#ubuntu-server 2006-08-14
<bmk789> i tried upgrading to php5 from php4 and now apache wont load the php files. How to i make sure it loads the php5 mod?
<bmk789> nvm
<tumbleweed> hi guys, something up with rsync on durville?
<tumbleweed> http://paste.ubuntu-nl.org/20552
<tumbleweed> aah, grr this channel is for ubuntu-server distro, not the servers :_(
#ubuntu-server 2006-08-15
<derekS> can anyone help me with a procmail recipe? i want all emails recieved by an account to be put in to a folder based on date... for example if the email was recieved on august 2006, i want it to go to folder 2006-08
<derekS> what is everyone using for spam protection?
<nictuku> I am happy with postfix, amavis and spamassassin
<derekS> nictuku: hmm, ok
<derekS> nictuku: how do you seperate your mail into folders? i am looking for a good accurate scheme so my mailbox doesn't get too large
<derekS> and then i won't have trouble opening it
<nictuku> you mean in a server environment or in your local inbox?
<nictuku> anyway, using maildir + maildrop/procmail is a start
<derekS> i am using fetchmail->procmail->dovecot imap (all out of ~/Maildir
<derekS> )
<derekS> but i don't know of a decent method to sort them
<nictuku> you know procmail can do that filtering, right?
<derekS> nictuku: yeah, but i don't know how to filter it
<derekS> i am using procmail to filter
<nictuku> you can try switching to maildrop, its syntax is easier to digest, IMO
<nictuku> google has a lot of resources about filterting with procmail
<derekS> yeah i am reading :)
<derekS> i got it, what i want to do is put everything in the main maildir, and then have a python script run once a week to move things that are older than 30 days into an MailDir that is Year-Month
<nictuku> then you can either user your MUA filtering capabilities, or writing a script called by cron that does that. a simple bash using "find"+xargs would do it, I guess
<derekS> i was planning to make a python/perl/etc script to just get called by cron
<derekS> which would work
<kagou> hi
<kagou> i'v searched but not found answers on wiki. We have apache/postfix/courier officially included (in main). Including a webmail like imp is it planed ?
<NineTeen67Comet> Anyone in here use Gallery2? .. I see it is available for install, but I've only used it via tar.gz .. unzip .. run it .. 
<NineTeen67Comet> How do I use it when apt-get installs it?
* NineTeen67Comet how do I point the browser to g2's main.php file to start the server set up?
<lionelp> Hi NineTeen67Comet
<lionelp> that's probabily something like http://server/gallery2
<lionelp> have a look on etc/gallery2/apache.conf to see
<NineTeen67Comet> lionelp: That's not correct in my case .. all my users web sites are in /shared/www/<users URL> .. like my site is http://www.justinsteiger.com .. that main index.html file is in /shared/www/justinsteiger .. 
<NineTeen67Comet> I can check that .. thank you ..
<NineTeen67Comet> Think I might be able to point something in the config to the main gallery data base ..
<NineTeen67Comet> thanks for the direction lionelp
<NineTeen67Comet> Sorry to rattle on again in here . but can Apache2 use files that are not in the normal sites path? My sites are all in /shared/www/<sites url> .. but gallery2 is in /usr/share/gallery2 .. and I need to get to /usr/shared/gallery2/install/main.php via the www in order to start setting it up .. 
<NineTeen67Comet> Think I got it .. had to make a subdomain, and have that listed as a virtual host in /etc/gallery2/apache.conf . then tell my DNS server to hand off gallery2.justinsteiger.com .. to that virtual host .. sigh .. shweew ..
<derekS> how do you all do smtp with mutt?
#ubuntu-server 2006-08-16
<p4> Hello. How to adjust Ldap-authorization Samba if LDAP is on OTHER server?
<lionelp> p4: hello
<lionelp> the same
<lionelp> but change localhost by your LDAP server :)
<p4> Thank. Where it is better to look adjustment in Ubuntu LDAP-authorizations SAMBA?
<alexis_> hi
<alexis_> does anyone got the postfix-ldap package to work
<alexis_> ?
<lionelp> alexis_: yep
<alexis_> hi
<alexis_> postfix tells me "SASL CRAM-MD5 authentication failed"
<alexis_> every time i try to send a mail with a user which is in the ldap base
<alexis_> testsaslauthd works well (0: OK "Success.")
<lionelp> For what purpose you use LDAP with postfix ?
<lionelp> Ok, for SMTP-AUTH ?
<alexis_> i nned to migrate a macosx server (with netinfo) to ldap
<alexis_> ??
<alexis_> what do you mean by "Ok, for SMTP-AUTH ?"?
<lionelp> You are trying to use SMTP-AUTH with Postfix ?
<alexis_> yes
<alexis_> i need the smtp server to allow only ldap users to send mails
<lionelp> 2s
<alexis_> it works well without authentification
<alexis_> ok
<lionelp> alexis_: sorry
<alexis_> yep
<lionelp> You does not need postfix-ldap to make SMTP-AUTH
<lionelp> postfix-ldap is for maps LDAP support in postfix
<lionelp> (for example if you store mail addreses in LDAP)
<alexis_> it's what i want to do
<lionelp> in your case, it is SASL (saslauthd to be more precise) that will interact with LDAP
<lionelp> Ok :)
<alexis_> yes 
<alexis_> saslauthd works
<lionelp> with LDAP ?
<lionelp> Oh, i know
<alexis_> but postfix always tell me "SASL authentication failure: no secret in database"
<lionelp> did you take care of Postfix chroot ?
<alexis_> yes
<alexis_> i have a testman in ldap and "testsaslauthd -u testman -p 123" works
<lionelp> That's fine for saslauthd
<alexis_> yes i did some changes in configuration files (google)
<lionelp> How did you had saslauthd socket in postfix chroot ?
<alexis_> but when  i try testsaslauthd being not root it does not work
<alexis_> i added a few lines into /etc/init.d/saslauthd
<lionelp> Can you show me the /etc/default/saslauthd ?
<alexis_> yes
<alexis_> 2s
<alexis_> http://paste.ubuntu-nl.org/20744
<alexis_> and i added these lines into /etc/init.d/saslautd: http://paste.ubuntu-nl.org/20743
<lionelp> Ok
<alexis_> and i modified 2 lines in the beginning of /etc/init.d/saslautd:
<alexis_> PWDIR=/var/spool/postfix/var/run/saslauthd
<alexis_> PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"
<p4> How to LDAP+SAMBA?
<p4> How to LDAP+SAMBA?
<alexis_> i haven't tried samba yet
<alexis_> but ftp works well
<alexis_> ftp+ldap i mean
<lionelp> alexis_: what is the content of /etc/postfix/sasl/smtpd.conf ?
<alexis_> pwcheck_method: saslauthd
<lionelp> p4: We understand even if you ask only once :)
<lionelp> p4: did you check http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/
<lionelp> oh sorry alexis_ i missed your answer
<lionelp> you should add the following line
<lionelp> mech_list: PLAIN LOGIN
<alexis_> ok i'll try
<alexis_> it does not work
<alexis_> i check the logs...
<lionelp> did you reload postfix ?
<alexis_> yes
<alexis_> the log is not the same
<alexis_> 2s i post it on pastebin
<alexis_> over there http://paste.ubuntu-nl.org/20752
<alexis_> it is the same error i i tell sylpheed-claws to use AUTH PLAIN instead of AUTH LOGIN 
<alexis_> "cannot connect to saslauthd server: No such file or directory"... which file is it talking about?
<lionelp> alexis_: I think this is the socket file
<alexis_> i see the problem
<alexis_> /var/run/saslautd is a link to /var/spool/postfix/var/run/saslauthd
<alexis_> but /var/spool/postfix/var/run/saslauthd does not exist even if saslautd is running
<lionelp> hum...
<lionelp> Can you check the content of /var/run/saslauthd ?
<lionelp> Does your socket even exists ?
<alexis_> i will put back the original configuration
<lionelp> I personnaly used a moutn with bind option
<lionelp> Here is my fstab entry :  /var/run/saslauthd /var/spool/postfix/var/run/saslauthd none bind,defaults 0 0
<alexis_> i will try this
<alexis_> wow
<alexis_> i dont kno what i have changed but testsaslauthd does not work anymore
<alexis_> ok now it works again
<alexis_> so i must keep PWDIR=/var/spool/postfix/var/run/saslauthd ?
<lionelp> no
<alexis_> i need to put back PWDIR=/var/run/saslauthd?
<lionelp> I would do so
<alexis_> ok
<alexis_> now i'll change my fstab
<alexis_> YES
<alexis_> authentification is OK
<alexis_> but now...
<alexis_> it wouldn't send my mail
<alexis_> [12:16:39]  ESMTP< 235 Authentication successful
<alexis_> but after that it does nothing
<alexis_> AUTH PLAIN works and AUTH LOGIN works
<lionelp> did you changed the smtpd_recipient_restrictions ?
<alexis_> smtpd_recipient_restrictions = permit_mynetworks
<alexis_>                                permit_sasl_authenticated
<alexis_>                                reject_unauth_destination
<lionelp> Ok, looks good
<lionelp> Does log tell you more ?
<alexis_> 2s i look
<alexis_> i ll post it
<alexis_> ah
<alexis_> fatal: ldap:aliases(0,100): table lookup problem
<lionelp> alexis_: I will look at it after lunch
<lionelp> oh, you've got it
<alexis_> ok
<alexis_> bon appetit
<lionelp> collegues are waiting for me
<lionelp> merci :)
<alexis_> thank you very much
<DevGet> I get "forbidden" when I'm trying to go to the defult cgi-bin in my webbrowser, whats wrong?
<DevGet> what's*
<DevGet> oh, sry
<DevGet> wrong channel
<alexis_> are you here lionelp?
<J_P> hi all
<J_P> hey all, anyone know some colocation (server location) in the web that install ubuntu too in servers ?
<infinity> J_P: I don't know of any off hand, but I've always just gone with places that do RedHat or CentOS or whatever, then debootstrapped an ubuntu install, and used a static shell to mangle it into place.
<infinity> J_P: Another option is someplace like www.layeredtech.com that installs Debian Sarge, and you can "sidegrade" from Sarge to Dapper.
<J_P> infinity: humm second option is better, but yet is bad, becouse I would like two HDs doing RAID and LVM, so ned do this in instalation
<dj_ryan> hail people.
#ubuntu-server 2006-08-17
<alienbrain> I know Ubuntu Server comes with mysql 5 by default, but does it also has mysql 4.1 or may be 4.0 also as alternatives?
<alienbrain> ops, nvm
<lionelp> alienbrain: yes it also have mysql-4.1 available
<lionelp> (no 4.0)
<MagicFab> I am looking to compare Fedora and ubuntu in servers environment. Does anyone know of resources with white paper /case study structure ?
<MagicFab> this is a friendly although very light comparison
<MagicFab> http://en.jakilinux.org/choose/comparison?distro1=Debian&distro2=Fedora
<alienbrain> lionelp: that's great, many thanks
#ubuntu-server 2006-08-19
<yves> is there any known issue with a possible grub fscking in any latest kernel update?
<nictuku> after booting a server, grub wasn`t there anymore
<lordhelmet> hey i have an apache2 question, is anybody good with configuring it?
#ubuntu-server 2006-08-20
<nerophibia> hi all
<Overand> Is there a way to 'switch' eth0 and eth1 on a two-network-card system?
<Overand> ah, got it, /etc/iftab
<netdur> oh! shouldn't be #ubuntu-server-devel for development and #ubuntu-server for help?
<netdur> ok, how come you install lamp without sendmail? mail function in php wouldn't work without sendmail!!!
<alienbrain> netdur: I say it's because not everyone on the planet preferes sendmail
<infinity> I assume he means /usr/sbin/sendmail (as could be provided by postfix, exim, sendmail, etc), not the sendmail package.
<netdur> alienbrain, it really doesn't matter what MTA is in use, php's mail function doesn't work, also it doesn't generate any error, this is confusing, if you developers don't like sendmail, install postfix or something works
<infinity> And I'd given it some thought, and decided against it, because most people don't really need an MTA, will misconfigure it, and it generally causes a hassle.  If you need one, it's one apt-get call away.
<infinity> I'll admit that that decision on my part may not have been ideal, but I have to drap the line somewhere for "what extra stuff do we install, and what don't we", and I'm not sure that opening port 25 to the world is what most people would expect from a DB/Web server.
<infinity> s/drap/draw/
<netdur> you know better I
<netdur> I just shared my experience as user, thanks for ubuntu server
#ubuntu-server 2007-08-13
<qman> hello...I have a bit of an issue with ip forwarding
<qman> I had my box set up and the power went out. Once I booted it back up, for some reason, ipv4/ip_forward was set to 0, even though /etc/sysctl.conf is set to have it as 1
<qman> am I missing another conf file or something?
<qman> Setting it manually as root fixed the problem, so I'm fairly sure it's not a prerequisite issue, although it required opening a root terminal with "sudo -i"; simply "sudo echo "1" > .../ip_forward" gave access denied.
<CuriosX11> Hi
<ScottK> Hello.
<dezmaeth> hi, i used to have ubuntu 5.10 and i use it as a server, now i installed 7.04 server, the thing is , i was used to lampp on the /opt/lampp folder, but ubuntu server allready installed lampp... but i dont know on wich folder :S ...
<dezmaeth> anyone?
<dezmaeth> :S
<pschulz01> dezmaeth: Any particular package?
<dezmaeth> pschulz01, xampp
<pschulz01> dezmaeth: Try - dpkg -L xampp
<dezmaeth> pschulz01, k
<pschulz01> dezmaeth: Is is a debian/ubuntu package?
<dezmaeth> pschulz01, yes...
<dezmaeth> pschulz01, k , didnt find it... so i suppose it installed apache2 , mysql and php4
<dezmaeth> pschulz01, how can i disable or enable a aplication from starting on boot?
<pschulz01> Most LAMP packages go into /var/www
<qman> what method did you install it with?
<pschulz01> ?
<pschulz01> Install what?
<dezmaeth> qman, i installed it via the install of the ubuntu server
<qman> like, did he use a deb package, apt, the check box
<pschulz01> qman: Sorry.. confused :-)
<dezmaeth> qman, it said to me "do you wish to install one of the following" DNS Server , Lampp server, so i sayd lampp
<qman> the check box sets apache's htdocs location to /var/www
<dezmaeth> k
<dezmaeth> :D
<dezmaeth> so, if i want to use phpmyadmin , i just get it on that folder?
<qman> sudo apt-get install phpmyadmin
<dezmaeth> qman, :D
<qman> it'll install it and set it up for you
<dezmaeth> quite impresive :D
<dezmaeth> qman, thanks! it worked!
<qman> no problem, things like these are why I use ubuntu
<qman> this ip_forward issue still has me quite confused, though
<dezmaeth> qman, u r using iptables?
<qman> yes
<qman> thing is
<qman> I have sysctl.conf set correctly to enable ipv4 forwarding
<qman> but for some reason, after the system boots, ipv4 forwarding is turned off
<dezmaeth> do u have a batch file with the port forwading config?
<qman> I set up a bash script with my config, yes
<dezmaeth> oo
<dezmaeth> mm...
<dezmaeth> i really couldnt help u 
<dezmaeth> :S
<dezmaeth> sorry
<dezmaeth> hey, one last thing , do u know where the php.ini is?
<qman> after the system boots, if I manually do "echo "1" > /proc/sys/net/ipv4/ip_forward" as root, everything magically starts working
<dezmaeth> i cant seem to find it anywere
<qman> let me find it
<qman> /etc/php5/apache2/php.ini
<dezmaeth> :D
<dezmaeth> qman, how do u use the "find" command?
<qman> I don't, I use slocate
<qman> you have to install it to use it, though
<dezmaeth> k
<dezmaeth> its asking me for the cd in order to install it :S
<qman> you first generate the database with "sudo slocate -u", then you can find files with "slocate filename"
<dezmaeth> damm
<qman> you don't need the cd
<qman> just comment out the cdrom repository in /etc/apt/sources.list
<qman> it'll look online instead
<dezmaeth> ok! :D
<dezmaeth> qman, perfect
<qman> just remember to update the slocate database once in a while, or else it'll get out of date
<qman> probably a good thing to schedule on a cron job during slow hours
<qman> if you don't have a lot of files it doesn't take long at all, but on my desktop system I've got around 450 gigs of data and it takes a good five to ten minutes
<kraut> moin
* Starting logfile irclogs/ubuntu-server.log
<sommer> hey all, anyone know if there is a way to migrate machine account from Samba using smbpasswd file to LDAP without having to rejoin the domain?
<nealmcb> I'm interested in the ramifications and clean-up solutions related to debian Bug#397886
<nealmcb> http://www.nabble.com/Bug-397886:-apache2.2-common:-non-wanted-behaviour-during-upgrade:-charset%09MUST-not-be-created-without-user-consent-t2606841.html
<nealmcb> This has been committed as part of https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/127537
<ubotu> Launchpad bug 127537 in apache2 "[Sync request]  Sync request apache2 (2.2.4-2) from Debian unstable (main) (dup-of: 126641)" [Undecided,New]  
<ubotu> Launchpad bug 126641 in apache2 "sync apache2 (2.2.4-2) debian sid main" [Wishlist,Fix released]  
<nealmcb> for gutsy
<nealmcb> The deal is that during some period of time, ubuntu and debian  apache installs set up a default charset, and now we recognize that was a bad idea.
<nealmcb> I'm not sure when it started, and I'm wondering if we have advice for folks that want to remove that config and make sure that they don't break any pages.  Actually my issue is that my colleagues upgraded a big site to ubuntu, and this bug is probably affecting a bunch of pages, and now I don't know of a good way to find out which ones, and whether taking the default charset out would help or hurt now....
<nealmcb> so are there good tools for scanning a site and finding charset problems?
<reya276> Can anyone help me setup POSTFIX?
<ScottK> Possibly.  What help do you need?
<reya276> I actually have most of it setup, I can send and receive email, I'm just having issues with Evolution it tells me it can't find the host name
<reya276> I configure Evolution with the standard pop and smtp protocols but for some reason is not working.
<Nafallo> doesn't sound like a postfix issue then.
<Nafallo> rather DNS
<reya276> POP is mail.frgtracker.com and smtp is also mail.frgtracker.com
<reya276> DNS
<reya276> oh
<reya276> I
<reya276> I'm using BIND on webmin for that
<Nafallo> mail.frgtracker doesn't resolve.
<ScottK> reya276: I agree with Nafallo.
<Nafallo> mail.frgtracker.com doesn't resolve.
<ScottK> Also, get rid of webmin would be my other advice.
<Nafallo> oh. I misspelled it.
<Nafallo> it does resolve.
<reya276> yes I know, but I come from a wincrap server background and right now SSH is not an option I need something with a GUI as setting up this mail server is extremely time sensitive
<reya276> I will get rid of it as soon as I configure this
<Nafallo> have you tried just following the tutorials on help.ubuntu.com?
<Nafallo> that would be the sane thing IMHO
<reya276> nah I rather not mess with the command line right now as I don't know how to really do anything with it
<Nafallo> k
<reya276> and I like I said this Email stuff is a sensitive issue for the company
<reya276> so you guys are saying it does not resolve, I wonder why
<reya276> hum....
<Nafallo> reya276: a quick nmap on that host says smtp is filtered. can you verify thats what I should see?
<Nafallo> reya276: no. I changed my mind. it does resolve.
<reya276> oh ok
<reya276> filter I never setup any filter, maybe is the default config
<reya276> let me check, you guys are awsome
<Nafallo> grep 127 /etc/postfix/main.cf should give you a first thing to check.
<reya276> grep: /etc/postfix/main.cf: No such file or directory
<Nafallo> have you installed postfix?
<reya276> yes
<reya276> installed it through webmin
<reya276> ok try ping to mail.frgtracker.com
<Nafallo> please get a shell and try to type the command I gave you.
<Nafallo> no luck
<reya276> wow
<reya276> I wonder if it is a firewall issue
<Nafallo> are the MUA behind the firewall?
<reya276> MUA?
<Nafallo> Mail User Agent
<reya276> oh yes
<reya276> try this telnet mail.frgtracker.com 25
<Nafallo> wont work. I've already ran nmap and told you the port is filtered.
<Nafallo> and it still is
<reya276> I though I opened that port on my firewall, port 25 right
<Nafallo> dooh!
<Nafallo> my ISP blocks outgoing SMTP. sorry.
<Nafallo> just remembered.
<ScottK> reya276: I can connect to it via telnet.
<reya276> really
<reya276> wow some can and some Can't I wonder why
<reya276> but no one can do a regular ping that is an issue
<infinity> Uhm.
<infinity> Guys.
<reya276> but I can send and receive email, the only host that rejects the mail is yahoo.com
<infinity> What exactly are you trying to diagnose here?
<infinity> If the issue is that Evolution can't connect, that may be because you don't have a POP server installed.
<reya276> well I need to be able to setup my Evolution so that I can check the email I setup with Postfix email server
<reya276> but when I do a sent and receive it gives me an error
<ScottK> reya276: As infinity says, for that you need either a pop or imap server (and Postfix doesn't do that).
<infinity> Postfix is an MTA, not a POP server.
<reya276> hostlookup failed 
<reya276> ok what do I need to install so that it can wok
<reya276> what is an MTA
<ScottK> Mail Transfer Agent
<reya276> ok
<ScottK> reya276: Which release are you using?
<ScottK> Of Ubuntu
<infinity> adconrad@cthulhu:~$ telnet mail.frgtracker.com 110
<infinity> Trying 70.158.34.73...
<infinity> telnet: Unable to connect to remote host: Connection refused
<infinity> adconrad@cthulhu:~$ telnet mail.frgtracker.com 25
<infinity> Trying 70.158.34.73...
<Nafallo> infinity: hehe. good point. I understood it as sending mail :-)
<infinity> Connected to mail.frgtracker.com.
<infinity> Escape character is '^] '.
<infinity> 220 krusty-desktop.localdomain ESMTP Postfix
<reya276> can I use DOVCOT IMAP/POP3 server
<infinity> You have Postfix setup just fine, you have no POP server.
<infinity> Yeah, dovecot works fine.
<infinity> apt-get install dovecot-pop3d
<reya276> cool
<ScottK> reya276: What Ubuntu release are you on?
<reya276> feisty 7.04
<ScottK> Yes, Dovecot is good then.
<reya276> I did not download the server version
<reya276> I just got the additional packages
<ScottK> Doesn't really matter.  It's all in the same repository.
<reya276> ok I tried to install it through webmin and it failed, let me go to the actual machine and do it
<ScottK> reya276: https://help.ubuntu.com/7.04/server/C/dovecot-server.html
<ScottK> reya276: Don't use webmin.  It's just not a good idea.
<infinity> reya276: webmin is going to cause you a lot more problems than it solves.
<infinity> There's a reason I completely removed it from the Ubuntu archive.
<reya276> I know, but is the only thing close to GUI I can use right now, unless you know of something better
<infinity> And it's not just beause I'm a big meanie.
<ScottK> reya276: Don't use a gui.
<infinity> s/beause/because/
<ScottK> The directions I posted a link for aren't that hard.
<reya276> I'm not experience enough to use CLI
<reya276> and I need to get this up ASAP
<ScottK> Well if you use webmin you'll probably end up shooting yourself in the foot.
<reya276> after this is done I will dive into using the CLI
<infinity> What you'll break following simple instructions on the command line will be a lot less than what you'll break using webmin.
<infinity> I assure you.
<reya276> ok
<infinity> At this point, you'll pretty much want to reinstall fresh and start over, because webmin mangles packages and config files in ways that you can't recover from, unless you really know the system.
<infinity> Which, as you admit, you don't.
<ScottK> Or if you insist on using webmin and need someone to come in and clean up the mess afterwards, I have consulting rates.... ;-)
<infinity> On the command line, you can't really break anything without knowing exactly what you're breaking when you do it.
<reya276> can I use synaptic to install Dovcot
<infinity> Sure.
<infinity> Synaptic is just a front-end to apt, anyway.
<reya276> got yah Scott
<ScottK> reya276: Did you look at the documentation link I gave you?
<reya276> no not yet
<infinity> Well, a GUI apt-alike, but let's not split hairs.
<ScottK> That's a step byt set way to do it.
<ScottK> step by step
<reya276> ok
<infinity> There's more than one step to installing dovecot?
<reya276> I use that guide
<reya276> BRB
<ScottK> installing and configuring.
<ScottK> It's not much more than one step.
<infinity> Meh, I hate "configuration toturials" in our official documentation.
<infinity> It's always "community member X thinks this is how it should be tweaked, and now everyone will cargo-cult that same config to their systems".
<infinity> This being a good example:
<infinity> pop3_uidl_format = %08Xu%08Xv
<infinity> No explanation of what that does, just that someone thinks it's a good idea.
<infinity> (If it was necessary, it should be in the package's default config, not on a website)
<Nafallo> infinity: isn't it?
<Nafallo> I think I recognise it...
<ScottK> infinity: That isn't community documentation though.  That's official docs.
<Nafallo> ScottK: from wiki.dovecot.org?
<ScottK> No, Ubuntu docs.
<Nafallo> ScottK: or maybe even the configfile?
<Nafallo> hm. oki.
<infinity> ScottK: help.ubuntu.com is community driven.
<Nafallo> infinity: no
<infinity> (yes)
<Nafallo> infinity: help.ubuntu.com/community, right?
<infinity> Canonical doesn't write those docs, and neither does core-dev.
<ScottK> It's not in the comunity section, no, but the ubuntu-docs team controls it.
<Nafallo> hmm. ubuntu-docs team should count as communitydriven... :-)
<ScottK> It's not a random driveby wiki update.
<infinity> No, I realise it's not a drive-by wiki update, but it's still cargo-cult stuff from various sources, afaict.
<infinity> I'm occasionally bitter that we think having everything documented poorly is better than having no docs sometimes. :)
<infinity> (Note that uidl formats, for instance, don't matter one bit, unless you're changing POP servers... And if you are, you want to set the format to be the same as your last one, which varies)
* ScottK considers mumbling something about patching the docs, but realises infinity is busy...
<reya276> how the heck do you configure this
<reya276>  You should configure your Mail Transport Agent (MTA) to transfer the incoming mail to this type of mailbox if it is different from the one you have configured.
<Nafallo> infinity: that string is suggested in the package configfile that we ship. commented, but still suggested.
<infinity> Nafallo: In which case, the docs are redundant.
<infinity> (FWIW, that string matches the uw-pop3d uidl format, which is why it's recommended, because when we originally rolled the dovecot sources into Debian, we were trying to do it as a UW upgrade path)
<Nafallo> infinity: they sure it. I just looked, and it's not only suggested, but the default :-)
<infinity> Someone who's not an Exim disciple (like I am..) might want to help reya276 with his "how do I tell postfix to deliver to mbox or maildir" question above...
<infinity> And don't start any mbox versus maildir holy wars in the process. :P
<infinity> We all know that mbox works great for everyone except nerds who keep 6 gigs of mailing list archives in their IMAP folders.
* Nafallo gives it to ScottK then, since he would engage in the war ;-)
<Nafallo> infinity: or bosses that keep ALL mails ever received in the ticketer ;-)
<infinity> Yeah.  The default ISP-like setup of "limited size mailboxes, and users download-and-delete from POP" though works well with mbox.
<infinity> And much less hassle.
* ScottK just uses maildir.
<ScottK> reya276: I'm looking for some docs for you.
<infinity> I would suspect, without even looking, that a default potfix and a default dovecot will "just work" without configuration on that front.
<infinity> Unless webmin mangled his postfix config beyond repair.
<ScottK> That's probably true.
<ScottK> The key point I do remember is that you put "/" on the end of the delivery path to get maildir and leave it off to get mbox.
<reya276> wow people take to heart when you ask for help, I just went into the Dovecot channel and these guys are like you wont get any help from us, LOL
<reya276> wow
<reya276> pretty much useless to go there
<reya276> why would they even have a channel, I though that it was the reason to have a channel so people can go there for help
<infinity> Most of us use IRC to get work done, not to provide free support.
<infinity> This channel used to have a "no support" policy too, until I handed off the server team to kinder, gentler people than I.
<reya276> well I understand, but what is the point to have a channel then?
<infinity> reya276: To communicate with fellow developers.
<khermans> apache2-ssl-certificate is missing from feisty, it is a known bug, how to fix?
<khermans> i cannot generate my cert
<infinity> reya276: I, for instance, work for Canonical.  I live in Melbourne, and not a single one of my coworkers does.
<infinity> khermans: It's not a bug.  Use ssl-cert instead.
<infinity> (make-ssl-cert)
<reya276> oh for some reason when I installed DoveCot it generated one for me
<khermans> infinity, thx dude -- hey maybe i will work for canonical :-)
<infinity> reya276: Yes, it does.
<khermans> infinity, do they pay well?
<mathiaz> khermans: bug 77675
<ubotu> Launchpad bug 77675 in apache2 "apache2-ssl-certificate has gone missing since feisty" [Wishlist,Confirmed]  https://launchpad.net/bugs/77675
<infinity> I get paid in satisfaction and love.
<infinity> mathiaz: Ooo, a bug.  Can I go invalid it? :P
<khermans> infinity, yeah thats cool too
<mathiaz> infinity: hum... it's tagged as a whishlist.
<khermans> i lovew ubuntu, since warty baby!
<mathiaz> infinity: I wouldn't marked it as invalid.
<khermans> anyways, thx for the help
<mathiaz> infinity: the reason being that a lot of people still expect apache2-ssl-certificate
<infinity> mathiaz: The whole point was to move to ssl-cert being the One True Way to make all this go, instead of each package having its own broken certificate generation.
<mathiaz> infinity: it's referred by a lot of ressources on the internet.
<mathiaz> infinity: I agree. I don't say that we should reinclude apache2-ssl-certificate
<infinity> mathiaz: Documentation needs to keep up.  Keeping cruft for the sake of docs is wrong.
<mathiaz> infinity: may be have a warning that says to use ssl-cert instead of apache2-ssl-certificate
<infinity> I'd perhaps be amenable to including an apache2-ssl-certificate shell script that just tells you to use make-ssl-cert. :P
<mathiaz> infinity: that would be a good compromise.
<mathiaz> infinity: we cannot change all the documentation that refers to apache2-ssl-certificate
<mathiaz> infinity: that's why I'd like to keep the bug open to avoir more reports.
<infinity> No, but I will happily ignore it.
<infinity> (the docs, that is)
<mathiaz> infinity: now that LP has a way to present potential duplicate when filling a new bug.
<infinity> It's like claiming that Debian could never change its default MTA, because all the docs refer to how to configure smail.
<infinity> (Yes, I'm old, shut up)
* Nafallo smiles
<ScottK> infinity: How old?
<infinity> ScottK: Younger than you, I think we established.
<ScottK> OK.
<ScottK> I'm old and I forget stuff.
<infinity> But "old" in the sense that "I remember when Debian's default MTA was smail".
* ScottK agrees that's "old".
<Nafallo> infinity: Potato had that, no? :-)
<infinity> Actually, how old were you?  Now it's my turn to forget things.
<infinity> I'm 30 in a month.
<infinity> Nafallo: potato was exim.  So was slink, I believe.
<infinity> Nafallo: hamm might have been smail.
<Nafallo> I don't even remember my first Debian :-/
<Nafallo> damnit!
<Nafallo> I know I switched to Ubuntu 2004 :-P
<tck> i think everyone got tired of waiting for debian releases :P
<tck> switched to ubuntu 
* infinity shrugs.
<infinity> I still run both.
<tck> to infinity and beyond
<Nafallo> tck: well. I wanted official x86_64 :-)
<leonel> in  my  case  better than  releases  ..  security updates ...
<leonel> the kernel had no security updates more than a year .. and  as soon sarge was released  no updates for a month
<infinity> I always roll my own kernels on Debian anyway, so that was never a concern for me.
<infinity> And their userspace security support was fine.  It was only that period of kernel silence that got them bad press.
<tck> when people are paid to do it, always more enthusiasm ;)
<leonel> that was what I ended  doing  but  always  a bad feeling on reboot to new kernels  and even for my customers ..
<leonel> tck: yes 
<leonel> the bad thing  about security is when  everyone  thinks  there are no security bugs  because there are no security updates
<infinity> Less about the enthusiasm, more about the fear of losing our jobs. :)
<Nafallo> hmm. so the box isn't dead...
<Nafallo> what the heck is it doing then...
<tck> does anyone have the Ubuntu Certified Professional cert ?
<Nafallo> btw. what is the best nullmailer out there? and why isn't that one in main? :-)
<infinity> How null do you want it?
<infinity> "nullmailer" is about as good as it gets for just losing your mail.
<Nafallo> just sending the stuff to another smtp
<infinity> For relaying, I like ssmtp
<Nafallo> it's a backupserver.
<infinity> That is, relaying from local to remote.  ssmtp doesn't accept mail.
<infinity> Just provides a sendmail binary to get stuff off the system to a smarthost.
<Nafallo> nice! thanks Adam :-)
<Nafallo> exactly what I want
<infinity> NP.
<infinity> I tend to have it on all my hosts (because not being able to use mail(1) form the command line makes me a sad panda), and forward to my One True Relay on the edge of my network, which spools and spits mail off to wherever.
<infinity> That way I get no sending delays or queueing on the desktop machine.
<infinity> s/machine/machines/
<Nafallo> yea. this server should only run backuppc really :-)
<Nafallo> (and deps ofcourse)
<close2__> hello, i have my / on a software raid1 and lvm
<close2__> but when I disconnect a disk, and try to boot
<close2__> i get the message that "ALERT! /dev/mapper/ROOT does not exist. Dropping to a shell"
<close2__> right after grub
<ivoks> cd to /dev/mapper
<ivoks> and check if there is ROOT
<ivoks> i'm sure that's wrong name, there should be something like option1-option2
<Nafallo> vg-lv even :-)
<close2__> only a control
<ivoks> right :)
<close2__> i.e. /dev/mapper/control
<ivoks> then there aren't lvm groups
<Nafallo> and I'm not sure you can use dm-thingies in the bootline anyway.
<close2__> FYI i am in the initramfs shell
<infinity> Is this raid-over-lvm, or lvm-over-raid?
<close2__> lvm over raid
<infinity> Kay, then I suspect I know your problem.
<infinity> Let me just install mdadm quickly here. :)
<infinity> close2__: "sed -i -e 's/--no-degraded//' /usr/share/initramfs-tools/scripts/local-top/mdadm"
<reya276> hey you guys happen to know what it the default web URL for SquirrelMail
<infinity> close2__: The problem is that, in our infinite wisdom, we've decided to not allow you to boot from degraded arrays.
<infinity> close2__: There's much discussion surrounding this issue right now.
<ivoks> kill that feature :/
<infinity> (There are valid reasons for it, like not being able to tell the difference between a degraded array, or one that udev is still activating the hardware for...)
<infinity> So, it needs some thought to solve correctly, sadly.
<close2__> ok, so if I reboot, with my 2nd disk attached, and execute this command, it should boot, right?
<infinity> close2__: Anyhow, if you yank "--no-degraded" out of that file, and then "update-initramfs -u", you should be good to go.
<close2__> because, I was just testing, if it would boot
<close2__> thanks, i will try it right away
<Nafallo> fuck this!
<Nafallo> the damn server doesn't come back :-(
<infinity> ?
<close2__> do I have to fear, that this "feature" will be reactivated whenever I update the kernel?
<Nafallo> [42952646.970000]  3w-9xxx: scsi0: AEN: <NULL> (0x04:0x00E6): :
<Nafallo> nafallo@remembrance:~$ dmesg | grep NULL | wc -l
<Nafallo> 1232
<infinity> close2__: It's a feature of the "mdadm" package.  If you don't want that change overwritten, you can put it on hold...
<infinity> echo "mdadm hold" | dpkg --set-selections
<Nafallo> after a while of that I rebooted, and now the mac doesn't come up on the switch. link is up at full speed though.
<Nafallo> a collegue thinks one of the SATA-cables got disconnected again and it stopped in BIOS trying to tell us...
<infinity> Seems plausible.
<close2__> another question, when I boot my server the boot-lines are messed up, as if there was no CR (and the login starts right at the beginning)
<Nafallo> infinity: thanks for backing that up. I will move to London on Thursday, so I'll know whats up on Friday.
<Nafallo> *sigh* I hate that server.
<Nafallo> if it's the cable I will glue to fuck in place.
<Nafallo> fucker even
<Nafallo> gaah!
<Nafallo> s/to/the/
<close2__> it's bug: 65230
<close2__> Nafallo: instead of using glue, you could just by sata-cables with clips
<close2__> s/by/buy/
<Nafallo> close2__: will see what crap we got now. and the boss want me to spec a new box
<Nafallo> PERC 5/i is good on dapper?
<sommer> has anyone ever had two Samba domains on the same network with the same SIDs?
<sommer> kind of a wierd question I know.
<Nafallo> infinity: do you know? :-)
<sommer> The domains have different names, but I'm just wondering if the SIDs will cause problems.  Or if anyone knows...
<sommer> right now they both aren't running...one is test the other live.
<sommer> I'll find out tomorrow at any rate...going live with Samba and LDAP.
<khermans> sommer, where did you get info on how ot set it up?
<khermans> sommer, i see many online sources
<khermans> sommer, which is the best guide, or did you crib form many source?
<sommer> a few places acutally.  The Samba online docs have probably the best guide.
<khermans> sommer, the goal is to replace an existing AD, is it easier now?
<khermans> sommer, could you email me any links/guides/configs you found helpful?
<khermans> kristian.hermansen@gmail.com
<sommer> khermans: No I currently have Samba as PDC, but it's authenticating to local smbpasswd.
<sommer> khermans: sure, I'll compile a list.
<khermans> sommer, thanks dude
<khermans> i will try to put it on the wiki.ubuntu.com
<khermans> there is already a guide there
<khermans> but want to enhance it
<khermans> https://wiki.ubuntu.com/?action=fullsearch&context=180&value=active+directory&titlesearch=Titles
<syuroff> hi all.  I'm having a network problem with a new ubuntu server install
<syuroff> I can move files around the LAN all I want.  But any downloads (notably, apt-get) croak at about 5 megs.
<syuroff> I've knocked down the MTU, and turned off window scaling- no good.  Anything else to try?
<ScottK> syuroff: Look at firewall configurations/logs
<syuroff> it's an out of the box 6.06LTS configuration- just installed it this morning.
<ScottK> I'm thinking between the box and whatever you are downloading.
<syuroff> ah.
<syuroff> thing is, I can apt-get from the machine right next to it.  same network path.
<syuroff> ScottK: well, this is interesting.  I bypassed the NAT router, and all is well.  It's been here for years and never had a machine behave like that.
<ScottK> Odd, but NAT can be odd in unexpected ways.  Not sure what to tell you.
<syuroff> yeah... since this is going to be a problem for the long term.
<ScottK> I'd take a tcpdump and look at the details if I was in your position.
<syuroff> I'll have to do that.  And maybe, just maybe, software upates will make it behave like the other machines.
#ubuntu-server 2007-08-14
<NeoIce> I'm managing a multi-user environment and would like to restrict certain users to certain commands, whats the best way to accomplish that?
<NeoIce> rbash isnt restrictive enough
<tck> more restrictive than rbash?
<NeoIce> mmhmm
<NeoIce> rbash allows the chsh command still which basiclly nullifies using rbash
<NeoIce> which seriously, whats the point of rbash if it only blocks SOME of the commands that allow shell changing?
<tck> just turn off the x bit for app
<tck> chmod o-x /usr/bin/chsh ?
<NeoIce> but is there a way to specify which commands which user can use?
<tck> not quite sure
<tck> im sure you can input something into a startup script when the shell is executed
<NeoIce> I read something but I cant find it again and it looked like you created a folder full of the commands you wanted to allow and you pointed something at it
<tck> http://kitenet.net/~joey/code/pdmenu/
<tck> it would be similar to the say, netopia menu based scenario i would imagine
<tck> oh fancy that, its in apt
<Pumpernickel> Would rbash with a carefully vetted $PATH work well enough for you?
<NeoIce> can you explain that a little more?
<Pumpernickel> Rbash seems to restrict users to running executables in their $PATH - no ./foo type commands, no commands starting with a /, no `cd`, etc.
<Pumpernickel> So if you were to setup their $PATH to only include 'allowed' executables, that should be an absolute limit.
<NeoIce> ah, found the environmental variable for the user that looks like this:
<NeoIce> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
<dendrobates> NeoIce: you could chroot the user and only put the commands you want them  to access in the chroot.
<NeoIce> yeah, rbash really doesnt block anything
<nealmcb> infinity, et al.: is there a web page somewhere (or ubotu response) with insights on why ubuntu doesn't have webmin any more?  We see it come up so often, that having a good page to point people to would help.  Info on when we dropped it, what other GUI tools are available that deal with config files in a respectful way, etc (like ebox?), etc would be nice also.
<mathiaz> nealmcb: not that I know of.
<mathiaz> nealmcb: may by we could discuss that during tomorrow meeting.
<nealmcb> mathiaz: that would be good.  as a new ubutu additions topic?  roadmap item?
<mathiaz> nealmcb: addition topic seems good to me.
<mathiaz> nealmcb: it may turn into a roadmap item at the end of the meeting.
<newbie3> anybody using ncsa_auth on squid?
<newbie3> my authentication can't run
<nealmcb> newbie3: Can you be more specific?  What version, what browser, what configuration, what does it do instead?
<newbie3> who's version?
<newbie3> my ubuntu 7.04
<newbie3> squid 2.6
<newbie3> ncsa_auth can't run
<newbie3> it's always wrong everytime i enter username and password
<newbie3> actually the squid is running but not until i try to run the authentication program
<newbie3> what could be wrong?
<dezmaeth> hi, im having problems with chmodded directories
<dezmaeth> i cant seem to enable uploads from users , i allready chmoded every needed directory as 777
<dezmaeth> but still doesnt work
<newbie3> my squid keep telling cache access denied?
<bain> mornign 
<newbie3> :)
<newbie3> no responses
<kraut> moin
<pmjdebruijn> will Gutsy support dm-multipath in the installer?
<Nafallo> hm
<pmjdebruijn> for example CentOS 5 automatically creates /dev/mapper/mpath{0-...} devices when it's started with 'linux mpath'
<Nafallo> I do need to throw this suggestion out here:
<pmjdebruijn> quite critical for our datacentre
<Nafallo> what do you people think of a task that will install openssh-server + deps as its own preselected tasks in the installer?
<Nafallo> serverinstaller that is
<Nafallo> most people will want to install it, and those that does not can easily untick it.
<Nafallo> should help new users
<dendrobates> Nafallo: We could not have it running by default.  We advertise no open ports in a default install.
<lcdd> Nafallo: anything to help the admin get out of the server room sooner, i guess
<dendrobates> Nafallo: I could see an argument for having it installed though.
<Nafallo> dendrobates: yes I know. that's why I wondered about the option above. to make it easier to get the most usual thing up and running fast :-)
<Nafallo> dendrobates: I don't want to force it on people, but a good default choice that you can untick :-)
<Nafallo> lcdd: agreed
<Nafallo> lcdd: or the datacenter ;-)
<Nafallo> it's easier to hit enter then login, sudo apt-get install openssh-server, wait a bit, logout
<Nafallo> :-)
<dendrobates> why have a checkbox at all.  I think you can make the assumption that all servers need ssh-server.
<dendrobates> You just can't start it by default without intervention at install.
<infinity> I think that assumption would be incorrect.
<Nafallo> dendrobates: cause we have a no open ports policy :-)
<dendrobates> core server need ssh-server than moin and we ship moin on the image.
<infinity> Uhh.
<Nafallo> infinity: hi :-). I would love your feedback as well ;-)
<dendrobates> s/core/more/
<infinity> We ship both, we don't INSTALL moin.
<infinity> Try logic that makes sense. :P
<Nafallo> infinity: I applied for ~ubuntu-server btw. when you have time etc... ;-)
<dendrobates> I'm not saying we should start ssh-server by default, I think it might be a useful option in the installer.
<dendrobates> Nafallo: I add you in a few minutes.
<infinity> There's no point in installing it and not starting it.
<Nafallo> dendrobates: ah. thanks :-)
<infinity> That has the same net effect as not installing it at all.
* Nafallo agrees with infinity 
<Nafallo> I rather have a task for it.
<infinity> Namely that you can't make it run without having physical access to the box. :P
<dendrobates> It's still early for me.   My last comments have nothing to do with my checkbox comments earlier.   What I am saying is it might be good to have an installer option that defaults to off, that installs and starts ssh-server when checked.
<dendrobates> Nafallo: Are you on the server mailing list?
<Nafallo> dendrobates: yes, have been from the start I think. backlogged though :-P
<Nafallo> dendrobates: so what I suggested, except I want it default to on :-)
<dendrobates> yes.  I think it is a good idea.
<nealmcb> ubuntu server team meeting in 53 minutes in #ubuntu-meeting
<nealmcb> https://wiki.ubuntu.com/ServerTeam/Meeting
<dendrobates> server team meeting in 15 minutes at #ubuntu-meeting.
<dendrobates> server meeting in #ubuntu-meeting now.
<Jekhar> I'm new to server administration, using an Ubuntu-6.06 server running Ruby1.8.4 which was installed with apt-get. I have not found a .deb on the repository my server is checking for Ruby1.8.6. I'm sure I could build it myself, but was curious as to whether installing it via rubygems would cause any problems or inconsistencies with the present 1.8.4 package.
<gamble6x> Jekhar: not terribly experienced with the ruby packages on 6.06.  But I'm curious.  Do you need both 1.8.4 and 1.8.6?  If not you could uninstall 1.8.4 to make sure there are no conflicts.
<gamble6x> my assumption would be if you're installing from source you can designate where it puts the files for 1.8.6 and then just make sure whatever apps need to use 1.8.6 are pointing to that location.
<leonel> In most packaged  distributions  if you  install some package from source  you need to make sure you install that package somewhere your instaled packages does not conflict with the new one 
<nealmcb> Jekhar: what do you need in particular from ruby1.8.6?  switching out language versions can have a lot of ramifications
<nealmcb> !info ruby
<ubotu> ruby: An interpreter of object-oriented scripting language Ruby. In component main, is optional. Version 1.8.2-1 (feisty), package size 18 kB, installed size 96 kB
<nealmcb> http://packages.ubuntu.com/cgi-bin/search_packages.pl?searchon=names&version=all&exact=1&keywords=ruby
<Jekhar> I guess you could say its a job requirement. The rails app was written with 1.8.6 on our machines. But, I know that when I do capistrano commands, I get a warning message about a bug in Ruby1.8.6's threading implementation.
<nealmcb> That shows 1.8.2 as the ruby version in ubuntu dapper thru gutsy....
<Jekhar> Yeah, when I do a apt-cache policy ruby, it shows 1.8.2, but when I do ruby -v, it shows 1.8.4
<nealmcb> I don't know much more about ruby versions or what you might run into compiling it from source
<nealmcb> Jekhar: interesting...
<nealmcb> on feisty, ruby -v  gives  ruby 1.8.5 (2006-08-25) [i486-linux] 
<nealmcb> so that package summary seems dubious....
<nealmcb> but on feisty, dpkg -l ruby  gives 1.8.2-1
<nealmcb> I'll look later for more about ruby versions - seems like a bug to me - but now, about time for breakfast....
<pmjdebruijn> does anybody here know whether it's possible to configure dm-multipath on a root fs, during the Ubuntu installation?
<pmjdebruijn> this is rather essential in "enterprise" environments.... many of our systems don't have local disks anymore...
<Nafallo> damn
<Nafallo> missed the meeting cause of RL-stuff
* Nafallo reads backlog
<Nafallo> ehrm. make that php-page NOT know SQL passwords. just check that the modules are working please.
<Nafallo> connect, but don't auth. rather connect() -> disco() sort of way.
<Nafallo> jdstrand: ^ :-)
<Nafallo> infinity: ^ even :-)
<Nafallo> infinity: btw. we don't either have it in php5 or something or a new package putting in /var/www/index.php
<Nafallo> just green OK or read FAIL ;-)
<infinity> Nafallo: I wasn't planning on it having any password knowlege. :P
<Nafallo> infinity: good :-)
<infinity> Nafallo: (what do you take me for..?)
<Nafallo> infinity: didn't read you had the task until further down in the meeting. I know yu wouldn't :-)
<Nafallo> I might want to take a stab at postfix+dovecot later btw
<infinity> Stab on.
<Nafallo> I have a real slick setup at work that would be fun to have as a task :-)
<infinity> Anyone who occasionally pretends to understand network-manager should find postfix trivial in comparison. :)
<Nafallo> lol
<lamont> infinity: I understand network-manager sufficient for my needs...
<lamont> but then apt-get remove --purge isn't much of a need.
<infinity> lamont: Nafallo's actually played around with the source.  That shit doesn't wash off.
<infinity> I know, I still have some on me as well.
<lamont> no, it most certainly does not.
<Nafallo> basically let dovecot use static checking for users mboxes in /var/mail/$user and let postfix auth throu dovecot would be a nice default.
* lamont still appreciates the various warnings he received to avoid reading that source
<Nafallo> also let postfix listen to more then 127.0.0.1 if the task is installed.
<infinity> lamont: It's scary, and it gets scarier with each new iteration.
<lamont> Nafallo: that's a preseeding thing...
<infinity> lamont: The "let's pretend every network is wpa" thing was utter crack-addled genius.
<Nafallo> lamont: preseeding? you meant only listen on 127.0.0.1?
<Nafallo> lamont: why do we even have that? feels like a leftover from when we installed an MTA by default
<lamont> db4.4 only enables pthreadsmutexes (NPTL crap) on amd64?
<infinity> Nafallo: Enough stuff depends on "postfix | mail-transport-agent" that it's still a good default.
<lamont> Nafallo: because there's no good answer
<lamont> and people on cable modems install postfix
<infinity> lamont: In Debian, amd64 was the only arch guaranteed to be NPTL-friendly (old kernel support, blah blah blah)
<lamont> and then complain when they were open relays for their neighbor's compromised machine
<infinity> lamont: In Ubuntu, we can probably change that to do it across the board.
<lamont> infinity: should I?
<Nafallo> infinity: but if we put a small package that pre-depends on postfix and dovecot-imapd and does some small seds in postinst? ;-)
<infinity> lamont: If it puts your heart a-twitter to do so.  I was planning on doing it anyway.
<lamont> Nafallo: modifying another package's config files is forbidden
<Nafallo> lamont: well, it isn't open relay by default surely?
<lamont> infinity: doing an upload anyway....
<lamont> Nafallo: it's an open relay for whatever is in $my_networks
<infinity> lamont: Doing the whole db4.x family?
<lamont> yep
<infinity> lamont: Right, well, go nuts with the NPTL change too, then.
<Nafallo> lamont: ah. right. and FQDN on those machines are the ISPs thingies...
* Nafallo ponders...
<lamont> Nafallo: the upstream default is all machines on the local subnet.
<Nafallo> lamont: debconf wrapper for modifying other packages things not allowed as well, right?
<lamont> which is bad on cable-modems and in co-lo centers
<infinity> Aye.
<Nafallo> agreed
<infinity> Nafallo: You want to wrap debconf in debconf?
<lamont> Nafallo: I'm all for making the admin answer the question, or edit the config later.
<lamont> hence the default (since I wasn't allowed to ask the question...)
* Nafallo ponders a bit more, just throwing ideas :-)
<lamont> infinity: care if I ignore the NPTL change for db4.{2,3}?
<lamont> I mean, 4.2 is _so_ dead, right?
<infinity> lamont: Just change 'em all, lazy man.
<lamont> (as in, why is that in main, still??)
<Nafallo> a new package in the task pre-depending postfix and running dpkg-reconfigure -plow postfix *s*
* lamont changes db4.2 and 3 _again_
<lamont> I don't think dpkg is that friendly
<infinity> lamont: It's in main because pitti and I need to do a reducing-duplication run again before gutsy+1.
<lamont> heh
<infinity> Nafallo: And we allow you to upload to the archive?
<Nafallo> infinity: I wouldn't upload until I get concent on the ideas. you should now that by now :-)
<Nafallo> know even
<lamont> infinity: 4.2 and 4.3 both lack NPTL_SUPPORTED_CPUS variables -> lose
<infinity> lamont: Oh, even better.  You don't have to change a thing1
<lamont> except for hppa/java dropping
<lamont> --> upload already
<infinity> lamont: Did you add lpia to the NPTL_SUPPORTED_CPUS list?
* infinity bats his lashes.
<Nafallo> infinity: those ideas are intrusive enough to demand a spec anyway btw :-)
<infinity> Spec, schmeck.  I upload intrustive things ALL THE TIME.
<lamont> 4.5 has NPTL mutexes disabled for everyone....
<infinity> I call it "work".
<infinity> lamont: Yay consistency.
<lamont> infinity: should I turn it on for giggles?
<Nafallo> infinity: wasn't that you who hexedited fglrx or something? :-)
<lamont> infinity: in 4.4, I eliminated the CPU check. :-)
<infinity> lamont: Clint's a bit schizophrenic.  I think I need to get back into bdb maintenance again for a bit.
<infinity> Nafallo: Yes.
<infinity> Nafallo: We still do it.
<Nafallo> infinity: I loved that one :-)
<lamont> so was that a yes on "turn on NPTL for all in db4.5"???
<lamont> infinity: what did we have to hexedit?
<infinity> lamont: What could possibly go wrong?
<lamont> LOL
<lamont> done
<lamont> #ifneq (,$(findstring z$(DEB_BUILD_GNU_CPU)z,$(NPTL_SUPPORTED_CPUS)))
<lamont> ifneq (,$(findstring z$(DEB_BUILD_GNU_SYSTEM)z,$(NPTL_SUPPORTED_SYSTEMS)))
<lamont> CONFIGURE_SWITCHES += --enable-pthreadsmutexes=yes
<lamont> endif
<lamont> #endif
<lamont> I win.
<infinity> lamont: SUSEish lib32/lib64 paths in the libGL.so binary.
<Nafallo> lamont: the path to something xorgish I think :-)
<Nafallo> lamont: re:hex
<lamont> trembling....
<infinity> lamont: There's nothing to fear, really...
<lamont> infinity: yeah, I've certainly done worse.
<jdstrand> Nafallo: I just got back from lunch-- I wouldn't have put a password in there either!
<jdstrand> so I am not clear on what was decided regarding openssh-server task.  Or was it tabled til next time?
<jdstrand> next meeting that is
<Nafallo> wtf... why do we need an LAMP exception? it's a TASK, not INSTALLED BY DEFAULT
<Nafallo> :-P
<dendrobates> I want to start working on the sshd tasksel, but no one volunteered.
<jdstrand> the task itself wouldn't be hard (haven't worked with tasksel myself, but certainly could).
<jdstrand> I was mainly getting at whether ssh should be enabled by default with LAMP
<nealmcb> Jekhar: the ruby version naming issue has already been reported: https://bugs.launchpad.net/ubuntu/+source/ruby-defaults/+bug/50480
<nealmcb> [where did ubotu go?] 
<dantalizing> ssh enabled by default with LAMP -1
<Nafallo> dantalizing: agreed.
<nealmcb> :-)
<nealmcb> bug 50480
<ubotu> Launchpad bug 50480 in ruby-defaults "Reported version is incorrect" [Undecided,Confirmed]  https://launchpad.net/bugs/50480
<Nafallo> I would want ssh on the virtual host and not in the lamp guest on that server :-)
<infinity> lamont: Oh, the LRM hack in question is correct-lib-path.c (and calls to correct-lib-path in debian/rules)
<Nafallo> anyone agrees?
<Nafallo> infinity: hmm. can we tell the bootthingie to install two tasks when choosing LAMP?
<lamont> infinity: that's not hexediting... hex editing requires manual human intervention
<jdstrand> Nafallo: I am inclined to agree.  It was brought up in the meeting that this use case as well as web developers wouldn't want it.
<infinity> lamont: I used to do it with a hex editor, before automating it.
<infinity> Nafallo: Of course we can.
<lamont> infinity: automation is good
<Nafallo> infinity: would you like that idea then? seperate tasks and make the starfeature install both of them, leaving the virtual box admin to install ssh-task on host and lamp-task on guest :-)
<jdstrand> the way I feel is how many users want it or don't want it.  If users really want it, what about having a lamp-ssh-server task in addition to lamp-server?
<jdstrand> not sure that is the best option, but it would at least address both sets of users
<Nafallo> jdstrand: naah. cluttering.
<dantalizing> i dont see the difficulty in a user adding ssh later
<dantalizing> server install should be minimal
<Nafallo> jdstrand: I rather have the bootmenu install both and then the regular installer have to choose them specifically.
<jdstrand> Nafallo: there is already talk of openssh-server task.  Not sure if adding lamp-ssh-server would be more clutter
<dantalizing> LAMP has an expected set of components
<dantalizing> SSH is not one of them
<jdstrand> Nafallo: that is still a little surprising to me, as a user, unless the bootmenu was clear that it is installing openssh-server
<dantalizing> if remote administration is the thing, why not install SSH with any "server" application
<jdstrand> dantalizing: aggreed
<jdstrand> s/aggreed/agreed/
<ScottK> Well it's certainly the first pacakge I install after a server setup.
<Nafallo> dantalizing: space+enter vs. login, apt-get, wait, logout
<jdstrand> without having studied any statistics, it seems that there is a large set of users who would install it immediately, and quite a few who wouldn't
<Nafallo> jdstrand: LAMP+SSH in the boot then :-)
<Nafallo> dantalizing: because of the non open ports policy :-)
<dantalizing> scottk, me too, but for a server it is much better to err on the side of forcing users to install stuff, than adding extra unneeded (sp?) stuff
<Nafallo> dantalizing: so better tick the box during install.
<Nafallo> then the user agreed to broke non open ports :-)
<dantalizing> yes
<Nafallo> and doesn't have to login after final reboot
<Nafallo> just reboot and go away, continue with what else to do.
<Jekhar> nealmcb: thanks
<Nafallo> and yes, raidcontrollers can take minutes of waiting better spent elsewhere...
<ScottK> dantalizing: Not trying to argue either way (I agree no open ports by default is a good policy.
<ScottK> I like Nafallo's tickbox idea.
<dantalizing> yes
<Nafallo> ScottK: what about alt. bootmenu to LAMP+SSH? :-)
<Nafallo> ScottK: as our keyfeature
<ScottK> Nafallo: Dunno.  LAMP + only SSH seems like kind of a detail.
<jdstrand> ScottK: IMO it is a critical detail leaving an open login port with letting the user know.
<jdstrand> s/with/without/
<ScottK> jdstrand: Agreed.
<ScottK> That's why I liked Nafallo's idea of asking if they want it.
<Nafallo> ScottK: you knew I was talking about the SUSE thing we use for choosing stuff after booting the iso, right? :-)
<jdstrand> ScottK: yes-- I believe there is consensus on having an openssh-server task, to check that box.  Please correct me if I am wrong.
<jdstrand> ScottK: there was also talk of enabling ssh with LAMP by default.
<Nafallo> ScottK: we have install, install lamp etc... would make sense to have install lamp+ssh and install both lamp and ssh task by that option.
<jdstrand> ScottK: this was all from the meeting today
<ScottK> Nafallo: No.  I've never run a suse server, just desktop.
<ScottK> Yes.  I was reading during the meeting, but didn't have much to say.
<ScottK> Nevermind then.
<Nafallo> ScottK: you still get the bootmenu on the iso that comes from SuSE originally :-)
<ScottK> OK.  It's been a long time since I installed a server from scratch.
<Nafallo> ScottK: F1-F6 to change options you know... :-)
<ScottK> Right
<Nafallo> ScottK: so select LAMP+SSH instead of having install LAMP and get no SSH?
<Nafallo> I think the option preseeds the installers taskquestion.
<Nafallo> infinity: correct?
<nealmcb> Jekhar: if you really need ruby, rather than a straight source compile you might see what the version in gutsy is, and build that source package on dapper (which does the compilation) and install the package it produces.  managing things via packages is a really good idea
<nealmcb> (i.e. if you really need _version 1.8.6_ of ruby...)
<jdstrand> dendrobates: since infinity is going to do the php page, I'll look at tasksel for openssh-server
<Nafallo> jdstrand: great! what about the LAMP vs. LAMP+SSH in the isomenu? :-)
<Nafallo> I haven't heard many arguments against...
<jdstrand> Nafallo: no not yet.  Hopefully we'll get some more input
<Nafallo> jdstrand: yea, that would be good :-)
<Jekhar> nealmcb: Um, I'm not exactly sure how to do that.
<Jekhar> But I'm pretty sure that gutsy has 1.8.2
<nealmcb> feisty has ruby 1.8.5 (despite what dpkg says).  I don't know what gutsy has, but it should be at least 1.8.5
<Nafallo> nealmcb: packagename?
<nealmcb> can someone with gutsy run "ruby -v"  (install "ruby" package)
<Nafallo>       ruby |    1.8.2-1 | http://gb.archive.ubuntu.com gutsy/main Packages
<nealmcb> bug 50480
<ubotu> Launchpad bug 50480 in ruby-defaults "Reported version is incorrect" [Undecided,Confirmed]  https://launchpad.net/bugs/50480
<dantalizing> getting ruby1.8.6.36-1ubuntu1
<Nafallo> dantalizing: *confirm*
<dantalizing> ruby 1.8.6 (2007-06-07 patchlevel 36) [i486-linux] 
<Nafallo> so the metapackage has the wrong version :-P
<Nafallo> and we import that from Debian
<Nafallo> and our ruby1.8 is probably updated in Ubuntu :-)
<dantalizing> so Jekahar should be ok
<Nafallo> there you go. your bug explained ;-)
<dantalizing> *Jekhar
<nealmcb> can someone give Jekhar tips on building that source package on dapper?
<dantalizing> i dont think there is a need...if i understand he was looking for 1.8.6
<Nafallo> ask jdong for a backport? :-)
<dantalizing> which is installed
<Jekhar> ruby 1.8.4 (2005-12-24) [x86_64-linux] 
<nealmcb> but he is running dapper, and gutsy isn't out yet....
<dantalizing> oic
<nealmcb> https://help.ubuntu.com/community/CompilingSoftware 
<dantalizing> looks like ruby is a basic configure/make/make install
<dantalizing> no autoconf
<Jekhar> Oh, yes indeed it is. I just did a wget from ruby-lang.org and did the usual install steps. I was going to use pbuilder but decided against it
<Jekhar> Would there be any need for me to upgrade svn on the server?
<nealmcb> Jekhar: did you put it in a different place than the default ruby?  or uninstall the default?
<nealmcb> Jekhar: changing svn would seem to invite more problems, unless there is some feature you need
<Jekhar> I put it in a different place as I could not find where the default was stored (I love having multiple people working on the same server). When I run "ruby -v" it reports 1.8.6, but I can't run any Rails "script" commands on the server
<bdmurray> mathiaz: every once in a while I see [2380777.861967]  smb_get_length: Invalid NBT packet, code=b6
<bdmurray> between my Feisty desktop and Dapper server
<bdmurray> and smb_add_request: request [ffff8100b5462e00, mid=2769]  timed out!
<mathiaz> hum.. does it crash you server or client ?
<bdmurray> the client hiccuped this time
<mathiaz> do you get a timeout ?
<bdmurray> I'm using rhthymbox to listen to music and it there was quite a pause in the song
<nealmcb> Jekhar: getting all the rails tools etc to find the right ruby stuff in an unofficial place may be a challenge - might want to ask on a rails channel.
<mathiaz> bdmurray: how do you mount your dapper server 
<mathiaz> bdmurray: with smbfs or cifs ?
<bdmurray> mathiaz: with smbfs
<mathiaz> bdmurray: could try to mount it with cifs ?
<mathiaz> bdmurray: smbfs is no longer supported.
<bdmurray> mathiaz: hunh, since when?
<mathiaz> bdmurray: well. Let me rephrase that - smbfs is not actively maintained by upstream
<mathiaz> bdmurray: anymore. Cifs is the successor/replacement for smbfs.
<bdmurray> so just a s/smbfs/cifs/ in my /etc/fstab?
<mathiaz> bdmurray: that should do it.
<bdmurray> mathiaz: neat, I'll have to experiment some then
<ajmitch> mathiaz: great, so next server team meeting will be at a different time? :)
<mathiaz> ajmitch: we don't know yet.
<mathiaz> ajmitch: it's just that we were running out of time. 
<mathiaz> ajmitch: so dendrobates asked if we should have more frequent meetings.
<mathiaz> ajmitch: I guess that 19:00 UTC would be a better time for you guys ?
<ajmitch> well, feature freeze is almost upon us
<ajmitch> yes, 7AM isn't too bad
<ajmitch> back in 10 minutes
<ajmitch> ok
<Innatech> having some trouble with a 7.04 install on SATA drives. I've tried with a dmraid mirror, an mdraid mirror, with boot on  a plain ext3 partition  and / on a  mdraid mirror, and finally with plain ext3 /boot and / partitions on a single drive. The failure mode is the same each time: install is OK from CD, and when complete you can chroot into target and do stuff--but when rebooting GRUB dies silently when you try and boot a kernel. 
<Innatech> break=premount doesn't help, it hangs forever at "starting up...."
<mathiaz> sommer: I've updated the ServerTeam Roadmap
<sommer> mathiaz: cool 
<mathiaz> sommer: with a section about tracking wiki pages on help.ubuntu.com
<nealmcb> mathiaz: thanks for all the bug triage also!
<mathiaz> nealmcb: yeah ! I finised the last bugs below 90 000 yesterday
<mathiaz> nealmcb: but ivoks did a lot of work too...
<sommer> mathiaz: I just got done reading through the dovecot doc for feisty and there are a couple of updates.
<sommer> Should I create a page under the section you created update drafts?
<sommer> if that makes sense?
<mathiaz> sommer: hum.. for now, I'd just list the pages.
<sommer> sure no problem.
<mathiaz> sommer: I've added a sentence "Here is a list of pages that requires some attention:"
<mathiaz> sommer: so you could just add bullet points below it, linked to the wiki page on help.ubuntu.com
<sommer> ya...what I was thinking was to add a link to the original page and a link to proposed updates.
<mathiaz> sommer: I don't think we need that structure.
<mathiaz> sommer: help.ubuntu.com/community/ is a wiki.
<mathiaz> sommer: so pages should be updated directly
<mathiaz> sommer: (there is always a history).
<sommer> ah...I'm with ya
<mathiaz> sommer: and I don't think that we have the man power to have a review process
<mathiaz> a wiki is supposed to be editable by anyone
<mathiaz> it should be easy to update a page
<ScottK> lamont: Would you have any interest in uploading the current git-core release before UVF?  There's a debian/control typo (milli found it when he was looking at it), so the debdiff is here: Bug 132527
<ubotu> Launchpad bug 132527 in git-core "Please merge git-core 1:1.5.2.4-1 from Debian Unstable (Main)" [Undecided,New]  https://launchpad.net/bugs/132527
<sommer> mathiaz: so is this page the official doc?  https://help.ubuntu.com/7.04/server/
<lamont> ScottK: what ubuntu-changes do we have, I wonder.
<lamont> and yes, I would be interested
<ScottK> We have none now.
<sommer> mathiaz: Is that also under community?
<mathiaz> sommer: that's the ubuntu server guide maintained by the doc team.
<ScottK> The only one I proposed is fixing the typo in the build-dep.
<mathiaz> sommer: it's not under the community umbrella.
<sommer> mathiaz:  gotcha, that's that doc where I found a couple of updates.
* ScottK is not a core-dev, so over to lamont ...
<mathiaz> sommer: the server guide is maintained in docbook.
<lamont> ScottK: I just played drumsticks on postfix/+bugs. :-)
<mathiaz> sommer: the community docs are located under help.ubuntu.com/community/
<ScottK> I saw.  Very nice.
<lamont> and I'll be uploading 2.4.5-2 and syncing that to ubuntu once I test the config changes
<mathiaz> sommer: it's a wiki.
* ScottK is subscribed to all Ubuntu postfix bugs as bug contact.
<sommer> mathiaz: aaaahhhh...my bad I was looking under the wrong area.
<mathiaz> sommer: if you want to update the server guide, you should contact the ubuntu-doc team.
<lamont> ScottK: rock
<ScottK> sommer: Or you can file bugs against ubuntu-doc and attach a patch.
<mathiaz> sommer: they'll be happy if someone wants to make some changes to the server guide.
<sommer> mathiaz: is the docbook source available?
<mathiaz> sommer: yes. it's in a svn repository I think.
<mathiaz> sommer: the DocTeam is also a community team.
<sommer> mathiaz: cool I'll check into it...at least for the dovecot page...heh
<lamont> ScottK: so debian's 1.5.2.4-1 has a typo?  or gutsy has different packages?
* sommer will look into joining the Doc Team.
<mathiaz> sommer: https://wiki.ubuntu.com/DocumentationTeam/
<ScottK> lamont: Deiban's 1.5.2.4-1 has a typo (it's been reported).
<ScottK> Debian even
<lamont> you have a debian bug #?
<sommer> mathiaz: thanks for the link.  I've got a migration to LDAP to do so I'll check in later.
<ScottK> No.  I'll go look.
<lamont> ah.  433196
<lamont> nm
<ScottK> Debian bug 433196
<ubotu> Debian bug 433196 in git-core "Typo of libcurl3-gnutsl-dev in Build-Depends" [Minor,Open]  http://bugs.debian.org/433196
<ScottK> That's the one.
<lamont> ScottK: given that (1) it's an obvious failure, and (2) marked as pending upload, I'm going to be evil and upload it as 1:1.5.2.4-1build1
<lamont> with only slight amounts of guilt
<ScottK> And then file a sync request?
<lamont> no.  upload that to ubuntu, and then 1.5.2.4-2 will autosync over it... and hopefully he wasn't lying about having it fixed for the next upload.
<ScottK> Ah
<ScottK> I see
<ScottK> Sounds good to me.
<lamont> LP# nnnn, yes?
<ScottK> Yes
<ScottK> Except there's no LP bug written for that
<ScottK> Oh
<ScottK> No
<ScottK> It's LP: #nnnn
<lamont> 132527 is the LP bug
<ScottK> Ah.  For the merge.  Got it now.  
<ScottK> I guess I should have put that in the debian/changelog I did.
<mathiaz> We hadn't had enough time to get to the Triagger section of the Roadmap during the meeting.
<mathiaz> The goal was to have a look at all the samba bugs below 90 000
<mathiaz> which has been reached.
<mathiaz> So I'd like to set another target for Triagging work.
<mathiaz> Either apache2 or php5 - any preferences ?
<ScottK> I don't have a personal stake either way, but it seems to me it'd make sense to deal with Apache2 first.
<ajmitch> php5 has 37 open bugs
<mathiaz> well - we'd target only New,Unconfirmed bugs
<mathiaz> apache2 has 13 and php5 has 18
<ajmitch> not too many in either case
<nealmcb> I'd guess that startiing with apache2 would be good
<mathiaz> ajmitch: I think it's realistic to have them triagged in 2 weeks.
<ajmitch> agreed
<mathiaz> we'll go back to samba later...
* ajmitch should catch up on the appropriate bug statuses to use
<ScottK> ajmitch: Invalid and Won't Fix are my favorites.
<ajmitch> heh
<ajmitch> eg https://bugs.launchpad.net/ubuntu/+source/php5/+bug/120103
<ubotu> Launchpad bug 120103 in php5 "PHP 5.2.3-ubuntu1 Broken - Problems with : /usr/lib/php5/20060613+lfs/" [Undecided,New]  
<ajmitch> I can't reproduce it, though I recall something like that in the past
<lamont> ScottK: uploaded
<ScottK> Cool.
<ScottK> Now all I need is an archive admin for a sync and my "Done before UVF" list is complete.
<lamont> ScottK: and about 21 hours or so
<ScottK> Yeah.
<lamont> er, that was git-core uploaded to gutsy, not debian
<lamont> what do you have that's sync-pending?
<ScottK> That's what I thought.
<ScottK> Bug #132543
<ubotu> Launchpad bug 132543 in pypolicyd-spf "Please sync pypolicyd-spf 0.4.1-1 from Debian Unstable (Main)" [Medium,Confirmed]  https://launchpad.net/bugs/132543
<ScottK> Is the one.
<lamont> oh.  spf crap
<ScottK> No, good SPF stuff.
<ScottK> It's a tool, not a panacea.
* lamont didn't think there was such a thing
<ajmitch> my todo list before UVF is only a mile long
<ajmitch> including a security update to do asap
<ScottK> lamont: I agree that SPF sucks, it just sucks less than the other available options.
<lamont> and breaks email
<lamont> go spf
<ScottK> Sure.  But only a little.
<lamont> spf: proof that college kids can write protocols
<ScottK> What's better and deployable currently?
<lamont> dkim is at least sensible
<ScottK> For combating domain forgery?
<ScottK> What does DKIM give you beyond another identity that the end-user doesn't see?
<ScottK> If they were going to do a proper policy component, I would agree.
<ScottK> Actually, though I see good synergy between the two.
<lamont> anyone who implements a collective-discussion interface via /etc/aliases will discover that spf doesn't allow users to send mail to that interface and have it delivered to their coworkers...
<lamont> there is absolutely no guarantee that email from user@foo.com will arrive from foo.com's mail servers.
<ScottK> That's true.
<lamont> SPF asserts that there is.
<lamont> and if you check that the mail comes from where foo.com says it must, then you bounce valid email.
<ScottK> SPF asserts that domain owners should be able to assert that one should be suspicious about mail that doesn't.
<lamont> I know that my company won't let me do that.
<lamont> (hurt when I did...)
<ScottK> Yes, but there is deployed forgery prevention scheme that doesn't do that.
<ScottK> DKIM breaks on most mailing lists and has the same "greeting card" problem that SPF does.
<lamont> the only real solution is end user signing... but they won't stand for that yet.
<ScottK> Right, so in the meantime, it's nothing or an imperfect solution.
<ScottK> Some will wait, some would prefer the imperfect solution.
<lamont> my big issue with spf was that the designers did their design, published it, got feedback about what they broke, and said (basically) "We choose to ignore that part of the spec, because it's inconvenient"
<ScottK> Well we are working on that bit now.
<lamont> until spf allows mail to come from anywhere, it breaks that part of the whole store-n-forward mail delivery architecture.
<lamont> 'which is to say, there's a lot of work there.
<ScottK> As an example, one "solution" to the forwarding problem is for recievers to whitelist known forwarders from SPF checks.  pypolicyd-spf now supports whitelisting.
<ScottK> The truth is thought that, except for alias forwarding, mail today is point to point (at least border point to border point).
<ScottK> Of course it's opt-in at the domain level, so we don't have to agree.
<lamont> whitelisting will help, that's always a good thign
<lamont> of course, that's the big issue with spam fighting in general.. how much of a false-{positive,negative} rate does $CUST feel is acceptable
<ScottK> Yes.
<ScottK> The data I've seen says the "forwarding problem" is generally a less than 1% (often much less) problem.  That may or may not be tolerable.
<lamont> well, it's idiots who don't know how to set up a mailing list, for the most part. :-)
<lamont> and .forward files
<ScottK> Yes.  That's in the less than 1% by volume.
#ubuntu-server 2007-08-15
* Starting logfile irclogs/ubuntu-server.log
<duluu> hello, I'm having problem with CNAME on bind9
<duluu> all other records are working, but CNAME 
<khermans_> is anyone using the linux-lowlatency kernel?
<duluu> khermans_: it's mostly used on desktops
<khermans_> duluu, for what reaosn?
<khermans_> duluu, and why is it in multiverse?
<duluu> khermans_: if you work with sound and video, it's you choice
<duluu> khermans_: on server it's useless
<khermans_> duluu, so the kernel patches are ideal for something like ubuntu studio?
<khermans_> if i am understanding you
<khermans_> its so that your audio/video gets highest priority
<khermans_> correct?
<duluu> khermans_: right, it's used by ubuntu-studio 
<khermans_> duluu, why is it in multiverse though?
<khermans_> some non-free patches from vendors?
<duluu> khermans_: i dunno
<kshahnjd> vsftpd is killing me, I could connect when I had the server next to me on a rinky dink router, now that its away from me on static, behind a different router, I can connect but can't a directory listing
<kshahnjd> *can't get
<kshahnjd> if anyone can help, id appreciate it
<khermans_> kshahnjd, you have passive ftp enabled?
<kshahnjd> let me check
<kshahnjd> vsftpd.conf?
<ajmitch> on the client side
<khermans_> kshahnjd, http://ubuntuforums.org/showthread.php?t=35642
<kshahnjd> reading
<khermans_> kshahnjd, as ajmitch said, make sure your client supports
* ajmitch wishes ftp would go away :)
<khermans_> ajmitch, i use ssh for everything nowadays...cmon!
<khermans_> kshahnjd, check out scp if you like...
<kshahnjd> scp?
<kshahnjd> i'm using filezilla btw
<ajmitch> filezilla supports sftp
<qman> yes, the internet would become so much better if ftp died off and sftp/scp took its place
<qman> unfortunately that's not yet the case
<qman> so, I was wondering if anyone could give me some advice on setting up a proxy server for wifi hotspot authentication
<qman> suggested software to use, or any guides or anything...right now the wifi is only secured by a 64-bit WEP key, and it would be much better overall to go the web proxy route
<kraut> moin
* Drazha is away (Please leave a message and I will get back to you as soon as po)
<cyrenity> hi all
<cyrenity> my ubuntu box is behaiving odd
<cyrenity> some times my dhcp hangs , some times my vpn hangs
<pmjdebruijn> cyrenity: my best guess would be bad hardware... are you using ECC memory, did you run memtest?
<cyrenity> no
<pmjdebruijn> try that
<cyrenity> its its DDR
<cyrenity> i have asuse borad
<cyrenity> with hard ware raid
<pmjdebruijn> uh
<pmjdebruijn> what hardware raid?
<pmjdebruijn> onboard?
<pmjdebruijn> cyrenity: ?
<pmjdebruijn> cyrenity: do you mean onboard raid? that's almost never hardware RAID, unless your motherboard cost $500
<cyrenity> on 
<cyrenity> dedicated hardware  raid
<cyrenity> card
<pmjdebruijn> cyrenity: what one?
<cyrenity> 3ware raid cards
<cyrenity> did three ware do problems in ubuntu
<cyrenity> pmjdebruijn u there
<pmjdebruijn> yes
<cyrenity> wths up
<pmjdebruijn> wths up?
<cyrenity> hey
<cyrenity> plz guide me 
<cyrenity> how i check all thses memmory stuffs and raid stuff remotely
<cyrenity> my linux box is behaving odd
<pmjdebruijn> cyrenity: you probably need to go local... take a look at your dmesg
<cyrenity> vpn drops some times
* pmjdebruijn doesn't have a lot of time
<cyrenity> see http://pastebin.com/m79fd1b93
<pmjdebruijn> you're using software raid
<pmjdebruijn> there's something wrong with either software raid and or reiserfs?
* pmjdebruijn wouldn't use ReiserFS anyway... ext3 is basic storage and xfs for big storage
<pmjdebruijn> cyrenity: I thought you had a hardware raid card?
<cyrenity> yes
<cyrenity> 3ware
<pmjdebruijn> that dmesg isn't complete
<pmjdebruijn> and your scsi device, seems to pass the harddrive without RAID
<pmjdebruijn> cyrenity: what RAID card do you have?
<pmjdebruijn> cyrenity: to fix you probably need to go onsite... (at least that's my guess)
<cyrenity> hum
<cyrenity> but i do there
<cyrenity> 3ware raid controller and i did raid 1 on these machines
<ScottK> I saw a mention of Debian Bug #411487 on the Debian Python Modules list.  I don't see an Ubuntu bug on this, but someone who uses php, might want to see if we have this problem too. (I don't use php).
<ubotu> Debian bug 411487 in libapache2-mod-python "libapache2-mod-python: md5 calculation conflicts with php5-mhash module" [Important,Open]  http://bugs.debian.org/411487
<cyrenity> but how i check things
<cyrenity> any idea?
<lcdd> cyrenity: the disks are supposed to show up as one single drive in the OS when using hardware raid. . it seems your disk controller is not configured for a raid at the moment
<cyrenity> oh
<cyrenity> no am seeing it as single disk
<cyrenity> raid is working
<cyrenity> here prb is 
<cyrenity> my machine is behaving odd
<cyrenity> its going hangs for some times and again resume
<cyrenity> i have no idea what to see n what to not
<cyrenity> according to me machine is ok
<cyrenity> i wont check raid status
<cyrenity> hay did u check my dmesg
<cyrenity> i have upload it 
<cyrenity> http://pastebin.com/m79fd1b93
<cyrenity> hei
<cyrenity> if machine reboot for 2-3 times for no reason
<cyrenity> whats the cuase
<pmjdebruijn> could be a number of things
<pmjdebruijn> cyrenity: if it would be a single disk, your dmesg wouldn't report a WDC harddrive
<pmjdebruijn> #
<pmjdebruijn> sd 0:0:0:0: Attached scsi disk sda
<pmjdebruijn> #
<pmjdebruijn>   Vendor: ATA       Model: WDC WD1200JS-00M  Rev: 02.0
<cyrenity> then
<pmjdebruijn> that's not hardware RAID
<cyrenity> hum
<cyrenity> is it showing any error
<cyrenity> what this mean
<cyrenity> <cyrenity> if machine reboot for 2-3 times for no reason
<cyrenity> <cyrenity> whats the cuase
<cyrenity> <pmjdebruijn> could be a number of things
<cyrenity> <pmjdebruijn> cyrenity: if it would be a single disk, your dmesg wouldn't report a WDC harddrive
<cyrenity> <pmjdebruijn> #
<cyrenity> <pmjdebruijn> sd 0:0:0:0: Attached scsi disk sda
<cyrenity> <pmjdebruijn> #
<cyrenity> <pmjdebruijn>   Vendor: ATA       Model: WDC WD1200JS-00M  Rev: 02.0
<cyrenity> <cyrenity> then
<cyrenity> <pmjdebruijn> that's not hardware RAID
<cyrenity> <cyrenity> hum
<cyrenity> <cyrenity> is it showing any error
<cyrenity> Aug 15 13:26:05 2101FATSRV kernel: [17179569.184000]   BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
<cyrenity> Aug 15 13:26:05 2101FATSRV kernel: [17179569.184000]   BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
<cyrenity> Aug 15 13:26:05 2101FATSRV kernel: [17179569.184000]   BIOS-e820: 00000000000e4000 - 0000000000100000 (reserved)
<cyrenity> Aug 15 13:26:05 2101FATSRV kernel: [17179569.184000]   BIOS-e820: 0000000000100000 - 000000007ffb0000 (usable)
<pmjdebruijn> cyrenity: you DON'T NEED TO PASTEBACK
<cyrenity> Aug 15 13:26:05 2101FATSRV kernel: [17179569.184000]   BIOS-e820: 000000007ffb0000 - 000000007ffc0000 (ACPI data)
<cyrenity> Aug 15 13:26:05 2101FAT
<cyrenity> ya sorry
<pmjdebruijn> those are not errors
<cyrenity> hey
<cyrenity> therse lots of msg for kernel in syslogs
<cyrenity> am reading syslogs
<cyrenity> see this 
<cyrenity> http://pastebin.com/m725fc563
<cyrenity> is this a error
<pmjdebruijn> no, why would you think that?
<pmjdebruijn> cyrenity: please paste an 'lspci' on a pastebin
<cyrenity> here http://pastebin.com/m15a7fd5c
<cyrenity> actually in morning that machine hangs and reboot 3-4 times
<cyrenity> now works fine
<cyrenity> my boss is asking reason for that
<cyrenity> i wont see any bad thing
<pmjdebruijn> oh you have a 3Ware
<cyrenity> yes
<cyrenity> i told u
<cyrenity> previously
<pmjdebruijn> but I see this is a desktop machine
<pmjdebruijn> cyrenity: I know, you never answered me what brand it was
<cyrenity> its ubuntu ltsp server
<cyrenity> i told u
<cyrenity> sorry for that
<cyrenity> is there any prb
<pmjdebruijn> not that I can see
<pmjdebruijn> but your dmesg isn't complete
<cyrenity> should i send u again
<pmjdebruijn> cyrenity: it's not complete...
<pmjdebruijn> cyrenity: stuff scrolled out of the buffer
<pmjdebruijn> you could check /var/log/messages
<pmjdebruijn> however, I have to run...
<cyrenity> ok
<cyrenity> thanks
<Drazha> stupid question
<Drazha> how do I install sshd on ubuntu server?
<pmjdebruijn> sudo apt-get install openssh-server
<pmjdebruijn> Drazha: sudo apt-cache search ssh
<Drazha> what does apt-cache do again?
<infinity> Allows you to search for things, and other fun stuff.
<infinity> pmjdebruijn: And there's no reason it needs to be run as root.
<pmjdebruijn> oh indeed
<pmjdebruijn> maar dat wordt snel gortig duur
<jdstrand> dendrobates: I emailed you the updated auth-client-config package and cc'd keescook
<Drazha> another stupid question: how do I list files that have been installed with a package?smth like rpm -ql blabla.rpm ?
<jdstrand> dpkg -L package (man dpkg)
<Drazha> thanks
<Drazha> dare I chance another stupid question?
<mralphabet> you don't need our permission to ask questions
<Drazha> nah, just kidding
<Drazha> got fed up of myself being a luser so just googled it
<Drazha> thank god there is tonnes of stuff on ubuntu on the net
<mralphabet> info about ubuntu on the net? no way! ;)
<ewook> huh?
<lamont> ewook: I believe that's called "sarcasm"
<Drazha> yeah, like, I googled ubuntu and it said: there are zillion entries, please engage tachyon cerebrlan interface for information interface
<ewook> lamont: oh shit. fattade inte det.
<Drazha> and I was like... no way! what am I? Section 9 agent?
<ewook> lamont: oops. I meant oh shit, didn't get it :)
<ewook> to many open channels makes my head spinn.
<lamont> swiss?
<ewook> swede.
<lamont> ah, ok.
<lamont> figured it was some $LANG muttering, but didn't recognize it
<ewook> :)
<jdstrand> keescook: hi-- did you see my email about auth-client-config?
<keescook> jdstrand: hi!  yes, thank you.  I will apply it shortly (catching up on email currently)
<jdstrand> keescook: so the build daemons build as root?
<keescook> jdstrand: nope; likely use fakeroot
<keescook> I use "sbuild" to do my builds since that's as close as I can get to the buildd's
<keescook> since I do security updates, I need to have as close an environment to them as possible.  :)
<jdstrand> keescook: oh I see, so you tried the build first
<keescook> yup
<jdstrand> alright-- I only got a portion of the errors, but the fix is the same.  the tests will run as root, non-root, fakeroot, whatever-root!
<jdstrand> thanks for taking care of it.  I appreciate it
<keescook> jdstrand: cool; thanks for fixing it.  :)  I've uploaded the new 0.4 now.
<jdstrand> keescook: that was quick!
<jdstrand> keescook: much faster than my response to you  :)
<keescook> jdstrand: well, you happened to be right there in my email.  :)
<keescook> and I had really already done all the review work yesterday; your fix was small, so easy to re-review.  :)
<jdstrand> can't get too much smaller-- 3 lines of code in one and 1 line of code in the other
<jdstrand> I'm glad it made it in before the freeze.  It has several enhancements that will be particularly useful for use in packaging.  so thanks again
<keescook> you bet; I'm glad to have it available.  :)
<mralphabet> when is feature freeze? tomorrow?
<keescook> mralphabet: yup (https://wiki.ubuntu.com/GutsyReleaseSchedule)
<mathiaz> keescook: about FF and apparmor
<mathiaz> keescook: I need to get a new kernel module to test the new userspace apparmor
<mathiaz> keescook: so how would this play with FF ?
<keescook> mathiaz: it will be trivial to get an exception; we have been blocked on the kernel portion
<mathiaz> keescook: ok. That's good new then.
* Starting logfile irclogs/ubuntu-server.log
<kshahnjd> how do I properly configure /etc/hosts/ and /etc/network/interfaces for a server located behind a router (which is statically assigned a real IP)
<kshahnjd> or a m than i can r would help
<mathiaz> kshahnjd: try help.ubuntu.com
<kshahnjd> mathiaz: I couldn't find what I was looking for in that documentation, it looks like it is for the desktop edition
<kshahnjd> http://doc.ubuntu.com/ubuntu/serverguide/C/ where im going
<qman> your hosts and interfaces files will depend entirely on your local network
<qman> what network cards your machine has, what networks it's connected to, and what other hosts there are that you need
<kshahnjd> I just want to prepare for a DNS transfer
<kshahnjd> I've never done this by myself and not with help for 10 years
<kshahnjd> I don't remember BIND, or host files, anything
<qman> well, I don't even use my hosts file, it's only got the default information in it
<kshahnjd> the server (a laptop incidently) is sitting behind a linksys router which has static external ip
<kshahnjd> the router is forwarding all ports to the server
<kshahnjd> that's the extent of my config, except for the interfaces file where i told it to take 192.168.1.98
<qman> here's the /etc/network/interfaces on my front end box...eth0 is dhcp to my ISP, and the other three are static
<qman> http://pastebin.com/m31854106
<kshahnjd> similar to mine
<qman> I've got an older laptop running a web server, too...they make pretty decent servers on a small scale, an all in one UPS and server
<kshahnjd> hehe true
<nealmcb> good - launchpad is getting more flexible - they are beginning to serve as an openid provider.  See e.g. the login for https://shop.canonical.com/
<nealmcb> kshah: what services will your server be providing?  Given your routing setup, for some services, setting it up as a dumb dhcp client would seem to work fine with no /etc/hosts or dns work at all.  in other cases it really needs to know what IP it appears to be to the outside world and you'll need to find that out somehow
<nealmcb> ...and plug it in to the appropriate config files
<ries> Hey Guys, what version of php is supplied with teh latest version of ubuntu?
<dendrobates> ries: php 5.2.1 is in  feisty 
<ries> alright, thanks...
<infinity> (5.2.1 + security fixes, of course)
<ries> ofcourse.... 
<ries> is an update from 6.x to 7.x easy?
<ries> I have a couple of server runnign XEN I need to upgrade
<mathiaz> ries: from which version are you trying to upgrade ?
<ries> let me check...
<mathiaz> ries: 6.06 -> 6.10 and 6.10 -> 7.04 is supported.
<ries> I think I have 6.06
<ries> how can see that?
<ries> cat /etc/debian_version just shows testing7unstable
<ries> $ cat debian_version
<ries> testing/unstable
<mathiaz> ries: cat /etc/lsb-release
<ries> DISTRIB_DESCRIPTION="Ubuntu 6.10"
<ries> looks good then :)
<ries> can I just change my sources list and do a dist-upgrade?
<infinity> Generally, yeah.  Watch what it plans to do, of course.
<nealmcb> ries: versions in ubuntu are timestamps, so 6.10 (october of 2006) is generally as different from 6.06 as it is from 7.04
<ries> nealmcb: Never knew that schema... thanks for teh tip :)
<nealmcb> ries: I've heard that dist-upgrade doesn't do a lot of the checks that the update-manager does - but the latter may still only be available as a gui
<mathiaz> nealmcb: I think that update-manager has a cli version
<nealmcb> mathiaz: in which versions?  see https://wiki.ubuntu.com/ServerUpgradeTool
<mathiaz> nealmcb: hum.. May be the latest version only.
<mathiaz> nealmcb: I had a brief talk with mvo about it during the last sprint
<ries> nealmcb: it's a server.... I don't have a gui as far as I know...
<ries> I never had problems with dist-upgrade when I was using ubuntu
<nealmcb> ries: so I'd advice good backups (as usual) and attention to warning messages.  I wish I understood better what update-manager was doing
<ries> sorry... when I was using Debian
<ries> I expect Ubuntu will be more or less the same...
<ries> I'll make a backup of mu domU, upgrade and see what happens
<nealmcb> ries: nor I.  but I heard reports of problems especially when upgrading to edgy
<nealmcb> edgy == 6.10
<ries> I want to install my server with 7 sicne I see that XEN is included...
<ries> then I can get rid of my custom installation...
<ries> I hope that my server hardware will be recognized correctly though...
<ries> with edgy I had mayor problems with the raid controller
<ksclarke> I've put ubuntu server on a machine and am a bit surprised to discover feisty is using 2.1.3 of wordpress
<ksclarke> I'm new to ubuntu but it looks like edgy/dapper had a more recent version of wp but dapper doesn't?
<ksclarke> feisty I mean
<ksclarke> unless I use the back-ports option
<ksclarke> is all this correct or am I misunderstanding something?
* ScottK is looking
<Pumpernickel> Dapper had 2.0.2, feisty has 2.1.3.
<ScottK> And 2.2.2 is in Gutsy.
<ksclarke> ah, I misread the 2.0.x in the earlier ones for the 2.2
<ksclarke> so if I want a secure wordpress I need to get that package from gutsy
<ksclarke> the wordpress site makes it seem like 2.2 is a mandatory upgrade
<nealmcb> http://wordpress.org/download/legacy/ says they are committed to keeping 2.0 secure for 10 years
<nealmcb> ksclarke: ^
<nealmcb> sorry... "until 2010"....
<ksclarke> yeah, but feisty has 2.1.3
<ksclarke> or is it 2.3.1
<ksclarke> must be 2.1.3 because latest is 2.2
<nealmcb> ksclarke: sounds plausible.  seems like dapper needs a security update also?  to e.g. 2.0.11?  But I haven't looked at the security issues
<ksclarke> well, I guess I'll have to figure out how to pull gutsy packages into feisty later tonight
<ksclarke> thanks
#ubuntu-server 2007-08-16
<kraut> moin
<juliux> hi all
<winsubu> halo guys, i have to put up a gateway running ubuntu, i want to know can i have two or more default routes (multi homes gateway) in ubuntu?
<kraut> winsubu: you didn't understood the meaning of a default route.
<kraut> winsubu: you could have severall routs, but only _one_ default route
<kraut> oh, sorry
<kraut> yes, that's possible, but it's not perfectly working
<kraut> the route must shutdown completly to use the redundant route.
<kraut> winsubu: you could do for example a ping check over the active default route and if it fails, you could deactivate it and use the other one.
<kraut> but remind that this isn't session-transparent.
<winsubu> kraut, ok well i have two adsl routers with ip's so i was thinking putting the one router as the default and add an ip alias to the nic and putting the other as it's default route then having squid run on the box, you could connect to IP:3128 -> going via router ip1 | or connecting to squid IP/ALIAS:3128 -> going via router ip 2
<winsubu> so i guess it can be done :) man i am impressed with ubuntu,
<winsubu> i am using gentoo currently but my head is so sore from all the source compiles and manual kernel compiles,
<kraut> winsubu: yes, but round-robbin won't work
<kraut> gentoo sucks hell
<winsubu> kraut, thats ok, any way i can get a round robin to work with my setup?
<kraut> it has only advantages, if you are a programmer and you need the sources
<winsubu> hehehe SHHH dont say that too loud
<kraut> i don't think a round-robbin would be possible
<kraut> because your external IP will flap then
<kraut> and your sessions will fail
<winsubu> unless i have two config files, do a cron to do a ping every 5 mins, if the ping fails or time out have cron execute a script to rename the net config and do a networking restart?
<winsubu> ok thats a great help thanks kraut 
<ICU> hmm there is no round-robin in this scenario, is it?
<ICU> you could probably do the trick by using a combination of destination/source nat and routing but this would require to have at least a proper routing. i'm not really sure how to handle that
<ICU> perhaps you could solve this by using ip only, but i'm not that familiar with the ip interface :P
<winsubu> well you could get something like monit to ping the routers every 5 mins and if no response comes back then rename the netowork settings file and restart the network, then you could be using router 1 or router 2 but thats quite manual :P
<dthacker> winsubu: are interested in load balancing, failover, or both?
<winsubu> yes,
<dthacker> :)
<winsubu> dthacker, you got a howto?
<ICU> hmm oh no need to do that
<dthacker> winsubu:  I was trying to think of a way to apply what I know about linux-ha, ldirectord and crossroads to your situation, but I have not found a way to apply these to what you are doing.
<ICU> if ping fails you could just delete the old default route and add an new one
<dthacker> linux-ha will move a virtual ip back and forth between two linux machines, but it must live on the machines.  Can't run it on routers ;)
<dthacker> using the KISS principle (Keep It Simple Silly) then I would follow ICU's suggestion
<stiV> hi everyone ... not sure this is the right channel, but maybe someone can help or redirect me somewhere i can ask my question: i have my own debian mirror, (self signed etc...) and some own packages. the packages work fine, except one package has an initscript that starts/stops a daemon. (perl) the problem is when i upgrade the package and the daemon is already running when the script tries to start it or already stopped whe
<stiV> the "Hangup" does not come from the initscript - when i do this manually (stopping multiple times, starting multiple times) everything works ok --- if running, it tells me and if already stopped in tells me that too.
<stiV> exit status is always 0 (checked by echoing $? right after the commands)
<stiV> anyone have a suggestion how i can get my postinst script to ignore this and just go one (everything works if i remove that starting part, but i want it to do that...!)
<stiV> "go one" = "go on"
<stiV> google is not really helping there
<stiV> ah and i tried to remove the "set -e" --> doesn't help
<ScottK> stiV: #ubuntu-motu is generally a better channel for packaging related questions (and I think that's what that will amount to).
<stiV> thanks ;)
<[diablo] > hi guys
* [diablo]  is also known as [miles] 
<[diablo] > http://tinyurl.com/327rgv <--- my swap from kde to gnome... I actually like Gnome for the first time in 7 years
* infinity wonders how that's relevant to -server ...
<[diablo] > none what so ever
<[diablo] > mere conversation
<Drazha> hm, for some strange reason when I try to install smth with aptitutde install its asking me for the install CD
<Drazha> why????
<ScottK> Probably because you have the CD active in your sources.list
<dendrobates> Drazha: sudo vim /etc/apt/sources.list
<spiekey> hi
<spiekey> where can i change the umask value golbally in ubuntu?
<spiekey> i changed it in /etc/login.defs, but when i now log in its still 022(i changed it to 007)
<dendrobates> spiekey: it is probably being overwritten by /etc/profile.
<nealmcb> spiekey: hmmm - googling leads me to a nautilus problem, but this may be old:  http://ubuntuforums.org/archive/index.php/t-130937.html
<nealmcb> what desktop do you use?
<nealmcb> debian bug 314796
<ubotu> Debian bug 314796 in libgnomevfs2-0 "Nautilus doesn't respect ACL when creating new files" [Normal,Fixed]  http://bugs.debian.org/314796
<dendrobates> spiekey: Just changing it in /etc/profile should fix your problem.
<Drazha> hm
<ScottK> Is there anyone here who is familiar with using milters with Sendmail that would have a moment to discuss it?  I'm trying to make sure the Ubuntu package for dkim-filter has a default that's reasonable for both Postfix and Sendmail.
<Drazha> I installed this same and identical copy yesterday and did the same thing and never got this message
<nealmcb> yeah - hmm - that bug is for a different problem
<jdstrand> ScottK: what is your question.  I have used milter, but haven't used dkim-filter.
<ScottK> The dkim-filter can listen on a Unix socket or on TCP, e.g. /var/run/dkim-filter/dkim-filter.sock or inet:8891@localhost or inet:12345@192.0.2.1
<ScottK> The Debian package defaults to the socket
<ScottK> This is problematic for a chrooted Postfix.
<ScottK> So I changed it in Ubuntu to use the loopback.
<ScottK> No chroot issues that way.
<ScottK> My question is, is that a problem for Sendmail?
<jdstrand> I have always used the unix socket.  let me pull out my bat book
<ScottK> Thanks.
<jdstrand> while I am looking-- have you considered a hard link (haven't looked at the postfix packaging...)
<ScottK> That would work I think, but would be more complexity.
<jdstrand> yeah-- no sweat.  something along the lines of:
<jdstrand> INPUT_MAIL_FILTER(`prog', `S=inet:port@localhost')
<jdstrand> obviously there is more you can do with that, but it is fully supported and easy enough to adapt the current milter settings for sendmail (if there is one)
<jdstrand> basically replace the current `S=/var/run/dkim-filter/dkim-filter.sock' with `S=inet:8891@localhost'
<ScottK> Right.
<ScottK> OK.  The first upload I did "works", but isn't what I think we should release with.
<ScottK> Let me see what I can do with that.  Thanks.
<jdstrand> np
<jdstrand> just for thoroughness, sendmail can support 'local' 'inet' and 'inet6' ('unix' is a synonym for 'local')
<ScottK> Thanks.
<jdstrand> I also had a typo in the text I said to replace, but I bet you spotted it
<jdstrand> s#`S=/var/run/dkim-filter/dkim-filter.sock'#`S=local:/var/run/dkim-filter/dkim-filter.sock'#
<ScottK> I hadn't, but I haven't actually sat down to update the package yet.  I hope I would have then.
<ScottK> It's next in the queue after the current bit I'm doing.
<spiekey> dendrobates thanks!
<Drazha> does anyone know if plesk 8.2 will work on ubuntu 7.04?
<dantalizing> Drazha, its certified for 6.06, I would imagine if there are issues, they'd be minor.
<Drazha> dantalizing, hmm, so I guess its trial and error then :)
<dantalizing> its more fun that way
<Drazha> :) I have just about enough of "fun" in my life :)
<dendrobates>  bug 118977
<ubotu> Launchpad bug 118977 in samba "winbindd will not start do to invalid cache path" [High,New]  https://launchpad.net/bugs/118977
<jdstrand> dendrobates: you know, it just occurred to me that you said auth-client-config is in main now-- I was thinking you said 0.4 made it into universe before the freeze
<jdstrand> dendrobates: I would like to revise my statement.  I am very, *very* pleased.  :) thanks!
<dendrobates> jdstrand: it was approved for main.  It might take some time for it to show up.
<bdmurray> dendrobates: bug 130324 looks interesting but I am unsure how to classify / flag it for the server team.
<ubotu> Launchpad bug 130324 in Ubuntu "LAMP fails to create necessary files in /var when LVM used" [Undecided,Incomplete]  https://launchpad.net/bugs/130324
<dendrobates> bdmurray: make it an apache bug
<bdmurray> dendrobates: okay, do you think it is apache or maybe LVM?
<dendrobates> bdmurray: I'm not sure but if you want us to look at it apache is better.
<joshritger> can anyone tell me if i can use ubuntu server to share two drives that are formated in ntfs and have files on them already?
<lcdd> yes, you can read off them
<joshritger> lcdd: can I write to them from a networked computer?
<mralphabet> joshritger: reading / writing is controlled by the OS that the drives are connected to.  NTFS writing in linux is not not something I would describe as stable.  It makes no difference where the write comes from, it is still the local machine handing the data to the drive to be written.
<gamble6x> As far as I can see ntfs-3g is not in aptitude for 6.06 LTS
<ScottK> gamble6x: Do you have Universe enabled?
<gamble6x> but arguably you could install that and it should work fine as long as you haven't done any NTFS encryption.
<joshritger> I am trying to setup a fileserver that will be able to share files with my ubuntu box and my windows box, I know about samba
<gamble6x> yes
<joshritger> can I share the two drives that are ntfs from my ubuntu server and read and write to them from windows or ubuntu?
<gamble6x> joshritger: as I said.  ntfs-3g seems to be "pretty good" at reading/writing NTFS drives.  So if you mount the drives on an ubuntu server with ntfs-3g it should work well enough shared through Samba or whatever you like.
<joshritger> ok
<gamble6x> however, if you are able, it would be best to backup the data elsewhere and convert the drives to something Linux native.
<joshritger> ok, which filesystem do you recommend?
<gamble6x> but because ntfs-3g is not in the repos (as best I can tell) you'll have to install it yourself.
<joshritger> k
<joshritger> which linux native filesystem do you recommend?
<ScottK> It was first packaged in Edgy, so no, it's not in Dapper.
<joshritger> ok
<qman> ext3 is the tried and true basic system...reiserFS is good with lots of small files, and XFS is good with big files
<joshritger> ok
<ScottK> ReiserFS is also essentially unmaintained.
<joshritger> i think i will  go  with ext3
<joshritger> I just have to figure out where to back up my stuff too first
<joshritger> LOL
<gamble6x> ext3 is still my top pick.  Others are slightly faster at moving smaller or larger files depending, but overall ext3 is a nice average speed journalized filesystem that is rock solid.
<joshritger> ok, i think i will try that as soon as I get my server up and running
<qman> yeah, the performance difference is in my experience not that great, unless you really tune it to a specific application
<gamble6x> but I'll freely admit that as an opinion.  Others might tell you riser or something else.
<joshritger> I am most familiar with ext3 so I think that is what i will go with
<qman> I'd sooner buy faster disks
<joshritger> most of my files that are used off of the disks are music files, but some occasional storage also
<qman> well, the "small" cutoff for reiserFS being better is around one megabyte
<joshritger> ok, so ext3 sounds best for now
<qman> so music files aren't going to gain from it, and XFS is going to be about a wash, since they're not really big either
<joshritger> thanks for the help, maybe once I actually get it running I can ask some more questions on more tedius matters
<qman> if you're having trouble finding extra space to back up to, you might look into resizing partitions, but that's also considered somewhat unstable
<joshritger> ok
<joshritger> I have enough space I just have to figure out what to move where
#ubuntu-server 2007-08-17
<dho_ragus> LDAP drives me nuts.  i just can't find any good explanation of it.
<jbrouhard> hey PanzerMKZ
<PanzerMKZ> yo
<jbrouhard> how's things going??
<PanzerMKZ> well good if I could get my hands on some big fat scsi drives
<jbrouhard> *chuckles*
<jbrouhard> i bet
<jbrouhard> makes two of us to be honest
<PanzerMKZ> I have that prob of having ok boxen. dual 733 with 2.8gig ram.
<PanzerMKZ> but only 50gig of drive space
<jbrouhard> heh
<jbrouhard> Quad Xeon 900Mhz, 2GB RAM
<jbrouhard> and only 36GB in 4 9G drives
<PanzerMKZ> yea my working 6450 has dual 700/2 with 2g and 4x18's
<PanzerMKZ> but I am wondering if you got my email asking how you got deb on that sys
<jbrouhard> I got it.. you never got my reply?
<jbrouhard> i used boot floppies
<jbrouhard> the IDE controller apparently is bad
<PanzerMKZ> ok well tomorrow I guess I try to install ubuntu on mine
<jbrouhard> good luck
<PanzerMKZ> looking into k9copy now
<PanzerMKZ> well ain't like it matters
<PanzerMKZ> I will scrap the box if I have to
<jbrouhard> heh
<jbrouhard> I have 2 18GBs right now
<jbrouhard> I need bigger drives to cover the 80G drive i have up now
<PanzerMKZ> yea
<jbrouhard> but i can use the Quad Xeon for a dummy machine while we buidl a SATA-based server
<jbrouhard> which is kinda what we're gunning for... if I had parts for it
<PanzerMKZ> ugh
<PanzerMKZ> I would like a sas server
<PanzerMKZ> but yea those are costly
<jbrouhard> eh
<jbrouhard> SAS is "ok"
<PanzerMKZ> just ok?
<jbrouhard> Depends on how you set it up i guess
<PanzerMKZ> how would you set up?
<jbrouhard> single server with a IDE Hard drive
<jbrouhard> and several SATA drives spanned/mirrored
<jbrouhard> puts a good 4U rackmount to use
* jbrouhard has done that before.
<PanzerMKZ> yea
<PanzerMKZ> but I was thinking one of those 12 bay sas boxen 2u
<jbrouhard> Network Attached Storage is also a sweet deal, but it has one disadvantage of:  it fail, you're fucked
<PanzerMKZ> I got 4u's coming out everywhere
<jbrouhard> That might work
<PanzerMKZ> yea
<PanzerMKZ> funny thing is I have been scraping the big 4u dual p2 and p3 boxen
<jbrouhard> lol
<PanzerMKZ> got the procs out of the p3's and the vrm and raid controllers out of them both
<PanzerMKZ> but that is bout it
<PanzerMKZ> no drives of course
<jbrouhard> heh
<jbrouhard> what i want to do is set up a SATA RAID server
<jbrouhard> but I'm having trouble finding a decent Debian-supported SATA controller
* dthacker sees p3 on the bottom 'o the food chain here too
<PanzerMKZ> where is here?
<jbrouhard> St. Joseph, Missouri.
<dthacker> nebraska,  I get some machines surplus from the university med center
<dthacker> Omaha, Nebraska
<jbrouhard> I can probably find one down south in KC (overland park, KS)
<jbrouhard> Omaha ?
<jbrouhard> Fuck me
<jbrouhard> you're 2 hours from me :)
<jbrouhard> I know a lot of guys up there.. one of my tournament buddies works in Gretna, NE.
<dthacker> yep, close enough to throw rocks
<PanzerMKZ> well I just got my first freebie quad p4 xeon box
<jbrouhard> LOL
<PanzerMKZ> but the boss called that one
<PanzerMKZ> got NeXT systems too
<dthacker> shoulda told him it wouldn't boot
<PanzerMKZ> it won't
<PanzerMKZ> no drives
<dthacker> LOL
<jbrouhard> lol
<jbrouhard> dthacker: if you land any 2U rackmounts that can support ATX boards and SATA drives
<jbrouhard> let me know please
<dthacker> ok, the med center doesn't free up many rackmounts
<PanzerMKZ> check out servercases.com
<dthacker> I have way too many antiques
<PanzerMKZ> yea I hvae great solution for that
<jbrouhard> What do you mean by antiques ?
<dthacker> IBM RS/6000 J30, Compaq ProLiant 6000 (thing must be 12U)
<jbrouhard> my *buntu team might be looking at getting some machines to put our projects together
<PanzerMKZ> well darn if you where close then I would take that 6K off your hands
<jbrouhard> my biz is looking to get a pair of servers put together to handle our new workloads
<dthacker> IBM is vintage 1995
<PanzerMKZ> well I still got those DL360's
<jbrouhard> *chuckles*
<PanzerMKZ> and yours has not moved yet
<dthacker> jbrouhard: the thing is such a power hog
<jbrouhard> hehe..
<jbrouhard> that IBM has to be huge...
<jbrouhard> and requires special power adaptors i bet
<dthacker> yep, it
<dthacker> it's a micro-channel architecture
<jbrouhard> ew
<jbrouhard> b*tches to hook up
<jbrouhard> Right now, i need to replace the SCSI drives i currently have
<jbrouhard> i have 4 9GB drives in my PowerEdge 6450...
<jbrouhard> I need to get the total drive space to as close to 80GB as possible
<PanzerMKZ> well then replace them
<dthacker> that's why I let the other one go to scrap.  I just scrapped out three old RS/6000's because they needed 230V power
<dthacker> jrbrouhard: SCSI2? FastWide?
<PanzerMKZ> u160 on the 6450
<jbrouhard> U160
<jbrouhard> like PanzerMKZ said
<dthacker> ok
<jbrouhard> Why, got possible parts ?
<PanzerMKZ> dthacker I got two of them
<dthacker> I have to look it up
<jbrouhard> I also have an external 10-drive scsi hook-up :P
<dthacker> I get all these darn SCSI interfaces mixed up
<jbrouhard> i might sell that thing on ebay, but these 2U NetServers didn't go for anything, so I'm trying to find out if I can salvage them
<jbrouhard> hehe.. NP, dthacker
<PanzerMKZ> dthacker it is sca 80 pin
<PanzerMKZ> for the interface
<jbrouhard> if you ever want to meet up to exchange things, let me know
<jbrouhard> Omaha isn't that much of a drive, and I know my way up to I-80 easy
<jbrouhard> (Especially Bellevue, Nebraska...)
<dthacker> We're having an installfest Saturday, if you're bored
<dthacker> http://www.olug.org
<PanzerMKZ> well darn yall
<jbrouhard> I teach SHARP seminars saturday.  sorry
<jbrouhard> (Sexual Harrassment, Assault and Rape PRevention)
* jbrouhard is a 2nd Degree Black Belt and Certified Instructor for St. Joseph ATA Martial Arts
<PanzerMKZ> dthacker if you getting rid of scsi drives once jbrouhard picks them I could swing shipping
<dthacker> We also have a salvage dealer in town.  http://www.reboottheuser.com (I'm not affiliated, just a satisfied customer)
<PanzerMKZ> yea I work for a computer salvage in alabama
<dthacker> time to go for now.  chat with you both later.....
<PanzerMKZ> later
<jbrouhard> later.
<jbrouhard> keep in touch, dthacker
<CharlieSu> What is the difference between the alternate and server CD?  I'm building a headless server that is a mythtv backend, webserver, DB server and SVN server.   What is best for me?
<mathiaz> CharlieSu: you could try the server CD.
<CharlieSu> mathiaz: Is that much different than the Alternate CD?
<mathiaz> CharlieSu: yes.
<CharlieSu> Would you either tell me or point me to a good URL please?  I appretiate it 
<mathiaz> CharlieSu: it comes with a specific set of tasks (bind9, LAMP)
<mathiaz> CharlieSu: http://www.ubuntu.com/getubuntu/download
<CharlieSu> mathiaz: so if i'm going to customize services is alternate better?  I just don't want X running basically
<mathiaz> CharlieSu: the server cd won't install X by default.
<CharlieSu> mathiaz: will the alternate?
<CharlieSu> i just don't understand what the alternate one is for
<ajmitch> it's an alternate way of installing the ubuntu desktop
<mathiaz> CharlieSu: in your case, it seems that you wanna install a server.
<mathiaz> CharlieSu: so the server cd may be better
<CharlieSu> ok thanks..  if i use the server CD there is no reason I can't install desktop functions later on with apt-get on it is there?
<CharlieSu> And does it have support for Software Raid1 ?
<mathiaz> CharlieSu: You'll be able to install desktop software with apt-get
<CharlieSu> thanks mate!
<mathiaz> CharlieSu: the server cd has just a different list of packages on the cd.
<mathiaz> CharlieSu: once it'S installed, you'll have access to the whole ubuntu repository.
<CharlieSu> does it have RAID 1 support?  
<CharlieSu> software
<mathiaz> CharlieSu: I think that the manual partitionning mode has support for RAID1. Not surethough.
<CharlieSu> k thanks dude
<ajmitch> it does, but not the 'fakeraid' supplied by a modern BIOS
<CharlieSu> ok..  thanks.. i want software raid..  mdstat stuff
<ajmitch> that is supported
<dizzaniix> i have a ubuntu server 7.04 running bind 9....
<dizzaniix> when i ping by hostname...to a domain that is being handled by the bind9 box its slow
<dizzaniix> when i ping by ip  its fast and normal
<dizzaniix> any ideas?
<dizzaniix> PLUS...i can't ping nor do any lookups from the box itself...i have verified that bind is running
<dizzaniix> and i can dig the box and it shows the records etc
<dariuskane> EVening all..... anyone awake?
<pmjdebruijn> yeah
<dariuskane> Heya cool....
<dariuskane> Ive installed ubuntu server and trying to manages some of the packages and Ive hit a few snag Im hoping to get some tips on
<dariuskane> Ive installed ubuntu on an old pc Ive been using as a server.. no wireless no irda no palm pilot blah blah blah
<dariuskane> Im trying to clean up and remove all the junk I dont want and dont need
<CuriosCat> Hi all
<CuriosCat> So...Ubuntu server does not permit ssh in after a default install?
<dariuskane> nope I got stuck with that too.. have to install it
<CuriosCat> I thought I selected the ssh option in there somewhere
<CuriosCat> Oh well
<CuriosCat> Guess I'll have to wait until tomorrow to work on this server :P
<dariuskane> I try to remove a few packages like... ppp, wireless tools, irda tools and for some unfathomanble reason it wants to remove all my ubuntu-desktop and ubuntu-standard
<dariuskane> just need apt-get install openssh
<CuriosCat> yeah -- but I'm not driving to work just to type that one command :)
<dariuskane> lol ya well thatd be the only snag.. I jsut had to walk downstairs
<CuriosCat> Heh, yeah
<CuriosCat> Well, I've traditionally run Fedora on my servers
<dariuskane> IVe run slack for the last 10 yrs :P
<CuriosCat> they used to be redhat, then we moved to redhat enterprise, then redhat enterprise got ridiculously expensive.
<CuriosCat> so I was like...centos or fedora? And I picked fedora just because I don't want to run 10-year-old versions of software with 55,000 custom patches
<CuriosCat> (which incidentally used to be my objection to debian. They have two versions: unstable and obsolete)
<dariuskane> I tried the new fedora 7.... scary... so bloated like MS
<CuriosCat> yeah, it is bloated.
<CuriosCat> I started running Ubuntu on my two Linux workstations a while back
<CuriosCat> the 6.06 LTS release, specifically (whatever codename that had)
<CuriosCat> and I was excited when they released a server version, but I haven't deployed it anywhere yet
<dariuskane> the new package management systems for deb redhat etc... they arent quite what I expected...some of the stuff makes no sense at all
<CuriosCat> needed a mail server, went to put Fedora 7 on a dell PowerEdge 1850, found out the damn thing only had a CD-ROM drive
<CuriosCat> so instead of burning six fedora CDs, I figured I'd give the 7.06 ubuntu-server release a try
<CuriosCat> well, yum made rpm a LOT easier to work with
<dariuskane> you can install fed 7 from a cd to boot and run the installer and copy all the pkgs from the net like I did
<CuriosCat> it's like aptitude for rpms
<CuriosCat> I could, but that's also a hassle
<CuriosCat> and fedora 7 has another disadvantage: Next year it'll be obsolete with no updates or anything
<CuriosCat> that works for me; I like to be on the bleeding edge
<dariuskane> ya new version every 6 months is kinda fast
<CuriosCat> but for production servers, I'm slowly learning to be conservative
<CuriosCat> updating 60 machines every six months is a lot of work. :P
<CuriosCat> the current LTS release, however, doesn't feel quite polished enough to me
<dariuskane> for users 6 mths is great.. newest and greatest... for corporate not so much... stability first
<CuriosCat> I'd like to start moving new servers to ubuntu, but I think I'm going to wait for the next server LTS release
<CuriosCat> this one box is 7.06 (which is not LTS), but it was kinda gonna be my trial box for ubuntu-server
<CuriosCat> Not being able to log in is a bit annoying, but I guess you could say it's secure out of the box ;)
<dariuskane> well kinda like buying a new car and the dealer locks the keys inside and says... see its secure.. nobody can steal it
<CuriosCat> My dealer did that, actually.
<CuriosCat> but for a different reason
<CuriosCat> to show off the (horribly insecure) keypad entry
<dariuskane> lol
<CuriosCat> (my car has a five-button keypad you can use to unlock it. The code is five digits)
<dariuskane> kinda limited posibilities
<CuriosCat> by my calculations, that means anyone that can stay by my car long enough to try 3125 combinations will get in.
<dariuskane> can numbers be duplicated?
<CuriosCat> yes
<CuriosCat> they try to claim the keyspace is 10 digits
<dariuskane> would be faster then... the wear on the numbers wont be even and could.. with abit of thought narrow the possibilities much faster
<CuriosCat> but there's two digits per key, and the system can't distinguish which digit you entered
<CuriosCat> that makes it five digits to me.
<CuriosCat> that's assuming there's a lot of wear
<CuriosCat> most people use keyless entry most of the time, and the keypad rarely if ever
<CuriosCat> (most ford owners I know don't even know the combo to the keypad on their own car)
<CuriosCat> there's convenience in it though
<CuriosCat> e.g. i can go to the beach, deliberately lock my keys in the car and not worry about people stealing them while I'm out swimming
<dariuskane> well nothing is foolproof.... if someone is determined enough they can do anything
<CuriosCat> Yeah, but a six-digit code or a few more keys on the keypad would've helped considerably :0
<CuriosCat> that would've put a brute-force attack beyond feasibility, because the codes have to be entered manually
<CuriosCat> I wonder if there's a lockout after X number of incorrect attempts, or at least a delay before you can try again. Knowing the history of automotive security, I doubt it ;)
<dariuskane> thatd be too logical :P
<dariuskane> but I bet you can pry off the keypad to get to the wires underneath and have a palm run the sequence fast :)
<CuriosCat> Sure, but at that point, you might as well bust open a window 
<CuriosCat> prying off keypad = forced entry
<dariuskane> stranger things have happened
<CuriosCat> Oh, not saying it's not possible.
<CuriosCat> but then I'd at least get something on the insurance
<CuriosCat> heh
<dariuskane> looks like Imight have to send ubuntu to the graveyard too....shame its promising
<CuriosCat> how come?
<dariuskane> its suffering some bloat though not nearly as much as fedora... and some package I want to get rid of I cant
<CuriosCat> which package?
<dariuskane> like ppp, wireless tools, irda tools... its keeps listing ubuntu-desktop as a dependancy
<CuriosCat> on a server, do you need ubuntu-desktop?
<dariuskane> technically no... but seeing as much of the effort is in gui tools... and its been pretty stable and quick... and who knows what else that might break
<dariuskane> fedora suffered some of the same problems.... I tried to remove wireless tools and it removed half of the gnome desktop and I had to reinstall to continue evaluating
<dariuskane> I was hoping to find someone who had worked on the package management to help me sort those dependancy issues out... cause they really dont make sense...
<dariuskane> why woudl ubuntu-desktop depend on ppp???
<CuriosCat> dependencies are retarded in most packaging systems
<CuriosCat> about the only way around that is something like gentoo
<CuriosCat> the simple answer is that ubuntu-desktop depends on ppp because the author of that package decided it should
<CuriosCat> the reasons may range from lunacy to laziness (e.g. "ubuntu-desktop has a tool that configures PPP, and it would break if the PPP package isn't installed. Instead of fixing the tool, I'll just add a dependency."
<dariuskane> and since I have no modem or plans for vpn... theres no reason to have ppp on the server and leaving it there would be leaving a back door open for someone else to bring up a link exposing everything else
<CuriosCat> but if you're looking for a distro that doesn't have silliness like that, you'll be looking for a long, long time
<dariuskane> kinda why Ive been running slackware for the las 10 yrs and building my own binaries :P
<CuriosCat> heh
<CuriosCat> slackware has its share, I'm sure
<kraut> moin
<dariuskane> I found a few that came close
<dariuskane> slack... the package management is pretty primitive... so everyone builds from source in most cases :)
<dariuskane> linuxfromscratch is an interesting project I might look into
<dariuskane> compiling your own complete distro from source... starting from the kernel all the way up
<CuriosCat> that's basically what gentoo is
<CuriosCat> except it has build scripts to do all the hard work from you
<CuriosCat> however, keeping ONE LFS system running is a full-time job
<CuriosCat> more than one, not really feasible :P
<dariuskane> ya Ive seen abit about gentoo... might look at that too.... but with a basic gentoo install you have a place to start...
<CuriosCat> (unless you cheat and rsync them all :)
<dariuskane> heh
<dariuskane> well my current pet project is the complete reinstall of my own home server with all the latest tools and patches and toys to help take me to the next set in my web develoment and admin stuff.... something I hope to be able to confiure and recommend for small business clients in the future.... so trying to do it right the first time :)
<dariuskane> and for it to be right... package management has to be good
<CuriosCat> Ah, perfectionism
<dariuskane> well as close as I can get and not be swearing and pulling my hair out :)
<dariuskane> then again if Id settled for anything less Id be running MS Exchange and SQL servers instead of postfix and mysql :)
<ubnuu1> Hi
<CuriosCat> I'm running MS Exchange because postfix (or exim, my mta of choice) can't do calendars, address books, task lists and all that other PIM stuff
<dariuskane> Theres always an alternative :) even writting your own php webapp :P
<qman> I can safely say, from first hand experience, I'll do everything in my power to never be an Exchange admin.
<dariuskane> hehe if it werent for games I play online Id never touch windows again with a ten foot pole
<qman> same here, honestly
<qman> server 2003 isn't all bad, until you try to get it to do something
<dariuskane> once I get a proper server setup Im thinking of converting my laptop and then chopping off all the pieces of windowsxp I dont need and run as fast and small and lean as possible for games and say screw it to the rest
<qman> it likes to have mysterious problems that are not found in any logs and are completely undocumented
<qman> where the solution, straight from Microsoft, is "format the system"
<qman> in more, nicer words
<dariuskane> oh its documented.... its been sent back to MS marketing so they can sell you their latest courseware on how to run the server :)
<qman> I've got the courseware, actually...I'm Microsoft certified for server 2003
<dariuskane> see it worked!
<dariuskane> heh
<qman> if Exchange has a serious problem, the solution is to reformat, plain and simple
<qman> no repair instructions or tools
<dariuskane> coincidentally enough its the solution for all MS product problems
<qman> yes, although this is the first time I've encountered them admitting it
<dariuskane> its only an admission if they put it in writting 
<qman> it's pretty sad when your own certified professionals would rather use competing software
<dariuskane> thats the thing with the axis of evil... they know you have no choice in the end
<qman> my long term goal is to get degrees in both microsoft and linux...hopefully it'll get me in the door first
<CuriosCat> qman: Well, I'm a little luckier.
<CuriosCat> qman: I'm not an Exchange admin.
<CuriosCat> I delegated that task to my sysadmin :)
<qman> hehe
<CuriosCat> There's a lot of things about going into management I don't like, but not having to do the annoying jobs myself is good :)
<lcdd> better MTAs can be used as relays to protect the internet from internal exchange servers :)
<CuriosCat> and we do that.
<qman> one of these days I need to get around to learning postfix...I tried sendmail once, and that didn't turn out so well
<CuriosCat> why would you want to torture yourself with sendmail?
<dariuskane> sendmail isnt an MTA... its a artform :)
<CuriosCat> it's pure garbage
<CuriosCat> I mean, sure, sendmail is super-powerful
<dariuskane> mostly post modern cubist art :P
<qman> heh, I was just getting into linux at the time, and getting in way over my head, as usual
<CuriosCat> unfortunately, making sendmail.mc do what you want is probably more complex than writing your own MTA in C.
<CuriosCat> heck, making it compile properly isn't even straightforward
<CuriosCat> (how many pieces of software do you have whose config files need to be COMPILED)
<qman> not many
<dariuskane> oh I dont know I manually configure my share of sendmail configure and compiles.. worked out well
<CuriosCat> dariuskane: I did my share once. Then came postfix, and later exim.
<CuriosCat> I run exim on all my personal stuff now, as well as on several corporate machines.
<CuriosCat> never looked back.
<qman> a friend was trying to get asterisk set up...I took one look at it, and walked away--too many config files
<CuriosCat> heh
<CuriosCat> asterisk is a bit confusing to me
<dariuskane> sendmail was a challenge..... come see me next week when Im done with the sendmail config :)
<CuriosCat> but if you look at the config files, it's at least manageable.
<CuriosCat> dariuskane: sendmail is the type of thing that makes me sympathize with people who claim computers are hard to use.
<CuriosCat> :P
<dariuskane> lol those people never went near a sendmailcf :P
<CuriosCat> Wouldn't have mattered.
<CuriosCat> I don't think my mom could tell sendmail.cf apart from an ASCII view of bzImage
<dariuskane> lol
<CuriosCat> (just to pick an example of a computer-illiterate person)
<dariuskane> damn it these Klotski puzzles are addicting :P
<qman> I've beaten them all once, but for some reason, I can't reproduce most of them
<qman> just the first couple
<dariuskane> a few of them are real headscratchers
<sytner> hello i was wondering if someone could help me with an update problem on ubuntu server 7.04?
<coNP> !ask | sytner 
<ubotu> sytner: Don't ask to ask a question. Just ask your question :)
<sytner> ok sorry its new to me but anyway i have 65 updates waiting to be installed but everytime i click install updates it goes to checking for updates and then back to the updates avaialble screen
<ScottK> sytner: Are you updating or upgrading?
<ScottK> Updating updates your local package data to know about the upgrades.
<ScottK> Upgrading actually installs the upgrades.
<sytner> its updating not upgrading
<Nafallo> hi!
<Nafallo> anyone used to 3ware please?
<Nafallo> hi dendrobates :-)
<bddebian> Hey folks
<bddebian> Could anyone help me with figuring out what to do with all the packages that are failing on postinst trying to connect to mysql on /var/run/mysqld.lock?
<sommer> which program is it?
<sommer> failing?
<bddebian> There are tons
<bddebian> simba is 1 example
<sommer> is mysql running?
<bddebian> Not as far as I can tell.  there is certainly no /var/run/mysqld/mysqld.lock
<bddebian> simba for example only deps on mysql-common though
<sommer> Do you have a line like: socket          = /var/run/mysqld/mysqld.sock ; in your /etc/mysql/my.cnf?
<bddebian> This is a fresh install of all of these packages
<sommer> It may be that mysql is only listening on 127.0.0.1 also.  You might try placing the actual IP in my.cnf.
<bddebian> I don't want to fix it for myself, I want to fix all of these broken packages in Universe
<sommer> ah...not sure how much help I can be with that.
<bddebian> OK, thx
<sommer> not a MOTU yet myself
<bddebian> Well I'm supposed to be :)
<sommer> did you mean to ask that in MOTU?
<bddebian> No, I have asked in there and -devel.  I am an MOTU trying to figure out how to fix all of these packages
<bddebian> There are at least a dozen bugs filed on LP for this issue
<sommer> ah...I'd think you'd need to repackage all the programs that look for that mysqld.lock file in that location.
<sommer> or symlink it to the actual socket file.
<ScottK> bddebian: Where is the lock file?
<ScottK> Does it exist at all at this point?
<bddebian> NOpe
<tck> by setting the nproc n in /etc/security/limits.conf should ulimit not pick that up straight away?
<bddebian> sommer: Do you know if we put it somewhere else?  mysql usually puts it in /etc/mysql.lock but Debian puts it in /var/run/...
<ScottK> IIRC mysql needs some manual magic before it runs.  
<bddebian> Well it should at least fail gracefully and warn the user I think
<ScottK> But I don't admin mysql, so I really have no idea.
<sommer> bddebian: It puts a socket file in: /var/run/mysqld/mysqld.sock
<ScottK> Agreed.  I'd think there would be policy on this.
<sommer> I'm not sure if it's the same as the lock file though.
<ScottK> Not the same.
<bddebian>  .sock is what I mean, not .lock, sorry
<ScottK> Ah.
* bddebian can't type
* ScottK bets mathiaz knows.
<sommer> then it looks like it's moved into the mysqld subdirectory.
<ScottK> Which is policy-wise the right answer.
<sommer> so do you change mysql?  or the other packages?
<bddebian> Well /var/run seems like a bad place with initramfs but that's way over my head
* ScottK says the other packages, but thinks mathiaz is thr right person to know.
<ScottK> thr/the
<bddebian> What TZ is mathiaz in?
* mathiaz is reading the backlog
<mathiaz> bddebian: hum.. what's the problem exactly with universe packages %
<mathiaz> bddebian: ?
<mathiaz> bddebian: so I understand correctly, there are package in universe whose postinst try to install something in the mysql database.
<mathiaz> bddebian: but they fail because they cannot find the socket for the running mysql daemon.
<ScottK> mathiaz: bddebian is probably at $WORK currently, so his attention my be intermittent.
<mathiaz> bddebian: correct ?
<bddebian> They all get this:
<bddebian> ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'
<bddebian> ScottK: Aye, thx
<ScottK> That's in the postinst, right?
<Nafallo> bbl, will get of the DC for now
<bddebian> ScottK: Aye
<sommer> Is it correct that when gutsy is released edgy is no longer support?
<ScottK> No
<sommer> when does edgy support stop?
<sommer> for security updates and what not.
<ScottK> IIRC around April 2008
<qman> I've got a couple systems still running edgy because I've been too lazy to back up and upgrade
<ScottK> If Dapper were not LTS, it'd go away ~Gutsy release.
<ScottK> But since it is, it won't.
<sommer> ya I figured Dapper'd stay around, but wasn't sure about edgy.
<sommer> thanks ScottK.
<bddebian> mathiaz: Any thoughts?
<mralphabet> sommer: support for non LTS is 18 months after release
<dantalizing> bbdebian, sorry if this is a stupid question, by you have mysql-server installed?  simba package only has mysql-client as a dep
<sommer> mralphabet: ah...thanks.  I was thinking it was based on release for some reason.  
<bddebian> dantalizing: That's not a stupid question.  It's a packaging issue.  If it expects mysqld.sock to be there shouldn't it depend on mysql-server?
<dantalizing> yes
<dantalizing> i just tried to install simba on a vm...thought i had mysql-server already there, but apparently didnt, and of course got the .sock error
<mathiaz> bddebian: yes. mysqld.sock is only created when a mysqld is running.
<mathiaz> bddebian: so the packages should depend on mysql-server.
<ScottK> And a mysql server might not be local, so it might be better to ask a debconf question about where to find the server.
<mathiaz> correct. And you probably need to have the right username and password.
<bddebian> Of course it begs the question, does it really need mysql-server or should it just fail gracefully and alert the user that they need to configure it
<ScottK> Right.  Since the server need not be local...
<dantalizing> it looks like the config questions they're asking assume you'll use advanced (manual) config for non-local mysql and just assuming if you do the "automatic" config that you're using a local server
<dantalizing> but that is not stated anywhere
<mathiaz> bddebian: I guess it depends on the software. Some may require a mysql database to run, other not (ie they have different backends available)
<bddebian> There are a ton of packages like this, I find this really surprising
<mathiaz> bddebian: the postinst scripts should probably test if mysql.sock is there before asking information about configuring the database.
<ScottK> That makes sense.
<mathiaz> bddebian: if mysqld is not running, there is no point in trying to configure the database.
<bddebian> Exactly :-)
<dantalizing> if you abort from simba install and do dpkg-reconfigure, it asks you if you wish to use socket or tcp
<mathiaz> bddebian: it should issue a warning.
<dantalizing> but apparently does not setup
<dantalizing> the simba postinst is just writing the config file, but does no db setup
<bddebian> dantalizing: great.. :-)
<dantalizing> it asks you for a db name and db user, but expects them to exist
<bddebian> Great, I suck at scripting :-(
<dariuskane> afternoon folks.....anyone awake to help me sort out the package manager?
<ScottK> Maybe.  What's the problem?
<dariuskane> heya
<dariuskane> well is there a way to remove a package without removing its dependancies?
<ScottK> dariuskane: Do you mean packages that depend in it or things it depends on?
<dantalizing> apt-get remove
<bddebian> dpkg -r doesn't remove dependencies does it?
<dariuskane> there are several packages that have bad dependencies written into them.... like the ppp package...when I try and remove it it wants to remove among others the ubuntu-desktop package
<ScottK> Ubuntu-desktop is just a metapackage.  It can be safely removed.
<ScottK> bddebian: It will fail if there are rdepends installed.
<bddebian> Oh aye
<ScottK> dariuskane: The answer to your question is No, however.  That would break stuff.  If there are bad depends, file bugs.  Tag them packaging bitesize.
<dariuskane> well according to the descriptions ubuntu desktop is used to make sure things get upgraded properly later... looks like if I get rid of it upgrading wont work properly later
<ScottK> dariuskane: Yes.  You can remove it now and then re-install it before you dist-upgrade, but this is really off topic for #ubuntu-server.
<dariuskane> well I installed ubuntu server yesterday trying to sort this out... this isnt my first distro :)... if I reinstall ubuntu-desktop it will reinstall pp wont it
<ScottK> Yes it will.
<ScottK> This is, BTW, changed in Gutsy.
<ScottK> In Gutsy, metapackages install recommends by default and everything is recommends so you can remove stuff without the metapackage getting removed.
<dariuskane> gutsy is 6.08 and feisty is 7.04 correct?
<ScottK> 7.10
<ScottK> is what Gutsy will be.
<dariuskane> Ah ok I installed 7.04
<ScottK> That's the newest release.  Gutsy is still being developed.
<dariuskane> 7.10 would mean planned for october
<ScottK> Yes
<dariuskane> well thanks for the help... gutsy doesnt seem to be ready to check out for what I need yet...and fiesty package management is too big of a problem for postinstall suport and security
<ScottK> dariuskane: What do you mean postinstall support/security?
<dariuskane> if the package manager forces me to leave the ppp wireless irda tools installed because removing them would break the update procedure it leaves open too a number of unecessary security issues
<ScottK> dariuskane: Just because it's installed, it doesn't have to run.
<dariuskane> Im aware... been running slackware for the last 10 yrs :)
<ScottK> Agreed it's not ideal and that's why it was changed, but Ubuntu installs by default with no open ports.
<ScottK> So the risk of extra stuff installed is minimal/none.
<dariuskane> right now my pet project is to explore other distros to be able to install and reconfigure is such a way as I can recommend it to a small business... so security and ease of maintenance are top of the agenda
<ScottK> The Debian package management system is, in some respects, very inflexible, but that inflexibility is often a strength.
<ScottK> Right.
<ScottK> With a Debian derived distro it's pretty hard to get your system into an unusable configuration unless you just randonly delete stuff.
<ScottK> I've never uses Slackware myself, but I think package management, in general, is much more structured/stable/safe in Debian distros than in rpm distros.
<dariuskane> slackware package management is kind of primitive :) I susualy stick to compiling my own binaries and kernels... part of its strength
<dariuskane> damn my fingers arent cooperating today... damn spelling
<dariuskane> compiling binaries isnt very easy to support post install so Im trying to find the right solution I could endorse
<bddebian> dantalizing: Are you still around?
<dantalizing> i am
<bddebian> dantalizing: Do you still have simba source handy?  I'm curious if I should skip the dbc_go simba part too if mysqld.sock doesn't exist
<ScottK> dariuskane: I'd suggest that Debian package management isn't ideal, but probably the best there is for non-technical users.
<dantalizing> from what i could tell, you can .... then just do dpkg-reconfigure later
<dantalizing> it will ask you if you want socket or tcp
<mathiaz> dariuskane: you said you were looking into distro to recommend for small buisness.
<dariuskane> indeed I did mathiaz
<mathiaz> dariuskane: what's missing from ubuntu in your view ?
<dantalizing> if you have mysql-server on the same server, you should just set it up first with a username and database
<dantalizing> and then go through the simba install
<dariuskane> actually in general I like it... its fast.. sufferes much less bloat then fedora 7
<bddebian> Thanks dantalizing
<dariuskane> its got a large active community and documentation
<dantalizing> bddebian: np
<dariuskane> but the issue at the moment is the package management and upgrading is restrictive
<mathiaz> dariuskane: what do you mean by "upgrading is restrictive ?"
<dariuskane> there are other features Im looking for such as selinux support which I havent gotten to yet
<mathiaz> dariuskane: gutsy will come with apparmor
<dariuskane> mathiaz, well the problem Iw as just talking to ScottK about... some packages installed by default such as ppp wireless and irda tools I want to get rid of but other packages prevent me from removing them
<ScottK> It's the metapackage removal problem he's talking about.
<mathiaz> !webmin
<ubotu> webmin is no longer supported in Debian and Ubuntu. Please avoid using it.
* mathiaz is testing the ubotu
<dariuskane> I looked at trustix and webmin
<dariuskane> their installer is broken
<dariuskane> at least on the machine I ran it on
<ScottK> leonel: Have you looked at this http://lwn.net/Alerts/245407/ squirrelmail issue yet?  Is it one we need to get a fix out for?
<leonel> ScottK: Yes I've seen and  it's the pgp  plugin  is not included in ubuntu   or  I haven't found it in Ubuntu 
<ScottK> Great.  Thanks.
<bddebian> Does this look stupid?
<bddebian> Setting up simba (0.8.4-4) ...
<bddebian> W: Database server does not appear to be running!
<bddebian> W: Please try dpkg-reconfigure simba to configure the package.
<ScottK> It's better than falling over and dieing.
<bddebian> that almost sounds supportive :)  What would be better?
<ScottK> The postinst does whatever magic dpkg-reconfigure does.
<bddebian> That won't help without a database server installed
<mathiaz> What do you think about the following factoid for webmin :
<mathiaz> webmin is no longer supported in Debian and Ubuntu. It doesn't play well with the packaging system and tends to overwrite and corrupt configuration files.
<mathiaz> ?
<sommer> looks good to me.
<sommer> maybe add something about using ebox instead?
<mathiaz> I can't find ajmitch suggestion from a couple of days ago.
<sommer> if that's the recommended alternative.
<mathiaz> I've looked throught the log, but can't find it.
<ajmitch> mathiaz: hm?
<ajmitch> about webmin?
<ajmitch> 12:59 < ajmitch> "webmin is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system"
<mathiaz> ajmitch: yeah. that was it.
<mathiaz> ajmitch: thanks. I'll update the factoid.
<mathiaz> I'll replace the factoid with:
<mathiaz> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system
<mathiaz> what do you think about ^^ ?
<bddebian> Later folks, thanks again mathiaz, dantalizing, and ScottK
<mathiaz> !webmin
<ubotu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system
* mathiaz :)
#ubuntu-server 2007-08-18
* Starting logfile irclogs/ubuntu-server.log
<JanetFLorida> can anyone suggest how I resolve the memory leak in the repository version of dansguardian? it is a known bug, a new source version repairs, i just don't know how to make it ...
<ScottK> What version?  What release are you running?  What version fixes it?
<JanetFLorida> i'm trying to compile 2.9.9.0, unsuccessfully
<JanetFLorida> i think repository has ver 2.7 or 2.8
<ScottK> What release of Ubuntu are you running?
<JanetFLorida> 7.04
<JanetFLorida> actually, somebody suggested i to a build-dep, which seems to have resolved my compile probs...
<ScottK> Gutsy and Debian unstable have the same upstream version (2.8) and the bug fixes between the Feisty and Gutsy versions do not seem to have anything regarding memory leaks.
<ScottK> JanetFLorida: What build dep?
<JanetFLorida> dansguardian
<JanetFLorida> apt-get build-dep dansg....
<ScottK> Ah, that installs the build dependencies for dansguardian.  Yes, you'd have to do that.
<JanetFLorida> i'm lerning :)
<ScottK> No problem.
<ScottK> At this point then I think there isn't a lot more that I can do to help.  It'll either work or not.  Good luck.
<JanetFLorida> i guess i have to point it to a correct install dir...
<ConfidentiaL> When I'm setting up a server, do I really need swap-space?
<ScottK> Yes
<ScottK> Is there a reason you don't want it?
<ScottK> Actually, I guess you don't NEED it.
<ConfidentiaL> cuz the harddisk I'm using is 2gigs... :/
<ConfidentiaL> and I have plenty of memory
<ScottK> Ah.  Well then no, you don't need swap.
<ConfidentiaL> but I dont get errors or something if I install without having a swap partition?
<ScottK> I'm not sure as I've never tried to install without swap.
<ScottK> I'd suggest give it a go and see what happens.
<ConfidentiaL> ok, I'll try without the swap then...
<qman> depending on the situation, swap space isn't required...I've got a couple machines with no swap partitions
<qman> both of which have 2GB of RAM
<qman> without X, I don't see why you couldn't run without swap on 512MB, depending on which services you're running
<BFTD> I say if you have a gig or more of ram, swap is not needed, unless you have a gui installed
<ConfidentiaL> I did the server install first without the swap, and I got some nasty errors. Then I tried with like 150mb of swap, and everything went much smoother. I'ts not that big a deal when I am using only 150mb for swap, so I couldn't be bothered trying anymore... I have somewhere above 512mb of RAM on it tho...
<jbrouhard> dthacker you here ?
#ubuntu-server 2007-08-19
<yotux> I install squirelnmail and there is not link in /var/www
<yotux> how can I fix this?
<Level15> hey
<Level15> my 606 LTS is holding back a kernel update... any particular reason?
<ScottK> try dist-upgrade.  It'll probably pull in a new kernel package.
<Level15> will do
* Starting logfile irclogs/ubuntu-server.log
<kraut> moin
<ConfidentiaL> how can I make for example lampp start automatically on boot?
<nealmcb> ConfidentiaL: it should do that after a normal install - what have you done and what seems to go wrong?
<ConfidentiaL> well, I installed lampp after I installed ubuntu, and I have to manually start it every time I need to reboot...
<nealmcb> lampp has lots of parts - what seems to not be running and how do you start it?
<nealmcb> ConfidentiaL: Seriously good guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html
<nealmcb> how did you install it, what version, what error messages, etc....
<ConfidentiaL> installed it from apachefriends.org version 1.6.3. No error messages, I just need to manually start it every time...
<nealmcb> ConfidentiaL: you'll get much better operation, support and security if you use the ubuntu packages rather than installing a binary from a site like apachefriends.org.
<nealmcb> !lamp | ConfidentiaL
<ubotu> ConfidentiaL: LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<ConfidentiaL> thanks
<nealmcb> if you install it the normal way on ubuntu, it will start up just fine
<nealmcb> I never heard of apachefriends.org before and their advice looks pretty bad....
#ubuntu-server 2008-08-11
<owh> Hi all, has vmware-server for hardy been released yet?
<owh> I've looked through the partner repository and I cannot seem to locate it.
 * owh pokes nijaba in the eye with a fish.
<Lokky> Ã¤ÃÃÃÃÃÃ ÃÃÃÃÃÃÃ ÃÃÃÃÃ ÃÃÃÃ! Ã´ÃÃ ÃÃÃÃÃ ÃÃÃÃÃÃ Ã samba!        Hi all!   I need help by samba, pls!!
<kirkland> nxvl: you were looking for me?
<nxvl> kirkland: yep
<kirkland> nxvl: what up
<nxvl> kirkland: i was wondering, how will the Encrypted Private Directory handled on the upgrade process from hardy to intrepid
<kirkland> nxvl: not sure yet, we're still discussing it
<nxvl> or people will need to reinstall to use it
<kirkland> nxvl: definitely not reinstall
<kirkland> nxvl: it'll probably be two commands...
<nxvl> yep, because the policy said you can't touch user dirs
<kirkland> nxvl: apt-get install ecryptfs-utils
<kirkland> nxvl: ecryptfs-setup-private
<nxvl> kirkland: if you don't include them as dependency of (for example) ubuntu-desktop
<kirkland> nxvl: we added it to the server seed
<kirkland> nxvl: i think we're going to create a Private directory, perm it 700, and drop a symlink in there that points to ecryptfs-setup-private
<nxvl> but on desktop the server seed isn't used as far as i know
<kirkland> nxvl: right, this isn't finalized yet
<nxvl> so, the current state is "need discussion/work"?
<ScottK> lamont: If the convention over yet and did you get a chance to look at my scripts?
<A|ysum> hello - I was wondering whether it's possible in a root crontab to redirect STD Output to /dev/null but NOT the errors and warnings so that I get an email about it ? thanks
<hads> command > /dev/null
<A|ysum> sorry I meant the opposite....
<hads> http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-3.html
<A|ysum> actually what I said first was right - Ive made a script that triggers an error yet Im not getting any rmails with the command > /dev/null
<A|ysum> doesn;t seem to be possible to split boths
<stgraber> so that's because your script doesn't use stderr otherwise > /dev/null would give you only the errors
<stgraber> http://paste.ubuntu.com/36363/
<A|ysum> nice example lol
<A|ysum> i suppose I should find out first how those php functions react with stderr, maybe warnings arent stderr
<Chipzz> chipzz@makker:~$ cat test
<Chipzz> #!/bin/sh
<Chipzz> echo out
<Chipzz> echo err >&2
<Chipzz> chipzz@makker:~$ ./test 2>&1 >/dev/null
<Chipzz> err
<Chipzz> (order of 2>&1 and >/dev/null IS important; swap them around and you won't be getting any output at all)
<A|ysum> ok let me decypher this :)
<hads> It's covered in the link
<Chipzz> it will discard stdout and redirect stderr to stdout
<A|ysum> and the stdout goes to > /dev/null so we dont get naything at all dont we
 * A|ysum is lost
<Chipzz> stgraber: does cron mail stdout, stderr or both? I always get confused about that
<Chipzz> A|ysum: man bash
<stgraber> Chipzz: I'm not sure, I'd say it send both if something has been sent to stderr. I usually 2>&1 > /dev/zero and use real log files instead of mail
 * Chipzz wrestles bash a little and fails :P
<Chipzz> anyone intinamtely familiar with bash arrays present?
 * Chipzz wonders if the following is possible:
<Chipzz> #!/bin/bash
<Chipzz> a[0]="first element"
<Chipzz> a[1]="second element"
<Chipzz> for z in "${a[@]}"; do echo $z; done
<Chipzz> # Now how do you do this in a subshell???
<Chipzz> bash -c "for z in ${a[@]}; do echo $z; done"
<Chipzz> (moving the for loop out of the subshell would NOT be a possibility in my case)
<kgoetz> hi all. i'm trying to install calendarserver, and i'm getting a php backtrace. http://paste.ubuntu.com/36375/ does someone know a good place to ask about this?
<kgoetz> because its error refers to /var/spool/caldavd, i'm thinking it might be introduced by the debian patches, but i dont know any python to test the theory
<kgoetz> another question: does ubuntu hardy install suggests: by default?
<ScottK> kgoetz: No.
<ScottK> Not recommends either (except on meta-packages).
<kgoetz> ScottK: thanks. guess the error from calendarserver was harmless then
<kgoetz> for the logs: my python problem was a lack of xattr enabled on teh filesystem
<HellMind> Anyone succeded in installing chrootssh?
<kraut> moin
<dusty_> Hey guys I am running a copy of ubuntu 8.04 server, base install, i have install iptables yet it doesn't log to syslog, what could be stopping this ? i have kern.* /var/log/firewall - restarted syslogd, generated iptables traffic, but nothing gets written to the log ?
<thefish> dusty_: are you telling iptables to log?
<dusty_> of course
<dusty_> -j LOG --log-level 7
<dusty_> its bizarre and driving me mad
<thefish> ye wierd
<thefish> its not turning up in syslog is it?
<dusty_> nope
<dusty_> its not turning up in any logs
<dusty_> I turned on klogd and got this in kern.log:
<dusty_> Aug 11 00:18:13 stoned-hacker kernel: Cannot find map file.
<dusty_> Aug 11 00:18:13 stoned-hacker kernel: No module symbols loaded - kernel modules not enabled.
<soren> dusty_: Er... 7 is DEBUG.
<soren> dusty_: They're unlikely to get logged by default.
<dusty_> ok what shall i put it to
<soren> Depends. 0 wil most certainly get them logged.
<dusty_> iptables -A OUTPUT -j LOG --log-tcp-sequence --log-prefix "FIREWALL: OUTPUT PAC$
<dusty_> ok
<soren> ...but is not reall appropriate.
<dusty_> iptables -A OUTPUT -j LOG --log-tcp-sequence --log-prefix FIREWALL: OUTPUT PACKETZ:    --log-level 0
<dusty_> i changed to that
<dusty_> lets see
<soren> I'd probably do 4 (WARNING) or 5 (NOTICE).
<dusty_> Aug 11 00:18:13 stoned-hacker kernel: Cannot find map file.
<dusty_> Aug 11 00:18:13 stoned-hacker kernel: No module symbols loaded - kernel modules not enabled.
<dusty_> nothing gets logged dude
<LudeRacer> hello
<dusty_> soren, why wouldn't it log?
<LudeRacer> anybody here install ubuntu on dl380 g2?
<soren> dusty_: And you're sure this rule is matched?
<thefish> thats a pretty broad rule
<thefish> if its output
<soren> Um.. No.
<soren> It's at the end of the chain, so if something else matches, it won't trigger.
<dusty_> yes, soren i've tested it by flushing all rules and adding:  iptables -A INPUT -j LOG
<thefish> true
<dusty_> I have tested by adding this rule: iptables -A INPUT -j LOG
<dusty_> and only that rule
<dusty_> and still no logs get generated?
<soren> I don't know what the default log-level is.
<dusty_> i've tried with --log-level 4
<dusty_> let me try again
<soren> Try with 0. That'll get things logged for sure.
<dusty_> ok
<soren> ...and then adjust afterwards.
<dusty_> two secs
<soren> Default is 4 (WARNING)
<soren> Is it in dmesg?
<dusty_> soren, http://rafb.net/p/3YK1tU56.html
<dusty_> I tested by connecting via ssh and running an nmap scan
<dusty_> nothing was generated
<dusty_> but
<dusty_> if i run dmesg
<dusty_> its in there
<dusty_> IN=venet0 OUT= MAC= SRC=81.157.86.77 DST=78.129.229.34 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=62548 DF PROTO=TCP SPT=59229 DPT=22 WINDOW=220 RES=0x00 ACK URGP=0
<dusty_> IN=venet0 OUT= MAC= SRC=81.157.86.77 DST=78.129.229.34 LEN=100 TOS=0x00 PREC=0x00 TTL=47 ID=62549 DF PROTO=TCP SPT=59229 DPT=22 WINDOW=220 RES=0x00 ACK PSH URGP=0
<dusty_> root@stoned-hacker:~#
<dusty_> how come if i run dmesg its in there?
<dusty_> why is it not gettting logged to /var/log/firewall ?
<dusty_> how do i fix this now
<dusty_> im a little clsoer
<soren> You say klogd is running?
<dusty_> soren, no its not running at the moment:
<dusty_> root@stoned-hacker:~# ps aux | grep klogd
<dusty_> root      7253  0.0  0.2   3008   748 pts/0    S+   10:38   0:00 grep klogd
<dusty_> root@stoned-hacker:~#
<dusty_> soren, why is it going to dmesg if i cat /var/log/dmesg there is nothing in there, if i run the command dmesg i see the logs ?
<_ruben> dmesg shows the kernel messaging ring buffer .. which usualy is read by klogd and fed to syslogd
<dusty_> ok well i started klogd -s and it still does not output it into any /var/log file
<dusty_> any ideas ?
<_ruben> you shouldnt have to start klogd by hand, though .. perhaps your install is just botched
<dusty_> hrm well
<dusty_> can start it via /etc/init.d
<dusty_> this is the same for all 3 virtual servers i ahve
<dusty_> not a botched install
<_ruben> 3 botched installs then
<dusty_> nope
<dusty_> ill stat the kernel logger from init.d
<dusty_> how do i fix this
<dusty_> root@stoned-hacker:/home/dusty# ps aux | grep klog
<dusty_> root     10048  0.0  0.2   1776   544 pts/0    S+   10:55   0:00 /bin/sh /etc/init.d/klogd start
<dusty_> klog     10064  0.0  0.1   1716   400 pts/0    S+   10:55   0:00 /sbin/klogd -P /var/run/klogd/kmsg
<dusty_> klog     10065  0.0  0.0      0     0 ?        Zs   10:55   0:00 [klogd] <defunct>
<dusty_> root     10087  0.0  0.2   3012   752 pts/1    S+   10:55   0:00 grep klog
<dusty_> root@stoned-hacker:/home/dusty#
<dusty_> Aug 11 10:55:30 stoned-hacker kernel: Cannot find map file.
<dusty_> Aug 11 10:55:30 stoned-hacker kernel: No module symbols loaded - kernel modules not enabled.
<dusty_> thats in /var/log/kern.log
<_ruben> sure doesnt look healthy to me
<dusty_> ok so
<dusty_> how would one fix it
<dusty_> i can reinstall but the same thing happens
<dusty_> its a virtual environemnt
<dusty_> its a slice on an openvz host
<dusty_> i ahve reprovisioned the server a couple times, same effect.. so its not a botched install
<_ruben> no experience with openvz .. dunno how/it that interferes with its 'guests'
<_ruben> well .. perhaps the provisioning is flawed in some way
<_ruben> the fact that klogd turns into a zombie sure aint good
<dusty_> argh
<soren> dusty_: There's supposed to be a dd process ffeeding stuff from /proc/kmsg into klogd
<dusty_> ok
<soren> dusty_: I don't know where that could have gone.
<dusty_> so what do you suggest i do ?
<soren> Dunno. Figure out why it's not starting?
<dusty_> i've just removed and reinstall klogd/sysklogd
<soren> It's supposed to be started by /etc/init.d/klogd
<dusty_> yes
<dusty_> it takes ages starting it
<soren> Try starting it by hand and see what happens.
<soren> /bin/dd -b -m -- bs=1 if=/proc/kmsg
<dusty_> run that command ?
<dusty_> sommer, ?
<dusty_> soren, ?
<dusty_> look guys~: http://rafb.net/p/wNExwl27.html
<soren> dusty_: Yes.
<dusty_> what do i do from here
<soren> 10:06:34 < soren> Try starting it by hand and see what happens.
<soren> 10:06:35 < soren> /bin/dd -b -m -- bs=1 if=/proc/kmsg
<dusty_> root@stoned-hacker:~# /bin/dd -b -m -- bs=1 if=/proc/kmsg
<dusty_> /bin/dd: invalid option -- b
<dusty_> Try `/bin/dd --help' for more information.
<dusty_> root@stoned-hacker:~#
<soren> sorry, my bad.
<soren> /bin/dd bs=1 if=/proc/kmsg
<dusty_> that works
<dusty_> <0>IN=venet0 OUT= MAC= SRC=81.157.86.77 DST=78.129.229.34 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=53538 DF PROTO=TCP SPT=61114 DPT=22 WINDOW=922 RES=0x00 ACK URGP=0
<dusty_> <0>IN=venet0 OUT= MAC= SRC=81.157.86.77 DST=78.129.229.34 LEN=100 TOS=0x00 PREC=0x00 TTL=47 ID=53539 DF PROTO=TCP SPT=61114 DPT=22 WINDOW=922 RES=0x00 ACK PSH URGP=0
<dusty_> 77492+0 records in
<dusty_> 77492+0 records out
<dusty_> 77492 bytes (77 kB) copied, 5.66328 s, 13.7 kB/s
<dusty_> root@stoned-hacker:~#
<gene-r> i  set up a ubuntu server via samba for sharing  and store files in there, i would like to add a printer but i don't know how to do it. and is this is the best way to share files and store files(trough samba) or there is another?
<soren> dusty_: What about:
<soren> /bin/dd bs=1 if=/proc/kmsg of=/var/run/klogd/kmsg
<dusty_> just hangs there ?
<soren> no
<dusty_> root@stoned-hacker:~# /bin/dd bs=1 if=/proc/kmsg of=/var/run/klogd/kmsg
<dusty_> then it doesn't do anything
<soren> What makes you say that?
<dusty_> nothing is returned like in the last command
<soren> There's more to "doing" than "returning", you know.
<dusty_> ok so what should i be checking
<dusty_> soren, ?!
<soren> We wanted to see if that command worked. It seems to.
<dusty_> ok
<soren> dusty_: Calm down, please.
<dusty_> sorry
<dusty_> i have 3 servers like this im getting worried
<soren> So now you need to work out why the init script fails, when running dd from the command line works fine.
<dusty_>    # shovel /proc/kmsg to pipe readable by klogd user
<dusty_>     start-stop-daemon --start --pidfile $kmsgpidfile --exec /bin/dd -b -m -- bs=1 if=/proc/kmsg of=$kmsgpipe
<dusty_> thats what it runs
<dusty_> root@stoned-hacker:/etc# ls /boot/
<dusty_> root@stoned-hacker:/etc#
<dusty_> #  Use KLOGD="-k /boot/System.map-$(uname -r)" to specify System.map
<dusty_> #
<dusty_> KLOGD="-P $kmsgpipe"
<dusty_> there doesn't appear to be that file
<dusty_> and look what it errors with in kern.log:
<soren> Which file?
<dusty_> Aug 11 10:55:30 stoned-hacker kernel: Cannot find map file.
<dusty_> Aug 11 10:55:30 stoned-hacker kernel: No module symbols loaded - kernel modules not enabled.
<dusty_> the System.map-$(uname -r)
<dusty_> it says it cant find the map file
<dusty_> there isn't one in boot
<soren> That shouldn't matter.
<dusty_> oh
<dusty_> ok
<dusty_> i dont know then?
<soren> Don't know what?
<dusty_> i dont know why this isnt working then
<soren> Well, no. You wouldn't be here if you did, would you? :)
<dusty_> /bin/dd -b -m -- bs=1 if=/proc/kmsg of=$kmsgpipe
<dusty_> thats the dd command it runs
<soren> That won't work.
<soren> " -b -m" is for start-stop-daemon.
<dusty_>     # shovel /proc/kmsg to pipe readable by klogd user
<dusty_>     start-stop-daemon --start --pidfile $kmsgpidfile --exec /bin/dd -b -m -- bs=1 if=/proc/kmsg of=$kmsgpipe
<dusty_> yeah
<soren> Please stop pasting that.
<soren> I have the same file here.
<dusty_> sorry
<dusty_> there is not much in that file to go wrong ?
<dusty_> are you 100% sure it doesn't need system map
<soren> no.
<soren> ...but it's not klogd that is failing, is it?
<dusty_> well what is ?
<dusty_> klogd fails to start?
<dusty_> what is fialing then soren ?
<soren> dd, it would seem.
<dusty_> hrm
<dusty_> ok
<dusty_> so how do i fix it ?
<soren> I can't imagine why. Did you change the script at all?
<dusty_> want me to pastebin it?
<soren> have you changed  it?
<soren> Give me the md5sum first.
<dusty_> no i have not changed it, how do i find the md5sum ?
<soren> md5sum /etc/init.d/klogd
<dusty_> root@stoned-hacker:/etc# md5sum /etc/init.d/klogd
<dusty_> a670af296df67a3c3ad544ee5f5b5152  /etc/init.d/klogd
<soren> Doesn't match mine. Please pastebin it.
<dusty_> ok
<dusty_> http://rafb.net/p/2nu8WZ60.html
<soren> Does rafb.net offer raw downloads?
<dusty_> no idea
<dusty_> where would you prefer me to paste?
<soren> Anything but rafb, probably
<soren> !pastebin
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<dusty_> i could just cat /etc/init.d/klogd >> to my webspace ?
<soren> Whereever.
<dusty_> http://paste.ubuntu.com/36492/
<soren> Looks close enough.
<dusty_> hrm
<dusty_> soren,  http://paste.ubuntu.com/36497/ might be of some use ?
<soren> I don't know dude. I'd try stracing it or something.
<soren> That looks fine.
<dusty_> ok
<soren> I'd try "sudo strace -f -o foo.log /etc/init.d/klogd start", kill it after a while and then look at the parts relating to dd.
<dusty_> ok
<dusty_> hrm
<dusty_> http://www.fuckthegov.co.uk/foo.log soren take a look at that
<dusty_> there are a lot of no such file or directory
<dusty_> so im guessing im missing something ?
<soren> No, that's fine.
<soren> It looks like it worked fine.
<dusty_> hm
<dusty_> wtf
<dusty_> so what now ?
<soren> Don't know. right now, I'm suspecting openvz.
<soren> And I'm also going to lunch.
<dusty_> ok
<dusty_> what could be that openvz wont allow logging?
<_ruben> i'd contact the owner of that box to see if its a common issue or smth
<dusty_> i already have they are not aware of anything
<dusty_> but they dont know much themselves
<_ruben> scary
<dusty_> im tempted to reprovision the server to some other distro and see if it works on there
<dusty_> like centos
<dusty_> ok
<dusty_> just reprovisioned the sevrer with debian on
<dusty_> and it worked fine
<pschulz01> ti0tltp
<pschulz01> Evening all
<uvirtbot`> New bug: #256920 in nagios2 (universe) "nagios2 won't install/update" [Undecided,New] https://launchpad.net/bugs/256920
<sommer> morning
<ScottK> Yep.  Morning here too.
<kirkland> agreed
<sommer> kirkland: hey, the doc.u.c probably won't be updated for a while due to layout changes, but the raid section is up here: http://doc.ubuntu.com/~mdke/test/serverguide/C/
<sommer> just fyi :)
<kirkland> sommer: cool, thanks
<kirkland> sommer: i'll take a look
<sommer> kirkland: great, no big rush
<kirkland> sommer: hmm, first thing i notice is that that page doesn't contain the word "RAID"  :-)
<kirkland> sommer: what section?
<kirkland> sommer: ah, installation
<sommer> kirkland: ya, sorry advanced installation... I was thinking another advanced section would be lvm
<pwagner> Any zealots around? Trying to piece together an argument for 8.04LTS over SuSE LES for a webapp cluster deployment, but it my fire seems to die out after "I don't like YaST".
<Kamping_Kaiser> package management ftw
<Kamping_Kaiser> no licence tracking (dependintg on where the cluster is of course)
<Deeps> pwagner: debian :p
<_ruben> bah .. why does irssi clear ur scrollback when you get reconnected a server :/
<Deeps> i dont get that :/
<proppy> Hi, does this channel provide support for ubuntu-vm-builder ?
<zul> #ubuntu-virt I think
<proppy> thanks :)
<HellMind> Anyone succeded in installing chrootssh?
<lamont> ScottK: got home about 2AM last night
<lamont> ScottK: today is honey-do and recovery, I'll be catching up on -dev stuff tomorrow after work
<ScottK> OK.  Thanks.
<ScottK> lamont: I've got other stuff that's dependent on that, so ...
<LudeRacer> anybody here install ubuntu on dl380 g2?
<LudeRacer> ubuntu-server*
<Nafallo> LudeRacer: yes.
<LudeRacer> :D awsome i read around on the forum and tried some of the things they suggested but have been able to do it
<LudeRacer> do u have any links or anything i can read on how i may do it couse for me the install freezes
<Nafallo> ehrm. works fine for us.
<LudeRacer> what controller card?
<LudeRacer> smart array 5i?
<maswan> Just works for us too. Hm. Not sure we have done a ubuntu-installer install on them in modern days though.
<LudeRacer> a dl380 g2?
<LudeRacer> werid
<maswan> coudl be a g3, but I think we did g2s too.
<LudeRacer> i knw the g3 has no problem installing
<LudeRacer> its supported
<maswan> g2 is the p3 ones, g3 is netburst, right?
<LudeRacer> yes
<Nafallo> oh. actually dl385 g2s...
<maswan> let me go check the machine room. :)
<LudeRacer> hehe thanks
<LudeRacer> i been trying for weeks
<LudeRacer> reading
<Nafallo> yea. can't find a dl380 g2, just the dl385 g2s
<LudeRacer> yeh diff
<LudeRacer> this is a dl380R02
<LudeRacer> ie dl380 g2
<maswan> hm. none currently running, but we have a couple on a shelf and I'm pretty sure they have been booted up and poked around in.
<maswan> but then, we install through FAI
<lamont> ScottK: ok.  tomorrow it is
<ScottK> Thanks.
<LudeRacer> FAI?
<LudeRacer> over lan img program/?
<maswan> http://www.informatik.uni-koeln.de/fai/
<lamont> ScottK: meh.  /me has a 3:30 in town... so I'll get about 30 min in around 1830 UTC, and then more after that
<ScottK> OK.
<lamont> you'
<lamont> ll be around?
<ScottK> Should be.
<ScottK> I need to run to the bank at some point.
<maswan> LudeRacer: so I'm not sure I can help out very much. what version are you trying to install? hardy?
<LudeRacer> yes 8.04
<ScottK> lamont: You mean tomorrow?
<LudeRacer> i have also tried 7.10 to with no luck
<ScottK> lamont: No, I'll be offline during the day tomorrw.
<LudeRacer> also read around and black listed drivers durning install with no luck
 * ScottK will be doing data analysis onsite with a customer.
<LudeRacer> maswan,  think maybe you could please ask any co-workers if they have done so?
<LudeRacer> i got sum stuff i gotta try so ill be idle for a bit
<LudeRacer> if u could just shoot me a pm pls
<LudeRacer> thanks
<maswan> LudeRacer: is this repeateable on serveral dl380 g2s, or just the one?
<kirkland> zul: can you sponsor the patch attached to https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/255795 ?
<uvirtbot`> Launchpad bug 255795 in ecryptfs-utils "Gnome Screensaver doesn't unlock if ecryptfs is set in pam" [High,Confirmed]
<zul> kirkland: perhaps..
<zul> kirkland: done
<kirkland> zul: rock on, thanks!
<zul> np
<FreeSoft> Hola
<FreeSoft> Spanish?
<Nafallo> English
<FreeSoft> :(
<Nafallo> !es
<ubottu> En la mayorÃ­a de canales Ubuntu se comunica en inglÃ©s. Para ayuda en EspaÃ±ol, por favor entre en los canales #ubuntu-es o #kubuntu-es.
<FreeSoft> pero necesito ayuda sobre server :D
<Nafallo> I can't understand that.
<Nafallo> http://gizmodo.com/5035456/blue-screen-of-death-strikes-birds-nest-during-opening-ceremonies-torch-lighting
<maw_> someone please refesh my memory... where can I new environment variable be permanently added? For all users and scripts to make use of?
<mgdm> maw_: /etc/profile perhaps?
<nxvl> kirkland: thank you for select-editor!
<nxvl> no mora nano nightmare \o/
<kirkland> nxvl: ;-)
<nxvl> yesterday i saw it while using my intrepid VM
<nxvl> it's awesome
<kirkland> nxvl: did you, say, "Whoa, what's that?"
<nxvl> kirkland: exactly
<nxvl> kirkland: i was like "woohhoo, what's what, that's awesome!!"
<nxvl> i get really exited, i need to tell the true
<kirkland> nxvl: ;-)  glad you're in favor
<Eliab> i am setting up my vpn in ubuntu server when i run this command . ./vars i appear it no such file or directory
<Eliab> -bash :/whichopensslcnf :no such file or directory
<Chipzz> nxvl: why not just use update-alternatives ?
<dusty_> Can anyone tell me what is wrong here: http://rafb.net/p/xukEz028.html it doesn't log any traffic ?
#ubuntu-server 2008-08-12
<nxvl> Chipzz: i runed dch -i and it asked me what to use
<nxvl> Chipzz: that's why it's so awesomw
<nxvl> zul: ping
<Chipzz> nxvl: yeah but still, dpkg -P nano is way easier, shorter, and more permanent (and has more effect on other things beside just dch)
<Chipzz> but, whatever works for you :)
<nxvl> Chipzz: actually no, what kirkland has do is a script that manages dpkg --reconfigure
<nxvl> Chipzz: so it's the same
<zul> nxvl: yo
<uvirtbot`> New bug: #257153 in openldap2.3 (main) ""TLS: peer cert untrusted or revoked (0x82)" error in Hardy's version of ldap-utils" [Undecided,New] https://launchpad.net/bugs/257153
<jmazaredo> when i plug my ubuntu server my network gets problematic, gets connection time out, i tried changing the lan card but no avail. it is working before
<Karamon> Hello, when I run ( # named -g -p 53 ) it fails with "loading configuration: empty label"  .. I want to set up a local domain '.lan' and serve it for my dev server.  Are there some conf files that I can pastebin that would be helpful for troubleshooting?
<jmedina> Karamon: named-checkconf /path/to/named.conf
<Karamon> jmedina: Would it return something if something didn't check out?  I run that and I don't even get a empty line, just another system prompt.
<jmedina> mmm
<Karamon> (bash prompt, whatevah)
<jmedina> Karamon: could you pastebin your named.conf?
<Karamon> Sure
<Karamon> http://pastebin.com/de816730   the lines with ---s aren't really in the files, just to denote which file it is
<jmedina> Karamon: im not sure if you need a second tld inyour zone definition
<jmedina> not .lan
<jmedina> something like dev.lan
<Karamon> How would I access "http://foo.lan" from a computer in the network?
<Karamon> Or is that not allowed?
<Karamon> And wouldn't the conf checker return an error?
<jmedina> mm you mean foo as the host part?
<jmedina> or foo as the domain
<Karamon> foo would be anything I defined in my db.local file
<Karamon> test.lan, iloveubuntu.lan, bindsucks.lan
<Karamon> :P
<jmedina> Im not sure, I always worked with fqdn
<jmedina> never tried that
<Karamon> Well doing dev.lan did get named running then throw a whole bunch of errors about all the .lan domains I set up :P
<jmedina> Karamon: have you tried zone "lan"
<ajmitch> Karamon: you don't want to have the . prefix on .lan, it should work with just 'lan'
<Karamon> Ahh
<Karamon> Like magic
<Karamon> One little period (just like semicolons in programming)
<Karamon> Thanks!
<Hypnus9> Hi room. I am running ubuntu server *.04 on my desktop, and when I try to access it via ssh, I get a connection refused message. What would cause this?
<ScottK> Hypnus9: Did you install the ssh server?
<Karamon> Where are bind9 log files kept?
<Hypnus9> Yep. I have accessed it before from Windows vista, and from debian, but strangely enough, I can't access it when I am using Ubuntu desktop on my laptop
<Hypnus9> I'm not sure where the bind9 files are kept.
<jmedina> Karamon: they are sent to your syslog
<Hypnus9> where is the syslog kept?
<Karamon> Hypnus9: /var/log/syslog
<Karamon> I am getting "Could not reliably determine server's [FQDN]" how do I make apache see my FQDN?  Should I post /var/hosts for troubleshooting?
<jmedina> add the host to //etc/hosts
<Karamon> I'm sorry, thats what I meant >.<  I do have a /etc/hosts file and have ( I think ) populated it correctly -- http://pastebin.com/d4f4b2a3a
<jmedina> afaik, drake.lan is not an fqdn
<Karamon> Isn't it a FQDN if I set it up in bind? sorry that I'm a newb
<jmedina> not necesary
<jmedina> how is your /etc/resolv.conf
<jmedina> ?
<jmazaredo> whenever i plug my server to the network my network becomes unstable, changed lancard and i put it in private and public network. it affects both
<ScottK> I'd suggest trying to capture some data using tcpdump and see if it's doing anything unusual.
<jmazaredo> other than that any other?
<jmazaredo> seem all is fine
<kraut> moin
<J_5> is there a way to block an ip from my server?
<soren> J_5: Sure.
<soren> J_5: Check the ufw man page.
<gene-r> hi, does any one know about samba?
<gene-r> i installed ubuntu server for file share, but i need to make separate accounts for dif user, i dont want user see what other user store ther via samba. can some one helpme with a link or somthing, thanks
<gene-r> i have tried a lot of configuration add new users but i cant get it work good or is there another way of sahre files in ubuntu server/
<gene-r> r u in a meeting or something?
<thefish> anyone got hold of an eee box? (not the eeepc laptop)
<thefish> would make a nice little low power home server
<edmoore> thefish: agreed. though i just built a more powerful mATX box for about the same money
<thefish> edmoore: mind giving some details? I want a low power nas box for around that price (Â£200)
<edmoore> thefish: cool, I am uk too so I can talk to your in english
<thefish> huzzah!
<edmoore> dabs.co.uk - i got an intel e2200
<edmoore> 2gb ram
<edmoore> gigbyte g31 s2l mobo
<edmoore> a 250gb seagate barracude hdd
<thefish> cool
<edmoore> an antec nsk1380 case (really like it)
<thefish> any idea of power consumption?
<edmoore> and a pci wifi card
<edmoore> no, though not much. The case comes with a high efficiency 350W psu
<edmoore> which I don't think it at all taxed
<edmoore> I also splashed out on a zalman cooler, though there's only just room for it
<thefish> k
<edmoore> I probably wouldn't bother with it if I had my time again
<edmoore> and runs ubuntu server, but you could probably have guessed that given where we are :)
<thefish> mm nice case
<edmoore> I actually spent a little more on my box - I got a second idential hdd for software raid1, and 4gb of ram, but that's because it'll be running sims
<edmoore> yeah - space is a bit tight inside but quite manageable
<edmoore> and the psu comes with a 120mm fan which is a joy - totally silent
<thefish> cool
<thefish> running sims?
<edmoore> physics/engineering simulations
<thefish> ah ok
<edmoore> chews up 100% of one core and about 2.2GB of ram for days at a time
<thefish> ye spose they run for a while
<edmoore> the other core and the rest of the ram is for the serving bit - files, websites, etc
<thefish> ill only want mine for really easy stuff
<thefish> nas
<edmoore> so my system came to Â£297
<thefish> k
<edmoore> but if you loose the extra ram and hdd and other bits I bought (wireless pci, zalman fan) you'd probably be under Â£200
<edmoore> and you'd have a lot more grunt than the eeebox
<edmoore> mobo has built in graphics, though I've not installed any flavour of X
<edmoore> if you do go for a non-stock cpu cooler, check it has a 4-pin connector - the mobo has the newer 4-pin pwm speed control connectors, rather than the older 3-pin type which my zalman came with. I beleive the stock cooler is 4-pin, but don't quote me on that
<thefish> ah k
<thefish> ye for me though, low power has more weight than max grunt :)
<edmoore> they are compatible, but if you plug a 3 pin into a 4-pin mobo connector, it just runs at 100% all the time, which is a pain if you're in the same room as it
<thefish> tasks: nas, screen/irssi, maybe a bt every now and then.
<edmoore> true - what's the psu on the eeebox do you know?
<thefish> no not sure
<edmoore> certainly the atom will be more ecomonical to run than a core 2 duo
<thefish> all i can find is marketing type stuff
<thefish> http://www.nexus13.com/productcart/pc/viewPrd.asp?idproduct=1376&idcategory=0#details
<thefish> ye defs, at the moment i have a core2duo that i can WOL if i need it
<edmoore> it really is a tiny thing isn't it
<thefish> and a wrt that does the basics
<thefish> ye totally, and im thinking that thing tucked away in a corner somewhere just doing its thing
<thefish> might even be able to claim back the windows tax
<edmoore> yeah that put me off
<edmoore> I saw the eeebox on trusted reviews and though 'oooh yes please' but thn the more I looked into it the more I realised a DIY would be better for me, and a week later I bought my box, which I have now had for a week
<thefish> cool
<thefish> ah actually theres a linux and a windows version
<thefish> same price
<thefish> 65W power adaptor
<thefish> on the eee ^
<edmoore> thefish: case closed then, I reckon :)
<thefish> seems like it, thanks for telling me about the dev box though
<thefish> reckon goals are slightly different
<thefish> i would like to replace the "hog" with a box like that though
<edmoore> thefish: cool, well I may well look at the eeebox when it's time to get a NAT
<edmoore> stick openBSD on it and bob's your uncle.
<thefish> i was reckoning jeos
<thefish> just cos its what i know
<thefish> why bsd?
 * edmoore goolgles
<thefish> jeos is a way cool stripped down ubuntu server ;)
<edmoore> oh cool, looks neat
<edmoore> I want to try openBSD just because it looks cool and everyone keeps hammering on about how secure it is. I like the idea of it on a set and forget gateway machine
<hads> ALIX boards are good for that sort of thing.
<thefish> ye the bsd firewall looks really cool, seems to have built-in failover stuff
<edmoore> hads: I'd not come across them, thanks for the recommendation. They I have some old bits lying around - 12GB hdd and a celeron and a gig or ram. that should be plenty for a nat, I hope
<busfahrer> Excuse me, I'm trying to get a program that I installed manually to autostart at boot-time. What is the clean, correct way to do so?
<soren> busfahrer: Either create an init script for it (see /etc/init.d/skeleton for an example) and add that to the the run levels you want to run it at, or you could just add a command to someone's crontab and set it to run "@reboot"
<ghaleb> hello, when I flush my iptables ( sudo iptables -F ) the firewall blocks everything
<erik78se> check your iptable default policy
<erik78se> its probably set to "DENY"
<erik78se> or DROP rather
<gargoyle> Quick one, what's the meta package to perform the same actions as if I had chose LAMP from the installer?
<sommer> Koon: good morning, I noticed that likewise-open and samba use secrets.db files in different locations... just wondering if there are any plans to combine them?
<Koon> sommer: I confess I'm a little lost on samba/likewise-open combinations. I was hoping some enlightenment from jerry about this
<sommer> Koon: that's cool, I was just working on documenting Samba and AD integration, and there's a pdf from likewise that instructs to symlink /var/lib/samba/secrets.db to /etc/samba/secrets.db
<sommer> Koon: I don't mind documenting that, but is just didsn't seem to follow the "debian" way of doing things... not that big a deal though
<Koon> which one uses the file in /etc ? Likewise-open, I suppose
<sommer> yep likewise
<Koon> hm. That should be fixed (even if not a regression)
<Koon> you cannot really consider it a "configuration file"
<sommer> Koon: okay, I just noticed it on the version in your PPA... I tested leaving a domain, and didn't have any problems, just fyi
<Koon> soomer: cool. A new code drop is supposed to happen soon, dendrobates might be handling it though (I leave for vacation tomorrow morning)
<Koon> I'll make sure he knows about that secrets.db thing
<sommer> cool, thanks man
<sommer> it is pretty slick to configure samba with likewise-open, just need to get the kerberos and mount.cifs working :)
<moldy> hi
<moldy> (8.04.1) can i setup lvm+raid during installation?
<moldy> the installer asks me for lvm, but i don't see any raid options
<sommer> moldy: you can try out these instructions: http://doc.ubuntu.com/~mdke/test/serverguide/C/advanced-installation.html
<sommer> moldy: that's the draft version of the serverguide so if you notice any problems, please let me know :)
<sommer> moldy: being development they're geared toward intrepid, but the overall process is the same for hardy... just no boot degraded options
<moldy> sommer: thank you
<sommer> moldy: np
<zul> infinity: ping when you are around can you look at the php5 ftbfs Im totally stumped
<moldy> sommer: hm. i configured sw raid. then i selected the sw raid device for "use as physival volume for lvm"
<moldy> but how can i format/configure that device now?
<sommer> moldy: I'm not sure of the exact process of combining software raid with lvm (mostly used them seperately), but you'll probably need to create a partition on the volume group
<sommer> moldy: have you created a volume group?
<moldy> sommer: ah, i think i got it now
<moldy> created a vg and an lv now
<sommer> ya, that's it, then once you have an lv you can create a partition, then it's pretty much the same as a normal install
<sommer> err... I think :)
<moldy> hmmm, i cannot create more than one partition in the lv
<moldy> ah, this is normal?
<sommer> I only have one per lv, guess I've never tried creating multiple
<sommer> if you had multiple partitions per lv, then how could you expand the lv?  I don't think the system would know which partition to expand
<moldy> makes sense
<moldy> i wasn't sure anymore... i created multiple lv now
<moldy> actually it's pretty straightforward
<moldy> ;)
<sommer> heh, there starts to be a lot of terms to learn when you get into raid + lvm + partitions, and what not
<moldy> ya
<mok0> What happened to JeOS?
<mok0> Can't find it
<moldy> hm, is it normal that ubuntu 8.04.1 server uses lilo in stead of grub?
<trakinas> hi all! Im having troubles with both cronjob and ssh.
<trakinas> first, lets try to solve ssh... it simple cannot identify my keys.
<trakinas> *simply
<thefish> trakinas: what error do you get?
<trakinas> thefish: from putty that it rejected my key
<trakinas> simply that
<thefish> what error message?
<trakinas> just it: Server rejected our key
<trakinas> nothing more.
<thefish> ok, it could be permissions on the server side
<thefish> you have put the public key into ~/.ssh/authorized_keys on the server?
<trakinas> yep.
<thefish> what are the permissions on ~/.ssh and ~/.ssh/authorized_keys
<thefish> should be 700 on .ssh and 600 on authorized_keys iirc
<trakinas> public is -rw-r--r--
<thefish> ?
<trakinas> the public key
<trakinas> sorry!
<thefish> ok never mind the public key mate, please answer the question
<thefish> these dirs are on the server
<trakinas> it is on the server side.
<trakinas> yep
<thefish> right
<trakinas> and these are the properties for the key.
 * Deeps holds thefish's hand
<trakinas> -rw-r--r--
<trakinas> Deeps: =(
<thefish> Deeps: :)
<thefish> what are the permissions on ~/.ssh and ~/.ssh/authorized_keys
<thefish> trakinas: what are the permissions on ~/.ssh and ~/.ssh/authorized_keys
<thefish> for the main prize
<trakinas> the authorized_keys are -rw-------
<trakinas> and that is 600, afaik
<thefish> good, thats what we want
<thefish> ok, have you checked in /var/log/auth.log for errors?
<thefish> you can turn up logging in /etc/ssh/sshd_config with the LogLevel directive if needed
<owh> Hmm, the meeting doesn't seem to be scheduled in #ubuntu-meeting, does that indicate that it's not happening?
<trakinas> thefish: no error message with my user.
<trakinas> what is annoying me is that some users can use the key, and mine cant.
<thefish> ok trakinas, have you modified the sshd_config file at all?
<trakinas> thefish: only when installed it.
<thefish> you modified it, or just installed it?
<zul> meeting in a hour isnt it
<trakinas> thefish: made only some changes on the port.
<thefish> ok fair enough
<trakinas> thefish: in spite that, it is using both pass and keys.
<thefish> is putty using this port?
<trakinas> xyep
<thefish> you *only* changed port?
<owh> zul, That's what I thought, well, 60-18=42 minutes :)
<trakinas> i can login with password
<trakinas> thefish: yep.
<trakinas> quite sure. checked the conf already.
<zul> owh: hourish ;)
<thefish> ok cool
<owh> zul, next you'll be saying that 16 bit is like 32 bit :)
<thefish> trakinas: so you used puttygen to make the keys, then copied the public over to authorized_keys?
<zul> owh: heh
<trakinas> thefish: yes. didnt work. tried using keygen on the server side and importing to putty.
<trakinas> did not work either.
<thefish> ok trakinas, on the server: sudo tail -f /var/log/auth.log
<thefish> that is now watching auth.log for any changes (and we should see at least *something* from putt)
<thefish> then while thats runing, try to log in from putty, and see if any logs are made
<trakinas> nothing... seriously...
<trakinas> I will try from the begin. Let me remove all my keys and try it again
<thefish> ok, lets turn it up
<thefish> ok good plan
<trakinas> user keys, not server keys.
<thefish> keys are keys
<thefish> mostly
<thefish> so you will make the key with puttygen then copy across the public key?
<trakinas> thefish: to be honest, Im kind lost.
<thefish> trakinas: ok no worries, i happen to have a windows machine here, and 10 mins to spare :)
<thefish> so lets open puttygen
<trakinas> thefish: should I copy the public key from /etc/ssh to my .ssh/  or simply generate my key?
<thefish> no
<thefish> trakinas: you are on a windows machine, trying to ssh to a linux machine?
<trakinas> okay! so i was on the right track, at least.
<trakinas> thefish: using keys. password are okay.
<trakinas> thefish: win to linux. correct
<thefish> ok cool
<thefish> are you comfortable on how public/private keys work?
<trakinas> thefish: kind of. lets say that this server wasnt my responsability but it became from a day to another.
<trakinas> thefish: so i had to study really quickly all these things.
<thefish> trakinas: ok, i would read up a bit about public keys.
<trakinas> im more of pythin programming on linux then with network.
<thefish> never heard of pythin
<thefish> is it good?
<trakinas> thefish: heck yes! is a fork of python! =P
<thefish> :P
<thefish> ok cool, so pubkeys
<thefish> with this type of auth, we use keys. the keys have 2 parts: a public key and a private key
<trakinas> thefish: Im cool with that. go on.
<thefish> now say we want to exchange data
<thefish> i will need your public key
<thefish> i will then use your public key to encrypt the data
<thefish> after this, only your private key can unlock it
<trakinas> right.
<thefish> there is a lot more to it than that, but we use this for auth
<thefish> so now i need to leave my public key on the server, and keep the private key very safe
<trakinas> okay.
<thefish> i will then ask the server to log in, and provide info that only the holder of the private key can have
<thefish> the server verifies this with thepublic key
<thefish> so, your windows computer will have the private key, in putty or pagent i think
<trakinas> yep.
<thefish> and the public key from puttygen, will go into /home/{your-serverside-user-name}/.ssh/authorized_keys
<trakinas> so far, so good.
<thefish> a public key may look something like: ssh-rsa
<thefish> AAAAB3NzaC1yc2EAAAABIwAAAgEA7/qSuP8VvUysxPp6ojwnML1v4w8rQ+9xY4npsFQkYA0kOZoGhfbrVf9tBxH6DyDLaa9pE/xd+vSP4IR+dL8mwM98w6uKne7Pdl7hBe5a/DM5EHS4cqOxa+t0CijsNR0i/tY177IqDrzJJxzBKXJm2V8ndXI8350job7+RwnphA+frvfcowSGxnT6eJ+i8N9fWlqUDv2CljOni4+Ti6ELXYjAb/NLGBv3nB16cvnhZgz17q9okegB0uuzgPLfRK7nLV2Rdxe0C7ArurP5IHz4IZ9OGlcMaqUKU+0mB1H7xrRPs6YXC8lWp3TYJKkN35Bm3y6V/3h62t8o2BpFVGOL3VezCO/ySeBjv6ur1GPySiG4OzGM7xQjvk6typZbTC30pOKOoFVfYKYuMfwLNI+yelMmoue6VKWN5/
<thefish> 7NOBGrdELSjVO4gt6vv4f2OMA9RhFvfXJcgwiBDIren4VXhw2CeDVq4ESWsBY4pYHryqWlCqS4CEiaO7/NfKGDlB5WTvAoKaYIPi8ofTYriSUj0S1tOM8dNAzrDqUnJzFVTubYua6dyzp+Z/GqqJkA5ND0sxrdLKwm7x9u+8Unn7KeZzSU3ODpxhsNRo8GUdvgn4tK3aBnqcTHQcwbeshuJhEXv7hMSHCMxxALYqvUKjy0NRt6D7uCTPncGNadW9selWOrgmk=
<thefish> sorry for flood! that looked like a 1 liner from here...
<trakinas> one sec! boss is calling
<dusty_> Hey guys, I have a firewall script: http://rafb.net/p/52ujkq51.html and relevant entries in syslog.conf restarted syslog and in my firewall script i log ssh connections, so i made an ssh connection to my server and nothing appeared in /var/log/firewall.  I took the iptables script down, added one line to test logging which was: iptables -A INPUT -j LOG and then i hit 'dmesg' or tail /var/log/firewall and my logs are
<dusty_> pounded with iptables traffic, so why does it not log with my current example what am I doing wrong ?
<trakinas> thefish: Im alright with that.
<trakinas> thefish: key generated, saved, uploaded to the server, chmoded to 600.
<trakinas> thefish: the is also a ssh2 dir, should I upload it into there?
<thefish> trakinas: what distro is the server?
<trakinas> thefish: not sure if it is 7.10 or 7.10 upgraded to 8.smth
<trakinas> one sec
<trakinas> kernel version helps
<trakinas> ?
<thefish> ok thats fine, no worries
<thefish> you have only the 2 computers?
<trakinas> or is there any command to check the distro version:
<thefish> trakinas: its not needed, but a useful one is `lsb-release -a`
<trakinas> thefish: no. a bunch of them. loggin through password works great.
<trakinas> with the quotes?
<thefish> ok so its just key login that we need to fix ye?
<trakinas> yep
<thefish> those are backtics, and no
<trakinas> thefish: thanks! did not know the name. "english are not me first language"
<thefish> i guessed that trakinas ;)
<trakinas> :]
<thefish> trakinas: please do "grep AuthorizedKeysFile /etc/ssh/sshd_config"
<thefish> on the server
<thefish> it should return just one line
<trakinas> AuthorizedKeysFile      %h/.ssh/authorized_keys
<trakinas> not commented.
<thefish> ok cool, so this is the file that need to have the public key in it
<dusty_> anyone ?
<trakinas> thefish: i can paste bin it in somewhere.
<thefish> yes please trakinas
<mok0> How do you remove a public key from ~/.ssh/known_hosts?? It used to be that the host name was in the file, but no longer
<sommer> ssh-keygen -R hostname
<thefish> mok0: with vi - :set nu
<thefish> sommer: nice one, didnt know that, i always went to the file and searched for the line number :)
<owh> sommer: Cool, I didn't know that :)
<sommer> :-)
<owh> thefish: Ditto :)
<Deeps> or just :<line number: to jump to that line
<mok0> thefish: how do I know the line number?
<owh> mok0: It says so in the error :)
<thefish> mok0: the error
<thefish> pff fast typists
<mok0> ah
<mok0> heh you're right
<owh> You all know about ssh-copy-id while we're at it too?
<thefish> owh: ye that saved me much caffeine :)
<thefish> ssh-add was like a religious experience
<thefish> or however you spell that
<mok0> owh: nope, but it's cool!
<thefish> hows this for cool, discovered today: you can use "screen" to share a tty
<thefish> and have many viewers or participants
<owh> Yup
<thefish> damn thats nice
<thefish> i had to show a guy in another town how to do a specific ubu server setup
<thefish> just screened it
<owh> And you can use it to log what you were up to, so you can log into a server maintained by someone else and fix their server while they make sure that you're not fsking with it :)
<thefish> ye
<thefish> theres some cool clipboard stuff as well, not played there yet though
<thefish> owh: know any cool tricks for updating many servers at once?
<thefish> apt-lots-of-them update...
<thefish> fedora now has the super cool spacewalk
<thefish> and i know theres landscape, but its pretty pricey
<owh> Dunno, but I'm in a meeting in #u-m
<mok0> thefish: look at dsh
<owh> (That's the ubuntu-server meeting BTW)
<thefish> mok0: cool, will do
<mok0> thefish: another gem from Junichi-san
<thefish> cool
<[diablo]> thefish, mish
<thefish> mok0: i guess you mean Dancers' shell, not "Deliberate Self-Harm" ;P
<mok0> heh
<thefish> [diablo]: ello
<[diablo]> thefish, that u mate?
<thefish> pity people like [diablo] are allowed on this channel, it spoils it for the decent folks
<[diablo]> ok, it's you
<thefish> where do i report that [diablo] is trying to cyber me?
<[diablo]> JAJA
<thefish> mok0: cool, but i really would like something like landscape, that says what updates are available for each server, and shows any errors etc that may happen
<mok0> thefish: landscape is not too expensive
<thefish> check out http://www.redhat.com/spacewalk/
<thefish> mok0: $150/year/node is too expensive here
<mok0> thefish: oh, I didn't know it was per-node
<thefish> ye
<thefish> for an "important" server, i wouldnt go without it
<mok0> thefish: well, then I stand corrected
<thefish> but most here are easily replaceable etc
<thefish> mok0:  http://brainstorm.ubuntu.com/idea/6338/
<mok0> thefish: interesting reading...
<thefish> ye totally
<mok0> thefish: I rely on cfengine to do most distributed maintenance
<mok0> thefish: you could set it to do apt-get dist-upgrade if you wanted to
<thefish> mm, looks interesting
<thefish> will it report back and say server X needs this update, and server Y failed on update Z?
<mok0> thefish: personally, I like to watch ;-)
<thefish> hehe
<thefish> rhn is really cool like that as well
<mok0> thefish: no it is completely standalone
<thefish> ok
<mok0> thefish: you mean the redhat cluster utils?
<thefish> na rhn, for keeping the servers updated
<thefish> same as landscape pretty much
<thefish> mok0: https://rhn.redhat.com
<mok0> thefish: hm, google finds RedHat Network
<mok0> ah thx
<thefish> its really useful for big distributed missions
<thefish> does alerts etc as well
<mok0> thefish: costs money though
<thefish> yep, costs, but for main servers its worth it
<thefish> comes with the subscription though
<mok0> thefish: probably cant install .debs though :-)
<thefish> hehe
<thefish> i was thinking about that as a spacewalk addon
<mok0> thefish: seems spacewalk is based on kickstart
<mok0> thefish: ... another redhat thingie
<thefish> k
<mok0> thefish: I don't think kickstart is supported by Debian/Ubuntu
<thefish> i doubt it
<thefish> im using zenoss to monitor, so we get all that, but it would be really nice to add updates to that
<thefish> so much less work
<mok0> We just have a really simple script that does an ssh to all machines with "apt-get dist-upgrade"
<thefish> dont you worry about that one day beating you up and stealing your lunch?
<mok0> thefish: yes :-)
<thefish> and what about config file updates etc
<thefish> hehehe
<mok0> thefish: it doesn't happen very often though
<thefish> ye
<mok0> thefish: cfengine takes care of config files
<thefish> aah ok
<thefish> seems similar to puppet
 * mok0 looks 
<mok0> yeah
<kpettit> is there any good docs for keeping a internal repository for ubuntu?  Basically I have a slow network connection and a bunch of ubuntu server and want to avoid downloading when possible
<thefish> kpettit: http://www.subvs.co.uk/apt-proxy_on_ubuntu
<kpettit> thefish, looks perfect.  Thanks
<thefish> :)
<thefish> kpettit: one change:
<kpettit> ?
<thefish> on the clients, dont change their sources.list
<thefish> create a file /etc/apt/apt.conf.d/02proxy
<thefish> inside, put: Acquire::http { Proxy "http://ip.of.server.box:9999"; };
<thefish> that assumes you use port 9999
<kpettit> ah ok.  I'm going to go through it right now.
<kpettit> I'm starting with a fresh office and machine, it's nice to get a chance to start from scratch
<thefish> ye totally
<thefish> kpettit: you may also want to check out apt-cacher-ng
 * kpettit looking it up...
<thefish> not very much docs, but you may have less problems than apt-proxy
<kpettit> ok.  I'm install both packages.  I'll go the path of least resistance
<kpettit> would doing something like a nfs share of /var/cache/apt/archives work?
<infinity> zul: pong...
<zul> infinity: hey I been fighting the php5 ftbfs without much success if possible can you take a look at it?
<infinity> zul: That does look pretty stumpy.  I'll have to test locally.
<zul> infinity: thanks I was able to reproduce it locally though
<infinity> zul: Well, yes, but local reproduction is the first step to then sorting out WTF. :)
<zul> infinity: heh
<kpettit> thefish, sharing the cache directory over samba seems to be doing the trick.  I'm trying with 32 and 64bit machine.  Going to see if I can create colisions in the "partial" directory to see how it does with that
<thefish> ouch
<kpettit> I'm going to be the one updating all the machines so I don't worry about a collision that much, but I'm curious what will happen
<thefish> kpettit: apt-cacher-ng is seriously less work, and was built for purpose
<kpettit> I just finished the download for that one.
 * kpettit checking it out
<thefish> the download?
<thefish> sudo apt-get install apt-cacher-ng
<thefish> done
<thefish> then just add the 02proxy file to each client
<kpettit> yeah, it just took apt-get a bit to grab it.
<kpettit> slow network connection here
<thefish> k
<kpettit> your right about the docs being sparse
<thefish> kpettit: thing is you dont really need em, just install the server, config the clients and fire away
<thefish> with apt-cacher-ng, there is a http interface as well, shows you how much your cache is being used etc
<thefish> make sure the ports match though, i think apt-cacher-ng doesnt use 9999 as default
<kpettit> ah that's cool
<thefish> kpettit: working?
<kpettit> still readying through the docs I found.  The had some HTML docs in /usr/share/doc
 * delcoyote hi
<kpettit> thefish, I've got my apt-cache-ng server started on port 9999.  On the client I want to test I created that 02proxy file.
<kpettit> Do I need to start apt-cacher-ng on the clients as well?
<thefish> kpettit: no
<thefish> just apt-get update etc
<thefish> do one full upgrade, then on the next ones it will be lan speed
<kpettit> ok.  Doing that now.
<kpettit> how can I tell if it's worknig?
<thefish> you can also import apt-cache if you have some
<thefish> kpettit: i guess sudo netstat -untap will show you it listening/transferring
<thefish> ps will show on the server as well
<thefish> but on the client, sudo netstat -untap will show a connection to the apt-cacher-ng server
<kpettit> The client is listening like it wants to be a server
<thefish> you installed apt-cacher-ng on the client?
<kpettit> yes
<thefish> its *just* for the server
<thefish> remove from the client
<thefish> 1: install apt-cacher-ng on server
<thefish> 2: edit/create /etc/apt/apt.conf.d/02proxy on the clients
<thefish> 3: sudo apt-get update && sudo apt-get upgrade on the clients
<thefish> 4: profit
<kpettit> ah ok.  IN the html instructions it shows the 02proxy in the apt-cacher-ng directory.  That's what confused me.
<thefish> :)
<infinity> zul: Well, for starters, it doesn't help that config.sub is completely missing...
<zul> how the hell did that happen?
<infinity> zul: Not sure.  It's not something we dropped in a patch, it should be copied into place in the build.
<zul> infinity: thats weird because I tried the previous version and the same thing happens
<infinity> zul: Yep.  I'd assume autotools breakage.
<zul> infinity: lovely
<kpettit> thefish, it's working!  Thanks allot for the help.
<infinity>   * bin/autoreconf.in: Check whether libtoolize supports --install, if it
<infinity>     does, libtoolize is safe to run at all times since it will not install
<infinity>     new files unless --install is passed to it as well.
<infinity> I might blame that change.
 * infinity rolls back autoconf to test his theory.
<kirkland> mathiaz: are you reviewing dendrobates's landscape-client package today?
<mathiaz> kirkland: done already
<mathiaz> infinity: zul: yes - it's libtoolize
<kirkland> mathiaz: ah, cool, okay.  is there a debconf question that prompts for a launchpad key?
<mathiaz> infinity: zul: you have to use the -i option so that it installs config.sub,guess
<mathiaz> infinity: zul: -f will just delete the files, but not update them
<mathiaz> infinity: zul: I've already fixed cdbs to do so
<mathiaz> kirkland: nope
<mathiaz> kirkland: are you looking for debconf examples ?
<infinity> mathiaz: Ugh.  debian/rules doesn't libtoolize, it's the upstream source.
<infinity> mathiaz: Yay, backward compat!
<kirkland> mathiaz: i have read the debconf documentation
 * mathiaz tries to find an package that has a simple debconf setup
<infinity> zul: s/--copy/--copy --install/ in debian/patches/033-we_WANT_libtool.patch should do the trick. Testing.
<infinity> zul: Yup, that fixes it.
<infinity> zul: I'll just upload this here.
<zul> infinity: cool thanks for the help I appreciate it
<mathiaz> kirkland: you may look at mysql-dfsg-5.0
<infinity> zul: Or... I would if FreeTDS worked.
<mathiaz> kirkland: especially mysql-server-5.0.config and mysql-server-5.0.templates
<kirkland> mathiaz: yup, prompting for the root password, right?
<kirkland> mathiaz: that's what I'm emulating
<mathiaz> kirkland: yes - there is such an example
<zul> infinity: I think there is a patch in debian about that
<mathiaz> kirkland: ah ok - there is also openldap
<kirkland> mathiaz: okay, i'd like to work off of dendrobates' populated landscape-client package...  is it uploaded yet?
<mathiaz> kirkland: nope - there are some changes needed
<zul> infinity: I can fix that one if you want
<mathiaz> kirkland: the package is not ready for upload IMO
<kirkland> mathiaz: okay....
<mathiaz> kirkland: the difference between mysql and openldap is that mysql keeps the root password in the debconf database while openldap wipes it out
<kirkland> mathiaz: perhaps i'll just send him a patch
<infinity> zul: Ahh, I see the Debian patch.
<zul> infinity: I can just apply it locally and upload the fi
<zul> fix even
<infinity> zul: Sure, go nuts.
<zul> infinity: again thanks for the help
<infinity> zul: NP...
<infinity> zul: 10-to-1 odds that the s/--copy/--copy --install/ will make the package non-backportable, BTW.
<infinity> zul: So we'll need to add more logic to detect if --install is supported before using it, if you care.
<zul> infinity: ill mention it in the changelog then
<infinity> Oh, wait.
<infinity> zul: Nevermind.  Unwait.
<zul> k
<infinity> zul: autoreconf has --install checking support built in.  But, of course, php doesn't USE autoreconf anywhere. :)
<zul> heh silly rabbit
 * infinity shrugs.
<infinity> zul: FWIW, autoreconf's test pretty much just consists of "grep -- --install `libtoolize --help`"
<infinity> zul: Would be easy enough to add that to the libtoolize patch and make it backportable.
<infinity> zul: (I can do that and submit a patch, if you like)
<zul> infinity: yes that would be nice
<zul> im doing a test build anyways
<infinity> zul: http://lucifer.0c3.net/~adconrad/
<zul> infinity: thanks
 * infinity should commit the same to Debian SVN...
<infinity> zul: Committed to Debian SVN as well, so it's a patch you won't have to carry after -3 is out.
<zul> infinity: cool
<zul> i seriously hate php5 now
<zul> infinity: its bitching about dlsym now
<zul> infinity: http://pastebin.com/m3a417348
<lamont> zul: it doesn't have to be 5 for me to hate it
<zul> lamont: im discovering that as well
<lamont> Please Hack Promptly
<lamont> though, to be fair, these days it's mostly other things that are still propagating the original "security-clueless php snippets"
<zul> its just not building
<infinity> zul: Can you bounce your patch to me?
<trakinas> when trying to use keys for logging into the ssh i receive this: FATAL ERROR: Server unexpectedly closed network connection
<lamont> trakinas: the obvious-and-possibly-painful answer to that is: what does the error log on the server say?
<trakinas> nothing...
<zul> infinity: people.ubuntu.com/~chucks/depreeciated_freetds_check.patch
<kees> kirkland: ah, /dev/null for dev map, yeah, I get it now.  cool.
<kirkland> kees: okay good
<kirkland> are you looking at http://bazaar.launchpad.net/~kirkland/grub/33649b/annotate/841?file_id=grubinstall_better_r-20080808231927-tsz86l2dgjy6usoc-1 ?
<kirkland> kees: that's the best, most current patch to look at
<kees> kirkland: yeah
<kees> kirkland: rockin' yeah, looks good.  I'd like to test it some, but it's probably good enough to upload if cjwatson has looked it over too
<kirkland> kees: cjwatson is out on vacation
<kirkland> kees: i've been working with slangasek on it
<kirkland> kees: he was almost happy with it friday
<kees> kirkland: ah! right, cool.
<kirkland> kees: recommended one change, which had a trickle effect, the result is the current patch you're looking at
<kirkland> kees: i'm hoping he'll ping me sometime today with a thumbs up
<kirkland> kees: i've tested the heck out of it
<kees> kirkland: I ran into him briefly, I'll check
<kirkland> kees: thanks.
<kirkland> kees: i'm trying to get this into alpha4, which probably necessitates action very, very soon
<kees> kirkland: if you can prep the source.changes and associated files somewhere, I can upload them.
<kirkland> kees: um, grub is managed in bzr
<kirkland> kees: which is why i have a bzr branch
<kirkland> kees: i have the changelog entry and stuff in that same branch
<juannicolas> Hi, can someone help me how to install postgresql8.0 in ubuntu hardy? apt-get can't find the pkg in the source list.
<juannicolas> I'm trying to install postgresql 8.0 via source but is asking for to many libraries
<kees> kirkland: right, but it still needs to be uploaded.  :)
<kirkland> kees: interesting, okay...  so what do you need from me?
<kirkland> kees: a debdiff, or a bzr branch?
<infinity> zul: That's really, really weird... autotools isn't converting that one m4 snippet into shell... And only that one, afaict.
<zul> remove it then?
<infinity> zul: That would be the brute force option, but I'm more curious about the real bug here.
 * nxvl HUGS zul 
<zul> hi nxvl
<nxvl> zul: thank you for your comments!
<zul> nxvl: no problems
<infinity> autoconf is rewriting aclocal.m4 ... That seems just wrong...
<infinity> Oh, no, the build system is doing that.
<infinity> That makes slightly more sense.
<infinity> And the new libtool doesn't ship that macro in aclocal.
<infinity> \o/
<infinity> zul: Meh.  Fixing that just leads to more libtool failures later.
<zul> heh
<infinity> Configuring libtool
<infinity> ../configure: line 135465: LTOPTIONS_VERSION: command not found
<infinity> ../configure: line 135466: LTSUGAR_VERSION: command not found
<infinity> ../configure: line 135467: LTVERSION_VERSION: command not found
<infinity> ../configure: line 135468: LTOBSOLETE_VERSION: command not found
<infinity> Etc, etc.
<infinity> zul: I'd recommend putting together a package that fixes the non-libtool bugs, then dropping it in Keybuk's lap with a big red bow and a tag marked "HALP!"
<zul> frig Ill do that first thing in the morning I have to go pick up my son from the day care
<kees> kirkland: a bzr branch plus a regular source.changes fileset to upload at the same time.  :)
<uvirtbot`> New bug: #257411 in samba (main) "mount.cifs ignores iocharset even specified" [Undecided,New] https://launchpad.net/bugs/257411
<Guest45207> need some smb.conf help, can't seem to authenticate at the group level
<Guest45207> here's the smb.con http://pastebin.com/d146764bf
<sommer> Guest45207: does %S map back to a group name?
<Guest45207> how can i check
<Guest45207> it did on the previous server i used the config file on, however that was not using ldap
<sommer> not sure, probably in the log file...  you have have to set a higher log level
<sommer> err, "may have to"
<sommer> Guest45207: what group are you trying to force to?
<sommer> you might try "force group = @group_name" where group_name is a system group
<Guest45207> ok, i'll give that a shot real fast
<Guest45207> i though that's what the valid users thing took care of the "@bclab"
<sommer> yep, but if %S isn't a system group, Samba isn't going to know which group you to authenticate to... at least if %S isn't a system group
<Guest45207> putting in force group = @group makes the share unusable
<kirkland> kees: is this what you need? http://pastebin.ubuntu.com/36964/
<kirkland> kees: looks like grub has released a few times... 0.97-29ubuntu34
<kirkland> kees: my work would create grub_0.97-29ubuntu29
<kirkland> kees: looks like benc and pitti have been active on grub
<infinity> zul: php5 uploaded with several different FTBFS issues fixed.
<zul> infinity: ergh....
<zul> thats good but meh..:)
<kirkland> kees: also, i've been using liferea, with its data in ~/Private ... no problem ;-)
<infinity> zul: Meh?
<kirkland> kees: would you prefer a debdiff against 0.97-29ubuntu34?  I can do that too...
<kirkland> kees: perhaps this is what you want: http://people.ubuntu.com/~kirkland/grub/
<kirkland> kees: most notably: http://people.ubuntu.com/~kirkland/grub/grub.33649.debdiff
<kirkland> kees: and http://people.ubuntu.com/~kirkland/grub/grub_0.97-29ubuntu35_amd64.changes
<kees> kirkland: you'll want to use debuild -S (for a source .changes file).  that's the easiest to sponsor.
<zul> infinity: meh as being php is evil
<ScottK> zul: Isn't that redundant.
#ubuntu-server 2008-08-13
<kees> kirkland: hurrm.  benc and pitti haven't added their updates to the grub bzr tree
<kees> kirkland: or rather, slangasek didn't notice when committing your changes to bzr.  I'll go find him
<kirkland> kees: okay
<kirkland> kees: i am formally baffled/befuddled/bemused by developing on bzr vs. dsc
<kirkland> rather, the inconsistencies among the two
<kees> kirkland: yeah, it's a serious pain currently.
<kirkland> kees: is http://people.ubuntu.com/~kirkland/grub/ what you were asking for, at least?
<kirkland> kees: the changes file therein?
<kees> kirkland: yeah, that's cool.
<nxvl> zul: the evil now is libtool
<nxvl> zul: not php
 * nxvl checks infinity's debdiff
<zul> not its evil
<nxvl> heh, well yes, php is evil, but not as libtool
<kirkland> kees: okay, I'm in a holding pattern then, until i receive further instruction from you or slangasek on what form they want you/he want(s) these changes in
<kees> kirkland: yeah, basically, slangasek and I will clean up bzr and I'll upload the source.changes you put up.  sorry for this goofiness.
<kirkland> kees: cool, thanks for the cleanup
<HellMind> I need help to jail users , i tried the stupids guides  but isnt work, maybe you know something to doit in ubuntu server, the best, easy, and simple way
<HellMind> I want to be a bot
<p4_xxx> hi
<p4_xxx> i have tried to ask Q here but seems nobody answer :-(
<sommer> p4_xxx: what's your question?
<ScottK> foolano: Since dovecot is the standard MDA for Ubuntu, I'm a bit suprised ebox went with courier.
<ScottK> This will pose a problem for getting ebox-mail into Main.
<ScottK> mathiaz: ^^
<mathiaz> ScottK: correct - I think he is working on it
<mathiaz> ScottK: but courier was supported before they moved to ubuntu as their base platform
<ScottK> OK.
<ScottK> mathiaz: Taking a quick look at this one package, I don't think I'd be excited to give them upload rights.
<ScottK> It looks not so good from an FHS perspective and the maintainer scripts are not at all complete.
<emgent> kirkland: ping.
<kirkland> emgent: pong
<ScottK> mathiaz: It's no where near ready for the archive.
<HellMind> help me to jail users
<HellMind> I need something like apt-get install jailpatch
<HellMind> Y
<HellMind> COol :D
<mathiaz> ScottK: hm - could you send an email to foolano with your comments on the package ?
<mathiaz> ScottK: It seems that it may require to get through the sponsoring queue.
<ScottK> mathiaz: I'm not sure I know where to start.
<ScottK> Docs still refer to postfix with VDA patch and it's all very scary.
<ScottK> It's past midnight and I'm trying to relibtoolize courier.  My brain cells are all pretty used up.
<mathiaz> ScottK: right - I see what you mean :)
<mathiaz> ScottK: I'll point out your comments to foolano  - it may not be the best option to ask for ebox upload privilege for now
<ScottK> That's what I'm thinking.
<ScottK> mathiaz: For that one in particular, I'd suggest that the requirement be lamont is happy.
<lamont> any sentence that includes the word "relibtoolize" is evidence that brain cells are getting burned up
<lamont> or even "libtoolize" for that matter...
<nxvl> lamont: try to build courier without relibtoolize it
<nxvl> (actually if you have a better solution please let me know)
<lamont> nxvl: I assert that it using libtool is evidence that it'd be an uphill battle to have me maintain it
<nxvl> :D
<nxvl> it seems that i'm not the only one that hates libtool
<nxvl> :D
<nxvl> awesome
<ScottK> nxvl: You may have been led astray, but let me look into it some more.
<lukehasnoname> ScottK, your dry, constant, quasi-subtle stabs at LP amuse me.
<ScottK> OK.  I didn't think I was being subtle.
<lukehasnoname> It's subtle if the person reading doesn't already know you dislike it. I'm reading the response to the server team meeting.
<nxvl> bed time
<nxvl> read you tomorrow!
<ScottK> OK.  Well it turned out to exist, it was just somewhat hidden.
<ScottK> As it goes, Launchpad isn't so bad, but the fact that it's closed really makes it pretty much impossible for an outsider to contribute even ideas.
<ScottK> Getting really outspoken and filing lots of bugs seems to have some effect.
<ScottK> OK.  That wasn't it.  I'm going to bed.
<p4_xxx> hi, i set up a ubuntu server at home. i have 4 pc that i want them to store and share files. but at the same time i want their own private folder and one folder for shares. i read a data from a link and it worked, but it's just one folder evry one can see all. i ve been reading a lot on samba site but i got confuse, i m new to linux and i would like to know if someone know a site that explain the procces easly tanks
<kraut> moin
<foolano> ScottK: we dont use the VDA patch anymore, unfortunately the doc you read was outdated
<jmazaredo> i have a weird problem i have a router where if i plug my ubuntu server it gives a problem on the network (intermittent connection)
<jmazaredo> i formatted and reinstalled a fresh ubuntu 5 times different hardware different ubuntu dist (desktop/server)
<jmazaredo> any known issue?
<Deeps> dodgy hardware?
<Deeps> network card / cable / switch
<jmazaredo> i used several hardwares
<jmazaredo> all good
<jmazaredo> 1 thing fixed it
<jmazaredo> i installed a centos dist and also plugged it in
<jmazaredo> all becomes stable.
<jmazaredo> dunno how that happen
<chmac> Can anyone recommend a slightly more powerful alternative to Firestarter? I want to configure iptables a little more carefully.
<henkjan> chmac: try ufw
<chmac> henkjan: Sweet, thanks, I'll check it out
<ghaleb> hello, when I flush my iptables the firewall blocks everything
<Deeps> ghaleb: iptables -nL |grep policy
<ghaleb> Deeps, there are no rules
<Deeps> ghaleb: no default policy either?
<ghaleb> Chain INPUT (policy DROP)
<Deeps> there you go, that's why
<ghaleb> I see .. hmm
<ghaleb> so when I flush the iptables .. the firewall drops everything else
<Deeps> if you want to change the default policy, use the -P flag
<Deeps> eg, iptables -P INPUT ACCEPT
<ghaleb> great!
<ghaleb> thank you very much
<ghaleb> to save the config , iptables-save ?
<Deeps> iptables-save will dump it to the screen, you'll want to redirect that to a file
<dusty_> Hrm, I have a default drop all unless i allow it through iptables firewall, i've just noticed that I can make connections to the mysql port, even though i don't allow that in my firewall (only allow 22, 53 and 80).  Can anyone see how myslq traffic can get through this: http://rafb.net/p/28mV0w88.html it doesn't make sense ?
<Ontolog> ubuntu-8.04.1-server-amd64.iso is the right distro for a Xeon 3065?
<soren> Ontolog: I imagine so, yes.
<thefish> whois [miles]
<Ontolog> why is it called "amd"?
<thefish> Ontolog: i reckon you want ia64
<soren> dusty_: "iptables -A INPUT -p tcp -m state --state NEW -j ACCEPT" seems like a good guess.
<Ontolog> ia means intel arch?
<soren> Ontolog: Hysterical raisins.
<soren> thefish: ia64 is Itanium.
<Ontolog> Xeon != Itanium?
 * Ontolog is a hardware noob
<thefish> dont reckon you want amd for intel
<soren> dusty_: It's the third rule you apply. It probably somewhat more promiscuous than you want :)
<Ontolog> but that's what ubuntu.com gives me...
<soren> thefish: Yes, he does.
<thefish> ok
<soren> amd64 is for x86_64, be it Intel or AMD.
<dusty_> soren, hrm, what do you mean, that just allows new connections
<soren> dusty_: Yes... Such as connections to your mysql database.
<soren> dusty_: ...which is what you didn't want. correct?
<dusty_> ahh yeah
<dusty_> so
<dusty_> that needs to be appended to the output chain not input
<dusty_> ?
<Ontolog> ok if I install the 64-bit version, how does that effect software installs?
<soren> dusty_: I can't say "yes", but it's likelyl.
<soren> dusty_: I don't know the policy for your network.
<Ontolog> for example, can if I want to download Apache source and compile and install will I get any nasty surprises?
<dusty_> ok let me try commenting it out and see if it makes a difference
<soren> Ontolog: Probably.
<soren> Ontolog: Why do you want to do that?
<Ontolog> for my project we are using a custom build of apache
<soren> What's custom about it?
<dusty_> ahh sorry i just re-read it, im trying to figure out a way to log properly so i can run some log analysing software
<dusty_> so i wanted to log all new  traffic blocked or unlblocked
<Ontolog> i know where you are going with this
<Ontolog> no i don't want to use ubuntu's apache
<soren> Ah. Then -j LOG rather than -j ACCEPT.
<soren> Ontolog: Then I don't think I understand your question.
<Ontolog> my question was about compiling and install things from source
<soren> And I'm also interested in use cases that our apache packages does not serve.
<Ontolog> well
<Ontolog> in my case, while i love ubuntu, i don't want my project tied to it
<soren> Ontolog: Could you please state it as an actual question?
<dusty_> soren, so just these two rules then : http://rafb.net/p/AgBp1388.html
<Ontolog> all the things directly related to my project are installed under /usr/local from tarballs
<soren> dusty_: You misspelled ACCEPT.
<dusty_> yes sorry i didnt need that rule anyways just hte bottom one
<soren> Ontolog: Well, as long as you're prepared to handle the problems inherent in compiling stuff yourself, there's nothing in particular that should make it more difficult to do so under Ubuntu. In fact, I'd bet it's easier than on most other distro.
<soren> dusty_: Yeah, the last one looks about right (if I understand its purpose correctly, of course).
<Ontolog> thanks my question is not so much about compiling and install from source under ubuntu, i am already doing that, just about the 64-bit OS being a factor
<soren> Ontolog: I see. That was not very obvious :)
<dusty_> soren, log all new connections
<soren> Ontolog: 64-bit Linux installations are so commonplace these days, I wouldn't foresee any problems at all.
<Ontolog> so i can run 32-bit binaries on them?
<soren> Ontolog: In fact, *all* my systems are 64 bit ones, and I'm perfectly happy with that.
<soren> Ontolog: Yes.
<soren> Ontolog: Let me qualify that a bit, though:
<soren> The kernel and CPU will allow you to do so. However, 32 bit applications need 32 bit supporting libraries.
<soren> Ubuntu provides quite a few 32-bit libraries on 64 bit installations, so it might not be a huge problem, but our Apache's are 64-bit ones, when on 64 bit installations.
<soren> ..so we haven't tested (and are not going to, since it's silly) 32 bit Apache on 64 bit Ubuntu.
<soren> Ontolog: Still, I'd very much like to know why our Apache does not serve you.
<ScottK> foolano: The doc I read was the one in the package that according to the minutes you're looking to get sponsored.
<foolano> ScottK: that doc was outdated. we dropped the support for VDA a few months ago. Actually, when I was told by you that there was no way we would package postfix with that patch. I didn't sync the install doc at the time. I've just changed it to avoid problems.
<ScottK> foolano: OK.
<foolano> ScottK: I'm also interested in hearing the packages issues in order to fix them asap
<foolano> s/packages/packaging
<foolano> ScottK: with the FHS issues maybe you were pointing out the /usr/share/ebox/migration stuff?
<ScottK> IIRC the thing that initially suprised me as having your config stuff not in /etc, but I only got about 3 hours sleep last night, so I'm sure I'm not entirely coherent today.
<ScottK> foolano: One thing I remember is that it didn't appear that removing with purge actually removed your conffiles.
<foolano> ScottK: configuration is stored in gconf, so when the packaes is removed debhelper takes care of removing the gconf schemas
<ScottK> OK.
<foolano> ScottK: i gotta go home now, if you fancy talking about this a bit later or when you get some rest it would nice
<foolano> see you later
 * ScottK wonders about the suitability of gconf for server apps.
<Syntux> Good day, Which control panel would you guys recommend for Ubuntu server ? 8.04
<ScottK> Personally I like vim.
<jpds> vim FTW.
<ScottK> kirkland: While asking the user what they want to do when booting degraded makes sense on the desktop, I think it's not very satisfactory for servers.
<kirkland> ScottK: why is that?
<ScottK> Because usually when you reboot a server there's no one looking at any u/i.
<kirkland> ScottK: understood...  but if we don't have this prompt, it simply drops you to a busybox prompt
<kirkland> which is no better, or worse, IMHO
<ScottK> Right.  I just don't want to preclude the ability to automatically boot degraded is that's how the sysadmin has configured it.
<ScottK> is/if
<kirkland> this patch does not preclude that
<kirkland> ScottK: first, BOOT_DEGRADE is read from an /etc configuration file
<ScottK> kirkland: OK.  That's fine then.
<kirkland> ScottK: that can then be overridden or specified on the kernel boot parameters
<ScottK> It just sounded to me like he was proposing that instead of boot degraded.
<kirkland> ScottK: i didn't read it that way
<ScottK> Fair enough.
<cokegen> hi, I'm running a command with cron but it launches an exim process each time is run. What I need to configure to prevent that ? (debian box)
<ScottK> cokegen: Probably a question that should be asked on a Debian channel then.
<thefish> cokegen: i think you can change the MAILTO directive
<thefish> maybe to like /dev/null, not 100% sure
<thefish> but it will try and email each time a cron job is run
<thefish> i need a remote server to open an openvpn tun and reopen if its dropped, any suggestions? want it to start on boot. its so i can always reach it even behind firewalls etc
<_ruben> openvpn has autoreconnect functionality
<thefish> _ruben: cool ill look that up
<thefish> and start it with a rc.x?
<cokegen> ScottK: I will ...
<_ruben> the openvpn debian/ubuntu package has a proper /etc/init.d/ script
<cokegen> thefish: MAILTO directive where ?
<gegema> I am currently mounting a network share using "mount -t cifs -o username=foo,password=bar /mnt" >> I am wanting to add this entry to my fstab, which tab would the username and password belog to?
<gegema> currently I have gotten as far as "//network/share    /mountpt       cifs      "
<thefish> cokegen: in your crontab
<thefish> gegema: my guess is col4 with the options
<sylfire> lo all. anyone here using a xen server? having some issues setting it up, bridged networking
<trakinas> hello all! need some help with cronjob. I created one with root, but it is not being executed.
<sylfire> trakinas: is your cron service running?
<trakinas> sylfire: almost sure it is, but anyways, how can I check?
<sylfire>  /etc/init.d/anacron restart, if you're using anacron
<sylfire> no wait, just checked, mine here on a box says cron, so just /etc/init.d/cron restart
<trakinas> sylfire: * Restarting periodic command scheduler crond                           [ OK ]
<trakinas> so, it was running
<sylfire> do you have the format of your cronjob correct?
<trakinas> i think so. I will pastebin.
<trakinas> sylfire: http://pastebin.us/?show=d3d16bc5d
<sylfire> checking
<sylfire> try converging the output before you say which logfile to write to
<trakinas> I dont have a sendmail running and I dont pretend to configure one (Im leaving this place). so I thought about send them to /dev/null. but I guess I you talking about the log only.
<sylfire> yes, I'm referring to the devnull. Just noted it as "logpath" in my mind, didn't consider the value
<trakinas> hmmm... so, leave it there or should I proper configure one?
<sylfire> make it 2>&1 > /dev/null
<trakinas> like this? http://pastebin.us/?show=m625f672d
<sylfire>  /root/mondo-backup.sh 2>&1 > /dev/null
<trakinas> thank you
<Quest_> any replacement for "knemo" . it shows live network trafic chart/graph ... ?
<Quest_> any replacement for "knemo" . it shows "live" network trafic "gui" chart/graph ... ?
<uvirtbot`> New bug: #257625 in dovecot (main) "Upgrade to Intrepid : Unknown setting: user_global_uid" [Undecided,New] https://launchpad.net/bugs/257625
<jimcooncat> hi. I'd like a guide or dead-tree book on managing user preferences: establishing sane defaults in /etc/skel, applying a preference to an existing user, migrating between machines, etc.
<jmedina> jimcooncat: what you mean with Â«applying a preferenceÂ»?
<jimcooncat> jmedina: let's say I want to remove ipv6 stuff from all my users firefox profiles. Maybe this is a bad example.
<jimcooncat> jmedina: or set default font in gedit for an existing user
<jimcooncat> I'm really looking for an administrators guide that goes deeper than "how to add or delete a user"
<jmedina> well, that depends on the desktok enviroment
<jmedina> not really in the user account
<jmedina> there is a kiosk thing for KDE, you can do stuff like that
<jmedina> but dont know for gnome, I have not used for about 4 years
<jimcooncat> thanks jmedina. I think there's a gnome equivalent in Hardy, and I'll check it out once I get it installed in a couple of machines.
<kraut> wie starte ich das nm-applet?
<jmedina> jimcooncat: maybe that can help you, and yap, I remember a few months ago about that feature in gutsy or somthing
<jmedina> jimcooncat: check this out, http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/desktop-guide/s1-ddg-lockdown-other-kiosk-configs.html
<jmedina> there is a lot information about kiosks in gnome
<jimcooncat> that's really good jmedina. thanks
<jmedina> you are welcome,
<jimcooncat> I found sabayon stuff on gnome website, and policykit. I think I can run with it now.
<dusty_> Hey guys I am trying to make a firewall like so: Default deny all unless i specifically allow it.  I allow ssh and DNS (as its a nameserver). Everything else gets dropped, how can i log the 'everything else' that gets dropped.. ? my ruleset so far is: http://rafb.net/p/AhSDIF36.html i know i use -j LOG but do i do it on the policy lines or how would i achieve this ?
<ScottK> Did you try ufw?  It might be easier to configure that way.
<dusty_> ufw ?
<dusty_> No I have not tried that.
<ScottK> uncomplicate fire wall.
<dusty_> I rather just use plain ole iptables
<ScottK> uncomplicated.
<dusty_> as I only need one rule to log everything that gets dropped
<dusty_> im just not sure how to do it
<jmedina> ScottK: so is there a option for ufw to do that?
<jmedina> never used ufw, but with shorewall it is an easy task
<ScottK> I'm not sure exactly.  If one is uncertain with iptables scripts directly, then it's worth looking into.
<jmedina> with shorewall I specify my policy for example traffic from the internet to the firewall
<jmedina> net    fw     REJECT    LOG
<jmedina> what I see with ufw is that there is no way to filter based on the source and destination
<jmedina> they assume all the traffic is comming from the internet
<jmedina> there is where is complicated :P
<jmedina> maybe it is worth for single interface firewalls, of user firewall
<foolano> dusty_: as your rules are pretty simple add  a "-j LOG "rule at the end of the each chain
<dusty_> foolano, like iptables -A INPUT -j LOG
<dusty_> iptables -A OUTPUT -j LOG
<dusty_> and same for forward ?
<foolano> dusty_: yep, like that. Just make sure you add them at the end of the chain
<dusty_> what do you mean at the end of the chain ?
<foolano> if a packet reaches the LOG rule it will be logged, and after that it will be rejected for your chain policy
<dusty_> what ?
<foolano> dusty_: run iptables -L
<foolano> and you see how your rules are added to the chains
<dusty_> ah
<dusty_> sweet, thank you for your help.
<foolano> np
<dusty_> one curious question thought, I can nmap my server using the -PN option and it replies the open correct ports, how can i stop this ?
<jmedina> dusty_: could you show us the output of nmap?
<dusty_> ofcourse
<dusty_> http://rafb.net/p/Huc0qU17.html
<foolano> well, that's correct
<foolano> you are allowing access to those ports
<dusty_> hrm
<dusty_> is there a way to filter this ?
<dusty_> or is there a way to foil scanners ?
<foolano> ehh no
<_ruben> opened ports are, well, open ...
<dusty_> heh ok
<dusty_> one last question, is there anything i can do to improve on the script (my firewall one) for added security bearing in mind that server is just a nameserver with 53/22 open
<dusty_> ?
<jmedina> dusty, you better improve security on your name and ssh server
<jmedina> this kind of firewall only filters traffic, based on ips and ports, and posibly another tcp/ip flags, but doesnt filter maliciuis packets or attacks specific for your applications
<jmedina> you can use failtoban to protect dictionary attacs for ssh
<jmedina> uses public key autentication
<ScottK> As an example, you can rate limit ssh to a few connections per minute (or use fail2ban)
<dusty_> Yeah i'm looking into fail2ban, so this iptables script is pretty pointless then ?
<jmedina> sad but true
<jimcooncat> port knocking I hear is fun in these situations
<jmedina> that firewall wont protec you agains spoof attacs, for example
<jmedina> I prefere to change the port for ssh
<jmedina> :P and use only public key auth
<dusty_> yeah
<dusty_> thats what i am doing public key auth
<dusty_> i may change the port too
<jmedina> all these robots scanning only use tcp/22 as target
<dusty_> what kinda attacks kind iptables stop then that i can research
<jmedina> dusty_: but then disable password auth
<dusty_> passwd auth is dissabled
<jmedina> that is good
<jmedina> dusty_: check your dns for open relay
<foolano> are you guys having problems to file bugs in launchpad? i'm getting time out error all the time
<jmedina> you can test your dns with http://intodns.com a free and opensource bases dnsreport replacement
<jimcooncat> jmedina: that's what I'm doing. dusty_, changing the port may help a lot for kiddies that are just looking for any open machine. Not if they're targeting YOU, though
<jmedina> jimcooncat: yeap, that when fail2ban enters
<foolano> hey mathiaz, i'm testing the latest slapd and I think I've found an issue with the permissions of /var/run/slapd
<dusty_> jmedina, how can i check if its an open relay /
<dusty_> ?
<jmedina> dusty_: intodns can tellyou
<jmedina> scrolll up
<dusty_> what?
<jmedina> that page
<jmedina> http://intodns.com
<dusty_> ah sorry
<jmedina> you can test your domain, and one of the tests is check if your dns server is open relay
<dusty_> wtf
<dusty_> jmedina, check this out: http://www.intodns.com/stoned-hacker.co.uk
<dusty_> it says the glue records are wrong it says my registar reports one ip and the nameserver another, thats in correct. i just checked at the registrar and the glue records are fine ?
<mathiaz> foolano: what's the issue ?
<trakinas> foolano: i liked your nick. haha!
<dusty_> For ns1.stoned-hacker.co.uk the parent reported: ['78.129.229.42'] and your nameservers reported: ['78.129.229.25']
<dusty_> thats intodns
<dusty_> my registrar:
<dusty_> is .25 for the ip
<dusty_> jmedina, im confused and a little worried over this  ?
<dusty_> ns1.stoned-hacker.co.uk has 78.129.229.25 on my registrar
<dusty_> where does that site get that info?
<jmedina> directly form the the root servers and your own server
<foolano> mathiaz: the ldapi socket, that's the unix socket where slapd can listen on. It's usually within /var/run/slapd. There's even a link from /var/run/ldapi to /var/run/slapd/ldapi. /var/run/slapd hasn't the right permissions to allow anyone to connect to the socket.
<mathiaz> foolano: https://bugs.launchpad.net/ubuntu/+source/openldap2.2/+bug/114438 ?
<uvirtbot`> Launchpad bug 114438 in openldap2.2 "Permissions for ldapi:// socket are too restrictive" [Undecided,Fix released]
<mathiaz> foolano: that's supposed to be fixed now
<foolano> mathiaz: nope, that's not the same. that's bug is related to the file itself. This problem is with the directory permissions
<foolano> mathiaz: i experienced this issue a couple of days ago. the automatic tests of eBox in intrepid failed. I thought it was just for the new backend but this was a problem too. Unless i'm missing something
<mathiaz> foolano: ok - could you file a bug ?
<mathiaz> foolano: I'll get it fixed later, but the archive is frozen for now as we're preparing for alpha4
<foolano> mathiaz: i'm trying :) but it seems lp is a bit busy :)
 * jmedina rembers foolano is having troubles filing bugs..
<sommer> mathiaz: hello, I also noticed a small issue with "sudo dpkg-reconfigure slapd", if the /etc/ldap/slapd.d directory is already there the reconfigure doesn't work
<foolano> yeo
<foolano> that's the nexxt thing i was going to tell you :)
<sommer> foolano: :-)
<edmoore> hi - I'm running server currently without any flavour of gui. Is it as simple as sudo apt-get install ubuntu-desktop?
<dusty_> jmedina, hrm how do i fix this then ?
<dusty_> jmedina, its reporting the incorrect ip ?
<sommer> !servergui
<ubottu> Ubuntu server does not install a desktop environment or X11 by default in order to enhance security, efficiency and performance.  !eBox provides a GUI system management option via a web interface.  See https://help.ubuntu.com/community/ServerGUI for more background and options.
<sommer> edmoore: ^^^ that link has instructions
<jmedina> dusty_: why do you have two A recorsd for ns2?
<dusty_> round robin
<edmoore> sommer, many thanks
<dusty_> and that machine has two ips so i thought i would make use of them (it doesn't harm things does it )
<sommer> edmoore: np
<edmoore> sounds like they don't like it
<dusty_> jmedina, what about the wrong ips for the nameservers i cant see how that can be ?
<edmoore> most of the guides I've found on sharing my ethernet over wifi seem to assume I have a desktop environment, and I'm sufficiently green at this that i don't know how to do it just with cli
<jmedina> dusty_: i check it, but probably is getting confues because your round robin
<dusty_> ah
<jmedina> I dont see why the need, maybe for another host but for a NS record,
<dusty_> ok ill kill it for now
<jmedina> you better configure ns3 :)
<jmedina> dusty_: you should change your SOA time record
<dusty_> what ya mean ?
<jmedina> the SOA retry,, refresh,  expire values
<jmedina> http://verde.e-compugraf.com/jm-confs/bind9/db.ejemplo.com.zone-SIMPLE.txt
<dusty_> dusty@delerious:~$ host ns2.stoned-hacker.co.uk
<dusty_> ns2.stoned-hacker.co.uk has address 78.129.229.42
<dusty_> dusty@delerious:~$
<jmedina> that template pass all the checks and works good
<dusty_> i removed it, looks like its just reading a cached entry
<Mez> dusty_, 2 IPs for an NS?
<jmedina> Mez: that is what intodns says...
<jmedina> :P
<jmedina> so do I
<Mez> that's not supported in the root servers is it ?
<dusty_> jmedina, what is wrong with the times i have ?
<jmedina> they are to small
<dusty_> jmazaredo, ok i fixed a couple things: http://www.intodns.com/stoned-hacker.co.uk
<dusty_> see :)
<dusty_> just got the other issues to fix now
<jmedina> dusty_: there is no need to use a RETRY value to small, why send retry each minute?
<jmedina> when the server is up is up, and more retrys wont put it up
<Mez> last time I ran a check like that jmedina, it moaned at me cause it couldn't handle the fact I had/have 6 nameservers
<jmedina> mez, well you are not normal
<Mez> http://www.intodns.com/sourceguru.net
<jmedina> for a simple setup it works good, afaik intodns is free, so you can contribute and make it work with 6 nameservers
<Mez> jmedina, it wasnt intodns that moaned
<Mez> it was something else
<Mez> though it did just flag up something I should check
<jmedina> good
<jmedina> Ã¬ntodns is good not too descriptive as dns reports but works fine, I remember dnsreorts tells you why the retry value is considerd bad, and gives you the reference to RFCs
<Mez> it flagged up bullshit about it not having glue :(
<Fenix|work> Greetings... quick question... any particular reason as to why these four packages are being kept back when doing an upgrade?         bind9-host dnsutils libbind9-30 libisccfg30
<Mez> !ohmy | Mez
<ubottu> Mez, please see my private message
<Mez> Fenix|work, packages are kept back when the introduce new packages, or remove packages
<Mez> do a
<Mez> sudo apt-get dist-upgrade
<jmedina> or you can install them by hand
<jmedina> yum install
<jmedina> :O
<jmedina> damn
<jmedina> aptitude install bind9-host
<Fenix|work> packages are kept back when they introduce new packages?
<Fenix|work> (or remove packages)
<Mez> Fenix|work, yeah...
<Fenix|work> any idea on how to discover which packages they introduce or remove?
<Mez> Fenix|work, sudo apt-get -s dist-upgrade
<Fenix|work> libdns35 is new
<Fenix|work> okie dokie, thanks for the info
<Mez> Fenix|work, yeah, that'll be the new libversion for the fix
<Mez> np, glad to help Fenix|work
<Fenix|work> ok... back to overhauling some PHP code...
<Fenix|work> hey Mez, you over in ##php?
<Mez> yep
<Fenix|work> Mez, ok, I'll bug ya there
<dusty_> jmedina, what do you think now of the new soa times, that ok ?
<dusty_> http://www.intodns.com/stoned-hacker.co.uk
<jmedina> dusty_: I always use http://verde.e-compugraf.com/jm-confs/bind9/db.ejemplo.com.zone-EXTENDIDA.txt
<dusty_> thats what i used
<dusty_> by the way, what does this mean : Different autonomous systems  	WARNING: Single point of failure
<jmedina> because probably your nameservers are in the same location
<jmedina> same link, same power
<dusty_> jmedina, also the last blue icon on the output of intodns.com what does that mean, about the www record, why is that bad?
<jmedina> there is a single point of failure
<dusty_> what about the www record ?
<jmedina> dusty_: it is not bad
<jmedina> it justs informative
<dusty_> thanks
<dusty_> thanks very very much for the help
<jmedina> dusty_: good
<Mez> SPoF==bad
<dusty_> Oh yeah, before I go any last suggestions/advice ? (i'm lookin into the rate limiting of connections to ssh, change default port, fail2ban/denyhosts), checked dns config ?
<Mez> dusty_, "rate limiting"?
<uvirtbot`> New bug: #257667 in openldap (main) "wrong permissions to access ldapi" [Undecided,New] https://launchpad.net/bugs/257667
<Mez> dusty_, f2b works well for what you're on about... and changing the default port
<Mez> if you REALLY wanna be uber though - look into port knocking
<dusty_> Yeah i've seen that, its not practical, as I access the server from many places and I sometime access it from window environment, with no permission to install software (Work) so i wouldn't be able to install the software required to send the special packet to open to port.
<jmedina> what about a PHPSHELL? jeje just kidding
<kirkland> kees: ping
<Fenix|work> Where do I find the mysql error logs?  /var/log/messages?
<jmedina> mysql.err
<jmedina>  /varlog/mysql.err
<Fenix|work> /var/log/mysql.err is empty
<jmedina> then mysqld is not configured to log
<Fenix|work> yet mysql won't start
<jmedina> where you got more info
<jmedina> http://dev.mysql.com/doc/refman/5.0/en/log-files.html
<jmedina> mmm
<jmedina> why dont you start it by hand?
<Fenix|work> ok, I rebooted and it started
<poningru> ...
<poningru> Fenix|work, /etc/init.d/mysqld restart
<poningru> in linux you dont reboot
<jmedina> only when compiz crash your system
<jmedina> ;P
<Fenix|work> poningru, I'd love to say something derogatory and somewhat funny but I'll refrain :)
<poningru> in soviet russia linux reboots you?
<Fenix|work> /etc/init.d /mysql restart didn't work at all, kept dying... hence the reboot trick which incidentally worked.
<poningru> wtf weird
<poningru> what did it say?
<poningru> it should have said why it was dying
<Fenix|work> besides fail, nothing
<Fenix|work> I was getting a kernel message about mysqld.sock ... but nothing from mysql
<poningru> what did that say?
<poningru> was there a socket creation error?
<Fenix|work> poningru,  kernel: [1053396.176660] audit(1218651725.013:10): type=1503 operation="inode_mknod" requested_mask="w::" denied_mask="w::" name="/var/chroot/var/run/mysqld/mysqld.sock" pid=8013 profile="/usr/sbin/mysqld" namespace="default"
<poningru> huh that is odd
<jmedina> Fenix|work: apparmor running?
<jmedina> or selinux?
<jmedina> Fenix|work: did you chrooted mysqld by hand?
<Fenix|work> I'm chrooting my entire apache environment and I did it by hand
<jmedina> what about selinux/apparmor
<Fenix|work> neither
<jmedina> mmm
<Fenix|work> Hmmm... if I connect using the loopback address I can eliminate the need to have the socket available through the jail root
<Fenix|work> that saves a headache
<jmedina> yeap that is much better
<jmedina> and my.cnf by default binds to 127.0.0.1
<uvirtbot`> New bug: #257682 in bind9 (main) "dig compiled without -DDIG_SIGCHASE!" [Undecided,New] https://launchpad.net/bugs/257682
<dusty_> hey jmedina http://rafb.net/p/FucSMY32.html what do you think about those ?
 * sommer wants a stock ticker displayed when logging into servers... heeeh
<dusty_> anyone good with iptables ?
<dusty_> Could you check out: http://rafb.net/p/FucSMY32.html and give me opinions/comments/advice ?
<jmedina> I always put my OUTPUT to REJECT and INPUT
<jmedina> and open only the ports I want to reach
<jmedina> my policy is REJECTo DROP, and then the exceptions (rules) open ports I the server needs
<dusty_> yeah i know that, what do you think to my ruleset though, specifically /
<dusty_> ?
<dusty_> i only interested in 22 53
<jmedina> I would open udp/53 only to your slave servers, or user allow-transfers { ip.slave.server}; in you zone definition
<jmedina> I meant TCP/53
<jmedina> udp open for any
<_ruben> tcp/53 is also used for 'normal' dns stuff
<_ruben> large answers will use tcp instead of udp
<jmedina> _ruben: any reference for that?
<dusty_> jmedina, i do have allow-transfers, but if i restrict port 53 udp to my slaves then queries wouldnt get through ?
<_ruben> jmedina: nothing concrete from top of my head .. do have a book on dns/bind at work .. afaik any dns packet above a specific given type will be tcp instead of udp
<kirkland> kees: would you review/sponsor the patch attached to https://bugs.launchpad.net/ubuntu/+source/mdadm/+bug/257568 when you get a chance?
<uvirtbot`> Launchpad bug 257568 in mdadm "degraded raid boot process should interactively prompt user before dropping to recovery shell" [Wishlist,In progress]
<ScottK> kirkland: Don't forget Main is frozen until after the Alpha release (plus kees is at Debconf).
<kirkland> ScottK: understood on both counts; however, kees has been helping/sponsoring these grub issues.
<ScottK> Right, just wanted to make sure you had reasonable expectations.
<dusty_> http://rafb.net/p/61SvtD29.html Is that the correct way to log using iotables ?
<jmedina> dusty_: yeap
#ubuntu-server 2008-08-14
<Sylphid> I have a 1U server I just bought but the wife is complaining bout the noise from the fans ... how can i modify fan speeds?
<J_5> lolz,  darn wife's
 * Sylphid nods
<J_5> fans, for the power supply? cpu? or all
<Sylphid> theres 4-5 chassis fans those are the main ones
<Sylphid> i dont wanna mess with the cpu fan if i can help it and its only a small PS fan so it cant be making to much noise
<J_5> hmm, im stumped on adjusting the thoes to. all i can find is how to adjust the CPU :(
<Sylphid> ugh... might have do disconnect 1 or 2 of em
<J_5> http://ubuntuforums.org/tags.php?tag=fan+speed
<J_5> is what im searching...if that helps
<jmedina> Sylphid: go put your 1U in the basement and plug a wifi card
<jmedina> :P
<jmedina> put it under the bed doesnt help
<Sylphid> aww then i cant use my gig E
<J_5> well, then, just put your wife in the basement :0
<jmedina> is it going to stay at home that server?
