
<freakynl> in any case, 127 is not a binary multiple and will thus always suck
<melmoth> iptables rules seems ok, but what i found funny is, the compute node receive the tcp connextion, but the source address is the kvm bridge, not the actualo box sending it.
<koolhead11> melmoth: you need to run nova-network and nova-api on same machine
<koolhead11> i have have others in distributed setup
<melmoth> already the case
<koolhead11> melmoth: It should be too easy :P
<lynxman> morning o/
<melmoth> hola lynxman
 * koolhead11 wonders if its really lynxman 
<lynxman> melmoth: bonjour :)
<lynxman> koolhead11: it's-a me
<melmoth> koolhead11, well, it s not, and i have no idea why the connexion appears to be coming from the kvm bridge ip and not the node ip itself.
<melmoth> wich i think, is the reason why the connexion cannot happen, as the packets comes back to another place it has been originated from.
<_ruben> freakynl: doesn't seem to be 12.04 specific, i see similar numbers on for instance mdadm volumes on 10.04
<koolhead11> melmoth: i smell some screwed network config
<koolhead11> lynxman: how is life man? seems like puppet is keeping you too busy
<melmoth> it s all just a kvm network. I try with both isolated and nated one.
<melmoth> i try with setting the compute nodes bridge in /Etc/network/interfaces, and letting nova deals with it.
<melmoth> sames beaviour
<freakynl> _ruben: I've seen reports on it happening since 2.6.38 iirc
<_ruben> freakynl: 10.04 is 2.6.32
<freakynl> _ruben: the shitty thing is, I can't set it higher than 127kb due to the restriction in max_hw_sectors_kb
<freakynl> _ruben: ouch... it's fixed in 3.3 from what I saw :)
<_ruben> freakynl: in that case i'd suggest you'd try to confirm that by testing with a mainline kernel build from the kernel team ppa
<obelus> I'm having authentication problems with samba server, the server works when I make the file owned by one user, but I want to be able to use the write list and read list syntax, however when I do that with the directory permissions at 0775, I get access denied, even though the user is in the write list.
<_ruben> obelus: i'm guesing the user will still need proper rights on dir/file level .. unless you do stuff like force user/group in samba
<obelus> Well, the idea is that I don't want every user on the server to have write permissions, I want a few to have write, and the others to have read... if I force user will it allow me to just use write list/read list?
<freakynl> _ruben: I can do that, but this is a production backup/iscsi server. Filing a bug now, will wait a couple of days to see if they respond
<obelus> _ruben: I've just set force user = nobody, force group = nogroup, and write list is working now.
<obelus> Thanks :)
<freakynl> _ruben: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1031260
<uvirtbot> Launchpad bug 1031260 in linux "RAID write performance is horrible. max_sectors_kb is set to the odd value of 127" [Undecided,New]
<freakynl> _ruben: I think you can click a link there that you're affected too, might speed up things :)
<lynxman> koolhead11: yeah, quite busy lately :)
<_ruben> freakynl: how about setting it to 64, as that's a "nice" number? might be worth a try
<koolhead11> lynxman: hehe. where are you these days?
<koolhead11> as in London or somewhere else
<_ruben> freakynl: how you liking lio btw? curently a scst user myself
<_ruben> stuff like vaai might make it rather interesting to make the switch
<lynxman> koolhead11: London still
<koolhead11> lynxman: cool. enjoying olympics? :)
<lynxman> koolhead11: well, they've been busier in another side of the city so far :)
<koolhead11> :)
<freakynl> _ruben: I did that, but since that's still way less than a stripe it doesn't increase performance at all (ideally, you'd write entire stripes, now it writes partially on 1 disk, reads the reads the rest and writes parity for N data disks every friggin' time. In our case that means it's load * 7 :/
<freakynl> _ruben: liking it so far, better than iet anyways. However, whilst I saw VAAI on the roadmap (free) quite some time ago it has vanished (can't find the page any more anyways and it was targeted for 3.3 or 3.4 back then... those are out...)
<freakynl> seems like they've reserved it for their paid version (it's beyond me why a party that wants to make profit of their modules got included in the kernel over scst...)
<freakynl> don't like the config tool tho', it didn't want to let me export the MD device. Had to hack rtslib to add the major numbers of the md devices to their list
<freakynl> I rather have tools giving me the ability to fuck up, than that it prevents me from doing things that should be possible. But I guess that's what you get when you allow a company that wants to sell their modules into the kernel
<freakynl> but I'm not the first that accuses it from being overzealous in protecting the admin (I don't think end-users will export volumes...). But alas, it's just the config tool. It seems to run way more stable than IET and it has lvl 2 error correction
<freakynl> iirc, iet has none :D
<koolhead11> Daviey: any idea whom to poke to get help in testing LXC with essex
<Daviey> koolhead11: what issue are you seeing?
<koolhead11> Daviey: no issue as of now http://wiki.openstack.org/LXC  is a doc
<koolhead11> and we have this too http://wiki.openstack.org/LXC
<koolhead11> so it appears bit confusing to me
<koolhead11> http://docs.openstack.org/essex/openstack-compute/admin/content/lxc.html
<koolhead11> i meant
<Daviey> koolhead11: probably best wait for zul
<koolhead11> Daviey: cool. i want to test KVM LXC Qemu everything on my single setup :P
<Daviey> koolhead11: super!
<adac> guys where is the binary for "source" located?
<adac> "which source" does give me no result
<Daviey> adac: 'source' command is a shell builtin
<Daviey> so, dash, bash, etc.
<adac> DavidLevin_, hmm I wanted to run it within an init.d script. Is this even possible?
<adac> Sorry Daviey
<Daviey> adac: yeah
<Daviey> adac: people tend to use "."
<adac> Daviey, hmm but how? when I do "source PATH" then i do get: "source: not found"
<Daviey> adac: So, ". ~/.bashrc" ~= "source ~/.bashrc"
<adac> Daviey, "." seems to work
<Daviey> adac: source is a bashism, "." is portable
<adac> Daviey, well now another python binary should be used since the source has been set. but still the old one is running
<adac> Daviey, oh I see
 * Daviey gets back to stuff
<adac> Daviey, thank you for your help!
<AdvoWork> Hi there, got massive problems :s ive got xen vm's and have ubuntu server 12.04 lts installed one one of them, just done sudo apt-get update then upgrade, took a few mins(ok) then asked for a reboot(i did) it rebooted, i can ping it, but I cant ssh to it, I can't get to the websites on it either. Any ideas please?
<koolhead11> Daviey: seems like some shit has happned. it has to do with networking. will  try it again :)
<mattt> AdvoWork: do you have access to dom0?
<mattt> if so, connect to the console and see what's going on :)
<AdvoWork> mattt, i can do xm console myvm but its stopped displaying anything: http://pastebin.com/rnSUQtSV
<AdvoWork> it doesn't generate anything past that last line
<mattt> AdvoWork: were you ever able to console on that instance?
<mattt> (and by console, i mean a login prompt)
<AdvoWork> mattt, i only ever ssh'd into it really
<AdvoWork> the thing is, its came back up now, i dunno if one of our ext support guys has done something or just it took time :S
<AdvoWork> i doubt time to be fair
<mattt> AdvoWork: odd, well sorry i couldn't be more helpful :)
<mi3> hello
<mi3> hey guys one of my friends has around 200 pc's and he would like to deploy ubuntu on those machines in one go, they are all connected in a lan, and have identical configuration, any suggestions will be helpful, thank you.
<mi3> anyone ?
<_ruben> freakynl: the config tool (targetcli i think?) seems a tad nasty indeed. guess i'll be sticking with scst for now then. iet i didn't like much either
<koolhead11> mi3: did you do any research before asking the same?
<mi3> yeah, unsuccessfully.
<_ruben> freakynl: and indeed, vaai is enterprise only, bah
<mi3> issa: http://serverfault.com/questions/192719/best-way-to-deploy-ubuntu-onto-100s-of-laptops
<mi3> issa: http://fai-project.org/
<mi3> issa: piece of advice, dont go for mint, use ubuntu instead, they give you 5 year LTS.
<mi3> :D
<mi3> koolhead11: issa needs help :D
<issa> mi3: thanks for the advice
<mi3> issa: no problem.
<_ruben> freakynl: also sucks that the enterprise edition doesn't have any pricing listed on the website. they're probably ashamed of how high the prices are :p
<zul> good morning
<lotia> hi all. how do i get the non-headless version of openjdk-7-jre installed on a server?
<lotia> this is a 12.04 server spawned off the standard image available on ec2
<freakynl> _ruben: the config tool is odd compared to other stuff yea, but I haven't seen the big picture. The enterprise version is rtsadmin (go figure :)) and is supposedly able to manage a lot of machines from 1 console/server
<_ruben> freakynl: ah
<freakynl> it's also immature (targetcli that is, haven't seen rtsadmin). As in if I export a device through fileio with buffering enabled, the targetcli will just show an exported device, it doesn't say whether buffering is enabled or not
<_ruben> freakynl: i like scst's approach: simple config with with a perl based cli tool that can read/write/verify the config file
<_ruben> hehe
<freakynl> yea I much rather had scst in the mainline kernel than lio... it replaces a lot more of the scsi stuff and enables virtual tape libraries and other stuff. Overkill for most but very nice to build your own storage solutions
<mobile> list
<Disconnect> so I haven't had a change to look at ubuntu cloud in the past couple years (last time I looked it routed all traffic through 1 server..) is it reasonably performant now? we're in a crisis and I can either build my own or (preferably) throw a reasonable upstream-supported solution together
<Disconnect> for starters it'll just be vms (with lots of heavy network IO but very little disk) hosted on an existing iscsi cluster. eventually it might get more cpu/memory intensive with new vms
<zul> jamespage: whats the url for the bug tracking that you showed me yesterday
<AdvoWork> Just booted my machine up (ubuntu server 12.04) and it says:  pyGRUB  version 0.6  an gives 2 options to select Ubuntu 10.04 LTS and Ubuntu 10.04 LTS (Single-User)   whats going on with that, why isn't it 12.04?
<patdk-wk> advowork, that is a xen thing
<patdk-wk> and that would be cause the xen loader is looking at grub 1 config, instead of the grub2 config 12.04 installs
<patdk-wk> most likely
<AdvoWork> patdk-lap, how would i swap where it slooking?
<patdk-wk> that is easy, but then it wouldn't work
<patdk-wk> grub2 uses a totally different config file format
<patdk-wk> hopefully you can locate a pygrub upgrade
<AdvoWork> oh, what can I do then? this was a totally fresh install of Ubuntu, and then an upgrade
<patdk-wk> ubuntu isn't the issue
<patdk-wk> it's what is outside of it, that is
<patdk-wk> your xen host
<AdvoWork> so whats up with the xen host, its a probelm for this specific VM, or all of them?
<patdk-wk> it will be a problem for all that don't use grub1
<AdvoWork> how can i tell if a VM is using grub1?
<Disconnect> christ. 10 node minimum for cloud? any way to get started with 2 nodes? (I've got 6 more in the building but they aren't released from inventory yet. and thats still only 8.) or is there a better channel for this?
<xnox> Disconnect: you can start with one if you want.
<xnox> jamespage: Disconnect ^^^ is deploying own cloud, anyone can help out?
<Disconnect> xnox: thanks :) i'm looknig at https://help.ubuntu.com/community/UbuntuCloudInfrastructure which seems to say there is a live image for single node, but I can't find info on whether that is expandable to a "real" cloud as I get the other servers.
 * Disconnect has 1 node now, 2 nodes once I have a vm migrated to it (its on the other node right now) and 6 downstairs waiting for inventory tags
<Disconnect> damn. "Cannot join #ubuntu-cloud (Channel is invite only)."
<xnox> Disconnect: you do want "Ubuntu Cloud Infrastructure with MAAS and Juju"
<xnox> minimum 10 nodes, as in it doesn't make sense to do that unless you will be adding more nodes now or later.
<Disconnect> and I want to apologize straight off, I'm sure 99% of what I will ask is online somewhere, but I've got 100 scientists sitting waiting for a solution (they don't care what) so I want to knock out the biggest show-stopper questions now before I start the deeper evaluation/installation/etc.
<xnox> public cloud?!
<Disconnect> ah ok. I think in theory we'll hit 8-10 total. not quite identical but they are all vm capable, etc.
<Disconnect> xnox: private. @ a .gov. just had a really really terrible storage system eat itself again, this time beyond repair
<xnox> MAAS is basically pxe boot + magic sauce. and then you will get a $ juju add-node to add those to the existing cloud i believe
<zul> jdstrand: ping your nova bug is on quantal right?
<jdstrand> zul: all the stuff I filed within the last few days is quantal, yes
<Disconnect> the short term is to get openfiler running on a redundant cloud (using shared storage, no drbd mess) using those servers. the long term is that we are mandated to go to vms and such, and ubuntu priv cloud seems like the direction to take things..
<zul> jdstrand: ok cool
<zul> jdstrand: im just going through them and fixing them up now, django-compressor should be in the archive real soon and there will be a MIR coming for it
<uvirtbot> New bug: #1031359 in cinder (universe) "[MIR] cinder" [Undecided,New] https://launchpad.net/bugs/1031359
<Disconnect> the good news is they bought beefy storage servers just before I got here. they didn't get them set up (fortunately, since I saw how they did the last set. hacked up rhel/centos blend with heartbeat and nfs, fencing each other every day or 2)
<jdstrand> zul: thanks-- I have a todo to attend to django-compressor
<zul> jdstrand: cool beans
<Disconnect> does openstack do any sort of automatic failover? (rebooting the vms is ok, so long as its automatic)
<Disconnect> crap. this might be a moot point. http://wiki.openstack.org/IscsiBlueprint says iscsi for backend storage isn't supported
<zul> Disconnect: no you will have to setup the failover stuff yourself
<xnox> Disconnect: openstack + libvirt -> iscsi is fine
<Disconnect> ok. so I can stick the vms on iscsi. thats good. and i can set up heartbeat if I can shove the vm configs into an iscsi drive. looks like its time to start building.
<Righton> hey guys, ive installed the latest version of ubuntu server, i have a problem with my dns server, adding it to /etc/resolv.conf doesnt work, it says at the top that "anything i write here manually will be overwritten" ..
<Righton> so where do i add the dns server then?
<_ruben> Righton: /etc/network/interfaces .. dns-nameserver a.b.c.d
<Righton> _ruben, is that new in 12.04?
<Righton> i just tried that anyway and i still cannot resolve any hostnames
<tgm4883> adding it there, will just make it populate /etc/resolv.conf I think
<_ruben> you'll need to down/up the respective interface for it to populate /etc/resolv.conf
<_ruben> or you could update the latter manualy for the time beign
<Righton> i did try out both, restarted the network interface and  i still cannot ping/resolve any hostnames for some reason
<tgm4883> Righton, did it populate resolv.conf with your DNS servers?
<tgm4883> _ruben, is it dns-namserver or dns-nameservers
<tgm4883> Righton, seems it should be dns-nameservers a.b.c.d according to http://manpages.ubuntu.com/manpages/lucid/man8/resolvconf.8.html
<_ruben> Righton: what does `dig www.google.com` show?
<Righton> right, now t does!
<Righton> it is dns-nameserverS with an S at the end
<Righton> thansk guys =)
<tgm4883> yw
<jMCg> Where can I rant about how horrible some ubuntu packages are in a constructive manner?
<Righton> just one question though, is this new in 12.04?
<Righton> cuz i dont remember doing it that way with older versions
<tgm4883> Righton, by default, yes
<Righton> i see
<tgm4883> jMCg, is it something the ubuntu-server team can fix?
<jMCg> tgm4883: I was just wondering, aloud, what the appropriate channel would be. It's about tomcat7 and tomcat7 not being installable side-by-side.
<tgm4883> tomcat7 and tomcat7?
<tgm4883> isn't that the same thing?
<Disconnect> jMCg: launchpad bugs
<jMCg> tgm4883: typo. 6 and 7.
<tgm4883> jMCg, I agree with Disconnect file a bug on LP
<_ruben> jMCg: #ubuntu-server / #ubuntu-motu / #ubuntu-devel / etc depending on the nature of the package, see the maintainer directive in the source packages
<jMCg> *nod*
<_ruben> and ofcourse bug filing indeed :)
<Disconnect> after they reject the bug, then come here and start yelling :)
<jMCg> Yeah, but I can't *rant* in bug report, that'd be unproductive and very unconductive to the bug's solution :D
<Disconnect> you can after its definitively rejected
<Disconnect> there is nothing good about ubuntu's tomcat management, really.
 * Disconnect doesn't miss it. Last job was 300 vms, ubuntu-server running tomcat.
<jMCg> Disconnect: how did you manage it?
<Disconnect> lots of kvm+libvirt, lots of puppet, lots of cussing. and the devs just bundled basically everything into the deployment.
<Disconnect> the only thing worse was the ruby "gems"-that-aren't-gems
<jMCg> ?
<jMCg> I think your devs need some serious talking to.
<Disconnect> no. the way ubuntu handles ruby libraries is beyond brain damaged.
<jMCg> Oh, yeah. That's true.
<Disconnect> in perl, for example, a packaged cpan module can be installed from the package and used as if cpan had installed it. in ubuntu, a packaged gem cannot.
<Disconnect> damnit. think I broke my bonding config. bbiab.
<jMCg> I install rvm and go with that, because, no.â¦ No Because, it's just ARGH
<jMCg> Disconnect: might also wanna look into fpm
<xnox> jMCg: rbenv is so much better though!
<jMCg> rbenv? Better than rvm? Haven't seen that yet, or needed to look into it because rvm just works so well for me.
<xnox> jMCg: rvm polutes shell environment. Just type $ env and see how much stuff you have there
<xnox> and rvm is shell functions which break certain things.
<xnox> rbenv is lightlight and is simply $PATH and that's it.
<jMCg> xnox: like sudo, which is why you need rvmsudo?
<xnox> exactly.
<xnox> with rvenv sudo just works the way it always does.
<xnox> rvm has negative shell start up performance
<xnox> rvenv is faster =)
<jMCg> negative?
<jMCg> has a negative impact on shell start-up, but I don't think there is such a thing as negative time. At least I haven't seen it proven yet.
<xnox> jMCg: https://github.com/sstephenson/rbenv
<xnox> jMCg: as in it negatively affects the start up time, i.e. huge increase (3-4 seconds)
<Disconnect> i'm not a fan of ruby in general ("lets throw away decades of knowledge about how to manage systems, environments, etc and put the developers in charge of reinventing it!" .. they're literally making all the same mistakes over again. it'd be fun to map perl milestones (cpan, packages, etc) to ruby and see how soon it won't totally suck
<jMCg> :-\
<jMCg> One of these days gems will stop sucking, I'm sure of that.
<Disconnect> its like slackware+cpan all over again. (or solaris+cpan)
<jMCg> Solaris is dead (to me) I hope the Illumos folks are doing that one better.
<jMCg> Disconnect: never used slackware/cpan
<jMCg> On Solaris (10) I wasn't able to use it, because all of our servers where behind firewalls with no access to the internet, no compilers or libraries installed, etcâ¦ Can I get this CPAN package installed - NO!
<Disconnect> basically the old days of "download compile install" where upgrading was best done by starting with a new box (since there is almost no installation tracking). cpan made it a little better, and *nix eventually got useful packages beyond core system stuff, but..
 * Disconnect had almost 300 identical servers (well, sets of servers. obviously memcache vms aren't identical to tomcat..) by avoiding crap like that
<jMCg> This reminds me: https://twitter.com/hirojin/status/230118763444465664
<jMCg> I "updated" my FreeBSD VM yesternight.
<Disconnect> yah. exactly.. at least ports do installation tracking, of sorts.
<jMCg> of sorts.
<Disconnect> there used to be a tool to let you install apps to /usr/local/appname/ (/bin /etc /sbin etc) that managed symlinks. thats how bad it was. and ruby still is..
<xnox> Disconnect: GNU stow
<Disconnect> thats the one!
<jMCg> Ah, right! I remember that one, I didn't use it when I built my LFS, back in the day.
<jMCg> I used NetBSD's pkgsrc
<jMCg> https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1031395 << should I open the same thing in tomcat6? Or should I have opened this bug in libtomcat7-java in the first place?
<uvirtbot> Launchpad bug 1031395 in tomcat7 "tomcat6 and tomcat7 are not installable side-by-side" [Undecided,New]
<uvirtbot> New bug: #1031395 in tomcat7 (main) "tomcat6 and tomcat7 are not installable side-by-side" [Undecided,New] https://launchpad.net/bugs/1031395
<skrite> hey all, looking for some advice for mysql-cluster and how to know how many nodes i need to set up? anyone have a good tutorial or advice?
<obelus> Anyone here able to help with trying to re-route incoming requests from a specific IP range to port 443 to go to port 22 instead? I'm using ufw at the moment.
<r3dLunchb0x> I am looking for some direction on setting up sendmail to send mail out from my 11.04 server. I have 5 total, one of which already can send email.
<jMCg> r3dLunchb0x: why sendmail?
<r3dLunchb0x> jMCg: it is what i'm used to, but if postfix is just as easily setup that would work too. I am running into disk space issues and need to set up alerting...
<jMCg> And instead of sending snmp traps, you're putting *more* stuff on your machine, stuff that keeps queues, and produces big logs.
<r3dLunchb0x> jMCg: I have nagios installed, but just the basics. still need to send alerts.
<jMCg> I'm confused, doesn't nagios notify a central server of such things, which can then do the alerting for you, or am I crack?
<r3dLunchb0x> jMCg: I believe you're right. I'll check into getting nagios alerting turned on. The nagios master is running on the server that has mail capabilities.
<r3dLunchb0x> next I need some help with settings for openfile handlers on the servers. any one got a good guide on this? I know how to set it up on redhat enterprise...ubuntu server is waaaaay different lol
<azop> Did oem-config-server ever make it out of the dream state? (https://wiki.ubuntu.com/OemConfigServer)
<jMCg> r3dLunchb0x: what *is* openfile handlers?
<r3dLunchb0x> it is a limit/setting for the amount of open files a process or shell or tcp connection is allowed to open. Also there is a base setting for when the OS starts. if it is too low, after running say a big java program it'll "crash" with Broken Pipe errors. increase the amount of open file handlers and things go more smoothly.
<r3dLunchb0x> right now I have about 5 HP proliant servers running ubuntu server 11.04 with open file handlers set to 1024, for about 30 developers whose shells get stopped by this very error.
<jMCg> r3dLunchb0x: it would appear you're looking for /etc/pamd.limits.conf -- that's same on RHEL, innit?
<ssmy> anyone have any experience getting bridged networking to work with kvm/libvirt?
<jMCg> ssmy: most people in #virt (on oftc) do.
<ssmy> jMCg: thanks, I'll try there
<r3dLunchb0x> jMCg: not really looking to "limit" the devs, more like open it up. lol
<jMCg> r3dLunchb0x: same/same, really.
<r3dLunchb0x> jMCg: now to just track opening that up is actually proving my point that it will go smoother. ;-)
<Disconnect> is https://wiki.ubuntu.com/ServerTeam/MAAS/AvahiBoot expected to actually work? it insists on a working ubuntu mirror
<roaksoax> adam_g: http://pastebin.ubuntu.com/1121750/
<roaksoax> adam_g: the nova-compute stuff is the correct one right?
<Disconnect> damn. booting the ub cd (even after its listed as 'commissioning') results in immediate shutdown. what a mess.
<RoyK> Disconnect: what hardware?
<Disconnect> virtual. trying to get private cloud stuff working. the maas server is working and shows the 2 nodes as commissioning, but no matter waht i try (booting the usb image, booting the server cd, etc) it fails in some or another spectacular way
<Disconnect> the avahi usb image fails because its trying to use precise and - for whatever reason - can't find it on archive.ubuntu.com (I checked, its there..) and the server cd works up to where it contacts the maas server, then it shuts down.
<Disconnect> hmm. if anyone is doing wiki editing on the maas pages, it'd sure be nice if those screenshots were zoomable. at least far enough to read what the node status should be (commissioning, done, on fire, etc)
<Disconnect> hmm. i think i see whats going on. the next step is to leave them off and get juju going.
<Disconnect> nope. same problems with the usb key
<Disconnect> oooh. so close. the commandline assumes a dhcp server. ok i think i can fix this. yay. ish.
<jamespage> bug 1028453
<uvirtbot> Launchpad bug 1028453 in ubuntu-meta "Quantal Ubuntu Server minimal install oversized" [High,Confirmed] https://launchpad.net/bugs/1028453
<jamespage> smoser, Daviey: ^^ gonna fix this?
<Daviey> jamespage: good question
<Daviey> jamespage: and a good place to discuss it :)
<jamespage> Daviey, shall I make the case for dropping then?
<Daviey> jamespage: I'm not sure it /can/ be fixed, it's just kernel bloat now?
<jamespage> Daviey, I think that is the key difference
<jamespage> and now its just the module set
<jamespage> the -virtual kernel still gets used in cloud images....
<jamespage> so we should not drop it but I think we should consider dropping the minimal virtual install from the ISO
<Daviey> jamespage: I'd support that
<Daviey> I suspect it's not used, and if i am honest.. i'd rather not encourage it.. cloud images should be used instead
<vychune> i need a walk through for a ubuntu server install any takers?
<jamespage> Daviey, agreed
<halvors> Anyone knows about a DC++ hub in the Ubuntu repositories?
<vychune> i need a walk through for a ubuntu server install any takers?
<Pici> !guide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/12.04/serverguide/C/
<vychune> thank you much
<ssmy> halvors: I don't think there are any DC++ hubs in the repos anymore. I used to run opendchub, but it's gone in 12.04 as well. So I just don't bother anymore.
<ssmy> jMCg: just a thanks for the #virt recommendation. They were able to help me solve my problem
<jMCg> ssmy: I know, and they're mostly nice too!
<ninjai> i typed init 6, init 0, shutdown, and even pressed the power button.  I get messages saying the system is going down for reboot or shutdown, but nothing happens.... how can I tell it I want to reboot it without hitting the reset button?
<jMCg> ninjai: why is it hanging?
<ninjai> no idea
<ninjai> it acts as if nothing has happened
<ninjai> i can still use the machine as normal..
<jMCg> ninjai: dmesg? /var/log/syslog? Why is it not shutting down? Something must be preventing it from doing that.
<halvors> ssmy: Is there any unoffcial opendchub ppas?
<ninjai> dmesg http://pastebin.com/qAjYrXNe
<ninjai> syslog: http://pastebin.com/BzkUq7sk
<ninjai> I think I have to press the button :(
<ninjai> reboot and its happy.  Weird.
<vychune> can someone tell me how to remove LVM.
<vychune> i messed up on a raid install
<LordOfTime> SpamapS: alive?
<LordOfTime> or anyone else on the server team or anyone who can answer an SRU related thing (regarding php5)
<vychune> can someone tell me how to remove LVM?
<SpamapS> LordOfTime: sure whats up?
<LordOfTime> SpamapS: can we get https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1014044 SRU'd for Precise?  this is a significant regression, and causes issues with nginx and other web servers with php5-fpm
<uvirtbot> Launchpad bug 1014044 in php5 "PHP5-FPM not reporting errors to web server (nginx)" [Medium,Fix released]
<LordOfTime> a fix was included in 5.4.x in Debian
<LordOfTime> which was synced to Quantal
<LordOfTime> but not in Precise
<LordOfTime> there *is* a 5.3.x patch
<LordOfTime> on the PHP main site
<LordOfTime> i can't dget the package just yet, to test if the patch applies
<LordOfTime> and it'd be ubuntu-only changes since it was fixed upstream
<SpamapS> LordOfTime: it would go more smoothly if you attached a debdiff to that bug.. ;)
<LordOfTime> SpamapS: indeed,but as I said i can't dget from here
<SpamapS> LordOfTime: and if you added the necessary info as per https://wiki.ubuntu.com/StableReleaseUpdates
<LordOfTime> can we at least get the SRU process started, pending the debdiff upload?
<LordOfTime> i'll do that shortly, i'll just need someone who can nominate against Precise (apparently bugcontrol can't set that, and lp times out when i try to)
<SpamapS> LordOfTime: I've accepted it for precise.. just neesd  a Test Case / Regression Potential added to the top of the description
<SpamapS> LordOfTime: if you could attach the patch to the bug that would be great as then somebody could at least package up the fix for precise
<LordOfTime> SpamapS: i plan to do that anyways
<LordOfTime> one thing at a time, at work i've only got iexplore
<LordOfTime> which is a piece of **********
<LordOfTime> it lags like crazy :/
<LordOfTime> SpamapS: i fully anticipate generating the deb diffs myself anyways :P
 * LordOfTime is trying to get his name on more debdiffs xD
<vychune> can someone please tell me how to remove LVM?
<vychune> i need help urgently
<SpamapS> LordOfTime: good plan. :) rememebr tos ubscribe sponsors
<SpamapS> vychune: remove it in what way?
<LordOfTime> SpamapS: not the first SRU i've done :P
<LordOfTime> that, and i've had to deal with security bugs, they're even more difficultish xD
<vychune> i need to partition the drive i installed it without doing RAID first
<vychune> i cant do raid with it it on there
<LordOfTime> SpamapS: the only reason i am getting this SRU'd is because (1) its a significant functionality failure, and (2) even though its not a bug against nginx, its a highly blocking bug for running PHP programs.  And apparently, the verison in Oneiric is unaffected, so it is a very specific regression.
<vychune> any help will be appreciated SpamapS
<SpamapS> LordOfTime: your time is very much appreciated. If you can get it done this week it will be included in 12.04.1
<LordOfTime> SpamapS: its marked as Triaged, but can I assign it to me and set it as In Progress?  I fully plan to have this fixed by 00:00 UTC-4
<SpamapS> LordOfTime: yes do that
<LordOfTime> done, i'll have this fixed by the end of the day
<LordOfTime> assumign nothing horrible, such as Comcast going "ZOMGWTHBOOM" again
<LordOfTime> , happens
<LordOfTime> BAH, evil keyboard is evil.
<LordOfTime> SpamapS: when i generate the debdiff, the changelog entry... should it point to precise-updates, or precise-proposed?
 * LordOfTime ran into this issue previously
 * LordOfTime plans on testing within a PPA or a local repository separately, targetted to 'precise' for testing purposes only
<LordOfTime> (I ran into this with a security bug, they wanted me to target it to a specific repo with the debdiff)
<Disconnect> damnit. 3 hours arguing with squid-deb-proxy.
<Disconnect> well, with what turned out to be squid-deb-proxy anyway
<vychune> SpamapS: any suggestions?
<SpamapS> LordOfTime: precise-proposed
<SpamapS> vychune: I am not sure I understand what you're saying
<SpamapS> vychune: you have a drive, not your root partition, which has RAID+LVM ?
<vychune> i have a raid 1 with two drive and both drives got used for LVM somehow
<SpamapS> vychune: probably old partition tables
<SpamapS> vychune: can you lose all of the data?
<vychune> yes there is no data
<vychune> gudie me sensei lol
<vychune> guide*
<SpamapS> vychune: so I would make sure its all unmounted..
<SpamapS> vychune: and stop the RAID1
<SpamapS> vychune: then 'pvs' to see the "physical volumes" that lvm thinks it has
<vychune> how do i stop it?
<SpamapS> vychune: then for each of those "pvremove /dev/..."
<LordOfTime> SpamapS: when's 12.04.1 releasing?
<SpamapS> vychune: I forget, I don't have any mdadm boxes to look
<LordOfTime> so i know the absolute latest i need to get the debdiff in by
<SpamapS> LordOfTime: August twenty-something
<SpamapS> LordOfTime: August 9 you need to have it in proposed so it can make it to -updates
<LordOfTime> oh so i have to get this in by Friday for consideration/inclusion
<LordOfTime> i'll have it done by sooner!
<vychune> wait im on the cd system in recue mode
<vychune> rescue
<SpamapS> LordOfTime: 9 is the absolute drop dead time.. get it in way sooner
<azop> Did oem-config-server ever make it out of the dream state? (https://wiki.ubuntu.com/OemConfigServer)
<SpamapS> vychune: anyway, pvremove all those physical volumes. Then 'fdisk /dev/...' and make sure the partition table is clear or has only one thing (RAID1 as the whole disk)
<LordOfTime> SpamapS: you mean like at the earliest 5 hours from now?  :P
<LordOfTime> pfft, this is an easy thing to apply
<LordOfTime> afaict at least
<LordOfTime> (lets hope its not like one of the patches for an nginx cve a while back, that actually had to be redone manually)
<LordOfTime> s/redone/recreated/
<LordOfTime> (I should know, i was the one who created the debdiffs)
<vychune> SpamapS: "Device contain neither a vaild DOS partions table, nor Sun......."
<vychune> s/partion/partition
<LordOfTime> SpamapS: while i'm digging in the package anyways, want me to gen the debdiff for this too?  https://bugs.launchpad.net/ubuntu/precise/+source/php5/+bug/1006738
<uvirtbot> Launchpad bug 1006738 in php5 "php5-fpm segfaults with error 4 in libc-2.15.so" [High,Triaged]
<LordOfTime> or should i wait until the other debdiff i'm working on is accepted
<SpamapS> vychune: ok. Then you should just be able to re-create the RAID1 and lvm should not return.
<vychune> ok trying it now
<vychune> thanks in advance
<vychune> SpamapS: WORKED
<vychune> thank you kindly
<Disconnect> anyone know the console login of one of the maas nodes?
<SpamapS> vychune: np
<SpamapS> Disconnect: "one of the maas nodes" ?
<Disconnect> the same mess I've been arguing with all day: https://help.ubuntu.com/community/UbuntuCloudInfrastructure
<Disconnect> it "conveniently" cobblers it. which would be good, if it didn't require assigning it to some random ip in the dhcp pool. i think i may have to start over with the nodes now that i've got other issues straightened out, but i'm not sure and i was hoping to get access to one of tehse things to figure it out
<LordOfTime> SpamapS: repoke.  doyou want me to generate the debdiff for LP Bug 1006738 as well, separately?
<uvirtbot> Launchpad bug 1006738 in php5 "php5-fpm segfaults with error 4 in libc-2.15.so" [High,Triaged] https://launchpad.net/bugs/1006738
 * LordOfTime never got an answer due to lagspike
<uvirtbot> New bug: #1005298 in maas "warning: kernel option length exceeds 255  during maas-import-isos (dup-of: 1003460)" [Low,Confirmed] https://launchpad.net/bugs/1005298
<SpamapS> LordOfTime: afk for a bit. It would be good to group those together .. I think
<LordOfTime> SpamapS: i'll first make sure they apply, then i'll combine :P
<vychune> SpamapS: the server is seeing the two drives as one device. why?
<vychune> i thought RAID was two devs?
<LordOfTime> SpamapS: i'm tempted to not fix the bug for Quantal if its already in upstream.  I did assign myself for the Precise SRU though.  just would like you to confirm this was applied upstream (LP Bug 1006738)
<uvirtbot> Launchpad bug 1006738 in php5 "php5-fpm segfaults with error 4 in libc-2.15.so" [High,Triaged] https://launchpad.net/bugs/1006738
<LordOfTime> might want to sync that in if its already fixed upstream
<vychune> LordOfTime: do you know what i can do on this problem?
<LordOfTime> vychune: unfortunately not, if i did i'd have given help.
<vychune> of course lol i'm just flustered
<LordOfTime> i'm here right now to stab SpamapS, because of bugs related to php5, and getting them updated and fixed in precise by the Stable Release Updates process
<LordOfTime> understandable
<vychune> being a student in this field is hard enough lol
<vychune> real world hits a knocks the wind out of my sails and everything goes nuts
<SpamapS> vychune: should be one device, /dev/mdX
<SpamapS> vychune: that is a RAID device
<vychune> s/a/and
<vychune> oh
<LordOfTime> vychune: hey, being a student in IT Security is worse :P  you have to sift through $arbitrarysize of data and identify whether someone's leaking personally identifiable info and stuff
<LordOfTime> just as part of a *test*
<LordOfTime> :P
<vychune> jesus
<LordOfTime> that, and a bunch of other things
 * LordOfTime returns to sifting through bugs.
<vychune> i see lol
<vychune> SpamapS: i dont know what im doing wrongf'
<vychune> wrong
<Disconnect> ok. i clearly should have done more reading. someone sanity-check me - if i get ubuntu private cloud (maas+juju) working, I can deploy charms. charms are effectively ubuntu apps, and there are no charms for (for example) deploying a centos VM.. is that right?
<nathwill> disconnect, true dat
<Disconnect> ok. so its basically useless to me. damn :( can anyone recommend a vm-based cloud system for ubuntu?
 * Disconnect isn't going down the manual-virsh road again
 * bellsouth * epic4 * epic5 * ircii
<bellsouth> ukpl;@werld
<bellsouth> * epic4  * epic5  * ircii !
 * bellsouth ,
<nathwill> disconnect, i'm thinking openstack? if you want a platform for provisioning vms
<bellsouth> on 1:TEXT:*:#: { commands } on 1:TEXT:!trigger *:#: { commands }
<bellsouth> ;D
<Disconnect> i thought ubuntu virtual could was based on openstack
 * bellsouth on *:DEOP:#:{ ;check if we are being deopped if ($opnick == $me) { ;requesting op msg BOTNICK op $chan ;kick the person that deopped you kick $chan $nick Don't deop me!     } }!
<bellsouth> http://kthx.net/ftb/bbCodeHelp.php
<bellsouth>  4ÃÃ 4 70p1(	[70p1( n4m3=70P1(_N4M3] 4ÃÃ 4 Ær4m3	[Ær4m3 n4m3=ÆR4M3_N4M3] 4ÃÃ 4 Â£1n|{	[Â£1n|{=Â£1N|{]73X7[/Â£1n|{] 0r [Â£1n|{]73X7[/Â£1n|{] 174Â£1( 73x7	[1]73X7[/1] ÂµnÃ3rÂ£1n3 73x7	[Âµ]73X7[/Âµ] B0Â£Ã 73x7	[b]73X7[/b] 1nÂ£1n3 (0mm4nÃ	[(]73X7[/(] m1R( (0Ã3	[(0Ã3](0Ã3_H3R3[/(0Ã3]
 * bellsouth ],uk[
<bellsouth> ukpe43lo9c!
 * bellsouth ],leolkic9![
<bellsouth> b3||$0uth
<nathwill> !ops
<ubottu> Help! Channel emergency! soren, lamont, mathiaz, Pici, Daviey, Tm_T or pmatulis
<bellsouth> D&d G@m3 = |!nk
<jMCg> O_o
<nathwill> bastid
<soren> Aw, too late.
<nathwill> close though!
<Daviey> :((
<vychune> gotta love that ops command
 * genii-around makes sure IdleOne gets a reward cookie
 * IdleOne eats cookie promptly
<IdleOne> genii-around is known for taking back cookies
<vychune> a server hosting a website needs DNS and mail, right?
<nathwill> vychune: meh, not necessarily
<ScottK> You need to be able to resolved DNS, not serve it.
<ScottK> resolve
<vychune> ohhhhhhh
<vychune> so the mail can go somewhere else?
<ScottK> Generally.
<nathwill> well... why does a server hosting a website even need to resolve dns? the only thing a web server has to do is translate an http request into a document and serve it...
<ScottK> Good point.
<ScottK> There may be off site resources it needs to resolve perhaps, but I guess it's not inevitable.
<vychune> so the domain host will do the DNS thing?
<vychune> and mail?
<ScottK> Could be on any server.
<nathwill> yeah... most domain reg services come with basic dns management (a, cname, mx), but not actual mail service as in receiving and storing mail
<nathwill> though many offer that as an addon
<nathwill> at least i assume the reg is who you're talking about when you say "domain host":
<vychune> right
<vychune> registar lol
<wrapids>  My linode has been behaving very strangely. I've installed gitlab recently and mysql is occasionally crashing and I'm finding nothing but empty logs. A moment ago I could not access the server by any means, simply timing out. I issued a reboot from the linode dashboard and it took it about 20 minutes to shut it down. I tried connecting via the ajax ssh console and was given an out of memory error. Any ideas on what's going on?
<wizonesolutions> How do I run KVM VMs headless?
<Disconnect> wizonesolutions: check out libvirt/virsh
<wizonesolutions> when I run them with curses they still occupy a terminal
<wizonesolutions> with the kvm command
<Disconnect> nathwill: looks like there is a charm for openstack. so lets see if i can put some of today's adventure to good use
<wizonesolutions> Disconnect: k. I was following the tips at https://help.ubuntu.com/community/UEC/Images#Ubuntu_Cloud_Guest_images_on_Local_Hypervisor_Natty_onward to get started, but it doesn't start them headless.
<wizonesolutions> any links that are good to start with?
<wizonesolutions> 12.04
<Disconnect> https://help.ubuntu.com/12.04/serverguide/libvirt.html
<wizonesolutions> and I still have to figure out how to get the guests Internet access...getting my head around how it all works, I guess (used to VirtualBox)
<Disconnect> and virt-manager is a decent GUI front-end (lower on that page)
<wizonesolutions> Disconnect: In that case I've been told have to use X over SSH forwading yeah? Is it worth the trouble?
<Disconnect> not necessary
<wizonesolutions> Disconnect: which is not necessary? using virt-manager or forwarding X?
<Disconnect> forwarding x.
<Disconnect> this ssh thing is pissing me off. does anyone know what the default password for a maas-installed node is? 'juju status' is telling me invalid ssh key, adn I can't get logged in to see why
<ssmy> wizonesolutions: forwarding is not necessary. If you need to use the gui, it sets up a vnc connection accessible via virt-manager
<wizonesolutions> Disconnect: Is it passw0rd like the Ubuntu cloud images?
<Disconnect> damnit. that'd do it. authorized_keys are empty.
<wizonesolutions> ssmy: ah, ok. thanks.
<Disconnect> wizonesolutions: hmm. might be. i just bounced it into single user
<wizonesolutions> Disconnect: that works too, heh.
<Disconnect> is there any good reason to work with ubuntu private cloud (maas+juju) if I'm actually just in need of openstack? does it provide any sort of gain or should Ij ust blow it away and fire up openstack?
<r3dLunchb0x> MOTD, how to change it and personalize it per user who logs in?
<TheLordOfTime> SpamapS:  and again i poke thee.
<SpamapS> TheLordOfTime: Just back from lunch. Whatsup ?
<SpamapS> r3dLunchb0x: per-user stuff should probably go in /etc/profile.d
<r3dLunchb0x> SpamapS: cool. will check it out.
<r3dLunchb0x> the only thing in that directory is bash_completion.sh
<r3dLunchb0x> can I just add a new script and it get run everytime a user logs in?
<SpamapS> r3dLunchb0x: yes
<r3dLunchb0x> SpamapS: coolio, thanks appreciate it
<TheLordOfTime> SpamapS:  do you want me to merge the two SRU-worthy items into the same debdiff, and upload for both bugs (LP Bug 1014044 and LP Bug 1006738)?
<uvirtbot> Launchpad bug 1014044 in php5 "PHP5-FPM not reporting errors to web server (nginx)" [Medium,In progress] https://launchpad.net/bugs/1014044
<uvirtbot> Launchpad bug 1006738 in php5 "php5-fpm segfaults with error 4 in libc-2.15.so" [High,In progress] https://launchpad.net/bugs/1006738
<TheLordOfTime> SpamapS:  also, can you confirm if the segfault bug was fixed upstream?
<osmosis> so I installed with a 64 bit iso, but im running a x686 install when I check uname. Any ideas how that could have happened?
<TheLordOfTime> and if so, has it been put in Debian, and then synced to Ubuntu Quantal?
<SpamapS> TheLordOfTime: the segfault bug is in 5.4.5..
<SpamapS> TheLordOfTime: which is in the Debian PHP team's git repo
<SpamapS> TheLordOfTime: I'll make sure to merge it as soon as it comes out in quantal
<SpamapS> TheLordOfTime: re the debdiff, yes, a single debdiff that we can just review and upload to precise-proposed would be ideal.
<TheLordOfTime> SpamapS:  a debdiff that includes both fixes in Precise?
<SpamapS> TheLordOfTime: Oh and to be clear, the segfault is *fixed* in 5.4.5
<TheLordOfTime> because the patches apply cleanly-ish
<TheLordOfTime> (the cleanly-ish refers to the NEWS portion of the error reporting fix patch not applying)
<SpamapS> TheLordOfTime: Yes. Use quilt refresh on them before creating the debdiff.
<SpamapS> TheLordOfTime: right, the NEWS bit can likely be hand merged or even dropped.
<TheLordOfTime> mhm, when doing quilt import /path/to/patch for that upstream patch, and then doing quilt push -a, i had to do quilt push -a -f to force the one with the NEWS issue, and then refreshed that patch to remove the NEWS part
<TheLordOfTime> i'm doing the debuild -S now for build testing in a PPA
<SpamapS> TheLordOfTime: sounds good
<TheLordOfTime> bleh, i do not like translations.  there's a package or two i actually need to create a translation template for, and i'm so new to that, i have no idea how to proceed...
<TheLordOfTime> ... whoops
<TheLordOfTime> wrong GPG key
<TheLordOfTime> SpamapS:  geez, PHP takes ages to build.
<SpamapS> TheLordOfTime: yes, the tests are LONG
<TheLordOfTime> well, at least it started building about when i uploaded to my php-sru-tests ppa
<TheLordOfTime> well....
<TheLordOfTime> after i fixed the PGP key thing
<TheLordOfTime> SpamapS:  i will be ***GLAD*** once this reporting bug is fixed
 * TheLordOfTime has been inundated with emails about this being a bug
<TheLordOfTime> then i can say "STOP EMAILING ME, A FIX IS IN -PROPOSED"
<TheLordOfTime> SpamapS:  i take it the time for tests is > 30 minutes?
<SpamapS> TheLordOfTime: on a good fast machine yeah
<SpamapS> 45m on mine here I think
<TheLordOfTime> does that include the PPA builders?
<SpamapS> PPA builders will do it in 1 hour usually
<SpamapS> been a while since I waited on them tho
<TheLordOfTime> heh
 * SpamapS just uses sbuild.. nearly the same thing
<TheLordOfTime> well pbuilder and pbuilder-dist are broken, and sbuild doesnt run right here
<TheLordOfTime> SpamapS:  for the segfault bug in PHP, is that SRU worthy in Precise if it doesnt yet exist in Quantal?
<TheLordOfTime> granted i'm still working on the build testing first, but... :P
<SpamapS> TheLordOfTime: yes its ok, you just have to explain that it is upstream already
<TheLordOfTime> ah okay.  i didnt set up the SRU template on the segfault bug yet.  and i took the extra time to DEP3 tag the patches
<SpamapS> TheLordOfTime: the point of making sure it is fix released in dev is just to make sure people focus efforts on the dev release first and don't just scratch their stable release itches ;)
<TheLordOfTime> indeed.
<ScottK> TheLordOfTime: working fine here (pbuilder/-dist)
<TheLordOfTime> ScottK:  its been narrowed down to this system itselkf
<TheLordOfTime> apparently there's some weird bug where pbuilder doesnt get the right files or something
<TheLordOfTime> and its specific to this system
<ScottK> Did you try recreating the pbuilder chroot from scratch?
<TheLordOfTime> *shrugs*
<TheLordOfTime> mhm
<TheLordOfTime> the chroot doesn't build
<TheLordOfTime> it errors out
<TheLordOfTime> its not worth debugging now though
 * TheLordOfTime was going to look into getting and configuring sbuild in future
<TheLordOfTime> then work got in the way :P
<TheLordOfTime> SpamapS:  the amd64 builders are faster than the i386 o.O
<wizonesolutions> does virt-install run under a different user?
<wizonesolutions> I'm running it as root but I'm getting permission errors
<wizonesolutions> says that it can't access the .img file, which is under /root. and obviously root itself has permissions to that.
<wizonesolutions> for the file I specified as disk --path=
<wizonesolutions> I added root to the kvm and libvirtd groups for good measure
<TheLordOfTime> SpamapS:  well, amd64 works, so...
<TheLordOfTime> time to debdiff!
<SpamapS> TheLordOfTime: woot
<TheLordOfTime> (i386 will probably build as well, given prior track history with SRU and backport and security tests)
<TheLordOfTime> SpamapS:  i won't be shot for uploading the debdiff to two separate bugs will i?
<wizonesolutions> oh, uncommenting the user/group to run libvirtd as in /etc/libvirtd/qemu.conf and restarting libvirtd-bin actually fixed it.
<TheLordOfTime> SpamapS:  lets hope that after dinner, the thing will be finished building on i386.
<TheLordOfTime> once that happens i'll push the debdiff up to LP
<TheLordOfTime> SpamapS:  you may as well just ping me when php5 bugs get triaged or fixed upstream, i'm very likely to be able to just do the debdiffs xD
<wizonesolutions> does virsh -c qemu:///system suspend <vm> survive a restart?
<wizonesolutions> or do I have to save/restore for that?
<wizonesolutions> and is there a way to tell the hypervisor to suspend or save state of open VMs when the system is about to restart and then restore them once it is back up?
<wizonesolutions> like to script that in
<osmosis> what are the correct last 4 digits of   md5sum ubuntu-12.04-server-amd64.iso ?
<SpamapS> TheLordOfTime: I suggest only putting the debdiff on one of the bugs, and referencing it from the other.
<osmosis> i think i found a problem
<osmosis> http://bpaste.net/show/o87CdsGW75uVBXCmTRQg/
<osmosis> I go to the 64 bit url, but it gives me the 386 version.
<osmosis> who's to blame?  wget?
<SpamapS> osmosis: the & must be escaped
<SpamapS> osmosis: notice [2]+  Done                    bits=64
<SpamapS> osmosis: you started a background process that ran 'bits=64'
<SpamapS> osmosis: try wrapping the url in '
<osmosis> ok..now Ill go reinstall my servers too
#ubuntu-server 2012-08-01
<wizonesolutions> argh, how do I actually connect to the VNC console on a KVM guest?
<wizonesolutions> I'd rather SSH in but don't know how to figure out its IP
<wizonesolutions> goodness gracious. figured out how to get the VMs bridged so I could SSH in, but that was way underdocumented. I should somehow contribute when I have time...
<TheLordOfTime> SpamapS:  good idea, thanks.
<uvirtbot> New bug: #1031568 in bacula (main) "package bacula-director-mysql 5.0.3-0ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1. Also, the database it needed could not be created." [Undecided,New] https://launchpad.net/bugs/1031568
<akiva> okay let me get this straight
<akiva> a dns server basically takes an IP, and attaches a name to it, such as www.name.com, to which it then arranges the names in a type of heirarchy
<akiva> such as www.name.com/foo
<mardraum> you look like you are confusing DNS and HTTP
<akiva> I am just looking at my installation here
<akiva> and I am trying to learn about the different types of servers that I can install
<akiva> to which I want to set up dummies in which I can learn from
<ScottK> mardraum: No.  He's not.
<mardraum> ScottK: how is "/foo" related to DNS
<akiva> so a dns then is basically taking addresses, and attaching naming schemes which are/can be heirarchical.
<ScottK> Except he's right to an extent.
<akiva> mardraum: foo is the name of a sup page in the site. Just chose the name foo :P
<ScottK> DNS will figure the IP address associated with example.com or www.example.com.
<ScottK> Within a sing host, it doesn't help you.
<mardraum> akiva: yes, which is HTTP, not DNS
<ScottK> mardraum: It could be multiple protocols.
<mardraum> heh
<ScottK> For a web server it's http, but for an ftp server it's ftp.
<ScottK> The path within the host is not tied to a specific protocol.
<akiva> Would I ever use a DNS server practically speaking?
<mardraum> it's not DNS though, is it ScottK ?
<mardraum> I think that's what we are trying to establish.
<ScottK> No, it's not.
<ScottK> DNS get's you an IP/hostname pairing that's it.
<akiva> okay, interesting
<ScottK> Everything after that is related to the file hierarchy of the host.
<akiva> but http, ftp, dns, these are all "Name Servers"?
<mardraum> DNS gets you more than simple IP/hostname pairing, what about MX records, TXT records, etc
<ScottK> They are all protocols.
<ScottK> Sure, but in this context.
<akiva> protocols, each one with distinct advantages, etc
<taipres> does debian use less mem than ubuntu?
<taipres> server that is
<qman__> not if you install the same packages, by any measurable amount
<taipres> what do you consider measurable
<qman__> 10MB
<taipres> ok
<qman__> memory use depends on what software you install
<qman__> you can choose to install less stuff with different install options
<qman__> like JeOS or minimal, though minimal is more difficult to get working
<taipres> am asking because i'm running it on a VPS
<taipres> so memory is a bottleneck
<qman__> the only notable difference here is that debian, when you choose to not install the GUI, installs less packages than the regular ubuntu server install
<mardraum> they only affect "memory" while they are running, are you actually concerned with disk space?
<genii-around> Setting APT::Install-Recommends off helps quite a bit with the bloat
<ScottK> But, you're on your own if something doesn't work the way you expect.  The system's designed for those to be on unless you know what you're doing.
<taipres> I aways remove apache2 immediately heh
<taipres> thanks
<mardraum> I didn't think apache2 was installed by default
<taipres> well for VPS's it seems to be
<taipres> at least ones i've tried
<ScottK> That's your VPS's provider doing that.
<ScottK> It's not part of the Ubuntu Server default install.
<taipres> that's weird that'd add software then make an imagine, since is for openvz
<taipres> xen, or what have you
<taipres> I only use openvz atm though
<taipres> image rather
<mardraum> it's not weird, since 99% of people who don't know what they are doing will want LAMP
<mardraum> provider is simply cutting down on support calls
<taipres> good point :)
<taipres> though mysql and phpmyadmin not installed by default, from ones i've seen
<taipres> I get unmanaged vps's though
<mardraum> php, not phpmyadmin
<taipres> yeah that either, have to apt-get it
<mardraum> I guess they are going with a more secure default then, not the kitchen sink, good for them
<taipres> yeah I love budget vps's, get nice servers for few bucks a month that gives me far far more control and flexibility than shared hosting, can remove/install distros in few seconds too, I usually pick ubuntu though
<taipres> easiest, but I keep hearing people recommend debian for servers
<ScottK> Debian and Ubuntu have very different release processes.
<taipres> debian like turtle, ubuntu like rabbit? :)
<ScottK> If you need non-ancient software in a release, Debian may not be for you.
<ScottK> Sort of.
<ScottK> Ubuntu releases every 6 months.
<taipres> i'm using version
<ScottK> Debian releases when they believe it's ready.
<taipres> 11.04 currently
<ScottK> You may want to consider upgrading.
<taipres> does the new 12 use a lot of memory?
<ScottK> It's not much different than 11.04, but to get to 12.04, you need to upgrade to 11.10 and then 12.04.
<ScottK> Direct upgrades from 11.04 aren't supported.
<taipres> well there's a template for to, so I could switch over, it'd be fresh install anyway
<taipres> just don't want to use a bunch of new memory for the latest version when it's not necessary
<qman__> the important reason here is 12.04 is LTS and supported for 5 years, while 11.04 isn't, and is already over year through its support
<taipres> who supports it
<qman__> Canonical
<qman__> the important part of support being patches and this channel
<taipres> my host has two images
<taipres> ubuntu-12.04-x86 326MBs and ubuntu-12.04-x86q1-July over 500mbs?
<taipres> weird the latter is so much larger trying to figure out why
<taipres> i'm sure patches are good practice but linux seems pretty secure
<taipres> only downside i've personally seen, in terms of myself for older ubuntu is repo isn't the best
<taipres> has older software, I'm aware 11.04 has almost released its end of cycle for support though
<ScottK> Patches won't make it bigger.
<morpheu> ola pessoal
<morpheu> to com um problema
<morpheu> no servidor
<uvirtbot> New bug: #1006770 in backuppc (main) "package backuppc 3.2.1-2ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Low,Expired] https://launchpad.net/bugs/1006770
<uvirtbot> New bug: #993660 in samba (main) "package samba-common 2:3.5.8~dfsg-1ubuntu2.4 failed to install/upgrade: unable to open '/etc/dhcp3/dhclient-enter-hooks.d/samba.dpkg-new': Too many levels of symbolic links" [Undecided,Expired] https://launchpad.net/bugs/993660
<uvirtbot> New bug: #995315 in samba (main) "package samba 2:3.6.3-2ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Low,Expired] https://launchpad.net/bugs/995315
<uvirtbot> New bug: #1006829 in samba (main) "package samba 2:3.6.3-2ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Low,Expired] https://launchpad.net/bugs/1006829
<taipres> just installed debian looks to be using 2 more megabytes then the ubuntu install
<taipres> dang was hoping for the opposite, removed all default services I don't need
<akiva> is it wise to encrypt a server?
<seekwill> akiva: What do you mean?
<akiva> seekwill: I am trying to setup a business, and I have established 5 types of systems I am going to be using
<akiva> and of these 5 types, I am trying to determine which types I should bother with encryptions,
<akiva> particularly the lvm, and the disk
<akiva> given that a server does not tend to get stolen, and it might be bothersome if it needs rebooting right away, I am thinking I will not encrypt my server types of computers
<seekwill> You can never have too much security, but there are other things I worry about before disk encryption
<akiva> such as?
<seekwill> Network and physical security
<akiva> Network is something I have yet to get too yet.
<seekwill> So, what are these five types?
<akiva> Server, Administrators, Executives, Departments, and Terminals
<akiva> The server is obviously going to be tucked away on its rack, doing its thing.
<akiva> Admins are the only users who have read write access to the servers,
<seekwill> Are you the business owner, the IT manager, or?
<akiva> IT manager
<akiva> Might as well say business owner though, given circumstances
<akiva> I got a simple spreadsheet. explains it all
<seekwill> If you are the business owner, I would highly suggest outsourcing this so you can focus on your core business
<akiva> No, I don't believe in doing that type of thing
<akiva> or rather, I do not enjoy it.
<seekwill> The question you're asking seems to be at a much higher architectural level, which doesn't always work well over IRC
<akiva> What does IRC have to do with it?
<seekwill> I could be jumping to conclusions too early, but that's just the feeling I get
<akiva> Anyways~
<akiva> speaking from previous experience, I do want any higher up to have their disks encrypted.
<seekwill> For example, I disagree with your statement that disk encryption on your servers is unnecessary as you don't generally reboot servers outside a maintenance window
<akiva> I have witnessed laptops and desktops being stolen before.
<seekwill> ... or just don't store that data on those machines :/
<akiva> seekwill: I don't understand the logic behind that
<akiva> Yes, I am looking into the cloud too
<akiva> ubuntu one I figure should suffice
<akiva> Google Docs... maybe, but I am not entirely sold on that yet.
<seekwill> Don't understand the logic behind what?
<akiva> disk encrypting a server thats always running?
<akiva> and that is highly unlikely to be stolen?
<seekwill> Umm ok
<seekwill> Is your server stored in a commercial data center with 24/7 security? How sensitive is the data you're storing?
<seekwill> But like I said, these are not really the conversations that go well over IRC, in my opinion
<akiva> seekwill: Very sensitive. It would be stored locally.
<seekwill> If you are worried about data being stolen, I would never consider using Ubuntu One or Google Docs
<seekwill> I have a much higher confidence with commercial data centers than my own office
<akiva> No, not google docs
<akiva> with ubuntu one, I don't really know. Its purpose would only be to back up certain emails and local documents
<SpamapS> akiva: Have you ever heard the statement "Security is a process, not a product" ?
<seekwill> SpamapS++
<akiva> seekwill: I used to work in security and surveillance, so I tend to have...
<akiva> no
<seekwill> :/
<akiva> SpamapS: I think that is a fair statement.
<SpamapS> Ok, well you'll understand this if you worked in surveillance
<SpamapS> If surveillance was about products.. people wouldn't be needed.
<SpamapS> likewise w/ security
<SpamapS> you can automate *a lot*
<SpamapS> but you still have to go through the process of planning and evaluating
<akiva> SpamapS: Agreed, such is why I am trying to create standards
<seekwill> There are lots of security standards out there
<seekwill> Even certifications!
<SpamapS> akiva: indeed, its good to start with a process which gets you going and mitigates your risk early on...
<seekwill> :)
<akiva> seekwill: Certs can go fly a kite :P
<seekwill> Ok :)
<akiva> SpamapS: I am focussing on long term scalability, and setting password standards that will be highly secure without giving you a headache
<SpamapS> akiva: anyway, encrypting your server isn't really the question to ask
<SpamapS> Its "what am I risking if I let security be at 0"
<akiva> contrary to popular belief, "@#<sea TsatZX5@#^" is not that secure of a password
<SpamapS> find a dollar value for that..
<SpamapS> spend an appropriate percentage of that dollar amount protecting it
<seekwill> How did you guess my password?!?!? :(
<akiva> SpamapS: well, I am specifically talking about lvm and disk encryption
<akiva> SpamapS: These types of encryptions if I am not so naive, are important when physical theft is involved
<akiva> seekwill: ha ha ha
<SpamapS> akiva: great. What assets would be at risk without whole-disk encryption? How much are they worth? How much will encryption cost? answer those, and you'll have your answer.
<seekwill> But you get the answer "for now". Things change
<akiva> well, how does one physically steal a server rack locked in its own air conditioned room?
<seekwill> So because you can't do it, means no one else can?
<SpamapS> Honestly, sysadmins and engineers suck at security planning (I say that as a sysadmin/engineer). You need an insurance agent to really get things right.
<akiva> as to encryption, here is one thing I do not know
<SpamapS> akiva: how is not important..
<SpamapS> akiva: why. answer that first.
<SpamapS> If its worth $1,000,000 .. they can spend $100,000 on equipment / man power / planning and still profit from the theft.
<akiva> for a server, where performance is important, does an encrypted file system need more cpu power etc?
<SpamapS> <sigh>
<seekwill> lol
<SpamapS> akiva: yes it will use a few more cycles to encrypt/decrypt data
<akiva> SpamapS: Perhaps you are more optomistic about those in the workforce than I am.
<akiva> SpamapS: That was my supposition, though I was not entirely sure.
<ScottK> The other thing you have to ask yourself is what are you guarding against?
<akiva> ScottK: Good question. But one step at a time right now
<ScottK> Without knowing the answer to that question, you can't answer the encryption question.
<SpamapS> To me, you look at risk factors once you've assesed the value of your assets. Its hard to know how likely things are without numbers.
<akiva> lvm encryption and disk encryption, given that physical theft risk is near nil, that such would not be neccessary
<akiva> that is not to say that some other type of encryptian would not be important.
<akiva> given the assumption that this server will not be stolen
<SpamapS> "physical theft risk is near nil" .. this sounds like WAG method of assessment
<akiva> SpamapS: What is Wag?
<akiva> And trust me.
<SpamapS> Wild Ass Guessing
<ScottK> I know someone who has an encrypted VM and has to go to the data center every time the VM is restarted to enter a passphrase because he wants to ensure the data center operators don't have access to it.
<akiva> Like I said, I have experience in this particular regard
<akiva> ScottK: It will be held locally
<akiva> ScottK: but yes, in that case
<akiva> that would be very advisable.
<SpamapS> akiva: as do many here.. many whom you're subtly ignoring, I suspect because you want to play with encryption.
<SpamapS> I've seen many people talk themselves into security "solutions"
<akiva> SpamapS: If I wanted to play with encryption, then I would not question it.
<SpamapS> my customers, back when I was doing spam filters and basic intrusion detection systems, often talked themselves into buying an IDS even before I had assessed their risk.. because the web interface was cool
<SpamapS> akiva: also you can measure how much encryption drains the performance
<akiva> SpamapS: Indeed, that is exactly what I am doing. What is my purpose here however? To see if there is any oversight.  does disk encryptian protect against any non physical attempts at data theft?
<akiva> I don't know
<SpamapS> install w/ and w/o it.. measure the metrics that matter to your business.
<akiva> SpamapS: Yes, that will be tricky. I will need to do it anyways, but that will be depending on performance forecasts
<SpamapS> akiva: if you leave the volumes encrypted most of the time, and only use the physical console to decrypt.. you can mitigate a remote attack
<SpamapS> but you'd still be vulnerable to root exploits while the volumes are decrypted.
<akiva> right
<SpamapS> and even if they're encrypted and the box is rooted..
<SpamapS> if you don't notice before decrypting.. you're still vulnerable because now they have keyboard logged the passphrase
<akiva> SpamapS: but I am just asking about disk and lvm encryptian
<akiva> that is all right now
<SpamapS> Its primarily a mitigation strategy for physical access violations.
 * SpamapS reboots into quantal w/ fingers crossed
<akiva> assuming I only have to worry about remote attacks, a disk encryptian and an lvm encryptian are not going to help mitigate attacks. Is this correct?
<alex88> hi guys, from http://kernel.ubuntu.com/~kernel-ppa/mainline/ i need a kernel > 3.4, can i use the quantal release also if i'm running precise?
<SpamapS> alex88: I believe there is a PPA with the backport
<akiva> SpamapS: Have you used landscape?
 * alex88 searchs
<feisar> how pricey is Landscape?
<akiva> seems pretty reasonable to me
<akiva> 33 a year I think for webhosting
<akiva> local hosting is about 100 per year
<feisar> the number of Ubuntu Server boxes I manage is increasing and I understand that Landscape can centrally manage them
<akiva> wait, its more
<akiva> I am thinking of something else apparently
<akiva> waint
<akiva> wait*, I think I am thinking of openerp
<akiva> Wanting to impliment this too :)
<koolhead11> akiva: feisar mailing the markting folks via there canonical website will be more helpful
<koolhead11> the place is more developer oriented :P
<feisar> akiva: I have been looking at OpenERP for a small business that needs a new finance package
<feisar> koolhead11: yeah, thanks
<koolhead11> Daviey: so i seriously feel am missing something with LXC or it has some bugs
<akiva> feisar: ugh, mail
<akiva> thanks though, it probably is correct
<taipres> sadly my vps provider, most their images for distros are broken
<akiva> feisar: I am looking to set up a warehouse, and need something that will be able to deal with idependent product serials etc
<taipres> one after another, tried latest ubuntu, one didn't load other used like 30mbs of ram I think and couldn't ssh in
<feisar> taipres: what's the hardware?
<feisar> taipres: oh sorry, just seen the above
<taipres> I knew 12.x used lot more mem, was hoping wasn't as much as I saw at least for 1 build
<taipres> so i'll hold off on that
<jamespage> Daviey: any particular reason rabbitmq-server was synced for quantal rather than merged?
<lynxman> morning o/
<jamespage> morning lynxman
<lynxman> jamespage: mr Page :)
<mardraum> can anyone give me an idea about what else I can do to help debug 1014350
<jamespage> bug 1014350
<uvirtbot> Launchpad bug 1014350 in linux "WARNING: at /build/buildd/linux-3.2.0/net/core/dev.c:1960 skb_gso_segment+0x341/0x3b0()" [Medium,Confirmed] https://launchpad.net/bugs/1014350
<jamespage> mardraum, I think you've already done loads
<Daviey> jamespage: MAAS, LS and the DM were happy that the ubuntu changes had been adopted
<Daviey> jamespage: see the merge bug
<jamespage> Daviey, OK - I'm going to drop the mcollective delta as well then as it depends on stuff that no longer exists
<mardraum> jamespage: thanks for looking, I'll be patient :D
<jamespage> mardraum, the kernel team have a pretty good triage process and your right in it...
<nocturn> Hi, I have KVM running on 11.10 server with a 12.04 guest.   I set up prerouting and forwarding on the host to make port 25 on the guest available to the outside.  Post is open remotely, but not reaching the guest.  A similar forward to another VM on port 22 is working.   What could I be missing?
<nocturn> Rule: -A PREROUTING -p tcp -m tcp -d 78.46.74.45 --dport 25 -j DNAT --to-destination 192.168.122.13
<nocturn> -A FORWARD -p tcp -d 78.46.74.45 --dport 25 -j ACCEPT
<nocturn> .45 is public
<fasta> Is there any GUI to completely control iptable rules?
<RoyK> !fwbuilder
<RoyK> stupid bot
<RoyK> http://www.iptables.info/en/iptables-gui.html
<RoyK> first hit on google ;)
<koolhead11> zul: let me know when you around
<koolhead11> hi jamespage
<jamespage> hey koolhead11
<koolhead11> how are things jamespage
<jamespage> +1
<jamespage> and you
<jamespage> ?
<koolhead11> am awesomer
<koolhead11> e
<koolhead11> need some help from Zul to get LXC working in essex
<fasta> RoyK: that's not a GUI, because it requires me to understand the syntax of iptables.
<koolhead11> jamespage: i wonder who shot those kareoke videos and where are they
<fasta> RoyK: I am sure a GUI could be designed which doesn't require that.
<koolhead11> the UDS one
<koolhead11> :P
<RoyK> fasta: well, it's the best I could find - learning iptables syntax isn't that hard, after all
<koolhead11> RoyK: +1
<fasta> RoyK: it's also silly that one even needs to learn a syntax, because it only creates a dependency on Linux.
<RoyK> fasta: if you need something simple, try pfSense - it's based on FreeBSD, not iptables, but it's simple and easy to use
<fasta> RoyK: it's basically a kind of vendor lockin.
<koolhead11> fasta: http://www.shorewall.net/ might help
<RoyK> fasta: it's *NEVER* silly to learn anything
<fasta> RoyK: so, you mean: install a virtual machine?
<RoyK> fasta: either learn how things work, or use something fancy
 * RoyK likes to learn how things work
<fasta> RoyK: I like to learn how things of importance work.
<RoyK> fasta: but fancy GUIs isn't really an ubuntu server issue
<RoyK> most people in here uses the commandline to do things the proper way
<fasta> RoyK: yes, it is, because I haven't seen one.
<fasta> RoyK: I will decide what is proper.
<RoyK> I haven't seen God, is that an ubuntu server issue, then?
<RoyK> !ufw
<ubottu> Ubuntu, like any other Linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo | GUI frontends such as Gufw (GNOME) and Guarddog (KDE from Lucid onwards) also exist.
<fasta> RoyK: server configuration, of which iptables is a part, is a nm ubuntu server problem.
<RoyK> fasta: that's the proper ubuntu firewall
<fasta> RoyK: that's not a serious solution.
<RoyK> then use iptables
<RoyK> case closed
<fasta> RoyK: because I wanted to have full control over iptables.
<RoyK> then learn it
<fasta> RoyK: you apparently don't get it.
<RoyK> I do, you don't
<fasta> RoyK: you said that fancy GUIs aren't a problem on Ubuntu server.
<RoyK> you don't get full control over *anything* by trusting a fancy GUI
<fasta> RoyK: sure you can.
<fasta> RoyK: you can read the source code for the fancy GUI.
<RoyK> if that GUI is written well, and proper, and doesn't have too much bugs, yes
<fasta> RoyK: which happens to be what I am looking for.
<RoyK> but it'll take a long time, and most people give up and use iptables instead
<fasta> RoyK: what you are saying is that there is no fancy GUI on Ubuntu server.
<fasta> RoyK: and that those that are there are bug ridden.
<RoyK> fasta: so, please, either google for a fancy iptables gui, or *learn* *iptables*
<fasta> RoyK: and thus that Ubuntu server does have a problem.
 * RoyK ignores fasta 
<fasta> RoyK: lol
<fasta> RoyK: you shouldn't start an argument with me.
<fasta> RoyK: because, of course I Googled.
<fasta> RoyK: you just are so ignorant that you think one google query solves all problems.
<fasta> Why you would think that is beyond me.
 * RoyK reminds himself of the phrase "Never argue with an idiot, they drag you down to their level and beat you with experience bumper sticker"
<fasta> RoyK: you are just projecting ignorance.
<fasta> RoyK: judging by your credentials, you are -- by far -- the idiot here.
<fasta> RoyK: I advice you to consider who your talking to before you even consider to call someone an idiot.
<mardraum> oh look, this guy again
<mardraum> new nick!
<fasta> I wish IRC responses were tagged with the CV immediately.
<fasta> Then at least I could automatically ignore those responses.
 * mardraum popcorn
<nocturn> fasta, you are being rude when you received help.  RoyK was more patient with you than I would be
<fasta> nocturn: I am sorry; I received _no_ help.
<fasta> nocturn: RoyK only wasted my time.
<fasta> nocturn: I have been patient with him.
<fasta> nocturn: not the other way around.
<fasta> nocturn: comprendo?
<nocturn> He gave you the answer, just not the one you wanted to hear.
<fasta> nocturn: no, he gave me _an_ answer.
<fasta> nocturn: initially a wrong one.
<nocturn> fasta: 42
<nocturn> that's the right answer
<nocturn> you're welcome
<fasta> nocturn: good book
<fasta> nocturn: most people who say it, didn't read it.
<nocturn> I read it allright, listened to the radio show too, didn't like the movie though
<fasta> nocturn: same with the exception of the radio show.
<RoyK> nocturn++
<fasta> RoyK-=9e10;
<fasta> +1
<fasta> I like
<fasta> I hate
<uvirtbot> New bug: #1031680 in nagios-plugins (main) "check_apt always report 0 critical updates" [Undecided,New] https://launchpad.net/bugs/1031680
<RoyK> sometimes those trolls come by...
<nocturn> Been trying some stuff, but no progress.  I cannot foward port 25 on a VM guest to port25 on the VM host using iptables.  Yet the same rules for port 22 on another VM do the trick...
<melmoth> something is already listening on port 25 on the host , and nothing was listening on port 22 ?
<zul> morning
<nocturn> melmoth: No, I checked
<nocturn> nothing is listening on either port on the host.  And the guest respond on those ports from the host (using netcat)
<blizzkid> lo all. Running into trouble using nut (network ups tools). Anyone knows how to cancel all timers? Doc says to remove files, but pipe is used instead of files...
<nocturn> I needed to SNAT it too!
<nocturn> fixed
<zul> smoser: nova package has the persistent volume support now.
<adac> Is it absolutely painless to install python3 via apt-get on lucid LTS?
<ScottK> adac: It is, but it's python3.1, so there's a limit to how painless using it will be.
<ScottK> It also won't interfere with any python stuff.
<adac> ScottK, oh ok so it never becomes the system python
<Mandark> hey guys, hopin sum1 can guide me in the right direction>>
<ScottK> Dear lord no.
<Mandark> configuring multiple VirtualHosts, enabled the new site entry but what seems to be happening is its ignoring the previous virtual host entry and applying the rootdirectory to all hosts over port 80. i.e. domain1.com >> /var/www/domain1/   domain2.com >> /var/www/domain1/
<Mandark> has anybody had a similar problem or heard of a resolution?
<adac> ScottK, hehehe
<adac> ScottK, is there also 2.7 that can be installed?
<ScottK> Not for 10.04.
<ScottK> 12.04 has python3.2 and python2.7.
<ScottK> If you want 2.7 for something, it's really easier just to upgrade.
<xnox> ok you can start a chroot.... but that would be ugly
<Mandark> if no other resolutions come up, it might have to b that
<ScottK> There are PPAs with python2.7, which, if you only need the standard library and no extensions might work if you can find one run by someone you can trust (anyone can get a PPA, so don't assume it's any different than downloading from some random site on the net).
<adac> ScottK, kk thank you so much!
<uvirtbot> New bug: #1030519 in perl (main) "/proc/self/exe is not necessarily correct on overlayfs" [Undecided,New] https://launchpad.net/bugs/1030519
<adac> ScottK, what would be the sytem python version on 12.04?
<ScottK> python2.7.
<koolhead17> zul, awake?
<zul> koolhead17: yep
<koolhead17> zul, have you tried LXC with essex
<zul> koolhead17: yep
<koolhead17> zul, and what all pkgs am supposed to install
<zul> koolhead17: the usual packages and libcgroup1-lite
<koolhead17> because i installed some pkg i think python-nova-lxc
<koolhead17> ooh okey so i missed this pkg libcgroup-lite
<zul> no there isnt a package called python-nova-lxc
<koolhead17> zul, i meant some nova pkg with lxc extension
<zul> ok if you have nova-compute-kvm and nova-compute-lxc installed then it wont work youll have to remove nova-compute-kvm
<koolhead17> zul, so nova-compute-lxc and libcgroup-lite i hope it will download the lxc pkg along with.
<zul> koolhead17: and you will need to to install lxc as well
<koolhead17> gosh zul why novaa-compute-lxc depends on lxc ? :(
<zul> koolhead17: it doesnt you might need stuff in there
<hw_junkie>  /window 4
<koolhead17> thanks zul !! finally 3ed day after hitting my ass all around i found the soln, will do the testing in lab tomorrow :)
<koolhead17> will trouble you if stuck
<zul> cool
<koolhead17> zul, can i test play with quantum for essex?
<zul> koolhead17: i wouldnt
<koolhead17> zul, so better i should wait for folsom PPA to play on 12.04 :)
<koolhead17> adam_g, sir
<zul> koolhead17: yes
<koolhead17> cool
<uvirtbot> New bug: #1031795 in postfix (main) "package postfix 2.9.3-2~12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1031795
<pawad> Who should I be talking to if my Lucid server is sending a lot of http traffic to Canonical servers in London?
<tgm4883> pawad, I guess that would depend on what was in that traffic
<tgm4883> or what was sending it
<pawad> So far it looks like apt-gets, but that might be actual updates I was running on the weekend. I'm talking 1.5GB+ over 4 days
<zul> smoser: ping
<smoser> here
<tgm4883> pawad, is that just for one computer?
<zul> smoser: can you change the maintainer of ec2-api-tools to scott moserk please? so i dont get upload notifications
<smoser> hmm..
<smoser> i will chnage in the packaging branch that i have.
<pawad> tcpdump from a Lucid server on Rackspace. HTTP traffic only between 2012-07-28 to this morning.
<zul> smoser: cool...because obviously im not the maintainer anymore as well :)
<smoser> Maintainer: Ubuntu Developersk <ubuntu-devel-discuss@lists.ubuntu.com>
<smoser> does that look good?
<zul> yep
<tgm4883> pawad, have you tried using something like nethogs to see what it is?
<tgm4883> what is sending the data I mean
<zul> pawad: you might want to talk to rackspace then
<pawad> I have the dump file loaded in Wireshark.
<pawad> It's unmanaged server. they've given me the suggestions they can. But they wont do much more then that without a support contract.
<apw> can anyone remind me where the 'update only to the next LTS' flag is for a server
<seicherlbob> hi there! I've had a failed harddisk in a raid1. now i got a new drive of equal size, but this one has 4K blocksize (the old one had 512B). Is it possible to add the new drive to the array or will this crash my data?
<Kingsy> guys, I have just installed xcache via a cpanel.. and now I need to change some of the values in its ini file.. how do I find it? I have no idea where the cpanel has installed it too..
<Kingsy> nm really stupid question
<r3dLunchb0x_> anyone know why on ubuntu 11.04 server, landscape-sysinfo presents incorrect info when you login?
<danielsh`> guys
<danielsh`> the download instructions don't link to the md5 or pgp of the iso files
<danielsh`> any reason for that ?
<Pici> !hashes
<ubottu> See http://mirror.anl.gov/pub/ubuntu-iso/CDs/12.04/MD5SUMS for the md5sums of the latest Ubuntu release
<danielsh`> err, thanks, that was my next questino
<danielsh`> it would be nice if the download page actually linked to them
<danielsh`> some of the people who download ubuntu actually care about checking md5's
<osmosis> what partition is /dev/mapper/me-swap_1  attached too?  when I use cfdisk, i dont see a swap partitions. I am using a LUKS encrypted volume.
<osmosis> if installed with full disk encryption...is the swap partition encrypted as well?
<babbio> Hi guysâ¦.I need your helpâ¦I need my pc to automatically connect to my home wifi connection at boot (also without login) so that I can ssh into my server and have an active connectionâ¦I read a lot of doc on how to modify the /etc/network/interfaces but at the reboot I have no internet connection
<axisys> can I add more than one port in the ufw/application.d/myapp ?
<axisys> or do I need myapp-port-x myapp-port-y .. blah ?
<axisys> and add a new port number for each
<axisys> i need to have multiple tacacs+ server instance running on different ports
<roaksoax> adam_g: what was the bug# for the nova-network lock thingy?
<jdstrand> axisys: you can add more than one. Eg: ports=5353/udp|5298
<adam_g> roaksoax: one sec
<adam_g> roaksoax: https://review.openstack.org/#/c/10321/
<roaksoax> adam_g: thanks
<adam_g> roaksoax:  ppa:openstack-ubuntu-testing/essex-stable-testing should have a nova package built with that commit included, you can set 'nova-release' in the charm config to that ppa and it will install from there
<roaksoax> adam_g: arrgh.. can't seems to reproduce being able to access the instances using its private IP from "outside"
<roaksoax> ahh daaah never mind :)
<r3dLunchb0x_> is there a nagios expert here?
<SpamapS> adam_g: ping, just accepted your openvswitch FTBFS fix (no bug to notify you on ;)
<adam_g> SpamapS: cool. i noticed verification-done on the bug, im assuming the non-FTBFS archs from the original upload made it to -proposed?
<SpamapS> adam_g: yeah, FTBFS of one arch does not affect the others for publishing
<adam_g> SpamapS: is that true of all archs? im getting openssl armhf failures now :)
<SpamapS> adam_g: the binaries will get published as they build. We just won't copy them to -updates until all arches pass
<adam_g> SpamapS: ah, gotcha
<SpamapS> adam_g: but in the openvswitch case.. it was FTBFS for the release too.. so I care even less. ;)
<LordOfTime> SpamapS:  still around?
<LordOfTime> SpamapS:  the debdiff was uploaded to LP Bug 1014044, and I subscribed the sponsors team accordingly.  My internet died shortly later, so I didnt get to subscribe sponsors to the other bug (LP BUg 1006738), but i mentioned in 1014044 that they'd have to review 1006738 as well
<uvirtbot> Launchpad bug 1014044 in php5 "PHP5-FPM not reporting errors to web server (nginx)" [Medium,In progress] https://launchpad.net/bugs/1014044
<uvirtbot> Launchpad bug 1006738 in php5 "php5-fpm segfaults with error 4 in libc-2.15.so" [High,In progress] https://launchpad.net/bugs/1006738
<LordOfTime> in case you;d like to do the actual sponsoring... :P
<SpamapS> TheLordOfTime: I'll take a look later
<TheLordOfTime> SpamapS:  cool, just one question
<TheLordOfTime> shoudl i subscribe the sponsors team to the other bug where i did not upload the debdiff to?
<SpamapS> TheLordOfTime: no, one bug for one upload is fine. :)
<TheLordOfTime> cool.
<TheLordOfTime> oh damn, i forgot to put the SRU template on the segfault bug
<TheLordOfTime> :/
<SpamapS> adam_g: https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.4 ... looks like that patch needs some tweaking to be non-x86-friendly
<adam_g> SpamapS: ya, i saw
<shodan45> I have an empty file named (literally) /var/log/mail.* on a freshly imaged 12.04 VM.... wtf?
<dannf> is the code for building maas ephemeral images available?
<r3dLunchb0x_> anyone here know anything about nagios 3.3.1 for ubuntu?
<slicslak> what should i install for java these days?  standing up a solr server
<slicslak> looks like openjdk should be fine.
<slicslak> thx
#ubuntu-server 2012-08-02
<armaan> how can i kill nohup jobs
<patdk-lap> same way you kill any other job
<armaan> patdk-lap: is there any way to do it automatically. i need to do it for testing purpose
<patdk-lap> there is nothing different about nohup, and anything else
<patdk-lap> so whatever you *normally* use, will work
<osmosis> how do I get more info on a package from apt-cache before I install it?
<lifeless> statik: o/
<JonEdney> Hey, any way to remove Java from 12.04 server? "Virtual packages like 'sun-java6-jre' can't be removed"
<qman__> dpkg -l | grep jre
<qman__> dpkg -l | grep java
<qman__> then apt-get remove those
<JonEdney> Ah, wasn't aware that's how it worked, interesting.
<thisismyname> hi guys, i got the following problem: my postgres database server is only using one cpu, even with multiple connections
<thisismyname> using ubuntu 12.04 vanilla kernel
<overrider> How can i go about monitoring about 50 ppp interfaces created by pptp users that dial in; id like to perform some traffic accounting. Is there any sensible way to combine those interfaces into 1 single interface for me to do my bandwith / netflow monitoring on?
<greppy> overrider: MRTG can do aggregate data
<greppy> you can tell it to graph the data from all the interfaces.
<_ruben> overrider: could do with a netfilter based accounting setup hooked into the filter/FORWARD chain for instance, it could make use of ppp+ as in/out interface. etc
<overrider> ill look at netfilter and mrtg - trouble with mrtg is that the interfaces come and go as they please, based on user login or logout, not sure how that gets handled. Thanks though
<BuenGenio> hello
<BuenGenio> how do I get openvpn client to connect without asking for username & password?
<uvirtbot> New bug: #1032133 in samba "smbclient fails if server does not support Echo request (eg. Time Capsule)" [Undecided,New] https://launchpad.net/bugs/1032133
<RoyK> BuenGenio: isn't that a bit like installing a new and fancy lock on your house and then glueing the key into the lock?
<greppy> RoyK: depends on your setup.
<RoyK> AFAGCT, there are separate builds for that http://www.acevpn.com/2009/12/07/openvpn-build-with-save-password-enabled/
<zul> good morning
<lynxman> zul: morning!
<zul> lynxman: slacker
<lynxman> zul: :D
<uvirtbot> New bug: #1032180 in maas (main) "maas ip change via sudo dpkg-reconfigure maas fails to completely reconfigure" [Undecided,New] https://launchpad.net/bugs/1032180
<uvirtbot> New bug: #1032181 in lm-sensors (main) "sensord fail to create correct RRD file when loadavg requested" [Undecided,New] https://launchpad.net/bugs/1032181
<uvirtbot> New bug: #1032183 in maas (main) "maas commission repository mirror" [Undecided,New] https://launchpad.net/bugs/1032183
<roaksoax> lamont: howdy! I was wondering if bind9 supports conf.d by default, or if it would be a nice thing to have it do
<roaksoax> lamont: the issue is basically this: 1. MAAS installs and creates dir /etc/bind/maas. 2. Adds an include line to 'named.conf.local'.
<roaksoax> lamont: so concern1: then if I remove MAAS (not purge), files will be left in /etc/bind/maas. Then if I purge bind9, it wont remove /etc/bind because  /etc/bind/maas exists
<roaksoax> lamont: concern2: If I upgrade bind9, I'm presumming dpkg will detect that named.conf.local has differed, and will offer to overwrite it. If that happen then MAAS config will not be accessible
<ironm> hello. in case anyone (! erkules)  is interested: http://rsync.it-infrastrukturen.org/public-mariadb/ubuntu/.tmp/README.mysqld_multi_install_concepts.txt / http://rsync.it-infrastrukturen.org/public-mariadb/ubuntu/mysqld_multi_install_db_voip_files.tgz
<ironm> thank you in advance for *any" feedback
<lamont> roaksoax: 1) dunno.  2) I'm very reluctant to deviate from upsteam wrt configuration file directivces.
<roaksoax> lamont: i see, do you have any recommendation on how to handle the case above though?
<lamont> bind has a history of not actually purging itself all the way, largely because of the package name change between bind and bind9
<lamont> which I expect to recreate for bind10 :(
<lamont> what is maas doing that it wants to add files to the bind config (as opposed to replacing them wholesale)?
<roaksoax> lamont: yes, so basically create /etc/bind/maas and place everything under it
<roaksoax> lamont: and add an include on /etc/bind/named.conf.local
<roaksoax> that includes above directory
<lamont> yes, but WHAT is it doing that it needs to add files?
<lamont> gratuitously adding a subdirectory for something that you're configuring completely strikes me as just silly
<roaksoax> lamont: it will be used as the DNS server for the MAAS client machines
<roaksoax> rvba: ^^
<roaksoax> lamont: so it is the MAAS DNS server instead of having an external DNS
<lamont> so is this the maas server install, and wanting to interoperate with the admin's previously-configured bind9 install?
<lamont> s/interoperate/not trash/
<roaksoax> lamont: yes
<lamont> so s/instead of/in addition to/
<roaksoax> lamont: yes, so in cases where in the local network there's no DNS (which is needed by juju), then MAAS would be the DNS
<roaksoax> lamont: so it is just part of the replacement of cobbler handling DNS/DHCP
<roaksoax> lamont: so, that being said, do you think it would be better approach to simply replace named.conf instead of includding config files?
<lamont> I'm going to guess that your admin will want to be involved in a number of decisions about what address blocks and what bogus-TLD/real-suffix is being used for maas, and even after ripping maas out of the server... how much automation are you expecting to do?
<roaksoax> lamont: well obviously ripping it out would mean leaving this usable
<roaksoax> rvba: ^^
<rvba> otp
<lamont> roaksoax: replacing the files in /etc/bind with the maas stuff may be the simplest.  There are policy issues with package B modifying package A's conffiles directly, which you're stuck facing no matter how you go about it. (the policy compliant way to solve it is to provide me some code for the bind9 package to add/remove zones from the config, which maas-server would then call to make the mods
<roaksoax> lamont: i see. Thanks for the input. I'll run this with the MAAS team.
<lamont> roaksoax: there is some stuff inthe postfix stack that does just that, fwiw
<lamont> (modifying postfix config, totally separate from anything to do with bind9)
<roaksoax> lamont: ok cool, I'll look into that. Thanks again :)
<Daviey> Anyone have the exact size of a default ubuntu server 12.04 to hand?
<patdk-wk> Daviey, I have 963megs
<Daviey> patdk-wk: vanilla cd install?
<patdk-wk> daviey, yep, 64bit, using last alpha
<Almindor> hgello
<Daviey> patdk-wk: thanks
<Almindor> is there a known bug with IO operations/copying on 10.04 LTS? (probably kernel bug with scheduler/IO)
<Almindor> I was copying ~300gb (normal cp command) and then I tried to install one small python module from apt-get and it stalled on "unpacking" until the CP was done
<Almindor> node that the copy was disk to different disk and the python module installs to a 3rd disk
<patdk-wk> your using lvm/dmraid/...?
<Almindor> I'm not using raid on any of the 2 disks being copied from/to
<patdk-wk> are any of the *devices* under /dev/mapper?
<Almindor> patdk-wk: the main disk (the one python module was installing to) is
<patdk-wk> not sure then
<patdk-wk> I know when writing to one, it will completely hog the system, haven't tried it on newer kernels
<Almindor> hmm
<Almindor> so there's a mapper bug in this kernel?
<patdk-wk> no one said it was a bug
<Almindor> well the "main" drive is actually two 500gb ones mapped (from what I can say, I didn't set this up)
<Almindor> but the secondary drives are all direct mounts via fstab
<patdk-wk> works, and works optimally, and works without affecting others, so many different levels, that don't even account for bugs
<Almindor> sorry but a cp command blocking other io operations is a major kernel bug
<patdk-wk> if that is the case
<Almindor> it's like back to DOS :)
<patdk-wk> atlesat in my cases, it didn't block, but it did bring it to a crawl
<Almindor> well I was installing python-argparse (few kb size) and it stopped on unpacking until the whole 300gb copy was done (about an hour IIRC)
<Almindor> so I think that's less than a crawl
<patdk-wk> an hour for 300gigs?
<Almindor> it was started in the middle
<patdk-wk> still, horrible slow performance there
<patdk-wk> ah, from single disks
<patdk-wk> I'm too used to using 20+ disk arrays
<Almindor> :)
<Almindor> this one only has 4 :D
<MoleMan> where is the system bash config stored?
<patdk-wk> bash has a config?
<patdk-wk> you know the system doesn't *normally* use bash right?
 * MoleMan starts thinking
<patdk-wk> it uses dash, unless you explicitally tell it to use bash
<patdk-wk> if there was a bash config, it would be the bash startup file, /etc/bashrc
<MoleMan> all the users are set to use /bin/bash    in /etc/passwd and I've not set that... unless I'm getting confused somewhere?
<patdk-wk> oh, /etc/bash.bashrc
<patdk-wk> (was actually on a redhat system, one of the 3 I have to deal with)
<MoleMan> thanks :)
<LoT> SpamapS: question for you, if you're alive.
<MoleMan> patdk-wk: do you know where the user specific config is as well pleasE?
<patdk-wk> in the users home folder
<SpamapS> LoT: whats up?
<LoT> just a small question... not sponsorship related but directly related to this bug: https://bugs.launchpad.net/ubuntu/precise/+source/php5/+bug/1014044
<uvirtbot> Launchpad bug 1014044 in php5 "PHP5-FPM not reporting errors to web server (nginx)" [Medium,In progress]
<LoT> shouldnt that be a crit one?  i was reading through the bugs triage guide, it said regressions should be crit
<LoT> unless i'm misreading it :/
<MoleMan> patdk-wk: strange, I can't find it but am sure I have used it before :/
<patdk-wk> it should make it in your folder
<LoT> wait, might've had an older version up :P
<patdk-wk> .bashrc
<MoleMan> only thing there is .bash_history :/
<MoleMan> uuunless... maybe it was my netbook I've changed it on before not my server :/
<patdk-wk> I haven't changed it, it was *installed* there by default for me
<patdk-wk> maybe when yo uadded users you didn't tell it to use the template
<LoT> SpamapS: nevermind, my browser had an (old) triage guide cached
<LoT> so apparently the thing was showing me ancient data
 * LoT cleared the cache and saw that there was no such requirement for regressions
<LoT> although this one probably needs regression tagging
<SpamapS> LoT: huh?
<LoT> SpamapS: nevermind.
<LoT> SpamapS: although i will poke you about the sponsoring of that debdiff, there's 6 groups using webhosting and the error logs arent useful because of php not reporing.
 * LoT has his own motivations for poking the debdiff on LP Bug 1014044 into precise
<uvirtbot> Launchpad bug 1014044 in php5 "PHP5-FPM not reporting errors to web server (nginx)" [Medium,In progress] https://launchpad.net/bugs/1014044
<SpamapS> LoT: patience. There are many sponsors, and only one of me. ;)
<LoT> :P
<LoT> patience is hard when you've got ISOs for each group contacting you daily saying "What's up with it not reporting"
<LoT> they keep thinking its hacks, i say "I don't know, there's a PHP regression"
<SpamapS> LoT: indeed, the fix will get out to them soon. :)
<LoT> that's what I said
<LoT> guess what, they dont listen :/
 * LoT is not pleased
<LoT> perhaps i should email the sponsors mailing list, poking them saying "This needs processing"?
<LoT> (probably not, but...)
 * LoT does have horrible impatience when being poked via email daily :/
<LoT> actually, wait, i have a PPA i can use for this until it shows up in -updates xD
<zul> adam_g: so we need to transition glance-client to python-glanceclient in the debian packaging fyi
<adam_g> zul: yes
<adam_g> zul: the thing is, python-glanceclient completely broke the user interface from the original glance client
<zul> yeah
<adam_g> so doing so is going to break anyones scripts/configuration managemenet/charms/etc
<adam_g> i have a half-done patch i want to get upstream that provides a compatability layer
<zul> cool beans
<zul> glanceclient is in main by the way so i just did the recommndes: from glance-client to python-glanceclient, when you compat layer gets in we will do a dummy transitional package in python-glanceclient
<adam_g> zul: what about dropping glance-client entirely?
<adam_g> zul: oh
<adam_g> i think the original client will disappear from the glance source at some point in the future
<zul> adam_g: glance-client will be dropped in gaglance
<zul> adam_g: right
<uvirtbot> New bug: #1032322 in partman-auto (main) "Swap space allocation for large memory systems needs improvement" [Undecided,Confirmed] https://launchpad.net/bugs/1032322
<adam_g> zul: where are you committing this stufF? i have a bug number that can be added
<zul> adam_g: openstack-ubuntu-testing branches
<adam_g> zul: lemme know when you've pushed it there
<zul> adam_g: done
<MoleMan> I'm probably being stupid here, but I'm trying to create a symlink and it won't work, the command I'm using is 'ln -s Dropbox/schematics MC-Chocobo/plugins/WorldEdit/schematics'
<MoleMan> well it appears to be trying to make it but not doing what I expect, if I try to list the contents of the symlink it says that it is not a directory, how do I create a symlink to a folder?@
<MoleMan> what do I need to do to get a symlink to a folder to work properly? it is currently refusing to acknowlege it is a folder and list from it...  the command I'm using is 'ln -s Dropbox/schematics/ MC-Chocobo/plugins/WorldEdit/schematics'
<MoleMan> oops
<r3dLunchb0x> anyone successfully setup up email alerts with nagios on ubuntu server 11.04? I have an issue where the email gets sent BUT it is using the wrong host name. I have checked all config files for nagios that even mention the host name and still it sends as wrong hostname.
<SpamapS> Hm, Ubuntu cloud mirror in us-west-1 going sllllooww..
<SpamapS> 87% [28 Packages bzip2 0 B] [34 Translation-en 372 kB/3341 kB 11%]                                                   3823 B/s 12min 56s
<Daviey> SpamapS: nothin' we can do about that.. i think you want to speak to IS :)
<SpamapS> isn't it S3?
<Daviey> SpamapS: haven't we handed it over?
<Daviey> arosales ^ ?
<SpamapS> Daviey: yes, I'm just surprised S3 would go so slowly
<SpamapS> of course, now its going afaster
<SpamapS> 16% [65 wget 0 B/277 kB 0%]                                                                                          2352 kB/s 1min 16s
<smoser> SpamapS,
<smoser> http://pad.lv/966577
<smoser> that is milestoned for 12.04.1 (by you on july 12). is that going to get there by next week?
<SpamapS> smoser: "maybe" :-P
<smoser> ok. then i leave that to you, and will forward on a very strong maybe
<uvirtbot> New bug: #975473 in maas "eliminate cobbler code copy" [High,In progress] https://launchpad.net/bugs/975473
<uvirtbot> New bug: #1032339 in mysql-5.1 (main) "package mysql-server-5.1 5.1.63-0ubuntu0.11.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1032339
<smoser> stgraber, ping
<arosales> Daviey: sorry, afk for some lunch. But, yes as SpamapS said, IS is now handling the S3 mirrors.
<SpamapS> thanks guys, I was just making a comment
<SpamapS> not a support request :)
<smoser> why is on 850443 http://status.qa.ubuntu.com/reports/kernel-bugs/reports/rls-p-tracking-bugs.html . is it solely the rls-p-tracking? is it appropriate for me to just take that off ?
 * ScottK demands support for SpamapS .
<bladernr_> hey, just out of curiosity, on a default Ubuntu Server install, is there a dbus method for getting info on network devices ( like driver and such)?  We can do it when NetworkManager exists, but that's not installed on server.
<stgraber> smoser: pong
<smoser> ^
<SpamapS> bladernr_: not that I know of.
<bladernr_> SpamapS: that's what I thought, just wanted to verify with someone... not a big deal, just an idea I had
<bladernr_> thanks!
<smoser> SpamapS, are you oging to do 945176 by next thursday?
<SpamapS> smoser: that, and the other one, are on my list to try and knock out by Monday. So, maybe again. :)
<smoser> SpamapS, deal.
<smoser> i promise no more nagging for at least 24 hours.
 * SpamapS tags smoser with 'geek-stop-nagging'
<Daviey> SpamapS: arosales has us mixed up :)
<arosales> Daviey: ah, SpamapS had the initial comment
 * arosales should read the back scroll a little closer
<Combatjuan> Can anyone suggest a way to determine the age of a particular network connection?  (in particular this connection goes through stunnel).  Bonus points if you can say when was the last time it was used.
<dannf> Combatjuan: ps -eo etime $(pidof stunnel) ?
<Combatjuan> dannf: Well, that did something... and it involved times.  I'll have to read a bit before I understand it.  Thanks.
<dannf> 'ps -eo cmd,etime | grep stunnel' maybe
<Combatjuan> dannf: It shows me the times, but not of what.  I guess I need another column containing the FD?
<dannf> its the elapsed time the process has been running
<dannf> assuming the stunnel process is running for one connection only (i don't know if multiplexing is possible - if so, this doesn't help)
<Combatjuan> dannf: The stunnel process hold 500 connections.  Well, almost.
<Combatjuan> I was hoping I could look at the mtimes on their file descriptors or something, or maybe use netstat to tell me age...  Presumably there is a way.
<Combatjuan> Anyway, I'm looking for the age of the individual socket connections that stunnel is holding.  I need to cause some of them to idleout early.
<phillw> Hi guys, re: http://ubuntuforums.org/showthread.php?p=12146694#post12146694 should I just reboot the crippled VM so as to get it resonable service for https://wiki.ubuntu.com/Thomas%20Ward ?
<phillw> you guys know servers, this is an unhappy one
<phillw> oh, sod it... if it is dying continously I'll reboot it.
<phillw> znc @ trekweb is going down for a reboot.
<phillw> the VNC server has its owner now back in charge.
<AlphaWolf> I am running Plex Media Server, but I can't get it to read one of my folders, and I think it's a permissions issue. The information from "ls -l" is as follows: Folder it can't read "drwxrwxr-- 1 joseph plugdev 24576 Aug  2 23:26 GeneralMedia", folder it can read "drwxrwxr-x 1 joseph      99    14 Aug  2 23:29 TimeMachine". I'm guessing it's the "x" at the end (which is other execute? so anyone can execute?), but running "
<AlphaWolf> chmod o+x GeneralMedia" does not change anything. One other note: GeneralMedia is an NTFS partition, whilst TimeMachine is a HFS+ partition.
<Takyoji> Is it sane to upgrade from 10.04 to 12.04, rather than waiting a few days for 12.04.1?
<smw_work> Takyoji, by "upgrade" you mean clean install?
<Takyoji> do-release-upgrade, specifically.
<smw_work> Takyoji, not sure I would do that on a server...
<Takyoji> Webserver
<smw_work> I would not trust it...
<smw_work> but whatever. I see no difference in waiting vs not waiting
<smw_work> 12.04.1 is just a snapshot in time
<smw_work> Takyoji, so I do not see how waiting a few days would change anything.
<Takyoji> it's just that it was stated in the documentation "It is generally recommended that users of Ubuntu 10.04 LTS wait until the first point release, due in July, before upgrading."
<Takyoji> Well, with Linode, I suppose I'll start a new instance, copy things over, then swap IPs over
#ubuntu-server 2012-08-03
<uvirtbot> New bug: #1032405 in nova (main) "RBDDriver does not support volume creation from snapshots" [Undecided,New] https://launchpad.net/bugs/1032405
<thepumpkin> Hi. I set the ipv4 in my linux container conf but is not getting the IP address the first time, it only works the second time I boot the container. any ideas?
<John> bump
<randomusr_> I could use some help installing and configuring DRBL server with PXE boot capability
<randomusr_> not sure which packages to install and whether there are caveats on 64 bit that I should be aware of. Could someone help?
<randomusr_> Can I use PXELINUX or freedos to then transfer a windows image over TFTP?
<randomusr_> google.com
<randomusr_> oops
<arooni-mobile> i'm seeing "The site's security certificate is not trusted!" after following a guide on slicehost.  i generated a ssl cert with startssl... not sure what i need to check next.  nginx and ubuntu 10.04
<Ubuntubruger9> ?question I've just set up a headless server with Ubuntu Server 12 on an old Lenovo M55, with a new Seagate Barracude 1 Tb SATA disk installed
<Ubuntubruger9> ?question everything is working fine and using it in an afp mac-only environment, but I want to idle the disk when the server is not in use as I only use it sporadically as a NAS - how do I go about doing this?
<nibalizer> arstu/win 19
<AdvoWork> I Currently have ubuntu-10.04.3-server-amd64.iso  I assume the alternative 12.04 is: ubuntu-12.04-server-amd64.iso?
<ScottK> Yes, although if you have an existing install, you can just upgrade it.  No need to reinstall.
<AdvoWork> ScottK, its a guest client on a XEN vm, so i have to supply a file name and install via xen
<AdvoWork> i installed 10.04.03 or something ages ago, did an upgrade to 12.04 and it nackered it, so doing a clean install
<uvirtbot> New bug: #1032550 in multipath-tools (main) "[multipath]  failed to get sysfs information" [Undecided,New] https://launchpad.net/bugs/1032550
<alex88> hi guy, is there a way to resize a lvm partition without unmounting?
<domas> hi! when I try to change RTO_MIN for routes using ip, instead of e.g. 300ms I end up getting 3ms and things break - http://p.defau.lt/?GQXenT2OEHRH8r1Q0jW_Xg - what am I doing wrong?
<alex88> i've a swap partition in a lvm group, how can i remove it and create a new one?
<cpg> hi, i am trying to figure how a good way to get a service program properly restarted upon a deb upgrade ...
<cpg> was looking for a couple of working examples
<cpg> i am smewhat knew to ubuntu
<cpg> how do i get the source for a given package, say mysql, or apache2, or monit
<alex88> cpg, apt-get source apache2
<cpg> alex88: ossom. worked like a charm. i feel some learning coming on
<alex88> eheh ;)
<domas> alex88: you can, swapoff first
<alex88> domas, yup, just found, the problem now is that the partition table is got, fdisk can't read it
<alex88> i'm using parted to create some partitions,  but i get this http://pastie.org/4383195
<alex88> the 2 new partitions has primary as name, how can i set this to empty?
<alex88> -brb lunch
<_ruben> domas: seems there's been some bugs in the rto_min stuff handling, might be that one's still present? using kernel 2.6.38 or newer?
<domas> _ruben: tested on lucid, will revisit precise soon
<WanderingEnder> Are there any special things I need to do with Ubuntu 12.04 LTS if deploying from the gallery image on Windows Azure?
<alex88> hi guys, why in mdadm --detail --scan some devices has /dev/md/2 and others /dev/md0? without the / before?
<patdk-wk> alex88, depends on how they where made
<roasted_> If my dhcp-server service is not automatically starting, what can I do to ensure it starts up each and every time the system starts up?
<alex88> patdk-wk, right, that was my issue when creating them, thanks :)
<WanderingEnder> roasted_: Although this isn't #Ubuntu, i'd say you could add it to your startup programs?
<roasted_> WanderingEnder, you're right - it's ubuntu-server - and I'm asking about dhcp server services. :D
<roasted_> WanderingEnder, I'd like to do it via terminal or whatever, not the gui startup apps
<WanderingEnder> Bah, sorry, thought this was offtopic. Give me a sec, let me remember how to do that in ubuntu.
<roasted_> WanderingEnder, hahaha, all good :D
<roasted_> WanderingEnder, is it /etc/rc.local?
<roasted_> I have to wonder why it's not doing this anyway... *shrug*
<WanderingEnder> update-rc.d
<WanderingEnder> If it has a rc script.
<roasted_> WanderingEnder, pardon? I just run update-rc.d in terminal?
<WanderingEnder> If not, you can manually run it from /etc/rc.local, using su - to be whoever you need to.
<roasted_> or edit that?
<WanderingEnder> Its a command. i.e.
<WanderingEnder> man update-rc.d
<WanderingEnder> update-rc.d <name> enable <service level> is a good one. I had to actually look it up, I haven't actually had to add something in months.
<WanderingEnder> note: if your thing doesn't have an rc-script, you can either make one (google, I have no freakin clue how anymore), or you can add it manually to rc.local
<uvirtbot> New bug: #1032633 in keystone (main) "Keystone's token table grows unconditionally." [Undecided,New] https://launchpad.net/bugs/1032633
<uvirtbot> New bug: #1031977 in clamav (main) "package clamav-base 0.97.5+dfsg-1ubuntu0.12.04.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1031977
<AdvoWork> does anyone know how much space is needed for 12.04 server?
<melmoth> AdvoWork, i have a shell on a 10G vm here, showing 8.7G still available
<AdvoWork> melmoth, perfect thanks, this is for a VM too, so if i give it 40GB i have plenty for other stuff too
<melmoth> sure
<AdvoWork> just installing ubuntu server, got to the partition stage where i can chose whole partition, or whole partition and setup LVM, would i want this LVM?
<mardraum> mmm, yes?
<mardraum> you would?
<AdvoWork> what exactly is it?
<koolhead17> Daviey, ping
<mardraum> AdvoWork: http://en.wikipedia.org/wiki/Logical_Volume_Manager_%28Linux%29
<uvirtbot> New bug: #1032721 in openldap (main) "package slapd 2.4.28-1.1ubuntu4.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1032721
<uvirtbot> New bug: #1032724 in linux (universe) "Cannot access IPMI card" [Undecided,New] https://launchpad.net/bugs/1032724
<arooni-mobile> having trouble with sslcerts.  i have this error message when i run: openssl s_client -connect www.magicpresspass.com:443 ==> "depth=1 CN = OpenVPN Web CA 2012.01.15 16:11:48 PST li25-146; verify error:num=19:self signed certificate in certificate chain"  how do i find and delete this cert?
<r3dLunchb0x_> does lvm on ubuntu automatically setup as raid 5 on ver 10.04?
<patdk-wk> do what?
<patdk-wk> lvm doesn't even support raid5
 * patdk-wk doesn't think lvm supports raid
<seekwill> It can do mirroring and striping
<patdk-wk> oh it can?
<r3dLunchb0x_> is there any other way to determine if my file systems are setup in raid 5?
<seekwill> Not sure if you'd call that "RAID" though ...
<patdk-wk> thought it just did lineir, and mirror
<patdk-wk> r3dLunchb0x, mdadm? and whatever dm-raid uses
<r3dLunchb0x_> right I thought you had to setup the devices in a raid 5 and then lvm the radied device.
<patdk-wk> r3dLunchb0x, that is a solution
<r3dLunchb0x_> mdadm wasn't even installed how do i tell if dm-raid is there?
<patdk-wk> but the goal is what says why you had to do it
<seekwill> patdk-wk: http://www.centos.org/docs/5/html/Cluster_Logical_Volume_Manager/LV_create.html Just happen to have that open
<r3dLunchb0x_> and this works on ubuntu server?
<seekwill> You don't really want RAID5
<patdk-wk> didn't know it could do stripe
<seekwill> r3dLunchb0x_: http://www.thedatacave.com/raid-5-is-dead
 * patdk-wk has 3 installs using raid5
<patdk-wk> so far 2 of them have failed horrible deaths
<seekwill> I'm trying to move towards SAN environments
 * seekwill drank the SAN kool-aid
<patdk-wk> these where san :)
<seekwill> oh :)
<patdk-wk> raid50 with 5 raid5's
<seekwill> nice
<patdk-wk> we just dumped our raid10 of 74 disks
<patdk-wk> moved to 6 raid6's
<patdk-wk> the *controller* wasn't fast enough to take advantage of the speed of the raid10
<patdk-wk> the raid6's are slower, but not enough to be user noticable
<patdk-wk> they are slower when installing updates, but users don't do that
<r3dLunchb0x_> so since mdadm and dmraid are not isntalled (no config files are found either) that means I'm not using a raid of any sort. correct?
<seekwill> Hardware RAID?
<r3dLunchb0x_> it is an HP Proliant 580 G7 and the controller is capable of raid, yet I am pretty sure it's setup as jbod.
<xnox> check bios settings, it could have been setup there
<seekwill> If it's hardware RAID, the OS generally doesn't really know
<seekwill> Your dmesg might show the name of the disks, that's how I usually tell
<r3dLunchb0x_> and what am i looking for in the dmesg? I don't see anythign about disks...
<seekwill> Do you have access to the console?
<r3dLunchb0x_> i do
<seekwill> Can you reboot it?
<r3dLunchb0x_> no i can't reboot it.
<r3dLunchb0x_> thought about that already. ;-)
<seekwill> Even for a little bit?
<seekwill> There's no real way to know for sure without jumping on the console
<seekwill> (and getting into the controller's setup)
<r3dLunchb0x_> right
<seekwill> Not that I'm aware of anyway. I could be wrong
<r3dLunchb0x_> i am on the ilom
<seekwill> I don't know if it shows up there
<r3dLunchb0x_> yeah, looking and nothing.
<r3dLunchb0x_> so my assumption is correct, lvm is NOT doing raid 5...maybe striping as the disks aren't mirrored
<seekwill> I wouldn't guess or make any assumptions
<seekwill> LVM doesn't do RAID5
<r3dLunchb0x_> correct, but since there is no mdadm or dmraid pkgs installed....
<xnox> r3dLunchb0x_: lvm can do raid0, raid1, raid10
<r3dLunchb0x_> xnox: how can i tell if my current situation is setup with a raid?
<xnox> how would i know
<xnox> r3dLunchb0x_: $ sudo lvdisplay
<r3dLunchb0x> thats what im looking for. someone is telling me one of the servers is running raid 5, lvm doesnt do raid 5 you have to have mdadm or dmraid pkgs installed which are not on this server.
<r3dLunchb0x> but i see that raid 1 is striping, and raid 10 is striped mirrors
<xnox> r3dLunchb0x: or it is setup in the BIOS with fakeraid or it is set up with hardware raid
<xnox> such that no packages are needed in the OS
<r3dLunchb0x> its not hw raid, i have full use of ever disk (for the most part)
<xnox> r3dLunchb0x: i am sorry, but i am off to sleep
<xnox> it's midnight here
<r3dLunchb0x> nighty-night
<pmatulis> r3dLunchb0x_: if you know the number of disks in use and their capacity you can deduce roughly the RAID level
<pmatulis> r3dLunchb0x_: you machine comes with a Smart Array P410i controller
<pmatulis> *your
<r3dLunchb0x_> pmatulis: thanks, that's my point. cowoarker believes everything is in raid 5 due to lvm...and im telling him no, but could be hw raid, but I am certain it isn't as I just setup a new server with the exact same hw and it was default jbod
<r3dLunchb0x_> so i am looking for *any* info that lvm on my server is setup to do raid.
<pmatulis> r3dLunchb0x_: how many disks does the OS see?
<r3dLunchb0x_> one "/dev/mapper-waandroid3  mounted on /"
<pmatulis> r3dLunchb0x_: pastebin output to 'sudo fdisk -l'
<r3dLunchb0x_> there are 6 1TB disks in the machine
<r3dLunchb0x_> ok, hold a sec...
<pmatulis> r3dLunchb0x_: include the output to 'df -hT'
<arooni-mobile> how could i be able to connect to 443 on my server (from my server) but not be able to do it from my dev box... ubuntu 10.04 lts server.  and nginx is hadnling 443: tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      7272/nginx
<r3dLunchb0x_> http://pastebin.com/4tpGpXd9
<pmatulis> r3dLunchb0x_: so you are using LVM
<r3dLunchb0x_> pmatulis: correct....and coworker believes it is raid 5 config
<pmatulis> r3dLunchb0x_: but LVM does not do RAID5
<pmatulis> r3dLunchb0x_: only mixtures of striping and mirroring
<pmatulis> r3dLunchb0x_: pastebin output to 'sudo pvs; sudo vgs; sudo lvs'
<r3dLunchb0x_> pmatulis: that's what im telling him and he is the lead, so he is pretty sure he knows its setup that way. I just want to show him he's wrong so we can get more disk as this server is at risk.
<pmatulis> arooni-mobile: could be a firewall or tcp wrappers
<arooni-mobile> heres my rules list: https://gist.github.com/98985f154f06a4c7660a
<pmatulis> arooni-mobile: or nginx has some authentication.  how are you checking?
<r3dLunchb0x> pmautils: here it is: http://pastebin.com/9KUNeBU2
<smokie> hey guys, if i want to run a bash file from rc.local at boot with root access, do i neeed to do anything specially or it doesnt matter?
<r3dLunchb0x> pmatulis: sorry: http://pastebin.com/9KUNeBU2
<pmatulis> smokie: list it in rc.local before the 'exit 0' line
<arooni-mobile> pmatulis, the problem is somehow (i think by installing openvpn before... which i have since uninstalled) my port 443 got mapped to a different port
<smokie> pmatulis, this will automatically make it run with root access?
<pmatulis> smokie: yes
<smokie> pmatulis, thanks
<PatrickDK> heh?
<PatrickDK> 6 1tb disks, and ubuntu sees 1 5tb disk
<PatrickDK> so something likely did raid5
<PatrickDK> but it wasn't linux
<PatrickDK> so it has to be hardware
<PatrickDK> smartctl -i /dev/sda, will likely tell you
<r3dLunchb0x_> PatrickDK: I had to install smartmontools to use that ocmmand here is the output: http://pastebin.com/v7Pm6PYD
<PatrickDK> so it's using some hp raid card
<r3dLunchb0x_> PatrickDK: and I don't think it is raid 5, i think it is JBOD
<PatrickDK> explain this
<PatrickDK> 6 1tb drives != 5tb
<PatrickDK> 6 1tb JBOD = 6 drives
<r3dLunchb0x_> and the only way to tell is to reboot and go into the hp raid controller's setup
<PatrickDK> you have 1 5tb drive
<r3dLunchb0x_> ok, doesn't make it raid 5 automatically.
<PatrickDK> no, could be raid0 with 5 disks
<PatrickDK> could be you lied, and it's a single 5tb drive :)
<PatrickDK> that you brought from the future
<r3dLunchb0x_> and that's my point, LVM doesn't do raid 5 unless you use mdadm or dmraid pkgs
<PatrickDK> that point was made long long ago, stop it already
<PatrickDK> you oviously have a hardware raid card in there
<PatrickDK> if you want more info about it, use lshw, it normally will
<r3dLunchb0x_> ok, that command is showing some promising info....what exactly would show it is in a hw-raid
<PatrickDK> nothing
<PatrickDK> IT'S IMPOSSIBLE to show that info
<PatrickDK> cause how do we know if it's a real disk, or a make believe real disk
<r3dLunchb0x_> gotcha.
<r3dLunchb0x_> or one from the future ;-)
<PatrickDK> someone might have done this to your server: http://img.photobucket.com/albums/v11/Ba-Ka/DSC_0781.jpg
<PatrickDK> nothing like shoving in a few extra
<seekwill> lol
<seekwill> That won't last very long
<PatrickDK> it will outlive you :)
<seekwill> omg... are you threating me???
<PatrickDK> only in the politest of ways
<seekwill> ah ok :)
<PatrickDK> hmm, today seems to be a big spam day
<r3dLunchb0x_> PatrickDK: that's funny, gonna save that and send it to my boss with caption :I have found a way to extend our disk space! lol
<r3dLunchb0x_> laters,
<RoyK>  
<PatrickDK>  
#ubuntu-server 2012-08-04
<Maiz_en_Heces> anybody here?
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<RoyK> oops - seems mr maiz left
<cpg> hi, i have a binary deb in the file system
<cpg> it's an update from the latest in the repo
<cpg> would like to update the installed deb with the binary one
<cpg> let's call it my-deb_0.20_i386.deb
<cpg> i tried this:
<cpg> apt-get -y install my-deb_0.20_i386.deb
<cpg> i get an error that it cannot locate that package
<sagaci> is ubuntu server supported for 5 or 7 years. I was pretty sure it was 5, but the official CD's say 7 on the CD case
<sagaci> 12.04 LTS server, I mean
<ScottK> It's 5
<sagaci> righteo, thanks
<sinafe> Hi
<SpamapS> sinafe: HELLO!
<uvirtbot> New bug: #1029760 in glance (main) "missing dependancy python-support" [Undecided,Invalid] https://launchpad.net/bugs/1029760
<uvirtbot> New bug: #1030266 in mysql-5.5 (main) "package mysql-server-5.5 5.5.24-0ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Invalid] https://launchpad.net/bugs/1030266
<uvirtbot> New bug: #1032923 in openldap (main) "package libldap-2.4-2 2.4.28-1.1ubuntu4 [modified: usr/share/doc/libldap-2.4-2/changelog.Debian.gz] failed to install/upgrade: libldap-2.4-2:amd64 2.4.28-1.1ubuntu4 cannot be configured because libldap-2.4-2 (dup-of: 1029415)" [Undecided,New] https://launchpad.net/bugs/1032923
<ubuntucloud954> hi
<ubuntucloud954> i am working on openstac ubuntu cloud as a my study project my problem is after configure that how to run that instance
<ubuntucloud954> ??
<Daskreech> Hello inquiry. On an inital install of cups how long does it take to configure the ppd drivers? It's been running for an hour now
<ubuntucloud954> http://www.hastexo.com/resources/docs/installing-openstack-essex-20121-ubuntu-1204-precise-pangolin i used this and try to make my own cloud.. it took approx.. 5 to 6 hours..
<ubuntucloud954> but problem is how to run that instance..?
<ubuntucloud954> i can create new user and instant and can also upload new image..
<xr1rr> a user in mysql not showing up in userlist, but works because wordpress database is using it?
<xr1rr> but instead in userlist have three root user
<xr1rr> is there any way to get more info about this
<maxb> xr1rr: When you say userlist, what exactly are you referring to?
<xr1rr> this is the command I used: SELECT User FROM mysql.user;
<maxb> Try installing the maatkit package if you don't already have it, and run the shell command mk-show-grants
<maxb> If that shows significantly different results to your inspection of the database, the most likely cause is that the grant tables have been modified but 'FLUSH PRIVILEGES;' has not been executed
<xr1rr> maxb: installed it and what is the command I need
<maxb> mk-show-grants
<xr1rr> this gives me a error
<xr1rr> failed, access denied for user 'root'@'localhost'
<maxb> oh, well, give it appropriate username and password arguments for your database
<perre`vl> oii
<perre`vl> someone awake ? ( and active )
<Daskreech> no but don't let that dissuade you
<perre`vl> i have a problem with ubuntu server / webmin / user
<perre`vl> i made a nuew user... logged in with ssh
<PatrickDK> perre`vl, you should :)
<PatrickDK> webmin doesn't get along with ubuntu
<perre`vl> but all the files & folders i make are white
<perre`vl> i remember from early that users have colored files & folders
<perre`vl> english is not 1st language so sorry
<perre`vl> it's more like 3th or 4th
<PatrickDK> I don't know what colored is
<PatrickDK> but my screen only has two colors
<perre`vl> light & dark green ?
<PatrickDK> na, not that old :)
<PatrickDK> white and black
<perre`vl> :)
<perre`vl> mono
<PatrickDK> could be amber :)
<perre`vl> i search for an example
<perre`vl> brb ( i hope )
<perre`vl> something like this: http://glassofdutchwine.files.wordpress.com/2011/02/putty_colour3.png?w=630
<perre`vl> it's an image
<PatrickDK> well, set your terminal type correctly to get that
<perre`vl> if i login as admin then i have colors
<perre`vl> if i login with the new user it's all white
<perre`vl> and how i do that ?
<PatrickDK> yes, cause you created the user home dir, without using the profile
<PatrickDK> so ti didn't install the *default* login init script
<PatrickDK> that says, if you can do colors, enable colors
<PatrickDK> looks in /etc/skel/
<perre`vl> as admin or as user ?
<PatrickDK> well now, your going have to do it manually
<PatrickDK> cause you didn't tell adduser to do it for you
<perre`vl> it's an empty folder
<PatrickDK> no it's not
<perre`vl> ls /etc/skel
<perre`vl> no results
<PatrickDK> that != empty
<PatrickDK> ls -la /etc/skel/
<perre`vl> now there are files ;)
<perre`vl> i worked it out
<perre`vl> thanks
<perre`vl> you have paaypal so i can send you a beer ?
<PatrickDK> na
<Daskreech> Paypal takes beer now?
<merval> Whoa. barter system style?
<Daskreech> beer for code has been a long currency exchange
<merval> Yeah, I've seen that around the whole "Buy me a beer" thing
<adac> How can I install all available image libraries?
#ubuntu-server 2012-08-05
<uvirtbot> New bug: #1033096 in openldap (main) "request to have sha2 module in contrib included in package" [Undecided,New] https://launchpad.net/bugs/1033096
<uvirtbot> New bug: #999710 in lm-sensors (main) "package libsensors4 1:3.3.1-2ubuntu1 failed to install/upgrade: conffile './etc/sensors.d/.placeholder' is not in sync with other instances of the same package (dup-of: 987714)" [Undecided,New] https://launchpad.net/bugs/999710
<uvirtbot> New bug: #999785 in lm-sensors (main) "package libsensors4 1:3.3.1-2ubuntu1 failed to install/upgrade: conffile './etc/sensors.d/.placeholder' is not in sync with other instances of the same package (dup-of: 987714)" [Undecided,New] https://launchpad.net/bugs/999785
<uvirtbot> New bug: #998337 in lm-sensors (main) "package libsensors4 1:3.3.1-2ubuntu1 failed to install/upgrade: conffile './etc/sensors.d/.placeholder' is not in sync with other instances of the same package (dup-of: 987714)" [Undecided,New] https://launchpad.net/bugs/998337
<uvirtbot> New bug: #999397 in lm-sensors (main) "package libsensors4 1:3.3.1-2ubuntu1 failed to install/upgrade: conffile './etc/sensors.d/.placeholder' is not in sync with other instances of the same package (dup-of: 987714)" [Undecided,New] https://launchpad.net/bugs/999397
<codemaniac> Morning all
<codemaniac> can anyone let me know how to get involved with the Ubuntu server team
<tarvid> I want grub to timeout instead of hanging on the grub menu on restart, how do I do that?
<tarvid> I am running headless and restart hangs on the grub menu, how do I fix that?
<tarvid> http://paste.ubuntu.com/1130113/
<tarvid> I now have two serious bugs which would disqualify Ubuntu Server in a headless environment
<tarvid> I can't get anyone to take this seriously.
<trimeta> Does anyone have experience using nut to manage their UPS? I'm having trouble loading the USB driver.
<trimeta> Everything online refers to a regression that happened two years ago on an old version of the software...I don't think it's relevant to my problem.
<trimeta> Ah, it looks like my udev rules aren't being honored, so I needed to manually chown and chmod the USB device. That sucks...I guess I'll have to figure out the real problem later.
<uvirtbot> New bug: #990396 in samba (main) "package samba 2:3.6.3-2ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Low,Expired] https://launchpad.net/bugs/990396
<Gaming4JC> Is there a way of rsyncing/mirroring the contents of two ubuntu servers? Kinda like your own cloud.
<Gaming4JC> needed for a game server since one keeps failing and we need a backup
<Gaming4JC> :D
<Gaming4JC> http://freecode.com/projects/superflexible might do the trick according to my research
 * Gaming4JC keeps DuckDuckGoing it :)
<Gaming4JC> ok my VPS has 902MB of ram free and 98GB of space...
<Gaming4JC> so if you would like an account for a backup server I could make one :)
<Gaming4JC> already paid for it for a full year because it hosts minecraft
<Gaming4JC> wrong channel
<Gaming4JC> lol
<JoeCoder_> not sure where I should ask this question.  Does anyone know why I can't post questions in #postfix?
<JoeCoder_> IRC always tells me, "#postfix Cannot send to channel"
<JoeCoder_> nothing in the channel topic gives clues
<Garbee> JoeCoder_, Please read the message from Chanserv to get your answer to that question.
<mikeey> can i somehow reduce the amount of rescheduling interrupts?
<mikeey> i'm running a lot of gameservers on one machine
<mikeey> and they don't like interrupts
<qman__> that's a compile-time thing
<qman__> look into the linux-rt kernel
<qman__> it's built for that sort of need
<mikeey> right, do you have a tutorial/how-to on how to compile it? I have experience in "regular" compiling but not applying patches and all that
<mikeey> or is it in any of the repos
<mikeey> http://www.ubuntubuzz.com/2012/03/real-time-linux-installation-on-ubuntu.html
<mikeey> should work?
<mikeey> the rt-kernel |shouldn't| increase cpu usage?
<mikeey> or should it?
<COner> hello - does anyone know how to setup live migration under UEC?
<COner> i'm having trouble finding any information about it online - or even how to query which node my images have been deployed to
<COner> awesome
#ubuntu-server 2013-07-29
<Shadowandlight> im very new at using linux / cmd line... but i am trying to get this app running on ubuntu server... i had it running and now its not working after i restarted the server... [29/Jul/2013 04:53:30] "GET /static/bootstrap/css/slate.css HTTP/1.1" 500 59
<Shadowandlight> apache shows running, but there is no style sheet coming up for the web app
<babinlonston> I want to monitor the Whole Posgresql  in nagios how can i do it
<hack13> I have a pretty fresh install of ubuntu 12.04 LTS 64bit running on a new dedicated server. I installed webmin as I have done hundreds of times before, however this time I seem to have it stuck. It is showing it working, firewall dissabled, but I have no idea what log to look at to see what is wrong.
<antihero> how do I get raw keys from keyserver.ubuntu.org?
<antihero> http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xCBCB082A1BB943DB that without the HTML
<andol> antihero: By speaking hkp?
<andol> antihero: Unless you want to use the regular gpg binary for that I'm sure there are plenty of libraries which should be able to do that key fetching for you.
<bigbrovar> let me take a screenshot
<bigbrovar> http://imgur.com/7Raxc1z
<bigbrovar> thats the screenshot
<bigbrovar> under the record information it is listed as a book
<bigbrovar> but the holding information is blank
<mgz> anyone know any issues with the current saucy-daily cloud images?
<mgz> I'm not getting my machine out of BUILD currently
<GH0> Hello, I was wondering is SELinux policies enabled by default, or is AppArmor a replacement of that?
<iclebyte> has anyone ever managed to get ncftp to work through an FTP proxy?
<GH0> I have been having some issues with a web app (which I think is just the fault of the dev), but he wants me to disable SELinux, which I don't think is enabled in the first place.
<Madkiss> folks, I am seeing a problem here with Ubuntu Server. I have a DRBD resource that delivers me about 1.3gb/s of performance. and then, I run an iSCSI target on top of that, and the iSCSI target gets me about 45mb/s. I wonder what's wrong?
<patdk-wk> Madkiss, likely? nothing
<Madkiss> hu?
<patdk-wk> why would that be wrong?
<Madkiss> well. there is a little performance drop between DRBD and the iSCSI stack laying right on top of DRBD, don't you think so?
<patdk-wk> I dunno, you didn't finish describing the test you did
<patdk-wk> was this done over gigabit network?
<Madkiss> no. This is 10GE throughly. And ... did my message get cut off?
<patdk-wk> was the iscsi lun setup for sync or async?
<Madkiss> it's the lio default
<Madkiss> patdk-wk: I'm testing with DD, btw.
<jdstrand> GH0: selinux is not enabled by default in Ubuntu
<jdstrand> GH0: apparmor is used instead, but we don't confine apache by default
<herent_laptop> Hi - I have a question about backing up a remote server before attempting an upgrade
<herent_laptop> Right now I'm rsyncing down everything to my local machine
<herent_laptop> But I'm not sure exactly how to restore that if my upgrade from 10.04 (think that's what it's at now) doesn't work right
<herent_laptop> I've been trying to find tutorials online, but haven't seen much
<herent_laptop> Any help would be appreciated
<ikonia> why are you doing an rsync backup if you don't know how to use it to restore ?
<herent_laptop> To have the files
<ikonia> what good are they if you can't use them to restore ?
<herent_laptop> I'm guessing that there is a way to use them, I'm just not completely sure how
<sarnold> .. hence the question :)
<ikonia> herent_laptop: is this a vps ?
<herent_laptop> Yeah
<ikonia> herent_laptop: right, the best way is to ask your vps provider to take a snap shot of the disk
<herent_laptop> There's no real gui for it, though
<ikonia> then in the event of failure the disk can be switched/restored from that snap shot
<herent_laptop> I'll ask them, it's my old job that's hosting it
<ikonia> you're not going to realistically rsync a whole machine over the internet, for a restore, more so when you potentically can't even boot the machine
<herent_laptop> I asked the sysadmin a few months ago and he just said that it could be rsynced pretty much anywhere to restore
<ikonia> then he should be sacked
<herent_laptop> So I started in on that, there's only 14gb
<sarnold> depends on your goals and abilities, and the data you're backing up..
<ikonia> rsyncing the os for a potentical upgrade restore over the inernet....is crazy
<herent_laptop> Pretty much the only stuff I _really_ need is the web root
<ikonia> rsyncing some personal data that is nothing to do with the OS or configuration files, sure
<ikonia> herent_laptop: right, so grab that, and ask them to take a snap shot of your OS disk
<herent_laptop> There isn't really much for personal stuff on there at all
<Mosselman> hey guys. I want to host my e-mails myself in order to (partially) prevent employees of my web host (and the NSA) snooping through my stuff. Would it be possible to setup a VPS with my e-mail server and then prevent employees from the cloud company to access the machine?
<Mosselman> I was thinking something along the lines of 2 way authentication
<sarnold> Mosselman: 2fa cannot prevent the hard drive from being pulled, or the machine being pulled from the rack while under an altnerative power supply
<Mosselman> sarnold: I was thinking of encrypting either way
<sarnold> Mosselman: how would you provide the decryption key at boot? :)
<Mosselman> sarnold: it is primarily that I don't want them just looking around
<Mosselman> sarnold: that is a good point ;)
<Mosselman> impractical for e-mail
<patdk-wk> sarnold, thinking too hard :)
<patdk-wk> mosselman, even if you encrypted everything, all emails outside of that server could easily be read
<patdk-wk> so any emails you send/receive from me, could easily be snooped by the nsa
<patdk-wk> or gmail, or anyone else, that doesn't have a user account on that server
<Mosselman> patdk-wk: I know, but I can't control that part (without pgp). I can only do what I can
<patdk-wk> yes, but if that part isn't secure, why even bother securing the rest? it's a pointless excersize
<sarnold> patdk-wk: heh, yeah, here's me assuming that gpg was of course part of the solution :)
<patdk-wk> well, you have a few issues
<patdk-wk> you can encrypt the whole server, and use an initrd ssh unlock
<patdk-wk> the issue there is, anyone with physical access *nsa/fbi/...* can modify the initrd so it will record the unlock password when you supply it
<patdk-wk> you can't use a tpm device, as that is pointless, cause when they take the server, they take the tpm also
<patdk-wk> so best you can do, is do the initrd thing, and hope you never type your password in, after someone is monitoring it onsite
<Mosselman> patdk-wk: thanks for the info
<Mosselman> the alternative is running it on my NAS, but I am not sure about reliability (up-time etc)
<patdk-wk> I think your giving too much credit to the employees at the cloud company
<patdk-wk> they aren't going snoop through your emails
<ikonia> this is just a crazy question
<patdk-wk> cause they are like every other employee, too lazy
<ikonia> as you've been told in #ubuntu
<ikonia> while your runnign on a VPS the host will always be able to access
<Mosselman> patdk-wk: I agree with that, I am not under the impression that they are all waiting to read my mail anyway, but it is like with bike locks, if you have 1, someone might figure they'd like to cut it and steal your bike, if you have 100 there will still be that guy who, if he wants to, will cut all 100 of them
<Mosselman> so it is not so much about 100% security, but rather making it a tiny bit harder
<ikonia> you're not making it harder
<ikonia> the vps host owners will be able to access your data
<Mosselman> ikonia: sure love
<patdk-wk> as long as they don't poweroff your machine, all bets are off, they have full access
<ikonia> Mosselman: you must understand that the virtual machines are "virtual" provided by the physical resources of the host, the people control the "host" so they can access your virtual devices,
<patdk-wk> lucky, the fbi hasn't figured this out yet
<IdleOne> Mosselman: They own the servers, they keep root access. The real question is why would they bother accessing your data.
<ikonia> Mosselman: hence why I keep telling you, what you are suggesting doesn't matter, the hosts will have access to the guests
<ikonia> as administrators of the host they have power over the guests
<ikonia> it's just stupid NSA paranioa
<sarnold> patdk-wk: sure they have; they know to shove a UPS onto powerstrips :P
<Mosselman> I am not talking about theoretical access, I am talking about the way in which you access things. From a practical point of view.
<ikonia> Mosselman: they have total practical access
<patdk-wk> there is nothing theoretical about it
<Mosselman> Lets say that you leave your diary with me. If I leave it in my car I will still have full access, but I'd have to walk all the way over there to read it. If I have it lying next to me on my desk I'd just flip through it right then and there.
<ikonia> Mosselman: multiple people are telling you "they will have access" and you keep arguing
<ikonia> Mosselman: if you think you are correct, why are you asking ?
<ikonia> get on with "doing"
<Mosselman> ikonia: I don't disagree with them having access
<ikonia> Mosselman: then whats the problem, your question was to stop them having access
<ikonia> what is your question if it's not that ?
<Mosselman> no it wasn't
<Mosselman> ikonia: do you have trouble with analogies or what?
<Mosselman> or are you just trolling?
<ikonia> just ask the clear question then
<ikonia> both myself and patdk-wk seemed to be under the impression you where trying to stop them having access
<patdk-wk> Mosselman, just hope you are not my customer :)
<Mosselman> ok, so lets say I am an employee of a VPS service. How would you access my VPS's files?
<patdk-wk> the harder someone makes it, the more *interesting* it becomes to do
 * sarnold makes note .. don't .. buy .. from .. patdk..
<Mosselman> unencrypted etc
<ikonia> Mosselman: I'd mount your disks onto the hosts
<ikonia> Mosselman: and read them
<LjL> Mosselman: i hope you're going to encrypt RAM too
<LjL> (how the CPU will be able to read that then is a question left to the reader)
<Mosselman> LjL: you raise the point that I am trying to make. So ikonia  what if the drives are encrypted. Does that change any of the commands you need to perform to mount the drives?
<ikonia> Mosselman: no, because you've unencypted them to access them
<ikonia> Mosselman: so I can own your session and either read directly, or mount where I want
<ikonia> because the resources are on the "host" not the "guest"
<Mosselman> ikonia: and is there a way to prevent this or make it harder? with harder I mean even adding a few commands
<patdk-wk> with a vps? impossible
<ikonia> Mosselman: no, as I've said multiple times
<patdk-wk> you don't have host root access to do anything
<patdk-wk> I was atleast assuming a real physical server
<LjL> Mosselman: what you're trying to achieve is called "security by obscurity", and is frowned upon by anyone in the security field, so you're probably going to be on your own implementing it
<patdk-wk> cause the second you talk about encryption, you don't do *sharing*
<Mosselman> LjL: I know, it is not so much security, but more about security through lazyness
<ikonia> Mosselman: and as I said anyone, it doesn't matter as you fire emails out across the public interenet, so they can be read in transit
<ikonia> Mosselman: it's not security at all
<Mosselman> LjL: because lets say in the case of a physical server you'd be able to still attack through the RAM ,but that is waaaay more trouble than just doing ssh root@127.0.0.1
<ikonia> Mosselman: I'm sorry "shell attack"
<ikonia> what ???
<patdk-wk> on both, I would just attack your website :)
<Mosselman> ikonia: I still don't really believe you are getting the point, but thanks for the answer earlier
<Mosselman> patdk-wk: probably the best way yes
<ikonia> Mosselman: you don't seem to grasp how this works
<patdk-wk> and once I did so, I wold have access to your unencrypted system
<Mosselman> ikonia: it was an example
<ikonia> Mosselman: what is the point of all this fantasy security to stop people reading your emails, if I can sit reading them as they pass through your ISP's gateway
<LjL> Mosselman: yeah except no, that's just deluding yourself into thinking the attacker is probably an idiot and won't read your RAM. "waaaaay more trouble", in security terms, is when it takes you 100000000 years to crack something instead of just 100, not when it takes someone who knows the right command
<Mosselman> also, sniffing the network for all my e-mails or something is also more trouble than just opening up the drive
<ikonia> Mosselman: no it's not
<ikonia> Mosselman: it's a doddle
<patdk-wk> what would be just as *secure*
<patdk-wk> would be to use pop3, and not allow emails to be left on the server
<sarnold> Mosselman: heh, except the email-sniffing infrastructure is already set up, running well for eight or ten years :)
<Mosselman> patdk-wk: I like that idea
<ikonia> sarnold: exactly
<Mosselman> sarnold: haha yeah that is another story
<Mosselman> ;)
<ikonia> I see it every day
<patdk-wk> ovh *claims* to have set up one
<patdk-wk> that mirrors all smtp traffic for monitoring
<ikonia> which is why I do'nt get why Mosselman is telling me what is easy / hard to do, when he doesn't really seem to understand the basics
<Mosselman> ikonia: just because I ask something doesn't mean I don't know anything about it.
<Mosselman> sometimes you have to verify what you know or might not know
<ikonia> Mosselman: I don't think it does, but you telling me "X is hard to do" when its easy, suggests you don't
<ikonia> more so when it's already in place with every ISP/DC
<Mosselman> ikonia: 'hard' is relative
<ikonia> Mosselman: you're just making excuses now to hide the fact that you didn't know
<Mosselman> So lets say for example, 'harder' would be switching from web hosting e-mail to VPS run e-mail?
<Mosselman> ikonia: you can believe whatever you want
<ikonia> Mosselman: why ? what benifit would that do
<ikonia> when I can read your mail as it goes through the ISP gateway
<Mosselman> ikonia: because then I don't have to convince you otherwise
<ikonia> which is VERY easy
<ikonia> Mosselman: what is the point in asking for help for you to disagree with everything and say you know already
<ikonia> why not get on with your setup if you know already
<Mosselman> ikonia: you are ignoring the physical situation, the human element
<ikonia> what physical situation ?
<Mosselman> of the employee
<ikonia> you've just mentioned that
<ikonia> of what employee ?
<patdk-wk> well, if we take humans into account
<patdk-wk> there is no point in securing anything
<patdk-wk> cause humans will leak passwords willingly
<Mosselman> who is sitting around in the call centre bored and decides to check whether my gf has sent me any naked pictures while he is waiting for his next call
<ikonia> Mosselman: call centre ?
<ikonia> Mosselman: a call centre doesn't manage your email
<Mosselman> ikonia: that is what I mean, we are talking about 2 different things
<ikonia> Mosselman: network ops teams do - who sit there monitoring it 24x7 - as thats their job
<ikonia> so "who sits there doing that" - the people who run your network do
<Mosselman> ikonia: anyone who is bored who works there with access to files
<ikonia> Mosselman: what ??
<ikonia> Mosselman: you are making zero sense and just changing fantasy situations every 30 seconds
<Mosselman> You are talking about attackers, I am talking about untrustworthy employees who are just killing time doing a shitty job
<ikonia> Mosselman: tone down the language
<Mosselman> ikonia: I am not, I started with this in my very first message
<ikonia> Mosselman: I'm not talking about attackers
<ikonia> Mosselman: I'm talking about people monoitoring network infrastrcture as their job
 * patdk-wk would wonder why gf would email said pictures, and who else she sent them too
<patdk-wk> she would be gone that moment
<Mosselman> patdk-wk: haha I don't know, was an example. could be the mistress as well
<patdk-wk> ya same deal, I don't need a *log* that would show her
<Mosselman> ikonia: never mind dude, thanks for the info and sorry for making your life miserable
<patdk-wk> and that includes her email client
<ikonia> you've not made my life miserable
<Mosselman> ikonia: I am glad, it seemed that way
<ikonia> not really
<ikonia> just didn't want you to waste time with a pointless task, or believe something was secure when it was far from it
<Mosselman> thanks for the info patdk-wk
<Mosselman> ikonia: I think it was just a misunderstanding
<ikonia> it really wasn't
<Mosselman> that is the definition
<Shogoot> Hi people. Just wondering if this is at all possible. I got a ubutnu server box that runs a seedbox - rutorrent and a webgui listening on port 80 (its installed with a script from the torrent invite site). I own a adress mysite1.com and it pointing to my routers public ip. IS it possible to have ANOTHER box running a webserver to host my personal site?    How would the two  machines listening on port 80 know who of them are cal
<Shogoot> led?
<sarnold> Shogoot: run a proxy in front of them, nginx, apache, something like that. the proxy is on port 80, and based on the pathnames knows whether to bounce to the serve on port 81 or server on port 82
<Shogoot> oh ok... would that be a third machine requied for doing that?
<adam_g> roaksoax, check out the tests in nova-compute. you can copy test_utils.py to your charm and inherit from CharmTestCase, then you have a fully mocked relation environment
<sarnold> Shogoot: you can use one, two, or three machines, as you wish :)
<Shogoot> im going to have a challenge in making this work :)
<Shogoot> thanks for your tip ill look into it, now that i know where to look.
<sarnold> Shogoot: check out "reverse proxy" here: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
<Shogoot> sarnold, nice, thank you very much
<roaksoax> adam_g: ok cool
<GH0> jdstrand, thanks for the response. That is what I figured, I think the web app developer just doesn't want to admit that the problem is his issue. I will let him. Thanks. :)
<roaksoax> adam_g: so how do you run the tests?
<adam_g> roaksoax, ive been running with nose
<roaksoax> adam_g: ok cool thanks
<adam_g> roaksoax, nosetests -svd $tests_dir/ should discover and run the tests
<roaksoax> adam_g: yep! thanks!
#ubuntu-server 2013-07-30
<kennett> I need help w/ automated pxe install.
<kennett> The installation stops because of default route.
<Senor> How can I connect into one private network through ssh tunnel?
<kennett> http://pastebin.ubuntu.com/5927748/  that's my kickstart.cfg file. What am I missing or doing wrong?
<echod> hi, I'm looking for some help setting up my own linux VPS server (at home, on my own machine) but all I find are tutorials for setting up a VPS on an account you buy. Can anyone help me out, point me to some good recources, guides ... thanx !
<mardraum> echod: http://wiki.libvirt.org/page/UbuntuKVMWalkthrough
<mardraum> that should get you started - and you can stop calling it "VPS" right now, it's a "VM"
<mardraum> that page is pretty basic and perhaps not 100% correct with a current release, but you can google and read the rest (eg about libvirt)
<mardraum> you don't *need* libvirt but it is a popular framework for handling virtualisation
<echod> thanx mardraum, Il look into it ! yeah I was beginning to think I was searching for the wrong thing, Guess I'l better focus on VM and everything that has to do with it then. Thanx a lot !
<mardraum> key terms are perhaps kvm, qemu, libvirt, vm
<echod> forgot to say, I'm a noob (in webservers and linux anyway), but I'm sure you already gathered that hehe
<echod> ah, ok, thank you
<mardraum> well, you don't need a webserver at all (as in http)
<mardraum> so you win there :P
<echod> hehe
<echod> right, have some reading to do ... bb
<ghostlines> hi all, does ufw block all incoming & outgoing connections by default?
<hewhocutsdown> how do you install print drivers on server sans GUI? CUPS is easy, but wasn't sure about the driver installation.
<jdstrand> ghostlines: by default it blocks most incoming and allows outgoing with stateful tracking (see man ufw)
<ghostlines> thanks, I see the problem now I have a bridge setup, and ufw blocks the bridged traffic that my KVM vm's use
<resno> I'm using a FTP program, with chroot. The only way to include other dirs I see is by mounting dirs. When you unmount the dir, the files disappear out of the dir and into the users location. Am I doing something wrong or is that intended behavior?
<mardraum> resno: I think you better go back to square one and describe wtf you are using and doing in detail.
<resno> I am using VSFTPD for FTP access.
<resno> I have set it up to use chroot to stop users from moving ebyond where they should.
<resno> In order to allow users to access multiple directors, the only method is using a mount. I issue the mount, but when I umount it, the file are moved from their intended location back to users original mount place.
<mardraum> I think you shouldn't be using chroot then
<mardraum> it's for a specific purpose, seemingly not what you need
<resno> mardraum: do you think theres a better way to secure access?
<resno> or is that for me to find?
<mardraum> er
<mardraum> I kind of gave up suggesting because you seem to want to use FTP
<resno> Oh, user wants ftp :(
<mardraum> but I would look into SFTP, as provided by SSH
<resno> im kinda forced into it
<resno> ya, is that well supporteed?
<resno> i looked into it a bit
<mardraum> filezilla does it
<resno> cool, ill look into that then
<resno> do you have experince with it?
<mardraum> and you can use the sftp only hooks into SSH that ubuntu provides with openssh
<mardraum> sure, it's way better than ftp on so many levels.
<resno> for staters its go secure ;)
<resno> mardraum: and it does chrooting as well im sure
<mardraum> yes. just remember the chrooted dir has to be root owned
<mardraum> you can make a dir for users under that
<mardraum> that they can write to
<resno> that would also mean it would use port 21 or the ssh port defined?
<mardraum> just 22
<mardraum> sftp has absolutely nothing to do with ftp
<mardraum> (thank god)
<resno> lol, i meant 22
 * Pici hates ftps
<caraconan> Hi there. Any good howto for Ubuntu server of sssd?
<resno> whats sssd?
<caraconan> sssd -> service that (I hope) will allow to specify different sources of authentication
<caraconan> My goal is set up SSH + LDAP in a particular server
<caraconan> Thus use LDAP users instead of looking up /etc/passwd local file
<mardraum> why not use ldaps?
<caraconan> ldaps? What's that?
<zul> roaksoax:  mind reviewing? https://code.launchpad.net/~zulcss/nova/sqlalchemy-fixes-0.8/+merge/177615
<pmatulis> ldaps is pretty much deprecated
<caraconan> Hi there. I'm following a sssd howto, and I need to know which is the "default PAM configuration file" on Ubuntu server. More context on http://paste.debian.net/20207/. Thanks
<pmatulis> caraconan: without looking too deep i would say /etc/pam.d/common-auth
<caraconan> pmatulis: thanks
<klnlnll> Hi there, whenever I install 12.04 on this server that as a 4TB disk grub comes up and says out of disk
<klnlnll> the first time i installed it i just did 4tb / and it wouldn't boot at all, then I went and redid it with a separate /boot partition and it still says "out of disk" but at least it boots
<klnlnll> does anyone know how to avoid/fix this?
<roaksoax> adam_g: thoughts? http://pastebin.ubuntu.com/5929642/
<adam_g> roaksoax, you need to mock os.environ
<adam_g> roaksoax, or rather, service_name()
<adam_g> roaksoax, since it looks like you're setting SERVICE_NAME at the top level,, you can  patch it with the rest of whatever you are patching, and set its return_value to something in the tests' setUp() so that its mocked for every test
<roaksoax> adam_g: http://paste.ubuntu.com/5929657/
<adam_g> roaksoax, oh, right. you need to get that patched before you load the utils module in your tests. service_name() is being called at module load
<adam_g> roaksoax, checkout how i handled it for restart_map() in cinder. similar
<roaksoax> adam_g: ok coolt hanks!
<adam_g> there might be a better way to do it, not sure
<zul> adam_g:  https://code.launchpad.net/~zulcss/cinder/sqlalchemy-ftbfs/+merge/177648
<adam_g> zul, https://code.launchpad.net/~gandelman-a/ubuntu/saucy/cinder/greenlet_min/+merge/176272
<zul> adam_g: +1
<zul> adam_g: https://code.launchpad.net/~zulcss/nova/sqlalchemy-fixes-0.8/+merge/177615
<optimusOO7> hello
<optimusOO7> i am having trouble downloading packages, i am able to install packages like keystone from ubuntu cloud repo but i am not able to install vim, i am getting "503  Unable to download in offline mode", it looks like a proxy problem, but i am not sure how to solve this
<sarnold> optimusOO7: are you using a local proxy? (squid-deb-proxy, apt-cacher-ng, etc?)
<optimusOO7> thats the issue, i don't know if this machine is using proxy
<optimusOO7> but it seems that its using local proxy
<sarnold> optimusOO7: ah :) apt-config dump | grep Proxy
<optimusOO7> sarnold: cool :)
<optimusOO7> sarnold: yes, its using proxy
<sarnold> optimusOO7: cool. :) I hope that's enough to help get the problem solved
<optimusOO7> sarnold: Acquire::http::Proxy "http://server:3142";
<optimusOO7> sarnold:  i tried to set the env variable but still its not working
<sarnold> optimusOO7: does that server exist? can you ping it? does it work for other tasks? do you want / need to continue using it?
<sarnold> optimusOO7: I've got a vague memory that apt doesn't care about the http_proxy environment variable
<optimusOO7> sarnold: yes i can ping it
<optimusOO7> sarnold: yes, its a puppet master
<optimusOO7> sarnold: i would need it
<optimusOO7> sarnold: still getting  503  Unable to download in offline mode
<sarnold> optimusOO7: okay, nice. the downside is now you get to figure out why it is reporting 503 errors :(
<chrisan> What does mounting with acl do? https://help.ubuntu.com/community/FilePermissionsACLs  I didnt see this guide prior and just installed acl and went off using it, it seems to be working w/o editing fstab..?
<optimusOO7> sarnold: now when i tried to install qemu, it downloaded some updates but some of them showed 503
<optimusOO7> Fetched 7,051 kB in 0s (14.3 MB/s)
<optimusOO7> Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/c/ceph/librados2_0.41-1ubuntu2.1_amd64.deb  503  Unable to download in offline mode
<optimusOO7> Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/c/ceph/librbd1_0.41-1ubuntu2.1_amd64.deb  503  Unable to download in offline mode
<optimusOO7> Failed to fetch http://archive.ubuntu.com/ubuntu/pool/universe/q/qemu-kvm/qemu_1.0+noroms-0ubuntu14.10_amd64.deb  503  Unable to download in offline mode
<patdk-wk> sounds like you where using a bad mirror, or have a proxy configured
<sarnold> optimusOO7: are there any messages in the proxy's log files?
<sarnold> chrisan: did you mount -oremount,acl at some point?
<patdk-wk> if you don't mount with acl, you won't have acl support and only have user/group/other permissions
<patdk-wk> one of these days, I will use acl's (but not for atleast 20more years)
<chrisan> sarnold: i did not, just did an apt-get install acl and went off with setfacl cmds
<sarnold> chrisan: the setfacl might work with or without the 'acl' option. but can you -use- them?
<chrisan> i will have to test, `mount | grep acl` returns nothing but `getfacl mydir` spits out my options
<patdk-wk> yes, the acl is applied and stored
<patdk-wk> but it's never checked when accessing the file
<chrisan> ah, ok, easy to add - was just curious of how things were "working" - thanks all
<zul> adam_g: https://code.launchpad.net/~zulcss/python-heatclient/ftbfs/+merge/177662 anhttps://code.launchpad.net/~zulcss/nova/sqlalchemy-fixes-0.8/+merge/177615 pleased
<adam_g> zul, where has this been forwarded? http://bazaar.launchpad.net/~zulcss/nova/sqlalchemy-fixes-0.8/revision/599/debian/patches/remove-deprecated-sqlalchemy-option.patch
<zul> adam_g: https://review.openstack.org/#/c/39296/
<zul> adam_g: ill put that in in the patch
<adam_g> zul, ok. does it fix a FTBFS or just silence warnings?
<zul> adam_g:  ftbfs
<zul> adam_g:  fixed
<axisys> how to add sphinx plugin into mysql 5.5 from ubuntu repo?
<_ruben> wonder if there's some magical way around bug #1008385
<uvirtbot> Launchpad bug 1008385 in apache2-mpm-itk "apache-mpm-itk writes wrong process name in /proc/$$/status" [Medium,Confirmed] https://launchpad.net/bugs/1008385
<Gatorz> hello
<Gatorz> I need help with my server ive tried looking all over
<zul> adam_g: https://code.launchpad.net/~zulcss/python-ceilometerclient/keystone-ftbfs/+merge/177680
<roaksoax> Daviey: still around?
<Daviey> roaksoax: maybe
<Daviey> Please leave a message after the tone.  <BEEP>
<roaksoax> Daviey: if you have the time, could you promote 'crmsh' to main and remove system-config-cluster, and redhat-cluster from the archive?
<Daviey> roaksoax: bug numbers ?
<roaksoax> https://bugs.launchpad.net/ubuntu/+source/redhat-cluster/+bug/1205107
<uvirtbot> Launchpad bug 1205107 in redhat-cluster "[remove] redhat-cluster" [High,New]
<roaksoax> https://bugs.launchpad.net/ubuntu/+source/system-config-cluster/+bug/1205438
<uvirtbot> Launchpad bug 1205438 in system-config-cluster "[remove] system-config-cluster" [High,New]
<Daviey> lookng
<roaksoax> https://bugs.launchpad.net/ubuntu/+source/crmsh/+bug/1205019
<uvirtbot> Launchpad bug 1205019 in crmsh "[MIR] crmsh" [Critical,Fix committed]
<Daviey> roaksoax: done
<roaksoax> Daviey: awesome! thanks!! :)
<Gatorz> w00t
<Gatorz> finally
<Gatorz> I need some help with my nix server if someone can PM me
<sarnold> Gatorz: IRC tends to work best if you just ask specific questions.
<Gatorz> true
<Gatorz> well, here is the issue all my sites still arent showing up I have 12 domains and I simply only have one showing up not sure why only thisone shows up but, I have set up the resolv.conf with Google DNS so still notsure why all the sites arent up
<Gatorz> for example
<Gatorz> http://www.martinmonica.com/
<sarnold> Gatorz: a lot can go wrong with DNS. There's both the publishing of data and then there's the lookup of data.. it's best to solve just one problem at a time..
<sarnold> "This is the default web page for this server."
<Gatorz> alright
<Gatorz> I know its the default page so at least the domain works
<Gatorz> but, the rest dont work so my question is why
<sarnold> Gatorz: were the domains previously hosted elsewhere? have their old records expired from caches yet?
<Gatorz> nope it was always hosted at my home server
<sarnold> Gatorz: does 'host www.martinmonica.com` show you the addresses you expect? how about each of the other hosts?
<Gatorz> lemme check hold on sarnold
<Gatorz> yes it does!
<Gatorz> =)
<Gatorz> but, not the others
<sarnold> Gatorz: okay, cool, now go find the DNS servers responsible for the authoritative records for those other hosts / domains -- is it correct? are there errors in the logs?
<Gatorz> nope no errors
<Gatorz> hmm sarnold hold on lets see here
<joshu> to change the language of the OS from the command line is this the only file to change /etc/default/locale
<sarnold> joshu: maybe you also have to run the update-locale program.. I don't see a manpage but the source looks like it performs sanity checks..
<joshu> ok I'll try that sarnold
<adam_g> zul, ping
<lurker> jj
<lurker> do u c me
<lurker> :-(
<lurker> :-[
<lurker> Hello
<lurker> LargePrime- Hello
<sarnold> lurker: hello :)
<sarnold> lurker: IRC tends to be quiet until someone has a question; since we're all at work or asleep or something, we're not all on irc allthe time
<lurker> sarnold: I now with other one
<lurker> sarnold, thank you sir sarnold, I have no more
<zul> adam_g:  whats up
<adam_g> zul, so there will be a 2013.1.3 release next week, and quantum has been renamed to neutron. how are to handle SRU'ing that?
<zul> adam_g:  shouldnt effect raring imho
<adam_g> zul, how so
<zul> adam_g:  there isnt a neutron in raring
<zul> adam_g:  besides the neutron package has been transitioned from quantum
<adam_g> zul, ok. nvm, i thought the stale/grizzly branch had more done to it than its git repo location/name
<zul> adam_g:  no dont think so
<zul> adam_g:  should be just a matter of parking the neutron tree in a branch somewhere an just cherrypicking fixes to stable/grizzly
<adam_g> zul, huh? what do you mean cherry-picking fixes?
<adam_g> that sounds scary
<zul> adam_g:  nm...im just babbling
<adam_g> zul, the upstream branch is still getting commits like the other stable branches, everything is just renamed to neutron in LP/gerrit/etc
<zul> adam_g:  ah ok thats cool then
 * zul disapears for a bit
#ubuntu-server 2013-07-31
<_ruben> rbasak: would you happen to have any clue as what could be the cause of bug #1008385, or in which direction to look?
<uvirtbot> Launchpad bug 1008385 in apache2-mpm-itk "apache-mpm-itk writes wrong process name in /proc/$$/status" [Medium,Confirmed] https://launchpad.net/bugs/1008385
<_ruben> this bug report is pretty much the only info i could find on this matter
<rbasak> _ruben: I'm not sure, sorry. I know that processes can modify their process name. Perhaps apache is doing it somewhere and getting it wrong for some reason? It's the sort of thing that probably needs a deep dive.
<rbasak> And not being able to reliably reproduce it makes it difficult for anyone who isn't affected, of course.
<_ruben> rbasak: that's about as much as i know as well ;)
<_ruben> just ran a test on a bunch of servers i happened to be logged in on, at first sight more are affected than not
<rbasak> _ruben: an explanation and patches will be greatfully accepted :)
<rbasak> err, gratefully
<rbasak> That word seems wrong to me this afternoon for some reason
<_ruben> hehe
<_ruben> wonder what will happen if i install -virtual kernel on a "broken" -generic vm .. will let you know in a bit ;)
<rbasak> It might not be kernel related at all.
<rbasak> That does seem less like to me, though I wouldn't rule it out.
<_ruben> yeah .. finally managed to test booting -virtual .. no change
<rbasak> Next I'd look for areas in the source that change the process name, and if there aren't any obvious bugs there, install debug symbols and get going with gdb.
<rbasak> But there might be a better way of course
<_ruben>  i'll be *peeeep* .. i did a strace on a single worker (apache2 -X) .. no references to /usr/sbin/apach .. turns out: process name is ok
<_ruben> rbasak: interesting ... apache2 -k start: OK .. apache2ctl start: FAIL
<zul> roaksoax:  ping
<rbasak> strace is unlikely to catch it IMHO, if it's a problem with the process name being wrong. IIRC, changing process name doesn't involve a system call.l
<rbasak> being set wrong, that is
<_ruben> rbasak: the output of strace didn't help, but it did show me something else: apache2 (the binary) isn't responsible, not directly atleast
<_ruben> disecting apache2ctl now
<_ruben> (files are identical on both "kind" of servers unfortunately)
<_ruben> the script is rather simple though
<_ruben> ah! ... for some reason apache2 doesn't do proepr stipping for its process name
<_ruben> apache2 -k start => apache2 ... /usr/sbin/apache2 -k start => /usr/sbin/apach
<stgraber> rbasak: changing process name is done through the prctl syscall, so it should show up in strace
<_ruben> stgraber: good to know
<rbasak> stgraber: ah. I thought one could just change argv[0]?
<_ruben> prctl(PR_SET_NAME, 0x7f0a15811b80, 0, 0, 0) = 0
<_ruben> I'm guessing 0x7... is a memory location
<rbasak> _ruben: prctl(2) says that PR_SET_NAME is limited to 16 bytes, and should be null-terminated if shorter. "/usr/sbin/apach" is 15 bytes, and the 16th byte could be a null terminator.
<rbasak> OTOH, "/usr/sbin/apache" is exactly 16 bytes, so does not need a null terminator.
<rbasak> Perhaps there's a code path which limits the name to 15 bytes?
<rbasak> (in order to account for the null terminator that isn't actually necessary)?
<_ruben> it shouldnt be trying to set it to /usr/sbin/... in the first place
<_ruben> the code doesn't call prctl directly though (not for this at least)
<rbasak> http://web.archiveorange.com/archive/v/1XS1vcyaGboxxVcKF2sG
<rbasak> Looks like prctl is limited to 16 characters, and overwriting argv still works but is limited to length of the original cmdline.
<_ruben>     process->argc = *argc;
<_ruben>     process->argv = *argv;
<_ruben>     process->short_name = apr_filepath_name_get((*argv)[0]);
<_ruben> looks kinda promissing
<rbasak> apr probably stands for Apache Portable Runtime. A portability abstraction, IIRC.
<JanC> yes, some other applications use APR too
<_ruben> but still .. all this doesn't explain how same package version on different systems could behave diffferently .. if it were "a simple" bug that is ;)
<rbasak> _ruben: so it depends on how you start the service? I usually use "service apache2 start" rather than calling apachectl or apache2 directly.
<_ruben> rbasak: any service wrapper is likely to use apache2ctl
<rbasak> _ruben: how many reporters are doing something different that causes it to start differently?
<rbasak> _ruben: the only wrapper I'm aware of is /etc/init.d/apache2.
<_ruben> rbasak: none probably .. i know i aint
<rbasak> Could there be two different code paths in the init script?
<_ruben> my curent suspect: a envvar called APACHE_HTTPD .. apache2ctl initializes it to /usr/sbin/apache2, but if you override it to apache2, it works as expected .. let me check on a "good" server
<JanC> so, maybe a default config differs between some older and current package versions?
<rbasak> How about the upgrade path? Is everyone installing from fresh, or have they upgraded from a previous version?
<JanC> rbasak: from the bug report it seems the working ones probably upgraded from 12.04.1, the broken ones installed 12.04.2 directly
<_ruben> upgrade or fresh appears to be the very difference between good and bad
 * rbasak looks up the diff
<_ruben> nope, the envvar isn't it .. changing that also changes the output in `top` .. `top` should list /usr/sbin/apache2 (that is, it does list it like that on both good and bad)
<_ruben> which leads back to a bug in apache2's dirname stripping again .. which again would be rather unlikely
<_ruben> i hate nasty bugs like this! :P
<rbasak> I found them intruiging :)
<_ruben> up to a point, sure ;)
<rbasak> apachectl was modified in 2.2.22-1ubuntu1.3 though I can't immediately see that it caused this
<rbasak> http://pastebin.ubuntu.com/5932802/
<_ruben> the change isnt in apache2ctl directly .. i compared those between a good and bad server
<_ruben> i dont have any gdb skills .. or i'd trace the stuff upto the prctl call
<_ruben> heck, even that apr_ function goes beyond my C knowledge, and its pretty simple function
<roaksoax> zul pong
<rbasak> I don't see anything else relevant in the update diffs
<zul> roaksoax:  available to do some reviews today?
<rbasak> Most of the udpates have been in moduels
<_ruben> wonder if it's some obscure libc related thing or something
<roaksoax> zul nah :p
<zul> roaksoax:  ok then
<roaksoax> zul lol i am
<rbasak> _ruben: but why would it be random? Or if it is only affecting upgraded systems, what is different about them to cause that to happen?
<rbasak> _ruben: anything different in /etc/default/* or /etc/apache2/* between the two systems?
<roaksoax> zul just send them my way and ill review them as soon as my network behaves right
<zul> roaksoax:  ack
<_ruben> rbasak: i dont think its random, just a change that only affects new installs, and not upgrades .. as for changes in those locations: haven't found anything obvious, yet
<LLckfan> Does any1 know how to stop Shockwave flash from crashing? I have uninstalled both Flash and my browser (Chrome), installed both from a fresh download, and scanned my computer (come up clean). Everything is updated
<^^rcaskey> where does $INTERFACES get set out in /etc/init.d/dhcp3-server?
<Techdude1011> Is it possible to customize received snmp traps? I am using traptoemail
<zul> Daviey:  fyi https://bugs.launchpad.net/ubuntu/+source/ceilometer/+bug/1206967
<uvirtbot> Launchpad bug 1206967 in ceilometer "[MIR] ceilometer" [Undecided,New]
<mikeey> does samba4 require any additional configuration except of the share definitions?
<mikeey> if it does, have anyone got a tutorial or any info regarding it?
<Daviey> zul: the declared universe deps, are they covered by MIR?
<zul> Daviey:  working on the universe deps MIR right now
<Daviey> coolio
<jkitchen> question: multipath doesn't seem to be reading the "defaults" stanza of my config file, anyone experienced this issue?
<jkitchen> I'm trying to set the default path_grouping_policy to multibus
<jkitchen> because I would really rather not have to manually put all of my wwids into the multipath.conf since they'll be pretty much constantly changing (virtualization environment)
<chmac> I've got a machine on which mysql / apache do not start at boot. The /etc/init/mysql.conf contains a 'start on runlevel [2345]' line. How else can I debug the issue?
<ikonia> chmac: try to start them manually - confirm there is no problem
<chmac> ikonia: Yeah, they both start ok
<ikonia> that seems odd then
<ikonia> chmac: maybe worth putting a touch /tmp/testfile.mysql(or apache) at the start of the script and see if the scripts even get executed
<chmac> ikonia: Ok, interesting, to see if maybe upstart is not getting started or something.
<chmac> I'm a little out of my depth on this stuff. Thankfully ssh does start!
<ikonia> chmac: yes, simple test to see if the scripts even get excuted or not
<ikonia> chmac: then you know the problem is not the scripts, but that they aren't getting run
<ikonia> chmac: or you know there is a problem with the scripts and you can take it from there
<chmac> ikonia: The scripts are the stock, whatever was installed with the system
<chmac> ikonia: I'll try that now and reboot. Thanks for the suggestion.
<ikonia> chmac: yes, but that doesn't mean there i a problem at boot time
<chmac> ikonia: In the pre-start section?
<chmac> Ok, so apache is in /etc/init.d/apache2 not /etc/init/
<zul> roaksoax:  https://code.launchpad.net/~zulcss/ceilometer/refresh/+merge/177898
<chmac_> This bouncer is on that server, so I lost my connection!
<chmac_> ikonia: No files were touched :-(
<chmac_> dpkg-reconfigure upstart ?
<chmac_> I'm guessing!
<ikonia> chmac: interesting so it didn't run
<ikonia> chmac: so check what those scripts depend on
<ikonia> chmac: or make sure those scripts actually do run when called directory
<chmac> ikonia: The /etc/init.d/apache2 script I can execute directly like `/etc/init.d/apache2 status` and I get the expected output
<chmac> ikonia: But /etc/init/mysql.conf is not an executable file...
<chmac> ikonia: I gotta run, thanks for the help, I've made some progress in understanding. I'll get into it again another time. :-)
<zul> adam_g/roaksoax: https://code.launchpad.net/~zulcss/neutron/refresh/+merge/177910
<Shadowandlight> semi off topic.... what should the privileges look like for a mysql user who only needs to read/write access to there specific database? - i know this is too much (i think?) http://i.imgur.com/CBLdvMA.png
<Shadowandlight> but im not sure what to pare it down to
<Shadowandlight> do i uncheck everything in "administration"?
<ikonia> chmac: you still there ?
<roaksoax> Madkiss: howdy! so just wanted to let you know that I have a few patches for your packaging. I've also packaged 'dlm' and dropped redhat-cluster from Ubuntu
<roaksoax> Madkiss: so this means we now fully support pacemaker + corosync 2.0 and bye bye cman
<Madkiss> cool.
<Madkiss> i'm hunting a bug right now that affects pacemaker.
<roaksoax> Madkiss: i'll also be forwarding dlm packaging to you by EOW
<Madkiss> wonderful, thanks
<vedic> I have installed pgbouncer using dpkg. When I try to start it (/etc/init.d/pgbouncer start) there is no output. Even I don't see the log file created into /var/log/postgres/pgbouncer.log . How to know what is the problem?
<chmac> ikonia: Was offline, but my bouncer was on, so I'm seeing your message nowâ¦ :-)
<Peryton272> I'm having a problem installing Ubuntu Server to my Dell PowerEdge 2600. Is this the right place to be?
<sarnold> Peryton272: sure
<Peryton272> so I boot from the disk that has the .iso on it, but when it boots my server no longer recognizes my USB keyboard so I cant even select a language or anything.
<Peryton272> the keyboard works fine in the Dell bios but as soon as I try to boot from the disk that has Ubuntu on it, the keyboard stops working
<sarnold> Peryton272: some BIOSes have a setting for how to handle usb keyboards and mice; it's intended to help along OSes without USB support, like many win95, win2k releases, but if you fiddle with it, you might get lucky?
<Peryton272> alright I'll see if I can find something
<Peryton272> sarnold: I got it to work. Thank you!
<sarnold> Peryton272: cool, what was it?
<Peryton272> just what you said. I had to turn on the bios support for USB devices
<sarnold> Peryton272: crazy. that shouldn't have been needed since 2.0 or 2.2 kernels, I forget which it's been long enough... anyway. hooray. :)
<Peryton272> sarnold: now it's saying "This kernel requires an x86-64 CPU, but only detected an i686 CPU."
<Peryton272> sarnold: What does that mean? lol I haven't done anything with servers before
<sarnold> Peryton272: there's two images for x86 systems, i386 and amd64. the amd64 ones will require the x86-64 CPUs, but it sounds like you've got a machine that'll require the i386 image instead
<Peryton272> sarnold: oh ok. Could you point me in the right direction to get that?
<sarnold> Peryton272: http://www.ubuntu.com/download/server   note the 'choose your flavour' drop down, you'll want the 32 bit option
<Peryton272> sarnold: awesome thank you
<ikonia> chmac: there ?
<caraconan> Hi there. How can disable this apparmor filter? http://paste.org/66396 It's a VM inside a KVM hypervisor. Thanks
<caraconan> Just removing /etc/apparmor.d/libvirt/libvirt-VM-UUID files ?
<caraconan> Looks like is performing a: sudo /etc/init.d/apparmor teardown
<sarnold> wow, running without apparmor? brave man
<patdk-wk> sarnold, apt-get remove apparmor
<goddard> i am trying to change apache document route for default to /home/goddard/Web/
<goddard> but i am getting 403 error
<patdk-wk> goddard, heh?
<goddard> patdk-wk: i am trying to change the default apache document route from /var/www/
<goddard> to /home/goddard/Web/
<patdk-wk> goddard, ya, but apparmor doesn't block that
<patdk-wk> what version of ubuntu?
<goddard> 13.04
<patdk-wk> maybe that is why, I'm in 12.04 as my servers stick to lts
<patdk-wk> and there is no policy to block that
<genii> Why not use userdir with UserDir Web instead of UserDir public_html, and Directory /home/*/Web>  instead of  Directory /home/*/public_html>   ... in the userdir.conf file
<jdstrand> apache is not confined by apparmor by default
<patdk-wk> genii doesn't matter
<goddard> just a test server
 * genii sips and ponders
<goddard> i didnt wanna do anything complicated
<jose> Hey, guys! I don't konw if you can give me a hand with my DNS server in Ubuntu, which appearently doesn't work (using bind9)
<jkitchen> I figured it out. apparently the 'device' defaults override my explicit defaults in multipath.conf, so I just added a devices/device stanza and set what I wanted. works great!
<jose> oh, nvm. Looks like I was missing some reverse record. thanks anyways!
<LLckfan> Does any1 know how to stop Shockwave flash from crashing? I have uninstalled both Flash and my browser (Chrome), installed both from a fresh download, and scanned my computer (come up clean). Everything is updated
<sarnold> LLckfan: file a bug report with adobe?
<LLckfan> sarnold I have
<LLckfan> Never got an answer
<Patrickdk> weeee, watchs debian 3.0 install to an ssd
<tux050> My postfix server keeps sending Error 501s.
<tux050> I don't have domain, but I have the external ip address in the config file.
<tux050> *an MX domain
<ikonia> how are you sending mail to it though ?
<tux050> from my gmail account
<ikonia> how though if you don't have a domain ?
<tux050> to root@my.ip.address
<ikonia> is it getting there ?
<tux050> no
<tux050> but there are error logs
<ikonia> so it is hitting the server but getting rejected ?
<tux050> 501/invalid address from mail.blahblah.gmail.com
<tux050> yes
<tux050> What would I need to change in my config?
<ikonia> invalid address suggests that server is not aware of that user/domain combination
<tux050> ok.  how do I fix that?
<ikonia> do a "HELO" test locally to root@ip
<ikonia> see if it works
<tux050> it seems to
<tux050> it gives a 250
<LLckfan> Does any1 know how to stop Shockwave flash from crashing? I have uninstalled both Flash and my browser (Chrome), installed both from a fresh download, and scanned my computer (come up clean). Everything is updated
<ikonia> tux050: ahh are you using a nat ?
<tux050> yeah
<ikonia> I wonder if that's the issue
<tux050> I was giving it it's external ip address though.
<ikonia> eg: the server is listening on 192.168.24.10 - but when it gets rom external.ip it doesn't know about it
<tux050> maybe
<Patrickdk> this is all pointless
<Patrickdk> you need to pastebin 'postconf -n' and the logs
<ikonia> yup
<tux050> would "myhostname" have anything to do with this?
<tux050> should that be set to the external IP?
<ikonia> that's what it sets up what it's listening on
<tux050> also, what are aliases?
<tux050> never mind, I got it
<joshu> hi can someone please have a look at my upstart script because i'm not confident it's working as it should https://gist.github.com/anonymous/ed8b9b4e54bc66e079af
<LLckfan> Hello
<LLckfan> Does any1 know how to stop Shockwave flash from crashing? I have uninstalled both Flash and my browser (Chrome), installed both from a fresh download, and scanned my computer (come up clean). Everything is updated
<Patrickdk> LLckfan, ubuntu-server doesn't have a gui, so flach and crome are unsupported in this channel
<sarnold> joshu: you might want to use 'setuid test' rather than su -c .. test
<sarnold> joshu: http://upstart.ubuntu.com/cookbook/#setuid
<joshu> hi sarnold initially I tried that from the exact link, but it wouldn't work
<joshu> don't know why
<sarnold> joshu: did you get any error messages in the logs or on the screen?
<joshu> not on the screen, but when I tried to scan the brscan-skey wasn't producing a file as it does with su -c or if I start it manually as user test with brscan-skey.
<joshu> I can try again now
<joshu> testing now will report back after I reboot and try to scan
<joshu> sarnold ok just tested with setuid test, scanned fine, but no document was created in /home/test/brscan as it should
<sarnold> joshu: any error messages in log files?
<joshu> sarnold /ar/log/syslog ?
<sarnold> joshu: check also /var/log/upstart/brscan-skey-daemon
<sarnold> joshu: if there's nothing obvious there, try adding a chdir /home/test/brscan/  to the config: http://upstart.ubuntu.com/cookbook/#chdir
<joshu> sarnold https://gist.github.com/anonymous/fc59b7641918b9f516c4
<joshu> it's trying to write to /brscan and not /home/test/brscan
<sarnold> joshu: cool, that might be fixed by the 'chdir' ..
<joshu> ok going to test
<sarnold> joshu: note that you don't have to reboot to test that -- you can just service brscan-skey-daemon restart
<joshu> sarnold oh ok tried with chdir but it is still writing to /brscan
<sarnold> joshu: what's the home directory for the test user?
<joshu> "/home/test/brscan"
<joshu> I tried chdir /home/test/brscan
<sarnold> joshu: try just chdir /home/test, and try changing the home directory in /etc/passwd to just /home/test as well
<joshu> ok let me try one sec
<joshu> still same thing
<joshu> tiff2pdf: Can't open output file /brscan/20130801010332_27436.pdf for writing.
<joshu> I don't know what su -c does instead of setuid that the former works
<sarnold> joshu: hrm, me neither. you could go back to su -c ..
<joshu> ok is the script otherwise written ok? something I found odd is that if i kill the process using sudo kill <number> and then do sudo status brscanâ¦. the process number is the same. Doesn't seem right to be if it respawns?
#ubuntu-server 2013-08-01
<codepython777> anyone here who runs powerdns/any other dns server?
<codepython777> I'm running pdns and it dies in the middle - cant find anything suspicious in the logs
<codepython777> grep "error" /var/log/daemon.log = nothing
<qman__> I've never heard of this powerdns
<qman__> bind logs to /var/log/syslog
<sarnold> qman__: never? o_O I thought you were a DNS -guy-!
<randolph`> will installing a wm (openbox) on a server affect the security?
<qman__> yes
<randolph`> why?
<qman__> every piece of software you install will have an effect on security
<randolph`> ok
<randolph`> ty
<sarnold> and X tends to have more than its share of security surfaces..
<qman__> in regard to X and supporting apps in particular, X11 uses network sockets internally
<qman__> it's a complex system and unless you've got a default deny firewall, I would strongly recommend against it
<codepython777> qman__: This one logs to /var/log/daemon.log. grep "error" shows this error in the current log file : Jul 31 14:21:05 machine1 snmpd[1966]: net-snmp: 33 error(s) in config file(s)
<randolph`> true. good to know.
<randolph`> thanks
<sarnold> codepython777: here's google's cache on the logging part of the pdns syslog docs: http://webcache.googleusercontent.com/search?q=cache:KTOMeQoYlsQJ:doc.powerdns.com/html/syslog.html+&cd=1&hl=en&ct=clnk&gl=us&client=ubuntu
<codepython777> sarnold: when the crash happened, it was logging into daemon.log - the only line that looks bad is that net-snmp line
<codepython777> am not sure that killed the pdns daemon thou
<sarnold> codepython777: yeah, snmpd errors don't seem likely.. :/
<sarnold> codepython777: maybe check dmesg, see if there's segfaults?
<codepython777> dmesg | grep seg - but i did reboot after the crash.
<codepython777> null there
<codepython777> I tried syslog as well - no luck there
<Senor> ls : cannot access /usr/lib*/librt.so*: No such file or directory
<Senor> how to fix this problem?
<chmac> ikonia: I am now :-)
<stetho> Hi - are there any tools that will allow me to compare what packages are installed on a number of servers?
<rbasak> stetho: it's a really common question. Try AskUbuntu, and look into "dpkg -l" and "dpkg --get-selections".
<stetho> rbasak: The question is about comparisons - are there any tools? I can get the lists but I've got 17 servers to compare.
<rbasak> stetho: I don't know about dedicated tools. I've always used general Unix tools to do this sort of thing. sort, diff, comm, etc.
<rbasak> IMHO, they serve the task perfectly.
<stetho> rbasak: That seems to be the answer I'm finding. Cross referencing 17 text files is going to be a pain.
<rbasak> stetho: you might be interested in meld. It's a nice GUI. Not sure if it does things 17 ways, but looking at two side by side works well.
<stetho> I'll have a look. Thanks
<rbasak> Beyond that, there are services like Landscape that manage packages across multiple servers. But that's commercial.
<rbasak> smoser: I'm interested to hear your thoughts on http://irclogs.ubuntu.com/2013/08/01/%23ubuntu-quality.html#t09:47
<rbasak> smoser: for nested KVM, we'd like to provide a read-only cloud image disk to a guest, so that it may use that to start nested guests. But it screws up because (we think) of duplicate filesystem labels.
<VSpike> Here's a mystery.. process list http://sprunge.us/hFiF memory http://sprunge.us/GACa http://sprunge.us/VXTG ... where is all the memory going?
<VSpike> I killed everything I could kill and still the free memory has not come back
<VSpike> ipcs -m is empty and slabtop looks much the same on this and another server in the pool which is using very little memory
<VSpike> df shows about 360K in tmpfs
<chmac> Anyone know if I can use the same cert / key / chain SSL files for both nginx and apache?
<_ruben> chmac: sure
<_ruben> chmac: well, assuming they're in a format understood by both
<chmac> _ruben: Awesome. What are the apache equivalents of nginx's ssl_certificate and ssl_certificate_key?
<chmac> The key one is obvious, but the ssl_certificate is the tricky one, I can't find an apache equivalent
<chmac> On nginx the ssl_certificate contains, in this order, server's cert - intermediary - ca
<_ruben> chmac: i think the trick is to have both SSLCertificateFile and SSLCACertificateFile point to that file
<chmac> _ruben: Ok, let me check that out, thanks
<chmac> _ruben: Do you mean SSLCertificateChainFile instead of SSLCACertificateFile? The latter is for Client Authentication according to my reading of the docs https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile
<_ruben> chmac: interesting, that's how I read it too, but SSLCACertificateFile is what we use on our servers
<chmac> _ruben: As far as my experiments go, I can't put more than one cert in the SSLCertificateFile directive or apache fails to start with "Init: Multiple RSA server certificates not allowed"
<_ruben> chmac: hmm .. I played with a similar setup some time ago. If only I could recall which server that was ;)
<chmac> _ruben: Are you sure your server is actually serving the intermediate certificates? I understand that most browsers work fine without the intermediaries...
<chmac> _ruben: lol
<chmac> _ruben: If I had a penny for every time I thought, oh yeah, I've done that, now where was itâ¦ :-)
<_ruben> heh, yeah
<_ruben> the joys of central configuration management .. if only our nginx/apache configs were part of it ... :)
<brendan-> morning ya'll.. i have a question.. when i login to our boxes, we get the notification from the motd, that 'x' # of packages are available for update.. is there a command to run to see which packages are available for update?
<brendan-> or a file to read that would show this
<_ruben> chmac: i know it's possible, just forgot how. and dont have the time to dive into atm :/
<chmac> _ruben: You're sure the server is sending the intermediary certs also?
<chmac> I'm not sure how to actually check / verify that, over my head at this point!
<_ruben> brendan-: apt-get dist-upgrade would show that for instance
<_ruben> chmac: pretty sure i tested that
<brendan-> but then you need to have user interaction to deny the upgrade
<_ruben> chmac: testing it is trivial if the site's reachable over the internet. tons of ssl checkers out there
<chmac> brendan-: There is a command, give me one sec...
<brendan-> ok ty
<chmac> brendan-: /usr/lib/update-notifier/apt-check --package-names
<brendan-> my goal is to have a cron that runs and grabs the list which is either emailed over or just dumped to a text file
<chmac> brendan-: That script is the workhorse of all that stuff, it has a few options
<chmac> brendan-: Then what you need is security-update-notifier my friend!
<brendan-> ok great. thanks. let me check it out
<chmac> http://github.com/chmac/security-update-notifier
<chmac> :-)
<brendan-> lol
<brendan-> shameless plug
<brendan-> :D
<chmac> brendan-: There's even a puppet module! http://forge.puppetlabs.com/chmac/security_update_notifier
<chmac> brendan-: It's an ugly hack, but it does the job
<brendan-> very nice
<brendan-> we use PE here
<_ruben> if only i could time to dive into puppet :/
<chmac> brendan-: Just pings me when there are security updates outstanding
<brendan-> you need some examples on the forge
<chmac> brendan-: But if you want to know every time any update is available, apt-get install apticron will do the trick
<chmac> brendan-: I look forward to your pull request ;-)
<_ruben> our current homegrown config management stuff is become way too limited over time
<brendan-> and i dont want to pay for landscape
<chmac> brendan-: http://github.com/chmac/puppet-security-update-notifier
<brendan-> too expensive for
<brendan-> only needing patch management
<chmac> brendan-: We're using scaleXtreme, for $10/server/month they'll do all that jazz for you
<chmac> _ruben: FWIW, a year or two into my puppet experience, it's a bloody nightmare. augeas is supposed to be great, but honestly, just managing 3 servers, it gets outrageously complicated figuring out what goes where
<brendan-> we have 35 VMs with PE
<brendan-> and adding more
<chmac> brendan-: We're using the free version, but for maybe even $5/mth/server then you can push updates to them all automatically
<brendan-> chmac: but you can control what gets pushed?
<chmac> brendan-: Yeah, there's a web interface and all, shows what's outstanding, etc
<chmac> brendan-: It's a little scary, you can run anything you want on all / some of your machines!
<brendan-> hmm, /usr/lib/update-notifier/apt-check --package-names gives packages, any way to see the versions its going from and to?
<chmac> Give them a command and they'll run it as root on all boxes, not sure I like somebody having that much power, but hey, it's free! :-)
<chmac> brendan-: Not sure, try running it with --help
<brendan-> i can see yeah, man apt-check didn't work
<brendan-> :D
<chmac> brendan-: There's also unattended-upgrades I think
<chmac> Right, there's no man page, and it's not in the path, took me a while to dig it out
<chmac> brendan-: If you do end up using security-update-notifier, I'd be grateful for a heads up
<brendan-> i need to read through the module and see what it does
<chmac> I built it out of frustration, and it's pretty ugly, but nice to know if it's useful anywhere else
<chmac> brendan-: The puppet module only installs the script, in a pretty ugly way, it uses a file{} to copy the script onto each machine and then throws it in cron I think
<chmac> brendan-: It's *very* crude, but it works on our ubuntu machines, can't promise on any other flavour!
<brendan-> no luck with the --help. options for that are (-h/--help, -p/--package-names, --human-readable, and --security-updates-unattended)
<brendan-> fair enough chmac
<brendan-> i got modules like that as well
<brendan-> as long as it works
<brendan-> can go back and refactor
<chmac> brendan-: Ooh, maybe --security-updates-unattended is new, don't recognise it, which ubuntu version?
<brendan-> 12.04.2
<brendan->  --security-updates-unattended
<brendan->                         Return the time in days when security updates are
<brendan->                         installed unattended (0 means disabled)
<chmac> brendan-: My bad, I have it, just ignored it
<chmac> I thought it might actually install the updates
<brendan-> the /usr/lib/update-notifier/apt-check --package-names is a big help though
<brendan-> to at least see what types of things are pending updates
<chmac> brendan-: Yeah, only challenge is that it doesn't separate security / regular updates
<brendan-> true
<brendan-> but ehh
<chmac> brendan-: I generally ignore non security updates on our production machines
<chmac> brendan-: Only way around that I can figure is by modifying the apt-check script, it's python I think
<brendan-> yeah, looking at the script it is python
<chmac> brendan-: If you find a way to get only the security updates, or if you're interested in collaborating on doing that, let me know
<brendan-> i saw def isSecurityUpgrade(ver)
<brendan-> in the script which is a function but its a matter of looking where that checks
<brendan-> line 124
<brendan-> then 136
<brendan-> so its getting a list from somewhere then doing a comparison and doing a count
<smoser> rbasak, correct.
<smoser> it will screw up because of duplicate filesystem labeles
<rbasak> smoser: is there any better way to get it not to do that, but still pass the image through so the guest can use it? For now, we're hotplugging the disk after the system has booted. I feel that there should be a better way, because passing an arbitrary disk image seems reasonable, even if it does have a conflicting label, provided we can flag it as such.
<rbasak> smoser: nm, just seen #ubuntu-quality.
<c^^c^^> For a 64 bit ubuntu server install any idea how much memory\space is consumed after install without running anything extra
<worms> Does anyone know if there is a JeOS equivalent in the latest Ubuntu? I want a minimal server installation with no services running. I want to make a VM that people can download from my site and the smallest I am able to build now is about 800mb :(
<Daviey> marcoceppi: Hey, if i wanted a python 2to3 conversion lint test for all *.py files in charms.. would you be the right person to poke?
<marcoceppi> Daviey: you mean an automatic 2to3 conversion test in the jenkins testing scheme?
<Daviey> marcoceppi: Testing that conversion cleanly happens
<marcoceppi> Daviey: Me or mims would be good to talk to, but mims is on vacation
<Daviey> marcoceppi: Ok, great - i think you will rock my world
<Daviey> marcoceppi: Basically, we want to make sure that all *.py files in charms cleanly convert.. for when we move to 3 in the future
<marcoceppi> Daviey: Sounds simple enough
<bcessa> hi, good day, just a quick question, can someone please recommend a good PCI approved network scan program/package?
<marcoceppi> worms: have you considered using the cloud images? I'm not sure about nothing running an services at startup but theyr'e about 200MB in size
<jcastro> http://cloud-images.ubuntu.com/releases/
<jcastro> they are pretty stripped down
<worms> I will have a look. Thanks!
<marcoceppi> Daviey: so we can add a task to the charmtester to make it an arbitrary job, or I can make a juju plugin that just attempts a 2to3 conversion on all .py #! python files
<marcoceppi> Daviey: what are the requirements you had for this?
<zul> marcoceppi:  umm...what?
<zul> Daviey:  2to3 is a nice tool but it doesnt catch everything
<marcoceppi> s/2to3/whatever tool makes sense/
<marcoceppi> It'd probably be something like 2to3 then run unit tests/functional tests in charm if they exist
<Daviey> zul: Wat do you suggest?
<Daviey> zul: I really just want a smoke test, if there is something better.. make it so :)
<zul> Daviey:  i use python-modernize in conjunction with 2to3
<Daviey> zul: can you work with marcoceppi to get this nailed? :)
<zul> Daviey:  uh...i only got the tail end what do you want to do?
<marcoceppi> zul: Daviey so the tool to run is a bit irrelevant, the method it what's more important to me. Do you invision doing a one-off run or do you want it part of the regular daily charmtester stuff?
<marcoceppi> a bit irrelevant for me*
<Daviey> marcoceppi: Either. Probably regular
<Daviey> marcoceppi: Maybe just part of the lint tooling you are doing?
<Daviey> Basically, an easy to identify status on conversion ability
<Daviey> And impartiality, harder to regress
<marcoceppi> Daviey: I'm not doing any lint tooling directly, more like testing-helpers
<Daviey> marcoceppi: Hmm, that could be it
<marcoceppi> Daviey: So charmtester will be getting an overhaul after this week, I'll keep this in mind and just add a job to test all python files based on zul's recommended methods for linting 2to3
<marcoceppi> charmtester == jenkins
<zul> Daviey/marcoceppi:  porting python charms should be pretty easy shouldnt it? its not like they are overly complicated
<zul> (or shouldnt be)
<marcoceppi> zul: well, a good portion of charms are pretty straight forward, but some can be quite complex
<zul> marcoceppi:  true
<marcoceppi> Identifying conversion problems will provide more visability to charm authors of what they need to fix
<Daviey> right!
<Daviey> chmod +x, isn't hard to do.. but seems people forget :)
<zul> Daviey:  like disabling a patch before a build and then forgetting to re-enable it after?
<Daviey> zul: who would possibly do such a thing? :)
<zul> Daviey:  surprising it happens a lot
<Daviey> zul: Are you ready to cry?
<zul> Daviey:  yes
<Daviey> zul: pep8 has been refreshed, as policy.  Which means that openstack will need a pretty big refresh, i suspect :)
<Daviey> http://hg.python.org/peps/rev/fb24c80e9afb
<zul> Daviey:  something to push and increase our contributions ;)
<Daviey> zul: nah, don't need that.
<zul> Daviey:  well they use flake8 now which uses pep8 (i think) so the point is mute
<zul> and we dont run the pep8 tests anymore during the builds eitther
<smoser> marcoceppi, i had a TODO item that i just remembered....
<smoser> adam_g, also maybe important to you.
<smoser> we're writing charms in python, right? (ie, the openstack charm cleanup)
<smoser> if we're writing new code, we really need to be making sure that that new code is python3 functional.
<smoser> are we doing that ?
<Daviey> zul: right, but flake8 will be refreshed.  And agreed, it's an upstream issue, not a package building issue
<marcoceppi> smoser: I think that's Daviey's point. Check the charms for python3 compat
<marcoceppi> However, this is important. I don't think python3 compat is that important.
<smoser> well, it sort of is.
<marcoceppi> Charms do whatever they want, as long as there is a python2.x in the archives an install hook could easily install it if written in a language that installed by default
<smoser> at some point in the not so distant future, the "How can I get /usr/bin/ruby in the image to write charms in ruby", will also apply to '/usr/bin/python'
<marcoceppi> Are you moving to python3 default in the next LTS
<marcoceppi> s/are you/are we/
<marcoceppi> ?
<smoser> i suspect that we will not be completely rid of python in images in 14.04. but i would like to be.
<smoser> but its not so much that you can pick any language you want to write charms in
<smoser> (thats acceptable / a-good-thing)
<marcoceppi> smoser: Oh. This is a more interesting issue. So really we need to address the "How can I preinstall packages needed for hook exec"
<smoser> its that at this point in the history of the world, writing *new code* that is not python3 compatible is a-bad-thing.
<marcoceppi> smoser: Right, I think it should be considered a best-practice for those writing hooks in python. I'd be interested to see the results of the constant checking
<marcoceppi> Not sure I'd make it a physical blocker for charms anytime soon though
<smoser> i personally dont care about anyones efforts other than canonical's here.
<smoser> ignoring that now costs money later.
<smoser> if that is someone elses money, i dont care :)
<zul> smoser:  its still going to be a long while until openstakc is python3 compat
<marcoceppi> smoser: right, I'm just thinking from a charm community pov
<smoser> so its just somethign to be aware of.
<marcoceppi> smoser: ack
<smoser> even if 14.04 has /usr/bin/python
<smoser> 14.10 or 15.04 probably doesnt.
<smoser> and 16.04 does not.
<smoser> (by default)
<marcoceppi> right, so for 14.04, that's important for us since we're writing charms against LTS by default
<smoser> barry may have significantly strong feelings that differ with my statements above :)
<Daviey> marcoceppi: I am expecting stock ubuntu images to be python3 only for 14.04, but many non-default packages easiy pull it in.
<Daviey> marcoceppi: Our strategy to convert to py3 is mostly around making sure we have supporting for auto-conversion
<Daviey> So, we need to make sure that autoconversion has some basic lint testing
<rbasak> Breaks/Replaces issue with /usr/bin/juju? Bug 1206539.
<uvirtbot> Launchpad bug 1206539 in juju "package juju (not installed) failed to install/upgrade: tentative de remplacement de Â«Â /usr/bin/jujuÂ Â», qui appartient aussi au paquet juju-core 1.11.4-1~1514~precise1" [Undecided,New] https://launchpad.net/bugs/1206539
<marcoceppi> Daviey: Right, but we made the mistake from oneiric -> precise where we just pushed all the charms forward. We likely won't be doing that this time. Instead having authors manually re-submit for the next LTS
<smoser> Daviey, cloud-init is the biggest thing that i'm aware of.
<marcoceppi> This could be part of that process though
<Daviey> marcoceppi: For reference, upstream openstack is now gating on py3.3 compatibility.. We are pretty near the py3 switch :)
<marcoceppi> It'll be at least a week before I can take a look at this, but when I do I'll just have an extra jenkins job run so we can start gathering data
<Daviey> marcoceppi: Hmm, I want a BIG warning if auto conversion isn't looking clean
<Daviey> marcoceppi: What do you mean by, "we made the mistake from oneiric -> precise where we just pushed all the charms forward" ?
<TheLordOfTime> purely curious: anyone here with substantial experience with packaging and packages know how Debian package policy violations are handled in Ubuntu?P
<SpamapS> TheLordOfTime: best to mention a specific bug really
<TheLordOfTime> https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1206878
<uvirtbot> Launchpad bug 1206878 in nginx "Configuration should be purged only in nginx-common" [Undecided,Confirmed]
<TheLordOfTime> SpamapS:  also privmsg'd the bug to you
<SpamapS> TheLordOfTime: looks about right :-P
<rbasak> TheLordOfTime: we can cherry-pick that patch if it matters, otherwise pick it up from Debian on the next merge/sync?
<TheLordOfTime> SpamapS:  at this point, there's a patch in Debian that was adopted and probably is usable, the only thing I need to worry about right now is getting the bug to Triaged/[SomePriority]
<TheLordOfTime> rbasak:  this affects Precise
<TheLordOfTime> AFAICT...
<TheLordOfTime> Found in version nginx/1.2.0-1
<TheLordOfTime> Fixed in version nginx/1.2.1-1
<rbasak> Looks like it needs an SRU then :)
<TheLordOfTime> ^ from Debian BTS
<uvirtbot> TheLordOfTime: Error: "from" is not a valid command.
<TheLordOfTime> shut up you bot
<TheLordOfTime> rbasak:  what about the bug priority?
<mgw> If I set up dhcp peers, will they share lease information? Or does the peer system just keep all but one of the peers from responding to lease requests?
<TheLordOfTime> I'll handle the SRU after i'm back from vacation, but right now I"d like to set that to Triaged/[somepriority] and I'm unsure of the relationship between level of the violation and ubuntu bug priority
<rbasak> IMHO, it's not really about the level of policy violation, especially for a stable release. The priority should be based on the impact it has to real users.
<rbasak> t's subjective, I'd go with Medium, since it's not going to affect that many real users, as it's an edge case.
<rbasak> Thanks for volunteering for the SRU!
 * SpamapS raises the bug to Critical
<SpamapS> throwing peoples' configs away == Critical
 * patdk-wk raises a beer
<TheLordOfTime> ^ that
<uvirtbot> TheLordOfTime: Error: "that" is not a valid command.
<TheLordOfTime> SpamapS:  while you're there, you able to approve the Precise nomination?
<SpamapS> TheLordOfTime: somebody did :)
<TheLordOfTime> cool.
<TheLordOfTime> SpamapS:  note: 1.2.1-2 was in Quantal and the fix in Debian was in 1.2.1-1 so Quantal and later are Fix Released
<TheLordOfTime> (bug set as such)
<TheLordOfTime> SpamapS:  no harm in setting "In Progress" and assigning myself, then sitting on my hands until I'm back at home to create the SRU, right?
<TheLordOfTime> (you can expect me to ask for sponsoring :P)
<SpamapS> TheLordOfTime: the only harm is that nobody else can work on it whiel you sit on your hands.
<patdk-wk> your hands really that cold?
<TheLordOfTime> hehe
<TheLordOfTime> SpamapS:  honestly, i'll have a debdiff soon enough, probably before i'm home from vacation...
<TheLordOfTime> but the internet on my phone is so flaky here... I'm not sure it'll be uploaded until two days from now
<TheLordOfTime> when i'm either at a hotel with good wifi or already at home
<TheLordOfTime> (flaky wifi is flaky)
<SpamapS> good hotel wifi is flaky. :(
<TheLordOfTime> SpamapS:  premium hotel wifi at a four star hotel, costing $9.99 for 24 hours with a consistent 54Mbps downspeed is flaky?
<TheLordOfTime> o.O
<SpamapS> TheLordOfTime: They're getting better all the time at the good ones.
<SpamapS> TheLordOfTime: for a long time the 4-star's were worse than the 2-star's
<SpamapS> It was like, best western was giving me 10Mbits but the Hilton wouldn't even give me enough wifi signal.
<zul> roaksoax/adam_g: https://code.launchpad.net/~zulcss/keystone/refresh/+merge/178127
<zul> roaksoax: refreshed https://code.launchpad.net/~zulcss/ceilometer/refresh/+merge/177898
<lightweight> Evening! I just installed a new nic. I doesnt light up, but ifconfig displays eth0 eth1 eth2. What to do?
<lightweight> added a new one that is, I didnt replace my old card.
<sarnold> lightweight: try another wire? try another port on the switch?
<lightweight> sarnold: both wire and port on switch worked fine yesterday on another computer, same goes for the NiC
<lightweight> as you understand, Ive moved this stuff to a new computer now
<sarnold> lightweight: re-seat the nic in the computer?
<genii> Maybe check /etc/udev/rules.d/70-persistent-net.rules  to see which of them are getting what designations of eth0 eth1, eth2 and so on
<sarnold> heh, he pinged out, wonder if he was ircing from that machine?
<genii> Probably
<mgw> If I set up dhcp peers, will they share lease information? Or does the peer system just keep all but one of the peers from responding to lease requests?
<Bilge> I'm trying to install mongo extension into PHP after upgrading to 5.5 but it's looking in the wrong place, or it installed the shared object to the wrong place
<Bilge> I get PHP Startup: Unable to load dynamic library '/usr/lib/php5/20121212/mongo.so'
<Bilge> Sure enough it's not in that location, it's in /usr/lib/php5/20100525/ instead
<Bilge> But I don't understand what those date folders mean or where they're configured
<Bilge> OK figured it out ;3
<memus> you did pecl install again?
<Bilge> Yes, but also php5-dev
<Bilge> Both are needed to be updated
<memus> good to know. Iá¸¿ gonna upgrade next wekk. :)
<memus> *week+
<ssfdre38> is there a way to track e-mail messages being sent from or from what user?
<sarnold> ssfdre38: I expect so, which email server are you using?
<ssfdre38> sendmail
<sarnold> heh, the section on logging in the sendmail manual is surprisingly short. :/
<sarnold> ssfdre38: if you don't get the information you need in the logs by turning up the logging level, you might be able to get there by using a milter.
<Brian21> Hi Everybody!
<Brian21> I would like help with drbd.
<Brian21>  Starting DRBD resources                                                                                                                    [ d(r0) 0: Failure: (104) Can not open backing device
<multiHYP> hi
<multiHYP> can someone help me please get the gui running on my server?
<multiHYP> I have a vac, installed ubuntu-desktop too, but gnome-classic fails to run via lightdm and startx cannot even start.
<multiHYP> *vnc
<sarnold> multiHYP: investigate xvfb
<multiHYP> what is xvfb?
<multiHYP> sarnold: can you elaborate?
<sarnold> multiHYP: xvfb is an X server that does not require hardware to function. it might be just the thing for you, if you want to use vnc.
<multiHYP> my internet is in 1 word, crap (china like crap) without going into too much details.
<sarnold> multiHYP: oh man :(
<multiHYP> i would really like to use what I already have installed
<multiHYP> i.e. ubuntu's own desktop
<Patrickdk> without going into detail? you just well
<sarnold> hey Patrickdk :)
<Brian21> hi everyone!
<multiHYP> well I'm behind a firewall that blocks proxies and vpns
<multiHYP> so if this gui works might be my only chance of checking some banking stuff.
<Brian21> can any one can help with drb?
<Patrickdk> Brian21, till you state the issue, not really
<Brian21> Basically I followed this guide https://help.ubuntu.com/12.04/serverguide/drbd.html and get the following error
<Brian21>   [ d(r0) 0: Failure: (104) Can not open backing device.
<Patrickdk> do your disks actaully exist?
<Patrickdk> and did you skip step 4?
<sarnold> Brian21: what command did you run that you got that error?
<Brian21> sudo /etc/init.d/drbd  start
<sarnold> Brian21: did you execute step 4 on both servers?
<Brian21> yes
<Brian21> no errors
<sarnold> Brian21: can you paste the drbd.conf file that you used to a pastebin? (redact the secrets if you need to)
<Brian21> yes
<Brian21> Sarnold, here's the link http://paste.ubuntu.com/5938163/
<Patrickdk> the whole disk?
#ubuntu-server 2013-08-02
<sarnold> Brian21: are both disks identical?
<Brian21> no
<Patrickdk> they need to be the same size
<Brian21> physically ?
<sarnold> yes
<Patrickdk> this is one reason to use partitions :)
<Patrickdk> besides making it easier to replace a failed disk
<sarnold> you can partition them both to make them have a same-sized partition..
<Brian21> hmm  I was trying to create like 100 gb disk to test it out
<Brian21> one of the server i got 3 hard drive (2) 1 tb and (1) 2 tb on server2 i have one 250 gig
<Brian21> I'm open for any suggestions
<Patrickdk> suggestions about what?
<Brian21> if I can specify lower size with out using the whole disk?
<Patrickdk> you do know what a partition is right?
<Brian21> yes its a logical section of the hard drive..
<Brian21> well i guess im going to use virtualbox and c if that helps
<Brian21> Thanks for your help
<sarnold> Brian21: have fun :)
<ssfdre38> how do i do the insmod for iptables
<ssfdre38> ok im trying to use iptables and i keep on getting iptables v1.4.12: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
<ssfdre38> Perhaps iptables or your kernel needs to be upgraded.
<ssfdre38> can i get some help to get it started back up
<sarnold> ssfdre38: as a start, modprobe ip_tables
<sarnold> ssfdre38: there's a lot of other modules you can load; 'filter' will require the iptable_filter module to be loaded. I'm curious if it'll be automatically loaded or not
<qman__> ssfdre38, it's loaded by default, so if you didn't do something to prevent it from loading, you're seeing a red herring
<martisj> morning
<martisj> anybody had issues with apc 3.1.3p1-2 and apc unable to allocate memory for pool :....
<martisj> ?
<martisj> it's filling up our logs quicker than we can delete it :)
<martisj> on ubuntu 10.04.03
<martisj> 10.04.3 LTS that is
<martisj> Lucid :)
<qman__> https://bugs.php.net/bug.php?id=58982
<qman__> also, you're pretty far out of date on updates
<qman__> the .4 point release was out a long time ago
<martisj> qman__: thanks I am fully aware. but this is a choice senior dev dude has made, don't ask me why
<martisj> he was running the staging server on 12.xx
<martisj> but moved everything over to the one lucid server
<martisj> ?! :S
<qman__> I'm not saying that running lucid is the problem (though you don't have much life left at this point)
<qman__> just that your lucid server is way out of date
<qman__> and if this bug is in an official ubuntu package, it's probably been fixed in an update
<qman__> maybe not: https://launchpad.net/ubuntu/lucid/amd64/php-apc/
<qman__> shows that as the latest version there
<Patrickdk> more likely out of shm memory
<Patrickdk> oh, that is what that bug report is about
<martisj> Patrickdk: according to our config it says apc.shm_size=30
<martisj> i tried doing the apc.mmap_file_mask = /tmp/apc.XXXXXX but it gave this error: apc_mmap: ftruncate failed: File too large
<martisj> I shoujld probably install pecl
<monuto> anybody feel like helping an ubuntu/linux noob? =)
<monuto> im running ubuntu 12.04. trying to use the chat program empathy, and i'm having trouble with a plugin for skype.
<martisj> monuto: is this on ubuntu server ?
<VsioZashibis> hi guys. how can i change default crontab editor from nano to vi ?
<thumper> VsioZashibis: tried "export EDITOR=vi" ?
<qman__> VsioZashibis, update-alternatives --set editor /usr/bin/vim
<LargePrime> hello
<LargePrime> I am looking for advice on setting up a ssh user for a quick and dirty VPN
<LargePrime> How can i give ssh to a user with a key, but keep them from running commands to accessing the server?
<qman__> you can't
<qman__> the only way to sort of accomplish that is to chroot them
<qman__> they still have a shell though and can still run things
<qman__> it's less effort to set up a VPN proper than to wall off a shell account in the manner you desire
<LargePrime> thans qman__
<sarnold> yes, setting up a real vpn would be easier; that said, if you really want to go down the route of locking down an ssh user, here's some suggestions: http://wiki.apparmor.net/index.php/Pam_apparmor_example
<sarnold> VsioZashibis: I always just apt-get purge nano first thing, I never want to use nano so goodbye. :) hehe
<VsioZashibis> I got it thanks gusy
<VsioZashibis> guys*
<LargePrime> ok so while we are at it, best practice for setting up a vpn?
<sarnold> LargePrime: I enjoyed using an ipsec vpn eight years ago, it Just Worked. the other VPNs I saw at the time were more annoying to configure and less reliable.
<sarnold> LargePrime: that said, I've heard good things about openvpn.
<qman__> LargePrime, I use openvpn, the setup isn't too bad and if you use easyrsa, making the keys is super simple
<LargePrime> pointers, tips, best practice? Links?
<qman__> there's probably a section on it in the server guide, I set mine up about five years ago and haven't touched it since
<LargePrime> i mean i have openvpn
<LargePrime> how often do you add /remove users?
<qman__> not that often, but you just generate or delete the key sets
<qman__> I've also never had any reliability issues, the only time it ever went down was during a hard drive failure
<qman__> I was unable to restore the whole server so I just installed a new VM, copied my configs over, and it worked perfect
<sarnold> haha :)
<qman__> source was 8.04, destination 12.04
<LargePrime> thanks qman__  and sarnold
<ssfdre38> ok im trying to block an ip address from my server and i get this error http://pastebin.com/4e9MZ7MJ when i do it on iptables, does anyone know how to fix it?
<sarnold> ssfdre38: what does lsmod | grep -i ipt   show?  What does iptables -n -L  show?
<ssfdre38> http://pastebin.com/EE0ehp29 and http://pastebin.com/skhhEw77
<sarnold> ssfdre38: interesting. do you know why /proc/modules isn't there?
<ssfdre38> nope
<sarnold> ssfdre38: try sudo mount -t proc proc /proc
<ssfdre38> its already mounted
<sarnold> proc is mounted but not modules file? very curious.
<sarnold> is your kernel compiled without modules support?
<ssfdre38> i didnt tell it not to be
<ssfdre38> it was working before hand
<sarnold> CONFIG_MODULES in your kernel configuration..
<ssfdre38> i dont even know where that is at as i never really messed with that
<sarnold> ssfdre38: do you have a /proc/config.gz file? or a /boot/config-`uname -r` file?
<ssfdre38> i do have the first one
<sarnold> aha, cool, how about gzip -cd /proc/config.gz | grep MODULES  ?