<jmedina> or yous temporaly while setup?
<Sylphid> depends on if my employer lets me colo for free =D
<Sylphid> right now im anticipating that it will prolly stay at home
 * jmedina thinks there is nothing better than working aside form a 2U rack with lots of fans under presure :P
 * Sylphid wishes his wife felt the same
<Sylphid> i got 3 cisco's i cant turn on unless i need em cuz of the noise....
<Sylphid> i love my desk =D 1 lappy , 3x desktops and a 1U server on a kvm and a rack with 3 cisco devices in it
<J_5> =D. if only your other half shared that love
<jmedina> I bet your wife doesnt loves your the same...
<J_5> still searching...i can find anything on adjusting the fans. only thing i locate is CPU fans and such
<J_5> cant*
<jmedina> does that mobo even support it?
<Sylphid> should ... it has 3 settings in bios... but even the lowest is "to loud"
<Sylphid> mobo is a PDSMi if that helps
<J_5> oh, so you are able to set then in the bios?
<J_5> them*
<Sylphid> not manually
<Sylphid> all i can do is select full speed server or workstation
<Sylphid> workstation being the slowest but its apparently still to loud
<Sylphid> gonna try updating bios ... well see
<kirkland> kees: i do have an mdadm patch awaiting sponsorship, though
<ScottK> nxvl: I don't think your real problem is libtool.
<ScottK> nxvl: If I give you a hint, would you take another shot at it?
<nxvl> ScottK: yeah
<nxvl> for sure
<ScottK> nxvl: If the package fails because you need to relibtoolize, how come the debian package will build on Ubuntu?
<nxvl> it actually doesn't even build on experimental
<nxvl> i tried that
<nxvl> (the debian package)
<ScottK> I just built the Debian package on my Intrepid pbuilder and the Ubuntu package failed in my Sid pbuilder.
<ScottK> Let me attach my diff to the bug (I found a few more things that needed changing.
<nxvl> let my tried
<nxvl> but that's odd
<nxvl> since i loged in into my experimental pbuilder downloaded the source
<nxvl> and then tried to build it using debuild
<nxvl> and it failed with the same error
<ScottK> My diff is in the bug
<ScottK> Actually I got it backwards.
<ScottK> My diff builds on Sid, but not Intrepid.
<ScottK> The Debian revision fails on Intrepid.
<nxvl> the problem is that intrepid uses experimental libtool's version
<ScottK> There's one rules change in there about trying to avoid parallel builds.  You may want to look into the (I don't think I specified it correctly)
<nxvl> and sid the same as hardy
<ScottK> Ah.
<ScottK> I see.
<nxvl> yep
<nxvl> same error with the original debian pcakage
<ScottK> Argh.
<ScottK> OK.
<J_5> is there something i can install to tell me what files have been changed? for security
<tacone> J_5: have you searched synaptic for "files changed" ?
<J_5> no.can i search via the command line?
<tacone> I have no first hand experience, but I guess "fileschanged" ora "aide" packages could help you
<J_5> ok,thanks
<tacone> np
<lukehasnoname> attn everyone: I will mail $20 to the first person to publish a book on KVM: Installation, getting guests up and running, saving/loading machines, advanced features and tasks, and available graphical tools to manage virtual servers, like virt-manager, oVirt, enomalism. Also cover vm-builder, p2v (or similar tool), plug Ubuntu JeOS.
<lukehasnoname> You could release it like "Dive into Python": Under the FDL but get it published by Apress or No Starch or O'Reilly
<sommer> there's no book better than experience
<nxvl> sommer: that is SO true
<lukehasnoname> they're called 'guides' for a reason
<sommer> man is short of manual :)
<nxvl> ubuntu-vm-builder is an awesome tool for kvm
<sommer> and I'd be willing to bet that when such a book is released it'll be more like $40-$50... just fyi
<lukehasnoname> I'm not going to argue the merit of books in helping people learn topics. They're helpful. And without good, clear, detailed, (prevalent) documentation, KVM will not be as useful to as many people
<lukehasnoname> and sommer I know, that's why I don't buy books that often.
<sommer> I don't disagree, but KVM is relatively new and has a rapid pace of development, which means it may be a while... at least IMHO
<sommer> in the mean time trying stuff out in a test environment is the best way to learn... from my experience :)
<lukehasnoname> which is what I plan do much more of beginning next week
 * nxvl waves on sommer 
<sommer> nxvl: I try enlighten, I try... heh
<nxvl> :D
<lukehasnoname> next week I'm going to be back in my dorm for a week before school starts and I'm going to set up an Ubuntu/KVM machine, then load up a FreeBSD/Xen machine, then maybe an ESXi machine, and see which one I find easiest/fastest, etc. based on completely unscientific methods.
<sommer> lukehasnoname: that's cool, you should blog about your results
<lukehasnoname> I don't have a blag
<sommer> but it'll be more scientific if you publish :(
 * nealmcb arrives home after 3.5 weeks :)
<lukehasnoname> hi nealmcb
<nealmcb> lukehasnoname: howdy!
<lukehasnoname> sommer, link me up or tell me some commands on testing disk speed and CPU usage of virtual machines with those hypervisors and I'll use a scientific method. <_< Or I'll look it up myself some time.
<sommer> lukehasnoname: only one I can think of off hand is hdparm... never tested it in a vm myself though
<To1> hello - I was wondering how to solve an apt-get which complains about dependencies ?
<lukehasnoname> details
<To1> lukehasnoname: its in the opsview-users mailing list "Installation troubles"
<To1> mm sory thought it was #opsview here lol
<lukehasnoname> heh.
<To1> I cant even completely remove it from linux
<To1> tried sudo dpkg âremove âforce-depends âforce-remove-reinstreq
<To1> --purge and all
<To1> yet apt-get install -f still tries to install it
<mdadmfrusterated> hey everyone.i am really having trouble with setting up a raid. im trying to use mdadm and now i have a lot of extra stuff "md0p1-md0p4" so i have 2 hard drives and both are 750gb and i just want to make a raid 0
<mdadmfrusterated> and i am trying to make it all ntfs
<hads> Umm. NTFS?
<mdadmfrusterated> well its a file server for a windows network
<mdadmfrusterated>  mdadm --detail /dev/md0 shows that its doing ok but now im worried about the md0p4 stuff
<mdadmfrusterated> and when i go to parted i get the following message when i try to "print all" "Error: Unable to open /dev/sda - unrecognised disk label.
<mdadmfrusterated> "
<mdadmfrusterated> and that is scary because sda is one of the drives making up the raid
<hads> Jut because you're serving a Windows network doesn't mean you need to use NTFS on the server. That's where Samba comes in.
<mdadmfrusterated> but i want the fiel speed to go as fast as possible thats why im excited to utilize ntfs-3g
<hads> Use ext3 or JFS or XFS
<mdadmfrusterated> well filesystem aside whats up with the md0p4 stuff? should i worry about the disk label thing?
<mdadmfrusterated> hads: well even if i decide to use ext3... which would possibly work for me here i still need to lay out my drives and partitions first..
<lukehasnoname> sommer, a gift for you http://tinyurl.com/sommer1
<kraut> moin
<lukehasnoname> morning
<Ontolog> Some things I'm not sure how to do from the command line. Now that I am using Ubuntu Server I am a little lost. How do I change the Software Sources stuff from the cli?
<soren> Look in /etc/apt/sources.list
<Ontolog> I have to change all that shit by hand?
<soren> How would I know?
<_ruben> find and replace ftw! :p
<soren> What are you trying to do?
<Ontolog> i want to set the mirror to the finland ones
<soren> And what's it pointing at now?
<Ontolog> can I just copy this sources.list from another box that has the correct setup?
<soren> Sure.
<Ontolog> now it's pointing at the HK ones
<_ruben> if its same version, yes
<Ontolog> my other box is desktop
<_ruben> version as in hardy/gutsy/etc
<Ontolog> but both are 8.04
<soren> sed -ie 's/hk.archive.ubuntu/fi.archive.ubuntu/g' /etc/apt/sources.list
<Ontolog> ok
<_ruben> with a sudo in front ;)
<Ontolog> haha but that doesn't setup which lists i want
<Ontolog> i also want restricted stuff
<_ruben> then copying over from other box is easiest
<_ruben> might wanna make a backup of ur current sources.list in case smth breaks
<soren> Ontolog: I don't mean to be offensive, but if something as simple as changing your sources.list makes you react this way, you're in for a rough, rough ride with Ubuntu server.
<Ontolog> yeah i learned ubuntu starting with desktop
<Ontolog> i have no idea how it's all structured underneath the gui
<Ontolog> i'm trying to run: apt-get update
<Ontolog> but i get loads of  Bad header line errors
<soren> Well, that's fair enough. We've all been there at some point.
<soren> I'm just saying that if modifying sources.list makes you exclaim "I have to change all that shit by hand?", pretty much everything else you're going to need to do on that server is going to be no fun at all.
<Ontolog> i see, i just didn't realize all the URIs were the same
<lukehasnoname> when will compiz be ready for the grub menu?
<lukehasnoname> >_>
<Ontolog> what's up with all this bad header line stuff?
<Ontolog> what does it mean?
<Ontolog> anyone?
 * _ruben wonders how compiz/grub/ubuntu-server relate to eachother
<_ruben> Ontolog: whats the exact error you get?
<Ontolog> Bad header line
<Ontolog> i'll paste the entire thing if you want
<_ruben> please do, to a pastebin ofcourse :)
<Ontolog> http://pastebin.com/d59eda2c
<lukehasnoname> _ruben, don't worry about it
<_ruben> Ontolog: pastebin your sources.list as well
<Ontolog> i have tried several sources.list files all the same result
<Ontolog> http://pastebin.com/d41f94ab6
<Ontolog> i have also tried with the hk and fi mirrors
<_ruben> hmm .. are you behind some kind of proxy perhaps?
<Ontolog> no
<Ontolog> shouldn't be
<Ontolog> i have no problem on my laptop
<Ontolog> just on new installations i have this problem
<Ontolog> pita
<Ontolog> fuck fuck fuck
<lukehasnoname> rofl
<hads> !language
<ubottu> Please watch your language and topic to help keep this channel family friendly.
<Ontolog> yes yes I know the problem
<Ontolog> my ducking lovely IT department
<Ontolog> putting the HTTP firewall up against machines in the server room
<Ontolog> DUCKING MORONS
<\sh> which is a very good idea
<Ontolog> no
<Ontolog> it's retarded
<Ontolog>  because you need a web browser to "log in" to the firewall
<Ontolog> obviously you can't do that with a server (that has no GUI installed and such)
<\sh> Ontolog: well, you shouldn't have a server in your office network...but apt knows very well to use a proxy server
<Ontolog> exactly, we shouldn't have the server on our office network
<Ontolog> when they were assigning the IP address
<Ontolog> they asked me what's the IP of my desktop machine
<Ontolog> ducking retards
<hads> Do we have an !attitude?
<Ontolog> haha
<Ontolog> yes I do have an
<Ontolog> !attitude
<ubottu> The people here are volunteers, your attitude should reflect that. Answers are not always available. See http://wiki.ubuntu.com/IrcGuidelines
<Ontolog> not appropriate, i have an attitude against those i work with not against those in the channel
<\sh> Ontolog: I think it's better you go to your it department and discuss your company policy with them...your problem is definitly not solvable by us...please ask your sysadmin to help you
<Ontolog> haha yes I know that
<Ontolog> thanks
<Ontolog> i am just complaining
<Ontolog> not seeking you folks to solve retardation in my IT department
<\sh> well, as most of us are working here as sysadmins I'll take that as a compliment that the IT people actually did something right...
<dusty_> Anyone with experience using iptables module recent, could you explain this to me: http://rafb.net/p/XGD4zc77.html I am trying to figure it out, how long does an ip stay in the blacklist for ?
<Ontolog> Trust me, any of the people in my IT department would never be found in an IRC channel
<Ontolog> They don't even know what IRC is
<Ontolog> (not joking)
 * lukehasnoname is away: sleep
<edmoore> I asked yesterday about putting a gui (ubuntu-desktop) on my server for occassional desktop use - electronics hobby related stuff, mainly - and was linked to the ubuntu wiki that first warned me how dodgy it was for servers and how it'll add crap you don't need. I'd still find it useful for the occassional use - maybe a couple of times a month. Is there a way to completely sandbox the GUI part? Not have it start normally, but instead ha
<_ruben> edmoore: why not do stuff that requires a gui on a/your workstation?
<edmoore> good question - I have a mac and the tools are linux based, but i could still virtualise. However, being electronics development, it invariabley requires ye olde serial ports and parallel ports, which my server mobo does have, but my macbook doesn't
<_ruben> ic
<edmoore> that said, I will investigate squirting stuff over ethernet and having the server do the actual comms bit, and maybe forward it to my mac
<edmoore> but I am green with all this linux stuff, so I'm not sure how possible that is
<edmoore> and maybe the server could also do the compiling for the fpga too.
<_ruben> the only "sandboxing" solution i can come up with is the (in your case not-usefull) virtualization approach
<edmoore> well I dont necessarily need sandbox, I guess I was wondering if it is equivalent to just start and stop the gnome stuff as I use it/finish with it
<edmoore> and once I finish it, for any of the associated insecurities of cpu-cycle-munching bits to go away with it
<edmoore> insecurities or*
<exalt__> hello, what you think guys to backup my HD into another HD inside the same box
<Kamping_Kaiser> can you rephrase that?
<micheluntu> exalt__: if you want the exact copy you could use dd
<micheluntu> exalt__: otherwise you can do it with rsync
<exalt__> maybe rsync better .. cause dd will kill my box
<micheluntu> I'm trying to find where asterisk package searches for sound files, somebody knows?
<_ruben> micheluntu: /usr/share/asterisk/sounds and/or /usr/local/share/asterisk/sounds it seems
<micheluntu> _ruben: me too... but: file.c:871 ast_streamfile: Unable to open were-sorry (format 0x100 (g729)): No such file or directory
<micheluntu> _ruben: http://pastebin.ubuntu.com/37380/
<micheluntu> I was going crazy with keys directory... In all documents I found asterisk looks for keys in /var/lib/asterisk/keys..
<micheluntu> in ubuntu searchs only in /usr/share/asterisk/keys ...
<_ruben> my collegue is our asterisk expert, but he's on vacation atm .. only know the very basics myself
<micheluntu> _ruben: you run asterisk on ubuntu-server?
<_ruben> yes (migrated it off an fedore box like 1-2 weeks ago)
<micheluntu> _ruben: I think it could be a good idea to create a ubuntu-server-voip group
<micheluntu> to promote asterisk on ubuntu
<hads> From memory Asterisk will warn for files that don't exist while it's looking for different formats.
<micheluntu> hads: ah.. maybe asterisk expects no .gsm codecs ?
<hads> It's looking for g729 sounds files there which you quite possibly don't have. It should fall back to some other format.
<micheluntu> hads: yes it is on the upper warning... Unable to find a codec translation path from g729 to gsm :-(
<hads> You don't have g729 licenses?
<hads> If you want to transcode from/to g729 you need a license.
<micheluntu> hads: no i don't. I'll try to use another codec
<hads> From memory it's 'show translation' or something from the Asterisk CLI
<hads> That will show you what you can use.
<hads> If you're on a LAN go for g711
<micheluntu> fine now command is ï»¿core show translations
<micheluntu> no, g723 isn't supported
<hads> Yah, I haven't used Asterisk for a while, they've change a bit in that time.
<hads> Are you on a LAN or WAN?
<micheluntu> hads: now i'm on a lan
<hads> Use g711 then
<hads> alaw/ulaw
<micheluntu> ok
<hads> That's the highest quality you'll get without going wideband.
<micheluntu> ok done
<micheluntu> you are great! works!!
<hads> Cool, easy fix :)
<micheluntu> and the dir is:
<micheluntu> /usr/share/asterisk/sounds
<_ruben> yay! ;)
<hads> Sounds about right
<hads> Like _ruben said :)
<micheluntu> _ruben: about your architecture, how many asterisk do you have?
<hads> If you're just starting out you should take the time to look into FreeSWITCH - it's really very nice.
<_ruben> just one .. well .. 2 .. one active, one cold standby
<micheluntu> hads: usually we use trixbox
<_ruben> hooked up to a isdn15 i think .. and roughly 100 sip clients
<micheluntu> and it works fine for several clients
<micheluntu> now a big client asked us for a very complicated project
<_ruben> been looking into trixbox and the likes for home use .. but dont really have to the time figure out all the details (concerning the trunks and stuff)
<hads> Asterisk is scary
<micheluntu> hads: yes... but is there something else?
<hads> 22:00:31 < hads> If you're just starting out you should take the time to look into FreeSWITCH - it's really very nice.
<micheluntu> ah sorry I think it was an asterisk interface
<hads> Ah no, it's a competing product.
<byte_slave> hello everyone!
<byte_slave> weird situation here: in crontab i've 1 bash script that just runs fine just after i've other entry pointing to an perl script. both were set as executable files, why perl doesn't run and the other does.... regarding syslog no error appears. if i run that perl script from command line works fine
<byte_slave> anything i'm missing?
<micheluntu> byte_slave: path?
<byte_slave> of that script?
<`6og> byte_slave, is the perl script in crons path
<micheluntu> byte_slave: maybe I don't understand, pastebin crontab
<byte_slave> ok
<hads> And make sure shebang is correct
<byte_slave> http://pastebin.com/dda0c9b6
<byte_slave> yeap she bang is ok. shebang = #!/usr/bin/perl -w
<hads> And file is executable?
<byte_slave> yes file = chmod +x
<hads> Odd. Have you tried doing a `sudo -i` and then trying to run the script?
<byte_slave> the script runs fine from commandline
<micheluntu> try running: sudo sh -c /root/scripts/est_disk_space_monitor.pl
<byte_slave> ok, ill do that
<byte_slave> micheluntu, in command line runs ok but via cron no luck :(
<micheluntu> ok, now we'll see why
<micheluntu> byte_slave: see here http://pastebin.com/d373cebe i'll come back in few minuts, now i'm going to eat something..
<byte_slave> micheluntu, sure dont be starved bc of me! thanks ill check it out ;)
<byte_slave> micheluntu, FYI that script doesn't produce any output - it sends an email only. The pastebin solution you gave me seems that doesn't work
<byte_slave> :(
<micheluntu> byte_slave: ï»¿is the email emtpy?
<devius> i just wanted to ask if i should update my hardy heron alpha release via internet or download and make a new installation
<lamont> ScottK: sorry - I got distracted a little by <20080814120528.AE0611F3EA0@spike.porcupine.org>
<lamont> I'll get your feedback today
<lamont> rather I'll get you feedback today
<byte_slave> micheluntu, im back sorry...i has to eat something as well ;)
<uvirtbot`> New bug: #241142 in samba (main) "cannot access network shares on a local-only connection" [Undecided,Incomplete] https://launchpad.net/bugs/241142
<byte_slave> micheluntu, email empty? you mean the mail box? sure... it is, when i execute the command manually i receive the mail with no prob.... only cron couldn't execute the job
<micheluntu> byte_slave: so /tmp/est_disk_space_monitor.log is empty?
<byte_slave> yap
<byte_slave> but im not printing anything from inside the perl script file
<micheluntu> byte_slave: yes..sorry  I forget a "little" piece..
<byte_slave> and what is that little piece?
<micheluntu> byte_slave: http://pastebin.ubuntu.com/37414/
<byte_slave> micheluntu, stills nopt working.... never thought that would be that hard...
<micheluntu> and the /tmp/xxx.log is still empty?
<uvirtbot`> New bug: #257893 in postfix (main) "Please sync postfix 2.5.2-2 (main) from Debian unstable (main)." [Wishlist,Confirmed] https://launchpad.net/bugs/257893
<uvirtbot`> New bug: #257892 in php5 (main) "PHP (Cli) generates invalid output when it exceeds 4kB" [Undecided,New] https://launchpad.net/bugs/257892
<lamont> gar
<lamont> dear requestsync: please let me edit the subject of the bug before submittal as well.
<lamont> there.  title of Bug#257893 fix0red
<byte_slave> micheluntu, nope
<byte_slave> it has this http://pastebin.ubuntu.com/37427
<trakinas> hi all! Im having problems with a cronjob which is loaded but not being executed
<trakinas> if any one can help me, id be glad.
<trakinas> *anyone
<byte_slave> pastebin the cron and script entry plz
<trakinas> byte_slave: sorry for the delay. I was busy with other things. here it is: http://pastebin.us/?show=d38a8c2d
<[yzf600]> howdy
<[yzf600]> I've got group issues when using LDAP and local files
<[yzf600]> I have an ubuntu client, connected to an LDAP server
<[yzf600]> the LDAP server config has been changed to remove me from some groups
<[yzf600]> problem is, any terminals I run under gnome still show me being a member of the old groups
<[yzf600]> if I login via text console (ctl-alt-f1), the groups show up correctly
<[yzf600]> I even re-booted and the old group memberships still show up
<[yzf600]> is there some sort of groups cache somehwere  >
<uvirtbot`> New bug: #257909 in bind9 (main) "bind9 doesn't bind to IPv6 interfaces" [Undecided,New] https://launchpad.net/bugs/257909
<jazzkutya> i've zeroed out raid superblocks with mdadm --zero-superblock after booting with init=/bin/sh rw. now boot stops at "Begin: Starting up RAIDs. Please wait, the process may take a long time!"
<jazzkutya> how can i resolve this and remove raid completely?
<jazzkutya> it were raid1 arrays, i want to separate the 2 drives. currently only one drive in the pc
<jazzkutya> boot stops here even when booting with noinitrd init=/bin/sh rw
<jazzkutya> how can i disable initramfs on booting?
<symtab> hello
<symtab> in ubuntu /etc/fstab is not the same as in other distributions
<symtab> will the old mounting work?
<symtab> or only based on UUID?
<jazzkutya> on ubuntu you can use either uuid or /dev/sdX, both will work
<symtab> ok
<symtab> thanks
<Fenix|work> Greetings
<Fenix|work> I'm setting up a secondary IP address on a single homed box... I've modified interfaces and added auto eth0:1 and the appropriate iface eth0:1 inet static and entered in an address, netmask and gateway...
<Fenix|work> ... when I restart the networking process I get a SIOCSIFFLAGS: Cannot assign requested address       [ OK ]
<Fenix|work> everything appears to work, as I can ping the new address... but I'm not sure if everything is alright.
<Fenix|work> what can I do to check
<Fenix|work> Is there a Gutsy to Hardy upgrade doc?
<Fenix|work> or is it stupid simple?
<leonel> Fenix|work: http://www.ubuntu.com/getubuntu/upgrading  <-- if you have all updated   a     do-release-upgrade  will do ..
 * delcoyote hi
<kirkland> mathiaz: ping
<mathiaz> kirkland: howdy ! :)
<kirkland> mathiaz: dendrobates pointed me to you for a package review
<kirkland> mathiaz: i suppose we should move this over to #ubuntu-motu
<byte_slave> exit
<byte_slave> exit
<Fenix|work> I seem to have a bit of a problem... running do-release-upgrade, I appear to be stuck on 'Generating locales...'
<Fenix|work> anyone awake?
<slicslak> just us bots!
<Fenix|work> nice
<Mez> Fenix|work, that can sometimes take time... just let it ride...
<Goosemoose> hi guys
<Goosemoose> anyone installed ubuntu in a hyper-v virtual machine before?
<Goosemoose> i have it installed but can't seem to get a network connection
<Fenix|work> Mez, 13343 pts/1    R+    36:28 localedef --no-archive --magic=20051014 -i en_CA -c -f UTF-8 en_CA.UTF-8
<Mez> Fenix|work, R+ means it's running...
<Fenix|work> never seen is run for so long
<Fenix|work> 40 minutes now
<Fenix|work> Mez, any way I can verify that it is indeed running?
<Mez> the R+ says it is...
<Fenix|work> I've found bugs...
<Fenix|work> bug 249340
<uvirtbot`> Launchpad bug 249340 in linux-source-2.6.22 "Gutsy->Hardy upgrade hangs in localedef" [High,In progress] https://launchpad.net/bugs/249340
<Fenix|work> Maz, I think there is something wrong... 64 minutes @ 100% CPU.  That can't be normal.
<nxvl> kirkland: i'm shocked about persia's comment
<nxvl> :S
<edmoore> trying to set up a wireless point as per https://help.ubuntu.com/community/WifiDocs/WirelessAccessPoint
<edmoore> however, when I get to 'sudo echo 1 > /proc/sys/net/ipv4/ip_forward'
<edmoore> I get permission denied
<edmoore> any ideas?
<sommer> edmoore: try sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
<edmoore> seem to not be able to log int through ssh after restart
<edmoore> might have broken it somehow
<lamont> ScottK: and 2937 is a bug that only exists if you have an insanely stupid config (/var/mail mode 1777)
<Fenix|work> how do I install an unstable debian package?
<jmedina> Fenix|work: dpkg?
<jmedina> Fenix|work: which package?
<Fenix|work> libapache2-mod-xmlrpc2
<jmedina> isnt it in intrepid?
<jmedina> I guess you want to install it in hardy
<Fenix|work> the 8.04 version doesn't work (see bug 157424), so the recommendation is the unstable version
<Fenix|work> bug 157424
<uvirtbot`> Fenix|work: Error: Could not parse data returned by Launchpad: The read operation timed out
<uvirtbot`> Launchpad bug 157424 in libapache2-mod-xmlrpc2 "mod_xmlrpc.so: undefined symbol: xmlrpc_registry_new" [Undecided,Confirmed] https://launchpad.net/bugs/157424
<Fenix|work> jmedina, yes, in hardy :)
<Fenix|work> but I have no clue on unstable packages
<Fenix|work> I just download the unstable one from debian and use dpkg?
<jmedina> if nothing bracks, you can download the package and installit
<jmedina> previos backup of coure
<Fenix|work> where do I find the unstable version?
<jmedina> packages.debian.org
<Fenix|work> how do I find out the version I'm currently running?
<jmedina> dpkg -l | grep libapache-mod-xmlrpc2
<gopatwork> what a good backup tool for ubuntu server
<gopatwork> that will do differtianals
<gopatwork> !backup
<ubottu> There are many ways to back your system up. Here's a few: https://help.ubuntu.com/community/BackupYourSystem , https://help.ubuntu.com/community/DuplicityBackupHowto , https://wiki.ubuntu.com/HomeUserBackup , https://help.ubuntu.com/community/MondoMindi - See also !sbackup and !cloning
<jmedina> gopatwork: a really good one, I would recomend bacula
<jmedina> gopatwork: but it depends what you want to backup
<jmedina> I use bacula as a network backup solution
<jmedina> backuing up from freebsd, linux, windows, to har disk, tape and lately dvds
<gopatwork> backing linux apache server to terra station
<gopatwork> i.e. NAS
<jmedina> jeje, then you can use cp
<jmedina> :P
<jmedina> rsnapshot it is simple
<jmedina> rdiff
<gopatwork> but that won't create a image of the whole drive
<gopatwork> oh
<gopatwork> heheheh
<jmedina> nop
<jmedina> you never said that
<gopatwork> I want a recovery image, incase the system goes down
<gopatwork> that I can recover
<jmedina> mondo
#ubuntu-server 2008-08-15
<emgent> kirkland: ok ecryptfs sounds good, the only problem in ubuntu is if the X user change system password, true ?
<kirkland> emgent: nope
<kirkland> cat /etc/pam.d/common-password
<emgent> oh true..
<kirkland> emgent: ;-)
<emgent> password   optional	pam_ecryptfs.so
<emgent> hahah it`s perfect :)
<kirkland> emgent: however, it is currently not very easy to change the underlying mount passphrase
<kirkland> emgent: you'd have to mount two different directories, one with the existing data and existing password
<kirkland> emgent: and a second one with the new password
<kirkland> emgent: and copy the data from the old to the new
<kirkland> emgent: and then remove the old
<emgent> nods nods
<kirkland> emgent: that's not ideal....
<kirkland> emgent: but that's low on the priority list
<emgent> ok understand. nice :)
<tacone> hello, is there any standard location to store ssl certs to be used with apache2+ssl ?
<nxvl> tacone: https://help.ubuntu.com/8.04/serverguide/C/index.html
<ScottK> lamont: Thanks.  I'm back online now.
<nxvl> ScottK: you haven't been here all day?
<tacone> nxvl: what specifically ? etc/ssl ?
<nxvl> tacone: https://help.ubuntu.com/8.04/serverguide/C/httpd.html
<ScottK> nxvl: Nope.  Left about 14 hours ago.
<nxvl> at the bottom of the guide
<tacone> nxvl: I am already there.
<tacone> nxvl: is there any policy I can read ? would subdirectories tollerated for /etc/ssl ?
<nxvl> tacone: not that i know, but that's the official ubuntu server guide
<nxvl> ScottK: mmm enought time to don't know about what i was asking
<nxvl> ScottK: i will wait until you get to it
<nxvl> :D
<tacone> nxvl: I am asking because we are putting in place a wizard to set SSL certs on apache2 in our software. that's why I need feedback on which solution would be optimal
<nxvl> tacone: that's what i thought
<tacone> ok
<nxvl> tacone: i would find a good way to do it putting them into private/ and certs/ naming the certificates with the hostname or some part of it
<tacone> nxvl: the help page miss an useful information. I'd add it but seems non-editable
<nxvl> tacone: talk to sommer
<nxvl> tacone: he's our documentation leader
<tacone> nxvl: do you have his email ?
<nxvl> sommer: ping
<nxvl> tacone: https://edge.launchpad.net/~asommer
<ScottK> Yeah!  Only 280 new emails since I was last at my desk.
<ScottK> Almost forgot ...
<nxvl> ScottK: i can't imagine dholbach's inbox after his 3 week holidays
<ScottK> nxvl: Congratulations.
<nxvl> ScottK: thank you!
<nxvl> you get into it!
<nxvl> :D
<nxvl> got*
<tacone> thanks nxvl, ~sommer doesn't seemed to be the right username :)
<sommer> nxvl: yo
 * sommer reading backlog
<sommer> tacone: you wanted to add something to the docs?
<tacone> yes
<tacone> I was about to write you a mail
<tacone> there's a missing note for ssl config.
<sommer> for apache?
<tacone> https://help.ubuntu.com/8.04/serverguide/C/httpd.html
<sommer> what's missing?
<tacone> you need to convert NameVirtualHost to *.80 (not just *) and then convert any <virtualhost> to use port 80.
<tacone> surprisingly seems like even the default config (no user defined vhosts around) won't work with that.
<sommer> ah, ya that section needs some other updates... I'll add something about that
<tacone> sommer: that's valid only for hardy, not intrepid. intrepid shuold just work (haven't tried, but they seem to have adjusted)
<tacone> ok thanks
<sommer> tacone: ya, intrepid should have ssl by default
<sommer> tacone: thank you
<tacone> np
<abaqueiro> hello, I have this problem: I installed Ubuntu Server for sparc, I have 2 disk (hda, hdd) both with four partitions, the partitions 1Âº are only unused 8 Mb partitions, the partitions 2Âº are about 512 Mb, and I created a Raid1 device for the swap, the partitions 4Âº about 19Gb in both disk are for a RAID1 device, wich contain a ext3 filesystem (including /boot), ubuntu instalation was ok, until the instalation of silo, where it says there was an 
<abaqueiro> [S] instead of the [U_] that I expected
<abaqueiro> in the boot messages it says something about md0 stopped and md1 stopped and something about bind hda4
<abaqueiro> does anyone have and idea what can be happening???
<joebob777as7> i'm having some pretty poor network performance can someone give me a hand? it's about 1/10th the speed it runs in vista...
<abaqueiro> wireless?
<joebob777as7> sending a 3GB file only runs between 2 and 5mbps... and on vista it's over 20mbps
<joebob777as7> abaqueiro, wired
<joebob777as7> abaqueiro, i'm trying to stream some movies and they aren't working :(
<abaqueiro> could be the wireless driver, or the protocol you are using to transfer the movies
<joebob777as7> abaqueiro, it's wired
<joebob777as7> samba
<jmedina> joebob777as7: check the mode
<jmedina> ethtool eth0
<jmedina> for example
<joebob777as7> jmedina, http://pastebin.ca/1172438
<joebob777as7> jmedina, peaks at about 6 mbps
<jmedina> it is Half
<jmedina> #
<jmedina> Speed: 100Mb/s
<jmedina> #
<jmedina>         Duplex: Half
<joebob777as7> jmedina, how can I make it full?
<jmedina> try to change it to full
<jmedina> man ethtool
<jmedina> dont remember the param, but it is in the manpage
<joebob777as7> jmedina, will it interrupt my transfer if I try it now?
<jmedina> joebob777as7:  :S
<joebob777as7> jmedina, so I ran this: sudo ethtool -s eth1 duplex full speed 1000
<joebob777as7> and it is still half... :(
<jmedina> mmm what about the other side?
<jmedina> is there more hosts?
<jmedina> are
<joebob777as7> the other side is fine it's been tested in vista...
<jmedina> full speed 1000?
<joebob777as7> jmedina, well no it's only 100 but full 100
<jmedina> but did you type 1000 in the prompt?
<joebob777as7> yes
<joebob777as7> do I need to set it while it's running?
<joebob777as7> or before I start the transfer?
<jmedina> not sure
<jmedina> its been a long time since I used
<joebob777as7> jmedina, ok thx for pointing me in the right direction.
<jmedina> you can also try with mii-tool
<jmedina> joebob777as7: try this
<jmedina> ethtool -s eth0 speed 100 duplex full autoneg off
<kraut> moin
<mdz> I'm seeing an apparent deadlock between mutt and dovecot on Intrepid, which was working great until recently
<mdz> mutt is blocked reading from dovecot, and dovecot is just polling waiting for something to happen
<mdz> neither of them has changed recently, though
<mok0> mdz: ... rebooting doesn't help?
<mdz> mok0: I haven't tried rebooting, why?
<mdz> disconnecting from dovecot and reconnecting gets it working again for a while, then it gets stuck again
<mok0> Because it would remove zombie processes, dead socket files etc
<mok0> mdz: is dovecot running on a remote server?
<mdz> mok0: no, locally via a pipe (mutt's "set tunnel")
<mdz> and dovecot --exec-mail imap
<mok0> Hmm
<mdz> I'm going to try to get a trace of the imap conversation and see what's going wrong
<mok0> I stopped using mutt when we introduced dovecot...
<mok0> mutt sucks at imap
<mdz> mok0: what did you switch to?
<mok0> kmail
<mdz> it does a bit
<ivoks> mok0: fetch your mail with fetchmail then :)
<mok0> I used thunderbird for a while, but I prefer kmail
<mdz> it's very good at a number of other things, though
<mdz> I'm told thunderbird has good keyboard navigation now
<mok0> ivoks: I'm not that enamoured with mutt. I used it when I needed a local mail reader on the mail host.
<ivoks> as for GUI clients, claws just rules all of them
<mok0> ivoks: I run kubuntu, don't like the looks of GTK
<mok0> anyways, we're getting OT
<ivoks> right
<ivoks> mdz: have you tried with other clients?
<ivoks> telneting to port 143 would be enough...
<mdz> ivoks: I have run dovecot --exec-imap locally, and it talks to me
<mdz> it talks to mutt, too, until it goes bad
<mdz> it gets hung up immediately after mutt has saved a message to my sent folder
<mdz> mutt blocks there and never actually gives the message to sendmail to send it out
<mdz> I sent probably 50 messages through this same setup yesterday
<ivoks> sent folder is imap folder or local folder?
<mdz> ivoks: imap
<ivoks> you don't have access to dovecot's logs?
<ivoks> or even better, dovecot's configuration... it can provide very nice debuging logs
<zul> morning
<foolano> hi there
<michaelmon> hi guys! need help on this. were you able to set up raid 0 on three disks?
<michaelmon> thanks a lot!
<_ruben> raid0 .. yuck!
<Gothfunc> hi.  how do i make files and dirs created inherit the parent dir's group and permissions?
<sommer> Gothfunc: I believe the umask command may be what you're looking for
<sommer> Gothfunc: http://www.lockergnome.com/linux/2002/08/29/the-users-mask/   may be of help
<Gothfunc> i have that command in mind, but it seems to only affect the shell session.  reading the link now
<Gothfunc> sommer: if i wanted to apply that to any session for any user, how might i do that?
<sommer> Gothfunc: I think if you change the setting in /etc/skel/.profile it will be set for each session
<Gothfunc> gotcha
 * Gothfunc looks
<sommer> Gothfunc: at least there's an entry at the top :)
<Gothfunc> awesome, thanks sommer :)
<sommer> Gothfunc: np, it actually mentions the /etc/profile, you might want to take a look at that as weel
<sommer> /weel/well/g
<Gothfunc> ok
<Gothfunc> ok that works, with /etc/profile
<Gothfunc> but still lacking group inheritance
<Gothfunc> (with directories that are actually g+s)
<Gothfunc> it just assigns the group equal to the user
<Gothfunc> gothfunc/gothfunc
<Gothfunc> nevermind, got it
<Gothfunc> :P
<juannicolas> Hi, i don't know if my problems actually is ubuntu or my proftpd server, I need to transfer files that are more than 2 gigs and it would not let me.
<_ruben> juannicolas: could be a filesystem problem
<_ruben> but proftpd might be the prob too, if its not compiled with large file support
<juannicolas> _ruben  Im trying to transfer files more than 2 gig size between mandrake to ubuntu
<uvirtbot`> New bug: #258162 in postfix (main) "Postfix local privilege escalation via hardlinked symlinks" [Undecided,New] https://launchpad.net/bugs/258162
<lamont> I love people filing bugs that are fixed.  or have we not quite published it for -security, I wonder
<zul> lamont: its so much fun
<ScottK> lamont: I commented to that effect
<zul> lamont: kees is at debconf and jamie is on vacation afaik pitti is handling security
 * lamont smacks it into fix committed status with a comment
<ScottK> lamont: We have not quite published it.
<lamont> that's why it's committed, not released
<ScottK> Right, I typed that before I saw your last comment.
<ekimus> anyone already running slapd with a cn=config backend? I'm right now playing around with it (spare box was an etch and I didn't care to reinstall) but I'm having quite some problems but I'm not sure wether it's the ldap browser (apache directory studio) or wether it's indeed slapd.
<sommer> ekimus: I've started the documentation of it :)
<ekimus> sommer: is that public? is it a wiki? i could add my notes :)
<sommer> ekimus: basically rewriting the serverguide openldap section: https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html
<sommer> ekimus: I haven't commited my changes yet
<ekimus> hehe, always learning great things. I didn't even know about a serverguide in general. :)
<sommer> ekimus: if you want to send me your notes that's cool, I should have a commit ready by Sunday or Mondayish
<kirkland> zul: superm1 was asking last night about mysql-server's "recommends" on mailx
<sommer> ekimus: reviews of the serverguide is always appreciated :)
<zul> kirkland: what about it?
<kirkland> zul: if we thought it could be dropped to a 'suggests'
<kirkland> zul: lamont and ScottK had some good ideas about using a meta package, instead of specific MTA, like mailx
<zul> kirkland: propbably yeah it could
<lamont> kirkland: mailx is not an MTA
<kirkland> lamont: MUA, sorry
<ekimus> sommer: I will try to give it a review. But i can't quite promise not to mix in some debian stuff (although that would have to be _very_ special). in most cases one can still use debian docs for ubuntu and the other way around
<sommer> ekimus: they're usually pretty close... not sure what the status of the new cn=config changes are in debian though
<sommer> ekimus: that is the intrepid cn=config changes... I assume that's what you're testing, heh
<ekimus> sommer: is help.ubuntu.com maintained by canoncial. I can't find a login or discusion button.
<uvirtbot`> New bug: #258192 in dhcp3 (main) "problem with paths and binding to ldap server" [Undecided,New] https://launchpad.net/bugs/258192
<ekimus> sommer: actually I'm just getting used to to the ldap part itself right now. I just hackishly fixed the etch init script so that it doesn't choke on new style config
<sommer> ekimus: it's a community wiki, maintained by members of the ubuntu community... canonical does manage the servers
<sommer> ekimus: with intrepid slapd will use cn=config by default... which is why the docs need updated, it's a pretty big change :)
<ekimus> ahh nice. the openldap admin guide is talking about "old style" config also when they refer to the slapd.conf file.
<sommer> ekimus: ya, I've found that cn=config documentation isn't as prevelant as slapd.conf... but once you get understand which objects control what, and their attributes, it's not that bad
<ekimus> true, the nicest thing about it is no restarts for acl changes. the bad thing is... you can lock yourself out _a lot_ easier :)
<sommer> ekimus: heheh... haven't done that yet, but I'm sure it'll happen sooner or later
<sommer> it's also very cool for updated indexes and adding schemas
<ekimus> yeah i just did dad with loading the dynlist overlay and adding a schema (actually just converted the dynlist schema) and configured dynamic groups for just a single backend. very nice
<ekimus> ok going for my break now
<edmoore> hi everyone. So are there less evil options than installing gnome-desktop if I want to occassionally use a gui ap, sometimes on a monitor, sometimes over vnc?
<ekimus> edmoore: sure just use only xorg and the apps you want (although you'll end up with all the gnome and qt stuff anyway after some time)
<ekimus> edmoore: or use tools that connect to an IP and tunnel thru ssh or some vpn
<edmoore> second option sounds better. Would dearly like to avoid clogging this box up with crap
<ekimus> what kind of gui programs are you talking about? db management stuff, gparted (only local), ....?
<ekimus> hmmm is there an OID to use for private usage, like everyone that knows this objectclass will never leave the organization should use OID 1.1.2.2.1
<uvirtbot`> New bug: #258353 in bacula (universe) "package bacula-director-pgsql 2.4.2-1ubuntu2 failed to install/upgrade: Unterprozess post-installation script gab den Fehlerwert 2 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/258353
<leonel>  intrepid  feature freeze is on 18 aug .. that means  no more new packages right ?
<leonel> so ...  no django 1.0 in intrepid ..  it get released on sept 2 ..
<sommer> leonel: it's actually on the 28th... it's just number 18 in the list
<sommer> at least that's the way I read the table :)
<leonel> right .. but no  django 1.0  for intrepid ??
<sommer> not sure, you might ask the last person to update the package
 * sommer thought there was some type of exception process
<sommer> leonel: you might give this a read: https://wiki.ubuntu.com/FreezeExceptionProcess
<leonel> sommer: thanks
<sommer> np
<kaushal> hi
<kaushal> I have configured openvpn client using Network Manager on Ubuntu 8.04 Linux Desktop, The issue is that I need to add sudo ip route add 10.0.0.0/8 via 10.10.50.12 dev tap0 every time whenever i need to connect to openvpn server
<kaushal> any clue
<K4k> I'm having difficulty with the motd on my server, it seems to be showing up twice when I login via ssh, and I have no idea why
<K4k> I found a forum thread saying that it could be that bootmisc.sh is cating together motd with motd.tail and if .tail had the same message as motd it would cause it
<K4k> but I checked it and then re-ran the bootmisc script and then re-logged in but it didn't help
<ArtimusDeathhole> hey peeps.  I finally got my LSI SAS3081E-R HBA's, as per suggestion int he channel
<ArtimusDeathhole> I am reading through modload to load the driver and I am having trouble finding the module itself.   I have checked under /lib/kernel/drv/amd64 as the man page mentioned, but it isnt in there.   I know that the SUNWlsimega is installed, but what should I be looking for?
<ArtimusDeathhole> im sorry that was /usr/kernel/drv/amd64
<ArtimusDeathhole> I may be dumb
<zul> oh I think you might want a solaris channel
<ArtimusDeathhole> yeah,  I just noticed I popped this into the wrong window
<ArtimusDeathhole> my bad
<ArtimusDeathhole> <===  dumb
<kirkland> zul: ping
<kirkland> zul: any chance you can sponsor my fix for https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/258388 ?
<uvirtbot`> Launchpad bug 258388 in ecryptfs-utils "ecryptfs-setup-private should protect users from overwriting an existing setup" [Undecided,New]
<zul> kirkland: slim chance ;)
<zul> kirkland: are all of these patches going back into debian so we dont carry them for intrepid+1?
<kirkland> zul: they're going back to the upstream git tree
<kirkland> zul: and yes, the debian maintainer is taking them
<zul> kirkland: nifty thats what I like to hear
<kirkland> zul: that's the way i roll 8-)
<kirkland> zul: my fixes can be seen applied here: http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=summary
<zul> kirkland: your word is good enough for me
<kirkland> zul: and i ping the debian maintainer periodically and ask him to sync up to the latest upstream release
<kirkland> http://packages.qa.debian.org/e/ecryptfs-utils.html
<zul> kirkland: done
<kirkland> zul: you rock so much
<zul> I know :)
<Aquaraptor> Is there a "powered by ubuntu server" logo somewhere? I'd like to put one on my site
<Terrasque> Hey. Got a problem with the 8.04 kernel. Upgraded from 6.06, and the server is unstable with the new kernel. Old 6.06 kernel works fine tho
#ubuntu-server 2008-08-16
<Kamping_Kaiser> Terrasque, whats the problem though?
<Terrasque> Kamping_Kaiser: running the 8.04 kernel, the system blocks IO after a while, and load rise slowly to pretty high levels (30+).
<Terrasque> Small file writes and reads seem to work, tho. If I try rebooting, it goes through the motions, and then hangs with "device or resource busy"
<Terrasque> using the old kernel from 6.06 works fine
<Terrasque> I made a more detailed post on the forum last time I tried to figure it out. URL : http://ubuntuforums.org/showthread.php?t=795144
<Terrasque> basically, no log files shows anything wrong happening. But the system is not working well.
<Terrasque> I'm compiling the latest stable kernel from kernel.org (2.6.26.2) but I'm not sure how the ubuntu system will handle it (wrongly configured / missing patches)
<Terrasque> who Kamping_Kaiser
<lukehasnoname> hey
<Terrasque> hellu
<xcaret08> Hi. I am trying to run Ubuntu Server on a 16 core (4 socket, quad core) machine but I only see 8 processors when I look at /proc/cpuinfo. I am running 2.6.24-19-server. Any ideas what I might need to tweak?
<xcaret08> Oh yes, I am running 8.04.1
<LMJ> hello xcaret08
<LMJ> are you running a 32 or 64bits distro ?
<Kapli> Hello, I have installed webalizer on my ubuntu server, but it's starting to annoy me with all the emails from Cron Daemon, is there any way to stop it from sending me emails everytime it runs webalizer?
<Kapli> I tried putting >/dev/null 2>&1 after webalizer in my crontab but it didn't have any effect
<backenfutter> hey folks, hopefully someone in here can help me: atm I'm forced to use umts via pcmcia (which works fine) now I set up my laptop to act as NAT for the rest of the LAN... for that, I got myself a neat script from ubuntuusers.de which manipulates iptables however, it ain't working as it should... It seems I can resolve hostnames by installing bind9 but I can't ping google.de from other PCs in the LAN... can someone help please?
<backenfutter> here's the script I'm using: http://pastebin.com/d3aef6e00
<backenfutter> funny is, it did work yesterday and the day before, but whenever I reboot either PC I run into problems ressting everything
<backenfutter> restting*
<backenfutter> argh
<backenfutter> resetting*
<backenfutter> here are my last few lines of dmesg:
<backenfutter> [ 2075.381187] tg3: eth0: Link is up at 100 Mbps, full duplex.
<backenfutter> [ 2075.381196] tg3: eth0: Flow control is on for TX and on for RX.
<backenfutter> [ 2075.384358] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
<backenfutter> [ 2086.215907] eth0: no IPv6 routers present
<alex^> ill read through the code 2mins
<backenfutter> thx
<backenfutter> I gotta do some errands, so I'll be back in like 20 minutes or so...
<alex^> can the local laptop resolve via it s local bind?
<alex^> the scripts looks nice
<backenfutter> alex^, yes, the laptop is entirely online
<backenfutter> the pc can resolve but cant ping
<backenfutter> I gotta run, I'll brb
<alex^> no idea sorry backenfutter
<alex^> you need to do morer iptables config testing
<alex^> did you say pingnig was workign and now its now?
<alex^> not*
<proppy> oy
<alex^> http://pastebin.com/m57e5fbd5
<alex^> an anyone tell me why i would be getting a seg fault from starting mysqld on a xen kernel: http://pastebin.com/m57e5fbd5
<alex^> how can i debug?
<Faust-C> ive installed ubuntu server in vbox but get the 'Kernel doesnt support CPU' error
<Faust-C> ive found the solution but when i boot into rescue mode i cant seem to get inet
<Faust-C> w/ that being said i cant perform the solution to this problem, has anyone had this issue before ?
<foolano> sommer: ping
<alex^> for some reason whenever i reboot my ubuntu 8.04 box, the nameservers in /etc/resolv.conf always change to some other ones that dont work, how can i force my settings so that they dont change after a reboot?
<alex^> got it
<KurtKraut> I'm trying to run a proxy server in my LAN but all programs I've tried I get the output 'Proxy Resufed Connection' but nmap detects the proxy running. Any clue ?
<foolano> KurtKraut: your proxy ACLs must allow connections from your LAN
<KurtKraut> foolano, I belive I'm configuring this properly. And nmap saying the proxy port is open for me is an evidence that my current IP address is allowed to access the proxy server
<foolano> KurtKraut: nope, the fact that the proxy port is open doesn't mean that its configuration acutally allows you to use it
<foolano> KurtKraut: what proxy are you using?
<KurtKraut> foolano, tinyproxy, ffproxy, polipo... all of them with the same behaviour
<backenfutter> alex^, just wanna let you know, that I solved the NAT problem... a simple route add default gw was missing ;)
<KurtKraut> anyone would recommend me a non-caching proxy ?
<foolano> KurtKraut:  i've only used squid as a proxy server, and by default  it only allows connections from localhost
<KurtKraut> foolano, in your experience, besides squid's config file anything must be changed in ubuntu server, like /etc/hosts.allow ?
<foolano> KurtKraut: just squid.conf
<Gilnim> hi
<Gilnim> howto autostart a program like: ./exampleprogram
<KurtKraut> How can I put a script to be runned on boot ?
<Gilnim> lol
<KurtKraut> Gilnim, :P
<Gilnim> no answer :( ;) KurtKraut
<Yahoo__> night all
<Yahoo__> someone ever succesfully used a Fasttrak TX2300 raid card here?
<KurtKraut> Gilnim, just add a call to the script in /etc/rc.local file
#ubuntu-server 2008-08-17
<theraptor> can anyone tell me how i can get the outside world to recognise my server?
<rebel_kid> im looking to set up a new office server and i had a few questions about ubuntu, and if anyone can help hardware
<rebel_kid> can it serve network prints, route the network efficiently, control network traffic (restrict sites), can it log internet activity, serve programs, things like that without a headache
<rebel_kid> network printers*
<ScottK> lamont: Ping (if your still up) - You know why ...
<nxvl> kirkland: ping
<arooni-mobile> is there any mail server software that allows my client to login in and create new addresses?  easily?  from a web interface?
<LMJ> hi
<anomalizer> is there a separate channel for JeOS ?
<uvirtbot`> New bug: #258674 in samba (main) "Can't connect to Samba/ms windows share" [Undecided,New] https://launchpad.net/bugs/258674
<uvirtbot`> New bug: #258767 in openvpn (universe) "Please sync openvpn 2.1~rc9-3 (main) from Debian unstable (main)." [Wishlist,New] https://launchpad.net/bugs/258767
<servidorespillo> hi
<servidorespillo> hi anybody know about ubuntu-xen server
<leonel> Hello .. Django 1.0 beta is on debian experimental  to make a merge to intrepid  it must be on universe ??
<ghaleb> hello, I have installed pptp vpn server, but my clients suffer from very slow connection, my vpn server is not the gateway to the other servers, do u think it's the main reason ?
<ajith_> #ubuntu-server
<Lunks> !jabber
<ubottu> jabber is a free and open source instant messaging protocol, unlike MSN and AIM. Supporting clients on Linux: Kopete (KDE), Pidgin (GNOME). For more info see http://www.jabber.org
<Lunks> Hmm how to install a jabber server on ubuntu?
<Lunks> I've got a server with only 64mb ram and have been trying to install jabber 1.4 with transports, but no success.
<sommer> foolano: yo
<PierOltdor> hellow my friends
<foolano> sommer: yo! I was making some changes to eBox to use the cn=config backend, and I wanted to ask you if you have already made public the ldap doc about the new backend
<sommer> foolano: nope, I'm still working on updating the syncrepl section
<sommer> foolano: should have something this evening or monday, probably :)
<foolano> sommer: cool :)
<qman__> hey guys, I was wondering if anyone could help me with one-time passwords using the opie-server and opie-client packages
<qman__> I got my server to ask me for one-time passwords and they do work for logins
<qman__> however, it won't increment the serial number
<qman__> meaning, it asks for the same one every time
<qman__> which defeats the purpose, obviously, so can anyone give me some hints?
<qman__> the server is running 8.04.1, i386 kernel
<qman__> been upgraded a number of times, I think I started with 7.04 on it, not sure
<uvirtbot`> New bug: #258914 in apache2 "apache2 SSI timefmt sometimes ignored " [Unknown,Confirmed] https://launchpad.net/bugs/258914
#ubuntu-server 2009-08-10
<accol> hey does anyone know of a good remote desktop viewing program?  the one that comes with jaunty is much too slow
<marshall> hey guys
<marshall> i've installed subversion on my server
<marshall> i want to make it so that any member of the group 'svn' can access the server
<marshall> how might i do this? i believe i have the group setup appropriately
<HellMind> my ubuntu server lts hangs on commands such top htop ps aux ls something
<HellMind> now is the second time that does that
<HellMind> how can I trace that :(
<HellMind> I trought it was some cron job but it isnt
<HellMind> now it works
<HellMind> can be an attack :S?
<mushroomblue> is the system fully-upgraded?
<mushroomblue> though, how is it hanging?
<mushroomblue> like, you type the command, and it sits there trying to run it?
<mushroomblue> does the screen blank when you run htop?
<HellMind> yep
<HellMind> I cant see
<twb> HellMind: are you using LDAP, or NIS?
<HellMind> yep exactly
<HellMind> no
<HellMind> so I do a psaux
<HellMind> but never ends and when it ends
<HellMind> the cpu use is ok
<HellMind> so I dont know where is the bottleneck
<HellMind> I uninstalled muni because it istarted at that time
<HellMind> but I wonder if that is the fix
<mushroomblue> open two tty's, have one run htop, and the other one doing other things.
<twb> IME it is usually due to hard-binding directory services.
<twb> (AWOL ones, that is.)
<HellMind> whats IME?
<mushroomblue> in my experience
<twb> HellMind: are you logged in as root?
<HellMind> yes
<twb> HellMind: does your working directory exist?
<HellMind> yes
<twb> HellMind: does dmesg contain anything about the disk shitting itself?
<HellMind> no
<mushroomblue> "tail -f /var/log/messages" telling you anything?
<mushroomblue> ctrl-c to stop tail, btw. :)
<twb> HellMind: pastebin the contents of /etc/nsswitch.conf and /etc/pam.d/common-*
<HellMind> no, I already looked for that
<HellMind> http://pastebin.com/m5fae9842
<twb> Does "echo *" return immediately, and "ls" hang?
<HellMind> http://pastebin.com/m37ebad
<HellMind> now it works
<HellMind> but i know now why it works :(
<twb> HellMind: which is?
<HellMind> ls worked fine when the folder  has  very little  files
<twb> You're going to tell me the directory had 8192 files in it?
<HellMind> no
<HellMind> but in ls /var/log
<HellMind> it didnt finished
<HellMind> but in root worked fine
<mushroomblue> neat.
<twb> HellMind: so what do you think the error is?
<mushroomblue> rm -rf ~/.* :)
<HellMind> munin
<HellMind> but i dont understand how ubuntu/linux
<HellMind> can be bricked like that
<twb> mushroomblue: ITYM ~/.??*
<mushroomblue> yah
<HellMind> I will come back if this happen again
<twb> I daresay
<HellMind> find: WARNING: Hard link count is wrong for /proc: this may be a bug in your filesystem driver.  Automatically turning on find's -noleaf opti
<HellMind> whats that?
<twb> HellMind: that's you forgetting to pass -xdev to find
<HellMind> its from munin log
<HellMind> my box is promiscued :(
<HellMind> why did you choose ubuntu instead of debian
<tsrk_> is debian better?
<mushroomblue> because ubuntu server is stupid fast to get up and running
<HellMind> sure?
<mushroomblue> from USB boot, I have a new install set up as a PDC in under 30 minutes
<HellMind> debian is fast too :(
<mushroomblue> in fact, that's what I'm doing atm.
<HellMind> I dont like ufw
<mushroomblue> ufw is fine when you get used to the syntax
<HellMind> sucks
<HellMind> how can I turn of the logs ?
<HellMind> of ufw
<tsrk_> what's ufw?
<mushroomblue> sudo ufw logging off
<mushroomblue> typing "sudo ufw" gives you a list of options
<mushroomblue> tsrk_ the n00b-friendly firewall.
<mushroomblue> I'm quite happy with it, actually.
<tsrk_> mushroomblue, is it included by default?
<mushroomblue> yep.
<tsrk_> but turned off right?
<mushroomblue> yep.
<tsrk_> i don't understand why i'd want a firewall on a server...
<mushroomblue> sudo ufw allow 22/tcp && sudo ufw enable
<tsrk_> could you explain?
<mushroomblue> tsrk_: because eventually, someone will get past your firewall.
<tsrk_> mushroomblue, i have no other firewall...
<mushroomblue> on your entire network?
<tsrk_> right
<tsrk_> i only have the services i need running
<tsrk_> isn't that enough?
<mushroomblue> 67.189.63.62
<tsrk_> yes
<mushroomblue> if you keep it updated, you only risk 0-day exploits
<mushroomblue> if you don't have SSH enabled, you're fine.
<tsrk_> i need to ssh in from outside
<mushroomblue> then limit connection attempts to something real slow.
<tsrk_> does ssh tend to have vulnerabilities?
<HellMind> how do you forward ports or nat with ufw -_-? you must edit files right
<mushroomblue> I had a win7 box on my network with preinstalled malware (pirated windows). bruteforced a 25-key password in less than 2 days.
<twb> tsrk_: everything has vulnerabilities.
<PhotoJim> ssh has had vulnerabilities, but passwords are inherently invulnerable depending on the security practices of the account owner.
<PhotoJim> s/invulnerable/vulnerable/
<twb> tsrk_: OpenSSH, and OpenBSD in general, make an abnormally large effort to avoid security vulnerabilities.
<mushroomblue> HellMind: ufw allow portnum
<mushroomblue> HellMind: i.e. ufw allow 80
<mushroomblue> or 80/tcp, if you only want tcp traffic open
<HellMind> -_- forward
<tsrk_> twb, sorry that's what I mean.
<HellMind> not accept
<tsrk_> PhotoJim, ssh keys only?
<twb> tsrk_: ask PhotoJim points out, if you have a world-facing SSH service there are best practices to minimize risk.
<PhotoJim> tsrk_: better, for sure.  but not invulnerable.
<mushroomblue> hrm. I don't think you can.
<PhotoJim> tsrk_: non-standard ports help.
<twb> tsrk_: using only key-based authentication is a bloody good start
<tsrk_> PhotoJim, but i can be scanned anyway?
<mushroomblue> tsrk_: all apps that are broadcasting from a port can be scanned.
<twb> PhotoJim: I'm not convinced that helps a lot.  I'll concede it helps a little -- but it also breaks QoS.
<mushroomblue> er
<PhotoJim> tsrk_: any machine can be port scanned, and it will discover any services that are open to the world.  firewalls minimize the services that are open.  but the remaining services still have to be done securely to avoid or mitigate risk.
<tsrk_> PhotoJim, i prefer to just not run services rather than firewall them
<twb> Which is to say that QoS typically prioritizes port 22, not ssh traffic.  Running SSH on another port means it'll get treated as bulk traffic.
<PhotoJim> twb: I don't understand TCP/IP well enough to see how key encryption versus password encryption on SSH would affect QoS.
<PhotoJim> tsrk_: a firewall prevents you from having to remember to protect a service.  you have to remember to open it up.  that's all.
<twb> PhotoJim: I was talking about using a nonstandard port.
<twb> PhotoJim: and it's authentication, not encryption.
<PhotoJim> twb: ahh.  maybe.  but that's remediable.  it's not hyper-secure, it's security by obscurity, but it is quite effective.
<PhotoJim> twb: I stand corrected.
<twb> The encryption mechanism negotiated between client and server (e.g. blowfish) is orthogonal to the auth method.
<PhotoJim> twb: Brain cramp.
<twb> np
<mushroomblue> there's nothing wrong with adding obscurity to an already hardened security scheme
<mushroomblue> so long as you remember to document. :)
<twb> mushroomblue: apart from the QoS suck :-)
<mushroomblue> heh.
<twb> My actual changelog reads
<twb> "Move ssh back to port 22.  I haven't had to deal with corporate firewalls, but I have had to deal with QoS and I want to clean up my .ssh/config some."
<twb> 443 being your typical strategy for drilling through stupid corporate firewalls.
<PhotoJim> twb: my network is a personal network, so I'm less concerned about it.  at enterprise level I probably would use port 22 and ramp up the authentication via keys.
<mushroomblue> I remember when my personal network was unsecured.
<mushroomblue> then I got hacked via wifi
<mushroomblue> turns out, there was a massive exploit for DD-WRT firmware
<twb> mushroomblue: perimeter-only hardening is depressing when you see it in a multinational :-(
<mushroomblue> hah.
<mushroomblue> agreed.
<PhotoJim> brb
<ozysimpson> Good Day All :-)
<ozysimpson> has some one install liferay5.2 on ubuntu server I despirately need your help please
<twb> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<ozysimpson> ubottu, thanks for the reply, I am unable to delete the demo content which is 7cogs.com and configure for our intranet
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<ozysimpson> I am very disappointed :(
<ScottK> ozysimpson: Since I don't think that's an Ubuntu package, you'll probably do better to ask for help where you got the package.
<twb> ScottK: I was trying to confirm that, but p.u.c is down
<ScottK> twb: https://launchpad.net/ubuntu/+search?text=liferay
<ozysimpson> ScottK, thanks scotty
<error404notfound> For a set of hosts at my work i use office.pub and office, and for others i use office2.pub and office2. Can i use just two entries in config file specifying the group of hosts and then key file? or do i need to create a separate Host with HostName for every machine?
<gnuyoga> error404notfound: r u trying to make sshd use ur key based on where u login ?
<error404notfound> gnuyoga, nope, its pure keybased, no passwd, no passphrase
<error404notfound> yes :P
<error404notfound> sorry, i am drunk
<error404notfound> Its like there are 50 machines, 45 use one key pair and 5 use other key pair.
<twb> error404notfound: why not just tell ssh to try both keys for all hosts?
<error404notfound> twb, how can i do that?
<twb> http://twb.ath.cx/Preferences/.ssh/config is mine
<gnuyoga> error404notfound: u can use ssh -F <new sshd_config> ... and alias this to ssh2
 * gnuyoga feels what twb says will work 
<twb> It tries id_rsa, but it also tries id_twb and id_example.net if I ssh to twb@example.net
<gnuyoga> twb: will that not take more time ... (what's is the average connecting time ?)
<twb> It's that last stanza that does that
<twb> gnuyoga: well, sure.
<twb> gnuyoga: but IMO it's negligible extra time, unless you're on a 33kbps line.
<noob> hi I am just wondering if anybody here has had any success with recompiling php to include the bundled gd support?
<twb> noob: why don't you just install the gd package?
<twb> apt-get install php5-gd
<noob> I have tried the gd package available via apt-get but that is an older version of gd that does not have support for the newer functions in the bundled gd available with php
<twb> I will not help you circumvent apt.  Sorry.
<gnuyoga> noob: http://www.howtoforge.com/recompiling-php5-with-bundled-support-for-gd-on-ubuntu
<noob> gnuyoga, that was the guide I followed last night, but it seemed to get stuck in some kind of endless loop?
<gnuyoga> noob: ah okay, where did u get stuck (can u pastebin the error pls)
<noob> well I have just turned my pc back on, so I have no error log, but... I got to the stage where you being to dpkg the new php5, and it ran for about half an hour, with information scrolling on the screen, but it really did appear to loop as I saw similar stuff coming back after ten minutes or so. I am sorry if this isn't a helpful decsription of my problem
<noob> this was the last command I executed... dpkg-buildpackage -rfakeroot
<noob> then it ran for over half an hour, is that normal?
<twb> Depends on the package.
<twb> And on your hardware, of course.
<twb> libwebkit would take about four hours on a Pentium III, for example.
<noob> dual core processor at 2.6 ghz with 3gb of ram
<noob> anyway thank you for your help I will try again
<error404notfound> I have a VPS which doesn't have much free space on its own for backups, plus having the backups on the same system sounds like a pretty bad idea for me...
<error404notfound> I have a laptop with 500G HD, but problem is i am on the move, so internet connectivity can't be guranteed, any ideas?
<ewook> error404notfound: you trigger the backups from your laptop when you're connected and not from the host that needs to be backuped.
<error404notfound> ewook, it would consume quite some bandwidth and my boss would get suspicous :P i am using rsnapshot and the biggest image is 390M
<error404notfound> any hosts that provide free FTP/SSH for backups? i just need 500M or so space at most.
<ewook> mount your gmail-account on the vps?
<error404notfound> ewook, can i do that?
<ewook> error404notfound: you could a while ago. never tried it.
<error404notfound> ewook, i mean like how?
<ewook> error404notfound: http://richard.jones.name/google-hacks/gmail-filesystem/gmail-filesystem.html
<error404notfound> ewook, thanks, checking it
<error404notfound> you can do "apt-get install gmailfs" :P
<ewook> oh.
<ewook> neat.
<error404notfound> ewook, creating a new account for backups on my domain, btw its legal w.r.t to google's policy? right?
<ewook> error404notfound: that I do not know. Read the agreement when signing up I guess.
<error404notfound> ewook, i guess its no different from using the account for backups of your documents, like i used to do on windows
<error404notfound> plus, if it was illegal, google wont have sit silently while the package also shipped in ubuntu official repo
<twb> error404notfound: that's not a safe assumption.
<twb> If you are worried that gmailfs is not legal, you should get professional legal advice.
<twb> It may be that it *is* illegal, and that Google simply hasn't noticed or doesn't want to pursue the developer about it.
<error404notfound> twb, lemme ask google official groups about this
<twb> Ubuntu will try to avoid shipping stuff that it shouldn't, but there are certainly works in Ubuntu right now that are not licensed for redistribution.
<twb> For example, Darcs' functional test scripts mostly lack license declarations, but they can be downloaded from Ubuntu using "apt-get source darcs".
<error404notfound> when i mount gmailfs, it says "Ignored Option:rw" later when i go there and try "ls" it says" no space left on disk"
<error404notfound> even though i have "python                7.2G     0  7.2G   0% /media/vps-gmail"
<error404notfound> any idea what could be wrong even though i upgraded libgmail?
<error404notfound> when i get it mount, its shown as "d?????????  ? ?    ?        ?                ? gmailfs" in ls -al
<soren> twb: It's very common to have source packages with files in them that do not contain explicit license/copyright information.
<soren> twb: This is not an oversight nor an accident.
<soren> twb: It'd be difficult to argue that those test files are not covered by the GPL or LGPL seeing as they are shipped as part of the darcs source distribution.
<error404notfound> ewook, ever saw: http://pastebin.com/m73900945 ?
<ewook> error404notfound: nope. I've never used it nor toyed with it, just knew it existed.
<twb> soren: simply having a file called COPYING in the tarball, containing a copy of GPL-1, does not consitute a license declaration for other works in the tarball.  You might ARGUE that this was the intent, but an explicit license declaration means you don't have to argue.
<twb> It would probably be adequate to have a single license declaration in the tarball that said "everything in this tarball is licensed under <terms>", but at least for Darcs, this is not the case.
<soren> twb: It's of course always preferable to not have to argue.
<soren> twb: Are you suggesting that those test files are indeed covered by a different license?
<twb> I'm saying that it's not clear that those works (the tests) are licensed AT ALL.
<soren> They call directly into darcs, and are distributed along with darcs. Thus, they are infected by darcs' license.
<twb> soren: sorry, I don't agree.
<soren> If anyone ever intended them to not be licensed as GPL, they gave up that right when they started distributing them and letting them call directly into GPL code.
<twb> GPL infects when linking, not when calling.
<twb> It's also perfectly valid to distribute works that are not licensed for REdistribution.
<soren> When we review code for acceptance into Ubuntu, we're not trying to keep code out by nitpicking for stuff that could conceivably (however unlikely) be argued as being a problem.
<soren> We try to evaluate whether stuff is an /actual/ problemm.
<twb> Well, indeed.
<soren> And while we /prefer/ that everything has perfect copyright/license information, if we /required/ that, we'd have /extremely/ few packages left in Ubuntu.
<twb> Even if Ubuntu does violate copy rights, that means nothing unless the copyright holder chooses to pursue Ubuntu.
<soren> You can always find a file that hasn't had its copyright information updated to the year of the latest change or whatever.
<twb> Right.
<soren> Noone gains anything by keeping code out like that.
<twb> I agree from a pragmatic view that this is extraordinarily low risk.  But the risk is non-negligible, and maintainers (and upstreams) should endeavour to be clear about licensing instead of simply taking a view that "it doesn't matter, everyone knows what I mean"
<twb> And of course this isn't limited to Ubuntu.
<twb> For the sufficiently paranoid, there is gnewsense :-)
<soren> darcs is included in gnewsense.
<twb> Clearly they (gnewsense) aren't doing their job, then.
<twb> BTW, I only single out Darcs because I'm the maintainer for it.
<soren> Why haven't you just yanked out those tests, then?
<twb> Because I'm a hipocrite
<soren> Ah :)
<twb> And theoretically I spend a little time every day adding license declarations upstream
<twb> But that got pretty boring
<soren> twb: I'm looking at the GPL now, and I can't actually spot the part that speaks about linking and whatnot.
<twb> soren: sorry, that info was from tertiary sources.
<twb> soren: if you google for LLGPL[sic], you will hopefully find some info about it.
<twb> (Licensing of Common Lisp runtimes under GPL has some funny implications, because binaries compiled with it can include the runtime.)
<error404notfound> is there a command line version for ubuntu one?
<gnuyoga> error404notfound: dont think so
<error404notfound> gnuyoga, :'(
<error404notfound> any good hosts that give free backup accounts or such? coz gmailfs is not working any more, developer says that libgmail is out of maintenance, and ubuntu one needs UI.
<alexm> error404notfound: package ubuntuone-client-tools provides u1sync command line tool
<error404notfound> alexm, whats that?
<alexm> "This package provides the u1sync command line tool for syncing individual files and folders to and from the Ubuntu One file storage and sharing service."
<twb> http://en.wikipedia.org/wiki/Ubuntu_One
<twb> Bleh, more proprietary software from Canonical...
<twb> At least launchpad is AGPL now, though I would have quite liked to RTFS the landscape backend
<error404notfound> can i mount webdav on my ubuntu-server? if no is there any other method to interact with it?
<error404notfound> bump
<alexm> apt-cache search webdav|grep mount lists davfs2 and fusedav
<error404notfound> alexm, yup, got that but in etc/fstab how do i specify username and password
<dzzz> i want to shutdown my ubuntu box by pressing `power off` button on keyboard.. any ideas ?
<alexm> error404notfound: i don't know, sorry
<error404notfound> alexm, got it, /etc/davfs/secrets
<error404notfound> but i am still looking for a good free ftp server for my system backups which arent more than 300M
<alexm> vsftpd?
<error404notfound> alexm, thats a server software that you need to run your own, i need a service.
<alexm> ok, i see
<twb> alexm: I would normally say "aptitude search ~dwebdav~dmount"
<twb> dzzz: you need to install acpid.
<twb> dzzz: personally I think it's bloody stupid to not install that by default, but I'm told that "people might accidentally bump the power button"
<dzzz> i have acpid installed, but apci-listen gets nothing when i pressing the button
<twb> dzzz: oh wait, sorry, I thought you meant the power button on the case
<alexm> twb: thanks for the tip :)
<twb> dzzz: if acpi-listen doesn't see it, I'm out of ideas -- short of installing Xorg, at least... :-(
<dzzz> twb: thanks
<twb> I suppose you might be able to tell upstart/console-setup to "see" it as ctrl-alt-del or something...
<twb> I noticed that console-setup has some peculiar relationship with xkb-data
<quizme> what's the file that starts a service after reboot?
<twb> quizme: upstart, probably via sysvinit-compat
<twb> quizme: if you want to disable a service from starting at boot, I suggest using the rcconf tool
<twb> Simply deleting the symlinks in /etc/rc?.d/ is wrong, in a way that will bite you on the arse months later.
<twb> (I had to vigorously educate a co-worker about that recently.)
<error404notfound> update-rc.d
<error404notfound> i guess that was the name
<quizme> how do regain root ?
<pmatulis> quizme: give him a password
<twb> quizme: sudo -i, or pick the "rescue" (single) option in the bootloader
<quizme> i can't sudo anymore as ubuntu
<twb> Failing that, fight through various iterations of live CDs, CMOS resets, alternate hardware, butterfly effects, etc.
<quizme> cuz i was messing with the sudoers file
<pmatulis> ah
<twb> quizme: well, don't do that
<quizme> now that i can't sudo
<quizme> what can i do ?
<twb> quizme: reboot and pick "rescue" in the bootloader, then run "visudo" as root.
<pmatulis> recovery mode
<quizme> i'm on ec2
<quizme> i don't think i can do that
<twb> quizme: then you're fucked
<quizme> .. *sigh*
<twb> quizme: put the image somewhere you can mount it
<error404notfound> quizme, reboot into single user mode and use root account, or if you dont have a root password, use a live cd and reset it
<error404notfound> quizme, and next time be careful, nix literally lets you shoot in your foot.
<twb> error404notfound: he can't get single because it's a VPS, and he's (presumably) connecting via ssh only once it boots
<pmatulis> quizme: you're out of luck i'm afraid
<quizme> i'm gonan try to to login as root .. i think i put id_rsa.pub in authorized_keys
<error404notfound> quizme, twb, try if they provide a serial console like my vps does...
<error404notfound> or ask them
<twb> error404notfound: which provider is that?
<quizme> fuck yes
<quizme> it worked
<error404notfound> twb, prgmr, not very famous, but i am really happy with them
<error404notfound> quizme, happy for you...
<twb> error404notfound: do you know what technology they're using (e.g. KVM, Xen)?
<pmatulis> quizme: you allowed ssh root logins with a key?
<axisys> how do I switch from hardware raid 1 to software raid 1 ?
<error404notfound> twb, Xen
<twb> error404notfound: righto
<axisys> step 1 would be how to detach the one of the disk from hardware raid 1
<error404notfound> twb, i would say have a try, atleast i am really satisified, they have great support, irc channel, great prices, and what not.
<axisys> step 2 would be how to install ubuntu server on second disk while running the server ?
<twb> axisys: step #1 would ideally be to buy two new disks
<quizme> *phew* that was a close one
<quizme> pmatulis: yeah
<quizme> pmatulis: is that bad ?
<quizme> pmatulis: cuz it just saved my bootie
<pmatulis> quizme: allowing root to login is generally frowned upon
<twb> pmatulis: key-based only isn't so bad
<error404notfound> what i do is create an account named toor (yes, same concept as FreeBSD's toor) and use that for such emergencies
<twb> error404notfound: apt-get install sashroot, follow the prompts
<twb> Sorry, "sash" not "sashroot"
<error404notfound> twb, me?
<twb> Eh, I thought it was a "how do I"
<error404notfound> twb,  :P
<error404notfound> twb, whats sashroot? something like port knocking?
<twb> No, it's just a statically-linked shell.  But its debconf code sets up a second uid=0 account with sash as its default shell
<error404notfound> twb, so its basically same thing as my manual approach...?
<twb> error404notfound: yep, except it's "turn key"
<error404notfound> twb, turn-key?
<twb> ,turnkey
<twb> ubottu: turnkey
<ubottu> Sorry, I don't know anything about turnkey
<twb> Bah!
<error404notfound> :D
<garymc> Hi, I recently installed 9.04 server alternate. Im running into prblems now that i didnt have with fedora 10
<garymc> when I install Mysql etc and i run my setup.php for the database feild creations, the fields dont seem to be getting enterd now
<garymc> also when I request the time stamp in my php script from the database record I get 1st January 1970
<garymc> ?
<sommer> garymc: does the mysql user you're using in the setup.php script have appropriate rights to the database?
<garymc> yes
<garymc> im doing a reinstall i think i set something up wrong
<garymc> will be back shortly for an update
<Ng> --help
<pmatulis> Ng: ok
 * Ng awards himself many many "I fail at irssi today" points
<ichat> i have a system with   1x 60gb pata (for system) -    and   6x 200gb for data ....    i mount the  60gb partition as   ext4,  with  mount    /
<ichat> now it needs to be a smb / ftp / mediastreaming service...
<ichat> should i  mount the huge partition as   /var   -  as  /home  or as  /srv   ????
<axisys> twb: i have only two disks on this system .. i am assuming i can switch to softwareraid 1 from hardware raid 1 w/o buying new disks.. it is very simple with solaris .. i can't imagine it being that difficult w/ linux
<stefan__> ichat: mount it as /mnt/storage
<stefan__> afaik there is no rule where to mount it
<ichat> stefan__:  ??? and than  add the  home vars accordingly in  the ftpd conf   samba.conf  and other?
<stefan__> yes
<ichat> btw is there an easy way to synchronize  smb  users with the ftpd and the system
<stefan__> not that I know, but maybe users that used this more than me can add other thoughts
<ichat> afaik i cant let samba authenticate against any database other than an LDAP service - but thats  verry dificult to manage - i fear
<stefan__> ichat: you can integrate samba with LDAP
<sgsax> I think you should be able to integrate samba with pam
<stefan__> http://wiki.samba.org/index.php/Samba_&_LDAP
<stefan__> you can integrate it with pam
<stefan__> but I don't know exactly what ichat wants to do
<ichat> i want an easy to manage - setup where i can store files and stream media accoss a network (smb)  and  wan (FTP) -
<ichat> and for users to be easy added
<ichat> so either by -  getting the services intergrated into local users management -  or  by - anyother means... as long as its not impossible to setup
<axisys> how do I detach second disk from hardware raid 1 ?
<sgsax> axisys: in the raid bios setup
<axisys> sgsax: i am not sure.. it has been while since i build this X4100 .. i think it has some fake raid or something.. but it has been while.. i know i have two disks .. but fdisk -l shows only one.. so that confirms i am using hardware raid 1 right now
<sgsax> I know the X2100 uses fakeraid, dunno about the X4100
<sgsax> if it is fakeraid, then you probably can't just pull a disk out with losing all the data
<stefan__> ichat: if you are accustomed to ldap then integrate it with that and when you add/remove users in ldap than they also have access to smb shares
<axisys> sgsax: i might be confusing x4100 w/ x2100.. i am working on x4100 now
<garymc> Hi can anyone help me installing php and mysql server
<garymc> in ubuntu 9.04?
<ichat> stefan__:  - im not :(  (yet) -  i'd love to try ...
<garymc> dont know if im using the correct commands etc
<axisys> sgsax: how do I detach a disk from real hardware raid 1 ? my goal is to switch to software raid
<garymc> axisys: i think you do it in the bios
<stefan__> garymc: search help.ubuntu.com
<ichat> garymc:  -  just install them and  browse to  /etc/apache/httpd.conf   and edit it according to your needs
<stefan__> ichat: so what did you mean by "getting the services intergrated into local users management"
<garymc> ok in install these packages
<garymc> install php5 libapache2-mod-php5 php5-mysql mysql-server
<garymc> are they correct
<garymc> ?
<sgsax> axisys: you'll have to reboot and watch the bios messages for the keys to get into the raid setup
<garymc> axisys: normaly F8
<stefan__> they look correct apart from mysql-server , i thought the name is mysql-server-5.1 or something like that
<sgsax> you seriously want to switch from hardware raid to software?
<sgsax> usually it's the other way around
<garymc> stefan_ how would i find out the correct stuff
<axisys> sgsax: how would i know when a disk go bad with hardware raid ?
<stefan__> garymc: to sudo aptitude search mysql-server and install 5.0 or 5.1 whichever one is there
<ichat> axisys:  -  it would still give some smart errors -  dbus should be able to tell  on failure - but i didn't ever try
<sgsax> axisys: if it's a good raid controller, the driver should alert you
<axisys> sgsax: it will send it to the syslog ?
<sgsax> it's likely
<quizme> can somebody go to this site:  http://cardinaleducation.thirdreplicator.com  <--- do you see a login form ?
<pmatulis> quizme: "address not found"
<stefan__> quizme: not found
<sgsax> quizme: same here, DNS doesn't resolve
<quizme> ok thanks guys
<axisys> sgsax: http://pastebin.com/f5565f185 i got these messages yesetrday.. is that mean hardware raid 1 having issue ?
<sgsax> device-mapper is lvm
<sgsax> which can be used for software raid
<axisys> i am not using software raid http://pastebin.com/f58860abf .. so don't messages are not relevant to my hardware raid ?
<quizme_> http://pastie.org/578474  <--- it was working before on my other server ..... the subdomains i mean....
<sgsax> axisys: pastebin output from lsmod and lspci, pls
<axisys> sgsax: http://pastebin.com/f513a283e from smartctl .. let me get the other info
<axisys> lsmod -> http://pastebin.com/f532cce57
<axisys> lspci -> http://pastebin.com/f4b3cd416
<sgsax> yeah, so you've got an X4100, with LSI Logic SAS controller
<sgsax> that uses the mpt module
<sgsax> I don't see any lvm modules loaded
<sgsax> X4100 has two sas drives (X4200 has four)
<sgsax> iirc, that's a hardware raid card
<axisys> little bit detail about that lsi controller http://pastebin.com/f530356d6
<sgsax> chances are, if you reboot and get into the raid setup, it should be able to tell you if one of the disks is degraded
<axisys> sgsax: would be nice if there is any raid tool to find the status .. that is why i like software raid 1
<sgsax> there should be mpt tools
<sgsax> mpt-status
<axisys> sgsax: can you tell which one do I have http://picpaste.com/Screenshot-6_1.png .. i may not able to access the disk by passing that internal sas controller
<sgsax> I think should give you the info you need
<sgsax> not sure what the difference between the forst two is
<sgsax> but from your lspci:
<sgsax> LSI Logic / Symbios Logic SAS1064 PCI-X Fusion-MPT SAS (rev 02)
<sgsax> that's what you've got
<axisys> http://pastebin.com/f48962573, so now i need to fidn the mptctl kernel module correct ?
<Steve[mbp]> morning everyone!
<axisys> sgsax: http://pastebin.com/f48962573, so now i need to fidn the mptctl kernel module correct ?
<sgsax> axisys: yes
<sgsax> you can probably just try "modprobe mptctl"
<sgsax> if you don't get any errors, then it loaded just fine
<sgsax> can check lsmod to verify it is loaded
<ichat> stefan__:  - >	ichat: so what did you mean by "getting the services intergrated into local users management"  <--- -   id like to have smb intergrated with pam (so native  *nix user accounts,  cuze thats probably the easiest way ...  - or else for example a  user-db that ALL service    atuhenticate  against
<axisys> sgsax: that did it
<stefan__> ichat: http://www.samba.org/samba/docs/man/Samba3-HOWTO/pam.html
<sgsax> Steve[mbp]: howdy
<axisys> sgsax: http://pastebin.com/d4d8cbefe  sweet!
<sgsax> axisys: there you go
<axisys> sgsax: so, the kernel module will stay loaded in next reboot ?
<sgsax> check the man pages for mpt-status for more usage info
<qman__> re ichat
<qman__> I would just use pam
<qman__> vsftpd will use system users, and pam-smbpass will sync samba with local users
<sgsax> axisys: if not, you can always add it to /etc/modules
<qman__> LDAP will get it done too, but it's a bit more work
<axisys> sgsax: thanks a lot
<axisys> sgsax: wow! really good info http://pastebin.com/f14babea4
<ichat> qman,  anny help configuring these services would be verry apreaciated  as soon as the system boots (after install)  -  i never did this...  -
<axisys> i have to find out how to have smartctl probe both disks
<sgsax> axisys: looks like you're on the right track now
<axisys> sgsax: i sure am.. thank you very much!
<sgsax> np
<axisys> I have similar question about x2100 raid.. can I ask away ?
<sgsax> I know that's fakeraid, but give it a shot
<axisys> sgsax: lspci -> http://pastebin.com/f4209008
<axisys> sgsax: lsmod -> http://pastebin.com/f54b83b65
<axisys> what tool can I use to check the status ?
<sgsax> x2100 uses an nvidia nforce chipset
<sgsax> plain old sata controller with software raid
<axisys> sgsax: yikes! hehe
<sgsax> what about fdisk -l
<sgsax> https://help.ubuntu.com/community/FakeRaidHowto
<sgsax> note the strongly recommend against using it on your boot drive
<garymc> my adobe flash doesnt work so well in ubuntu 9.04 server
<axisys> sgsax: fdisk -l -> http://pastebin.com/f468a4754
<garymc> i got it to work but speech is out of sync etc
<garymc> bit jerky too
<axisys> sgsax: df -h -> http://pastebin.com/f27f5b92a
<garymc> then sometimes sound doesnt work
<sgsax> axisys: yeah, it shows two seperate drives there, sda and sdb
<sgsax> it appears that both are partitioned the same, so at some point, they were probably in a mirror
<sgsax> but since there are no dm (device-mapper) modules loaded, the current system just thinks they are seperate disks
<axisys> sgsax: during install it said, hey i found a raid controller.. u want to use it.. i think i said yes
<sgsax> garymc: I think there was just an update to flash, dunno if it was a bugfix. or a security patch
<axisys> and it did the mirror during install .. it has been a while too
<axisys> sgsax: df -h -> http://pastebin.com/f599a6e85 thinks it is a device mapper
<axisys> sgsax: is there a tool to see what it is like underneath the device mapper.. is it one disk or two disks ?
<quizme> anybody know how to configure bind well ?
<quizme> i am trying to set up subdomains..
<quizme> cardinaleducation.thirdreplicator.com <--- ain't being found
<axisys> sgsax: http://pastebin.com/fc504a30 does not tell me much about the raid 1 device mapper I am using nvidia_eeffhbef1
<garymc> anyone know why I cant add users in ubuntu 9.04 server?
<garymc> The unlock thingy doesnt highlight now?
<qman__> garymc, I'm not sure what you're referring to
<garymc> in the ubuntu gui I goto system admin users
<garymc> It wont let me add any
<qman__> ubuntu server does not have a GUI by default
<qman__> are you using desktop?
<garymc> im logged in using a thin client
<garymc> im using an LTSP version
<qman__> oh, the alternate disc
<qman__> make sure you're logged in as a user with sudo privileges
<qman__> (an administrator)
<garymc> iam
<qman__> well, you could always do it the old fashioned way
<qman__> in a terminal, sudo adduser username
<qman__> sorry, I don't know much about how the GUI apps actually work
<sgsax> axisys: I'm afraid I've never used fakeraid myself
<sgsax> that link I pasted earlier is probably your best place to start
<sgsax> another one: http://wiki.debian.org/DebianInstaller/SataRaid
<qman__> garymc, one other thing to try, log into the server locally and try it
<qman__> I'm not sure if it allows you to open administrator type stuff from a thin client or not
<axisys> sgsax: thanks a lot
<axisys> sgsax: i should probably switch to software raid for that box
<axisys> sgsax: i have anothe x2100 where that is exactly what i did
<axisys> sgsax: software raid that is
<axisys> sgsax: but that was from initial install
<qman__> fwiw, I use mdraid on several machines, and it's done me well
<qman__> even through hardware upgrades
<axisys> sgsax: wonder if i can detach a disk from fake raid and make the disk bootable by itself..
<axisys> sgsax: then i could boot from detached disk and setup software raid
<sgsax> axisys: all I can see is hardware raid is typically more robust than software raid
<Max007> Hi, I'm running a bridging squid proxy. We developed a web gui show some stats and configure ip address but when I change the ip address using the web gui, I get an error on the console : unregister_netdevice: Waiting for br0 to become free. Then I have to reboot the server because this error never stops.. Can anyone help me with that &?
<sgsax> s/see/say/
<Max007> I forgot to mention... it works 50% of the time
<axisys> sgsax: where does fakeraid stand here?
<qman__> fakeraid isn't really any more robust than software raid
<sgsax> axisys: fakeraid is software raid
<qman__> the only reason I think it really exists is to make things easier on people who use windows
<axisys> sgsax: in that case i should just switch to md
<sgsax> probably
<axisys> qman__: well then it is not for me.. i have not use windows for 2 yrs.. well i usually prefer doors ;-)
<qman__> Max007, it's most likely an issue with the way your application changes the address
<axisys> sgsax: it will be a challenge to switch to software raid from fakeraid..
<Max007> qman__: it edits /etc/network/interfaces and then run /etc/init.d/networking restart
<axisys> sgsax: short from rebuilding the box .. yikes!
<sgsax> yeah, don't think it's possible while retaining your existing partition
<sgsax> (another plus for hardware raid)
<qman__> Max007, that should work with just a standard interface, so I think the issue is with the bridging
<qman__> maybe some program is preventing the bridge from going down?
<qman__> also, bringing down your interface should also bring down your web server
<qman__> so you need to make sure you execute the script in a way that allows it to continue to run even if the web server goes down
<Max007> qman__: I see.. it only run the command "sudo /etc/init.d/networking restart" from PHP
<Max007> after it makes the change to /etc/network/interfaces
<qman__> yeah, that probably won't work
<qman__> you should spawn a job separate from the php code
<Max007> do you have another idea ?
<qman__> well
<qman__> I'm trying to think of something a bit less convoluted than what's in my head right now
<qman__> you could set up a cron task, that checks a file
<qman__> and have the php code edit the file
<qman__> if the file is changed, the cron task commits the changes and restarts networking
<axisys> sgsax: with mdadm it would be easy too..
<axisys> sgsax: but ofcourse not with fakeraid that i know of
<qman__> the only downside is the time gap versus overall system performance
<qman__> the other option would be setting up a daemon that the php code forwards the data to, which would manage the whole thing
<qman__> that would be ideal performance wise, but presents quite a lot of work to write
<qman__> you could also make your php code such that it creates a new cron task when you make the changes, which runs and then deletes itself
<qman__> that'd be simpler than a daemon to write
<qman__> the only real downside is that it could take up to a minute to do the reboot, since you can't cron tasks any sooner than every minute
<qman__> err
<qman__> restart of networking
<Max007> qman__: hmmm
<Max007> qman__: what other distro with web gui do ? like ipcop, pfsense... etc
<Max007> qman__: if I edit the file and then run "ifconfig br0 X.X.X.X netmask Y.Y.Y.Y
<Max007> what do you tnk ?
<qman__> that might work since it doesn't actually bring down the interface
<qman__> but your services would have to listen on all interfaces/addresses, not a specific one, in order to keep functioning
<drurew> !bmotion-lib
<ubottu> Sorry, I don't know anything about bmotion-lib
<uvirtbot`> New bug: #308952 in vsftpd (main) "FireFTP(Mozilla) cannot LIST files" [Undecided,Won't fix] https://launchpad.net/bugs/308952
<XiXaQ> I have had a problem with my network interface, that it slows down dramatically after a while of sending and receiving large amounts of data. However, running sudo ifdown eth0 && sudo ifup eth0 seems to fix it. However, this feels dangerous to me. What are the consequences of running that command, how does it affect active connections, etc?
<ivoks> umm... mysql-server-5.0 in hardy can't be built
<ivoks> ssl related tests fail with timeout
<quizme_> can somebody help me with bind ?
<quizme_> i'm clueless
<XiXaQ> quizme, if you're clueless, then you probably want to look at the server guide on help.ubuntu.com. It will give you at least a clue. It's difficult to answer questions like that.
<quizme_> i'm trying to get my website up: thirdreplicator.com/
<garymc> How do I install phpmyadmin in ubuntu 9.04?
<XiXaQ> quizme, follow the guide on help.ubuntu.com. It's very easily explained, and it's not complicated at all, I promise. :)
<XiXaQ> garymc, sudo apt-get install phpmyadmin
<ivoks> garymc: you just install it
<quizme_> ok
<garymc> done that
<garymc> how do i use it~?
<garymc> right ive installed phpmyadmin how do i use it?
<garymc> ????
<garymc> sussed it
<iulian> garymc: Read the docs?
<quizme_> how do i define secondary name servers in my primary server's zone file ?
<uvirtbot`> New bug: #358723 in awstats (main) "awstats.pl does not close table row" [Undecided,Fix released] https://launchpad.net/bugs/358723
<r3rman_> hey - I've edited /etc/network/interfaces to change my ip from a.b.c.d to a.b.c.e (incremented it) - now I want to ifdown / ifup - but... I really want to be sure it comes back up
<quizme_> is there something wrong with this zone file?  http://pastie.org/578790
<r3rman_> will sudo ifdown eth0 & sudo ifup eth0 work?
<ichat> after installing ubuntuserver, it tells me that its installed - 'grub' is installed but after reboot i get  an error that there is no operating system .. (noting else)
<ichat> btw its installed on pata  (pri master)
<r3rman_> How to reliably restart network interface when connected remotely - since I only have one shot at this without it being a real pain
<uvirtbot`> New bug: #358715 in awstats "Syntax error in search engine list" [Undecided,Confirmed] https://launchpad.net/bugs/358715
<pmatulis> r3rman_: i would make another connetion via ssh and go 'sudo service networking restart'
<r3rman_> pmatulis, if I make a second connection, the original would still survive? :-/
<r3rman_> despite ip change?
<r3rman_> pmatulis, I have been assigned 6 ips from my server provider - I guess that means I can choose any to assign as my static ip to my eth0? (also have eth1, and I guess the others are for if I have other devices behind that............ right?)
<uvirtbot`> New bug: #398132 in awstats (main) "awstats uses the wrong access.log, wrong permissions (dup-of: 319871)" [Undecided,New] https://launchpad.net/bugs/398132
<pmatulis> r3rman_: the safest way would be to first make a copy of your old interfaces file
<r3rman_> pmatulis, I did that, but you are missing the point
<r3rman_> I don't have a stick that long (oer) to poke it back online again if it buggers up
<r3rman_> anyway, I did it now
<pmatulis> r3rman_: i was going to suggest to use the 'at' command to use it at a later time
<r3rman_> today I also realised what a FUSKING idiot I am
<r3rman_> I was pasting some long commands that were seqeunces into the console
<r3rman_> the remote console... and I didn't realise that most were being pasted into the STDIN / null area of before bash was returning
<r3rman_> I am sure on the other server, it traps the enter and keeps doing all the commands
<jtimberman> karmic alpha 3 server installs gcc by default??
<jtimberman> oh nm. not the actual program, but 'gcc-4.4-base' package. thats confusing.
<nick125_> Anyone here familar with POSIX ACLs and Samba? I set a few POSIX ACLs on a few share directories, but my user still can't write to the directory. Any ideas?
<tarun_> Hi gusy. I have a question about bind server. I hope some one here on the kind community will help me.
<tarun_> I have two doman xyz.com, abc.com registered at www.name.com. I want to run them from my inhouse server.
<tarun_> Do i need bind9 server to configure them?
<tarun_> Well i think, i should not?
<uvirtbot`> New bug: #319871 in awstats (main) "suboptimal defaults in awstats (LogFile and LogFormat)" [Undecided,New] https://launchpad.net/bugs/319871
<tarun_> is there anybody who could help me?
<Sam-I-Am> tarun_: well, they may provide complete domain hosting for you
<Sam-I-Am> tarun_: unless you want full control over it...making changes as you like.
<Sam-I-Am> if you want control (and all the fun that goes with it), you can run bind or some other nameserver
<tarun_> Sam: It mean i do not need to install bind9 server on my machine.
<Sam-I-Am> it does IF you're listed as the SOA/NS for the domain
<tarun_> I can easily configure mailserver and apache server with my existing server?
<Sam-I-Am> yeah, if they handle A/PTR records for you
<Sam-I-Am> like... you tell them where you want www.xyz.com to point
<Sam-I-Am> and they do the work
<tarun_> mean, i only need to put domain records in the dns manager provided by name.com. and it will work.
<Sam-I-Am> yes
<tarun_> Sam-I-Am: Actually i did this. But www.xyz.com and xyz.com are pointing to different locations of the server. Even i configured virtual host.
<tarun_> <VirtualHost *>
<tarun_>         ServerAdmin admin@tarunjangra.com
<tarun_>         ServerName  tarunjangra.com
<tarun_>         ServerAlias tarunjangra.com
<tarun_>         DocumentRoot /home/tarun/tarunjangra.com/public_html
<tarun_>         ErrorLog /home/tarun/tarunjangra.com/error.log
<tarun_>         CustomLog /home/tarun/tarunjangra.com/access.log combined
<tarun_> </VirtualHost>
<tarun_> Here is my virtual host configurations.
<Sam-I-Am> dont post big stuff in here... use pastebin or something
<tarun_> oh sorry for that.
<drurew> can anyone point out a ctcp/dcc compatible irc client for winodws ?
<Sam-I-Am> drurew: uh, mirc?
 * Sam-I-Am looks at channel name
<drurew> i dont think its ctcp/dcc compatible
<tarun_> Sam-I-Am: here are my virtual host configuration: http://pastebin.com/d575d2677
<drurew> Sam-I-Am: im running an eggdrop on my ubuntu-server, where windows users need to be able to interact with the eggdrop
<Sam-I-Am> tarun_: do you have namevirtualhost in your config?
<Sam-I-Am> drurew: does xchat run on windows these days?
<tarun_> Sam-I-Am: No. Is it contains my static IP?
<Sam-I-Am> tarun_: in order for virtual hosts in apache to work, domain1.com and domain2.com point to the same IP ... then apache uses the http headers to point to the correct files
<tarun_> Do i need to configure virtual hosts for both "xyz.com" and "www.xyz.com"?
<Sam-I-Am> not if they're the same place... most people just point the A record for domain.com to the same IP as www.domain.com ... so if you forget www, you still get to the web site
<Sam-I-Am> now, if you want different sites for www.domain.com and domain.com, then you might consider virtual hosts
<PhotoJim> I just CNAME domain.tld to www.domain.tld.
<Sam-I-Am> or that
<PhotoJim> They both work.
<maswan> Sam-I-Am: sname wouldn't work well, you'd want NS and probably MX records at the domain.tld level
<maswan> s/sname/cname/
<Sam-I-Am> maswan: i use A
<qman__> drurew, mIRC does ctcp and dcc, though it is in serious violation of standards, especially in regard to unicode
<maswan> Sam-I-Am: yes, that's what works, cname wouldn't
<qman__> drurew, there are builds of xchat for windows, but generally they don't work too well due to the way GTK is used in them
<qman__> drurew, silverex.org
<tarun> Sam-I-Am: Sorry i was disconnected.
<drurew> thanks qman__
<qman__> irssi also supports ctcp and dcc, though the interface for dcc is a bit harder to use
<drurew> i think the issue with eggdrop is the ssl encryption that mirc dosnt like
<MianoSM> Hey, I'm looking for a package in the ubuntu repositories that you could run on two machines, one was the server, and then you could test speeds from clients with it - was very simply and handy - but can't recall the name of it - any ideas?
<Sam-I-Am> just pure data transfer over the network?
<MianoSM> Yes, it was a handy little package though - I know I could use rsync or dd....
<Sam-I-Am> netcat?
<MianoSM> No, not netcat or netrw
<sgsax> MianoSM: iperf
<MianoSM> YES
<MianoSM> thank you
<sgsax> dunno if there's a package for it, though
<sgsax> guess there is, for jaunty at least
<sgsax> hardy, too
<sgsax> so nm my complaining
<MianoSM> Great tool, really makes things a breeze. :)
<sgsax> it is pretty slick
<uvirtbot`> New bug: #411615 in lsb (main) "lsb_release crashed with ImportError in <module>() (dup-of: 383697)" [Undecided,New] https://launchpad.net/bugs/411615
#ubuntu-server 2009-08-11
<ox> hey need help with squid! http://pastebin.com/m7313543d
<Bookman> I am slowly shifting the main purpose of one machine from desktop to server and I was wondering how do I start the desktop version into the command line and not x
<fef> Bookman: vi /etc/inittab
<pmatulis> Bookman: can you be a little clearer on what you want to achieve?
<fef> he was pretty clear
<Bookman> fef and change the runlevel, right?
<fef> to 3
<fef> yes
<Bookman> fef: Is there something I could just change in my grub?
<fef> Bookman: not that i know of
<Bookman> fef: Got you.  Also, all the current services I have starting up will not change, correct?  It will just start with out x?
<fef> http://ubuntuforums.org/showpost.php?p=959527&postcount=3
<fef> should have your solution for you
<Bookman> Thanks a ton.
<ScottK> fef: No /etc/inittab in any Ubuntu install past Dapper (you'll keep it if you've upgraded).
<fef> even.d now
<fef> because ubuntu thinks its a great idea to place things in terrible locations
<ScottK> No, because we use upstart and not sysv init.
<fef> point still stands
<StefanM> Hi.
<StefanM> I just installed Ubuntu Server and tried to use PPPoE. Ran 'ifconfig up eth0' and 'ifconfig up eth1' (i've got 2 lan cards) then pppoeconf, and followed the instructions.
<StefanM> Then I did 'ping google.com' and got 'unknown host'
<StefanM> The same connection works fine on my windows box, and one of the plog lines says "ms-chap authentication failed. i don't like you, go 'way"
<nick125> Can you ping an IP address (i.e., 4.2.2.2)?
<nick125> Hmm..
<StefanM> you sure that's a valid address?
<nick125> yes, it is
<StefanM> I'm gonna have to disconnect so I can try it on the other box, brb. thanks ;)
<Statix138> Hey guys!
<Statix138> How can I change ubantu so I dont have to put in my password all the time when I am like chaning network settings and stuff?
<StexanM> back
<StexanM> it didn't work.
<StexanM> i got "network is unreachable" at the ping
<Statix138> Can I change it so I run as root all the time and I dont need a password?
<nick125> Okay. Were you getting a valid IP address from ifconfig?
<Statix138> stexanM your default route is prob. missing
<StexanM> nick125: didn't check, will now. btw, could it be that my ISP remembers my old MAC address and doesnt let any other PC (with any other MAC) connect?
<StexanM> Statix138: Could you explain? what's a default route?
<fef> is your etherweb cable plugged in
<Statix138> StexanM im not google, look it up
<Statix138> On Ubantu where is the recycle bin, I did rm -fr /etc/ and I want to know where the files went?
<StexanM> oO
<nick125> Statix138: Uh...with rm, there isn't a recycle bin.
<fef> are you sure
<Statix138> I thought Ubantu was high tech and there is no recycle bin?
<Statix138> This Loonix stuff is crazy
<nick125> Uhhhhhhhh....
<StefanMonov> the linux instructions my ISP provides say I should use something called "rp-pppoe"
<StefanMonov> I guess I'll d/l it on my main box and carry it over to the other one on a pendrive
<StefanMonov> is it any good, anyway?
<Statix138> the people in #ubuntu dontg seem to like me
<Statix138> so whats the buntu-buddies
<hggdh> Statix138, 'rm' bypasses the trashbin, pretty much as Windows' 'del'
<Statix138> alan cox told me it should do that
<hggdh> Additionally: this is the *server* channel, not the desktop one ;-)
<Statix138> Am I not cool enough for the server channel?
<hggdh> you are cool for any channel. It's just that the server normally does not run X
<Statix138> I dont run X
<Statix138> I kick it old school
<Statix138> I run Berlin
<Statix138> Its compatible with nothing hence its cool factor
<hggdh> also, no matter what alan cox may have said, 'rm' does *not* save files to the trashbin.
<Statix138> Well when does ubantu plan on fixing that?
<hggdh> Ubuntu, not Ubantu
<Statix138> I think Ubantu is better, who do I talk to about changing it
<twb> hggdh: there's a way to futz that
<twb> hggdh: IIRC it involved adding a .so to the LDPATH that changes the behaviour of unlink(2) or similar
<Statix138> Bash Aliases are the work of satan twb so leave that at the door
<hggdh> twb, the please tell Statix138 how to, if you do not mind
<Statix138> I heard .so files are viruses
<Statix138> so I deleted them all off my system
<twb> Statix138: plonk
<hggdh> Statix138, I am starting to consider you are trolling
<nick125> hggdh: ding ding ding, 50,000 points!
<hggdh> !ops Statix138
<ubottu> Sorry, I don't know anything about ops Statix138
<hggdh> ! ops
<ubottu> Help! Channel emergency! infinity, soren, lamont, mathiaz or tom
<hggdh> !ops
<twb> hggdh: I don't remember the details, because it was 1) obviously not perfect, e.g. statically linked binaries wouldn't see the oevrride; and 2) archive and backups are much better.
<Statix138> If you need a recycle bin on the cli maybe you shouldnt be there
<hggdh> twb, thatÅ my understanding. Anyway, the best place to discuss 'rm' is on the coreutils maillist
<twb> Heh, you have your IM turned on
<Statix138> I also have lsbiancheerldr but thats signed off
<twb> Or maybe one of those crazy continental keyboards, with dead keys...
<hggdh> oh, I use international, for French and Portuguese
<Statix138> A guy I work with came in here asking questions earlier and he said you were mean
<nick125> twb: I think making unlink drop stuff into a recycle bin is a bad idea...I mean, what happens when you try to drop /tmp files, etc? Sounds like a recipe for DISASTER.
<twb> nick125: I never said it was a good idea
<nick125> twb: :)
<Statix138> its a terrible idea
<hggdh> indeed, you just said there was a way to futz it
<Statix138> you could just alias rm to mv
<hggdh> Statix138, could you make up your mind? Just a few ago you wanted it
<Statix138> im not serious, a guy I work with was asking questions earlier and he said you were mean and just asked me to ask stupid questions
<hggdh> oy vey
<twb> It is, incidentally, the same technique used by strace
<hggdh> thanks Pici
<twb> Oh, and fakeroot
<Pici> !guidelines > Statix138
<ubottu> Statix138, please see my private message
<fef> hai guys, i hey gays, i have installed shh and it says to disable rootlogin, how do it do it, my ip is 44.285.125.62
<hggdh> this is the day, it seems :-( oy vey iz mir
<hggdh> Pici, can you please also blast fef? It is clear it's trolling
<hggdh> and I am out. Too much.
<ubantu_dude> Have a good night
<ubantu_dude> fef whats your root password and ill disable it for you
<fef> ubantu_dude: it is fef
<fef> pici do you hablo espanol
<Pici> fef: no, I do not.
<fef> so englace only
<ghostlines> hi all does anyone know if rtorrent can pre-allocate files?
<twb> ghostlines: you mean sparse files?
<twb> ghostlines: I believe it does that by default
<uvirtbot`> New bug: #411745 in mysql-dfsg-5.1 (universe) "Online help out of date, but update available" [Undecided,New] https://launchpad.net/bugs/411745
<dkulchenko>  How can I use iptables in such a way that any request to http://randomtext.com/ goes to 127.0.0.1:8089 (I would use /etc/hosts, but it does not support routing to a port).
<ghostlines> no not sparse files
<ghostlines> just allocating the disk space for each torrent so i don't run out of space while adding new torrents
<twb> ghostlines: actually rtorrent deliberately does the opposite, so that space is only consumed when you download it... that's sparseness.
<twb> ghostlines: so you actually want to DISABLE sparseness -- you could achieve this, I guess, by pointing rtorrent to a filesystem that doesn't implement sparseness, e.g. FAT32.
<ghostlines> hmmm that's not an option for me, would be nice if rtorrent had an option to enable or disable this though
<ghostlines> but thanks for explaining me how it works
<ghostlines> later dude, till next time
<twb> Well maybe it does -- you're expected to look for yourself...
<LiraNuna> is there some sort of an extension to bind9 to read info from MySQL database?
<LiraNuna> http://mysql-bind.sourceforge.net/ this is not enough since it still relies on the zone to be defined in a text file
<JanC> LiraNuna: if you want a DBMS-backed DNS server, maybe look at PowerDNS ?
<LiraNuna> JanC, I'm concerned since that is in universe
<jtimberman> PowerDNS is fantastic.
<LiraNuna> what about security patches?
<LiraNuna> it's not in security
<JanC> LiraNuna: it being in universe means that security has to be handled by the community
<LiraNuna> yeah...
<LiraNuna> anyone in here is using PowerDNS for production?
<jtimberman> LiraNuna: I supported it for a customer a year ago, but that was on RHEL.
<JanC> maybe Ubuntu needs some way to make more clear which packages are really supported by some part of the community and thus are safe to use...
<LiraNuna> it's not that I don't trust the 'community', hell - I'm a part of it; but I'm not sure of the implications.
<jtimberman> I'm considerably more confident in PowerDNS from universe than bind9 anywhere :)
<hggdh> what packages are supported, and by whom, is stated on every one of them.
<hggdh> if PowerDNS is still maintained upstream, there is a very good chance of a fast response
<jtimberman> http://packages.ubuntu.com/karmic/pdns-server or http://packages.ubuntu.com/jaunty/pdns-server
<LiraNuna> how will you describe the transition from bind9 (text) to PowerDNS (MySQL)?
<JanC> jtimberman: I 'm thinking about the community providing packages to go into the -security repository when there is an issue
<JanC> it would be nice if there was a list of applications that have somebody (using and) monitoring it, and thus being supported
<JanC> I mean, the cherokee packager is very active, but I can imagine nobody really looks at some less popular packages...
<hggdh> I am not sure I follow you. This package is maintained by MOTU, so it is monitored & supported. And we, as users, can also help to monitor for CVEs, etc
<LiraNuna> does that mean upstream debian contributed security patches are applied as well?
<hggdh> if the package is synced/merged from Debian, yes
<hggdh> which, BTW, seems to be the case with PowerDNS
<JanC> hggdh: users monitoring CVEs and allerting MOTU certainly helps
<LiraNuna> is there some magic voodoo script to convert bind zone files to sql queries?
<LiraNuna> if no, I'm sure I could write one using flex and bison
<JanC> LiraNuna: I guess searching the PowerDNS site should turn up something
<hggdh> JanC, yes indeed. Also, looking at the changelog, Debian seems active
<LiraNuna> thank you all for clarification, I guess I don't have much to worry then
<JanC> well, PowerDNS is probably popular enough that some of its users are MOTU now  ;)
<addisonj> anyone here know of a good guide to set up google mail with postfix?
<LiraNuna> addisonj, http://souptonuts.sourceforge.net/postfix_tutorial.html
<JanC> it still would be nice to have a list of packages with e.g. a community contact person
<LiraNuna> addisonj, or another one: http://bookmarks.honewatson.com/2008/04/20/postfix-gmail-smtp-relay/
<ScottK> One way to tell is if someone is subscribed as bug contact and they are an Ubuntu developer.
<JanC> what has google mail to do with postfix?
<LiraNuna> addisonj, or an even better one - http://www.marksanborn.net/linux/send-mail-postfix-through-gmails-smtp-on-a-ubuntu-lts-server/
<LiraNuna> JanC, SMTP relay through smtp.gmail.com
<JanC> oh, using gmail as a relay, yeah
 * JanC has his own realy  ;)
<JanC> relay
<LiraNuna> really
<addisonj> well... thank you
<addisonj> thats lots of info :P
<LiraNuna> addisonj, glad to help
<JanC> actually, my setup seems to be similar to Google's (submission port & TLS/SSL)
<twb> Well, that's what the submission port is for
<JanC> twb: yeah, and I wonder why most ISPs don't use that...  ;-)
<twb> My ISP does...
<twb> I suggest it's because most ISPs are run by jackasses
<ScottK> Also because submission is for submission across the Internet.  It's kind of overkill on the local network, which is where you are to the ISP.
<twb> ScottK: erm, not necessarily.
<twb> My ISP, at least, allows SMTP/SSL submissions from anywhere on the internet
<ScottK> Yes, for that they should use 587
<twb> So that when you are e.g. sitting in at a mate's place, you don't need to piss about in your local MTA's config
<ScottK> Exactly
<LiraNuna> what do you know - there *is* magic script to convert bind zones to SQL queries!
 * LiraNuna <3 OSS
<addisonj> you know what, i asked the wrong question, i should have said does anyone know how to get postfix to work with google apps? (they handle the mail for my domain) is it still the same process?
<addisonj> and only sending, now need to use fetchmail to recieve
<addisonj> ah working... just being picked up as spam...
<uvirtbot`> New bug: #411794 in mysql-dfsg-5.1 (universe) "package mysql-server-5.1 5.1.31-1ubuntu2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/411794
<qiyong> hi, where is the virtual user db file for vsftpd?
<LiraNuna> qiyong, not that I know of, I was doing extensive research about this and I ended up using proftpd + mysql database
<qiyong> LiraNuna: lol
<qiyong> LiraNuna: i've figured it out, it's set by pam.d
<LiraNuna> qiyong, even per-sub-user config?
<qiyong> LiraNuna: now you can move back to vsftpd
<qiyong> LiraNuna: no, it's another setting
<LiraNuna> no I can't - I give my clients the ability to create sub users
<LiraNuna> and it's all stored in a MySQL database
<qiyong> so proftpd has this builtin mysql supports ?
<qiyong> that's flexiable
<LiraNuna> it's not built in, it's in a separate package
<LiraNuna> but still
<LiraNuna> qiyong, http://www.howtoforge.com/virtual-hosting-with-proftpd-and-mysql-ubuntu-8.04
<PecisDarbs> hi people, how to turn off regular data checks for software raid volumes?
<RoyK> by using a checksumming filesystem?
<RoyK> although the only one existing for linux is btrfs, and that's not really stabilized
<PecisDarbs> RoyK: already found it, checkarray script
<froud> Hi, newbie to LVM here. I've setup and mounted a LV with ext3 and now I want to know how I can go about moving /home / usr and /var to this LV. Anyone available to assist?
<_ruben> nothing LVM specific about that .. just treat the LV as yet another (free) partition on your disk
<ichat> when i try to install ubuntu-server  on an  asus a7n   athlon xp 2500+    1gb ram  -    hdd  (60gb pata pri -master)    -    and    6x  200gb   ( pata secondairy master/slave  )    2x sata150 (sil 3xxx chip) ...  and a   promise fasttrack tx2  with 2x pata (not setup in raid) )
<froud> _ruben: so I can just do something like
<froud> $cd /home/
<froud> $find . -depth -print0 | cpio --null --sparse -pvd /mnt/newhome
<ichat> all seams to install - no errors, - but after reboot -   it seams to either have forgotten to actually install it, - or maybe it f*cked up  - grub
<_ruben> ichat: bootloaders combined with a ton of drives and multiple (s)ata controllers can be quite tricky
<_ruben> ichat: most likely your bios and ubuntu disagree on your what is your boot device
<_ruben> froud: something like that yeah
<ichat> is there a way to fix this?
<_ruben> ichat: sure, but it tends to involve a fair ammount of trial and error
<ichat> i quite manny time changed the hdd boot prio ... but that seemed not to work :S -
<_ruben> figure out which drive your bios is trying to boot from, then install grub on that disk .. that tends to be the easiest solution
<ichat> it seems that - my pri pata controller becomes scsi-3  as soon as  i eable sata
<ichat> would disable  my sata disk - help during install
<ichat> (but than i would need to enable them after installin .... and setup the raid - manually?
<_ruben> ichat: nope, since after reconnecting, the pata will become scsi3 again
<ichat> but than at least i know where grub is,
<ichat> or will grub than try to look on the wrong spot for the kernel again?
<ichat> it donts really make cleer if this error i see is presented by grub or by my bios
<uvirtbot`> New bug: #411890 in php5 (main) "karmic: configure fails with "cat: confdefs.h: No such file or directory"" [Undecided,New] https://launchpad.net/bugs/411890
<stefan____> hello
<ichat> hi stefan____
<ichat> i rechecked and it looks look a bios mobo error -   so i guess that it looks for lilo/grub in the wrong place.
<CopyWriter> hello everybody
<CopyWriter> how do i change the ip address in ubuntu server to static\
<CopyWriter> i use the scheme 192.168.0.1 for my router and 192.168.1.1 for my geteway
<CopyWriter> *gateway
<CopyWriter> when i installed the server it automatically got the network settings and configured it at 192.168.1.142
<PecisDarbs> CopyWriter: Ubuntu stores network interface settings in /etc/network/interfaces
<PecisDarbs> CopyWriter: see 'man interfaces' for how to configure your server
<PecisDarbs> network connection
<CopyWriter> thanks PecisDarbs
<PecisDarbs> np
<_ruben> < CopyWriter> i use the scheme 192.168.0.1 for my router and 192.168.1.1 for my geteway
<_ruben> that doesnt make much sense
<_ruben> router and gateway are pretty much the same thing
<twb> I'm trying to think where they AREN'T
<_ruben> twb: i did too for a moment, but gave up :)
<CopyWriter> wireless router uses 192.168.0.1 and my internet gateway or adsl model using 192.168.1.1
<CopyWriter> found it
<twb> CopyWriter: a modem is not a gateway
<CopyWriter> i'm a newbie to all of this, but it doesn't stop me from diving into ubuntu server :)
<twb> At least, not in conventional contexts
<CopyWriter> see i'm learning as i go along
<_ruben> why not use the same range for both devices?
<CopyWriter> hadn't thought about that
<twb> _ruben: I think in a factory default configuration, his ADSL modem will try to NAT and be a DHCP server
<CopyWriter> i did think about configuring the router to use the scheme 192.168.1.2
<twb> The modem will expect to be plugged into either a single PC, or a hub or switch
<CopyWriter> i got 3 routers, should i set them to 192.168.1.2 / .3 and .4
<CopyWriter> it covers three departments and about 68,000 square feet
<twb> CopyWriter: that depends on your network topology
<twb> CopyWriter: so tell us again how you got tapped for a three-department netadm/sysadm role, when you don't know a gateway from a modem? ;-)
<CopyWriter> all i know is that one is plugged into the modem and set to router and the other two are set to gateway using an ethernet cable
<CopyWriter> i'm the guy that actually owns the office, but i've been fighting the it-department who wants to migrate to using w2k servers again, they just don't work for me
<twb> CopyWriter: you say "routers".  what kind of unit are we talking here?
<CopyWriter> linksys w200
<CopyWriter> i've switched the offices in the treasury department to ubuntu desktop two weeks ago, there were no complaints
<CopyWriter> everything just works smoothly
<CopyWriter> so i'm thinking that ubuntu server will handle the network more efficiently
<twb> CopyWriter: you work for the government?
<CopyWriter> no, i'm a business owner / entrepreneur
<twb> Oh, you mean treasury within your company
<CopyWriter> few retail chains, commercial construction
<CopyWriter> auto garages
<CopyWriter> couple small businesses here and there
<CopyWriter> so i'm smart to know when windows can't deliver
<twb> I'm not having any luck looking for "linksys w200".
<CopyWriter> let me get you the exact model
<twb> Thanks
<CopyWriter> linksys wrv 200
<CopyWriter> sorry about that
<twb> No problem.
<CopyWriter> the way the guys got this thing set up is using 3 servers one windows 2000 and the other 2 2003
<CopyWriter> it's roughly 36 desktops
<CopyWriter> 75 laptops
<twb> So I'm assuming you've basically got one line to the internet, and NAT everything behind it to appear as one IP?
<CopyWriter> yes, it shares one internet connection
<CopyWriter> a 15 mpbs down 2 mbps up
<twb> The important issue is whether you appears as one IP (NAT) or have public IPs for each machine
<CopyWriter> yes everything appears as one ip
<twb> Good-o.
<CopyWriter> over the weekend i played around with installing ebox platform
<CopyWriter> but i'm going with the ubuntu lts 8.04 as recommended
<twb> Do you treat different departments differently, in network terms?
<twb> If not, there's no reason to use different networks for each
<CopyWriter> no everything is treated as an entire organization
<CopyWriter> the old servers use the domain south_carib.org
<twb> So essentially what you want to do, then, is have your routers behave as switches
<CopyWriter> if you say so, i'm here to follow your advice :)
<twb> Basically the difference is a router deals with more than one network
<twb> The only router is the machine doing the NATting
<twb> Which will be either your ADSL modem, one of your W200's, or a dedicated ubuntu box.
<twb> After that, everything is just doing switching on a single network, e.g. 192.168.0/24 or 192.168/16
<CopyWriter> man i'd love to have the ubuntu box doing the routing
<CopyWriter> that's what i want
<twb> If your modem is using PPPoA for authentication (to the ISP), then it's doing the routing.
<CopyWriter> no it's not using PPPoA
<twb> What I would normally do is have the ADSL modem to PPPoE, then have it's ethernet cable going into an Ubuntu box with two NICs.
<twb> If the linksys router is a powerful/flexible one and you prefer configuring it to configuring networking on an Ubuntu box, you could use that as the router instead.
<twb> That's what the big players will do, because they buy powerful, expensive Cisco kit and a guy who knows IOS to drive it.
<twb> But if you're dealing with an crappy inflexible 4-port router, a dedicated Ubuntu box will be MUCH better
<ichat> twb: - most routers let you do some kind of static dhcp, - witch i use most of the time.. problem with that is, that you'd have to need 2 switches   (the first being your modem router and the seccond being your lan switch
<ichat> (if you want youer server to also be a firewall that is)
<twb> ichat: you can do fixed (static) DHCP allocation on an Ubuntu box, too
<twb> What I'm advocating is basically putting the Ubuntu server in charge of everything, and making the other networking gear as "dumb" as possible
<ichat> twb true but not all ' cheap' routers have a function to disbale dhcp alltogheter
<CopyWriter> there's the option to disable dhcp on the routers
<twb> ichat: he's using CAD80 routers, so I expect them to support that much
<CopyWriter> i changed the entire office over to wireless a few months ago, would that be a problem
<twb> So the Ubuntu box will sit between the ADSL modem and the router(s)/switch(es), and be in charge of PPPoE, DHCP and firewalling
<CopyWriter> everything is wireless
<twb> CopyWriter: no, because you just instruct the routers to bridge the wireless part onto the ethernet part
<twb> CopyWriter: the Ubuntu server will just see, at the IP level, DHCPREQUESTs originating from ethernet MACs.
<CopyWriter> aahhh, don't know how to do that but it seems easy
<twb> CopyWriter: however if you want to supplement/replace WPA2 with ipsec, you will need to teach your ubuntu box or routers to be endpoints for that.
<twb> I don't really understand the implications of making the routers the ipsec endpoints... probably that would be a pain in the arse.
<CopyWriter> and what if i migrate all the desktops to ubuntu and laptops would it be easier
<CopyWriter> i want to really eliminate windows entirely
<twb> The the IP level, windows boxes are basically identical to BSD boxes
<CopyWriter> ah
<twb> Where you will win on dropping Windows support is simpler centralized authentication and filesharing services
<twb> Of course, you could also simplify by having Windows on ALL the desktops.
<twb> You should use whatever's the best tool for the job -- which may not be Ubuntu
<CopyWriter> i'm having too much downtime with virus infections etc
<CopyWriter> using windows boxes
<CopyWriter> staff aren't following policies
<CopyWriter> basically someone sneezes and boom the computers are infected :)
<twb> Ah, well.  That will happen.
<CopyWriter> lol,
<CopyWriter> it's been happening for the last 2 years
<CopyWriter> and right now i've spent more than 60k since november to now trying to make it work
<CopyWriter> so i'm not going with the recommendation to "migrate" to windows 2008
<CopyWriter> well not after all the things i've been reading about open source software
<CopyWriter> and the power of linux
<twb> CopyWriter: if you go with linux and fuck up, you'll be just as bankrupt.
<twb> I would definitely recommend that you find some local contractors you can tap for the hard parts, since you have a day job to do as well as all the IT crap
<roxy_> hi there...im having a serious problem, i restart my server and i can not see now the lvm i got the error   /dev/mapper/Error|lvm2|internal|pv1: read failed after 0 of 4096 at 0: Input/o                   utput error
<roxy_> the raid proc/mstab shows ok
<CopyWriter> i hear you
<roxy_> my question can i recover it or i lost all the information ?
<CopyWriter> still doesn't stop me from trying tho
<CopyWriter> :)
<twb> roxy_: you mean /proc/mdstat?
<CopyWriter> creative kinda guy that i am
<roxy_> yes
<roxy_> if i lost all the information i will die
<twb> roxy_: I dunno what happened there
<roxy_> i can not mount the original driver that was setted
<twb> roxy_: how far through boot do you get?
<twb> roxy_: are you sitting in the ramdisk at the moment?
<roxy_> i mean just mount some disk as root and others but not all
<roxy_> where i have the most of the information
<roxy_> i got this error  Physical Volume /dev/dm-16 is too large for underlying device
<twb> Oh dear.
<twb> Perhaps you have somehow told LVM to use more disk than you actually have?
<roxy_> i am using evms
<roxy_> do you know?
<twb> Sorry, I'm not familiar with that
<uvirtbot`> New bug: #411943 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 None [modified: /var/lib/dpkg/info/mysql-server-5.0.list] failed to install/upgrade: subprocess pre-installation script returned error exit status 255" [Undecided,New] https://launchpad.net/bugs/411943
<macrocosm144> is there anyway to test why mail might not be sent from cli?  Im running 8.10 with php5 and Exim4 ... some of my drupal sites are sending mail and logs to the exim log while others are not .. .and with no errors.  Someone suggested it may be cli php so I ran a php script from the command line and it did send a mail ... Im trying all chanells cause im totally stumped! anyone have any ideas?
<Reepicheep> I would look at the drupal site configurations.. I've never used drupal but I imagine there is email settings somewhere
<Reepicheep> you usually either set it to use a local binary like /usr/bin/sendmail or set it to use a SMTP server
<Reepicheep> compare the sites that work to the sites that don't work
<Reepicheep> also make sure the sending email address exists
<Reepicheep> it sounds like exim is working .. if it works sometimes.. you can test exim's routing of email with:
<macrocosm144> yeah .. the thing is all settings look proper .. im going to try some debuggin bits someone just gave me .. I forgot about the devel module .. its good for just these situations
<Reepicheep> exim -bt username@domain.name
<macrocosm144> hmm -bt not seen that one before
<Reepicheep> there are a lot of exim tests you can do.. -bt is just the standard routing test
<macrocosm144> lol .. just getting started with it .. ive only tested sending mails and a few other bits ... took me a while to settle on exim but I am liking its simplicity.  I only use a smarthost though so its mostly neutered
<Reepicheep> I'm a big fan of exim
<macrocosm144> what should I be expecting from the result of your code above?
<macrocosm144> yeah its a lot simpler than postfix .. and surely more secure than sendmail
<Reepicheep> the -bt test just will show you if exim is able to route to that email address and where it would send it
<Reepicheep> when I setup web apps I like to use an SMTP server when ever possible .. it just seems to simplify it.  Your SMTP server can always be localhost
<macrocosm144> well im getting a undeliverable: Unrouteable address even though I know the address is good
<macrocosm144> hmmm and I used my main address for the server ...  I wonder if this may be related?
<Reepicheep> try adding a -D for debugging
<Reepicheep> sorry it's -d
<Reepicheep> so the command will look like:
<Reepicheep> exim -d -bt user@domain.name
<macrocosm144> wow thats a lot of output!
<macrocosm144> whats the command to condense it again?
<macrocosm144> I can never remember
<Reepicheep> maybe pipe it to less
<Reepicheep> command | less
<macrocosm144> cool .. im going to read into this thing a bit and see If I can find something awry
<macrocosm144> thanks a million for being the voice in the dark!
<Reepicheep> it should match some router somewhere.. then it will get passed to that routers transport for delivery
<Reepicheep> and since you said that you have a smarthost.. the smart host router probably should be the one that it matches
<ivoks> soren: croatia
<soren> ivoks: Nice.
<ivoks> soren: i'll upload couple of pics on facebook later, so you can check it out
<macrocosm144> hmm ... the email im testing is a local domain .. is that a prob?
<smoser> soren, or anyone, where is 'standard^' defined ?
<smoser> as in 'apt-get install "standard^"'
<soren> It installs the task called "standard".
<soren> grep-available -F Task -s Package standard
<soren> Those packages.
<soren> They're defined by seeds. Has anyone mentioned seeds to you before?
<soren> https://launchpad.net/ubuntu-seeds
<macrocosm144> Reepicheep- it seems all of routers were skipped, at least thats what it looks like in the output here
<macrocosm144> so maybe this is an exim thing afterall ... hmmm this is going to take some more digging
<Reepicheep> macrocosm144: there usually is a router called "dnslookup" that catches all outgoing messages.. does that one match? or one like it that is used for the smarthost
<macrocosm144> the only smarthost router I see is --------> hub_user_smarthost router
<nick125> Hmm. Can I add an IP alias to a bridge?
<macrocosm144> and I dont see a dnslookup
<macrocosm144> never mind that
<macrocosm144> smarthost router skipped: domains mismatch
<macrocosm144> there is another smarthost router
<Reepicheep> there should be a rule to match all none local domains
<Reepicheep> domains = ! +local_domains
<Reepicheep> or something like that
<Reepicheep> nick125: just give it the ip address in the interface file.. just as you would any other interface
<macrocosm144> well it is a localdomain I am testing... does that still apply?
<macrocosm144> its my fqdn too
<Reepicheep> nick125: on an alias not an address.. do you mean renaming it or a secondary interface?
<nick125> Reepicheep: Right now, I have two IPs on eth0/eth0:0, but I want to use a bridge for OpenVPN.
<Reepicheep> macrocosm144: there should be a different router for local domains
<macrocosm144>  real_local router ?
<Reepicheep> usually called localuser
<Reepicheep> it should be one of the last routers
<macrocosm144> local_user router skipped: josh is not a local user
<macrocosm144> yeah its there but skipped
<Reepicheep> does the josh user exist on the system? or does it pull usernames from a directory or database?
<Reepicheep> nick125: what is your bridge interface? br0?
<macrocosm144> well .. this may be the problem .. its an email address on my fqdn but I use google apps for all mail handling but local outgoing
<Reepicheep> macrocosm144: so is your mail stored locally or on google apps?
<macrocosm144> on google apps
<Reepicheep> ok.. you probably should set up a special router for that domain .. and set it's transport to send it to the google servers
<Reepicheep> the router will have a rule to match that domain: domain = domain.name
<Reepicheep> or even a list of domain names if you have multiple domains
<macrocosm144> hmm and that would fix outgoing email from internal applications in my webserver?
<Reepicheep> if it is using the localhost to send mail and the destination is to an account at that domain.. that is probably what you need to do
<macrocosm144> well the destinations will vary wildly since apps will be sending out to many different places.
<Reepicheep> exim -bt email@address needs to show that it is routing the message to the correct user before that server or apps using that server will be able to send messages to users at that domain
<macrocosm144> ok so it doesnt matter what the end recievers email address is only the one thats responsible for routing mail away from the server?
<Reepicheep> well exim actually cares about both.. depending on how it is configured
<Reepicheep> it always needs to know where to route the destination address
<macrocosm144> I set it up pretty standard with a tutorial for using it as a smarthost only
<Reepicheep> it may need to verify the sending address if it is configured to do so for the senders domain
<macrocosm144> so u think I may be failing verification of the senders address?
<Reepicheep> no.. I think you current issues in the server doesn't match a router for the destination address.. that needs to work before it even thinks about verifying the sender address
<macrocosm144> hhhhmmm .. that makes sense ... since my contact forms work .. they have a unique email address used for the sender.  But my internal scripts are using my main address which is failing these routers
<Reepicheep> it will let you know in the logs if sender verification fails.. at least I believe it does with the default exim config
<macrocosm144> been tailing the exim4 mainlog
<macrocosm144> did get a
<macrocosm144> 2009-08-11 08:10:04 1MaqB2-0005ga-Ej ** josh@myserver.com: Unrouteable address
<Reepicheep> yeah.. I think you need to get routing working first within exim
<macrocosm144> but its not repeated again in my other testing
<macrocosm144> I could have sworn that I did set up a router like you mentioned
<Reepicheep> when you change the exim.conf file did you start with the default then make a few minor changes to it or did you replace it with a different exim.conf file?
<macrocosm144> and its why some mail is working ... runing tests do send mail
<macrocosm144> I dont remember .. let me take a look at it real quick
<Reepicheep> try exim -bt user@domain.name to different email addresses maybe some of them are routing and some others are not depending on the domains
<Maleko> hmm how do find the fastest repo
<Maleko> hmm how do you find the fastest repo
<macrocosm144> using an ousite email works .. I tried my @gmail address
<macrocosm144> where is that conf file? lol
<macrocosm144> and other local domains work too
<macrocosm144> just not the address which is also my fqdn
<macrocosm144> doesnt work
<Reepicheep> you probably need to setup a router that matches that domain.. and comment out the local delivery router
<Reepicheep> the issue is that exim thinks that domain is local .. so it checks for a local user and mailbox to deliver the message into
<macrocosm144> That makes perfect sense
<macrocosm144> ahhh ... thank you so much for your insite!
<macrocosm144> insight
<macrocosm144> lol
<macrocosm144> Ok ... comment out the local delivery router.  And create a router that matches the domain .. im not sure how but im sure the man fille might have something on setting that up.
<macrocosm144> I cant find the conf file though ... I think maybe it was split up there are ton of folders in there but no conf file
<macrocosm144> yeah .. thats got to be it ... its split up ... /etc/exim4/conf.d/ is the right dir ?
<Reepicheep> it's usually /etc/exim/exim.conf
<Reepicheep> and exim.org has very detailed documentation.  It would take weeks to get through all of it ;)
<macrocosm144> hmm ..dont have that .. just /etc/exim4/exim4.conf.template
<macrocosm144> no exim4.conf
<Reepicheep> macrocosm144: what release of ubuntu are you running? and what version of exim?
<macrocosm144> 8.10 server
<macrocosm144> and I think the latest exim
<macrocosm144> just installed it a few weeks ago
<macrocosm144> installed with apt-get
<Reepicheep> hmm.. the only ubuntu box that I have exim on is a 9.04 and /etc/exim is linked to /etc/exim4 and /etc/exim4/exim4.conf is linked to /etc/exim4/exim.conf
<Reepicheep> so the main file should be /etc/exim4/exim4.conf
<Reepicheep> if the config is distributed to other files you should see some .include lines in the exim4.conf file
<macrocosm144> ok I think I have the exim4.conf.template file ... and then the actual conf is split into smaller files in the etc/exim4/conf.d sub dir
<orogor> hi here
<orogor> i gota weirdo issue
<orogor> when i login into gnome i lose my network and have to reconfigure the interfaces
<metalfan__> hi
<metalfan__> got an older epia m1200, it doesnt support pae.  can i just compile a kernel without pae on another system and still use ubuntu?
<_ruben> install the -386 kernel
<metalfan__> thx
<metalfan__> the weird thing is that the installation worked, its booting. but it tends to crash often
<_ruben> metalfan__: sounds familiar .. older versions of ubuntu even refused to boot on epia boards .. recent ones work but are highly unstable
<metalfan__> ok thx
<_ruben> installing the -386 kernel worked for both cases for me :)
<metalfan__> its just intended as a backup i case the openwrt upgrade breaks the router
<_ruben> which i could find a decently spec'ed, affordable, openwrt'able device :p
<_ruben> s/which/wish/
<metalfan__> its all overpriced
<_ruben> yeah
<metalfan__> Buffalo WHR-G54S 125        <- got this one, cant find the current price
<metalfan__> maybe its outdated already
<metalfan__> its currently running kamikaze, the upgrade should get me a 2.6 kernel with ifb
<_ruben> then again, my current modem/router is tweakable too .. but the little info that's avail is mostly german .. (fritzbox 7270)
<_ruben> updated my wrt54g to 2.6 kernel the other day as well .. left me with useless wifi .. so its currently a paperweight :)
<metalfan__> yeah, openwrt is "experimental"
<metalfan__> also the documentation needs a rewrite
<ichat> _ruben:  -  BRCM chip ? ;)
<_ruben> ichat: could very well be .. dont recall :)
<ichat> its why im still running the  openwrt 2.4 kernel ;)
<_ruben> i just hope freetz (modded fritzbox firmware) will mature soon
<ichat> a modded firmware for the fritzbox -- :O
<ichat> i hope will still support the telephone (pbx) stuf...
<ichat> btw im going to disable my 2 sata drives... and check if  that will help solve the  bootloader prob for me
<ichat> (after all -  better to have just 4 drives workin than none at all)
<metalfan__> ichat, https://forum.openwrt.org/viewtopic.php?pid=86418        iirc this one uses the brcm chip to, its supposed to work
<ScottK> mathiaz: It might be good is a serverish MOTU could look at Bug #298085.  From reading the bug it seems easy enough.  I just don't have time to consider it.
<uvirtbot`> Launchpad bug 298085 in courier "maildrop is compiled without authlib extension !" [Undecided,New] https://launchpad.net/bugs/298085
<ichat> really hope it will boot in the end - im frickin sick of the .....   ..... .....
<ichat> WHOOOOOOOTTT !!!!!!
<ichat> so next deel is setting up samba the right way :S :S :S o oowwhhh :$
<XiXaQ> I'm having a few problems when I clone an ubuntu server kvm instance. I don't get any eth interfaces in the clone. I seem to remember that this has something to do with the uuid of the new machine, or something, but I don't remember how to fix it. :)
<XiXaQ> anyone?
<erimar77> you need to change the mac addresses in the server xml file
<sommer> XiXaQ: also if the original was eth0 the clone may be eth1... as an example.
<maswan> Oh, so much fun installing remotely on a server with just netboot working and a "too new" nic...
 * jmedina remember gentoo remote instalations
<maswan> oh, well, tomorrow will be for remembering how to add extra modules to an initrd or something...
<metalfan__> just booted from the ubuntu-server cd and choosed "rescue a broken system" - after some kernel messages fly by im presented with a "out of range" error from my monitor?
<metalfan__> how do i get a bash shell?
<jmedina> change to a TTY
<metalfan__> trid alt+1 ...2,3,4
<metalfan__> nothing
<jmedina> out of range, that sounds like a graphical mode
<metalfan__> alt+f1 i meant
<metalfan__> jmedina, yes...that was my understanding too
<jmedina> probably you have a kenel param to disable hardware probing or disable X?
<jmedina> what ubuntu server?
<Bookman> Hi there, is webmin not in the repos?  And if not, is there an equivalent?
 * jmedina always use systemrescuecd...
<jmedina> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<metalfan__> jmedina, 9.04
<Bookman> jmedina: Thanks
<metalfan__> jmedina, iirc there was some way to add kerel params.....what kernel params am i looking for to disable xorg?
<jmedina> metalfan__: not sure, never used 9.04 rescue cd
<jmedina> metalfan__: mm did you try ctrl+alt+F1?? because now you are in x mode
<metalfan__> yes
<_ruben> the -server cd doesnt do X, not even in rescue mode
<_ruben> framebuffer terminal is as graphical as it gets
<_ruben> which one should be able to override using the vga= kernel param
<metalfan__> jmedina, apparantly the framebuffer resolution was not supported by the onboard hardware. vga=771 helpeg
<metalfan__> thx
<metalfan__> since i only want to reinstall grub i choosed "...repeat a step from the installer.." (dont know the exact description, system is in the basement) now its detecting its discs....lets see how well that goes
<metalfan__> will report back later
<j0nr> I have just renewed my ssl certificate for dovecot mail server... when trying to connect from remote location using IMAP, I get the message that the certificate is not valid YET... what do I need to do to make it valid and allow me to stoe it permenantly for mutt
<orogor> hi here ,anyone would know why when i login into gnome i lose my network and have to reconfigure the interfaces ?
<ScottK> orogor: Consult /topic
<orogor> ScottK, i dont get which one you want me to read
<jtimberman> orogor: i imagine because 'gnome' is not considered a server software package.
<orogor> it could very depends on what you do for exemple terminal server stuff, but  admit this isn t used as a terminals erver thingy
<sgrover_> help?  *buntu 9.04 with Apache2, php5, etc.  Trying to establish a PDO connection to an MS SQL server.  Getting "The mssql driver is not currently installed".  I installed php5-sybase and restarted, no difference.
<sgrover_> Google hits seem rather outdated, or suggest what I've already done....
<ScottK> orogor: jtimberman had it right.  Gnome stuff is off topic here.
<jtimberman> ScottK: oh hello!  I am working with btm on getting chef and its dependencies into Karmic. he mentioned your name the other day when he and i were chatting.
<sgrover_> bump?  Any tips on setting up MSSql access via PHP5 on a 9.04 box?  php5-sybase is NOT working (via PDO).
<sgrover_> k.  It seems that PDO *can* access the mssql server IF the "pdoType" is set to "dblib"...
#ubuntu-server 2009-08-12
<xgpt> hello, what is better, adduser or useradd?
<roxy_> hi there, I am having problems with my PV, when i do pvsan i got Physical Volume /dev/dm-16 is too large for underlying device
<roxy_> and pv1: read failed after 0 of 4096 at 0: Input/output error ...please help...
<roxy_> how i can check if i have bad blocks in my raid array? I mean some physical problem?
<xgpt> anyone?
<pmatulis> xgpt: adduser is a frontend to useradd.  it is meant to do the most common (simple) stuff
<pmatulis> xgpt: same for addgroup and groupadd
<xgpt> thanks pmatulis
<axisys> i am keep getting this every 10 mins
<axisys> Aug 11 19:17:16 sys-ubuntu mpt-statusd: detected non-optimal RAID status
<axisys> mpt-status query however shows all good http://pastebin.com/f602c051e
<axisys> mpt-status bug ?
<axisys> this is a x4100 with lsi raid controller
<axisys> 02:03.0 SCSI storage controller: LSI Logic / Symbios Logic SAS1064 PCI-X Fusion-MPT SAS (rev 02)
<friartuck> howto...blah awk'{ if (!$4) print "missing" }'  ? like [ -z $4 ] ??
<twb> A field can't be "missing" unless the line has fewer fields
<twb> Try #awk.
<friartuck> twb thx...didn't know there was #awk
<psi-jack> Well now. Is there like no simple setup method for setting up ip masquerading in Ubuntu?
<twb> psi-jack: there used to be an "ipmasq" package
<twb> But it was removed due to being really old, unmaintained, flaky and shit
<twb> IP masquerading is only a couple of iptables rules, #netfilter should be able to help you with the details.
<twb> If you're using ufw, you probably want to hook it into that.
<psi-jack> ufw?
<twb> !ufw
<ubottu> Ubuntu, like any other linux  distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command (see https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw), or 'iptables' (https://help.ubuntu.com/community/IptablesHowTo). GUI applications such as Firestarter/Gufw (Gnome) or Guarddog (KDE) also exist
<psi-jack> Pardon but mostly I've gotten used to opensuse having yast. :)
<psi-jack> https://help.ubuntu.com/community/Internet/ConnectionSharing#Ubuntu%20Internet%20Gateway%20Method%20(iptables)
<psi-jack> This is one I'd also seen
<psi-jack> Does ubuntu autosave the iptables rules, or is there an init script for it to do so, like most other distributions have?
<psi-jack> I'm guessing..... No.
<ScottK> No.
<ScottK> psi-jack: Using ufw is the most supported way to do it.
<psi-jack> Hmm
<psi-jack> Okay, so firestarter is... Proving to be difficult.
<twb> psi-jack: ufw is the recommended firewall wrapper, not firestarter
<psi-jack> Dude. ufw sucks.
<twb> File a bug report, then.
<psi-jack> There's no bug to report, it just plain sucks. It's stupid, really. Supposed to make iptables "easier", when all it does is make it more annoying.
<gnuyoga> psi-jack: have u tried shorewall ?
<psi-jack> No, I hadn't actually.
<psi-jack> Not recently anyway.
<gnuyoga> psi-jack: i would recommend it. it quiet decent. all in few configuration file and easy to validate before applying
<gnuyoga> psi-jack: tom, who is the founder of the project still contributes a lot and he does a good jo
<psi-jack> Yeah. I just gotta clear out what firewall had put in. bleh
<dvs> hello
<psi-jack> Yeaah.. Bleh.
<psi-jack__> Heh
<psi-jack__> I just cannot believe Ubuntu is like the only distribution, save for maybe Debian, that doesn't have any means to simply just setup persistant firewall rules.
<psi-jack__> !ufw
<ubottu> Ubuntu, like any other linux  distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command (see https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw), or 'iptables' (https://help.ubuntu.com/community/IptablesHowTo). GUI applications such as Firestarter/Gufw (Gnome) or Guarddog (KDE) also exist
<_ruben> psi-jack__: didnt ubottu just prove you wrong on that statement, or is that just me?
<_ruben> (havent read scrollback)
<psi-jack__> ufw does exist, yes, but it's.. Kinda .. Lamish. heh
<_ruben> if its not good enough for you, create your own alternative .. nobody forces you to do so
<_ruben> i'd *hate* for my distro to autosave any rules on reboot
<psi-jack__> Well, right off the bat, it makes all these rules that has nothing to do with anything I intended.
<_ruben> for example? (i never used ufw myself)
<psi-jack__> http://pastebin.com/m26d28f02
<psi-jack__> That's a LOT of stuff to put into a firewall, out-of-the-box, minus the NAT stuff I put in which was just a couple lines.
<_ruben> but those rules dont do any harm, and make adding your own customization rather easy
<_ruben> input policy of drop and forward policy of accept looks odd to me tho
<_ruben> but like i said, if you dont like it, dont use it
<_ruben> putting iptables-save > /etc/firewall.conf / iptables-restore < /etc/firewall.conf in a shutdown/boot script isn't really that hard .. all depends on what you need really
<_ruben> there's no single/simple best for anything
<psi-jack__> Heh. I dunno.. Gentoo's method, iptables init script, save and restore your own rules, simple.
<psi-jack__> OpenSUSE's method, yast networking and firewall settings.
<twb> _ruben: this is essentially what ufw does, except that it breaks it up into a handful of files
<_ruben> twb: it's essentially what *any* firewall frontend does :p
<_ruben> they just differ in the details :)
<twb> _ruben: no, lots of them will call iptables -A on individual rules, which is wrong.
<psi-jack__> Hmmm.. nice..
<psi-jack__> wondershaper doesn't even have an init script for it.
<twb> psi-jack__: it probably uses /etc/network/if-up.d/, which it should
<psi-jack__> No, no, actually, it doesn't. It doesn't provide anything at all for init, period.
<psi-jack__> Great, and firestarter AND guarddog both, after removal, left trash in my init.d and ifup.d
<twb> psi-jack__: report bugs
<twb> psi-jack__: but probably it's because you uninstalled the package, rather than purging it.  Only the latter removes config files.
<psi-jack__> Yeah, I did apt-remove. I don't see init and ifup/down scripts to be config files, however.
<psi-jack__> What's ubuntu's method of managing init.d scripts execution?
<twb> All files in /etc are defined to be config files.
<twb> wondershaper's README.Debian, in /usr/share/doc/wondershaper/, explains how to deploy it.
<psi-jack__> So, everything in /etc/init.d are config files? Even though they're executable scripts? :)
<twb> psi-jack__: yes.
<psi-jack__> That's a negative.
<psi-jack__> Anyway though, what command defines init scripts?
<ScottK> From a policy perspective everything in /etc is considered config.
<twb> The SysV init style is used by default, per the sysvinit-compat package.  That is, symlinks from /etc/rc?.d/???foo to /etc/init.d/foo.
<psi-jack__> What I'm looking for is the command to set what should run at what runlevel, that handles delinking and linking the rc.d trees.
<psi-jack__> I know Ubuntu has one.
<twb> rcconf is a simple interface.
<psi-jack__> update-rc.d was what I was looking for.
<twb> For more control, I believe you are expected to manually move or delete symlinks.  You can also use update-rc.d, which is actually intended for package maintainers.
<qiyong> is pam.d a linux thing or unix thing?
<Boohbah> qiyong: pluggable authentication modules run on most modern UNIX systems
<qiyong> Boohbah: what was it desgined for originally?
<Boohbah> PAM was first proposed by Sun Microsystems in an Open Software Foundation Request for Comments (RFC) 86.0 dated October 1995.
<Boohbah> http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules
<Boohbah> qiyong: so i'm guessing Solaris
<Boohbah> As a stand-alone infrastructure, PAM first appeared from an open-source, Linux-PAM, development in Red Hat Linux 3.0.4 in August 1996.
<qiyong> user logins are always though pam
<rosa> hi there...I am using evms and my pv is corrupt, i am usind a array of 3 disk in raid 1 and proc/mdstat shows me it is ok, it is possible to recover my information?
<qiyong> Boohbah: is it? ^^
<soren> rosa: If the PV is corrupt, and the raid1 is consistent, it sounds like you're in trouble.
<soren> rosa: I'm assuming the PV is what is mirrored across those three disks?
<soren> rosa: I'm curious: Why three disks in a RAID 1?
<rosa> i dont know as well, i take the server like that
<rosa> maybe is raid 10? but when i do cat proc/mdstat say raid 1
<rosa> yes, it is
<rosa> i really have this 3 disk in raid 1 and one other more (normal) in the pv and now is corrupt
<rosa> i dont know if is possible to recover the information just in the raid 1 (3 disks)
<Boohbah> qiyong: on most linux systems, by default, yes
<Boohbah> qiyong: are you having any trouble with PAM authentication?
<rosa> what i can do if the pv is corrupt?
<j0nr> morning all
<j0nr> My mail server seems to have stopped recieving mail...
<Boohbah> j0nr: why?
<j0nr> Hmm maybe not me...I don't know.
<j0nr> my incoming mail gets forwarded to another server which is runnign spamassassin... I think that is having problems...as emails are no longer being marked as spam
<j0nr> i can ping the server if that means anything
<mattt> j0nr: maybe the spamassassin service crashed?
<rosa> I am using evms and my pv is corrupt, i am usind a array of 3 disk in raid 1 and proc/mdstat shows me it is ok, it is possible to recover my information?
<j0nr> mattt: aye I am awaiting to find out
<mattt> j0nr: is the server down or something?
<j0nr> mattt: seems to be back now
<mattt> j0nr: *rejoice* :)
<rosa> hi..im trying to mount one disk and i got wrong fs type, bad option, bad superblock on /dev/sdf2, somebody know how i can resolve it?
<soren> rosa: What's on the partition?
<rosa> what do you mean?
<rosa> there are 2 partition
<soren> I mean, what's on /dev/sdf2? What kind of filesystem are you expecting?
<rosa> the first one is boot type
<rosa> xfs
<Boohbah> mount -t xfs /dev/sdf2 /mnt/sdf2
<rosa> but i did mount -t xfs ... and still i got the error
<rosa> yes i did
<Boohbah> fsck.xfs /mnt/sdf2 ?
<Boohbah> oooh, don't fsck a mounted fs :)
<Boohbah> s/mnt/dev
<rosa> is not mounted yest
<rosa> yet
<rosa> i cant mounted
<rosa> when i try to xfs_repair i got attempting to find secondary superblock...
<Daviey> nijaba: Are you around?
<nijaba> Daviey: I am
<Daviey> nijaba: Do you dabble with translations?
<Daviey> If so, would you mind doing a couple of ubuntu-server-tips, I want to test it :)
<nijaba> Daviey: I could translate them to french if that is the question
<Daviey> yeah :)
<nijaba> Daviey: should I do that from your bzr branch?
<Daviey> nijaba: I imagine that your French is stronger than mine. :)
<Daviey> https://translations.edge.launchpad.net/ubuntu-server-tips
<Boohbah> Pour vous connecter Ã  votre VPS en utilisant FTP, vous devez d'abord installer un serveur FTP.
<Boohbah> tech support via google translate :)
<nijaba> Daviey: I do not know where you are from, but as I am frnech, it should not be too hard :P
<Daviey> England.. And sadly we are known for not being the best speakers of foreign languages.. We tend to shout English, until the foreign speaker understands.
<Daviey> :(
<Daviey> nijaba: I have imported a template into rosetta, so should be possible to do it all via launchpad translate
<nijaba> Daviey: we'll, according to the "I love lucy" episode I saw when she is visiting paris, only americans believe that people wil understand you better by speaking louder :D
<nijaba> Daviey: just done a couple to get you started.  Will continue a bit later when time permits
<Daviey> :).. that is great.. it's more an experiment to test at this stage..
<Daviey> LP should auto commit translation changes daily to the bzr branch, and as fortune has no notion of native language support.. i need a wrapper script to retrive the correct one.
<Daviey> I assume "update-motd" runs as a root cronjob.. and on a Ubuntu server the root enviroment $LANG is set to fr.UTF-8 ?
<soren> Daviey: cron runs with the locale set in /etc/default/locale
<soren> IIRC.
<Daviey> that would make sense... saying that, isn't cron santised to not have any set enviroment variables.. or does it source /etc/default/locale ?
 * Daviey checks
<Daviey> yup.. $LANG is null in cron.
<Daviey> no worries.
<RoyK> hrmf
<RoyK> some people on the server ml obviously think that since we can have four cheap gigs of memory in a box nowadays, swap is not needed
<RoyK> "640k should be enough for everyone"
<Daviey> RoyK: Long term, i'm not satisfied we need a dedicated swap partition, but an elastic swap file.
<Boohbah> RoyK: obviously these people are not familiar with virtualization
<RoyK> what's the problem? with terabyte drives, why not set aside a few gigs of swap?
<RoyK> Boohbah: yeah, or even modern memory management
<Boohbah> right, the disk cache
<RoyK> vm.swappiness = 100
<RoyK> earlier swapping, more caching
<RoyK> get the junk not referenced onto the disk
<rosa> Hi I am having problme with the superblock is corruct, how i can recover my HD?
<thebloggu> hello
<thebloggu> i cant boot the ubuntu server 9.04 cd into my computer, it stucks int "boot:"
<thebloggu> what can i do?
<th0mz> can you give option to grub ?
<th0mz> (acpi etc..)
<th0mz> Load default in bios
<th0mz> etc etc
<thebloggu> th0mz, no.
<thebloggu> and what do you mean default in bios?
<th0mz> Most of the time you can load default value in Bios
<th0mz> (to be sure nothing stuck booting)
<RoyK> do you get the "press escape to see menu" prompt before it starts booting?
<thebloggu> RoyK, no
<RoyK> how did you partition you disks?
<RoyK> oh
<RoyK> the cd won't boot?
<thebloggu> yes
<th0mz> any usb thing connected ?
<RoyK> if so, burn a new one
<th0mz> good idea
<th0mz> (test it on an other serv)
<RoyK> nah - just burn a new one on low speed
<th0mz> is it a dvd ?
<thebloggu> no, cd
<RoyK> thebloggu: burn a new one on low speed and try again - that is usually the problem
<RoyK> i mean, that usually solves the problem
<thebloggu> RoyK, th0mz ok, thanks, i'll do that
<RoyK> "To speak before thinking is like wiping your ass before taking a shit"
<RoyK> no, to think before speaking, that was
<RoyK> old swedish saying :Ã¾
<Blinkiz> Hi there. I have three network cards in my server (eth0, eth1, eth2). I have a network cable attached to one of the network cards. How can I find out if its eth0, eth1, eth2? Am looking for some tool to show if link is up or not..
<soren> ethtool
<Blinkiz> soren, thanks
<Blinkiz> soren, Oh, not installed. And no internet connection to that machine. Any other solution?
<soren> mii-tool?
<soren> mii-diag?
<RoyK> dmesg| grep eth
<Blinkiz> soren, mii-tool. Nice. There it was. eth2 was the connected one :)
<soren> Ah, /sys also exposes it nowadays, apparantly.
<RoyK> soren: where in /sys?
<soren> Blinkiz: You could have done this: grep . /sys/class/net/carrier
<RoyK> anyway, mii-tool was nice
<RoyK> didn't know that
<soren> Err...
<soren> Blinkiz: You could have done this: grep . /sys/class/net/*/carrier
<soren> ..to see the current status of all the interfaces.
<Blinkiz> soren, naa, don
<soren> Or just "grep -l 1 /sys/class/net/*/carrier"
<mattt> ... /sys seems to contain all sorts of goodness these days .. where'd that thing come from?  :)
<Blinkiz> soren, yeah, did work.
 * mattt thinks /sys is the new /proc
<RoyK> damn - even lo is online
<RoyK> :Ã¾
<soren> You'd be screwed if it wasn't :)
<RoyK> is there a tool like sysctl that manipulates /sys stuff?
<thebloggu> RoyK, th0mz same problem
<RoyK> wierd
<RoyK> try booting another box from the cd
<RoyK> what arch?
<RoyK> amd64 or x86?
<thebloggu> x86
<RoyK> 32bit?
<thebloggu> yes
<RoyK> well, try booting up another box
<RoyK> seems your cdrom may be fscked
<thebloggu> RoyK, works fine
<RoyK> use another cdrom player
<RoyK> drive
<RoyK> something
<RoyK> the boot cd is very generic and should work on all systems
<RoyK> I can't remember seeing a system refuse to boot from one
<RoyK> not ever
<RoyK> that is, since slackware 3.2 in 1994 or so
<thebloggu> cant boot from the other drive
<RoyK> thebloggu: well, no idea, really. it really is generic
<thebloggu> it is strange because it starts to load the cd. it says "ISOLINUX .." then stop at "boot:"
<RoyK> google how to make a usb pen bootup from your current OS - it might work better
<chrisbs> Hello. I'm trying to upgrade from 7.04 to 7.10 on a production server, following the ELFUpgrades guide on the community documentation. The upgrade program fails at "http://old-releases.ubuntu.com/releases/dists/gutsy/main/binary-i386/Packages.gz" with a 404 Not Found. I can't seem to find the /dists path under /releases when trying to find it with a browser. Anyone got any experience with this?
<chrisbs> EOLUpgrades*
<chrisbs> Fixed it. If anyone cares, it was a faulty entry in sources.list.
<soren> chrisbs: Which version of update-manager-core do you have?
<acalvo> anyone has implemented openldap with samba to create a domain with windows xp machines?
<soren> chrisbs: Oh, I missed your last comment. Was this an error on your part or was it update-manager doing something wrong?
<chrisbs> It was an error on my part. I didn't set it up, I was just tasked to clean it up.
<chrisbs> acalvo: if LDAP isn't a requirement I think it's pretty easy to set up samba as a domain controller without the ldap backend. I did it awhile back and it seemed fairly easy to get basic functionality. Try googling "linux domain controller xp". Can't remember the exact links.
<acalvo> chrisbs: LDAP is the backend of the most common services (like mail, web, auth), so it is a must
<acalvo> chrisbs: I've it almost everythgin setted up
<acalvo> but it fails when loading roaming profiles, it is not able to find the share directory (but an LDAP user can browse it without problems)
<chrisbs> Aha, okay. My setup was just for fun at home, to see if I could get it working. GL though, been trying to get that + kerberos up, but I've never been able to. Would be awesome with some good documentation on that, if it's even possible.
<acalvo> chrisbs: thank you for your support!
<chrisbs> I really don't know much about it. But if you haven't, try samba.org. Loads and loads of documentation.
<acalvo> chrisbs: in fact I've found a good tutorial, which lead me to get everything working in a couple of hours. The sad part is that it does not have any "troubleshooting" guide :(
<chrisbs> acalvo: Aha. Well the documentation at the official samba site is extremely thorough. You should be able to find every answer you need there, although it might take a while.
<garymc> Hi guys, i got ubuntu 9.04 server on my proliant, when i watch a youtube vid over it, after about 1 min in the firefox browser closes or disapears from the screen
<garymc> whats the problem here?
<acalvo> garymc: which flash player are you using?
<garymc> the latest
<garymc> i just downloaded when it said you need flash player
<acalvo> from adobe or the open-source? (or even HTML5)
<garymc> so i chose ubuntu debian version
<garymc> from adobe
<acalvo> try to open it from a terminal and see the output that it gives when it crashes
<garymc> how do you do that?
<_ruben> this sounds more like ubuntu desktop than ubuntu server
<garymc> well im running LTSP on the server and im connected via ethernet using a thin client
<acalvo> garymc: _ruben is right, try to ask it on the official #ubuntu channel
<_ruben> as stated in the topic .. its not a server specific support question
<garymc> i thought this was
<garymc> is it not?
<acalvo> no, this is the main channel for ubuntu-server
<acalvo> not ubuntu desktop
<CopyWriter> good morning all
<_ruben> g'day
<CopyWriter> question: should i install windows manager for ubuntu server
<_ruben> usualy: no
<_ruben> and when you do, you might as well install ubuntu desktop instead
<CopyWriter> ok next question, how do i specify a static ip address, when i install the ip is automatically configured as 192.168.1.142
<CopyWriter> i'm getting a dhcp3 error so i assume that it's because the dhcp server isn't running
<CopyWriter> !dhcp
<ubottu> dhcp is Dynamic Host Configuration Protocol, a protocol for automatic IP assignment from a router. Ubuntu uses dhclient as a DHCP client but other ones (and DHCP servers too) can be obtained from the !repos. More info at http://en.wikipedia.org/wiki/DHCP
<_ruben> which error do you get?
<_ruben> for static ip config, see: man 5 interfaces
<garymc> Wow desktop stay stop using flash?
<garymc> *say
<CopyWriter> initializing dhcp3 status fail
<chrisbs> CopyWriter: What are you trying to accomplish? Do you simply want to set a static ip configuration?
<CopyWriter> i'm using a new ubuntu server install, well trying to use it anyway as a fileserver on my office network (it's a hobby really) i got everything installed but when it installs it automatically defaults to ip 192.168.1.142 and it can't be seen by any other computers on the network
<_ruben> other computers aren't in the 192.168.1.142 range?
<_ruben> err
<_ruben> other computers aren't in the 192.168.1.0/24 range?
<ewook> it automagically defaults? sounds hard to belive.
<chrisbs> If you don't know how to set the ip in /etc/network/interface check out help.ubuntu.com, click your version > ubuntu server guide > 4. Networking
<CopyWriter> thanks guys i'm reading up on the interfaces and the server guide section on networking is next
<CopyWriter> if i already have a w2k server on the network acting as a domain controller would that be the cause
<eoke> CopyWriter: You might have a DHCP server assigning addresses
<CopyWriter> i can take the w2k machine out back and rough it up a bit
<CopyWriter> yes it acts as a dhcp server
<CopyWriter> shucks didn't think about that before
<eoke> It's possible that's giving it the unexpected address, however if you configure your adapter as static in /etc/network/interfaces it'll use the address you specify.
<eoke> Make sure you use an otherwise unused address though or your sys admin might get a touch upset with the ip conflict.
<CopyWriter> i'm the guy that owns the business, the system admin has been getting me upset since november
<CopyWriter> :)
<CopyWriter> i just want the stuff to work, and i don't think that microsoft products can do what i want, i got too much downtime with viruses
<ewook> why don't you just check your dhcp and alter that.
<eoke> CopyWriter: A Microsoft environment needn't be a huge problem if its configured correctly.
<eoke> I'm gonna get shot now aren't I.
<CopyWriter> :)
<CopyWriter> i gave microsoft a fair chance for the last 14 years
<CopyWriter> even had their affiliates a local support company setup everything everytime i migrated
<CopyWriter> time to give linux a try
<CopyWriter> i installed ubuntu on the accountants pc's two weeks ago and nothing's complained that i don't know what i did i plugged in a flash drive and something popped up and now my pc is slow again
<CopyWriter> and two months ago we got a trainee
<metalfan__> hi
<eoke> CopyWriter: Don't get me wrong I'm not saying don't try linux just that both will cause you issues if not configured correctly.
<CopyWriter> who was given the admin password, and he's been in the tech room checking email
<CopyWriter> so microsoft isn't entirely to blame
<metalfan__> i entered "expert mode" at the installer menu to add "vga=771" to the kernel parameters. but after selecting "install ubuntu server" im stuck with some kind of expert installer mode. how do i start the guided default installation process?
<CopyWriter> it's him for being mcp certified :O
<pmatulis> CopyWriter: why give a trainee the admin password?
<DelphiWorld> hello all
<DelphiWorld> please how to setup a PXE boot server using ubuntu server?
<DelphiWorld> thank for any help
<pmatulis> metalfan__: restart the installation
<metalfan__> pmatulis, thx
<pmatulis> metalfan__: you can add the vga option afterwards
<metalfan__> after what?
<metalfan__> im not stupid, i dont try to get a better picture here or something. i get an "out of range" error from my monitor without the vga option
<metalfan__> i need it
<pmatulis> metalfan__: don't get angry
<metalfan__> sry
<pmatulis> metalfan__: you didn't explain that before
<metalfan__> yes, you probably didnt read that yesterday
<pmatulis> metalfan__: no
<metalfan__> its just that im stuck with this crap for some time now
<pmatulis> metalfan__: you can add kernel boot options. hit F6 at the initial install menu IIRC
<metalfan__> yes, there i choosed expert. added vga=771 to the command line and started the installation
<metalfan__> but now im stuck in some kind of expert installation mode where i have to choose the right install parts
<metalfan__> i just need vga=771 on the kernel params, i want to start a normal inst now
<DelphiWorld> any PXE boot server?
<metalfan__> DelphiWorld, did you try "ubuntu pxe server" on google?
<DelphiWorld> i want to mount a ISO image and let network users boot from it
<DelphiWorld> metalfan__: i'm searching, and iasking here mayb get help from here anf google
<metalfan__> ive done pxe, but i dont know about "mounting an iso and letting users boot from it" sry
<DelphiWorld> metalfan__: me i have a ubuntu server, no desktop but i want users to use a desktop OS
<pmatulis> metalfan__: i don't recall F6 being called 'expert'
<metalfan__> expert is a menu point from f6
<metalfan__> f6 is probably adanced
<ichat> metalfan__:  -  'mounting an iso is rather hard ... iv tryed (under windows server - but that doesn't matter to mutch...
<CopyWriter> wasn't me was the tech department, most likely a lazy7 tech who wasn't on lacation
<pmatulis> metalfan__: is it different for you than what's given here: https://help.ubuntu.com/community/BootOptions
<DelphiWorld> metalfan__: got it (PXE no ISO): http://myy.helia.fi/~karte/ubuntu_hardy_pxe_notes.html
<ichat> if your trying to boot anything its way  easier to - un-iso something,  and    try initiating the  Bootloader directly ...
<metalfan__> pmatulis, thx. now i understand. i thought expert mode enabled the boot options...but f6 does that
<DelphiWorld> ichat: i'm trying to boot any OS using ubuntu PXE Server from my netbook
<Boohbah> ichat: daemontools mounts iso's quite well under windows
<DelphiWorld> Boohbah: but i want to mount it in ubuntu no in windows
<Boohbah> mount -o loop disk1.iso /mnt/disk
<DelphiWorld> Boohbah: thanks, but what's the relation to PXE boot server? how i can let users boot from it using PXE?
<Boohbah> DelphiWorld: i've never used PXE but looking at your link it looks like you should pass the mounted filesystem as the root= option in grub config
<DelphiWorld> Boohbah: yes, this is a good idi
<Boohbah> i guess that would be the tftpboot loader and not grub
<DelphiWorld> Boohbah: yes tftp boot loader
<ichat> DelphiWorld:  -  you can even boot  that other  OS  from linux pxe ... but you'd have to  create a bootdisk that - enables you to run  ntldr - witch is a bit tricky-er than  loading the kernel
<DelphiWorld> ichat: ntldr?
<Boohbah> the NT bootloader
<Boohbah> for windows
<DelphiWorld> Boohbah: but why ntldr? i don't need windows actualy
<DelphiWorld> i'm trying:
<DelphiWorld> apt-get install netkit-inetd tftpd-hpa dhcp3-server lftp
<DelphiWorld> but don't work
<ichat> lol - like i said you can boot any bootloader
<DelphiWorld> unable to install netkit-inetd
<Boohbah> !info netkit-inetd
<ubottu> Package netkit-inetd does not exist in jaunty
<Boohbah> !info netkit-inetd intrepid
<ubottu> Package netkit-inetd does not exist in intrepid
<Boohbah> DelphiWorld: what version of ubuntu do you have?
<DelphiWorld> ubuntu server 8.10
<Boohbah> http://packages.ubuntu.com/intrepid/netkit-inetd
<DelphiWorld> Boohbah: what is this?
<ichat> btw i setup ubuntu-server (first time) -   are there any recomended packages to be able to manager   samba server and vsftpd  from a   (web)-GUI
<DelphiWorld> ichat: i think EBox
<DelphiWorld> Boohbah: ok is installing thanks
<DelphiWorld> aptitude install inetutils-inetd
<ichat> is Ebox manageable in terms of  removing  parts that you dont need  (for example  -  the part where you'd manager mailservers or  webservers or others you dont need
<DelphiWorld> ichat: yes i think is modulare, but kype asking i'm not sur
<ichat> su aptitude update      &&  su aptitude install ebox  ?????
<DelphiWorld> ichat: aptitude update and aptitude install ebox
<nijaba> Daviey: Translation completed
<ichat> it tells it cant update the list file :S
<DelphiWorld> ichat: you must use sudo
<ichat> sorry - its sudo - not su ?
<DelphiWorld> ichat: sudo su
<DelphiWorld> ichat: and enter your password
<Daviey> nijaba: thanks!
<DelphiWorld> ichat: re
<ichat> ebox installed :S
<DelphiWorld> i need this:
<DelphiWorld> http://archive.ubuntu.com/ubuntu/dists/edgy/main/installer-i386/current/images/netboot/.
<DelphiWorld> a netboot image
<ichat> http://server    - it works  -
<DelphiWorld> but error404
<DelphiWorld> lftp -c "open http://archive.ubuntu.com/ubuntu/dists/edgy/main/installer-i386/current/images/; mirror netboot/"
<DelphiWorld> Boohbah: ?
<ichat> strange, -   it tells me that   .....  "  it works "   but thats all it does
<Boohbah> DelphiWorld: ?
<DelphiWorld> Boohbah: i can't get the ubuntu 8.10 netboot image
<DelphiWorld> Boohbah:  lftp -c "open http://archive.ubuntu.com/ubuntu/dists/edgy/main/installer-i386/current/images/; mirror netboot/"
<Boohbah> The requested URL /ubuntu/dists/edgy/main/installer-i386/current/images/ was not found on this server.
<Boohbah> DelphiWorld: edgy?
<DelphiWorld> Boohbah: no, just this URL don't work
<DelphiWorld> i need the ekival of it for 8.10
<Boohbah> DelphiWorld: did you read the URL?
<RoyK> hm.... I have a box running 9.04 server and I want to setup other boxes with identical configuration (same packages plus some config file changes, NIS integration, some NFS mounts etc). What is the easiest way to automate this?
<Boohbah> http://archive.ubuntu.com/ubuntu/dists/intrepid/main/installer-i386/current/images/netboot/
<DelphiWorld> Boohbah: realy thanks
<ichat> wow  - im in ebox and it doesn't seem to do anything :$
<DelphiWorld> Boohbah: trying...
<DelphiWorld> Boohbah: downloading the netboot image, thanks
<DelphiWorld> Boohbah: i think you can solv my problem :D
<DelphiWorld> Boohbah: i'm a blind person, using knoppix with the ORCA screen reader in console mode
<DelphiWorld> any ORCA in console mode for UBUNTU Server?
<Boohbah> BRLTTY is a background process (daemon) which provides access to the Linux/Unix console (when in text mode) for a blind person using a refreshable braille display. It drives the braille display, and provides complete screen review functionality. Some speech capability has also been incorporated.
<Boohbah> http://mielke.cc/brltty/
<Boohbah> DelphiWorld: i guess you need a braille display to use that
<DelphiWorld> Boohbah: i use only TTS :D
<Boohbah> DelphiWorld: http://edbrowse.sourceforge.net/
<Boohbah> DelphiWorld: http://en.wikipedia.org/wiki/Comparison_of_screen_readers
<DelphiWorld> Boohbah: but realy thank you for informing me
<Boohbah> welcome :)
<DelphiWorld> Boohbah: :)
<DelphiWorld> Boohbah: i connect to my ubuntu server using SSH with knoppix that incorporate ORCA dyrectly in the shell with the Espeak TTS Engine
<DelphiWorld> Boohbah: what is UBUNTU MINI.ISO?
<RoyK> anyone that know if ubuntu is getting closer to NFSv4 ACLs?
<RoyK> as in supporting them apart from in kernel space
<RoyK> the old utils won't work on new ACLS
<RoyK> ACLs, even
<Boohbah> DelphiWorld: https://help.ubuntu.com/community/Installation/MinimalCD
<Boohbah> DelphiWorld: yes, i would leave the TTS on the client side
<Boohbah> DelphiWorld: you have a permanent installation of knoppix as your main desktop OS?
<DelphiWorld> Boohbah: thanks
<Boohbah> DelphiWorld: if you decide to use an ubuntu desktop you can also install ORCA there
<DelphiWorld> Boohbah: no, only Live CD
<DelphiWorld> Boohbah: i want to try installing it in the Server a a Console Mode
<Boohbah> DelphiWorld: it may be possible but it's usually better to leave graphical applications on the client side
<giovani> and graphical applications are explicitly not supported in #ubuntu-server
<giovani> once you install X ... you're essentially in #ubuntu territory
<DelphiWorld> giovani: don't only talk, you must understand me
<DelphiWorld> giovani: adriane use orca but no GUI, in console mode / background
<DelphiWorld> Boohbah: understand?
<giovani> DelphiWorld: don't only talk?
<DelphiWorld> Boohbah: if no, see the Knoppix6 Live CD
<giovani> I'm just making it clear what's appropriate here
<DelphiWorld> giovani: understand me
<DelphiWorld> giovani: i'm sur what i'm doing
<DelphiWorld> giovani: no X11 here about orca in ubuntu server
<DelphiWorld> giovani: orca use GUI and console mode version
<giovani> great
<DelphiWorld> giovani: see Knoppix6 CD is inspired me
<DelphiWorld> also, i can't setup UBUNTU alone, i need a helper to setup it for me such a my brother
<giovani> I'm not sure how that's relevant here
<DelphiWorld> Boohbah: mayb i use your suggested app with Flite TTS Engine
<ichat> whooot - i actually  got ebox to  create me a  share - and like i thought - its running ok on  ext4
<ichat> as of now its just a matter of finding out how to best setup the fileserver :P
<DelphiWorld> ichat: good
<ichat> i see though that id have better -  mount my  600gb data partition als  /home   rather than as   /mnt/data
<ichat> default ebox whats to store its  shares in  /home/ebox/shares
<DelphiWorld> ichat: just try to search with me to install a difere OS using ubuntu PXE boot server
<ichat> DelphiWorld:  - what os?
<DelphiWorld> ichat: for example, CentOs, Slax/.../...
<DelphiWorld> netbook don't have a CD reader
<ichat> so you want a cleen netboot - rather than a usb boot?
<DelphiWorld> ichat: yes, to start the installation troug it
<ichat> http://ubuntuforums.org/showthread.php?t=1236601 <<< did you reed?
<DelphiWorld> ichat: ok reading
<ichat> rather than (adding the nx clients you could try and run the  setup system... as youd do with any ftp  install
<DelphiWorld> ichat: what is LTSP?
<ichat> its a subset for ubuntu -  something like a terminal service
<DelphiWorld> ichat: and we use it for PXE?
<DelphiWorld> ichat: i think LTSP use X11
<ichat> DelphiWorld:    i c - -  sorry about that boobo :$
<ichat> kinda missed that part :S
<DelphiWorld> ichat: np :D
<ichat> http://ubuntuforums.org/showthread.php?t=1236601 <<< is better :P -
<DelphiWorld> Ichat: np with X11
<DelphiWorld> ichat: i think is the SAM!
<ichat> DelphiWorld:  -  did you check the seccound link -
<DelphiWorld> ichat: i think i lost it post it please
<ichat> http://ubuntuforums.org/showthread.php?t=1236601 <<<
<ichat> in basic, - you need a working dhcp server  (windows  or linux)
<ichat> a tftp server
<ichat> and a  http (apache )  or  a  FTP   server
<DelphiWorld> ichat: i have all that installed in my server DHCP, Apache, TFTP
<ichat> and for example the  ubuntu  UNR  ISO file
<DelphiWorld> ichat: i started downloading it but is brek
<DelphiWorld> ichat: LTSP is installed
<ichat> damn :$ ive done this a million times from windows (even booted linux system with it.... but not with ubuntu  tftpd
<DelphiWorld> ichat: np i have windows also just guide me
<Steve[mbp]> Morning Everyone!
<ichat> http://ubuntuforums.org/showthread.php?t=1236601 <<< better use this link... its a bit more easy as it will let you  use the default   img files from your iso
<DelphiWorld> ok
<DelphiWorld> ichat: i see all this link is the same!
<Psi-Jack_> Alright, so, ufw's default list of rules, is pretty overly extensive, and it logs like every single nick-nack & crack, so, yeah.. I'm tring to limit what it logs to things it's not just outright blocking sushc as these:
<Psi-Jack_> kernel: [31750.678843] [UFW BLOCK] IN=eth1 OUT= MAC=00:0a:cd:18:44:d3:00:13:5f:05:89:05:08:00 SRC=84.215.64.234 DST=97.101.58.138 LEN=131 TOS=0x00 PREC=0x00 TTL=112 ID=3885 PROTO=UDP SPT=16417 DPT=37483 LEN=111
<DelphiWorld> Boohbah: i see all provided link is the same any documentation?
<Psi-Jack_> And it's just blocking a whole lot of those. eth1 is my internet NIC, eth0 LAN
<Psi-Jack_> The DST is my server's IP address.
<ichat> DelphiWorld:  -    you need your tftp server  to load  the the file - pxelinux.0      with live in the    ubuntu alternative.iso
<ichat> i have here the  xubuntu   desktop  alternative    and it has the needed files
<Psi-Jack_> So, yeah, hmm, whatever it is, it's always just going to port 6881, which nothing's listening on.
<ichat> DelphiWorld: -   knowing that all the pxe files are in the alternative iso ....   it must not be to hard to setup pxe with what you want ...  i think...
<DelphiWorld> ichat: i want to try booting any OS no only ubuntu
<DelphiWorld> ichat: and i think no alternative but MINI CD
<Psi-Jack_> No comments for me and my ufw, eh?
<DelphiWorld> ichat: got a document in french, reading...
<ichat> any initrd  set would be good as long as it supports  booting from a  remote repository
<ipsemet> hello all I'm having some trouble with cron jobs. I can not get anything to run. I've put the jobs in /etc/crontab nothing tried sudo crontab -e and still nothing and then i put them in /etc/cron.d/management and still nothing here's the printouts of all of those http://paste.ubuntu.com/251980/
<xgpt> hello, I am running 8.04
<xgpt> I would like to upgrade my home server's 8.04 installation to ubuntu current, how do I do this?
<xgpt> I am trying to run do-release-upgrade and it is spitting out that there is no upgrade
<xgpt> I'm guessing something isn't going right
<stefan___> edit the release file I forgot the name and change from LTS to CURRENT or something like this ...
<stefan___> xgpt: or you can upgratde to 8.10 and then to 9.04
<xgpt> understood
<xgpt> yeah, i didn't realize that it would be set to LTS only
<xgpt> I fixed it!
<xgpt> thanks!
<stefan___> xgpt: found it : change etc/update-manager/release-upgrades fromm LTS to normal
<stefan___> and you can do 8.04 to 9.04 directly
<xgpt> also, I'm just curious
<xgpt> I might want to ask this in #ubuntu
<xgpt> but why is wpasupplicant installed at ALL on a server installation?
<xgpt> isn't that entirely unnecessary?
<stefan___> maybe because you would turn your laptop in a server ? :)
<RoyK> stefan___: afaik there is no direct upgrade path - you need to go via 8.10
<stefan___> RoyK:  go to post 13 : http://ubuntuforums.org/showthread.php?t=1135537&page=2
<stefan___> tried it once and it worked
<RoyK> well, I'd recommend updating step-wise
<RoyK> it takes a little longer, but the chance of failure is far lower
<stefan___> i might have been just lucky then RoyK
<jmedina> @seen ivoks
<jmedina> :S
<jmedina> anyone using dovecot's sieve?
<xorred> hi guys....
<xorred> I'm trying desperately to install 8.04 server from USB
<xorred> and fail at every single attempt
<xorred> anyone ever installed the Server 8.04 from USB?
<RoyK> yes
<lenios> hi there
<ipsemet> where does the cert.pem go with apache2
<xorred> RoyK: you installed from USB?
<RoyK> hm....
<RoyK> not 8.04
<RoyK> just 9.04
<xorred> doesn't matter I guess?
<xorred> how did you do it? any guide you followed?
<ikonia> metalfan__: what's up ?
<lenios> ipsemet, you might try /etc/ssl/certs/cert.pem
<ipsemet> thanks
<ikonia> metalfan__: sorry - had some lag there
<metalfan__> ikonia, did we talk before?
<ikonia> metalfan__: no, I just had an odd lag in the channel, where time stopped at your question?
<aurax> hello, any idea how to solve execvp: No such file or directory
<ikonia> aurax: what are you actually trying to do ?
<aurax> ikonia, never mind sorted it out, thx anyway :)
<ikonia> great
<metalfan__>  ikonia: i see
<metalfan__> ikonia, pmatulils already gave me the right idea
<gnomon> Hi!  I'm trying to figure out how amavisd-new treats X-Spam-* headers that have been added to messages by an SMTP server prior to the one on which amavisd-new is running.  Should it pass them through unmolested, or silently drop them?  I'm seeing the latter and am trying to puzzle out which system is at fault.
<xorred> ikonia, check out http://ubuntuforums.org/archive/index.php/t-1045366.html
<xorred> and learn
<xorred> then restore my access to #ubuntu accordingly (quote: "installing desktop and server is the same")
<ikonia> xorred: thats pretty much the same process as in the factoid ubuntu sent you
<xorred> not really the same
<ikonia> yes
<ikonia> it's the same process as listed in the factoid ubottu sent
<ikonia> you're welcome to follow whatever guide you feel works best for you
<ikonia> if there is specific stuff, maybe write a wiki page
<xorred> I am just proving the point of difference betweeen a desktp and server install
<ikonia> xorred: there isn't one with the process
<ikonia> but I'm not debating this with you as I said earlier
<xorred> there's nothing debating here, unebootin for desktop installation and 2 pages A4 format for a server from usb... it's funny you stil can't admit you were wrong
<ikonia> I didn't say use unetbootin
<ikonia> but I'd imagine that would work, but I've not tried it myself
<ikonia> I said use the usb install guide ubottu sent you
<xorred> no it will NOT work
<xorred> as server != desktop install
<xorred> and yes, I've tried
<ikonia> worked fine for me about 25 minutes ago
<xorred> you tried server 8.04?
<ikonia> I tried an 8.04.2 server image
<ikonia> it's all I had to hand
<ikonia> but I'll leave you to get on with it
 * jmedina also install hardy server using usb...
<xorred> jmedina: what process did you use?
<xorred> did you use unebootin?
<xorred> I'm using a modified version of server 8.04 ..
<xorred> the ebox one
<jmedina> xorred: yeap using unebootin
<ikonia> xorred: where is that version from ?
<jmedina> or something like that
<xorred> ebox-platform.com
<ikonia> xorred: ok - then that distro is not supported in the #ubuntu channels
<jmedina> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<xorred> they use ubuntu as base and just add their packages
<ikonia> xorred: it doens't matter - it's not supported by the #ubutnu channels
<ikonia> !derivatives
<ubottu> There are some Ubuntu derivatives that we cannot provide support for due to repository and software changes. Please consult their websites for more information. Examples: gNewSense (support in #gnewsense), Linux Mint (see !mintsupport), LinuxMCE (support in #linuxmce), crunchbang (support in #crunchbang)
<xorred> k
<ikonia> thanks
<jmedina> I follow ebox mailing lists, they provide good support
<ikonia> yes, ebox has a very good support reputation from my reading also
 * jmedina still prefers zivios for ldap and kerberos authtentication
<wikkid> hello everyone.  A software raid 1 drive failed, (two md devices md0 and md1.  md0 is /, md1 is swap), i replaced the drive, and was able to rebuild md0 just fine, i can't seem to rebuild md1 (swap) though, i'm getting "mdadm: cannot get array info for /dev/md1" when i try to run mdadm --manage /dev/md1 --add /dev/sda2.  any ideas?
<ikonia> wikkid: any info in your mdadm.conf ?
<wikkid> yeah, i'll pastebin it..
<wikkid> http://pastebin.ca/1527090
<ikonia> looks a valid entry
<ikonia> wikkid: is the swap array started ?
<jmedina> is the array assambled?
<wikkid> here's the output of cat /proc/mdstat:  http://pastebin.ca/1527093
<wikkid> as for is it started / assembled.. i don't know
<wikkid> i'm a software raid newb :(
<wikkid> i run hardware raid5 at home, but working with mdadm is new to me
<jmedina> man mdadm has lots of examples
<wikkid> when the drives failed, i ran mdadm --manage /dev/md0 --fail /dev/sda1, then --remove /dev/sda1, then --add /dev/sda1 and it worked fine for md0
<wikkid> i would assume it would be same operation for md1, but i'm getting "cannot get array info for /dev/md1" that's where i don't know to go from here.
<wikkid> everything to my knowledge looks well and good.  but it also has me wondering if i really need mirrored swap / swap at all (the system appears to be running fine without it, though i'm guessing it's using only the ram it has)
<jmedina> wikkid: yeap looks fine, why dont you remove the raid and try ei buuild it again?
<jmedina> it is swap, it doesnt matters
<wikkid> md1?  or rebuild md0?  by the way, the output of mdadm --assemble /dev/md1  was "mdadm: no devices found for /dev/md1"
<Deevz_> im trying to create a user and I get "unable to lock password file"...
<wikkid> well jmedia and ikonia, i'm just going to let it run for now and google the hell out of trying to get swap working again later.. md0 (root filesystem) is mirrored and running, that's all i really care about.  thanks for your help! :)
<xgpt> hey guys, I want to give a single user access to a folder in my home dir.
<jmedina> xgpt: and?
<xgpt> jmedina, I would ilke to give them access to an entire folder of media
<jmedina> I want a coke
<jmedina> xgpt: are you asking for something?
<xgpt> jmedina, how do I do it/
<xgpt> jmedina, also, can you get me a coke?
<jmedina> xgpt: sure, in the mean time read chmods man page
<xgpt> jmedina, problem is
<xgpt> it won't let me change it
<jmedina> xgpt: do you know unix permisions?
<xgpt> it's saying there are too many symbolic links
<xgpt> jmedina, I understand them
<jmedina> show the command you used and the exact message you get
 * jmedina hates symlinks
<clusty> hey
<clusty> is there a way to build more locale's for a system?
<clusty> now if I do a locale -a I get: C/POSIX/en_US.utf8
<clusty> i wish I had fr_FR or some unicode maybe?
<xgpt> jmedina, I hate them too
<jmedina> clusty: use locale-gen
<jmedina> I always use sudo locale-gen es_MX-UTF-8
<enquora> I have several 9.04 installations. Are there repositories to keep ruby and postgresql current?
 * jmedina remember the old days when you have to rebuild glibc with your locales kit 
<clusty> jmedina, thnaks worked. i got fr_CA. is it unicode or UTF8?
<jmedina> what is difference_
<jmedina> ?
<clusty> jmedina, asking me?
<jmedina> yeap
<clusty> not sure myself. unicode is the portable thing I think
<jmedina> and utf8?
<clusty> UTF is not
<clusty> i am not an expert
<clusty> i am just trying to wrote some C++ code to handle such stuff
<clusty> and I am stuck at reading a file :D
<clusty> and printing on screen :D
<phoenixz> Hi there, anybody here who has experience with EMC powerpath on ubuntu? Will it actually work?
<HellMind> this is my story, I need to run a mohaa breaktrought dedicated server on my ubuntu 8.04lts, there are no linux bin, so I installed vmware server 1 and with a windows xp as guest, solve the problem.
<HellMind> Now, I detect that the mohaabt server is laggin, I complain vmware, So I want to try it with wine
<HellMind> Wine need xorg wich I dont have, I dont have also a local access, just with ssh.
<HellMind> How can I install a minimal xorg /wine, to run a windows console app from ssh?
<uvirtbot`> New bug: #412751 in bind9 (main) "bind9 should reload the named apparmor profile, not all of apparmor" [Medium,In progress] https://launchpad.net/bugs/412751
<psi-jack__> Alrighty. So I have a routing server, eth0 being on the internal network, eth1 being connected to the internet, handled by dhcp, but when it comes up, it completely replaces my /etc/resolv.conf and I don't want it to.
<psi-jack__> How can I fix that so my resolv.conf stays the way I made it?
<Nick_Hill> My RHEL 2.1 based system has come to the end of it's supported life after 6 years of faithful operation, needing no support. (really, it is a plesk 6 system due to massive customisation needed to make the system administrable, but that is another story). I am looking to migrate. a painful and potentially frought experience. I have given many days consideration and been looking at Ubuntu as a possible candidate. I
<Nick_Hill>  have come up with a series of observations which may be used to improve the Ubuntu server offering. Where should I post my essay?
<uvirtbot`> New bug: #412756 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/412756
<Nick_Hill> The system supports LAMP+email
<psi-jack__> Supports LAMP? But LAMP is just Linux, Apache, MySQL and PHP
<Nick_Hill> psi-jack__, As opposed to a Samba server, or SIP or something else
<psi-jack__> It takes a big machine to truely support even JUST LAMP.
<psi-jack__> Running all Apache and MySQL on the same system itself, uses up a lot of memory and processing power.
<Nick_Hill> psi-jack__, Depends on the usage profile. Virus scanning with Clam seems to be a killer.
<Nick_Hill> psi-jack__, Started off with 512Mb, Athlon 1800+.
<Nick_Hill> psi-jack__, 30 or so domains.
<Nick_Hill> psi-jack__, And the whole lot running again in a chroot jail (with an upgrade to 1Gb)
<Nick_Hill> Anyway, I realise that default configurations of popd and imapd assume a 1:1 relationship between email addresses and system users, and assume a 1:1 relationship between domans and machines, so will need to go for a control panel configuration.
<HellMind> nobody installed xorg on buntuserver?
<Nick_Hill> Is there any virtualmin or syscp type control panel interface supported by Ubuntu?
<webereinc> Anyone know how to get server to recognize USB drive when RAID array is already using sda1, sdb1. and sdc1... the inserted drive is not listed in fdisk -l
<Nick_Hill> webereinc, Have you looked at dmesg?
<webereinc> Nick_HIll - yes, it is not showing any new messages
<Nick_Hill> webereinc, Try modprobe usb-storage
<Nick_Hill> webereinc, usb_storage
<Nick_Hill> webereinc, Then look at dmesg. Should then see the device.
<webereinc> Nick_Hill, dmesg now says the following:
<webereinc> [2317749.562628] usbcore: registered new interface driver libusual
<webereinc> [2317749.582802] Initializing USB Mass Storage driver...
<webereinc> [2317749.582841] usbcore: registered new interface driver usb-storage
<webereinc> [2317749.582847] USB Mass Storage support registered.
<Nick_Hill> webereinc, Do you know for sure the USB socket works?
<Nick_Hill> webereinc, May not be connected internally if front panel.
<webereinc> It did when it was a windows machine <grin>
<Nick_Hill> What are you plugging in?
<webereinc> USB thumb drive - also, it does light so there at least is power
<Nick_Hill> Try unplugging them plug in again. Look at dmesg. May be picked up once the storage driver loaded.
<webereinc> no new messages
 * jmedina has experienced that with poor quality usb ports
<webereinc> OK, I'll try some other approaches.
<webereinc> Thanks
<Nick_Hill> webereinc, Have you seen the drive working on desktop Ubuntu? Maybe an unrecognised ID. Try a different drive.
<Nick_Hill> and a different port
#ubuntu-server 2009-08-13
<phoenixz> Hi there, anybody here who has experience with EMC powerpath on ubuntu? Will it actually work?
<storrgie> I just double clicked a samba share and it mounted, where is it acutally mounted though?
<twb> storrgie: ask /proc/mounts.  This channel is for server support, not GUI stuff.
<HellMind> hey how can I port forward using ufw
<twb> HellMind: editing /var/lib/whatever, where the raw iptables-restore data lives.
<twb> The ufw wrapper pretty much restricts itself to hosts.allow functionality.
<HellMind> so isnt that easy
<HellMind> im having problem with udp
<HellMind> I must touch something extra to forward that?
<twb> I don't know offhand
<jmarsden> HellMind: I'd edit /etc/ufw/after.rules to adding any extra custom rules (for forwarding or whatever else you need) ... then regenerate the scripts using ufw and your edits to after.rules are included into /var/lib/ufw/user.rules
<HellMind> I got the rules in the before.rules file
<HellMind> is that wrong?
<XiXaQ> I have two disks; one is 200GB and the other is 300GB. I'd like to combine them to make a 500GB partition. Speed is not the issue, I just want a big pool of diskspace. Later, I might want to add more disks to that partition. Should I use mdadm and create a software raid 0 or just lvm, or what should I do? I've neither configured software raid nor lvm.
<Sam-I-Am> XiXaQ: just remember one disk failure = entire data loss
<Sam-I-Am> more disks = more chance of failure
<jtaji> XiXaQ: sounds like you want lvm
<XiXaQ> jtaji, then I don't need raid?
<XiXaQ> Sam-I-Am, without raid 0 too?
<Sam-I-Am> concatenating disks has no redundancy
<jtaji> neither does raid0
<jtaji> but whatever, backup
<Sam-I-Am> just a warning... if you need lots of space and dont care about the data, raid 0 works fine
<jtaji> XiXaQ: you can add/remove disks at will with lvm, not sure about raid0
<XiXaQ> with raid0 I don't think you can remove a disk.
<jtaji> plus there's the nifty snapshot feature with lvm for backing up a consistent disk state
<jtaji> then there's always lvm on top of raid
<XiXaQ> yes, but as I said, speed is not important at all.
<jtaji> I would just do lvm then
<XiXaQ> this isn't important data either. I just want the ability to store more data in the same space.
<XiXaQ> I mean, in the same folders.
<XiXaQ> jtaji, yes, I've read about that snapshot feature. Seems nice.
<webereinc> Hello... anyone have any suggestions on getting an Ubuntu Server (running gnome) to find a USB memory stick when there is already disk drives sda1, sdb1, and sdc1 as part of a raid array?
<jtaji> XiXaQ: it's very cool, just remember to leave unallocated space, you can always expand partition anytime with lvm
<XiXaQ> jtaji, what does that mean?
<XiXaQ> I've deleted all partitions on both disks.
<jtaji> XiXaQ: with lvm you'll create a physical volume for lvm (most likely your whole disk), then create logical volumes in that (/, /home, etc...)
<jtaji> XiXaQ: when you create your logical volumes, don't use all the space in the physical volume, you can expand partitions easily later, and also the empty space is needed for snapshotting
<jtaji> at minimum, just for snapshots, you'd need enough space to account for all the disk changes that go on while your snapshot alive and you do your backup
<webereinc> Hello... anyone have any suggestions on getting an Ubuntu Server (running gnome) to find a USB memory stick when there is already disk drives sda1, sdb1, and sdc1 as part of a raid array?
<XiXaQ> jtaji, that's unallocated space on each disk I use?
<jtaji> XiXaQ: oh right..... I wasn't entirely accurate
<jtaji> each disk will be a physical volume, multiple physical volumes are combined to one volume group
<jtaji> it's the volume group in which you create logical volumes and leave some unallocated space
<XiXaQ> ah, I see.
<XiXaQ> jtaji, I'm following the server guide from help.ubuntu.com. It seems to suggest I should keep / and such outside lvm?
<XiXaQ> I don't understand this. I used 100% of the first disk for LVM, but now I'm only able to give 100% of that to the / partition.
<jtaji> XiXaQ: ah yes, another good point :p
<jtaji> XiXaQ: I just keep /boot outside
<jtaji> and only ~200 MB
<XiXaQ> is it necessary?
<jtaji> yeah
<jtaji> so I'd make the /boot on the first disk, then the rest of that disk for LVM physical volume
<XiXaQ> and /boot is primary and the rest is logical?
<jtaji> doesn't matter, but since you only have one or two partitions on each disk, I just use primary
<XiXaQ> how do I undo the kvm setup?
<jtaji> without lvm, I use all logical typically
<jtaji> kvm?
<XiXaQ> lvm
<XiXaQ> I now have 100% of the disk set to lvm and 100% of that set to /. I can't see any way to remove / and when I try to remove the lvm stuff, I  get an error saying it's in use by lvm.
<jtaji> remove the / logical volume, then remove the volume group, then delete the physical volume
<XiXaQ> how do I remove it?
<XiXaQ> "delete all data on this partition"?
<XiXaQ> oh, this is going to take a long time. :(
<jtaji> in the installer? can't remember, should be pretty obvious
<jtaji> on the command line you'd use lvm lvremove, lvm vgremove, lvm pvremove......
<XiXaQ> I'll take a few hours to delete the / partition?
<jtaji> should take seconds
<XiXaQ> it's been running for ten minutes and it's at 2%
<jtaji> I can't think of why that would be
<XiXaQ> oh, I found it.
<XiXaQ> ok, so I first make a /boot partition, of a few hundred megs. The rest I'll use for lvm and then I'll be able to easily resize / and /home, for instance?
<jtaji> yes
<XiXaQ> I'm not allowed to do that. I must provide a / filesystem.
<jtaji> dunno, I've done it several times... but I'm afraid now I must go to sleep
<jtaji> good luck ;)
<XiXaQ> thanks.
<error404notfound> i have to backup some directories, and only root has access to them, i have chosen duplicity as a tool for backup, however ssh for root is disabled, so i need another uid 0 account just for the backup's purposes. or should i create a new user with group as root?
<XiXaQ> use sudo?
<XiXaQ> oh, sorry. I didn't read properly :)
<XiXaQ> adding your user to the root group seems best.
<twb> error404notfound: all of those techniques are sucky.
<twb> error404notfound: I suggest allowing ssh access to root, but only via a single key, and locking that key down to run only a single command.
<error404notfound> twb, so what can i do... i have to make backups, directories are such as etc, var (yes, without lock, spool and run), and some other mounted media
<error404notfound> twb, what if using xinetd or may be denyhosts i disable root ssh from any ip except local, wont that achieve the same goal?
<twb> error404notfound: I'm assuming you already use AllowedUsers to restrict ssh access as root
<twb> http://linuxmafia.com/faq/Security/ssh-publickey-process.html
<error404notfound> twb, i have used AllowedGroups with canssh
<twb> error404notfound: AllowedUsers root@192.168.1.*, for example
<twb> I would not bother pissing about with xinetd.
<error404notfound> twb, yes, that i can do in my sshd_conf like root@localhost
<error404notfound> twb, hmm
<error404notfound> twb, AllowedUsers take preferences over group? if yes, may be root should be in canssh group as well
<twb> error404notfound: I don't know.
<twb> My impression is that it takes a set union (â©)
<twb> My impression is that it takes a set union (âª), rather
<error404notfound> twb, okay, thanks, i am gonna try it..
<error404notfound> i addedthe AllowUsers line in sshd, restarted sshd, and now when i try to ssh into the server, i get: http://pastie.org/582321
<twb> "Too many authentication failures" sounds like you are using something like fail2ban
<twb> The ssh client should not report that much information about why a connection was rejected.
<error404notfound> anyone here uses duplicity?
<error404notfound> i am getting http://pastebin.com/m730f508a
<error404notfound> twb, any ideas form your side?
<error404notfound> http://pastebin.com/m7aafbbe2
<twb> error404notfound: sorry, I'm busy
<error404notfound> twb, no problem :D
<error404notfound> twb, i fixed it :P there was one extra --include
<acalvo> hi, i'm trying to create a mail server with a LDAP server as a auth backend.
<acalvo> the thing is: how could I store the mail if there are no user directories in the mail server (they're in the ldap server)?
<_ruben> acalvo: virtual users
<twb> acalvo: with a network filesystem
<acalvo> mmm
<acalvo> network filesystem?
<twb> acalvo: such as NFS, CIFS or AFS
<acalvo> yes
<acalvo> but i don't want to have the mail in the same filesystem as the user data
<acalvo> _ruben: virtual users? what do you mean?
<twb> acalvo: then you just make sure pam_ldap is in pam.d/dovecot instead of pam.d/common-*, I guess
<_ruben> acalvo: most MTAs support both local users (system accounts) and virtual users
<acalvo> twb: why? pam only takes care of authentification, it won't redirect to new storage tree
<twb> I don't see what the problem is
<twb> If the only thing that needs to know about these users is the MTA, then you only make the MTA see them.
<acalvo> _ruben: yes, but this is done using LDAP (right?), my point is how to instruct dovecot/postfix to store the user mail in some directory that is only owned by the LDAP user
<acalvo> twb: and how to control where to store mail?
<acalvo> it won't be a /home/$user$
<_ruben> acalvo: http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox
<twb> acalvo: nsswitch.conf handles that.
<twb> So I suppose the accounts would exist on the mail server, but wouldn't allow logins
<twb> Doing it the way I propose, that is.  I daresay _ruben has a better approach
<_ruben> acalvo: if you use postfix+dovecot .. have postfix check against ldap for valid users .. and have dovecot auth against ldap as well for imap/pop3 and use a static map (or ldap field) for the mailbox location
<acalvo> twb: thanks, you're approach also seems right -- but I don't really understand how nsswitch can control storage systems
<acalvo> _ruben: I think I've get your point!
<acalvo> thank you both!
<twb> acalvo: "getent passwd fred" will tell the system fred's home dir
<acalvo> twb: acalvo:x:1004:512:System User:/home/acalvo:/bin/bash
<acalvo> it's true
<acalvo> but there is no "/home/acalvo" in the mail server
<twb> So what?
<acalvo> so, default config redirect to /home/user/Maildir
<acalvo> if there is no /home/user, it will fail
<acalvo> I suppose
<twb> You tell the mail system to make directories that don't exist
<acalvo> seems fair
<acalvo> I'll try to mix up both suggestions
<_ruben> dovecot creates mailboxes automatically on first mail/login
<acalvo> that's what I've guessed
<acalvo> I'll try what you said, using postfix+dovecot against LDAP
<CppIsWeird> has anyone here used an IBM LCM?
<twb> The candy bars?
<Richie> Hi, I am experimenting with ubuntu server, I want to setup a a simple server for clients. Basically I want to run samba for file sharing, and run a mail server which will pull mail from the isp, and then also be able to route mail localy. Most of the how to guides I have been reading talk about ISP server with multiple domains.
<twb> Richie: have you read the Ubuntu admin guide?
<Richie> twb: I read some of the ubuntu server guide, busy having another look at the mail section. I tried one of the tutorials on how to forge, which was in my opionion to much, I am not going to be hosting multiple domains. Maybe what I should do is start working through the admin guide, then when I get to sections I am not sure about I will ask the relevent questions here.
<Richie> the one thing that does confuse me is the mail server host name in the basic postfix configuration. the server is not going to have a fixed ip, I want to retrive mail with fetch mail and route localy and outgoing mail will be relayed to the isps smtp server, would I call it mail.mydomain.com, or would it be better to call it mail.mydomain.local.
<twb> If your MTA does not have a fixed IP, it will not work very well
<twb> Lots of other MTAs will refuse to talk to you because the hostname you supply doesn't resolve to an IP that resolves back to the hostname you supply.
<twb> If you're a SOHO, I suggest you just relay all outbound mail through your ISP's smarthost.
<Richie> the plan is to relay the mail to the ISP's smarthost, and the mail will get pulled from the isps mail server. I want to do something similar to the pop3 connector in sbs 2003
<Richie> currently if people mail each other it goes to the isp, then the next person downloads from the isp when its for internal mail
<ulterior> having an issue setting up postfix
<ulterior> cant get it to sign my emails
<ulterior> http://pastebin.com/mffe2322
<ulterior> tried just about everything to fix the problem cant put my finger on it
<ulterior> any help would be greatly appreciated
<psteyn> Hi guys
<psteyn> how can I debug something like this:
<psteyn> Aug 13 00:04:01 www kernel: [515697.941360] php[20786]: segfault at 7f9420f75f30 ip 00007f9420f75f30 sp 00007f941f2820f8 error 14
<psteyn> I mean, I have no idea which specific php script caused that error so I don't know how to reproduce in order to debug
<psteyn> how can I get more info?
<acalvo> _ruben: still here?
<RoyK> psteyn: that means something crashed at that time, and there is no way to debug it unless you have turned on core dumps for that specific app
<_ruben> acalvo: somewhat
<_ruben> $dayjob keeping me busy
<psteyn> yeah, and I don't know which specific app it is.  it's a live site with thousands of php files
<psteyn> sigh
<_ruben> psteyn: if the script runs long enough and crashes often enough, you could monitor the process table :)
<acalvo> _ruben: ok, quick question, as you suggested, I've configured posfix and dovecot, so now both work with LDAP. the problem is that the folders aren't being created. I think this is MTA's job right? but in postfix I'm using dovecot as a sender (in fact, using this guide https://help.ubuntu.com/community/Postfix/DovecotLDAP)
<_ruben> are adding a wrapper script .. which writes sript name and pid to a file, which can then be matched against the crash details
<psteyn> yeah, but that would be too easy ofcourse...sigh.  it's random, and hours apart, and I don't know which specific code it is
<_ruben> acalvo: by default dovecot creates mailboxes either on first mail or on first imap/pop3 login
<acalvo> I'm having this error
<psteyn> what is weird is that I'm using stock standard ubuntu server 9.10 migrated from centos 5.3 and I didn't have those errors on that server.
<_ruben> psteyn: a systemwide wrapper would catch it
<acalvo> Aug 13 13:42:38 jupiter dovecot: imap-login: Login: user=<acalvo>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
<acalvo> Aug 13 13:42:38 jupiter dovecot: IMAP(acalvo): mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/acalvo
<acalvo> Aug 13 13:42:38 jupiter dovecot: Fatal: IMAP(acalvo): Namespace initialization failed
<_ruben> acalvo: set mail_location? :)
<acalvo> _ruben: but, where?
<_ruben> dovecot config
<acalvo> ok... touchÃ©, but it is getting home/acalvo as a mail_location, right?
<_ruben> this what i use on one system: mail_location =  maildir:/var/spool/dovecot/%1d/%d/%1n/%n/Maildir
<_ruben> it stores mail for user@domain in /var/spool/dovecot/d/domain/u/user/Maildir/
<acalvo> _ruben: you were right, gracias!
<Daviey> nijaba: I have introduced translations and a stand alone shell script.. just throwing it in the PPA now.
<Daviey> Got someone else to do de translations, just writing a call for help blog post now.
<nijaba> Daviey: great.  let me know when the ppa is up to date :)
<Daviey> nijaba: now :)
<Daviey> nijaba: There is a script bundled called ubuntu-server-tip for retrieving the correct language, that presumably update-motd can use
<error404notfound> i am making backups over a webdav using duplicity, which is better option? 1. mounting webdav, then using file:/// in destination OR 2. using webdav:/// in destination?
<error404notfound> bum!
<error404notfound> bump*
<Daviey> Need some server tips - http://blog.daviey.com/ thanks :)
<corporate_cookie> Is anyone running Informix IDS 11.5 on Ubuntu Server LTS ?
<nijaba> Daviey: for some reason, the translated string have an empty newline appended and accentuated character are not displayed properly :(
<Daviey> hmm
<Daviey> i noticed the accentuated issue, but assumed that was a UTF-8 issue on my box.
<nijaba> Daviey: looks like it is NOT using the utf8 version...
<Daviey> empty new line.. hmm.. wonder what has introduced that.
<Daviey> nijaba: ah!  I hope fortune supports accentuated chars.
<nijaba> Daviey: it does... example: Personnellement, je suis toujours prÃªt a apprendre, bien que je n'aime
<nijaba> pas toujours que l'on me donne des leÃ§ons.
<nijaba> 	-+- Winston Churchill -+-
<Daviey> hmm
<nijaba> Daviey: in german it is even worse...  they use a lot of special chars
<Daviey> ipp fÃ¼r Ubuntu server: Mit 'etckeeper' kÃ¶nnen Sie Ãnderungen in /etc/ in
<Daviey> einem Bazaar-Repository aufzeichnen. NÃ¼tzlich, um Ãnderungen zu verfolgen
<Daviey> und rÃ¼ckgÃ¤ngig zu machen. http://tinyurl.com/etckeeper
<Daviey> German looks ok to me :/
<nijaba> weird
<Daviey> ahhh.. working it out.
<Daviey> nijaba: does "$ fortune fr/ubuntu-server-tips" work as you would expect?
<Daviey> except the blank line
<nijaba> Daviey: nope
<Daviey> hmm
<Daviey> i'm using a locally create package, not the one from the PPA
<nijaba> Daviey: nor does: fortune fr/philosophie
 * Daviey upgrades
<nijaba> Daviey: must be a pb on my system!
<Daviey> nijaba: well oddly i'm seeing the same issue if i "$ LANG="fr" ubuntu-server-tip"
<CopyWriter> hello guys
<CopyWriter> my question today is, i have a dhcp server, so do i disable the dhcp server settings on my wireless router
<CopyWriter> cuz since setting up my ubuntu box as a dhcp server i notice that sometimes when i restart i'm able to connect to office computers at random
<pmatulis> CopyWriter: typically a subnet has a single dhcp server serving it
<corporate_cookie> why is bzr 1.3.1 the default in Ubuntu Server 8.04 LTS ? ...is there a more recent supported bzr package
<CopyWriter> thanks pmatulis
<CopyWriter> i'm going to try assigning static ip addresses to the clients
<pmatulis> corporate_cookie: why?  b/c that's what 8.04 shipped with
<sgsax> who was it that was looking for help setting up a jabber server?
<sgsax> article in Linux Journal this month about Openfire (http://www.igniterealtime.org/projects/openfire/index.jsp)
<sgsax> looked pretty easy to setup
<ewook> CopyWriter: One dhcp is enough. but is it not easier to make friends with your tech?
<Daviey> nijaba: 21 suggestions raised so far! :)
<nijaba> Daviey: yeah!!
<Daviey> ontop of the current ones.
<nijaba> Daviey: as bugs? I do not see any?
<nijaba> Daviey: uh... now I do...
<Daviey> nijaba: Had a brief look at some of them.. mostly look good.. will need to make some of them more concise i think.
<nijaba> Daviey: agreed
<laga> # Appears as MAYNARD
<laga> (#G010E110M1T\sh) ÃÃÂ¹ÃºÃÃÂ¶Ã ÃÂ´
<laga> (#GI8:E=88RM1Tkees) hi
<bitprophet> huh. anyone know why 9.04 wants to install to LVM by default? anywhere I can read the discussion behind the decision? mostly curious, LVM is cool and all, just seems like a slightly odd decision for the default.
<sgsax> perhaps it's due to the fact that harddrives are bigger and cheaper than ever
<sgsax> so people are buying more and bigger drives than before
<sgsax> lots of big drives means a potential need for large volume management
<sgsax> but I'm just guessing
<sgsax> Solaris uses zfs my default these days, iirc, so it could be a response to that
<sgsax> s/my/by/
<Steve[mbp]> morning everyone!
<bitprophet> sgsax: yea, that sounds like a good guess.
<bitprophet> suppose it can't hurt, this is just a vm I'm setting up because all my LTS ones are too old for what I'm doing (python 2.6)
<sgsax> all my servers are 8.04
<RoyK> sgsax: zfs rocks
<bitprophet> sgsax: yea, same here. I just need to test out a python 2.6 quirk and afaict that's not available even in hardy-backports, so I'm virtualizing 9.04 for a bit
<sgsax> RoyK: so I hear, I'm not a big sol guy, so I haven't played with it at all
<sgsax> bitprophet: makes sense, you could also roll your own package
<RoyK> sgsax: I'm a linux guy, really, but not really _only_ linux
<RoyK> i've just worked with solaris a few months, and it rocks
<bitprophet> sgsax: this is true. I actually used to do that back when I was on debian proper and 2.3 was the default (and outdated) python
<bitprophet> I kinda wanted to see what 9.04 was like anyway.
<sgsax> I don't use sol enough to be fluent with it, only have one box that runs my sunray thin clients
<sgsax> bitprophet: sure, I love it on the desktop
<sgsax> and I'm sure it's fine on servers, I just get a more warm, fuzzy, enterprisey feeling running LTS
<bitprophet> haha, ditto.
<bitprophet> plus I can't really justify upgrading for each release, but every ~2 years is acceptable
<RoyK> we have a few boxes with 9.04 here, mostly doing number crunching with some antique fortran stuff :)
<bitprophet> oh my.
<sgsax> RoyK: you must be doing clustering
<RoyK> the researchers - at least some - still use fortran
<bitprophet> does fortran even run on anything manufactured after 1985?
 * bitprophet kids
<sgsax> our big cluster (1024 nodes) runs on gentoo and has any number of bizarre modeling libs
<RoyK> last language update of fortran was in 2003 :)
<sgsax> some barely-usable
<RoyK> but - gotta go...
<sgsax> fortran continues to be used and updated
<sgsax> mostly because scientists/researchers are *not* programmers
<Psi-Jack_> Heh
<maswan> sgsax: and also because it doesn't have some of the performance issues that C has..
<Psi-Jack_> So, tell me, Ubuntu's init scripts for postgresql, they just try to run postgresql and don't try to constantly poll it to make sure it's running after-the-fact, does it?
<bitprophet> I don't think *any* init scripts monitor daemons after bringing them up
<sgsax> Psi-Jack_: I would guess that very few initscripts will do that
<maswan> sgsax: anyway, my warm and fuzzy feeling went away after getting some new hardware, and now I'm hacking on karmic to get it to work. :)
<Psi-Jack_> sgsax, Why would you guess that? heh
<sgsax> maswan: yay for new toys :)
<bitprophet> unless you're using Upstart, which (at least as of 8.04) was only for a small number of things by default
<bitprophet> iirc
<bitprophet> Psi-Jack_: but, that's your answer, use Upstart or something similar like daemontools/runit
<sgsax> cfengine can also monitor services
<Psi-Jack_> Ahhh. Upstart? Hmmm.
<bitprophet> Psi-Jack_: it's an Ubuntu specific initiative, I think upstart.ubuntu.com? google should find it easy
<Psi-Jack_> I was only curious because it was one annoyance I had argued with for hours before about gentoo's init scripts, checking and polling waiting, and when you're doing a PITR walls recovery on the database, you just don't want it sitting there waiting endlessly.
<Psi-Jack_> Ahhhhhh
<Psi-Jack_> I remember hearing some about upstart, event-based init system.
<Psi-Jack_> upstart /sounds/ like it could be a good idea.
<Psi-Jack_> Though current init methods, gentoo has rc-config, which lets you start and stop services by 'rc-config start/stop/restart/etc service'   Does Ubuntu have something similar?
<bitprophet> depends. in my experience most daemons are quite stable and don't need watchdogging
<Psi-Jack_> Besides just /etc/init.d/service
<bitprophet> however my rails using co-workers have some awesome daemons that crash when anyone so much as sneezes near them, so they need constant hand holding. so I've been using runit for that (as they run them on centos boxes in production, so no upstart)
<Psi-Jack_> bitprophet, When you're dealing with highly needed daemons, you want to be 100% certain.
<bitprophet> Psi-Jack_: update-rc.d I think
<bitprophet> yes, it definitely depends on your needs.
<maswan> bitprophet: update-rc.d creates links in rc?.d to init.d
<bitprophet> and that's why upstart/runit exist
<maswan> it doesn't start/stop services itself
<Psi-Jack_> Hmmm, what a horrible name, update-rc.d?
<bitprophet> oh, sorry, I misread what he said
<Psi-Jack_> heh
<bitprophet> No idea, I always just do sudo /etc/init.d/<foo> <whatever>
<sgsax> there are several update-* scripts from debian
<sgsax> all for managing various things
<sgsax> update-rc.d manages stuff in the rc.d dirs
<Psi-Jack_> Yeah, I usually avoid using sudo direct-commands.
<sgsax> so it makes sense, but agreeably, it's a bit unweildy
<Psi-Jack_> I usually sudo su - first, then run them then exit
<sgsax> you can also use sudo -i
<Psi-Jack_> -i works too, long as it's the full login, so env gets proper.
<pmatulis> Psi-Jack_: you can try the chkconfig package (not sure it works very well)
<Psi-Jack_> rcconf works for a ncurses-based thing, but. what I was looking for was just a simple wrapper to call /etc/init.d/service
<Psi-Jack_> I'll just make an alias if one doesn't exist.
<sgsax> -i starts a new "initial login", -s just spawns a new shell
<pmatulis> Psi-Jack_: use the 'service' command then
<Psi-Jack_> Aha!
<sgsax> pmatulis: I always thought that was a rh-specific thing
<pmatulis> sgsax: yeah, i guess you can call it a port from red hat
<Psi-Jack_> Heh
<sgsax> not that there's anything wrong with that...
<Psi-Jack_> Too funny. --status-all shows question marks by.... A lot of stuff I know is running, like, ufw
<Psi-Jack_> Oy, fricken pain in the arse.. One of my systems at home, won't fscking boot up without a keyboard hooked up to it, it stops  to say it couldn't find a keyboard.
<Psi-Jack_> And it's an old Compaq 733, the CMOS doesn't have an option for disabling that error,
<Psi-Jack_> Anwyay..
<Psi-Jack_> So, ufw. So far, I'm not liking it, but I'm giving it a fair looksie.
<jdstrand> Psi-Jack_: re 'service --status-all', though I haven't looked at it, it is likely because service isn't smart enough to handle lsb output
<Psi-Jack_> So far, with ufw enabled, it blocks everything by default, so I had to ufw allow 22 to enable it, but that enabled it for BOTH internal and external network interfaces. What if I just wanted it enabled on a specific interface?
<jdstrand> Psi-Jack_: you can either specify the destination ip of the interface you want to listen on, or in karmic specify the interface directly
<jdstrand> Psi-Jack_: see 'man ufw' for details
<Psi-Jack_> karmic?
<jdstrand> Psi-Jack_: Ubuntu 9.10 (as yet to be released)
<Psi-Jack_> Oh
<Psi-Jack_> heh
 * Psi-Jack_ hates named versions.
<bitprophet> yea that's one thing that gets me about ubuntu
<Psi-Jack_> And Debian. :p
<bitprophet> yea
<bitprophet> at least debian has fewer names.
<Psi-Jack_> Especially when people refer to those versions, by name, not by version. I understand numbers.
<bitprophet> I used to constantly get hardy and gutsy mixed up for some reason
<jdstrand> I apologize for the jargon
<Psi-Jack_> Oh, no problem, really.
<bitprophet> Psi-Jack_: the "trick" is that they go alphabetically (at least nowadays) but I guess I'm mentally challenged because that never helps me
<Psi-Jack_> heh
<Psi-Jack_> I just know, so far, I'm not totally enthusiastic about ufw.
<Psi-Jack_> Good concept, but it's virtually impossible to make an uncomplicated firewall, sorry. ;)
<Psi-Jack_> All you do is complicate it
<sgsax> ufw doesn't run as a service, does it?
<Psi-Jack_> Not technically, no.
<jdstrand> Psi-Jack_: ufw currently targets single-homed bastion hosts. it's cli interface is quite helpful with that
<sgsax> it just configures netfilter, right?
<jdstrand> Psi-Jack_: a multi-homed host with routing is by definition complicated
<Psi-Jack_> yeah.
<Psi-Jack_> Which is why I'm not liking it. It's complicating. :p
<jdstrand> Psi-Jack_: ufw can help quite a bit there too
<Psi-Jack_> Especially when people are saying to use ufw just to enable ipmasq, like everywhere.
<jdstrand> ufw allow to <ip address of eth0> oprt 22 proto tcp
<Psi-Jack_> That'll work in 9.04?
<jdstrand> Psi-Jack_: yes
<jdstrand> sans typos
<jdstrand> sudo ufw allow to <ip address of eth0> port 22 proto tcp
<jdstrand> or with application integration
<jdstrand> sudo ufw allow to <ip address of eth0> app OpenSSH
<jdstrand> Psi-Jack_: ufw provides a framework the provides all the power and flexibility of iptables, but does a lot of the loegwork for you by default. so with two lines, you can enable the firewall and open ssh. IMO that is much easier than writing your own iptables script. but if you're more comfortable with iptables, feel free to use it
<jdstrand> Psi-Jack_: you might also be interested in https://help.ubuntu.com/9.04/serverguide/C/firewall.html, which discusses masquerading (among other things)
<Daviey> nijaba: I think i have resolved the language issue.
<nijaba> Daviey: yes? that would be great!
<Psi-Jack_> jdstrand, Yeah, tha's the ufw-based guide I followed to get it working,.. Or similar.
<jdstrand> re ufw and 'service --status-all': ufw exits with the proper code. it is likely a bug in the 'service' script not being able to handle LSB initscripts
<sammy> trying to move my / partition; I cp -a 'd everything to a new partition, updated /boot/grub/menu.1st with the new UUID and updated /etc/fstab with the new UUID. I ran update-grub and copied the new menu.1st to the newroot/grub/boot. what am I missing?
<jdstrand> but I haven't looked at the issue with 'service'-- it is speculation
<Daviey> nijaba: try, "$ fortune -u fr/ubuntu-server-tips"  I haven't commited it yet, but seems to solve it here.
<sammy> I'm sure it's something obvious, but I'm administering the box remotely, and now I'll have to walk someone through plugging a monitor in and fixing whatever I forgot. it must have been something small, or maybe a typo
<Psi-Jack_> jdstrand, The only problem is, it seems like ufw isn't really well documented much. Not even that website you referred me to, tells how to handle forwarding ports.
<nijaba> Daviey: yes it does
<Daviey> \o/
<jdstrand> Psi-Jack_: ufw doesn't 'do' handling port forwarding per se. it allows you to do it if you already know iptables
<nijaba> Daviey: "-u     Don't translate UTF-8 fortunes to the locale when searching or translating" what the heck!
<Psi-Jack_> Aha..
<jdstrand> Psi-Jack_: ufw focuses on 'host-based' firewalling
<Daviey> nijaba: odd eh?
<Psi-Jack_> Yeaah, So I'm noticing.
<nijaba> Daviey: very
<jdstrand> Psi-Jack_: so there is nothing in it to particularly help with port forwarding
<Psi-Jack_> jdstrand, Is there one you would better recommend for a server? single to multiple ip handling?
<jdstrand> Psi-Jack_: I'm not the right person to ask, tbh. I like ufw.
<Psi-Jack_> Yeah, well, this is #ubuntu-server. ;)
<Psi-Jack_> And sadly, THIS is the channel I was told, ufw is the "recommended" way to handle firewalls in Ubuntu.
<jdstrand> Psi-Jack_: ufw can do port forwarding just fine
<jdstrand> Psi-Jack_: you just add the appropriate rules to /etc/ufw/before.rules
<Psi-Jack_> Yeah, iptables-save-style rules.
 * jdstrand nods
<Psi-Jack_> Which writing those kind of rules by hand is painful enough.
<jdstrand> Psi-Jack_: any iptables guide on port forwarding will work
<pmatulis> heh, jdstrand likes ufw
<pmatulis> ;)
<jdstrand> Psi-Jack_: there are tools listed at the end of https://help.ubuntu.com/9.04/serverguide/C/firewall.html if you want to try something different
<jdstrand> pmatulis: ;)
<Psi-Jack_> Yeah, shorewall is one I tried, and it totally went fubar.
<Psi-Jack_> I might try that fireflier though
<sgsax> meh, keep your unnecessary ports closed and your service apps patched, just like momma always said
<sgsax> forget about firewalls :)
<jdstrand> Psi-Jack_: I would recommend you read http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html (also referenced in that guide)
<Skaag> how come I uninstall pure-ftpd with --purge and the /etc/pure-ftpd directory is not removed?
<Skaag> is there another switch to completely wipe out any remains?
<jdstrand> Psi-Jack_: if you are going to be setting up a routing firewall, you need to learn iptables and Linux firewalling concepts, regardless of the tool you decide to use
<Psi-Jack_> jdstrand, I know iptables, like the back of my hand,
<jdstrand> Psi-Jack_: then adding your handful of rules to /etc/ufw/before.rules shouldn't be too difficult... *shrug*
<jdstrand> anyhoo... back to work
<sgsax> Skaag: that should do it, unless you created your own files in that dir
<sgsax> are there any files left in there?
<Skaag> I tried deleting all files from it
<Skaag> even then it would not remove the empty /etc/pure-ftpd
<sgsax> so just the dir is left?
<sgsax> you used ls -la to make sure there are no hidden dotfiles lieft in there?
<Skaag> yes just the dir... no hiddens
<Skaag> kinda annoying :-(
<Skaag> because then when I try to install it again, it complains the directory is empty
<Skaag> ok I found out the problem
<Skaag> I needed to purge also pure-ftpd-common
<Skaag> somehow the purge was not affecting that package, but when I specifically purged it by name it worked
<sgsax> Skaag: good find
<Psi-Jack_> Okay, so I have a problem with openldap and ssl. I've created two totally different cakeys and server key for my openldap server, and ever since I enabled the TLS options, it's refusing to start anymore, because of TLS.
<Psi-Jack_> main: TLS init def ctx failed: -1
<Psi-Jack_> Permissions I made for testing, publically world readable.
<Psi-Jack_> The certs, that is.
<sven_oostenbrink> Hi there, anybody here who has experience with EMC powerpath on ubuntu? Will it actually work?
<giovani> sven_oostenbrink: I doubt anybody's familiar with the product here -- did you ask EMC? or just try it?
<sven_oostenbrink> well, try it.. it has a 5000 dollar license without trial.. :)
<sven_oostenbrink> And in the end, its just a friggin driver..
<giovani> sven_oostenbrink: well if you haven't already purchased it, then this is a question for EMC sales
<sven_oostenbrink> must be a pretty sweet driver if you ask me..
<sven_oostenbrink> giovani: I suppose.. I was just curious if anybody her has any experience with it
<giovani> sven_oostenbrink: understood, it's just not common at all -- I highly doubt anyone here has used it
<giovani> so best to talk directly to the source
<Psi-Jack_> $5,000 for an fscking DRIVER?
<Psi-Jack_> That's like choking the chicken without any post-satisfaction!
<giovani> Psi-Jack_: compared to EMC's storage solutions ... it's a drop in the bucket
<Psi-Jack_> I'd be finding a hell of a lot better storage 'solution' then, period.
<giovani> sven_oostenbrink: it might be worth looking into the open source alternative though -- multipath-tools
<giovani> Psi-Jack_: honestly, EMC makes high-quality products
<sven_oostenbrink> giovani: ahah... now you're talking
<Psi-Jack_> giovani, Not if they charge $5,000 for just a driver,
<giovani> heh
<giovani> that amount of money is negligable if it costs thousands of dollars to set up and maintain an alernative (in salary)
<sven_oostenbrink> giovani: in all honesty.. I find most "enterprise" product to give me loads of crap with just a small core of real functionality.
<giovani> you have to realize how large businesses have to think
<giovani> sven_oostenbrink: I agree -- but, they have value in very large deployments where engineering an alternative takes a long time, and is probably less stable and not as easy to hire people to maintain
<sven_oostenbrink> understood, but AFAIK, basically all powerpath does is bundle 4 fibrechannels into one...
<giovani> we're running into this at work right now, as we move away from home-grown NFS filers with various backends to NetApp
<corporate_cookie> dose anyone know where I can find some info on installing Informix IDS in ubuntu ?
<giovani> sven_oostenbrink: right, it becomes your storage driver -- that's a critical piece of the puzzle if it fails
<corporate_cookie> I do not seam to be able to find any relevant documentation
<giovani> corporate_cookie: talk to IBM?
<corporate_cookie> have you ever talked to IBM : )
<giovani> nope ... but it's not an ubuntu package
<corporate_cookie> thanks though ..i appreciate it : )
<corporate_cookie> true that
<giovani> http://www.informix-zone.com/node/532
<giovani> wow, 2nd google hit
<giovani> that was fast :)
<sven_oostenbrink> giovani: I know but.. thing is, we;re paying quite a bit already for EMC product.. Id say that this little part of it actually shoudl be for free since to me its like a basic functionality, same as with utp babsed networks.
<giovani> please use google next time
<giovani> sven_oostenbrink: then feel free to look into the open-source offering I mentioned
<giovani> http://www.ubuntu.com/register/informix
<giovani> seems I was wrong about ubuntu and informix
<giovani> it seems to be officially supported
<giovani> you must not've googled at all
<giovani> nor contacted IBM: http://www-01.ibm.com/support/docview.wss?rs=630&context=SSGU8G&dc=DB560&dc=DB520&uid=swg21252224&loc=en_US&cs=UTF-8&lang=en&rss=ct630db2
<corporate_cookie> giovani: i have googeled ....im looking for a good install guide ..IBM's documentation is rather generic
<corporate_cookie> thanks though
<giovani> it's an officially supported setup -- so much so that ubuntu.com has a page dedicated to the install -- it appears they provide a .deb -- if you don't know how to use dpkg ... oh boy :)
<uvirtbot> New bug: #413201 in ubuntu "[Sync Request] libmixlib-config-ruby" [Undecided,New] https://launchpad.net/bugs/413201
<sven_oostenbrink> giovani: I'll take a look at the open source version yeah, thanks!
<Nafallo> giovani: gdebi is the new hotness for deb installs, and not that new :-)
<Nafallo> resolves dependencies and such.
<giovani> Nafallo: good to know, thanks
<clusty> hey
<clusty> how can I read CPU temp sensor value
<clusty> from a console
<clusty> is there some place in /proc ?
<leonel>  /proc/acpi/thermal_zone/
<clusty> thanks
<clusty> leonel, nothing?
<clusty> leonel, ...weird. it's a core i7 and I can sweat I had temp sesors.
<Psi-Jack_> Hmm.. I don't got anything in that. heh. I have to use lm_sensors
<sgsax> Psi-Jack_: it's chipset dependant
<Psi-Jack_> Yeah. One of my othr systems had it. heh
<Psi-Jack_> Both HP's so kinda odd. :)
<sgsax> different kernels?
<Psi-Jack_> Nope.
<sgsax> or different mobos?
<Psi-Jack_> Different model HPs
<sgsax> sunspots? :)
<sgsax> that would do it
<Psi-Jack_> Yeah. heh. I have a server farm at home. 6, going on 7 computers.
<Psi-Jack_> Just wish I could get that one Compaq model P3-733 to stop erroring at boot about missing a keyboard. There's no option to turn that off. :/
<sgsax> ah, the old "Keyboard not found.  Press F1 to continue..." one of my alltime favs
<_ruben> its a keeper indeed
<thejudge> Hi
<thejudge> i need help
<_ruben> !help
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<thejudge> i want to know how to creat a box for Shell, BNC... Sous Ubuntu
<_ruben> get a pc .. install ubuntu on it .. hook it up to a permanent internet connection .. install bnc software .. done
<thejudge> i'm under Ubuntu right now
<thejudge> but i'm looking for the way
<thejudge> to install a box
<jmedina> what is that BNC... Sous?
<qman__> I'm not sure what you mean by "install a box"
<sgsax> thejudge: do you mean just install ubuntu on a new computer or server?
<uvirtbot> New bug: #336554 in awstats (main) "Use of uninitialized value $_[0] in pattern match (m//) at /usr/share/perl5/Geo/IPfree.pm line 80." [Low,Fix committed] https://launchpad.net/bugs/336554
<thejudge> sgsax:  no i have already ubuntu
<thejudge> i want irc box
<_ruben> you already have ubuntu, you already are on irc .. what more do you need?
<jmedina> thejudge: you want to install a irc server?
<qman__> the term "box" is generally used to refer to a PC, the actual hardware
<qman__> so if you already have ubuntu installed, what is it you want to do?
<qman__> do you want another server? or do you want a virtual machine?
<accol> can someone plz help me? the server i have set up keeps timing out when i try to connect from somewhere thats not home (at home it connects quickly), do i need to add a command to the server?
<qman__> accol, what service are you attempting to connect to?
<_ruben> accol: need to be a bit more specific
<qman__> ssh, http, file sharing?
<accol> sorry lol
<accol> ssh
<_ruben> accol: does that machine have a internet routable ip address?
<qman__> does your home network use NAT? as in, you have a router that shares your internet connection with multiple computers
<_ruben> or is it behind a nat router?
<qman__> if it does use NAT, you need to forward port 22 to the server in the router's configuration
<accol> jesus...i dont know....i have the ip address, and i can connect fine from other comps at home, but when i go somehwere else it times out
<_ruben> what's the ip ?
<qman__> is the IP address something like 192.168.1.10
<jmedina> that is a routing problem
<accol> yeah
<qman__> if so, that will not work from the internet
<qman__> that's a private use address only
<accol> damn
<qman__> you need to configure your router to forward port 22 to that address
<qman__> and find out what your internet IP address is
<qman__> go to a site like http://whatismyip.com/
<accol> i know the comps ip address (the server one, not the one im on right now)
<accol> its 192.168....
<qman__> yes, but you also need to know what your internet IP address is
<qman__> the one that is shared between all your PCs
<accol> ah ok
<accol> ok, once i find that where can i foward port 22?
<accol> thanks btw
<qman__> you have to go to your router's configuration
<qman__> usually, for stuff like a linksys, you browse to 192.168.1.1 in a web browser
<accol> ah awesome
<qman__> go to the port forwarding section, and forward 22 TCP to your server's IP, the 192.168...
<qman__> then, from elsewhere, you connect to your internet IP, that the site I linked shows
<qman__> and it should go through to your server
<accol> dude awesome
<accol> thanks so much
<qman__> keep in mind that your internet IP may change
<qman__> home connections tend to be dynamic
<blistov1> anyone know how to do a headless/serial install of ubuntu server/
<blistov1> ?
<accol> oh wow
<accol> that sucks
<sgsax> accol: not really, you just need to sign up with a dyndns service
<qman__> you can use a service like afraid.org or dyndns.org to get a free subdomain, which will always point to your IP
<sgsax> like no-ip.org
<accol> oh it....so those programs will always foward you to the ip despite a change?
<accol> got it
<sgsax> you sign up for the service
<qman__> you configure a script on your server which updates the DNS information periodically
<qman__> so when your IP changes, shortly after, it gets updated in DNS
<accol> thanks alot
<Psi-Jack_> namecheap is nice, too, for if you get your own domain.
<_ruben> luckily with ipv6 there's no need for isps to assign dynamic ip addresses anymore .. now lets fastforward a couple of years into the future ... :P
<Psi-Jack_> Bleh TCP/IP is a dead concept anyway. :p
<CppIsWeird> when downloading ubuntu server i see options for 64bit and 32bit versions, but when i click on bittorrent i only see amd64 and i386, does this mean there is only a 64bit version for amd-64?
<_ruben> the other 64bit architectures arent very common (and not supported afaik)
<_ruben> so in 99% of the cases 64bit equals amd64
<CppIsWeird> _ruben, do you know the reasons for this?
<_ruben> reason for what? not supported ia64 and stuff like that ? because its highly uncommon
<CppIsWeird> interesting.
<_ruben> 99% of all 64bit mainstream cpus are amd64 anyways
<Nafallo> it should be named x86_64
 * Nafallo mumbles
<_ruben> Nafallo: make it so! ;)
<Nafallo> _ruben: do I look like a damn jedi or something? ;-)
 * _ruben googles for a picture of Nafallo 
<Nafallo> lol
<CppIsWeird> just to make sure i understand correctly, you are saying that you dont find many intel 64-bit cpu's being used in server environments?
<_ruben> CppIsWeird: no.. im saying that mainline servers dont use architectures like ia64
<_ruben> most (all?) intel xeons are amd64/x86_64
<jtimberman> http://en.wikipedia.org/wiki/X86-64
<CppIsWeird> i never mentioned anything about ia64
<_ruben> the 64bit xeons that is
<CppIsWeird> i have an amd64 version of ubuntu server that i tried installing on my dual xeon 2.0ghz ibm x series server, and it said i had the wrong kernel and needed another version
<CppIsWeird> i can find no other version of 64bit ubuntu-server.
<_ruben> 2G xeon could very well be 32bits
<CppIsWeird> oh.
<_ruben> need to find out its exact type
<CppIsWeird> im having a hard time doing that. best i can find on the ibm site is that it has 512kb cache and is a 2ghz xeon
<_ruben> could check the bios of the server .. most servers tend to show the bussize somewhere
<CppIsWeird> _ruben, ok, one sec
<HellMind> how can I install the minimun xorg for wine
<uvirtbot> New bug: #386246 in awstats (main) "/etc/cron.d/awstats is preconfigured for apache1 not apache2" [Low,Confirmed] https://launchpad.net/bugs/386246
<_ruben> wine is not something i'd want on a server
<CppIsWeird> _ruben, well i cant find that right this second in the bios. but i get the feeling you are correct and i do not have a 64-bit cpu. thanks for the help.
<user345fgh> hi
<user345fgh> ive seen "install over ssh" in the advanced install options. is it possible to configure/start ssh and then continue a normal installation?
<_ruben> user345fgh: if the network-console module is loaded, you can jump in using ssh any time
<user345fgh> the normal installation is currently running. i just selected the disk to use
<user345fgh> is there a way to load the network console after the installer did partition the disks?
<qman__> CppIsWeird, amd64 is the common, modern 64-bit architecture -- modern xeons and core 2s and i7s use the amd64 architecture
<HellMind> Xorg :(
<qman__> despite being intel processors
<qman__> intel has incorporated it in one form or another in almost all of its processors since the Pentium 4 extreme edition
<qman__> under the moniker EM64T
<_ruben> user345fgh: not that i know of
<user345fgh> _ruben, so advanced, do everyting till network-console and then connect to the box via ssh?
<user345fgh> is the installation running in some screen that i can resume with screen -r from remote or how do i see the installation window remotely?
<_ruben> user345fgh: when network console is loaded, you get a prompt for ssh password to enter and an OK dialog, just before the disk part start
<_ruben> user345fgh: when connecting with ssh you get 2 options : start installer (at the point where it currently is), or start shell
<user345fgh> ah nice
<_ruben> dunno if it's screen'ed or anything
<user345fgh> i guess i will try that, just out of curiosity
<qman__> I never did see much point in it myself
<qman__> I've never taken more than ten minutes to install ubuntu server
<_ruben> complex disk layouts can take a while .. which is done "easier" from your comfy desk than noisy serverrom
<_ruben> room
<qman__> true
<qman__> if you did a massive multi TB RAID setup straight away, that would take a while
<qman__> I did that after the base install on my server, though
<_ruben> or just say software raid over 4 disks with lvm and say 10 lvs/partitions :)
<_ruben> or worse .. software raid over 4 disks and 10 partitions without lvm :)
<qman__> hehe
<qman__> that would be a bit nasty
<qman__> I recently added two disks to my RAID 5
<_ruben> especially with the classic software raid ... the non-partitionable one :)
<qman__> took about four hours to sync
<qman__> and that was with that kernel tweak
<_ruben> resizing raid scares the shit out of me :)
<qman__> without it, it was going to take 3 days
<_ruben> i think i had a resize going on for 30hrs or so :p
<_ruben> was ages ago tho
<qman__> sad thing is, it's almost full again
<qman__> going to have to go with bigger disks this time though
<_ruben> i wont resize my current fileserver's raid .. i'd just add a raidgroup to my lvm
<qman__> currently has 8 500GB ones
<_ruben> 4x1TB here
<giovani> 16x1.5TB here :)
<_ruben> and one box (out of service) with 6x200G pata .. and antoher (also out of service) with 6x250G sata
<giovani> 2 of those are parity drives
<qman__> I'm trying to wait as long as I can, for when 2TB disks get reasonably priced and tested out a bit
<giovani> there aren't any serious 2TB disks out
<qman__> then I'll build a second raid, move the data, and retire the old disks to other machines
<_ruben> got 2 boxes at work with 16x1TB drivers .. in 3 raid10 volumes .. rather disapointing performance though .. hardware raid, but sata just doesnt cut it
<giovani> WD "Green" drives are awful -- don't use them
<user345fgh> qman__, yes. its usually very fast compared to windows xp installation
<qman__> I'm a Seagate fan myself
<giovani> _ruben: SATA is unlikely to be a bottleneck here -- it's going to be the drive itself
<qman__> my bottleneck is the gigabit LAN :)
<giovani> well ... IP-based storage protocols are always going to be slow
<giovani> ATAoE is your best bet for commodity-cabling
<_ruben> giovani: sure, 10K sata disks *might* be better .. wont beat 15K sas tho
<qman__> yeah, but this IS just a SOHO network
<qman__> that's a bit pricey for this
<giovani> _ruben: it's not the SATA interface that's the bottleneck -- 15k SATA drives would work fine, if they were in common production
<user345fgh> giovani, may i ask whats saved on that hugh space?
<giovani> qman__: what's pricey?
<genesimmons> good day everyone....anyone have experience or know of a good howto to install snmp client side on ubuntu server 9.04 cacti server is already running??
<giovani> user345fgh: personal data
<qman__> SAS and non-IP storage networks
<user345fgh> ok
<giovani> qman__: ATAoE can be free
<giovani> hence commodity
<user345fgh> without movies i can barely fill 50gb space
<giovani> ATAoE is cheaper, and going to offer better performance than something iSCSI based
<_ruben> movies arent even my biggest space eater at the moment i think .. tons of wii games are
<giovani> of course, it doesn't directly compete with iSCSI on features -- but if you're just doing local storage ... it's going to be far better
<user345fgh> _ruben, the true liberation comes when you learn that you dont need everything at once...took me a long time
<qman__> my server was built from the start on a budget, it's a single core s939 athlon in an nforce 6150 board
<qman__> just an NCQ SATA controller, no RAID functions, hence the software RAID
<_ruben> xp1700+ with promise 4 port sata controllers
<qman__> yeah, the TX4s
<qman__> good controllers, those
<qman__> I've found out that mdraid really is pretty good
<qman__> if you can't spend real money on a nice hardware setup, it's not worth bothering with anything else
<clusty> hey
<clusty> i was wondering when will postgres 8.4 make it into ubuntu?
<clusty> now is only in karmic
<clusty> will it ever reach jaunty?
<giovani> clusty: well it would never reach the main jaunty repository -- as packages are never updated there -- security updates are normal, but major version changes never happen -- it may reach jaunty-backports, but it's unlikely
<clusty> giovani, thanks. so basically i will have to either self compile it, or switch to karmic to get PG 8.4
<clusty> thanks for answer
<giovani> clusty: or attempt to install the karmic package on jaunty
<clusty> giovani, is that a good idea?
<giovani> it honestly depends
<giovani> some packages may require core library updates ... in which case, you could break things
<giovani> it's worth testing in a vm
<giovani> if you're truly in need of 8.4
<uvirtbot> New bug: #248213 in awstats (main) "awstats.pl cronjob spawns too many instances resulting in very high load average" [Undecided,Confirmed] https://launchpad.net/bugs/248213
<clusty> giovani, well just today I wasted 10h to code SQL stuff around features already i 8.4
<giovani> there's a request for 8.4 to be backported -- you can voice your support here: https://bugs.launchpad.net/bugs/407822
<uvirtbot> Launchpad bug 407822 in jaunty-backports "backport postgresql-8.4" [Undecided,New]
<clusty> giovani, such stuff will add up (time to reinvent the wheel)
<giovani> you might also talk to #ubuntu+1
<giovani> they might have some info on it
<clusty> giovani, i am fine norm ally running anything past alpha4 of new ubuntus. would it be a good idea to switch to karmic?
<clusty> this is a developemnt environment
<giovani> clusty: I can't make recommendations on what's stable enough for your uses
<clusty> not production
<clusty> #ubuntu+1 might answer?
<giovani> I'd recommend you try both a full karmic install in a vm, and a jaunty install, with the karmic postgresql-8.4 packages installed and see which works out for you
<giovani> it also appears
<giovani> that there are some unofficial builds of 8.4 available for jaunty
<clusty> giovani, i meant more about the fact that non final realeases do send out crap every now and then
<clusty> i remember last year some libc bug caused the thing to become unbootable
<giovani> right ... only you can judge its current state for your needs
<clusty> will talk it over with "the guys" :D
<clusty> thanks a lot for info
<giovani> check out the PPA
<giovani> there are some 8.4 packages for jaunty
<giovani> https://launchpad.net/~pitti/+archive/postgresql/
<clusty> giovani, awesome thanks. hope it has all conribs and such. will look into it
<HellMind> help on my xorg , my log http://pastebin.com/m31bd342c
<giovani> HellMind: xorg support isn't relevant in #ubuntu-server
<HellMind> im runing #ubuntu-server
<HellMind> and I need xorg to use wine to use a gameserver :(
<giovani> HellMind: xorg isn't supported here though ... we discourage the use of guis strongly on servers
<giovani> HellMind: you can get support in #ubuntu
<stefan__> hell'
<stefan__> hello
<user345fgh> i did choose "start installation" after i connected via ssh to the machine. i did some steps without problems, but now the installer is running "network-console" again - is this supposed to happen?