<ssfdre38> http://pastebin.com/GmEdjfVC
<ssfdre38> sorry its just one of those days
<sarnold> ssfdre38: well, okay. you'll either need to recompile your kernel to include iptables, or you'll need to recompile your kernel to include loadable modules _and_ iptables modules.
<sarnold> ssfdre38: if you just want to drop traffic from one IP, check this out: http://www.cyberciti.biz/tips/how-do-i-drop-or-block-attackers-ip-with-null-routes.html
<sarnold> (I'm not sure that's the best guide, the domain name is certainly .. troubling .. but the commands look about right.)
<ssfdre38> well its just i moved my work's sites onto my server and so some stuff has came along with it that im dealing with that crashed theirs so its just one of those days to find and remove all day
<sarnold> :(
<ssfdre38> yea its just one of those days with me
<johndoe2> Hi. I made a big bummer by starting  "sudo apt-get remove linux-image-3.2.0-2*". Now it's removing all my kernels in a loop, it seems. Can I interrupt it somehow? So far, I just stopped the process.
<johndoe2> johndoe2, I found a solution :-)
<MACscr> If i wanted to boot ubuntu through pxe/nfs and then have it run from memory, any suggestions on doing this? Im not trying to install from pxe, I simply want to have diskless servers. I will though probably need to create some sort of custom image I would think as i do need to have certain software installed. Not 100% sure how that would work. It would be for an openstack compute node.
<xnox> MACscr: look into edubuntu, i think they support such installation type out of the box, using LTSP
<MACscr> xnox: ok, these will be servers though
<MACscr> i will check into it closer though
<xnox> MACscr: I guess you want to boot that node from volume then for openstack. Maybe openstack specific forums is better, e.g. https://ask.openstack.org/question/49/any-hint-for-a-compute-node-diskless-setup-only-iscsi-netapp-persistant-disk-for-vms/
<xnox> MACscr: cause yet, edubuntu ltsp stuff is kind of geared towards a beefy server exporting ubuntu install (with desktop) to thin & fat clients.
<MACscr> xnox: thanks for the edu link nonetheless. Cool stuff
<ole`01> Hi. I have a problem with mime type of .webm videos. On my local machine, php gets the correct mime type, which is video/webm. But my virtual server gets it as application/octet-stream. Configuration has been made through a file /etc/apache/conf.d/mimetypes.conf which defines webm, ogg and mp4 via 'AddType video/webm .webm' ...
<msafi> I'm using SSH to administer a server on Amazon cloud and reading a book on Ubuntu server administration
<msafi> The book talks about the possibility of installing a GUI...can I really install and use a GUI through SSH?
 * msafi doesn't wanna install a GUI and not be able to use it...
<mardraum> you can tunnel X11 over ssh, yes
<mardraum> why on earth you would want to is another question
<Pici> It will be extremely slow... also, there are not that many gui front ends for things that are meant to be installed on headless servers.
<Pici> and if there are, they're web based.
<msafi> It sounds complicated even
<msafi> Many people these days administer servers using SSH, so I'm not sure why this popular book is covering GUIs
<mardraum> because it's a popular book? :P
<mardraum> written for noobs
<msafi> This is the one: http://www.amazon.com/Beginning-Ubuntu-Server-Administration-Professional/dp/1590599233/
<msafi> Anyway, thanks for the help. I'll go ahead and skip the GUI section...
<zul> roaksoax:  https://code.launchpad.net/~zulcss/glance/refreshed/+merge/178298
<psivaa> hallyn: reported bug #1207675 for an lxc test failure in the saucy smoke suite. has happened twice out of 4 attempts.
<uvirtbot> Launchpad bug 1207675 in ubuntu-test-cases "test_lxc_api test fails during container creation " [Undecided,New] https://launchpad.net/bugs/1207675
<resno> i have vsftpd setup but it wont let my user create a directory, but it will allow them to upload files.
<resno> you cant stop apparmor?
<zul> roaksoax:  https://code.launchpad.net/~zulcss/nova/refreshed-1/+merge/178314
<d4m> Seeing bad signature errors on ubuntu repos on ec2 and s3, any maintainers here?
<jdhigh9000> anybody know if using symlinks from thunderbird to the mail folder /home/user/mail will work with mutt?
<sarnold> jdhigh9000: I'd be careful to use read-only mode in mutt, no need to seriously confuse thunderbird
<jdhigh9000> sarnold: thanks for the heads up. im a newbie :)
<mgw> If I set up 2 or more dhcp peers, will omapi updates (and leases, for that matter) propagate across the peers? Or is the peer system merely for ensuring multiple servers are not trying to answer dchp requests?
<mynameisdeleted> so... custom ubuntu install designed around one piece of software as an appliance
<mynameisdeleted> plan to distribute as a virtualbox image, but maybe later a cdd for server.. I think best way to make it work in every server or virtual environment is as a kcikstart file that works with regular install cd
<mynameisdeleted> I want this to ask user to configure stuff onthe first boot before the first login too.. software settings
<TimothyA1> hello, this morning I did an apt-get upgrade and it appears GRUB has been failing in a couple of ways. the server has a software RAID-1 setup and /dev/md1 and /dev/md2 as its disks. These are pastes of output of prior diagnostics: http://paste.ubuntu.com/5941192/ http://paste.ubuntu.com/5941199/
<TimothyA1> is this machine still safe to reboot?
<sarnold> TimothyA1: I'd be scared too...
<TimothyA1> I've had GRUB complain multiple times in the past, but then it at least still showed /dev/md1 and /dev/md2 as an option to install it
<TimothyA1> now it only gave /dev/md1 as an option and complained it could not find the drive
<TimothyA1> if I were to reboot the machine and it wouldn't boot up, would there be a way to fix this in a recovery shell?
<TimothyA1> I'm rebooting...
<TimothyA1> it's safe :D
<TimothyA1> fwew
<TimothyA1> now on to a different issue; why is apt holding back my mysql-server packages?
<sarnold> TimothyA1: nice!
<TimothyA1> ....and the PHP update broke PHP... excellent
 * TimothyA1 bangs his head on the wall
<TimothyA1> okay, that's fixed. now, the mysql-server issue...
<TimothyA1> The following packages have been kept back:  mysql-client-5.5 mysql-server-5.5 mysql-server-core-5.5
<koolhead17> adam_g, hola
<adam_g> koolhead17, highvoltage
<adam_g> er
<adam_g> koolhead17, hi
<adam_g> :)
<koolhead17> adam_g, how have you been sir?
<adam_g> koolhead17, doing good, you?
<koolhead17> adam_g, alive/sleepless
<koolhead17> insomniac
<koolhead17> arosales, hi there
<koolhead17> its been while i spoke to folks here
<arosales> koolhead17, hello
<arosales> koolhead17, sorry for the late reply.
<pHcF> hi, i'm looking for a tool to sit in the front of my server stack and able to check for a HTTP parameter in a request's body and redirect it to a specific server, like a reverse HTTP proxyâ¦ i tried nginx to do this, but i'm not very happy with it
<sarnold> pHcF: apache can also reverse proxy, but I might have expected nginx to do a better job of it. whta didn't you like about nginx?
<pHcF> first because I can't check for a specific http parameter in request's body if it's POST or PUT
<pHcF> (because it starts handling redirects/rewrite rules before having all the data of the request)
<Brian21> hi everyone
#ubuntu-server 2013-08-03
<tohuw> 12.04.2. I have an apt-get upgrade that failed due to insufficient space in /boot. I am attempting to purge a deprecated header package, but cannot due to the failure of the previous package. How can I reset the state of apt-get to allow me to purge the packages and stop attempting to install the failed one?
<mardraum> I wish I knew the correct answer, I temporarily move things out of the way to make enough room so apt-get canb complete. I'm not saying this is correct, only that it has worked for me.
<mardraum> old headers would be pretty safe.
<tohuw> mardraum: yeah, that's what I'm doing now. Thank you... there really should be an obvious, documented way to deal with this situation
<Brian21> I could use help with drbd on 12.04 ubuntu please
<Brian21> [r0] cmd /sbin/drbdsetup 1 disk /dev/sda /dev/sda internal --set-defaults --create-device  failed - continuing!
<Brian21>  
<pHcF> i've configured logwatch to send emails to me. I've just changed the email to my new email address, and after trying to send a logwatch report, i'm not receiving anything im my new emailâ¦ I checked everything: spam, smtp servers, etc. If i change the email to send the report to my old email, it works. any ideas?
<frojnd> Hi there. Today I was trying to update system while I encounter errors during the update: http://sprunge.us/TgVM
<frojnd> Now there it says: no space left on device, so I checked with df -h http://sprunge.us/WeGb
<frojnd> The only partition that is 100% full is /boot
<frojnd> any ideas how can I free up some space on this partition which is already very small ~100MB?
<frojnd> ok.. so kernel try to install into /boot ... Ah zeh, that's why when I install servers from scratch I do it a little bit more bigger. So can you advice me of any information how can I repartition /boot and take space from / ?
<frojnd> help a little? :)
<frojnd> This chan is moderate
<frojnd> I then tried to purge some old headers but I can't it keeps throwing at me: You might want to run 'apt-get -f install' to correct these linux-generic : Depends: linux-headers-generic (= 3.2.0.49.59) but 3.2.0.51.61 is to be installe ...
<frojnd> So I can't use apt-get to free up some space, can someone advice me how can I make /boot partition bigger?
<jongbergs> !topic
<ubottu> Please read the channel topic whenever you enter, as it contains important information. To view it at any time after joining, simply type /topic
<frojnd> jongbergs: your point being? :)
<jongbergs> Hi, I've just read the ubuntu server guide on setting and configuring dns server, in the guide it uses private ip address for the nameserver. Does this work or should I use public ip address instead of private ip?
<maxagaz> hi
<maxagaz> I'm trying to install ubuntu server from usb
<DenBeiren> could someone explain what the MAAS server install is for?
<maxagaz> but I get an error message: [!!] Load installer components from CD, Failed to copy file from CR-ROM. Retry?
<DenBeiren> maxagaz, i would reflash the usb drive
<maxagaz> DenBeiren: I did it twice already
<maxagaz> DenBeiren: with ubuntu 12.04 server and 13.04 now
<maxagaz> DenBeiren: using Unetbootin
<DenBeiren> maxagaz, try different stick, or burn cd
<maxagaz> DenBeiren: I don't have cd drive
<frojnd> Hi there.
<frojnd> Today I tried and setup OpenVPN on one server because I'm gonna visit some "unsafe" countries in the near future... the problem is on client *I think* I tried to connect and I keep getting those two errors: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) and TLS Error: TLS handshake failed
<frojnd> Little ducking suggested that in 99% the root cause is lousy firewalls, so I've tried and switched to proto tcp on server, I still get this errors.
<frojnd> I use software firewall on the server: ufw, and I've enabled 1194/tcp and 1194/udp
<frojnd> I've also double clecked that port is the same on client '1194'
<frojnd> I do however see something like this when I'm running openvpn /etc/openvpn/server.conf http://sprunge.us/LdWB
<frojnd> Again little duck ducking suggested that I should look for a port that is already in use but I can't find it from this message.
<frojnd> ah.. that's because previously  was already running openvpn, I started it within initd
<frojnd> so no errors on server side
<frojnd> bah annoying proble, how can I solve it for clients?
<johnrochie> HI guys, how is everyone?
<johnrochie> I've set myself up a home version of Ubuntu server and I was wondering if it would be possible to store a copy of an operating system on it and then network boot to install the system?
<ikonia> johnrochie: look up pxebooting
<frojnd> Any ideas on my OpenVPN problem? :)
<frojnd> The documentation I was diggin up was: https://help.ubuntu.com/12.04/serverguide/openvpn.html
<qman__> frojnd, make sure you stop with init.d and then kill off all openvpn processes, then start with init.d
<qman__> also make sure your client conf uses the same options as the server conf
<qman__> and also, if you're on the same network with the server and client, it's not going to work
<qman__> if you have more than one network on your local internet connection, you still need to enable loopback routing if you want that to work
<qman__> another thing to consider, make sure the network you want to VPN into uses an unusual IP scheme, as you can't have the same IP scheme at both ends of the tunnel
<qman__> e.g. if you have 192.168.1.x at home, and 192.168.1.x while traveling, you won't be able to connect
<Alex_JB> Hi everyone!
<stetho> Hi all. I'm trying to get to grips with PXE booting, apt mirror and kickstart - I've got the PXE booting working and if I set an existing machine to do its updates from my local apt-mirror that works as well. However, if I create a ks.cfg file with the line url --url http://192.168.1.7/ubuntu it fails. The installer says it can't find the mirror, the log says http://192.168.1.7/ubuntu//dists - 404; I think that doub
<stetho> slash is my problem but I can't figure out where it's coming from.
<frojnd> qman__: here?
<frojnd> qman__: server has only external IP address assigned to ethernet card, so no problwms with 192.168.1.*
<frojnd> I've started and stopped OpenVPN with /etc/init.d/openvpn start/stop
<frojnd> qman__: is there any generator for configs I do have config for server and I did create one or client but I'm just wondering if there is some kind of generator
#ubuntu-server 2013-08-04
<frojnd> Aloha
<daChris> seas
<frojnd> daChris: do you have any experinece with openVPN on ubuntuServer?
<frojnd> or anyone else for that matter
<frojnd> I keep getting TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) and TLS Error: TLS handshake failed
<Patrickdk> ya, try talking to openvpn using openvpn :)
<frojnd> I did :D
<Patrickdk> normally that means something is is attempting to talk to it
<frojnd> problem on client side?
<daChris> iptables?
<frojnd> I've checked that client is using udp, ip, port, corresponding certificates and everything
<frojnd> don't use iptables on client side
<daChris> did you use iptables on server side?
<frojnd> daChris: I use ufw, I just opened udp and tcp 1194 with ufw firewall
<daChris> deactivate iptables and test it again
<frojnd> is there a simple way to deactivate iptables?
<frojnd> by simple I mean *easy*
<frojnd> also
<frojnd> ufw uses iptables, if I disable ufw then iptables won't take effect or am I wrong?
<frojnd> nevertheless I'ev disabled iptables and ufw, still can't connect with client :o
<frojnd> deactivated iptables*
<frojnd> hm
<frojnd> brb
<frojnd> Hm.. any other ideas what I might test?
<frojnd> ...in order to make OpenVPN work
<frojnd> Reading this page now: http://openvpn.net/index.php/open-source/faq/79-client/253-tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity.html A perimeter firewall on the server's network is filtering out incoming OpenVPN packets (by default OpenVPN uses UDP or TCP port number 1194). <- I'have disabled ufw and deactivated iptables, still the same error
<frojnd> A software firewall running on the OpenVPN server machine itself is filtering incoming connections on port 1194. Be aware that many OSes will block incoming connections by default, unless configured otherwise.
<frojnd> ^^ disabled ufw
<uvirtbot> frojnd: Error: "^" is not a valid command.
<frojnd> I think I found the cause
<frojnd> finally
<frojnd> I'm just ashamed didn't remebered this earlier
<frojnd> looks like I didn't make "correct" rule with ufw about tcp and udp ports
<frojnd> Hm.. ufw allow 1194 should enable tcp and udp
<frojnd> yet, when I do netstat -au don't see any 1194 port there
<frojnd> also nestat -lnt | grep 1194 won't show it
<frojnd> odd
<qman__> that means openvpn isn't running
<frojnd> qman__: ah yeah forgot to start it
<qman__> even if blocked in the firewall it would still show up there
<frojnd> hm ok
<frojnd> so I now removed all 1194 entries in ufw and did: ufw allow 1194/udp
<frojnd> I've started openvpn, and when I do netstat -lnt | grep 1194 I can see 1194 there, but when I do netstat -au | grep 1194 can't see 1194 there
<frojnd> ah, gotta check what openvpn uses anyways
<qman__> -au doesn't show listening ports
<qman__> so it would not show up there
<frojnd> open udp ports
<frojnd> or I red help page wrong
<qman__> yes, and there aren't any open yet
<qman__> there would be once a connection was established
<frojnd> Ok
<frojnd> Hm.. looks like for some reason when using udp ports client can't connect
<frojnd> But if I use tcp ports it can
<frojnd> Can I configure openvpn server to use both tcp and udp?
<qman__> pretty sure it's an either/or setting
<qman__> if you turn off the firewall, does udp still not work?
<frojnd> qman__: yes
<frojnd> I don't know why
<qman__> are both client and server set to udp?
<frojnd> yes
<frojnd> currently
<qman__> ok, do you have a router or some other device that might be firewalling you?
<frojnd> on client side I have some embedded modem/router device
<frojnd> that ISP gave me
<frojnd> but I'm configuring this for when I'm gonna be abroad
<frojnd> because I'll use free wifi with my mobile and I need to have safe connection
<frojnd> brb
<qman__> ok, it wouldn't be that
<qman__> there's nothing wrong with using tcp, it's just a little bit slower due to the added overhead of the tcp protocol
<beneter_> Hello, I'm trying to activate PFS on my apache on ubuntu 12.04 LTS. But the server won't start and complains about: "Unable to configure permitted SSL ciphers"
<beneter_> Also I'm not possible to activate TLSv1.2
<beneter_> do I really have to compile apache by myself, or am i missing something?
<Patrickdk> beneter_, the fact you think this is even an apache issue, tells me you don't even know where to start
<frojnd> I'm still curious why I can't connect to openvp using udp port
<beneter_> Patrickdk: @ #ubuntu-de I know got the information, that - in fact - it is an apache issue. I'm using 2.2.22 which is the up-to-date version in the standard repos of 12.04 LTS AND which doesn't jet support the Ciphers needed.
<beneter_> *yet
<Patrickdk> apache has nothing to do with ssl
<Patrickdk> and apache on 12.04 does support tls1.3 tls1.4 tls1.5 ....
<beneter_> but the default plugins do ;)
<Patrickdk> if they ever make those standards
<Patrickdk> the default plugs for apache support tls 1.1 and tls1.2
<beneter_> mod_ssl
<Patrickdk> do you know what mod_ssl is?
<Patrickdk> it's a wrapper for openssl
<Patrickdk> openssl in 12.04 has no tls 1.1/1.2 support
<beneter_> it's a wrapper around openssl as far as i know
<Patrickdk> so how would mod_ssl have it?
<Patrickdk> so switch to one that DOES have support
<beneter_> mod_ssl should support the needed cipher suites, or not?
<Patrickdk> or replace openssl
<Patrickdk> mod_ssl doesn't have anything
<Patrickdk> it's a wrapper
<beneter_> so all i need to do is update opensslÃ
<beneter_> *?
<Patrickdk> you could
<Patrickdk> or you could just use an apache ssl that doesn't use openssl
<beneter_> but GnuTLS insteadÃ
<beneter_> *?
<Patrickdk> if you want, sure
<beneter_> okay, I have to think about this step :)
<Patrickdk> or I could tell you a secret way to upgrade mod_ssl with a newer openssl, that doesn't ahve to be compiled
<beneter_> i'm listening... XD
<MACscr> why is "sudo wget -q http://deb.theforeman.org/foreman.asc -O- | apt-key add -" responding back with "ERROR: This command can only be used by root."?
<Patrickdk> MACscr, cause you didn't run apt-key as root
<Patrickdk> dunno why you would run wget as root
<beneter_> u shoud write sudo before apt-key
<MACscr> lol, doh. good call
<MACscr> i was just coping and pasting. Didnt even think about it
<andol> MACscr: Common mistake :)
<Patrickdk> beneter_, check out mod_spdy
<Patrickdk> after you install it, you can always disable mod_spdy
<beneter_> tried it, didn't really liked it ;)
<Patrickdk> guess you didn't pay close enough attention
<beneter_> might be
<Patrickdk> it comes with mod_ssl with newer openssl
<beneter_> I'll give it a second try
<beneter_> But I think I had some sort of compatability issue
<Patrickdk> dunno how you could have a compatability issue
<beneter_> CalDav / SVN .... I don't remember...
<Patrickdk> heh? those have issues with mod_ssl?
<beneter_> mod_spdy
<beneter_> but I don't remember enough.... might be something different...
<Patrickdk> did you not listen to me?
<Patrickdk> I said you can always disable mod_spdy
<Patrickdk> mod_spdy != mod_ssl
<beneter_> yea... What are we talking about? ^^ Weren't you saying, I should install mod_spdy with it's pendant to mod_ssl to be possible to use PFS?
<beneter_> sorry, I don't get it
<beneter_> now I get it...
<beneter_> sorry again
<beneter_> I'll install mod_spdy and a2dismod mod_spdy and can use the new mod_ssl... right?
<Patrickdk> yes
<Patrickdk> make sure the new mod_ssl is enabled though
<Patrickdk> it is called something like mod_sslnpn
<beneter_> okay
<beneter_> I don't have enough time to try it now... gotta go.
<Patrickdk> I think it edits the mod_ssl.load file to do it
<beneter_> thank you very much for your help
<Matrix3000__> Anyone aware of how I can use pam_groupdn to enforce group membership requirements from ldap
<Matrix3000__> Trying to restrict access to servers using Active Directory authentication without having to make the client a domain joined system.
<Matrix3000__> I can get it to use one group. But I need more than one
<DenBeiren> it's been ages since my last ubuntu serverinstall,.. seems like i am overseeing something in configuring samba :-)
<DenBeiren> i see the share in my network, but i can't access it :s
<qman__> DenBeiren, smbpasswd -a
<MACscr> hmm, why do you guys think im getting this duplicate sources entry for foreman? I dont see any duplicates http://pastie.org/pastes/8206483/text?key=8jf6msfsfgynht3p2cdna
<frojnd> Hm, I've successfully configured basic openvp. Now I'd like to setup routed VPN configuration, so when client uses openVPN everything wold go through openVPN so external IP would be changed https://help.ubuntu.com/12.04/serverguide/openvpn.html#openvpn-advanced-config I've configured everything except for user and group and password authentication.
<frojnd> WHen I test with client, I can ping 10.8.0.1 but when using a browser I'm in infenite loop
<frojnd> And I don't know whyx
#ubuntu-server 2014-07-28
<sarnold> arrrghhhAWAY: sorry, I don't know why the do-release-update thing isn't prompting for 14.04.1 upgrades from 12.04 yet, it's pretty far out of my experience
<pmatulis> sarnold: ?
<sarnold> pmatulis: ah, I had'nt read enough scrollback to realize that Nivex had found the core of the problem :)  see 13:57 here: http://irclogs.ubuntu.com/2014/07/27/%23ubuntu-server.html
<pmatulis> sarnold: ok.  i thought things might have been postponed due to a nasty bug i saw a few days ago
<sarnold> pmatulis: eek
<pmatulis> (desktops not upgrading properly)
<pmatulis> sarnold: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1347964
<uvirtbot> Launchpad bug 1347964 in ubuntu-release-upgrader "Precise w/Trusty HWE -> Trusty release upgrade fails : ubuntu-desktop fails to configure" [Critical,Triaged]
<sarnold> pmatulis: wow. nice catch. that looks like reason enough to hold off recommending 14.04.1 upgrades :)
<arrrghhh> pmatulis, sarnold just read back.  thx.  that would seem to only affect the -desktop version tho?
<arrrghhh> or is it a kernel issue.  maybe I'm misreading this haha
<sarnold> arrrghhh: yes and no; server vs desktop is just default package selections, there's not that much different between them
<arrrghhh> ya but the issue seems to be related to the meta-package "ubuntu-desktop"
<arrrghhh> which ofc the -server ed does not use/include
<sarnold> right, but the same mechanism is used to upgrade them both :)
<arrrghhh> ah.  hm.
<MavKen> trying to send out mail using swiftmailer via amazon ses..
<MavKen> Connection could not be established with host email-smtp.us-west-2.amazonaws.com [Unable to find the socket transport "SSL" - did you forget to enable it when you configured PHP? #32600]"
<MavKen> ubuntu 14.04   openssl installed
<MavKen> any ideas?
<socketguru> hi
<socketguru> what should I use for auto starting applications on lxde on ubuntu-server 14.04
<socketguru> lxde has its own auto start script
<socketguru> But I have to open 2 split windows on screen at startup
<socketguru> So I can display 2 urls on same screen
<socketguru> Does anyone have any idea about this
<cfhowlett> !server | socketguru
<ubottu> socketguru: Ubuntu Server Edition is a release of Ubuntu designed especially for server environments, including a server specific !kernel and no !GUI. The install CD contains many server applications. Current !LTS version is !Trusty (Trusty Tahr 14.04) - More info: http://www.ubuntu.com/products/whatisubuntu/serveredition - Guide: https://help.ubuntu.com/12.04/serverguide/C/ - Support in #ubuntu-server
<socketguru> I tried for firefox plugin but could but could not find
<socketguru> ok
<socketguru> I was expecting some response from a real user
<cfhowlett> socketguru you asked a server question.  experts are in #ubuntu-server.  expect to get ragged for installing a gui on a server.  signed /realperson
<GTRsdk> can someone please tell me that default mysql doesn't store data in /var
<Abhijit> GTRsdk, #mysql
<GTRsdk> Abhijit, but this is on Ubuntu
<GTRsdk> not RHEL, Gentoo, etc
<GTRsdk> or even Windoze
<GTRsdk> okay so it turns out that it wsa stored there :(
<GTRsdk> now any idea on what would happen
<GTRsdk> if I moved imprtant data to /tmp/ and rebooted?
<ikonia> depends where /tmp is mounted from
<GTRsdk> ikonia, I believe it is just tmpfs, however I do not see it in /etc/fstab
<ikonia> so check it
<ikonia> it may not even be mounted, it may just be a directory
<ikonia> check where /tmp is mount/presented "from"
<GTRsdk> A guy moved /var -> /tmp/var, rebooted, and now it is gone
<ikonia> check where /tmp is mount/presented "from"
<ikonia> chances are it's either tmpfs or disk that's set to clear down on boot as /tmp is normally transient data
<ikonia> so it's gone
<GTRsdk> bummer :(
<GTRsdk> oh to check though wasn't there like /etc/mounts or something?
<samba35> can you please tell me how do i restart network service in 14.04.1?
<GTRsdk> samba35, service networking restart ?
<Abhijit> samba35, service networking restart
<Abhijit> :-z
<samba35> yes ,its not working
<Abhijit> samba35, what error it gives?
<samba35> stop: Job failed while stopping
<samba35> start: Job is already running: networking but some time out put is null but change are not effective
<GTRsdk> ikonia, strangely it doesn't show up in my /proc/mounts
<ikonia> GTRsdk: what is that strange
<ikonia> why
<GTRsdk> ikonia, I was expecting it to be either there or /etc/fstab
<ikonia> why ?
<GTRsdk> ikonia, I have no idea where else it would be
<GTRsdk> But I can't exactly check anymore... just powered off the system
<ikonia> GTRsdk: yeah bit late now after your messing around in other channels cross-posting as you don't want to say "I don't know"
<ikonia> good luck
<GTRsdk> I literally just said I have no idea where else it would be
<ikonia> GTRsdk: no you didn't
<GTRsdk> I am 90% sure it is tmpfs
<ikonia> you just said it after I called you out in another channel for trying to dodge the question as you didn't know the answer
<ikonia> and you are %0 certain
<sorvin> Hi all. Anyone has any experience with preseeding? Whatever I try, I can't seem to generate a file that yields a completely automated installation process. It always pauses for hostname, for example. I tried using the preseed-example template from ubuntu docs, and it doesn't really work well. Any thoughts? thanks!
<AtuM> sorvin, I have "some" experience.. http://linux.opm.si/programska-oprema/ubuntu-14-04-network-install  -> I've spent a lot of time testing different parameters.. mine is not a completely automated, but you might find some clues for your needs
<AtuM> soren, this is only to give you some insight into where you might want to put parameters for install...
<sorvin> thanks a lot!
<Nivex> arrrghhh: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1344762
<uvirtbot> Launchpad bug 1344762 in update-notifier "update-notifier tells me to upgrade from 12.04.4 LTS to 14.04 LTS (because of HWE), but that release is not found" [Undecided,Confirmed]
<Kunzem> Good day.
<Kunzem1983> Good day Ubuntu gurus. I'm new to Ubuntu server and have stumbled on a wierd problem which i'm not finding help from google and don't know quite how to explain. i used nano to edit ssh_config to check if password authentication is set on yes. then used ctrl x to exit . I now have a > sign to type in commands but it doens't seem to accept any commands. if i enter a command it lists all the commands i tried ? how do i get back to entering commands
<Nivex> Try Ctrl-D
<Nivex> sounds like something got quoted oddly and that should break you back out to bash with a "Unexpected EOF"
<Nivex> (except in this case we expect it since we just typed it :)
<Kunzem1983> thanks i tried this on my virtual box with ubuntu server and it got me back login prompt
<Kunzem1983> will give it a go on live server quick
<Kunzem1983> Thanks Nivex , just what i needed :)
<Nivex> bug was updated. The ambiguous "soon" :/
<Nivex> so much for planning
<weeb1e> I am trying to install cacti on the latest ubuntu server LTS, but everytime I use apt-get, it installs apache2 as well. If I remove apache2, it removes cacti. How can I install cacti without apache2?
<jrwren_> that is called a dependency.
<jrwren_> apparently, the cacti package depends on apache2
<jrwren_> hrm, but its only listed as a recommends, not as a dependency: apache2 | lighttpd | nginx | httpd
<jrwren_> when you run apt-get install, use the --no-install-recommends option?
<ogra_> weeb1e, apt-cache show cacti|grep Recommends
<weeb1e> jrwren_: It is a bug, which was supposed to be fixed 5 years ago, https://bugs.launchpad.net/ubuntu/+source/cacti/+bug/217591
<uvirtbot> Launchpad bug 217591 in cacti "wrong dependency" [Medium,Fix released]
<weeb1e> Clearly it is not fixed
<ogra_> there are other alternatives you can use but it seems to want a webserver
<weeb1e> So the easiest solution would be to leave apache2 installed, but disable it from ever starting
<ogra_> (or you can disable recommends altogether during install)(
<ogra_> like jrwren_ said already
<weeb1e> Oh I missed that, sorry
<weeb1e> I did not know about "recommends"
<weeb1e> I will try that now
<jrwren_> weeb1e: oh yeah, there it is. an unfixed bug.  Be sure to click the "does this bug affect you?"
<genii> weeb1e: apt-get -o APT::Install-Recommends=0        ...is the syntax
<weeb1e> No wonder I didn't know about that, what an unintuitive syntax :P
<jrwren_> its in the man page as --no-install-recommends which should do the same thing, but as I've never used that option, I cannot say if the manpage is correct.
<genii> jrwren_: I usually use the syntax I gave above, this way you modify any variable which is reported by apt-config dump
<ogra_> it is correct :)
 * ogra_ uses --no-install-recommends quite often
<ogra_> (and thinks like the ubuntu phones totally depend on it...)
<lordievader> Good evening.
<jrwren_> weeb1e: the requires is libapache2-mod-php5 | php5
<jrwren_> that means OR
<jrwren_> so if you install php5 package, that fulfils that dep, then it will not try to install libapache2-mod-php5
<jrwren_> so... not a bug, but you have to know how to work around it.
<weeb1e> Sorry, I'm going to try use that shortly
<weeb1e> I just found out that my house got broken into today :(
<weeb1e> --no-install-recommends does not appear to work
<weeb1e> Neither does "apt-get -o APT::Install-Recommends=0 install cacti cacti-spine"
<weeb1e> genii: Any other ideas?
<weeb1e> Before I just disable apache and leave it installed
<weeb1e> Oh, again I missed what jrwren_ said. I'll try install php5 first
 * genii makes more coffee
<weeb1e> Installing php5 installs apache2
<weeb1e> So no, that is not an option either
<weeb1e> It feels like I'm going round in circles now
<weeb1e> I'm just going to find a way of disabling apache2 and be done with it
<jrwren_> no wait! :)
<jrwren_> what webserver are you using?
<weeb1e> I've installed and removed apache2 and cacti more than 10 times now, I have a ton to install and cannot continue to waste time like this
<weeb1e> jrwren_: Nginx
<jrwren_> so apt-get install php5-fpm php5 cacti
<jrwren_> that should meet the deps you need.
<jrwren_> I did apt-cache show php5, to see what it Depends:, and the first listed is libapache2-php which is of course going to then pull apache, but its an or expression with a few ways to meet the dep.
<jrwren_> you'll likely be using fpm?
<weeb1e> Yeah I will need fpm installed too
<weeb1e> I will try that, one last attempt
<weeb1e> jrwren_: Now the apache2 package is not installed, but /usr/sbin/apache2 exists
<weeb1e> Strange
<weeb1e> I guess that is better than having the package installed, thanks
<arrrghhh> Nivex, what's interesting about that bug you linked... is I got the same message, on a VM I built for testing 12.04.4 --> 14.04.1
<arrrghhh> but I don't get that message on my physical "production" server if you will.
<jrwren_> weeb1e: dpkg -S /usr/sbin/apache2 should tell you which package put that binary there.
<jrwren_> weeb1e: apache-bin package. you can likely apt-get remove that.
<weeb1e> Alright, yeah that does seem to be the case
<weeb1e> I have not installed apache2 on a box in like 7 years, so all this is new to me
<weeb1e> Which now seems like an accomplishment, considering how much stuff depends on it
<omps> Hi
<jrwren_> weeb1e: its too bad alt dep management isn't a bit easier, but i guess its a tiny learning curve
<arrrghhh> Nivex, ok there's some issue which I'm not quite understanding.  My net new install 12.04.4 came with 3.11 kernel so it gave me the HWE message.  My physical 'production' server has always been using the 3.2 series kernel, which is not running HWE at all evidently.
<Nivex> Yep. If you installed from .0, you have to add HWE manually. If you installed from .1 or later you get the HWE that was current at the time of release.
<Nivex> You still have to manually walk it up from wherever you started. My server is running 3.8 (lts-raring)
<arrrghhh> ok
<arrrghhh> ya I haven't really touched the kernel on my server, so it's still on 3.2
<Nivex> I guess we're right back to "I hate waiting."
<arrrghhh> lol.  yep!
<smoser> hallyn, would this be expected to work:
<smoser>  lxc-create -t ubuntu-cloud --name=sm1 -- --release=trusty --arch=amd64
<smoser>  http://paste.ubuntu.com/7888316/
<hallyn> smoser: I don't remember whether ubuntu-cloud was properly converted in the end or not.  I thought it had been
<smoser> hallyn, download doest work either there.
<hallyn> smoser: you need to create your .config/lxc/default.conf
<hallyn> ubuntu-cloud works fine for me unprivileged
<hallyn> you need your lxc.id_map entries
<smoser> right. i see that now.
<smoser>  https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/
<smoser> a DTRT util would be nice ther.
<hallyn> I've thought about writing a shorter sipler howto
<smoser> and a reference to such from the error.
<smoser> :)
<hallyn> well if we try to automate it too much we'll encourage unsafe reuse of idmaps
<hallyn> i automated it that way for lxc-usernsexec bc there it doesnt' matter (it's a toy)
<hallyn> but i don't want lxc-create using defaults if you didn't create any
<hallyn> now maybe skel can do it?
<hallyn> so when user is created, and homedir is filled in, it creates yoru lxc.conf according to your new subuid?
<hallyn> eh, still too general
<hallyn> i'm open to ideas
<hallyn> perhaps a good thing to discuss at the sprint in august
<stgraber> I haven't spent time trying to make this simpler because realistically we can't do it without any user interaction in a safe way
<smoser> i dont know what is unsafe
<hallyn> "it depends" :)
<stgraber> I'm not too concerned about pulling the uid/gid ranges from /etc/sub{uid|gid}, that part is probably fine for 99.9% of our users, the concern is about giving veth quota by default to users
<hallyn> which is why we haven't automated it
<smoser> shadow added my user to /etc/sub[ug]id
<smoser> ok. that seems quite rasonable.
<stgraber> we could however have LXC detect those cases and spit out an helpful error message
<hallyn> right, shadow gives you a arange - but we dont' know how you should use that range
<hallyn> our error message is helpful IMO
<stgraber> as we already did with a few of the other usual unprivileged containers problems (missing permissions and such)
<hallyn> http://paste.ubuntu.com/7888316/
<stgraber> hallyn: "Missing uid/gid map, to run a container as an unprivileged user you need to have lxc.id_map set for the container. Your user currently owns the following ranges: ... so you can set xyz in ~/.config/lxc/lxc.conf. Read more in lxc.container.conf" would be more useful :)
<stgraber> hallyn: so you can do lxc-start, it fails, you edit .config/lxc/default.conf, copy/paste, done
<stgraber> (and yeah, s/lxc.conf/default.conf/ above)
<stgraber> with the suggested config being something like (but with the right ranges pulled from /etc):
<stgraber> lxc.include = /etc/lxc/default.conf
<stgraber> lxc.id_map = u 0 100000 65536
<stgraber> lxc.id_map = g 0 100000 65536
<stgraber> and we should also detect the missing lxc-usernet allocation case and give a better hint than "Quota exhausted" or whatever we return currently ;)
<smoser> what logic was used to add default user 'ubuntu' to /etc/lxc/lxc-usernet ?
<hallyn> that's not done automatically
<hallyn> stgraber: I'll ack a patch liek that if you can get someone to write it :)  for today, i've finally got a usable list of subvolumes->parents so I can now impelment the actual recursive subvolume deletion
<hallyn> the secret?  well, silly, sh->offset is actually the object id of the parent of a subvolume.
<f-a-h-a-d> hi guys, for testing reasons i needed to deploy ubuntu maas+juju+Openstack on a network of some virtual and some real servers ... What is the best way to begin with?
<sarnold> f-a-h-a-d: I've used this as a _guide_ when doing maas testing entirely in a virtual environment: http://bazaar.launchpad.net/~smoser/maas/maas-pkg-test/view/head:/maas-ephemeral-test-precise.txt -- it might also be a useful guide for you, but be aware that mixing virtual with physical may add more complications
<f-a-h-a-d> sarnold: what complications?
<sarnold> f-a-h-a-d: you'd have to understand the ethernet bridging a good deal better than I do :)
<f-a-h-a-d> sarnold: i doubt that :)  but thanks bro
<sarnold> f-a-h-a-d: hehe :) have fun
#ubuntu-server 2014-07-29
<TDJACR> Does anyone have experience installing on Lenovo's machines with Software RAID? The install keeps failing during grub-install.
<xnox> TDJACR: how large is your RAID in size?
<TDJACR> xnox: It's 6TB, software raid. I wish I could disable it (and use mdadm instead), but it won't boot unless it is used.
<xnox> TDJACR: MBR and bios grub has limit of 2TB
<xnox> TDJACR: make sure your /boot is on a separate partition, which ends << first 2TB
<xnox> TDJACR: or make sure you are using UEFI boot.
<TDJACR> xnox: I tried with EFI too, but the system wouldn't add the EFI boot option...
<TDJACR> On both CentOS and Ubuntu
<TDJACR> =/
<xnox> TDJACR: right, i've had that with a few raids.
<xnox> TDJACR: so yeah, have you been using separate /boot ?
<TDJACR> xnox: Nope, but I will try that and legacy boot again
<xnox> TDJACR: make sure you have "biosgrub" partition first, then "/boot" (e.g. 500 MB) and then whatever else, e.g. "/" for all remaining portion of the raid array.
<TDJACR> xnox: How big should the biosgrub partition be, and how should it be specified in the install?
<xnox> TDJACR: in the manual partitioning, just create partitions as needed. biosgrub is just for the overflow of things that don't fit in the MBR, ie. kBs, make it 10MB
<TDJACR> xnox: So I'm leaving it unallocated?
<xnox> TDJACR: no.
<xnox> TDJACR: in the partitioner one marks it as of special type for biosgrub..... although let me check that. Maybe it's done behind the scenes with no UI.
<TDJACR> Okay, that makes sense.
<xnox> it's like "swap" but different =)
<TDJACR> Alright, I'll give that a try
<TDJACR> Trying now, thanks.
<xnox> TDJACR: hm, biosgrub type of partition is not offered to me in the installer, that's weird. But this is mbr without gpt, maybe with 6TB it will be using gpt and then offer it. If not do leave out space before first partition then.
<xnox> TDJACR: good night and good luck
<TDJACR> Thanks xnox
<toyotapie> I need someone to run an nmap command for me, the command would be this : nmap -F -T5 -Pn -sS -v x.x.x.196-222. And pm me the results. I can't do it because all my computers are on 'trusted' networks.
<toyotapie> oops
<toyotapie> nmap -F -Pn -sS -v x.x.x.196-222
<toyotapie> I'd PM you the IP.
<toyotapie> and PM me the results :)
<jrwren_> i'll do it.
<Patrickdk> there are websties that do this :)
<toyotapie> jrwren_, I PMed my IP.
<toyotapie> I tried a few, but they don't seem to work
<`ajven> Hi, got problem with my eth0 card, i dont know why its not running on system start. Any idea what can be wrong ?
<`ajven> how to make sh script autostart on systemboot ?
<jpds> `ajven: Your /etc/network/interfaces file is broken.
<mlap> hello. I am doing a dhcp server on my ubuntu computer using dnsmasq. For this I have disabled dnsmasq in networkmanager  and everything works as expected. The only problem is that i cannot make dnsmasq start at bootup. How can I debug this problem?
<jacobw> man updaterc.d
<jacobw> Sorry, update-rc.d even.
<jacobw> updaterc.d dnsmasq defaults
<mlap> the links already exist but dnsmasq reports an error that the interfaces do not yet exist
<jacobw> Hmm, it sounds like the job to start dnsmasq is being done before the job to start network interfaces
<mlap> i supposed so, but i dont have the knowledge to debug this problem
<mlap> I assumed that the dnsmasq package does the update-rc.d stuff so that this issue is taken into account
<mlap> and I recall that in my previous works dnsmasq worked out of the box
<mlap> but I dont know why it does not now
<jacobw> Ok, can you try using `update-rc.d dnsmasq disable` then `update-rc.d dnsmasq enable 5` to start dnsmasq on runlevel 5 only.
<mlap> there are no logfiles in /var/log/upstart/ for dnsmasq
<jacobw> Which version of Ubuntu are you using?
<mlap> 14.04
<mlap> and its desktop - please dont bash me -> the desktop people sent me here despite that fact
<mlap> I'll try and reboot now  with that enable 5 thing
<mlap> brb
<jacobw> Make sure to disable first, please.
<mlap_> didn't work
<jacobw> Ok, did you disable first?
<mlap_> yes
<mlap_> i issued those two commands and then restarted
<jacobw> Where do you see the error message? Can you paste the error message in full?
<jacobw> !paste
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<mlap_> ill try to get the error message again
<mlap_> the problem is taht i don't remeber where I  found it -> I tried fixing the problem some time ago and just came back to it
<mlap> ok. I rebooted and checked syslog
<mlap> these two lines are relevant: http://paste.ubuntu.com/7893428/
<mlap> I have got three network interfaces - eth0 (pci network card) eth1 (motherboard card) and wlan0 (usb adapter)
<mlap> i command dnsmasq to work on the eth1 interface
<mlap> heres the log from the whole boot. The error is at 1151
<mlap> http://paste.ubuntu.com/7893466/
<mlap> it kind of starts in parallel with networkmanager and is always a little bit earlier? Below theres some networkmanager eth1 related stuff
<rbasak> smoser: please could you triage 1341710 for cloud-init? Looks valid to me.
<hasdf> hi
<hasdf> I upgraded my server to 14.04. After the upgrade finished the server asked to restart but never came up again. How do I get it up again? (I have no physical access and each hour of a virtual keyboard at my hoster costs money)
<cfhowlett> !server | hasdf better ask in other channel perhaps
<ubottu> hasdf better ask in other channel perhaps: Ubuntu Server Edition is a release of Ubuntu designed especially for server environments, including a server specific !kernel and no !GUI. The install CD contains many server applications. Current !LTS version is !Trusty (Trusty Tahr 14.04) - More info: http://www.ubuntu.com/products/whatisubuntu/serveredition - Guide: https://help.ubuntu.com/12.04/serverguide/C/ - Support in #ubuntu-server
<hasdf> cfhowlett, I am in #ubuntu-server? Or does my irc-client lie to me?=
<cfhowlett> hasdf doh!  never mind.  too many tabs.
<rbasak> hasdf: that depends on why it's broken. I'm not sure anybody on IRC can figure that out without knowing what it says on the screen - sorry!
<hasdf> my question is more: what would be the next steps?
<hasdf> to find out what is wrong
<hasdf> because I don't want to pay my hoster for a virtual keyboard and then not know what to do
<rbasak> hasdf: it might actually minimise your costs to pay somebody for support to help you with what to do, if that leads to a faster resolution.
<rbasak> hasdf: (since you hardly get an SLA on IRC)
<rbasak> Or switch to a hosting company that doesn't charge for remote access to the console.
<hasdf> ok, thanks
<hasdf> If it doesn't boot up it's most likely a problem with grub isn't it?
<hasdf> or sshd doesn't start (but why shouldn't it)
<rbasak> Could be, yes.
<rbasak> How did it get installed in the first place?
<rbasak> IIRC, there is a class of grub bugs that occurs on upgrade, if it wasn't installed correctly originally.
<freezevee> I am running VBoxHeadless --startvm "Ubuntu server 12.04LTS #1" --vrdp=off  in an ubuntu server to start my vm but it reserves a terminal window. IS there ay way to let it run in the background ?
<pmatulis> morning
<zartoosh> hi  does ubuntu 14.01 update has new kernel version?
<bekks> zartoosh: there is no 14.01, but 14.04.1 only. And most likely it ships with a new version, not a new release.
<rbasak> zartoosh: bugfixes only. You'll see a new kernel with 14.04.2, which will have an HWE kernel backported from Utopic.
<zartoosh> thanks
<zartoosh> hi I would like to know if there is an application that can list the name of the packages installed on my system? thx
<bekks> zartoosh: dpkg -l
<zartoosh> bekks, thx
<zetheroo> just wondering if there has been any progress on the release for a fix of the 3.13 Ubuntu kernel issue .. ?
<rbasak> What issue?
<zetheroo> the issue in 14.04 which makes me have to disable KSM on my KVM hosts
<rbasak> Ah. Check in the bug, maybe?
<rbasak> Else you can ask in the weekly server team meeting.
<zetheroo> I am not sure which is "the" bug ...
<zetheroo> there is this one: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1341195
<uvirtbot> Launchpad bug 1341195 in linux "KVM guests getting slow by time" [High,Incomplete]
<zetheroo> but maybe this is not "the" one!?
<rbasak> zetheroo: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1346917 maybe?
<uvirtbot> Launchpad bug 1346917 in linux "Using KSM on NUMA capable machines can cause KVM guest performance and stability issues" [High,Fix committed]
<zetheroo> thanks
<jeffreylevesque> i have ubuntu server 14.04..  I cloned a project into the '/var/www/` directory.  But, when I goto the browser, I cannot access the 'index.php' page
<rbasak> jeffreylevesque: the default document root has changed to /var/www/html. See https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes#Apache_2.4
<rbasak> Looks like there'a broken link there
<rbasak> apache2.NEWS as shipped in /usr/share/doc/apache2/ anyway
<blaaa> a lot of dovecot's sub-executables do not have apparmor profiles, afaik these are available and IMHO it does not really make sense to ship haf-baked/partial profiles for a programme, even if some customization is usually needed anyway
<jdstrand> blaaa: dovecot profiles are in the apparmor-profiles package. those aren't shipped by default and are considered example profiles
<blaaa> jdstrand: OK, clear, I'll remove that package then and roll my own profiles. Mabye the  description of apparmor-profiles should be adapted a bit, to make it clearer not to expect too much
<blaaa> which is fine by the way., creating own profiles should not be too much of an issue, at least when the aa-tools are working, which is a bit of a poblem on 14.04 right now
<jdstrand> yes, that is known. fixes will be coming, but profiling by hand will always work
<bitfury> !info aide
<ubottu> aide (source: aide): Advanced Intrusion Detection Environment - static binary. In component main, is optional. Version 0.16~a2.git20130520-2 (trusty), package size 499 kB, installed size 1356 kB
<blaaa> true, just a bit of a chore sometimes. But fortunately only need do it onxce
<bitfury> hey guys, what's the difference between using 'sudo stop mysql' and '/etc/init.d/mysql stop' ?
<bitfury> I noticed that when using the latter it stopped the mysql socket from listening but kept all mysql processes running
<lordievader> Good afternoon.
<pmatulis> bitfury: upstart vs sysvinit
<bitfury> I had to use 'sudo stop mysql'
<bitfury> pmatulis: got it, thank you. using init.d/mysql stop should've yielded the same results though right?
<pmatulis> bitfury: not necessarily.  what Ubuntu release are you using?
<rbasak> bitfury: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1273462
<uvirtbot> Launchpad bug 1273462 in lsb "Users can mistakenly run init.d scripts and cause problems if an equivalent upstart job already exists" [High,Confirmed]
<rbasak> bitfury: in other words, it's safest to *never* call /etc/init.d/X
<rbasak> Always use the service wrapper.
<rbasak> "sudo service mysql stop"
<rbasak> Unless you're absolutely sure which init system is in use.
<rbasak> And the correct thing to do for that particular release.
<bitfury> got it, thank you rbasak
<smoser> stgraber, hallyn fwiw, i did: lxc-userns-setup at https://gist.github.com/smoser/49444542158f2e5f88f1
<toyotapie> if I use ngrep to monitor a network card, should I see packets destined for other IPs on the same switch ?
<smoser> probably not
<smoser> likely the switch would not send you traffic not for your mac.
<smoser> a "hub" would do that. but i dont know that you can even buy one of those.
<bekks> toyotapie: Not as long as you dont use promiscious mode.
<mgw> I'm working on configuring a netboot installer and am trying to understand the process better. I've got the dchp server configured with next-server, and have tftpd-hpa set up. My system is getting as far as looking for the installation media. Is 'mini.iso' the installer?
<hallyn> smoser: you don't want to shut down the contaienr when done?
<smoser> hallyn, the first thing is 'lcx-chroot'. i was pointing at second. (lxc-userns-setup)
<smoser> regarding shutting down the container, it does that in cleanup (on trap EXIT)
<hallyn> ah
<smoser> the lxc-userns-setup just basically adds the .config/lxc/default.conf and adds user to /etc/lxc/lxc-usernet if not htere.
<jrwren_> toyotapie: you need to use a managed switch and put that port into monitor mode. also, "other ips on the same switch" is nonsensical. switches operate at layer2.
<mgw> smoser: is lxc-userns-setup new?
<hallyn> ok, will i don't feel like working on th eother two windows i have open, so lemme try a patch to give more helpful error on no-userns
<smoser> mgw, new in that i just put it together. not new in that it is nothing not described at https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/
<hallyn> smoser: you could simply copy /etc/lxc/default.conf to get the system-defined default networking...
<smoser> the point of it is that i just want to run one program and be able to then run 'lxc-create -t ....'
<mgw> smoser: thanks, yeah... I've used stgraber's directions already
<mgw> I was just curious as I did not see it on my system :-)
<smoser> hallyn, yeah. getting the bridge from there woudl be good.
<stgraber> hallyn: or use "lxc.include = /etc/lxc/default.conf"
<smoser> i was just goign to ask that.
<smoser> if i could #include
<smoser> cool
<jrwren_> toyotapie: another option is arp spoofing ;]
<mgw> I'm trying to get a minimal netinstall working... what are the files from http://archive.ubuntu.com/ubuntu/dists/trusty/main/installer-amd64/current/images/netboot/ that I absolutely need for an unattended install? I have a custom pxelinux.cfg that points to a preseed on an http server.
<mgw> this is my cfg https://gist.github.com/mgwilliams/e56a131bcdffce384a7b, but I'm not sure whether the ks= is needed. On my old setup that ks file points to a full install media location
<mgw> but I want to do the installs via apt (I have a caching proxy)
<bekks> mgw: For a kickstart file, you need the ks= parameter. For a preseed file you need a preseed/url or preseed/file parameter.
<mgw> bekks -- so do i not need ks= at all if I have preseed?
<bekks> mgw: And their is no such thing as a "kickstart full install location". The kickstart/preseed file determines what is going to be installed and what not.
<mgw> ok, so I'm not sure what I used to have :-) it works, but I think it's rather convoluted
<bekks> Just configure your kickstart file to install what you want.
<mgw> and I can avoid http altogether by using preseed/file, correct?
<mgw> and serve the preseed over tftp
<mgw> I'm getting the bekks: something like this? https://gist.github.com/mgwilliams/e56a131bcdffce384a7b
<mgw> with that file in by tftpboot dir
<paco1> hi folks!
<paco1> i have a new issue
<kickinz1> o/
<RoyK> !ask | paco1
<ubottu> paco1: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<paco1> when i boot my server DELL poweredge 720, with 4 broadcom netxtrem BCM5720 (driver tg3), ubuntu 14.04 lts don't up the eth0 and eth1 interfaces
<mgw> bekks: I'm still getting stuck on "searching drives for an installer ISO image"
<mgw> Does this mean it's not getting my prseed?
<RoyK> paco1: pastebin ifconfig -a
<bekks> mgw: It doesnt find the ISO to be booted.
<mgw> bekks: i'm trying to figure out where it's looking for that iso
<mgw> i dropped into busybox and it looks like there's no networking set up
<arrrghhh> Nivex, so no real response to the launchpad bug yet... is there nothing else we can do, just wait?
<arrrghhh> (I hate waiting too :P)
<RoyK> paco1: ?
<patdk-wk> paco1, heh? you actually have eth0 and eth1 interfaces?
<RoyK> patdk-wk: why do you think I asked him for the ifconfig -a output? ;)
<patdk-wk> didn't see that
<patdk-wk> was way too many lines away :)
<RoyK> hehe
<Nivex> arrrghhh: I suppose we could ask at the Ubuntu Engineering Live! hangout tomorrow at 1400x
<Nivex> *1400z
<arrrghhh> Nivex, haha yes let's troll them :P
<Nivex> I'm not a fan of trolling. I'm interested to know what challenges remain in making that upgrade path possible.
<arrrghhh> Agreed, I wasn't serious about trolling them...
<arrrghhh> although I always do feel a bit trollish asking for ETA's on anything
<arrrghhh> they just usually stick to the release schedule pretty closely...
<mgw> where does the pxe linux look for the installer iso?
<Nivex> arrrghhh: it made it on to askubuntu too  http://askubuntu.com/questions/502886/ubuntu-12-04-4-lts-to-14-04-1-lts-upgrade-no-new-release-found
<arrrghhh> mgw, I think you can define it in the dhcpd conf... I had a dream of setting up a pxe server but never got around to finishing.
<arrrghhh> here's an article I found which was going to be the setup I wanted - https://help.ubuntu.com/community/PXEInstallMultiDistro
<arrrghhh> Nivex, lol the responses... I gotta quell the thought that it could be "random"
<arrrghhh> er, can't comment.  oh well
<mgw> I think my immediate problem is it's not grabbing the preseed b/c networking is not up, and I can't figure out why.
<arrrghhh> Ya I think at some point I will resume trying to do a pxe server... but at the moment my need for that is not so great.
<Nivex> ugh, maybe I don't want to upgrade: http://sebastian.marsching.com/blog/archives/134-Linux-KVM-Problems-with-Ubuntu-14.04-LTS-Kernel-3.13.0-30.html
<patdk-wk> normally, pxe doesn't look for the iso anywhere
<patdk-wk> arrrghhh, this issue:
<patdk-wk> do-release-upgrade -c
<patdk-wk> Checking for a new Ubuntu release
<patdk-wk> No new release found
<arrrghhh> patdk-wk, yes
<arrrghhh> what's -c?
<arrrghhh> http://manpages.ubuntu.com/manpages/precise/man8/do-release-upgrade.8.html
<patdk-wk> check for upgrade
<arrrghhh> ah manpage isn't updated I spose
<arrrghhh>  -c, --check-dist-upgrade-only
<arrrghhh>                         Check only if a new distribution release is available
<arrrghhh>                         and report the result via the exit code
<arrrghhh> jeez that pasted like crap sorry
<RoyK> arrrghhh: interesting - can't find that flag in the 14.04.1 manpage
<arrrghhh> RoyK, do-release-upgrade -h has it.  I pasted the result, although badly.
<patdk-wk> dunno, it is in the 12.04 manpage
<jrwren> file a bug. man page is wrong.
<arrrghhh> patdk-wk, it's not, I just linked it.
<arrrghhh> but no biggie lol
<patdk-wk> well, there is the issue
<patdk-wk> http://changelogs.ubuntu.com/meta-release-lts
<patdk-wk> it's not listed
<Nivex> yes, we know. https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1344762
<uvirtbot> Launchpad bug 1344762 in update-notifier "update-notifier tells me to upgrade from 12.04.4 LTS to 14.04 LTS (because of HWE), but that release is not found" [Undecided,Confirmed]
<Nivex> Noone is saying why that hasn't been updated yet.
<patdk-wk> ittakes so long to read bug reports :)
<arrrghhh> patdk-wk, that's what we're wondering - why hasn't that been updated
<Nivex> only that it will happen "soon"
<patdk-wk> odd, I had assumed it would happen when 14.04.1 was released, like the other lts versions
<arrrghhh> patdk-wk, indeed... that's why we're thinking some bug is preventing it from happening - but we're not sure what.
<patdk-wk> well, there was a delayed lbuntu release
<patdk-wk> butthat is long past
<patdk-wk> most all of my systems I upgraded months ago though
<arrrghhh> I've been waiting for the .1 release on my production rig...
<toyotapie> Here is my interfaces file for my kvm server : http://pastebin.com/bDtW415Y
<toyotapie> br0 is used by kvm to link vms to the network card. eth0 is my primary link, eth1 is my backup link.
<toyotapie> Will this configuration allow traffic to pass between eth0 and eth1? I think it shouldn't allow this, but I am not sure.
<rbasak> gnuoy, matsubara-lunch: sorry, for some reason I said that gnuoy will be chair for the next meeting, but actually it'll be matsubara.
<rbasak> I think I just forgot after getting confused. Apologies. No point trying to add corrections now I think.
<toyotapie> has anyone here ever used a bond interface with a bridge interface ?
<jrwren> toyotapie: it shouldn't bridge eth0 and eth1 as that is not how its configured.
<toyotapie> Ok. Thanks :). There is a loop on my network, and I wanted to make sure it wasn't the source. I was reasonably certain it wasn't, but a second opinion is always nice
<toyotapie> thanks
<Shutterstrom> Any idea how to solve this upgrade from ubuntu 12.04.4 LTS to 14.04.1 LTS
<Shutterstrom> $ do-release-upgrade
<Shutterstrom> Checking for a new Ubuntu release
<Shutterstrom> I do not what to have "$ do-release-upgrade -d"
<Nivex> Shutterstrom: That has been a topic of discussion in here for a few days. Noone knows when they are going to allow the updates other than "soon"
<sarnold> Shutterstrom: I believe there was a kitten-killer upgrade bug that was annoying enough that the upgrade isn't yet being  offered..
<Shutterstrom> Nivex: Alright, so the upgrade is delayed?
<Shutterstrom> I read something about Grub issues.
<Nivex> we have no idea what the hold up is. just that it hasn't happened
<Shutterstrom> sarnold: Thanks! I just wondered if I was doing something wrong :)
<Shutterstrom> Nivex: Enough info for me. Thanks! :)
<Shutterstrom> Thanks for the info and have a great day!
<patdk-wk> heh, I posted the grub bug many months ago
<mgw> at what point in the boot process does the netinstall try to access the preseed file? And at what point is networking supposed to be up?
<hallyn> stgraber: ok so for the cgmanager/cgproxy systemd jobs, I'll just (a) assume systemd only runs on newer kernels, so never cgmanager+cgproxy;  then (b) use ConditionVirtualization = lxc | libvirt-lxc | systemd-nspawn in cgproxy (and inverse for cgmanager)
<bekks> mgw: Networking must be up and running.
<mgw> bekks: of course... but at what point in the boot process is it supposed to bring up networking?
<mgw> The installer is flaking on me with no interfaces configured
<mgw> I've scoured /var/log/syslog from busybox ash prompt
<bekks> mgw: So configure the interfaces - the exact point in time when the installer requires that is irrelevant. :)
<mgw> bekks: the whole point is it's supposed to configure it unattended
<mgw> this is for an unattended network installation (PXE)
<bekks> mgw: you cant use preseed to configure the network when you need the network to actually boot and get the preseed config.
<cdb23ax> hello, i have a problem with this simple traffic shaping command: tc qdisc add dev eth0 root tbf rate 2048kbit latency 20ms burst 1540
<mgw> I've tried stuff like interface=auto in the kernel options, but that does not help
<bekks> mgw: "interface=auto" is a wrong syntax.
<mgw> bekks: that's obvious... I'm trying to figure out what is going wrong though that it can't get the preseed
<mgw> bekks: there seems to be a lot of contradictory information online about how those kernel params are supposed to be formulated
<bekks> mgw: which "kernel parameters"?
<cdb23ax> The default route from my cisco router goes through an Ubuntu-Server. On the Ubuntu-Server on eth0 i added that script, but i wonder why my Cisco only has 2Mbit of Upload and still 4mbit Download
<cdb23ax> can someone explain?
<mgw> preseed/url, interfaces, auto, etc
<mgw> that go on the append line of the pxelinux cfg
<bekks> mgw: interfaces and auto arent kernel parameters, preseed/url=http://... is
<cdb23ax> I mean the default route goes through an gre tunnel which is my ubuntu server on the other end
<mgw> bekks: it is my understanding that interfaces is an alias for netcfg/choose_interface
<mgw> is that wrong?
<bekks> mgw: you are mixing up preseed configuration paramaters and kernel parameters.
<bekks> mgw: Using PXE, you cannot configure the network using preseed later on.
<mgw> bekks: I'm basing my command line off this assumption: "  If a preconfiguration file cannot be used to preseed some steps, the install can still be fully automated, since you can pass preseed values on the command line when booting the installer.  "
<bekks> mgw: thats a wrong assumption :)
<mgw> ok, so ubuntu is different than debian in this regard?
<bekks> mgw: That assumption is wrong on debian as well ;)
<mgw> ok, do you suggest somewhere other than official docs to get info?
<bekks> Nope, thats just my experience.
<mgw> bekks: what boot params do you use to get network to auto configure?
<bekks> I am using a plain dhcp server and preseed/url=http://...  - nothing else.
<bekks> And for the sake of convience, since preseed is pretty painful, I am using kickstart.
<mgw> Has anyone here successfully used the boot parameters to preseed, as described here: https://help.ubuntu.com/14.04/installation-guide/amd64/apbs02.html#preseed-bootparms
<bekks> What would happen if someone did?
<mgw> bekks: I'm looking for help, so maybe such a person could help me?
<bekks> mgw: then it would be more targetting to show your configuration and describe the error as detailed as possible.
<mgw> bekks: I've done that already, remember?
<pmatulis> mgw: what error are you seeing?
<bekks> Did you pastebin both the pxe config and the pressed file? Along with the full, exact error, not what you think the error is? :)
<bekks> *preseed
<mgw> pmatulis: the installer is booting successfully over tftp (using various permutations of this: https://gist.github.com/mgwilliams/e56a131bcdffce384a7b)
<mgw> but rather than pulling the preseed, it errors out trying to find install media on local drives
<mgw> when I drop into a shell and run 'ip addr', there is no interface configured
<mgw> pmatulis: sorry, that particular permutation is definitely bad
<mgw> I'm now using preseed/url=http://x.x.x.x/server-14.04.presed
<mgw> but it's never even trying to hit that url
<bekks> mgw: To make that clear - you are using that parameter in the kernel command line of your PXE booted ubuntu?
<mgw> yes, just as in the gist i posted
<mgw> but I"m using preseed/url rather than preseed/file -- I"ll update the gist, on second
<bekks> preseed/file uses a local file on the install media. preseed/url uses an URL.
<mgw> bekks: right
<pmatulis> mgw: that must be why it's not working
<mgw> pmatulis: this is what I"m currently using: https://gist.github.com/mgwilliams/da96bc073452db7b7f4d
<mgw> it's still looking for local install media rather than pulling the preseed
<bekks> And that file is reachable with a browser?
<mgw> yes
<mgw> but I can't ping from the shell  on busybox, of course
<bekks> Do you have a working DHCP in that setup?
<mgw> since ip addr shows no ips
<mgw> bekks: yes, that's how it gets the files from tftp to start with
<mgw> let me clarify: the machine that's running the installer is successfully getting an IP and PXE booting into the installer
<mgw> I can watch the tftp traffic onthe tfpt server
<mgw> I can see my kernel command line in syslog on the system that's running the installer
<bekks> Which network interface make and model do you use?
<mgw> but the system is not getting its networking configured or looking for the preseed
<mgw> The box is an HP ProLiant with Broadcom networking....
<pmatulis> mgw: i'm having difficulty parsing this: "I can see my kernel command line in syslog...".  you are viewing your logs on the system being installed and you see what?
<mgw> pmatuils: when I drop to a shell in the installer, I can cat /var/log/syslog
<pmatulis> yes, and?
<bekks> mgw: which make and model _exactly_? :)
<mgw> pmatulis: there I see a syslog entry including the kernel params
<mgw> one sec, i'll get a screen shot
<pmatulis> mgw: ah
<pmatulis> mgw: where did you get your kernel from?
<mgw> archive.ubuntu.com
<mgw> i'll grab the exact url in a sec
<pmatulis> mgw: specifically, thanks
<mgw> pmautils: http://archive.ubuntu.com/ubuntu/dists/trusty/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/
<bekks> mgw: Did you check wether that kernel supports your networking mae and model?
<mgw> bekks: are there known issues with 14.04 install media and fairly modern HP hardware?
<pmatulis> yeah, you might want to test on a virtual machine
<bekks> mgw: Would you please start answering my questions? :)
<pmatulis> a lot faster to boot as well during the maddening preseed phase
<pmatulis> 5 seconds vs 2 minutes prolly
<qman> Broadcom network cards frequently require loading extra firmware or other fiddling that can complicate things
<pmatulis> mgw: there are known issues with the *linux kernel* with any fairly modern hardware ;)
<qman> If you want NICs that "just work" with linux, your best bet is 2+ year old intel chips
<bekks> Good old Intel MT Server :)
<patdk-wk> PT :)
<patdk-wk> so many flavors
<mgw> pmatulis: FWIW, I previously used the precise netinstall just fine on here
<patdk-wk> i350 should be great :)
<mgw> so it would be a regression
<bekks> mgw: Which network interface make and model do you use _exactly_?
<patdk-wk> I wouldn't use mt's though
<mgw> bekks: the model is BCM5719 (rev 01)
<stgraber> hallyn: sounds reasonable
<mgw> make is Broadcom
<patdk-wk> bnxe sounds like
<pmatulis> mgw: are you saying your current preseed config works on 12.04 with exactly the same h/w?
<mgw> pmatulis: yes, the same preseed
<mgw> but the preseed is clearly not an issue here (yet) -- the preseed is never accessed from the http server
<pmatulis> mgw: with the same h/w??
<mgw> pmatulis: yes, the exact same system
<pmatulis> bloody hell why did you say so an hour ago?
<mgw> it currently has precise installed, and it was done from precise's netboot installer
<mgw> pmatulis: only so much data can be provided at once, sorry
<pmatulis> i suggest re-confirming.  exact same h/w with exact same preseed.  minus the different pointers to precise bits instead of trusty ones
<mgw> I mean, I *could* compile a complete history, including photographs of the hardware, before mentioning the issue ;-)
<bekks> I doubt that networking hardware will work out of the box.
<mgw> but it would with Precise you think?
<mgw> bekks: ^
<bekks> It wouldnt.
<mgw> hmm, well, it did
<mgw> i set up eight of them on precise
<bekks> Why dont you use the ubuntu server image?
<mgw> with no special drivers
<mgw> bekks: remotely?
<bekks> Sure. Using PXE.
<bekks> Or attach the ISO to the ILOM and boot it.
<bekks> Even easier than PXE.
<pmatulis> if you know how, sure
<mgw> is the kernel on ubuntu-server iso different than the one on archive.ubuntu.com?
<bekks> No, but the kernel on the netinstall thingy is much smaller than on the isos, for the sake of its size. And quite a lot of module are stripped off.
<qman> Looks like that one tuns the tg3 driver
<mgw> bekks: thanks, that's very useful information
<pmatulis> i had trouble with the Tigon stuff in the past
<mgw> does ubuntu.com or some mirror have an unpacked version of the server iso, where I can grab just the installer files?
<Nivex> you want PXE files or a mini ISO?
<Nivex> http://us.archive.ubuntu.com/ubuntu/dists/trusty/main/installer-amd64/current/images/netboot/
<Nivex> netboot.tar.gz or mini.iso
<mgw> Nivex: per pmatuils, that's a stripped down kernel
<mgw> I need what's found in the server iso's
<mgw> I can mount and extract the server ISO, but it would be slightly easier to just grab the specific files off ftp/http
<lenios> i don't know what you're talking about, but the packages of the server iso is available at http://releases.ubuntu.com/14.04/ubuntu-14.04-server-amd64.list. linux version is linux-image-3.13.0-24-generic_3.13.0-24.46
<lenios> the packages list*
<lenios> binary packages for this version are available there: https://launchpad.net/ubuntu/+source/linux/3.13.0-24.46/+build/5897692
<hallyn> smb: i assume it's far too late to be pinging you?
<jotterbot1234> hey guys, do virtual hosts in apache work differently under 14.04 then 12.04? I know it is a different apache version with some syntax
<jotterbot1234> but I can't get my server to resolve a site via IP *AND* a servername
<jotterbot1234> have never had this trouble before
<sarnold> jotterbot1234: do you have any errors in the error.log files for the main server or the virtual servres?
<jotterbot1234> no errors
<TJ-> jotterbot1234: Apache 2.4 has changed the configuration options, the release notes detail the changes
<sarnold> at least the access control primitives changed drastically, but I don't recall hearing about virtual server configuration changes
<jotterbot1234> I think the issue is the default and my virtual host are both matching , i read somewhere it will then match on name, hence 000-default.conf takes "precedence"
<Patrickdk> takes precenence?
<Patrickdk> since when do config files take precedence?
<Patrickdk> you didn't happen to have them named without .conf on the end did you?
<jotterbot1234> but, if my 000-default.conf file does not have a servername directive, i thought it would correctly resolve my virtual host
<jotterbot1234> I am trying to find the link i was using as a guide.
<jotterbot1234> Patrickdk: they all have .conf extensions
<TJ-> jotterbot1234: http://httpd.apache.org/docs/trunk/upgrading.html
<jotterbot1234> TJ-: cheers, will have a look
 * solarfly groans at upstart
<solarfly> holy crap. Step aside, there's some developers I need to kill.  Who wouldn't put a fully qualified path in an upstart script!
 * solarfly sighs
<solarfly> Nobody in this room, of course :)
 * sarnold backs out of the saloon
<pmatulis> heh heh
<z1haze> hello, would someone mind helping me setting up virtual machines on my server? i dont really know what im doing
#ubuntu-server 2014-07-30
<lutchy> Hello, what is the easiest way to reconfigure the network? I just convert a VDI to VDMK and I was hoping that Ubuntu 14.04LTS would figure things out during boot time...
<lutchy> People a sleep
<cfhowlett> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<lutchy> I didn't repeat the question :)
<lutchy> Anyway, it doesn't appear there's a way from the debian mailing list
<sarnold> lutchy: server stuff doesn't expect much changes; see /etc/network/interfaces for what you need to modify
<smb> hallyn, yes :)
<freezevee> I have a MAC OS X computer with two ubuntu-server-vm's in Virtualbox (doesn't really matter but I 'm just mentioning it). They are in the same subnet (192.168.56.4, 192.168.56.5) and they both have same kind of folder tree structure. The one is ubuntu 12.04 LTS and the other 14.04 LTS. How can I mirror my /var/www folder as is ?
<freezevee> I have read many things about rsync, will it work ?
<jamespage> freezevee, should do although I think the structure of /var/www changed a bit with apache24 in 14.04 - worth checking the 14.04 release notes
<freezevee> jamespage: thanks, I'll check this out. IS there any significant change ?
<jamespage> freezevee, nothing major but worth reading the upgrade notes for apache - https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes#Ubuntu_Server
<jamespage> the link to the package upgrade notes is bust
 * jamespage sighs
<apb1963> ummm... 2.4 is very different in regard to configs
<apb1963> or at least, different enough that it requires work to get it going.
<rbasak> jamespage: quick bit of advice on mysql, please?
<rbasak> jamespage: there are various bits that I'm looking at all at once, but I'm thinking of doing this more incrementally.
<rbasak> jamespage: so my plan is: 1) flip the bits to make 5.6 standalone (without depending on 5.5 binaries), including new mysql-common (with breaks/replaces the old one), etc.
<jamespage> rbasak, sure
<rbasak> 2) remove those bits on 5.5.
<rbasak> For both of these to hit the archive (I'll try a PPA first).
<rbasak> Then 3) analyse the Ubuntu delta and add apport, ufw as necessary.
<rbasak> 4) virtual-mysql-server etc.
<rbasak> This will mean that there will be a period that Utopic's mysql though functional will not be full featured.
<rbasak> How does this sound to you?
<rbasak> Or maybe I can stage this all in a PPA first.
<rbasak> Are there any other bits I'm missing here?
<jamespage> rbasak, I'd probably do the delta first and then transition
<bagel`> I'm running 14.04 and I ran apt-get update;apt-get upgrade -- one of the packages it wanted to update was grub. the machine is a software raid1 (with 2 TB x 2) so when it got to grub it asked me if i wanted to keep the local version of /etc/default/grub or if i wanted to overwrite with the maintainers version. so i chose to keep the local version. but now im at this prompt: http://i.imgur.com/HRtBgeK.png ? should i check box all 3 or just the last one
<jamespage> smoser, care to review https://code.launchpad.net/~james-page/software-properties/juno-support/+merge/228828 ?
<progre55> Hi guys. Any real-time log monitoring app recommentations that run commands on specific log occurrences? For instance, I want to monitor a log file, and send specific log lines to a redis cluster. Or what would be the best way to accomplish this?
<toyotapie> Is there a command or parameter to ifconfig I can use to see if a network card is being used to packet sniff ?
<toyotapie> I see that dmesg says "eth1 entered promiscous mode" but I don't see anything in ifconfig
<rbasak> progre55: logstash is pretty popular. I'm not sure how well it matches what you want though. And it requires Java, which seems pretty heavyweight to me.
<progre55> rbasak: logstash seems a bit too much for this simple task. I just want to monitor logs and execute a script if a line matches. I could write some bash script myself, but then it wouldnt be as flexible, and would end up with duplicate entries, etc on a restart or logrotate..
<rbasak> progre55: maybe rsyslog has something you can use?
<toyotapie> netstat -i only shows the P ( promiscious ) flag when I use 'ip link set eth0 promisc on', but both 'ip link set eth0 promisc on' and  'tcpdump -i eth0' generates a 'eth0 entered promiscous mode' in dmesg. What am I missing?
<toyotapie> Relevant discussion over at redhat https://bugzilla.redhat.com/show_bug.cgi?id=199979
<uvirtbot> toyotapie: Error: Could not parse XML returned by bugzilla.redhat.com: HTTP Error 404: Not Found
<toyotapie> found the solution. I ned to read from  /sys/class/net/[net_if]/flags
<toyotapie> and the definition for the flags are in ./include/linux/if.h in kernel source
<toyotapie> thanks guys :)
<progre55> rbasak: thanks, Iâll have a look at rsyslog
<smoser> jamespage, its fine with me other than i dont see why you'd drop the CA_ALLOW_CODENAME
<jamespage> smoser, ack - I'll tweak that back in
<weeb1e> Does anyone have any idea what could cause /proc/cpuinfo to report the wrong number of physical cores per CPU?
<weeb1e> model name      : Intel(R) Xeon(R) CPU           E5540  @ 2.53GHz
<weeb1e> cpu cores       : 2
<patdk-wk> weeb1e, since /proc/cpuinfo doesn't report physical cores, heh
<weeb1e> patdk-wk: It does
<patdk-wk> no, it doesn't
<weeb1e> I've already used `cat /proc/cpuinfo | grep "^cpu cores" | uniq` to measure physical cores
<weeb1e> On many different boxes in the past
<patdk-wk> so by your definition, a hyperthreaded cpu is a physical core?
<patdk-wk> and then, it gets really fucky on virtual systems
<patdk-wk> this is what one of my systems says
<patdk-wk> model name	: Intel(R) Xeon(R) CPU           E5345  @ 2.33GHz
<patdk-wk> cpu cores	: 2
<weeb1e> patdk-wk: Virtual cores can be measured with `cat /proc/cpuinfo | grep "^processor" | wc -l`, but since hyperthreading is disabled, that reports 8, which is the correct number of physical cores (2x4)
<patdk-wk> but it's actually running on a X5660 with 6 cores
<patdk-wk> and an E5345 has 4 cores
<weeb1e> Strange, perhaps that is not actually the command I used in the past
<patdk-wk> you sure your not running as a vm?
<patdk-wk> virt-what?
<weeb1e> patdk-wk: It's a barebone machine
<weeb1e> I do not use VMs
<patdk-wk> only thing I can guess then is
<patdk-wk> the bios disabled some cores
<weeb1e> That seems unlikely
<weeb1e> The host would have had to disable half the cores, instead of hyperthreading
<patdk-wk> depends, it's a bios option in every computer I own atleast
<patdk-wk> cores, 1, 2, all
<weeb1e> Making it hyperthreaded 2 core CPUs, instead of non hyperthreaded 4 core
<weeb1e> patdk-wk: Using `cat /proc/cpuinfo | grep "^cpu cores" | uniq` on a machine with 1 physical CPU, 4 physical cores + hyperthreading returns 4, which is the correct number of physical cores
<weeb1e> Doing the same on another box, which has no hyperthreading, 2 CPUs, each with 4 cores, returns 4
<weeb1e> So I have no idea why this new box is reporting 2 :/
<Nivex> arrrghhhAWAY: doh! I was off a week. No engineering hangout today.
<t4nk306> does anybody know how to install ubuntu server 14.04 offline?
<t4nk306> i keep getting asked to choose a mirror
<patdk-wk> depends on *how* your installing it
<t4nk306> how?
<patdk-wk> yes
<patdk-wk> netboot, pxe, iso, dvd, usb, ......
<t4nk306> i used USB
<t4nk306> but I've also used DVD in the past too
<patdk-wk> created from what? the a full dvd?
<patdk-wk> then you likely can just skip that
<patdk-wk> as it's just looking for updates
<t4nk306> i downloaded the ubuntu.14.04-amd-64.iso image
<t4nk306> and created a USB out of that
<t4nk306> it wouldn't let me skip it
<t4nk306> i'll try DVD again tomorrow
<arrrghhh> Nivex, ah so it's next week?
<Nivex> yeah. I think I may have found some of the holdup too: https://wiki.ubuntu.com/QATeam/ReleaseReports/TrustyPoint1TestingReport
<arrrghhh> I see a lot of -desktop issues... nothing server specific tho?
<Nivex> all the way at the bottom. update-manager
<arrrghhh> oh 1348067 update-manager crashed with TypeError: pulse() takes exactly 1 argument (2 given)
<arrrghhh> that one?
<patdk-wk> heh? it says *fixed/closed*
<patdk-wk> more likely is like 1347721 1347964
<jamespage> rbasak, smoser: http://people.canonical.com/~jamespage/server-sru/trusty-sru.html
<ploo_> how do i disable a service in ubuntu 14 server?
<sarnold> ploo_: if it has an upstart job, echo manual >> /etc/init/servicename.override  -- see http://upstart.ubuntu.com/cookbook/#override-files for details
<cdb23ax> hello, can someone explain howto traffic shape between two ubuntu servers which are connected via a gre tunnel? if i shape on ubuntu2 gre server the upload from ubuntu1 changes? can someone help?
<cdb23ax> but the uplaod from ubntu1 to ubuntu2 remains untouched?
<cdb23ax> *but the download from ubuntu1 to unbuntu2 remains untouched i mean
<cdb23ax> even if i setup on both side traffic shaping and shape upload to 512kbit its still 4mbit Download and 512kbit Upload on Ubuntu1
<cdb23ax> but i want 512kbit upload and 512kbit download on ubuntu1. how can i get this to work?
<patdk-wk> you can only shape outgoing traffic
<patdk-wk> attempts to shape incoming, is a best effort, and can't be reliable
<cdb23ax> patdk-wk yes, but if i enable nat on ubuntu2 then i can
<cdb23ax> why is it not possible without nat?
<patdk-wk> what does nat have to do with anything?
<patdk-wk> I thought we where talking about traffic shaping
<cdb23ax> look if i just enable iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE on ubuntu2 with the same rules as before then upload of ubuntu1 remains untouched but download goes down to 512kbit/s
<cdb23ax> nothing changed except the nat rule
<patdk-wk> there is more than *just* that nat rule
<patdk-wk> but since I can't see any of it
<patdk-wk> I cna't comment
<cdb23ax> trust me, i have only added the nat command above and all works
<patdk-wk> oh, I believe you *JUST* added it
<cdb23ax> but as soon as i delete nat the traffic shaping is reversed to upload instead of download
<patdk-wk> but I don't believe you understand how that interacts with everything else that was already there
<patdk-wk> cause that one line should have HUGE effects on the traffic shaping
<patdk-wk> depending on how you set it up
<patdk-wk> yes, cause the traffic shaping rules you setup, are likely *not what you really wanted*
<patdk-wk> but what you think you wanted
<cdb23ax> i just wanted that my stupid sdsl line dont get congested
<cdb23ax> because 1 downlaod destroys latency 600ms
<cdb23ax> it works perfectly with nat so that certain applications gets priorized but without my upload which cannot be possible gets priorized
<cdb23ax> and even the udp/tcp ports gets priorized correctly?!
<cdb23ax> so patdk-wk tell me how would you setup just a simple internet connection without congestion?
<patdk-wk> personally? using shorewall :)
<cdb23ax> i asked in some forums and they tell me to use tunnels
<patdk-wk> not by ucing tc by hand, too much work
<patdk-wk> tunnels?
<patdk-wk> I dunno what you want anymore
<cdb23ax> like vpn, ipsec, gre
<patdk-wk> at first it was gre traffic shaping
<patdk-wk> now it's internet traffic shaping
<patdk-wk> then it's tunnels
<patdk-wk> you should be shaping EVERYTHING
<cdb23ax> look 2 ubuntu server are connected via gre tunnels over the internet. ubuntu#1 is my home gateway
<patdk-wk> just shaping that single link between them, won't solve it
<patdk-wk> you need to shape everything
<cdb23ax> the default route from ubuntu1 goes through ubuntu2 over the gre tunnel. 1 static route from ubuntu1 to the wan ip from ubuntu2
<patdk-wk> is there a purpose you route everything over the gre tunnel?
<cdb23ax> yes to control that what the sender sends me
<cdb23ax> otherwise i dont have a single control point
<patdk-wk> you will need to setup shaping on both ends
<lazyPower>  With this latest MongoDB merge (the monolithic refactor to charmhelpers) could you run an openstack deploy using the trusty mongodb charm and validate we are indeed g2g for the openstack use cases? My prelim test just validates that the config is written using the public address - as i'm no domain expert in ceilometer, i want to make sure I'm not breaking the charm again.
<lazyPower> s/you/anyone
<patdk-wk> just setup proper shaping on each side
<cdb23ax> this is my shaping script i have added to each ubuntu server: http://pastebin.com/C4Scq2rz
<cdb23ax> so whats not correct here can you tell me?
<cdb23ax> instead of this dummy 10.0.x.x addresses my wan ips are there
<cdb23ax> i route a /29 subnet through the ubuntu2
<patdk-wk> I thought you wanted to limit to 4mbit?
<cdb23ax> no my connection is 4mbit/4mbit
<patdk-wk> so you should se tthe cap to like no more than 3.6mbit
<cdb23ax> and if i limit on both sides or shape then on my side its 4mbit/512kbit
<cdb23ax> the cap is set to 512kbit
<patdk-wk> the cap for what?
<cdb23ax> classid 1:24 sorry its 256kbit
<patdk-wk> exactly what did you TEST?
<cdb23ax> for the ip address
<cdb23ax> for my wan ip net
<patdk-wk> how exactly do you test an ip address?
<patdk-wk> normally it requires sending data
<patdk-wk> and you cant send data to an ip address
<patdk-wk> you can send it to a port though
<cdb23ax> tc class add dev eth0 parent 1:2 classid 1:24 htb rate 256kbit prio 2
<patdk-wk> your making this pretty damned hard
<cdb23ax> iptables -A POSTROUTING -t mangle -s 212.27.84.48/29 -j MARK --set-mark 24
<patdk-wk> why would you do that?
<cdb23ax> and as i said with nat enabled its set to 256kbit on that range
<cdb23ax> because i want to use this server for other things
<patdk-wk> as it should be
<cdb23ax> and if i download something the server wont have enough bandwidth
<patdk-wk> the source of your gre tunnel is in that ip range right?
<patdk-wk> so yes, it should be limited
<patdk-wk> what did you expect?
<patdk-wk> youtell it to limit it, it did
<cdb23ax> the remote address is in this range
<patdk-wk> all those iptable rules need to go
<patdk-wk> you should be shaping all your traffic going ONLY over the gre  first
<patdk-wk> if you only shape that, you should be fine
<cdb23ax> you mean replace eth0 with tun0 in this script?
<cdb23ax> well i have tried that, then no traffic shaping takes place
<cdb23ax> and some people say that you cannot shape with the gre interface you need to shape on your physical interface
<patdk-wk> odd, maybe a limit of gre, never used it
<patdk-wk> if that is the case your screwed
<patdk-wk> cause you won't be able to prioritize traffic over the gre
<patdk-wk> if that is the case, why do you have all those 10.0.0.0?
<cdb23ax> just dummy ips
<cdb23ax> have nothing to say
<patdk-wk> you will need to shape everything BUT your gre tunnel on eth0
<cdb23ax> in the original script they are removed
<cdb23ax> in fact only the /29 stands there
<patdk-wk> what you need to do, is download the wondershaper
<patdk-wk> then edit it, to exclude your gre tunnel from being shaped
<patdk-wk> for your external host
<patdk-wk> for your internal one, I guess yo uneed to shape only the gre
<patdk-wk> or well, the whole internet interface would do it too
<cdb23ax> for internal i can do normal ts with tc
<cdb23ax> it works well
<patdk-wk> but you loose all control of prioritizing outgoing packets
<cdb23ax> well thats not true
<cdb23ax> on my side all is behaving normal
<cdb23ax> patdk-wk how can i exclude gre interface in wondershaper?
<patdk-wk> likely by setting the whitelist or exclude ip
<cdb23ax> well in wondershaper i have done this wondershaper eth0 512 512
<cdb23ax> so there is no exclude tun0
<cdb23ax> so what did you mean should i remove the gre port number from beeing shaped?
<cdb23ax> patdk-wk even with wondershaper eth0 200 200 on both side nothing changes
<cdb23ax> except the upload
<cdb23ax> on my side
<RoyK> hm... anyone here using LSI SAS controllers with supermicro SAS expanders? Seems smartctl can't report much from those drives. This is an LSI SAS 9207-4i4e
<patdk-wk> royk, works for me :)
<RoyK> patdk-wk: well, it somewhat works here as well, and -i identifies the drives and so on, and -a gives some data, but not the data I want. See http://paste.ubuntu.com/7907948/
<RoyK> sda is directly connected to a local SATA thing. sdc etc is on the SAS expander
<patdk-wk> royk, your confused :)
<patdk-wk> your expecting sata output
<patdk-wk> the output for sdc is *NORMAL* for enterprise disks
<patdk-wk> that is the same output you would get using a FC, or SCSI disk also that is enterprise rated
<RoyK> patdk-wk: erm - how can I get proper output from a sata drive? I have seen that before
<patdk-wk> heh?
<patdk-wk> that an enterprise disk though
<patdk-wk> it has nothing to do with *proper* output
<patdk-wk> that is what the disk returns
<patdk-wk> enterprise disks use that format
<patdk-wk> they have always been that way
<patdk-wk> atleast since I started using enterprise disks, back in 2004
<patdk-wk> you would have to swap out the firmware on the disk, to change it
<RoyK> patdk-wk: I've used enterprise disks that give proper output too. Also, the sda is an enterprise disk, but not connected to the SAS controller
<ploo_> how do i disable a service in ubuntu 14 server?
<RoyK> ploo_: see update-rc.d or just remove the service from /etc/rc2.d/
<RoyK> ploo_: in /etc/rc2.d/ it's just symlinks for the services to start
<RoyK> ploo_: which service is this about?
<weeb1e> How can I execute a bash script in a new shell and have it not exit the shell when the script exits? I need to do that, so I can open that script in a new named screen session, and have it exit to a bash shell if the process running in screen exits
<weeb1e> I'm really tired of having to start things manually because I don't know how to do the above
<rbasak> weeb1e: that doesn't quite make sense to me. There are two things you can do here I think.
<waltz> hey, i'm having some trouble with upstart. i keep getting 'invalid job class'
<rbasak> weeb1e: look into the "source" command (also shortened to .). This runs the commands in the file as if you're typing them in, so when done you'll get a shell that's in the same environment those commands are in.
<rberg_> Hi all, I am setting in etc/default/grub gfxmode=800x600 and grub comes up at that resolution. however after boot the resolution changes to 752x413 and I am not sure what is causing this.. any ideas?
<weeb1e> rbasak: I am specifically asking how not to do that
<rbasak> weeb1e: or the second option is just to run another shell at the end of your script. Just have "$SHELL" (with the quotes) as a line at the end.
<rbasak> Since when you're running a shell script, that's what happens - non-interactively.
<weeb1e> And the reason I don't want to run another shell, is it will lose history and instead of having to press "up arrow -> enter" to restart the application, i will have to type out the full command line
<rbasak> If you then want it interactive, start an interactive shell.
<weeb1e> rbasak: So I am really hoping for a proper solution
<weeb1e> I simply want to start a new shell, execute a command as if it was typed into the shell, and leave the shell as is afterwards
<rbasak> Maybe that's something that screen can do for you. It's not a feature of the shell itself.
<rbasak> (unless it's some newer thing I don't know about, or eg. zsh or something can do it)
<weeb1e> I'm very surprised, as this seems like a rather big oversight
<rbasak> I think most people arrange things so that it's just not needed. I've never needed it, for example.
<weeb1e> You don't use screen for programatically spawned processes then I guess
<weeb1e> I require it for my use case
<rbasak> No, people generally don't do that.
<weeb1e> So I guess I will have to continue to manually start each application in a screen session after every reboot
<rbasak> THey fix the processes to not need to run interactively, so no need for screen.
<weeb1e> On 10 different boxes
<rbasak> Or they wrap the command and add an init job, etc.
<weeb1e> The processes are under constant development, and although they support multiple remote interfaces for REPL interaction, they also have an interactive console at command line
<weeb1e> Interactivity is not the reason I want this configuration however
<weeb1e> As I explained, I specifically want to be able to ctrl + c to exit the application, and use "up arrow -> enter" to restart it
<weeb1e> The inconvenience of having to type out the entire command line manually to restart the applications is far worse than having to manually start the screen sessions after every reboot
<rbasak> Make the entire command line shorter.
<rbasak> Or wrap the screen invocation, with the automatic "start session if session is not already running" thing.
<weeb1e> It can only be so short, and it's still an inconvenience
<weeb1e> That isn't an option, since on the very rare instance that the application crashes, if it exits the screen session completely, the console output would be lost
<rbasak> I suppose you could even kludge the history.
<rbasak> screen can log the output
<weeb1e> I am still really surprised bash lacks such a trivial feature
<rbasak> Go ahead and suggest it to them, then.
<rbasak> I'm surprised that you feel it's trivial, and aren't wondering what you're doing differently that nobody else has faced this problem before.
<weeb1e> I guess it's pretty specific to screen, since executing the application using most other methods would be wrapped in a shell
<weeb1e> I could approach the issue from many angles, but I'll probably just continue manually for now and deal with it later
<weeb1e> I could even automate the TTY used to spawn screen
<qman> weeb1e: requiring such a setup is considered bad design, so there isn't much in terms of hacks to make it work, other than screen
<patdk-wk> royk, hmm, no, while seagate calls it enterprise, it's not a real enterprise disk, it's nearline
<patdk-wk> I have never had a enterprise disk give me the output that normal ide/sata disk do
<qman> weeb1e: easy way out here is writing an init script (or just a regular script) that starts your app in screen, so its easy to stop/start/restart and maintain interactivity
<patdk-wk> but the *sata enterprise* disks I have do though, do that normal sata format
<patdk-wk> but none of my 10krpm or 15krpm disks, have EVER produce that output, but always that other *enterprise* format
<RoyK> patdk-wk: nearline or enterprise, it's the same thing
<patdk-wk> not really
<weeb1e> qman: That would mean any console output would be lost if the application was terminated badlyt
<weeb1e> *badly
<patdk-wk> they have different hardware in them
<RoyK> patdk-wk: what sorts? why would el-cheapo drives report better than expensive drives?
<qman> weeb1e: you should make it log properly at the app level, but screen can also log
<patdk-wk> royk, no, it's cause of the different firmware
<patdk-wk> on the cheapo's :) you have to manage the smart checks and tests yourself
<patdk-wk> on the *enterprise one* it is always doing it's own checks and reporting back
<patdk-wk> you don't have to schedule checks
<patdk-wk> it's just the different ways they do the smart stuff
<weeb1e> qman: It does, but if it was terminated really badly, say due to a system function or something related to the kernel, that won't necessarily be enough
<weeb1e> For applications that require constant development, there is simply no more convenient setup than running in screen
<RoyK> patdk-wk: I've done some tests on those 'enterprise drives' as well and the ones I've tested worked with smart tests as well
<patdk-wk> yes, you can manually do it
<patdk-wk> and it will ignore or do them
<patdk-wk> but it also does them itself
<patdk-wk> without you asking
<RoyK> patdk-wk: it's pretty hairy if an enterprise drive can't report simple smart data
<RoyK> patdk-wk: what sort of protocol?
<RoyK> patdk-wk: or is that something disclosed, only used for smartass systems?
<patdk-wk> no, it's there in the output
<patdk-wk> but it doesn't give you those values your used to
<RoyK> does recent smartmontools support that?
<patdk-wk> I'm not sure, I haven't played with them in a system that I could use smartmontools on
<patdk-wk> as I normally shove them on a hardware raid card, or an san system
<qman> weeb1e: then make your init script use screen, and tell screen to log
<waltz> hey all, i'm looking for a hand with some upstart issues
<waltz> what are the valid job types?
<waltz> i keep getting an 'invalid job type' error
<waltz> initctl: Invalid job class:
<weeb1e> qman: I ended up just automating the PTY to spawn the application in screen the same way I have been using it manually for years
<weeb1e> It gave me something different to do anyway, I've always wanted to automate a PTY app, but never had a good enough use case
<weeb1e> Has the sudoers file format changed since 11.10?
<sarnold> weeb1e: I don't see anything in /usr/share/doc/sudo/{NEWS*,changelog*} files that anything big changed; a ton of little things but nothing along ht elines of "new format for sudoers'
<weeb1e> I'll do a little more testing, but I seem to be unable to use NOPASSWD on a group or user without breaking the files parsing
<weeb1e> Even using a Cmnd_Alias does not work :(
<weeb1e> This line fails to parse, with or without quotes around the second command:
<weeb1e> Cmnd_Alias PASSWORDLESS_CMDS = /usr/sbin/iftop, ruby /home/admin/process_manager/process_manager.rb
<sarnold> weeb1e: do you get any error messages from visudo?
<weeb1e> sarnold: visudo? That sounds visual, and this is a server
<sarnold> weeb1e: in the same way that 'vi' is the VIsual editor, compared to ed :)
<weeb1e> After adding that line and attempting to use sudo, it says: >>> /etc/sudoers: syntax error near line 18 <<<\nsudo: parse error in /etc/sudoers near line 18\nsudo: no valid sudoers sources found, quitting\nsudo: unable to initialize policy plugin
<weeb1e> sarnold: Well I tried visudo, and that definitely looks like a safer way that using a second shell to restore the file, but it gives the same line 18 error :P
<sarnold> weeb1e: darn. I hoped it would be more verbose about what went wrong :(
<sarnold> weeb1e: the best part of visudo is that it prevents you from locking yourself out of sudo access by accident
<weeb1e> Yeah, if my SSH session was lost before I manually restored the file, I would get locked out
<weeb1e> So I will be using visudo in future
<weeb1e> Although, in future, this updating will be scripted
<sarnold> weeb1e: try giving the full path to ruby?
<weeb1e> That is, as soon as somebody can tell me what is wrong with that above line
<weeb1e> sarnold: Surely that shouldn't be necessary?
<weeb1e> Even ruby scripts use /bin/env instead of an absolute ruby path
<weeb1e> Systems often have multiple ruby installations
<weeb1e> Although, it would actually be very unsafe without an absolute path
<sarnold> weeb1e: I fear the sudoers file :) more specific is probably better...
<weeb1e> sarnold: That does indeed solve the issue
<weeb1e> And fear of it is good
<weeb1e> But it is also sometimes necessary
<sarnold> welcome to the cult :)
<weeb1e> Especially if you use iftop
<weeb1e> Which I believe every server admin should be using
<weeb1e> More specifically iftop -B :P
<sarnold> hehe, iftop++ -- the things it finds..
<weeb1e> First thing I do when connecting to any box, is start htop and iftop -B, then use a third tab for actually doing anything
<arrrghhh> so, trying btrfs... and I'm getting some weird metrics on df.  so I heard running a newer kernel is a good idea for btrfs... so in my haste waiting for 14.04, I just forced that kernel to install - and now the btrfs drive won't mount
<arrrghhh> this is what dmesg says
<arrrghhh> http://hastebin.com/vugepogoci.sm
<sarnold> arrrghhh: zfs sometimes gives non-intuitive results to 'df' as well -- compression, deduplication, etc. all kinda make ls vs du vs df give different results than people might be used to
<weeb1e> So this is rather odd, using that command added to sudoers manually works fine, but when run inside bash inside screen, it asks for a password
<arrrghhh> well available made sense...
<arrrghhh> but used / free did not.  345 avail, 207 used 18 free - doesn't make sense
<arrrghhh> sarnold, but still how do I mount the drive now?  I've never seen an error like this where
<arrrghhh> 'mount' fails because there's not enough space ^^
<sarnold> arrrghhh: sorry, no idea there, I haven't spent any time looking at btrfs
<weeb1e> Not sure what sudo depends on, in order to check users against the sudoers file
<weeb1e> But the only thing I can think of, is when screen starts bash, it must remove some environment variable that sudo depends on
<arrrghhh> sarnold, ok.  I started using it because I thought I could build a RAID 0 "array" which could be built with different sized disks
<arrrghhh> seemed to work, but maybe not... heh
<arrrghhh> I managed to mount it ro
<arrrghhh> but not sure what happened exactly...
<arrrghhh> hm.  there's a lot I don't understand about btrfs.  :D
<xnox> arrrghhh: that's ok, it hates you too =)))))))) *giggle* </joke>
<xnox> arrrghhh: different sized disks + btrfs as raid0 is not that good, as it would constantly would be rebalancing and deduplicating.
<xnox> arrrghhh: LVM2 would have been a better choice.
<arrrghhh> hm.  I didn't need to set these up as RAID 0
<arrrghhh> t'was just convenient.  I spose I'll blow them up and go back to ext4
<xnox> arrrghhh: well LVM2 gives you a pool of storage, from which you can create volumes of any size and resize/snapshot them etc. Or just have one spanning the whole amount.
<arrrghhh> ya, I have my 4tb disk using lvm
<xnox> arrrghhh: with btrfs, there is no way to control pools much, thus all drives with btrfs end up in one =/ (unlike lvm2, or e.g. ext4) and then hallarious properties start to dawn on to you with time. Eg. with btrfs your IO throughput and performance will degrade with time, and with fullness.
<arrrghhh> I'm just not sure that would be the best for 2 SSD's of different size
<xnox> arrrghhh: use them as dm-cache for even bigger spinny drives is the best =)
<arrrghhh> I use the ssd's to try and decrease build times
<xnox> arrrghhh: well, I bought 32GB of RAM and build everythin in tmpfs =) that does decrease build times.
<xnox> arrrghhh: plus i have fsync disabled and eatmydata enabled.
<arrrghhh> hah, if only RAM was cheap.  I only have 16gb
<xnox> arrrghhh: and builds on btrfs would be slower than xfs or ext4.
<weeb1e> I can't figure this one out... If anyone knows why running sudo inside GNU Screen stops the sudoers file from being used, please let me know
<xnox> especially a lot of throwaway builds and/or ccache
<arrrghhh> weeb1e, I use sudo inside of screen all the time... no problems
<weeb1e> arrrghhh: I take it you do not use it in conjunction with a NOPASSWD entry in the sudoers file
<weeb1e> The NOPASSWD sudoers entry works fine from a shell under my user, even if I start a new shell with `bash`, but as soon as I start screen from my user, using sudo in that bash shell asks for a password
<arrrghhh> oh yes I want sudo to prompt for psw
<weeb1e> arrrghhh: NOPASSWD is generally used when you want to run specific binaries with sudo without a password
<xperia> hi all. small question. how do you make it possible to have two cascaded redundant web servers running where the second webserver on machine 2 takes over when the first webserver on machine 1 shutdown ? I have read round robin is no solution for such a case because it does not provide any cascade!
<weeb1e> xperia: I'd recommend using a third server which will always be up as an nginx reverse proxy, which will monitor each of your upstream servers and route requests to one which is available
<xperia> weeb1e: thanks a lot for your rely. highly appreciate it. is there no other solution like having some heart beat exchange between two servers for monitoring and a takeover in case of a emergency?
<xperia> reply
<axiom_1> I'm new to ubuntu server, and with that being said, I'm wanting to setup a server to store all my files and also act as a backup server. Would I need to setup a database server or a fileserver?
<Patrickdk> depends
<Patrickdk> maybe both
<Patrickdk> but if your looking at the install screen still, probably none
<Patrickdk> but generally storing all your files + backups is not a good idea
<Patrickdk> as it can't store the backups of all your files it's storing safely
<weeb1e> xperia: Are the two servers are different physical locations?
<weeb1e> If so, a reverse proxy would not be the correct solution
<RoyK> backups are for cowerds - real men trust their drives
<xperia> weeb1e: yeah they are on total different physical location all over the world with different ip addresses also.
<axiom_1> Patrickdk, well for starting out, I'll have 2 hard drives in raid 1 for now
<Patrickdk> xperia, there is no solution to that, other than anycasted ip space
<RoyK> real men run 50-drive systems in raid0
<Patrickdk> what does having a raid1 have to do with this?
<weeb1e> xperia: Some kind of heart beat based monitoring could work then, although you will likely get false positives from time to time due to routes between the servers going down
<Patrickdk> raid1 doesn't help provide fileservers or backups
<Patrickdk> it just provides space
<weeb1e> xperia: What most people (including google) do in that situation is, use a roundrobin for the different IPs on your DNS, set the TTL to very low (not more than a few minutes), monitor the servers and when one goes down, script removal of that IP from the DNS
<weeb1e> If you use a very low TTL, the DNS update will propagate quickly
<Patrickdk> that assumes though, that your website is sessionless
<weeb1e> If your session is cookie based, there is no issue
<weeb1e> If the session is based on local server storage, that is more complex
<Patrickdk> if all the session data is inside the cookie
<xperia> weeb1e: ahh yeah i have seen this behavior on the google side. i have already tried round robin and it works very well the thing is that it balance the traffic instead to cascade it. but yeah gues manipulating the dns entry in case of a emergency is best solution.
<weeb1e> Session based cookies are very popular, it's easy to encode and store the users id in the cookie
<weeb1e> xperia: You can do the same thing without a round robin if you want
<weeb1e> It'll just maximize any downtime
<weeb1e> You just leave only the first server as the DNS A record, and swap it with the other one if the first server goes down
<weeb1e> It's the only solution in this case
<Patrickdk> if you need to balance traffic better
<Patrickdk> you can always use the same ip address multible times
<weeb1e> Unless you want to have a third PC which loads an initial page and redirects to an available server
<weeb1e> That is also a possibility, if redirects are possible
<Patrickdk> you don't need a 3rd pc for that :)
<Patrickdk> both of the existing ones can do that
<weeb1e> Not if one could go down...
#ubuntu-server 2014-07-31
<Patrickdk> yes
<Patrickdk> when you change the dns, you would also adjust the redirect
<Patrickdk> I am assuming each webserver is a dns server though
<Patrickdk> for routing issues
<weeb1e> In certain cases, such as my own, when streaming audio over HTTP, not all clients support multiple (or in rare cases, any) redirects, the only option is DNS based
<Patrickdk> that way some of the internet can use one, and some of the internet hits the other
<xperia> yes actually the one is a master and the other a slave but i can turn them both as masters
<weeb1e> Patrickdk: I gave DNS as the first option, a web server based redirect is the second
<Patrickdk> yes, but no reason you can't use both together :)
<weeb1e> A third web server redirecting instead of using DNS changes will emilinate any downtime
<weeb1e> But is not always suitable
<Patrickdk> and then add bgp anycast on top :)
<Patrickdk> personally I normally do bgp anycast -> loadbalancers -> bankends
<weeb1e> Not everyone is in a position to use anycast :)
<xperia> bgp anycast hmm never hear till yet. thing is i dont want to balance i want to cascade aka use allways server 1 in case server 1 shutdown use server 2
<weeb1e> I'd love to use multicast, but my country not so much
<Patrickdk> then your stuck doing dns
<weeb1e> So YMMV
<RoyK> IPv6 FTW!
<Patrickdk> what? mobileip works? :)
<Patrickdk> mobileip could so solve this :)
<RoyK> IPv6 should be mandatory for all services
<xperia> yeah dns is then the thing to go. thanks a lot for your suggestions.
<weeb1e> xperia: Good luck
<weeb1e> 2am, good time for a breakfast break.. then back to work
<bananapie> hi. I have Ubuntu 10.04 LTS server and need to use debootstrap to build a machine with Trusty 14.04 LTS. i tried soft linking gutsy to trusty in /usr/share/debootstrap/scripts but it says it's not a valid suite
<jak2000> hi all how to remove all java stuff? http://pastie.org/9432985  cant :(
<sarnold> jak2000: try this: sudo dpkg --purge openjdk-6-jdk openjdk-6-jre openjdk-6-jre-headless openjdk-7-jre openjdk-7-jre-headless openjdk-7-jre-lib sun-java5-jdk sun-java6-jdk
<jak2000> sarnold ok
<jak2000> sarnold: http://pastie.org/9433006 not worked
<jak2000> continue allmy javastuff on my ubuntu server
<sarnold> jak2000: great -- re-run the command with "icedtea-6-jre-cacao openjdk-6-jre-lib default-jre-headless icedtea-6-jre-jamvm icedtea-7-jre-jamvm" added to the end
<jak2000> ok, rerun...
<jak2000> sarnold: http://pastie.org/9433017 same or similar result :(
<sarnold> jak2000: this is normal :) now add "ca-certificates-java libcommons-dbcp-java tomcat7-common" to the command :)
<jak2000> http://pastie.org/9433020 :(
<sarnold> jak2000: add openjdk-6-jre-headless libtomcat7-java   :)
<eatingthenight> hello I am having an odd issue. I have gone through every issue I can find on google regarding networking for ubuntu server 12.04 but I can't ping from this server to an IP or even the gateway. I am able to ssh into it though and access the webserver it runs.
<eatingthenight> I have tried using static and dhcp to no avail.
<sarnold> eatingthenight: do you get error messages when you try to ping the gateway's IP?
<eatingthenight> no it will just hang I have left it for about 10 minutes and it just hangs.
<jak2000> sarnold: http://pastie.org/9433029
<sarnold> jak2000: openjdk-6-jre-lib  :)
<sarnold> eatingthenight: hunh, that's odd.
<eatingthenight> yeah i know it's very strange.
<eatingthenight> I have never had this before. Server has been running great for 2 years.
<xeno_> Say, my friend is trying to set up a remote desktop experience on an Ubuntu Server.  He is trying to provide a remote desktop experience, but apparently there are access problems that allow shutdown of the server which he wants to preclude and cannot.  Any suggestions?
<xeno_> I know from experience that Gnome is less than comfortable on server for my tastes, but that may not be pertinent to this.
<xeno_> Typically my friend provides remote user access to servers for shell, but not root access at all.
<jak2000> sarnold: http://pastie.org/9433049
<sarnold> jak2000: nice. that's probably all of them :)
<sarnold> xeno_: I think what you need is in /usr/share/polkit-1/actions/org.freedesktop.consolekit.policy
<sarnold> xeno_: oh. this looks more useful: http://askubuntu.com/a/251942/33812
<xeno_> Yes, but he wants to make shutdown require an admin password.  Hmm.
<MavKen> any recommended open source control panel for 14.04?
<eatingthenight> what do you want to control?
<eatingthenight> for the entire server?
<MavKen> yes
<MavKen> cpanel ..not zpanel
<MavKen> cpanel replacement
<eatingthenight> MavKen so you just want something for your database? or do you have a server that is running everything?
<MavKen> I have a small hosting business.. I use cpanel to add new clients and them have access to a cp
<MavKen> I just didnt like zpanel
<MavKen> and don't want to pay for cpanel anymore
<MavKen> since most of them use wordpress, a bash script to create a new user, create db user, install wp would be sweet...but I don't have experience with that
<sarnold> MavKen: the juju wordpress charm may have some ideas you can mimic
<jak2000> sarnold hi friend are you there?
<sarnold> hey jak2000 :) it's almost time for me to quit for the night..
<jak2000> waita moment please
<jak2000> see please: http://pastie.org/9433133
<sarnold> jak2000: yes?
<jak2000> this files, deleted? manually?
<jak2000> or not problem?
<sarnold> jak2000: everything in that directory is cached downloaded packages -- keep that directory in mind, it can be very very helpful :)
<jak2000> ok
<sarnold> jak2000: if you need disk space, you can delete them. but they don't bother anything
<jak2000> now i can install: apt-get install openjdk-7-jdk   right?
<jak2000> sarnold can you give me a favour? paste me the last link, before i am discnnected,thanks(i want documment my problem) thanks
<sarnold> jak2000: http://pastie.org/9432985 http://pastie.org/9433006 http://pastie.org/9433017 http://pastie.org/9433020 http://pastie.org/9433029 http://pastie.org/9433049 http://pastie.org/9433133
<jak2000> thx
<jak2000> goodnight
<sarnold> nn :)
<jak2000> ok installing now openjdk-7
<jak2000> sarnold beeautiful,,,  with your help
<jak2000> see please: http://pastie.org/9433163
<jak2000> no errors now
<sarnold> jak2000: nice :)
<sarnold> jak2000: scorched earth never looked so good
<jak2000> before your help i cant shutdown the tomcat service....
<pds|2> hi guys wrote a preseed file, getting from utc for some reason
<MavKen> for 1gb ram, any reason to get 64bit on vps?
<gnuoy> I'm trying to understand why the  alembic package in ubuntu isn't a straight sync and what change Ubuntu has atop of the upstream version.  http://paste.ubuntu.com/7912454/
<gnuoy> rbasak, I know it's not patch Friday but if you have a sec at some point ^
<jak2000> hi all, how to open a port on ubuntu-server?
<TJ-> jak2000: define "open" ?
<jak2000> telnet 162.252.243.81 8080   connection refused...
<TJ-> jak2000: Do you control 162.252.243.81 ?
<jak2000> i want thee users can access: http://mydomain.com:8080  understand me TJ-?
<jak2000> yes
<TJ-> jak2000: OK, what firewall control are you using on that server?
<jak2000> the default i have 14.04 version
<TJ-> jak2000: the manual way would be to add a rule using iptables, but that won't stick across reboots unless you have some form of firewall manager, such as "ufw" or "shorewall" installed
<jak2000> ithink ufw
<jak2000> sudo ufw allow 8080/tcp   and   sudo ufw reload  ?
<TJ-> jak2000: Then you'd need to add a rule using UFW to allow port 8080 TCP
<jak2000> mmm not opened :(
<TJ-> jak2000: what process is listening on port 8080 ?
<TJ-> jak2000: if no process is listening, having the port allowed in the firewall won't change anything
<jak2000> ok
<jak2000> now opened :)
<pmatulis> morning
<jamespage> ok that's enough triage of really old bugs for one day...
<jamespage> pm-utils I love you
<pmatulis> me?  ;)
<RoyK> patdk-wk: btw, your theory that enterprise drives don't have these smart counters doesn't seem right. the two root drives connected to local sata ports are also seagate constellation, enterprise drives
<patdk-wk> my definition of enterprise disks was, ones that talk scsi, and non-enterprise talk ata
<patdk-wk> generally that means sata=ata and sas=scsi
<patdk-wk> now, if a manufacturer, say it's enterprise, but still talks ata, heh
<patdk-wk> if the disk talks sata, you get attributes and thresholds
<patdk-wk> if the disk talks scsi, you don't
<JediMaster> hi guys, I'm upgrading to VMs from 13.10 to 14.04.1 LTS with do-release-upgrade, and both have been sitting at "Installing new version of config file /etc/pam.d/sshd ..." for the last half hour, I can still SSH into both, any ideas?
<Abhijit> hi
<pmatulis> JediMaster: woof, try http://serverfault.com/questions/321520/ssh-connection-lost-during-server-upgrade-how-to-reconnect-to-process
<JediMaster> pmatulis, it's not lost the conenction, but thanks
<pmatulis> having an ssh pam change during an upgrade is nasty
<pmatulis> JediMaster: i know, try it anyways, the upgrade may be continuing and you don't know it
<JediMaster> pmatulis, it's still connected to the ssh & do-release-upgrade, I can type and see characters come up
<pmatulis> JediMaster: the key is to try reconnecting to the screen/byobu session
<JediMaster> that never works for me
<JediMaster> screen -list returns: "No Sockets found in /var/run/screen/S-root."
<JediMaster> screen -x and byobu do not reconenct to it either
<JediMaster> I am really still conencted anyhow
<pmatulis> may be using tmux?  dunno.  need to try it myself
<pmatulis> tmux ls
<JediMaster> failed to connect to server
<pmatulis> can you view logs?
<JediMaster> I can see this running however:  screen -e \0\0 -L -c screenrc -S ubuntu-release-upgrade-screen-window /tmp/ubuntu-release-upgrader-n_ottj/trusty --mode=server --frontend=DistUpgradeViewText
<pmatulis> maybe use some byobu command?
<pmatulis> i don't use byobu, but tmux directly
<pmatulis> byobu -r ?
<pmatulis> you must do it with the root account i think
<JediMaster> I am
<StolenToast> Hello
<StolenToast> I am attempting to use OpenVPN with my server but it will not function is the firewall is enabled, even though port 1194 is allowed
<StolenToast> *if
<weeb1e_> When trying to start cpufrequtils, I get "disabled, governor not available...", googling this issue just returns tons of questions with no solutions. The most informative thread I found says that someone was able to fix it by downgrading to an older kernel, and that the newer kernel is bugged and the devs do not want to fix it
<weeb1e_> But that was in 2011, I've used newer kernels on other boxes just fine
<weeb1e_> So does anyone know how I can check if the reason cpufrequtils is due to hardware, such as an incorrect bios setting?
<weeb1e_> *the reason cpufrequtils is failing
<ed8> hi, does the cron's string @reboot work on Ubuntu-server?
<Pici> ed8: yes
<ed8> Pici: are you aware of http://unix.stackexchange.com/a/109805/17362
<Pici> ed8: curious... I recall it working at some point.
<Pici> I don't have an Ubuntu system I can reboot here to test with though...
<patdk-wk> at some point?
<patdk-wk> it has always worked
<ed8> patdk-wk: did you read the thread I linked to?
<patdk-wk> yes, but nothing in that thread matters
<patdk-wk> there is a lot of speculation and references to other people
<patdk-wk> nothing referencing any bug reports, issues, or problems
<pmatulis> ed8: why not simply test it?
<ed8> pmatulis: that's why I'm here
<ed8> I tested, it doesn't work
<patdk-wk> what version of ubuntu?
<ed8> here is my crontab content: https://gist.github.com/edouard-lopez/b45c524c26b8ffecc576
<ed8> 14.04
<ed8> + cron 3.0pl1-124ubuntu2
<patdk-wk> works fine here on 14.04
<ed8> my bad, my path to the scripts is incorrect
<pmatulis> works fine here too (14.04)
<pmatulis> ed8--
<arges> smb: utlemming : we can discuss bug 1350522 here when you get a chance.
<uvirtbot> Launchpad bug 1350522 in linux "EC2 kernel crash due to vmalloc" [High,Confirmed] https://launchpad.net/bugs/1350522
<ed8> thanks :)
<RoyK> hm... I beleive I asked here earlier, but I can't find it in the logs. Is there a simple way to enable disk LEDs for broken disks? IIRC there was something under /sys somewhere
<dasjoe> RoyK: that should be possible, if your disk is in an enclosure with a lsi expander you get "/sys/class/enclosure/SOME_ID/Slot\ 01/" and can echo to "fault" or "locate", "echo 1 > /sys/class/enclosure/1\:0\:21\:0/Slot\ 01/fault" turns on a red light for me
<RoyK> dasjoe: any idea how I can map device names to a slot without a manual lookup?
<bitfury> hi, how would I upgrade security packages only?
<bitfury> sorry I worded that wrong, I'm looking to just do security updates.
<dasjoe> bitfury: I'd use unattended-upgrade from the unattended-upgrades package. By default it runs security upgrades daily, which you can disable if you want to run it manually
<bitfury> yeah I would like to run it manually, I'll look into it thank you
<pmatulis> bitfury: use the -security repo only?
<bitfury> pmatulis: guess that could be an option as well
<bitfury> :)
<rberg_> Hi all.. I think I found a kernel regression in ubuntu 12.04. I was tracking down why in kvm and virtualbox the console resolution is 640x480 when I set it to 800x600 in /etc/default/grub with kernel 3.2.0-67-generic.. when I booted 3.2.0-48-generic the console was the correct resolution.
<robot_z> How can I check total disk size versus total disk usage/availability as with df -H?
<robot_z> Or, does dh -H give that info and I just am failing to read it correctly
<robot_z> df -H*
<rberg_> #24 on https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/699802 seems to do the trick for me.. huzzaaa!
<uvirtbot> Launchpad bug 699802 in grub2 "error:: no video mode activated" [Medium,Confirmed]
<nyc-h0st> hi all, having a problem with Kerberos + LDAP, i can obtain krb tickets just fine and my user exists in ldap, however trying to login over ssh fails, logs are visible under; http://pastebin.com/BDCDFS2J
<nyc-h0st> kerberos is embedded with pam and nss is configured to use ldap
<lykwydchykyn> HI, I'm having a problem with my 12.04 ltsp server.
<lykwydchykyn> HTOP shows the cores are constantly between 80 and 100%, but no processes are showing high cpu usage
<lykwydchykyn> I've posted a screenshot on Ubuntu forums here: http://ubuntuforums.org/showthread.php?t=2237048
<lykwydchykyn> Anyone seen this sort of behavior before?  It's just started recently, this server's been running for years without problems.
<arrrghhh> lykwydchykyn, ick.  have you tried 'atop'?
<arrrghhh> also, are you running with sudo
<lykwydchykyn> I've tried sudo, but not atop
<lykwydchykyn> I'll try it presently
<sarnold> lykwydchykyn: "The administrator may have required you to register before you can view this page."
<arrrghhh> sarnold, sign in
<arrrghhh> lykwydchykyn, atop will show stuff like IO so if you have a disk going nuts
<sarnold> hooray, the single-sign-on actually worked :)
<lykwydchykyn> I'm trying to parse through the output of atop
<sarnold> lykwydchykyn: can you pastebin ps auxw output?
<lykwydchykyn> http://pastebin.com/8c9fFgwb
<arrrghhh> lykwydchykyn, screenie of atop too if you have time :)
<arrrghhh> it should highlight any "issues" if youw ill
<lykwydchykyn> http://imgur.com/TUvO1sM
<lykwydchykyn> The disk usage doesn't look high, but I'm not sure what normal would be
<arrrghhh> hm ya it all seems processor bound
<arrrghhh> ran with root on atop as well yes?
<lykwydchykyn> Yes
<sarnold> the easiest way to chew up that kind of CPU time without it showing up in ps or top or similar is to have a few forkbombs running where the parent immediately exits after spawning a child; no process lasts more than a few miliseconds but there's thousands of them born and killed each second
<lykwydchykyn> My ltsp users keep running ps all the time, is that normal?
<arrrghhh> lykwydchykyn, the other thing I can think of is back in htop, have you tried sorting by "time"?  see if there is a process that's staying up?
<sarnold> lykwydchykyn: seems unlikely...
<lykwydchykyn> the top process for time is a python process running twistd, seems to be related to epoptes
<lykwydchykyn> It has 9:06:53 for TIME
<arrrghhh> :/
<lykwydchykyn> Not sure what killing it would do
<sarnold> nine hours of CPU time for a heavily used service isn't too surprising..
<arrrghhh> ya I don't think that's it
<lykwydchykyn> wish I knew what was running ps all the time.  Is there a way to see parent pids in something like top?  I couldn't find it in the man page
<lykwydchykyn> The processes disappear to quick to inspect their /proc folders
<sarnold> lykwydchykyn: hit 'f', arrow down to ppid, hit space, then q
<lykwydchykyn> Hrm.  It's my xsession script
<sarnold> lykwydchykyn: if you're up for some work, you could install the auditd package, use auditctl to load syscall auditing rules and audit the 'clone' system call. if my guess is right, the logging will be horrendously quick, so be prepared to turn off the logging again before you run the command :)
<sarnold> lykwydchykyn: oooo
<lykwydchykyn> I have a line in there that checks to see if the browser is already running, and if not, it runs it.
<lykwydchykyn> But it should only run if the browser is closed, which shouldn't happen really at all...
<sarnold> lykwydchykyn: can you pastebin your xsession?
<lykwydchykyn> http://pastebin.com/nSa7XpCW
<lykwydchykyn> It's the same one that's been used for a while
<sarnold> lykwydchykyn: if you run wcgbrowser in a terminal, do you get your prompt back quickly? or do you have to kill the browser to get your prompt back?
<lykwydchykyn> You have to kill the browser
<lykwydchykyn> It should block
<sarnold> lykwydchykyn: dang.
<sarnold> lykwydchykyn: well, I mean, that's good, but it means I don't spot the easy answer :)
<lykwydchykyn> :) yeah
<jak2000> hi sarnold thanks for your help
<lykwydchykyn> I can't remember why I had to do the ps thing, it's been a while (I should comment these things).  Maybe I can just take that bit out.
<lykwydchykyn> I have to run for a bit; thank you sarnold and arrrghhh
<lykwydchykyn> I'll check back if anyone has any ideas...
<sarnold> lykwydchykyn: hrm. good point. take out the ps | grep ..
<sarnold> lykwydchykyn: another option is to take out the "keep it running" thing entirely -- let xsession end when the browser dies or is closed, and restart the session some other way
<jak2000> sarnold you develop?
<sarnold> jak2000: not much; I audit, complain, and sometimes fix :)
<jak2000> oo interesting then your specialization is SYSADMIN?
<sarnold> jak2000: no, security :)
<lykwydchykyn> Hey all
<lykwydchykyn> I think I may have figured something out
<lykwydchykyn> My LTSP users seem to have two .xsessions running
<lykwydchykyn> The clients get rebooted every night, but the old sessions stay running; since they can't run the browser without the client attached, they just loop ps forever
<lykwydchykyn> I'll just add something to kill all the client sessions after the reboot
<sarnold> lykwydchykyn: I really think you'd do better to take out the while true .. bit
<lykwydchykyn> Yeah, but I need these to respawn if the browser gets closed for some reason
<sarnold> lykwydchykyn: can't you just let the xsession die and then have the session manager restart the whole thing?
<lykwydchykyn> I suppose so; it just takes that much longer
<lykwydchykyn> But all in all, it's probably a better appraoch
<lykwydchykyn> I'll test that on my dev system
<lykwydchykyn> I've been killing off the superfluous .xsessions, the effect on the cpu usage is dramatic
<lykwydchykyn> OK; infinite loop is axed.  I think this will be more stable now.  We'll find out in the morning!
<lykwydchykyn> Thanks again for all the help!
<WACOMalt> Hey folks. I just had my dedicated server host install ubuntu-server for me. I didnt specify a regular user, and it seems that ubuntu doesnt allow my root login by default
<WACOMalt> is there any way for me to get in without re-loading ubuntu and specifying a normal user this time?
<WACOMalt> apparently I can use the "ILO" to login as root, but I have no idea what that is
<Patrickdk> ILO is HP for remote console
<WACOMalt> Ok, I got that working. thanks.
<jiffe98> anyone know any good cloud server providers besides digitalocean?
<jiffe98> good/cheap
<sarnold> jiffe98: hetzner.de is popular, I'm not sure if I'd call them "cloud" though..
<Patrickdk> hetzner has been good to me
<Patrickdk> I need to do a refresh sometime
<Patrickdk> server has been running there for 5 years without ever being offline
<sarnold> wow
<Patrickdk> it runs kindof like tbp :)
<Patrickdk> it's just a proxy server, no disk usage or anything
<Patrickdk> just ipsec back to the real server
<sarnold> tbp?
<Patrickdk> tpb :)
<sarnold> ahhh :)
<WACOMalt> anyone in here used Virtualmin/Webmin?
#ubuntu-server 2014-08-01
<Patrickdk> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<Patrickdk> !virtualmin
<Patrickdk> !ebox
<ubottu> zentyal is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/Zentyal (Project formally known as eBox - including in Lucid/10.04).
<WACOMalt> virtualmin/webmin supports 14.04 though?
<WACOMalt> Patrickdk, does zentray offer plenty of options? Aka can I host say, 5 separate domains on it, each using a different IP etc etc
<WACOMalt> mail server, FTP, mysql, postgre
<Patrickdk> how should I know?
<WACOMalt> oh... you recommended it so I figured maybe you used it
<Patrickdk> I didn't recommend anything
<Patrickdk> I just listed *options*
<WACOMalt> ok, sorry then
<Patrickdk> there might be more options
<Patrickdk> but those are the ones that I know of
<Sachiru> Also can anyone recommend a shared web host or cloud email provider? The shared web hosting will be used strictly for IMAP/email purposes (we need custom branding for email for 15 users, but we create and delete users a lot due to the nature of the nonprofit, so if we'll go by created users a month it will be more like 30 users)
<WACOMalt> !ehcp
<WACOMalt> I need to manually add a public key for a repo I think.. but I have no idea how to do that. This is the repo: http://archive.zentyal.org/zentyal/dists/3.5/
<WACOMalt> there is a Release.gpg file there. I assume this is the key I need to add
<jak2000> how to restart a ububtu server? sudo shutdown -g0 -r     ? or?
<Patrickdk> reboot? :)
<jak2000> yes reboot
<sarnold> WACOMalt: you need something like: sudo apt-key adv --recv-key E23F4777
<sarnold> WACOMalt: (I found the keyid by downloading the Release and Release.gpg file, and running "gpg Release.gpg"
<WACOMalt> I wound up figureing it out from this https://wiki.zentyal.org/index.php/Daily_Builds#Installing_from_APT_repository
<WACOMalt> ah
<jak2000> how to restart/reboot a ububtu server? sudo shutdown -g0 -r     ? or?
<sarnold> jak2000: what does -g0 do? I don't see it in my shutdown(8) manpage
<jak2000> sarnold :) bad practice other linux
<jak2000> the: sudo shutdown -r   its ok?
<sarnold> jak2000: I always use sudo shutdown -r now
<rena_> sudo reboot
<sarnold> I don't recommend reboot since some unix systems instantly reset the CPU on 'reboot': no dirty buffer flushing, no filesystem umounts, no process killing..
<TJ-> sarnold: reboot calls shutdown unless runlevel is {0,6}
<jak2000> sarnold wich VPS reccomend me? cheaper, good speed, good processors, and much hard drive? :)
<fraq> if I want to download all the dependencies for a package (which may already have been downloaded)
<fraq> what is the recommended way to go about that?
<mechamjoseph> hey all
<mechamjoseph> my server is running quite slow. when i run âtopâ i see quite a large number of âsendmail-mtaâ processes. is this normal?
<RoyK> mechamjoseph: check the mail logs - also - why on earth are you running sendmail?
<mechamjoseph> thank you Royk
<mechamjoseph> i didnât set this server up, iâm just helping out with a company, and iâm not really familiar with running a server
<mechamjoseph> what should i do instead of sendmail?
<RoyK> postfix or exim - I prefer postfix - but anyway - if it works, don't fix it
<mechamjoseph> haha it doesn't
<mechamjoseph> itâs totally busted
<RoyK> but then - I can't recall ever seeing a process called sendmail-mta
<RoyK> it should be just sendmail
<RoyK> pastebin "ps axfwww" please
<RoyK> !pastebin | mechamjoseph
<ubottu> mechamjoseph: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<histo> RoyK: is that like super wide output? www?
<RoyK> histo: mhm
<RoyK> histo: ps tends to cut lines
<histo> RoyK: one w would be sufficient, is what I was trying to say. www does nothing vs. w
<sarnold> histo: have you tried?
<histo> sarnold: tried what?
<sarnold> histo: ps auxw vs ps auxwww ?
<histo> sarnold: yes
<RoyK> histo: no, one w alone doesn't do what two does. three was perhaps a bit overkill
<RoyK>        w               Wide output. Use this option twice for unlimited width.
<sarnold> histo: note one w:
<sarnold> sarnold  24919  0.0  0.0  11564   736 ?        Ss   Jul18   0:00 cscope -dl -f /home/sarnold/ubuntu/security/audits/librevenge/utopi
<sarnold> histo: two ww:
<sarnold> sarnold  24919  0.0  0.0  11564   736 ?        Ss   Jul18   0:00 cscope -dl -f /home/sarnold/ubuntu/security/audits/librevenge/utopic/librevenge-0.0.1/cscope.out
<histo> ahh
<sarnold> hunh. where'd that terminal go anyway?
<lordievader> Good morning.
<RoyK> morning
<lordievader> Hey RoyK, how are you?
<RoyK> lordievader: fine, thanks
<histo> Now wait a sec, sarnold when I tested diff <(ps auxw) <(ps auxwww) no difference here. I assume that depends heavily on output so I'll take your word for it.
<histo> s/output/running pids/
<user123321> http://pastebin.com/EghdcWfA <--- this in the interfaces file. I tried pinging 8.8.8.8 but the responses are way too slow. I'm getting like only 3 responses within 15-20 seconds. The problem came after adding CARP setting. Any ideas?
<lordievader> user123321: Default route timeout?
<user123321> lordievader, Each response came with time around 70 ms. Would installing traceroute be helpful?
<lordievader> user123321: Check your routes: ip route/route
<user123321> lordievader, ip route gives, default via 192.168.1.1 dev eth0
<user123321> 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.3
<lordievader> user123321: Judging from your interfaces file I'd say that is correct, however I have no experience with a carp device and I do not know the influence of such a thing.
<user123321> Yep, problem comes only after CARP, lol.
<user123321> If I remove the CARP setting, then it will work. hmm.
<user123321> What's a good HA and LB method for Ubuntu?
<user123321> At least for, 2 servers. Main server + Backup server
<user123321> They would have, for example, an Apache.
<user123321> Is HAProxy good?
<user123321> Hello, I would appreciate some advice regarding the possibility to install this in VM's --> http://support.severalnines.com/entries/23612682-Install-HAProxy-and-Keepalived-Virtual-IP-
<user123321> For example, without getting actual physical machines, is it alright to install some of the parts in VM's, any recommendations?
<mephx> can a xfs filesystem be mounted during ubuntu setup in an alternative console? mount doesn't support -t xfs in the current 14.04 setup.
<user123321> Any comments for this network design? Load Balancer 1 and Web server 1, both in one physical machine (LB1 in a VM), Load Balancer 2 and Web Server 2 in another physical machine (LB2 in a VM). The web servers and load balancers are identical. Both the load balancers will have one virtual IP.
<user123321> So basically, there's a reduction from 4 machines to 2 machines. Any ideas?
<weeb1e_> Apparently, someone managed to remove the kernel entirely from an ubuntu server
<weeb1e_> And grub is not showing any previous kernel to load
<weeb1e_> What are the steps to recover the system and reinstall a kernel? I need to provide them via email as I have no direct access to the machine
<peetaur2> weeb1e_: :D
<peetaur2> weeb1e_: boot rescue/live cd, chroot into root, make sure boot is mounted, apt-get install linux-image-...
<peetaur2> weeb1e_: and then:    optional, not required unless you also lost /boot:  grub-install /dev/sdX          then maybe optional:  update-initramfs -u          and important:  update-grub
<peetaur2> I have also written this which has the same chroot and grub install steps:  http://pastebin.com/4NLFkdzQ
<peetaur2> and I wrote this answer for even if you rm -rf /boot: http://askubuntu.com/questions/117027/cannot-recover-grub-due-to-missing-vmlinuz-and-intrd-img/134278#comment181504_134278
<weeb1e_> peetaur2: Yeah I found instructions online and passed them on
<weeb1e_> I saw the box respond to pings while live booted, but it has not come back up since rebooting
<weeb1e_> So I assume it did not go well
<sdfer> For some reason my laptop just *wont* boot grub after having installed ubuntu. It just keep booting Windows
<sdfer> I've tried with and without secure boot enabled
<pds_corp> hi guys, is there a tutorial regarding on how to renew a certificate for an apache server
<peetaur2> pds_corp: as long as you know where the files are, should be easy...
<peetaur2> pds_corp: the trouble is just finding the files. eg. someone in ##proxmox changed their cert and found that they had to also open a .jar file to replace the one for the VNC client too.
<pds_corp> peetaur2: nope guess staring with .csr file
<peetaur2> to find the old certs, just find the config that points there
<peetaur2> and you also change the key, not just cert
<peetaur2> client needs cert, but server needs key
<jamespage> o/
<gnuoy> o/
<gnuoy> jamespage, I'm looking at a package which has a change log entry that says "Rebuild to drop files installed into /usr/share/pyshared". But deb diff shows nothing relating to /usr/share/pyshared.
<rharper> \o
<rharper> jamespage: last time I sent you some diffs for etc_keeper,  you had some comments on them, but I wasn't what needed done next.
<gnuoy> jamespage, would that be a change in the code tarball then ?
<lutostag> o/
<lutostag> anyone want a autofs debdiff?
<rbasak2> o/
<rbasak2> Sorry I'm late
<coreycb_> o/
<rbasak2> So I have access to not very much, but I can do web, Launchpad and a shell on an Ubuntu system.
<rbasak2> So I can look at stuff as needed I hope, but I have no overlayfs, schroot or sbuild (awkward armhf system running on a vendor non-Ubuntu kernel)
<rbasak2> I will help as much as I can!
<rbasak2> Does anyone have the pad link from last time?
<rbasak2> (no IRC logs here either :(
<jamespage> gnuoy, is it a python package?
<rharper> rbasak2: what was the domain ?
<rbasak2> pad.ubuntu.com
<rbasak2> Like ubuntu-server or something
<lutostag> http://pad.ubuntu.com/server-team-merges
<rbasak2> That's it. Thanks!
<gnuoy> jamespage, no. I have it for pacemaker and moin
<rharper> emelectrictx.com
<rharper> huh
<rharper> lutostag: has it
<jamespage> gnuoy, pacemaker is python
<jamespage> gnuoy, basically prior to droppnig py 2.6 python got installed to /usr/share/pyshared and then symlinked to 2.6 and 2.7 install locations
<jamespage> when 2.6 got dropped things just got installed direct to 2.7
<lutostag> do sponsors here prefer debdiffs or lp branches?
<coreycb_> I wasn't here last fri, do we just pick a pkg at random?
<rbasak2> I prefer debdiffs, but am happy to work with a LP branch
<rbasak2> Though right now I don't have my gpg key to sign uploads :-/
<lutostag> thats ok, doesnt need to go thru right now; but now I'll create a bug
<jamespage> lutostag, I prefer a branch personally
<rbasak2> coreycb_: yes, please pick a package at random. We're managing a list of what people are working on in http://pad.ubuntu.com/server-team-merges to avoid duplicate work.
<jamespage> rharper, can't remember - that was last week!
<rharper> hehe
<rharper> lemme find the pastes
<coreycb_> rbasak2, will diddly do.  if you know of an easy one for a first timer, let me know.
<rharper> Jul 25 11:22:38 <rharper>	jamespage: debian_1.12_to_1.12ubuntu1.debdiff -> http://paste.ubuntu.com/7857095/  ; ubuntu_1.11ubuntu1_to_ubuntu_1.12ubuntu1.debdiff -> http://paste.ubuntu.com/7857097/
<rbasak2> coreycb_: I only just did exim4, and it's been updated in Debian already! I know it's fairly trivial. Probably mostly educational though - we don't need it merged again as a priority, but it might be a good one to start with.
<coreycb_> rbasak2, great thanks, I'll take a look at that
<lutostag> ah so you guys want both debian(new)->ubuntu(new) and ubuntu(old)->ubuntu(new) for debdiffs?
<rbasak2> lutostag: yes, that's what sponsors generally tend to want.
<rbasak2> rbasak2: I never understood that though. I want to see debian(old) -> ubuntu(old) and compare that to debian(new) -> ubuntu(new) personally. But I can generate what I need.
<lutostag> rbasak2: ok, I'll get the first half of it into bug 1351337 then; thanks
<uvirtbot> Launchpad bug 1351337 in autofs "Please merge autofs 5.0.8-1 (main) from Debian unstable (main)" [Undecided,Confirmed] https://launchpad.net/bugs/1351337
<rbasak2> It is pretty awkward when you need sponsoring. I remember it well. Different sponsors tend to want different things. I think sponsors understand this difficulty though, and are generally quite flexible, and I try to be the same.
<lutostag> yeah I figure for next merge I'll do a branch with 2 commits first is debian updates, second is ubuntu fixes
<jamespage> gnuoy, OK _ pacemaker uploaded - I tweaked the changelog a bit
<jamespage> take a look
<gnuoy> thanks
<arrrghhh> Nivex, still nothing official that I can really find on "why" has 14.04.1 not been made available...
<jamespage> rharper, looking now
<rharper> jamespage: sure
<gnuoy> jamespage, where can I see it ?
<jamespage> gnuoy, you should have an email
<rbasak2> arrrghhh: it is available. It's just not automatically being recommended if anything.
<arrrghhh> rbasak2, semantics, but it's not here http://changelogs.ubuntu.com/meta-release-lts
<arrrghhh> I realize I can get a image from the release site... that's not what I'm after :)
<Nivex> https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1344762
<uvirtbot> Launchpad bug 1344762 in update-notifier "update-notifier tells me to upgrade from 12.04.4 LTS to 14.04 LTS (because of HWE), but that release is not found" [Undecided,Confirmed]
<Nivex> rbasak2: ^^
<jamespage> rharper, http://paste.ubuntu.com/7924702/
<jamespage> I'd expect a copy-paste of the previous merge comments
<jamespage> and a validation that they are needed
<jamespage> rharper, also note that if you are the sole change author, no need for [ Ryan Harper ]
<gnuoy> jamespage, I see no email (well I see lots of email but I'm guessing you don't mean the one about the Muppet movie being available on Netflix)
<gnuoy> just got it
<rharper> jamespage: not following the first one -- the only patch applied is the conversion of bzr to git and the tutorial -- I don't really have a justification for that;  that's just what was already done...
<jamespage> rharper, that debdiff I pasted is the full diff, which includes all of the changes in the changelog
<jamespage> rharper, merging is normally just about doing what we did last time and resolving any conflicts or drops
<rharper> jamespage: ok -- so I posted the wrong thing ?  I mean for etc keeper, the merge change just looked to me like we kept the same "use bzr by default" patch between versions
<rharper> jamespage: not sure how to express that in debdiffs
<jamespage> rharper, the debdiff was just fine - but your changelog entry needed updating - that's all I changed
<rharper> oh -- the cut-n-paste of the previous ubuntu patch changelog
<jamespage> rharper, indeed
<jamespage> rharper, that's where I normally start
<jamespage> copy-and-paste and then check each comment
<rharper> gotcha
<rharper> jamespage: so, let me update it and send you new debdiffs?
<rharper> that way I know I got it right this time?
<jamespage> rharper, sure
<jamespage> rharper, redo the process and check against my debdiff
<gnuoy> jamespage, I've thrown Bug #1351331 up as well
<uvirtbot> Launchpad bug 1351331 in moin "Please merge moin 1.9.7-2  (main) from Debian unstable (main)" [Undecided,In progress] https://launchpad.net/bugs/1351331
<rharper> jamespage: thanks!
<coreycb_> rbasak2, so for exim4 the only conflict is that ubuntu has additional patches in debian/patches/series
<coreycb_> rbasak2, which is kind of odd actually b/c I don't see the patches in debian/patches
<gnuoy> jamespage, rbasak2, I think I'll just unassign Bug #1351331 from myself and subscribe ~ubuntu-sponsor . I don't think it's controversial
<uvirtbot> Launchpad bug 1351331 in moin "Please merge moin 1.9.7-2  (main) from Debian unstable (main)" [Undecided,In progress] https://launchpad.net/bugs/1351331
<rharper> jamespage: ok, if my debdiff is the same as yours on the etckeeper (with the email updated as well) -- what's next?  the merge bug and attach the two debdiffs ?
<jamespage> rharper, nah - I'll just upload it
<rharper> jamespage: ok
<qman> I'm having an issue with zfs on ubuntu server, where after a reboot, my pool has devices missing or corrupted. I'm pretty sure that zfs is just loading too quickly and my drives aren't ready, because if I export and import again, it's fine. How can I introduce some boot delay here to try and fix it?
<hallyn> gnuoy: I didn't test-build or anything, but moin debdiff lgtm
<jkyle> anyone have a working example of a working kickstart file for trusty/14.04 with lvm partitioning?
<jkyle> the one I have keeps failing to create the volume groups
<jkyle> or a working preseed expert_string, though the kickstart is way cleaner if I can get it to work
<hallyn> jkyle: I don't, but pls post if you get one :)  we should really have a wiki page for various preseed segments
<hallyn> per-iso, probably
<hallyn> (well, per-iso-style - i.e. netbookt, server iso, desktop iso)
<med_> is zul still in transit?
<zul> no hes trying to recover from being in transit
<jkyle> hallyn: I'm working on one. currently, I've given up on doing anything remotely not vanilla. just trying to get a standard atomic partition going.
<jkyle> it'd be nice if they just ditched current installer and ported over anaconda
<sarnold> histo: ah. perhaps ps is determining what to do whether or not the output is a terminal or not! that'd explain both of our experiences very quickly :)
<LarsN> is there a script/utility that generates preseed configurations based on an existing system?
<hallyn> jkyle: in that case, I'
<hallyn> I'm using http://people.canonical.com/~serge/uquick
<hallyn> gives me standard ubuntu user/password and simple disk layout
<jkyle> LarsN: you can get it going with debconf-get-selections
<jkyle> LarsN: but they rarely work without tweaking and usually include a whole lot of extra, unneeded (or unwanted) options
<jkyle> hallyn: let me try that one, I just want a running system at this point.
<hallyn> jkyle: it's based on kirkland's that he used to ship at uquick.ly or somesuch.  should we create a wiki page wiki.ubuntu.com/preseeds?
<jkyle> hallyn: I think they have some in ubuntu community documentaiton. just need to update with a working. this canned preseed will probably work, I was just hoping ot get it going with a kickstart
<jkyle> hallyn: that preseed stops at language selection
<jkyle> for me
<hallyn> jkyle: the very last time i tried it just ddnt work at all, but not too long ago it was working 100% for me with a server iso
<hallyn> (my machien is hammered right now, can't try atm)
<LarsN> jkyle, hallyn Thanks to both of you
<jkyle> there's a lot to like about debian, but it's installer isn't one. what's frustrating is this has been a trivial process for ages in most distros
<hallyn> jkyle: in principle it should be nice to use;  i don't know why it's so hit-or-miss, and yes it's horribly frustrating :(
<inv3nt0r> I'm attempting to upgrade my Ubuntu 12 server to Ubuntu 14 using the do-release-upgrade method, and getting 404 errors for the 'Upgrade tool signature' and the 'Upgrade tool'
<inv3nt0r> Any thoughts?
<mov_agn_ntrl> i just got here myself a min ago - looks like none here
<mov_agn_ntrl> i just found this inv3nt0r  http://askubuntu.com/questions/65911/how-can-i-fix-a-404-error-when-updating-packages
<mov_agn_ntrl> and this inv3nt0r   http://askubuntu.com/questions/462326/upgrade-ubuntu-server-11-04-signature-error
<inv3nt0r> Thanks
<patdk-wk> why post something about 11.04? that has been unsupported for years
<mov_agn_ntrl> yeah inv3nt0r it's what i thought - you could write a list of your manual upgrades you have done - and then i think you could also make a boot disk with al you r current settings just in case you need to go back to 12 for some reason, but looks lik einstalling a new version of 14 might be your best bet
<mov_agn_ntrl> does this help inv3nt0r https://answers.launchpad.net/ubuntu/+source/update-manager/+question/251853
<inv3nt0r> Crappity.
<mov_agn_ntrl> I found this one - it looks prmiosing, that's all i got inv3nt0r  best of luck  http://www.cyberciti.biz/faq/howto-upgrade-to-ubuntu-14-04-from-ubuntu-13-10-or-12-04/
<mov_agn_ntrl> *pro...
<inv3nt0r> Hmm
<mov_agn_ntrl> anything ring a bell or help you see whats wrong inv3nt0r ?
<inv3nt0r> Well
<inv3nt0r> I'm jhaving mixed results
<mov_agn_ntrl> well best of luck man :)
<mov_agn_ntrl> or woman - idk what kind of inv3nt0r you are :P
 * inv3nt0r = man
<mov_agn_ntrl> same here dude
<inv3nt0r> Haha
<inv3nt0r> Well
<inv3nt0r> Maybe I don't need to upgrade
<inv3nt0r> This server won't be my problem after 5 more work days
<inv3nt0r> I hate to leave something broken behind though...
<inv3nt0r> Right now I cant even apt-get install zip
<inv3nt0r> So
<inv3nt0r> I guess I can do a deb install
<mov_agn_ntrl> you could always do the complete download and install on a partitioned area of disk - so if soehting goes wrong, you can go back? but isnt 12 almost out of service?
<inv3nt0r> It appears that way, thus why I cant even install zip support :)
<mov_agn_ntrl> what is zip support?
<mov_agn_ntrl> the only reason i ever use zip files anymore is to compress a folder and send it by email, but most people that receive it still dont know what to do
<patdk-wk> oh? you can send zip via email without it being rejected? :)
<user123321> What kind of settings might I need to check for HAProxy and Keepalived for reducing the delay in case of an IP fail over?
<andol> user123321: If nothing else the healthchecker interval matters.
 * inv3nt0r gives himself a pat on the back
<user123321> andol, cool.
<inv3nt0r> Looks like zip_3.0-6 is not in the repository, but luckily 3.0-4 was so I installed it via dpkg
<andol> user123321: Well, except that I might have answered the wrong question :) The healthchecker is really about detecting broken backends, no for failing over the actual HA frontend.
<user123321> Aha
<patdk-wk> heh?
<patdk-wk> keepalived can failover the frontend easily
<andol> patdk-wk: Yes, but were refering to the keepalived healthchecker specifially, which might not have been relevant gives user123321's question.
<patdk-wk> well, if he is using haproxy, keepalived shouldn't be checking backends
<patdk-wk> but only the haproxy frontend
<patdk-wk> and failingover based on that
<andol> Another point in favor of my answering the wrong quetsion :)
<user123321> Right now, I have Keepalived1+Haproxy+web server in one VM, and Keepalived2+Haproxy2+web server in another VM. If I fail one VM, my browser waits some seconds.
<patdk-wk> it takes time
<patdk-wk> you have many issues there
<patdk-wk> you have how long it takes for haproxy to detect a bad backend
<patdk-wk> you have the mount of time it takes keepalive to detect a bad haproxy
<patdk-wk> and you have the time it takes for move the ip to the good one
<patdk-wk> and it doesn't sound like you have the time for it takes to enact stonith/fencing
<user123321> Any ideas to reduce?
<patdk-wk> that would require me to learn keepalived, not something I have ever liked
<patdk-wk> I'll stick with corosync
<user123321> Aha
<patdk-wk> but still, no matter what, it will be a few seconds :)
<patdk-wk> at best, likely 2seconds
<inv3nt0r> mov_agn_ntrl: I needed to create a .zip file for a Windows user who would never in a million years figured out how to open a .tar.gz
<patdk-wk> use 7zip :)
<mov_agn_ntrl> oh. .tar.gz? i never heard of it but i would probably get a non-malware program to open in in a few mionutes form a download site like download.com etc
<mov_agn_ntrl> idk though, i just dont zip files anymore
<user123321> patdk-wk, is it really impossible to make it like, 0.1 seconds? I'm thinking like, "just ping and if no response, redirect to the other or something" :p
<inv3nt0r> Believe me, I'd have them use something more advanced but they would eff up, and install scumware from CNET
<patdk-wk> heh? how is that going work?
<patdk-wk> how can you redirect, if it's dead
<patdk-wk> you have to bring the ip up online
<user123321> redirect to the live server.
<patdk-wk> and you have to update the mac caches on everything upstream
<patdk-wk> you can't redirect
<patdk-wk> this is ip, not http
<patdk-wk> there is no redirect
<patdk-wk> how would a dead server redirect?
<user123321> umm I mean, something like redirect :d
<patdk-wk> nothing like a redirect!
<user123321> dead server doesn't do anything, right? So, if the live server could see that the other server is dead, can't it become active quickly?
<patdk-wk> the issue is, detecting if it is dead in .1 second isn't normally trivial
<patdk-wk> and if you ACTIVATE it
<patdk-wk> and the other server is not dead, you have issues
<user123321> if the live server pings the dead server, if the response isn't received within 0.05 seconds?
<user123321> I'm actually thinking about whatever the settings that could do it quickly ;)
<patdk-wk> you really think that *dead server* is never going be overloaded
<patdk-wk> due to like *php* load
<patdk-wk> or a disk going bad
<user123321> I see, so, during the transition period, let's assume, 2 seconds. If, during this time, if 1000 new connections are requested by clients, what would happen?
<user123321> will they get no connection error in any case
<user123321> or just getting response in 2 seconds?
<user123321> let's make it maximum, 1 million etc.
<patdk-wk> it's tcp
<patdk-wk> and it will depend on many things
<user123321> what if both http and tcp
<patdk-wk> likely, it will just wait 2seconds before it connects
<user123321> I see
<patdk-wk> if it was keepalive, they will get a connection reset, and maybe it tries again
<patdk-wk> what od you mean both http and tcp
<patdk-wk> there is only TCP/ip
<patdk-wk> http is not a transit layer protocol
<user123321> Oh I meant, apache etc.
<patdk-wk> user123321, before attempting ANY of this
<patdk-wk> learn about the iso model, and about ip/tcp
<patdk-wk> what does apache have to do with it? that is even LESS than http does
<patdk-wk> and http has NOTHING to do with it
<user123321> umm, there's layer 7 LB.
<patdk-wk> haproxy is a layter 7 lb
<patdk-wk> but we aren't talking about that
<patdk-wk> we are talkg about BEFORE haproxy
<patdk-wk> last I knew, keepalive was not a layer 7 lb
<patdk-wk> or even ANY lb at all
<user123321> that i'm not sure, I thought keepalived just made the 2 LB's highly available.
<patdk-wk> yes
<patdk-wk> and if we are attempting to make the lb high available, how can we do that using a layer 7 lb?
<user123321> regarding apache, during the fail over, my browser says "connecting" and eventually connected.
<patdk-wk> you can't protect something using itself
<patdk-wk> why does apache matter?
<patdk-wk> you -> internet -> isp -> keepalived -> haproxy -> apache
<patdk-wk> if it's broken at the keepalived layer (server died, ip broken, ...)
<patdk-wk> how does apache matter at all?
<user123321> Well I didn't get a connection reset.
<patdk-wk> you sure?
<patdk-wk> that would happen i nthe background
<patdk-wk> and depend on EXACT TIMING
<user123321> yeah, tried many times.
<patdk-wk> if you are already connected to the first server
<patdk-wk> and it dies
<patdk-wk> you failover ip to second one
<patdk-wk> second one will see packet but won't have session state for it, and respond with a reset/denied
<user123321> Oh, the failover while downloading data. I suspect that would reset.
<user123321> btw, any suggestions for haproxy settings that would reduce delay?
<patdk-wk> I don't use haproxy
<patdk-wk> I don't see a need to use to double up like that
<user123321> Ah
<user123321> what do you use?
<patdk-wk> ipvs
<user123321> I see
<user123321> What's the failover delay in your case?
<patdk-wk> around 15seconds
<user123321> ok
<patdk-wk> if the balancer where to die
<patdk-wk> it takes a long time to bring up that many ip addresses
<patdk-wk> if a backend dies? <1second
<user123321> Cool
<patdk-wk> I have only had the balancer die once in 4 years
<user123321> how many balancers you've got?
<patdk-wk> 2
<patdk-wk> one active, one passive
<user123321> Aha
<user123321> patdk-wk, Is it sensible to install servers in the load balancing machine? Is it usually the practice to dedicate a separate computer only for a load balancer?
<patdk-wk> that depends on scale
<patdk-wk> using the same machine, makes it slower to failover
<patdk-wk> but using dedicated onces takes more resources
<user123321> Cool
<user123321> patdk-wk, what's your suggestion for load balancing and making highly available between, let's say, only 2 servers? Should I get 2 separate LB's or..?
<user123321> What would be my options?
<flubby_nanabo> So, If I wanna run a script on startup, but it's supposed to run only once, and exit, should I put it on rc.local, or make it a service on /etc/init (or init.d)?
<sarnold> flubby_nanabo: I'd do an upstart service, might as well make it integrate easily with the other tools. cron's @reboot might be handy if it is a user-script instead of system-script
<Patrickdk> sarnold, please :)
<Patrickdk> at this point, I wouldn't recommend upstart anymore, but systemd
<Patrickdk> considering upstart is being removed
<sarnold> Patrickdk: except he isn't running systemd today, and he isn't running systemd tomorrow.
 * Patrickdk still needs to redo his
<Patrickdk> well then :)
<Patrickdk> if he has 14.04 he could be running systemd today
<sarnold> Patrickdk: maybe if he upgrades to 14.10 and if pitti goes bonkers, -maybe-....
<rberg_> this is how I do a first boot scrip in rc.local http://paste.ubuntu.com/7927450/
<flubby_nanabo> I do have 14.04, but I am using the ubuntu-upstart docker image, so, I guess I'm sort of stuck with upstart for now
<Patrickdk> :)
<flubby_nanabo> Patrickdk, upstart is being deprecated? I thought it was the new shinny thing ...
<Patrickdk> I just hate to write something, that I will have to rewrite
<Patrickdk> itwas, back in 12.04?
<Patrickdk> but debian went systemd, and ubuntu opted to not fight it
<flubby_nanabo> Patrickdk, I need a docker image with a init system that the puppetlabs-mysql puppet module understands, and the ubuntu-upstart was the only one I could find, so, I don't see myself rewriting it any time soon
<Patrickdk> :)
<Patrickdk> odd
<Patrickdk> actually, you should be able to in a few months
<Patrickdk> with rhel7 out, using systemd
<Patrickdk> and debian too
<Patrickdk> that should be around soon
<Patrickdk> no worries though
<flubby_nanabo> Patrickdk, I'm not planning on ditching ubuntu, with works pretty well, and I don't have experience with rpm distros.
<flubby_nanabo> *it owrks
<flubby_nanabo> *it works
<flubby_nanabo> damn fingers!
<Patrickdk> I mean, the pupplet-mysql-for-systemd should be out soon
<flubby_nanabo> Patrickdk, Oh, that.
<flubby_nanabo> I should probably take a look at the code, see if there's any changes in some new release
<flubby_nanabo> IIRC, last time I checked it just either used upstart, or just failed when starting the services
<bilde2910> Hello! I have a laptop with Ubuntu 14.04 server, as the main server for my website. Earlier today, the server got disconnected, seemingly without reason. I tried restarting the machine, but the network does not go up. Running ifconfig only shows loopback interface lo, `sudo lshw -C network' lists the interface em1 (the ethernet interface) as "*-network DISABLED". Card is an RTL8101E/RTL8102E PCI Express Fast Ethernet
<bilde2910> Controller". Any help resolving this? I need to get the machine online as fast as possible because thousands of users of my web services are unable to connect to the website
<bilde2910> I furthermore tried to sudo dhclient em1, which brought the interface up with DHCP. It gives the wrong IP, therefore breaking port forwarding rules. sudo /etc/init.d/networking restart doesn't output anything, `sudo ifdown em0 && sudo ifup em1' gives errors: "ifdown: interface em1 not configured", "RTNETLINK answers: File exists" and "Failed to bring up em1".
<markthomas> Does anyone know if it's possible to configure network bonding via preseed?
<zartoosh> hi I am using ubuntu 14.04. I keep observing this in my /var/log/messages init: upstart-file-bridge main process ended, respawning
<jaawerth> zartoosh: does it coincide with wifi connectivity problems by any chance?
<jaawerth> zartoosh: if so, this may be relevant http://askubuntu.com/questions/259530/why-does-my-wifi-internet-intermittently-disappear
#ubuntu-server 2014-08-02
<zartoosh> jaawerth we have no wifi on our system.
<fridaynext> when i do 'df -h /media/raid', it shows 5.5T size, even though it should be 6T.  But fdisk -l shows 6000GB.  Any ideas why this would happen?
<sarnold> 6000000000000 / (1024 * 1024 * 1024)
<sarnold> 5587.93544769287109375000
<fridaynext> sarnold: ah man, now i feel like an idiot
<fridaynext> sarnold: thank you
<sarnold> fridaynext: just so long as you've got the right order of magnitude, everything else seems to just take care of itself :)
<BSODInTheSky> I got banned from the normal one for having to go to the bathroom
<BSODInTheSky> No one is talking. Goodbye!
<Abhijit> is it possible to do sample.mysite.com/A/ to first vps and sample.mysite.com/B/ to another vps?
<ikonia> arpu: sure
<ikonia> ops
<ikonia> Abhijit: sure
<Abhijit> :-)
<lordievader> Good morning.
<psih0man> hello! I have a problem with fsck.ext3 on a large partition (12T): after running for a while, the system sent the process SIGSTOP. the system has 48 GB RAM, of which the fsck process created 32 GB of buffers. SIGCONT does not resume execution. how can one go about checking such a large partition? is it safe to kill the fsck process?
<bekks> The system shouldnt send SIGSTOP to the fsck. Did you run out of memory?
<psih0man> no I didn't. there are about 7 GB free
<psih0man> the systems is running on ubuntu 14.04
<psih0man> here is the ps output: root      1848 22.2  0.4 262256 243328 pts/3   T    12:11  10:29 fsck.ext3 /dev/mapper/36a4badb0003f2dba000007ed4c6c164d-part1
<psih0man> no one else is using the system and no other daemons are running
<rbasak> psih0man: are you running it in the background somehow?
<rbasak> psih0man: if so, are you sure that it hasn't just stopped because it's prompting the console?
<psih0man> rbasak: you're correct. I just noticed that it displayed a Fix<y>? prompt while running in background
<psih0man> now I need to figure out how to send the resposes
<psih0man> I will bring it into the foreground
<psih0man> thank you for help!
<rbasak> No problem
<smaboshe> Hello!
<smaboshe> I'm having trouble running "sudo do-release-upgrade". Is the "en_ZM" locale not supported for Ubuntu 14.04 LTS? - https://gist.github.com/smaboshe/d51b102d8a678e0b98e2
<sync0pate> halp! I'm locked out of my VPS :( can anyone help me figure out why? http://paste.ubuntu.com/7933466/
<sync0pate> getting that from ssh -v
<sync0pate> it happened after the hosting company did some "maintenance" and a reboot
<sync0pate> nobody awake in here?
<lordievader> sync0pate: Not a reboot proof vps?
<sync0pate> obviously not lordievader
<sync0pate> and the control panel doesn't let me so much as reboot it myself
<sync0pate> I can upgrade it, or open a support ticket
<lordievader> sync0pate: Then there is nothing you can do remotely without some kind of kvm support or something.
<sync0pate> well
<sync0pate> I've already opened a support ticket, but do you have any idea what could be causing it?
<sync0pate> for when I finally get in
<lordievader> Without any info it could be a million things.
<sync0pate> any info?
<sync0pate> any idea where I should start looking?
<sync0pate> also I'm moving away from this host the second I can get in.
<sync0pate> because fuck em
<sync0pate> never have these problems with my other one
<lordievader> sync0pate: Please watch your language.
<lordievader> sync0pate: Start with the logs.
<sync0pate> oh apologies, I didn't know there was no swearing in here
<sync0pate> auth.log?
<lordievader> sync0pate: All Ubuntu channels are family friendly.
<sync0pate> kk
<lordievader> sync0pate: That would be a start. In the best case it is a permission issue.
<sync0pate> I'm just pretty sure there's been no changes to anything
<sync0pate> I'm the only one who accesses it, apart from the hosting company
<sync0pate> so they must have changed something
<sync0pate> because I haven't touched it
<lordievader> sync0pate: I'm not saying that that is the problem so don't jump to conclusions and blame someone before you have proof.
<sync0pate> no absolutely, but I can't imagine how else it could've happened
<sync0pate> I'm just rather annoyed at their awful service
<jak2000> hi all why cant do a ifup eth0?   anyone can see:
<jak2000> http://pastie.org/9439533
<bekks> jak2000: Because eth0 is already up.
<TJ-> jak2000: because you have a syntax error in 'interfaces'
<jak2000> http://www.techienote.com/2012/04/how-to-configure-network-ubuntu-12-04.html
<jak2000> wich is the erro TJ-?
<TJ-> jak2000: "man resolvconf" is your clue
<SierraAR> Any ideas why running do-release-update on 12.04.4 is telling me there are no releases? I was told I'd be able to run the update once 14.04.1 was out
<TJ-> SierraAR: Yes, we've just answered that question in #ubuntu :)
<SierraAR> It wouldnt be in my backlogs :P
<TJ-> SierraAR: We are waiting for http://changelogs.ubuntu.com/meta-release-lts to have Trusty added. If you have precise-proposed enabled on 12.04, you should have an updated update-manager-core, and can do "do-release-upgrade --proposed"
<jak2000> hi all, TJ- tell me i have a problem in interfaces file anyone can tell me where?
<jak2000> http://pastie.org/9439533 thanks
<PryMar56> jak2000, auto eth0
<jak2000> remove these line?
<jak2000> ok
<klep> does anyone know why when pxe booting ubuntu 12.04 over network to ubuntu archives (I'm using MAAS) that the pxe process hangs on a purple screen and pegs the CPU for a matter of 10+ minutes before continuing?
<jak2000> changing auto lo for auto eth0
<bekks> No, fix it to "auto eth0 static"
<bekks> Ah, THAT line you are talking about :)
<jak2000> ok changed: auto lo to auto eth0
<jak2000> sudo ifup eth0
<jak2000> RTNETLINK answers: File exists
<jak2000> Failed to bring up eth0.
<jak2000> any advice?
<klep> ifdown eth0
<jak2000> ifdown: interface eth0 not configured
<jak2000> $ sudo ifdown eth0
<klep> sudo ifconfig eth0 down ;sudo dhclient eth0
<klep> what's your interfaces file read like?
<klep> auto eth0 dhcp
<jak2000> in /etc/network/interfaces right?
<jak2000> sudo ifconfig eth0 down ;sudo dhclient eth0
<klep> yea
<jak2000> but not apply i am wait and wait
<jak2000> break?
<klep> do you have a dhcp server?
<klep> somewhere handing out ips?
<jak2000> not
<klep> ok then control C
<jak2000> i have statics ips
<klep> what IP address do you want to give it?
<jak2000> 192.168.0.88/24 and gw=192.168.0.54
<klep> sudo ifconfig eth0 192.168.0.88 255.255.255.0 up; route add default gw 192.168.0.54
<klep> make sure you add sudo before the word route there too
<jak2000> SIOCSIFADDR: Invalid argument
<klep> what does ifconfig -a say ?
<klep> sudo ifconfig -a
<klep> well looks like ifdown works
<fridaynext> this is my /etc/exports, and I can connect to my NFS shares, but I can't write to them. Can anyone see any settings I have that are blatantly wrong? http://pastebin.com/raw.php?i=0s8FnRQM
<Patrickdk> and what does mount show?
<fridaynext> Patrickdk: well I'm trying to access from OSX.
<fridaynext> Do you mean mount on the server?
<Patrickdk> are you sure your using nfs v3?
<fridaynext> webmin says I am.
<Patrickdk> webmin?
<fridaynext> (I set up the shares without webmin)
<Patrickdk> your running webmin on osx?
<fridaynext> No, running webmin on Ubuntu Server 14.04.1 on a standalone NAS I built
<Patrickdk> I didn't ask what you where doing on ubuntu
<Patrickdk> what is OSX using?
<Patrickdk> nfs 3? nfs2? nfs4?
<Patrickdk> oviously your attempting nfs3 on ubuntu
<fridaynext> Oh I don't know what nfs OSX is using. I'll trying and research how to find that out.
<Patrickdk> why I said, what does MOUNT say
<Patrickdk> dunno why you have to research it
<fridaynext> I asked if you meant mount on the server at 16:22. I'll check that now.
<Patrickdk> mount on the server?
<Patrickdk> why would you mount your nfs on the server?
<fridaynext> This is mount on OSX http://pastebin.com/raw.php?i=iznnhgYG
<fridaynext> Show's they're all mounted.
<fridaynext> but I'm setting version 3 on my ubuntu server, so I'll switch it to v4 and see if that works on OSX
<Patrickdk> nfs4 is harder to setup
<Patrickdk> odd, it doesn't say what version
<Patrickdk> wait
<fridaynext> a basic google search doesn't tell me what version it is either
<Patrickdk> mounted by caseyfriday
<Patrickdk> are you sure your permissions are right?
<fridaynext> unforutantely, that's my username on both the server and the client, so I don't know which it's using
<Patrickdk> the same UID on macos has write permissions on the ubuntu nfs folders?
<Patrickdk> username doesn't matter, USERID does
<Patrickdk> with nfs4, username + userid both matter
<fridaynext> how do i check my uid?
<Patrickdk> getent passwd | grep caseyfriday
<guntbert> fridaynext:    id
<Patrickdk> guess that works too :)
<Patrickdk> I hardly ever lookup my own id
<fridaynext> well the uid's are different on each machine (obviously?)
<Patrickdk> well, then user permissions won't be enough
<Patrickdk> you would have to use group permissions, with a common group id, or everyone permissions
<Patrickdk> to be able to write
<fridaynext> i have ownership set to nobody:nogroup, so how would I change the group to whatever a connected client is?
<Patrickdk> first on the unix side
<Patrickdk> try setting it to like, chmod a+rwx on one of those folders
<Patrickdk> and see if that fixed the issue
<Patrickdk> if no one else will be mounting these nfs folders, that is *secure enough*
<fridaynext> http://pastebin.com/raw.php?i=TYeSnAeD
<Patrickdk> if not, then we can fix it, after we know that corrects it
<fridaynext> are those permissions wrong?
<Patrickdk> yep, only nobody has write permissions :)
<fridaynext> ah
<Patrickdk> depends on what you want :)
<Patrickdk> in your case, yep, wrong
<fridaynext> i want to be able to write to some of the folders
<fridaynext> well, all of them actually
<Patrickdk> if you only want the osx system to use it
<Patrickdk> just make it writable by the osx userid
<fridaynext> ah, my osx user id.
<Patrickdk> if you also want it writable on the ubuntu side too, alittle harder
<fridaynext> how about just both?
<fridaynext> is that a+rwx?
<Patrickdk> then your stuck making a common user id on both, common group id on both, or everyone permissions
<Patrickdk> a+rwx is everyone can write
<fridaynext> sounds like that's what i want.
<Patrickdk> or rather, everyone can read,write,execute/list-dir
<fridaynext> it's all within a local network
<Patrickdk> that is only marginal
<Patrickdk> it's more if your osx had multible users
<fridaynext> well, how do i add write permissions for my OSX uid?
<Patrickdk> chown uid folder
<Patrickdk> where uid is your osx userid
<fridayne_> crappy internet connection. sorry.
<Patrickdk> chown uid folder
<Patrickdk> where uid is your osx userid
<fridayne_> and then I can't write to that folder within ubuntu? or I could change the group, then add the different apps I want to write to it to that group?
<Patrickdk> yes
<fridayne_> so much work to make it work the way i want it.
<Patrickdk> but you need to create that group with the same groupid on both ubuntu and osx
<fridayne_> well on osx, 20 is the 'staff' group id
<fridayne_> so I could just use that
<fridaynext> http://pastebin.com/raw.php?i=aj6wNTmX
<Patrickdk> works?
<Patrickdk> might be using nfs4
<Patrickdk> wonder what the option is in osx
<Patrickdk> likely vers=3
<Patrickdk> to mount it using v3
<fridaynext> doesn't work
<fridaynext> so if i just change the setting to v4 in the ubuntu server, that'll create more complications?
<Patrickdk> v4 is nice, and secure, and adds a lot of stuff :)
<Patrickdk> setting up kerberos, making userid and names match, ...
<fridaynext> is that where the writers in mass effect got the idea for 'cerberus'?
<Patrickdk> heh?
<fridaynext> so kerberos between ubuntu and osx will likely be difficult?
<Patrickdk> dunno
<fridaynext> someone in the #macosx room says 10.9 runs nfs v3
<fridaynext> so the versions should match.
<Patrickdk> I know it does
<Patrickdk> but I'm pretty sure it also runs nfs4
<Patrickdk> the question is what does it run by default :)
<fridaynext> i was also just able to connect via NFS4...
<fridaynext> but i still can't write to the shares
<Patrickdk> sorry, I don't do osx, and out of ideas, mainly cause I'm busy doing other things
<fridaynext> i finally got it to work. sort of
<fridaynext> i changed the owner to my osx uid
<fridaynext> i'll just work with group id's within the ubuntu box
<fridaynext> so my question is, it says I only have 14GB available within the share
<Patrickdk> ah, so group wasn't working over nfs
<fridaynext> I thought shares were just as big as they get?
<fridaynext> no, group wasn't working
<Patrickdk> share? what is a share?
<fridaynext> an nfs share
<Patrickdk> it's not a share :)
<fridaynext> like, I'm sharing a folder from my Ubuntu box, so why would it say I don't have enough space?
<Patrickdk> heh?
<fridaynext> what is it?
<fridaynext> if it's not a share?
<Patrickdk> it should be the same on both
<Patrickdk> an nfs mount
<fridaynext> okay
<Patrickdk> it's a shared filesystem
<fridaynext> so it's a folder, sitting on an empty RAID5 array with 5.5TB usable space.
<fridaynext> I'm wondering why it says I only have 14GB availabe...
<Patrickdk> and what does ubuntu, df -h, show?
<fridaynext> that it's not even in there. :)
<fridaynext> so my raid array must not be mounted, or something
<fridaynext> ah, my raid array switched from being md0 to being md127.  wtf.
<Patrickdk> never use names
<Patrickdk> use UUID
<Patrickdk> use, blkid to find it
<fridaynext> that didn't return anything (when i typed 'blkid /dev/md127')
<Patrickdk> why did you put /dev/md127 on it?
<Patrickdk> just, blkid
<fridaynext> so in /etc/fstab, i should not have /dev/mdX?
<Patrickdk> no
<fridaynext> blkid returns nothign as well
<Patrickdk> heh?
<fridaynext> i need to find the UUID of my raid array, so I don't have to use /dev/md127 in /etc/fstab, correct?
<Patrickdk> that would be best
<Patrickdk> then it can move all it wants
<Patrickdk> but I don't understand why blkid wouldn't see it
<fridaynext> and i tried using blkid - but that command returned nothing.
<Patrickdk> it should always
<fridaynext> it's not currently mounted - is that why?
<fridaynext> ah, found the UUID
<fridaynext> mdadm --detail /dev/md127
<fridaynext> is it okay for the UUID to have colons in it?
<Patrickdk> if it does, it's not a uuid
<Patrickdk> what does mdadm actually output for that?
<fridaynext> http://pastebin.com/raw.php?i=AqcZzh6a
<Patrickdk> wrong uuid
<Patrickdk> that is the raid uuid
<Patrickdk> not the filesystem
<fridaynext> i thought that's waht I wanted, to tell /etc/fstab what to mount at boot up
<Patrickdk> fstab doesn't mount raids
<Patrickdk> it mounts filesystems
<fridaynext> so how do i get the UUID of the filesystem that resides on the RAID array that I want to mount at boot up? (besides blkid, since that's reporting nothing)
<Patrickdk> like, this is mine
<Patrickdk> UUID=53681bc0-51fc-487d-b7cd-8639a9e6e5c3 /home		ext4	noatime	0 2
<Patrickdk> and from, blkid it says
<Patrickdk> /dev/md1: UUID="53681bc0-51fc-487d-b7cd-8639a9e6e5c3" TYPE="ext4"
<fridaynext> I formatted the RAID xfs - does blkid work with that FS?
<Patrickdk> and from mdadm --detail, UUID : 72233391:2532ba80:a494839d:76063f0b
<Patrickdk> it should, I would think
<fridaynext> this is so frustrating
<Patrickdk> http://mindref.blogspot.com/2010/11/linux-partition-uuid.html
<fridaynext> THERE it is.
<z1haze> hello, I'm just trying to find some information on I would setup vm's on my dedicated server so i cant assign them to people?
<fridaynext> now I wonder if I'll survive a reboot.
<z1haze> I dont know a great deal about it so anyone who might be patient to try to help id appreciate it
<fridaynext> z1haze: I set up a Windows 7 vm using KVM on my Ubuntu 12.04.1 LTS server, so I know it can be done, but I definitely just followed tutorials online - don't remember how to do it.
<fridaynext> Patrickdk: I'm mounted! df -h now shows /media/raid with 5.5T usable space.
<fridaynext> It did delete all the folders I already created, but there weren't many, so nbd.
<Patrickdk> unmount it
<Patrickdk> move that /media/raid somewhere else
<Patrickdk> mount it, then copy it back
<fridaynext> ? why?
<fridaynext> Oh, to preserve the folders. I already created them all again.
<Patrickdk> to keep it clean, and no need to redo it
<Patrickdk> well, unmount it and delete the old ones atleast
<Patrickdk> so you don't get confused
<Patrickdk> if it doesn't mount
<fridaynext> i can't even force unmount it at the moment...
<Patrickdk> ya, have to take down nfs first
<fridaynext> still says resource busy
<fridaynext> not sure what this means http://pastebin.com/raw.php?i=CVdFdwPP
<fridaynext> but perhaps that's why i can't unmount
<z1haze> hmm
<fridayne_> i am finally copying data over
<fridayne_> looks like it's going at about 80-90MB/s, which is about the max speed I'd expect from WD Reds, so I'm pretty sure I'm getting max transfer speed over this wired connection!
#ubuntu-server 2014-08-03
<z1haze> where does one go to get help with a ubuntu-server? im apparently in the wrong place
<lifeless> z1haze: here, or stack overflow
<z1haze> i get no help here
<lifeless> z1haze: whats your question?
<z1haze> im trying to setup virtualization on a dedicated server
<z1haze> but i dont really know how
<z1haze> ive been following the tutorial but a much im not sure about
<rbasak> z1haze: maybe try the server guide? https://help.ubuntu.com/14.04/serverguide/cloud-images-and-uvtool.html has some steps.
<rbasak> z1haze: but you'll still need to sort out networking to those VMs if you want your users to have access externally.
<z1haze> i was following the tutorial for linux-kvm
<rbasak> There are a number of different ways of setting up VMs.
<z1haze> im following this tutorial: http://www.howtoforge.com/virtualization-with-kvm-on-ubuntu-12.04-lts
<z1haze> im down to the reboot step now its currently restarting
<z1haze> can someone plz help me with that? creating an image-based vm
<z1haze> can someone please tell me what is a good size for partitioning a vps?
<z1haze> like for root/ swap, and /var?
<lifeless> depends on your worklaod
<lifeless> I wouldn't make it less than 1G
<maxb> I'd question whether you actually derive any benefit from a separate /var too, but again that's dependent on your use cases
<z1haze> when using the vm builder, the --cpus flag is that for how many cores you wanna let the vm use?
<z1haze> like is my cpu has 6 cores i say 6?
<z1haze> crap, i messed up somewhere, something about the root user already exists?
<z1haze> when setting up a vm the --user isnt that the default login for the vm?
<z1haze> isnt that typically root?
<chronos> hello folks. someone know a packaged version of supervisor 3.1 for ubuntu (precise if possible)
<chronos> ?
<buriedalive> howto install supervisor chronos?
<buriedalive> as like that > pip install supervisor
<chronos> buriedalive: I was wanting for init scripts actually
<chronos> find it in github
<buriedalive> maybe see in conf file?
<buriedalive> version
<buriedalive> or supervisor --version
<phunyguy> hey folks... got a weird thing going on with my new libvirt setup and ubuntu machines... seems to be a race condition between dhclient and nfs trying to mount shares before the interface has an IP, causing the system to get confused.   This happens in 14.04 and 12.04.
<phunyguy> any ideas?
<Pinchiukas> Can anybody explain to me why ubuntu-server base installation is several times larger than Debian?
<SierraAR> Just realised I sent this in the wrong channel before.. Oops
<SierraAR> So I'm having an odd issue with my ubuntu server 12.04. When I SSH into it, I'm just sitting at this screen, without any ability to send any commans to the server. I know the ssh connection is up and working, as SSH tunneling is functioning normally: http://bts.sierrabrown.me/ubuntuserverssh.png
<SierraAR> The last thing I did before this issue came up was run 'exit' from a tmux to return to ubuntu proper instead of using a tmux window
<SierraAR> Oh, hey it suddenly worked and I'm back in a shell, after sitting for ~10 minutes. Any ideas what could have caused that?
<riz0n> Hello, I have Ubuntu 12.04 Server LTS running on my server. I want to upgrade to 14.04.1 Server LTS. When I enter "do-release-upgrade" from the console, it tells me there is "No release found" ... how can I upgrade my server to 14.04.1?
<SierraAR> riz0n: This was given to me earlier when I asked the same thing: [11:24] <TJ->  SierraAR: We are waiting for http://changelogs.ubuntu.com/meta-release-lts to have Trusty added. If you have precise-proposed enabled on 12.04, you should have an updated update-manager-core, and can do "do-release-upgrade --proposed"
<SierraAR> I didn't get a chance to ask anything more about it, though
<riz0n> Dang.
<riz0n> I know they have released two new versions of the update-manager-core, I assumed so we could do the update, but nothing :(
<riz0n> I would be willing to enable the "precise-proposed" to update to 14.04.1, then disable it once done (as long as I know for sure that's what it would update to)
<riz0n> I'm only "in town" where my server is at on weekends, and would love to go ahead and knock it out of the way (don't really want to update on the road just in case SHTF i can physically access the machine)
<riz0n> and would love to do it tonight so that the machine is not down during daylight peak hours.
<mickkie> Hi All, I'm trying to upgrade from LTS 12.04.4 to the latest 14.04.1, but all I get when running 'sudo do-release-upgrade' is: "No new release found".  There's no ppa repos listed in /etc/apt/sources.list.d/, or anywhere else that I can see.
<kklimonda> I think it hasn't yet been enabled
<mickkie> Thanks kklimonda, I'll try again in a week's time.
<Glyndwr1974> Anyone awake?
<Glyndwr1974> Help!! Made a silly mistake and removed mdadm package on server with only raid arrays running, cant boot for obvious reasons :|
<Glyndwr1974> How can I put it back?
<Glyndwr1974> My first thought was to use the ubuntu installer on usb, chroot to the installed os then apt-get install it back, cant seem to do that as the shells on the usb installer wont let me
<Glyndwr1974> I would start again but I've got over 2TB of data on there I dont have a copy of.
<Glyndwr1974> Yeah..... I found a shell and managed it now, thanks for all the many varied responses to my request for help.
<Glyndwr1974> </sarcasm>
<samba35> Errors were encountered while processing: (on next line)----  /var/cache/apt/archives/mcollective-service-common_3.1.3-1puppetlabs1_all.deb
<samba35> E: Sub-process /usr/bin/dpkg returned an error code (1) i am getting this error with puppet ,
<samba35> if i want to default installed puppet repo with priority what i should do
<Patrickdk> that doesn't even look like a ubuntu package
<samba35> i did i repo from puppet labs for puppet while ,ubuntu own puppet package are still there
<Patrickdk> but that is NOT a ubuntu package
<Patrickdk> you will have to ask the people that make it, why it's broken
<samba35> ok
<lutchy> Well
<lutchy> I got ban from #ubuntu
<lutchy> #ubuntu-offtopic
<lutchy> I wonder why I am not ban from this room too
<lutchy> Well, I am going to take note the people who actually ban me
<lutchy> Everything I continue to be ban, I would add a 1 too the same people who ban me again
<lutchy> So, I going am going to make it statisical
<Nivex> I'm gonna go out on a limb and say you haven't read/signed the Ubuntu Code of Conduct then.
<lutchy> I will compare my statistics to Code of Conduct
<lutchy> I am going to make a formal report
<Nivex> have fun with that
<lutchy> LOL, that's funny
<zartoosh> hi is there a control mechanism such that "apt-get upgrade" does not upgrade certain packages, for example I do not want to install the newer version than already installed on my system? thx
<lutchy> Nivex, we see how that works in the end right
<lutchy> For now... I don't think this forum is helpful for me
<lutchy> I will be back.. stronger..
<kklimonda> zartoosh: google apt pinning
<zartoosh> kklimonda, thanks
<samba35> i am trying to boot guest os autoboot right after my os boot but is it possible to  wait for some time guest to start (i have 2 guest on host ) i want after some interval guest should start
<Nivex> arrrghhh: so, bets on whether they get the upgrade path ready before the HWE expiration on the 7th?
<z1haze> can someone please tell me how i would change the ip of an existing vm? i created it with vmbuilder
<z1haze> please, i cant figure out how to modify an existing vm, such as the ip or allocated memory
<z1haze> is it not possible to edit the ip of a vm? why won't anyone give me a hint? :(
<andol> z1haze: /etc/network/interfaces
<z1haze> what about that?
<andol> Well, you asked for a hint :)
<z1haze> oh alright
<z1haze> well i know I've modified that file yestyerday when i setup the bridge
<andol> Meant inside the vm.
<z1haze> but im talking about like.. when i ran vmbuilder kvm ubuntu --suite=precise --flavour=virtual --arch=amd64 .... etc
<z1haze> i used the wrong ip=
<z1haze> isnt there like a modify command or a file I can edit to change the ip for it?
<z1haze> :(
<mrnobody> Hi! I'm having issues installing GRUB for Ubuntu server 14.04. I use the guided, use entire disk, but no /boot is created from what I can tell
<mrnobody> It exists with error code 1.
<mrnobody> I used software raid before I decided to reinstall and only use one disk. Is this cause for my problems?
<bencc> When I'm trying to login with SSH to my server it asks me for a password instead of using key file
<bencc> how can I fix it?
<sync0pate> anyone have opinions on digitalocean?
<kklimonda> sync0pate: it's good enough if you are paying for the cheapest option
<sync0pate> kklimonda, what am I missing out on by not paying more?
<kklimonda> sync0pate: nothing - you'll get less cpu, ram, storage, transfer, and you'll be located with a higher number of oher VMs on the same host server
<kklimonda> sync0pate: what I meant by that, is that for $10 you can buy the cheapest linode
<sync0pate> OK, so I guess it's good enough until and unless we notice performance problems?
<kklimonda> and I've always found linode to be better, but more expensive, than DO
<kklimonda> yeah
<sync0pate> ok, sounds ideal then, got a client who is launching a new site
<sync0pate> so users are going to be starting at zero
<sync0pate> plus digitalocean have uk located servers now, which I like
<kklimonda> ah yes, they do
<kklimonda> although, if you are planning on spending $10/month I'd also take a look at linode
<kklimonda> if you are looking for a $5/mo option though, then DO is probably the safest bet right now
<kklimonda> I haven't really had any problems with them for a long time
<sync0pate> well, personally I think their features look nice, they're uk-located (which is quite important)
<sync0pate> and they're dirt cheap
<sync0pate> so yeah, seems ok for now, could always switch over to linode if it starts getting slow
<sync0pate> working with servint at the moment who I am not happy with at all
<sync0pate> oh, it says linode have uk location now too..
<sync0pate> wow ok.. i checked very recently and neither of them had it.. and now they both do
<Nizumzen> sync0pate: linode have had a UK datacentre for years
<sync0pate> weird.. I checked them this year
<Nizumzen> sync0pate: had it since at least 2012
<sync0pate> don't know how I could've missed it
<arrrghhh> Nivex, lol.  sorry, I need to fix my /away situation.  quite often it does not properly show me /away
<arrrghhh> but as for your bet... I'm thinking we're both going to bet the same way, which wouldn't be much of a bet :D
<Nivex> heh. I figure they'll pull it out at the last second and we'll have to scramble to upgrade
<Nivex> I may also just give up and run the -proposed upgrader
<zartoosh> Hi using apt-get install <pkgname> , sometimes I get conflict with existing file and I am prompted to what to do. What I like is  apt-get install the maintainer's package and do not prompt me, --force-yes -y does not do it? thx
<arrrghhh> Nivex, if you're concerned about the HWE thing just upgrade your kernel only to trusty
<arrrghhh> that's what I did, although I wasn't on any HWE setup so I could've just stayed on 3.2
<Nivex> oh I want to upgrade the whole distro. There are apps I've been wanting
<arrrghhh> ditto
<arrrghhh> but if you're concerned about HWE, you can resolve at least that bit ;)
<Nivex> I'm mostly curious what the hold up is at this point. I've asked in three IRC channels and Twitter and am still no nearer an answe.r
<arrrghhh> zartoosh, maybe with -o and some option...?  I'm not sure, sounds dangerous.
<arrrghhh> Nivex, bummer.  I'm curious as well.  You said there was some hangout this week for the engineering team ?
<Nivex> yep: http://ubuntuonair.com/calendar/
<arrrghhh> oh interesting.  thx
#ubuntu-server 2015-07-27
<a1fa> has anybody noticed random high ports being open (or at least randomly responding) with no tcp listeners?
<a1fa> $ nmap localhost -p 0-65535
<a1fa> 40424/tcp open  unknown
<a1fa> 41820/tcp open  unknown
<a1fa> ...
<a1fa> 59865/tcp open  unknown
<a1fa> goofy... whatever is causing it (tested on fresh build/air gap)
<a1fa> and it only happens if a non priviledged user does a port scan
<a1fa> can anyone else confirm the same behaviour? as a non root user run nmap localhost -p 0-65535
<a1fa> several times in a row
<teward> a1fa: any specific OS you want tested, or just any Ubuntu?
<a1fa> 15.04 or 14.04
<a1fa> 14.04.02
<a1fa> and 15.04 with 3.19.0-24-generic
<teward> stupid question but
<teward> you wouldn't happen to have dhcp on your network would you?
<teward> (dhclient might be listening on random high ports for DHCP changes and such)
<a1fa> i do
<teward> i can replicate the behavior on wily, but only insomuchas there's only one open port
<teward> a random high tcp port on my side
<teward> and only one
<teward> multiple UDP ports are 'listened' on by dhclient
<a1fa> odd
<teward> and i just saw one with a few high number random TCP ports open
<teward> but the next scan they're gone
<a1fa> it only happens with non-root user
<teward> which makes me think they're destructible connections - since high ports are usually used for client-initiated TCP
<teward> and nmap needs those too iirc
<a1fa> i did see S/Ack on tcpdump
<a1fa> so forwhatever reason, something answered, followed by RST
<a1fa> just tested the same thing on a chromebook, same behaviour
<teward> lemme start up my CentOS box
<teward> and see if it's replicated there too
<teward> my guess is it's standard stuff happening
<patdk-lap> doesn't happen for me at all, on 14.04.2
<patdk-lap> you didn't happen to *run out* of available ports did you?
<teward> i'll spin up my ubuntu server vm to test in a moment
<patdk-lap> cycling through them too fast, in time-wait
<patdk-lap> hmm, atleast with *that* nmap command, they aren't going to time-wait, cause they aren't full tcp session test
<a1fa> patdk-lap: thats what i was thinking.. but i saw a s/ack
<patdk-lap> could be hundreds of reasons
<patdk-lap> depending on what you have installed
<a1fa> base
<patdk-lap> I know I only install minimal-installs so
<patdk-lap> don't know what base is
<a1fa> basically nothing besides what comes on a default install
<patdk-lap> ya, I never install that *much*
<a1fa> the odd thing is, its doing it on the chromebook too
<a1fa> running chromeos+14.04.02
<patdk-lap> about 30, nmap runs now
<patdk-lap> and always the same 3 ports, of stuff I have running
<patdk-lap> ssh/http/munin
<teward> dhclient gets involved a little at some point
<a1fa> running as non root user, right?
<teward> centos can't replicate this
<patdk-lap> oh non root? that will ahve other things
<a1fa> what kernel version teward
<teward> a1fa: for...?
<a1fa> centos
<teward> centos?  you're 30 seconds slow i already powered off the VM
<a1fa> :P
<teward> i'll tell you after i test on my Trusty VM
<a1fa> k
<patdk-lap> ok, as non-root
<patdk-lap> it happens, and also happens on rhel7
<a1fa> its worth looking into it, and maybe opening a bug
<patdk-lap> why?
<patdk-lap> so far it's not worth it at all
<a1fa> it's not supposed to ack back at all
<teward> ran nmap 5 times and it started to show open ports locally
<teward> in rapid succession
<teward> otherwise it wasn't giving any ports (14.04)
<patdk-lap> nmap just acts funky when you don't use it as root
<teward> mhm
<patdk-lap> cause it can't use raw sockets
<patdk-lap> so it attempts to do the best it can
<a1fa> patdk-lap: but the system responds back with s/ack on those prots
<a1fa> confirmed with tcpdump. on both loopback and actual interface ip
<patdk-lap> both use loopback interface
<patdk-lap> what happens if you use a remote ip?
<a1fa> no ports show up
<a1fa> i'll do some more work tomorrow to debug it
<a1fa> thanks for confirming
<PryMar56> on a new install of Vivid server, my `systemd-analyze time` shows too much kernel time (>20s). Anyway to improve this?
<PryMar56> ^ kernel time should be about 5s
<gmaciolek> What are people using for centralized update management these days?
<gmaciolek> I assume Landscape is an option; are there FOSS things that are worth trying?
<lordievader> Good morning.
<ObrienDave> o/
<mobile3> anyone ?
<lordievader> mobile3: ?
<mobile3> Can you help me with Webuzo Control Panel on VPS ?
<mobile3> Ubuntu 14.04 x64
<lordievader> Ah, no. But do ask your questions.
 * ObrienDave does not want to know what webuzo is ;P
<lordievader> ObrienDave: No adventure in the early morning?
<ObrienDave> getting close to sleepy time :)
<mobile3> I have been given 4 IP , while installing webuzo 1 IP got bonded to it... I have placed index.php file in public_html folder... when I am accessing via bonded IP , I am able to get correct index.php file but with all other 3 IP , I am getting different things..
<mobile3> What to do so that I can get the same index.php file from all of my IP ??
<lordievader> Vhost configuration?
<OerHeks> easy to add an extra ip to your machine, manually .. http://askubuntu.com/a/313887
<lordievader> mobile3: Who set up the Web server?
<mobile3> lordievader: they gave me with Ubuntu 14.04 x6
<mobile3> minimal installed
<mobile3> I changed it to Ubuntu 14.04 x64
<lordievader> mobile3: So you control the Web server config?
<mobile3> ya I can...
<mobile3> How to solve this problem ?
<lordievader> mobile3: Check the vhost configuration.
<mobile3> how  ?
<lordievader> By reading the configuration/
<lordievader> mobile3: Step 4 in this tutorial shows how vhosts are configured: https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts
<lordievader> In that particular case it is any incoming request on port 80.
<mobile3> not such file    /etc/apache2/sites-available/000-default.conf
<mobile3> in my server
<lordievader> mobile3: What is in /etc/apache2/sites-available?
<mobile3> No apache2 folder
<lordievader> mobile3: What Web server are you using to serve your control panel?
<mobile3> Ubuntu 14.04 x64    ....        Webuzo  Control Panel
<lordievader> mobile3: That is not a Web server.
<mobile3> Apache
<mobile3> lordievader : Apache Version : 2.2.29
<lordievader> But you have no /etc/apache2? Where is your Apache coming from?
<mobile3> I don't know !
<lordievader> mobile3: What is the output of 'apt-cache policy apache2'?
<mobile3> apache2:   Installed: (none)   Candidate: 2.4.7-1ubuntu4.4   Version table:      2.4.7-1ubuntu4.4 0         500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages         500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages      2.4.7-1ubuntu4 0         500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
<lordievader> For in the future
<lordievader> !paste | mobile3
<ubottu> mobile3: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<lordievader> mobile3: That is not installed... Is Apache coming from outside of the repo?
<mobile3> I don't know...
<lordievader> mobile3: What is the output of 'whereis apache2'?
<mobile3> whereis apache2 apache2:
<lordievader> Huh? How did you just get the version information?
<mobile3> lordievader :http://www.awesomescreenshot.com/image/436540/dcbc63865c203be5ee4bce22fa8caea7
<lordievader> Ugh, does that thing do its own software installation?
<neonixcoder> I am upgrading 10.04 to 12.04 but middle of upgrade my system reboots..
<neonixcoder> When checked system logs it states that "locale: /lib/libc.so.6: version `GLIBC_2.15' not found (required by locale)"
<neonixcoder> My present glibc version is 2.11..
<neonixcoder> any suggetions?
<mobile3> lordievader : may be but I don't know
<jelly> neonixcoder: verify versions of libc6, libc-bin and locales packages.  Make sure they match by installing and/or configuring them manually if needed, then finish your release upgrade.
<jelly> neonixcoder: newer versions of .deb package files will have been downloaded into /var/cache/apt/archives/
<neonixcoder> ok?
<neonixcoder> Thanks for your reply..
<neonixcoder> jelly: when I checked with apt-cache policy for libc6 and libc-bin it shows installed is 2.11 and candidate is 2.15. But for locales it shows installed and candidate as 2.11
<neonixcoder> Any thoughts on this?
<mobile3> lordievader : are you there ?
<Amillo> Hey guys, if I nslookup my zone 'test.co.uk' and it returns the server as a loopback does this mean I've configured something wrong?
<jelly> neonixcoder: both of those are unusual for 12.04.  My 12.04 installation has locales:  Installed: 2.13+git20120306-3  Candidate: 2.13+git20120306-3
<lordievader> mobile3: Still here, just busy. Anyhow I get the feeling it does install its own packages. I have no idea how, why or where. So I really cannot help you.
<neonixcoder> jelly: I am still on 10.04 machine..
<mobile3> lordievader : okay
<neonixcoder> I am upgrading from 10.04 to 12.04
<lordievader> neonixcoder: Restart the upgrade?
<jelly> neonixcoder: pastebin the output of "apt-cache policy" and "apt-cache policy libc6 libc-bin locales" please
<neonixcoder> lordievader and jelly: Let me give some background here..
<neonixcoder> I have some 200 machines need to upgrade from 10.04 to 12.04(Intention is to upgrade to 14.04). I have some test machines where I can upgrade multiple times if something went wrong..
<neonixcoder> I am going to follow http://askubuntu.com/questions/125742/why-did-my-upgrade-to-12-04-fail-with-glibc-not-found-or-libc6-or-requires
<neonixcoder> from there I install that PPA which is giving me 2.15 versions for libc6 and libc-bin
<jelly> neonixcoder: oh dear
<lordievader> Somewhere that sounds like a bad idea.
<tonyyarusso> ........PPA for libc6?  *grabs popcorn*
<jelly> neonixcoder: well, good luck with that, I won't be able to help with that mess
<neonixcoder> Ok.. Let me remove that ppa from list then..
<neonixcoder> I did not try to upgrade it with that PPA, before doing it I want your valuable advice..
<lordievader> neonixcoder: Did you install anything from the ppa?
<neonixcoder> right now no..
<neonixcoder> Just added it..
<lordievader> Phew, doged a bulled.
<lordievader> bullet*
 * jelly would prefer to the valuable current state of the system before dispensing potentially harmful advice
<jelly> to see*
<neonixcoder> jelly: My present policy list is http://pastebin.com/Lugf3j7N
<neonixcoder> any suggetions?
<neonixcoder> jelly:Any thoughts on how to proceed with upgrade?
<neonixcoder> Any suggestions guys?
<neonixcoder> How can I upgrade with out glibc issue?
<neonixcoder> Quick recap.. I removed ppa and given my apt-get cache stuff..
<neonixcoder> Or can I know which repo provides glibc?
<neonixcoder> going home, ping you people tomorrow
<Amillo> Hey guys - What's the command to read my bind9 error logs, can't seem to find it anyway?
<jpds> Amillo: tail -f /var/log/bind9/* ?
<jpds> Amillo: tail -f /var/log/syslog ?
<jpds> Amillo: Same place most of the other logs are
<Amillo> my bind9 is failing to restart but my error message doesn't make sense to me
<Amillo> isc_stdio_option '/var/log/query.log' failed: permission denied
<Amillo> but I've changed the ownership of that file to bind
<Amillo> Also has configuring logging: permission denied
<rbasak> '/var/log/query.log' sounds wrong to me.
<jdstrand> momomo: if all you want are security updates, remove the lines in /etc/apt/sources.list that have '-updates' and then do 'apt-get update'. you will only get updates from the security pocket
<Guest86431> Hey
<Guest86431> I'm having what I believe might be an issue? - When I do an nslookup from both my slave and master of my zones they are turning loopback addresses as the server - http://i.imgur.com/UZq0Mk9.jpg is this normal? (sorry for blocking stuff out - on a work network don't wanna mess anything up)
<pmatulis> {stick around next time}
<gmaciolek> Wow, tis weechat client integrates screenshot links.
<gmaciolek> *this
<gmaciolek> So, I'm wondering, what are people using for centralized update management these days?  (It looks like Landscape is an option. but O
<gmaciolek> *I'm hoping for FOSS, and ideally a tool that'll work on deb & rpm distros
<maswan> automatic updates
<teward> ^ that
<teward> but if you want centralized management of Ubuntu servers, it's Landscape (but that can be expensive)
<teward> or puppet or other multisystem management systems
<lordievader> Puppet is rather nice.
<teward> lordievader: when configured right, yes.
<lordievader> True, it can be painfull too ;)
<OerHeks> landscape is up to 10 servers free, no ?
<teward> OerHeks: when you set it up on your own system, 10 physical machines, 10 virtual
<teward> OerHeks: i use it to manage my VPSes (which get listed on the Virtual category)
<teward> problem is you actually have to set it up, as the 'cloud' one from Canonical needs the Advantage licenses
<OerHeks> Nice, it is indeed good usable for small business
<teward> OerHeks: provided there's only 10 physical and 10 virtual machines
<garethdaine> Guys, how long should it take to wipe and reinstall a fresh Ubuntu server, only running Ubuntu 14.04 x64 on a machine with 16GB RAM?
<maswan> garethdaine: Mostly depends on the storage and set of installed packages
<maswan> garethdaine: writeback cache on the storage is a factor 10-100
<maswan> compared to slow spinning disks without
<garethdaine> But it shouldn;t take 4 hours should it?
<garethdaine> Being installed by professionals
<garethdaine> Iâve asked our dedicated host to wipe the server and install only a fresh copy of Ubuntu 14.04 x64 and they are saying itâs 4 hours chargable work
<teward> garethdaine: they probably have to do things at the datacenter to make the revisions - network reconfiguration, configuration for networking, etc.
<teward> depending on what all they ahve to do over at the datacenter it could very well be 4 hours of work for them
<tgm4883> teward: assuming that it had a previous version of Ubuntu server on there, what else would they need to reconfigure?
<garethdaine> Hmmm, really? Thought it took like 30 minutes to install
<rbasak> 30 minutes within an 80% confidence interval maybe
<rbasak> (if the hardware isn't Ubuntu certified, etc)
<rbasak> If quoting in advance it makes sense to add contingency time, for example if there are driver issues.
<rbasak> Or if the hardware turns out to be faulty.
<rbasak> Etc.
<tgm4883> rbasak: true, I suppose there are a lot of unknowns here
<OerHeks> even with a dedicated host you should be able to put an image back yourself.
<garethdaine> rbasak: Shouldnât have faulty hardware, itâs current live server thatâs just getting a reinstall
<rbasak> Disks can have latent errors that only show up when doing big things to them.
<rbasak> This is why double RAID failures happen. Because only on attempt to reconstruct does the second disk fail.
<garethdaine> OK, thanks for the help folks. Should I question the quote I have received and ask them to detail what is taking the 4 hours, or should I just accept that it can take 4 hours?
<teward> garethdaine: i would, but i'm anal about making sure they're not doing extra work
<rbasak> I would consider what your service costs you overall and what you get for that money, as compared to competitors.
<teward> right
<teward> garethdaine: although, if they have to redo the RAID to reinstall that could potentially explain a large time for completion
<teward> (build the array, verify the array's integrity, etc.)
<teward> but i woudl do that comparison rbasak says as well
<teward> AND ask what the 4 hours entails
<garethdaine> Yes, I will do that teward
<garethdaine> Thanks for the help
<alexandercogneau> exit
<alexandercogneau> exit
<Garogat> hey
<Garogat> just have some probs with my dns server
<teward> Garogat: 'some probs' is not descriptive
<Garogat> sry ;)
<Garogat> i got a domain
<Garogat> slucky.de
<Garogat> and i wanna use my own dns server
<Garogat> *servers
<teward> lets not forget that enter is not punctuation... ;)
<teward> Garogat: i'm followin you so far, so, what's the 'problems'
<jrwren> Garogat: https://help.ubuntu.com/lts/serverguide/dns.html may help?
<teward> ^ that too
<Garogat> fsg-preetz.net and c.ns.buddynd.com, but when im trying to test them with nast from denic its always gving me an error. It's says: inconsistent set if NS rps (IP, Ns host names)
<PryMar56> new vivd server & boot hangs for 15s before systemd starts: http://paste.ubuntu.net/11949526/
<blaaa> I have issues with disks on a Marvell 88SE9230 controller, under load, especially when writing I suppose, failures occur
<blaaa> are there known issues with 88SE9230 and LTS kernel 3.13?
<dasjoe> Seeing issues seems to be the norm with that controller, I experience similar ones
<blaaa> too bad... I had not used it so far, but I just recently added two disks
<blaaa> my board is a Supermicro X10SBA, could have just used a X10SBA-L I suppose
<blaaa> I'll try to find out if more recent kernels have patches
<bilde2910> Uh, I've pushed myself into a corner here. My /boot is at 97%. I want to clean it up with apt-get autoremove, but I can't because a few packages (linux-image-extra-3.13.0-55-generic and -59-generic, as well as linux-image-generic) miss some dependencies (linux-image-3.13.0-55-generic and for the latter two -59-generic) and I am recommended to run apt-get -f install to fix these dependency issues. So I do this, and I am told that I cannot
<bilde2910> install linux-image-3.13.0-59-generic_3.13.0-59.98_amd64.deb because the device is full. No space left on device. I then try apt-get autoremove to free some space, but I get the same errors as before. Running Ubuntu Server 14.04.2 LTS on amd64. Any help?
<sarnold> bilde2910: use apt-get purge to manually delete specific packages
<bilde2910> Just tried that too, and nope, I can't because aforementioned dependencies are not met
<sarnold> bilde2910: start deleting the dependencies, too
<bilde2910> Should I try using -f? Or is that dangerous?
<sarnold> bilde2910: you can always re-install the metapackages once you're done
<bilde2910> I don't really have much experience with Linux and Ubuntu and servers, so I'm not exactly sure which packages should be present and which shouldn't
<bilde2910> Is it safe to manually delete some of the older ones of these files? http://paste.ubuntu.com/11950111/
<sarnold> bilde2910: yeah; if you truncate them instead of delete them, it'll make some deleting steps easier..
<sarnold> bilde2910: be sure to keep at least two -- whatever you're currently running, and the newest. if you're running the newest, then keep the next-oldest..
<sarnold> or next-newest
 * sarnold stops thinking about that before his head hurts
<hexaclock> anyone know if there's a way to assemble mdadm raid arrays in a particular order?
<hexaclock> i have a raid60 made up of 2 raid6 arrays
<hexaclock> anytime that i reboot this box, i need to manually assemble the raid0 array (the underlying raid6 arrays assemble just fine on boot without any intervention)
<hexaclock> i could always throw something in /etc/rc.local or such, but i'm wondering if there is a cleaner way?
<TJ-> hexaclock: the arrays are assembled via udevd triggers, so how about a custom rule that assembles the RAiD0 once the 2 underlying arrays are ready
<TJ-> hexaclock: along the lines of: when a RAID6 is added: 1) if /run/raid6 already exists then assemble the RAID0 and delete /run/raid6, otherwise "touch /run/raid6"
<hexaclock> awesome, i'll look into it
<hexaclock> thanks!
<TJ-> hexaclock: "/lib/udev/rules.d/64-md-raid.rules" might give you some clues on how to recognise the mdadm array is ready; your rule will want to be in "/etc/udev/rules.d/" and have a different number/name than the system mdadm rule to avoid over-riding it
<bilde2910> sarnold, another question: How do I know which of the files I use? E.g. I have 8 of initrd.img-$version-generic, how do I know which one is the one my system uses?
<sarnold> bilde2910: uname -a output
<bilde2910> Ah, thank you :)
<tanuki> I have Trusty server running as a headless VM (on another Trusty server machine). A few times now, the VM has spontaneously booted into memtest86+.
<tanuki> Any idea why?
<bekks> tanuki: You need to investigate the logs in /var/log/
<tanuki> Paradoxically, the thing that pisses me off is when things *don't* fail (when I want them to).
<bekks> I dont want things to fail :)
<TJ-> tanuki: Is there anything non-standard about the server installation, any custom boot-loader configuration, anything unusual about the disk images being provided to the guest by the host?
<tanuki> TJ-: Not to my knowledge, with the exception of choosing "minimal virtual machine" instead of "minimal system".
<tanuki> bekks: I want things to fail when I need to know why they fail.
<TJ-> tanuki: there were 2 things I would focus on... is the root file-system image separate to the /boot/ image and if so is the rootfs image present and ready, and if they are, then has grub set a different 'default' boot entry that happens to be the memtest86+ entry in some circumstances.... the only other option I can think is something running in the guest that actively causes a reboot to memtest86
<tanuki> This server isn't used for anything, really (basically, it's a development box for things), so I'm tempted to just set up a cron job on the host that checks that sshd is running on the guest and fires off an email otherwise
<tanuki> I'm more concerned with power consumption than anything else.
<jak2000> how to change the linux hostname?
<pmatulis> jak2000: edit /etc/hostname and /etc/hosts, then reboot. can avoid a reboot with 'sudo sysctl -w kernel.hostname=<hostname>'
<pmatulis> the only place where a domain name enters into the mix is in /etc/hosts. everywhere else hostname is just the first part of the FQDN (up to the first dot)
<jak2000> ok thanks
<neonixcoder> Good day team..
<jak2000> neonixcoder you worked with tomcat?
<neonixcoder> jak2000: Yes, not deep in to it..
<neonixcoder> What's up?
<jak2000> check pm friend
<jak2000> pls
#ubuntu-server 2015-07-28
<skrp> i come home and my ubuntu server is hacked hard. vlc running at 99%. auth.log all removed
<skrp> i can't apt-get remove/purge firefox, which was totally hijacked
<patdk-lap> what where those things doing installed on a server?
<tarpman> skrp: pull the plug. wipe the disks, reinstall, restore data from backup. you have know way to know what's been done. probably all kinds of rooted
<tarpman> *no way
<skrp> any way i can snapshot and inspect what they did later?
<tarpman> shut it down first, then boot off a livecd if you want to look around or take an image of the disk
<sarnold> an alternate plan is to pull the plug, get new disks, reinstall, restore data -- and then do forensics on the hacked images to learn more about it. Keeping in mind that they might have left behind "gifts" (in both the english sense and german sense :) designed to sabotage inspection..
<patdk-lap> I would be paranoid of restoring data
<patdk-lap> if restoring data == restoring website
<patdk-lap> that is likely how they got in to begin with
<patdk-lap> previously hacked, or just vaunerable
<sarnold> I'd suspect first brute-force sshd paswords, then cpanels/webpanel things, _then_ website content..
<patdk-lap> I have seen systems hacked, and then never really abused for months or years
<patdk-lap> I always see website first
<skrp> hmmm yeah
<skrp> i'm going to have to wipe this one, and my pfsense box it is behind
<patdk-lap> ssh is too easy to protect against, and never install cpanel/webpanel things
<sarnold> patdk-lap :)
 * patdk-lap notes another wordpress thing was fixed over the weekend :)
<patdk-lap> or was that last week
<sarnold> probably "last week" will never be wrong with wordpress...
<neonixcoder> When I try to upgrade from 10.04 to 12.04 some times I am getting "locale: /lib/libc.so.6: version `GLIBC_2.15' not found (required by locale)"
<neonixcoder> Any suggestions on this?
<roracle> hey guys when i set up my server, do I need to put a ".com" at the end?  the reason i ask is because i need to set up postfix for sendmail, and can't seem to get it working, and was wondering if that might be why?
<roracle> *i mean do i need a ".com" at the end of the hostname
<lordievader> Good morning.
<Amillo> Hey guys, while trying to install apache on 12.04 I'm getting an error unable to correct problems, you have held broken packages. I've went through a lot of commands trying to solve it but none have been successful, anyone got any ideas?
<Amillo> I've made a fresh server and that didn't solve it either
<maxb> You do know 12.04 is ancient, right?
<Amillo> Yep
<Amillo> But I was told to use 12.04, would 14.04 be a better choice?
<maxb> Unless you have a requirement you really absolutely can't change, never prefer a version that is obsolete
<maxb> (and even then, try to subvert the requirement)
<Amillo> I've got my DNS setup on 12.04
<Amillo> would using 14.04 on an apache effect this
<maxb> On different machines or VMs? No.
<Amillo> just vms
<maxb> If you are setting up a new installation of Ubuntu, definitely use a current version, unless you have an extremely critical reason not to
<lkthomas> does kernel linux-image-3.19.0-18 still under testing on 14.02 ?