<user345fgh> HellMind, also xorg for wine for gameservers doesnt make sense at all
<user345fgh> HellMind, gameservers dont need xorg
<andol> cjwatson: Are there any use in matching openssh bugs between LP and Debian BTS, or you do keep track of the overlap?
<cjwatson> andol: I keep track somewhat ineffectively. Feel free
<cjwatson> my next major todo item is to get openssh packaging out of cvs and into bzr so that I can actually let other people help in a useful way
<andol> cjwatson: ok, noted
<cjwatson> (basically if I happen to notice as it comes in then I mark it)
<uvirtbot> New bug: #412533 in openssh "Add patch from ssh bug #69 for non-X askpass support" [Wishlist,New] https://launchpad.net/bugs/412533
<kansan> i accidentally shut down mysql down with a kill -9.  as a reward i now cant start mysql and i see:  /usr/bin/mysqladmin: connect to server at 'localhost' fai error: 'Access denied for user 'debian-sys-maint'@'localhost' (using password: YES)'
<stefan__> kansan, that is not a major issue
<stefan__> that user will just try to do a scan of all tables to check for errors
<stefan__> if that is the only issue would should be fine
<TimReichhart> could anybody please tell me where I can place faxgetty on startup on 8.04.3 TLS
<jmedina> !startup
<ubottu> To add programs to start up when you log into your Gnome session go to System>Preferences>Sessions and use the Startup Programs tab. For more information, see https://help.ubuntu.com/community/AddingProgramToSessionStartup - See !boot for starting non-interactive programs at boot
<jmedina> !boot
<ubottu> Boot options: https://help.ubuntu.com/community/BootOptions - To add/remove startup services, you can use the package 'bum', or update-rc.d - To add your own startup scripts, use /etc/rc.local - See also !grub and !dualboot - Making a boot floppy: https://help.ubuntu.com/community/GrubHowto/BootFloppy - Also see https://help.ubuntu.com/community/SmartBootManagerHowto
<jmedina> ja
<HellMind> I entered ufw disable but it is still forwading some ports
<HellMind> its disable or not?
<jmedina> try /etc/event.d/
<jmedina> HellMind: how did you disabled it?
<HellMind> udw disable
<jmedina> ufw is not a running process filtering
<jmedina> so probably you diable the service to load at boot time
<jmedina> try
<jmedina> iptables -L  and see
<HellMind> but if I do iptables -L i dont see anything
<HellMind> but still the ports are forwarded :(
<jmedina> probably thery are already in the state table
<HellMind> what state table?
<jmedina> netfilter stateful table
<HellMind> my problem is I forwarded a port, editing some files .rules
<HellMind> Now I clean my modification
<TimReichhart> could anybody please tell me where I can place faxgetty on startup on 8.04.3 TLS
<HellMind> but it seems that  port is being forwarded
<HellMind> how can FLUSH that?
<jmedina> well I dont know ufw, I know iptables and netfilter....
<jmedina> TimReichhart: try /etc/event.d/
<TimReichhart> alright but which event.d ?
<HellMind> uncomplicated , yeah right
<jmedina> gogole ubuntu upstart faxgetty
<HellMind> ubuntu server uses ufw :(
<HellMind> so anyone from here should know
<jmedina> HellMind: forwarding rules are not loaded in filter table default for iptables -L, they are loaded in nat table
<jmedina> so try
<jmedina> iptables -t nat -L -v -n
<HellMind> that will clean all ?
<jmedina> TimReichhart: it is documented in official hylafax documentation
<HellMind> thats filled
<jmedina> http://www.hylafax.org/content/Handbook:Binary_Package_Install
<jmedina> there you will find some examples
<HellMind> how can I flush that :(
<HellMind> iptables -t nat -F?
<jmedina> iptables -t nat -F?
<TimReichhart> but they took out /etc/inittab in 8.04.3
<HellMind> jmedinatell me how can I flush that
<jmedina> Â¬Â¬, did you lredy read that page?
<HellMind> oh  :D
<HellMind> Its flushed: P
<HellMind> :P
<jmedina> man iptables for more info
<HellMind> that page is for me=
<Noah0504> Has anyone had experience with jabberd2?
#ubuntu-server 2009-08-14
<TimReichhart> alright I got a other question how to I know if my modem is linked to tty port because right now its on /dev/536ep0
<jmedina> ls -l /dev/ | grep 536?
<TimReichhart> alright here is the output crw-rw---- 1 root   dialout 240,   1 2009-08-13 19:04 536ep0
<CppIsWeird> qman__: [16:06] <qman__> CppIsWeird, amd64 is the common, modern 64-bit architecture -- modern xeons and core 2s and i7s use the amd64 architecture
<CppIsWeird> interesting, i did not know that.
<giovani> really?
<giovani> heh
<giovani> technically its name is x86-64
<giovani> but amd branded it amd64
<jmedina> yea, amd owns sparc developers
<TimReichhart> is there anyway that I can sym link my modem from /dev/536ep0 to a ttyS0?
<giovani> TimReichhart: I'd recommend making it /dev/modem instead
<giovani> as /dev/ttyS0 probably refers to an actual port
<giovani> you can do this with udev rules
<TimReichhart> giovani can you tell me how to sym link it to /dev/modem
<giovani> TimReichhart: which release of ubuntu are you using?
<TimReichhart> 8.04.3 TLS
<giovani> TimReichhart: adding something along the lines of KERNEL=="536ep0", SYMLINK+="modem" to /etc/udev/rules.d/60-symlinks.rules should do the trick
<giovani> you may or may not have to add some permissions in the permissions rules file
<giovani> experiment, and use google
<giovani> if you have problems
<giovani> then issuing a "sudo /etc/init.d/udev restart" should put that into place
<TimReichhart> giovani: the problems I am having is IM trying to get the modem to come on online on hylafax but when I do faxstat its just saying waiting for modem to come ready
<HellMind> how can I remove the rules That I added here before.rules
<giovani> TimReichhart: that's unrelated to symlinking, but alright
<HellMind> cuz my server is portforwarding
<giovani> HellMind: I don't understand your question
<HellMind> I forwarded a port adding rules to before.rules
<HellMind> Now, i removed that rule
<HellMind> I restarted ufw
<HellMind> I flushed every iptables table
<TimReichhart> giovani: but see my modem is in a different loaction then what hyalfax is looking for my modem is listed as 536ep0 instead of ttyS0
<HellMind> but the port is still being forwarded
<giovani> HellMind: sorry, I'm not familiar with ufw
<giovani> TimReichhart: you can tell hylafax to look anywhere you like
<HellMind> argh why damn UFW it blacklisted a port :@ I cant use it anymore
 * jmedina loves shorewall
<jmedina> real firewall
<giovani> haha
<giovani> shorewall is not a firewall
<giovani> it's a configuration tool
<jmedina> :)
<jmedina> I know
<giovani> so let's not give it any credit beyond that
<jmedina> ok
<HellMind> what were they thinking bring ubuntu server with that damn ufw
<stainer> most people firewall long before the server
<jmedina> HellMind: whate are you using something that you dont understan?
<jmedina> dnot blame ubuntu developers, if you have problems report a bug
<TimReichhart> giovani: it seems like I dont have a /dev/modem listed
<jmedina> well time to go offline
<TimReichhart> giovani: so I cant do the sym linking
<giovani> TimReichhart: you absolutely can ... I've told you how to do it
<giovani> however, there's no need to make a symlink just for hylafax
<giovani> it'd just be for aesthetics
<TimReichhart> well im trying to get hylafax to work
<TimReichhart> its just the modem im trying to get online
<giovani> right, and I've explained
<giovani> that hylafax can be told to use any device name, so you don't need a symlink
<giovani> however, if you'd like to create a symlink, I told you how to go about that as well
<clusty> hey
<clusty> i did a usermod -a -G vboxusers <my user> to allow myself to use VirtualBox, but this wont work
<clusty> afterwords when i doa  groups, i do not see the vboxusers listed
<clusty> clues on what can be going on?
<giovani> clusty: you need to log out and log back in
<giovani> for groups to apply
<clusty> no difference
<giovani> heh
<giovani> then you didn't run the command properly
<clusty> /etc/groups contains:
<clusty> vboxusers:x:135:j.dittmer,vlazar
<clusty> i am second
<giovani> you need to log out
<giovani> and log back in
<giovani> period
<giovani> it will work
<clusty> i am in a VNC session
<clusty> kill vnc?
<faileas> I'm running an IRC/Web server for personal use, and i'm looking for a easy solution to back it up. My hardware's a little old, so i'd like something that'd backup the whole system, and restore it to a bare metal system, without needing to take it down for backups. Any suggestions i should look at?
<gop> hi
<gop> in joomla, I am getting "he FTP settings are not valid or your FTP server is not compatible with Joomla!:
<gop> The function "STOR" failed
<gop> anyone here on ubuntu got joomla to work with ubuntu server
<mathiaz> jtimberman: hey
<mathiaz> jtimberman: I've acked a couple of your sync requests (see my email)
<mathiaz> jtimberman: what is left on REVU? merb and chef?
<foxbuntu> faileas, the only thing I know that can do bare metal restores in Linux on a live server atm is Acronis, its not OSS and not free, but I have worked with their products for a long time and love them, however if you are looking for something free and OSS then you might consider looking at CloneZilla (can't image the server live) or using dd (also requires being offline), if you don't need bare metal restores a cron job and tarballs will
<foxbuntu> do the trick
<faileas> foxbuntu: i got acronis home. I've done a tarball of the whole system, and plan on doing periodic database dumps, and home directory dumps (since a lot of things run as a normal user at the moment)
<foxbuntu> faileas, that should about cover it, although there is no need for whole system backups
<foxbuntu> faileas, whole system tarballs that is
<foxbuntu> faileas, I personally just grab /home /etc usually
<faileas> foxbuntu: lol, yeah, i'm still trying things
 * faileas thinks between /var/www, /home/ircd/ and the database i should be covered
<foxbuntu> faileas, yeah
<foxbuntu> faileas, sorry, wasnt thinking about web
<foxbuntu> faileas, the other thing you might was to grab is the package list
<faileas> i run web and irc (unreal/anope, a jbouncer bnc (i don't like psybnc) and qwebirc
<faileas> lol
<faileas> i know what i installed.. pretty much nothing non standard but java
<foxbuntu> faileas, yeah...I usually grab one after I get a server deployed and then again after any major change
<foxbuntu> seems to work for my needs, but thats me
<foxbuntu> :)
<faileas> i got it deployed (again) last week. Its been up and down since i'm running on junk hardware ;p
<foxbuntu> lol
<foxbuntu> I understand that
 * faileas does note a tarball is only 620 mb ;p
<faileas> *full
<foxbuntu> yea
<foxbuntu> the system is pretty light weightttt
<faileas> it isn't even running ubuntu server. its running minimal, with the necessary things
<foxbuntu> ah
<foxbuntu> Ubuntu JeOS eh?
<faileas> (screen/screen profiles, java, lamp stack)
<faileas> no, ubuntu minimal
<foxbuntu> ah
<foxbuntu> right
<foxbuntu> JeOS is VM optimized
<faileas> this is live hardware. PIII 450, 640 mb ram, 40 gb hard disk space
<foxbuntu> nice
<faileas> I'm not sure, but i'm told its a bad idea to run an irc server on a VM if you intend to link it
<faileas> (which i might)
<foxbuntu> I think my cable box has more power ;P
<faileas> passively cooled, only fan is in the PSU ;p
<foxbuntu> irc server or proxy?
<faileas> (i have a atom box which i use as a 'loaner' desktop, which'll replace this when i goes down
<faileas> both
<foxbuntu> Im on my proxy right now (have been for a year) and its a vm
<foxbuntu> but I do run VMWare ESX, not the freebie VM
<faileas> oh, for the VM?
<faileas> server - since lots of VMs don't have accurate clocks, and IRC linking is VERY dependant on accurate clocks
<foxbuntu> oh, the clocks are easy nuff to fix
<foxbuntu> I hoestly havent worked much with KVM but would assume the same of it
<jtimberman> mathiaz: hey there, i was eating.
<mathiaz> jtimberman: hey - my dinner is almost ready here ;)
<jtimberman> mathiaz: also added in REVU are coderay (http://revu.ubuntuwire.com/p/coderay), stompserver (http://revu.ubuntuwire.com/p/stompserver), and libsystemu-ruby (http://revu.ubuntuwire.com/p/libsystemu-ruby)
<jtimberman> with those others ack'd in launchpad, how long until they sync into karmic?
<mathiaz> jtimberman: I'll ping an archive admin so that we can get them done before the end of the week
<jtimberman> Sweet
<mathiaz> jtimberman: are the syncs required for building the packages on REVU?
<jtimberman> for installing
<jtimberman> chef requires the mixlib
<jtimberman> Chef packages taht is, require the mixlibs
<jtimberman> we wrote the mixlibs too :)
<mathiaz> jtimberman: ok
<jtimberman> mathiaz: since there was overlap in functionality for those in ohai and chef, we split them out to be useful libraries for other ruby developers too.
<jtimberman> mathiaz: by 'end of the week', do you mean tomorrow? :D
<mathiaz> jtimberman: what about libsyntax-ruby  ?
<mathiaz> jtimberman: yes
<jtimberman> unneeded with chef 078, we switched to coderay
<mathiaz> jtimberman: ok
<jtimberman> Debian didn't want syntax because its 'unmaintained' per the author of the library himself.
<mathiaz> jtimberman: I'll nuke http://revu.ubuntuwire.com/p/libsyntax-ruby then
<jtimberman> who also suggested coderay to replace it, as thats what he's using.
<jtimberman> thanks, i thoguht i did that but it might not like me.
<mathiaz> jtimberman: right - it doesn't seem to have work for me either
<mathiaz> jtimberman: anyway everything is upload to REVU now
<mathiaz> jtimberman: I'll give it a look next week
<mathiaz> jtimberman: if you can find another ubuntu dev to sponsor it the better ;)
<jtimberman> Thom said he would back up on that. and per my email, ScottK had talked to btm about it some time ago but I haven't heard anything from him yet.
<jtimberman> mathiaz: fwiw, i've set up an apt repo and tested that 'apt-get install {chef,chef-server}' gets the desired functionality. :)
<mathiaz> jtimberman: Have you looked at PPAs to publish your own chef packages?
<mathiaz> jtimberman: https://help.launchpad.net/Packaging/PPA
<jtimberman> this was on my internal testing VM and LAN
<randy_> Can anyone help me setup 2 nic cards in ubuntu server 9.04. One for the internet with static ips and the other one for the intranet with dynamic ips (192.168.1.2/50).
<giovani> haha
<twb> randy_: what is there to set up?
<giovani> randy_: man interfaces
<randy_> My setup right now isn't working so I am trying to fix it.
<twb> randy_: what part isn't working?
<randy_> I have a cox modem with a switch between it and the router. The router is set as dhcp server. The nic card with the static ip addresses on it is connected to the switch. The other nic card is connected to the router with "automatically get ip and dns"
<twb> Incidentally, /50 doesn't make sense.
<twb> You can only go up to /32, which specifies a single IP
<randy_> yeah, the /50 means the ip address range that is leased from dhcp.
<twb> I don't think I like your router, then
<randy_> It doesn't have the /50 in it. that is just the way I wrote it to say that I have it set up to lease 48 addresses.
<randy_> 59
<randy_> 49 I mean
<twb> That's still retarded
<twb> a.b.c.d/e by convention means a CIDR block
<giovani> randy_: so anyway ... what's the actual problem?
<randy_> I can't reach the server from the outside world nor can I ping the other computers on the router. They can ping each other but not the server.
<randy_> I setup the /etc/network/interfaces file with the correct ip address, netmask, and gateway given to me by cox. I set them up as eth0 and the intranet I setup as eth1 and dhcp.
<randy_> from my home I can ping the gateway which is 24.249.166.129 but not the first of 5 ip addresses 24.249.166.138 through 142.
<twb> randy_: are there machines using those IPs?
<randy_> The 5 static ips are all going to be on one nic card on the server. Right now only one is setup and it is 24.249.166.138.
<twb> Does the server know that it owns those five IPs?
<twb> It will not respond to pings for IPs it doesn't care about.
<randy_> Right now, no. I was going to setup the other four with webmin after I can reach it on the static ip that is already set just not working.
<twb> Sorry, I will not help webmin users.
<giovani> webmin is officially unsupported here
<twb> Plus, I really hate it
<randy_> I understand. I just need to get the one address working. Can you help me?
<randy_> I would rather not use webmin either, is there another way to administer a web site from remote?
<twb> randy_: sure: ssh.
<randy_> I use putty too. Sometimes I need the help of a gui. I am somewhat of a newbie to linux. I am trying to learn how to do it all from the command line, but it takes a while. Please help me with my current challenge then we can talk about the mistakes I've made.
<randy_> I can only use ssh when I can reach the machine remotely and right now I can't.
<twb> OK, I need to draw a network diagram.
<randy_> Okay, thank you very much.
<twb> So your router is doing NAT?
<twb> I'm confused as to why you have a second NIC in the ubuntu server at all.
<randy_> It is a netgear and it has been setup with defaults.
<twb> Unfortunately, I am not chief architect at Netgear.  I do not know what the default setup is for arbitrary netgear kit.
<randy_> One for the intranet and one for the internet. If one card can do it, I'll remove the other one. One card is 192.168.0.2-50 with the gateway set at 192.168.0.1 and the network mask at 255.255.255.0. the other nic is for the internet setup as 24.249.166.138-142 with netmask set as 255.255.255.240 and gateway 24.249.166.129. I hope that helps.
<twb> 192.168.0.0/24 is the network used by the router's DHCP server?
<randy_> Obviously I don't have the 138-142 in the interfaces file, that is just the ip address range that was given to me from cox.
<randy_> Yes.
<twb> Cox is an ISP?
<randy_> Yes.
<twb> And they have given you a bunch of public IP addresses, 24.249.166.138 through .142?
<randy_> Yes.
<twb> What is doing the PPPoE or PPPoA?
<twb> (I'm assuming an ADSL modem.)
<randy_> It is a cable modem. I don't know much else about it.
<randy_> Sorry.
<randy_> It's not dsl if that helps.
<twb> Hm.
<twb> What is the interface name (e.g. eth2) of the NIC you're currently configuring statically?
<twb> For that matter, how do you login to the router?
<twb> For that matter, how do you login to the MODEM?
<randy_> eth1
<twb> I mean, does the modem have an IP address?  If so, what is it?
<randy_> The modem address is 24.249.166.129 you can ping it but I haven't been able to reach it with a browser.
<twb> Do you have physical access to the ubuntu server?
<randy_> I don't right now. I'm at home, it is at the office.
<twb> OK, then I won't try that.
<twb> So what is the process you're using to ssh into it from the office?
<randy_> I am computer savy, I have setup quite a few windows networks, I am trying to break away from windows and go exclusively to linux. I just have some more learning to do.
<randy_> I am not able to ssh into it at all. I can only access it physically, not from any other machines on the network.
<twb> This is probably the wrong time to ask for help configuring it, then, if you can't configure it until you get home...
<randy_> I'm sorry, I will try to contact you tomorrow during the day when I'm setting in front of it. I will have to setup irc on the vista box next to it in the office. I was just trying to use my new ubuntu-desktop computer at home.
<twb> If you need irc you can just install irssi on the server; that doesn't need a GUI.
<randy_> How do I do that?
<twb> "apt-get install irssi"
<twb> Then "irssi -c irc.freenode.net" and type /join #ubuntu-server
<twb> It's pretty straightforward.
<randy_> I was just typing that. Okay, I will. Thank you so much for your time.
<randy_> I have copied that line and will do it from the server tomorrow. Thank you
<twb> No worrise.
<ScottK> jtimberman: What did I do/say I'd do?  It's not clear to me from the backscroll.
<psi-jack> Oi! This is fscking annoying!
<psi-jack> The OpenLDAP guide is broken on Ubuntu docs.
<twb> Report it as a bug
<twb> And I think you mean "Oy" ;-)
<psi-jack> No, I meant Oi, as I said Oi. :p
<psi-jack> Anyway, the apparent bug in the community documentation on for openldap is the SASL stuff.. It covers nothing on SASL, and openldap defaults always to use SASL auth binding.
<psi-jack> And I'm not 100% familiar with how to fix it exactly.
<acalvo> I've a working mail server on my LAN, and I'm setting up a new mail server with dovecot plus postfix. But when I try to send a new mail from the new server, it gets relayed to the old server. How can I avoid that?
<stefan__> aloha
<stefan__> do you guys know what package is updating the motd in 9.04 with the packages that need upgraded ?
<_ruben> combination of update-motd and update-notifier-common
<stefan__> thanks _ruben
<twb> Cute
<twb> Sticking to 8.04, I didn't know about that new feature
<stefan__> twb: depends on the hardware you use, if you use new hardware 804 won't work
<stefan__> so sometimes you have to go with 904
<twb> Believe me, NEWness of hardware is never a concern for me
<twb> My hardware problems are mainly due to kit being chinese knock-offs or fifteen years old.
<stefan__> i believe you :), I was just saying that sometimes you have to use a different version other than LTS
<twb> Granted.
<RoyK> we use LTS on important servers and 9.04/latest on workstations and development servers
<stefan__> I know , we have LTS on most servers , but newest hardware doesn't work with 804
<RoyK> common problem :)
<maswan> Same here, but I run 9.10 on that. ;)
<stefan__> maswan: didn't had the guts to run 9.10 yet :)
<maswan> karmic also has postgres 8.4, which is a significant point in favour for us. so since we don't need to take this set into production until october, we might as well start out with karmic. especially since it was closest to netboot properly into the installer, just missing some module dependancies. :)
<stefan__> if it's not going in production than it all for the best to go with the newest
<stefan__> version
<foolano> guys, do you know if ubuntu-vm-builder is capable of creating karmic images already?
<soren> It is.
<soren> If you grab the latest version from Bazaar, at least.
<soren> bzr co lp:~vmbuilder
<foolano> soren: thanks :)  in that case i wasted my time adding a karmic puglin and getting ride of chpasswd -e :P
<acalvo> can I use DNS when setting up a DHCP3 server?
<acalvo> for the wins, dns servers?
<acalvo> instead of using their ip address?
<stochastic> Hi, I'm trying to mount a fat32 external harddrive on my Ubuntu Hardy install but no matter what options I put into /etc/fstab it mounts it only readable by root
<ravindu> Urgent help ,Is there any cases that ubuntu server has implemented in IBM Tower server with clustering support
<th0mz> stochastic: mount -o,rw /xxx ?
<ravindu> Urgent help ,Is there any cases that ubuntu server has implemented in IBM Tower server with clustering support
<stochastic> th0mz, nope the rw option doesn't help
<th0mz> is it fat32 or ntfs ?
<stochastic> fat32
<th0mz> idont know why then, sorry
<stochastic> I've even specified the gid and uid in /etc/fstab
<ravindu> how to implement ubuntu server on IBM Tower server with clustering support any resources?
<_ruben> acalvo: you want specify your dns server by hostname .. how do you think that would work? :)
<acalvo> _ruben: you're right, too much hours working make me buzz my head
<garymc>  Hi peeps, everytime i click on my launchers when logged in as a particular user, it loads opens it in text editor and not firefox. I want it to open in firefox? When i right click it there is no option to open with other program. When i goto /var/www/ and right click on insert.php it says open with firefox. So i pressume thats all correct. Now when I log in with another user it all works fine??? whats happening here and how
<garymc> can i fix it
<StrangeCharm_> is sysklogd the program that i should  be using to recieve system logs from another machine?
<stefan__> StrangeCharm_: no , if you want that use syslog-ng
<StrangeCharm_> thanks, stefan__
<stefan__> no probs
<StrangeCharm_> will the apt package for that run it on boot?
<pmatulis> StrangeCharm_: i just got in, what was your query re logging?
<StrangeCharm_> pmatulis, i was looking to recieve syslogs from another machine, and stefan__ recommended syslog-ng
<pmatulis> StrangeCharm_: you should know that rsyslog is now the default logging system in karmic, and it is very powerful
<pmatulis> StrangeCharm_: it can do anything syslog-ng can do and more
<StrangeCharm_> pmatulis, i'm not sure how much power i need. however, would you definitively recommend it over syslog-ng?
<pmatulis> StrangeCharm_: if you will be running karmic and beyond, yes
<pmatulis> StrangeCharm_: it's also more aligned with open-source (syslog-ng has a dual license)
<StrangeCharm_> pmatulis, so i noticed. however, i don't currently have plans for karmic
<pmatulis> StrangeCharm_: ok
<StrangeCharm_> pmatulis, nonetheless, the licencing argument is persuasive. i'll try rsyslog.
<pmatulis> StrangeCharm_: great, let us know how it turns out
<macrocosm144> Whats the easiest (free) way to backup an entire ubuntu 8.10 server?  I am using rsnapshot currently which is nice but I think it would be smart to do full image backups periodically and have them sent to another machine.  How do you prefer to handle this?  For instance I would like to upgrade my system to the latest 9.x branch but I would like to be able to restore the whole system if...
<macrocosm144> ...something goes awry.
<StrangeCharm_> pmatulis, i have no idea what's going on in this conf file. does rsyslog automatically listen for logs sent from other machines?
<pmatulis> StrangeCharm_: no, you need to configure that
<StrangeCharm_> pmatulis, to the documentation, then, what fun!
<pmatulis> StrangeCharm_: the project has a friendly mailing list as well
<StrangeCharm_> pmatulis, i'd rather spend an hour of my time working thing out then spend a man-hour or more of other people's time reading and replying to/ignoring my email
<macrocosm144> lol
<_ruben> sysklog reports remote syslog just fine as well
<_ruben> s/reports/supports/
<StrangeCharm_> _ruben, inbound or outbound?
<StrangeCharm_> is there a good guide for setting up a samba server on one box, and mounting shares from it on another?
<_ruben> StrangeCharm_: both
<_ruben> StrangeCharm_: inbound: add -r to the commandline .. outbound: add @remote.host.com instead of /var/log/whatever to /etc/syslog.con
<_ruben> f
<StrangeCharm_> _ruben, good to know, but i've set up rsyslog now
<pmatulis> StrangeCharm_: rsyslog will give you more possibilities for remote logging such as SQL logging and encrypted logging
<StrangeCharm_> pmatulis, i see that, but my requirements here are pretty simple
<pmatulis> StrangeCharm_: well simple remote logging has been available in the stock sysklog system for many years.  sorry to misguide you
<a_ok> does anyone know if hardy is vulnerable for this? http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
<Jeeves_> a_ok: All kernels
<Jeeves_> As in, *all*
<a_ok> Jeeves_: well my gentoo kernel is not. As its configured differently (eg decent mmap_min_addr no SELinux and only protocols i need). so I wonder if my ubuntu systems are vulnerable since I haven't seen a patch yet
<a_ok> Jeeves_: ?
<Jeeves_> a_ok: Afaik, everything is vulnerable
<Jeeves_> kees might have more info on this
<henkjan> i guess kees is busy updating kernel packages :)
<Jeeves_> :)
<a_ok> lol hope he is than. thanks
<stefan___> have you guys seen this ? http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html
<stefan___> dated today
<stefan___> yesterday actually :)
<Jeeves_> stefan___: 14:11 < a_ok> does anyone know if hardy is vulnerable for this? http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
<stefan___> afects all  kernels since 2.4 to 2.6.30
<stefan___> --------------------
<stefan___> Affected Software
<stefan___> ------------------------
<stefan___> All Linux 2.4/2.6 versions since May 2001 are believed to be affected:
<stefan___> - Linux 2.4, from 2.4.4 up to and including 2.4.37.4
<stefan___> - Linux 2.6, from 2.6.0 up to and including 2.6.30.4
<a_ok> stefan___: torvalds patched it already we are waiting on kees aparently.
<stefan___> good ol torvalds :)
<a_ok> if the ubuntu kernels are vulnerable at all (there are conditions where this adress space can not be executed)
<stefan___> ok didn't know that . don't have that much understanding of the kernel yet
<stefan___> from what I understand you need a local account to make this work anyway
<a_ok> stefan___: yes or at least controle a local program. check out on the bottom of the page where it sais solution ;)
<stefan___> so how does the process work ? torvalds makes a patch and then notifies all the linux distros ?
<a_ok> and also the mitigation section
<a_ok> stefan___: hardly Linus commits patches on kernel.org distro maintainers watch for new kernel things and security stuff anyway and they patch there kernels when nessesary. after making sure it does not conflict with there own (distro spesific) patches
<a_ok> At least thats how I understand it
<stefan___> ok , good to know as I had no idea of the process at all
<a_ok> stefan___: well most of the time big security issues with get patched real fast even in the less actively developed distro's.
<stefan___> from what I see about min_addr in the mitigation section 804 and 904 shouldn't be vulnerable
<a_ok> stefan___: I don't know for sure if it gets overruled when compiling with SELinux support even if it's disabled
<stefan___> i don't know about SElin as I don't use it
<a_ok> me neighter. never used it barely used ACL. simple is good as long as you don't miss out on key functionality
<stefan___> older 2.6 kernels , example 2.6.15 don't have the vm.mmap_min_addr implemented though
<Psi-Jack_> Curious. The OpenLDAP provided from 9.04's packaging, doesn't provide a slapd.conf, so how would I disable SASL authentication globally?
<Boohbah> Psi-Jack_: what do you mean disable SASL authentication globally? have you setup something to authenticate using SASL? a mail server perhaps?
<Psi-Jack_> Boohbah, SASL authentication is not needed, nor wanted. OpenLDAP's authentication through SSL and Kerberos is fine, no need for SASL.
<Boohbah> Psi-Jack_: there is no global authentication setting that i know of, you need to configure authentication individually for each application
<Psi-Jack_> Boohbah, In this case, it's OpenLDAP. :p
<Psi-Jack_> -THE- application trying to use SASL.
<Boohbah> ahh, now i understand
<a_ok> Psi-jack: kill the sasl daemon?
<Psi-Jack_> Yes. It's an OpenLDAP-specific issue.
<Psi-Jack_> a_ok, I don't have one running on the server running kdc and openldap. :p
<Psi-Jack_> Again, this is an OpenLDAP issue, SPECIFICALLY.
<a_ok> Psi-Jack: sorry missed the reest was just reading up on it now. Boohbah is on it, stearing clear
<Psi-Jack_> Hehe
<Psi-Jack_> Yeah, don't know if Boohbah is knowledgable enough to be helpful.
<Psi-Jack_> .. either. ;)
<Boohbah> nope
<Psi-Jack_> Yeah. hehe - Judging my your previous words, you didn't know openldap. It's no biggie. I'll find someone who is eventually. :)
<Boohbah> i am educating myself now
<sgsax> Psi-Jack_: is it something you can change in your pam configs or nsswitch?
<Psi-Jack_> Nope
<sgsax> using openldap for local auth, or auth for a service?
<Boohbah> how do you know that openldap is trying to use sasl authentication?
<Psi-Jack_> The problem is with openldap itself. I'm trying to use the ldapscripts for ldapadduser, but it's using a full v3 bind which includes using sasl auth, but fails because sasl auth isn't in use.
<Psi-Jack_> Boohbah, ldapscripts.log :)
<sgsax> ldap.conf has settings for tls, I know, but nothing for sasl
<sgsax> wait... have you tried this in your ldap.conf:
<sgsax> sasl_secprops maxssf=0
<Psi-Jack_> Yeah, but that's not for the server.. Hmmm, though that is for the client.
<Psi-Jack_> But no, that doesn't change what I'm seeing. I had had that,.
<a_ok> Psi-Jack have you checked /etc/defaults dir? that kind of settings are often in there
<sgsax> slapd seems to be a seperate package, perhaps you need to actually install it to get what you need
 * sgsax makes a wild guess
<Psi-Jack_> Stop wild guessing please. ;)
<sgsax> shutting up :)
<Psi-Jack_> Unless you know openldap, you can't really help me at all.
<sgsax> I use it for auth against AD, but not for auth by itself
<Psi-Jack_> Bleh, AD...
<sgsax> tell me about it...
<sgsax> recently went round and round with it
<sgsax> black fscking magic
<a_ok> Psi-Jack: did you check out https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html . I don't know openldap (at least not on ubuntu) but I can't find anything else usefull on SASL and openLDAP. perhaps you need to set up sasl properly and than not use it... bit rediculous but if it gets you going
<a_ok> Psi-Jack: search for SASL on the link i just gave
<Psi-Jack_> a_ok, Yep. In fact, that's the thing that has bugs in it not mentioning SASL at all, but depends on it.
<a_ok> Psi-Jack: well you would not be the first with this problem than. I'm out of idea's perhaps try openldap channel?
<Psi-Jack_> I'm doing that too, yes.
<Psi-Jack_> ldapadduser fails, because of authentication failures, because it's trying to use SASL.
<Psi-Jack_> Roughly short and simple.
<Boohbah> Psi-Jack_: perhaps it is a compile-time option that needs to be disabled. in gentoo i see a sasl USE flag suggesting that this support may be set at compile time. though i would imagine there should be a way to turn it off in config.
 * Boohbah done wild guessing now
<froud> hi, server 8.10, I've installed phpmyadmin with apt-get and configured apache2.conf but when I load http://serverip/phpMyAdmin I get msg "Cannot Complete Request". Anyone know of this problem?
<froud> I also ln -s /usr/share/phpmyadmin/ /var/www/phpmyadmin
<froud> oh dah fixed needed permissions for www-data
<froud> thanks'
<uvirtbot> New bug: #413640 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.0.67-0ubuntu6 failed to install/upgrade: subprocess post-installation script killed by signal (Interrupt)" [Undecided,New] https://launchpad.net/bugs/413640
<kees> stefan___: by default, Ubuntu 8.04 and later is not vulnerable.  If, however, you've got wine or dosemu installed, you are.  Basically, check the setting of /proc/sys/vm/mmap_min_addr  If it's zero, you're vulnerable.
<stefan___> kees: thanks I did that
<stefan___> only vulnerable on a few old systems
<stefan___> that run 6 LTS
<kees> stefan___: correct.  in those cases, you can use the workarounds detailed in the RedHat bug linked from: http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-2692.html
<uvirtbot> kees: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692)
<mdz> ttx: thread forwarded to you
<ttx> mdz: ok
<stefan___> thanks kees
<kees> stefan___: sure!  (note that we are preparing a kernel update too, but that will likely happen on monday)
<sgsax> kees: nice to know you guys are on top of this stuff, even if it is somewhat obscure and non-threatening
<stefan___> good to hear that kees
<kees> sgsax: thanks!  yeah, it certainly keeps us busy.  :)
<cemc> where should I open bugreports that are probably related to the kernel, but I'm not sure (it's a suspend/resume problem) ?
<Aison> hello :)
<alex_joni> cemc: launchpad ;)
<cemc> alex_joni: yeah but to what package/team exactly ?
<Aison> i've got hardy version of ubuntu server, somehow do-release-upgrade don't work
<Aison> thought there's a newer version?
<kees> Aison: you need to change the "only upgrade to another LTS" setting: http://www.cyberciti.biz/faq/howto-upgrade-ubuntu-servers-804-to-810/
<Aison> kees, thx
<Aison> how can I keep an net intf down? or no config?
<Aison> auto eth2
<Aison> iface eth2 down?
<kees> Aison: I think, just remove "auth eth2"
<HellMind> how can I check my bandwidth usage in realtime
<qman__> anybody know if I have to do anything special to enable sha512 hashing for passwords on 8.04?
<qman__> like, install any packages, or should just changing 'md5' to 'sha512' in /etc/pam.d/common-password do the trick?
<TeLLuS> HellMind: iftop is one way.. for console
<qman__> I use vnstat, but that's not real-time data, that's graphed overall usage data
<qman__> yeah, it's not working
<qman__> just changing it made it use UNIX hashing
<qman__> anybody know what needs to be done?
<qman__> appears that in gentoo it's a compile time option -- http://www.linux-archive.org/gentoo-hardened/267979-moving-md5-sha512-shadow-password-hashes.html
<qman__> I'm guessing it's the same for ubuntu, which would mean I'd have to dist-upgrade
<giovani> heh
<qman__> to 8.10, then 9.04
<giovani> SHA512 hashes are really not going to get you much
<qman__> so I guess I'm using md5 for a while yet
<giovani> it's not as if plain MD5s are being used
<giovani> the crypt function does a ton of weird transforms
<qman__> true
<giovani> it's not at all vulnerable
<qman__> I just saw the functionality on a 9.04 box and wanted to enable it if I could
<giovani> I've looked into writing a GPU bruteforcer for it
<giovani> it's complex
<kees> qman__: PAM in 8.04 does not support sha512, unfortunately.
<giovani> random passwords of 7-9 char lengths I estimate would take 200-300 days on a modern GPU
<qman__> it would probably also increase the login times too much on my 200MHz shell server ;)
<giovani> hah, indeed
<qman__> my personal password policy is no less than 12, 3/4 complexity
<qman__> simply because windows is pretty vulnerable with anything less than that
<giovani> 3/4 complexity?
<giovani> haha, windows
<qman__> yeah, lowercase, uppercase, numbers, and symbols are your four categories
<qman__> three of the four
<giovani> haha
<giovani> is this some windows categorization crap?
<qman__> no
<qman__> have you ever configured cracklib?
<qman__> it's a pretty standard categorization for passwords in general
<qman__> there's also the 12 or so "common" symbols, and then the rest of the symbols
<giovani> alright
<giovani> every password I have is randomly generated for me ... I wouldn't categorize that way at all
<qman__> more than 12 actually, but yeah
<qman__> I don't do random ones, too hard to type
<qman__> I just make them longer to make up for it
<giovani> why would you ever type a password?
<giovani> I haven't done that in ... years probably
<qman__> because I don't have retina scanners
<giovani> uh, copy-paste from a password storage application ...
<qman__> you still have to log into the system to begin with
<giovani> that's smartcard-based
<qman__> don't have the hardware
<giovani> $10 on ebay :)
<qman__> times...8 systems?
<qman__> besides, I trust that I'll remember a password more than I won't lose a card
<giovani> if you can remember your passwords ... your passwords are likely not very strong
<giovani> or you don't manage enough passwords
<giovani> i have a few hundred
<qman__> oh, they are strong
<giovani> remember a few hundred 20-character random strings
<giovani> just isn't possible
<qman__> of course not, but they don't have to be totally random
<qman__> random is stronger, but the key is length and complexity
<giovani> but remembering a 100 or 200 passwords of any type is nearly impossible
<giovani> especially if they're properly rotated
<qman__> anything complex and over 20 characters is simply not brute-forcable now
<giovani> that's not true
<giovani> if they're phrase passwords they're easily destroyed
<qman__> if they're all dictionary words in one case, yes
<giovani> length is meaningless if it's a predictable sequence
<giovani> or transforms of dictionary words
<qman__> change it just enough, and it's secure
<qman__> if the encryption is not a flawed algorithm, it won't give any clues
<giovani> that's a very unclear line
<giovani> what's "just enough" transformation is not definable absolutely
<giovani> it's up to the attacker what kind of transforms they'll do
<giovani> so why take the risk
<giovani> use truly random passwords
<giovani> and you'll save your memory for more important things
<qman__> not much more important than the keys to the kingdom
<giovani> it's a completely inefficient, and reasonably less secure way of doing things
<giovani> I'm not sure how you could defend it
<qman__> it's not really any less secure than a smart card, which is easily lost or stolen
<qman__> or a thumb print reader, which is only about 90% accurate
<giovani> well the smart card is identity-linked ... so either you have a password, or a fingerprint, etc
<qman__> and even then, 20 character passphrases are worlds better than some of these websites that allow a max 8-10 character password, no symbols allowed
<qman__> there is always a tradeoff between secure and convenient
<Max007> I have a problem with apache2+php. I installed MySAR (Mysql Squid Access Report). When I try to access http://myserver/mysar/index.php it download the php file instead of displaying it. But when I try with phpinfo.php and http://myserver/mysar/install/index.php it works.. so PHP5 is working with Apache..
<qman__> Max007, check the file permissions
<Max007> -rw-rw-r-- 1 www-data www-data 28914 2007-08-17 05:05 index.php
<qman__> and on the one that works?
<Max007> -rw-r--r-- 1 root root 20 2009-08-14 12:09 phpinfo.php
<qman__> hmm
<Max007> but mysar is in /usr/local/mysar/www with a symlink
<giovani> probably a filetype misconfiguration
<qman__> might be an apparmor thing, but I've not run into apache/apparmor issues myself
<Max007> there's a symlink in /etc/apache2/conf.d
<Max007> qman__: apparmor is not installed
<HellMind> How can I see the real bandwidth use, and the real cpu use
<HellMind> You preferred tool
<HellMind> r
<qman__> HellMind, for bandwidth you'll have to install something, but for CPU, use top
<qman__> uptime will show load averages
<giovani> load averages aren't an indicator of "cpu use" though
<giovani> so you'll want to look at the output of vmstat/top/htop/etc
<HellMind> what is something?  that what im asking for
<HellMind> i use htop
<HellMind> but I would like a graph
<HellMind> like a task manager
<HellMind> maybe some app for X
<qman__> ubuntu desktop has "System Monitor"
<qman__> which does precisely that
<HellMind> bandwidth monitor?
<qman__> though having X running on a server is a bad idea
<HellMind> who said that?, he was a noob
<HellMind> how you can run a server appz that uses a gui without x?
<qman__> most server apps don't use a GUI
<qman__> the only real exception to that rule is LTSP
<HellMind> well my app uses it :(
<HellMind> I am always the exception
<qman__> the thing is, X is very vulnerable to a number of sniffing and spoofing attacks
<qman__> so it must be properly configured and firewalled, and is a lot of work
<HellMind> I m not a regular guy that runs apache and mysql
<HellMind> I run gameservers
<qman__> so, in general, it's a bad idea to run X on a server
<HellMind> im runing tightvnc x server
<HellMind> thats the only way to run wine :(
<alex_joni> HellMind: install a graphing app
<Max007> qman__: it works if i copy /usr/local/mysar/index.php to /var/www/index.php (http://mysrver/index.php)
<alex_joni> like mrtg or rrdtool or cacti
<Max007> but if i copy /usr/local/mysar/www/* to /var/www/mysar it doesnt works
<giovani> HellMind: no decent server application requires a gui
<Max007> i dont get it
<giovani> there are plenty of tools to graph cpu usage for a server
<giovani> cacti comes to mind as a simple solution
<qman__> Max007, that is odd, are you sure your permissions are okay, with your symlink and all?
<qman__> HellMind, why do you need wine?
<qman__> most game servers have a linux version
<qman__> hlds/srcds for pretty much anything on Steam
<HellMind> osview -geometry 406x488 -font 8x16 +load +cpu +mem +swap \
<HellMind>  +page +disk +int +net &
<HellMind> I told you all, im not like the regular ppl
<HellMind> I need to run a server that doesnt got a linux binary
<giovani> the "regular people"
<HellMind> qman__ if you play cs and tf2 thats ok
<HellMind> but my clients needs mohaabt
<giovani> HellMind: then maybe you shouldn't be using a linux server to host it
<jtimberman> s/cs/l4d/ :)
<HellMind> linux can doit
<qman__> yeah, unfortunately I have to agree with giovani there
<HellMind> thats the most stupid thing I eard
<qman__> running wine and X on a linux server is, security wise, a bit worse than a properly firewalled windows 2003 box
<HellMind> linux is made for all the complex stuf!
<HellMind> there are no limit
<giovani> you're not doing anything "complex"
<qman__> you're widening your software footprint
<giovani> wine is really not very stable
<qman__> bringing more potential holes into your system
<HellMind> qman__ you can run it using a low access user
<giovani> and it a hack, at best
<HellMind> and you miss the concept of all security
<jtimberman> HellMind: You can use a trending tools or munin or cacti that will provide you with RRD graphs you can view in a web browser from a desktop system connecting to your server.
<Max007> qman__: i fixed it.. I changed "Alias /mysar /usr/local/mysar/www" to "Alias /squid /usr/local/mysar/www" in /etc/apache2/conf.d/mysar
<giovani> miss the concept?
<HellMind> its like saying you dont want to store you wallet on your house
<HellMind> because its insecure
<Max007> qman__: it's weird.. if the folder name is mysar it doesn't work
<HellMind> my server isnt a gold bar
<HellMind> its a tiny game server
<qman__> Max007, glad you got it working, but I'm not really clear on what that is
<qman__> HellMind, you're missing the point; the more software you run, the less secure your system is
<HellMind> I was using munin, but it eat a lot of resource
<jtimberman> qman__: you mean the more software you run that opens listen ports ;)
<qman__> by running a windows set on top of a linux set, you're incorporating the potential flaws of two completely different systems
<HellMind> qman__ yeah but you must run something right?
<qman__> by only running a windows set, you limit your potential issues
<HellMind> so you dont use the appz that you need because its insecure?
<qman__> no, you run them as securely as possible, by using the least software necessary
<qman__> in the tightest configuration you can
<HellMind> thats what im doing :)
<qman__> running X with wine is not a tight or secure configuration
<qman__> at all
<HellMind> it is, is the only way you got
<HellMind> if you run server linux gameserver
<qman__> a patched, firewalled windows server is better, from a security standpoint
<HellMind> and you need a single windows app
<HellMind> qman__ you secure solution isnt cheap
<giovani> windows can be had for reasonably cheap
<qman__> windows XP home edition can be had for next to nothing
<HellMind> I know It would be also cool running every game server in many servers
<qman__> which is more than enough to run a game server
<qman__> it can run a proper firewall, and run the server unprivileged
<HellMind> the only thing I dont pay if for software
<HellMind> I dont got many server
<HellMind> I got 1
<HellMind> 1, how you run a linux and a windows app in a server?
<HellMind> also my server got a tiny hosting vm
<HellMind> you ppl waste hardware and resource
<qman__> you're doing too much with one machine, frankly
<HellMind> not because you make them secure
<HellMind> but you got the money to waste
<qman__> it's not about wasting money
<qman__> it's about being secure
<qman__> if you don't understand that, you really shouldn't be running a server
<HellMind> no one ever hacked me
<HellMind> I know where are the vulns
<HellMind> I think you cant estimate the posibility of every vuln
<qman__> and giovani was worried about my password policy :/
<HellMind> everything is insecure, and you can only give  value  of risk to every issue
<giovani> qman__: HellMind is clearly completely uneducated
<HellMind> im educated in the street of data
<giovani> that's a completely nonsensical statement
<HellMind> you dont know how to measure the risk
<HellMind> if you got a desktop that isnt use for anything serious
<jdstrand> I don't think one can make a blanket statement like "running Windows XP as a game server is more secure than a Linux box with wine"
<HellMind> it doesnt need the top of security
<HellMind> it needs practicity
<jtimberman> No, he's right. Security is about trust and risk assessment.
<qman__> jdstrand, that's not what was meant
<HellMind> there are many  server, a game server isnt like a bank server
 * jdstrand might have misunderstood backscroll
<qman__> my point was, in his situation, running that application on windows would be more secure than running it in wine, with X, on linux
<giovani> jdstrand: I think you did
<giovani> running wine on x on a linux server is a completely hacked solution
<giovani> it's messy, and there's no good reason for it
<HellMind> qman__ and also with that argument I can say it would be more secure if you dont run it, and you stay in home away of virus and diseases
<qman__> of course, I would never connect a windows box directly to the internet
<jdstrand> I admit that is a rather 'hacked solution'
<qman__> gotta have a firewall of some sort in between, even if it's just a NAT router
<Nafallo> NAT? aren't we all running IPv6 these days?
<qman__> not even slightly
<HellMind> ipv6 whats that :D
<qman__> I CAN'T run IPv6
<qman__> I'm lucky I'm online at all
<HellMind> that module is blacklisted :) I dont want to waste resources
<jdstrand> that said, and NUL pointer derefences aside, wine on Linux doesn't have to be insecure. one can use apparmor. plus, the number of libraries and applications in a default wine install is far less than a Windows XP Home edition install
<qman__> my ISP is terrible, and has a monopoly over my entire area
<Nafallo> qman__: tunnels not an option?
<HellMind> qman__ my isp too :( the goverment let them
<jdstrand> anyway, I'm not going to debate the merits of Wine/X/Linux and Windows XP. it just struck me as an odd statement, and I recognize I misunderstood :)
<qman__> jdstrand, that's ok, you have a valid point
<qman__> it can be done, but it takes a lot of work
<qman__> a lot more work than just windows with a firewall
<Nafallo> s/with/and/
<HellMind> qman__ you practical solution isnt available on the 3rd world
<giovani> the 3rd world doesn't need game servers
<Nafallo> better keep the boxes separate ;-)
<giovani> they need food and shelter
<qman__> HellMind, if you know where to look, you can dumpster dive and get free, legitimate copies of windows
<qman__> there's so many of them out there, they can be had for almost nothing
<giovani> exactly
<HellMind> giovani thats the truth :(
<qman__> so cost, in this situation, is not really a factor
<giovani> my company just threw out 100 windows licenses (attached t ocomputers)
<jdstrand> plus, if one knows how to maintain and secure a linux box, but knows nothing about maintaining and securing a Windows box, then one should use Linux
<giovani> jdstrand: but that's not the situation
<HellMind> my country is a pirate paradise
<giovani> so let's not speak in manufactured hypotheticals
<qman__> don't get me wrong, I'd be the first one to try and switch a windows server to linux
<qman__> I'm just saying, that setup is no good
<jdstrand> giovani: I don't know HellMind's experience-- I was merely pointing out another consideration when one is choosing an OS
<HellMind> I know everything
<HellMind> thats my experience
<giovani> jdstrand: it's a reasonably rare situation, I think, and was convinient for this disucssion
<giovani> discussion*
<jdstrand> and IMHO, I don't think it is a manufactured hypothetical-- it is merely something to consider
<HellMind> In my situation you all were defeated
<jdstrand> I think it is also worth mentioning that recommending someone use Windows XP Home as a server in the #ubuntu-server channel is probably not the best use of people's resources here
<HellMind> people should be banned for that ... :P
<giovani> I think each channel member can use their own resources how they see fit
<giovani> however, it's a stated channel policy that we don't support x on ubuntu server installs
<HellMind> :(
<HellMind> you know the damn mohaa dedicated server doesnt need gui
<HellMind> but they added some skin and a window and a input box
<qman__> windows xp home wouldn't be my first choice, but given the situation's requirements, it seemed appropriate
<HellMind> I tried with a xp guest too
<HellMind> but the with the lag it were unplayable :(
<HellMind> I cant virtualize gameservers :(
<Aison> is there something like webmin for ubuntu server?
<Reepicheep> Aison: ebox might be your tool
<HellMind> its better than webmin?
<Aison> webmin is not maintained by ubuntu devel
<qman__> webmin is considered evil by many here, because of the way it handles configuration files
<qman__> it's not very nice to them, to say the least
<Nafallo> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<Aison> ubottu, but ebox is fine? I don't know it
<jpds> !ebox | Aison
<ubottu> Aison: ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<jpds> ubottu: tell Aison about yourself
<ubottu> Aison, please see my private message
<Aison> oh, nice
<HellMind> I need something to allow a user to start and stop a service
<HellMind> by web
<HellMind> I used webmin but its a waste of resources
<HellMind> I want to let the client restart their own dedicated server service
<qman__> I would just write up my own script, in that situation
<HellMind> a php script?
<qman__> it'd be fairly trivial to do in php, aside from a secure login
<HellMind> yep your right
<HellMind> I want to buy some complete gameserver script
<HellMind> to manage payments also :(
<Kamilion> Having trouble getting Alpha 4 installed on a Supermicro  X8DTH-6F, the install media won't find the MPT2 SAS controller.
<Kamilion> What's the best course of action to get it installed?
<Nafallo> not sure I understand the question...
<Nafallo> ah. because I read it wrong.
<Kamilion> the latest gparted livecd with kernel 2.6.30 detects the mpt2 controller, but 9.10 Alpha 4 doesn't detect it.
<Kamilion> it asks me which modules to insert to support it.
<AnAnt> Hello, how can I make issue message dynamic ?
<qman__> AnAnt, do you mean motd?
<AnAnt> yup
<qman__> AnAnt, see man motd
<qman__> if you want something more complex than that, you'll have to write a script to do it
<Kamilion> any idea how to install onto a system with a mpt2 disk controller?
<AnAnt> I see, thanks
<Kamilion> AnAnt: Check the cron scripts, there's some stuff there that automatically updates the motd with the status of the package manager. You can probably work it out from there.
<AnAnt> Kamilion: ok, thanks
<Kamilion> 9.04+ I think
<Kamilion> 8.10 might have it as well, but I'm not totally sure.
<Kamilion> iirc it updates /etc/issue and /etc/issue.net
<freemonttroll> Is it possible to upgrade from MySQL 5.0 to 5.1 on Ubuntu Hardy? I ran sudo apt-get update / dist-upgrade and then install mysql-server mysql-client, but I was told that I already have latest version.
<AnAnt> Kamilion: /etc/update-motd.d/
<giovani> freemonttroll: that's because you do ...
<freemonttroll> giovani, so there's no way to get 5.1 on Ubuntu Hardy??
<giovani> freemonttroll: not through the official ubuntu repositories
<freemonttroll> giovani, how do I get it from the unofficial ones?
<giovani> the entire point of releases is to use stable, tested softwaqre
<giovani> that's up to however the unofficial repository is set up
<giovani> you'd have to find out
<freemonttroll> giovani, understood, but I still need to do the upgrade.
<freemonttroll> giovani, ok
<giovani> or use jaunty
<giovani> as it contains 5.1
<giovani> don't use an old release if you want new software
<Rich-Newbie> has anybody got any how to's to setup a server for soho, which could run local email, and use fetchmail to download from the isp, and then have simple file sharing
<giovani> Rich-Newbie: I'm sure google can provide that
<Kamilion> Rich-Newbie: Yes, there's a very nice howto for setting up postfix with 9.04
<Kamilion> give me a second and I'll go find it, it was in the alpha release notes, IIRC
<Kamilion> "The dovecot-postfix package in Ubuntu 9.04 Beta provides an easy-to-deploy mail server stack, with support for SMTP, POP3, and IMAP with TLS and SASL."
<Rich-Newbie> that will be great, thanks. I have found alot on google, but most of them are much bigger than what I want to achieve.
<Kamilion> took me about 20 minutes to set up.
<giovani> Kamilion: that doesn't sound like a smarthost setup
<Kamilion> it was dead simple to tack fetchmail onto it.
<giovani> sure, it's just as easy to set up postfix
<Kamilion> and he said 'run local email', which sounds like he wants a SMTP server.
<giovani> sure, a smarthost smtp server
<Kamilion> and the associated pop and imap stuff (soho)
<giovani> because he wants to relay
<Psi-Jack_> local mail? That could be even as simple as ssmtp
<Psi-Jack_> If no actual smtp server itself is needed.
<Kamilion> When I installed the postfix-dovecot package, it asked me what type of setup I wanted for postfix. I answered smarthost.
<Rich-Newbie> I wont have a deidicated Ip, so relaying is going to be the best otionn
<Kamilion> it took care of 90% of the config for me
<Kamilion> yeah, I'm on a dynamic too, relaying to google's SMTP server
<Rich-Newbie> local mail is where I get a bit confused about the config. The only mail server I have dealt with to date, has been exchange 2003 in sbs server 2003 standard.
<Kamilion> but the dovecot integration really hit home for me. just make new user accounts on the box and they get an email address.
<giovani> Rich-Newbie: honestly, you should look into running a VPS on the internet
<Kamilion> then just change their shell
<giovani> it's a cheap way to get a server running, and then you don't have to use your ISP relay, you get full control, and can host your own domain's email properly, and easily provide access from anywhere
<Kamilion> Amazon's EC2 has 'reserved' pricing if you're willing to pay for a year up front. It's really quite a good deal.
<giovani> I wouldn't recommend EC2 for a basic server setup
<giovani> but, sure, any provider will do
<Kamilion> Me either, but it's well known and the chances of it going down are near zero except for operator error.
<giovani> it's incredibly overpriced
<HellMind> gkrellm the graphs are so small :(
<Kamilion> normally yes, but the reserved pricing is quite good.
<giovani> Kamilion: mail servers don't need 100% uptime to be effective
<Kamilion> I know, but it helps ;)
<giovani> you can easily get 4-5 VPSes for the price of an EC2 box
<giovani> and set up redundant mail delivery
<Kamilion> true, but 4-5 VPSs do not equal a 2Ghz box with 1.7GB of memory on a tier one bandwidth fiber backbone.
<Kamilion> just a peace of mind thing, y'know?
<giovani> that's entirely wasted
<giovani> I'm making a recommendation that's in line with his needs
<Kamilion> *shrugs*
<giovani> amazon is defintiely not immune to failures ... putting all of your eggs in one basket, no matter how huge the basket -- doesn't make it redundant
<Kamilion> in for a penny, in for a pound. When you have excess capacity, it's funny how you find ways to make use of it. ("Hey, I'll add a wordpress server!"
<giovani> you'd be far better off with two VPSes in diverse geographical areas, and you'd get the benefit of learning to set up a multi-server email system
<Kamilion> point taken.
<giovani> and it's far cheaper
<Kamilion> But as you said, mail delivery doesn't need 100% uptime, as long as the servers have proper timeouts.
<giovani> agreed -- but if you're willing to spend an extra $5 a month you can hedge your potential losses if one provider has a failure
<Kamilion> Sorry, I'm still stuck with Atari's tagline from the 80s
<giovani> and you gain experience
<Kamilion> "Power without the price" :)
<giovani> I regularly scope out $5-7/mo VPSes
<giovani> and presume they're not highly reliable ... but together, 3 or 4 of them are an awesome geo-diverse setup
<Rich-Newbie> I am looking for a simple mail server, that would be able to send mail internaly without the need to send it through an ISP.
<giovani> Rich-Newbie: I don't know what "send mail internally" means
<Kamilion> local domain
<qman__> postfix can do exactly that
<Rich-Newbie> that it
<giovani> right, you can do that locally at your office, or on the internet
<giovani> either way
<Jeeves_> 00What's with ipv6 here at har?
<Jeeves_> [A
<Kamilion> Anyway, does anyone have any experiance with the mpt2 driver? I'm having trouble installing 9.10 alpha 4 because I can't find the module to insert.
<Jeeves_> ipv6 seems to be broken sometimes
<Rich-Newbie> I want it at the office, instead of sending it through the isp. It does not make sense to send an email to the person in the next room via the isp
<Jeeves_> Why would I say that ipv6-shit on #ubuntu-server? :)
 * Jeeves_ switches to the right channel :)
<giovani> Kamilion: this isn't the right channel for 9.10 support
<giovani> Kamilion: try #ubuntu+1
<Kamilion> 9.04 or 9.10, I don't really care.
<giovani> Rich-Newbie: hosted email is very common -- it's far more reliable to host your mail externally than on a low-class internet connection in your office
<Kamilion> I just figured the server channel would be more likely than #ubuntu to have an answer for a SAS controller :)
 * henkjan hands Jeeves_ another beer
<henkjan> harhar
<giovani> Kamilion: #ubuntu+1 isn't anything like #ubuntu :)
<giovani> but yeah
<giovani> if it's not 9.10 specific, it's fine here
<Jeeves_> henkjan: :)
<Kamilion> I just need to figure out what module needs to be inserted for fusion mpt2 support
<Jeeves_> mpt_sas
<Kamilion> Pretty sure I tried that.
<Kamilion> I tried all of the mpt* modules.
<Jeeves_> Than you might have a unsupported chipset
<Kamilion> the gparted livecd with 2.6.30 finds it.
<Kamilion> IIRC 9.10 has 2.6.31-rc3, so I'm PRETTY sure the kernel module exists to support it
<Kamilion> I'll just boot gparted and try lsmod
<Kamilion> Okay, another question then -- if the module for it doesn't exist, the installer prompts me for a 'floppy or usb drive' with the modules. Where's the howto on how to generate these modules from another system?
<Kamilion> I have two amd64 9.04 boxes and a VM infrastructure on them, so the build environment's not so much of a problem, I could just use a high level overview of the process so I'm not running in circles
<Rich-Newbie> giovani: The main purpose of my exersise to to run email on a local domain. Lets say 5 people share an office, person one needs to email person 2 a 5 meg attachments. It does not make sense to me to have to email it to the isp, then the receiving person downloads via pop3. Its much faster to send that file localy, and wont use bandwidth.
<Kamilion> Sounds like more of a job for samba ;)
<qman__> email in general is an inefficient way to do that
<qman__> but that's another issue altogether
<qman__> a local mail server for a business is no big deal, postfix in an "internet site" configuration should do that just fine
<giovani> Rich-Newbie: you shouldn't be using email to move files internally
<giovani> (and not externally either ... but that's slightly more excusable)
<Rich-Newbie> afrom what I have seen, thats how alot of users do it.
<giovani> well prevent them from doing that :)
<qman__> yes, but it's bad practice
<qman__> it's inefficient for a number of reasons, and just generally a bad idea
<qman__> if you provide an environment with a better, easier alternative, they won't do that :)
<qman__> a file share is one good way, using samba
<qman__> but one approach I rather like is a wiki site
<Kamilion> Hey, actually, might wanna take a look at openfiler -- since that can snapshot and version files. We use that type of functionality heavily here (I work for a staffing company)
<qman__> the main advantages to wiki, everyone can update stuff, and you never lose data, because it keeps all previous versions
<Kamilion> all of our users talk to a samba share on one of our local boxes, and that box snapshots the filesystem every 15 minutes.
<qman__> and tracks it all in a nice manageable way
<qman__> there are a lot of different approaches, but there's one main thing they have in common
<qman__> they're much better than email for sharing files
<Kamilion> the snapshots show up as read-only directories
<qman__> but back to your original question, it's very simple to set up a local email domain with postfix
<Rich-Newbie> Yes I do a agree email is not the best way to share files. I do use a general shared folder to share files. If the accountant has to send the boss something, say finacial figures ect, they going to general email it.
<Rich-Newbie> thanks qman
<qman__> you just install the package, choose internet site, and add users
<Rich-Newbie> qman: I chose internet site with smart host
<giovani> Rich-Newbie: you should set up different folders within the general share with permissions
<giovani> so that the boss has access to every department's files, and only each department has access to their own private files, etc
<qman__> I'm pretty sure there's a section in the ubuntu server guide for setting up mail
<qman__> should cover everything you need to know for that
<Rich-Newbie> qman, I have been reading the server guide, and a bunch of how to's. In postfix configuration it talks about system mail name, would that be say server.mydomain.com ? I have done the server setup a few times now, get confused abit with some of the config it requires
<Rich-Newbie> thanks for the advice giovani. Hosted mail is an option eventually, when bandwith is cheaper and faster in South Africa. for small offices of a handfull of people its a bit pricey.
<Kamilion> http://ubuntuserver.wordpress.com/2009/02/13/an-improved-mail-server-stack-in-jaunty-dovecot-and-postfix-integration/
<giovani> Rich-Newbie: ah, well I didn't realize you were under such strict bandwidth constraints -- in that case, a local server is necessary
<Kamilion> that's probably what you're looking for. "sudo apt-get install postfix-dovecot", that will set up pretty much everything for you, ask for your SMTP config (smarthost), and then set up dovecot and postfix with SASL against dovecot's user database (essentally /etc/passwd and /etc/shadow)
<qman__> Rich-Newbie, the mail name would be your mail domain
<qman__> where you want your addresses at, per say
<Kamilion> at that point, it's as simple as 'adduser --disabled-login <username>'
<qman__> so, for users@mydomain.com, the mail name would be mydomain.com
<Rich-Newbie> thanks qman, so I dont put the hostname of the server box, just mydomain.com
<qman__> yes
<Kamilion> if it asks for FQDN you need to add the hostname too
<qman__> it depends on what it's asking for
<Kamilion> so 'mail.mydomain.com' if the machine is named mail
<qman__> mail name is the domain
<Kamilion> if it asks for 'domain', it's just domain.ext, if it asks for FQDN, it's hostname.domain.ext
<Rich-Newbie> thanks for clarifying that for me.
<Kamilion> yeah, confused me at first too.
<Rich-Newbie> thanks for that link Kamilion, should I use the apt get, or does the same thing install if I chose mail server in the option on the inital setup
<Kamilion> Not sure, I'd suggest apt-get
<Kamilion> that way you don't mix up anything
<Kamilion> personal preference, really. Normally the only thing I'll let the installer do is install openssh.
<Kamilion> not sure if the 'task' uses that package or not.
<Rich-Newbie> I have read alot of people prefer to do it that way, gives more control
<Rich-Newbie> to administer postfix, would you recomend webmin, or should I use webmin and postfix admin.
<Kamilion> honestly, there's not much to administer.
<Kamilion> you shouldn't even need webmin.
<Rich-Newbie> for ease of use for creating users ect, Played around a bit with webmin
<Kamilion> usernames and passwords are from host accounts
<giovani> webmin also is specifically not supported by ubuntu
<Kamilion> it's as simple as 'adduser --disabled-login <username>'
<giovani> if you feel the need to use a web interface, use ebox
<Kamilion> ebox 1.2 is pretty good and handles most of the mail stuff for you.
<qman__> yeah, there's hardly anything to administer
<qman__> add users, that's it
<Kamilion> but it's ISO is a pretty big download.
<giovani> what iso?
<Rich-Newbie> ebox is one I havent heard of.
<giovani> Rich-Newbie: it's the only web administration interface supported by ubuntu
<Kamilion> what people mean when they say 'administrate postfix' is 'spend hours trying to make postfix and a delivery agent work together'
<qman__> I'm not a fan of web administration anyway, I use ssh
<Kamilion> ebox or postfix-dovecot remove 99% of that 'spend hours' part.
<Rich-Newbie> I see ebox is mentioned in the admin manual.
<Kamilion> I use both -- but one of ebox's big advantages is 'the debian way' -- it asks you to confirm configuration changes for other packages.
<Kamilion> so you can admin with SSH *AND* use ebox, and they happily share.
<qman__> but yeah, the package makes it super easy
<qman__> install, type in what it asks for, then add users
<Kamilion> yup.
<Kamilion> either way, dealing with setting up a mailserver is a veritable breeze compared to ~6-8 months ago.
<Rich-Newbie> best I do some reading on the admin manuel
<Kamilion> ebox 0.98 and 1.0 were broken
<freemonttroll> Would appreciate help from gurus: Is it possible to upgrade from MySQL 5.0 to 5.1 on Ubuntu Hardy? I ran sudo apt-get update / dist-upgrade and then install mysql-server mysql-client, but I was told that I already have latest version. I can't seem to find a backport of mysql 5.1 for hard heron ...
<qman__> if you want to go from an LTS version to a non-LTS, you have to change your update configuration
<qman__> I don't know where it is on server
<qman__> should be in the documentation
<qman__> or someone else should know
<Kamilion> but ebox 1.2 is pretty stable, a lot of the code has been rewritten
<Kamilion> ebox's installer is based on 8.04 LTS.
<qman__> I've never used ebox or webmin on any of my own servers
<qman__> web interfaces are great for some things, but for server administration, I prefer more control
<Psi-Jack_> Heh.
<Psi-Jack_> Most web-based admin tools are also based on everything running on a single box.
<Psi-Jack_> Where-as, it's almost always better to split up the services accross multiple physical computers.
<Rich-Newbie> okay adding users was fairly straight forward
<Rich-Newbie> thanks to everybody's help, this time I am able to connect to the mail server with imap, well almost. Got to check the user details I setup
<Rich-Newbie> Sucsess thaks qman, kamilion and giovani. I was able to connect to the box with imap.
<android6011> is there a way to install sound drivers in the server? I am using the server for many things and need to be able to record through line in
<qman__> if you install a music player like cmus, it should install the dependencies
<giovani> you shouldn't need to do that
<giovani> the drivers are already in the kernel
<giovani> run "lsmod | grep snd"
<giovani> to verify that sound drivers have been loaded for your hardware
<Kamilion> Rich-Newbie:  Glad to help. Enjoy your new mailserver. Remember to use postconf to increase the maximum size of a message, IIRC it defaults to 10MB or so
<Rich-Newbie> Thanks Kamilion, now that the basic fuction works, I am going to go through the admin manual and play some more untill I break it and start again. Best way to learn, and if I manage to break it a few times, I will know what not to do.
<Kamilion> postconf message_size_limit
<Kamilion> that's the one
<Kamilion> sorry, had to troll through my .bash_history
<Rich-Newbie> thanks, for email anything bigger than 10megs is to big in my opinion. Reminds me of a client who I use to support. They had an sbs server setup, which was done by somebody else, with no limmits, the one user tried to email 30 megs worth of files I think it was, it blocked his mailbox completley.
<Kamilion> I mention it because google's limit is 20MB
<Kamilion> and if someone sends a 17MB pptx file, the server will flip them the bird ;)
<Rich-Newbie> thats usefull to know
<Kamilion> AFAIK, 20MB is the largest standard message size in normal use.
<giovani> Rich-Newbie: I'd honestly make the max email size 1MB or so, at least internally
<giovani> to completely discourage it as a method of sending files
<Rich-Newbie> Thats a excellent idea giovani.
<giovani> as long as you offer them an easier, and faster method
<giovani> they'll learn to use it
<Kamilion> there's no distinction between sending and receiving to postfix, mind you...
<Rich-Newbie> wikki and open files I think is definitley something I must explore more
<Kamilion> so preventing them from sending files would also prevent *receiving* attachments.
<randy_> can anyone help me setup 2 lan cards on one server?
<Kamilion> just keep that in mind. :)
<Rich-Newbie> I would have users after my head, not being able to send jokes. sorry for them. ;)
<Kamilion> just filter html messages then :)
<Aison> re
<Kamilion> btw -- there is libsieve support too for filtering. It's pulled in with postfix-dovecot
<Aison> I tried to install ebox, but now I get a message like this: Failed to contact configuration server; some possible causes are that you need to enabled TCP/IP networking for ORBit
<Kamilion> from their installer?
<randy_> can anyone help me setup 2 lan cards on one server?
<giovani> randy_: we discussed this yesterday
<qman__> randy_, man interfaces
<Kamilion> ifconfig eth0 up && ifconfig eth1 up
<Kamilion> *grins*
<randy_> Yes. You are the one I talked to from home, right?
<giovani> randy_: from home? I don't know where you were
<randy_> Oh, I talked to the other guy from my home last night and he told me when I got in today and was on the server, come back on and he would help me.
<giovani> randy_: ok
<Rich-Newbie> kamilion when I setup the email I have noticed if I put the email address just user it works, if I put user@mydomain.com it fails. Is this correct
<randy_> Sorry, I lost connection for a minute.
<Kamilion> Rich-Newbie: Hm... try user@hostname.mydomain.com
<Kamilion> you may have to add an alias from mydomain.com to mail.mydomain.com
<Rich-Newbie> :) thank you so much kamilion, now alot of what I have read is also making sense
<Kamilion> No problem :)
<Rich-Newbie> I found a couple of forum posts of people trying to do exactly what I am doing, the one poster always had the same response, about use citadel or zimbra, 20 mins to setup as oppose to 2 weeks setting up the way I have just done I have spent maybe 3 hours so far.
<Kamilion> citadel was nice, but too much of a pain. I tried it too, but I wasn't happy with their redhat base. I don't like RPM, I'm partial to my apt :)
<randy_> giovani are you still here and able to help me? my network went down a couple of times so I reset the modem.
<randy_> kimilion, I did the ifconfig eth0 up and ifconfig eth1 up and now I can ping the outside world, but I still can't ping from the outside world. Any suggestions?
<randy_> Sorry, Kamilion*
<giovani> randy_: it sounds like you misconfigured something
<giovani> the documentation and configuration are pretty clear
<giovani> beyond that, I can't help you
<Kamilion> randy_:  you need to set a route.
<Kamilion> What subnet are you on, what's the gateway IP?
<Rich-Newbie> giovani: what sort of servers do you manage?
<randy_> Kamilion_ the settings are address 24.249.166.138 netmask 255.255.255.240 network 24.249.166.0 broadcast 24.249.166.255 and gateway 24.249.166.129
<Kamilion> randy_: okay, try 'route add default gw 24.249.166.129'
<randy_> do i use the initials "gw"?
<Kamilion> yes
<randy_> okay, just a minute.
<randy_> I need to close out of here to do it unless there is another way.
<Kamilion> any luck?
<randy_> Kamilion_ Okay, I did it. Can you ping 24.249.166.138?
<giovani> Rich-Newbie: what do you mean what sort of servers?
<Kamilion> sec
<Kamilion> yes
<Kamilion> sub-100ms
<randy_> And it works? Is that good?
<Kamilion> yep
<randy_> the sub-100ms
<Kamilion> I'm on fibre, so 20ms average is excellent.
<randy_> Can you go to the same ip in a browser?
<randy_> It should say It Works!
<Kamilion> "It works!"
<Kamilion> apache2 standard page :)
<qman__> I get 115ms average
<Rich-Newbie> giovani: is it servers for corperates, hosting servers.
<qman__> not excellent but perfectly acceptable
<giovani> Rich-Newbie: I work for a financial company
<Kamilion> the server's in philly?
<Kamilion> somewhere on the east coast
<randy_> Perfect. Are there any changes I need to make to any files so that it automatically does the ifconfig eth0 up and the ifconfig eth1 up and the route line?
<Kamilion> randy_: Are you going to use this to route other traffic to the internet?
<qman__> I'm in Michigan, my fastest pings are to places in chicago
<giovani> randy_: yes, you should've put this in /etc/network/interfaces, as we instructed you
<giovani> this is all covered in man interfaces
<Kamilion> randy_:  should be in /etc/network/interfaces
<Rich-Newbie> giovani: how many users on your network?
<Kamilion> not sure how to set a route with /etc/network/interfaces though
<giovani> Rich-Newbie: I don't support users
<Kamilion> giovani: any ideas there?
<giovani> Rich-Newbie: we have a server farm of about 1000
<qman__> Kamilion, the gateway directive
<giovani> Kamilion: it's covered in man interfaces, clearly
<qman__> it's all in man interfaces
<Kamilion> got it
<randy_> Kamilion_: I will go to man interfaces and change the file accordingly. I am new at the linux on command line. I have setup many windows boxes and am switching to linux for all our servers after I get this one up.
<Kamilion> randy_:  Add this to /etc/network/interfaces  (should be mostly self explanitory)
<Kamilion> iface eth0 inet static
<Kamilion>     address 24.249.166.138
<Kamilion>     netmask 255.255.255.0
<Kamilion>     gateway 24.249.166.129
<qman__> you really should read through man interfaces anyway
<qman__> that's networking 101, any sysadmin should know that stuff
<Kamilion> "tldr;"
<randy_> Kamilion_: What about the ifconfig eth0 up and all?
<giovani> if his gateway is 129 ... he likely isn't on a class c
<Kamilion> He just wants to know, not to understand.
<qman__> knowing is not enough
<Kamilion> randy_:  /etc/network/interfaces gets called by init scripts. It takes care of the rest
<Kamilion> Understanding follows knowing.
<randy_> I learned on my own over the last 30 years and don't know where to do the same things in linux as windows.
<giovani> he probably needs a netmask of 255.255.255.192
<Kamilion> I know I need the mpt2sas kernel module, but I do not understand how to build it as yet. I know the high level block diagram, but not the individual commands.
<qman__> yes, but as the saying goes
<qman__> the best answers we find on our own
<Kamilion> Anyway, I gotta get on the road to San Francisco pretty soon
<randy_> The netmask given to me from the cable provider is 255.255.255.240. I have 5 static ips.
<Kamilion> so I guess I'll just leave windows server 2008 on this box for now. I wanted to get rid of it before I left, but that doesn't seem likely.
<giovani> randy_: ok, then use that
<Kamilion> *shudders*
<qman__> 2008's not so bad
<qman__> at least you're not running 2000 :)
<randy_> I prefer linux so far... Just the learning curve of where everything is done.
<Kamilion> R2, actually. And you're right. 7 and 08R2 are well built for the tasks they are required to do.
<Kamilion> But I don't trust it for the low level infrastructure, nor do I want to run linux on hyper-v, so I need to get ubuntu and libvirt on there
<qman__> yeah
<randy_> Kamilion_: giovani_: Thank you both for your help. I will be back for more help as time goes on, but thank you very much.
<qman__> windows just doesn't belong on the backbone
<Kamilion> which is proving to be a pain, I need the mpt2sas module, but I can't find any howtos on how to compile kernel modules for ubuntu install CDs
<Kamilion> randy_:  Enjoy!
<randy_> Thanks
<qman__> I'm actually an MCSE, have a degree and everything
<qman__> linux is my OS of choice
<Kamilion> Almost the same. Been hacking windows since "Windows 386", aka 2.03. never bothered with the MSCE though. Kicked to linux with Slackware 1.5, Redhat 4.2, Linux from Scratch 3.2, where I submitted a bunch of bootscripts, then onto gentoo, got sick of compiling packages, tried ubuntu 7.04 and been hooked ever since.
<Rich-Newbie> I am going to call it a night. Been very succesfull with the help of giovani, qman_, and kamilion. I have learnt a huge amount. :) And wiki, open openfiles for docuemnt sharing is the next project.
<Kamilion> it's most definitely easier to administrate than windows for me, and I use the modularity to it's fullest advantage.
<Kamilion> Rich-Newbie: here's a tip
<Kamilion> http://www.turnkeylinux.org/
<qman__> yeah, I've managed some solaris and BSD stuff too, but linux is just so much easier
<Kamilion> try the mediawiki VM.
<Kamilion> http://www.turnkeylinux.org/appliances/mediawiki
<Kamilion> based on ubuntu hardy (8.04 LTS)
<Kamilion> and you might want to look into ebox for yourself and evaluate if it will meet your needs. (it meets mine!) http://trac.ebox-platform.com/
<Kamilion> Very friendly to manage, and you can still leverage the power of the commandline when you're ready to spend the time to learn.
<qman__> that picture reminded me
<qman__> every time I run updates on my openvpn server, it breaks
<qman__> and a reboot fixes it
<Kamilion> yep.
<qman__> restarting services won't fix it
<qman__> only a full reboot
<qman__> it's weird and annoying
<Kamilion> yep.
<psi-jack> Hmmm, Turnkey eh?
<Kamilion> File a bug. My workaround: Install ebox/openvpn on a VM.
<psi-jack> Heh
<Kamilion> nothing but openvpn.
<psi-jack> I'm just now looking at eBox, curiously about it.
<Kamilion> 1.2 was JUST released.
<Kamilion> The documentation has not caught up yet.
<psi-jack> Really?
<psi-jack> heh
<psi-jack> Based on 8.04 LTS I noticed.
<Kamilion> yep.
<psi-jack> Do you know much about it?
<Kamilion> I try to run everything I can on a JEOS base.
<Kamilion> yeah, I have a pretty good understanding of it.
<Kamilion> 1.2 was mostly a rewrite, as 0.98, 1.0, and 1.1 were pretty broken.
<Kamilion> I'm not happy that it's mostly perl, but I can deal with it.
<psi-jack> Cool. Some things I'm curious about, I notice it has LDAP built-in, which I've been working on the past couple days on my own with Ubuntu 9.04
<Kamilion> not only that
<psi-jack> Does it do just LDAP, or does it mix SASL auth and Kerberos V and Samba LDAP?
<Kamilion> the ebox-desktop package can be installed on client ubuntu systems that sets up LDAP, evolution, ekiga, and jabber for every user.
<Rich-Newbie> when I first decided to explore ubuntu server about a week go, I have learnt alot, done alot of reading, I think the couple of hours I spent here have been the most valuble. Big thank you.
<Kamilion> Rich-Newbie:  IRC always ends up that way :)
<qman__> Rich-Newbie, no problem, stick to it
<Kamilion> but watch out! IRC is an ADDICTION.
<qman__> the documentation is great, but sometimes you just need to be pointed in the right direction
<Kamilion> I've been addicted since 1993 :)
<psi-jack> Kamilion, Youngin. :p
<Kamilion> anyway, time for me to head out. Got a long journey up to San Francisco today.
<qman__> heh
<Rich-Newbie> indeed it is, for me interacting with people who can explain stuff is a huge help
<psi-jack> 1993 they'd already had named channels on IRC.
<Kamilion> irc's only been around since 1992, psi-jack
<qman__> I'm not old enough to have been around that long, but I know the feeling
<Kamilion> I hold one of the distinct pleasures of IRCing on eris.
<qman__> I've been a regular in the same channels for about 7 years now
<Kamilion> *laughs*
<Kamilion> anyway, good luck, Rich-Newbie.
<Kamilion> Cheers, everyone. :)
<Rich-Newbie> thanks
<psi-jack> Kamilion, Bzzz. Wrong. IRC was first around in 1988
<Rich-Newbie> cheers kamilion
<Kamilion> psi-jack: the original IRC protocol, not "IRCII", the protocol we now know as IRC.
<psi-jack> Yep. I'm talking irc2.0, not ircii.
<Kamilion> I've actually been around since compuserve's 'cb' and such, back in the 80s before AOL had a gui and didn't suck quite as much.
<Kamilion> and good old GEnie too.
<psi-jack> Aug 88 - first irc server tolsun.oulu.fi
<psi-jack> 89 - ircII released by Michael Sandrof (BigCheese)
<psi-jack> :)
<Kamilion> Ack, gonna be late. IRC always has this effect... going on 20 years now.
<Kamilion> Cheers!
<psi-jack> D'oh!
#ubuntu-server 2009-08-15
<uvirtbot> New bug: #407379 in bind9 (main) "After an update the vpnc is not able to pick up dns information" [Undecided,Invalid] https://launchpad.net/bugs/407379
<shadow98> just trying to find the best option here for failover...i have one server currently and a 2nd server that i am setting up now to do a failover...
<shadow98> i was planning to rysnc the directories and replicate mysql
<shadow98> is that the best option...
<shadow98> this is for my website and sql server
<shadow98> i was going to replicate /var/www
<shadow98> sorry rsync
<shadow98> hello
<qman__> shadow98, that sounds like a good plan to me
<shadow98> awesome
<uvirtbot> New bug: #393792 in lighttpd (main) "lighttpd reload executes restart (bad on logrotate!)" [Medium,Fix released] https://launchpad.net/bugs/393792
<psi-jack> Okay, so if X has a problem finding the 'fixed' font, what package would I need to reinstall to fix it?
<ScottK> One that's not related to Ubuntu Server
<TimReichhart> hi guys i am having problems compiling a drivers for my 56k modem on my server and here what I am getting http://pastebin.com/pastebin.php?dl=m76fb116d
<psi-jack> Do people actually still use modems? o.O
<jmarsden> FAXes are still fairly common in the business world, so yes, they do use modems for FAX transmission and reception.
<TimReichhart> that is correct jmarsden
<jmarsden> The more pertinent question here is why one would build a FAX server and use an unsupported internal modem rather than one known to work with the appropriate FAX server software...
<psi-jack> Okay.. So, I have a gigabit switch and gigabit NIC, but my switch is showing only 100mbit connection, not 1000mbit. Is there something I need to be doing to get it to go up to 1000?
<ScottK> How far apart are they?
<psi-jack> The computer and the switch?
<TimReichhart> jmarsden: its on a research that I am doing on and please I wanted to know how to build a fax server on linux
<psi-jack> ScottK: About... 2 inches.. Cable's a 6 inch.
<jmarsden> TimReichhart: Step one is choose appropriate hardware :)  I'll take a look, but...
<psi-jack> Err, well, not 6 inch, but like, 2 foot.
<ScottK> OK. so much for that idea
<psi-jack> And it's cat5e :)
<TimReichhart> jmarsden: but what
<jmarsden> TimReichhart: But you make life difficult when you choose to ignore that step!  I have built multiport FAX servers for clients... see http://www.hylafax.org/content/Hardware_Compatibility_List
<TimReichhart> jmarsden: yes I do have a external modem but I dont have a null cable for it so that is why I am trying to get this intel/internal card to work and I know the modem is working bc I can hear a dial tone and I can call out but I just cant get it to send out any faxes.....
<jmarsden> Are you sure the driver for it supports FAXing?  What Class is is supposed to handle?  2.0 ?
<TimReichhart> from what I was told this driver is supported for faxing and I dont know what classs its handling on
<jmarsden> So... ask it... use minicom or whatever terminal emulatir you are using for debugging and try the AT+FCLASS=2.0 command, etc... what have you tried exactly?
<TimReichhart> I havent really tried anything except for trying to get this driver to work
<jmarsden> Define "work"?  You got it to give you dial tone and dial out... how did you do that?  What did you use to make the outgoing calls?
<TimReichhart> I dont remember how I got the modem to make a outgoing call
<TimReichhart> modem to make it to work to make the outgoing call*
<jmarsden> A research you are doing... but you made no notes as you did the research?  Lesson #1: Take good notes.
<jmarsden> Looks like the thing you are trying to compile is a kernel module, is that correct?
<TimReichhart> that is what I have been told to do
<TimReichhart> but when I tried to search for the modem there isnt anything showing for the modem
<jmarsden> Been told?  This is a research project, you should be the one deciding what to do.  Following what other people tell you do to is not research.  Do you have the kernel sources installed?
<TimReichhart> how do I know if I got the kernal sources installed?
<jmarsden> Because you installed them as part of your work on this research project? :)
<TimReichhart> i dont think I installed them but how can I make sure I got them installed
<jmarsden> Same way you tell if you have any other package installed... dpkg -l PACKAGENAME -- in this case the PACKAGENAME is probably linux-generic
<psi-jack> Hmmmm
<TimReichhart> see I tried the linux-generic it was telling me to re-install the server part of it when I did the updates
<jmarsden> Be specific... you used what command and got what exact error message back from it?
<TimReichhart> when I did the sudo apt-get update
<TimReichhart> I dont have the linux-generic anymore I got the server part of re-installed
<psi-jack> Bleh. Still no 1gbit.
<jmarsden> TimReichhart: So try installing linux-generic now and then try compiling your kernel module again.
<artillerytx> If i wanted to add a subdomain pointing at a url in bind wouldn't that be a server alias
<artillerytx> or i mean an alias record
<psi-jack> Okay, so it's an on-board 3c940 10/100/1000 NIC that's not going 1000 mbit mode.. On another system, I have it with a nForce 2 10/100/1000 and Linksys 10/100/1000, the Linksys will go 1000 no problem, but neither on-board 1000-capable NIC is going 1000.
<jmarsden> artillerytx: DNS records can only point to an IP address, not to a URL.
<artillerytx> so i would create a new virtual host
<artillerytx> with that subdomain
<jmarsden> Sure, you could do that.
<artillerytx> and then point the dns record to the same ip
<jmarsden> Yes.
<artillerytx> does this work for you http://invoice.longhornpcrepair.com
<nick125> Doesn't look like it
<jmarsden> Nope, that is not in the DNS here.
<artillerytx> alright oh well no big deal
<artillerytx> i will figure it out later
<qman__> psi-jack, it is possible that your cable is too short
<qman__> the specification requires 3' minimum length
<qman__> shorter ones usually work but not always
<psi-jack> qman__: Oh no, it's not too short.
<psi-jack> The Linksys 10/100/1000 connected to my switch at 1000, but neither the nForce2 or 3c940 on-board NIC's of two computers will do it at 1000.
<qman__> nforce 2?
<psi-jack> The Linksys one is PCI card.
<psi-jack> qman__: Yeah.
<qman__> those aren't gigabit
<qman__> so there's your problem
<psi-jack> Yes, actually, it is.
<qman__> nforce 4 is gigabit
<psi-jack> Hey, the mobo manual says the NIC is 10/100/1000, so I'm trusting the manufacturer here. ;)
<qman__> must be a pretty unusual setup then
<qman__> nforce 2 is pretty old, before gigabit was common or cheap enough for most people
<psi-jack> The new NVIDIA nForce2 Gigabit MCP delivers industry-leading Gigabit Ethernet performance/
<psi-jack> Not uncommon at all, nVidia even says it.
<psi-jack> And the nforce2 was well after gigabit was out.
<psi-jack> But the 3c940 is also having the same problem, it won't go 1000mbit.
<qman__> if the cable is tested good, then that's pretty strange
<psi-jack> So far, the only one I've managed to actually go 1000mbit, is the bloody Linksys off-board one.
<jmarsden> psi-jack: Trying a longer and different cable would be worth it at this point, IMO.
<psi-jack> Yep. Same cable that went to the nforce2 that wouldn't go 1000, is hooked into the linksys, and connecting at 1000
<psi-jack> jmarsden: I tried that too.
<jmarsden> Maybe the Linksys is more tolerant of the too-short out of spec cable than the others?
<jmarsden> OK.
<qman__> that type of thing is generally handled by the NIC itself, with hooks for the drivers to interfere if needed
<psi-jack> I switched out cables for brand new freshly made cables. heh
<jmarsden> Which were over 3 feet, right?
<psi-jack> Correct.
<qman__> if the switch is behaving correctly, and the cables are working, the next logical step is hardware failure, but two NICs at the same time is unlikely
<jmarsden> Seems odd indeed.  Can you test with a different switch at some point?
<psi-jack> Yeah. Both the on-board NIC's won't do 1000, but are capable of it.
<qman__> what happens if you connect the NICs to each other?
<psi-jack> jmarsden: Only have the one gigabit switch.
<jmarsden> Borrow one from a friend, move PC to friends house, etc etc... ?
<psi-jack> jmarsden: Heh, I literally just bought the switch from a friend. :p
<qman__> gigabit is automagic, so you can connect anything to anything
<qman__> while connecting two NICs in one machine to each other isn't very practical, it should at least get you a gigabit link light
<psi-jack> qman__: That's a negative.
<psi-jack> Gigabit did not go.
<qman__> do they link at 100, or not at all
<psi-jack> 100, yes. 1000, no.
<psi-jack> And both nic's I see are using the sk98lin driver for them.
<qman__> so far that's the only thing in common
<qman__> one way to verify would be, if they have lights for gigabit, to reboot the machine and see if they go gigabit before the OS loads
<qman__> though that'd be very inconvenient and somewhat inconclusive
<jmarsden> Boot from a *BSD LiveCD and see if its drivers do any better??
<psi-jack> qman__: I believe when I first booted back up my system it was 1000, initially.
<psi-jack> jmarsden: That's also a thought. I'll prolly try that. ;)
<psi-jack> Once my backups finish.
<qman__> that wou;d confirm it as being the driver
<qman__> funny how that works
<qman__> the driver removes functionality
<psi-jack> Heh.
<psi-jack> Well, both these systems are the last two still actually running opensuse, but that's very soon to be changing to ubuntu-server and ubuntu-desktop within the next few hours, hence the backup. ;)
<psi-jack> Hmm, now, the 3c940 apparently can use the skge driver as well? the sk98lin was actually in the modules.d blacklist. heh
<drurew> !img3
<ubottu> Sorry, I don't know anything about img3
<jmarsden> drurew: See http://theiphonewiki.com/wiki/index.php?title=IMG3_File_Format
<drurew> heh, im looking at already...
<drurew> tx tho
<jmarsden> No problem :)
<drurew> does anyone know of any "succesful" attempts at iphonelinux ?
 * drurew waits for a bunch of trouts to fly his way 
<drurew> let me rephrase...*successfully documented (including all sources) attempts
<jmarsden> Unless Ubuntu server was ported to it, that's off topic here... maybe ask at irc://irc.osx86.hu/iphonelinux instead?
<drurew> yeah your probly right...just the only way to install it is with ubuntu 8.10....so
<drurew> k
<drurew> laterz
<jtxx0001> is it sensible to configure dovecot/postfix to use passwords which are different from the system passwords, particularly for users with root access?
<andol> jtxx0001: Could be, yes. Especially if there is also a webmail, which those users use from wherever.
<jtxx0001> andol: would the best way to go about this be to use dovecot's authentication with a passwd file?
<andol> jtxx0001: No idea what the best way is for your needs. The easiest is probably to simply to configure dovecot to use another auth source, and have postfix auth by using dovecot.
<andol> jtxx0001: Then of course, there is always PAM.
<andol> jtxx0001: By the way, this is really not my expertiece. I know enough to figure out what I need to do myself, but not really to give other people (good) advice.
<jtxx0001> andol: i'll look into PAM, but i think i've managed to get it working now.  thanks for the help!
<acalvo> Hi
<acalvo> I'm trying to configure a DNS and DHCP server
<acalvo> DHCP is working
<acalvo> DNS seems to be working
<acalvo> but I cannot access anything from outside this lan
<acalvo> I can't even ping my gateway, but I can ping and resolve any other machines in the lan
<uvirtbot> New bug: #413985 in dhcp3 (main) "dhcp3-server fails to install on ubuntu 9.04" [Undecided,New] https://launchpad.net/bugs/413985
<Rich-Newbie> Hi all, got a question about post fix. I have a simple email server setup, and can send and recive. I have setup masquerading_domain, with this I am able to send to outside email addresses, relaying through my isp. When the email arrives it showes name@server.mydomain.com, would I need to setup aliases to show it as name@mydomain.com.
<jdive> hello folks, i have an issue with a soft raid 5 array, ext4 .. userspace application get's cut from data read on the storage, this last for less than a sec, then goes again
<jdive> if someone could help on how to dig this out,i would appreciate it
<uvirtbot`> New bug: #412501 in php5 (main) "php5 crashed with SIGSEGV in _Unwind_ForcedUnwind()" [Medium,New] https://launchpad.net/bugs/412501
<uvirtbot`> New bug: #403599 in php5 (main) "Installing PHP5 performs a reload to apache instead of a restart" [Low,Confirmed] https://launchpad.net/bugs/403599
<Maleko> hmm this chan is as good as dead
<ewook> no, idle is not dead.
<giovani> Maleko: it's a Saturday morning in the US ... clearly most people won't be around
<Maleko> oh..
<ewook> and brunch/ early dinner in Sweden
<Maleko> weve just had dinner here and are now slowly approaching saturday's midnight in next couple of hours
<Maleko> btw any idea how i could start X through ssh?
<giovani> Maleko: x
<giovani> xorg isn't supported in #ubuntu-server
<ewook> X11-forwarding is a good suggestion.
<ewook> giovani: nah, but perhaps settings in sshd.conf server-side is? :)
<Maleko> i have some apps on my ubuntu server that need to run under wine but its being picky and refuse to launch without window manager. so i then installed both wine and window manager on the os
<Maleko> now i need to start the X.. tried startx but that doesnt work
<giovani> ewook: not when they relate to running xorg on the server
<ewook> giovani: I get your point.
<giovani> Maleko: what applications are you referring to?
<Maleko> gameserver daemon apps that run in windows cmd prompt mode
<giovani> Maleko: sound like applications suited for windows then
<Maleko> maybe but they should be able to run fine under wine with X support on the os
<giovani> Maleko: except that wine and x aren't appropriate on a server setup unless you really know what you're doing
<Boohbah> Maleko: maybe you need to get a windows server
<RoyK> Boohbah: shame on you and your foul language
<uvirtbot`> New bug: #414017 in samba (main) "Reloading /etc/samba/smb.conf smbd only" [Undecided,New] https://launchpad.net/bugs/414017
<uvirtbot`> New bug: #414109 in samba (main) "package samba 2:3.3.2-1ubuntu3.1 failed to install/upgrade: il sottoprocesso post-installation script ha restituito un codice di errore 127" [Undecided,New] https://launchpad.net/bugs/414109
<BlueFaceMonster> Hi - I have a question. Trying to set up my first email sever (emix/dovecot). I can connect to the IMAP no worries, and test emails genereted at the server get delievered to my client fine, but I'm not reciving email from external addresses. Any ideas?
<BlueFaceMonster> (and obviously by emix I mean exim 8o\ )
<BlueFaceMonster> OK, update, so I can "telnet localhost 25" but can't telnet remotely - connection refused. How do I change this?
<Grim76__> BlueFaceMonster: Sounds like a Firewall/Port Forwarding issue.  Also could be an ISP block on port 25 if you are doing this on residential Internet access.
<BlueFaceMonster> Hi, Grim76__. Not residential, but firewall/forwarding sounds about right. Is there a default firewall for ubuntu-server? I thought it might be AppArmor but that's not installed.
<Grim76__> BlueFaceMonster: I don't recall there being one by default on the last installation that I did.  There might be a firewall at the perimeter of your network that needs to be configured to point traffic to the server.
<BlueFaceMonster> Noted, will look into it. Thank you!#
<Grim76__> BlueFaceMonster: Really quick.  Can you telnet to port 25 from another machine on the same network?
<BlueFaceMonster> Not sure how to check that, it a hostes VPS
<Grim76__> BlueFaceMonster: OK.  I know some VPS providers have a firewall that you can self configure.  Also you might try an sudo iptables -L to see if there are any rules in place based on their build.
<BlueFaceMonster> To be honest, Grim76__, I've got no idea what I'm looking at. Could you check it for me if you have a chance? http://www.pastie.org/585055
<jmarsden> BlueFaceMonster: Before digging into iptables rules, are you sure exim is listening on the external IP address as well as on localhost?  Try   netstat -ntl | grep :25    to find out
<BlueFaceMonster> tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
<BlueFaceMonster> It's not!
<jmarsden> So configure it to do so and life will be better :)
<BlueFaceMonster> you make it sound so easy! :)
<BlueFaceMonster> You know what's coming next, don't you...
<Grim76__> Thanks jmarsden...Forgot to check for that.
<BlueFaceMonster> ...how do I do that then?
<jmarsden> You;ve never configured exim in your life and have no idea how... right?
<BlueFaceMonster> Genius
<jmarsden> Wait a sec... I use postfix more than exim these days... let me check...
<BlueFaceMonster> Thank you!
 * BlueFaceMonster is slowly getting used to being a newb
<Grim76__> BlueFaceMonster: We all have to learn sometime.
<BlueFaceMonster> I only recently discovered ubuntu IRC, and so far I've configured a webserver, made a Python/Pylons webpage from scratch and now this... all in a week. It's great! Hopefully get to "pay it forward" someday and help other
<jmarsden> BlueFaceMonster: Let's try    sudo dpkg-reconfigure exim4-config
<Grim76__> BlueFaceMonster: Look at your configuration and look for dc_local_interfaces according to what I am reading that is where you specify what interfaces to listen.
<jmarsden> Grim76__: Probably better to use the "friendly" config tools rather than manual file editing, don't you think?
<sub> It depends who you ask :-)
<sub> hehe
<Grim76__> Good point.
<BlueFaceMonster> nah, I'm an expert at "sudo nano /etc/foo.conf" now
<Grim76__> BlueFaceMonster: Follow jmarsden and ignore me on that one.  I am used to editing the config files directly.
<jmarsden> sub: It depends who you are and your level of experience, IMO.  I'd hack it, but I've been doing Unix system and network admin for 15+ years...
<BlueFaceMonster> I'm happy with that, just can find exim.conf! Friendly tools it is...
<BlueFaceMonster> * can't
<jmarsden> Hmmm.  When you installed exim what did you do regarding configuring it?  Didn't you get the debconf dialogs about it then?
<sub> jmarsden: Yes, very true, I agree. I've been doing *nix admin for about 5 total (though I have been using Linux for 10!)
<sub> BlueFaceMonster: The friendly config tool is can be launched via: sudo dpkg-reconfigure exim4-config
<sub> s/is//
<BlueFaceMonster> I did, jmarsden, but I just forgot to add the external IP address. I have now, it was very easy and I am composing a suitable test email to myself... fingers crossed...
<sub> Ah sorry, misunderstood :)
<jmarsden> Good.  Looks like all is well, I'll go eat my breakfast... have fun with exim :)
<ivantis> Does anyone here run ubuntu server with mysql installed?
<BlueFaceMonster> Tadaa! Worked like a charm! My thanKs to you all!
<jdstrand> BlueFaceMonster: re firewall in Ubuntu> the default firewall tool is 'ufw'. It is not enabled be default. see 'man ufw' and https://wiki.ubuntu.com/UbuntuFirewall for details
<BlueFaceMonster> will do, thanks.
<jmarsden> ivantis: Ask you real question and find out who can help answer it...
<Grim76__> BlueFaceMonster: Out of curiosity where did you get your VPS?
<BlueFaceMonster> tagadab.com - can't fault them, service so far has been impeccible and cheap and chips, too
<Grim76__> BlueFaceMonster: Ok thanks for the information.
<vecy> hey guys i have purchased a Dedicated Server - first time with multiple IP's i have a IP range - 72.232.190.90 to 72.232.190.94 - but when i try to ssh into it using lets say 72.232.190.91 - i never am connecting, do i need to activate these IPs somewhere before i can use them ? if so how ?
<vecy> i am connecting fine using *.*.*.90
<vecy> but not connecting at all using  *.*.*.91-94
<jmarsden> vecy: Do you have interfaces (or interface aliases) that actually are set to those IP addresses?  If not, your sever will not respond to traffic send to those IPs.
<vecy> i honestly dont know, i am logged in as root and i have not set anything besides installed LAMP (apache ..)
<jmarsden> Do you *need* to use the other IPs for something in particular?  If so, what?
<vecy> when i type 'ifconfig' i see only the *.90 set
<jmarsden> Then you are only listening on .90
<vecy> well i want to setup my Apache for 5 websites if ip: 72.232.190.91 go to /home/user1/www   if 72.232.190.92 go to /home/user2/www ... and perhaps some other stuff just incase
<vecy> do you know the commands how to set those ips up ?
<Daviey> vecy: Do you know how to do virtualhosts?  It's similar
<vecy> ohh true vhosts i totally forgot about them, yes i can use those and bind to domain name even better... :)
<Daviey> thar you go :)
<jmarsden> vecy: if you decide you do need the other IPs, man interfaces   and also    less /usr/share/doc/ifupdown/examples/network-interfaces.gz    will probably get you on your way to configuring interface aliases for the other addresses.
<vecy> thx :) reading on it now.. seems simple lets try rebooting now for changes to take affect.. a reboot is required right ?
<jmarsden> No, just restart networking or probably just ifup the newly defined interface aliases
<jmarsden> But I'd only add them if you need to use them; otherwise, keep it simple.
<vecy> ah i rebooted before ive seen your msg and its been 5minutes
<vecy> server still not up hmm could it get stuck anywhere ?
<jmarsden> That's a long reboot... well, it could if you broke things and misconfigured the network interfaces...
<jmarsden> Maybe you need to see whether your provider offers you remote console access of some kind?
<vecy> well the /etc/.../interfaces  file had  if i recall   eth0 auto... then eth0 ... static  my ip .. subnet.. gateway
<vecy> and i just copy pasted that  from  eth0 static .. 3 times changed ip only
<jmarsden> That's unlikely to work, you need separate interface aliases for each IP, I *think*... like eth0:0, eth0:1 ... which were in the examples.
<vecy> iface eth0 inet static; address 192.168.1.5; netmask 255.255.255.0; gateway 192.168.1.254
<jmarsden> Get yourself remote console access and see what is going on.
<vecy> it had this line
<vecy> i just copy pasted and changed ip
<vecy> thats just an example ok
<vecy> ill give them a call to see if they can give me remote console access
<sub> try the last IP you configured
<sub> because jmarsden is correct about the interface aliases
<sub> also the gateway only needs to be configured once
<vecy> im such a noob lol first try locked myself out ... waiting for support to reply
<sub> You've gotta learn somehow :P
<vecy> is anyone here with LayeredTech by the way - just wondering where does one find the 'Automatic OS reloads' button which they advertise but not found within the Customer Portal
<vecy> so you guys are saying i should be doing
<vecy> iface eth0 inet static; address 192.168.1.5; netmask 255.255.255.0; gateway 192.168.1.254
<vecy> for ip #1
<vecy> iface eth1 inet static; address 192.168.1.5; netmask 255.255.255.0; gateway 192.168.1.254
<vecy> for ip #2
<vecy> ?
<vecy> and etc eth2, eth3..
<jmarsden> No... use eth0, eth0:0 and eth0:1 since you only have one physical network interface, eth0.  eth0:X are the aliases
<jmarsden> I'm out of here... on my way to attend a wedding...
<vecy> cool thx
<vecy> should
<vecy> auto eth0 eth0:1 eth0:2 eth0:3
<vecy> cause any problems ?
<vecy> i added it and not again! it looks like i broke my server again, cant connect to it anymore
<giovani> vecy: you should never be editing core networking config files without an alternate means of accessing the server
<giovani> you WILL break something if you're not very careful and experienced with how the files work
<giovani> however, to answer your question, yes you can auto multiple interfaces on one line, that's fine
<giovani> you probably had a typo elsewhere in the config
<HellMind> When should I chroot?
<giovani> when you have a need for it ...
<giovani> when the process is self-contained within a specific directory structure, or can be easily adapted to
<HellMind> for security is useful?
<giovani> it can be
<HellMind> I want to run a ventrilo server
<HellMind> I dont know if doing that is necesary
<giovani> necessary? definitely not
<HellMind> but its a lot secure or its the same :(
<HellMind> doing that what Im preventing?
<giovani> there's no way for me to give you a simple answer
<giovani> the security advantages are, if the ventrilo software is compromised, they only have access to files that were placed in the chroot
<giovani> and they won't be able to access other files on your server, unless there's a bug or vulnerability in the kernel
<HellMind> but if the attacker gain root?
<HellMind> oh
<giovani> well it's unlikely that they'd gain root through a chrooted server
<infinity> They shouldn't, if Ventrilo isn't running as root, and if there are no root escalation vulnerabilities in your kernel.
<giovani> however, if someone gains root on a server ... it's game over
<HellMind> and there are many levels of chroot, because I saw you can chroot ftp
<giovani> there are not many "levels" of chroot
<giovani> chroot is a concept, it's either in use or not
<giovani> chrooting users to their home directory is a common step where users on a system aren't trusted
<giovani> (the ftp server is an example of where that might be used)
<HellMind> for every user I must creat an enviroment?
<giovani> if you wanted to chroot your users, yes
<giovani> but that's separate from chrooting a particular server binary
<HellMind> and what is the bad about it?,
<HellMind> wasting hd space
<giovani> chrooting is a pain to set up, it sometimes required a lot of work, and if you don't do it properly, you'll spend hours troubleshooting missing binaries, etc
<giovani> s/required/requires/
<HellMind> I tried and I failed
<giovani> my point exactly
<HellMind> I wonder which files are required to create the environment
<giovani> ldd, and google usually help with that
<HellMind> I can remove all thats unnecesary
<HellMind> I got a guide
<HellMind> but not for ubuntu
<giovani> very little (if any) of this is ubuntu-specific
<giovani> so that's not a problem
<vecy> hey guys i am changing the motd.. are there any variable aliases i can use like  Hello %username% welcome! << example ?
<vecy> i havent touched linux much so unsure
<giovani> vecy: /etc/motd is a static file
<giovani> /etc/issue on the other hand allows text substitution along the lines of what you'd like
<giovani> to my knowedge, you can't print the username though -- you could write a wrapper script to handle this
<vecy> ok one more thing lets say i have a program i want to start it everytime i reboot automatically
<vecy> how do i do such thing ?
<vecy> its web server.. but i need to run it manually all the time (xampp)
<giovani> what is xampp?
<vecy> its a combination of  apache,mysql,ftp... all in one
<giovani> most server applications installed in ubuntu-server are automatically placed in /etc/rcX.d/ so that they start on bootup
<vecy> but i need to type  ./lampp everytime to run it
<giovani> that doesn't sound like something built properly for ubuntu
<giovani> I'd recommend installing packages from ubuntu which will work well together, and properly integrate into the system
<HellMind> root@arctica:/opt/chrooted/ventrilo# su ventrilo
<HellMind> root@arctica:/opt/chrooted/ventrilo#
<HellMind> why I cant su :(
<giovani> HellMind: "su - ventrilo"
<HellMind> its the same
<HellMind> it returns #
<giovani> then you didn't set up the user properly
<HellMind> it says I must set it /bin/false
<HellMind> the shell
<giovani> if you set the shell to /bin/false ... then you can't log in as the user like you're trying to
<giovani> you can do one or the other, but not both
<HellMind> but I can run the server right
<giovani> yes ...
<giovani> but su is going to start the shell
<giovani> which you've disabled
<giovani> so clearly it won't work
<infinity> su -s /bin/sh - ventrilo
<infinity> That will log in as the ventrilo user.  Not sure why you'd want to, but there you go.
<giovani> uh
<giovani> let's not provide workarounds like that
<giovani> that serves no purpose
<infinity> It's not a "workaround".
<infinity> If you need to test something as a user with a false shell, that's how you do it.
<giovani> it absolutely is -- either the user has a shell or not
<HellMind> giovani he is a pro
<HellMind> infinity you rock
<HellMind> i dont understand, if I can do that
<giovani> you shouldn't be doing that
<HellMind> and I see am not chrooted,
<giovani> that's the point
<HellMind> how can I see the chrooted environment
<HellMind> How can I see it working
<vecy> i asked this question on another linux channel without response.. lets try here
<vecy> hi guys is there a way to make aliases to commands .. lets say i have  /opt/lampp/lampp (a webserver) can i make a global alias so i could just type  startwebserver and it would automatically go to /opt/lampp/lampp
<giovani> vecy: yep, you're probably looking to set bash aliases
<giovani> this can be done in the .bashrc file in each user's home directory
<vecy> nice
<HellMind> How do I know my user is being chrooted
<infinity> Users aren't chrooted, processes are.
<HellMind> thats why I asked the lvl of chroot,
<HellMind> if I execute the sever using your tip, the process will be chrooted?
<infinity> Is /opt/chrooted/ventrilo a chroot containing what will be run?
<HellMind> yes
<infinity> If so, "chroot /opt/chrooted/ventrilo" would get you "in that environment".
<HellMind> but how should I start the process to chroot it then ?
<infinity> But, you probably want a nice init script or something that will start your vent server in the chroot.
<HellMind> "chroot /opt/chrooted/ventrilo" will spawn the shell chrooted
<HellMind> i got a .c script but it doesnt do chroot
<giovani> vecy: if you want to make aliases for every user on the system, best to place them in /etc/profile
<HellMind> it only does setgid( and setgroups(
<HellMind> So I should chroot lets say in the /etc/init.d script?
<infinity> Assuming the application doesn't chroot itself (and I'm pretty sure vent doesn't/can't), then doing it in the init script is the cleanest place, yeah.
<infinity> With a nice init script, you can also do some clever things like make sure the chroot is always fresh (copy over libc6, etc) before you start your application.
<infinity> I tend to do sketchy things like mount a tmpfs, copy the libraries that my application depends on, copy in the application itself, then start it.  Then you get a nice, fresh chroot every time you restart.
<infinity> (Which means that package updates will stay in sync with the chroot)
<HellMind> if you do a sym link for that
<HellMind> you are unchrooting?
<infinity> You can't symlink out of a chroot..
<HellMind> thats right :D
<HellMind> so all the symlink on the chroot will be unavailable
<HellMind> if you chroot?
<HellMind> it will show broken link
<HellMind> or something?
<infinity> Well, if they're absolute symlinks using full filesystem paths, yeah.
<infinity> Any symlinks that are internally consistent IN the chroot would be fine.
<HellMind> nice
<infinity> A symlink is literally just a text string.  There's nothing fancy about it.
<infinity> So, if "foo" points to "/unf/whatever", if the latter exists in the chroot, the symlink works.
<infinity> If not, it doesn't.
<infinity> The file doesn't need to exist when you create the symlink, just when you want to resolve it. :P
<HellMind> what happen if you do a cycling linking
<HellMind> like a => b => c => a
<infinity> Don't? :)
<HellMind> dont know?
<infinity> Depends on your application.
<infinity> It won't hurt the system in any way.  They're just files on the disk.
<infinity> But an application reading "a" could get itself caught in an infinite loop if it's written by people unprepared for such siliness.
<HellMind> but isnt about the app, is about the filesystem, the app doesnt resolve a symlink -_-
<infinity> The filesystem just hands back a pointer to the real inode.
<infinity> Which libc then hands off to the application as the new file handle.
<infinity> If the application then opens that, finds another symlink, and loops... And doesn't notice it's in a loop.
<infinity> *shrug*
<infinity> It's somewhat academic.  The answer is "don't do that, then".
<sub> ln -s a b; ln -s b a; cat a gives me "cat: a: Too many levels of symbolic links
<sub> :-)
<r3rman_> Hey gais - http://my.brandeis.edu/bboard/q-and-a-fetch-msg?msg_id=0000Dn << how does that translate into ubuntu land?
<r3rman_> I want ot tweak my /proc/sys/fs/file-max, inode-max (didn't find this one!) and perhaps something on ulimit
<r3rman_> I am getting Too many files open exception
<giovani> r3rman_: it has nothing to do with ubuntu
<giovani> r3rman_: those are linux kernel settings ... feel free to modify them in ubuntu, it's no different than elsewhere
<r3rman_> giovani, I don't see the inode-max on my install tho'
<giovani> however, those posts are from years ago
<r3rman_> yeah :s
<giovani> r3rman_: those are from 2.2
<giovani> long ago, things have changed heavily in 2.6
<giovani> adjust file-max instead
<r3rman_> aaah, pkill -9 actually works, whereas killall -p 9 fails and stops when it matches one process you don't own
<r3rman_> giovani, where is file-max?
<giovani> ... same place as you thought inode-max was
<r3rman_> w00t
<giovani> googling clearly identifies all of this
<giovani> you should know that these settings don't stay after a reboot
<r3rman_> yeah, so I'll emacs that file, set it high, like 65535, and I can put a init.d to reconf it though right? or just even ~.bashrc ? (or ~/.profile?) - does it take effect immediately though?
<giovani> you can either place the settings in /etc/sysctl.conf, or in /etc/sysctl.d/ -- read the README in that dir
<r3rman_> thanks
<giovani> r3rman_: no no no
<giovani> r3rman_: sysctls don't belong in any of the places you mentioned
<infinity> Err.
<infinity> r3rman_: If you're getting "too many open files", it's probably not a kernel setting you're after, but a session limit.
<infinity> r3rman_: See /etc/security/limits.conf
<r3rman_> aah, right, I bumped into that one before I fell asleep earlier, cheers infinity
<infinity> (See ulimit(1))
<infinity> Default for open files is 1024.
<r3rman_> infinity, you think 65535 is the max?
<accol> hey guys random question, if i get the 'host key verification failed' error when trying to connect to a server, what am i doing wrong (this is before i even get a chance to enter a password/username)
<infinity> r3rman_: I think that if you have a process using 65535 open handles, you have a very broken application.
<r3rman_> infinity, or a very awesome one
<infinity> r3rman_: Raising ulimits is usuall a troubleshooting step, not a fix. :P
<r3rman_> it isn't broke, it is just slamming two 8 cores like bitches, and ripping up lots of files, across two machines with 200Tb of storage. and doing crazy stuff. I've finally written something to organise my porn
<infinity> Not seeing how 8 threads translates to 65 thousand open handles at once, but sure.
<infinity> You'll be heavily I/O limited if you don't serialise that a bit.
<r3rman_> infinity, yeah, you are right, I was thinking to dump it all into a berkley db, maybe I will
<r3rman_> but, I have zillions of threads raeping the nets and when they complete they touch a file and impregnate it with awesome
<r3rman_> that front end is well tuned, and gets the highest throughput right nao, but as I cranked it up past 11 it didn't like it
<r3rman_> * soft nofile 65535  < infinity do I need to restart session now?
<infinity> r3rman_: Logging out and logging in should be enough to make it happy.
<infinity> (Or whatever starts a new session for your process... su, sudo, etc)
<infinity> r3rman_: You can verify you got it right with "ulimit -a" and check the values.
<r3rman_> open files is still 1024
<r3rman_> aah need to log in / out
<r3rman_> I could also run run a ulimit command to set it in memory now?
<infinity> r3rman_: Yeah.  Limits are set by PAM, so you need a fresh session.
<r3rman_> oh ok... I am accessing via vnc... perhaps I can logoff and on graphically... who knows, never tried
<infinity> r3rman_: ulimit will only let you change user limits up to the hard limit, since root controls those.
<infinity> r3rman_: But that would be lost on the next session start, hence why setting the default(s) for the user(s) makes a bit more sense.
<r3rman_> ok. I've fusked my vnc now, I loaded gnome-session to see if I could logout that way, but that brough about the asdf abfh bug
<r3rman_> lol
<r3rman_> ulimit -n still gives 1024.... reshoe tiem
<uvirtbot`> New bug: #414232 in munin (universe) "munin-node tries to "autoconf" /usr/share/munin/plugins/postgres_space_" [Undecided,New] https://launchpad.net/bugs/414232
<andol> By the way, if someone feels like confirming that one
<andol> ...feel free to do so :)
<psi-jack> Okay.. Since my on-board NIC's capable of doing Gigabit isn't working as I'd hoped they would...
<psi-jack> I'm looking for options of PCI-based NIC's that can do it and are well supported by Linux.
<psi-jack> Intel and or Netgear brands would be preferred.
<psi-jack> Anyone with suggestions of hardware and model numbers?
<giovani> any of the intel pro stuff is good
<giovani> not cheap though
<psi-jack> I don't mind spending about $100/card
<psi-jack> As long as they're worth it.
#ubuntu-server 2009-08-16
<r3rman_> so quake live will support linux from Tuesday...
<r3rman_> I long for the day of q2dm1... those were the days
<psi-jack> But, how are the netgears in Linux these days? I used to use a Netgear FA--- something, only 10/100, but it wasn't always that reliable.
<psi-jack> Perhaps the Netgear G-series for gigabit are better?
<vecy> hey guys i need a good 'mail server' which one do you recommend
<jmarsden> vecy: Use the one you already know how to configure :)  For general purpose use, Postfix is a common and reasonable choice.
<uvirtbot`> New bug: #414359 in dovecot (main) "Dovecot-imapd, PAM auth., krb auth with non-krb user causes crash" [Undecided,New] https://launchpad.net/bugs/414359
<r3rman_> vecy, smtp.gmail.com is a nice one
<r3rman_> non-standard ports though
<psi-jack> How about, better, your ISP's mailservers, if you're having to use a smarthost method.
<psi-jack> gmail's mail servers require authentication.
<psi-jack> And not intended to be a smarthost.
<StrangeCharm> what's the name of the metapackage for a lamp install?
<pmatulis> StrangeCharm: lamp-server is a tasksel task, it's not a metapackage
<StrangeCharm> pmatulis, thanks, someone let me know on #ubuntu
<macrocosm> Anyone got a tip for full system backup and restore?  I am using rsnapshot currently for backups but I would like to be able to do a full system backup & restore & im not sure rsnapshot can do all that... anyone use rsnapshot?  Or what do you use for full sys backup/restore capabilities?  I am running server 8.10 still and would like to upgrade to the latest soon but I dont want to without a...
<macrocosm> ...clean way to restore in case of meltdown.
<alex-weej> what is the "recommended" MTA?
<giovani> alex-weej: postfix
<alex-weej> thanks!
<giovani> macrocosm: what exactly are you trying to do that rsnapshot doesn't?
<macrocosm> im still reading the docs so I guess it might... I just want to be able to do full system backups when I need to
<giovani> macrocosm: ok ...
<macrocosm> a little safety net thats all
<giovani> right, backups are obviously a good idea
<giovani> "full backups" can mean anything
<giovani> it's usually entirely useless to backup binaries, for example
<macrocosm> yeah I suppose so .. guess im just used to windows restorepoints .. and vmware workstations snapshots functionality ... I think they do leave out certain bits for sure! otherwise it would waste space needlessly
<giovani> there are plenty of way to achieve shapshots within linux
<macrocosm> what do you think of rsnapshot?
<giovani> but no, windows restorepoints and vmware snapshotting don't leave out anything
<giovani> I think it's a fine app
<giovani> I don't have any need to do os-level backups though
<macrocosm> it seemed to be best choice Ive found... what do you use then?
<giovani> my storage platform handles snapshotting/backup
<giovani> all of my files sit on a SAN
<giovani> the important ones, that is
<macrocosm> cool .. thats prolly where I need to go eventually .. store stuff on another machine... I think that can be done with rsnapshot too
<giovani> huh? rsnapshot is completely unrelated to network storage
<macrocosm> well cant it send the snapshot files to any location?
<macrocosm> they dont have to be local right?
<giovani> sure ...
<giovani> that has to do with backup ... not storage
<macrocosm> yeah
<macrocosm> giovani: what storage platform are you using?
<giovani> a NetApp FAS2020
<macrocosm> nice
<macrocosm> not cheap thats for sure! But it looks like its got all the goods
<monox> Hi folks!
<monox> I'm trying to set up some extremely simple network sharing in Linux. Just a windows laptop connected to a linux server connected to the ISP. I followed these instructions -> http://u.nu/38wv
<monox> But I wasn't sure what to put as the gateway IP so I just put 192.168.1.1 hoping that would work. But the laptop then fails to connect... what could cause this?
<monox> (by fails to connect, I mean it says "connected" but pinging 4.2.2.2 or google fails. I use OpenDNS)
<LiraNuna> what's the default FTP server in ubuntu?
<LiraNuna> and does it matter if I use it or not? (security wise)
<nick125> LiraNuna: I don't think there is a "default" FTP server.
<LiraNuna> that answers my question too, thank you
<nick125> I'd recommend against FTP for uploading files...use SCP instead.
<duiu> ssh is rejecting my password for all users except the one I created at system install (that user can even use key auth). Suggestions? ssh -vv output at http://paste.ubuntu.com/254172 for when I log in and get denied
<CopyWriter> hi guys, i've created my network everything is running beautifully
<CopyWriter> my last pursuit is how to join my ubuntu desktop to my ubuntu server domain
<CopyWriter> pleeeasssee :)
<jmarsden> CopyWriter: "Ubuntu server domain" as in you are running Samba as a windows domain controller on the Ubuntu server?  Samba3 (NT-style PDC) or Samba4 (with the new Active Directory stuff)?  And what happens when you try to join your Ubuntu desktop to the domain?  WHat exactly did you try and what error messages did you get?
<CopyWriter> not exactly
<jmarsden> OK, define "domain" --- DNS domain?  Windows domain? NIS domain??
<CopyWriter> i installed ebox, and got the pdc up i'm seeing the server on the network i can connect to it using the share i set up, but when i boot it's only the local account i can gain access into the machine
<CopyWriter> I know it's not a windows domain, i'm stumped over that one
<jmarsden> "got the PDC up" ... so you configured Samba3 as a NT-style domain controller, right?
<CopyWriter> right
<jmarsden> OK, so what happens when you try to join the workstation to that NT-style domain?
<CopyWriter> that's the thing i dont know how to join the workstation to that domain
<CopyWriter> i edited the smb.conf file set the security to domain and the workgroup to the workgroup
<CopyWriter> and rebooted and nada :), did a join command i found
<CopyWriter> using the net join command
<jmarsden> Um... are you using ebox, or are you manually editing config files....?  Doing both is probably unwise.
<CopyWriter> eep... i'm doing both
<CopyWriter> well i'm editing the conf files on the clients
<jmarsden> Why?  Are you 100% sure your manual changes will be recognized by ebox OK and not overwritten?
<CopyWriter> and using the web interface for ebox
<jmarsden> On the server, you should probably stick to ebox as much as possible once you decide to use it.
<CopyWriter> but got no idea how to connect the workstation to the domain
<jmarsden> net join is the usual way... what exactly happens when you use it, and exactly what net join command are you using?
<CopyWriter> net join -W SCCSDA -U administrator (I USE THIS)
<CopyWriter> net [<method>] join [misc. options]
<CopyWriter> 	joins this server to a domain
<CopyWriter> Valid methods: (auto-detected if not specified)
<CopyWriter> 	ads				Active Directory (LDAP/Kerberos)
<CopyWriter> 	rpc				DCE-RPC
<CopyWriter> Valid targets: choose one (none defaults to localhost)
<CopyWriter> 	-S or --server=<server>		server name
<CopyWriter> 	-I or --ipaddress=<ipaddr>	address of target server
<CopyWriter> 	-w or --workgroup=<wg>		target workgroup or domain
<CopyWriter> Valid miscellaneous options are:
<CopyWriter> 	-p or --port=<port>		connection port on target
<CopyWriter> 	-W or --myworkgroup=<wg>	client workgroup
<CopyWriter> 	-d or --debuglevel=<level>	debug level (0-10)
<CopyWriter> 	-n or --myname=<name>		client name
<CopyWriter> 	-U or --user=<name>		user name
<CopyWriter> 	-s or --configfile=<path>	pathname of smb.conf file
<CopyWriter> 	-l or --long			Display full information
<CopyWriter> 	-V or --version			Print samba version information
<CopyWriter> 	-P or --machine-pass		Authenticate as machine account
<CopyWriter> 	-e or --encrypt			Encrypt SMB transport (UNIX extended servers only)
<CopyWriter> 	-k or --kerberos		Use kerberos (active directory) authentication
<CopyWriter> mark@TreasuryEXT:~$
<CopyWriter> and get this
<jmarsden> Woah.... don't post that much in here
<jmarsden> Use pastebin :)
<PhotoJim> pastebin :)
<CopyWriter> sorry about that
<CopyWriter> didn't know about pastebin
<CopyWriter> googling it now
<PhotoJim> np :)
<jmarsden> you got the syntax of the command wrong...  net rpc join -W SCCSDA -Uadministrator   # is more likely to get you somewhere.
<jmarsden> But I'm not sure if -Uadministrator is what you want here... should the -U be the machine account??  Let me check...
<CopyWriter> i now get cannot join as a standalone machine
<jmarsden> That's progress... one sec...
<CopyWriter> :) yes!
<jmarsden> net rpc join member -W SCCSDA -Uadministrator
<CopyWriter> same thing, can't join as a standalone machine
<jmarsden> Hmmm, I'm not finding an obvious answer... I'd suggest you look through the docs at http://us6.samba.org/samba/docs/ for stuff related to joining domains and see if that error is mentioned, or if you missed a step somewhere.
<CopyWriter> will do, i know i'm close, there is always tomorrow
<CopyWriter> thanks jmarsden
<CopyWriter> :) now to get home before my wife kills me
<jmarsden> Ok, no problem :)
#ubuntu-server 2010-08-16
 * funkyHat jumps on tucemiux 
<tucemiux> greetings funkyHat
<tucemiux> I guess the place to start is the server guide
<funkyHat> tucemiux: I would tend to start by just having a go, and then look up a guide when you don't know how to do something
<funkyHat> But the server guide is probably good too â¢)
<tucemiux> funkyHat, nowadays I have a machine that is strictly a server, I installed ESXi on it, slapped ubuntu server on top of it, and migrated to the ssh server that I configured
<tucemiux> funkyHat, is it a good idea to have a server to just serve web pages?
<funkyHat> tucemiux: I can't really answer that question without some more information :/
<tucemiux> well basically, im wondering if it might be a security risk to host a web server on the server that also has all my files
<tucemiux> files meaning user data, as in hilton videos
<funkyHat> Well of course everything has some risk, but I think as long as you're sensible you shouldn't have much trouble
<funkyHat> Firstly web servers run as the user www-data, so an attacker can only see what that user can see if they do manage to gain some kind of control
<funkyHat> Things like php (or any other server side scripting) increase the risk over just serving static files
<funkyHat> But if you've already got ESXi running, why not create a separate VM for your web server if you're concerned?
<tucemiux> funkyHat, i wont be doing anything serious with that web server, maybe just serve static stale data, nothing fancy
<tucemiux> yes, I was thinking about creating another server just for web serving, how much hard drive space you think I should commit to a web server?  Like 40 gigs?
<funkyHat> tucemiux: again I have no idea, depends what you're going to be serving. I have a production server which hosts several client's sites which only has 16GB storage
<funkyHat> *clients'
<tucemiux> funkyHat, ill probably serve just my blog, my cheat sheets, stuff like that, any file that's big I would most likely use other sites, like youtube to share my videos
<tucemiux> i wonder if it's difficult to configure an ldap server to use for authentication?
<funkyHat> tucemiux: I've not done it, but I have shell accounts on a couple of servers that use LDAP for auth, so it's certainly possible â¢)
<tucemiux> funkyHat, basically I want to be able to configure a username and a password and any machine that attaches to my network will use the server to authenticate
<funkyHat> tucemiux: I think you would have to configure each computer to use your directory server, but that should be possible, yes
<tucemiux> funkyHat, exactly, you set up the username and password then you configure the machine, this way I dont have to worry about adding user accounts every time I reimage my machines
<funkyHat> tucemiux: This might be useful https://help.ubuntu.com/community/LDAPClientAuthentication
<funkyHat> Although possibly outdated...
<tucemiux> funkyHat, configuring the client shouldnt be too bad, configuring the ldap server is a b@#h!, im basically trying to nail down a nail with a sledgehammer
<tucemiux> funkyHat, i guess im going to have to wait until someone who has done before logs in, that documentation is overkill for what I want to do
<tucemiux> funkyHat, that's over kill!! LoL  I guess I'll take a look into that later on tonight, I'm going to head back home and install that ubuntu web server
<funkyHat> tucemiux: http://www.howtoforge.com/linux_ldap_authentication looks like it might be useful, though it isn't Ubuntu specific, and I haven't really looked at it in detail
<tucemiux> openssh-client is installed on the client machines, right?  Not on the server themselves?
<Pici> It wouldn't hurt to install it on your server.
<Pici> I have it installed on all of mine, as I regularly ssh from them to other things.
<funkyHat> It's installed everywhere by default
<tucemiux> Pici, I was just wondering if the client packages installed more than just the command line ssh, I was going to do that on my laptop, actually
<tucemiux> ok well its kinda cold in this starbucks, im going to go home and finish what I started, ill be back later on tonight, hopefully
<|rt|> I'm playing with the alpha version of 10.10 server anyone know how to setup btrfs multidisk pool in the installer?
<|rt|> I could set that up with another live cd then try to install on it
<ryanakca> ScottK: The Kolab server will have to wait until tomorrow, yesterday's live CD doesn't boot and for some reason, no LiveCD was built today. Hopefully there will be a working live CD tomorrow.
<robertpayne> Directories should only need chmod 644 for a webserver to serve static content from them no?
<jmarsden> robertpayne: Directories should probably be 755, files in them 644.
<robertpayne> jmarsden: ok.. script files 755 as well?
<robertpayne> jmarsden: I thought directories could be lower.. why does the server need execute access for them?
<jmarsden> Yes, that's conventional.
<jmarsden> "execute" on a directory means something else -- search permission.    man 2 chmod
<robertpayne> jmarsden: ahh.. thanks :) Is there any easy way to recursively set just directories to 755 without modifying files?
<robertpayne> nvm.. find . -type d -exec chmod 755 {} \;
<jmarsden> Yes, something like chmod ugo+X /path.to.directory
<jmarsden> Well, you can do that too.
<robertpayne> I guess I mean subdirectories etc..
<jmarsden> chmod -R ugo+X /path.to.directory
<robertpayne> wont that hit files as well?
<jmarsden> man chmod and look at the difference between +x and +X :)
<robertpayne> doh
<robertpayne> sweet all fixed up :)
<robertpayne> over past three weeks went from knowing pretty much nothing about full sys admin to running my own box completely without a control panel.. been fun
<ScottK> ryanakca: OK.  Thanks for the update.
<chrislabeard> What is the best way to allow my server to send emails ?
<twb> Install and configure an MTA
<chrislabeard> mta
<chrislabeard> like postfix
<chrislabeard> I don't have a mail server do i need to set this up as well
<twb> That depends what you mean by "mail server", but: probably not.
<chrislabeard> well it says system mail name
<chrislabeard> just make something up?
<twb> Er, no.
<chrislabeard> that is one of the things that confuses me
<twb> You should read the Ubuntu Server Guide, if you haven't already.
<twb> A host's mailname is typically the same as its FQDN.
<chrislabeard> right which is wwmcd.org
<twb> For a satellite MTA, it doesn't really matter.
<chrislabeard> Yeah its going to serve all my drupal and wordpress installs
<chrislabeard> How can I check to see if postfix it working
<twb> Send an email?
<chrislabeard> is there anyway to test it form the potfix prompt
<chrislabeard> postfix**
<twb> What is a postfix prompt?
<chrislabeard> when you telnet into it
<chrislabeard> or something
<twb> Well, yes, if you connect to the submission or smtp port, you could talk SMTP to it.
<robertpayne> chrislabeard: are you testing simple SMTP or TLS etc?
<chrislabeard> uhhh
<robertpayne> chrislabeard: http://flurdy.com/docs/postfix/edition10.html#test-postfix-receive
<robertpayne> right below it is can postfix send
<robertpayne> if it works inside the box then hook it up to a mail client like thunderbird and tail -f /var/log/mail.log
<robertpayne> chrislabeard: of course you have to be running a pop3/imap mail server as well postfix is only a MTA
<chrislabeard> Oh well than maybe I should use simple SMTP
<chrislabeard> since all I want is the server to send me messages
<robertpayne> chrislabeard: yeah then just need postfix and telnet localhost 25
<robertpayne> chrislabeard: follow the can postfix send on http://flurdy.com/docs/postfix/edition10.html#test-postfix-receive
<robertpayne> to test
<chrislabeard> anytime I try to to RCPT TO: it says Relay Access Denied
<twb> That's because it's not an open relay and you're connecting on a non-lo interface.
<robertpayne> means you configured it wrong
<twb> Or you configured it wrong, yeah
<chrislabeard> hmmm k
<robertpayne> chrislsbeard: you need to open the relay and then block port 25/587 etc.. do NOT run an open relay
<twb> If you're just operating a satellite site that sends mail to a smarthost and doesn't receive mail directly, you should be able to configure postfix correctly from the debconf prompts.
<chrislabeard> okay
<twb> I certainly would not "open the relay" even if there was a firewall there.
<chrislabeard> k
<chrislabeard> I reconfigured it
<chrislabeard> hmm I wonder if its because I'm using EHCP
<robertpayne> twb: I should say he should set it to be an open relay from localhost
<twb> It should be that way by default
<robertpayne> twb: yea not sure what happened on his
<chrislabeard> I still can't get it to work, Its all good its just a test server
<chrislabeard> Don't really need it to send email
<twb> All servers should be able to send mail, if only for cron and atd
<twb> And smartctl and mdadm resync notifications and logcheck...
<ball> twb: local mail at least, not necessarily mail to/from the outside world
<twb> ball: right.
<ball> What does "plymouth" do?
<twb> ball: annoys me
<twb> Particularly since you can't remove it and can't tell it not to run
<ball> What is its intended purpose?
<twb> (Booting without "splash", it'll still run and hijack the vt7, then display a faux console on it.)
<twb> ball: it's purpose is to provide a more seamless boot sequence to desktop users (than usplash)
 * ball finds splash screens a bit odd.
<twb> Although canonical people have assured me "it's not just splash" and "they don't want to have the plymouth argument again", I still don't get it.
<ball> Wierd.
<ball> Something else that's wierd: I just rebooted an Ubuntu Server box that I was able to connect to using ssh.  Now I can't.
<ball> I added a hard disk, but that's on a second channel and wasn't booted, so I'm not sure what's wrong.
<twb> ball: did it boot normally?
<ball> twb: seemed to.
<ball> ...just can't ssh to it.
<ball> hello chilicuil
<ball> I'll try rebooting, just in case.
<twb> So it's in runlevel 2?
<twb> It wouldn't surprise me if it got confused and stuck in S
<ball> Seems to have booted this time.
<robertpayne> is there any reason usermod -G grouptoremovefrom username wouldn't remove the user from the specified group?
<robertpayne> oh nevermind a bit of a noob reading man pages now
<twb> Suggest delgroup, not the low-level usermode.
<twb> Er, deluser --group
<robertpayne> twb: thanks.. I locked myself out of ssh by accidentially adding my sudo user to sftp group that is chrooted
<xampart_> what does "<defunct>" mean when i do "ps aux"
<xampart_> nevermind
<IRConan> hi there... can anyone give me definitive information about the differences between -virtual and -ec2 kernel versions? specifically do they both support use in a Xen domU? and if so are either recommended over the other?
<twb> IRConan: diff the /boot/config-* files of both
<soren> I'm afraid there's more to it than that.
<soren> linux-ec2 is built from a different source package.
<soren> (at least in Lucid and before)
<soren> IRConan: -virtual is the same as -server, only with a bunch of modules surgically removed from the binary package.
<soren> IRConan: It supports pvops, so it can run as a Xen domU as well as in KVM or on real hardware.
<soren> IRConan: -ec2 only works as a domU and you should only need it if you're running on ancient versions of Xen.
<robertpayne> Is there anywhere you can find a list of how a package was compiled? I'm looking to compile/install php5.3.3 but was curious if there's a way to see how php5.3.2 was compiled so I can make it as compatible as possible
<Jordan_U> robertpayne: apt-get source to grab the source package.
<joschi> robertpayne: sure. get the source package
<robertpayne> joschi: jordan_U: awesome thanks :) should help a lot
<Jordan_U> robertpayne: You're welcome.
<robertpayne> php 5.3.3 is scheduled for 10.10 but I kinda want it for the ease of nginx integration
<robertpayne> joschi, jordan_U: technically if I downloaded the source package for php5 from the macerick I could compile it from there?
<Jordan_U> robertpayne: Yes.
<Jordan_U> !prevu | robertpayne
<ubottu> robertpayne: prevu is an automated, personal backporting utility. Check out https://wiki.ubuntu.com/Prevu for more details
<robertpayne> Jordan_U: sweet. have to get all the dependencies myself but will be much easier than setting up the configuration file myself etc..
<soren> robertpayne: Just do apt-get build-dep php5
<soren> robertpayne: That installs all the build dependencies.
<robertpayne> soren: sounds good but if I'm running 10.04 and it made 10.10 it could fail..
<soren> If you add a deb-src line for maverick to your sources.list and do "apt-get build-dep", it'll grab the build dependencies of php5 in maverick.
<robertpayne> soren: but will it compile them or grab the binaries? You can't be sure the binaries are compatible?
<robertpayne> Jordan_U: prevu looks good, but it wants to install a ton of other things along with it not sure I really up for that
<robertpayne> soren: should I add the maverick sources above or below the lucid ones? Not sure how apt-get resolves which ones to grab
<soren> robertpayne: It'll grab the binaries from lucid.
<soren> robertpayne: ...but get the list of them from maverick.
<robertpayne> soren: ahh yes ok awesome
<soren> robertpayne: the order of the lines in sources.list does not affect the choice of version.
<soren> robertpayne: It only affects the order of preference for mirrors and such.
<robertpayne> soren: ok I see.. also I'm a bit naive here.. the source package ./configure still requires you to setup all the options correct? It doesn't automatically set all the options/patches the binary dist uses?
<soren> robertpayne: Depends on how you use it.
<soren> robertpayne: PAckage builds in ubuntu are fully automated.
<robertpayne> soren: I'd like to grab the 5.3.3 source from maverick and automatically build it using ubuntu's settings I don't need any custom ones
<soren> robertpayne: If you call it like "dpkg-buildpackage -rfakeroot -b" it'll do whatever the proper ubuntu builds do.
<robertpayne> soren: ok awesome!!
<robertpayne> soren: they just need to backport php 5.3.3 to 10.04
<soren> Why?
<robertpayne> soren: it includes FPM which makes working with nginx + php a lot easier and stable
<robertpayne> php-fpm*
<soren> Are you implying that php for the first time in history has made a release that doesn't have any regressions at all compared to the previous version?
<robertpayne> soren: oh probably not.. to be honest I'm sure there's some issues I'll find out...
<soren> Maybe you won't. Maybe it's just some small thing that only affects very few users.
<robertpayne> soren: True it's a small dot release too that enabled it 5.3.2 to 5.3.3
<soren> That's the thing, really. Ubuntu feels it's better to ensure that stuff that worked yesterday also works tomorrow than making stuff that didn't work yesterday work tomorrow.
<soren> People are depending on stability.
<robertpayne> soren: That is true.. stability is really key
<soren> Exactly. Much more important than adding any new feature.
<soren> during development (like in Maverick right now) everything is fair game. People know that they're using a moving target. Once stuff is released, they should be able to rely on it for production use.
<robertpayne> soren: ok one last q if you don't mind to use dpkg-buildpackage do I have to have the source package downloaded or will it fetch it?
<soren> robertpayne: You need the source package.
<robertpayne> soren: yup figured that out :) it's building right now..
<robertpayne> soren: I think the php5 source literally builds an entire lamp stack.. or at least the build-dep required it
<soren> robertpayne: I don't know what you mean. It builds neither Linux, Apache or MySQL. It only builds PHP, which seems perfectly reasonable for a php package to me.
<robertpayne> soren: doing apt-get build-dep php5 requires a ton of stuff from mysql/apache etc..
<soren> robertpayne: Sure.
<robertpayne> soren: I'm not sure why :S
<soren> robertpayne: It needs MySQL librarires and development headers to build php5-mysql. It needs apache headers and stuff to build libapache5-mod-php5.
<soren> libapache2-mod-php5, I mean.
<soren> you know... The usual reasons for needing build-dependencies.
<robertpayne> soren: ah yes.. I understood those but it also was requiring apache2.2-bin
<soren> robertpayne: Not sure why it would need that.
<robertpayne> soren: yea I'm not sure kinda sucks I don't want apache at all.. not even mod-php
<robertpayne> http://packages.ubuntu.com/lucid/php5 says it only requires php5-cgi OR libapache2
<soren> robertpayne: Well, you did ask for a build identical to the one in Ubuntu.
<robertpayne> soren: yes
<soren> Those are runtime dependencies.
<soren> Not build-dependencies. They're not strictly orthogonal, but almost.
<robertpayne> soren: I see hmm I may have to dig deeper into how it runs the ./configure and build process for php5
<soren> ...or take another look at prevu.
<robertpayne> I wasn't quite sure what prevu does it looks like it's for backports? thought backports were for previous version binaries
<soren> No, future.
<soren> You're taking something from .e.g maverick and putting it into Lucid, which is older than Maverick. Hence, backport.
<IRConan> soren: what is an ancient version of Xen?
<soren> It does all the same stuff you did above, only automatic, and in a chroot, so you don't end up with all the build-dependencies installed on your system after you're done.
<IRConan> my host is debian lenny so compared to ubuntu is would be considered ancient
<robertpayne> soren: oh very nice
<soren> IRConan: Which version of Xen do you havE?
<IRConan> 3.2.1
<soren> IRConan: That's fine.
<IRConan> so I should use -virtual ? and that will do paravirt?
<soren> IRConan: Yup.
<IRConan> cool
<soren> It'll detect at boot time that it's running under PV Xen and Do The Right Thing[tm].
<IRConan> cool
<IRConan> you can tell based on what it calls the disks ofc
<IRConan> if they're sd* it's para if they're xvd* it's HVM
<soren> Don't count on that.
 * soren lunches
<robertpayne> soren: btw thanks a ton for helping me out with this - can't say how much I appreciate
<robertpayne> soren: http://pastie.org/1095318 definitely can't just compile php from the ubuntu source package using dpkg it loads in all the apache and mysql stuff for all the modules
<soren> robertpayne: Sorry, what?
<robertpayne> soren: it looks like the php package builds a bunch of modules for apache by default it's a shame it doesn't just build php and let the modules be a seperate package install
<soren> robertpayne: They are separate package installs.
<soren> robertpayne: They're just built from the same source package.
<robertpayne> soren: I see but is there a way to exclude them from building from the source package?
<xampart> getting http://pastebin.com/WQ8xLSwH when trying to lvcreate and system hangs. using 2.6.32-24-server. need fix.
<soren> I don't mean to be rude, but srsly... This isn't gentoo. We have one build from one source package, we build a stack of different binary packages, and people can use whichever ones of those they please.
<robertpayne> soren: no worries none taken at all I totally understand
<soren> Some packages may make it simple to only build a subset of the binary packages, but generally, they don't.
<soren> php5 might. I don't know.
<soren> But really, it doesn't matter.
<soren> You're just building it once.
<soren> If there are some of the binaries you don't need, don't install them.
<rnewson> does anyone know if there's a netboot.tar.gz for the server install like there is for desktop (and Debian)?
<soren> xampart: That looks like a kernel bug. Perhaps you can try in #ubuntu-kernel?
<soren> rnewson: Just use the desktop one and don't install the desktop bits?
<xampart> soren: ok, i try there then.
<rnewson> soren: the server install has different boot options. I guess I can unpack the iso and read the menu.cfg's. thanks.
<soren> rnewson: What iso?
<rnewson> soren: the server iso. it's the boot menu options I need to get hold off. I thought there was more of a difference between server and desktop that just package selection, but I'm happy to be wrong.
<soren> Nah, it's just the kernel and the task set.
<rnewson> yep. and now I mount the iso I see the fileset I was after too. :)
<rnewson> fancied converting some of my lab machines to UEC, but didn't fancy moving a CD around the server room (especially as it's 3000 miles away).
<soren> slacker
<soren> :p
<eagles0513875> hey guys
<eagles0513875> how can i create a raid mirror array
<eagles0513875> i have a workstation ive converted into a server and just installed 2 identical hdds of 2tb
<pmatulis> eagles0513875: use the installer?
<eagles0513875> ?
<eagles0513875> what do you mean use the installer pmatulis
<pmatulis> eagles0513875: create the array during installation - you havn't provided much detail, so i'm giving you the standard method
<eagles0513875> at what point do i do that though
<eagles0513875> im not that far into the installation process
<eagles0513875> if i dont do it there can i do it via command line once the server is online?
<pmatulis> eagles0513875: during partitioning
<eagles0513875> ok
<pmatulis> eagles0513875: yes, provided you don't try to touch active partitions
<eagles0513875> so you recommend the best and safest way is to do it during partitioning
<pmatulis> eagles0513875: this is the standard yes.  and it's the only way if you intend to put system files on the array
<sanderj> Hi.. Anyone know how to install uec on one machine instead of two as normal?
<eagles0513875> pmatulis: thanks
<eagles0513875> pmatulis: which option do i choose guided use entire disk then 2nd option is with lvm and 3rd is same as 2nd but encrypted lvm
<pmatulis> eagles0513875: there should be a 'manual' option in there somewhere
<eagles0513875> pmatulis: there isnt there is when i click manual it says configure iscsi volumes
<eagles0513875> pmatulis: figured it out
<pmatulis> eagles0513875: what was it?
<eagles0513875> have to create an empty partition table on the device
<eagles0513875> these are brand new drives
<eagles0513875> pmatulis: then once the machine is online how can i check and verify the raid array ?
<xampart> cat /proc/mdstat
<pmatulis> eagles0513875: short answer: mdadm
<eagles0513875> thanks pmatulis
<eagles0513875> pmatulis: i have 2x2tb hdds is raid 1 a good choice?
<eagles0513875> or should i go with something along the lines of raid0
<pmatulis> eagles0513875: it depends what you're after
<eagles0513875> i know the problem with raid1 if one drive goes everything is gone
<eagles0513875> would i be able to rebuild the array?
<_ruben> that's with raid0 (losing all when 1 fails)
<_ruben> raid1 can be rebuilt
<_ruben> 0=stripe, 1=mirror
<eagles0513875> _ruben: ok so if i loose one with mirrored array
<eagles0513875> im fine
<eagles0513875> :)
<eagles0513875> what strikes me as odd on ubuntu server is why it asks for how many spare drives you have
<dom_dom> hello! im having problem with installing ubuntu server on ibm x3550. i know its certified to work with it, but when it comes to driver selection none woks. any suggestions?
<pmatulis> eagles0513875: you can have a spare so rebuild process is smoother
<eagles0513875> what if i dont have a spare one pmatulis
<pmatulis> eagles0513875: then you'll need to physically put one in when you need it
<eagles0513875> ok
<dom_dom> \j #ubuntu-pl
<eagles0513875> dom_dom: its /
<dom_dom> eagles0513875: i know:P, how would i get here :) maybe you can help me with my problem ?
<eagles0513875> dom_dom: exactly what drivers are you having an issue with. its funny i have an ibm x server and it has given me no problems with drivers
<dom_dom> eagles0513875: megaraid_sas
<uvirtbot> New bug: #618633 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.1 failed to remove: subprocess installed post-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/618633
<eagles0513875> dom_dom: i dunno but mine is a simple x server
<eagles0513875> non swap and it has onboard raid
<uvirtbot> New bug: #618632 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/618632
<dom_dom> eagles0513875: never had to use raid so i'd appreciate any help :) but i think that i'll have to ask later
<eagles0513875> dom_dom: im learning how to setup raid as we speak lol
<eagles0513875> software raid on a machine here at work lol
<dom_dom> eagles0513875: that's funny :) i think i need a break. maybe then something will come to my mind
<eagles0513875> dom_dom: lol google
<eagles0513875> pmatulis: strange i created my array but for some reason i dont have a root partition anymore :(
<dom_dom> eagles0513875: propably :)
<zul> morning
<eagles0513875> _ruben: you still here im confused about something
<eagles0513875> !raid | eagles0513875
<ubottu> eagles0513875, please see my private message
<zul> jdstrand: what are those two mysql bugs you wanted me to fix?
<jdstrand> zul: that is an overstatement. I wanted you to consider (and if rejecting, commenting why) points 2 and 3 in comment #1 of bug 578922
<uvirtbot> Launchpad bug 578922 in apparmor "mysql configuration should be adjusted to help prevent against chained attacks against LAMP stack" [Medium,Fix released] https://launchpad.net/bugs/578922
<jdstrand> zul: my thoughts were otoh without regard to what might break.
<jdstrand> zul: you'd want to read the whole bug for context of course
<eagles0513875> is there any good apparmor documentation?
<zul> of course
<uvirtbot> New bug: #618640 in samba (main) "samba doesn't share subfolders" [Undecided,New] https://launchpad.net/bugs/618640
<jdstrand> eagles0513875: sure. see https://wiki.ubuntu.com/AppArmor, especially the bottom for more info
<jdstrand> zul: thanks! :)
<eagles0513875> jdstrand: no , at the end there hehe
<zul> jdstrand: about the /tmp stuff see 375371
<eagles0513875> jdstrand: is anyone doing app aromor documentation on the wiki for lucid
<jdstrand> zul: oh cool
<hggdh> kirkland: there (and good morning)?
<zul> hey hggdh
<jdstrand> eagles0513875: https://help.ubuntu.com/10.04/serverguide/C/apparmor.html
<hggdh> morning zul
<jdstrand> eagles0513875: the wiki page I pointed to just hadn't been updated. I'll update it
<eagles0513875> ok thought i was goign nuts for a sec
<jdstrand> eagles0513875: k, I updated it
<eagles0513875> thanks
<jdstrand> zul: k-- I'll point that bug at 375371
<eagles0513875> jdstrand: raid question for you when i select the partitions i want to use in the raid array on both drive it wont let me continue it goes back and has me choose the partitions
<eagles0513875> wait hold on
<eagles0513875> this makes no sense im trying to choose which partitions i want in the raid array
<eagles0513875> they are my ext4 partition and swap partition and i am choosing them on both drive and its not eletting me continue :(
<eagles0513875> nm i got it
<Jinxed-> If I wanted to record a webcams attached to my network, be able to view them live from the network, and be able to store a buffer of a few hours for each camera, what would be the best way to do this with ubuntu?
<zul> hggdh: can you look at #617982 a quick sec?
<zoopster> ubottu is slacking today! it didn't pick up bug 617982
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<uvirtbot> Launchpad bug 617982 in eucalyptus "package eucalyptus-cloud 1.6.2-0ubuntu30.3 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/617982
<hggdh> bug 617982
<uvirtbot> Launchpad bug 617982 in eucalyptus "package eucalyptus-cloud 1.6.2-0ubuntu30.3 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/617982
<hggdh> zul: looking
<zul> hggdh: thanks
<hggdh> zul: done
<zul> thanks
<hggdh> smoser: good mornig, are you genning an UEC image for 10.04.1?
<smoser> no.
<smoser> do you care to know why ?
<hggdh> smoser: can I use the 20100813 one?
<smoser> for testing ?
<hggdh> smoser: yes, I do care to ;-)
<hggdh> yes
<smoser> if you're just testing "does it boot", i'd suggest trying with 20100813, and then if you see anything you dont like falling back to released.
<smoser> the reasons are
<smoser> bug 605079 and bug 574910
<uvirtbot> Launchpad bug 605079 in landscape-client "Landscape Client should accept SSL CA certificates in the user data" [High,Confirmed] https://launchpad.net/bugs/605079
<uvirtbot> Launchpad bug 574910 in linux-ec2 "High load averages on Lucid while idling" [Undecided,In progress] https://launchpad.net/bugs/574910
<smoser> landscape considers the first a "must fix", and that will be ready as soon as -proposed is re-opened and the 1 week wait passes.
<smoser> the kernel issue we want fixed too.... jjohansen is working on it.
<smoser> i dont see a lot of reason in releasing something since i want to relesae *very* soon after that.
<smoser> also would really like to have bug 613309 in a refresh (which, is also just waiting to get into -proposed)
<uvirtbot> Launchpad bug 613309 in cloud-init "cloud-run-user-script.conf upstart script needs to run after all other cloud-init processes" [High,In progress] https://launchpad.net/bugs/613309
<kaushal> hi
<kaushal> can some one please guide me regarding http://paste.ubuntu.com/478876/ ?
<kaushal> I am on Ubuntu Server 8.04
<hggdh> smoser: ack, makes sense
<kaushal> i followed the suggestion as mentioned here ---> https://answers.launchpad.net/ubuntu/+source/dpkg/+question/50778
<kaushal> but it didnot work for me
<kaushal> checking in again for my query ?
<sherr> kaushal: looks like this bug : https://bugs.launchpad.net/ubuntu/+source/collectd/+bug/297288
<uvirtbot> Launchpad bug 297288 in dpkg "E: Sub-process /usr/bin/dpkg returned an error code (1)" [Undecided,Invalid]
<kaushal> sherr, have already tried out the suggestion referred by that bug
<kaushal> did not worked for me atleast
<kaushal> https://lists.ubuntu.com/archives/ubuntu-server/2010-August/004541.html
<kaushal> sherr, any further suggestion ?
<soren> jdstrand: Now that sudoers has a sudoers.d, would you consider that a proper way to let an application do stuff as root or is there any reason to use a rootwrap thingamajig?
<soren> jdstrand: Of course assuming that it doesn't just do "whatever ALL=(ALL) NOPASSWD: ALL", but actually enumerates the specific commands it needs to run as root?
<DaveWM> hi,  i'm running apache2 with userdir mod enabled,  if users have their own domain setup to resolve to my servers ip,  how do i get apache to point it to their public_html or ~username site ?
<sherr> kaushal: it's an init script that fails? Maybe try debugging that - run the startup command yourself, see if there are any helpful options, debug or logging options?
<kaushal> sherr, if you can give some hint regarding that init script ?
<uvirtbot> New bug: #618715 in openldap (main) "ldapsearch ignores TLS_CACERT from /etc/ldap/ldap.conf but gladly reads ~/.ldapcert.pem" [Undecided,New] https://launchpad.net/bugs/618715
<jdstrand> soren: I think that a properly enumerated sudoers file is just fine, assuming it is an otherwise non-privileged user and the commands that are given sudo access don't have a way to break out into shell (classic example, vim)
<jdstrand> soren: it isn't as portable, and is potentially more difficult to maintain, but that is up to the developer.
<soren> jdstrand: Cool. Thanks.
<sherr> kaushal: sorry, I don't have collectd myself. But try running whatever the init script runs interactively i.e. in an xterm yourself. Maybe it logs a useful error message? Or maybe the command has useful debug or logging options (see man page). Good luck.
<uvirtbot> New bug: #618722 in mysql-dfsg-5.1 (main) "package mysql-server-core-5.1 5.1.41-3ubuntu12.6 failed to install/upgrade: s'ha produÃ¯t un error en escriure a Â«<standard output>Â»: No such file or directory" [Undecided,New] https://launchpad.net/bugs/618722
<zul> SpamapS: lemme know when you are around
<kees> soren: yeah, I'd agree with jdstrand. the thing I wrote for euca was basically just a stop-gap to help them get to using specific sudo rules and more careful wrapper scripts.
<kees> soren: all priv-escalation tools should be carefully examined, but I think it makes sense to attempt to use sudo so as to not reinvent the wheel, etc.
<soren> kees: Yeah, sudo's probably pretty solid by now :)
 * kees just realized his terrible pun regarding "wheel"
<ssureshot> when I run top I get this on the processor line.. Cpu(s):  1.7%us,  0.3%sy,  0.0%ni, 97.4%id,... what is the 97.4%id pertain too?
 * jdstrand just got the pun
 * jdstrand likes it :)
<soren> kees: Heh :)
<kees> heh
<kees> ssureshot: "Idle"
<ssureshot> ah thank you
<smoser> hggdh, have you tested at all ? just curious.
<sbeattie> soren: the other thing to consider is that the tools allowed in /etc/sudoers.d/ ought to be somewhat self-contained and that you can consider adding an apparmor profile for whatever the sudo target is to protect against any overlooked routes to a shell.
<soren> sbeattie: apparmour profile is a good idea. I'll also try to be very specific about the arguments the application can pass to the individual commands.
<mdeslaur> soren: the only thing that's not so nice about using sudo, is the application _stays_ as root, without being able to drop the privileges it doesn't need. Are you using that for a _helper_, or for the whole app?
<tucemiux> what is LVM?  I'm going to install a server on ESXi -- virtually -- I just want to know what the LVM option will do?  I gave 40 gigs of space to ubuntu server
<hggdh> smoser: running 20100813, no problems so far
<smoser> k. good.
<tucemiux> dawnn, how long does it take for the ubuntu server OS itself to install????
<pmatulis> tucemiux: not long
<jpds> tucemiux: Time is an illusion, lunch time, doubly so.
<tucemiux> jpds, well excuse me if Im mistaken but it took me like 10 minutes to install just the OS itself without adding any packages
<jpds> Sounds about right.
<tucemiux> incredible!
<tucemiux> ok so if I have a stable system running and I want to update it just : sudo apt-get update  ???  I dont need anything else like apt-get dist-upgrade
<delimiter> I'm wondering why -proposed isn't listed for search/browse @ http://packages.ubuntu.com/
<jiboumans> smoser: sweetness on the cloud-images-sans-cloud spec :)
<smoser> thank... i'm hoping if openstack guest doesn't "just work" that it shouldn't be much work.
<racquad> hi guys, does anyone knows where can I find a good tutorial about headless installation of a ubuntu server?
<hallyn> racquad: I don't know of a good tutorial, but have done it two ways - (1) hacked the install cd to work over serial (does not work out of the box, but 2-3 minor changes and it works)  2) (my preference) from another already installed debian, did a debootstrap
<racquad> hallyn, 1) unfortunatly I don't have a serial. 2) maybe I can try that one. Any tutorial? Some have advised me to make a  pre-install on another computer than plug the HD in my headless device. Others,  using a customized installation with a script
<hallyn> what do you have on the machine to start with?
<hallyn> racquad: if you don't have serial, there must be an ssh you can ssh into, and that's how you want to do it?
<hggdh> folks, we need tests on the 10.04.1 server ISO -- please see http://iso.qa.ubuntu.com/qatracker
<AndyGraybeal> hi everyone, i need to disable 'screen locking' for all my users.  currently it locks when they are 'idle'.. is there a setting i can change without having to be around when they log in and ask them to change the setting?
<hallyn> hggdh: thx, noted
<uvirtbot> New bug: #618772 in apache2 (main) "package apache2.2-common 2.2.14-5ubuntu8 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/618772
<hggdh> hallyn: tahnk YOU :-)
<hallyn> AndyGraybeal: perhaps 'gconftool-2 -s /apps/gnome-screensaver/lock_enabled false' or somesuch
<hallyn> (run as their user)
<hallyn> not sure of the exact command, nor what you actually want
<AndyGraybeal> ah thank you hallyn, (run as their user is the key.. i missed that)
<uvirtbot> New bug: #618775 in openssh (main) "package openssh-server (not installed) failed to install/upgrade: subprocess new pre-installation script killed by signal (Aborted)" [Undecided,New] https://launchpad.net/bugs/618775
<hallyn> cool, np
<tschundeee> I compiled my own nginx server.. how do I make it run as a www user for example?
<tschundeee> I think it runs as root when it is simply added to /etc/init.d/
<racquad> hallyn, yes. I need an SSH connection. But I have read that somehow I could do a remote boot (via PXE, maybe) and then a chroot from another computer (with keyboard and screen) and then continue the installation from this second computer
<racquad> once installed the base system, I could reboot the headless device and continue the fine tunning from a SSH connection
<Ununtu-install> Hello
<Ununtu-install> hi
<tschundeee> found it /opt/nginx/nginx.conf and there you can set the user for the worker processes
<tschundeee> :)
<Ununtu-install> how can I get help from this channel?
<AndyGraybeal> is there a way to completely disable screen locking?
<AndyGraybeal> also is there a way to auto-log out after a certain time of idle
<lenios> Ununtu-install, just ask your question
<tucemiux> so if I want to install a web server for my own personal use, all I have to do is: sudo apt-get install apache2 -- and the server will be installed?  I could then access the server using the ip of the server?
<zul> tucemiux: yes
<tucemiux> zul, nice!  Let me try it right now on the ubuntu server I just cooked up on my ESXi box :-)
<tucemiux> zul, im going to open a port in my router, can you please help me test it?? o_O
<zul> tucemiux: i cant right now...im too busy with things right now
<tucemiux> zul, ok thanks anyway, it's working locally so all is good
<lenios> tucemiux, you can test it using public ip
<tucemiux> lenios, no, i mean it already works locally, I wanted to create a port on my router then have someone try to view my web page
<lenios> i can try if you want
<lenios> but that would only test router, not the web server
<tucemiux> lenios, I already tested the server locally, I can reach it locally, what's the path to "Index.html"? o_O
<lenios> http://IP/index.html
<asanir22> I'm trying to install ubuntu 10.04 server on an old 32 bit system(CPU celeron 1.7 256 MB Ram), during the installation(Base system installation) i get error on "linux-generic-pae"  kernel component and fails to install, any ideas?
<patdk-wk> asanir22, try with the linux-generic, instead of pae?
<panfist> i'm trying to use apt-mirror to create a repo and serve packages on my network, but my server doesn't have enough space to hold all the packages...how can i direct apt-mirror to download the packages to external storage?
<asanir22> no, I don't know how?
<tucemiux> lenios, i mean, how do you edit index.html ?
<asanir22> patdk-wk, should I try with linux-generic?
<patdk-wk> I would
<patdk-wk> how to install it from the installer, I don't know
<lenios> tucemiux, /var/www/ ?
<patdk-wk> I do know if you do a net-install it uses linux-generic
<patdk-wk> and if you want something different, you have to do it yourself
<jiboumans> team, mathias will be online a bit later today, he just sent me an sms
<asanir22> I don't have any Idea how I could do that, I've just got the x86 iso installer and failed several times installing
<tucemiux> lenios, can you tell me the magic word:  http://elsitio.mine.nu:1110
<patdk-wk> asanir, heh, not sure how to say it simple :)
<patdk-wk> asanir22, give the alternate install iso a shot
<patdk-wk> I personally have a large pxe server setup, with like all ubuntu installations selectable from a menu, it's easy to do
<patdk-wk> but not so esay to setup pxe and tftp and dhcp to make it all work, at first
<asanir22> whare i can find alternate install iso?
<patdk-wk> on the website
<lenios> katapuff!
<zul> SpamapS: did you do the php SRU for the 64bit problem?
<tucemiux> lenios, so it works then, excellent, thank you very much sir !
<asanir22> join #ubuntu
<SpamapS> zul: it is Declined for Lucid so I can't propose it..
<seicherlbob> hi there! I'm having troubles with my new lucid server. I copied all data from my old debian lenny server on 2 sata drives (a software-raid). now when i attach one of them to my new system, the bootscreen only shows "fsck from util-linux-ng 2.17.2 \n /dev/sda1: clean, X/Y fiels, A/B blocks" and does nothing (for minutes now). I can switch to the other ttys, but they are blank. When i do Ctrl+Alt+Del it shutsdown gracefully and reboots to the same
<seicherlbob>  screen, so it is not hanging. plz, i need help! BTW: the hdds where installed as IDE on the old server, now i use AHCI (if that matters).
 * asanir22 discovering channel
<zul> SpamapS: wtf?
<seicherlbob> i can even already ping it, but ssh is not running, nor DHCP or other stuff.
<panfist> would i be out of line asking this: why does ubuntu choose not to include nfs packages by default?
<seicherlbob> ok, it seems that, if you have a softwareraid configured with device-names and you attach a new drive, (even if you use higher sata-ports), the device-order gets changed, so the raid cannot start up. But this message is missing on the boot-prompt.  I just started hitting any keys. when i pressed "S", the raid initialization was skipped. Why is the message from mdadm not showing on the boot-screen?
<zul> SpamapS: bug number again?
<SpamapS> bug 564920
<uvirtbot> Launchpad bug 564920 in php5 "PHP5 under Apache2 on 64 bit system is not completely 64 bit " [Low,Fix released] https://launchpad.net/bugs/564920
<Wyleyrabbit_> can anyone point me to a guide or howto on how to upgrade a driver on ubuntu server?
<Wyleyrabbit_> specifically, I would like to upgrade the megaraid_sas driver that comes with Ubuntu Server 10.04 LTS, it's pretty old.
<seicherlbob> can i define the devices of a soft-raid (mdadm) by UUID aswell?
<soren> mdeslaur: Oh, just a helper. Well, a bunch of helpers.
<mdeslaur> soren: ah, ok. sounds fine then
<pmatulis> zul, SpamapS: declined?
<SpamapS> seicherlbob: mdadm writes UUID's to the devices, which it uses to assemble the raid
<zul> SpamapS: there you go fixed
<SpamapS> zu	zul     
<SpamapS> doh
<SpamapS> window locked up
<uvirtbot> New bug: #618819 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.1 failed to install/upgrade: aliprosessi installed post-installation script palautti virhetilakoodin 1" [Undecided,New] https://launchpad.net/bugs/618819
<SpamapS> zul: I brancehd lucid-updates to do the SRU.. is that correct?
<zul> SpamapS: yes unless there is a security updates
<SpamapS> https://code.launchpad.net/ubuntu/lucid/+source/php5
<SpamapS> I see not security
<seicherlbob> SpamapS: yes, but the device-names got shuffled and at boottime, i could not see any output. now i re-configure it with UUIDs for the participating devices, so whenever i change the devicenames, it doesnt care.
<SpamapS> seicherlbob: I guess what I'm saying is.. simply by adding "/dev/sda1" to a RAID device, it assigns a UUID, and writes a raid superblock saying "RAID with UUID=xxxx has members with UUID=aaaaa and UUID=bbbbb"
<SpamapS> seicherlbob: so, you don't need to be explicit about the UUID's, its all in the superblock.
<seicherlbob> SpamapS: isnt mdadm doing that when i configure it to do it? i dont know what happend but obviously it was complaining about wrong devices and so couldnt start the raid.
<SpamapS> seicherlbob: you can verify this with mdadm --detail /dev/mdX
<seicherlbob> SpamapS: anyway, i will just define the arrays members by uuid and thats it
<SpamapS> seicherlbob: you can also do   mdadm --query /dev/sdX#
<seicherlbob> SpamapS: now i see the dev/sd[bd]1 devices as members. but they got changed! so i will define them with uuid so that can no longer happen
<pmatulis> Wyleyrabbit: it's not something you're supposed to do. what's wrong with the driver in lucid?
<SpamapS> seicherlbob: I'm fairly certain that they already have UUID's, and its just showing you the device names.. but maybe you created it a weird way that I've never seen.
<seicherlbob> SpamapS: I followed the howto at http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch26_:_Linux_Software_RAID
<Wyleyrabbit> pmatulis, the driver that comes with lucid is version 04.01, whereas the current driver is 04.30 with a list of bug-fixes to go along with it. Are you saying I should just stick with the existing one?
<pmatulis> Wyleyrabbit: there will always be improvments (bug fixes).  is it's current state preventing you from using it?
<SpamapS> seicherlbob: this HOWTO makes an incorrect statement.. "Your system doesn't automatically remember all the component partitions of your RAID set." .. thats just not true.
<seicherlbob> SpamapS: so what shall i do?
<SpamapS> seicherlbob: it does in fact remember, and will re-assemble as long as all of the partitions are marked as type "FD" or "Linux raid autodetect"
<SpamapS> seicherlbob: Is your raid broken in any way?
<SpamapS> seicherlbob: maybe paste the warnings you're seeing
<seicherlbob> SpamapS: no. I had one running and attached another one (2 discs) from my old server
<Wyleyrabbit> pmatulis, hmmm, not that I can see. My understanding is the newer driver might offer better performance or something. I'm not generally a "bleeding edge" kinda guy, but I do like things reasonably current.
<pmatulis> SpamapS: mdadm scans the system for raid sets during boot.  maybe that's what the howto is getting at
<pmatulis> Wyleyrabbit: that's understandable.  but, really, i would just use what's available as well as possibly test stuff in 10.10
<seicherlbob> SpamapS: the only syslog i got from the broken boot is: mdadm[1581]: DeviceDisappeared event detected on md device /dev/md0
<SpamapS> pmatulis: all of the information needed to re-assemble an mdadm created RAID set is contained on the raid partitions themselves.
<qman__> yeah, you can even reassemble live, no configuration
<Wyleyrabbit> pmatulis, 10.10??? I don't see that available yet. Is it?
<SpamapS> pmatulis: so saying that your system doesn't automatically remember all the component partitions of your RAID set is quite wrong.
<seicherlbob> ok, guys. so what shall i do? do i need a mdadm.conf with the raid definitions or not? and if, what shall i define there?
<qman__> well, strictly speaking, the system doesn't, the RAID itself does
<SpamapS> Now, it may not remember which RAID is /dev/md0, and which is /dev/md1 .. but *that* is where you use the UUID of the filesystem to make sure the same volumes are mounted as /, /home, etc., each time.
<qman__> and the system auto scans it on boot
<pmatulis> qman__: yeah, it's semantics
<SpamapS> qman__: lol, system is a pretty broad term... good point.
<seicherlbob> SpamapS: the UUIDs of the raid as such. yeah. but the members of the raid need no configuration?
<SpamapS> seicherlbob: mdadm writes the configuration to the members.
<pmatulis> seicherlbob: you can use /etc/mdadm.conf to make it elegant (self documenting too)
<Wyleyrabbit> pmatulis, I guess what would be more important to me than having the current "bleeding edge" driver is having the ability to talk to the RAID card to find out if a drive has failed, etc. I'm shocked that Ubuntu comes with the driver, but no utility to know the status of the array health.
<seicherlbob> so i just remove the raid-definition from the mdadm.conf and let mdadm do its job alone?
<SpamapS> seicherlbob: I'm not sure what you even want. It sounds like maybe one of your raid partitions got wiped out? or just disconnected briefly?
<qman__> mdadm.conf is generated by scanning the RAID
 * SpamapS is going cross eyed
<qman__> I have one because I remember running into some trouble after adding disks to my array
<seicherlbob> SpamapS: no, none was removed. another raid was added, but then the devicenames were incorrect.
<pmatulis> qman__: unless it already exists?
<seicherlbob> SpamapS: so mdadm "thought" that the devices was removed, because sdb1 was no longer part of the raid it used to be.
<qman__> pmatulis, not automatically generated, you create it by doing something like mdadm --scan > /etc/mdadm.conf
<qman__> I forget the exact switches
<pmatulis> qman__: sure, but it's not required
<qman__> seicherlbob, mdadm doesn't care about "sda" or "sdb", it only cares about the UUIDs saved on the disks themselves
<seicherlbob> qman__: I'll just try it now. we will see.
<pmatulis> Wyleyrabbit: with s/w raid there is no raid card
<pmatulis> Wyleyrabbit: and you can query the array with mdadm
<Wyleyrabbit> pmatulis, right. I have a hardware raid card though, and absolutely must be able to know the array health
<qman__> Wyleyrabbit, mdadm has its own system to determine failure, and you can use smartctl to check the disks individually
<pmatulis> Wyleyrabbit: ok, i thought you were using s/w
<qman__> ah
<qman__> well, that utility would be up to the vendor
<qman__> since it would be specific to your hardware
<Wyleyrabbit> yeah, no. I have one of these: Intel Raid RS2BL080 with batter backup.
<Wyleyrabbit> http://www.intel.com/products/server/raid-controllers/RS2BL080/RS2BL080-overview.htm
<pmatulis> Wyleyrabbit: 10.10 alpha 3 is released, yes, you can run it right now
<Wyleyrabbit> ummm, that would be a "battery backup"
<Wyleyrabbit> so anyways, back to what I was saying. It's great that Ubuntu includes the driver to talk to these LSI cards out of the box, but nothing to query the array health. The driver doesn't even write to any of the log files, from what I can tell.
<qman__> drivers don't typically write to log files, they just send messages that would show up in dmesg
<seicherlbob> well, mount complaints that there are no devices with these UUIDs (i used the ones, mdadm told me). but i have 2 others. what is this?
<qman__> which you could then log and parse
<Wyleyrabbit> Although my card is made by Intel, it's really an LSI card. Much in the same way, I suppose, that one can buy an ASUS video card, but it's really an ATI or Nvidia card.
<seicherlbob> why does mdadms UUID not fit with dev/disk/by-uuid ?? the uuids there are different to the ones mdadm gives them. I only find the same IDs in dev/disk/by-id with a "md" prefix
<Wyleyrabbit> qman__, the only message in dmesg about megaraid_sas is the IRQ it's on and something about the latency timer setting. Currently the array is building (therefore degraded) so there should be tons of messages about this, but there's nada.
<asanir> I'm trying to find an iso suitable for my old intel celeron architecture, some ppl recommends me to get alternate package, should I find it here: http://cdimage.ubuntu.com/ubuntu-server/ ??
<qman__> asanir, any "i386" version of ubuntu will work
<asanir> but it fails on my system
<asanir> seems to have problem with linux-generic-pae
<qman__> well, you could try installing the linux-386, but a celeron is i686 and should work with the generic kernel
<qman__> I have a K6 which is an i586 and have to use the linux-386 kernel
<asanir> could u pls tell me how to use linux-386 instead of default installer?
<Jordan_U> asanir: What exactly happens when you try to use the Ubuntu installer?
<qman__> what I did was let it install the linux-generic kernel with the system, then reboot with the live CD, choose the "shell on your system" option, and install the linux-386 package
<qman__> with apt-get
<seicherlbob> SpamapS: ok, now i restarted without any new lines in the config and mdadm misses 1 device of each array. wtf?!
<seicherlbob> SpamapS: i will just configure it by IDs, i dont care about how it should work. damn it.
<seicherlbob> perfect. the members of the array dont have UUIDs set in dev. thats great! what am i doing wrong?
 * seicherlbob was sarcastic
<alvin> seicherlbob: bug 27037 I have to recreate an array on reboot (without data loss)
<uvirtbot> Launchpad bug 27037 in linux "mdadm cannot assemble array as cannot open drive with O_EXCL" [Medium,Fix released] https://launchpad.net/bugs/27037
<Wyleyrabbit> Rats.
<Wyleyrabbit> I'm about to give up on Ubuntu Server and go to Centos. ARGH! I really really don't want to do that, but I've now blown 8+ hours trying to get ANYTHING to allow me to talk to the hardware raid array. Nothing works.
<sherr> Wyleyrabbit: The megaraid cards have a utility to query the RAID, status etc. e.g. MegaCli
<ivoks> ?
<ivoks> Wyleyrabbit: you'll have the same problem on *any* linux
<sherr> See : http://hwraid.le-vert.net/wiki/LSIMegaRAIDSAS
<ivoks> 3ware has excelent tools for linux
<sherr> It's a bit of a pain though ...
<Wyleyrabbit> sherr, right! But I cannot for the life of me get that utility installed so it will talk to the Raid card.
<ivoks> there's no installation
<ivoks> you just run it
<Wyleyrabbit> ivoks and sherr, The MegaCli utility only seems to be available as an RPM. I did manage to get it to run well enough to show me the help file, but nothing else
<Wyleyrabbit> it wouldn't show any installed adapters.
<sherr> I'm running it on Debian Lenny.
<uvirtbot> New bug: #618876 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/618876
<sherr> http://hwraid.le-vert.net/debian
<sherr> It's not brabd new h/w though - Dell PE1800 + LSI MRSAS 8888ELP + HP MSA60 array
<Wyleyrabbit> sherr, omg! this is awesome. I just might be able to get this going after all. I didn't have ANY .deb files to work from, only RPMs that failed the "alien" process.
<sherr> *brand
<Wyleyrabbit> is lenny equivalent (or at least very similar) to Ubuntu Server 10.04 LTS ?
<sherr> A bit older.
<sherr> But just as good. If your hardware is supported (our new Dell R410 at work was not - so it runs 10.04 now)
<sherr> (the h/w raid1 disk for the OS was not seen in Lenny)
<sherr> Note also - the "megacli" programs are horrible ....
<sherr> This is what I have installed :
<sherr> megacli 5.00.12-1
<sherr> megaclisas-status 0.5
<sherr> Good luck - I am off very shortly.
<Wyleyrabbit> thanks sherr !!!
<Wyleyrabbit> sherr, what driver version are you running?
<mathiaz> hggdh: hi!
<mathiaz> hggdh: how is the 10.04.1 UEC testing going/
<sherr> Not sure. Let me have a quick look ... whatever's in the package above.
<mathiaz> hggdh: ?
<sherr> Wyleyrabbit: Sorry - this is what is in the dmesg :
<sherr> megasas: 00.00.03.20-rc1 Mon. March 10 11:02:31 PDT 2008
<hggdh> mathiaz: one gone, one to go
<mathiaz> hggdh: great!
<hggdh> mathiaz: got a misbehaving server in the middle
<mathiaz> hggdh: everything is working well?
<Wyleyrabbit> sherr, ok, thanks.
<sherr> + Fusion MPT base driver 3.04.06
<sherr> Copyright (c) 1999-2007 LSI Corporation
<sherr> Fusion MPT SPI Host driver 3.04.06
<sherr> (sorry - this is in the distro, not the megacli package ofcourse)
<hggdh> mathiaz: so far yes, except for this misbehaving server (which I think I am bypassing the issue)
<hggdh> mathiaz: I already marked done the required UEC test
<Wyleyrabbit> sherr, that helps.
<Wyleyrabbit> I think U.S. 10.04 came with 04.01 (which is also old)
<Wyleyrabbit> what version of debian is ubuntu server 10.04 lts most similar to?
<hggdh> mathiaz: we need coverage on the other tests
<mathiaz> hggdh: I'm working on these
<Wyleyrabbit> sherr, SUCCESS!!! Thanks
<bogeyd6_> Anyone feel like helping on this? I had a truecrypt drive in linux (encrypted the whole drive) and now Im on windows, how do i access the encrypted data?
<Wyleyrabbit> bogeyd6_, should be as simple as telling windows truecrypt to mount the drive
<bogeyd6_> Wyleyrabbit, i did but it sets it up as a RAW type and dinwos 7 wont recognize it as a formatted drive
<Wyleyrabbit> bogeyd6_, can you assign the drive a letter (in Control Panel - Admin Tools - Create/Format partitions)?
<bogeyd6_> Wyleyrabbit, yup, just double clicking on it tells me it needs formatted
<Wyleyrabbit> bogeyd6_, hmmm. I'll have to stop there, I don't use Truecrypt much.
<Wyleyrabbit> sorry I couldn't be of more help
<bogeyd6_> sux
<funkyHat> bogeyd6_: which filesystem did you use on the drive?
<bogeyd6_> funkyHat, its been too many years to remember, is there a way to find out?
<funkyHat> bogeyd6_: yes, boot up Linux and the command mount will tell you
<funkyHat> bogeyd6_: Windows can't read most Linux filesystems. There is some 3rd party support for ext2(/3) I think
<bogeyd6_> im getting vmware rite now, ill boot up linux and copy my files out
<g0rd0n> evening
<bogeyd6_> TEAM PlanB
<uvirtbot> New bug: #618935 in bind9 (main) "geoip dependency is large; load dynamically?" [Undecided,New] https://launchpad.net/bugs/618935
<ryanakca> ScottK: Hmm. Yet another day without an i386 ubuntu-server daily. Maybe I'll have better luck tomorrow.
<ScottK> OK.
<g0rd0n> i'm a bit confused by the numerous virtualization possiblities... i
<g0rd0n> i'm only experienced with vserver, but it seems like xen or kvm have more to offer
<g0rd0n> now some websites say kvm is better, most say xen is
<ScottK> g0rd0n: My recommendation is to look at the Ubuntu Server Guide (URL in /topic) and see what it suggests.  Generally sticking with the supported/documented solution is a safe approach in Ubuntu.
<failover> g0rd0n, http://itmanagement.earthweb.com/osrc/article.php/3898441/Linux-KVM-Eyes-World-Domination.htm
<g0rd0n> world domination lol
<failover> =]
<g0rd0n> yeah i will probably try kvm with command line tools then
<g0rd0n> is there something like debian volatile for ubuntu server?
#ubuntu-server 2010-08-17
<YankDownUnder> Got a server (brand new) that literally every time I power it down, I've got to re-install grub2....any clues?
<SpamapS> YankDownUnder: you're probably not installing grub to the right place.
<fidelix> Hey, how do i mv/cp files recursively overwriting files and folders on the destination?
<YankDownUnder> SpamapS, I'd have assumed that (as in this case) I've done it the same as I always do for this type of build... (grub-install /dev/sda => MBR?)
<YankDownUnder> fidelix, cp -Rf
<fidelix> This does not work.
<YankDownUnder> fidelix, cp -rf ?
<fidelix> I'll check
<fidelix> The first one worked.
<fidelix> Thanks YankDownUnder
<YankDownUnder> fidelix, Yer welcome mate
<SpamapS> YankDownUnder: depends on what device your system is actually booting from.
<SpamapS> YankDownUnder: its not a hardware raid card by any chance, is it?
<YankDownUnder> SpamapS, RAID is disabled on the mobo...all is fine when I actually do a warm boot, but from a cold boot, it freaks out...
<SpamapS> YankDownUnder: oh, that is actually pretty odd. I wonder if the controller is somehow screwing with writes to the MBR because of the RAID.
<ryoohki> how do i tell upstart which services to add for startup and remove unwanted services that are starting now?
<fluvvell> I'm wondering if hiddev is availble in the server kernel, or what the options are for usb based ups - I use apcupsd but I have no /proc/bus/usb/devices  - anybody familiar in this area?
<fluvvell> Im using 8.04
<YankDownUnder> SpamapS, There's a thought...have to check this out - I'll be in front of the server next week - so have to see what I can find out via remote...hate having to go through this all the time when the machine is powered down - it's going to be taken down at least two more time in the next month before it's got a perm home...
<tucemiux> anyone knows the path to httpd.conf ??
<tucemiux> pwd
<tucemiux> ahh everything is in /etc/apache2
<ChmEarl> tucemiux, /etc/apache2/ yes and see /etc/apache2/sites-available/default
<qman__> ryoohki, the only way I know of is to manually edit the files, which are located in /etc/init/
<clusty> anybody here with raids and also bothered to align partitions properly ?
<clusty> curious if it's worth the hassle
<ryoohki> qman__: thanks!  i was trying to avoid that but i could see vim was one of the ways
<qman__> clusty, I didn't bother, but I don't think my drives have 4k sectors
<qman__> of course my transfer speeds are limited by gigabit ethernet anyway, so I'm not super concerned about performance
<clusty> qman__: i am getting strange speeds
<clusty> on windoze i get from 30mb/s to 210
<clusty> on a 3 disk raid 5
<qman__> locally or over the network?
<qman__> gigabit ethernet has a theoretical maximum of 125MB/s, but in reality is limited to closer to 100MB/s
<clusty> qman__: locally
<qman__> the fastest speeds I've ever sustained over SMB are about 80-85MB/s
<clusty> qman__: also IO totally chokes it. as in a simple copy overloads the IO so much the PC is unresponsive
<clusty> can barely wake up from screen saver
<qman__> fakeRAID?
<clusty> qman__: real raid
<clusty> intel
<clusty> barely any cpu used
<clusty> but IO used to the brim
<clusty> would have expected the io scheduler to perform in a decent manner
<qman__> expecting windows to perform in a decent manner is a mistake
<clusty> no no
<clusty> that is linux
<clusty> if windoze blows, i can understand
<clusty> ...and expect
<clusty> D:
<qman__> what controller is it?
<clusty> srcsas18e
<qman__> misaligned blocks on 4k sectors could cause that, but there's likely something else going on here
<clusty> i did not align anything
<qman__> could cause slowdown, that is
<qman__> and what kind of disks?
<clusty> 7200 32mb cache disks
<clusty> 1tb
<clusty> middle of the road
<qman__> WD, seagate, samsung? RAID class or consumer? WD Greens?
<clusty> wd consumer black
<clusty> one i managed to kill tLER
<clusty> other 3 were to new :(
<clusty> kill=enable
<clusty> qman__: so you think alligning would help a lot?
<qman__> it would improve performance certainly, but I don't think it's what's causing the whole machine to choke like that
<ryoohki> qman__: do i comment out the "start on started" or change it to something like "start on manually" ???
<qman__> but only if those disks use 4k sectors
<qman__> I don't know if they do
<clusty> btw, do i have to recreate partitions, or just moving them to the right boundary would be enough?
<qman__> you could probably move them, but I don't know how or what utility to use
<clusty> parted
<clusty> can do it
<clusty> so what do i need to align to?
<clusty> 4KB multiple ?
<qman__> you want your filesystem's 4k blocks to match up with the 4k sectors, so I guess
<ryoohki> qman__: a moment of your time, please
<clusty> qman__: the stripe size/width don't matter ?
<qman__> ryoohki, I would comment out the "start on" line(s)
<qman__> to disable a service
<qman__> clusty, all the stripes/widths I know of would be multiples of 4k
<qman__> 64k, 128k
<ryoohki> qman__: thanks!
<qman__> so they should be fine, unless the controller is reserving an amount of space before your filesystem that is not a multiple of 4k
<clusty> qman__: they are indeed. 256kb x3
<clusty> i can waste space
<qman__> the thing is, most things are multiples of 4k, and most filesystems already use 4k blocks
<clusty> i am not gonna cry over 4kB-1 B :D
<qman__> the only problem arises when something reserves an amount of space that isn't a multiple of 4k
<qman__> such as the MBR
<clusty> do extended partitions eat a non multiple of 4 ?
<qman__> so your system has to be intelligent enough to slide it to the 4k sectors
<qman__> that, I don't know enough about
<qman__> wikipedia should be some help there
<clusty> thanks for the hint. i will look at that
<qman__> but again, that shouldn't be system crippling
<qman__> it'd cause notable slowdown
<qman__> but it wouldn't be hanging your box
<qman__> unless the controller is doing something stupid
<qman__> absolute worst case scenario, each disk is doing three times the number of reads/writes they would otherwise need
<qman__> I've got older systems with disks that can't even manage 30MB/s that run just fine
<uvirtbot> New bug: #619004 in clamav (main) "package clamav-daemon (not installed) failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/619004
<asanir22> hello, is it possible to choose kernel during Ubuntu server installation process?
<asanir22> Is it possible to choose or change default kernel during ubuntu server installation process?
<rasengan> Anyone have any good ideas on measuring PPTP traffic?
<rasengan> (bandwidth)
<clusty> qman__: running now a long iozone to see really what sort of bottlenecks are there
<asanir22> anyone know how to choose kernel during "expert mode" installation?
<asanir22> anyone know how to choose kernel during "expert mode" installation?
<clusty> qman__: i have seen this also on another work PC
<clusty> with a raid
<clusty> that heavy DB access makes it so unresponsive it stops pinging for a short while
<asanir22> anyone know how to manually choose kernel during "expert mode" installation? (sure it's possible)
<clusty> asanir22: do you stutter ?
<asanir22> clusty, what do you mean by stutter?
<asanir22> nobody replies!
<clusty> asanir22: that can mean 2 things: ppl don't know, or they don't like you. either way asking every 5 min won't change jacl schitt
<asanir22> sorry clusty, i was not aware of discipline here
<qman__> this channel moves a lot slower than #ubuntu, patience is important here
<qman__> as for your question, I don't know if that's possible
<robertpayne> there an easy way to see top like 10 processes by memory usage?
<qman__> robertpayne, certainly, see `man top`
<qman__> there's probably also a way to do it with ps
<clusty> i prefer htop
<clusty> it's a candy filled version of top
<shebaloma> i have gest xp system running i was woundering how to enable 3d for the virt video card
<clusty> shebaloma: virtual box ?
<YankDownUnder> to the bloke asking about 10 top processes: I've just used a conky-cli customised rc that does basically that - and I've got it to show me some other important things via the server's console...
<SpamapS> ps auxw O r | tail -n 10
<SpamapS> shows top 10 (albeit, in ascending order)
<g0rd0n> i have a little problem with ubuntu on my server... basically the server has a remote video redirection, which works fine with 8.04 lts, but then i upgraded to 10.04 and now, at some point during boot, ubuntu changes font or resolution or something, and all i see in my video redirection console is garbage... is there a way i can fix that?
<blue-frog> trying to restrict login hours for the user "test". Added   ssh;*;test;Al0900-1000    to /etc/security/time.conf  and added    account requisite pam_time.so  in /etc/pam.d/common-account  (I also tried in /etc/pam.d/login). I even rebooted the computer afterwards. The user "test" can still ssh while the time restriction should occur. What am I missing?
<qman__> g0rd0n, when booting, enter grub, and manually edit the boot line to include "modeset=0"
<g0rd0n> ok, i guess i can set that in menu.lst as well
<qman__> I've run into a lot of problems with the changes myself
<uvirtbot> New bug: #619064 in openldap (main) "package slapd 2.4.21-0ubuntu5.3 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/619064
<g0rd0n> i tested debian 5 -> 6 and have even more problems there
<qman__> that should get you booting to a normal terminal
<g0rd0n> machine won't even boot
<g0rd0n> but i think im gonna settle on 10.04 and do things with kvm
<blue-frog> *;*;test;!Al0900-1000  works  but   ssh;*;test;!Al0900-1000  does not (meaning test can ssh).  An idea?
<blue-frog> ssh* is the key
<qman__> while I don't know anything about that system, I would assume that * means allow any type of login, where ssh would only allow ssh
<g0rd0n> is it advisable to convert ext3 to ext4 on an ubuntu 10.04 system?
<qman__> only if you think you'll benefit from the performance gains
<qman__> there are still some bugs surfacing with ext4, some trivial, some rather nasty
<blue-frog> qman__, that's because we have /etc/pam.d/sshd  so ssh* works as sshd does. this I understand now
<g0rd0n> ok then ill wait :P
<g0rd0n> i dont want a nasty server
<qman__> it's considered stable, but unless you stand to benefit greatly, I would just stick with ext3
<Pragat> After configure cloud computing in ubuntu. I am unable to access frontend server with https://ipaddress:8443 in our proxy network..... How i can change ssl port
<chalcedony> i hate to look so stupid but i am stupid. my son set up mail on his server somewhere else, and he just told me that i have to copy it off there,     i don't know how?
<chalcedony> i think his server is ubuntu, i know my box is and the one i want to copy it to is ubuntu 10.04
<kuttan_> How can I have dom0/pvops kernel form 10.04 thanks
<kuttan_> where can I donwload those debs ( dom0/pvops kernel )
<twb> kuttan_: I believe Xen dom0 kernels are apt-gettable from the main archive.
<xperia> hello to all. i have a question related to proxys. i need to have a transparent fast proxy with the possibility to skip/filter special html tags if a php page is called. Does exist something like that ?
<kuttan_> twb thx for reply, but I can't see anything for lucid ( 10.04 )
<twb> kuttan_: is universe enabled?
<kuttan_> yes
<twb> Hm.
<kuttan_> twb linux-image-virtual , is domU ( guest ) only . am I right
<twb> Last time I looked, all kernels were domU capable as at lucid
<twb> And you're right, I can't see a dom0-enabled kernel package...
<kuttan_> I shifted from centos/rhel to ubuntu .. missing dom0 :(
<twb> I don't use xen myself, so I don't know if that's because it's no longer necessary, or because Ubuntu have dropped dom0 support
<kuttan_> twb Yup looks like that
<twb> http://osdir.com/ml/kernel-team/2010-01/msg00000.html (random google hit)
<twb> I suppose you could use hardy as the dom0
<kuttan_> thanks let me check hardy repo .
<twb> Hardy has dom0 packages
<kuttan_> okay
<boki> is there an easy way to include some html on every page that apache spits out? (thats is htm, php, everything)
<joschi> boki: libapache2-mod-layout http://www.musc.edu/webserver/mod_layout.html
<boki> joschi, great!
<boki> uhmm, whats the correct way to install apache mods?
<alex88> apt-get install libapache2-mods
<alex88> btw, i've problems with ssh, i've set the single ip to listen and syslog says "init: ssh main process (23654) terminated with status 255" because the network is not initialized, how can i posticipe the ssh start?
<g0rd0n> am curious to see if my method of upgrading from 8.04 to 10.04 is correct: 1. modify /etc/apt/sources.list 2. aptitude update 3. aptitude install aptitude 4. aptitude safe-upgrade 5. aptitude dist-upgrade 6. reboot
<alex88> g0rd0n: not really
<alex88> g0rd0n: https://help.ubuntu.com/community/LucidUpgrades#Network%20Upgrade%20for%20Ubuntu%20Servers%20(Recommended)
<g0rd0n> lol thank you
<g0rd0n> uh thats even easier than my way, nice
<alex88> yep :)
<alex88> and for sure more compatible insted of editing sources.list
<g0rd0n> yeh
<g0rd0n> although i have a fresh minimal install, but it cant harm to do things properly :p
<xampart> http://codepad.org/a5cFk17e should this configuration work concerning smtp? i want to accept smtp from those 3 ip's
<boki> how can i figure out why a certain mod is not working?
<g0rd0n> shit
<psteyn> I'm using 2x Apache servers mounting their document root's from a NFS server.  I notice very high load on both apache servers, but low cpu usage...is this normal with NFS clients?
<g0rd0n> now i wish i hadnt upgraded to grub2
<g0rd0n> lol
<psteyn> I'm using dedicated gigabit nics for the nfs shares/server
<g0rd0n> can i format /boot on a running system? and if yes, how can i format it so that the first sector starts at 63? seems to be a requirement for grub2...
<xampart> \j #grub
<xampart> i got good help there
<g0rd0n> xampart: thanks
<boki> how can i figure out why the content that should display with mod_layout is not showing up? (apache gave no errors on startup)
<Roxyhart0> hi, somebody know if there are someway to use rsync without promt the password? I can use password-file as my connection use ssh (the accounts for user are ldap/pam and login to their own folders) so i cant also use private key for that. any idea?
<twb> I'm guessing it's because of the errors.
<giovani> Roxyhart0: you'd need to explain in more detail what exactly you're rsyning, because you've mentioned useds and their own folders and that doesn't explain why a private key can't be used
<Roxyhart0> becauseand i have 100 users and 100 computers, so i dont want create a private key for each user in each machine???
<Roxyhart0> I am doing a scrip to backup clients machine from each user in the server each
<Roxyhart0> hour with rsync and i dont know how dont promt the password..the users account are ldap accounts
<Roxyhart0> and they shoudl copy the data in the folder that just each one have permision (each user have his pwn folder which permision just to him)
<xampart> sounds nice
<Roxyhart0> o i can do perfectly but it promt the password and i would like to avoid it as is a script running with cron...any idea?
<alex88> boki: look at server error log, check if it's enabled via a2enmod
<boki> alex88, it is, nothing in logs
<alex88> what mod?
<rawler_> does anyone here have experience setting up Ubuntu as a Kerberized SSH-server?
<rawler_> that is, support full SSO, with Kerberos not only as PAM backend, but actual Kerberized authentication directly in SSH?
<rawler_> i'm about to pull my hair out..
<alex88> rawler_: http://www.pdc.kth.se/resources/software/login-1/linux/ssh-with-kerberos-gssapi-on-ubuntu like this?
<alex88> rawler_: also https://help.ubuntu.com/community/SSH/OpenSSH/Advanced?action=show&redirect=AdvancedOpenSSH
<alex88> rawler_: last page
<alex88> 13:24 -!- paulws [~paulws@166.205.139.167] has joined #ubuntu-server
<alex88> 13:25 -!- e-jat is now known as ejat
<alex88> sorry
<alex88> http://developer.novell.com/wiki/index.php/HOWTO:_Configure_Ubuntu_for_Active_Directory_Authentication
<rawler_> alex88: is heimdal-client fully compatible with mit-server?
<alex88> rawler_: dunno, try..i've just linked tutorials that seems to be fine...
<rawler_> alex88: well, I've already found those through google..
<alex88> rawler_: oh sorry.
<rawler_> I haven't tried the heimdal client yet, since our previous CentOS hosting environment runs MIT-kerberos, and I want to avoid spurious compatibility-errors..
<lenios> anyone with experience with incremental backup of mysql? does every 5 min sound doable with a full backup each day?
<lenios> ftp backup, i'm wondering if servers can handle that
<twb> http://mywiki.wooledge.org/FtpMustDie
<Roxyhart0> lenios, injust test rsync and is great!!
<lenios> no rsync
<lenios> tar/zip + crypt + ftp
<lenios> backup server is a remote ftp server
<twb> Anyway, you can't make an incremental backup of mysql files
<twb> They're not coherent when mysql is running -- you have to either stop mysql for the backup run, or tell mysql to generate a dump (basically a huge .sql file)
<zash> (and the .sql file will have broken charset)
<twb> Yeah, well, mysql is inherently brain-damaged
<twb> AFAICT if sqlite is for rapid-deployment of toys and postgres is for production, there's not anywhere in between where mysql is a good idea
<lenios> can't i make a sql query and put that in a file?
<twb> lenios: sure you can, but it's not going to be useful
<lenios> it's only for a few tables, not the entire database
<twb> zash: we should convince all those PHP dweebs to store data in slapd instead of mysql
<twb> "after all, it's an object database -- no need for an ORM!!1!"
<lenios> by the way, i'm using java with hibernate
<lenios> how would postgresql be better for backups?
<alex88> hi twb
<lenios> oh, postgre has a PITR
<zash> twb: no! text files is most awesome!! ;)
<g0rd0n> is there a way to make a non-graphical install? the video redirection of my server delivers garbage past the first install screen
<zash> g0rd0n: there's a graphical server install? :O
<zash> g0rd0n: do you want a text based, or a fully automated installer?
<g0rd0n> zash: text-based... well you are right, it's not graphic... but somehow i still have problems
<g0rd0n> odd...
<g0rd0n> i see lots of vertical stripes... i tried with nomodeset but no luck with that eitehr
<twb> zash: the lucid server install media FORCE framebuffer on systems that have video cards
<twb> zash: you can opt-out of that on installed systems, but not on the install media (due to a bug).
<zash> :(
<twb> g0rd0n: you either need to type blind, or pull out the graphics card and do the install over the serial port, or preseed the entire install, or install hardy and upgrade to lucid afterward
<g0rd0n> serial port... interesting, i will try to connect to the serial console and see if i can do there
<patdk-wk> twb, what about a net-install?
<twb> g0rd0n: oh, sorry, if you're installing over serial you'll need to roll your own install medium (e.g. PXE boot).
<patdk-wk> I had problems with graphics mode once I installed, but not during the install, but I use net-install
<twb> patdk-wk: all my installs are PXE-based.
<patdk-wk> mine are pxe too
<g0rd0n> i have no possibility of influencing PXE, i just can mount ISO files remotely and boot from them
<twb> g0rd0n: yeah, I spoke to someone else with the same kind of funky remote access
<twb> g0rd0n: I think you're totally fucked
<g0rd0n> lol
<patdk-wk> roll your own net-install iso? :)
<twb> Oh, another way would be to boot whatever's on there, and write the boot media directly onto /dev/sda, then reboot off the hard disk.
<twb> That's heaps of fun, because if mess up the install you can't reboot to get back to the installer, because you've just blown away /dev/sda
<patdk-wk> twb, he can use any other iso image to boot to though, to fix it :)
<twb> If only everything was running coreboot and we just had "target scsi" style AoE installs...
<twb> patdk-wk: I guess
<g0rd0n> patdk-wk: is there a howto for creating the net install iso? couldnt find an official one
<patdk-wk> g0rd0n, that would be why I said, roll your own
<patdk-wk> I dunno if these would help or not: https://help.ubuntu.com/community/Installation/MinimalCD
<twb> Strictly, the *minimum* you need to install is the d-i kernel and ramdisk, and a bootloader to load them into memory
<twb> http://archive.ubuntu.com/ubuntu/dists/lucid/main/installer-amd64/current/images/netboot/
<twb> e.g. curl .../boot.img.gz | gunzip -c >/dev/sda
<g0rd0n> i think im gonna go with 8.04 and upgrade it as i did before, avoiding to upgrade grub2 :P
<prodigel> hi all. I have a simple set of iptables rules that should monitor and log into mysql - using ulogd - connections from and to the server. The problem is that the first ulogd mysql connection triggers a recursive set of connections that block my mysql server. How can I make such a rule to prevent ulogd localhost mysql connections from being logged?
<twb> prodigel: so, don't log connections to mysql?
<twb> e.g. -A LOG -i lo -j RETURN; -A LOG -j [whatever]
<prodigel> twb,  I've tried something like this: http://pastebin.com/xFnD49RE with no luck.
<prodigel> twb, those are all the iptables rules
<twb> Sorry, ICBF helping further.  Try #netfilter.
<prodigel> twb, is this the real meaning? http://www.urbandictionary.com/define.php?term=icbf
<patdk-wk> prodigel, why don't you try something sane, like limiting the amount of ulogs per rule
<prodigel> patdk-wk, do you think that would be useful for firewall monitoring?
<patdk-wk> maybe you should think about this some more
<patdk-wk> is it really interesting to know that someone connected to mysql 1000 times per second? vs 100times?
<patdk-wk> even syslog stops logging dups
<mathiaz> hggdh: hi!
<mathiaz> hggdh: how is UEC testing going on 10.04.1?
<uvirtbot> New bug: #619224 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.1 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/619224
<hggdh> mathiaz: all-in-one done and gone, having some issues on topo2 (all distributed)
<mathiaz> hggdh: related to 10.04.1 or hardware related?
<hggdh> mathiaz: all ssh calls to instances fail on a ping (no response)
<hggdh> mathiaz: sorry. before SSHing, I ping the instance. All pings are getting no response
<mathiaz> kirkland: ^^ - could you help out on the 10.04.1 UEC testing front?
<kirkland> mathiaz: hi there
<kirkland> mathiaz: sure, will do
<mathiaz> hggdh: and in the all-in-one setup it works correctly?
<mathiaz> hggdh: can you ping the NC from the CC?
<mathiaz> hggdh: rather
<mathiaz> hggdh: can you ping the CC from the CLC?
<hggdh> mathiaz: yes, the all-in-one worked
<mathiaz> hggdh: ok - so it's probably a routing issue between the CLC and the CC
<hggdh> mathiaz: and the CC is pingable from the CLC
<hggdh> mathiaz: sounds like routing, yes
<mathiaz> hggdh: from the CC can you ping the private IP of the instance?
<hggdh> mathiaz: yes
<mathiaz> hggdh: on the CC, is there an interface define for the publich IP of the instance?
<mathiaz> hggdh: can you ping the public IP of the instance from the CC?
<hggdh> mathiaz: for the CC interfaces: yes, see http://pastebin.ubuntu.com/479421/
<mathiaz> hggdh: and a ping 10.55.55.101 from the CLC doesn't work?
<hggdh> mathiaz: it does not. Interestingly, .101 is an active instance
<mathiaz> hggdh: I'd check the routing table on the CLC
<mathiaz> hggdh: I'd also start a tcpdump on the CC to see if there are any packets related to 10.55.55.101
<hggdh> mathiaz: yes, I was going to get it now
<g0rd0n> i see LVM is selected by default now in the installer, but is it really useful on a dedicated server?
<_ruben> sure, why not?
<twb> Define "dedicated"
<phidah> I tried logging in to my server via SFTP, but the login credentials were denied. Is there anything I have to enable?
<TeTeT> kirkland: hi there, can you enlighten me how the pre-seeding of nodes is done in eucalyptus? E.g. where is the user name and password for the nodes stored on the front end?
<g0rd0n> twb: root server, two hard disks, software raid1
<twb> Then I fail to see why you WOULDN'T put LVM on
<twb> phidah: the failure will be explained in auth.log on the server.
<twb> phidah: by design, detailed failure information is not disclosed to the client.
<g0rd0n> heh i think i never used lvm
<TeTeT> kirkland: I see /etc/eucalyptus/preseed/, but it's empty - maybe because it is a packaged install?
<twb> g0rd0n: just wait until a cron job files /var/log or /var/tmp and you start losing mail from /var/spool/postfix
<twb> s/files/fills/
<phidah> ok since I tail -f'ed the auth.log I see the same host hammering the ssh trying to log in as root...
<phidah> Do I just ignore that or...?
<_ruben> use fail2ban for instance to block such attempts
<twb> phidah: well, I would install firewall rules that -j TARPIT all packets from any host that makes more than three connection attempts in a sixty-second interval.
<twb> I don't like fail2ban and friends because even when they correctly uses -m set, it's still relying on a userspace process instead of in-kernel counters.
<phidah> twb: okay. do you have an application that does that for me correctly?
<phidah> or should it be done manually?
<twb> phidah: er, it's a sequence of iptables rules, not an application.
<phidah> I know but wouldn't it be best to have some kind of automated procedure?
<twb> What I'm proposing is a static set of rules
<twb> The "procedure" would be to write an /etc/iptab that's sane, then leave it alone forever
<phidah> What would the rule be like to block after say 5 attempts within 1 minute?
<twb> The downside of the approach is that it assumes you already have a clue wrt. iptables best practices, which few people do.
<twb> phidah: yes.
<phidah> Well I tried a bit of iptables before but it scares the heck out of me
<twb> phidah: in which use something like denyhosts/fail2ban/whatever; you're less likely to blow your foot off
<twb> *in which case
<Omahn> zul: ping
<zul> Omahn: pong
<Omahn> zul: Hello! I've just pushed a branch up to LP that provides upstart scripts for the nis package. ttx has previously pointed me in your direction as a suitable person to give it a check over.
<Omahn> zul: Is it too late anyway for maverick given that I've missed the feature freeze?
<zul> Omahn: cool ill have a look when i can
<zul> Omahn: it shouldnt be
<Omahn> zul: https://bugs.launchpad.net/ubuntu/+source/nis/+bug/569757
<uvirtbot> Launchpad bug 569757 in nis "NIS upstart dependancy broken for lucid" [Wishlist,Confirmed]
<hggdh> GAAHHHHH
<Omahn> zul: We've been using it here on Lucid in production for a couple of months now without any (known!) issues but I'm not sure how I should be coping with upgrades/etc in the post/pre etc scripts.
<hggdh> mathiaz: typo in an euca command
 * hggdh fumes
<zul> Omahn:cool ill take a look
<Omahn> zul: Thanks, much appreciated.
<kirkland> TeTeT: sorry, i'm a bit overcommitted at the moment to handle that explanation
<kirkland> TeTeT: there are no username/passwords transferred via UEC preseed
<kirkland> TeTeT: rather the username is eucalyptus, and the necessary public key is installed
<kirkland> mathiaz: okay, i'm off of the last phone call, can focus on some ISO testing now
<TeTeT> kirkland: ok, sorry to bother you in stressful times, I just saw "d-i	passwd/username	string ubuntu" in the preseed
<kirkland> TeTeT: huh?  where?
<kirkland> TeTeT: i'm definitely not following your request, then
<TeTeT> kirkland: https://pastebin.canonical.com/35930/ from /etc/eucalyptus/preseed/ from neem, training cloud front-end
<TeTeT> kirkland: line 29, but please forget it if you need to do other work now, nevermind!
<hggdh> TeTeT: this is setting the userId to SSH to
<hggdh> TeTeT: 'eucalyptus' is the reserved username for the Eucalyptus pacakge run-time
<TeTeT> hggdh: I see the eucalyptus ssh key and user in eucalyptus-common section\
<phidah> Is there any groups that users per default should be member of in order to be able to do port forwarding?
<hggdh> TeTeT: yes, this is correct. Eucalyptus exchanges internal data between the components
<hggdh> TeTeT: I am sorry, I just got back here. Could you re-state your issue (so that we will be talking about the same thing)?
<TeTeT> hggdh: I wonder how the user/password synchronisation between the front-end and nodes happens when using CD based install of UEC. Especially I wonder what happens if I change the password later on the front-end
<TeTeT> hggdh: would new nodes still get the old password or get a new one?
<hggdh> TeTeT: what user/password are you talking about? If it is the user in the instance... there is just one, 'ubuntu', and it does not have a password
<hggdh> TeTeT: if it is the 'eucalyptus' userId, this is reserverd for Eucalyptus usage, nobody should ever log in as it
<hggdh> TeTeT: in this case, it does not matter *what* would be the password, anyway, since Eucalyptus does SSH via public key
<TeTeT> hggdh: I was refering to the user on the node controller, for example 'ubuntu'
<TeTeT> or student
<hggdh> TeTeT: this instance userId is fixed on 'ubuntu'; we do not provide a password to it, users are expected to SSH in with public-key authentication
<hggdh> TeTeT: so, even if the user changes (i.e., *sets*) a password for 'ubuntu', it would not get to be used
<hggdh> normally
<TeTeT> hggdh: hmm, is /etc/eucalyptus/preseed for the instances? I thought it is used for the node controllers that connect to the front-end?
<hggdh> TeTeT: yes indeed. There should not be an 'ubuntu' user there
<hggdh> TeTeT: in this case the userId inherited is the 'eucalyptus' account. There is no password associated with it
<TeTeT> hggdh: can you confirm that the node has the same user and password as the front end? I haven't done a CD based install in ages
<hggdh> TeTeT: every NC installed inherits the 'eucalyptus' userId (and the public key into ~/.ssh/authorised_keys). There is *NO* password associated with this Id
<hggdh> TeTeT: actually, the 'eucalyptus' userId is a system Id (uid=121); what is actually passed is the CC's public key
<TeTeT> hggdh: so the admin user entered in the front-end install dialogue is never passed on to the node?
<hggdh> TeTeT: well, now...
<hggdh> TeTeT: good Q. Now I am unsure. I will do an install from CD, fully manual, and test
<TeTeT> hggdh: ok, was just thinking to do the same
<hggdh> TeTeT: any install has to have an admin user, so one would have to be created. I am not sure the 'ubuntu' would be used
<sla> hi there, does anyone know if 10.04.1 iso's will be released today?
<jpds> sla: It's expected to be today, yes.
<sla> jpds: tnx, time unknown i gues? kind of waiting ;-)
<kirkland> hggdh: ping
<kirkland> hggdh: mathiaz says you might need some help testing 10.04.1 candidates?
<kirkland> hggdh: i'm here to help
<kirkland> hggdh: just tell me what you need
<jpds> sla: Things like this are really: "When it's ready".
<sla> jpds: ic, tnx!
<sla> jpds: is this also a place where it will be announced or should i just press f5 once in a while on http://releases.ubuntu.com/10.04/ ?
<jpds> sla: nl.releases.ubuntu.com
<sla> jpds: ok, super ;-)
<hggdh> kirkland: soorry, on a call up to now
<hggdh> kirkland: I found the issue -- between the chair and keyboard :-( A change to the bloody test script was wrong, so all tests failed (I wrote 'iccp' instead of 'icmp'
<kirkland> hggdh: doh
<hggdh> kirkland: so life if good again. Just a bit balder
<kirkland> hggdh: okay, do you need anything from me at this point?
<hggdh> kirkland: well, since you so kindly offer... yes. There is r1231 on Eucalyptus, but I am unsure how to package it in
<hggdh> :-)
<kirkland> hggdh: let me look
<kirkland> hggdh: okay, i'm working on it
<hggdh> kirkland: later on I would like to know what I should do to package them, if you do not mind
<kirkland> hggdh: sure;  i'm working on that now
<kirkland> hggdh: i should have a script/doc for you by then
<hallyn> so i've got a bzr branch that i had proposed for merge, and the relevant commits were in fact merged into lucid-proposed.  But the tree is still listed as pending merge.  Shoudl I cancel the merge request, or leave that until it gets from lucid-proposed into lucid-updates?
<hallyn> oops, meant to ask on ubuntu-devel
<alex88> hi guys..how can i start openssh server later then normal on boot?
<hallyn> alex88: edit /etc/init/ssh.conf
<alex88> hallyn: where?
<alex88> i mean, what should i change?
<soren> alex88: Why do you want it to start later?
<alex88> because it runs before network, i'm on a vps, and i've set to listen to single ip, and the ip is set later
<alex88> so it says error 255 and it not start
<hallyn> alex88: hook whatever you want to wait on into the 'pre-start script' section
<hallyn> i.e., 'while [ ! -f /var/run/network-started ]; do : ; done ]' or something
<alex88> hallyn: insert a sleep command there?
<hallyn> sure
<alex88> thank you
<soren> alex88: Even better:
<soren> alex88: change /etc/init/ssh.conf to read: start on net-device-up INTERFACE=eth0
<soren> So when eth0 is up, upstart will automatically start ssh.
<alex88> soren: wait a sec, i'll post my syslog
<alex88> http://pastebin.com/Ua2WVEwy for this vps i have venet0:0 and venet0:1 as public ip, venet0 has 127.0.0.1
<soren> Yikes.
<soren> Why not have 127.0.0.1 on lo?
<alex88> vps... http://pastebin.com/rNWPpLYq this is ifconfig
<kirkland> hggdh: okay, eucalyptus_2.0~bzr1231-0ubuntu1_source.changes uploaded to Maverick
<alex88> soren: as you can see i have on both lo and venet'0
<soren> alex88: and you think the time ssh is started is your biggest problem? :D
<kirkland> hggdh: i'm testing locally here
<Italian_Plumber> I love how  easy it is to install a GUI on a server
<mdlueck> I am considering upgrading a 9.04 server to 9.10 / 10.04 maybe today... have one Q. Should I run the upgrade from the server console, or is via SSH fine? Will the upgrade process kill the SSH daemon and thus disconnect my session?
<Italian_Plumber> running updates over SSH is best accomplished using the "screen" utility
<Italian_Plumber> that way if you get disconnected the process continues
<Italian_Plumber> there are probably other ways too
<mdlueck> I have not heard of "screen" except on windows of course. ;-)
<Italian_Plumber> screen is an awesome utility... you type "screen"
<Italian_Plumber> then it will create the screen "session".
<Italian_Plumber> you can type "CtrlA, D" to get out of the session, but it's still running.
<Italian_Plumber> you type "screen -r" to get back to it
<Italian_Plumber> that's a simple example.
<Italian_Plumber> sudo apt-get install screen
<mdlueck> I issue that on the remote server, or before I start the ssh session from my Ubuntu workstation?
<Italian_Plumber> on the remote server
<mdlueck> OK
<mdlueck> I will check into that, thanks!
<Italian_Plumber> otherwiste the screen is running on your workstation, so you would still have problems if you were disconnected.
<Italian_Plumber> read up on screen...it has lots of options
<mdlueck> I was thinking perhaps it was an alternative to SSH
<Italian_Plumber> it's not...
<Italian_Plumber> you would ssh to your remote machine, then type "screen"...
<mdlueck> (me knods)
<Italian_Plumber> you could also start the screen if you were logged into that remote machine's console, then unattach from the screen and log out.... then go to where you are now, ssh, and re-attach to that same screen
<Italian_Plumber> you would join your regularly scheduled screen, already in progress.
<mdlueck> cool
<mdlueck> "saved sessions" for Linux term
<Italian_Plumber> I use screen in conjunction with rtorrent
<Italian_Plumber> I'm constantly unattaching and logging out, then logging in from a different location and re-attaching.
<Italian_Plumber> you can also log  and save the output of the screen.
<RoyK> screen is a nice tool :)
<RoyK> ctrl+a c to create a new screen etc
<RoyK> man screen
<Italian_Plumber> RoyK, what other features do you use?
<mathiaz> hggdh: kirkland: so 10.04.1 UEC testing is completed and successful?
<kirkland> mathiaz: hggdh said that the problem he saw earlier was due to a typo on his part in his testing script
<RoyK> Italian_Plumber: ctrl+a <esc> to enter copy and scroll mode - use vi commands (ctrl+u/d etc) to scroll
<RoyK> or just man screen - there's probably more fun in there than I use
<Italian_Plumber> oh I probably never discovered those features because I despise vi with a passion. :)
<alex88> mdlueck: check also byobu....nicer thing...
<RoyK> Italian_Plumber: might be possible to switch to other modes - my advice is to learn vi(m) and use it - it rocks!
<Italian_Plumber> heh... I understand why I should know vi... I just go out of my way to make sure pico or nano is installed on any machine I use
<Italian_Plumber> alex88: I've never heard of byobu... what does  that do?
<Italian_Plumber> vi reminds me too much of FreeBSD. :)
<Italian_Plumber> if Ubuntu is linux for human beings, FreeBSD is linux for people with too much time on their hands
<kirkland> Italian_Plumber: http://launchpad.net/byobu
<alex88> Italian_Plumber: in 10.04 it adds some themes, showing network, ram, disk info and also display opened terminals and activity
<kirkland> Italian_Plumber: it's a text based window manager, allowing you attach/detach from sessions, and configure a set of notifications about system stats
<Italian_Plumber> for machines with a GUI?
<hggdh> mathiaz: yes, tested completed successfully
<mathiaz> hggdh: great - thanks for the help!
<pmatulis> anybody use NIS here?
<alex88> Italian_Plumber: gui and not
<alex88> is possible that i get 404 for each tracker? how can i check if my isp is blocking that?
<RoyK> Italian_Plumber: menus belong in restaurants
<alex88> RoyK: and in windows?
<RoyK> alex88: yeah, and KDE/Gnome and Aqua and CDE and so on
<RoyK> but neither of those belong on a server
<alex88> oh sure.. :)
<alex88> any answer to my question? :)
<RoyK> what was that again?
<alex88> < alex88> is possible that i get 404 for each tracker? how can i check if my isp is blocking that?
<RoyK> url?
<alex88> RoyK: can i pm
<RoyK> brb
<RoyK> b
<alex88> RoyK: don't know if you've received..can i pm you?
<RoyK> yes
<ssureshot> I can't seem to find where the friendly name is set for my reports that are running and being set through php... the friendly name is Website.. I need to change this any ideas?
<RoyK> ssureshot: friendly name??
<ssureshot> From: Website (friendly name) -- email address is correct though
<RoyK> ssureshot: if trying to send email from php, asking on ##php might be better - in short, you want to build an email envelope and then send it
<ssureshot> RoyK: I'm kinda curious if this a php issue or an MTA issue... I have 2 servers one gento using sendmail (works like it should) and an ubuntu server wtih the same web apps with postfix.. that has the wrong name
<RoyK> ssureshot: I usually start with installing postfix - I'm not really comfortable with exif (the default MTA)
<RoyK> apt-get install postfix - try again
<raubvogel> Does anyone know if syslog-ng 3 will make it to the repositories soon?
<ssureshot> RoyK: postfix is installed and working, is there an alias I can use for the friendly name?
<RoyK> ssureshot: seems your webapp needs configuring
<RoyK> ssureshot: it probably sets that 'friendly name' and tries to send the email
<patdk-wk> ya, postfix just passes input to output, it doesn't modify anything
<patdk-wk> unless you attempt to configure masquerade settings or something (I have only done that using sendmail though)
<ssureshot> royk: roger that.. I think I might need to research the mail command in php.ini then
<RoyK> ssureshot: nope - the webapp
<raubvogel> ssureshot:  which webapp are you using?
<patdk-wk> php.ini only sets that stuff for windows :)
<RoyK> ssureshot: the e-mail envelope is creating it
<ssureshot> custom webapps
<RoyK> well, create a decent email envelope in it
<RoyK> it's not up to php to do that
<RoyK> I guess you can do it in the php settings, but that's rather ugly
<ssureshot> I will do some research on the envelope then... right on.. thank you both
<raubvogel> Also, are you using postfix as a full MTA or just to send out emails?
<patdk-wk> next question, why are my emails going to spam? :)
<raubvogel> patdk-wk: because they like you? ;)
<RoyK> patdk-wk: probably because you don't create a decent envelope for them :Ã¾
<Pupeno> How do I manually trigger the unnatended upgrades? They seem not to be happening.
<ssureshot> raubvogul: postfix is an internal relay server..
<RoyK> Pupeno: apt-get update && apt-get dist-upgrade
<Pupeno> RoyK: that's not unnatended upgrades, that's the normal upgrades.
<RoyK> I really don't know how to 'trigger' unattended updates
<patdk-wk> put, apt-get upgrade && apt-get dist-upgrade && reboot, in cron? :)
<jgcampbell300> hello, I have spent about a week trying to get openchange server installed on ubuntu and I have been reading today about groupware ... the question i am coming up with is this ... what exactly is the difrence in something like an exchange server and something like Citadel or "groupware" ... from a glance it seems to be doing the same thing
<RoyK> patdk-wk: yeah, every hour
<jgcampbell300> Pupeno: http://serverfault.com/questions/111201/how-to-get-automatic-upgrades-to-work-on-ubuntu-server .... found that on a search
<RoyK> Pupeno: pkgsync can also be nice, but be careful
<patdk-wk> dunno, I have never used it, my friend does though
<raubvogel> ssureshot: so you mean you are using postfix as a mail relay server
<mdlueck> Italian_Plumber: screen works slick-O, thanks for suggesting it! Backup done, on to the upgrade! :-)
<Italian_Plumber> you're welcome... always glad to hlp
<ssureshot> raubvogel: correct it's on the local machine that is my internal webserver also...
<jcastro> hey zul
<zul> jcastro: hola
<jcastro> zul: turn on full text feeds in your wordpress so your blogs don't truncate on planet
<zul> jcastro: yeah i thought I turned that on
<jcastro> nice job on memcached!
<zul> jcastro: thanks
<kirkland> hggdh: hey, is auto-registration working for you in Maverick?
<kirkland> hggdh: it didn't work for me... i had to manually register everything
<SpamapS> kim0: are you around? can you join us for the server team meeting?
<uvirtbot> New bug: #619388 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.5 failed to install/upgrade: el subproceso post-installation script devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/619388
<hggdh> kirkland: it works. Sometimes
<hggdh> kirkland: sometimes it does not. I have not yet opened a bug on it, low prio for me...
<hggdh> kirkland: I have found that leaving servers from a previous install running (and with the -publication active) can confuse auto-registration
<kirkland> hggdh: so you've been manually registering services?
<hggdh> kirkland: every other install or so, yes
<kirkland> hggdh: that's annoying
<hggdh> sounds like a race...
<hggdh> kirkland: another thing -- the -publication services *usually* do not stop if you 'stop eucalyptus'
<hggdh> kirkland: and usually do not restart if you 'start eucalyptus'
<Italian_Plumber> alex88: does byobu install with apt-get?
<hggdh> Italian_Plumber: yes
<Italian_Plumber> E: Couldn't find package byobu
<kirkland> hggdh: have you had any trouble bundling/registering images?
<hggdh> kirkland: no, not there (unless the SC is down)
<hggdh> Italian_Plumber: what Ubuntu version?
<Italian_Plumber> oh.. could be it... hardy
<hggdh> Italian_Plumber: yes, I think this is it... I do not think byobu made it to Hardy
<Italian_Plumber> what version does it work on?
<hggdh> kirkland: new issue?
<kirkland> Italian_Plumber: it is available for Hardy in the PPA
<Italian_Plumber> i'm currently working in a vm to test it out... I'd be glad to update to a newer version of ubuntu
<kirkland> hggdh: yeah, possibly...
<hggdh> dammit
<hggdh> kirkland: does hang on bundle/register? If so, I have seen it on an SC down
<kirkland> hggdh: doesn't hang;  python throws an error
<hggdh> that's different indeed
<mdlueck> Italian_Plumber: Upgrade to 9.10 went very smoothly. Starting the 10.04 upgrade now.
<kirkland> hggdh: have you seen a CLC think that it's ip address is 169.254.169.254 ?
<hggdh> kirkland: if this is the output from 'ifconfig', yes
<hggdh> kirkland: not sure about the final byte, though
<mdlueck> Frazzle razzle... 9.10 to 10.04 upgrade seemed to go well, via SSH and console, accepts my ID/pw, then goes to la la land... Suggestions please?
<mdlueck> Very weird, I left the room for a few mins, and when I came back I was logged in. hhhmmm....
<kirkland> hggdh: okay, i just uploaded eucalyptus_2.0~bzr1231-0ubuntu2_source.changes
<kirkland> hggdh: i had to re-fix something i fixed before, but i think Daviey dropped the patch during the quilt migration
<kirkland> hggdh: i'm going talk to upstream
<smoser> hggdh, ping
<smoser> maverick uec, have you seen functional euca-get-console-output ?
<smoser> i get empty response, although the node controller's /var/lib/eucalyptus/instances/admin/i-48580863/console.log is popuated
<hggdh> kirkland: k. Anything I should worry about?
<kirkland> hggdh: well, i just re-fixed the eth0:169.254.169.254 error
<kirkland> hggdh: this might be the source of some of the registration problems
<hggdh> kirkland: ugh. I will download the diff, and rebuild locally, then
<kirkland> hggdh: it's building now
<kirkland> hggdh: it'll be built in launchpad in ~10 minutes
<hggdh> smoser: I do not really remember -- I *think* yes
<hggdh> kirkland: I will wait, then
<kirkland> hggdh: yeah
<hggdh> smoser: but I will be able to check in about one hour
<kirkland> hggdh: here's the good news, though ....
 * hggdh perks up
<kirkland> hggdh: i was able to register all components, run an instance, and ssh to it :-)
<kirkland> hggdh: that's the first time i have personally done that against euca 2.0
<hggdh> yay!
<kirkland> hggdh: gives me a bit of confidence
<hggdh> so there's hope...
<hggdh> smoser: what version of euca? this latest rev should have a fix for console output
<smoser> whatever kirkland just loaded
<mdlueck> In server 10.04, where has /etc/default/grub been moved to this time?
<uvirtbot> New bug: #619455 in dovecot (main) "package dovecot-postfix 1:1.2.9-1ubuntu6.1 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-removal Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,New] https://launchpad.net/bugs/619455
<hggdh> smoser: this is a regression, then
<sherr> Hello - I hope someone can help
<sherr> I am using Server 10.04 as a KVM host (to Debian Lenny) and I want to make sure the guests are properly shutdown when the host is rebooted. But I can't get it working and the guests always end up killed. This really worries me for production use because FS corruption might happen.
<sherr> From the command line, all the scripts work :
<sherr> virsh shutdown <guest> - works
<sherr> virsh list - works
<sherr> But as a sys-v init script - or an upstart script - virsh doesn't seem to work i.e.
<sherr> virsh list -> empty/nothing
<sherr> virsh shutdown <guest> -> does nothing
<sherr> They don't work in runlevel 6.
<sherr> Surely people want to shut down guests on a reboot properly (e.g. UEC). How?
<sherr> My upstart exec script and output is here : http://pastebin.com/n6rnkVbC
<sherr> Can anyone help?
<hggdh> kirkland: OK, starting to test 0ubuntu2
<hggdh> kirkland: when you had registration issues were you running an all-in-one, or distributed?
<kirkland> hggdh: all in 1
<hggdh> kirkland: no prob here, at least right now, with regs
<kirkland> hggdh: cool
<delimiter> sherr: install acpid
<sherr> delimiter: on the guest? acpid is installed.
<delimiter> sherr: ya, cool
<sherr> And the host has <acpi/> in the XML definition of the guest.
<sherr> It works from the command line i.e. virsh list / virsh shutdown guest
<sherr> Why does virsh not work from an init/upstart script (runlevel 6)?
<delimiter> sherr: no idea, sorry
<sherr> Thanks anyway.
<delimiter> runlevel 6 = reboot
<delimiter> that your intention?
<sherr> yes
<sherr> I want a host reboot to shut down guests cleanly, automatically.
<delimiter> and killing the kvm procs doesn't trigger a clean shutdown within the guest?
<RoAkSoAx> kirkland: where can i find the Cloud in your pocket ISO?
<sherr> delimiter: Not tried that. But I suspect not. Let me try from the command line ....
<kirkland> RoAkSoAx: http://blog.dustinkirkland.com/2010/06/cloud-in-your-pocket-uec-liveiso.html
<RoAkSoAx> kirkland: thanks :)
<sherr> delimiter: I did a kill on the KVM pid, guest died. On reboot, I see an EXT3 "recovery required" as usual, so it appears to be an unclean shutdown as far as I can see. As usual.
<delimiter> sherr: that is really bogus, the system (host) should issue a shutdown to each running guest on reboot
<alvin> sherr: It's being worked on: bug 350936
<uvirtbot> Launchpad bug 350936 in libvirt "Should shut down domains on system shutdown" [Low,Triaged] https://launchpad.net/bugs/350936
<sherr> Yes, been banging my head on this all day. It doesn't work using "virsh" in an init script for level 6. Someone else said level 0 doesn;t work either.
<alvin> It doesn't work at all yet, but there are some pointers in the bug report. Didn't try them yet.
<sherr> Ah. I did do a search earlier ... let me look.
<delimiter> well those aren't your normal "runlevels" either
<alvin> there are no runlevels anymore as far as I know
<delimiter> that is a very narrow view of the universe :)
<alvin> lol, could be :-)
<sherr> There are runlevel modes in upstart though : start on runlevel [016]
<sherr> That's a big bug ... lots to read. I'll take a look further tomorrow and see if I can get anything working.
<sherr> Like many, this is serious for me. I'm testing test VM's now, but production is a different matter ...
<sherr> Thanks alvin and delimiter.
<uvirtbot> New bug: #619502 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12 failed to install/upgrade: Package is in a very bad inconsistent state - you should  reinstall it before attempting a removal." [Undecided,New] https://launchpad.net/bugs/619502
<SpamapS> that one keeps coming up
<SpamapS> I wonder if we're packaging a file that gets mucked with by maintainer scripts or something
<ruben23> guys i have several errors on startu can i hols the screen or pasue the loading is so fast can barely identify the error on a ubuntu server
<Crewsr3> I'm getting started with EC2 and set up an AMI and install postgre and now I need to connect to the postgre db.  I'm trying to tunnel to it but I'm getting an error.  Does the ubuntu AMI have ssh tunneling locked down and if so how to I open it up?
<qman__> Crewsr3, by default, SSH tunneling is not locked down
<qman__> the configuration is in /etc/ssh/sshd_config
<Crewsr3> I've been looking this file over and set up everything to open this up but I'm still not able to get tunneled into
<sbeattie> SpamapS: hunh, odd, it looks like some sort of debconf locking issue.
<SpamapS> Crewsr3: try passing  '-v' to ssh so you get some debugging information (three -v's will give you a ton of debugging)
<SpamapS> Crewsr3: though unless you've given the user you're using to connect a password, connecting over tcp/ip will be dependent on ident .. which probably won't work.
<SpamapS> Crewsr3: unless you ssh as root, and forward ident back to your local machine, which you don't want to do on so many levels. ;)
<SpamapS> Crewsr3: actually I take that back, ident will work if you run a local identd
<sbeattie> SpamapS: hrm, also looking at dmesg, it appears that XFS is in use; do you have other example bugs, as I'm curious if they're using XFS as well.
<sbeattie> SpamapS: re bug 619502 that is
<uvirtbot> Launchpad bug 619502 in mysql-dfsg-5.1 "package mysql-server-5.1 5.1.41-3ubuntu12 failed to install/upgrade: Package is in a very bad inconsistent state - you should  reinstall it before attempting a removal." [Undecided,New] https://launchpad.net/bugs/619502
<SpamapS> sbeattie: https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.1 .. I see 6 with a 'bad inconsistent state' mentioned. All invalid or triaged.
<sbeattie> oh bah, reading the dmesg *for comprehension this time* just shows that something is querying for filesystems, not that xfs is actually used anywhere.
<ruben23>  guys i have several errors on startu can i hols the screen or pasue the loading is so fast can barely identify the error on a ubuntu server
<uvirtbot> New bug: #619520 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.3 failed to install/upgrade: Package is in a very bad inconsistent state - you should  reinstall it before attempting a removal." [Undecided,New] https://launchpad.net/bugs/619520
#ubuntu-server 2010-08-18
<Italian_Plumber> I'm trying to connect my windows xp machine directly to an ubuntu server with a crossover cable.  I thought this was going to be easy.  It doesn't appear to be.  When I configure the server with a static IP with a netmask, I get "eth0: ERROR while getting interface flags: No such device ... SIOCSIFADDR: No such device"
<Italian_Plumber> I'm hoping the fix for that is something that's obvious to someone with more experience than I.
<Italian_Plumber> It also says "SIOCSIFNETMASK: No such device" and "Failed to bring up eth0"
<uvirtbot> New bug: #619540 in samba (main) "package smbclient 2:3.3.2-1ubuntu3.5 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/619540
<Italian_Plumber> well I figured it out... for some reason my two network cards are eth3 and eth4
<Patrickdk> did you change cards or motherboards?
<Patrickdk> ubuntu remembers the id's of the cards, and assigns new numbers for new cards
<Italian_Plumber> the hard drive is from another machine... that could be it.
<Italian_Plumber> now however I think my problem is that my crossover cable isn't really a crossover cable
<Italian_Plumber> mm... I dunno... the definitely have different wiring between the two plugs
<Italian_Plumber> whew... I rebooted and eth0 is now eth3...
<Italian_Plumber> er... I mean eth3 is now eth0
<Sonja> hai
<ND-movie> hey, can someone help me out with PPTPD server?
<ND-movie> i'm having a problem with it. :(
<mase_wk> ND-movie: no one knows if they can help you because you haven't told us the problem
<ND-movie> a fair point
<ND-movie> basically i'm having trouble getting the darn'ed thing to work right, i have it all set up, but i'm getting errors when it tries to handle dhcp
<ND-movie> here's pastebin
<ND-movie> http://pastebin.com/31qdtXsp
<ND-movie> like i can communicate with the VPN server, its not refusing the connection
<ND-movie> but *shrug*
<ND-movie> i think i have the internal and external IP's set up incorrectly
<ND-movie> xxx.xx.31.59 i have set as my internal (which is the IP of my server)
<ND-movie> and i have 192.168.1.1-254 set as my external
<ND-movie> thats probably the wrong idea, i'm guessing?
<ND-movie> any suggestions
<guest9876543210> Hi all
<guest9876543210> I'm trying to setup Virtual Machine using JeOS & vmbuilder
<guest9876543210> The VM seems to have been installed, but I don't know how to start it :(
<guest9876543210> running a virsh -c qemu:///system list doesn't display anything so I'm not that sure the VM has been installed
<guest9876543210> any VM helper there ?
<hallyn> guest9876543210: (i'm not sticking around, but one suggestion) do virsh list --all
<hallyn> else you don't see not-started vms
<fundacion> espaÃ±ol?
<guest9876543210> fundacion : nope, I'm French
<guest9876543210> I give --all a try ;-) thanks
<fundacion> no body speak in spanish
<fundacion> or where i can find a irc about server in spanish?
<guest9876543210> you seem to type a good english ! can't you ask for help this way ?
<fundacion> but, i don't understand the englis at perfection
<guest9876543210> I'm not aware of Spanish server room, I'd suggest to ask for help there ...
<Plecebo> I'm having some issues with Raid. I have a raid6 array and all of my drives all of a sudden went to spares. mdstat reads this: http://pastebin.com/c8Li0hHj I've tried rebootin and reassembling the array, but don't want to mess anything up the best I can get is 5 devices to try to assemble, but I need at least 6.
<guest9876543210> Placebo : do you have critical datas on your RAID array ?
<Plecebo> guest9876543210, I do, loosing it would be bad
<McWiney> n00b Q: I want to put my wife's teaching docs online for her to access from home/school/wherever... Most files are on ubuntu server box right now. Is WebDAV the way to go here?
<Plecebo> I assembled the array with: mdadm --assemble --force /dev/md0 /dev/sd{b,c,d,e,f,g,h,i}
<Plecebo> and it started with 6 devices
<guest9876543210> Placebo : and ?? what's wrong then ?
<Plecebo> guest9876543210, there are 8 devices, and I can't add the other two
<Plecebo> guest9876543210, also, now one of the 6 is marked as Failed
<Plecebo> new mdstat http://pastebin.com/CcrgJQs4
<guest9876543210> Plecebo : it might worth to test your HDs, using smartmontools
<Plecebo> guest9876543210, I can do that, do they need to be tested one at a time?
<Plecebo> also, should I take my raid array offline?
<guest9876543210> Plecebo : yes one disk at time (2mn per disk), you can leave your RAID on
<guest9876543210> sudo smartctl -t short /dev/sda
<guest9876543210> then after 2mn :
<guest9876543210> sudo smartctl -a /dev/sda
<guest9876543210> for each HD ...
<Plecebo> guest9876543210, ok, i'll do that and report back, thanks for your help *fingers crossed*
<Plecebo> guest9876543210, what am I looking for? how will I know there is a problem?
<guest9876543210> Plecebo : you'll see errors in the last lines
<guest9876543210> Placebo : you can run to know to number of hours your HDs have been up :
<guest9876543210> for sda :
<guest9876543210> sudo /usr/sbin/smartctl -d ata -a /dev/sda | egrep '^  9' | tr -s ' ' | cut -d' ' -f11
<Plecebo> /dev/sdb looks clean http://pastebin.com/sCFPcESs
<Plecebo> 8851, is that minutes?
<guest9876543210> in hours
<Plecebo> oh hours? nice
<Plecebo> lol
<guest9876543210> nearly 1 year
<Plecebo> seems about right
<Plecebo> thats about how long i've had them, nearly always on
<guest9876543210> due to RAID (1) crash, I now change HDs before 30 000 hours (3 years)
<guest9876543210> between 20 000 and 25 000
<guest9876543210> Plecebo : it might worth to check your HDD temp too :
<guest9876543210> sudo hddtemp /dev/sd[a-l]
<guest9876543210> mine have often failed because of high temp
<Plecebo> guest9876543210, I know I recently moved them to a hotter part of my house and I was copying data to them when the array crashed
<Plecebo> /dev/sdc looks ok http://pastebin.com/vxpFKmTd
<guest9876543210> yeap
<Plecebo> guest9876543210, between 34C and 41C
<Plecebo> at the moment
<Plecebo> but now I know how to monitor them
<guest9876543210> FYI : 47Â° has always killed my HDs
<Plecebo> guest9876543210, well seeing as how its a lot cooler today then it was the day the crashed i wouldn't be surprised if they hit something that high
<Plecebo> guest9876543210, thanks a bunch for your help
<guest9876543210> Plecebo : you're welcome .. help each other ;-)
<Plecebo> guest9876543210, yea, i'm writing down these commands so i'll know next time and someday can pass on the info :)
<guest9876543210> Plecebo : I've installed a MediaWiKi on my server, so I can record all theses usefull commands and access them from anywhere with www connection, I use it everyday as I can't recall everything ;)
<Plecebo> sdd looks good http://pastebin.com/90HPtcdj
<Plecebo> guest9876543210, that is a great idea
<Plecebo> guest9876543210, as long as your server is up eh?
<guest9876543210> Plecebo, do you mean uptime ?
<Plecebo> guest9876543210, if your MediaWiki is on your server and your server is what you are trying to fix... could be an issues
<guest9876543210> opps, yeap, that's what I first type .. as long as your server is alive ;)
<guest9876543210> it was on this server I have experienced a RAID crash :(
<Plecebo> Maybe I could keep tomboy notes and have them sync with ubuntuOne
<guest9876543210> lost 1 week / 15H/day typing invoices and so on ...
<Plecebo> guest9876543210, ewww no fun there
<guest9876543210> Now backups are daily
<Plecebo> guest9876543210, at least it wasn't two weeks LOL
<guest9876543210> (they were wekkly before)
<Plecebo> sde looks ok http://pastebin.com/UkspLJaj
<guest9876543210> Plecebo : I haven't yet found how to use UbuntuOne (neither understood what it can do)
<guest9876543210> sdi sdh sdg might be the culpits
<guest9876543210> (as they're shown as _ instead of U in mdstat)
<Plecebo> guest9876543210, I have only begun to use it, I think eventually they want it to be like a roaming profile in the cloud... but I think there are some kinks before they get there
<Plecebo> guest9876543210, yea my suspects as well, testing f now
<guest9876543210> FYI : I don't use anything that RAID1 for my sensitive datas now : 2 HDs in use, 1 for spare
<Plecebo> yea, I should consider moving mine around a bit
<Plecebo> re-thinking
<hallyn> <shrug> I'm using ecryptfs over Ubuntu One, bc I keep switching laptops etc.  No problems so far, after 2-3 weeks of heavy daily use
<hallyn> course all it takes is one snafu on the backend :)
<hallyn> as sidekick users know
<Plecebo> guest9876543210, most of my 6TB is used for ripped copies of movies I own that I could easily replace (just take me a few months to re-rip them)
<Plecebo> hallyn, you are happy so far?
<hallyn> very
<hallyn> I install a new laptop, hook into ubuntu one, wait a few mins, and everything is there
<hallyn> (bouncing between lucid and maverick)
<Plecebo> hallyn, i've used it for the music stuff, but there is so little space i usually pull it off right away
<guest9876543210> Plecebo : for the ripping thing datas, I use RAID5 (never tried the 6 level) as I don't care datas
<hallyn> again, i suspect i"ll get bitten at some point.  but then i have backups on several laptops, implicitly :)
<hallyn> Plecebo: i want quick syncs, so i don't put music on there
<hallyn> not yet anyway
<hallyn> if I could do priorities, "sync this first", then I might start
<hallyn> maybe i should hop over to #ubuntuone and suggest that :)
<Plecebo> SDG seems fine http://pastebin.com/QbUXawbV
<Plecebo> hallyn, yea the distributed idea of it is nice
<guest9876543210> Plecebo : yeap no error shown yet
<Plecebo> guest9876543210, its hard to move around 3TB of data though while you restructure everything
<guest9876543210> Plecebo : I know ... :(
<Plecebo> hallyn, priority would be nice I havent heard but excited to see what the devs have in store for 10.10
<guest9876543210> Is one of you good with Virtual Machines ? (JeOS & vmbuilder)
<Plecebo> SDH looks fine http://pastebin.com/mZGZPQHr
<Plecebo> guest9876543210, havent played around with it yet, but i'm interested. I'm considering attempting a small office install with ebox towards the end of sept and want to divide up the server a bit
<Plecebo> guest9876543210, but like I said, not tried playing with it yet
<guest9876543210> Plecebo : I'm trying right now .. but it seems I have to read a lot ... not able to start a VM yet
<Plecebo> SDI looks ok... http://pastebin.com/PGeKNUR8
<guest9876543210> Plecebo : once you've tested all drives, try to remove then re-add sde1 to md0
<guest9876543210> mdadm /dev/md0 --fail /dev/sde1 --remove /dev/sde1
<guest9876543210> mdadm /dev/md0 --add /dev/sde1
<guest9876543210> and watch the raid re-construction
<guest9876543210> watch cat /proc/mdstat
<guest9876543210> try to do this for the other drives after (but as i told : never tried the RAID6 level)
<Plecebo> guest9876543210, it added e as a spare
<guest9876543210> Plecebo : maybe because of the --force you typed
<Plecebo> guest9876543210, and it doesn't seem to be rebuilding either
<Plecebo> guest9876543210, could be
<guest9876543210> from the last mdstat you sent, sde1 if marked as FAILED
<guest9876543210> so, try to remove & re-add
<guest9876543210> (without force)
<Plecebo> guest9876543210, remove and readd the array?
<Plecebo> guest9876543210, mdstat now doesn't have b and c either, so let me try to readd them
<guest9876543210> Plecebo : remove sde1 from array then re-add it (see previous commds I've sent)
<Plecebo> guest9876543210, when I tried to remove/re-add sde1 using the commands you gave they were added back as spares
<guest9876543210> arg ...
<Plecebo> guest9876543210, adding sdb and sdc with the same command added them as spares as well
<guest9876543210> hmm ..
<guest9876543210> it seems you need 4 drives for RAID6
<guest9876543210> as the array already contains 4 valid drives, I think that's why they are added as spare
<Plecebo> from what i understood raid6 is like raid5 with the ability to lose 2 drives
<guest9876543210> I'd try a mdadm --assemble --scan
<Plecebo> so my 8 drive array should be able to assemble with 6 drives
<Plecebo> it says my array is active and it can't be restarted
<guest9876543210> I suppose this array is only for datas (no boot nor OS on it) ?