<lkthomas> how come none of my machines could boot properly under this kernel
<fishcooker> what's preseed mean.. actually i want to make custom iso so that if new box is coming it would be install ubuntu automatically.. how to make it happen?
<lkthomas> preseed is an installation template which "provision" your server like a stencil
<lkthomas> fishcooker, during iso booting time, you could pointing it to a preseed config file, so you could provision millions of servers as same way
<fishcooker> is the https://help.ubuntu.com/community/PXEInstallServer is the good point to start.. or there is another link should i follow lkthomas?
<lkthomas> fishcooker, preseed is not very well documented, PXE is a good way to start, we are using PXE preseed as well, but I did dig into preseed codebase and search for options that I need.
<teward> General question: What would cause the system to say "Out of Memory" when it's got 4.3GB of free memory buffered
<teward> and only when dovecot is trying to do things
<TJ-> fragmentation?
<jrwren> teward: kernel saying OOM, or a process? malloc can fail for a few reasons.
<teward> jrwren: syslog says hostname out of memory [18855]  and there's no way to trace back
<teward> oh, i neglected to mention the age of the server because i'd get smacked
<teward> funny: it's EOL, and I just realized it by checking kernel version
<teward> >.>
<teward> someone give me a phaser, i need to vaporize some servers
<TJ-> EOl doesn't equate to out of memory though
<teward> no, but support in this channel does
<teward> it's an 8.04 server :P
<RoyK> teward: heh :D
<RoyK> even 10.04 is EOL...
<RoyK> shouldn't get out of memory anyway, though
<RoyK> but still - perhaps time to upgrade it to get some fixes? ;)
<teward> probably
<TJ-> dovecot was process 18855 ?
<lordievader> teward: Heh, we have one of those too... It has been up for replacement for years...
<teward> TJ-: couldn't tell, had to halt the system to unstick SSH
<RoyK> teward: that's a definite OOM
<RoyK> but the kernel log should show
<teward> RoyK: monitoring says it had more memory
<RoyK> anyway - upgrade time!
<teward> RoyK: kernel log is syslog?
<teward> or elsewhere
<RoyK> teward: don't remember log locations on hardy - either syslog or kern.log
<teward> well there's nothing in kern.log indicating a kernel level OOM
<teward> which makes sense since the VMware tools installed here responded and gracefully halted the system
 * teward wonders if it's just Dovecot running out of its own memory
<RoyK> but then, the system hasn't been updated for 4+ years, so some bugs may have been fixed after that ;)
<teward> 'cause the OOM killer would've started killing things, no?
<teward> RoyK: oh, definitely, tell that to the ancient python scripts running here though
<RoyK> the OOM killer sometimes saves the day, but just sometimes
<teward> RoyK: this is what i don't get, vSphere shows that the memory consumption data relayed by VMware tools was under a gigabite, including the cache bits that LInux does
<teward> so i'm not sure at ALL why it failed and hung up
<RoyK> and I beleive the OOM killer has been improved a bit those seven years
<RoyK> anyway - if this is under vmware - why didn't you bring up the console?
<teward> 'cause my access creds don't give me a lot of access unfortunately
<teward> start/stop/restart and basic stats
<teward> my standard access creds anyways
 * teward yawns
<teward> what we need is an overhaul here...
<RoyK> if it happens repeatedly, you could setup a network console...
<teward> i'm considering it
<teward> my guess though is that it's got a bug somewhere
<RoyK> but probably better to just setup a new VM with 14.04 and migrate the config
<RoyK> I wouldn't dare having something that old connected to a network
<TJ-> If it's PAE then even if the system has 4.3GB free, each process can only use a maximum of 2GB or 3GB depending on the kernel CONFIG_VMSPLIT_3G
<teward> migration of the config isn't the issue RoyK
<teward> migration of the custom inhouse software is
<TJ-> 14.04 host with a 8.04 chroot :)
<teward> lol
<RoyK> teward: don't you have the source?
<teward> it's all deprecated python
<teward> so no
<RoyK> *that* deprecated?
<lordievader> Python 1.x?
<RoyK> hihi
<jrwren> teward: internal app?
<patdk-wk> why do you think it's a OOM?
<patdk-wk> what is the exact log line?
<patdk-wk> cause it sounds like a dovecot log line, out of memory, that is normal, cause each dovecot thread has it's own limit set, normally around 256megs
<patdk-wk> and increasing it from defaults, is up to you, via dovecot config documentation
<patdk-wk> the larger the mailbox, the more memory it will need to index the messages
<patdk-wk> and then more if your using compression, or searching and other features
<RoyK> patdk-wk: his sshd hung too
<patdk-wk> ah, didn't see that in the text wall
<patdk-wk> it wasn't perhaps, went readonly filesystem?
<patdk-wk> ssh will stop responding if that happens, sometimes, depending on how the login is configured, due to logs and stuff unable to write
<RoyK> patdk-wk: never seen ssh hang because of that...
<patdk-wk> I have, can't remember exactly why
<TJ-> I thibk that was back when /var/run/ was not a tmpfs on /run/, if /var/ file-system went read-only, sshd had no write access to /var/run/sshd/
<patdk-wk> I think the issue was, unable to fork
<patdk-wk> due to the system being overloaded due to webhits, or other things, just backing up due to not able to process
<TJ-> I've had the issue I described, many years ago
<patdk-wk> I'm sure I had that also, but I know I've had the issue on 12.04, and that uses /run on tmpfs
<patdk-wk> but I'm not saying my issue isn't specific to how I have things configured
 * TJ- nods
<caribou> smoser: FYI, I won't be able to attend today's meeting. Nothing particular to bring up anyway
<smoser> k
<teward> jrgifford: yep, internal
<teward> patdk-lap: quite literally, in syslog: hostname out of memory [18855]
<teward> and a timestamp before it
<teward> RoyK: I figured out the SSHd hang
<teward> that was a VMware glitch
<teward> (somehow the vNIC got disconnected from the vSwitch, the restart reloaded the vNIC)
<RoyK> teward: strange - never seen that on vmware
<RoyK> seen it on hyper-v, though - far more there (that was h-v v1)
<patdk-wk> teward, seen that many times :(
<patdk-wk> it's always pisses me off
<teward> patdk-wk: which, that syslog line?
<teward> RoyK: there was a maintenance option changed by the other guy that caused a momentary blip
<teward> that one vNIC never reconnected
<teward> happened once before here
<RoyK> ok
<teward> that's why SSH hung - because right as it prompted for PW that change happened
<teward> so *kablooey&
<RoyK> teward: is the software really bound to run on python 2.5? I mean - 2.7 isn't that big a difference, is it?
<patdk-wk> no, the vnic
<teward> RoyK: i can't get approval to test
<teward> patdk-wk: ah
<patdk-wk> has happened about 10times for me, in the last two years
<patdk-wk> out of around 1400 vm's
<teward> patdk-wk: yeah things randomly asplode :/
<teward> meh
<patdk-wk> the syslog line, is odd
<patdk-wk> no program name
<patdk-wk> it should atleast say, kernel: on it
<teward> patdk-wk: indeed, but is it really a kernel OOM error?  It doesn't sound it since the resource graph showed only about 500MB used out of 4.5GB available
<teward> taking caches into account of course
<patdk-wk> that out of memory, can't be from the kernel
<teward> right
<patdk-wk> since it's missing the kernel: line
<patdk-wk> and the OOM is like a 50+ line report
<RoyK> teward: there are python 2.5 PPAs
<teward> the question is: was Dovecot triggering it
<teward> RoyK: i have a feeling it'll work on 14.04
<RoyK> teward: you should give your boss a dork approval
<patdk-wk> if it was dovecot, it would say dovecot: :)
<patdk-wk> hmm
<teward> but i can't do anything without 5 other people's collaborative effort
<teward> since we have to migrate email data over (dovecot), postfix configurations, SMB share configs...
<RoyK> to insist on using software not update for over 3 years, you can't understand much
<patdk-wk> I'm guessing it is a syslog issue
<teward> RoyK: Believe me: If I had unlimited power i'd have burned this VM
<teward> but eh
<teward> i don't have time at the moment for the migration project
<teward> patdk-wk: possibly, given this is a Hardy machine
 * teward shrugs
<teward> it's on the list of things I'd love to upgrade
<patdk-wk> teward, https://communities.vmware.com/message/2280260
<patdk-wk> same type of log entry, but on esxi hmm
<teward> ooo so i can blame VMware this time
<teward> patdk-wk: that's the system that VM is on
<teward> I wonder if the VMware tools are at fault
<teward> i could remove them...
<jrgifford> always blame VMWare teward
<teward> but we lose HA that way
<teward> jrgifford: lol
<patdk-wk> oh ya, your using older than hell tools :)
<teward> jrgifford: always blame $random
<teward> :P
<teward> patdk-wk: i could always try and update the tools but that'd go badly lol
<teward> kernel and what not
<jrgifford> yeah, old tools will cause weird behavior, particularly if the host has upgraded throughout time.
<jrgifford> (I'm assuming you've patched VMware at least once since Hardy was EOL...)
<patdk-wk> ya, I backport newer tools to my ubuntu boxes
<teward> jrgifford: i wouldn't know, i don't track the ESXi updates, that's the other guy's job :P
<patdk-wk> but I don't even bother porting back to 10.04, and am dropping 12.04 next month
<jvwjgames> Hi
<jvwjgames> Hi i need help setting up multiple static ip's on multiple Routers what channel would I got to get help for that
<teward> not here unless your routers are Ubuntu
<jvwjgames> Is there a routing channel
<teward> ##networking maybe, but if oyu don't know how to set static IPs on a router, you've got bigger problems
<teward> and you likely have to set it one by one on each router
<jvwjgames> I do but it can't set then up across multiple routers
<jvwjgames> I*
<teward> got a server that grinds to a halt when any operations of import are executed.  recovery runs relatively fine, but sshing in takes over 3 minutes, disk operations are slow (apt-get dist-upgrade for instance), etc.  RAM, Disks, Disk Array appear to check out, fsck returns 'clean'
<teward> lookin for additional debug steps
<teward> recovery mode flies
<Seveas> teward: iotop.
<samba35> how to clear apt-get autoremove package list becase that list has some know package need to be install which i do not want to uninstall
<rbasak> samba35: apt-mark manual <package>
<samba35> hmm ,there is around 100+ package
<rbasak> or for the entire list, some variation on apt-mark showauto|xargs apt-mark manual
<samba35> ok Thanks
<rbasak> Though that will wipe out the usefuleness of autoremove really
<rbasak> You might as well just not use autoremove.
<samba35> then
<cluelessperson> hey guys, I'm trying to install something as another user, znc --makeconf  however it's trying to write to my zachary user's home directory
<cluelessperson> is sudo -u zncdev -s   not enough to be another user?
<cluelessperson> whoami says I'm zncdev
<cluelessperson> [ !! ] Writing config [/home/zachary/.znc/configs/znc.conf]... [ Unable to open file ]
<TJ-> cluelessperson: as you can see, sudo doesn't change $HOME
<cluelessperson> TJ-, is there a way to do so?
<drocsid> the kernel is being held back for a minor upgrade 3.13.0.24 vs 3.13.0.59. Anybody else have an issue with this in 14.04.02
<drocsid> ?
<PryMar56> boot hangs when systemd starts in Vivid-server: http://paste.ubuntu.net/11949526/
<PryMar56> ^^ asked for help 2nd time
<sarnold> PryMar56: no luck so far, eh? guess it's time to file a bug
<PryMar56> sarnold, I have other installs with system-219 and the same kernel version that are seamless when system starts (no delay)
<PryMar56> systemd starts
<PryMar56> but its debian 8 with experimental
<mariano_> I'm trying to learn mysql (SQL) and I'm completely new to it. I was hoping to set up a mysql server on virtualbox to play with it. Can anyone recommend a good guide on how to go about doing this?
<sarnold> mariano_: tada :) https://help.ubuntu.com/14.04/serverguide/databases.html
<mariano_> thank you. :)
<sarnold> mariano_: unless you need mysql for a specific reason I suggest looking at postgres instead, I like it more..
<mariano_> I want to get into data management and analytics. I know stats, econometrics, ect, but I know nothing about data management. I'm just graduating so I was told that if I want to move up, I have to learn sql and hadoop.
<mariano_> My professor said sql is easier to grasp and that more businesses use it.
<darius93> do i need to do any specific changes to libvirt dhcp server within the network file to have it access the internet with public ips? The assigning of ips work, but when attempting to ping something like google.com, etc., there is no internet access.
<darius93> I have bridge working fine with static ips, but just wondering about dhcp because i do want to be able to have that option available in the future
<TJ-> mariano_: postgres is much closer to the enterprise class DBMS than mysql ... it emerged from what became MS SQL server
<mariano_> Thank you TJ. I'll start reading postgreSQL and then dive into hadoop.
<jrwren> really? I didn't know sybase was founded on ingres.
<jrwren> TJ-: thanks for the tip, I found this and it should be an interesting read: http://archive.computerhistory.org/resources/access/text/2013/05/102702565-05-01-acc.pdf
<TJ-> sorry, I was thinking at cross-purposes; I was referring to tpostgres and T/SQL - got buried in implementing some T/SQL functions in postgres recently,
<teward> anyone know where I can report a problem with the help.landscape.canonical.com documentation?
<jak2000> hi all
<sarnold> teward: many of the webpages have a "report a bug on this page" link in tiny text near the bottom
<jrwren> is midonet an OVS alternative?
<bekks> jrwren: Whats "midonet" and whats "OVS"?
<jrwren> midonet is something new to me, so I cannot answer. OVS is Open vSwitch.
<teward> sarnold: it wasn't rendering that :/
<teward> meh
<sarnold> teward: did you find a place to report the bug?
<abcs> Im setting up a mail server and when I send a mail using echo it bounces and looking at the log its being sent to local instead of smtp any thoughts?
<JaguarDown> Hi all newbie here. Simple question. In order to administer my server's web pages via SFTP I've changed the permissions of /var/www directory to 775 recursively, changed owner and group to www-data, and added myself to the group www-data. (I read in a couple places this is the standard thing to do?) After a couple of kinks I am able to read/write/execute via SFTP...
<JaguarDown> ...However I decided that maybe that "Every one else/public" only needs to "read" html so I changed permissions to 774 and suddenly at the SSH terminal I can't even CD into /var/www due to "permission denied"
<JaguarDown> Even though my user account is in the sudo and www-data group
<JaguarDown> groups*
<JaguarDown> What gives?
<tarpman> JaguarDown: execute permission is required to traverse into a directory, ie. access anything inside of it. read permission means listing the contents (but not accessing them)
<tarpman> JaguarDown: not sure why that's hitting your user, though. did you exit your ssh session and log in again after adding your user to the group? if you run "groups" at the prompt does the output include www-data?
<sarnold> JaguarDown: just for the record, I really dislike the data being owned by www-data, since that's the usual user account that the webserver uses when running
<JaguarDown> yes, groups says I am in the www-data group
<sarnold> JaguarDown: .. which means when the webserver is hacked, it has write access to all the content, which makes it insanely easy for hacks to become persistent
<JaguarDown> Ah. I didn't really know what the standard acceptable convention was for ownership of it
<JaguarDown> Should I just change ownership to my one and only sudo account?
<JaguarDown> This is just a home server
<JaguarDown> Although it is serving web pages to the internet
<JaguarDown> I did not log out and back in again
<teward> sarnold: nah, realized that the doc i was looking at was 'retired'
<teward> sarnold: then realized that I can't get landscape-client to work with the custom CA that was set up
<teward> sarnold: THEN realized the easier route is to just spend $13 for a cert
<sarnold> JaguarDown: up to you, I'd do a different owner, but that's just my preference..
<sarnold> teward: is that it these days? wow
<JaguarDown> Okay I hopped out and into the SSH terminal and it works now.
<teward> sarnold: through gandi, with Ubuntu Membership + E Rates and such, pretty cheapish for a single domain cert (landscape.domain.tld lol)
<JaguarDown> However I didn't understand what you just told me about the www-data user. I will probably change it to myself.
<JaguarDown> Or something other than www-data
<dasjoe> teward: you can still get free certs from StartSSL
<sarnold> JaguarDown: for me, I'd be content to use my user account to own it; for shared-with-someone-else I'd prbably make a new 'www' account or something
<dasjoe> Although revoking them will cost
<JaguarDown> sarnold: Okay that makes sense. I read somewhere someone used a "webmasters" group.
<sarnold> JaguarDown: that makes sense; it's long :) but makes sense
<JaguarDown> Cool well turns out my main problem was logging out and in. Thanks.
<teward> dasjoe: true on both cases, but the StartSSL CA certs are a little more ambiguousish
<teward> :/
<dasjoe> teward: I'm waiting for let's encrypt to become available, then I'll have to evaluate what's the best way for me to proceed
<teward> mmm
<teward> well my issue is that I just need it for landscape-server / landscape-client.  What landscape-client does NOT want to do is accept the custom CA certificate
<JaguarDown> This is probably not the best location to ask this but what do people generally do when editing html files via SFTP to be served by apache2? Do they simply edit the files via SFTP in their favorite editor and save or do they do all editing on their local machine and then upload via SFTP when they're done?
<sarnold> JaguarDown: rsync <3  :)
<dasjoe> Slightly related: https://xkcd.com/378/
<sarnold> dasjoe: hehhe :)
<JaguarDown> sarnold: cool!
<JaguarDown> dasjoe: favorited :)
<sarnold> JaguarDown: one note with rsync, it's quite picky about the last '/' in directory names. it'd be worth fiddling around with a few permutations of rsync commands on test data before you really start using it
<sarnold> JaguarDown: e.g. rsync -avz source/ destination/  vs rsync -avz source destination  vs rsync -avz source destination/  vs rsync -avz source/ destination  -- once you've seen it a few times you'll be fine :)
<JaguarDown> sarnold: Thanks! That sounds like a promising proposition, I will definitely be giving it a go. Sounds like it could greatly streamline things.
<sarnold> yes :)
<JaguarDown> While we are on the subject, as the default apache2 config stands, if I want to place an image on my page and store it on the webserver does that image have to be stored under the "/var/www/html" directory or can the website see it if it's under, say, /var/www/images
<JaguarDown> Sorry I am currently pretty ignorant to all of the webserver and web pages stuff.
<JaguarDown> I currently have an image in /var/www/html/images and it's working fine
<sarnold> I'm sure it's doable, but I'm not sure what you'd need to do to make it work
<JaguarDown> The thing is the way i have it it causes an index to be available and I would prefer not to do that.
<JaguarDown> By index I mean you can visit the folder via the website address
<sarnold> you can turn that off with some other directives..
<abcs> Im setting up a mail server using postfixand when i do echo "test from mail server to user@example.com" | mail -s "test" user2@example2.com the recipient is not getting the mail. im not getting any errors in var/log/mail.err and my mail.log is showing its going through postfix/pickup /postfix/cleanup postfix/qmgr postfix/local then bouncing because its not a user any idea why its not
<abcs> going to postfix/smtp but going to postfix/local
<sarnold> JaguarDown: http://httpd.apache.org/docs/2.4/mod/mod_autoindex.html   for ubuntu 14.04 LTS and newer
<JaguarDown> sarnold: thanks
<sarnold> abcs: is your postfix configured to accept mail for example2.com?
<abcs> sarnold: no I don't want postfix to accept that mail I want to send it to someone elses mail account
 * JaguarDown is now away - Reason : 
<abcs> Im trying to test if the mail server is set up correctly to send mail out to a relay host if theres a different way to test that i can do that
<sarnold> abcs: i'd next try doing things by hand: host -t mx example2.com, nc <host1> smtp ... EHLO sarnold MAIL FROM: RCPT TO:  ....
<abcs> host: couldnt get address for 'nc': not found returned
<sarnold> two options.. either your recipient has screwed up their dns records, or your dns setup is broken
<cryptodan_laptop> http://mxtoolbox.com is a good site for testing mail servers outside your network
<abcs> the dns is hosted at godaddy i wouldnt think that would be the case i can send a recieve email from windows desktop not routed through the mail server
<sarnold> I thuoght you were trying to debug sending?
<abcs> i am
<abcs> from post fix which i am currenly setting up
<abcs> at the moment the email is routed through outlook that goes directly to godaddy
<abcs> I need a mail server to relay it first
<sarnold> cryptodan_laptop: nice!
<abcs> I can send email back and forth on localhost but when I try to send it somewhere where the destination is not local it bounces
<cryptodan_laptop> to verify your dns has propagated check here https://www.whatsmydns.net/
<abcs> the domain is propageted, its been in use for 10 years
<cryptodan_laptop> those two sites have helped me solve many issues with my own dns
#ubuntu-server 2015-07-29
<JaguarDown> Hey does anybody use ddclient? I have a simple question which I couldn't find the answer to on their website.
<JaguarDown> I want to update my IP address since I am running a home server and the IP from my ISP may change. My domain is with godaddy who apparently doesn't offer a straightfoward service to do this.
<JaguarDown> After reading on a website I simply changed the dns name servers to ones from freedns.afraid.org
<JaguarDown> Anyway, on my godaddy account I changed them to ns1.afraid.org, ns2, ns3, ns4, etc. My question is in the config file for ddclient under the "server" field will simply "freedns.afraid.org" suffice or do I need to explicitly list the dns name servers?
<JaguarDown> I had a free subdomain from freedns.afraid.org previously with ddclient running to update my IP and this is how it was configured before so I am assuming it will work.
<jak2000> how to change the resolv.conf permanently i am change and when restart resolv.conf is empty
<teward> jak2000: do you use /etc/network/interfaces to manage your interfaces?  If so, add these lines to the configuration stanzas for your interfaces: dns-nameservers 1.2.3.4
<jak2000> teward ok testing
<jak2000> restarted the virtual server
<lordievader> Good morning.
<arcsky> hey guys whats the differnt between DNS server and a DNS proxy?
<lordievader> arcsky: A DNS server actually resolves urls where a proxy forwards requests to another server (usually caching the replies).
<arcsky> lordievader: thanks i undertand now
<lordievader> arcsky: :)
<teward> hmm... where can I report a problem with landscape-client that isn't isolated to one specific release
<teward> (12.04, and 14.04, both have the same problem)
<teward> (and i will do further tests today to confirm
<iclebyte> the new bind9 vuln - USN-2693-1 only references ubuntu 12.04/14.04/15.04 - is 10.04 affected or just no updates available for it as EOL ?
<rbasak> 10.04 is EOL, so no updates.
<iclebyte> thought so.
<rbasak> Nobody will have checked whether 10.04 is vulnerable or not. It may not be. But it's certainly vulnerable in a ton of other ways by now.
<iclebyte> agreed.
<Amillo> hey guys, having some trouble mounting my nfs anyone got any ideas why it's denying me access?
<pmatulis> Amillo: provide more info. configuration, command & output, logs, etc
<Amillo> Getting someone to take a look at it now, I'll come back if he's unsuccesful - thanks though
<med_> Daviey, jamespage, zul: python-neutronclient in UCA Kilo don't work
<med_> needs at least 2.4.0
<med_> 2.3.11 is too old.
<med_> please look at bug #1479496
<ubottu> bug 1479496 in python-neutronclient (Ubuntu) "python-neutronclient 1:2.3.11 doesn't work with Kilo" [Undecided,Confirmed] https://launchpad.net/bugs/1479496
<med_> in a large network environment, it doesn't work.
<med_> (it worked fine in Juno with the same networks but doesn't in Kilo as something in neutron must be changing & reporting differently.)
<med_> it breaks things consequently as the python-neutronclient library is used by ... neutron, nova, etc.
<Daviey> med_: Based on what you have said, it must also be true that it is broken in Ubuntu Vivid and neutron upstream has a poor lower version of neutronclient in requirements.txt
<teward> wheeee, useful bug data is useful
<teward> although i typo'd my apport hooks.  oops.
<teward> sarnold: rbasak: it's definitely GREAT to have usable debug data for nginx now isn't it xD   (lot more 'invalid!' bugs :P)
<dasjoe> Any idea where ast_dp501_fw.bin would be available from Ubuntu's repos? "W: Possible missing firmware /lib/firmware/ast_dp501_fw.bin for module ast"
<alximych> hi! I manually installed and succesfully started tomcat8 on ubuntu machine. But I can not see tomcat8 among services. What do I have to do to be able to start/stop/status tomcat8 from "sudo service tomcat8 start"? A manual for dummies would be much of help, thanks!
<Daviey> med_: If it is easy to reproduce, i'd be tempted to git bisect the client :)
<med_> it's already fixed in the upstream client
<med_> we just need it....
<med_> https://git.openstack.org/cgit/openstack/python-neutronclient/commit/?id=4b6ed760d4303744907feefd81e60f38ae3750ef
<med_> in UCA
<med_> thanks Daviey
<med_> which means an older client MIGHT work.
<Daviey> med_: The normal process for UCA updates is to get it fixed in the Ubuntu release that tracks the OpenStack release, in this instance it is Ubuntu Vivid.  So a normal SRU then, then a copy to UCA.
<med_> gotcha
<Daviey> med_: but funnily enough, Ubuntu Cloud Archive isn't a Ubuntu deliverable :)... So you'll need to speak to someone at Canonical for that :)
<med_> (and yes, I'd forgotten that much)
<med_> truestory.
<K4k> When locking down the grub2 prompt, I set the password_pbkdf2 line in /etc/grub.d/40_custom and update-grub yells at me. It complains that "password_pbkdf2 is not found"
<K4k> I've set this up per the documentation here: https://help.ubuntu.com/community/Grub2/Passwords#Password_Encryption
<Daviey> med_: But if you want to propose it to stable/kilo upstream openstack/python-neutronclient, i can +2 it there... and I can also help SRU it to vivid. :)
<med_> nod
<med_> working on that
<med_> realigning my ducks.
<med_> oh, already fixed in stable/kilo
<med_> which is using 2.4.0
<med_> unfortunately, vivid didn't update the clients (enough)
<Daviey> med_: Sadly, *just* missed the neutronclient point release by a few hours...
<Daviey> (This is another reason point releases suck)
<Daviey> oh
<Daviey> med_: There is now  stable/kilo branch of neutronclient, doesn't seem fixed there
<med_> Daviey, I see the "Reinstate MAX URI length checking" in a git clone of python-neutronclient in the stable/kilo branch.
<med_> a403265ea1483e53b93bdb2d60493a9a9e1eb0bc
<med_> merges
<med_> 4b6ed760d4303744907feefd81e60f38ae3750ef
<med_> so merged on Mar 11, 2015
<K4k> Wow, the Ubuntu community docs can be so so terribly unclear sometimes
<Daviey> med_: Ah! you are right
<Daviey> So.. the minimum versions needs to be 2.6.0 ?
<med_> no, even 2.4.0 works
 * med_ double checks
<med_> yep, 2.4.0 has it
<med_> so I'm fine with a debina/patch that cherrypicks the change or a newer version Daviey
<K4k> How do you boot 14.04 in to single user mode?
<K4k> I've added "single" to the end of the "linux" line but it just goes to a black screen
<TJ-> K4k: black-screen probably means you need "nomodeset" as well - the video DRM is not properly supporting mode-setting
<LewsTherin> Anyone have recommended specs for a mailserver with dovecot, postfix, squirrelmail and a user management UI? Ubuntu 14.04.
<LewsTherin> Was redirected here from #ubuntu, with an opinion 2core 2GB might be enough.
<Sling> LewsTherin: for how many users? what kind of mail volume?
<LewsTherin> Couple emails a day, about 40-50 users.
<LewsTherin> Emails will be deleted once retrieved.
<Sling> sounds about right then those specs
<LewsTherin> Ok, thanks.
<LewsTherin> What about HDD space?
<LewsTherin> maybe 5-10GB?
<Sling> are the users mailboxes limited by quota?
<Sling> you might want to do that with 40-50 users
<LewsTherin> Probably won't be.
<LewsTherin> Hm, ok.
<LewsTherin> It's part of an automation system, so emails probably won't be on there too long.
<Sling> well yeah one imap fetch messup and itll be filled with emails :)
<Sling> but just keep the mail data on a separate partition at least
<LewsTherin> We'll mainly being using POP, due to requirements of the services that will be connecting in.
<LewsTherin> Ok, so a 5GB partition for system, 20GB for mail?
<LewsTherin> Just guessing here.
<sarnold> how large can your user's inboxes be with just 20gigs? I've got ~1.5 gigs in my ~/.mail_cache/ at the moment, not sure how much actual storage on the server that requires
<tonyyarusso> LewsTherin: I don't have as many users, but probably a higher volume per day per user, and I'm running it on a single core with 1GB RAM with no problems at all.
<tonyyarusso> My particular users are up to about 9GB of disk space at the moment, but that number would vary wildly.
<tonyyarusso> (Ours are IMAP, keeping stuff on the server permanently)
<tonyyarusso> If you're POPing everything down within a month or less I'd think 20G should be plenty.
<LewsTherin> Ok
<HikaruBG> hi guys
<HikaruBG> I have to run node js server on a remote ubuntu server via SSH
<HikaruBG> I can run it, but once I close the ssh session - the server is down
<teward> screen
<HikaruBG> how can I create server daemon
<bekks> HikaruBG: you could create an init script, or just run your node js thing in screen, or using nohup.
<teward> either run it with & at the end which sends it to the background, or use `screen` and run node.js from there,
<teward> or nohup which is also a slution
<bekks> Using screen gives you somehow more control, in case it throws console messages.
<sarnold> screen means you'd have to deal with it again next reboot; I'd go to the trouble of making an initscript or upstart config file for it, that way you don't have to think of it the next reboot :)
<teward> ^ that
<teward> heheh
<teward> sarnold: unless it needs manual startup, say, because it needs credentials or a pw or something set up, which would be odd but still
<teward> :p
<sarnold> teward: eh, good point, ssl privkey or something..
<teward> mhm
<bekks> I never dealt with nodejs - what is this thing?
<teward> bekks: another webapp solution
<bekks> What is it for?
<teward> web applications :p
<teward> https://nodejs.org/
<sarnold> bekks: server-side javascript
<sarnold> bekks: for folks who just can't get enough callback hell :)
<teward> "Node.js is an open source, cross-platform runtime environment for server-side and networking applications. Node.js applications are written in JavaScript and can be run within the Node.js runtime on OS X, Microsoft Windows, Linux, FreeBSD, NonStop, IBM AIX, IBM System z and IBM i."
<teward> basically server-side javascript for people who want to intentionally torture themselves :P
<bekks> Javascript - that crap used for dynamic menus and stuff?
<teward> mhm
<rbasak> teward: :)
<teward> rbasak: hello!
<teward> long time no talk :P
<teward> for the record, Landscape makes managing 8 Ubuntu Server VMs real simple - one location to rule them all :P
<teward> (+1 for Landscape :P)
<rbasak> Nice!
<teward> oh that reminds me
<teward> where can i make a bugreport/complaint about it?
<teward> given i'm on LDS, not the cloud service, canonical has no obligation to listen :P
<bekks> teward: that landscape thing - how much does it cost to manage my 5 Ubuntu instances at home?
<teward> bekks: zero if you set it up on a server yourself.  10 physical machines, 10 Virtual machines, with the 'free' license - http://askubuntu.com/questions/549809/how-do-i-install-landscape-for-personal-use
<teward> past that you have to pay per system
<bekks> teward: Thanks a lot :)
<teward> and I forget how much it is per
<teward> that's a question for canonical sales
<bekks> I'd not reach that limit at home :)
<teward> bekks: nor would I, even at work - 6 VMs all managed and accounted for, one central location, soon to be 7
<bekks> teward: And it isnt a big problem to retire an old VM and set another vm in place?
<teward> bekks: you can remove a computer, which opens up its license slot for use
<teward> bekks: http://i.imgur.com/GIhq3qV.png  <-- remove computer button right there
<bekks> teward: Ah ok - thats good to know. A few of my VMs wont live that long and are replaced by new ones quite regularly.
<teward> it asks if you want to confirm it, and says "Deleting this will remove it from the system, and will free up a license slot for another system." or something similar
<teward> i have two landscape instances i work with... one at work and one for my own systems
<bekks> I guess thats a good way to go then.
<teward> bekks: configuration was a pain
<bekks> teward: ouch
<teward> i had to use actual SSL certs
<teward> because even when the custom CA certs are validated by the world, landscape-client won't work with it
<teward> (and by 'the world' i mean the test lab I tested it on)
<teward> hence my wanting to bug-report on the client
<bekks> Well, that sounds like I want to implement an ansible instance instead
<teward> bekks: probably is, but since my domain is wildcarded... :p
<bekks> I'll take a look into both - ansible would be a good deal, since it supports more OS than landscape.
<teward> right
<teward> the enviros i'm in those're all Ubuntu boxes
<teward> VM or physical
<teward> won't help for other OSes
<bekks> I have a few other here, like Solaris, Windows, etc.
<teward> mhm
<tonyyarusso> sarnold: FWIW, I have actually run things in screen on startup using the magic @reboot cron time.  An init script would be better for most things though.
<tonyyarusso> (I've used that to launch my irssi session.)
<sarnold> tonyyarusso: hah, I've never thought to combine @reboot with screen :)
<tonyyarusso> You just have to use the right flags for start detached.
<tonyyarusso> Works well for things that should launch at startup, but that you will be manually interacting with later.
<sarnold> irssi is a good candidate for that
<teward> urgh i hate it when init scripts do bad pidfile parsing >.<
<trippeh> urgh i hate pidfiles >.< there fixed it ;)
#ubuntu-server 2015-07-30
<mariano> I got a machine (thinkcenter server) and I would like to use it to learn how to work with various databases. From what I understand, and correct me if I'm wrong, I can install ubuntu server on this machine and then install virtualbox. I can then install various virtual machines (i.e. mysql server, windows server, ect) and run them via a web browser (PHPvirtualbox)? Is this correct?
<sarnold> mariano: that sounds like a lot of work compared to just using libvirt and qemu/kvm
<mariano> Ok, let me read what libvirt and qemu/kvm are. I'm new to all of this.
<mariano> libvirt  qemu/kvm sounds a bit over my head. I'm a noob in all of this.
<sarnold> mariano: apt-get install virt-manager, and run it with "virt-manager", it'll provide a much friendlier gui
<mariano> So the main OS on the machine should be ubuntu server and dthen run apt-get on there yes?
<sarnold> yes
<mariano> Ok, perfect. I'll start messing with that stuff. And this will still be a headless option as far as running my guest machines correct?
<sarnold> mariano: yeah; to use virt-manager, you'll use ssh -X when connecting to it..
<mariano> Thank you so much for the info sarnold
<lordievader> Good morning.
<fishcooker1> if other user running apt-get dist-upgrade .. how to show progress log of the apting action?
<fishcooker> sorry for being disconnected.. how to show log progress of apt-distupgrade action .. in case there are other user doing that action?
<jamespage_> zul, hey - can you look at unblocking all of our openstack in wily - I'll have a bit of time tomorrow, but it would be nice to get the current log jam through before we have to work on l2
<zul> jamespage: ack
<momomo> Whenever I send a file with scp, the maximum speed seems to be around 1.2 MB/s ... why? Is there a way to increase this speed?
<JanC> momomo: how fast is the (upstream) internet connection that you use for the system where you send that file from?
<momomo> it should be about 10 mps
<momomo> maybe I am wrong thoguh
<momomo> speed testing
<momomo> yes, it's about 9-10
<teward> MB per second, or Mb per second?  (One's megabytes one's megabits)
<teward> if it's the second one, 1.2 MB/s is about what you'd expect from a 10 megabit upload connection.
<momomo> mbps
<teward> momomo: speedtest.net?
<momomo> yes
<teward> they use Megabit not MegaByte
<momomo> hmm .. ook so times 8 ?
<teward> momomo: 10Mbps (Megabits per second) is about 1.25 MBps (Megabytes per second)
<momomo> ook
<teward> (Megabits per second) / 8 = MegaBytes per second
<momomo> thanks for clarifying :)
<teward> momomo: so, 1.2MB/s is as expected for that type of an upload connection speed
<teward> now, 10000 Mbit / second... that's fun :P
 * teward had access to such a speed for all of 10 seconds xD
<teward> momomo: but to answer your initial question about the max speed being about 1.2 megabytes per second.
<teward> it's becuase you only have 10Mbit upload speed - that's 1.25MB/s
<jamespage> zul, ta
<jrwren> i wonder when 10Gbit hardware will be priced for home.
<Sling> infiniband is already pretty cheap
<jrwren> it is?
<funkenstrahlen> Anyone here running btsync 2.0 on an ubuntu server? I need some help setting it up: https://forum.bittorrent.com/topic/40008-sync20-headless-server-instanceconf-how-to-set-the-secret/
<hallyn> smoser: http://paste.ubuntu.com/11967817/  proposed seabios for wily, any objections/comments?  qa-regression-testing test-qemu.sh passes...
<smoser> nothing screams at me.
<smoser> i was just a cuople minutes ago reminising about
<smoser>  https://bugs.launchpad.net/ubuntu/+source/ipxe/+bug/921230
<ubottu> Launchpad bug 921230 in ipxe (Ubuntu) "presense of kvm-ipxe slows down kvm non-network boot" [Wishlist,Fix released]
<smoser> how was that fixed ?
<smoser> oh. you set the timeout to zero.
<hallyn> smoser: ok, will pushonce test-libvirt.py completes
<hallyn> thanks
<smoser> hallyn, since i like to complain about essoterric features not wroking correctly...
<smoser> booting qemu with the ovmf bios (for uefi) renders -curses useless.
<smoser> that bios goes itno 800x600 mode right away.
<fellayaboy> is an ldap server basically a domain controller with active directory in a sense?  is it so you can create and store new users and computers that join a domain and you could administer those users and ocmputers from there?
<fellayaboy> is ldap server basically linux
<tarpman> fellayaboy: an ldap server is just a database and a protocol for talking to it
<fellayaboy> version of domain controller and active directory
<hallyn> smoser: uh.  what.  why can't i find edk2 for wily?
<fellayaboy> oh okay
<pmatulis> fellayaboy: AD is strictly a microsoft product that, among other things, embeds an LDAP-like service
<smoser> hallyn, https://launchpad.net/ubuntu/+source/edk2 ?
<fellayaboy> ok so im familiar with active directory and creating a domain controller in windows server... whats linux equivalent
<fellayaboy> pmatulis, oh i see i see
<pmatulis> fellayaboy: investigate samba4
<fellayaboy> isnt samba just a file sharing protocol?
<pmatulis> fellayaboy: about a decade ago, yes
<fellayaboy> creates a networe share
<teward> it's far more than that now
<tarpman> fellayaboy: in addition to samba4, check out freeipa
<fellayaboy> could you provide a link of all the other stuff it does..i would google it but i know ill just get lost in the ocean of information
<fellayaboy> freeipa thanks tarpman
<fellayaboy> ive setup a samba share in ubuntu server 15.04 here at our enterprise...its quite fast and very reliable
<pmatulis> fellayaboy: https://www.samba.org/
<fellayaboy> works very well with our windows clients
<fellayaboy> guys thanks for that information
<pmatulis> fellayaboy: note samba4 and samba3 are not the same. the former is a complete rewrite and enables a standalone AD-like thing, replete with its own embedded LDAP service
<fellayaboy> very helpful thank you
<fellayaboy> i see pmatulis
<fellayaboy> so samba 4 and create domain users
<fellayaboy> apply some sort of policies to linux machines similiar to gpo?
<pmatulis> fellayaboy: normally i would point you to the ubuntu server guide but it has not been updated to samba4 yet
<pmatulis> fellayaboy: you really need to take some time, prolly a lot of time, and read the docs
<fellayaboy> i meant to say "can samba 4 create domian users?" and can it apply policies to machine objects
<fellayaboy> ill go over to samba too..since these are samba related questions  thanks pmatulis
<pmatulis> welcome
<hallyn> smoser: yeah, but aptitude doesn't find it
<hallyn> (or its binary packages)
<server-help> Can anyone explain this:  I have a server that hangs on boot and repeats the message 1fUbuntu12.041f.... several times
#ubuntu-server 2015-07-31
<pmatulis> dunno
<mariano_> I'm trying to install ubuntu server what is the most recommended partitioning method to choose from the install options? Use entire disk and set up LVM?  or just use entire disk?
<patdk-lap> depends on the usage
<mariano_> I have a server that I want to put virtual machines on. One drive is 120GB SD for the server and the second drive is 500GB for the virtual machines.
<mariano_> I'm new to server things, and to linux in particular so I'm kind of flying blind.
<kklimonda> tbh I default to LVM on all my servers nowadays.
<kklimonda> mariano_: ^ lvm gives you some extra flexibility, in case you need it - but it's also an extra layer that you have to make sense of in case something ever goes wrong
 * patdk-lap lothes lvm
<patdk-lap> and only uses it if I really really need it
<patdk-lap> and that is like on 2 servers out of hundreds
<mariano_> ok
<mariano_> thank you.
<mariano_> I'm going to use libvirt to setup the virtual machines. Should I install the virtual machine host during the ubuntu server install, or just the basic ubuntu server.
<sarnold> mariano_: I always just take the smallest possible install from whatever mechanism I'm using, apt-get intsall whatever I need once the thing is up and running
<mariano_> Ok, thank you. I'll give that a try.
<mariano_> I'm back to bother you guys with more questions lol. Towards the end of installing ubuntu server 14.04.02 LTS I get executing 'grub-install /dev/sde' failed. This is a fatal error. Any ideas how I can fix this?
<sarnold> can you execute it by hand?
<mariano_> Let me check.
<mariano_> It takes me back to the ubuntu installer main menu. I think I can finish installing ubuntu server without grub. Can it be fixed after the installation?
<mariano_> I also have the option of installing LiLo boot loader? or continue without boot loader.
<sarnold> LILO is still there????
<mariano_> Yea
<mariano_> My three options are Grub, Lilo, or continue without a boot loader. The Grub one keeps failing. I've redownloaded the server image and recreated the usb installer a few times.
<mariano_> Same thing keeps happening.
<wolflarson> is sde the correct drive?
<mariano_> Well, both drives that I have on there are clean. I can try to take out one drive.
<wolflarson> I had issues with ubuntu not detecting the correct first drive when I had multiple mounted and just had to specify what drive i wanted grub on by hand
<mariano_> ok, let me see if I can do that by hand.
<sarnold> this looks helpful, but eww http://askubuntu.com/questions/532540/ubuntu-installation-failure-unable-to-install-grub
<mariano_> ok, thank you. I'll give these things a try.
<garethdaine> Hey folks
<garethdaine> When completing a clean install of Ubuntu server is there a requirement to have a http web server on it like apache2 or nginx? Or can you simply install a clean copy of Ubuntu that will allow access via SSH?
<sarnold> garethdaine: it's been a wihle since I've used an installer, but I'm pretty sure there's an easy way to get through with a minimal install that's really just an sshd when you're done
<garethdaine> OK, thatâs good to know.
<garethdaine> Iâve asked our dedicated host to install a clean copy of Ubuntu 14.04 x64 without any software on it such as apache, mysql etc as I have provisioning tools that will do everything for me.
<garethdaine> THey initially installed it with Apache2, PHP, MySQL
<sarnold> d'oh
<garethdaine> I asked them to do it again, and now theyâve installed nginx
<garethdaine> So Iâm getting a bit pissed off
<garethdaine> haha
<sarnold> I suspect most users do want one or the other, so I'm not surprised that they have those preconfigured options..
<sarnold> hopefully hey've got some way for you to do an install on your own?
<garethdaine> Sure, in my case though Iâve specificially asked them on 2 occasions not to install anything
<garethdaine> No, I donât believe they have
<garethdaine> I havenât asked but Iâm pretty sure they haven't
<garethdaine> I will ask them that though now that you have mentioned it
<sarnold> you can make it work, apt-get purge nginx etc., but still, annoying :)
<garethdaine> Thanks for the advice
<garethdaine> Sure sarnold, with me knowing they have installed nginx, it makes me wonder what else they have installed
<sarnold> hehe
<garethdaine> I want the live environment to match exactly my development environment
<garethdaine> So my provisioning tools will do all that on a clean install
<sarnold> that's definitely worth doing right
<garethdaine> Thanks mate
<garethdaine> Appreciate it
<bcx_>  hi all, ubuntu novice here... was wondering if someone could talk me through server redundancy? i have 2 servers running ubuntu 14.04, not sure how to have 1 mirror the other...
<impi> Happy System Administrator Appreciation Day guys :)
<impi> You guys are awesome! Please never forget that we appreciate every inc of effort, every stressful night, everything you do for us :)
<impi> Peace
<jamespage> zul, trove is the final bit of the sqlalchemy puzzle left
<jamespage> ...
<zul> jamespage: ack on it
<jamespage> zul, ta - about to go for my flight home
<jamespage> nice to get this unblocked today if possible
<jamespage> leave things clear for l2 next week
<zul> jamespage: okies have a safe flight
<zul> jamespage: trove uploaded
<jamespage> zul, and proposed unlocked!
<jamespage> zul, what was the fix?
<zul> jamespage,  http://paste.ubuntu.com/11973425/
<jamespage> zul, 404?
<zul> jamespage: erm https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/openstack-trove/tree/debian/patches/fix-columun-uniqueness.patch
<zul> jamespage,  we can drop it in l2
<jamespage> zul, ack
<jamespage> well that will be next week :-)
<zul> yeah coreycb will love that ;)
<jamespage> hehe
<jamespage> we also need to push out a stable snapshot for kilo as well
<jamespage> catchup on fixes....
<jamespage> zul, zigo has done quite a few updates for b2 deps into experimental so we should just need a sync catchup there
<jamespage> zul, coreycb: pymysql is also going to be key - we have main projects switching for b2
<jamespage> cheerio python-mysqldb
<zul> jamespage: ack
<zul> jamespage,  im sprinting in montreal next week as well btw
<jamespage> zul, yeah - i remember - chatted with stgraber this week about next
<zul> jamespage,  oh oh :)
<gQuigs> I'm trying to increase the max open files limit (soft and hard) for samba processes on 12.04..  without changing anything other processes on system
<gQuigs> I can get hard to change using /etc/init/smbd.override or changing max open files in smb.conf, but I can't get soft to change...
<gQuigs> (and unlike what I remember there is no samba username for limits.conf)
<gQuigs> hmm.. looks like it's specific to http://upstart.ubuntu.com/wiki/Stanzas#limit and smbd
<gQuigs> with other daemons the upstart soft limit get's applied correctly - tested with nmbd actually
<gQuigs> seems changing smb.conf (max open files) was the answer
<jrgifford> One off-topic message: I wish you all a happy sysadmin day. http://sysadminday.com/
<mariano_> I'm trying to format a hard drive to use as part of a kvm pool storage. Once I do fdisk -l command, I get Device Boot /dev/sda1, start 2048, end 976773167, blocks 488385560, id 83, and system linux. Does this mean that I successfully formated my entire drive  to have one  partition taking up the entire disk and with extension ext3?
<bekks> mariano_: No. It means you created a partition, primary, partition type 83. It doesnt say anything about the filesystem used.
<mariano_> How can I change it to a usable partition? Like ext3, ntfs, ect?
<patdk-lap> it is a usable partition
<patdk-lap> it's not a usable filesystem
<patdk-lap> assuming you want to install a filesystem on it
<mariano_> Yes, I think I need to install a file system on it.
<patdk-lap> well use mkfs for whatever filesystem you want to use
<patdk-lap> with whatever optiosn you want to use on that filesystem
<mariano_> Ok, I'll go read on that. Thanks.
<mariano_> After I install a file system to a partition, do I need to mount it or need a mount point? Does the server mount it automatically?
<sarnold> you need to mount it
<mariano_> ok, thanks. I'll go read on that.
<mariano_> :)
<lordievader> The server would mount it automatically if you define it in /etc/fstab
<mariano_> Do I have to do that in order for it to work everytime I restart the server?
<lordievader> Unless you want to mount it manually everytime, yes.
<sarnold> mariano_: yeah
<mariano_> Ok, thank you guys.
<mariano_> Is there a way to download iso files to ubuntu server and save them to a specific directory, say /guest_images_fs
<sarnold> mariano_: mkdir whatever ; cd !$ ; wget http://whatever
<tonyyarusso> mariano_: uh, wget?  Of course.
<mariano_> Ok, I'll read on that sarnold. Thank you so much again for your help.
<mariano_> voila... Got my headless ubuntu server running virtual machines. Thanks for all the help sarnold and the rest of you amigos. :)
<sarnold> mariano_: great :)
<mariano_> Now onto install databases and play with R. :)
<sarnold> \o/
<sarnold> "play with R" has been on my todo list for about fifteen years now...
<mariano_> hehe. I got tired of SAS and Stata. Besides, now that I'm out of school... I can't afford the $$$ for other programs that have the same features as R.
<sarnold> oof. yeah. spendy stuff..
#ubuntu-server 2015-08-01
<bitcoinassassin> Hi. Rubbing Ubuntu Server 14.04.2 LTS after most-recent updates cannot get past "configuring network interfaces" upon reboot
<bitcoinassassin> *Running
<sarnold> bitcoinassassin: try selecting a different kernel from the grub boot menu?
<bitcoinassassin> sarnold: thanks. I did that. same result.
<bitcoinassassin> sarnold: it actually hangs on 'starting network configuration'
<bitcoinassassin> is there some way to boot past this and then edit the network configuration file?
<patdk-lap> it isn't hanging there
<patdk-lap> that is just the last thing it prints
<sarnold> bitcoinassassin: you may have success if you add "single" to the kernel command line to tr booting in single-user mode; if that doesn't work, you can boot with init=/bin/bash  which ought to do the trick -- just don't forget the sync, remount read-only ..
<bitcoinassassin> sarnold: thanks.... but.... that's over my head; do you have a link to a post that tells how to do what you suggest?
<sarnold> bitcoinassassin: this isn't too far off of it: https://help.ubuntu.com/community/LostPassword
<sarnold> "The Other Way" -- just before "reboot" I'd add in "sync ; remount -o ro /" -- the remount might not actually work, but it's worth trying first :) heh
<sarnold> sigh
<sarnold> not remount -o ro / --- mount -o remount,ro /   --- I knew that felt wrong even as I typed it and thought it was just the keyboard I'm using.
<bitcoinassassin> ok thanks .......I'll check that out
<bitcoinassassin> ahhh well...... to no avail....... I'm wasting so much time it's quicker to just reinstall the server os..... thanks anyway
<holms> hi, i've got upstart init script stuck in here.. probably not releasing tty..  http://paste.ubuntu.com/11977248/ can please someone take a look :)?
<sarnold> holms: does /var/www/shrinktheapp/bin/celery daemonize automatically?
<sarnold> holms: maybe add some -z ${CELERYD_PID_FILE} kind of checks, for all the variables needed, after sourcing the configs?
<holms> hmz
<holms> it does daemonize automatically
<sarnold> holms: is pre-start the best place to put it?
<holms> that's just example i've found
<holms> what's your recommendation :)?
<sarnold> holms: perhaps you could try < /dev/null > /dev/null 2>/dev/null to try disassociating the fds the script has... (that's a WAG)
<holms> what's -z ?
<sarnold> it checks that there's contents in the variable..
<sarnold> ah, that's -n, -z checks that it's empty: http://tldp.org/LDP/abs/html/refcards.html
<holms> CELERYD_PID_FILE="/var/www/shrinktheapp/project/run/%N.celery.pid"
<holms> would be vice, just not the case probably
<holms> is ther's posibility that it's celery-multi not realeasing tty?
<sarnold> holms: re: starting the daemon, I'd expect this to be the better config directive: http://upstart.ubuntu.com/cookbook/#exec
<sarnold> holms: and the expect directive to tell it how many times it'll fork()....
<holms> okay will do
<holms> reload configuration, still the same =/
<holms> lol after executing command manually
<holms> it closed ssh connection what the hell :D
<sarnold> holms: !!
<sarnold> holms: wow :)
<holms> anyone good in upstart in here?
<holms> got things moving but still stuck.. it's just freezed when service celery start being done
<holms>  http://paste.ubuntu.com/11977693/
<holms> in 15.04 there's no python 2.7?
<holms> at least in digital ocean
<tonyyarusso> Um, sure there is.
<holms> python2.7 ok i've installed it /usr/bin/python is not found
<tonyyarusso> http://packages.ubuntu.com/vivid/python
<holms> linking manually? ouch
<holms> ansible doesn't work out of the box
<tonyyarusso> 2.7 is even still the default in 15.04, so I have no idea what you're talking about.
<eredwood> hello everyone
<holms> in 15.04 default is python3
<holms> /bin/sh: 1: /usr/bin/python: not found
<holms> fresh system from digital ocean image
<eredwood> I have a Ubuntu file server and on that server I have a working DVD RW. I would like to use it form any computer in my house I am using samba as my file server. I tried to mount it using fstab but it not wokring  any ideal on what I should do to make it work?
<sarnold> eredwood: what error did you get when you tried to mount it?
<eredwood> sarnold let me check the log file
<holms> so where did /usr/bin/python gone from 15.04?
<sarnold> holms: you ought to be able to install python 2 with apt-get install python2.7
<holms> yeah
<holms>  /usr/bin/python still absent
<holms> root@celery-test:~# ls /usr/bin/python*
<holms> /usr/bin/python2.7  /usr/bin/python3  /usr/bin/python3.4  /usr/bin/python3.4m  /usr/bin/python3-jsondiff  /usr/bin/python3-jsonpatch  /usr/bin/python3my
<tonyyarusso> holms: Just checked myself, and the default in 15.04 is most definitely 2.7.9, not 3.
<holms> well then digital ocean image is broken?
<tonyyarusso> Or you broke it.
<holms> i didn't do anything
<holms> restored image from scratch
<holms> only python3 presents
<sarnold> heh, my minimal building schroots don't have any /usr/bin/python symlinks either. go figure.
<holms> if anyone would check AWS im pretty sure it will be the same
<sarnold> my 14.04 lts does have symlinks, both python and python2 are symlinked to python2.7
<holms> it's about 15.04
<holms> 14.04 works fine for me
<eredwood> sarnold I cant tell you the error but this is the way I have it set up in the /etc/fstab : #/dev/sr0/   /media/cdrom         defaults   1        2
<eredwood> what I do know is that the server come to a stop and I have to hit S to move it to the next level
<eredwood> or so that I can log in
<sarnold> eredwood: '1 2' are odd choices for the dump and fsck fields; try setting those to '0 0' instead.
<eredwood> ok cool
<sarnold> eredwood: oh and change 'defaults' to 'defaults,noauto'
<eredwood> cool
<eredwood> That what I love about Linux thank you and every one that I get the chance to work with
<sarnold> eredwood: woot :)
<holms> how to start a service on boot other then upstart (it freezes with celery-multi, offial bug), other than systemd (because ansible doesn't work with 15.04), otther then supervisord (because i can't find how to specify start/stop commands manually)
<skrp> how the crap can i filter the syslog and many other important logs in /var/log ?
<skrp> to take out all the regular traffic. like instead of output where it counts the times the 'incident' happened
<skrp> in the freebsd fw logs you can adjust them so that they count instead of it over and over
<skrp> *adjust the logs so each incident is counted not repeated-line-for-line*
<sarnold> skrp: investigate logwatch
<eredwood> sarnold in the fstab file was I to use deaults and noauto  together with the coma or was I to use just noauto?
<eredwood> to use the cdrom
<skrp> sarnold, nothing native to ubuntu? i stay more pure closer to the core
<sarnold> eredwood: I'd go with "defaults,noauto" -- I'm pretty sure that works..
<sarnold> skrp: heh, welcome to linux :(
<skrp> sarnold, haha. thanks. proud to be here... actually im thinking of going to PCBSD
<sarnold> skrp: in my experience, none of the linux distributions feel quite as 'smooth' or polished as the BSDs.
<skrp> linux soo messy
<sarnold> skrp: .. but the flip side is, the debian/ubuntu archives are _huge_, have a lot more packaged than are available in ports or pkgsrc etc...
<skrp> sarnold, you are a wise one
<sarnold> skrp: of course, pf is (imho) way nicer to configure than iptables, but I think iptables will scale far far further on much larger hardware, if that's your thing... always tradeoffs.
<skrp> sarnold, so why do you use ubuntu? i would like to know why you pick it of all distros
<sarnold> skrp: I was pretty happy with debian, but ubuntu switched to using security-hardening throughout the distribution extensively by default: safer compiler options, ASLR in the kernel, integrated apparmor support, and dedicated security team to do security updates
<sarnold> skrp: I liked it well enough to join canonical's security team and help out :) hehe
<skrp> i been on ubuntu. it has been a kind learning curve. but now it is a compromise on my system because its "less polished" its a mess
<sarnold> skrp: .. but part of me will always miss the nice polished feel from our bsd friends.
<skrp> sarnold, daemon for life. i just use ubuntu cause im addicted to gaming
<sarnold> hehe
<skrp> sarnold, you gonna make it to DefCon?
<sarnold> skrp: not this year
<sarnold> skrp: I've only been a few times, and it was for capture-the-flag contests each time, so I've never actually _seen_ most of defcon..
<skrp> im not to far from it so i'm carpoolin
<sarnold> nice :)
<skrp> ctf so you are one of hose guys
<sarnold> purely defensive. I'm useless for exploits :(
<skrp> *thank gawd im behind a bouncer*
<skrp> sarnold, why did you say that "but ubuntu switched to using security-hardening throughout the distribution extensively by default: safer compiler opt"
<skrp> sarnold, why did you say that like it is a bad thing
<sarnold> skrp: hah, sorry to give that impression -- that was the feature that caused me to move _to_ ubuntu :)
<skrp> sarnold, ahhh. i pm lattera who is developing hardenedbsd. which takes it to the max
<skrp> sarnold, but the memstick img won't work :)
<skrp> sarnold, i came to the server last week. vlc was running at 99% cpu. my pfsense box was rooted. and my lxde hacked to shit on my ubuntu
<sarnold> aww :(
<skrp> my own fault... i wasn't watching logs. i partied all that weekend
<skrp> sarnold, you sniff anything out. i don't even have ports forwarded to my ubuntu. how could it have happened...
<sarnold> skrp: I've gotten the impression that most hacked systems are (a) brute-force sshd password guessing (b) webbased control panels (c) wordpress plugins, etc...
<skrp> sarnold, logs were scrubbed and the server time was hacked. like system time was the vector, as that is popular
<skrp> sarnold, do do torrenting, wget -m, and various other things too
<sarnold> this is the only CVE that we know is open against ntp: http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5146.html
<sarnold> skrp: torrent software can be pretty variable.. you might want to use an apparmor profile around your torrent client, I really don't trust those..
<skrp> sarnold, you got to slum in the slums sometime. live fast. die young.
<sarnold> hahaha :)
<skrp> i wild card torrents so its even worse :)
<skrp> movie file 190* - 198* #every movie torrent from years 1900-1989
<skrp> sarnold, i don't find porn from 1906 very appealing but you get what you get with castin a net
<sarnold> show more ankle!
<skrp> they were pretty ugly back then. i'd rather fk a sheep.
<skrp> Brigham Young. Poligamist of 25+ wives, and they were all ugly as sin
<eredwood> sarnold how long have you been working with Linux.
<sarnold> eredwood: about 21 years
<eredwood> cool
<eredwood> are you a sys admin
<sarnold> eredwood: no; just my own systems..
<eredwood> The reason cool
<eredwood> cool
<eredwood> sarnold when I grow up I want to be like you LOL
<sarnold> bed time :) have fun guys
<sarnold> hahaha
<sarnold> when I grow up I want to be a puppy dog
<eredwood> Have a good night
<sarnold> nn :)
<eredwood> Good night eveyone
<eredwood> Good night everyone
<eredwood> Thanks again
<eredwood> this a test
<lordievader> Good morning.
<kklimonda> any best practices on "quarantining" new packages until they've been tested on a subset of all servers, before doing more widespread upgrade?
<cluelessperson> Hey all.  I'm trying to setup CIFS mounts
<cluelessperson> problem is it keeps telling me Permission denied...
<cluelessperson> but no clue where that is.
<lordievader> cluelessperson: Permission denied on what? Logging in?
<cluelessperson> lordievader,  I do   mount -v music and it tells me Error 13
<lordievader> Can you browse to your share and look at the contents?
<cluelessperson> lordievader, yes.
<lordievader> Do you need credentials for that?
<cluelessperson> lordievader, yes.  However, on my laptop, I first logged in as my user, and now I can't try another user
<cluelessperson> lordievader, However, I tried messing with the permissions for that active user.  They're the same for the user I'm trying "mediashare"
<lordievader> cluelessperson: http://ubuntuforums.org/showthread.php?t=1871142&s=db1f510747d9360ff5891e964fc631b5&p=11403163#post11403163
<cluelessperson> sec=ntlmv2 gives me invalid arguement
<Waddup> hi guys just wanna ask, i have an ubuntu server 14.04 with 4 3TB WD Red setup in raid 0+1 and separated 1tb Regular for OS Drive. now everytime i save from it after i close the file i save it becomes corrupted. is it because probably my drives have bad sector or because there is somethign wrong with my setup?
<lordievader> Have you checked if the drives contain bad sectors?
<Waddup> i am currently,
<Waddup> i have not checked it before since it was new
<Waddup> i loaded it one by one on my windows computer and run hdtune.
<lordievader> Waddup: Could you pastebin the output of smartctl -a off all four drives?
<Waddup> this is my first project in linux and i dont really know if there is a way to chec badsectors like hdtune does on pc in linux
<Waddup> hold on
<Waddup> letme download smartmon first i dont have it yet
<Waddup> i was wondering because it was doing ok at first had 300gb worth of files in it already and just a few weeks later it started corrupting my files one by one
<Waddup> lordievader : here you go http://pastebin.com/tACvatMD
<lordievader> There is one disk with a raw_read_error_rate of 52, the rest is fine. No bad sectors.
<Waddup> so what should i do with that one?
<lordievader> See if it increases or not.
<lordievader> What kind of raid are you running?
<Waddup>  raid 0+1
<lordievader> Waddup: How is it set up, hardware? Software?
<Waddup> software
<Waddup> i have it on an i7 4600k machine with 32gb of ram
<Waddup> and a sabertooth z97 board
<Waddup> what do i do to see if the 52 in raw read error increase? just check smartctl again?
<lordievader> Waddup: Yes, or run the smartd to check it for you.
<lordievader> Waddup: mdraid, lvm raid?
<Waddup> mdraid i think
<Waddup> i just used webmin to put it to raid
<Waddup> sorry im really new to linux and have no idea what i am doing. i just followed a few instructions on the net
<Waddup> anyway in anycase if it increases or not both means i need to replace it right?
<lordievader> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<lordievader> Fyi ^
<Waddup> i see.
<lordievader> Waddup: Not necessarily, it might just be a bad sata cable or something. Anyhow with a raid 01 you should see any effect of it, in theory.
<Waddup> so i should uninstall it
<Waddup> smartd /dev/sde
<Waddup> is this correct?
<lordievader> Yes, it is better to properly administer your server through ssh than webmin.
<lordievader> Waddup: https://help.ubuntu.com/community/Smartmontools#Advanced:_Running_as_Smartmontools_as_a_Daemon
<lordievader> The config file explains a lot.
<Waddup> thankyou ill go take a read
<Waddup> thank you
<Waddup> anyway just in case i wanted something like a webmin, for lets say i need someone less inexperienced than me to take care of it while im away
<Waddup> is there anything like it that still works great with ubuntu?
<lordievader> A web based control panel? No idea, I rather dislike those things.
<Waddup> ahh cool with me bothways. thanks
<Waddup> oh one more thing, if the file corruption still continues, whatelse could still be done to check which is at fault?
<lordievader> Then you want to figure out if it is a block level or at filesystem level.
<Waddup> i tried checking the os drive too, could this also be a cause in file corruption ? http://pastebin.com/iBJz7cuh
<lordievader> Unlikely.
<Waddup> i see, well i guess ill jsut have to try and buy another 3tb and replace the faulty drive
<Waddup> thankyou
<lordievader> I'd say that would be too much of a rush job.
<lordievader> If it is at file system or raid level buying a new drive wouldn't solve anything.
<lordievader> First investigate the problem.
<Waddup> i see
<Waddup> ill try to read about how to check if the filesystem or raid level is at fault
<Waddup> thanks lordievader
<lordievader> Sure, no problem
<j3r0> guys what is setgid www-data ?
<lordievader> j3r0: https://en.wikipedia.org/wiki/Setuid It sets the group to www-data (Apache usergroup).
<bekks> j3r0: setuid www-data sounds like wrong approach.
<bekks> j3r0: What are you actually trying to do?
<skrp> i have a 1 ubuntu and 5 bsd on my rack. i use the ubuntu as a gui client. im thinking of switching to pcbsd
<skrp> would the diversity avilable of having a ubuntu box be valuable in a way im not seeing/
<j3r0> bekks I am trying to set up django with gunicorn
<j3r0> Guys if I have some apps install as root user. If I create a normal user, will the user will access to apps ?
<bekks> j3r0: Depends on how you installed your software.
<j3r0> from what I rember I always used sudo command. I don't now if that matters though
<bekks> And how did you install which software?
<genii> If they installed to the normal places which are in their normal PATH like /bin /sbin /usr/bin /usr/sbin   then the normal user will be able to find them, but if those applications require root or sudo to run, then the user will need to be added to sudoers
<j3r0> almost 90% of the installations were made with sudo apt-get install
<JanC> that should be fine
#ubuntu-server 2015-08-02
<j3r0> guys every time  I try to install postgres I get perl: warning: Setting locale failed
<j3r0> and i think I have tried everything on google
<j3r0> perl: warning: Falling back to the standard locale ("C").
<j3r0> locale: Cannot set LC_ALL to default locale: No such file or directory
<j3r0> guys at the moment I don't have a domain , just an IP, can I for example have 213.342.1231./blog ?
<teward> j3r0: no
<teward> oh
<teward> hxxp://1.2.3.4/blog  <-- that you can achieve
<teward> (with your IP)
<teward> i misread
<j3r0> yes
<j3r0> ok thnks
<j3r0> because atm I have a "django app"(just running django) on my main IP
<j3r0> and on my main IP I want to have my personal site
<bugzc> Hey. I am trying to figure out what firewall is running on my ubuntu server. it's running on an odroid. its not iptables/ufw. any suggestions? trying to open a port.
<bugzc> ubuntu 14.04
<bugzc> nevermind. tyl_tcp was binding to localhost. doh
<bugzc> looks like this image comes with no firewall enabled by default.
<lordievader> Good morning.
<RoyK> morning
<lordievader> Hey RoyK
<ud> Guys, is it good practice to create symlink under /var/www which points to some directory under my (non root user) home ? I want to avoid use of sudo while working with html files. and I dont have write permissions to /var/www
<lordievader> Add yourself to the www-data group.
<ud> ok, but that gives me access to entire /var/www directory.
<j3r0> guys hey. I have a nginx server, basically an ip adress. What I want to do is 3234.234234.42342/blog
<j3r0> how I can do this ?
<j3r0> anyone ?
<Sling> j3r0: so do you have your nging server running? what happens if you browse to your ip using a webbrowser?
<j3r0> I see the nginx welcome page
<j3r0> all good
<Sling> okay so put your blog directory in your documentroot
<j3r0> so simple ?
<j3r0> thanks
<Sling> also make sure the nginx user can read the files and has execute permissions on any subdirectories
<Sling> apart from that, pretty much yeah
<RoyK> Sling: execute?
<RoyK> Sling: no need for that
<RoyK> j3r0: just configure nginx to use the right directory - the default is /usr/share/something, which is something you shouldn't use
<RoyK> j3r0: also - no need for +x on the files
<j3r0> I am having problem with 403 error
<RoyK> then there should be logs
<j3r0> I have to figure out, because at the /blog I want to symlink a django blog app
<j3r0> I pay the price for being windows user all this years
<Sling> RoyK: not in the files no, but on the directories
<Sling> s/in/on./
<holms> anyone knows what's going on when upstart just hanging while starting or restarting service?
<holms> i've solved this in config file, where sofware just returns to tty.. with respawn
<holms> now this case where it runs as daemon.. so nothing helps
<holms> http://paste.ubuntu.com/11987580/
<holms> when command fails to start it usually just fails, but i've got hanging command
<lordievader> holms: Does '/var/www/shrinktheapp/bin/celery' deamonize?
<holms> yes
<lordievader> Is there anything in the upstart log?
<holms> yeah ctually there's errors in there
<holms> my just question would be despite of python errors in there, should it be hanging?
<holms> hmz well 'service flower start', it hangs, nothing in logs
<lordievader> holms: Just to make sure the 'sudo service start <service>' hangs?
<holms> cleared out logs, and just checked it
<holms> lordievader: yes it does
<lordievader> holms: Hmm, no that should not hang.
<holms> found mistake in script regarding variable, but that doesnt fix anything))
<lordievader> In what state does the command hang?
<holms>  2722 pts/3    S+     0:00 start flower
<lordievader> Hmm, well at least it ain't D ;) You could hook strace into it to see what it is doing/
<holms> never did strace of running process
<holms> one sec
<holms> restart_syscall(<... resuming interrupted call ...>
<holms> that all i got in log
<holms> strace -p 2722 -s 80 -o flower.log
<lordievader> Hmm, kind of out of my depth here. Haven't written an upstart script in quite some time.
<genii> Maybe it would just be more prudent to make it an sysvinit script and use update-rc.d on it instead. Will still get called from upstart same as everything else in /etc/init.d
<holms> got celery working under upstart..
<holms> maybe..
<prelude2004c> hello everyone
<prelude2004c> anyone here familar with webdav & nginx ?
<prelude2004c> i am having some trouble with rources not available  and TTP/1.1 500 Internal Server Error
<prelude2004c> for whatever reason it wont write to file system
<prelude2004c> i been at this for hours.. i am stumped
<holms> wooo.. lordievader got interesting twist in here
<holms> before i execute this line in cli:  . /etc/default/celery , flower command works
<holms> after this line, flower command stucks
<holms> ah so after passing --app it freezes,, great
<lordievader> What is in that file?
<holms> just env vars in there, anyway, so when passing arguments to celery-flower it stucks
<holms> so it's not upstart problem
<maleb0lge> Could anyone help me setup openvpn with two nic's?
<maleb0lge> I'm trying to setupt an openvpn server to be used with one nic, and an openvpn client to be used by another nic (connecting to a vpn service provider like PIA, Torguard, etc.)
<maleb0lge> Does that even sound possible?
<teward> maleb0lge: possible? yes.  sane?  probably not
<maleb0lge> teward: it seems that way, but adding a virtual machine might bog down my limited server and impact quality of vpn connection :(
<maleb0lge> 1.5gb ram, 8gb ssd, pentium 4 (hyperthreading!)
<teward> setting up the forwarding would be difficult, but you can have the OpenVPN server bind to one port, and then reach out to the remote port over the other NIC by setting the default route
<lordievader> Pentium 4? Wow... What are you trying to accomplish?
<teward> but on a pentium 4...
<teward> what exactly do you want to accomplish here
<patdk-lap> didn't think ubuntu even booted on p4's anymore
<maleb0lge> well, have my openvpn server so that I can connect to my machine, manage it, remotely, but also use it as a torrent server all in one package
<maleb0lge> also to serve media to my home network!
<maleb0lge> am I asking too much of it?
<teward> maleb0lge: on a pentium 4 probably
<teward> especially if you're limited to 8GB SSD and 1.5GB RAM
<teward> i'd not put a media server, a VPN server, *and* a VPN client on there.
<teward> but you also haven't defined your overall use case
<teward> why do you need the VPN *client* to exist on there
<teward> the headache of running a VPN server just so it can in turn VPN to elsewhere is... well, headachey.
<maleb0lge> well, I only want certain programs to use the openvpn client
<lordievader> maleb0lge: For the vpn server part, doesn't ssh suffice?
<teward> maleb0lge: that's not really attainable, you VPN everything, or nothing, you don't really get to pick which programs go over the VPN...
<teward> not in a 'sane and easy to configure' way anyways
<maleb0lge> lordievader: it might have to, but I thouhgt that, traditionally, in order to securely surf the internet at, say, a coffeeshoppe that you should connect through a vpn
<maleb0lge> teward: i think you may be right, and running a vm with openvpn client seems to be a bottleneck
<teward> i didn't say you had to use a vm
<teward> but you still can't 'pipe' traffic in that way on the host, VMs can do it, but yes, it'd be a bottleneck.
<maleb0lge> that was what I was at first planning to do
<maleb0lge> so, I might have to purchase a raspbpi anyway
<maleb0lge> if i want to make my life easier
<maleb0lge> do you think a raspberry pi A+ (256MB) model would suffice as a dedicated openvpn server?
<JanC> maleb0lge: AFAIK its network interface is connected to USB & not 100% reliable, especially when there is a lot of traffic?
<maleb0lge> JanC: with all raspbpi's? or just model A+?
<lordievader> maleb0lge: All.
<JanC> probably better run OpenVPN on OpenWRT on some dedicated router hardware
<maleb0lge> isnt the pi more powerful than say Linksys WRT54G
<maleb0lge> ?
<JanC> that hardware is > 10 years old...
<maleb0lge> so, yes?
<maleb0lge> but, it might be sufficient for basic stuff: http://www.cse.wustl.edu/~jain/cse567-08/ftp/ovpn/#sec4
<maleb0lge> and i have two of those ancients laying around somewhere
#ubuntu-server 2016-08-01
<JanC> would be nice to get this patch in Xenial: https://github.com/zfsonlinux/zfs/commit/a9977b37ca7bd27ff28de435f8666e253ff6330e
<Thumpxr> were there any mySQL improvements in the last 2 weeks? i noticed a huge RAM drop of the SQL process.
<Thumpxr> around july 22th
<showaz> Thumpxr: pff percona/mariadb (thread-handling="pool-of-threads") https://www.percona.com/doc/percona-server/5.7/performance/threadpool.html
<showaz> Thumpxr: https://jira.mariadb.org/browse/MDEV-6150
<showaz> Thumpxr: mysql 5.8 new default config (lower better for production).
<showaz> Thumpxr: http://mysqlserverteam.com/planning-the-defaults-for-mysql-5-8/
<jak2013> why cant do a ping to google? i have on /etc/resolv.conf nameserver 8.8.8.8 which other thing? need check?
<Thumpxr> any firewall rules? ping is ICMP, if you havn't allowed this, you cant ping
<jak2013> Thumpxr how to check?
<showaz> Thumpxr: ping over UDP work?
<Thumpxr> showaz https://tools.ietf.org/html/rfc1122
<showaz> October 1989 no thanks
<showaz> deprecated rfc
<cpaelzer> jamespage: as of now the DPDK 16.07 bits are not yet accepted in OVS master, so even if they cut a branch today it won't work
<cpaelzer> jamespage: I'll give you a note once that is in so you don't have to track it
<albech> morning all
<albech> i cannot seem to make the dns-nameservers entry in /etc/network/interfaces work.. After reboot still have no nameservers configured.
<Odd_Bloke> albech: I may not be able to help, but if you pastebin your configuration it will be easier for others to do so. :)
<albech> http://paste.ubuntu.com/21747469/
<cpaelzer> rbasak: If you have a few mnutes, since you are kind of an SME already after the merge if you would have some minutes you could check if my SRU prep is ok and consider sponsoring it at bug 1567540
<ubottu> bug 1567540 in ntp (Ubuntu Xenial) "ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)" [High,Fix committed] https://launchpad.net/bugs/1567540
<rbasak> cpaelzer: SME?
<rbasak> Anyway, looking.
<rbasak> cpaelzer: for dep3, instead of "Forwarded: already upstream" can we say "Origin: upstream"? If possible, "Origin: upstream, <url>".
<rbasak> Then Forwarded isn't necessary, and we're using standard field values.
<cpaelzer> rbasak: ok will do
<cpaelzer> rbasak: I'll wait another few minutes if you find something else to wrap it up in uone upload
<rbasak> Sure
<rbasak> cpaelzer: what did you mean by SME?
<cpaelzer> subject Matter Expert
<rbasak> Oh, OK :)
<cpaelzer> I thought that is a known abbreviation, but then I just recently came from the company that has TLA being the three-letter-abbreviation for the word three-letter-abbreviation :-)
<rbasak> :)
<rbasak> cpaelzer: the rest of it looks fine. I'm not going to separately verify that you're backported the patches correctly - I trust you on that. I presume this isn't a minimal patch (or doesn't look like a minimal patch at least) because of our previous discussion on minimising regression risk? The SRU team might query though, so I advise putting that discussion into the SRU information.
<rbasak> cpaelzer: also "Fortunately not all, but most of this change is upstream and tested
<rbasak>    quite heavily a few months already." doesn't quite tally with all four bugs' dep3 headers saying that the patches are upstream. Is that because you mean they are upstream but not heavily tested?
<rbasak> cpaelzer: in any case, this is minor and can get cleared up later if the SRU team query, so up to you. I'm happy to upload as-is, but fixing the Origin/Forwarded fields would be nice.
<rbasak> "So we are really dependent on
<rbasak>    the reporters here that seem to have the kind of hardware where it
<rbasak>    "crashes reliably"."
<rbasak> Sometimes in this kind of case I ask for a commmitment from a reporter to do SRU verification before uploading.
<rbasak> However, I appreciate there is a timing issue with security updates too, so it's up to you.
<rbasak> Sorry for the brain dump. I'm done now :)
<cpaelzer> rbasak: thanks, revising it in a few minutes
<cpaelzer> rbasak: and on the minimal patch - I was able to create the minimal patch
<cpaelzer> rbasak: so my former "being afraid if backportable" was wrong
<rbasak> cpaelzer: ah OK, np. It was larger than I expected for a minimal patch.
<cpaelzer> rbasak: I also found that "Fortunately not all, but most of this change is upstream and tested" is misleading, fixing that as well
<albech> anyone have an idea why my dns isnt getting set: http://paste.ubuntu.com/21747469/
<cpaelzer> rbasak: and finally since you wondered about the size I gave it some harder scrutiny and was able to remove 1/4 patches
<cpaelzer> rbasak: but more isn't possible
<cpaelzer> building and testing, I'll give you a ping then
<rbasak> Nice, thanks. I'm happy with your judgement.
<cpaelzer> rbasak: ok, the bug is up to date and has the new debdiff => bug 1567540
<ubottu> bug 1567540 in ntp (Ubuntu Xenial) "ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)" [High,Fix committed] https://launchpad.net/bugs/1567540
<Odd_Bloke> albech: Try indenting lines 13-19 (and maybe 21 as well).
<hackeron> Hi there, I'm seeing this: https://www.dropbox.com/s/5o71yczfv5zee2y/viber%20image-1.jpg?dl=0 - despite setting FSCKFIX=yes in /etc/default/rcS on Ubuntu 16.04 - any ideas?
<rbasak> cpaelzer: looks good, thanks. I think you forgot to drop debian/patches/ntp-4.2.8p4-segfaults-3-4.patch itself though it's dropped from the series file, so I can drop that before uploading. Also, shall I add an apostrophe to "Juergen Perlingers" in the changelog before uploading?
<rbasak> Sorry I didn't notice that last time!
<rbasak> cpaelzer: done. The bug status shouldn't be Fix Committed until it's accepted in the queue, so just In Progress for now (defined by the SRU procedure page).
<coreycb> ddellav, jamespage: greetings!  I'm going to open a MIR bug for cotyledon.
<albech> Odd_Bloke: yes im aware that that may be the problem could be found there, more interested in what the problem might be, cause i cannot see anything wrong and the ipaddress, netmask, default gw etc is assigned correctly.
<Ussat> Odd issue on a server here , I am doin auth via kerberos, I can SSH into the server fine, but can not login via desktop ? Ideas where to start looking ?
<albech> Ussat: the log files ;)
<Ussat> NM, found the issue
<fritchie> can I determine what app is causing crashes when I see
<fritchie> Core dump to |/usr/share/apport/apport 23660 6 0 pipe failed
<RoyK> fritchie: run the 'file' command on the coredump and it will tell you
<fritchie> royk, no file is ever produced unfortunately
<RoyK> fritchie: what sort of crashes are these?
<fritchie> royk, thats what I am trying to figure out, all I have is a bunch of messages saying the apport pipe failed
<RoyK> just wondering what sort of crash it is - dying processes or dying machine?
<coreycb> jamespage, beisner: the following are ready to promote to mitaka-proposed when you have a moment: keystone 2:9.0.2-0ubuntu1~cloud0, nova 2:13.1.0-0ubuntu1~cloud0, openstack-trove 1:5.1.0-0ubuntu1~cloud0
<ddellav> coreycb jamespage cinder CI needs an update to oslo-utils, oslo-versionedobjects, and oslo-vmware for it to build. I'll add those to the list and work on them today.
<coreycb> ddellav, ok thanks
<cpaelzer> rbasak: ack - and thanks for chanhing in flight
<docmur> I'm working on securing a server, I'm looking for a good remote logging application, I've used rsyslog in the past but does anyone else know of good tools?
<sarnold> depends what you intend to do with it; what are you looking for that rsyslog doesn't do?
<docmur> Just looking for alternatives, rsyslogd is great
<sarnold> seems like most people are interested in getting metrics out of systems so they can graph things; https://prometheus.io/ or https://influxdata.com/ or https://www.elastic.co/products
<ddellav> coreycb please review and push horizon point release for mitaka, 9.1.0: lp:~ddellav/ubuntu/+source/horizon
<coreycb> ddellav, horizon 9.1.0 uploaded to the sru queue
<ddellav> coreycb thanks
<fluvvell> is there any way to specify a nameserver with NetworkManager's VPN so that hosts in the network can get resolved?
<sarnold> fluvvell: I think the usual approach is to configure the vpn system or dhcp 'inside' the vpn to set options that say which dns server to use, e.g. https://openvpn.net/index.php/open-source/documentation/howto.html#dhcp
<fluvvell> sarnold, you're suggesting at the openvpn (for instance) server config end, telling the client which nameserver to use?
<sarnold> fluvvell: yeah
<fluvvell> makes sense. should have thought of that !
<fluvvell> looks like its set at server end already, is there a way to find out which DNS servers each if is using?
<sarnold> I think that's currently just cat /etc/resolv.conf
<fluvvell> which is nice on an if managed by /etc/network/interfaces but ugly on one managed by NetworkManager which points to 127.0.0.1
<fluvvell> to answer my own question, it would appear you can add a .conf file in /etc/NetworkManager/dnsmasq.d  with    a line reading something like: dhcp-option DNS ip.address.goes.here
#ubuntu-server 2016-08-02
<prometheus> I was installing apache2 in ubuntu-server last night and ran into the issue with mod_authn_mysql (is that correct? I'm sure you get my point) and ended up installing mod_authn_dbd. I think they were PHP modules to authenticate MySQL users. Does mod_authn_dbd fulfill the same role as mod_authn_mysql?
<prometheus> I read somewhere that the mysql module was deprecated or it was a bug that wasn't going to be fixed?
<prometheus> is anyone picking up what I'm putting down?
<prometheus> lol
<teward> i think patience is a virtue here
<teward> prometheus: usually takes more than two minutes to get a good answer :p
<prometheus> yeah I know. I just wasn't sure if I was clear enough you know. It's still a little foggy for me from last night. Wasn't sure if I remembered it correctly.
<jack3> Hello.   question  about:  PRETTY_NAME="Ubuntu 16.04 LTS"     :  found auth.log and it and the corresponding .gz files are old.   In other words, it is not being written to.   Am digging to find out where it is being logged, if at all.   Could use some advice.
<sarnold> jack3: could you elaborate on the question a bit?
<jack3> sarnold:  tnx for reply
<jack3> I discovered that auth.log was old
<jack3> when I wen tto look at it.    trying to find if stuff that would normally be in auth.log is being logged anywhere
<sarnold> jack3: check the auth.log* files -- there can sometimes be mistakes in file rotations where an old log file is held open and contined to be used
<jack3> sorry.. I am not a linux guru.   I'm helping out.    I do have sudo.
<jack3>  check the auth.log* files   <<<  what would you like me to check, specifically?
<jack3> dang.. I logged off.. thought nobody was going to reply,  and was headed to bed
<jack3> give me a min
<jack3> ok.. I'm in again.
<sarnold> jack3: heh
<jack3> what am I to check?
<sarnold> jack3: ls -l /var/log/auth.log*  -- check the timestamps
<jack3> ok.  brb
<jack3> all old
<jack3> over a month
<sarnold> jack3: how about grep auth -r /etc/rsyslog*
<jack3> ok.. brb
<jack3> ok
<jack3> done
<jack3> what info would yo ulike?
<sarnold> do you see a line like: auth,authpriv.*/var/log/auth.log  ?
<jack3> two
<jack3> and two more, commented out
<sarnold> is rsyslog running?
<jack3> how to find out?
<jack3> ?
<sarnold> I used ps auxw | grep rsyslog  to see that I could make sure mine is running :)
<jack3> ok.  tried that, didn't see it
<jack3> so next tried:   ps auxw | less
<jack3> then searched for    syslog
<jack3> did not find it that way, either
<sarnold> very interesting
<jack3> so.. I guess it is not running
<sarnold> which release is this?
<jack3> I just did:  cat /etc/*relea*           which line would you like?
<sarnold> VERSION or UBUNTU_CODENAME
<jack3> VERSION="16.04 LTS (Xenial Xerus)"
<sarnold> try journalctl -u rsyslog.service
<sarnold> I don't get any output on my system for that so maybe it's useless
<jack3> <sarnold> try journalctl -u rsyslog.service   <<<  so forget this?
<sarnold> try it out, if uit gives you anything, it might be useful :)
<jack3> what does it do?
<sarnold> it prints out messages from systemd's journal service
<sarnold> if you run journalctl -u ssh  you should see a bunch of log entries from the ssh server
<jack3> says that   'journalctl'    is not installed....
<sarnold> this is a strange system :)
<jack3> fair 'nuff
<jack3> heh
<tatertots> hello everyone, i have a ubuntu server and it's joined to a AD domain with sssd,realm. I'd like to make AD users local administrators on the ubuntu server? is this possible
<tatertots> i tried to add a AD user to the sudo groups however that user was still unable to make changes to the system
<cpaelzer> rbasak: just realized that none of us fuond the time to look at that for a month now https://code.launchpad.net/~paelzer/ubuntu/+source/dovecot/+git/dovecot/+merge/298040
<rbasak> cpaelzer: sorry, I know I have outstanding merges in my backlog.
<cpaelzer> exim4 is a "fun-one" it seems to randomly fail building sometimes - I'm trying to find the weak spot - so far I think it is related to the -j concurrent build but found no hard evidence yet
<cpaelzer> as usual when you want it to fail it just works :-)
<albech> still trying to set my dns, but it seems like the dns-nameservers entry is ignored. All other settings are applied to the nic correctly. http://paste.ubuntu.com/21747469/
<cpaelzer> albech: still on that, that's bad - let me try to recreate - on which release is that ?
<albech> cpaelzer: i havent been on that non-stop ;)
<albech> cpaelzer: but thanks anyway
<albech> cpaelzer: its on 16.04
<cpaelzer> albech: thanks, I just want to see if it at least behaves if I spawn up a clean xenial and configure it
<cpaelzer> to begin with
<albech> cpaelzer: will it write resolv.conf on 'if up' or does ubuntu networking get its dns info elsewhere?
<cpaelzer> albech: it should write resolvconf - see man resolvconf (8)
<albech> cpaelzer: nothing is written to resolv.conf with the configuration i have linked
<cpaelzer> albech: the option you use is supposed to push dns info from e/n/i to resolv.conf
<cpaelzer> albech: I tested dns-nameserver and dns-nameservers
<cpaelzer> both work
<cpaelzer> let me try to paste soemtihng together
<cpaelzer> afterwards we have to find why it doesn't for you
<cpaelzer> albech: is that a server or a desktop - just to check if there might be a NetworkManager somewhere affecting this?
<albech> cpaelzer: server
<albech> cpaelzer: clean install
<cpaelzer> albech: http://paste.ubuntu.com/21875718/
<cpaelzer> just to start, this is working for me just fine
<cpaelzer> I can't spot any major difference thou
<albech> cpaelzer: strange
<cpaelzer> it is always strange until we find the reason :-)
<albech> cpaelzer: the status route also comes up just fine
<cpaelzer> albech: "debsums ifupdown resolvconf"
<cpaelzer> andthing reported as "not-ok" ?
<cpaelzer> albech: "ifdown -v eth0 && printf "\n\n\n\n" && ifup -v eth0"
<cpaelzer> you should see something like this:
<cpaelzer> run-parts: executing /etc/network/if-up.d/000resolvconf
<cpaelzer> albech: do you ?
<albech> cpaelzer: ifdown: interface eth0 not configured
<albech> cpaelzer: ifup: failed to open lockfile /run/network/ifstate.eth0: Permission denied
<cpaelzer> can you show me a "ifconfig -a" output in a pastebinit?
<cpaelzer> ah well
<cpaelzer> yeah plus sudo
<cpaelzer> or as root
<cpaelzer> and be careful
<cpaelzer> IF that is your only connection to the server
<cpaelzer> you will loose it
<albech> cpaelzer: http://paste.ubuntu.com/21876280/
<cpaelzer> ok, good for the interface name
<cpaelzer> then is you can live without your eth0 (e.g. you have  local console access) please do the ifdown/ifup sequence with root/sudo
<cpaelzer> that should show if the resolvconf part is called in your case
<cpaelzer> http://paste.ubuntu.com/21876392/
<cpaelzer> that is how it should look like
<albech> cpaelzer: i have access through the hypervisor, so its all good
<albech> cpaelzer: strange it says eth0 not there cause it shows correctly in ifconfig
<cpaelzer> albech: in a guest you should have the new device naming
<cpaelzer> e.g. in my KVM guest it is ens3 now
<cpaelzer> what hipervisor do you use?
<albech> xen server 7
<cpaelzer> smb: would you have a xen guest around to check if anytihng on guest networking isn't behaving as it should?
<albech> cpaelzer: i can do a normal dig to the dns servers fine
<cpaelzer> albech: IMHO goging down the route why ifup complains about your device not being there will find your issue
<cpaelzer> but that can only be done in your environment
<smb> cpaelzer, the networking on my xen guests works. but xen server is a different host environment to what I use
<cpaelzer> smb: thanks for the confirmation - it sure is different but closer than my KVM
<albech> cpaelzer: i dont have this problem on my older xen servers
<cpaelzer> albech: I can't continue debugging it without an equal environment - I'd recommend debugging that ifdown/ifup
<cpaelzer> albech: they would push this config to resolvconf
<cpaelzer> albech: and if they fail they wont
<cpaelzer> albech: and the issue you report seems they fail
<albech> cpaelzer: correct
<albech> cpaelzer: thanks for the try.. i will do a little more digging myself
<cpaelzer> yw, good luck
<cpaelzer> and in the meantime my ~20 exim4 builds completed - yay
<cpaelzer> rbasak: ok I "found" that the exim4 build issue is a race between conccurrent build jobs (due to -j4 in my case)
<cpaelzer> rbasak: now I ask myself, didding into the case and this build system / d/rules file to fix?
<cpaelzer> rbasak: or just go on with -j1 with the merge
<cpaelzer> rbasak: or is there a third way - like restricting to make -j1 or so (makeing it safe, but lower effort)
<rbasak> cpaelzer: how are you specifying -j4?
<cpaelzer> rbasak: e.g. sbuild -Adyakkety-amd64 exim4_4.87-3ubuntu1.dsc -j4
<rbasak> cpaelzer: ah, that is buggy.
<cpaelzer> uh, good to learn about that
<rbasak> cpaelzer: try DEB_BUILD_OPTIONS=parallel=4 sbuild -Adyakkety-amd64 ...
<cpaelzer> ... building
<rbasak> That moves control of parallel building to debian/rules itself. It may fall back to a non-parallel build.
<rbasak> (if it doesn't parse the variable)
<rbasak> If this is racy, then that's a bug that should be sent to Debian.
<cpaelzer> rbasak: ok and that way each d/rules can decide if it is capable or needs to limit
<rbasak> And I'd be happy for us to hack d/rules in a delta to drop to a non-parallel build in the meantime
<rbasak> cpaelzer: right
<cpaelzer> rbasak: it already builds non-parallel this way and by that avoids the issue - thanks for the hint, able to continue tetsing now
<rbasak> cpaelzer: for reference, https://irclogs.ubuntu.com/2015/08/26/%23ubuntu-devel.html#t11:21
<cpaelzer> just didn't want to leave it un-checked by just avoiding it - now all makes sense
<cpaelzer> happy to see you wondered about that as well a while ago :-)
<rbasak> Most of my knowledge comes from IRC. I just pass it on :-)
<cpaelzer> I wonder if one of the big daat guys could make a nice graph of that able to predict who kows the next answer :-)
<rbasak> That would be interesting!
<ktosiek> how do I access the cpuacct cgroup stats?
<ktosiek> I can't find them in /sys/fs/cgroup
<powersj> rbasak, sent you mail, but I actually can't find the trusty ISOs to test. The download links are 404'ing on me
<powersj> the gpg and md5 files seem to exist
<rbasak> cpaelzer: if you're looking for bugs, fancy taking bug 1604010?
<rbasak> powersj: looking
<ubottu> bug 1604010 in ntp (Ubuntu) "sntp missing" [Undecided,New] https://launchpad.net/bugs/1604010
<cpaelzer> rbasak: I just got other tasks, but I'll take it on my list and have a look at some point
<cpaelzer> rbasak: ok ?
<cpaelzer> in fact I found it missing just a few hours ago myself
<rbasak> cpaelzer: sure, thanks!
<coreycb> rbasak, nacc: do you have any plans to merge the new python-django in yakkety?
<coreycb> rbasak, nacc: I ask because Debian is at 1.10 now but it's caused a lot of breakage
<rbasak> coreycb: I have https://code.launchpad.net/~nacc/ubuntu/+source/python-django/+git/python-django/+merge/300017 in my review queue.
<rbasak> coreycb: also there's bug 1605278. I suggest you note any issues in that bug so they're not forgotten.
<ubottu> bug 1605278 in python-django (Ubuntu) "Merge python-django 1:1.9.8-1 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/1605278
<coreycb> rbasak, nacc: ok.  I think we need to consider the effects before uploading.  it looks like a number of upstream projects are not updated wrt django 1.10 feature changes.
<coreycb> rbasak, one example is horizon, see zigos patches here: https://anonscm.debian.org/cgit/openstack/horizon.git/log/?h=debian/newton
<coreycb> I'll note in the bug
<rbasak> coreycb: thanks, I'll definitely look into this before sponsoring anything. But yes, note in the bug, since someone else might sponsor instead.
<coreycb> rbasak, ok, thanks
<rbasak> coreycb: it might even be worth an ML discussion - we don't usually hold back on version updates.
<coreycb> rbasak, ok, I'll send an email too
<rbasak> stgraber: any opinion on bug 1448500 please?
<ubottu> bug 1448500 in tftp-hpa (Ubuntu) "tftp-hpa doesn't accept IPv4 connections by default" [High,Confirmed] https://launchpad.net/bugs/1448500
<stgraber> rbasak: if just :69 instead of [::]:69 causes it to do the right thing, I don't have a problem with that change
<rbasak> stgraber: OK, thanks!
<setuid> Alrighty, who do I harass about bugs in uvt-kvm/uvtool? :)
<teward> file a bug against the package
<setuid> https://bugs.launchpad.net/ubuntu/+source/uvtool/+bug/1428674
<ubottu> Launchpad bug 1428674 in uvtool (Ubuntu) "uvt-kvm: error: no IP address found for libvirt machine" [High,Fix released]
<setuid> well over a year ago, and they're still in the code
<setuid> There's quite a few more... setting [name] to the loopback address is ALWYAS, always, always wrong.
<setuid> So naturally, ssh'ing into the host will fail.
<setuid> I'm floored nobody has run into this, in over a year... or nobody is using cloud-init images
<setuid> It's a showstopper
<smoser> powersj, around ?
<smoser> https://code.launchpad.net/~powersj/simplestreams/enable-tox/+merge/301307
<powersj> smoser, yeah
<smoser> setuid, that bug is marked fixed you believe otherwise ?
<smoser> powersj, so.... those packages you listed
<smoser> those you believe are needed to run tox ?
<setuid> smoser, demonstrably
<powersj> yes, that is what I had to successfully run tox. Otherwise I got issues with building the pip packages or no package found.
<setuid> smoser, http://paste.debian.net/786622/
<setuid> An example from my test machines
<smoser> setuid, what version do you have ?
<setuid> smoser, latest available in 16.04: http://paste.debian.net/786623/
<setuid> Looks like it might be using the wrong bridge to scan, claims to use vibr0, but that's not the correct bridge network
<smoser> setuid, i woudl file another bug... it does seem that its going to use virbr0 , and ven mentions it 'Also use libvirt virbr0.status'
<smoser> s/ven/even/
<setuid> http://paste.debian.net/786624/
<setuid> last iine seems to be the culpret
<setuid> I'm going to destry my networks, move defualt to use vibr0, and see what happens
<smoser> setuid, yeah, i suspect its not actually reading the bridges from the libvirt xml
<smoser> but jsut using virbr0
<smoser> so specifically your bug is different than that one.
<smoser> please file a new bug i guess.
<setuid> Well, if they assert vibr0 as 'default', but that's not the first network, it will fail
<setuid> they should look up what bridge 'default' uses, and then scan that
<setuid> not make broad assumptions
<setuid> smoser, nailed it
<setuid> just edited the xml, moved everything around, made 'default' use vibr0, and now 'uvt-kvm ssh --insecure myvm' works, without editing /etc/hosts in the guest.
<NetworkingPro> hey everyone
<NetworkingPro> Does anyone know, Ubuntu server 16.04, does it do SE Enforcing?
<Amgine> Question: my new server hardware has a hardware RAID with three drives configured in the BIOS. Ubuntu is displaying each of these devices in /dev, none are mounted. (The boot drive is a separate SSD.) What is the simplest, most fool-proof method of using this array?
<sarnold> Amgine: if it were me, I'd go with zfs; it seems simpler, easier, and more robust than using raid functionality on cards..
<Amgine> <reads up on zfs>
<sarnold> Amgine: here's my favorite introduction https://pthree.org/2012/12/04/zfs-administration-part-i-vdevs/
<Amgine> Thnx!
<theseus1> :-D
<setuid> NetworkingPro, SE is a Red Hat thing, you want apparmor, and yes.
<setuid> https://wiki.ubuntu.com/AppArmor
<setuid> sudo aa-enforce /path/to/your/binary
<setuid> https://help.ubuntu.com/community/AppArmor
<arooni> i've got two VPS servers running ubuntu 14.04 LTS; is it generally recommended to upgrade them to 16.06 ?
<nacc> arooni: 14.04 is supported until 2019
<nacc> arooni: the decision to upgrade is up to you
<sarnold> if you're running php5 applications on them, it's probably best to stay put :)
<arooni> i'm trying to figure out what the benefit might be
<sarnold> anything else, well, up to you. heh
<nacc> sarnold: :)
<sarnold> nacc :)
<arooni> why do you mention the issue with php5
<nacc> arooni: no php5 in 16.04
<arooni> i dont see anything about that on the release notes
<sarnold> 16.04 LTS doesn't have php5
<arooni> can it not be installed ?
<nacc> not officially
<arooni> so would stuff like wordpress be running on php5
<sarnold> I think someone has a PPA you could use, if you trust them
<nacc> yeah, ondrej is maintaining a PPA, like he does for 14.04
<nacc> arooni: wordpress has been updated iirc
<arooni> can php5 run alongside the php7 version that is included with 16.04?
<arooni> via say this ppa?
<nacc> dunno, probably? you'd need to contact the ppa owner
<sarnold> hehe, I was thinking "probably not" myself :)
<arooni> ok cool;  thats an important consideration considering i have some php apps running
<arooni> no other obvious 'gotchas' ?
<arooni>  i heard there was something about ssl/https support
<nacc> sarnold: i think ondrej's ppa has php5 and php7 in it, actually (or at least, it did)
<arooni> as in, if you dont upgrade, you'll get punished from google somehow
<nacc> coinstallable versions, that is
<arooni> dont know where i saw that
<sarnold> nacc: ahhh, that's encouraging
<sarnold> arooni: I understand that google (intends to?) score https-served sites higher than non-ssl sites
<sarnold> arooni: but afaik both 14.04 lts and 16.04 lts have well-supposed tls stacks that should both suffice
<arooni> sarnold: even if you dont have any checkout on your page?
<sarnold> arooni: yes; I suspect it's a useful enough differentiator between crap-sites and meaningful-sites.
<arooni> so i have to pay for a ssl cert now for each of my sites?
<arooni> or is there some free issuing authority that wouldn't charge me
<sarnold> investigate letsencrypt
<arooni> thats a useful tip; bookmarking it for laterr
<arooni> does  using ssl consume a lot more resources than regular http traffic?  i'm using nginx if it matters
<sarnold> there are multiple clients available, some more magical than others; I'd recommend sticking with the official unless you're prepared to read the alternatives to make sure they look safe
<sarnold> what sort of traffic do you have on your site?
<arooni> i not a lot ;  just about 13K page views/month
<sarnold> you probably won't notice anything then :)
<arooni>  i suppose i should be happy; but somehow hearing that answer i'm not lol
<sarnold> well, I'm accustomed to e.g. "please enable https downloads for ubuntu", but at our bandwidth levels, that'd require a fair amount of dedicated horsepower just to do the cryptography
<sarnold> if you're serving less than a gigabit per second it's probably not a big deal
<arooni> that's a good rule of thumb;  so you run the servers that people use to download ubuntu?
<sarnold> thankfully no, someone else does that :)
<arooni> that's what i love about irc; you get to rub elbows with people who have already figured out what you're trying to do
<sarnold> yes! it's fantastic
<sarnold> hundreds of years of collective experience available to all who ask interesting questions :)
#ubuntu-server 2016-08-03
<ybaumy> hi i have a networking problem with lxd. i want to juju bootstrap localhost but the client cannnot connect to lxdbr0 from ens160. http://paste.ubuntu.com/21990244/ http://paste.ubuntu.com/21990965/ can somebody take a look at it please
<ybaumy> there are on the same vlan 400
<ybaumy> i think its the cable router for my internet. he does not route back and is the default route on my cisco.
<ybaumy> if anyone is awake ..
<ybaumy> hi i have a networking problem with lxd. i want to juju bootstrap localhost but the client cannnot connect to lxdbr0 from ens160. http://paste.ubuntu.com/21990244/ http://paste.ubuntu.com/21990965/ can somebody take a look at it please
<ybaumy> what i could fix is the default gateway for the 192.168.10.0/24
<ybaumy> now the icmp redirects are gone but nothin happens somewhere else
<ikonia> ybaumy: what is your actuall routing device
<ybaumy> the cable router is a avm fritzbox. i dont have any control over. then i have a cisco sg500 which acts as layer 3
<ikonia> ybaumy: what are you using to route between the networks causing a problem
<ybaumy> so the cisco? the thing is... its a little bit complicated. i have 4 linux boxes with vmware workstation running esxi and on top of that i have those maas box
<ikonia> where does the ubuntu question fit into this
<ybaumy> good question. maas and everything else is running ubuntu
<ikonia> I get that - but what is the ubuntu part you need help with
<ybaumy> i want to enroll a cloud with ubuntu on vmware. and encountered this problem with network. so i thought i would ask here
<ikonia> you seem (I could be wrong) asking with help setting up your routers
<ybaumy> yes
<ybaumy> is there a router channel or networking
<ikonia> ##networking ?
<ybaumy> or linux networking
<ybaumy> well i try my luck there. thanks anyways
<albech> still trying to figure out what is happening with my interfaces.. Though eth0 is configured according to ifconfig, ifdown cannot take it down.. Any ideas? http://paste.ubuntu.com/22009372/
<albech> it is a fresh install btw
<albech> this problem leads to me not being able to configure dns and maybe other things i havent discovered yet, so im really interested in resolving it without doing some nasty resolv.conf hack
<ikonia> albech: how are you configuing the network card
<vbotka> albech, in particular, it would be good to check the content of /etc/network/interfaces
<albech> http://paste.ubuntu.com/21747469/
<albech> ikonia: did you see the pastebin?
<ikonia> albech: nope
<ikonia> albech: why are you setting a route to a non-existant interface
<ikonia> up route add -net 10.255.12.0/24 gw 10.255.0.30 dev eth0
<ikonia> that has no 10 address on it
<ikonia> or are you doing something else later down the route
<albech> ikonia: its my vpn connections im routing to the vpn server
<ikonia> but nothing in that config shows the 172 address as having a route to 10.x on the eth0 interface
<cpaelzer> rbasak: I got as far with bug 1604010 as I can get IMHO without a statement from ntp upstream maintainers
<ubottu> bug 1604010 in ntp (Ubuntu) "sntp missing" [Medium,Triaged] https://launchpad.net/bugs/1604010
<cpaelzer> rbasak: upstream bugzilla is down, but I'll handle the remaining things
<rbasak> cpaelzer: good job, thanks
<rbasak> cpaelzer: I think we could carry a delta to fix this. It doesn't prevent us from syncing later. So the quite subjective question is: is this worth a delta?
<cpaelzer> rbasak: it is worth a delta - once one with REAL insight into NTP confirmed that changing these to things at ./configured doesn't change a lot of other things we might miss
<cpaelzer> rbasak: since this should go to Xenial via SRU as well I think we have to insist on such a check for quality assurance
<cpaelzer> but as I said bugs.ntp.org currently throws internal server errors on submission
<cpaelzer> there I'd want to place (&document) that question and link it up in LP and Debian bug then
<cpaelzer> once answered I
<cpaelzer> would submit the delta for yakkety
<cpaelzer> followed by an SRU for Xenial
<cpaelzer> rbasak: actually - in general - this might be a good check for our merge checker
<cpaelzer> rbasak: your lintian tool works on source only atm right ?