<Plecebo> guest9876543210, just data, correct
<guest9876543210> so you can stop the array then re-assemble it
<guest9876543210> sudo mdadm --stop /dev/mdo
<guest9876543210> then
<guest9876543210> sudo mdadm --assemble --scan
<Plecebo> mdadm: /dev/md0 assembled from 5 drives and 3 spares - not enough to start the array.
<Plecebo> LMAO
<Plecebo> closer though
<Plecebo> maybe if i alter the mdadm.conf and restart
<guest9876543210> what is your mdstat right now ?
<Plecebo> guest9876543210, it says again that all of my drives are spares (S)
<guest9876543210> all the 8 ?
<Plecebo> yea
<Plecebo> md0 : inactive sdf1[0](S) sde1[10](S) sdb1[9](S) sdc1[8](S) sdd1[6](S) sdi1[3](S) sdh1[2](S) sdg1[1](S)
<guest9876543210> and if you try to assemble the array you're told not enough drives ?
<Plecebo> mdadm --assemble --scan
<Plecebo> mdadm: /dev/md0 assembled from 5 drives and 3 spares - not enough to start the array.
<guest9876543210> Plecebo : Sorry, I'm a bit confused, I really don't know what to do ...
<Plecebo> guest9876543210, ok well thanks for the effort, ill keep plugging away here trying to see what I can come up with
<Plecebo> guest9876543210, oh no, i think i might have goofed
<guest9876543210> ?
<Plecebo> I removed and recreated the array
<Plecebo> and it started rebuilding
<guest9876543210> but it failed at the end ... that's it ?
<Plecebo> but then I got freaked out that I wasn't able to mount the array, which i've been able to do in the past
<Plecebo> and then two of the drives failed out of the array
<Plecebo> and the sync stopped
<Plecebo> but im worried that when I created the array I overwrote the superblock
<guest9876543210> arg, sincerely I'm not a that good mdadm user, but I think that overwriting the superblock was probably a bad idea
<Plecebo> yea I'm thinking the same
<guest9876543210> I think it's time to think : go for a new mdadm aventure and forget your past array datas ...
<Plecebo> guest9876543210, maybe, but i'm not at that point yet
<guest9876543210> courage is a good thing ! :)
<guest9876543210> I'm trying the 4th installation of a Virtual Machine on this server ...
<Plecebo> well the info i'm seeing leads me to believe i'll be fine, if I can get the array to rebuild
<Plecebo> I'm shutting it down for a bit and i'm going to try to cool things off in here then have it rebuild again
<Plecebo> good luck with your vm project, i'll be back in a bit
<guest9876543210> hi all, anyone used to JeOS & vmbuilder ?
<alex88> where does trasmission save torrent files?
<Andre_Gondim> alex88, ~/Downloads
<alex88> lol..i already created that dir..so i didn't search in there :) thank you :)
<Plecebo> guest9876543210, gah! it won't rebuild because two of my drives keep failing
<guest9876543210> Plecebo, your array should be ok with 6 drives out of 8
<guest9876543210> just remove the bad ones and keep only the good ones
<Plecebo> guest9876543210, but the array keeps wanting to sync
<Plecebo> so it won't stay online
<guest9876543210> do you mean on its mountpoint ?
<eagles0513875|2> hey guys is it bad practice if you have a raid 1 array to have swap also mirrored?
<guest9876543210> eagles0513875|2 : it works but it is a better idea to have a separate swap on each drive
<eagles0513875|2> i have one main drive and one drive which is mirrored onto
<gentooxer> eagles0513875|2: what guest9876543210 is trying to say is: you don't want to mirror your swap
<eagles0513875|2> O_o
<eagles0513875|2> doh
<guest9876543210> eagles0513875|2 : do you mean you have only a / and a swap on the drive and the whole drive is mirrored (using mdadm) to another one ?
<eagles0513875|2> guest9876543210: exactly i have the primary drive and using mdadm its mirroring / and swap :(
<gentooxer> eagles0513875|2: you want 2 swap one on each disk
<eagles0513875|2> ok so it being mirrored is ok gentooxer
<gentooxer> eagles0513875|2: it doesn't harm anything
<guest9876543210> gentooxer: it seems you haven't created your RAID array at system install ...
<eagles0513875|2> isnt it better to have swap mirrored just in case one needs to rebuild the array they will have the swap partition already there
<guest9876543210> sorry, this was for eagles0513875|2 ..
<eagles0513875|2> and guest9876543210 i did create the array at system install
<gentooxer> eagles0513875|2: the swap is only temporary data like ram
<gentooxer> eagles0513875|2: its garbish after a reboot
<eagles0513875|2> arent you up the creek though if you have to rebuild the array
<gentooxer> eagles0513875|2: why bother an mirror it?
<guest9876543210> eagles0513875|2 : datas in swap file are erased after a reboot
<eagles0513875|2> ok then i guess ill re install again :(
<eagles0513875|2> so what would you guys mirror
<eagles0513875|2> the bios boot partition and /
<gentooxer> eagles0513875|2: Ah I see, you have the option to mirror partitions not the whole disk
<eagles0513875|2> just partitions
<eagles0513875|2> i have 2 mirrors using mdadm
<eagles0513875|2> they are /dev/md0 and md1
<gentooxer> eagles0513875|2: so your RAID doesn't even see the swap, so you are save at rebuild ...
<eagles0513875|2> md1 is the swap
<eagles0513875|2> and md0 is the / partition
<guest9876543210> eagles0513875|2 : you should create your partition at install, mark them as RAID, then create the RAID array(s)
<eagles0513875|2> guest9876543210: i did
<gentooxer> eagles0513875|2: just erase md1 and create 2 seperate swap
<guest9876543210> eagles0513875|2 : you just have to delete your md1 and create swap on each drive instead
<eagles0513875|2> humm ok
<gentooxer> eagles0513875|2: but you don't need to reinstall
<eagles0513875|2> im new to creating raid arrays in linux
<eagles0513875|2> this was my very first one tbh
<guest9876543210> eagles0513875|2 : it doesn't hurts to have swap mirrored (my first server was like this and it has always run fine)
<guest9876543210> eagles0513875|2 : just not the best way to go ...
<eagles0513875|2> guest9876543210: humm k :(
<gentooxer> eagles0513875|2: you can deactivate the swap with sudo swapoff
<gentooxer> eagles0513875|2: unmount the swap
<eagles0513875|2> ok
<gentooxer> eagles0513875|2: an create 2 new partitions
<eagles0513875|2> why 2
<gentooxer> with sudo swapon the system searches for your swap and activates it
<guest9876543210> eagles0513875|2 : one on each drive ;)
<gentooxer> eagles0513875|2: because of the 2 disks
<eagles0513875|2> ahhh
<eagles0513875|2> primary disk has swap on it already
<gentooxer> eagles0513875|2: or do you have RAID on a single disk?
<eagles0513875|2> 2x2tb hdds
<eagles0513875|2> raid 1
<eagles0513875|2> thats kinda pointless though
<eagles0513875|2> to have it on one disk there is no redundancy
<gentooxer> eagles0513875|2: so you create 1 swapspace on each disk
<eagles0513875|2> ok
<gentooxer> eagles0513875|2: you can use the space of md1
<guest9876543210> what does : cat /proc/mdstat answers yuou ?
<eagles0513875|2> hold on let me pastebin
<eagles0513875|2> guest9876543210: http://pastebin.com/HnYujTjc
<guest9876543210> gentooxer : are you used to JeOS and vmbuilder ?
<guest9876543210> eagles0513875|2 : sorry I have troubles to access pastebin.com :(
<eagles0513875|2> O_o
<eagles0513875|2> guest9876543210: what kinda trouble :(
<guest9876543210> paste there ?
<eagles0513875|2> strange
<guest9876543210> --- pastebin.com ping statistics ---
<guest9876543210> 9 packets transmitted, 0 received, 100% packet loss, time 7999ms
<eagles0513875|2> O_o
<eagles0513875|2> works fine for me
<guest9876543210> was working ok 30mn ago ..
<eagles0513875|2> guest9876543210: where are you located?
<eagles0513875|2> never seen the .nc before
<guest9876543210> South Pacific
<guest9876543210> New-Caledonia
<eagles0513875|2> kool kool
<eagles0513875|2> guest9876543210: ill pm u and paste it to you that way
<guest9876543210> just paste here .. easier
<eagles0513875|2> ill spam out of the network
<eagles0513875|2> or at least the channel
<eagles0513875|2> !paste | eagles0513875|2
<ubottu> eagles0513875|2, please see my private message
<eagles0513875|2> guest9876543210: does http://paste.ubuntu.com/479797/ work for you
<guest9876543210> eagles0513875|2 : yeap ok
<binBASH> Good morning!
<guest9876543210> eagles0513875|2 : just unmount the swap as previously explained, delete md1 and recreate separate partition on each drive
<eagles0513875|2> ok guest9876543210 :) will do
<binBASH> moin \sh ;)
<eagles0513875|2> moin binBASH
<binBASH> moin eagles0513875|2
<guest9876543210> hi binBASH
<binBASH> hi guest9876543210
<\sh> hey binBASH
<binBASH> luckily irc client has tab ;)
<guest9876543210> is one of you used to Virtual Machine : JeOS & vmbuilder ?
<eagles0513875|2> binBASH: konversation?
<binBASH> eagles0513875|2: I didn't read it yet, I just attached to screen.
<eagles0513875|2> nice
<binBASH> and the very first thing to do this morning is, having a look why MySQL replication lag on the server is at 16.000
<eagles0513875|2> ouchie
<eagles0513875|2> got another question for u guys
<eagles0513875|2> im trying to install ubuntu server on another machine but for some reason when it loads language selection on the menu after booting off the cd it hangs
<binBASH> ok it's at 0 again. That was fast ;)
<eagles0513875|2> lol
<eagles0513875|2> man speaking of mysql i love mysql work bench
<guest9876543210> eagles0513875|2 : check RAM, CD integrity, CD player
<eagles0513875|2> guest9876543210: cd works fine
<eagles0513875|2> cd integrity
<eagles0513875|2> ya ill check the cd player and reseat the ram
<eagles0513875|2> and try again
<binBASH> eagles0513875|2: Well, I hate it to manually shard with Mysql
<eagles0513875|2> ? binBASH
<binBASH> eagles0513875|2: I have to change our company's application so it can use horizontal scaling (db sharding)
<binBASH> it practically means, changing of around 1500 source files........
<eagles0513875|2> binBASH: have you tried to see if you could make ur life easier by using the mysql workbench gui
<binBASH> eagles0513875|2: Yup
<eagles0513875|2> binBASH: what i love about it is that you can reverse engineer and forward engineer the db
<eagles0513875|2> binBASH: humm let me ask in the workbench channel really quick
<binBASH> eagles0513875|2: We have very big tables here with a lot of entries ;)
<binBASH> MyISAM.......
<eagles0513875|2> wow
<eagles0513875|2> well im still fairly new to db's
<eagles0513875|2> studied them as part of my course this past yr
<binBASH> Tables with 19800000000 entries ;)
<eagles0513875|2> O_o
<binBASH> and that's only for one customer :D
<eagles0513875|2> nice
<eagles0513875|2> im slowly starting to setup my IT solutions business
<binBASH> eagles0513875|2: You know our company hosts services for image agencies like Getty Images for example.
<eagles0513875|2> nice bi Nafallo
<eagles0513875|2> whoops
<eagles0513875|2> wrong person meant binBASH
<binBASH> and we also write software to manage their images ;)
<eagles0513875|2> nice nice :)
<eagles0513875|2> im hoping to branch my biz in that direction as well software development
<eagles0513875|2> i have a few ideas i want to work on
<binBASH> eagles0513875|2: It's a good business I think.
<eagles0513875|2> ya
<eagles0513875|2> im a comp science major hehe
<binBASH> I never studied.
<binBASH> ;)
<binBASH> eagles0513875|2: I started coding 15 years ago
<eagles0513875|2> nice i started 3 yrs ago
<binBASH> ;)
<eagles0513875|2> in the middle of a java based project atm
<binBASH> I started coding in the age of 14
<binBASH> VGA Graphics and Sound Stuff...
<eagles0513875|2> wow
<eagles0513875|2> i really wanna beef up my programming knowledge
<eagles0513875|2> i dont know much :(
<eagles0513875|2> and i really wanna start developing my own games
<binBASH> on iphone?
<binBASH> I didn't write an app for iphone yet. Though some other smart phones ;)
<binBASH> When I worked in Karlsruhe / Germany I had to code for mobile devices exclusively. But that is now 3 years ago.
<eagles0513875|2> binBASH: on all platforms
<eagles0513875|2> im not that far from you binBASH
<eagles0513875|2> geographically lol
<binBASH> eagles0513875|2: Well I'm in Zurich / Switzerland ;)
<eagles0513875|2> binBASH: join me in hi_jack_This its a tech channel
<binBASH> I have to code now and fix software bugs :)
<binBASH> PHP..........
<eagles0513875|2> nice binBASH i need to learn php and java script
<binBASH> learn python imho :D
<binBASH> but well, a good coder can use any language ;D
<g0rd0n> damn, since upgrading from 8.04 to 10.04 the serial console redirection seems not to work anymore
<eagles0513875> binBASH: back
<g0rd0n> damn, i fiddled with menu.lst and grub hangs now haha... will have to revert from recovery... sucks
<eagles0513875> g0rd0n: hope u took a backup of it
<g0rd0n> g0rd0n: no, but i remember what i changed... so as soon as i mount the boot partition i can modify the file
<g0rd0n> but still i wonder why console redirection doesnt work anymore
<g0rd0n> cause the parameters were not changed in the kernel line
<g0rd0n> same as the old kerne
<eagles0513875> g0rd0n: 8.04 used grub1
<eagles0513875> if im not mistake
<g0rd0n> yes, i still have grub1
<g0rd0n> it doesnt get upgraded
<eagles0513875> ya 10.04 uses on a clean install grub2
<eagles0513875> no it doesnt
<eagles0513875> !grub2 | g0rd0n
<ubottu> g0rd0n: GRUB2 is the default Ubuntu boot manager since Ubuntu 9.10.  For more information and troubleshooting for GRUB2 please refer to https://help.ubuntu.com/community/Grub2
<eagles0513875> that will tell ya how to upgrade
<g0rd0n> i know, but i failed clean installing, cause my video redirection doesnt support framebuffer
<g0rd0n> i tried upgrading grub2, but it doesnt work... he doesnt like the boot partition
<g0rd0n> i followed the instructions on that page
<g0rd0n> i dont remember the exact error message, but i googled and it looks like grub2 wants the boot partition to start on block 63 which mine apparently does not
<g0rd0n> but thats ok, i can live with grub1
<eagles0513875> nub question how does one change the motd
<RoyK> hm... http://www.google.is/search?hl=en&client=firefox-a&hs=2VC&pwst=1&rls=Palemoon:en-US:unofficial&nfpr=1&sa=X&ei=c_JpTP6_GoK88gaZgOmyBA&ved=0CBYQBSgA&q=0+degrees+celsius+%2B+0+degrees+celsius&spell=1
<eagles0513875> i changed the file in /etc/motd but after logging in to the system again it did have the message i gave it
<qman__> eagles0513875, the motd is now automatically generated with a series of scripts
<eagles0513875> qman__: how are you supposed to for instance put a legal disclaimer on the motd
<eagles0513875> ahhh wait
<eagles0513875> motd isnt what i want
<qman__> located in /etc/update-motd.d/
<eagles0513875> how can i put a legal disclaimer or have one pop up when someone tries to login to the machine and or ssh into the server
<qman__> SSH has its own banner setting
<qman__> I don't recall off the top of my head where the local terminal banner setting is
<eagles0513875> ok
<eagles0513875> not necessarily terminal
<eagles0513875> gets a login screen in kubuntu would it be posisble to get the disclaimer from a remote server prior to logging into that server?
<qman__> if you want a message at a graphical login screen, you'll need to investigate kdm for kubuntu and gdm for ubuntu/xubuntu
<qman__> as for remote logins, if you're using SSH, you want the 'banner' directive in the sshd_config
<qman__> bear in mind, however, that many SSH clients ignore the banner anyway
<qman__> so you will want your legal disclaimer in the motd as well
<eagles0513875> ya im noticing that
<eagles0513875> :) ssh banner set :)
<eagles0513875> qman__: would i need to create another script and put the motd message there
<qman__> yes, or modify an existing one
<qman__> the scripts are rc style, smaller numbers execute first
<eagles0513875> ok
<eagles0513875> :) this is gonna be interesting never worked with bash scripting much but im eager to learn
<qman__> well, yours should be simple
<qman__> start with a shebang, #!/bin/bash
<qman__> and then echo "disclaimer" or cat a file containing it
<qman__> then chmod +x
<uvirtbot> New bug: #619712 in keepalived (main) "keepalived vrrp race condition and fix (versions 1.1.17 and 1.2.0 but perhaps all?)" [Undecided,New] https://launchpad.net/bugs/619712
<eagles0513875> qman__:  O_o create a variable $disclaimer
<eagles0513875> im confuse dlol
<eagles0513875> i think lunch would fix that soon hehe
<qman__> heh, it's 5 am where I'm at
<qman__> bit of an insomniac
<qman__> but you really shouldn't need any variables, just a simple echo or cat
<eagles0513875> qman__: your saying i make another script called disclaimer
<eagles0513875> then call it from the 00-header script
<qman__> no
<qman__> create a script called /etc/update-motd.d/92-legal
<qman__> and it should contain
<qman__> #!/bin/bash
<qman__> echo "here is my disclaimer, by using this system blah blah blah give me your immortal soul blah blah blah"
<qman__> if you want it to appear closer to the top, name it 01-legal
<eagles0513875> qman__: im trying to add it to the script 00-header
<eagles0513875> and its not working i did as u said
<eagles0513875> echo "disclaimer" then it outputs the kernel and ubuntu version
<qman__> well, that should work
<qman__> I forget what triggers it to update the actual motd though
<qman__> I think it's a cron job
<qman__> no, guess not
<eagles0513875> cuz im running cat ../motd and its not showing up
<qman__> a relative path could be the problem
<qman__> use absolute
<eagles0513875> its working
<eagles0513875> i tried to login directly to the server
<eagles0513875> and it shows up
<eagles0513875> instead of using ssh
<eagles0513875> so both ways are working
<qman__> the other option here is to have it cat a file
<eagles0513875> ok
<qman__> in that way, you could have both SSH and the motd point to the same file
<qman__> so when you need to change it, it changes both
<eagles0513875> qman__: im using the motd message for ssh in the file /etc/issues.net
<eagles0513875> then when i login to the physical machine i added the echo u mentioned to the 00-header file
<ikonia> look in /etc/motd
<ikonia> look at your ssh config (not sshd_config)
<ikonia> check if it's using a login shell also
<ikonia> that's the common stuff
<garymc> HOw DO I find my PoE switch IP address that ive just plugged into my server
<_ruben> garymc: read its manual? its bound to list the default ip address
<_ruben> or hope it uses dhcp by default so can just look at your dhcpd logs
<garymc> yeah im a newbie. It says if you plug into a DHCP server (thats what I plug it into) then type "SHOW NETWORK"
<garymc> show network doesnt work
<garymc> where are the dhcpd logs stored?
<\sh> garymc: /var/log/syslog
<_ruben> /var/log/daemon.log
<eagles0513875> while we are on the topic of logs here where does iptables log information to if i have it set to log ?
<garymc> _ruben : Thats not showing the Netgear switch
<eagles0513875> garymc: switches dont provide dhcp
<eagles0513875> you need a router
<eagles0513875> to do dhcp and NAT
<eagles0513875> probably atm you have only one ip which means without a router you cant get any other pcs on ur network  on the internet
<garymc> no but the Server does yes?
<eagles0513875> garymc: is dhcp setup on the server?
<garymc> yes
<garymc> its an LTSP server
<garymc> Linux Terminal Server Project
<eagles0513875> ok
<garymc> I want to swap my current switch to my new one with PoE
<eagles0513875> just swamp it
<eagles0513875> swap
<eagles0513875> you shouldnt need to config anything
<garymc> well it says I do?
<eagles0513875> ?
<garymc> maybe not then
<garymc> here is the model number
<eagles0513875> switches arent that smart
<eagles0513875> so to speak
<eagles0513875> they arent like routers where u have a web interface they are just plug and play
<garymc> Apparently it has a WEB GUI I need to configure
<eagles0513875> humm
<eagles0513875> what make
<garymc> hold on
<eagles0513875> it could be you have a managed switch in that case it will have a web gui
<garymc> Netgear FSM7326p
<garymc> So I have it connected to the server via a Cat cable
<eagles0513875> give me sec
<eagles0513875> garymc: ya thats a managed switch i havent really worked with them or switches that much
<garymc> ok
<eagles0513875> not sure if you have taken a look at the knowledge base
<garymc> well anyway I could find out its IP?
<eagles0513875> http://kb.netgear.com/app/products/model/a_id/2408
<eagles0513875> it should have a default ip that comes setup on it from the factory
<eagles0513875> that link has all the documentation
<eagles0513875> administration to commands etc
<garymc> yeah i cant get into that either
<garymc> well it says to check my DHCP list by typing SHOW NETWORK
<garymc> but that command doesnt work
<baffle> Anyone knows when a lucid-kernel with the ext4/snapshot bug will be released? Ref. https://bugs.launchpad.net/ubuntu/+source/linux/+bug/605551 and https://bugs.launchpad.net/ubuntu/+source/linux/+bug/595489
<uvirtbot> Launchpad bug 605551 in linux "lvm2 hangs when creating snapshot, requires reboot to resolve (dup-of: 595489)" [Undecided,New]
<uvirtbot> Launchpad bug 595489 in linux "lvm snapshot causes deadlock in 2.6.35" [High,Fix committed]
<eagles0513875> humm garymc a call to their support might help more then i
<alvin> Ah, that's what's killing my servers! I knew there was something going wrong with the snapshots, but I didn't know exactly what. (reboot needed)
<garymc> I just need to find out its allocated IP address.... does anyone know How I could do that?
<eagles0513875> garymc: the documentation doesnt have it
<eagles0513875> the administration documentation
<garymc> I thought UBUNT would tell me
<garymc> *Ubuntu
<garymc> See I have lots of Terminals attached to the server, there ips are something like 192.168.0.25
<garymc> I have 10 comps on there
<eagles0513875> garymc:
<eagles0513875> then in that case
<eagles0513875> do an ifconfig and see what the gateway ip is
<eagles0513875> wait
<eagles0513875> that wont work :(
<garymc> no i know
<garymc> it just shows 192.168.0.254
<xampart> why not tail syslog and unplug/replug your device
<garymc> yeah ill give it a bash
<garymc> what is SPIP config?
<garymc> I found something on 192.168.0.40
<garymc> it asks for username and pass
<garymc> admin and blank password not working
<eagles0513875> admin netgear
<garymc> no its not that
<garymc> SPIP is the Voip phone config screen
<garymc> I plug and unplug and nothing changes in deamon.log or syslog
<baffle> alvin: Hehe, yeah, it's pretty horrible.
<baffle> alvin: Our backup software vendor issued a big fat warning not long ago.
<alvin> I have had no such warning. Couldn't log into the servers on monday fo two weeks. I wonder how these issues make it into official releases.
<eagles0513875> alvin: ? what happened
<alvin> eagles0513875: It's about a kernel issue. Create lvm snapshot is now equal to: crash your server immediately.
<eagles0513875> O_o
<eagles0513875> oh my
<eagles0513875> what bothers me though is the short 6 month release cycle
<eagles0513875> tbh i would rather have fewer releases
<eagles0513875> and a stabler system like debian
<eagles0513875> then a new release every 6 months
<alvin> Same for me. I often think Ubuntu Server would be better off when based on Debian stable instead of unstable.
<eagles0513875> i think the dev cycle seriously needs to be revised
<eagles0513875> how is the dev cycle split i would like to know
<joschi> eagles0513875: ever heard of the LTS releases? ;)
<eagles0513875> joschi: yes
<eagles0513875> and im on them here at work
<alvin> LTS doesn't mean 'stable'. It means: longer support.
<eagles0513875> exactly joschi
<eagles0513875> alvin
<joschi> alvin: it means: "converges to stable in a few months" basically
<alvin> That's on Windows (service packs)
<eagles0513875> alvin: check pm m8
<uvirtbot> New bug: #619769 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.1 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 10" [Undecided,New] https://launchpad.net/bugs/619769
<alex88> lol..if you need a longer release cycle switch on debian!
<m1r> hello, can anyone point me to information how much is ubuntu server install and maintainance cost ?
<garymc> anyone know how I connect to a Netgear hub via console?
<garymc> what is a console?
<AndyGraybeal> hey, i just did a regular update to my ubuntu 10.04 system and now i can't logon.  it says 'permission denied' i have two user accounts and both are denied.  it actually takes a long time to process and sometimes even times out trying to figure out if i typed the right password or not.
<AndyGraybeal> i feel a slight panic beginning to happen.
<AndyGraybeal> seeing how it's 8am :)
<AndyGraybeal> so i'm running samba and ltsp
<alex88> m1r: well, it's free
<AndyGraybeal> this is the first time i've rebooted in maybe a couple of weeks.  i'm gonna go see what's going on at the console.
<alex88> garymc: you can access control panel (if is there) via lyn
<AndyGraybeal> oh wait, it's logging me in now.
<alex88> *lynx
<m1r> alex88: i understand OS is free, but setup and configuration gotta have some price for time invested ?
<alex88> AndyGraybeal: lol :)
<AndyGraybeal> alex88: shush, i just had a heartattach
<alex88> m1r: it depends by how much the person who configures for you asks..
<alex88> m1r: you can do everything by yourself for free
<m1r> alex88: is there any "recomended" price for this work ?
<alex88> m1r: it depends where are you and how much ppl asks for it
<alex88> if you do for profession or time for time
<m1r> alex88: for friends home server
<alex88> m1r: friends? 30euro/h?
<garymc> alex how?
<garymc> alex88: ^
<m1r> alex88: manY thanks!
<alex88> garymc: sudo apt-get install lynx && lynx ip_of_the_router
<alex88> usually you use browser to access it?
<alex88> m1r: np :)
<garymc> yes but it just times out
<alex88> garymc: so there is a router problem
<alex88> tried to reset
<alex88> ?
<garymc> cant reset this without going into its CLI via the IO port
<alex88> IO port is serial port?
<alex88> also..why here in ubuntu-SERVER?
<AndyGraybeal> hmm now i'm having issue with running 'sudo' - i type my password and it is taking forever to do anything -- i did 'sudo ls' just to do it and i'm still waiting for it to recognize my password
<alex88> mmhhh..that's a bigger problem..
<alex88> tried sudo su?
<AndyGraybeal> just did after your suggestion, and still waiting on auth
<AndyGraybeal> oh it works.
<AndyGraybeal> it took a while
<alex88> that's strange..it takes time when you mistype the pass
<alex88> not when it's correct
<AndyGraybeal> alex88: my 'sudo ls' eventually came up also
<AndyGraybeal> i just rebooted so maybe things are just settling in though
<AndyGraybeal> i'm on my first half cup of coffee oto
<alex88> :) i hate coffee
<AndyGraybeal> yea, i go back and forth.  today i told myself no coffee... alas....
<alex88> it's late for that :)
<AndyGraybeal> alex88: aah italy :)  nice
<AndyGraybeal> i'm on the eastern side of the US; just getting started
<alex88> AndyGraybeal: seen in whois :)
<alex88> ?
<alex88> btw, which city? i'll be in NY in the first week of next year
<robertpayne> is there any specific place on ubuntu where sockets are regularly stored?
<soren> sockets?
<robertpayne> uwsgi.sock.. like mysql.sock I figure /var/run
<soren> They're not really stored. They're a figment of the kernel's imagination.
<alex88> :) nice explaination
<garymc> anyone setup Netgear PoE switches?
<hallyn> jdstrand: hm, there's no bzr tree for libvirt-bin, right?
<hallyn> you always work with the packaging itself?
<AndyGraybeal> alex88: yes
<AndyGraybeal> alex88: i live in southeastern ohio; athens ohio
<garymc> Ok getting back.... I connect Cable to console from Laptop. What software do I use to connect to it?
<hggdh> smoser: this is what I get back from get-console-output: http://pastebin.ubuntu.com/479922/
<sherr> garymc: you want to log in to a Netgear hub via the command line e.g. telnet? They usually have web interfaces.
<smoser> right. hggdh is there a bug ?
<smoser> if not, we need to open one, and mark it high
<patdk-wk> heh? netgear hubs don't have web or telnet
<patdk-wk> the managed switchs do, at different levels, depending on if it's fully managed, or just a smart switch
<hggdh> smoser: it sounds like we have... do you remember something similar? I dimly do
<sherr> I'm thinking switch. But anyway ... trying to get more infomation.
<smoser> no. i've never seen this bug on eucalyptus.
<hggdh> smoser: OK. Opening a new one
<smoser> there are other "euca-get-console-output doesn't work in some way"
<smoser> but this one is new.
<soren> hggdh: Are the tests you run against Eucalyptus described anywhere that I can see?
 * soren is curious how far OpenStack is from passing those tests at this stage
<hggdh> soren: partially on the blueprint, partially in the code. You can get the code from /~uec-testing-scripts-dev/uec-testing-scripts/trunk/
<hggdh> soren: basically: hammer down as many instances as possible, on all types and images available; (2) create/attach/allocate/use/reuse volumes
<hggdh> soren: er. If you happen to test OpenStack... mind telling me the results? ;-)
<soren> hggdh: Sure :)
<soren> hggdh: How many physical boxes are you using?
<hggdh> soren: six on this rig
<hggdh> each with 16 cores
<soren> Wow.
 * soren glances at his feeble set of test hardware
<hggdh> and I would still like to have more ;-)
<soren> ...and sobs.
<hggdh> well, if you looked at my personal set of hardware... you would really cry
<soren> Well, there's a reason I've taught OpenStack to use user-mode-linux as its backend instead of KVM.
<jdstrand> hallyn: not a separate bzr tree for Ubuntu, no. Debian uses git iirc and there is the distributed development one for Ubuntu, but that hasn't worked well for me in the past
<soren> so I can test stuff on rackspace cloud servers or whatnot.
<hggdh> soren: cool!
<soren> hggdh: It's not a replacement for full integration testing, of course, but it does a long way in testing OpenStack itself.
<soren> *goes* a long way..
<hggdh> I agree
<binBASH> hggdh: Your servers have 16 cores?
<hggdh> binBASH: these, yes
<binBASH> I hope not 8 real and 8 ht
<binBASH> :D
<uvirtbot> New bug: #619843 in eucalyptus (main) "euca-get-console-output returns one single line" [Undecided,New] https://launchpad.net/bugs/619843
<smoser> hggdh, thanks.
<hggdh> binBASH: no needs to worry ;-)
<soren> hggdh: For instance, the uml backend doesn't support get-console-output.
<soren> hggdh: Yet, anyway.
<binBASH> hggdh: I'm searching here server solution as well. We run out of cores :)
<soren> hggdh: I just submitted a patch to libvirt this morning that'll make it happen.
<binBASH> need those for imagemagick thumbnail creation and ffmpeg video processing
<soren> hggdh: ..but hotplugging volumes and such... I doubt that'll work at all.
<hggdh> soren: nice. I get you are working heavy on OpenStack?
<soren> hggdh: That's all I do.
<hggdh> oooohhhhh
<binBASH> hggdh: http://www.unicorner.de/index.php?option=com_content&view=article&id=188%3Afujitsu-primergy-cx1000&catid=53%3Aunicorner&Itemid=139
<binBASH> Maybe will buy this.
<soren> hggdh: Well, that and fix dependencies around it, like libvirt in this case.
<hggdh> binBASH: you have more money than I do ;-)
<hggdh> soren: *very* cool.
<binBASH> hggdh: it costs 80.000 USD
<soren> binBASH: Do you really need that sort of processing power continuously?
<hggdh> binBASH: I very much doubt I can justify $80k for tests
<binBASH> soren: Yeah, Getty Images is processing much stuff....... :)
<Hawkey^atWork> hi guys.. how often are updates for versions of programs in packages in universe?
<soren> binBASH: Ok.
<binBASH> soren: We're running for them atm 3 servers for processing, with 8x2,53 Ghz each. It's not enough
 * patdk-wk spanks binbash
<binBASH> and we host only one of their sites right now. They plan to come with 5-8 more sites :)
<soren> binBASH: I'm not questioning whether you need the processing power. I'm questioning whether you need it *continuously*.
<hggdh> in other words, elasticity...
<patdk-wk> soren, sure, how will he do seti? :)
<soren> $80k gets you a lot of CPU cycles with $CLOUD_PROVIDER.
<binBASH> soren: We measured what cloud processing would cost per customer.
<binBASH> and it was more expensive.
<binBASH> I mean, if you buy such a 80K system and you use it for 36 Month it will cost 4000-5000 USD / month.
<binBASH> including connection.......
<binBASH> and if we put one customer to the cloud eg. amazon ec2 it will cost like 1500 USD / month.
<soren> 5000/month can get you between 1600 and 2000 cores if you play your cards right.
<AndyGraybeal> hmm.. i'm trying to get "gnome-session-save --forced-logout" in a script called 'logout' in /usr/lib/xscreensaver - it's referenced by /usr/share/applications/screensavers/logout.desktop.. it doesn't appear to work though when it's activated; so i'm a little confused.
<binBASH> soren: Maybe spot instances.
<soren> AndyGraybeal: Wrong channel :)
<soren> binBASH: Nope.
<binBASH> Spot Instance is not really an option ;)
<binBASH> soren: I just looked at Amazon, I didn't check other cloud solution providers.
<soren> binBASH: It depends on storage and memory requirements, too, of course. I all you were doing was adding numbers, so very little need for storage and memory, the smallest instance on Rackspace's cloud platform still gives you access to 4 cores @~2.6 GHz.
<soren> binBASH: And those cost ~$11/month.
<binBASH> storage, hmm. 10TB+
<soren> Well, that's the thing... Do you need to it all in the same place as you do the processing?
<soren> It's not a magic silver bullet thing. You need to design for it to get the real benefits.
<binBASH> soren: The storage can be outside cloud.
<binBASH> however also need to think transfer costs will be higher
<soren> binBASH: Certainly.
<soren> binBASH: As I said: If you just want to add numbers... :)
<soren> binBASH: If you need more than that, it's a more complex equation.
<soren> binBASH: I
<binBASH> Need more than only add numbers ;)
<AndyGraybeal> soren: k thanks
<binBASH> images need to be send to ftp servers from partners etc...
<uvirtbot> New bug: #619855 in php5 (main) "session.gc_probablity=1 in /etc/php5/apache2/php.ini conflicts with permissions on /var/lib/php5" [Undecided,New] https://launchpad.net/bugs/619855
<soren> binBASH: There's also the fact that you pay as you go rather than buying expensive hardware up front, you can scale up and down as needed (I'm sure you have "dead" periods of the day, week, and year), and don't pay for power for the equiment nor cooling.
<soren> binBASH: I'm not trying to sell you anything, honest :) I'm just trying to help you save money.
<binBASH> soren: Yeah I know :)
<smoser> kirkland, http://www.dreamhostapps.com/
<binBASH> starting the worker machines via the API only when needed could be a better solution really
<patdk-wk> soren, that is easy to do if he buys a system also, he can shutdown systems and turn on based on load
<binBASH> soren: We will have conference in company about solutions tomorrow, so we can discuss and calculate what is best ;)
<patdk-wk> binbash, maybe you need to see how much each task you do does :)
<patdk-wk> like webservers, vs ftp, vs thumbnail creation
<patdk-wk> might be best for your own webservers, but to use like ec2 for thumbnail creation
<soren> patdk-wk: He has still paid for it. If it's off, he's not getting full value of his investment.
<patdk-wk> soren, if he needs it during the day but not at night?
<soren> patdk-wk: It may still be more cost-efficient. I'm just saying your analogy is faulty.
<patdk-wk> didn't know I made an analogy at all
<soren> patdk-wk: Your hardware vendor is not going to give you a discount because you tell him you're going to turn it off at night.
<binBASH> :D
<binBASH> But datacenter is ;)
<patdk-wk> no, but they normally give a discount if you guy 50, vs 20 :)
<patdk-wk> and if he needs 40
<soren> patdk-wk: So you'll still have paid through the nose for the hardware, but since it's off the money you paid for the hardware isn't being put to good use.
<binBASH> though turning servers off at night is not an option when you have customers all over the world :D
<patdk-wk> binbash, I'm sure you don't have an even load on your systems in all hours of the day
<soren> binBASH: No, but perhaps during the weekends. Or during summer or particular holidays. I've yet to meet anyone whose load is static 24/7/365.
<binBASH> soren: That's not an option for us :)
<binBASH> patdk-wk: Atm we have load there all day long :) Customers push images, queues are overloaded :)
<smoser> hggdh, for the record "empty console output" , you may have seen this, but we see it on ec2
<smoser> on ec2, though, there is no console output, we believe as a result of kernel bug (or xen hypervisor borkage). here, in eucalyptus, thta is not hte case, i've verified that the console log is present in the /var/lib/eucalpytus/...
<hggdh> smoser: so for Eucalyptus we have the full console in /var/lib/euca*, but only one line is shown -- correct
<hggdh> ?
<smoser> i just commented that in the bug, yes.
<hggdh> thanks
<uvirtbot> New bug: #619947 in autofs5 (main) "initialization of autofs is erratic (no nis maps available)" [Undecided,New] https://launchpad.net/bugs/619947
<pmatulis> re preseed, is there some way to enforce that old-style partition nomenclature be used on target system (sda? as opposed to uuid)?
<SpamapS> pmatulis: I'm curious what your reasoning is behind using SCSI device ordering instead of UUID.
<pmatulis> SpamapS: me too
<uvirtbot> New bug: #619970 in eucalyptus (main) "suddenly no instance starts anymore - walrus issue?" [High,New] https://launchpad.net/bugs/619970
<SpamapS> pmatulis: I could see one reason which is creating raid volumes.. never done that in preseed
<MTecknology> How can I get a system back to having only the base packages installed?
<MTecknology> I'd like to just go into aptitude - tell it to mark all for removal, then go through and pick what I want to keep - like ubuntu-minimal and openssh-server
<Error404NotFound> i just installed aide and noticed that some files in /etc/aide/aide.conf.d/ are given +x permissions while others are not. Why is that?
<RoAkSoAx> smoser: ping
<smoser> RoAkSoAx, hey
<RoAkSoAx> smoser: howdy!! just saw your bug report. What's that support for UEC images for testdrive? you already have a patch, what does it require?
<smoser> i was going to start writing a patch.
<smoser> just putting together the changes to the images that it will need.
<RoAkSoAx> smoser: where are they available?
<smoser> uec-images.ubuntu.com
<smoser> there is no builds available that have the stuff needed at the moment, but i'm about to kick one off.
<smoser> http://bazaar.launchpad.net/~ubuntu-on-ec2/vmbuilder/automated-ec2-builds/annotate/head%3A/README.files describes the members that are in a .tar.gz file
<smoser> of interest here is the -floppy file
<RoAkSoAx> smoser: so it would be jsut matter of downloading the tar.gz, uncompress it, ad then run the .img with kvm?
<itterbium> hello guys
<itterbium> im having some issues
<smoser> RoAkSoAx, yeah.
<itterbium> installing ubuntu from usb and without internet
<itterbium> could you give me a trick ?
<smoser> RoAkSoAx, the important piece being boot wiht '-fda' floppy.
<smoser> thats where the tricks are (providing kernel command line and such)
<RoAkSoAx> smoser: ok, let me think how we can do that. I have to run for lunch. when I get back we can discuss that.
<smoser> k
<itterbium> somker
<itterbium> smoser
<itterbium> could u help me ?
<itterbium> im having problems with installing ubuntu without internet
<smoser> what is rong?
<itterbium> i cant step over choose-mirror screen
<smoser> wrong
<itterbium> im having problems with installing ubuntu without internet
<smoser> i personally have never tried such a thing. it does'nt give you any option like choosing a cdrom as the mirror ?
<itterbium> not at all
<itterbium> and im installing it from a usb stick
<smoser> itterbium, i'm sorry, i don't really know.
<papertigers> anyone have a solution for pci_add_option_rom: failed to find romfile "pxe-virtio.bin" in kvm, I have found some bug reports
<itterbium> ok, no problem, thanks anyway
<itterbium> i had no internet cuz the kernels modules are buged
<itterbium> i had an RTL 8111
<itterbium> im really fuck up
<IdleOne> !language
<ubottu> Please watch your language and topic to help keep this channel family friendly.
<itterbium> sorry
<itterbium> my bad
<RoAkSoAx> smoser: ok i'm back. So, anyways, we'd only need to run 'kvm' with custom options right?
<smoser> basically, yes.
<RoAkSoAx> smoser: so something like: testdrive -u uec-image.img --uec-image
<smoser> in 30 minutes or so, i'll be able to put something at http://uec-images.ubuntu.com/server/maverick/20100818.1 that you can poke at.
<smoser> RoAkSoAx, well, kirkland was suggesting to just trigger off the .tar.gz in the invocation
<smoser> would indicate "oh, that is a uec image"
<smoser> but you could possibly do better.
<kirkland> smoser: yeah, could possibly use tar -t to list contents, grep for something uec-y
<smoser> tar -t is going to be badly slow
<smoser> and generally a waste.
<smoser> to -t a tar archive, you'd have to uncompress and read the whole thing (slow/io and cpu intensive)
<g0rd0n> hi! my ubuntu install is missing the /etc/inittab file, but i need it to specify a serial console redirection... can i just add that file or is there some package i need to install?
<RoAkSoAx> kirkland: smoser we can do something like manually download all the desire uec images and place them in $TESTDRIVE_CACHE/uec, and then run 'testdrive --uec', and that will display a list of the available UEC disk images to run
<papertigers> itterbium: you still there?
<RoAkSoAx> and further along the road we can automate the process of syncing the .tar.gz, uncompressing, and making the disk images for testdrive
<smoser> RoAkSoAx, well, i'd ideally like it to be easy just like testdrive, and "just work".
<smoser> at very least i dont want to require the user to download something, extract the image into a cache . and then run.
<smoser> in that case, there is little to no value in testdrive.
<alex88> i've tried a update-rc.d -f mysql remove and also mysqld but it has no links found..how can i prevent mysql to start on startup?
<SpamapS> alex88: edit /etc/init/mysql.conf and change the line 'start on xxxxxx' to 'start on never'
<SpamapS> alex88: assuming you're on 10.04
<RoAkSoAx> smoser: of course. but I'd first provide the support for actually running the disk images, then I'd provide the method to automatically sync the tar.gz, untar it, and make it available to run. This will change depending on what front-end we would like it for (-cli or -gtk, or even both)
<alex88> SpamapS: why it don't use rc like others?
<smoser> alex88, upstart is the new way.  things are being transitioned off sysvinit
<alex88> i think i'll need to read something about that...thank you :)
<alex88> i've installed apache 2 with mod_php5, on restart it says "Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.2 with Suhosin-Patch configured -- resuming normal operations" but it still download the index.php file..
<alex88> oh sorry..now it works..
<smoser> alex88, you ran into https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/603192
<uvirtbot> Launchpad bug 603192 in apache2 "install of libapache2-mod-php5 may not result in enabled php" [Low,Triaged]
<alex88> i ran into, noob that don't clear browser cache....-.-'
<RoyK> alex88: -. --- --- .---
<alex88> yeah...
<jman_> if i've got a file owned by a user and i want to give other users permission to execute it.  should i just make it 774  then add other users to the owner's group?
<alex88> sorry..
<alex88> if you want to be selective for users that need to execute..yes..
<MTecknology> I'm trying to follow this guide (http://nginx.localdomain.pl/wiki/FcgiWrap) but when I get to make install it decides it hates me and says no make file exists
<ScottK> then you should probably ask the writer of that.
<Ose> which torrent is the "basic" 10.04 server edition?
<Ose> i386?
 * Ose downloads that one
<RoAkSoAx> smoser: those uec images are also daily images correct?
<smoser> there are dailies and released.
<RoAkSoAx> smoser: which ones are the ones desired to testdrive, both?
<smoser> well, no releases are available yet that would be suitable.
<smoser> but i would suspect that if you test drive stable releases, you'd want to test drive stable uec images.
<smoser> (once they're there)
<smoser> basically, i'd think it would be the same as the other things that you can "test drive"
<RoAkSoAx> smoser: yes but for TestDrive itself, what is the main test purpose, daily images?
<RoAkSoAx> s/test purpose/test target/
<smoser> i would think that it is no different for uec images compared to "other"
<smoser> that make sense ?
<smoser> they're just like releases of something else that ubuntu makes.
<smoser> what is "the main test target" for daily ubuntu desktop isos ?
<RoAkSoAx> smoser: yes, but the way TestDrive handles it depends on the .manifest and .manifest-daily files
<RoAkSoAx> which one is on releases.ubuntu.com and the other on cdimage.ubuntu.com
<smoser> so you just want to know "is this thing a released image, or is it a daily" ?
<smoser> i was unaware of .manifest-daily versus .manifest.
<RoAkSoAx> smoser: yes I just wanted to know that since at the end the isos are handled the same way, the onyl thing that would change would be obtaining the manifests
<smoser> well, you can easily do it based on the a
<smoser> a.) url
<RoAkSoAx> smoser: anyways, so it would be something like: 1. Obtain UEC .tar.gz list automatically and make it avaialble through TestDrive. 2. Sync .tar.gz, and prepare image (untar files). 3. Provide kvm with related parameters. 4. launch image
<smoser> b.) presense of published-ec2-daily.txt versus published-ec2-release.txt
<smoser> c.) you could actually just read http://uec-images.ubuntu.com/query/ for clean informatoin
<smoser> RoAkSoAx, yeah. thats about right.
<smoser> i'd say you might want to do: 2.5. create qcow2 image using backing image of the .img file (so it stays 'clean') . see man qemu-img and '-b'
<RoAkSoAx> smoser: but first of all i'd need a manifest similar to: http://cdimage.ubuntu.com/.manifest-daily, which instead of listing ISO's, it will list .tar.gz files
<smoser> oh.
<smoser> query does provide you taht.
<RoAkSoAx> smoser: should prolly be in http://uec-images.ubuntu.com/.manifest-daily
<RoAkSoAx> kirkland: any thoughts? ^^
<smoser> i'm not terribly opposed to providing that, but /query is the data that we're using elsewhere.
<RoAkSoAx> smoser: i think i'd rather have a manifest like those used in cdimage or releases.ubuntu given that will allow for easy integration to TestDrive
<RoAkSoAx> and allow me to re-use most of the code
<RoAkSoAx> and just say something like "if it is from uec category, sync .tar.gz instead of iso, and when finished, untar file and prepare image", so that launching would be done easier
<kirkland> RoAkSoAx: smoser: yeah, i think it best if smoser generated a very similar manifest
<RoAkSoAx> and whne launching i'd do "if from UEC category, use this custom KVM_ARGS"
<smoser> well, i can write the conversion from /query to whatever data format you're getting out.
<smoser> i just don't want to write more data at this point.
<hallyn> There are 3 suspiciously similar new samba bugs...  bug #619769, bug #619773, and bug #619540
<uvirtbot> Launchpad bug 619769 in samba "package samba-common 2:3.4.7~dfsg-1ubuntu3.1 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 10" [Undecided,New] https://launchpad.net/bugs/619769
<uvirtbot> hallyn: Error: Could not parse data returned by Launchpad: list index out of range
<uvirtbot> Launchpad bug 619540 in samba "package smbclient 2:3.3.2-1ubuntu3.5 failed to install/upgrade:" [Medium,Incomplete] https://launchpad.net/bugs/619540
<hallyn> but i can't reproduce...
<RoAkSoAx> smoser: having a manifest in http://uec-images.ubuntu.com/.manifest-daily with this http://pastebin.ubuntu.com/480079/ would simplify the integration with TestDrive a lot.
<hallyn> anyone see anything obvious why samba-common --configure would suddenly fail for 3 people in different locales?
<smoser> RoAkSoAx, alright. i'll work on getting that created.
<RoAkSoAx> smoser: awesome then. Thanks :)!
<zul> hallyn: which version?
<RoAkSoAx> smoser: btw... DOes http://uec-images.ubuntu.com support rsync?
<hallyn> zul: chasing a gremlin hanging out in my wifi card, need a minute...
<zul> hallyn: okies
<hallyn> zul: one is Configurando samba-common (2:3.4.7~dfsg-1ubuntu3.1) ...
<smoser> RoAkSoAx, yes.
<zul> also bug number :)
<smoser> RoAkSoAx, one thing, though, is that the rsync of a .img.tar.gz is not as nice as it is with a .iso.
<hallyn> zul: another was  /var/cache/apt/archives/smbclient_2%3a3.4.0-3ubuntu5.6_i386.deb
<hallyn> zul: bug #s above: bug #619769, bug #619773, and bug #619540
<smoser> as it is a partition image of a ext4 filesystem rather than a iso filesystem.  each day, the layout of the filesystem varies, and randomly so, while the creation of a .iso is more ordered, resulting in higher rsync friendlyness.
<uvirtbot> Launchpad bug 619769 in samba "package samba-common 2:3.4.7~dfsg-1ubuntu3.1 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 10" [Undecided,New] https://launchpad.net/bugs/619769
<uvirtbot> hallyn: Error: Could not parse data returned by Launchpad: list index out of range
<uvirtbot> Launchpad bug 619540 in samba "package smbclient 2:3.3.2-1ubuntu3.5 failed to install/upgrade:" [Medium,Incomplete] https://launchpad.net/bugs/619540
<RoAkSoAx> smoser: smoser well by default TestDrive uses rsync to sync the .iso, so I thought that I'd also use to sync the .tar.gz
<hallyn> zul: i dunno, it does look like it's all just 3 ppl having very similar bad luck at the same time
<smoser> yeah, and that will work.
<hallyn> i just want to make sure i'm not ignoring a much deeper error that'll keep cropping up
<smoser> the difference is just that tomorrow you wont get as large a benefit from already having a .tar.gz as you would from having a .iso
<hallyn> heh, there's a php5 bug for SpamapS too
<zul> hallyn: heh interesting
<RoAkSoAx> smoser: TestDrive does, and will do something like: rsync -azP rsync://uec-images.ubuntu.com/uec-images/server/maverick/current/maverick-server-uec-amd64.tar.gz .
<smoser> yeah. it just wont get as much benefit if maverick-server-uec-amd64.tar.gz was here from yesterday.
<smoser> and, in that case, you should probably remove -z if you could that'd be better.
<smoser> as the data is already compressed.
<smoser> just wasted cpu
<smoser> anwya
<kirkland> hggdh: fwiw, r1232 uploaded to maverick
<smoser> let me get to produ cing that dat afor you
<hggdh> kirkland: ack, thank you
<RoAkSoAx> smoser: k, that's just sync tweaking that can be handled later
<smoser> RoAkSoAx, so are you thinking you can do some to fthis ? or are you expecting me to ? i was expecting to... but i'm definitely open to you doing so :)
<superbrad> does anybody know of a good DNS/BIND tutorial for Ubuntu server edition?
<superbrad> preferrably known to work well with 10.04
<RoAkSoAx> smoser: I can do some of the work (if not all). However, right now I'm on vacation in Peru, so prolly will work on it on the weekends.
<smoser> alright.
<smoser> enjoy your vacation RoAkSoAx
<RoAkSoAx> smoser: thank you :)! just let me know when the manifest is ready and I'll start the integration
 * hallyn waits for SpamapS to yell at him
<ssureshot> is adding ldap.log to the logrotation as simple as adding /var/log/ldap.log to /etc/logrotate.d/rsyslog ?
<qman__> superbrad, probably the one in the ubuntu server guide
<qman__> https://help.ubuntu.com/10.04/serverguide/C/dns.html
<superbrad> wow, adding the phrase server guide to the google search makes a heap of difference (feel free to point fingers and jeer ;)
<superbrad> qman__: thanks!
<MTecknology> I have a UPS now and the data cable is connected to the server. How can I read information from the UPS?
<qman__> MTecknology, apcupsd is the only software I know of for that
<qman__> if your UPS isn't supported by it, and it didn't come with linux software, you're pretty much SOL
<MTecknology> qman__: thanks :)
<qman__> unfortunately there isn't a UPS communications standard in wide use
<MTecknology> qman__: anything really simple to follow to start using it?
<qman__> not really, pretty much have to just read through the configuration file and hope you can tell which model yours is
<qman__> took me a while to get my backUPS pro working, and after all the effort it doesn't even tell me battery life
<qman__> it only knows when power is lost and resumed
<MTecknology> ouch
<qman__> should have spent the extra $20 on the smartUPS model
<MTecknology> What did you spend on it?
<MTecknology> Ours cost $65
<qman__> about $150 after shipping
<qman__> it's a refurb, APC BackUPS Pro 1400
<qman__> it's otherwise a great unit, long live, easy battery replacement, 24v system
<qman__> it'll run about 40 minutes with a dozen machines on it
<MTecknology> nice
<qman__> replacement batteries are about $70 too, not too bad
<uvirtbot> New bug: #620085 in libvirt (main) "libvirtd does not clean up pid file" [Undecided,New] https://launchpad.net/bugs/620085
<MTecknology> I think it's working :D
<MTecknology> It even tells me the model
<MTecknology> APCMODEL : Back-UPS ES 550
<MTecknology> qman__: Do you know if I can tell it to run a script instead of shutting down?
<MTecknology> namely - telling each server hosted on it to shut down before it goes down
<Andre_Gondim> anyone use landscape?
<superbrad> yeah, i print it all the time ;)
<superbrad> sounds like something i would be interested in though, what is it?
<Andre_Gondim> I got a landscape service for trial and since my last reboot I don't see any update at landscape page
<ScottK> Probably need some Canonical channel for that.
<ScottK> It's not supported in Ubuntu.
<mdeslaur> zul: I'm pushing openssl and apache2 to -proposed for all releases to fix CVE-2009-3555, fyi
<uvirtbot> mdeslaur: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the
<zul> mdeslaur: cool
<mdeslaur> zul: please let me know if anything explodes horribly with them
<zul> mdeslaur: dont worry i will use rfc 6660 - electric shock protocol :)
<mdeslaur> hah!
<uvirtbot> New bug: #620102 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/620102
<Insyte> I just tried to boot a -virtual install into single user mode.  It prompted me for the (nonexistent) root password.  Is that somethign specific to the -virtual initrd/kernel?  Normal installs give me a nice little menu and offers to drop me into a shell...
<superbrad> i have a question about setting up BIND on my server, the serverguide is a little confusing
<superbrad> i'm following the instructions at https://help.ubuntu.com/10.04/serverguide/C/dns-configuration.html
<superbrad> about 4/5 down the page, it says:
<superbrad> "
<superbrad> Next, on the Secondary Master, install the bind9 package the same way as on the Primary. Then edit the /etc/bind/named.conf.local and add the following declarations for the Forward and Reverse zones: "
<superbrad> this doesn't make sense.  i had to create files - obviously overwriting won't work to add the secondary master
<superbrad> so do i make new files for the secondary master or insert extra records at the end of the files i already created (e.g., db.mydomain.com)
<qman__> superbrad, a secondary master is a separate server
<qman__> so the files you already created would not exist on it
<qman__> if you only have one server, you only need the primary master configuration
<superbrad> i see ... my vps came with 2 IP addresses, I assumed I would use one for master and one for secondary master
<qman__> you can, but you don't need to configure it again
<qman__> the first configuration will listen on both
<qman__> well, provided it's configured to
<superbrad> do i need to mention the "slave zone" in the named.conf.local file?
<qman__> I didn't read through the whole guide so I don't know if it's binding to a specific address
<qman__> no, that's only for secondaries
<qman__> if you only have the one server, that part is skipped entirely
<superbrad> k
<superbrad> if you've got a minute, I'm a little stumped on the next part also
<qman__> sure
<superbrad> i recently got this vps and then got a domain name.  when i bought the domain name, i didn't have a spot to enter the IP address of my server.  how do i hook the domain to my IP?
<qman__> you will have to do that from the company where you registered it
<qman__> they should have a web portal where you can configure it
<qman__> if you want to resolve it yourself, you can have them delegate authority to your server
<qman__> most places offer the full DNS resolution though, so you wouldn't need to run BIND at all
<superbrad> all i can find in the domain area when I log in at my service provider is textboxes for four nameservers
<qman__> the only situation I can think of where resolving it yourself would be more advantageous is if you wanted to point subdomains to different IPs
<superbrad> yeah, probably won't be
<qman__> ok, looking at one of my domains
<qman__> when I go to the configuration I have two options
<superbrad> i'm using burst.net, in case that helps.
<qman__> "Update Name Servers" and "Register Name Server"
<qman__> to run your own DNS, you would click "Register Name Server", give it a name like ns1.yourdomain.com, and type in the IP
<qman__> if you want the registrar to host it for you, you would have to look elsewhere in the panel
<qman__> for mine, it'd be "register services for domains"
<superbrad> i'd be fine with whatever way is easiest ... i contacted them on their instant chat, but the guy told me with VPS servers I had to set up my own nameserver
<qman__> well, since you already went through setting up BIND, might as well just go with that
<superbrad> I don't have any of those options that you mention in my control panel
<qman__> is your domain registered through the same company your VPS is hosted by?
<superbrad> yeah
<qman__> well, somewhere there has to be an alternative option to just updating the name servers, which is what you are seeing
<qman__> I'd contact them and ask where you register a name server
<qman__> if they don't, they're missing a huge step in the DNS process
<superbrad> yeah, hopefully i get someone more than a sales guy this time ... not very impressed with burst.net so far, other than the price
<qman__> I've got domains through mydomain.com and byet
<qman__> both have been good so far
<qman__> mydomain has a better website, byet's are spread all over a bunch of them and sometimes kind of hoakey
<qman__> but they make up for it with good tech support
<superbrad> yeah, i'll keep that in mind next time.
<superbrad> i've used godaddy in the past, but they were a little too spendy for vps compared to other options
<qman__> I don't have a VPS through byet, just shared web hosting
<superbrad> i know they have that section very clear and easy to use in their control setup, i've used it before.
<qman__> and domains
<superbrad> thanks a billion for your help
<superbrad> much appreciated
<qman__> no problem
<uvirtbot> New bug: #620155 in samba (main) "package winbind 2:3.4.7~dfsg-1ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/620155
#ubuntu-server 2010-08-19
<Trixboxer> Hi
<Trixboxer> I cant boot in run level 1 fro ubuntu 10.04
<Trixboxer> actually its directly going to GUI
<Trixboxer> is there any way .. by which I can boot in grub and then change the runlevel
<Sonja> how do i see a list of all the apt-get installations? I think i installed two mail servers, exim and postfix, and i want to remove postfix.
<zash> Sonja: a list or a log?
<xgorg> Guys how to log in automaticly from a server?
<zash> Sonja: I would recomend aptitude
<Sonja> thanks. aptitude looks neat
<Sonja> wow a gui and everything
<zash> :)
<Sonja> clickable putty
<zash> you can do "aptitude search mail | grep ^i" to list installed mail-related packages
<uvirtbot> New bug: #620174 in postfix (main) "package postfix 2.6.5-3 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/620174
<Sonja> i'm trying to set up a mail server at 69.165.245.9
<Sonja> i think i configured my firewall proprely
<Sonja> one sec
<uvirtbot> New bug: #246190 in nmap (main) "nmap reports wrong service for port 9102" [Low,Triaged] https://launchpad.net/bugs/246190
<randomOfAmber> is there a good way to lock your session in a headless install without logging out?
<randomOfAmber> nevermind... found it (away or vlock)
<kandjar> hi there
<kandjar> I had to reboot my ubuntu server this morning, because the process table was flooded with root process running: /USR/BIN/CRON (all caps); does anyone know a possible reason? or has anyone seen that?
<mase_wk> hmm seems a bit odd
<clusty> hey
<clusty> how the hell does one move NTFS and EXT4 partitions around with sizes specified in sectors and not MBs
<clusty> parted does not support NTFS and asks me to flush the journal by hand before for ext4
<clusty> and gparted is stuck in MB
<RoAkSoAx> hallyn: /win 3
<RoAkSoAx> ups sry
<guest9876543210> Hi all !
<guest9876543210> could someone assist a stupid guy (not me ;) ) who has remove apt & aptitude from his server ?
<shauno> guest9876543210: that does sound awfully fun.  do you still have dpkg?
<clusty> :D can you do apt-get remove --purge apt ?
<clusty> this is fun :D
<guest9876543210> yeap, I think he still has dpkg installed (thanks for the answer shauno)
<hallyn> RoAkSoAx: hate when i do that :)
<guest9876543210> shauno : I'm looking for a .deb for apt, but I haven't find it yet
<pmatulis> guest9876543210: try aptitude
<guest9876543210> Of sure, it is a remove server and he doesn't have access to a physical CD-ROM
<guest9876543210> pmatulis : he has removed aptitude too :(
<pmatulis> guest9876543210: no, d/l aptitude package
<guest9876543210> a remote server .. sorry for mistype
<pmatulis> guest9876543210: and install it with dpkg
<shauno> guest9876543210: http://archive.ubuntu.com/ubuntu/pool/main/a/apt/     0.7.25.3  appears to be current on 10.04
<pmatulis> guest9876543210: not sure about any dependencies that may be missing
<guest9876543210> shauno & pmatulis : thanks for the help, I'll let him know the deb place :)
<shauno> guest9876543210: I might advise duct-taping his fingers together so he doesn't do that again :)
<clusty> guest9876543210: tell your "friend" to think twice and act once :D
<guest9876543210> Yeap, I'm pretty sure he has type a long command and didn't take care ...
<shauno> apt should throw up a warning demanding that he types "Yes, do as I say!".  That's usually a big red flag.
<shauno> (assuming he used apt to remove apt ..)
<guest9876543210> shauno : I don't know the exact command he typed, but for sure, it was crazy
<shauno> if he's managed to nuke dpkg as well, you may be interested to know that .deb are just archives that can be peeled apart with the 'ar' command.  you can piece things back together by hand, it's just not fun
<guest9876543210> shauno : I don't hink he removed dpkg has he has already tried to reinstall using it
<shauno> I didn't want to second-guess just how crazy crazy is :)
<guest9876543210> arg .. he just told me he's using Lenny and not Ubuntu ..
<shauno> you should be able to track it down with packages.debian.org and do the same thing
<guest9876543210> shauno : thanks, that's the URL I was looking for :)
<guest9876543210> Is someone here a bit used to vmbuilder ? (Virtual Machine)
<guest9876543210> (this is a question from me, this time)
<guest9876543210> So, in resume, I have installed a minimal Lucid server to run as a VM server
<guest9876543210> I have installed successfully the first VM (a Lucid i386) and I can start it
<guest9876543210> (I'm using a brdge network on the server)
<guest9876543210> but once, the VM Lucid is launched, I can't access anymore to the VM server using SSH
<guest9876543210> I have changed the SSH port of the LucidVM to 23, but I still can't access the VM-server ...
<guest9876543210> Has anyone a track, or I am missing completely something about VMs ?
<uvirtbot> New bug: #620243 in mysql-dfsg-5.1 (main) "package libmysqlclient16 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/libmysqlclient.so.16.0.0', which is also in package mysql-cluster-client-5.1 0:7.0.9-1ubuntu7" [Undecided,New] https://launchpad.net/bugs/620243
<superbrad> Question about DNS:  I've set up DNS according the Ubuntu server guide.  Do I need to do anything so that it propagates?
<ScottK> Need to tell your domain name registrar where the DNS server is.
<monokrome> I have a Ubuntu server that I have configured to have a static IP - but every few hours, it gets an IP over DHCP. My /etc/network/interfaces looks like this: http://dpaste.com/230918/
<monokrome> Any ideas?
<twb> monokrome: did you install this server using the Ubuntu Server CD, or by some other means?
<guest9876543210> #quit
<qman__> monokrome, have you run `sudo service networking restart` or rebooted the system since configuring it static?
<monokrome> qman__: It's been doing this for 2 months now.
<monokrome> And yes.
<monokrome> twb: I used the official installer.
<monokrome> and an official cd
<twb> You installed a server using the "desktop" or "alternate" CD?
<monokrome> Why would I install a server using a desktop CD?
<twb> Because you're an idiot
<monokrome> Well, I didn't.
<twb> If you didn't do something stupid, that's great, but I have to check for stupid things first
<monokrome> I used the Ubuntu Server distribution
<twb> Good-o.
<twb> Is there a dhclient process running right now?
<twb> Is Network Manager installed?
<monokrome> Just a second. It kicked me off because it changed it's IP again.
<monokrome> okay. Found it again.
<monokrome> Network manager isn't installed - unless that's a default.
<monokrome> There is a dhclient process running - which is weird since I uninstalled it :|
<twb> OK, so I guess the problem is that you changed it to static, then bounced the network -- but the network bounce script saw a static configuration, so didn't try to kill off the original dhclient process
<monokrome> bounced the network?
<twb> If I'm right, killing off dhclient, or rebooting the box, should be a permanent fix.
<monokrome> I've rebooted and it didn't fix it
<twb> "bounce the network" as in "sudo restart networking" or so.
<monokrome> after uninstalling dhclient
<monokrome> which means it's still there :|
<twb> Then how the hell did the process start
<twb> Unless you issued "shutdown -r now" but it didn't actually do so
<monokrome> I rebooted the server a few minutes after "remove --purge" completed
<monokrome> Proof:
<monokrome> http://dpaste.com/230938/
<twb> And did you try "which dhclient" after your spurious attempt to purge it?
<monokrome> I did that about 2 minutes ago.
<monokrome> I removed dhclient weeks ago.
<monokrome> and yes, I've rebooted since.
<twb> Because "dhclient" isn't a package.
<twb> it's either "isc-dhcp-client" or "dhcp3-client", depending on vintage
<monokrome> ugh. why were they both set to manually installed? :|
<twb> Because ALL packages in the base install are marked as manually installed, for hysterical reasons.
<monokrome> lol
<twb> Here is a dance I do to make most things markauto'd, immediately after install:
<twb> aptitude --schedule-only markauto ~E '~i!~M(~Rdepends:~i|~Rrecommends:~i)' && aptitude --schedule-only keep ~aremove && aptitude install
<monokrome> hmm
<MatthewM> Is this the right place to ask questions about Ubuntu Enterprise Cloud?
<alex88> morning guys..
<alex88> MatthewM: #ubuntu-cloud
<alex88> as you can see from https://wiki.ubuntu.com/IRC/ChannelList
<MatthewM> alex88: thanks
<alex88> np
<glick> hey quick question, reading the server docs for installing postfix
<glick> when it asks for a Root and postmaster mail recipient, does that have to be the username for an account on the system?
<glick> or what what should i set that to?
<sailerboy> hey, anyone rent a vps from thrustvps.com or damnvps.com?
<sailerboy> anyone at all?
<sailerboy> hey, anyone rent a vps from thrustvps.com or damnvps.com?
 * Pupeno is a happy Linode costumer.
<sailerboy> Pupeno, what virtualizaton do they use?
<sailerboy> xen or openvz?
<Pupeno> No idea, but I think they use xen.
<sailerboy> is it hvm or pv
 * mase_wk also uses Linode and is happy
<sailerboy> Linode is a bit out of my price range
<sailerboy> im happy with a less stable vps for cheaper
<sailerboy> im just having trouble with downloading the server edition to my vps
<sailerboy> i found out that the server i was downloading it from has a corrupt file
<kaushal> hi
<kaushal> is there a way to know from OS which Hardware RAID level has been configured on Ubuntu Server ?
<ivoks> depends on raid controller
<alex88> mdadm -D /dev/md0 ?
<ivoks> alex88: hardware raid
<Error404NotFound> how can i exclude a directory, say /var/log from aide?
<alex88> oh right...sorry :)
<glick> hey in the postfix configuration screen when asks for the limit on mailbox files, what should i put? what does it mean when it says "The upstream default is 51200000"
<mase_wk> glick it means that postfix shipped from postfix.org servers has a default value of 51200000
<glick> whats a good default for a website mase_wk
<mase_wk> website ? i thought you were installing postfix
<mase_wk> postfix is an SMTP server
<glick> mase_wk, yeah i am, its the mail end for a website, for sending confirmation emails, and getting contact emails, etc
<glick> for a django frontend
<kaushal> alex88: its a hardware raid controller and not a software controller
<alex88> kaushal: ivoks already told me :)
<alex88> so i don't know :)
<kaushal> 03:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 1078 (rev 04)
<kaushal> ivoks: 03:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 1078 (rev 04)
<glick> what should i set for a mailbox size limit?
<glick> ive never set up a postfix install before
<mase_wk> glick: well since i don't know anything about the amount of mail traffic for your site anything i give you is probably pointless
<mase_wk> you don't have to set a limit
<mase_wk> you can have unlimited
<mase_wk> if in doubt just accept upstream default
<alex88> glick: set something..when the disk is full erase all  mailboxes and set lower limit :)
<glick> i guess ill set it to half a gig
<kaushal> ivoks: do you need more info ?
<glick> it doesnt save sent email does it?
<glick> or sent email doesnt contribute to the mailbox size
<glick> only recieved email right?
<alex88> depends if you save sent mails
<alex88> if yes, yes...
<glick> alex88, oh, thats a config option?
<ivoks> kaushal: no :)
<ivoks> kaushal: there's megamgr management tool for those raid controllers
<glick> do i need to define a character for local adress extension?
<glick> im not even sure what that is
<ivoks> at least there was couple of years ago when i decided not to use LSI chips any more :)
<ivoks> kaushal: http://blog.irwan.name/?p=1440
<kaushal> ivoks: so i need to install it to get to know the RAID Controller ?
<kaushal> Raid Level ?
<ivoks> kaushal: yes
<alex88> glick: no, it's not a config..just user decide to save sent mails or not..it goes to mailbox too so the space is shared..
<ivoks> maybe it's possible to get this from the driver itself
<ivoks> i don't have LSI anywhere anymore, so I can't check
<glick> when it asks to specify the network blocks for which the host should relay mail, should i enter the ip address of the host?
<alex88> leave default
<alex88> btw https://help.ubuntu.com/10.04/serverguide/C/postfix.html
<glick> yeah thats what im reading alex88
<glick> alex88, wouldnt the network block by my ip/32?
<glick> by = be
<alex88> dunno.. i've left default
<alex88> and it worked
<ivoks> do you relay mail for others?
<alex88> don't think he needs that...btw, community docs are better https://help.ubuntu.com/community/PostfixBasicSetupHowto
<ivoks> courier?
<ivoks> doh...
<ivoks> stick with official docs :)
<alex88> well, the start was about postfix... :)
<alex88> yeah :)
<alex88> someone knows how can i put ubuntu iso into /boot and boot via grub for restore?
<eagles0513875> hey guys how can i find out what type of ram i have in my server with out taking it offline
<henkjan> eagles0513875: use dmidecode or lshw
<uvirtbot> New bug: #620330 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.3 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/620330
<rapha> Oh. What a netsplit.
<glick> should my CSR have a passphrase or no?
<alex88> glick: csr?
<glick> certificate signing request
<alex88> well...you should have a pass for everything :)
<alex88> for more security
<twb> Adding passwords doesn't necessarily improve security
<twb> e.g. if <user> has four passwords instead of one, they're more likely to write ALL FOUR on a postit note
<alex88> well..that's an example
<alex88> a windows logon without password has not more security
<twb> I've actually argued that making root's password the empty string is MORE secure than giving it a fixed password that nobody bothers to change
<twb> Since the null string can only be used from secure TTYs
<alex88> right.
<alex88> but if only one person remember a password is secure
<twb> Any password can be brute-forced in enough time
<alex88> right..but no one has years to brute-force a pass
<alex88> if it isn't a 4-char pass...
<alex88> that's not the case for most pass..
<twb> There's a nonzero probability that the any password can be brute-forced in O(1) time.
<twb> Since it could guess it right the very first try
<twb> Do you want to be that an attacker is never going to get lucky?
<twb> *to bet
<rapha> I need help, I just received warning from my hosting provider that an attack had been executed from my server. They sent a log of portscanning some IP addresses on port 21. I've asked my users if they did something like that and also ran rkhunter and chkrootkit, all of which came up wihout result. And there's not even nmap installed on the server. The hosting provider expects me to "solve the problem" and "report what countermeasures were taken" ... 
<alex88> twb: well.. i've never been so lucky.. :)
<alex88> and also brute-force is the last way
<maswan> twb: That's a rather silly argument, really. Any security protocol could be broken by a really lucky guess, most of the good ones make that sufficiently unlikely though.
<alex88> rapha: O.o Lol
<twb> maswan: I suppose that's true, when you consider that multi-factor authentication has to be digitized at some point, and the attacker could inject their brute-force guesses after that point
<maswan> that said, I only allow ssh key logins instead of passwords to the servers I run
<rapha> alex88: you find that funny?
<maswan> because those are way harder to guess than a password someone can remember
<twb> Right.
<alex88> rapha: really not..
<alex88> maswan: true
<maswan> (and it has the bonus that you get two-factor auth to get root access with a password to sudo)
<rapha> because i could really use a helping hand here ... I've no idea about how computer forensics work
<alex88> rapha: check on user logins at that time
<rapha> alex88: how? i only know how to check who's logged in right now...
<twb> rapha: key-based auth is already two-factor -- the passphrase (something you know) and the private key (something you have).
<rapha> twb: i'm sorry?
<twb> Sorry, bad completion
<rapha> oh k
<alex88> ask on these 2 guys talking in the background :) btw i think /var/log has it
<alex88> in some logs :)
<rapha> there's auth.log
<rapha> maybe that helps me
<rapha> but why would www-data be opening an closing sessions?
<twb> A good introduction to forensics is Venema's book
<twb> http://www.porcupine.org/forensics/forensic-discovery/
<alex88> www-data? maybe you've got hacked by web..
<alex88> *been
<rapha> hmmm
<twb> EVERY attack I've seen in the last decade has been via an insecure web app
<rapha> my own account and the "admin" account are opening and closing sessions all the time, too
<rapha> even though I don't rly use my own account at all
<twb> They might use a kernel vulnerability to escalate from www-data to root, but it's PHP they use to get their foot in the door.
<rapha> there's just a cron job running in it checking the response time of a website every 5 minutes
<alex88> that's yours?
<rapha> alex88: mine is called "rapha"
<alex88> the cron job..
<rapha> yes
<rapha> there's rly not much in /var/log/auth.log besides all the "opening session" and "closing session" chatter. not even failed login attempts.
<alex88> the root passwords of the accounts are the same?
<rapha> the root password is disabled; you can't log in as root - only through sudo.
<rapha> and only user "admin" is allowed to do so.
<alex88> and you never go into it?
<rapha> oh yes, i mostly use the "admin" account, and also use "sudo" quite regularly, e.g. to install updates
<jussi> Hei all. Ive  a small issue, I have a mail server that is not in use anymore, except for archival purposes. on the same machine is bugzilla. now bugzilla's mail is being sent with the mail server on that machine, not the external one I need it to. how do I fix thsi?
<rapha> twb: thx for the book ... i need some quick way though to find out who or what did those portscans yesterday evening, or the hosting provider will shut down the machine :(
<alex88> rapha: check the apache log for hack attempts
<rapha> alex88: not running apache but lighttpd ... let me check the logs anyway
<alex88> same thing
<alex88> search for some system commands like cd, ls, /tmp
<twb> If a machine is compromised, you should offline it anyway
<alex88> make a backup of logs, save on your pc and investigate there
<rapha> twb: i'm not sure it is compromised. both rootkit scanners came up empty.
<rapha> the backup is prolly a good idea tho.
<rapha> going to backup /etc and /home as well in case it needs setting up again
<alex88> rapha: also /var/lock/
<alex88> */var/log
<rapha> alex88: already backed that up when you first suggested it :)
<alex88> :) if you want give me apache logs and i make a qucik search
<rapha> for the time being maybe it would be a good idea to install a firewall that blocks everything from the inside to the outside except for the services that need to run
<alex88> *quick
<alex88> rapha: csf is a very good choise for me
<rapha> it's no prob, i can do the work if somebody tells me what to do :)
<rapha> why not ufw alex88? any specific reason?
<alex88> also has a intrusion detector..
<alex88> rapha: more advanced features, also checks for suspicious process and send mail warnings
<rapha> k
 * rapha 'll check it out
<rapha> hmmm backup of the home dirs will naturally take some time ... couple hundred gigs
<alex88> rapha: which web apps do you have on?
<alex88> rapha: http://www.sans.org/reading_room/whitepapers/logging/detecting-attacks-web-applications-log-files_2074
<sherr> jussi: Check the bugzilla "administration" pages (log in as a user with "admin" rights). There's an "email" page, with a setting for "smtpserver".
<jussi> sherr: thanks a lot, Ill go look there.
<rapha> alex88: one custom-built site that is in the process of being replaced by a Contao based one. One Joomla-based site, that will also switch to Contao in the near future. Loads of Redaxo sites. Postfix-Admin. RoundCubeMail. Those should be about it.
<alex88> well...custom-built maybe
<alex88> can you give me address?
<rapha> alex88: yeah its pretty badly made thats why we're replacing it
<alex88> i'll take as a no :)
<rapha> oh ofc sry missed that .., www.overcross.de
<alex88> uh..nice site :)
<rapha> well, yeah, the design. the rest - not so much.
<kaushal> hi
<kaushal> if i provide access to a server and there if i want to block access to the internal lan machines ?
<kaushal> how can it be done using ufw ?
<kaushal> I mean block the user to access all the hosts in the internal LAN
<alex88> rapha: it's sql vulnerable
<glen1> hey
<alex88> hi
<glick> what do i set the host name of the postfix, when its on the same machine as the webserver?
<glick> set it to anything?
<glick> or the actual hostname?
<alex88> it's better to a fqdn
<qman__> you set it to what you want to receive mail for
<rapha> alex88: i was afraid so :-( ... can you /msg me where?
<glick> soo....made_up_name.fqdn
<glick> even if the phsyical host its on is named 43o5u7
<qman__> UFW isn't ideal for servers like that
<qman__> it's a great easy-setup tool for desktops and low profile servers, but you're really missing a lot of things by using it
<qman__> for example, the outgoing port scans could have been prevented entirely by a well-written firewall
<uvirtbot> New bug: #620382 in samba (main) "smbmount allows mounting the same ressource multiple times on the same mountpoint" [Undecided,New] https://launchpad.net/bugs/620382
<glick> root@localhost:/etc/postgresql/8.4/main# service restart postgresql-8.4
<glick> restart: unrecognized service
<glick> isnt that correct name for postgresql?
<alvin> glick: It is, but the command is # service postgresql-8.4 restart
<glick> riiiiight
<glick> im an idio
<alex88> rapha: check pm
<glick> hmm it says i cant put aliases into httpd.conf
<glick> where should i put them then?
<tschundeee> hey anyone knows if there is a way to install ubuntu on a pgpdesktop encrypted harddrive?
<Ose>  so I just installed 10.04.1 server edition and googled a way to add a gui ( sudo aptitude install x-window-system-core gnome + sudo aptitude install gdm). However, the instructions there as to actually running the gui won't work. Help?
<g0rd0n> gui? on a server?
<Ose> just a little home server experiment
<g0rd0n> Ose: have you tried via tasksel?
<g0rd0n> run tasksel and select "Ubuntu desktop"
<g0rd0n> it should install everything you need and get the gui going
<hj> i've got a question about ubuntu server, sometimes it doesn't respond for a minute or so.. i can't find anything about it in the log files. what should I check next?
<Ose> Actually it worked after a revoot
<Ose> Reboot*
<alex88> g0rd0n: and after having desktop? remote connect to desktop?
<wastl> hj: faulty network driver?
<wastl> did you try adifferent network adaptor?
<hj> i've got a question about ubuntu server, sometimes it doesn't respond for a minute or so.. i can't find anything about it in the log files. what should I check next?
<jpds> Graps.
<jpds> Graphs*
<wastl> hj: try a diffferent network adaptor?
<hj> do you mean replacing the NIC?
<g0rd0n> alex88: i never tried remote connecting to a desktop, i just use headless servers :P
<g0rd0n> hj: could be an hd issue as well, although you should see errors about that
<hj> no, it's a virtual machine, and the ubuntu host server doesn't give any errors either
<hj> the 'downtime' is very random, so it's hard to test something.
<hj> downtime is like a minute max, at the moment i don't know if other VM's aren't reachable too
<noname> gi there
<xampart> gi
<alex88> g0rd0n: me too...but i've just asked what you can do then
<g0rd0n> alex88: well via rdp or similar you surely can take complete control over the gui remotely
<g0rd0n> btw i seem to be having some problems respawning the console to my ttyS0 via upstart, the login prompt doesn't show up in the serial console
<alex88> right.. but i prefer command line :)
<g0rd0n> yeh me too
<alex88> btw, have you heard that on semptember will be released lots of 0day? i think it's gonna be a hot september :)
<g0rd0n> in my /etc/event.d/tty file i have respawn exec /sbin/getty 57600 ttyS0
<g0rd0n> alex88: oh well, will just bit a little bit of aptitude commands then :)
<alex88> update every 3 hours? :) btw, i've seen they release microsoft, apple, adobe stuff..
<alex88> excel, ie, microsoft codecs and cpan will be exploited..
<wastl> argh
<wastl> so may evil words on one pile insid a linux channel
<wastl> shame on you
<wastl> *g*
<alex88> sorry :)
<g0rd0n> :P
<g0rd0n> i hate apple, adobe and oracle way more than microsoft nowadays
<alex88> me too..maybe adobe is safe..but apple...bleah..
 * wastl recently banned his Mac from his office desk...now there is only a linux box left
 * alex88 likes wastl office
<jdstrand> ufw supports egress filtering btw
<wastl> now there is just one winsucks pc in out office and the rest is linux
<jdstrand> not to mention, you can add any rules you want with the ufw framework, so if you are iptables aware, just edit /etc/ufw/*rules
<wastl> unfortunately we  need that one for rdesktopping  to it to use some business related apps that won't run in wine :/
<jdstrand> qman__: ^ if there are issues running ufw in production environments for bastion hosts, please file bugs
<uvirtbot> New bug: #620428 in unixodbc (main) "unixodbc-dev: 64bit typedefs don't work" [Undecided,New] https://launchpad.net/bugs/620428
<joe-mac1> if i put a new upstart job in /etc/event.d on hardy, how do i make initctl recognize it?
<joe-mac1> initctl list does not show it
<joe-mac1> anybody, at all?
<uvirtbot> New bug: #620441 in mysql-dfsg-5.1 (main) "MySQL upstart stop job does not cleanly shutdown mysql" [Undecided,New] https://launchpad.net/bugs/620441
 * zul shakes his fist at mysql and upstart
<Egonis> I need to use a static IP for my ppp0 interface, and can't seem to find any howto's. I'm using Ubuntu Server 10.04
<joe-mac1> anybody else think replacing init in -server was a stupid idea?
<alvin> To be honest, I do
<Egonis> Does anyone have any pointers on using a static ip with ppp0 using pppoeconf?
<g0rd0n> joe-mac1: replacing init?
<joe-mac1> g0rd0n: yes, with upstart
<g0rd0n> oh you mean this upstart thing
<joe-mac1> for my sub ten secfond boot times on servers i reboot once a quarter
<joe-mac1> real awesome
<g0rd0n> heh i am having trouble getting my freakin serial console to work with upstart
<joe-mac1> duide
<joe-mac1> same here
<joe-mac1> in 10.04 i can
<joe-mac1> in 8.04, having no luck
<joe-mac1> i need this to work for the VPS on HP boxes
<g0rd0n> uh? i am running 10.04 with upstart and the respawn on ttyS0 just doesnt work
<g0rd0n> i cannot login via serial console
<joe-mac1> i ddi initctl reload-configuration on 10.04 and it started working fine
<g0rd0n> does not help here
<g0rd0n> also, if i type 'initctl start ttyS0'
<g0rd0n> i get 'initctl: Unknown job: ttyS0'
<g0rd0n> it's a fujitsu server with iRMC S2... only thing that works are the kernel messages... but not even grub does show up for some reason
<sherr> g0rd0n: "Unknown job" is just a missing /etc/init/ttyS0.conf isn't it?
<joe-mac1> g0rd0n: well you need to make the job
<joe-mac1> did you make the job?
<joe-mac1> my problem is it doesn't see the job after i make it on 8.04
<joe-mac1> i get unknown job, even though it's clearly there
<g0rd0n> sherr: ehm yeh i dont have that file... *embarassed*
<g0rd0n> my debian 5.0 server doesnt have that either... will need to google then
<joe-mac1> it's just like the tty1 file
<joe-mac1> but you use your com port instead
<joe-mac1> not rocket science, point is, in 8.04 apparentlt upstart is something like a beta
<g0rd0n> joe-mac1: oh so why is there /etc/init/tty1.conf AND /etc/events.d/tty1?
<joe-mac1> g0rd0n: you did an in place upgrade from 8.04 to 10.04
<g0rd0n> yes :(
<joe-mac1> and the upgrade script didn't remove events.d
<joe-mac1> which is now obselete
<g0rd0n> really
<g0rd0n> oh for fucks sake
<joe-mac1> yes /etc/init is the place
<g0rd0n> lol
<joe-mac1> i have this working fien on 10.04, can somebody tell me how on 8.04 to get upstart to recognize new jobvs wiuthout rebooting?
<g0rd0n> sorry cant help you on that
<g0rd0n> yay, respawn works now :)
<g0rd0n> i wonder why upgrade didnt migrate my events.d/ttyS0 file but whatever
<joe-mac1> g0rd0n: so you had this owrking on 8.04?
<joe-mac1> did you have to reboot to gegt it to work?
<g0rd0n> joe-mac1: tbh i am not so so sure if it worked, but i suppose it did since 8.04 minimal came with the server
<sherr> g0rd0n: Debian doesn't use upstart. Ubuntu 10.04 does - it is replacing sys-V init scripts. See : http://upstart.ubuntu.com/getting-started.html
<sherr> + man init
<g0rd0n> joe-mac1: want me to paste my old /etc/event.d/ttyS0 file?
<g0rd0n> s/paste/pastebin
<g0rd0n> or pm
<g0rd0n> btw i have these two lines in /boot/grub/menu.lst (still using grub1) which are 'serial --unit=0 --speed=57600' and 'terminal serial' however i still don't see grub in the serial console... any ideas as to why?
<g0rd0n> btw i have a real problem with the video redirection, i suppose it has to do something with the framebuffer... while booting i see text normally, but at a certain point something changes and i just see garbage. i tried putting vga=normal kernel parameter, but it didnt help. any clues on this one?
<g0rd0n> didnt have this problem on 8.04, seems to be new to 10.04
<g0rd0n> is also the reason why i couldn't freshly install 10.04 with remote media, cause the screen becomes broken...
<_ruben> i guess plymouth is to blame for that
<_ruben> and/or kms
<g0rd0n> i seem to have plymouth... can i safelly uninstall it?
<_ruben> dunno, havent really looked into it
<g0rd0n> looks like i cannot... oh well... not so important now, as long as i get grub to display on serial i am happy
<alvin> g0rd0n: You can't. It's tightly bound to upstart
<joe-mac1> ubuntu 8.04 also uses upstart
<joe-mac1> the very beginnings of it actually
<joe-mac1> inittab is gone
<joe-mac1> absolutely infuriating
<alvin> yes, but in compatibility mode
<g0rd0n> it sucks i cant clean install 10.04
<joe-mac1> alvin: do you know an 8.04/10.04 agnostic way to reload upstart jobs?
<joe-mac1> the docs are wrong
<joe-mac1> sending SIGHUP to init doesn't do it
<joe-mac1> on 10.04 it seems initctl reload-configuration works
<alvin> It seems to change every release and is different for different services. There's $ sudo reload/restart <service> and $ sudo <service> reload/restart
<g0rd0n> heh
<g0rd0n> i noticed that on a clean isntalled 10.04 the /etc/motd file contains some useful info... how can i get that on my upgraded 10.04 system?
<alvin> No, I meant sudo service <service> reload/restart
<joe-mac1> no i added a new job
<joe-mac1> to start serial console on ttyS0 and ttyS1
<joe-mac1> says unrecognized job on 8.04
<joe-mac1> OMFG
<joe-mac1> you've gotta be kidding me
<joe-mac1> the jobs for some reason in 8.04 can't be arbitrarily-named
<joe-mac1> mine wasn amed serial-consoles
<joe-mac1> changed it to ttyS0 and it worked
<uvirtbot> New bug: #620460 in net-snmp (main) "snmpd didn't support diskpartitions larger than 2TB" [Undecided,New] https://launchpad.net/bugs/620460
<g0rd0n> joe-mac1: haha!
<smoser> RoAkSoAx, ping
<smoser> http://uec-images.ubuntu.com/.manifest-daily and http://uec-images.ubuntu.com/.manifest are available.
<RoAkSoAx> smoser: pong
<RoAkSoAx> smoser: awesome
<smoser> so, our goal is to have this in and functional by next thursday.
<smoser> as i said, i was expecting to do this myself(ish), so if you are planning on doing it, then please let me knwo what i can do to help.
<joe-mac1> thank god i have puppe to handle this across all 80 or so boxes
<joe-mac1> anyways, see ya, upstart sucks
<smoser> not trying to add pressure at all, but rather to say, if you can't do it, just say so and I will, RoAkSoAx
<RoAkSoAx> smoser: well I'm planning to do the initial integration so that everything is showed in the UIs. Once that';s done, syncing will be easy. What would require more tweaking would be preparing the image and running in with kvm
<RoAkSoAx> smoser: btw... is this something that you are looking for to have in testdrive-gtk or in testdrive-cli
<smoser> well, ideally both.
<smoser> i was expecting only -cli at the beginning.
<smoser> i would have thought that having support in cli was a precursor to having support in -gtk
<RoAkSoAx> smoser: that's what we can do. First work on the cli, and then I'll work on getting it on the GTK
<smoser> RoAkSoAx, ok... so i'm not perfectly clear, sorry for being dense. what do you / will you need from me ?
<RoAkSoAx> smoser: for now just how to prepare the .tar.gz to be able to launch it with kvm. And off course everything necessary to be to KVM to launch it (or if it's just a single 'kvm etc etc' command, an example one)
<b0gatyr> Greetings
<RoAkSoAx> s/be to/prepare
<smoser> RoAkSoAx, see the final comment in https://bugs.launchpad.net/ubuntu/+source/testdrive/+bug/619974
<uvirtbot> Launchpad bug 619974 in testdrive "[FFE] testdrive should support booting uec images" [Wishlist,In progress]
<smoser> and let me know if that isn't enough
<RoAkSoAx> smoser: that's enough. If I have something else I'll let you know
<iulian> soren: Hi.  I'm currently looking at bug#620367.
<iulian> You're talking about http://swift.openstack.org/, right?
<iulian> A short description about this package would have been nice to see in the bug report.
<iulian> soren: Can you find an archive admin to process it?
<Kaelten> how can I tell what apt-key I need for a given package?
<Egonis> I'm trying to assign a static IP on my PPPoE connection using Ubuntu Server 10.04 -- how would I go about doing this? I can see in /etc/ppp/peers/dsl-provider that there is a setting called 'noipdefault', which tells me I can do this somehow. I cannot find any useful HOWTO's anywhere, unfortunately
<aljosa> what do you use for timezone when you setup an image for amazon or when you don't know timezone that will be used? UTC or something else?
<Pupeno> Unnatended upgrades on my ubuntu server are just not happening, any ideas what might be the issue?
<sherr> Pupeno: Check the logs? e.g. /var/log/apt ? How's it supposed to work - cron job? Check jobs?
<Pupeno> sherr: It's using unnatended upgrades: https://help.ubuntu.com/10.04/serverguide/C/automatic-updates.html
<Pupeno> sherr: I don't see anything on /var/log/apt/* that is relevant... I might be missing something though.
<sherr> So, nothing logged in /var/log/unattended-upgrades ?
<daniele9821> salve a tutti
<guntbert> !it
<ubottu> Vai su #ubuntu-it se vuoi parlare in italiano, in questo canale usiamo solo l'inglese. Grazie! (per entrare, scrivi Â« /join #ubuntu-it Â» senza virgolette)
<daniele9821> sorry, hello all
<guntbert> !hi | daniele9821
<ubottu> daniele9821: Hi! Welcome to #ubuntu-server! Feel free to ask questions and help people out. The channel guidelines are at https://wiki.ubuntu.com/IRC/Guidelines . Enjoy your stay!
<daniele9821> i search a bit of information according to SNMP. I've an HP MSA2324sa Cluster and i've seen in configuration there's SNMP where i can set the ip address. I want now configure a server to receive the snmp trap sent by HP ( i don't want sent trap to hp but i want only receive), it's possible??
<jetsaredim> anyone know what the current state of xen support is?
<qwe> Can anyone give me proper details about using SpamAssasin??
<qwe> Can anyone give me proper details about using SpamAssasin??
<guntbert> there are people without any patience ...
<SpamapS> guntbert: he was very patient.. he waited *2* minutes.
<guntbert> SpamapS: and didn't ask every 30 seconds ... you are right :)
<SpamapS> guntbert: maybe if he had asked 3 or 4 more times in his 2 minutes, he'd have gotten a response.. but.. we can't cater to lazy people who only ask once per minute.
<guntbert> you convinced me - I'll keep that in mind for dealing with my next problem
<qman__> I'm having a problem with zoneminder on ubuntu 9.10, tried posting on their forum but got no response
<qman__> the problem is that the ajax video control buttons aren't working
<qman__> it records just fine, and playback works
<qman__> but you can't skip around, fast forward, or rewind
<erichammond> qman__: Ubuntu 10.04 has a newer version of zoneminder.  Don't know if it might fix your issues.
<qman__> thanks, but I'm not sure if I want to open that can of worms just yet
<qman__> I don't have local access
<erichammond> qman__: I just upgraded my zoneminder server from 9.10 to 10.04 remotely last night with no problems.
<soren> iulian: I'm sure I can once I get around to uploading it.
<erichammond> qman__: Also, I've found that the zoneminder web UI only works for me on Firefox, and not Chromium.
<qman__> well, the local firefox doesn't work either, but I haven't tried firefox on windows
<qman__> don't have firefox installed on this desktop
<qman__> yeah, it's doing the same thing, firefox on windows
<qman__> alright then, I guess I'll try upgrading
<qman__> but I'll need to go make a backup first
<qman__> not risking it
<qman__> thanks for the tip
<alex88> if i have created a deb file, and want to upload to ppa for the first time..what should i do?
<alex88> i've created ppa etc
<Friar> anyone here at all familiar with openvpn? I'm having some trouble getting my vpn connection going.
<alex88> Friar: tell me
<Friar> here is my log...I have no idea what it means: http://paste.ubuntu.com/480568/
<Friar> I have a server running and I downloaded the 2 certificate files, a key file, and a config file from the server as per the instructions. I've loaded them into kvpnc, but for some reason it isn't connecting.
<alex88> O.o what are you running? openvpn? ubuntu?
<alex88> look at the server guide
<Friar> alex88, the disconnect request was something that I did.
<Friar> I'm running ubuntu on the client.
<alex88> and on the server?
<Friar> my server is running clearOS. another linux distro...
<Friar> so this might be the wrong place, but I need some openvpn schooling...
<alex88> well..i've followed the server guide and it works fine..try to look at it and configure fine the server..because the oepnvpn software is the same
<Friar> I see....is the server guide on ubuntuforums?
<alex88> w8 a sec
<alex88> https://help.ubuntu.com/10.04/serverguide/C/openvpn.html
<Friar> haha, i just found it right as you sent the link.
<Friar> I'm going to read and learn!!!
<guntbert> Friar: and if you forget/loose the link just ask ubottu: !serverguide
<Friar> thanks guntbert
<guntbert> Friar: no problem :) have fun!
<pmatulis> SpamapS: re old-style partition nomenclature, it's to avoid having to deal with uuid conflicts on a restored system (from non-image backup)
<pmatulis> SpamapS: of course we have bug #499483
<uvirtbot> Launchpad bug 499483 in grub2 "/etc/default/grub cannot disable use of UUID" [Undecided,Confirmed] https://launchpad.net/bugs/499483
<alex88> guntbert: is there a command list for ubottu?
<guntbert> !brain | alex88
<hggdh> kirkland: interesting: I am running a long term on r1232, and I am not seeing that many errors, in fact, pretty good -- so far --, 470 instances started, 21 failures
<ubottu> alex88: Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://ubottu.com/factoids.cgi - Usage info: http://wiki.ubuntu.com/IRC/Bots
<guntbert> alex88: yes :)
<alex88> thank you :)
<qman__> Friar, yeah, that's pretty badly misconfigured somewhere, if you still need help, pastebin your server and client side config files
<Friar> qman_, I'll do that...I just need to find them.
<Friar> qman_, I have two files in /etc/openvpn on my client. one is .conf, and the other is .ovpn
<qman__> I think the linux client uses the .conf one
<qman__> windows clients use the .ovpn one
<Patrickdk> I thought the linux one uses both
<Patrickdk> the windows gui will only use .ovpn though
<qman__> the linux client might use both, but there should only be one configuration file for the client
<alex88> linux uses which one you select.. :)
<Patrickdk> if you use the *full* name :)
<Friar> Well, I told it the .ovpn one....it is called server.neezer.poweredbyclear.com.ovpn
<Patrickdk> init.d script only uses .conf
<SpamapS> pmatulis: but.. preseed.. ?
<Friar> here is the paste bin of the client .ovpn file  http://paste.ubuntu.com/480580/
<pmatulis> SpamapS: sorry?
<SpamapS> pmatulis: for grub yeah, I can see where you need to be able to distinguish for booting purposes... but once you're booted.. tune2fs /dev/X -U random works. ;)
<SpamapS> pmatulis: the UUID vs. device location question
<SpamapS> pmatulis: your original context was preseed
<pmatulis> SpamapS: yes, preseed creates fstab essentially, and that file will conflict on a restored system
<pmatulis> SpamapS: so the point is not to have to use tune2fs and edit fstab
<pmatulis> SpamapS: actually, just discovering the new uuids and editing fstab, why you say to create new uuids with tune2fs?
<alex88> does the gpg key stored in home dir?
<iulian> soren: Alrighty.
<Friar> I'm having a real hard time finding my server config file as it is not an ubuntu machine. does it have to be in etc/openvpn/?
<soren> iulian: Why do you ask, btw?
<alex88> Friar: in ubuntu..yes...
<Friar> haha thanks alex88. I'll keep looking. does there look like anything is wrong with my client config? or can you not tell unless you see the server config as well.
<alex88> there are no particular errors there.. :)
<iulian> soren: Hm, ask what?
<Friar> on my server i have a clients.conf file in /etc/openvpn....could that be in?
<Friar> *it?
<iulian> soren: You mean the last question I addressed to you?
<alex88> it's clients.conf not server.. :)
<alex88> if you look in man openvpn maybe there's the default config file
<Friar> ah...ok. so clients.conf is the config file for the server?
<iulian> soren: If that is what you meant, it is because as far as I know the archive admins don't really have the necessary time to review new packages once we are in FF.
<Friar> here is my clients.conf from my server in /etc/openvpn: http://paste.ubuntu.com/480591/
<yonahw> I want to add a new user to my server with admin rights to use instead of root. I don't have an admin group though. Is this normal? What should I be doing instead? Links to documentation would suffice.
<soren> iulian: ah, right, ok.
<soren> iulian: Yeah, don't worry about it. I'll pull a few strings.
<iulian> soren: Awesome. :)
<guntbert> yonahw: what system do you have?
<yonahw> guntbert: ubuntu-server 10.04
<MTecknology> Any of you set up mailman with nginx?
<guntbert> yonahw: usually there  is an admin and an adm group, any administrative user should be member of those two to be able to use sudo, but you can go the "old linux way" too
<yonahw> guntbert: I have an adm group but not an admin group. would it suffice to add to the adm group? what would the "old linux way" be?
<MTecknology> I have everything working except the nginx part - had it on apache but I'm pretty sick of Microsoft (err.. I mean Apache)..
<guntbert> yonahw: old way: use sudo visudo to add a line to /etc/sudoers, like:  admuser    ALL=(ALL) ALL
<yonahw> guntbert: would admuser in this case by my new user's login?
<qman__> yonahw, you can add the "adm" group to sudoers in the same way, or create an "admin" or other group and add it
<qman__> or add individual users
<guntbert> yonahw: yes, thats what I meant
<yonahw> guntbert: thanks for your help
<guntbert> yonahw: you're welcome :-)
<worldsayshi> I've previously set up lamp on my home server and now I try to get my head around php. But I have some trouble understanding the thought behind the default ownership settings. The var/www folder is set to be owned by root. Is that really right? Shouldn't the web content be owned by the same process that is running the lamp server? Hmm... That would allow the web server to edit the web content though. That might not be how it is int
<ewook> worldsayshi: well, check what user apache is running under and you'll see.
<worldsayshi> wow, seems I have 8 apache processes running :S
<shauno> I believe /var/www defaults to root:root, and apache as www-data.  It seems like a safe/sane default, but not sure what best practice on changing it is
<worldsayshi> I guess that if I'm going to run an sql server the apache server needs write permissions to the data base. But maybe it only needs it for the database itself
<worldsayshi> My web server is run by www-data
<shauno> that'll depend what database you're using.  SQL for example, handles authentication when a process connects to it, rather than thru filesystem permissions
<qman__> exactly, the directory is root-owned so that the web server can't modify it by default
<qman__> if you want to allow it to edit certain files or directories, you must change the permissions on them
<worldsayshi> Guess thats a good idea?
<worldsayshi> seems sensical
<worldsayshi> shauno: But I assume the process connecting to the database must still have write access to it
<worldsayshi> ...If it wants to modify
<qman__> database access is handled by the database
<qman__> see mysql authentication
<worldsayshi> aha, so the database is run as a separate process?
<qman__> it's handled over either local unix sockets or IP
<qman__> yes, the database server is separate
<worldsayshi> okok. Thanks!
<qman__> PHP does not modify files directly to write to the database
<worldsayshi> I see
<RoyK> worldsayshi: create a database user with something like "GRANT ALL on thisdb.thistable TO thisuser IDENTIFIEDÂ BYÂ "thispassword"
<RoyK> or even
<RoyK> worldsayshi: create a database user with something like "GRANT ALL on thisdb.thistable TO thisuser@localhost IDENTIFIEDÂ BYÂ "thispassword"
<RoyK> then connect to the db with that user and password
<veenenen> worldsayshi: As for the ownership stuff for /var/www. I'd advise keeping it as root. That way the default is for www-data not to have write access to any folders that are visible to the outside world. However, when you want to allow php to write files to /var/www you can change the ownership of individual folders. Just make sure you're not writing the file to the server with execute permissions. If you need a place to write temporary files, there's a
<shauno> it's a sensible default for a reason.  I believe forums being able to write to the same files they're executing is the leading cause of buggy forums turning into system vulnerabilities
<JasonMSP> i need help configuring VSFTPD  I have multiple sites with multiple users.  I want multiple users to be constrained to their /srv/www/theirwebsite folder.
<JasonMSP> (with ftp access)
<uvirtbot> New bug: #620674 in apache2 (main) "package apache2-mpm-worker 2.2.14-5ubuntu8 failed to install/upgrade: el paquete apache2-mpm-worker ya estÃ¡ instalado y configurado" [Undecided,New] https://launchpad.net/bugs/620674
<JasonMSP> users won't have shell access.  only ftp so no need for home directories or any other access other than their webfolder.
<shauno> JasonMSP: if that's the only access they require, I'd be tempted to set that as their home directory.  then chroot_local_user=YES in vsftpd.conf is all that's needed
<JasonMSP> shauno:  Maybe there is a better solution out there then VSFTPD for me but I haven't seen anything.  i've created a group ftpusers.  They don't have shell access and I've tuyrned on chroot_local_users and list_enable
<qman__> there is a better solution, SFTP
<JasonMSP> shauno: i set their local directories as such, but they are able to cd .. up.  Ie they are not locked into their home folde, thats just where they start out
<qman__> with match blocks and chrootdirectory, you could simply add new users to the group and be done with it
<qman__> and eliminate usage of the outdated, insecure, and cumbersome FTP, two birds with one stone
<JasonMSP> qman: can you point me to a good setup page?
<qman__> http://www.debian-administration.org/articles/590
<qman__> though I would skip the part where he sets their home directory to "/"
<qman__> switch "/home/%u" with "/srv/www/%u"
<penllawen> hey channel
<penllawen> I have a problem with Screen permissions on a freshly build 10.04 machine, if anyone could help?
<JasonMSP> qman:  switching to www/%u though would only allow one user and their name would have to be the same as the webfolder wouldn't it?
<qman__> JamesHarrison, it would, I think there's an equivalent variable for $HOME if you want to use that instaed
<qman__> instead*
<qman__> probably %h but I need to look it up
<qman__> yep, %h is their complete home directory
<JasonMSP> thanks..
<qman__> so you could just do "ChrootDirectory %h" and then set their home to their folder
<qman__> the new built in features make this FAR easier than it used to be
<JasonMSP> qman: so for every client that needs to upload files to their site, I would only need to create them with adduser and set their homedirectory correctly.  I'd like to make sure they are locked out of the rest of the server as well.  With VSFTPD I had created a ftpuser group and only those users could ftp in.  Is there a way to do this with SFTP?
<qman__> JasonMSP, yes, it works the same way
<qman__> the "Match group sftponly" part is for that purpose
<qman__> add the user to that group, and then they are only allowed to sftp, and only to their home directory
<qman__> if you want, just change "sftponly" to your existing group, "ftpuser"
<JasonMSP> qman:  thanks!  I need to head out.  Im sure ill have more questions later.
<hggdh> kirkland: can you please have a look at bug 619843? I am not sure this is an Eucalyptus issue anymore
<uvirtbot> Launchpad bug 619843 in eucalyptus "euca-get-console-output returns one single line" [High,Confirmed] https://launchpad.net/bugs/619843
<Andre_Gondim> does any one knows how to solve this problem? http://paste.ubuntu.com/480650/
<qman__> Andre_Gondim, update-grub is missing
<qman__> you can either download it manually from the package, or create an empty script to make it happy
<qman__> if you do the latter, I suggest reinstalling grub and everything related, though
<qman__> or copy it from another system running the same version
<Andre_Gondim> thanks qman__
<Andre_Gondim> qman__, if I reboot my system, the system will crash?
<qman__> Andre_Gondim, only if grub is currently in a broken state
<qman__> update-grub being missing means that it can't update it with new information
<Andre_Gondim> how I could check this?
<qman__> the easiest way is by rebooting and finding out
<qman__> but don't do that unless you have a live CD handy
<Andre_Gondim> so complicated to me, my server is in other location and if I reboot with CD don't have wireless and ssh automaticaly
<qman__> while it's not a guarantee, check to make sure that /boot/grub/menu.lst (grub1) or /etc/default/grub (grub2) has sane settings, and that /boot/grub exists
<qman__> and that there are kernels and initramfs files in /boot
<Andre_Gondim> qman__, yes, there is kernels and /etc/default/gub
<worldsayshi> what is the name of the process that is the svn server?
<worldsayshi> trying to figure out what permissions my svn server has
<worldsayshi> and what user is running it
<SpamapS> soren: I seem to recall you had some experience with glusterfs... any chance you're around?
#ubuntu-server 2010-08-20
<SpamapS> wow.. gluster.. really sucks in per-char io mode
<robertpayne> Will a *.domain.com dns record catch www.domain.com as well? I noticed my old host automatically added a dns record for www.domain.com on top of the *.domain.com was curious if any reason for it
<smw> * should include www
<robertpayne> smw: I figured as much just unsure why host added it as a seperate entry..
<robertpayne> thx :)
<uvirtbot> New bug: #620792 in bacula (main) "package bacula-director-mysql 2.4.2-1ubuntu6 failed to install/upgrade: le sous-processus post-installation script a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/620792
<kakis> hello
<smw> !hi | kakis
<ubottu> kakis: Hi! Welcome to #ubuntu-server! Feel free to ask questions and help people out. The channel guidelines are at https://wiki.ubuntu.com/IRC/Guidelines . Enjoy your stay!
<smw> lol
<kirkland> hggdh: i'm merging 1232 now
<kirkland> hggdh: make that 1233
<hggdh> kirkland: I tried, but got stuck on how to create the package from the bzr
<pmatulis> how can i find out what package created a specific group?
<pmatulis> the group is 'ssl-cert'
<pmatulis> ssl-cert package?
<kirkland> hggdh: let me show you ...
<hggdh> pmatulis: how to find a group... I do not know, it is probably being created on a post-install. But ssl-cert as a package is a nice bet
<kirkland> hggdh: http://bazaar.launchpad.net/~ubuntu-virt/ubuntu/maverick/eucalyptus/2.0/annotate/head:/debian/README.ubuntu-merging
<kirkland> hggdh: that doc tells you everything you need to know :-)
<kirkland> hggdh: you can copy and paste those commands almost verbatim
<hggdh> kirkland: thanks. Next time I hope I will be able to gwt it done on my own, and free you folks
<kirkland> hggdh: and I have uploaded ../eucalyptus_2.0~bzr1233-0ubuntu1_source.changes now
<kirkland> hggdh: heh, we're here to help one another
<hggdh> kirkland: exactly. I need to do my part of 'helping one another' ;-)
<kirkland> hggdh: oh, BS ... you're kicking butt and taking names
 * hggdh blushes
<kirkland> hggdh: anything else you need from me?
<kirkland> hggdh: i'm about to call it an evening
<hggdh> kirkland: go for it
<allquixotic> Is there any tool I can use (preferably, graphical or web based) that will make bridged networking slightly less of a messy hassle for KVM guests? I always end up breaking my host's networking whenever I mess with brctl etc, and that's a royal pain because I don't have physical access to the box (it's hosted).
<ryanakca> ScottK: Finally got a CD image that a) existed and b) worked. It's installed, I'll tinker with Kolab tomorrow night or Saturday.
<ScottK> ryanakca: Great.  I'll be offline most of the weekend, so we'll probably need to catch up next week.  dovecot-metadata-plugin is the plugin that's supposed to be all you need to get it working with dovecot.
<mathiaz> zul: hey
<mathiaz> zul: is there a list of bugs related to the upstart conversion?
<mathiaz> zul: the spec status says that it's currently blocked on review
<anthony_> guy's do you know a program that will help. defragment my hard drive. it is a ntfs. pls guys help me.
<twb> anthony_: I believe Windows can do that.
<ogex> anthony_: run chkdsk on windows
<anthony_> ogex: you mean we dont have the tool to deframent a ntfs partition.
<ogex> run chkdsk first n then we see next
<anthony_> ogex: how will i run that on linux or windows. i don't have an idea. pls help.
<ogex> ?
<ogex> u use dual boot with grub linux boot loader /
<ogex> ?
<anthony_> yap
<ogex> can u use windows now ?
<anthony_> yes i can. do just that. so how will i run. chkdsk
<ogex> open command prompt
<ogex> u must join other channel :D
<ogex> this in ubuntuers channel right ?
<ogex> xixixi
<anthony_> i don't have an idea.
<twb> This channel is for discussion of Ubuntu server issues.
<sailerboy> i get this error running supybot
<sailerboy> OSError: [Errno 13] Permission denied: '/logs'
<twb> Sounds like you've managed to set its working directory to the empty string
<sailerboy> erm?
<glick> hey why does lucid use such an old version of mod_wsgi
<glick> 2.8
<glick> when 3.3 is out
<sailerboy> so what do i do?
<sailerboy> twb,
<twb> sailerboy: talk to the supybot people, I guess
<sailerboy> it's in /home/sailerboy/RainBot
<twb> glick: because Lucid is released.  That means it's stable; it doesn't change.
<sailerboy> twb, it seems that supybot is trying to edit messages.log but isnt allowed to
<sailerboy> how do i allow access?
<twb> glick: if you want new features (and the concommittant new bugs), migrate to the unreleased version of Ubuntu (currently maverick).
<twb> sailerboy: I don't know, nor care.
<twb> sailerboy: ask #supybot
<alex88> morning
<alex88> !brain
<ubottu> Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://ubottu.com/factoids.cgi - Usage info: http://wiki.ubuntu.com/IRC/Bots
<corpse> Hey, i just got a wireless card working on my server, but for some reason my speeds are incredibly slow. downloading from an outside server i am getting 10kbps when if wired i get 1.6mb. any ideas?
<\sh> fross: bad signal quality of your wifi?
<ActionParsnip> Hey guys. When I input text to the tty (even at the local system), the text starts typing over itself and text appears to append to the prompt but if I hit CTRL+L its fine again but not for long
<ActionParsnip> Is this a known issue?
<alex88> never heard about that
<ActionParsnip> Not tried last nights kernel update yet but will be tonight
<\sh> people, does anyone have a solution to the problem I blogged about on http://www.shermann.name/2010/08/openldap-passwd-and-crypt-passwords.html  it would be interesting to hear your opinions and thoughts on this
<binBASH> Moin \sh
<\sh> moins binBASH
<binBASH> strange issue what you wrote in your blog
<\sh> binBASH: yes.
<uvirtbot> New bug: #620942 in openldap (main) "Failed to install java (for running applets): package slapd 2.4.21-0ubuntu5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/620942
<glick> excuse me, whats the deifference between postfix and dovecroft?
<soren> glick: You mean dovecot?
<glick> yeah thats it, lol dovecroft is a soap
<soren> postfix is an smtp server. dovecot is a pop3/imap server.
<glick> so postfix sends and recieves email, and dovcot allows you to retrieve it and send it with clients, and to create mailboxes, and folders and such?
<qman__> dovecot only does the retrieval to clients
<qman__> smtp does all sending, and receiving from other mail servers
<glick> i see
<glick> in my postfix config i have myhostname = mail.something.com
<glick> and then mydestination = something.com, localhost
<glick> but the actual machine its on is the same as my www server
<glick> www.something.com
<glick> i want emails to be sent and recieved from someone@something.com
<glick> not someone@mail.something.com
<qman__> then the mailname should be something.com
<glick> qman__, you mean the hostname?
<qman__> not exactly
<qman__> but changing that will cause it
<qman__> mail configuration can be very complicated, and that's just one example of how
<glick> how should i set this up, my postfix install, basically i want it to be able to send email to anywhere, but only recieve email from the localhost(i have a webapp that generates the emails from a contact form)
<uvirtbot> New bug: #620959 in dovecot (main) "Please compile --with-solr" [Undecided,New] https://launchpad.net/bugs/620959
<glick> does postfix run chrooted by default?
<glick> on buntu
<robertpayne> ps aux only shows started processes correct?
<ND-movie> hey guys
<ND-movie> i'm having a permissions problem
<ND-movie> i'm trying to create a folder in whic ha user could read, write but not delete
<ND-movie> any help?
<robertpayne> uhh
<robertpayne> that they own?
<robertpayne> or is it ok if it's owned by root and group is set to them?
<robertpayne> it's just chmod stuff
<a_ok> How can I view all user installed applications?
<a_ok> I'm going to move from 32 bit to 64 buty
<a_ok> bit*
<g0rd0n> a_ok: you mean dpkg -l ?
<a_ok> g0rd0n: no, that shows all installed packages
<a_ok> I don't want the deps
<a_ok> and not the base packages either if I can help it
<robertpayne> do all scripts inside /etc/init.d get run on start if they are chmod 755?
<ghostlines> hmmm I would think so
<robertpayne> hmm having problems with one of them starting up :(
<ghostlines> you made this initscript yourself?
<robertpayne> yeah copied nginx's as reference didn't change much
<robertpayne> it works from command line
<ghostlines> real strange then
<robertpayne> ghostlines: yeah :(
<RoyK> robertpayne: the scripts need to be symlinked to the appropriate rcn.d dir
<RoyK> where n is the runlevel
<RoyK> normally 2
<robertpayne> RoyK: thx
<RoyK> ls -l /etc/rc2.d
<robertpayne> RoyK: is the rc# the order it boots the scripts? I'm a little confused about that
<robertpayne> RoyK: like I see nginx in all of the rcX.d folders in /etc
<RoyK> robertpayne: no, rc2.d means 'run this when entereing runlevel 2'
<RoyK> S* means start - K* means kill
<robertpayne> RoyK: ahhh
<RoyK> so just add a symlink to rc2.d
<RoyK> given you're on runlevel 2
<RoyK> which is the normal in ubuntu
<robertpayne> RoyK: ok any information about the other runlevels? Just curious as to the technical details of different run levels
<RoyK> http://en.wikipedia.org/wiki/Runlevel
<robertpayne> RoyK: thanks a ton
<robertpayne> RoyK: works beautifully! thx again
<RoyK> np
<ghostlines> enabling ssl on apache with a2enmod ssl, should be enough to allow ssl to work with the default snake oil certifcate right? But can't seem to get it working
<alex88> how do i set locales?
<xperia> hello to all. i need help with restarting mysql on my ubuntu server. i hod some mysql attack becouse i host simple mashine forum on the server and now the mysql server cant restart.
<xperia> syslog has this lines here
<xperia> Aug 20 11:30:41 /etc/init.d/mysql[7758]: 0 processes alive and '/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf ping' resulted in
<xperia> Aug 20 11:30:41 /etc/init.d/mysql[7758]: ^G/usr/bin/mysqladmin: connect to server at 'localhost' failed
<xperia> Looks like the demon cant start.
<xperia> Have reinstalled mysql and still nothing helps
<uvirtbot> New bug: #621038 in apache2 (main) "package apache2.2-common 2.2.14-5ubuntu8.2 failed to install/upgrade when using mpm-itk" [Undecided,New] https://launchpad.net/bugs/621038
<adhorden> Hi all, we are having a debate in the office, what should the swap space be on a 16 gig of memory box? I went with atleast 4 gig.
<binBASH> it depends on which applications you run and how much ram they take
<binBASH> simple: If all your apps take the ram system will swap. If there's no swap left you will be introduced to the OOM killer :)
<adhorden> Its a large database server, running on Postgres
<adhorden> I wanted to make it 4 gig swap, but at the moment its set at 2 gig, but we are flatening it this afternoon to start fresh with a 64bit os
<binBASH> and what is current swap usage?
<binBASH> and which value shows cat /proc/sys/vm/swappiness ?
<adhorden> at load I have seen it eating 1 gig of swap but the system has 4 gig of mem at the moment I was putting in 16 gig this afternoon
<binBASH> ok
<adhorden> at the moment with 4 gig I get a swappiness of 60
<alex88> have you really seen swap used? i've 2gb ram and it's always at 0
<binBASH> alex88: you are lucky :D
<xampart> is it a bad policy to keep swap 1.5 times as big as physical?
<adhorden> yes I see it regually
<adhorden> but in this case should we increase the swap?
<adhorden> at load we get a swapiness of 40
<binBASH> how you measured swappiness of 40?
<alex88> that's why i've removed. :)
<adhorden> sorry its set at 40
<binBASH> :)
<adhorden> long day!
<binBASH> so it means 40% will be os cache
<alex88> if i've set lang=it_it, how can i use apt-get in english for 1 time?
<binBASH> here I set swappiness to 0
<binBASH> mysql at least doesn't like swap usage at all
<binBASH> for safety I have swap partition which is same size as the server ram
<adhorden> binBASH, in our case there are arguments for increasing it and decreasing it, should we jsut go with 4 gig as I recomended or keep it at 2 gig?
<adhorden> I mean whats the harm of increasing swap? I cannot see any
<binBASH> adhorden: There is no harm
<binBASH> The system should not swap at all.
<adhorden> Is there any aregument for removing it?
<adhorden> I do not want to end up in the relaims of OOM killer
<binBASH> :)
<binBASH> I think there is no reason to remove it. If it doesn't get used at all there is no harm.
 * Patrickdk is lazy :)
<binBASH> Patrickdk news?
<binBASH> :)
<Patrickdk> these days I say screw it and just setup a 25gig swap
<binBASH> Well, diskspace is inexpensive
<Patrickdk> I mainly do that for hibernation
<Patrickdk> incase I loose power here at home
<adhorden> thanks guys this is an argument that has been going around the office for two days now
<adhorden> no one seems to be able to put in a good technical argument
<Patrickdk> my servers in datacenters, I vary swap size, many systems I just do 512megs
<binBASH> adhorden: Using no swap is like driving car without airbag ;)
<adhorden> this is a production server postgres running in a datacenter
<Patrickdk> binbash, dunno about airbags, but maybe seatbelts
<Patrickdk> you normally fine without it, but sometimes :)
<binBASH> yup
<binBASH> :)
<binBASH> Never say never
<adhorden> So if there is no swap we are basically in the shit, with 2 gig we should be ok, but 4 - 8 gig would be ideal and to be safe 16 gig so it matches system memory?
<binBASH> If you don't have problem with server downtimes you can disable swap surely :)
<Patrickdk> adhorden, system swap = mem size is normally not needed
<Patrickdk> you just need as much swap, as you want protection :)
<adhorden> binBASH a few people might get angry with downtime, we have lots of it at the moment as we keep running out of memory hence why I am off to stick in 16 gigs later
<Patrickdk> if a program goes nuts
<Patrickdk> 2swap might be fine, 4might, or 16might
<Patrickdk> it depends on the program and how it goes nuts
<Patrickdk> hell, you might need 100gigs to protect it
<Patrickdk> but normally at some point, the disk i/o is going way out weigh any swap size you give it
<Patrickdk> cause it will become unusable anyways
<adhorden> its a postgres server running on ubuntu-server at the moment
<adhorden> the only thing running is postgres
<Patrickdk> I personally would say, if you sould never use swap, and you don't plan to ever hibernate, 2-4gigs should be enough
<Patrickdk> hibernate, swap=mem, has to be
<adhorden> this is a server so I doubt we are going to be hybernating it
<Patrickdk> well, lets say this
<Patrickdk> at 4gigs swap, and disk write speed of 100mb/s
<Patrickdk> that says the system will be unusable for 40seconds if it goes nuts
<Patrickdk> 8gigs would be up to 80seconds
<Patrickdk> at what point do you not care if it's unusable?
<binBASH> Unusable? :D
<Patrickdk> system is too busy swapping to do anything else, like ssh
<Patrickdk> have it happen several times
<binBASH> hmm ok, never had this :D
<binBASH> here it had things like, oom killer killed sshd or mysqld
<Patrickdk> I haven't had that
<Patrickdk> but generally I will reboot the system if it gets bad
<Patrickdk> when I can't get into it for >5min
<binBASH> sure ;)
<Patrickdk> and at 512megs swap, that happened several times
<Patrickdk> cause the disk was busy doing many other things that just swap at the time
<binBASH> Here I look at KVM console first
<binBASH> if there is no chance -> reboot
<Patrickdk> mine are normally related to forkbombs
<binBASH> adhorden: I would btw. never go higher than 8GB swap
<Patrickdk> oh, and if your on 32bit, you can't go over 4gig anyways
<binBASH> If you need 8 GB swap at all, there is something seriously wrong
<Patrickdk> oh, maybe you can now
<Patrickdk> heh
<binBASH> :)
<Patrickdk> Filename				Type		Size	Used	Priority
<Patrickdk> /dev/mapper/crypt640a-swap              partition	25165816	245208	-1
<Patrickdk> it used to only use 4gigs of that 25gigs
<adhorden> thanks guys I am going to get lunch
<adhorden> I will when out there set it to 4 gig
<Patrickdk> this system hibernates, with 4gigs currently
<Patrickdk> upgrading to 12gigs next month
<Patrickdk> or more, if I can
<binBASH> this system = your desktop? ;)
<alex88> if i've set lang=it_it, how can i use apt-get in english for 1 time?
<zul> morning
<shauno> alex88: just put LANG=C at the start of the command.  so "LANG=C apt-get install foo".  that'll set the LANG env, but only for that single command
<alex88> shauno: thank you very much
<patdk-wk> binbash, this system = desktop/home server
<samoangunner> hi is this the ubuntu server help chat?
<soren> That's what it says in the topic.
<samoangunner> what is the best graphical interface to use with ubuntu server?
<ivoks> putty
<ivoks> :D
<pmatulis> heh, nice one
<samoangunner> is it easy to install and use?
<ivoks> samoangunner: putty is an graphical SSH client
<samoangunner> how is it used?
<ivoks> samoangunner: you know what ssh is?
<samoangunner> nope
<ivoks> so, ubuntu doesn't have GUI
<ivoks> it only has CLI
<ivoks> command line interface can be utilized remotly
<ivoks> best way to do that is via ssh protocol
<samoangunner> oh ok
<ivoks> putty is popular GUI ssh client on windows
<samoangunner> so everything is done in a command line only
<ivoks> it has a window bar
<ivoks> yes
<samoangunner> crap
<samoangunner> sorry
<ivoks> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<samoangunner> ebox ah
<samoangunner> I will tri it
<ivoks> http://www.ebox-platform.com/
<samoangunner> do I install it on the server or on a different computer and login
<ivoks> on server
<samoangunner> ok I'm downloading it now on my server
<ivoks> time to go...
<ivoks> take care
<samoangunner> hey thanx for your help
<binBASH> not crap
<patdk-wk> who crapped in the channel?
<binBASH> patdk-wk: 20 mins ago :D
<patdk-wk> iphone4gs crapped
<samoangunner> just downloaded and installed ebox in my server
<samoangunner> how do I use it?
<binBASH> ewhat?
<samoangunner> how do I open it
<samoangunner> ebox
<patdk-wk> eboxen was my friends company
<binBASH> samoangunner: http://trac.ebox-platform.com/wiki/Document/Documentation/InstallationGuide
<binBASH> maybe read here?
<samoangunner> thanx
<binBASH> google skillz........
<patdk-wk> binbash google up how to install and setup an android dev enviroment :)
<patdk-wk> I plan on doing that this weekend :)
<patdk-wk> I'm completely annoyed with android email and k9 mail, so going *fix* it
<binBASH> patdk-wk: http://tinyurl.com/289wn3p
<patdk-wk> hehe
<binBASH> :)
<patdk-wk> blackberry email is so freaking nice :(
<patdk-wk> I need atleast, message/rfc822 support, and better html support (but I think a, view as plain text button will be better)
<uvirtbot> New bug: #617731 in clamav (main) "package clamav-daemon 0.96.2 dfsg-3ubuntu5~lucid1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/617731
<uvirtbot> New bug: #619170 in openldap (main) "package libldap-2.4-2 2.4.18-0ubuntu1.1 failed to install/upgrade: Paket libldap-2.4-2 ist schon installiert und konfiguriert" [Undecided,New] https://launchpad.net/bugs/619170
<samoangunner> I just install ebox on my server and its asking me to type in the Distinguished name of the search base? what is that?
<shauno> that sounds like ldap.  not something I know anything about, but might get you searching in the right direction
<samoangunner> how could I set up ubuntu server to be a packet shaper / bandwidth manager
<hallyn> anyone have a few cycles available for review of https://code.launchpad.net/~serge-hallyn/ubuntu/maverick/etherboot/e1000fix  ?
<mathiaz> zul: hi!
<hallyn> like maybe mathiaz :)
<zul> mathiaz: hey got the list for you winbind 612958 ntp 604717 dhcp 612975
<patdk-wk> wouldn't that require a system with a e1000 to try it on?
<osmosis> anyone aware of kvm issues with cpu frequency scaling? i seem to have hit that.
 * patdk-wk wonders why your kvm console would do anything to cpu scaling? unless it was stuck pressing keys :)
<hallyn> osmosis: more details?
<hallyn> I see some old bugs...
<zul> hallyn: looks good
<hallyn> zul: cool, thanks.
<zul> hallyn: want me to upload it for you?
<hallyn> zul: that'd be great, thanks.
<hallyn> (especially since there's another, separate bugfix against hte same pkg, so then maybe i can port the fix on top of this one tomorrow :)
<samoangunner> I am tring to put my server online but not able to
<patdk-wk> plug it in?
<samoangunner> I set the ip
<samoangunner> yes its plugged in
<samoangunner> I think I got the dns in
<patdk-wk> well, your going have to describe the issue
<samoangunner> how do I check if the dns is set
<patdk-wk> dig google.com
<samoangunner> I just install the server
<samoangunner> new install
<patdk-wk> dig google.com @8.8.8.8
<samoangunner> I have been digging and found nothing
<patdk-wk> first one broken, second one works
<patdk-wk> it has internet, dns is screwed, fix /etc/resolv.conf
<patdk-wk> both broken, your internet is broken
<samoangunner> the internet is working
<patdk-wk> should see something like:
<patdk-wk> ;; ANSWER SECTION:
<patdk-wk> google.com.		300	IN	A	173.194.33.104
<samoangunner> mine says timed out
<patdk-wk> for both?
<samoangunner> yes
<patdk-wk> then internet is broken
<patdk-wk> or your internet settings on that server are broken
<samoangunner> I think its the eth0 settings
<patdk-wk> well, I dunno what those should be
<patdk-wk> as your isp should be telling you that
<samoangunner> I know what they should be but I dont know if I did it correct
<samoangunner> the ip should be 192.168.20.9
<\sh> dhcp?
<patdk-wk> I don't know either :)
<samoangunner> sub 255.255.255.0
<samoangunner> how do you set it to dhcp in the command line
<\sh> server or desktop? desktop should dhcp be the default (network manager) on the server you edit /etc/network/interfaces auto eth0 \n iface eth0 inet dhcp and /etc/init.d/networking restart
<samoangunner> ok I am in the ect/network/interface
<samoangunner> how do I type in the command?
<\sh> with your favorite editor
<samoangunner> yes i am using nano
<samoangunner> what is the command
<zul> SpamapS: to be extra sure can you run the mysql testsuite with your /tmp change?
<Error404NotFound> how can i restrict samba to only listen on LAN interface?
<kpettit> Error404NotFound: Look here http://samba.org/~tpot/articles/multiple-interfaces.html
<Error404NotFound> kpettit, thanks :)
<kpettit> np
<zul> mathiaz: you spelled "Future" wrong on the statusreport for the release team :)
<mathiaz> zul: oups
<mathiaz> zul: you can fix it if you want
<zul> mathiaz: sure...luckily i know frenglish ;)
<Error404NotFound> there was a tool just like tmpwatch in centos, i did find it and even try it, have forgotton its name...
<Error404NotFound> tmpreaper...
<Error404NotFound> yup
<pmatulis> smoser: you're plugged in to the server docs right?
<smoser> i dont know what that means. i dont have an outlet here :)
<pmatulis> smoser: you can get the server guide edited?
<pmatulis> smoser: just noticed something in the lucid (at least) guide
<smoser> i've never tried.
<pmatulis> smoser: nothing major but if i don't say it now i never will  :)
<smoser> sommer is the owner (maybe you were confusing he and i).
<smoser> but sure, what is it?
<pmatulis> smoser: sigh, yes
<pmatulis> smoser: looks like he's not in
<smoser> but what is it man!
<smoser> i'm on the edge of my seat
<pmatulis> smoser: heh
<pmatulis> smoser: it's just that the ssl-cert packaage needs to be installed in order to add a user to the ssl-cert group
<pmatulis> smoser: as instructed here: https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
<pmatulis> smoser: this package is not installed if you use the minimal install
<pmatulis> smoser: that's all!
<zul> hallyn: it seems im having issues better ask someone else
<smoser> i'm not sure what the proper mechanism for bringing that up would be. maybe zul or mathiaz know better.
<zul> pmatulis: sommer is the guy you want
<pmatulis> zul: yeah
<pmatulis> smoser: the process is fairly heavyweight, bazaar, mailing list
<Error404NotFound> how do i exclude directories from aide? say /var/log
<hallyn> zul: what sorts of issues?  with my code, or just with the merge process?
<zul> no its just my computer
<hallyn> ok, just so i didn't do something wrong - thx
<SpamapS> zul: I haven't tried it
<SpamapS> zul: I still haven't heard back about whether to go further and lock it down to /var/tmp/mysql ...
<m0t3jl> Hi. I've recently dist-upgraded to 10.04 on my desktop (yes, I use the server version on desktop ;)) and it's got a splash screen ;) Why the heck would there be a splash screen on server? :D
<RoyK> m0t3jl: dunno - perhaps someone thought it looked nice? :)
<RoyK> m0t3jl: it's not like it'll eat much resources
<RoyK> the cool thing about lucid is that it uses far higher resolution than before, so unless you're on an old 14" CRT, the console is sufficiently big to use it for something real :)
<zul> SpamapS: yeah go ahead and lock it down to /var/tmp/mysql but once you do run it with the qa-regression-test testsuite
<SpamapS> m0t3jl: dig through the ubuntu-server archives at lists.ubuntu.com , somebody posted how to disable the splashiness.
<SpamapS> zul: will do
<zul> SpamapS: thanks
<SpamapS> zul: so how is this supposed to work.. if we start adding stuff to existing upstart jobs, while still encouraging users to modify them.. users have to hand merge upstart jobs on upgrade?
<zul> SpamapS: it should prompt you when upgrade if the upstart job has changed and its up to the uesrs
<SpamapS> zul: frankly, that sucks.
<zul> SpamapS: you get the same problem with initscripts
<SpamapS> Yeah, people shouldn't be modifying them.
<m0t3jl> :)
<SpamapS> I guess what I mean is, the script code shouldn't be in the init dir.
<mathiaz> SpamapS: right - that's why /etc/defaults/* have been introduced
<mathiaz> SpamapS: it seems that with upstart defaults files are no longer needed
<SpamapS> like, pre-start should be  'pre-start /usr/lib/mysql-5.1/pre-start'
<mathiaz> SpamapS: ie init scripts and default files are merged into an upstart job
<zul> SpamapS: next version of upstart should fix that
<SpamapS> mathiaz: I need to assert that /var/tmp/mysql exists. I can't rely on maintainer scripts for this.. I have to do it right before mysqld is started. I hae to put this in pre-start .. but now I'm changing code in a conffile.. seems rather counter-intuitive.
<SpamapS> zul: we can do it now w/ policy though
<mathiaz> SpamapS: why can't you rely on the maintainer scripts?
<SpamapS> mathiaz: because /var/tmp can be cleared at any time
<SpamapS> same reason /var/run/mysqld is asserted in pre-start. ;)
<mathiaz> SpamapS: oh - right
<sherr> Error404NotFound: see the examples on the aide.conf man page. It tells you how to skip a directory.
<talcite> hey guys. I'm getting crashes on my server when I'm writing to an OCFS2 array
<talcite> are there any known stopper bugs with OCFS2?
<cemc> is there a way to see the changes before updating a package on a hardy server install ?
<sherr> talcite: did you look in launchpad?
<sherr> cemc: according to the apt-get update, there's a "dry run" option.
<sherr> *"apt-get man page"
<talcite> sherr: there's no open bugs in launchpad
<cemc> sherr: no, I mean to see what changed in the package (the one you see if you're updating with Synaptic in GUI)
<talcite> cemc: what you're talking about is called a changelog. It may return more google hits.
<talcite> oh wow. ocfs2 really blew up
<cemc> talcite: thanks, found it
<mathiaz> zul: hi - bug 284416
<uvirtbot> Launchpad bug 284416 in whois "whois package contains unrelated binary 'mkpasswd'" [Low,Fix released] https://launchpad.net/bugs/284416
<zul> mathiaz: bi
<zul> mathiaz: er hi even
<mathiaz> zul: is there a good reason to keep the delta with Debian?
<mathiaz> zul: I don't think it's worth keeping the delta with Debian just for bug 284416
<zul> mathiaz: no i dont think so debain might want it
<mathiaz> zul: you mean that debian may want to have the split package?
<zul> mathiaz: correct
<mathiaz> zul: it causes issues with the PO files: bug 601803
<uvirtbot> Launchpad bug 601803 in whois "when whois and mkpasswd are build locally they have .mo file conflicts" [Medium,Confirmed] https://launchpad.net/bugs/601803
<zul> yeah i know....might want to create a whois-common or something
<mathiaz> zul: or put mkpasswd back into whois
<mathiaz> zul: and keep one package
<zul> mathiaz: doesnt matter to me...its just having mkpasswd in the whois pacakge
<zul> mathiaz: grrr...i mean its weird having mkpasswd in the whois package
<mathiaz> zul: why?
<mathiaz> zul: it's small
<mathiaz> zul: doesn't take a lot of space
<mathiaz> zul: same for whois
<mathiaz> zul: if you just want mkpasswd, whois doesn't take so much space
<zul> well the function is totall different from whois :)
<mathiaz> zul: it may seem strange - but it's not that bad
<mathiaz> zul: if the po files is put in the equation it seems to take more work to maintain the delta with Debian
<osmosis> hallyn, hmm..what kind of details.  Intel system. ubuntu 10.04 mostly default. kvm libvirt.  error is  BUG: soft lockup - CPU#2 stuck for 61s! [kdmflush:248]
<hallyn> and it's the host kernel getting lockup?
<hallyn> can you pastebin mord of the dmesg output?
<zul> mathiaz: agreed
<hallyn> osmosis: this is uptodate lucid with lucid-updates on x86-64?  or 32?  (or w/out lucid-updates archive)
<hallyn> i see a few things on launchpad - is this definately only with kvm?
<uvirtbot> New bug: #621315 in whois (main) "Sync whois 5.0.7 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/621315
<VladGh> guys, I know this is a really newbie question but once I compiled a program from sources with make and make install, can I just copy the resulted binaries when I reinstall the system as long as I install the required dependencies?
<talcite> VladGh: did the program make available any other dynamic libraries?
<VladGh> talcite: I'm talking about php 5.3.3 compiled with all the necessary librarie and dependencies, and I was wondering if when I am reinstalling Ubuntu on the same server I could just copy the /opt/php5 folder in which I compiled it after I install all libraries with apt-get?
<talcite> not likely with php
<talcite> you'll probably need to do some ld magic as well
<talcite> you're better off recompiling I would think
<talcite> why can't you recompile anywyas?
<VladGh> ok, thanks, I already have sh scripts to do all the recompile stuff. I was just wondering if it is possible to skip that step. Thanks
<SpamapS> VladGh: you know, php 5.3.3 is available as a source package in Maverick, you can always just rebuild that on your version of Ubuntu.
<VladGh> yes I know but I prefer to have complete control on what I install (my own configure script and my own patches).
<SpamapS> VladGh: one way to do that and still get system portability is by building your own .deb
<VladGh> I will get to that too, but as you see I still ask some basic questions
<SpamapS> VladGh: But.. php is pretty massive, so I could see where that might get ugly. ;)
<SpamapS> VladGh: Also if you have multiple servers, its a good idea to go with something like puppet or chef to manage those build/deploy steps.
<SpamapS> VladGh: even if you only have 2 servers, if you might have 3 or 4 later, it makes a big difference in long term efficiency.
<talcite> SpamapS: puppet only makes sense if you have a lot of identical machines
<VladGh> For the moment I just have my small linode vps and a few small websites
<VladGh> thanks for the adive anyway
<VladGh> I will do very soon replication and high availability so I will definetly look into puppet or chef
<VladGh> where can I find some good tutorials on how to create a deb from sources for more complex software like php or jetty7, solr etc
<kpettit> Anybody know of any good python or other cli type tools that will allow me to ready/write config files from different apps.  Like apache, mysql, asterisk, etc?
<SpamapS> talcite: not really. 99% of the time you have 90% of the same configs on each box.. little things that when missed, screw up all your other stuff
<SpamapS> talcite: I think of puppet more as managing the mundane repetition, not the boxes.
<SpamapS> kpettit: config files are vastly different from program to program.. some use established patterns like ini, yml, or xml, but others just sort of made up their own thing (like apache..)
<kpettit> exactly, that's why I don't really want to write one :)  Trying to see if something already exists
<SpamapS> kpettit: you might look at what ebox/webmin do
<kpettit> yeah, that's why I want to write my own.  Not to happy with those
<kpettit> that and I'd like it to be in python instead of perl.
<hallyn> osmosis: see the bottom of https://bugs.launchpad.net/ubuntu/+source/linux/+bug/333201.  Assuming you see the messages in the guest, you may be better off using another clocksource?
<uvirtbot> Launchpad bug 333201 in linux "Virtual machine soft lockup - CPU gets stuck for XX seconds" [Undecided,Confirmed]
<kpettit> I like ebox OK, but it's not as easy to exten and add custom stuff as I'd like.  And the web UI is freaky slow.  Webmin is cool but everything is too seperate
<brad__> i'm having massive DNS problems setting up BIND9 ... any DNS pros out there will to lend a hand?
<brad__> if i use dig @SERVER_IP mydomain.com on the server, i get a response.
<brad__> if i use dig @SERVER_IP mydomain.com from my desktop, i get SERVFAIL
<brad__> any ideas?
<Delemas> I'm trying to get VMBuilder to make a ubuntu 10.04 LTS VM but the resulting VM won't boot i.e. SeaBIOS reports "Boot failed: not a bootable disk". I'm building with a 4096MB root. What am I missing?
<Delemas> I've enabled debug mode but it isn't helping much...
<brad__> kinda quiet today, eh?
<Delemas> very...
<Delemas> brad__, are you using views?
<brad__> no, what's views?
<Delemas> brad__, they are a bind9 feature...
<brad__> nope, not using them to my knowledge.
<brad__> would that be helpful?
<Delemas> No one less complication. hmm I'd check your logs. You might have to increase logging.
<xperia> hello to all. have big problems with a innodb table. everytime i call a website on my ubuntu server i get the error message
<xperia> Incorrect information in file: './mydatabase/mytable.frm'
<xperia> How can i fix this Problem ?
<brad__> Delemas: I've tried looking at logs, i just installed sysklogd, not much help though
<brad__> Delemas: the thing that gets me is all the checks in the ubuntu guide pass, but it's been a couple days and no propagation.
<sherr> xperia: "call a web site"? Error message where? From what? Exact message?
<Delemas> brad__, firewalling?
<brad__> nah, I can telnet in from my desktop
<brad__> on port 53 at least
<Delemas> hmm so bind9 is listening to the right IP?
<Carleas> If I'm setting my VPS as both a web server and a nameserver, do I put it as its own nameserver in my zone file?
<Carleas> And then put the secondaries?
<brad__> Delemas: i'd guess so
<xperia> sherr: as written its about a innodb table in mysql. it is corrupted and becouse of this i get every time the error message
<xperia> Incorrect information in file: './mydatabase/mytable.frm'
<xperia> So need now to repair this innodb table but dont know how
<Delemas> brad__, check netstat -n -l -p
<brad__> tcp6       0      0 :::53                   :::*                    LISTEN      1394/named
<brad__> does that look right?
<Delemas> That shows ipv6 listening. What about ipv4?
<Delemas> Mine shows listening lines for tcp and udp.
<brad__> yeah, it's on there too
<jpds> Delemas: IPv6 sockets are v4 sockets.
<brad__> yep, both tcp and udp
<Delemas> ah k then...
<Carleas> Also, in some zone files the NS lines start with an '@', and in others they do not.  Which should I use when?
<brad__> Carleas: trying to figure the same questions out myself :)
<Delemas> An @ uses orgin.
<Delemas> origin I mean...
<qman__> yes, @ refers to the origin
<qman__> so if you have a zone for example.com, the @ record is example.com, and the other records are site1.example.com, etc
<brad__> named-checkzone returns OK
<brad__> i believe named-checkconf is also returning OK
<brad__> (just returns empty blank with no errors, from the man page  I'm assuming that means it's OK)
<qman__> bind logs to /var/log/syslog, in case you haven't figured that out yet
<qman__> and it is fairly verbose by default
<qman__> grep named /var/log/syslog
<brad__> i've got a few "error (network unreachable) resolving 'ns/AAAA/IN':"
<brad__> qman__: there are also a few errors about "couldn't add command channel"
<Carleas> What about IN?  Some seem to use, others not.
<SpamapS> Honestly, BIND's format is so archaic .. does anybody actually use BIND because they like it?
<brad__> nope, people tell us to use it and we follow like sheep to pasture ;)
<brad__> so i'm tailing var/log/syslog, and i keep getting more and more of these "error (network unreachable)" errors
<Delemas> Ah crap I think I'm seeing this bug with vmbuilder https://bugs.launchpad.net/vmbuilder/+bug/525952
<uvirtbot> Launchpad bug 525952 in vmbuilder "specifying part prevents raw from working" [Low,Triaged]
<Carleas> I think Bind uses me more than I use it.  I always feel dirty after our interactions.
<brad__> Carleas: lol
<neri> hi what`s the difference btw apt-cacher and apt-mirror if i want to create a repo server in my lan?
<brad__> qman__: is there anything in particular I should be looking for?
<Delemas> neri: apt-cacher downloads what you use. apt-mirror downloads all files.
<brad__> if i use the command "dig @SERVER_IP mydomain.com", shouldn't that be able to bring up the result even if it hasn't propagated?
<neri> Delemas: if I'm using a ubuntu server, obviously my packages will be different from my workstations... the apt-cacher will download the workstation packages also?
<Delemas> neri, It should be able to cache whatever is configured on it...
<kirkland> hallyn: ping
<kirkland> hallyn: i'm working on a fix to https://bugs.edge.launchpad.net/ubuntu/+source/etherboot/+bug/570870
<uvirtbot> Launchpad bug 570870 in etherboot "pxe boot doesn't work with kvm" [Low,Confirmed]
<kirkland> hallyn: i want to make sure we're not stomping on one another
<neri> Delemas: Thx for info. Changing topic, is it possible to use nis, but withou mounting home on nis server? (Something like remote profile in ad)
<neri> offline profile*
<Carleas> What does the IN mean on some lines of a DNS zone file?  Do I need to include it on all files?  I've seen zone files in which no line contains the 'IN' flag.
<maswan> IN means internet, it's also the default
<maswan> that's why you can leave it out
<neri> noone know?
<Delemas> I don't use nis.
<hallyn> kirkland: well I do have a package waiting to build, but it's basically your fix
<hallyn> oh, and finally did so.  https://launchpad.net/~serge-hallyn/+archive/kvm-pxe-usrshare
<kirkland> hallyn: yeah, i was just about to build/upload that to lucid-proposed now
<kirkland> hallyn: i can debuild -S this on amd64, though
<kirkland> "can't"
<hallyn> me neither.  I assumed that's always been the case
<kirkland> yeah
<kirkland> i do it in an i386 vm
<hallyn> and i can't do a sbuild -d lucid-i386 bc it wants to play with grub, which it can't do in a chroot
<hallyn> kirkland: the only thing i added to your original debdiff was
<hallyn>         ln -s $(CURDIR)/debian/kvm-pxe/usr/share/qemu $(CURDIR)/debian/kvm-pxe/usr/share/kvm
<hallyn> just in case some applications are expecting the roms in kvm
<hallyn> kvm/
<RoAkSoAx> smoser: WOuld you like to see all the UEC images (both daily and releases) in on single list of images or would you like to see them separated?
<pmatulis> in may 2011 (karmic EOL) can i still upgrade to lucid?
<jpds> pmatulis: Yes.
<pmatulis> jpds: thanks
<smoser> RoAkSoAx, i would think probably separated.
<RoAkSoAx> smoser: do you care of other releases besides maverick ones? such as lucid, or in the future, when ubuntu+1 is out, would you care about previous releases?
<smoser> i would think ideally you'd show all releases that could be booted.
<smoser> that will only be maverick at this point in time
<smoser> so basically, show all releases => 10.10 and all dailies 10.10.
<smoser> but really, i'd like it to be "just like anything else"
<smoser> so i dont really know how you're handling other stuff.
<hallyn> kirkland: hah but i did that wrong anyway
<hallyn> kirkland: so pls go ahead and push your own original debdiff and let's be done with it :)
<Delemas> OMG so stupid... vmbuilder creates VMs in raw format, converts them to qcow2 but it wrote out libvirt config which lists disk device type of raw! FAIL! s/raw/qcow2/g;  it suddenly it all works.
<RoAkSoAx> smoser: Ok, basically, it will be like this: http://imgur.com/eEXzK.png where repository would be uec-release and uec-daily. Both will contain different releases eventually right?
<RoAkSoAx> and in the -cli, i guess it would be something like 'testdrive --repo uec-daily' and etc etc
<smoser> well, they'll always include different content.
<smoser> (they do now).
<RoAkSoAx> smoser: that's the thing, I can handle it both ways, as a different repository with different releases, or as a single repository and put eveyrthing in one list. IMO, handling it as a repository would be better, given that way I keep separated cdimage.u.c, releases.u.c, and uec-images.u.c
<smoser> your call. i dont care.
<smoser> i'd like to somehow know that some thing is released versus daily, though
<RoAkSoAx> smoser: I guess that'd be just the using different repo's. Anyways, I'll prolly have it by sunday. Will let you know
<smoser> you can cheat
<smoser> and know under the covers
<smoser> what list you pulled it from
<RoAkSoAx> smoser: iÄºl pull .manifest and .manifest-daily as different repoÅ, or cache files, and they will be independent between each other
<RoAkSoAx> smoser: something similar with cdimage.u.c which is mainly for dailyÅ and releases.u.c
<RoAkSoAx> smoser: anyways, I'd rather just show you when it is done
<osmosis> hallyn, thanks, ive added myself to the bug list.
<uvirtbot> New bug: #621380 in nagios-plugins (main) "bad output from check_linux_raid" [Undecided,New] https://launchpad.net/bugs/621380
<kirkland> hallyn: firgin awesome .... kees just showed me this ... "linux32 bash"
<kirkland> hallyn: and then i could build etherboot on my 64-bit desktop
<kirkland> (build the source package at least)
<kirkland> i'm sanity checking it now
<kees> (it just tricks uname())
<kees> so anything actually sensitive will usually explode once gcc gets involved. but then -m32 may solve it
<hallyn> sweet :)
<ND-AtWork> hey guys question
<ND-AtWork> can you use a parrelel port as a serial port in any way in linux?
<ND-AtWork> i would like to use a dummy terminal, but i dont have any null modem adapters
<sailerboy> hey, if i have a user account (craig) which doesnt have access to the killall command, but i want it to be able to launch a script that contains "killall supybot" or "kill -9 `pgrep supybot`", how would i do that?
<sailerboy> on a server edition
<sailerboy> im sure i have to edit visudo
<mathiaz> SpamapS: zul: jdstrand: any reasong/thouhgts on demoting php5-sybase to universe?
<SpamapS> mathiaz: +1 for demoting drivers for closed source daemons. :)
<mathiaz> SpamapS: hm - http://packages.ubuntu.com/maverick/php5-dbg
<mathiaz> SpamapS: php5-dbg depends on php5-sybase
<SpamapS> mathiaz: can those files be moved into php5-sybase-dbg ?
<zul> mathiaz: indifferent :)
<mathiaz> SpamapS: it should be possible to create a php5-sybase-dbg file
<mathiaz> SpamapS: package
<SpamapS> mathiaz: I think if you did that, you can kick libsybdb5 out of main too
<SpamapS> wait.. no.. kexi
<mathiaz> SpamapS: hm?
<mathiaz> SpamapS: I'm not sure I follow what you're saying
<SpamapS> mathiaz: libsybdb5 is the sybase/mssql driver (freetds) .. all of its rdepends are universe except kexi and php5-sybase
<SpamapS> but, actually, its pretty cool that kexi supports mssql... as that makes ubuntu more useful for mssql administrators and developers.
<SpamapS> kexi == graphical data management program
<jdstrand> mathiaz: I have no strong opinion. dropping it out of main means less official support, but I have no idea how many people use it
<hsr> Hello
<guntbert> !hi | hsr
<ubottu> hsr: Hi! Welcome to #ubuntu-server! Feel free to ask questions and help people out. The channel guidelines are at https://wiki.ubuntu.com/IRC/Guidelines . Enjoy your stay!
<hsr> I need help on spam assasin
<hsr> I want to try spamassasin on ubuntu desktop on virtualbox
<guntbert> hsr: start with http://www.akadia.com/services/postfix_spamassassin.html
<guntbert> hsr: or with https://help.ubuntu.com/10.04/serverguide/C/mail-filtering.html
<hsr> guntbert: Will it be very easy to install for a newbie??
<hsr> guntbert: What else should i know?
<hallyn> kirkland: your quick push invalidated my awaiting merge proposal :)
 * hallyn hopefully out for a bit now
#ubuntu-server 2010-08-21
<MagicFab> hi all
<MagicFab> I am creating a small bash script to be invoked from cron. Where would a sysadmin expect to find such a file ?
<SpamapS> MagicFab: if its tied to a deamon, then /usr/local/bin or /usr/local/lib. If its tied to a user, I'd recommend putting it in their home directory, $HOME/bin works.
<SpamapS> MagicFab: I sould say, /usr/local/lib/daemon-name not /usr/local/lib directly
<MagicFab> not, it's just a regular maintenance task - check if XYZ exists, then do ABC
<MagicFab> /usr/local/bin is what I thought but yes, the guide mentions /home. tx.!
<MagicFab> SpamapS, thank you
<RoAkSoAx> 6/win 17
<RoAkSoAx> -_-
<allquixotic> I am trying to generate a CSR for a FQDN SSL certificate matching the form example.org (and NOT subdomain.example.org). Should I put example.org as the system hostname, or does it have to have an arbitrary hostname that does not include the domain it sits on?
<uvirtbot> New bug: #621509 in mysql-5.1 (main) "mysqld randomly causes system to not respond to commands" [Undecided,New] https://launchpad.net/bugs/621509
<ND-movie> hello all, could someone help me
<ND-movie> i am trying to set up a Serial Console
<ND-movie> using a Tandy TRS-80 Model 100 as a dumb terminal
<ND-movie> but i'm having problems
<ND-movie> the tutorial that i am reading talks about how to configure correctly with /etc/inittab
<ND-movie> which ubuntu no longer uses
<ND-movie> so i'm somewhat stuck :(
<ND-movie> can anyone help?
<kuttan_> hi
<kuttan_>  need help with grub2 on ubuntu (10.04) and xen on Centos
<Jordan_U> kuttan_: With support channels on IRC you should just ask your question from the start (after reading the channel topic).
<kuttan_> so anything besides ubuntu server ( which I am on ) , cannot be asked ?
<corpse> Hi, I had some slow wifi problems last night which i fixed with installig a perticulare driver. Today when i left the house i had a file downloading to my server at 1.5mbps now I got home and it was going at 1-5 kbps. i cant seem to figure out why i lost my speed again. any ideas?
<corpse> this computer is on the same network and I speed test at 23mbps so its not my connection either
<Moayad1980> good morning ppl
<Moayad1980> i need help on how to build a file server on ubuntu and shared through the intenet
<Moayad1980> i need help on how to build a file server on ubuntu and shared through the Internet anyone?..help?
<joschi> Moayad1980: https://help.ubuntu.com/10.04/serverguide/C/file-servers.html
<Moayad1980> joschi	thnx alot .. i appreciate it..
<akrill> anyone around with experience building ubuntu-based EBS-backed AMIs?
<alex88_> hi guys, i've a problem on my server, i'm trying to connect via ssh and it says "ssh_exchange_identification: Connection closed by remote host", the last thing that can matter is that i've created keys for both ssh on server and client
<alex88_> but i haven't changed the sshd config
<joschi> alex88_: any chance on accessing the syslog on the host running your sshd?
<uvirtbot> New bug: #621639 in kvm (main) "Please include sasl support into KVM" [Undecided,New] https://launchpad.net/bugs/621639
<akrill> anyone around with experience building ubuntu-based EBS-backed AMIs?
<kuttan_> Is something wrong with #ubuntu ? Why the channel is looking as #ubuntu-unregged ..
<akrill> L2read topics and the annoying repeating msg from floodbot1
<akrill> :-p
<akrill> #ubuntu now requires that you register+identify before joining
<kuttan_> akrill ? was that for me ?
<akrill> yes
<kuttan_> akrill - but I am registered
<kuttan_> akrill: Can you help me out . What should I do now
<akrill> i dont think you're identified though
<akrill> you gotta identify to nickserv when you log in
<kuttan_> akrill: What should I do , I am very new to irc stuff
<akrill>  type in "/msg nickserv identify <password>"
<akrill> that'll id you. then you can /join #ubuntu again
<kuttan_> I forgot that password. , can I retrieve a new passwd
<akrill> maybe. never had to do it. type in "/msg nickserv help" and look through the options
<kuttan_> okay Thanks askrill
<akrill> np
<kuttan_> akrill Thanks
<glick> hey when installing phpmyadmin and it asks for the password of the administrative user, is that the mysql root password?
<zash> glick: yes
<glick> thanks zash
<uvirtbot> New bug: #621746 in setserial (main) "package setserial 2.17-45.2 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/621746
<Jimbowmac> Good morning!
<Jimbowmac> I plan to deploy cacti in a production environment, and i'm wondering about the security risks of using SNMP, even if my Server is only on the LAN side.., Any suggestions/recommendations?
<arvind_khadri> hi, I needed some help with installing jffnms
<caution> how do I get the program 'screen' to show the stats bar at the bottom with cpu and memory usage?
<clusty> caution: screen can do that?
<caution> yep
<clusty> my screen does not show anything
<jpds> caution: "man screen" has the details.
<caution> it has colours too
<caution> I don't think my screen version is new enough
<clusty> i am wondering if it's normal for parted to take 10h to resize a 1TB mostly empty partition by 1 MB
<jpds> caution: You'd probably be better off just using byobu though.
<caution> ah thanks!
<jpds> clusty: You have to customize screen to make it do those things, it doesn't do anything by default.
<clusty> baf
<caution> looks like I was probably using byobu instead of screen
<caution> or does screen end up looking like that too?
<clusty> it fills like it's missing the spot with me. I am using screen as a NOHUP replacement
<clusty> not as a terminal divider
<clusty> launching stuff that takes a long time over ssh
<clusty> and don't want them dieing when my ssh does
<clusty> and nohup is annoying to use
<jpds> caution: screen end up looking like that?
<caution> alias screen='byobu'
<caution> anything wrong with setting that alias?
<jpds> caution: byobu is just screen with fancyness added.
<caution> is it a separate version of screen or does it reconfigure screen?
<jpds> The latter.
<uvirtbot> New bug: #621790 in vsftpd (main) "package vsftpd 2.2.2-3ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/621790
<windydays> I have a LAMP server run UBUNTU10.04. I think upstart is really nice. But I found that apache is not started by upstart,that is why?
<windydays> anyone here?
<guntbert> windydays: several people - but if no one knows the answer noone will reply
<windydays> I have a LAMP server run UBUNTU10.04. I think upstart is really nice. But I found that apache is not started by upstart,that is why?
<guntbert> and reating won't help :)
<windydays> OK
<uvirtbot> New bug: #621837 in apache2 (main) "package apache2.2-common 2.2.14-5ubuntu8.2 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/621837
<arvind_khadri> hi, I needed some help with installing jffnms
<arvind_khadri> I get an error in the error log of apache telling that jffnms class is not found, in the config file
<george__> I need to install VMware Server 2 on Ubuntu Server 10.04
<george__> any ideas ?
<george__> ?
<george__> I need to install VMware Server 2 on Ubuntu Server 10.04 any ideas ?
<bcomp> Are there any programs for ubuntu server that provide a more GUI-ish file browsing experience? I'm new to this.
<kuttan_> bcomp - nautilus :D
<bcomp> kuttan_ does it work over ssh?
<kuttan_> bcomp vifm
<bcomp> kuttan_ thx :)
<bcomp> kuttan_ i just discovered mc while i was researching vifm... and it rules :D
<binBASH> O_o
<kuttan_> bcomp i prefer vifm , love vi .. ( only editor I know )
<saravanan> Hi all :)
<saravanan> i need to know if
<saravanan> ubuntu server is a best match for virtual appliances to be run on cloud.
<saravanan> ??
<saravanan> hi all
<saravanan> i got few doubts in xen
<saravanan> on ubuntu server
<saravanan> is there any there awake?
<ChmEarl> saravanan, search archives at xen-users@lists.xensource.com and see how to custom build pv_ops kernel and xen 4.0 on lucid or karmic
<saravanan> Hi ChmEarl ,
<ChmEarl> saravanan, I've done it all in 3 hours or less: install OS, config for xen, config to build, build Xen, build kernel, install
<saravanan> is ubuntu server a better option than centOS / fedora for virtualization?
<ChmEarl> saravanan, if you want the latest+speed+efficiency
<saravanan> could you please point me to such implementation references on XEN
<ChmEarl> fedora has packages for dom0 and hypervisor if you hunt for 3rd party repo
<saravanan> i need to support hypervisor too.
<ChmEarl> saravanan, search archives at xen-users@lists.xensource.com (mailing list)
<saravanan> so does ubuntu doesnt support ?
<ChmEarl> saravanan, ubuntu has no packages, but is the best platform to build and runn
<saravanan> and could you please suggest some tools/techniques to create virtual images?
<saravanan> or virtual appliances.
<ChmEarl> saravanan, xen tools (xm) and debootstrap/chroot does it all
<ChmEarl> saravanan, nearly all distros have xen aware netboot installs
<saravanan> ChmEarl, what open source tools used for creating virtual appliances for vmware?
<ChmEarl> saravanan, you are wasting time. Do you want to run xen on Ubuntu or not?
<saravanan> thats wat i am confused about,
<saravanan> i need ti support xen,kvm, vmware and hypervisor
<saravanan> whichever supports these i wil go for it.
<saravanan> i need to design the infrastructure fr the same.
<saravanan> so i am researching on the Server OS
<uvirtbot> New bug: #621930 in clamav (main) "package clamav-base 0.95.3 dfsg-1ubuntu0.09.10.2 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/621930
<allquixotic> Hi -- I would like to connect to libvirt remotely using an encrypted channel, so I've been using SSH so far. But virt-manager wants to login as root always. I want to disable logging in as root to reduce attack surface on the server. Any idea of a workaround to this?
<qman__> any system that does need to log in as root over SSH should be using strong, well-guarded keys to authenticate, not passwords
<qman__> significantly reducing the attack surface
<allquixotic> qman__: I'm already using public key authentication, but it's even more secure to prevent root logins over SSH at all.
<qman__> of course, and it's even more secure to not allow remote logins at all ;)
<qman__> it's a tradeoff, security versus convenience
<qman__> if you need more protection, I'd suggest blocking direct connections to that server from the internet, and instead using SSH tunneling to a computer at the gateway
<allquixotic> I'm not looking for something that extreme. My question is about alternative ways of authentication for libvirt.
<allquixotic> Right now, libvirtd is the only service that *requires* a root login over SSH on the box. For anything else, I use SSL with trusted certificates.
<allquixotic> I see just now that virt-manager allows you to create a connection to libvirt with SSL and X509 certs... hmm... I guess my question now is how to set that up on the server. :)
<benedikt> how do i create a virtual hard drive in libvirt/kvm ?
<hallyn> in, or for?  you generally use qemu-img
<hallyn> qemu-img create -f qcow my_hd.img 10G
<benedikt> bah, i meant for :)
<hallyn> Then you can mostly 'virsh edit <vm_name>' and copy-paste the disk section to hook in the new disk
<hallyn> heh, just making sure :)
<benedikt> vi!? This has to be fixed
<hallyn> doesn't it just use $VISUAL?
<benedikt> probably
<hallyn> so replace it with ed and be happy :-)
<allquixotic> benedikt: if you can get libvirt connected to virt-manager, you can create the HDD graphically... although I don't think virt-manager is yet as flexible as virsh, so YMMV.
<benedikt> i was thinking more along the lines of emacs :P
<hallyn> yeah i dont' know that you can use virt-manager to hook in virtio disks yet, in particular
<benedikt> allquixotic: i connected with virt-manager but it doesn't seem to have any 'add hardware' features
<allquixotic> I just asked a question about libvirt though; I'm setting up mine so that it only allows clients with signed X.509 certs (signed from the local CA) to connect
<allquixotic> benedikt: Which version of Ubuntu?
<benedikt> allquixotic: lucid
<allquixotic> Same here... 10.04.1 Server
<allquixotic> when I connect to the remote libvirtd using virt-manager (also on lucid), I can create hard disks for kvm graphically
<allquixotic> it prompts you for the size and image type and all
<benedikt> allquixotic: where? I didnt see it.
<allquixotic> benedikt: it was when I first created the VM... although I'd think the same feature would be available with an extant VM
<allquixotic> provided you shut it down first
<allquixotic> can't add hardware to a running VM afaik
<hallyn> benedikt: iirc you switch to 'edit VM' in the top menu of the window where you have the VM's screen up, and on the left there is 'add hardware'
<allquixotic> ah yes, you have to view the details of the VM
<allquixotic> then it lists the hardware pieces sorta like how VMware Server / VirtualBox do
<benedikt> *cough* it might be a good idea to shut down the vm first
<basso> how can i set a higher priority on a process
<allquixotic> hehe, you had to shutdown and now you can add new disk? :)
<hallyn> basso: renice
<hallyn> (giveit a lower #)
<basso> thx hallyn
<hallyn> np
<benedikt> hallyn: the image i created with qemu-img keeps on growing after i created it
<hallyn> benedikt: yes, it'll keep growing as you fill it up, up to whatever size you specified
<benedikt> hm
<benedikt> meh, thats maybe not a bad idea
<benedikt> hallyn: is it usable until it has reached the size?
<hallyn> benedikt: hm?  of course.  if i understand you correctly
<benedikt> then it was a classic case of the pebkac
<hallyn> why?  did it break?
<benedikt> the vm froze when i created the partition with fdisk
<hallyn> jinkeys
<hallyn> i've not actually had that happen.  Did you add it with the virt-manager gui, or virsh edit, or something else?
<benedikt> virsh edit
<hallyn> can you put the output of a 'virsh dump <vm_name>' on paste.ubuntu.com?  (or, is it working now?)
<benedikt> hallyn: i just forced it off and tried again
<benedikt> http://i.imgur.com/zUwRr.png
<benedikt> it doesnt look too bright right now
<hallyn> benedikt: i wanted to see the xml definition of the vm
<benedikt> i konw, but thats not the problem :)
<hallyn> oh - what is?
<benedikt> thats the outbput from mkfs
<hallyn> what is the problem i meant?
<benedikt> something is corrupt
<benedikt> not sure what yet
<hallyn> Interesting - i've not seen the like
<benedikt> im trying to create a disk on a different hard drive on the host machine
<benedikt> its new and completely unused so it might be corrupted, but id have thought mkfs would have shown that when i partitioned it
<benedikt> when formatting it stops on inode 42 and spits out kernel messages
<benedikt> crated the disk with virt-manager and attached it with virt-manager this time
<benedikt> oh wait, it got to inode 63 now
<benedikt> seems to work much better when i create the vdisk on the same physical disk as the vm
<allquixotic> I modified /etc/default/libvirt-bin to pass the --listen flag (I want libvirt to listen for SSL) but it won't... any ideas what I need to do differently?
<allquixotic> it looks like Upstart does not read /etc/default/libvirt-bin
<allquixotic> because libvirt is still started with `/usr/sbin/libvirtd -d'
<allquixotic> no --listen
#ubuntu-server 2010-08-22
<allquixotic> is that a bug? the /etc/init.d/libvirt-bin script was rewritten to use upstart, but upstart doesn't honor settings in /etc/default/libvirt-bin
<Raymond> hi
<Raymond> Can someone help me with freenx?
<allquixotic> answered my own question: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/557054
<uvirtbot> Launchpad bug 557054 in libvirt "Libvirt-bin ignores libvirtd_opts from /etc/default" [Wishlist,Triaged]
<KurtKraut> Raymond, Google developed a replacement for FreeNX. At the moment, it is 'abandonware' as FreeNX, but it is at least more recent. I recommend you to take a look at it.
<KurtKraut> Raymond, I've installed it once in Ubuntu but I can't even remember the name.
<Raymond> Kurt.
<Raymond> I have someone trouble installing it.
<Raymond> It wont install.
<Raymond> At the moment I am connecting using putty.
<allquixotic> why not use the official NX server? it may not be open source, but it works. unless you have a specific requirement for free software, it's better supported.
<allquixotic> it's at least freeware, and non-invasive.
<Raymond> I just want to run apache, curl, mysql thats all.
<allquixotic> Why would you need NX for that at all?
<allquixotic> You can do all of that over SSH/Putty.
<Raymond> In not good with CLI
<Raymond> Only GUI.
<Raymond> :S
<Raymond> Sounds weird.
<Raymond> allquixotic, how would you do that?
<Raymond> Install apache, mysql, curl
<allquixotic> if you don't want to learn CLI commands, there are decent GUIs for setting up Apache/MySQL/etc in so-called admin consoles. Plesk, cPanel, Webmin, eBox...
<allquixotic> but you'll still need to execute at least a few CLI commands to install one of those.
<Raymond> sudo apt-get install apache curl mysql
<Raymond> someone said that
<allquixotic> use aptitude search to find the package name you want to install. just put in a broad search term you want to look for
<allquixotic> such as: aptitude search sql
<Raymond> ahh
<Raymond> hard
<Raymond> :S
<allquixotic> then: sudo aptitude install <packagename>
<allquixotic> uh, no? not hard.
<Raymond> Well..
<Raymond> You know XAMPP?
<Raymond> I just want that running.
<Raymond> XAMPP contains MYSQL, apache, curl, php
<Raymond> withour GUI how would I install this..
<Raymond> http://www.apachefriends.org/en/xampp-linux.html
<allquixotic> Well, I just looked up XAMPP (hadn't heard of it before), and it seems to be based on the incorrect premise that setting up an AMP stack is "hard". It's not -- you just have to become habituated with it. you'll be a much better sysadmin for the learning.
<allquixotic> but if they pride themselves on having an easy to use distribution of apache and mysql, then presumably they also have easy installation instructions.
<allquixotic> if not, then XAMPP is no easier for you than doing it manually.
<Raymond> ...
<Raymond> Not sure how im going to do this
<Raymond> I could of done this by using GUI
<Raymond> NXCLient.
<allquixotic> the package name for apache is apache2.
<allquixotic> the package name for mysql is mysql-server.
<Raymond> ah ic
<Raymond> not enough ram
<Raymond> 256MB
<Raymond> :P
<benedikt> should formatting a (virtual) disk in a virtual guest be much slower then formatting a physical disk on a physical hardware?
<benedikt> after 1,5 hours im only up to inode 279/2735
<amstan> hello, what's the correct way of making sure an ip does not connect to a server?
<amstan> i added ALL:66.128.88.110 in hosts.deny
<amstan> somehow it didn't work
<benedikt> iptables -A INPUT -p tcp -m tcp -s 66.128.88.110/32 -j DROP
<amstan> is that persistent?
<amstan> i would like it to be
<benedikt> if you save the rules yes
<amstan> how do i save the rules
<benedikt> iptables-save > /etc/iptables.rules
<benedikt> and then put this line in /etc/network/interfaces under your network interface
<benedikt> pre-up iptables-restore < /etc/iptables.rules
<amstan> ok, done
<amstan> now.. why didn't the hosts.deny work?
<benedikt> not sure. have you read the man page?
<echosystm> i dont understand all this "cloud" stuff
<echosystm> the whole point of the "cloud" term is that you just throw thigns out there and it just works
<echosystm> programming against some api for scalability is hardly "cloud"
<echosystm> am i missing something?
<Big_Brother> Is wireless hard to do on ubuntu server?
<uvirtbot> New bug: #622010 in mysql-5.1 (main) "Error in AppArmor rule for mysqld" [Undecided,Incomplete] https://launchpad.net/bugs/622010
<jetsaredim> stupid question: when the menu comes up for grub-pc configuration, I just choose the actual disk that root is on, not the partition
<jetsaredim> right?
<pmatulis> jetsaredim: right
<jetsaredim> pmatulis: kthx
<jetsaredim> just finally getting around to upgrading my file server from 9.10 to 10.04
<jetsaredim> just in time to start thinking about 10.10 :)
<jetsaredim> my raid doesn't seem to be coming back up after upgrading
<jetsaredim> any ideas as to how to get md0 setup again?
<jetsaredim> looks like lvm2 either didn't get updated or something
<jetsaredim> either way its not installed
<jetsaredim> anyone have some suggestions as to how to get this back up and running?
<jetsaredim> nm - just had to mdadm -A and set it up manually
<uvirtbot> New bug: #622076 in clamav (main) "package clamav-freshclam 0.95.3 dfsg-1ubuntu0.09.10 failed to install/upgrade: subprocess installed post-installation script returned error exit status 100" [Undecided,New] https://launchpad.net/bugs/622076
<hmmmm> hi, is there a foss alternative to deep freeze?
<hmmmm> i am considering a ubuntu pc lab
<lifeless> 'deep freeze'?
<robertpayne> any way to install htpasswd w/o installing full apache stack?
<talcite> hmmmmm: yeah, you can mount the root fs ro
<qman__> hmmmmm, what many people do is set up a netboot system, with an LTSP server and diskless clients
<qman__> when the computer reboots, all data is lost
<qman__> and the fresh image is loaded again from the server
<qman__> the downside to this approach is that it requires a good network, gigabit preferable, and a fairly quick server to distribute the images
<kuttan_> hi
<kuttan_> how can insmod certain kernel modules , at system startup time .. much prior to rc.local
<sherr> kuttan_: see /etc/modules
<kuttan_> sherr: I did put a module there, but it doesn't get loaded. But from command line its works
<roach> can someone please help me with the ldap configuration
<roach> help?
<joschi> roach: try following the openldpa chapter in the ubuntu server guide: https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
<arvind_khadri> hi, I am running opennms on ubuntu 10.04. I am unable to see the map, i have installed the necessary plugin, I can see the Italia map, but not my own network map.
<alex88> i've to install libcupsys2 that's required by a deb that i have to install..it's provided virtually by libcups2, how can i say dpkg that it has to install libcups2?
<alex88> instead of searching for libcupsys2?
<YankDownUnder> alex88, Are you trying to install a Canon printer...???
<alex88> YankDownUnder: it was support for italian channel
<alex88> i told to use the --ignore-dependences
<alex88> but it isn't the right way to do it
<alex88> YankDownUnder: so i've searched how to tell dpkg that libcupsys2 is given by libcups2
<YankDownUnder> alex88, I've had the issue with a few Canon drivers - there's a few roll-your-own ways of dealing with it - for Karmic and Lucid - but they're iffy at best...not any truly good results...
<uvirtbot> New bug: #622202 in dovecot (main) "dpkg: version '/etc/ufw/applications.d' has bad syntax: invalid character in version number" [Undecided,New] https://launchpad.net/bugs/622202
<uvirtbot> New bug: #622204 in dovecot (main) "adduser: Warning: The home directory `/usr/lib/dovecot' does not belong to the user you are currently creating." [Undecided,New] https://launchpad.net/bugs/622204
<alex88> YankDownUnder: ok...btw, he has installed and printed fine...
<benedikt> should formatting a (virtual) disk in a virtual guest be much slower then formatting a physical disk on a physical hardware ?
<benedikt> ive been going for over 12 hours and im up to inode 2388/2735
<jo-erlend> no, that doesn't sound right at all.
<benedikt> thought so
<benedikt> both the guest and host are under immense load
<benedikt> creating new hosts takes under 5 minutes
<benedikt> even with a large v-disk
<giovani_> well, yes, of course, a virtualized disk is slower than a physical disk
<benedikt> yeah
<giovani_> but it shouldn't take 12 hours
<benedikt> but, *this* much slower?
<giovani_> to do a simple format
<benedikt> its 350 gb, but this is riddiculous
<giovani_> anything in the logs on both machines?
<giovani_> dmesg, /var/log/all, etc
<giovani_> i.e. low-level errors from the SATA controllers
<benedikt> dmesg on the host has some kernel messages that could be relevant
<giovani_> pastebin them
<benedikt> shame it lacks time
<benedikt> i am
<benedikt> http://pastebin.ca/1922660
<benedikt> messages is clean
<giovani_> the output it cut off in what you pasted
<giovani_> any more stack traces?
<giovani_> the rest of it doesn't matter
<benedikt> dmesg on the guest: http://pastebin.ca/1922662
<benedikt> yes, the same thing repeated
<benedikt> wait, ill post it al
<giovani_> I mean, this looks like a scheduling bug
<giovani_> are you up to date with all kernels, and packages?
<benedikt> yup
<giovani_> can you verify? what kernel is being run on the host  and guest?
<giovani_> uname -r will do
<benedikt> fairly, the host is running 2.6.32-21
<benedikt> and guest is 2.6.32-24-generic-pae
<giovani_> ok
<benedikt> host is using -server (x86_64) and the guest is -generic(x86)
<giovani_> both are 10.04?
<benedikt> 2.6.32-24-generic-pae on the guest to be excat
<benedikt> yup
<djkrikke> Hello guys, I'm extremely confused. I installed the apache2 php5 module, but I want to enable it only for certain virtual hosts
<djkrikke> so I modified the mods-available/php5.conf, and removed the addhandlers
<djkrikke> but every website is still capable of running php?
<djkrikke> I don't understand how this is possible
<djkrikke> the module gets loaded, but there is no handler definition for .php files
<djkrikke> and they still run php
<benedikt> the format is done soon though. ill run fsck and see if there are any errors.. googling hasnt turned out anything, but this is certainly strange
<djkrikke> ok, very funny, the mime module did the trick
<djkrikke> how is it possible that mime loads the php handlers?
<djkrikke> hmm, I still can't figure it out
<djkrikke> my php5.conf is empty
<djkrikke> so the addhandler and addtypes are gone
<djkrikke> but still php files are ran as php
<djkrikke> nobody an idea?
<jeiworth_> hi all, having problems setting up a raid1 on a running server, i am following this howto: http://www.howtoforge.com/how-to-set-up-software-raid1-on-a-running-system-incl-grub2-configuration-ubuntu-10.04-p2 <-- but it keeps dropping me to a initramfs shell stating that there are no raid devices
<veebull> I haven't used that document (and unfortunately I'm not at a ubuntu machine right now) but there used to be an older document on the same subject but for Debian that worked pretty well
<veebull> just had to do a little translation for the newer drive IDs used in /etc/fstab
<jeiworth_> hmm kk thanks, will do a search for it
<jeiworth_> strange thing for example is that when i create the /etc/mdadm/mdadm.conf using mdadm --examine --scan the UUIDs it detect are the UUIDs from the partitions of the /dev/sdb disk and not from /dev/md, i.e.  i do a blkid on e.g. /etc/sdb1 and /dev/md1 and mdadm detects the UUID from /dev/sdb1
<jeiworth_> although i already tried using both
<jeiworth_> and with the same result
<corecode> hey
<corecode> my mdadm raid1 does not attach automatically at boot - any idea where i can set this up explicitly?
<corecode> i'm searching for the place to run mdadm, before cryptdisks is run
<Akranis> Hi. I'm having some problems installing Ubuntu Server 10.04.1 on one of my machines. At about 75% into the installation, it stops recognising the cdrom, prompting me to insert "Ubuntu-Server 10.04.1 LTS _Lucid Lynx_ - Release i386 (20100816.2)". I did an ls on /cdrom/ and the drive is still mounted.
<alvin> corecode: see bug 27037, bug 599135 and some others
<uvirtbot> Launchpad bug 27037 in linux "mdadm cannot assemble array as cannot open drive with O_EXCL" [Medium,Fix released] https://launchpad.net/bugs/27037
<uvirtbot> Launchpad bug 599135 in mdadm "mdadm cannot assemble array" [Undecided,New] https://launchpad.net/bugs/599135
<alvin> Akranis: Maybe the cd is corrupt. You can do a media check from the cd itself
<jeiworth_> Akranis: i had the same problem bascally, although it never reached 75% but much earlier, apparently the jumper of the cdrom was set to slave, i put it on cs (cable select) and after that it worked just fine
<Akranis> jeiworth_: Could be, I don't remember checking the jumpers on the cd-rom when I assembled this computer.
<corecode> alvin: must be different; for me a manual --assemble --scan always works
<corecode> alvin: but i don't even find the place where mdadm is called
<corecode> when does that happen in boot?
<alvin> Everything happens at once nowadays. Lucid broke auto-assembly. I have to give the command after boot.
<corecode> same here
<corecode> i'd like to just run it automatically during boot
<corecode> before cryptsetup
<alvin> I don't use crypt. mdadm + lvm is enough trouble as it is
<corecode> yea :/
<corecode> still, who runs mdadm
<corecode> or, how do i run it before the first consumer tries to mount it
<Akranis> I tried changing the jumper and I still seem to get the same prompt to insert the cd. When I check the syslog, I got four lines of ": skipping nonexistant file"
<Akranis> the files in question are the /cdrom/dists/*/*/*/binary-i386/packages
<Akranis> But when I checked the cd for fault, it didn't give me any error
<Akranis> I reburned the disc at a slower speed after reading a forum topic, seems to have fixed my problem.
<Akranis> Still a bit weird since the first CD checked out fine. But oh well.
<quizme> hi
<quizme> i'm about to leave the country and want to be able to ssh into my home computer
<quizme> can somebody help me out with this?
<quizme> i am logged into my router
<quizme> but i think you can do this with ssh port forwarding right?
<quizme> i want to be able to log in as soon as the computer turns on (when it shows the login prompt) so that I can tell my dad to just turn on the computer
<quizme> my router forwards all packets (no firewall)
<quizme> so i was able to do:  nc -l 12345 | cat   <--- then from my webserver: curl <public ip>:12345.... and it worked
<zash> quizme: You don't need cat
<zash> fyi ;)
<quizme> zash oh hehe thanks
<quizme> zash he my inet addr for eth0 is 192.168.0.12... does that stay the same everytime i reboot?
<zash> do you have a router or something with dhcp?
<quizme> zash: yeah a motorola sbg900
<quizme> zash: comcast
<quizme> zash: i wanna try to login from web server when i'm overseas. so that i have more computing power
<zash> if the computer is turned of for some weeks and then started it might get a new ip
<zash> otherwise should get the same
<quizme> zash: oh... is there a way to fix it to say "192.168.0.42" or something ?
<quizme> zash: cuz i'm going to be overseas.
<zash> look for something like "static assignments", or don't turn the computer off
<zash> also, ssh is on port 22
<quizme> zash: oh... "static assignments" on my ubuntu box ?
<zash> quizme: in your router config
<quizme> zash: okay i'll try
<quizme> i feel pretty high tech doing this lol
<zash> anyways
<zash> computers and stuff aren't usualy assigned new ip's unless they are turned off for a while
<quizme> zash it might happen... cuz i'm going to be traveling.  my dad might turn off my computer for a couple weeks
<zash> try asking him not to
<zash> but usualy they get the same
<quizme> zash yeah i could do that... but that adds a human random variable to the set up.
<qman__> depends on the router, newer ones tend to give you the same address, but not always
<qman__> but as long as the computer is on, it will keep renewing the one it has
<quizme> qman__ thnx
<quizme> qman__ i'm using a motorola sbg900
<guntbert> quizme: why don't you assign a fixed IP address to your computer?
<qman__> if you do, make sure you pick one outside the DHCP range on the router
<quizme> guntbert: i'd like to: how do i do that?
<guntbert> !serverguide | quizme
<ubottu> quizme: The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<quizme> guntbert: thanks
<guntbert> quizme: there is a section networking, looks a bit intimidating
<qman__> that gets into a lot of detail and covers networking things you aren't really interested in, specifically you want the "IP Addressing" subsection, and the "Static IP Address Assignment" part of that subsection
<guntbert> quizme: search for "static ip address assignment"
<quizme> http://www.howtogeek.com/howto/ubuntu/change-ubuntu-server-from-dhcp-to-a-static-ip-address/
<quizme> looks pretty good
<qman__> that is accurate
<qman__> the thing about random guides on the internet is a lot of them tend to be wrong, but that one's just fine
<quizme> what's "lo"
<quizme> auto lo
<qman__> loopback
<qman__> you don't want to mess with that one
<quizme> kk
<qman__> just eth0, or 1, or whatever your interface happens to be
<quizme> that's 127.0.0.1 ?
<quizme> lo i mean
<qman__> yes
<quizme> eth0
<quizme> qman__ is it ok if i set it to 192.168.1.99  ?  you said i should set it to something "outside my DHCP range on the router"
<qman__> while most things use 127.0.0.1 for loopback, strictly speaking, 127.x.x.x are all loopback addresses
<quizme> not sure how to determin what the range is
<qman__> the router will say on the DHCP configuration page
<qman__> it will either be called DHCP range, or address pool, or something like that
<quizme> kk
<qman__> and it will have a configuration box to let you choose what the minimum and maximum addresses are that it will hand out
<qman__> most routers are configured for a pool of 50 or 100 addresses
<qman__> you want to give yourself an address not in that range, so that the router will not attempt to hand it out to another computer
<quizme> if i have NAT, do i need to do any of this?  I thought NAT automatically maps requests to
<quizme> to whatever it needs
<qman__> NAT is not related to address assignment
<quizme> ok
<qman__> NAT needs your addresses to be assigned properly in order to work
<quizme> it's for port mapping ?
<qman__> yes
<quizme> ok
<quizme> ok
<quizme> hmm
<quizme> it says a max of 245 users
<quizme> and the address starts on 192.168.0.10
<quizme> so does that mean it's going to use 129.168.0.* ?
<qman__> so, either give yourself one below 10, or change those settings to give you more room
<qman__> it will use any address from 192.168.0.10 to 192.168.0.255
<quizme> ok
<quizme> 255 is the max right?
<qman__> yes, actually, that's the broadcast
<qman__> 254 is the highest address
<quizme> can i make it use like
<quizme> 192.168.200.200 ?
<qman__> no, because you won't be in the same subnet
<quizme> or does it have be 0 in the 2nd to last place ?
<quizme> k
<quizme> oh
<qman__> unless the router supports class B subnetting
<qman__> but most home routers don't, and I'm guessing it doesn't
<quizme> subnet is determined by the 2nd to last one
<quizme> it's a home router
<quizme> kk
<quizme> thanks
<quizme> this stuff is cool
<quizme> hope i can learn it well
<qman__> with that range, use 1-9
<qman__> guessing the router is 1
<quizme> i'll use 9
<qman__> so that leaves 2-9
<quizme> yeah
<guntbert> qman__: not to interfere - but with NAT he should configure port forwarding on the router (I don't know if that is done already)
<quizme> maybe i'll test it with the current one first
<quizme> i'm on 12
<quizme> so i'll just use that first
<quizme> then if it works i'll try changing it to 9
<quizme> guntbert yeah i'm assigning port forwarding
<qman__> the problem with setting it statically to 12 is that the router will attempt to give 12 out to another computer when it receives a request
<guntbert> quizme: ok :-)
<quizme> qman__ yeah right
<quizme> qman__ just wanna test it first
<qman__> 9 will work just as well as 12, and in some cases, 9 will work, and 12 will not
<qman__> some routers are set up to not allow traffic from addresses within its pool when it hasn't leased them
<quizme> ssh david@127.0.0.1
<quizme> ssh: connect to host 127.0.0.1 port 22: Connection refused
<quizme> that should work shouldn't it ?
<quizme> i mean if sshd is up ?
<qman__> yes
<quizme> so i think that's my first problem i need to solve
<qman__> unless you're specifically blocking it with your firewall that way
<quizme> qman__ i don't think so
<quizme> qman__ maybe port 22 is blocked though...
<qman__> you would have to have created a rule to explicitly reject packets inbound (or outbound) from 127.0.0.1 or the lo interface on port 22
<qman__> and reject, not drop
<quizme> qman__ oh, i didn't do that
<quizme> qman__ so sshd is probably not working?
<quizme> everything is default
<qman__> yes, a better way to check is `sudo service ssh status` and `netstat | grep ssh`
<quizme> unrecognized service
<qman__> then ssh is not installed
<quizme> k
<quizme> i got this...
<quizme> thanks
<quizme> sudo apt-get install openssh-server openssh-client
<quizme> thank God for apt-get
<quizme> ssh start/running, process 3148
<quizme> this is cool
<quizme> dude i logged in from my webserver
<quizme> so cool....
<quizme> if (on my router) i change port start to 999 and port end to 22, then will i be able to ssh on port 999 ?  it would be more secure that way right?
<quizme> by obfuscating the port ?
<quizme> regarding these instructions: http://www.howtogeek.com/howto/ubuntu/change-ubuntu-server-from-dhcp-to-a-static-ip-address/  <--- does this mean i have to have bind installed and running ?
<Akranis> Could work for some attacks, but for added protection you could use keypairs instead of cleartext passwords.
<guntbert> quizme: a word of caution though -- if your ssh-server is open to the internet there will be a great lot of brute force attempts on it -- best way would be to create a ssh-key, take the "private key" with you (with a good pass phrase) and disable password based login altogether
<quizme> hmm
<quizme> yeah i could do that
<guntbert> quizme: obfuscating the port will put only a very small hurdle in the way of a wannabe cracker
<quizme> k
<quizme> well it will put a big hurdle in front of people who scan ports no ?
<Akranis> They're still going to find the port if they do a complete scan
<quizme> k
<Akranis> They're essentially knocking on every port until they find one that is open. So changing the number usualy only works on automated attacks looking specifiaclly for port 22
<quizme> what's a good value for $TERM ?
<quizme> this is so cool
<quizme> can't believe i never got around to doing this before
<quizme> it's like having a free server
<quizme> i could even set one of my domains to it
<quizme> "gateway" is that my router?
<quizme> qman__ pastebin.com/7nLf0FFF  <-- does that look right for my case?  (my router is on 192.168.0.1)
<qman__> quizme_, yes
<quizme_> qman__ cool thanks!
<ryanluke> Hello all. I'm attempting to create a livecd like Je0S but based on Ubuntu 10.04 and with lampp pre installed. Does any one know the best way for me to do this?
<ryanluke> I could use remastersys on 10.04 but this would mean having a 700mb iso which is overkill. I tried using remastersys on JeOS 8.04 but this does no longer work.
<ryanluke> any one?
<qman__> ryanluke, I know that there are tools to create custom liveCDs and versions of ubuntu, but I don't know what they are or how to use them
<qman__> do you want a liveCD, or are you looking for a custom image for virtualization?
<ryanluke> a livecd, I want to distribute a web application on a cd at a conference coming up, so was wanting to set everything up so the user could just pop it in their machine
<qman__> JeOS is probably the wrong choice then, since it removes lots of drivers and things that make ubuntu compatible
<qman__> it's more intended for virtualization
<ryanluke> ah
<ryanluke> I was looking at puppy linux but this has lots of other packages installed which I have no need for and there is no easy way to remove them
<qman__> there are lots of things you could strip out of an ubuntu CD, though
<qman__> the reason ubuntu CDs are the size they are is not that it installs all those packages, it just makes them available
<ryanluke> I'm also currently looking at a tool for ubuntu called 'vmbuilder' but again, this only makes vm images rather than bootable iso's
<qman__> utilizing the size of CD media
<ryanluke> I'm guessing there are probably guides out there on stripping ubuntu down, this may be a vaible solution
<ryanluke> so, use ubuntu server, stripp out what I don't need, add what I do need then use remastersys
<qman__> I know there was a pretty neat tool for slackware to do this, but then you lose all the nice package management and default settings
<ryanluke> yea, I would like to stick with ubuntu as its what im most used to and what users are probably most familiar with
<qman__> but yeah, the base ubuntu server install actually only takes about 350MB of the disc, the rest are just commonly used packages to make available offline
<qman__> and if you really need more space, some of the base installed packages can be removed safely too
<ryanluke> awesome, I think I will take this route :)
<ryanluke> been experimenting and looking for a solution since about 10am this morning, its now 10pm. hopefully this will be my last attempt :)
<dominicdinada> Ugh I reinstalled   (l) AMP and mod_rewrite is not enabled running the commandapache2ctl -l does not list mod_rewrite, i have looked for the correct way to re-enable mod rewrite and all i find are articles from 2006 and well they are useless and outdated.
<dominicdinada> command: apache2ctl -l      ****
<sherr> dominicdinada: see : man a2enmod
<dominicdinada> ok another question modwrite is now enabled but i get the error that it cannot determine the FQDN.... which is alright but it defaults the server to 127.0.1.1 WTF  now 127.0.0.1 or the machine name ? how can i set it back to loopback instead of what it is defaulting to
<ryanluke> dominicdinada: you never thanked the last guy who helped you
<dominicdinada> Ugh i rebooted
<dominicdinada> and actually running apache2ctl -l once again mod_rewrite is still not listed
<dominicdinada>   core.c  mod_log_config.c  mod_logio.c  prefork.c  http_core.c  mod_so.c
<ajmitch> dominicdinada: probably because apache2ctl -l doesn't list any dynamically loaded modules, but only compiled in modules
<dominicdinada> ajmitch: ok so that still doesnt explain why i am getting a fqdn error all of a sudden of course i know what a fqdn is but why is it all of a sudden forcing a fqdn?
<ajmitch> sigh, no patience
<glick> excuse me does anyone know why when i start postfix i get the following error in the error file?
<glick> fatal: open database /etc/postfix/recipient_access.db: Invalid argument
<MrPhantastic> Hi, i'm wondering if anyone can help me, this is my first time install ubuntu, and after i burned the cd-image to a cd and loaded it up on my desktop. it went to the purple screen, and then ask me to select a language. But i'm unable to move to any other language or select the current one.
<MrPhantastic> is anyone there? :(
<YankDownUnder> Patience.
<ryanluke> seems he didn't have enough lol
<_Techie_> what CLI app can i use to bactch convert mp3's to AAC?
#ubuntu-server 2011-08-15
<arrrghhh> hello, can someone school me on LVM?
<arrrghhh> i have a media/file server whatever... and it's outta space again.  it seems LVM is what i should've done in the first place, but didn't.
<arrrghhh> i assume i need to pillage and start over on all hard disks that aren't the boot disk... correct?
<arrrghhh> hrm... perhaps i can start with the new disks in LVM, move the data to them and get the old disks into the LVM... this is all so new to me.
<arrrghhh> i'm used to boring old hard disks and partitions.
<twb> arrrghhh: you cannot in-place convert to LVM
<arrrghhh> twb, i have to completely reinstall ubuntu?
<qman__> LVM isn't the only way to expand your system
<qman__> it's just one
<qman__> what setup do you have now?
<arrrghhh> i'm not thinking i can save the data.  i was thinking start new hdd's on LVM, move data to new LVM, then move old hdd's to LVM
<arrrghhh> nothing
<arrrghhh> just hard drives lol
<arrrghhh> hard drives and mount points
<qman__> yes, but how are they configured?
<arrrghhh> not sure what you mean
<arrrghhh> no RAID
<arrrghhh> no LVM
<qman__> so a filesystem on each drive
<arrrghhh> yes
<qman__> yeah, that's not a good arrangement
<arrrghhh> most disks have one partition encompassing the entire disk
<arrrghhh> other than the main hdd with the installation on it
<arrrghhh> no, it's not very scalable.
<qman__> hard drives are inherently unreliable, and that doesn't even give you a performance advantage
<arrrghhh> yea, i realize that...
<qman__> total replacement is the only real way to accomplish it
<arrrghhh> ...
<qman__> create an array, copy files over
<arrrghhh> i have to shuffle my data around somehow
<arrrghhh> i gotta back everything up
<qman__> you could add disks to it as you go but it would take a very long time
<arrrghhh> so you recommend RAID...?
<qman__> yes
<arrrghhh> and only RAID?
<qman__> I have nothing positive or negative to say about using LVM
<qman__> I don't use it myself
<arrrghhh> hrm
<arrrghhh> well i've never used any of these advanced features
<arrrghhh> like i said, i'm used to just having hard drives and partitions
<qman__> I've expanded arrays a few times without LVM, no trouble
<qman__> using ext3
<qman__> LVM would allow you to expand without modifying the original, though
<arrrghhh> hum
<qman__> you could in theory create your current array, put data on it, then create a second array, and expand your LVM to both arrays
<arrrghhh> i just want something more easily scalable
<arrrghhh> this current setup was fine when i only had a couple of hard drives
<arrrghhh> but it's becoming unmanageable.
<qman__> it's fine until you lose data
<arrrghhh> i know
<arrrghhh> which i want to take care of this before i do
<arrrghhh> plus, i'm running out of disk space :D
<qman__> which will happen sooner or later, just a matter of luck
<arrrghhh> my one concern with RAID is i have a lot of different sized disks
<qman__> I definitely recommend RAID, or an alternative like ZFS
<arrrghhh> i didn't think i could RAID a bunch of different sized disks...
<arrrghhh> i didn't think ZFS was supported...?
<arrrghhh> or at least not stable.
<qman__> it's getting there, but it's only really stable on solaris kernels
<arrrghhh> yea
<arrrghhh> not exactly feasible for me...
<qman__> if you can't get new disks
<qman__> try to match up the sizes as evenly as possible
<twb> If you have md RAID 1, you could create a new degraded array on one half, move the data to it, then add the other disk into the array
<arrrghhh> hrm
<arrrghhh> well i am going to get new disks
<arrrghhh> but i'd like to still use the old ones
<twb> Oh well, that's much easier
<qman__> an array can only be as large as the greatest common denominator
<arrrghhh> indeed
<twb> qman__: ITYM lowest
<qman__> use the old disks for backups
<arrrghhh> and i have a couple of disks that don't match in size
<arrrghhh> and a couple that do
<arrrghhh> 1 500gb, 1 200gb, 2 1tb's.  looking to get a 2tb or maybe even 2x2tb's...
<_GoRDoN__> It's possible to use different sized disks with software raid but smallest disk would define the size you would be able to use from each disk
<arrrghhh> yea, i don't want to go that route
<arrrghhh> i know i'm taking a risk with my data, but i can't really afford that many hdd's right now.
<_GoRDoN__> of course you can make another array from those leftovers =)
<arrrghhh> and lose 300gb on my 500 gb drive?  lol no thanks.
<qman__> with what you have, I'd recommend either getting all new for your array, or getting more 1TB disks
<qman__> and ditch the smaller ones
<qman__> use them for something else
<arrrghhh> ugh
<arrrghhh> yea, if i wanted to do this server right
<arrrghhh> i really need to upheave it...
<qman__> a few other things
<qman__> don't buy 'green' drives
<arrrghhh> i usually get WD Caviar Black's.
<qman__> raiding those is a disaster waiting to happen
<qman__> and make sure you set up smartd
<arrrghhh> i have that setup
<qman__> preempting failure is critical
<arrrghhh> yea
<qman__> performance wise
<qman__> if you just want a big storage bin, one large array is good
<arrrghhh> ugh, the space i'm going to lose is the hardest to swallow
<qman__> in my case, I also run torrents on it, and I think that's caused some undue fragmentation
<arrrghhh> well i wanted to segment the bin's
<qman__> so, if I were to set up new, I'd separate that to a different disk or array
<arrrghhh> i was thinking one big RAID array and splitting it up logically with LVM
<qman__> I wouldn't do that just for organization, only if performance is an issue
<qman__> use a good directory structure for organizing
<qman__> it's the most scalable and will have the least problems
<arrrghhh> well yea but my directory structure has outgrown a single disk
<arrrghhh> so all the media i buy is backed up to the server, and we watch it thru a UPNP media streamer, so no fumbling with discs
<qman__> the less barriers you have, the easier it will be to maintain
<arrrghhh> i have a hdd for tv shows, and a hdd for movies
<arrrghhh> they're both getting past the point of being able for all  my tv shows to fit on one hdd
<qman__> I have directories for each
<qman__> on the root of my array
<arrrghhh> and all your disks in one big array?
<qman__> yes
<qman__> well, actually not the root
<qman__> I have my array mounted on /home
<qman__> and everyone's home folder is there, plus two
<arrrghhh> yea i'd probably put it on /media
<qman__> one 'public' for the data
<arrrghhh> but that's neither here nor there
<qman__> and one 'torrentflux', for the obvious
<qman__> inside public there are folders for all the things, movies, TV, games, music, etc
<arrrghhh> i guess i need to read up on RAID arrays
<qman__> and I set up my file shares based on it
<arrrghhh> one thing that i'm not sure how to do, is backup all the data i have and get the existing disks into the array
<qman__> if I were to do it again, I'd put torrentflux on a separate disk or array, because of the performance hit on a raid 6
<arrrghhh> assuming i trash the 200/500
<arrrghhh> and just go with 1t's
<qman__> it'd take some shifting, but if you buy three new ones you can do it
<arrrghhh> i didn't think i could do RAID6 with just 2 disks is my dilemma...
<arrrghhh> ah
<arrrghhh> if i buy three new ones, i see how that would work
<arrrghhh> not sure the space would be there... hum.
<qman__> raid 5 them, copy one 1TB to it, add that disk, copy the other 1TB, add it, then copy the smaller ones
<arrrghhh> i need to read up on the different levels
<arrrghhh> RAID6 you can survive up to 2 disk failures
<arrrghhh> and 5 is just 1 failure, correct?
<qman__> 1 is mirror, 5 is striping with one parity disk, 6 is striping with two parity disks
<qman__> yes
<arrrghhh> yea i need to re-read all that crap on striping and parity
<qman__> I'm running 12 disks, 11 in raid 6 and a hot spare
<arrrghhh> 12 zomg
<arrrghhh> i need a bigger server :P
<arrrghhh> i don't even know how many my case can handle... let alone the mobo.
<qman__> I got a new SATA3 controller, it can handle the full 6GB/s on all channels
<_GoRDoN__> qman__: Are you using some kind of multiplier or something?
<qman__> my disks are SATA2 but preparing for the future
<qman__> the controller has 8 channels, plus the onboard has 6 + 2
<qman__> unfortunately the onboard controller doesn't like my samsung disks, so I'm still using one of my old PCI controllers for now
<arrrghhh> qman__, you do software RAID tho, right?  mdadm or whatever?
<qman__> but when I upgrade, it'll be ready
<qman__> yes
<arrrghhh> k
<qman__> next upgrade I'm going to get one of those norco rackmounts with 24 hot swap bays
<qman__> but that's a while off
<arrrghhh> yea i thought my server build would last me a few years
<arrrghhh> already outgrew it
<arrrghhh> been slowly adding to it, seems now I need to spend some serious cash to get it up to snuff.
<qman__> mine started as a budget thing, originally with 6 500GB disks, second hand CPU and power supply, emachines case, etc
<qman__> outgrew that, added two more disks and a real case
<qman__> then my array crashed, so I replaced it with 8 1TBs
<qman__> then the motherboard quit so I got a real core
<qman__> and recently the disks I used went on sale, so I got four more
<arrrghhh> ha
<_GoRDoN__> =)
<qman__> but I'm having some bad performance issues
<qman__> I can only get about 30-35MB/s writes
<qman__> raid 6 is a real bear
<qman__> and I think I've got fragmentation issues
<arrrghhh> yea, mine's still inbetween the budget and crazy rig stage.
<arrrghhh> i've got a fairly good processor, but RAM specs are low, and disk arrangement is obviously not ideal :P
<qman__> the next full rebuild will use ZFS or btrfs, or something like them
<arrrghhh> yea, ZFS sounds promising
<arrrghhh> and from what i read, ext is really just waiting for btrfs to replace it lol
<qman__> still using the 4GB quantum fireball for the system partition
<twb> ZFS has the cuddle of death
<twb> wait for btrfs
<arrrghhh> cuddle of death?
<twb> CDDL
<qman__> if that drive ever dies, I'll move to a flash disk of some kind, probably CF
<arrrghhh> oh
<twb> SATA SSDs are vastly better than CFs, and not much dearer
<twb> We ran CF for a while, it was a major PITA
<twb> e.g. apt-get update would take ten minutes
<qman__> yeah
<qman__> I've got one in my T23
<twb> Also, IME you're better off going RAID1 instead of RAID5/6, provided you can live without that extra disk worth of storage
<qman__> 5 isn't too bad but 6 is a huge performance hog
<_GoRDoN__> clear
<_GoRDoN__> wrong window...
<twb> qman__: even with 5 you have to fuck about aligning stripes and such
<twb> qman__: I usually don't have time to get that stuff right; it's easier to just say "You get 2TB, not 6TB.  Suck it up, princess."
<arrrghhh> lol
<arrrghhh> i don't really want to lose any disk space, but that's the price you gotta pay for security
<twb> s/security/reliability/
<twb> Or rather: minimizing hassle
<arrrghhh> so a bunch of raid1 array's minimize hassle?
<_GoRDoN__> btw does the raid controller matter that much if you are using software raid as long it's supported?
<arrrghhh> _GoRDoN__, the point of doing software RAID is you don't need a RAID controller...
<twb> Er, *a* RAID1
<twb> _GoRDoN__: if you're using md raid, there is no "raid controller"
<twb> _GoRDoN__: you just use any old AHCI SATA controller
<qman__> with software raid, the only thing that matters is throughput
<qman__> as long as the controller can keep up with all the disks you attach, it's good
<lifeless> and your UPS
<twb> lifeless: don't talk to me about managers buying hardware raid cards without BBUs :-/
<_GoRDoN__> eh.. meant sata controller
<qman__> also, in case you were wondering what I managed to cram 13 hard drives into, it's this: http://www.newegg.com/Product/Product.aspx?Item=N82E16811119152
<lifeless> twb: :)
<twb> qman__: *hello, SPOF*
<twb> I've shipped a few Centurions in my time; they're alright for their price.
<qman__> 3 4-in-3 adapters, and the last one's in the floppy holder, resting behind the front panel
<twb> Come to think of it, I can't remember the last non-rack case I shipped...
<arrrghhh> well this server is for my house
<twb> qman__: hope you put in three fans, too
<arrrghhh> no server rack here unfortunately
<qman__> actually 8
<arrrghhh> yea seems like you'd want to load up on fans if you have that many disks...
<lifeless> that or put them outside
<twb> lifeless: disks in the sunshine?  :P
<qman__> it does the job, but 'hard to work on' is an understatement
<qman__> too many wires
<twb> Obviously you need wireless disks!
<_GoRDoN__> I actually have 10 disks in their own box next to computer..
<_GoRDoN__> Connected with esata... bit slow but works
<qman__> some of the connectors on the power supply broke at one point
<qman__> so to power the last four drives, I have a SATA to two molex adapter, hooked to two molex to two SATA adapters
<kieppie> hi all. I run mostly an Ubuntu/Debian network, & a pfSense firewall. I'm looking for a way of specifying my apt-cache proxy in the DHCP options. any ideas, please?
<twb> kieppie: you mean, you want the DHCP client to learn about your apt-cache proxy from the DHCP server, and to tell apt to use it?
<kieppie> twb: that is correct
<twb> kieppie: can't be done
<twb> Rather: there is no existing infrastructure, but you could write your own by hijacking a DHCP option number, and writing custom dhclient post-hooks.
<qman__> yeah, but I'm assuming the reason you are even pursuing this is for zero configuration apt clients
<qman__> and that defeats that purpose
<qman__> better option is a transparent proxy discriminating on apt sources
<KREDO> privet vsem u menya fujitsu siemens s3, ne mogu ustanavlivat 11.04 server, pomogite!
<twb> I can't even guess what language that is.
<twb> Something cyrilic, apparently.
<arrrghhh> lol
<twb> https://secure.wikimedia.org/wikipedia/en/wiki/Uzbek_language ?
<bazhang> nope Russian
<bazhang> !ru | KREDO
<ubottu> KREDO: ÐÐ¾Ð¶Ð°Ð»ÑÐ¹ÑÑÐ° Ð½Ð°Ð±ÐµÑÐ¸ÑÐµ /join #ubuntu-ru Ð´Ð»Ñ Ð¿Ð¾Ð»ÑÑÐµÐ½Ð¸Ñ Ð¿Ð¾Ð¼Ð¾ÑÐ¸ Ð½Ð° ÑÑÑÑÐºÐ¾Ð¼ ÑÐ·ÑÐºÐµ. | Pozhalujsta naberite /join #ubuntu-ru dlya polucheniya pomoshi na russkom yazyke.
<twb> bazhang: thanks
<KREDO> bazhang: tam ne otvechayut
<bazhang> KREDO, be patient, or speak english here
<KREDO> bazhang: I can't install 11.04 server Fujitsu siemens s3
<bazhang> KREDO, what are the exact errors you are getting? did you md5 the iso, burn at low speed, do the disk integrity check?
<bazhang> !md5 | KREDO
<ubottu> KREDO: To verify your Ubuntu ISO image (or other files for which an MD5 checksum is provided), see http://help.ubuntu.com/community/HowToMD5SUM or http://www.linuxquestions.org/linux/answers/LQ_ISO/Checking_the_md5sum_in_Windows
<bazhang> KREDO, pastebin the errors
<bazhang> !paste | KREDO
<ubottu> KREDO: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Ursinha> good morning
<uvirtbot> New bug: #826559 in php5 (main) "phar executable missing" [Undecided,New] https://launchpad.net/bugs/826559
<philipballew> I wanna set up key authentication on my ubuntu server. any idea?
<jpds> Key auth, for SSH?
<philipballew> jpds, yeah, can someone tell me about that
<philipballew> safer i assume?
<greppy> generally, yes.
<jpds> philipballew: Put the public keys for your SSH key into ~/.ssh/authorized_keys, profit.
<greppy> http://pkeck.myweb.uga.edu/ssh/
<greppy> should have some decent info
<jpds> philipballew: https://help.ubuntu.com/community/SSH/OpenSSH/Keys
<philipballew> whats the best way to move the key to my server?
<greppy> in it's simplest form, you use ssh-keygen to generate a key, then put the .pub file contents into authorized_keys on your remote system.
<philipballew> the sever is currently with me, but it wont always be
<jpds> philipballew: scp ?
<jpds> philipballew: ssh-copy-id ?
<greppy> the pub version is "safe" to transfer unencrypted if you have to, but scp/sftp is preferred.
<greppy> treat the private key with the same paranoia that you would the security of /etc/shadow
<philipballew> would a simple flash drive be easy enough?
<philipballew> would a simple flash drive be easy enough?
<greppy> just don't loose it or let someone else have it :)
<greppy> if they have the private key, they can get in.
<philipballew> makes sence. ubuntu server is a manual mount system correct?
<greppy> "it depends" :)
<philipballew> well i can install usb mount
<philipballew> or pmount
<philipballew> something like
<philipballew> that
<lynxman> Ursinha: morning :)
<ethana2> Ok, so I'm trying to install Ubuntu Server 11.04 in VirtualBox 4.1.. I start up the vm, set a few options, and then when I select 'install', it just sits there black.
<ethana2> I've got PAE enabled in the vm manager
<twb> Sigh.
<twb> So <managers> made me remove PRUNEFS from updatedb.conf on their favourite shell server, so locate would work there with the stuff in NFS.
<twb> Now they're complaining because root_squash is still preventing information disclosure
<twb> Dollars to doughnuts they'll want to remove root_squash, too :-/
<uvirtbot> New bug: #826601 in rtmpdump (main) "FFe: multiarch dependencies of libcurl, needed for proper functioning of flashplugin-installer" [Undecided,New] https://launchpad.net/bugs/826601
<tommy_nmw> hello everyone
<tommy_nmw> I want to copy or backup of my existing ubuntu server with full package installed at work, and bring that image on portable HDD drive and take it home and install it on my home pure Ubuntu server which is without internet
<tommy_nmw> How could I do without installing any other extra software ?
<twb> tommy_nmw: does the airgapped machine have only main enabled, or also universe?
<tommy_nmw> twb: I am sorry I don't understand airgapped machine ?????
<twb> tommy_nmw: "airgapped" means it has no internet
<_ruben> a home without internet, that must be horrible
<twb> _ruben: I am rapidly getting there
<tommy_nmw> twb:  It is only a computer with no installation
<twb> _ruben: I want internet, my brother works for iinet, so he wants to get an iinet plan, but doesn't want to pay for it.
<twb> _ruben: I'm getting to the point where I just say "fuck it, you have whatever you want, and I won't use it"
<tommy_nmw> twb: no ubuntu installed yet
<twb> tommy_nmw: ah, OK
<twb> tommy_nmw: you can do a base install using a server CD; you don't need an internet connection.
<twb> tommy_nmw: it just means you won't have any security updates automatically installed from the internet.
<tommy_nmw> twb: yes. I will do
<tommy_nmw> twb: I am just thinking how to copy HDD image to clone to unpartition HDD of my home computer
<twb> tommy_nmw: I advise against that.
<tommy_nmw> twb: If it is the only solution, I will try to install basic server install on home computer with server CD first
<tommy_nmw> hello anyone can help me?
<tommy_nmw> I want to copy or backup of my existing ubuntu server with full package installed at work, and bring that image on portable HDD drive and take it home and install it on my home pure Ubuntu server which is without internet.How could I do without installing any other extra software ?I am just thinking how to copy HDD image to clone to unpartitioned HDD of my home computer.
<kim0> tommy_nmw: checkout clonezilla
<tommy_nmw> kim0: is there any user friendly guide? can we save image directly from clonezilla to portable USB HDD drive ?
<tommy_nmw> kim0: do you mean clonezilla live CD?
<kim0> tommy_nmw: yes, and yes
<tommy_nmw> kim0: chinese stuffs. no USA stuffs ?
<tommy_nmw> kim0: i m just kidding
<kim0> :)
<tommy_nmw> kim0: may be chinese are better or smarter at cloning like doing pirate Copy as the whole world know
<tommy_nmw> kim0: btw, http://clonezilla.org/related-live-cd.php shows 3 links
<tommy_nmw> kim0: what do I download ?
<kim0> tommy_nmw: neither, this one http://clonezilla.org/downloads.php
<tommy_nmw> kim0: thanks
<tommy_nmw> kim0:  thanks mr kimchi
<kim0> you're welcome
<Aaron__> is there a dhcp server included into the cdrom for ubuntu server
<Aaron__> Hello?
<Jeeves_> Yes, multiple, I thuink
<Aaron__> just checking if anyone was awake. lol
<twb> I was gonna say "mm, kimchi" but I can't remember the hangul keyboard layout anymore :-(
<twb> ê¹ì ?
<twb> Damn, close
<Aaron__> i'm trying to install 2 servers a DCHP and a samba server, but when i'm installing the system i'm having problems, but i need to have it all local no internet on this machine
<Aaron__> if I could use x11 i could do it I think but I'm trying to do it with out plus it won't let me install a x11
<Aaron__> i'm using 11.04
<Aaron__> any help?
<CloudAche84> try sudo tasksel
<Aaron__> it keeps saying when I try to install the packages that it's stalled
<CloudAche84> using the above cmd?
<tommy_nmw> how could I install phpmyadmin offline  to the correct path ?
<tommy_nmw> like we install using apt-get install phpmyadmin
<Aaron__> What i'm going to do is reinstalled because I've screwed it up so much so I will talk to you guys in a bit
<CloudAche84> when you reinstall just select "select packages manually" during installation and you should be able to selec DHCP3
<CloudAche84> I think
<CloudAche84> :)
<Aaron__> it's not there but I saw a different dhcp sever but it always say stalled
<tommy_nmw> kim0:
<tommy_nmw> hi
<tommy_nmw> the two computers will be different  including model and disk size. does that matter to restore well ?
<tommy_nmw> hi all
<tommy_nmw> with clonezilla live, can we restore backup of 80GB sized ubuntu server to 40GB sized machine ? I used only partition to image type. not disk to image.
<kim0> tommy_nmw: it should work yeah, please read up more info at clonezilla website
<tommy_nmw> kim0: my home server is just PC nothing installed yet. even basic ubuntu server version. is that ok ?
<kim0> I *guess* .. you need to read more information
<tommy_nmw> kim0: ok
<uvirtbot> New bug: #826672 in dhcp3 (main) "/tmp debug file sillyness " [Undecided,New] https://launchpad.net/bugs/826672
<Daviey> adam_g: Were you able to send that mail?
<uvirtbot> New bug: #826749 in mysql-dfsg-5.1 (main) "package libmysqlclient16 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/libmysqlclient.so.16.0.0', which is also in package mysql-cluster-client-5.1 0:7.0.9-1ubuntu7" [Undecided,New] https://launchpad.net/bugs/826749
<skrite> hey all, i am building a server with mysql-cluster and apache searvers across either 3 or 4 computers.. how is load balancing handled for a setup like this?
<pythonirc101> when will the python-matplotlib package be updated? Any ideas?
<TheEvilPhoenix> pythonirc101:  no clue.
<TheEvilPhoenix> we don't know when packages will get updated
<Pici> pythonirc101: Why does it need to be updated?
<TheEvilPhoenix> you know i am also curious which release they're using...
<TheEvilPhoenix> i assume natty
<TheEvilPhoenix> but i may be wrong
<Dori922> im getting a "Read from Socket failed: Connection reset by peer // Connection closed by 172.19.1.x" when i try to SSH into my UEC node.. my router doesnt have a firewall though so i dont know whats wrong
<uvirtbot> New bug: #826795 in mailman (main) "Python dependencies are missing" [Undecided,Confirmed] https://launchpad.net/bugs/826795
<RNDguy> Hello , could someone please tell me how to enable/configure my second nic during an install of natty. I paused the install , opened a shell , but there is a remarkable absence of ifconfig.
<RNDguy> what command can i use instead?
<ChmEarl> RNDguy, cat >>/etc/network/interfaces<<EOL
<ChmEarl> type in your lines, then EOL
<RNDguy> ok i was able to edit it
<RNDguy> so how do i restart networking now
<RNDguy> thnx for taking the time btw
<uvirtbot> New bug: #826828 in clamav (main) "Clamav microversion update for 0.97 -> 0.97.2" [Undecided,Fix released] https://launchpad.net/bugs/826828
<RNDguy> @ChmEarl Made it work another way . I mapped the server on the other network with another computer , just the time to install it. Thnx anyway.
<hallyn> smoser: I just got the thing in oneiric where libvirt needs to be stopped and restarted for it to see cgroups
<hallyn> this could be ugly
<smoser> hallyn, i actually see cgroups-bin not getting mounted on boot also
<lynxman> hey smoser o/
<smoser> libvirtd-bin should correctly restart
<smoser> and should apparently start after cgroups-bin
<smoser> lynxman,
<smoser> ho
<smoser> hi ho
<lynxman> :)
<smoser> whats up?
<lynxman> smoser: not much, trying vlan support on diablo and playing with upstart, let me know if I can help to test libvirt-lxc
<smoser> lynxman, so.. i had it working on the plane..
<smoser> and odn't know what was wrong
<smoser> :)
<lynxman> smoser: hah, the plane magic
<smoser> yeah... so i suspect race condition was making it work.
<lynxman> hah
<zul> smoser: it must be the greenland effect
<zul> RoAkSoAx: are you going to do some documentaiton on how to boot cobbler with real hardware with ensemble?
<Daviey> RoAkSoAx: kicking off a wiki page would be a BIG help
<RoAkSoAx> zul: yes...
<RoAkSoAx> Daviey: and that';s what I was planning
<RoAkSoAx> zul: Daviey though, there's still things that need to be tested/merged into ensemble's trunk because all the work has been based of a branch I had
<RoAkSoAx> which has changed due to refactoring code done by fwereade
<zul> RoAkSoAx: k was thinking of updating cobbler this week as well
<RoAkSoAx> zul: Daviey so at the moment,s thinsg that I do get changed due to re-factoring on ensemble
<Daviey> RoAkSoAx: do you know when it will land?
<RoAkSoAx> Daviey: not really
<RoAkSoAx> Daviey: that's all in hands of fwereade
<RoAkSoAx> err that's all in fwereade's hands
<Daviey> RoAkSoAx: do you want to chase to get an idea?
<RoAkSoAx> Daviey: i've been chasing for the past couple weeks and yet,things are not fully in trunk
<RoAkSoAx> Daviey: I hope things will land by the end of this week though
<Daviey> SpamapS: Have you applied for a blanket FFe for ensemble>
<Daviey> ?
<adam_g> Daviey: WRT to that email, just got to an internet connection. gonna craft it now
<Daviey> adam_g: you rock star.
<RoAkSoAx> Daviey: zul btw... check the new cobbler ubuntu look kirkland did during the past week
<SpamapS> Daviey: no, we're preparing that now. :)
<hallyn> kirkland: hey, http://people.canonical.com/~serge/ipxe.debdiff works great for me.  Do you mind pushing it?
<Daviey> RoAkSoAx: Err, has that been uploaded?
<RoAkSoAx> Daviey: the change to the cobbler look and feel for ubuntu? yes
<Daviey> oh
<zul> hmm..."nov.ec2.archive.ubuntu.com" probably doesnt work when running on a local instance
<zul> adam_g: ping have you tried s3 swift/glance  yet?
<adam_g> zul: tried it where?
<Ursinha> Daviey, :)
<Ursinha> Daviey, all of the packages server team care about have ubuntu-server as subscriber?
<Ursinha> just checking so I can mark other task as done
<zul> adam_g: on the ensemble formulas
<adam_g> zul: yeah, the glance formula will store in local file store until a relatoin has been added to swift-proxy, then it will put them there
<arrrghhh> hey, some new users.  i want some more opinions on what i should do with my server
<arrrghhh> currently i have no RAID, no LVM, just a few hard drives that are partitioned and mounted.  nothing fancy.
<arrrghhh> i'm out of disk space, and i need to add more disks
<arrrghhh> i like the concept of LVM, but i don't know much about it
<arrrghhh> RAID is obviously good for reliability, but it seems I'm going to have to buy 3 more hard disks and I'll only get one extra terabyte out of the deal... which is quite a pill to swallow.
<Ursinha> arrrghhh, I haven't tried to work with several physical hard drives with LVM, I use it only with one hd
<Ursinha> so I don't know if it has specific issues on this part, but other than that it works pretty well
<Ursinha> I'd at least give it a try (if possible)
<arrrghhh> hrm
<arrrghhh> i guess i don't see the advantage of LVM on one hard disk?
<arrrghhh> just the ability to easily add more space on-the-fly?
<Ursinha> pretty much
<arrrghhh> do you have raw unpartitioned space on your hard disk?
<Ursinha> no
<arrrghhh> huh.  i guess i just sliced up my entire hard disks and use 'em until they're almost empty
<arrrghhh> then i try to plan a few months out, so i get more space before it completely runs out :D
<Ursinha> hahaha
<Ursinha> I believe you can avoid that with lvm
 * Ursinha reads docs so it won't talk nonsense here
<arrrghhh> avoid...?  i'll always need to add moar disks.
<arrrghhh> i've read docs on LVM.  just not sure that's the best option for *me*
<arrrghhh> although there might be aspects I'm not grasping on LVM, having only read docs and never actually using it...
<uvirtbot> New bug: #826873 in ntp (main) "ATOM refclock driver not compiled into ntpd" [Undecided,New] https://launchpad.net/bugs/826873
<bluefrog> arrrghhh, what's your server for? business? then RAID + LVM. home? then LVM enough
<arrrghhh> yea just home
<arrrghhh> it seems like LVM would be enough
<RoAkSoAx> zul: the pre-installed image from the pandboard is omap or omap4?
<arrrghhh> obviously i'd get no redundancy
<arrrghhh> so if a hard disk does fail, that data is gone.
<zul> omap4
<bluefrog> arrrghhh, raid and/or lvm is not backup.
<arrrghhh> bluefrog, i'm not talking about a backup
<arrrghhh> i'm talking about reliability
<RoAkSoAx> zul: did you experience any problems with minicom?
<RoAkSoAx> zul: for some reason it just doesn't display anything
<arrrghhh> as i understand it, with a RAID5 array i could survive one complete disk failure
<bluefrog> arrrghhh, "that data is gone"  you're talking about backup
<zul> RoAkSoAx: in mincom?
<arrrghhh> with LVM, there's no reliability, just a better way to manage disks.
<RoAkSoAx> zul: yeah
<zul> RoAkSoAx: you sure you are using the right serial port?
<bluefrog> arrrghhh, home server. am pretty sure ou can survive a few days without your server running...
<RoAkSoAx> zul: yes
<zul> RoAkSoAx: is it powered on? ;)
<RoAkSoAx> zul: i'm thinking it my be my partitions of the sd card
<RoAkSoAx> zul: of course lol
<zul> RoAkSoAx: probably i had the same problem i had to re fdisk the thing
<arrrghhh> bluefrog, i just want to make sure i understand the pros & cons.  i don't really have a backup scheme in place, there would just be too much data to backup.  i would basically need another file server to backup the original file server.
<arrrghhh> i have vital data backed up, but there's a lot i would consider not vital.
<RoAkSoAx> zul: how many and type of partitions did you create?
<zul> RoAkSoAx: iirc i created one big linux partition and let the installer redo it
<pmatulis> arrrghhh: how much data are we talking about?
<arrrghhh> pmatulis, i'm almost to 3tb
<arrrghhh> looking at adding at least another tb, probably 2...
<arrrghhh> but it's lunchtime, sorry.  i'll bbl.
<bluefrog> pirated movies, songs i definitely not vital
<bluefrog> except if you own the original dvd of course
<bluefrog> in tha case not vital either as you have the original
<bluefrog> so lvm will be fine
<pmatulis> a 2TB USB drive goes for around $110 'round here...
<RoAkSoAx> zul: the power on buttoin is the closes to the SD car right?
<zul> i think so, mine is not in front of me
<RoAkSoAx> zul: well that's the one that messes up with the small grenn light :)
<zul> :P
<RoAkSoAx> zul: unless it requires me to connect it to a monitor?
<zul> it doesnt
<zul> check on #ubuntu-arm
 * RoyK sticks to debian for ARM devices - better support for older CPUs
<RoAkSoAx> zul: did you partition your sdcard in any specific way?
<zul> RoAkSoAx: dont think so
<RoAkSoAx> zul: did you create just 1 partition and formatted it or did you remove any partitions and just copied the ubuntu image
<zul> i created one image and did nothing else with it
<RoAkSoAx> zul: never mind figured it out :) it's trying to netboot apparently now at least
<RoAkSoAx> heheh
<zul> RoAkSoAx: cool
 * RoAkSoAx off to lunch\
<medberry> When installing a lot of machines (virtual or otherwise) with the Ubuntu Server installer, I see DHCP IP exhaustion as each machine ends up with two leases. A temp one (possibly with the generic name "ubuntu") and then the final name of the machine. Anyone know the preferred way to configure ISC DHCPD to only issue a single IP per MAC? I thought using "duplicates" in the dhcpd.conf would do the trick but apparently not.
<hallyn> RoAkSoAx: hey, whenever you get a chance, would you mind uploading 2 libcgroup updates for me?
<hallyn> RoAkSoAx: http://people.canonical.com/~serge/lucid-libcgroup.debdiff for lucid ,
<hallyn> RoAkSoAx: and http://people.canonical.com/~serge/maverick-libcgroup.debdiff (on top of maverick-updates) to maveirck?
<hallyn> RoAkSoAx: (biab) thanks!
<fowlduck> does upstart respect LSB headers of scripts in /etc/init.d/* that are run via /etc/rcn.d/S*?
<fowlduck> I'm wondering about the interaction between the two systems
<Psi-Jack> Does Ubuntu's server kernel have a CPU limit on it, to how many it will address? Anyone know what that is, for 10.04 LTS?
<RoyK> Psi-Jack: IIRC 32 cores maximum
<RoyK> or 64
<Psi-Jack> So to get 48, I might have to recompile. hmmm
<RoyK> should be sufficient for most setups
<RoyK> Psi-Jack: try it - I don't remember if it's 32 or 64
<RoyK> recompiling the kernel with 48 cores shouldn't take too long, though :P
<Psi-Jack> Heh, I don't actually have the servers yet, specced them out and starting the process up the chain of command. ;)
<Psi-Jack> Oh, I know, I just was curious how much work I'd have to do to get it up there. ;)
<RoyK> I have a few 2x12 core machines
<RoyK> those work welll
<RoyK> s/.$//
<Psi-Jack> I'm getting 3 4x12 CPU servers. ;)
<RoyK> how much memory?
<Psi-Jack> 256 GB
<RoyK> nice :)
<RoyK> for what use?
<Psi-Jack> he
<Psi-Jack> Database servers.
<RoyK> wtf?
<RoyK> 3x48 cores for - what - databases?
<Psi-Jack> Yep. ;)
<RoyK> lots of stored procedures or something?
<RoyK> most DB load I see is i/O
<Psi-Jack> Nope. We need these servers to handle a LOT of load.
<RoyK> database load without stored procedures is typically I/O bound
<Psi-Jack> It's a lot of Disk, yes, but when you have 2,000+ database connections and replication going on, CPU load does go up.
<RoyK> but 48 cores?
<RoyK> seems overkill to me
<Psi-Jack> Hey, I specced it out to 2x8, initially. LOL
<RoyK> our 24core machines are compute nodes
<Psi-Jack> It was the company that suggested going up higher for upwards scaling.
<Psi-Jack> Well, the datacenter techs anyway. ;)
<Psi-Jack> I said.. Okay...
<RoyK> heh - seems they wanted to sell a bit more
<RoyK> I'd love to see the performance rating on those, though
<Psi-Jack> Heh
<RoyK> probably 80-90% idle
<Psi-Jack> Yeah, it's also gonna be running pacemaker
<Psi-Jack> And MySQL is the database server itself.
<RoyK> you'll need to have a LOT of stored procedures to make a database server use 48 cores
<RoyK> ouch
<RoyK> mysql sucks rather badly
<Psi-Jack> I know this.
<Psi-Jack> Convincing them to switch to PostgreSQL hasn't worked yet.
<RoyK> I guess you would have been doing good with a quad or two
<RoyK> or hex, since you're on opteron
<Psi-Jack> Yeah. But either way, not my money. I wanted something high performance, they wanted to attach it to the EMC SAN.
<RoyK> fewer, faster cores will do better on mysql
<Psi-Jack> I didn't like the idea of the SAN for it, but looking at a lot of the specs for it, 4Gb/s FC to FC Disks seems to have some pretty high performance.
<RoyK> it can't balance load over several cores for a single query
<Psi-Jack> Eh? MySQL's threaded, though, are you /sure/ about that statement?
<RoyK> it's threaded, sure, but a single query won't run on several cores
<RoyK> even postgres can't do that in most circumstances
<RoyK> or at all
<Psi-Jack> Welp, Looking at the kernel-ppa configs, it's 64. ;)
<RoyK> Psi-Jack: ?
<Psi-Jack> http://kernel.ubuntu.com/~kernel-ppa/configs/lucid/amd64--server  -- CONFIG_NR_CPUS
<RoyK> 64
<Psi-Jack> Yep. :)
<RoyK> still, I doubt you'll be able to use them all with myqsl
<RoyK> s/myqsl/mysql/
<RoyK> with some 100 concurrent queries, you should, but most of the load is i/o bound and every query will normally be executed in a single thread
<jodie> anybody doing xen on ubuntu server 10.04.3 LTS?
<medberry> When installing a lot of machines (virtual or otherwise) with the Ubuntu Server installer, I see DHCP IP exhaustion as each machine ends up with two leases. A temp one (possibly with the generic name "ubuntu") and then the final name of the machine. Anyone know the preferred way to configure ISC DHCPD to only issue a single IP per MAC? I thought using "duplicates" in the dhcpd.conf would do the trick but apparently not. hallyn, zaid_h zu
<medberry> l does this ring any bells?
<Rickmasta> Hey guys, I have an unmanaged vps running ubuntu, it does not have cpanel or directadmin.
<Rickmasta> How can I set up a domain on my vps?
<sheepherd> hey guys what do you recommend? ubuntu server 64x LTS or 11.04?
<arrrghhh> 10.04 on a server
<arrrghhh> 11.04 on a desktop
<arrrghhh> well, i wouldn't recommend 11.04 because of Unity, but that's another story.
<arrrghhh> on a server, i usually recommend people stick to LTS releases.
<sheepherd> hehe ye i know im really happy i can just choose ubuntu classic ;)
<sheepherd> whats the reason?
<arrrghhh> for sticking with LTS?
<sheepherd> yea. cuz i mean why would they release any other server version than LTS if it wasnt better?
<sheepherd> or did stability decrease with the additional features?
<RoyK> joschi: last I checked, xen wasn't supported
<RoyK> sheepherd: I'd never use 11.04 on a server unless it was a test machine
<RoyK> sheepherd: LTS is well kept after for stability, for the non-LTS releases, that seems to be a bit more slack
<sheepherd> RoyK: k... well i guess i'll stick with 10.04 then. thx :)
 * RoyK still have 8.04 on some servers 
 * w00 has 11.04 on all Ubuntu servers
<arrrghhh> lol w0
<arrrghhh> way to dilute the conversation :P
<arrrghhh> 8.04... isn't that expiring soon?
<arrrghhh> i guess security patches until 2013
<w00> To each his own :)
<arrrghhh> w00, for a production server i wouldn't want to do a complete distro upgrade every 6 months.
<RoyK> arrrghhh: never fix a winning team
<arrrghhh> lol
<arrrghhh> RoyK, unless it runs out...
<RoyK> arrrghhh: well, iirc there's 18 months support for the non-LTS releases
<arrrghhh> just had some poor sap trying to get his 6.06 box up on 8.04 the other day...
<RoyK> still low if you have 50 servers
<arrrghhh> you're right, server support is a little longer
<arrrghhh> but still
<arrrghhh> i am lazy :D
<RoyK> most good sysadmins are :P
<arrrghhh> hehe
<RoyK> the eager ones install jalladistro-2012-0.1.alpha and get sacked a week later
 * RoyK is off to bed - nite guys (or gels)
<arrrghhh> yea, i'd rather have crap work
<arrrghhh> cya
<sheepherd> you guys all have the LPI certificate? does that prove any skill as sysadmin?
<arrrghhh> not i
<arrrghhh> i manage all sorts of servers at work, none of them Ubuntu... my Ubuntu Server sits in my house ;)
<Daz___> Hi. I have a server I want to install Ubuntu server 11.04 on. The problem is that the raid-option in the bios seems not supported in ubuntu. Is there a fix to be able to use the raidsystem using IntelÂ® C204 PCH Chipset?
<SpamapS> Daz___: what kind of RAID do you want to do?
<Daz___> raid1
<Jeeves_> Does anyone use Ruby around here?
<CluelessPerson> Hello everyone.
<CluelessPerson> I just built a new dedicated server.
<CluelessPerson> and now I need to know what distribution of linux I need to install on it
<CluelessPerson> 64 bit -  i3  with hyperthreading, 8GB of ram
<CluelessPerson> could someone tell me which linux distribution may serve me best?
<Jeeves_> CluelessPerson: Since you're in #ubuntu-server
<Jeeves_> the answer will probably be 'Ubuntu'
<Jeeves_> :)
<CluelessPerson> Jeeves_ I figured. :p  I used Ubuntu headless 32bit on my previous server, modified 2001 P4 1.8ghz 512 ram
<CluelessPerson> my new dedicated server, 3.1 ghz (overclockable) i3 with 8GB ram, SSD system drive :D
<CluelessPerson> much better and much more fun. :D
<CluelessPerson> damn, I don't want to leave for work in 8 minutes. ;_;
<CluelessPerson> spent $450 on this server
<CluelessPerson> well, desktop to be my server. >:3
 * CluelessPerson has a sadface.
 * CluelessPerson wishes he could skip work today and setup his new minecraft server. >:)
<Jeeves_> Why?
<Jeeves_> Someone's gotta pay for your new server :)
<CluelessPerson> Already paid for. >:)
<CluelessPerson> Next I'll probabaly be saving up for a $1200 camera
<CluelessPerson> then $1000 for an i7 16GB 3.1GHZ desktop.
<CluelessPerson> garRRRR
<CluelessPerson> Jeeves_  How might I achieve sending different sub-domains down different ports?
<Jeeves_> you don't
<CluelessPerson> Jeeves_  just thinking of how I might handle different minecraft worlds on the same server.
<CluelessPerson> it's so creative. :D
<Jeeves_> I've got no clue what minecraft is
<CluelessPerson> Jeeves_  really?  It's a very pixelated building world.
<CluelessPerson> Jeeves_ Think legos but much much much more versatile.
<CluelessPerson> Jeeves_   you can basically set/change blocks across a huge generated landscape and build, explore, and more
<CluelessPerson> Jeeves_ make sure to look it up, but I have to go NOW
<CluelessPerson> Jeeves_  I have work in 8 minutes, thanks for the talk, leaving!!!
<JetJagurXP> Helloooooo
<JetJagurXP> Anyone feel like assisting with a Ubuntu Gateway server issue?
<JetJagurXP> Please
<RoAkSoAx> hallyn: will take a look at your SRU's first thing tomorrow morning ;)
<hallyn> RoAkSoAx: thanks!
<hallyn> RoAkSoAx: good night :)
<RoAkSoAx> hallyn: good night to you too ;)
#ubuntu-server 2011-08-16
<_aaron_> what packages are included on the cd
<arrrghhh> _aaron_, just the basic ones to get the install going
<arrrghhh> i'm not aware of any lists tho.  it's highly recommended to install with internet access available.
<arrrghhh> it'll make your life 10,000x easier at least.
<onekenthomas> at least :)
<_aaron_> arrrghhh, i Need dhcp samba server and cups
<_aaron_> all locally
<qman__> those things are probably on the list, all being options in tasksel at the end of the install
<qman__> if they aren't, you'll have to download the packages manually, which is a pain
<qman__> but it could be a lot worse, packages.ubuntu.com makes it easy to search
<_aaron_> qman__, i've been asking for that website you are the first person to tell me about it. Thanks
<qman__> _aaron_, honestly though, the best way to do it is to install a net-connected system, then copy all the packages out of /var/cache/apt/archives
<qman__> after you set it up the way you want
<arrrghhh> but you can download packages manually if you insist
<arrrghhh> you'll just have fun with all the dependencies....
<qman__> you'll be dependency hunting for a long time
<arrrghhh> lol
<_aaron_> thanks I do understand.  is there a guide to configure samba server from command line
<twb> _aaron_: there is on linked from /topic
<_aaron_> ok talk to you guys in about 2-3 hours let you know how it goes. just like my linux professor said to me linux is free if your time is free.
<onekenthomas> good luck
 * onekenthomas is confused by this idea,  "free time"
<_aaron_> if your time doesn't cost you anything
<arrrghhh> evidently your linux professor never tried to fix a BSoD :P
<qman__> all systems need setup, maintenance, and repair
<qman__> and trust me
<qman__> windows doesn't take any less effort (read: money) to set up, maintain, or repair
<arrrghhh> indeed
<onekenthomas> especially if you count...
<qman__> the main barrier I see in my line of work is proprietary third party software
<arrrghhh> yea.  that's always fun to deal with
<qman__> BS&A, FundBalance, LEIN, CLEMIS
<arrrghhh> the more specialized the field, the less open alternatives exist.
<qman__> many of those still won't even work with the latest windows software
<onekenthomas> .Z
<qman__> constantly hacking and downgrading to get it to work
<onekenthomas> 2 levels of emulation,  that sort of thing
<qman__> the best part is when they depend on post-EOL Microsoft products
<qman__> for their latest version, not even considered legacy
<qman__> but that's neither here nor there
<qman__> point is, all software costs you labor
<qman__> linux just has the up front advantage
<arrrghhh> heh
<onekenthomas> plus it's just better for your brain :)
<qman__> a typical Microsoft setup for 10-20 users is in the five digit price range just for licenses
<qman__> they just hide it really well so most people don't notice
<arrrghhh> in our environment, i prefer the linux boxes just because the security updates for windows are crazy.  our linux boxes they treat like appliances, cuz a lot of 'em are delivered like that from the vendor (cisco...)
<arrrghhh> so i'm constantly battling with my windows boxes... it's not that they're less stable, just always getting these updates.  linux does too, but for some reason we just don't update 'em unless we hit a bug or we're doing a big update.
<qman__> with the exception of internet facing systems, it's just not important
<arrrghhh> yup
<arrrghhh> none of these boxes (that i manage) face the 'net
<qman__> when you don't have to worry about Joe User getting the latest virus off facebook, updates become so much easier to manage
<arrrghhh> our audit dept is crazy
<twb> arrrghhh: so what you're saying is that your linux boxes are vulnerable to known, patched, exploits
<arrrghhh> all of our windows servers have to get updates
<arrrghhh> twb, yes
<arrrghhh> some of our vendors require such things
<arrrghhh> like... cisco.  we don't have root access to the boxs
<arrrghhh> boxes*
<arrrghhh> they're sold as appliances...
<arrrghhh> literally
<twb> Well, if you don't have root you can't fix it, but it's still a problem
<arrrghhh> i've seen that in many cases.  when i built cable head-ends, the boxes that would do the emergency broadcast updates were running ancient RHEL distros
<qman__> it is
<qman__> but in the grand scheme, it's just not that big a deal
<arrrghhh> nope
<arrrghhh> if it works, who cares is the theory
<qman__> many of the networks I work on, we have windows servers that haven't been patched in months, even years
<arrrghhh> better than updating and breaking something or disrupting service.
<qman__> because they don't want to spend the money on a day for us to update it and fix the problems that happen
<arrrghhh> qman__, we have a few.  somehow we've managed to get a few thru.
<arrrghhh> we still have dual pIII's on win2kserver
<arrrghhh> lol
<arrrghhh> our voice architecture is so... arcane.
<arrrghhh> it's getting a serious update
<qman__> standard policy, never update a blackberry enterprise server without scheduled maintenance
<qman__> because it always, always breaks
<arrrghhh> heh
<arrrghhh> twb, so what could you do in that case
<arrrghhh> hands are tied...
<arrrghhh> so long as it works, i don't really want to mess with it personally.  the services it provides are too necessary to worry about updating it..
<arrrghhh> sometimes old proprietary stuff won't work with updated crap.  i'm dreading all of the servers we're putting in that have win2k3.
<arrrghhh> that's going EOL soon...
<arrrghhh> or did it already?  i can't remember.
<qman__> we're only just now moving away from our web server, a 2003 box that hasn't been updated in 11 months, running Plesk 8.6
<qman__> with a public IP, no firewall
<arrrghhh> heh
<qman__> that decision was made long before my time
<arrrghhh> our VRU doesn't have a net cxn, again.  just a dummy machine that responds to DTMF input
<arrrghhh> it just connects with SO much...
<qman__> oh, and with no backups either
<arrrghhh> updating it would break stuff all to hell
<arrrghhh> lol no backups
<arrrghhh> i'd like to say all our stuff is backed up in some way shape or form.  but i bet there's a few things out there that aren't... i know the boxes i'm responsible for are.
<qman__> I managed to grab the website files recently, but the databases and mailboxes still aren't backed up
<qman__> if those drives crash, that stuff is just plain gone
<qman__> and trying to not rack up a huge over bandwidth bill in the process, since we already went over before I started
<arrrghhh> sounds like fun... :P
<twb> qman__: sneakernet
<qman__> in a datacenter an hour away, which I don't yet have access to
<twb> Suck it up, princess.
<qman__> we're moving the sites off it as soon as we can, but you know how that goes
<qman__> it could be months before we're done
<qman__> fingers crossed
<qman__> it's the only thing I really don't like about my job, hands are tied way too often
<arrrghhh> an hour away
<arrrghhh> well our main data center is in our building
<arrrghhh> the alternate one is several hundred miles away
<arrrghhh> never been thar
<arrrghhh> but yea, most companies your hands will be tied for one reason or anothe
<arrrghhh> r*
<qman__> it's one thing to have to work around a bad system
<qman__> it's entirely another to be unable to spend any time working around said bad system, because I work by the hour
<qman__> anything that's not spent directly fixing something that doesn't work, simply doesn't get done
<arrrghhh> heh
<arrrghhh> oh i wish i worked by the hour
<twb> qman__: BTDTBTTS
<zulax> is there any edit that needs to be done on 10.04 server for networking
<zulax> i got intertent while installing the server but now i dont have an ip
<zulax> init.d/netwrking restart gives me no dhcpoffers received
<arrrghhh> you have a dhcp server somewheres?
<arrrghhh> a router?
<zulax> yes
<arrrghhh> i would recommend using a static IP if it's a server...
<zulax> interfaces file has iface eth0 inet dhcp
<arrrghhh> well yea
<arrrghhh> no dhcpoffers means that
<arrrghhh> it received no offers from a DHCP server...
<zulax> but why would that be?
<arrrghhh> uhm
<arrrghhh> dhcp server issues
<zulax> is it router config?
<arrrghhh> network issues
<arrrghhh> cable issues
<zulax> the cable works fine on my other box
<zulax> and i get ip in other box too
<arrrghhh> why are you using dhcp on a server...?
<arrrghhh> how big is the DHCP range?
<zulax> well excuse my networking ignorance
<zulax> i disabled dhcp while installing
<onekenthomas> ooops
<zulax> dhcp range, now thats in router config right?
<arrrghhh> yes, assuming your router is your dhcp server...
<arrrghhh> i'm going to assume it is
<zulax> yes
<bazhang> !crosspost | zulax
<ubottu> zulax: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.
<arrrghhh> ha, did he ask the same question in the regular channel...
<arrrghhh> is it server or desktop?
<bazhang> and in -offtopic
<jodie> any one using kvm with ubuntu 10.04 LTS?
<bazhang> zulax, you've been asked to stop crossposting three times now
<arrrghhh> lol
<arrrghhh> super crosspost.
<zulax> that was all before i was told
<zulax> and on here i was just responding,
<zulax> by bad
<zulax> so i will stick to this channel as there are fewer ppl than on ubuntu
<zulax> i made it a static ip, now i have an ip but cant ping still
<arrrghhh> is it the desktop or server edition
<zulax> server
<zulax> just this install has given me this issue, previous were all charms
<arrrghhh> ok
<arrrghhh> did you pick an IP outside of the DHCP range
<arrrghhh> and did you specify a default gateway
<arrrghhh> can you ping the default gateway?