<cpaelzer> rbasak: I'd suggest a tool that compares the dpdk -L of all built packages, if things were removed due to a merge one should conciously ack that removal
<cpaelzer> rbasak: instead of finding out later like in this example
<cpaelzer> could also use the output of sbuild or such, as they report the .deb content anyway
<cpaelzer> rbasak: sometimes I did that manually, but I wonder if that could be a huge QA improvement on our merge process to write it down as required step
<rbasak> cpaelzer: actually the debdiff command does exactly what when given binary debs I think.
 * cpaelzer reads man debdiff
<rbasak> cpaelzer: it's a good idea. I wonder though if we'll get too many false positives due to intentional Debian changes. We can certainly try it though.
<rbasak> cpaelzer: another option (possibly in addition) is to write a dep8 test that checks the functionality of these tools, and submit that to Debian too.
<cpaelzer> rbasak: you are right "
<cpaelzer> It shows which files have been introduced and which removed between the two package files, and is therefore  useful  for
<cpaelzer>        spotting  files  which may have been inadvertently lost between revisions of the package.
<cpaelzer> "
<cpaelzer> that is just what I'd want
<rbasak> cpaelzer: I added it to our notes to discuss next week, thanks
<cpaelzer> rbasak: as an example that would have been great back then when 4.2.8 was merged http://paste.ubuntu.com/22026258/
<cpaelzer> rbasak: I added the example to the sprint doc
<embrik> anybody who can help me with pxe-boot on newer laptops with uefi-boot?
<embrik> I have a bunch of laptops at my school which I am supposed to clone with clonezilla
<rbasak> I think grub2 might have some network functionality. Could you use that perhaps, so you don't have to mess with the boot from the system's perspective?
<embrik> sorry, but I am quite a newbie to linux, I have run clonezilla, though for several years cloning all the laptops at my school. Now I have 60 new laptops which won't boot. Don't know how to use grub2 :-(
<embrik> I use ubuntu 14.04
<ddellav> coreycb can you review/push cinder CI plz? lp:~ddellav/ubuntu/+source/cinder
<coreycb> ddellav, can you check if jamespage already fixed it?  the merge failed.
<jamespage> oops
<jamespage> I did
<jamespage> yesterday
<ddellav> ok. I updated it yesterday but it was waiting on those oslo deps before i could build it.
<jonah> Hi can anyone help, for some reason my server is no longer receving emails. I don't know if a conf file or update has broken something but now when I send a test from Gmail, Yahoo or Hotmail etc to my server email address I don't receive them... But also no bounce back emails come in either, the messages just dissappear
<on247> Hey
<on247> Anyone can help
<tachikomas> Hey. Just ask.
<on247> i cant login into my server with ssh
<on247> i cant login using the same username and password using kvm
<on247> * i can
<on247> already checked password login is enabled in conf
<on247> cant login as root or regular user
<tachikomas> on247: never login on ssh with root user.
<on247> i know
<on247> just saying neither works
<tachikomas> so, can you "ssh -v" ?
<on247> but i can login using the very same password using remote KVM
<on247> http://pastebin.com/rhn2f3Yt
<on247> and then put password in
<on247> debug1: Authentications that can continue: password Permission denied, please try again.
<tachikomas> so, when you put the password, what happend on log ?
<tachikomas> can you past lines of /var/log/authd.log ?
<on247> http://i.imgur.com/253j6nI.png  @tachikomas
<tachikomas> it's like a password fail.
<on247> im typing the very same password via that console and works
<on247> is how i logged in to show the logs
<tachikomas> are you sure about your keymap ?
<on247> i didnt use any special chars
<coreycb> jamespage, ddellav: I'm switching aodh back to running tests with testr since they run successfully with it.
<on247> besides i passwded to something simple
<on247> still didnt work
<jamespage> coreycb, ok
<lordievader> on247: Your auth log only shows root logins?
<coreycb> jamespage, ddellav: ok aodh b2 uploaded, and cotyledon's MIR has been approved
<on247> wait , wrong ip
<lordievader> on247: What happens when you log in with a traditional user?
<on247> im dumb ...
<JanC> LOL
<coreycb> ddellav, does horizon 9.1.0 need a review?
<ddellav> coreycb you already reviewed and pushed it a few days ago
<coreycb> ddellav, gotcha, it's still in the review queue
<ddellav> coreycb we've got a  commend on the bug asking about a test plan again :/
<coreycb> ddellav, ok I'll cut and paste the same test plan we always use
<ddellav> coreycb thanks
<coreycb> ddellav, np :)
<jamespage> cpaelzer, ok - so I have master branch of ovs building with 16.04 dpdk in a PPA for amd64 - i386 is failing some tests...
<jamespage> hmm
<jamespage> coreycb, \o/
<jamespage> (aodh)
<smoser> powersj, many commits later... your tox branch is now present in simplestreams
<powersj> smoser, thank you!
<smoser> you did good, but getting this all to
<smoser>  * build on trusty or xenial and yakkety
<smoser>  * have tox work there too
<smoser> was non-trivial
<smoser> so many gotchas
<smoser> you asked hwo to represent the dependencies
<powersj> wow
<powersj> yeah
<smoser> i've added tools/install-deps
<smoser> which takes either 'build' or 'tox'
<smoser> and if build, it reads debian/control to get the right depends
<smoser> and 'tox', it installs the dpends you're going to need to run tox
<smoser> normally that is just 'tox'
<powersj> That's awesome
<smoser> but we add 'gnupg' as we clearly need that for signing examples. and also the python-dev and such that is necessary for o penstack libraries
<smoser> that are a pita
<powersj> I'll get on the CI job later today or tomorrow then.
<smoser> as they use some c-python stuff, which really runs them out of the usefullness of tox and pip in my opinion.
<smoser> but... whatever
<smoser> so in a fresh xenial container, you can just run: ./tools/install-deps tox && tox
<coreycb> beisner, nova 2:12.0.4-0ubuntu1~cloud1 is ready to promote to liberty-proposed when you have a chance, thanks
<coreycb> dosaboy, ^
<beisner> coreycb, dosaboy - promoted nova to liberty-proposed re: https://bugs.launchpad.net/nova/+bug/1369465
<ubottu> Launchpad bug 1369465 in OpenStack Compute (nova) liberty "[SRU] nova resize doesn't resize(extend) rbd disk files when using rbd disk backend" [Medium,Fix committed]
<coreycb> ddellav, ci seems to be building ok again
<ddellav> coreycb awesome
<cpaelzer> jamespage: hi, just saw the news
<cpaelzer> jamespage: yeah as I said the 16.07 bits are still discussed
<cpaelzer> jamespage: but shouldn't be much longer - are you using the 16.04 ppa I sent you a while ago?
<NetworkingPro> slightly off topic, but anyone know a good open source tool for tracking server assets, such as server/network gear host names, ip's, environments, etc?
<NetworkingPro> preferably web based?
<sarthor> Hi, I have network of 30 users on LAN, want to share one folder with all of those network computer, I want to 10 Computers only can read share folder, while 5 can create / delete files / and file can make changes in file but could not delete the already extant file. What will be the better and Easy solutions to go with, Help will be very much appreciated and thanks in advance.
<sarnold> sarthor: I don't know any tools that would let you say "this (user, computer, etc.) can write new files to a directory but not remove existing files"
<sarthor> sarnold: was expecting same answer about that sentence.
<sarnold> sarthor: the closest I can think of is the directory 'stickybit' -- which would forbid the user from removing files that belong to other users, but they could still remove their own files.
<sarnold> maybe you could smack together some daemon that inotify-watches the directory and grabs ownership of files after they are put in the directory
<sarnold> of course, if you still allow those files to be edited, then they could also be truncated, which isn't all that different from deleting the file.
<trippeh_> a lot of applications also do not edit file, they create a new one and delete the old one.
<JanC> I think it's probably possible to set a policy like that, but it wouldn't work well with the create/delete/rename dance
#ubuntu-server 2016-08-04
<rabbitdew> I'm trying to pxeboot ubuntu 14.04. The installer starts, but then it seems to look in 'trusty-updates/restricted/debian-installer/binary-amd64/Packages and fails
<rabbitdew> It fails because that path does not lead to anything. There's just an ubuntu 14 iso dropped hosted on anther server and that file is not there. Why does it keep looking there?
<rabbitdew> Ok. all the other mirrors seem to have this except the one i set up locally. I think there's something wrong locally...
<cpaelzer> jamespage: as of this night OVS master got the DPDK 16.07 bits
<cpaelzer> jamespage: 0a0f39df: netdev-dpdk: Add support for DPDK 16.07
<lordievader> Good morning.
<ejat> hi ...
<ejat> im having error with all-in-one installer on 14.04.5
<ejat> fenris@bigsoftware:~$ sudo openstack-install
<ejat> Traceback (most recent call last):
<ejat>   File "/usr/bin/openstack-install", line 282, in <module>
<ejat>     ev = EventLoop(ui, cfg, logger)
<ejat>   File "/usr/share/openstack/cloudinstall/ev.py", line 43, in __init__
<ejat>     self.loop = self._build_loop()
<ejat>   File "/usr/share/openstack/cloudinstall/ev.py", line 66, in _build_loop
<ejat>     event_loop=urwid.AsyncioEventLoop(loop=evl), **additional_opts)
<ejat> AttributeError: 'module' object has no attribute 'AsyncioEventLoop'
<lordievader> Please use pastebin for console output.
<lordievader> ejat: http://askubuntu.com/a/722167
<florianb> Hello
<florianb> I'm new to OpenStack and I would love to have it running in my own testlab at home
<florianb> I've got 6 servers with 16-64GB Ram
<florianb> Can I follow this guide to setup the master server: https://help.ubuntu.com/lts/clouddocs/installer/en/single-install.html and then add compute instances ( the other servers )?
<cpaelzer> rbasak: just saw that we got surpassed on pacemaker :-)
<cpaelzer> rbasak: anyway this was blocking an SRU which is ok now no matter which merge got in, could you accept the Xenial task in bug 1595901 for me?
<ubottu> bug 1595901 in pacemaker (Ubuntu) "Missing dependency on dbus" [High,Fix released] https://launchpad.net/bugs/1595901
<cpaelzer> rbasak: the bug now also got the relatively trivial SRU debdiff for Xenial
<jamespage> cpaelzer, re-snapshotting master and rebuilding against 16.07 dpdk
<jonah> Hi can anyone help, for some reason my sites are giving an intermittent white screen of death in the browser??
<Amgine> php error.
<cpaelzer> jamespage: thanks for the info
<jamespage> cpaelzer, amd64 is looking ok - doing some py3 enablement at the same time as this update
<jamespage> i386 - https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1609846
<ubottu> Launchpad bug 1609846 in openvswitch (Ubuntu) "unit test failures with master branch on i386" [Undecided,New]
<cpaelzer> jamespage: did you upload that to the git-packaging repo of ovs already ?
<cpaelzer> just so I can try to find what is going on to help if I find some time?
<jamespage> cpaelzer, no
<jamespage> just pushed to git repo under ~ubuntu-server-dev
<cpaelzer> jamespage: thanks will pick up there then
<tsimonq2> I'm working on finishing the run once Default + crypted LVM test case for 14.04.5 right now
<tsimonq2> (for i386 fwiw)
<Amgine> Does anyone know if DDClient can be used for selective subdomains? e.g. wiki.domain.tld and blog.domain.tld on dynamic dns, and not mention forum.domain.tld because its A record points to a fixed IP.
<coreycb> beisner, python-keystoneauth 2.4.1-1ubuntu0.16.04.1~cloud0 is ready for promotion to mitaka-updates
<riz0n> Hello friends. I am trying to figure out how restore a TAR backup of an Ubuntu system to a freshly created VMware system (to test the integrity and process of restoring backups). I need some advice, all the way from partitioning, to reconfiguring GRUB.
<beisner> coreycb, unable to do uca activities atm, querying in fn #launchpad as it looks like a redirect/rewrite change in behavior or something along those lines.
<coreycb> beisner, yikes, ok let's let that get sorted out.
<beisner> coreycb, tldr; our tooling now fails with 404 on the .changes files
<coreycb> beisner, that smells like a launchpad outage
<beisner> coreycb, well it's odd.  check this:
<beisner> our script reaches out to open:
<beisner> https://launchpad.net/~ubuntu-cloud-archive-private/+archive/ubuntu/mitaka-proposed/+files/python-keystoneauth1_2.4.1-1ubuntu0.16.04.1~cloud0_source.changes
<beisner> but gets 404 not found.  i see the same with wget.  however, if i hit a browser with that, i end up at:
<beisner> https://launchpadlibrarian.net/276333938/python-keystoneauth1_2.4.1-1ubuntu0.16.04.1~cloud0_source.changes
<beisner> which does load.  it's as if there is a new redir/rewrite behavior that's less than polite.
<coreycb> beisner, that is odd. I get the same behavior fwiw
<riz0n> Hey guys, I am trying to restore a backed up Ubuntu system in TAR to a new server. Here's the details. The old system was set up with "Guided with LVM" and the target system has two partition, one at the beginning in ext4 and then an extended swap partition (No LVM). Once I untar the backup to the ext4 partition and grub-install then boot, it boots me into maintenance mode. What should I do to repair the restore partition in order to get it to boot pr
<riz0n> operly?
<ikonia> riz0n: not a realistic goal
<ikonia> technically possible but a lot of effort
<rattking> riz0n: you should run update-grub at the least. and you you definitely need to update /etc/fstab with your new UUID and lack of lvm
<sarnold> riz0n: it might be easier to backup just the data you care about and then automate the deployment process instead
<riz0n> ikonia: What do you mean not realistic? How would you recommend that I backup an Ubuntu server then restore the backup to a separate machine?
<sarnold> riz0n: or if you want to continue with full-system backups, maybe investigate a full-system backup solution
<ikonia> using restore products
<ikonia> you've just untar'd old / not-working configs onto a new system
<riz0n> ok let me check out the /etc/fstab .... how would I go about finding out uuids?
<ikonia> the fstab the grub config
<ikonia> thats all going to be wrong
<ikonia> then there are more complex risks
<rattking> riz0n: blkid
<riz0n> Thank you so much. I got the backup/restore process to work one time, but I used some utility called "boot-restore" or something like that. But I never could get it to work twice.
<rattking> but there will be more as others are saying that I am not remembering at the moment
<ikonia> boot-restore is the least of your problbmes
<rattking> oh and you will need to update-initramfs as that will be looking for lvm too
<riz0n> Figured I would give you guys an update. So editing /etc/fstab then update-grub fixed it! You guys are great, thank you so much for your help!
<sarnold> be sure to test all aspects of that system :) I'm still skeptical of a tar backup being Good Enuogh
<riz0n> I will, right now the backup consists of a fresh ubuntu install (yes I know, kind of crazy to "restore" a clean ubuntu install, but the goal is to hammer out the process necessary of backing up a system then restoring to a different in case of failure).
<derwood2> Heya folks, this is what I have been doing for the last few hours to get MaaS 2.0 up and running on 16.4.1? LTS, using four machines, all of which are the same apart from the server/controller/rack region controller having double the RAM of the nodes, this could do with some work, spellinga and grammar, but it's quick and dirty, and works.. https://ubuntuforums.org/showthread.php?t=2332842
<derwood2>  Now I need to find a way to install, Autopilot, OpenStack and Juju without any issues :D
<derwood2> I have also found that if sometimes, your node does not fully start, it does a partial "thing" where it can fetch the data required through a PXE boot and then like hang for ages..., reboot the node and switch it's UTP patch cable from one port to another empty one and it fires up proper first time... I think it's cheap switches, mines from TPLinnk and it still does it..
<derwood2> Can anyone point me in the right direction of going about installing "autopilot" on Ubuntu 16.4.1LTS with Maas2.0 installed, please :D
<derwood2> ^^Get in, get out... Shake it baud about...
<sarnold> derwood2: seen this yet? http://www.ubuntu.com/download/cloud/install-openstack-with-autopilot
<sarnold> (I'm thinking mostly of step 6)
<derwood2> Let me just have a look, cheers for the link :D (I have seen a few links, and they more on about 14.4LTS, I've had some serious issues) brb :D
<derwood2> awesome :D brb "step 6"
<sarnold> yes, now that 16.04.1 is out, I hope more of the documentation can be updated for it..
<derwood2> Me too, more documention is really required :D
<derwood2> Do you know what would be nice, if I could make a complete .ISO file from my current exact install of 16.4.1LTS with MaaS2.0 all sorted and configured... And then after I try this and it could break, I can just re-install using the nice one I've just spent two hours setting up..
<david_theory> Okay. Noobie question... I need to start xserver, vnc server, autologin, and run a program we need to run... all with ubuntu server. brain hurting, anyone ever do this before?
<derwood2> I use blend
<derwood2> oops
<derwood2> let me start again, I use Blender, and I have cenotOS installed as a minimum, it will boot and login for me and start blender without even the normal desktop being seen, but the blender window..
<derwood2> Does that sound like something you would want, but rather then blender, using VNC..
<david_theory> yeah similar
<david_theory> funny
<david_theory> we are doing blender renders
<derwood2> ;)
<sarnold> does blender not provide a daemon for rendering? o_O
<david_theory> It has a very horrible one haha
<derwood2> Blender is awesome, if you search for a erm, help page on how to network render, a few of them tell you how to get the system to autologin, and start blender, ready for netrendering.. this is done to a node so it takes up the least amount of RAM and time to setup..
<david_theory> We use loki
<derwood2> You could change the setting rather for blenders use, but for VNC and whatever else you need :D
<david_theory> Can you send us that ami?
<sarnold> it just seems .. silly and insane .. that something as routine as rendering would require a graphical environment
<david_theory> We are using many 3rd part apps to manage files and render managment
<sarnold> why on earth would they require such an annoyance? that would make it a thousand times harder to use on amazon or GCE or whatever
<derwood2> I'm actually right now, setting up a private cloud RACK cluster using MaaS2.0, Autopilot, OpenStack and Juju so that I can use the whole cluster to spawn a VM with blender in and use all avaliable RAM and CPU for rendering :D
<david_theory> GUI isnt required for blender we are doing some other crap with blender which needs a ui
<derwood2> I will use it also for computations and the like too :D
<derwood2> but thats the ease, or so I see it with MaaS, I can just config as I go, strip and redeploy depending on my needs.
<david_theory> Can you send me the ami?
<derwood2> I'm just trying to get it all to work, on this link, https://ubuntuforums.org/showthread.php?t=2327868
<sarnold> derwood2: .. I'm afraid that you may have an incorrect idea about what is possible with openstack; do you think that you're going to get to launch a single VM with 64 gigs of RAM and eight sockets of CPUs?
<derwood2> Sure I'll find you the link for making blender autologin and start-up :D brb
<derwood2> in the beginning yes, you are correct I was thinking that would be the case, but as I went along I found I would have to create a set of VM's one for each bare metal chassis :( Shame eh..
<david_theory> so confused hehe
<sarnold> derwood2: yeah; the old 'beowulf cluster' project existed to try to build Bigger Computers from little ones, but I don't know if anyone still uses it any more
<derwood2> I used to use Beowolf's way back in late 99/02 with MPI proper nice.. sadly I have been out the game for over 10 years..
<derwood2> David... This might help you out I think : https://cgcookie.com/tutorial/setting-up-a-renderfarm/
<david_theory> Oh, only issue right now is ubuntu server doing an autologin and starting a vnc server
<sarnold> david_theory: you could probably isntall ubuntu-desktop or unity, then use the control panel's "users" page to enable automatic login
<sarnold> it's a bit of a shame, that's a few hundred megabytes of RAM that'd be profitably used for rendering
<derwood2> I was hoping I could use MaaS2.0 to spawn  a very small ubuntu install that would just contain the programs I require, even thought I could get them to spawn a VM with mpirun already contained rather then having to install all the nodes with a small copy. Like we used to.. This week of playing with MaaS is not looking to be a good use of time :(
<derwood2> I've just tried OpenStack again using section 6 and I've had to scrape it, I can get it to start to show with conjure-up? But some serious bootstrap errors using all the avaliable options like Nova and the other two.
<derwood2> I need to find out why this is happening, but I'm not sure how?
#ubuntu-server 2016-08-05
<Amgine> huh. After 30-some hours of data uploading between old and new server, I went to check progress and got...
<Amgine> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
<Amgine> Is my best solution to rip it down and try to rebuild the server more securly?
<sarnold> owww
<sarnold> whatever you do don't type passwords into that thing until you've figured out what's going on
<sarnold> it might be as easy as using sudo ssh by accident, and getting an _ancient_ /root/.ssh/known_hosts file entry or something similar to that
<sarnold> or it might be that it's now someone else's computer and they're not very quiet about it
<cncr04s> is there any setting to determine how often linux flushes the drive write cache to disk. While I have UPS and 64G of ram, It will read like 4-16GB of data(from network or other disk) before it begins to write to the disk, not sure why it waits that long.
<sarnold> cncr04s: I think the sysctls labeled "dirty_" are probably most useful to you https://www.kernel.org/doc/Documentation/sysctl/vm.txt
<RoyK> cncr04s: probably not a good idea if you want consistent data in case of a panic or similar
<sarnold> RoyK: I think he wants to make it write more frequently :)
<RoyK> sarnold: oh - the other way around :)
<sarnold> yeah :)
<RoyK> cncr04s: possibly ext4 writeback doing it
<djc_> Hi setting up Ubuntu 14.04 server for the first time... Should SSH keys be generated
<cpaelzer> djc_: what keys do you refer to?
<cpaelzer> djc_: to create a key for yourself and how to place it https://help.ubuntu.com/community/SSH/OpenSSH/Keys
<cpaelzer> djc_: did you mean this or something else?
<cpaelzer> djc_: and in case you might have meant https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0285.html - no not an issue
<ejat> stgraber: r u here?
<jamespage> ddellav, coreycb: I think the keystone unit test failures are due to a unrepresented requirement for a newer oslo.db version
<jamespage> there is a fix in a 4.10 - 3277ef3 Capture DatabaseError for deadlock check
<jamespage> that looks pertinent
<cpaelzer> jamespage: did you have uncommitted changes that brought you to 1609846 ?
<jamespage> ?
<cpaelzer> I cloned and build against my 16.07 ppa but break at
<cpaelzer> make[3]: *** No rule to make target 'debian/python-openvswitch.install', needed by 'distdir'.  Stop.
<cpaelzer> just wanted to test build and see If I could help - but it seems I block at this before the unit test failures you reported
<cpaelzer> file it searches got deleted by your last commit
<cpaelzer> "d/rules,control: Add python3-openvswitch package."
<cpaelzer> the question is - accidential delete or missed to remove from debian/automake.mk ?
<cpaelzer> because the latter still referes to it
<cpaelzer> maybe it should have been created by your new call to python setup.py
<cpaelzer> checking if there was a former error in thebuildlog
<cpaelzer> no tat seems to be the real install, removing the line in the automake gets me going
<cpaelzer> I'll continue that way for now
<cpaelzer> later on we can discuss if it was right and if/how you want the commit back
<cpaelzer> running unittests now, eager to see if I hit the same that you did jamespage
<jamespage> cpaelzer, oh I might sitll have local delta for tha
<jamespage> one sec
<jamespage> cpaelzer, infact two commits pushed
<cpaelzer> :-/
<cpaelzer> gotcha
<cpaelzer> hehe
<jamespage> ddellav, coreycb: I've updated cloud-archive-utils to use i386 schroots for precise and trusty targets, mimicing the behaviour for LP builders.
<jamespage> xenial will use amd64 still
<jamespage> for arch all builds anyway...
<jamespage> changed my mind - bad idea
<jonah> Hi has anyone used keepalived?
<ikonia> I have used keepalived
<ikonia> although there are more options now than when keepalived was king
<jonah> ikonia: well I'm just trying to plan how to add failover to a current server - I found this guide: http://gcharriere.com/blog/?p=339
<ikonia> ok ?
<jonah> ikonia: which looks pretty awesome!! but as my system is already running I wasn't sure the best way to set it up, as that guide starts with two blank machines. Can I just install keepalived on the current running ubuntu server, do the virtual IP bit, update dns/router to virtual IP and then worry about second server later?
<ikonia> keepalived is just an application daemon, thats it, nothing more
<ikonia> you can install that onto a running host, no problem at all
<jonah> ikonia: that's cool. My other problem is how can I clone the whole server to the second box... Is rsync ok for this like set to sync every 10 minutes or something?
<ikonia> the whole server ?
<ikonia> could you define the whole server please
<jonah> ikonia: well this is my problem. I didn't want to start fresh with drbd or some block level network raid as my current server is already running. So just need to sync it up... I can't clone the whole thing I guess or I'd wipe my keepalived setup and slave settings. But need to sync it so all the email, websites, mysql etc goes over to the failover and load balancer. Or would this just not work as it isn't realtime. Maybe I can't use the load
<jonah> balancing...?
<ikonia> I think you need to look at that in a different way
<ikonia> this is not the "whole server"
<ikonia> this is just some content
<ikonia> so for example, you can use mysql/maria replication for the database
<ikonia> the webroot - sure, rsync
<ikonia> email ? how are you storing it
<ikonia> there are loads of things to look at this is not a two minute "just rsync everything"
<RoyK> ikonia: what do you use to keep the disks in sync?
<ikonia> RoyK: depends, I normally don't do it at a disk level, but tools like drbd can be useful for that
<RoyK> I've used drbd for that - works well
<jonah> ikonia: ok so say I've got rsync and mysql syncing set up and few other bits and then I get a hardware failure on the main server so it powers off. The second server picks up from where it left off with the most up-to-date files it has from 10mins ago or whatever. Then someone logs into the hosted website and uploads a file. Then I fix the first server and power it back on. Will that file that was upload then be lost (or email or whatever
<jonah> changed on server 2)? Or does that sync back to the first server somehow. I know this all depends on how things are set up but hyperthetically is that easy to set up or will it just not work very well?
<jonah> ikonia: same for load balancing, can it even load balance at all if using rsync etc with dynamic sites or email/webmail - or is load balancing just out the question.
<jonah> ikonia: I am looking to hire someone to set this up and help me with this stuff, but just trying to understand or think of the best setup before really.
<ikonia> jonah: you're trying to do enterprise availability without an enterprise approach (eg: using rsync in a one way sync)
<ikonia> I think you need to look at what you've got and what you actual realistic goal is
<jonah> ikonia: Well I'm not looking for anything too complex and don't need the best HA or anything. If hardware failure happened I could live with some files being a little out of date, as hopefully it would be rare. Not trying to set any goals unacheivable or anything...
<jonah> ikonia: just with that guide saying loadbalancing was achievable: http://gcharriere.com/blog/?p=339 I wondered if it would work, despite running dynamic websites/email server etc
<cpaelzer> jamespage: I have reproduced the 2214 unittest several times now
<cpaelzer> jamespage: the test itself is one of the new OVN things
<cpaelzer> jamespage: so new might mean it has issues - nut sure
<cpaelzer> the test does so many things that I need to check what it actually is first that I'm still feeling lost
<cpaelzer> jamespage: do you want me to report at least this test (the others seem transient) and set you on CC?
<ikonia> jonah: the reality is you want a two way sync
<ikonia> which means you have to build logic into your scripts to work out which one is the active node
<ikonia> thats all
<jonah> ikonia: ok so unison or something?
<ikonia> jonah: however your best to handle it
<cpaelzer> jamespage: didn't hear form you - but I think (hope) it can't hurt to report that
<cpaelzer> I got the same using non debian way to build
<jamespage> cpaelzer, +1 yeah that's the one I see failing reliably on i386
<jamespage> on amd64 I saw the bfp failure but its transient
<cpaelzer> jamespage: I ran it through some loops and envs over lunchtime 15/1149 are both transient - 15 in both, 1149 only in i686
<cpaelzer> I just snet the mail out about 2214
<cpaelzer> jamespage: I'm on vacation after next week, so I hope we get something uploadable working before to match FF
<cpaelzer> jamespage: otherwise I'll have to file a FFE on next Friday
<jamespage> cpaelzer, agreed - I am as well
<jamespage> cpaelzer, there is still no 2.6 branch :-(
<cpaelzer> they have two major features being discussed inthe scope of "please add before branching 2.6" that might stall it
<cpaelzer> on the DPDK side of things already the "oh this is broken" fixes start to come up
<cpaelzer> similarly on OVS I've seen a few new leak fixes
<cpaelzer> this OVN test really is an gigantic oven - if you haven'T written that test you feel lost and close to "well done"
<derwood2> Heya again folks :)
<cpaelzer> I just hope there is some upstream feedback leading us to the right place
<derwood2> Can I ask a silly question here.. MaaS2.0, I have a install on a 80GB HDD I'm doing right now inside a node just as a standalone install.. Can I create an .iso? or something like using DD command, and have MaaS2.0 feed that out as the image after a PXE boot so I can run my blender network rendering image I am setting up right now?
<cpaelzer> derwood2: https://maas.ubuntu.com/docs/os-support.html
<derwood2> I have/am setting this install up to autologin, then start blender with the network rendering settings set on a DHCP LAN.. so would like to know if I can just feed this image of the drive out to each node as and when I please using MaaS2.0.. Not sure if I'm asking the question in the right manner or syntzx :D
<cpaelzer> derwood2: you are just less custom than you would be for a different OS
<derwood2> Cheers buddy :D
<cpaelzer> roaksoax: ^^ you might have a more sophisticated answer
<cpaelzer> derwood2: but reading what you want to do instead of how you want to do it
<derwood2> Cheers fellas, much respect :D
<cpaelzer> derwood2: wouldn't you just feed some cloud-init config to a usual ubuntu image via maas
<cpaelzer> derwood2: that could make the post install setup you need
<cpaelzer> derwood2: without you needing to build a custom image
<derwood2> I just dont know, I'm still very new to this.. and this is the way I thought about going about it, anything new as in ideas would be awesome :D
<cpaelzer> derwood2: https://maas.ubuntu.com/docs/development/preseeds.html
<derwood2> Cheers for the link and answers fella :D Awesome as ever :d
<cpaelzer> via that you can control how things are set up for you
<cpaelzer> good luck
<derwood2> :D
<roaksoax> derwood2: not sure i follow what you want to do exactly, but for the looks of it, you want MAAS to isntall a machine (i.e, ubuntu), and after the installatio is finished you want to put something in the filesystem ?
<derwood2> yes, I would like to PXE boot each node and the OS they will run is 16.4LTE with blender and x11VNC all ready running and auto logged in :D if that make sense.
<derwood2> 16.4.1LTE server edition, sorry
<Pici> *LTS
<roaksoax> derwood2: so, when you say OS, you mean you want to isntall ubuntu Xenial with Blender and x11VNC
<roaksoax> derwood2: so you are deploying stock ubuntu from MAAS
<roaksoax> derwood2: you are not creating a custom ISO
<derwood2> I would like to deploy ubuntu Xenial with Blender and x11VNC, yes :D but I assumed I had to make an .iso file to be fed to the nodes after PXE booting..
<nopea> Hi folks, I just did a clean install of Ubuntu Server 12.04.5 and when I try to install Apache 2 I am getting 'missing dependices' errors.  How can I get LAMP on this VM?
<sarnold> nopea: sudo apt-get update && sudo apt-get install lamp-server^
<sarnold> (the ^ syntax asks apt to install a 'task selection', see e.g. https://help.ubuntu.com/community/Tasksel for information)
<nopea> sarnold: yeah I tried that, but the same.
<sarnold> nopea: can you pastebin your errors?
<OerHeks> oke lets continue here, hi sarnold
<nopea> When I run apt-get update I get a bunch of errors about 'failed to fetch...'
<nopea> Here is when I run apt-get update... https://drive.google.com/open?id=0B5QmcW_8DZ4MaTZHU3FhRGVrVGc
<sarnold> nopea: check dmesg output for storage errors
<nopea> sarnold: sorry can you tell me how to do that
<sarnold> nopea: run "dmesg" and look for error messages..
<sarnold> the storage errors tend to have a lot of {  } and "SENSE" in them :) heh
<nopea> sarnold: thanks... looking - but the VM cuts half the screen off argh
<sarnold> nopea: you can ssh in and use whatever decent terminal emulator you want that way
<sarnold> I almost never interact with VM consoles, they're usually more annoying than ssh
<sarnold> they do stupid things like steal mouse and keyboard, and they can't use the same select buffer in X11...
<nopea> sarnold: that is the other issue.... I can't even install OpenSSH - I get missing dependicies errors with that as well
<sarnold> nopea: ugh
<nopea> sarnold: https://drive.google.com/open?id=0B5QmcW_8DZ4MRU9la2l6VWpMSzg
<sarnold> nopea: heh, how about that dmesg output?
<nopea> it appears that the install did not install some libraries - or perhaps they are out of date?
<sarnold> it's all the hash sum mismatches; apt won't install packages it can't authenticate
<sarnold> and your package lists aren't authenticating
<nopea> sarnold: dmsg... https://drive.google.com/open?id=0B5QmcW_8DZ4MSXVlUjFWakZqbUE
<sarnold> that can happen if there are IO errors, and dmesg output would show that if there are any...
<sarnold> alright looks boring enough
<sarnold> nopea: try sudo rm /var/lib/apt/lists/partial/* ; sudo apt-get update
<nopea> same mismatch errors
<sarnold> nopea: are you using a proxy such as squid-deb-proxy or apt-cacher-ng? is someone _else_ running e.g. a transparent proxy that you might be using?
<nopea> no, I don't think.  I just straight up installed this on a Oracle VM box
<nopea> sarnold: I just tried the update again and I got no mismatch errors... I will try lamp server again
<OerHeks> should nopea enable backports ?
<sarnold> OerHeks: no.. one problem at a time :)
<sarnold> nopea: awesome. That saves a huge amount of hassle.
<nopea> looks like it is installing
<sarnold> OerHeks: I don't recommend the backports repository, it feels vastly unloved these last few years
<OerHeks> oh, missed the update error is gone
<nopea> looks like it is up - let me check
<nopea> Apache is running
<sarnold> that's more like it :)
<nopea> mysql is running
<nopea> woo hoo.... now the question is... what the @#%$^$%^ was going on.
<sarnold> OerHeks: I think that if you need newer software than is in an LTS release, it'd probably be better to just grab a newer LTS release
<nopea> As it is a VM I may be installing this again... don't want the have to jump thru these hoops again
<OerHeks> That would be logical indeed, sarnold
<sarnold> nopea: APT enforces a path of trust -- e.g. the file http://us.archive.ubuntu.com/ubuntu/dists/precise/Release must have a valid signature in http://us.archive.ubuntu.com/ubuntu/dists/precise/Release.gpg
<OerHeks> oke, have fun nopea
<sarnold> nopea: the Release file includes a huge pile of hashes for all the other files
<sarnold> nopea: e.g. the file http://us.archive.ubuntu.com/ubuntu/dists/precise/universe/binary-i386/Packages.bz2  (which reported a hash sum mismatch in your screenshot) has a hash listed in the Release file
<sarnold> nopea: and when apt checked the downloaded file against the hash in the Release file, they didn't match, and apt refused to use it
<nopea> so by removing the list (and the hashes) I was able to match then on next update?
<sarnold> yeah
<sarnold> and if you've got a caching proxy somewhere in the middle, it might have cached bad versions
<sarnold> or it might be serving stale versions
<nopea> ok - I will have to remember that.  Not sure how the mismatches happened in the first place
<sarnold> apt-cacher-ng had some hilarious bugs when it would store files with the wrong names....
<sarnold> nopea: do note that 12.04 LTS will reach end of life in eight months; 14.04 LTS or 16.04 LTS have more time left in their support periods.
<nopea> sarnold: OerHeks big thanks guys!
<sarnold> nopea: have fun :)
<nopea> I am going to see if get the other packages to install
<sarnold> it should all be pretty smooth sailing now that your package lists are happy :)
<nopea> sarnold: thanks for the info.  I am using 12.04 as that is what my rackspace cloud server is running, and I am trying to match my dev machine as close to it as possible
<sarnold> nopea: good plan.
<nopea> sarnold: I guess I could clone the cloud server... but I dont want to pay ;)
<nopea> sarnold: do you think it could have been becuase my VM network was set to NAT... perhaps Bridged would have been better
<sarnold> nopea: maybe, IF the NAT mode meant the VM thingy put a caching proxy in the middle..
<nopea> sarnold: I will try another install and set it to bridge first - but of course I will not remove this install that is working now, even SSH ;)
<sarnold> haha
<sarnold> nopea: it might not be immediately reproducable with either networking type...
<sarnold> it's possible to go years without seeing those errors
<nopea> sarnold: true.
<nopea> sarnold: yeah - the network setting had no effect.  On another install the problem was the same as before
<riz0n> Hello friends. I just restored a system backup to a new computer, and when I boot, I have no eth0 interface. How can I reinstall networking in ubuntu?
<ikonia> riz0n: you don't re-install network
<ikonia> you need to understand why it can't see your device or if it's been renamed
<ikonia> copying system backups to a new machine is not a straight forward process for some parts
<riz0n> ikonia: after doing ifconfig -a, I saw that the device was there, but under a new name (ens33) so I modified /etc/networking/interfaces, then init 6, now all the bases are loaded and I'm running in for the home run! :)
<ikonia> excellent
<riz0n> I feel like I'm starting to learn a thing or two about Linux ;)
<YamakasY> oh no why is isc-dhcp such a pain in failover
#ubuntu-server 2016-08-06
<Geom> is there a signifacant changes  in performance running a lower version of server?
<Vmong> guys..
<Vmong> can anyone help me with copy / paste issue between ubuntu vmware and host computer
<Vmong> thanks in advance
<patdk-lap> vmong, read the vmware manual
<sypher> I'm curious as to why Ubuntu handles bonded interface configurations differently than Debian. http://paste.ubuntu.com/22444516/
<sypher> Well, more specifically, I know that in trusty, this was a consequence of upstart, though I never got under the hood to determine why. With xenial on systemd, I'm only more perplexed.
<qman__> both configurations _should_ work on both
<qman__> specifyinng bond-master or bond-slaves does operate slightly differently and I usually do the latter config
<qman__> I've not verified myself that they do on the current versions, but if they don't, that's a bug
<sypher> qman__: I'm going to make sure I'm not a moron (definite possibility), but the first style generally doesn't work correctly in xenial. I'll try it again.
<qman__> well, the catch with the first style is that if the slaves aren't up, the bond doesn't come up
<qman__> the second style brings the bond up independently of the slaves, then the slaves bring themselves up as they can
<qman__> that's why I prefer the second
<sypher> qman__: i.e. if the switchports are off?
<qman__> yes, or unplugged, or a driver bug or race condition messes things up
<sypher> Should I be setting the child interfaces to hotplug instead of auto, then, to take better advantage of that?
<qman__> I'm not actually sure on the difference between those two settings, let me check what mine are at
<qman__> yeah, mine are allow-hotplug
<sypher> As I understand it, allow-hotplug allows the interface to come up or down based on connection events.
<sypher> Rather than "it must be there, or die."
<patsToms> morning. So if I a do nmap to ubuntu 14 server I it shows that there is "25/tcp filtered smtp" open. But when I run netstat in server using root - it don't show any activity in port 25
<patsToms> is there any way to found what keeps that port open?
<sypher> filtered doesn't mean open.
<sypher> filtered means no response at all.
<qman__> right
<qman__> are you running this scan over the internet, or locally?
<sypher> A closed port will still generate a response in the form of a TCP RST.
<sypher> A filtered port means that your incoming TCP SYN just got dropped into the ether. Not even a RST response.
<qman__> most residential internet providers filter port 25 to prevent spam, and even some business ones do unless you specifically ask for it to be open
<sypher> qman__: Thank you for the pointers on lag config, btw.
<Geom`> w00t
<Geom`> srill no reply re my concern?
<ikonia> what concern
<ikonia> you've just joined - said nothing then said "w00t"
<ikonia> what do you expect ?
<Geom`> is there any significant change in speed n n lower server version compared to the latest?
<ikonia> what ???
 * sypher just stares blankly.
<Geom`> say.... 12.0.4 vs 16 (server version) is there performance difference in speed wise
<ikonia> no
<ikonia> not really
<sypher> Geom`: You also need to be concerned with the fact that support for 12.04 ends in, what, eight months?
<Geom`> ahh  ok. downloading 16 then
<Geom`> i only have c2d with 4 gb ram. speed is my concern
<ikonia> thats fine
<ikonia> it really depends what you are going to do and the load on it
<ikonia> thats a lot of resource
<Geom`> file sharing and video conversion
<ikonia> so thats fine
<ikonia>  you could do that on a raspberry pi
<Geom`> Great!
<Geom`> thanks ikonia :)
<sypher> Geom`: btw, 16.04 has been GREAT for me so far.
<sypher> Geom`: You'll love it.
<Geom`> i hope sypher... installing now
<Geom`> will it even run fine on a P4?
<qman__> yes, though you can run into bugs with kernel modesetting on some video chips from that era
<qman__> it will run on systems as old as the Pentium II
<qman__> unfortunately it does not run on my AMD K6, which lacks the i686 CPU extensions
<qman__> the last version that had a kernel compatible with it was 10.04
<Geom`> i also have the K6. il keep that in mind if ever il try it
<qman__> well, it required manually installing the -386 kernel, the standard kernel won't run on it, but 10.04 was the last version where the -386 kernel existed
<Geom`> im not a hardware guy.. what i have is this http://specsen.com/motherboard-epox/epox-ep-8hda5-/ is this K6?
<Geom`> im not so sure what the cpu is
<Geom`> oh its K8 :)
<teward> Geom`: um, in the modern era that's the Athlon 64 chips.  (They don't use hte K nomenclature anymore)
<teward> (it's an amd64 arch)
<teward> (I have at least twelve such series' chips lying around heh)
<teward> blah nevermind me :)
#ubuntu-server 2016-08-07
<Geom`> ubuntu 16.04 server states "support guaranteed until April 2021 â 64-bit only.". what about the 32-bit?
<patdk-lap> odd, Geom, I can't locat that anywhere
<segmastar> Hello?
<segmastar> Anyone here?
<Tobias92> Hey guys, since upgrading to Xenial I noticed that '/usr/share/doc/module-init-tools' is a symlink to '/usr/share/doc/libkmod2'. As a result, the 'changelog.Debian.gz' file of 'module-init-tools' and 'libkmod2' is the same file and is overwritten by both packages. The differences are trivial (the package name in the last line), but enough to cause debsums mismatches. Have you observed this issue before?
<jin7boy> hi.  I can't find the string "EnableSendfile" in the /etc/apache2/apache2.conf.
<jin7boy> ok~~
<iliv> hi, I ran into a problem with my RAID-1 devices on Xenial. I would appreciate it if somebody could take a look a this AskUbuntu question that described the problem in detail: http://askubuntu.com/questions/809182/ubuntu-xenial-fails-to-mount-software-raid-1-if-fstab-records-for-dev-mdx-are-p
<ikonia> iliv: you'll need to either a.) change the metadata on the device names to be md0 etc, or b.) change the mdadam.conf and fstab to point at the current names
<iliv> ikonia both devices were created as /dev/md0 and /dev/md1 and been used as such for years in Arch Linux
<ikonia> you're not using archlinux now
<iliv> no, I am not
<ikonia> and to be honest - I'm not going to support askubuntu
<ikonia> you want to use askubuntu, use askubuntu, I don't like askubuntu/forum questions being posted in irc
<iliv> who are you exactly?
<ikonia> in what respect ?
<Geom> is daskubuntu is not related to ubuntu.com?
<ikonia> never even heard of it
<Geom> *ask i mean lol
<ikonia> askubuntu is an answer platform from ubuntu, yes,
<Geom> server is running fine.. been learning a lot :)
<ikonia> ?
<Geom> my ubuntu server
<ikonia> ?
<Geom> Â¿
<iliv> okay so the answer to my question is: update-initramfs -k all -u
<Guest_84747> Allah is doing
<Guest_84747> sun is not doing Allah is doing
<Guest_84747> moon is not doing Allah is doing
<Guest_84747> Allah is doing
<Guest_84747> sun is not doing Allah is doing
<Guest_84747> moon is not doing Allah is doing
<Guest_84747> stars are not doing Allah is doing
<Guest_84747> planets are not doing Allah is doing
<Guest_84747> galaxies are not doing Allah is doing
<ogra_> ikonia, ?
<Guest_84747> oceans are not doing Allah is doing
<ogra_> (that wasnt so effective it seems)
<ogra_> thx :)
<ikonia> sorry, wasn't watching
<\9> allah seems like a busy fellow
<Geom> does /dev/cdrom link to all my dvd drives?
<ikonia> no
<Geom> let me rephrase.... /dev/sr# link to /dev/cdrom?
<ikonia> look at the symlink
<Geom> i have to google on how to look at it. brb
<ikonia> ls
<Geom> it is :)
<Geom> im making a script to auto run a command if it sense a disc insertion on any dvd drives
<ikonia> "great" ?
<jonah> hi can anyone help I'm trying to follow this guide: https://www.howtoforge.com/setting-up-unison-file-synchronization-between-two-servers-on-ubuntu-11.10
<jonah> but not matter what I try, unison still asks for a password
<ikonia> no, as guides for 11.10 are obsolete
<jonah> ikonia: haha thanks! but basically on server 2 I've renabled root login, yes unison on server 1 still asks for a password despite me generating the public/private keys!
<ikonia> I'm not joking
<ikonia> 11.10 is obsolete and guides for it are obsolete
<ikonia> howtoforge is also a pile of garbage in general
<jonah> ikonia: haha that dry humour gets me every time! (But I can tell you're being serious about Howtoforge, that IS rubbish!)
<ikonia> I'm being serious in full reference to my statement
<patdk-lap> well, it's not rubbish
<patdk-lap> but a tutorial is a tutorial
<patdk-lap> it is how one person solved his goal
<patdk-lap> the likely hood of your goals, problems, infrastructure, and knowledge are of atleast the same level, is unlikely
<patdk-lap> so the tutorial is useless
<patdk-lap> you knowledge of each component used is VERY important
<sutliff707> I can not get smartmontools to send email reports however i can successfully email myself using mailutils
<sutliff707> I can not get smartmontools to send email reports however i can successfully email myself using mailutils
<jonah> hi does anyone use Unison for file syncing? I've got it set up and it works but I wanted to sync a server home dir to a slave server. The problem is I get "user does not exist" for some of the folders which obviously aren't on the other machine. How do you go about syncing users and groups across two machines, so when you make one on one machine it makes it on the other and vice versa? thanks for any help
<sypher> jonah: Is this still on the 11.10 box from the HowToForge thing?
<jonah> sypher: Sort of, I got that working in the end but now I'm just stuck with how to sync users across machines...
<sypher> jonah: Yeah, four and a half hours didn't magically make 11.10 not obsolete.
<jonah> sypher: haha yeah - it just made it more obsolete! But I guess I just have to try with the resources I have and the guides out there...
<sypher> jonah: I'm fairly certain that 14.04 and 16.04 are available to you.
<jonah> sypher: and ask for help in here too of course! Hopefully then I'll get there in the end.
<sypher> jonah: The problem is that the vast majority of people that have the ability to assist you will likely decline to support a nearly five year old OS that's long been out of support.
<jonah> sypher: yeah I'm using 16.04 ! Just the guide was for 11.10... as I couldn't find anything more up-to-date
<sypher> jonah: That's probably why you're running into issues. Instructions for 11.10 will probably deviate SERIOUSLY from what needs to be done in 16.04.
<jonah> sypher: There was no guide for 16.04 so just tried using an older guide...
<jonah> sypher: yeah I know... that's why I asked in here!! sometimes it's like going round in circles ;)
<sypher> jonah: I believe this is the first you mentioned that you weren't trying to do this ON 11.10.
<sypher> So, let me give this a swing. I can't really say much to unison, but what issue are you having?
<jonah> sypher: sorry I should of made that clear, I just said I was following a guide, should of pointed out my OS didn't match the older one in the guide!
<sypher> That would have been beneficial, yes. :P
<jonah> sypher: well baiscally that guide kicks ass (apart from being out of date!!) for what I'm trying to do, which is just sync two server in a basic way to offer some failover. The files will sync if the users match, but I'm not sure how I sync the users up first so that when you make a new user on server1 it syncs to server 2 and vice versa...
<sypher> You can sync the home directories, but I would strongly advise NOT trying to replicate created users.
<jonah> sypher: well in my setup each user is a Virtual Server. So say I have bob.com on server one, it's user is bob - if server one fails and server 2 picks up where it left off it would then need the bob user also to run the site/php stuff fcgi etc?
<sypher> Wait, you're trying to run services with this?
<TheEagerPadawan> is there something as tail -f for ps aux
<sypher> TheEagerPadawan: top?
<TheEagerPadawan> i know there is a cron job running somewhere but i don't know what the timeframe is
<jonah> sypher: yeah just to provide failover, if server one dies then server two can run the sites/mail etc until server 1 is back up
<sypher> jonah: This doesn't sound like a good failover plan.
<sypher> TheEagerPadawan: Check the cron log?
<sypher> TheEagerPadawan: Just trying to think of easier alternatives.
<TheEagerPadawan> crontab -e iirc
<jonah> sypher: Is there a better way to achieve failover with just two servers?
<sypher> TheEagerPadawan: No, the cron LOG. Check for "CRON" entries in the syslog.
<TheEagerPadawan> and where would that be located?
<sypher>  /var/log/syslog
<sypher> try: sudo grep CRON /var/log/syslog | less
<sypher> That'll let you page through the results.
<TheEagerPadawan> that won't work | pentesting system
<sypher> Then have fun.
<sutliff707> can anyone help me with smartd monitoring
<patdk-lap> configure smartd.conf and have smartd start on boot, done
<sutliff707> Yeah I have that all done but I believe something is wrong in my smartd.conf file because I never get the emails
<sutliff707> here is a link to what my file currently looks like
<sutliff707> http://pastebin.com/zS8atcMw
<patdk-lap> well, it uses sendmail
<patdk-lap> did you install and configure an mta or nullmailer
<patdk-lap> hopefully a nullmailer
<patdk-lap> sutliff707, so no, you didn't configure it at all
<sutliff707> I have mailx, mailutils, ssmtp
<patdk-lap> did you bother to read line 16 of that file?
<sutliff707> scroll to the bottom
<patdk-lap> why?
<patdk-lap> it says nothing after line 22 will EVER be read
<patdk-lap> like I said, did you bother to read line 16
<patdk-lap> I see it on line 22 and on line 151
<patdk-lap> so that is twice, lines 154+ will NEVER be read
<sutliff707> Alright, im an idiot so should I delete all of it except what I have at the bottom
<patdk-lap> or move the bottom stuff to the top
<sutliff707> so would this work http://pastebin.com/EVUwBBgX
<patdk-lap> no
<patdk-lap> atleast not if you wanted anything besides the first line to be used
<sutliff707> How would I have to do it then have the DEVICESCAN be the last line?
<patdk-lap> heh?
<patdk-lap> just make line 1 come after those others
<patdk-lap> I don't see what is so hard about that
<sutliff707> I guess Im just confused because im new to this, sorry if it makes it frustrating. So you are saying this will work http://pastebin.com/E9vYuMYP
<Thumpxr> Has anyone a clue why my ubuntu box (apache, reverse proxy, mysql, voice server, openVPN) work fine via openVPN as long as i browse on https sites but redirects to my own server ip/website when i try to access a site which doesnt support https ?
<ikonia> TheRinger: you've not given us much info, but I suspect it's down to the proxying
<guillaume__> hello
<guillaume__> i'm in a pretty bad situation, i was doing an upgrade to 16.04.1 on my server and it was telling me it had to update the db which failed and i accidentally pressed "ctrl + c" which cut the ssh connection with a weird bug. I'm in another ssh session and i can't do any command because the process is locked because already open on the broken ssh connection doing the update
<sutliff> can anyone help me configure smartd
#ubuntu-server 2017-07-31
<jamespage> coreycb: unblocked pike-staging - needed newer python-idna to resolve crypto installability
<coreycb> jamespage: thanks. i've been moving forward with b3 without bumping deps for the following: http://paste.ubuntu.com/25212923/
<coreycb> jamespage: the new versions should be coming soon
<soren> Hey, party people.  I realised I still own ~ubuntu-virt on Launchpad. That seems... anachronistic. Is there an heir apparent?
<rbasak> soren: o/
<rbasak> soren: is that team actually used for anything?
<rbasak> soren: cpaelzer is probably the obvious heir. But perhaps it should be something more generic like ~ubuntu-server-dev?
<soren> It's racb on Launchpad?
<rbasak> I'm racb, yes.
<soren> Oh, you weren't volunteering?
<rbasak> No, I'm volunteering ~ubuntu-server-dev :-)
<soren> Careful raising your hand like that. :)
 * rbasak was waving hello!
<soren> I'm not sure if ubuntu-virt membership grants any upload rights in addition to what ubuntu-server-dev provides.
<rbasak> I hope it doesn't.
<rbasak> But by making it owned by ~ubuntu-server-dev, you make sure that the set of people who can manage it includes a current ubuntu-server packageset uploader as approved by the DMB. So it shouldn't get stale.
<rbasak> (and the Ubuntu project can trust all of those people)
<soren> That makes sense.
<soren> My only concern is that I realised that I owned it because I started getting build failure e-mails.
<soren> And as team owner, you can't opt out of those, apparently.
<soren> (from the virt-daily-upstream ppa)
<rbasak> You're both the owner and a member.
<rbasak> I suspect the notification goes to members?
<soren> "You are receiving this email because your team Ubuntu Virtualisation
<soren> team is the owner of this archive."
<rbasak> It's possible to deactivate the owner from being a member.
<rbasak> (as just discovered by ahasenack as it happens)
<soren> It's been half a decade since I used Launchpad for anything serious. I honestly don't recall all the details of when what gets e-mailed to whom.
<rbasak> soren: if you like, just switch the owner to me and I'll sort it out :)
<soren> rbasak: That's the spirit!
<rbasak> soren: I think you need to leave the team if you want to stop receiving the emails. I can do that for you if you like.
<soren> rbasak: Congrats. You now own ubuntu-virt.
<rbasak> Thanks. I think :)
<soren> Wow. Certainly the end of an era. Leaving the team now.
<rbasak> soren: looks like there's also https://launchpad.net/~openstack-ubuntu-packagers that you own
<soren> Do you want that one, too?
<rbasak> If you like. I'll do the same thing and hand it over to a team.
<soren> Done.
<rbasak> Thanks!
<rbasak> soren: you want out of that team too?
<soren> Oh. Yeah, I should.
<soren> Done.
<soren> rbasak: Thanks!
<strixUK> hi; i'm exploring lvm raid1.  so far it seems pretty good, seems to work well.  one weirdness, though:
<strixUK> by default, lvcreate will try to synchronise the two volumes.  for large volumes, this can take a lot of time to synchronise nothing at all, especially when you're about to mkfs it.  you can add the --nosync to lvcreate, but then the type flag in 'lvs' indicates 'raid without initial sync'.
<strixUK> i'm wondering how to get rid of this or whether i even need to.
<pmatulis> how do i update (or remove) a snap? --> http://paste.ubuntu.com/25215218/
<pmatulis> disregard, i tore down the system and started again
<hashwagon> Anyone know why the CUPS web interface crashes half of the time when doing admin operations? My /var/log/cups/error_log shows cupsdStopSelect()
<DammitJim> what application comes already installed that uses the gui?
<DammitJim> I'm trying to test launching a GUI app through ssh -X
<sarnold> the server install may not have any, since that'd requir linking against x libs, which drags in huge amounts of x libs :)
<DammitJim> oh man
<sarnold> gvim or xterm or xeyes come to mind
<DammitJim> yeah, it says 42 for xterm
<sarnold> lstopo is actually kind of useful on servers
<DammitJim> lstopo? hhmmmm
<DammitJim> ok, so xterm did the job
<DammitJim> thanks
<ahasenack> nacc: around? Could you check libvirt in ~usd-importer-team for xenial-devel? I think it's behind the archive
<ahasenack> ubuntu/xenial-devel has 1.3.1-1ubuntu10.8
<ahasenack> rmadison shows 1.3.1-1ubuntu10.11 for xenial-updates, and 10.12 in xenial-proposed
<nacc> ahasenack: let me look
<nacc> ahasenack: i think because smb and cpaelzer maintain libvirt in their own repo, I was not importing it
<nacc> ahasenack: i'll refresh the repo now, but you may want to consult with them
<ahasenack> nacc: why does it matter where they maintain it? Doesn't it end up in the archive eventually?
<nacc> ahasenack: yes, but they stage changes, etc.
<ahasenack> nacc: are you going to refresh from the archive now?
<nacc> ahasenack: i am, but you should still coordinate with them
<ahasenack> ok
<ahasenack> thx
<nacc> ahasenack: also, libvirt is large and a bit slow to import :)
<docmur> Hey guys, I have a bunch of VMs encrypted, I want to set them up so I can enter the phrase during boot remotely, is that possible and how would I do that?
<drab> docmur: maybe not very useful as I looked at this for LUKS about 5yrs ago, but back then you had to create a custom initrd image that allowed you to insert the pwd
<drab> so yes it was possible and that's how you did it (in a very very short pinch)
<drab> the principle still seems to be valid tho, initrd is what is loaded before the actual kernel/OS
<drab> so if the OS is on encrypted root to have that functionality in initrd makes sense to me
<drab> docmur: this seems to be what you're after and jives with what I remember: https://askubuntu.com/questions/59487/how-to-configure-lvm-luks-to-autodecrypt-partition
<drab> with the nice plus of also shwoing how to use a keyfile on a thumbdrive
<drab> http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/
<drab> justging from that "more recent" post it seems that now asking for pwd is
<drab> default and just works, but haven't tried
#ubuntu-server 2017-08-01
<nacc> ahasenack: just fyi, the import is still going, it's done with debian (and patches-applied of debian), doing ubuntu patches-applied now (up to lucid), so it'll probably finish sometime this evening (my time)
<jak2000> why cant do an apt update?   https://pastebin.com/uBNFwv7w
<lordievader> Good morning
<jsheeren> hi
<jsheeren> can i force a process to take over a port still in use by a defunct zombie process?
<mdeslaur> rbasak: is someone working on mysql-5.7 5.7.19 in artful?
<rbasak> mdeslaur: blocked on me at the moment :-/
<mdeslaur> rbasak.clone()
<rbasak> I've still not reviewed Skuggen (not here)'s merge of 5.7.18 :-/
<rbasak> It's on my list to spend some time catching up on MySQL properly.
<mdeslaur> ok, thanks
<rbasak> mdeslaur: go ahead and bump the upstream to 5.7.19 in artful I guess?
<mdeslaur> rbasak: sure, I can do that
<rbasak> mdeslaur: you might find https://anonscm.debian.org/cgit/pkg-mysql/mysql.git/log/?h=mysql-5.7/lars/ubuntu helpful.
<rbasak> That was for 5.7.18.
<mdeslaur> I was trying to get someone else to go through autopkgfail hell :)
<rbasak> Oh, but that's already there.
<rbasak> https://anonscm.debian.org/cgit/pkg-mysql/mysql.git/log/ is on 5.7.19 if that helps.
<rbasak> It should be almost identical, apart from the mecab component delta.
<mdeslaur> I'll just do what I did for the zesty security update, and it can get replaced with a proper sync afterwards
<rbasak> Sure. Thanks!
<christos_> What is the difference between "crontab -e" and "/etc/crontab"?
<christos_> I am trying to setup some jobs to run and not sure what is the best place to put what
<nav-> christos_: nothing
<nav-> 'crontab -e' opens file /etc/crontab for editing using your default text editor
<nav-> '/etc/crontab' is a file that stores your crontab entries
<rbasak> No.
<rbasak> "crontab -e" edits your user's crontab entry.
<rbasak> /etc/crontab is the system's crontab entry and is a different syntax (it has an additional user field).
<christos_> nav-: is there any reason why I can't just vim /etc/crontab? Is that bad to do?
<rbasak> christos_: unless you want them to run as a specific ordinary user, editing /etc/crontab is fine.
<christos_> Also, I want to get an email after the cronjob finishes, how do I do that? I tryed adding MAILTO my /etc/crontab and then putting a script in cron.hourly to test but it ran once and then never again?
<rbasak> christos_: if you want them to run as your own user, then you can still use /etc/crontab, though I'd use "crontab -e" as I feel that's cleaner.
<nav-> christos_: no, nothing is stopping you from just editing /etc/crontab in vim
<christos_> rbasak: When I make an entry in crontab -e and look in /etc/crontab, it does not show what I added?
<rbasak> christos_: correct. Because they are different sets of entries.
<rbasak> One is for your user. The other is for the system.
<christos_> is there a location for what I am editing with crontab -e
<christos_> Like i can go to that file somewhere?
<rbasak> /var/spool/cron/crontabs, but you aren't supposed to edit that directly.
<rbasak> I expect you'll have sync issues if you do.
<rbasak> You may edit /etc/crontab directly, but for user crontabs, you should go through the crontab command.
<christos_> rbasak: I understand that now thanks
<nav-> christos_: why not just use 'crontab -e' and tell it to use 'vim' to edit it? and then use 'crontab -l' to list your entries to verify it worked
<christos_> and "cat" the /var/spool/cron/crontab for the users to see what is what.
<rbasak> christos_: as nav- says, use "crontab -l"
<christos_> nav-: That is what I was doing before, I was just curious about the difference
<nav-> gotcha
<christos_> Thanks guys! Is there a way to get emails when a job runs?
<nav-> sure. have a script that sends one and schedule it to run at the end of your cronjob
<christos_> there is a site called cronguru where they help with the schedule spacifics and you can add "&& curl -sm 30 k.wdt.io/<email-address>/<cronjob-name>?c=5_4_*_*_*" to your job and it will email you but I don't want to use their service
<christos_> nav-: that sounds easy enough. thanks!
<nav-> np
<christos_> I collect comics and it is easy to get my computer to do all my collection leg work than me.
<nav-> once you get past the frustrating part of setting everything up, it certainly will be
<rbasak> cron automatically emails the output of every job to whatever MAILTO is set to. So for a basic email you just have to have the job output something, and you should get it. This is subject to the system mail daemon being correctly configured. If it's not, that's worth fixing anyway, as there are other things on the system that also expect to be able to email the administrator.
<coreycb> jamespage: senlin switched to using the u-c version of python-docker (2.4.2) but i don't think we want to sync a new python-docker without a new docker-compose. i'm going to add a minor patch to senlin's docker driver to use python-docker 1.9.0 which is what we currently have in the archive.
<jamespage> coreycb: ok
<christos_> ok, last question for the day. I am sending an email and I know how to add an attachment to my email, but is there a way to cat the contents of the file to my email?
<christos_> Oh. I got it guys
<christos_> "< filename"
<christos_> Thanks for everythign nav- and rbasak
<nav-> or you can pipe the output of 'cat file' as the input to the email program
<nav-> but i dont want to make it more complicated than it needs to be, no problem
<ahasenack> smb: hey, around?
<smb> ahasenack, yes, but give me a sec
<ahasenack> ok
<smb> ahasenack, ok now
<ahasenack> smb: ok, it's about this bug: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1707400/comments/12 I'm linking to my comment where I believe i sorted it out (confirmed by the reporter later on)
<ubottu> Launchpad bug 1707400 in libvirt (Ubuntu) "package libvirt-bin 1.3.1-1ubuntu10.11 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Medium,Confirmed]
<ahasenack> smb: tl;dr if you look at the attached dmesg.txt file, you'll see apparmor denied errors, preventing libvirt-bin from connecting to a socket
<ahasenack> smb: I debugged it, and I have two possible patches:
<ahasenack> smb: a) http://pastebin.ubuntu.com/25219930/
<ahasenack> smb: b) http://pastebin.ubuntu.com/25219940/
<ahasenack> ubuntu > xenial is using (a)
<ahasenack> but I found it odd that the dh_apparmor lines were there in d/rules but commented, maybe there was a good reason back then. git log didn't help me find any
<smb> ahasenack, historic reasons that up to a certain point we were not using apparmor profiles in examples/libvirt but some copies under debian/apparmor (or so)
<ahasenack> smb: I tested (a) in my broken system, and libvirt installed just fine then
<ahasenack> I wonder if the code in (b) should even still exist
<ahasenack> it still exists in artful
<ahasenack> where postinst calls apparmor_parser twice then: once like in (b), and later on again via the snippet introduced by dh_apparmor
<smb> Christian and I were working on moving back to what debian does. which is to use dh_apparmor helper and that generates a lot of the maintscripts
<ahasenack> yeah, in terms of a minimum change for an SRU, dh_apparmor sounds more intrusive
<ahasenack> in > xenial, where we use dh_apparmor, the service changed names even
<ahasenack> it's now a proper systemd job iirc
<smb> I thought Christian dropped our mainscripts patches in artful in favour of using dh_aa
<ahasenack> libvirt-system-daemon or something
<ahasenack> yeah man, talk about patches
<ahasenack> $ find debian/patches/ -type f | wc -l
<ahasenack> 83
<smb> Its a long and slow process to get rid of them again
<ahasenack> smb: anyway, I think we need -T and -W in the apparmor_parser call, otherwise certain upgrades just fail
<ahasenack> I wasn't aware of that apparmor cache before debugging this bug
<smb> ahasenack, I would tend to do the postinst change in Xenial and Zesty if needed. Because there we modify postinst and either need to remove things as well or have duplicate steps when enabling dh_apparmor
<ahasenack> smb: >=yakkety are fine wrt the bug
<ahasenack> apparmor_parser is called correctly there
<ahasenack> via dh_apparmor
<smb> ah ok
<ahasenack> not that existing snippet in postinst, that one still uses just -r
<smb> Rigth just done unnecessary twice. and with artful the snippet should be gone
<ahasenack> correct, done twice: incomplete the first time, fully correct the second time because of dh_apparmor
<ahasenack> same in artful
<ahasenack> it's still there, we could probably remove it
<smb> ahasenack, just to be sure, you know that libvirt is kept in a lp git tree
<ahasenack> smb: I had a hint yesterday
<ahasenack> smb: I'm indeed just checking the package in artful, and its imported git tree into that usd-importer-team
<smb> ahasenack, ok, latest artful might be a spearate branch too
<smb> ahasenack, Christan has a habit of doing merge branches so latest is artful-3.5
<ahasenack> oh, and I think you are right, the artful package just uses dh_apparmor
<ahasenack> I just fetched it with pull-lp-source
<ahasenack> no apparmor_parser call in debian/blabla.postinst
<smb> Ah ok, so more what I expected. Could be that the importer needs hinting with multiple branches.
<ahasenack> cool
<ahasenack> so nothing to do in artful
<ahasenack> I asked for the importer to run yesterday after I noticed the xenial branch was out of date
<ahasenack> I didn't check artful again, let me refresh my tree, the new import run should be done now
<smb> Xenial has only one branch but zesty and artful each 2. One without version and one with when merging a new upstream version.
<smb> personally I would get rid of the versioned branches or at least reset the unversioned ones but not consider this my personal space ;_)
<ahasenack> ok, artful git branch is good
<ahasenack> so it's just xenial
<ahasenack> maybe trusty
<ahasenack> and zesty is calling it twice, no harm
<ahasenack> I can attach these two patch suggestions to the bug
<ahasenack> christian is back next week?
<smb> ok, yeah, so for x and possibly t I would do the direct postinst snippet change as I am not sure how well debhelper plays together with what we got there
<smb> I believe so
<smb> ahasenack, Oh actually for T I would be careful and verify that aa has a cache back then already
<ahasenack> yep, saw something about these -T -W options being "new"
<ahasenack> it probably does, otherwise this bug wouldn't have happened
<christos_> how can I add `date '+%m-%d-%Y' to the subject of my email that doesn't show up as '08-01/2017' and the actual string
<christos_> "8-01=2017 Report" instead of "date '+%m-%d-%Y Report"
<ahasenack> smb: a default trusty install: http://pastebin.ubuntu.com/25220361/
<ahasenack> -T -W is used already
<smb> ahasenack, hm, so we lost this over time. bah! but at least one less release to worry about
<smb> oh not for libvirt maybe
<ahasenack> right, not libvirt
<ahasenack> that's just the name of my container
<ahasenack> I tend to create a lot, one per bug I'm working on, or worked on
<ahasenack> $ lxc list|grep PERSISTENT|wc -l
<ahasenack> 58
<ahasenack> :)
<ahasenack> smb: can you accept nominations? https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1707400
<ubottu> Launchpad bug 1707400 in libvirt (Ubuntu) "package libvirt-bin 1.3.1-1ubuntu10.11 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Medium,Confirmed]
<smb> I was not looking directly at the pastbin but the comment here sounded like it was already done for libvirt.
<smb> ahasenack, I think I can for that package
<smb> ahasenack, done
<ahasenack> smb: thx
<nacc> ahasenack: fyi, libvirt appears to be fully imported now
<ahasenack> nacc: it is, thx
<ahasenack> got a whole bunch of new stuff
<nacc> ahasenack: :)
<sdeziel> I am wondering if someone is working on the security fixes for PHP to address CVE-2017-922{4, 6, 7, 8, 9}?
<ahasenack> sdeziel: try the #ubuntu-hardened channel, that's where the security team lingers
<sdeziel> ahasenack: thank you
<ahasenack> np
<ahasenack> nacc: I got this during git ubuntu build-source:
<ahasenack> $ git ubuntu build-source --sign
<ahasenack> 08/01/2017 12:14:50 - INFO:New upstream version detected (1.2.2) which is after the last published upstream version (1.2.16). Falling through to just calling dpkg-buildpackage.
<ahasenack> d/changelog has 1.2.2
<ahasenack> I don't know where it got 1.2.16 from
<nacc> ahasenack: this was to build an SRU?
<ahasenack> yes, I was on a xenial branch
<ahasenack> I wonder if it did ascii comparison/sorting
<nacc> ahasenack: file a bug please, i'll try and get it fixed
<ahasenack> k
<nacc> ahasenack: xenial branch of libvirt?
<ahasenack> nacc: yes
<nacc> hrm, shouldn't that be 1.3.1 someting?
<ahasenack> sorry, trusty
<ahasenack> xenial worked
<ahasenack> I was on trusty now, and that's where I saw that output
<nacc> ahasenack: ah ok, yeah, i'm not sure
<nacc> rbasak: oh i meant to ask in a comment in the blog draft -- do you have anchors in your post?
<nacc> rbasak: so, e.g., i can refer to a particular section
<rbasak> nacc: no but I expect I can add them.
<nacc> rbasak: ok, that'd be handy for my referencing back to your post
<nacc> (and e.g., to point directly to the index section)
<rbasak> nacc: http://www.justgohome.co.uk/blog/2017/07/developing-ubuntu-using-git.html#multi-post-index
<nacc> rbasak: thanks! and one for the experimental status, too, if you can :)
<rbasak> ack
<rbasak> nacc: done: http://www.justgohome.co.uk/blog/2017/07/developing-ubuntu-using-git.html#experimental-status
<nacc> rbasak: excellent, tyvm
<oerheks> nacc, copy that to #ubuntu-news too ;-)
<teward> anyone got any experience with postfix and mail relaying? I've got a case where some messages need to just go straight out via SMTP in some cases and the rest need to be relayed to another system before being sent out over the Internet, a little confused to set it up
<sdeziel> teward: you can define "routing" rules using transport: http://www.postfix.org/transport.5.html
<nacc> ahasenack: yep, it's a bug, i've got the fix staged
<nacc> ahasenack: let me know when/if you file it
<ahasenack> nacc: ah, cool, do you still need the bug? I just came back from lunch
<ahasenack> will do
<nacc> ahasenack: thanks
<nacc> ahasenack: once rbasak approves of the sru-versioning-fixes MP for the linter, i can push this fix in on top (it's easiest to do it that way, as i'm using a bit of shared code that is only shared after the changes in that branch). Alternatively, I can cherry-pick that across and just fix the bug; rbasak any opinion there?
<ahasenack> nacc: https://bugs.launchpad.net/usd-importer/+bug/1707983
<ubottu> Launchpad bug 1707983 in usd-importer "Incorrect sorting produces bogus warning when running build-source" [Undecided,New]
<teward> sdeziel: thanks
<sdeziel> np
<teward> sdeziel: one more question: can a 'routing' rule be set to just send to the actual destination, while all other mail is relayed to a different server?  That is to say, a straight SMTP outbound connection rather than relaying in certain circumstances (as transport destinations for regexp header matches for example)
<sdeziel> teward: in that case, I'd use a global relayhost and would put just one entry in your transport_maps with the domain you want to be sent directly
<teward> hmm, OK, i'll have to think this through, we are trying to special-case handle out of office automatic replies on Exchange at postfix, so that we can have it go right out instead of pissing around with mcafee web gateway eating those.
<teward> so it'd be pretty much "Send to expected destination" for any matching subject, relay otherwise.
<teward> not *as* simple a config :p
<sdeziel> right, a bit more involved then ;)
<teward> yup.  any tips are helpful.  :)
<sdeziel> have you tried this: https://serverfault.com/questions/679975/postfix-selecting-relay-host-based-on-from-mail-header-rather-than-envelope-se
<teward> sdeziel: yeah that's what i'm working on now, gonna run a test shortly to see what happens and if anything explodes in my face xD
<sdeziel> teward: a header_checks can return "FILTER transport:destination" to have it pick a specific transport
<sdeziel> this would remove the need from using a transport_maps
<hashwagon> Anyone know how I'd add a countdown timer on the grub menu of a bootable ubuntu server install USB? I can't seem to find documentation on it, I just want it to kick off an install automatically.
<oerheks> edit  /etc/default/grub change GRUB_TIMEOUT=<seconds> sudo update-grub
<oerheks> or -1 for indefinitly ?
<hashwagon> On the root of my USB I don't have /etc/default I have /boot/grub/grub.cfg am I missing something?
<hashwagon> I have /isolinux as well
<oerheks> err, the server installer is not a live iso
<oerheks> this applies to an install only
<JeevesMoss>  has anyone hit this bug yet when trying to install mongoDB?  "insserv: warning: script 'K01mongodb' missing LSB tags and overrides"
<nacc> JeevesMoss: it's just a warning and can be ignored, iirc
<hashwagon> Ahhh, I was hoping there was something I could put at the end of the grub.cfg line: linux /install/vmlinuz [...] timeout=0 quiet ---
<JeevesMoss> nacc, I can't get the dumb server to start.  :-(
<nacc> JeevesMoss: what are you trying? exact command and output (in a pastebin)
<drab> hashwagon: you should have a isolinux.cfg
<JeevesMoss> nacc, https://pastebin.com/f77WnL0n
<drab> there are two options in there, prompt and timeout
<drab> hashwagon: those should do what you want
<nacc> JeevesMoss: that's not an ubuntu pacakge, you should contact the repository owner
<drab> since it's a bootable stick the menu etc should be the isolinux one, not the grub one
<nacc> JeevesMoss: what version of ubuntu are you on?
<hashwagon> drab, okay I do have isolinux.cfg, I'll try that now
<JeevesMoss> nacc, 16.04
<drab> hey nacc .o/
<nacc> JeevesMoss: you definitely don't want some pacakge with the word 'upstart' in it then :)
<drab> hashwagon: it should already have in it prompt 0 , timeout 0
<nacc> *some repo
<nacc> drab: heya
<drab> hashwagon: or something like that
<drab> hashwagon: http://www.syslinux.org/wiki/index.php?title=SYSLINUX#TIMEOUT_timeout
<drab> hashwagon: http://www.syslinux.org/wiki/index.php?title=SYSLINUX#PROMPT_flag_val
<hashwagon> drab, I do have both at zero. My isolinux.cfg also includes: include menu.cfg default vesamenu.c32
<drab> so change prompt to 1 and timeout to 10 or something
<hashwagon> I'll give it a shot thanks
<drab> hashwagon: that's normal, and those files can override those variables, but iirc (and you can check grepping), none do
<JeevesMoss> nacc, time to go find the correct package
<nacc> JeevesMoss: iirc, there is a mongodb-server package in ubuntu
<drab> hashwagon: actually my prompt.cfg does override prompt to 0 again
<drab> so you may want to change that too just in case
<drab> if it gets included
<drab> but it shouldn't
<JeevesMoss> nacc, thanks.  purging that old junk.   I'm trying to install GenieACS, and the maintainers script is a MESS
<nacc> JeevesMoss: good luck!
<oerheks> JeevesMoss, lots of new commands to handle mongodb, maybe this page is any help https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-mongodb-on-ubuntu-16-04
<oerheks> * services
<JeevesMoss> oerheks, looks like I got it.  time to reboot and see if it comes back up!
<CodeMouse92__> Ooooookay, not sure how syslog got to be nearly 2G, but I think it needs cleaning
<tomreyn> it probably says why in this very file ;)
<hashwagon> drab, I appreciate your help. I'm using preseed and for some reason it's booting using /boot/grub/grub.cfg.. I don't remember why since it's been months since I've set it up. Anyway, adding set timeout and set default resolved the issue.
<drab> hashwagon: ah, good to know, thanks for circling back
#ubuntu-server 2017-08-02
<cathode> hi
<Guest83465> Good morning
<cathode> i'm trying to force rename a network interface to a meaningful name but it's "not working" and i'm not sure how to look to see why it's not working
<cathode> https://www.punyal.com/2016/08/18/ubuntu-16-04-rename-a-network-interface/ <-- using this method
<cathode> ubuntu 17.04
<Guest83465> cathode: Read the last two sections of https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
<cathode> ok thanks
<cathode> after i add my own .link files, how do i apply them other than rebooting?
<lordievader> I suppose this should do the trick: https://unix.stackexchange.com/questions/39370/how-to-reload-udev-rules-without-reboot
<lordievader> Though I am not sure if udev will rename an existing device.
<cathode> holy crap it worked
<cathode> thanks
<cathode> i had to reboot
<cathode> but my network interfaces are correct now :D
<lordievader> Good to hear the problem is solved.
<ahasenack> smb: hi, I prepped https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1707400 for an SRU
<ubottu> Launchpad bug 1707400 in libvirt (Ubuntu Xenial) "libvirt-bin doesn't regenerate apparmor cache in postinst" [Medium,In progress]
<ahasenack> rbasak: I wonder if "interesting bugs this week" and their investigation would be good material for blog posts
<rbasak> ahasenack: +1
<smb> ahasenack, was that just for my info or was there something I was expected to do?
<ahasenack> smb: just fyi
<smb> ahasenack, ah good. :)
<might_get_loud> Hi all, im hosting a little PHP app on ubuntu server, and the app is in /home/$USER/app folder. I modified groups for $USER to be have www-data group, and www-data user to be part of $USER group. I also set up shared permisions on all files na folders to match users and groups with chmod g=u. But i cant access app, i have 500 internal server error. When i change owner of those files to www-data:www-data i can access app just fine. Anyone
<might_get_loud> have any idea?
<might_get_loud> Im using 16.04 and php 7.1
<smoser> nacc, given a git-ubuntu git repo, can i produce a .orig easily?
<nacc> smoser: yes, with a branch i have :)
<nacc> smoser: (which uses pristine-tar)
<ahasenack> doesn't  build-source produce one?
<smoser> that just happens to be more than i wannted
<ahasenack> ok
<nacc> ahasenack: well, build-source uses pull-lp-source in master
<ahasenack> what does pristine-tar do? tars everything but debian/ up?
<ahasenack> and calls it whatever version you have as the top most in d/changelog?
<nacc> ahasenack: well, we use pristine-tar to import things
<nacc> ahasenack: so it's actually taking in the tarball as in the archive
<smoser> nacc, link ?
<smoser> i assumed i'd 'pristine-tar checkout <tarball>' but it wants a branch named 'pristine-tar' which isnt there.
<nacc> smoser: one sec
<nacc> smoser: https://code.launchpad.net/~nacc/usd-importer/+git/usd-importer/+ref/lp1698402
<nacc> smoser: yeah, that's the issue for us, as we have both a debian and ubuntu pristine-tar branch
<nacc> smoser: the above branch abstracts that out
<smoser>  nacc hm.. i dont see how you tell pristine-tar which is the branch to look at
<smoser> http://paste.ubuntu.com/25227663/
<mdeslaur> nacc: I am going to disable http2 support in apache2 so it can get out of -proposed
<nacc> mdeslaur: ok
<nacc> smoser: don't use gbp
<nacc> smoser: it won't work with our repository
<nacc> smoser: otp, give me a bit
<smoser> i was looking at your code
<smoser> and thats what it seemed to do
<smoser> also invoking pristine-tar basically does the same thing
<nacc> smoser: we use gbp to import it and then reproduce the pristine-tar
<Apocope>  I have a server I updated from 12.04 to 14.04 using do-release-upgrade. Now cups won't see groups from ldap. How can I sort this out?
<ahasenack> Apocope: were you using libnss-ldap?
<ahasenack> or was cups contacting the ldap server directly
<nacc> smoser: https://git.launchpad.net/~nacc/usd-importer/commit/?id=a87d89645f0cac3bddf58eb77d567f3999e16de3
<smoser> oh thats sick
<smoser> you should fix pristine-tar
<smoser> to take a branch
<Apocope> ahasenack: Yes, libnss-ldapd, configured via puppet. Oddly, I have a server that was installed as 14.04, same puppet stuff and it works properly.
<nacc> smoser: yeah, i think we have a bug for that somewhere
<ahasenack> Apocope: if relying on libnss-ldap, you can use getent passwd <user> to test ldap, where <user> exists in ldap only
<ahasenack> (or libnss-ldapd, I assume it's the same idea: a new nss module in /etc/nsswitch.conf for the "passwd:" line)
<smoser> nacc, https://bugs.launchpad.net/ubuntu/+source/pristine-tar/+bug/1708214
<ubottu> Launchpad bug 1708214 in pristine-tar (Ubuntu) "support using branches with name other than 'pristine-tar'" [Undecided,New]
<smoser> i just opened. didn't see an ubuntu bug at least.
<Apocope> ahasenack: That works fine. My regular account is from ldap, I can log in, run sudo, all that stuff. Just, as far as I know, CUPS isn't seeing it. /etc/nsswitch.conf is identical between the working and the non-working server.
<nacc> smoser: thanks
<smoser> probaly https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=467300
<ubottu> Debian bug 467300 in pristine-tar "Please allow several pristine-tars in the same repository" [Wishlist,Open]
<ahasenack> Apocope: does your ldap server allow anonymous binds/searches, or does it need a password?
<ahasenack> Apocope: in other words, do you have a password stored somewhere in /etc for libnss-ldap(d) to contact the directory?
<Apocope> ahasenack: No anonymous binds.
<ahasenack> Apocope: so a password is needed. Can cups read that file with the password? I forget what it is, something in /etc/ldap/ probably
<nacc> smoser: also, we needed something works (well, where we are now) in 16.04, which wouldn't be able to depend on pristine-tar (or gbp in this case) taking a branch
<nacc> smoser: note that we can't use pristine-tar directly anyways
<nacc> smoser: because of component tarballs :)
<docmur> Hey guys, I'm trying to get dropbear initramfs to work so I can decrypt my VM via SSH during boot, however no matter what guide I follow I always get an error about authorization_key file now having valid SSH keys
<Apocope> ahasenack: Are you sure that cups need to be able to read that file? The system has knowledge of group info from ldap. If I run 'getent group systemadmin' I get a reasonable response. I tried setting slapd.conf to be world readable, but it didn't do anything different.
<ahasenack> Apocope: when you run getent group <name>, libnss-ldapd will contact the directory to search for <name>. You said that anonymous binds/searches are not allowed, so libnss-ldap needs credentials, right?
<ahasenack> maybe I misunderstood
<ahasenack> it wouldn't be rootpw from slapd.conf, though
<Apocope> ahasenack: Yes, you're right, but ldap accounts in general are working. My account information is stored in ldap, I can log in, my groups, from ldap show up.
<ahasenack> Apocope: and what errors show up in the cups logs?
<ahasenack> and, is cups running in a chroot perhaps?
<Apocope> ahasenack: No chroot. "cupsd: Unknown SystemGroup "systemadmin" on line 17 of /etc/cups/cups-files.conf." "cupsd: Unable to read "/etc/cups/cups-files.conf" due to errors."
<ahasenack> Apocope: cups runs as the "lp" user, right?
<smoser> docmur, that sounds interesting. it might be easier for you to test outside of an initramfs. i dont have any specific hints though.
<ahasenack> well, one of its processes
<smoser> i do know that cirros runs dropbear from initramfs so theres nothing specifically magic there.
<ahasenack> Apocope: and you can "getent group systemadmin" as root?
<docmur> smoser, okay, any recommendations?  I have got Dropbear to work on 14.04 (I think)
<Apocope> ahasenack: cupsd seems to be running as root. 'getent group systemadmin' gives reasonable looking group information.
<ahasenack> getent run as root?
<Apocope> ahasenack: Yes
<smoser> docmur, this is the first time i've ever looked at it in ubuntu. i notice there is a
<smoser>  dropbear-initramfs
<smoser> which i'm guessing is what you're trying to use.
<docmur> Wow, I should run the search
<docmur> Let me try that package :)
<ahasenack> Apocope: are there apparmor errors in the output of dmesg? something with DENIED?
<Error404NotFound> Is there a super lightweight, may be single file, proxy server that I can use to forward domains to ports? I have few http servers running on 8080, 8081, 8082, and I'd rather have them access as abc.com, def.com. I don't want full blown nginx for just name->port.
<ahasenack> Error404NotFound: are the multiple domains on the same ip, or different ips?
<Error404NotFound> I could use different ips, say: 127.0.0.1:8080, 127.0.0.2:8081
<Apocope> ahasenack: Oh, yes. "type=1400 audit(1501695210.403:183): apparmor="DENIED" operation="connect" profile="/usr/sbin/cupsd" name="/run/nslcd/socket" pid=17838 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0"
<ahasenack> is that socket from libnss-ldapd?
<ahasenack> or what is it
<ahasenack> Error404NotFound: no, I meant, if the domains mapped to different ips in dns, I was going to suggest the most lightweight of all redirects: iptables :)
<Apocope> ahasenack: nslcd is the local LDAP name service daemon. That seems important.
<ahasenack> Apocope: it does. And what about the other machine where it works?
<nacc> smoser: ok, off the phone now -- we don't currently provide an interface to the APIs to extract the tarballs. If you are interested in that (e.g., git ubuntu export-orig <upstream version>), file a feature request, please :)
<Error404NotFound> ahasenack nah, they're all running locally, no dns involved.
<Apocope> ahasenack: I'm seeing that same log, except it says ALLOWED instead of denied.
<ahasenack> Apocope: this was an upgrade from which ubuntu release again?
<ahasenack> trusty to xenial? Or what?
<Apocope> ahasenack: 12.04 -> 14.04
<ahasenack> Apocope: try this command as root, and then restart cups(d): apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.cupsd
<ahasenack> that will reload the apparmor profile but ignore any existing cache, and write a new cache out
<ahasenack> then the same for /etc/apparmor.d/usr.sbin.cups-browsed (just because it's about cups too)
<nacc> smoser: question re: the intent of the open-iscsi test. It's checking to see if iscsid can be started. But we've updated the systemd unit to not start unless configured. That test seems (now) to simply be invalid, should I just delete it?
<Apocope> ahasenack: I just tried copying the /etc/apparmor.d/usr.sbin.cupsd file from the working server to the non-working server, restarted apparmor and cups works now. I'm just going to call that good. Thanks for your help.
<ahasenack> Apocope: I think you could have a stale apaprmor cache file, I've seen that in another bug I just recently worked on, and it happened because of a release-upgrade too
<ahasenack> Apocope: when you copied the file, you changed its timestamp to be $now, i.e., more recent than the cache, so apparmor grabbed that file instead of the cache
<ahasenack> that bug drove me nuts for a bit because the apparmor profile was correct, yet I was still getting DENIED errors
<ahasenack> Apocope: fwiw, apparmor cache files are in /etc/apparmor.d/cache
<ahasenack> cool that it works now :)
<Apocope> ahasenack: You're probably right about that. I'm comparing the files, and the only difference is that there's a flags=(complain) in one that's not in the other. Thanks so much.
<ahasenack> I'll drink some coffee to that :)
<smoser> nacc, pollinate is behind the archive in trusty-proposed
<smoser> its in gitubuntu/import-cron-packages.txt
<smoser> should i just import?
<nacc> smoser: it's a bit racy right now, it depends on when the bot was running (i can give more detail) -- let me check one thing
<smoser> i can just run import and let it do its thing too
<nacc> smoser: go ahead, i need to fix something with the snap
<smoser> i'm also currently importing dropbear
<smoser> as i wanted to look at source per the question above and can't possibly imagine doing that any other way
<docmur> I found this guide: https://hamy.io/blog/remote-unlocking-of-luks-encrypted-root-in-ubuntu-debian/ and it's works great :), if anyone needs to remotely decrypt a VM
<nacc> smoser: the source in a particular release?
<nacc> smoser: if you do import dropbear, can you also add it to the auto-import list? (a MP for it is fine)
<ahasenack> nacc: in git ubuntu submit, what's the syntax for --target-branch? Something like "ubuntu/xenial-devel"?
<nacc> ahasenack: yeah, that should be right (the bit after refs/heads/ basically)
<ahasenack> nacc: ok
<sarnold> hallyn: hello :) does https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 need a CVE?
<sarnold> hallyn: (asking due to https://bugs.launchpad.net/bugs/1266675 )
<ubottu> Launchpad bug 1266675 in shadow (Ubuntu) "newusers error adding more than one user" [Undecided,Confirmed]
<ahasenack> powersj: rbasak: nacc: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase#Merge_Proposals_and_Reviewing
<ahasenack> I'll email too, so cpaelzer has something to read when he is back ;)
<rbasak> Thanks!
<hallyn> sarnold: i didn't think so, as i don't think it's exploitable, and isn't used by anything suid-root,
<hallyn> sarnold: but i could be wrong, so if you feel it deserves one then by all means...
<sarnold> hallyn: that was my initial impression but then I got to wondering if terrible tools like webmin or similar might assume the functionality works and perhaps allow someone to get more privileges than expected by "add a user" front end..
<hallyn> sarnold: sounds like issuing a cve is the prudent thing to do then
<sarnold> hallyn: alright, I'll take care of the paperwork. thanks.
<ahasenack> nacc: where did you have the manpage tricks documented again, for the git-ubuntu snap?
<ahasenack> or is that not needed anymore?
<nacc> ahasenack: it's in the bug, one sec
<nacc> ahasenack: LP: #1699526
<ubottu> Launchpad bug 1699526 in usd-importer "Extra steps needed to enable manpages in snap" [Low,Triaged] https://launchpad.net/bugs/1699526
<teward> i forsee one issue with nginx and the merges.
<teward> ubuntu is ahead of Debian :p
<teward> and there's an official divergence because they're tracking mainline and we're tracking stable... so...
<teward> it's also out of date lol
<nacc> teward: is that referring to the git-ubuntu tooling?
<teward> (on the list of repos)
<teward> nacc: yep
<nacc> teward: nginx is a bit odd in that regard, an "Ubuntu merge" is always (at least otherwise in my experience) relative to the Debian version
<nacc> teward: not strictly required, of course
<nacc> teward: i think you could do it, you just need to tell `git ubuntu merge` what the new onto should be (presumably it's an upstream ref)
<nacc> teward: but it probably will fail because it won't find debian/changelog there
<nacc> teward: it sounds like less of a merge and more of a uupdate
<teward> nacc: that's *usually* what ends up being the case with nginx
<teward> with a merge every so often if there's major packaging changes, but those're easy to nitpick wrt git
<nacc> teward: ack -- it almost certainly will need some love, feel free to file a bug (https://bugs.launchpad.net/usd-importer/+filebug) if you have a specific flow we can't support (with a testcase, ideally, but we can figure that out later)
<teward> nacc: usually though there's not much difference in packaging, that's why i've not used a Git workflow yet for nginx merges and instead did the 'old school' way - that *may* be one of the very few packages where all that needs done manually...
<teward> but hey i'm used to it :p
<nacc> teward: sure, if you've got a workflow that works for you, no need to even use our tooling :)
<teward> indeed.
<nacc> teward: it will happily follow the archive for now
<SuperLag> Is there something I can do for configuration, to not keep so many old kernels in /boot?
<nacc> SuperLag: i think unattended-upgrades can autoremove if you turn it on
<SuperLag> nacc: I have unattended-upgrades turned on, I'm guessing it requires more configuration beyond that.
<nacc> SuperLag: yeah, there's a commented out line int he default config, iirc Unattended-Upgrade::Remove-Unused-Dependencies "true";
<hashwagon> Why would my ubuntu server 16.04 system not show a usb drive with lsblk -f, but shows the devices with lsusb? If I unplug it and back in it'll show up, but I can't do that with remote systems.
<nacc> rbasak: please take a look at my last comment in https://code.launchpad.net/~powersj/ubuntu/+source/logcheck/+git/logcheck/+merge/327810
<powersj> nacc: thank you for the reviews! Are you using git ubuntu lint from master?
<powersj> if so I'll make sure to use it from here on out
<nacc> powersj: just pushing out another fix for it (that is related to the last review) and yes
<nacc> powersj: the snap should be refreshing shortly
<powersj> ok thanks
<powersj> sweet
<powersj> hopefully will speed this turn around time
<powersj> word failure... but yes speed things up
<nacc> yeah, and i'm hoping to instatiate the review bot soonish too (at least for our team)
<nacc> which will make this all a bit more automatic
<powersj> sweet
<nacc> smoser: sorry if i missed it, but did you have any feedback on the potential change to test_daemon for src:open-iscsi?
<RoyK> hashwagon: perhaps with a scsi host rescan? usb shows up like scsi devices and I beleive they are treated that way at these layers too https://blogs.it.ox.ac.uk/oxcloud/2013/03/25/rescanning-your-scsi-bus-to-see-new-storage/
<nacc> smoser: my current thinking is we should disable that test altogether with the new systemd unit
<peterrus> I have an install with a root filesystem in lvm, and for some reason every time I boot I get dropped to the recovery shell, then if I run 'mount -a' and then exit my system boots normally
<peterrus> any pointers on what could go wrong?
<drab> just a guess, but the uuid of the fs in the initrd/fstab might be wrong
<drab> so when initrd boots up and wants to load / (which also contains your fstab), it fails
<drab> if you mount -a (ie mount everything), then / appears
<peterrus> drab: any way to find out which uuid the initrd is expecting?
<drab> however thinking aloud, that doesn't quite make sense since fstab would still not be available by the time that mount -a happens
<drab> but I'd still poke in that direction
<peterrus> drab: you might be right :p
<drab> peterrus: blkid
<drab> that will tell you the uuid of all the disks
<drab> I'd start byu checking that the output of that matches what's in your fstab
<drab> and then you may want to run sudo update-initramfs
<drab> (assuming it matches)
<drab> and see if that helps at all
<peterrus> drab: its using /dev/mapper/ubuntu--vg-root
<drab> oh right, lvm, so not a uuid in fstab
<drab> peterrus: when you get dropped in the shalel, have you tried any of the lvm commands?
<drab> to see what's available lvm wise at that point?
<drab> and also look at some logs
<drab> also what ubuntu version are you running? I'm seeing some bugs for lvm2 that showed up with the same symptoms you described
<drab> peterrus: this seems to be relevant: https://askubuntu.com/questions/567730/gave-up-waiting-for-root-device-ubuntu-vg-root-doesnt-exist
<drab> do you get the same error?
<peterrus> drab: appearently I had to fsck my /boot/efi partition :p
<peterrus> its all fixed now
<peterrus> thanks for pointing me in the right direction though !
<peterrus> I have been living like this for a year now :p
<noft> is microcode firmware for Intel CPUs useful on linux OS ? any advantage/dis. ?
<sarnold> noft: the microcode updates can fix bugs that otherwise can kill systems dead -- see the hyperthread mentions on https://launchpad.net/ubuntu/+source/intel-microcode/+changelog
<sarnold> noft: previous microcode updates have disabled known-buggy transactional memory handling extensions that lead to buggy locking primitives
<sarnold> noft: normally intel doesn't document _anything_ though. you just don't know what gets fixed and what doesn't get fixed.
<noft> sarnold: saw a link that you gave me...btw nothing to worry much about, sandy architecture in my case
<noft> sarnold: it looks like 'must have' for newer cpu, skylake/kaby
<noft> lot of bugfixing
<sarnold> noft: the trouble is that you'll never know what it fixes for your CPU except in exceptionally rare circumstances :(
<noft> sarnold: you there?
<sarnold> yeah
<noft> found this
<noft> You already have proprietary microcode running inside your CPU, this package just provides an update
<noft>    for it. It's not a non-free "driver", as it really has nothing to do with your system at all - it gets
<noft>    loaded by the kernel at boot time, sent to the CPU, updated in the EEPROM block on the CPU and then
<noft>    left alone, never to be used in a meaningful way again
<noft> microcode updates are usually issued to fix errata in the CPU's
<noft>    design, which can be anything ranging from lockups to crashes to silent data corruption
<noft> I think it's good idea to get it
<sarnold> both those descriptions sound fair, except for the 'never to be used in a meaningful way again' -- since it's the software that controls how the CPU is implemented..
<noft> oh i get it
<noft> so for a permanent update I should update BIOS ?
<sarnold> that'd accomplish about the same thing but runs the risk of giving you motherboard problems (there's always some risk there..)
<noft> ...well it still depends if manufacturer included updated microcode into bios update
<noft> correct me if i'm wrong
<sarnold> right; and they may or they may not. bios people are almost as bad as intel in telling you what they fix :(
<noft> true
<noft> btw nvm, it's not like I'm running server on this machine or anything that I care, like science researches etc
<sarnold> still you want a stable computer :)
<nacc> rbasak: sigh, libvirt may break our versioning checks :)
<noft> right but until now I didn't expect anything strange
<nacc> rbasak: in trusty-security/updates: 1.2.2-0ubuntu13.1.16/1.2.2-0ubuntu13.1.20
<noft> as I said, it's nice to see changelogs...from those I saw that newer CPUs are likely to need those the most
<sarnold> older cpus have probably already had their updates, and might have been simpler machines too :)
<rbasak> nacc: is there a particular reason libvirt does it that way? I'd rather we be consistent across all packages. Though things like the kernel and HWE packages will always be an exception I expect.
<nacc> rbasak: no idea :)
<nacc> rbasak: a good question for smb or cpaelzer
<rbasak> nacc: and in the meantime, I think it's fine for lint to continue pointing it out to libvirt uploaders :)
<nacc> rbasak: yep
<rbasak> nacc: time for gulint overrides? :-P
<nacc> rbasak: heh
#ubuntu-server 2017-08-03
<Faux-Pa> Is anyone actually active here?
<Faux-Pa> I know that IRC can be hit-or-miss at times, but I'm only asking because I need some help.
<Faux-Pa> Hello? Anyone?
<lordievader> Good morning
<smoser> nacc, i added dropbear to the list and pushed.
<hosas> I know this sounds dump, but how do I execute this command the instructions says: `CTL+B, C` to open a new tmux window
<sdeziel> hosas: 1) start tmux, 2) create new tmux windows by pressing the key combo Ctrl+B then C
<sdeziel> hosas: you should then notice the multiple windows listed at bottom of the tmux session
<hosas> sdeziel: thanks- I it meant on same window. thanks again
<hosas> sdeziel: please be patient with me: is it Ctrl +B+C  or Ctrl +B then followed by Ctrl+C
<sdeziel> hosas: yes, it's in the same window. tmux is a terminal multiplexor so it's by design :)
<hosas> because Ctrl +C is exiting the app as expected but not what I want
<sdeziel> hosas: it's Ctrl+B, then C (those are all lowercase in fact)
<drab> it's not ctrl-c, it's ctrl-b then precc c
<drab> press*
<drab> no shft, they are not intended to be uppercase
<drab> it's a keystroke-chain
<drab> ctrl-b enters "command mode", like ":" enters command mode in vim
<hosas> okay mahn
<drab> then "c" is "new window" command ("create")
<spm_draget> I am unable to find 'mod_privileges' for apache on ubuntu 16.04. Could it be that it is not shipped with apache nor in the repository?
<drab> hosas: https://gist.github.com/afair/3489752
<drab> I have that printed next to my monitor, always comes handy, especially in the early period of tmux
<hosas> drab: I got it thanks a thousand times
<hosas> it works
<drab> just pass the favor on, that's the real thank you
<hosas> drab: :) okay
<nacc> spm_draget: https://httpd.apache.org/docs/trunk/mod/mod_privileges.html implies it's a solaris thing?
<nacc> spm_draget: i don't know much about it, but i do see in 17.10 it's in the documentation of apache2, which means it might be bundled with the main binary package (not its own module package)
<hashwagon> I'm needing to place a one-time script to run at system boot and delete itself after. Where is the best place to put this? A cron can't delete itself right?
<genii> hashwagon: A shell script can delete itself
<hashwagon> Best practice would be to place it in /etc/init.d/ for ubuntu 16.04?
<genii> hashwagon: Just put one that does whatever in rc.local, have it remove the reference to itself in that file after, then rm itself
<hashwagon> Thanks for the suggestion, I'll give it a go.
<Poster> I do something like that on disk images, it's something to the effect of
<Poster> if [ -x /usr/local/bin/firstboot ] ; then /usr/local/bin/firstboot ; rm -f /usr/local/bin/firstboot ; fi
<Poster> if the file is present and executable, it will run, if it is not (missing or not executable) it will not run
<teward> jgrimm: alive?
<nacc> rbasak: do you think you're going to get the pristine-tar branch MP comments to me today? or should i pivot to other things?
<nacc> rbasak: also, do you recall what was needed to adjust in https://code.launchpad.net/~racb/usd-importer/+git/usd-importer/+merge/324476 ?
<nacc> powersj: thanks for the MP updates
<nacc> powersj: i think, if you haven't already, you can move the trello card back to review
<powersj> nacc: will do, and thank you for the reviews :)
<jge> hey all, good afternoon. I have this strange problem where I have a user trying to synchronize a repo remotely from an Ubuntu laptop. He's connecting to a VPN, then issuing a synchronize repo command, but seeing:  ssh_exchange_identification: read: Connection reset by peer
<nacc> jge: i'd check the ssh server's logs
<jge> when he VPNs through a separate appliance we have, he doesnt see that problem
<jge> I'm thinking some firewall filter, or something in between resetting his connection
<jge> he's connecting to the same server though
<nacc> jge: not sure (brb)
<drab> jge: msot likely something on the path, yeah, can you describe the vpn end point and the two different paths to the repo?
<drab> if he sees a connection reset right away, ie not a timeout, then it's most likely a firewall sending an explicit RST
<drab> maybe something that is not expecting traffic to the repo from that ip/vpn
<drab> (generally vpns are on a different net)
<jge> hey drab, the vpn end point is an ubuntu laptop, when he connects through one of my vpn servers, he reaches the repo just fine, if he connects to another vpn server, he connects fine but after he starts to synchronize his repos, the connection gets reset
<jge> same server, different vpn servers
<jge> (same repo server that is)
<drab> both vpn servers have interfaces on the same network as the repo?
<drab> one vpn server, the one that works, is an appliance or something Vs the one that doesn't is ubuntu with openvpn ?
<jge> drab: they are Palo Alto appliances, I'm checking to see if they both have interfaces on the same network
<drab> in other words, what I'm looking to find out is if both vpn servers will talk directly to the repo or not
<drab> so the path in both cases is laptop -> vpn -> repo server
<jge> got it, let me find out
<jge> jss
<jge> drab: so yeah, user traverses many other hops when he connects to the vpn server that we are seeing this problem
<jge> he goes from firewall - switch - router - router - switch - server
<jge> on the other vpn that works, he goes from firewall - switch - server
<drab> jge: ok so that's a pretty strong clue
<drab> jge: I'd confirm the clue in two ways: 1) do what nacc already suggested, do yuo see any logs in syslog on the repo server for ssh? you should see an attempt to auth at the very least 2) tcpdump on the repo host, do you see ssh traffic at all from the laptop?
<drab> if you don't then you'll have confirmed that the problem is on another node on the path
<drab> is the switch is a dumb L2 switch, that's out of the picture. if it's a L3, routing might be an sisue there too
<drab> tcpdump on intermediate nodes would again tell you where the pkt stops
<jge> drab: agree, but the problem seems to happen after he authenticates fine to repo server, and starts synchronizing
<rbasak> nacc: it's going to take me somewhat longer I think. I expect tomorrow.
<drab> jge: is the auth through ssh?
<jge> yep, and ssh keys
<rbasak> nacc: details of the adjustments we agreed in the Trello card.
<jge> and authenticates fine
<drab> jge: can he ssh to the repo server?
<drab> like get a shell
<drab> or can he scp?
<jge> yep
<drab> what repo are we talking about, git?
<jge> when he syncs, it starts to synchronize and somewhere after it resets
<jge> gerrit server
<drab> does the sync operation do something different than the auth in terms of port used? or is it always just a tunnel?
<drab> and you confirm he can scp, yes? like a large file, 10MB or so (how much does he need to sync btw?)
<jge> drab: he uses the same exact command to synchronize, hitting the same server
<jge> i haven't confirmed large file transfers though, just ssh login
<DammitJim> on Ubuntu 16.04 LTS, if I install Tomcat8, why does it not set a tomcat8.service file to use with systemd, but instead it still uses /etc/init.d/tomcat8?