<zulax> i hope i did
<zulax> lemme see that
<zulax> but the thing i dont understand right now is if its configured to get ip from my router
<zulax> why would i necessarily need  a static ip
<zulax> (atleast for now)
<arrrghhh> you should be able to get an IP from DHCP assuming everything else network wise is good
<qman__> it doesn't, but most of the things you'd need a server for won't do you any good if the IP keeps changing
<zulax> yes, thats true
<zulax> i will see thanks for helping guys
<jodie> any one using kvm with ubuntu 10.04 LTS?
<_aaron_> how do I check in terminal to see what services I have running/installed
<TheEvilPhoenix> htop?
<TheEvilPhoenix> or just top
<TheEvilPhoenix> shows what processes are running
<TheEvilPhoenix> but by "services" what do you mean?
<TheEvilPhoenix> like apache2, mysqld, etc.?
<_aaron_> want to check to see if my DHCP is running
<_aaron_> my server
<arrrghhh> ps -A |grep dhcp
<TheEvilPhoenix> ^
<_aaron_> arrrghhh, the command ran, however nothing showed up
<arrrghhh> then i would say the answer is "no"
<qman__> use sudo
<arrrghhh> orly
<arrrghhh> i guess i don't think about that with ps...
<qman__> sudo ps aux | grep dhcp
<arrrghhh> aux'll show a lot more that's for sure.
<qman__> you'll get one hit for your grep
<_aaron_> and it did
<qman__> what else you might be after
<qman__> sudo service dhcp status
<qman__> or dhcp3-server
<qman__> use tab completion
<_aaron_> qman__, unreconized command
<qman__> it works on everything these days
<arrrghhh> tab complete ftw
<_aaron_> qman__, unreconized service* sorry
<qman__> yeah, it's probably not called dhcp
<arrrghhh> _aaron_, well that begs the question - do you have a dhcp server installed?
<qman__> like this
<qman__> sudo service dhcp[TAB] status
<arrrghhh> it is dhcp3-server
<arrrghhh> well, should be i guess i should say...
<_aaron_> it is there at least in the etc and the config is there too
<qman__> configuration files don't mean it's installed
<qman__> use tab completion on the command like I explained, that will tell you what it's called, and you can run it
<qman__> if it doesn't do anything, it's not installed
<_aaron_> found it
<_aaron_> it's called isc-dhcp-server
<_aaron_> ok thanks now i just have to fix my config
<arrrghhh> isc eh
<arrrghhh> not sure what that is
<qman__> a different DHCP server
<qman__> mine runs dhcp3-server
<arrrghhh> well obviously :P
<arrrghhh> mine is as well
<_aaron_> it was the only dhcp that was availible on the server disk
<arrrghhh> huh
<arrrghhh> okie
<arrrghhh> didn't get it connected to the 'net eh?  :P
<qman__> judging by his earlier comments it's for coursework
<qman__> working completely offline has no relevance to real-world applications, but unfortunately schools don't seem to get that
<qman__> even if your system will be offline, you can still get online to prepare it first
<qman__> and for the very, very few cases where that's not true
<qman__> the application has to be so niche that it's beyond sysadmin education
<_aaron_> want to know the best part
<_aaron_> he doesn't even know anything about linux
<arrrghhh> what, the prof?
<_aaron_> yes
<arrrghhh> awesome.
<_aaron_> he told me that he will give me my networking credits and my keyboarding credits if i can pull this off
<_aaron_> lol
<_aaron_> i've done it before with LTSP and edubuntu so i figured why not
<_aaron_> i'll be right back after a smoke because i need help with my DHCP.conf
<_aaron_> it's saying that my netmask is wrong
<_aaron_> subnet 192.168.0.1  netmask 255.255.255.0
<_aaron_> i'm going to ask in #ubuntu Just to let you know
<qman__> that is a valid netmask, it's probably a syntax error
<_aaron_> how all I change was the numbers of the address
<_aaron_> it says "bad subnet number/mask combination"
<_aaron_> This dhcpd.conf is making me mad now, please help me
<_aaron_> qman__, are you there
<lickalott> smatter wit it?
<_aaron_> lickalott, it says that my subnet.mask combination is bad,  subnet 192.168.0.1 netmask 255.255.255.0
<_aaron_> lickalott, it says that the error is with the 0 at the end of the netmask
<lickalott> hrrm
<lickalott> did you get dhcp3 server?
<_aaron_> lickalott, fixed that error but need to bind it to my adapter
<lickalott> what does ifconfig show?
<lickalott> more /etc/network/interfaces post the info for the interface you're talking about
<Guest41196> hello
<Guest41196> r u thre
<uvirtbot> New bug: #827129 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.7 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 10" [Undecided,New] https://launchpad.net/bugs/827129
<tommy_nmw> how
<tommy_nmw> I got the error. "root@ubuntuserver:/# apt-get install phpmyadmin Reading package lists... Done Building dependency tree Reading state information... Done E: Couldn't find package phpmyadmin internet is fine"
<tommy_nmw> hi
<tommy_nmw> hi friends
<tommy_nmw> I have internet working. what do i do ?
<greppy> tommy_nmw: do you have universe enabled in /etc/apt/sources.list ?
<tommy_nmw> greppy: how could I do ?
<uvirtbot> New bug: #827151 in cyrus-sasl2 (main) "Annoying log message "DIGEST-MD5 common mech free"" [Undecided,New] https://launchpad.net/bugs/827151
<tommy_nmw> greppy: I dont know how to check
<tommy_nmw> hello
<greppy> !paste
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<tommy_nmw> any body to help me?
<greppy> use paste.ubuntu.com to post the contents of your /etc/apt/sources.list file.
<tommy_nmw> alternatively, how can I install phpmyadmin using manual zip file ?
<_aaron_> I would like help with my DHCP.conf
<tommy_nmw> hi
<tommy_nmw> how could I do that?
<Daviey> Ursinha: not quite..
<_aaron_> tommy_nmw, were you talking to me
<tommy_nmw> yes all of friends here
<_aaron_> tommy_nmw, i have wrote my own dhcp.conf and when i try to start the server I get an error
<tommy_nmw> _aaron_: SORRY arron, I dont know much about dhcp.conf
<_aaron_> tommy_nmw, what i get is not configured on any interface
<tommy_nmw> _aaron_: so configure first
<_aaron_> tommy_nmw, how
<tommy_nmw> _aaron_: auto eth0
<_aaron_> tommy_nmw, in what file
<tommy_nmw> _aaron_: /etc/network/interface
<_aaron_> tommy_nmw, now i have to restart networking correct
<tommy_nmw> _aaron_: yes
<_aaron_> tommy_nmw, how do i do that
<_aaron_> tommy_nmw, sudo FOO restart
<_aaron_> tommy_nmw, sudo service FOO restart
<tommy_nmw> _aaron_: /etc/init.d/networking restart
<_aaron_> tommy_nmw, thanks been a while
<tommy_nmw> http://pastebin.ubuntu.com/667068/
<tommy_nmw> hi who could help me?
<_aaron_> tommy_nmw, ignoring unknown interface eth0=eth0
<_aaron_> tommy_nmw, what version of ubuntu are you using
<tommy_nmw> _aaron_:10.04 LTS
<tommy_nmw> _aaron_: http://www.ubuntugeek.com/how-to-install-and-configure-dhcp-server-in-ubuntu-server.html
<Daviey> tommy_nmw: please pastebin /etc/apt/sources.list
<trapmax> =)
<_aaron_> tommy_nmw, thanks i found my problems i think
<tommy_nmw> _aaron_: I came here to ask for help for my problem. Now you gave me new problem
<tommy_nmw> _aaron_: I lost my way
<greppy> tommy_nmw: it's the same thing I asked you to do.
<greppy> !paste | tommy_nmw
<ubottu> tommy_nmw: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<tommy_nmw> Daviey: Dear Daviey , sorry for delay. http://pastebin.ubuntu.com/667076/
<huats> morning
<tommy_nmw> ubottu: I am doing so
<ubottu> tommy_nmw: I am only a bot, please don't think I'm intelligent :)
<tommy_nmw> greppy: I am doing so. excuse me
<tommy_nmw> ubottu: I don't think so
<ubottu> tommy_nmw: I am only a bot, please don't think I'm intelligent :)
<trapmax> could one store eg. bashrc files for users in ldap?
<Daviey> tommy_nmw: interesting, can you apt-get update to update the local cache, then install pastebinit with, apt-get install pastebinit,then "apt-get policy phpmyadmin | pastebinit"
<greppy> tommy_nmw: try "sudo apt-get update && sudo apt-get install phpmyadmin"
<tommy_nmw> ubottu:don't repeat like idiot bot. Be an intelligent bot !!!
<ubottu> tommy_nmw: I am only a bot, please don't think I'm intelligent :)
<tommy_nmw> Daviey: I would try bro. I tried apt-get pastebinit . but got the same error
<Daviey> tommy_nmw: apt-get install pastebinit ?
<tommy_nmw> Daviey: yes
<tommy_nmw> Daviey: after I tried, apt-get update, it seems fine
<tommy_nmw> Daviey: Let me wait and check , bro
<Daviey> tommy_nmw: Great, in other news are you my long lost brother?
<tommy_nmw> Daviey: what?
<_aaron_> Daviey, Can I be your long lost brother too?
<Ursinha> lol
<trapmax> the original band of brothers
<Daviey> _aaron_: Depends, call me bro until i want to slap someone - lets see how it goes :)
<_aaron_> Daviey, ok no worries bro
<Daviey> AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
<jamespage> morning all
<Ursinha> rofl
<Ursinha> morning folks
<_aaron_> Daviey, lol
<Daviey> Good morning jamespage !
<_aaron_> Good morning to all, and to all a good day
<_aaron_> hey bro are you still awake
<ubuntudude> Daviey:  is that you http://twitter.com/#!/daviey ?
<Myrtti> looks like 'im
<Ursinha> Myrtti: long time no see you on irc :)
<_aaron_> hopfuly i'm not going to be up for too much longer as long as i can get this stupid dhcp server working right and if i finish my jolt cola
<Myrtti> Ursinha: it happens ;-)
<ubuntudude> Daviey: hi
<twb> twitter has shebangs?
<Daviey> ubuntudude: o/
<ubuntudude> Daviey: what?
<Daviey> ubuntudude: you said "Hi".
<Daviey> wassup?
<ubuntudude> Daviey: is that you http://twitter.com/#!/daviey ?
<Daviey> ubuntudude: yes, why>
<Daviey> ?
<ubuntudude> Daviey: nothing bro.
<ubuntudude> hi all how to point my server to proxy ?
<pyghassen> hi there
<pyghassen> I JUST have a question about whether a process such as apache or postgres will start after a reboot?
<milamber> pyghassen: for the most part, yes
<ubuntudude> hi all how to point my server to proxy ?
<milamber> pyghassen: specifically apache and postgre - yes
<milamber> ubuntudude: can you be more specific?
<pyghassen> I know if you update-rc.d apache2 defaults will start automatically
<pyghassen> but are they accessible from the client?
<pyghassen> I mean when you start your server without opening any user session
<ubuntudude> mack1e: for the time being it is ok, if i go back home, I need to change proxy settings again to get internet. so I dont know where to change.
<pyghassen> please I need an answer so I can proceed
<milamber> pyghassen: yes, if i understand your question correctly. they start automatically, they are not dependent on a user being logged in.
<pyghassen> really milamber
<milamber> ubuntudude: that info is usually given directly to the browser
<pyghassen> I'm in a situation when the server can be accessed only of I open a user session, if I don't the server in not accessible at all!! milamber
<ubuntudude> milamber: no milamber
<milamber> ubuntudude: otherwise the info would be in system >> preferences >> network proxy (for 10.04)
<ubuntudude> milamber: if I don't point the correct proxy server, I won't get internet
<ubuntudude> milamber: i have tried
<milamber> pyghassen: which server? if you go to the ip address from a browser what happens?
<ubuntudude> milamber: for example, in some location, we need to enter authentication to access internet. in addition to proxy server ip and port no.
<milamber> ubuntudude: then in the network proxy settings you can change it to direct internet (for home)
<ubuntudude> milamber: where to find ? where is network proxy settings?
<milamber> ubuntudude: what version of ubuntu?
<pyghassen> milamber: nothing just connection failed, and in the gtk client, (opener-server) it says impossible to connect server
<ubuntudude> milamber: 10.04 LTS server
<ubuntudude> milamber: http://imagebin.org/168073 , I want to see the screen like http://imagebin.org/168073 to configure proxy to get internet on my server
<ubuntudude> milamber: that is the screen during installation. but if there is a way to configure or take it back like using tasksel, it would be nicer
<milamber> ubuntudude: not sure about that, i have never had a 'mobile' server
<milamber> pyghassen: how are you trying to connect? could your router be the problem?
<ubuntudude> milamber: yes. I see, If not ok to get that screen, please let me know how I can accomplish the same in network proxy settings. I dont know where I can find network proxy settings
<milamber> ubuntudude: do you have a gui?
<ubuntudude> milamber: no. I am with just pure CLI
<ubuntudude> milamber: pure CLI ubuntu server version
<twb> #virt (OFTC) are asleep.  Anybody feel like working out how to expose my host's ttyUSB0 to the guest, so that the VM can talk ppp to a 56k modem?  (http://libvirt.org/formatdomain.html#elementsConsole)
<milamber> ubuntudude: http://linux.byexamples.com/archives/187/setting-up-http-proxy-at-console/
<Laice> o/
<Laice> odd one this:
<Laice>  "/dev/hvc0: No such file or directory"
<Laice> pops up every 10 seconds
<Laice> in auth.log
<Laice> google's been utterly useless, reason i need it shifted is we've had the server targetted recently and trying to check the logs is difficult with those popping up lol
<ubuntudude> milamber: cool. what about autodect proxy ?
<twb> Laice: that's xen stuff
<pyghassen> milamber: how this is possible? we already got the problem with router I guess, coz the server lost access to Internet anymore !
<twb> Never mind, I fixed my libvirt issue
<Laice> ok
<milamber> pyghassen: the router has to allow the traffic on the ports for the machine. httpd (apache) will run on port 80, so that port needs to be open. you also probably have an internal ip and an external ip (in network vs public). if you are testing from within the network it *should* work. are you on a lan right now testing the machine?
<pyghassen> yes I am
<milamber> pyghassen: how is the server getting its ip?
<pyghassen> when I reboot the server, the client can't access the server anymore
<pyghassen> I think it's assigned manually
<milamber> pyghassen: that is needed info. the problem could be that the server is getting a new ip at each reboot. and what do you mean when you say client? testing apache requires only a browser. which daemon specifically are you trying to connect to?
<pyghassen> it's an openerp server (python), and I don't think that the server is getting any other ip, coz when I open a user session on it, I'm using a ssh session connected to that manually assigned server ip
<milamber> pyghassen: what happens when you run nmap from a remote machine (on same lan) to the server?
<pyghassen> nmap?! what this command do exactly ? :) I don't know it
<milamber> pyghassen: sudo apt-get install nmap && nmap <ip of server>
<milamber> pyghassen: it will show open ports
<Jeeves_> Hi!
<Jeeves_> Does anyone use Ruby on Rails around here?
<Daviey> Is anyone looking for bitesize things to do?
<Daviey> oneiric developmnet?
<farhad2161> Can i install gcc from ubuntu-server-11 CD?how?
<farhad2161> Can i install gcc from ubuntu-server-11 CD?
<lynxman> Daviey: morning sir o/
<lynxman> Daviey: are you playing with openstack these days? I just updated to the newest oneiric version and now nova-manage is broken
<lynxman> Daviey: meh, nevermind, traced the error back
<_aaron_> hello
<_aaron_> should I ask here about how to configure my dhcp server or in #ubuntu
<tdr112> is there a way to save iptables settings
<Daviey> lynxman: what was the error?
<lynxman> tdr112: you can use iptables-save to dump your iptables config into a config file that you can load again at startup
<lynxman> Daviey: putting lxc in the wrong nova.conf results in nova-manage just saying gflags.FlagsError: option -? not recognized
<Daviey> tdr112: iptables-save
<lynxman> Daviey: as you can see very easy to follow where that comes from :)
<Daviey> lynxman: ah nice
<tdr112> so i add my rules to the config file and then just run iptables-save
<Daviey> smoser: Have you noticed the hostname isn't getting correctly set on openstack instances?
<lynxman> Daviey: yeah, I think it's for lack of metadata, same issue we were having on eucalyptus, reverts back to ubuntu if I recall properly
<Daviey> lynxman: yah
<Daviey> lynxman: I wondered if it is a generic issue, or one we are seeing in one deployment
<trapmax> http://www.youtube.com/watch?v=Gb8umXET5cI
<lynxman> Daviey: it thinks its an EC2 deployment and tries to look in the EC2 metadata and such
<trapmax> sry
<lynxman> trapmax: hope there's lolcats in that video ;)
<trapmax> lynxman: nope....nice game though
<lynxman> food time... *swoosh*
<Daviey> lynxman: curl http://169.254.169.254/1.0/meta-data/hostname
<Daviey> server_187
<Daviey> so it's not lack of meta-data by the seems of it.
<Daviey> I also noticed that ssh key injection seems unreliable.
<lynxman> Daviey: I'll catch you in a bit, I have a way todo it a bit securely :)
<soren> Daviey: Which type of injection? The type that OpenSTack does on its own or the type done by cloud-init?
<Daviey> soren: on it's own
<soren> Ok.
<Daviey> soren: plain boring, $ euca-run-instances -k davewalker ami-c .. first one failed, second one worked
<Daviey> It happend the other day aswell.
<soren> How can you tell which one is failing?
<soren> I mean..
<soren> How can you tell that it's the injection openstack does rather than cloud-init?
<Daviey> soren: Hmm, i assumed cloud-init injection data would have been via user-data?
<soren> meta-data, but yes.
<soren> Daviey: I don't think I follow, though.
<soren> Daviey: Are you saying the euca-run-instances call fails altogether?
<Daviey> soren: no, i can't ssh into the first instance, but a second instance spawned i can
<Daviey> so the authorized_keys on the former isn't being set for some reason
<soren> Daviey: Ok. So cloud-init fails, too?
<soren> Daviey: MAybe not entirely, but fails to shove the ssh key into authorized_keys at least.
<Daviey> soren: well, found data source: DataSourceEc2
<Daviey> soren: I haven't dug too deaply
<Daviey> deeply&
<soren> Daviey: Oh, so you're suggesting the ssh key doesn't even show up in the meta-data service in those cases?
<Daviey> soren: Well, i can't tell you that - i can't get into the instance, but that is what i am wondering
<Daviey> However, on the second /working/ instance, the hostname is not set - but is in metadata.. so it's not clear
<Daviey> sounds racey.
<soren> The meta-data service should respond correctly before the VM's disk image is even stitched together.
<soren> Unless...
<soren> Hm..
<soren> Ok, so the meta-data service responds based on the IP address of the requestor.
<Daviey> soren: Hmm.. i wonder if it's to do with the timing i assigned a public address to it?
<soren> If the IP address is a recycled one, I suppose there's a chance something hasn't been entirely cleaned up.
<soren> Daviey: That's entirely possible, yes.
<Daviey> I reproduced this same behaviour over the weekend btw
<soren> Daviey: I forget the ordering of the iptables rules involved there, but if you assigna public IP, that's the address the instance exposes to the internet.
<Daviey> yeah
<soren> ...but obviously it should use its internal IP when speaking to the metadata server.
<Daviey> you'd think so.
<soren> "should" being the operative word.
<soren> If you see this happen again, can you grab the output of "iptables-save" and save it for me, please?
<soren> From the compute node.
<Daviey> soren: annoyingly, this is a depolyment i don't have access to the node, and i suspect it will be quite noisey.
<Daviey> soren: we'll have to reproduce this on development hardware.
<soren> Daviey: You don't even have access to nova's logs?
<soren> Daviey: ..because that might be sufficient, too.
<Daviey> soren: I can probably get that
<hallyn> zul: could you take the debdiff I attached at bottom of bug 598597 (in comment #10) and push it?
<uvirtbot> Launchpad bug 598597 in gtk-vnc "Vinagre closes connection to tightvncserver 2.0 beta4 immediately" [Medium,In progress] https://launchpad.net/bugs/598597
<Daviey> hallyn: zul is conferencing
<Daviey> hallyn: how does your diff differ from sbeattie's?
<Daviey> is it fixed in Oneiric?
<hallyn> Daviey: it's fixed as of maverick
<hallyn> oh, i thought zul decided *nto* to go there :)
<Daviey> hallyn: okay, super.. what is the difference between your diff and sbeattie's?
<hallyn> Daviey: ah, i had downloaded the other attachment, but i guess i hadn't seen sbeattie's
<hallyn> one more sec, i'm looking
<hallyn> Daviey: his looks great, go ahead and take his :)
 * hallyn goes to check the date of that attachment
<hallyn> huh
<hallyn> wtf, how did i miss that
<hallyn> Daviey: yeah pls do take his.  i'll delete mine
<Daviey> :*(
<hallyn> no need for that :)
<smoser> Daviey, http://paste.ubuntu.com/667312/ is boto metadata crawl on openstack
<Daviey> smoser leaps out of the shadows
<Daviey> smoser: Are you seeing instances not accepting the ssh key and hostname not working?
<smoser> i have not seen that
<smoser> but the hostname is not set, i can verify that.
<lynxman> smoser: how's libvirt-lxc btw
<lynxman> smoser: and morning :)
<smoser> lynxman, not really moved...
<lynxman> smoser: dang :)
<zul> no...zul is not awake yet
 * hallyn hands zul a cup of decaf
<zul> hallyn: ill get to it after breakfast
<hallyn> zul: pls don't - Daviey is pushing it
<hallyn> zul: but thanks!
<zul> k
<hallyn> zul: though if you had a few cycles to grab http://people.canonical.com/~serge/ipxe.debdiff and push it, that'd be great :)
<hallyn> (i'd forgotten kirkland is also at conf)
<hallyn> zul: nm, you're at conf.  i'll bug someone else
 * hallyn about to run out of batt.  biam
<Ursinha> Daviey: https://launchpad.net/ubuntu-reports
<Daviey> Ursinha: rocking
<Ursinha> Daviey: please file bugs like crazy
<Daviey> will do
 * Daviey adds it to his never ending list.
<Daviey> I. Need. Air.
<lynxman> Daviey: Do a randomizer, and don't forget to breathe
<roasted> hey guys
<roasted> anybody know offhand where exactly dhcp server settings are stored for the corresponding ethernet interface?
<roasted> I had a small dhcp imaging server of mine blow (hardware failure) but I had an identical system here, so I dropped the drives in and fired it up
<roasted> problem is, my NICs came up eth 1 and eth2, not eth0 and eth1
<roasted> my dhcp server was originally on eth0, but now its on eth2, and dhcp won't start. I have no idea where to re-bind it so it's on eth2 now.
<Daviey> smoser: We need to find out if the lack of a hostname is a deployment issue, or something up with the packages.
<uvirtbot> New bug: #827372 in apache2 (main) "package apache2.2-common (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/827372
<smoser> Daviey, https://bugs.launchpad.net/nova/+bug/827386
<uvirtbot> Launchpad bug 827386 in nova "DescribeImages does not fill imageOwnerId" [Undecided,New]
<Daviey> smoser: nice one
<roasted> if I delete the items in 70-persistent-net.rules and reboot, will it rebuild that file on the fly?
<roasted> because my NICs are borked and I'm in a severe hurry to get them working again
<lynxman> roasted: yes it should
<roasted> thanks lynxman
<roasted> I tried renaming my eth in there but it wouldnt take
<roasted> then again maybe a reboot is required
<roasted> bingo. we're working lynxman. thanks again.
<roasted> gotta run!
<lynxman> adam_g: ping, whenever you're awake :)
<Ursinha>  /13
<Ursinha> sigh
<lynxman> Ursinha: 14!
<Ursinha> lynxman: you won
<lynxman> Ursinha: nah :) you did
<Ursinha> :)
<CluelessPerson> hello
<CluelessPerson> can someone please help me make it so minecraft automatically starts at boot and will restart if it happens to crash?
<tdn> How do I increase ulimit for open file handles for a given user permanently? (I need to give www-data permission to open more files)
<lynxman> tdn: edit /etc/security/limits.conf , you can modify there per user or global limits on your system, it'll require a restart for them to take effect if I recall correctly
<uvirtbot> New bug: #827415 in samba (main) "package samba-common 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 9" [Undecided,New] https://launchpad.net/bugs/827415
<Daviey> ugh. I'm starting to hate samba.
<lborda> Has anyone ever had problems installing Natty on a Dell PowerEdge-R610 that has a LSI SAS1068E-based hardware RAID setup? everything goes well and after the reboot grub does not boot
<lborda> ?
<lborda> hi lynxman
<lynxman> lborda: hey leo o/
<lynxman> lborda: does grub just show the initial g?
<lborda> lynxman, no this is the error: http://askubuntu.com/questions/55865/grub-cant-find-raid-partition-in-fresh-install-of-11-04
<lborda> lynxman, Restoring grub didn't work too
<lynxman> lborda: it looks like grub doesn't see the drive in the bios, or that it differs from the definitions, the msdos stuff looks fishy indeed
<lynxman> lborda: I'd try collecting more info when grub falls into busybox, but that's all I can think of right now
<lborda> humm.... lynxman i will take a look at it... tks
<lborda> lynxman, ^
<lynxman> lborda: :)
<zul> Daviey:  join the club
<Daviey> zul: club?
<zul> Daviey: the i hate samba club
<Daviey> ah
<Daviey> yes.. do i get a membership card?
<zul> and a plush toy
<Daviey> groovy.
<sbeattie> Daviey, hallyn: thanks for reviewing and uploading the gtk-vnc fix.
<Daviey> sbeattie: hah, i did the easy bit :)
<hallyn> sbeattie: thanks for the debdiff :)
<nfo-overload> hi guys, trying to setup squid proxy at work. Ideal goal is authentication via Active Directory where users don't have to enter any credentials. would like to have Internet traffic reports that contains windows logon name. anyone have something like this setup?
<wpl> Hello, how do i find out which server version is running on my box?
<nfo-overload> wpl - uname -a
<wpl> nfo-overload: thx
<wpl> nfo-overload: Doesn't tell me the Ubuntu version, though
<pmatulis> nfo-overload: to get the "ubuntu version" (release) do 'lsb_release -a'
<wpl> pmatulis: thx
<wpl> pmatulis: This works better
<zul> RoAkSoAx: ping did you get a power supply for your pandaboard?
<adam_g> lynxman: im here now for a few
<Ursinha> Daviey: can you help me here a bit, when you have a minute? please? https://bugs.launchpad.net/launchpad/+bug/827178
<uvirtbot> Launchpad bug 827178 in launchpad "No way of deliberately requesting someones input in a bug " [Undecided,Incomplete]
<Daviey> Ursinha: ack
<RoAkSoAx> zul: yes
<RoAkSoAx> zul: from digikey
 * robbiew goes to pack for linuxcon flight
<jane--> in what programming language does ubuntu and its (and linux various majority softwares are made in) ?
<bernhard2> Having about 5 errors in my log during bootup. help fixing these would be great.. check em out here..  http://pastebin.com/dFABgSqe
<tsimpson> jane--: many
<smb> zul, So if the changelog is correct the only change of the xen package is the hvmloader. Still when I have bond0 in /etc/xen/xend-config* bond0 gets into a mostly removed state and pbond0 is not set up correctly.
<jane--> tsimpson which is used mostly
<tsimpson> jane--: depends what you are doing
<jane--> which languages is most widely used in aaps
<tsimpson> jane--: like I said, it depends on what you want to do
<tsimpson> C,C++,Python,Perl,Ruby,Java,C#,(Ba)Sh,...
<jane--> if all that can be done in c and be done in c++ and c++ is easier and a superset of c. then why not use c++ instead of c?
<tsimpson> some people want to use C, and C++ is not just a superset of C
<tsimpson> it has some different and conflicting rules
<tsimpson> jane--: use whatever language you are comfortable with
<jane--> hm\
<jane--> what languages can be multiplatformed. ie. same app i just made can run on linux as wel as windows ?
<tsimpson> languages are not platform-dependant, but the code you write can be
<SpamapS> jane--: there are very few languages that don't have an implementation on both
<SpamapS> jane--: as tsimpson suggests, its more about how you write your code
<jane--> ic
<jane--> i hope c and cplus syntax is very much similer
<jane--> iam going for cplus
<jane--> hm
<tsimpson> the syntax is similar, but not identical
<tsimpson> if you can read C, you can probably figure out what C++ code is doing
<tsimpson> and (usually) vice-versa
<jane--> tsimpson ill go with c++ coz it takes less hassle and easy to learn than c. easy to code
<tsimpson> I wouldn't say it takes less time to learn C++ than it does to learn C
<tsimpson> but I do find C++ easer to actually write code in than C
<jane--> hm
<uvirtbot> New bug: #827496 in cobbler (universe) "cobbler kickstart metadata dont affect ubuntu preseed " [Undecided,New] https://launchpad.net/bugs/827496
<_aaron_> !windows
<ubottu> For discussion on Microsoft software, or help with same, please visit ##windows. See http://launchpad.net/distros/ubuntu/+bug/1 http://linux.oneandoneis2.org/LNW.htm and /msg ubottu equivalents
<uvirtbot> Launchpad bug 1 in ubuntu "Microsoft has a majority market share" [Critical,In progress]
<_aaron_> how do I configure my /etc/network/interfaces to specify a workgroup
<RoyK> you don't
<RoyK> _aaron_: /etc/network/interfaces is the network config, not the samba config
<RoyK> !samba
<ubottu> Samba is the way to cooperate with Windows environments. Links with more info: https://wiki.ubuntu.com/MountWindowsSharesPermanently and https://help.ubuntu.com/10.04/serverguide/C/windows-networking.html - Samba can be administered via the web with SWAT.
<RoyK> _aaron_: just edit /etc/samba/smb.conf to set the workgroup name
<RoyK> !smb.conf
<RoyK> or just man smb.conf
<_aaron_> RoyK, ok I got it
<hggdh> Daviey: still there?
<_Neytiri_> i am having a issue with the VM system in ubuntu server i am running 11.4
<_Neytiri_> 64 bit with 16 gigs of ram and 4 cpu's and 4 gbic network cards
<uvirtbot> New bug: #827590 in cloud-init (main) "cloud-init does not mount ephemeral0 on /mnt in nova" [Undecided,New] https://launchpad.net/bugs/827590
<_Neytiri_> i am getting a error when i try and create a vm the error is: Unable to complete install: ''NoneType' object has no attribute' virtual_device_type''
<_Neytiri_> any idea how i can fix this
<hggdh> Daviey: cobbler-enroll i(18)n prepared, on bzr+ssh://bazaar.launchpad.net/~hggdh2/%2Bjunk/cobbler-enroll2/
<jcastro> ttx: hi
<jcastro> ttx: ok just so I am sure, what are the exact dates of the openstack conference?
<jcastro> http://www.openstack.org/community/events/openstack-conference-fall-2011/
<ttx> Design Summit is Oct 3-5
<jcastro> is this still correct?
<ttx> Conference is Oct 5-7 (starting on the evening of the 5th)
<bernhard1> how can i check which php.ini is actually used/loaded ?
<EM03> hello ....10.04 LTS  >> apache2 does it bind to all ip's by default or no?
<EM03> I can't connect but every other debian and ubuntu I tried it does
<bernhard1> i try to disable suhosin in php.. but i cant seem to disable it in php.ini
<bernhard1> this is my php.ini
<bernhard1> http://pastebin.com/6CU5iUHc
<guntbert> EM03: look into /etc/apache2/sites-enabled/....
<Daviey> ho ho
<guntbert> Daviey: ?
 * Daviey is not in a good mood, remote server - http://pb.daviey.com/MC7w 
<Daviey> no intelligent hants.
<Daviey> hands.
 * utlemming extends condolences to Daviey for his lose 
 * RoAkSoAx YaY cobbler support for ARM is done! 
<Fecn1> Hi Folks - Has anyone noticed a problem in 11.04 server whereby lsusb only gives output if you run it as a non-root user.... As root, it returns nothing
<Fecn1> Doesn't seem to affect my desktop 11.04 installation
<Fecn1> Never mind.... dodgy touchscreen drivers had placed their own copy of libusb into /usr/local/lib and that was breaking things
<lynxman> Daviey: ouch X(
<Daviey> lynxman: pondering what to do.. SMART is reporting clean.
<lynxman> Daviey: soft raid tends to screw up sometimes, I would add it back and keep an eye, my rule of thumb is normally if it fails 2 times it's out :)
<Daviey> lynxman: it's 3ware hardware RAID
<lynxman> Daviey: uuuh, I would add it back once anyway
<lynxman> Daviey: keep a close eye of course
<lynxman> Daviey: also do you have a graph of the smart metrics? That helps finding a long trend decaying metric
<Daviey> lynxman: If only byobu could show me the rebuild status :)
<lynxman> Daviey: I'd fill a bug, it'd actually be very useful
<Daviey> hah
<lynxman> Daviey: hmm maybe a way to pipe a one line watch command to the bottom line? Now you got me thinking
<Daviey> lynxman: heh, i have it on fullscreen :)
<Daviey> # /tmp/tw_cli /c0/u0 show rebuildstatus
<Daviey> /c0/u0 is rebuilding with percent completion = 1%
<lynxman> Daviey: raid rebuilding, gah
<kirkland> Daviey: it does already show raid rebuild status
<kirkland> lynxman: ^
<kirkland> Daviey: well, it supporst /dev/mdstat, anyway;  not sure about your 3ware hw raid device
<kirkland> Daviey: i watch mine rebuild every first sunday of the month, good times :-)
<lynxman> kirkland: every first Sunday of the month? jeez
<Daviey> kirkland: happy slow IO day.
<Daviey> arse
<kirkland> lynxman: well, it's just a sync check cronjob done by mdadm
<Daviey> err, bad paste.
<lynxman> kirkland: if only we could use zraid :)
<EM03> how can I tell if my apache is binded to port 80?
<uvirtbot> New bug: #827662 in apache2 (main) "PCI Security failure Apache 2.2.14" [Undecided,Invalid] https://launchpad.net/bugs/827662
<lynxman> EM03: find the process ID of your apache master process, run lsof -p PIDNUM
<lynxman> EM03: also you can run netstat -an and look for the listening ports, it should say what process sits there as well
<erichammond> If one needed to install MySQL 5.5, would Clint Byrum's PPA be a reasonably good source? or is it recommended to use alien with mysql.com's RPM download?
<EM03> lynxman: tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
<EM03> but when I try to goto the ip it just sits there
<lynxman> EM03: can you define "sits there"? :)
<EM03> well its connecting but i'm not getting the page hehe
<lynxman> EM03: and do your apache logs say something?
<EM03> i dont see much in the logs that represents an error lynxman
<lynxman> EM03: and do you see anything that represents that something is connecting to the web server? :)
<lynxman> EM03: I guess you're connecting but something is wrong with your apache, from what it looks like
<EM03> yea there is a connection
<lynxman> erichammond: Clint's repos are recommended indeed, he's a good fella :)
<lynxman> EM03: so there you go, apache is listening and you need to go deeper down and see what is misconfigured there
<EM03> blah ....this is such a fresh install :)
<lynxman> EM03: and nonetheless you broke it, hehe :)
<EM03> never had this happen before
<lynxman> EM03: it's a good exercise to see what happens, activate the debug logs on apache, see all the fun
<erichammond> lynxman: Sure he is :) but it wasn't clear to me if that PPA is being actively maintained or if things are stalled per https://bugs.launchpad.net/mysql-server/+bug/690925
<uvirtbot> Launchpad bug 690925 in mysql-5.1 "Package MySQL 5.5.x for Ubuntu" [Wishlist,In progress]
<EM03> do you know how to do it off hand? or do I need to google for an hour :P
<lynxman> erichammond: You can ask him...
<lynxman> SpamapS: do you maintain your MySQL 5.5 repo?
<lynxman> EM03: googling for an hour is a healthy exercise for a sysadmin :)
<EM03> yea i know :P
<EM03> all i did was apt-get install lamp-server^ and apache was running and it didn't work
<EM03> its 10.04
<EM03> in 11.04 apache was running just fine
<erichammond> SpamapS: (per ^^^) Wondering if this is reasonably current and/or maintained: https://launchpad.net/~clint-fewbar/+archive/mysql
<EM03> lynxman: this is abnormal correct?
<bernhard1> Just upgraded nginx.. but now my php5 does not work.. please check my nginx config http://pastebin.com/CmPzPJz9
<bernhard1> here is the nginx update info.. http://pastebin.com/xmtQH4p0
<uvirtbot> New bug: #827674 in cobbler (universe) "cobbler lacks full support for arm" [Medium,In progress] https://launchpad.net/bugs/827674
<SpamapS> lynxman: no I haven't updated in in a while
<SpamapS> lynxman: hoping to get it into Debian soon so we can sync up after 11.10 releases
<lynxman> SpamapS: that would be rocking
<SpamapS> lynxman: yeah, we're long long long overdue for 5.5
<lynxman> SpamapS: I still run 5.1 in prod so I won't complain about tardiness :)
<SpamapS> lynxman: 5.5 solves some scale up issues in innodb .. and mixed mode replication works better.
<lynxman> SpamapS: yeah innodb improvements are very tempting tbh
<SpamapS> lynxman: 5.1 does ok with 1 and 2 cores.. but after that.. it gets really bad
<bernhard1> fixed my issue...
<lynxman> SpamapS: heh, the dilemma of multi core, I have only two on this one but thinking about upgrading it to a quad core machine, although as always disk IO is my main concern
<zroysch> I'm trying to join a drive to a raid-1 array. Both drives are the same make, same model, purchased at the same time. How is this possible? http://pastebin.com/PnExwz4S
<EM03> so does apache by default when installed just listen on all ip's and work?
<EM03> its beyond me why this is happening
<lynxman> zroysch: how big are the partitions? looks like sdb1 is bigger than sda1 according to mdam
<SpamapS> EM03: yes, there's only a "Listen 80" in /etc/apache2/ports.conf that controls that
<EM03> yea blah
<EM03> when telnet'ing it SpamapS its just trying it never connects
<EM03> i can't connect to port 80
<EM03> if i telnet the apache server locally though it returns the html
<EM03> so whats the deal here you think?
<EM03> i get a timeout when trying to connect outisde of the server
<lynxman> EM03: did you set your logs to debug or not yet?
<EM03> i think it could be a firewall issue?
<EM03> i can telnet the server from inside the server and get the request
<EM03> when outisde the server no
<EM03> is ubuntu 10.04 LTS different than a traditional ubuntu server install?
<EM03> it looks like my firewall is enabled
<EM03> i thought ubuntu did not enable a firewall by default?
<args[0]> can someone confirm this? ^
<lynxman> args[0]: afaik it doesn't come activated by default
<EM03> sure about that? they said it was a default install and I surely didn't set it up
<EM03> unless apt-get install lamp-server^ does it? and I don't think it does
<EM03> its just installing some packages
<args[0]> EM03: I had a similar problem before, but then I removed lamp and installed apache/php5 alone
<lynxman> EM03: you've been so far just doubting everything I've tried to give you as help, don't think I can really help you like that
<EM03> really?
<EM03> lynxman: debugging apache I promise is not gong to do anything
<EM03> its iptables I found the issue and I had no clue it did that
 * lynxman shrugs
<EM03> and dude I appreciate the help man
<EM03> when I install apache I get Processing triggers for ufw ...
<EM03> Rules updated for profile 'OpenSSH'
<EM03> Skipped reloading firewall
<EM03> is this normal for ubuntu 10.04 lts? I guess it is
<EM03> args[0]: I think that answers the question
<args[0]> hmmm.. yeah might be, I'm good... not looking forward for using LAMP anymore though
<EM03> what do you use?
<args[0]> I setuo everything manually
<args[0]> setup*
<EM03> args[0]: on ubuntu 10.04 even if you apt-get install apache2 it messes with the firewall
<uvirtbot> New bug: #827705 in u-boot-linaro "PXE boot requests non-standard config filename" [Undecided,New] https://launchpad.net/bugs/827705
<Daviey> zul: ^^ might interest you.
<erichammond> SpamapS: Just caught up with the notes above on MySQL 5.5 status. Thanks for the info.
<erichammond> SpamapS: My team was discussing this post that came out yesterday: http://www.mysqlperformanceblog.com/2011/08/15/whats-the-recommended-mysql-version/
<zroysch> lynxman: the partitions are the maximum capacity of the drives: http://pastebin.com/H6RswzCJ
<SpamapS> erichammond: I think we could have reasonably jammed 5.5 into Ubuntu 11.10, but its better if it enters via Debian.
<lynxman> zroysch: shouldn't they be type fd and not 83?
<zroysch> lynxman: probably, but that's not the issue here. they were both part of the md0 raid1 a few weeks ago
<SpamapS> erichammond: In fact Debian's mysql maintainer, Norbert, is way over worked and needs help... I'm looking at possibly gaining DD status so I can keep it up to date more easily.
<zroysch> something happened with /dev/sda so I removed it from the array and now i'm readding
<lynxman> zroysch: I kinda think it's related to the issue...
<zroysch> re-adding
<zroysch> lynxman: how would the array have been built in the first place? the partition types have not changed
<lynxman> zroysch: try making sda1 type fd
<lynxman> zroysch: the checks it does when building a new array vs the checks it does when trying to add a new member to an existing array are not the same
<zroysch> lynxman: dont the partition tables of each drive need to be identical to join an array?
<lynxman> zroysch: not really, they partitions just need to be equal or bigger
<lynxman> zroysch: the new partition needs to be at least same in size to the existing one, by having type 83 it's my hunch that mdadm is having trouble seeing that
<zroysch> lynxman: ok, let me try repartitioning
<lynxman> zroysch: it's the only reason that I can remotely think of that could explain this
<zroysch> thanks for your help.. brb
<zroysch> WARNING: GPT (GUID Partition Table) detected on '/dev/sda'! The util fdisk doesn't support GPT. Use GNU Parted.
<zroysch> I can't remember why I did this
<zroysch> probably just trying something new
<zroysch> does GNU Parted = GParted ?
#ubuntu-server 2011-08-17
<lynxman> zroysch: yeah I think
<lynxman> SpamapS: ping, whenever you have 5 mins, upstart question
<cjs226> anyone setup nat on an ec2 instance?
<SpamapS> lynxman: fire away, but I really do only have 5 minutes
<lynxman> SpamapS: cool, will take 3 :)
<lynxman> SpamapS: trying to setup an upstart job for a process that was using an init.d wrapper, and I need to user the wrapper (it's python calling to internal functions)
<SpamapS> lynxman: you can have an upstart job with no actual running process to track.. just use pre-start to call the 'thing start' and pre-stop to call the 'thing stop'
<lynxman> SpamapS: like this http://pastebin.ubuntu.com/667787/
<lynxman> SpamapS: smoser suggested the expect fork, right now the upstart job hangs indefinitely as it is, I guess it's due to that
<SpamapS> For that, I'd just drop the expect fork, and move the script to pre-start script
<SpamapS> The upstart job will work like a place holder for boot/shutdown...
<SpamapS> but otherwise will get out of the way.
<lynxman> SpamapS: cool, was just a bit concerned of using pre-start instead of start
<lynxman> SpamapS: thanks :)
<SpamapS> lynxman: its a little obtuse, but works wonders for getting things into upstart without fully migrating them. :)
<SpamapS> btw, your start on is *WAY* too verbose
<SpamapS> just start on runlevel [2345]
<lynxman> SpamapS: hehe yeah we were discussing it with smoser last Friday so I wanted to be safe
<SpamapS> both of those events are guaranteed to happen before runlevel 2
<lynxman> SpamapS: cool, will reduce that as well
<SpamapS> plus this way when you go from runlevel 1 -> 2 .. it will actually get started back up.
<smoser> so what does 'status' show for a job that has no job ?
<lynxman> SpamapS: neat
<lynxman> smoser: I guess "nothing to see here, move along"
<smoser> and why would you not want upstart to correctly track a pid ?
<smoser> how would it know if the thing died ?
<SpamapS> smoser: its start/running but no pid
<smoser> i'm generally curious
<smoser> generally and genuinely
<SpamapS> smoser: because upstart cannot correctly track most pids
<SpamapS> They've come up with a good plan for that finally.
<lynxman> SpamapS: when are we switching to systemd?
 * lynxman hides
<SpamapS> instead of 'expect fork' it will be 'expect exit' .. which will watch for the parent's fork, but then wait for it to exit.
<zroysch> lynxman:  http://pastebin.com/kWFtcb30
<SpamapS> smoser: tracking pids is over rated, some services actually do it all by themselves. ;)
<SpamapS> anyway
<SpamapS> I'm late.. good luck!
<lynxman> zroysch: out of ideas then, you definitely have something weird going on there...
<zroysch> well i do have the data backed up
<zroysch> i guess i could just start over from scratch
<lynxman> zroysch: if that's an available option I would go for it, and make both fd this time ;)
<lynxman> zroysch: software raid gets confused way too easily
<zroysch> lynxman: i've never run into this problem before.
<lynxman> zroysch: me neither :)
<zroysch> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500309
<zroysch> hmm
<uvirtbot> Debian bug 500309 in mdadm "mdadm thinks disk is not large enough to be added, but it is (v1 superblock)" [Grave,Fixed]
<zroysch> old bug resurfacing?
<zroysch> i have mdadm v3.1.4
<zulax> does ubuntu server come with lesser repositories?
<zulax> cant seem to find git-core
<zulax> nm, after an update i got it
<pmatulis> an update will not get you a new package
<twb> zulax: it was renamed to "git" about twelve months ago
<zulax> ok
<JRWR> Having a issue with nginx 1.0.5, php-fcgi with php-fpm over a socket is using its cache a little to aggressive, it seems that ALL requests are being send to the same file, which is the one cache file that was made with the first request, my configs http://pastebin.com/RND2E9fY http://pastebin.com/vxbHZf3W http://pastebin.com/xKaKAAgH
<twb> Is your PHP app sending the appropriate cache-related header fields?
<JRWR> my first test was apc.php
<JRWR> but if i do apc.php first
<JRWR> then do test.php
<JRWR> it will show what apc.php sent to nginx
<twb> Dunno, then
<twb> You could try #nginx and/or ##php, too
<JRWR> http://survivorzero.com:82/apc.php then http://survivorzero.com:82/test.php
<JRWR> test.php doesnt exist
<JRWR> and its showing the contents from apc.php
<twb> http://paste.debian.net/126447/
<JRWR> is the only cache file
<JRWR> http://pastebin.com/aLkPwh8p
<JRWR> no matter what you call it will serve that file
<JRWR> whats fun is that d41d8cd98f00b204e9800998ecf8427e = md5("")
<JRWR> thats the hash its stored in the cache
<JRWR> so... i dont think the cache has a clue to what the request URI is
<uvirtbot> New bug: #827681 in cobbler (universe) "Cobbler does not generate pxelinux.cfg files for ARM" [Medium,In progress] https://launchpad.net/bugs/827681
<twb> ARM supports PXE?
<twb> I thought PXE was an x86ism
<JRWR> why wouldnt it?
<twb> As opposed to what I *have* seen on ARM/uboot, which is to hard-code the TFTP server address and the filename
<uvirtbot> New bug: #827755 in tftp-hpa (main) "package tftpd-hpa 5.0-21ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/827755
<NCommander> hallyn: ping, I think there's a serious problem with your cgroups/lxc
<NCommander> ^implementation
<uvirtbot> NCommander: Error: "implementation" is not a valid command.
 * NCommander facepalms
<lifeless> NCommander: whats aup?
<NCommander> lifeless: so lxc uses/requires cgroups to make sure containers are separate from each other, right?
<lifeless> yes
<lifeless> key component of the implementation
<NCommander> lifeless: right, but then why does LXC work if cgorup namespaces are unavailable? (they were removed with 39(?))
<lifeless> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a77aea92010acf54ad785047234418d5d68772e2 ?
<NCommander> The replacement is clone_process, but that's not enabled by default and there's no way to get cgroups to use them with cgconfigparser
<NCommander> lifeless: as it stands, I think cgroups aren't being properly used, but LXC doesn't emit a warning or error (aside from a misleading message in lxc-checkconfig)
<lifeless> hmmm
<lifeless> I think this is out of my expertise ;)
<NCommander> (this is true on i386/amd64 as well)
<twb> lxc is just a thin shim around cgroups
<lifeless> so I think ns_cgroup isn't needed
<NCommander> twb: right, but namespaces areno longer available
<lifeless> and never really was, it was a convenience
<twb> But a default lxc configuration will not virtualize much at all -- e.g. no namespace (containerization) for the filesystem, network stack, etc.
<NCommander> lifeless: no, they were replaced with clone_instance
<NCommander> whichis a mounting option when you create the cgroup (there is no way ot specify the necessary flag via cgconigparser)
<lifeless> I see your point
<lifeless> like I say, we've reached the edge of know-how.
<NCommander> twb: lxc-checkconfig says namespaces are 'required' although if clone instances are enabled, it says 'enabled' with a new line
<lifeless> NCommander: can you file a bug @ https://bugs.launchpad.net/ubuntu/+source/lxc ?
<lifeless> NCommander: serge is pretty active there
<NCommander> lxc-stop appears to be broken like this
<twb> lxc-stop is probably broken for unrelated reasons
<NCommander> twb: lxc-stop works properly if clone_children is set on the cgroup instances
<twb> Of course my experience is limited to .32 so I may be talking bullshit
<lifeless> NCommander: thats extremely interesting
<NCommander> I got lxc-stop to work after a few tries. No idea why
<lifeless> NCommander: so it 'works' first time for me, always has (though it whines but actually does its  thing)
<lifeless> NCommander: but the lack fo power-off means that processes don't go down quite as they might expect
<NCommander> twb: lifeless: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/827798
<uvirtbot> Launchpad bug 827798 in lxc "LXC works without warning regardless if cgroup namespaces are properly available" [High,New]
<uvirtbot> New bug: #827798 in lxc (main) "LXC works without warning regardless if cgroup namespaces are properly available" [High,New] https://launchpad.net/bugs/827798
<NCommander> the bot is lagged :-/
<rickjaruiz> slow server 10.04 in hyper-v vm, can anyone help?
<rickjaruiz> nvm, thank you google
<twb> rickjaruiz: what was the issue?
<twb> Rather, what was the cause and the fix
<rickjaruiz> disable the frame buffer module: edit /etc/modprobe.d/blacklist-framebuffer.conf and add the following line:  blacklist vga16fb
<rickjaruiz> every line to be drawn for a page refresh
<twb> God damn I hate that module
<twb> And I hate that it's on by default
<twb> All it gives you is 80x30 instead of 80x25, it's not even useful when it DOES work :-/
<rickjaruiz> anyway to turn off before installation?
<twb> rickjaruiz: during lucid install, no.  Post-install and I *think* in newer d-i installs, yes
<rickjaruiz> or during installation
<twb> There's a bug in the lucid installer that prevents all documented techniques from working
<rickjaruiz> yeah it makes install take twice as long
<twb> Oh, also of course you can do the install via serial instead of VGA
<rickjaruiz> 11.04 installed in 10 minutes and 10.04 installed in 20
<rickjaruiz> im running it as a virtual machine in hyper-v
<twb> If Microsoft's virtualization technology can't emulate a COM port, it ought to be scrapped.
<rickjaruiz> how can i get a remote gui file access?
<twb> I don't know or care; GUIs are not a server issue.
<rickjaruiz> or whats a good way to transfer files between serveres
<rickjaruiz> i new to linu
<rickjaruiz> linux
<twb> SFTP.
<rickjaruiz> how do u install in server?
<twb> Or scp, which is pretty much the same thing.
<twb> Both are components of SSH
<rickjaruiz> so just udo apt-get install openssh-server?
<rickjaruiz> *sudo
<twb> rickjaruiz: if you have not already done so, you should read the ubuntu server guide (mentioned in /topic)
<twb> rickjaruiz: yes.
<rickjaruiz> i mgoing through it and asking questions at the same time
<rickjaruiz> helps me remember
<twb> OK
<rickjaruiz> but yeah so much to learn from that guide
<rickjaruiz> i have to take it in sections
<KE1HA> Is there any known problems / bugs affecting 11.04-Server and Samba? I've been tryng to setup a simple share for hour, and its just not happening, even with SWAT
<Gxt4> Evening.. Is there a way to have initrd get all ip's from dhcp servers before doing it's iscsistart ?
<Gxt4> for now , the moment it booots , its gets an ip , then immediately tries to make iscsi connections. ending up being unable to connect.
<ttx> Daviey: about my rootwrap, I think I'll have to defer to Essex, I'm a bit busy atm
<ttx> Daviey: on the plus side, this will allow to generally discuss security improvements at ODS
<ttx> Daviey: and nobody strictly asked for it in MIRs afaict
<ttx> Daviey: thoughts ?
<Daviey> ttx: Well nova MIR hasn't been ack'd yet
<ttx> Daviey: sure but that wasn't part of it -- anyway, I commit to doing it for Essex, so would be in LTS
<Daviey> But yes, apparmour and sudo limitation seemed more favourable to me, but i understood i was overuled on that.
<Daviey> ttx: How much work is involved forking what we had before?
<ttx> Daviey: I'm almost done with the wrapper -- the devil being in the "almost"
<ttx> Daviey: also I feel a bit uncomfortable pushing it now
<Daviey> ttx: Having the proof-of-concept published somewhere would allow it to be mentioned in docs.
<ttx> Daviey: first shot is at https://code.launchpad.net/~ttx/nova/privsep2
<ttx> but I can't really spend more time on it this week(s), and would like to have it properly testcased
<ttx> so to do it right, I need more time -- and that time would allow us to discuss how to do it
<Daviey> ttx: Where will this live eventually, packaging branch? contrib/ in upstream or a core part of upstream?
<RoyK> morning
<Daviey> hey RoyK
<ttx> Daviey: if we follow what I started, it will live in bin/nova-rootwrap in nova + contrib filter files in Nova.
<ttx> again, some discussion around it at ODS sounds like a good idea
<ttx> I need to work on the registration site now
<Daviey> ttx: Why did you start it from scratch?
<ttx> Daviey: as opposed to ?
<Daviey> forking what we used to use
<ttx> (1) because there is no way I can write security code in C right and (2) I'd like it to live in Nova
<Daviey> ok, thanks
<ttx> so that someone adding a sudo command can fix the file
<Daviey> ttx: Thanks for letting me know.
<ttx> Daviey: that was the result of a discussion with mdeslaur, fwiw
<ttx> anyway, I prefer not to rush security code :)
<Daviey> i'll catch up with mdeslaur regarding this, hopefully today.
<ttx> Daviey: I think it's better to discuss how it's best done, and implement it with plenty of safeguards in essex
<Daviey> ttx: yah
<ttx> rather than adding one more branch merge proposal to our FF queue
<ttx> (deadline for feature merges being Monday)
<ttx> If I had one more week I would probably have done it
<Daviey> aw frack
<ttx> I was a bit optimistic on how much free time I'd get :)
<eagles0513875> hey guys what is needed to do a remote network installation
<Daviey> eagles0513875: a good preseed :)
<eagles0513875> ? meaning what
<Daviey> eagles0513875: entirely hands off, or over SSH>
<Daviey> ?
<eagles0513875> over ssh
<Daviey> https://help.ubuntu.com/community/Installation/OverSSH
<Daviey> ^^ not the best way IMO.
<uvirtbot> Daviey: Error: "^" is not a valid command.
<Daviey> https://help.ubuntu.com/community/Installation/NetworkConsole <-- much better
<eagles0513875> humm ok
<eagles0513875> i just dont want to migrate my keyboard nad monitor over to my room where my server is at hence why im askin
<eagles0513875> Daviey: so i boot the iso or the bootable usb on the machien im currently on right then follow the steps from there?
<Daviey> eagles0513875: If you are doing this for the first time, and mainly doing it to save time.. you are better off moving the monitor and keyboard.
<eagles0513875> ok
<eagles0513875> :-/
<twb> Daviey: why, because of the 1:1 correspondence with the udeb name?
<twb> Oh, nm, those articles are different.  Thought you were discussing the name of the article
<eagles0513875> hehe
<twb> The overssh version is a pita
<eagles0513875> last question guys i need to back up my current email server which is running dovecot postfix and spamassassin
<twb> Better off just put the mini.iso kernel and ramdisk and preseed in the /boot of the unix system you want to blow away
<eagles0513875> thing is i need to change disks i bought 2x1tb hdds for raid
<Daviey> twb: Yeah, suggesting against debootstrap - in favour of using the ssh support within d-i
<eagles0513875> in regards to my question above relating to email
<twb> Then you reboot, pick d-i from the grub menu, and it'll load into RAM.  At that point, you have everything in RAM and can blow away the HDD you booted from
<eagles0513875> i just need to backup the postfix conf file the dovecot config and spamassassin config maildir correct and i should be fine
<twb> debootstrap has a whole bunch of hairy edge cases like creating /etc/hosts, and it's a PITA to remember all of them
<twb> And if you're using grub, that's a bloody huge nightmare to install via a chroot, unlike extlinux
<greppy> eagles0513875: as a general rule, I would back up all of /etc, tar -cfp etc.tar /etc, then save the .tar file where you can get to it.
<eagles0513875> greppy: why though?
<eagles0513875> guess it woudlnt hurt
<eagles0513875> wouldnt
<greppy> because there have been times when I have remembered that I needed something AFTER I wiped the disk :)
<eagles0513875> this disk isnt getting whiped
<eagles0513875> its going into storage
<eagles0513875> atm my server only has one 750 hdd
<greppy> and having groups/passwd/shadow, etc backed up is handy
<eagles0513875> im putting in or hoping to put in 2x1tb hdd raid 1
<eagles0513875> agreed
<eagles0513875> :) thanks for your input greppy :)
<greppy> *nod* still easier to have a tar ball of all of /etc instead of having to shove the drive into another system to get data off of it.
<eagles0513875> im gonna take my server offline for a sec to check something
<eagles0513875> guys is it easy to setup raid if i add a 2nd hdd at a later point in time
<philipballew> what option after ifconfig shows me all avaible interfaces not just the up ones
<_ruben> philipballew: don't use ifconfig, it's been depreciated for ages, use the 'ip' command instead .. 'ip link' for all interfaces, 'ip address' for all ip addresses on thos einterfaces, 'ip route' for all routes, etc
<_ruben> 'ip help' and 'man ip' for more info :)
<philipballew> _ruben, ive never even herd of that command. its better?
<eagles0513875> _ruben: havent heard of that command either
<_ruben> 'ip' offers way more options than 'ifconfig' and is less braindead .. ifconfig for instance can't see multiple ip addresses per interface, only ip aliases, which basically are a nasty workaround to the actual problem
<ikonia> ifconfig can see multiple interfaces per interface, no problem
<twb> ip's easier to read, too
<_ruben> multiple interfaces per interface ? :)
<twb> http://paste.debian.net/126482/
<_ruben> nice example of flaws: http://paste.ubuntu.com/668056/
<twb> Yep
<philipballew> this conversation is still goin?
<philipballew> nice!
<twb> ifconfig's only good feature is that it's available on SUS systems you might have to deal with
<twb> Like say SCO or Solaris
<twb> Although ISTR they don't have a route(8) that does what you expect, for some reason that functionality is in netstat(8)
<_ruben> twb: hence lots of people using netstat -r on linxu as well :)
<ikonia> I still use netstat -rn for things like the routing table
<_ruben> yuck
<_ruben> `ip r` is so much shorter to type and cleaner output-wise :)
<ikonia> netstat is clean enough and works on all the platforms I use as a standard format
<_ruben> and netstat -rn is semi-braindead too, doesnt list source ip address for instance :)
<_ruben> then again, to each his own :)
<uvirtbot> New bug: #827922 in tomcat6 (main) "On Tomcat6 shutdown web apps do not get shutdown" [Undecided,New] https://launchpad.net/bugs/827922
<reisi> hmm apparently one cannot edit their lp-comment?
<_ruben> sounds more appropriate to be asked in #launchpad i guess :)
<Ursinha> reisi: no, editing comments isn't possible right now :/
<reisi> well if there was a way i guess someone would had shouted, no need to go bully the launchpad crowd :)
<Ursinha> reisi: https://bugs.launchpad.net/launchpad/+bug/80895
<uvirtbot> Launchpad bug 80895 in launchpad "comments on bugs/answers/merge proposals/etc cannot be edited" [Low,Triaged]
<tdr112> hey guys , how would i add a file to a .war file , i tried tar , but it can use war files
<lynxman> tdr112: war files are zip files, just rename, unzip, add file, rezip, rename
<tdr112> thanks lynxman
<mrryanjohnston_> I'm running ubuntu server 11.04 on vmware player. I added a second interface in /etc/network/interface and now I can't resolve outside network addresses. Any insight into this?
<mrryanjohnston_> Added the second interface by adding the following lines: #Host-Only  /  auto eth1  /  iface eth1 inet dhcp
<smb> Hey, just a quick question: is there something like the ubuntu-desktop^ (task) for the server seed? ubuntu-server^ does not work. Just may be handy sometimes as at least on the desktop normal upgrade sometimes "forgets" to install vital things...
<mrryanjohnston_> ah, it seems like /etc/resolv.conf is getting re-written
<andol> smb: Well, there is a task simply called server, as well as a set of more specific server tasks (openssh, postgres, etc)
<andol> tasksel --list-tasks
<andol> Even if they might not give you the exact same thing as  the server install seed.
<andol> (Don't see anything about the server kernel for one thing.)
<smb> andol, Ah, cool. So it seems there already is one thing missing here... Well, I usually know when I am missing the kernel... ;) But other things not so much
<smb> ... hm, not that those would force back useful things like tasksel or command-not-found which were probably removed due to broken dependencies. But ok, I can bring those back...
<hggdh> Daviey: did you get my comment about -enroll?
<hggdh> and good morning
<Daviey> hggdh: i did not :(
<Daviey> hggdh: where did you send it?
<hggdh> Daviey: lp:~hggdh2/+junk/cobbler-enroll2
<Daviey> hggdh: will look shortly
<Daviey> How is it looking>
<hggdh> Daviey: seems good (but I still have no clue on how to do the actual config via a postinstall
<hggdh> which is to say, apart from the postinstall (and a man page for it, lintian is not very happy about lacking it), it is ready
<Daviey> hggdh: db_get :)
<Daviey> hggdh: you rock
<hggdh> Daviey: send me what you have, and I will try it
<Daviey> hggdh: not done yet
<hggdh> Daviey: k. BTW, I changed the templates slightly, and changed the NIC dialog to a selection
<Daviey> hggdh: ooo, nice
<Daviey> hggdh: so it lists all the NIC's?
<Daviey> hggdh: how much code did that take?
<hggdh> Daviey: 3 lines in the template :-)
<Daviey> I put the logic for the nic's as much as possible into C, to try and keep it small.
<Daviey> hggdh: wow. Is that multi-select?
<hggdh> yes
<hggdh> Daviey: one thing we might ant to look at is if the user may select more than one interface
<hggdh> s/ ant/ want/
<Daviey> hggdh: yeah, i'm not going to be a perfectionist over that TBH
<hggdh> heh
<Daviey> the main target audience is using it to preseed; or selecting "all"
<hggdh> man, perfection is an unattainable dream
<hggdh> 'it works' is almost perfect
<Daviey> Hah, landing it is a dream :)
<hggdh> lol
<hggdh> brb
<uvirtbot> New bug: #828036 in mysql-5.1 (main) "MySQL daemon keeps dying and restarting when using ssl connections" [Undecided,New] https://launchpad.net/bugs/828036
<smb> zul, so today (not sure whether it is because its Wednesday or because I pulled int the virt-host task which added libvirt-bin) bonding comes up ok, though the pbond0 that used to be created is not. PVM seems ok with net. HVM started with xm does fail/hang early trying to do large order allocations of some kind. Started with xl comes up to the point where the IDE emulation wait and resets itself endlessly...
<smb> zul, Guess I check that again tomorrow... :-P
<RoAkSoAx> Daviey: ping
<Daviey> RoAkSoAx: pong
<RoAkSoAx> Daviey: ok so I got ARM booting, not installing thouhg :)
<RoAkSoAx> Daviey: but it is in process
<uvirtbot> New bug: #828047 in postfix (main) "postfix init script copies smtp_tls_CApath /etc/ssl/certs to /var/spool/postfix/etc/ssl/certs/etc/ssl/certs" [Undecided,New] https://launchpad.net/bugs/828047
<CrazyGir> hello! I have a 11.04, kvm based VM server with a handful of VMs running. Some should only be accessible via a private network, but not externally addressable, others should get external IPs routed through the VM server. I have the private net working fine (though I did not set this up), and I have seen other systems with a bridge interface setup to allow VMs the ability to hop on the external network/subnet and get DNS pointing at them direct
<CrazyGir> I'm not sure I fully understand how the bridge and VM server ought to be setup to allow for that
 * patdk-wk uses bridges for all of that, private and non-private
<CrazyGir> guidance / topics to research / etc are all appreciated
<CrazyGir> patdk-wk: could you give me an example? is this all configured in /etc/network/interfaces?
<CrazyGir> or is there VM configuration as well (aside from a VM having brX as its source?)
<patdk-wk> in my case no, I did it manually
<CrazyGir> how do you mean?
<patdk-wk> vm's would never have a brX
<CrazyGir> not as a source if?
<patdk-wk> manually = not using a script
<CrazyGir> patdk-wk: would you consider /etc/network/interfaces a script?
<patdk-wk> crazygir, /etc/network/interfaces is a config for a script, so yes, it's using a script
<CrazyGir> does that configuration (your manual method) persist across reboots?
<CrazyGir> do you use puppet for system management at all?
<CrazyGir> cause I don't really see that working if you are leveraging puppet
<CrazyGir> that said, I would be curious how you did it
<CrazyGir> I'm sure I can figure out how that translates
<patdk-wk> who said I used puppet?
<CrazyGir> I'm just going into uncharted territory at this point and unsure how the pieces I understand connect
<patdk-wk> I don't think puppet even existed in 8.04
<patdk-wk> it seems to be documented pretty good in the manual: https://help.ubuntu.com/community/KVM/Networking
<CrazyGir> I didn't say you did, I asked if you did
<CrazyGir> so using bridges is the way to do this?
<patdk-wk> using bridges is an easy way to do it
<Ursinha> Daviey: would you be able to generate the list of bugs we have in http://status.qa.ubuntu.com/reports/ubuntu-server/release-bugs.html other than using tags?
<patdk-wk> dunno if it's the best for your case or not, but generally it's simple and easy, and repeatable
 * CrazyGir nods
<patdk-wk> if you just think of each bridge as a seperate switch
<patdk-wk> and you plug the vm's into those switchs (bridges)
<CrazyGir> fantastic, I'll dig a little deeper here and see how well this will fit
<CrazyGir> yea, that makes sense
<CrazyGir> but how to create that in linux does not always make as much sense to me
<CrazyGir> I would be able to work my way through most all of this setup on OpenBSD with the manpages only
<CrazyGir> that doesn't happen in linux for me for some reason :)
 * CrazyGir shrug
<CrazyGir> either way, I'll see where this gets me, thanks patdk-wk
<Gxt4> the moment i add a second NIC to a system that boots over iscsi , initrd screws me over.  are there docs somewhere on how to force initrd to either pause till both my nics have an ip before continuing with iscsi , or force it to only start "iscsistart" when a particular nic has an ip.
<Gxt4> i have tried scsi-if=ethX
<Gxt4> but nada
<Gxt4> if i stick in the cable in the second nic it's broken.
<patdk-wk> heh
<Gxt4> i have tried 3 different systems btw
<patdk-wk> second nic was added after the first one? and is normally called eth1?
<Gxt4> it's the same
<Gxt4> if i install with eth0 or eth 1 as a primary
<Gxt4> or if i do an install with only 1 and then add it later
<Gxt4> even if ubuntu server is instyaled and configured with only 1 nic , the moment i add the second and it has a cable , it fucks up in initrd
<Gxt4> it gets an ip for the other nic
<Gxt4> and tried to contact my target
<Gxt4> through the other interface
<CrazyGir> ouch
<Gxt4> which is on another subnet and has no iscsi targets
<patdk-wk> guess the iscsi script grabs first to get dhcp working
<patdk-wk> dunno, would have to check the iscsi initrd scripts
<Gxt4> it should wait till all nics are up ..
<CrazyGir>      you could have it run last?
<Gxt4> what do you mean Crazy ?
<Gxt4> Yes , it all works peachy on all systems untill i stick in another card
<patdk-wk> gxt4, not really, it should know what one is used for iscsi maybe
<Gxt4> brands?
<hallyn> Daviey: is libcgroup not in the list of packages server team watches?  I don't see new bugs announced here by the bot...
<zul> smb: cool i hope to get to it next week at a conference this week
<Gxt4> well yes
<Gxt4> @patdk-wk initrd should keep a record of which nic the target is on
<smb> zul, ack
<Gxt4> @patdk-wk aparently it doesn't ..
<CrazyGir> Gxt4: can you do a static network configuration
<Daviey> hallyn: no.. not as yet, you think it should be?
<Gxt4> @crazy once it's past initrd it's all peachy
<Gxt4> @ i can configure ip's via dhcp or fixed then
<CrazyGir> dunno, I'm not a ubuntu guru
<Gxt4> @ the problems are before os is loaded
<hallyn> Daviey: well it affects lxc and libvirt.  so maybe.  Of course, so do most things in foundations :)
<zul> hallyn: what does?
<hallyn> libcgroup
<hallyn> zul: ^
<zul> ah ok
<Daviey> hallyn: I wonder if this is best on your personal list?
<hallyn> but maybe it's just my problem and no one else here woudl care to see them
<Daviey> hallyn: The rest of us will no doubt have NFI how to triage those issues.
<hallyn> Daviey: when it breaks it can break your whole openstack/uec/ensemble/whatever stack...  it definately seems server related to me.
<Daviey> hallyn: argh, ok
<hallyn> (as it's doing right now - ask smoser :)
<hallyn> Daviey: but ok, if noone else is going to bother looking anyway then forget it
<hallyn> i have a few more reboot tests to do, biab
<Daviey> hallyn: added
<hallyn> Daviey: tbh my sense is that libcgroup has fundamental flaws, and for our deafults we would be better off with a simple upstart job that mounts the cgroups
<hallyn> maybe i should discuss on -devel...
<smoser> hallyn, did you not author that ?
<hallyn> smoser: no!
<smoser> you're talking about cgroup-bin, right?
<hallyn> yes
<hallyn> and libcgroup1 in general
<Daviey> hallyn: added now.. it's a topic for UDS i think
<hallyn> what is a topic for uds?
<hallyn> oh, you mean it *should* be
<Daviey> hallyn: the flaws and perhaps an upstart job.
<hallyn> ok
<Daviey> hallyn: really your judgement on this matters more than mine, is it too late in the cycle to look at switching?
<Daviey> based on reward/gain, potential instability and work we already have pending
<hallyn> Daviey: its' past FFE at any rate :).  I don't see where the cgroup-lite package could cause instability, and
<hallyn> I can see a lot of time being spent working around cgroup-bin issues.  And since lxc now depends on it, that tiem will have to be spent
<Daviey> hallyn: it's not past FFE :)  it's past FF, but with a FFe get out of jail card.
<hallyn> I don't know of anything which actually depends on cgred or cgroup-bin.  They just dpeend on cgroups being mounted
<Daviey> (everyone gets issued one get out of jail card, use it wisely)
<Daviey> utlemming: around?
<hallyn> Daviey: oh yeah, there's also all the cpu time and batt life which cgclassify consume :)
<hallyn> anyway, boot time
<hallyn> Daviey: no, before i do, lemme ask - do you mind looking at and pushing http://people.canonical.com/~serge/ipxe.debdiff
<hallyn> biab
 * Daviey looks
<Daviey> hallyn: Do reverse depends need handling, and/or a kvm-pxe transistional package?
<Daviey> utlemming: Have you had a chance to look at the ipxe bug you were touching?
<RoAkSoAx> zul: ok it works :)
<RoAkSoAx> zul: arm/cobbler pxe
<zul> RoAkSoAx: that didnt take you long :)
<RoAkSoAx> zul: nah :) though there's one thing that i'm gonna change within cobbler for ARM archs which is to create the PXE file in the way of <MAC in uppercase> instead of 01-<mac lowercase> because u-boot is not fully compliant to standars just yet
<jose__> hello
<zul> RoAkSoAx: i just saw the bug report for it
<jose__> can anybody help me with a samba problem?
<RoAkSoAx> zul: cool there's a patch already
<zul> RoAkSoAx: our delta is getting quite large can you send that patch upstream as well
<zul> im going to do a new snapshot next week
<jose__> aloha
<jose__> iam sharing files with samba in an Ubuntu 10.04 server, when i copy/write a file in the server speeds reach 10mb/s both sides, but i work with acces files and its painful becauso of the slowness
<RoAkSoAx> zul: ok cool, I'll send a few patches over by the end of the week
<RoAkSoAx> w
<jose__> forever alone, nobody help neither in samba irc
<bkerensa> jose_: Whats the problem I might be able to help
<hallyn> Daviey: how would we do a transitional package?
<Daviey> hallyn: is kvm-pxe going awol?
<hallyn> yes, but i'm not sure when
<Daviey> hallyn: this cycle?
<hallyn> if we want to wait on ahving ipxe confict-with kvm-pxe,
<hallyn> then that woudl be fien - but installing the symlinks kvm needs should be done asap
<hallyn> Daviey: i don't know.
<Daviey> hallyn: agreed, just thinking ahead.
<hallyn> I don't know who was going to push that button
<hallyn> Daviey: do you know that there are things depending on kvm-pxe?
<Daviey> usually, kvm falls onto our team :)
<hallyn> but this is technically 'etherboot'
<hallyn> and it's been kicked by debian
<Daviey> hallyn: just qemu-common and testdrive
<Daviey> not checked for reverse recommends tho
<hallyn> i thought qemu-common only suggested it?
<hallyn> anyway my next step was gong ot be to update kvm to recommend ipxe and drop kvm-pxe suggests
<hallyn> same should be done with testdrive
<hallyn> but i don't knwo if that's jumping the gun
<hallyn> rmadison -u debian etherboot shows it's out of sid
<hallyn> which, iiuc, means it's effectively unmaintained...
<Daviey> i expect it is
<hallyn> and, i'm growing more and more convinced i want to create cgroup-lite pkg :)
<Daviey> hallyn: i don't think it's really a feature change, as the contents are just moving into a different package
 * hallyn watches the hour hand laugh as it keeps moving on and leaving my productivity behind
<hallyn> meaning?
<Daviey> hallyn: Probably best to discuss the merits on a public FFe bug, subscribing Stephan
<hallyn> smb?
<Daviey> stgraber
<smb> hallyn, hu?
<hallyn> smb: nm, carry on, sorry :)
 * smb goes back to sleep
<hallyn> Daviey: an FFE for dropping etherboot right?
<hallyn> Daviey: do you midn in the meantime cherrypicking the good part of the debdiff?
<Daviey> hallyn: I think it looks ok.. i assume you have tried it?
<hallyn> of course :)
<hallyn> using it the last two days
<stgraber> Daviey: ?
<hallyn> stgraber: debian has dropped etherboot in favor of ipxe
<hallyn> stgraber: we'd like to post FFE to do the same
<hallyn> Daviey: suggested i subcribe you
<stgraber> ok
<Daviey> hmm, that was in regards to cgroups - that i thought stgraber had an interest in
<hallyn> ah
<hallyn> in that case,
<hallyn> stgraber: then i guess Daviey was suggesting i file an FFE bug to create cgroup-lite package
<lynxman> Daviey: ping
<Daviey> lynxman: o/
<hallyn> stgraber: which would conflict with cgroup-bin, and just ship an upstart job to mount all controllers separateuly under /sys/fs/cgroup
<stgraber> hallyn: what would be the difference with cgroup-bin?
<Daviey> hallyn: Ah, you are quite correct kvm-pxe is only a suggests of qemu-common
<hallyn> stgraber: cgroup-bin reclassifies all tasks, and does so in a racy way
<hallyn> and enables cgclassifyd by default which is pretty heavyweight given that noone uses it
<lynxman> Daviey: I've got the swift scripts working, finally, you want a debdiff?
<lynxman> Daviey: so bug + debdiff and such
<Daviey> lynxman: hell.. yes.. :)
<hallyn> lxc and libvirt only want the cgroups to be mounted.  They don't want cgroup-bin mucking with things under there.
<Daviey> lynxman: you could propose a branch to the shared packaging branch
<Daviey> lynxman: ~openstack-ubuntu-packagers
<lynxman> Daviey: that would be option 2
<lynxman> Daviey: you prefer a branch? :)
<Daviey> lynxman: well i'd have to turn your debdiff into a branch myself otherwise :)
<lynxman> Daviey: alright, branch it is
<Daviey> rocking!
<lynxman> \m/
<hallyn> stgraber: (biam, reboot time) if you want convincing, take a quick look at the libcgroup bug list - some are fundamental, and i don't really want to force all lxc users to run that
<jose__> <bkerensa>  iam sharing files with samba in an Ubuntu 10.04 server, when i copy/write a file in the server speeds reach 10mb/s both sides, but i work with acces files and its painful becauso of the slowness
<bkerensa> jose__: Unfortunately I do not use Samba but could it be network related?
 * SpamapS stretches
 * SpamapS slogs into the daily swamp of email with his DeleteKey-2001 pumping out useless bytes as fast as possible
<jose__> <bkerensa> could be, i asked also in samba channel
<Ursinha> tough day
<lynxman> Ursinha: hope you still have energy
<SpamapS> Ursinha: too many bugs? ;)
<Daviey> Ursinha: are you claiming there a defects in the magic we do?
<Ursinha> hah
<ivoks> Daviey: is there anything i can do for you guys? i have some free cycles...
<ivoks> :)
<ivoks> Daviey: nothing critical, cause i might get pulled out without notice :)
<Daviey> ivoks: Awesome!
<Daviey> ivoks: You used to touch postfix, right?
<Daviey> ivoks: well logwatch could appreciate your love, bug 809753 :)
<uvirtbot> Launchpad bug 809753 in logwatch "logwatch bug in postfix filter" [Medium,Triaged] https://launchpad.net/bugs/809753
<ivoks> hehe ok
<Daviey> <-- hero of the day, ivoks
<Daviey> err arrow the wrong way around
<uvirtbot> New bug: #828061 in libcgroup (universe) "libvirt-cgred-wait.conf is broken" [Critical,In progress] https://launchpad.net/bugs/828061
<uvirtbot> New bug: #828186 in cloud-init "cloud-init should output some network debug info" [Undecided,New] https://launchpad.net/bugs/828186
<ivoks> Daviey: debdiff attached
<uvirtbot> New bug: #827279 in libcgroup (universe) "Several problems in cgclear" [Medium,In progress] https://launchpad.net/bugs/827279
<sidnei> hallyn, around?
<bernhard2>  is it best tosetup exim4 with maildir ??
<ivoks> i preferr postfix and maildir
<bernhard2> basicly need an email server with smtp, imap
<patdk-wk> yay, dovecot, postfix :)
<ivoks> we have that configured for you :)
<ivoks> just install mail-stack-delivery
<ivoks> answer couple of questions and you are done
<bkerensa> postfix for the win
<bernhard2> how do i uninstall exim4 ?
<patdk-wk> apt-get purge exim4
<uvirtbot> New bug: #828237 in openldap (main) "slapd forks and exits before it is listening, creating a race between listening and any dependent services" [Undecided,New] https://launchpad.net/bugs/828237
<JasioK> Heya folks, I'm using Ubuntu 10.04 LTS and it seems my postfix doesn't want to work with webmail- third-party access via Outlook/Thunderbird etc is fine but anytime I try to load webmail I get "An error occurred listing mail in this folder : Failed to connect to localhost:143 : Connection timed out". I can't seem to find what would be causing the issue since the postfix/dovecot files look fine, and there isn't anything blocking the port.
<hallyn> smoser: if you're interested, a proposed fix for the libvirt not starting VMS after boot is at https://bugs.launchpad.net/ubuntu/+source/libcgroup/+bug/828061
<uvirtbot> Launchpad bug 828061 in libcgroup "libvirt-cgred-wait.conf is broken" [Critical,In progress]
<JasioK> I looked into /var/log/mail.log and there are no errors being reported.
<TheEvilPhoenix> anyone know of any Ubuntu Server Certifications?  got a friend who wants to get one.
<hallyn> sidnei: i am.  i'll be slow answering, but i'm here
<sidnei> hallyn, i'm hitting #819621, i guess lxcguest wasn't updated in the ppa although it's marked as fix-released?
<Pici> JasioK: The webmail package that you are using might be helpful to know, as well as if this issue just started or if this is the initial setup.
<JasioK> Pici, sorry- I am using webmin (virtualmin/usermin package) and the issue just started.
<hallyn> sidnei: uh yeah, not fixed in ppa.  ppa's don't get autosynced
<hallyn> sidnei: which ppa+release are you using?
<sidnei> hallyn, host is oneiric, container is lucid
<ivoks> JasioK: 143 is imap, not postfix
<sidnei> hallyn, so lxc-create added the ubuntu-virt ppa iiuc
<JasioK> ivoks, so it would be an issue with dovecot then as thati s my imap server.
<JasioK> that is*
<ivoks> JasioK: or webmail, yes
<JasioK> Looking through /var/log/syslog and running 'dovecot --error-log' and reading through the files- I don't see any errors.
<hallyn> sidnei: can you file a bug against lxc to backport lxcguest to lucid?
<sidnei> hallyn, sure.
<hallyn> sidnei: thanks.  And then I'll update the templates not to use the ppa.
<hallyn> That's just wrong
<bernhard2>  how can i check if i have dovecot installed ?
<sidnei> hallyn, bug #828262
<uvirtbot> Launchpad bug 828262 in lxc "please backport lxcguest to lucid" [Undecided,New] https://launchpad.net/bugs/828262
<hallyn> sidnei: thx
<hallyn> SpamapS: ^  I don't know how this is actually handled.  I assume it's not just an SRU?
<hallyn> eh, it's probably just not possible
<hallyn> sidnei: ^ just a warning.  i doubt we can introduce a new binary package.  but i'm going udner the 'cant hurt to ask' philospophy
<CrazyGir> hiya, in the following notes: https://help.ubuntu.com/community/KVM/Networking  under the bridge setup, "To work around this, add the following to your bridge configuration:  post-up ip link set br0 address f4:6d:04:08:f1:5f" <--- where exactly is this added?
<sidnei> hallyn, np
<hallyn> sidnei: so lemme upload new version for the ppa this afternoon.  hopefully be up by tonight
<sidnei> hallyn, awesome, thanks!
<uvirtbot> New bug: #828262 in lxc (main) "please backport lxcguest to lucid" [Critical,Confirmed] https://launchpad.net/bugs/828262
<CrazyGir> anyone know about post-up?
<andol> CrazyGir: Such as in /etc/network/interfaces?
<CrazyGir> andol: see my question noted above
<CrazyGir> I am primarily confirming this because it is not clear enough for me to feel comfortable restarting networking on a remote system, is that wiki saying to add the post-up to /etc/network/interfaces?
<andol> CrazyGir: Yes, that would be an entry you'd add to /etc/network/interfaces, for the br0 interface, with the same indention as the rest of the options (bridge_fd, bridge_wait, etc)
<andol> CrazyGir: Note that I am only interpreting the wiki page and the syntax. I have no idea whatever it actually is a good idea or not to add that post-up command.
<Daviey> ivoks: you rock star
<CrazyGir> andol: perfect, thank you for that confirmation
<CrazyGir> :)
<hggdh> Daviey: good evening, care to have a look at bug 795159?
<uvirtbot> Launchpad bug 795159 in ajaxterm "[MIR] ajaxterm" [Undecided,In progress] https://launchpad.net/bugs/795159
<SpamapS> hallyn: its handled via ubuntu backports
<jcastro> RoAkSoAx: woo! I found a cobbler bug I think!
<RoAkSoAx> jcastro: hehe :) what's the bug?
<RoAkSoAx> or what seems to be the problme?
<stgraber> hallyn: any idea of why/how cgroup-bin is breaking my laptop suspend? :)
<stgraber> hallyn: I just spent 3 hours trying to debug that issue assuming it was kernel related and went as far back as Natty's kernel without finding a single working kernel.
<stgraber> hallyn: then looked at what I installed since I reinstalled my laptop 2 days ago and noticed that removing cgroup-bin fixes everything :)
<stgraber> hallyn: with cgroup-bin installed, I can suspend once, then resume fine but second time I suspend, my laptop will just hang in the "flickering sleep LED" mode on tty1 (lenovo laptop)
<uvirtbot> New bug: #828288 in cobbler (universe) "Cobbler errors while importing mini.isos" [Undecided,New] https://launchpad.net/bugs/828288
<hallyn> stgraber: hm, there was a bug about that.
<hallyn> stgraber: i thought it was fixed
<hallyn> stgraber: presumably libcgroup moved kthreadd or somesuch into another cgroup and shouldn't have.
<hallyn> stgraber: have i convinced you yet that we should ahve cgroup-lite package? :)
<stgraber> hallyn: yes :) enough time wasted trying to fix it :)
<hallyn> the problem is it's not just one 'it'.
<stgraber> going for lunch now, definitely +1 on getting a working cgroup-lite package
<hallyn> stgraber: ok, i'll give it a shot once i get lxc backported to lucid for ppa.  i'll sling the result over to you
<hallyn> stgraber: and i guess that suspend bug shoudl be re-opened.  i think i just marked it fixed today :)
<uvirtbot> New bug: #828311 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/828311
<Daviey> hggdh: will do
<Daviey> hggdh: looks good, is there a branch/debdiff?
<hggdh> Daviey: there was ;-)
<hggdh> but I found there was a problem with my override_dh_auto_install
<hggdh> and am looking at it now
<hggdh> dammit
<Daviey> hggdh: ah.. good stuff!
<Daviey> hggdh: is it easier to patch, rather than use a rules stamp?
<hggdh> Daviey: undortunately, no... the build is auto-adding /usr/share/python/runtime.d/*, and this is what kees wants out
<hggdh> I could simply completely override bloody dh_auto_install, but this seems rather crude
<uvirtbot> New bug: #828320 in squid (main) "package squid 2.7.STABLE7-1ubuntu12.3 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/828320
<ChmEarl> 11.10 kernel is now at 3.0.0-8.9.. any chance for it to get to 3.1 anytime before release?
<RoyK> ChmEarl: out of curiosity, what's new in 3.1?
<ChmEarl> RoyK, its the xen patches I need
<RoyK> ok
<RoyK> guest or host?
<RoyK> that is - is host xen in official kernel at all?
<ChmEarl> RoyK, yes host/dom0 -- there is a vga patch in 3.1
<ChmEarl> RoyK, some 11.10 users report stable dom0 and nvidia accel driver works normally
<RoyK> didn't think xen dom0 would ever make it into the mainline...
 * RoyK hasn't really been reading much news about the issue, though, kvm works well
<ChmEarl> RoyK, its a matter of configuration and setup to get it working with 11.10 kernel
<ChmEarl> it=xen dom0
<RoyK> is xen dom0 "better" than kvm these days?
<RoyK> I mean - has anyone tried to compare the two?
<ChmEarl> RoyK, now that dom0 is in mainline kernel, you could setup kvm vs xen tests and find out in less than 1 day
<ChmEarl> I satisfied myself that xen is better for my use
<RoyK> ok
 * RoyK only uses LTS releases for his servers
<CrazyGir> ChmEarl: in what ways did you find xen better for your use?
<ChmEarl> CrazyGir,  paravirtual network speed is double for linux guests
<ChmEarl> in xen
<patdk-wk> hmm?
<RoyK> ChmEarl: are there/will there be any cluster/failover possibilities in Xen from ubuntu now?
<rickjaruiz> im using "top" with over 1gb used and i dont understand how to check what is using it
<patdk-wk> the kvm network couldn't perform?
<RoyK> rickjaruiz: ps axfv
<RoyK> rickjaruiz: and 'free'
<RoyK> rickjaruiz: even though the "used" amount of memory is high, as reported by top, it's usually far lower due to memory used for caching
<ChmEarl> RoyK, there is a launchpad team to package latest hypervisor for 11.10, but I'm not sure about cluster software
<rickjaruiz> well there should be nothing running atm
<patdk-wk> free -m :)
<RoyK> rickjaruiz: free will tell you
<patdk-wk> ChmEarl, you tested with virtio_net?
<RoyK> rickjaruiz: !pastebin free
<ChmEarl> patdk-lap, don't remember... I tested on Opensuse
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<rickjaruiz> http://pastebin.com/PTyNDTbK
<patdk-wk> 188megs used
<rickjaruiz> free
<RoyK> yeah, looks normal
<patdk-wk> seems really high, if *nothing* is running
<patdk-wk> mine is normally <50megs
<RoyK> lots of memory spent for caching, but that'll be released if a process requests it
<rickjaruiz> well mysql is running, nothing conencted to it now though
<rickjaruiz> i c
<RoyK> rickjaruiz: pastebin "ps axfv"
<rickjaruiz> http://pastebin.com/Tf9WHi8F
<rickjaruiz> ps axfv
<RoyK> so mysqld is eating 45 megs
<RoyK> should be quite ok
<hggdh> Daviey: I cannot get the $#%@ rules to delete the directory
<rickjaruiz> so in free, im looking at used buffers/cache, for what is really used in memory?
<Daviey> hggdh: why not delete it in a patch?
<hggdh> Daviey: how could it be done?
<Daviey> hggdh: sorry, perhaps i'm missing the issue..
<RoyK> rickjaruiz: free shows "free" memory as unallocated. unallocated memory is usually not good. memory allocated for caching is good
<rickjaruiz> im just kind of confused which one to look at, that tells me how much ram i readlly had left
<rickjaruiz> *really
<hggdh> Daviey: kees would like /usr/share/python/runtime.d/ajaxterm.rtupdate *not* to be there; this directory & content is auto-created by dh_*
<bernhard2> trying to make exim4 dovecot work with TLS but receive this message when i test it: Host did not advertise STARTTLS
<hggdh> Daviey: I thought I could delete it by overriding dh_auto_install, but it does not seem to work
<hggdh> Daviey: so... except for this rather small detail, it is ready
<RoyK> rickjaruiz: -/+ buffers/cache:     188172    1861960
<RoyK> the latter is the amount of memory not actively in use
<Daviey> hggdh: It should allow you to remove.. are you expanding the location correctly?
<hggdh> Daviey: I believe I am, but of course I can be wrong. The branch is at lp:~hggdh2/ubuntu/oneiric/ajaxterm/bug795159
<rickjaruiz> thanks royk
<hggdh> and I have been looking at this for so long I am probably incapable of seeing the obvious
<RoyK> rickjaruiz: sorry - how much is free
<RoyK> well
<RoyK> same thing
<mande01> Hi, I'm wanting to install a ubuntu on a USB or SD card, and have it run from there. What changes should I make to the install to allow this to work successfully?
<mande01> P.S. ubuntu server
<RoyK> mande01: it should work without changes
<mande01> Is there a way I could get it to run from RAM or stop writting log files?
<RoyK> mande01: it won't run out of RAM by using an SD card - RAM usage is the same
<RoyK> even if you install it on an SD card, or a SAS drive, or an old SCSI drive, or an ATA drive or even a floppy (if you could fit it there)
 * RoyK vouches for core memory
<mande01> Royk: sorr y I'm not making myself clear.
<RoyK> then please explain :)
<mande01> Royk: I want to install the system on an SD card but not have a lot of read or writes going to the card so it will last and be more robust.
<RoyK> you can use tmpfs
<mande01> something like freenas, but having it run from ram
<RoyK> meaning a dynamic ram drive
<uvirtbot> New bug: #756499 in libcgroup (universe) "cgroup-bin breaks suspend to RAM" [Medium,Confirmed] https://launchpad.net/bugs/756499
<RoyK> mande01: most SD cards have wear levelling in them, so it'll last quite some time
<RoyK> mande01: and if you make sure the system doesn't log everything very verbose, it'll probably work well for quite some time
<RoyK> AFAIK wear levelling became standard about 3-5 years ago, perhaps longer
<mande01> Thanks,
<RoyK> mande01: generally the root is rarely written to except for logs and swap. you can disable the swap if you like, although it might be a bad idea
<RoyK> for the logs, just configure syslog not to log to verbosely
<bernhard2> Configuring Exim4 to use TLS. Configured 03_exim4-config_tlsoptions but when i restart exim4 and check with:  exim4 -bP | grep tls_
<bernhard2> i get this output..     http://pastebin.com/VYwTEihg (it does not show what i have configured) when i test get this message  Host did not advertise STARTTLS
<bernhard2> can anyone check my exim4 issue above..
<jvargas> hi
<jvargas> I plan to setup VNC server on ubuntu 11.04, so that the user doesn't need to start an X session if server is rebooted. I mean that VNC oculd be always running.
<jvargas> is it possible and which vnc server setup should I follow?
<ChmEarl> jvargas,  vnc4server xauth
<hallyn> stgraber: http://people.canonical.com/~serge/cgroup-lite    that seems to be working for me with libvirt at least.
<stgraber> hallyn: ok. I'll grab it and test with arkose and lxc (though I guess you tested regular lxc already)
<hallyn> stgraber: heh, no i didn't.  lxc-create is spinning atm
<hallyn> gr.  W: Failure while installing base packages.  This will be re-attempted up to five times.
<stgraber> heh
<bernhard2> how can i check if Exim was compiled with OpenSSL (or GnuTLS) support
<hallyn> stgraber: eh, it needs a few tweaks yet
<stgraber> hallyn: ok. Let me know when I can test it
<hallyn> stgraber: will do
<hggdh> Daviey: finallt, bug 795159 is ready for review
<uvirtbot> Launchpad bug 795159 in ajaxterm "[MIR] ajaxterm" [Undecided,Confirmed] https://launchpad.net/bugs/795159
<Daviey> hggdh: looking
#ubuntu-server 2011-08-18
<mtx_init> How do you do a debootstrap of ubuntu server?
<uvirtbot> New bug: #828437 in chkrootkit (main) "chkrootkit cron job went nuts, spawned 14 instances and consumed nearly 90% of my ram" [Undecided,New] https://launchpad.net/bugs/828437
<hallyn> stgraber: heh, it was fine - cgroup-bin just refused to actually remove itself
<hallyn> (and as a result libvirt was not starting, so my containers couldn't attach to virbr0)
<hallyn> stgraber: the package at http://people.canonical.com/~serge/cgroup-lite  should work
<The_Rufus> for the love of all that is holy, please, can someone please help me get Ubuntu Server 11 working with a RocketRaid 2320 RAID card?
<hallyn> The_Rufus: (i probably can't help, but someone probably can) where precisely is it failing
<The_Rufus> I've installed Ubuntu server 11 x64 to a USB flash drive, I have 5x2Tb SATA drives on a RocketRaid 2320. US-s is installed on the drive and working fine
<The_Rufus> but no matter what I try, I can't get RR2320 drivers loaded
<The_Rufus> i've follwed every howto, downloaded all the drivers (ubuntu specific AND open source) from the HighPoint website
<The_Rufus> the ubuntu specific drivers are too old (ubuntu 9) and the open source generic drivers are missing a header file and won't compile
<tarvid> what is the best way to do dyndns like services using bind on ubuntu server?
<hallyn> The_Rufus: where do you get the open source drivers, and can you pastebin the output showing msising header file
<hallyn> I'm wondering whether we can find the header file for you
<The_Rufus> http://www.highpoint-tech.cn/BIOS_Driver/page/rr232x.htm <--drivers aquired from there
<The_Rufus> how can I pastebin the error?
<hallyn> The_Rufus: which part is failing?  'install.sh'?  pre-inst?
<hallyn> The_Rufus: if it's install, for instance, you can do
<hallyn> 'install.sh > output 2>&1'
<hallyn> then 'pastebinit output'
<hallyn> and paste the resulting url here (or apt-get install pastebinit and do it again :)
<The_Rufus> well, i'm doing a make
<hallyn> of what?  did you grab the ubuntu 9.04 package?
<The_Rufus> so that would be : make > output 2>&1
<The_Rufus> ?
<The_Rufus> no, open source driver
<The_Rufus> when I try the Ubuntu driver, it just says that ....insert is for linux kernel 2.6
<The_Rufus> .....ot the system to use the new driver module
<hallyn> ok - yeah make > output 2>&1 works
<hallyn> if you haven't yet, 'apt-get install linux-headers' would hopefully give you waht you need.
<The_Rufus> i say .... because I can't see the first 5 characters of my terminal because bash doesn't work with my 22" widescreen lcd
<The_Rufus> ok, pastebinit pasted to something......ubuntu.com/668763
<hallyn> uh, that looks successful.  do you have any .ko files in that tree?  ('find . -name "*.ko"')
<The_Rufus> nothing
<The_Rufus> can you give me the url to my pastebin please?
<hallyn> http://paste.ubuntu.com/668763/ ?
<The_Rufus> i worked it out
<The_Rufus> but that's NOT what's on the screen
<The_Rufus> I get (among other things): fatal error: linux/config.h: No such file or directory
<The_Rufus> [/home/rufus/rr/rr232x-linux-src-v1.10/product/rr232x/linux/.build/os_linux.o] Error 1
<The_Rufus> [_module_/home/rufus/rr/rr232x-linux-src-v1.10/product/rr232x/linux/.build] Error 2
<The_Rufus> rr232x.ko] Error 2
<hallyn> hm, it says latest supported kernel is 2.6.25
<hallyn> i would contact them and ask for any updated drivers
<The_Rufus> damnit
<The_Rufus> so if I install ubuntu server 10, would that work?
<hallyn> 10.04  was based on 2.6.32
<The_Rufus> gah
<The_Rufus> no wonder people use windows
<hallyn> 2.6.25 was april 2008
<hallyn> nonsense, i could use bios update for my 1 year old vaio under windows 7 bc that's too new
<hallyn> s/could/couldn't/
<hallyn> d'oh!  My attempts at reproducing were foiled by 3.0 kernel switch :)
<uvirtbot> New bug: #828451 in samba (main) "Very slow access to DroboFS shares" [Undecided,New] https://launchpad.net/bugs/828451
<twb> Dump the lspci -n into kmuto.jp's HCL
 * hallyn wonders who twb was talking to
<mtx_init> How do you do a debootstrap of ubuntu server?
<twb> hallyn: re rr232x, whatever that is
<hallyn> mtx_init: debootstrap lucid destdir
<mtx_init> hallyn: How is that any different than regular lucid and when regular lucid becomes EOL, what happens as lucid server is supposed to keep going.
<hallyn> mtx_init: i don't understand the question
<hallyn> twb: The_Rufus: oh yeah, this rings a bell - linux/config.h did in fact disappear at one point
<hallyn> (or maybe rather, was there at one point :)
<The_Rufus> hallyn: and....? how can I get it going?
<hallyn> The_Rufus: well, you can comment out line 12 in osm/linux/osm_linux.h, but then you run into plenty of other compile failures.
<hallyn> userspace ABI is consistent, but in-kernel is not :(  ask vendor for new source
<mtx_init> hallyn: lucid desktop is supported to 2012, server to 2015.
<The_Rufus> that didn't work
<mtx_init> hallyn: so if they have different end of life dates, how will the system know if not installed from a specific media
<hallyn> mtx_init: good question.  My understanding is that so long as you do a minimal install and stick to software from server set, you'll be supported.
<hallyn> in other words, if you file a bug against postfix in lucid, it will be addressed.
<Corey> hallyn: Is that an example, or is there a postfix bug?
<hallyn> Corey: just an example :)
<hallyn> I'm sure it is bug-free
 * hallyn runs out the door
<Corey> *snicker*
<jcastro> kirkland: RoAkSoAx: woo, provisioning my first orchestra client!
<bkerensa> jcastro: cool
<_aaron_> any one have information on creating a RIS server in ubuntu
<_aaron_> !RIS
<_aaron_> going to ask in #ubuntu
<twb> Maybe if you told us what a RIS is
<twb> Reparto Informazioni e Sicurezza, a military intelligence agency of Italy, see SIOS ?
<twb> Routing Information Service project of RIPE NCC?
<_aaron_> a pxe server for installing os's over network
<twb> Oh, that
<twb> SUre, we can help with that
<twb> A lightweight solution is to roll your own with dnsmasq, or to use di-netboot-assistant.
<twb> Heavyweight solutions include FAI (old) and Orchestra (new)
<_aaron_> where can I find information on orchestra
<twb> Dunno
<twb> It's some new-fangled thing that the locals are gushing over
<twb> Probably because they're writing it
<twb> https://launchpad.net/orchestra or something
<_aaron_> can I get the info for the di-netboot
<twb> apt-get install di-netboot-assistant
<twb> And read the appendices of the install guide
<_aaron_> i'm looking at something like FAI but I need it to also install M$
<twb> Sorry, I don't do Windows
<_aaron_> I don't like to either but this is for work and well execpt for the servers it's all M$
<twb> Shrug
<twb> You can talk to ##windows about it; I don't know anything about Microsoft systems.
<_aaron_> ##windows ?
<twb> Er, you know how to use IRC, right?
<_aaron_> kinda i know how to join channels
<_aaron_> lol
<twb> So guess what I get to do today
<twb> Make slapo-ppolicy work with xdm
<twb> That's right, we signed off on delivering password expiry under lucid at fixed price, forgetting that we had to switch from gdm to xdm when we migrated from hardy to lucid (I forget why).
<twb> This is going to be about as fun as home trepanation
<uvirtbot> New bug: #828585 in openssh (main) "ssh client prioritises ssh-agent keys over -i" [Undecided,New] https://launchpad.net/bugs/828585
<philipballew> does ubuntu still support floppy disks?
<soren> philipballew: It should, yes.
<soren> I've never ever tested it, though.
<philipballew> would i mount that any differently?
<soren> ..but the drivers are there.
<philipballew> i just found a floppy i need to read
<philipballew> so 90's....
<soren> philipballew: Differently from what?
<philipballew> any other command to mount anything
<soren> No.
<soren> Back in the old days, you'd "sudo mount /dev/fd0 /mnt"
 * smb thinks there also used to be mdir, mcopy... loooong way back
<_ruben> i usualy use(d) the mtools as well
<ivoks> only mtools :)
<reisi> does anyone have a clue on how to recover when a dpkg package list file goes corrupted?
<Daviey> soren: Am i correct in saying nobody has started packaging keystone?
<Daviey> oh wait
<Daviey> soren: Would you mind pushing your branch to the team namespace?  Anything else need doing before uploading it?
<soren> Daviey: I thought zul took that and worked some more on it.
<soren> Daviey: But sure, I can move it.
<soren> Daviey: https://code.launchpad.net/~openstack-ubuntu-packagers/keystone/ubuntu
<soren> Daviey: Enjoy.
<lynxman> soren: btw sent a merge request your way for upstartified swift init scripts
<uvirtbot> New bug: #828184 in swift (main) "Swift init scripts need migration to upstart" [Medium,In progress] https://launchpad.net/bugs/828184
<lynxman> that one :)
<lynxman> does somebody know adam_g launchpad profile name?
<lynxman> found it
<Daviey> soren: Yeah, zul mentioned he was working on it - but he isn't around at the moment, and i didn't know if he knew you had started it
<KM0201> how do i put a users home folder, on my NAS?
<KM0201> i've already created the user.
<KM0201> let me clarify, i know how to make a users home directory on my NAS,  but i have a folder on my NAS, for this user already, and don't want to lose the data in there
<KM0201> sudo useradd -d /media/NAS/username -m username    --- i get an error the home directory already exists
<Pici> KM0201: How about using usermod -d if the user already exists?
<KM0201> Pici: never used that.. so you're saying create the user normally... then use that, and point it at the folder on my NAS, right?
<Pici> KM0201: I thought you said that you already created the user?
<KM0201> no...
<KM0201> when i tried to create the user (using the command i created above)... .. that creates the user, and puts their home directory on my NAS
<KM0201> then i just give them a password, and thats that...
<KM0201> but i think what you've said will work, lemme add the user the normal way, and try that
<Pici> KM0201: If you specify -m with useradd then it will fail, just use -d
<KM0201> ok.
<KM0201> that seems to have done the trick
<KM0201> thanks
<Pici> np
<KM0201> i think it worked anyway
<KM0201> i'll know in a minute.
<KM0201> is there a way i can tell if that's the home directory assigned to that user.
<Pici> KM0201: getent passwd theusername
<Pici> (same as grepping for theusername in /etc/passwd
<KM0201> looks like it worked
<KM0201> i'll know for sure in a minute.
<hggdh> Daviey: so, how is ti now?
<hggdh> (and good morning)
<KM0201> Pici: seems to have worked perfectly, thanks.
<Pici> KM0201: great
<kim0> smoser: hey there, is ubuntu-vm-builder discontinued ? should I remove it from docs?
<kim0> Daviey: I see your name on the blueprint for dropping vmbuilder .. is it going to be dropped for 11.10 ?
<soren> Daviey: I've pointed him at my PPA with the packages.
<soren> Daviey: Twice :)
<Daviey> soren: good stuff!
<lynxman> smoser: ping whenever you're around
<Daviey> lynxman: smoser is out today
<Daviey> kim0: will now not be removed this cycle.
<Daviey> hggdh: good morning, will look shortly
<Daviey> Thanks for working on that, it is most apreciated!
<lynxman> Daviey: aah k, ty :)
<kim0> Daviey: thanks
<cjs226> how can i forward non-syslog logs from remote Ubuntu servers to a central rsyslog server? Â I've tried snare's epilog but it's not logging correctly
<patdk-wk> non-syslog logs?
<patdk-wk> just have rsyslog read them
<cjs226> logs for applications to don't write to syslog
<patdk-wk> http://www.rsyslog.com/doc/imfile.html
<cjs226> thx!
<patdk-wk> normally though, I will pipe the log output from the prorgam to something like logger though
<patdk-wk> actually, I have some perl scripts I made to do that, for logging apache log files
<cjs226> why would you prefer to do that vs. using imfile?
<patdk-wk> cause I don't care to have the log exist on the drive, and mainly don't wan the i/o overhead required to save the logfile in the first place
<cjs226> ah, understand
<patdk-wk> anything to help my 5gig disk space vm's run without using disk space, and keep i/o down so I can load up more vm's at a time helps :)
<patdk-wk> it's a pain if they do anything to the local filesystem, that means making sure they don't overfill, clean them selfs up, and everything else
<cjs226> yup, makes sense
<_ruben> yet it sucks when the remote syslog server is unavail for whatever reason :)
<patdk-wk> ruben, haven't had that issue :)
<_ruben> hehe :)
<patdk-wk> but then, I told syslog to hold a queue of 12hours in it's cache if it is unavailable
<patdk-wk> never had it unavailable for >2hours
<_ruben> ah nice, didn't know that was an option
<patdk-wk> and that was cause of harddrive crash
<patdk-wk> dunno in rsyslog, it is in syslog-ng
<_ruben> interesting
<patdk-wk> I still haven't done any tests with rsyslog to see if I want to switch to it or not
<uvirtbot> New bug: #828813 in samba (main) "ntlm_auth fails to use cached credentials" [Undecided,New] https://launchpad.net/bugs/828813
<utlemming> Ping Daviey
<utlemming> Ping zul
<skrite> hey all
<bluethundr> hey guys.. I need to install xinetd / xinetd-logrotate on jaunty (9.04) server but I dont see any jaunty packages on the ubuntu site
<bluethundr> no longer supported? how do I get jaunty packages.. maybe backports?
<bkerensa> bluethundr: Just find the .deb file wget it and install it?
<skrite> every tutorial i see about building an apache and mysql cluster shows me how to set up an load ballancer haproxy, but i am wondering about a hardware load ballancer. Are they as straightforward to configure?
<bluethundr> bkerensa: ok just need to google the .deb for the jaunty package
<bkerensa> bluethundr: Yeah that would be the easiest
<bluethundr> bkerensa: cool tx
<bkerensa> bluethundr: no problem
<kim0> any idea why vmbuilder downloads g++ and build-essentials ?
<bkerensa> probably is prereq
<hggdh> Daviey: my pleasure
<bkerensa> =o
<hallyn> Daviey: I filed bugs 828782, 828785, and 828789 for spice sync+enablement.  all of it compiles fine for me in oneiric
<uvirtbot> Launchpad bug 828782 in ubuntu "[FFE] Please sync spice from debian unstable" [Undecided,New] https://launchpad.net/bugs/828782
<uvirtbot> Launchpad bug 828785 in ubuntu "[FFE] Please sync spice-gtk from debian unstable" [Undecided,New] https://launchpad.net/bugs/828785
<Daviey> hallyn: I will have a look at them shortly.
<bkerensa> hallyn: I'm looking too
<hallyn> thx
<hallyn> oh, i didn't realize I could combine those.
<stgraber> hallyn: good morning. Grabbing you cgroup-lite now.
<stgraber> hallyn: first note (before installing it), I think it should be "arch: all" and not "arch: any" as it doesn't seem to contain any binary
<uvirtbot> New bug: #828871 in samba (main) "package smbclient 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess dpkg-deb --control returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/828871
<bkerensa> hallyn: No problem
<hallyn> stgraber: ok
<stgraber> hallyn: ok, it installs fine, does what it's supposed to and I can still suspend/resume. So looks good to me.
<hallyn> stgraber: cool.  so what's next, file a [FFE] [ITP] bug?
<hallyn> (biab, lunch)
<stgraber> hallyn: yes, next step would be to prepare a debdiff against libcgroup (I think it makes sense to have both cgroup-bin and cgroup-lite built from the same source)
<stgraber> hallyn: having them conflict with each other
<stgraber> then attaching that debdiff to the FFe bug
<stgraber> the FFe bug should also mention changing the Recommends on the lxc package from cgroup-bin to cgroup-lite
<hallyn> that would still include a second FFE bug against lxc though right?
<hallyn> stgraber: ok, thx.  I'll get on that after finish qemu and libvirt merges.
<hggdh> Daviey: what else can I do?
<zul> hello
<zul> hallyn: around?
<utlemming> zul: hey do you want partitioned arm images?
<zul> utlemming: still in vancouver but next week sure! :)
<utlemming> zul: I'll have non-partitioned images being spit out automagically starting tonight
<zul> utlemming: sweet ill have a look when i get back home
<utlemming> zul: but I'll get the partitioned images going along in a bit. The code that makes the partitions assumes some _very_ x86ish assumptions, like you want grub, etc.
<zul> utlemming: grrr ick....talk to the arm guys if you need help
<utlemming> zul: its actually our cloud-image building code and our desire to keep a similar code tree that is causing the headaches. arm images are built 90% of the same, and the remaining 10% is where all the pain is coming from. Also, I'm installing the linaro-vexpress which should work with panda-boards (if I'm not mistaken)
<utlemming> zul: I get my panda board whenever Robbie sends it, so these images haven't been tested on real ARM hardware.
<utlemming> (not that I would expect it to work real well anyway)
<Daviey> hggdh: Where do we start? :)
<Daviey> hggdh: give me 10 mins, there are a few things to tackle
<hallyn> zul: what's up?
<hggdh> Daviey: heh. BTW, kees is accepting the ajaxterm patch
<Daviey> hggdh: hah, just checked that :)
<Daviey> hggdh: that is rocking.
<Daviey> i love it when a plan comes together
 * utlemming hears the A-Team theme song
<hggdh> indeed
<Kingsy> can someone in here help me with rebuilding a raid mirror?
<zul> hallyn: so whats the problem with libvirt/lxc?
<zul> utlemming: cool hopeuflly ill get libvirt on pandaboard next week
<medberry> Daviey, thanks.
<hallyn> zul: there's a problem?
<hallyn> must be not enough ppl using it
<zul> hallyn: i dunno smoser says there is a problem
<hallyn> oh.  yes.  i don't yet know anything more than what he's said.
<hallyn> except it's not an lxc/libvirt problem,
<medberry> Hi Daviey, when firing up a bunch of cloud instances, we exhaust our IP pool as some machines end up with three distinct leases (although only one MAC id is involved.)
<hallyn> it's an openstack/libvirt/lxc problem
<zul> hallyn: did you see upstream libvirt has got block device support and loopback support fox lxc now?
<medberry> We'd like to find a way to force isc-dhcp-server (natty) to hand out the same lease.
<hallyn> zul: no i didn't.  that's cool.
<Daviey> medberry: Are you seeing this in dnsmasq aswell?
<Daviey> medberry: Also, is this a regression from dhcp-server3?
<medberry> Daviey, no idea.
<Daviey> medberry: If you know the mac addresses that will be needed, they can be statically defined?  Does that help?
<Daviey> medberry: I can pastebin a config for an example, if that use case is ok?
<medberry> it doesn't seem to help as there is already a host definition with the mac.
<medberry> sure, I'll take a look.
<medberry> Daviey, where/why would dnsmasq come into play? I think a full DNS server is in place.
<Daviey> medberry: so we are doing, http://pb.daviey.com/wii2/
<Daviey> Does that help, or are you already doing that?
<medberry> already doing that (on a much bigger scale)
<Daviey> medberry: I just wondered if dnsmasq handled this differently to isc-dhcpd
<Daviey> (dnsmasq can do dhcp aswell)
<medberry> ah. no idea.
<Daviey> medberry: And isc-dhcp is ignoring those fixed addresses?
<medberry> I can run a test with dnsmasq and see if it exhibits the same problelm.
<Daviey> medberry: That would be interesting to compare.
<Daviey> medberry: You mentioned the other day that it might be part of the spec to supply a different address?
<medberry> it is part of the spec: varying the client-id is treated as a distinct request (per RFC). I was looking for a flag/etc to ignore client-id and always use hardware (aka MAC).
<Daviey> wow, i didn't know that.
<medberry> so those hardware type entries get ignored if the dhclient provides a client-id
<Daviey> Ooooooo! i see.
<medberry> so you can end up with multiple leases per machine as PXE's dhclient and Installer's dhclient and running OS dhclient all behave distinctly.
<medberry> and the RFC is written so that client-id field is first/primary key and only falls back to mac if client-id isn't sent.
<medberry> at any rate--I was just poking you as I saw your name in the changelog. Thanks for the help, I'll look at an alternative (dnsmasq) dhcp server.
<medberry> (the closest thing I've found but is the "master hardware;" and "deny duplicates;" dhcpd.conf setting and I'm still investigating in that area.)
<medberry> s/but//
<Daviey> medberry: Does "deny unknown-clients;" change what happens?
<medberry> haven't tried that one....
 * medberry reads the man
<Daviey> med_out: a short dynamic-bootp-lease-length XX might also be helpful?
<Kingsy> has anyone used mdadm before?
<Daviey> Kingsy: many people have used mdadm
<Daviey> med_out: one-lease-per-client looks interesting
<Kingsy> Daviey: well, I need some advice on a raid drive I have, I am sure its setup but on boot my raid controller says it needs to be rebuilt. the drive I can see on my operating system has files on it, so I am assuming that just means I need to resync the mirror? right?
<Daviey> Kingsy: raid controller and mdadm is sort of at odds surely?
<Kingsy> Daviey: sorry, its fake raid
<Kingsy> onboard raid..
<Kingsy> raid controller was the wrong choice of words there
<Daviey> Kingsy: Why use fakeraid?
<Kingsy> Daviey: because its onboard
<Daviey> Kingsy: Can you disable it?
<Daviey> Kingsy: mdadm is, unless i am mistaken, purely for entirely software raid - handled entirely from linux.
<Daviey> Kingsy: dmraid is for fakeraid.
<Kingsy> oh ok
<Daviey> fakeraid can burn in a fire, it's a waste of time.
<Daviey> You get no extra perf' and it's usually less reliable/good than linux mdad.
<Daviey> Also, it's not hardware dependant - you can pull out the disks from a mdad based system and throw them into another box.  Good luck with that using fakeraid :)
<Daviey> If the raid support your motherboard has doesn't steal cpu cycles, then there is some benefit.. but unless it's a good end card, i wouldn't use it.
<Kingsy> Daviey: well I have installed dmraid, I just wanna see if I can get this rebuilt first then maybe look at some other options. you used this before?
<CrazyGir> don't use onboard RAID
<CrazyGir> it's a shame
<CrazyGir> *sham
<CrazyGir> though shame works too
<hallyn> Daviey: gah, a little qemu-kvm+ipxe issue, are you around?
<hallyn> Daviey: in qemu-0.14.1, which we have now, it looks for /usr/share/qemu/pxe-*.bin
<hallyn> in qemu-0.15.0, that is changed to /usr/share/qemu-*.rom
<hallyn> Daviey: that's the only issue I'm seeing with the otherwise clean 0.15.0 qemu merge.  What is the best way to handle that?  A simultaneous update of ipxe?
<hallyn> well i guess ipxe update is the only thing that makes sense.
<Daviey> hallyn: o/
<Daviey> hallyn: ipxe is new this cycle, so we can largely do what we want.
<Daviey> hallyn: the symlinks is a ubuntu delta anyway, that i am *about* to upload.
<Daviey> So.. it seems OK to morph the symlinks :)
<hallyn> Daviey: ok.  Morphing them before I upload qemu 0.15.0 is wrong too, we have time it :)  so you can upload what's there while i test 0.15.0 some more
<hallyn> thanks!
<hallyn> Daviey: I'll upload a new merge proposal when I'm ready?
<Daviey> I am wondering if a "for *.bin do symlink /foo/*.bin /bar/*.rom" in debian/rules
<hallyn> or maybe i should just take the plunge and uplaod qemu-kvm
<Daviey> But a static list is also ok, as you have done
<hallyn> yeah and trying to get the order right of dh_links and the rest of debian/rules can get flaky :)
<Daviey> hallyn: Does qemu have any new features?
<Daviey> hallyn: I think, considering how vital qemu is - we probably should have a FFe where the merge is discussed.
<hallyn> oh ye...
<hallyn> bug 827831
<uvirtbot> Launchpad bug 827831 in qemu-kvm "[FFE] Upgrade qemu-kvm for oneiric to version 0.15 from upstream" [Low,Confirmed] https://launchpad.net/bugs/827831
<hallyn> feature list is at http://wiki.qemu.org/Planning/0.15.  Now I don't know if usb 2.0 actually made it.  If so that'd be killer.
<Daviey> hallyn: Can you attach an upstream changelog diff to the bug?
<hallyn> no
<Daviey> meanie
<hallyn> Changelog is un-updated,  and git log is huge
<Daviey> bah
<hallyn> It does look like usb2 is supported...  haven't tested though
<hallyn> changelogs are so pre-millenial
<hallyn> Daviey: actually http://wiki.qemu.org/ChangeLog/0.15   looks like it
<tdn> I am trying to enable connection sharing as described here: http://blogs.perl.org/users/smylers/2011/08/ssh-productivity-tips.html -- I have added "ControlMaster auto" and "ControlPath /tmp/ssh_mux_%h_%p_%r" to my .ssh/config, however, I do not see any file created in /tmp, nor do I notice any speedup in connections. I do not think this setting has any effect. If I check netstat -tn, I see that there is created a new tcp connection each time I ss
<Daviey> hallyn: throw that on the bug.
<hallyn> yup
<hallyn> and attaching a debdiff
<Kingsy> yeah it turns out it is fakeraid.. and I have started with it, so can someone give me some advice on dmraid?
<Daviey> hallyn: good stuff.
<Daviey> Kingsy: My advise is "don't" :)
<Daviey> !fakeraid Kingsy
<Daviey> !fakeraid
<ubottu> Tips and tricks for RAID and LVM can be found on https://help.ubuntu.com/community/Installation/SoftwareRAID and http://www.tldp.org/HOWTO/LVM-HOWTO - For software RAID, see https://help.ubuntu.com/community/FakeRaidHowto
<geekbri> I've installed perl and a ton of perl modules all through apt-get on ubuntu server 10.04 LTS, but when i try to use the zlib module, i get the following error Compress::Raw::Zlib version 2.037 required--this is only version 2.023
<geekbri> Any clue why that would be coming up if ive installed everything through apt?
<Daviey> geekbri: Purely installed via apt-get and not cpan?
<Kingsy> basically dmraid -help|grep rebuild
<geekbri> Daviey: yes, i have some modules installed through CPAN but they are not these compression modules
<Kingsy> gives me the command I need but what does it mean by RAID-set ? how do I find out the paths of my raid set?
<Daviey> geekbri: If you are certain this is packages at fault, can you raise a bug against the offending one?
<Kingsy> is that whatever is in /dev/mapper/ ?
<geekbri> Daviey: i am pretty sure, but is there a way for me to verify?
<Daviey> geekbri: raise a bug and provide an example how to reproduce.  Someone can then verify in a clean lucid instance.
<geekbri> Daviey: k thanks, will do.
<Daviey> geekbri: Ie, a simple perl script and what packages it needs.
<Kingsy> ok this is a new one, my hd light has been on contstantly since I booted about 15 mins ago.. how can I see what its doin?
<Kingsy> is it possible its resyncing the raid array automatically or something?
<patdk-wk> kingsy, possible
<RoAkSoAx> Daviey: ping?
<Kingsy> something called kworker/0:0 is using the hd.. what is that?
<Daviey> RoAkSoAx: hola
<patdk-wk> hmm, I have no kworker's
<Kingsy> patdk-wk: according to google its a "kernel bug" whatever that means, so I just need to either go back to windows or just let this random wakeup prog abuse my hard drive ?
<patdk-wk> why not use a more stable verson?
<hallyn> Daviey: why did you think that "Does this require a new build dep of librbd-dev (universe)?"
<hallyn> Daviey: it compiled and installed fine on regular oneiric
<Kingsy> patdk-wk: I am using Linux mars 2.6.38-10-generic #46-Ubuntu SMP Tue Jun 28 15:07:17 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
<Kingsy> thats stable
<patdk-wk> depends on how you define stable then
<patdk-wk> I would consider when using ubuntu, LTS to be stable :)
<Kingsy> patdk-wk: well I downloaded the official stable iso from ubuntu.com
<Kingsy> but this really doesnt help.. does this mean that ubuntu have allowed me to download install and configure an operating system that is broken?
<Kingsy> pretty crazy
<patdk-wk> depends on your definition of broken also
<patdk-wk> I wouldn't really call that broken
<Kingsy> patdk-wk: fair enough, but its not exactly great
<Kingsy> saying as though its a brand new installation and now I am going to have to try and "fix" the kernel
<patdk-wk> much better than what karmic did to my laptop
<patdk-wk> it would wipe everything on the harddrive, if you used the wifi
<patdk-wk> had to install and upgrade it with wifi disabled, then reboot, and I could turn on the wifi
<Kingsy> maybe i should try and apgrade the kernel
<Kingsy> upgrade
<RoAkSoAx> Daviey: hola!! and never mind found the solution to what I was gonna ask you :)
<sponzor> hi. i m installing ubuntu server and i got unable to install grub in dev sda. so i change it to /dev/md0 i got the same problem ( i put boot to raid 1) what should i do?
<Daviey> RoAkSoAx: you can't just say that.... what was the problem, dammit! :)
<RoAkSoAx> Daviey: postinst wouldn't return when restarting apache2 and there wasn't apparent error messages. so I just tried with apache2ctl and it restarts correctly and post-inst returns
<jcastro> RoAkSoAx: I think I ran into that mirror/squid problem you guys were having
<jcastro> where it can't find a mirror
<jcastro> RoAkSoAx: the other stuff appeared to work well though, the PXE menu with the proper ISOs, etc.
<RoAkSoAx> jcastro: yeah Idk if that's squid or not cause today i imported and ISO. cleaned squid's cache, and still failed to install with not finding the kernel modules
<RoAkSoAx> jcastro: so I'm guessin that today's ISO has a older upload of the kernel than the archives
<jcastro> ah
<jcastro> well, shouldn't like the natty ISOs work?
<RoAkSoAx> s/upload/revision
<RoAkSoAx> jcastro: those should
<jcastro> hmm I got the same problem on any iso I tried
<RoAkSoAx> jcastro: those not working?
<RoAkSoAx> uhm interesting... are ytou using squid or squid-deb-proxy
<RoAkSoAx> ?
<RoAkSoAx> jcastro: unless the issue is with some corrupts Release files or similar
<jcastro> RoAkSoAx: I was using whatever is stock in oneiric
<RoAkSoAx> jcastro: you mean orchestra?
<jcastro> right
<RoAkSoAx> jcastro: uhmm check that squid is running cause i think there's a bug a in the squid conig
<Daviey> jcastro: keep up, keep up.
<bernhard2> cant seem to enable tls on exim4 anybody want to shed some light on my issues ?
<Kingsy> can someone tell me what application rebuilds/updates raid1 in ubuntu by default?
<fhh> mdadm ?
<Kingsy> fhh: and if the raid is fake?
<Kingsy> dmraid?
<Kingsy> fhh: cos in this case the raid controller is onboard and the drives are in /dev/mapper/ so they are fakeraid
<fhh> so dmraid
<Kingsy> fhh: ok, so if dmraid is syncing my raid mirror how can I tell ? are you aware of any dmraid --status type commands?
<Kingsy> fhh: basically the hdd on my pc is on constantly, I need to find out if thats dmraid syncing my drives or if its some rogue process that needs to be fixed...
<Kingsy> can yo think of a way of finding that out?
<Kingsy> you**
<Kingsy> fhh: iotop says that kworker is read/writing 70-100MB/s but that is the only information I can find, it doesnt trace ot na
<Kingsy> it back to an application**
<fhh> im not specialist in fakeraid...
<RoyK> Kingsy: just use software raid
<RoyK> works well
<vraa_> is everything in /var/log in logrotated by default, or i have to add it in the conf manully
<Kingsy> RoyK: lol it might but I am trying to solve this problem first, not look for an alternative solution
<RoyK> Kingsy: fakeraid sucks performance-wise
<RoyK> better use software raid
<RoyK> or get a decent raid controller
<fhh> Kingsy: like RoyK i prefer soft raid or real hard raid...
<Kingsy> RoyK: ok, i agree but are you aware of how to solve this problem?
<RoyK> fhh: I like good hardware raid systems for the root
<RoyK> Kingsy: is this a system you're trying to fix, or is it a new install?
<Kingsy> RoyK: its something I am trying to fix, but tbh I don't even know if it needs *fixing* I just need to know what the hell the hdd is doing at 70-100MB/s constantly
<RoyK> if it's a new install, never mind the so-called raid controller, just use software raid
<Kingsy> RoyK: naa its not a new install
<RoyK> no idea about fakeraid stuff
<RoyK> too many variables there
 * RoyK uses hardware raid or softraid for mirrored roots or zfs for storage
<RoyK> the latter on non-linux
<Kingsy> RoyK: ok, let me suggest this then, say I wanted to move from fake to soft raid. can I move to that WITHOUT formatting the hd I want to raid?
<RoyK> I daresay that would be hard
<RoyK> backup/restore would be the easiest
<Kingsy> RoyK: see I did try to get a soft raid working but I couldnt seem to do it
<Kingsy> RoyK: I take it hdd need to be firstly set to IDE in the bios right?
<Kingsy> then you boot into the operating system so you can see two hard drives?
<RoyK> Kingsy: that depends on the hardware etc
<RoyK> Kingsy: for those quasi raid systems, linux will see two drives
<RoyK> if you don't have much data on it, reinstall with sw raid
<RoyK> less hassle
<Kingsy> RoyK: well basically I am new to this, and I cant seem to get any specific help so I just enabled the onboard raid and booted. it seemed to mirror great..
<Kingsy> RoyK: well the operating system isnt installed on tehe raid drive
<Kingsy> the raided drive is a data disk
<RoyK> Kingsy: if the system doesn't hold much data, reinstall
<Kingsy> thats not the point, the raid drive has 700GB worth of data I need to first backup.. in order to format the drives to setup something I don't know how to do
<RoyK> dmraid is quite bad
<RoyK> jus don't use dmraid
<RoyK> just, even
<Kingsy> RoyK: ok, but do you know where I am coming from? I am looking for advice and all ppl say are don'y use fakeraid, and I cant find any solid information on how to setup any other type..
<vraa_> dont use fakereaid lmao
<RoyK> Kingsy: please pastebin lshw
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<RoyK> !pastebinit
<ubottu> pastebinit is the command-line equivalent of !pastebin - Command output, or other text can be redirected to pastebinit, which then reports an URL containing the output - To use pastebinit, install the Â« pastebinit Â» package from a package manager - Simple usage: command | pastebinit -b http://paste.ubuntu.com
<Kingsy> RoyK: http://paste.ubuntu.com/669568/
<patdk-lap> hmm, go into your bios, setup acpi without raid
<RoyK> Kingsy: looks like a raid controller to me
<Kingsy> oh so its not fake after all?
<Kingsy> I assumed it was cos it was onboard
<RoyK> doesn't look that way
<Kingsy> doh
<RoyK> did you configure raid in the bios or the controller's bios?
<patdk-lap> heh? it's intel ICH5 southbridge fakeraid
<Kingsy> RoyK: I enabled RAID in the bios and configured it in a raid controller menu which is accessed later on in the boot process
<patdk-lap> exact same as my workstation: product: 82801 SATA RAID Controller
<RoyK> Kingsy: if you boot up on an ubuntu cd, what does /proc/partitions tell you?
<RoyK> if /proc/partitions show both drives, it's fakeraid
<Kingsy> RoyK: hmm I don't know I cant really do that right now, is there another way of finding out?
<RoyK> if it shows a single drive (sda etc), it's ok
<patdk-lap> it's fake raid
<RoyK> Kingsy: pastebin /proc/partition
<RoyK> Kingsy: pastebin /proc/partitions
<RoyK> patdk-lap: ok
<Kingsy> RoyK: command not found
 * RoyK chooses to trust patdk-lap 
<Kingsy> np
<RoyK> Kingsy: cat /proc/partitions
<patdk-lap> it's the intel ICH thing
<patdk-lap> just go into the bios, disable the raid options and just set it to achi mode
<patdk-lap> install ubuntu
<patdk-lap> then when you go to setup the partitions
<RoyK> use sw raid
<Kingsy> RoyK: yeah it appears as twi drives --> http://paste.ubuntu.com/669570/
<patdk-lap> you just set those 1gig drives to use for raid
<RoyK> Kingsy: bingo
<RoyK> hw raid is nice, if it's true hw raid
<patdk-lap> and kicks ass if it has the battery backup to turn on writeback mode
 * RoyK hands patdk-lap a beer
<RoyK> patdk-lap: or if you use zfs with ssd-caching :P
 * RoyK  rather likes zfs
<patdk-lap> I've been thinking about trying flashcache
<RoyK> with what system?
<patdk-lap> that is my issue
<patdk-lap> I have no point to try it at the moment :)
<RoyK> I have a system with 7TB net storage - 14 1TB drives - striped mirrors with some SSDs
<RoyK> performance is better than anything I've seen so far
<patdk-lap> I would like to try it for a esx san backend
<RoyK> patdk-lap: that system cost about NOK 43k
<patdk-lap> but really need like 10g nics or something to make use of it, to stress it
<RoyK> so not a lot :P
<RoyK> 14 drives in striped mirrors, two spares, two for the root, the remaining slots for SSDs
<w00> Link :)
<RoyK> s/14/16/
<RoyK> w00: just a normal 24-bay supermicro machine with a bunch of drives
<dannf> hallyn: can #697690 be marked fixed-released now?
<patdk-lap> yay, I might get ipv6 this month
<dannf> er bug 697690
<uvirtbot> Launchpad bug 697690 in multipath-tools "no dbg package for multipath-tools" [Unknown,Fix released] https://launchpad.net/bugs/697690
<Daviey> adam_g: around?
<hallyn> bug #697690
<uvirtbot> Launchpad bug 697690 in multipath-tools "no dbg package for multipath-tools" [Unknown,Fix released] https://launchpad.net/bugs/697690
<hallyn> dannf: yeah, it's in oneiric right?  it's even in debian
<dannf> hallyn: right
<hallyn> does it need to be SRUd to lucid, or is that done?
<dannf> hallyn: does adding a dbg package make sense for an SRU?
<hallyn> marked it fixed
<dannf> hallyn: thx
<adam_g> Daviey: here
<hallyn> dannf: i guess not, bc it's a new pkg
<hallyn> thx, ttyl
<Daviey> adam_g: ah! i just opened bug 829055
<uvirtbot> Launchpad bug 829055 in python-amqplib "[FFe] Please update to version 1.0" [Undecided,New] https://launchpad.net/bugs/829055
<adam_g> Daviey: ah, yea. i just ran that pkg by chuck before sending it to PPA. was gonna let it build while im in this talk
<Daviey> ** Public Service Announcement **  - Are there any bugs that people know of that should be tracked on http://status.qa.ubuntu.com/reports/ubuntu-server/release-bugs.html that are nt
<Daviey> not. Thanks :)
<Daviey> adam_g: Ah cool, you are working on it atm.
<patdk-lap> I just submitted one for ubuntu desktop :)
<Daviey> adam_g: You need to jump through the FFe hoops, sadly.
<adam_g> Daviey: figured as much.
<Daviey> hallyn: did you see https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/827831/comments/3 ?
<uvirtbot> Launchpad bug 827831 in qemu-kvm "[FFE] Upgrade qemu-kvm for oneiric to version 0.15 from upstream" [Low,New]
<Daviey> adam_g: If you are able to test that update on nova, that would rock my world.
<uvirtbot> New bug: #829061 in multipath-tools (main) "[SRU] double free of mpp->dmi in free_multipath()" [Undecided,New] https://launchpad.net/bugs/829061
<utlemming> maybe we need a new build host for making arm cloud image...build time is about an hour on our current build host
<utlemming> Daviey: do you want to chat tomorrow around 3ish your time?
<bernhard2> Cant seem to enable TLS in EXIM4 file 03_exim4-config_tlsoptions .ifdef MAIN_TLS_ENABLE howto set this ? MAIN_TLS_ENABLE = yes
<bernhard2> MAIN_TLS_ENABLE = 1 MAIN_TLS_ENABLE = true In this order ? .ifdef MAIN_TLS_ENABLE MAIN_TLS_ENABLE = 1
<Daviey> utlemming: sounds good to me
<Daviey> utlemming: can you fire me across across a google invite?
<utlemming> Daviey: yup, can do
<Daviey> super!
<utlemming> Daviey: assuming this build goes through, arm images are now automagic.
<hallyn> Daviey: yes i did - scroll up, i asked you what you meant by that
<hallyn> Daviey: it compiles and runs just fine on standard oneiric
<Daviey> hallyn: ah, sorry - so 0.15 RC is currently in Debian experimental with that added build dep.
<Daviey> I wondered if that is a requirement / want.
<hallyn> Daviey: interesting.  but that's different from the debian unstable version right?
<hallyn> oh
<hallyn> i see
<hallyn> i've got libvirt on the brain :)
<hallyn> Daviey: I guess we're just supporting without librbd.
<hallyn> seems like something worth pursuing MIR for for 12.04
<hallyn> Alright, in theory i'm done with libvirt merge.  I'll save testing for later so i can keep this good feeling during dinner and not get all cranky :)
<Daviey> hallyn: Have a good one.. Have you pushed the libvirt merge anywhere?
<hallyn> Daviey: /win 6
<hallyn> bleh
<hallyn> Daviey: not yet
<hallyn> Daviey: it's whining at me about libnl3-dev, and i don't understand
 * Daviey wonders what is more interesting on window 6
<Daviey> hallyn: I'm too tired to worry about it :)
<hallyn> Daviey: np - good night
<Daviey> hallyn: nn
<adam_g> Daviey: what tests were failing on amqplib being out of date?
<Daviey> adam_g: amqplib >1.0 is required for a newer kombu package.  A newer kombu package is required to throw away carrot from nova (or at least, they way i started working on it)
<Daviey> also, the MIR required a newer version
<adam_g> Daviey: are there nova packages anywhere that depend on kombu instead of carrot?
<Daviey> adam_g: no.. it's work in progress.
<Daviey> adam_g: What i mean is, check that a newer version of amqplib doesn't break nova, regardless of kombu vs carrot
<Daviey> and on that note, i'm going to bed.  Nighty-night.
<adam_g> Daviey: 10-4. night.
<utlemming> have a good one Daviey
<uvirtbot> New bug: #829089 in clamav (main) "clamd scanning mimedefang temp files blocked by apparmor" [Undecided,New] https://launchpad.net/bugs/829089
<Kiall> Cam anyone tell me whats wrong with these rules? getting "Can't specify HL option twice" on all the commented rules ... http://pastie.org/private/g0gxhepmeox3woqkx6ouma
<Kiall> these iptables rules*
<bkerensa> hmm
<bkerensa> Kiall: Strange... If they are commented why not just save the commented rules in another file until you need them?
<Kiall> Sorry .. I've only commented them out because they dont work :)
<bkerensa> oh
<Kiall> Basically I have this .. `-m hl --hl-eq 255 -m comment --comment "Embedded Rule comment"`
<Kiall> This works: `-m hl --hl-eq 255` ... as does this ... ` -m comment --comment "Embedded Rule comment"`
<bkerensa> Kiall: Well they look like duplicates
<Kiall> but combined, they fail :/
<bkerensa> hmm
<Kiall> I've also tested that `-m conntrack ... -m comment ...` works as expected (in case the -m twice was causing issues)
<Kiall> hah .. i found the issue .. when --comment is used with hop limit stuff, the comment option must come before the hop limit option -_-
<bkerensa> yeah
#ubuntu-server 2011-08-19
<CrazyGir> hello! if I have a vm running via a qemu disk image, and if this can be mounted with the qemu-nbd command, you should then be able to chroot to that env and run passwd on a user, no?
<Kiall> CrazyGir, forgot the root password? ;)
<Kiall> anyway .. yeah .. you should be able to chroot it and change the passwords
<twb> Or init=/bin/sh
<CrazyGir> Kiall: nope, I made a clone of a vm I don't have any passwords to
<CrazyGir> twb: how do you mean?
<CrazyGir> did I lose the attention? :P
<twb> That's how you break in from the bootloader
<CrazyGir> I'd have to figure out making grub available via the serial console
<CrazyGir> which I haven't done, and would probably be helpful
<CrazyGir> more hurdles though
<CrazyGir> ><
<CrazyGir> I tried the method I described but it did not seem to work
<twb> It's documented in /etc/default/grub ffs
<CrazyGir> w00t
<CrazyGir> yea, this chroot method does not seem to work through qemu-nbd
<twb> Yeah, people who emulate VGA tty instead of ttyS0 are dumb
<CrazyGir> hah
<CrazyGir> I hated having to go to a console in an app transfering video data over the network via a broken and bloated protocol, simply to get the ip of a BSD VM
<CrazyGir> ><
<CrazyGir> I don't understand why all vm technologies seem to be unable to provide the IP of a virtual nic, but that is something else entirely
<CrazyGir> twb: are you referring to the GRUB_TERMINAL parameter in /etc/default/grub?
<twb> CrazyGir: I don't remember; I don't use grub
<twb> In extlinux it's just "CONSOLE 1"
<CrazyGir> ah: GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
<CrazyGir> for reference, from: https://help.ubuntu.com/community/SerialConsoleHowto
<CrazyGir> what do you use twb?
<twb> extlinux.
<patdk-lap> sounds like the issue is the command isn't runnable on the host system
<patdk-lap> why not just edit the shadow file directly?
<CrazyGir> twb: interesting
<CrazyGir> patdk-lap: I am not (yet) familiar enough with how passwords are handled in ubuntu
<CrazyGir> I would feel comfortable with that on openbsd :)
<CrazyGir> can you run update-grub manually in some way?
<CrazyGir> I guess I should go the passwd file route
<CrazyGir> patdk-lap: how is that done?
<patdk-lap> not possible on openbsd as they are stored in a db :)
<patdk-lap> once you mount the fs
<patdk-lap> just edit /etc/shadow
<patdk-lap> remove the second item between the :'s
<mauricio> hey - anyone think they can help me out? im trying to generate screenshots using php, xvfb, and firefox.  I can run it just fine through the terminal but I can't get shell_exec("DISPLAY=:1 firefox &") php to work - i did shell_exec("whoami") and its the same user. makes no sense to me as to why this would happen
<patdk-lap> so it would be, username:password:.....:...:...:...
<patdk-lap> just copy the string from another shadow file
<CrazyGir> /etc/shadow is blank O.o
<patdk-lap> well, that is no good
<patdk-lap> is passwd blank?
<CrazyGir> maybe? good question
 * CrazyGir tests
<CrazyGir> no
<CrazyGir> I have a feeling the admin who built the VM emptied it and uses ssh keys for login
<patdk-lap> is there a /etc/shadow- file?
<CrazyGir> ..or something weird
<josePhoenix> Anyone know why crontab might hang? Not the scheduler, but the command for editing / viewing?
<patdk-lap> josePhoenix, it's having issues launching your editor?
<josePhoenix> no, crontab -e seems to work
<josePhoenix> maybe I'm misremembering what it does :x
<josePhoenix> ah
<josePhoenix> crontab -l is what I was looking for.. but I'm still no closer to figuring out why this script hangs
<CrazyGir> there is, and ls reports 856 bytes, but the file appears empty in vim
<CrazyGir> ah, I see
<CrazyGir> ><
<josePhoenix> I guess I'll just make a temporary file. Installing from stdin seems to be causing problems
<mauricio> anyone know what differences i can have between shell_exec in php and the terminal?
<mauricio> im using the same user
<mauricio> :(
<mauricio> i can open up xclock just fine with shell_exec
<mauricio> but i cant open firefox
<mauricio> maybe i can figure it out but how can i run a command so that ./ is a certain dir
<mauricio> ./ is pointing to /home/dummy/public_html when it should be pointing towards /home/dummy/
<mauricio> im sure someone knows how to do that
<mauricio> hmm nevermind
<mauricio> was thinking ~
<quizme> hi, i got an error on a package when trying to upgrade.  I don't need the package, so is there any way to just remove the package and skip it?
<quizme> E: Sub-process /usr/bin/dpkg returned an error code (1)
<hansin> Anyone know of a good way of managing services with the CLI? In particular the issue is that some services are still running as SysV and other Upstart services. You can no longer use just sysv-rc-conf. And I don't know if Upstart has a CLI tool where you can set what services start at boot. Any thoughts?
<hansin> Or is this just an understood difficulty with a 'headless' server until there is consistency in terms of boot scripts?
<josePhoenix> That's something I've never found a satisfactory answer to
<josePhoenix> I've seen people recommending editing the upstart scripts to prevent start-on-boot
<hansin> josePhoenix: Thanks. Sounds like I wasn't missing something then. I take a look at what you said though.
<josePhoenix> hansin: yeah, if you find a convenient way to manage upstart services, I'd like to know xD
<hansin> josePhoenix: Sounds like a deal! Though don't have the coding skills to make my own.
<hansin> But if I find something...
<josePhoenix> Hmm
<josePhoenix> What does the setgid bit on a file do?
<josePhoenix> ah
<josePhoenix> hm. I want to use setgid folders...
<josePhoenix> but not setgid files
<josePhoenix> seems like chmod should have a shortcut for setting permission bits that mean different things for files and folders
<josePhoenix> I want folders to be +x +S, but I don't want all the files in them to be executable...
<qman__> use +X
<josePhoenix> ahhh ta
<josePhoenix> That's just a chmod feature, right? Not an extra bit?
<josePhoenix> Actually, that doesn't do quite what I want. Is there something for setting +s on directories, but not their contents?
<lickalott> josePhoenix what was the original question?
<lickalott> has anyone offered up SUID or SGID?
<josePhoenix> lickalott: I think I just need to be a bit more selective
<josePhoenix> I was trying to setgid on a directory and its child dirs
<josePhoenix> but chmod -R g+s ./foo/* sets +s on files as well, which I don't want
<lickalott> take out the -R
<josePhoenix> yeah, I figured
<lickalott> -R will do the folder AND all the contents
<lickalott> but that's still not what you want?
<josePhoenix> Well I wanted subfolders, but not files within those subfolders
<lickalott> ahhhhh
<qman__> probably have to do a find
<josePhoenix> ./foo/bar/baz/ but not ./foo/bar/baz/quux.txt
<qman__> find directories and exec chmod +s
<lickalott> yeah... maybe a find + xargs
<josePhoenix> Well, it's part of a provisioning script, so I know exactly which dirs I'm creating
<josePhoenix> so I'm just adding the chmod there
<lickalott> maybe do foo manually, then cd into is, ls -d | xargs chmod +s {}
<lickalott> i'd have to play, but that should work
<lickalott> *it
<lickalott> -D not -d jose
<josePhoenix> okay thanks :]
<lickalott> did that work?
<lickalott> logging into my rig now
<lickalott> also take the brackets out
<lickalott> worked for me
<qman__> might have issues with spaces in filenames
<qman__> make sure you try it
<lickalott> spaces in file names?
<lickalott> thought he didn't want files to be chmod'd
<qman__> well, directory names
<lickalott> can't happen unless this is a samba share right?  if one were to mkdir Some Docs, you'd end up with 2 folders
<qman__> not if you mkdir "Some Docs"
<qman__> in linux, everything is valid
<qman__> just needs to be properly escaped
<lickalott> touche'
<qman__> also, mkdir Some\ Docs
<lickalott> guess i just wouldn't expect that from a *nix person
<qman__> ordinarily no
<qman__> but it is possible, so you want to have that test case especially before you integrate it into a script
<qman__> one thing I run into a lot
<qman__> ripping music off CDs
<qman__> with question marks in the names
<qman__> and then windows doesn't know what to do with it on the share
<DarkwingDuck> Have an interesting/strange issue with Oneiric server.
<reya276> Is there a setup for Ubuntu 11.04 desktop/Server that is similar to Active Directory? I know Sambad is similar but does it have a GUI?
<reya276> Is 11.04 server an LTS?
<DarkwingDuck> It wont get past GRUB, black screen then my moniter goes to sleep. However, if I boot into recovery then resume normal boot then it works.
<DarkwingDuck> reya276: No.
<DarkwingDuck> 10.04 is LTS
<qman__> reya276, basically no to all of the above
<lickalott> i'm with you qman__.  Never thought about music...
<qman__> samba can do a hybrid of NT domains and 2003 security
<qman__> and openLDAP can do a user directory
<qman__> but that's about it
<qman__> samba 4, if/when it ever gets stable, is going to be full AD compatible
<reya276> ok well that is good enough. I'm not looking to use Ubuntu with windows servers. I'm actually trying to setup Ubuntu server/desktops on its own as a server/network
<qman__> then what you're after is openLDAP
<qman__> and possibly kerberos
<reya276> cool, thanks. I can get that from the repos right?
<qman__> yes, but it's pretty complicated to get going
<qman__> make sure you find a good guide on it, not sure if the server guide is up to par on that yet
<reya276> nah, nothing is ever complicated as long as their is something to read then its all good
<reya276> thanks.
<Daviey> jamespage: Hey!  Do you fancy reviewing/sponsoring bug 809753?
<uvirtbot> Launchpad bug 809753 in logwatch "logwatch bug in postfix filter" [Medium,Triaged] https://launchpad.net/bugs/809753
<jamespage> Daviey: np - leave it with me
<Daviey> rocking!
<Daviey> jamespage: what happend with octopussy?
<jamespage> Daviey: still in the NEW queue waiting for review
<Daviey> urgh
<Daviey> thanks
<uvirtbot> New bug: #829250 in openvswitch (universe) "datapath dkms module does't built automaticly" [Undecided,New] https://launchpad.net/bugs/829250
<Daviey> Anyone looking for a bitesize bug to tackle?
<ubunteo> no.
<Daviey> (silence is suitable as a negative answer.)
<ubunteo> I am waiting for LAMP server expert
<lynxman> Daviey: bitesize bug?
<lynxman> ubunteo: what would you consider a LAMP expert? I might be one
<Daviey> lynxman: want to do some funky stuff?
<lynxman> Daviey: depends on your definition of funky :) you know I'm always eager to please you
<Daviey> eeeek.
<Daviey> lynxman: Nice simple one to get the blood going, bug #829271
<uvirtbot> Launchpad bug 829271 in ajaxterm "Recommends psyco which is currently incompatible with python > 2.6" [Undecided,New] https://launchpad.net/bugs/829271
<ubunteo> dear all, which is the official ubuntu uploading site for 1GB storage ? I know ubuntu one already. Something that don't need registration. and something better than http://imagebin.org/?page=add
<lynxman> Daviey: ah yeah, looks good :)
<lynxman> ubunteo: I think Ubuntu One covers exactly what you need, shame that you don't want to register
<Daviey> ubunteo: Ubuntu members get 1GB of storage at https://wiki.ubuntu.com/PeopleUbuntuCom, but that is really storage to help the ubuntu project.
<Daviey> Other than that, there is no other official uploading site other than ubuntu 1
<soren> ubunteo: I kind of doubt you'll find places that'll let you dump gigbytes of data on their servers without at least registering.
<ubunteo> soren: I knew. but they are with spam or spywares and pono ads around
<Daviey> lynxman: Another one with your name on it, bug #822613
<uvirtbot> Launchpad bug 822613 in etckeeper "etckeeper should depend on hostname" [Medium,Triaged] https://launchpad.net/bugs/822613
<Daviey> lynxman: then, bug 820936 wants your opinion. :)
<lynxman> Daviey: thanks, will hammer both in 10 mins, finishing toast :D
<uvirtbot> Launchpad bug 820936 in apache2 "Virtual server setup breaks Rewrite Rules" [Low,Confirmed] https://launchpad.net/bugs/820936
<lynxman> holy crap, 109 upgrades in the last 3 days
<Daviey> RoAkSoAx: powernap is currently set for demotion to universe, do we have anything which is planning to use it?
<ubunteo> lynxman: hi LAMP expert
<ubunteo> lynxman: I am LAMP and linux newbie. I want to get suggestion from you for my php application
<lynxman> ubunteo: sure, what do you want to do
<ikonia> ubunteo: what are you looking for
<ubunteo> ikonia: I dont know how to install and run http://www.phpwares.com/content/php-inventory on ubuntu LAMP server
<ubunteo> ikonia: if anybody knows better inventory application for IT stocks , please suggest me
<ubunteo> ikonia: I mean IT stocks like printer cartridges, CDs, DVDs, mobile phones in and out
<ikonia> ubunteo: reading the zip file, you just dump the php in your web root, run the sql script to create the database, and put the database details in the sites.xml file
<ikonia> ubunteo: there are more detailed instructions in the readme.html file in the zip file too
<ubunteo> ikonia: thanks for suggestion. I would also like to know where the web root in ubuntu is.
<ikonia> ubunteo: have you read the https://help.ubuntu.com server section on how to manage the webserver ?
<ubunteo> ikonia: do I also need to install phpmyadmin ?
<ikonia> ubunteo: if not, that's worth a read
<ikonia> ubunteo: no, you don't need phpmyadmin to run this
<ubunteo> ikonia: I had , the worst thing is I have no internet on that LAMPserver
<ikonia> ubunteo: then don't read it from the lamp server, read it from your desktop
<ubunteo> ikonia:  how can I ?
<ikonia> ubunteo: open that URL in a machine with internet access
<ubunteo> ikonia: Dear ikon, I can read my web server and said it works !!! but i dont know how to continue
<ikonia> ubunteo: yes, I've told you how to install the application, told you where the detailed install instructions are, and suggested a URL on how to run your web server
<ubunteo> ikonia: I know bro. the application is alittle big tricky
<ikonia> ubunteo: it's really straightforward
<ikonia> ubunteo: you put the php files in the document root, you run the sql database creation script, you put the database details in the xml file
<ubunteo> ikonia: where is the web root folder  in ubuntu server ?
<ikonia> ubunteo: that's when I said you should take a look at the server section in https://help.ubuntu.com to have a basic idea of how to run the web server
<ikonia> ubunteo: you'll need to understand how it works with the site model ubuntu uses, and that document is actually quite good
<Daviey> lynxman: How are those two bugs looking?
 * Daviey reaches for his whip.
<lynxman> Daviey: branched and fixing
<lynxman> Daviey: merge requests okay? :)
<Daviey> lynxman: super!
<w00> hm, i'm trying to symlink some files and access them through pure-ftpd, activated virtualchroot and perms look ok but the ftp client gives 'not a directory' errors, anyone knows what could be the issue? (same type of setup works on another distro)
<lynxman> Daviey: one done, 2 to go
 * w00 bangs his head against the wall
<Daviey> lynxman: Great! you fixed etckeeper.
<lynxman> Daviey: \o/
<maxagaz> hi
<maxagaz> how to add manually this route :
<maxagaz> 192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth3
<maxagaz> ?
<_ruben> sudo ip route add 192.l68.0/24 dev eth3
<_ruben> sudo ip route add 192.l68.0.0/24 dev eth3 (packetloss :P)
<maxagaz> thanks!
<maxagaz> _ruben,
<maxagaz> and how do I delete it ?
<_ruben> replace add with delete
<_ruben> ;)
<maxagaz> thanks :-)
<soren> _ruben: What sort of keymap do you use?
<soren> _ruben: It's been many years since I've seen anyone type 'l' instead of '1' (old-school type writer style).
<_ruben> soren: ehh? not sure what you're getting at
<w00> heh
<soren> _ruben: 11:42 < _ruben> sudo ip route add 192.l68.0/24 dev eth3
<soren>                                              ^
<soren> "l68" rather than "168"
<soren> _ruben: ell vs one, if can't tell the difference with your font.
<_ruben> heh, where the **** did that come from :p
<soren> That's what I'd like to know. :)
 * _ruben decides it's a bug in his keyboard
<soren> _ruben: It's the sort of typo I'd expect from someone who learned to type on one of these things: http://en.wikipedia.org/wiki/File:TypewriterHermes.jpg
<w00> lol
<soren> (They had no key for 1 (one). The l (ell) key doubled as the key for 1 (one))
<_ruben> lovely!
<soren> And o doubled as the key for 0.
<_ruben> optimization ftw
<_ruben> but no, can't say i ever typed on one of these
<_ruben> wth .. i nearly typoed 'typed' as 'typoed' (and just did again)
<soren> _ruben: uncanny
<uvirtbot> New bug: #829374 in postfix (main) "package postfix 2.8.2-1ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/829374
<RoAkSoAx> Daviey: Not that i know of but why would u want to demote it now?
<RoAkSoAx> kirkland ^^
<Daviey> RoAkSoAx: It's currently no longer seeded or a depends of a package in Main
<Daviey> So it's queued for demotion, unless we act.
<Daviey> RoAkSoAx: I think it's ok to seed it directly TBH.
<Daviey> Next cycle, i imagine you might depend on it a bit more.
<RoAkSoAx> Daviey yeah orchestra depends on it but still in universe
<RoAkSoAx> Daviey isnt it in the server seed that would keep it in main?
<Daviey> RoAkSoAx: ah, good point
<Daviey> RoAkSoAx: no, it was in main via euca.
<RoAkSoAx> Daviey so i guess it should be on the server seed right?
<Daviey> RoAkSoAx: yes
<Daviey> RoAkSoAx: We don't have a server-supported seed by design.
<RoAkSoAx> Daviey right so whats the solution then
<Daviey> RoAkSoAx: It's small enough to throw it on the ISO this cycle i think
<RoAkSoAx> cool
<jasonmsp> hey all. I noticed today a persistent established connection on localhost.localdomain today between mysql and a 40000 port.  I haven't noticed this before.  Is there a way to figure out what is running that?
<joschi> jasonmsp: lsof -i :40000
<jasonmsp> thanks!  dovecot is running it.  Could it be someone connected via imap?
<_ruben> dovecot likely has a persistent db connection open
<jasonmsp> ive not noticed it before.  Usually it is clean when I am connected ssh and the only thing open is my connections to the server
<patdk-wk> well, that would depend on the mysql wait timeout setting
<patdk-wk> dovecot will open, and keep it open, till mysql closes it
<patdk-wk> so if your last login was 5min ago, and the wait timeout is 15min
<jasonmsp> so check mysql config?
<NCommander> hallyn: ping, you about?
<jasonmsp> this is only troubling because its been established for over an hour
<patdk-wk> I think 1hour might be the default
<patdk-wk> no, default is 8hours if not changed
<patdk-wk> it's really not an issue and doesn't hurt, unless you limit mysql connections to a very low number
<jasonmsp> ok.  it was non-standard for me after running the server for a year I've never seen a connection like that open so long.  Thanks!
<uvirtbot> New bug: #829465 in libaio (main) "libaio version 0.3.109-1ubuntu1 failed to build in oneiric" [Undecided,New] https://launchpad.net/bugs/829465
<uvirtbot> New bug: #829468 in memcached (main) "memcached version 1.4.5-1ubuntu2 failed to build in oneiric" [Undecided,New] https://launchpad.net/bugs/829468
<hallyn> NCommander: yes, what's up?
<NCommander> hallyn: would like to discuss LXC security concerns if you have a moment
<NCommander> (based on your LP comment)
<hallyn> NCommander: tbh i'm a bit weary of that.  There are no security concerns bc there are no security claims.
 * hallyn goes to look for the recent m-l discussion
<Daviey> NCommander: What bug is that?
<NCommander> Daviey: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/827798
<uvirtbot> Launchpad bug 827798 in lxc "LXC works without warning regardless if cgroup namespaces are properly available" [Wishlist,Triaged]
<NCommander> Daviey: I still need to scratch your brain w.r.t. OpenStack
<uvirtbot> New bug: #829507 in ocfs2-tools (main) "ocfs2-tools version 1.6.3-2ubuntu1 failed to build in oneiric" [High,Confirmed] https://launchpad.net/bugs/829507
<hallyn> NCommander: see for instance http://blog.bofh.it/debian/id_413  and http://sourceforge.net/mailarchive/forum.php?thread_name=4E3AC4B4.7090007%40schaufler-ca.com&forum_name=lxc-users
<hallyn> btw i'm offended by the fact that you can't comment on the firs tlink
<Daviey> NCommander: We can probably grab 10 mins during the release meeting?
<NCommander> Daviey: during?
<Daviey> NCommander: Yeah, unless the release meeting requires 100% of your attention :)
<NCommander> Daviey: sure, I really just need 5 minutes getting up to speed with openstack (and I see that there's now a nice book available on the subject on the internal list)
<Daviey> NCommander: ok, i'll poke you during the meeting - and we'll talk
 * NCommander depserately needs two of himself
<uvirtbot> New bug: #829502 in eucalyptus-commons-ext (universe) "eucalyptus-commons-ext version 0.5.0-0ubuntu2 failed to build in oneiric" [High,Confirmed] https://launchpad.net/bugs/829502
<hallyn> NCommander: how did you want to discuss?  did you want to have an real call?
<NCommander> hallyn: actually this answersmost ofmyquestions quite well
<skulltip> i installed 64-bit ubuntu server, dhcp works fine but why can't i get static ip working, or where is an uptodate tutorial for 11.04 that actually works?
<hallyn> NCommander: cool
<hallyn> NCommander: it's too bad there were some... complications last week keeping us from discussing user namespaces and container security
<NCommander> hallyn: I might poke you for a few stray points but this is most helpful. Just out of curiosity, do know where usernamespaces plan to land?
<NCommander> hallyn: it didn't help I spent most of that trip hacking up a lung
<hallyn> NCommander: what do you mean 'where'?
<hallyn> it's a kernel feature
<NCommander> er
<NCommander> WHEN
<hallyn> ah
 * NCommander has not hugged his coffee this morning
<hallyn> no, i don't.  i thought it was years off, but we had a prototype working last week, so once we push that to lkml, we'll see how it's received
<hallyn> NCommander: as this stuffs sinks in, do me a favor,
<hallyn> pls think about where/how to best document this for future users.  bc obviously we're not doing a good job
<hallyn> I don't know if it should go in the ubuntu server guide, manpages, or what
<NCommander> Somewhere with <blink> tags :-)
<NCommander> I'll get back to you
<NCommander> (what's the current place your documenting it)
<RoyK> skulltip: just set the IP in /etc/network/interfaces
<RoyK> man interfaces
<RoyK> skulltip: if you have installed ubuntu desktop, it'll bring network-manager into the game, overruling /etc/network/interfaces
<skulltip> i know, done tried that and rebooted VM had to set back to dhcp
<hallyn> NCommander: blogs and mailing lists...
<skulltip> no it's ubuntu server 64 bit 11.04
<RoyK> and static ip doesn't work??
<skulltip> i did install several things, like tomcat, mysql, lamp server, ..
<skulltip> in VM it is 10.0.2.15 but IP on main network is 192.168.1.1 - i set gateway to 192.168.. ?
<NCommander> hallyn: yeah, those have the problemthat if you don't regularly read planet or are not subscribed to the list in question, they can fly by unnoticed :-(
<skulltip> it can ping it so must be.. do i set the static address to 192.168.. to 10.0..
<hallyn> NCommander: agreed.  Though it's not like "it was secure and we changed it".  It just hasn't really come to mind bc we've never, ever said lxc was secure or to be used for anything other than compute farms.
<hallyn> in fact, in the past we said it woudl never be secure.  I'm at the point now where I think in maybe 2 years they coudl be as safe as kvm/vmware is.  Not as safe as those are *perceived* to be, but as they are :)
<NCommander> hallyn: yeah, I think someone somewhere stated that it was usable and ready for 'enterprise' use at UDS and well, it kinda went from there. At least now I'm beginning to see the full scope of the problem and it hurts
<Daviey> hallyn: Perhaps i'm missing the issue, but i would have expected security to have been the first feature of LXC, not a bolt on to drive towards.
<Daviey> *boggles*
<hallyn> NCommander: it *is* ready for enterprise, for certain uses :)
<hallyn> Daviey: platitudes like that sound nice but dont' jive with how you can get features into the kernel
<hallyn> i'm sorry that sounds mean, but we had to start with the simpler namespaces
<skulltip> i set address to 10.0.2.16,  netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1   restarting network and I get failed to bring up eth0
<hallyn> we're not writing an editor.  we're affecting performance and changing every aspect of resource finding and access
<Daviey> hallyn: I'll keep my jive to myself then :)
<jdstrand> hallyn: I'm assuming that all of this is acknowledged by arkose (stgraber) and any other teams that perceive LXC as the new security hotness? (not trying to insinuate stgraber is not up on all this)
<hallyn> Daviey: also, the original point of the work was not lxc itself, but namespace isolation for checkpoint/restart
<hallyn> jdstrand: yes.  (stgraber will  yell if not :)
<hallyn> part of the problem is that the real tools are the naemspaces and cgroups,
<hallyn> while lxc is just a tool trying to exploit those for easy use
<hallyn> the security features which lxc would need to provide root-safe containers haven't made it into the kernel, so there is nothing for lxc to offer.
 * hallyn fears Daviey wont' talk to him any more
<hallyn> let alone push the spice ffe :)
<hallyn> NCommander: if you get a few moments to send me an email where you explain the use you were going to have for lxc on arm, please do.
<hallyn> Daviey: is there any reason not to plop the proposed qemu and libvirt merges for oneiric into ubuntu-virt ppa for testing?
<Daviey> hallyn: go for it!
<Daviey> create a new PPA tho
<NCommander> hallyn: you'd cry if you knew :-)
<NCommander> hallyn: but will do (currently doing 1001 things right now)
<hallyn> Daviey: new ppa?  ok
<hallyn> NCommander: yup no hurry.  Maybe we need a bug against the main lxc man page to have a WARNING at top about containers not being secure
<hallyn> i'd say we coudl ask jdstrand for help writing an apparmor profile to contain it, but then it'll likely just spuriously prevent package upgrades in containers :(
<hallyn> Daviey: doesn't look like i can create a new ppa
<Daviey> hallyn: argh
<Daviey> hallyn: is there a junky one?
<hallyn> so nm, i'll use my own then.
<hallyn> 'daily upstream build' :)
<hallyn> nothing since jan 2010
<Ursinha> Am I online?
<Ursinha> Oh, I seem to be
<hallyn> Ursinha_: Ursinha: you both are :)
<skulltip> do i need to delete the loopback line for a static ip
<skulltip> iface lo inet loopback..
<Ursinha_> hallyn: :) redundancy ftw :P
<giovani> skulltip: no -- that configures the lo/loopback interface -- you want to leave that alone, always
<giovani> you only want to edit lines that are configuring interfaces you're changing (such as eth0, or whichever you're using)
<skulltip> ok even updated nameserver with static IP and /networking restart..  message about it being deprecated and I can't ping the gateway
<skulltip> do i need to add a default gateway route
<Demosthenes> so, pop quiz. i have a natty box, it ought to be running lucid (lts server). how hard is that to change on an already installed box. can i just change the source, update, and safe-upgrade?
<lynxman> Ursinha_: no you're not online, get back to work ;)
<lynxman> damn... the sun, it is hot... and unknown
<lynxman> Daviey: ping
<lynxman> Demosthenes: afaik downgrading a box can have hilarious results, your mileage may vary though
<Demosthenes> lynxman: very few real packages installed.
<Demosthenes> no X, no desktop apps, etc.
<lynxman> Demosthenes: still, have in mind that only the upgrade path is tested, and you can find packages that are not downgradable or hard to
<lynxman> Demosthenes: if you need to do that I'd recommend install another machine with lucid or just keep that one working with natty
<Demosthenes> righto!
<Demosthenes> otoh, maybe we wait until the next LTS release and upgrade to it ;]
<lynxman> Demosthenes: that would also be wise indeed
<lynxman> Demosthenes: the new LTS will rock, just sayin'
 * lynxman can't contain his excitement about Ubuntu-P
<Daviey> lynxman: hola
<lynxman> Daviey: ello good sir
<Daviey> lynxman: on the phone.
<lynxman> Daviey: just PMed you a doc, if you can give it a nice +5 and proofread it I'd be full of grate :)
<Daviey> hallyn: can you update https://blueprints.launchpad.net/ubuntu/+spec/server-o-lxc-improvements please?
<hallyn> Daviey: yeah, will do.  was thinking about that last night while trying to sleep :)
<hallyn> thanks for the reminder
<Daviey> heh
<uvirtbot> New bug: #829599 in libapache2-mod-perl2 (main) "libapache2-mod-perl2 version 2.0.5-2ubuntu1 failed to build in oneiric" [High,Confirmed] https://launchpad.net/bugs/829599
<hallyn> stgraber: http://people.canonical.com/~serge/cgroup-lite.debdiff   debdiff introducing cgroup-lite into libcgroup source package
<stgraber> hallyn: looks good. Can you file a FFe bug explaining the reason why this was introduced and pointing to some of the bug reports that'll be fixed by using it instead of cgroup-bin?
<hallyn> yup, will do
<stgraber> attach the debdiff to that bug and I'll then comment that it looks good, I'm using it and see no regression with the new code and that it actually solves a critical bug for me
<hallyn> great, thx
<hallyn> Daviey: were you going to push that ipxe from the lp merge proposal?
<Daviey> hallyn: yep.. it's here
<hallyn> stgraber: do i file that bug against lxc, or against ubuntu?
<hallyn> Daviey: oh?  rmadison must be lying to me...
<Daviey> hallyn: assume you haven't touched it since yesterday?
<hallyn> no i haven't.  but ramdison doesn't show me a -ubuntu1 version
<Daviey> hallyn: no, it's not pushed yet.. but i *am* doing it
<hallyn> Daviey: ah, ok.  great - thanks
<stgraber> hallyn: it's a patch against libcgroup, so file the FFe against libcgroup
<hallyn> stgraber: sorry i meant libcgroup not lxc :)  ok, thanks
<stgraber> ok :)
<hallyn> stgraber: bug 829628
<uvirtbot> Launchpad bug 829628 in libcgroup "[FFE] Add cgroup-lite package" [Undecided,New] https://launchpad.net/bugs/829628
<uvirtbot> New bug: #829625 in ntp (main) "package ntpdate 1:4.2.6.p2 dfsg-1ubuntu5.1 failed to install/upgrade: error writing to '<standard output>': No such file or directory" [Undecided,New] https://launchpad.net/bugs/829625
<stgraber> hallyn: ok, commented and subscribed ubuntu-release for approval
<uvirtbot> New bug: #829628 in libcgroup (universe) "[FFE] Add cgroup-lite package" [Undecided,New] https://launchpad.net/bugs/829628
<hallyn> stgraber: great thanks - let's hope for the best
<kirkland> RoAkSoAx: howdy!  I just uploaded a new powernap that fixes most of the powernap-on-the-desktop issues
<kirkland> RoAkSoAx: you know, the ones jcastro was complaining about last week :-)
<kirkland> jcastro: would you mind giving powernap another try on your desktop?
 * jcastro whistles
<kirkland> jcastro: 2.13
<kirkland> jcastro: it should be much better
<jcastro> sure
<kirkland> jcastro: i've been running it here at the conference all week with success
<jcastro> I'll do it on the laptop.
<kirkland> jcastro: just uploaded minutes ago, so give it an hour or two to build/publish
<kirkland> jcastro: sweet, thanks
<kirkland> RoAkSoAx: give it a little testing, if you can
<jcastro> should I configure it or just run it "stock"?
<RoAkSoAx> kirkland: cool will do!!
<RoAkSoAx> kirkland: how was the presentation though?
<noecc> "java2-runtime" is a virtual package provided by: openjdk-6-jre gcj-4.4-jre gcj-jre default-jre
<noecc> Is there a preference of one over the others?
<RoAkSoAx> kirkland: btw.. when you have the chance to talk a lil bit about rsyslog for orchestra let me know
<ahasenack> smoser: hi, is there a ppa for cloud-utils? I'm on lucid
<ahasenack> I have 0.11-0ubuntu1
<kirkland> RoAkSoAx: excellent!
<kirkland> RoAkSoAx: can irc now, if you like
<kirkland> RoAkSoAx: also, i saw you disabled the initial iso import ... why?  are you going to re-enable it?
<RoAkSoAx> kirkland: yes I will re-enable it on release
<RoAkSoAx> kirkland: right now it makes my testing difficult :) (i just disabled it for testing)
<RoAkSoAx> kirkland: but anyways, logging-server is done, the only thing left is make sure the client installs the stuff through the preseed and obtains the keys
<RoAkSoAx> kirkland: the "difficulty" here is that, in case we manually installed ubuntu-orchestra-client on a server, it will configure the client syslog but it won't be able to obtain the keys
<RoAkSoAx> kirkland: unlike if we preseed it
<RoAkSoAx> kirkland: so I was thinking on getting the postinst to check if orchestra server is accessible and obtain the keys if it is
<RoAkSoAx> kirkland: however, this would require to have the keys available over web which is probably not desirable as discussed in austin
<RoAkSoAx> kirkland: so before preseeding it, i simple though it would be better to have a way to do both things
<RoAkSoAx> what do you think?
<RoAkSoAx> pin/win 4
<RoAkSoAx> arh
<kirkland> RoAkSoAx: make it configurable then, dude
<kirkland> RoAkSoAx: actually, it's already configurable
<kirkland> RoAkSoAx: sweet, is logging working through ssl?
<RoAkSoAx> kirkland: yes logging is working through ssl :D
<RoAkSoAx> kirkland: the only difference is that if we preseed, the client will automatically obtain the keys and start logging with the server
<RoAkSoAx> if we install ubuntu-orchestra-client on anhy other server thjat orchestra didn't preseed, we would manually need to obtain the key
<RoAkSoAx> kirkland: so the real issue is not to make the key publicly available through HTTP
<RoAkSoAx> kirkland: unless we could use the SSH keys to ssh ing and grab the key
<RoAkSoAx> but yet again, if we dont preseed with orchestra, then no ssh keys will be available
 * RoAkSoAx wonders if he is explaining himself correctly :)
<cloakable> No. Commit seppuku.
<RoAkSoAx> jdstrand: howdy
<jdstrand> RoAkSoAx: hi
<RoAkSoAx> jdstrand: does this satisfy the rejection reason for kitchen(python-kitchen)? http://paste.ubuntu.com/670291/
<jdstrand> RoAkSoAx: looks good to me
<RoAkSoAx> jdstrand: alrighty then. Will re-upload. Thanks
<jdstrand> thank you :)
<RoAkSoAx> jdstrand: thank you for pointing it out :)
<lynxman> kirkland: ping, whenever you're around
<RoAkSoAx> kirkland: so this is what I'll do: Cobbler let's you import python modules in kickstarts. So, I will create a python-orchestra module with "utilities"
<RoAkSoAx> kirkland: this will have the script that generates the encoding of the keys and will generate a command that will install these keys into the deployed machine
<RoAkSoAx> kirkland: so we will import  a snippet in the kickstart, this snippet will call the cobbler python module and will return a command in the way of "d-i balblabla" that will actually install the keys
<diimdeep> hello, please advice good vps
<diimdeep> for personal use
<diimdeep> *vps hosting
<diimdeep> linode, slicehost .. ?
<Nvrnight> Anyone running Ubuntu Server 11.04 have any problems running apt-get install from a shell script?
<Nvrnight> "apt-get install apache2" says it can't find the package from the shell script, but if I run it directly in the terminal, it finds it just find
<soren> Nvrnight: Can you pastebin the exact error message?
<Nvrnight> It's a one liner, "E: Unable to locate package apache2"
<soren> Can you create another shell script that does the same thing?
<Nvrnight> lemme try
<Nvrnight> oh, a new script works
<Nvrnight> I downloaded my script off a server, something must;ve happened?
<soren> Guess so.
<diimdeep> why you ignore my question ?
<Nvrnight> soren, alright on a new investigation to see what I need to do to the file, lol, thanks for the help
<soren> diimdeep: I prefer questions I can answer.
<w00> Wrong channel for it also i'd say?!
<diimdeep> w00: there is no channel for that, except google.com
<diimdeep> and http://serverfault.com/questions/tagged/vps?sort=votes&pagesize=15 but similar questions a bit outdated
<Myrtti> that would be because it's all up to your preference, location and needs
<Nvrnight> soren, windows put \r's into my file, dos2unix fixed up my script and it works fine after that, thanks for the help in finding that
<kirkland> lynxman: ping
<kirkland> RoAkSoAx: okay
<lynxman> kirkland: pong
<kirkland> lynxman: sorry, i was ponging you :-)
<DSpair> Hey all, need some help in recovering a broken LVM mirror.
<DSpair> When I initially created the mirror, I guess I wasn't paying attention. I created the 2 legs on 2 separate drives and the mirror log on a 3rd drive. The drive with the mirror log failed and now it will not let me recover the mirrored volume.
<DSpair> From what I am reading on the LVM mailing list archives, this may not be recoverable, but I'm hoping someone here might have a suggestion
<DSpair> Whew!!!
<DSpair> Yay!!!
<TomasBrincil> whow!!!
<DSpair> Looks like it is recoverable.
<TomasBrincil> ^^
<uvirtbot`> TomasBrincil: Error: "^" is not a valid command.
<DSpair> Thank freaking goodness!
<bernhard2> Is there a web based administrator for exim4 or dovecot ??
<Daviey> ajaxterm? :)
<Daviey> hallyn: around?
<bernhard2> question.. im setting up exim4 with dovecot (it works 80%).. i want to setup mail for several domains.. This is done within Exim4 ??
<patdk-lap> yes, and maybe dovecot too
<patdk-lap> depending on exactly how you want it setup
<qman__> I've never done exim, but I've done it on postfix
<qman__> and in that case, the multiple domains bit was mostly on postfix
<qman__> so I assume it's also on exim
<patdk-lap> all depends if you want those domains to be different email boxes or not
<Daviey> postfix is the Ubuntu favoured MTA over exim4
<bernhard2> <patdk-lap><qman__> <Daviey> Well have about 5 domains.. websites are on the same server too.. what do you mean with different email boxes ?
<qman__> there's really two ways to do things
<qman__> one is with the server simply accepting mail from all your domains
<qman__> but in that case, user1@domaina and user1@domainb are the same user, same mailbox
<qman__> what you probably want are virtual mailboxes
<qman__> which create separate users and mailboxes for each domain
<pr0z0id> is there a more robust pptpd server available.... looking for something that does not store passwords in a plain text file
<pr0z0id> (in plain text)
<patdk-lap> pr0z0id, that would be chap
<patdk-lap> instead of pap
<patdk-lap> but really why does it matter?
<patdk-lap> if you store a password hash, your normally forced to send the password over the connection for auth
<patdk-lap> so both ways the raw password makes it to the server
<qman__> yeah, pptp isn't the most secure thing to run
<qman__> not in terms of bugs and holes, just design
<patdk-lap> switch to l2tp?
<qman__> nah, openVPN
<pr0z0id> i have openvpn already
<pr0z0id> but need support for iOS etc.
<pr0z0id> consoles ... that sort of thing
<patdk-lap> for ios, your going be stuck with ipsec + l2tp
<qman__> hashed or not, guard that password file with your life
<qman__> it's just a design limitation
<pr0z0id> i hate the idea..
<pr0z0id> that's why i'm looking for something better.
<patdk-lap> it's even more evil ios won't let you use certs
<bernhard2> <qman__> yes would want virtual mailboxes which create separate users and mailboxes for each domain
#ubuntu-server 2011-08-20
<maknz> Hi, if the mail() function returns 1/true, is it safe to assume that a problem with the mail being sent lies with the mailing daemon, not PHP (or at least the PHP script)?
<maknz> Ah, wrong channel >_< sorry!
<Demosthenes> anyone have virtualbox running on lucid? my dkms modules refuse to compile.
<lickalott> did you spank them?
<Demosthenes> well, i only dabble in dominating kernel modules.
<Demosthenes> i don't think these really fear me yet
<lickalott> i've only ever used it on winblows
<Demosthenes> ah
<uvirtbot`> New bug: #829944 in clamav (main) "stopping freshclam doesn't remove pidfile" [Undecided,New] https://launchpad.net/bugs/829944
<uvirtbot`> New bug: #829945 in clamav (main) "purging all clamav packages doesn't remove /var/run/clamav directory" [Undecided,New] https://launchpad.net/bugs/829945
<greenmang0> can anybody here tell me the procedure to "fsck" an "lvm" partition using "live cd" ?
<greenmang0> filesystem has errors on it ... but then i mount it using live cd ... e2fsck says that it's clean
<patdk-lap> don't mount it, just fsck it
<patdk-lap> e2fsck -f /dev/....
<greenmang0> patdk-lap, yes... tried that ... it still says "clean"
<patdk-lap> using -f?
<greenmang0> patdk-lap, yes ... -fv
<patdk-lap> -f is suppost to make it check, even if it's clean
<patdk-lap> so it must really be clean then
<patdk-lap> why do you think it's broken?
<greenmang0> patdk-lap, but if i boot system and run "e2fsck -n /dev/mapper/foobar" it says partition has errors
<patdk-lap> you did mount the lvm right?
<greenmang0> patdk-lap, what happens is the file system suddenly becomes "read-only" after few days of uptime and some files become inaccessible
<greenmang0> patdk-lap, rebooting solve the issue temporarily ...
<patdk-lap> heh, I had that happen only once
<greenmang0> and i keep getting some "ata" errors on login screen
<patdk-lap> it was my laptops intel wifi driver doing it, corrupting ext3 somehow
<patdk-lap> upgraded the driver, and all is good
<greenmang0> patdk-lap, how can i find the root cause?
<patdk-lap> no idea
<patdk-lap> I solved it by chance, kindof, by removing parts of the computer, and trying again
<patdk-lap> till it didn't corrupt the filesystem
<greenmang0> patdk-lap, ok
<patdk-lap> for me, I couldn't even do an install, cause it would get corrupted that quickly
<patdk-lap> so it provided a pretty quick reliable way to tell
<jforman> hi all. is there an easy way to convert a ubuntu 10.04 server LTS release to standard 11.04 server? without blowing it away and reinstalling from scratch
<alamar> dist-upgrade to 10.10 and then to 11.04
<jforman> thats what i suspected, just wasnt sure. maverick was the option i was given when trying a 'do-release-upgrade -d'.
<alamar> jforman: that's what the release notes of 11.04 suggest. (to be more precise they refer to the upgrade notes for maverick)
<RoyK> jforman: edit /etc/update-manager/release-upgrades and set Prompt=normal, then run do-release-upgrade
<RoyK> oops - he apparently left...
<sajkaca> hi. i have 6 hds and i want to make raid 5. how to set up partitions?
<RoyK> sajkaca: no need for partitions
<RoyK> sajkaca: have you created a raid with mdadm?
<sajkaca> i m doing a fresh install. i set up raid 1 for /boot partition and then raid 5 and lvm /, swap and storage
<sajkaca> it doesnt work grup cant be installed so i think i did something wrong
<sajkaca> grub*
<RoyK> I'd recommend using separate drives for root/boot with raid-1/mirrors
<RoyK> then use the remaining drives, equally sized, for a raid-5 (or raid-6 if you're paranoid) for the data
<RoyK> smallish 2,5" drives are good if space is an issue
<sajkaca> 4 drives will not be enough for storage i need more. so i have to do 6 hds for raid. only boot is the problem
<sajkaca> becose it wont work. and i read on google that there is some ishues with ubuntu raid 5 etc.. so i need howto that the system will work fine
<ubunteo> hi everyone.
<ubunteo> how are you ??
<ubunteo> do we need public IP to build webserver to be accessed anywhere from internet ?
<RoyK> sajkaca: the problem with mixed raid setup is when something fails - get some small drives for the root - you can probably find some small drives from ebay for close to nothing - for example http://www.ebay.com/itm/40GB-5400RPM-2-5-SATA-Serial-ATA-Laptop-Hard-Drive-HDD-/260833948384?pt=LH_DefaultDomain_0&hash=item3cbaea32e0
<RoyK> ubunteo: yes
<RoyK> ubunteo: either a public IP or some nat magick
<ubunteo> ok.
<ubunteo> RoyK: thanks
<ubunteo> our office Firewall blocked pinging/traceroute to google or other public DNS servers . I can't access firewall. How could I do without touching firewall?
 * RoyK was at a dinner with a friend last night, watching movies and having a few glasses of wine before going home about half past five in the morning, and can only conclude he's not 20 anymore :P
<RoyK> ubunteo: ask the sysadmin to open up for the webserver
<RoyK> preferably, it should be in the DMZ
<RoyK> !dmz
<RoyK> stupid bot....
<ubunteo> RoyK: I hate bots except in counter-strike game
<RoyK> I was referring to ubottu
<RoyK> !windows
<ubottu> For discussion on Microsoft software, or help with same, please visit ##windows. See http://launchpad.net/distros/ubuntu/+bug/1 http://linux.oneandoneis2.org/LNW.htm and /msg ubottu equivalents
<uvirtbot`> Launchpad bug 1 in ubuntu "Microsoft has a majority market share" [Critical,In progress]
<RoyK> bug #1 is always amusing :)
<uvirtbot`> Launchpad bug 1 in ubuntu "Microsoft has a majority market share" [Critical,In progress] https://launchpad.net/bugs/1
<ubunteo> why can't GIMP or others can't be exactly the same like Photoshop?
<RoyK> "why can't linux be exactly the same as windows?"
<ubunteo> wine is odd
<RoyK> ubunteo: there are sets of shortcuts out there to mimic photoshop
<RoyK> ubunteo: they're separate systems, with separate goals, so they're bound to be different
<ubunteo> RoyK: I mean other features like addons and brushes and actions.
<RoyK> and Adobe has been in this for years and gimp is still rather new in comparison
<RoyK> ubunteo: /j #gimp
<RoyK> it's not really an ubuntu server issue :P
<ubunteo> RoyK: the sad thing is OSS community can't create absolute alternative to  Windows' Active Directory. even SAMBA LDAP can't resemble windows exactly the same features
<RoyK> samba4 does
<RoyK> but then, it's not finished
<ubunteo> RoyK: I want to stop using Windows AD . it is waste of money
<RoyK> and, btw, samba isn't an acronym
<RoyK> just a name derived from SMB (server message block, the windoze file sharing protocol)
<ubunteo> RoyK: may be a rumor or I dont know. there would be ubuntu directory services. how is that status to totally replace windows AD ?
<RoyK> ubunteo: samba4 supports acting as an AD controller
<RoyK> it's still in alpha, though (IIRC). See http://wiki.samba.org/index.php/Samba4 for more info
<ubunteo> RoyK:  actually Novell Directory Service eDirectory can totally replace or do same feature like windows AD for most common daily routines for users of windows. why ubuntu can't ?
<RoyK> hm... seems it's left alpha
<RoyK> NDS is closed source
 * RoyK is an old NetWare Master CNE :D
<RoyK> ubunteo: but then, openldap and samba can do a few things
<RoyK> with samba4, it'll be far easier to implement windows integration
<ubunteo> RoyK: I know it is dead end technology according to the whole world though I don't know exactly why. But installiing novell clients for widnows on each windows computer, it can communicate well with Novell eDirectory
<RoyK> I know
<RoyK> NDS is kickass technology compared to AD
<RoyK> AD is merely a smart extension of the old winnt domains
<ubunteo> RoyK: I would like to get the same feature with ubuntu servers at back end and windows clients at front end
<RoyK> NDS is a distributed catalog service
<RoyK> well, for windows, you either need an NDS client, or AD support
<RoyK> AFAIK windows doesn't support LDAP logins
<RoyK> and I doubt mickysoft will add that, since by then, there'll be less need for AD
<RoyK> ubunteo: try samba4
<RoyK> you'll need to compile it from source, though, but it might be worth a try if you're eager to kick out M$ servers
<ubunteo> RoyK:  but making samba can directly talk to windows and for over exceeded quantity of users that samba can't handle, samba server should connect to LDAP server to handle. I read that on one article
<RoyK> erm... I didn't quite understand that - what do you mean?
<ubunteo> RoyK: I have to convince management before we decide to use ubuntu instead of costly windows. This is reform. I would like to make sure all before hand.
<RoyK> keep your AD controller and use Samba for fileservers
<RoyK> samba can join AD easily
<RoyK> using samba4 in production would be silly
<ubunteo> RoyK: I don't want to see MS stuffs anymore. I dn't want install antivirus and other related problems
<RoyK> ubunteo: are your clients running windows?
<ubunteo> RoyK: yes. all clients are windows.. all servers are novell. I am now in the middle of nowhere to migrate to ubuntu or windows servers for the backend deployment
<RoyK> ok, so you're using netware and NDS?
<RoyK> currently, there's no good open source replacement for AD or NDS
<ubunteo> RoyK: yes. Groupwise. Border Manager
<ubunteo> RoyK: oh. that sucks . that is why linux still can't beat Microsoft
<ubunteo> RoyK: ok thanks a lot. let me stop.
<RoyK> well, linux is a bit more than windows integration - last I checked, linux was the most used OS for web services and more
<RoyK> ubunteo: btw
<RoyK> ubunteo: I think there might be an LDAP login plugin available for win
<RoyK> haven't tried it, though
<ubunteo> is there anyone who is using inventory software to record IT stocks like toners, cartridges and CDs, DVDs cosume and refill ?
<ubunteo> As I am looking for inventory software for non-profit organizations. There is no sales or linking to accounts in this inventory software.
<RoyK> no idea, but I guess there are dozens of packages available for that
<RoyK> google for it
<ubunteo> RoyK: I checked sf.net. most are network based tracing serials network cards .bla bla. I just want pure IT stocks recordiing no sales included
<ubunteo> thanks all . see you later
<uvirtbot`> New bug: #830108 in bacula (main) "bacula director eror in initial conf file" [Undecided,New] https://launchpad.net/bugs/830108
<KM0201> anyone aware of a good, mini sas card that will be supported out of the box.  I'd like support for 8 drives.
<uvirtbot`> New bug: #830129 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/830129
<KM0201> upgraded from 10.04 to 11.10?  that was smart
<KM0201> skipped a few in between there.
<mfraz74> KM0201: on your server?
<KM0201> no, i didn't..lol i'm not that dumb.. i clicked the link on the bug report and read it.
<KM0201> lol
<KM0201> or do you mean the mini-sas card question?
<KM0201> mfraz74:
<KM0201> ?
<mfraz74> i meant the upgrading to 11.01
<mfraz74> 11.10
<KM0201> oh no, id idn't do that.. lol
<KM0201> click the link on the bug report, and read his description of his "bug" (i think the bigger problem is between his ears)
 * patdk-lap wonders what exactly is a mini-sas card
<mfraz74> i'm running kubuntu 11.10 on a netbook, it's looking good, but i wouldn't trust it on my main machine yet
<patdk-lap> I know sas and sata, but haven't seen anything called mini
<mfraz74> is the card mini?
<patdk-lap> dunno, that would be called lowprofile
<KM0201> i've always heard it called a mini-sas card.. maybe i named it improperly
<KM0201> sas is appropriat ei'm sure.. i think mini just describes the card
<mfraz74> http://www.saverstore.com/product/20070396/7725665/HP-Smart-Array-P410-256-SAS-Controller-Card-PCIe-X8-8-port--2x-Internal-Mini-SAS-4x-Connector-
<patdk-lap> sas lp card :), low profile sas hba, to be more exact
<KM0201> i'm int he US, and second, i don't wanna spend that much, that's a little insane.
<patdk-lap> oh, the mini-sas in that refers to the sff-8087 ports
<mfraz74> it was a bit expensive, i've found another for Â£23 :)
<mfraz74> i was just using it as an example of mini-sas cards
<KM0201> ok.. let me explain what i want.. i think its sff 8087.... i want a raid card, that has 2 ports, that will allow me to run 8 drives, w/ a cable like this..  http://www.amazon.com/Adaptec-2236600-R-Internal-Mini-SASX4-SFF-8087/dp/B000GU04X2
<patdk-lap> I think some call it mini-sas compared to the sff-8484 conector
<KM0201> ok.
<patdk-lap> looks like your getting a highpoint then
<patdk-lap> if you want cost effective
<patdk-lap> otherwise probably go with an lsi
<KM0201> well cost effective would be nice.
<patdk-lap> http://www.newegg.com/Product/Product.aspx?Item=N82E16816115079
<KM0201> i'd like to keep it between 90-150 US (not sure on your idea of cost effective)
<patdk-lap> you want a raid card for <200?
<KM0201> i did't think that seemed htat unusual.
<patdk-lap> your asking for fakeraid, and they don't make fakeraid sas
<KM0201> patdk-lap: http://www.newegg.com/Product/Product.aspx?Item=N82E16816115096
<KM0201> patdk-lap: if i'm looking at that card correctly, it should support 8 drives (2 ports, 4 drives each)
<patdk-lap> it does
<patdk-lap> but the firmware on that card isn't that great
<KM0201> why would that be a concern?...
<patdk-lap> you don't know how to read the feedback section?
<patdk-lap> or do your own research about stuff before you buy?
<KM0201> actually, i didn't even notice it had a feedback tab..lol
<KM0201> yes, i research before i buy, i was just posting that one as an example.
<patdk-lap> if you look, only highpoints are <200
<KM0201> yeah
<KM0201> i know high point makes a crap firearm, so maybe thats an omen.. :)
<patdk-lap> well, some of their stuff isn't
<KM0201> their pistols.
<patdk-lap> maybe they will be like ati was
<KM0201> some of their rifles get rave reviews (but i have no experience w/ those)
<patdk-lap> I refused to get an ati video card cause the drivers where always crashing systems
<KM0201> yeah
<KM0201> patdk-lap: how is intel usually?...  http://www.newegg.com/Product/Product.aspx?Item=N82E16816117157
<patdk-lap> intel is just relabled lsi
<KM0201> that should do what i want i think
<patdk-lap> ya
<KM0201> now just to see how solid it's linux support is
<patdk-lap> hmm? lsi has always been making linux drivers
<patdk-lap> never had an issue
<KM0201> are they "plug n play" or do you have to compile the driver?
<patdk-lap> plugnplay
<patdk-lap> just have to download the management software from their website
<KM0201> is that really necessary?
<patdk-lap> if you want to fix the raid without taking the whole system down? yes
<KM0201> sounds like its necessary.. :)
<patdk-lap> or see if a drive failed, without depending on led's
<KM0201> yeah..
<KM0201> how does the mgmt software work?
<patdk-lap> pretty simple
<patdk-lap> looks just like the bios interface
<patdk-lap> atleast for the ones I have
<KM0201> hmm, so do you run it via SSH, or.. ?
<patdk-lap> yep
<KM0201> i see.
<KM0201> that seems like it would be the easiest way.
<KM0201> maybe i should up my budget a bit, and not "shortchange" this one
<KM0201> software raid is working OK, but i only have 6 ports, and have 8 bays... but.. right now i don't need all 6 ports.
<KM0201> patdk-lap: question about software raid (i'm kinda new to this)... say one of my drives borks out.. 1. how do i know, and 2, is easy to add a new drive to the array?
<patdk-lap> ask mdadm
<KM0201> mdadm?
<KM0201> hmm
<KM0201> i see where you're going
<KM0201> unfortunately a lot of that is greek to me
<qman__> KM0201, cat /proc/mdstat (or set it up to email you), and yes, it's easy
<qman__> install new drive, partition it, then add it to the array with mdadm
<KM0201> yeah, i just found a lnk,   http://www.howtoforge.com/replacing_hard_disks_in_a_raid1_array
<KM0201> i guess my bigger question, is how to tell which drive is bad..
<KM0201> i'm gonna try it in vbox, see if i run into a problem
<qman__> the way I tell is with smartctl
<KM0201> smartctl?
<qman__> it tells you the serial number when you smartctl -a /dev/sd?
<qman__> which is printed on the label
<KM0201> ohok.
<qman__> also, it's often too late when the drive actually drops out of the array
<qman__> I use smartd to email me on bad sectors
<KM0201> wha tdo you mean "to late".. if i'm using raid 1.. there should be a mirror on the other drive.
<qman__> I lost an 8 disk raid 5 that way, three drives failed in one day
<uvirtbot`> New bug: #830142 in samba (main) "package samba-common-bin 2:3.5.8~dfsg-1ubuntu2 failed to install/upgrade: short read on buffer copy for backend dpkg-deb during `./usr/bin/smbpasswd'" [Undecided,New] https://launchpad.net/bugs/830142
<qman__> would have known sooner if I had smartctl telling me about the bad sectors
<KM0201> 3 drives in 1 day?... lol.. impressive.
<KM0201> but wiith raid 1, i have a mirror of the drive, so it shouldn't be as big an issue, right?
<qman__> unless your two drives are like my three
<qman__> and you can't replace it before the second fails
<KM0201> this is true.
<qman__> it's more likely than you think, unfortunately
<qman__> I've already replaced two drives with bad sectors on my new array
<KM0201> unfortunately, this isn't very easy to test in vbox apparently
<KM0201> i know what i can do..
<KM0201> i can just remove one of the drives in the vbox settings
<qman__> you can mark a drive as failed with an mdadm command
<KM0201> well, i'm assuming i "miss" that the drive is failed, that sall.
<KM0201> or that it fails unexpectedly
<KM0201> ok, just marked a virtual drive as failed, remooved it, shut down, deleted the drive, now i'm adding a new drive, and then i'll try to add it back to the raid
<uvirtbot`> New bug: #830154 in samba (main) "Login timed out after 60 seconds after winbind install" [Undecided,New] https://launchpad.net/bugs/830154
<Kainore> Hello i hope there is a good soul in here there can help me resovle a problem of mine im using vsftpd on my ubuntu server 11,04 and can connect with out problem in filezilla in my privet network but
<Kainore> when i try to do it on the public ip i get user and pass sent in but dont get my file catalog
<Kainore> it say "time out"
<qman__> yes
<qman__> that is a limitation of FTP
<qman__> one end must not be behind a NAT
<qman__> since almost every client is behind NAT these days, your server cannot be, or it must be worked around in your firewall
<qman__> opening anywhere from several to thousands of ports
<Kainore> so becouse my nat is has port forwarding i still will have problem?
<qman__> for more details: http://mywiki.wooledge.org/FtpMustDie
<Kainore> thank you alot
<qman__> it's possible, just difficult
<qman__> and doesn't make a lot of sense when SFTP is in every way better
<Kainore> thanks i will check it out you have helped alot allready now im siting with some idea's to solve it that i diden have before
<BrixSat> hello :)
<josePhoenix> Userdel won't remove a user if they're logged in.. how can I force logout a user? Would killall -u username work?
<BrixSat> does any one here have a git repository server
<BrixSat> i would need a tut to point me in the right way
<josePhoenix> Any tricks for setting umask? I have a group writable directory, and I want users who create files in there to make them group-writable
<josePhoenix> Since the purpose of these user accounts is only to edit files in said group directory, would it be okay to add "umask u=rwx,g=rwx,o=" in their bashrc?
<KM0201> is there a way to make ubuntu continue to boot, despite a failed disk on the raid?  I keep getting a "press S or M" (skip or repair manually).. if the server is headless, obviously i won't know this when its powering up.
<BrixSat> yes you can fix that
<KM0201> ii know how to fix the drive, i just don't want ubuntu to halt on that error.
<BrixSat> i had that problems a few months ago and i fixed it in fstab
<KM0201> ok..
<KM0201> let me bring it back up then take a look at fstab.
<qman__> yeah, it halts boot on a degraded array by default
<KM0201> yeah, i want to turn that off.
<qman__> raid 1 is about the only situation you'd want to continue
<KM0201> i use raid 1.
<KM0201> :_)
<qman__> it's entirely possible, I just don't know where the setting is
<KM0201> i'm guessing in fstab, i'll check in a second
<KM0201> cuz since i can't SSH while its booting, obviously i wouldn't be able to see that error, and know there's a problem.
<orated> Hello, can anyone guide me to achieve this on desktop, please - https://help.ubuntu.com/community/WifiDocs/ShareEthernetConnectionThroughWireless?action=AttachFile&do=get&target=ICS2.jpeg ?
<KM0201> orated: so.. you have two routers?
<KM0201> hmm, wait maybe not.
<RoyK> orated: simple matter of iptables nat thing
<qman__> or bridge your interfaces
<KM0201> yup.
<orated> I recently got Dell XPS 15 laptop which allows to connect to WiFi and also LAN
<orated> I've never tried , so not sure
<josePhoenix> Hmm
<josePhoenix> I guess I'll set the umask in their bash profile
<orated> Can anyone lnk me to some documentation for this?
<orated> KM0201: How can I confirm you if I've two routers or not?
<KM0201> you'd see them in your house.
<KM0201> but i don't think thats what you're trying to do.
<orated> I have only one DSL
<orated> I mean D-Link modem which allows me to connect to LAN
<orated> I've primarily connect to LAN but wish to share internet making system like a WiFi hotspot to other WiFi enabled devices at home
<KM0201> BrixSat: what did you add to fstab, to make that stop happening, i tried "nobootwait".. which didn't do the trick.
<orated> I read its called internet connection sharing or masquerade, if I'm right
<josePhoenix> Hmm
<josePhoenix> /etc/profile is maintained by the package manager, right?
<josePhoenix> I can't override the umask in there because it'll cause conflicts when updating
<josePhoenix> and I can't put it in /etc/profile.d/ because the umask line is the last one in /etc/profile
<orated> RoyK: qman__: Can you guide me on bridgin interfaces? Or iptables can do what I want to try?
<qman__> apt-get install bridge-utils
<qman__> edit /etc/network/interfaces as root
<qman__> add a bridge interface like so: http://manpages.ubuntu.com/manpages/natty/man5/bridge-utils-interfaces.5.html
<KM0201> anybody interested, post#2 did the trick..  http://ubuntuforums.org/showthread.php?t=1652587
<orated> qman__: And, will it affect when I'm using WiFi?
<qman__> done right, all it will do is bridge your wifi to your ethernet
<qman__> so configuring your wifi won't affect it
<qman__> set up ad-hoc to get the computers connected, or connect to an AP when you're elsewhere
<orated> AP?
<qman__> access point
<orated> ad-hoc works only for connecting computers? It will not work for wifi enabled devices?
<qman__> it will work for any wifi device
<qman__> the difference is AP mode is a router providing internet access in the traditional way, ad-hoc is multiple 'client' devices just talking to each other
<qman__> you're technically providing internet to an ad-hoc network
<orated> ad-hoc works only for connecting computers? It will not work for wifi enabled devices??
<orated> er
<orated> But how is bridging helping to create an ad-hoc network
<qman__> it isn't
<orated> Sorry, fingers slipped on arrow keys when pressing return,..
<orated> ah-ok
<qman__> bridging brings your working internet connection to the ad-hoc wireless network
<qman__> so other clients on the ad-hoc can get to the net
<orated> So, how do I create ad-hoc network?
<qman__> probably through network manager
<qman__> beyond the scope of this channel, but first google hit: https://help.ubuntu.com/community/WifiDocs/Adhoc
<orated> I'm sorry for being offtopic. I'm completely beginner on this, so, well.. I'll read more on it. Thank you.
<bkerensa> =o
<RoyK> -q
<uvirtbot`> New bug: #830250 in postfix (main) "package postfix 2.8.2-1ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/830250
<oakbox> Hi all, does anyone know how I can get noip2 to run as root.  I need to to execute a script that has permission to edit root files.
<qman__> sudo
<oakbox> qman__, Hi, the problem is noip2 runs the script so I cant use sudo??
<qman__> use sudo in the script
<qman__> for the bits that require it
<uvirtbot`> New bug: #830277 in ntp (main) "ntpdate manpage is inconsistent about threshold" [Undecided,New] https://launchpad.net/bugs/830277
<bernhard2> using exim4 with dovecot (its 80% functional).. i would like to setup virtual domains with virtual mailboxes. are there  any good tutorials ?
<CrazyGir> hello! I have someone working remotely on a server who is unable to boot properly. I need to get into the system with a chroot, and we have a rescue cd, but the rescue env did not seem capable of figuring out the LVM setup
<CrazyGir> is the rescue env aware of LVM and capable of working with it to mount the root fs?
<tohuw> besides the lower values for GIDs, what is the functional difference between a system group (i.e., a group created with the --system option) and a non-system group?
<CrazyGir> while I'm not 100% sure, I would hope ubuntu was playing smart and putting extra restrictions on the system user/group
<CrazyGir> not sure though
<CrazyGir> ddg it?
<CrazyGir> (duckduckgo.com)
<tohuw> I've searched around, nothing relevant has come up. Groups, unlike users, don't have explicit extra permissions based on their ID, so I'm not sure what restrictions would be needed for a group, other than making usre it has a unique GID
<CrazyGir> well, there are also login limits, like max files and such
<CrazyGir> but yea, I don't know
<CrazyGir> tohuw: as ubuntu is based on debian, maybe #debian as something to say
<CrazyGir> could someone translate this? I just tried a service networking start and received: start: Rejected send message, 1 matched rules; type="method_call", sender=":1.6" (uid=1000 pid=2381 comm="start) interface="com.ubuntu.Upstart0_6.Job" member="Start" error name="(unset)" requested_reply=0 destination="com.ubuntu.Upstart" (uid=0 pid=1 comm="/sbin/init))
<wpl> When setting up ip_tables i get this error: "can't initialize iptables table `raw': Table does not exist (do you need to insmod?)". What do I have to do?
<lickalott> http://ubuntuforums.org/showthread.php?t=1746390
<wpl> lickalott: Already did it. A 'sudo modinfo ip_tables' gives: "modinfo: could not open /lib/modules/2.6.18-028stab092.1/modules.dep".
<lickalott> are you root?
<lickalott> better question are you in the sudousers file?
<wpl> lickalott: i am. The requested file does not exist on my system.
<lickalott> wait 2
<lickalott> lemme check mine
<wpl> but i have a moduldes.deb in '/lib/modules/2.6.18-028stab064.8/'
<wpl> why does modinfo look for a non-existing '/lib/...stab092.1'?
<lickalott> mine show up as 2.6.38-8-generic-pae
<lickalott> whats inside your modules dir?
<wpl> modules.alias   modules.ieee1394map  modules.ofmap     modules.symbols
<wpl> modules.ccwmap  modules.inputmap     modules.pcimap    modules.usbmap
<wpl> modules.dep     modules.isapnpmap    modules.seriomap
<wpl> the problem is that 'modprobe', 'insmod' etc. are looking for the wrong directory
<lickalott> just found this - http://ubuntuforums.org/showpost.php?p=9967579&postcount=12
<lickalott> thinking maybe you can edit that file for the proper path.
#ubuntu-server 2011-08-21
<wpl> do I have to reboot the system after editing the file?
<wpl> hm, the existing modules.deb is empty, so nothing is won by making modprobe find the file.
<jmarsden> wpl: I suspect the "stab0*" suffix means you have been doing some custom kernel creation and the modules you want were not built/installed for the kernel you are now running?
<p3rsist> What smartphones / mobile OS do you guys use for System Admin?
<jmarsden> p3rsist: Unless your phone runs Ubuntu Server, that's off topic here.
<Pici> Try #ubuntu-offtopic
<p3rsist> Aight :)
<reisi> after a reinstall of kubuntu 11.04 on md+lvm setup initramfs cannot find my root partition (and for some reason usb keyb doesn't work either) any ideas on how to fix this? searched uuid seems right, but what i can gather from output no /lib/modules is ever found
<reisi> aah, it was because the installer got the usb stick as sda and all my hard drives as b,c,d,e; with reinstallation the order was different and everything works now
<NixNinja> question I have a ubuntu server at work that someone else setup before I got there I am trying to get access to it remotely for testing to be sure I don't have a router issue I have DMZed the server I can ssh to it on the local network but I can't from the public I have checked hosts.allow and deny and even added ALL: ALL to the allow file but I still can't get in can anyone give me and Idea as to what to look at next?
<jmarsden> NixNinja: routing (ip route command) -- check default route is what you expect.  Also see if you can reach other services on that server from the outside (ping it, check http, ftp, whatever services it is supposed to be serving!)
<NixNinja> its ignoring all trafic sent to it
<NixNinja> its trying to send traffic to the old gateway
<NixNinja> and the new one
<NixNinja> but the old on is default should I remove the network configuration for the adapter because its not in use anymore
<jmarsden> NixNinja: I can't answer what you "should" do without knowing the network configuration in use... but you should make sure the routing tables on the server are set to route traffic the way you want traffic from it to to be routed.
<jmarsden> The fact that there is a "new gateway" and an "old one" makes me suspect this is where your issue lies.
<NixNinja> well the subnet its looking at is not in use any more and nothing is attached to the adapter that is configured for that network
<jmarsden> Then as long as nothing routes to or through that unused subnet, having the NIC configured won't matter.
<jmarsden> Type    ip route    on the server console, and check the output carefully for any references to the "old" "unused" subnet.  Fix any you find.
<jmarsden> I need to go eat, will be back later...
<NixNinja> thank you
<NixNinja> I'm on it :)
<uvirtbot`> New bug: #830377 in autofs5 (main) "autofs5 needs to start before lightdm" [Undecided,New] https://launchpad.net/bugs/830377
<uvirtbot`> New bug: #830379 in mysql-dfsg-5.1 (main) "package libmysqlclient16 (not installed) failed to install/upgrade: tentando sobrescrever '/usr/lib/libmysqlclient.so.16.0.0', que tambÃ©m estÃ¡ no pacote mysql-cluster-client-5.1 0:7.0.9-1ubuntu7" [Undecided,New] https://launchpad.net/bugs/830379
<Demosthenes> thats not funny, schroot copying over /etc/passwd by default.
<Demosthenes> breaks all kinds of pacakges
<laserbled> Hi, need help - I have put a webframework in www/ but it says I dont have permission to acees it in apache - what should I change ?
<laserbled> am getting a 403 forbidden error
<jmarsden> laserbled: Coudl be lots of things, but check the permissions on files that should be accessible by the web server are world readable (mode 644) ?
<uvirtbot`> New bug: #830424 in mailman (main) "package mailman 1:2.1.14-1 failed to install/upgrade: subproces installed post-installation script gaf een foutwaarde 1 terug" [Undecided,New] https://launchpad.net/bugs/830424
<Henriquez> i have a server that is a proxy for the other servers in my private network.ve gotten the reverrse proxy to word for zarafa
<Henriquez> but when i login it says" 404 not found
<Henriquez> Vhost file > http://213.93.162.88/webmail
<Henriquez> does anyone know what is missing
<Henriquez> ?
<Henriquez> already solved it
<Henriquez> thank you anyway
<AlecTaylor> hi
<AlecTaylor> I'm looking for a !FAST! locally-hostable Open-Source IT Intranet & HelpDesk web-app. I need Intranet (company news, IT knowledgebase), remote computer access (Windows only), helpdesk (ticketing), inventory management, software deployment and version control. Which project(s) would you recommend?
<ikonia> AlecTaylor: you won't find that in 1 application, you'll need to build your own suite
<AlecTaylor> ikonia: Fine. What integrates most of it?
<ikonia> AlecTaylor: nothing really - it's going to be a mixture of packages that you're going to have to pull together to make a "system" or "setup"
<RoyK> AlecTaylor: for helpdesk, RT is rather good
<RoyK> request tracker
<AlecTaylor> Request Tracker?
<AlecTaylor> Hmm
<AlecTaylor> Looks quite speedy
<AlecTaylor> and a mature project
<ubunteo> hi all
<AlecTaylor> hi
<ubunteo> I have a problem to copy one folder from flash drive to ubuntu server
<ubunteo> hello
<ubunteo> can anyone help me??
<ubunteo> hello all
<ubunteo> anybody has a  clue?
<ubunteo> i tried cp folderA folderB
<ubunteo> I tried cp -r folderA folderB
<ubunteo> but i got error cp: omitted directory
<ubunteo> hello
<ubunteo> anyone ??
<patdk-lap> I always use rsync
<patdk-lap> but cp -r should work fine
<RoyK> AlecTaylor: RT is quite mature, and easy to extend - even from the gui (if you know perl, that is)
<RoyK> ubunteo: rsync -avP src dst
<RoyK> verbose and fine :)
<ubunteo> is that the command I should run on server ?
<ubunteo> I have no internet on server, it is ok?
<ubunteo> RoyK: what is the meaning of verbose and fine ???
<ubunteo> RoyK:  the thing is i want to copy php application folder from flash drive to /var/www
<ubunteo> thanks I will try rsync and let you all know the results
<ubunteo> see you !
<uvirtbot`> New bug: #830564 in munin (main) "munin_stats plugin does not work" [Undecided,New] https://launchpad.net/bugs/830564
<BrixSat> i have a executable bin (inadyn) and if i put it in /usr/sbin every time i call for its name i get "/usr/sbin/inadyn File or directory not found"
<qman__> well, for one, custom executables should go in /usr/local/bin and /usr/local/sbin
<qman__> to keep them separated from packages
<BrixSat> =)
<qman__> that error can be caused by the file not actually being executable
<qman__> chmod +x the file
<BrixSat> i have chmoded the file
<BrixSat> and corrected their location and same error
<qman__> ok, to tell more specifically, I need the exact command run and output
<qman__> is the executable a script or a binary file?
<BrixSat> bin file
<BrixSat> ubuntu 10.10
<BrixSat> *11.04
<BrixSat> 32 bits
<qman__> in that case the output could mean that some dependency is missing
<qman__> can't really tell further without the exact output and knowing more about that executable in particular
<BrixSat> root@git:/home/cesar# /usr/local/bin/inadyn-mt
<BrixSat> bash: /usr/local/bin/inadyn-mt: file or directory not found!|
<BrixSat> consola
<BrixSat> e no rc.local so meti o inadyn
<BrixSat> sorry :p that should not be here
<RoyK> BrixSat: is your system 64bit?
<BrixSat> 32
<RoyK> and the executable is 32bit?
<BrixSat> yes :)
<RoyK> try to strace it
<BrixSat> how
<RoyK> strace /path/to/executable
<qman__> yeah, it's definitely a problem with the executable, some dependency or error
<RoyK> or ldd it
<RoyK> ldd will show libs dependencies
<BrixSat> http://paste.ubuntu.com/671791/
<RoyK> erm
<RoyK> ls -l /usr/local/bin/CCcam
<BrixSat> -rwxr-xr-x 1 cccam cccam 698132 2011-02-26 18:27 /usr/local/bin/CCcam
<RoyK> and ldd?
<RoyK> or strace -f
<BrixSat> ldd not a dinamic executable file
<BrixSat> strace -f http://paste.ubuntu.com/671792/
<RoyK> I guess recompile it :P
<BrixSat> i dont have the source :p
<RoyK> then bitch whoever made the executable
<BrixSat> well i could :) and i have :p
<RoyK> what sort of program is this?
<BrixSat> it is one of the kind for update  cards info
<TheEvilPhoenix> anyone here got any experience in creating a Git repository server?
<BrixSat> TheEvilPhoenix:  im doing that next :)
<TheEvilPhoenix> ah well from past experience its a PITA, but i've never succeeded in making it work
<TheEvilPhoenix> hence why i'd ask here :P
<TheEvilPhoenix> brb
<danley> Hello, is it possible to set up ubuntu in a way that it provides a VNC server that starts a x-session for every user that logs in? like... user1 connects to the server and sees the lxdm login screen, logs in and the session is resumable. user2 logs in and sees a lxdm login screen too, etc
<BrixSat> how do i solve this >>> /etc/sudoers: syntax error near line 28 <<< sudo: parse error in /etc/sudoers near line 28 sudo: no valid sudoers sources found, quitting
<BrixSat> rescue mode?
<BrixSat> not able to enter :/
<noob> hello
<noob> cN nyone help me
<noob> i have ubuntu serve with squid
<Demosthenes> and
<noob> my linux box can ping google on eth1 and can ping my network on eth0
<noob> but i cannot ping google from my network
<noob> eth0 is not connecting to the internet through eth1
<noob> am i missing something ?
<noob> do i just need to add a route or should a bridge be built
<noob> demosthenes ? enders game?
<ikonia> noob you need to use tools such as iptable to make it act as a router
<Demosthenes> squid != router or gateway
<Demosthenes> great book ;]
<Demosthenes> aaaand you need to WAIT in chatrooms to get answers.
<uvirtbot`> New bug: #830671 in bind9 (main) "dig crashed with SIGSEGV in start_thread()" [Undecided,New] https://launchpad.net/bugs/830671
<BrixSat> a script to boot at init.d does it have to have special atributes?
<BrixSat> http://pastebin.com/xWgnkbKq this is what i have
<BrixSat> if i type it manualy as root /etc/init.d/cccam start it runs nice but during boot no
<alduhoo> hello
<alduhoo> i have just install ubuntu server on an old laptop
<alduhoo> any ideas on how to disable suspend on lid close?
<Demosthenes> acpi-tools installed?
<alduhoo> no
<alduhoo> ill try those
<noob> hello all
<noob> can anyone help me
<noob> plaes
<Myrtti> it's difficult to know if we can help you when we don't know what is the problem
<noob> using ubuntu server with squid hoping to set up a proxy
<noob> between modem and roouter
<noob> CANNOT PING GOOGLE FROM LAPTOP(lan)
<noob> oops sorry for yelling
<noob> i used route add to create a route from eth0(lan) to eth1(wan)
<noob> now i can ping outward nic rom laptop but still no google ping
<qman__> you need to set ip_forward to 1, and you probably need masquerading NAT
<noob> ok
<noob> ?
<noob> where is ip_forward
<noob> i am noob
<noob> or rather what file do i set ip orward to 1 in
<Demosthenes> yes, you are. do some reading, squid is a web cache, you want a nat router
<qman__> temporarily set it with 'echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward'
<qman__> permanently set it in /etc/default/sysctl IIRC
<Demosthenes> setting it won't help if you don't read up on how to do nat routing. thats just one step
<Demosthenes> iptables, masquerading, etc.
<Demosthenes> spend some time googlign the keywords
<Demosthenes> and you'll make some heaway
<Demosthenes> and you'll make some headway
<Demosthenes> then if you get stuck, you can ask good questions ;]
<noob> ok
<RoyK> noob: if you're using private IPs on the network, you'll need to setup NATing
<RoyK> !rfc1918
<RoyK> stupid bot
<noob> NATing will do honestly i ust want to learn this whol server/linux thing so i dont feel so ignporant
<noob> and i want to learn how to type
<RoyK> private IPs are like 192.168.0.0/16, 10.0.0.0/8 or 172.16.0.0/12
<noob> yeah i know some stuff
<noob> not much but some
<noob> honestlly i dont know what kind of server i want
<noob> i want to stream video to my wii without losing my laptop
<RoyK> if you're looking for an easy gateway/firewall, check out pfsense
<RoyK> noob: dunno about wii, but I've setup ubuntu to stream to ps3
<noob> didyou have the problem of losing al other wifi when streaming to your ps3
<RoyK> no
<noob> yeah when streaming and using laptop laptopt goes down wouldn't a web cahing prowy help with that
<noob> like a buffering device
<RoyK> a proxy won't help streaming
<noob> *web cachin proxy
<noob> no
<noob> hmmm
<noob> well i still want to set it up so i will
<noob> thanks all
<RoyK> and if a streaming service jams your network, then you're either using a very slow network, or something is badly wrong indeed
<noob> i have a $40 belkin wireless router
<noob> it may be the router ;)
<RoyK> 802.11g?
<noob> thats the one
<TheEvilPhoenix> i'd assume so RoyK, that's the standard now adays
<TheEvilPhoenix> damn ninja'd :P
<RoyK> TheEvilPhoenix: 802.11n is the current :P
<Demosthenes> really, your net connection is likely slower than the wireless speed...
<TheEvilPhoenix> RoyK:  no, its the current cutting-edge, but G is still more popular (by standard i meant most widely used and baseline version you can get)
<RoyK> noob: check if the router can be flashed with openwrt - that'll make things a bit more interesting :)
<TheEvilPhoenix> Demosthenes is correct, your connection to the router is bound to be faster than the connection the router has to the internet
<RoyK> TheEvilPhoenix: erm - 802.11n has been standard for most access points for a year or so
<noob> oh wait it is n
<TheEvilPhoenix> *shrugs* whatever, out here there's mostly G nets
<noob> b,g,or n
<RoyK> 802.11g is stil standard for cheapass hardware
<noob> or all three at once
<RoyK> noob: if it's n, it'll support b and g as well
<TheEvilPhoenix> we can argue later, RoyK (or not at all)
<RoyK> but probably not 802.11a
<RoyK> which is just as well :P
<noob> so my problem is not the router
<noob> a server wont help
<noob> and thats that
<noob> damn
<TheEvilPhoenix> mhm, its likely your router's connection to the net that is slowing ya down
<RoyK> some routers or modems use very high buffers
<RoyK> meaning a streaming service may block other traffic
<noob> yeah the ones sold as stresming routers
<noob> *streaming
<RoyK> buffering that way is nonsense
<RoyK> you want your network to be quick and with little latency, so buffering is bad
<noob> that may be my problem
<RoyK> noob: check if openwrt can be installed on the thing
<noob> is it resolved by QoS
<RoyK> that'll probably boost things a bit
<RoyK> noob: no such thing unless you control all parts of the network
<RoyK> routers claiming QoS at an endpoint are mostly lying
<TheEvilPhoenix> mhm
<noob> see i know nothing about networking
<noob> i was just trying to follow a tutorial on howtoforge
<noob> thanx all or the knowledge
<noob> *for
<Psi-Jack> patdk-lap: You handy? Heh
<Psi-Jack> I'm trying stop my vweb1 server from taking over arp for proxyarp away from my two lvs directors, but somehow after a while if the lvs1 director being in control of the IP, it floats back to vweb1 where it shouldn't be anymore as the VIP's on lo
<alduhoo> hi
<alduhoo> what other servers do you recommend on an old laptop home server running ubuntu
<alduhoo> ?
<patdk-lap> psi-jack, you setup sysctl correctly?
<Psi-Jack> patdk-lap: I think so. I did it at least on the vweb1.
<patdk-lap> putting it on lo doesn't stop linux from arp'ing it, but the sysctl arp stuff tells it to not arp for things not bound directly to the correct interface
<Psi-Jack> net.ipv4.conf.lo.arp_ignore = 1
<Psi-Jack> net.ipv4.conf.lo.arp_announce = 2
<patdk-lap> yes, but not for lo, for your ethx interfaces
<Psi-Jack> Hmmm...
<patdk-lap> that tells lo not to arp for stuff on eth0, eth1, ...
<Psi-Jack> I did it for eth0, but that's down now, used to have the IP bound. eth1 is just a LAN IP
<patdk-lap> you want eth0 to not arp for stuff on lo, eth1, eth2, ...
<Psi-Jack> So I need to do it on eth0 and eth1 both?
<patdk-lap> depends on your setup
<patdk-lap> but normally yes, both
<patdk-lap> that way if the director is on both, the correct thing happens
<Psi-Jack> Okay, what was it I needed to do to the lvs director itself?
<patdk-lap> would also be confusing if both web1 and web2 both arp'ed on eth1
<patdk-lap> I do it on all interfaces
<patdk-lap> man, sweating like nuts
<Psi-Jack> Wasn't there some sysctrl stuff you suggested for the actual lvs director?
<patdk-lap> just got done ripping the whole interior of my car out, and putting it back together
<patdk-lap> yep
<Psi-Jack> What was that? I'll go ahead and document this in my wiki so I don't forget this time. ;)
<patdk-lap> really just turn forward on
<patdk-lap> net.ipv4.ip_forward=1
<patdk-lap> net.ipv6.conf.eth0.forwarding=1
<patdk-lap> net.ipv4.vs.expire_quiescent_template=1
<Psi-Jack> Ahh okay. I think.. ldirectord already does that?
<patdk-lap> dunno, doubt it
<Psi-Jack> Hmm, okay. Well, it's been working. When it's passing packets through it. ;)
<Psi-Jack> OKay. I'll see if that fixes what I've been doing, and stuff this all in my wiki so I have it documented for future reference. :)
<Psi-Jack> It was frustrating me I couldn't see the traffic path, so I brought back up my LVS directors. ;)
<patdk-lap> I got thrown into an lvs system, that no one knew how it worked
<patdk-lap> or even what was what
<patdk-lap> it was fun tracing mac addresses to figure it all out
<Psi-Jack> hehe
<noob> hi room
<Psi-Jack> Yeah, I'm actually going to be using a lot of this stuff in my new job.
<noob> i have a new ?
<Psi-Jack> So, Refreshing myself of it again. ;)
<noob> when setting up nat gateway do both nic's have to be ip addressed on the same network as the modem
<noob> ?
<patdk-lap> heh?
<noob> cable modem --- eth1 [ubuntuserver] eth0 ----router
<noob> i can ping all the way to my eth1 from my network but no further
<noob> i also added  route rom eth0 to eth1
<alamar> forwarding is enabled?
<noob> yes it is
<noob> ipv4
<noob> nm i just need to use good old ashioned trial and error to find my problem]
<i0n> is the 10.04 security repo down?
<rww> looks up here
<rww> though I'm looking with wget rather than apt, since I don't have lucid.
<i0n> 91.189.92.169
<i0n> ?
<rww> yes
<rww> wait no, 167
<rww> and dig security.ubuntu.com is giving me ...167 and ...166
<i0n> yeah
<i0n> its up
<i0n> uhm
<i0n> it has to be my firewall or host
<i0n> yep was firewall
<i0n> blocking outbound 80
<i0n> doh
<rww> hehe
<Psi-Jack> patdk-lap: Thanks, BTW. That did the trick perfectly.
<Psi-Jack> So far. ;)
#ubuntu-server 2012-08-13
<francisvgarcia> Hi everyone
<francisvgarcia> I am having issues with ubuntu server 12.04 and this network card: intel Corporation 82562V-2 10/100
<francisvgarcia> It completely freezes after one or two hours working, and I have to reboot the server for the network card to work again.
<uvirtbot> New bug: #1003231 in vm-builder (universe) "vmbuilder generates many "method not found" errors" [High,Expired] https://launchpad.net/bugs/1003231
<lfactor> Hey guys, i need some help with ufw, i'm wondering if i should turn of stateful support, and if so how.
<lfactor> The machine will have around 800k simultaneous connections, i'm assuming stateful will increase the memory requirements a lot, but not sure.
<lfactor> i've used /sbin/sysctl -w net.ipv4.netfilter.ip_conntrack_max=1048576 to set my conntrack higher, but still unclear what the positives of a stateful firewall is and if i should have it set on or off.
<zaggynl> Why do I get a frozen virtual box vm every other time when I restart my ubuntu guest
<uvirtbot> New bug: #1036093 in nova (main) "nova volume-attach with high device name keeps volume in state "attaching"" [Undecided,New] https://launchpad.net/bugs/1036093
<uvirtbot> New bug: #1030943 in python-swiftclient (universe) "[MIR] python-swiftclient" [Undecided,Fix released] https://launchpad.net/bugs/1030943
<JacKnife_> hello, i'm having trouble with squirrelmail on 12.04, when i compose a message and click send it never browses away from the compose screen, even though the message does get sent
<JacKnife_> tried on ie and chrome.  the system is all updated and there are no php errors in the apache logs
<JacKnife_> nada when i google "squirrelmail compose send" and similar
<JacKnife_> w00t, the dudes in #ubuntu got me a fix: http://comments.gmane.org/gmane.mail.squirrelmail.user/38887
<Lachezar> Hello all... Is it normal to have fs.nr_open = 1048576
<Lachezar> 'sudo lsof | wc -l' shows 2390 open files/descriptors. And I am getting 'Too Many Open Files' crashes (I've raised limits to 65536 files).
<zul> jdstrand: ping cinder should be good for main now
<jdstrand> zul: yeah, it is on my list after I read email
<zul> jdstrand: ok cool
<Daviey> zul: can you confirm a pep8 backport fixes this FTBFS, https://launchpad.net/~ubuntu-cloud-archive/+archive/folsom-staging/+packages ?
<zul> Daviey: sure just a sec
<Daviey> (hint, zul - don't confirm by uploading :)
<zul> Daviey: well duh :)
 * zul quickly hits control-c
<Daviey> heh
<uvirtbot> New bug: #1036206 in google-perftools (universe) "powerpc test suite execution fails" [Undecided,New] https://launchpad.net/bugs/1036206
<Daviey> zul: any news?
<zul> Daviey:  not yet still building
<jamespage> utlemming, walinuxagent now in precise-proposed BTW
<utlemming> jamepsage: awesome :)
<jamespage> utlemming, do you have a handy way of testing it? we can then nudge it through to -updates ASAP
<utlemming> jamespage: yeah, I can give that a test rather easily
<jamespage> utlemming, marvellous!
<zul> Daviey: confirmed
<Daviey> zul: confirmed it fixes it?
<zul> Daviey: confirmed it fixes it
<Daviey> zul: okay.. what version is it?
<zul> Daviey: 1.2 from quantal
<Daviey> zul: wait, i thought 1.2 was evil?
<Daviey> for folsom?
<zul> Daviey:  it is...not for f1 though
<Daviey> zul: wow, that much fail got introduced for >f1 ?
<zul> Daviey:  yeah
<jamespage> xnox, I need todo something with dumbo for you today don't I
<xnox> hmmm.... jamespage you could =)
<jamespage> xnox, branch?
<xnox> jamespage: i have packaging done, but debian/copyright
<xnox> it's not done yet.
<xnox> let me push it to lp.net
<jamespage> xnox, as its PPA not to worried about d/copyright
 * jamespage slaps himself
<Daviey> zul: well, there is a reasonable chance we might need to fall back to 1.1 for folsom
<jamespage> well for the time being at least
<Daviey> so doing the same for the cloud archive is reasonable
<zul> Daviey: ack
<Daviey> zul: can you upload a dsc and Friends somewhere?
<zul> Daviey: for pep8?
<Daviey> zul: yeah
<zul> Daviey: hold on
<xnox> jamespage: two branches: lp:~dmitrij.ledkov/+junk/typedbytes and lp:~dmitrij.ledkov/dumbo/packaging
<xnox> it's two small python packages.
<xnox> jamespage: feel free to repush to a more appropriate ~person
<xnox> and if/when it's in the ppa, I can adjust juju charms to optionally include those
<xnox> there is also pydumbo, but it's slower and I have no experience with it. And dumbo is sufficient so far.
<xnox> although pydumbo has dfs bindings....
<Daviey> zul: so.. first line of the changelog for novas, i set to -  nova (2012.2~f1-0ubuntu1~cloud0) precise-folsom; urgency=low .. .changes = "Distribution: precise" .. does that make sense?
<zul> Daviey: yeah iirc thats what we agreed to
<zul> Daviey: pep8 stuff is at: http://people.canonical.com/~chucks/tmp/
<zul> Daviey: because eventually you are going to have precise-grizzly, precise-h, precise-i, etc ,etc
<Daviey> zul: right
<jamespage> xnox, I've pushed them both to the dev PPA
<jamespage> xnox, all of the hadoop related charms support use of dev|test|stable PPA's for that team
<xnox> jamespage: cool, thanks =)
<jamespage> xnox, I really like the idea of not having to write stuff in Java
<xnox> jamespage: ideally i want to jujufy discoproject map-reduce
<xnox> which uses tags instead of folders for dfs
<xnox> and python instead of java for mapreduce
<xnox> but server part is written in erlang and relies on DNS available for the nodes
<xnox> but HPCloud doesn't support DNS at the moment
<xnox> so I'm stuck with both discoproject and HPCloud lacking feature: dns-less setups or dns setup respectfully =)
 * jamespage sighs
<Lachezar> Repeating after a few hours: Is it normal to have fs.nr_open = 1048576
<Lachezar> 'sudo lsof | wc -l' shows 2390 open files/descriptors. And I am getting 'Too Many Open Files' crashes (I've raised limits to 65536 files).
<jdstrand> zul: re cinder> commented in the bug
<utlemming> jamespage: it looks like walinuxagent hasn't landed in the archive yet...as soon as I see it, I'll test
<RoyK> hm... seems when I reboot this machine, some drives in my raid come up as "missing" during initial bootup, and I get kicked into busybox. just exiting busybox works, and after that, I can mdadm --stop && mdadm --assemble and mount it - any idea how I can "slow down" this detection or increase the timeouts to avoid this problem?
<jamespage> utlemming, should be - its in precise-proposed - https://launchpad.net/ubuntu/+source/walinuxagent/1.0~git20120606.c16f5e9-0ubuntu2~12.04.1
<jamespage> if its not there after 4 days we have a problem
<xnox> RoyK: if you are using precise, please upgrade to mdadm from -precise, as I commented on your bug report?
<xnox> from -proposed that is.
<xnox> it has an extra timeout to wait for udev to finish processing events, before dropping into busybox, which helps most people.
<utlemming> jamespage: duh, my apt sources.list was wrong
<jamespage> lol
<RoyK> xnox: how can I upgrade to that from -proposed?
<zul> jdstrand: damn it...*grumble* *grumble*
<RoyK> xnox: this is precise, btw
<uvirtbot> New bug: #1036240 in cinder (universe) "cinder-common fails to install" [High,New] https://launchpad.net/bugs/1036240
<xnox> !proposed
<xnox> RoyK: https://wiki.ubuntu.com/Testing/EnableProposed
<RoyK> xnox: thanks
<RoyK> xnox: \o/
<hallyn> zul: did a qa-regression-test run just fora sanity's sake, all still looks good.  just lettin' you know cause i'm sure you're unable to sleep at nights worrying about it
<zul> hallyn: libvirt?
<hallyn> zul: yeah
<zul> hallyn: coolness
<hallyn> zul: do you know of anything we still need to do to libvirt during q?
<zul> hallyn: nope just make sure it doesnt break
<zul> hallyn: although i hope we can get the new libvirt-lxc stuff in for q
<hallyn> which new stuff?
<zul> hallyn: like the lxc reboot
<hallyn> do you know where that went in? is it in 0.9.14?
<zul> i think it is in trunk
<hallyn> cause i assume that went in after those 500 'let's rename stuff for fun 'patches, so forget about backporting
<utlemming> jamespage: confirmed
<jamespage> utlemming, great - nice one
<zul> hallyn: yeah thats why i want trunk :)
<utlemming> jamespage: I fired up a couple of instances to be sure.
<hallyn> by trunk you mean git head?
<hallyn> (not trying to be pedantic, justnot sure what you mean)
<zul> hallyn: ack
<hallyn> k
<souliaq> Hi, I have a little "legal" licensing problem in my company, so the lawyer are asking my for license of Ubuntu-Server, apache and subversion. What he need? GPLv3 and Apache License "texts" and tha'ts all?
<xnox> Anyone has a spare intel matrix raid controller?
<xnox> souliaq: tarball of /usr/share/common-licenses/ as well as /usr/share/doc/*/copyright
<RoyK> xnox: is that real raid or fakeraid?
<RoyK> looks like fakeraid to me
<RoyK> better use software raid :)
<xnox> RoyK: it's not real-real, but it's usually managed with dmraid but recent mdadm can store external metadata using intel matrix format
<xnox> and i want to test that, cause I am about to update mdadm in precise
<RoyK> ok
<RoyK> xnox: will I have to update mdadm manually when you're done with the precise update, currently using the one in proposed?
<xnox> RoyK: no you wont. The one in -proposed will be promoted into -updates pocket, such that everyone will get it and it will be included in the 12.04.1
<RoyK> thanks
<xnox> RoyK: your welcome =)
 * RoyK wonders slightly if bcache will make it into upstream kernel ;)
<smoser> hm.. i have this utility http://smoser.brickies.net/git/?p=tildabin.git;a=blob;f=make-seed-disk;hb=HEAD
<smoser> that i'd like to have packaged. cloud-utils seems reasonablel place for it
<smoser> but it would add a depends on genisoimage (and probably a 'Suggests:' for mtools)
<smoser> i was going to name it "cloud-localds" (local datasource)
<smoser> anyone hav ea better idea than its own binary package of cloud-utils ?
<smoser> utlemming, you want to do that^ ?
<smoser> i cannot do it today for sure.
<utlemming> smoser: yeah...I think I can give it a shot...are we thinking of a subpackage of "cloud-utils-localds" to the cloud-utils package?
<utlemming> or just adding it in
<smoser> https://bugs.launchpad.net/cloud-utils/+bug/1036312
<uvirtbot> Launchpad bug 1036312 in cloud-utils "please add cloud-localds from make-seed-disk" [Undecided,New]
<smoser> utlemming, ^ i think a subpackage is best
<utlemming> smoser: ack, we're on the same page
<smw_> rk
<zul> jdstrand: so how you would you handle that cinder.conf bug?
<jdstrand> zul: well, I don't know the issue intimately-- seems we should be shipping our own cinder.conf or patching the one in source before moving it into place.
<zul> jdstrand: i was thinking something like ucf
<jdstrand> well, it does say this:
<jdstrand> The root_helper option (which lets you specify a root wrapper different from cinder-rootwrap, and defaults to using sudo) is now deprecated. You should use the rootwrap_config option instead.
<jdstrand> zul: did you you root_helper instead of rootwrap_config?
<jdstrand> s/you you/you use/
<zul> jdstrand: its in the cinder.conf for the new version of cinder
<jdstrand> zul: you misunderstood
<jdstrand> zul: your installed cinder.conf uses:
<jdstrand> [DEFAULT]
<jdstrand> root_helper = sudo /usr/sbin/cinder-rootwrap
<zul> right
<jdstrand> the error says that root_helper is deprecated. use rootwrap_config instead
<zul> jdstrand: ahhhhhh....duh :)
<jdstrand> so: s/root_helper/rootwrap_config/ in cinder.conf (doing whatever else you need use rootwrap_config)
<jdstrand> heh, right :)
<zul> jdstrand: okies fixed
<jdstrand> cool
<antihero> is there a way to have upstart run stuff as other users yet?
<hdave> is Ubuntu JeOS and vmbuilder still actively developed?  I ask because the vm-builder launchpad site has a 20 month old download link and there also doesn't seem to be a JeOS 12.04 image anywhere... Just curious
<RoyK> jeos isn't a separate iso any longer
<ssvss> Hi, I have a hardware related query. can anyone suggest a server hardware under USD $500 to run ubuntu server in home.
<ssvss> I am looking for something that is portable too like the box shape of mac mini.
<Psi-Jack> ssvss: ##hardware would be your channel.
<ssvss> Thanks, I will ask in the ##hardware channel
<hdave> RoyK: thanks
<cheez0r> ssvss: raspberry pi.
<RoyK> ssvss: a bit hard to use sata devices on a pi
<wrapids> How much ram should lamp be using without any traffic?
<RoyK> wrapids: lamp is apache, mysql, php, and may be using variable amounts of memory
<wrapids> RoyK: Yes.
<RoyK> wrapids: for a small database, mysql won't be using much. php may be using a lot, depending on the code
<wrapids> RoyK: That's assuming I have traffic
<wrapids> which I dont.
<RoyK> apache isn't that heavy on memory
<RoyK> say, 50 megs will go a long way without too much work
<wrapids> php shouldn't be using much of anything as nothing is being exectued. There are no queries going on in the db either
<wrapids> Would the database size affect the mysql services usage if it's not getting any queries?
<RoyK> once php starts running things, and mysql starts buffering things, say, 512MB should normally do well
<RoyK> but then, you can't say unless you know the database size and the php code
<wrapids> RoyK: Wouldn't running/buffering require traffic?
<ssvss> Yes Rasberry Pi is not what I am looking for, I was thinking something close to the size fo mac mini in which I can have 2 sata disks
<RoyK> nothing is buffered unless it is accessed
<wrapids> I'm trying to figure out why I'm using nearly 512mb with 0 traffic, nothing being executed, no queries.
<RoyK> ssvss: you can get some mini itx boards quite cheap with SATA
<wrapids> hrm, after a reboot it's doing better
<RoyK> ssvss: or pico itx or pc/104 or ...
<wrapids> 188mb with no traffic?
<RoyK> wrapids: is that RSS or DRS?
<wrapids> RoyK: I'm not sure how to determine
<RoyK> ps axfv
<RoyK> top also tells that
<raubvogel> RoyK: there is always cubox
<wrapids> I've been using top
<RoyK> top shows VIRT and RES and SHR
<wrapids> mysql is using about 50mb idling, apache using about 25mb idling
<RoyK> what you want to look for is RES
<wrapids> Sorry, about 40 for apache
<RoyK> should be fine
<wrapids> It was running in the several hundreds before I rebooted
<wrapids> free -m was giving me 11 free with only apache/mysql using above .5%
<RoyK> resident or virtual?
<wrapids> res
<RoyK> free usually shows very low "free" memory
<RoyK> most of the memory is spent on caching
<wrapids> It was fairly accurate compared to the top results
<RoyK> Mem:       8178284    8056176     122108          0     469068    6906568
<wrapids> apache had 6-10 processes using about 5-10% each
<RoyK> that's close to zero free
<RoyK> which is fine
<wrapids> according to top
<RoyK> because you want linux to spend its memory on caching
<RoyK> wrapids: seriously - if you don't have a performance issue, don't care about how much memory is spent
<wrapids> RoyK: I do have a performance issue when it starts doing that
<RoyK> does it start swapping?
<wrapids> I have no idea
<RoyK> how much memory do you have?
<wrapids> 512
<wrapids> It's just a dev server
<RoyK> not a whole lot
<wrapids> the problem is that it starts eating ram like that with nothing going on, I get very delayed response from the ssh interface
<RoyK> no idea why
<wrapids> hrm
<RoyK> check the logs
<RoyK> and check swap use
<RoyK> wrapids: apache uses prefork with php, so each of te processes weren't using 5-10% each, they were probably sharing most of that
<wrapids> ah
<jkyle> I have some interfaces configured for bonding. I have to bring up each of the slave interfaces before bringing up the bond0 interface or it times out waiting for slaves to be available
<jkyle> https://gist.github.com/3343969
<jkyle> e.g. Waiting for a slave to join bond0 (will timeout after 60s)
<jkyle> if I do, ifup eth2; ifup eth3;ifup bond0; it works
<arrrghhh> hey all.  can anyone help me shrink an LVM partition?
<arrrghhh> i booted a livecd and tried to shrink it thru gparted, but i guess gparted doesn't support LVM
<arrrghhh> so then i figured i had to remove it from LVM to get gparted to see it... that hasn't worked out so far.
<arrrghhh> i removed and added back a logical volume... and i have a feeling it's FUBAR now.  i can't seem to get the system to boot.
<arrrghhh> is there a way to recover it, or should i just reinstall?
<xnox> arrrghhh: what do you actually want to resize and what is it stacked on top of?
<xnox> the whole chain
<arrrghhh> so there's a set physical SAS disks
<arrrghhh> then i have physical volumes setup, and logical volumes underneath it
<arrrghhh> i'd like to shrink one logical AND physical volume
<arrrghhh> then shrink the actual amount provided to the OS
<arrrghhh> this is in an ESXi environment, and i'd like to reclaim a bit i've allocated
<arrrghhh> i fear i've already done too much.  i removed the LV, and readded a smaller one - now the OS won't boot, and I'm not sure if it can be recovered.
<arrrghhh> makes me wish i had snapshotted it before doing all this... oy
<xnox> arrrghhh: you are doing it wrong way around
<arrrghhh> OK
<xnox> first you shrink the OS filesystem.
<xnox> then you shrink logical volume
<xnox> then you shrink physical volume
<xnox> then you can shrink the partition
<arrrghhh> my issue was #1 - i couldn't shrink the OS filesystem when it's mounted
<arrrghhh> so i went to a liveCD, and that didn't support LVM
<xnox> ok.
<arrrghhh> (gparted doesn't support LVM rather)
<xnox> in livecd you install lvm2 package
<arrrghhh> ok, done :)
<xnox> then you scan lvm groups
<arrrghhh> yes
<xnox> then you mount the logical volume you want to shrink
<arrrghhh> ok let me try
<xnox> then you start shrinking that filesystem
<xnox> then lvresize the logical volume
<xnox> or lvreduce
<xnox> and etc. downwords
<xnox> good night
<arrrghhh> thanks
<arrrghhh> hrm.  xnox are you leaving?
<arrrghhh> i'll take that as a yes.  can anyone else lend a hand with LVM?
<arrrghhh> i am trying to learn about it the hard way, as usual.
<arrrghhh> i have a LV name of /dev/ubuntu/root in lvs, but i can't seem to mount it...
<arrrghhh> anyone?  is the data still on the physical volume perhaps?  can i just remove LVM and use all the data on the disk?
<arrrghhh> perhaps someone can help me with that?
<arrrghhh> remove LVM, preserve data
<arrrghhh> perhaps restore LVM down the road once i get more comfy with it ;)
<SpamapS> smoser: hey, have we ever considered putting the cloud images into the archive as packages?
<SpamapS> utlemming: ^^
<smoser> SpamapS, no.
<smoser> ther ewas a thread once on debian-devel (or maybe ubuntu-devel)
<smoser> about "appliance" packages
<SpamapS> We're trying to solve the "how to have everything cached for LXC on install" problem
<smoser> i forget how started it
<smoser> its just hucky
<SpamapS> well the thinking is that users are used to downloading things with the package manager
<smoser> well, we certainly want ot make downloding of those simple and "cached"
<smoser> there is a plan for that.
<m_3> oh do tell
<SpamapS> and things like update-manager is pretty good at downloading in the background and stuff...
<m_3> smoser utlemming: so we've been throwing around a couple of ideas...
<m_3> doing nothing will result in the juju local provider being confusing to use (due to the initial "stealth" download of the lxc image on the first deploy)
<m_3> one idea was to bust the juju package up into 'juju' and 'juju-local-provider'... the latter downloads the lxc image during postinst
<m_3> with a couple of variations on that theme
<m_3> smoser utlemming: these all suck...  I want an easy (or at least idiomatic to packaging) way to download images
<smoser> m_3, i'm sorry. i really ahve to run right now.
<m_3> smoser: no prob... lemme know if you think of anything pls
<utlemming> m_3: when you say "package" are you looking for a pacakge that does the download?
<m_3> utlemming: sure.. or even a package that _is_ the download 'juju-local-provider-data' would work
<SpamapS> I'd prefer the package to *contain the images*
<SpamapS> my reasoning being that postinsts doing downloads is counter-intuitive when we have *package managers* to do downloads.
<utlemming> SpamapS: yikes....that would mean SRU'ing each and every new spin of the images.
<m_3> good with the least sucky variation at this point :)
<SpamapS> utlemming: MRE would be pretty easy to get given the contents are just the same packages already SRU'd ;)
<utlemming> SpamapS: right now we spin up new images as needed, and next cycle we are heavily considering a 3-week new release cadiance
<m_3> it might be able to live in a ppa
<utlemming> SpamapS: what does a packaging of the image offer over a post-install that downloads and verifies?
<SpamapS> utlemming: uniformity and discoverability
<SpamapS> utlemming: its useful as a Suggests: in many cases (glance.. virt-manager)
<SpamapS> utlemming: the download behind the scenes is very mysterious. Downloading a new version of the cloud images as a package is obvious.
<utlemming> SpamapS: I not opposed to this, I'm just unsure about how to make this atomic.
<SpamapS> utlemming: after you publish the cloud image, you run a package build including get-orig-source which downloads, dch's, and uploads the updated -data package.