<drab> jge: if he can ssh and can auth, I'd check for larger file transfer with scp and see if that works
<drab> I'd also run tcpdump on the repo server while he tries to sync
<drab> to see if it's that machine that actualyl sends the RST
<drab> and look at the auth.log to see if ssh is indeed terminating the connection
<drab> jge: or if it's being dropped on the path
<drab> jge: the fact that it works on a simple path with vpn directly talking to the server and not the other to me suggests something on traffic type that gets dropped
<drab> jge: another question is, do the 2 vpn servers serve the same vpn subnet?
<drab> altho if the ssh traffic goes through there shouldn't really be any reason why the sync traffic gets routed differently
<drab> jge: so I'd test with scp and maybe netcat with a large file transfer (or http if you have a webserver running and can drop a file on it)
<drab> just make a random file with dd
<jge> drab: will do, to answer your previous question, yes, the two vpn servers serve a different subnet
<nacc> rbasak: np, thanks and i'll check the trello card
<nacc> rbasak: was the A/B testing the idea that we'd keep the old implementation around and assert for some time that they produced the same results?
<rbasak> nacc: right
<rbasak> nacc: bad choice of words, sorry.
<nacc> rbasak: ok, will Tests be covered by your spike?
<nacc> rbasak: and not sure on the last one -- to be honest, i think we can drop that special case, I think it was only necessary in an older version of the code, I'm testing now without it
<drab> Dasoren[m]: not everything has been migrated to systemd ime
<drab> nm, damnitjim no more
<rbasak> nacc: I suppose the tests would be for checking the output of parsing known changelog files.
<rbasak> nacc: I can add that to my spike though it's a separate piece really, as the code should already be isolated enough to be testable when the changelog parsing branch lands.
<nacc> rbasak: yeah, that's true -- where/how do you want me to store 'known' changelog files?
<rbasak> nacc: I think we should check minimal changelogs into the tree. I'm not sure about wholesale ones though.
<nacc> rbasak: in a tests/ directory or something? what's the pythonic standard for that?
<rbasak> nacc: I'm not aware of a standard. How about tests/changelogs at the top level as a start?
<nacc> rbasak: +1
<nacc> rbasak: may be totally off-base, but here's a first run at adding some tests. I had to change our Changelog class to allow to get the contents from a file (as well as from a treeish in a repo). But it does pass here (with the version from your branch, rebased and fixed): http://paste.ubuntu.com/25236260/
<nacc> rbasak: do you think it's worth trying to add unit tests to the code we have now, in order to verify if our changes are good? I started down that path and it would take quite a bit of refactoring, I think
<rbasak> nacc: for the changelog parsing, or generally? For the former, I think we should perhaps start with just a couple to test the parsing, that's all. Do you think that would still need significant refactoring?
#ubuntu-server 2017-08-04
<nacc> rbasak: the former, yes
<nacc> rbasak: i think i'd need to do some refactoring, but actually, if you're ok with me pulling the parsing to its own module, i think it will make the changes pretty straightforward
<nacc> rbasak: basically, the issue right now is you need a repo object to parse under
<rbasak> nacc: making it more module and testable makes sense. I think it's fine to be in its own module then.
<rbasak> nacc: or at least outside the class but in the same module?
<nacc> rbasak: but I think i can abstract all of that out to gitubuntu/changelog.py and just put tests there (before your series), then your series is just changing that class
<nacc> rbasak: yeah, maybe the latter is sufficient
<nacc> rbasak: just out of GitUbuntuRepository
<rbasak> nacc: in general I imagine we'll be moving plenty of stuff outside classes in order to make them more easily testable.
<nacc> rbasak: sounds like a plan, thanks! i'll work on that tmrw
<nacc> rbasak: ack
<nacc> rbasak: basically, first commit will create a Changelog class (without using debian's changelog class) and just move our functionality into there, ideally with no changes -- then yours comes in and reworks that class
<lordievader> Good morning
<Genk1> Hello All I have an annoying problem after I replaced my current Thawte certificate with the new letsencrypt free ssl certificate
<Genk1> in fact https://www.ssllabs.com/  still show me that there are 2 kinds of certificates a valid one which from  letsecnrypt and the expired one from Thawte
<Genk1> How can I fix this please ?
<tomreyn> Genk1more details needed
<tomreyn> ssllabs.com server test will in no situation report two sercer certificates in use in a single report
<Genk1> tomreyn: I am running an ubuntu server 16.04 with apache, I have verified that there are only one vhost
<Genk1> tomreyn: in fact he showed me two certificates
<tomreyn> that is unless you have those setrver certificates in the ssl trust chain
<tomreyn> post the output on pastebin, replace anything you do not feel comfortable sharing
<tomreyn> you can produce plain text output using  https://github.com/ssllabs/ssllabs-scan
<Genk1> tomreyn: OK
<Genk1> tomreyn: Ok thanks
<Genk1> but normally those kind of issues is related to the webserver right ? or maybe it's a caching issue ?
<tomreyn> yes it's a configuration issue, not a caching issue
<Genk1> tomreyn: but I only have two ssl directive pointing to letsecrypt path file
<Genk1> how it can be possible, I have only vhost and it's in front of me ?
<Genk1> I don't see any information about thawte
<tomreyn> Genk1: i could not tell, and do not know your server configuration. run "sudo apache2ctl -t -D DUMP_VHOSTS" to check what you have.
<Genk1> I have done this before don't worry I know what I am saying :)
<Genk1> tomreyn: I am sure the issue is not on the server side
<Genk1> because some clients can access the new certificate and some others cannot
<tomreyn> sudo rgrep -Ei 'SSL(CA)?Certificate' /etc/apache2/
<Genk1> it's clearly a caching issue
<tomreyn> do you have a proxy in front then?
<nav-> indeed, sounds like a caching issue
<nav-> for the ones it's not working, try it in an incognito tab
<tomreyn> ssl content should never be cached, this would be a configuration issue
<Genk1> tomreyn: it shows this
<Genk1> 	SSLCertificateFile	/etc/letsencrypt/live/*/fullchain.pem
<Genk1>    SSLCertificateKeyFile /etc/letsencrypt/live/*/privkey.pem
<Genk1> the other directives are commented
<Genk1> nav-:
<tomreyn> <tomreyn> do you have a proxy in front then?
<Genk1> ok thanks
<Genk1> tomreyn: no no it's a simple webserver that I have hosted myself in OVH
<Genk1> tomreyn: I did an installation from scratch
<tomreyn> okay so it can only be browser caching then indeed.
<tomreyn> i always thought it was wrong they introduced that
<Genk1> tomreyn: voila
<tomreyn> or it's client side proxies, which would be even worse
<necrophcodr> I'm trying to remove old 3.13 kernels and stuff on my 14.04 installation, however aptitude keeps pulling them back
<necrophcodr> Is there any way I can avoid this?
<lordievader> Check out the reason why aptitude is pulling them back in.
<lordievader> Could you provide some console output? Of removing the (old) kernel and updating, or something.
<necrophcodr> lordievader: i've removed all the packages
<necrophcodr> `aptitude remove -yq $(aptitude search --disable-columns '~i^linux-' -F '%p'|awk '/3.(11|13|16|19).0/') >/dev/null`
<necrophcodr> Afterwards, running `aptitude install` pulls the header files back in
<necrophcodr> I'm not sure how to check why it's pulling them back in, i wouldn't ask here otherwise.
<lordievader> Could you show the 'apt-get update' output after removing them?
<necrophcodr> update? you don't mean upgrade?
<lordievader> Erm, yes. 'apt-get upgrade'*
<necrophcodr> http://paste.ubuntu.com/25239340/
<necrophcodr> apt-get isn't as strict as aptitude though.
<lordievader> So it seems, apt tells that it doesn't see a reason to keep those packages around.
<necrophcodr> those are different packages
<necrophcodr> not the 3.13 ones
<necrophcodr> it doesn't pull in new packages. but we're using aptitude.
<lordievader> What is the output of 'apt-cache rdepends linux-header-3.13.0-X' (correct the version)
<necrophcodr> lordievader: i did that, and some more:
<necrophcodr> http://paste.ubuntu.com/25239357/
<necrophcodr> but i think the issue might be that linux-libc-dev is of version 3.13
<necrophcodr> hmm..no, there doesn't seem to be a direct corelation
<lordievader> Could be, but I would expect libc-dev to have a dependency on a header package. Though it could depend on the meta package of the linux-headers.
<necrophcodr> it depends on linux-kernel-headers
<necrophcodr> or rather, it provides that
<lordievader> What happens when those headers are removed along with the rdepends? Just to see if apt handles this differently from aptitude, does apt also want to reinstall them?
<necrophcodr> i don't have them installed at all
<necrophcodr> not the rdepends either
<necrophcodr> i removed them as stated earlier, and apt doesn't want to install them
<necrophcodr> aptitude does, but it handles things differently.
<lordievader> But aptitude does?
<necrophcodr> yes
<lordievader> Strange.
<lordievader> There is not some package among the install list which could pull in the rest as a dependency?
<necrophcodr> I'm not sure, how do I verify this?
<lordievader> Well, I suppose you get a confirmation when running 'aptitude install' (I must admit, I rarely use aptitude).
<necrophcodr> oh that
<necrophcodr> no, not as far as i can tell
<necrophcodr> no packages are scheduled for upgrading, and there's a few packages being removed.
<necrophcodr> i can deal with using apt-get for the rest of time, but i'd prefer to use aptitude, as i've heard it should handle dependencies and such more strictly.
<lordievader> I thought I read a document somewhere where they recommended Debian users to use apt-get over aptitude.
<necrophcodr> lordievader: yep, that was especially for upgrading, since it didn't care that not everything was super in order
<lordievader> I see. Still, stricter rules should not install packages which are not needed, I'd say.
<lordievader> In the man page I read of a 'why/why-not' command, it says 'explains the reason that a particular package should or cannot be installed on the system'.
<lordievader> That may explain why it wants to install header files.
<necrophcodr> lordievader: it doesn't really expain anything unfortunately :/
<necrophcodr> http://paste.ubuntu.com/25239552/
<necrophcodr> The thing is that aptitude doesn't automatically install suggested packages.
<lordievader> Hmm, none of those suggested packages are installed?
<necrophcodr> lordievader: nope, not a single one
<lordievader> Then I really don't understand why aptitude wants to install it -.-
<necrophcodr> lordievader: that's my predicament. i don't understand it either.
<lordievader> I don't really want  to say 'use apt-get' but that seems about the sanest option right now.
<necrophcodr> lordievader: i'll evaluate further options, but you might be right
<necrophcodr> thanks for your help though!
<lordievader> No problem ;)
<genk1> tomreyn: how to deal with such problems
<genk1> https://www.ssllabs.com/ssltest/analyze.html?d=www.myniu.fr&latest
<genk1> 2 certificates in the same time
<mdeslaur> nacc: hi! I'm looking at php security updates....is there a round of 7.0 updates being worked on for xenial/zesty?
<ahasenack> hi, a packaging question
<ahasenack> if I have a package that installs a script in /etc/update-motd.d/
<ahasenack> because it's in /etc, it's considered configuration
<ahasenack> and not removed via "apt remove", just "apt purge"
<ahasenack> but it's a script, not a config file, and it's run on login. It might need the package installed in order to work properly
<ahasenack> how is this usually sorted?
<genk1> tomreyn: I fixed the issue
<genk1> the problem was related to apache, some process child was still running and have the old configuration
<genk1> service apache2 restart and even service apache2 stop didn't stop apache really
<genk1> I needed to do a killall
<genk1> after that everything was working just fine
<genk1> thank you all
<sdeziel> ahasenack: update-notifier-common drops snippets in /etc/update-motd.d where they do "[ -x /usr/lib/... ] && exec /usr/lib/..." and presumably removing the package removes the /usr/lib/... file
<ahasenack> so the file in /etc remains, but does nothing
<ahasenack> this one calls out to a snap, I'm not sure I should hardcode the snap bin path
<ahasenack> with the -x check
<ahasenack> but I can find another way
<sdeziel> ahasenack: that would be my assumption but the update-notifier-common package was the one example I could fine
<ahasenack> ok, thanks
<nacc> mdeslaur: i noticed that debian had moved up, I can do that early next week (bump to 7.0.20)
<mdeslaur> hrm, I need 7.0.22
<nacc> mdeslaur: let me check debian again
<nacc> mdeslaur: oh nm! 7.0.22 indeed
<nacc> mdeslaur: should be a straightforward update on my end. Do you want me to send the stuff your way so it goes security -> updates?
<mdeslaur> yeah, stick it somewhere and I'll build it as a security update
<nacc> mdeslaur: and just so i actually remember this time, you want it in the security pocket "before" the updates pocket? Or is that less relevant? (I recall you having to do two pocket copies for a prior upload)
<mdeslaur> we have two options: 1- we sru it into -updates and then I rebuild it in -security a week later, or 2- I build it as a security update, and release it to -security
<mdeslaur> if the update is straightforward without any big packaging changes, I can push it as a security update directly
<mdeslaur> ie: no dependency changes, etc.
<mdeslaur> nacc: show me the package once you've worked on it and I'll see if it can directly be released as a security update
<nacc> mdeslaur: yeah, i expect no packaging changes, based upon prior uploads, but i'll let you know
<mdeslaur> ok, thanks
<rbasak> nacc: style file pushed.
<rbasak> I added some more items while I was thinking of them. Feel free to dispute :)
<nacc> rbasak: thanks!
<oerheks> gabrielc did this happen *after* you got chrome 60 ?
<oerheks> odd, that new signingkey is not announced ..
<nacc> rbasak: seeing a very strange failure with src:pacemaker (a --no-fetch re-import to test my changes). One specific version of pacemaker orig is showing up with hearbeat_(version).orig.tar.gz in pristine-tar instead of pacemaker_(version).orig.tar.gz. Running `gbp import-orig` manually on the same file (based upon the logs from the importer), it creates the pacemaker orig tarball correctly. I believe
<nacc> `gbp` only uses the tarball name to determine the srcpkg and I don't see anywhere that would make it see heartbeat...
<rbasak> nacc: file a bug I guess? I don't see right now what's going on.
<nacc> rbasak: i added a bunch of debugging
<nacc> rbasak: and i see what's happening but not sure why
<nacc> rbasak: looks to be a gbp bug :)
<nacc> gbp:info: Source package is heartbeat
<nacc> rbasak: bug filed
<nacc> rbasak: for the importer that is, i'll communicate with upstream once i undersatnd why :)
<cliluw> Can I automatically give a user a root shell when they SSH in so that they don't have to preprend "sudo" before their privileged commands or have to run "sudo -s"?
<nacc> cliluw: i don't think you would generally want to do that
<sarnold> if you want the user to be root you could set the uid in shadow and passwd to 0, and set the home dir to match
<cliluw> nacc: Generally, that's correct. In this case, I do want to do this - this is for an automated script.
<nacc> cliluw: note, though, your question isn't exactly coherent
<Poster> if it's automated, you can set "PermitRootLogin without-password" in your /etc/ssh/sshd_config then use SSH keys to bring the user in
<nacc> cliluw: 'giving a user a root shell' does not only mean "that they don't have to prepend "sudo" before their privileged commands"...
<nacc> cliluw: it means all commands are privileged commands :)
<Poster> it would be better to use sudo and limit what commands can be used
<sarnold> or set authorized_keys restrictions on what can be executed by the program, and optionally enforce that with apparmor and pam_apparmor ..
<rbasak> IMHO, if the manner in which ssh is used means that people are using unrestricted sudo all the time in practice, then it's fine to log in directly as root. This is against the accepted wisdom though.
<rbasak> It's only of value to create independent users for individual admins if sudo is restricted and/or actual auditing really happens of what they do.
<rbasak> Otherwise the per-admin user is just a hurdle that provides no actual security benefit.
<nacc> right, I think in this case, use ssh keys, allow ssh as root with specific keys, is the best choice
<nacc> (presuming cliluw's description is accurate)
<drab> cliluw: cleanest, and simplest/quick) (which for me has been at times very important) solution is to PermitRootLogin without-password, set up a passwordless ssh key on the client and use the "command" to launch a simple bash script that filters what's allowed (and potentially logs things)
<drab> security is only useful when measured against realistic threats and targeted assets
<nacc> heh
<nacc> drab: +1
<drab> otherwise it's just stuff that sounds nice to the hears and looks good in a presentation
<rbasak> Restricting to a simple bash script that filters and logs is a good idea, but be careful about implementation. It's quite easy to leave other channels open, making it pointless if your threat model includes a malicious (or compromised) admin.
<drab> if I could only get back all the time I wasted on "best practices in a vacuum" I'd enjoy a vacation for the rest of my life :P
<drab> rbasak: agreed
<cliluw> nacc: Allowing root login is an option but not ideal. I would prefer that the actions of the script show up as a non-root user for better auditing.
<nacc> cliluw: is the user logging in with a password? or ssh key?
<cliluw> nacc: Only SSH key, no password
<nacc> cliluw: if the latter, you can give them passwordless sudo, since it seems like your model is trusting that specific user (and their key)?
<nacc> cliluw: again, not recommended, but if you want it for auditing, that would work
<nacc> cliluw: they'd need to type sudo, but they wouldn't be prompted for a password, at least
<drab> or you can use the command and wrapper and prepend sudo to all of them after confirming the cmd is allowed
<nacc> cliluw: otherwise, i think, you'd need to add the user to the appropriate group or do what sarnold suggested
<nacc> drab: ah true, yeah, that'd work
<cliluw> drab: Seems a bit tricky to write a wrapper script that will be able to filter down to only the commands I want to run since Bash is such a syntactically complex language.
<drab> cliluw: it depends what you're doing, for CI type of stuff ime it was very simple, sometimes a straight string match with a simple check on special characters like ;
<drab> but like I said, I'm not you and I don't have your exact problems, so I don't know
<drab> I've really come to believe in specificity and constraints, we all make tradeoffs all the time, whichever is best for you I don't know
<nacc> rbasak: what did we decide to do about MPs that already were sponsored? https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/326073
<cliluw> drab, nacc: Thanks for your advice. I'll probably go with passwordless sudo option. It sucks to have to prepend "sudo" to every command but it's not the end of the world, I suppose.
<drab> cliluw: if you do that you might as well have a "blank" wrapped that prepend sudo
<drab> nothing to lose
<drab> wrapper*
<drab> at least it takes the suckiness out of it for you and it requires no additional investment to setup other than one line in the authorized_key file and one line in the bash script
<drab> well, two with the header :)
<rbasak> nacc: I've been pushing upload tags for those regardless, since they can be picked up by 1) any developer who is doing archeology or another merge, even if it wasn't incorporated into the commit graph by the importer; and b) our expected re-imports before we declare commit graph stability
<ikla> how do you install on an EFI partition
<ikla> the installer doesn't support it?
<drab> ikla: the installer most definitely supports it
<ikla> 16.04.2 ?
<drab> yes
<ikla> there is no option for EFI partition type
<ikla> in manual mode
<drab> it goes into efi install if it boots as efi
<drab> are you positive the installed booted from an efi device/as efi?
<drab> iirc there's no way to manually specify "install in efi mode"
<drab> it depends upon boot time
<ikla> no
<ikla> you can create partitions manually
<ikla> bios boot
<ikla> then efi part
<ikla> then all the rest
<ikla> shouldn't matter if you booted from efi or legacy
<ikla> boards support dual mode and could possibly boot non-efi but still have support
<ikla> can I pass a kernel parameter to force the installer into efi?
<ikla> cause it has no option in manual mode which is b.s.
<drab> ok, maye you're right, all I know is what I experienced, efi installs worked when I booted in efi mode, but I never tried to create an efi install when booting in bios mode
<ikla> even tried creating the partitions with fdisk
<drab> I don't recall of any specific option to the kernel, no
<ikla> set the correct partition types and the install in manual mode doesn't know how to handle them
<drab> but I don't do a lot of efi, only needed it once to boot from a nvme partition
<ikla> yeah - I only have an NVMe device
<ikla> in this system
<ikla> :)
<drab> so yeah, in my case all I ddi was to create a usb install key, press f9 at boot and selected the key under the UEFI tree instead of Legacy tree
<drab> and then in manual mode I could create the efi partition and all
<drab> that's the best/most I can offer from the little I knwo about it
<ikla> I'll try that
<drab> mind you, my plan ultimately failed... but that was a bios problem
<drab> even after correctly installing to the nvme device I could not subsequently boto from it
<drab> in case this info is of any use to you... I spent 4 days going back and forth with SM support about nvme bios to conclude this wasn't possible on X9s
<sarnold> aww
#ubuntu-server 2017-08-05
<drab> dunno what your hw is, but thought I'd mention because after finally being able to install in EFI I thought I had it
<drab> and I was soooo wrong...
<drab> :)
<drab> yeah, sucked to be me that week
<drab> on the up side I learned quite a bit through the process
<drab> so I don't really mind, just need to take a step back for perspective, in the moment it quite sucked I admit
<sarnold> plus no nvme booting :/ on a machine that could probably stand to use some help booting more quickly :)
<drab> nah, I think I got that covered, I put in a pci-e adapter and slapped a m2-ssd in it :P
<drab> that's one of the many nice things I found out about in that week
<sarnold> that worked but the nvme didn't? o_O how's that different?
<drab> there's actually some surprisingly cheap things you can do with pci-e expansion slots and m2
<drab> yeah, the pci-e adapter still has a sata cable going to the sata port on the mobo
<drab> so the disk is still presented to the bios as a sas device
<sarnold> really? is that just for booting? or .. now.. now I'm confused again
<drab> for booting and OS, I got a dual card, one side is a m2sata, the other is nvme
<drab> so the sata is for OS/booting, the nvme for app
<drab> all in one pci-e
<sarnold> ohho
<sarnold> that's clever
<drab> and the nvme is accessed through pci-e bus, which in the X9 feeds right into the CPU, it's pretty neat
<drab> while the m2 goes through standard sata bus, but it's plenty for Os/boot
<drab> it's both a headache and fun to find creative way to make the little donation money work
<drab> but you can build a 32cores, 128GB of ram with nvme for ~$700 on a good day
<drab> and beats in reliability, power comsumption and maintenance all the donated desktops they were using
<drab> (moving some off to containers on that srv as I type... finishing cups instance up)
<sarnold> zounds nice work
<drab> I'd rather be doing woodwork all the time :P
<sarnold> you resisted the temptation to just keep looking at slightly newer and slightly newer gear..
<drab> but they need this more than they need work, so whatever, I'm here to help after all
<drab> sarnold: well there just isn't the money... :P
<sarnold> drab: oh that helps
<drab> at this point I figured that 2 generations old is the sweet spot... you get new features and relatively upgradable tech while costs have dropped substantially
<sarnold> I started out skimming ebay and deepdiscountservers and kept going for better efficiency and quieter and so on..
<drab> in the case of SM for example the X10 and X11 have of course many improvements, but to this business case it really doesn't make a difference
<drab> and we have a remote basement :P
<drab> wouldn't want this in a homelab for sure
<drab> yeah, I've done that too, then I look at the budget I was given and hit the back button :)
<sarnold> :)
<drab> it's very time consuming to build custom like this tho, I'd never do it for a business
<drab> you can save quite a bit and get quite a lot out of each $$, but it's a huge time sink, you'd spend more in wages at that point
<sarnold> I was happy to pay thinkmate to build and test it for me; I don't have any parts tha I could use for troubleshooting, and that class of hardware was entirely new to me. I didn't want to wind up with a few thousand dollars worth of parts that didn't want to play well together
<drab> yeah totally, I was on the edge for the whole week because no matter how much I gogoled I just couldn't be sure
<drab> but there's also 30 days return
<sarnold> well done with the neato sata + pci mixed thing. crazy.
<drab> the worst part was to get the power cable over since the chassis aren't really designed for that...
<drab> it's a SAS case with a backplane, no SATA business even tho it has sata connectors on the mobo
<sarnold> heh that was half of why I liked thinkmate there -- even though it's got a sas expander they were prepared to sell it with sata drives plugged in. :)
<rose_> can someone tell me why downloading from an internet ip like using http is faster than using http from a local pc on the lan. the download speed from the internet is 3megabytes/s while local pc source is 30kb/s!! can someone tell me what's up? I'm downloading to a laptop pentium 3 with gigabit card from a iis web server on windows 7 that has also gigabit card
<cncr04s> something is wrong then
<cncr04s> you would need to diagnose the issue
<cncr04s> its either the nic, cable, the server/config
<rose_> I can test with samba if I knew how
<rose_> cncr04s: do you know about iis
<cncr04s> I used it once a long time ago, I'm an apache person
<rose_> I know my nic is fine cause it can download a 3MB from the internet must be the iis
<rose_> I'll use another pc good idea
<rose_> a third laptop with windows 10 on wireless n downloads at 5mb/s is not iis
<rose_> i'm using links2 to download the file could that be why? where to change download speed? I checked couldn't find
<sarnold> I guess that's a possibility; try wget or curl, those should hit almost-wire speeds no trouble
<sarnold> even on a p3
<sarnold> maybe not full gig,but hopefullysomething better than 30kbps :)
<sarnold> the next debugging steps might be to use tshark or wireshark or tcpdump to see what's actually being sent
<rose_> sarnold: yea  I forgot about curl or wget! gez
<rose_> sarnold: btw what mime type do I set for pk3 files
<rose_> application/x-pk3?
<sarnold> rose_: sorry, no idea; what application would you use to read those?
<rose_> urban terror
<rose_> sarnold: I tried wget I have no curl and the speed is 50kb/s slow too
<sarnold> hrm, not much docs around the web about the mime type to set. I think I'd use application/octet-stream unless you can find something specific..
<rose_> sarnold: why? is not iis why downloading from other lan pc is slow I can donwload faster from internet
<rose_> sarnold: ok
<sarnold> rose_: you'll just have to figure out what's wrong one step at a time; you can try replacing components one at a time or maybe tcpdump, wireshark, tshark, etc., to watch the transfers and try to spot protocol problems, or excessive arps, or whatever
<rose_> sarnold: unfortunately I don't know how I'll have to post it on like a forum
<rose_> I can record with tcpdump but then I wouldn't know where to start
<sarnold> unless you're familiar with what normal looks like it could be hard to spot abnormal..
<rose_> sarnold: do u know how to connect to my windows shares?
<rose_> I type smbclient IP 10.0.0.6 and it shows help info
<sarnold> it's something like smbclient \\\\servername\\sharename
<sarnold> if you need to use an IP because the servername isn't automatically resolved then I think -I will let you specify the IP
<rose_> I did that I'll try again
<rose_> sarnold: it doesn't work
<rose_> sarnold: I get the screen with all the swtiches
<rose_> I'm typing smbclient -I 10.0.0.6
<rose_> I tried -p 445 too
<sarnold> I think the server name may be mandatory
<sarnold> either smbclient -I 10.0.0.6 -L \\\\servername    or smbclient -I 10.0.0.6 \\\\servername\\sharename
<rose_> sarnold: however -L and hostname shows my shares
<rose_> yea I'll keep digging
<rose_> sarnold: ok I'm in
<rose_> sarnold: I typed get file.mp4 and it gave me an error
<rose_> it kinda hanged for like 30sec
<sarnold> what error?
<rose_> sarnold: I can download files from that share from other pcs
<rose_> I'll know in a second
<rose_> it says paralle read returned nt_status_io_timeout
<rose_> sarnold: I got the same problem than a guy on superuser forum
<rose_> nt timeouts and slow file sharing
<sarnold> rose_: maybe that means there's something in the windows event viewer
<rose_> sarnold: not much
<rose_> sarnold: just some errors not related to file sharing
<rose_> sarnold: asI can share with like my laptop and phone
<sarnold> rose_: dang :/ time for me to run; good luck
<rose_> cool
<lordievader> Good afternoon
<hosas> hello. how do I setup my ubuntu 16.04 to use my school proxy? the normal gui just not working for me. thanks
<gunix> hosas: i don't think this question is for ubuntu server, but i will help you anyway
<gunix> hosas: you have 2 options of setting up your proxy. via GUI (write proxy or network in search box) and you will have a window to configure manual proxy. however, this will work for chromium/firefox but it might not always work for bash
<gunix> hosas: for bash, you should run the following commands: "export http_proxy=http://10.10.10.10:8080/" and "export https_proxy=https://10.10.10.10:8080"
<gunix> hosas: of course, replace 10.10.10.10 with your ip
<hosas> gunix: thanks
<gunix> hosas: adding the exports within the terminal will fix your proxy for stuff like apt and wget within the terminal, but not for stuff from the Desktop environment. you need to add them with the network interface in order to get proxy to work with chromium or whatever browse you use
<hosas> gunix: the proxy has a username and password- how do I add that to the bash-option?
<gunix> hosas: i forgot
<gunix> hosas: there were multiple ways, but i found a proxy within my company that works without auth, so i use that
<hosas> ok
<hosas> it's school proxy I just need to use to activate an academic license of a software
<gunix> hosas: export http_proxy='username:password@http://proxy_hostname:proxy_port'
<gunix> try that
<hosas> gunix:  wait in the network interface I can't see proxy option there
<hosas> ok
<hosas> thanks
<gunix> hosas: from GUI you should find this: https://i.stack.imgur.com/YkO3x.png
<hosas> oh that
<gunix> hosas: if this works for you, please confirm so you can make me happy i helped someone
<hosas> I didn't work with the terminal
<hosas> but thanks
<gunix> hosas: if your password has some special characters you might need to escape them
<hosas> gunix: It doesn't have to work for to know you've helped. you've helped already by just replying me.
<hosas> gunix: of course my password has special characters
<gunix> hosas: i thought so ... that will give you some work :D try to do some "wget google.com" and you should receive the error from the proxy. if the credentials fail, try escaping the characters
<hosas> ok
<hosas> let me give it a try
<hosas> the proxy didn't work, but thanks man. I think it's because of the special character:-D
<gunix> ...
<gunix> hosas: did you try to google it?
<hosas> I did
<gunix> hosas: and still nothing?
<hosas> someone suggest character encoding
<gunix> hosas: give me your password so i can try it locally
<gunix> cool joke, right?
<hosas> hahahahaha
<hosas> maybe I drink too much
<hosas> gunix: would try it when I'm more sober. thanks again.
<gunix> hosas: too much wine in paris and you have been tasked to clean all the bottles?
<hosas> :)
<hosas> it's weekend man
<gunix> hosas: i don't judge
<shrouder> how does nm-applet do I.C.S. I want to copy over the settings for doing I.C.S. without the gui or x running.
<shrouder> something for #ubuntu-router
<Poster> If you're referring to Internet Connection Sharing, you can setup a very basic NAT system by enabling IP forwarding and applying one iptables rule
<Poster> in /etc/sysctl.conf, set net.ipv4.ip_forward=1 (it may be commented out), you can activate it with "sudo sysctl -w net.ipv4.ip_forward=1" the last thing is to apply NAT on your external interface, assuming it's eth0, it would be "sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"
<Poster> there are much better ways to set all of this up, but that should get you started
#ubuntu-server 2017-08-06
<hehehe> hey hey
<hehehe> going to buy small desktop
<hehehe> :D
<hehehe> laptop gives burning smell
<hehehe> hehe
<hehehe> maybe cpu paste
<hehehe> or go figure
<gunix> ok ...
<hehehe> :)
<jak2020> hi all anyone use here ec2 services?
<ddellav> I'm sure there are lots of people here using aws, best to ask your question and let those of us consider it :)
<jak2020> i created a server.. ubuntu server 64 bits, my quesiton is, how to access wich is the password of root user?
<ddellav> jak2020 when connecting to a fresh ubuntu server with on EC2 you will ssh to the ubuntu@ip using the key file you setup in AWS console
<jak2020> yes
<jak2020> i am on the console, but i want do a su-  (wich is the password?
#ubuntu-server 2018-07-30
<momken> hello
<momken> I want to build an ubuntu server with this architecture
<momken> My PC have an SSD for OS partitions (/ and /boot, etc.) and 2x2TB HDDs for Data partitions.
<momken> I already have many different ext4, NILFS and BTRFS partitions for different kinds of data (media, docs, projects, backups, etc)
<momken> Now I want my server to allow this features:
<momken> 1- Only does soft-raid1 (mdadm) for more important partitions (e.g. docs, projects but not media partition containing videos)
<momken> 2- Does a level of encryption so that if my HDDs are stolen my data won't be compromised. But obviously, I don't want to enter a passphrase after every boot, because it's a server (mostly headless and without a keyboard) and also may reboot many times due to powerloss
<momken> I don't know how to do the encryption part
<cryptodan_mobile> how would i upgrade php5 to php7 on server 14.04.2 as well as apace2 to the latest?
<cryptodan_mobile> for anyone interested ubuntu 14.04.2 doesnt produce the aacraid error . driver 1.20 of the adaptec raid controller is stable
<Kowalski> excuseme
<Kowalski> can i create 2 pc with ubuntu server on each pc but count as 1 ubuntu server on network?
<cryptodan_mobile> like load balanced?
<Kowalski> something like that
<Kowalski> i already have 1 ubuntu server
<Kowalski> and this server almost full with database,
<Kowalski> can i install a new pc with ubuntu server and expand the storage capacity?
<Kowalski> oh sorry
<Kowalski> can i run ubuntu server on 1 pc, where database server running, but store the database file on another ubuntu server pc
<Kowalski> ?
<cryptodan_mobile> yes
<whislock> You can, but for databases, that's not advisable.
<whislock> Kowalski: ^
<pheizax> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<pheizax> Make sure to report this IP to any DNSBLs you might think of! That'll totally stop the flood. https://dronebl.org/ I also recommend installing https://github.com/kaniini/antissh
<cpaelzer> good morning
<cpaelzer> jamespage: does the UCA hold ppc64 binaries (even if they might not be supported) ?
<jamespage> cpaelzer: it does and they are supported
<jamespage> hmm now you make me ponder that last statement
<jamespage> yes it has ppc64el binaries
<cpaelzer> fine enough for me
<cpaelzer> thanks jamespage
<TJ-> Is there a way to configure the qemu default device modes (e.g. SCSI controller using virtio as the default) ?
<cpaelzer> TJ libvirt code has defaults per machine type
<cpaelzer> TJ-:  to admit I never checked if those defaults can be modified as I always liked that it will fill in sane defaults (and learning with new versions)
<cpaelzer> so I could keep my minimal xml and it would do the rest, I see the benefit of overriding defaults thou
<cpaelzer> just not sure if that is somewhere already as a feature
<TJ-> yeah, I've hit a series of bugs in vagrant-libvirt where it doesn't expose a way to set the device mode and therefore generates a broken libvirt domain XML, which results in the disk image device not being visible to linux kernel, so it drops to the initramfs shell!
<TJ-> I'm currently trying to script a workaround that puts "vagrant up" into the background, waits for the domain to start, then does "virsh dumpxml ... | awk 'clever code...' to extract and fix the device entry to add "mode='virtio-scsi' " then calls virsh update-device ... !
<cpaelzer> so you'd want to switch the default device mode to get it working
<cpaelzer> hmm
<TJ-> I was hoping to just set qemu to use something else as the default to avoid this but can't find a way
<cpaelzer> I think the defaults for the modes are driver specific and come from the code - at least I would not rememver a config changing that
<cpaelzer> it is like "get-config-from-xml, otherwise set foo"
<TJ-> yeah, same here. I used to hack on qemu
<TJ-> But a man can dream :)
<TJ-> Spent the entire weekend hitting bugs in vagrant, vagrant-libvirt, qemu, ansible! An automation tool that should have taken 10 minutes to set up and save me time! Would have been better off doing it manually :D
<cpaelzer> I was never too happy with vagrant
<cpaelzer> but others are, so I assume as usual it depends on expertise using it
<TJ-> much of the problem is incorrect/missing/out-of-date documentation, changes in the way Ruby behaves (syntax)
<cpaelzer> that pretty much summarizes my pain with it
<TJ-> It's hard to know how much pain to take before ditching it too
<TJ-> Once it's working fine, I've got a very complex single-guest scenario to deploy using ansible, which will get iterated thousands of times so I *think* it's worth the pain so far :)
<xnox> dpb1, hi!
<xnox> have you seen https://bugs.launchpad.net/ubuntu/+source/mailman3/+bug/1775427 ?
<ubottu> Launchpad bug 1775427 in zope.hookable (Ubuntu) "[MIR] mailman3 to replace mailman, or drop mailman to universe and off server iso" [Undecided,New]
<ahasenack> xnox: dpb1 is on PTO this week
<xnox> ahasenack, thanks
<ahasenack> xnox: I added a card to our trello board and assigned it to him
<xnox> ahasenack, tah. I'm ok with doing MIRs, but imho i need a product decision whether or not we want /any/ mailman in main; and on the old server iso.
<xnox> ahasenack, i.e. drop mailman; or replace mailman with mailman3 in main.
<ahasenack> and the latter needs mode deps
<Ussat> sudo do-release-upgrade -d , so testing this now on a 16 --> 18 upgrade test system
<Ussat> I know the -d flag isnt going to be needed when the switch goes live, but wanted to give a prelim try
<ahasenack> just be careful you don't pick cosmic (it shouldn't)
<Ussat> OK, so upgrade test went fine but....I thought it would be useing netplan by default ? /etc/netplan is empty
<ahasenack> not for upgrades
<nacc> Ussat: i think that would only be true on fresh installs
<nacc> much like most things, stuff doesn't convert (normally) in the first upgrade path
<nacc> it's better for it to work as-is :)
<Ussat> OK, thats fair
<Ussat> OH...I agree
<nacc> Ussat: also, it's not ... 1:1 to convert from eni to netplan
<Ussat> I was just noticing it did not, might want to make that known in the docs so people dont freak
<Ussat> is there a plan to eventually do a conversion ? I just think (IMHO anyway) having multiple 18.* systems, some with netplan some without would be confusing in the long run
<Ussat> I dont think I will convert my existing 16 systems rught away anyway, wil let it bake a while, just to be sure
<nacc> Ussat: i don't know the answer to that, sorry
<Ussat> NP
<Ussat> Had to ask :)
<cryptodan_mobile> TJ-: ubuntu server 14.04.2 works flawlessly by the way
<cryptodan_mobile> TJ-: any way to get the latest lamp stack on it?
<nacc> cryptodan_mobile: 14.04.2? that's eol. You should either be on 14.04.1's kernel (3.13) or 14.04.5's kernel (4.4)
<nacc> cryptodan_mobile: if you are fully up to date, both kernels will report 14.04.5, which is what your `lsb_release -sd` should say
<TJ-> nacc: it's needed
<nacc> TJ-: buggy hardware?
<cryptodan_mobile> Cant as any newer ubuntu server causes my server to malfunction
<cryptodan_mobile> aacraid bug
<TJ-> nacc: the system, A Dell PowerEdge, loses its aacraid with current supported kernels, we needed an old ISO to boot from to do some fixing
<nacc> TJ-: even with the 3.13 kernel?
<TJ-> nacc: there are a bunch of accraid changes that have broken older hardware
<cryptodan_mobile> nacc: 3.13 works
<nacc> ok, so use that? rather than an unsupported, unfixed kernel? :)
<TJ-> nacc: this was to find out if .2 was also broken
<cryptodan_mobile> I was letting TJ- know it is working
<nacc> ah ok
<nacc> sorry for the noise then
<TJ-> nacc: this isn't installed, it's a LiveISO to work from
<cryptodan_mobile> Nacc Nacc np and its installed TJ-
<TJ-> there are some Fix Committed patches due, but they may not cover this specific issue
<nacc> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1653162 ?
<ubottu> Launchpad bug 1653162 in linux (Ubuntu Xenial) "System won't boot after upgrade to 16.04 with 4.4.0 kernel" [Critical,Incomplete]
<TJ-> cryptodan_mobile: to your question: you could pin the current working kernel before doing apt-get dist-upgrade so everything else upgrades
<cryptodan_mobile> I'll post that and the driver for aacraid
<TJ-> possibly Bug #1770095
<ubottu> bug 1770095 in linux (Ubuntu Cosmic) "Need fix to aacraid driver to prevent panic" [Critical,Fix committed] https://launchpad.net/bugs/1770095
<TJ-> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1777586
<ubottu> Launchpad bug 1777586 in linux (Ubuntu Bionic) "Ubuntu Server 18.04 LTS aacraid error" [High,Confirmed]
<TJ-> possibly also Bug #1777586
<cryptodan_mobile> Its funny after 16.04 install its stable but when I add drive i/o it drops the raid controller
<cryptodan_mobile> 3 or 4 reboots and no more boot
<TJ-> I know with a logn time ago with a PE 6400 the solution was firmware update of the controller
<cryptodan_mobile> I maybe able to do that now via command line now that its stable
<TJ-> I think I still have floppy disks here with the bootable firmware update on :)
<RoyK> TJ-: dd a copy of them - floppies don't last that long ;)
<TJ-> RoyK: They've lasted 15 years so far :)
<RoyK> that doesn't mean they'll last another 15
<TJ-> RoyK: still got some 360K/720K 5.25" floppies here that are readable
<RoyK> just use ddrescue to get some copies
<TJ-> lastest longer than almost all the HDDs :)
<RoyK> TJ-: someone at work had thrown away a 360kB 5,25" floppy drive (DS/DD) - I had to rescue it
<RoyK> TJ-: probably because those HDDs were spinning and the floppy wasn't
<TJ-> RoyK: I'm on about in storage. Electronics on the HDDs tends to deteriorate
<RoyK> when under use, yes, usually not when not in use
<RoyK> and mostly, it's a head failure that kills drives
<RoyK> not the controller
<RoyK> and I know that from an old friend that once started https://www.ibas.no/, who once upon a time was world leading in data recovery
<Pcost8300> Hello, how do i disable silent parameters on ubuntu server 14? I have a problem and my provider tells that the server boots and when it tries to go to the Os it goes back to PXE
<JanC> I'm pretty sure any 5.25" floppies are > 15yo...  :)
<Pcost8300> thank you in advance.
<compdoc> Pcost8300, it was booting before?
<Pcost8300> yes it was
<compdoc> sounds like it cant find the OS
<Pcost8300> this problem came recently after years of work
<Pcost8300> this has something to do with grub
<JanC> Pcost8300: can you select the rescue boot option in GRUB?
<JanC> or do anything in GRUB really
<Pcost8300> yes i can enter recovery mode
<Pcost8300> well i cant see grub because the provider just gave us a powerpanel
<JanC> that should not be silent
<Pcost8300> im using server4you
<JanC> or you can edit the GRUB_CMDLINE_LINUX_DEFAULT parameter in /etc/default/grub
<Pcost8300> ok ill give it a look
<JanC> then run update-grub afterward (if possible...)
<JanC> if you can't, then you might have to edit grub.cfg directly (but it will be overwritten on the next update-grub run, e.g. when upgrading kernels or such)
<Pcost8300> ok thank you JanC i will follow your advice
<tomreyn> documentation on this providers' PXE boot recovery system, in case you'll need it https://www.server4you.com/community/article/operating-systems/152-about-linux-recovery
<TJ-> Hmmm, package virtinst claims to contain virt-image, but doesn't
<Pcost8300> thank you tomreyn
<nacc> TJ-: no longer mentioned on the upstream virt-manager page, fwiw
<nacc> TJ-: removed in 1.1.0 (9/7/14)
<nacc> announced in 1.0.0 (2/14/14)
<TJ-> nacc: right. I've created a bug
<TJ-> Bug #1784424
<ubottu> bug 1784424 in virtinst (Ubuntu) "18.04: virt-image no longer included" [Undecided,New] https://launchpad.net/bugs/1784424
<nacc> TJ-: ack, probably easiest to fix in debian, tbh; i don't think we'd normally add delta for that
<Pcost8300> some of the stepts i think cannot be applied to my problem
<Pcost8300> using fdisk -l command theres is no * boot flag in any drive
<Pcost8300> by the way there are two drives sda and sdb with the same sice en each partition
<Pcost8300> 1mb BIOS BOOT  466m linux raid  7.6g linux raid 2.7T linux raid
<TJ-> nacc: right... shame we don't have a switch in launchpad to automatically forward the bug report to debian
<TJ-> Ahhh coreutils how I love thee! Giving me "timeout" when vagrant provides no way to create a new VM but not start it
<TJ-> "timeout 5 vagrant up" :)
<cyberspectre> On ubuntu server, the default web directory accessible by http is /var/www/html. I need to be able to scp upload files to that directory with one command, which isn't possible because root. Can this directory be changed to somewhere in the home directory?
<nacc> cyberspectre: what is your need to do that?
<nacc> cyberspectre: it's not typical to need to be able to scp to your web root
<cyberspectre> automated file updates
<nacc> you could also consider using userdir or whatever and ~/public-html
<nacc> ~/public_html, rather
<nacc> cyberspectre: that's so vague as to not be a reasonable response :)
<cyberspectre> if I use ~/public_html, will that automatically be available via http?
<TJ-> cyberspectre: you could use ACLs to allow a non-root user to traverse/write there
<cyberspectre> thanks TJ- ; would it be a better idea (more secure) to use the public_html directory?
<TJ-> cyberspectre: well, not if you want to update the server root, but if it's acceptable to use the userdir module and access via http://server/~$USER/
<nacc> cyberspectre: which is why i said it was vague; i (still) don't know what you're actually trying to do
<cyberspectre> Oh, right, so you'd need to access via that url structure
<TJ-> cyberspectre: what I usually do is "sudo chmod -R g+w /var/www/html" and then "adduser $USER www-data" - this allows the www-data group write access to /var/www/html and then adds $USER to www-data group
<cyberspectre> nacc, my company has a web server for media files located at company.info
<cyberspectre> and I need to set up automated synchronization with a local machine that produces the assets
<TJ-> cyberspectre: oh, and "sudo chown -R :www-data /var/www/html
<TJ-> depends on which release it is as to whether the directory is owned by www-data or root
<cyberspectre> TJ-, in the commands you provided, would you do "adduser $USER" verbatim? Or do you replace with your username
<nacc> cyberspectre: just for one local machine?
<cyberspectre> nacc, yes
<nacc> cyberspectre: then it'd be whatever user is on that machine that can scp to the web server
<nacc> cyberspectre: the user it authenticates as on the webe server, that is
<TJ-> cyberspectre: well, I'd use $USER if I want to add the user I'm currently using; else I'd specify another username that is valid
<cyberspectre> Right, so if that user is "Jeff" then "adduser $Jeff www-data" ?
<TJ-> cyberspectre: no... if you're logged in as "ubuntu" then "adduser $USER www-data" will add user "ubuntu" to group "www-data". If you want to add "jeff" you'd do "adduser jeff www-data"
<TJ-> "$USER" is an environment variable set when you log in so it is always your current username
<TJ-> in the same way that "$HOME" is that user's home directory (same as ~)
<cyberspectre> nacc, TJ- thank you guys
<cyberspectre> I added the user to that group and now scp works as intended
<cyberspectre> Much appreciated!
<ahasenack> rbasak: if you are still around, could you please import/refresh ndctl and pmdk?
<ahasenack> rbasak: also for tomorrow, I'm starting an apache2 merge, and finding out that all my previous uploads (with the git workflow) do not have rich history, and I'm having to do the reconstruct again
<nacc> ahasenack: you don't have to do it again even in that case, you just need to use git-fu
<ahasenack> still, I'd like to know if it's something wrong I did on my side, or a bug
<ahasenack> as far as I know, I dput'ed only after the upload tag was pushed by someone else
<nacc> i'm looing purely from the git side
<nacc> which was the last merge? 2.4.33-3ubuntu1 ?
<ahasenack> merge? yes. Upload? 2.4.33-3ubuntu3
<nacc> which is the one not matching? all of them?
<ahasenack> yeah
<ahasenack> pick 65084dea Import patches-unapplied version 2.4.33-3ubuntu1 to ubuntu/cosmic-proposed
<ahasenack> pick bc275a7e Import patches-unapplied version 2.4.33-3ubuntu2 to ubuntu/cosmic-proposed
<ahasenack> pick fad2aea4 Import patches-unapplied version 2.4.33-3ubuntu3 to ubuntu/cosmic-proposed
<ahasenack> all these 3
<nacc> hrm
<nacc> the importer ran on may 15 for 2.4.33-3ubuntu1
<nacc> but the upload tag is dated july 9 ?
<nacc> oh wait
<nacc> let me re-read the metadat to make sure i'm right :)
<ahasenack> changelog date is indeed may 15th
<nacc> and publishing history says may 23
<ahasenack> that's ok, takes a while to review
<ahasenack> and migrate
<ahasenack> trying to find the mp
<nacc> oh wait, it says the tag is may 15
<ahasenack> https://code.launchpad.net/~ahasenack/ubuntu/+source/apache2/+git/apache2/+merge/345312
<ahasenack> cpaelzer said he pushed the tag on may 15th on a5941629
<ahasenack> this is one of those mps where the lp diff is wrong, I wonder if that's related
<nacc> shouldn't be
<nacc> although i see a commeent of cpaelzer tagging
<nacc> and then commits being added?
<ahasenack> that last commit is odd, that's from 2.4.33-3ubuntu2 apparently
<nacc> ok
<ahasenack> that would be https://code.launchpad.net/~ahasenack/ubuntu/+source/apache2/+git/apache2/+merge/345796
<nacc> ahasenack: sorry, not able to debug it further right now
<ahasenack> sure, np :)
<ahasenack> hm, an orig tarball that has debian/ already, and it's not a native package
<ahasenack> that's a wrinkle
<ahasenack> https://bugs.launchpad.net/usd-importer/+bug/1734657
<ubottu> Launchpad bug 1734657 in usd-importer "collision with debian dir on build-source - FileExistsError: [Errno 17] File exists: 'debian'" [High,In progress]
<IT_Rando> So I installed Landscape on an AWS instance running Ubuntu 16.04 and the problems have never seemed to end. The server sets up fine with landscape-quickstart and a little bit of configuration file editing, but then what really screws me over is that package updating for client laptops fails half the time, and that's after opening ports 80 and 443 to my IP. I keep getting the same error message and the
<IT_Rando> listed bug is a broken link. I posted on askubuntu about it: https://askubuntu.com/questions/1050482/landscape-package-changer-keeps-crashing
<IT_Rando> Does anyone happen to know why my LDS issue, mentioned in https://askubuntu.com/questions/1050482/landscape-package-changer-keeps-crashing, is happening? Or why the link listed in the error report is dead?
<xnox> IT_Rando, i think it's best to contact your landscape support team about that? i thought there should be a way to open a support ticket from the landscape UI, no?
<xnox> IT_Rando, this time of day is quite here, and i'm not sure you can get paid/SLA support here.
<xnox> IT_Rando, ditto askubuntu.com -> is community support / public forum, not landscape support.
<IT_Rando> xnox Gotcha. Unfortunately, I have a standalone license for testing purposes for my company, and I'm not gonna have access to the paid support unless I can convince the brass to use it
<xnox> IT_Rando, sad =/ maybe you can get in touch with landscape sales people about this, or better open an actual bug report -> $ ubuntu-bug landscape-package-changer
<xnox> IT_Rando, and maybe give the bug # to me?
<IT_Rando> Gotcha.
<xnox> i see that https://bugs.launchpad.net/ubuntu/+source/landscape-client/+bug/1758529 is private
<ubottu> Error: launchpad bug 1758529 not found
<xnox> but it is fix committed and will be released soon
<IT_Rando> Oh?
<xnox> details are at https://github.com/CanonicalLtd/landscape-client/pull/45
<xnox> which are public
<xnox> (the bug report, has but reporter's private data in the logs, hence only available to developers to view)
<IT_Rando> Oh man, thanks a ton. I was tearing my hair out over here.
<xnox> IT_Rando, so i guess you can patch that bit in locally no? https://github.com/CanonicalLtd/landscape-client/pull/45/files
<xnox> it's just a few lines to copy & paste =)))))
<xnox> IT_Rando, yeah, i'm nobody really. just can view bug triange.
<IT_Rando> Thanks! For reference, how'd you find this? Was it in the private bug report?
<xnox> IT_Rando, yeah
<xnox> IT_Rando, ladscape support would have been able to view that too.
<IT_Rando> All right. In the future, if I can't see a bug report, I'll know what that means. And provided this fixes the problem (which it likely will) I'll probably have access to the paid support soon. Thanks again.
<xnox> IT_Rando, i can check with landscape devs tomorrow to see if they can scrape private data and make that bug report public, such that it would be visible when the client is fixed in bionic.
<IT_Rando> That would be great
<xnox> IT_Rando, no problem
<oerheks> v/clear
<nacc> ahasenack: the tress don't match
<nacc> ahasenack: for the upload and import tag
<ahasenack> :(
<ahasenack> could this be a case of problems because of the empty directories?
<nacc> is it docs/ ?
<ahasenack> that's the other thing that came to mind
<nacc> if so, yes :)
<ahasenack> yeah, iirc
<nacc> http://paste.ubuntu.com/p/VrNFhK55hR/
<nacc> now, in theory, we could detect these kinds of cases, i think
<nacc> if the only difference between an upload tag and import tag is the empty directories
<nacc> rbasak: --^ ?
<rbasak> We could, but is it worth it?
<nacc> dunno
<nacc> just a thought, as right now, we're discarding relatively valid upload tag data
<nacc> (from rich history)
<rbasak> I'd like to spend the effort fixing empty directories properly by adding support for them to git, but admittedly that's considerably harder.
<nacc> yeah :)
<rbasak> In any case, I think improving empty directory handling is quite far down my priority list at the moment.
<rbasak> I spent the effort on the workaround on the hope that I'd be able to put it away for a while.
<ahasenack> which workaround?
<ahasenack> the commit guard?
<rbasak> Yes, but also that the importer does actually import the empty directories.
<ahasenack> btw, apache has these 2 empty dirs:
<ahasenack> docs/manual/style/lang
<ahasenack> docs/manual/style/xsl/util
<ahasenack> so, it's a given the rich history will always be discarded in such cases?
<rbasak> At the moment, yes. Unless you restore the empty directories in your own commits.
<rbasak> (which there isn't tooling to do)
<rbasak> It's not discarded, btw, just not incorporated.
<rbasak> The upload tag will still be present and you can still rebase from it.
<ahasenack> ok
<nacc> yeah, sorry, 'discard' was the wrong word
<nacc> 'not used' :)
#ubuntu-server 2018-07-31
<jak2000> hi all my Box always start in recovery mode..... need type Ctrl-d for maintentance, how to fix? i do an cat /etc/fstab i try "fcks /dev/pve/root" but say its mounted.... thanks
<jak2000> hi all, how to fix: https://imgur.com/a/3DpEANH    any advice?  thanks
<cpaelzer> good morning
<punkgeek> why I get this error? https://paste.ubuntu.com/p/5zNcjDbRJQ/
<jamespage> coreycb: http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/rocky_versions.html up and running
<tomreyn> how do i get the currently in use nameservers on 18.04?
<tomreyn> this is ubuntu server / systemd-networkd
<tomreyn> "systemd-resolve --status" - got it.
<TvL2386> just found that out :)
<TvL2386> you won :)
<Checkmate> Hi is there any way to block brute forcing files on the server or website?
<eugenio> Hi in the 18.04 server installer I cannot find the RAID choice at the disk partition stage, am I wrong? I need to install a software raid, how can I solve
<rbasak> eugenio: use 18.04.1, or see https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes#Server_installer
<Ussat> Has the issue with the 18.04.1 not showing all repos been fixed ?
<rbasak> Ussat: do you have a bug reference?
<Ussat> I saw it here yesterday, but I dont, sorry :(
<Ussat> I mean, its not a huge deal for me, I can always continue to use the 18.04 iso and just update from that for my builds
<tomreyn> I'm trying to use a quem-KVM hosts' VG as a KVM pool as discussed here https://serverfault.com/questions/352641/how-can-i-use-the-hosts-lvm-vg-as-a-kvm-pool
<tomreyn> but the existing volume group doesn't have a device node such as /dev/vg-main, so i don't know what to use as --target
<tomreyn> ubuntu doesn't create device nodes for VGs, or does it?
<tomreyn> this is an 18.04 host
<eugenio> rbasak, I have already tried with the 18.04.1, but I had the same problem
<rbasak> tomreyn: look in /dev/mapper/
<tomreyn> rbasak: no VGs there
<tomreyn> just LVs
<rbasak> tomreyn: oh, right
<rbasak> You want to know what VGs you have?
<tomreyn> i know which VGs i have
<tomreyn> i need to know what to provide to the --target parameter to the pool-define-as command to use the existing VG
<rbasak> I'm not aware that VGs have ever had device nodes. That seems odd to me. All the commands I've ever used just take VG names.
<tomreyn> apparently, other systems (redhat'ish, i guess) do have device nodes for volume groups. i would not know how to create one using mknod, otherwise i'd just do that
<tomreyn> look at the serverfault link i posted
<rbasak> Does it work if you give it the plain name without a path?
<tomreyn> i didnt try, but then i dont see how pool-define-as would know that this is an LVM2 VG
<tomreyn> on the serverfault.com post, the person asking has a VG named "vg_fluke", and needs to use --target /dev/vg-main
<tomreyn> on the serverfault.com post, the person asking has a VG named "vg_fluke", and needs to use --target /dev/vg_fluke
<rbasak> I wonder if you can create the storage pool directly defining it by XML which might include the type.
<tomreyn> hmm maybe '--type logical' actually means 'LVM2 VG'
<tomreyn> editing the XML yould also work, maybe
<rbasak> cpaelzer: I'll take ahasenack's bind9 review. I think you've taken the other two?
<tomreyn> gnah, ok, --type logical == LVM VG, and it was as simple as: virsh pool-define-as --name my_vg_name --type logical
 * tomreyn thinks too much
<cpaelzer> rbasak: yes
<ahasenack> rbasak: when you have a moment, could you please check the ndctl and pmdk import? It's behind in cosmic. I think you mentioned we would have to update the snap on the bastion host to have this automatically done, since these are universe packages
<rbasak> Sorry, you mentioned that already. I'll add a card to remind myself.
<ahasenack> thanks
<rbasak> ahasenack: you need sponsorship for bind9 I think?
<ahasenack> rbasak: correct, I do
<rbasak> ahasenack: pmdk/ndctl should be up to date now and I think should stay up to date (whitelist has made it to the running importer service)
<ahasenack> rbasak: just checked, they are, thanks
<ahasenack> rbasak: nacc found an old MIR for protobuf for me the other day: https://bugs.launchpad.net/ubuntu/+source/protobuf-c/+bug/801735
<ubottu> Launchpad bug 801735 in protobuf-c (Ubuntu) "[MIR] protobuf-c" [Undecided,Fix released]
<ahasenack> it was accepted, the package made it briefly into main, then back into universe
<ahasenack> https://launchpad.net/ubuntu/+source/protobuf-c/+publishinghistory very odd
<ahasenack> (wrt to the new bind9 delta)
<cryptodan_mobile> how would get an updated lamp stack on ubuntu server 14.04.2 i need php5.6 or newer
<whislock> cryptodan_mobile: The general recommendation would be to update to a newer LTS release that includes 5.6 or newer by default.
<cryptodan_mobile> i cant ubuntu server 14.04.2 is stable as all others produce the aacraid issue
<whislock> And which issue is that?
<cryptodan_mobile> the raid controller dropping and being unable to boot
<whislock> Given that I've used aacraid extensively on Ubuntu of many versions, I would ask if you've opened a case with Microsemi.
<whislock> Because sticking with 14.04 isn't going to be viable for long. It only has about nine months of support left.
<cryptodan_mobile> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1777586
<ubottu> Launchpad bug 1777586 in linux (Ubuntu Bionic) "Ubuntu Server 18.04 LTS aacraid error" [High,Confirmed]
<cryptodan_mobile> that bug
<cryptodan_mobile> goes all the way back to 14.04.5 kernel 4.4 and newer
<whislock> I assume you've tried updating the card's firmware, and setting the I/O scheduler to noop?
<cryptodan_mobile> ive tried the noop no impact, and still trying to find out how to do the upgrade via floppy or cd the card is on the dell pe4600 motherboard
<whislock> Because honestly, if you're specifically sitting on the 14.04.2 kernel, you're already out of security support for that kernel.
<whislock> Which I understand is less important than a running system, but still hardly ideal.
<cryptodan_mobile> i know
<whislock> If it's an integrated storage controller, I think it's a BIOS update. Let me dig into the Dell docs.
<simion314> hi all, is it ok if I ask a question about the mysql-server here even if I am having issues on a Kubuntu 18.04 dev machine?(not a server)
<whislock> cryptodan_mobile: Perc 3/Di?
<cryptodan_mobile> yes
<cryptodan_mobile> its funny the bug only presents when i start i/o on the system. installs nicely but as soon as i do updates the driver takes a dump
<whislock> cryptodan_mobile: It's going to be floppy based. Does it have a removeable memory card on the controller?
<whislock> simion314: Can try to help, no promises. :)
<cryptodan_mobile> it hs a floppy drive
<whislock> cryptodan_mobile: Can you PM me the service tag for the system so I can pull the right docs?
<cryptodan_mobile> whislock: https://www.dell.com/support/home/us/en/19/product-support/servicetag/8llqq41/drivers
<simion314> whislock:  thank you, so the scheduled dist-upgrade hanged on the mysql-server package, now dpkg,apt and attempting to restart or start mysql will hang in the terminal, attempting to fix the dpkg error I get this  https://paste.ubuntu.com/p/wKNcb4HTXq/   but the dpkg does not exit
<whislock> simion314: I can't promise that anything I have you do won't eat your data.
<simion314> whislock: I also noticed in some output that mysql package post install scripts are erroring are hanging
<whislock> cryptodan_mobile: I think there's an option that doesn't require a floppy.
<whislock> cryptodan_mobile: https://downloads.dell.com/scsi-raid/PE4600_RAID_FRMW_LX_R168389.BIN
<whislock> cryptodan_mobile: That's a Linux-executable binary that should get the job done.
<whislock> https://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=DYPXK
<whislock> simion314: Are you worried about retaining the data in the database?
<simion314> whislock: a bit, I mean it may take me a while to restore it, are you thinking on attempting an apt purge ?
<whislock> simion314: No, I'm thinking of running a mysql_upgrade --force
<whislock> But I can't promise that that won't be destructive. :(
<simion314> whislock: ok, it is test data so is not important to keep it
<whislock> You can give it a try.
<whislock> And then try to restart the mysql service, and see if things go better.
<simion314> whislock: the problem is dpkg is still running there in terminal, if I kill it then I get all those lock files
<whislock> Oh, nasty.
<whislock> So dpkg is just frozen, huh?
<rbasak> If it's hung please report the output of "ps axf" or similar.
<simion314> whislock: I get Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) while connecting to the MySQL server
<simion314>  same if I try to run mysql
<simion314> rbasak: I am not sure if is frozen or waiting for something
<simion314> rbasak: here is the output you ask, thanks https://paste.ubuntu.com/p/K6qdyS6Zy2/
<whislock> Looks like it's actively working with mysql.
<simion314> whislock: it is waiting on the post install scripts
<rbasak> simion314: check /var/log/mysql/error.log, but my guess would be that your MySQL installation is broken somehow.
<simion314> btw /var/lib/dpkg/info/mysql-server-5.7.postinst conf is empty, is this normal ?
<simion314> rbasak:  I found this in the error.log https://paste.ubuntu.com/p/zN4rVsPvCr/ mayb ethat lock file is the problem, or just a sympthom, I do not know it's absolute path so  I will search for it
<cryptodan_mobile> how would i update the firmware i bashed it and extracted the files and ran the only file with setup in it and im getting typeset found errors
<whislock> cryptodan_mobile: "bashed" it?
<cryptodan_mobile> bash filename.bin
<whislock> And what did it extract?
<cryptodan_mobile> a bunch of files that should allow you to flash the firmware
<whislock> Pastebin a listing?
<cryptodan_mobile> once my ssh connects
<cryptodan_mobile> http://termbin.com/kv9h
<whislock> And what error did it give you?
<simion314> rbasak: I rebooted, then I go in mysql from CLI all works, then if I try to run apt it tells me to do the reconfigure -a thing ro fix the not closing properly issue, the reconfigure runs the mysql post install script and hangs there and mysql stops working, could it be a packaging issue?
<cryptodan_mobile> it now updating
<cryptodan_mobile> i assume its complete when it returns me to a prompt with no errors
<whislock> One assumes!
<cryptodan_mobile> i have a newer hp proliant ml350 coming to replace it but one cpu and no drives will be awhile till i get drives and the cpu
<whislock> With the new firmware, I'd try a newer kernel. See what happens.
<cryptodan_mobile> it booted up lol
<whislock> It's a start. :P
<cryptodan_mobile> yup
<cryptodan_mobile> now how to tell the firmware version from cli
<whislock> arcconf GETCONFIG 1, iirc
<cryptodan_mobile> ive tried that but nothing prints
<TJ-> cryptodan_mobile: it might be reported in dmesg when the driver loads
<cryptodan_mobile> looks like it didnt update
<whislock> What's the reported version?
<cryptodan_mobile> Package version: 2.8.1.7692 Installed version: 2.8.0.6082
<whislock> Huh. Weird.
<biberao5> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<biberao5> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<biberao5> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<biberao5> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
 * whislock facepalm
<obserd282> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<obserd282> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<obserd282> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<obserd282> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<whislock> cryptodan_mobile: Did the firmware update error out at all? Is there a verbose option?
<cryptodan_mobile> no errors and i didnt see a verbose option
<TJ-> cryptodan_mobile: what command did you use to update ?
<TJ-> cryptodan_mobile: I recall the one I used wwas very verbose
<cryptodan_mobile>  bash spsetup.sh
<TJ-> cryptodan_mobile: did you read the spUtilityHelp.txt ?
<cryptodan_mobile> yeah im not running openmanage
<teward> rbasak: this was a while back we discussed this, but did we want to switch the non-LTS interim releases so that when we have NGINX in them we track Mainline, or do we want me to stick to stable branch?
<teward> I think we had Mainline because it allowed 'newer features' and such to be available for testing in those 9-month releases
<teward> s/testing/usage/
<luisoliv> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<luisoliv> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<luisoliv> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<luisoliv> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<cryptodan_mobile> what is the systemid for the -i option for the sputility.bin
<cryptodan_mobile> TJ-: http://dpaste.com/098PXRK that is what i get the -n is to skip security validation
<TJ-> cryptodan_mobile: looks like the script has some syntax problems with bash
<TJ-> cryptodan_mobile: what is the file's shebang line (it's first line) ?
<cryptodan_mobile> its !#/bin/sh and running it with sh just errors out
<whislock> You should just be setting its executable bit and running it as a binary.
<whislock> When you say it "errors out," what is the error?
<TJ-> all the problems seem to be in ./AdaptecPIE.sh
<letty121019> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<letty121019> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<letty121019> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<sawdey21> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<sawdey21> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<sawdey21> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<sawdey21> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<Ussat> sigh....
<18VAESHKI> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<18VAESHKI> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<18VAESHKI> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<18VAESHKI> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<cryptodan_mobile> TJ-: and whislock http://dpaste.com/0S07CS6 errors when running it as a binary
<whislock> I've seen that before when running shell scripts in Ubuntu. Bash is your only option. :/
<whislock> (That I know of.)
<nacc> yes, typeset is not POSIX
<nacc> it's a bash-ism
<ahasenack> how can I make this badtest apply to 1.8.5 entirely?
<ahasenack> force-badtest ocfs2-tools/1.8.5-3ubuntu1/s390x
<ahasenack> just remove -3ubuntu1?
<iw00t20> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<Steinsplitter128> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<Steinsplitter128> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<ahasenack> rbasak: around? The changelog at https://launchpad.net/ubuntu/+source/bind9/1:9.11.4+dfsg-3ubuntu1 looks wrong, it's the whole hsitory of the package, was the wrong -v used when preparing this upload?
<iw00t1017> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<cryptodan_mobile> whislock: nacc how do i run it?
<nacc> cryptodan_mobile: /bin/bash /path/to/script or modify it to use a !#/bin/bash shebang
<cryptodan_mobile> im not a scripter
<whislock> First line. Change /bin/sh to /bin/bash.
<whislock> The first line should look like: #!/bin/bash
<cryptodan_mobile> changed an ran no errors
<cryptodan_mobile> yeah i think i need to find away to update via cd
<RussellB280203> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<RussellB280203> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<rbasak> ahasenack: yeah I noticed that. I think the -v must have been wrong. I thought I'd copied and pasted it. If it wrong then IIRC it ends up taking the whole lot or something.
<ahasenack> rbasak: was that with g-u build-source?
<steev11> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<jak2000> hi all my Box always start in recovery mode..... need type Ctrl-d for maintentance, how to fix? i do an cat /etc/fstab i try "fcks /dev/pve/root" but say its mounted.... thankshow to get macadress ?
<jak2000> sorry
<jak2000> how to get macadress ?
<TJ-> jak2000: "ip link show"
<mcspud10> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<mcspud10> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<cryptodan_mobile> TJ-: changing shebang didnt work
<nacc> cryptodan_mobile: what? You said earlier that you changed the shebang and it worked, no errors
<cryptodan_mobile> it ran no errors but no firmware update
<TJ-> cryptodan_mobile: I think the script, or the tool, is silently terminating early
<nacc> bash -x may help
<ululate21> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<ululate21> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<ululate21> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<ululate21> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<m712255> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<m712255> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<m7121529> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<18WAA44ZW> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<18WAA44ZW> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<rikai2510> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<18WAA44ZW> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<rikai2510> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<18WAA44ZW> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<rikai2510> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<rikai2510> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<cryptodan_mobile>  it failed
<cryptodan_mobile> it doesnt say why either
<mort2> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<mort2> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<mort2> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<mort2> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<Schroeder1222> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<Schroeder1222> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Waldo20> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<Waldo20> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Waldo20> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<Waldo20> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<cryptodan_mobile> im going to have to try from a live ubuntu session from a usb drive
<SlowJimmy> dear freinds, hello! I have reinstalled ubuntu18.04 on my server style home pc... and i kept every partition intact aside from root style folder which i formated and then installed the new installation on...now i want to remount my old partitions and the flders on them like home and /tmp and the like... do i just use rsync to overwrite everything from my backup? do i just use etc/fstab and be done with it? if i do so /fstab editing ...then do i
<SlowJimmy> need to remove the pre-existing folders that came with installation? do i just empty them out?
<cryptodan_mobile> SlowJimmy: reinstall and on the partitioning side select use as ext4 but dont format and select the mount points that will do it for you
<SlowJimmy> too late i already overinstalled
<SlowJimmy> what about all the stuff in / that has changed?
<SlowJimmy> can i just overwrite with my rsync-style backup?
<SlowJimmy> cryptodan_mobile: would an etc/fstab-style manual edit work?
<arooni> how can i keep my DISPLAY variable set correctly (needed for x11 forwarding) when i use tmux?  it seems when using tmux from different machines or ssh sessions display variable is different each time
<cryptodan_mobile> SlowJimmy: youd need the guiids
<SlowJimmy> i got those
<SlowJimmy> they show up whenever i boot up from my live-usb
<SlowJimmy> it's part of the path name
<SlowJimmy> they also come out with bulkid command
<cryptodan_mobile> itll be far easier to just reinstall and do the above
<SlowJimmy> ok but what does the etc fstab need to find in root for all the mounted folders that are other partitions?
<SlowJimmy> like say /home do i need to create such a folder?
<SlowJimmy> like an empty folder? hardlink? symlink? no folder? leave the folder that the installer put there?
<cryptodan_mobile> SlowJimmy: those would be crested at partition time
<Venusaur15> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<nacc> SlowJimmy: how many partitions do you have? i'd assume only a few
<planetmaker25> <+SP9002_@efnet> so, he wants the win. so we're just gonna get lunch or something, then hes gonna push me to the ground and tap my ass with his foot so he can claim he "kicked my ass" tbh im going along with it becase I dont wanna lose any teeth
<planetmaker25> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<SlowJimmy> cryptodan_mobile:  so best to remove all yet to be mounted partions and the according folders?
<cryptodan_mobile> SlowJimmy: so what is mounted currently
<cryptodan_mobile> i asked on dell for my firmware upgrade they said install centos or red hat then update
<TJ-> cryptodan_mobile: that's crazy!
<cryptodan_mobile> so i will once they reply with any version
<tomreyn> there are centos live cd images, e.g. CentOS-7-x86_64-LiveGNOME-1804.iso
<cryptodan_mobile> yup but its 32bit
<cryptodan_mobile> not 64
<tomreyn> 32-bit server?
<tomreyn> dell actually provides apt repositories for ubuntu to install firmware updates to (some but probably not all moderls of their) servers
<cryptodan_mobile> dell pe4600
<tomreyn> this seems to be EOL from dell's perspective
<cryptodan_mobile> it is trying to update firmware to see if it mitigates aacraid going offline in newer distros
<tomreyn> https://packages.ubuntu.com/search?keywords=firmware-addon-dell
<tomreyn> https://wiki.ubuntu.com/DellBIOS
<tomreyn> http://sysadmin.wikia.com/wiki/PERC_firmware_upgrade_on_debian
<cryptodan_mobile> is there one for the raid controller.  i dont have sasdupie
#ubuntu-server 2018-08-01
<cryptodan> 10 minutes on CentOS 7 ISO
<compdoc> pretty horrible, huh?
<cryptodan> not for 8gigs
<Bahhumbug21> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<bast-anon> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<alekz18> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<grumble5> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<drathir19> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Maple__3> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<NSCLRP-1> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<NSCLRP-1> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<NSCLRP-1> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<ipv614> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<ipv614> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<ipv614> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<Ks0stm20> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Ks0stm20> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<Ks0stm20> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<AlwaysHigh13> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<AlwaysHigh13> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<AlwaysHigh13> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<p3pp3rb0x> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<p3pp3rb0x> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<p3pp3rb0x> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<macky21> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<macky21> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<macky21> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<AimHere9> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<tigrmesh21> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<NightMonkey7> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Vorpal7> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<r0bby21> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<r0bby21> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<n0nada5> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Meanderthal28> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Guest58264> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<ketas3> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<radiofree3> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<vicenteH24> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<vicenteH24> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<vicenteH24> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<__idiot__> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<hexa-25> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<fford> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<fford> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<fford> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<PlasmaStar8> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<WikiPuppies24> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Ovius> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<__idiot__> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Simba0> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Simba0> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<ovoldemorto> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<ovoldemorto> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<ovoldemorto> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<meffe8> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<captain4220> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<captain4220> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<captain4220> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<orliesaurus18> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<evil> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Guest55639> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<ghormoon8> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Lord_of_Life0> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Lord_of_Life0> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<Our> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<rwg22> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<rwg22> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<christel8> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<mon9> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<sulvone0> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Contessa> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Olipro4> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<Olipro4> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<Olipro4> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<mniip23> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<siinus`7> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<siinus`7> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<siinus`7> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<Ellenor5> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<lutki_> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<marduk19120> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<marduk19120> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<marduk19120> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<Jovan13> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<gildarts_> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<gildarts_> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<gildarts_> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<badet0s2> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<chek9> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<chek9> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<chek9> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<Doow> !ops There's a lot of spam going on atm.
<ubottu> Doow: I am only a bot, please don't think I'm intelligent :)
<usrX> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<lutoma13> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<rbasak> ahasenack: no, by hand
<Unit193> rbasak: Can we set this channel +r?
<rbasak> Unit193: I'm not an IRC op
<rbasak> (and don't know what it means)
<Unit193> rbasak: Means only registered can join.
<rbasak> It's not great because we do have quite a few drive by users looking for help here. But maybe it's necessary right now.
<Unit193> Yeah, that's why I haven't yet.  But you're a channel reg sooo..
<rbasak> What's a channel reg?
<Unit193> Channel regular.
<rbasak> Ah :)
<JamesR> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/
<JamesR> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<JamesR> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<rbasak> Unit193: let's do it
<rbasak> Unit193: I can give you a list of nicks I recognise from /names if that'll help
<Unit193> rbasak: I'd just either do the mute or +r for now.
<rbasak> Mute please
<rbasak> Thanks!
<tomreyn> eugenio: have you found the non-'live' ubuntu-server installer, yet?
<coreycb> jamespage: fyi heat is hitting this for py3.7: https://bugs.launchpad.net/ubuntu/+source/python3.7/+bug/1784854
<ubottu> Launchpad bug 1784854 in python3.7 (Ubuntu) "segfault in _abc__abc_instancecheck_impl at ../Modules/_abc.c:521" [Undecided,New]
<jamespage> coreycb: hurrah!
<ahasenack> rbasak: hey, got a bug against mysql filed from the iso qa tracker at http://iso.qa.ubuntu.com/qatracker/milestones/390/builds/177932/testcases/1404/results
<ahasenack> rbasak: it was filed because the created users and databases are different now in cosmic: https://pastebin.ubuntu.com/p/r4Ts5RwJj6/ compares the two
<ahasenack> rbasak: differences are that the "test" mysql db is gone, replaced by one called "sys", and the created users are different
<ahasenack> I think it's ok to update the test to cope with the new output, but wanted to check your opinion
<nacc> ahasenack: fyi, i'm wondering about something. https://github.com/apache/httpd/tree/trunk/docs/manual/style/lang is no longer empty (if it was before) and neither is https://github.com/apache/httpd/tree/trunk/docs/manual/style/xsl/util (says some of those files are 16 years old)
<nacc> ahasenack: are they due to dfsg?
<nacc> oh wait, not dfsg -- so why is the latter empty in the orig/git?
<ahasenack> nacc: you mean it's not empty in the upstream tarball?
<ahasenack> have to check the upstream tarball for the release we are shipping
<SlowJimmy> nacc only a few
<SlowJimmy> nacc i have /tmp /home /arbitrary
<ahasenack> do do I upload a new debian-installer-udebs?
<ahasenack> it's in a different component: main/debian-installer
<ahasenack> I need it rebuilt because of the bind9 lib soname bump
<ahasenack> it currently has a depends on libdns-export1100-udeb
<ahasenack> and the new lib is libdns-export1102-udeb
<ahasenack> nacc: upstream tarball:
<ahasenack> ubuntu@cosmic-bind9-merge-9114:~$ tar xjf httpd-2.4.33.tar.bz2
<ahasenack> ubuntu@cosmic-bind9-merge-9114:~$ find httpd-2.4.33/ -empty
<ahasenack> httpd-2.4.33/.deps
<ahasenack> httpd-2.4.33/docs/manual/style/xsl/util
<ahasenack> httpd-2.4.33/docs/manual/style/lang
<RoyK> !pastebin | ahasenack
<ubottu> ahasenack: For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<ahasenack> RoyK: sorry
<RoyK> ahasenack: no worries - we all do that sometimes - usually not often, since several channels have bots that kick you or it ;)
<ahasenack> rbasak: back yet?
<nacc> ahasenack: i meant in the git repository
<nacc> so why is it not being tarred up?
<ahasenack> Â¯\_(ã)_/Â¯
<SlowJimmy> nacc only a few
<SlowJimmy> nacc i have /tmp /home /arbitrary
<nacc> ahasenack: ack
<nacc> SlowJimmy: why are you mounting /tmp as a real fs?
<nacc> SlowJimmy: if it's just /home, you can just boot into the recovery, clear out /home (if you want) and set up fstab
<nacc> SlowJimmy: I don't know what you have on /arbitrary, but that's not a regular root directory, so doesn't exist yet (mkdir it from the recovery as well, and then set it up in fstabl)
<SlowJimmy> nacc: I am mounting a physical tmp to prevent server crashes when it's full
<SlowJimmy> nacc:  this home thing you said is brilliant saves me a lot of headaches
<SlowJimmy> so basically i wanna have empty folders for my mounts
<SlowJimmy> ext for swap of course
<nacc> SlowJimmy: yes; you could also leave them as-is, but then you are using disk space that you can't really see (depending on how much you've already used on the system)
<nacc> SlowJimmy: and ack on the /tmp then
<maret> hi I've installed service on ubuntu server, I've opend the port in ufw but I still can't connect to it from outside  here is output of  netstat locally , ufw status and nmap https://www.pastiebin.com/5b61ff8f32e32
<RoyK> maret: well, 9696/tcp only listens on localhost, not the open address - quite probably your problem ;)
<whislock> maret: 1. netstat is deprecated, use ss going forward. 2. Your service is bound to localhost, and can't be accessed over the network.
<whislock> Sniped!
<RoyK> whislock: netstaat still works, though ;)
<whislock> So do telegraphs.
<whislock> Technology moooooooves.
<RoyK> not very well
<maret> whislock: RoyK  thanks just realized that. so is this something which is set on the service level or server level?
<whislock> maret: Service level.
<RoyK> I use ss myself - but then - the old tools sometimes work just as well
<whislock> RoyK: It's more and more common that netstat, et al., aren't included by default, so I try to nudge people to use the iproute2 stuff that's definitely going to be present.
<RoyK> maret: the service listening on this port, probably has a setting for which ip it should bind to
<RoyK> I guess iptables is next out the window :)
<RoyK> have they started porting ufw to nftables, or will there be something new again?
<whislock> Not sure there.
<RoyK> nftables looks good, though - somehow the same jump (or more) than from iptachains to iptables
<jdstrand> RoyK: I've long planned to add an nftables backend to ufw. I don't think iptables will be gone any time soon (as much as the netfilter community might like that) since there is so much inertia around iptables
<RoyK> jdstrand: agreed - with the ipchains/iptables move, ipchains wasn't compatible with the by the new kernel (was it 2.2?) - with nftables/iptables, compatibility is still in kernel and will probably stay there for some time unless Linus has a fit
<whislock> Is there perceived to be a big drawback to iptables?
<RoyK> iptables works well
<RoyK> and ufw is an iptables wrapper
<jdstrand> RoyK: yep
<RoyK> it's just that nftables does things better and integrates all of the filtering in one utility, from link layer and up, on all protocol, which is a good idea
<jdstrand> yeah. it is cleaner, but iptables is proven in the field (not that nftables isn't, just saying iptables is still very useful)
<RoyK> I guess we agree on most of this
 * RoyK prints out a small crow
<rbasak> ahasenack: back now
<ahasenack> rbasak: time for bed! :0
<ahasenack> :)
<ahasenack> rbasak: can you merge into hints-ubuntu?
<ahasenack> (since you are here)
<rbasak> No, only for stable releases, sorry.
<ahasenack> ok
<ahasenack> rbasak: https://bugs.launchpad.net/ubuntu/+source/ndctl/+bug/1781268 since ndctl doesn't exist in bionic, would this sru have to be handled by an archive admin?
<ubottu> Launchpad bug 1781268 in ndctl (Ubuntu) "SRU ndctl into Bionic" [Undecided,In progress]
<ahasenack> or both? First an AA, then an SRU team member? Or the other way around?
<ahasenack> it would go under some sort of "hardware enablement" reasoning
<rbasak> Best put the HWE justification in the bug description
<rbasak> I think it needs both SRU and AA review.
<rbasak> I don't think there's clear consensus from TB/release team etc. people as to whether the AAs actually need to review or consider the SRU team's review good enough.
<ahasenack> ok, let's cross that bridge when we get to it
<rbasak> Someone (I forget who)'s logic was that if it's already been AA reviewed in the development release and there's no reason to consider it different for a backport to a stable release then an AA review isn't need as it's already done.
<rbasak> needed
<rbasak> Anyway, get it uploaded with all the right paperwork and we'll see what queue it hits first. I'll guess Unapproved and then New :)
<ahasenack> deal
#ubuntu-server 2018-08-02
<eugenio_> hi during the ubuntu server 18.04 installation I setup two raid1. one for sda1+sdb1 = md0 as / and the second sda2+sdb2 = md1 as /home. However, I was not able to setup md0 as bootable partition, and then I got busybox-initramfs error, can you help me?
<jamespage> morning cpaelzer
<jamespage> I was going to drop the 32 bit archs from ceph for cosmic; however I then realized how may reverse-depends there are of librados and librdb
<jamespage> so putting them back but it will take me a while to sort out the 32 bit builds...
<cpaelzer> hi jamespage
<cpaelzer> thanks for the FYI
<cpaelzer> is there anything on this you need me to do?
<cpaelzer> jamespage: you reming me that I wanted to ask you if you think https://mail.openvswitch.org/pipermail/ovs-dev/2018-August/350437.html is a problem or if we can just wait for things to get into the usual released versions
<cpaelzer> actually I just checked the latest packaging branch and we don't have the broken code
<cpaelzer> so it might only be an issue if merging a newer upstream which has the bad code but not yet the fix
<cpaelzer> what are the openvswitch current plans for now jamespage?
<jamespage> cpaelzer: I was working on 2.9.2 but having trouble with testsuite reliablility
<jamespage> oh no I did upload that already
<cpaelzer> the offending patch of the issue I mentioned is of a few days ago
<cpaelzer> and not yet released
<cpaelzer> so it would be resolved on 2.9.3 or any other new versison I'd think
<cpaelzer> yeah I see 2.9.2 in proposed
<cpaelzer> is it hanging on said testsuite issues?
<mwhudson> jamespage: hey, do you know anything about ceph not building extensions for python3.7?
<mwhudson> huh uh forcing use of gcc-7 on arm because of bugs in gcc-6 seems out of date :)
<jamespage> mwhudson: hmm
<jamespage> mwhudson: I do not
<jamespage> mwhudson: we can probably drop the gcc-7 bits for arm64 now
<jamespage> that was more for the auto-backports to xenial
<jamespage> which for mimic (as in cosmic) is not a concern
<mwhudson> jamespage: maybe it should just not depend on python3-all-dev then :)
<mwhudson> would be the easiest way to get it off http://people.canonical.com/~ubuntu-archive/transitions/html/python3.7-add.html
<cryptodan> nacc: whislock I just read something interesting: https://www.dell.com/support/home/us/en/04/drivers/driversdetails?driverId=X3P75 look at D703 referencing drive taken offline under certain circumstances.  I have D703 drives in my server
<cryptodan> nacc: whislock and yup my drives are listed under that firmware fix for the drives.  So I will create a bootable cd in windows and update the firmware on all my drives then do a test of ubuntu 16.04 this weekend and see if I have the same issues
<nacc> cryptodan_mobile: seems reasonalbe
<leftyfb> I'm trying to run a PXE install on a UEFI client. I've got the PXE install working fine on BIOS clients, but the furthest I can get with UEFI is booting using the grubnetx64.efi.signed and being dumped to a GRUB prompt. Do I really need to rewrite my pxelinux.cfg in grub for this to all work for UEFI clients?
<leftyfb> hi nacc :)
<genii> leftyfb: Maybe look at https://www.syslinux.org/wiki/index.php?title=PXELINUX#UEFI for ideas
<nacc> leftyfb: does that imply it's simply not loading a config file?
<leftyfb> nacc: yeah, it's looking for grub/grub.cfg among some other grub files
<leftyfb> I don't even have a grub at all. Up until now it hasn't been necessary
<nacc> leftyfb: can you describe the config of your BIOS clients?
<leftyfb> nacc: https://pastebin.ubuntu.com/p/szs9xYNvMT/
<leftyfb> that's my pxelinux.0/default
<leftyfb> not sure what other config you're looking for
<leftyfb> sorry, pxelinux.cfg/default
<nacc> leftyfb: so direct boot of kernel?
<leftyfb> yep, not need for interaction. It's all done headless
<leftyfb> not/no
<nacc> leftyfb: and what file is being serv ed over dhcp?
<leftyfb> pxelinux.0 for BIOS clients
<nacc> leftyfb: i think you need to server out some efi file, iirc
<nacc> syslinux.efi ?
<nacc> and then can do the same config file, iirc
<leftyfb> I'm trying that now
<leftyfb> from genii's link
<nacc> ah yeah, that's what i'm remembering
<leftyfb> I HATE EFI btw
<leftyfb> until now I've always had the option of disabling it
<nacc> other than this, what is particularly different?
<leftyfb> are you kidding?
<nacc> leftyfb: I mean, in practice, I don't know why you "hate EFI"
<leftyfb> it's a massive mess working out how to do different installations with EFI
<leftyfb> it's always a mess every time I attempt it
<nacc> is that because folks aren't spec compliant?
<leftyfb> no idea
<leftyfb> And if that's the case, then it's still a mess. The blame might not be on EFI, but on the vendor. But in the grand scheme of things, that doesn't make my stuff work :)
<nacc> right
<nacc> i just recall seeing the same thing with BIOS before
<cryptodan> I have 2 machines with EFI and it was painless to setup.  one machine is dual boot with windows 10 and linux mint
<leftyfb> "works for me" doesn't help people who have issues
<cryptodan> on my lap top I had to change it from booting the windows efi boot manager to booting the ubuntu efi manager in the bios
<eugenio_> hi, I'installing ubuntu-server18.04, the installation hangs at update-grub, do you know why?
<leftyfb> EFI problems? ;)
<eugenio_> leftyfb, did you answer to me?
<moffa> Anyone know why http_proxy variable isn't used unless its run on the command as apt? (ubuntu 18.04) It makes no sense
<nacc> moffa: evidence?
<moffa> Well, just experience. When I run sudo echo $http_proxy, the variable is shown. But apt will hang.  If I run http_proxy=http://proxyinfo apt-get update it works
<moffa> blah it was the sudoers file, I didn't a space between http_proxy and https_proxy not sure why it still echo'd the variable but its fixed.
<pztrick> Any word on when http://changelogs.ubuntu.com/meta-release-lts will point to 18.04 point release?
<pztrick> This file is used by server installs to check for next LTS release.
<pztrick> AFAIK
<tomreyn> pztrick: that's right, and no, not known, but 'soon'
<hehehe> hi sarnold
<hehehe> are u here?
<hehehe> i was playing with that abandonware more :D
<hehehe> hehe
<hehehe> it uses a lot of outdated packages
#ubuntu-server 2018-08-03
<cryptodan_mobile> nacc: whislock drive firmware update success
<ahasenack> rbasak: hi, can you do bug nominations?
<ahasenack> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1583324
<ubottu> Launchpad bug 1583324 in samba (Ubuntu) "Samba won't start when an include statement in smb.conf has a variable substitution " [Medium,In progress]
<ahasenack> or rather, accept them
<rbasak> ahasenack: done (without even reviewing, because IMO you're perfectly competent to decide that for yourself)
 * rbasak ponders writing a bot to auto accept nominations from specific people
<ahasenack> rbasak: thanks
<eugenio_> how can I check in which partition grub2 is installed?
<computamike> I'm looking at spinning up a vagrant box - trying my hand at chef.  I'm a bit dubious about the trustworthyness of these images - for example there is an ubuntu/precise64 Official image - but that went out of support last year.  Anyone got any guidance?
<rbasak> computamike: why Precise?
<rbasak> It's EOL.
<rbasak> Or have you been unable to find a more recent official vagrant image?
<computamike> rbasak: that's my point - I wasn't sure if the official images are being maintained by canonical, or if someone has just uploaded them
<rbasak> I think there has been some interaction in the past. I don't know of current status. Odd_Bloke or gaughen ^ might know
<computamike> rbasak: the current list of boxes is here : https://app.vagrantup.com/ubuntu
<computamike> rbasak: I'm assuming that ubuntu is like the official canonical/ubuntu project boxes, and not some black hat who registered the name ubuntu
<rbasak> I'm pretty sure it's legit, but I don't know how to confirm that.
<rbasak> computamike: https://blog.ubuntu.com/2016/01/05/celebrating-over-10-million-vagrant-ubuntu-downloads
<rbasak> If that helps
<computamike> rbasak: I also found that if you look at the details of an image it says that it is externally hosted at cloudimages.ubuntu.com
<computamike> rbasak: cheers for the help - i'm going to try a bionic machine and see how I get on
<gaughen> rbasak, computamike those are legit, but I got delayed in my reply because of all those old images. I'll followup with the team, looks like we need to add a step to our EOL process.
<computamike> gaughen: cool - thanks for that :)
<Nivex> Any news on when do-release-upgrade from 16.04 to 18.04 will be enabled?
<leftyfb> ^ that's actually a good question. I thought it was supposed to match up with the 18.04.1 release
<nacc> leftyfb: i think there was/is some issue with the upgrade tool, but not sure
<ahasenack> rbasak: considering just the "squid" (not squid3) source package, ubuntu's latest release there was squid (2.7.STABLE9-4ubuntu4) oneiric; urgency=low
<ahasenack> rbasak: and that's the git-ubuntu repo (squid) where debian/sid is pointing at squid-4.1
<ahasenack> so the last "squid" (not squid3) source package in ubuntu was 2.7, and had a delta. That's why it didn't sync?
<nacc> ahasenack: the bug has the explanation
<ahasenack> which bug?
<nacc> (the bug being https://bugs.launchpad.net/ubuntu/+source/squid/+bug/900741)
<ubottu> Launchpad bug 900741 in squid (Ubuntu) "Remove and blacklist squid" [Undecided,Fix released]
<nacc> ahasenack: the bug refereneced in the blacklist
<nacc> src:squid and src:squid3 should both be imported, fwiw
<nacc> afaict, in debian, binary squid3 is from src:squid now, as they are at 4.1, as you mentioned, ahasenack
<ahasenack> yeah, debian's squid-4 is building squid3 as a transitional package
<nacc> ahasenack: makes sense
<ahasenack> how could we proceed? Remove the block, let squid sync, and remove our squid3 source?
<ahasenack> asking for a friend :)
<nacc> ahasenack: it probably should have been fixed once src:squid started shipping squid3 binaries (if it did while squid3 also did)
<nacc> ahasenack: i'd need to look at all the binaries in question and makes sure they could be matched up properly
<nacc> my guess is at least some delta will be necessary to converge
<ahasenack> squid3 does have quite a bit of delta
<ahasenack> but that should be revisited anyway
<ahasenack> last time I merged that I was quite still focused in the merge process, and not necessarily trying to drop unecessary delta
<ahasenack> rbasak: your libnl3 and unixodbc cards in the roadmap board can be tagged with done, right?
<rbasak> ahasenack: ah yes. Labels tweaked, thanks.
<rbasak> ahasenack: we can always sync manually. So probably best to do it all and only then drop it from the autosync blacklist.
<ahasenack> what do you mean "do it all"?
<rbasak> I'm just concerned that it's a little late to be starting that now. Less than three weeks to feature freeze.
<rbasak> Generally sort it out. I'm not sure what's needed yet :)
<rbasak> (update to squid 4 that is)
<ahasenack> we could then just bump the minor to the latest upstream, but go ahead of debian in that process
<ahasenack> or leave it for the next cycle entirely
<rbasak> I have no objection to bumping the minor.
<ahasenack> ok
<rbasak> (it's just a question of effort vs. going for squid 4, etc)
<ahasenack> rbasak: I still don't quite understand how to use rebase to take advantage of the previous work in the apache merge
<ahasenack> rbasak: when I start with rebase -i old/debian, I get the 3 previous uploads listed as commits by git-ubuntu
<ahasenack> which I would normally take apart
<ahasenack> I can't start another rebase in there, because I'm already inside a rebase
<ahasenack> so let's say I "e" the first one, that's the 2.4.33-3ubuntu1 import
<ahasenack> I would normally do git reset HEAD^, and then proceed with the invidual commits. These I did before, and I can see them in the pkg/upload/2.4.33-3ubuntu1 upload tag
<ahasenack> but I can't run rebase again now
<ahasenack> maybe I should checkout each one of those "Import ..." commits, then rebase, and somehow glue them together again
<ahasenack> how about: checkout (a) ("Import patches unapplied ..."); reset HEAD^; discard; rebase;
<ahasenack> then cherry-pick (b); reset HEAD^; discard; rebase
<ahasenack> and so on
<nacc> ahasenack: sorry, you have broken up commits (your upload tags) for each version of ubuntu, right?
<nacc> ahasenack: so checkout to old/debian, cherry-pick the sequence of commits from old/debian->first upload tag; then the sequence of commits from first import tag to second upload tag... etc
<nacc> can use a simple wrapper aroudn git-rev-list to get the appropriate commits
<ahasenack> nacc: yeah, cherry-pick was my first thought, each one, but rbasak suggested a rebase
<ahasenack> which would get them all
<ahasenack> as I can give it a range
<ahasenack> and on what committish to apply it
<nacc> ahasenack: ah yes, you could selectively rebase
<nacc> it's functionally the same
<ahasenack> ok
<nacc> and then verify the diff is the same
<nacc> ahasenack: see the git-rebase manpage for the --onto option
<ahasenack> yeah
<nacc> you're basically taking topic branches and stitching them together, if that makes sense
<ahasenack> this was my first one:
<ahasenack>  git rebase --onto old/debian old/debian pkg/upload/2.4.33-3ubuntu1
<ahasenack> the first import after old/debian
<nacc> right, and then you'd 'save' that with a tag or branch locally
<nacc> and rebase the next tag onto that saved object
<nacc> (i think)
<ahasenack> that save is I think what I missed, it's the second time I'm going through this
<ahasenack> the state right now is correct, but it got lost when I repeated if for 3ubuntu2 and 3ubuntu3
<nacc> you could also use the hash, of course, but tags/branches are easier to type :)
<ahasenack> I missed --onto for 3ubuntu2 and 3ubuntu3
<nacc> right
<nacc> that's what we get to avoid when upload tags get used :)
<nacc> otherwise, it's the same as what gu-merge is doing under the covers
<ahasenack> git log looks now just what it was like when 3ubuntu1 was uploaded
<ahasenack> so that's good
<nacc> yep, tbh; i think you didn't need to rebase the first upload tag
<nacc> as it should be identical to what it was
<ahasenack> right, because right now it's like I just checked out that upload tag
<nacc> (since that's how the old merge was done, basically -- old/debian now is what was new/debian then)
<nacc> yep
<ahasenack> so...
<ahasenack> why don't I just checkout the upload tag for the current version in the archive
<ahasenack> ah
<ahasenack> n/m
<nacc> right :)
<nacc> you *could* do that, if each of your uploads used the upload history manually
<nacc> which technically you could have been doing
<ahasenack> it's just the first one that works "automatically" here
<ahasenack> the rest have the "Import patches unapplied ..." bits
<ahasenack> s/rest/subsequent ones/
<ahasenack> ok, continuing, let's see what I get
<rbasak> You only need to rebase the most recent upload tag, surely?
<ahasenack> there were 3
<rbasak> (for the purposes of a package merge)
<nacc> rbasak: none of the upload tags have upload tags in the history
<rbasak> Oh. I see.
<rbasak> OK
<nacc> rbasak: since none were integrated, if that makes sense?
<nacc> (due to empty dirs in this case)
<rbasak> Yeah
<rbasak> I get it now
<nacc> so you have to manually stitch together the sequence of upload tags
<nacc> ack :)
<ahasenack> sharpening git-foo skillz
<nacc> this is probably something we could do in gu-merge until empty dirs are fixed; as long as the upload<->import tags match along the history except for only empty dirs
<nacc> or at least help provide git- commands that should do what you need?
<ahasenack> I think it worked
<ahasenack> checked out upload/2.4.33-3ubuntu1
<ahasenack> then rebase --onto upload/2.4.33-3ubuntu1 import/2.4.33-3ubuntu1 upload/2.4.33-3ubuntu2
<nacc> yeah, that seems about right to me
<ahasenack> then rebase --onto <hash-i-am-at> import/2.4.33-3ubuntu2 upload/2.4.33-3ubuntu3
<nacc> yes, i think so
<ahasenack> about to run some checks
<nacc> that should give you a treeish that matches upload/2.4.33-3ubuntu3
<nacc> but with broken-out commits, i think
<ahasenack> ((c957d262...))andreas@nsnx:~/git/packages/apache2/apache2$ git diff pkg/upload/2.4.33-3ubuntu3
<ahasenack> ((c957d262...))andreas@nsnx:~/git/packages/apache2/apache2$
<ahasenack> diff is empty
<ahasenack> and I haz broken out commits
<ahasenack> time to \o/ ?
<nacc> cool :)
<nacc> you can check the treeish
<nacc> git diff-tree
<ahasenack> that? https://pastebin.ubuntu.com/p/TFTmpr4My5/
<nacc> yeah, is that accurate (local modifications to the debian directory)?
<ahasenack> git diff-tree HEAD pkg/upload/2.4.33-3ubuntu3 is empty
<nacc> cool
<ahasenack> without HEAD, it gives that output
<nacc> right, local tree vs. commited tree
<ahasenack> when using git rebase, is "--onto HEAD" the same as not passing --onto at all?
<nacc> "The current branch is reset to <upstream>, or <newbase> if the --onto option was supplied."
<nacc> and there is a bit about how upstream is derived if not specified on the cli
<ahasenack> ok
<ahasenack> ok, so after all this I should be ready to run git ubuntu tag --deconstruct
<nacc> ahasenack: i think it's equivalent, although the internal logic may be slightly different. it does depend a bit on what else you pass to rebase
<nacc> ahasenack: i think so, yeah
<ahasenack> thanks for the guidance
<nacc> ahasenack: np, it's at least somewhat still in my head :)
<ahasenack> :)
<nacc> ahasenack: may be worth MP'ing into the manpages
<ahasenack> I have a tips&tricks doc, that could become an faq in the future
<nacc> ahasenack: definitely
<nacc> ahasenack: and maybe in the 'other info' secitno of the main git-ubuntu manpage?
<nacc> or a link to a living doc otherwise
<ahasenack> yes
<ahasenack> this one will be needed multiple times in the future
<ahasenack> because many packages have the empty dir problem
<nacc> right
<bigpic> hey guys iâm firing up an 18.04 server for the first time
<bigpic> Iâve given it a 48gb disk
<bigpic> told it to use the entire disk with lvm
<bigpic> but itâs only creating a 4gb boot disk
<bigpic> screen shot: https://i.imgur.com/gqfCYiu.png
<bigpic> any ideas?
<nacc> bigpic: to be clear, that's a 4g *root* *logical volume*
<nacc> and no, i've not used the installer; is this the 'live' or the non-live iso?
<bigpic> yea itâs creating a 4g / a 1g /boot and leaving 43g free unpartioned
<ahasenack> that's the live one
<ahasenack> powersj: have you seen that? ^
<ahasenack> bigpic: those numbers were all automatically chosen?
<bigpic> yes
<ahasenack> that's not from a previous run by any chance?
<bigpic> fresh vm
<powersj> hmm
<powersj> let me take a look locally
<ahasenack> nacc: rbasak: I think it all worked, thanks again: https://code.launchpad.net/~ahasenack/ubuntu/+source/apache2/+git/apache2/+merge/352331
<ahasenack> we'll see on Monday when people look at it more carefully :)
<ahasenack> cheers
<tomreyn> bigpic: is this 18.04(.0) or 18.04.1?
<bigpic> i grabbed the ubuntu-18.04.1 iso around noon est
<powersj> LVM so it is .1
<powersj> and confirmed :\
<powersj> not good
<ahasenack> I didn't try the auto option :/
<powersj> I know I tried it
<powersj> but I guess I didn't look hard enough because the install will work
<powersj> the layout of course is flat out wrong
 * powersj files a bug against subiquity 
<bigpic> thx for looking into it.. iâll sit tight
<tomreyn> bigpic: do you know about the alternative server installer?
<bigpic> do share
<tomreyn> i.e. the 'classic' one
<tomreyn> https://www.ubuntu.com/download/alternative-downloads#alternate-ubuntu-server-installer
<tomreyn> - less fancy
<tomreyn> + works
<powersj> bug 1785321
<ubottu> bug 1785321 in subiquity "LVM Entire Disk option does not use entire disk" [Undecided,New] https://launchpad.net/bugs/1785321
<powersj> bigpic, thank you for taking the time to ask here
<nacc> ahasenack: nice :)
#ubuntu-server 2018-08-04
<tomreyn> the qwebirc person in #ubuntu has installed using the 18.04.1 server live installer, and ended up with fstab with the root file system saying pass_no = 0
<tomreyn> fs_passno
<tomreyn> another bug?
<tomreyn> other file systems were also 0. fstab(5) http://manpages.ubuntu.com/manpages/bionic/en/man5/fstab.5.html states "The root filesystem should be specified with a fs_passno of 1. Other filesystems should have a fs_passno of 2."
<tomreyn> their actual fstab: http://paste.ubuntu.com/p/ScBmr66SQH/
<tomreyn> how do i file a bug against subiquity?
<tomreyn> i got the issue above confirmed
<tomreyn> got it
<cryptodan> Well I got CentOS 5 installed on my server a PE4600 and the raid firmware will not flash
<tomreyn> so we got bug 1785354
<ubottu> bug 1785354 in subiquity "/etc/fstab: fs_passno is 0 for all file systems" [Undecided,New] https://launchpad.net/bugs/1785354
<tomreyn> and (mnaybe more a feature request?) bug 1785356
<ubottu> bug 1785356 in subiquity "Please generate version 4 block device UUIDs, not version 1" [Undecided,New] https://launchpad.net/bugs/1785356
<cryptodan> nacc: whislock that AACRAID Issue that I ham plagued with goes all the way back to CentOS 5 on Kernel 2.6 supposedly validated by Dell to work back then
<cryptodan> nacc: whaley this is what im getting now.  https://www.dell.com/community/PowerEdge-HDD-SCSI-RAID/Update-Firmware-PE4600/m-p/6129682/highlight/true#M49162 I have nothing on that channel
<cryptodan> why does ubuntu server come with the grub line of CONSOLE MODE commented out
<cryptodan> Wished Ubuntu Server came defaulted with Console Mode enabled via grub so I can see what is going on with my server install
<cryptodan> so any way I can get to see the console output on my server?  I used to be able to boot it up and see the IP in my router, and ssh to it then remove the comment and update grub.  I cant do that as it appears this fresh install is stuck on mounting home and the monitor is completely dark
<cryptodan> 400 people yet no one knows
<lotuspsychje> !aptience | cryptodan
<lotuspsychje> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or https://ubuntuforums.org or https://askubuntu.com/
<lotuspsychje> cryptodan: we have volunteers all ovber the world, on different timezones, they cant all be online at your question time, i hope you understand?