<utlemming> Spamaps: So if you update the package to a new spin of the images, then all of the sudden you have people that were wanting YYYYMMDD are now getting a different YYYYMMDD
<utlemming> right, I understand that bit
<utlemming> its want users are going to expect, and what they get
<SpamapS> utlemming: its really more like the kernel than regular packages. I could see ubuntu-cloud-images-current depending on the latest cloud image.. but each one would get its own package (ubuntu-cloud-images-20120813)
<utlemming> it would be worse than that....it would have to be ubuntu-cloud-images-<release>-<build serial>
<utlemming> since not all images are build on the same day and the build serial is almost never the same between releases.
 * m_3 nods
<SpamapS> utlemming: I don't see that as "worse"
<SpamapS> utlemming: just different, so each release would have its own meta
<utlemming> well, its worse because this a manual process
<SpamapS> ubuntu-cloud-image-precise would -> ubuntu-cloud-image-precise-YYYYMMDD
<SpamapS> manual would be out of the question
<utlemming> we are looking at automating all aspects of the builds next cycle
<SpamapS> It should be an idempotent thing that gets run after images are published
<utlemming> I'm showimg my packaging ignorance here, but is there a way to automate this?
<SpamapS> utlemming: totally!
<utlemming> docs?
 * SpamapS points to the packaging guide
<SpamapS> utlemming: all packaging is automatable.
<SpamapS> you're just used to doing it the most manual way
<SpamapS> because tht is less error prone
<SpamapS> but if all you are doing is bumping upstream version.. very simple
<utlemming> right, that bit makes sense. Do we give upload rights to bots?
<SpamapS> debian/rules get-orig-source && dch -v 12.04.1-20120813 'New Upstream Release' && dpkg-buildpackage
<SpamapS> something like that
<SpamapS> utlemming: who signs your cloud images?
<utlemming> that is an automated process
<SpamapS> that key is pretty much entrusted with all cloud users' safety.. :)
<utlemming> this is true
<SpamapS> so yes, that would be trustable
<utlemming> okay, so I am not opposed to this plan
<utlemming> lets ping Mr. Rosales and talk about this next team meeting
<SpamapS> utlemming: aye
<Daviey> utlemming: uscan & uupdate also make new upstream versions pretty easy
<Vamps-AFK> has anyone setup a PXE Install server with FOG? i'm got a question for those who have
<zastern> What does it take for Ubuntu to automatically "discover" it's correct fqdn?
<zastern> rather than setting it in /etc/hosts
<arrrghhh> zastern, dnsmasq?
<zastern> arrrghhh: so I have to use some sort of private dns server?
<arrrghhh> zastern, just trying to think of how to solve that issue
<arrrghhh> you'd need some sort of a DNS server in order for the FQDN to be automatically propagated
<three18ti> what's the default username for cobbler on an Ubuntu install?  The communitydocs say the install prompts for the password, but it does not.
<three18ti> I found a way to "define" the password, http://openskill.info/topic.php?ID=201
<arrrghhh> three18ti, cobbler/cobbler?
<three18ti> no love.  that's what all the docs for fedora say though...
<three18ti> `htdigest /etc/cobbler/users.digest "Cobbler" cobbler`
<arrrghhh> hrm
<three18ti> allowed me to "reset" the password though.
<three18ti> maybe there's a way to update the docs?
<three18ti> (actually, it's all coming back to me, this is not the first time I've chased myself in circles following the Ubuntu cobbler docs)
<arrrghhh> lol
<three18ti> ;)
<arrrghhh> never heard of cobbler before, just googled hoping i could help ;)
<three18ti> from what I've read cobbler is pretty cool.  I've looked at a number of bare-metal provisioning systems and so far it looks the best.
<arrrghhh> fancy
<arrrghhh> just looked it up myself
<three18ti> FAI, cobbler, linmin, OpenQRM (though openqrm is a whole 'nuther ball game)
<arrrghhh> so based on the install guide, you set the password on install
<arrrghhh> https://help.ubuntu.com/community/Cobbler/Installation
<three18ti> yea, that's what I'm saying, the install guide is wrong.
<arrrghhh> okie :)
<arrrghhh> ah, i missed that line.  haha.
<three18ti> lol. :)
<arrrghhh> so can anyone help me save my LVM setup?
<arrrghhh> *crickets*
<zastern> arrrghhh: yes but I am using a public DNS already
<zastern> with nsrecords etc
<zastern> i wonder if theres a way to do it with public dns
<arrrghhh> zastern, not that i know of, how would that work?
<zastern> arrrghhh: no idea :)
<arrrghhh> everyone populating their local DNS friendly names to the wide internet?
<zastern> no
<zastern> im setting it manually of course
<zastern> i was just hoping there was a way for ubuntu to pull thast in
<zastern> that in* from the dns server where i set it
<arrrghhh> hrm
<arrrghhh> crap.  looks like i should just start over.
<arrrghhh> can anyone help me start over?  lol.  i just want to make sure my other untouched and fine LVM is restored
<arrrghhh> http://tldp.org/HOWTO/LVM-HOWTO/recipemovevgtonewsys.html
<arrrghhh> looks like that covers it.
<grendal> ok i just need to be able to send an email from this server...
<grendal> i have an account on an email server and an smtp server address to us
<grendal> i would like to set up a smarthost...
<grendal> i got to tell you the step by step configureation verbage in dpkg-reconfigure exim4  makes no sence
#ubuntu-server 2012-08-14
<phillw> hi, anyone here for 12.10?
<phillw> dns-nameservers is no longer an inbuilt command
<disown> I have to say I don't like the new design of ubuntu that you have to search for a terminal and your applications like a calculator or gedit ,...what was there target audience for this one for... And linus thinks linux will never over take microsoft or get as big as microsoft ... well not by this crappy design ... I will definitely uses a different desktop manager or at least I will have to look more deeply into if you can config
<disown> ure gnome or the stupid sidebars away... Temp fix just add the newer repo's to the source.lst because the os's is fine the way it was... Another way I could do it is just make my own or uses a different distro other then ubuntu at this point each is pretty easy. Though the more important thing ubuntu let me down :(
<disown> after all the time I prefered it over the rest :(
<disown> I guess I will go back to knoppix or fedora or suse,...etc which is ok but I always had a crush on 10.4 lucid :(
<disown> even the scroll bar by default is tiny looks ugly well I suppose I can keep using the newest kernel with the older gnome or kde windows managers / desktop managers. In theory I don't see a problem with that... its essentially runing an old userland program on a new kernel
<lunaphyte> hi.  i have a computer with two network interfaces.  i'm using one for the os on the computer itself, with a traditional static ip address, and the other for kvm guests, so it doesn't have an ip address, as far as the host os is concerned.  i'd like to bring up this interface, such that it's "up", but with no ip address, but i'm not quite sure what the appropriate method is to do this.
<yeats> lunaphyte: you'd probably do well to read this: https://help.ubuntu.com/community/KVM/Networking/
<lunaphyte> thanks, i have, actually.  i'm using macvtap though, not traditional bridging - so i just need to interface "up" - but without an address.
<lunaphyte> ifconfig eth1 0.0.0.0 seems to do this, but i don't know if that's really the best way of going about that.
<yeats> I've only done KVM with bridged networking, so I'm not familiar with what you're attempting to do
<lunaphyte> well, tbh, it's not really got much to do with kvm.
<mattcen> Hi all. I've downloaded a new LSI MegaRAID driver (http://www.lsi.com/downloads/Public/MegaRAID%20Common%20Files/Ubuntu_10.04_LTS_05.30.zip) and as far as I can tell, have installed it via DKMS, but can't get it to load as a priority over the Ubuntu-supplied (out-dated) module.  Anybody know how I can diagnose this?
<lunaphyte> really just a question about bringing up an interface without an address, regardless of what it might ultimately be use for.
<lunaphyte> *used for
<yeats> lunaphyte: as far as I know, any interface has to have an IP
<mattcen> lunaphyte: If you give me some more context, I may be able to help.
<mattcen> yeats: incorrect. Set "iface eth0 inet manual" in your /etc/network/interfaces, and you can ifup without adding *any* IP/subnet info.
<mattcen> (Or you can bring it up manually without ifupdown using 'ip link set dev eth0 up')
<disown> O so they switch over to the crappy stuff in versions 11 and 12 so oneiric had this that I am using now around when the kernels went from the 2.6's into the 3 darn .
<yeats> mattcen: thanks for the info
<disown> And another thing is the lsb-release command doesn't even work well you shouldn't even needed it since cat /etc/lsb-release does fine by itself
<disown> They should really just incorporate this information with a switch in uname or something but ok
<lunaphyte> here's sort of an illustration: http://dpaste.com/785921/
<lunaphyte> you can see that by doing ifconfig eth1 0.0.0.0 it brings the interface up, but without an ip address.
<ScottK> SpamapS: I'd appreciate it if you could take a look at http://tanghus.net/2012/03/yet-another-mysql-vs-apparmor-barf/#comment-299 and see if there's an issue there.
<lunaphyte> that's what i want, but i'm not certain if ifconfig [...] 0.0.0.0 is really the right way to do it, and i'm not certain how to have the system do it automatically at boot.
<mattcen> yeats: np. A bit more info: http://www.cyber.com.au/~mattcen/Preferences/doc/networking/interfaces See the br0 interface. That stanza will work fine for a standard eth* iface if you remove the bridge_ lines.
<mattcen> lunaphyte: See that link I just posted.  Use the 'manual' stanza, with (probably) no other options
 * mattcen has become distracted from his original question. Any input on that would be greatly appreciated.
<lunaphyte> that's what i have now: http://dpaste.com/785923/
<lunaphyte> but the system doesn't bring up eth1
<mattcen> O rly? Interesting.
 * mattcen tests.
<mattcen> lunaphyte: What Ubuntu release are you running?
<lunaphyte> 12.04
<mattcen> lunaphyte: Ah!
<mattcen> I know what you need
<mattcen>   up   ip link    set   dev $IFACE up
<mattcen>   down ip link    set   dev $IFACE down
<mattcen> (See my link)
<lunaphyte> ah, i see.  i'll give that a shot, thanks.
<mattcen> np.
<lunaphyte> is $IFACE an actual variable i can use, or is that just for illustrative purposes in your example?
<lunaphyte> i guess i can answer that question myself. :)
<mattcen> lunaphyte: Ah sorry. No, $IFACE is treated specially by interfaces(5)
<mattcen> It is replaced by the name of the interface inside which the stanza is found (e.g. eth0)
<mattcen> lunaphyte: That entire file that I posted is perfectly valid in every way (though parts of it have dependencies on things like my wpa_supplicant.conf and wvdial.conf)
<mattcen> Nobody have ideas about my DKMS issue?
<KM0201> !scp
<ubottu> scp is a secure way of copying files across networks using !SSH. Usage: scp filename user@host:filename - WinSCP is a client for Windows, available at http://winscp.net/
<uvirtbot> New bug: #1012843 in glance (main) "package glance-registry 2012.1-0ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Medium,Expired] https://launchpad.net/bugs/1012843
<SpamapS> ScottK: ACK. There was a dh_apparmor bug and I'm not 100% sure its been fixed.
<SpamapS> ScottK: that was probably bug 986892 btw
<uvirtbot> Launchpad bug 986892 in debhelper "mysql-server postrm breaks apparmor profile for later versions on purge" [High,In progress] https://launchpad.net/bugs/986892
<michelelv> ciao
<michelelv> !list
<ubottu> michelelv: No warez here! This is not a file sharing channel (or network); read the channel topic. If you're looking for information about me, type Â« /msg ubottu !bot Â». If you're looking for a channel, see Â« /msg ubottu !alis Â».
<uvirtbot> New bug: #1036571 in horizon "ImportError: No module named openstack_auth" [Undecided,New] https://launchpad.net/bugs/1036571
<uvirtbot> New bug: #1036585 in horizon (main) "Horizon fails to provide Juju credentials with "Internal Server Error"  upon clicking the dowload link." [Undecided,New] https://launchpad.net/bugs/1036585
<jamespage> zul: around? just looking at the FTBFS for requests - not sure there is much point running the test suite
<koolhead11> jamespage: can i get some help with his https://bugs.launchpad.net/juju/+bug/897645
<uvirtbot> Launchpad bug 897645 in juju "juju should support an apt proxy or alternate mirror for private clouds" [High,Confirmed]
<jibel> todays quantal server with LVM fails to reboot after installation
<jibel> bug 1036612
<uvirtbot> Launchpad bug 1036612 in linux "Quantal Server failed to install with LVM: VFS: Cannot open root device "mapper/ubuntu-root" or unknown-block(0,0): error -6" [Undecided,New] https://launchpad.net/bugs/1036612
<xnox> jibel: interesting. there was another ~ report in #ubuntu-arm reported ogra_
<jamespage> koolhead11, what help are you looking for?
<jamespage> jibel, nice
<jamespage> xnox, any ideas?
<jibel> I haven't found any recent upload to Quantal that could cause this excepted the kernel itself
<jibel> linux 3.5.0-10.10 was uploaded last night
<xnox> same thoughts. I didn't touch lvm, nor those parts of installer, and I don't think cjwatson touched anything user space either.
<xnox> jibel: poke kernel people? =)
<jibel> xnox, yep, I'm comparing with alternate, which doesn't fail and runs the same test.
<xnox> jibel: it would be nice to have a diff of packages version numbers between last-good and failure runs.
<xnox> that kind of narrows down the search ;-)
<jamespage> xnox, I think you can pull that from the ISO images - pitti had something that did that from memory
<jamespage> jibel, does the alternate image use the squashfs/or whatever based approach that server does now?
<Daviey> jamespage: no
<Daviey> (afaik)
<jibel> jamespage, no
<jibel> I'm diffing the manifests
<jamespage> jibel, might be something in the image
<jibel> hm, it boots with a 3.5.0-9 but the initrd generated during install is for 3.5.0-10
<jamespage> jibel, is it some sort of sync issue between the squashfs image and the initrd?
<jamespage> zul: disabled the tests - 10/11 of them require network connectivity so break in the buildds
<jibel> jamespage, it could be, but I don't know enough to be sure.
<Malcor|Work> Hello
<Malcor|Work> Could I have some help please?
<koolhead11> jamespage: is there a way out to define http_proxy during bootstrap
<jamespage> koolhead11, other that what mgz outlined in #juju no
<koolhead11> jamespage: yes catching up on hos suggestion. let me see
<jamespage> Malcor|Work, just ask your question...
<uvirtbot> New bug: #1036622 in nis (universe) "Slow NIS performance with programs such as 'finger'" [Undecided,New] https://launchpad.net/bugs/1036622
<Malcor|Work> I am trying to set up a raid on the old server at work, the previous version was ubuntu 9 I think. I am trying to delete the MD Devices and restart the RAID configuration but I am not sure how to unmount the RAID devices. I am in the Ubuntu server installer at the moment. 10.04 btw
<xnox> Malcor|Work: go into manual partitionair, entel setup raid devices, it will have an option to remove them.
<Malcor|Work> xnox, I have tried that but I get "There was an error deleting the software RAID device. It may be in use."
<xnox> are there any raid devices listed in the manual partitionaire?
<xnox> enter each one and mark to not use
<Malcor|Work> The device itself I cannot enter but nested ti them I can geter the harddrives and they are set to do not use. Do I have to do that to the devices in the SCSI?
<Malcor|Work> there are two raid devices in the manual partitionaire. All of them are FREE SPACE
<zul> jamespage: agreed
<Malcor|Work> I have taken a picture, just uploading.
<Malcor|Work> https://dl.dropbox.com/u/4777114/IMG_20120814_131750.jpg
<Malcor|Work> oops, sorry still uplkoading ;-(
<Malcor|Work> There link works now
<Malcor|Work> Done it
<Malcor|Work> I just undo changes and it worked. Thanks anyways
<hallyn> jjohansen: hey, did you ever get a chance to look into the apparmor+no_new_privs bug?
<xnox> Malcor|Work: you could boot into e.g. livecd and zero-out superblocks with $ mdadm --zero-superblock
<xnox> on them
<xnox> danger, you will loose all data
<Malcor|Work> I have sorted for now xnox but I will remember that for a few months time when I break another raid controler lol
<xnox> Malcor|Work: ok cool.
<Malcor|Work> Thank you
<uvirtbot> New bug: #1036647 in linux (main) "mount.cifs fails on mount DFS linked share" [Undecided,Incomplete] https://launchpad.net/bugs/1036647
<ScottK> SpamapS: Thanks for looking into it.
<Daviey> hallyn: hey, do you have thoughts on bug 985489?
<uvirtbot> Launchpad bug 985489 in nova "nova-compute stops processing compute.$HOSTNAME occasionally" [High,Confirmed] https://launchpad.net/bugs/985489
<hallyn> Daviey: no - i've seen no bugs report about virsh list hanging (without all of libvirtd being hung), so maybe it's a python binding bug in libvirt, or a usage bug in nova...
<Daviey> hallyn: Have any ideas on how we can progress it?
<hallyn> code review of the relevant nova code; set up a test grid with debugging enabled (both in /etc/libvirt/libvirtd.conf and installing libvirt and nova debug symbols), and separately (on a single host) trying to pound libvirt with virsh list's looking for a hang
<hallyn> Daviey: i think we need an idea of the size and traffic required to reproduce this, but let me look through the libvirt git changelog for relevant commits
<Daviey> hallyn: appreciated !
<stgraber> hallyn: are you planning on getting the include change into quantal's lxc this week?
<stgraber> hallyn: I think it's the last bit we want before rebasing the API branch on quantal and getting that uploaded before feature freeze
<krneki> is there posiblle to boot from raid5? or you have to do raid1 boot partition
<patdk-wk> you can boot raid5
<krneki> patdk-wk: so i set up raid 5 with lvm root swap and home. this is fresh installation. so you are saying that this should work? or is there bug like in the older grub version that it couldnt recognize raid5?
<_ruben> /boot ideally should be not on top of lvm
<_ruben> / can be tho
<xnox> krneki: you should have a separate boot partition.
<krneki> by separate you mean put on raid 1 /boot? :)
<patdk-wk> there is no *bug* about older grub not *supporting* raid5
<patdk-wk> that would be a feature :)
<RoyK> patdk-wk: iirc the latest grub2 supports it, but I don't think it's trivial to setup
<patdk-wk> ya, never really tried to set it up
<patdk-wk> just seems like, begging for trouble, to me
<hallyn> stgraber: oh did i not do that yet?  i thought i had
<RoyK> krneki: for my home server, I've just put the root on a separate disk. for something with higher demands for uptime, I'd use a mirror for the root, boot, swap etc
<hallyn> stgraber: sure, i can push both that and the lxc-start-ephemeral rootfs workaround
<hallyn> the include file patch is so minimal after all :)
<krneki> yeah but i m using raid 5 for i while.. and i was happy to see that now it supportes raid5. now when i read some more i m not happy anymore :P
<stgraber> hallyn: I don't remember seeing an upload, but I might just have missed it. I'm not using quantal ;)
<krneki> i will just do raid 1 for system and then storage raid 5
<RoyK> krneki: what has stopped supporting raid5?
<RoyK> krneki: afaik grub never did support it, at least not until recently
<krneki> RoyK: before i was installing boot on raid 1 and system on raid 5
<RoyK> krneki: that's still supported
<RoyK> krneki: just can't boot off raid-5, that's all
 * RoyK still prefers a dedicated system drive or mirror and separate data area on raid-[56]
<hallyn> stgraber: no, i guess it's not in there.  oops.
<hallyn> i'd like to get a userns kernel built today though, so i'll do lxc package tomorrow, unless there's urgency?  when is FF?
<stgraber> hallyn: FF is on Thursday next week, so as long as we get the include change in quantal this week, I should have enough time to do the rebase and some testing
<hallyn> stgraber: oh, sorry, right you need to rebase
<hallyn> stgraber: i'll get it pushed today.  ttyl
<hallyn> stgraber: http://people.canonical.com/~serge/lxc-include.debdiff tests fine for me.  i'll push in a bit.
<hallyn> bleh, suppose lxc.conf(5) should get an update
<stgraber> hallyn: diff looks good. I guess we'll wnat to SRU the ephemeral part of it (with whatever else is currently pending SRU, I seem to remember us having a few of these)
<hallyn> yeah probably should
<jamespage> utlemming, please can you add an appropriate comment to bug 1014864
<uvirtbot> Launchpad bug 1014864 in walinuxagent "[MIR] New package - walinuxagent" [High,Fix committed] https://launchpad.net/bugs/1014864
<ssvss> Hello, any idea on how ubuntu server works in a mac mini ?
<ssvss> are there any issues with power management
<hallyn> stgraber: updated http://people.canonical.com/~serge/lxc-include.debdiff to update the manpage.  (i do notice there is no entry for lxc.seccomp, but that's more of a tech preview thing ...
<hallyn> pushed
<jamespage> hggdh: are you likely to implement multi-nic and usb features in the current ISO testing framework still?  sounds unlikely to me....
<smartboyhw> jamespage: Is it that you're in charge of testing?
<jamespage> smartboyhw, well coordinating at least for server
<smartboyhw> OK, I wanna help
<jamespage> smartboyhw, great!
<jamespage> hang on in the meeting - more info later on
<smartboyhw> What? I'm going to sleep!
<jamespage> about 15mins probably
<smartboyhw> I'm Ubuntu Studio member in testing, also helped chairing QA meetings
<jamespage> smartboyhw, how would you like to help?  we are due to migrate to a new automated testing framework this cycle; expanding both the depth and breath of tests will be important
<hggdh> jamespage: I dont think it will be an easy change either. but we could add multi-nic to the preseed/libvirt config
<jamespage> hggdh, I just don't really see the value considering its officially deprecated....
<smartboyhw> Testing!
<hggdh> jamespage: we can discuss that later, I just got nuclearbob to add multi-disk support for VMs on UTAH
<hggdh> (needed for kernel testing)
<jamespage> hggdh, also needed for RAID testing :-)
<hggdh> heh, well, yes, there is that also
<uvirtbot> New bug: #1028503 in cloud-init "support creating initial user if not present" [High,Triaged] https://launchpad.net/bugs/1028503
<smartboyhw> jamespage: I really can't stay for 15 minutes
<jamespage> smartboyhw, sure - I'll catch you tomorrow then instead - go to sleep!
<utlemming> smoser: I can do #1028503...that is kind-of important for Azure
<smartboyhw> jamespage: tmr 14:00GMT..I will be there
<smoser> bug 1028503
<uvirtbot> Launchpad bug 1028503 in cloud-init "support creating initial user if not present" [High,Triaged] https://launchpad.net/bugs/1028503
<smoser> why is it important for azure (as opposed to anywhere else)? I'm just curious.
<smoser> but feel free to work on it.
<utlemming> smoser: well, its important for azure in a backwards way. Right now we have to do some massaging of the images for Azure, and one is to delete the ubuntu user per the cloud vendor's rules. So if we have cloud-init do this work, then it means that we can cut out a couple steps
<smoser> please start with wriging out what you think the config looks like.
<smoser> i'd like to support adding multiple users, there is a request to support 'None' also.
<utlemming> smoser: ack, and I want to shoe in some stuff for sudo too
<www2> hi can some one tell me how i can config apache that each virtual host get his own php.ini?
<www2> note i have use suphp but it don't work for my current server config.
<jamespage> adam_g, I just uploaded that openssl fix to -proposed so that it can be discussed further - but I think it will probably make it still
<adam_g> jamespage: ya, i saw. thanks
<jamespage> np
<stgraber> hallyn: just saw the lxc uploaded to -proposed, what did you bundle in there?
<hallyn> stgraber: fix that was staged (for 'stop lxc-net' possibly breaking) and the new one for lxc-start-ephemeral
<hallyn> (nothing else was in lp:ubuntu/precise-proposed/lxc)
<stgraber> hallyn: ok, I guess we could have cherry picked the lxc-start-ephemeral echo fix, but that's very low priority, can do that in the next upload
<hallyn> what is taht?
<hallyn> i diff'd the lxc-start-ephemeral against quantl's and saw only a whitespace diff
<stgraber> the echo 'bla $something' that should have been echo "bla $something" in lxc-start-ephemeral
<stgraber> that was fixed in  0.8.0~rc1-4ubuntu22
<stgraber> though maybe 12.04 wasn't affected or we SRUed it already without marking it in the changelog
<hallyn> oh.  now i see
<hallyn> mayhaps i should change my font.   i couldn't spot the ' vs " in the diff
<hallyn> stgraber: do you want to kick that package from the queue?
<stgraber> hallyn: nah, it's really a cosmetic fix, we'll fix it in the next upload
<hallyn> ok
<ssvss> Hi, any suggestions on how I can create a snapshot of my ubuntu server. I am using this as a development server, and would like to easily start from fresh every once in a while. and need a easy way to do it.
<andol> ssvss: physical server or a virtual one?
<RoyK> ssvss: for a physical server, you need a filesystem with snapshotting, or you can use lvm. The only current somewhat supported filesystem with snapshop capabilities, is btrfs, and lvm slows down the system if you have many snapshots. zfs may do as well, but not for system things, and under fuse (which is default), it's rather on the slow side on writes
<ssvss> physical server
<andol> ssvss: Hmm, if you want to have convenient snapshots/restores, a virtual devel server would really make things so much easier.
<RoyK> then probably vlm snaps should do
<RoyK> lvm even
<RoyK> or as andol says, use kvm to create a vm on which you do the development
<RoyK> btw, kvm snapshots aren't very flexible either, at least not on lucid, guess I'll have to check that better
<ssvss> I prefer the physical server. I run some performance tests in this machine, so would like it to be as close as possible to the production server. I will checkout the lvm snapshot.
<RoyK> lvm snapshots are true "copy on write", the old way, meaning new writes are sent to lvm, and the old data moved away before the new data replaces them. with 1 snapshot, this doubles the number of I/O operations to the lv, with two, it triples, etc
<RoyK> btrfs is designed to do this the "new" way, meaning only pointers are updated and the data is stored in new blocks. btrfs is not, however, flagged as stable
<rbasak> I'm not sure snapshotting makes sense if you really want to test performance. Whatever snapshotting you do will affect IO speeds.
<RoyK> rbasak: with the btrfs or zfs way, it works well, with lvm it doesn't
<xnox> RoyK: ssvss: with lvm snapshots you can cheat =) boot into the snapshot. Then writes have no penalty. You can easily drop them, or commit to preserve.
<rbasak> RoyK: with btrfs and zfs you're changing the filesystem will will affect IO performance too!
<xnox> ssvss: you can use rsnapshot backups onto a different drive / locations. and restore if need be.
<RoyK> rbasak: even with ext2, you're changing the filesystem whenever you update a file :Ã¾
<xnox> ssvss: with backups you have 'production' performance
<rbasak> RoyK: use dump/restore if you really care about that :-P
<RoyK> xnox: with zfs, you have 'production' performance all the time ;)
<RoyK> too bad the native zfs port isn't ready (yet)
<ssvss> changing the file system is not a option, since this has to be close to production system. I will look in to rsnapshot or lvm booting into snapshot cheat. I think rsnapshot backup will suit better for my need. Thanks for the suggestion guys !!
<RoyK> rnsapshot is a cool hack
<xnox> RoyK: zfs latest development is closed source in oracle, and everyone who did zfs/btrfs left oracle....
<RoyK> xnox: well, latest zfs development is in illumos ;)
<nandersson> Hi, I am doing unattended installations and I had a look at how Ubuntus metapackages are build up. It looks like the packages in ubuntu-minimal aren't part of ubuntu-standard, and neither ubuntu-minimal nor ubuntu-standard are part in ubuntu-desktop. Wouldn't that mean that if I use config "tasksel tasksel/first   multiselect ubuntu-desktop" I wouldn't get the packages in ubuntu-minimal or ubuntu-standard? I am confused.
<nandersson> For example "iptables" is part of the "ubuntu-standard" meta-package. I haven't tested, but I think iptables is available in the system even though I write "tasksel tasksel/first   multiselect ubuntu-desktop"
<three18ti> is there a way to do a nqa install from usb?
<three18ti> nqa = no questions asked.  I know you can from cobbler, but I'd like to make a usb stick I can just boot and walk away.
<three18ti> preseeding is the term
<xnox> three18ti: presseding and unattended install
<xnox> check either ubiquity preseeding or debian-install preseeding depending on the image you use
<UndiFineD> hello, has anything been changed to apache2 in 12.04 ? I used to have my local mirror available but now it shows me somewhat near ubuntu marked up 404 page
<three18ti> xnox, cool thanks.
<adam_g> zul: still around?
<zul> adam_g: almost
<zul> adam_g: whats up?
<adam_g> zul: first time trying this, but on quantal: python-cinderclient : Depends: python2.7-cinderclient but it is not installable
<adam_g> zul: any hint?
<zul> adam_g: hmm....have a look at python-cliff
<adam_g> zul: cool, thanks
<kermit> how is it that the pid, even with -p, is missing from a LISTEN socket in netstat?
#ubuntu-server 2012-08-15
<UndiFineD> kermit, sudo netstat -tulpn <- like that ?
<kermit> UndiFineD: yeah, theres just a - in the last column
<UndiFineD> kermit, hmm, maybe you have a zombie process, the socket is still open, but the application that used it is gone
<UndiFineD> ps aux |grep Z
<UndiFineD> could show processes with STAT = Z
<phillw> Hi guys, I've had to abort the install of the 12.10 server onto a VM as it hung at the 'four dots' of booting up, as to  a GUI boot up instead of the CLI, pass. If someone has a decent speed internet link, I have one spare VM on the OVH system with its own Ipv4 and MAC address.
<kermit> UndiFineD: good theory, but no
<UndiFineD> kermit, a similar thread, but no solution: http://serverfault.com/questions/85558/netstat-ntap-doesnt-show-pid-process-name-for-some-connections
<kermit> UndiFineD: huh, thanks
<blackshirt> hello
<blackshirt> can we ask about postfix server here ?
<UndiFineD> not an postfix expert
<ScottK> blackshirt: You can ask.
<ScottK> Depending on the question you might get redirected to a more postfix specific resource.
<patdk-lap> well, no question works too :)
<uvirtbot> New bug: #1036918 in horizon (main) "Switching between regions causes login form to appear at the bottom of the page" [Undecided,New] https://launchpad.net/bugs/1036918
<uvirtbot> New bug: #1036919 in horizon (main) "Region drop down showing incorrect region" [Undecided,New] https://launchpad.net/bugs/1036919
<smartboyhw> Hi, Is jamespage here?
<smartboyhw> jamespage ping
<jamespage> smartboyhw, morning
<jamespage> Daviey, can you promote stuff to main if the MIR's are approved?
<uvirtbot> New bug: #1036934 in openldap (main) "package slapd 2.4.28-1.1ubuntu4.1 failed to install/upgrade: ErrorMessage: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/1036934
<uvirtbot> New bug: #1036940 in postfix (main) "package postfix 2.9.3-2~12.04.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/1036940
<xnox> jibel: 410770
<xnox> jibel: todays lvm on amd64 have passed, i386 haven't run yet. infinity identified yesterday on release channel that kernel was updated from quantal->proposed to quantal, but there was no new d-i upload with new kernel.
<xnox> that was fixed yesterday.
<jibel> xnox, I saw that, but the way it fails with a 'cannot find root filesystem' on boot is a bit annoying
<jibel> with d-i and non-squashfs install the error 'no kernel modules found' is a bit less cryptic
<jibel> and it fails during installation, not after
<xnox> jibel: file a wishlist bug for cjwatson to look at? =)
<jibel> xnox, np, I'll file one :)
<smartboyhw> Is jamespage here?
<jamespage> yes
<uvirtbot> New bug: #1037037 in etckeeper (main) "etckeeper not working on Precise" [Undecided,New] https://launchpad.net/bugs/1037037
<smartboyhw> jamespage: Hi
<smartboyhw> How can I help you guys to test Ubuntu Server?
<jamespage> smartboyhw, do you already use ubuntu server?
<jamespage> trying to gauge your level of experience...
<smartboyhw> jamespage: I only test Ubuntu flavors, want to help at every flavor
<smartboyhw> I don't normally use Server unless absolutely necessary
<jamespage> smartboyhw, well helping with the testcases in the Ubuntu ISO tracker for server would be a good start then
<jamespage> smartboyhw, 12.04.1 is due for release in the next two weeks; so testing of the ISO images for this release will be required
<smartboyhw> I know, just wondering: Is there a Ubuntu Server Testing Team on Launchpad
<smartboyhw> ?
<jamespage> smartboyhw, no
<smartboyhw> !
<jamespage> also quantal beta-1 is not that far off
<smartboyhw> How about 12.04.1?
<jamespage> smartboyhw, well daily images for precise are being produced ATM; so giving those a sniff would be great
<jamespage> smartboyhw, this mail give more details of what is happening and when - https://lists.ubuntu.com/archives/ubuntu-devel-announce/2012-August/000971.html
<smartboyhw> OK
<smartboyhw> jamespage: How many people actually do server testing? Only you or what?
<smartboyhw> BTW, testing to Ubuntu Server will be only a side job, Ubuntu Studio will be the main one
<jpds> Anyone here familiar with virt-{install,manager} ?
<jpds> soren: Maybe you can help? :)
<mwk_> i have a q about running ubuntu in ec2; the ubuntu provided amis include kernels that are not compiled with CONFIG_HW_RANDOM_VIRTIO.  does ec2 support the virtio hwrng?
<mwk_> the ubuntu provided ec2 images include kernels that are not compiled with CONFIG_HW_RANDOM_VIRTIO.  does ec2 support the virtio hwrng?
<uvirtbot> New bug: #1037055 in samba (main) "winbind does not refresh kerberos tickets" [Undecided,New] https://launchpad.net/bugs/1037055
<uvirtbot> New bug: #1037060 in openvswitch (universe) "openvswitch-datapath-dkms 1.4.2+git20120612-2ubuntu1: openvswitch kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/1037060
<xnox> mwk_: you might have better luck on the #ubuntu-kernel channel, they compile kernels and might know this type of thing.
<soren> jpds: Perhaps. What's up?
<soren> mwk_: EC2 runs an antique version of Xen. Don't count on it.
<jpds> soren: Do you know if there's a way to make virt-install work with http_proxy?
<soren> jpds: What are you trying to do? Most things I do with virt-install don't involve http at all.
<jpds> soren: http://paste.ubuntu.com/1148634/
<soren> jpds: I don't think your problem is related to http_proxy.
<soren> jpds: It seems your --location option is pointing to a directory rather than the ISO.
<jpds> soren: Well, HTTP out isn't allowed, unless it goes though the proxy.
<jpds> soren: As the manpage states.
<soren> Nevertheless, trying to boot a directory isn't going to get you far. :)
<jpds> (I believe ISO's go with --cdrom).
<jpds> soren: Works when I use it in virt-manager.
<soren> jpds: Oh.
<soren> jpds: Cool. This has been added since I last looked at it like three years ago.Who would have guessed?
<jpds> soren: :)
<soren> jpds: Have you tried the same command line somewhere that doesn't require a proxy?
<jpds> soren: Yes, and it works.
<jpds> (On my computer, but not on the blade).
<soren> jpds: That's interesting. virt-manager uses virt-install as its backend, so it should work the same.
<jpds> soren: I can see from the tcpdump that it's not trying to talk to the proxy.
<jpds> soren: I think that virt-install is trying to test that it can get to the URL, before starting the instance.
<soren> Oh, wait.
<soren> No, the problem is that you're using sudo.
<soren> sudo strips http_proxy from your environment.
<jpds> sigh.
<jpds> soren: OK, there we go, that works.
<jpds> Sorry. :(
<soren> jpds: np
<soren> jpds: Enjoy :)
<jpds> soren: Thanks.
<RoyK> http://i.imgur.com/v0hds.jpg
<Daviey> RoyK: i'm getting a "Not Found" error?
<tinkogeorgiev> hi, getting errors trying to setup UCI with lxc
<tinkogeorgiev> all services start except nova-volume - install-error
<tinkogeorgiev> this is from nova-volume.log
<tinkogeorgiev> 2012-08-15 13:14:12 CRITICAL nova [-] volume group nova-volumes doesn't exist
<tinkogeorgiev> 2012-08-15 13:14:12 TRACE nova Traceback (most recent call last):
<tinkogeorgiev> would appreciate if anyone can help
<uvirtbot> New bug: #1037107 in libmlx4 (universe) "Mellanox ConnectX-3 HCA's are not supported (MT27500 Family)" [Undecided,New] https://launchpad.net/bugs/1037107
<jamespage> zul, does horizon use uglify-js to compress JS files?
<zul> jamespage:  probably
<zul> jamespage: how can i check?
<jamespage> zul, yuicompressor is already in main - just a thought
<zul> jamespage: yeah
<uvirtbot> New bug: #1031396 in glance "xattr and pysendfile dependencies broke Hyper-V integration" [Undecided,Confirmed] https://launchpad.net/bugs/1031396
<elux> hey guys
<elux> does anyone know of channel with many ec2 users? ... (this one..?)
<AdvoWork> Hi there, if ive just installed ubuntu on a new computer, and it has no NIC recognised(it told me this during installation), any idea how I can get it working?
<Lukas1321> I need help with 8.04 Server running OpenVPN-AS on VMware. Port forwarding works but the server keeps refusing connections
<Lukas1321> hello?
<Lukas1321> I need help with 8.04 Server running OpenVPN-AS on VMware. Port forwarding works but the server keeps refusing connections
<Lukas1321> I need help with 8.04 Server running OpenVPN-AS on VMware. Port forwarding works but the server keeps refusing connections
<Lukas1321> I there anyone in this chatroom who can help me?
<Lukas1321> Is*
<Pici> I'm here, I just don't think I can help you.
<Lukas1321> Who can then?
<Lukas1321> Anyone?
<Lukas1321> I need help with 8.04 Server running OpenVPN-AS on VMware. Port forwarding works but the server keeps refusing connections
<kirkland> roaksoax: ping
<RoyK> hi all. i find some references to ext4 checksumming being abandoned and for this to be implemented in md - anyone that knows the status of this work?
<hallyn> stgraber: uh oh: http://paste.ubuntu.com/1149100/
<hallyn> failure creating quantal container on quantal, due ot /dev/shm
<stgraber> hallyn: hmm, I thought I fixed that...
<stgraber> hallyn: ah, apparently I didn't fix it hard enough... I guess we'll need an extra -L check in there... or just get rid of that code as initscripts as been fixed now...
<Lukas1321> I need help with 8.04 Server running OpenVPN-AS on VMware. Port forwarding works but the server keeps refusing connections
<uvirtbot> New bug: #1036907 in python-django-compressor (universe) "python-compressor is uninstallable" [Undecided,Fix released] https://launchpad.net/bugs/1036907
<ssvss> Hello, I have a dedicated ubuntu server with hetzner.de. hetzner also provides a seperate backup space accessible via samba/ftp/sftp/scp.
<ssvss> In their support document about backups, the following line is mentioned. - "The direct use of rsync is not possible. The backup space can however be locally mounted using smbfs, sshfs or ftpfs, allowing a limited use of rsync. To take full advantage of rsync (such as incremental backups using hardlinks) an image file must be created, which should be mounted via loopback."
<ssvss> I would like to use rsync with incremental backups using hardlinks.
<ssvss> I think by loopback they mean http://en.wikipedia.org/wiki/Loop_device. can any one help on how I can create a image from the network location.
<chaput> is Ubuntu 12.04 server support multiple vCPU on hyper-v  on 2008 r2 ?
<adam_g> zul: re horizon deps, check gabriels comments on bug #1024326  option #2 looks better
<uvirtbot> Launchpad bug 1024326 in horizon "django_compressor is required for access to the dashboard" [High,In progress] https://launchpad.net/bugs/1024326
<zul> adam_g: that sounds good to me
<hallyn> stgraber: d'oh, uh, i think i was using an old lxc when i had that devshm failure.
<adam_g> zul: im' trying to document our packaging process for openstack. are the ubuntu-server-dev branches not used anymore?
<zul> adam_g: yeah they are...they are there for people to see the process
<adam_g> oh, nvm. looking at the wrong branches
<adam_g> zul: i suppose they're only used for tracking packaging in the main ubuntu packaging, and wont' be used for the cloud archive?
<zul> adam_g: no i dont think so
<zul> at least i havent planned for it yet
<adam_g> zul: does python-django-openstack-auth exist somewhere outside of pypi?
<zul> adam_g: github
<zul> adam_g: check the debian/copyright ;)
<zul> why do you ask?
<adam_g> zul: wanted to check the upstream source for something. horizon login was borking when installed from packaging, but okay from pypi
<zul> adam_g: ah ok...bbl
<smw_> Hi all, can anyone help me with LVM? I have a VG with two logical volumes. one called root which takes up just about the entire lvm and one called swap which is 99GB. I want to "delete" the root one so I can partition
<smw_> Does anyone know how to do this from the Partition disks screen during install?
<smw_> ah, got it
<xnox> smw_: good for you =) it does support deleting, but not resizing.
<uvirtbot> New bug: #1035995 in swift (main) "package swift (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/swift', which is also in package python-swiftclient 1:1.1.1-0ubuntu1" [Undecided,Invalid] https://launchpad.net/bugs/1035995
<three18ti> what is the correct format for syslinux.cfg when using a preseed file?  this is mine http://paste.scsys.co.uk/205578 and I get the error "cannot find kernel image install/vmzlinuz"
<three18ti> I tried just "preseed/file=/hd-media/preseed.cfg" as it says in the installation-guide https://help.ubuntu.com/12.04/installation-guide/amd64/preseed-using.html#preseed-loading
<three18ti> I'm trying to boot off a usb drive
<uvirtbot> New bug: #1037331 in lxc (universe) "lxc-create should clear the cache when interrupted" [Undecided,New] https://launchpad.net/bugs/1037331
<three18ti> ok, looks like I needed / infront of the /install but now it's not loading the preseed file :/
<three18ti> lol.
<three18ti> maybe just /preseed.cfg will work.
<three18ti> negative.
<msw> utlemming, smoser: seeing lots of lockups on new hi1.4xlarge instance types...
<msw> utlemming, smoser: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1011792
<uvirtbot> Launchpad bug 1011792 in linux-lts-backport-oneiric "Scheduler deadlock running 3.0.0 on multiple EC2 instance types" [Undecided,Confirmed]
<ChmEarl> considering to convert my iptables rules (activated with iptables-restore in */interfaces) to the ufw method. Do I need to manually do this, or is there a script to break my rules down to the ufw *.rules way?
<zul> adam_g: ping
#ubuntu-server 2012-08-16
<seijirou_> I have an issue with ubuntucloudInfrastructure.   Following the guide... after running juju bootstrap... I am stuck in a loop of remote server refused the client connect.   Connecting to the remote end directly I can see in /var/log/auth.log that it's trying to connect to localhost on 2181..
<seijirou_> I don't think localhost is correct.. I think it's supposed to connect back to the initial maas box
<seijirou_> any ideas greatly appreciated
<CyclicFlux> Good evening fellow Ubuntu-Server enthusiasts. I have a bit of a problem, and I am not exactly clear on how to fix it, my assistant made a bit of a hiccup
<CyclicFlux> While using tor-proxy he saw in the log that the patch to the unix control socket didn't have proper permissions of the user.  He then changed the ownership of the /var/run folder to chown -R hisusername:root /var/run, in hopes of solving the problem in a rather crude way.  I was curious what the default permissions were on the /var/run directory so I could change them back via chmod to recursively correct this
<ChmEarl> CyclicFlux,  http://paste.ubuntu.com/1149845/
<CyclicFlux> I was thinking a chmod 757
<ChmEarl> thats lucid
<CyclicFlux> ChmEarl, thanks! I appreciate it
<seijirou_> the folder /var/run itself is root:root 755
<ChmEarl> about half are 644
<CyclicFlux> ChmEarl, thanks! I am going to go check it out, and let you know how it goes
<ChmEarl> seijirou_, gave you an important tip
<CyclicFlux> seijirou, thanks as well!!!! The irc-client is on transparent and I am having trouble seeing the blues with my background, lol!!!
<CyclicFlux> I'll be right back
<seijirou_> Lol so far cloud infrastructure 12.04 walk-through and pre-built image has been a catastrophe
<three18ti> seijirou_, no "cloud infrastructure" in 12.04, that's a < 11.10 thing.  post 12.04 we're using MaaS and Juju.
<three18ti> but I agree.
<three18ti> have you checked out openQRM?
<disown>  ok I have installed open-iscsi on a computer the services is running but from another computer what clientside software do I need to access iscsi based things ? Or is it built in to the os so a share will show up in any browser ...
<disown> confused on where the iscsi client side package is
<disown> Is it different from an NFS setup where you have a client and a server side program
<disown> client program being the mounting command and the server side being the service
<disown> Or maybe this open-iscsi is just the client side daemon that detects when a san enable devices is on the network and mounts it. Though the san device has to have the builting software on its side
<melmoth> disown,  the server is called a target
<melmoth> and people tned to use tgt for the target side
<melmoth> the client is called the initiator
<melmoth> and i think open-iscsi (iscsadm and stuff) is the client part
<disown> so then whats the server part
<melmoth> tgt
<disown> what is that stand for
<disown> and what is tned
<melmoth> hmmm. How should i know ? :)
<melmoth> i never heard of tned
<disown> " and people tned to use tgt for the target side"
<melmoth> ahh, i think tgtd means TarGeT Daemon or something
<melmoth> ahh :) that was me mispelling "tend". I meant to say people use tgt for the server side.
<disown> ok but what package is that server stuff part of
<melmoth> tgt
<melmoth> Linux SCSI target user-space tools
<three18ti> any ideas on how to preseed an install?  I'm stumped.  Thanks.
<three18ti> so you don't have to look through the scollback, I'm looking for a good syslinux.cfg mine is loading vmlinuz and initrd.gz, but I won't load my preseed.cfg
<disown> ok so then tgt is the equivalent to NFS client side package nfs-common
<disown> sorry meant nfs-kernel-server
<melmoth> disown, yep , i think one can say that
<disown> meant serverside package when I said client
<three18ti> this is all I have in my syslinux.cfg http://paste.scsys.co.uk/205590
<melmoth> three18ti, i use it with cobbler, but as it s cobbler i did not generated the syslunx.cfg file myself
<three18ti> heh, I'm trying to preseed the cobbler server ;) maybe I'll install cobbler on another machine then use that to provision this machine...  it seriously shouldn't be this hard to automate an install.
<three18ti> unfortunately the docs are just missing that one piece.
<disown> Ok then it would seem to me iscsi is more fundamental or lower level then NFS since not only can it act as hosting shares but can do more general things like issue scsi over tcp/ip commands
<three18ti> maybe I'll try zipping a custom initrd
<melmoth> disown, iscsi is about block devices, nfs is about filesystems
<disown> so iscsi is not for accessing files or filesystems it can only issue scsi command to like tell a cd/dvd player to burn a cd/dvd ,...etc
<disown> scsi is part of a HDD ATAPI is scsi based
<disown> so it should beable to retrevie any sector on a HDD
<disown> confused
<melmoth> three18ti, http://pastebin.com/EHveL9aS
<disown> seems to me iscsi would be more general then nfs since iscsi could in theory have a layer on top add to do the same thing as nfs
<melmoth> its a _block device_ server
<melmoth> it does not do the same thing than nfs.
<three18ti> sonofab*** I just rebooted my dns server... lol
<disown> any harddrive is a block devices
<melmoth> yep, but nfs is not a drive, it s a filesystem.
<disown> and as such cann't you uses iscsi to retreive any sector of a HDD with a scsi / atapi command then once you can do that one could eventually add a file system to the top or better yet run any filesystem on top ,
<melmoth> three18ti, in my example the preseed file is http://192.168.122.2/cblr/svc/op/ks/profile/precise-x86_64-auto
<melmoth> disown, exactly, this is the idea.
<disown> thats cool sort of like a VFS set up
<three18ti> melmoth, thanks, the problem is that I'm trying to use a "local" preseed.
<three18ti> as in it's on the FDD.
<disown> so one can uses iscsi in theory to test out newly developed DFS
<melmoth> in this case, it happen to be local too. I do not know why the cobbler guyes made it pass threw http
<melmoth> may be because it s easier :)
<three18ti> :)
<three18ti> unfortunately, these instructions seem just incomplete enough, https://help.ubuntu.com/12.04/installation-guide/amd64/preseed-using.html
<disown> if that is true that opens up whole new worlds in my ability to design a DFS without having to write the server/client socket programs to interperate those commands
<seijirou_> three18ti, I tried MaaS and Juju.  It's incredibly broken.  Problems at every step.
<three18ti> seijirou_, have you checked out openQRM?  What is broken about MaaS and Juju?  When was the last time you tried them?
<bigjools> "incredibly broken" is not true at all
<seijirou_> I've tried getting MaaS and Juju working for the last 2 days.  The 1st problem is related to system clock mismatch causing nodes not to boot correctly.
<seijirou_> The errors are not discriptive, so it took a while to figure out what that was.  The fix was standing up NTP on the MaaS box, and modifying the tftp image with instructions for the remote boxes to pull ntp.
<seijirou_> If you don't do that the nodes are stuck at comissioning
<seijirou_> After that they do comission, and shut off.   if you turn them back on prrior to attempting to juju bootstrap, the SSH keys get hosed
<bigjools> what ssh keys?
<bigjools> https://bugs.launchpad.net/maas/+bug/978127
<uvirtbot> Launchpad bug 978127 in maas "incorrect time on node causes failed oauth" [High,Triaged]
<seijirou_> that would be problem #1
<bigjools> what ssh keys are "hosed" ?
<seijirou_> The MaaS server seeds the nodes with it's public ssh key with the cloud-init script ( I think)
<seijirou_> without that working, you cannot authenticate to the node
<bigjools> if you are using juju you don't need to care about maas's ssh keys
<bigjools> and I still don't know what you mean by hosed
<seijirou_> Actually I do, because when i juju -v status and is ee a screen full of invalid ssh key errors
<seijirou_> i know why juju bootstrap never works
<bigjools> no, you don't.  juju passes keys
<bigjools> status fails because it's not finished installing and hence no keys are set
<seijirou_> What I found to be repeatable, is if you turn the nodes back on after comissioning
<seijirou_> prior to juju bootstrap
<seijirou_> ubuntu is installed
<seijirou_> but there's an issue with the ssh keys
<bigjools> why are you turning them on?
<seijirou_> so that when you then try to juju bootstrap
<bigjools> it's not designed to work like that
<seijirou_> there's a probelm with the keys, and it won't work
<seijirou_> I did because they shut off unexpectedly.
<seijirou_> I since learned, okay, don't turn them back on
<bigjools> that's not unexpected at all, it's designed to work like that
<seijirou_> juju bootstrap... then go turn them on
<bigjools> juju bootstrap will turn them on again
<seijirou_> I didn't design it
<bigjools> no, I did
<seijirou_> It's not well documented
<seijirou_> Tehrefore I diddn't expect it
<bigjools> I am happy to help
<seijirou_> My clue to the cause, was another bug that i'd have to go find
<seijirou_> where the last post someone mentioned they did the same thign
<seijirou_> I'm not the only one
<seijirou_> Anyhow, after realizing that mistake i started over
<bigjools> which docs are you looking at, we can fix it
<seijirou_> get past issue #1, don't turn them on after comissioning, issue juju bootstrap
<seijirou_> it still fails
<seijirou_> this time I can ssh to the node
<seijirou_> when i look in /var/log/auth.log
<seijirou_> it's repeatedly trying to connect to localhost on 2181
<seijirou_> every time juju -v status loops it's connection attempt
<bigjools> what do you mean by "it still fails", what are the external symptoms?
<bigjools> bootstrap takes a long time, FWIW
<seijirou_> well juju -v status shows me that the remote server rejected the connection
<seijirou_> i can now ssh to the remote server though
<bigjools> because it's not finished bootstrapping
<seijirou_> i let that run for 16 hours
<bigjools> ok that's not good :)
<seijirou_> i left it last night before bed
<seijirou_> checked it this afternoon after i got home from work lol
<bigjools> ok so you  can ssh in?
<seijirou_> I was able to yes... the environment is not up currently
<bigjools> can you paste the output from these logs:
<bigjools> /var/log/cloud-init-output.log
<bigjools> /var/log/cloud-init.log
<bigjools> also what is your DEFAULT_MAAS_URL in the /etc/maas/maas_local_settings.py file?
<seijirou_> If you can stand by about 10 minutes I can re-create it.
<bigjools> sure
<bigjools> also please tell me which docs you were following so I can fix them
<seijirou_> and I'm sorry if my description about it was offensive.. i'm slightly frustrated but i appreciate your willing to help.
<bigjools> np, it's a frustrating experience when it goes wrong
<bigjools> we're about to release quite a re-write in 10.10
<bigjools> 12.10 even
<disown> wait cann't iscsi be used for distributive based raid
<seijirou_> I was following along here, using method2   https://help.ubuntu.com/community/UbuntuCloudInfrastructure
<bigjools> ok
<disown> wait is clustering a form of distributive based raid  I see DBRD is used to do clustering but is clustering distributive based raid ?
<bigjools> ok I fixed the wiki to say it shuts down after commissioning
<bigjools> heading out to eat, back later, just leave the logs and I'll check when back
<seijirou_> Thanks
<seijirou_> Ok
<seijirou_> DEFAULT_MAAS_URL = "http://192.168.10.10/"
<disown> iscsi melmoth if your still out there is more general then even issuing scsi commands over tcp/ip for a HDD it can be used if I am correct for any device that excepts or understands scsi commands this allows you a distributive way to control anything. 1) create a scsi device that does what you want 2) uses iscsi as a means to issue the commands over the network. I can see it used for remote controling thing....hell this opens up
<disown>  many worlds for me
<disown> one could basically but any computer or electronic based device online with this or make it remote controllable
<disown> so cool so cool now I know how I would do home surveillances or automation
<seijirou_> Here is the bug were the last post describes the situation I was in.
<seijirou_> https://bugs.launchpad.net/ubuntu/+source/juju/+bug/1015207
<uvirtbot> Launchpad bug 1015207 in juju "juju setup fails, ERROR Invalid SSH key - 12.04 LTS" [Undecided,Confirmed]
<seijirou_> Okay so 1st issue after juju bootstrap and ubuntu is installed on remote node.  Box1 tries to connect to it by hostname, but it will not resolve.
<seijirou_> Therefore errors liek this will repeat idefinitely
<seijirou_> http://pastebin.com/GwYC1Q4E
<seijirou_> To move past this, I must manually reboot the node
<seijirou_> It will pull DHCP again, and then the name will resolve.
<seijirou_> I am then prompted if i want to connect with ssh to which i say yes.
<seijirou_> The errors in that pastebin will still continue indefinitely
<seijirou_> It never changes.
<bugzc_> Hey guys, I was wondering if anyone could tell me why the following outputs in chunks every now and then instead of the intended 'tail -F'-esque live output (one liner)? tail -F /var/log/squid3/access.log | perl -pe 's/^\d+\.\d+/localtime($&)/e;' | ccze -C
<seijirou_> This time I'm not sure what went wrong, but I also can't manually "ssh ubuntu@Galaxy2" successfully... so the keys are broken again
<bugzc_> passing tail's output to either ccze or the perl script works fine, but having both the script and ccze in there seems to cause the issue
<seijirou_> So i'm going to try creating ssh keys again, and running maas-import-isos again because perhaps that updates the ssh key seeding thing, i'm not sure
<seijirou_> then i'll pxe boot the node again
<bigjools> seijirou_: maas-import-isos doesn't touch keys
<bigjools> seijirou_: I need your cloud-init logs
<bigjools> I can't see any DNS problems in that log
<bigjools> the error is also nothing to do with ssh as far as I can see, it's zookeeper
<seijirou_> at the end, the name resolves to some internet IP
<seijirou_> if you try to nslookup any bogus name, you get 63.251.179.13 and 8.15.7.117
<seijirou_> The pastebin shows attempts to connect to Galaxy2, the hostname of the node...
<seijirou_> and then a ping of Galaxy2 comes back with the 63.251.179.13 IP.  not the correct 192.168.10.7
<MicSat> Is anyone familiar with tomcat6 and apache2?
<seijirou_> Previously I could ssh to the node manually but currently I cannot
<seijirou_> I believe when the node PXE boots it should receive the MaaS' public ssh key.   THat doesn't seem to work consistently
<seijirou_> Which is getting in the way of me retrieving those logs.
<bigjools> is your dhcp server telling the nodes to use the right dns?
<seijirou_> The maas box is the dhcp server
<seijirou_> it claims itself for DNS
<bigjools> let me repeat my previous answers and questions:
<bigjools> 1. using juju doe *not* depend on maas ssh keys
<bigjools> 2. please paste your cloud init logs
<seijirou_> how can i retrieve them?
<bigjools> put this in the preseed:
<bigjools> d-i   passwd/user-password-crypted  password $6$.1eHH0iY$ArGzKX2YeQ3G6U.mlOO3A.NaL22Ewgz8Fi4qqz.Ns7EMKjEJRIW2Pm/TikDptZpuu7I92frytmk5YeL.9fRY4
<bigjools> it'll set the password of the ubuntu user to "ubuntu"
<bigjools> then you can ssh in
<bigjools> or log in on the console
<seijirou_> is this done through the same emthod the "
<seijirou_> method the ntpdate -8  was done
<seijirou_> mount and chroot
<bigjools> when I say "is your dhcp server telling the nodes to use the right dns?" I mean, does the dhcp server have a configured domain?
<bigjools> no
<seijirou_> No domain
<bigjools> just edit the preseed
<seijirou_> Okay, I don't know where the preseed is
<bigjools> have you got cobbler-web installed?
<seijirou_> I'm not sure, does the guide I'm following install cobbler-web ?
<bigjools> that would be the easiest way
<bigjools> no
<seijirou_> Ok.   apt-get install cobbler-web suffice?
<bigjools> hang on a sec
<seijirou_> Ok.
<bigjools> ok just edit /var/lib/cobbler/snippets/maas_preseed
<bigjools> and stick that line in there
<bigjools> thankfully this cobbler stuff will not be around for much longer
<seijirou_> donald@Galaxy1:/etc/cobbler$ cat /var/lib/cobbler/snippets/maas_preseed #import base64 #set $maas_preseed_data = base64.b64decode($getVar("MAAS_PRESEED","")) $maas_preseed_data  cloud-init   cloud-init/local-cloud-config string manage_etc_hosts: localhost d-i   passwd/user-password-crypted  password $6$.1eHH0iY$ArGzKX2YeQ3G6U.mlOO3A.NaL22Ewgz8Fi4qqz.Ns7EMKjEJRIW2Pm/TikDptZpuu7I92frytmk5YeL.9fRY4
<seijirou_> formatting got lost, but otherwise look ok?
<bigjools> yes
<seijirou_> So when it pxe boots... it doesn't go through a re-install
<seijirou_> it drops in to console pretty rapidly
<seijirou_> and the login doesn't work, but i imagine nothing changed.  should i expect another OS install?
<bigjools> yeah you probably need to reinstall
<blackshirt> helllo
<bigjools> sorry
<blackshirt>  I have log entries like this in syslog : dovecot: imap(paijo): Error: user paijo: Couldn't drop privileges: User is missing UID (see mail_uid setting)
<blackshirt> I try to setup dovecot to use LDAP backend
<blackshirt> paijo was user entry on ldap database...
<blackshirt> how we resolve this ??
<blackshirt> anyone could help me ?
<CyclicFlux> I had a bit of a follow-up question from a few hours ago.  I unfortunately had to roll away from the desk, and then had one thing to do after the other.  But my issue had to do with my assistant's crude tactics to essentially resolve an issue he saw in the tor-proxy log, to give tor's unix control domain socket the proper permissions, he applied chown -R username:root(he didn't realize that it was occuring due to him
<CyclicFlux>  running it w/sudo as opposed to his user) to the /var/run directory in a crude attempt to resolve it.  for the past 30 min.'s or so I was
<CyclicFlux> getting carried away with learning more about the access-controls in sockets/etc... so I can confidently fix it next. Could someone give me the output on their '/var/run' & then '/var/run/' sockets so I can account for any variance in application-specific differences in permissions.
<CyclicFlux> Its this command stat -c '%A %a %n' /var/run
<CyclicFlux> That will do the /var/run directory.  Then cd into /var/run do 'stat -c '%A %a %n' *' (this will get the sockets)
<seijirou_> looks like maybe that encrypted passwords ends with a . ?
<CyclicFlux> seijirou, hey bud! You remember me? I apologize for almost missing you earlier, but your insight proved to be the most beneficial!
<seijirou_> lol hey, cool glad it helped
<CyclicFlux> Do you mind running the stat commands above for me, and letting me know the octal outputs, the short-hand %'s allow for more customized formatting, and then octal output(accounts for all the bits whereas the ls -al doesn't)
<CyclicFlux> Yessssireeee, it def. did!
<seijirou_> lrwxrwxrwx 777 /var/run
<seijirou_> http://pastebin.com/zC05Xej3
<CyclicFlux> seijirou_, Thanks!!!!
<seijirou_> No problem o7
<CyclicFlux> seijirou_, I had a question, are you familiar with those 4-length octal permissions? Those are what I was just reading about
<seijirou_> like the 1777 ?
<CyclicFlux> seijirou_, yessssir
<seijirou_> I don't use them... I got stuck on one once and I think it turned out to be some sort of access lsit
<seijirou_> maybe it's an app-armor thing or something of that nature?
<CyclicFlux> seijirou_, yeah they are like stick bits, but because most don't compile their own software anymore, its no biggie, but when messing around with the daemons, proxies, and other more advanced stuff I have ran into issues with users+group+UID&GID sticky/non-sticky bits.  So I was going over it, and playing around with it some.
<seijirou_> ahh
<seijirou_> Yeah i can't be much help there :)
<CyclicFlux> seijirou_, you were a huge help! I wouldn't be much of a help either, lol!!!
<seijirou_> lol every squirrel gets a nut eventually!  glad it helped :)
<CyclicFlux> seijirou_, but the article is here if you ever get into trouble(it took me a while to find it, but it is legit, and goes through it in a way that you'll understand), I got eclipse to securely run and access server document root/etc.... w/o privilege, which I am not sure if your familiar is quite a feat, lol!
<seijirou_> bigjools, in true murphy's law fashion i can log in to the node, but something is now broke with the juju box.
<CyclicFlux> http://www.unixpeople.com/HOWTO/advanced.permissions.and.ACLs.html
<seijirou_> That's Cyclic
<seijirou_> Thanks even
<seijirou_>  INFO Bootstrapping environment 'maas' (origin: distro type: maas)... Unexpected Error interacting with provider: 409 CONFLICT 2012-08-16 02:25:13,347 ERROR Unexpected Error interacting with provider: 409 CONFLICT
<CyclicFlux> seijirou_, no doubt!!! I owe you one, and you were right they all fall under the ACLs
<seijirou_> donald@Galaxy1:~$ juju status 2012-08-16 02:26:03,461 INFO Connecting to environment... juju environment not found: is the environment bootstrapped? 2012-08-16 02:26:03,497 ERROR juju environment not found: is the environment bootstrapped?
<seijirou_> So 409 conflict i believe is when there's no available nodes
<seijirou_> i did a juju destroy-environment
<seijirou_> but I think the node is still considered deployed
<seijirou_> And i can't delete the allocated node in the web ui
<seijirou_> at this point i need to call it a night i will try to try again later.
<Calthropstu> hi
<Calthropstu> anyone alive in here?
<Calthropstu> Starting web server apache2                                                  apache2: Syntax error on line 214 of /etc/apache2/apache2.conf: Syntax error on line 3 of /etc/apache2/httpd.conf: Syntax error on line 1 of /home/calthropstu/webpolicy/web_agents/apache_agent/Agent_001/config/dsame.conf: Cannot load /home/calthropstu/webpolicy/web_agents/apache_agent/lib/libamapc2.so into
<Calthropstu> server: /home/calthropstu/webpolicy/web_agents/apache_agent/lib/libamapc2.so: undefined symbol: ap_run_http_method
<Calthropstu> Action 'start' failed.
<Calthropstu> The Apache error log may have more information.
<Calthropstu>                                                                          [fail]
<Calthropstu> :(
<melmoth> Calthropstu, do you put an apache module in your home directory ?
<melmoth> if you choose to have your home directory encrypted, apache will never be allowed to read its content
<dax_roc> Morning all
<dax_roc> Is it possible to get a list of installed packages and what categories they belong to ?
<dax_roc> *Grouped by category
<uvirtbot> New bug: #1023066 in quantum "python-quantum fails to install due to python syntax errors" [Undecided,Fix released] https://launchpad.net/bugs/1023066
<uvirtbot> New bug: #1037400 in maas "python-lockfile missing from list of required dependencies" [Critical,Fix released] https://launchpad.net/bugs/1037400
<amcsi_work> I have problems on my ubuntu 10.04. When git pushing to it though ssh, it gets stuck while writing files. There seems to be some sshd problem that causes this. Is anyone familiar with this?
<chm007> Hi. I have successfully installed Ubuntu OpenStack following this procedure (http://uksysadmin.wordpress.com/2012/03/28/screencast-video-of-an-install-of-openstack-essex-on-ubuntu-12-04-under-virtualbox/#comment-649). Unfortuanetely, when I tried to create a new instance, I get this Nova message (Error: Unable to launch instance: Can not find requested image (HTTP 400)). Where can I found nova error log as I use the Ubuntu Dashboard
<rbasak> amcsi_work: if that's not just a slow upload, it could be an MTU problem
<amcsi_work> http://pastebin.com/px5FuxG7 <- here is when I try to scp a large file onto this bad server
<amcsi_work> with scp -vvv
<uvirtbot> New bug: #978281 in php5 (main) "apache2 crashed with SIGABRT in raise()" [Medium,Incomplete] https://launchpad.net/bugs/978281
<freakynl> hi, i'm having really poor write performance on a 7 disk raid-5 set, even after some tuning I can get around 60MB/s max sequential. The disks I have tested individually before putting them in the raid did around 110-90MB/s (depending where on the disk you write, beginning of the disk is faster than the end oc)
<freakynl> now I did notice when I was at the noc last time that on 2 of the disks the activity led burns permanently, on the other 5 it just blinks a bit
<freakynl> smart doesn't show any unusual things tho', some reallocated sectors and CRC errors but that's it
<_ruben> freakynl: does iostat show any uneven distribution of activity?
<freakynl> _ruben: no, but since I have buffers it should be trying to complete entire stripe writes before moving to the next
<freakynl> so I wouldn't quite expect that either. That said, since they do show the same cmds/s one would expect all activity leds to burn more or less the same instead of 2 constantly and the others blinking
<freakynl> what is horrible tho' is that one of the disks (the spare) has pending sectors so running badblocks on it (badblocks doesn't find anything, yet the sectors remain pending... weird too). That disk does 100MB/s and the entire md4 is stuck at around 8MB/s now. Not checksumming either, cpu is hardly loaded (~95% idle)
<freakynl> it's random now tho', but even then considering it's 7 disks it's horrible
<freakynl> running smartctl -t offline on the disk with the pending sectors doesn't help either. If anyone has some ideas on that, would be welcome too. Receiving e-mails from smartd every day now. At some point one stops looking at them and that's bad ;)
<AdvoWork> silly question maybe, but how can i tell if my version of ubuntu is server or non-server, from the CLI?
<freakynl> AdvoWork: not sure, is it not in /etc/issue?
<bhosmer> If you cat /etc/lsb-release there isn't anything that dustinguishes server from desktop.
<bhosmer> Is there really any difference aside from x and some desktop software?
<AdvoWork> bhosmer, i suppose actually, when i boot up, i only get CLI, so that would indicate server
<bhosmer> AdvoWork: or x was disabled. If you type starts does anything happen?
<bhosmer> Sorry, startx
<AdvoWork> to bne fair, ive just looked at the iso i downloaded "server" springs to mind lol
<AdvoWork> doh!
<bhosmer> This autocorrect is driving me nuts!
<freakynl> afaik there isn't much difference expect the default kernel and package selection
<bhosmer> Does the default desktop install include sshd?
<freakynl> I dunno don't run desktop ;)
<bhosmer> Me either!
<freakynl> but ssh is very common, even on desktops
<uvirtbot> New bug: #938804 in php5 (main) "apache2 crashed with SIGSEGV in prefill_from_oparray()" [Low,Incomplete] https://launchpad.net/bugs/938804
<bhosmer> I was trying to think of a package included in the server but not the desktop.
<uvirtbot> New bug: #983782 in apache2 (main) "apache2 crashed with SIGSEGV in zm_globals_ctor_mongo()" [Undecided,New] https://launchpad.net/bugs/983782
<uvirtbot> New bug: #1034701 in horizon (main) "ImportError: Could not import settings 'openstack_dashboard.settings': missing dependency on python-glanceclient" [High,Triaged] https://launchpad.net/bugs/1034701
<uvirtbot> New bug: #975468 in maas (main) "consider implementing a 'security group' functionality" [High,New] https://launchpad.net/bugs/975468
<afuentes> how to purge packages installed with tasksel?
<freakynl> _ruben: extended stats (iostat -x 2) show await, r_await and w_await values 4-20* larger than the other disks in the set consistently
<_ruben> freakynl: all disks on same controller?
<_ruben> I'd say either dying disks or crappy controller for those disks
<freakynl> _ruben: lsi sas controller. All disks (in this set) are on the same controller
<_ruben> freakynl: then if the IO/s are similar, but the waits higher, I'd be blaming the disks
<rbasak> Is vmbuilder the current recommended way of setting up fresh installs on libvirt? Or should I be using something else?
<njin> Hallo, in raid1 when I reconnect one of the disks, teorically them will be automatically synced, but this not happens, syncing is starting only when manually add the device to mdadm. Can you tell me wich is the package responsible of this fail so I can open a bug report. Thanks in advance
<xnox> njin: mdadm if you use software raid
<xnox> njin: this is not a bug, but a known feature
<xnox> njin: because if two drives have modifications, at resync you can get silent data loss
<njin> xnox, thanks, so i will update the testcase
<xnox> njin: e.g. unplug one drive: modify a document; unplug the first drive, plug the second one in: modify a document; plug both in & try to sync
<xnox> you will loose data =/
<xnox> it's not git it doesn't know about conflicts well enough =)
<njin> ok, thanks for the clarify
<rbasak> hallyn: we couldn't SRU a feature change to start using distro-info - that's why I filed a separate bug just to backport the quantal support using the same mechanism being used currently.
<dr-fnord> anyone has a fix for apt-mirror and the i18n bug?
<smb> zul, Ok, so chinstrap/~smb/4review would be fixing my little annoyance ;)
<zul> smb: cool ill get to it today
<smb> zul, Ok, thanks
<hallyn> rbasak: we couldn't?
<hallyn> <shrug>  ok.  patches for both bugs welcome :)
<uvirtbot> New bug: #1037607 in vm-builder (universe) "vmbuilder completely fails on Quantal due to kernel pae detection failure" [Undecided,New] https://launchpad.net/bugs/1037607
<rbasak> hallyn: I'll dig into it if I get time. But bug 1037607 is a bit more serious :-/
<uvirtbot> Launchpad bug 1037607 in vm-builder "vmbuilder completely fails on Quantal due to kernel pae detection failure" [Undecided,New] https://launchpad.net/bugs/1037607
<hallyn> rbasak: i believe it was at oneiric that we decided to phase out vmbuilder
<hallyn> maybe it was natty
<rbasak> hallyn: what should I be using instead?
<hallyn> anyway first i'll be focusing on bugs 1035320, 997978 and 1037331
<uvirtbot> Launchpad bug 1035320 in libvirt "free(): invalid pointer" [High,Confirmed] https://launchpad.net/bugs/1035320
<uvirtbot> Launchpad bug 997978 in qemu-kvm "KVM images lose connectivity with bridged network" [High,Confirmed] https://launchpad.net/bugs/997978
<uvirtbot> Launchpad bug 1037331 in lxc "lxc-create should clear the cache when interrupted" [Medium,Triaged] https://launchpad.net/bugs/1037331
<hallyn> rbasak: cloud images?
<uvirtbot> New bug: #1037626 in lxc (universe) "lxc-create wastes disk space by keeping installation debs" [Undecided,New] https://launchpad.net/bugs/1037626
<freakynl> _ruben: thx :)
<p0s> i just figured out a fundamental security issue with terminal-only ubuntu machines: if i run malicious software with a restricted account, the terminal typically allows full control of everything which is displayed on screen. the software therefore could fake the whole shell and when i type "logout" it could display its own fake login screen to grab passwords for other accounts. if it cannot "su" to the user account which i entered the data for, it
<p0s> could just display "wrong password" and drop to the real login screen. it could repeat this until it has acquired root.
<p0s> i am wondering whether there is a standard fix to this vulnerability?  IMHO the easiest would be a reserved key on the keyboard which forces logout, which cannot be re-directed by any software, and which cannot be even monitored by non-root software. is there a software which allows this?
<hallyn> friend of mine harvested a slew of passwords that way in 1994
<p0s> another solution would be to make /etc/issue only readable by root and make it display a special private "reverse" password, that is a password which the system login screen displays to authenticate itself to the user. however i think it is questionable whether all system software treats /etc/issue as private?
<p0s> hallyn:  ewww.
<p0s> i think this issue is so severe that i cannot understand why there seems to be nothing against it in ubuntu or debian standard setup.
<hallyn> but the key already exists - google sysrq
<p0s> hallyn: i know about sysqr but AFAIK it is more of a debug settings than a standard key, isnt it?
<hallyn> p0s: no.  alt-syrq-k
<hallyn> see http://www.mjmwired.net/kernel/Documentation/sysrq.txt
<p0s> hallyn: ooh, just found that: http://en.wikipedia.org/wiki/Secure_Access_Key
<p0s> hallyn: your document says that it is not really a secure access key. line 138
<hallyn> p0s: i don't remember why that's there.  read the c2 reqs.  I suspect it does what you want, but not enough for government compliance purposes.
<hallyn> (or go ask on #ubuntu-hardened, they probably remember)
<p0s> thank you
<p0s> "alt+print+k" seems to work on my ubuntu 12.04 server
<zul> adam_g: looks like we have another weird ass ftbfs for nova http://pastebin.ubuntu.com/1151019/
<RoyK> any idea how long it should take for linux md/ubuntu to give up on a drive? I think one of my drives failed, some 15 minutes ago, and the system is still blocking i/o. shouldn't md get rid of this drive soon?
<hallyn> stgraber: I"m going to look at fixing bugs 1031043, 1037331, 1037626, 918327, and 1019398 in q.  Anything to add, or any objections?
<uvirtbot> Launchpad bug 1031043 in lxc "-t ubuntu -- -h still creates container" [Medium,Triaged] https://launchpad.net/bugs/1031043
<uvirtbot> Launchpad bug 1037331 in lxc "lxc-create should clear the cache when interrupted" [Medium,Triaged] https://launchpad.net/bugs/1037331
<uvirtbot> Launchpad bug 1037626 in lxc "lxc-create wastes disk space by keeping installation debs" [Medium,Triaged] https://launchpad.net/bugs/1037626
<uvirtbot> Launchpad bug 918327 in lxc "lxc-start exits success on failure when non-root" [Low,Confirmed] https://launchpad.net/bugs/918327
<stgraber> hallyn: looks good, can't think of something to add
<hallyn> thx, ttyl
<uvirtbot> New bug: #1036043 in mysql-5.5 (main) "package mysql-server-5.5 5.5.24-0ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit code 1" [Undecided,Invalid] https://launchpad.net/bugs/1036043
<hallyn> stgraber: gah.  ubuntu:lxc tree is out of date
<hallyn> also, arm builds are out of date (?)
<hallyn> i guess i'll import-dsc into ubuntu:lxc
<hallyn> hm, dep wait
<hallyn> d'oh.  i need to make it only depend on seccomp on x86
 * hallyn files a bug for himself against himself 
<uvirtbot> New bug: #1037701 in lxc (universe) "lxc must only depend on seccomp for i386 and amd64" [Critical,In progress] https://launchpad.net/bugs/1037701
<uvirtbot> New bug: #1037723 in walinuxagent (main) "move init functionality to cloud-init" [Undecided,New] https://launchpad.net/bugs/1037723
<uvirtbot> New bug: #1037727 in cloud-init (main) "support adding region/availability to mirror selection" [High,Triaged] https://launchpad.net/bugs/1037727
<uvirtbot> New bug: #1037738 in openssh (main) "race condition in init script" [Undecided,New] https://launchpad.net/bugs/1037738
<shadeslayer> has anyone here setup a custom apt archive using reprepro?
<Daviey> adam_g: hey
<Daviey> Are you currently working on the lessc issue with horizon?
<adam_g> Daviey: i was looking at it yesterday
<adam_g> Daviey: https://answers.launchpad.net/horizon/
<adam_g> Daviey: er, https://answers.launchpad.net/horizon/+question/20592
<adam_g> Daviey: gabriel's suggestion seems... not feasible
<sauce> if i want to config static IP, it is "sudo dpkg-reconfigure <what goes here>??"
<jpds> sauce: sudo vim /etc/network/interfaces
<sauce> i want the text UI
<jpds> sauce: That is a text UI.
<jpds> sauce: And $ man interfaces
<sauce> i think you know what i mean good sir :)
<jpds> No, dpkg doesn't handle networking.
<adam_g> Daviey: i'd think you would be able to use the lessc interpreter to generate all of the static files from a directory of the dynamic .less files. if thats the case, we could snapshot it all at the end of the cycle, and include it in our packages instead
<Daviey> adam_g: right.. so i was thinking.. we either compress at source package creation time.. using something smarter..
<Daviey> OR.. if using it at run time.. make node a Suggests: and wrap usage in an if statement
<Daviey> what do you think?
<Daviey> ie, compressing isn't /required/
<sauce> jpds: i think you are right, cause i can't find it
<Daviey> adam_g: requiring nodejs as a source package developer dep is ok.
<adam_g> Daviey: what do you mean 'something smarter
<adam_g> TBH yesterday was the first time i've ever looked at anything like this, so i don't fully grok it yet
<Daviey> adam_g: smarter than the lp-answers suggestion
<adam_g> Daviey: oh, right
<sauce> jpds: i think i was thinking of centos
<adam_g> Daviey: same. AFAIU, lessc can be used to generate the static files
<adam_g> Daviey: but i had no luck with that yesterday given the horizon source tree, so..
<Daviey> adam_g: the other option is making node a Suggests and adding to the settings, if os.path.exists('/usr/bn/node'): COMPRESS_ENABLED = False
<adam_g> Daviey: if compression is diabled, it would expect static versions of the js and css files, no? those would need to be generated and included in packaging
<Daviey> pass.
<adam_g> pass?
<Daviey> NFI :)
<adam_g> im going to open a bug so we can at least discuss and track there, hopefully with some help from people who know how this stuff works :)
<Daviey> +1
<adam_g> Daviey: in the menatime, http://people.canonical.com/~agandelman/nova-fail.tar <-- is there any obvious reason why 'debcommit' is failing with the given changelog?
<adam_g> oh jeez, there are 18 entries for the last versoin
<Daviey> adam_g: looking
<Daviey> adam_g: all the same version number?!
<adam_g> Daviey: ya, thats what the issue is
 * adam_g probably broke the build-script 
<Daviey> adam_g: dave@frap:/tmp/horizon-2012.2~f2$ bin/less/lessc ./openstack_dashboard/static/dashboard/less/horizon.less <--- seems to work
<adam_g> Daviey: ya, there a few that actually compile into something.
<Daviey> adam_g: some of them don't.. but i think that is because of inheritance
<Daviey> horizon.less seems to be the lowest level of the stack, that imports the other crud.
<smw_> how can I test if a cable is physically plugged into my server?
<smw_> (ethernet cable)
<smw_> nm, find mii-tool
<jcastro> jamespage: hey so don't take this the wrong way
<jcastro> but your blog background thing makes the whole thing unreadable
<kyle__> On server, if I install ubuntu-desktop, will I get unity, and still have it boot right to console?
<smw_> kyle__, no, it would end up starting X at boot
<smw_> you would need to disable the lightdm service
<smw_> but you probably do not want ubuntu-desktop for a couple reasons
<smw_> 1. it installs a bunch of stuff you don't need
<smw_> 2. It installs unity and there are better options out there
<kyle__> smw_: I'm putting togeather a VM that I want a desktop on, but form my experience X run out of vncserver is more responsive on a VM, than X run off of the virtualized video card.
<kyle__> smw_: For me, I'd go with xfce4, but we wanted to have unity for those who were fond of it.
<smw_> heh, people are fond of it? That is interesting...
<hallyn> stgraber: oy.  autoconf is kicking my ass with seccomp, especially as the package build doesn't automatically fix up configure from configure.ac.  I'm tepmted to drop seccomp from q, and wait until it comes in through upstream
<hallyn> stgraber: do you care?
<kyle__> smw_: We have a few adventurous (for our school) undergrads who play with ubuntu.  They seem to like unity.
<hallyn> I'm also disheartened that i've not heard any response from Daniel :(
<kyle__> smw_: I don't want to give them the impression that *nix is arcane, and I worry they'll feel that way if I force them into xfce or something odd.
<smw_> kyle__, yeah, if they are adventurous, give them gnome-shell and point them to extensions.gnome.org ;-)
<stgraber> hallyn: well, I'd rather have the features before feature freeze... didn'y you switch to dh-autoreconf to workaround that kind of problem?
<hallyn> i thought so
<smw_> kyle__, but anyways, that makes sense. I just can't stand unity. I gave it a fair hearing. I also put the same effort into gnome shell afterwards and ended up choosing gnome-shell
<smw_> kyle__, but if giving it to people who have never seen linux before, I still recommend xfce
<kyle__> smw_: Adventurous for this school is, opened terminal on OS X, or mounted network drive from CMD in windows.
<hallyn> all right let me give it just a bit more time i gues
<smw_> kyle__, even if it is not pretty and to some that would make it look "arcane" ;-)
<smw_> kyle__, lol
<hallyn> stgraber: note if i dropped it, it wouldn't go back in until r
<kyle__> smw_: I've banished windows from all hardware, it's only available via virtualbox, and so far I've received no push back.  Most of my users are now comfortable using OS X and Ubuntu instead.  Baby steps.
<smw_> kyle__, nice
<hallyn> stgraber: am i supposed to manually call autoreconf?  i don't see anything in dh_auto_configure or debhelper manpages about it
<smw_> kyle__, I don't know how people deal with unity... but whatever
<smw_> kyle__, people will grow up using it and then eventually I will be considered the old guy who refuses to change :-P
<stgraber> hallyn: I think there's a new shiny --with autoreconf or something similar
<kyle__> smw_: On reasonable physical hardware  it doesn't get in the way enough for most people to change it.  And the big "CLICK ME!" buttons for office and firefox make it easy for newbs.
<stgraber> hallyn: man dh-autoreconf
 * kyle__ still uses fluxbox when he can.
<stgraber> hallyn: apparently --with autoreconf is what you want
<hallyn> for all dh commands?
<hallyn> huh
<smw_> kyle__, fair enough
<smw_> kyle__, but once you start working with multiple workspaces...
<hallyn> stgraber: so is the '--with autotools_dev' that's in there bogus?
<smw_> kyle__, at this point. I suggest gnome-shell to someone who has the time to figure it out
<smw_> kyle__, and xfce to the people who need something to just work :-)
<hallyn> (trying)
<stgraber> hallyn: it might be doing something else, don't know. You can have multiple --with statements IIRC
<hallyn> yeah it didn't complain about it at least
<hallyn> stgraber: thanks.  that still leaves my painful inability to get the right flags passed to gcc, but i'll figure it out :)
<hallyn> ah actually i think that fixed that too
<hallyn> stgraber: thanks
<hallyn> (now configure just fails on arm.  i prolly messed up configure.ac)
<jamespage> jcastro, which browser do you use?
<trimeta> Are there any disadvantages to running smartctl tests on a regular basis? I'm considering writing a cronjob to test my drive once a week (well, it's an array of six drives, so each day I'd test a different drive), but I don't know if overtesting can cause problems.
<RoyK> bug 882485
<uvirtbot> Launchpad bug 882485 in ubuntu "[needs-packaging] Sanlock" [Wishlist,Confirmed] https://launchpad.net/bugs/882485
<RoyK> seems ubuntu is a kiddie distro to me
<PatrickDK> trimeta, test slow down the disks
<PatrickDK> generally not noticable, but it can cause strange delays though
<trimeta> Sure. But if I schedule it at like 3 AM when I'm unlikely to be using the disk, are there any other issues?
<PatrickDK> other than the normal issues? no
<trimeta> OK. I think I'll schedule that, just to give me some peace of mind on disk integrity.
<PatrickDK> the only test worth running, is the long test
<trimeta> I figured as much.
<trimeta> I don't need anything fancy to install a cronjob, just dropping a script in /etc/cron.daily/ should work, right?
<hallyn> trimeta: yup.
<hallyn> (i usually prefer to use my crontab so i have precise control, but...)
<trimeta> Awesome. I had a...slight problem with an earlier system (I had RAID 5, but when the system shut down due to unknown errors I turned it back on and waited a few weeks before actually diagnosing it, by which time a second drive had died), so I'm being really paranoid about this one.
<SpamapS> hallyn: feature request for the ubuntu-cloud template... allow some way to have the tar file un-gzipped in cache...
<SpamapS> hallyn: creating containers just sits and pegs my poor little core2duo
<SpamapS> root     18588 21.7  0.0  23896  2068 pts/4    S+   15:51   0:02                          \_ tar -zxf /var/cache/lxc/cloud-precise/u
<SpamapS> root     18589 81.8  0.0   8936   660 pts/4    R+   15:51   0:09                              \_ gzip -d
<hallyn> SpamapS: soudns fine to me.  i do prefer to leave ubuntu-cloud template to utlemming.  utlemming: ^ sound ok?  do you have time to do it, if so?
<SpamapS> hallyn: ah. :)
<SpamapS> its possible I'll just be trading a pegged CPU for a pegged slow hard disk :p
<hallyn> SpamapS: a slightly more cramped disk, but not by much.  no it's probably worth it
<phillw> hi guys, I put a daily build onto a VM and it hung at the 4 dots. do you guys know of a way to get an error report from a remote VM?
<phillw> quantal-server-amd64.iso from yesterday
<xnox> phillw: please define yesterday in terms of image date =) as half the world has switched time now =)
<xnox> s/time/date
<xnox> phillw: according to https://jenkins.qa.ubuntu.com/view/Quantal/view/ISO%20Testing%20Dashboard/
<xnox> last good image is 20120815
<xnox> for server
<phillw> xnox: okies, I'll go zsync it up and give it a try. Do any of you have a decent b/band speed?
<xnox> phillw: i do.
 * xnox has 100 Mbit/s
<phillw> I'm happy to assign the last IPv4 and VM over to one of you guys, you can use it far more efficiently that I can.
<SpamapS> hallyn: I dunno, might not be as much of a win as I thought
<phillw> I'm lucky to get 512 Mb/s
<xnox> phillw: not sure i need an IPv4 address. I am happy that HP has two blocks 15.* & 16.* because they now launched public cloud with all of those IPv4s ! Win =)
<phillw> xnox: okies, if you do need that last ipV4, I can allocate it else where.
<xnox> phillw: _I_ do not need it personally. But somebody else here might ;-)
<phillw> it was reserved to test 12.10 server on a commercial VM
<phillw> I can go allocate it to another team.
 * xnox is not part of this team =)
<SpamapS> weird
<SpamapS> one container created with lxc-create manually works fine. the other one gives a perm denied when I run sudo while chrooted into its rootfs
<SpamapS> or while the contianer is running
<SpamapS> same perms..
<SpamapS> open("/etc/sudoers", O_RDONLY)          = -1 EACCES (Permission denied)
<SpamapS> hmmm.. locales...
<stgraber> SpamapS: assuming you're getting this as root, that sounds like an apparmor weirdness
<stgraber> SpamapS: anything relevant in dmesg?
<SpamapS> stgraber: nothing
<SpamapS> lxc-start does keep hanging enough for the hung process timer to kill it
<SpamapS> and lots of these:
<SpamapS> [193915.264149] unregister_netdevice: waiting for lo to become free. Usage count = 1
<stgraber> oh, good, the kernel team was looking for people who can reproduce that on ^
<SpamapS> oh?
<SpamapS> Linux clint-MacBookPro 3.5.0-8-generic #8-Ubuntu SMP Sat Aug 4 04:42:28 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
<SpamapS> I haven't rebooted in a while
<stgraber> yeah, I've tried reproducing it here without much luck, it showed up a month or so ago
<SpamapS> oh and I have like, 30 veth network-interface-security upstart instances running
<stgraber> bug 1021471
<uvirtbot> Launchpad bug 1021471 in linux "stuck on mutex_lock creating a new network namespace when starting a container" [Medium,Incomplete] https://launchpad.net/bugs/1021471
<SpamapS> stgraber: still the two seem unrelated. :-P
<stgraber> yeah, the sudo stuff is really weird... might be worth starting it unconfined to check if it's apparmor or some other weirdness
<stgraber> anyway, please confirm bug 1021471, that might help the kernel team figure out what they broke ;)
<uvirtbot> Launchpad bug 1021471 in linux "stuck on mutex_lock creating a new network namespace when starting a container" [Medium,Incomplete] https://launchpad.net/bugs/1021471
#ubuntu-server 2012-08-17
<CyclicFlux> I was curious if anyone had any idea why ubuntu did not have a make.conf, for compilation settings+c-flags, etc... For example more BSD-like systems, i.e. Gentoo & Archlinux have make.conf or makepkg.conf's
<CyclicFlux> I just was not able to find anything on the net about it.
<xnox> CyclicFlux: because we are a binary distribution and we only offer pre-compiled packages.
<xnox> CyclicFlux: we do have dpkg-buildflags for example
<CyclicFlux> xnox, Yes I know, with that said, there are utilities to compile from source/etc... i.e. apt-build, which I am playing with right now, I mean the system comes with gcc
<CyclicFlux> So I was just curious where one would find that info/information, aside from /cat/proc/cpu
<CyclicFlux> sorry *'cat /proc/cpu'
<CyclicFlux> lol
<CyclicFlux> But what I may not have been so clear on above is that ubuntu now has a utility, with a few helper utilities for compiling code from source, apt-build.
<CyclicFlux> and I was setting the make options for it, etc...
<xnox> compiling packages with specific cpu optimisations makes the resulting deb packages not portable to other machines. hence we compile to the lowest/common denominator
<CyclicFlux> xnox, I def. know that I am not really into portability for my own system software. However for c, c++, java, python, etc... I def. go for portability. I am trying to optimize some of my system packages
<patdk-lap> sounds like you want gentoo :)
<Assid> hmm i think cause  iam using apt-fast .. the firewall isnt closing the connections quick enough.. and hence its getting stuck
<Assid> how do i reduce the number of connections apt-fast makes ?
<yahoo> hi
<iToast> Hi
<iToast> I'm having a problem doing ./Config for anope...
<iToast> even as root
<iToast> i dont have permission to do it.
<MacroMan> Just installed 12.04 on a new server. Having some boot problems. When I boot, it gets past grub, but then nothing. Blank screen, not online (can't ping server). If I move the selector on the grub screen, but still choose the top option, it then boots.
<MacroMan> Well sort of, I have another problem after that.
<MacroMan> The other problem I have is when I do get past grub, it boots to ramdisk and I have to type exit at this prompt for it to continue.
<MacroMan> Could be connected
<MacroMan> Ah, never mind, found solution here: http://ubuntuforums.org/showthread.php?t=1976617
<dax_roc> Morning all
<dax_roc> I've done a test upgrade on a VM instance from 10.04 to 12.04 and performance has become slugish at times. There's very little wa and no swapping going on. It's under minimal load.
<dax_roc> *slugish, lags for upto 40seconds
<maxagaz> I'd like to encrypt a text file in a simple way, what should I use ?
<jpds> maxagaz: openssl, gnupg, ...
<maxagaz> jpds: I don't want to have to use some key file to do it
<maxagaz> just a passphrase
<jpds> maxagaz: Those both have options just for that.
<maxagaz> jpds: and both can easily be decrypted from ios ?
<maxagaz> from some ios code
<jpds> maxagaz: ios, as in Cisco, or Apple?
<maxagaz> apple
<jpds> maxagaz: No idea.
<apw> Daviey, hey, is there a guide for using cloud-init?  i am using openstack but doing things "the hard way" and would like to find some examples or the like of how we are expected to do things
<koolhead17> apw: there is i suppose
<koolhead17> https://help.ubuntu.com/community/CloudInit
<apw> koolhead17, ta
<Daviey> apw: if that doc isn't suitable, feel free to shout back for more
<Daviey> apw: what are you trying to outcome?
<apw> Daviey, thanks, i think now i have spotted just giving it #!/bin/bash lets me run my own code, i can just use that
<Daviey> apw: ok, if you are doing anything funky, would be interested in hearing out it. :)
<apw> Daviey, initialise an instance doing data handling, right now i start the instance, wait for it to start, pull the IP addy, ssh in, run random things to init it
<Daviey> apw: switching kernel?
<apw> Daviey, clearly the kind of shenanegans that cloud-init is designed to avoid one needing to do
<apw> Daviey, nope just a stock instance, all very simple, install two packages, bzr checkout some stuff, add cronjob, done
<Daviey> apw: sounds good.. if you get success, blog posts for this are always appreciated :)
<apw> Daviey, ok :)
<apw> Daviey, how big can your cloud-init data be ?
<apw> before one needs to host it
<Daviey> apw: 16K for the whole user-data
<apw> Daviey, ok so pretty big
<Daviey> apw: you can also gzip
 * Daviey screams at keyrings.
<uvirtbot> New bug: #1038044 in munin (main) "munin-node: apt_all does not Grok Ubuntu (possible regression)" [Undecided,New] https://launchpad.net/bugs/1038044
<apw> Daviey, is there any way to reboot in cloud-init, as you offer update which may pull in a new kernel, does that reboot automatically?
<Daviey> apw: it does not
<apw> Daviey, that seems like something it should grow really
<Daviey> apw: yeah, smoser might like that suggestion
<smoser> apw, you're saying you want first boot to say "oh, i need a new kernel", "apt-get update && apt-get install <kernel-update> && reboot" ?
<apw> smoser, well i suppose i am saying i want "when i seleect update/upgrade mode that if a new kernel was installed to reboot and continue"
<apw> or something
<apw> smoser, the kernel does drop something to tell you, as the notifiers notice it
<smoser> that was my next question.
<apw> /usr/share/update-notifier/notify-reboot-required
<smoser> hm..
<smoser> thats a bad location for it
<smoser> is it not?
<smoser> something has to clean that up on next boot?
<smoser>  /run would seem better.
<apw> i think that is an _input_ to update-notifier rather than an output from the kernel
<apw> and indeed /run would seem more appropriate these days
<smoser> well, there was /var/run before.
<smoser> :)
<smoser> so, apw, open a bug. i dont think its unreasonable. i would'nt make it the default though.
<smoser> i think its a good suggestion
<smoser> thank you.
<apw> smoser, no a nice new option perhaps .., against ?
<smoser> cloud-init
<smoser> rbasak, did you make my apt massively parralelizable yet?
<smoser> (downloading)
<smoser> although, if rbasak made installation parallelized too, that'd be cool
<Daviey> smoser: openssl emits notify-reboot-required aswell
<smoser> emits ?
<smoser> as in an upstart event?
<apw> Daviey, i assume my user init stuff is only run the first boot?  nothing later ?
<Daviey> apw: correct
<smoser> apw, right.
<smoser> and it would makr that the upgrade had already been done
<Daviey> smoser: no, sorry.. creates the file
<smoser> this is half way through the normal update.
<smoser> er... hte normal boot.
<Daviey> smoser: fwiw, byobu also looks for that file
<smoser> so some things would occur the "first time" on the "second boot"
<smoser> i wonder what cleans it.
<apw> smoser, probabally the silly notifier thing, as it didn't go away on reboot :/
<smoser> anyway. this is doable. the biggest issue is that cloud-init gets ticked off when 'reboot' occurs while its running.
<smoser> apw, i can just have cloud-init do:
<smoser>  reboot && rm -f that-silly-file
<smoser> or the reverse order.
<Daviey> apw: err, are you sure it;s /usr/share and not /var/run?
<Daviey> ahh
<Daviey> yes
<Daviey> /usr/share/update-notifier/notify-reboot-required is the script.. /var/run/reboot-required is the file to touch
<Daviey> so [ -f /var/run/reboot-required ] reboot
<apw> Daviey, oh, we run that ... doh
<Daviey> zul: the precise-staging uploads haven't been through CI yet, right?
<Daviey> .. and still no way to point CI to a PPA branch, is there?
<Daviey> s/branch//
<zul> Daviey: no...you would have to talk to adam_g about that
<Daviey> ta
<Japje_> dea?/w 156
 * apw screams at launchpad, timeing out when filing bugs today
<Daviey> apw: we found, our bug stats improve if the bug tracker doesn't function. The intention is, that you'll walk away, and we'll have less bugs raised.. improving our stats
<apw> Daviey, its working
<Daviey> apw: dammit
<apw> Daviey, am talking to launchpad peeps, probabally DC related
<apw> smoser, bug #1038108
<uvirtbot> Launchpad bug 1038108 in cloud-init "cloud-init should offer an option to reboot following updates if the kernel was changed" [Wishlist,New] https://launchpad.net/bugs/1038108
<AdvoWork> if i've just done sudo apt-get update  can i now see a list somehow of what it's going to upgrade?
<smoser> apw, gracias.
<smoser> AdvoWork, you can type 'apt-get dist-upgrade'
<smoser> and it will prompt you
<smoser> before you continue (ie, that is safe)
<smoser> you can also : apt-get dist-upgrade --dry-run
<AdvoWork> smoser, i dont mean for a dist upgrade,i mean just general new packages etc?
<smoser> that is what dist-upgrade is
<smoser> dist-upgrade is not "upgrade me from 11.10 to 12.04"
<smoser> (that is a common source of confusion)
<RoyK> AdvoWork: dist-upgrade just takes you the latest updates in your current distro version
<RoyK> do-release-upgrade (not apt-get) takes you to next distro
<RoyK> next release, even
<RoyK> or next LTS release if you were running one
<uvirtbot> New bug: #1038108 in cloud-init (main) "cloud-init should offer an option to reboot following updates if the kernel was changed" [Wishlist,New] https://launchpad.net/bugs/1038108
<AdvoWork> ahh ok i see, so dist-upgrade is just listing whats available since doing udpate?
<AdvoWork> *update
<smoser> AdvoWork, update is only "download the listings of what is available"
<smoser> "upgrade" is "apply them"
<smoser> ('dist-upgrade' is just a more complete version of 'upgrade')
<AdvoWork> smoser, thanks
<AdvoWork> I have a further query, if doing a symbolic link(so at the moment nothing exists in /auto/) is it ln -s /etc/myconfig.cfg /auto/  so that will make auto/myconfig  (which links to /etc/myconfig.cfg) ?
<smoser> AdvoWork, i think the answer is yes.
<smoser> (as in if i understand the question properly)
<AdvoWork> but now I've got: lrwxrwxrwx 1 root root   14 Jun 20 15:54 test -> ../cfg/test  (and the first test is blue). I've just done: ln -s cfg/new auto/  which has made it, but new is red. the permissions are the same, any ideas what the colour difference means?   replacing myconfig.cfg with "new"
<AdvoWork> fixed it
<zul> smoser: ping did the config-drive v2 make it in yet?
<smoser> zul, yes.
<zul> smoser: cool just updating blueprints
<uvirtbot> New bug: #1028711 in glance (main) "glance-api.conf contains incorrect sqlite connection string path" [Undecided,Fix released] https://launchpad.net/bugs/1028711
<uvirtbot> New bug: #1030152 in glance (main) "missing dependency on python-jsonschema" [High,Fix released] https://launchpad.net/bugs/1030152
<zul> Daviey: f3 is uploaded
<SpamapS> hallyn: ok so perhaps I am running into the umask problems...
<SpamapS> hallyn: re the "failing to open /etc/sudoers" problem I was whining about yesterday
<hallyn> SpamapS: i didn't see that whine.
<hallyn> SpamapS: i've grepped and am not sure where the umask is being set.  though i may have been looking at the wrong juju version
<hallyn> (since only some seem to have the probem)
<SpamapS> hallyn: you did you're just forgetting I think
<hallyn> heh could be
<SpamapS> /usr/bin/lxc-ls: line 36: cd: /sys/fs/cgroup/cpuset///lxc: Permission denied
<SpamapS> thats also kind of weird
<SpamapS> isn't it?
<hallyn> SpamapS: *that* is umask problem at lxc-start
<hallyn> lxc calls mkdir() and passes in the righ tmode to create the lxc dirs
<hallyn> yes, i suppose lxc could save the umask, set its own, do mkdir, then reset umask, but that's kind of silly
<SpamapS> hallyn: so is that possibly caused by umask tightening on sudo run commands from 0002 to 0022 ?
<hallyn> i'd prefer to have lxc-start and lxc-create fail on bad umask
<hallyn> iirc juju was actually doing 0077 umask
<SpamapS> $ sudo bash -c 'umask'
<SpamapS> 0022
<hallyn> edit lxc-create to save its umask to a tmpfile, create a container with juju, see what it sa\ys
<hallyn> we always call lxc through sudo so i don't think so
<smoser> utlemming, i just pushed fix for growpart and nbd or loop devices
<utlemming> really? cool, I'll take a look...does it apply only to lucid?
<utlemming> smoser: ^
<smoser> i think i dont understand thw question.
<utlemming> smoser: where is the commit?
<smoser> cloud-utils upstream just never worked for /dev/nbdX or /dev/loopX
<utlemming> ah, okay, now I understand what you're saying
<utlemming> smoser: I'll address the build system then for it
<SpamapS> hallyn: ok confirmed that the umask is 0077 when the template runs
 * SpamapS tracks down "why"
<smoser> utlemming, right.
<utlemming> smoser: what did we decide to do with lucid full disk images? drop them or we're we going to choose an arbitrary size for the disk images?
<smoser> we could sru that easily enough. but not really necessary forthis.
<smoser> i dont know what to do there.
<smoser> anything over 5G seems "too big" for some use cases.
<smoser> and its a PITA to resize down
<smoser> anything under 5G seems "too small"
<smoser> so i really dont know what to do
<smoser> maybe 10G isn't too small. i dont know.
<utlemming> smoser: right...could we SRU the cloud-init-ramfs that does that?
<utlemming> smoser: I know that's a long shot, but it seems like with openstack and others that we might be able to make a compelling case for doing so
<smoser> no. we can't really sru that.
<smoser> its a new package.
<smoser> i dont know. you could ask what sru team thought about it
<smoser> it is very stable and very limited use case.
<utlemming> right
<smoser> but it'd mean getting cloud-utils growpart back to lucid (not hard), *and* cloud-initramfs-utils a new package added to lucid.
<smoser> (and in main)
<smoser> i personally would'nt want to waste my effort.
<utlemming> ugh, yeah, that wouldn't work
<smoser> so for lucid on openstack, right now you have 2 less than ideal things:
<utlemming> so I'm leaning towards make arbitrary 10G images and just saying that's a limitation of lucid
<smoser> a.) the uec images: these use kernel and initramfs directly, meaning kernel upgrades dont work
<smoser> b.) the "full disk images".  these support kernel upgrades, but without manual user action, the root filesystem is 1.4G , unless we choose a different size for them.
<smoser> and 'a' has a work around, the loader kernel (http://people.canonical.com/~smoser/lucid-loaders/)
<smoser> utlemming, checking resultant size of 10G
<utlemming> I resized one yesterday -- the qcow2 size is only slightly bigger
<smoser> yeah. for the one i tried i see
<smoser> $ ls -lh /archive/mirrors/uec/lucid/current/lucid-server-cloudimg-amd64-disk1.img disk1-10G.img
<smoser> -rw-r--r-- 1 mirror mirror 216M Aug 17 01:51 /archive/mirrors/uec/lucid/current/lucid-server-cloudimg-amd64-disk1.img
<smoser> -rw-r--r-- 1 root   root   217M Aug 17 12:34 disk1-10G.img
<smoser> 216M -> 217M
<smoser> i would have expected more dirty-ness inserted
<smoser> so maybe, yeah, 10G images sound resonable.
<smoser> but we should send a mail to ubuntu-cloud announcing them and their issues.
<utlemming> okay, I'll do that
<smoser> utlemming, we/you are targetting next wednesday for your cloud-init image creation changes, right?
<smoser> that is FF.
<utlemming> smoser: yes sir
<smoser> ok.
<smoser> harlowja and i put this together for cloud-init work
<smoser> http://pad.daviey.com/cloud-init-for-quantal
<med_> zul, where are we with releasing an openstack based on 2012.1.2 (and sorry if you've been asked this already) ref: http://lists.openstack.org/pipermail/openstack-announce/2012-August/000020.html
<zul> med_:  we are going to start looking at it next and it will be in -updates when its finished
<med_> nod.
<smoser> utlemming, ok. so i just tested natty
<smoser> and i hit a race condition i think
<utlemming> race where?
<smoser> i think its this race:
<smoser> https://bugs.launchpad.net/ubuntu/+source/cloud-initramfs-tools/+bug/937352
<uvirtbot> Launchpad bug 937352 in cloud-utils "root partition may not be grown" [High,Fix committed]
<smoser> but the result is different.
<smoser> root was resized, but then mount failed
<smoser> in 2 instances i launched, i saw it once
<smoser> http://paste.ubuntu.com/1152972/
 * SpamapS gets closer to chasing down this 0077 umask
<utlemming> smoser: is this a udev race? from the log you can't tell whether it /root or ../cloudimg-rootfs that is missing
<smoser> utlemming, what happens is this:
<smoser>  * root is mounted
<smoser>  * growroot runs, and calls growpart $ROOT_DEVICE
<smoser>  * growroot unmounts $ROOT_DEVICE
<smoser>  * growroot mounts root device
<smoser> (i'm not usre about the order on those in natty)
<smoser> but the issue is after unmounting and at the instance when the mount tried, udev had deleted the devices and not yet recreated them.
<smoser> (oneiric likely suffers from some similar issue, although i've not really seen it)
<utlemming> that's what I saw going on
<smoser> i think for natty the best thing to do is just not create the -disk1.imgi files.
<uvirtbot> New bug: #460925 in lxc (main) "Kernel log message corruption due to incomplete /proc separation" [High,Triaged] https://launchpad.net/bugs/460925
<Daviey> adam_g: what would it take to be able to deploy openstack in ci, from a PPA?
<Daviey> adam_g: there seems to be two obvious ways that jump out at me.. either the dput support jamespage was working on, to dput to jenkins, and test the package, then forward it to the PPA
<Daviey> or the second. byhand say.. "test this whole PPA"
<Daviey> what do you think?
<adam_g> Daviey: you just set a flag in each charm's config that points to a PPA
<adam_g> Daviey: we already do that, and point it at the local CI reprepro archive
<adam_g> Daviey: http://paste.ubuntu.com/1153070/
<adam_g> Daviey: that will install all components from the trunk testing ppa
<Daviey> adam_g: right.. but how hard for someone to ssh in, run ./test_from_staging.sh :)
<adam_g> Daviey: ideally nobody would be doing that
<adam_g> Daviey: you'd login to jenkins and hit a button instead :)
<Daviey> adam_g: sounds super... have you done it? :)
<adam_g> Daviey: for that specific PPA, no
<adam_g> Daviey: but thats essentially how all of our testing works
<Daviey> adam_g: right.. i get that.. but this differs.
<adam_g> Daviey: how so?
<Daviey> adam_g: just that it is on-demand, rather than a trigger really
<Daviey> but hey, you know this more than me anyway :)
<Daviey> sounds like you have it in hand.
<adam_g> Daviey: right, so there'd be a job there that only triggers when someone hits the button. i have a similar job for installing everything from precise-proposed
<uvirtbot> New bug: #1038197 in samba (main) "samba changes in system-config-samba or /etc/smb.conf do not affect server" [Undecided,New] https://launchpad.net/bugs/1038197
<adam_g> Daviey: but that dput support sounds really cool and better, for testing certain things. deploying the entire cluster and debugging after its broken is a really expensive way to find trivial packaging mistakes
<zul> adam_g: you put in a new openvswitch in 12.04.1 didnt you?
<adam_g> zul: it looks like it never made it out of proposed
<adam_g> tho clint mentioned in bug that it was due out last monday
<adam_g> SpamapS: ^
<adam_g> bug #1021530
<uvirtbot> Launchpad bug 1021530 in openvswitch "[SRU] update to include stable fixes for OVS 1.4" [Medium,Fix committed] https://launchpad.net/bugs/1021530
<Daviey> adam_g: yeah!
<uvirtbot> New bug: #1038199 in bind9 (main) "Bind9 9.8.1 high CPU utilization" [Undecided,New] https://launchpad.net/bugs/1038199
<SpamapS> adam_g: for 12.04.1 they locked down precise-updates thats the only reason it hasn't been published
<SpamapS> adam_g: and now its Friday, so we'd rather not publish on a friday
<uvirtbot> New bug: #1034946 in dnsmasq (main) "dnsmasq and network manager broken if dnsmasq package has 'enable-dbus'" [High,In progress] https://launchpad.net/bugs/1034946
<zul> adam_g: bah
<smoser> hallyn, ping
<smoser> do you have a simple example of working libvirt xml for a domain on virbr0
<hallyn> sure, does http://people.canonical.com/~serge/cdboot.xml suffice?
<smoser> hallyn, thanks. thas similar to what i have that wasn't working :-(
<smoser> hallyn, ugh.
<smoser> thi sis frustrating
<smoser> http://paste.ubuntu.com/1153232/
<smoser> this works: sudo kvm -drive if=virtio,file=/tmp/lp-1035279/disk.img -curses
<smoser> this works: sudo kvm /tmp/lp-1035279/disk.img -curses
<smoser> but via libvirt it acts like it can't find anything to boot off of
<smoser> sits and spins trying to boot network, disk, network, disk
<zul> smoser: you are trying to play sol.exe arent you
<smoser> well, yes, but only because i just beat http://www.erikyyy.de/invaders/
<hallyn> smoser: i dunno, should work...  does it work without the 'boot order', or with order set to 0?
<hallyn> smoser: youdon't have the boot dev=hd tag that i have in cdboot.xml
<hallyn> (part of the <os> tag)
<smoser> GAH!
<smoser> hallyn, i blame you
<zul> bbl
<smoser> you are the reason we can't boot in 512k of memory anymore.
<smoser> clearly, 64k *should* be enough for anyone.
<smoser> but not even grub
<Daviey> hah
<hallyn> smoser: it's because i'm always pushing for all that eyecandy and video
<uvirtbot> New bug: #1031761 in python-warlock (universe) "[MIR] python-warlock" [Undecided,Fix released] https://launchpad.net/bugs/1031761
<uvirtbot> New bug: #1031757 in python-django-compressor (universe) "[MIR] python-django-compressor" [Undecided,Fix released] https://launchpad.net/bugs/1031757
<uvirtbot> New bug: #1032242 in python-cliff (universe) "[MIR] python-cliff" [Undecided,Fix released] https://launchpad.net/bugs/1032242
<uvirtbot> New bug: #1031759 in python-django-appconf (universe) "[MIR] python-django-appconf" [Undecided,Fix released] https://launchpad.net/bugs/1031759
<seijirou> My MaaS / JuJu deployment has an issue after a 'juju destroy-environment' did not complete successfully.  I no longer have an environment but nodes are still marked as deployed.
<seijirou> Any ides on how I would "release" them?
<Daviey> hallyn: hey, KSM should allow greater density of concurrent VM's right?
<uvirtbot> New bug: #1036101 in postfix (main) "package postfix 2.9.3-2~12.04.2 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 75" [Undecided,New] https://launchpad.net/bugs/1036101
<uvirtbot> New bug: #1036817 in postfix (main) "package postfix 2.9.3-2~12.04.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/1036817
<ScottK> ^^^ someone please go explain that the error message actually explains you have to fix your configuration if you would actually read the error message that is.
<uvirtbot> ScottK: Error: "^^" is not a valid command.
<moep> I have a problem with kerberos: "kinit: Client not found in Kerberos database while getting initial credentials" all I did was follow the Kerberos guide on two VMs but on the client kinit doesnt seem to work - see http://pastebin.ca/2195577 -any ideas?
<hallyn> Daviey: uh, well, yes, adn by quite a bit, but of course that just means that when things go wrong you'll get slammed all the harder
<Daviey> hallyn: right, just checking i wasn't going nuts.
<hallyn> Daviey: now if you're using larger pages, it's possible that ll of the pagecache wins you should gain are lost because of small offset differences...  not sure.  i've not really measured that
<seijirou> Anybody on able to to assist with MaaS ?    Following along here: https://wiki.ubuntu.com/ServerTeam/MAAS/Juju  I get stuck at juju bootstrap.
<seijirou> moep:  Your pastebin looks like you're running as root first, then as a user...  perhaps the user you're running kinit from is not registered?   http://linux.die.net/man/1/kerberos
<moep> seijirou: doesnt matter if I use root or a user, always the same
<seijirou> moep:  Hmm.  Well according to the kerberos man page, that error means you haven't been registered as a Kerberos user.  Maybe the guide is missing a step.
<moep> seijirou: accoring to wireshark that is a server reply that the principal I want to use does not exist, however listprinc tells me otherwise
<seijirou> Sorry i'm not having any brilliant ideas
<seijirou> .
#ubuntu-server 2012-08-18
<seijirou> .
<`4fun`> heya guys, do i need to install a certain package to enabled identd on my ubuntu server 12.04 ?
<uvirtbot> New bug: #1038356 in bind9 (main) "version contains epoch " [Undecided,New] https://launchpad.net/bugs/1038356
<tsoporan1> Hello all, I've just tried to upgrade my server from 11.10 to 12.04, while it seemed to finish OK, I am currently getting these errors when trying to install packages: http://dpaste.org/gcuww/ , I've tried searching but didn't find anything to resolve it. Any ideas?
<RoyK> dpkg --configure -a
<tsoporan1> RoyK: When I run that: http://dpaste.org/xQgeM/
<RoyK> perhaps try to dpkg --configure each package
<swatch> habla alguien espaÃ±ol o solo ingles? . speak spanish?
<Psi-Jack> swatch: Generally this is an English channel.
<swatch> ok thaks
<lordievader> swatch: There are some spanish channels though, however I don't think for ubuntu server.
<swatch> thanks lodievader
<swatch> I have problems with creating the virtualhosts in apache2. local network then am not resolve domains
<uvirtbot> New bug: #1035919 in mysql-5.5 (main) "package mysql-server-5.5 5.5.24-0ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 255" [Undecided,Invalid] https://launchpad.net/bugs/1035919
<uvirtbot> New bug: #1038414 in python-django-appconf (main) "package python-appconf (not installed) failed to install/upgrade: trying to overwrite '/usr/share/pyshared/django_appconf-0.5.egg-info/SOURCES.txt', which is also in package python-django-appconf 0.5-0ubuntu1" [Undecided,New] https://launchpad.net/bugs/1038414
<uvirtbot> New bug: #1038527 in postfix (main) "apport package hook is not installed" [Medium,In progress] https://launchpad.net/bugs/1038527
#ubuntu-server 2012-08-19
<phillw> hiyas xnox
 * xnox only lurks here when mdadm/lvm/cryptsetup comes up in a conversation
<phillw> xnox: one of the guys I run a VM area for found a new server system and released his VM back into our pool. A few days later, he said that it was a big mistake
<phillw> He then asked if I could re-create the VM
<phillw> I had his old ipV4 address still un allocated, and asked if he would be okay to run 12.10 server
<phillw> He said that he would be delighted
<phillw> I installed it and it hangs on the splash screen of four dots....
<phillw> As to why the heck server edition 12.10 has a splash.... pass.
<phillw> he has 12.04 working happily
<phillw> I have one free ipV4 if you guys want to go play. It's on an OVH dedicated server, so you guys need to sort out stuff.
<phillw> stgraber: was kind enough to pass me http://paste.ubuntu.com/1146080/ but as the server hangs on boot, it's not a lot of help to me :'(
<xnox> phillw: do you have physical access to it / is it a VM?
<xnox> boot second time -> choose recover -> remove "splash" => boot
<xnox> or hold down right shift I think to access that menu on first boot.
<phillw> the dedicated machine lives in France, I'm in UK
<phillw> I have one spare ipV4 for a fully set up VM if you'd like to use it.
<phillw> xnox: one of the things flagged in the recent survey from balloons (Nicholas) is that people consider QA to be "It works out of the box", currently 12.10 server does not.
 * ScottK thought the splash thing was supposed to be removed for 12.04 server.
<ariel__> can anybody tell me if it is a good idea to install lamp on my computer
<andol> ariel__: Do you have a use for a lamp stack on your computer?
<ariel__> well how much space exacly does there need be
<andol> ariel__: Well, for an exact answer that really depends on what depending libraries etc you already have installed. But for the basic packages I'd say 30MB or so.
<ariel__> how does lamp work like how do you configure it to have a web address
<_johnny> hi, i have a "bad" question on lvm. bad, because i've never used lvm, and neither has my buddy, on the box he has. i'm working through some tutorials to try and see if i can debug, so.. sorry for the ignorant question:
<_johnny> we have 4 drives, two lvms with two drives each. vgs shows one of them, but the other is missing. pvscan/vgscan shows only the one, and "in no VG: 0". all drives seem fine with smartctl, so i'm wondering if a switch in drive letters is at fault here? lvm is suppose to scan all /dev/*, so i'm not sure what our next move is
<_johnny> (for reference, i've been using http://www.novell.com/coolsolutions/appnote/19386.html)
<njin> Hallo, Im in MAAS with w3m, but if I select Add node, below appear the written `is not found` can you explain if I'm doing something wrong
<MoleMan-TP> is openVPN compatible with VPNSec or Cisco IntErconnect?
<MoleMan-TP> anyconnect rather
<qman__> no, OpenVPN uses its own SSL VPN method
<MoleMan-TP> okay,
<MoleMan-TP> thanks
<i7c> hi, i would like to use disk encryption on my ubuntu server, but i dont like the fact that it unmounts /home when no one is logged in to the system. how can i change that?
<phillw> i7c: can I ask why you would encrypt /home?
<i7c> runs on an notebook which sometimes is unattended and it contains personal data
<i7c> -an +a
<phillw> i7c: a notebook running server edition?
<i7c> yes indeed. an old netbook, just does its job perfectly :)
<phillw> I'm still puzzled - When the server goes to sleep - servers do not go to sleep?
<i7c> i didnt say it goes to sleep. it runs but it seems that when nobody is _logged in_ the /home partition is not mounted anymore
<i7c> so if i have processes running that want to read/write on home i start them and detach them, logout and they dont work anymore :/
<phillw> which means it is not running as a server, as they do not.
<i7c> phillw: sorry, i didn't get that
<phillw> i7c: using ecryption on a server is not the best way forward, I'd suggest setting up a LUKS area.
<xnox> i7c: you can either use ecryptfs or dm-crypt (LUKS)
<i7c> phillw: so i would install ubuntu server without /home partition encryption and set the area up after the installation?
<phillw> i7c: what do you think encryption achieves on your system?
<xnox> i7c: what do you mean by "unmounts home"? When you use ecryptfs the users home directory is unmounted, but it is only "/home/user" not all of home.
<xnox> i7c: ecryptfs can be added/removed as needed. dm-crypt (aka cryptsetup aka LUKS) needs a separate partition.
<phillw> xnox: I'd suggest that i7c does that, as an area to be kept 'seperate' is not the same as the maddening "do you want to encypt your home directory"
<xnox> i7c: please note, when the partitions are mounted & unlocked (unencrypted) that means that anyone can access those files (if they gain root for example)
<i7c> xnox: i meant that processes running with my user name can't access /home/myusername anymore after i logged out
<xnox> i7c: encryption will prevent somebody stealing the netbook and then trying to access the data.
<i7c> xnox: that's alright, i understood
<xnox> i7c: yes. you can choose not to logout, or keep ecryptfs unlocked if you want.
<i7c> xnox: how do i keep it unlocked? is there a setting?
<xnox> i7c: http://superuser.com/questions/339829/ecryptfs-not-automatically-unmount
<xnox> i7c: delete ~/.ecryptfs/auto_umount. Its an empty file so you can restore it with touch
<i7c> xnox: i see! nice.
<i7c> well i'll read a bit about ecryptfs and dm-crypt :) thanks xnox, phillw for your help!
<Troy^> hey guys i'm putting together a 800mhz p3 ubuntu sever for the house i got two 80gb ide hard drives and i think i want to raid them.  in Raid 1 can this mainly be done by a software raid?
<xnox> Troy^: yes.
<Troy^> xnox: what is best suggested for doing this?
<xnox> Troy^: use the installer, it has support for raid1. it will use mdadm
<Troy^> oh ok
<Troy^> that's perfect thanks
<xnox> Troy^: manual partitioning is your friend ;-)
<Troy^> i;m fairly new to the whole thing. have some experience. i think there is not a better way then to make a little server for the house. even though not exactly sure what i'll be doing with it yet. I should find some things fairly quickly though.
<xnox> Troy^: https://help.ubuntu.com/12.04/serverguide/index.html
<xnox> Troy^: https://help.ubuntu.com/12.04/serverguide/advanced-installation.html#software-raid
<Troy^> thanks
<Troy^> I know for sure i'll use it to backup pictures, run subsonic music server, probablly a little webserver and possibly a teamspeak/ventrilo server..
<xnox> sounds good. Don't forget transmission web interface ;-)
<Troy^> BT, i assume lol.. Well right now I have a HTPC hooked to my television that uses newsgroups. It has SabNZBD, Couch potato and Sick Beard installed
<Troy^> plus 80GB drives in Raid 1 doesn't allow for much space
<Troy^> xnox: just to show you http://puu.sh/WT0J
<Troy^> i have a 50mb download and a 30mb upload
<xnox> Troy^: nice =)
<xnox> Troy^: hostname.local should work on your LAN for nicer URLs =)
<Troy^> yea i'm going to have to setup a dns as well. ip is dynamic
<Troy^> oh i see my router has that option lol
<Troy^> i guess i just need to sign up with either dydns or no-ip
<phillw> Troy^: https://wiki.ubuntu.com/phillw#Web_Hosting
<xnox> Troy^: when you are on local network, you have zeroconf and you can access all your machines using hostname.local
<xnox> myserver.local mylaptop.local etc.
<internalkernel> I have a postfix relay issue - mail server has existing virtual domains, and only one is being moved to a new server.... I'm trying to relay that one single domain.
<internalkernel> I've setup transport maps with: domain.com smtp:[mail.domain.com] and postmapped
<internalkernel> I've removed the domain to be relayed from virtual_alias* and added it to relay_domains
<internalkernel> I'm getting a mail loops back to myself error... and I've hit a wall...
<internalkernel> Im looking at using relayhost - but relaying ALL mail would be bad...
<internalkernel> indeed... one should remember to restart dnsmasq after making changes to hostnames and such...
<daff> what is the expected behaviour in ubuntu 12.04 regarding the naming of network interfaces in KVM/Libvirt VMs? Since 75-persistent-net-generator.rules ignores KVM virtual NICs, how does the virtualized Ubuntu know which virtual NIC will be eth0, eth1, etc?
<daff> is the naming/order based on the order in which the devices are defined in the Libvirt domain configuration?
<Troy^> can you install ubuntu server from usb? also can you get an older comp to boot from usb
<Troy^> also is there an alternative to puttty
<xnox> Troy^: you can install from usb. you can try network/pxe-boot (see mini & netinst cds) instead of usb/cds
<xnox> Troy^: alternative to putty on windows?
<xnox> on windows i recommend http://code.google.com/p/msysgit/
<xnox> which comes with usable openss-client & usable bash terminal
<genii-around> You can also use actual ssh if you install cygwin
<xnox> cygwin is too much when all you need is just a shell =)
<Troy^> hmm network/pxe boto eh
<Troy^> boot*
<Troy^> hmm looking for a nice dont
<Troy^> font*
#ubuntu-server 2013-08-12
<prgCoder> hi guys - can anyone point me to a website on how to setup / install a secure Apache / PHP / MySQL envionment for a Ubuntu server? Please
<prgCoder> hi guys - can anyone point me to a website on how to setup / install a secure Apache / PHP / MySQL environment for a Ubuntu server? Please
<chilli-salad> prgCoder, have you tried the ubuntu server guide?
<Semor> where can I find kernel  debug info for  3.5.0-23-generic #35~precise1-Ubuntu ?
<prgCoder> chilli-salad: thanks
<jpds> Semor: ddebs.ubuntu.com ?
<derrik> is thin client = windows terminal server?
<Semor> jpds:what is the differnce between 3.5.0-23-generic and 3.5.0-23-generic precise1 ?
<jpds> derrik: No.
<jpds> Semor: Pardon? Do you have links?
<derrik> jpds it isnt?
<derrik> i found with google:  A thin client is a network computer without a hard disk drive
<Semor> jpds: do you know the precise1 version of ubuntu server?
<jpds> derrik: It might be an example instance of it; but it's not the only version of it.
<jpds> Semor: You mean 12.04.1 LTS ?
<Semor> yes ,that is
<Semor> It is the kernel I am running
<lifeless> Semor: what does "uname -a" show ?
<Semor> Linux localhost 3.5.0-23-generic #35~precise1-Ubuntu SMP
<Semor> how do I install debug symbols for it?
<WalterN> trying to figure out what is typical or good for spam filtering for postfix
<WalterN> https://help.ubuntu.com/community/PostfixAmavisNew is that typical?
<WalterN> or some/all of these? https://help.ubuntu.com/community/Postfix#Other_Postfix_Guides
<mardraum> WalterN: yeah amavisd-new, postgrey and SPF records for your domains
<mardraum> WalterN: and spamhaus ZEN list
<WalterN> erm, what? :-x
<mardraum> WalterN: google.com
<WalterN> I normally prefer asking in IRC before google, but w/e
<mardraum> you asked, I answered
<mardraum> if you just "erm what" then you need to google
<WalterN> so spamassassin is not as typical?
<mardraum> it's part of amavisd-new
<WalterN> oh ok
<mardraum> the other things will stop the shit actually getting to amavisd-new
<mardraum> go read about them.
<greppy> WalterN: I have used this in the past on ubuntu and debian servers: http://www200.pair.com/mecham/spam/
<hallyn> lifeless: can you open a bug detailing how it interferes?
<hallyn> lifeless: do you mean that you do a one-filesystem backup of /var and want all containers backed up by that?
<lifeless> hallyn: yes
<lifeless> hallyn: I'm presuming the answer is 'there is no way to disable it today'
<hallyn> lifeless: you're telling me that if i mount btrfs at /mnt, and create a new subvolume at /mnt/a, then --one-filesystem will not traverse /mnt/a?
<lifeless> hallyn: correct
<lifeless> hallyn: it may be constrained by 'when /mnt/a is mounted'
<hallyn> you dont' mount subvolumes though
<lifeless> hallyn: I ran into this with /home earlier today - noticed I had nothing in my home backups for this year
<hallyn> is there a btrfs mount option to not do that?
<lifeless> hallyn: because the fstab for a new install with btrfs has a mount rule for home.
<lifeless> hallyn: you could argue that it's broken rsync one-file-system heuristics, though IMO if its in the mount table, treating it as a mount point is pretty sane ;)
<hallyn> why is it in the mount table
<hallyn> it didnt' use to be
<lifeless> hallyn: search me
<lifeless> /dev/mapper/lifelesshp-root /home           btrfs   defaults,noatime,subvol=@home 0       2
<lifeless> hallyn: see #ubuntu-devel about the time I pinged you, I had a chat with RAOF about it
<hallyn> lifeless: i have 5 subvolumes under /home/serge/lxcbase, and they do not show up in 'mount'
<lifeless> hallyn: right, they need to be mounted
<lifeless> hallyn: I don't know offhand whether it's a) being a subvolume or b) being in mtab that breaks --one-file-system.
<lifeless> hallyn: I can drill into it
<hallyn> lifeless: I don't understand
<hallyn> lifeless: 'mounted' by who?
<hallyn> the contents are there without mounting them.
<lifeless> hallyn: I'll chat another time; its 0030 here.
<hallyn> lifeless: np - thanks
<hallyn> lifeless: one thing,
<lifeless> hallyn: see above w.r.t. /home which sent me down the path of looking at this for lxc too
<hallyn> i wonder if what is actually screwing you up is the default behavior of lxc to always bind-mount rootfs for containers - btrfs or not
<lifeless> hallyn: and /home is mounted by fstab which the installer sets up.
<hallyn> lifeless: ok, thanks.  ttyl.
<lifeless> I need to mount my crypted backups to check whether lxc containers are missing or not
<lifeless> and yeah thats a good point
<hallyn> ok.  they really shouldn't be
 * hallyn hopes he doesn't have to redesign the whole thing :)
<lifeless> well there may be multiple issues at play :>
<lifeless> anyhow, another day! gnight
<hallyn> gnight
<koolhead11> hallyn, hi there
<hallyn> hey
<koolhead11> how have you been
<hallyn> all right.  yourself?
<hallyn> stgraber: uh, hopefully you've not made any updates to lxc staging branch in the last hour
<stgraber> hallyn: nope, I haven't. I'm at debconf so unlikely to do a lot of commits this week.
<stgraber> hallyn: I'm looking at LXC on Android at the moment, specifically getting a local implementation of getifaddrs
<hallyn> stgraber: ok - no reason for me saying that, carry on :)
<hallyn> fun
<hallyn> i'm *seriously* soon gonna dogfood ubuntu phone in qmeu phone soon, not sure if android under that will be good for testing lxc in
<zul> roaksoax/jamespage: https://code.launchpad.net/~zulcss/python-heatclient/refresh/+merge/179695
<zul> jamespage/roaksoax: https://code.launchpad.net/~zulcss/python-keystoneclient/netaddr/+merge/179699
<jamespage> zul,-1 feedback in MP
<zul> argh
<zul> jamespage:  hes my evil twin who didnt have his DEBEMAIL set
<zul> jamespage:  fixed now
<jamespage> zul, still does not look like a new upstream release to me
<zul> jamespage:  how about now/
<jamespage> zul, +1
<zul> jamespage:  thanks
<bkfitz> trying to allow my developers to upload code to my apache instance via sftp... questions: what should the permissions be on /var/www?  I believe Openssh is handling the sftp, how do I change the default directory to /var/www/codetest?  How do I grant the 'ftpuploader' user permissions to this folder but not the rest of /var/www
<darthanubis> Ubuntu 13.04 - add-apt-repository is not adding repos
<darthanubis> no error, and lsb_release -a results in a segmentation fault
<darthanubis> look for an assist?
 * darthanubis back to google
<darthanubis> the web only shows ppl that have the not found error, but I do haveit installed
<darthanubis> yes, I could edit the source.list by hand, just like add apt for the lazy
<darthanubis> and am curious why anything on the system does not work as intended
<darthanubis> http://pastebin.com/A6WkxsVf
<darthanubis> I can't remove python-software-properties
<red6m> is it possible to delete a paste from http://paste.ubuntu.com/ ?
<andol> red6m: Well, if it is critically important enough I guess you might be able to convenince someone with root access to do that for you...
<red6m> andol, yeah. I guess I'll wait if it disappears n 30 days - and after that I might gonna have to find someone to delete it :-\ posted confidential shit by mistake.
<ribo> is something wrong with us-west-2.ec2.archive.ubuntu.com?
<ribo> Failed to fetch http://us-west-2.ec2.archive.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_3.8.0-26.38_amd64.deb  403  Forbidden
<sarnold> ribo: note that ec2 reports "403" when other servers might report "404".
<sarnold> s/ec2/s3/
<ribo> I still have the same question, then :)
<sarnold> ribo: so if you're asking for files that have not yet synced over, or have been removed, the 403 response can be extremely confusing :)
<ribo> was an apt-get upgrade :|
<sarnold> ribo: perhaps you caught it in the middle of a resync.. try again in a few minutes.
<ribo> not usually one to complain about things I'm getting for free, but that kinda sucks for auto provisioning instances, heh
<ribo> guess I'll just wait then
<darthanubis> I can't remove python-software-properties
<darthanubis> http://pastebin.com/A6WkxsVf
<darthanubis> looking for an assist?
<ogra_> check your logs for filesystem errors i would guess ... and if you have enough space ... that file doesnt just go corrupt out of nowhere
<qman__> darthanubis, looks like your dpkg database is broken
<qman__> as already mentioned, check that /var didn't run out of space, and try to correct the error on that line
<zul> adam_g/roaksoax: https://code.launchpad.net/~zulcss/keystone/babel/+merge/179780
<darthanubis> ogra_, thx, qman__ var did not run out of space. But would a corrupted FS also break my dpkg? I suppose.
<Pici> 70
<qman__> darthanubis, yes
<s0m3body> Hello, was wondering how I could install Ubuntu Server over SSH through the server's recovery console?
<darthanubis> qman__, thx
<failmaster> hey guys, i have a problem switching luks passphrase auth to key file based for root fs, details: http://askubuntu.com/questions/330660/what-is-the-correct-way-to-use-key-file-luks-authorization anyone?
<fbdystang> Hi, does IMAP on port 143 require an MX record or an A record? Thanks
<guntbert> fbdystang: neither
<s0m3body> Well, it does require an A record, but the actual port doesn;t
<s0m3body> doesn't *
<fbdystang> guntbert: URL?
 * s0m3body points out the fact that if you don't know what kind of record it needs, you shouldn't be setting up a mail server
<fbdystang> s0m3body: right but does the external DNS see it as an A record?
<s0m3body> fbdystang: what do you mean?
<fbdystang> hehe, I am a noob but I already have it set up and working with pop3. Trying to get IMAP working
<s0m3body> if you set an A record, every DNS (should) see it as an A record..
<guntbert> fbdystang: are you talking about setting up a mail server? the client just needs to get the IP address, hence you would need an A record for the mail server
<fbdystang> guntbert: Thank you , that answers my question :)
<guntbert> fbdystang: if pop3 works the DNS is ok
<fbdystang> I had my external DNS service pointing to my imap port as an MX record, and I think that is what is causing issues
<s0m3body> yep
<guntbert> fbdystang: DNS doesn't deal with ports at all
<genii> Well, port 53 ;-)
<guntbert> genii: splitting hairs? it *uses* 53 :-)
 * genii slides guntbert a tasty coffee
<guntbert> what I need now - before going to bed - hmmm
<fbdystang> So, if IMAP comes in on an IP, not a port, how does it resolve to 143?
<genii> fbdystang: The protocol itself... so the server listens on 143, and whatever client is trying 143
<storrgie> Would anyone know where I should go with an issue like this: I've got a usb audio device (DAC) plugging into an ubuntu server build and the device appears to be disconnecting and reconnecting repeatedly (https://gist.github.com/storrgie/03b65e769de393e9cf0a)
<sarnold> storrgie: in wild-guess land, perhaps it is waiting for a driver to download some firmware to the device?
<sarnold> storrgie: do you know if it is supposed to work well under linux? can you run a usb sniffer of some sort under windows and see what it does? compare / contrast with a sniffer under linux?
<storrgie> sarnold, I believe its supposed to work well under linux, however the manufacture doesn't support it working well under linux
<storrgie> sarnold, I'm actually trying to email the engineer that worked on the usb interface to get some info from him
<storrgie> I'm guessing its on their end
<sarnold> storrgie: do re-check the docs to see if there is firmware or other userspace tools you need to run to make it work
<storrgie> sarnold, thanks!
<LargePrime> hey helpful ones.  installing open vpn using the 12.04 guide.
<LargePrime> https://help.ubuntu.com/12.04/serverguide/openvpn.html
<LargePrime> it fails at "source vars"
<LargePrime> **************************************************************
<sarnold> fails how?
<LargePrime>   No /etc/openvpn/easy-rsa/openssl.cnf file could be found
<LargePrime>   Further invocations will fail
<LargePrime> **************************************************************
<LargePrime> is ther error?
<LargePrime> https://forums.openvpn.net/topic8819.html
<LargePrime> has a fix
<LargePrime> to just point at the config
<LargePrime> any thoughts?  it that a good idea?
<SuperLag> grub seems different than what I remember it
<SuperLag> How do you change which kernel boots, by default, if several are listed in the menu.lst file?
<LargePrime> sarnold: sorry i have been inturupted.  i'll be back in an hour.  hope you are here
<LargePrime> and thank you
<genii> SuperLag: Grub2 doesn't use menu.lst
<genii> SuperLag: You have to edit /etc/default/grub file and add a line: GRUB_DEFAULT=#      ...where # is the entry you want to be default. Then sudo update-grub
<failmaster> guys, where can i read about booting system over grub 2 related to detailed sequence, mostly about how it gets us into initrd image and how control being passed through stages of boot? please, sorry for my retarded english
<genii> !grub2
<ubottu> GRUB2 is the default Ubuntu boot manager. Lost GRUB after installing Windows? See https://help.ubuntu.com/community/RestoreGrub - For more information and troubleshooting for GRUB2 please refer to https://help.ubuntu.com/community/Grub2
<failmaster> genii, i've been there, but from what i read i don't get the next thing: our initrd image is sotred on filesystem which normally has mount point at /boot later on a booted system, i need to have a clue on how it gets mounted from the very first stages and when it becomes accessible and from which mount points (if there are some others but /boot as far as i know there are none)
<sarnold> failmaster: grub2 can understand a lot of different types of filesystems
<sarnold> failmaster: so it can read initrd and kernel images off of filesystems without needing the disk blocks hard-coded (as lilo required)
<failmaster> sarnold, yeah i know that, at least it comes as a conclusion due to the fact it needs fs modules necessary to read from that /boot device it's installed on
<failmaster> sarnold, what i don't understand is why people telling me that there is no way my bootloader media is mounted and accessible during initrd stage
<genii> The full official documentation is at http://www.gnu.org/software/grub/manual/grub.html
<failmaster> same problem trying to make rootfs device unlocked on boot using keyfile /boot/key but today, one guys gave me a tip, saying it shouldn't work like that http://askubuntu.com/questions/330660/what-is-the-correct-way-to-use-key-file-luks-authorization
<failmaster> genii, oh, thanks, sorry for being banned in google lol
<LargePrime> sarnold: I am back
<sarnold> hey LargePrime, any luck?
#ubuntu-server 2013-08-13
<adam_g> zul, jamespage https://code.launchpad.net/~openstack-ubuntu-testing/+activereviews <- in case you didnt see, ive proposed the 2013.1.3 updates there, since the grizzly branches are still hosted there. if you think we should migrate to ~ubuntu-server-dev, let me know and ill adjust accordingly
<zul> adam_g:  yeah can we migrate them over
<failmaster> it doesn't necessarily means that we have the device mounted on /boot during initrd stage? http://www.gnu.org/software/grub/manual/grub.html#prefix
<twb> I'm after backported kernels for lucid.  I don't see them in lucid-backports.  Am I looking in the wrong place?
<qman__> twb, there are backported kernels from maverick, natty, and oneiric in the form of linux-image-generic-lts-backport-oneiric
<qman__> not sure if anything newer exists outside of PPAs
<twb> Hm, I was looking in lucid-backports, not in PPAs.
<qman__> those ones are actually in lucid-updates
<twb> Ah.
<twb> Yes, I see them now, thanks.
<twb> That has 3.2, which I think will suffice.  If it's not, can you tell me where the ubuntuized git branches live?
<twb> Aha, kernel.ubuntu.com looks promising
<myhrlin> hi, I'm trying to open a program to X via ssh.  It used to be on certain systems I could simply DISPLAY=:0.0; firefox; or something
<myhrlin> but now it's not working; would someone know how to accomplish this?
<sarnold> myhrlin: try first, ssh -X hostname firefox   then ssh -X -Y hostname firefox
<sarnold> the -Y enables less-secure options that might be required all the same
<twb> Use -X, not -Y.  The manpage is misleading, -Y is for when you trust the network
<sarnold> twb: oh?
<myhrlin> sarnold: oh I'm not trying to forward an X session through ssh
<sarnold> myhrlin: oh!
<twb> sarnold: as you say, it's the less-secure version
<twb> myhrlin: then 1) you really should; but if you insist; 2) learn about xhost and xauth.
<sarnold> twb: I didn't think it had anything to do with network trust, but how much you trusted the X client on the remote machine
<twb> sarnold: sorry, I am misremembering, you are right.
<sarnold> twb: I believe myhrlin just wishes to display the contents on the remote machine as well...
<twb> sarnold: the key point is a lot of people see "-Y trust" and thing it is safer than -X, which is backwards.
<sarnold> twb: ah :) that's well worth correcting. :) hehe
<sarnold> myhrlin: I'm pretty sure I've used DISPLAY=:0.0 foo    myself..
<sarnold> myhrlin: try export DISPLAY  ?
<myhrlin> sarnold: right, it does not seem to be working -- oh right... export
<twb> myhrlin: if you want an X app to connect to a remote X server, you do "DISPLAY=example.net:0 xlogo"
<twb> This will not work by default because example.net has to be told to allow connections from the app server, with xhost(1) and (or?) you have to export the MIT cookie from the X server and put it on the app server, using xauth(1).
<twb> Unless you ultimately trust every single device on your network, you should use ssh -X instead, because otherwise the traffic is unencrypted and Bad Things can happen.
<sarnold> twb: think "oh crap my window manager on my usual desktop is broken and I can't get a new terminal to run "killall windowmanager ; nohup windowmanager &"  -- I've restarted busted window managers via ssh before, bloody convenient thing to do once in a while. :)
<sarnold> twb: I think myhrlin is attempting to solve a similar problem -- start a program on an existing X server from the same machine as the X server, but you're not sitting right at the keyboard that very second..
<twb> sarnold: ah, then I misunderstood what he's trying to do.
<sarnold> hehe
<sarnold> twb: I may have misunderstood too, but :0.0 gives me hope I'm on the right track. :)
<twb> sarnold: in your use case, you simply need to ensure DISPLAY is set and XAUTHORITY points to the cookie fiel
<sarnold> myhrlin: ^^ note the bit about XAUTHORITY :) that might be another variable to try
<twb> The latter can be skipped if it's in the default place (~/.Xauthority), which IIRC it is unless /home is on a network filesystem with root-squash
<twb> In any case, myhrlin should get a meaningful error message to help us diagnose the problem further.
<LargePrime> sarnold: no.  fighting with the openvpn guys
<LargePrime> they not nice like you guys
<LargePrime> he complaining cause i use netstat and not ss
<LargePrime> but ss no work
<twb> Then you're using it wrong.
<LargePrime> ?
<LargePrime>  netstat -an | grep 1194 works , ss -an | grep 1194 does nothing
<LargePrime> what am i doing wrong?
<twb> ISTR there is some obscure case where it doesn't list UDP properly
<twb> I confess that's why I still use netstat.  That and it inserting ridiculous amounts of whitespace.
<LargePrime> dam whitespace insertions
<twb> FWIW I can reproduce the issue, can't remember the fix
<twb> http://paste.debian.net/24509/
<LargePrime> yay, it works
<failmaster> could someone please help to shed some light on why this configuration stopped working with freshly installed 13.04 http://askubuntu.com/questions/330660/what-is-the-correct-way-to-use-key-file-luks-authorization especially curious if we have /boot accessible at it's absolute path on corresponding to cryptsetup boot stage?
<lifeless> hallyn: ls ../20130812/var/lib/lxc/sid/rootfs/
<lifeless> $
<lifeless> hallyn: ... --one-file-system with rsync doesn't back up subvolumes that aren't mounted ;)
<ejv> Need help installing mysql on 12.04 LTS : http://dpaste.com/1341424/
<failmaster> ejv, purging it totally doesn't fix it?
<ejv> man im trying
<ejv> this is LTS, this shouldn't even be happening lol
<ejv> when i purge it, it then tries to configure and install it, it's totally messed up
<failmaster> ejv, so when you just `apt-get purge mysql*` it doesn't behave as it sounds?
<ejv> right
<ejv> i can't even dist-upgrade either
<failmaster> i doubt that problem is about mysql =)
<ejv> http://dpaste.com/1341426/
<ejv> whatever updates are announced, I install, I usually don't review them
<failmaster> vps?
<ejv> dedicated
<failmaster> ejv, maybe it would be a good idea to have a look at dmesg?
<failmaster> because until you did everything keeping an eye on reccomendations like e.g. ones related to upgrade
<ejv> tail
<failmaster> mm*
<ejv> tail:
<ejv> http://dpaste.com/1341427/
<ejv> when the purge happened, it knocked out the apparmor mysql profile
<failmaster> ejv, no problems related to filesystem in there?
<ejv> those init issues look... odd
<failmaster> or apt cache or something
<ejv> im not familiar with app cache
<ejv> s/app/apt/
<failmaster> syslog would be closer
<ejv> i disabled apparmor
<ejv> no idea what it might be doing
<failmaster> before doing that?
<ejv> syslog tail looks quiet
<failmaster> look at the whole log files that would catch this accident timeline and never play with apparmor until you know what you're doing
<ejv> im not playing with it i just 'service apparmor stop' hehe
<ejv> ok i'll renable and backtrack, brb
<failmaster> at least did you read the package description? lol
<ejv> failmaster: i noticed my /boot is full
<ejv> interesting...
<failmaster> ejv, it happens due to the fact old stuff wasn't removed
<ejv> purging kernels stand by :)
<ejv> incredible, that was holding my entire system hostage
<ejv> i don't fully understand how having space in /boot is a dependency for upgrading mysql-server
<failmaster> this question could probably take place only after you'll make sure it was the reason
<ejv> i cleared out some kernels, the panic went away
 * ejv shrugs
<ejv> thanks failmaster, all set now, good for another year i hope
<failmaster> np you fixed it yourself! =)
<ejv> it's my job during the day, at the end of the day, im just drained, this is the last thing i want to do ha
<failmaster> well i'm lucky enough to not have a life at all lol
<ejv> ;)
<ivoks> when is the next server team meeting?
<rbasak> ivoks: probably today at 1600 UTC.
<ivoks> rbasak: thanks
<ThothCastel> what does sudo apt-get install build-essential linux-headers-$(uname -r)   do?
<hallyn_> lifeless_: I still don't understand what "arent mounted" means.  You don't manually mount a btrfs subvolume, it's just always there.  If you do "ls /var/lib/lxc/sid/rootfs", do you see the rootfs?
<hallyn_> If not, then something doesn't match my understanding.  If so, then I'd say indeed this is an rsync bug (high prio, bc I expect it to affect lots of ppl)
<hallyn_> (also, --one-file-system should ahve nothign to do with whether a sub-fs is mounted, another reason I'm confused :)
<stemid> I have two identical 12.04 installs where one cannot run apt-get update. it gets 404 errors on many files, including http://se.archive.ubuntu.com/ubuntu/dists/precise-backports/universe/source/Sources and http://se.archive.ubuntu.com/ubuntu/dists/precise-backports/main/binary-amd64/Packages. in all the 404 cases the file eixsts with a .bz2 extension.
<stemid> I've been trying to see what could differ on one host from the other, in the /etc/apt dir. but the files are identical.
<stemid> not even if I generate a new list on http://repogen.simplylinux.ch/generate.php does it work. it must be missing some configuration.
<stemid> http://www.fpaste.org/31763/37639692/
<stemid> only from that server
<stemid> $ host se.archive.ubuntu.com
<stemid> se.archive.ubuntu.com has address 10.40.2.21
<stemid> funny dns error =)
<stemid> yet it's using google's public dns in resolv.conf and files dns in nsswitch
<jpds> stemid: /etc/hosts ?
<hallyn_> lifeless_: yeah confirmed, lemme ask on ubuntu-kernel
<RoyK> stemid: same resolv.conf?
<RoyK> oh
<RoyK> jpds: the host command does a dns lookup, and doesn't care about /etc/hosts
<stemid> I see now, the morons who installed it have installed a bind on it
<stemid> so it's using its own bind
<stemid> jesus
<jpds> Every server should be running it's own bind.
<jpds> its*
<stemid> no
<RoyK> jpds: you should have 2-3 servers running bind and then have the other servers using those
<hallyn_> lifeless_: yeah, so it *is* a different fs according to rsync.  if you don't want to do any snapshot clones, we could add a flag to tell lxc not to make rootfs a subvolume.  (failing that the only 'fix' apart from changing your backup script woudl be to teach rsync something - not sure what)
<hallyn_> lifeless_: was that what you were after originally?  :)
<jpds> RoyK: I was joking about bind everywhere.
<jamespage> adam_g, zul: seen this before? - http://paste.ubuntu.com/5981288/
<jamespage> grizzly cloud archive
<zul> jamespage: https://code.launchpad.net/~zulcss/python-novaclient/2.14.1/+merge/179929
<jamespage> zul: seen this before? - http://paste.ubuntu.com/5981288/
<jamespage> grizzly cloud archive on precise
<zul> jamespage:  no i havent
<jamespage> zul, keystone catalog is OK
<jamespage> but keystone endpoint-list borkes
<jamespage> infact *-list borkes
<zul> which versoin is this with?
<jamespage> zul, whatever is in grizzly CA
<jamespage> zul, might be some sort of client issue I think
<jamespage> zul, as my keystone client on saucy works fine against this deployment
<jamespage> but the keystoneclient within the deployment breaks
<jamespage> which is breaking openstack-dashboard
<jamespage> zul, curl'ing the commands works fine
<zul> jamespage:  possible bug in webob?
<jamespage> zul, maybe - if I comment out the offending debug code everything springs back to life
<jamespage> odd
<zul> jamespage:  odd indeed
<jamespage> feels like a bug
<jamespage> zul, spotted the problem - the environment was running essex keystone
<jamespage> that sucks
<jamespage> upgraded and it fixed the problem
<zul> jamespage:  gah?
<freze> hi all, is it safe to upgrade the kernel on ubuntu LTS?
<jamespage> zul, I was helping marco with a demo for tomorrow
<zul> jamespage:  ah ok
<zul> jamespage:  https://code.launchpad.net/~zulcss/swift/1.9.1/+merge/179933
<jamespage> zul, not going to get to that for a bit - working on a nasty-ish golang issue right now
<zul> jamespage:  ok
<jamespage> zul, oh - go on then
<jamespage> won't take long I guess
<zul> jamespage:  ill find a willing guinea pig
<jamespage> https://code.launchpad.net/~zulcss/python-novaclient/2.14.1/+merge/179929
<jamespage> zul, ^^ that is targetting the wrong branch btw
<zul> jamespage:  fixed
<zul> jamespage:  fixed swift
<zul> roaksoax: https://code.launchpad.net/~zulcss/python-cinderclient/1.0.5/+merge/179938
<roaksoax> zul: done
<zul> roaksoax:  thanks
<zul> roaksoax:  one more
<zul> https://code.launchpad.net/~zulcss/python-ceilometerclient/1.0.3/+merge/179940
<roaksoax> zul: done
<zul> roaksoax:  thank
<jamespage> hallyn_, can you run todays IRC meeting? I see smoser in the chair but he's out today
<hallyn_> jamespage: i really can't...
<jamespage> hallyn_, np - next!
<jamespage> roaksoax, ^^
<anomaly> I am using a laptop temporarily for testing.  to cover all the options, would the server installation detect this and use some sort of power management?  I have noticed at times I can not ssh in, but when I tap a key on the keyboard I can.
<jamespage> arosales, around - you might be chair by default if so
<arosales> jamespage, hello
<arosales> smoser, hallyn, and roaksoax all out huh
<rbasak> I think it might be zul's turn again as he was the last person not to do the minutes, AFAICT.
<arosales> jamespage, I can chair :-)
<jamespage> arosales, great
<arosales> uh oh zul
<jamespage> zul, did you not do the minutes?
<zul> rbasak:  uh...no i hcnaged it
<arosales> ah I'll take zul's word for it then :-)
<rbasak> Yeah the rota was changed, but https://wiki.ubuntu.com/MeetingLogs/Server is way behind
 * arosales will chair this go around
<zul> im *not* chairing
<arosales> I'll action zul to update minutes
<jamespage> arosales, thanks
 * arosales pulls up instructions, one sec
<arosales> #startmeeting ubuntu-server-team
<arosales> sorry wrong window
<roaksoax> jamespage: sorry just saw your ping... internet connection crapped on me :)
<jamespage> roaksoax, np - arosales stepped into the breach!
<adam_g> jamespage, do you reckon we should move grizzly branches from ~openstack-ubuntu-testing to ~ubuntu-server-dev? or keep them where they are?
<zul> hallyn_:  how do you get out of of the lxc console again
<hallyn_> zul: ctrl-a q
<zul> hallyn_:  ahhh
<hallyn_> zul: it *does* say that in the lxc-console manpage fwiw
<hallyn_> (so i dont *totally* suck :)
<zul> hallyn_:  man pages *ppphppt* ;)
<hallyn_> 'those are so 1980'
<hallyn_> lifeless_: too early to scream victory, but i believe the source of the libvirt leak has been foudn - there was a leak in netcf!  i'm running for the afternoon with Eric Blake's patch to fix that
<hallyn_> ahs3: hey, need to push a set of netcf packages (memleaks all-around).  just a heads-up
<ahs3> hallyn_: groovy.  just say when...
<hallyn_> jessie has thrown me for a loop.  well lemme start with wheezy
<lifeless> hallyn_: cool about the netcf fix; I will test packages if you want
<hallyn_> lifeless: thx, i was gonig to do the debianpackage first to make sure they can stay in sync, so it'll be a bit yet
<digia> Quick 12.04 question. Server crashed last night and today when logging in i get a login loop. I am able to login via recovery and create a seperate account, which i am able to log into. Where would i look to fix the login loop for the main account?
<Fuzzbrain> console or X11 looping?
<mgriffin> anyone familiar with phpMyAdmin on 12.04? these docs seem wrong https://help.ubuntu.com/12.04/serverguide/phpmyadmin.html because i think i need to modify /etc/dbconfig-common/phpmyadmin.conf and then dpkg-reconfigure phpmyadmin
<mgriffin> oh, i figured it out.
<mgriffin> the things i place in /etc/dbconfig-common/phpmyadmin.conf and regenerate /etc/phpmyadmin/config-db.php with aren't parsed if i leave dbc_dbname empty in /etc/dbconfig-common/phpmyadmin.conf, this doesn't make any sense ;)
<moldy> hi
<moldy> updated a 10.04 system to 12.04. rootfs on lvm on dmraid. boot fails. i think that it's missing the lvm modules within the initramfs (looking at the initramfs image, i cannot find them). how should i fix this?
<mgriffin> moldy: did you read any of the docs?
<moldy> mgriffin: i tried googling for the problem, but i was not able to find a solution yet
<mgriffin> you can boot off of a live cd and mount, yeah?
<mgriffin> i have fixed similar on rhel before by booting a rescue, bind mounting all of the things and then chroot, finally update-initramfs
<moldy> mgriffin: yep
<mgriffin> (bind mount /boot /proc /dev etc inside where you will chroot)
<mgriffin> perhaps that is overkill, not sure
<moldy> i mounted /proc and /dev from a grml live pendrive
<moldy>  /boot is not on a separata partition. i should not mount the live medium's /boot, should i?
<mgriffin> so you have in your livecd /mnt/the_local_disk/etc/fstab
<mgriffin> like the local system is mounted somewhere?
<moldy> after booting from the live disk, i run mdadm -A --scan and vgchange -a y
<moldy> after that, i mount my lv to /mnt/ubuntu
<moldy> but i think my current problem is that i am missing the lvm modules
<mgriffin> did you use any bind mount after mounting /mnt/ubuntu (i don't know if this is necessary)
<moldy> proc and dev
<mgriffin> so you did bindmount /dev /mnt/ubuntu/dev
<moldy> i have "lvm2" installed, but i cannot find any lvm modules on the system
<moldy> yep
<mgriffin> k, did you look in your /mnt/ubuntu/usr/share/initramfs/hooks/
<moldy> there is a file called "lvm2" in /usr/share/initramfs-tools/hooks
<mgriffin> or i guss /usr/share/initramfs-tools/hooks/
<moldy> lvm does use kernel modules, right
<moldy> ?
<moldy> ah, it's called "dm-mod"
<moldy> i have all sorts of dm-* modules, but no dm-mod.ko
<mgriffin> i think this is pretty clear to follow: https://help.ubuntu.com/community/UbuntuDesktopLVM
<mgriffin> so maybe cat /etc/initramfs-tools/modules to see what you have
<moldy> mgriffin: will double-check, thanks
<hallyn_> ahs3: alas there's a problem.  On jessie i can't build netcf as is.  gnlib issue, gives me:
<hallyn_> ./stdio.h:1012:1: error: 'gets' undeclared here (not in a function)
<sarnold> gets(3)? o_O
<sarnold> I thought we burned that with fire?
<hallyn_> sarnold: <shrug>  i dunno what gnulib is doing
<sarnold> gets.c:6:2: warning: âgetsâ is deprecated (declared at /usr/include/stdio.h:638) [-Wdeprecated-declarations]
<sarnold> guess we -didn't- burn it with fire. darn.
<hallyn_> sarnold: well this is in jessie
<hallyn_> i don't expect it's the case in saucy - though i've not gotten to that yet
<ahs3> hallyn_: hrm.  i reckon it needs removing...gets() is definitely on the Very Bad Thing To Do list
<hallyn_> ahs3: it's in /usr/include/stdio.h
<hallyn_> uh no
<hallyn_> but it's ingnulib.  so i can't really remove it afaik
<ahs3> hallyn_: oh, sorry.  i was thinking it could be removed from netcf, not the lib.  nm.
 * ahs3 got distracted by a phone call
 * hallyn_ got distracted by a bowl bearing delicious hot ramen breaking :(
#ubuntu-server 2013-08-14
<hallyn_> ahs3: well http://people.canonical.com/~serge/netcf-sid.debdiff and http://people.canonical.com/~serge/netcf-wheezy.debdiff are fine.
<ahs3> hallyn_: okey dokey.  i'll give the sid one a spin later
<hallyn_> ahs3: thx.  i'm going to to saucy before i look into what is going boinkers with jessie
<ahs3> nod.  i'll see if i can do that tonight or tomorrow
<i3luefire> so. hooking a server directly via a static ip to the internet is bad? or i just need to setup a sw firewall first?
<hallyn_> ahs3: thx.  pls let me know when you look at sid, as i suppose ideally i should sync that into saucy rather than pushing separately
<ahs3> hallyn_: will do
<sarnold> i3luefire: a firewall is a useful backup to correct configuration of your intended services, but it isn't strictly necessary for running a host directly on the internet.
<i3luefire> because i have been running my server behind a router for years... but now i am transitioning to a business internet connection with 5 static IPs and would like to put them to good use
<i3luefire> i need a friend in IT
<sarnold> I'd take a good long look at existing systems before putting them directly online :) brand-new systems ought to have nearly nothing open by default and update during the install to avoid the worst of the potential issues
<sarnold> check sudo netstat -nlp output and make sure the services listening on external ports by default are intentional and properly configured.
<i3luefire> wow
<i3luefire> lots of stuff there
<i3luefire> so the stuff with :::someport and 0.0.0.0:* are open to any and all basically?
<sarnold> yes
<i3luefire> jeez
<i3luefire> i have been sloppy
<sarnold> and the 192.168.... might be as well, depending upon how you configure things
<i3luefire> no. i have a non-default ip scheme on the internal network
<sarnold> you didn't use rfc1918?
<i3luefire> no
<i3luefire> i just googled it because i didnt know what it was
<sarnold> this is a good time to fix that too :) hehe
<i3luefire> yea
<i3luefire> for some reason in the past i thought that was helpful in obfuscating my internal network for intruders.
<i3luefire> but i would not even need to worry about the IPs on my internal network anymore except for wifi which will still use my router
<i3luefire> since the hardwired ones will have static external IPs
<sarnold> you might still wish to have internal addresses and external addresses both on your machines; it might be convenient to have a CIFS share for internal-only use, for example
<i3luefire> oh. how can i have 2 addresses without 2 nics? or did you mean with separate nics?
<i3luefire> Vlan?
<sarnold> i3luefire: you can assign a few thousand IPs per NIC without any trouble.. I'm not confident of the best way to make it persistent via the interfaces(5) file, but "ip addr add" can add addresses all day long to existing NICs :)
<i3luefire> wow. i need to take a class or read a book
<hallyn_> roaksoax: hey are you around?
<mojtaba> Hi, Does anybody know how can I have application server in ubuntu?
<Beatstreet> is there a replacement for ethtool?
<Beatstreet> WARNING: The following packages cannot be authenticated!
<Beatstreet>   ethtool
<Patrickdk> replacement?
<Patrickdk> maybe fixed your package repo
<Patrickdk> mojtaba, what is *application server*
<Beatstreet> I updated and did the --fix-missing
<Patrickdk> Beatstreet, well, those two have NOTHING to do with the problem
<Patrickdk> fix the gpg keys
<mojtaba> Patrickdk: I want to run my applications from PI.
<mojtaba> remotely*
<Patrickdk> mojtaba, talk english?
<mojtaba> Patrickdk: English
<Patrickdk> what is *applications*
<Patrickdk> if you fail to explain, I can't help you
<mojtaba> Patrickdk: I have lots of applications installed in my computer at home in ubuntu, and I want to run them from PI remotely.
<Patrickdk> you mean you want remote X sessions?
<Patrickdk> I mean, you keep saying applications
<Patrickdk> until you name atleast ONE, I cannot help you
<Patrickdk> but your welcome to read the manual
<mojtaba> Patrickdk: for example I have installed Matlab in my computer
<mojtaba> I want to run it remotely
<Beatstreet> Patrickdk - I re-downloaded the keys using the hexidecimal numbers but ethtool still fails to install
<Patrickdk> mojtaba, well, you either want to run X forwarding, or a remote X session using like vnc
<Patrickdk> Beatstreet, what version ubuntu?
<mojtaba> Patrickdk: Does X forwarding works for Matlab?
<jkitchen> question: anyone using multipath with a FC storage system?
<Beatstreet> Description:    Ubuntu 11.04
<Beatstreet> Release:        11.04
<Beatstreet> Codename:       natty
<Patrickdk> Beatstreet, that would be an issue
<Patrickdk> 11.04 and 11.10 aren't supported
<Beatstreet> ok, so I'm SOL - ok, thanks
<jkitchen> I just deleted a bunch of volumes and now my multipath daemon is showing me all sorts of failed paths. is there a good way to clean them out, or a different procedure I should be following?
<Patrickdk> your not SOL, but your unsupported :)
<Patrickdk> look into adjusting apt to use the archive server
<Patrickdk> and upgrade as soon as possible :)
<jkitchen> other question; is there something like snapshot.debian.org for ubuntu package repos? if not, does anyone know of tools which can make setting up something locally like this possible?
<Beatstreet> Thanks Patrickdk
<sarnold> jkitchen: looks like weasel published the code: http://anonscm.debian.org/gitweb/?p=mirror/snapshot.debian.org.git
<jkitchen> sarnold: sweet, looking at that now, thanks
<jkitchen> I'd love to set something like that up locally. in my environment I'm all about absolute reproducibility of machines, right down to the packages they're running, even if that means running older versions of packages. if I can auto snapshot like that then I can just promote things along later
<jkitchen> I was just gonna do an apt-mirror and leave it at that :(
<jkitchen> making it more flexible will be a good thing :)
<hallyn_> ahs3: cjwatson saves us.  he has a patch for grub2 which fixes teh gnulib failure in netcf in jessie.  i'll post a full debdiff in a bit
<hallyn_> ahs3: but infinity points out that pushing to jessie is weird and to ignore that.  (the fix at people.canonical.com/~serge/netcf-jessie.debdiff did work though,easing my mind :)
<roaksoax> hallyn_: here
<hallyn_> roaksoax: nm, thanks :)
<roaksoax> hallyn_:   lol k ;)
<zanzacar> I currently have a sFTP server up and running. I chrooted it to a folder on my root directory. I really like how I have it all setup but none of my clients etc want to use sFTP. Is there a reasonably easy way to have ftp go there as well?
<zanzacar> almost just have sFTP allow for ftp connections?
<zanzacar> I guess I would need to have ssh allow a FTP connection as well as sFTP, is that possible?
<SpamapS> utlemming: sheesh, new raring images again? :-P
<moldy> zanzacar: just setup some ftp server?
<moldy> zanzacar: vsftpd or something
<Cyrax> Hi. i'm new to set up a minecraft server on ubuntu straight from terminal. How do I make it so i can enter my server? do i put in my ipv4 or ipv6? nad if so.. how do I check it?
<Cyrax> ?
<mardraum> Cyrax: in your client, put the ip of the server you are running minecraft on?
<mdeslaur> jamespage: FYI, in case you didn't notice, the autopkgtest for squid3 failed
<jamespage> mdeslaur, I did notice and I can't reproduce
<jamespage> they all pass when I run locally
<mdeslaur> jamespage: :(
<jamespage> mdeslaur, I think its actually something in vsftpd borking but I can't figure out what
<Cyrax> What is the command on terminal to find my ip like ipv4 and stuff?
<sgran> ip a
<sgran> or 'ip address list' if you want the long version
<Cyrax> sgran: i'm trying to run minecraft server and i start it with a command.. can't remember all,but it starts with java. Do i need to put my real ip address or ipv4 or ipv6 address into server.properties?
<sgran> Cyrax: I don't know anything about running a minecraft server, sorry
<sgran> I'm sure there are docs about this online?
<moldy> Cyrax: you don't need to put any ip into that file, afaik
<moldy> Cyrax: check the various minecraft server documentation you can find on the web, or maybe ask in #minecraft.
<zul> jamespage:  the sqlalchemy stuff got fixed in heat so we can drop out patch
<jamespage> zul, great
<jamespage> zul, http://people.canonical.com/~jamespage/ca/havana/
<zul> jamespage:  +1 i should have some for you today as well
<zul> jamespage/roaksoax: https://code.launchpad.net/~zulcss/heat/refresh-aug14/+merge/180150
<jamespage> adam_g, when you start today - the nova-cloud-controller redux is missing its templates dir in the branch
<zul> jamespage:  i think i have a fix for the glance testsuite failures (its sqlalchemy related)
<jamespage> zul, the one where is completely crashed the machine its running on?
<zul> jamespage:  yeah
 * zul is in the zone
<jamespage> rbasak, OK - so my panda crashed 3.5 hrs into testing building mongodb
<jamespage> rbasak, as it can't get any worse in proposed right now I'm going to upload my fix for the armhf build failure
<moldy> is it normal for quotacheck to take a long time?
<rbasak> jamespage: I've been building on a highbank node
<jamespage> rbasak, me too!
<jamespage> https://launchpad.net/ubuntu/+source/mongodb/1:2.4.5-1ubuntu2/+build/4877049
<rbasak> jamespage: :)
<jamespage> lol
<rbasak> I have a parallel build that's been going for 45 minutes
<rbasak> I guess we'll see.
<jamespage> rbasak, tbh I'm not 100% sure why the DM started using the internal libv8
<jamespage> I'd not seen any issues
<zul> jamespage:  wait...nevermind
<hallyn_> roaksoax: hey!  when you get a few minutes, would you mind pushing:  http://people.canonical.com/~serge/netcf-precise.debdiff  http://people.canonical.com/~serge/netcf-quantal.debdiff and http://people.canonical.com/~serge/netcf-raring.debdiff ?
<roaksoax> hallyn_: sure! give me ~15 mins or so
<hallyn_> roaksoax: thanks!
<kl4m> Hi, anyone using vmbuilder with a preseeed file? I'm trying to make the pkgsel/include directive actually work
<kl4m> *preseed
<rbasak> !anyone
<ubottu> A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<roaksoax> hallyn_: btw... changelogs versions should preferably be ubuntu3.1, ubuntu3.2 and so on, instead of ubuntu4, ubuntu4 (for precise case) when it comes to SRU
<adam_g> jamespage, oh, right. i have a bunch of stuff to push there
<jamespage> adam_g, please do
<adam_g> jamespage, on its way
<hallyn_> roaksoax: iirc the last time that was discussed itw as decided that was only needed if the next release shared the version.  but it does make it clearer what's going on,so i i like your suggestion.  do you mind doing it inline?
<jamespage> adam_g, can I suggest that we land the redux first and then do the neutron rename afterwards
<jamespage> adam_g, we should probably do a re-sync with charm-helpers as well
<jamespage> quite a few things have landed
<adam_g> jamespage, renaming of quantum-gateway and associated interfaces to neutron-server? tahts fine by me. ive tried to make the nova charms agnostic to the name, at least in most places
<jamespage> adam_g, yes
<adam_g> jamespage, ya. i need to push some stuff to charm helpers and resync around
<jamespage> adam_g, OK
<adam_g> jamespage, switching from helper local configs to using the main core helpers for relation_get() may have introduced some bugs
<jamespage> adam_g, most things seem OK - I hit one problem with an older helper in cinder which was using socket.get_hostname
<roaksoax> hallyn_: yeah I guess that i might have missed that discussion, but I guess my thinking might be old school :)
<jamespage> but I already fixed that in charm-helpers :-)
<adam_g> jamespage, https://bugs.launchpad.net/charm-helpers/+bug/1203241
<hallyn_> roaksoax: it makes it clearer whether it's beenupdated in an sru so i like that
<uvirtbot> Launchpad bug 1203241 in charm-helpers "relation_get() on a non-set relation setting does not return None" [Undecided,New]
<roaksoax> hallyn_: but you are right, It doens' really matter cause the versions are not shared between releases :)
<jamespage> adam_g, well it did do the right thing once upon a time...
<adam_g> jamespage, the relation_get() in core.hookenv?
<adam_g> i thought so too
<jamespage> adam_g, yes - because I made it do that
<adam_g> hah
<jamespage> unit/config/relation
<adam_g> thats what i thought. i wonder if juju's interface changed (as mentioned in the bug)
<adam_g> jamespage, pushed
<adam_g> jamespage, the main nova.conf template is getting ugly. we may want to look at using template inheritance to handle that
<adam_g> jamespage, also a bunch of nova-compute changes pushed
<hallyn_> stgraber: so fwiw i pushed lxc-user-nic (bc it doesn't change anything, just adds a so far unused binary) and the cgroup rework sets (bc without it nested containers are broken) ) to staging.
<hallyn_> if the cgroup set breaks anything i'll git-revert it poste haste, but there was no comment and "it works here" :)
<roaksoax> hallyn_: done!
<hallyn_> roaksoax: thx
<jamespage> adam_g, I might know what the relation_Get issue is
<jamespage> there was a change in behaviour from pyjuju -> juju-core
<jamespage> in that 'null' was being returned for a missing relation key rather than empty string
<jamespage> I suspect that has been fixed!
<adam_g> jamespage, hmm
<adam_g> jamespage, so juju-core returns empty string for config-get/relation-get when nothing is set?
<jamespage> adam_g, not sure - I would need to re-test
<jamespage> it certainly did not at some point in time
<smoser> hallyn_, stgraber utlemming i just hit 'publish' on http://ubuntu-smoser.blogspot.com/2013/08/lxc-with-fast-cloning-via-overlayfs-and.html
<smoser> thanks for your great work.
<smoser> anyone else using lxc, espeicailly with the lxc ubuntu-cloud template might find that interesting.
<sarnold> smoser: cool :)
<blkperl> sarnold: awesome, will these new changes be availible in openstack too?
<blkperl> I havn't really played with lxcs in openstack yet.
<sarnold> blkperl: sorry, no idea
<adam_g> blkperl, no, unfortunately nova's current lxc support uses a different implementation (libvirt+lxc)
<adam_g> jamespage, all grizzly branches migrated to lp:~ubuntu-server-dev, build scripts updated and 2013.1.3 update retargetted
<roaksoax> adam_g: how would you test a section of a charm that looks like this: http://pastebin.ubuntu.com/5985960/
<roaksoax> adam_g: (the test in it fails because it seems that it only catches the last relation_set function being executed
<roaksoax> so I can only assert against the last one
<adam_g> roaksoax, which assertion is failing, the very last?
<roaksoax> adam_g: yep
<adam_g> roaksoax, i think you want to look at self.relation_set.call_args_list
<roaksoax> adam_g: because it compares against the relation_set for image-service
<roaksoax> adam_g: http://pastebin.ubuntu.com/5985970/
<adam_g> roaksoax, something like this http://paste.ubuntu.com/5985971/
<roaksoax> adam_g: so the actual assert comparison is against "Actual call: relation_set(glance-api-server='https://10.10.10.10:9292', relation_id='identity-service:0')" whcih is the second if statement, when I want to compare against the first statement
 * roaksoax looks
<blkperl> adam_g: :(
<roaksoax> adam_g: thanks
<zul> Daviey:  ping
<zul> Daviey:  can you review oslo.messaging tomorrow its in the source new queue
<cppCzar> What version of ubuntu is best paired with postgres?
<hallyn_> smoser: via-via :)
<roaksoax> adam_g: glance didn't require to save an rc script with the environment variables right?
<hallyn_> smoser: your blog requires js
<smoser> hallyn_, do you need me to give you a recommendation for operating system that has a browser capable of rendering it ?
<adam_g> roaksoax, if its not in the bas charm dont bother, im not even sure anyone is actually using those rc files naymore
<smoser> hallyn_, https://gist.github.com/smoser/6199772
<hallyn_> smoser: you're asking me if i need my computer to run your code for you?
<hallyn_> this should be good :)
<smoser> hallyn_, you already run my code. your machine last checked in at
<smoser> Wed Aug 14 19:11:04 UTC 2013
<Daviey> zul: Yes
<roaksoax> adam_g: so yueah I had this in config_changed: http://pastebin.ubuntu.com/5986146/ i guess I can simply drop it
<hallyn_> smoser: that's not my machine, just one of my decoys
<zul> Daviey:  merci buckets
<smoser> no, thats the real one. one of your decoys failed checkin last night.
<smoser> hallyn_, ifyou'd rather git checkout https://gist.github.com/smoser/6199772 is basically it.
<smoser> i just really didn't like having to deal with blog entires, so i started putting stuff in gists
<hallyn_> smoser: no no i trusted you implicitly so enabled js just for your blog post
<hallyn_> smoser: drat.  the nice thing about regular blog posts is i can read them from readitlater on my ereader
<smoser> yeah, that does suck. i agree.
<smoser> but getting reaasonable syntax highlighting in blogger sucks
<smoser> and then updating it also sucks
<hallyn_> heck just getting code to render properly in blog sucks
<hallyn_> no arguments there
<smoser> yeah, that is basically what drove me to the "just use github"
<Daviey> smoser: you switched to github pages?
<hallyn_> Daviey: that was awhiel ago, but now he has switched to github scripts which you download which use sed to noninteractively write the blog post on your system.
<hallyn_> he finds that more authentic
<smoser> no. i use blogger and just include a gist in the file
<hallyn_> smoser: and is that pushed to planet.u.c?
<smoser> should be.
<smoser> yeah, syndicated there.
<smoser> oh.
<smoser> shoot. i see.
<smoser> that sucks.
<smoser> you have a better solution for that?
<hallyn_> nope, not even sure what the problem is
<smoser> getting syntax highlighting / formatted code into a blog post.
<hallyn_> no, last time i looked into it ppl were suggesting some wordpress pluging - bleh
<smoser> right.
<smoser> so that sucks.
<smoser> so i just reference gists via javascript
<smoser> but clearly that does not syndicate well
<Daviey> hallyn_: haha.. is this how smoser browses ? http://article.gmane.org/gmane.os.openbsd.misc/134979
<rbasak> I'm using Pelican (Python) now as a static blog generator, so now I can write my posts in markdown. It supports syntax highlighting apparently, but I haven't tried it. Also I have little experience, having now written a grand total of one blog post (with Pelican that is).
<Daviey> rbasak: I also have been experimenting with Pelican, then pushing it up to Heroku
<rbasak> I'm pushing to a server running apache (I know. Old school!)
<hallyn_> rbasak: hm, i may try that
<Daviey> rbasak: I was more looking for a reason to learn Heroku.. But I agree, i prefer simply pushing it up to a server
<hallyn_> rbasak: what about comments?  (bc we all want commnets :)
<rbasak> Scaling blogs down is what the cool kids do nowadays. I'm sure my cheap VPS will be able to do plenty of traffic when it's serving only static pages.
<Daviey> hallyn_: I added google plus to the footer for comments
<rbasak> hallyn_: I haven't done comments, but Pelican supports Disqus out of the box I think.
<hallyn_> Daviey: i dn't do g+
<hallyn_> rbasak: ok, i'll have to look into it.  thanks for the tip
<rbasak> I've stopped believing in comments. People can email me, blog a rebuttall, or tweet, or something I figure.
<jcastro> I'm using Octopress for static blog
<hallyn_> agreed, i dno't think i actually want comments
<rbasak> Moderating comments is too much of a pain when in reality I'll get a comment once a year or something.
<jcastro> https://twitter.com/AvoidComments is relevant here
<hallyn_> jcastro: there's another timesink.  :)
<ubuntuissue> Is there any USB 3.0 issued or issues with the USB 3.0 cont rollets?
<smoser> hallyn_, i donr tknow if you consider it a bug or not
<smoser> but: lxc-destroy -n hallyn_loves_lxc_but_this_container_doesnt_exist
<smoser> exits with '0'
<smoser> and that is a change from previous behavior also.
<rbasak> lxc-stop also behaves like that
<rbasak> (in Raring at least)
<smoser> hm..
<roaksoax> adam_g: ok I added the tests for all fo the glance_relations, you want a MP against the branch in ~openstack-charmers ?
<adam_g> roaksoax, sure
<smoser> oh wait. i'm wrong. it does exit failure (1) it just doesn't complain anywhere.
<roaksoax> adam_g: done! https://code.launchpad.net/~andreserl/charms/precise/glance/port/+merge/180224
<adam_g> roaksoax, word
<jamespage> adam_g, hey - I just synced the reprepro archive for havana in the CI lab from havana-staging
<hallyn_> smoser: yeah just pulled up the source ...  lxc_destroy could spit out an error
<jamespage> adam_g, we suck at backporting there first...
<hallyn_> (lxcapi_destroy() should not)
<adam_g> jamespage, ah cool
<smoser> http://paste.ubuntu.com/5986246/
<smoser> hallyn_, ^
<smoser> http://paste.ubuntu.com/5986259/
<smoser> better
<hallyn_> i think you make ad money off pastebin somehow
<smoser> well, i get a referrer fee everytime i use pastebinit.
<smoser> most of hte money goes to stgraber
<hallyn_> lol
<hallyn_> smoser: yeah lxc_stop is doing exit(-1) instead of exit(1)
<hallyn_> i'll fix both of those right now in upstream
<smoser> fix to what ?
<smoser> what is right ?
<smoser> 0 ?
<hallyn_> lxc_destroy will spit out a msg,
<hallyn_> and lxc-stop will exit 1
<hallyn_> i consider it an error to ask to stop c when ci s not running
<hallyn_> disagree?
<hallyn_> (also, note there's a big cgroup rewrite so next time i build ppa it *may* cause troubles...  but shouldn't, i've obviously tested)
<smoser> its argubable, but i think its bikeshed, so i'd recommend staying consistent with previously published behavior.
<smoser> hallyn_, do you want a bug for "keep track of child ephemeral mounts"
<smoser> ie, clones that depend on a master
<hallyn_> smoser: yeah sure
<hallyn_> smoser: wait.  lxc_destroy *does* print an error if container is not found.
<hallyn_> smoser: oh.  right.  this is actually more complicated than it seems
<hallyn_> the problem is that there is the concept of containers withotu a config file
<hallyn_> ok, nm, should be ok
<smoser> i didn't make that pastebin up.
<hallyn_> smoser: what's to stop you?
<hallyn_> yeah nm, fixed in git head nwo
<smoser> https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1212414
<uvirtbot> Launchpad bug 1212414 in lxc "lxc-destroy allows unsafe destruction of overlayfs sources" [Undecided,New]
<smoser> hallyn_, ^
<hallyn_> smoser: great, thanks
<Slyboots_> Hi
<Slyboots_> Evening
<Slyboots_> Im curious, trying to setup Ubuntu as a NAS, running iperf to test network througput but.. well for a GigE network with Intel Pro1000's on each side its only reporting about 650Mbit/sec
<Slyboots_> Shoudlnt a Gige network be faster?
<maswan> Slyboots_: it should, clocking gige at >950Mbit/s on the LAN hasn't been hard for, hm, 8-10 years now.
<Slyboots_> Im at a total loss as to what the hell is wrong with this server, I really am
<Slyboots_> Had a samba/nfs setup that heh, could WRITE to the shares at about 80MB/sec which is about what iperf is reporting
<Slyboots_> READING from those exact same shares, in either networking format (smb/nfs) 30MB/sec
<Slyboots_> So, I've got it totally stripped down to the nuts and bolts and testing each componant, one at a time lol
<Slyboots_> I've tried increasing the TPC window size to 1Mbyte, and thats got the speed up to 920Mbits/sec which.. is nice
<Slyboots_> Anyone any idea why my NIC's would be detected.. but not work (no dhcp responce, and they are marked as DOWN in ip addr)
<Slyboots_> But they work  fine in a liveCD enviroment
<RoyK> Slyboots_: wierd - does it work with a static IP?
<Slyboots_> Just about to try that now
<rbasak> jamespage: my mongodb build test succeeded from your branch. As did the buildd. Looks like it's migrated from proposed too.
<rbasak> \o/
<jamespage> rbasak, indeed!
<jamespage> 2.5 hrs - not bad
<jamespage> only x2 amd64
<rbasak> I got 02:48:34 on my highbank node
<rbasak> I might try -j5 next time. That was -j4.
<Slyboots_> Right.. So I put two entries in /etc/network/interfaces for static..
<Slyboots_> and.. they arnt "taking"
<Slyboots_> if I run ifconifg eth0 down/up the interface comes "up" but it doesnt have an IP assigned
<jamespage> zul, please can you fixup the versioning on the oslo.messaging upload
<jamespage> zul, 1.2.0~a4-0ubuntu1
<MraMaria> hello all. I get this warning after an installed Ubuntu13.04-64-mini, advanced mode: "" Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), [after that all as] "pt_PT@euro", except LANG = "en_US.UTF-8" [as i want main language as english] . Could you please help me solve this issue...
<jamespage> otherwise you will end up epoching when it releases to 1.2.0
<MraMaria> btw, during certain operations i get: "locale.Error: unsupported locale setting"
<adam_g> zul, can you please start merging your approved changes into packaging  branches when you push them instead of just pushing your local branch directly?  i use tarmac locally to do it, i just run it whenever something is ready for merging
<adam_g> zul, my tarmac.conf http://paste.ubuntu.com/5986517/
<zul> jamespage: ack
<zul> adam_g:  ack
<thumper> morning folks
<jamespage> hey thumper
<jamespage> zul, you might want to fixup your bzr whoami from wherever you are working right now as well
<jamespage> (typo in your email address)
<MraMaria> someone please help me with that...
<sarnold> MraMaria: I'm sorry, I thought that was just background information before the question..
<sarnold> MraMaria: can you restate your question?
<MraMaria> sarnold: :)
<MraMaria> I get this warning after an installed Ubuntu13.04-64-mini, advanced mode: "" Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), [after that all as] "pt_PT@euro", except LANG = "en_US.UTF-8" [as i want main language as english] . Could you please help me solve this issue...
<sarnold> ah, see, I don't see an issue to solve.
<MraMaria> sarnold: i'll pastebin the output of all warning...
<sarnold> MraMaria: perhaps pastebin the current output of 'locale' and maybe add to it what you'd -like- the output to be..
<sarnold> that's a good idea :)
<MraMaria> sarnold: http://paste.ubuntu.com/5986558/ and i'll put also for 'locale'
<bcessa> hi there, super newbie question, I'm trying to test a saucy package in 12.04, can someone point to some info on how to do it? thnx
<sarnold> MraMaria: do you have both language-pack-pt language-pack-pt-base packages installed?
<MraMaria> sarnold: http://paste.ubuntu.com/5986563/ : output for 'locale' - the main idea is to have the lang as english but all other settings as PTâ¬euro
<MraMaria> sarnold: i've selected basic ubuntu-server during the installation...
<sarnold> MraMaria: you may need all four packages, language-pack-pt language-pack-pt-base language-pack-en language-pack-en-base  installed
<MraMaria> sarnold: i'll do it now.. :)
<MraMaria> sarnold: it seems like is solved. thanks so much :)
<sarnold> MraMaria: nice! :) have fun
<MraMaria> sarnold: can i post anothet matter, pls :)
<sarnold> MraMaria: sure
<MraMaria> i know we should not have any graphic interface on server. altough this is a new (rebuilded) machive and i would like to explore it before going into "production". due to that i've installed lubuntu minimal. however, although i get a lubuntu logo i don't get the login dialog. startx didn't work...
<MraMaria> sarnold: wait.. i've installed basic-server + lubuntu minimal...
<sarnold> MraMaria: try "serice start lightdm" ?
<MraMaria> sarnold: okay
<MraMaria> sarnold: i have 1 phone call.. brb. sorry
<Slyboots_> I really cant figure this out.. Oh great Tux! Please help.. I've got fish! tasty.. tasty fish!
<sarnold> Slyboots_: pastebin your interfaces file?
<Slyboots_> I've setup Samba (and NFS) on my Ubuntu server, I can write to the server at about 110MB/sec which is fine
<Slyboots_> sarnold, Oh I fixed that :) .. typo in the interfaces file -.-
<sarnold> Slyboots_: oh yay :)
<Slyboots_> I can only read files OFF the server.. at about 30MB
<Slyboots_> if I use DD to write zeros to the disk, I get about 650MB/sec.  Same thing to read files from disk to /dev/zero I get 564MB/sec
<Slyboots_> Which, is a lil weird in itself but..
<sarnold> Slyboots_: how large of files are you reading and writing?
<Slyboots_> 2-4GB in size
<Slyboots_> I've tried larger (up to 14GB) but it doesnt seem to maky any difference
<sarnold> nice ssd then. :)
<Slyboots_> I can write to the disks at blazing speeds, but reads are terrible
<Slyboots_> .. what?
<Slyboots_> no.. metal SATA2 disks
<sarnold> really?
<Slyboots_> WEll I have a SSD in my desktop..
<sarnold> the best metal disks I've seen go around 80-100 MBps.
<sarnold> The metal disks _I_ owned went around 40-60 MBps.
<sarnold> and reading cold-cache files from disk at 30 MBps would make sense if they were 'smallish', say half a meg or smaller..
<Slyboots_> I dunno, these files should really be cached anyway
<Slyboots_> Im copying right to the disk, then right back off
<Slyboots_> But the reads are terrible no matter what I seem to do
<Slyboots_> Im going to try pulling all the RAM, see what that does :P
<MraMaria> sarnold: 'service start lightdm' didn't work. something might be wrong with the graphics adapter... when is the time for the login dialog the monitor displays it... i did dpkg-reconfigure lightdm and didn't help also. i think i'm going to purge lubuntu-core or.. any other suggestion?
<MraMaria> when is time for login dialog the monitor displays it bu king on a bling stage
<MraMaria> agrrrr.. geeez, ... the monitor displays it but in a kind of blink stage...
<MraMaria> just keeps binking it
<MraMaria> however, txt mode works fine and also the lubunto logo displays fine
<roaksoax> adam_g: are the latest charmhelpers in lp:charmhelpers or can i still use the ones in openstack-charmers?
<adam_g> roaksoax, you should be abel to use lp:charm-helpers.
<roaksoax> adam_g: ok so does htis make sense to adapt to the newest charm-helpers?
<roaksoax> http://paste.ubuntu.com/5986786/
<adam_g> roaksoax, makes sense, assuming it still works for you
<roaksoax> adam_g: test pass yes, haven't deployed though
<LargePrime> hello beautiful people
<LargePrime> how can i block a list of ips?
<sarnold> LargePrime: iptables (perhaps with ufw frontend) or null-route them (route or ip route commands)
<kirkland> LargePrime: /etc/hosts.deny works too
<adam_g> roaksoax, did you forget to add the .coveragerc?
<roaksoax> adam_g: i did indeed
<roaksoax> adam_g: done now
<adam_g> roaksoax, ah, cool
<adam_g> roaksoax, lookin good
<roaksoax> cool
<roaksoax> ;;)
<roaksoax> thanks for the review
<roaksoax> with that I'm off for the day
<roaksoax> s/done/
<LargePrime> it seems hosts deny is depreciated
<LargePrime> can i supply a list to iptables?
<sarnold> host.deny isn't exactly deprecated; there's just a lot of programs that don't use it these days..
<LargePrime> https://help.ubuntu.com/community/IptablesHowTo#Saving_iptables  I am looking ao soluition #2
<LargePrime> at*
#ubuntu-server 2013-08-15
<ubuntuissues> Is anyone familiar with data recovery on potential high-loss system?
<ubuntuissues> Right now, it seems that the OS, /home and three storage drives are corrupt.
<ubuntuissues> Which total about 3+TB
<sarnold> ubuntuissues: no backups, hunh?
<sarnold> ubuntuissues: I've used autopsy / The Sleuth Kit before with good success
<ubuntuissues> I did have backups, but, for a home-use server, the backups were on second drive in the same machine.
<ubuntuissues> That second drive is also hosed.
<ubuntuissues> Or gone
<ubuntuissues> corrupt, either way, I don't have access to the backup because it is experiencing the same issue.
<ubuntuissues> Even the / drive was on RAID 1
<ubuntuissues> The testdisk log shows this, which is why I am concerned: http://pastebin.com/1gTBcuaQ
<bradm> ubuntuissues: you didn't have backups then if it was on the same machine, sorry.
<ubuntuissues> I mean, I understand that mentality of backups,  but, when you are a student and money is hard to come by, the best option that I had was to backup one set of drives was into another set of drives in the same machine.
<sarnold> that'll help against accidental rm -rf but not fire, theft, or some power anomaly that destroys all the drives in one go.. uesful but not perfect.
<sarnold> (I have a second drive in my laptop for backups; it'd suffer the same fate as yours, and doing something better has been on my todo list for a while..)
<ubuntuissues> sarnold, can the software you mentioned above be run on the ubuntu live cd?
<ubuntuissues> I guess a better question, is it a downloadable package on the ubuntu live cd
<sarnold> ubuntuissues: I believe it should run fine from the live cd after downloading and installing
<ubuntuissues> Sorry sarnold but something is failing me, because I don't see how this is installing. I do have to ./configure, don't I?
<sarnold> ubuntuissues: I'd just expect apt-get install autopsy ; autopsy  -- then you'd need to aim a web browser at the port it opens
<ubuntuissues> Because right now, I seem to be getting errors on make: http://pastebin.com/ThiRQZXi
<ubuntuissues> Oh... well, that would be cause number one.
<ubuntuissues> Nevermind then.
<ubuntuissues> Sorry, I was going through the process of manually installing it. Anyways, installing it from the apt-get, it brings me back a message to go to http://localhost:9999/autopsy, except when I do that I get: Unable to connect  Firefox can't establish a connection to the server at 127.0.0.1:9999.
<sarnold> ubuntuissues: you may need to run the autopsy program with arguments, and probably have to run it as root.. it's been a few years since I've used it.
<ubuntuissues> Yeah, sorry, I just need to slow down. I am really uptight, anxious and frustrated that this happened right now.
<ubuntuissues> What would be the proper way to dd the disk so that I can work with a dd'ed copy rather then the actual hard drive?
<knnl4110> Hi all. Anyone know why I can't select "Enable PAE/NX" in the VirtaulBox?
<sarnold> knnl4110: it would depend upon your CPU to provide the feature; the feature may not be available to VMs unless you've also got the correct VT extensions on the CPU..
<knnl4110> thanks sarnold . Any way for me to check that stuff?
<sarnold> knnl4110: /proc/cpuinfo has the flags..
<knnl4110> I tried "VBoxManage modifyvm UBUNTU_ALFRESCO --pae on" and got no errors in Terminal, but still didn't work in VB
<sarnold> knnl4110: .. and this page has (too many :) details: http://en.wikipedia.org/wiki/VT-d
<knnl4110> sarnold: thanks. if I dont see PAE in the flags in /proc/cpuinfo, i'm out of luck?
<knnl4110> I'm not sure what I'm looking for on the wikipedia page, unfortunately.
<sarnold> knnl4110: probably yes :( what does the "address sizes" line look like?
<knnl4110> 32 bits physical, 32 bits virtual
<sarnold> knnl4110: yeah, no PAE there. :/
<sarnold> knnl4110: how about the cpuflags "vmx" or "svm"?
<knnl4110> sarnold: I don't see either of those :(
<knnl4110> thanks for the help. I just didn't want to have two laptops out. Oh well. Thanks for the
<sarnold> knnl4110: have fun :) sorry for the bad news..
<knnl4110> sarnold: it's ok. I'll get it up and running one day. Cheers again
<sarnold> :)
<LargePrime> my server just stopped acceppting my ssh connections
<LargePrime> sarnold:
<LargePrime> please help
<LargePrime> sarnold:  are you free?
<LargePrime> My SSH has stopped responding
<LargePrime> it is killing my net connection
<LargePrime> anyone please?
<freeflying> wondering if we have vlan pulled into 13.10 server iso
<mardraum> freeflying: you can use /sbin/ip instead, in case you didn't know eg "ip link add link eth0 name eth0.1 type vlan id 1"
<freeflying> mardraum: yep, I know that, but thought vconfig might be a little bit straightforward
<LargePrime> so apparently i blocked ssh access to my server
<LargePrime> any idea on where to look to undo his blocked port?
<LargePrime> so i am in rescue mode
<LargePrime> I have a ssh session
<virusuy> uhmm , is sshd runnig ?
<LargePrime> in a funny way ya.  ovh has a emergency mode
<LargePrime> http://help.ovh.com/RescueMode
<LargePrime> virusuy: but i cant figgure how to mount my disks to even look at why port 22 is blocked in a normal boot
<LargePrime> sorry i did not get right back to you.  I was googling
<LargePrime> so i am horriably desperate.  any help please?
<LargePrime> ok so i think i got my drives mounted in rescue mode
<LargePrime> any idea what i messed up in iptables to block 22
<Ben64> LargePrime: what did you do
<LargePrime> i was bad
<LargePrime> I have no idea
<LargePrime> the server just stopped respoinding to ssh
<LargePrime> Ben64:
<Ben64> you should really know what you're doing and what you did
<Ben64> especially on a server
<LargePrime> i think i did iptables -A INPUT -s spammeraddress -j DROP
<LargePrime> then it went to shit
<Ben64> pastebin the output of iptables -L
<LargePrime> you understand i am on a rescumode session
<LargePrime> not the actual server
<LargePrime> i can only view the files of the real server
<LargePrime> i cant run them.
<LargePrime> Ben64:
<LargePrime> infact i seem to not even be able to mount my disks
<LargePrime> wait no, i found them
<LargePrime> i have an iptables.rules files i saved just before all this happened?
<Ben64> i don't think iptables rules even carry over after reboot
<LargePrime> please help
<LargePrime> thats what i thought
<LargePrime> but port 22 had nothing listening
<LargePrime> after the reboot still nothing
<LargePrime> see i was looking how to permently block a set of ips
<LargePrime> and then port 22 shut down
<LargePrime> ha
<Ben64> is the rest of the server working
<LargePrime> rebooting now
<LargePrime> ok so hosts.deny is giving ssh issues
<LargePrime> ok so i got it
<LargePrime> I added a few ips to hosts.deny
<LargePrime> apparently incorrectly
<LargePrime> edited them out and the server is up
<LargePrime> i feel kinda grown up
<LargePrime> fixed it mostly myself
<LargePrime> Ben64:  you still have a little time?
<Ben64> perhaps
<LargePrime> your thoughts on blocking ips for my server?
<LargePrime> like a link or something to googl
<LargePrime> I was adding to iptables
<Ben64> fail2ban ?
<LargePrime> but reboot removes that
<LargePrime> fail2ban
<LargePrime> I like it
<Ben64> yeah, doesn't require much if any hands on work
<SpamapS> Daviey: do they still let you on IRC?
<SpamapS> Daviey: I'd have thought by now you'd be locked up or something. :)
<stgraber> hallyn_: hi, sorry I was out for the day. I'm fine with those two changes in staging, user-nic is indeed not used so that's fine and we wanted the cgroup fixes
<Daviey> SpamapS: I feel the need to be locked up, fwiw :)
<Daviey> SpamapS: Do they still not let you sleep?
<jamespage> morning all
<jamespage> zul, I disabled the glance tests again - its still trying to run the functional tests which fail and consume stupid amounts of resources!
<stgraber> hallyn_: managed to get LXC to build on Android again!
<jamespage> zul, Daviey: can I get a review on https://code.launchpad.net/~james-page/neutron/august-fixes/+merge/180303 please
<jamespage> zul, Daviey, adam_g: review please - https://code.launchpad.net/~james-page/keystone/testing-refactoring/+merge/180305
<moldy> where can i find complete documentation of the /etc/network/interfaces file? the manpage is obviously incomplete
<Daviey> jamespage: looking
<jamespage> Daviey, thanks
<Daviey> jamespage: i did not know upstream dropped neutron-dhcp-agent-dnsmasq-lease-update. Interesting
<rbasak> moldy: various packages extend the functionality of /etc/network/interfaces with their own keywords. I'm not sure there's a summary of them all. wpasupplicant, bridge-utils and ifenslave-2.6 a few examples
<moldy> rbasak: ok, thanks
<moldy> somehwat related question: entering ``domain mydomain`` into resolv.conf, vim highlights this as an error -- is it one?
<Daviey> jamespage: Why the move to patch test-overrides, rather than carrying our own now?
<jamespage> Daviey, makes things more inline with what we do elsewhere and ensures that if the upstream overrides configuration file changes, then we notice :-)
<Daviey> I am supportive of that!  Thanks :)
<jamespage> Daviey, https://github.com/openstack/neutron/commit/e7acc15571bc6f1e837afaab3ae13a9233036d4e
<Daviey> jamespage: Aproved both, not merged.
<jamespage> Daviey, thanks!
<linuxabc> Does anyone have experience with this thin client? http://www.parkytowers.me.uk/thin/Igel/2100/IgelLinux.shtml
<greppy> tinycore?  it's not a bad little distro if you need something tiny.
<zul> jamespage:  ack...can you review https://code.launchpad.net/~zulcss/heat/refresh-aug14/+merge/180150
<jamespage> zul, +1
<jamespage> zul, looking at the ceilometer test failures now
<zul> ack
<zul> Daviey:  can you reject oslo.messaging i have to tweak it
<Daviey> ok
<Daviey> (done)
<linuxabc> Thank you!
<Daviey> roaksoax: I accepted dlm, but i'd be happier if you provided a way to reliably reproduce the orig tarball... debian/watch or get-orig-source (or both) and dep3 patches headers for the 3 new patches... perhaps on a future upload?
<jamespage> zul, keystoneclient trunk needs an unpackaged dep - httpretty
<jamespage> its for testing only
<zul> httpretty? really?
<zul> jamespage:  *sigh* 3 of the deps needed for httpretty is not in the archive
<jamespage> zul, great!
<soren> OMG, python-sure looks horrible.
<zul> jamespage: i hope that was sarcasm
<jamespage> zul, ;-)
<jamespage> sure was
<zul> soren: dont....say.....that
<jamespage> zul, OK - lets be pragmatic
<jamespage> this is for trunk of keystoneclient
<jamespage> how likely are we to need another release of keystoneclient prior to havana?
<soren> srsly. It hacks every single object's __dict__ to allow you to do shit like (3).should.be.equal(3).
<soren> And only works on CPython.
<zul> jamespage:  unfrontunately im not sure because clients dont have a regular release cycle, its whenever there is a feature of a bug that needs to be fixed
<zul> Daviey:  btw can you have a look at oslo.messaging again
<Daviey> zul: In about 1hr i will.
<zul> thanks
<zul> jamespage:  is the httpretty stuff only being used by one test, if so why not skip it
<Daviey> zul: Looking at it, i am inclined to agree that the expectation to package that and it's deps, MIR it all.. is all pretty OOT for a single unit test.  jamespage, agree?
<hallyn_> stgraber: cool. i did remove strdupa from cgroup.c to help that :)
<zul> Daviey:  oslo.messaging?
<zul> Daviey:  or httpretty?
<Daviey> zul: httpretty
<zul> Daviey: i was thinking of skipping the test and waiting for zigo to catch up and then when its in the archive re-enable it and do the MIR
<Daviey> zul: Well that doesn't solve the MIR problem.. :)
<zul> Daviey: sure it puts it off :)
<hallyn_> ahs3: will you be able to push the netcf fix today?
<Pinkamena_D> my server has been working fine for about two years but crashed yesterday and wont boot up today. POST goes fine but then I just get a blinking cursor forever.
<Pinkamena_D> The blinking cursor can not be bypassed by holding shift during boot, or pressing the alt Fkeys
<Pinkamena_D> any other cause of this?
<roaksoax> Daviey: awesome! thanks. will take care of that
<jamespage> zul, I'm going to disable the unit testing in ceilometer for the time being
<zul> jamespage:  ack
<jamespage> zul, I'll talk with upstream to see if it feasible to skip any tests that required mongodb based on the connection env var not being set
<Daviey> jamespage: why all testing, can we not be more selective ?
<jamespage> Daviey, well I've spent 3 hours trying to be more selected
<Daviey> oh, fair enough.
<jamespage> law of dimishing returns and all that
<Daviey> For the time being, if we make sure the uploader runs the unit tests prior to uploading - i think that is a reasonable compromise, until we have something more graceful
<Daviey> zul: oslo.messaging is ok, but please fix the debian/watch file (typo of -, rather than . near the end).. and also I wanted to ask how close to py3 compat it has?
<Daviey> (accepted)
<zul> Daviey:  its not its depends on eventlet so when that goes away i can fix it up
<zul> thanks btw ;)
<Daviey> zul: bug 1212684
<uvirtbot> Launchpad bug 1212684 in oslo.messaging "debian/watch has a typo" [Undecided,New] https://launchpad.net/bugs/1212684
<zul> Daviey:  thanks
<Chocobo> Does anyone know if cloudinit has it's own channel?
<hallyn_> stgraber: oh, on the core_pattern patch, might have helped to cc: akpm or linus directly
<Chocobo> aahhh, it has a -
<Chocobo> nm
<hallyn_> stgraber: linus doesn't read the list.  akpm does, but i suspect heavily limits based on senders he recognizes
<hallyn_> i'll reply, cc:ing akpm
<Daviey> zul: the irony is that i made a typo in the bug title :)
<stgraber> hallyn_: ok, thanks
<zul> Daviey: hehe
<Daviey> Chocobo: #cloud-init, but you often get success here.
<zul> Daviey:  i have to send a patch as well
<Chocobo> Daviey: ok, thanks.
<Chocobo> How would I go about setting root's password to something random, and expire it (only one time).  I am looking in the documentation and I see "password: passw0rd" but I don't know how you tell it which users password to set.
<Daviey> Chocobo: I answered in the other channel, untried.
<ahs3> hallyn_: dunno about today -- does netcf need to?
<hallyn_> ahs3: well it's a bad memory leak, but people will only really hit it if they ahve virt-manager up
<ahs3> hallyn_: okey dokey.  i'll see if it can sneak it in.
<hallyn_> ahs3: thanks
<hallyn_> ahs3: (please let me know if you just dont' have time)
<hallyn_> stgraber: will you ahve a chance to review patch 7/8 in Christian's attach patchset?
<stgraber> hallyn_: maybe on the place on Tuesday, I doubt I'll have much lxc time before that
<hallyn_> stgraber: ok, in that case i'll take one more close look and apply it with the rest of the set, but please do still review it and we can ask for changes next week if needed.
<jamespage> zul, do you think you can persuade upstream not to use httpretty?
<zul> jamespage:  possibly
<hallyn_> stgraber: apparently i broke lxc in the ppa though.  how, i'm not sure.
<stgraber> hallyn_: ah? my laptop still seems fine, though I'm not sure whether I actually started any container today or just used existing ones.
<hallyn_> stgraber: well the ubuntu template seems to have forgotten about the --rootfs options
<hallyn_> oh no.  lxc-templates didn't get installed from ppa
<hallyn_> interesting
<stgraber> hallyn_: ah yeah, that happens when i386 takes longer to build than amd64
<stgraber> as lxc-templates is our only arch:all package
<hallyn_> stgraber: but then...  why wouldn't the previous version still be in the ppa?  the old version gets deleted first?
<hallyn_> stgraber: phew, that's a relief.  i didn't break it :)
<Pinkamena_D> Hello, I was here about an hour ago asking about a failed boot, I just had to commute to work... I am wondering what would cause this. My server had been running fine for a very long time, no new software installed anytime recently. First, it froze completely and had to be rebooted, now it POST's correctly but after It tried to boot the ubuntu server hard drive, its just a blinking cursor
<stgraber> hallyn_: cool :)
<Pinkamena_D> this is ubunu server 11.10
<Pinkamena_D> I am sorry about the spelling, just not used to this keyboard.
<Pinkamena_D> Is there some key I can hold which will allow me to boot into a failsafe mode? holding shift did not work
<patdk-wk> holding shift doesn't boot into failsafe
<patdk-wk> it just takes you to the grub menu, where you can select to boot to failsafe
<patdk-wk> if shift doesn't work, you are using old grub, use control instead
<patdk-wk> ya, 11.10 is old grub
<Pinkamena_D> well, in the past I have used shift to delete quiet splash and put nomodeset
<Pinkamena_D> so grub may have been updraded along the way
<patdk-wk> maybe, can't remember exactly when, but thought it was in 12.04, but maybe it was in one of the prereleases
<kami`> Hello. Does one really need 10 servers to install OpenStack or is it possible to create a all-in-one installation on one (4 HexaCore CPU, 94 GB RAM, 7TB HDD) server?
<FunnyLookinHat> kami, http://devstack.org/
<FunnyLookinHat> I've setup test environments using that on a single box that have Compute / Object-Store / Etc.
<kami> FunnyLookinHat: thank you, but IIUC, that config is not suitable for production use, security-wise
<FunnyLookinHat> kami, Oh you want production ? hmm
<FunnyLookinHat> kami, I'd ask in #openstack - but my guess is that they will tell you there is no "good" production way to run a single-server OpenStack instance
<kami> FunnyLookinHat: will try there, thank you.
<FunnyLookinHat> kami, Also - I'd be interested to know how it fails in terms of Security.
<FunnyLookinHat> As far as I can tell, if you use good password practice it'll work... but I can tell you that it slows down if you spin up / remove around 20-30 servers...  resources seem to just go missing
<n1rvana> Greetings.  I'm a linux noob.  What's a the standard way to restart a process if it dies? (EG: automatically, assuming I'm not around to see it.)  The process in question is an erlang VM running my app.
<hallyn_> github, come back :(
<FunnyLookinHat> n1rvana, If you were to use upstart I believe you add respawn
<n1rvana> FunnyLookInHat - thanks, hadn't heard of that before will look into it.
<FunnyLookinHat> n1rvana, Yeah - upstart is the best way to manage services in Ubuntu .  Here's what a script might look like: http://hastebin.com/fubajesuca.sql
<FunnyLookinHat> n1rvana, It's handy too - once you've set it up, you can just run something like: sudo service myapp start to get it running, or you can configure it to run automatically ( like in the above ) when certain conditions are met
<n1rvana> FunnyLookInHat Excellent.  I assume this works for user-space processes, so I won't need to start it as root, and it will restart it when/if it dies.  I'll go learn about it now.  Thanks, looks like you provided just what I needed.
<FunnyLookinHat> Yeah absolutely - good luck!
<roaksoax> Madkiss: newer pacemaker FTBFS in ubuntu: cp: cannot stat 'debian/tmp/usr/lib/lcrso/pacemaker.lcrso': No such file or directory
<roaksoax> dh_install: cp -a debian/tmp/usr/lib/lcrso/pacemaker.lcrso debian/pacemaker//usr/lib/lcrso/ returned exit code 1
<smb> zul, Before you start looking at libvirt merge, check your inbox
<zul> smb:  arrrgh
<zul> smb:  i was just bugged about it..
<smb> zul, It might be just two add-on patches
<smb> zul, I know :)
<keithzg> Hmmm. Trying to upgrade an ANCIENT server I've inherited; it's running Jaunty! Attempting the first stage, bringing it up to Karmic, via https://help.ubuntu.com/community/Upgrades#Upgrades_via_alternate_CD, but it's claiming "The package 'update-manager' is marked for removal but it is in the removal blacklist".
<keithzg> Hmmph, I've pointed /etc/update-manager/meta-release towards a local copy that doesn't have anything after Karmic listed, but do-release-upgrade still tries to get Lucid and then complains that that isn't supported.
<sarnold> hrm, I think we're still doing lucid support for another 1.5 years :)
<sarnold> dunno how you explain that to a program, but..
<keithzg> Yeah, sadly "An upgrade from 'jaunty' to 'lucid' is not supported with this tool." And then the alternate CD method fails with what looks like https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/572634 (although it's update-manager, and it's jaunty to karmic)
<uvirtbot> Launchpad bug 572634 in update-manager "Offline upgrade from Karmic to Lucid using the alternate CD: The package 'update-manager-kde' is marked for removal but it's in the removal blacklist" [Undecided,Confirmed]
<sarnold> keithzg: try to force dist-upgrade into doing the job?
<smoser> utlemming, ping
<smoser> for https://bugs.launchpad.net/cloud-init/+bug/1212723
<uvirtbot> Launchpad bug 1212723 in cloud-init "cloud-init fails to set user password on Windows Azure" [Undecided,Fix committed]
<smoser> do you consider it bug / regression if user who set password has passwordless sudo
<smoser> on azure
<smoser> currently with the fix i just put in place, that is the case. user set up always has passwordless sudo unless changed via cloud-config.
<smoser> on azure via walinuxagent, if a password is set, they get password sudo
<utlemming> smoser: er, I would have to do some thinking on that...but my first blush is no.
<smoser> i'm not sure how i feel about it.
<utlemming> smoser: if you can SSH with the password, then it stands to reason that you have the password, so requiring it for sudo doesn't really buy you anything
<smoser> well, you can't even necessarily shs in with the password
<smoser> unless you *also* enable password auth
<smoser> or rather disable disablepasswordauth
<smoser> :)
<utlemming> but for azure, if you don't have a public key then you have a password with disables disablepasswdauth
<utlemming> I am inclined to say that the fix you put in place feels right
<patdk-wk> this fix: https://gist.github.com/aras-p/6224951
<keithzg> sarnold: Trying dist-upgrade, seems working fairly well so far; brings back memories ;)
<sarnold> keithzg: hehe, yeah :)
<sarnold> keithzg: I once installed a machine from an old debian disc I had laying around, dist-upgraded to old-stable, dist-upgraded to stable, dist-upgraded to unstable, and then proceeded to have 1000-odd day uptime on the thing. :)
<sarnold> (all those dist-upgrades on the same day, obviously)
<keithzg> sarnold: haha, nicely done
<zul> hallyn_:  its perklating here https://launchpad.net/~zulcss/+archive/libvirt
<hallyn_> zul: ok, thx
<smoser> utlemming, can you verify on precise
<smoser> i thikn that with the currently proposed cloud-init version password will still be ste correctly on precise
<smoser> ie, the backport has always been correct
<jamesh3> Hello everyone - Ubuntu Edge campaign is about 39k off crowdfunding record - Canonical needs your help now http://igg.me/at/ubuntuedge/x/4040308
<Madkiss> roaksoax: the plugin is mostly gone.
<RoyK> jamesh3: it probably won't succeed
<Madkiss> roaksoax: it's unsupported by upstream in 1.1.10+git i think.
<Madkiss> and it should be deleted from the packages.
<Madkiss> roaksoax: I gotta get some rest now, I am scheduled for a flight to SFO tomorrow. Can you send me an email so i can answer synchronously?
<roaksoax> Madkiss: yeah thats what i figured
<roaksoax> Madkiss: will do eill fordward youloll some patchrs
<roaksoax> and dlms pacakging
<Madkiss> ok
<Madkiss> get your cat off your keyboard.
<Madkiss> your typing is not purrfect.
<Madkiss> gn8, ttyl
<roaksoax> lol
<roaksoax> ttyl
<jamesh3> RoyK: its worth seeing what happens when the record is broken though - and you never know what might happen when mainstream media are all over the story (after record is broken).
<RoyK> jamesh3: didn't mean the record - the amount
<hallyn_> zul: test is off and running
<zul> hallyn_:  ack
<hallyn_> hm, zul is gone
<sarnold> hallyn_: zul has returned
<zul> hallyn_:  sorry shitty wireless
<hallyn_> zul: oh.  i had 4 failures from libvirt 1.1.0,
<hallyn_> i'm re-trying with saucy libvirt to see if it's new or not
<zul> hallyn_: ?
<hallyn_> zul: http://paste.ubuntu.com/5990744/
<hallyn_> zul: i'm heading out for awhile, will let you know how the retest goes.
 * hallyn_ out
<zul> hallyn_:  ack
<markthomas_> Hey, everyone.  I've been doing some reading on kernel parameters, and I've seen reference to rootdelay and bootdelay.  I think I get what rootdelay is, but what is bootdelay?
<sarnold> markthomas: boot_delay?
<markthomas> sarnold: not from what I've read.
<sarnold> markthomas: the Documentation/kernel-parameters.txt I've got mentions a boot_delay but no bootdelay
<markthomas> sarnold: is the boot_delay the grub timeout, or something else?
<sarnold> markthomas: boot_delay describes how long to delay printk statements during early boot
<markthomas> sarnold: Hmm.  Okay.
#ubuntu-server 2013-08-16
<hallyn_> zul: same failures with 1.0.6.  Ship it :)
<zul> hallyn_:  coolness
<zul> hallyn_:  ill upload it tomorrow
<hallyn_> i should take a look at waht debian has for qemu right now
<hallyn_> 1.6.0 preview
<jamespage> Daviey, I'm going to add a Conflicts/Provides for the lts-raring openvswitch packages - having both versions installed at the same time does bad things
<Daviey> jamespage: good thinking.. not to mention the current one will fail to install anyway
<jamespage> Daviey, yes
<Daviey> The current one could also conflict with linux-lts-raring
<Daviey> ?
<Daviey> Nah, overkill.
<angusmcgoaway> hi all. Having a stupid issue with bind9 here. Basically i know i must be doing something wrong but can't figure out what. anyway, i added a CNAME record to a zone file contianing other (working) records.. if i do an AXFR on the dns server to list all the records then it shows up with the others but if i try to lookup the domain on the same host it returns nxdomain.
<angusmcgoaway> any ideas?
<maxb> angusmcgoaway: CNAME pointing at a name that doesn't exist?
<angusmcgoaway> maxb: good idea, but it does unfotunately
<angusmcgoaway> maxb: ahhh lol thanks! i missed the domain off the end
<hallyn_> smb: remind me again, why am i looking at xen+nova (per the ubuntu server meeting)?
<hallyn_> oh, am i testing it under 12.04.3?
<stgraber> hallyn_: does that look reasonable? http://paste.ubuntu.com/5992564/
<smb> hallyn_, Not exactly. I wondered whether anybody has a way of testing my ppa:smb/xen
<smb> hallyn_, Some parts of nova depend on xen (well to use xen hosts). Not sure exactly how they get tied in. I believe I heard via xen-api/xcp which I could make no guarantees for atm
<hallyn_> stgraber: no :)
<hallyn_> stgraber: misspelled strndup toward end,
<hallyn_> stgraber: is delta being leaked right now?  (you add frees for it but no strndup)
<smb> hallyn_, So if that is the case (xcp) then testing is probably useless. Except actually to figure out whether it does work at all right now
<smb> (all saucy)
<hallyn_> smb: so testing saucy with your ppa for nova+xen, or even for regular nova+kvm?
<smb> hallyn_, I got nova rebuild in my ppa with the libxen 4.3 in place, so that.
<smb> regular kvm+nova should be totally unaffected
<hallyn_> stgraber: for the overlayfs_mount() one, I really think it'd be better to do "dup = alloca(strlen(bdev->src)+1; strcpy(dup, bdev->src)" due to how many frees you're having to add, and likelyhood of further changes resulting in a new leak
<hallyn_> smb: so i should be choosing a toolstack other than xl in /etc/default/xen I assume?
<smb> hallyn_, With 4.3 both should work, but I guess xcp uses xl anyway
<hallyn_> cool
<smb> hallyn_, The xl stack will use upstream qemu by default now
<smb> hallyn_, Just a general question. Do we have one xen host at least as part of whatever cloud testing we do?
<hallyn_> i assume that doesn't mean i need to change anything
<hallyn_> no idea. psivaa: ^?
<hallyn_> jamespage: ^ ?
<jamespage> smb, not at the moment
<jamespage> we don't have an effective way to deploy xen using juju so its hard to fit it in
<jamespage> smb, zul is the test-bot for xen normally
<hallyn_> stgraber: I'm sorry, I never grepped the whole source.  Would you like me to convert all the remaining strdupas today?
<zul> jamespage:  yeah too bad i dont have the hardware for it this month
<smb> Generally I have it only working with libvirt and xm/xl. I just want to ensure that if this gets uploaded the rest of the world does not explode
<hallyn_> smb: and again by rest of the world you mean openstack on top of libvirt+xm/xl ?
 * hallyn_ back in awhile
<smb> hallyn_, Right, as nova in theory can control xen hosts too
<smb> Just I have that odd memory of it not using libvirt for that (would be too easy)
<hallyn_> (partitioner doesn't want to let me choose a size for the lv root... taking forever to delete lv root)
<stgraber> hallyn_: that'd be great, yes. (with your suggestions it looks like http://paste.ubuntu.com/5992603/, though I believe we've got a couple more in the python and lua binding)
<stgraber> hallyn_: (grepping for strdupa and strndupa)
<smb> hallyn_, IIRC nova -> xcp (open source xen-server) -> xen host. And all packages related to xcp do not compile right now in S (only exist as they got copied over). And that means slightly grumpy smb. :-P
<hallyn_> stgraber: that looks much better, thanks.  pls push taht with my ack, and I'll hit the rest later today
<stgraber> hallyn_: ok, thanks
<hallyn_> hoping to test the multiple-container-start issue on btrfs today.  sounds like btrfs is STILL not safe to use!
<setsuna_> I have two machines 192.168.10.10 and 192.168.10.12 . The machine 192.168.10.12 is the vpn server. i have a route on 192.168.10.10 "route add -net 10.0.0.0/8 gw 192.168.10.12" which allows my servers which are on 10.0.0.0/8 to talk to 192.168.10.10. i was earlier on 10.04 and faced no issues but after upgrading to 12.04 after one or two hours one or two of the servers are not able to access 192.168.10.10 but after a network restart everything works
<setsuna_> fine till another hour and again one or two random servers are not able to ping. thank you.
<hallyn_> all right, bbl
<stgraber> hallyn_: pushed
<hallyn_> thx
<hallyn_> stgraber: hm, looks like ihave some spurious ERROR messaging in ppa right now...  will try to address that when i do strdupas
<stgraber> hallyn_: damn, the new attach code broke bionic even more...
<stgraber> hallyn_: can you think of a replacement for those confstr calls in attach.c? appears to be missing in bionic...
<stgraber> (I'm almost tempted to hardcode /bin:/usr/bin:/usr/local/bin
<stgraber> )
<hallyn_> stgraber: do you want me to revert them for now?
<hallyn_> stgraber: hm, well let's just test for confstr, and if not there hardcode the path
<stgraber> hallyn_: confstr is the only problem now, I solved the others (missing defines/includes), so I should just decide whether I care or I just hardcode a fallback value on bionic
<stgraber> hallyn_: ok, I'll do that then, easy enough
<hallyn_> i doubt even opensuse cares
<hallyn_> but since he went to the trouble to put it in :)
<spidernik84> hi all. Any good alternative to landscape for centralized patch management? Ideally with reporting
<jamespage> adam_g, roaksoax, zul: https://code.launchpad.net/~james-page/ceilometer/august-fixups/+merge/180422
<jamespage> adam_g, gonna test the redux charms now
<jamespage> adam_g, acked all your grizzly branches aside from quantum - rename of branch looked odd to me
<stgraber> hallyn_: oh, now it's lxc-user-nic that needs some help building on bionic ;)
<hallyn_> stgraber: drat
<stgraber> hallyn_: missing sys/socket.h include and you're using getline without using the ifdef magic to use lxc's implementation on bionic and I've got to figure out what to do with getpwuid_r
<stgraber> hallyn_: ah, looks like the answer in other places was "just use the non _r version of those"
<hallyn_> but that's nto thread-safe
<hallyn_> i suppose we could implement our own _r functions with a pthread mutex and using local storage :(
<hallyn_> mind you i'm happy to say "we ignore it on bionic for now" :)
<hallyn_> just sayin'
<stgraber> hallyn_: do we even care about threads in lxc-user-nic?
<hallyn_> lol no
<hallyn_> it will have to be exec'd
<hallyn_> good point
<hallyn_> so yeah drop back there
<hallyn_> now for the #ifdef bionic stuff, should that just go into lxc.h so everyone gets it?
<stgraber> hallyn_: possibly, yeah, I suppose we could regroup them in one place
<stgraber> hallyn_: and finally building again, sent the patchset to lxc-devel
<hallyn_> stgraber: ok thx
<hallyn_> zul: how do you create xen guests?  xen-tools?  by hand?
<zul> hallyn_:  cloud-images should work
<smb> hallyn_, You might use libvirt for HVM guests
<hallyn_> zul: so you'd use https://help.ubuntu.com/community/Xen "manually creating a pv guest vm" ?
<hallyn_> smb: yeah but to create them
<smb> Or cloud-images for PV guest
<smb> hallyn_, HVM guest you can give an iso
<zul> hallyn_:  more or less yes
<smb> hallyn_, just like kvm guest
<hallyn_> ok i'll try that
<hallyn_> thx
<hallyn_> stgraber: hm that's a long set :)  (hasn't all arrived yet)
<stgraber> hallyn_: yeah, 17 patches, some are just one-liners. I probably could have merged some, but I was committing as I was finding and resolving issues
<hallyn_> stgraber: np, all but one acked
<hallyn_> zul: I suppose it's always been this way, but seeing my dom-0 show up in 'virsh list' seems wrong :)
<hallyn_> i... i.. just gotta do it:
<zul> hallyn_:  hehe...it is
<hallyn_> virsh -c xen:/// destroy 0
<hallyn_> shucks.  denied
<smb> hallyn_, Nope when using xm thats always like that
<Daviey> hallyn_: I've always thought this odder... $ sudo killall init && echo wtf
<Daviey> wtf
<hallyn_> Daviey: well, init ignores - doesn't block - the signals right?  so kill succeeds
<hallyn_> try -9
<hallyn_> uh, without sudo :)
<Daviey> $ sudo kill -9 0
<Daviey> Killed
<Daviey> :)
<hallyn_> 0 != 1
<smb> down to basic wisdom now
<Daviey> $ sudo kill -9 1 && echo $?
<Daviey> 0
<sgran> sure, you sent a signal successfully
<hallyn_> eh, i suspect it does make sense, but am not gonna go look into it now :)
<sgran> did init die?
<sgran> just because you sent it successfully doesn't mean the application processed it the way you think
<Daviey> sgran: Well no, but i am saying i've always considered it a funny thing
<sgran> init has to be special.  It is a bit funny, but it makes sense
<Daviey> sgran: I do know this. :)
<sgran> ok :)
<hallyn_> stgraber: can you let me know when yor'e done pushing to git?  I want to remove the two error msgs but i don't want to make you have to rebase your patches :)
<hallyn_> stgraber: actually i just sent the patch to the list, can you toss it in your set?
<TimR> can anybody tell me tell me how to get Linksys USB100TX usb adapter to work on ubuntu 12.04.2lts
<stgraber> hallyn_: replied to your comment, do you see an actual problem if rand() is hit by a race with the current code? AFAICT if that happens, it'll just get seeded with some new data from urandom which should actually make it better.
<hallyn_> stgraber: yeah i'm not sure, i did wonder that, but wasn't sure
<hallyn_> so if rand_r doesn't exist in bionic then we can risk it.  if it is then it seem sworth converting
<stgraber> hallyn_: I just said in my e-mail, none of the usual _r functions exist in bionic ...
<hallyn_> damn android
<hallyn_> k got your email
<stgraber> hallyn_: well, at least they solved a few stupid bugs recently
<hallyn_> in their own code you mean?
<TimR> its showing linksys usb 100tx ethernet pegasus 0066:2203
<hallyn_> smb: well i can do 'virsh -c xen+ssh://serge@$ip list' that works, but virt-manager connecting the same way seems to hang.
<jamespage> Daviey, got a 'that should work' from upstream openstack on the approach to providing dkms packages for openvswitch
<ribo> anyone having this issue on new EC2 instances: error: unexpectedly disconnected from boot status daemon
<ribo> using AMI ami-11b32021
<hallyn_> smb: well...  doesn't seem to be working.  even manually creating a guest with the PV instructions from https://help.ubuntu.com/community/Xen fails, and when I try to start a vm i defined in libvirt I get:
<hallyn_> error: POST operation failed: xend_post: error from xen daemon: (xend.err "Boot loader didn't return any data!")
<hallyn_> (i did create a /usr/bin/pygrub link)
<hallyn_> jamespage: hey (if you're still around) did you get a chance to straighten out iscsitarget?
<hallyn_> gonna guess not based on feb changelog entry
<hallyn_> ah but it's in precise-proposed, good good.
<bitbyte> hey guys i accidentally canceled a mv command
<bitbyte> is there any way to get the data back
<sarnold> it should all be there; the source files aren't unlinked until the destination files are closed. it might be a mess to clean up, but ought not be terrible.
<bitbyte> i literally canceled it like a second after
<bitbyte> only had chance to make 5 folders, so how would i go about cleaning it up
<sarnold> bitbyte: remake those directories in the source, mv those files back to their original locations
<sarnold> you might be able to do something like mv -i <original destination> <original source> -- but I think I'd just move files one directory at a time
<bitbyte> right so these were some folders holding audio files. so all i need to do is remake the parent directories and run the same command in reverse
<bitbyte> oh this is going to be messy :/
<bitbyte> orignal command was : bitbyte@usbc01:/$ sudo mv /media/server2012/Music/* /media/sdb2/music
<bitbyte> and if only some of the directories were made i.e. 5 or 6 and no files copied over then i guess might be a bit took messy
<bitbyte> ah well iTunes will have some way of downloading it again :/
<bitbyte> in the mean time any one know how to install ms-sys
<maxb> bitbyte: When mv is copying cross device I think it doesn't start deleting until it has copied everything. You'll want to verify, of course, but it should be trivial to check (e.g. with 'diff -rq') that there are no files in the destination which are not also still present in the source
<bitbyte> so if i diff -rq /media/server2012/Music i should be able to check
<jamespage> hallyn_, I did indeed
<hallyn_> jamespage: \o/
<LargePrime> Dear Server gurus.  I need to ban a bunch of ips from hitting my server
<LargePrime> is there a tool i can just add ips to a file and they will be added to iptables as drops
<hallyn_> i'd just whip up an upstart job and an add-ban script;
<LargePrime> =.=
<hallyn_> add-ban adds the ip to a file and runs iptables to dro pit;  upstart job loops over the file and drops all the ips therein
<LargePrime> ok so not skilled for that
<bitbyte> maxb: the diff -rq command keeps saying inputs wrong
<hallyn_> add_ban: #!/bin/sh\necho $1 >> /etc/banned-ips\niptables -A input -s $1 -j DROP
<LargePrime> hallyn_: care to spoon feed me?
<jamespage> LargePrime, have you tried fail-to-ban?  I use that on one of my servers
<LargePrime> adding it now
<LargePrime> but i not see how i can jsut paste a list of ips and get thoes banned
<jamespage> fail2ban rather
<hallyn_> /etc/init/banips.conf:Description "ban ips"\nAuthor "me"\nstart on runlevel [2345]\n\nscript\n
<hallyn_> ^ try fail2ban :)
<uvirtbot> hallyn_: Error: "try" is not a valid command.
<hallyn_> shutup bot
<hallyn_> LargePrime: fwiw you would do 'for p in ip1 ip2 ip3 ip4; do add_ban $p; done'
<jamespage> fail2ban also allows you to add IP's manually
<jamespage> as well as doing clever auth fail stuff
<LargePrime> i saw the auth.log autoban
<LargePrime> hallyn_: i need a smaller spoon
<hallyn_> LargePrime: and fwow the upstart job script would just do cat /etc/hosts | while read line; do iptables -A input -s $line -j DROP; done
<hallyn_> LargePrime: go with jamespage's suggestion
<bitbyte> any one any ideas about recovering files from a cancelled mv command ? diff -rq hasn't done anything
<bitbyte> and the source files haven't been copied to destination
<LargePrime> jamespage: how do i manualy add ips?
<hallyn_> stgraber: were you going tp push your bionic-compile-fix patchset today?
<smb> hallyn_, fwiw PV and libvirt never worked for me. For PV guests I use cloud-images and pvgrub not pygrub (not that we ship the former)
 * smb crawls back under some stone
<hallyn_> smb: drat
<hallyn_> and zul is gone
<hallyn_> smb: but i've not gotten guests to start even with pv.
<hallyn_> though yes that was with pygrub
<hallyn_> (and i stopped around 1pm when the sun hit that box too hard - i'll try again tonight)
<jkitchen> anyone know how to make apt-cacher-ng allow certain extra things through? I'd like to use it during preseed but when apt-setup tries to grab the specified key for a repo I'm adding apt-cacher-ng won't let it through and the install fails
<adam_g> jamespage, those 3 issue you ran into with the python ports should be fixed now.  nova-compute now ensures its OVS agent config has an IP address, and that solves the issue for me so far.
<Sam___> hello
<Sam___> is anyone here to give help
<genii> !details
<ubottu> Please give us full details. For example: "I have a problem with ..., I'm running Ubuntu version .... When I try to do ..., I get the following output: ..., but I expected it to do ..."
<jkitchen> don't ask to ask just ask
<twoface88> looking for mentor ...
#ubuntu-server 2013-08-17
<styol> Hey there. I am performing some benchmarks against an Ubuntu 12.04 server that is load balancing requests using HAProxy and I'm having trouble identifying the source of connection resets being returned to the client during these high concurrency benchmarks. Any recommendations on where one might be able to start isolating the source of this issue or anything worth examining further?
<jkitchen> styol: tcpdump should help out a lot
<styol> jkitchen: gotcha, is there something specific that should be isolated from the output? This honestly goes a bit past my common duties and abilities in system administration ;)
<jkitchen> I would argue that it's well within your DUTIES :)
<jkitchen> tcpdump is magic.
<styol> -duties haha
<styol> i suspect sorcery
<jkitchen> tcpdump's syntax is a bit weird but you can get some pretty basic things
<jkitchen> http://danielmiessler.com/study/tcpdump/
<jkitchen> Show me all RESET (RST) packets...
<jkitchen> # tcpdump 'tcp[13] & 4!=0'
<styol> jkitchen: <3 is this output each RST?
<jkitchen> yes
<styol> this seems to be more than the benchmarks are reporting which is interesting
<styol> guessing just a sample might do? its quite a bit
<jkitchen> you can also filter it further
<jkitchen> yea
<jkitchen> you can take the output of tcpdump and feed it through something like wireshark too to do offline analysis
<styol> jkitchen: http://pastie.org/private/zmznqsftxeouqrgavpg0g i will keep reading the url you provided also, much appreciated
<styol> i definitely need to work on my tcp/ip chops. Been doing too much high level programming that hides a lot of this awesomeness from me
<dissected> hello
<styol> jkitchen: ok so one kind of interesting thing about this output is port 8097 is actually a health check being performed by haproxy as opposed to the servers being load balanced
<styol> and it actually seems to output a bit more than 5 servers x 3 second intervals
<styol> the http-alt's are the servers being load balanced
<styol> i suppose the 3 second interval specification isn't applicable to this haproxy configuration option
<axisys> how to remove all the desktop packages from the server ?
<axisys> two servers 12.04 LTS 64bit .. one has 480 pkgs and the other one (+desktop) has ~1600 pkgs
<axisys> I see lots of graphics there too
<axisys> I wish there were a aptitude remove ubuntu-desktop
<sarnold> axisys: apt-get purge some of the 'base' graphics packages, like gtk libraries or X libraries -- and copy-and-paste the names of packages that require the candidate package?
<sarnold> axisys: if you want them identical, you could use dpkg --get-selections and --set-selections, or whatever they are, but that seems riskier to me.
<axisys> sarnold: yep, that might be riskier..
<axisys> removing lots of manually
<axisys> dpkg --get-selections | awk '/^xserver/ {printf "%s ", $1}' gave me a good list.. I guess I could sudo aptitude purge infront of that output
<sarnold> axisys: deborphan can be helpful to find and cleanup remnants..
<axisys> new to me
<sarnold> it'll be more useful once you've removed a few hundred packages :)
<axisys> unity compiz.. wow!
<dissected> question for the routing/firewall gurus
<dissected> running three interfaces on the same box (dedicated router/firewall), bridged wlan0 to eth0 to LAN, eth3 to cable modem and eth2 to LAN, running hostapd and dnsmasq, all devices receive DNS and DHCP replies correctly but only the wired connections on the LAN will get forwarded
<dissected> out eth3 that is to the internet
<dissected> when I move the cable modem to another machine on the LAN and use that as the router, the wireless devices will get fowarded just fine, just not when everything is in the same machine
<dissected> hopefully that is a coherent explanation
<sarnold> dissected: how's /proc/sys/net/ipv4/conf/*/forwarding look?
<sarnold> does everything have a '1'?
<dissected> sarnold, hold on
<dissected> sarnold, I'll check
<dissected> sarnold, the machine is starting up I'll ssh in shortly, my goal is to have the wifi card send everything out via the eth0, so it should be coming back in via eth2 and get forwarded along with everything else on the LAN
<sarnold> dissected: oooh. you might also need to fiddle with the accept_local file in the same directories..
<dissected> sarnold, might I need to somehow isolate wlan0, br0, eth0 better?
<sarnold> dissected: hrm, dunno :/
<sarnold> I've never run a system quite that complicated before :)
<dissected> sarnold, there's not a lot of documentation/postings online for this sorta problem
<styol> jkitchen: now i get that you were just pasting the label for that output and not necessarily asking that I "Show [you] all RESET (RST) packetsâ¦". That being said, me not entirely sure where to go from here with the resets that are being captured
<dissected> sarnold, that's why I'm in here
<sarnold> dissected: indeed, no :)
<dissected> sarnold, Once I get it to work I might write something up and post it on a wiki somewhere, or something
<sarnold> dissected: please do :)
<dissected> sarnold, everything else works like it should, it's just for some reason the wireless devices won't get forwarded if the AP and gateway are the same machine
<dissected> sarnold, you may have pointed me in the right direction though
<sarnold> dissected: oh? find something intersting?
<dissected> sarnold, it's probably a simple switch somewhere
<sarnold> dissected: that's my hope. finding it might be difficult though. I know I've fought both those switches before, which is why I was quick to offer them :) hehe
<dissected> sarnold, yeah
<dissected> sarnold, I also want to get another wifi card, setup a proxy to another network, because my neighborhood is blanketed with free wifi from a local isp
<dissected> sarnold, so I'll set software updates, long downloads, torrents, etc to pull from that one, so they don't interfere with my connection
<axisys> sarnold: got rid of 400.. still 1238 total
<sarnold> dissected: cool, sounds like a fun project :)
<sarnold> axisys: oof. :) well, a bit every day...
<dissected> sarnold, I've had some extra time on my hands lately
<axisys> sarnold: how does deborphan work? I should check it out
<axisys> hmm .. some package remove says it will remove ubuntu-minimal as well.. oops
<axisys> found it debconf-i18n.. odd
<sarnold> axisys: deborphan suggests packages that were installed to satisfy a dependency, but are no longer needed
<sarnold> it isn't always right :)
<sarnold> sometimes you do still want the package; but it's helpful.
<sarnold> axisys: the 'orphaner' front-end is nice
<sarnold> you select some, hit 'simulate', and then it presents a new list to you for you to add more packages
<thurstylark> I'm setting up a vps, and my provider only will support clean installs of ubuntu server up to 11.04. What method do you recommend to get me to 12.04?
<sarnold> thurstylark: probably install 10.04 and use do-release-upgrade
<sarnold> thurstylark: it might be worth asking them why they are so old.. there might be a good reason why they don't offer newer, and you might be better off choosing a different provider
<thurstylark> sarnold: I tried that, but whatever build they have to image on their vps doesn't have upgrade-manager-core installed already, and when i go ahead and install it and do do-release-upgrade, it fails out on one of the package installs and doesn't continue.
<thurstylark> sarnold: i just might do that :/
<sarnold> thurstylark: you could just try a blunt apt-get dist-upgrade, but it may fail for the same reasons, or fun and exciting different reasons.. :)
<sarnold> it seems needlessly awkward to not just install the specific distribution you want in the first place. something seems fishy. :)
<thurstylark> once i install (and then run updates ofc) the dist-upgrade option has nothing else to offer me.
<thurstylark> Also, I agree.
<sarnold> thurstylark: you'd replace 'lucid' with 'precise' in your /etc/apt/sources.list file, then apt-get update, then apt-get -u dist-upgrade
<sarnold> (worth a shot if the alternative is throw the whole thing away and move elsewhere, but more work than it could be..)
<thurstylark> sarnold: I'll file that away in my brain for future use if I need it. For now, it seems that the support group is willing to install a non-listed OS if I ask them to, so, I'm gonna try that.
<sarnold> thurstylark: oh, nice.
<hallyn_> zul: so you're able to just virsh -c xen:/// define somexen.xml and then start it?  do you use pygrub?  do you have a sample xml you can pastebin
<hallyn_> ?
<zul> hallyn_:  actually i just create an hvm domain in virt-mangaer and let it be done with it
<hallyn_> zul: hm, i can't connect from a remote host from virt-manager
<hallyn_> i can list with virsh,
<hallyn_> but virt-manager hangs.  (from saucy to saucy)
<zul> hallyn_:  hmm..
<zul> weird
<zul> ill have a look monday...going to disapear for tonight
<hallyn_> well i guess i should back out smb's ppa.  it *could* be cuaing trouble
<hallyn_> zul: have a good weekend
<axisys> sudo /etc/init.d/foo.pl start; works fine.. but does not start at reboot since /usr/local/bin/placker is not in PATH
<axisys> if I add the path in foo.pl it solves.. is there a better way to fix the PATH issue?
<axisys> I was hoping system would find stuff in /usr/local/bin by default
<axisys> 12.04 LTS server
<axisys> where do I add comment like this? I want to see my process started OK
<axisys>  * Starting OpenSSH server                                               [ OK ]
<kasad> guys can I get some assistamce.  have to install ubuntu 8.04 LTS from a flashdrive
<kasad> setup starts, but then it says that installation cd-rom couldn't be mounted
<kasad> I found somewhere that there is workaround, that I could mount proper flash drive partition as /cdrom and setup would continue
<kasad> but I don't know how to figure out which is correct flashdrive partition
<Senor>  I am trying to install systemtap on my ubuntu server ,which is of precise version .as you know systemtap need dbgsym installed ,bu I can not find bdgsym package for precise version anywhere .
<Senor> who is farmiliar with ubuntu `precise version ?
<MraMra> hi is this good enough for a minimal working desktop environment with lxde on a fresh _basic ubuntu server_  to be run remotely with xrdp as server and   remmina as client? : 'sudo apt-get install --without-recommends lxde-core && sudo mkdir /usr/share/backgrounds && sudo update-alternatives --config x-session-manager'
<MraMra> 'sudo aptitude install --without-recommends...' i mean
<Orfeous> hi everyone! is it possible to move the physical harddrive from computer 1 (x86) to computer 2 (x64). harddrive is current running latest ubuntu 12.10 x86
<Patrickdk> orfeous, only if you have a way to plug in physical harddrive and a way to power it
<LargePrime> hey all.  my server is telling me that / is 85% full
<LargePrime> but /home has 100 GB free
<LargePrime> what can be taking up space in /
#ubuntu-server 2013-08-18
<LargePrime> now it is at 92%
<qman__> literally anything
<qman__> do you have separate /var or /boot? if not, sudo apt-get clean and then uninstall any old kernels you're not using
 * patdk-lap bets /tmp
<patdk-lap> but ya, /var is likely also
<qman__> I thought /tmp was a tmpfs out of the box
<patdk-lap> nope, that could be really evil really fast
<LargePrime> http://paste.ubuntu.com/5997863/
<LargePrime> what does the 15G in . mean
<LargePrime> sorry for my ignorance
<whaley> LargePrime: 15 gigabytes
<LargePrime> that is a result of 5:/var# du -h --max-depth=1 | pastebinit
<LargePrime> so var is taking the space
<whaley> LargePrime: looks like lib, mostly
<whaley> oh, sorry, you are in /var
<LargePrime> http://paste.ubuntu.com/5997868/
<LargePrime> thats /var/lib
<LargePrime>  it seems /mysql has 10GB
<qman__> you have over 3.5GB of logs, which is a lot
<qman__> suggest cleaning that up unless you need them
<LargePrime> ok thanks
<qman__> er, 3.3GB
<patdk-lap> heh, du -shc *
<patdk-lap> normally gets good results :)
<LargePrime> http://paste.ubuntu.com/5997887/
<LargePrime> math dont work on last one?
<LargePrime> or am i not seeing something
<qman__> there is 9.9GB used in that directory, not any of the subdirs
<qman__> see the last line
<LargePrime> ibdata1 is 8GB
<LargePrime> i see
 * patdk-lap hugs his 2tb of logs
<LargePrime> ok so now to tackle shrinking ibdata
<patdk-lap> good luck with that
<patdk-lap> ibdata doesn't shrink
<LargePrime> so i am reaading
<LargePrime> why do you keep sp many logs?
<LargePrime> so*
<LargePrime> apparently 5.6 of mysql no longer has this ibdata  size issue
<LargePrime> is it worth upgrading to 13.04
<patdk-lap> hmm, well, I collect about 5gigs of logs a day (after gzip)
<patdk-lap> need to keep enough logs for compliance
<patdk-lap> some days it can get up to 10-20gigs
<qman__> I stick to LTS releases unless I need feature support
<qman__> or in the case of my laptop, trying to get flash to work
<qman__> it still doesn't, btw
<patdk-lap> flash to work?
<qman__> yeah, as in youtube and whatnot
<patdk-lap> never had an issue
<qman__> it absolutely refuses, 12.04, 12.10, 13.04
<patdk-lap> just use chrome :)
<qman__> I am
<patdk-lap> but I haven't had an issue in firefox
<qman__> chromium, specifically
<patdk-lap> no, chrome
<patdk-lap> must different :)
<patdk-lap> chrome has it's own built in flash
<qman__> it works great on my desktop, which is 64-bit
<patdk-lap> it doesn't use adobe's
<patdk-lap> chromium uses adobe's
<qman__> I've tried both adobe flash and pepper flash
<patdk-lap> as does firefox
<qman__> neither work
<patdk-lap> I'm using adobe flash, has worked fine for me
<qman__> 64-bit?
<patdk-lap> yep
<qman__> because this laptopt is 32-bit
<patdk-lap> it's always been more broken on 64bit
<qman__> works fine on all my other 64-bit systems
<patdk-lap> heh
<patdk-lap> a 32bit only laptop? that is old
<qman__> and it used to work, it just stopped one day
<qman__> yep, pentium 3
<patdk-lap> oh, that isn't old
<qman__> 1033MHz, 768MB
<patdk-lap> that is well, suprising it works
 * patdk-lap hugs his quadcore laptop :)
<qman__> these are great because they're about $100 to replace and nigh indestructible
<patdk-lap> and only about 60lb :)
<qman__> plus I just installed a new wireless card, awesome range
<patdk-lap> you want my kaypro ][ ?
<qman__> nah, I've got big blue
<patdk-lap> still can't believe the kaypro is a *laptop*
<qman__> just got this guy: http://www.amazon.com/gp/product/B006JWMOOI
<patdk-lap> have one of them, it is unstable for me, works fine for a few hours, then just dies
<qman__> ran it all day today without a problem
<eropple> Hey there. I have an Ubuntu 13.04 machine with Linux softraid (known working) and I'm trying to use a RAID device as an LVM volume. It's being about as helpful as you'd expect; lvcreate is yelling at me about "Failed to wipe start of new LV." dmesg isn't showing anything interesting, even running lvcreate with -vvv it's not giving me any explicit clues as to what's going on, and Google isn't helping. Anybody have any suggestions?
<eropple> Passing -Z n allows me to create the LV, but I then can't create a snapshot, making it less-than-useful.
<sometwo> I enabled cachefs for my nfs mount yesterday. And today I noticed that things started to stall a lot. dmesg says CacheFiles: Error: Overlong wait for old active object to go away.
<sometwo> Is there any way to resolve this? Using a newer kernel?
<sometwo> Perhaps cachefs is just too unstable to be usable at all.
<tcb^ll3r> hi
<tcb^ll3r> how do I set the default umask for a users?
<tcb^ll3r> crickets
<patdk-lap> crickets don't use umask
<tcb^ll3r> ha
<tcb^ll3r> glad i'm not the only person in here on saturday night
<patdk-lap> sat night?
<patdk-lap> it's sunday morning
<jkitchen> sat night here.
<patdk-lap> people live in the wrong timezone
<jkitchen> this is likely true
<jkitchen> UTC is the only timezone
<tcb^ll3r> any thoughts on the umask thing?
<patdk-lap> set it in profile or pam
<patdk-lap> really so many places to set it, and you didn't specify what for
<tcb^ll3r> i need to set the default umask when a new user is created. do i set .profile || .bashrc in skel for that?
<tcb^ll3r> when my sftp users create a file, it has the wrong perms
<patdk-lap> then you want to set it for sftp
<patdk-lap> sftp doesn't run in a shell, so setting it in a profile won't help
<patdk-lap> it's documented, use google
<tcb^ll3r> oh  per daemon setup
<tcb^ll3r> i'm pretty noobish
<tcb^ll3r> :(
<tcb^ll3r> i'm trying though
<tcb^ll3r> ahh, yes that would seem obvious setting shell umask in shell profile...
<tcb^ll3r> hello my name is durp
<tcb^ll3r> so, i would need to set umask for root user since sftp daemon runs under root? any thoughts on that?
<patdk-lap> no
<patdk-lap> seriously, google
<patdk-lap> http://serverfault.com/questions/70876/how-to-put-desired-umask-with-sftp
<patdk-lap> yandex, bing, whatever you want, just type in, sftp umask
<tcb^ll3r> i did. it just seems like there are a few options. I just wanted some opinions.
<patdk-lap> that are LOTS of ways to do it
<patdk-lap> pick one
<patdk-lap> I can't tell you, this way will solve all your issues
<patdk-lap> each option is different
<tcb^ll3r> alot of the time the stuff i find is applicable to other distros, hence the reason i am here. I have ubuntu.
<tcb^ll3r> i have ubuntu(s)
<tcb^ll3r> looking at the link you provided, i will have to learn some new stuff about subsystems. Thanks for pointing me to that.
<tcb^ll3r> I had another question. How important is the group that each user belongs to that has that users name? Is this just to have that group on their .profile , and other config files? Do I need it?
<Gr3mlin> gidday guys, anyone able to help with a SSH issue im having?
<Gr3mlin> trying to set up auth key, but after googling for a few hours and trying multiple times, i run into an issue when attempting contection, "Server refused our key"
<Gr3mlin> i've googled the fault and tried many 'FIXES' and still cant connect.
<morph> hey guys. I just set up some partitions on a server as GPT
<morph> now I need to install ubuntu on it. (this is a remote server. no physical access) how do i do this?
<mhzarei> Hi, I make a new vpn connection by make a new file in /etc/NetworkManager/system-connections/vpn1 . When I use ' sudo nmcli con up id vpn1' to up connection, this error occurred: Error: Unknown connection: vpn1.
<Gr3mlin> trying to set up auth key, but after googling for a few hours and trying multiple times, i run into an issue when attempting contection, "Server refused our key"
<Gr3mlin> <Gr3mlin> trying to set up auth key, but after googling for a few hours and trying multiple times, i run into an issue when attempting contection, "Server refused our key"
<Gr3mlin> ANYONE!? please! im about to go through the stupid ubuntu box our a moving vehicle.
<resno> Gr3mlin: ?
<Gr3mlin> <Gr3mlin> trying to set up auth key, but after googling for a few hours and trying multiple times, i run into an issue when attempting contection, "Server refused our key"
<Gr3mlin> *hugs resno
<resno> are you using the pub key?
<Gr3mlin> indeed.
<resno> on the sever
<resno> are you connecting with the right user also?
<Gr3mlin> pub on the server like every tut says, and private on the windows system
<resno> oh, your using windows
<resno> you're
<resno> putty?
<Gr3mlin> yup! please dont tell me its putty.
<resno> i dont know anything about putty
<resno> have you specified the key in your connection on putty?
<Gr3mlin> I tried heaps of the things google suggests with now avail. im ready to 'pull out my nine and place bullet in each of the servers.'
<Gr3mlin> yeap.
<resno> what do your server logs say?
<Gr3mlin> putty said that it
<Gr3mlin> right now, they arent saying alot. i sort of had a little hissy fit and sudo rm -rv /* but its almost installed
<Gr3mlin> *thought i would start again from scratch* and have alittle funny while doing it. ;B
<resno> uh huh
<Gr3mlin> server is running on a VM until i get it going. easier to kick.. then i can just replicate it when i do get it going
<resno> did you put the pub file in the right location and name the file correctly?
<Gr3mlin> pub went into ~/.ssh where the key was appended to authorized_keys. authorized_keys was checked to be one line. which it was, it was then chmod'd to 600, in /etc/ssh/sshd_config, line #Auth file was un commented out. and read %h/.ssh/authorized_keys
<resno> did you upload the complete pub file?
<resno> it should end with an = and your computer name
<resno> when checking on the server
<resno> ok, so tail -f /var/log/auth.log and then try to login using the private key
<Gr3mlin> i started again, before i do any editing have to go a good link to a step by step i can follow?
<resno> whyd you start again?
<Gr3mlin> cos i deleted root, right im in.
<Gr3mlin> i mean, the servers up, not im in*
<Gr3mlin> OK, tail reported Failed publickey for test from *LAN_IP* port ssh2
<maxb> You might try running a debug mode sshd on a separate port and seeing what it says when you try to connect to it('/usr/sbin/sshd -ddd -e -p 2222')
<maxb> I would say that focussing on tutorials and step by steps is generally the wrong approach to getting computers to do what you want. Much better to pursue understanding than recipes - that way you don't get utterly stuck when you want to do something a bit different.
<Gr3mlin> im thinkin its not worth the flippin hassle, i just thought it would be easier if i could remotely administrate me server when im not home. but this is proving to be stupidly difficult.
<bekks> maxb: How do you get to know what a computer is actually doing if not even knowing what the software does, when not reading a manual, to get to know what the software is intended to do?
<bekks> Gr3mlin: Administering a server remotely is most likely done by using SSH
<Gr3mlin> bekks: i know, thats what im setting up, ssh access using keys instead of password access..
<bekks> Gr3mlin: thats pretty easy. where are you stuck at?
<Gr3mlin> Server refused our key
<Gr3mlin> bekks: i've googled the pants off it.
<bekks> Then you didnt add the key to the authorized_keys file.
<Gr3mlin> if i vi ~/.ssh/authorized_keys i get me key.
<bekks> On the server or on the host?
<maxb> I did give you a suggestion for running a debug mode sshd above..... might tell you something useful
<bekks> And which key (public or private) did you enter there?
<Gr3mlin> on the server, the host is putty on a windows system
<Gr3mlin> public key bekks
<bekks> Gr3mlin: putty can act as ssh server.
<Gr3mlin> what i totally missed that maxb
<bekks> So your server is Ubuntu, and your client is putty?
<maxb> < maxb> You might try running a debug mode sshd on a separate port and seeing what it says when you try to connect to it('/usr/sbin/sshd -ddd -e -p 2222')
<bekks> *cant
<Gr3mlin> affirm
<bekks> Check the sshd_config wether publix key auth is even enabled.
<Gr3mlin> server is running ubuntu server 12.04, OpenSSH. connecting via a windows system running Putty
<Gr3mlin> sshd_config PubkeyAuthentication yes, AuthorizedKeysFile %h/.ssh/authorized_keys
<maxb> People usually do not need to customise the AuthorizedKeysFile value
<Gr3mlin> so leave it commented out?
<Gr3mlin> sshd debug said key is not allowed?
<maxb> Yes. It does seem to be the one thing you've mentioned doing differently to what most people do - even if it *shouldn't* matter
<maxb> It does sound a lot like the content of your authorized_keys file is incorrect
<maxb> You should pastebin both the authorized_keys content and the debug log
<maxb> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<bekks> Gr3mlin: Which user are you using to connect to your server?
<Gr3mlin> which am i using to connect to the SSH server? what do you mean? Putty?
<bekks> No. You have users on your server, which one do you use to connect?
<Gr3mlin> test
<Gr3mlin> its a VM test server before i configure the real server.
<bekks> So you added the public putty key to the authorized_keys file of "test"?
<Gr3mlin> so im SSH key file is in /home/test/.ssh/auth^keys
<Gr3mlin> yes that is correct.
<bekks> Try commenting "AuthorizedKeysFile" to "#AuthorizedKeysFile" in the sshd_config and restart the sshd service.
<Gr3mlin> already did when Maxb mentioned it.
<maxb> < maxb> You should pastebin both the authorized_keys content and the debug log
<bekks> Did you create a public key for test, add the public key to the authorized_keys, and try using ssh like: ssh test@localhist ?
<maxb> Otherwise we're just needlessly blind
<Gr3mlin> ok, on there way maxb
<Gr3mlin> heres the auth key auth^key: http://paste.ubuntu.com/5999285/
<bekks> Erro detected.
<maxb> indeed
<bekks> Missing s at the beginning. It has to be ssh not sh ...
<Gr3mlin> sorry, thats my bad, i must o deleted it when i passed it. i just rechecked. definately says "ssh-rsa blabla
<Gr3mlin> sorry, thats my bad, i must o deleted it when i passed it. i just rechecked. definately says "ssh-rsa blabla"
<Gr3mlin> i cant get debug to output to file. what am i missing?
<bekks> You missed to copy the entire public key.
<bekks> It is missing the host identification at the end.
<maxb> That does not matter
<maxb> What follows is merely an informational comment, only relevant to humans reading it
<Gr3mlin> this is the exact key copied off of PuTTy key gen : http://paste.ubuntu.com/5999299/
<maxb> ok, and the debug logs?
<Gr3mlin> this might be a dumb question maxb but does debug output to a log file? if so where?
<maxb> no, it outputs to stderr
<maxb> You could, of course, redirect it
<Gr3mlin> i typed > filename and it looked at me like a dear in headlights.. blank.
<Gr3mlin> oooppps.
<Gr3mlin> ok here it is. http://paste.ubuntu.com/5999336/
<bekks> Wrong permissions on .ssh and the files in there.
<bekks> Pastebin ls -lha /home/test/.ssh/ please
<Gr3mlin> auth^keys is ment to be 600 and .ssh ment to be 700?
<maxb> debug1: Could not open authorized keys '/home/test/.ssh/authorized_keys': Permission denied
<maxb> Seems highly relevant
<maxb> I suspect you've got the file/directory owned by root, not test
<Gr3mlin> thats correct.
<maxb> No, that's incorrect :-)
<bekks> Thats the cause of your error.
<Gr3mlin> http://paste.ubuntu.com/5999343/
<Gr3mlin> i saw i set that to test.
<Gr3mlin> or was that before a re-installed..
<bekks> Reinstallation has nothing to do with it.
<ikonia> just change the onership of the permissions to the correct user
<Gr3mlin> bekks: i mean ubuntu server.
<ikonia> just change the onership of the permissions to the correct user
<bekks> Gr3mlin: Me too. Just change the ownership to test:test as ikonia suggests.
<Gr3mlin> bekks, yeah, know i have
<Gr3mlin> thanks guys for the help! im gonna go dream about stupid things like this now ;S
<sometwo> So, I upgraded to a 3.8 kernel and my fscache stalls seem to have disappeared. However, it doesn't seem like fscache is actually doing anything. The cache is currently taking 50 MB of space, stats show "Lookups: n=210 neg=207 pos=3 crt=207 tmo=0" and "Retrvls: n=2635 ok=0 wt=5 nod=2635 nbf=0 int=0 oom=0" which doesn't look good. Is there anything I have missed in my configuration?
<baniir> how do i determine what a safe nofile limit is; i see examples setting 65535, 32768, â¦ without explanation
<bekks> baniir: You need to know the maximum number of open files of your applications.
<bekks> And the nofile count has to be higher than that.
<baniir> bekks: thanks. in this case, open files are network sockets that raise with traffic. i can't raise it indefinitely
<patdk-lap> 3million :)
<MraMaria> Hi. Using a fresh and updated 'basic Ubuntu server' 'OpenSSH server', '$ sudo apt-get install LXDE' and  remotely desktop controlling with XRDP (as server) (and Remmina as client on the other computer) (The desktop environment only starts if i connect to the XRDP server).
<MraMaria> I'm having problems on locales and input method. Following the info at http://wiki.lxde.org/en/Ubuntu the "Configuration for locales and input method" doesn't apply to this installation in none of the "login managers". Could you please help me on this....
<MraMaria> Just found and i'm reading http://wiki.lxde.org/en/Change_keyboard_layouts . I don't know yet if it helps
<Rapid2214> Hey guys, in centos it is possible to set the hostname from DHCP, however I cannot find a way in ubuntu. Anyone got any ideas?
<ikonia> Rapid2214: works the same way in ubuntu - it's just a dhclient parameter
<ikonia> Rapid2214: in the config you tell it what information to get from the dhcp server, hostname is just one varible/option
<Rapid2214> Ok, I will take a look - Thanks
<Rapid2214> Do you know what config file in centos makes this happen by default?
<Rapid2214> I see request in Ubuntu, but nothing is done with this information
<sometwo> Is anyone using the cachefs?
<palomer> if I ping my public ip address, is it the same thing as pinging localhost?
#ubuntu-server 2014-08-11
<chriys> is it worth to protect something else than ssh using fail2ban
<chriys> ?
<chriys> hey guys I got this error when I try to log in ssh Write failed: Broken pipe
<chriys> does someone has an idea on how to fix that error. I get it when I try to log in ssh /bin/bash: No such file or directory connection xx.xx.xx.xx closed
<axisys> whats the recommended way to fix the *** glibc detected *** ... munmap_chunk(): invalid pointer: 0x00007fb46a278460 *** ?
<axisys> ssh to remote host fails, apt-get update fails .. on 10.04.4 LTS
<axisys> its failing since AUg 5
<axisys> Aug 5
<axisys> 2014-08-05 06:28:47 status installed libc6-dev 2.11.1-0ubuntu7.14
<chriys> I'm back I disable the chroot jails. does someone has a link for chroot jail that also allow ssh an sftp login ?
<FrEaKmAn_> hi all
<FrEaKmAn_> every week I want to backup for files (tar them) and delete them
<FrEaKmAn_> my idea was to use cron to call a script to handle everything
<FrEaKmAn_> I can easily specify which folder to backup, but while it's doing it, the folder changes
<FrEaKmAn_> what would be the best way to delete only the files that I put into archive?
<FrEaKmAn_> to delete only files where date created < date of script run?
<FrEaKmAn_> or to somehow get a list from tar and delete those files?
<kklimonda> FrEaKmAn_: you can get a list of files from tar, or move the files to be backed into another dolder and do backong up from there
<DarkStar1> Morning all
<lordievader> o/
<DarkStar1> I need help as to finding out whether or not I have fixed the issue of my smtp relay HELO-ing as localhost.local domain, as it doesn't receive andy emails and just sends how can I test this?
<miceiken> telnet
<DarkStar1> miceiken: according to CBL TELNET will not show the banner
<miceiken> hm
<DarkStar1> brb
<gnaddel> Hi there, I have a problem with a cifs mount on ubuntu server 14.04: I want to add a samba share to /etc/fstab, however I get "mount error: cifs filesystem not supported by the system". I have cifs-utils installed.
<cwhy1> gnaddel: have you tried it again following a reboot?
<gnaddel> cwhy1: Yes, tried a reboot
<cwhy1> gnaddel: run 'dpkg -l cifs-utils'
<cwhy1> what output do you get?
<gnaddel> cwhy1: http://pastebin.com/HdcMYQ1i
<gnaddel> the fstab entry is as follows: //winfs-uni.top.gwdg.de/MYUSER$ /home/localuser/GWDG-P/ cifs credentials=/home/localuser/.smbcredentials 0 0
<ogra_> gnaddel, try adding cifs to /etc/modules for a test
<ogra_> and check in proc/filesystems if it is supported after loading the module
<gnaddel> ok, rebooting
<gnaddel> ogra_: Doesn't seem to work: http://pastebin.com/5M75kCdV
<ogra_> this is weird ... also that you dont have anything in /etc/modules by default
<ogra_> lp and rtc shoul still be in there i think
<lifeless> I certainly have lp and rtc; though why anyone needs lp these days...
<ogra_> well, you cant auto-load it for some reason ... so to use it it must be there ... even if only a fraction does actually use it
<gnaddel> It's a pretty vanilla 14.04 server installation, the only things I added so far are fail2ban, auto-updates and some python stuff
<gnaddel> and I don't think it would be a non-standard setup either (It's a VPS from 1&1, German hoster)
<ogra_> oh, you didnt tell its a VPS
<ogra_> might be that they use a kernel that doesnt even have cifs as module
<gnaddel> They call it Ubuntu Server 14.04 LTS minimal system
<ogra_> well, check "uname -a"
<ogra_> (and also see if /lib/modules has the coressponding modules there)
<Nivex> arrrghhhAWAY: good morning. bets on if/when the upgrader goes live today?
<coreycb> jamespage, zul:  keystone is ready for review - https://code.launchpad.net/~corey.bryant/keystone/2014.1.2/+merge/230290
<jamespage> coreycb, ack
<jamespage> coreycb, working through your branches now btw
<jamespage> coreycb, I'll upload anything that is OK
<coreycb> jamespage, great, thanks
<Abhijit> how can i tell preseed to delete all the existing lvm. delete everything.
<jamespage> coreycb, does our MRE cover trove yet?
<coreycb> jamespage, I'm not sure - where can I check?
<jamespage> coreycb, MRE wiki page
<coreycb> jamespage, looking
<coreycb> jamespage, I don't see trove here - https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions
<jamespage> coreycb, OK _ well drop that from the update then
<coreycb> jamespage, ok
<jamespage> coreycb, we don't have an effect test strategy
<jamespage> coreycb, horizon and ceilometer uploaded
<jamespage> coreycb, for future reference, if you need to sync in the archive version of the package to the branch, make sure you pull in the changelog entries in full
<jamespage> nova - > 1:2014.1.1-0ubuntu2
<jamespage> for example
<jamespage> rather than amending your changelog entry to include that ones patch
<coreycb> jamespage, ok
<coreycb> jamespage, want me to update those?
<jamespage> coreycb, no worries - I've done neutron and nova
<coreycb> jamespage, ok
<jamespage> coreycb, if any other ones need updating please do
<coreycb> jamespage, looks like cinder's the only other one that needs the changelog fixed, so I'll go  ahead and do that
<jamespage> coreycb, awesome
<jamespage> coreycb, zul, gnuoy, ++ : just in case you had not noticed but PPA builds are now much faster - scalingstack is taking care of them so they are running ontop of OpenStack under full KVM; queue is virtually 0 and they are faster than my SSD quad core....
<gnuoy> Go team IS!
<coreycb> jamespage, very nice!
<coreycb> jamespage, cinder is update
<coreycb> updated
<jamespage> coreycb, glance and cinder uploaded
<jamespage> coreycb, ditto nova
<jamespage> coreycb, having severe deja-vu - waiting for keystone to finish building!
<coreycb> jamespage, lol
<coreycb> jamespage, there's some sort of db issue with heat that I'm trying to figure out
<jamespage> coreycb, ack
<jamespage> coreycb, neutron uploaded
<jamespage> coreycb, and keystone
<jamespage> coreycb, the complete set is here - https://launchpad.net/~james-page/+archive/ubuntu/icehouse/+packages
<jamespage> as well
<coreycb> jamespage, ack, thanks a lot.  just waiting on me for heat now.
<jamespage> coreycb, ack
<bitfury> anyone built GRE tunnels between two ubuntu servers behind NAT?
<bitfury> I set up a tunnel but not sure if they're are up or not
<bitfury> I do 'ip tunnel' and it's empty
<bitfury> so I guess they're not up, is this a good way of checking?
<chriys> Hi all, I'm running ubuntu 14.04 but for some reason I can't manage to change DocumentRoot in apache 2
<Pici> chriys: Are you modifying the file for your site?
<Pici> in /etc/apache2/sites-enabled/ ?
<Pici> And if so, what isn't working?
<coreycb> jamespage, do we want trove here with it not being on the MRE list?  https://launchpad.net/~james-page/+archive/ubuntu/icehouse/+packages
<chriys> Pici: I want to change the location of the website. Instead of /var/www/ I want /home/myuser/html
<jamespage> coreycb, meh
<coreycb> jamespage, maybe it doesn't much matter
<bitfury> anyone might know why my GRE tunnel between two ubuntu servers is not working?
<jamespage> coreycb, if you fancy some MIR practice after sorting out heat - https://bugs.launchpad.net/ubuntu/+source/python-pysnmp4/+bug/1349868
<uvirtbot> Launchpad bug 1349868 in python-pysnmp4-mibs "[MIR] new build dependencies for ceilometer" [Undecided,Incomplete]
<coreycb> jamespage, sure I'll work on that
<jamespage> coreycb, thanks :-)
<arrrghhh> Nivex, :/  I can try to ping the folks who were talking about it in -devel, I just hate sounding desperate.  I just wonder what is needed, if they need help with additional testing or something...
<arrrghhh> Nivex, check the page now :)
<arrrghhh> http://changelogs.ubuntu.com/meta-release-lts
<Nivex> huzzah!
<Nivex> root@atlantis:~# do-release-upgrade -c
<Nivex> Checking for a new Ubuntu release
<Nivex> New release '14.04.1 LTS' available.
<Nivex> sounds like I get some lunch and start my upgrade
<arrrghhh> I pinged the guy in -devel and he was like "concidentally I just did that" hehe
<arrrghhh> except he spelled it correctly.  coincidentally*
<Nivex> and coincidentally I had just hit reload when you said to :)
<arrrghhh> and all is right in the world of 'buntu
<Nivex> and here we go!
<zartoosh__> HI is there a linux utility to re-read uefi boot efivars which are displayed by efibootmgr -v ? thx
<hallyn> jamespage: smoser: any objection to http://paste.ubuntu.com/8019264/ ?
<smoser> hallyn, the string 'qemu-system-x86' is that relevant ?
<smoser> qemu-system-x86.modprobe. ie, is that arch specific ? does this matter elsewhere ? i suspect not.
<catphish> i have a system where "init" is extremely busy, using 100% cpu a lot of the time, is there a way i can find out what it's doing?
<smoser> hallyn, the only suggestion i hav is:
<smoser>  rmmod kvm_intel && modprobe kvm_intel || true
<hallyn> smoser: yes, it is only on x86, however there isn't currently a postinst for qemu-system-x86, so i didn't want to add it.
<smoser> that way you dont modprobe if rmmod failed
<hallyn> smoser: will do, thx
<smoser> and maybe just comment that yes, this could fail.
<hallyn> smoser: if you think it's cleaner to add a x86 postinst, i'll do it, this just seemed less likely to be messe dup by the likes of me
<smoser> if kvm was being used)
<rberg> hello. I have a first boot script run in rc.local that in some cases asks a question, when it asks I see the question but I cannot see anything I type into the bash read.. does anybody know why?
<hallyn> good point - i was actually only thinking of in a container
<hallyn> smoser: feh, maybe i should check the value of /sys/modules/kvm_intel/parameters/nested
<hallyn> i think i'll add that check, to redue the amount of module load/unloading
<smoser> yeah. that'd be good too
<smoser> hallyn, isn't there some util to say : am-i-in-a-container ?
<smoser> i thoguht there was one
<hallyn> smoser: there is, but i'd rather not have kvm depend on that,
<hallyn> bc there are other ways to fail in the same way
<smoser> ok
<smoser> hallyn, you didn't come up with any magic to allow me to use upstart in a non-network-namespaced container, di dyou ?
<hallyn> smoser: I'm afraid not.  upstart is just not designed that way.  I'd simply recommend bridging eth0 and putting hte container on that bridge
<hallyn> smoser: use systemd? :)
<smoser> thanks
<hallyn> smoser: so this again is for running maas or the openstack network daemon in a container?
<hallyn> smoser: so i'm going with http://paste.ubuntu.com/8019402/ for qemu
<smoser> yeah, thats waht it was.
<smoser> your answer is really ok.
<hallyn> smoser: I really hate it
<smoser> having non-network namespace seemd just so perfect.
<smoser> as i could basically run the container as an "application".
<smoser> and clean it easily.
<hallyn> but then abstract sockets have pained me since i was first taught about them 10 years ago ("yo umoron, you'r enot handling these")
<rberg> to answer my own question stty can re-enable echo
<toyotapie> Does everyone around here run a dns caching server on each of their servers?
<arrrghhh> toyotapie, I think everyone uses their servers in whatever way they see fit... if you have a question, feel free to ask :)
<toyotapie> My server was slowed to a halt because the first dns server in resolv.conf was offline, I am looking for a solution where a local dns cacher will check if servers are alive and route dns requests accordingly, that way it eliminates the delays trying to reach backup servers.
<patdk-wk> toyotapie, pdns-recursor does this by default
<patdk-wk> others, I dunno
<patdk-wk> you can also modify your resolv.conf to help
<patdk-wk> timout and attempts
<patdk-wk> the idea there, set a really low timeout, but attempt multible times
<patdk-wk> so you request it from basically all your nameservers, and the 2nd or 3rd attempt will get the results
<patdk-wk> default is 5seconds
<patdk-wk> and use rotate
<sarnold> pdns++
<patdk-wk> I still need to look into how unbound does it
<toyotapie> pdns is different from pdns++ ?
<sarnold> toyotapie: heh, no, that's just a shorthand for "I also like pdns" :)
<toyotapie> OK ;)
<toyotapie> I use pdns for my ns servers, but not the recursive server.
<toyotapie> Maybe I should use pdns as a recursive server, I was still using the old trusty bind for recursive lookups
<toyotapie> is it a good idea to setup a single pdns instance as a public authoritative server for my domain and at the same time the recursive dns server for my servers ?
<patdk-wk> do what?
<patdk-wk> pdns is a server only
<patdk-wk> pdns-recursor is a recursive server only
<toyotapie> Ah ok
<toyotapie> thanks
<toyotapie> given my success with pdns, I will try pdns-recursor
<toyotapie> thanks guy
<toyotapie> guys*
<catphish> would it be save to remove /etc/init/network-interface.conf if i don't have any hotswap network interfaces, or is this necessary for normal boot time network config?
<catphish> i guess it executes the ifup so probably not
<Aison> damn, I just killed my system
<Aison> I did a chown -R on /var mistakenly
<Aison> nothing works
<TJ-> Aison: boot to a live ISO or the server rescue option, then use a script to read the correct ownership from a good system and apply it to that broken one
<lordievader> From the live iso for example ;)
<TJ-> Aison: this works with the broken FS mounted at $TARGET (remove the "echo" inside the loop to have it actually do the chown rather than print it): "TARGET=/target; while read inode b perm qty user group size month day time name; do [ -e "${TARGET}$name" ] && echo chown $user:$group "${TARGET}$name"; done < <(sudo find /var -type d -ls)"
<TJ-> Aison: You might want to modify that since it only targets directories, and also won't operate on directories that aren't in the reference system. You could sort the result of the find by path-length first, and apply permissions using -R from the shortest path to the longest
<zartoosh__> HI using ubuntu 14.04 I got this error: BUG: Bad page map in process sshd  pte:01000000 pmd:23ed32067   what this means? thx
<zartoosh__> TJ- hi have a question on uefi. I have installed grub on  a usb disk. that creates an entry that I can display through efibootmgr -v, but when i reboot sometimes I do not see that entry could be an issue with UEFI implementation? thx
<TJ-> zartoosh__: That sounds like the firmware isn't reading the USB device correctly/in-time, and so suppresses the boot-menu entry because the device isn't there
<TJ-> zartoosh__: If the mobo has an EFI shell you could explore from there
<zartoosh__> zartoosh__, It does have uefi shell but it does not see the entry at all, It can see the uefi entry from hardisk but not the one created through grub-install ?
<Aison> TJ-, i've got the var directory now from my bacula backup
<zartoosh__> TJ-,  this is how I install the grub, please let me know if you see anything wrong: http://paste.ubuntu.com/8020251/      thx
<Aison> TJ-, so maybe it is possible to copy over just the rights?
<TJ-> Aison: Sure, use a modification of what I posted
<Aison> TJ-, just working on that :D
<TJ-> zartoosh__: looks OK... but I'm a bit tired right now not thinking clearly, so don't rely on me :)
<zartoosh__> TJ-,  thanks ping you tomorrow thanks
<hallyn> hm, ipxe currently doesn't build in utopic
<hallyn> It fails because
<hallyn> ISOLINUX_BIN=/usr/lib/syslinux/isolinux.bin bash util/geniso bin/ipxe.iso bin/ipxe.lkr
<hallyn> while that happens in trusty ^ , in utopic ISOLINUX_BIN is empty
<hallyn> hm, looks like syslinux-common needs to be added as an explicit build-dep now
<hallyn> yeah syslinux used to depend on syslinux-common, now it recommends it
<hallyn> smoser: wtf - default utopic ec2 image doesn't have bridging enabled?
#ubuntu-server 2014-08-12
<zartoosh__> hi I have done someting bad that my system during boot hangs, I like to boot and run one service at a time, what is the boot option for that so I know where it hangs? thanks
<riz0n> Hello guys, I am running 12.04 LTS on my Linux web server, and want to upgrade to 14.04 using the do-release-upgrade but it says that there are no new releases of Ubuntu available. Anyone know when this release will be available through online upgrade?
<sarnold> riz0n: I thought that switch was flipped earlier today?
<riz0n> Lemme check :)
<kklimonda> it should be, my 12.04 server is definitely telling me about it
<riz0n> Checked it at 9 this morning, no go, and now it's there :) WOO HOO :)
<riz0n> Wow must be a lot of people getting Ubuntu today. can only get 50kB/s... anyways we will wait and get :)
<Patrickdk> riz0n, heh, it's always fast for me, but then I have a local mirror
<photon> Hi. Two hours ago I unmounted an ext4 partition. I tried to remount it half an hour ago, got an error (don't remember the exact wording, but IIRC something about bad descriptors was in it). dmesg showed "group descriptors corrupted" for that partition. I ran fsck on it. It fixed tens of thousands of "Group descriptor ... checksum is invalid." errors, tens of thousands of "Free blocks count wrong for group" errors, and just as many "Inode bitmap
<photon>  differences" errors, followed by another bunch of "free inode count wrong" errors. After an hour of fixing, I got no more errors and remounted the partition. At first glance, it seems all my files are still there and intact. What could have caused this? Could it be that the HDD is failing? SMART shows no such indication and no errors. Should I buy a new HDD? Should I reformat? Or can I safely continue to use this partition? Thank you!
<^Mike> I currently have 2 x 2TB and 2 x 1TB in a 4-bay enclosure. 1 x 2TB is in use, with LVM + LUKS (1PV, 1VG, 1LV, 100% allocated). I'd like to move towards raid5 or 6. Is it possible to upgrade this single disk to raid5? Is it possible to upgrade LVM from raid5 to 6? To do any of this, do I need to replace the 1TB drives with 2TB?
<^Mike> Also, if you have a pointer to complete and up-to-date documentation on LVM, I'd love you to share it with me. I understand RAID is a late addition to LVM, and it doesn't appear in many of the guides I'm finding.
<^Mike> "For RAID 5 and RAID 6, you must use md [and not lvm] to implement software RAID." - textbook I won't be buying
<riz0n> OK So I have upgraded my server to new LTS. And now the PHP on my web servers fail to run. What do I need to change in my conf files (Apache, I imagine) to get php to run once again?
<^Mike> riz0n: what does "fail to run" mean? What do your logs show?
<riz0n> My logs show nothing. When the page loads, the php code is simply mixed in with the HTML code.
<RoyK> riz0n: probably the php module not loaded
<RoyK> riz0n: check /etc/apache2/mods-enabled
<chriys> hey guys does someone knows how to setup rpm repository ?
<Abhijit> chriys, there is something called as mrepo. check if it works in ubuntu
<chriys> Abhijit: in Ubuntu there's Alien that install them but I can't manage to find where the package is install
<chriys> and if I run apt-get install package-name it says it's already installed
<Abhijit> chriys, you dont need to install rpm packages in order to create its repo?
<jpds> chriys: Wait, you want to install tpms, or create a repo of them?
<Abhijit> chriys, whats your actual aim? you want to host rpm repo or you want to install rpm in ubuntu?
<chriys> I think I'm lost I used this command to install a repo alien -i http://installrepo.kaltura.org/releases/kaltura-release.noarch.rpm to set up a repo
<chriys> but after that if I run apt-get install package-name it says that the package it's already installed
<chriys> but I can't manage to find where the package is installed
<jpds> Does alien install packages?
<jpds> I thought it just converted them.
<chriys> jpds: in any case I can't find where the package is
<Sling> trying to make my first upstart job using start-stop-daemon, but all it does so far is hang, details http://paste2.org/y7I47APt
<Sling> then when I ctrl-C, and start it again, it tells me the job is already started
<Sling> while it really didn't start anything
<tortib> Hi, is anyone awake?  I'm trying to hide processes from other users using the hidepid=2 option for /proc ; I have mounted proc with the following and it appears to be on but my users still can see all the procs...proc on /proc type proc (rw,hidepid=2)
<memoryleak> Hi. I have a folder /shared which is a mount point of SAN storage. I would like to test write and read speeds, is there a recommended way to do that?
<klep> anyone have experience with ubuntu provisioning nodes with MAAS? I run into this issue when I'm doing bulk provisions "network autoconfiguration failed your network is probably not using the DHCP protocol" ... this only happens when I do multiple nodes ...
<klep> any ideas?
<h1r3> hello... my server reboots randomly without apparent reason... i looked at the logs and the only thing i found that looked kind of suspicios was the following: "kernel: [   50.309356] init: plymouth-upstart-bridge main process ended, respawning". but still i don't even know if it is related...
<Sling> looks like this channel is just questions and no answers =)
<cfhowlett> Sling, feel free to contribute your knowledge by answering
<Sling> cfhowlett: I actually entered with a question too ;)
<Sling> but had to go afk
<h1r3> i already checked if it's a panic issue, which is not... i am gonna check if it has to do wit the temperature... i am also thinking that it has to do with owncloud, since the reboots happen apparently when it is running... i would appreciate some advice...
<hxm> how to give permissions to scripts to access apache logs?
<hxm> is it a good idea to change the owner of those files?
<peetaur2> hxm: use the principle of least privilege. Give it read only if it must have it, but not write unless it also must have that (and it very likely does not ever need write access)
<peetaur2> owner can do all... rm, chmod, etc. so it is too much
<RoyK> hxm: if the script runs as a user member of the adm group, it should work well
<jamespage> jodh, around?
<DenBeiren> i have two new disks in a  running system that i would like to put in raid1 and use as /backup
<DenBeiren> i'm guessing i overlooked a step
<DenBeiren> first i did a fdisk, then make2fs and then mdadm
<DenBeiren> is this correct?
<peetaur2> mkfs last
<peetaur2> fdisk makes a partition. raid makes partitions into raid. mkfs makes a device (your raid) into a file system.
<peetaur2> and keep in mind that the best backup is elsewhere, in case of fire, and also without granting access to delete the files in case the backed up system goes rogue
<RoyK> DenBeiren: no reason to use partitions - just mdadm --create --level=1 --raid-devices=2 /dev/md(something) /dev/sd(something) /dev/sd(something)
<DenBeiren> i used assemble instead of create
<RoyK> assemble is for assembling existing raids
<DenBeiren>  sudo mdadm --create --verbose /dev/md0 --level=1 /dev/sda /dev/sdb
<DenBeiren> mdadm: no raid-devices specified.
<RoyK> mdadm --create --verbose --level=1 /dev/md0 /dev/sd[ab]
<RoyK> btw, where's your root partition?
<RoyK> that's usually on sda
<RoyK> so don't do that yet
<DenBeiren> on a hardware raid 5 part in the server
<RoyK> what dev?
<DenBeiren> sdc
<RoyK> ok
<RoyK> go on, then
<DenBeiren> same error
<DenBeiren> no raid devices specified
<RoyK> ah
<RoyK> sorry
<RoyK> add --raid-devices=2
<RoyK> (as I said initially)
<DenBeiren> there we go :-)
<pmatulis> morning
<RoyK> DenBeiren: then, again, if I were you, I'd use LVM on top of that
<DenBeiren> the R5 uses lvm
<RoyK> DenBeiren: more flexible in case you need to change things later - just vgcreate yourvg /dev/md0
<RoyK> good
<RoyK> then lvcreate ...
<RoyK> better allocate what you need for the first lv and then grow it later if you need more space - you never know when you want another filesystem for something
<RoyK> or - if you want to extend the existing VG, well, it should be safe
<DenBeiren> it's only used as internal backup
<DenBeiren> so no need to shrink/grow later on
<DenBeiren> the R5 has plenty of room,.. +/- 25 times what they need :-)
<DenBeiren> so after creating,.. assembling?
<RoyK> DenBeiren: no, after it's created, you just have to put lvm+filesystem or just a filesystem on it
<DenBeiren> eeerrm,.. just caught my eye,..
<DenBeiren> the raid 5 is called md0
<DenBeiren> and i just created a second md0 ?
<RoyK> pastebin /proc/mdstat
<RoyK> hwraid doesn't have an mdX
<RoyK> it just shows up in linux as a scsi device
<DenBeiren> http://pastie.org/9465660
<RoyK> DenBeiren: that looks like a 2x2TB mirror being synced
<RoyK> DenBeiren: now, run
<RoyK> mdadm --detail --scan >> /etc/mdadm/mdadm.conf
<RoyK> and
<RoyK> update-initramfs -u
<hadifarnoud> I remember there was a way of adding a new virtualhost with one command. You know what that was?
<RoyK> apache virtualhost?
<zartoosh__> hi I am using ubuntu 14.04. I am looking for a tool or mechanism to force kernel to re-read UUID information from storage devices? thx
<DenBeiren> RoyK: http://pastie.org/9465748
<RoyK> DenBeiren: sudo -i first
<RoyK> DenBeiren: with that syntax, mdadm will be run as root, but the redirect will be run as the current user, so it won't work
<hadifarnoud> is there any script for adding virtualhost
<hadifarnoud> ?
<RoyK> hadifarnoud: apache?
<DenBeiren> now i get unknown keyword
<hadifarnoud> yes RoyK
<RoyK> hadifarnoud: a2ensite
<hadifarnoud> I found a few. didn't work
<RoyK> hadifarnoud: but you need to configure it first in /etc/apache2/sites-available/
<hadifarnoud> RoyK: that does everything for me?
<RoyK> just read up on configuring apache - it's not that hard - take a look at /etc/apache2/sites-available/default
<RoyK> DenBeiren: sudo -i
<RoyK> DenBeiren: then run mdadm ...
<hadifarnoud> RoyK: I understand I need to copy that in same folder. like /domain.com
<RoyK> hadifarnoud: cd /etc/apache2/sites-available/ ; cp default yoursite.com
<RoyK> edit yoursite.com with your favourite editor
<DenBeiren> http://pastie.org/9465853
<RoyK> enable it with the command I gave you (which really just symlinks that file to /etc/apache2/sites-enabled/, which you can do manually), and run apache2ctl graceful
<hadifarnoud> ok thanks
<RoyK> DenBeiren: huh?
<RoyK> root@u1404:~# mdadm --detail --scan
<RoyK> ARRAY /dev/md0 metadata=1.2 spares=1 name=u1404:0 UUID=86c59c02:20b550e5:e2a29b8c:73717304
<DenBeiren> ARRAY /dev/md0 metadata=1.2 name=sax:0 UUID=7818e495:6b4d8a56:9336b751:4547158c
<DenBeiren> can i run update-initramfs -u before the array is completely built?
<RoyK> DenBeiren: add that line to /etc/mdadm/mdadm.conf
<RoyK> DenBeiren: just edit the file
<DenBeiren> and what does it do exactly?
<RoyK> DenBeiren: update-initramfs -u isn't related to the array status - it just updates the initrd/initramfs so that mdadm.conf is copied into it and md0 is called md0 at restart
<RoyK> without it, it'll probably be called md127 or something
<RoyK> another good reason for using lvm - if mdX changes name, lvm will still find its way and filesystems will mount correctly - if mdX changes its name and you have /dev/md0 in your /etc/fstab, it won't mount it and probably hang waiting for input during bootup
<DenBeiren> uhu
<DenBeiren> so http://pastie.org/9465954 this looks ok to you? no md0 overwrites or something?
<RoyK> I don't quite see why you should need partition tables on sd[ab], but then, it won't hurt - they'll probably be overwritten - but it looks good
<RoyK> just vgcreate mybackupstorageorsomething /dev/md0
<DenBeiren> ok
<RoyK> then something like
<DenBeiren> it's the first time i create raid array "not" using the livedisc installer
<RoyK> lvcreate -l100%FREE -n mybackupstorageorsomething mybackupstorageorsomething
<RoyK> the -n gives the name of the LV, the last argument is the VG name
<RoyK> man lvcreate
<RoyK> DenBeiren: there's always a first time ;)
<DenBeiren> thanks for helping out in any case :-)
<RoyK> :)
<DenBeiren> resync 2TB takes ages :-)
<RoyK> I know...
<smoser> hallyn, "enabled" ?
<smoser> in the kernel ?
<DenBeiren> RoyK: any exp. with zentyal ?
<RoyK> nope
<DenBeiren> it's a gui to put over ubuntu server
<DenBeiren> but i'm having problems with samba
<DenBeiren> https://forum.zentyal.org/index.php/topic,22904.0.html
<RoyK> I know - buy why?
<RoyK> learn the commandline!
<RoyK> you'll end up doing that anyway
<DenBeiren> it's the company that uses that server that wants it :s
<DenBeiren> they want to add users and shares themselves
<DenBeiren> and they don't know any commands nor have they heard of terminal :-)
<RoyK> DenBeiren: try #zentyal
<DenBeiren> channel is dead,.. :s
<DenBeiren> been there for a couple of days,.. hardly anyone on there
<RoyK> DenBeiren: sorry - no idea about zentyal
<DenBeiren> ok,.. thx anyway ;-)
<rbasak> rcj or utlemming: is there a Launchpad project to file bugs in the cloud images against?
<rbasak> eg. bug 1354839
<uvirtbot> Launchpad bug 1354839 in ubuntu "precise vagrant cloud-images still use raring HWE stack" [Undecided,New] https://launchpad.net/bugs/1354839
<jodh> jamespage: hi
<jamespage> hey jodh
<jamespage> jodh, I think I know the answer - its not possible to provide a custom 'restart' script in an upstart configuration right?
<jodh> jamespage: there is no built-in support for that, but you could always pass in a variable to modify the behaviour maybe if this is a manual restart?
<jamespage> jodh, ok - that's what I thought
<jamespage> jodh, and a variable was one way around that
<rcj> rbasak, got the bug, we don't have a public project which is problematic for Vagrant images
<rbasak> rcj: maybe create a Launchpad project to track cloud image bugs for all cloud images?
<rbasak> rcj: for example I filed bug 1355343 yesterday, and in the first instance I wanted to file against cloud images generally.
<uvirtbot> Launchpad bug 1355343 in cloud-init "cloud-init writes sources.list without newline at end of file" [Undecided,New] https://launchpad.net/bugs/1355343
<rbasak> (though this one only affects cloud images - any fix would be solely in cloud-init I think)
<rcj> rbasak, and in the case of that cloud-init bug that's not a problem with how we create the image, but an issue with that package.  So it's the right way to go.  But back to the project, I think we need something but it'll be hard for users to know when to file against it.  I'd like to work this out with utlemming.
<rbasak> rcj: sure, spend some time working it out. I agree it would be hard for users to know, but bug triagers and other Ubuntu devs will be able to help. At least you'll have all the bugs in one place then.
<theToastIsDone> how do i create an A record on a newly created Ubuntu server?
<ikonia> theToastIsDone: you create it on the dns server
<ikonia> not your ubuntu server
<theToastIsDone> ok th
<theToastIsDone> thx
<theToastIsDone> ok, this is weird.. if my domain registrar has private nameservers registered (ns1 and ns2.mydomain.com), and mydomain.com is pointed to those 2 nameservers, where would I add the A record, at the registrar someplace?
<ikonia> theToastIsDone: you talk to your registrar to either a.) update their dns servers for you b.) tell them to point your domain at dns servers you maintain
<ikonia> if you're asking this question I suspect option 1 would be wise
<elliotd123> I've upgraded to 14.04.1 from 12.04.4 and now I'm getting "mount: unknown filesystem type 'ext2' on my /boot mount point. Any fix for this?
<ikonia> elliotd123: what poit are you getting that error ?
<ikonia> elliotd123: eg: after grub during the initial boot, or is grub erroring
<elliotd123> it drops into a root shell, and if I try to mount -a I get it
<ikonia> is it ext2 ?
<elliotd123> after grub
<ikonia> as in the file system
<rbasak> jamespage: do we have an accepted way to flag bugs that probably need looking at by us later? Eg. bug 1355253. I'm wondering whether to just assign ~ubuntu-server or something, so I can find these myself later.
<uvirtbot> Launchpad bug 1355253 in php5 "Apache reloading before package setup" [Undecided,New] https://launchpad.net/bugs/1355253
<rbasak> But then again I don't want to imply that others shouldn't work on it.
<elliotd123> I think it's ext2
<rbasak> Or imply to the submitter that it will definitely get looked at.
<ikonia> elliotd123: you "think" ?
<elliotd123>  yeah how do I tell? It's our clients VM so I can't rule out that they changed something...ugh
<ikonia> elliotd123: manually mount it
<ikonia> did you not check any of this before upgrading a clients vm ???
<elliotd123> they upgraded it
<ikonia> elliotd123: you said "I've upgraded"
<elliotd123> sorry
<elliotd123> I figured it out. thanks.
<ikonia> cool
<elliotd123> looks like their upgrade never completed.
<elliotd123> so: enabling the network and "apt-get update && apt-get -f install" looks like it worked.
<zartoosh__> HI for uefi boot, I need to create startup.nsh and place fs1:\EFI\bootid\grubx64.efi   Does anyone know how to create it and place it where? thx
<jamespage> rbasak, I'd target it either to a milestone for a release or raise a series task for utopic
<theToastIsDone> is there a webmin channel?
<theToastIsDone> does anyone know?
<cfhowlett_> !webmin|theToastIsDone,
<ubottu> theToastIsDone,: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<theToastIsDone> hmm... crap..
<theToastIsDone> how do i uninstall it then??
<cfhowlett_> theToastIsDone, sudo apt-get purge webmin
<theToastIsDone> nice thx
<cfhowlett_> theToastIsDone, that only works if you used apt to install
<ikonia> how is it getting installed if it's not in the repo
<cfhowlett_> ikonia, dpkg ?
<cfhowlett_> source?
<ikonia> I don't know....
<theToastIsDone> you had to add the repo
<theToastIsDone> which is something I'm fixing now
<theToastIsDone> anyone know of a good webmin-like piece of software?
<theToastIsDone> for ubuntu of course
<ikonia> there really isn't a "good" one
<ikonia> there are various bad ones
<theToastIsDone> lol ok.. what's the best 'bad one' that is open source?
<pmatulis> theToastIsDone: zentyal has a bunch of modules (apt-cache search zentyal-) but zentyal is mostly meant to be used as an install/ISO
<pmatulis> (so i'm not sure about using them independently)
<theToastIsDone> ok thx guys
<cfhowlett_> theToastIsDone, might ask ##linux as well
<DenBeiren> theToastIsDone: check zentyal
<hallyn> smoser: yes, i fired up an ec2 instance, couldn't create a bridge, and got -enomem when i tried to modprobe bridge
<theToastIsDone> zentyal looks nice
<smoser> hallyn, more info? instance type ?
<hallyn> ami-5ebf6a36
<hallyn> and ami-a427efcc
<hallyn> i used the default mt, presumably t1.micro
<zartoosh__> HI for uefi boot, I need to create startup.nsh and place some boot order.   Does anyone know how to create it and place it where? thx
<smoser> hallyn, t1.micro isn't default. probaly m1.small is. but that woudl depend on how you launched it.
<smoser> but anyway.... it just doesn't seem likely. can you show me what you did?  the kernel is the same as we use everywhere else.
<smoser> ie, the one on your laptop probably.
<hallyn> I did ec2-run-instances -k sergeh-keypair ami-5ebf6a36
 * hallyn does it again
<hallyn> wht's your lp-id (and why is that not in the directory)
<hallyn> i see, it's smoser
<smoser> hallyn, i can verify that 'apt-get install lxc' didn't work on the alpha2 image for utopic that you posted.
<hallyn> smoser: this time i can't even log into the image
<hallyn> smoser: is my ami supposed to be a valid one (came from ubuntu-cloudimg-query)
<smoser> http://paste.openstack.org/show/93906
<smoser> your ocnsole output might show similar things
<smoser> stack traces
<theToastIsDone> here's a cron question... If I have a key setup in a get statement in cron, nobody can see that from the public side of things, correct? for example:  wget example.com/?some_key=1234
<peetaur2> theToastIsDone: you can see that with ps -ef
<smoser> hallyn, ^
<smoser> theToastIsDone, you can prevent 'ps' from showing it just by putting the 'wget' into a file that is executable and only readable by the owner of the file.
<smoser> oh. wait.
<peetaur2> no you can't ....
<smoser> no. never mind. the wget would still be reaable. :)
<peetaur2> but you can store it in a file, then find some argument to wget that reads the file directly, without the content ever going on a command line
<theToastIsDone> ok, i appreciate it everyone
<hallyn> smoser: yeah, http://paste.ubuntu.com/
<stetho> Hi. Does anyone know if there's something "special" you need to do with the DHCP option ntp-servers? My company doesn't allow NTP requests in or out and has its own NTP servers. My DHCP server has option ntp-servers pointing to the internal NTP servers but when I install Ubuntu it waits a long time at the "getting the time from an NTP server" message and, according to the logs, fails. After install is completed if I manually set the servers in
<stetho>  ntp.conf everything works fine. So it would seem that the Ubuntu installer is ignoring the option ntp-servers setting or I'm missing another step that I need to take.
<rbasak> kickinz1: FYI, I filed bug 1355890. If it gets approved, we'll have a little more time for bcache.
<uvirtbot> Launchpad bug 1355890 in ubuntu "[FFe] bcache-tools" [Undecided,New] https://launchpad.net/bugs/1355890
<rbasak> kickinz1: no more action needed on the bug for now. The release team will look at it.
<smoser> hallyn, https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1355891
<uvirtbot> Launchpad bug 1355891 in linux "crash on utopic ec2 instance" [Undecided,New]
<rbasak> stetho: which installer are you using?
<rbasak> stetho: there is a specific d-i feature that should support DHCP supply of NTP servers.
<smoser> hallyn, did you think you saw this on trusty ?
<hallyn> smoser: I don't remember what happend on trusty, lemme restart that
<smoser> hallyn, i'll check. i just launched one.
<hallyn> smoser: my second start of htat utopic ami again ended up refusing to let me login
<rbasak> stetho: IIRC, dannf wrote that support. I can't find it right now - perhaps dannf can remember where it was or what the bug was?
<hallyn> I assume it's just a matter of when the kernel crashes
<smoser> hallyn, yeah, clearly kernel not working could cause failure of ssh
<stetho> rbasak: This is just using the ISO. This is more about "what does option ntp-servers" actually do rather than finding a way round it. I'm trying to understand if it's a setting for another OS or if there's a reason Ubuntu ignores it.
<rbasak> stetho: I know that there is a DHCP option for which support was specifically added for your use case.
<rbasak> I'm pretty sure it's ntp-servers.
<rbasak> stetho: I can't find the specifics right now though, which would help actually fix the issue for you.
<smoser> hallyn, i cannot reproduce on trusty
<smoser> at least not in the sample set of 1
<kickinz1> rbasak: thanks, Right now, I'm benchmarking bcache with writeback enabled. I'll keep you informed.
<hallyn> smoser: ok, good to know it's not my setup tha tfailed me with the utopic one
<hallyn> (i'd just had to switch my credentials around on my new laptop, wasn't quite sure)
<stetho> rbasak: I don't seem to be able to find anything either which is why I asked in here :-)
<mic_> anyone using nginx? I have a few short questions.
<hallyn> jamespage: around?
<jamespage> hallyn, yes
<hallyn> jamespage: ipxe in utopic fails to build.  the reason is syslinux does not ship /usr/lib/syslinux/isolinux.bin.  That's easily fixed by adding the install line for that to debian/syslinux.install.  Right now it only ends up in the syslinux-udeb package.
<hallyn> jamespage: so I intend to push that to utopic,
<jamespage> hallyn, ok
<hallyn> just pinging you first bc you may have an idea of why i'm being sily
<hallyn> silly
<jamespage> hallyn, just so I understand the context, when did this stop working?
<jamespage> does ipxe fail in debian as well for the same reason?
<hallyn> jamespage: it does, i tested it in jessie last night
<hallyn> and tested that with that fix, ipxe did build
<punkgeek> how to install java for run java script on apache?
<jamespage> hallyn, and syslinux only ships that in the udeb now?
<hallyn> right
<hallyn> whereas in the version we have in trusty, it was in syslinux
<hallyn> or maybe syslinux-common
<jamespage> hallyn, the isolinux package has that file
<jamespage> albeit in ./usr/lib/ISOLINUX/isolinux.bin
<jamespage> but I think you can add that via debian/rules to ipxe build
<hallyn> jamespage: what the...  I looked there before and saw others, but not isolinux.bin
<jamespage> hallyn, we just need to transition and update the ipxe build process - I expect that will be accepted into ipxe with a suitable patch for debian
<hallyn> jamespage: I'm sorry, I swear I looked there.
<hallyn> so yeah that should be trivial to fix
<jamespage> hallyn, hey - np - that's why we ask each other for peer review after all!
<jamespage> (so we don't go make ourselves look stooopid somewhere else :-))
<hallyn> so meanwhile lemme go look at ipxe upstream
<jamespage> rbasak, did we ever get to the bottom of why mongodb is stuck inproposed?
<jamespage>     * i386: mongodb, python-loofah does not hint at anything to me
<rbasak> jamespage: oh, I didn't realise it was. I'll take a look in a minute.
<jamespage> rbasak, I think it might be because I dropped the mongodb-dev package
<rbasak> Oh, I remember now.
 * rbasak updates his utopic-proposed apt cache
<rbasak> jamespage: mongodb depends on mongodb-dev, but src:mongodb no longer produces it.
<jamespage> rbasak, doh!
<rbasak> jamespage: so that makes mongodb itself uninstallable. That's the first part of * i386: mongodb
<rbasak> jamespage: python-loofah depends on mongodb, so also becomes uninstallable. I expect that'll fix itself as soon as mongodb itself is fixed.
<jamespage> rbasak, lemme sort out my mess
<klep> when using ubuntu 12.04 with the latest MAAS and I'm having and issue with DHCP leases being handed out after the nodes are provisioned ... they never get DHCP once they are supposed to have started
<klep> any ideas on this one?
<rbasak> klep: maybe try #maas if you don't get an answer here?
<hallyn> jamespage: corrected ipxe pushed to utopic;  will open a bug with jessie after I'm sure the utopic version is ok
<jamespage> rbasak, oh great - https://launchpad.net/ubuntu/+source/mongodb/1:2.6.3-0ubuntu4
<iclebyte2> is any one familar with dovecot? i'm having serious difficultly rebuilding a produciton server - i keep getting the error "SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48,"
<iclebyte2> and " Error: net_connect_unix(auth-worker) in directory /run/dovecot failed: Permission denied (euid=2000(vmail) egid=1002(vmail) missing +r perm: /run/dovecot/auth-worker, dir owned by 0:0 mode=0755)"
<Sling> iclebyte2: what does nami -mo /run/dovecot/auth-worker show?
<Sling> sorry, namei
<iclebyte2> http://pastebin.com/HusqYszY
<Sling> hm that socket should be nobody:nobody and 660 I think
<Sling> try chown nobody:nobody /run/dovecot/auth-worker; chmod 660 /run/dovecot/auth-worker
<Sling> or you seem to be running it as vmail, is this some shared hosting platform?
<iclebyte2> yes it's hosting business. UK2.net messed up my server and i'm rebuilding it from scratch but ubuntu 14.04 is using dovecot 2.29 - my old box was 10.04 and i'm seriously struggling to get it going again
<iclebyte2> lots of angry customers..
<crashcourse> i'm getting 'mail transport unavailable' messages on my postfix server but with no other clues in the logs - postconf output is here: http://pastebin.com/P32BtEKj - any ideas where to start debugging this?
<phunyguy> crashcourse: this channel is pretty inactive most of the time, especially with very specific issues like that.  Maybe #postfix would be able to help more...
<crashcourse> cool, thanks
<phunyguy> they are really good in that channel.
<phunyguy> crashcourse: Also, that pastebin says you are on Debian... not Ubuntu
<RoyK> phunyguy: not much difference...
<phunyguy> RoyK: not the point.
<phunyguy> RoyK: I wouldn't go into #debian asking about ubuntu questions.... just doesn't seem right the other direction either.
<EL3PHANTEN> Hello Does anyone here know what I should do to log cookies. I have put this in my apache2.conf   ->  LogFormat "%{name}C" cookielog  and then  CustomLog /var/log/apache2/my-access.log cookielog... But All I get in the file is 127.0.0.1 - - [12/Aug/2014:23:13:50 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.22 (Debian) (internal dummy connection)" "-"
<justizin_> anyone know if there is an open bug for hash sum mismatch errors with 12.04.5 server iso? after fresh install apt-get update results in a slew of Hash Sum mismatch
<sarnold> justizin_: which mirror?
<sarnold> justizin_: are you using apt-cacher-ng by chance?
<weaver> I'm tracking problems with the Ubuntu EC2 us-east-1 APT mirror, check sum mismatch, is anyone else seeing this?
<weaver> *hash sum mismatch
<sarnold> weaver: someone else reported some hash sum mismatches but didn't report the server :/
<sarnold> weaver: are you using apt-cacher-ng by any chance?
<weaver> no caching
<weaver> W: Failed to fetch bzip2:/var/lib/apt/lists/partial/us-east-1.ec2.archive.ubuntu.com_ubuntu_dists_precise-updates_universe_source_Sources  Hash Sum mismatch
<weaver> this error pops up regularly due to the S3 mirror update procedure not being transactional, but it typically resolves itself in minutes. We've been observing this for about an hour I think
<sarnold> weaver: thanks, I've poked admins..
<weaver> thanks sarnold
<stevek> Hi all.  Ubuntu's PHP session cleanup script keeps trashing my servers despite having file-based sessions disabled
<stevek> I've improved the session cleanup script to exit 0; if file-based sessions are not enabled
<stevek> where can I submit this improvement?
<sarnold> stevek: dpkg -S /path/to/cleanup/script  --- then ubuntu-bug <packagename> for whichever package owns the file
<stevek> ah, cool, thanks
#ubuntu-server 2014-08-13
<JayPi> Hi everyone! I would like to build a public ftp server (or http) that can manage a queue-like system. By example, if I give the link www.my-server.com/test.zip, I would like to create a *queue* in case of many users trying to download it at the same time... So, the first one got the download directly, the second has to wait, etc.
<JayPi> No idea, anyone?
<sarnold> JayPi: that's not how ftp works; you can delay a bit but sooner or later the ftp client is going to time out and fail. either then they re-try or they give up.
<JayPi> sarnold, ok. but is there a way to have like a *waiting line* for a download http request?
<sarnold> JayPi: better is to reject their connection outright if someone else is already connected. that way their client can just pound away reconnecting like a monkey until eventually you let them in.
<sarnold> JayPi: there might be bandwidth shaping modules for e.g. apache that let you say you handle at most three connections...
<JayPi> I would like to create a webpage with their download informations like : you are 2nd in waiting line. Your approx. waiting time is : 2 min 45 s.
<sarnold> ah sure you can dothat
<sarnold> if you don't mind having people land on a landing page, and only give them access to a long randomly generated URL after a while, that'd be easy enough
<sarnold> probably an afternoon's work for someone who knows python / ruby..
<JayPi> If I have 45 requests, I would like my server to give them a number from 1 to 45 (their priority)... How can I achieve that?
<JayPi> and if I don't know python or ruby lol ?
<sarnold> well, I guess you could use erlang or perl ... probably not as easy to pull off though
<JayPi> I don't know any programming language
<sarnold> this would be my starting point if I wanted to do it: http://www.sinatrarb.com/
<sarnold> this will be a fun project to learn :D
 * Abhijit smells money
<Abhijit> :-(
<foo357> Hello, I'm setting up apache on a ubuntu 14.04 machine, I've installed apache from the repository. When I try to browse to the server I get no connection. "telnet <ip> 80" on the server results in a connection, but not if I try from another machine
<obi12341> maybe you have a firewall installed?
<obi12341> try: ufw status
<foo357> On the machine, hmm could be possible.
<obi12341> and look in your iptables
<foo357> obi12341: ufw is inactive
<obi12341> iptables --list
<obi12341> and maybe your server has a hardware firewall
<foo357> obi12341: iptables looks empty to me. http://pastebin.com/9KfzdrXi
<obi12341> yes so no software firewall
<obi12341> what is the ip of your server?
<foo357> obi12341: sorry, I can't tell you the exact address
<obi12341> okay, then you have to look on your own. looks like you have a hardware firewall
<foo357> obi12341: but if I can do a telnet from within the server (specifying the ip), I should reasonably be able to do that from any other machine as well?
<obi12341> no the firewall can detect that the connection is from the "inside" so he allows the packages
<obi12341> the firewall sees the source IP
<foo357> obi12341: of course, what I meant was that the server itself shouldn't stop it.
<obi12341> your telenet is successful isn't it?
<foo357> obi12341: yes, but only from the server, the local machine.
<obi12341> yes so you do: telnet 127.0.0.1 80
<obi12341> and telnet <ip> 80
<foo357> obi12341: no I've always tried with the eth0 interface
<obi12341> the firewall recognize the source ip (your server ip) and allows these packages
<obi12341> yes so telnet <ip> 80
<foo357> obi12341: ok, thanks for your help. I guess there's no configuration on the server that should cause this problem then.
<obi12341> just take a deeper look in your contract with your hoster and you will see you have a firewall in front of your server
<obi12341> i guess no configuration issue
<foo357> obi12341: thanks
<obi12341> no problem
<YamakasY> I forgot... why can I remote login without password with username@hostname but not as username@fqdn
<pmatulis> morning
<pmatulis> YamakasY: check ~/.ssh/config
<YamakasY> pmatulis: already fixed! thanks
<pmatulis> YamakasY: keep on truckin'
<YamakasY> pmatulis: broaaaammmm!
<pmatulis> :)
<ddsf> Are extra packages required to do iptables MASQUERADE on -server?
<rbasak> ddsf: I don't think so. Though IIRC masquerade is intended for dialup (dynamic IPs). Usually on a server SNAT is used instead.
<patdk-wk> masquerade is snat :)
<jamespage> coreycb, did arges reject nova? don't want to put two in the queue
<coreycb> jamespage, hmm, not sure
 * coreycb checks
<jamespage> coreycb, https://launchpad.net/ubuntu/trusty/+queue?queue_state=1&queue_text=
<jamespage> no
<coreycb> jamespage, ok
<arges> jamespage: i can reject the older one if necessary
<jamespage> arges, please
<jamespage> arges, just a tweak to the changelog
<arges> jamespage: i'll look at those soon
<jamespage> arges, thanks!
<zagaza> hi, what's a healthy memory usage percentage for a ubuntu vps?
<kklimonda> that's too general of a question - it all depends on what you are planning on running
<zagaza> just 4-5 wordpress sites
<kklimonda> again, it depends on the workload - misconfigured wordpress is known to use excessive resources
<kklimonda> I'd probably start with the 512MB VPS and see if it's enough
<kklimonda> if not, you can always upgrade
<zagaza> I use a 512mb one, it uses up 40-50% mem
<kklimonda> well, memory is there to be used :)
<zagaza> I guess my question is: is there any upper breakpoint where it gets critical?
<zagaza> generally
<kklimonda> well, at some point your sites are going to take too long to respond to queries, then it's critical :)
<kklimonda> you can monitor system load
<kklimonda> in general, once your server starts swapping (if you have swap enabled) it's a good sign you should start thinking about upgrading ram
<zagaza> I'm a hardcase newbie on vps'es and servers, so I don't even know what swapping is :) but gonna read upon it
<kklimonda> yeah, it's a good idea to read about that stuff if you want to manage a server.
<kklimonda> also, if you just need a place to host a couple of wordpress sites, maybe you should take a look at some hosted solutions
<zagaza> well I know some basics, I managed to set up a wordpress site on it, mysql, phpmyadmin, nginx etc.. so Im not completely out of it :) just need to get a broader grip of it
<kklimonda> mhm
<zagaza> I ad a hosted solution for wp, but it was more expensive than this digitalocean vps I grapped so I thought it was pretty much pointless
<zagaza> although this is way more work
<zagaza> had*
<kklimonda> yeah, that's why a hosted solution is more expensive - when you have to managed stuff yourself, it takes time - especially when you are still learning.
<zagaza> yep yep, nonetheless its healthy to learn this stuff if one is into webdev, that's mainly why I picked up a vps
<zagaza> but I like to learn by doing, that's why I know some more difficult stuff, but I might have missed out on some of the basics lol
<arges> jamespage: ok nova rejected, upload the new one when ready ( also you can upload multiple versions and I can reject them after the fact too)
<jamespage> arges, will do
<kklimonda> zagaza: well, yeah - knowing more about the stack you are running is always beneficial.
<jamespage> arges, new version uploaded
<jamespage> I think that covers neutron, nova and cinder revisions
<arges> jamespage: ok i'll go through those now
<jamespage> ta
<funcoland1> does anyone know how i can do a dist-upgrade on 14.04 to 14.04.1 without the internet?
<cfhowlett> funcoland1,   http://jeffhoogland.blogspot.com/2010/06/howto-installing-ubuntu-packages.html          or  techspalace.blogspot.com/2009/04/offline-update-ubuntu.html
<arges> jamespage: fyi, for nova it would be good to have a line in the changelog saying "dropped Fixed-rbd-backend-* patch", but probably not a big deal now
<funcoland1> thanks cfhowlett
<cfhowlett> funcoland1, happy2help
<funcoland1> is it as easy as just grabbing all of the new packages and just running an apt-get update then?
<funcoland1> the thing is, i've grabbed packages off of a 14.04.1 disc and then tried to run an update... what ends up happening is the number when i first log in at the top does not change to 14.04.1
<funcoland1> it still says "Ubuntu 14.04 LTS"
<cfhowlett> funcoland1, I used it years ago --- it worked.  Don't remember details
<funcoland1> alright
<cfhowlett> funcoland1, that won't work.  the alternate install (no longer made) allowed one to use the Ubuntu CD as a software source as you desribe.  not any more
<funcoland1> ahhhh, is that written up anywhere on the ubuntu site? I'd like to read more into that
<cfhowlett> funcoland1, as I said, the alternate CD method no longer works, no longer available
<funcoland1> alright, thanks sir
<arges> jamespage: ok got them all in proposed. I see heat listed as a task, but I don't see an upload for that btw
<linuxgeek_> on a 14.04 server, i want to configure vlan on em1 device.
<linuxgeek_> i have installed the vlan package
<linuxgeek_> http://paste.ubuntu.com/8037328/ is the interfaces file
<linuxgeek_> the issue is the kvm host [14.04] server does not get a dhcp ip
<linuxgeek_> if i remove the vlan config in the interfaces file and use just em1, it gets the dhcp ip
<tgm4883> I have a 12.04 server with LDAP, MySQL and Jasig CAS installed and I'm running into an intermittant issue where CAS will stop working and throwing errors indicating that it cannot reach mysql anymore. Attempting to connect to Mysql or ldap during this time also fails until mysql or ldap is restarted. Looking at netstat, It doesn't appear that I'm hitting any
<tgm4883> connection limits, and during this time load on the machine is pretty low. Any ideas where to keep looking?
<sarnold> "fails" why? connection reset? timeout? ..
<tgm4883> timeout
<tgm4883> Yesterday this happened 3 times, it hasn't happened today though
<sarnold> how long is the timeout? is it reasonable?
<tgm4883> it seems to timeout after 10 or so seconds. I'm a bit limited in the troubleshooting I can do on this since it's a production server and needs to be back up :/
<RoyK> how does update-initramfs -u know which files to put in the initrd.img-something file?
<michele> hi there. I run do-release-upgrade on an ubuntu server. The upgrade failed with grub, with the following error: http://pastebin.com/NeShL1sw - I did not reboot, so I am still inside the machine. How do I solve?
<rberg> huh /boot is a LV? you probably want to install grub to the underlying device
<TJ-> michele: The issue is that GRUB2 has problems with fake-raid controllers, and in your case it looks like an SIL fake-raid controller disk's partition #1 has the /boot/ file-system on it. Depending on how the SIL controller presents the underlying device to the system via BIOS calls, GRUB may be able to access partition #1 on the inderlying device. It depends on whether the SIL controller puts its RAID meta-data at the beginning of the drive, or not
<TJ-> michele: "grub-install --disk-module=biosdisk ..." *may* be a workaround
<TJ-> michele: Otherwise, if the underlying device doesn't have RAID meta-data at the beginning (meaning that the underlying device and the Device Mapper device have identical sector 0's, you may be able to do "grub-install /dev/sdX" where X is the underlying device letter
<michele> TJ-: thanks for the detailed answer. I will try with module=biosdisk, but what should I put after?
<michele> root@zulu:/boot/grub# grub-install --disk-module=biosdisk
<michele> grub-install: --disk-module: (PROGRAM ERROR) Option should have been recognized!?
<michele> Try 'grub-install --help' or 'grub-install --usage' for more information.
<TJ-> michele: the device to install grub to, so with no other changes it'd be "grub-install --disk-module=bios /dev/mapper/sil_bhbiaicbfaah1" but I doubt the BIOS option will work
<TJ-> michele: oops, typo! "grub-install --disk-module=biosdisk /dev/mapper/sil_bhbiaicbfaah1"
<michele> same as above
<michele> root@zulu:~# grub-install --disk-module=biosdisk /dev/mapper/sil_bhbiaicbfaah1
<michele> grub-install: --disk-module: (PROGRAM ERROR) Option should have been recognized!?
<TJ-> michele: OK, so that option isn't viable. Move on to the 2nd suggestion.
<michele> root@zulu:~# grub-install /dev/sda
<michele> Installing for i386-pc platform.
<michele> grub-install: error: cannot find a GRUB drive for /dev/mapper/sil_bhbiaicbfaah1.  Check your device.map.
<TJ-> michele: You'll need to identify if the kernel can see the raw device underlying /dev/mapper/sil_bhbiaicbfaah
<TJ-> michele: Then you'll need to compare sector 0 on each to discover if they are identical.
<TJ-> michele: If so, you can "grub-install <underlying-device>"
<RoyK> how does update-initramfs -u know which files to put in the initrd.img-something file?
<RoyK> linuxgeek_: I guess the dhcp server isn't on that VLAN...
<TJ-> RoyK: it calls hook scripts installed by packages that require an initrd.img presence
<RoyK> TJ-: where can I read more about that?
<StolenToast> whenever i log into my ubuntu server now and it asks me to log in I want to type in groot
#ubuntu-server 2014-08-14
<phunyguy> hey in mdadm, what does "2 near-copies" mean on a RAID10 array?
<Patrickdk> it's the type of raid1
<Patrickdk> basically means, normal raid1 where each disk is identical
<Patrickdk> where far, would be kindof useful for high seeks
<kernel13> is there a way to generate preseed file from existing server..just like kickstart file in centos. i need for cobbler.thanks
<linuxgeek_> RoyK, looks like there was a physical connectivity issue. we plan to wire the ports and check.
<abhishek__> I want to install ubuntu-server in blade that will go for production.Please give me tips for partition
<abhishek__> I am planning to give /boot swap and / partitions only
<sebastianlutter> I need to install nginx, but I need to avoid that it tries to start on port 80 / 443 while it installes (ports are already used). Is there a way to tell apt-get that it should NOT start the service after installation?
<dasjoe> sebastianlutter: imho the cleanest way would be to manually configure nginx to use a different port before installing it, by having /etc/nginx/sites-available/default exist before starting the install
<sebastianlutter> dasjoe, very nice, thanks
<irgendwer4711>  hello, anyone using Ubuntu 10.04 LTS with openssl/postfix, having this error in log: "ccs received early"? seems to be related with CVE-2014-0224
<uvirtbot> irgendwer4711: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. (http://cve.mitre.org/cgi-bin
<irgendwer4711> TLS encrytion could be worthless!
<cfhowlett> irgendwer4711, might ##linux know more?
<irgendwer4711> this is an ubuntu problem
<cfhowlett> irgendwer4711, it's a LINUX problem.
<irgendwer4711> old debian squeeze hasnt this problem, this use 0.9.8o
<irgendwer4711> openssl
<cfhowlett> !openssl
<cfhowlett> !ssl
<irgendwer4711> what are you doing
<irgendwer4711> maybe youre right, should write it to #linux
<cfhowlett> irgendwer4711, this helps???  http://askubuntu.com/questions/478042/how-to-patch-the-vulnerability-cve-2014-0224-in-openssl
<uvirtbot> cfhowlett: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. (http://cve.mitre.org/cgi-bin/cve
<irgendwer4711> ubuntu fixed that, but wrong
<irgendwer4711> cfhowlett: https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.18
<irgendwer4711> there they tried to fix this
<cfhowlett> irgendwer4711, I don't have enough knowledge to advise in meaningful fashion.  sorry.
<irgendwer4711> mdeslaur: maybe we asked him :-)
<rbasak> jamespage: ping
<rbasak> irgendwer4711: are you sure your log message is a real problem?
<irgendwer4711> yes
<rbasak> Why?
<irgendwer4711> rbasak: TLS got  useless
<rbasak> So you're saying that TLS doesn't work at all?
<irgendwer4711> rbasak: in this case, I think so. postfix is sending this mail without TLS
<irgendwer4711> rbasak: maybe NSA wrote this crappy bugfix ;-)
<rbasak> irgendwer4711: can you confirm that downgrading to the package version prior to the security update makes TLS work again? In that case you may have a security regression.
<rbasak> If so, then please file a bug detailing steps to reproduce, and the security team will take a look at it.
<irgendwer4711> rbasak: noone of them online now?
<rbasak> My only reservation is that it may be that the TLS configuration you have is incompatible with current best-practice (because I haven't seen it).
<rbasak> Sometimes the security team have to make hard choices when issuing security updates.
<irgendwer4711> rbasak: my config worked well until openssl-0.9.8k-update
<rbasak> So I think it's best to first detail steps to reproduce, and then the security team can take a look.
<irgendwer4711> wrote a mail :-D
<rbasak> You can find the security team in #ubuntu-hardened, but really I think they'll want steps to reproduce to be able to look into it.
<irgendwer4711> they just need a ubuntu 10.4.4 tls with running postfix
<rbasak> Also, they have a process for triaging bugs to make sure these things don't get missed. Emails and IRC messages don't end up in a queue to look at.
<rbasak> Please provide steps to reproduce. Really. See http://www.chiark.greenend.org.uk/~sgtatham/bugs.html for reasons why.
<irgendwer4711> first I try at #ubuntu-bugs
<rbasak> #ubuntu-bugs is for triaging bugs, not for reporting them. See the channel topic there.
<irgendwer4711> hm no #ubuntu-hardend
<pmatulis> morning
<bentech4you> hi, anyone please help me to get it work. i am always getting invalid user
<bentech4you> i have followd http://www.linuxintro.org/wiki/Guacamole
<bentech4you> any help please
<ikonia> bentech4you: that sounds like you need to talk to the guacamole people as the auth looks like it's internal tot he app
<ikonia> which is the war file you deployed in tomcat
<ikonia> bentech4you: I assume you read the part that says "it is not possible to login yet" and you have to go down approx 10 steps to configure the users
<bentech4you> guacamole.war file.
<bentech4you> i renamed to that . i am getting login page from this. but user is not able to login to that
<bentech4you> yea , i have created all config files too https://sourceforge.net/p/guacamole/discussion/1110834/thread/83f6d29c/
<ikonia> bentech4you: that's not what I said
<bentech4you> yea i configured user also
<bentech4you> i have pasted my user conf file on that link
<ikonia> so then it's an application problem
<ikonia> an application that's not part of ubuntu
<ikonia> so take it to the guys who support it
<ikonia> more so as you've changed the names of the war files and made changes to the process in that document
<lordievader> Good afternoon.
<fridaynext> I've got my Hackintosh plugged into an APC UPS.  Is there a way to share that signal with my Ubuntu 14.04 box running NUT?
<RoyK> fridaynext: should be quite possible, but then, NUT isn't my strongest side :P
<fridaynext> RoyK: I just found a tutorial online that should help me figure it out.
<fridaynext> RoyK: thanks though.
<Fishscene> Are there any known issues with isc-dhcp-server on Ubuntu Server 14.04 and Virtualbox
<Fishscene> errâ¦ narrowing that down a bitâ¦ The other day, I tried setting up an LTSP server standalone and configured virtualbox with an Internal network. But for the life of me, I could not get it to hand out DHCP addresses.
<jhobbs_> use wireshark or tcpdump to debug how far traffic is making it
<jhobbs> watch for dhcp requests on your server, if you don't see them there, figure out why it's not seeing them
<jhobbs> if you do, figure out why it's not responding
<Fishscene> hmm.. I hadn't thought of that. I'll try that out if my VM rebuild yields the same issue.
<streulma> hello, in my VPS template, the /var/cache directory is deleted. How can I restore this?
<sarnold> Fishscene: check dmesg for apparmor DEN lines, dhcp is .. funny
<sarnold> streulma: on my system /var/cache is root:root 755
<streulma> sarnold: the WHOLE directory is away
<sarnold> streulma: I hoped whatever needed it would re-create their own dirs within when needed..
<streulma> no sarnold :( apt-get update fails and dpkg also
<sarnold> streulma: if not, here's the rest of the dirs in mine: http://paste.ubuntu.com/8047132/
<streulma> sarnold, only apt directory is for the moment important
<sarnold> streulma: if it needs more still: http://paste.ubuntu.com/8047158/
<streulma> sarnold and debconf because dpkg is also broken :)
<streulma> I don't know why they remove cache dir in Debian and Ubuntu template
<streulma> CentOS has the fault that yum is broken, more, python is broken...
<streulma> I repaired, and after a while it was the same, again broken
<sarnold> streulma: /var/cache/debconf/ http://paste.ubuntu.com/8047175/
<mdeslaur> QEMU security update call for testing: https://lists.ubuntu.com/archives/ubuntu-server/2014-August/006955.html
<sarkis> how can i see what version of the kernel will be installed with apt-get? i tried apt-cache policy linux-general
<RoyK> sarkis: it'll normally just upgrade the current kernel to a newer subversion (unless something has changed recently)
<rberg> 'aptitude show linux-image' will show what versions are available
<rberg> or sometimes I use 'apt-get upgrade -d' just to see whats being downloaded
 * keithzg totally forgot about the /var/www/ -> /var/www/html/ switch in Debian, was super confused when a bunch of internal websites ceased working after upgrading from 12.04 -> 14.04 today, haha
<Lord255> hi all, i have insalled firefox to my server, i have a win client, i use putty to connect. xming installed on my pc and x11 fwd is enabled in putty. when i try to run firefox it goes to defunct. do you have any advices whats wrong or something?
<sarkis> hmmm how can i upgrade the version of the kernel?
<sarkis> somehow one of my machines has 3.5.x and others are on 3.2.x
<Lord255> apt-get dist-upgrade
<sarkis> maybe this is an issue with --dry-run
<sarkis> but i do apt-get dist-upgrade --dry-run
<sarkis> i don't see it trying to grab 3.5x
<dasjoe> sarkis: your machines are on different kernels because one of them is using a different HWE stack, see https://wiki.ubuntu.com/Kernel/LTSEnablementStack
<sarkis> how the hell
<dasjoe> Lord255: I'd try connecting with http://mobaxterm.mobatek.net/ as I've had more success with MobaXterm than a manual setup
<dasjoe> Lord255: also make sure your /etc/ssh/sshd_config contains "X11Forwarding yes"
<Lord255> fwd in sshd conf is ok. i will try the one which you have sent.
<Lord255> dasjoe: it goes to deunct as well
<keithzg> Lord255: Have you tried anything lighter than Firefox?
<sarkis> dasjoe: thanks, that was it, not sure how the hell it happened though
<sarkis> dasjoe: i mean both are still reporting it as 12.04.4 yet that 1 box does have -quantal
<Lord255> however it opened the window now
<Lord255> if that prog works why xming doesnt?:o
<Lord255> and idk why a defunct irefox appears
<keithzg> X11 on Windows == a nightmare hell ride ;)
<Lord255> lol :D
<Icabash> Hello, I'm having trouble installing Ubuntu Server x86 on one of my machines - The install hangs and does not continue when it reaches "load debconf preconfiguration file". Any advice on how to get this working?
<Icabash> I've got the install screen up right now, so I'm happy to give any information required to solve this problem :)
<Icabash> Ah, I just tried the installation again. Now it's stopping with the message: "Your installation CD-ROM couldn't be mounted. This probably means that the CD-ROM was not in the drive. If so you can insert it and try again.
<Matt3o12> Hello.
<Matt3o12> Is it save to remove the root password (`passwd -d root`) on my Ubuntu server? When I installed the server, I was given a root password but I wonder whether it is necessary to use root since I still can use sudo.
<sarnold> Matt3o12: should be be safe; my /etc/shadow has root:!:..
<sarnold> Matt3o12: and if things ever go really wrong you can always boot into init=/bin/sh and fix whatever needs fixing
<Matt3o12> And what about user mod -s /usr/sbin/nologin ?
<sarnold> hrm, I wouldn't, I'd worry about a program running as root deciding what shell to use with getpwent or similar
<Matt3o12> And is it save to allow ssh connections without a valid public (and just with a password)? I'm worry about losing all data on my computer...
#ubuntu-server 2014-08-15
<sarnold> I don't allow password access to my sshd
<sarnold> keys only
<Matt3o12> Why?
<sarnold> there's just too many brute-forcers on the internet
<Matt3o12> And.. what about the key or a password + a pam module (2 step authentication using google's authenticator)?
<sarnold> Matt3o12: I'm paranoid but also lazy :)
<Matt3o12> So am I (that why I use 20 letter password, generated and almost unique)...But what do you think about a password + google authenticator. I may need to log into the server in school...
<sarnold> Matt3o12: some friends do use e.g. pam_duo, though. if it makes sense to you, go for it
<sarnold> Matt3o12: ah, using a machine you don't control? that's always iffy..
<Matt3o12> Yeah, I know, that's why I have 2 user accounts (one with limited access)... But I just hate to work with windows and I sometimes need to use unix...
<Matt3o12> Anyway. what is your opinion about 2FA instead of a key.. I might lose it any booting the server with init=/bin/sh is really what I want to do least...
<sarnold> if I had to use passwords I'd definitely use 2fa
<Matt3o12> Ok...
<Matt3o12> How can I su into root once I removed the password.
<sarnold> sudo -s
<Matt3o12> One last thing: what's the difference between sudo -i and sudo -s ?
<sarnold> Matt3o12: sudo -i tries to act like you just logged in via getty or sshd; sudo -s just starts a shell with the right user privileges. e.g. -s doesn't change directories or goof around with environment variables..
<Matt3o12> Ok. Thank you very much for your help :)
<zartoosh__> Hi which package install this directory: /boot/grub/x86_64-efi/    Thanks
<TJ-> zartoosh__: "apt-file search <file-name>" ... but I happen to know it's created by grub-install and gets copies of the GRUB modules from the package "grub-efi-amd64-bin" (/usr/lib/grub/x86_64-efi/)
<Icabash> I haven't made any progress so far - x86 Ubuntu 14.04 install is stopping at "load debconf preconfigruation file" (I can still access the terminal with ctrl+alt+f2, though)
<Icabash> Wondering if I should try CentOS or Debian
<kernel13> is there a way to generate preseed file from existing server
<Icabash> Figured out the problem - I was too impatient and didn't give the install enough time to proceed. (Although waiting for 2 hours seems a bit much for one step of the install)
<poobutt> at ssh login 14.04 says 7 Packages can be updated 7 Packages are security updates. But update/upgrade does nto install or find anyhting. reboot still shows this msg
<rbasak> poobutt: try "sudo apt-get dist-upgrade".
<poobutt> rbasak: thanks this shows a headers upgrade i am actualy currently already on 14.04.1 LTS should i still go ahead with the dist-upgrade?
<rbasak> poobutt: pastebin the output please?
<poobutt> paste.ubuntu.com/8052540
<rbasak> poobutt: that's just a kernel update. You probably want to take that. It has been issued for 14.04 users. "dist-upgrade" is needed to get kernel updates, since they use a metapackage that depends on a new kernel package.
<rbasak> poobutt: you'll need to reboot afterwards to boot the new kernel. Note that there is a (small) regression risk so you should be prepared to handle that.
<poobutt> ok thanks, going for it now
<poobutt> rbasak: thanks worked and no more available update msg at log in, and on another note after pasting in paste.ubuntu.com hitting the back button in browser alows you to edit / add to paste never knew that b4
<poobutt> scratch that paste note.ubuntu.com comment it only does that in local browser it seems
<poobutt> thats nice...
<technocf> Where can I find a good tutorial for setting up an Ubuntu mail server with virtual mailboxes.  I've found some tutorials but they only go into setting up postfix, not all the other bits.
<technocf> Found one
<obi12341> technocf, https://www.exratione.com/2012/05/a-mailserver-on-ubuntu-1204-postfix-dovecot-mysql/
<technocf> obi12341: Thanks, that's better than the one I found
<obi12341> ;)
<obi12341> we used this tutorial for a really big customer, so this tutorial is proofen
<obi12341> *proofed
<technocf> Great! Setting up my new company... we need emails. :P
<obi12341> :P
<technocf> Soon I should have ceo@deviotion.com
<technocf> What do I do if the server is more than just mail?
<technocf> It says make the hostname  "mail."
<obi12341> then just use the "normal" hostname without mail
<technocf> ok, I just wasn't sure
<technocf> I followed the instructions word for word and https://mail.deviotion.com/postfixadmin/setup.php doesn't exist...
<technocf> Fixed it
<samba35> i am trying to install wireless card (netgear wg311v3) with ndiswrapper after driver is installed when i run iwconfig its not able to detect card ,can you please tell me what could be wrong i am doing
<samba35> i am trying this card with server and desktop with no luck
<JoeyJoeJo> I've got a new software raid 5 made out of 3 3TB drives, but it's showing up as 4TB. Shouldn't it be 5.4TB?
<Kunzem1984> Hi is there a easy way of checking which hdd in my raid 1 setup has block errors? I get "status: { DRDY ERR }" with lots of other errors in syslog . googled them and it seems hdd failure.
<rbasak> coreycb, jamespage, gnuoy, beisner, rharper, lutostag, smoser, hallyn: it's the scheduled time for another merge sprint now.
<rbasak> Who is here and will attend, please?
<lutostag> lutostag: cant for first hour, will join after that
<lutostag> lol, rbasak ^^
<rbasak> OK no problem, thanks.
<coreycb> o/
<beisner> rbasak, elbow deep in a bug and an RT, need to wrap those up, will be joining biab
<rbasak> OK beisner
<rbasak> Hi coreycb!
<coreycb> rbasak, hi!
 * rbasak waits to see who else is here
<coreycb> rbasak, is there any priority in which packages require merge?
<rbasak> Let me take a look at the list as it stands today.
<hallyn> pad url?
<rbasak> coreycb: without looking at changelogs or if anybody else has taken it, so not considering complexity...
<hallyn> (I'm merging qemu right now, but will look at anything blocked)
<rbasak> hallyn: http://pad.ubuntu.com/server-team-merges
<hallyn> thx
<rbasak> I'd say amavisd-new, maybe dovecot, exim4 (again! but may be OK after feature freeze), logwatch (possibly complex)...
<rbasak> mod-wsgi may want a sync - version looks significant.
<rbasak> nginx is in progress (me) but is important.
<rbasak> Maybe openldap, but looks maybe complex
<rbasak> That's everything that stands out to me right now.
<rbasak> Everything would be good, but I'd say those are the headline ones we probably want to do for server users.
<rbasak> openldap less so - few will probably run an LDAP server in production on Utopic.
<coreycb> rbasak, cool thanks.  have an tips on determining priority in the future or does priority == most commonly used packages?
<rbasak> coreycb: very much a subjective judgement call. I'm going by my impression of how people use the server distribution, and what they will miss the most.
<hallyn> btw, merge of slof, build failed.  probably a bug in the cross-compiler.
<coreycb> rbasak, ok
<rbasak> So big version bump, or a small bump that indicates bugfixes that might be valuable.
<rbasak> Or a package where I know that having the latest is important to the user demographic (eg. nginx)
<coreycb> rbasak, thanks
<j^> whats the new way of creating a new vm for libvirt/kvm (vmbuilder kvm ubuntu --suite=trusty fails and lp lists some bugs that its deprecated, but could not find what replaces it)
<rbasak> j^: https://help.ubuntu.com/14.04/serverguide/cloud-images-and-uvtool.html
<j^> uvtool depends on avahi-daemon?
<rbasak> No, but it did use avahi-daemon in the guest in the past. What makes you think that?
<j^> apt-get install uvtool wants to install avahi-daemon on my server
<rbasak> Which release?
<j^> 14.04
<Pici> You may need to use --no-install-recommends
<j^> I upgraded that system from 12.04, was the default changed for install recommends?
<rbasak> j^: ah, that's because uvtool-libvirt recommends libnss-mdns
<rbasak> I should probably drop that recommendation, but you aren't required to follow it.
<rbasak> I used to use libnss-mdns for IP address detection in the guest.
<rbasak> With avahi-daemon on the guest to publish it.
<rbasak> I gave up on that though. It wasn't reliable enough. Instead I now parse the libvirt-specific dnsmasq's leases file.
<rbasak> Which is a hack, but it works reliably and by default at least.
 * rbasak has filed bug 1357400
<uvirtbot> Launchpad bug 1357400 in uvtool "uvtool-libvirt unnecessarily recommends libnss-mdns" [Medium,Triaged] https://launchpad.net/bugs/1357400
<j^> https://help.ubuntu.com/14.04/serverguide/cloud-images-and-uvtool.html could mention where disk images are located. is there some way to specify this?
<j^> whats the second disk image name-ds.qcow used for? it shows up as unformated emtpy disk
<j^> uvt-simplestreams-libvirt purge looks dangerous, it also removes disks of running vms
<rbasak> j^: see the manpage.
<rbasak> The second disk image is for the cloud-init data source
<rbasak> It passes in cloud-init userdata and metadata.
<rbasak> uvt-simplestreams-libvirt purge *is* dangerous, and it says so in the manpage.
<rbasak> --source can override the disk image source, but the source must publish metadata in the simplestreams format.
<rbasak> There are mirroring tools in the simplestreams packaging.
<j^> saw that, if its removed does not matter, otherwise destroying running vms before deleting the images might be better though.
<rbasak> I added to handle breakages during development.
<rbasak> It shouldn't ever be needed in production use. Destroying the VM removes running VMs before deleting the images.
<j^> im just pushing all buttons to see what happens :)
<rbasak> :)
<j^> adding an --autostart option to create would be usefull but can also call virsh autostart $name after creating a new vm
<rbasak> IIRC, it enables autostart by default.
<rbasak> Oh, perhaps not.
<rbasak> j^: filed bug 1357420. Thanks!
<uvirtbot> Launchpad bug 1357420 in uvtool "VMs do not autostart" [Wishlist,Triaged] https://launchpad.net/bugs/1357420
<Guest35236> hey guys
<Guest35236> im having an issue where a new build server (12.04) with nginx and openssl is reporting as vulnerable to heartbleed under nessus and nmap, but slightly less updated servers are not
<Guest35236> does anyone know of any issues with the newest update?
<rbasak> Guest35236: can you confirm your package versions of the relevant nginx and openssl packages?
<rbasak> The most common case asked here seems to be when packages aren't fully up to date.
<Guest35236> root@dev-upload01:/etc/nagios# nginx -v
<Guest35236> nginx version: nginx/1.1.19
<Guest35236> root@dev-upload01:/etc/nagios# openssl version -a
<Guest35236> OpenSSL 1.0.1 14 Mar 2012
<rbasak> No, the *package* version.
<rbasak> dpkg-query -W nginx
<rbasak> dpkg-query -W nginx-core
<Guest35236> nginx   1.1.19-1ubuntu0.6
<rbasak> dpkg-query -W libssl1.0.0
<rbasak> etc
<Guest35236> libssl1.0.0     1.0.1-4ubuntu5.17
<rbasak> OK it looks like you are indeed up to date. Thank you for confirming.
<rbasak> e version does not exhibit this behaviour?
<rbasak> Do you know what package version does not exhibit this behaviour?
<Guest35236> ok
<Guest35236> hang on, ill have a look
<Guest35236> libssl1.0.0     1.0.1-4ubuntu5.12
<Guest35236> doesnt
<rbasak> Guest35236: that's interesting, thanks.
<rbasak> mdeslaur: ^^
<mdeslaur> Guest35236: how is nessus determining it's vulnerable?
<Guest35236> very good question lol
<Guest35236> ill see if i can get a look at the plugin
<mdeslaur> Guest35236: can you paste me the plugin somewhere?
<Guest35236> the nmap script is more accessible
<rbasak> I'll leave this to mdeslaur - thanks. It seems likely to be a false positive to me but probably worth checking.
<Guest35236> https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
<Guest35236> thats the nmap script
<Guest35236> yeah i think it must be as well
<RoyK> Guest35236: commercial nessus, or old OSS nessus? If it's the latter, why not openvas? It should be a wee bit more updated
<Guest35236> its just strange that other servers arent showing it
<Guest35236> commercial nessus
<RoyK> ok
<Guest35236> i just got a trial licence this morning
<RoyK> Guest35236: try openvas
<Guest35236> ive got that as well
<RoyK> ok
<Guest35236> its not as pretty tbh
<Guest35236> harder to sell to the boss :P
<RoyK> Guest35236: it is? openvas is free :D
<Guest35236> seems to do a better job than qualsys though
<Guest35236> haha true
<Guest35236> but wed probably have to get a support contract somewhere
<mdeslaur> Guest35236: and what response did that script give?%
<RoyK> Guest35236: what for?
<Guest35236> ill get a pastie for you
<Fishscene> Greetings. I'm running Ubuntu server 14.04 x64 and have set up an LTSP environment. I'm looking to update the i386 image, but when I run the commane "sudo ltsp-update-image âarch i386", it doesn't recognize the arch option. Multiple tutorials reference this command, but it appears the option was removed: http://manpages.ubuntu.com/manpages/trusty/man8/ltsp-update-image.8.html  How do I update the i386 LTSP image?
<Guest35236> the problem with openvas is that it uses CPEs to keep you updated on patch versions
<Guest35236> which dont have the ubuntu versions of updates in them
<Guest35236> so it throws up a lot of errors that have been fixed
<Guest35236> qualsys does the same thing i think
<patdk-wk> any idea why the changelog is missing?
<patdk-wk> http://changelogs.ubuntu.com/changelogs//main/o/openssl/openssl_1.0.1-4ubuntu5.17/changelog
<Guest35236> Heres the output:
<Guest35236> http://pastie.org/9476008
<Guest35236> its on here:
<Guest35236> https://launchpad.net/ubuntu/precise/+source/openssl/+changelog
<RoyK> Guest35236: AFAIK openvas/nessus just checks for the version running, so if it says openssl 1.0.0, it decides it's a bad version, but then, most distros don't upgrade core packages to the latest patch level, they just backport the fixes and don't include new stuff
<mdeslaur> Guest35236: I'm not sure how to debug that...have you filed a bug with commercial nessus to see what they say about it?
<Guest35236> not yet
<Guest35236> i thought that would be the case
<Guest35236> but the older version doesnt do this
<Guest35236> and nmap definitely didnt do that
<Guest35236> (the stuff i linked)
<mdeslaur> the only thing I can do when I get a minute is to try to run one of the original heartbleed test script on our package
<RoyK> heartbleed is evil (tm)
<Guest35236> its really very strange
<patdk-wk> atleast my updated server is not vaulnerable
<Guest35236> ah hang on
<Guest35236> it seems to be related to nrpe
<Guest35236> it only fails on port 5666
<patdk-wk> what is nrpe
<Guest35236> nagios client
<Guest35236> ill check the pkg
<Guest35236> ii  nagios-nrpe-server               2.12-5ubuntu1.2                     Nagios Remote Plugin Executor Server
<patdk-wk> does that package depend on libssl?
<patdk-wk> odd, it does
<RoyK> patdk-wk: nrpe uses ssl
<patdk-wk> you have restarted it since heartbleed?
<Guest35236> im not sure how i double check depencies, but it transmits using ssl
<patdk-wk> royk, I know, the question was if it was compiled in or linked
<RoyK> ok
<Guest35236> i actually checked this, hang on
<Guest35236> root@dev-upload01:/etc/nagios# ldd /usr/sbin/nrpe | grep ssl
<Guest35236>         libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fc908570000)
<Guest35236> which is afaik the ubuntu library
<patdk-wk> yes, has it been restarted in the last 4 months or so?
<Guest35236> hmmm
<Guest35236> yes, but possibly not till after the ssl update i suppose
<patdk-wk> well, we want it restarted after the ssl update
<patdk-wk> or else it won't notice the update
<Guest35236> yeah true
<patdk-wk> I would restart it, then retest
<Guest35236> ill double check
<Guest35236> you guys have full permission to slap me
<Guest35236> lol
<Fishscene> NVM! I think I figured it outâ¦ "sudo ltsp-update-image i386"
<rbasak> jamespage: mongodb \o/
<Guest35236> my puppet scripts must not notify nrpe on an openssl update
<Guest35236> hadnt even thought about it
<Guest35236> thanks guys
<Guest35236> seriously stupid
<Fishscene> Don't beat yourself up too badly. I stared at my own answer for a couple of minutes before it dawned on me that "CHROOT" was the same thing as the Architecture in an old command. lol.
<rbasak> Guest35236: check out checkrestart(1). Might be an idea to run a nagios monitor for that.
<Guest35236> good idea
<Guest35236> i always like overengineering nagios checks, seems like a perfect candidate :)
<LucidGuy> Anyone using zfsonlinux?
<hallyn> zul: around?
<zul> hallyn:  not really
<hallyn> jsut a quick q,
<hallyn> ii  libvirt-bin                        1.2.6-0ubuntu5                      amd64        programs for the libvirt library
<hallyn> ii  libvirt0                           1.2.6-0ubuntu5                      amd64        library for interfacing with different virtualization systems
<hallyn> ii  python-libvirt                     1.2.5-0ubuntu1                      amd64        libvirt Python bindings
<hallyn> is python-libvirt spuposed to be at 1.2.6-0ubuntu5?
<Pici> :|
<hallyn> zul: qa-regresion-tests are failing so i can't tell if it's my new qemu or the old python-libvirt :)
<zul> its suppose to be 1.2.6-0ubuntu1
 * hallyn checks publish history
<zul> ill upload it if its not there
<hallyn> yeah it doesn't seem to be in proposed
<zul> hallyn:  ill get to it
<hallyn> zul: ok, thanks. meanwhile i'm going to go ahead and push new qemu.
<zul> hallyn:  ack
<s0m3b0dy> Hello, I wanted to know how to install one package from a different repository without having to upgrade all the dependencies?
<genii> It doesn't work that way.
<s0m3b0dy> would it be possible?
<s0m3b0dy> Well, I actually use debian, but their support channel sucks so here I am
<s0m3b0dy> I need to install this on debian sqeeze: https://packages.debian.org/sid/rhnsd
<Pici> Try their official channels on oftc then.
<s0m3b0dy> Pici: who's channel is that?
<Pici> iirc, they were on #freenode and moved to #oftc, there is just some leftover things here.
<s0m3b0dy> debian?
<Pici> er, I don't know why I put hashes in from of those.
<s0m3b0dy> yeah was gonna say :p
<Pici> It's been a long day.
<s0m3b0dy> I spent all morning figuring out how to install spacewalk on centos, with almost no documentation available for any of the issues I had
<patdk-wk> sometimes the package will work as is
<patdk-wk> sometimes you have to recompile it
<patdk-wk> and other times, you have to actually install all the deps
<darkxploit> hello guys i got ubuntu server 13.04 .. how do i upgrade to latest version?. because each time i made an upgrade it gives me error 404
<sarnold> you're far enough back that downloading a 14.04 LTS image and starting there might be easier
<sarnold> there is an old-releases.ubuntu.com archive that might help you if you want to try upgrading in place without downloading new images
<darkxploit> sarnold, its on a vps i dont want to lose everything
<s0m3b0dy> but to answer your question darkxploit run: dist-upgrade
<darkxploit> s0m3b0dy, thats too same error
<s0m3b0dy> what is the error?
<s0m3b0dy> darkxploit: you have to run apt-get update first though
<darkxploit> s0m3b0dy, sorry i mean there is no thing available on dist-upgrade
<darkxploit> apt-get update and apt-get upgrade gives me error 404
<s0m3b0dy> what error?
<s0m3b0dy> paste the whole error here
<s0m3b0dy> darkxploit: ?
<darkxploit> s0m3b0dy, This is for the apt-get update http://pastebin.com/m5s4zb9Q
<s0m3b0dy> darkxploit: try to run a traceroute to this IP: 91.189.92.200
<s0m3b0dy> what happens if you run "apt-get dist-upgrade
<darkxploit> s0m3b0dy, here is the traceroute result http://pastebin.com/KzJV3yve
<s0m3b0dy> darkxploit: sudo /etc/init.d/nscd restart
<s0m3b0dy> that will flush the DNS cache
<s0m3b0dy> then try doing an apt-get update again
<darkxploit> s0m3b0dy, i dont have nscd
<darkxploit> s0m3b0dy, i dont have nscd
<s0m3b0dy> darkxploit: sorry was afk
<s0m3b0dy> darkxploit: can you restart the whole server? the DNS cache is stuck and Im not sure why it can't find the IP
<darkxploit> s0m3b0dy, i have restarted it as well.. then start network service
<darkxploit> same error
<s0m3b0dy> hm
<s0m3b0dy> did you try "apt-get dist-upgrade" instead of just "dist-upgrade" ?
<darkxploit> s0m3b0dy, are you sure its the cache or that version dont have any more update.
<s0m3b0dy> oh crap, that's what it is x.x
<s0m3b0dy> I didn't check the repos before, sorry
<darkxploit> s0m3b0dy, this is the repos http://pastebin.com/ahAmgK9F
<darkxploit> s0m3b0dy,  cat /etc/issue
<darkxploit> Ubuntu 13.04 \n \l
<s0m3b0dy> darkxploit: and which ubuntu version are you running?
<s0m3b0dy> no idea what to say then darkxploit :/
<s0m3b0dy> do you need all the repos there?
<s0m3b0dy> delete the last one if anything
<s0m3b0dy> and this one
<s0m3b0dy> http://security.ubuntu.com/ubuntu/dists/raring-security/
<darkxploit> i need to make an upgrade to latest version.. because right now i cant install anything for example i can install aptitude
<darkxploit> i cant install aptitude*
<darkxploit> s0m3b0dy, i have comment the last 2 lines in the repo.. same error
<zartoosh__> HI I am using ubuntu 14.04. When I type apt-get upgrade it tries to install newer kernel version. I do not want to get the newer kernel, is there a way I can automate this please? Thanks
<Patrickdk> zartoosh__, heh?
<Patrickdk> apt-get upgrade does NOT install newer kernels
<zartoosh__> Patrickdk, so the something else does it, thanks, now I have to find out what does it.
<Patrickdk> dist-upgrade :)
<Patrickdk> upgrade just *warns* you that it can't install them, cause you didn't use dist-upgrade
<sarnold> apt-get dist-upgrade will upgrade your kernel for you
<Patrickdk> no, he wanted upgrade
<Patrickdk> he doesn't want a kernel
<Patrickdk> he doesn't understand the difference
<sarnold> ah he likes his vulnerabilities :)
<Patrickdk> upgrade *upgrades* existing packages
<Patrickdk> sar, no, upgrade would do that ok :)
<Patrickdk> dist-upgrade, upgrades and upgrades things that require new dependencies (the kernel being one of those)
<Patrickdk> like say you install mysql-server, and it installs mysql-server-5.1
<Patrickdk> then later mysql-server is upgraded to mysql-server-5.5
<Patrickdk> upgrade would never install that new mysql version
<Patrickdk> dist-upgrade would
<sarnold> .. only if some set of package dependencies asked for the new 5.5 or 5.6..
<Patrickdk> ya, the generic top level package *mysql-server* would ask for mysql-server-5.5 :)
<Patrickdk> ya, that is exactly how it works in ubuntu (had to check, I haven't used mysql in ubuntu for a long time)
<Patrickdk> same with kernel
<Patrickdk> linux-generic depends on the actual linux kernel version
<Patrickdk> so it's always a new dependency on upgrades
<Patrickdk> less common, is a package having a new dependency, like adding in liblz4 or something
<zartoosh__> apt-get -q --force-yes -y upgrade   I guess this command was upgrading my kernel.
<sarnold> zartoosh__: seems unlikely to me
<Patrickdk> it defently wouldn't
<zartoosh__> sarnold, then I am lost what make my kernel upgrades ...
<Patrickdk> how do you know it's upgrading?
<zartoosh__> My kernel has changed from 3.12-24 to 3.12.32
<sarnold> zartoosh__: do you perhaps have unattended-upgrades installed?
<Patrickdk> I didn't even think unattended upgrades does reboots too
<zartoosh__> sarnold, I hope not, this is a server so no gui stuff running
<Patrickdk> what does that have to do with gui?
<sarnold> Patrickdk: it shouldn't, but it could be a surprising reason why a kernel update might be installde
<zartoosh__> the destop enviroment adds more applications which I am not aware of all ... that what I meant
<Patrickdk> zartoosh__, what does unattended-upgrades have to do with gui
<Patrickdk> is it installed or not? :)
<Patrickdk> unattended-upgrades - automatic installation of security upgrades (nothing to do with gui)
<Patrickdk> it is *automatically* installed if you install a gui
<zartoosh__> Patrickdk, a newer kernel is installed, never mind the gui, I provided the wrong info, I am using server
<Patrickdk> heh? you still haven't answered the question
<Patrickdk> is unattended-upgrades installed or not
<sarnold> zartoosh__: dpkg -l unattended-upgrades   :)
<zartoosh__> let me check sorry I did not understood that one sec
<zartoosh__> no it is not
<Patrickdk> most everything in /etc/apt/apt.conf.d/50unattended-upgrades commented out?
<Patrickdk> except like 2 lines at the top?
<zartoosh__> let me check
<sarnold> zartoosh__: check out /var/log/dpkg.log -- it can tell you when the new packages were installed, you miht be able to use that to figure out who might have installed it..
<Patrickdk> just wanted to double check, it wasn't turned on manually, isntead of via the package :)
<sarnold> :)
<zartoosh__> Patrickdk,  there is no /etc/apt/apt.conf.d/50xxx in my system.
<Patrickdk> heh
<Patrickdk> odd
<zartoosh__> setting GRUB_DEFAULT does not help to boot to older kernel either ..
#ubuntu-server 2014-08-16
<darkxploit> hello guys i got ubuntu server 13.04 .. how do i upgrade to latest version?. because each time i made an upgrade it gives me error 404
<chriys> hey guys I know this might not be the best channel to ask this question, but I hope some of you can give good hints. I want to setup a streaming solution to stream our live events. I tried Kaltura and Red5 and for some reason I never been able to make them work together. Do you have any suggestion for this sake?
<ahmadgbg> Hi, is it possible to change an existing user's home dir to and existing dir?
<andol> ahmadgbg: Yes, but you might need to set permissions, etc manually.
<ahmadgbg> andol: ok how?
<andol> ahmadgbg: usermod --home
<ahmadgbg> andol, thanks
<andol> ahmadgbg: There is also the --move-home option, but you might want to try that one out with a test account first.
<andol> !ops
<ubottu> Help! Channel emergency! infinity, soren, lamont, mathiaz, Pici, Daviey, Tm_T, pmatulis, Corey, IdleOne, ikonia, funkyhat, Myrtti, ocean, genii, phunyguy!
<andol> ^^ The user nanaima appear to be spamming people.
<andol> Ok, might not stricitly have been an emergency. Any good way to alerts ops in a less drastic way?
<darkxploit> hello guys i got ubuntu server 13.04 .. how do i upgrade to latest version?. because each time i made an upgrade it gives me error 404
<TJ-> darkxploit: 13.04 is EOL so its archives have been moved to http://old-releases.ubuntu.com
<darkxploit> TJ-, dude any idea how to sort that then?
<darkxploit> TJ-, should i modify the repository and launch an update. wont it crash the system if i do this ?
<TJ-> Yes
<TJ-> darkxploit: Edit apt's sources.list
<darkxploit> which repo should i then insert to have the new ubuntu server
<TJ-> darkxploit: I just told you ^^^^
<darkxploit> u mean it would crash the system ?
<TJ-> darkxploit: see https://help.ubuntu.com/community/EOLUpgrades
<darkxploit> TJ-, so according to the links that distro of mine has reached EOL. I can still upgrade to other version. right?
<riz0n> Hello, I have an Ubuntu Server that I admin from the shell using SSH. I am new to writing shell scripts. I would like to write a "shortcut" script that, when I type lg from the shell, it would logout. can someone lead me in the right direction to setting this up?
<riz0n> btw nanaima is spamming people in this channel.
<sarnold> riz0n: alias lg=logout
<riz0n> sarnold Thank you. :) Should I sudo it or just run as-is?
<sarnold> riz0n: just run as-is
<sarnold> riz0n: if you want it to stick around, you can add it to your ~/.bash_aliases file -- at least I think that is automatically loaded by ~/.bashrc if it exists
<riz0n> Yeah I want it to always exist. When I get done with a ssh session I want to "lg" and get out
<riz0n> but would like the shortcut to be systemw-de
<sarnold> riz0n: I don't really want to take away some fun..
<sarnold> riz0n: but have you seen that ^D will log you out?
<sarnold> it's even easier than 'lg' since that requires hitting enter, too :)
<sarnold> but just hitting ^D will kill your shell and log out
<riz0n> I am also curious about one more thing. When I do a sudo adduser, I want to be able to have it automatically set the shell (/bin/false) and also want it to create some default IMAP folders. For example, Archive, Drafts, Junk, Notes, and Sent. In addition place a "Welcome" email in the inbox. I understand I can set the default shell through -s in adduser, so that part I'm not too worried
<riz0n> about, but is there an easy way to have it intialize the data in the Maildir (Such as a default folder template that would get copied when a new user is created) ..... Also i want to ensure the integrity and security of my server is the strongest possible. The designated users that have /bin/false shells, I don't want being able to go any lower than their own home directory. Is there a
<riz0n> way to change the root to be their home directory (chroot I guess?)
<riz0n> And I will remember the ^D thanks for that ... the lg would be handy on my iPhone as I have an SSH terminal emulator installed as a jailbreak app and there's no ^D in there ;)
<sarnold> riz0n: see the /usr/local/sbin/adduser.local program mentioned in the adduser(8) manpage -- you could definitely populate some mail folders using that script, but it'd be some work
<sarnold> ahhhh
<sarnold> riz0n: setting up chroot environments for users to use when they log in via sshd takes some work
<sarnold> riz0n: it would be best to instead modify sshd_config to also forbid them from logging in and only allow sftp for example..
<sarnold> sftp chroot is far easier to configure
<riz0n> I tried to configure sftp and it just didn't like me. Plus I would like to entertain the thought of keeping everything on a secure level to prevent traffic snoopers across the path (trying to keep all plaintext password authentication methods unavailable if possible)
<sarnold> good plan, keys-only is excellent
<riz0n> I will check out the adduser.local though ... I don't mind the work as long as the end result is what I'm after. Eventually I'm going to bring on a couple of extra hands to assist in maintaing this server, so I would like for them to be able to create new accounts and those accoounts be pre-configured
<sarnold> yeah you don't want to go crazy doing that by hand :)
<riz0n> I would like to script the adduser process too, so that my other admins won't set initial passwords. I want a generic starter password (like Starter!123) that the end user can change themselves.
<sarnold> riz0n: hrm, setting passwords, I don't see any administrative interface in adduser for that; useradd has a -p option, though, that might be a better place to start. you'll have to do more work with useradd, but if you're writing scripts already anyway
<riz0n> I have set up HTTPS SSL, and moved my webmail to it, and ditched Squirrelmail for Roundcube, which I really like! And set up the password plugin so that end users can manage their own password. The good thing about Roundcube's password plugin is that you can force password complexity through the plugin without necessarily having it coded in Linux. So Roundcube ensures when a user changes
<riz0n> their password, that it's 10 characters long, contains one upper letter, one lower letter, one number, and one special character. (no lame passwords like "test123" allowed on my system)
 * sarnold tries 321tset
<riz0n> right but what I'm thinking is a script that the admin runs, like "generate" for example, they could type "generate tom" and then it asks for Tom's name, then it would "adduser -s /bin/false %1 -p Welcome!123" then, maybe, cp /usr/var/template/* /home/%1"
<riz0n> Now, I guess you can see that my ADHD is showing. I'm getting ready to build a new server and want to "migrate" the install I currently have from the server that's in use now to a VMware Virtual Machine running on a RAID5 host. Do you know if there is a way to generate a new virtual machine from hard disk for Ubuntu partitions?
<sarnold> adduser would copy from /etc/skel/ for you -- useradd you might need to do some work yourself, hehe
<riz0n> yeah I try to stay away from useradd altogether
<riz0n> so what I could do, for my email for instance, is "adduser template" and then create the IMAP structure, drop the welcome message in the inbox, then cp /home/template/* to /etc/skel
<sarnold> riz0n: qemu-img can probably convert from raw to vmware-sometihng
<riz0n> Thanks for the info sarnold. At some point in time I noticed that VMWare had a create from hard disk option, but I didn't know if that was for Windows only hard disks, or if I could do that with an Ubuntu as well. To keep things simple, we will most likely use Windows Server 2008 as the host operating system on our hypervisor so that the disk maintenance of the RAID array won't be as
<riz0n> bad, plus managing the virtual machine farm remotely won't be so bad either (Use remote desktop for that). Right now my Linux server is DANGEROUSLY running from one hard disk, and I want to migrate it to a more modern machine (been thinking about building a dual 12-core opteron system with 32-gigs ram, and 3x1TB Western Digital VelociRaptors)... the primary goal is to eliminate a domain
<riz0n> controller, the linux server, as well as my "cloud computer" , and combine them into one system to save space in the server closet.
<riz0n> The servers I have now are aging, they are 6 years old. I've replaced motherboards, cpu and ram in the Linux server but simply pulled the disk from old server machine to put in the new one. I've left the domain controller untouched, because I know that pulling the drive and putting it in a new machine won't be as simple. I am hoping the new server will lead us 10 years into the future.
<riz0n> My main goal with virtualizing the whole gig is to accomplish two things. First, the ability to "port" the VM's to a backup machine in the event of machine failure while the machine is repaired, and to seamlessly migrate them to a whole new server in the future if we need more cores, RAM, more disk storage space in a new raid array, etc. for example.
<sarnold> yeah I've never had good luck moving windows hard drives from computer to computer or even just changing the motherboard. unhappy thing.
<riz0n> We have licenses for Windows Server 2008 and VMWare, so that's covered. We also recently obtained a Server 2012 license but holding off on setting that up until I have the new server built so that it can be 100% virtualized.
<riz0n> Well you know M$... they don't make it simple. Now the good news is that they have made Windows 8/8.1 more portable so you can swap disks to a new machine. I haven't tested myself. I assume that since 2012 runs off the same Windows 8 kernel that it would be the same. But I do know from education and training that migrating/porting Windows VM's from one system to another is a breeze.
<riz0n> And I really want to ride the Windows 2008 train til the end of the ride because I like how well it works. And to be totally honest I would ditch Windows 2008 altogether if I could replicate all the Active directory features in Linux.
<sarnold> look into the new stuff in samba4
<sarnold> I wouldn't jump into it without doing a fair pile of testing first
<sarnold> but it sounds like they've got it pretty well nailed down now
<riz0n> That's what we do is test stuff to see how it will work for our environment. We have a lab of "hand me down" equipment for that :) Another thing I failed to mention in my virtual machine farm, is the need to easily back up these servers. Right now I really have no way to back up the servers to an external disk. To back up my domain controller, I have a Windows 2008 server in a VM on my
<riz0n> laptop that I have set up as a SDC that replicates when I boot it, and I try to do a backup once a week. Not what I really want to do. I would much rather, say on a weekly basis, power down the VM's and copy the contents to an external disk that can be stored off-site.
<riz0n> The only true benefits we are getting out of Windows Server is each user gets their home directory, when it gets mapped in the login script, it gets mapped to the root of the drive letter (for example \\server\home\tom gets mapped straight to Z:\) but also each user's home space is NTFS-encrypted. We already have a second machine in place with 4x 2TB disks in a RAID5 that is used as the
<riz0n> file server. \\Fileserver\Home\Tom or \\Fileserver\Media (We don't encrypt the media directory) but if our domain controller were to fail then trying to recover the encrypted homespace is going to be next to impossible if we don't have a good redundant SDC in place. We'd be F'd in the butt on that one.
<riz0n> Our ISP is in the process of running fiber and we are hoping that by end year we will be on 100 megabit fiber. At this time we are looking to utilize a partnership we already have with a firm in Denver to have our SDC and a secondary Linux server hosted off their hypervisor (and we will do the same for them in return on our new hypervisor) and have a VPN tunnel established between the
<riz0n> PDC and SDC for the purpose of replication.
<riz0n> This is a lot of stuff that we have been wanting to do between our Denver site and our site here in Western NC, but our biggest barrier has been waiting for fiber optics to become a reality here. We've had several meetings, discussions, and planning to prepare us for this day.
<sarnold> fun fun :)
<riz0n> I know! I have also been looking at trying to do some kind of Open VPN solution through our DD-WRT routers to link our LAN's together to avoid having to use Windows VPN to build the bridge.
<riz0n> right now as it stands, we have three locations that are linked together here in Western NC. We have tower space on a high ridge and have microwave backhauls linking the two satellite offices into the main LAN where the servers are housed.
<riz0n> we have a building with offices next to the main office where our servers are at, and we have a higher speed backhaul from rooftop to rooftop using N-wireless so we are getting 100 megabit speed over that link now.
<riz0n> so 4 locations total in WNC (3 of the locations are home offices more or less) and we route our IP phones and data traffic over the wireless backhauls. It works very well except our biggest problem right now is that the fastest speed our ISP can give us is 8 megs down, 1 meg up unless we choose to pay $thousands to get full duplex T1 lines.
<sarnold> wow, and t1 looks so cute these days
<riz0n> The 100 megabit business fiber will cost us the same as our 8x1 small business cable connection costs us now, so we are excited about them finishing that up.
<riz0n> The last time I had 6 megs full duplex quoted it was going to cost us $3,000 a month. That's crack prices for Internet. The only reason we really need the Internet link is (well besides the obvious Internet connection) is to host our web pages, email, vpn, IP phone service, everything else we achieve on our own through the wireless links, and that costs us nothing a month to maintain.
<sarnold> bed time, have fun riz0n :)
<riz0n> Thanks so much for the chat sarnold. I know a lot of the stuff I've discussed is outside the scope of Ubuntu Server, and I apologize to the channel ops if I have upset them, but sometimes its really nice to ping ideas off others to see what others have done, their experience with that, and learn other methods of doing things :) There's not many people that have really got as in-depth
<riz0n> into creating network systems like we have, at least not here in Western NC.
<riz0n> I am going to play with the /etc/skel and see where that gets me. My next project is trying to set up FreeRadius and trying to integrate that into our DD-WRT access points so that we can assign individual users with their own credentials to get into the wireless network infrastructure, instead of having one shared WPA2 passphrase, and having to rekey all devices when an individual leaves
<riz0n> the company.
<lordievader> Good morning.
<_2_Lily97> Hi
<Leegaert> Hi, since I upgraded from 12.04 to 14.04 my server keeps getting stuck on boot on a black screen with "Scanning for BTRFS filesystems". I have a BTRFS volume which is mounted through /etc/fstab. Most solutions I've read for this problem involve removing the btrfs-tools. Should I just wait for the scanning to end (been going on for more then 10 minu
<Leegaert> tes now)?
<streulma> can someone solve this? No module named linecache
<ikonia> streulma: install the module ?
<Leegaert> Apparantly I had to append device options in my fstab file...
<Leegaert> Bit weird
<Guest31251> how do i get i get date in filename in a bash-script ?
<TJ-> Guest31251: "$(date +%Y-%m-%d)" or any other date format you require; see "man date"
<Guest31251> i made a simple backup-script
<Guest31251> http://paste.ubuntu.com/8062094/
<Guest31251> my first backup script
<Guest31251> dont know if it works even
<Guest31251> gonna try it now
<Guest31251> hmm working good so far
<Guest31251> doestn use absolute paths :P
<_2_Lily97> Yes
<Guest31251> backups take 917M
<Guest31251> how large files can gmail take ?
<Guest31251> my home is only 51M
<Guest31251> i forgot my commercial vps :D
<Guest31251> i can just scp them there if i remember my password
<Guest31251> have to check also when the domain has to be renewed
<Guest31251> my grandfathers book-store
<Guest31251> 17.7.2015 no problem
<rostam> HI I am using ubuntu 14.04.  accroding to dpkg --list | grep linux-image  I have two linux image installed on my system:  linux-image-3.13.0-24  and linux-image-3.13.0-32.  Currently my system has booted to later one, 3.13.0-32, How could I boot to older release, 3.13.0-24? thanks
<cfhowlett_> rostam, reboot.   choose advanced options.  select ubuntu version (kernel)
<rostam> cfhowlett_,  I have been struggling with this, could you please expand on advanced options, Is this a grub thing I believe? but not sure how to set it up... thanks for your help
<cfhowlett_> rostam, yes, you can select which linux-header, i.e. kernel, from the grub menu on rebooting
<cfhowlett_> rostam, nothing to set up.  you're old headers will appear automatically
<rostam> cfhowlett_, thanks for your feedback. I tried to use GRUB_DEFAULT ,  or grub-set-default still coming up with newer version.
<cfhowlett_> !grub2
<ubottu> GRUB2 is the default Ubuntu boot manager. Lost GRUB after installing Windows? See https://help.ubuntu.com/community/RestoreGrub - For more information and troubleshooting for GRUB2 please refer to https://help.ubuntu.com/community/Grub2
<cfhowlett_> rostam, by default, the newest kernel boots.
<rostam> cfhowlett_, I understand but I can not reverse it back to older one ... Here is the grub.cfg: http://paste.ubuntu.com/8062651/
<TJ-> rostam: There may be a bug in the Trusty default setting; I've been investigating. However, when the system starts hold down the Shift key until the GRUB boot menu is displayed, then choose "Advanced Options" and then the alternative kernel you wish to use
<rostam> TJ- I need to automate this in field so I need a script solution. How about removing the newer kernel would that break anything? thanks
<rostam> or even is that possible?
<TJ-> rostam: how are you using "grub-set-default" .. what command-line, exactly?
<rostam> TJ-,  Based on instruction I got from this page: http://ubuntuforums.org/showthread.php?t=1195275   I set the GRUB_DEFAULT=saved  then I call grub-set-default="Ubuntu, Linux 3.13.0-24-generic"
<TJ-> rostam: Instead of the menu title, use it's --id
<TJ-> rostam: If you look in "/boot/grub.cfg" you'll see the id's of each entry at the end of the menuentry line. They look like "gnulinux-3.13.0-32-generic-advanced-55b34add-90c2-4bd9-b2d3-ea7b4cf5efc8" ... so you should try "grub-set-default gnulinux-3.13.0-32-generic-advanced-55b34add-90c2-4bd9-b2d3-ea7b4cf5efc8"
<rostam> TJ-,  ok, so the syntax would be grub-set-default=gnulinux-.....             ?
<rostam> TJ-,  do I still need to call update-grub ?
<TJ-> rostam: there is no "=" sign to the command.... or are you doing it some other way?
<TJ-> rostam: "update-grub" is only required if changes to the config via "/etc/default/grub" or the scripts in "/etc/grub.d/" are made
<rostam> TJ-  THanks I do not use "=" that was elapsed on my side.. thanks
<darkxploit> hello.. i have wrongly  uninstall apache and deleted /etc/apache2 [debian] but the service is still on. ANy idea how to stop it        tcp6       0      0 :::80                   :::*                    LISTEN      12709/apache2                        service apache2 stop dont work usr/sbin/apache2 dont exist, kill -9 on the pid keeps on changing
<samba35> i am running two guest on 14.04.1 with kvm but host/guest use swap memory upto 800 mb and keeping phyiscal memory un-use ,is there any way force touse physical memory or disable swap is good option ?
<rostam> TJ- The default setting for grub does not work for me. I wonder if this is ubuntu bug or something on my side ....
<TJ-> rostam: I believe it to be a bug - I had a similar issue last week but not had time to fully debug it yet
<rostam> TJ-, is there a bug ID associate it with it do you have a work around I can use? thanks
<TJ-> rostam: Nothing so far, I have it on a long ToDo list :)
<rostam> TJ-,  the only thing I think I should do is to pin not to update the newer kernel do you see any issue on that please? thanks
#ubuntu-server 2014-08-17
<dorimon5> hello
<dorimon5> good day
<dorimon5> need some help
<dorimon5> globops hello! good day! need some help about ubuntu server. thanks!
<keithclark> I don't seem to be able to upgrade my server.  I get the following when trying:http://paste.ubuntu.com/8067322/
<MavKen> I have a new vps, moving over from a shared host.  Am going to do a clean install.  Each client is setup like this... /var/www/site/domain/www I want to run http://pastebin.com/HXpjTH7V in each client director.  What is the easiest way to accomplish this and have it setup to use for each future client?
<dorimon5> I enable jumbo frame in my server. but the problem is, after 3-4 hours my server will hang. i dont know why. need some help.
<dorimon5> what is the stable kernel of ubuntu server right now?
<dorimon5> i'm using kernel 3.13.0-34-generic right now but i don't think so if it is stable
<MavKen> dist-upgrade gets me to 3.13.0-24-generic
<MavKen> dist-upgrade on desktop gets me 3.13.0-34-generi
<dorimon5> ohh. why it is not the same. hhhmmm. on my server, after i run sudo apt-get update followed by sudo apt-get dist-upgrade it gives me 3.13.0-34-generic
<MavKen> I run "apt-get clean && apt-get update && apt-get update -y && apt-get dist-upgrade -y && apt-get autoremove -y"
<MavKen> I wonder why I am not getting -34
<dorimon5> try to run sudo lsb_release -a and the codename should be trusty, maybe you are not using latest release ubuntu server
<MavKen> No LSB modules are available.
<MavKen> Distributor ID:	Ubuntu
<MavKen> Description:	Ubuntu 14.04.1 LTS
<MavKen> Release:	14.04
<MavKen> Codename:	trusty
<dorimon5> oohh.it seems you are already using the latest realse, you should able to get the latest kernel. hhmmm. whats happening to your server.
<MavKen> strange
<MavKen> its going through the digitalocean.com mirror, wouldn't think that would cause it
<dorimon5> hhhhmm. maybe, but it's ok. i suggest not to upgrade yet to a latest kernel because it still buggy. as of now using latest kernel i encounterd many errors.
<keithclark> I don't seem to be able to upgrade my server.  I get the following when trying:http://paste.ubuntu.com/8067322/
<MavKen> keithclark, what version of ubuntu do you have?
<dorimon5> keithclark, i suggest to do fresh install.
<keithclark> MavKen: 12.10
<MavKen> keithclark, yeah you will need clean install
<keithclark> MavKen: dam, this is a headless server and I'm not sure if the dvd works anymore or not.
<MavKen> ouch
<keithclark> no upgrade path then?  Just scrap it?
<MavKen> not unless you were able to go 12.10 -> 13.04 -> 13.10 -> 14.04
<keithclark> that would be fine as an alternative to scraping it.l
<MavKen> i don't have experience installing older versions but that would be the only way in a headless situation... I hope the dvd works and you have usb ports for keyboard
<dorimon5> hi MavKen, do you experience on how to enable jumbo frame in ubuntu server?
<MavKen> i do not
<dorimon5> ahhh. ok. thanks!
<Patrickdk> enable?
<Patrickdk> I have never seen a case where one has to *enable* them
<noidea> is there a fast way to add or import the output of ls -l /dev/disk/by-uuid/ or sudo blkidd to fstab?
<lordievader> Good afternoon.
<dorimon5> helo! anyone here know how to use flashcache? i need some help
<RoyK^Work> dorimon5: I beleive bcache would be better
<RoyK^Work> dorimon5: oh - there's a package for flashcache - I see
<RoyK^Work> !ask | dorimon5
<ubottu> dorimon5: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<dorimon5> RoyK^Work: yes, there is flashcache package. it was develop by facebook.
<dorimon5> ubottu: :-)
<RoyK^Work> dorimon5: I know...
<Patrickdk> man, half an hour, and we still can't help dorimon5
<RoyK^Work> dorimon5: there's also enhanceio, based on flashcache
<Patrickdk> and l2arc :)
<dorimon5> Royk^Work: yes, i try enhanceio yesterday but i have no luck compiling it under ubuntu using kernel 3.13.0-34-generic.
<dorimon5> RoyK^Work: thats why i used flashcache because it is already in ubuntu repository.
<dorimon5> Patrickdk: im sorry, im not familiar with 12arc. :)
<RoyK^Work> dorimon5: l2arc is ZFS' variant of it - it's rock stable and works - but you'll need ZFS for it, though
<dorimon5> RoyK^Work: ahh. ok. thanks for the information. i will it. :)
<HotSwap> Hey, im trying to set up an unprivileged lxc container by following the ubuntu server guide on 14.04, but I'm getting "unshare: invalid argument".  Just wondering if anyone knew what the issue would be.
<rostam> HI I am using ubuntu  14.04. When I boot the system I get the following message on console: "waiting for network configuration". At this time I can ping the system but I can not ssh to it. After sometime, it wait for additional 60 secs and then I am able to ssh to the system.  Any idea why? thanks
<Patrickdk> something is messed up with it
<Patrickdk> missing default gateway/nameservers?
<rostam> Patrickdk, where can I get those info (gateway/nameservers) ?  thanks
<Patrickdk> I wouldn't know
<Patrickdk> I don't run your network
<sk1pper> hi, i am trying to install puppet-dashboard on 14.04 but it fails because of rubygems dependency (rubygems is replaced by ruby package). Anyone has installed puppet-dashboard on 14.04?
<Lunario> is there an alternative to dynamic dns if I want to access my local ubuntu server  from the internet?
#ubuntu-server 2015-08-10
<dork> what do people typically use for wan failover on an ubuntu router, basically just need to swing the default gateway to a slave if the router can't hit an ip via icmp
<dork> or anyone know if keepalived can do that
<patdk-lap> heh?
<patdk-lap> I thought keepalived died awhile ago
 * patdk-lap just uses ospf
<dork> patdk-lap: you using quagga?
<dork> i wasn't sure if ospf was the right protocol to use for this since i only have a border router and nothing routing downstream in my network, i just need failover for a multihomed ubuntu router stack that uses keepalived for lvs/vrrp so that the local network has a floating vip for its default gateway
<dork> so wasn't sure if keepalived could handle that as well
<dork> but originally i was thinking of ospf for this just didn't know if it was overkill
<patdk-lap> well, depends on what you need
<patdk-lap> vrrp is the simple way
<patdk-lap> but as soon as you add in any kind of firewall, it will get complex
<dork> how so
<kteckca> Hello?
<lordievader> Good morning.
<skylite> how can I mount an nfs by giving the username and password in one command?
<lordievader> Since when does nfs require a username and password?
<skylite> lordievader since: mount.nfs: access denied by server while mounting .....
<jelly> skylite: is your client's IP or hostname allowed to mount?
<skylite> jelly yes
<lordievader> skylite: Look in the server's logs why it is denying you. That is not due to a username or password since nfs doesn't use that.
<skylite> ah ok
<skylite> lordievader got it thanks
<lordievader> skylite: ;)
<ubuntugeek> hi all unable to install the zenoss core on ubuntu 14 on an aws ec2 instance
<KlausedSource> Good Morning, I have ubuntu-server 14.04 LTS installed on my arm7 machine. On top of that runs an owncloud server which I want to use php-apcu 4.0.7 with. The problem is it is not in the repositories. So I downloaded it manually.
<KlausedSource> when trying to install the .deb with dpkg i get the following output "php5-apcu depends on phpapi-20131226, ; however:  Package phpapi-20131226 is not installed."
<ubuntugeek>  hi all unable to install the zenoss core on ubuntu 14 on an aws ec2 instance   i followed this link but 8080 port is not running http://idroot.net/tutorials/how-to-install-zenoss-on-ubuntu-14-04/
<ubuntugeek> please help me out
<KlausedSource> So when I try to install phpapi-20131226 I get: "Package phpapi-20131226 is not available, but is referred to by another package."
<KlausedSource> How can I resolve this "the ubuntu way" without messing something up?
<ubuntugeek>  hi all unable to install the zenoss core on ubuntu 14 on an aws ec2 instance   i followed this link but 8080 port is not running http://idroot.net/tutorials/how-to-install-zenoss-on-ubuntu-14-04/
<ubuntugeek> is der anybody
<ubuntugeek> to answer i
<ubuntugeek> it*
<lordievader> ubuntugeek: Is anything listening to that port?
<ubuntugeek> lordievader   no
<lordievader> Read the script they gave you and try to figure out why there ain't anything listening to it.
<ubuntugeek> actually aws ec2 instance having 2 ip's 1)private 2)public so it is configuring at private ip so how can i acess zenoss dashboard?
<ubuntugeek> do i ned to install apache2 and liten set it to 8080 port lordievader
<lordievader> I suppose the program runs its own web server. I don't know the program.
<ubuntugeek> can u check zenoss installation please?
<ws2k3> does the sshd server has an error log? sshd is installed but when i restart it it says unknown instandse and ssh is not reachable
<lordievader> ubuntugeek: No, the script looks rather ugly.
<ubuntugeek> can u make google research
<jelly> ws2k3: if you're using debian, then ask only in #debian.  service startup can differ a lot.
<lordievader> ubuntugeek: You can ;)
<jelly> (ws2k3 said they were using wheezy, in #debian, after being warned they asked exactly the same question in both channels)
<jamespage> smb, good morning
<jamespage> smb, how goes dpdk?
<smb> jamespage, morning. it goes here and there... making progress, I am about to put a new revision with some updates to my ppa
<jamespage> smb, I'm going to push a ovs 2.4 snapshot sans the dpdk support to wily today (pending some successful local testing)
<jamespage> smb, as I'm away from end of thurs and want to get my new upstream rev's in before I go
<jamespage> :-)
<smb> jamespage, not sure we handle all the MIR/optional FFE in time but we try
<jamespage> smb, well if we could get it in the queue for the 20th (uploaded, MIR raised) that would give us a fighting chance!
<smb> jamespage, yeah, that kind of is this weeks plan since I also will be somewhere else next week
<jamespage> smb, ack
<jamespage> smb, I think we can enable the dpdk bits post freeze ok
<jamespage> its not the 'default' - just an option
<smb> option and completely new package, so I also think the enabling is not that big of an issue.
<smb> jamespage, but since I have not yet gone through a MIR handling that is more the unknown lands
<jamespage> smb, https://launchpad.net/ubuntu/+source/openvswitch/2.4.0~git20150810.97bab95-0ubuntu1
<jamespage> I really hate powerpc sometimes
<smb> jamespage, not sure what makes you think I am a lover. :)
<jamespage> smb, oh it was just a passing comment :-)
<jamespage> lol
<smb> :)
<arcsky> Guys where do i add dns servers from CLI ?
<ogra_> man resolvconf
<arcsky> I have added dns-nameservers 192.168.1.254 8.8.8.8 in /etc/network/interfaces and restarted it but nothing works
<patdk-lap> that assumes your using resolvconf
<ogra_> which all ubuntu installs do by default ... usually :)
<arcsky> patdk-lap: where do i add it then?
<patdk-lap> only if he didn't upgrade from an installal prior to resolvconf
<TJ-> arcsky: what does "/etc/resolv.conf" contain?
<arcsky> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
<arcsky> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
<TJ-> arcsky: OK, so resolvconf hasn't added the "nameserver ..." line(s)
<arcsky> ok what can i do then?
<arcsky> for ages i have only used resolv.conf. where to add it?
<TJ-> arcsky: Is it still a symbolic link?  /etc/resolv.conf -> ../run/resolvconf/resolv.conf
<arcsky> yeah
<jelly> arcsky: it depends, how is your network configured?
<arcsky> /etc/network/interfaces
<jelly> iface ... inet static?
<arcsky> yeah
<TJ-> arcsky: what does this report? "resolvconf --updates-are-enabled && echo Yes"
<arcsky> output YES
<TJ-> arcsky: Is this interface enabled automatically, aside from the dns-nameservers being ignored? ... can you pastebin "/etc/network/interfaces"
<jelly> arcsky: add a "dns-nameservers your.dns.recursor.ip another.dns.recursor.ip" to the iface stanza, if it's not there.  There's an example in "man resolvconf"
<arcsky> this is wierd feature Ubuntu has made
<arcsky> keep the classic way
<arcsky> http://pastebin.com/uRcuG17W
<jelly> so you already have a dns-nameservers line
<arcsky> yes but it doesng work to ping google.com
 * jelly wonders where arcsky's loopback iface definition has gone
<TJ-> arcsky: any clues from "sudo ifup --verbose --no-act"
<arcsky> jelly: my lo0 is up dont worry
<jelly> (also, resolvconf comes from Debian, it's not an Ubuntu-specific weird feature)
<arcsky> resolv.conf i work with gentoo,slackware,debian,(old ubuntu),redhat,centos
<TJ-> jelly: loopback is an internal i/f; ipfup -a brings it up
<TJ-> s/ipfup/ifup/
<jelly> TJ-: maybe, but the "iface lo inet loopback" it's still present in my trusty interfaces file
<arcsky> ok i delete this shitty symlink and run the old classic way. thanks anyway guys
<TJ-> arcsky: I'd guess the problem is you've got something preventing resolvconf from doing it's thing (writing the correct entry to "/etc/resolv.conf") when the boot scripts call "ifup -a"
<TJ-> arcsky: see https://wiki.debian.org/NetworkConfiguration#Defining_the_.28DNS.29_Nameservers
<TJ-> arcsky: I suspect your issue is you haven't *indented* the lines in "/etc/network/interfaces" below the "iface eth0 " - indentation is required for the parser to figure out which statements belong to the interface
<lordievader> arcsky: Is /etc/resolv.conf still a symlink to /run/resolvconf/resolv.conf?
<arcsky> i did delete it. did create a new one.  and chmod -x /etc/ini.t/resolvconf
<arcsky> works like a charm
<JanC> TJ-: according to interfaces(5) âOptions are usually indented for clarity (as in the example above) but are not required to be.â
<freezevee> is anyone using Chef ?
<TJ-> JanC: I know, but the Debian guide states "Place the line indented within an iface stanza, e.g., right after the gateway line. Enter the IP addresses of the nameservers you need to use after dns-nameservers."
<JanC> TJ-: so there is a bug somewhere then?  :)
<dman777_alter> when I ssh into my ubuntu server and do env, I get TERM=rxvt-unicode. But when I ssh into my gentoo server I get TERM=rxvt-unicode-256color. This is from the same client pc that I am using to ssh. How can I make the ubuntu server TERM=rxvt-unicode-256color?
<TJ-> JanC: I'm looking at the code of ifupdown: config.c:get_line() does "while (isspace((*result)[first]) && (*result)[first]) { ..." so it skips over any space-like characters
<JanC> so that would mean that Debian guide is wrong?  :)
<jelly> JanC: it's not wrong, but it's not exhaustive and complete either
<TJ-> The indentation is optional not required, so not a cause for a failure
<JanC> to be honest, making indentation mandatory would probably have been better...
<jelly> whitespace as syntax is for crazy people.  And pythonistas.
<JanC> but changing that now would be impossible
<TJ-> jelly: fully agreed :D
<ogra_> systemd-networkd will make that discussion moot anyway :P
<JanC> pretty much every programming language uses whitespace as part of its syntax ;)
<TJ-> JanC: but most do not enforce a type or quantity of white-space, as long as it is 1+
<cofo> Hi
<cofo> I setup LAMP in ubuntu usin digitalocean and I don't know how to add tables
<teward> add tables...?
<teward> oh., you mean to mysql?
<cofo> yes
 * teward forgot what LAMP meant for a moment :P
<cofo> I don't remember my password.
<cofo> People referer me to here from #ubuntu, #ubuntu-offtopic and #mysql
<teward> cofo: usually i just `dpkg-reconfigure mysql-server-VERSION` (where VERSION is the version of mysql installed), but i've become a postgres convert :P
<jrwren> cofo: if you used dpkg to set the root password, its in a file: /etc/mysql/debian.cnf
<cofo> i think i found my password thanks god
<cofo> i don't know how to add table
<cofo> like in webhost
<teward> cofo: typically the web applications you're installing will set up the database/tables for you
<teward> or, you provide the database and credentials and it sets up the tables
<teward> so i'm not sure what you're trying to do/achieve
<cofo> I don't understand
<cofo> Im creating an app
<teward> cofo: OK that's what you left out
<cofo> the thing is to create table and put their information like user an password
<cofo> https://www.irccloud.com/pastebin/Y37N7C5T/
<cofo> Any help?
<cofo> mysqld --console
<jrwren> cofo: you likely need to run that as the mysql user.
<cofo> https://www.irccloud.com/pastebin/l0b0Vd17/
<cofo> I tried
<cofo> I should reinstall ubuntu?
<cofo> jwren:
<jrwren> cofo: no, never. reinstall is for folks who cannot learn.
<cofo> Please assit me
<jrwren> cofo: sudo -u mysql mysql
<cofo> assist*
<cofo> https://www.irccloud.com/pastebin/jxwC6Zxk/
<jrwren> cofo: read this: https://help.ubuntu.com/stable/serverguide/mysql.html
<cofo> sudo /usr/bin/mysql_secure_installation i able to login
<cofo> but i dont know
<maxb> You should learn how to use MysQL
<maxb> * MySQL
<cofo> I don't know
<cofo> yeah
<cofo> i able to do it
<cofo> i change -u to user
<jrwren> see also: https://help.ubuntu.com/community/ApacheMySQLPHP
<cofo> i able to login into mysql
<cofo> :)
<cofo> my self
<dman777_alter> when I ssh into my ubuntu server and do env, I get TERM=rxvt-unicode. But when I ssh into my gentoo server I get TERM=rxvt-unicode-256color. This is from the same client pc that I am using to ssh. How can I make the ubuntu server TERM=rxvt-unicode-256color?
<pmatulis> dman777_alter: change the value in your shell's init file. but why do you want to do that? what's the problem?
<pmatulis> dman777_alter: fwiw, i use urxvt and my TERM value is 'xterm-256color' :)
<dman777_alter> pmatulis: vim colorscheme is messed up
<dman777_alter> pmatulis: thanks
<pmatulis> dman777_alter: right, i changed mine around a few years back due to vim as well
<rcj> stgraber, Is there a way I can use nested containers with LXD?
<blizzow> I was trying the ubuntu cloud-installer to install openstack.  I'm installing on an ubuntu 15.04 server bare-metal machine with 16GB RAM and kvm-ok returns all good.  I did the single installer mode, the installer gets through bootstrapping juju but then fails at starting the KVM hosts.  I went into the lxc console during the juju bootstrap and did a force installation of virtinst and qemu-kvm while it's trying to bootstrap juj
<blizzow> The thing I see in the qemu logs within the lxc container is this:  libvirt:  error : libvirtd quit during handshake: Input/output error
<sarnold> hey blizzow, I got to thinking about that over the weekend.. check dmesg, there might be IO errors to the disk
<blizzow> sarnold: dmesg shows nothing on either the container or the bare-metal host... I've also tried this on a VM and get the same problem. :(
<sarnold> blizzow: well, that's good news for your hardware anyway :)
<Village> Hello Guys, i faced with problem when installing MySQL - "sudo apt-get install mysql-server php5-mysql" i got error - http://pastebin.com/yAA1kJdi maybe who knows what's can be?
<sarnold> blizzow: I'd say it's time to file a bug against it
<blizzow> sarnold: agreed.
<sarnold> Village: scroll back up, the error that happened is higher up
<Village> sarnold, let me check
<Village> sarnold, maybe this - http://pastebin.com/nZd43TKY ?
<sarnold> Village: awesome ;) it's a good start, apt-get install bsdutils and try again
<Village> sarnold, thanks, let me try do it at clear VPS, from new, and i will tell you, thanks. Let's try
<sarnold> Village: why all the extra hassle?
<Village> Because not order here now.. i try from new and i will tell you
<Village> there*
<Village> what i need install can i - sudo apt-get install bsdutils ? Or bsdutils named diferent ?
<Village> i willtry
<Village> sarnold, i try with bsdutils installed, but same:( Ubuntu 14.04 (64-bit) - http://pastebin.com/WN88i66T
<sarnold> Village: strange. I've never understood why mysql asks to set the password multiple times anyway :(
<Village> I enter good root pass
<Village> But why error?
<teward> sarnold: that's also you over on oftc
<teward> ?
<sarnold> teward: yeah, you can't get away from me ;)
<teward> sarnold: good, then you know who to yell at over at OFTC to fix their DNS
<teward> so yell
<teward> because doko and others can't get to OFTC
<teward> DNS RR Explosion Confirmed
<sarnold> teward: yeah, I've done the yelling that I can do, sadly I can't actually fix it
<teward> sarnold: indeed, but i wanted a confirmation that the yelling happened :)
<teward> NoResponse on oftc's channel made me like "Hey, did he drop connections...?" ::P
<teward> but yeah i have a v6 addr i can give doko in the interim so they can connect (hopefully)
<K4k> Does anyone know of a program, such as apt-offline, that can keep a rolling archive of packages and versions present on a system that can be used to identify the current "state" of a system when using apt-offline
<K4k> apt-offline is pretty good but it's annoying to have to export the list, specific to the package I want to grab, each time I want to install something. I'd rather just have a file containing the "state of packages" on a system and then download the files needed based on that and update the file if I choose to actually install the packages on the remote system.
<stgraber> rcj: I've not tried nested LXD, but running LXC instead of a LXD container should be fine, you'll need to set raw.lxc to lxc.aa_profile=lxc-container-default-with-nesting though.
<stgraber> rcj: btw, did you get my e-mail about changing the lxd metadata for precise and trusty to include upstart overrides for console and tty[1234]?
<rcj> stgraber, yes.  I was out and failed to create a bug to track.  Doing that now
<stgraber> rcj: great, thanks!
<stgraber> rcj: that'll make it much simpler for us to run scaling tests. Currently we're getting a load of around 3000 on the test box due to getty processes respawning in an infinite loop in all containers :)
<rcj> stgraber, I'll retry with that raw.lxc setting on the container.  Do I not need the "lxc.mount.auto = cgroup" set in some manner as well?
<stgraber> rcj: nope, lxc.mount.auto as of LXC 1.1 defaults to "sys:mixed proc:mixed cgroup:mixed" which should be sufficient for nesting
<rcj> stgraber, when you have time, can you check out nested containers with LXD?  I just see the lxd daemon constantly restarting.
<rcj> stgraber, I've pushed the change to add the new template.  I'll let the next daily build pick up the change and we'll see if it works.
<stgraber> rcj: ok, great, thanks. For nested LXD, can you file a bug at github.com/lxc/lxd?
<rcj> stgraber, sure
<stgraber> rcj: we're all a bit swamped with ContainerCon and Plumbers next week, so it's best to have it recorded :)
<rcj> stgraber, I understand
<rcj> stgraber, new issue for nested lxd is #1002,  for some reason the nested lxd can't read the server certificate that was created
<stgraber> thanks
<jasonkeene> anyone know how to write to files via cloud init 12.04? write_files doesnât work
<jasonkeene> http://serverfault.com/questions/605670/ubuntu-12-04-cloud-init-doesnt-support-write-files-what-to-do
<jasonkeene> thatâs a pretty disappointing work around
#ubuntu-server 2015-08-11
<Jeeves_Moss> is there a way to logrotate v-hosted apache log files by making a cnf directory so I don't have to edit /etc/logrotate.d/apache every time?
<lordievader> Good morning.
<arcsky> hey guys where do i find security update settings ?
<arcsky> cli
<RoyK> arcsky: what security update
<arcsky> RoyK: lets say Ubuntu release a security update and i want to know how i can automatic install it
<lordievader> Do you mean the security repos?
<arcsky> lets say openssl got a zeroday vulnerability i want it to be installed so fast ubuntu release it
<lordievader> arcsky: So some kind of auto update script?
<lordievader> Write that and throw it in cron?"
<mybalzitch> I'd just subscribe to the security mailing list
<mybalzitch> and intervene when required
<arcsky> ok
<arcsky> http://www.howtogeek.com/204796/how-to-enable-automatic-security-updates-on-ubuntu-server/
<RoyK> arcsky: I usually enable that during install
<arcsky> Anyone have configured openSSH to authenticate to a Windows 2008 NPS?
<purefan> Hello. Not sure if this makes sense but I want to trace the order in which programs interact with an HTTP request, for example is IPTables the first point of contact with any network packet?
<patdk-wk> no
<patdk-wk> iptables never touches packets ever
<jelly> purefan: iptables is kernelspace (and is actually netfilter?).  If you're going that low, you should probably mention the ethernet driver first?
<patdk-wk> and the whole kernel packet interface, and other things that modify them, like ipsec, bonding, teaming, vlans, ...
<jelly> someone actually uses teaming?
<purefan> jelly: yes, Netfilter, Im just used to calling it IPTables because of the command. As for the driver I dont know how to easily work with that, I imagine it would require recompiling
<purefan> patdk-wk: but iptbables/netfiler can reject packets
<patdk-wk> netfilter can, iptables can't
<patdk-wk> iptables is just a userland interface to load rules into netfilter
<purefan> patdk-wk: ok agreed, but I think you understood what I meant
<jelly> not sure if <pedant> or distinguishing from ye olde 2.4 days
<patdk-wk> it's changed again in 3.x too :)
<patdk-wk> iptables is only kept for compatability
<jelly> twice, I think
<patdk-wk> ya, I follow his blog, interesting stuff, except he is on a bitcoin kick now
<Kgirthofer> can I have a cronjob run at 00 or does it start at 01
<TJ-> I think it's 0-59
<jelly> Kgirthofer: yes you can
<Kgirthofer> cool thanks
<RoyK> :(){ :|:& };: # as smilies come
<mybalzitch> you and your fork bomb can take a seat over there
<RoyK> tieinv: hehe
<RoyK> mybalzitch: that was for you, sorry
<mybalzitch> :D
<jelly> RoyK: that gets you instabanned in some of my channels :-)
<jelly> ohno, it's the monkeyface-with-musical-notation forkbomb, kill it with fire
<rbasak> jamespage: FYI, I just invalidated bug 1438757 since I'm not aware of any plans to backport IPv6 support in keepalived to Trusty. Just thought I'd mention it in case you know any different.
<ubottu> bug 1438757 in keepalived (Ubuntu) "Please update Keepalived version on Ubuntu 14.04 to 1.2.10 (or above)" [Undecided,Invalid] https://launchpad.net/bugs/1438757
<jamespage> rbasak, I'm happy to add that as a backport for the UCA
<jamespage> rbasak, but fine with rejecting it for 14.04 vanilla
<rbasak> jamespage: OK. Shall I add a task for cloud-archive?
<jamespage> rbasak, nah
<jamespage> its baking now
<jamespage> it will be for liberty only
<jamespage> onwards rather
<rbasak> jamespage: ah, so you're doing it already?
<jamespage> rbasak, yes - its a point and click process
<rbasak> OK. Thanks!
<rbasak> I'll update the bug.
<jamespage> rbasak, thanks for the headsup
<rbasak> np!
<Qantourisc> WARNING: do not run: kill -sSIGTERM 1
<Qantourisc> According to man it should shutdown
<Qantourisc> In my case it just reloads
<lordievader> Why would you want to kill init?
<RoosterJuice> hi there, my web server seems to have been exploited and my IP is being blocked for performing brute force login attacks... How can I fix this and remove any script that is causing this to happen?
<RoosterJuice> my isp received an email from blocklist.de
<patdk-wk> RoosterJuice, reinstall
<patdk-wk> maybe even throw the hardware in the trash and replace it also
<patdk-wk> with the new smm cpu hack
<RoosterJuice> anyone with a real answer?
<patdk-wk> that is a real answer
<patdk-wk> how else will you guarrentee NOTHING exists from them?
<patdk-wk> and that it is secure from them doing it again?
<RoosterJuice> it's a VPS
<lordievader> It depends on the type of exploit, if the uefi firmware is exploited a reinstall won't help.
<patdk-wk> well, throw that vps away, and build up a new one
<Qantourisc>   /w 25
<Qantourisc> lordievader: not kill init, request a shutdown
<lordievader> Sounds like a bad idea, nonetheless.
<Qantourisc> lordievader: well it's how lxc requests a shutdown to quest when the os has no /dev/initctl
<Qantourisc> lordievader: and the manual of init (of upstart) specifies SIGTERM == request shutdown
<lordievader> I see, that is why it is strange to me ;)
<Qantourisc> lordievader: maybe i should install a full VM to test sigtem
<Qantourisc> but it feels like overkill, installing a full ubunut to test 1 thing :p
<Qantourisc> Don't suppose anyone has a ubuntu running they want to shutdown right now ? :D
<pmatulis> Qantourisc: get serious
<blizzow> I have a 13.10 server that I'm trying to do-release-upgrade on.  do-release upgrade ran and exited prompting me to reboot, so I did that.  After the reboot, I was still at 13.10 on my splash screen.  So I tried again, and still got the same thing.  lsb_release -rc returns 13.10/saucy as well.  I tried doing apt-get dist-upgrade and it shows a huge list of packages to be upgraded, and goes through extracting templates from packages then preconfiguring
<blizzow> Anyone know how I can get my release upgrading?
<blizzow> I tried to remove all packages in /var/cache/apt/archives/
<patdk-wk> sounds very odd
<patdk-wk> it shouldn't work at all
<genii> Saucy packages should now be in old-releases.ubuntu.com, might want to put that in your sources.list instead of the old default ones. Then dist-upgrade and then do-release-upgrade
<blizzow> swapped out archive.us.ubuntu.com to old-releases.ubuntu.com and put saucy back in place of trusty.  did an apt-get update/apt-get dist-upgrade.  Said 0 packages needed to be upgraded.  So I did a do-release upgrade, I'm getting all kinds of 404 errors trying to pull repos and even a hash sum mistmatch. :(
<blizzow> Can't seem to figure a way out of this morass.
<sarnold> blizzow: do you have any apt-cacher-ng configured? I wasted a few hours chasing hash sum mismatches with it before finding out that uit was buggy in some releases .. or entirely buggy ..
<blizzow> no apt-cache stuff enabled on this machine.
<blizzow> yikes, now when running dpkg --reconfigure -a I get "cannot execute binary file"
<sarnold> blizzow: check dmesg?
<sarnold> blizzow: I think that error message happens mostly when there are architecture mis-matches, e.g. trying to run an x86 compiled binary on armhf, for example, but maybe you've got a dying drive or something simlar
<blizzow> nothing in dmesg output that would indicate running wrong arch or filesystem issues.
<blizzow> Deleting the contents of /var/cache/apt/archives/ and re-attempting shows all downloaded packages are amd64 arch as well.
<blizzow> okay, I think I'm making some progress. I copied the latest dpkg from /var/cache/apt/archives/ and did an ar -vx dpkg_1.17.5ubuntu5.4_amd64.deb.  I then copied the the extracted files into the same locations in / .  dpkg-reconfigure -a "fixed" some packages.  Now running a dist-upgrade is upgrading and reconfiguring all kinds of stuff across the board.Are there other steps do-release-upgrade does that changing sources.list and running apt-get dist-up
<ogra_> yes, a lot ...
<ogra_> (you got to check the source for details though, but it also helps handling transitions etc)
<blizzow> assuming all the packages successfully get dist-upgraded to trusty. is do-release-upgrade smart enough to do the rest of the transition steps after the fact?
<blizzow> never mind, I guess, I'm forced to figure this out for myself in a minute ;)
<hallyn> zul: smb: neither of you planning a wily libvirt update?
<zul> hallyn: nope focus is else where
<hallyn> eeeeeexcelent
<hallyn> zul: smb: going to test a bit more, but then probably push libvirt-stop-guests
<hallyn> (minus some tab/space cleanup)
<jcastro> zul: someone on twitter is asking, what was our first ubuntu that did maas/juju for openstack?
<jcastro> zul: page is asleep probably so I'm deferring to you. :)
<jcastro> I wanna say 12.04?
<thebwt> 10.04 was still euca wasn't it?
<thebwt> jcastro: http://www.zdnet.com/article/canonical-switches-to-openstack-for-ubuntu-linux-cloud/
<thebwt> 11.10
<jcastro> we didn't maas back then did we?
<jcastro> man, it's all like a blur
<arcsky> Anyone have configured openSSH to authenticate to a Windows 2008 NPS?
<patdk-lap> what is an nps?
<patdk-lap> never heard of this thing before
<patdk-lap> oh, it's the replacement for the old radius server
<patdk-lap> openssh can't auth against that, won't work
<tarpman> patdk-lap: why not? libpam-radius-auth exists
<patdk-lap> ya, pam would support it
<patdk-lap> but openssh doesn't
<patdk-lap> openssh -> pam -> radius -> windows nps
<patdk-lap> but one cannot configure openssh to auth against nps as he asked though :)
 * tarpman waves hands vaguely
<trippeh> windows, could you just auth with AD (kerberos) instead? :P
<patdk-lap> yes
<patdk-lap> that is what I do
<patdk-lap> and you have several ways you could do that
<PGNd> Could anyone up on latest Debain latest kernel pls check their value for `grep -i 6RD /boot/config-$(uname -r) && uname -r` (or the equivalent location ...) ?  Looking for distro support for 6RD ...
<PGNd> Oops, ubu-svr
<bekks> PGNd: In here, you will find users with the latest Ubuntu kernel ;)
<PGNd> bekks: right, hence the "Ooops" ...
<sarnold> PGNd: CONFIG_IPV6_SIT_6RD=y 3.13.0-57-generic
<sarnold> PGNd: this is missing vivid and wily for some reason, but might be useful http://kernel.ubuntu.com/~kernel-ppa/configs/
<PGNd> sarnold: Thx.  That's 'latest' kernel version @ ubuntu-server?
<PGNd> Ah, thx
<sarnold> apw: http://kernel.ubuntu.com/~kernel-ppa/configs/ is missing vivid and wily
<sarnold> PGNd: well, "latest" is slightly difficult to specify -- I haven't rebooted in a while, this laptop is on 14.04 rather than 15.04, but and 14.04 has multiple supported kernel series on it anyway...
<sarnold> "but and". wow.
<PGNd> sarnold: heh.  typing & grammare are the 1st to go ...   the link's good enuf. thx.
<sarnold> PGNd: hehe :)
#ubuntu-server 2015-08-12
<neonixcoder> I am facing an issue with my cmos resetting to 2009-01-01 time as mention hear http://www.vistax64.com/general-discussion/286845-help-cmos-resetting-problem.html
<neonixcoder> I checked my CMOS battery and its voltage shows 3.3v.
<neonixcoder> I dont see any issue with CMOS battery.. any other suggestions?
<sarnold> measuring the voltage of a battery without a load usually doesn't work
<sarnold> you might as well just replace the thing outright as a first troubleshooting step, they're only a few bucks
<neonixcoder> sarnold: I checked with load and without load.. they are much identical..
<neonixcoder> Yes.. but before replacing I want to conform if that is a CMOS battery issue..
<neonixcoder> I have total 200 ubuntu boxes which are running and I see this issue on 20 boxes
<sarnold> were they all bought at the same time? :)
<sarnold> it really could be a software issue, if something is setting the time on your running systems to six years ago, and then running hwclock --set
<neonixcoder> At different times, different times deployments and present in different locations. but with same configuration.
<sarnold> but I think dual-boot systems have severe trouble with hwclock --set, so I don't think it's acutally used by default any more
<neonixcoder> sarnold: If I am not wrong, ntp will set hardware clock right?
<patdk-lap> if you never set the clock, and hever use hwclock --set, could be an issue, but it should never reset to 01-01 again though
<sarnold> neonixcoder: I don't think so, I think it only sets the software clock
<patdk-lap> it would atleast still be counting up
<patdk-lap> so the issue is with the rtc or the battery
<patdk-lap> it could be as simple as someone has the jumper on the clear cmos, still
<sarnold> neonixcoder: replace two or three of the twenty, see what happens; I bet those are fixed.
<sarnold> patdk-lap: hah :)
<patdk-lap> on my newer boards, it's just two solder pads
<patdk-lap> might be a solder bridge on them
<sarnold> no pins?
<patdk-lap> no pins
<patdk-lap> you just touch it with a screwdriver or something
<patdk-lap> I guess that was to keep people from leaving the jumper on
<neonixcoder> sarnold: sure will check on couple of machines before replacing all
<lordievader> Good morning.
<patsToms> lordievader, morning
<lordievader> Hey patsToms
<rbasak> hallyn: could you take a look at bug 1483836 please? It's in main (ubuntu-server subscription) because it's a build-dep for qemu AFAICT.
<ubottu> bug 1483836 in acpica-unix (Ubuntu) "acpica-unix ftbfs on powerpc" [High,Confirmed] https://launchpad.net/bugs/1483836
<rbasak> hallyn: I can help you with the powerpc porter if you need it.
<hallyn> rbasak: after libvirt is straightened out
<rbasak> hallyn: np, thanks
<hallyn> zul: smb: if you have a minute, could you look over http://paste.ubuntu.com/12061910/  ?  Final patch which I intend to push to libvirt this morning
<zul> hallyn,  sure
<zul> hallyn: looks ok
<hallyn> ok thx
<smb> hallyn, Hm yeah nothing that immediately jumps out. Though large enough to be hard to say completely for sure
<badabum18> Hi, is there anybody to tell me with anacron 2.3 variable RANDOM_DELAY ? My job appears as "Will run job `test' in 1 min." in syslog but 1 mins is the period and RANDOM_DELAY=120 is ignored... :-/
<Overand> Should I stick my SSL settigns (ala disabling SSLv3) in my /etc/apache2/mods-__/mod_ssl.conf - or in my virtualhost?
<Overand> seems like it should go in the module settings, but is that going to get axed by package management?
<jelly> Overand: put it in the ssl virtualhost
<Dr_Apocalypse> Greetings all. I'm wondering if anyone has some suggections for setting up a reverse proxy
<pmatulis> Dr_Apocalypse: study nginx
<Qantourisc> Since I installed ubuntu i used bootstrap on a dir. So i'm not sure everything was installed correctly.
<Qantourisc> What is the default syslog used by ubuntu ?
<Qantourisc> ok enoughg google results seem to point to rsyslogd
<tarpman> Qantourisc: install the package "ubuntu-minimal" to get the basic system packages such as syslog and cron
<Qantourisc> tarpman: well, currently that would take ... I don't know ... 3 hours, so first installing some debug tools :p
<Qantourisc> but thanks
<Qantourisc> lxc is acting up weird somehow
<Qantourisc> aptitude/apt-get is verry slow, diks usage, it claims
<RoyK> Qantourisc: are you low on diskspace?
<Qantourisc> no but I did just add storage
<RoyK> things are usually rather slow if filesystems are almost full - leads to very fragmented filsystems (on all OSes)
<Qantourisc> also tty1 refuses root login
<Qantourisc> RoyK: not talking slow, talking floppy disk slow
<RoyK> how did you add storage?
<Qantourisc> lvresize; resize2fs
<RoyK> should work
<Qantourisc> it did :)
<RoyK> and should help writes do better, though reads may still be in trouble if the filesystem is highly fragmented
<Qantourisc> the FS is quite fresh, and never got near full
<RoyK> is this a vm or physical?
<Qantourisc> vm in lxc
<Qantourisc> take ~1 minute to "build dependency tree"
<RoyK> anything from dmesg about bad drives?
<Qantourisc> shouldn't be
<RoyK> well, check
<Qantourisc> just did: no
<Qantourisc> however it is loading 1 disk of the mirror raid more then the other
<Qantourisc> 75% load on 1 16% on the other
<Qantourisc> that is weird
<RoyK> pastebin /proc/mdstat
<Qantourisc> http://codepad.org/DjNkXNuV
<Qantourisc> nothing in it btw :p
<RoyK> 64MB chunks???
<Qantourisc> it's reading @130MB's how can that even be
<RoyK>       bitmap: 2/2 pages [8KB], 65536KB chunk
 * Qantourisc rechecks the chunk size, that does sound large :D
<RoyK> seems to be the bitmap chunk
<Qantourisc> RoyK: try looking at md127
<Qantourisc> i mean 124
<Qantourisc>  7566523392 blocks super 1.2 level 5, 512k chunk, algorithm 2 [3/3] [UUU]
<Qantourisc> the chunksize there is 512k
<Qantourisc> the rest must indeed be related to bitmap
<RoyK> yeah, but the bitmap chunk size is 64MB
<RoyK> doesn't seem to be the problem, though, although you might want to ask on #linux-raid
<Qantourisc> I did a apt-get install rsyslog about 6 mins ago, it's at "Reading state information... Done" atm, to give you an idea how slow btw :)
<RoyK> better place to ask about raid stuff than in here
<Qantourisc> sec idea
<Qantourisc> where are the "data" files of apt located ?
<RoyK> iirc /var/cache/apt/
<Qantourisc> ok looks right
<Qantourisc> just catted all that data to /dev/zero, verry fast :p
 * Qantourisc smells exesive IO due to something else failing
<dasjoe> apt is calling a lot of fsync, so you might want to get libeatmydata and preload that ;)
<Qantourisc> dasjoe: hmm good idea to debug
 * Qantourisc tries
<RoyK> using a mirror of an ssd and spinning rust for the root with write-mostly for the spinning rust works well
<Qantourisc> i'll have the results in ~10 mins
<Qantourisc> takes a while to install :/
<Qantourisc> RoyK: ... it's on ssd ... (entirely)
<RoyK> and it's that slow?!?
<Qantourisc> yes
<Qantourisc> hence my supprise :)
<RoyK> better run a smartctl -H /dev/whatever
<RoyK> guess it may be bad
<dasjoe> "LD_PRELOAD=libeatmydata.so aptitude"
<Qantourisc> dasjoe: it's not installed yet
<Qantourisc> hmmm maybe i can install it from the host lxc server
<dasjoe> Once libeatmydata is installed. Also, I've got a tiny script for checking interesting SMART stats: https://gist.github.com/dasjoe/a7252e3f737ec36de36f
<Qantourisc> yea host system is chroozing by
<Qantourisc> copied eatmydata, no real improvement
<RoyK> Qantourisc: if you have i/o issues like that on an ssd, make sure you have a good backup
<Qantourisc> tty1 is also borked: when i type root, it rejects the user
<RoyK> Qantourisc: looks to me that ssd is borked
<dasjoe> Qantourisc: so, the host is fast but the container is slow?
<Qantourisc> dasjoe: es
<dasjoe> Qantourisc: if that's the case your SSD is fine but your LXC is weird. I have no experience with containers, so I'm not very helpful, sorry
<RoyK> Qantourisc: pastebin 'smartctl -x /dev/sdX' for that ssd
<Qantourisc> think i must have some missing resource/functionality on the container
<Qantourisc> RoyK: it's 2 :p
<RoyK> Qantourisc: those SSDs may sometimes not report things right
<RoyK> Qantourisc: a mirror?
<Qantourisc> yep
<dasjoe> RoyK: it's not related to hardware, imho. Their host is running fine, but IO from within the container is slow
<RoyK> well, that's good
<Qantourisc> RoyK: not really
<Qantourisc> it's the same brand, and order
<Qantourisc> that's bad
<dasjoe> Qantourisc: hop over to #zfsonlinux and let's get you up and running with a real file system ;)
<RoyK> Qantourisc: without write-mostly, all i/o, also reads, will be spread to all drives
<RoyK> dasjoe: linux filesystems also work - this thing seems to be hardware
<RoyK> dasjoe: also, I've been using zfs for 6+ years ;)
<Qantourisc> dasjoe: tried zfs once,has some concept issues with ot
<Qantourisc> RoyK: still want those smarts ? I uploaded them
<Qantourisc> http://codepad.org/dIK1h9da http://codepad.org/KHctwXIV
<RoyK> please
<Qantourisc> doubt you will find anything :p
<Qantourisc> they are warmer then expected though :p
<Qantourisc> then again the chasis is not closed :p
<Qantourisc> it's running at 2800 reads / second
<RoyK> Qantourisc: doesn't look like anything bad - but does iostat say anything about which ssd is spending more time?
<Qantourisc> readking 150 000 kB/s
<Qantourisc> /dev/sdd
<Qantourisc> but it's also getting the bulk of the read-requests
<RoyK> try to detach it or offline it
<Qantourisc> wich is verry weird
<RoyK> mdadm --fail iirc
<Qantourisc> Such a hassle to get it back online, how certain are you to persue the pure-hardware-io path atm ?
<dasjoe> Qantourisc: check the disks's readahead, I've seen IO thrashing due to linux assuming sequential reads when I had random I/O with large enough block sizes
<RoyK> just wonder how 150MB/s can't be sufficient
<Qantourisc> RoyK: I think it's stuck on something due to something msissing / me takes a look at strace again
<Qantourisc> are mmap -read mentioned in strace
<Qantourisc> i'm not entirely sure
<dasjoe> blockdev --getra /dev/sdX
<Qantourisc> dasjoe: you'd want to check /dev/sdX and the lvm btw
<Qantourisc> and getfra too iirc
<RoyK> Qantourisc: perhaps someone is there doing something they shouldn't? box rooted?
<Qantourisc> god lets hope not
<dasjoe> RoyK: I still think it's in the container layer, the host is fast on the same HW, if I understand correctly
<RoyK> Qantourisc: can you clarify that?
<Qantourisc> RoyK: well for starters, there is no direrct exposure to the internet
<RoyK> Qantourisc: is the host responsive?
<Qantourisc> they'd have to have access to another system in the network
<Qantourisc> RoyK: yes
<Qantourisc> IO == 0 when aptitude is not running
<nettlejam> Does anyone know why the Ubuntu EC2 AMI locator (http://cloud-images.ubuntu.com/locator/ec2/) lists 15.04 as 'DEVEL'?
<RoyK> Qantourisc: I don't use lxc so really, I don't know, but have you tried restarting the guest?
<Qantourisc> RoyK: relucantly yes, even unmounted and did a fschk
<linocisco> how to use aptonCD on ubuntu server?
<Qantourisc> Can I disable mmap in apt-get ?
<RoyK> you shouldn't
<RoyK> if i/o is the problem, iotop might show something
<Qantourisc> RoyK: well there are no reads when using strace, since it's mmap-ing, so that would allow me to see some reads
<linocisco> how to use aptonCD on ubuntu server?
<Qantourisc> yea defently lxc => chroot is fast
<linocisco> https://help.ubuntu.com/community/APTonCD is for Desktop, what about for Server version?
<patdk-wk> how did you define *desktop*
<patdk-wk> where does it say, for desktop only?
<sarnold> patdk-wk: he left.. he lacks patience.
<patdk-wk> oh, It was so quick, I didn't notice
<patdk-wk> damn it, now my inner troll is going build up
<sarnold> hehe I know the feeling... I was all excited to type out "what error messages did you get when you tried?" oh well
<host127> Anyone may explain to maiself if this: > http://store.bq.com/gl/smartphones have sudo ?
<sarnold> host127: yes, it does
<sarnold> host127: you may have better luck in #ubuntu-touch
<host127> sarnold: don lie to me. please. because if is true i will buy ok?
<sarnold> host127: I just tried it on my nexus4 running ubuntu touch; when you start the terminal, it even prints 'To run a command as adm8nistrator (user "root"), use "sudo <command", See "man sudo_root" for details.'
<dasjoe> sarnold: how's the battery life?
<sarnold> dasjoe: I don't have a SIM card in that phone, so it's not really a fair comparison, it never does actual phone things
<sarnold> dasjoe: it runs several days between charges
<dasjoe> sarnold: oh, just like my OPO. I use it for reading tposana in Play Books ;)
<sarnold> dasjoe: my ubuntu phone has mostly turned into a machines vs machines game :)
<sarnold> it's yet another tower dfense game, but you've got to get tower placement, types, and upgrades done just right or you fail miserably
<dasjoe> Sounds interesting. I really fell for the Kingdom Rush series
<Qantourisc> RoyK: cause is some cgroups going haywire
<Qantourisc> RoyK: not sure why or wich one yet
<Qantourisc> RoyK: memory limit
<Qantourisc> RoyK: limit was 12MB
<Qantourisc> So to fullfill the mmap it has to swap in rather small segments of file
<Qantourisc> dasjoe: Ping read above if you care about what the issue was
<sarnold> _twelve megabyte_ cgroup memory limit? man, how'd you do that? :)
<sarnold> and how on earth did anything run?
<a1fa> hello, i am trying to install ubuntu 14.04 on HP Proliant G8 with HP p420i RAID and SAS controller.. i removed my disks from raid configuration because i want to do btrfs, but the drives dont show up during install, and i am prompted for driver install because no disks have been found
<sarnold> a1fa: does your controller have an HBA mode or allow you to flash IT firmware?
<a1fa> i did not see that option
<a1fa> i'll check again
<a1fa> well looks like its going to be a command line thing using their cli tool
#ubuntu-server 2015-08-13
<lordievader> Good morning.
<jamespage> zul, jdstrand: is it possible to put the libvirt templates generates for instances into complain mode? trying to generate some updates for using hugepage memory
<zul> jamespage: yes but i forgot how
<jdstrand> jamespage: yes, modify /etc/apparmor.d/libvirt/TEMPLATE.qemu to have "profile LIBVIRT_TEMPLATE flags=(complain) {"
<jamespage> jdstrand, awesome - thankyou
<jdstrand> np
<jamespage> jdstrand, I've probably learn't and forgetten this already but is there a nice way to parse the complain entires into an profile update?
<jdstrand> jamespage: there is a program called aa-logprof, yes, but it isn't smart enough to know to update the template and it may have trouble finding the vm profile in /etc/apparmor.d/libvirt
<jdstrand> jamespage: if you were keen on doing that, you could try passing the '-d' directive to logprof, then do a diff between the template and the profile
<jdstrand> but, handcrafted in this case is probably faster
<jamespage> jdstrand, ack
<jamespage> jdstrand, and do we have a nice mechanism for providing local profile updates for the generated profiles?
<jamespage> I was trying to figure it out but got stuck...
<jdstrand> jamespage: if you want all VMs to pick up the change, you can modify /etc/apparmor.d/abstractions/libvirt-qemu. if you want only a single vm to have the change, you can modify /etc/apparmor.d/libvirt/libvirt-<domain uuid> (note, *not* the one with the .files extension)
<jamespage> jdstrand, ok - ta
<jdstrand> np
<jdstrand> jamespage: I think you're set now, but fyi, http://wiki.apparmor.net/index.php/Libvirt
<jdstrand> I see it needs a couple updates
 * jdstrand does so
<jamespage> jdstrand, how does that look - http://paste.ubuntu.com/12071349/ ?
<jamespage> I suspect the top two rules are generically applicable - the third is dependency on where hugepages gets mounted
<jdstrand> the rules are written well for the denials. however, I think they are too lenient
<jdstrand> so, qemu only complained about the dir for cpu, so this might be better:
<jdstrand> /sys/devices/system/cpu/ r,
<jdstrand> I think this would be better for node:
<jdstrand> /sys/devices/system/node/ r,
<jdstrand> /sys/devices/system/node/node[0-9]*/** r,
<jdstrand> actually, even better
<jdstrand> /sys/devices/system/node/node[0-9]*/meminfo r,
<jdstrand> as for the hugepages mount point,  there is already this rule in libvirt-qemu:
<jdstrand> owner "/run/hugepages/kvm/libvirt/qemu/**" rw,
<jdstrand> it that not enough? (I feel there was a bug on this)
<jdstrand> https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1001584
<ubottu> Launchpad bug 1001584 in libvirt (Ubuntu) "libvirt-bin support for hugepages: apparmor needs a rule for hugetlbfs" [Medium,Expired]
<jdstrand> https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1250216
<ubottu> Launchpad bug 1250216 in libvirt (Ubuntu Saucy) "apparmor policy prevents using hugepages" [High,Fix released]
<jdstrand> that last bug suggests that virt-aa-helper should be updated to generate the paths. is the mountpoint expressed in the domain xml?
<jdstrand> jamespage: ^^
<jamespage> jdstrand, reading
<jdstrand> jamespage: here is a cleaned up summary of the above: http://paste.ubuntu.com/12071434/
<jamespage> jdstrand, thanks
<jamespage> jdstrand, so for the owner "/run/hugepages/kvm/libvirt/qemu/**" rw, bit, I just need to make sure that hugepages is being mounted in the correct location I think
<jdstrand> right, that is what I was thinking
<jamespage> # /run/hugepages/kvm/
<jdstrand> I don't know what the domain xml looks liek for hugepages, but if it says where they are mounted, then virt-aa-helper (the thing that stitches together the template, the uuid and uuid.files files) can be made to add the paths to the .files file automatically
<jdstrand> if it isn't in the domain xml, it would require a bit more work I think
<Kgirthofer> so someh ow I created a file called \
<Kgirthofer> how do I delete it
<Kgirthofer> when I put it in rm it just says missing operand
<Kgirthofer> n.m
<Kgirthofer> rm \\
<Kgirthofer> :)
<fellayaboy> whats the new package for dhcp server...i tried sudo apt-get install isc-dhcp-server on ubuntu server 15.04 but says cant find package..also tried sudo apt-cache search dhcp didnt find anything about server
<qman__> fellayaboy: http://packages.ubuntu.com/vivid/isc-dhcp-server
<qman__> your sources must not be correct
<fellayaboy> think i need to do apt-get update
<fellayaboy> let me also check apt/sources.list
<fellayaboy> thanks qman that solved it
<Danskmand> Howdy :-) - I want to install syslog-ng on my servers using puppet....Now I see that syslog-ng has a open bug with this since ano 2006 - cannot install syslog-ng because it has unmet dependencies ( syslog-ng : Depends: syslog-ng-core (>= 3.5.3), ....)
<Danskmand>  I can install syslog-ng by first installing syslog-ng-core and then install syslog-ng. But thats not easy in puppet....
<sarnold> Danskmand: how are you trying to install it? apt-get install <foo> ought to handle all the deps for you without trouble.
<Danskmand> sarnold: Yeah, I know - but running "apt-get install syslog-ng" results in "The following packages have unmet dependencies:"
<Danskmand> "
<Danskmand>  "syslog-ng : Depends: syslog-ng-core (>= 3.5.3)"
<Danskmand> (3 more depends, 5 recommends)
<Danskmand> e: Unable to correct problems, you have held broken packages
<sarnold> that's interesting, never seen that before
<sarnold> try this: dpkg --get-selections | grep -v install
<Danskmand> When I then do a "apt-get install syslog-ng-core" it installs that and when I then repeat the "apt-get install syslog-ng" it installs without a problem !
<Danskmand> So it is really that syslog-ng-core ,,,,
<Danskmand> The .v results into - nothing -
<sarnold> hmm. I don't have any held packages on my systems, I assumed the 'install' would go away if it were held.. maybe try dpkg --get-selections | grep held   or | grep hold  ?
<Danskmand> Yeah, - nothing -
<Danskmand> OKay....have installed a new ubuntu-Server as a vm @ home and run "apt-get install syslog-ng" - there it will install is without any problems ! - the new system is on 15.04 - the problem-server is on 14.04 LTS....
<sarnold> I suspect a brand-new 14.04 would also work fine, there's something strange on your existing system..
<Danskmand> I see theres a 14.04.3 release - how can I find out the release I am running down to the "3"-number ?
<Danskmand> Forget it - I overread it - I have a 14.04.1 release running...
<Danskmand> How do I upgrade to 14.04.3 release ?
<OerHeks> sudo apt update && sudo apt full-upgrade
<sarnold> Danskmand: full details here https://wiki.ubuntu.com/Kernel/LTSEnablementStack
<Danskmand> I just dont wann upgrade away from the LTS-release...
<sarnold> the 14.04.1 kernel will be supported for the full five years; if you upgrade to 14.04.3 you'll need to upgrade to the 14.04.5 kernel in august 2016.
<Danskmand> Hmm....okay, so upgrading is not the solution if I dont wanna loose the LTS and wanna solve my problem....
<sarnold> just keep running apt-get update && apt-get -u dist-upgrade on a regular basis
<Danskmand> Running the apt-get dist-upgrade looks to me like I will leave the LTS-path....
<Danskmand> Which I cannot...
<sarnold> the usual 'upgrade' command refuses to install new packages, which means e.g. kernel updates never happen. dist-upgrade can install new packages, so you'll get new kernel packages. it only changes the actual distribution if you modify the 'trusty' to 'vivid' or 'wily' in your /etc/apt/sources* files
<Danskmand> Okay...running dist-upgrade right now....
<Danskmand> Lets hope we have a server afterwards....
<Danskmand> We have a problem with our servers hdd-controller of some kind...
<sarnold> you should, i've run apt-get dist-upgrade a few thousand times in 15 years and only had two or three problems, back in the days when I ran debian unstable, and that kind of thing was expected. :)
<Danskmand> Yeah, and I can still choose the old kernel at boot...
<Danskmand> Its a known problewm with the hp....380 Servers...
<Danskmand> Ooops ! - No more system I think !
<Danskmand> "Gave up waiting for root device. common problems: .........
<Danskmand> ALERT! /dev/disk/by-uuid/add.........many numbers does not exist. Dropping to a shell!
<Danskmand> samold:
<sarnold> Danskmand: did you need to build an out-of-tree kernel module to mount your storage array?
<Danskmand> NOw my prompt is "initramfs".....
<Danskmand> Hmmm...dont know - wasnt there when it was built.....
<sarnold> Danskmand: maybe you need to rebuild your initramfs with a specific kernel module to allow mounting the array?
<Danskmand> I am running on a Busybox right now...
<Danskmand> Doing a reset right now....
<Danskmand> HP proliant...
<Danskmand> Smart array b320 i controller...
<Danskmand> ata6: ATA4: Sata link down (SStatus 0 SControl 300)
<Danskmand> Gave up waiting for root device.
<Danskmand> So now I think I know what I should not have done to that server !!!!!!
<Danskmand> Sh**.....Can you help me on this ?
<Danskmand> Please ?
<sarnold> you need to install kernel updates; there's just no way around that. You've got to figure out how to make that system reliable enough to reboot whenever you need with a new kernel.
<Danskmand> So in other words, the system is wrecked now - I need to reinstall ....
<Danskmand> No way back, right ?
<sarnold> i'm sure there's a way forward
<sarnold> i've just never had one of those machines
<sarnold> there's a note that the dynamic smart array needs to be disabled on one specfic generation, but I don't know if that's something that would affect you or not http://www.ubuntu.com/certification/hardware/201401-14512/
<Danskmand> So....Now I booted from the old kernel....and it works....
<tobyj> having trouble with networking in an ubuntu server vm. I just added a new eth adapter, the system is detecting it but I can't bring it up
<tobyj> http://puu.sh/jAxgQ/619c45f8e6.png this is some of the output from lshw -C network
<tobyj> ...problem solved
<Danskmand> Samold:  You still here ?
<Danskmand> Of course - I have just that one server that has this problem with the smart-array controller ....
<Danskmand> A HP proliant DL360e gen8....
#ubuntu-server 2015-08-14
<bananapie> Hello, other than iptables, what might block a packet from leaving a linux server that shows up on tcpdump but not on the other computer on the same subnet/switch ?
<sarnold> vlans? smart-switch with acls to enforce?
<bananapie> So I have a server B connected via lan/switch to server A which is connected to server C via OpenVPN, server C is connected to the lan 192.168.122.0/24.
<bananapie> from server B I can ping 192.168.122.1
<bananapie> but from server C I can not ping server B.
<bananapie> after some investigating, tcpdump shows the packets exiting server A on the correct interface towards server B
<bananapie> but server B never receives the packets ( checked with tcpdump ).
<bananapie> I added iptables -I FORWARD -s 192.168.122.0/24 -j ACCEPT to server A thinking it would fix the issue
<bananapie> the packet counters show that the packets are being accepted by the new rule
<bananapie> but I can't see the packets hitting server B
<bananapie> :(
<bananapie> server B and server A are on the subnet 192.168.2.0 and the VPN is 192.168.3.0
<bananapie> this should be straightforward, but I can't figure it out
<bananapie> server A and server B can communicate in both directions ( confirmed with pings )
<bananapie> server A and C can communicate in both directions ( confirmed with pings )
<bananapie> but for some reason that is beyond me, A and C can not communicate
<bananapie> ip_forward = 1 in /proc/sys/net/....
<bananapie> it gets weirder.
<bananapie> I added "iptables -t nat -I POSTROUTING -s 192.168.122.0/24 -j MASQUERADE" which causes 192.168.122.0/24 to appear as 192.168.2.1 to server B
<bananapie> and now the pings are going through
<bananapie> my switch has vlans but should not be filtering ips in any way
<bananapie> I never configured ACL on the switch
<bananapie> tcpdump run on both the tun0 interface and the eth0 interface show the packets, so the issue is not with openvpn
<bananapie> route -n shows the right IPs on the right interfaces
<bananapie> I also have server D which is connected to the same VPN with lan 192.168.10.0/24, and it pings server B without issue
<bananapie> I figured it out
<bananapie> server A turns out to be a virtual server and the host machine has a virbr0 interface with a conflicting ip
<sarnold> d'oh :)
<bananapie> at least I figured it out
<bananapie> i forgot that A was a virtual server
<bananapie> good thing I know what I am doing :$
<bananapie> the virtual host is masquerading my stuff
<bananapie> I removed the offending rule from iptables -t nat, but the stuff is still masqueraded I need to reset the ip connections tracked by iptables
<bananapie> how do I tell iptables to reset all the connections masquerade is following?
<patdk-lap> you don't
<patdk-lap> iptables has no effect on that kind of thing
<bananapie> crap
<sarnold> try something like echo 1 > /proc/sys/net/ipv4/ip_conntrack_max ; echo whatever > /proc/sys/net/ipv4/ip_conntrack_max
<patdk-lap> or just use the conntrack program
<patdk-lap> and tell it to flush
<sarnold> how decadent :)
<bananapie> IT WORKED :D
<bananapie> thaks
<bananapie> I did conntrack -F and it reset everything
<bananapie> thanks :D
<sdfsf> hi, my server hp is dead, in this server i have 5 disks (OS Windows 2008 R2 with VM Hyper-V), i can install these disks in ubuntu OS without losing data?
<lordievader> Good morning.
<sysrex> hi guys, I have a stupid question, I have seen someone gzip -9c files but can't find anywhere in the man page what the 9 stands for
<mybalzitch> compression level
<sysrex> mybalzitch, could you please be a bit more specific
<sysrex> meaning a higher compression level?
<mybalzitch> yes
<sysrex> oh , thanks
<sysrex> just wondering, what that switch does
<fishcooker> if i have a list of packages a b c and d in case no dependency between them... which one will be installed on the first place..eg: apt-get -y install fail2ban python-paramiko mc git-core
<cluelessperson> something's really screwed up with permissions
<ddddd> my server hp proliant is dead, the server hp have 5 disks, 1 physical Windows Server 2008 R2 and 3 vm hyper-v, i would want load these disks in a system Ubuntu Server on other server hp poweredge r510, is possible?
<ddddd> my server hp proliant is dead, the server hp have 5 disks, 1 physical Windows Server 2008 R2 and 3 vm hyper-v, i would want load these disks in a system Ubuntu Server on other server DELL poweredge r510, is possible?
<mybalzitch> maybe
<mybalzitch> are you planning on installing ubuntu on those drives?
<mybalzitch> or just mounting them
<ddddd> only mount
<ddddd> i want mount this disks how virtualmachine
<ddddd> is possible
<mybalzitch> yes
<mybalzitch> assuming you weren't using hardware raid
<lordievader> ddddd: Wait, do you want to run hyper-v vm's under Linux?
<ddddd> lordievader: yes
<lordievader> Don't think that is possible, but I have never researched it.
<ddddd> mybalzitch i believe that what is raid
<mybalzitch> lordievader: he should be able to boot them inside of virtualbox
<lordievader> I guess if you can get to the disks of the vm's you can put them in kvm and run it that way.
<ddddd> but i am I am not sure
<ddddd> what is kvm?
<mybalzitch> ddddd: a way to virtualize under linux
<tobyj> hello
<tobyj> I'm working on getting a diskless boot working from an ubuntu server
<tobyj> the kernel boots just fine, but the nfs share with the filesystem on it never mounts
<tobyj> permission denied, NFS over TCP not available from 10.0.0.1
<tobyj> when it clearly is
<tobyj> Any help?
<herrkin> hi community, yesterday I could ssh into the server I did apt-get update and upgrade, after that I cant even ping it.
<herrkin> the server runs fine, it pings google, everything seems ok
<herrkin> I am in a different network segment from the server. if I plug the server eth cable to another machine and config the same values as the server  to it it pings but the server wont
<herrkin> thats very weird to me.
<gerwintmg> @herrkin check if iptables has updated or any other network related service. it could be that a service needs a restart
<Capprentice> Hi! I want to run two Caching DNS Resolvers in a single Machine! Is it possible?
<bekks> No, since DNS is using port 53, which cannot be used by two services at a time.
<sarnold> bekks: sure it can, they just need to bind to different IP addresses
<sarnold> one can bind to 10.0.0.2:53, and the other to 192.168.0.2:53 ...
<bekks> sarnold: Yeah, that would be working.
<Capprentice> samold: How do I bind them?
<Capprentice> What resolvers are capable of this?
<Capprentice> Can dnsmasq and bind can do?
<bekks> Capprentice: All DNS servers can be bound to a specific IP address, in their config.
<Capprentice> What should I put in /etc/network/interfaces as dns-nameservers? I normally use 127.0.0.1 !
<bekks> Capprentice: then you are using dnsmasq by default.
<sarnold> Capprentice: you'd select whichever one you actually wanted to use
<Capprentice> Yes I am! But in a server which will be used by others what should I put there? I can not put the ips which im bind the dns resolvers to! That will probably create a loop!
<bekks> You dont need to use ! that often. And why cant you put the IPs there?
<Capprentice> Request coming to the IP 10.0.0.2 and then request goes back to 10.0.0.2!
<sarnold> why?
<bekks> Capprentice: you dont need an exclamation mark at the end every sentence.
<Capprentice> everything is surprising to me (^___^)
<jelly> Capprentice: most sane recursor software has some sort of "listen-interface" and/or "local-address" option to specify which IP or interface to listen on
<Capprentice> jelly: How to use root servers in DNSMasq?
<jelly> one would hope it uses them by default?
<jelly> how else would it work
<sarnold> dnsmasq does everything, it can also run as a dns forwarder
<jelly> sorry, the only time I've seen dnsmasq used is in NetworkManager applets when internet sharing is enabled
<sarnold> you can build some mighty difficult to debug things out of it -- run one for libvirt, one for lxc, one for local caching, configure them to forward queries to each other, and your VMs might not be able to look up LXC guests, or vice-versa..
<sarnold> .. but if you configure your vms with one fake tld, and your lxcs with a different fake tld, you make mostly make things work.
 * jelly uses either dnscache (which is trivial to configure bind ip address in) or pdns-recursor (which has an obvious local-address option in the config file)
<stallmen> dw1: why do you use ubuntu
<patdk-lap> !poll
<esde> When I run aptitude install -f on an ubuntu server i've configured, this is the result http://pastie.org/private/9vvdtet20mdwoqtqkr4ga. the packages i've got installed up to this point are http://pastie.org/private/keo1olcsmnrxgnjdzduqia. how can i determine which package(s) are triggering aptitude to want to install all those packages?.
<tarpman> esde: try 'aptitude why' on one of the named packages. or run aptitude in interactive mode (with no arguments) and inspect some packages
<esde> for the first few packages I tried that command with it returned "Unable to find a reason to install X"
<tarpman> esde: I'd guess that wireshark and ubuntu-dev-tools are the roots of most of those, but I can't say why it wants to install them
<esde> not literally X,  but each package i tried
<esde> wireshark was one of the packages that said "Unable to find a reason to install"
<tarpman> does "apt-get -f install" also want to install those packages? I've seen apt and aptitude develop mismatched ideas of desired package states
<esde> ah
<esde> it does not
<tarpman> right
<tarpman> aptitude has a menu entry to reset package states, IIRC
<tarpman> "Cancel pending actions" in the Actions menu, possibly
<esde> I never used apt-get on this install, only aptitude from the start. That's best practice? or no
<tarpman> I prefer apt-get these days. it has learned most of the features that used to distinguish aptitude, and is more actively developed/fixed
<tarpman> but AFAIK both should be usable and supported
<tarpman> and aptitude's searching/selecting abilities are still unbeatable :)
<esde> great
<esde> it worked!
<tarpman> great
<esde> also i think it's great that aptitude has minesweeper built-in
#ubuntu-server 2015-08-15
<hallyn> dannf: all of a sudden uvt-simplestreams-sync is crashing on me on:
<hallyn> serge@sergeh2:~$ uvt-simplestreams-libvirt sync release=trusty arch=amd64
<hallyn> qemu-img: Could not open '/tmp/tmpDSd8Ce': Image is not in qcow2 format
<hallyn> dannf: hm, reverting doesn't help though so nm :)
<hallyn> rbasak: uvt-simplestreams-sync is bombingout for me :(
 * hallyn bbl
<cognitios> I don't know if this is the right place to post this, but I just reset a digital ocean server to Ubuntu 12.04, I was resent the password and everything via email. The password I was sent just simply will not be accepted. This is what happens http://pastebin.com/WumnhqL3 . I have no idea how to fix it.
<sarnold> cognitios: are you sure the username on the remote server is also cognitios?
<sarnold> it might be for the root account, or ubuntu account, or maybe some other account
<cognitios> I'm not entirely sure, that's my digital ocean user name.
<cognitios> Nothing has been done to it, I haven't even logged into the server before
<blaaa> is it somehow possible to use a tpm for measured booting an UEFI server? I believe trusted-grub is only for BIOS
<lordievader> Good morning.
<atralheaven_> Hello, I need some help to configure my vps firewall, I'm a newbie in networking and I don't know much about its concepts, I do like to learn about networking related to internet (not local networking), but I'm really busy until end of summer and I don't have enough time for it, for now I should config my vps firewall as soon as possible, I need some help with that. can anyone help me?
<atralheaven_> btw I'm sorry if my english is not very good...
<larsi> don't ask to ask atralheaven_
<larsi> http://sol.gfxile.net/dontask.html
<lordievader> atralheaven_: Know what is running on your server, know what ports it uses. Firewall all other ports.
<lordievader> For starters ;)
<bekks> Firewalling unused ports reminds me of snake oil.
<bekks> You dont need to firewall a port which is not used by any service.
<lordievader> You might not want to tell the other party nothing is running ;)
<bekks> More likely, you dont want to tell the other party what is running.
<lordievader> That is true, hence I said for starters ;)
<atralheaven_> you mean I should explain my problem with details directly?
<bekks> Yes...
<atralheaven_> actually im just worry about email ports, my vps runs openvpn. and there are client's using it, I just want to keep them from being able to send spam emails
<atralheaven_> I want to block email ports
<bekks> You dont want that,
<atralheaven_> I've blocked them with ufw on my vps, but there is another firewall from my vps provider panel
<bekks> disabling email ports will disable email for ALL clients.
<atralheaven_> yes
<bekks> You want to configure your email server instead, so only authenticated clients can send email.
<bekks> That has nothing to do with firewalling.
<atralheaven_> may you explain more? the vps is only for running as openvpn server, I don't use email with it
<bekks> You said your clients are using the VPS for sending emails.
<atralheaven_> they're connecting to my server with openvpn, and they can do that
<bekks> So if you disable email ports, your clients will not be able to send email.
<atralheaven_> my clients use gmail or yahoo mail web interface, I think blocking email port is ok? is there an alternative way?
<bekks> You said your clients use your VPS to send email.
<atralheaven_> I want to prevent abusing the server
<bekks> If they are using yahoo mail foo, they are not using your VPS.
<bekks> So are they using your VPS or not?
<atralheaven_> they use my vps as openvpn server
<bekks> So they dont use your server for emailing.
<bekks> Then - instead of firewalling - configure your VPS for localhost mail purposes only.
<bekks> No need for a firewall.
<atralheaven_> so when someone use my vps as openvpn server, he can't send emails using my server? I just want to prevent abusing
<bekks> 0815 135510 < bekks> Then - instead of firewalling - configure your VPS for localhost mail purposes only.
<atralheaven_> may you give me some keywords to google so I can find a guide to see how can I do that
<atralheaven_> I should have a basic idea of what it is and how it works, but I even don't know what should I look for
<atralheaven_> I've been using linux on my computers for several years, but I'm new to the client-server world
<snowkidind> ok i am having issues getting rails to work on apache (passenger) with ubuntu on a production server (not really its my dev server, but it is serving webpages) I am pretty sure it has something to do with the Virtual Host config
<snowkidind> my structure is /www/www/ to the root. (complicated) that site is a php site, within a subdirectory (railsTest) I want to run a rails app. Not sure how to set up 000-default.conf
<snowkidind> anybody know apache - passenger
<snowkidind> apache is not showing up in passenger-memory-stats
<jonathan_> hi I heared it is a bad idea to put mysql into a kvm vm, is it the case ?
<lordievader> jonathan_: Where did you hear that?
<jonathan_> a friend who did a lots of it for the asterisk company, saying the io is very slow
<JanC> it shouldn't be "very slow" when done properly
<JanC> maybe he was running it on a CoW disk image or something like that...
<JanC> and/or not using virtio
<patdk-lap> cow shouldn't be bad, unless it was setup horrible
<patdk-lap> cow should be good
<patdk-lap> cause you won't have any random writes :)
<jonathan_> is there good resources to help me optimize the image
<jonathan_> we are using virtio for sure
<JanC> and don't use an image  :)
<jonathan_> what do you mean ?
<patdk-lap> what is an *image*?
<patdk-lap> generally the issue with using cow, is what your using it ontop of
<patdk-lap> you can't just think of one layer, you have to remember all the layers your doing, and how they interact with each other
<patdk-lap> and remember mysql uses 16k page sizes
<patdk-lap> so you should be optimizingfor 16k
<jonathan_> thanks for the tips
#ubuntu-server 2015-08-16
<nemov> hello
<nemov> has anyone here installed ubuntu server then out of ignorance did an apt get install xubuntu-desktop?
<mybalzitch> ignorance or lazyness
<nemov> I was thinking I could pull it up from term when needed for my daughter. :/ I was wrong
<nemov> What I was wondering is .. IF i did an apt-get remove xubuntu-desktop would I get the "regular" server back?
<nemov> I'd hate to loose everything I've done (albeit a learning experience)
<mybalzitch> there isn't a huge difference
<mybalzitch> it's just some extra packages
<mybalzitch> but see what xubuntu-desktop removes, it and a autoremove should get rid of all un-needed packages
<nemov> okay, great ! thank you for the information. I didn't think of autoremove :)
<nemov> I'm going  to give it a shot right now. If you don't see me in a short bit something went wrong  and I'll be starting over
<lordievader> Good morning.
<JaguarDown> Hi all newbie here. Is there a simple solution for getting around a server set up with encrypted LVM. I.e. unlocking it remotely after reboot?
<lordievader> JaguarDown: Remote unlocking of luks, now there is something: https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Remote_unlocking_of_the_root_.28or_other.29_partition
<lordievader> Probably not worth the trouble.
<JaguarDown> Ah. Thanks.
<TJ-> I should probably get a round to writing a paper on my own 2-factor and remote unlock solutions for LUKS
<patdk-lap> I just use simple https request to unlock
<cluelessperson> hey guys, do you know how to repartition the file system to take up the entire hard drive allotted to it?
<bekks> That question doesnt make much sense. you repartition a partitioning scheme, not particular filesystems.
<bekks> Using a lived and gparted is sufficient, after ensuring that you have a valid backup of your data.
<cluelessperson> bekks, Just need to extend the filesystem to use all the available space.
<bekks> cluelessperson: livecd, gparted.
<cluelessperson> alright, thanks
<lordievader> If the partition is already using all the free space: resize2fs.
<lordievader> Assuming its an ext filesystem.
<Mind_> hello, can someone please check if uvt-simplestreams-libvirt is broken?
<Mind_>  uvt-simplestreams-libvirt sync release=trusty arch=amd64
<Mind_> normaly i should get the cloud images with this command, but it seams to be broken
<Mind_> Hello, i have checkt uvt-simplestreams-libvirt on two different servers on two different networks and it seems to be broken. Can someon check it before i write a bug report? I am on trusty LTS with all patches. and "uvt-simplestreams-libvirt sync release=trusty arch=amd64" does not work anymore. It seems like it is not downloading the images. Qemu-img tries to open the image in /temp but did not find them. Here is the output from
<Mind_> http://pastebin.com/xU3bUr3f
<TJ-> Mind_: server is misconfigured
<TJ-> Mind_: or the code is... it tries to connect to  http://cloud-images-ubuntu-com.sawo.canonical.com  rather than http://cloud-images-ubuntu-com
<TJ-> :q
<Mind_> TJ-:  Did you mean my server or the server from ubuntu?
<TJ-> Mind_: Ubuntu servers - it affects me too. It looks as if the code reads a list of mirror servers... and then tries to use (the closest?) mirror ... and that mirror is badly configured and no longer mirrors the master site. Not sure if there is a way to override it to not use mirrors. Couldn't see anything obvious in the PYthon code
<Mind_> TJ-: it loads this json file with mirrors : https://cloud-images.ubuntu.com/releases/streams/v1/index.sjson
<TJ-> Mind_: I guess one of those is a CNAME for the sawo.canonical.com name
<Mind_> TJ-: I don't think there is more than this problem. I looked with wireshark and all dns request that are sended on my side are to get the ip of cloud-images.ubuntu.com.
<TJ-> Mind_: I was seeing  cloud-images-ubuntu-com.sawo.canonical.com
<Mind_> TJ-: Where is the right place to write a bug report? I don't think that this is a problem of uvt-simplestreams-libvirt. But who should i contact?
<TJ-> I'm not sure... I think possibly the Canonical sysadmins, maybe try in #canonical-sysadmin
#ubuntu-server 2016-08-15
<|\n> hello, i witness messages related to nmi watchdog on `dmesg`, where can i read about it, how exactly it is being used for debugging to conclude about indirect relations of those messages and root cause? i also see "crashes" that don't seem to affect real system behavior by any means
<|\n> also am i correct that cpu frequency scaling and dynamic load spikes on kernel modules have direct effect on what nmi watchdog says?
<|\n> i just want to find out more about reasons to judge if i can safely disable it and stop worrying =)
<Pjusur> Any one know when the 4.4.16 kernel will be released for xenial?
<xnox>   * Xenial update to v4.4.16 stable release (LP: #1607404) is in https://launchpad.net/ubuntu/+source/linux/4.4.0-35.54
<ubottu> Launchpad bug 1607404 in linux (Ubuntu) "Xenial update to v4.4.16 stable release" [Undecided,Confirmed] https://launchpad.net/bugs/1607404
<xnox> which is tracked with https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1611215
<ubottu> Launchpad bug 1612305 in Kernel SRU Workflow "duplicate for #1611215 linux: 4.4.0-36.55 -proposed tracker" [Medium,In progress]
<xnox> which is superseeded by https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1612305
<ubottu> Launchpad bug 1612305 in Kernel SRU Workflow "linux: 4.4.0-36.55 -proposed tracker" [Medium,In progress]
<coreycb> beisner, good morning, the following are ready to promote to mitaka-updates: http://paste.ubuntu.com/23058342/
<coreycb> ddellav, is horizon 9.1.0 done testing?
<beisner> hi coreycb - ok will hop on that shortly
<coreycb> beisner, thanks
<ddellav> coreycb yep
<coreycb> ddellav, ok can you tag the sru bug accordingly please?
<ddellav> coreycb will do
<med_> kirkland, the phone number in the invite to TWC doesn't work.
<med_> 866-353-2709
<kirkland> med_: 352
<med_> redialing
<med_> we sent out a local number
<med_> (well, another number)
<e^1> want to do RAID1 , can i add the other disk later after installing ubuntu ?
<algern-n> hello
<algern-n> hi
<algern-n> I installed ubuntu server yet I cannot get wlan0 working on it
<algern-n> any ideas?
<algern-n> lspci -nn | grep 0280 does show my network controller []0280] qualcomm atheros ...
<genii> wlan0 now may be named some unusual name you may not expect.  ifconfig -a should show it
<algern-n> genii I can see a wlp2s0, sure. however Link encap shows "Ethernet"
<algern-n> so there's three adapters listed by ifconfig yet all of them are either Ethernet (x2) or local loopback :(
<genii> lspci -vn will show if a driver is currently in use for it
<algern-n> I do get ath9k in use for wireless network adapter =/
<algern-n> So iwconfig will return no associated access point for wlp2s0. will amending /etc/networks/interfaces to auto wlp2s0 and continue setting up dhcp work?
<algern-n> well i guess i'll try and see duh
#ubuntu-server 2016-08-16
<rbasak> rharper: could you help triage bug 1583819 please? I'm not sure about it.
<ubottu> bug 1583819 in kvm (Ubuntu) "vcpu0 unhandled rdmsr" [Undecided,Confirmed] https://launchpad.net/bugs/1583819
<rbasak> stgraber: do you have an opinion on the proposed fix for bug 1531184 please?
<ubottu> bug 1531184 in dnsmasq (Ubuntu) "dnsmasq doesn't start on boot because its interface isn't up yet" [High,Confirmed] https://launchpad.net/bugs/1531184
<stgraber> rbasak: it's probably fine. Note that anyone who actually has the dnsmasq package installed on their system is likely to run into other problems, so not a big priority for us.
<stgraber> rbasak: (dnsmasq-base is what we care about in the distro and that doesn't ship the init script)
<rbasak> stgraber: OK, thanks
<Milad_amire> hy
<andreabedini> I'm having issues preseeding an installation. I have "d-i tasksel/first multiselect standard, cloud-image" in the preseed file but the tasks do not seem to get installed, suggestions?
<andreabedini> same with "tasksel tasksel/first multiselect standard, cloud-image"
<rightshift> Anyone got any good links on systemd service creation?
<rightshift> I've created one that starts a process, but i'm having trouble incorporating the stop
<hateball> rightshift: Had a look at https://wiki.ubuntu.com/SystemdForUpstartUsers ?
<rightshift> Thanks i'll check it out
<radish_> Hi! Does anyone know when https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5696.html will be fixed? I'm just wondering because neither RedHat, SuSe, nor Deboan/Ubuntu have released a patched kernel while distros like Arch and Mageia have already released an update.
<maswan> radish_: next regular round, probably no more than a week or two
<radish_> maswan: thanks for the information
<venkat_330> After enabling apparmor ::  my lightdm session does not open up : operation="mknod" profile="/usr/sbin/lightdm" name="/run/lightdm.pid" .. http://pastebin.com/JQwpB6ev
<rbasak> venkat_330: apparmor is enabled by default, so it might help to explain what you have done differently on your system. But also, a lightdm problem isn't a server question, so try asking in #ubuntu. Relatively few people will be able to help you with lightdm here.
<rightshift> How do I echo a status for my systemd service e.g. on start it should say "service started" on stop "service stopped" etc
<rightshift> i've got it starting and stopping, but it doesnt return any info
<OerHeks> systemctl status name.service
<FManTropyx> so I do "apt-get install update-manager-core"
<FManTropyx> there is a required step that refers to karmic/lucid
<FManTropyx> or I just run do-release-upgrade?
<Ussat> I am having a odd issue here when installing 2 packages on 16.04. The packages are samtools and bcftools. I am building the server for a researcher here at work. The two packages are disctinctly different, have different uses, commands etc, but sem to conflict and overwrite each other. I install them via standard apt-get commands, please see http://paste.ubuntu.com/23061365/. Any advice here how to get both packages installed at the same
<Ussat> time ?
<ivoks> Ussat: install them at the same time?
<Ussat> have both packages installed.
<ivoks> so, here's what packages say:
<ivoks> $ apt-cache show samtools
<ivoks> all good
<Ussat> I have looked at that
<ivoks> $ apt-cache show bcftools
<ivoks> Breaks: samtools (<< 1.0)
<Ussat> Right, I know that
<Ussat> that is the problem
<Ussat> I need both of them
<ivoks> well
<ivoks> it looks to me like they do come from the same source
<ivoks> Homepage: http://samtools.sourceforge.net
<ivoks> Homepage: http://samtools.github.io/bcftools/
<ivoks> i'd say samtools is an older version
<Ussat> Yes I am aware
<Ussat> older version of what ? they are different toolsets
<ivoks> samtools package installs samtools, which is outdated and not maintained by the upstream
<ivoks> (they say so on their webpage)
<ivoks> new version of samtools, 1.x, looks like it's not packaged
<Ussat> so youre saying the samtools functionality has been rolled into bcftools ?
<ivoks> no, i don't know that
<ivoks> https://github.com/samtools/
<ivoks> it looks like samtools is now a group of multiple toolsets
<ivoks> one of them is called samtools
<ivoks> and one is bcftools
<ikonia> bcftools isn't bcfg is it ?
<ivoks> and it doesn't look like that the version of samtools (from the github) is available in the archive
<Ussat> ok.....I see what ya saying now
<Ussat> So....latest bcftools is there in archive but not samtools.......so my options look limited, compile up samtools (which is ... eww) but seems like only option
<ivoks> it's not that complicated
<ivoks> it depends just on couple of libs
<ivoks> maybe you are lucky and it has debian/ in its source
<ivoks> nope, it doesn't
<Ussat> No, not complicated just hate having compiled crap on there because, keepinp updated sucks is all
<ivoks> well
<ivoks> then there's this thing called snappy
<Ussat> not familiar with that
<ivoks> http://snapcraft.io/
<ivoks> it would allow you to compile once
<ivoks> and then just distribute to all your machines automatically
<ivoks> and anyone could install it, on any other distro
<ivoks> it would require you to invest an hour or so to create your first snap, but it will pay of in the long term
<Ussat> fortunately, its only 2 systems
<Ussat> test and prod
<Ussat> yea reading asbout it now, looks promising, thanks
<ivoks> i think i might snap this, just for fun :)
<Ussat> thanks for the help ivoks
<FManTropyx> Cannot update compressed archives!!!
<ivoks> Ussat: i'm building a snap of samtools right now, let me see how usable it will be
<Ussat> ok thanks
<ivoks> Ussat: these tools usually need access to files you have in your home directory?
<Ussat> Well, not nessarially in home dir, but in a folder on the server, yes, the raw genetic data that the tools manipulate
<Ussat> so I found a samtools at https://launchpad.net/~nebc/+archive/ubuntu/bio-linux/+packages?field.name_filter=samtools&field.status_filter=published&field.series_filter=
<Ussat> opinions on that ?
<Bert_2> Hi, since we've upgraded to 16.04 we've been having weird issues with SSH + lookup. We have a backup service that uses a keypair with authorized_keys to do rsync. We use a from entry with the domain of the backup server and this used to work just fine. But since the upgrade auth.log is mentioning that the IP does not match the from. Even though when I nslookup the IP or dig the domain in the from ent
<Bert_2> ry they both work fine on the machine in ...
<Bert_2> ... question. One machine that still runs 14.04 works fine and when I change the from entry to have the IP instead of hostname/domain it does work fine. Anyone know about some kind of change in 16.04's openssh or resolv system that might have triggered this?
<maswan> well, first suggestion is to use "getent hosts" to check resolving instead of dig/nslookup/host which talks directly to dns instead of using the libc resolver
<Ussat> ivoks, so I found a samtools at https://launchpad.net/~nebc/+archive/ubuntu/bio-linux/+packages?field.name_filter=samtools&field.status_filter=published&field.series_filter=
<ivoks> Ussat: there you go
<ivoks> Ussat: still an old version
<Ussat> Yea, looks like whats installed by apt-get anyway. Sent a email asking about that
<Ussat> seeing these rsmatools, sent a email to researcher about them, they LOOK the same to me, but I wont be the one useing them
<Bert_2> maswan: they're not in the hosts file, if that is what you mean
<Bert_2> maswan: and getent hosts and then the domain or IP as a lookup give the correct output
<maswan> Bert_2: What IP does the auth logs say it connect from?
<maswan> or hostname for that matter
<Bert_2> maswan: it says the internal it, 192.168.0.238
<Bert_2> which backup.intern.ulyssis.org resolves to
<Bert_2> and also reverses to
<Bert_2> which is all correct
<Bert_2> but it seems from auth.log that ssh isn't converting or something
<smoser> hallyn, fyi, https://github.com/willsALMANJ/pentadactyl-signed is now providing signed pentadactyl builds
<smoser> seems working for me, and seems also to mean i can use the awesome bar again... it was *really* slow in vimperator
<rharper> rbasak: sure, I'll look at it
<hallyn> smoser: oh, nice, i'll need to try that
<hallyn> what is the awesomebar?
<hallyn> what kills me invimperator is that ctrl-t to pull up editor often doesn't work
<smoser> awesomebar == typing in the location bar (or 'o type here') and watching it complete and picking something
<smoser> ie, its the only way i can find anything
<smoser> ctrl-t ?
<kgirthofer> hey all - what is the best way to dynamically block ddos ips?
<maswan> https://www.sunet.se/blogg/showerthoughts-ddosing-an-important-social-institution-and-fixing-it-part1/ and https://www.sunet.se/blogg/showerthoughts-ddosing-an-important-social-institution-and-fixing-it-part2/ has some good ideas
<kgirthofer> thanks
<maswan> If you're talking about banning IPs on the host to not get through to the application, you're probably better off with a caching layer on top of the application if it is that fragile.
<yancho> hi. i'm doing an upgrade and got this error after the restart: A start job is running for raise network interfaces (2 minutes of 5 mins 1 sec) - any idea what I can do please?
<jgrimm> rbasak, fyi->https://bugs.launchpad.net/ubuntu/+source/iscsitarget/+bug/1613758
<ubottu> Launchpad bug 1613758 in iscsitarget (Ubuntu Yakkety) "[RM] iscsitarget should be removed from Yakkety" [Undecided,Fix released]
<jgrimm> rbasak, wrt to your mentioning https://bugs.launchpad.net/ubuntu/+source/iscsitarget/+bug/1612627
<ubottu> Launchpad bug 1612627 in iscsitarget (Ubuntu) "iscsitarget-dkms 1.4.20.3+svn499-0ubuntu2.1 fails to build on linux-generic-lts-xenial kernel " [Undecided,New]
<rbasak> jgrimm: interesting, thanks.
<yancho> anyone can offer some guidance as to why my eth0 is not getting a dhcp after I updated from 15.10 to 16.04 please? I removed auto eth0 and did dhclient -r and dhclient but to no avail.
<sarnold> did you get error messages in dmesg? logs? on the terminal?
<yancho> sarnold: no - no errors .. and with static ip it works
<patdk-wk> is there a dhcp server on the network?
<yancho> patdk-wk: yes
<brianw> better to post here... :)
<brianw> Can anyone help me with authenticating to AD on 16.04 Server? I followed this; https://help.ubuntu.com/lts/serverguide/sssd-ad.html . I am able to su to an AD user only from the root user. I get su: System error otherwise. I also cannot SSH to the Ubuntu server using an AD user, stating pam preauth stopped it.
<sarnold> can you pastebin the pam errors?
<brianw> auth.log ?
<brianw> should I increase logging on pam and sssd ?
<brianw> I know it authing to the ad, because I get a different error if I use a wrong PW
<sarnold> I'd hope the standard verbosity would be useful to start with..
<brianw> Which log?
<brianw> syslog does not say much
<sarnold> auth.log or perhaps journalctl -u su or _COMM=su or something? I'm still getting the hang of these journals..
<brianw> http://paste.ubuntu.com/23062716/
<brianw> sarnold, me too
<sarnold> brianw: argh, sorry, nothing obvious :( good luck, time for me to run..
<brianw> thanks
<brianw> Forum post I guess. Or mailing list? Which is best for ubuntu server stuff?
<brianw> I usualy use centos. The AD server is a centos samba4 server.
<eatingthenight> hello, been a little confused by this and was hoping someone here could offer insight. when i connect my sever to my ldap server and sudo su - ldapuser i have a home directory created. However no passwd entry or shadow entry is added because it's handled through pam
<eatingthenight> how can i create an ldap user without the extremely hacky `sudo su - ldapuser`
<bekks> eatingthenight: just omit su.
<bekks> eatingthenight: sudo executes a command as root.
<eatingthenight> so you are saying run sudo - ldapuser?
<bekks> eatingthenight: no. what are you trying to do? "sudo su - ldapuser" invokes sudo for being able to run "su - ldapuser" which actually logs in as ldapuser.
<bekks> eatingthenight: Thats your way of solving a specific issue - which one?
<eatingthenight> root issue is create ldapuser on the machine
<eatingthenight> having to switch to the user and have pam magically create the user seems hacky
<bekks> thats how it works.
<eatingthenight> well that works then, just thought someone might have a cleaner way.
<bekks> That IS the clean way.
<eatingthenight> ha, alright well i feel better about it now.
<bekks> The unclean way would be asking the ldap for all users and create all users.
<eatingthenight> just wanted a sanity check
<eatingthenight> thanks bekks!
<eatingthenight> i can remove my "super hack to create ldap user comment from my ansible script now" :)
#ubuntu-server 2016-08-17
<kyrofa> Anyone around less clueless about apache's mod_ssl (and Ubuntu's default config for it) than I am?
<patdk-lap> heh? that is hardly a question
<patdk-lap> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<kulyzu> $ cat -         # what does it mean
<sarnold> try it :)
<sarnold> (hint, <enter>^D means "end of file" to the terminal, and it'll caus ethe cat command to stop at that point :)
<algern-n> cat > :3
<patdk-lap> that seems very chatty for a cat
<patdk-lap> don't they normally just do their own thing
<vern__> hello, do anyone try to install openstack on ppc64el, by following this guide (https://help.ubuntu.com/lts/clouddocs/installer/en/single-install.html) ?
<vern__> i am blocked by "$ sudo openstack-install"
<golserma__> Hi I try to create an external snapshot using libvirsh and apparmor is complaining. Is this a not supported feature in 14.04?
<golserma__> virsh snapshot-create-as domainname snapshot_pre_upgrade_1 --disk-only --atomic
<Pjusur> for my servers, should I use the standard ntpdate package that is installed by default, or should I install ntpd? pros cons?
<sinamaleki> hi anyone here ?
<hateball> !help | sinamaleki
<ubottu> sinamaleki: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<rbasak> rharper: thank you for handling bug 1583819. I can close the tab now :)
<ubottu> bug 1583819 in kvm (Ubuntu) "vcpu0 unhandled rdmsr" [Undecided,Invalid] https://launchpad.net/bugs/1583819
<Ussat> I remember when upgradeing a 14.04 --> 16.04 there a ethernet change, anyone have a link to that ?
<xnox> Ussat, stable names are now used, but that's since wily i think.
<maswan> Unfortunately, they're not stable for VMs, we've found
<Ussat> Ya this is a VM, but got it, thanks
<maswan> (adding a new disk would renumber pci devices, leading to no networking to the guest :( )
<maswan> now running with net.ifnames=0
<xnox> Ussat, maswan - yes VMs have no stable naming scheme, thus stable names are not evailable there.
<xnox> my understanding was that old-school names should be used in VMs.
<Ussat> yea, I got it sorted, thanks
<xnox> how is one adding the pci devices? are you controlling it, or is done via libvirt of some such? cause one can specify pci bus ids to qemu.
<xnox> and they are done in order, so if network devices are specified before disks, it should be stable...
<maswan> xnox: ganeti
<maswan> now I need to run
<Xin> hey all how can I check that a partitions encrypted with LUKs is properly encrypted? :)
<ikonia> you can start by not asking the same question in every IRC channel you are in
<ikonia> Xin: are you using ubuntu or debian
<coreycb> beisner, good morning, neutron and neutron-*aas 2:7.1.1-0ubuntu1~cloud0 are ready to promote to liberty-updates
<coreycb> beisner, also qemu 1:2.3+dfsg-5ubuntu9.4~cloud1 is ready to promote to liberty-updates
<beisner> o/ coreycb
<coreycb> o/
<coreycb> ddellav, I'm starting to look at python-os-vif.  to get it into debian you'll need to file an ITP bug (and document it in d/changelog) - https://wiki.debian.org/ITP
<coreycb> ddellav, sample bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824559
<ubottu> Debian bug 824559 in wnpp "ITP: python-monascaclient -- Python bindings for the Monasca API" [Wishlist,Fixed]
<beisner> coreycb, neutron, neutron-*aas, qemu http://pastebin.ubuntu.com/23064487/ promoted to uca liberty-updates re:
<beisner> https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1594867
<beisner> https://bugs.launchpad.net/cloud-archive/+bug/1611123
<ubottu> Launchpad bug 1594867 in nova (Ubuntu Wily) "[SRU] liberty point releases" [Undecided,Fix released]
<ubottu> Error: launchpad bug 1611123 not found
<ddellav> coreycb ok, i knew i needed to create a bug i just wasn't sure what the format was.
<coreycb> ddellav, I think reportbug will generate an ITP template: reportbug -B debian python-os-vif
<coreycb> beisner, thanks1
<beisner> coreycb, yw sir
<coreycb> ddellav, mostly looks really good, I didn't try installing yet - just some minor comments http://paste.ubuntu.com/23064569/
<ddellav> coreycb ok awesome, those are pretty much exactly what my concerns where
<coreycb> ddellav, cool
<Geom> can anyone confirm if PATA optical has an issue on udev rules regarding not triggering automatically unless you try to do something like cd-info sr0
<Geom> or whateber command that points to drive's dev
<ddellav> coreycb bug submitted (#834608), here's the final repo for your review: lp:~ddellav/ubuntu/+source/python-os-vif
<kgirthofer> hey all - looking for a way to completely saturate my bandwidth on purpose
<kgirthofer> we have comcast and it's a bullshit line. Never works - so we bumped up to fiber
<kgirthofer> and now the line is clean as ever
<kgirthofer> so I want to resaturate the line to see if it starts failing again so I need to simulate a bunch of traffic
<kgirthofer> only thing running on that network is an ubuntu server
<sarnold> there's direct http links to the huge files that the speedtest network uses for their speedtest.net clients.. that might be a decent starting point
<kgirthofer> yea I'm using that running every minute through nagios
<kgirthofer> and graphing it
<sarnold> oh lookie there, speedtest-cli
<sarnold> ha
<sarnold> nice
<kgirthofer> yea so that's showing a nice solid line right at 82mbps
<kgirthofer> which is great
<RadenBlazed> hello everyone
<kgirthofer> but I want it to not be great
<sarnold> kgirthofer: kernel.org has some decent bandwidth, maybe you could kick off an rsync to them
<kgirthofer> nice
<RadenBlazed> guys if i want to make a mail server do i need to make my server a DNS server also?
<kgirthofer> thanks
<sarnold> kgirthofer: if you've got more endpoints maybe iperf or similar tools?
<patdk-wk> RadenBlazed, depends
<kgirthofer> while 5 < 3 download from kernel.org
<patdk-wk> what does, make a mail server, mean
<RadenBlazed> i got a domain and want @mydomain.com emails.
<RadenBlazed> t/fireball
<RadenBlazed> t/fireball
<RadenBlazed> sorry hit a hotkey :P
<patdk-wk> you don't need a server at all for that
<kgirthofer> RadenBlazed: no just install the mail client of your choice
<RadenBlazed> ?
<patdk-wk> you want to be able to receive and send emails from your server using that domain?
<RadenBlazed> yeah my domain
<patdk-wk> you want smtp/imap/pop all on that server?
<patdk-wk> you want virus and spam filtering?
<sarnold> normally I'd say "pay google to do it"
<sarnold> hosting email servers twenty years ago was kind of fun. I wouldn't want to do it today..
<patdk-wk> you will need a recursive dns server on that mail server
<RadenBlazed> im already paying for this server. and its more about me learning to use servers better
<kgirthofer> yea RadenBlazed - that's best advice. When you have a mail server, you have to open ALOT to the outside world and It's super common for hackers to get in and start spamming emails like crazy. Then you get blocked/pay for data overages/usage
<nacc> hosting a mail server will not teach you to "use servers better", IMO
<patdk-wk> sure it will, you will become a better bofh :)
<sarnold> and you'll need to be able to modify your dns zone information but you can still pay someone else to host your DNS for you if you wish
<sarnold> patdk-wk: hehe
<nacc> patdk-wk: heh
<RadenBlazed> lol its something that i want to do. and i dont have a bandwith limit on my server. I also dont have anything important on it. Its more of a learning experience.
<patdk-wk> learn/setup spf, dkim, dmarc
<RadenBlazed> I was gona use postfix, postfixAmacisNew (for safery), ClamAV (also for safety), Dovecot and squerrelmail to access it from the browser.
<RadenBlazed> Im just not understanding the whole DNS part. some guides say i need a DNS server. some say i can just use the godaddy control pannel and change it from there
<sarnold> if godaddy's dns panel lets you add arbitrary records that's probably fine
<sarnold> kgirthofer: I wonder how much traffic you could get if you ran a tor mixer node -- you wouldn't want to be an exit node and there may be more work in being an entrance node, but middle-node may have a lot of traffic but few consequences
<patdk-wk> RadenBlazed, you need a dns server
<patdk-wk> godaddy dns panel == dns server
<patdk-wk> you will also need a dns recursor INSTALL on the mail server
<RadenBlazed> ok thanks, ima go look up what is :)
<RadenBlazed> i do know that is has something to do with the MX records in the go daddy CP.
<sarnold> there's two types of dns servers -- authoritative and recursive. the authoritative ones host zones; recursive ones handle queries from clients, and start by going to the root servers and recursing through all the other authoritative dns servers along the way
<RadenBlazed> ok thanks
<sarnold> you'd probably want to run a recursive resolver on your mail host, so that it can cache frequently requested dns names locally. the busier the server the more important that becomes..
<patdk-wk> not really
<sarnold> oh?
<patdk-wk> if you ever use a dnsrbl, it is required
<sarnold> zounds yes
<RadenBlazed> ok
<patdk-wk> an incoming mail server without a dnsrbl is kindof insane
<sarnold> patdk-wk: do you use rpz or are you content to just use it as a cache?
<RadenBlazed> idk
<RadenBlazed> this is all a learning experience for me lol
<patdk-wk> I have a few rpz, but I don't use them in dns
<pclerie> Hello! Trying to debug things with NFS. It seems that option RPCSVCGSSDOPTS from /etc/default/nfs-kernel-server is not picked up by the daemon on start up. I just can't figure out why. Is this a know problem?
<dusty> I have been directed here by a friend who told me someone on here might be able to help me with my issue. I am trying to install Postfix and Dovecot with MySQL as database. This seems like a simple task but unfortunatly i have one more request. It has to be done completely without SSL Certificate. Would any of you be able to guide me in the right direction, i have been spending 4 days installing,
<dusty> reinstalling and configuring without any luck.
<tarpman> dusty: can you try to ask a more specific question? is there a certain problem you're stuck on?
<sarnold> pclerie: do you get any error messages? do you get error messages if you set the options to garbage?
<pclerie> sarnold: No messages. In fact, I'm trying to increase logging to find my problem. And I have not tried garbage. Will get back on that one.
<sarnold> pclerie: do you ahve a /run/sysconfig/nfs-utils file? does it look sane?
<sarnold> pclerie: (what release is this? I just sort of assumed 16.04 LTS but earlier releases will be different..)
<pclerie> sarnold: 16:04 is correct. In KVM machine. And no garbage option does not do anything.  And RPCMOUNTDOPTS works just fine.
<beanbag> is server still cd or did it go dvd
<pclerie> sarnold: nfs-utils looks fine, include RPCSVCGSSDOPTS. Funny that it contains the original -vvv not the garbage I just put there.
<sarnold> pclerie: I wonder, the https://codesearch.debian.net/search?q=NEED_SVCGSSD makes it look a bit like the svcgssd thingy isn't correctly being used in systemd..
<sarnold> beanbag: server iso looks like it'd still fit on a cd if you wanted to go that route http://releases.ubuntu.com/16.04.1/
<pclerie> sarnold: Interesting. I stopped the server. Deleted nfs-utils and restarted. Now both RPCMOUNTDOPTS and RPCSVCGSSDOPTS are not picked up.
<sarnold> oddd
<pclerie> sarnold: nothing in the link rings a bell.
<pclerie> sarnold: Oh! And /run/sysconfig/nfs-utils is not recreated.
<sarnold> pclerie: that file ought to be regenerated by the /usr/lib/systemd/scripts/nfs-utils_env.sh script, which is run from the nfs-config.service systemd unit
<pclerie> sarnold: I've restarted, then stop and start the server a couple of times. It has not been regenerated.
<beanbag> I can't burn it worth shit
<beanbag> from 2 different burners
<pclerie> sarnold: I rebooted. RPCSVCGSSDOPTS definitely does not get picked up.
<pclerie> sarnold: and it looks like nfs-utils is only generated on cold boots.
<sarnold> pclerie: crazy :/ it'd be worth a bug report.. good luck, time for me to run
<pclerie> sarnold: Thanks.
 * beanbag blames Shambles 
<beanbag> CANUCK
<Shambles> Stalker!
<beanbag> 10 failed disks today
<beanbag> tried 2 burners cd's and dvd's
<beanbag> trying one last cdr at lowest burn speed
<beanbag> found the issue thx
<LaserAllan> hey guys, I think i am having an issue with the apt-get since I have a pakcage that is at least a year behind release schedules and it still says that I have the latest version, is this just ebcause someone ahsnt tested a newer version for ubuntu 1404 and commited it?
<tarpman> !highno | LaserAllan
<ubottu> LaserAllan: A higher version number does not mean that it's better. Especially with packages such as the linux kernel. The packages in the Ubuntu repositories are stable and will work fine. You should have a better reason than "newer" when considering compiling from source or using 3rd party repos.
<LaserAllan> tarpman: Sorry I should have been more specific, this is Xymon System Monitoring Tool. The reason to upgrade would for me to get some of the new things they have added to make my IT life easier.
<tarpman> LaserAllan: upgrade to ubutnu 16.04, then
<tarpman> *ubuntnu
<tarpman> **ubuntu
<LaserAllan> tarpman: Is there no other way around unless i wanna recompile the packages I have from source?
<tarpman> LaserAllan: https://help.ubuntu.com/community/UbuntuBackports
<tarpman> I don't see an existing backport of xymon, therefore, you'd have to request one and hope someone's kind enough to do it, or build your own
<tarpman> the backportpackage tool in ubuntu-dev-tools is very useful, https://wiki.ubuntu.com/UbuntuBackports#Building_a_Backport
<LaserAllan> tarpman: Thank you, why i am very careful about ugprading just yet is becuase i run a mailserver that I am keen on is going to run fine I guess I could just do a testupgrade and revert to an older snapshot if things dont work out as I want them to, but I have I thik only one package that is compiled comepltely from source since that package afaik doesn't even exist in a repo atm.
<LaserAllan> tarpman: Thank you anyway I will have a read, the problem with building xymon is that ive foudn the isntructions on what depencies it has to be kinda vague.
<tarpman> LaserAllan: if you backport the package and build it in a ppa, the packaging and buildserver handle all that for you
<LaserAllan> tarpman: I don't feel comfortable doing that, dont really feel like i have the knowledge enough to do it. But i will nevertheless look at documenation
<LaserAllan> "documentation
<tarpman> whatever works for you, of course. just making the suggestion
<tarpman> and if you're an administrator of a debian/ubuntu system, being able to modify and build packages is a pretty important skill IMO
<LaserAllan> tarpman: Easiest would ofc be to just update to 1604 but I wonder then what will happen to all the things i have running now, like dovecot, postfix, znc, and some other stuff you know :)
<tarpman> not something to rush into unprepared, for sure
<LaserAllan> tarpman: No not yet, I have mostly used linux and unix at home
<LaserAllan> tarpman: I have however been offered such a job, so I am currently looking for some good howto's documentaiton how to build packages and so on.
<tarpman> LaserAllan: https://www.debian.org/doc/manuals/maint-guide/ and http://packaging.ubuntu.com/html/
<LaserAllan> tarpman: I will have a read there
<Braven>  Has anyone does here worked with Realms?
<ikonia> yes
#ubuntu-server 2016-08-18
<YokoBR> Could someone tell me a good web interface to admin an ubuntu server? It's set up with mysql, nginx and hhvm already
<sarnold> YokoBR: please be careful if you choose to use one; I think web admin interfaces are the second most common reason why linux systems are compromised. be sure to firewall it to only allow access to specific IP ranges that you want to allow to admin the machine
<YokoBR> sure :)
<YokoBR> everywhere i look, i only find ajenti
<RoyK> YokoBR: ssh is a good way to administer thing ;)
<RoyK> YokoBR: it doesn't take long to learn it the old way and you'll thank me after you learned it
<YokoBR> RoyK: It's what am I doing right now.. But I wish I had a faster way to deploy domains there
<RoyK> YokoBR: AFAIK there isn't really any good web frontends for administering linux yet
<RoyK> YokoBR: just get used to it - it's not hard
<YokoBR> oh, fine :(
<RoyK> it takes me about 2 minutes to setup a new website
<RoyK> heh
<Geom> is there such cli command to make yor optical's led to blink?
<OerHeks> Geom, all perhepials ( incl leds)  are accessible in the filesystem, however, dvd lights not , see /sys/class/leds
<Geom> OerHeks oh thats not good. have to find an alternativeâ¦ thanks for the info
<OerHeks> yw
<Geom> how come i dont have ls /sys/class/leds/
<OerHeks> hmm maybe because i am on a desktop ..?
<Geom> probably :)
<OerHeks> odd, never noticed this difference
<Geom> i might have to make it speak instead of blinking led
<lucas_ai> When I run rsync -vr fromDirectory toDirectory, to backup files to an external drive, it takes too long to check the deltas for the whole file list, and my drive gets disconnected. Every time I run it again, it doesn't get to send new files because checking for changes takes so long and always starts from the same place. Any ideas on how to continue transfering files, but faster or avoiding the initial long checks?
<bekks> lucas_ai: Better fix the issue of your drive disconnecting instead ;)
<lucas_ai> bekks, I don't think that's realistic. I'm using a tablet, and an external dock with disks in it
<bekks> lucas_ai: And why isnt it realistic to fix it then? Are you pulling the cables while you are transferring data?
<lucas_ai> Not really, but I'm running windows10, as well
<lucas_ai> on a surface pro 3
<lucas_ai> I don't think it's designed to do long hours of file rsyncing
<bekks> So your question isnt about Ubuntu then?
<bekks> And windows doesnt care how long a file transfer takes, as long as you dont pull the cables :)
<Geom> OerHeks: Solved it by using keyboard instead
<Geom> KB led i mean
<OerHeks> Geom, what was your goal with that led?
<Geom> to blink for error on a headless server based on my custom script
<OerHeks> ah oke.
<OerHeks> else you could annoy the admin with eject && eject -t
<OerHeks> :-D
<Geom> ^^ correct
<OerHeks> or just eject ..
<caribou> rbasak: nacc: jgrimm: I just remembered that there is still a MR outstanding for clamav :https://code.launchpad.net/~louis-bouchard/ubuntu/+source/clamav/+git/clamav/+merge/298630
<rbasak> caribou: I'm on it. It's the last one I have left!
<rbasak> Though after that I'm going to go through the merge list again.
<caribou> rbasak: oh ok, I thought it had fell off the radar
<Braven> has anyone done used Realm to join a ubuntu server to AD
<Diranged> Hey .. I'm launching new Ubuntu 14.04.05 images in Amazon and I'm finding they come up with the 3.13 kernel rather than the 4.4 kernel. I thought thatb ased on the release notes, that the 4.4 kernel was the default now. Am I using the wrong AMI images?
<coreycb> beisner, ceilometer 1:5.0.4-0ubuntu1~cloud0 is ready to promote to liberty-proposed when you get a moment
<coreycb> beisner, also horizon 2:9.1.0-0ubuntu1~cloud0 is ready to promote to mitaka-updates
<coreycb> beisner, aodh 2.0.2-0ubuntu1~cloud0, ceilometer 1:6.1.3-0ubuntu1~cloud0, and betamax 0.5.1-1~cloud0 are also ready to promote to mitaka-updates
<Danili> Hello in here :) I have rented a ubuntu server, and I'm kind of a newb I admit that. Anyways my problem is that my / is filled 100% I can't even do a apt-get autoremove. I don't know what to do about this problem because I only know what I have in my home folder https://paste.ubuntu.com/23068124/ https://paste.ubuntu.com/23068153/
<PryMar56> Danili, apt-get clean
<PryMar56> Danili, or whack the /var/cache/apt/*deb
<Danili> still 100% used after a sucessfull apt-get clean so rm -rf /var/cache/apt/*deb ?
<compdoc> Danili, boot the Ubuntu Desktop dvd, and see if you can remove any junk files that you dont need
<bekks> Danili: can you still pastebin?
<compdoc> free up space
<Danili> compdoc, It's a rented server, I don't have hard access
<compdoc> ohh
<compdoc> you'll have to pay your provider, then
<bekks> Or just see where space is used.
<bekks> Thats why I'm asking wether pastebin stuff is still possible.
<RoyK> Danili: tune2fs -m 0 /dev/mapper/vg00-root
<compdoc> cant ssh into it? you can login and free up space
<Danili> bekks, https://paste.ubuntu.com/23068215/
<Danili> I can ssh in to it
<RoyK> Danili: ext4 normally reserves 5% for root
<RoyK> Danili: use the tune2fs command above to set that to 0%
<bekks> Danili: Can you pastebin "df -i" please, too?
<Danili> bekks, https://paste.ubuntu.com/23068216/
<patdk-wk> well, two issues
<patdk-wk> one is attempting to run apt-get as non-root
<patdk-wk> second is, the disk is full
<patdk-wk> the permission issue has nothing to do with diskspace
<patdk-wk> find out what used your diskspace all up
<Danili> patdk-wk, the permission issue is not a issue :P
<patdk-wk> it was in the pastebin :)
<patdk-wk> just start doing a, du -s * | sort -n
<patdk-wk> just start doing a, du -sx * | sort -n
<patdk-wk> starting in /
<patdk-wk> and going into subfolders for the larger ones
<patdk-wk> see if it's all used up in /usr or /var, or /var/lib/...
<patdk-wk> something like, you have mysql installed, and have a bunch of data in it, or log files turned on, it will fill up /var/lib/mysql
<bekks> sudo du -sh /
<bekks> err, cd /; sudo du -sh *
<patdk-wk> h becomes annoying to sort with
<patdk-wk> when you have >10 folders :)
<RoyK> bekks: no, sudo du -sc /*
<bekks> Works fine for getting an idea :)
<patdk-wk> only if the list is short
<patdk-wk> it's too hard to deal with the units quickly
<patdk-wk> for / and /var it might be ok, but not for /var/lib
<Danili> thanks everybody, I'll try to go through the folders :D
<Danili> discovered that I have some giant logs
<Danili> Hello again in here. Earlier I had some problems with my / being filled 100% so I couldn't even use apt-get autoclean or autoremove. I cleaned up some space manually and after that I thourght it was time for the autoremove and autoclean, but after those there was even less space avail, can anyone explain that? https://paste.ubuntu.com/23068441/
<OerHeks> Danili, odd... you cannot run ' apt-get full-upgrade ' ?
<RoyK> davisonio: did you try tune2fs -m0 /dev/mapper/vg00-root
<RoyK> ?
<RoyK> Danili: that was for you, sorry davisonio
<Danili> OerHeks, I think I should clean up some more space before I upgrade anything
<davisonio> np
<Danili> RoyK, Now I have and as you said it gave me about 5%
<RoyK> Danili: then look for whatever's filling up your rootfs
<Danili> RoyK, I have found out and I'm working on a fix :D You have all been really helpfull and I have learned alot about cleaning my / today :D I just wondered why the autoclean and autoremove was taking and not giving free space
<RoyK> Danili: try du -sc /*
<RoyK> Danili: it may take a while, but it'll show where the the space is used
<arooni> anyway (besides say ping) of determining latency on a ssh connection ?  and is there anything i can do to reduce latency ?  connecting from mac os x to ubuntu server 14.04 over ssh and using tmux
#ubuntu-server 2016-08-19
<thekrynn_> does anyone have recommendations for a portable kvm solution for servers running ubuntu (mainly for initial setup and bios)
<jsheeren> hi there
<jsheeren> quick question about running the cloudimages on an openstack platform and specificaly io performance differences between stock xenial and stock trusty with a xenial-lts kernel installed through apt
<jsheeren> are there differences in the kernel options?
<jsheeren> the xenial cloud image with kernel 4.4.0-24-generic has almost 2 times better IO performance than the trusty cloud image with the xenial-lts 4.4.0-34-generic kernel
<jsheeren> which i find surprising as i would expect the same performance
<jsheeren> i already asked in #ubuntu-kernel but it's rather quiet down there ..
<iliv> jsheeren, you're probably gonna be better off taking a look at deb src files where I guess you could see how both kernels were compiled
<rbasak> coreycb, jamespage: https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2016-August/016812.html
<coreycb> rbasak, would you mind pointing them to the mitaka review queue for the cinder question?   I need to figure out why I'm not getting ubuntu-devel emails (I'm subscribed).  and I'm headed out of town right now.
<rbasak> coreycb: sure, but where is that?
<rbasak> coreycb: it's ubuntu-devel-discuss BTW, not ubuntu-devel.
<coreycb> rbasak, sorry, xenial review queue - https://launchpad.net/ubuntu/xenial/+queue?queue_state=1&queue_text=
<coreycb> rbasak, ah so maybe I'm not subscribed
<rbasak> Ah, thanks. I assumed it was a special cloud archive thing
<rbasak> It'll go back to UCA Trusty after landing in Xenial, right?
<coreycb> rbasak, thanks for doing that, yes that's correct
<rbasak> OK, thank you for confirming
<rbasak> jgrimm, nacc: so a squid3 merge looks pretty involved. I'm definitely not going to finish it today, and in any case I have doubts about pushing it in due to FF etc. But I can hand it over to nacc to continue? It won't be wasted work either way because we'll land it eventually whatever we decide. And the git workflow makes a handover really easy I think.
<rbasak> Alternatively if we don't want to land it this cycle then I can hold on to it.
<jgrimm> rbasak, lets pass it along
<jgrimm> will be good test of it being easy handover too. :)
<rbasak> I like that last aspect :)
<rbasak> nacc: OK, so https://git.launchpad.net/~racb/ubuntu/+source/squid3
<rbasak> I've done deconstruct/3.5.12-1ubuntu8 without reconstruct, but please check it. The reason is that ~ubuntu-server-dev has a previous upload, so I manually rebased the newer imports onto that. Not sure the auto-reconstruct would have handled that.
<rbasak> My master branch is my current work in progress towards a logical (incomplete). It have an empty diff (except for update-maintainer and changelog) to old/ubuntu.
<rbasak> It *should* have.
<rbasak> But it is far from the minimal logical because of the extensive Ubuntu-specific changes wrt. maintainer scripts and migration paths.
<rbasak> Note also my message in  https://git.launchpad.net/~racb/ubuntu/+source/squid3/commit/?id=279b24d284429fcf9d93767ebe11f4688fc477fd please - I didn't manage to fully match up all changes - perhaps because of a difference in interpretation.
<rbasak> (and two "previously undocumented" commits too)
<xnox> smb, hi!
<smb> xnox, yeees?
<xnox> libvirt FTBFS on s390x, because python is not available, and we comment out build-depends on python. My guess is that it is only transitevely installed on all other arches.