<lotuspsychje> cryptodan: also try to be as specific as you can, start with ubuntu server version, kernel, where are you stuck at wich step? the more details, the more chance of solving
<cryptodan> its all ubuntu server servers
<cryptodan> regardless of which version I install I always have to ssh into and enable grub console to print out the booting messages of the server
<cryptodan> thank you Ubuntu for not supporting older hardware and not making sure the drivers work like AACRAID
<tomreyn> i'm not sure it was engineered in this way just to make *you* sad about this. maybe there were some other factors which influenced the decision making, just potentially.
<cryptodan> I would imagine that every system admin would love to see their console boot messages as to help troubleshoot any post installation problems
<cryptodan> you know such as kernel panics and what not
<cryptodan> device loading problems
<tomreyn> you will still get to see such on a serial console. you can also customize the installation, or deploy changes post intallation. many options.
<cryptodan> should be simple for just one server sitting in a basement in a non-data center environment
#ubuntu-server 2018-08-05
<danrik> How to configure static ip after fresh Ubuntu 18.04 server install?
<danrik> all tutorial refer to editing `50-cloud-init.yaml` - but comments in that file clearly say: # This file is generated from information provided by
<danrik> # the datasource.  Changes to it will not persist across an instance.
<whislock> If there is no datasource continuing to manage that file, editing it is safe.
<whislock> My current host is configured in such a manner.
<danrik> whislock, what does it mean - datasource?
<danrik> i've just done a fresh install using usb drive - what's a datasource in this context?
<whislock> I'd suggest reading up on cloud-init, it'll explain it better than me typing at length.
<danrik> will do. thank you. changing file worked
<cryptodan> whislock: this is the only stable version of Ubuntu Server that will run on my system Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-24-generic i686) no aacraid issue.  It stems all the way back to CentOS 5 on Kernel 2.6
<xwct> i think im going mad
<xwct> i have 3 different ports port forwarded to 3 different ubuntu boxes, but only one of them works, i can still connect to the boxes locally
<RoyK> port forwarding with what_
<RoyK> ?
<xwct> a asus n66u
<RoyK> I guess the asus is the problem, then
<xwct> i know it works with multiple hosts, i have several other ports forwarded and working
<RoyK> which port/protocol?
<xwct> just set all of it as both
<RoyK> you can't forward the same port to different machines, you know
<xwct> different ports
<RoyK> well, this channel is about ubuntu, not asus
<cryptodan_mobile> xwct: you'll need multiple external ips
<RoyK> cryptodan_mobile: depending on what you want
<xwct> what? i have 3 different hosts with different ports open right now
<xwct> all with one ip
<RoyK> xwct: if you telnet into those ports - what do you get?
<cryptodan_mobile> xwct: what ports
<xwct> 41414, 42424 works
<xwct> so i just put the host with 41414 into dmz, its still nothing
<cryptodan_mobile> You can do that
<cryptodan_mobile>  Go to an online port scanning service and see if it finds it
<jdr> What are the ports?
<xwct> 41414 and 42424, the host with 41414 is currently in dmz and is still refusing connections
<xwct> not lan connections though
<jdr> is the request ever getting to the server sitting at 41414?
<xwct> how do i check for that?
<jdr> tcpdump would do the trick
<RoyK> xwct: tcpdump or better - tshark
<RoyK> tshark is the cli version of wireshark - more versatile
<RoyK> than tcpdump
<xwct> im not getting any traffic through to it
<RoyK> then the router is the problem
<RoyK> 1. give it a reboot
<RoyK> or
<RoyK> 0. doublecheck the config
<xwct> ive already rebooted and upgraded the firmware on it
<RoyK> 2. install ddwrt or something on it
<jdr> did it work before the firmware upgrade?
<xwct> nope
<xwct> only the two ports im trying to open now refuse to work
<RoyK> check the logs
<RoyK> if you don't have any - setup syslog to your home machine or server
<jdr> checked firewall on the servers?
<RoyK> jdr: tshark should see the traffic even with the firewall blocking it
<jdr> true
<xwct> getting tshark now well see
<RoyK> tshark -i <intname> -f "port 1234"
<RoyK> or something like it
<jdr> double check the port forwarding setup. I've done some dumb shit in my day. Wrong IP, or port.
<xwct> its the wierdest thing, this one works just fine
<xwct> https://i.imgur.com/8jLBdST.png
<xwct> but these two refuse to work even in dmz https://i.imgur.com/j5O3rtf.png
<jdr> These ports arent blocked by your ISP are they?
<xwct> nope
<xwct> pretty much the wild west as far as ports go with my isp
<jdr> nice.
<jdr> What is the router
<xwct> asus n66u with asuswrt-merlin
<jdr> How hard would it be to just start over with a fresh/default config on the router?
<xwct> not much, just gotta screenshot the ports and reset it
<cryptodan_mobile> Are the IPS static on the machines
<xwct_> and now it works
<xwct_> stupid
<xwct_> jdr, RoyK thanks for the help
<jdr> what was it?
<xwct> idk
<xwct> it just worked when i reset to factory defaults and added the forwards again
<jdr> Good deal then.
<xwct> reset sledge > reboot hammer
<jdr> haha
#ubuntu-server 2019-07-29
<mahdi_ja> hi all
<mahdi_ja> i want create a sftp server with ubuntu 18.04
<mahdi_ja> i have a second hard and i want user save file in this hard not /home/username directory
<mahdi_ja> how i can do this ?
<lordievader> Good morning
<frickler> jamespage: coreycb: we are seeing a regression of https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1790598 on neutron 2:12.0.6-0ubuntu2 on xenial
<ubottu> Launchpad bug 1790598 in neutron (Ubuntu Xenial) "metadata service calls to nova-api-metadata with IP based SAN's fails" [Low,Triaged]
<frickler> the reason seems to be that  https://review.opendev.org/599541 was removed from debian/patches, but it got merge upstream only into 12.1.0, not in 12.0.6. also doesn't seem to affect bionic due to newer python libs probably
<jamespage> frickler: indeed it was - sahid ^^
<jamespage> sahid: metadata-use-requests-for-comms-with-nova-api.patch was not included in the upstream release for 12.0.6
<jamespage> so we'll need to re-instate that patch OR superceed quickly with 12.1.0
<jamespage> coreycb: fyi ^^
<sahid> jamespage: i'm rebasing stable/queens to 12.1.0 right now
<rafaeldtinoco> good morning o/
<lordievader> ð
<mettiu> hi everyone, i'm looking for a "guideline" for building a custom webserver (nginx + php). my doubts are about how to best configure service users, using or not www-data, how to best configure folders, log path, etc... for separating different website. i'm in a protected environment (not commercial hosting) so my users are mainly developers of the c
<mettiu> ompany, so a classic shared webserver for different application :)  any help apreciated
<kashyap> Hi, folks.
<lordievader> I like the containerized + haproxy setup for websites. Each website has its own container,  haproxy figures out what traffic to send where.
<kashyap> Who can help make this small change to the edk2 package: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/1836859
<ubottu> Launchpad bug 1836859 in edk2 (Ubuntu) "RFE: Ship the firmware "descriptor files" as part of the 'ovmf' package" [Undecided,New]
<kashyap> The current maintainer seems to be away on PTO.
<kashyap> And I don't know Ubuntu enough to 'query' for other maintainers.  (I come from Fedora land :-))
<kashyap> It requires someone vaguely familiar with QEMU (and EDK2/OVMF).
<sahid> coreycb, jamespage: https://git.launchpad.net/~sahid-ferdjaoui/ubuntu/+source/neutron/log/?h=stable/queens
<coreycb> sahid: on it
<sahid> coreycb: buildroot: https://launchpad.net/~sahid-ferdjaoui/+archive/ubuntu/bionic-queens/+build/17334854
<sahid> also i had to remove two patches which were already included: https://pastebin.ubuntu.com/p/TCP78jC2tK/
<cpaelzer> kashyap: IMHO we have time to wait for dannf
<cpaelzer> kashyap: this is a feature tied qemu 4.1 which means Ubuntu 20.04
<cpaelzer> I tihnk rushing something into edk2 now will gain us nothing but probably problems
<kashyap> cpaelzer: Hmm.  I'm coming here and pestering because I'll be away on PTO (from 06-Aug to 23-Aug).  And Nova could use it
<cpaelzer> kashyap: but could it use it without any related commit in qemu?
<kashyap> cpaelzer: Note that is not strictly tied to QEMU 4.1 -- you can still use them with older QEMU versions.
<cpaelzer> I haven't checked the details, only have seen that it came with 4.1 (in the bundled rom release)
<kashyap> cpaelzer: If you have libvirt 5.3 or above, then you can use them with older QEMU
<cpaelzer> kashyap: can one "benefit" from it without qemu 4.1
<cpaelzer> we are on libvirt 5.4 already
<cpaelzer> and I have talked with Dannf before his PTO
<kashyap> cpaelzer: Good question :-)   I'm doing this to be able to test Nova's Secure Boot spec in the OpenStack Gate: http://specs.openstack.org/openstack/nova-specs/specs/train/approved/allow-secure-boot-for-qemu-kvm-guests.html
<kashyap> cpaelzer: If you see the JSON files: they simply describe the features of the EDK2 binaries that you ship in Ubuntu.
<cpaelzer> yeah
<cpaelzer> but doesn't that mean that you can already test it right now manually?
<kashyap> cpaelzer: libvirt 5.3 or above will read them, and then will auto-add the relevant bits if you want Secure Boot
<cpaelzer> by dropping matching json files in place (manually) and see if things work
<cpaelzer> if they do add it to the bug which will help dannf to ensure what is placed will be the correct content
<kashyap> cpaelzer: Oh, sure.  But just trying to set things in motion while I still have the motivation :-)
<cpaelzer> I absolutely appreciate that part of it :-)
<cpaelzer> and I now undertsnad why you are in a hurry (your PTO timing)
<cpaelzer> in motion things are already, since we both reached dannf and he acknoledged to do it after he is back
<kashyap> cpaelzer: As we speak, I'm harassing the QEMU packager on #qemu, asking what he meant in his comment at the end of a similar request: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932269
<ubottu> Debian bug 932269 in ovmf "Ship the firmware "descriptor files" as part of the 'ovmf' package" [Normal,Open]
<kashyap> cpaelzer: Hehe, sorry, I should've made my motivation clearer.
<kashyap> cpaelzer: Okido.  Just wanted to check in here, as things tend to fall through the cracks, as everyone is busy :-)
<cpaelzer> kashyap: this is a curcular dependencyas dannf is the maintainer
<cpaelzer> mjt as well, but he is more the qemu than the edk2 maintainer (usually)
<kashyap> Right, I just asked 'mjt' on #qemu.  Will check later
<kashyap> cpaelzer: Also, I hope Ubuntu is now shipping a "variables files" (VARS) with default UEFI keys (from MS) installed
<cpaelzer> kashyap: /usr/share/OVMF/OVMF_VARS.ms.fd
<kashyap> If you're not aware; disregard my remark -- that's a detail 'dannf' knows -- I described to him a few weeks ago on #debian-qemu (on OFTC)
<kashyap> cpaelzer: Ah-ha, the 'ms' is presumable with MS keys.  It can't be anything else
<kashyap> Last I checked I knew that Ubuntu was shipping the script we wrote to enroll the MS keys.  (Noticed in the tarball here: https://launchpad.net/ubuntu/+source/edk2/0~20190309.89910a39-1ubuntu1)
<kashyap> So all good there.
<cpaelzer> kashyap: this was from 0~20190606.20d2e5a1-1ubuntu2
<cpaelzer> kashyap: give your test a try by manually placing the json files
<kashyap> cpaelzer: Noted, on the version.
<cpaelzer> kashyap: and if it works with the libvirt 5.4 that is in Eoan (maybe with modifications to the json files) update the bug on edk2 to let dannf know that this makes sense for Eoan
<cpaelzer> he might (as I was) assume that this is only needed in 20.04
<kashyap> cpaelzer: But ... note that: simply dropping in there doesn't _quite_ fly: as I don't know (unless I look in the code) if Ubuntu's EDK2 build differs in anyway than Fedora (the I'm familiar with)
<cpaelzer> the only differens seem to be paths right?
<kashyap> Because based on that you (the "mythical you") need to add or remove some lines from the "features" bit.
<kashyap> cpaelzer: That's what I'd expect, frankly
<kashyap> For example, see for Fedora, the "features' its EDK2's MS-signed binary (called: OVMF_CODE.secboot.fd) has are these:
<kashyap>  +     "features": [
<kashyap> +         "acpi-s3",
<kashyap> +         "enrolled-keys",
<kashyap> +         "requires-smm",
<kashyap> +         "secure-boot",
<kashyap> +         "verbose-dynamic"
<kashyap> ---
<kashyap> Now I don't know if they match 1-1 in Ubuntu.  97.83% yes, they _should_ match.
<cpaelzer> kashyap: which would be perfect to be outlined on the bug
<cpaelzer> even if you make assumptions you can provide this example from fedora and the link to the openstack usage of the feature and the result of your testing
<cpaelzer> I'm sure dannf will prefer to change a few features than to blindly guess adding something totally untested
<kashyap> Right, will do.  Once I replenish my "yak trimming" quota :-)
<cpaelzer> hehe
<cpaelzer> kashyap: just trying to guide you to the progress that you poked this channel for :-)
<kashyap> Certainly; just joking, as you know.  Much appreciated.
<cpaelzer> sure, np
<coreycb> sahid: i think we should just add back the missing patch(es) for now and the SRU team will be more likely to fast-path this into -updates
<coreycb> sahid: and then we can do a 14.1.0 after that
<coreycb> sahid: s/14/12/
<sahid> coreycb: based on jamespage comments both ways were OK. can you taking care of adding that patch? I'm still with the horizon thing and i would like make progress
<coreycb> sahid: ok i think i'll just do 2:12.0.6-0ubuntu3 for now with the patches added back then. sorry i think it'll just be easier to convince them to fast track it this way. how's horizon?
<sahid> coreycb: yes that makes sense, just question, in all cases they will ask for a complete tests, no?
<coreycb> sahid: that's a good question which is frustrating in this case. perhaps frickler can help us verify the fix.
<coreycb> sahid: frickler: fyi https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1838263
<ubottu> Launchpad bug 1838263 in neutron (Ubuntu) "neutron 2:12.0.6-0ubuntu1 queens regression" [Undecided,New]
<sahid> coreycb: if we have to provide a complete test i think we should fo with 12.1.0
<coreycb> sahid: that's a valid point. frickler any chance you'll be able to help with verifying a new version of neutron to verify the queens regression is fixed?
<frickler> coreycb: I agree that going forward with 12.1.0 is the better solution, I can test new pkgs once you build them.
<coreycb> frickler: if we want to get a fix out ASAP i think we just need to add the patches back for now
<frickler> coreycb: well we did fix things locally, so for me this isn't urgent
<frickler> coreycb: but I could test that variant too, of course
<coreycb> frickler: thanks, that would be very helpful
<coreycb> frickler: and we'll get 12.1.0 out right after this
<sahid> coreycb: I'm lost I thought the outcome of the discusion with frickler what to move forward and only provide a new version based on 12.1.0, no?
<sahid> s/what/was
<coreycb> sahid: we'll just add the single patch back and fast path that through with testing from frickler. and then we'll follow that with a 12.1.0 that we'll test ourselves.
<coreycb> sahid: less chances of further regressions that way
<m_tadeu> hi...I'm creating a cron job but I think I'm getting into problems with wildcards (find <somedir> -type f -name '*.tar.gz' -mtime +2 -exec rm {} \;)
<m_tadeu> is there an alternative to this?
<tomreyn> m_tadeu: not if you don't say what the 'problems with wildcards' are
<lordcirth> m_tadeu, what exactly goes wrong?
<m_tadeu> tomreyn, lordcirth: pbcak :P
<ncuxo> Hello I have a question about bridging connections
<ncuxo> is this the right place for my question or should I search for another channel?
<ncuxo> I want to bridge my router to a router in another contry
<sarnold> ncuxo: be sure to actually *ask* a question :)
<ncuxo> :) just did I was trying to go as basic as possible :D
<lordcirth> ncuxo, if you are configuring this networking setup on Ubuntu, yes, you can ask here.
<ncuxo> well to be honest I have no Idea how to configure it
<ncuxo> I want to tunnel to the other router
<ncuxo> all the traffic to be encrypted
<ncuxo> In my mind it is something like a private vpn tunnel
<lordcirth> ncuxo, such that both networks appear to be directly connected?
<ncuxo> yes and I want my ISP to be unable to see my traffic
<ncuxo> bought ISP's
<lordcirth> I believe that would be called a "site-to-site VPN"
<lordcirth> ncuxo, try this? https://sysadmins.co.za/setup-a-site-to-site-ipsec-vpn-with-strongswan-on-ubuntu/
<sarnold> ncuxo: do you know why you want a bridge? are you specifically looking for a layer-2 vpn?
<ncuxo> sarnold: I want the government in the country that I'm residing not to be able to check my traffic
<sarnold> ncuxo: aha cool; lordcirth's link looks like a good starting point to me
<sarnold> ncuxo: ubuntu also supports openvpn, https://help.ubuntu.com/lts/serverguide/openvpn.html
<lordcirth> openvpn is very flexible and compatible with many tools, but can be fiddly to configure. This Strongswan seems specifically made for this sort of thing.
<lordcirth> I should try it sometime myself
<ncuxo> hmm but with this I will need a full os on the receiving end ?
<lordcirth> ncuxo, yeah, Ubuntu on both ends. Is that not an option?
<sarnold> many routers will support either openvpn or ipsec out of the box
<ncuxo> lordcirth:  thx for the tutorial I'll check it later today
<lordcirth> Yeah. Although, doing all the encryption on a low-end router could have poor performance.
<lordcirth> ncuxo, let us know how it went!
<ncuxo> lordcirth: if I use a pfsense firewall router on a dell r710 server with kvm ubuntu virtualisation
<ncuxo> should this be a sufficient encryption standard on the connection?
<ncuxo> okay brb wife calling for dinner
<lordcirth> ncuxo, I don't see how any of that determines the encryption
<sarnold> r710 looks to be xeon 5500 and 5600 series
<sarnold> some of those have aesni but I can't find throughput numbers
<sarnold> finally something with some numbers: https://blog.scottlowe.org/2012/09/12/clds006-exploring-new-xeon-e5-optimizations-for-10-gb-ethernet/  ""throughput increased from 5.3 Gbps at ~91% CPU utilization with a Xeon 5500 (no AES-NI) to 33.3 Gpbs at ~79% CPU utilization on an E5-2600 with AES-NI support"
<patdk-lap> aes-ni support is funny also
<patdk-lap> you have to bulk encrypt to get good numbers, generally packet sized doesn't do well
<patdk-lap> wonder if you get full 64k packet offloading aes-ni support
<patdk-lap> plus doing it in a vm adds extra cpu context changes, your milage will vary :)
<patdk-lap> just don't use openvpn
<patdk-lap> openvpn is still single core bound
<patdk-lap> I was maxing out at 300mbit
<patdk-lap> next time I attempt that, I'll get a desktop cpu with like 4ghz clock speed
<sarnold> patdk-lap: hmm, now I realize that I don't know well enough how these things work -- does the application need to resubmit the key to the aesni instructions every packet?
<patdk-lap> I dunno how linux does it
<patdk-lap> I know when they where working on it for illumos, they tested it, and it's just the amount of setup overheat is restrictive
<patdk-lap> unless you do so many operations at a time
<patdk-lap> I think the same goes for all those advanced features, floatingpoint, mme, ...
<patdk-lap> just takes so much time to transfer the instructions and data to the unit to process, once it is going it's fast though
<patdk-lap> so doing small amounts of data can be a real overhead due to setup costs
<sarnold> yeah floatingpoint / mmx stuff .. if it's used in a process, then that state needs to be cleared and reset across context switches, so if you're going to use it, you better *use* it :) but I realize I don't know how aesni works. heh.
<patdk-lap> I can't seem to locate it, was a blog post someone posted in development
<patdk-lap> was a few years ago
<patdk-lap> few == 5+?
<sarnold> dang; thanks for looking
 * patdk-lap blames rss feeds
<patdk-lap> easy to read and remember
<patdk-lap> hard to relocate
<sarnold> heh then maybe it was a bit more than five years ago? :)
<patdk-lap> cannot be before 2012
<patdk-lap> as I'm possitive it was illumos related, and I didn't start playing with it till 2011, and not working and reading about the kernel till 2013 or so
<patdk-lap> oh, aes-ni didn't exist till 2010
<patdk-lap> also, issue with blogs, they vanish so quickly
<sarnold> if you're really lucky the old content just bitrots on an old ignored site..
<patdk-lap> http://zfs-create.blogspot.com/2014/05/optimizing-illumos-kernel-crypto.html
<patdk-lap> I think that was it
<sarnold> patdk-lap: thanks :D
<sarnold> hahah "(luckily the GCM algorithm is limited to 64GB of data per key, so at least there is an upper bound to this nonsense)"
<patdk-lap> damn
<patdk-lap> I was right on with my 5year guess
<sarnold> :D
<coreycb> frickler: fyi the new neutron package version is availlable in bionic-proposed 2:12.0.6-0ubuntu3
<keithzg[m]> Hmmm. How would I rename a network interface that seems to decide on a new MAC address every boot?  Tried setting a udev rule based on the vendor and model but either I'm doing it wrong or that won't work either (on 19.04).
<keithzg[m]> (Normally I'd just create a systemd .link file, but I think that needs to be MAC based?)
<rbasak> keithzg[m]: https://netplan.io/reference#common-properties-for-physical-device-types gives you some options
<rbasak> keithzg[m]: based on bus location or driver name
<rbasak> (assuming the default name is based on bus location, which is the default I think)
<keithzg[m]> rbasak: Hmm. I suppose that could work as long as I keep it plugged into the same USB port all the time; the driver name won't work then though since I believe I'm using NetworkManager rather than networkd.
<keithzg[m]> ...hmm. As far as it reads to me, matching on name is precluded then too.
<keithzg[m]> So I guess I'm back to trying to make a udev rule work, if that's even still possible.
<rbasak> Get a proper NIC? :)
<rbasak> I don't see why an early enough udev rule wouldn't work
<keithzg[m]> Yeah I'm pretty confused by that, but also too rusty dealing with udev rules to be sure how to debug it, so was hoping there was an easier way. Alas.
<rbasak> Oh, you might need to disable any future standard renaming udev rules though
<rbasak> https://lists.ubuntu.com/archives/ubuntu-devel/2015-May/038761.html is a good guide to what there was
<keithzg[m]> Aha, if I run `udevadm --debug test` against the USB device in question, I see it run through the rules in order but it was skipping my rule I was trying to sneak in early, I had just foolishly created the file as /etc/udev/rules.d/10-network-rules instead of 10-network.rules, whoops. And then it complained "Invalid ACTION operation" for ACTION="add", because it should actually be ==. Classic PEBKAC ;)
<keithzg[m]> (That didn't actually accomplish the task at hand, but yeah probably into needing to find and disable/override other preexisting renaming rules)
<keithzg[m]> Still haven't figured it out. Sigh.
#ubuntu-server 2019-07-30
<mahdi_ja> hi all
<mahdi_ja> i create a folder with root permision
<mahdi_ja> <mahdi_ja> ls -l output is :drwxrwxrwx 1 root root 0 Jul 29 12:01 sftp
<mahdi_ja>  but when i use chmod 775 sftp a permision not change
<lordievader> Good morning
<frickler> coreycb: actually we need to test the xenial package, but that seems to be in place, too. bionic doesn't seem to be affected as I wrote earlier. will test later today
<coreycb> thanks frickler
<ahasenack> if a certain binary isn't available in an architecture, should its manpage still be installed?
<ahasenack> it's a package with multiple binaries, and just one isn't there in this case
<ahasenack> debian/pmdk-tools.install:[amd64] usr/bin/rpmemd
<ahasenack> debian/pmdk-tools.manpages:doc/generated/rpmemd.1
<ahasenack> came from debian like this ^
<ahasenack> I'm thinking about adding [amd64] to the manpage as well
<ahasenack> thoughts?
<ahasenack> assuming the dh helper for manpages understands that
<ahasenack> hm, maybe a better question for #ubuntu-devel
<lord4163> Hi. I'm trying to install Ubuntu Server, but whenever I click on "Install Ubuntu Server" in the bootloader, it hangs
<lord4163> Oh wait, something is happening now after like 5 minutes :D
<tomreyn> lord4163: is this server low on resources by chance?
<tomreyn> also make sure you check the iso you downloaded is not corrupt, and that it was properly and entirely written to the installer media.
<tomreyn> !checksum
<ubottu> To verify your Ubuntu ISO image (or other files for which an MD5 checksum is provided), see https://help.ubuntu.com/community/HowToMD5SUM or http://www.linuxquestions.org/linux/answers/LQ_ISO/Checking_the_md5sum_in_Windows
<coreycb> frickler: any luck?
<lord4163> tomreyn: Not particularly, quad core, 4gb of RAM
<lord4163> tomreyn: got it installed now :)
<lord4163> I installed from a USB stick to a CF card. Now I'm going to transfer that to another machine, but I don't have any serial or video on that machine. I would like to set the same IP on all the network interfaces so that I can connect over SSH.
<lord4163> I have no idea yet what the interfaces will be called
<lordcirth> lord4163, could these interfaces use dhcp?
<lord4163> lordcirth: Uhm yes I suppose
<lordcirth> DHCP seems like the simplest solution. Network autoconfiguration is what it's for, after all.
<lord4163> lordcirth: I am not familiar on how to configure that with netplan though.
<lord4163> lordcirth: Can I do *: dhcp4: true?
<lordcirth> lord4163, The docs say that names have pattern matching, so I think so.
<lordcirth> But I can't find docs on what patterns.
<lord4163> lordcirth: I'll try it :)
<frickler> coreycb: sorry, our test cluster was in use today, will have to try again tomorrow
<coreycb> frickler: ok np thanks for letting me know. i may just try to get it released today.
<lord4163> lordcirth: It doesn't seem to work :(
<lord4163> lordcirth: So...? Any suggestions?
<lordcirth> lord4163, doesn't the installer just pick the first interface and dhcp, if you set the preseed to auto?
<lord4163> lordcirth: I installed on a different machine and transferred the CF card to the server
<lord4163> lordcirth: I have no way to install without serial or VGA
<lord4163> or USB
<lord4163> I guess the simplest way is to try and get the serial port to work.
<lord4163> I tried this https://www.hiroom2.com/2016/06/06/ubuntu-16-04-grub2-and-linux-with-serial-console/#sec-2
<lord4163> But for some reason my laptop doesn't see the serial device
<lord4163> Have to go now, goodnight
<seven-eleven> how can I set a custom IP with cloud-init?
<foo> I have a python script (long running task) in a Ssl state. I believe capital S is "Interruptible sleep" - meaning, it's stuck/waiting for something. Can someone confirm this? (It doesn't seem to be firing)
<foo> Thank you
<RoyK> foo: some fs errors?
<RoyK> foo: check dmesg
<foo> RoyK: howdy. Nothing in dmesg. It's a digital ocean droplet. Does that state scream "something is wrong it is stuck" to you?
<sarnold> foo: you could try strace on the process to find out where it's stuck; it might be stuck on a read, and if it tells you the filedescriptor, you could compare against /proc/pid/fd/ or lsof to figure what exactly it's waiting on
<foo> sarnold: thanks, yup, I did strace it... all it gives me is : read(21, (strace -p [pid]) - not sure what to make of that, though
<sarnold> foo: hmm, is the text "(strace -p [pid])" literally in the strace output? o_O
<foo> sarnold: well, that's the command I ran. I did just restart the service and it properly processed all the backlog... something was definitely stuck
<sarnold> foo: hmm. now you can't debug it :)
<foo> sarnold: How else would I debug it? I agree it is less than ideal especially since this has never happened before. :) Strace didn't seem too helpful here but I may be missing something
<sarnold> foo: well, what was /proc/pid/fd/21?
<foo> sarnold: hm, I thought I tried looking for that but couldn't find it. I'll have to see if I can catch this next time
<foo> sarnold: I'm assuming that's a file I can attempt to cat or ls or tail or something?
<foo> I haven't gone digging in /proc too much
<sarnold> foo: *probably* it's a socket; it'd have some ls -l /proc/nnnn/fd/21 output like 21 -> 'socket:[5202400]'
<sarnold> foo: you could (probably should) use lsof to figure out where that socket is going; you'll have bits of output like this:
<sarnold> TCP 192.168.0.13:42666->192.168.0.24:8009 (ESTABLISHED)
<sarnold> once you know what's wedged, you'll be able to start looking into *why* it's wedged -- maybe it's a remote server that has stalled. maybe it's a firewall that silently blocks packets rather than rejecting them. etc
<foo> sarnold: ahh, this is all very helpful. Thank you! I'll make note of this next time it happens.
<sarnold> foo: woo :)
<sarnold> foo: while I've got this tab open, you may like this too :) http://www.brendangregg.com/linuxperf.html
<foo> sarnold: uh, this looks awesome - appreciate it
#ubuntu-server 2019-07-31
<mahdi_ja> i configure a ftp server and when i want connect to it i get this error : packet_write_wait: Connection to 127.0.0.1 port 22: Broken pipe
<mahdi_ja> Connection closed
<sarnold> mahdi_ja: port 22 is ssh
<sarnold> did you configure sftp instead?
<sarnold> (sftp is far better than ftp for most users)
<mahdi_ja> sarnold, yes i configure sftp
<sarnold> mahdi_ja: can you ssh to localhost?
<mahdi_ja> yes i do this for test
<mahdi_ja> sarnold, yes i do this for test
<sarnold> mahdi_ja: so ssh works but sftp doesn't?
<mahdi_ja> sarnold, whit ssh i get this error :Permission denied, please try again.
<sarnold> mahdi_ja: I think solving that will go a long way
<mahdi_ja> sarnold, and how ?
<sarnold> mahdi_ja: check the sshd logs, auth logs, see what errors it's reporting
<mahdi_ja> sarnold, thank you
<sarnold> mahdi_ja: time for me to run, have fun, good luck, and paste errors to a pastebin if you need more, hopefully someone will be around :)
<emOne> Are there some default lists of ports that should be closed by default?
<emOne> are there any ports which are already closed on ubuntu server ?
<lotuspsychje> emOne: security is a wide area to deal with
<lotuspsychje> emOne: try to nmap yourself externally, to see whats open and what not
<lotuspsychje> emOne: the attacker is always looking for 24/7 servers with interesting services that are exploitable
<emOne> I believe none of my ports are firewalled
<lotuspsychje> emOne: its a combo of interesting services they are after, updated or not is important
<lotuspsychje> emOne: try nmap -PN -sV ip for services
<emOne> lotuspsychje: I received an email saying I should do something about my port 111 which is used by portmapper
<lotuspsychje> emOne: running NFS?
<emOne> lotuspsychje: I am not sure. I locked myself out while activating the firewall
<emOne> trying to get back online
<weedmic> Before I write a programme to do the following, is there already such a tool?  runs every x mins, check items v triggers, if trigger is met, send warning email, if triggers not met, apend to report.  captures snapshot of cpus usage, memory usage, storage remaining.  Sends report once each day, sends triggers immediately.
<lordievader> weedmic: This sounds like Zabbix
<weedmic> will check - i normally use htop and have a big monitor with lots open all the time, but, this is for someone in the backoffice to glance at once a day.
<vlt> weedmic: Or Nagios/Icinga.
<lordievader> weedmic: Zabbix will nag at you when things hit the fan ð
<weedmic> when htop reports "load average = 18.6" and I have 40 cpus, the number is cpu equivalents?  t/f?
<nacc> weedmic: load average is about (in some sense) runnable processes, it's not normalized to how many cpus you have
<weedmic> so, 18.6 means about 18 processies are running at the same time on average?
<weedmic> if so, how does one know when the number is high enough to be a concern/worry?
<lordievader> It is not necesarily running. It means that 18.6 cores are busy a 100% of the time.
<lordievader> What I typically do is normalize the load by dividing it between the number of cores/cpus available. That way if it reaches a 100% I know the machine is fully utilized. Above it the machine is over utilized, etc.
<weedmic> ok, so it is like I thought, but you are saying cores not cpus.  I have a lot more cores than cpus, so 18.6 must be unimportant.
<weedmic> i meant threads not cores nor cpus
<nacc> weedmic: every hardware thread is a logical CPU in Linux; load isn't really core based -- it's logical CPU based
<weedmic> Q
<weedmic> to calculate average cpu load, i can do "inxi -x -C", add all the cpu (col 3) and divide by 5 (It only does top 5) - correct?
<weedmic> nvm - the real thing i wanted was "cat /proc/loadavgâ"
<teward> ahasenack: can i coopt you to do some nginx testing for me?
<teward> very basic tests but :P
<ahasenack> teward: probably :)
<teward> ahasenack: can you install nginx from bionic updates, remove the IPv6 listen line, and then restart NGINX, and see if it still listens on IPv6?
<ahasenack> that would be odd if it did
<teward> from what I can tell a straight `listen 80;` will still listen on both v4 and v6 in most modern setups
<ahasenack> and the host, ipv6 enabled? For this test
<teward> since listen 80 without 0.0.0.0 is a "bind all"
<teward> yeah
<teward> and then if you want to test with v6 disabled feel free
<ahasenack> let me get a vm then
<teward> ack
<teward> to my knowledge based on the documentation, listen :80 is equivalent to "LIsten on port 80 on all available interfaces and IP addresses"
<teward> and listens on 0.0.0.0:80 and [::]:80
<ahasenack> upstream said in the upstream bug that by default nginx doesn't listen on ipv6, though
<ahasenack> but we shall know in a few
<ahasenack> teward: hm, looks like it stops listening on ipv6: https://pastebin.ubuntu.com/p/McKNnMTBSS/
<teward> hmm
<teward> ahasenack: AIUI though disabled IPv6 is nonstandard
<teward> and not the 'norm'
<teward> therefore this is an edge case that we can't easily adapt for...
<ahasenack> I tend to agree
<ahasenack> sshd ships with
<teward> i could have SWORN we had another bug like this
<ahasenack> #ListenAddress 0.0.0.0
<ahasenack> #ListenAddress ::
<ahasenack> commented like that
 * teward digs into it
<ahasenack> and it doesn't fail to start if ipv6 isn't there
<ahasenack> but I think it would fail if the ipv6 line was uncommented
<ahasenack> and ipv6 was not supported
<teward> fairly sure https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1743592 is a dupe of this
<ubottu> Launchpad bug 1743592 in nginx (Ubuntu) "NGINX fails to install/upgrade if IPv6 is completely disabled." [Low,Triaged]
<ahasenack> agreed it is
<teward> duped it
<teward> we could introduce this in Eoan first
<teward> see if there's any whining/moaning
<teward> but it's not SRU-able on its own
<teward> rbasak: ^ in case you want to check my brain on this
<teward> but i'm fairly sure a 'default config' change SRU is not going to be enough to be SRU worthy on its own
<teward> nor would such an SRU actually *get* to the end users side of things because of how config files're handled
<rbasak> Sorry, I'm just finishing one thing and then I need to run.
<rbasak> I'll try to remember to look later
<ahasenack> teward: I tend to agree. The main argument being, I think, that if you changed your system to completely disable ipv6, at the OS level, then you should also take care of individual configuration changes that are needed per service
<teward> rbasak: no problem, it's not SRUable in my opinion and because of how dpkg handles config files files would not get overwritten by default.
<teward> just wanting to check my brain here :)
<ahasenack> because this could be surprising in the other way around too: you want ipv6 enabled, you have configured a listen directive for it, then for reasons outside your control suddenly ipv6 is disabled and your site is not reachable via that protocol anymore
<teward> ahasenack: that's also my opinion.  we could comment out the v6 line for Eoan+ but not get that backports.
<ahasenack> nginx not starting up is a valid failure mode
<teward> yep
<teward> and we even have that in the config if port 80 is already bound to
<teward> at least, in later
<teward> later NGINX versions in Ubuntu*
<axisys> tcpdump on port 443 shows packets coming, openssl s_client -connect remote:443 gets certificate , but netstat -tunlp | grep 443 shows only port 8443 .. what is tied to port 443 ?
<axisys> https://remote takes me to the site
<tds> axisys: just to check, you're running that netstat command on "remote"?
<tds> either way, I'd check for iptables rules, port 443 may be redirected to a different local port
<axisys> yes running on remote :-)
<axisys> tds: ah.. that was it
<axisys> tds: -A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination 127.0.0.1:8443
<axisys> tds: thank you
#ubuntu-server 2019-08-01
<lordievader> Good morning
<mnms_> hi guys! Sorry if posted on wrong channel. I would like to ask if there is any intel cpu which is resistant to most vulnerabilities like zombieland spectre etc.. building server hardware... lga1151 socket
<mnms_> trying to decide which cpu to take
<nacc> lol @ --^
<frickler> jamespage: didn't see you in #openstack-dev, so mentioning here: in https://review.opendev.org/674027 as a drive-by I correct the docs link for the charms projects, please verify that the link is correct
<Marethyu1211> Hello! Just to make sure, is this the place to ask questions about ubuntu server, or is this one of the dev groups?
<rbasak> Marethyu1211: you can ask user questions here
<Marethyu1211> Alright, thanks! So, I'm trying to install ubuntu-server as a multi-boot, alongside windows 10. I've shrunk my windows partitions (running BIOS), deleted one so I have space for linux, and now have about 450 gb unallocated. I've got the installer booted off of a flashdrive, but the Filesystem setup step refuses to recognize the existing partitions,
<Marethyu1211>  even in manual mode
<Marethyu1211> Is there a particular trick to getting ubuntu-server to only use the unallocated space for its partition?
<weedmic> Marethyu1211: Are you sure that's the proper goal?  Would it not make more sense to install a linux server, and have whatever windows servers run in virtualbox - then none of the machines ever need be turned off?
<Marethyu1211> The issue is that I don't have my original installation media for my computer - so getting a VM inside ubuntu-server might be difficult without that, I think. Running it the other way around (the server as a constant VM inside win10) might cause performance issue, as my desktop is pretty old
<Marethyu1211> If the latter trick (or anything else) might work, I'd love to hear about it!
<weedmic> I suggest watching a video about clonezilla.   Also, windows (at least here in Israel) will send you replacement media for about 7euros.
<tomreyn> Marethyu1211: the ##windows channel would be a better place to discuss your windows options. Generally, you can 'move' a physical installation into a VM, a process which virtualization softwares often refer to as "P2V" ("physical to virtual"). Usually, the common denominator for 'server' installations is that they don't have a graphical user interface, saving those resources for something more useful, such as speeding up all other
<tomreyn> processes, including the virtualization, and reducing the attack surface (increased exposure to attacks by running GUI softwares on a server system).
<Marethyu1211> Alright, thanks all!
<DammitJim> does ubuntu/Canonical support openjdk 11 on ubuntu 16?
<DammitJim> I get confused as to what they support
<DammitJim> I think the only versions available are 8 and 9
<tomreyn> !YY.MM | DammitJim
<ubottu> DammitJim: Ubuntu version numbers are: YY.MM (YY=release year,MM=release month). Each year sees two releases, so just specifying YY is imprecise. See also https://www.ubuntu.com/about/release-cycle
<DammitJim> lts
<tomreyn> DammitJim: https://packages.ubuntu.com/search?suite=xenial&keywords=openjdk is what's on offer for "xenial" (16.04 LTS)
<tomreyn> so you can choose between security supported openjdk 8 and community supported openjdk 9
<DammitJim> ok, but not 11
<tomreyn> correct, ubuntu itself does not provide openjdk 11 builds for 16.04 LTS.
<DammitJim> ty
<tomreyn> maybe canonical does, you'd need to contact them directly.
<tomreyn> there are other parties who probably provide openjdk 11 builds for 16.04
<DammitJim> thanks
<tomreyn> DammitJim: https://en.wikipedia.org/wiki/OpenJDK#OpenJDK_builds might help finding alternatives
<friendlyguy> hi there! i am trying to update one of my ubuntu vms, but i have a conflict
<friendlyguy> perl-modules-5.22 conflicts with perl-modules
<friendlyguy> how do i resolve that?
<sarnold> friendlyguy: can you pastebin the output? on my systems apt-cache show says both package names are virtual and thus won't tell me anything about them, heh
<friendlyguy> sarnold: sure
<friendlyguy> https://termbin.com/a97c
<sarnold> heh, dang, I was hoping it'd have a bit more detail.. alright then..
<sarnold> friendlyguy: try apt-get install -f perl-modules-5.22 perl-modules- perl-modules:i386-
<TJ-> where'd perl-modules come from though? is it a Provides: of something, or a 3rd party archive?
<friendlyguy> i have nooo idea
<friendlyguy> https://termbin.com/22cr
<friendlyguy> tomreyn: hey there! are you around by any luck?
<sarnold> friendlyguy: apt-get dist-upgrade perhaps?
<friendlyguy> sarnold: i can try...
<friendlyguy> sarnold: i think that did the trick
<sarnold> friendlyguy: woot! nothing else looks funny? no held back packages, 0 packages to update, etc?
<friendlyguy> nope
<friendlyguy> all fine
<sarnold> cool :) I wish I knew what exactly it was
<tomreyn> friendlyguy: did i self-promote this script with you, yet? https://github.com/tomreyn/scripts#foreign_packages
<friendlyguy> yes you did :)
<tomreyn> okay, might want to run this there if you haven't
<friendlyguy> i did
<tomreyn> also look at apt-mark showhold
<friendlyguy> that does return nothing
<tomreyn> okay, maybe a conflict introduced by 3rd party repos then
<friendlyguy> tomreyn: i found another vm with the same problem as my webserver had: boot is full and i guess with the same "migration background" :)
<tomreyn> that was 14.04 -> 16.04 ? i don't rmeember the details.
<friendlyguy> i think so
<friendlyguy> its 16.04 currently
<tomreyn> i think the system we were working on the other day was lacking the linux-* 'tracking' / meta apckages
<friendlyguy> yup, and i "suspect" that machines suffers the same disease
<friendlyguy> didn`t look more into it yet
<friendlyguy> its a teamspeak vm i didn`t give any love in a year or so
<tomreyn> now it's hard to tell whether this is a generic issue with *some* ubuntu 14.04 (or older, if there were previous upgrades) installer not installing these packages or some third party image which may have been used to setup these systems
<friendlyguy> let me take a look
<tomreyn> and even if it was an issue in 14.04 and older, we can probably not file a bug about it now since those are no longer maintained (except for !ESM)
<friendlyguy> yes, but... could you possibly help me again if my suspicion confirms?
<friendlyguy> i`ll of course try to look at the history on the other machine first.
<tomreyn> friendlyguy: i'm certainly not the only one who can provide those answers around here, but if i'll be around at this point in time, i'll be happy to help. i think those packages are: linux-generic or (if !HWE) linux-generic-lts-$(lsb_release -rs) or linux-virtual (if a VM)
#ubuntu-server 2019-08-02
<fluvvell> our lad installed desktop on a server by mistake, without a reinstall can we remove the package that requires a login to X before boot is complete? Crossgrade to ubuntu-server by package?
<fluvvell> really don't want to log into a graphic login before we can ssh in
<lordievader> Good morning
<lordievader> fluvvell: Those are separate services. However, removing X libraries will remove most of the desktop, as those packages depend typically on X.
<rafaeldtinoco> morning o/
<lotuspsychje> morning rafaeldtinoco
<rafaeldtinoco> o/
<jamespage> cpaelzer: I'm seeing libipsec-mb0 being pulled into the depends for OVS in eoan via librte-pmd-aesni-mb18.11
<jamespage> is that something you are aware of and was it intentional?
<jamespage> i.e. do we need to MIR tat
<lordcirth> Having a weird issue with netplan on 18.04 - I applied a config that I've used on other servers, vlan interfaces tied to a physical, bridges tied to vlans for lxc containers. The bridges don't start on boot
<lordcirth> Boot waits for 2 minutes, 'brctl add' can add the bridges fine after boot. Must be some kind of race.
<lordcirth> Ahah, I had configured the physical interface that the vlans tie to, in both the vlan file and the main file.
<lordcirth> It would help for netplan to actually say something, though...
<cyphermox> lordcirth: some things are hard to detect
<cyphermox> could you open a bug and include both yaml files so we can add that?
<lordcirth> cyphermox, sure. Ubuntu launchpad bug?
<cyphermox> yes, please
<Akuw> i am getting this  âNetwork configuration timed out: please verify settingsâ
<Akuw> i have 4 ethernet cards but get that message, only one is connected to cable
<Ussat> ok, verify the settings
<Akuw> i am using default DHCP
<Akuw> all cards are in the list
<Akuw> but got that error
<Akuw> Broadcom Limited / Netextreme ii BCM5709 Gigabit Ethernet
<Akuw> is enp4s0f0
<Akuw> link is blinking
<Akuw> dhclient enp4s0f0 stay waiting
<Akuw> cant get any ip
<tomreyn> Akuw: are you using the ubuntu *live* server installer, or the (alternative) server installer? for which ubuntu version?
<Akuw> ubuntu-18.04.2-live-server-amd64.iso
<Akuw> ping to 127.0.0.1 gives response
<Akuw> then card is ok
<tomreyn> Akuw: can you ping the gateway, though?
<Akuw> no
<Akuw> i cant get DHCP
<Akuw> ubuntu server should get automatically because i selected DHCP
<Akuw> for IPv4 and IPV6
<tomreyn> Akuw: yes, nrmally this is what would be expected to happen. and i would think this NIC should be supported, too. you could check the logs which should be somewhere in /var/log
<tomreyn> Akuw: maybe /var/log/installer
<Akuw> i should disable PXE Boot from this card in BIOS or doesnt matter?
<tomreyn> Akuw: here's a log file of a successful NIC configuration on 18.04.2 server-live installer:  https://termbin.com/0yo6
<tomreyn> Akuw: pxe boot should no longer matter after you already booted the installer.
<Akuw> ok
<tomreyn> Akuw: have you tried to cross check with a desktop installer / live system?
<Akuw> no
<tomreyn> i.e. it'd be good to test whether this is really an issue with the server-installer or whether the DHCP configuration is just incorrect.
<Akuw> let me see log
<Akuw> this server is old so should be work
<tomreyn> what i'm suggesting is that the network configuration data transferred via dhcp might be wrong so it cannot actually connect anywhere
<tomreyn> this log is /var/log/installer/subiquity-debug.log
<tomreyn> (in case you'd like to compare to yours)
<Akuw> no
<Akuw> i tested from another computer
<Akuw> so netwrok is ok
<Glorfindel> hi all, I need to install mysql 5.2 on ubuntu 18.04. what is the easiest way to go about doing this? I'm hoping to avoid building from source
<Akuw> i will test with desktop
<Akuw> wait
<Akuw> letme create usb boot
<Glorfindel> mysql-server 5.2, specifically
<tomreyn> Glorfindel: why do you need this old version when you can use a newer one? and why do you depend on installing it on 18.04?
<Glorfindel> tomreyn: it's the newest version supported by some oldish software I'm trying to get running
<tomreyn> Glorfindel: since the oldest mysql server verison ubuntu supports at this time is mysql 5.7 (5.5 via !ESM) you'd indeed need to find another source for installing it. some of the mysql community distriubtions do provide their own versioned apt repositories, but i doubt they still maintain such an old release.
<tomreyn> i'd rather suggest you choose a maintained software.
<Glorfindel> the software in question is partkeepr, and from the research I did before deciding to test it there isn't really anything else availible. I was hoping to use it for inventory tracking
<lordcirth> Glorfindel, there are many options for inventory software
<Akuw> hi
<Akuw> i just did a test
<Akuw> from another computer it was possible to get IP using DHCP
<Akuw> using same cable
<Glorfindel> lordcirth: well, within the feature set I was looking for, I guess. do you have any alternatives to suggest that maybe didnt' show up when I searched?
<Akuw> so... wat could be the problem?
<Akuw> network card?
<Akuw> driver?
<lordcirth> Glorfindel, not off-hand. But I would not consider anything that requires mysql 5.2.
<tarpman> Glorfindel: where do you see that partkeepr requires mysql 5.2? I see plenty of people on their github who appear to be running it on recent-ish ubuntu
<tarpman> Glorfindel: https://wiki.partkeepr.org/wiki/PartKeepr_on_Debian_%22Stretch%22 even talks about running it on mariadb 10
<Akuw> tomreyn: what do you think could be the problem, Ubuntu install is OK, Cable is OK
<Glorfindel> tarpman: it's currently not running and when I asked in #partkeepr I was told 5.2 is the most recent mysql version it will run on
<Akuw> the only thing could be network card
<Glorfindel> although they didn't sound like they remembered for sure either... meh. maybe I'll try finding an alternative... I've already spent around 8 hours trying to get this one working
<tomreyn> Glorfindel: what are your requirements in an inventory tracking system?
<Glorfindel> tomreyn: barcode scanner support; notifications of low stock; automatic upc lookup would be nice, but not necessary. honestly I haven't really seen much of anything as far as inventory goes...
<tomreyn> Glorfindel: this doesn't sound special at all, i guess most ERP solutions will cover this.
<tomreyn> https://en.wikipedia.org/wiki/Inventory_management_software#See_also
<tomreyn> wikipedia usually has lists of commonly used softwares for specific tasks, too, have a look
<Glorfindel> tomreyn: I don't see any lists of commonly used software :/
<tomreyn> https://en.wikipedia.org/wiki/List_of_ERP_software_packages
<tomreyn> ERP may be much more than you want / need though, i guess you just want inventory management
<tomreyn> or warehouse mgmt
<tomreyn> or supply chain mgmt. but i agree there dont seem to be a lot of comparisons for those online, which probably suggests those are not the right search terms, yet.
<tomreyn> Glorfindel: https://ofbiz.apache.org/ might be an option (this is not a recommendation)
<tomreyn> maybe https://github.com/odoo/odoo also
<tomreyn> i'm looking at http://cdimage.ubuntu.com/ubuntu-server/bionic/daily-live/20190802/MD5SUMS - are arm64 + ppc64el going to be built (and released) as well?
<tomreyn> ahem, actually thes are on the same directory, sorry.
<tomreyn> they're ust not listed at http://iso.qa.ubuntu.com/qatracker/milestones/405/builds which makes me wonder what their status is
<Glorfindel> tomreyn: hmm, I'll keep those in mind. thanks. right now I'm thinking inventoria from nch, seems to have everything I'll need and runs on windows, which is a plus. Not open source or free, but a lifetime license costs less than some monthly subscriptions from other companies
<DammitJim> I need to add more space to a couple of LVs; however my PVs are on a software raid
<DammitJim> do you guys know how I can achieve this? This is in a vmware environmen
<tomreyn> Glorfindel: whatever works for you ;) we're way beyong the scop of #ubuntu-server now, thoough - let's continue in #ubuntu-offtopic or -discuss if there's more to talk about it.
<tomreyn> DammitJim: so you have no unallocated space left in any VGs?
<DammitJim> correct
<DammitJim> I've added more space to a VG
<DammitJim> but I've never done it to a VG that is backed by a software raid
<tomreyn> DammitJim: well the software has a fixed size, so the PV on top of it has a fixed maximum size. you mentioned multiple PVs though, so it's hard to imagine what you are really dealing with there.
<tomreyn> sharing some command output (on a !pastebin - consider the !pastebinit command) might help
<tomreyn> !pastebin
<ubottu> For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<DammitJim> where did I mention multiple PVs?
<tomreyn> mwhudson: in case i can bug you with htis currently (feel free to point me elsewhere / not respond) - i'm trying today's  bionic-live-server-amd64.iso from 18.04.3 qa-testing (a8dff1ad76cf8b8424c9695a2ae13b9a) in virtualbox (6.0.10 r132072) with 4 NICs (3 of which have no link) and run into e1000 "Tx Unit Hang" errors: https://termbin.com/3sho https://i.imgur.com/NXy2ogc.png
<tomreyn> also a netdev watchdog oops as a result of those
<tomreyn> should i report this somewhere / omehow? (i'm not into QA testing, yet)
<tomreyn> DammitJim: "however my PVs are on a software raid" (plural)
<DammitJim> oh, thanks for pointing that out
<DammitJim> it's 1 PV
<tomreyn> DammitJim: so you have a couple of (virtual) HDDs, you have partitions on those, and on one of those parititons you have an mdadm managed software raid? correct? and which raid level is it, how many raid devices?
<tomreyn> cat /proc/mdstat    also works
<tomreyn> DammitJim: and then on top of this RAID array you have a logical volume meanager 2.x PV, which is assigned to a VG, and all allocatable space has been allocated. now what is your strategy for increasing allocatable space within this volum group?
<DammitJim> raid 1
<DammitJim> I thought I could increase the virtual hard drives that are part of this raid array
<DammitJim> so, I think lsblk shows something like sdc -> sdc1 -> md0 and sdb -> sdb1 -> md0
<tomreyn> DammitJim: as discussed above, i assume your raid member devices as not full disks but partitons.
<DammitJim> I'm picturing in my head that we would fdisk sdc and sdb with new sdc2 and sdb2
<tomreyn> right
<DammitJim> and add them to the raid array
<DammitJim> yes, not full disks
<DammitJim> but I don't know what commands I would run to add the new partitions to the raid array so they are mirrored
<tds> DammitJim: can you pastebin the exact output of lsblk?
<DammitJim> sure
<tds> also, you mentioned VMs are involved - to confirm, is this inside the vm, on the host, or you're tweaking config on both, or what?
<TJ-> DammitJim: is the space on sdb/sdc after sdb1/sdc1 currently unallocated?
<tomreyn> you could repartition the existing disks to add new partitions and add those as new raid devices to a raid 10. but that's a lot more complexity that i'd recommend.
<DammitJim> https://pastebin.com/97nfaH5Q
<DammitJim> the existing disks are maxed out
<Ussat> whych hypervisor ?
<DammitJim> the VM is the system I want to add more storage to... I have plenty storage in the datastore - vmware
<Ussat> Just add a physical disk, then ad that to the LV, then expand it
<tomreyn> DammitJim: wait, do you have a mirror raid spun across different partitions on sda?
<DammitJim> Ussat, I need to add it to the raid array first
<DammitJim> I don't know how to do that
<Ussat> or, use SSM
<DammitJim> tomreyn, don't worry about sda... that's the non-raided section (that's why I originally said PVs)
<DammitJim> sdb and sdc is where I need more room
<Ussat> no you dont....the origional disk is in the array right ?
<tomreyn> ok i'll try to ignore sda
<Ussat> just add the space
<DammitJim> no, the original disk is NOT in the array (this is all virtual and I'm about to expand the virtual hard drive by doing an "edit VM")
<Ussat> wait I am confused here.....
<Ussat> ...
<Ussat> editing the VM like that is not reccomended
<Ussat> if its a VM, where is this raid array you speak of ?
<TJ-> DammitJim: so sdb/sdc are virtual disks. It is possible therefore to increase the space allocated to those from the hypervisor and in the guest re-write the partition tables so that sdb1/sdc1 now cover the larger 'disks' using something like "mdadm --grow --size=X ..." and then all you need is a "pvresize /dev/sdb1; pvresize /dev/sdc1"
<DammitJim> TJ-, the problem is that the drives are already 2TB and fdisk doesn't like anything larger than that
<DammitJim> so, I was thinking I'd have to do a new sdb2 and sdc2
<DammitJim> am I wrong?
<TJ-> DammitJim: 'rewrite the partition tables' would require using something like sfdisk (MSDOS label) or sgdisk (GPT label)
<Ussat> dont use fdisk, use SSM
<TJ-> DammitJim: depending on which sector partition #1 starts in sdb/sdc you can convert to GPT easily
<TJ-> DammitJim: I'd guess partition #1 start at sector 2048, in which case a conversion to GPT is entirely possible, since it only needs sectors 1-33 (plus it will but a secondary table at end-of-disk )
<Ussat> http://manpages.ubuntu.com/manpages/xenial/man8/ssm.8.html
<tds> "You can not create or manage MD volumes or pools, but it will be  extended  in the future." sounds like it'll be pretty useless for this situation, for the md resize at least
<tds> personally i'd much rather do it by hand as described by TJ- than having some magic tool do it all anyway
<TJ-> Ussat: does ssm enable taking over an existing config?
<Ussat> yes
<Ussat> Its godlike, have been useing it for a long time
<tomreyn> your god has recently deceased, though, according to packages.ubuntu.com
<tomreyn> https://packages.ubuntu.com/search?keywords=system-storage-manager
<TJ-> looks like there were only 2 releases https://launchpad.net/ubuntu/+source/system-storage-manager
<tomreyn> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849671
<ubottu> Debian bug 849671 in ftp.debian.org "RM: system-storage-manager -- ROM; obsolete, unmaintained" [Normal,Open]
<tomreyn> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845517
<ubottu> Debian bug 845517 in system-storage-manager "system-storage-manager: fails to report listing" [Grave,Fixed]
<DammitJim> what now?
<tomreyn> TJ-'s suggestion of using sfdisk (MSDOS label) or sgdisk (GPT label) seemed reasonable to me.
<DammitJim> sgdisk, got it
<DammitJim> then how do I add the partitions to the array?
<Ussat> https://www.digitalocean.com/community/tutorials/how-to-manage-raid-arrays-with-mdadm-on-ubuntu-16-04
<Ussat> http://www.ducea.com/2009/03/08/mdadm-cheat-sheet/
<Numbers23> Hi all anyone have experience with running Hbase in pseudo distributed mode? I can establish a shell session but when I go to try create a new table I get the error: "ERROR: KeeperErrorCode = NoNode for /hbase/master"
<sarnold> any chance you get a more detailed error message in the hbase logs?
<sarnold> man stackoverflow's a wasteland on this one.. heh
<sarnold> the most useful answer I've found yet is deleted; it involes "start zookeeper, master, regionserver"
<sarnold> Numbers23: aha, there's something here that looks tolerable :) https://hub.packtpub.com/5-mistake-developers-make-when-working-hbase/  "When thezookeeper.znode.parentconfig value on the client side doesnât match the one for your cluster"\
<sarnold> "One possible scenario is that hbase-site.xml is not on the classpath of the client application.The default value for zookeeper.znode.parent doesnât match the actual one for your cluster. When you get hbase-site.xml onto the classpath, the problem should be gone."
<Numbers23> Thanks for your replies sarnold, not sure if this helps "bin/hbase shell
<Numbers23> 2019-08-02 23:05:15,752 WARN  [main] util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
<Numbers23> HBase Shell
<Numbers23> Use "help" to get list of supported commands.
<Numbers23> Use "exit" to quit this interactive shell.
<Numbers23> For Reference, please visit: http://hbase.apache.org/2.0/book.html#shell
<Numbers23> Version 2.2.0, rUnknown, Tue Jun 11 04:30:30 UTC 2019
<Numbers23> Took 0.0143 seconds
<Numbers23> hbase(main):001:0> create 'usertable', 'cf1'
<Numbers23> ERROR: KeeperErrorCode = NoNode for /hbase/master"
<Numbers23> hbase-site.xml is saved under usr/local/hbase/conf
<sarnold> Numbers23: and is it identical for all the servers? is it necessary for the client? if so, does the client have an identical copy too?
<Numbers23> sorry I'm new to all of this not sure I understand your questions. Trying to create a table in Hbase and test its performance through YCSB vs Cassandra's performance
<Numbers23> (it's a college project)
<sarnold> Numbers23: it could be my fault, I'd only read about hbase for a few days a few years ago
<sarnold> Numbers23: how many servers do you have running?
<sarnold> Numbers23: do they all have identical configurations?
<Numbers23> In the /etc/host file do you mean? I have the local host IP and then my Virtual Box IP.
<sarnold> Numbers23: how many hbase servers are you running?
<Numbers23> I'm sorry I don't know how to check that :/
<sarnold> Numbers23: you may need to ask whoever set it up
<Numbers23> Yes more research needed on my part. Thanks for taking the time to answer me though :)
<sarnold> Numbers23: fwiw I really enjoyed the Seven Databases in Seven Weeks book; it's a nice fast introduction to a handful of different databases
<sarnold> Numbers23: it's a coupleyears old at this point, but I expect the hbase introduction on it might be close enough to what you've got now, you could probably be up and running with your own server pretty quick, while you're waiting to hear back from whoever runs yours :)
<Numbers23> haha true that, I appreciate the recommendation. Hopefully I can get through it in 7 days rather than 7 weeks!
<sarnold> hehe yeah, each chapter is designed for three days, but, eh, you know, go at your own pace :)
<Greyztar> hello,im running a cron job every minute,ive turned off logging in cron using the extra opts variable to avoid spam in syslog but im still seeing cron entries in syslog related to pam_unix session opening and closing everytime that cron job is running,can i turn these messages off somehow?
<sarnold> Greyztar: I think you can, but it's a bit off the usual path.. so you might introduce other oddities later
<sarnold> Greyztar: first I have to suggest that you change your application a bit, so you run your thing once, at boot, and then your application sleep for N seconds between executions, or something similar
<sarnold> Greyztar: but if you still want to continue.. try running pam-auth-update and see if it makes it easy for you to remove the *session* component of pam_unix from the cron service. (I'm skeptical, but if it can do it, that'd be best)
<Greyztar> sarnold: ahh ok ill look into that then thanks!
<sarnold> Greyztar: if that doesn't offer it, then you'll have a bit more work on your hands. it's not terrible, but it's not particularly future-proof either
<sarnold> Greyztar: you'd inline everything from /etc/pam.d/common-session into /etc/pam.d/cron and remove the pam_unix *session* portion. just session. only session. :)
<Greyztar> sarnold: interesting ill have to try that out,will have to be tomorrow though its 01:18 here so im off now,thanks for help though and have a good day/night =)
<sarnold> gnight Greyztar, have fun :)
<sarnold> (and yeah, PAM changes at 1am.. risky :)
<Greyztar> cheers (,")
#ubuntu-server 2019-08-03
<Haris> hello all
<Haris> I'm getting error msg on moving a directory. mv this /to/path is giving me ----> mv: inter-device move failed: â141552â to â/nfs-share/app/assets/attachment/1573414â; unable to remove target: Is a directory
<emOne> is ubuntu 18.04 set up for ssh log in
<emOne> ?
<tomreyn> emOne: only if you installed openssh server
<emOne> oh
<tomreyn> both the live-server installer and and alternative server installer (also mini.iso, i think) offer this option during the installation.
<emOne> E: Unable to locate package openssh
<tomreyn> openssh-server
<emOne> thanks tomreyn
<tomreyn> (maybe the (default) live-server installer did not offer installing openssh-server in version 18.04.2 and earlier, though)
<emOne> tomreyn: I am running ubuntu 18.04 through a proxmox VM image
<tomreyn> you're welcome, emOne. now install your ssh authentication (public) keys and disable password based authentication.
<tomreyn> and move ssh to a different port number than 22.
<emOne> going to run a quick update and upgrade first before installing openssh
<emOne> tomreyn: what is a good port?
<emOne> or does one not speak about that in a public IRC forum?
<tds> 22 ;)
<emOne> lol hello tds
<emOne> tds: how do you know I am here!
<emOne>  /nick emTwo
<tds> I just happened to be here anyway :)
 * emOne is emTwo now. I don't know who this em0ne is that you are talking about
<emOne> hehe
<tomreyn> emOne: any other non standard port i'd say.
<tomreyn> 222 2222 22222 or be more creative
<emOne> I guess that is a good enough method to keep automated scans from discovering me
<tomreyn> the idea there is just to not have those keep your ports busy
<tomreyn> err openssh-server
<tomreyn> it's not really a security measure
<emOne> ahh ok
<emOne> nssh-server is already the newest version (1:7.6p1-4ubuntu0.3)
<emOne> I am going to ask tds over at proxmox
<emOne> the openssh server must be running
<emOne> it is asking for my pass afterall
<emOne> tomreyn: thanks for all the help!
<tomreyn> you're welcome
<tomreyn> emOne: password based root login is not a good idea.
<emOne> I am going to change it to public / private key in a minute
<emOne> I am happy I got ubuntu booting through proxmox in the first place
<emOne> tomreyn: btw is it just me or is the debian SSH console prettier?
<emOne> I get colours when I boot into debian
<emOne> no colors in ubuntu ssh
<tomreyn> emOne: those can be enabled.
<tomreyn> https://askubuntu.com/questions/16336/how-to-get-coloured-terminal-over-ssh
<Greyztar> hello,a question,my raid controller refuse to show me serial of disk so i cant identify disk when they go bad,i ended up pulling each hard drive and then mark the missing disk with corresponding mountpoint so when a mountpoint fails i sort of know which disk it is that way also i made a id file for mount point in each hard drive root folder so i can properly remount same hard drives to same mount points as some of my program depends on it,my
<Greyztar> this be done any other way?
<Greyztar> im using my raid controller in jbod mode
<tomreyn> Greyztar: depends on the raid controller. most either allow querying / configuration from the running ubuntu system using vendor specific software and / or provide such information from an OOB / remote management system
<Greyztar> tomreyn: my controller is an ancient lsi controller im using tw-cli to manage it but seems very limited,it shows me model name but no serial,its no good as ive got many disk of same size so cant differentiate if im using my other sata controller i can use smartctl which properly shows the serial so can id the disk that way
<Greyztar> same size and make that is
<tomreyn> Greyztar: if the controller / management software doesn't disclose it then you're out of luck, unless it's maybe presented in the bios.
<tomreyn> like in an option rom
<tomreyn> oh smartctl does show it? ok. then hdparm -I should, too
<Greyztar> tomreyn: thanks for input ill try hdparm aswell =)
<tds> Greyztar: how were you attempting to get smart data out from the controller?
<tds> you may need to poke smartctl with some 3ware-specific arguments iirc
<Greyztar> tds: dang it i didnt think of that! Of course that might work cheers!
<tds> Greyztar: take a look at the -d TYPE... section of the smartctl man page :)
<Greyztar> tds: ill try it tomorrow though im soon signing off thanks for the heads up i used it to pull smart info already but in an automated way to email me and such just didnt think i could just do it manually also on terminal of course
<TJ-> usually the serial number is used by udev to create a /dev/disk/by-id/ symlink
<Greyztar> ohh wait no that was maybe something else hmm ill look into it tomorrow non the less
<Greyztar> TJ-: thanks for that input aswell ill note it all and go at it tomorrow seems weird that the raid controller didnt show it in own software though
<TJ-> Greyztar: so tw-cli /cX show didn't list the serials?
<Greyztar> TJ-: im afraid no just model number :/
<TJ-> Greyztar: was there a "serial" in the header row though?
<Greyztar> TJ-: so frustrating as all searches on internet shows serial in tw-cli interface then again im running ancient hardware maybe i should invest in newer controller,hmm im not sure what mean by header row though theres a model number and some other number after but i couldnt correlate it to the serial number on the disk tohugh
<Greyztar> TJ-: im fairly certain its nothing to do with serial number as its same number on many disk of same size and make
<TJ-> Greyztar: "/cX show" or "/cX show drivestatus" outputs a table with a header-row, e.g. "Port   Status           Unit   Size        Blocks        Serial"
<TJ-> Greyztar: I'm wondering if the tooling you have is an older version that doesn't report Serial, or if you get that but only see the drive model listed there
<Greyztar> TJ-: yeah i think that might be it also,theres no serial head row only model i can see
<TJ-> Greyztar: there are some interesting observations in this https://serverfault.com/questions/683464/get-disk-serial-number-by-smartctl-under-raid0-of-lsi
<TJ-> Greyztar: is this a SAS controller? If so, sas2ircu should work
<Greyztar> TJ-: interesting that article indeed,i think its a sas controller yes im a little tired so ill have to end here ,ill report back tomorrow if i got it working again thanks for helping
<tds> if you're using tw_cli, I think you'll end up wanting -d 3ware,x rather than -d sat+megaraid,x, but give it a poke and find out :)
<malina>  after months and months of a passthrough win kvm/qemu, an update? (didn't reboot for a week), now stops gpu(nv) to bepicked up by vfio, unlike before. I added softdep nv/nouv* to ...-load.d/vfio.conf or ratrrher in modprobe.d , and it is agaain caught. However, now when I start the vm, which 'starts' the screen is blank and possibly the passed through controller with trhe hids (kb/m), doesn't seem necessarily to switch over (not sure due to
<malina>  scree nbeing all blank). recent qemu updates? apparmour? libvirt? something something? where could I find maintainers of these packages?
<malina> [01:34:27] <malina> has passthrough issues soared slightly in past week or so when I didn't reeboot.. or maybe fortnight? :)
<malina> wondering if people using server for kvm/qemu  machines with windows might have noticed issues with the vfio after an update of say libvirtd/qemu/apparmour/kernel/initrd or similar in past fortnight or so.
<compdoc> windows is hosting?
<malina> no , of course not
<malina> ubuntu
<malina> windows is a guest machine to do sketchup, archicad , things like this
<malina> any any other programs in need for gpu, the odd game, and any old fashioned progs etc :)
<malina> I had for many months, in modprobe.d : blacklist nouveau and similar
<compdoc> oh, youre using passthru
<malina> and now I noticed yesterday, that when the card wasn't grabbed it was loaded with nouveau, etc.. so I don't think they
<malina> yes
<compdoc> I have windows server and win10 running, but use all virtual devices
<malina> for a short year o r whatever, and some updates (I htink once before) made some changes so I had to fix, but didn't take too long, but right now, I get aagain an issue and notice withoout any change in configurations, that during boot it would ignore the blacklist and still bind to nouveau.. making me feel4 it was almost like a compiled kernel module.
<compdoc> and no virtio
<malina> you mean you pass the devices trhough or?
<malina> I use a  mix of passthrough and virtio for devices
<malina> the windows runs on a nvme
<malina> as windows is such a horrible OS for anything computational, I give it as fast stuff as it can have just to make sure it can do simple things.
#ubuntu-server 2019-08-04
<malina> but anyway, ye looking at the update list, it seems qemu was updated not so long ago but didn't find stale/new ocnfig files which needed merging or anytbing so I don't know .
<compdoc> I think in windows the only driver I add is the mem balloon. nics are e1000, and disks are ide or sata. otherwise not stable
<malina> really?
<malina> I use virtio for the disks and am pretty sure they are way better.
<malina> oh wait, if you use windows as server, then
<compdoc> I found virtio nics in a business environment to be a bad choice
<malina> how is this on topic?
<compdoc> in the past I have searched and installed the scsi card driver that windows sees. but its a pain to track down
<compdoc> no, ubuntu server
<malina> well, I played a bit with iscsi on a test server but felt complexity would mean time lost thus money, in 'business environments' but ye..
<malina> OH i see
<malina> you use a windows server AND a win10 machine as guests
<compdoc> actually, ubuntu Mate thats used as servers. i like to remote desktop using x2go
<malina> I get you, I thought you said you ran a windows machine on a windows server.
<compdoc> no, I was talking about windows guests. and nix guests too. I avoid virtio
<malina> ye, ok.. but I am here to find something on an issue with the vfio logic and libvirtd, not chit chat about our machines. sorry. I have no issues running passing through nvme nor runing it on virtio or the other disks, and sure, a very old sindle and/or full will suffer under virtualisation (be it virtio or elsewise), but else, I get near native performance with virtio, whic is _good enough_ for my simple worksttion windows machine.
<malina> anyway, if no one has had similar issues lately of vfio card not binding suddenly and/or usb passthrough being potentially an issue, I will move on.
<emOne> hmm I disabled password authentication in SSH, but password authentication still appears when I ssh into the box
<tomreyn> did you restart the ssh server?
<emOne> tomreyn: no but I restarted the whole OS
<emOne> restarting just the ssh server doesn't help either
<tomreyn> restarting sshd does apply configuration changes to sshd_config, yes
<tomreyn> what's the prompt you get when you connect?
<emOne> password:
<tomreyn> and your client is?
<tomreyn> putty, i guess?
<emOne> mac os terminal
<emOne> bash or whatever it uses
<emOne> tomreyn: it works fine if I connect to root@IP
<emOne> but if I connect to just the IP or other made up users it shows me the password prompt
<tomreyn> how do you connect to root@IP then?
<emOne> ssh root@my.ip
<tomreyn> not connect, authenticate, i mean
<emOne> public key
<emOne> secured by a password
<tomreyn> okay, so there's no issue there
<emOne> but to be honest I never had this issue before on ubuntu 18.02
<emOne> 04
<emOne> I think it might have something to do that I am running it through a virtual container
<tomreyn> it's normal for ssh clients to fall back to password authentication since the server wont tell the client which ones are available
<emOne> fair enough
<emOne> tomreyn: I don't want attackers to even try guessing passwords
<emOne> or is that a client only thing
<tomreyn> if your server is configured not to accept password authentication then clients can try as much to do as they want but wont succeed
<emOne> awesome :)
<tomreyn> the server must not enable the client to guess whic authentication methods are enabled, so it keeps pretending that password authentication was available.
<emOne> tomreyn: I think it might have something to do with the fact I am running ubuntu through a virtual proxmox container
<tomreyn> what is "it"?
<emOne> the clown
<emOne> ;)
<emOne> pennywise
<emOne> or, the password prompt
<emOne> you choose
<tds> tomreyn: why wouldn't the server indicate which methods are available though?
<tds> that's certainly the behaviour I see on my machines with password auth disabled
 * emOne waves at tds
<emOne> I think "it" got him lol
<tds> emOne - what did you change in your sshd config exactly?
<emOne> passwordauthentication no
<emOne> PermitRootLogin yes
<emOne> UsePAM yes
<emOne> X11Forwarding yes
<emOne> the last two I didn't change. They are commente out though.
<tds> I can't remember if those are case sensitive, but I suspect you wanted PasswordAuthentication?
<mybalzitch> I forgot I'd turned off password based authentication entirely on my big server, until I tried to log in from my new desktop
<mybalzitch> had to go digging for my pubkey
<emOne> sorry. I typed it out in IRC.. yes it is PasswordAuthentication in the config file
<emOne> mybalzitch: that is always fun
<emOne> tds: I just removed my ssh key
<emOne> tds: the password prompt showed up and it let me enter my root password without the key ...
<emOne> it let me log in
<emOne> I think I may have put the public key in the wrong directory or something
<emOne> I removed the ssh key from my client machine
<tomreyn> tds: hmm, yes, you're right, the server actually does tell the client which authentication methods are supported. sorry, i got this wrong.
<tomreyn> emOne: ^
<emOne> tomreyn: yes something else is wrong
<emOne> firstly and strangely the folder ~/.ssh didn't exist on the ubuntu OS
<emOne> I created it myself
<emOne> also I found out that if I remove my key pair from my local/laptop machine , I am still prompted with a password box
<emOne> when I type my root password in, it just lets me log on
<emOne> so something is obviously not ight
<emOne> I fixed the issue... there was a mistake in sshd config
<lotuspsychje> !netplan
<ubottu> Netplan is a network configuration abstraction renderer which uses YAML descriptions of a network to work with either a NetworkManager or Systemd-networkd "renderer". More information at https://netplan.io/
<circ-user-dFjby> https://paste.ubuntu.com/p/ky3NHkkQFR/
<circ-user-dFjby> Need a bit of help with netplan,
<circ-user-dFjby> I am wanting to configure a bridge0 and eth0 (enp2s0) to get a DHCP address from the router.
<circ-user-dFjby> the br0 is going to be used for libvirt.
<circ-user-dFjby> But eh, I want the enp2s0 to have it's normal eth0 address based on it's mac, as it used to be with the old /etc/network/interfaces configuration I had on the older version of the server.
<lotuspsychje> circ-user-dFjby: im not the netplan expert myself, but i think you need to add your routes in the yaml file
<circ-user-dFjby> Hi, I am trying to achieve something else.
<circ-user-dFjby> I want the br0 to be 10.15.1.100 (static) and the libvirt to get a DHCP address from the router.
<circ-user-dFjby> so any interface screated by the libvirt.
<TJ-> circ-user-dFjby: your requirement doesn't make sense
<TJ-> circ-user-dFjby: you want enp2s0 to be a slave port of br0 ? but you also want it to have its own IP address and therefore be routable ?
<Greyztar> TJ-: evening, i went to broadcom and downloaded latest 3dm2 cli/tw-cli still no serial,however i totally forgot to i could use the -d switch with smartctl as tds mentioned earlier (was a little late for me so head wasent working properly) with 3ware,x /dev/twx to also query for info not only do smart test and that got me the serial number hooray! Thanks for help tds also (,")
<TJ-> Greyztar: good to hear you found it!
<Greyztar> did find it little bit odd though that lsi own software couldnt display it,but then again smartmontools is some awesome piece of software hehe
<tds> Greyztar: ah, that's good to hear! and that sounds about right for raid controller software ;)
<weedmic> i'm trying to limit java's time with the cpu, I did "nice -10 java" and "nice -10 /usr/bin/java" both just bring up a parms list.  what am i doing wrong?
<weedmic> nvm i c from htop that the troublemakers are already set to 20
<Rojola1> hi
<Rojola1> according to the manpages, and also according to many tutorials out there, the .local files should override the .config  files
<Rojola1> ^ I'm talking about "fail2ban"
<Rojola1> but fail2ban ignores the .local file
<Rojola1> it takes all the config from:
<Rojola1> /etc/fail2ban/jail.conf
<Rojola1> /etc/fail2ban/jail.local  is being ignored
#ubuntu-server 2020-07-27
<jamespage> icey: I've MIR reviewed all of the octavia packages (and associated depends).  Majority need security review as well (assigned to security team) and there are a couple of non-blocking recommendations as well
<icey> cool - how would you feel reviewing the sqlalchemy-utils one?
<icey> :-D
<icey> oh jamespage - looks like you also did that already, thanks :)
<jamespage> I did
<skylite> I just checked my mysql status with systemctl and I see: Status: "InnoDB: Error: Database page corruption on disk or a failed file read of tablespace..." I wonder if anyone has a tool that sends email alerts when something like this occurs?
<skylite> are there any good tools for that?
<RoyK> skylite: I use zabbix for that sort of things, but I would guess systemd has some setting for it somewhere?
<skylite> RoyK: Im looking into it in #systemd it's not that easy by default
<skylite> but thanks
<RoyK> skylite:  OnFailure=notify-failed@%n
<RoyK> not that?
<RoyK> https://serverfault.com/questions/694818/get-notification-when-systemd-monitored-service-enters-failed-state/701100
<skylite> no this is only for notifying if the service is down
<skylite> for example my mysql is not down I just have a corrupted table for instance
<skylite> I would see that in the StatusText
<RoyK> I see
<RoyK> well, I would just write a zabbix check for that if there isn't anything available already, but then, you'll need to setup zabbix first which my be a bit overkill for monitoring a single machine
<skylite> I'm using datadog I'll check if they have a solution for this one
<skylite> I already have a command that gives me the last StatusText back for a service
<skylite> If nothing I'll write a shell script that alerts me on change
<RoyK> should work
<RoyK> or just pipe it though sed or awk or perl or python or something to look for bad signs
<RoyK> skylite: something like this: if $(systemctl status mysql | grep -i error > /dev/null 2>&1 ) ; then echo No error ; else echo FAIL! ; fi
<skylite> sure but I'm thinking I want to somehow save the last status and alert if it changes
<skylite> I feel like I need to know everything for now :D
<RoyK> skylite: you may be able to get some ideas from this https://share.zabbix.com/operating-systems/systemd-service-monitoring
<RoyK> it's way broader, though, but possibly worth a look
<RoyK> skylite: erm - sorry - forget about that - it just shows status, not details
<RoyK> it'd be nice i systemctl could output its status in some parsable format like json or something
<skylite> I bet it can
<RoyK> couldn't find anything in the manual
<skylite> busctl get-property org.freedesktop.systemd1 /org/freedesktop/systemd1/unit/mysqld_2eservice org.freedesktop.systemd1.Service StatusText
<skylite> this gives me back only the StatusText string
<skylite> for mysql
<RoyK> should be ok to script then
#ubuntu-server 2020-07-28
<Intelo> 2 users using the same pc at the same time, with same gpu, 2 sets of monitor, keyboard
<Intelo> any options?
<RoyK> hmâ¦ vmware has vGPU - i read kvm has something too
<superboot> Hi all. After a reboot with my mdadm/LVM/btrfs system, I get: mount: mounting /dev/mapper/osrootVG-root on /root failed: No such file or directory.    After which I get dropped to an initramfs shell, where I can mount the device through /dev/osrootVG/root, which is just a symlink to /dev/dm-1 just like /dev/mapper/osrootVG-root is. Any hints?
<superboot> Also, why is this a problem, the initramfs is stored on that device, so it already found it, and mounted it... I don't get it. What am I missing?
<superboot> fixed it. Just a stupid stupid mistake. . .
<cpaelzer_> Intelo:  this lists some of the options to split cards https://cpaelzer.github.io/blogs/006-mediated-device-to-pass-parts-of-your-gpu-to-a-guest/ - you might pick and experiment with one of them
<cpaelzer_> Intelo: but also it depends a lot on the level of isolation you really need/want - maybe something like https://wiki.ubuntu.com/Multiseat (if that still is a thing these days) would work better for you?
<cpaelzer_> or https://askubuntu.com/questions/1054541/multiseat-on-ubuntu-18-04 - but it seems most use multiple GPUs to achieve that
<cpaelzer_> so you might be back to splitting the GPU some way as suggested at first
<Intelo> cpaelzer_: multiseat needs separate gpu heads. I only have one
<RoyK> Intelo: looks like there's vGPU support in KVM for nVidia https://docs.nvidia.com/grid/10.0/grid-vgpu-release-notes-generic-linux-kvm/index.html
<Intelo> hm RoyK
<Intelo> RoyK: virtualbox?
<RoyK> I was talking about KVM, not vbox
<kinghat> i transplanted by janky server into a proper case and when i booted it up i saw "Failed to start Import ZFS pools by cache file. See 'systemctl status zfs-import-cache.service' for details" and this is what it gives me: https://paste.debian.net/hidden/502e5056/
<sarnold> kinghat: what does zpool import report?
<kinghat> pretty sure the two drives in the mirror pool are plugged into the same ports but i did add a couple other drives to the machine
<kinghat> sarnold: https://paste.debian.net/hidden/e3d0417b/
<sarnold> kinghat: zpool import data should bring it onlnie
<kinghat> persistently?
<sarnold> I think that ought to update the cache for the next reboot, but I've never been very clear on the cache
<kinghat> $ sudo zpool import data
<kinghat> cannot mount '/mnt/data': directory is not empty
<sarnold> argh :/ that bit me too; I once was unable to import at boot for something, and then *other* stuff started creating contents in the mountpoints..
<kinghat> i did try and check the mount after it happened and was kind of odd that there were a couple dirs in the mount dir.
<sarnold> fix the /mnt/data problem -- either delete things, or move them aside for adding to the pool, etc
<kinghat> so i think one dir is in there creating data because i have a container volume in the pool but the other im not sure about.
<kinghat> oh. ya i know why. its two containers putting data there
<kinghat> hmm so bring down the containers, rm -rf the dirs inside of /mnt/data/ and then try to bring the pool back online?
<kinghat> and then the containers, ofc.
<kinghat> $ sudo zpool import data
<kinghat> cannot import 'data': a pool with that name already exists
<kinghat> use the form 'zpool import <pool | id> <newpool>' to give it a new name
<sarnold> does zpool status agree?
<kinghat> https://paste.debian.net/hidden/5bad3e16/
<sarnold> yay
<kinghat> theres nothing in the mount though?
<kinghat> the /mnt/data dir is empty
<sarnold> check zfs list
<kinghat> $ zfs list
<kinghat> NAME   USED  AVAIL  REFER  MOUNTPOINT
<kinghat> data   881G  17.7G   881G  /mnt/data
<kinghat> ya its an almost full data set
<kinghat> pool or whatever
<kinghat> can it be "remounted" or something?
<sarnold> whaaaat
<sarnold> what does /proc/mounts report?
<sarnold> how about /proc/mounts from a different shell spawned via a different mechanism?
<kinghat> is /proc/mounts a command?
<sarnold> no, it's a file showing the mounts in the current process's namespace
<kinghat> this is from a new shell: https://paste.debian.net/hidden/2a3456ff/
<kinghat> $ ll /proc/mounts
<kinghat> lrwxrwxrwx 1 root root 11 Jul 28 20:18 /proc/mounts -> self/mounts
<sarnold> and what's in /proc/mounts?
<kinghat> https://paste.debian.net/hidden/8036bbf1/
<sarnold> *very* curious, not a single mention of zfs anywhere
<kinghat> ð¬
<sarnold> how about: zfs list -ocanmount,mounted,mountpoint,name
<kinghat> $ zfs list -ocanmount,mounted,mountpoint,name
<kinghat> CANMOUNT  MOUNTED  MOUNTPOINT  NAME
<kinghat>       on       no  /mnt/data   data
<sarnold> lolol I am so confused. *why* zfs *why*
<sarnold> zfs mount -a  ?
<kinghat> boom
<kinghat> $ zfs list -ocanmount,mounted,mountpoint,name
<kinghat> CANMOUNT  MOUNTED  MOUNTPOINT  NAME
<kinghat>       on      yes  /mnt/data   data
<kinghat> actual data le mounted
<kinghat> so it should be persistent across reboots/shutdowns now? like the cache got cleared or something?
<sarnold> I sure hope so :)
<kinghat> ok going to give it a go.
<kinghat> im not sure what changed to make it freak out? maybe drive mount point?
<kinghat> looks like it made it!
<kinghat> thanks for being a G, sarnold ð
<sarnold> kinghat: the usual problem is stuff in the mountpoint, but once you got past that I'm surprised you still had problems :/
<sarnold> kinghat: I hope thta's it though :)
<kinghat> sarnold: so i had to remove the power to the server to move it to a temp location and on booting it again i got the same import cache error
<sarnold> :(
<kinghat> this time there wasnt any data created in the mount point though
<kinghat> yikes. no datasets this time
<sarnold> does 'zpool import' show the pool? zpool status show it imported or not?
<kinghat> whoops i just imported 'data' vs just zpool import
<kinghat> $ zfs list
<kinghat> NAME   USED  AVAIL  REFER  MOUNTPOINT
<kinghat> data   881G  17.7G   881G  /mnt/data
<kinghat> $ zfs list -ocanmount,mounted,mountpoint,name
<kinghat> CANMOUNT  MOUNTED  MOUNTPOINT  NAME
<kinghat>       on      yes  /mnt/data   data
<kinghat> survived a reboot again. i have to go to the server again so ill shut it down, without remove the power cord, and see if it does it with regular shutdowns.
<kinghat> maybe it does it when it loses actual power?
<kinghat> though i wouldnt have a clue why that would matter ð¤·ââï¸
<sarnold> kinghat: you might want to do a zpool import -d /dev/disk/by-id/ or similar, so that the pool ought to use long names rather than shortnames
<kinghat> $ sudo zpool list
<kinghat> NAME   SIZE  ALLOC   FREE  EXPANDSZ   FRAG    CAP  DEDUP  HEALTH  ALTROOT
<kinghat> data   928G   881G  46.7G         -    13%    94%  1.00x  ONLINE  -
<kinghat> you mean so it doesnt use "data"?
#ubuntu-server 2020-07-29
<sarnold> no, so it doesn't use /dev/sdc etc
<sarnold> those names aren't persistant
<sarnold> they can change across reboots
<kinghat> that must be its default, correct?
<sarnold> there is no default -- zfs uses whatever names you used in the zfs create command
<sarnold> if you used the short names, that's what it'll use
<sarnold> and if they change, you'll have a Bad Time
<kinghat> ya that must be whats going on because i added drives to the system. i just figured it would find its zfs drives and do its thing ð¤·ââï¸ or at least find the drives and use the new device names, if that is the situation.
<sarnold> because systems may have several thousand drives, it's not the default behaviour to go looking for drives, that'd take forever
<sarnold> that's the reason for the cache file..
<sarnold> but if it's busted, it'd be nice if it tried to help out a bit, heh
<kinghat> sarnold: you still around?
<kinghat> i exported the pool and did zpool import -d /dev/disk/by-id -a. seems to have worked. thanks again!
<cpaelzer_> Intelo: even i915 has working vGPU support (less powerful as a GPU, but more compatible and easy to use actually), I tried it on my Laptop once
<icey> jamespage: could you take a look at https://code.launchpad.net/~chris.macnaughton/ubuntu/+source/openvswitch/+git/openvswitch/+merge/387852 ?
<Peanut> auxin: #zfsonlinux may be a more useful venue for you to get help with recovering your data.
<sarnold> kinghat: is everything all sorted out with your pool? :)
<kinghat> sarnold: it seems to be but i havent pulled the power and all that to really test it. i will in an hour or so.
<sarnold> kinghat: heh, yeah, I know the reluctance to actually *test* those kinds of things..
<|\n> hello, since 20.04 i need some `ebtables -t broute` equivalent, is there any?
<sarnold> |\n: what happens when you use it? it's still documented in the ebtables manpage on my 20.04 laptop anyway
<|\n> sarnold, in my case it drops certain frames from certain interface
<|\n> well it was doing so at 18.04
<|\n> it was pretty sweet and cozy to look into if_ether.h and drop something heh
<sdeziel> is there a way to prevent a package upgrade from running the .postinst script?
<|\n> exclude it from package / repackage maybe
<sarnold> sdeziel: unpackage it by hand?
<|\n> though doesn't sound like a good idea
<sdeziel> sarnold: it's what https://askubuntu.com/questions/482928/ignore-apt-get-postinstall-scripts-automatically suggests too :(
<sdeziel> not what I was looking for but thanks anyway ;)
<sarnold> sdeziel: maybe try the touch postinst thing, then set immutable?
<sarnold> sdeziel: probaby dpkg will blow up and leave you with a big mess. but maybe it will ignore errors?
<sdeziel> sarnold: that's what I tried at first but I'm in a container where the underlying FS doesn't let me
<sarnold> sdeziel: if the package in question shld do different things in a container, that's probably worth a bug report
<sdeziel> in lxd containers backed by btrfs or zfs, I get a permission denied on the chattr +i
<sarnold> yeah, that part makes sense
<sdeziel> yeah, I'll probably end up reporting this as a bug but it's not because it's in a container
<sdeziel> it's too hard to run MySQL read-only replicas on Ubuntu IMHO
<sarnold> ugh yes, that's gonna be annoying
<sarnold> that script deserves a MYSQL_DO_NOTHING
<sdeziel> I'd like the postinst to not explode when in read_only and/or super_read_only mode
<sdeziel> sweet, the bug affects MySQL 5.7 only :)
<sdeziel> closing the loop: LP: #1889472
<ubottu> Launchpad bug 1889472 in mysql-5.7 (Ubuntu) "mysql-server-5.7 postinst fails when in read-only mode" [Undecided,New] https://launchpad.net/bugs/1889472
<sarnold> sdeziel: beautiful
<kinghat> sarnold: looks like it survived the test
<sarnold> kinghat: woot!
<kinghat> thanks for checking back ð
<boxrick> Howdy. I am currently attempting to install Ubuntu 20.04 on a USB Stick in a HP server, it works until it gets to 'Installing Kernel ' and just sits forever at 'Unpacking linux-firmware'. Any ideas on what may be going wrong?
#ubuntu-server 2020-07-30
<disposable2> in 20.04, am i supposed to start using nftables instead of iptables? i am pretty sure libvirt relies on iptables.
<disposable2> for context - i would like to switch to nftables. just asking if virtualisation is ready for it.
<cpaelzer> disposable2: libvirt still depends on iptables
<cpaelzer> disposable2: the last bigger eval I've seen was around libvirt 5.1 (about a1.5y ago) and there nftables didn't support all features needed yet
<cpaelzer> but iptables is done using nftables these days (yeah - complexity) so since this v5.1 libvirt can deal with that
<cpaelzer> disposable2: thre are a few words about is in https://www.libvirt.org/news.html
<cpaelzer> but this particular change was mostly for firewalld+nftables of which the former isn't enabled anyway
<disposable2> apart from libvirt, is there any other significant software in 20.04 that hasn't made a full transition to nftables? (i know lxd4.0 is fine with nftables)
<disposable2> cpaelzer: thank you for the detailed answer
<cpaelzer> disposable2: reverse-depends --release=focal src:iptables is still rather long, but I'm unsure to what extend those might be iptabels|nftables kind of dependencies without looking further
<cpaelzer> disposable2: looking through the list ufw, firewalld and docker.io to name a few
<cpaelzer> interestingly systemd also depends on libip4tc2 which is part of iptables as well - not sure what it is used for thou
<disposable2> cpaelzer: this is weird, firewalld is supposed to be able to use nft since version 0.6.0. but thank you. this reverse-depends is a truly magical command
<disposable2> i would've normally used aptitude for that
<cpaelzer> "aptitude why" can help why hings are on a local system, but I like the above for a global overview
<danshearer> There was a grub bug introduced in a security update yesterday, or thereabouts
<danshearer> I looked through the irc logs for #ubuntu-server, #ubuntu-devel and others and didn't see reference to it
<danshearer> I expect the right people are on to it, but here is a report
<danshearer>  https://askubuntu.com/questions/1263125/how-to-fix-a-grub-boot-error-symbol-grub-calloc-not-found
<danshearer> It probably affects all ubuntu and ubuntu spins; certainly server, desktop and mint.
<cpaelzer> danshearer: that is at https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1889509
<cpaelzer> and yes people are on it
<ubottu> Launchpad bug 1889509 in grub2 (Ubuntu) "grub boot error : "symbol 'grub_calloc' not found" [Undecided,Confirmed]
<oerheks> cpaelzer, actually i expected the message to reboot after the grub2 update, good thing i have not rebooted yet.
<rcj> xnox: I have a question on your grub MP because I'm not familiar with the install_devices_empty case where we still break
<rcj> https://code.launchpad.net/~xnox/grub/+git/grub/+merge/388383
<xnox> rcj:  install_devices_empty should never be reached, as it cc_groub_dpkg always sets a value.
<xnox> rcj:  install_devices_empty means "i chose not have package installed, but not actually install grub anywhere" which is fine non-interactively.
<xnox> bah
<xnox> rcj:  install_devices_empty means "i chose _to_ have package installed, but not actually install grub anywhere" which is fine non-interactively.
<xnox> because i want to have grub-install available to "rescue" other drives for example.
<xnox> rcj:  which ami did you boot on xenial to test this? i will have xenial built with that patch soon, and we can test things.
<rcj> xnox: thanks for the explanation for the patch.  I booted Xenial in AWS (us-west-2 ami-060d1be0dd4526759 built on 20200611)
<rcj> and I booted an m5.large or m5a.large instance so I have an nvme root
<xnox> ack
<aloini> I have been having some rather unfortunate issues with NFS crashing or hanging at the Kernel level, and am not sure how to further debug if: https://paste.ubuntu.com/p/3QXRD7DDNF/ - Would anyone be able to provide further support?
<aloini> Well, that was unexpected...
<aloini> So just to re-ask... I have been having some rather unfortunate issues with NFS crashing or hanging at the Kernel level, and am not sure how to further debug if: https://paste.ubuntu.com/p/3QXRD7DDNF/ - Would anyone be able to provide further support?
<RoyK> I just wonder which module is tainted here
<RoyK> https://www.kernel.org/doc/html/latest/admin-guide/tainted-kernels.html
<RoyK> the kernel or some module is non-gpl
<aloini> Well, I am running ZFS and that is predominantly where the NFS shares are being used.
<aloini> So that is likely a cause
<RoyK> probably
<RoyK> but that hang isn't from ZFS as far as I can see
<RoyK> whih kernel/distro is this?
<aloini> Ubuntu 20.04,  5.4.0-42-generic
<matthias_arch> Hello, I hope this channel can answer my DPDK question. I want to attach a dpdk pdump process to my running dpdk application, however I get the following error: EAL: Cannot initialize tailq: RTE_FIB (full error: https://bpa.st/DKYQ) I'm calling rte_pdump_init() after rte_eal_init() as done in the testpmd app. I get the same error when modifying the
<matthias_arch> l2fwd example for pdump.
<aloini> I am using a FUSE filesystem shared out via NFS as well, that could be it? But afaik FUSE is a part of the kernel now, and isn't non-standard.
<sarnold> aloini: oh that feels pretty plausible to me
<sarnold> that'd be worth testing separately from zfs if you cant
<sarnold> s/t$//
<aloini> I can easily stop sharing the zfs nfs exports. Nothing should be using them, they were mainly backups in case something else wasn't working.
<aloini> Problem is that it happens randomly, usually after 24 hours.
<aloini> You asked for the full trace RoyK: https://paste.ubuntu.com/p/RY6RDM2gH3/
<RoyK> aloini: no idea, but it looks like it's related to unicode or something
<RoyK> aloini: erm - is this zfs-fuse?
<aloini> No
<aloini> rclone/mergerfs FUSE
<EmberCrest> Hey all! I have an HP ProLiant G7. It's connected to the net via Ethernet Port 1.
<EmberCrest> However, I can't connect to this machine (nor from it) until I run this command:
<EmberCrest> sudo dhclient -r eno0; sudo dhclient eno0
<EmberCrest> Not sure why the DHCP client isn't loading. but is there any log, or configuration that I should check as to why my connection isn't working after every startup?
<EmberCrest> (Not sure that it isn't loading/starting, but that's my best guess based on the solution)
<tomreyn> EmberCrest: you didn't state which ubuntu release you're running, but all the supported ones other than 16.04 have journalctl -b
<tomreyn> on xenial (16.04) you'd look at syslog instead
<tomreyn> where configurations ar likle ystored also depends on your ubuntu release
<mwhudson> tomreyn: xenial was the first lts with system fwiw
<mwhudson> +d
<tomreyn> mwhudson: oh right, just not persistent journal, but journal
<mwhudson> ah yes
<tomreyn> shoudn't matter here, though
#ubuntu-server 2020-07-31
<Ussat> So, I know this is Ubuntu Server, but just a FYI, if anyone has RHEL / Centos Servers, DONT PATCH NOW:  https://pastebin.com/uGgCmVsQ
<tomreyn> Ussat: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1889509
<ubottu> Launchpad bug 1889509 in grub2 (Ubuntu) "grub boot error : "symbol 'grub_calloc' not found" [High,Confirmed]
<Ussat> NIce
<Ussat> Ya I have put off all patching untill confirmed fixes
<Amadex> Hellou :D
<rangergord> Ussat, if that package had been a snap, it would have auto-updated and you'd be screwed
<rangergord> stuff like this is a great example were complaining about inability to disable automatic updates of snaps
<rangergord> frankly it's almost insulting for Canonical to insist on this
<oerheks> one can schedule snap updates.
<rangergord> you mean defer for a short period of time
<rangergord> can I tell it "don't update this package unless I tell you to?" No.
<rangergord> to me, a snap == rolling distro. LTS stops having any meaning.
<oerheks> yes; refresh.hold: delays the next refresh until the defined time and date
<rangergord> can I set that date to 2030? When I followed the discussion on launchpad, the dev insisted it's their philosophy not to let you defer by more than a couple of weeks.
<oerheks> seems like you are just parrotting
<rangergord> I'm parroting the Canonical dev working on snapd
<rangergord> (one of them)
<DammitJim> since what LTS version did we make apt the standard instead of apt-get or do I have that backwards?
<sarnold> apt is the new front-end
<oerheks> both are valid.
<DammitJim> sarnold, since when? I'm trying to come up with standards at my office as to what we should use but I also don't want people to get confused
<DammitJim> we still have Ubuntu 16 servers
<oerheks> apt is just superiour.
<DammitJim> what I'm starting to run into is apt is more robust and has more options
<sarnold> DammitJim: apt is better for interactive use; apt-get is better for scripted ues
<DammitJim> is apt-get looked down upon?
<DammitJim> our scripts all use apt-get
<sarnold> DammitJim: apt upgrade is far safer than apt-get dist-upgrade, and handles more conditions than apt-get upgrade
<oerheks> The reality is that the first stable version of apt was released in the year 2014 but people started noticing it in 2016 with the release of Ubuntu 16.04
<DammitJim> and that was one of the things I was going to ask my team to start changing
<oerheks> https://itsfoss.com/apt-vs-apt-get-difference/
<DammitJim> so, if I said.. hey guys, from now on (now that we finally put to sleep the last Ubuntu 14 server) we are using apt instead of apt-get, I won't run into any inconsistencies, right?
<oerheks> nope, you are fine.
<oerheks> when some dependensie issue pop up, apt install -f
<DammitJim> why did you feel you needed to make that last comment about apt install -f?
<oerheks> see apt vs apt-get, apt-get does not solve those issues on that level
<DammitJim> what? apt-get still has a lot more functionalities to offer than apt? (per the link)
<DammitJim> hhhmmmm... maybe I should stick with apt-get and not complicate things
<oerheks> no, but an interesting conclusion
<oerheks> you have no need to edit your scripts now, indeed
<DammitJim> ok, thanks!
<sdeziel> sarnold: the link from oerheks says that 'apt-get dist-upgrade' is replaced by 'apt full-upgrade'. Being an all time user of apt-get dist-upgrade, I'd like to know which replacement is better and for what reasons ;)
<sarnold> sdeziel: hah, good question. I'm sure someone here's told me once before what full-upgrade does that's better than dist-upgrade but I've forgotten :(
<sdeziel> dang... it's OK
<sdeziel> thx
<Ussat> rangergord, re: snaps, I rip them totally out of all my installs
<oerheks> without snapd, no livepatch for you.
<Aison0> Why is isc-dhcp-server accessing the ldap server? I have many of those messages: audit: type=1400 audit(1596185703.828:9389): apparmor="DENIED" operation="connect" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/dhcpd" name="run/slapd-inetserv.socket" pid=97436 comm="isc-worker0000" requested_mask="wr" denied_mask="wr" fsuid=110 ouid=0
<sarnold> Aison0: wild guess, is your nsswitch configured to do lookups for something through ldap?
<sdeziel> Aison0: is this when dhcpd starts up?
<Aison0> Aison0, yes
<Aison0> I'm using nssswitch to lookup ldap user/groups
<Aison0> sdeziel, no, it happens regularly. dmesg is completele spamed with the message above
<sdeziel> Aison0: hmm, I'd probably strace dhcpd's PID around the time those audit messages/Apparmor failures get logged
<sdeziel> I can't think of anything obvious that would explain why dhcpd would do LDAP lookups
<sdeziel> Aison0: maybe pastebin your nssswitch.conf?
<Aison0> https://paste.ubuntu.com/p/CTBgmGF5tR/
<sdeziel> hosts:          files dns ldap
<sdeziel> that's possibly why it's trying to reach out to LDAP
<sdeziel> potentially trying to do a reverse DNS lookup or something
<Aison0> hmm
<sdeziel> or potentially trying to resolve forward DNS from the config?
<sdeziel> strac'ing should tell you
<Aison0> damn connection...
<sarnold> Aison0: the last we saw was: < Aison0> hmm  and you might have missed: < sdeziel> or potentially trying to resolve forward DNS from the config?  < sdeziel> strac'ing should tell you
<Aison0> thx
<Aison0> I disabled ldap for hosts
<Aison0> maybe that's it
<sarnold> any success?
<sdeziel> could also be used for the networks and aliases lookup. I honestly don't know what those are :/
#ubuntu-server 2020-08-02
<GameBoyMcBomb> Hi. I am trying to netboot Ubuntu Server 20.04 on bare-metal server hardware. I followed this guide: https://discourse.ubuntu.com/t/netbooting-the-live-server-installer/14510/5  . It will boot into (initramfs), but then fails when trying to download the iso which I am serving locally on the computer that is running dnsmasq. So I then have to re-raise the network connection with ip command, and I manually
<GameBoyMcBomb> run wget to fetch the iso. Now what? How do I start the installer from where I am at? I mounted the iso, but don't know what to do next.
<geosmile> anyone knows how to solve this - relay=ASPMX2.GOOGLEMAIL.com[2605:f8b0:400c:c12::1a]:25, delay=0.28, delays=0.02/0.01/0.11/0.14, dsn=5.7.1, status=bounced (host ASPMX2.GOOGLEMAIL.com[2605:f8b0:400c:c12::1a] said: 550-5.7.1 [2605:3c02::f03c:91ff:fef1:5b4e] Our system has detected that this 550-5.7.1 message does not meet IPv6 sending guidelines regarding PTR records 550-5.7.1 and authentication. Please review 550-5.7.1  https://support.goo
<geosmile> gle.com/mail/?p=IPv6AuthError for more information 550 5.7.1 . b27si1693365uxj.14 - gsmtp (in reply to end of DATA command))
<andol> geosmile: For starters, did you read the referenced https://support.google.com/mail/?p=IPv6AuthError link?
<keithzg[m]> Oh darn, did not expect the version of s3cmd in the 20.04 repos to be broken, now I gotta ponder going out of the main repos, hrmm.
<keithzg[m]> (I mean okay "broken" is perhaps too strong of a term, but "throws syntax warnings on every invocation" is pretty annoying, particularly when run via a cron job, haha)
<Sven_vB> indeed. a wrapper script could filter it though.
<Sven_vB> maybe even just sth. like bash -c 'exec &>(sed -rf /censorfile.sed) && exec "$0" "$@"' your original command
<Sven_vB> you can probably even combine both execs
<Sven_vB> err, it should be &> >(