<xnox> smb, do you mind if I upload "build-depends: python:any" patch? or do you use some fancy server team git stuff to manage libvirt uploads?
<smoser> rbasak, around ?
<xnox> sample build log at https://launchpadlibrarian.net/279853280/buildlog_ubuntu-yakkety-s390x.libvirt_2.1.0-1ubuntu3.0~ppa1_BUILDING.txt.gz and trivially reproducible by rebuilding current libvirt package from yakkety on s390x
<xnox> i'm not sure where/what/how/why dropped python2.7 dep on s390x though =( maybe i should investigate that.
<smoser> i'm looking at cloud-init packaging... https://git.launchpad.net/cloud-init/tree/debian?h=ubuntu/devel
<smb> xnox, at some point we added a git tree but I can re-import the change there later
<smoser> i think i'm kind of forced into having cluod-init.install and grub-legacy-ec2.install because i have the 2 packages (or at least something needs to deal with copying the right files to the right package dir).
<smoser> i dont like listing things explicitly in https://git.launchpad.net/cloud-init/tree/debian/cloud-init.install?h=ubuntu/devel
<smb> xnox, but was that yakkety?
<xnox> smb, yes yakkety only. Just today.
<smoser> but i need to have the first 2 lines there , or some other way make tools/21-cloud-inig.conf get into /etc/rsyslog.d and the profile.d file too.
<xnox> smb, i'm maintaining a small patch on top of libvirt in my ppa, hence i've noticed.
<smb> xnox, because the uplaod I did show build ok
<smoser> i can shorten that to lines 1 and 2 and then 'etc/* lib/* usr/*' but that is still les than ideal. is there an easier way ?
<smb> xnox, https://launchpad.net/ubuntu/+source/libvirt/2.1.0-1ubuntu3
<xnox> i just rebuilt that on devac02 in sbuild and it fails.
 * xnox pokes chroots to find ways.
<xnox> smoser, sure you can avoid install files.
<smb> xnox, weird...
 * smoser secretly hoped xnox would jump in :)
<xnox> smoser, dh_auto_install --destdir=debian/cloud-init
<xnox> that would run "make install" into your "main" package to install everything.
<xnox> then you just need obscure-package.install to install things there.
<xnox> or some such.
<xnox> smoser, see $ man dh_auto_install
<smoser> ok..
<smoser> and then i can just in install: target or something copy the files to debian/cloud-init ?
<xnox> huh?
<nacc> rbasak: will review it asap
<xnox> smoser, normally, when one has multiple packages upstream built system installs everything into debian/tmp, rather than the main package.
<xnox> here we redirect upstream built system to still install into debian/<main-package> straight away, because the bulk should be there.
<xnox> no need to write any .install files for the main package then.
<xnox> smoser, rm debian/cloud-init.install
<xnox> smoser, cat >debian/rules <<EOF
<xnox> override_dh_auto_install
<xnox>     dh_auto_install --destdir=debian/cloud-init
<xnox> EOF
<xnox> (add colon, and tab) -> done
<xnox> ..
<xnox> smb, found the culprits - why you no like s390x!!!! =)
 * xnox shakes fist
<smoser> xnox, http://paste.ubuntu.com/23070530/ seems to work for me
<smoser> is that how you woudl do it ? or would you suggest a different makefile target for doing the install of those files
<smoser> actually, that seems to result in ignorning of grub-legacy-ec2.install
<xnox> smoser, something like that. grub-legacy-ec2.install should still be run....
<xnox> smoser, does grub-legacy-ec2.install -> installs things from debian/tmp currently? or just from arbitrary places?
<smoser> from debian/
<xnox> so should be fine.
<smoser> https://git.launchpad.net/cloud-init/tree/debian/grub-legacy-ec2.install?h=ubuntu/devel
<smoser> well, the package ends up with only http://paste.ubuntu.com/23070539/
<rbasak> smoser: just catching up. I'm not sure I follow what you want or the reason for your dislike of what you have, so shall I leave it to xnox? :)
<xnox> smoser, mv debian/grub-legacy-ec2.install debian/ec2-init.install ?
<smoser> rbasak, well, i dont like listing directories for cloud-init as it made me miss some files
<smoser> that were installed by setup.py into directories not listed there.
<xnox> smoser, looks like you renamed the package, but didn't rename .install file to match, no?
<smoser> xnox, no.
<smb> xnox, tis not that I not care, but if the build ain't broken for me I won't fix it
<rbasak> smoser: do you know about dh_install --fail-missing?
<smoser> i should probably drop the ec2-init package entirely
<smoser> rbasak, well, yeah. thats another option.
<xnox> smb, so python2.7 is transitive dependency of systemtap-sdt-dev and zfsutils-linux which are arch qualified on all arches, but s390x.
<xnox> python2.7 is needed for apidocs build, and without builddeps on systemtap-sdt-dev/zfsutils the build fails.
<rbasak> smoser: sorry, I know I'm not giving you completely coherent answers at the moment. I need to spend some time understanding your question better, but I need to run to a meeting. And then I'm off for a week :-/
<xnox> smoser, you say that things from "grub-legacy-ec2.install" did not install into the package, yet the package you showed in the pastebin is "ec2-init" rather than "grub-legacy-ec2".
<smoser> oh.
<smoser> yeah
<smoser> i suck.
<smoser> i dpkg -c the wrong file
<smoser> xnox, thank you for your time.
<smb> xnox, hm I guess zfsutils-linux would be a good s390x candiate. It just was not done before and I was a bit in a hurry to bead ff
<smb> beat even
<xnox> smb, quite. I'll build with xfsutils and systemtap-sdt-dev enabled on s390x, make sure things still work, and then probably upload.
<xnox> good thing i actually started to dig into where the transitive python2.7 dep comes from on !s390x
<smb> xnox, ack ok. and I sync it up with the git tree after that
<xnox> smb, deal! =)
<Gorian|work> hallo
<jonah> hi can anyone please help. I'm having a constant battle with authentication problems via imap mail with dovecot. I don't know if this is a bug in 14.04 LTS which I'm running but I always get errors in the logs
<patdk-wk> jonah, how can we help when we cannot see the errors?
<jonah> patdk-wk: hi thanks - the error I keep getting is pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=info-domain.co.uk rhost=::1  user=info-domain.co.uk
<jonah> patdk-wk: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=info-scotiahouse.co.uk rhost=::1  user=info-scotiahouse.co.uk
<jonah> patdk-wk: unable to dlopen(pam_systemd.so): /lib/security/pam_systemd.so: cannot open shared object file: No such file or directory
<jonah> patdk-wk: and a lot of errors about pam_systemd.so...
<patdk-wk> so what your saying is dovecot doesn't work, cause your pam stack is screwed
<patdk-wk> why is your pam stack messed up?
<jonah> patdk-wk: yeah something like that - but it does work intermittently...
<jonah> patdk-wk: I don't know why it's screwed but it would be great if I could fix it somehow...
<patdk-wk> also, what is up with that username?
<jonah> patdk-wk: yeah with the hyphen in there? weird eh?
<patdk-wk> last I knew, domainnames aren't used used for usernames
<patdk-wk> well, you configured it that way :)
<patdk-wk> I know I didn't
<patdk-wk> and it doesn't come that way
<jonah> patdk-wk: yeah that's true, but I didn't screw that pam stack or whatever, that's always been messed up!
<bosco> so i have a problem /var/www/website.com/index.html shows when i load my webpage all though i want /home/bosco/public_html/index.html to show as the home page how do  i make that happen i have googled to no avail
<bosco> ?
<OerHeks> normally one comes in here asking howto get sufficient priv to write from /home/ to /var/www/
<OerHeks> try to put apache to read from your /home/ perhaps?
<bosco> i have tried that all i know is i want /home/bosco/public_html/index.(php/html) to edit my site not /var/www/site.com/public_html/index.(php/html)
<bosco> OerHeks,
<genii> userdir
<bosco> huh
<bosco> i got ya sorry tired and just woke up working nights at the moment be back on days next month lol
<genii> Ah, bosco left. Now I finally had some time to explain how to a2enmod userdir and some other things
<spajderix> hello
<spajderix> I've recently updated my server from 14.04 to 16.04 and have an issue with openvpn. Whenever I try to start via /etc/init.d/openvpn start, it says it is initiated via systemctl, but nothing happens. When I try systemctl start shade, it then says that openvpn is running, but there is no process. Whenever I try systemctl start openvpn@mynetname, it then says it failed to start because of external command
<spajderix> Anyone knows how to deal with this?
<bosco> anyone in here
<bosco> ok i need some help with my server i want to be able to edit /home/bosco/public_html/index.html and have to edit my website not have to edit /var/www/website.com/public_html/ i want to edit it as a user not as root but be able to from my users home directory
<bosco> ??
<RoyK> bosco: see http://httpd.apache.org/docs/current/mod/mod_userdir.html - it's probably installed, just enable it
<bosco> RoyK, i have been there and enabled it can u pm me please
<RoyK> bosco: a2enmod userdir and apache2ctl graceful should do
<bosco> i just want someone to look at it and  show me what i am doing wrong if thats possible
<bosco> i have looked and spent to much time trying to figure this out done almost everything i can think of with google and apaches website as well
<RoyK> bosco: have you checked the logs?
<bosco> yes i have checked the logs
<RoyK> as in /var/log/apache2/error.log ?
#ubuntu-server 2016-08-20
<thekryn__> any nginx users in the room?
<patdk-lap> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<patdk-lap> the question you just asked is the most annoying one ever to use on irc
<patdk-lap> cause if someone does, it annoys them waiting for you to respond
<thekryn__> 	is there any downside to setting limit_req_zone rate to 1r/s to ensure that the lim_req's are always fielding requests
<thekryn__> i get screamed more about asking the incorrect questions in a channel than asking if people know about the subject
<thekryn__> 10:1
<patdk-lap> downside would be it wouldn't serve someone more than once per second
<patdk-lap> it will make your site look *slow* to me
<patdk-lap> and I won't use it
<thekryn__> tehcnically it does as of right now, which is what i dont understand
<patdk-lap> well, this is why people say you ask incorrect questions
<thekryn__> limit_req_zone $uri zone=dsp_per_ex:10m rate=1r/s;
<thekryn__>    limit_req zone=dsp_per_ex burst=10 nodelay;
<thekryn__> alows 10 requests per second
<thekryn__> whowever, if i do rate=10r/s and burst = 1, it ignores the burst
<patdk-lap> see how you just change that from, I have a question, to, I have a problem I didn't want to tell you about, but let me hint at it
<thekryn__> hence the 1r/s is the only way to do it
<thekryn__> but im not sure about potential implications of performance
<thekryn__> and dont understand why it would have been designed that way
<patdk-lap> how did you test?
<patdk-lap> and what does, ignores the burst, mean?
<patdk-lap> your skipping steps
<patdk-lap> what you did, how you tested, what the test results where, what you expected the results to be
<thekryn__> limit_req_zone req 10,000r/s, server{ location /a {limit_req burst 5,000}, location /b {limit_req burst 1}}
<thekryn__> when i hit domain/a 5000 per sec, i get 5000 204 responses
<thekryn__> when i hit domain/b 5000 per sec, i get 5000 204 responses
<patdk-lap> yes, that all looks right
<thekryn__> if i drop limit_req_zone rate to 1r/s, i get 5000 204 responses for /a, 1 204 response for /b, which is what i want
<patdk-lap> that sounds odd
<thekryn__> but im not sure if there are underlying latency or ram issues associated with that approach, as it seems like that shouldnt work
<patdk-lap> why would you set a burst so high?
<patdk-lap> bursts should be kept low
<thekryn__> the traffic i have hitting my cluster is around 10mil req/s
<thekryn__> from 10 companies
<patdk-lap> yes, so you want /a to handle 5000 for one second
<patdk-lap> then go on at a rate of 1 per second after that first 5000?
<thekryn__> i want say 10 of those kind of endpoints, say /1, /2, /3, etc...
<thekryn__> and then i want to have a /debug which i set to something low
<thekryn__> or.. i want to say choose one of those companies, say /7
<thekryn__> and force it to burst 1 which would basically be like a block
<patdk-lap> you do know what burst means right?
<thekryn__> how many req / s?
<patdk-lap> no
<thekryn__> thats how i read it from the docs
<patdk-lap> heh?
<patdk-lap> how many requests BEFORE it uses the limit_req_zone r/s value
<patdk-lap> as it's name says, it's the burst setting
<patdk-lap> a normal webpage has say, 50 pictures
<patdk-lap> the burst allows you to load all the pictures
<thekryn__> interesting
<patdk-lap> before you hit the limit and it slows you down
<thekryn__> oh so that makes more sense then
<patdk-lap> so something like 10r/s with a 50 burst
<patdk-lap> load page and images
<thekryn__> ok, so if i set the burst to 10,000
<patdk-lap> then as users goes page to page using the same images, they won't go over that 10r/s again
<thekryn__> that means it will handle 10k a sec until they exceed that
<patdk-lap> no
<patdk-lap> it means it will handle 10k
<patdk-lap> not per second
<thekryn__> oh... so there's no way to set a rate then
<thekryn__> using lim_req
<patdk-lap> that 10k should be refilled at the rate of r/s setting, 1r/s
<thekryn__> so if i need one endpoint to fire at 10k/s and the other at max 1/s
<patdk-lap> hmm, that is what the zone setting does
<patdk-lap> you didn't set a zone
<thekryn__> limit_req_zone $uri zone=dsp_per_ex:10m rate=1r/s;
<thekryn__> so if i were to set to, say
<thekryn__> limit_req_zone $uri zone=dsp_per_ex:10m rate=10000r/s;
<patdk-lap> I don't see a limit_req zone=
<patdk-lap> I don't see a limit_req zone=dsp_per_ex
<thekryn__> well, then i have this:
<thekryn__>    limit_req zone=dsp_per_ex burst=1 nodelay;
<thekryn__> which does absolutely nothing
<thekryn__> when rate=10000r/s
<patdk-lap> well, that would say 10k per second is allowed
<patdk-lap> no bursting
<patdk-lap> so just straight 10k/sec
<thekryn__> so then maybe the question should be... is there a way to set separate zone rates per endpoint
<thekryn__> as i tried wrapping limit_req_zone in if clauses, and that didnt work
<patdk-lap> why?
<patdk-lap> why would you do that?
<thekryn__> because i need to limit the number of requests per endpoint
<patdk-lap> yes, did you look at the manual?
<patdk-lap> http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
<patdk-lap> look at the example right at the top
<patdk-lap> define each limit_req_zone
<patdk-lap> then below assign that zone to a location
<patdk-lap> since each zone has it's own tracking and rates
<patdk-lap> each location gets whatever you set
<thekryn__> so you mean something like
<patdk-lap> if you need to limit 50 locations, define 50 limit_req_zones
<thekryn__> limit_req_zone "endpoint1" ....; limit_req_zone "endpoint2" ....; etc?
<patdk-lap> but I don't see that limit_req_zone wrapped at all do you?
<patdk-lap> no
<patdk-lap> limit_req_zone zone=endpoint1 ....
<thekryn__> ohhhh
 * patdk-lap has never used or touched nginx before
<patdk-lap> another reason your first question was pointless
<thekryn__> limit_req_zone $uri zone=e1 rate=10000r/s; limit_req_zone $uri zone=e2 rate=1r/s
<patdk-lap> no
<patdk-lap> maybe
<patdk-lap> what $uri?
<patdk-lap> what are you attempting to limit?
<thekryn__> number of requests per $uri
<patdk-lap> I guess
<patdk-lap> seems strange to me :)
<thekryn__> i have: domain.com/(16charhash)
<thekryn__> company1 has hash1, and they have say a pool of 10 ips making 1000 qps each
<thekryn__> my issue was is that company3 had a machine at some ip that started wrecking me at 40k qps
<thekryn__> the limit_req is sitting in front of a proxy_pass
<thekryn__> and it was choking the proxy pass
<thekryn__> we told them to cut it out.. it took then 8 hours to turn it down
<patdk-lap> if you want to limit the 16charhas to 10k per second, use the e1 limit_req_zone
<patdk-lap> then use e2 for the one you want to be lower
<thekryn__> yup.. thats what i was thinking.. basically e2 i would prob name the hash
<thekryn__> like zone=hash_0123456789abcdef
<thekryn__> so i can keep track of fairly easily
<patdk-lap> see where it says, limitation is done using leaky bucket method
<thekryn__> i was trying to set the $uri thing.. totally didnt realize you could just make different zones by zone name and query them directly
<patdk-lap> the burst is how many it can handle, the r/s is how fast the burst is refilled
<thekryn__> yup, see that
<patdk-lap> so you probably will want to set burst=r/s
<patdk-lap> well >=
<thekryn__> got it... so if the rate is at 10,000r/s
<thekryn__> and we let them say burst at slightly higher than that
<patdk-lap> for your 1r/s, probably set it to something sane, maybe 10, or 1 if you really really want
<thekryn__> if they go over, then theyr'e at th emercy of the r/s catching up
<patdk-lap> yep
<thekryn__> so if they sustain higher than 10k, it takes longer nad longer to adjust
<thekryn__> that makes perfect sense
<thekryn__> thanks, appriciate it
<thekryn__> we've been doing consistant hash upstream stuff and all sorts of other stuff.. been literally at it for 2 weeks, so im a bit burnt out
<thekryn__> we've got about 200 4 core machines in the router/upstream config by now
<thekryn__> so its a bit brutal to keep track of
<thekryn__> and im assuming i could make something like
<thekryn__> zone= production rate=10000r/s; zone=choked rate=1/rs
<thekryn__> and just assigned like 10 endpoints to production and 2 to choked and update configs as necessary if people misbehave?
<patdk-lap> sure
<patdk-lap> you might need to increase that 10M to soemthing larger when using $uri though
<patdk-lap> you will know when you start serving up lots of 503's
<thekryn__> got it... the 10M im guessing is for sessions?
<patdk-lap> for the hash table
<patdk-lap> it will add $uri and how many r/s it can have
<patdk-lap> so the longer the $uri and the more uniq $uri's, the more space it will use
<thekryn__> on our entire system, we only have 10 $uri
<thekryn__> since its just a list of 10 companies, 1 hash per
<patdk-lap> so not likely to be an issue now
<thekryn__> we do have a similar setup, where its IP address based
<patdk-lap> ip's are more predictable, 128bytes per entry
<thekryn__> since those requests come in by uri, and they have POST json which we decode, get an IP address out of, proxy pass and use the consistant hash upstream
<patdk-lap> so 10M will allow you like 82k ip's
<thekryn__> and the machiens catching those are going to have limits on them as well per ip.. so that'll happen then
<thekryn__> perfect... we allocated about 4G per machine ram wise for scaling out
<patdk-lap> so if your rejecting non-hash uri's before it hits that system, then you don't have to worry about some vaunerability scanner filling that $uri limit
<thekryn__> thats a great point.. we havent seen anything like that as of yet, at least at scale
<patdk-lap> it shouldn't matter
<thekryn__> but we are 204'ing those at the moment and dont have a lock on them
<patdk-lap> unless you have a *not used much* client
<patdk-lap> and they attempt to use it, after the scan was going on and filled it
<patdk-lap> for the ones active before the scan, they would be fine
<thekryn__> yeah, we manually load all the hash directives first before we let anything else hit
<patdk-lap> no, you can't control this
<patdk-lap> it will load and remove them as they are used
<thekryn__> how so?
<patdk-lap> the only way to control it, is some other limit or server blocking it
<patdk-lap> limit_req_zone $uri zone=e1:10M rate=10000r/s
<patdk-lap> it will load the $uri into e1, when something hits the webpage
<patdk-lap> if the rate is completely fill, it will likely remove it, to make room for others
<patdk-lap> since it's at the full rate, no need to track what the rate is anymore
<patdk-lap> think of it more, if you where limiting by ip address
<patdk-lap> if it didn't remove them
<patdk-lap> only the first 82k ip's to use your server would EVER be able to view your website
<patdk-lap> till you restarted nginx
<thekryn__> ahh, got it
<thekryn__> well, the good news about this entire setup is that we purposefully hash so the endpoints are not public
<thekryn__> its not a website per se
<thekryn__> so most of the rogue fires will end up in a sort of blackhole
<thekryn__> thanks again, really appriciate it
<pclerie>  sarnold: Hi! Re nfs problem we discussed the other day, I filed bug #1614261. Got a work around, that did not help much. But thanks for the tip.
<ubottu> bug 1614261 in nfs-utils (Ubuntu) "RPCSVCGSSDOPT is ignored by boot script" [Undecided,New] https://launchpad.net/bugs/1614261
<iliv> bosco, joing #yourhttpserver
<jonah> Hi can anyone help with constant intermittend email/dovecot imap authentication problems. I keep getting errors: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=info-website.co.uk rhost=::1  user=info-website.co.uk
<jonah> also this error: auth: PAM unable to dlopen(pam_systemd.so): /lib/security/pam_systemd.so: cannot open shared object file: No such file or directory
<jonah> I don't know if that has anything to do with the auth problem but I get this too: auth: PAM adding faulty module: pam_systemd.so
<jonah> I'm running ubuntu 14.04 LTS
<sikun> question, if you were setting up a HA/Load Balancing web server (two hosts) would you setup the MySQL server on the master and configure the slave for replication or host the MySQL server on a third host?
<RoyK> sikun: I'm working on a HA setup of MariaDB (the MySQL fork) and my plan is a MariaDB Galera cluster with a couple of haproxy servers in front with a master/slave setup with Corosync/Pacemaker
<RoyK> sikun: this will be in an all-virtualised environment (we have 250ish VMs currently, physical machines are down to a small fraction of that)
<sikun> RoyK, ah nice
<sikun> RoyK, what I'm building I am utilizing physical boxes until the funds are available to build a proper virtualization environment that is capable of HA
<sikun> or I should say until I can prove the need for the equipment to obtain a loan or whatnot
<RoyK> two machines should be sufficient for HA with KVM - I setup a test system with that a few years back
<RoyK> separate, shared storage is recommended
<sikun> sadly, not the hypervisor I use but still two machines is good enough for what I do use.
<RoyK> which hypervisor is that?
<sikun> Hyper-V
<RoyK> *blargh*
<sikun> lol
<RoyK> I used to work with Hyper-V, and although that was four years ago and I guess a lot has happened since then, I really didn't like it
<sikun> I have one host right now, it is a bit old.. but it still performs amazingly and with the hardware upgrades I ordered that should be here next week it'll at least last me a good 6 months to a year
<sikun> I hear that a lot, and I have worked with it since 2008 when it was total garbage.. but it really has become a very good hypervisor
<RoyK> I even setup a KVM system along it to run Linux VM's, since any ubuntu VM we tried to put on Hyper-V lost its network connection on high load, no error messages, nothing in the logs, neither on the ubuntu machines nor on the hyper-v hosts
<RoyK> this was on win2k8, yes
<sikun> the data center I work at, they used Hyper-V way back when and would have VMs just disappear
<RoyK> HAHA
<sikun> and that was also on 2k8
<sikun> 2k12r2 is fantastic, I'm very excited for 2k16 to release
<sikun> I try to use the Hyper-V 2012R2 core install for a vm host whenever I can
<RoyK> I started working with vmware some 3-4 years back and I'm rather excited on what it can do and how things just work
<RoyK> how many hosts?
<sikun> VMware is good, I'm not saying it isn't by any means.. but I extremely dislike the licensing.. how much you have to pay to be able to do certain things
<RoyK> I didn't say it was cheap
<sikun> lol, true
<sikun> well I downsized the hosts to one at the moment I had 4
<sikun> the one remaining host was purchased outright so that's why I still have it
<RoyK> what sort of hw?
<sikun> I'm working on getting an environment ready for a possible client, I have a meeting with him next week and if he decides he wants to move all of his services to my infrastructure, I'll be extremely happy but also stressed as hell, lol
<sikun> HP Proliant
<RoyK> blade things?
<sikun> it's dated... it does need to be decommissioned but I'm going to offset the load on it by using other servers
<sikun> no, it is a DL160 G6
<RoyK> we only use blade servers these days
<sikun> dual xeon quad core, 96GB of RAM with more RAM that should be coming next week along with all new hard drives.
<sikun> that's what I'm looking into for a replacement for everything
<RoyK> that is, we actually bought a 4U server a few months back, since some of our scientists insist of using Stata on Windows when they really should have been using R on a supercomputer
<sikun> throw a Intel Xeon Phi or a Kepler in a server and let em go to town
<RoyK> quad socket dell thing with four 8-core CPUs clocked the highest we got and half a terabyte of RAM
<sikun> very nice
<RoyK> $50k or so :P
<sikun> I was checking out the specs of a Lenovo rack server, I think it was Lenovo, but had dual 24 core Xeons
<sikun> the data center I work at, their VMware cluster is total garbage..
<RoyK> we have three clusters
<RoyK> one for test/lab/etc
<RoyK> one for the important stuff with new hosts
<RoyK> and one with older machines (and thus older instruction sets, say, 4-5 yo) for medium importance machines
<sikun> resources are so low of this cluster... I can't even get my requests for a test VM to be spun up, oh wow.. it can't afford a 512MB, 4vCPU and 20GB for 3 days?
<sikun> pathetic
<sikun> I end up having to utilize my personal equipment to spin up test VMs
<sikun> all my personal hardware is old, don't get me wrong.. but even when it was at 90% utilization it would outperform that VMware cluster
<RoyK> hehe - perhaps they should get a few new hosts ;)
<sikun> ha... we have 9.2% free space on the SAN, we're screwed because getting a $50k SAN isn't going to happen anytime soon
<RoyK> beefed up with a ton of memory, since that's where the bottleneck usually is
<sikun> they are actually loaded with RAM
<RoyK> what sort of SAN?
<sikun> the SAN is garbage
<sikun> Dell EqualLogic
<RoyK> haha - we have EQL as well
<RoyK> and I know exactly what you mean
<sikun> the whole load balancing question is actually a potential client of mine, not the company I work for. ha
<sikun> even colo'ing in the data center where I work isn't cheap... I have occasionally got some bigger discounts by allowing them to temporarily utilize my hardware
<RoyK> apropos load balancing... we have two shelves with 100TiB net storage each in an equallogic storage group, and they're supposed to stripe across the two. Curiously, lately one of them has been running at 100% utilisation while the other is at 60%
<sikun> slightly odd
<sikun> not throwing any errors?
<RoyK> no, and the only debug reports you can get out of an equallogic system, are encrypted with Dell's public key so they can only be read by Dell
<sikun> omg I hate that bull shit.. I want to rip the two Barracuda spam filters out of the rack and go all office space on them because of that same reason... oh hey, they the twins are pegged at 100% CPU utilization and the queue is now up to 3k messages but can I diagnose what's wrong? nope
<sikun> and of course barracuda support when the remote in are always like, lets reboot these quick... reboot it and I will hunt you down and beat you to death with a keyboard
<sikun> hmm... three EMC Isilon IQ36000X 36TB units for $2,500
<RoyK> I'd rather use something homegrown
<RoyK> like some boxes with ZFS and iSCSI
<sikun> ah
<sikun> I have yet to play around with ZFS in detail
<RoyK> I've worked with it for 6-7 years
<sikun> nice
<sikun> on my Proliant DL160 G6, damn RAID controller failed.. hopefully the one I ordered shows up Monday
<RoyK> sikun: I guess we should take this to #ubuntu-offtopic before someone complains ;)
<sikun> good idea
<ducasse> i've noticed a weird thing with an lxc container on 16.04. inside the container 'free -m' reports 350mb used, while lxc-info reports "memory use" as 20gb. for other containers the numbers match.
<stonerl> hi hope someone can help me. I try to install ejabberd on Ubuntu 16.04 from the repos. But installation always fails because of a missing pid file:
<stonerl> ejabberd.service: PID file /run/ejabberd/ejabberd.pid not readable (yet?) after start: No such file or directory
<stonerl> has anybody a clou what to do?
<reefoctopus> anyone know of a reason why my system could be completely ignoring my sysctl time_wait setting?
<patdk-lap> it's just not interested in using that value
<reefoctopus> ?
<LostSoul> Hi
<LostSoul> I'm observing strange ssh issue
<LostSoul> When I try to login as root it works like a charm
<LostSoul> But when I'm trying to login using ldap + active directory + pam - it takes up to 30-60 seconds
<bekks> Did you check DNS connectivity?
<LostSoul> Yeah bekks, I think DNS is working fine
<bekks> Do you think or did you check? :)
<jonah> Hi has anyone upgraded from Ubuntu server 14.04.3 to 16.04 - going to do it shortly and wanted to check any problems
<jonah> also I'm running an older kernel on my server 14.04, does anyone know if linux-image-generic or linux-image-server is installed as default and I could reinstall to get the latest stable kernel again? Or do server ubuntu installs not have this package installed by default?
<LostSoul> bekks: I don't know how to verify this :(
<bekks> you can do that using nslookup and/or dig
<LostSoul> bekks: But what should I check? :)
<LostSoul> I mean what can causing problem?
<bekks> Failed DNS responses, timeouts while waiting, switching to the next DNS server available, etc.
#ubuntu-server 2016-08-21
<jonah> hi can anyone help. I've upgraded to 16.04 server and most things work, but can't enable suphp - I'm not sure what happened to it but I get this error: http://pastebin.com/kDU1Rdm8
<jonah> hi does anyone know how I can install suphp in ubuntu 16.04?
<danrik> could someone help with this issues?
<danrik> http://unix.stackexchange.com/questions/304746/vpn-able-to-establish-connection-but-cant-get-to-any-site
<samba35> i have newly installed 16.04.1 server ,i am getting this message
<samba35> a start job is running for rise for network intreface
<tsimonq2> samba35: #ubuntu might be a better place for this :)
<samba35> i ask same they  ask me to ask in server :)
<chisa> im trying to block all bots (googlebot does not respect robots.txt)
<chisa> but both of these htaccess files should work
<chisa> but result in internal server error 500
<chisa> http://razorbelle.com/public/text/htaccess-block-all.txt
<chisa> http://razorbelle.com/public/text/htaccess-block-all-2.txt
<chisa> am i doing something wrong?
<chisa> halp! lol
<tsimonq2> chisa: be patient and somebody will answer your question eventually :)
<tsimonq2> samba35: weird...
<chisa> i am patient
<tsimonq2> :)
<tsimonq2> samba35: well let me do my best to help you then
<tsimonq2> samba35: so how do you connect to the internet?
<chisa> i live on the internet so i dont need to sleep
<tsimonq2> :D chisa
<chisa> there was no reason for me to stay in the real world any longer
<chisa> in the real world, it didnt matter if i was there or not
<chisa> when i realized that, i was no longer afraid of losing my body
<chisa> so i commited suicide
<chisa> and here i am
<chisa> ^_^
<samba35> after 5 min wait system boot but it wait for 5 mints and it work
<samba35> i have configure this is client to dhcp
<tsimonq2> samba35: I mean wirelessly or wired?
<samba35> "A start job is running for raise network interfaces (2 minutes of 5 mins 16 sec)"
<tsimonq2> I know
<tsimonq2> physically
<samba35> i have both interface but if i remove lan cable still i get this message
<tsimonq2> aha, there's your problem
<samba35> what is should do then
<tsimonq2> so you don't NEED it to be there all the time?
<danrik> Could someone help with this Linux openvpn issue? :
<danrik> http://unix.stackexchange.com/questions/304746/vpn-able-to-establish-connection-but-cant-get-to-any-site
<DexDeadly> Hello
<DexDeadly> I just updated from 14.04 LTS to 16.04 LTS, when doing this to my home automation server and my emby media server nothing starts on boot now
<DexDeadly> I'm looking at the emby media box right now and if I look in the /etc/init.d and i see my emby-server in there however when booting it does not start
<tsimonq2> !systemd
<ubottu> systemd is the default init system for Ubuntu 15.04 onwards. For information on transitioning from upstart to systemd, see https://wiki.ubuntu.com/SystemdForUpstartUsers For a guide to basic service management with systemd, see https://www.digitalocean.com/community/tutorials/how-to-use-systemctl-to-manage-systemd-services-and-units
<tsimonq2> I suspect that's the issue
<tsimonq2> (I could be wrong)
<DexDeadly> ahhh
<DexDeadly> is there a way when doing ls -l to only put what fits on the screen before showing more
<DexDeadly> anyone create anything to make the migration easier lol
<AzraelEnki> traffic shaping? (new at this, so sorry if I use the wrong words) I have in my local network an nfs server which is also an tftp server for network boot. I like to prioritize BOOTP traffic over NFS. What is the most helpful docs about this?
<Azrael_> Any docs about traffic shaping?
<FManTropyx> does a2ensite do anything else except create a link from sites-enabled to sites-available?
<Azrael_> IÂ´m new at this. IÂ´m asking because I have an NFS server in my local network which also provides BOOTP but I want BOOTP/TFTP traffic to be a higher priority from the NFS traffic.
<FManTropyx> what do I do when no mirror entry for the upgrade was found?
<FManTropyx> I am updating sources lists anyway
<FManTropyx> why the change from Upstart to systemd?
<ogra> because of debian
<FManTropyx> do I need to do something special to receive mail and pick it up with POP3?
<FManTropyx> I have a problem with postfix... it sends with erroneous hostname, even with mailname set correctly (I think so)
<tomreyn> to receive mail and pick it up with pop3, you need a pop3 client on the client, a pop3 server on the server, and an smtp server on the server.
<tomreyn> if postfix sends mail involving a hostname which you do not mean to use then it suggests that postfix is not configured to use the hostname you would rather use.
<tomreyn> dpending on how you configured it, the hostname postfix uses to identify itself over SMTP can be a combination of multiple elements.
<tomreyn> FManTropyx: ^ i suggest to review the available documentation, which is large, but quite good. r you could paste it to a pastebin and look for someone to go over it with you.
<FManTropyx> easy guess is that it does not use the set mailname for some reason, but no idea why
<FManTropyx> what is the name of a POP3 server package I can use?
<tomreyn> dovecot-pop3d, courier-pop(-ssl)
<FManTropyx> how do I make rsync service start automatically at boot?
<FManTropyx> there seems to be /lib/systemd/system/rsync.service that looks acceptable and I assume the --no-detach is appropriate in there
<tammy5> hello everyone
<Langlet> tammy5: hi
<tammy5> I am trying to see how I can work with some things regarding ubuntu server
<Langlet> Ok cool :)
<tammy5> how do I add my name to the daily triaging
<tammy5> https://wiki.ubuntu.com/ServerTeam/KnowledgeBase
<patdk-lap> $250
<tammy5> oh
<tsimonq2> hey now :P
<tsimonq2> I can add you
<tsimonq2> tammy5: what day?
<tammy5> sunday
<tammy5> thanks
<Ussat> So, we are (where I work) Mainly a RHEL shop when it comes to Linux, recently we have added 2 Ubuntu servers in the mix for some very specific purposes. Is there a way to buy souuport contract for Ubuntu like we do with RHEL ?
<tsimonq2> Ussat: http://www.canonical.com/services
<Ussat> Thanks, I honestly doubt we will ever need it, but ....thats what they want
<LostSoul> Hi
<LostSoul> My blkid shows devices that are no longer on VM
<LostSoul> It shows /dev/vda and /dev/xvda where only first ones exists
<LostSoul> What could have gone wrong?
<RoyK> LostSoul: xen?
<FManTropyx> my email failed because "No MX or A records for 46.101.237.212" ...
<RoyK> FManTropyx: you need an MX record for email to work correctly
<LostSoul> RoyK: I migrated VM from XEN to KVM
<LostSoul> Any idea why it still apears? :)
<RoyK> I don't think there's an xvda in kvm
<LostSoul> Yeah, I don't know why blkid shows it
<FManTropyx> that makes no sense, because I specified the IP address to which deliver :P
<FManTropyx> I forgot to update the old MX, but it should propagate now
<patdk-lap> FManTropyx, ip address?
<patdk-lap> emails work on domain names
<FManTropyx> why is it not possible to send to root@46.101.237.212?
<FManTropyx> do I need to have something running on my server to handle incoming mails?
<patdk-lap> cause an ip address !=domain/host name
<LostSoul> RoyK: got it
<LostSoul> blkid -g ;)
<FManTropyx> I installed postfix and did some configuring on it, but it is confusing :)
#ubuntu-server 2017-08-14
<cpaelzer> good morning
<enick_997> good morning
<cpaelzer> hi enick_997
<cpaelzer> good mornign to you as well
<cpaelzer> rbasak: on the virt-manger merge https://code.launchpad.net/~paelzer/ubuntu/+source/virt-manager/+git/virt-manager/+merge/328824 you already commented a bit in IRC
<cpaelzer> rbasak: I made the reason to not drop the gir1 dependency explicitly mentioned in the MP
<cpaelzer> rbasak: I also have good user feedback on the ppa
<cpaelzer> rbasak: if you could afford a few minutes to review for formal or overlooked issues this morning that would be great
<lordievader> This nick is better :)
<lordievader> Hey cpaelzer, how are you doing?
<cpaelzer> good
<cpaelzer> I almost thought somebody other than us would care about a good morning at this time reading the other nick name :-)
<lordievader> Yeah, the matrix-irc bridge had a restart. Changes nicks. But for me that is not allways obvious that it happened.
<rbasak> ahasenack: so I'm about to start looking at https://code.launchpad.net/~paelzer/ubuntu/+source/virt-manager/+git/virt-manager/+merge/328824 for cpaelzer. Should I be clicking "Claim review" against either of the two requested reviewers?
<cpaelzer> rbasak: yes
<cpaelzer> rbasak: in this case the MOTU is for the actual review by a group that could sponsor
<cpaelzer> rbasak: and the generic server team is to have it on the active reviews list
<cpaelzer> rbasak: you can only take one, but that is fine - doesn't matter to much which one you claim
<cpaelzer> ahasenack: or did we agree already which of the two we take?
<cpaelzer> rbasak: and finally - thanks rbasak for looking into that
<rbasak> Presumably I should claim the MOTU one, so the ~canonical-server one remains, so we can see all outstanding requests still in ~canonical-server's active reviews queue?
<cpaelzer> rbasak: I'd think vice versa
<cpaelzer> rbasak: claim the one on the team - because then on the overview it is visible that one took a look
<cpaelzer> I think if you approve/deny/comment those will be counted no matter from which review slot they come from
<cpaelzer> so it isn't too important
<cpaelzer> I'll look in the samba or bind one so that andreas can also be unblocked
<cpaelzer> but samba is "take 4" maybe there is too much history on that already by whoever reviewed before
<ahasenack> rbasak: yes, please claim the motu one
<ahasenack> as unclaimed reviews requested from that group won't appear in the ~canonical-server queue
<ahasenack> and good morning :)
<cpaelzer> hi andol
<cpaelzer> still hi andol, but I actually meant ahasenack - hi
<ahasenack> hi cpaelzer
<cpaelzer> ahasenack: I try to digest "unclaimed reviews requested from that group won't appear in the ~canonical-server queue" - so reviews that have MOTU + Server team and are unclaimed in both do not show up on the active reviews?
<ahasenack> cpaelzer: no, that's not it
<cpaelzer> good because that sentence puzzled me
<ahasenack> cpaelzer: if an MP has only non-canonical-server requests, it won't shoud up in ~canonical-serve
<cpaelzer> ack
<ahasenack> the only way for it to keep appearing in the canonical-server queue is for there to be an unclaimed slot for canonical-server
<cpaelzer> but if it has (canonical-server = c-s) c-s-motu and c-s then why claim c-s-motu preferrably?
<cpaelzer> will it not go away from he c-s list when you only claim c-s-motu ?
<ahasenack> if you claim c-s, it will disappear from the queue and we won't see it. It's a visibility thing
<cpaelzer> so the rule is more or less to never anybody claim c-s (only there for visibility)
<cpaelzer> ?
<ahasenack> yes
<cpaelzer> thanks for clarification
<ahasenack> doesn't mean a c-s person cannot review it, I'd say that's encouraged even
<ahasenack> just never claim the slot, or give a +1 or -1
<ahasenack> just "comment"
<ahasenack> unfortunately
<rbasak> cpaelzer: AIUI, the sole reason we have a review slot for c-s is because ahasenack wanted a single place to see all pending MPs. So we're using it as a tag really, rather than a review slot.
<ahasenack> yeah, it's a workaround
<ahasenack> I filed a bug in launchpad about it
 * rbasak claims the MOTU slot in https://code.launchpad.net/~paelzer/ubuntu/+source/virt-manager/+git/virt-manager/+merge/328824
<ahasenack> I would like the same view for ~team/+activereviews that already exists for <project>/+activereviews
<rbasak> Thank you (both) for the clarification/discussion.
<ahasenack> let's give it a try, and re-evaluate
<cpaelzer> ahasenack: I want to unblock you as well - which one would you like me to take a look more - bind or samba ?
<ahasenack> cpaelzer: can you upload either?
<ahasenack> mdeslaur manifested interest in the bind one
<ahasenack> oh, nacc grabbed the bind9 uploader slot
<ahasenack> hm, the "claims" don't show up in the +activereviews page either
<cpaelzer> ahasenack: can't upload either until the DMB aggrees
<cpaelzer> -g
<ahasenack> cpaelzer: I think samba might be the most confusing one, because of a reverse patch that was incomplete. Might be the most enlightening one for that reason, though
<ahasenack> cpaelzer: bind is interesting because I split two debian patches to remove test cases from them and make them individual new patches
<ahasenack> cpaelzer: ssd-krb5 is an sru, and a very simple one, would be cool to get that unblocked
<cpaelzer> then lets start there
<cpaelzer> low hanging foul fruits and such :-)
<cpaelzer> and I at least somewhat looked in that soruce before
<ahasenack> haha, great analogy :)
<cpaelzer> ahasenack: does the ppa of this still lvie somehwere?
<ahasenack> cpaelzer: it should
<ahasenack> cpaelzer: ppa:ahasenack/ssd-krb5-locator-path-1664566 ?
<cpaelzer> no link in the bug or MP
<cpaelzer> thanks
<cpaelzer> ah in the mp description it is
<ahasenack> it's hidden in the test case, let me make that more clear
<cpaelzer> ahasenack: I'm done with the sssd review - all good, one spin off question in the MP
<ahasenack> ok, will check
<cpaelzer> ahasenack: since I can't tag do you mind loosing the rich history on that minimal change?
<cpaelzer> ahasenack: otherwise I'd sponsor
<ahasenack> cpaelzer: go for it, I don't mind
<cpaelzer> ahasenack: done and bug updated
<cpaelzer> and MP
<ahasenack> thanks cpaelzer
<cpaelzer> ahasenack: do you claim the team review slot so it goes away on the active reviews?
<cpaelzer> I can't take two
<ahasenack> interesting
<ahasenack> I hadn't thought about this case :)
<ahasenack> will do
<ahasenack> cpaelzer: about your MP comment, you mean that the directory from the libkrb5 package exists, and supposedly is meant for plugins, and is now empty?
<cpaelzer> ahasenack: yes
<ahasenack> ok
<cpaelzer> ahasenack: I just spun forward the thought if the dir is wrong as well
<cpaelzer> ahasenack: but it is not from sssd packages but krb5 itself
<ahasenack> it may be dedicated to plugins coming from the krb5 package itself, like its ldap backend
<ahasenack> let me try installing all binaries
<ahasenack> yes
<cpaelzer> let me apt-file that
<ahasenack> good idea
<cpaelzer> no ither hit but for the sssd-common file
<cpaelzer> so at least no other pkg places anything there today
<ahasenack> xenial?
<cpaelzer> yes
<cpaelzer> ahasenack: artful as well
<ahasenack> plugins/kdb has content, plugins/tls has content
<ahasenack> just not plugins/krb5
<cpaelzer> ahasenack: apt-file can only ifnd files, so this only tells us that there is no file in the archive that uses this path
<cpaelzer> ahasenack: it seems to me that after your fix /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5/ is an empty wasteland
<cpaelzer> and my uneducated guess was that it might be the case that it (the path) shouldn't exist at all
<cpaelzer> thats all I can say
<cpaelzer> and that is is unused over the entirety of the archive other than the wrong path in sssd-common seems to confirm
<ahasenack> so far I found only this on mit's site:
<ahasenack> Plugin base directory	LIBDIR/krb5/plugins
<cpaelzer> although one would have to look (deep) in krb5
<ahasenack> after installing a few more plugin packages, they seem to create their own subdirectories
<cpaelzer> -e "s\"@MODULEDIR\"/usr/lib/x86_64-linux-gnu/krb5/plugins\""
<cpaelzer> that is from the build
<ahasenack> maybe there just doesn't exist a krb5 plugin yet, whatever that means. Sounds client-side
<cpaelzer> but if it would take from "anywhere" in there then ...plugins/krb5 and ...plugins/libkrb5 wouldn't makea a difference in your fix
<cpaelzer> maybe worth a mail to Debian and/or upstream krb?
<cpaelzer> not entriely sue since this came up as "guess" I don't feel convinced enough to ring a lot of bells and whistles
<cpaelzer> rbasak: thanks for the review - would you mind tagging this before I upload?
<cpaelzer> this is a rich history that helps to be preserved for next time
<cpaelzer> s/helpswould be useful/
<ahasenack> cpaelzer: checking this comment: "You're right, running 'strings /usr/lib/../libkrb5.so.3|grep plugins' shows that it's ../krb5/plugins/libkrb5. For some reason I changed it to plugins/krb5 some years ago, without a bug reference.."
<rbasak> cpaelzer: of course. Sorry I had forgotten that.
<cpaelzer> PEBKAC error in my typing :-/
<cpaelzer> ahasenack: where is that comment?
<cpaelzer> in the bug that ws fixed?
<ahasenack> cpaelzer: comment #2 in https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566
<ubottu> Launchpad bug 1664566 in sssd (Ubuntu Xenial) "sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)" [Medium,In progress]
<ahasenack> funny that there are two major libkrb5 files
<ahasenack> .so.26 and .so.3
<cpaelzer> yep
<cpaelzer> I saw that, well sover compat and it seems krb5 can build both so helps the old dependencies
<ahasenack> oh, .26 is from heimdal
<cpaelzer> uh - ok
<ahasenack> a whole lot of stuff links against heimdal
<ahasenack> apt-transport-https, reportbug, curl, to name a few interesting ones
<rbasak> cpaelzer: hitting a few bugs in "git ubuntu tag --upload" - I may be a few minutes.
<cpaelzer> rbasak: ok, please ping me once it is done or if you give up the immediate try
<rbasak> ack
<rbasak> cpaelzer: upload tag pushed
<cpaelzer> rbasak: and on the format of merge-bug closing I already have an improved style for multiple fixes due to a merge - let me make a pastebin to show you
<cpaelzer> rbasak: thanks
<cpaelzer> rbasak: http://paste.ubuntu.com/25312255/
<cpaelzer> rbasak: you are right there is no policy, but this is my personal new oen for now
<cpaelzer> for better readability
<cpaelzer> It also easens to take over the line if a change is "remaining" on the next merge
<rbasak> cpaelzer: I like it
<ahasenack> cpaelzer: libkrb5 is definitely the correct directory for krb5 plugins,
<ahasenack> ./src/lib/krb5/os/locate_kdc.c:static const char *objdirs[] = { LIBDIR "/krb5/plugins/libkrb5", NULL };
<ahasenack> the bug was just an incorrect assumption from sssd
<ahasenack> which seems to be the only libkrb5 plugin we have
<ahasenack> cpaelzer: debian/libkrb5-3.dirs.in in the krb5 source package lists the incorrect plugins/krb5 directory
<ahasenack> that's the bug (task) we need now?
<ahasenack> to fix that?
<cpaelzer> ahasenack: I would not mind to fix that in any SRU
<cpaelzer> ahasenack: nor for Debian delta
<cpaelzer> but a simple patch to Debian would be nice
<ahasenack> let me check the debian status
<cpaelzer> and link the Debian bug on the bug you had
<cpaelzer> so one can find the whole context in one place
<cpaelzer> just checking if that comes fromd debian/* or from the upstream build system
<cpaelzer> rbasak: I checked on your correct request for a tracker WRT the package names in virt-manager
<cpaelzer> rbasak: "libvirtd" is the correct service name since Yakkety - so that is a no-op and we don't want a change
<cpaelzer> rbasak: I'll submit something upstream that fixes this now and forever
<cpaelzer> rbasak: dropping the need to make this proper names for every dirsto (there might be more differences)
<rbasak> cpaelzer: ah, OK. I hadn't really considered the service name message. I was thinking more of the message listing the package names that needed installing.
<rbasak> cpaelzer: but I didn't really think too hard about it. As long as a bug exists for anything you think you dropped that would be nice to upstream (to Debian or upstream upstream), I'm happy :)
<cpaelzer> I think it is wrong to call it "package X" which leads to all this
<cpaelzer> and will propose something saying th packages containing kvm, qemu, ...
<cpaelzer> that way it applies to all distros
<rbasak> That is less helpful to users though, who mostly don't know how to look up what package provides a particular command.
<cpaelzer> hmm, true as well
<cpaelzer> \ | / - ... processing
<rbasak> But a distro delta is also bad
<rbasak> So I don't really know what a great solution would be.
<cpaelzer> I check if the configure has any distro detect already
<rbasak> A hook into command-not-found perhaps?
<rbasak> But that's probably not worth the effort.
<cpaelzer> all but a simple change is over engineering
<cpaelzer> give me a few minutes
<rbasak> Yeah :)
<rbasak> I'm fine for you to just leave a bug open on it somewhere, importance wishlist, and call it done :)
<cpaelzer> rbasak: my soul wants things done not tracked :-)
<cpaelzer> but yeah I might end up that way
<cpaelzer> rbasak: I have a whishlist bug to track but also a submission to upstream now
<cpaelzer> coldn#t leave it like that
<rbasak> cpaelzer: thank you!
<cpaelzer> ahasenack: thanks for the debian bug on the cleanup
<ahasenack> o/
<ahasenack> it feels good to have everything explained
<ahasenack> rbasak: hi, could you please import cifs-utils?
<rbasak> ahasenack: running
<rbasak> Hmm. It failed very quickly.
<rbasak> I think it's a regression in master. Going back a bit in the state of the repo works.
<rbasak> But nacc isn't here right now.
<rbasak> Running with an older importer version
<ahasenack> rbasak: could be, I'm getting a weird error with merge start:
<ahasenack> (ubuntu/devel)andreas@nsn7:~/git/packages/cyrus-sasl2$ git ubuntu merge start ubuntu/devel
<ahasenack> 08/14/2017 11:36:54 - ERROR:ubuntu/devel is not a defined object in this git repository.
<ahasenack> we need unit tests :/
<rbasak> ahasenack: that's a separate regression I found earlier and I have an MP fixing it awaiting nacc's review.
<rbasak> ahasenack: we're busy polishing up the code so it can be testable. That's what's causing the regressions right now. It'll get better soon.
<ahasenack> nice
<rbasak> ahasenack: done
<ahasenack> rbasak: thx
<ahasenack> let me try to revert to the previous snap
<ahasenack> rbasak: the snap seems a bit busted now, or the store
<ahasenack> $ snap install git-ubuntu --classic
<ahasenack> error: cannot perform the following tasks:
<ahasenack> - Download snap "git-ubuntu" (117) from channel "stable" (received an unexpected http response code (404) when trying to download https://api.snapcraft.io/api/v1/snaps/download/VAGSRAriUyDDlqsLunShJTe7503Uw4GF_117.snap)
<hypermist> im getting a grep: broken pipe error when running a certain python file anyone able to help ?
<ahasenack> nacc: rbasak: git ubuntu clone (r119) working again, but it spits out this fatal-not-fatal error at the end
<ahasenack> fatal: remote error: Repository '~ahasenack/ubuntu/+source/cifs-utils' not found.
<ahasenack> $? is 0 at least
<ahasenack> nacc: wrt snap error, snap logout;snap login to fix it
<nacc> ahasenack: that's a message when it can't find your personal repo
<nacc> ahasenack: that's propogated directly from `git clone`-like output
<nacc> ahasenack: i agree it's a bit messy
<ahasenack> yep, no biggie
<nacc> ahasenack: fyi, 121 is out :)
<ahasenack> yay
<nacc> (artful based snap)
<drab> .o/ moin
<ahasenack> nacc: rbasak: known? http://pastebin.ubuntu.com/25313513/ ValueError: ubuntu/devel
<ahasenack> snap r122
<nacc> ahasenack: thanks, fixing, one sec
<nacc> ahasenack: fix pushed to master, triggered a snap build, sorry abou thtat
<ahasenack> thx
<ahasenack> nacc: r126 still fails, your last push is newer?
<nacc> ahasenack: yeah, give it a bit
<ahasenack> ok
<nacc> ahasenack: 129 should be avail.
<nacc> ahasenack: 130 even
 * ahasenack refrehes
<ahasenack> interesting, the download is slower now
<ahasenack> maybe a cold cache
<ahasenack> 5min eta
<nacc> ahasenack: if i had to guess cyrus-sasl2 can be syncd
<nacc> ahasenack: the delta is a backport from upstream
<ahasenack> we have a patch
<nacc> ahasenack: ?
<ahasenack> the patch we have comes from upstream, not debian
<nacc> ahasenack: right.
<nacc> oh i see, i though it was a new upstream version
<ahasenack> no, the upstream change is barely worth it
<nacc> ahasenack: not really important to merge that
<ahasenack> sorry, s/upstream/debian/
<ahasenack> I'm doing it for the exercise
<nacc> ahasenack: there are more importnat merges, i mean :)
<nacc> ack
<ahasenack> first time in my life git rebase new/debian completed on its own
<ahasenack> nacc: in which step do you adjust the indentation of the d/changelog lines: deconstruct, logical, or when rebasing on new/debian? Or something else?
<ahasenack> for a remaining change, for example
<ahasenack> d/changelog has it as a *
<ahasenack> I'd guess new/debian rebase
<nacc> ahasenack: meaning something that was new before, but is now part of remaining?
<nacc> ahasenack: yeah, i usually do the adjustment in the rebase to new/debian
<ahasenack> yes
<ahasenack> k
<ahasenack> nacc: got a lint backtrace: http://pastebin.ubuntu.com/25313636/ NameError: name 'treeish' is not defined
<ahasenack> that was after i created a branch from my detached head
<ahasenack> that sentence sounds funny
<nacc> ahasenack: thanks, fixing and pushing, give it about 5 minutes for the snap to build & publish
<ahasenack> ok
<ahasenack> nacc: I'm seeing other "new" errors, maybe not fatal
<ahasenack> nacc: http://pastebin.ubuntu.com/25313688/ in merge start:
<ahasenack> "08/14/2017 15:20:15 - ERROR:ubuntu/devel version (2:6.6-5ubuntu1) is after debian/sid version (None). Are you sure you want to merge? (Pass -f to force the merge)."
<ahasenack> cifs-utils was just imported this morning by rbasak, and I think he had to revert to an older snap to do it
<ahasenack> maybe something failed and wasn't caught
<ahasenack> or it's just a new harmless error
<ahasenack> since I do have a local debian/sid branch after that clone process finished
<nacc> ahasenack: let me look
<ahasenack> that's with snap r130
<nacc> ahasenack: fixing
<ahasenack> :)
<ahasenack> nacc: in snap r131, ubuntu lint broke differently: http://pastebin.ubuntu.com/25313712/ AttributeError: module 'enum' has no attribute 'IntFlag'
<ahasenack> maybe once this is stabilized we should start using the edge channel
<drab> random question since snaps were mentioned... despite having tried to understand what's going on I still don't get when and why I'd want to use snaps
<drab> is it just IoT stuff?
<ahasenack> no
<drab> sometimes it almost sounds like a dockerish thing for self-container deployments
<drab> contained*
<ahasenack> there are feature that appeal more to one group of people than the other, sure
<ahasenack> one example: you have a software that you want to make available to ubuntu lts
<ahasenack> you have xenial and trusty
<ahasenack> these two have different versions of supporting libraries
<ahasenack> you would have different packages of your software for each probably
<ahasenack> with snaps, you can have just one snap for both
<ahasenack> think of the snap as being self-contained
<ahasenack> also, you push it to the store, and it's instantly available
<ahasenack> well, minus build time :)
<drab> can i run my own store to push things around local boxes?
<ahasenack> I *think* yes
<ahasenack> better check with #snappy
<drab> maybe becuase I'm used to it, but I'm thinking of them as "special" .debs with dependencies included and so I'm thinking "oh, run a local repo"
<ahasenack> I'm not entirely sure about all aspects of the store
<drab> but maybe I'm off/stuck on a diff framework
<ahasenack> you can think of them as being some sort of "static" debs, if you want to compare with libraries and such
<ahasenack> but that's just one aspect of snaps
<ahasenack> you can easily rollback, for real
<ahasenack> that's another cool feature
<nacc> ahasenack: grr, i see what's wong with lint, one sec
<drab> ah, so things are sort of installed in parallel? back in the days we used to do sw deployments installing from git and symlinking to current
<drab> so that a rollback was just a re-link away
<drab> pretty handy
<ahasenack> drab: you get common areas where to store your data, and versioned areas
<drab> that sounds pretty sweat
<dpb1> drab: if that part is interesting, this page makes it nice a clear: https://snapcraft.io/docs/core/versions
<drab> is there a substantial push from canonical to move to this kind of thing over debs?
<drab> thanks dpb1
<ahasenack> drab: you also have different distribution channels for your snap: stable, candidate, beta, edge
<nacc> ahasenack: do you have the branch that's ailing to lint anywher?
<ahasenack> by default people get stable, but they can pass flags to get more and more bleeding edge
<ahasenack> nacc: let me check
<ahasenack> nacc: let me push, lint was the last step before pushing
<drab> yeah seems you can run your own store: https://github.com/noise/snapstore/
<drab> linked from the docs dpb1 shared, looks useful
<nacc> ahasenack: thx
<ahasenack> nacc: I'm afraid now, last time the linter failed on a branch of mine it was because I did something silly :)
<ahasenack> nacc: https://code.launchpad.net/~ahasenack/ubuntu/+source/cyrus-sasl2/+git/cyrus-sasl2/+ref/artful-sasl2-merge-1710684
<ahasenack> drab: http://pastebin.ubuntu.com/25313769/
<dpb1> drab: no effort that I know of to bring this kind of thing to debs, no.  But, debs aren't going anywhere, Canonical and Ubuntu continue to be built on debs, and even the first step many snaps do when building is to install debs to download versioned dependencies they need.
<ahasenack> drab: followed by http://pastebin.ubuntu.com/25313777/
<ahasenack> nacc: fwiw, git ubuntu clone is also failing with that AttributeError
<ahasenack> so not just the linter
<drab> ah, heh, same principle, good to know, I always liked that way of doing deployments, even if in some places we packged that into debs, the uidea remained the same, post-install scripts would change the symlinks etc
<nacc> ahasenack: yeah i see why
<dpb1> drab: btw, if you like information and have just a few minutes of time, https://snapcraft.io/ -- the tutorial linked off there is very nice having followed it myself a few months back.
<drab> dpb1: will do so, thank you
<nacc> ahasenack: the reason you're seeing this is i fixed the snap to actually use only the snap's internals
 * dpb1 takes off snap pushing hat.
<dpb1> lol
<nacc> ahasenack: so it's leading to some more nasty debugging
<drab> heh
<ahasenack> oh, we had a leak
<nacc> ahasenack: yeah
<drab> speaking of time, I forgot to take the time to upload the csv for tomreyn...
<nacc> ahasenack: and we have a mixed python env because of gbp (python2)
 * drab goes doing that
<nacc> ahasenack: i *think* i fixed the snap python paths, building now
<nacc> ahasenack: not sure why perl isn't getting put in the snap yet
<DammitJim> is there a proper way to remove an upstart job?
<nacc> ahasenack: i *think* the correct chnages have been pusehd for the two issues you hit, in r136, i'm testing it a bit now
<ahasenack> ok
<DammitJim> actually, I might not need to do anything... I just upgraded from 14.04 to 16.04 and upstart just doesn't work
<DammitJim> I guess I just need to create a new conf for systemd
<ahasenack> nacc: clone and merge start worked
<ahasenack> nacc: lint failed with AttributeError: 'GitUbuntuLint' object has no attribute 'pkg_remote_branch'
<ahasenack> http://pastebin.ubuntu.com/25313927/ (r136)
<ahasenack> nacc: ^
<nacc> ahasenack: ok, have a fix for that queued
<drab> tomreyn: dropped you a msg with the link to the csv stuff, lemme know
<nacc> ahasenack: i think the lint issue is fixed (importer is still broken)
<ahasenack> ok
<ahasenack> nacc: finding all the missing deps the hard way, huh
<nacc> #!/usr/bin/python
<nacc> f.
<nacc> rbasak: suggestions for how to workaround gbp harcoding the path to python?
<nacc> i *think* that's why it's not working in the snap, but not 100% yet
<rbasak> nacc: IMHO, that's up to snapcraft to patch. If it can't, then maybe that's something for the snappy forums?
<rbasak> Or convince upstream to use /usr/bin/env?
<nacc> rbasak: classic snaps don't get that help :)
<tsglove> Hello, I have a question: I want to create a user in my server, so a remote computer can connect to the server with that user, and rsync some files.     Yet I would like for this user (on the server-side) NOT to have a shell.
<tsglove> Does rsync use the shell for its operations, or can I put the user's shell as /bin/false ?
<ahasenack> nacc: hm, I got a silly situation where our delta is just different permissions in two files in debian/: http://pastebin.ubuntu.com/25314155/
<ahasenack> new/debian has postinst.in, prerm.in as 0755, we have those 0644
<nacc> ahasenack: is there a reason (from d/changelog) as to why they are different?
<ahasenack> no
<nacc> ahasenack: then you can probalby sync it
<ahasenack> it's a silent change
<nacc> ahasenack: i'd ping the person who introduced it,if you're not sure
<ahasenack> it was introduced from 6.6-5 to 6.6-5ubuntu1:  -- Dave Chiluk <chiluk@ubuntu.com>  Tue, 03 May 2016 17:30:11 +0000
<nacc> chiluk: --^ :)
<ahasenack> chiluk: around?
<ahasenack> that 5ubuntu1 version is supposed to have introduced debian/patches/stat_systemd-ask-password.patch, but I didn't see that in the delta
<ahasenack> checking
<ahasenack> oh, that patch was introduced in 2013
<ahasenack> n/m
<ahasenack> ok, so no sync
<sdeziel> tsglove: rsync needs a shell to function. As an alternative, if you don't need rsync specifically but only care about uploading files, you may want to try SFTP
<ahasenack> it's just this deconstruct phase that got silly because of the chmoded files
<ahasenack> so, what I said before, that our delta was just the chmod change, is not correct
<ahasenack> that is the change in the 5ubuntu1 merge
<ahasenack> I guess I'll use "previously undocumented"
<tsglove> sdeziel, true... sftp can very much work!  I just thought rsync because of familiarity.     So, question: if I create a user, and set the shell to /bin/false,   rsync will fail?
<sdeziel> tsglove: yes, rsync will fail if the user's shell is /bin/false
<tsglove> sdeziel, ok thanks!  I'm reading up on sftp now.
<tsglove> I didn't know sftp ran over ssh
<sdeziel> tsglove: for sftp, you can even have the user chrooted to a given dir
<tsglove> sdeziel, that would be ideal!  searching for that now
<ahasenack> nacc: can you verify if the import of cifs-utils done earlier today is correct? I'm seeing some strange stuff
<nacc> ahasenack: such as?
<ahasenack> I know rbasak had to downgrade git-ubuntu to get it to work, but maybe there was some subtle error or bug
<ahasenack> nacc: git status says debian/patches is untracked
<sdeziel> tsglove: http://paste.ubuntu.com/25314208/
<nacc> ahasenack: untracked where?
<ahasenack> when I rebase on old/debian
<ahasenack> that patch is a remaining change
<nacc> ahasenack: debian/patches doesn't exist in debian/sid
<nacc> ahasenack: so you'd need to `git add` it
<tsglove> sdeziel, reading that now... and trying to figure it out.  Thank you!
<sdeziel> tsglove: np
<ahasenack> I guess that's the case when there is only one patch
<ahasenack> and debian had none
<ahasenack> ok
<chiluk> ahasenack: here.. reading backscroll
<ahasenack> chiluk: just a chmod 0644 in d/postinst.in and d/prerm.in, they are 0755 in debian
<ahasenack> remember anything about that? It's an old change :)
<ahasenack> nacc: linter is working again (r138)
<chiluk> ahasenack: checking.
<ahasenack> chiluk: I mean, no chmod command. Just that "a" chmod was run
<ahasenack> in debian those files are 0755, in ubuntu they are 0644
<ahasenack> just metadata change
<chiluk>    - debian/patches/stat_systemd-ask-password.patch: also check for
<chiluk>       /bin/systemd-ask-password before trying to use systemd's tools.
<chiluk> should be a remaining change.
<chiluk> ahasenack: I probably submitted-to-debian the changes.
<ahasenack> ok
<chiluk> ahasenack: is it possible that the remaining change was merged into debian after our merge for zesty?
<ahasenack> let me check current
<ahasenack> no, debian unstable still has them as 0755
<ahasenack> actually, 775 even
<chiluk> and I introduced this change?
<ahasenack> I think so, I compared 6.6-5 with 6.6-5ubuntu1
<nacc> ahasenack: excellent
<ahasenack> hm, I should check the previous ubuntu pkg
<chiluk> ahasenack: that was back before I had upload permissions.. so that was a sponsored upload of this debdiff.
<chiluk> https://launchpadlibrarian.net/304461726/lp1660372.zesty.debdiff
<ahasenack> you are right, zesty has them 0644 already
<chiluk> I don't see where my debdiff would have futzed with the perms.
<ahasenack> sorry
<tsglove> sdeziel, bouncing an idea off you: Could I create that chrooted user, and setup their home directory as   /var/www/html/files/userFoo?    The idea is that these users will upload files that will be seen from the website (published at /var/www/html)
<sdeziel> tsglove: the chroot dir doesn't have to be a home dir. Could be anything that's only writable by root. You could use  /var/www/html/files/%u, where % would expand to the connecting username
<tsglove> Ahhh... so  %u  expands to the connecting username... ok ok!
<sdeziel> tsglove: when I need someone to be able to upload to a web root, I let them ssh as "www-data" and add a config snippet to have the www-data chrooted to where I want
<chiluk> ahasenack: yeah I still see the persistent stat_systemd-ask-password.patch patch in ubuntu..
<ahasenack> yep
<tsglove> sdeziel, ok.  I thought sftp (and previously, rsync) so they don't have shell access... just file uploads/replacements.
<chiluk> ahasenack: so I'm confused.. Is there still something amiss?
<ahasenack> chiluk: no, there is not. The perms were changed probably a long while ago and just never mentioned in d/changelog
<chiluk> yes very likely.
<ahasenack> chiluk: this git workflow tends to find undocumented changes :)
<ahasenack> I just jumped the gun when I compared the previous *debian* package with ubuntu, but that's just the delta being carried over
<chiluk> well that's interesting..
<chiluk> ahasenack:  that actually looks like a minor bug in debian.
<chiluk> and maybe in Ubuntu..
<ahasenack> the perms?
<chiluk> yeah ... maybe..
<chiluk> well good luck have fun... thanks for doing that merging..
<sdeziel> tsglove: yeah, I understand. The "www-data" example is if you don't need to have the uploaded file owned by anyone in particular
<tsglove> sdeziel, ok ok.  Thanks
<ahasenack> chiluk: thx :)
<ahasenack> nacc: is this related to the snap? http://pastebin.ubuntu.com/25314333/ I have never seen that error before
<nacc> ahasenack: hrm, it could be that it's using artful now, so there might be more leakage
<nacc> ahasenack: that's with your branch? i can try and debug it in a second
<ahasenack> ok
<ahasenack> I'm on xenial fwiw
<ahasenack> nacc: that was with https://code.launchpad.net/~ahasenack/ubuntu/+source/cifs-utils/+git/cifs-utils/+ref/artful-cifs-utils-merge-1710688
<nacc> ahasenack: ok
<nacc> ahasenack: yeah it's a perl-thing, let me debug
<ahasenack> ok
<nacc> ahasenack: i think it's actually a packaging bug, dpkg-architecutre can't work without dpkg being installed
<ahasenack> and there is no dpkg inside the snap?
<nacc> ahasenack: can you see if you can reproduce that in a lxd (artful or even sid) and report it?
<nacc> ahasenack: not yet :) i'm adding it
<nacc> it's one file from the dpkg binary package (tupletable)
<ahasenack> I can't install the snap in an lxd container :/
<nacc> ahasenack: not the snap
<nacc> ahasenack: install dpkg-architecture
<nacc> remove dpkg
<ahasenack> ah
<ahasenack> ok, hang on
<nacc> or something like that
<ahasenack> remove dpkg, that shall be fun
<nacc> and i think d-a will fail
<nacc> it's probably an impossible state outside of snaps, but i'm not 100%
<tomreyn> drab: it's still not urgent, but i'm still looking forward to it ;)
<nacc> ahasenack: and i need to set DPKG_DATADIR in my wrapper(s)
<drab> tomreyn: I did it, you dind't see the query?
<ahasenack> nacc: dpkg-dev (which has dpkg-architecture) doesn't depend on dpkg
<ahasenack> nor recommends or suggests it
<nacc> ahasenack: right, i think that's the bug
<DammitJim> this must be the most ridiculous question asked here, but is it normal that one has to worry about each package installed where one defined an ubuntu version?
<nacc> ahasenack: as it does, in practice, as it seems to call out to a file from dpkg
<ahasenack> yeah
<DammitJim> so, I'm looking at erlang and it seems there is a hard coded apt list with ubuntu trusty
<drab> DammitJim: ? so installed a specific version rather than latest?
<DammitJim> so, if I was to upgrade to 16.04, I'd have to manually change all those, right?
<ahasenack> ubuntu@artful-no-dpkg:~$ sudo mv /usr/share/dpkg/tupletable /root
<ahasenack> ubuntu@artful-no-dpkg:~$ dpkg-architecture
<ahasenack> dpkg-architecture: error: cannot open tupletable: No such file or directory
<ahasenack> looks straightforward
<DammitJim> sorry, not specific version, but the repo was specified according to the version of ubuntu
<ahasenack> furthermore, it does
<ahasenack> dpkg-architecture: error: dpkg --print-architecture failed: No such file or directory
<nacc> ahasenack: yeah, it seems like  amissing binary-depends (at least for that package)
<drab> DammitJim: it depends what put the repo there? for 3rd party repos I believe so, yes
<drab> DammitJim: as the strings are not known
<nacc> ahasenack: kicking off a fresh build, with i think that what should fix it
<drab> for the official standard repo the do-release-upgrade should handle it
<sarnold> DammitJim: I believe the do-release-upgrade system will disable non-standard repos as part of upgrading. but using non-standard repos might indeed complicate or prevent upgrades entirely
<nacc> ahasenack: will hopefully be in r141/2
<ahasenack> ok
<DammitJim> sarnold, that's just part of knowing what you are running on your servers, huh?
<sarnold> DammitJim: yeah; if you choose to use third-party repos you better be prepared to understand why :)
<DammitJim> ugh... I feel overwhelmed
<DammitJim> thanks, though
<sarnold> DammitJim: just out of curiosity what features were in the third-party erlang repo that you wanted?
<DammitJim> it's actually not just erlang
<DammitJim> the devs requested to run rabbitmq with the latest
<nacc> ahasenack: build-source works now
<DammitJim> that worked fine with the default erlang
<ahasenack> nacc: same here
<DammitJim> but in the last update or not sure when, rabbitmq stopped working right when receiving ssl connections
<DammitJim> updating erlang from the erlang repos fixed the issue
<sarnold> ugh
<DammitJim> ?
<sarnold> that just sounds like a really frustrating thing to try to debug
<hehehe> good
<nacc> ahasenack: ha! finally beat the snap back into submission, import now succeeds
<ahasenack> \o/
<nacc> rbasak: --^ fyi
<ahasenack> hm, our openssl is quite old
<ahasenack> but that's a can of worms
<ahasenack> debian is ahead
<ahasenack> even debian stable (!)?
<ahasenack> "! DO NOT MERGE !" :)
<ahasenack> ok, so we still need the cyrus-sasl2 patch for an old ssl
<ahasenack> in artful
<ahasenack> just no need to submittodebian
<nacc> ahasenack: that sounds right
<docmur> Hey guys, I'm trying to run Jira on my Ubuntu Server but I keep running into this error: java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory  I think it's a Java Bug based off looking at with google, does anyone have a solution?
<nacc> docmur: libjli.so comes from openjdk-8-jre-headless (or -jdk-headless)
<nacc> docmur: s/8/7 if on an older ubuntu
<docmur> Hmmm okay, that's what I'm using, I'll trying updating it
<nacc> docmur: i guess it depends on what is loading and from where
#ubuntu-server 2017-08-15
<nacc> rbasak: i think you forgot to commit your tests/changelogs/test_distribution file. Can you do so and push it to master?
<drab> anybody around that happens to be into voip/asterisk? I'm trying to figure out what to do with the asterisk 11 install we have
<cpaelzer> good morning
<lordievader> Good morning
<rbasak> nacc: sorry! Done.
<LaserAllan> hey guys, do yu know of any webmail apckage that is updated by apt that can be added?, i have used squirrelmail until it was unsupported and Rainloop isn't handled by any repo so I am looking for a better solution.
<gunix> anybody set up galera arbitrator 3 on an ubuntu node?
<devster31> is there a clever one-liner to dump yaml to json?
<devster31> ok, this seems to work -> ruby -rjson -ryaml -e 'puts YAML.load($stdin.read).to_json'
<devster31> with pipes
<runelind_q> Ubuntu server sure likes to push out updates to its kernel
<ahasenack> rbasak: hi, ping
<ahasenack> rbasak: http://pastebin.ubuntu.com/25319275/ these 3 entries in d/changelog are related
<ahasenack> rbasak: would you prefer to see 3 individual commits, or one?
<cpaelzer> devster31: also python -c 'import sys, yaml, json; json.dump(yaml.load(sys.stdin), sys.stdout, indent=4)' < file.yaml > file.json
<cpaelzer> you surely can find more via search engines
<devster31> doesn't that require pyyaml or something?
<cpaelzer> yep
<cpaelzer> was installed for me already
<ahasenack> nacc: are you in yet? What's your opinion wrt my question above?
<cpaelzer> ahasenack: I can tell you what I prefer and usually do in these cases if you want?
<ahasenack> sure, I just asked them first because they are the uploaders
 * cpaelzer feels neglected
<cpaelzer> ahasenack: I'd make one commit each - but with slight adaptions to the commit message to get better changelogs
<ahasenack> heh, imagine how I feel with MPs up for more than a month :)
<cpaelzer> On the first one I make a level 1 entry in this case the use of ldap-auth-config AND in the same commit a level 2 entry what this commit changes in particular
<cpaelzer> Following commits have only level 2 entries as long as they belong to the same thing
<cpaelzer> on auto generated changelog that auto-groups them which I like to carry the "they belong together" meaning
<cpaelzer> I thought I reviewed all that made sense to review from me
<ahasenack> you did
<cpaelzer> all others had other reviewers for a reason
<cpaelzer> I saw your two new merges in the queue but since I started late ...
<cpaelzer> also I plan to add a few on my own today/tmrw as time permits
<nacc> ahasenack: reading
<nacc> ahasenack: it feels like they should be rewritten if they are related (tbh). I don't think it matters much if they are one commit or three, though.
<nacc> ahasenack: what matters is each commit accurately describes teh changes in it
<ahasenack> ok
<nacc> ahasenack: given that we don't want to accidentally cherry-pick only one of the three, though, it seems reasonable to make them one?
<ahasenack> it does
<ahasenack> you can't really just drop one of the 3, for example
<nacc> ahasenack: yep
<pankaj> I am trying to setup ssh connection between my Linux OS and virtual server but during 'ssh-copy-id username@remotehost' I am getting error. Please somebody help.
<tsglove> pankaj, help us help you.
<ahasenack> nacc: this one was sponsored already, what do we do with it from an MP perspective? https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/326073
<nacc> ahasenack: i don't recall, i'll leave it for now until we decide what to do with them
<ahasenack> ok
<dpb1> ahasenack: any open MPs for ubuntu-advantage-tools you need me to look at?  I'm starting with the doc
<nacc> so only 4 to review :)
<ahasenack> dpb1: no open mp
<ahasenack> dpb1: we just need to make a release in github, tag, if we are happy with it as is
<dpb1> ahasenack: can I install onto xenial from that ppa?
<ahasenack> dpb1: yes
<dpb1> (and get tip, I mean)
<dpb1> ok
<dpb1> I'll do that
<ahasenack> dpb1: ack had two changes since that build: manpage, and another I forgot
<ahasenack> manpage just had a new section about exit status
<dpb1> oh, it's not a recipe?  I'm shocked
<ahasenack> can recipes build from github?
<ahasenack> we might have to mirror
<dpb1> I really don't care
<dpb1> I'll just build the package here
<dpb1> n/w
<dpb1> just giving you a hard time
<dpb1> ahasenack: and, no landscape yet, right?
<ahasenack> right
<dpb1> ahasenack: lint failures!
<dpb1> shocked
<dpb1> again
<ahasenack> what did you run?
<dpb1> dpkg-buildpackage -uc -us
<dpb1> but, more cheaper... make lint
<ahasenack> ah, I blame ack for that. shellcheck in ubuntu is older than in debian
<ahasenack> and github installs the debian one
<ahasenack> which is fixed regarding those failures
<dpb1> should I be on artful for this testing?
<ahasenack> won't help you regarding shellcheck
<dpb1> or it's out of date there too
<dpb1> ok
<ahasenack> but are these run at package build time? Hm
<dpb1> :/
<dpb1> yes
<ahasenack> then we have to drop that
<dpb1> I can quickly fix I think
<dpb1> sec
<ahasenack> ackk: we need to drop shellcheck, it needs to work in plain ubuntu regardless of what we do to make it work in travis
<ahasenack> ah, he is away today
<dpb1> ahasenack: I'm putting up a branch, it's fine
<dannf> cpaelzer: should i just open a new bug for this pflash/apparmor issue?
<dannf> cpaelzer: or maybe discuss via e-mail somewhere? just trying to cleanly separate the issue from the migration one
<cpaelzer> dannf: yes they are separate issues for sure
<cpaelzer> dannf: and the one hitting the image files on all arches is fixed
<dannf> cpaelzer: cool - yeah, just didn't know if you minded a bug for an issue that's not actually in ubunt yet :)
<cpaelzer> dannf: so a new one would be great
<cpaelzer> dannf: I fixed the other one (images) already even it is not a bug yet
<cpaelzer> dannf: for qemu 2.10 prep
<cpaelzer> dannf: so yeah please, just need dmesg and the xml
<cpaelzer> ad I need to drive virt-aa-helper manually from there and see what rules it creates for the flash files
<dannf> cpaelzer: will do
<cpaelzer> dannf: I'm also on the minor one with the s390x packaging - cleaning that up
<cpaelzer> dannf: yet I think with a different fix than what you suggested
<cpaelzer> IMHO there is no reason to have s390 being the only different one
<cpaelzer> so I'd more likely adapt the d/control in a way to match the other architectures
<xnox> hmmm
<dannf> cpaelzer: i was assuming it was the only different one because it didn't have full emulation - e.g. requires hardware acceleration - but i'm not sure about that
 * xnox wonders if there is stuff that I did, that made s390x look odd. It should be just like x86_64.
 * xnox and e.g. should not be in "ports" bucket
<cpaelzer> well ther eis a partial tcg which can be used
<cpaelzer> so why not
<cpaelzer> xnox: yeah it was you :-P
<dpb1> ahasenack: https://github.com/CanonicalLtd/ubuntu-advantage-script/pull/39
<cpaelzer> but long enough ago that it doesn't matter
<cpaelzer> and that is my mindset as well, it should be just like x86, arm, ppc, ...
<cpaelzer> oO it seems gcc7 also makes qemu compiles unhappy
<xnox> cpaelzer, as long as you do not drop qemu-system-s390x i'm fine =)
<cpaelzer> I'd be the last one to do that
<cpaelzer> qemu2.10 is good with ggc-7 so overall all fine for artful
<cpaelzer> wow ggc new compiler, gcc of course
<drab> can anybody confirm that ubuntu-server is and will be using timesyncd?
<drab> it seems that this changed from 14.04 to 16.04, however the same seems to not be true for 16.04 desktop
<drab> I'm seeing ntpd running on a fresh install of desktop
<drab> also I can't see where the default is set and can't tell what timesyncd is actually using
<drab> the conf file has the fallback commented out, ntp.ubuntu.com , which if I had to guess I'd imagine is what is used, but I'd like to confirm that
<drab> yeah, confirmed with tcpdump, it's calling out to alphyn.canonical.com.ntp , guess maybe a patch to set that as deafult in the code
<teward> dpb1: ping
<dpb1> hey teward
<teward> dpb1: got your inquiry on the email of the meeting logs - sorry I was in a server room away from my phone
<teward> i just got the ping for it - my email parser read it and poked.  I'll be available, to my knowledge today, for the meeting next week if there's a need for me to be backup
<teward> if something comes up I'll let you all know.
<dpb1> teward: no worries at all, just wanted to give you a heads up you are getting close
<teward> yep, I checked that myself :)
<dpb1> heh
<dpb1> cool
<dpb1> thanks for getting back
<teward> yep
<Vladimirski> is there an alternative to proxmox on ubuntu-server(by that I mean is supported by ubuntu)?
<drab> Vladimirski: to do the same thing/everything that proxmox does? what I mean is, it could be easier if you were interest in only particular features
<drab> for example if you were just doing qemu and weren't interested in a web interface you could use libvirt with virsh/virtmanager
<drab> or if you were interested in containers with lxd and new lxc command line
<Vladimirski> drab: Well I need a virtual environment where I can host different operative systems
<drab> ok, does it have to have a nice to use web interface?
<Vladimirski> well it would be nice to have one
<Vladimirski> drab: I was thinking of using KVM, maybe there's a webgui for it
<Vladimirski> drab: Actually oVirt maybe is my solution?
<drab> if you want a bwe based solution the best I know is Ovirt
<drab> yeah, was typing just that
<drab> if you're xen oriented, there's xenserver
<drab> for kvm, if you have a desktop, libvirt + virtmanager is actually really neat
<drab> but I guess it's not as aware of a cluster of libvirt instances and so forth
<drab> it depends how "cloud" you're trying to go
<Vladimirski> thanks
<Vladimirski> gotta think about it
<drab> if you just want to run a bunch of virtual machines on one or two servers, then imho libvirt + virtmanager is probably the easiest
<Vladimirski> it should be to complicated in configuration sense..
<Vladimirski> alright
<drab> if you're trying to do something more advanced, then probably ovirt is a better choice if you don't want to run proxmox (which afaik is one of the best solutions out there)
<drab> but you have to use their own debian isos, which is one of the reason I ddin't go with it
<drab> Vladimirski: fwiw, I don't know what you're doing, but if you have limited capacity containers may be a better choice than full virtualization
<drab> I've pretty much migrated all my instances from kvm to lxd minus a few where kernel space stuff matters or I need further isolation at that level
<RoyK> kvm/libvirt works well alone, but it's not very straight-forward to setup in a multinode setup
<drab> most notable example, nfs-kernel-server
<drab> yeah
<drab> hence the suggestion for ovirt in that case, more similar to proxmox, but also more work to setup and maintain ime as complexity is higher
<drab> libvirt + virtmanager is *really* straightforward
<drab> https://help.ubuntu.com/lts/serverguide/NTP.html
<drab> stuff on this page seems not true... specifically the interaction between timesyncd and ntp
<drab> anybody familiar with the two?
<RoyK> except for multinode, perhaps, where you'll need corosync and friends, which can be a bit of a hassle
<drab> "If NTP is installed and replaces the activity of timedatectl the line "NTP synchronized" is set to yes."
<RoyK> that is, haven't used it or some time, so it might be easier now
<drab> but that doesn't seem to be the case. I removed ntp and timedatectl still says NTP synchronized is true
<drab> ie nothing seems to change
<RoyK> drab: just wait a while and time will drift
<drab> and I can't really remove it as it's not its own package (timesyncd I mean)
<RoyK> ntp setup is the easy part
<drab> yeah it's all done, but the interaction between the two is very opaque
<drab> I don't see where timesync checks for ntp etc
<drab> or where you'd "deconfigure" timesyncd
<drab> so I have no confidence that this is working correctly and timesycnd is backing out leaving ntp to do the job
<RoyK> simply installing and configuring ntpd with a local-ish ntp server should do the job down to a very small fraction of a second between the hosts
<drab> yeah, that's not what I'm concerned about, what looks dubious is the interaction with systemd-timesyncd
<drab> again look at the official doc I linked, it says something very specific about the interaction of the two
<drab> and that doesn't hold true in my experiment
<hehehe> hi
<hehehe> if I want to checkout a specific stuff from git but its not  branch but tree
<hehehe> https://github.com/opencart/opencart/tree/2.3.0.2
<hehehe> how do I clone that?
<hehehe> :D
<drab> it's not a "tree", that's just the web view in github
<drab> there is a tag for 2.3.0.2 release, that's what you clone
<drab> hehehe: https://git-scm.com/docs/git-clone#git-clone--bltnamegt
<drab> as the man page says you can specify a tag with the branch command
<hehehe> cool
<ahasenack> cpaelzer: around still?
<ahasenack> (not urgent)
<hehehe> solved it
<cpaelzer> ahasenack: here
<hehehe> next idea - some app where it simulates icecream :) you have to lick a screen at high speed to eat it lol
<ahasenack> cpaelzer: checking that extra patch in cifs-utils, doing some archeology
<ahasenack> cpaelzer: I think it's not needed, because
<ahasenack> cpaelzer: a) http://pastebin.ubuntu.com/25320452/ 6.2 release notes mentions that that binary is now searched using $PATH (I'm trying to find a diff)
<cpaelzer> thats exactly why I asked, because I often find archeology turns out to be inertesting :-)
<ahasenack> cpaelzer: b) this is the patch: http://pastebin.ubuntu.com/25320448/
<ahasenack> c) http://pastebin.ubuntu.com/25320445/ is the code without the patch
<ahasenack> it seems our check is reduntant, although it would avoid some unecessary calls
<nacc> hrm, that is not the 'canonical' way to check if systemd is running
<ahasenack> but also make it less robust if the binary ever moves to another location
<hehehe> nacc: yes so :))
<nacc> checking for /var/run/systemd is, iirc
<ahasenack> the switch to using popen is from 2013
<ahasenack> (in cifs-utils)
<ahasenack> I searched lp for closed bugs but only found one asking to update cifs-utils
<ahasenack> will try a more thorough d/changelog search now
<cpaelzer> ahasenack: well there could be the case of systemd having the paths above and considers it is_systemd_running
<cpaelzer> ahasenack: but lacks the binary
<nacc> ahasenack: yeah, i'd file an upstream bug that those checks are sort of wrong
<cpaelzer> ahasenack: I thik that is what the check was meant for
<ahasenack> well, nothing is checking that it's running, not even our patch
<nacc> semantically, they clearly are trying to :)
<cpaelzer> which is a sub-optimal upstream
<nacc> but they are using the wrong semantics
<nacc> i believe the /var/run/systemd check is what pitti or xnox told me to use
<cpaelzer> ahasenack: well if the popen fails they will end as if the check would have been wrong
<cpaelzer> so yeah
<nacc> (for puppet upstream)
<cpaelzer> dropping our delta would make it even better
<cpaelzer> as it would work if the path changes
<xnox> nacc, but do forget that /var/run exists.
<xnox> nacc, only ever use /run/systemd/system check; as /run/systemd exists on systems with pid 1 upstart, and logind running.
<nacc> xnox: :) is there a "new" path to check for systemd running? /run/systemd then, i guess you mean?
<nacc> xnox: ah yes, thanks!
<xnox> /run/systemd alone is not sufficient.
<nacc> right
<nacc> sorry, misremembered
<cpaelzer> and here we have an examples how checks like these get to life
<cpaelzer> we are all humans and software changes
<cpaelzer> ahasenack: TL;DR we can make this a sync - right?
<nacc> so i don't think it makes sense to keep this delta
<nacc> and i think it makes sene to file a bug upstream and say fix your check
<xnox> at one point it was /run/systemd, but then pitti fixed it in all the software and upstream to be be more specific.
<nacc> with a suggested patch
<cpaelzer> since we already discussed the other one away
<ahasenack> cpaelzer: possibly, I'd just like to test that is asks for the password correctly
<Vladimirski> drab: thanks, do you know about a good libvirt + virtmanager setup guide?
<ahasenack> cpaelzer: is debian using systemd?
<xnox> nacc, what's the code? because i thought pitti did fix all the things to migrate to the fuller check.
<cpaelzer> ahasenack: yes, but you can switch init systemd if you want to do so badly
<cpaelzer> -d
<nacc> xnox: cifs-utils
<nacc> ahasenack: you checked upstream too?
<xnox> looking at http://pastebin.ubuntu.com/25320448/ it seems wrong
<ahasenack> nacc: fetching their git repo now
<nacc> ahasenack: ack thanks
<xnox> systemd-ask-password is optional, and systemd cgroup exists on upstart+cgmanager+logind and thus without systemd pid1
<ahasenack> nacc: upstream is http://pastebin.ubuntu.com/25320445/
<nacc> xnox: yeah the cgroup check makes little sense
<xnox> yeah the comment in 5 is wrong.
<ahasenack> if any of that fails, it will fallback to getpass()
<Vladimirski> drab: btw, is it possible to connect to the virtmanager via the net, instead of having it locally?
<nacc> ahasenack: ah! it's to know just whether it should use systemd-ask-password?
<nacc> ahasenack: shite code
<mason> Vladimirski: yes
<mason> Vladimirski: Connect via ssh.
<ahasenack> nacc: yes, that is probably a better alternative for fstab entries during boot
<drab> Vladimirski: I don't know of a tutorial off the cuff, I just google all the time. and yes, you can connect over ssh, which is how I sued it
<ahasenack> nacc: I've seen it working, btw
<mason> drab: Did you take all its money?
<cpaelzer> ahasenack: xnox upstream git still is that way as well, not just in debian
<drab> Vladimirski: you install virtmanager on your dekstop and libvirt on the server where you do the virtualization
<ahasenack> it's just like that dmcrypt prompt, it shows up nicely in ubuntu's splash screen
<Vladimirski> drab: conncet via ssh to see the gui?
<drab> mason: ?
<nacc> ahasenack: sure, i mean it "does work", but it works by chance, i think
<Vladimirski> oh I see
<Vladimirski> drab: ALright, thank you :)
<ahasenack> nacc: maybe it would fail on trusty :)
<xnox> nacc, ahasenack: https://github.com/systemd/systemd/blob/master/src/libsystemd/sd-daemon/sd-daemon.c#L628 -> sd_booted is the function to use if one is ok linking libysstemd; or one should mimick the check that /run/systemd/system folder exists.
<mason> Vladimirski: Glad drab could help you out with that.
<nacc> ahasenack: the semantic they want is "if i am on systemd and systemd-ask-password exists (and is executable?)), use it
<cpaelzer> nacc: ahasenack: but a bug and suggestive patch to upstream and making the package atm a sync should be a good way (as actions for now) - right?
<xnox> nacc, ahasenack: feel free to bash upstream with https://github.com/systemd/systemd/blob/master/src/libsystemd/sd-daemon/sd-daemon.c#L628
<nacc> cpaelzer: +1
<ahasenack> nacc: yes
<nacc> ahasenack: their variable name is confusing :)
<nacc> ahasenack: at a minimum
<Vladimirski> mason: sorry, I saw your answer as well. Thanks :)
<drab> afk, bbl
<mason> :P
<Vladimirski> mason: didn't mean to leave you out..:(
<mason> Vladimirski: FWIW, you can either ssh to root (just be very careful) or ssh to a user in the right group, so you have some options.
<mason> Either way, consider using limiters on what the account can do via ssh connection.
<ahasenack> cpaelzer: ok, so let me try the debian code without our patch, make sure it can mount cifs filesystems during boot
<ahasenack> and if yes, i'll comment on the mp, we abandon it, and you sync?
<cpaelzer> ahasenack: yes lets do it that way
<nacc> ahasenack: requestsync if so
<nacc> and/or the MP (but requestsync will file a bug)
<ahasenack> nacc: what's that?
<nacc> ahasenack: yet another tool :)
<mason> Vladimirski: A quick search turns up: https://serverfault.com/questions/407497/how-do-i-configure-sshd-to-permit-a-single-command-without-giving-full-login-ac
<ahasenack> another magical script from ubuntu-dev-scripts? :0
<ahasenack> :)
<cpaelzer> ahasenack: a tool to open a bug to request a sync
<nacc> which we'd want in this case, to track down the logic of syncing it (why the delta can be dropped)
<nacc> (IMO)
<cpaelzer> for documentation at least
<mason> Ah, there it is. man authorized_keys and search for command=
<nacc> as it's not entirely obvious to drop a quilt patch
<cpaelzer> nacc: +1 on explaining on a please sync bug
<ahasenack> ok, I'll do that, coment on the reasoning in the bug,
<cpaelzer> but to admit I never used the tool but opened the bug the "classic" way
<cpaelzer> which there are 3-5 :-)
<Vladimirski> mason:  I tend to you private keys when using ssh which seems much more secure
<Vladimirski> to use*
<ahasenack> and maybe file an upstream bug to improve the systemd detection, I have to read more carefully what xnox said above
<cpaelzer> perfect ahasenack
<mason> Vladimirski: If you look at that command section, that works with private keys and provides a bit more protection.
<nacc> ahasenack: yeah, i think that can be a card in our board to do after FF
<Vladimirski> mason: that's great
<ahasenack> cpaelzer: nacc xnox ok, thanks for the feedback
<nacc> ahasenack: yw
<mason> Vladimirski: FWIW, I was using Xen for years, and only in the last year or two am I using libvirt and friends, and I have to say, I quite like it. Very flexible and convenient, and I love virt-manager.
<Vladimirski> mason: thanks again mason :)
<cpaelzer> ahasenack: yw++
<cpaelzer> dannf: did I miss the new extra bug on the pflash lock byte issue - or just no time yet to file?
<cpaelzer> dannf: not that I'd expect to work on it today - just don't want to miss it
<cpaelzer> ahasenack: feel free to drop me a mail with the sync bug eventually
<cpaelzer> ahasenack: in case non picks up today I will tmrw then
<ahasenack> I'll add it to the mp if that's ok
<cpaelzer> yeah fine for me
<ahasenack> cool
<cpaelzer> I wasn't sure which of our portfolio of options you'd take :-)
<dannf> cpaelzer: you haven't, i'll file it now
<hehehe> quick question :) reinstalling php app here, on same box, folders permisson 750 files 640 owner is root:www-data, should work but something is a miss - using nginx
<hehehe> gives 403 :))
<ahasenack> xnox: looking at https://github.com/systemd/systemd/blob/master/src/libsystemd/sd-daemon/sd-daemon.c#L628 finally
<hehehe> I sense I might of omited something I have done before
<ahasenack> xnox: we could use that to decide if systemd is being used, it's my understanding
<ahasenack> and then for this particular use case we would add another check to see if systemd-ask-password is available (since you said it was optional), and only then call it
<ahasenack> these two conditions: systemd being used, systemd-ask-password installed
<ahasenack> righT?
<xnox> ahasenack, in essence drop the cgroups check, use the check that /run/systemd/system folder exists.
<ahasenack> right
<xnox> (because e.g. upstart, cgmanager, cgroups-lite, all face a systemd cgroup for logind integration)
<ahasenack> use that for the "is systemd being used?" check instead of what was in that pastebin
<hehehe> in fact in no one would be wrong no one could of been right :)
<xnox> ack.
<hehehe> *if
<ahasenack> xnox: ok, thx. I'll file an issue with upstream
<xnox> tah.
<ahasenack> mh, looks like a lot of people dropped from irc
<hehehe> yes
<hehehe> they been punished for idling :) by god of action
<hehehe> *have been
<drab> hopefully there's no god of poor questions punishing ppl asking for help without doing research first
<hehehe> :))
<dannf> cpaelzer: LP: #1710960
<ubottu> Launchpad bug 1710960 in libvirt (Ubuntu) "QEMU 2.10 may require AppArmor updates for pflash devices" [Undecided,New] https://launchpad.net/bugs/1710960
<eliam> is this place only for ubuntu-server issues or can you help with other more wtfamidoingarghitsbroke linux server-ish kind of things?  specifically mail, stupidly behind NAT which I'd like to correct.
<eliam> oh, and hi :)
<sarnold> we try to be helpful such as we can..
<eliam> ah ok, thanks :) my question is kind of, what's normal.  ok, I'll try again.  if you have a gateway machine but you don't want to serve mail from the gateway, it appears NAT'ing the SMTP loses a lot of email kind of info that services like postfix need for mail spam blocking (ip mainly)
<eliam> so, do you setup two mail servers?  one on each hop?  postfix them both?  simple sendmail on the gateway with postfix downstream?  none of the above?
<hehehe> Package 'php7.0-fpm' has conffile prompt and needs to be upgraded manually
<hehehe> what can it mean?
<eliam> hehehe, I googled it for you :) https://askubuntu.com/questions/921162/how-can-i-automate-a-conffile-prompt-in-unattended-upgrades
<hehehe> ty
<hehehe> so automated updates can rewrite default php config?
<hehehe> going to apply that fix
<eliam> I'll setup mail submission on the submission port but turns out I quickly became an open relay and upstream (google) got a little grumpy
<sdeziel> eliam: DNAT'ing a port from your public gateway to your private SMTP listener shouldn't remove anything useful for Postifx to ID spam
<drab> sdeziel: I don't see the problem with NAT, but in any case, a DMZ with routing would remove the need for NAT'ing if that's a problem
<drab> eeer, eliam
<eliam> So, postfix sees all inbound mail as coming from 'within the network' due to the source ip being the NAT firewall box
<drab> eliam: you need to basically add a subnet on the gw, put postfix on that subnet and route
<sdeziel> eliam: if postfix sees only the firewall's IP that probably means you have a SNAT/MASQUERADE rule that is wrong
<drab> that shouldn't be the case, the gw should only do DNAT, not both SNAT and DNAT
<drab> yeah, what sdeziel said
<eliam> https://pastebin.com/pZpN4Zy0
<sdeziel> eliam: iptables -t nat -nvL POSTROUTING
<sdeziel> or better yet, iptables-save
<eliam> if you want but there appears to be *a lot* of repeats!
<eliam> http://paste.ubuntu.com/25321152/
<sdeziel> eliam: you shouldn't mix conntrack and state. conntrack replaced the older/obsoleted state module
<sdeziel> eliam: yes, you have quite a few dup
<eliam> ok, I'll look at that.  So, I guess it's DNAT and postfix turned me into a relay (as the whole internal subnet was 'allowed')
<sdeziel> "-A POSTROUTING -o eth0 -j MASQUERADE" => could be the faulty one. Can you give the output of "ip ro g 192.168.1.70"
<sdeziel> eliam: yes, if you authorized relying from 10.0.0.0/8 and you wrongly masquerade to an IP in that range when reaching the SMTP box, then yeah, open relay
<eliam> ip ro ... http://paste.ubuntu.com/25321194/
<sdeziel> eliam: so yeah, that confirms the issue. You want to make that "-o eth0 MASQUERADE" rule a tad more specific
<sdeziel> eliam: maybe replace it by "-A POSTROUTING -o eth0 -s 192.168.0.0/16 -j MASQUERADE"
<sdeziel> eliam: your LOGDROP chain doesn't log, it just DROP ;)
<eliam> it's an IMightLogThatSometime chain :)  I turn logging on if I'm interested but the logs get *filled* otherwise so I remove it
<sdeziel> ah
<eliam> so basically I'm a bit confused about iptables then and need to read a little.  external traffic can't see the mail server, hence the DNAT.  If I limit to internal traffic, mail won't reach the mail server, will it?
<sdeziel> eliam: your DNAT and FORWARD rules are OK
<sdeziel> eliam: the problem is that when your firewall/gateway passes the SMTP traffic over to 192.168.1.70, it goes out eth0 and you have a rule that says:
<sdeziel> when traffic goes out of fw's eth0, make the source 192.168.1.2
<eliam> oh dear :(
<eliam> I didn't mean that!
<sdeziel> most probably not :)
<eliam> maybe the masquerade is not needed at all then?  The 'gateway' per se is actually just for inbound DMZ traffic and isn't really the network gateway (which is the router).
<sdeziel> replace "-A POSTROUTING -o eth0 -j MASQUERADE" by "-A POSTROUTING -o eth0 -s 192.168.0.0/16 -j MASQUERADE" and you won't be doing the undesired source rewrite
<sdeziel> ah, then I think I know why you added that MASQUERADE rule ;)
<sdeziel> if you remove the MASQUERADE rule things will stop work
<eliam> urgh!
<sdeziel> if you don't source rewrite, when 192.168.1.70 will respond to 1.2.3.4 (random public IP), it will go via the gateway and no the firewall
<sdeziel> which is asymmetric routing and doesn't work
<sdeziel> can you have the gateway take care of the DNAT itself?
<eliam> as opposed to the firewall dmz box which I called 'gateway' just to confuse myself?
<sdeziel> hehe
<eliam> Yes, I suppose I could.  I wanted to route *All* inbound traffic to the fw_gateway and have it decide what to do.  That way, the router gw with the dodgy web interface is avoided, however, sounds like I've tied myself up in knots...
<eliam> at this point, anything to reduce the spam which is literally 96% of all emails I receive!  (the rest come from cron)
<sdeziel> what I'd do is put the firewall box "behind" the dodgy router and make the firewall, the network gateway
<sdeziel> this would avoid the asymmetric routing
<hehehe> where are usually systemd service files are located?
<sdeziel> hehehe: systemctl cat <unit_name>, will show you the unit and where all its pieces are coming from
<hehehe> cool thanks!
<sdeziel> np
<sarnold> hehehe: see the list in systemd.unit(5)
<eliam> yes, that makes sense.  The crazy thing is, I did most of this for fun and it's not really physical boxes.  At some point (once I get the backup space), I'm likely to rebuild and it'll then only be a single box for the services.  I just liked the idea of separating out DNS / mail server / fw / web etc...
<eliam> so, until that point, dodgy isp nat routing ftw
<eliam> thanks for debugging and explaining that all for me
<hehehe> well ok so now I have removed installed custom nginx with modsecurity via using find and rm , then I apt-get install ubuntu 16.04 default
<hehehe> when I do nginx -v it cant even do anything
<sdeziel> eliam: depending on what kind of Internet connection you have, you may be able to terminate it on your own machine thus bypassing the dogdy router
<hehehe> nginx -v The program 'nginx' can be found in the following packages:
<hehehe>  * nginx-core
<sdeziel> eliam: by "terminating it" I mean have your public IP(s) directly on your own equipment and use the dodgy ISP device just as modem
<hehehe> I presumed apt-get will simply download and place binary where it belongs
<eliam> sdeziel, will it annoy you if I let slip I don't have a static ip?  It's uk based fttc with vdsl or something similar
<sdeziel> eliam: with vdsl you have a chance of PPPoE passthrough ;)
<sdeziel> eliam: dynamic IP doesn't matter
<sdeziel> eliam: the idea would be to terminate your PPPoE session on your Linux box, this way, you'd use only the modem part of the ISP device
<eliam> sdeziel, I cheated because I used the dynamic hostname as the dns server (mine local) so everything serves to the same ip.  it's bonkers really but hasn't broken the internet yet and the ip leases are pretty long.
<sdeziel> eliam: sure, using dyndns makes sense in your case
<hehehe> :DDD
<eliam> sdeziel, interesting.  I'm basically running dhcp, dns, fw and gateway so pretty much have the routing covered.
<eliam> although....wifi devices on the network too
<eliam> anyway, you've helped me understand why something which has annoyed me for sometime is not working (or is working as configured) so many thanks.  I even went on the postfix chat a fair while ago but didn't get any the wiser.
<hehehe> :)
<hehehe> this is da top room
<hehehe> + #linux and #security
<sdeziel> eliam: moving your PPPoE to your Linux machine will let you bring lots of sanity in all this
<sdeziel> hehehe: if you properly cleaned the manual nginx install, then yes, "apt-get install nginx-core" should get you going
<hehehe> sdeziel: whats the diff between core and full?
<sdeziel> hehehe: core is what upstream ships enabled by default (what they trust and are OK with supporting)
<teward> *waves*
<sdeziel> hehehe: -full has more modules enabled
<teward> not sure why I wasn't pinged on the question ;P
<sdeziel> yeah, teward's the guy ;)
<teward> hehehe: -full has a few extra third-party module
<teward> s
<teward> -core is the same thing minus the third-party modules
<eliam> sdeziel, I believe you, I just don't quite know what that means yet :)  so, step 1: remove all dnat from fw_fake_gateway and dnat from real gw.  Step 2, learn about PPPoE from linux.  Step 3, ....   Step 4, PROFIT!
<hehehe> https://askubuntu.com/questions/553937/what-is-the-difference-between-the-core-full-extras-and-light-packages-for-ngi
<hehehe> got it
<teward> hehehe: fun fact: that's my answer on that question :p
<sdeziel> eliam: before diving into PPPoE, you may want to put your ISP device model # into google and check if it supports "bridge mode" or "PPPoE passthrough"
<hehehe> teward: and you can make nginx-monster by adding modsecurity to it :D
<teward> hehehe: never going to happen.
<teward> at least, not in Ubuntu at this time
<hehehe> good
<hehehe> its some kind of monstrosity :)
<teward> you want modsecurity for nginx, you can go compile it for the nginx version you're after
<teward> i'm not gonna support that in Ubuntu - that's why naxsi was dropped post-Trusty
<hehehe> I did and I endup deleting it all
<hehehe> decided to simply focus on php apps code quality instead :)
<teward> indeed.
<teward> if I'm running a WAF, it's probably a Barracuda on the border before the app.  Just saying :p
<teward> in any case... if you have any other nginx questions feel free to ping me here :)
<teward> *drifts back into the world of mail gateways and setting up mail relays for all his email servers*
<eliam> sdeziel, good tip as the answer is no.  Wish I never let them back in the house when I had two separate devices previously which they swapped out for a 'combined' one.
<teward> this will sound stupid but is there anything wrong with running an IPSec, OpenConnect, and OpenVPN server on the same machine lol
<eliam> sdeziel, I could always just use it as the 'upstream' and have everything else on a different subnet with the firewall gw in the dmz and as the subnet default route I guess
<hehehe> teward: btw have you looked into japanese open source vpn software?
<hehehe> they also provide many volunyteer run relays for chinese who want to bypass great firewall :)
<teward> hehehe: (1) I'm not chinese.
<teward> (2) I'm an IT Security pro who knows 99% of those VPN softwares contain malware.
<hehehe> volunteer
<hehehe> hmm lets see
<teward> (3) Chinese hackers use those VPNs, and I don't want the Feds to come down on me like a bag of hammers.
<teward> so, no thanks!
<hehehe> https://www.softether.org/
<hehehe> that one
<eliam> sdeziel, now I remember
<sdeziel> eliam: yeah, if you can configure the ISP device to have 2 subnets/VLANs that might be your best bet
<eliam> I think the isp dnat only works for external traffic
<eliam> hmmm, maybe that's ok actually
<sdeziel> eliam: yeah, that would seem OK to me :)
<eliam> but that had something to do with the original decision making somehow
<eliam> maybe before I setup the dns
<eliam> yes, so, external mail traffic hits the dnat to the mail server, internal mail traffic is routed directly.  (in real terms, I don't need to change the settings on my phone for my mail app when I walk in / out the door)
<sdeziel> for your internal traffic to be routed directly, you probably need a private DNS entry that says "mail.mydomain.com IN A 192.168.1.70"
<hehehe> so I installed nginx-core from ubuntu repository and now - stat("/var/www/html/index.html", 0x7ffed26685c0) = -1 EACCES (Permission denied)
<hehehe> when I run strace - however I got index.php and php fpm works, 0 errors
<hehehe> I did try to open test php file I made and I get file not found
<eliam> sdeziel, yes, the internal dns zone is configured
<eliam> sdeziel, does iptables-save use something cached?
<sdeziel> eliam: no, iptables-save dumps verbatim what's loaded in the kernel
<eliam> sdeziel, ok, follow on question :) -F -X doesn't actually clear the firewall?
<sdeziel> eliam: you can't use both -F and -X at the same time
<eliam> sdeziel, iptables -L now shows nothing.  iptables-save shows *a lot*
<eliam> sdeziel, sorry, iptables -F && iptables -X (not using the flags together)
<sdeziel> eliam: I personally prefer to do this: iptables-save > ruleset; vim ruleset; iptables-restore ruleset
<hehehe> i use ufw its a bit easier
<eliam> sdeziel, sure but iptables-save is dumping a whole host of stuff when iptables -L shows nada
<eliam> I'll try using restore instead
<sdeziel> eliam: iptables -L, shows you the filter table only while iptables-save gives you all
<hehehe> eliam: talking about bugs there is actual bug on my monitor now :)
<hehehe> attracted by light
<eliam> we had cockroaches in the office.  say no more!
<hehehe> lol
<eliam> first I new was an email from another team saying 'serious bug found this morning' with an attached pic
<eliam> knew
<eliam> urgh, think I'm tired now
<hehehe> lol eliam why do you use such complex mail setup?
<hehehe> whats it for?
<eliam> time to go break stuff and try to work out how it all fits back together
<eliam> hehehe, it's not complex, it's just email
<eliam> hehehe, as in, roll your own
<hehehe> well then make a standalone server for it
<hehehe> with own ip
<eliam> hehehe, I don't have any real ip ;)
<hehehe> well ask ISP for one
<eliam> hehehe, lol! what fun would that be!
<eliam> hehehe, this is mail masked dnat gateway confusion.  it's a much better setup
<sdeziel> eliam: if you settle on using iptables-save/restore, you may want to install "iptables-persistent" as it will take care of loading up your rulesets on boot
<sdeziel> eliam: removes the need to run a script that loads 1 rule at the time
<ChmEarl> what day was 16.04.3 released?
<eliam> sdeziel, I have a rule somewhere on boot which reads the last iptables-save I did
<hehehe> eliam: I simply pay some guys to maintain email server for me :) even easier
<eliam> hehehe, ease doesn't teach though
<ChmEarl> is it the moddate on /etc/os-release?
<sdeziel> ChmEarl: https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule says August 3rd
<hehehe> eliam: correct and once I become all knowing I will know it anyway :)
<eliam> eliam: How does email work?  hehehe: I pay some guy and stuff happens :)  I want to know what stuff, when, how etc
<ChmEarl> sdeziel, ty that page is what I need
<hehehe> eliam: well you see if I am to learn and learn and learn - instead I choose to know myself, once I am fully myself I will know all anyway
<eliam> hehehe, let me know if it works ;)
<hehehe> I did run 1 stand alone email server before cant say if it was secure secure but I did setup dkim spf and emails were going to inboxes :)
<hehehe> how I can print  out a list of packages I got installed grouped by main universe multiverse and 3rd party?
<dlloyd> apt-cache policy will give you both package name and source
<dlloyd> scratch that
<dlloyd> disregard me
<drab> I don't know of any command, cache, showpkg or policy that will provide that info
<drab> the best I can think of is something that parses the list of pkgs and matches them to the list of pkgs from the mirrors
<drab> something like this:
<drab> dpkg -l | awk '{print $2}' | tail -n+6 | xargs -i grep -o {} /var/lib/apt/lists/*_binary* | sort | uniq
<drab> from the file name that matches you should see the arch, the pool, the mirror, everything basically, since the name is a concatenation of all those info
<sarnold> awk '/^ii/ {print $2}'
<drab> oh, better, yes
<sarnold> oh then you can skip the tail too
<drab> good point
<drab> hehehe: dpkg -l | awk '/^ii/ {print $2}' | xargs -i grep -o {} /var/lib/apt/lists/*_binary* | sort | uniq
<hehehe> cool, ty
<drab> this ntp business leaves me pretty perplexed...
<drab> some clients seem to simply not reconnect, just sit there saying there's a pool and do nothing, have to restart ntp, which isn't really good
<hehehe> in etc/apt when I check sources list I see digital ocean repo however its not a sources.list.d dir and main file is generated on a boot, so from where it comes from?
<hehehe> drab: which ntp biz?
<nacc> hehehe: are you on digital ocean?
<hehehe> no on ovh, just ages ago when installing mariadb I added digital ocean repository - copy pasted tutorial , now I purged it and will install ubuntu one instead
<hehehe> however have to remove that digital ocean entry first
<AdamMc> Does the version of apache that comes built-in on Ubuntu 17.04 Server support Virtual Hosting?
<sarnold> if adammc returns, https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-16-04 looks useful
#ubuntu-server 2017-08-16
<hehehe> solved :)
<sarnold> Adam-M: try this https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-16-04
<hehehe> sarnold: have you practised with some boxes to find php etc code that lead to exploit?
<hehehe> that can be a valuable skill imo
<hehehe> quick detection and patching
<hehehe> eureca
<sarnold> hehehe: in some sense that's pretty much my job -- review code, get a feeling for how good or bad it is, and see if we can support it
<sarnold> hehehe: thankfully it's not much php, that requires a lot of specialized knowledge that I'd rather spend the effort learning better tools, like rust
<hehehe> rust is bad name
<hehehe> usually when iron is rusty is like eeeeww
<hehehe> well just my initial reaction
<hehehe> however its interesting and telling - the way people chose to name software
<hehehe> rocket.chat - overtaking slack now and name is fitting
<hehehe> whats rust for? :)
<sarnold> rust is a new systems programming language designed to make it possible to write fast, concurrent, safe, programs
<hehehe> hmm
<hehehe> I like bubble.is and similar :)
<hehehe> works well for me
<hehehe> how rust make software safer?
<hehehe> the name itself is not  off puting to you?
<hehehe> rust=decay hmm :)
<sarnold> the name was chosen in part because it's using "old" ideas in programming language research, algebraic data types, generics, 'move semantics', traits, etc...
<hehehe> i would call it - simple
<hehehe> since simplicity is simply effective
<hehehe> whats their website?
<sarnold> hehehe: https://www.rust-lang.org/en-US/
<hehehe> and yes if we program or do any other action out of abundance of energy its easy, if we use energy that is not abundant - aka pushing then its not wise
<hehehe> as body may need this energy for own needs lol
<drab> sarnold: just out of curiosity, wasn't that the whole point of go?
<hehehe> current control of money issuance by central banks promt but not force many people to push themselves
<hehehe> drab: imo `my` idea of new language called simple can work well :) for extraverts at least
<sarnold> drab: go's aim appears to be high productivity low barrier to entry; it has a garbage collection system, lacks generics, lacks algebraic data types, and is very difficult to use for FFI with other programming languages. Go's really good at providing transparent async io servers, REST apis, etc., but it would be a really poor fit for an OS kernel
<drab> sarnold: oh, I see, for some reason I was thinking about concurrent, fast safe server programs (aka daemons, etc)
<drab> thanks for explaining
<sarnold> drab: there's loads of places where garbage collection means it's already a non-starter
<sarnold> drab: and to my knowledge go doesn't have any mechanism that forces programmers to handle errors -- just (foo,_) = function(...) means that you'll never know if the function errors..
<sarnold> drab: rust _almost_ has sometihng similar, on Option<> and Result<> types, unwrap(), but that's easy enough to search for if you want to find out what in your code doesn't check error returns
<hehehe> so which building blocks a language usually have?
<hehehe> is there a diagram?
<hehehe> language anatomy
<sarnold> hehehe: http://colinm.org/language_checklist.html
<drab> sarnold: thanks for sharing, hvaen't really got that deep in either languages, partially trying to get out of this rather than the in, but the curiosity hasn't completely gone :)
<sarnold> drab: I can understand :)
<sarnold> drab: I have to say that I felt an excitement writing my first few rust programs that reminded me why I got into the field in the first place
<hehehe> sarnold: that dude is sado maschochist
<sarnold> drab: so much about it was entirely new to me, so I felt like an absolute beginner again, and yet it was fun all the same. It's hard to explain.
<hehehe> who simply invents problems instead of solutions :D
<drab> sarnold: been there, I can relate
<hehehe> I prefer to create something instead of bla bla all is bad and cant be fixed
<hehehe> :)
<hehehe> and only old things are cool
<drab> sarnold: I actually go for that type of experience routinely trying to pick up new skills, mostly non tech these days
<sarnold> hehehe: this checklist started as a joke on usenet many years ago and has grown over time :)
<hehehe> dunno
<hehehe> its seems like a very bland satire
<hehehe> attempt at satire :)
<sarnold> hehehe: but it was the most concise thing I could think of to describe many of the tradeoffs involved in language design
<drab> it's pretty good
<hehehe> if you constraint your thinking by thinking there are trade offs
<hehehe> you will find it hard to invent
<hehehe> and unleash your creative powers
<sarnold> drab: definitely a good idea; I picked up german that way, trying russian now..
<hehehe> you can learn russian fast
<hehehe> in 2 weeks, already can speak some
<hehehe> create efficient language is tricky cause entire field is obscured for certain reasons
<hehehe> however if you dont go with brainwash should be easier :)
<hehehe> after all cpu can process yes and no 1 and 0
<hehehe> that si very simple
<hehehe> its electro magnetic force same force thats inside our physical body
<hehehe> so making software based on cpu can be easy
<hehehe> save on harvard https://thepiratebay.org/torrent/9676621/Programming_Languages_Theory_Book_ :)
<lordievader> Good morning
<cpaelzer> hi lordievader, how are you today?
<lordievader> Doing good here, got coffee :)
<lordievader> How are you today, cpaelzer?
<cpaelzer> now cofee, but good for me
<cpaelzer> s/now/no/
<cpaelzer> I (amost) never drink coffee
<cpaelzer> still on single digit numbers for all of my life
<lordievader> How do you cope with monday mornings?
<lordievader> :P
<cpaelzer> in bad mood :-)
<hateball> s/monday//
<peetaur2> any solution to this? I want to install openjdk-9-jdk ... which also pulls in openjdk-9-jdk-headless which has a file conflict with openjdk-9-jdk... a catch-22
<peetaur2> https://bpaste.net/show/0a921b91e44d
<peetaur2> jdk8 apparently works
<peetaur2> hah this bug is 1 year 6 months old and still not fixed  https://bugs.launchpad.net/ubuntu/+source/openjdk-9/+bug/1550950
<ubottu> Launchpad bug 1550950 in openjdk-9 (Ubuntu Xenial) "package openjdk-9-jdk 9~b102-1 failed to install/upgrade: trying to overwrite '/usr/lib/jvm/java-9-openjdk-amd64/include/linux/jawt_md.h', which is also in package openjdk-9-jdk-headless:amd64 9~b107-0ubuntu1" [Medium,Confirmed]
<peetaur2> but says fix released 2016-04-23
<tomreyn> peetaur2: unless you need the other packages, you could just install openjdk-9-jdk-headless
<peetaur2> tomreyn: I tried just that one, and to my great surprise, it had things like javac, but not java .... what kind of package is that? :D
<peetaur2> so now I just installed jdk8 ... if that's no issue, it doesn't matter which version I have
<peetaur2> I'm not a fan of ignoring conflicts like suggested in the lp ...because then it'll happen each update probably
<tomreyn> peetaur2: right, i wouldn't wan to need to deal with the recurring issue either
<tomreyn> *want to
<tomreyn> if the version doesn't matter then going with openjdk 8 is probably your best choice
<tomreyn> note that the openjdk-9 packages are in universe whereas openjdk-8 is in main
<tomreyn> so they have different support levels, openjdk-8 is supported, openjdk-9 only receives community support, if any.
<peetaur2> maybe that's why they didn't fix it after 1.5 years
<peetaur2> is universe like a community repo?
<tomreyn> https://help.ubuntu.com/community/Repositories/Ubuntu
<tomreyn> yes
<tomreyn> by default you only have the 'main' repository enabled, so you must have chosen to enable universe (hopefully after reading about its support status)
<peetaur2> I dunno about that... I find that on ubuntu installs, it adds everything
<peetaur2> but that's another reason to choose jdk 8
<cpaelzer> nacc: fixed up the nut upload, please re-review and sponsor if you agree
<cpaelzer> nacc: were two rather nasty build issues triggered by the toolchain switch
<bonhoeffer> i'm getting an ERR_CONNECTION_TIMED_OUT -- apache2 is running -- plenty of ram/cpu -- anything else i can check?
<bonhoeffer> nothing can connect to my server
<bonhoeffer> i can ping it -- but no web access
<peetaur2> bonhoeffer: first check lsof to see if it's listening and to what interface...then stop apache and test with netcat on that port and interface... then check firewall etc. until netcat works, then try apache2 again
<bonhoeffer> excellent -- thanks for the options
<ahasenack> is this an artful gcc7 issue:
<ahasenack>  /usr/include/KF5/AkonadiCore/std_exception.h:1:10: fatal error: /usr/include/c++/6/exception: No such file or directory
<ahasenack> ?
<oerheks> !info gcc-7 artful
<ubottu> gcc-7 (source: gcc-7): GNU C compiler. In component main, is optional. Version 7.1.0-13ubuntu1 (artful), package size 30535 kB, installed size 124399 kB
<oerheks> ahasenack, you might want to reask in #ubuntu+1, artful is not released yet
<ahasenack> it's an autopkg test on kdepim, which was triggered after my cyrus-sasl2 upload to artful
<ahasenack> xnox: remember that is_systemd_running check we talked about yesterday
<ahasenack> xnox: it seems a pattern spread all over the place
<ahasenack> like https://omega.ict.waw.pl/external/openvpn/blob/8ee5646111625c598efbc82413649b1ab6275877/misc.c#L1402
<funabashi> hey guys if a file looks like .csv: ASCII text, with very long lines. it makes new lines. how can i change so it shows full lines?
<Pici> funabashi: how are you trying to view it?
<funabashi> Pici: cat
<Pici> funabashi: well I'm pretty sure that cat will always wrap.  Use  less -S  on your file instead
<funabashi> Pici: yeah less -S works. but how if  i want to do awk and grep for stuff ?
<funabashi> less -S file >newfile ?
<Pici> funabashi: cat won't insert newlines when sending to awk/grep... also both awk and grep will accept filenames as arguments
<funabashi> Pici: less -S file |grep domain doesnt look good
<Pici> funabashi: grep domain file
<funabashi> Pici: then it get new lines instead of one full line
<nacc> cpaelzer: re: nut, that seems worth an email possibly to ubuntu-devel?
<cpaelzer> nacc: please convince me - why would that be ubuntu-devel?
<cpaelzer> because it is gdc fallout?
<cpaelzer> gcc
<nacc> cpaelzer: yeah and possibly affecting other packages?
<nacc> cpaelzer: as in anything that relied (even implicitly) on the old behavior?
<cpaelzer> hmm true - in an FYI sense that makes sense
<nacc> yeah
<cpaelzer> let me summarize and send something
<nacc> cpaelzer: thanks, probably not super-urgent
<nacc> but if it's fresh, good to do now
<cpaelzer> but might fit between now and the meeting :-)
<cpaelzer> and the exim4 test
<cpaelzer> arr time ...
<nacc> heh
<cpaelzer> nacc: resumit open as https://code.launchpad.net/~paelzer/ubuntu/+source/nut/+git/nut/+merge/329119
<nacc> cpaelzer: thanks
<GreenRob> Hi.  I need to disable unattended *kernel* updates on my ubu server -- specifically, anything that gets written/added/modified in or under /boot.  I'm "PrettySure(tm)" that I need to modify /etc/apt/apt.conf.d/50unattended-upgrades for that?
<GreenRob> Mine atm includes: https://pastebin.com/raw/1hQkz60z
<GreenRob> Is this the right place/method?
<drab> GreenRob: it is
<drab> looks at the section under "Unattended-Upgrade::Package-Blacklist"
<drab> it sounds like that's what you want
<drab> adding kernel packages to that list
<GreenRob> drab Oh, so blacklist rather than disable one of those allowed-origins?  overkill, I guess?
<drab> either, it just depends how fine grained you wanna get I guess
<drab> I mean, some people just uninstall unattended-upgrades altogether
<drab> if you change the origin you're probably going to miss out on all updates (if you take that out)
<drab> which may or may not be what you want, it really just depends on the results you wish to achieve
<GreenRob> drab: Ok, will read up.  If I want to stop unattended-upgrades altogether, what's the right way -- REALLY uninstall it?  'hold' it? other?  TBH, I'm vigilant about checking my server, and would prefer to simply do it myself.  Wasn't sure how smart that is.
<drab> if you are not using it there's no reason to have it installed, ime having stuff laying around that's not doing anything just creates opportunities for future problems
<drab> so I'm always for keeping things to the min necessary for the results and nothing more
<drab> results wanted*
<GreenRob> I stumbled onto this issue when I was out of country, and away from this server, for 2+ months.  'unattended-updates' filled up my small/dedicated /boot partition, and I was getting "disk @ 92%" emails every few minutes for those 2 months ...
<GreenRob> great, sounds like an uninstall for me ...
<drab> whether in this specific case it's the smart thing to do, I'll leave that up to you, I don't know you and I don't know your setup and what you are trying to achieve
<drab> ok, in that specific case ime you're solving the wrong problem
<drab> you're getting rid of something that keeps your ssytem up to date because you have a boot partition that sounds far too small and or not managed/pruned as it should
<xnox> ahasenack, that's the old check that got replaced upstream....
<xnox> ahasenack, this too need fixing.
<drab> so in your shoes I'd rather fix the problem, ie correctly manage automatic upgrades, rather than getting rid of automatic upgrades
<GreenRob> worth some further though. thx!
<drab> but that's of course just me and my experience, it doesn't mean it's the right thing
<GreenRob> thought, even
<drab> older kernels are left behind because the new one may now work, so it's for a good cause
<drab> so you can reboot into an older kernel if the new one doesn't work
<drab> and unless you tell it to do so , unattended upgrades won't reboot the machines, so new kernels (and their boot files) keep piling up
<drab> also the kernel upgrade at that point it's useless becasue you haven't rebooted and so no change has taken effect
<drab> if you can get a larger boot so that you have enough space to get to it before you start getting alerts, that's probably the best fix
<drab> otherwise I think a good middle way would be to just disable kernel upgrades and do those manually, since you need to reboot anyway
<drab> that way you still benefit from daemons being patched for security and whatnot as needed without you having to do stuff
<drab> brb
<GreenRob> drab: AFter ur suggestions, and a bit more reading, I'll try the selective blacklisting for awhile.  The /boot parts (on VMs, so trying to keep 'em thin), are currently 500M.  I'm cool with keeping current/last running kernels ... just in this particular case, I ended up with several updated, but not yet installed, kernel update.  Fille up space ...
<drab> GreenRob: makes sense
<xnox> ahasenack, i can ask security team to do a archive wide scan.
<GreenRob> drab: Yeah, I've blacklisted a few pkgs in addition to kernel ... mainly those that require a reboot.  Will see how this works.  Worst case I suppose is that I have to manually update/upgrade, which is my intention/practice anyway.
<drab> GreenRob: you may want to look into apt-listchanges if you don't have that already set up
<drab> it's the next best thing to setting up a reminder on a calendar to run a check :)
<GreenRob> thx
<nacc> cpaelzer: fyi, i *think* our nut repo was out of date. So i'm refreshing it manually now. It might mean your prior upload tag won't get pulled into the history, but the new one should
<DammitJim> do I need to be creating conf files for systemd service units?
<DammitJim> how come say tomcat8 on Ubuntu 16.04 doesn't create them and just relies on systemd to figure out to look in /etc/init.d?
<drab> DammitJim: some services have simply not been migrated, it's a work in progress afaik, but autodetection works in all the cases I've had to deal with
<drab> not sure about tomcat tho, don't use it
<DammitJim> drab, got it... but the safe thing to do is to start creating those conf files, right?
<DammitJim> I don't know why an old /etc/init.d/ file wasn't being recognized by systemd to start it
<drab> DammitJim: not necessarily no, if the autostuff does the right thing it's not an issue. if it doesn't work then the problem should be filed as a bug upstream since one way or the other it should work
<drab> the user should not need to create service units
<drab> to start standard daemons installed from packages at least
<drab> of course if you have custom stuff you'll have to
<DammitJim> oh ok, I think that's working
<DammitJim> I guess I'm concerned about the stuff I've created and it's not working by just existing on /etc/init.d
<DammitJim> Thanks!
<sdeziel> DammitJim: maybe your init script is simply not enabled? You can check with: systemctl is-enabled nameoftheinitscript
<nacc> cpaelzer: ah ok, so the linter is correctly complaining about your branch, because it is based off of artful, but branched off of zesty
<nacc> so by passing --target-branch pkg/ubunut/artful-proposed (or artful-devel), i am able to make it pass
<nacc> cpaelzer: just for reference
<nacc> cpaelzer: i think you found a bug in the linter -- we want d/changelog distribution to be checked against the branch targets
<nacc> *target
<nacc> LP: #1711174 filed
<ubottu> Launchpad bug 1711174 in usd-importer "git ubuntu lint: changelog distribution should be checked against target branch" [Undecided,New] https://launchpad.net/bugs/1711174
<nacc> ahasenack: around?
<ahasenack> nacc: yep
<nacc> ahasenack: have time for a brief HO?
<ahasenack> sue
<ahasenack> sure*
<nacc> ahasenack: standup ok?
<ahasenack> y
<nacc> ahasenack: thx
<hashwagon> I have an ubuntu 16.04 system that randomly went completely unresponsive and had to be manually rebooted. What logs should I look at? Isn't journalctl cleared after each reboot?
<drab> hashwagon: by default, it is, yes, /var/log/syslog will have stuff tho
<hashwagon> thanks, drab
<nacc> hashwagon: you can make journal persistent
<nacc> hashwagon: which some might argue is quite useful :)
<drab> nacc: is there a value since everything is saved to syslog anyway?
<drab> I never quite got the point
<drab> nicer tooling to work with to inspect logs?
<nacc> drab: yeah, i think it's mostly that
<nacc> drab: journal & systemd interact
<hashwagon> I see. Thanks for the options guys.
<nacc> so if you're debugging, say a boot failure, you want the journal often, to help report the bug
<nacc> and unless you have a serial console, it's not always easy to get to
<ahasenack> nacc: pushed
<nacc> ahasenack: thanks
<nacc> ahasenack: perfect, and you can, i think, see how the next merge, will be able to drop both those commits as gone from the old delta
<ahasenack> cool
<nacc> cpaelzer: thx for the ubuntu-devel post, it might be affecting snapd too (brought up in #snappy)
<cpaelzer> nacc: yw, thanks for the hint - I'd have no highlight on my real name :-)
<cpaelzer> nacc: I only spun forward the former branch we had
<cpaelzer> nacc: glad that is one more thing we can sort out
<cpaelzer> I'll subscribe to the bug
<cpaelzer> nacc: actially ipxe is very likely done now
 * cpaelzer trying to sync
<cpaelzer> yep looks good
<Epx998> How can I track down which apt repo I need for a package?
<drab> Epx998: https://packages.ubuntu.com/
<drab> do a search there
<Epx998> i broke apt somehow ugh
<drab> but if it's a standard package I don't see how you don't have it already
<drab> unless it's some kind fo really strict install without verse
<Epx998> im working on a apt module in puppet and somehow im missing a repo i guess
<Epx998> not sure how
<drab> not sure what that means, if you can paste an error that'd help
<drab> if you want more help with it, that is
<Epx998> drab: we mirror apt repos locally, so our builders dont touch the internet.  We use puppet to manage configuration during a post install, i've been moving my source files to the apt module in puppet and appearently i missed a devel i guess
<drab> ok, we do the same here except s/puppet/ansible/
<drab> we have mirrors + an internal repo for our own pkg stuff
<Epx998> i have no idea how i lost this repo tho, everything is in there
<sdeziel> Epx998: there is always the clientbucket to look for old files overwritten by puppet
<Epx998> i have more originals in puppet still - but i cant see whats missing
<Epx998> very odd
<sdeziel> Epx998: if you have another box with the package installed, you can check where it's coming from with apt-cache policy
<Epx998> hmm explains the extra apt key i had
<Epx998> ok this is weird
<Epx998> https://gist.github.com/anonymous/96e9be2f1f87b38b90de495bb383c9e0
<sdeziel> any pinning?
<Epx998> not sure what that is tbh
<sdeziel> those priority at -10 would seem to imply pinning
<Epx998> in the apt module its -10
<Epx998> ive never used pinning, it was just a default entry in the module
<sdeziel> the puppetlabs-apt modules doesn't apply any pinning by default IIRC
<Epx998> their full example for adding a source to hiera does
<sdeziel> maybe you don't need that section then
<Epx998> ill remove and see
<nacc> cpaelzer: yeah, it is, sorry
<nacc> cpaelzer: was afk for a bit
<Epx998> same problem seesh hmm
<Aison> hello, systemd networking.service is only required when using the systemd own network config files, not?
<Aison> the strange thing is, this service fails at startup and is also listed as failed by systemctl
<Aison> but the network works without any problems
<sdeziel> Aison: try looking at journalctl -u networking.service, maybe that will hint you into what caused the issue
<Aison> sdeziel, http://paste.ubuntu.com/25327635/
<Aison> strange thing, because these devices are up
<Aison> and working
<Aison> maybe I should switch from network/interfaces to .netdev .network files anyway
<sdeziel> Aison: you could check what's up bond0.{1,2,101}: journalctl -u ifup@bond0.1
<drab> Aison: if you do, and managed to, I'd love to hear about it. I thought that would have been the right way [tm], but it just quickly turned into a nightmare so I set up all my bonds with network/interfaces
<drab> or I should say, I looked at networkd, not .netdev .network, I guess those are different things
<JaguarDown> I am at a loss. Set up apache2 with most basic config possible using ubuntu-server documentation. Firewalls are open, ports are forwarded. HTTP works great on port 80, but can't test HTTPS cause I can't connect on 443 from the internet. (works on LAN)
<JaguarDown> using lets encrypt SSL
<Walex> JaguarDown: 'tcptraceroute ... 443'
<JaguarDown> standby one houston
<JaguarDown> While we're waiting, as a side note, 443 UDP to an OpenVPN server works perfectly over the internet
<JaguarDown> on same box
<JaguarDown> So after about the 7th hop it gets lost and says "Destination not reached" (sorry I am networking newbie)
<hehehe> hi
<hehehe> find ./ -type d -exec chmod 750 {} \;
<hehehe> this suppose to change all dirs to 750 recursively?
<hehehe> for some reason 1 directory stays 755 lol
<JaguarDown> I think it's getting blocked by the isp...
<tomreyn> JaguarDown: either the ISP or the destinations' firewall. you can stop the service there and run 'nc -vv -l 443' then on the client 'nc -vv ... 443' where ... is the servers' ip address.
<tomreyn> both client and server should report when a connection is established this way.
<hehehe> ok just have to click refresh in FireZilla
<JaguarDown> tomreyn: it says DNS fwd/rev mismatch. my DNS is dynamic but why would that be a problem for tcp 443
<JaguarDown> says the same thing for 80 though and 80 works
<tomreyn> JaguarDown: it's not a problem
<JaguarDown> This is strange, never had a problem opening and forwarding any other ports
<JaguarDown> I know the port forwarding is a non-issue as it works in LAN but something is blocking it. When I trace the route both 80 and 443 show the same IP on the last hop but 443 just doesn't reach the destination. I'm assuming that last IP is my ISP
<tomreyn> JaguarDown: and you're sure you're hitting the correct ip? since you're saying your 'DNS is dynamic', i assume you mean your servers' IP address is dynamically assigned and will change over time.
<JaguarDown> yeah ddclient is updating it, and again the same website using http on port 80 works
<JaguarDown> gotta go bbl
<bonhoeffer> i can't get any response from my server -- httpd (apache2) is running, but i get a timeout -- after a long time -- any troubleshooting options
<bonhoeffer> i'm thinking about setting up a basic webserver to see if a firewall is blocking traffic -- i can ping out
<bonhoeffer> and i can ping the server
<bonhoeffer> i have lots of ram and processor available
<xnox> ahasenack, http://paste.ubuntu.com/25327289/
<bonhoeffer> any other troubleshooting steps available?
<nacc> xnox: nice
<nacc> bonhoeffer: can you locally on the server?
<bonhoeffer> sorry --
<bonhoeffer> the result of lsof -i TCP:443 is empty
<bonhoeffer> nacc: can i do what locally?
<nacc> bonhoeffer: can you ping / curl / wget from your server locally
<nacc> bonhoeffer: `netstat -pan | grep 443` is typically waht i use. Although if 443, I assume that means you have set up SSL , etc.?
<bonhoeffer> i'm on a chromebook -- but i have two different vm's open -- i can ping both ways
<nacc> bonhoeffer: rather than port 80 that is
<hehehe> shady coders
<nacc> bonhoeffer: ping seems like an odd choice
<hehehe> hi folks
<Epx998> yo
#ubuntu-server 2017-08-18
<hehehe> solved
<cpaelzer> good morning
<jnollette> howdy
<lordievader> Good morning
<TafThorne> morning
<lordievader> Hey TafThorne, how are you doing?
<TafThorne> TafThorne: OK thank you.  Busy, busy, busy at work but that is better than having nothing to do.  How are you?
<lordievader> Doing good here :) Busy too.
<cpaelzer> Hi TafThorne, nice to see you again
<cpaelzer> the day we are not busy will be boring
<cpaelzer> so embrace it the way it is :-)
<TafThorne> TafThorne: Hi.  I am often around, I just do not have much to say.
<lordievader> TafThorne: You know, you don't need to mention your own name ;)
<lordievader> s/name/nick
<TafThorne> ops, that was meant to be a cpaelzer: :-D
<TafThorne> TafThorne: Feels as if he should address statements  about TafThorne in the third person to help him stand out.
<cpaelzer> hehe
<necrophcodr> I'm not sure if this is the right place or not, but I am looking for a way of reading a LOT of files and applying programmatic rules to them. Is there an application that is suitable for this task?
<necrophcodr> We're talking millions of files ranging from few bytes to gigabytes. The rules I'm looking to apply are for determining wether the files contain specific sequences or strings matching regular expressions, but also on file metadata such as site, filetype even, and so on.
<TafThorne> necrophcodr: grep will do that.
<rbasak> powersj: that's great. Thanks!
<TafThorne> necrophcodr: I am not saying it is fast and when you start talking about filesystems with multiple GB of data you begin to find other interesting issues.  You might benifit from using GNU parallel to run your grep inside.
<necrophcodr> TafThorne, grep won't do that unfortunately. Grep will go some of the way, but it will also take too long.
<TafThorne> necrophcodr: it and sed will so that but it will take along time.  If your list of files is static you can save some time by getting "cached" lists of the filesystems and diving up the jobs and so forth.
<necrophcodr> I think it's about 200GB of mixed data, and it's currently taking around 6-8 hours, depending on the data.
<necrophcodr> That's using yara for the file matching, but it's not doing a great job.
<necrophcodr> The filelist is not static unfortunately. I could probably run some jobs in parallel, but grep is out the window.
<necrophcodr> I guess technically I could use grep but the amount of work to have it match all of our hundreds of rules would take a long time to implement properly.
<TafThorne> necrophcodr: At my old job, that would be a small filesystem.  Buy a BlueArc or a HDS HNAS :-D  More seriously though, is this all stored on a single linear access disk?  Does the system doing the search (and edit?) have lots of RAM to store things in cache?  Is the disk networked or directly connected via SATA, eSATA, USB?
<necrophcodr> It's on a VM that's on a SAN system, and there's more than 100 of these servers with that kind of storage that I need to scan preferably in less than 5 hours per server.
<necrophcodr> And as I mentioned, the file list is not static, nor is the content.
<TafThorne> necrophcodr: Sounds like a horrible problem to solve.  Can you scan the files on creation and keep a list of hits?   Can you determine modified files since your last scan to make it so you just re-run your results?
<necrophcodr> Those are all optimizations for later, I don't have a proper scanning system yet, which is what I'm looking for.
<TafThorne> necrophcodr: The short answer is that I know nothing that will do that for you.  A server with a 100GB of RAM and direct storage access should not take that long to crunch the data.  You cannot always throw hardware at it though.  Sorry I cannot be of more help.
<necrophcodr> I'm okay with having to develop one myself as well, but I'd need some idea of what to use, and I'm a bit stumped atm.
<necrophcodr> TafThorne, it's no problem, I'm glad I got a quick response! That's not usually the case on some of the irc channels i frequent.
<necrophcodr> And I can surely determine modified files and so on, that's part of the plan as well, but it's not yet feasible to do. It might turn out to not be a feasible optimization anyway, I'm not sure.
<necrophcodr> Oh, and determining the modification might not be possible with a date alone either, as the data can change but the metadata might be re-written to it's original state, so even the modified date could be reset.
<TafThorne> necrophcodr: doodle?
<necrophcodr> TafThorne, what do you mean?
<TafThorne> necrophcodr: You are welcome to the quick response. Just happened to be a topic I had some scant knowledge of.
<TafThorne> https://linux.die.net/man/1/doodle
<TafThorne> necrophcodr: I did some Googling and it suggested you might want to do some doodle(ing).
<necrophcodr> TafThorne, thanks, but it doesn't allow me to set up complex rules
<necrophcodr> I'll look into what can be done to do complicated rule matching on individual files at high performance
<lordievader> You might want to write some perl script for that.
<lordievader> Perl is great at doing regex stuff.
<TafThorne> necrophcodr: There are some possibilities in https://askubuntu.com/questions/29483/software-for-text-search-in-files too I think.
<TafThorne> necrophcodr: doodled, the doodle daemon might do a lot of what you want https://linux.die.net/man/1/doodled  Initial indexing would probably be a pain but things might be OK afer that.   Although I can see the caviate that doodled " uses libfam and is thus limited to monitoring less than 1024 directories for changes" which might make it not suitable for you.  Manually re-running the stnadard `doodle -b <path_to_index>` does not include such a lim
<TafThorne> Looks like a helpful command.  I'll probably make a lot of use of it.  Nice when trying to help others leads to learning sometihng useful for yourself.
<Raboo> If anyone here is a junior sysadmin in Stockholm that is looking to change job, PM me..
<hateball> :o
<docmur> Hey guys, I'm trying to setup logstash and filebeat, when I run filebeat I'm getting ERR Failed to publish events caused by: read tcp 192.168.154.155:49128->192.168.154.168:5443: i/o timeout
<docmur> I have the iptable entry to forward 5443 to the server from the client
<docmur> I've disabled my firewall to test
<docmur> and this is set net.ipv4.ip_forward=1
<drab> docmur: have you tried to tcpdump at dst? do you see any traffic at all?
<docmur> Doing that right nw :)
<drab> :)
<docmur> Yep the dest is getting what it needs
<drab> ok, what about tcpdump on client? does it see any traffic back?\
<drab> it may be a problem of SNAT
<drab> in fact, what does dst see the traffic as coming from?
<docmur>  IP 192.168.154.155.49148 > elk-master.5443
<docmur> and the port from the src is changing
<drab> eeer, that makes no sense... I was gonna say, ip looks ok, but yeah if the return pkts go to the wrong port that is indeed not going to work
<drab> can you pastebin your nat/fw rules?
<docmur> Ha, I was just going to do that :P https://pastebin.com/1dK7ik76
<drab> but yeah, also tcpdump on the client would be good, just to see if it sees the return traffic
<drab> (even if it ends up discarding it because of unmatching port)
<docmur> Ya no traffic on the client :( at port 5443 at least
<drab> you mean the filter is source port 5443?
<docmur> ya tcpdump port 5443 on the client I'm sending the logs from
<drab> what if you tcpdump for the dst host's ip?
<docmur> I might see the issue actually
<docmur> I think it's a host name configuraton issue :S
<docmur> I just saw this
<docmur> IP elk.domain.net.5443 > 192.168.154.155.49164: Flags [S.], seq 4047232613, ack 332584761, win 28960, options [mss 1460,sackOK,TS val 16123230 ecr 3165914291,nop,wscale 7], length 0
<docmur> it should come baack from elk-master
<docmur> I thin kthe domain is mismatched
<drab> mmmh, maybe, maybe not, if the ips are correct and there's no PTR verification or other TLS thing where the cn must match, then it shouldn't matter
<drab> what if you run tcpdump without dns resolution?
<docmur> ya that was't the issue
<drab> so the client, the fw and the elk-master are 3 diff boxes? on 2 diff networks?
<drab> can you share a little more about that pls
<docmur> So the client is the server itself (192.168.154.155), the elk setup is on a VM (192.168.154.168), I'm doing the routing on the server to the  VM
<docmur> The firewall is off right now on the serfver, I'm just using the iptables
<drab> the VM is on the same server?
<docmur> yes
<drab> so basically everything on the same hw box, correct?
<docmur> It's network interface is routed via br0
<docmur> yes
<drab> I'm confused, why do you need iptables? aren't the VM and the server on the same subnet? ie, can't they talk to each other?
<drab> oh, I think I see a possible problem
<docmur> There are other VM's that don't come into play that I'm routing to, so I added the rules to route the elk server ports.
<drab> docmur: look at your iptables, the SNAT part, shouldn't the POSTROUTING have a -s 192... you have -d
<drab> so the postrouting is not matching
<drab> at least if I remmber my iptables right, which I may not
<drab> don't mess with that stuff as often anymore
<drab> docmur: you can verify with counters, just do a -L -v with iptables and see if the numbers are incrementing as traffic is fired off, they shouldn't if there's no match
<drab> or just try to change to -s and see if it works :P
<drab> also it's not --dport at that point, it's a source port
<docmur> oh okay
<docmur> changing it to -s didn't seem to work
<drab> docmur: yeah chjange the --dport to --sport too
<docmur> Just did that, trying it now
<docmur> Didn't work :S
<docmur> I might try the logstash forum
<docmur> thanks for your help :)
<drab> to be sure since it's all on the same server, the server isn't considering the elk router's ip as local, is it?
<docmur> ip r gives
<docmur> 192.168.154.0/24 dev br0  proto kernel  scope link  src 192.168.154.155
<docmur> so now
<drab> that's it? no default route?
<docmur> default via 149.56.240.254 dev eth0 onlink
<docmur> My default is the external ip
<drab> k
<drab> do you have any other rules in the fw?
<docmur> it's off right now actually just to be sure it's not cauing an issue
<drab> so what I'd do to rule out any other problems is to just test with netcat
<docmur> kk
<drab> stop elk for a second, start netcat in listening mode on the server
<drab> and fireoff the client
<drab> using the same port on the server of course so that the firewall rules get tested
<drab> and you can run iptables -L -v -t nat before and after running netcat
<drab> and see if the counters have changes, ie if pkts went through those rules
<docmur> doing that now
<drab> btw I'm assuming that for other things connectivity with that box work just fine, correct? ie you can ssh to the VM from the server or something
<docmur> I can ssh to it, telnet to port 5443, I can access it's webportal ,etc...
<docmur> The pkt counter is going up, about once per 30 seconds
<drab> tbh I'm still not really understanding why iptables is involved...with that routing table/net scenario a pkt for 192.168.154.168 will be routed through the bridge where the VM's interface is also listeinng on and it'll just pick it up
<docmur> I culd remove it but that problem doesn't go away.  I have other VM's that are listening for an external port, which is why I have them in the first place
<drab> oh, I see, I didn't get that, this is just a testing setup
<docmur> Anyway, thanks for the help, I posted on the logstash forum
<drab> k, let me know ifyou figure it out, I'm curious now :)
<docmur> ya I'll totally post the solution :)
<drab> if you can test with requests from an ip outside of that network, I think it may shed some light on it
<drab> something I still have a feeling part of the issue is the contrived example
<drab> the other thing you could do is to setup another VM on say 192.168.153 or whatever, and use that as a client
<ahasenack> ah, lovely whitespace delta
<ahasenack>  Suggests: libnss-ldapd | libnss-ldap $
<ahasenack> (output of cat -vet)
<ahasenack> and here I was scratching my head why a patch wasn't applying
<ahasenack> - Suggests: libnss-ldapd | libnss-ldap
<ahasenack> + Suggests: libnss-ldapd | libnss-ldap
<sarnold> set list   and   set listchars=tab:\ \ ,trail:$   in ~/.vimrc can make those stand out
<ahasenack> nice
<hehehe> hi
<hehehe> desktop wfi doez not work
<hehehe> lol
<hehehe> connects and nothing
<hehehe> works on a phone
<tomreyn> and that is an #ubuntu-servertopic because?
<michr> Hey guys, quick question -- our VPS has been going down intermittently throughout the day for 5 minutes at a time
<michr> Is there anything I should be looking for to track what's causing the outage
<sarnold> logs on both endpoints?
<sarnold> oh VPS not VPN.. uh..
<sarnold> logs on the VPS? :)
<hehehe> fixthatshit.com
<hehehe> :)
<michr> I've looked at the logs and we're getting spikes of traffic, which is causing some of the requests to go into a queue, and that's what's pulling our server down
<michr> I just haven't been able to track where the requests are coming from
<hehehe> well beef up server
<hehehe> or host with ddos protection
<michr> I updated it to 4 cores from 2
<michr> it's still having outages, just not as frequently
<hehehe> just see who is flooding you
<hehehe> or its legit traffic?
<michr> could it be possibly that we have malware or spyware that's doing this?
<hehehe> nah
<hehehe> check access.log
<hehehe> and see
<hehehe> stop inventing
<sarnold> it's certainly possible that you've been compromised; maybe the provider would have network usage graphs that could indicate if you're joined a botnet or something similar
<hehehe> seems like many dns servers under attack
<hehehe> hehe
<hehehe> had to switch to fucking google
<hehehe> atm
<michr> I'm checking the access.log now
<sarnold> google's servers have the advantage of doing lookups for 250M users. that means whatever you want is probably already cached.
<sarnold> hot dns servers are happy dns servers
<hehehe>  58.6.115.42 was down
<hehehe> and 43
<hehehe> most issues arent  a hack
<hehehe> its a bug
<hehehe> 99% is bug 1% hack
<ubottu> bug 1 in Ubuntu Malaysia LoCo Team "Microsoft has a majority market share" [Critical,In progress] https://launchpad.net/bugs/1
<hehehe> instant fixes of all
<sarnold> michr: if there's nothing obvious in logs or hosting provider's usage graphs, you could fire up smokeping to make sure it's still online, collect netstat and similar stats periodically, and try to find patterns when it has trouble
<hehehe> dude sarnold sometimesw people simply ddos
<hehehe> or more visitors
<hehehe> seems free dns servers are under attack
<hehehe> :D
<hehehe> comodo is up
<trippeh> a site I operate periodically have 1-2 minute spikes every hour even ~64 cores + cloudflare doesnt fix ;)
<hehehe> cloudfare is shit
<hehehe> its just waf + cdn
<hehehe> and as someone said servers rangers can be determined easily
<hehehe> for ddos etc
<trippeh> for most setups, yes
<trippeh> people leak addresses everywhere
<hehehe> you can use aws they got waf too now  :D
<hehehe> cheaper
<trippeh> most ddosers never get to that stage however
<hehehe> wtf
<hehehe> why are they so dumb lol
<hehehe> well in fact I met police today also not much smarter
<hehehe> :)
<hehehe> so ye its cool
<hehehe> I think soon I will simply use ram only cd r  os and keeppasx on air gapped phone
<hehehe> dont have to worry about browser exploits etc :)
<trippeh> we had to blacklist a ton of datacenter/VPS operators, so many abusive bots
<michr> @sarnold, @hehehe thanks guys. Gonna try to see if I can figure out what the heck is going on here
<trippeh> too bad about people rolling their own vpns
<hehehe> michr:  post access.log here
<sarnold> michr: good luck
<hehehe> also do u have fail2bank
<hehehe> fail2ban
<hehehe> and which firewall you use?
<hehehe> did you check syslog and firewall log?
<hehehe> I have to say I am pretty new to linux, just applying common sense
<hehehe> trippeh: many people are angry
<hehehe> and been passive agressive they do bots etc
<hehehe> run scripts
<hehehe> it will only get more and more
<hehehe> who dont want to deal with some 0 days :D
<hehehe> as I said before ram only no write access OS like tails or subgraph seems to be sufficient for most desktop users
<hehehe> trippeh:  I wonder whats going on with my box lol
<hehehe>  DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=1843 DF PROTO=2 blocked
<hehehe> and without it dns resolving does not work lol
<hehehe> emm
<trippeh> thats just multicast, and you prob have mdns enabled
<RoyK> just allow multicast in ufw
<RoyK> it won't hurt you
<hehehe> cool
<hehehe> I usually allow 53 80 443
<hehehe> thats it :D
<RoyK> well, multicast is a set of addresses on ipv4 and ipv6, not port numbers
<RoyK> something like ufw allow to ff00::/8
<RoyK> and similar to 224.0.0.0/4
<RoyK> those won't cross a router boundary without igmp snooping
<hehehe> ty
<hehehe> sudo ufw allow out proto tcp to 224.0.0.1 + udp works now
<hehehe> also folks any ideas how to figure site hidden api?
<hehehe> my next project :)
<RoyK> no idea - pretty vague question
<hehehe> 1 moment and I will solidify it
<hehehe> it seems to be client side js site
<hehehe> http://www.gregreda.com/2015/02/15/web-scraping-finding-the-api/
<hehehe> :)
<hehehe> well I guess I just to read output more carefully
<hehehe> :D
#ubuntu-server 2017-08-19
<braziercustoms> ok again I have spent days looking, 16.04 + Conjure-up  Havent been able to launch any instance I get  [Error: No valid host was found. There are not enough hosts available.].
#ubuntu-server 2017-08-20
<NginUS> Which OpenVPN installation tutorial should we be using for 16.04? I see 4 different ones that all seem (semi) official. https://ð»ð.ws/â¤µââ¿
<Hexian> hey guys, I have a major intermittent issue which is affecting real time services on my Ubuntu 16.04.1 box at random times
<Hexian> I'm using netdata on the box to monitor a massive number of stats, and what appears to be happening is Ubuntu is randomly swapping in memory from disk for one of the real time process instances
<Hexian> the box is uses an average of 50% CPU and 30% of 32GB ram, so it should have absolutely no reason to use a swap file for these 3 important processes which each use only around 10% of system memory
<Hexian> does anyone have a solution for me? it seems like it is not possible to explicitly tell Ubuntu to never use swap memory for these specific processes
<Hexian> every time it swaps a chunk of memory for no reason what so ever, it cause a IO wait queue which locks up my real time processes from anywhere from 500ms to over 30 000
<Hexian> it seems like my only option is to disable the swap file completely on the entire box... I'd really like to avoid doing that if possible
<tomreyn> Hexian: you could reduce swapiness, but this also affects all processes
<tomreyn> if I/O blocks for up to 30s due to swap in then something else seems to be wrong, though
<Hexian> tomreyn: that wouldn't guarantee that the real time processes avoid swapping though, I'm not sure why there is swapping with 30% system ram usage though
<tomreyn> what is swapped in must have been swapped out before, try to understand why it was swapped out at all.
<Hexian> I guess it doesn't matter what process is doing the swapping, if any process swaps large pages, it's going to cause a IO wait queue and lock up any of my real time processes that happen to be reading from disk at the time
<tomreyn> it should not actually lock them up, just slow their reads down
<tomreyn> are you using HDDs or SSDs or something else for storage?
<tomreyn> any hardware or software RAID?
<Hexian> I've had this issue intermittently since I got the box, these processes don't even write to disk but use a ram disk for persistence to avoid writes
<Hexian> the weird part is, the issue is not bad enough to cause a serious problem every week
<Hexian> it can happen a massive amount one day, and then not even be noticeable for the next week
<Hexian> I've been trying to solve this for months now, because when it happens seriously, it's a really major problem for my services
<Hexian> the hard disk is a mechanical sata drive
<tomreyn> i don't think you answered any of the questions i asked.
<tomreyn> i'd suggest you start with performance testing if you haven't done this yet. https://www.thomas-krenn.com/en/wiki/Linux_I/O_Performance_Tests_using_dd
<Hexian> it's not as fast as a SSD or raid setup, but it's not very slow either, and I need very little IO, so it should not be causing a problem
<Hexian> like I said, I'm doing all writes from real time services to a ram disk
<Hexian> tomreyn: I'd need to shutdown all my services to do that, but what exactly would it accomplish?
<Hexian> I know that the hardware isn't slow
<Hexian> I deploy updates every week which involves copying ~6GB a few times
<drab> NginUS: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
<RoyK> rotating drives are slow
<drab> NginUS: I used that one
<drab> NginUS: worked for me right away
<NginUS> drab: thx
<Hexian> RoyK: like I said, I'm using virtually no IO at all, I don't even do writes to the disk...
<Hexian> the disk is very fast for what I need it for
<RoyK> Nefertiti: how do you monitor the system?
<Hexian> the only time I have an issue is when Ubuntu random swaps huge pages for no reason
<tomreyn> Hexian: okay i guess the disk I/O should not matter (except for swap) if your applications only write to / read from RAM disks.
<Hexian> the applications read from disk at times, and that is the issue
<RoyK> I thoguht RAM disks was a thing in the ninetees
<Hexian> when ubuntu swaps and causing IO wait, it locks up any process that happens to be reading from the disk at that time
<RoyK> buffering does a good enough job today to stay away from that
<Hexian> and it is a major issue since these processes run on a nanosecond scale
<Hexian> if they lock up for more than a few ms, I have an issue, but this can cause extremely long lockups
<RoyK> Hexian: pastebin sysctl vm.swappiness
<Hexian> RoyK: I started using a ram disk for writes on this box specifically to reduce disk IO and avoid the possibility of IO wait times slowing down these processes
<RoyK> Hexian: most filesystems buffer writes unless they are sync writes
<Hexian> I know that, but the box is still locking up my processes
<RoyK> Hexian: so generally a RAM drive is not needed - it just make things worse after a power failure or similar
<drab> Hexian: how much mem do you have and how big is the ramdisk? if I had to guess I'd say something about the ramdisk is causing the depletion of the available cached memory and that turns into swapping
<tomreyn> maybe your application needs to use a disk read/write thread so that these operations do not cause the rest of the application to stall.
<Hexian> I think this is something specific to newer Ubuntu versions, none of my older boxes have ever had this issue, and they are far lower end than this high end Xeon
<RoyK> well, try without a ram drive first
<Hexian> drab: 32GB ram, 30% used
<RoyK> then debug further
<drab> Hexian: 30% used for ramdisk you mean?
<RoyK> btw, what sort of ramdrive is this? tmpfs?
<Hexian> RoyK: I started using the ram disk months ago already, after months of intermittent issues
<Hexian> drab: system memory
<drab> Hexian: oh, so the issues already existed beforethe ram disk was introduced?
<Hexian> the problem has existed since I got this box, but it comes and goes in severity every week, some weeks I don't even notice it
<drab> ok
<Hexian> which is why it is complete hell to try to solve
<drab> indeed
<drab> intermittent problems are the worst
<RoyK> these things happens at times
<Hexian> today is the first time I noticed that it's swap related
<RoyK> ok, set swappiness to 1
<Hexian> I'm 98% sure that the IO wait times causing my processes to lock up are happening exactly when the kernel swaps out memory pages for no reason
<RoyK> that'll basically turn off swap unless it's strictly needed
<Hexian> or well, swaps in?
<RoyK> where's the swap?
<RoyK> on a slow drive?
<drab> well the question afaik is why it's swapping to begin with
<Hexian> it's on the same disk, but it shouldn't need to be used, that's the point
<drab> at least in theory swap should only occur if the buffer cache is depleated
<drab> and the system needs to load more data than it has available memory
<Hexian> with 30% system memory being used, there is always enough for all needed memory to be in physical ram
<drab> which sounds like a condition Hexian doesn't have
<drab> right
<RoyK> drab: linux swaps a lot if memory is stressed - just reduce swappiness
<drab> RoyK: ok, well, even if just for curiosity I'd like to understand that a tad better... what does "stressed" mean? I've never heard of that
<RoyK> Hexian: did you try to reduce swappiness?
<drab> ime you either have enough mem to fit data read, or you don't and it swaps, but maybe i'm making it too simple
<drab> I don't have a very deep understanding of mem mgmt for sure
<RoyK> drab: well, if memory access is heavy, linux will try to page out things not in use, and it's not always too smart about it
<Hexian> I've set vm.swappiness to 1, I'm going to keep an eye on the box for the next few hours and see
<Hexian> the IO lock ups have been excessive over the last 2 days
<Hexian> while last week there were basically no issues at all
<RoyK> linux likes swap - better use an ssd if you reall need it
<tomreyn> Hexian: i assume oyu have checked dmesg about these lockups?
<RoyK> that is - don't use spinning rust apart from mass storage
<RoyK> just my 2c
<Hexian> my only other idea would be to increase the ram disk size to 8GB and move the ~7GB of data which gets read by the real time processes into ram
<Hexian> that way even if the kernel causes disk wait times, the processes would be reading from ram
<Hexian> the processes only read small chunks from that data infrequently at random times, but if one of their reads happens to be when the kernel is swapping, the effect can be way more extreme than you'd think
<tomreyn> i'd also investigate the smart data of those disks. but you don't seem to have a resilent architecture there (i.e. not HA) so you can apparently not afford this during production.
<Hexian> I guess that's just due to the combination of the slow mechanical disk and the kernels heavy swapping
<drab> this may be what's happening, altho just a guess: https://www.kernel.org/doc/gorman/html/understand/understand014.html
<RoyK> Hexian: you don't need a ram drive
<drab> The casual reader1 may think that with a sufficient amount of memory, swap is unnecessary but this brings us to the second reason. A significant number of the pages referenced by a process early in its life may only be used for initialisation and then never used again. It is better to swap out those pages and create more disk buffers than leave them resident and unused.
<RoyK> Hexian: what sort of application is this anyway?
<Hexian> drab: performance is far more important than reliability for my use case
<drab> Hexian: sure, but that seems to be what it's doing nonetheless, and maybe swappiness to 1 will influence that behavior
<Hexian> as you can hear from me doing writes a ram disk, I'd rather risk losing data in the case of a hardware failure, than have any performance spikes
<drab> of course
<Hexian> RoyK: MMO game servers
<RoyK> Hexian: just setup proper monitoring of the server(s)
<RoyK> zabbix, munin, something
<drab> this may be part of what happened since you said it didn't use to manifest as a problem
<drab> https://kernelnewbies.org/Linux_4.11#head-e391b21340381dfcd6d837a15f8ec890fa1316c7
<Hexian> RoyK: I'm using netdata, it's far better than those solutions
<drab> swap mgmt changed in newer kernels
<Hexian> I can see every possible system stat in real time
<drab> to make it more appropriate for SSDs
<drab> ie the opposite of what you want
<drab> so that may be why you're seeing prbolems now that you didn't use to see, read that link
<Hexian> that does sound like it could be the culprit
<drab> so you could in theory try an older kernel and see if that makes a difference
<tomreyn> or maybe the disk is just dieing
<Hexian> the box is a few months old, I doubt it's a hardware issue
<Hexian> especially since I can have no issues for a week or 2
<tomreyn> that's no measure
<RoyK> Hexian: haven't tried netdata yet - will check - but it seems to be laking support for windows machines
 * RoyK is working on setting up zabbix for monitoring ~300 machines
<drab> RoyK: how od you monitorin windows machines with zabbix? does it have a client for ms now?
<RoyK> the windwows client has been there for years
<Hexian> RoyK: yeah netdata is very linux-specific unfortunately, I'd also love to use it on my windows boxes, but it's really great software, monitors an insane amount of stats in real time, with almost no system overhead
<drab> oh nice, I hvaen't looked at it for years :)
<drab> Hexian: do you do any aggregation/centralization of netdata data? to say influxdb?
<drab> that's what I'm trying to do
<drab> because I want trending over longer periods, not just realtime data
<Hexian> I plan on it in the future, I have less linux boxes right now than I have had in the past, and netdata never used to have any aggregation options available
<drab> yeah, it still doesn't, cavia the plugin to send data elsewhere, which includes influx now, altho graphite is also an option
<Hexian> changing swappiness seems have reduced IO wait spikes so far, but there has been one performance drop on the box which affected all 3 of the real time processes
<Hexian> most of the time when one of these performance spikes happen, it only seriously affects one of the 3 processes, but sometimes it affects 2 or all 3 at the same time
<Hexian> I assumed that was when all 3 were reading from the disk at the same time as a IO wait spike, but now I'm not so sure
<Hexian> I'll have to wait patiently for the spike and see
<Hexian> also, even with swappiness set to 1, these real time processes can spike to over 100 major page faults in 1s
<Hexian> 100 major faults doesn't seem so bad when fail2ban randomly does 16 000 major faults in a second
<Hexian> again, I'm not sure why processes, let lone something tiny like fail2ban are swapping out memory with plenty free
<tomreyn> Hexian: i think drab pointed you to an explanation which he quoted from https://www.kernel.org/doc/gorman/html/understand/understand014.html earlier
<tomreyn> also, unless you only use it for ssh and don't actually depend on password authentication, get rid of fail2ban, it's not needed / just making things worse.
<Hexian> I mean, even with swappiness 1
<Hexian> fail2ban is there just for ssh as there is password authing on the box currently
<Hexian> I don't think it actually causes enough overhead to be an issue, at least from what I've seen
<Hexian> apart from IO wait times, disk reads and major page faults, I haven't noticed anything else which coincides with the performance drops
<tomreyn> overhead is small, but it could be abused to prevent legitimate admins to login if ip spoofing is possible.
<Hexian> the only other thing that can be seen in all the statistics on the box is that the processes affected simply use far less CPU time (or virtually none at all, if they lock up long enough)
<Hexian> from the processes own perspective, it just hard freezes for that period
<Hexian> interesting, I'll read up about that, I wasn't aware of fail2ban exploits
<tomreyn> you could use port knocking instead or expose ssh only on a management network which you reach through a vpn
<Hexian> yeah, options are a bit limited due to the host, but I'll worry more about security of the box once I've solved the intermittent performance issues
<tomreyn> you could also investigate a different io scheduler, but this seems a LOT too far fetched until you have looked more into basics like defective hardware and the like. after all i think you ssaid other systems with identical configurations do not exhibit this behavior, which hints at hardware.
<Hexian> I may end up having to get a new box all together unless I can prevent these massive spikes, but I don't have any good options at this point
<Hexian> well, the other boxes have much older and slower hardware, and much older Ubuntu versions
<Hexian> so there are a lot of possible factors at play
<Hexian> while it could be hardware, I think it's far more likely a software related issue
<Hexian> the other boxes are running Ubuntu server 14.04, I assume a lot has changed between 14.04 and 16.04.1
<tomreyn> okay, that's a lot harder to detemrine with homogenous hardware / software configurations
<tomreyn> sure the Os changed a lot.
<Hexian> indeed, this kind of issue that just goes away for weeks at a time and comes back worse than ever at random times is living hell
<Hexian> it was worse last night than I've seen in like 2 months
<Hexian> but it was even worse at a point 2 months ago
<Hexian> the processes haven't had a single spike since that one big performance drop that affected all 3 earlier
<Hexian> could be hours or days before I see another spike
<drab> Hexian: the easiest thing to try imho is kernel version
<drab> if you recall from earlier, newer kernels have that optimization for swap on SSDs
<drab> if you have older machines with older kernerls and no problems, that could be a good one to test
<drab> just install an older kernel on your new server and pin the pkg and see how it goes
<Hexian> probably worth a try, knowing my luck I'll probably end up with some terrible new issue specific to the older kernel version
<Hexian> I'm not sure that I'd want to use a 3 year old kernel on the new high end box though
<Hexian> but if using an old kernel for a week or two solves the problem, then at least we know it's actually the kernel
<drab> Hexian: well, '3 yrs old kernel', it's all relative, do you actually know what's in the new ones that you need?
<drab> 14.04 will support the kernel with security updates for another ~2yrs
<drab> so it's not like you're gonna run an unsopposrted/crappy kernel
<drab> and that's 3.x vs 4.x, which is where the SSD optimizations for swap were introduced according to that changelog
<Hexian> drab: good point. I don't keep track of kernel changes, but there are some things that I expect may be improved in newer kernels which would be useful, like IO caching and memory deduplication
<Hexian> I've had low level features like those cause performance problems for me with very old kernels in the past
<Hexian> one of the processes just spent 1305 ms waiting on a system call at the exact moment that 10222 major page faults for the process occurred
<Hexian> so even with swappiness set to 1, the kernel is still swapping pages for these processes and causing them to freeze up
<Hexian> interesting that the process didn't do any reads according to stats at that point, so the process presumably locked up for over a second purely due to the major page faults
<drab> Hexian: I'm assuming you're running a real time kernel? (and the sw takes advantage of those facilities, the way it's coded, that is)
<Hexian> drab: I'm not using a real time kernel, even with hosting more sensitive services in the past, it was generally overkill and the increased frequency just added more overhead
<drab> fair enough
<_Xenial_Xerus_> I can make a picture of a walker man going to the F.D.L. with the SDCARD in pocket.
<_Xenial_Xerus_> And a worse case scenario the police beating checkpoints attack find the SDCARD however the passphrase is stored in Man's mind.
<_Xenial_Xerus_> So they hold and torture the man in a skyrise of 'unofficial' gas chambers.
<_Xenial_Xerus_> Man only needs to recall the single passphrase to return to his HOME
<_Xenial_Xerus_> After the cruel and 'now usual' punishment.
#ubuntu-server 2018-08-13
<cpaelzer> good morning
<lordievader> Good morning
<cpaelzer> hi lordievader
<lordievader> Hey cpaelzer, how are you doing?
<cpaelzer> great, I hope you as well?
<lordievader> Yes, doing good :)
<boritek> hello. why is it not possible to istall Ubuntu Server 18.04.1 in Virtualbox?
<cpaelzer> boritek: it should work, what exactly is breaking for you?
<boritek> well i have tried a simpler method now, it seems to work if installing it via virtualbox cdrom
<boritek> it does not work though via network pxe booting
<boritek> and pxe booting is also broken on its own, but I was able to make it boot via some APPEND kernel parameter
<lordievader> Does it kernel panic or something with PXE?
<CheckmateX> Hi can i add message to a blocked ip on .htaccess file ?
<ahasenack> CheckmateX: I don't know, sorry
<blackflow> CheckmateX: what do you mean "add message"?
<CheckmateX> Specified message like go away and not forbidden html message
<blackflow> well you can have a custom 403 page, yes, see "ErrorDocument" directive
<blackflow> not sure if you can vary them per IP. You could with nginx, but I don't know if apache has the ability
<blackflow> unless you use PHP for the 403 page and do the IP-based magick there
<CheckmateX> blackflow echo will not work ?
<CheckmateX> Order Deny,Allow
<CheckmateX>  echo '<h1> blocked </h1>'
<blackflow> from .htaccess? no
<CheckmateX> yes
<CheckmateX> not work echo with me
<blackflow> so why don't you use a custom 403 page?
<CheckmateX> because i want it easy just echo message from htaccess
<blackflow> CheckmateX: you'll have to write a module for that then.
<CheckmateX> blackflow ok i will try the 403 way
<CheckmateX> blackflow should i add the path of the file or not .?
<CheckmateX> ErrorDocument 403 /var/www/html/test.php
<blackflow> CheckmateX: you know what? your echo question got me looking into whether there already are modules and it appears you can actaully specify a custom message with ErrorDocument itself.     ErrorDocument 403 "Go away, or something!"
<blackflow> otherwise the path is an URL that's processed as such.
<CheckmateX> blackflow i've added the option but not working !!
<blackflow> CheckmateX: not sure what you've added, but you can consult the documentation, see what you did wrong:  https://httpd.apache.org/docs/2.4/mod/core.html#errordocument
<CheckmateX> blackflow
<CheckmateX> i've blocked the ip but its still on the var/logs
<CheckmateX> i still received high request on the logs from that ip
<CheckmateX> now i need to stop logs from that ip :/
<lordievader> You've blocked the ip? How? Apache's 403 is not a block.
<lordievader> To block connection from that source you need to instruct your firewall to drop or reject the traffic from there.
<CheckmateX> lordievader you mean the option i do if htaccess deny ip not working ?
<lordievader> Yes. That denies them to see the actual content (which could lower cpu load, not having to run php code for example), but apache still serves them something (the 403 page).
<blackflow> CheckmateX: if you have high traffic from an IP and block it anyway with deny from, then yes dropping the traffic at the firewall level is your best choice, but then they won't see your message
<blackflow> CheckmateX: or put nginx in front of apache
<CheckmateX> lordievader you're right i checked the ufw status  Status: inactive
<CheckmateX> how thats possible inactive!!
<CheckmateX> anything wrong ?
<blackflow> sounds like you didn't configure it. it's not enabled by default, it can't read your mind.
<CheckmateX> blackflow i've enable it right now its ok but i can see the logs from that ip
<blackflow> CheckmateX: then you didn't configure it
<CheckmateX> its already configured i just enable it right now
<CheckmateX> status [ 1] Anywhere                   DENY IN
<CheckmateX> its say the ip denyed and i still receive var/logs
<blackflow> CheckmateX: I'm guessing because it's allowing established and related flows. it should deny new connections from that IP
<CheckmateX> ive denyed all connection sudo ufw deny from
<CheckmateX> i'm using cloudflare by the way
<blackflow> CheckmateX: then it won't work as you think it would. if you use CF then the src IP is cloudeflare's
<CheckmateX> blackflow yeah cloudflare was blocked that ip i cannot see any logs now
<rbasak> ahasenack: opinion on bug 1770532 please?
<ubottu> bug 1770532 in amavisd-new (Ubuntu) "DKIM signing not working in bionic" [High,Confirmed] https://launchpad.net/bugs/1770532
<rbasak> Looks like Debian haven't patched either, but I haven't looked thoroughly
<ahasenack> I don't know how this works, I was hoping upstream would do something
<ahasenack> can we use the mailing list thread as basis to accept the change?
<rbasak> Yes. We don't need upstream acknowledgement. We strongly prefer to, but it's not a hard requirement.
<rbasak> But patching ourselves alone is a judgement call because then we're on the hook to maintain it.
<rbasak> Which can be difficult in the future if upstream does something that will cause us to change user behaviour if we drop our patch, for example.
<CheckmateX> blackflow shit even with cloudflare i still see that ip on the firewall of cloudflare
<ahasenack> rbasak: yes, I know nothing about DKIM and the perl code in amavisd-new
<blackflow> CheckmateX: well then that's CF's problem, not Ubuntu, right? :)
<rbasak> ahasenack: yeah that's the hard part :-/
<ahasenack> rbasak: maybe if #is uses it they could take a look? I doubt they use it, though
<ahasenack> and it's in main :/
<blackflow> what's amavis doing dkim signing anyway?
<ahasenack> if upsream is gone, is that basis for demoting amavisd-new?
<ahasenack> blackflow: maybe checking?
<ahasenack> ah no, it says signing
<rbasak> It's definitely a basis for questioning its continued presence in main.
<CheckmateX> blaclflow it was blocked by i still see logs even with cloudflare
<sdeziel> ahasenack: I use amavisd-new for both signing and checking
<blackflow> CheckmateX: check which IP you're blocking. with CF in the equation, the src IP on the packets, and those logged by apache -- if you use cloudflare mod or something other trusting and logging x-forwarded-for -- will be different.
<sdeziel> ahasenack: on Trusty though :(
<blackflow> amavis upstream gone, that's not good. it's the only viable middleware for post-content filtering with different sub-daemons.
<ahasenack> sdeziel: so you just need to upgrade to xenial, then bionic, and then tell us if the patch in the bug works? :)
<blackflow> s/post-content/post-queue/
<CheckmateX> i think i will try the option of CF i'm under attack
<CheckmateX> blackflow the problem on the logs cannot stop that ip on the logs keep saving
<rbasak> ahasenack: well, one of the reporters/patch authors has already told us that the patch works :)
<sdeziel> ahasenack: will get there eventually but I wanted to confirm it does both signing and verifying
<blackflow> CheckmateX: well like I said, with CF the IPs are different
<rbasak> sdeziel: apparently it doesn't do DKIM signing :-P
<blackflow> CheckmateX: so be sure to understand what is logged exactly and what you're blocking. Are you blocking CF or end user, and do you have x-forwarded-for or something other logged, rather than packet src IP.
<sdeziel> rbasak: that's a bad regression... renders amavisd-new almost useless for us
<CheckmateX> yes i have a search.php page they use some POST codes to search fast
<CheckmateX> i' think i will go with google captcha if they search fast 10 time request to enter the captcha
<CheckmateX> disturbing me
<rbasak> sdeziel: it'd be great to get some of your help in fixing this in Bionic. I think part of the issue here is that most of us aren't familiar with amavisd-new in the detail we think we need :-/
<ahasenack> rbasak: we could start with a debian bug
<rbasak> ahasenack: sure. But I'm reluctant to block on a reply since we've been handed an apparently working patch.
<ahasenack> we could accept it, but be more rigorous with the testing period
<ahasenack> require two people to confirm it's working and has no regressions
<ahasenack> thinking in terms of the sru
<CheckmateX> blackflow i dont know what to do i want keep the search as easy way possible
<sdeziel> ahasenack: I just added https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882324 to the bug
<ubottu> Debian bug 882324 in amavisd-new "amavisd-new doesn't honor "originating" configuration flag, contrary to documentation" [Important,Open]
<ahasenack> sdeziel: is that the same issue?
<ahasenack> ah
<sdeziel> yes
<ahasenack> rbasak: fedora seems to be using it
<rbasak> Exactly the same patch?
<rbasak> I was under the impression that there were three available :-/
<ahasenack> didn't check. There seem to be two versions
<CheckmateX> blackflow untile now one option work with CF "i'm under attack" option
<rbasak> rharper: may I have some help triaging bug 1761573 please? Is this the same issue or a new one?
<ubottu> bug 1761573 in cloud-initramfs-tools (Ubuntu) "Network not configured on bionic" [Undecided,Incomplete] https://launchpad.net/bugs/1761573
<Ussat> has the update path from 16.X --> 18.X been enabled ?
<ahasenack> I think not, I had to use -d earlier today
<ahasenack> Ussat: ^
<boxrick> Any reason this doesn't work? 'mount --bind /dev/null /tmp/null' ---- mount: mount point /tmp/null does not exist
<Ussat> OK, thanks
<Ussat> Not in a huge hurry, and I did use -d earlier last week and was fine
<ahasenack> boxrick: /dev/null is not a directory. You can create another null in /tmp if you want, no need to bind mount it
<boxrick> mknod isn't available in this case since its an unpriviledged container
<boxrick> I was trying to find an alternative.
<ahasenack> you can try cp -a /dev/null /tmp
<ahasenack> but if /tmp doesn't allow devices, you will get a permission denied error
<sdeziel> boxrick: did you "touch /tmp/null" first?
<boxrick> Nope
<boxrick> Oh that was easy
<boxrick> I thought I tried that before, clearly not
<boxrick> Thanks sdeziel
<sdeziel> np
<ahasenack> cpaelzer: have you seen this in ppc64el builds?
<ahasenack> cc1plus: error: unrecognized command line option â-Wno-deprecated-registerâ [-Werror]
<rharper> rbasak: sure
 * ahasenack scratches head
<ahasenack> ubuntu@cosmic-squid4:~$ g++ hello.cpp -o hello -Wno-deprecated-register
<ahasenack> ubuntu@cosmic-squid4:~$ echo $?
<ahasenack> 0
<ahasenack> I guess I have to try on a real ppc64el
<cpaelzer> ahasenack: not seen yet
<cpaelzer> ahasenack: do you have access or should I try quickly?
<ahasenack> I have
<cpaelzer> ok
<ahasenack> it's super odd, previous lines in the build show that flag being used and working, then all of a sudden it fails. make -j is being used, but just -j4, and many many other g++ lines worked
<ahasenack> will know in a minute
<ahasenack> trying an actual build, since g++ in the command line worked just fine compiling a hello-world.cpp sample
<cpaelzer> ahasenack: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-4-06-compile-errors-on-Ubuntu-12-04-td4676098.html
<cpaelzer> but your compiler should be rather new
<ahasenack> yeah :)
<ahasenack> it's also a known issue in the faq, but for old compilers
<ahasenack> and it built on all other arches, except ppc64el
<ahasenack> https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3351/+packages
<ahasenack> reproduced
<ahasenack> waaaat
<ahasenack> I think the problem is something else, the message is just misleading
<cpaelzer> ahasenack: you reproduced it
<cpaelzer> including the "working at first and then later breaking" ?
<ahasenack> yes in the build
<ahasenack> but if I copy the command line, and run again, it works
<cpaelzer> can you sneak in an env call
<cpaelzer> so you see what is set for the compiler?
<ahasenack> I think the real error trigger is a bit up in the logs, where it complains about a variable that may be used uninitialized
<ahasenack> maybe
<ahasenack> trying a build without the parallelism enabled now
<ahasenack> but it could really be just a different code path taken in the ppc64el arch, as I don't see what warning in the non-ppc builds
<ahasenack> i'm talking about this one:
<ahasenack> https://pastebin.ubuntu.com/p/HNC2Z2Yk9F/ <-- the tval warning that is being treated as an error
<ahasenack> https://pastebin.ubuntu.com/p/JDVw8zFt6T/ I can probably fix that by just initializing tval with NULL, as parseTimeLine(&tval,...) stores a value there anyway
<ahasenack> cpaelzer: rbasak: man
<ahasenack> -O2/-O3 is the difference
<ahasenack> https://gist.github.com/panlinux/4716e167c2e06612b28be4b9f8f2b52b just adding -O3 or -O2 at the end of that command line, which overrides any previous -On
<ahasenack> first one, with -O2, worked
<ahasenack> second one, huge error
<ahasenack> -O3 seems to be enabling some -W options
<ahasenack> the manpage doesn't mention that next to -O3
<hallyn> stgraber: is landscape suppsoed to be integrated with snappy?
<stgraber> hallyn: I don't believe there's any snap support in Landscape at this point, some kind of integration between Landscape and the snap enterprise proxy would be nice though
<hallyn> wtf is "the snap enterprise proxy" :)
<hallyn> forget i asked :)
<hallyn> thanks.  so you'd recommend that casual users of landscape slowly migrate back to unattended-upgrades or ansible or something?
<stgraber> Landscape is still good to manage your debs, apply updates, ... with snaps it doesn't get quite that much control and unless you're running an enterprise proxy, nothing really has that much control
<stgraber> I suppose it could at least support installing and removing snaps, not sure if that's on the roadmap at this point
<stgraber> dpb1 might know (I'd have pinged simpoir but he's not in this channel)
<dpb1> hallyn: snappy integration will be coming in landscape but is still just in the planning stages, nothing official to announce.
<hallyn> dpb1: "coming" as in "perhaps during 2018", or coming as in "we'll put it in plan one day for sure" ?
<hallyn> fwiw the only reason i care about snaps is for lxd :)
<hallyn> and i don't really want bleeding edge there usually so no urgency even there.  i'm just curious.
<dpb1> hallyn: 'tracks' are really the thing you have there, which stgraber knows about.
<dpb1> hallyn: and.  the enterprise snap proxy, but it's a commercial offering (as will be the landscape thing).
<dpb1> tl;dr: fine-grained control of update frequency and pinning to specific revision numbers is an enterprise feature.
<dpb1> hallyn: as for when it will be coming in landscape -- I don't know.
<hallyn> thanks dpb1 :)
<Delvien> Not sure if this is the right place to ask this... Im running xfs formating on an NVME drive, and when I do an xfs_repair /dev/nvme1n1 I get "Phase 1 - find and verify superblock...
<Delvien> bad primary superblock - bad magic number !!!
<tomreyn> and your question about this is?
<Delvien> How to fix it? Or tell if the drive is bad?
<ahasenack> Delvien: shouldn't the device be something like /dev/nvme1n1p1?
<ahasenack> with a "pN" at the end, indicating the partition?
<ahasenack> Delvien: for example, this is what I have: https://pastebin.ubuntu.com/p/Wy5rbpysHm/
<Delvien> I have two nvme on board with this mobo
<ahasenack> so?
<Delvien> so thats what they were assigned as.
<ahasenack> nvme0 and nvme1
<ahasenack> n1 is the namespace
<ahasenack> and p1 is first partition
<ahasenack> and so on
<ahasenack> nvme1n1 is the equivalent of a "full disk", like sda
<ahasenack> nvme1n1p1 would be sda1 in this example
<ahasenack> and so on
<Delvien> alright, so
<Delvien> xfs_repair /dev/nvme1n1p1  spits out the same thing.
<ahasenack> did you format /dev/nvme1n1p1?
<Delvien> yes
<ahasenack> you have to use the same name for format and verification
<RoyK> Delvien: pastebin output of lsblk, please
<sarnold> is there a reason why you have seven partitions on tht devcie?
<ahasenack> me?
<sarnold> ahasenack: oh :) hah
<Delvien> Seems formatting a 6th time did the trick.. Holy craperoni
<sarnold> ahasenack: actualy now I am kind of curious :) what do you do with seven partitions on an nvme? :)
<ahasenack> windows is still there, then I have /boot, /boot/efi, swap and one for linux (crypt)
<sarnold> aha!
<sarnold> I've got slog on one partition and l2arc on a second partition, and even that feels a bit silly (I should probably just remove the slog, I don't think it ever gets any use)
<ahasenack> I did an experiment in another laptop and there I can actually have /boot encrypted (no uefi boot there)
<ahasenack> but grub takes about 30s to unlock the luks key
<ahasenack> oh, and /boot is on zfs as well
<ahasenack> I didn't want to try that on this laptop just yet. That one is my testbed
<ahasenack> this one isn't :)
<sarnold> ooh /boot on zfs?
<sarnold> nice
<sarnold> I'm too lazy to even try
<ahasenack> it spews out some warnings about unknown compression algorithms and such, but works in the end
<tomreyn> teward: i'm a happy user of your ZNC PPA. is there a chance you'll do new builds to handle the CVEs discussed in https://wiki.znc.in/ChangeLog/1.7.1 - or do you have no motivating factor there on your own currently?
<tomreyn> sorry, i didnt realize you have a bug tracker for those. :)
<jonfatino> anyone know how to launch ubuntu installer over ssh (in a livecd)
<jonfatino> like setup or install.bla   with kickstart.conf
<jonfatino> and no I don't want to netboot and pass kernel parms.
<tomreyn> jonfatino: i haven't done it for a long time, but you should be able to start the alterantive server installer , wait until it's booted to the installer, then press escape and find an option for ssh there.
<tomreyn> there may also be a kernel option for this you can pass. the only way to fully automate bringing up the ssh server would be with a preseed file or netboot, i guess.
<tomreyn> also please dont cross post
<arooni> so my ssh user doesnt always have access to ls directories like /etc/letsencrypt/live ;; how can i do a one off ls in this case
<sarnold> if you can't execute ls for some reason but you do have a shell, you can use 'echo *' kind of thing to see files and directories, if the read and execute permissions on the directory allow you
<sarnold> try echo /etc/letsencrypt/live/*
#ubuntu-server 2018-08-14
<cpaelzer> good morning
<lordievader> Good morning
<boritek> hello
<boritek> i have just installed ubuntu-server 18.04.1 with mass controller
<boritek> with default settings with lvm
<boritek> it created a 4GB root partition and 16GB /dev partition
<boritek> why??
<boritek> the /dev usage is 0%, and root partition is already full
<tomreyn> boritek: can you paste the url returned by "df -h | nc termbin.com 9999"
<tomreyn> <tomreyn> boritek: can you paste the url returned by "df -h | nc termbin.com 9999"
<ahasenack> boritek: that's a known bug
<ahasenack> let me fetch it to show you
<ahasenack> boritek: https://bugs.launchpad.net/subiquity/+bug/1785321
<ubottu> Launchpad bug 1785321 in subiquity "LVM Entire Disk option does not use entire disk" [Undecided,New]
<ahasenack> if you want lvm, for now you should create the layout manually
<ahasenack> or install with 4Gb, and resize later
<ahasenack> maybe add an LV for /usr, then you won't need to resize /
<ahasenack> that can be done without booting into rescue mode, since you won't be resizing /
<ahasenack> cpaelzer: do you know if this d/t/control syntax works for Depends? :
<ahasenack>  squid3 | squid,
<ahasenack> n/m, it does, it installed squid
<ahasenack> hah
<ahasenack> that kylin test is failing because it can't find python-imaging:amd64
<ahasenack> last uploaded to precise :/
<ahasenack> ok, it became pillow
<cpaelzer> ahasenack: yes it can have alternatives, but you foudn that already
<cpaelzer> I'm unsure what happens if both are available, but as long as there is one of the two it should work
<ahasenack> the ordering matters
<ahasenack> at least in d/control
<ahasenack> should be the same
<cpaelzer> ack for d/control behavior, and I'd hope so as well - but expect/hope != knowledge, so I'm still unsure :-)
<benl90> Hello, does anyone here familiar with mysql on ubuntu server? I have problem setting mysqld.cnf on /etc/mysql/mysqld.conf.d/ , I set sql_mode = '' but it won't affect the sql server, what cause it? I think I've set the write things. Is there anyone could explain maybe, or maybe I'm wrong. Thanks
<ahasenack> I have no idea, sorry
<ahasenack> for starters I don't even know what's the "good" config file, there are so many under /etc/mysql
<rbasak> It works like regular .d/ directories
<rbasak> Drop any number of .cnf into /etc/mysql/mysqld.conf.d/ to customise your configuration
<rbasak> Changing the supplied ones will result in conffile prompts (may be good or bad depending)
<rbasak> Use /etc/mysql/conf.d/ for things that affect the client (eg. libmysqlclientX but also libmariadbclientX). That's therefore shared between MySQL and MariaDB
<rbasak> And /etc/mysql/mariadb.conf.d/ for MariaDB-specific configuration.
<rbasak> (on the daemon side)
<rbasak> As for sql_mode specifically, I don't know, sorry.
<rbasak> The only reason I can think of that it won't affect the server is if you've messed with other config files in /etc/mysql/*.cnf or if you're actually using MariaDB.
<rbasak> You should be able to trace the config files that are active by following through from the service configuration.
<cpaelzer> rbasak: maybe ordering in the dir, and a later conf file in ther eoverwriting his change?
<rbasak> That could do it.
<rbasak> By default I think we only ship one file in the dir though?
<benl90> rbasak: Yep, I've but it's not reading it I dunno why, I means I set some param and still when the service is running the configuration doesn't change
<rbasak> There's a parameter you can call to mysqld to have it print the configuration it's picked up I think.
<benl90> rbasak: I use MySQL-server package
<benl90> rbasak: aaaa, I don't get what it means with your last statement, could you explain it to me?
<benl90> rbasak: I want to ask, anything under /var/mysql/mysql.conf.d/ is loaded by my.cnf right?
<rbasak> benl90: should be, by default, yes.
<benl90> rbasak: Then what means with ! and without !
<rbasak> If you have mysqld installed
<rbasak> And you don't have mariadb installed
<benl90> rbasak: yes.. I've mysqld. mysql server 5.7.23
<rbasak> A common error is to have tried to install MariaDB and then not removed it completely.
<benl90> rbasak: !includedir /etc/mysql/conf.d/ means it load from the folder right?
<rbasak> Yes
<benl90> rbasak: Hmm.. why it's not working, when I force write on the my.cnf it's working -_-
<rbasak> I don't know, sorry. Can you provide steps to reproduce the problem on a fresh installation?
<benl90> rbasak: Yep, I tried to edit the mysqld.cnf on the mysql.conf.d folder
<benl90> rbasak: then after that, I add sql_mode = '', after that I restart the service and check using SELECT @@sql_mode; still, the mode is there and not overwrited.
<rbasak> Skuggen: you might know off the top of your head? ^
<rbasak> benl90: have you verified this still happens on a fresh installation?
<benl90> rbasak: Hmm... Anyway how to delete the mysql and it's configuration and start from scratch in ubuntu
<rbasak> benl90: depends on what's wrong, and we don't know that. You can try https://askubuntu.com/a/1062707/7808, but that's no replacement for trying to reproduce on a fresh installation. You can use a container or a VM, so this should not be difficult. If you're not familiar, it's good to learn anyway - being proficient with lxd containers massively speeds up so many sysadmin tasks, because you can try
<rbasak> something on a fresh Ubuntu very easily.
<cpaelzer> rbasak: ahasenack: did you experience on git ubuntu submit that you got rejected for the branch not being found?
<cpaelzer> it is correctly pushed
<cpaelzer> I think on a totally new branch LP sometimes takes a while for processing
<cpaelzer> later on things work
<ahasenack> I never used git ubuntu submit
<cpaelzer> so you open the MPs just manually then
<cpaelzer> well that is my fallback when it fails
<cpaelzer> I was just wondering if we should print something (if it is a geenral issue)
<cpaelzer> yeah - merge ID hattrick
<rbasak> I don't use submit either
<cpaelzer> thanks postgres MRE :-)
<cpaelzer> oh, no wonder I'm the only one facing it then :-)
<ahasenack> I think this is the fix for the ubuntu-kylin-sso-client dep8 tests: https://pastebin.ubuntu.com/p/C872JtdJD3/
<ahasenack> at least one of the fixes
<ahasenack> because:
<ahasenack> 2018/08/14 10:11:02| ERROR: cannot change current directory to /tmp/autopkgtest.DUUfBX/build.7Km/real-tree/_trial_temp/squid/spoolsquid: (2) No such file or directory
<ahasenack> but we'll see
<cpaelzer> ack on the added /
<cpaelzer> but would that dir then exist?
<cpaelzer> I mean the path is broken without the / for sure, but it might still get a "no such file or dir"
<cpaelzer> if no one created it
<cpaelzer> ahasenack: FYI the postgresql MPs are up for you
<ahasenack> ...../squid/spool exists
<ahasenack> it is created if it does not exist
<ahasenack> I don't know yet if squid itself will create the missing bit, maybe not
<cpaelzer> the argument is called "dir"
<cpaelzer> so if it would create on demand it would have created the dir "spoolsquid"
<ahasenack> agreed
<ahasenack> I know where to look, I'll troubleshoot that later
<ahasenack> let me get the finishing touches up for squid itself and put that up
<jonfatino> Quick question for you guys. So I am trying to create a network install script for about 100 servers. Pxe boot and all.  I have a ubuntu livecd image that I moved to pxe and it can netboot into a livecd and ssh in. Then I have some scripts that check for hardware like cpu / ram and configure LSI raid arrays.  Then I want to automatically install ubuntu after that.
<jonfatino> I want to be able to launch ubuntu installer with kickstart file after lsi raid arrays are configured automatically. How would I acomplish this?
<jonfatino> I don't want to "netboot" and pass KS=bla for kickstart file and install that way. I want to install from the livecd after its done running my scripts.
<leftyfb> jonfatino: why not run the script as part of the kickstart?
<teward> anyone fluent in how systemd units work and 'network readiness' within SystemD units can be determined so you can decide whether to start a service or not?  https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1786974 is related to some race condition where nginx starts before IPv6 is ready, and it causes problems, but that's a SystemD race condition if i'm not mistaken?
<ubottu> Launchpad bug 1786974 in nginx (Ubuntu) "Nginx is starting before IPv6 address is ready" [Undecided,New]
<jonfatino> leftyfb: good idea but ideally we want to do it in stages and report back to a centralized database for deployments
<jonfatino> then proceed with next step and install
<leftyfb> jonfatino: that could be done
<leftyfb> jonfatino: just gotta script it as part of the kickstart
<jonfatino> The tools needed for megacli and a few audits / stress test and what not are not part of netboot image.
<jonfatino> I'm trying to find the exact commands ubuntu uses to run the install script so I can start it manually or when ever I want
<leftyfb> jonfatino: maybe start looking into subiquity
<jonfatino> leftyfb: have you ever used debootstrap?
<leftyfb> I have transparently. But not really
<tomreyn> teward: systemd.special(7) -> network-online.target
<teward> tomreyn: would that solve a race condition like bug 1786974 seems to be having?  It was my understanding that you should require network.target not network-online.target
<ubottu> bug 1786974 in nginx (Ubuntu) "Nginx is starting before IPv6 address is ready" [Undecided,New] https://launchpad.net/bugs/1786974
<teward> (so i'm trying to clarify before doing anything)
<teward> thanks by the way
<tomreyn> teward: i dont know that, sorry
<teward> hmm
<teward> i'll have to prod further, but thanks for the pointer, tomreyn.  I'm not 100% fluent with SYstemD :P
<tomreyn> i was actually wondering how this mechanism in systemd prevents / handles race conditions, but never spent time on researching it.
<tomreyn> i'm neither, just catch things up here and there
<sdeziel> teward: if the user binds to something else than [::]:80, adding the network-online.target dependency makes sense
<teward> sdeziel: their error is :::80
<teward> theirs is erroring with a default setup it seems by the error msg
<teward> though since they didn't file the bug the proper way I have no config data to use
<sdeziel> the IPv6 address was obfuscated
<teward> sdeziel: whether it's a link local or not is unclear, and probably would help determine the answer and solution
<sdeziel> binding to the wildcard shouldn't fail even if the network isn't online
<teward> sdeziel: the question is whether the fix for this should be applied on the one user's system or as part of the package.
<teward> sdeziel: it can if v6 is disabled which some users are doing (stupidly I might ad)
<teward> sdeziel: if it makes sense to bind to network-online.target that's one thing, if we're running a default install should we be delaying until network-online.target *just* to handle edge cases
<teward> since the default nginx config runs on [::]:80 (and also 0.0.0.0:80)
<sdeziel> teward: right, that's good question. The man page recommends to stick with the network target for networking daemons
<teward> sdeziel: then the answer is "Won't Fix" for the bug, because we already want on network.target
<teward> at least as i understand the systemd unit in use
<teward> by nginx
<teward> DAMN KEYBOARD!  *throws keyboard into the river and goes to get a spare from the supply bin*
<sdeziel> teward: that would be my feeling as well but I'd check if the user's config does indeed specify a specific IPv6
<tomreyn> teward: note also that there's also 'network.target', and that systemd.special(7) states "Usually, network.target is part of the boot of most systems, while network-online.target is not, except when at least one unit requires it."
<tomreyn> so maybe network.target is the better choice, if its good enough [TM]
<teward> tomreyn: indeed.  that's what the service uses currently
<teward> but it seems that this 'race condition' is not new
<teward> and I did note that bit in the manpage that tomreyn pointed out
<tomreyn> i'm sure tomreyn appreciates this
<teward> :P
<teward> sorry i'm still recovering from illness, i'm confusing who i'm messaging :|
<tomreyn> ;-) no worries, i'm just having fun here
<teward> sdeziel: the only reason I'm hesitant to tell the user to alter their service file for systemd is because that gets clobbered next-update whenever a package is updated with a newer version IIRC
<teward> then they'd have to reapply that workaround again
<sdeziel> teward: not with "systemctl edit nginx" overrides
<sdeziel> teward: the user then only need to put "[Unit]\nAfter=network-online.target\n" in there and be done with it
<teward> see, now I'm learning more about SystemD than I would on my own heh
<teward> sdeziel: if they come back and indicate they're using an actual v6 address then I'll provide that workaround, but document that the bug itself won't be fixed in the package because network.target is the 'typical target' for networking daemons...
<teward> assuming we include web servers in the category of networking daemons?
<sdeziel> teward: the scripted way would be: https://paste.ubuntu.com/p/YfD5TYdw2y/
<sdeziel> sigh, both After= and Wants are needed: https://paste.ubuntu.com/p/m64cXMRbhP/
<rbasak> teward: see https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
<rbasak> teward: waiting for network-online.target is incorrect
<teward> rbasak: that's what I had assumed
<rbasak> https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1786675 came up the other day
<ubottu> Launchpad bug 1786675 in apache2 (Ubuntu) "Apache will not start on boot if bound to a fixed IP address" [Undecided,Invalid]
<teward> rbasak: so we should consider this a "Not a Bug" and blame a race condition between the software and the underlying networking management system/infrastructure?
<rbasak> teward: the reporter of the nginx bug report says "...emerg] bind() to [xxx]:80 failed" so I think they're binding to a specific IP.
<teward> which i'm asking them to confirm in the comment I made
<rbasak> For Ubuntu, I believe this is Invalid/Won't Fix because the correct thing to do if customising local configuration is to also override systemd as discussed above.
<rbasak> For upstream, I think it's a valid feature request that daemons handle this gracefully
<teward> rbasak: ACK.  I'll have to add that to our Server Team documentation.
<teward> (for the override part)
<rbasak> The upstream systemd page should describe it well enough for upstream - either use IP_FREEBIND on Linux, or better, respond dynamically to network configuration changes.
<teward> thanks rbasak, i've marked the bug accordingly.
<teward> rbasak: while you're around, can you confirm that my last message to the list regarding the proposal to jump to NGINX mainline at least for 18.10 and 19.04 made its way to the mailing list?
<teward> i have no confirmations on my end whether it did or not :|
<teward> ah there it is in the archive, nevermind
<teward> (it wasn't showing for me, I blame caching)
<rbasak> https://lists.ubuntu.com/archives/ubuntu-server/
<teward> rbasak: yep, it wasn't showing in there, I blame caching :P
<teward> initially I thought I was stuck in the mod queue again heh
<arooni> what do you guys do to store passwords for servers/apps/ i.e. admin passwords for mysql ; passwords for basic auth for sites etc;  i.e passwords taht are not your user password
<arooni> right now i have a pw.txt somewhere on my laptop ; but wondering if theres a better way
<teward> keepass database with the passwords in them.  Or a PGP encrypted text document synced to several locations that contains passwords and requires my exact private key to decrypt
<teward> also 1password but that's just me :P
<teward> arooni: ^
<arooni> hmm i already use lastpass
<arooni> i wonder if i can have a text doc there
<teward> -1 because LastPass has had breaches in the past :P
<arooni> it just seems sloppy to have it in text format; even though i connect to the server with ssh keys etc
<arooni> keeping it encyrpted as a document seems smart too; i have dropbox
<arooni> is there an easy way to decrypt/encrypt from command line or apps on ubuntu/mac
<teward> gpg --encrypt --armor -r YOURKEYID foo.txt
<teward> makes foo.txt.asc
<teward> you can decrypt that later with gpg --decrypt foo.txt.asc
<teward> just make sure you don't lose your privkey :p
<arooni> truth
<teward> and don't share the plaintext version across cloud storage either :P
<arooni> i kinda like storing them in lastpass; because i already have 2 factor auth setup there
<teward> up to you :P
<arooni> thx for the brainstorm
<arooni> good talk ;P
<evit> hello
<evit> I have a Digital Ocean Ubuntu 16.04 server and SSH (PuTTY) was reporting the host key changed. So I replaced the keys and shut off SSH access. Chkrootkit says Possible Linux/Ebury - Operation Windigo installetd
<evit> Reviewing the configuration doesn't seem to show it is infected but I want to be sure
<evit> Is Possible Linux/Ebury - Operation Windigo a false positive on Ubuntu 16.04 as I've read from several sources?
<evit> Chkrootkit also lists fail2ban as suspicious files
<sarnold> last time I looked at one of those rootkit tools I found it was prepared to label the upstart /sbin/init as malicious
<sarnold> it's probably best to just ignore all those
<evit> sarnold, I see no other IOC on there and have scanned several other ways, locally, remotely, etc.
<evit> sarnold, Why would a host key change?
<evit> sarnold, would a patch do that or if Digital ocean made an infrastructure change?
<sarnold> evit: I think I've seen instances where a host brought up with just an rsa key will generate an ecc-based key on a later reboot, and thus suddenly have a *new* key. I dont know why :(
<rbasak> How did you get to the server in order to replace the host keys?
<evit> rbasak, Via the web console login
<evit> rbasak, I've since disabled SSH entierly
<evit> and replaced they keys
<rbasak> If the host key appears changed, then that's a sign of a MITM, not of a host compromise in itself.
<rbasak> It seems unlikely an attacker would change the real host keys, since there's nothing to gain from that if somebody already has root.
<rbasak> (and it'd reveal the presence of the adversary)
<evit> So if I changed they keys and it looks clean should I be confident?
<rbasak> You should properly check the host key fingerprints before accepting them.
<evit> yes, that is why I re-keyed
<evit> This article states that ssh -G is an IOC. https://www.welivesecurity.com/2014/04/10/windigo-not-windigone-linux-ebury-updated/
<evit> Is that correct? A lot of other sources say otherwise and I'm not sure what to think...
<evit> Eventually, I will rebuild with public key auth and OTP MFA
<evit> Should SSH -G be considered an indication of Windigo compromise or is that normal behaviour
<nacc> evit: i'm not sure an article from 4 years ago is relevant to security concerns today
<nacc> evit: also -G is a valid `ssh` option, and they are referring to running it on the compromised system in particular, i think
<evit> nacc, yes, agreed. Seems like they are assuming that is an IOC
<nacc> evit: in 2014.
<nacc> evit: which is not the current year, you know :)
<evit> nacc, =P
<evit> nacc, I saw my host key change and I freaked out. I'm not engaging in baseless fears here. Either MiTM, host compromise or some system change at Digital Ocean
<ahasenack> evit: https://bugs.launchpad.net/ubuntu/+source/chkrootkit/+bug/1488256
<ubottu> Launchpad bug 1488256 in chkrootkit (Ubuntu) "chkrootkit 0.50 shows Windigo/Ebury false positive due to new '-G' option in openssh 1:6.9p1-1" [Low,Confirmed]
<evit> ahasenack, Thank you! I just wanted the wisdom of the channel to clarify I'm not going nuts. =0
<ahasenack> that doesn't answer why the ssh host keys changed, though
<evit> ahasenack, I figured it was MiTM but traceroute says otherwise.
<evit> ahasenack, What other factors can change host key?
<tomreyn> evit: the 'host changed it' seems pretty likely to me if it's a VM and you have not taken measures to prevent them from accessing it.
<tomreyn> i know of a couple cloud hosters who insist on having file system accesss not just to containers but also to VMs.
<tomreyn> (and may not tell customers about this practice)
<tomreyn> i do not know baout how DO handles it
<evit> tomreyn, Since they have physical access and its a cloud instance I don't think anything I do will prevent them
<evit> tomreyn, Are you saying I should encrypt the cloud instance?
<tomreyn> evit: right, you cannot prevent it. but you can raise the bar, make it harder for them, break their default processes, and increase your chances to know this is what happened when it happens.
<tomreyn> doing so also makes it harder for them to provide a good service to you, though, so YMMV
<evit> tomreyn, The cloud is often worse than self hosting. The beancounters are bad at math and security. =P
<tomreyn> i'd still prefer own hardware whereever there is risk.
<tomreyn> (and ideally own network, too)
<evit> tomreyn, I'd prefer too. I can own it if I mess it up! =P
<benl90> Hello, can anyone explain me why mysqld.cnf is readed by mysql but none of the directive is followed and set globally on mysql? Thanks
<benl90> I have moving through ubuntu server documentation, no luck, and I'm on mysql 5.7.23 on ubuntu 18.04. Is there maybe opened issue about this? Thanks.
<benl90> on my ubuntu 16.04 with mysql 5.7.13 it's honoring the configuration when I run sudo mysqld --print-defaults it will show the additional parameter that set by editing mysqld.cnf
<compdoc> benl90, the newer mysql reads the config files is a certain order, including whats in the /etc/mysql/conf.d folder
<compdoc> its probably not seeing your file at all
<benl90> compdoc: Wait a second... I will look into it again. compdoc it's reading, when I accidentally make an error on configuration, it won't start. It's confusing hahaha...
<compdoc> ah. yeah, it wont start if you get it wrong
<benl90> compdoc: Yep, that prove that the conf is readed right?
<compdoc> yes, I would think so
<benl90> compdoc: ah the rule that written on all my.cnf and it's sub dir should be run as global variable right?
<compdoc> I think so
<benl90> compdoc: It seems not honoring my cnf... on show variables; it won't change... still same -_-
<compdoc> I think theres a mysql help channel
<benl90> compdoc: #mysql?
<compdoc> yup
<benl90> thanks compdoc. Let me checkout :)
<benl90> I have question how to clean all configuration of an removed packaged on ubuntu
<benl90> I tried purge nothing happen
<nacc> benl90: what package and what did you  see before and after to indicate "nothing happened"/
<nacc> benl90: and what version of ubuntu, etc.
<benl90> nacc: Mysql-server, on ubuntu 18.04. I tried to fix broken packages, because on this server mysql doesn't obey mysql.cnf, it frustate me alot, I dive through documentation on mysql and mysql board no bug or such, also I've other sevrer that working perfectly with same installation and same conf
<nacc> benl90: ok and what did you purge?
<benl90> nacc: mysql-server? Let me try dpkg -P
<nacc> benl90: well, that won't be what you want, that's just a metapackage
<nacc> it doesn't own any conf files
<benl90> nacc: Then how to delete the conf and completely clean reinstall it. I really desperate of it :'(
<nacc> benl90: you need to purge the actual package in question (the one that mysql-server depended on)
<nacc> benl90: mysql-server-5.7 i think
<benl90> nacc: it show this Purging configuration files for mysql-server-5.7 (5.7.23-0ubuntu0.18.04.1) ... dpkg: warning: while removing mysql-server-5.7, directory '/etc/mysql/mysql.conf.d' not empty so not removed, then how to clean it all
<nacc> benl90: is it empty now? if it's not empty now, recursively delete the directory?
<benl90> not empty, the folder also not empty /etc/mysql
<nacc> benl90: well, of course /etc/mysql is not empty /etc/mysql/mysql.conf.d exists
<benl90> ah then how to clean it. or it's there since I do fresh install
<benl90> ?
<nacc> benl90: you can use `dpkg -S` to see what, if any package, owns the paths in question
<nacc> if none do, you can safely (imo) remove the directories. Reinstallation will recreate them.
<nacc> rbasak: --^ may know better than I, though
<benl90> nacc: No path found, so it will be safe to remove them?
<benl90> nacc: this happen https://privatebin.net/?1440a70e4ed74582#0GP3btqDOTFTo8GTdXffcpP3kjf1fv+rnSDZHFl1vlc=
<nacc> benl90: i think so; i mean, it seems like you don't want mysql on your server
<benl90> nacc: no, I want to clean reinstall it, because it have wierd behavior
<nacc> benl90: right, so you 1) want to fully remove it first, 2) properly reinstall it?
<nacc> benl90: it's not particularly helpful to truncate the commands you ran
<benl90> nacc: I've using apt install right?
<rbasak> Make sure mysql-common is purged before cleaning /etc/mysql/.
<nacc> benl90: i have now way of knowing that :)
<rbasak> Since it uses update-alternatives, it won't show up in dpkg -S
<nacc> benl90: as you didn't paste the command you ran
<nacc> rbasak: oh right, sorry!
<rbasak> But apart from that, if it's purged, I think it should be safe to wipe it, since anything that uses /etc/mysql depnds on mysql-common and you can't purge mysql-common unless they are also removed.
<benl90> okay my command is apt install mysql-server
<nacc> rbasak: right, that's what i was thinking, just had the wrong package in mind
<rbasak> However, make sure other packages aren't shipping in /etc/mysql that are removed but not purged, like nacc said I think dpkg -S will do it but I'm not sure.
<nacc> benl90: so the problem is probably, currently, you still had mysql-common installed
<nacc> benl90: and so mysql-server, which depends on that, broke a bit :)
<benl90> nacc: SUCH A WOW... it works.. seems the mysql-server package broken that cause wierd beavior
#ubuntu-server 2018-08-15
<benl90> thanks rbasak nacc . Leaving now
<cpaelzer> good morning
<lordievader> Good morning
<tobias-urdin> coreycb: did something change in the tempest packages? we dont get the neutron tempest plugin anymore
<tobias-urdin> http://logs.openstack.org/22/583222/14/check/puppet-openstack-integration-5-scenario004-tempest-ubuntu-bionic-mimic/cc35e59/job-output.txt.gz#_2018-08-14_23_31_33_113245
<ahasenack> good morning
<rbasak> ahasenack: both of your samba uploads got trumped by security :-/
<ahasenack> oh
<rbasak> ahasenack: if you can rebase and reupload soon, I'll try and review immediately? I would review now but I'm a bit thrown by the tooling parenting it wrong, so the diff looks bad. I could work around to review what you uploaded, but possibly not worth it.
<rbasak> (well, technically the tooling is parenting it correctly, which is why I noticed :)
<ahasenack> I'll rebase it, but where is the package now? Not in proposed yet, right?
<ahasenack> it's in limbo?
<rbasak> It's in unapproved
<rbasak> I can reject. Might as well do it now I guess.
<ahasenack> can you reject it?
<rbasak> ack
<rbasak> Done
<ahasenack> rbasak: I rebased xenial-samba-include-1583324 and pushed/forced, can you do a quick check if that's what you expect in terms of tags and branches?
<ahasenack> rbasak: same for trusty-samba-include-1583324
<rbasak> Looking
<ahasenack> funny, debian rebooted gitlab
<ahasenack> and the cached login was lost
<ahasenack> must be in memory, or in /tmp
<rbasak> ahasenack: the diff against the tip of those branches and what's in the archive looks OK. That's what I review for SRU purposes.
<ahasenack> rbasak: ok, I need sponsoring then I'm afraid :)
<ahasenack> (can't upload samba yet)
<rbasak> I'm not supposed to sponsor and also SRU review
<ahasenack> even if the same diff was sponsored before?
<rbasak> That'd be OK, but then I need to confirm it was the same diff
<rbasak> Let's see
<ahasenack> cpaelzer: do you know what's missing here https://bileto.ubuntu.com/#/ticket/3355 for me to select "lander signoff"? It's gray and unclickable by me. What did I forget?
<ahasenack> or is it because I can't upload krb5?
<cpaelzer> ahasenack: taking a look
<cpaelzer> maybe, it seems I can set it
<cpaelzer> should I try to?
<ahasenack> :/
<ahasenack> yes please
<cpaelzer> to see what happens
<cpaelzer> yeah worked
<cpaelzer> if that really is the ACL I'm not sure
<ahasenack> sad
<cpaelzer> but you are working on more upload permissions anyway, so we will see if that opens up more
<ahasenack> it should block the publish button, not this step
<cpaelzer> we might ask sil if that even is what is blocking it
<cpaelzer> not around atm thou
<CheckmateX> Hi can anyone guide me to edit fail2ban to block users who multiple POST's on a php page ?
<cpaelzer> CheckmateX: like https://yaleman.org/2014/12/16/using-fail2ban-to-mitigate-apache-post-flooding/ maybe?
<CheckmateX> cpaelzer i have a php search page and some bad people avail the page to POST multiple request this exhausts everything i'm not sure if the Recaptcha service will block them or what i need to do
<rbasak> ahasenack: verified the diff is the same for both
<rbasak> I'll sponsor
<ahasenack> rbasak: thanks
<cpaelzer> rbasak: is that for the smb security release killing the SRUs
<cpaelzer> ?
<ahasenack> yep
<smb> cpaelzer, I did what?
<cpaelzer> hehe
<CheckmateX> cpaelzer you think the guide you give me gonna work ?
<cpaelzer> you got released by security
<cpaelzer> CheckmateX: I don't know, it just pretty much matched your search terms
<smb> cpaelzer, wished I would let go... :)
<rbasak> smb: aren't you deprecated now? I heard you were insecure or something? :)
<CheckmateX> cpaelzer you know when i check the logs i found the same ip was maked many search POST's per minute
<cpaelzer> smb: you started it :-P
 * rbasak is amused by having typed "git branch -r|grep aha"
<smb> rbasak, certainly outdated and an (hr) hazard .. ;)
<cpaelzer> rharper: aha
<CheckmateX> cpaelzer i can custome the php page right ?
<CheckmateX> on fail2ban
<Emmanuel_Chanel> Hello! The installer of ubuntu-18.04-server-amd64.iso get down at 12% of the Software Selection and Installation section. So I quited to install 18.04 server directly.
<tomreyn> Emmanuel_Chanel: how do you mean "goes down"? what's the hardware, which non default choices did you make during installation?
<tomreyn> and what does "install directly" mean?
<tomreyn> did you verify the iso downloaded properly and is unmodified?
<Emmanuel_Chanel> The "software selection and installation" get down and is restarted. / Directly means that I tried to install Ubuntu Server 18.04 from the DVD of that ISO.
<Emmanuel_Chanel> ok. I verify now.
<Emmanuel_Chanel> tomreyn: Where can I get the checksums?
<tomreyn> Emmanuel_Chanel: nex tto where you downloaded the iso from
<Emmanuel_Chanel> Now I cannot find the site of ubuntu-18.04.1-server-amd64.iso ...
<ahasenack> rbasak: do you remember the history behind this squid delta we have been carrying? https://pastebin.ubuntu.com/p/fythxdS5Pc/
<tomreyn> Emmanuel_Chanel: cdimage.ubuntu.com/releases/18.04.1/release/
<ahasenack> rbasak: there is the squid-deb-proxy package, with more modern and complete refresh patterns for deb repositories
<ahasenack> rbasak: I wonder how much I should improve this delta we have, or just drop it entirely in favor of the squid-deb-proxy package
<ahasenack> rbasak: squid-deb-proxy has this relevant config, more complete: https://pastebin.ubuntu.com/p/nDrczbfmCY/
<ahasenack> the regexps could be better, though
<Emmanuel_Chanel> tomaw: ok... The checksum doesn't match now.
<tomreyn> Emmanuel_Chanel: i assume you meant to address me. if checksums dont match then you better download again until they do.
<Emmanuel_Chanel> ok.
<tomreyn> Emmanuel_Chanel: in case your connectivity is not reliable, there should also be torrents, which may help then.
<Emmanuel_Chanel> I download it via torrent.
<Emmanuel_Chanel> The torrents' ISO's sha1sum doesn't match SHA1SUMS
<Emmanuel_Chanel> tomreyn: Probably, that's the trouble......
<rbasak> ahasenack: I'm not sure, sorry. I wouldn't be surprised if I were involved with that at some point though.
<rbasak> I use squid rather than squid-deb-proxy, but also for debs.
<ahasenack> I'm tempted to improve that patch, taking some bits from squid-deb-proxy
<rbasak> What does squid-deb-proxy get us apart from those rules and locking down to the archive (or is it debs?)?
<ahasenack> like adding .bz2, .xz
<rbasak> Improving it makes sense.
<ahasenack> squid-deb-proxy also has acls, runs another copy of squid in another port
<ahasenack> it's more tailored indeed
<ahasenack> but I think we can take the improved patterns from there
<tomreyn> Emmanuel_Chanel: it matches for me
<Emmanuel_Chanel> ok. I try again.
<tomreyn> Emmanuel_Chanel: I'm comparing the sha1sum over the .iso file downloaded using the .torrent at http://cdimage.ubuntu.com/releases/18.04/release/ubuntu-18.04.1-server-amd64.iso.torrent against http://cdimage.ubuntu.com/releases/18.04/release/SHA1SUMS
<Emmanuel_Chanel> >87bedd68607f059ca973f86346bbdf1caa6e1077 *ubuntu-18.04.1-server-amd64.iso
<Emmanuel_Chanel> What does the astarisk mean?
<sdeziel> '*' is for binary
<Emmanuel_Chanel> ok.
<sdeziel> that's the input mode
<Emmanuel_Chanel> tomreyn: I don't know why. But SHA1SUMS says that line and my result doesn't match yet.
<Emmanuel_Chanel> $ sha1sum -b ubuntu-18.04-server-amd64.iso
<Emmanuel_Chanel> 73ae6579ef7c51d944a0be5c4c48f748bfd689df *ubuntu-18.04-server-amd64.iso
<sdeziel> Emmanuel_Chanel: you could use "sha1sum -c --ignore-missing SHA1SUMS" for easier comparison
<sdeziel> Emmanuel_Chanel: isn't the SHA1SUMS file you downloaded the one for 18.04 and the ISO for 18.04.1 ?
<tomreyn> Emmanuel_Chanel: didnt you mean to download 18.04.*1* ?
<tomreyn> oh i'm late ;)
<Emmanuel_Chanel> Yes, I downloaded ubuntu 18.04 server's.
<Emmanuel_Chanel> sha1sum -c --ignore-missing SHA1SUMS says ok.
<Emmanuel_Chanel> now.
<Emmanuel_Chanel> $ sha1sum -c --ignore-missing SHA1SUMS
<Emmanuel_Chanel> ubuntu-18.04.1-server-amd64.iso: OK
<tomreyn> glad you worked it out.
<sdeziel> odd, both http://cdimage.ubuntu.com/releases/18.04/release/SHA1SUMS and http://cdimage.ubuntu.com/releases/18.04.1/release/SHA1SUMS serve the same file
<Emmanuel_Chanel> So my ISO was verified stuff......
<rbasak> --ignore-missing? Handy!
<Emmanuel_Chanel> $ sha1sum -b /dev/sr1
<Emmanuel_Chanel> 87bedd68607f059ca973f86346bbdf1caa6e1077 */dev/sr1
<rbasak> I always used grep
<Emmanuel_Chanel> SHA1SUM matches my Ubuntu 18.01.1 Server DVD......
<blackflow> rbasak: TIL after all these years.... :)  me too.
<Emmanuel_Chanel> tomreyn: So I found that the error is on the released ISO image itself...
<Emmanuel_Chanel> Around 12% point, "Software Selection and Installation" restarts. And it repeats forever.
<Emmanuel_Chanel> It's same for Ubuntu 18.01 Server DVD.
<tomreyn> Emmanuel_Chanel: have yu verified this against copletely separate hardware and installation media?
<Emmanuel_Chanel> I don't understand what separate hardware means. I checked the installation media completely with SHA1SUM on http://cdimage.ubuntu.com/releases/18.04.1/release/SHA1SUMS
<tomreyn> Emmanuel_Chanel: chances are you just have a bad dimm or something. i'll try on a VM.
<Emmanuel_Chanel> Maybe... Well, I've installed Ubuntu 16.04.5 Server on the server and upgrade it to 18.04 now. I don't have another test environment. So I cannot check now.
<tomreyn> Emmanuel_Chanel: can you tell me about your hardware please
<Emmanuel_Chanel> Yes. HP ProLiant ML310e Gen8 v2
<tomreyn> booting uefi or legacy?
<Emmanuel_Chanel> legacy.
<tomreyn> Emmanuel_Chanel: how did you partition?
<tomreyn> i assume you have multiple disks form the installers' point of view?
<tomreyn> these are the options you had during installation, the highlighted one is default: http://i.imgur.com/wU2Sfzc.png
<Emmanuel_Chanel>  /dev/sda1 bios boot /dev/sda2 /boot /dev/sda3 main LVM and another space on /dev/sdb1
<tomreyn> thanks, ext4 file systems? also on sdb1?
<Emmanuel_Chanel> I've selected btrfs then.
<tomreyn> where?
<Emmanuel_Chanel> The multiple disks caused the problem?
<Emmanuel_Chanel>  /dev/sdb1
<tomreyn> so file systems on sda are ext4?
<tomreyn> i don't know of any problem, yet
<tomreyn> i'm trying to reproduce what you reported
<Emmanuel_Chanel> $ ls /dev/mapper/
<Emmanuel_Chanel> control           gateway--vg-root    gateway--vg-var
<Emmanuel_Chanel> gateway--vg-home  gateway--vg-swap_1
<Emmanuel_Chanel> Now the LVM volumes are such and execpt home and swap, they are ext4 partitions.
<tomreyn> okay, and sdb1 is just this partition with btrfs directly on top, no lvm etc?
<Emmanuel_Chanel> Yes. on top.
<tomreyn> Emmanuel_Chanel: is /dev/sda > 2TB or did you create a GPT partition table there beforehand?
<Emmanuel_Chanel> 6TB with GPT if I didn't mistake.
<tomreyn> with this size the installer should automatically use GPT. i think it does use msdos & MBR for disks with <2TB capacity
<Emmanuel_Chanel> I thought so, too. And it's working now.
<Emmanuel_Chanel> tomreyn: You have that HP server?
<tomreyn> no
<tomreyn> i'm just another random user
<Emmanuel_Chanel> ok.
<Emmanuel_Chanel> Actually, what does the correct name of "Software Selection and Installation"?
<Emmanuel_Chanel> I selected Japanese environment since I'm actually a Japanese man. ( Emmanuel_Chanel is just a handle. )
<tomreyn> i don't understand the question, please clarify.
<tomreyn> thanks for pointing out japanese, so it might be multi byte issue
<jamespage> cpaelzer: hey around still?
<Emmanuel_Chanel> You would see what I call "Software Selection and Installation" of the Ubuntu Server's installer. But I don't really know. So I asked its correct name.
<Emmanuel_Chanel> Does that correct English shown name?
<cpaelzer> jamespage: no more here, but coming by every now and then
<tomreyn> Emmanuel_Chanel: sorry, didnt see your reply. i understand the installation step you mean (and do not remember the exact title myself). i did postpone testing this until there will be more indication that this is an actuall installer issue.
<Emmanuel_Chanel> At 12% or so, the dialog window(?) occurs. And the step crashes and restarts. That error process repeats forever.
<Emmanuel_Chanel> It says that it's down by segfault. And I don't find what segfault occurred.
<jamespage> cpaelzer: I'll ping you tomorrow am re python-libvirt and py3.7
<cpaelzer> jamespage: I think you don' thave to
<cpaelzer> jamespage: 1786157 ?
<cpaelzer> coreycb: already pinged me, the issue is quite clear
<cpaelzer> to resolve we just need anything >=libvirt 4.5 in cosmic
<cpaelzer> and that I work on since a week
<cpaelzer> it is close to be ready, but I wait on upstream and Debian response to a lot of things and a MP review from the team
<cpaelzer> My plan was to push that on Friday (and worst case clean up minor things later if upstream feedback is more complex than ack/nack)
<cpaelzer> that in turn will unlick the new version whcih would work for you
<cpaelzer> OTOH if my assumption on the particular bug is wrong, then let me know
<cpaelzer> kstenerud: o/
<tomreyn> Emmanuel_Chanel: while it's a live linux, the installer is a linux installation. you can switch tty's and the installer has an option to spawn a shell. it will have a 'dmesg' command and a syslog, too.
<Emmanuel_Chanel> Sorry, I haven't checked dmesg. Just I remember that something got segfault to lead the Software Selection and Installation to restart.
<Emmanuel_Chanel> tomreyn: You couldn't reproduce my situation? Sorry for not collecting more info. to tell.
<tomreyn> Emmanuel_Chanel: no, i wasn't able to reproduce it. (but i don't have the same hardware available.)
<Emmanuel_Chanel> Around 12%, on that steop, what software is started?
 * RoyK guesses disk issues
<RoyK> check dmesg
<RoyK> or memory failure
<RoyK> http://memtest.org/ is good
<Emmanuel_Chanel> I should've done that. But now my server of that problem is back to ordinary operating.
<Emmanuel_Chanel> tomreyn: Thanks for experiments!
<tomreyn> welcome
<runelind_q> if I'm running on HWE can I apt-get purge linux-image-generic?
<sarnold> I'd expect that to work; report back if it gives you trouble :)
<runelind_q> especially since I'm remote from the server :)
<tobias-urdin> jamespage: heard from coreycb that he was away until friday so just reposting to you
<tobias-urdin> 09:48 < tobias-urdin> coreycb: did something change in the tempest packages? we dont get the neutron tempest plugin anymore                                                                |
<tobias-urdin> 09:48 < tobias-urdin>
<tobias-urdin> http://logs.openstack.org/22/583222/14/check/puppet-openstack-integration-5-scenario004-tempest-ubuntu-bionic-mimic/cc35e59/job-output.txt.gz#_2018-08-14_23_31_33_113245
<tobias-urdin> hopefully you'll see this tomorrow :) see you later
<arrrghhh> Hey all.  I have a mdadm raid1 array (NOT the OS disk) - I'd like to tear it down back to be a simple JBOD
<arrrghhh> It appears I should be able to umount the mdadm array, stop the array and zero the superblocks... but I can't stop the array or zero the superblocks, it seems *something* is still calling it... but I have successfully done the 'umount'
<tomreyn> arrrghhh: are you hopeing to preserve the data this way?
<arrrghhh> tomreyn, ideally if I could preserve the data on one disk... I do have backups
<arrrghhh> but I would prefer to not have to resort to the backups as that takes time
<tomreyn> arrrghhh: okay, i don't know whether this approach will work for doing so. it might, but not sure.
<arrrghhh> tomreyn, well even if it does destroy the data, meh.  Whatever method gets it done...
<tomreyn> arrrghhh: i can, however, comment on the tearing-things-apart-part.
<tomreyn> so just unmounting the file systems wont be sufficient, you need to stop the array
<arrrghhh> right, I can't stop the array :)
<tomreyn> oh you actually planned that step, sorry
<arrrghhh> I assume something is still accessing it... I don't know what.  lsof isn't very helpful
<arrrghhh> Cannot get exclusive access to /dev/md0:Perhaps a running process, mounted filesystem or active volume group?
<arrrghhh> I stopped all the docker containers and samba/nfs
<tomreyn> "dmsetup ls" sometimes helps getting new ideas onwhat to try there
<arrrghhh> hm ok
<tomreyn> maybe you'll the the major/minor still mounted or otherwise 'used' this way?
<arrrghhh> tomreyn, is that for LVM?  I only see my LVM volumes
<tomreyn> but i know of no better way either
<arrrghhh> I figured if I unmounted it, nothing else could be using it...
<tomreyn> umm you're right, sorry, lvm and cryptsetup would use dmsetup
<arrrghhh> I guess I can reboot the server
<tomreyn> not mdraid
<arrrghhh> comment the mount in fstab
<arrrghhh> I'll try that when I get home.
<arrrghhh> will bbiab, if anyone else has any ideas I'll read them when I get home :)
<tomreyn> can you post /proc/mdstat
<tomreyn> you mentioned you have lvm, if that's on top of /dev/md0 you'll need to vgchange -a n
<tomreyn> (and, i think optionally, pvremove)
<arrrghhh> well I seem to have dropped the channel... oh well, a reboot did get the array to stop
<arrrghhh> oh the reboot.  derp lol
<qman> arrrghhh: yeah, you have to luksclose or other wise un-crypto the thing and turn off the volume group
<qman> And even then, lvm doesn't always let go without rebooting
<qman> That's just a lovely lvm thing, it's been a persistent issue for years
<qman> Well, a device mapper thing, more accurately
<arrrghhh> hm I am not using LVM on this disk
<arrrghhh> ah
<arrrghhh> so after I zero the superblock, is there something I need to do to change the disks back to JBOD?
<arrrghhh> I am trying to find the UUID with blkid so I can setup the individual disks in fstab and these two RAID disks are not showing up in blkid...
<blackflow> arrrghhh: mdadm based software raid?
<arrrghhh> blackflow, yes correct mdadm
<arrrghhh> it was RAID1, I am trying to break the array and just have two plain ole disks..
<arrrghhh> ideally preserving the data on one, but not essential.
<blackflow> arrrghhh: did you mdadm --stop    the array first?
<arrrghhh> yep
<blackflow> not sure then. you can always reboot.
<arrrghhh> oh ok
<blackflow> or wait... see what partprobe does
<arrrghhh> sure
<arrrghhh> well without sudo it was mad.  with sudo, nothing.  just paused for a bit and went to the next line, nothing in the output
<blackflow> arrrghhh: yeah but does blkid now list individual disks/partitions?
<blackflow> which btw... should've been listed even before.
<arrrghhh> nope
<arrrghhh> /dev/sdb1 and /dev/sdc1 are not in blkid
<blackflow> mdadm devices don't change the visibility of individual disks/partitions to the kernel. are you sure that's all mdadm? no hardware raid anywhere? not evne bios fakeraid?
<arrrghhh> no fakeraid
<arrrghhh> this is how they show up in fdisk -l: "/dev/sdb1        2048 1953525167 1953523120 931.5G fd Linux raid autodetect"
<arrrghhh> https://hastebin.com/wicosezequ.coffeescript
<blackflow> hm, maybe the partition type is confusing blkid. you can always reset those to 83
<arrrghhh> that's what I was thinking, that raid autodetect type
<arrrghhh> ok
<blackflow> it's been a while since I last used mdadm. I've been ZFS-ing for years now :)
<sarnold> :)
<blackflow> sarnold: oh yeah, you like ZFS too! ;)   *highfive*
 * sarnold ^5 blackflow
<arrrghhh> hm.  well even after a reboot they do not show up in blkid...
<blackflow> arrrghhh: changed partition types?
<arrrghhh> well on one of the disks I did
<arrrghhh> but neither show up... hm
<blackflow> are those partitions linked in /dev/disk/by-uuid?
<blackflow> blkid is just... summarizing the information you already have available in /dev
<arrrghhh> hm there are some dm-1, dm-2 etc devices
<arrrghhh> but I don't see sdb1 or sdc1
<arrrghhh> there are four of these "dm-#" devices...
<blackflow> arrrghhh: how about    blkid -g   ?
<arrrghhh> not sure what -g does, but it is empty
<blackflow> `man blkid` will explain :)
<arrrghhh> garbage collect the cache
<arrrghhh> yea I looked at the help sorry
<blackflow> well, I'm guessing those partitions are lacking any meaningful identifiers to be noted as individual devices, being part of the raid array. missing labels, uuids, or something.
<arrrghhh> so... reformat?
<blackflow> repartition, reformat, something like that.
<arrrghhh> hm bummer.  well this is why I took a backup lol
<arrrghhh> I thought it would be possible to break the array tho without data loss... oh well
<blackflow> arrrghhh: try removing the partition layout and then repartitioning exactly the same way, sector-wise
<blackflow> eg with parted,   mklabel msdos   and then mkpart  for each, using sector numbers to have _exactly_ the same layout
<blackflow> that should give them partuuid at least, and blkid/kernl should be able to see them as such. might need to run partprobe after you re-partition
<blackflow> note that partitioning only changes the partition tables. if you re-partition in exactly the same way, the data under them should stay intact and at the same offsets.
<arrrghhh> right
<arrrghhh> I'm just looking up how this works, I don't use parted all that often
<blackflow> there are other tools, parted is just something I'm used to
<arrrghhh> I just get the start/end with fdisk right?
<arrrghhh> hm parted shows it as well
<arrrghhh> but it seems odd... not precise I guess
<blackflow> that's why I mention using sectors and not MB or MiB
<arrrghhh> blackflow, mklabel says it will destroy data...?
<arrrghhh> Warning: The existing disk label on /dev/sdb will be destroyed and all data on this disk will be lost. Do you
<arrrghhh> want to continue?
<arrrghhh> oops.
<sarnold> it might not actually overwrite all data, but just the user know the most likely outcome
<sarnold> if you're playing games behind the back of the system it might still work. and if not, well, you've got backups, right? right? :)
<arrrghhh> yep I do
<arrrghhh> was hoping to avoid using them, as it will take a lot longer to restore.... but they are there
<sarnold> good good. then you can carry on with your wild experiment :)
<arrrghhh> I didn't think breaking a raid array would be this hard...
<arrrghhh> oh there is no 'file system' listed when I print this disk
<arrrghhh> that may be an issue...
<arrrghhh> I guess I have to format at that point?
<sirvictory4> is it safe to mix input- and output-type filter rules in a single custom iptables chain? Or should I have something like webserver-in and webserver-out chains?
<arrrghhh> well after a reboot and a format the one disk is showing... that sucks tho :(
<whislock> sirvictory4: What are you trying to achieve?
<whislock> arrrghhh: Completely irrelevant, but I keep thinking of Monty Python/Holy Grail when I see your name.
<sirvictory4> whislock: just organizing my iptables rules, thats all
<arrrghhh> well that castle was one of the inspirations
<sirvictory4> they are getting long
<whislock> sirvictory4: Doesn't really help me much.
<whislock> sirvictory4: Are you doing anything overly complicated?
<sirvictory4> whislock: ok, a simple matching rule of "-p icmp -j my-icmp-table" for both INPUT and OUTPUT
<arrrghhh> so is there any other way after doing a mkfs.ext4 on the partition I can get blkid to pick it up without rebooting?
<arrrghhh> wait nvm.  /dev/disk/by-uuid has it.
<whislock> sirvictory4: Honestly, I long ago gave up trying to manage iptables myself. I just use ufw/firewalld these days. Just as good, 1% of the effort.
#ubuntu-server 2018-08-16
<mike802> hi all, i'm new to ubuntu server.  i'm currently stuck trying to install my lamp stack.  i installed apache2 with a vhost and ssl, then tried to install the moinmoin wiki with very frustrating results
<blackflow> mike802: any specific problem?
<mike802> just a 404 not found
<mike802> the default apache2 page shows up (with ssl) on the root
<mike802> and, i put a test html in my vhost which works
<sarnold> do you need to a2enable a module or two to make the wiki work?
<sarnold> are there more detailed errors in the apache logs?
<mike802> :/
<mike802> i was just going by the ubuntu server documentation
<mike802> they only mention a2enable for actual apache2 stuff
<mike802> and no mention of logs....
<sarnold> logs should be /var/log/apache*/
<mike802> first log says  server certificate does NOT include an ID which matches the server name
<jak2000> */1 * * * * root /home/scripts/reboot.sh   <--- this command run every minute?
<whislock> Yes, but that's awfully frequent for a cronjob. Why?
<jak2000> my question is, is hard for server check every minute?
<jak2000> My question is, is not it very hard for the server to be checking every minute? Does not saturate the server?
<nacc> no, once a minute is nothing
<nacc> jak2000: what is your *actual* question
<jak2000> if saturate the server...
<whislock> What is that script doing is a better question.
<jak2000> i am try follow: https://stackoverflow.com/questions/5226728/how-to-shutdown-ubuntu-with-exec-php/45775280
<jak2000> first answer, i am on a local network
<whislock> Doesn't matter, this is a horrible idea.
<jak2000> why?
<jak2000> i need create a page for restart server, for restar a system, etc.
<whislock> It's called SSH. Use it.
<jak2000> any better idea?
 * whislock sighs.
<kzisme> Hi all - recently installed a fresh copy of 16.04 I can login just fine on one machine, but I cannot ping the server when I switch the drive to my other machine (I can login just fine and such)
<jak2000> any better idea?
<whislock> jak2000: Use SSH. It supports strong authentication.
<jak2000> php + ssh?
<whislock> ... No. Just SSH.
<whislock> Stop trying to use PHP for this.
<jak2000> ok...
<jak2000> other question
<kzisme> On Desktop 1 I can ping/ssh just fine on Desktop 2 I cannot ping it or ssh to it
<kzisme> both are on LAN
<whislock> Seriously, I wouldn't trust PHP to serve a lunch menu securely, let alone as a gateway for system-level functions.
<jak2000> i can program crontab for every sunday at 11pm restart the server. but after restarted i need execute a command how to do?
<whislock> Depends on the command and its complexity.
<whislock> And what version of Ubuntu you're running.
<kzisme> Who me whislock ?  16.04 LTS
<whislock> kzisme: No, sorry. Was talking to jak2000.
<kzisme> Ah sry
<cpaelzer> good morning
<lordievader> Good morning
<cadogan> Hello, I am trying to solve problem with authentication using kerberos. So we have Firewall on our network which uses kerberos. When I try to do "sudo apt update" i get Err:1 http://XXXXXXX:XXXX/browser_challenge.php?vsys=2&rule=35&url=http://security.ubuntu.com/ubuntu xenial-security InRelease . is there way to authenticate towards kerberos without using browsers challange?
<cadogan> I am new to using kerberos, so just pointing to right direction would be helpful :)
<jamespage> tobias-urdin: no - its been split out of neutron I think - https://github.com/openstack/neutron-tempest-plugin
<jamespage> and no package so no provision via distro for that now
<tobias-urdin> jamespage: yeah tried finding a package for it, but there is none in ubuntu?
<jamespage> no
<tobias-urdin> weird, wonder where i get neutron-lbaas, neutron-vpnaas and neutron-dynamic-routing plugins on ubuntu hm
<tobias-urdin> since those depend on the neutron tempest plugin, they fail
<jamespage> tobias-urdin: I suspect those install from the parent project still
<jamespage> rather than being split out
<jamespage> but depend on the now split out neutron-tempest-plugin project
<tobias-urdin> hm so pretty much <python package>/neutron_lbaas/tests/tempest something like that which tempest then loads and fails because neutron tempest is not available
<jamespage> yup
<boritek> hello
<boritek> i am trying to commission a dell server in maas but it says no rack controllers can access the BMC node
<boritek> i tried to setup an IPMI for that
<boritek> the IP address also should be for the BMC there right as well as the power mac
<boritek> I do not get why it cannot reach it
<boritek> what is the best way to configure a dell power edge 630?
<boritek> is it not ipmi?
<boritek> i mean the way to configure it for maas
<tobias-urdin> jamespage: any plans on packaging the tempest plugins that has been moved out of project repo trees?
<jamespage> boritek: the MAAS rack controller must be able to container the IPMI network address for the servers
<jamespage> tobias-urdin: tbh no not really
<jamespage> tobias-urdin: afaik the puppet modules project is the only group making use of them
<jamespage> tobias-urdin: for all of our tempest testing we make use of venvs and install from source
<tobias-urdin> jamespage: ok, i will investigate if we can do that way as well for ubuntu atleast
<jamespage> tobias-urdin: they got package originally as a side effect of being in=tree for existnig packaged projects
<jamespage> it was never really intentional IMHO
<tobias-urdin> ok, i c
<jamespage> cpaelzer: thanks for the update on that bug
<cpaelzer> jamespage: was that what you wanted to ask about?
<cpaelzer> I set Friday as a deadline for the upload to make sure I get yours fixed at soem point
<cpaelzer> but review of the MP is slow (as it is huge)
<cpaelzer> jamespage: let me know if you want to volunteer (someone else) to review the libvirt MP :-)
<jamespage> cpaelzer: it was
<ahasenack> cpaelzer: does bileto also test if the new packages are installable with dependencies from the archive? Like migration/excuses?
<ahasenack> or is it just build + dep8?
<mike-zal> I have a serious problem: after adding cache to site and adding it to cloudflare, my systems stop respoding to hosfile, meaning I forward domain to other server (developer version) but browser still opens it from the production server
<mike-zal> cache on wordpress shouldn't trigger that effect so I'm leaning toward cloudflare making this issue
<mike-zal> any idea how to work around it? using hostfile is a very useful thing when working on a site so without it, my options are limited
<ahasenack> rbasak: are you around? Could you please click on the "lander signoff" dropdown menu at https://bileto.ubuntu.com/#/ticket/3351 so bileto can start the dep8 tests for the squid packages from the test ppa?
<rbasak> ahasenack: done
<ahasenack> thanks
<cpaelzer> ahasenack: no installation test
<ahasenack> ok
<teward> sdeziel: given that your suggestion on #1782226 SEGVs in recent Ubuntu to remove the header from `ss`, and `-H` doesn't exist as a valid flag in older Ubuntu releases such as Xenial, unless you have a way to strip the header out in a way that doesn't provide the requirement of additional dependencies, I'm not sure if there's a way to skip using lsof (I commented with some details about how the current detection works - and it works well)
<teward> (or rather, the current detection in that proposed package in that PPA
<sdeziel> teward: how about "ss -nto state listening 'sport = 80' | grep -v ^Recv-Q"
<teward> that might work
<sdeziel> teward: or "ss -nlt 'sport = 80' | grep -v ^State"
<teward> both would work for Xenial, and so long as it doesn't output data if the port isn't in use that should be fine
<sdeziel> yup, no output when nothing listens
<sdeziel> tested on both Xenial and Bionic
<teward> indeed.  now let's just hope that `ss` in Cosmic doesn't randomly start segfaulting heh
<teward> (I'm also not awake yet, or i'd have tried the greps.  alas i'm still waking up >.>)
<sdeziel> the ss segfault was reported to LP: #1787396
<ubottu> Launchpad bug 1787396 in iproute2 (Ubuntu) "ss crashes when using --no-header" [Undecided,New] https://launchpad.net/bugs/1787396
<sdeziel> I'll check with a cosmic container
<teward> the next question is whether we're confident `ss` will always be present in Ubuntu, is there any case where `iproute2` is not installed in an ubuntu system?
<sdeziel> teward: I'd add a "Depends: iproute2".
<sdeziel> but I think that most install will already have this dep installed as ubuntu-minimal pulls it in
<teward> we'd have to do the same for `lsof` if we use that either.  Both ways work, though I just pushed another version to the PPA that uses 'ss', and didn't add the depends yet (oops?  guess ~lp1782226.8 will have the Depends then)
<teward> sdeziel: yeah that was my main concern
<teward> since there's quite a few people recently posting on Ask Ubuntu using ubuntu-minimal instead of the full server install
<teward> so long as the smallest Ubuntu includes `iproute2` that's fine, though I'll add it as a depends before getting this into Cosmic.
<sdeziel> great, thanks!
<teward> roaksoax: ccing you to ^ since you were also testing.  Assuming this works, then this is a candidate to be added to Cosmic, and then we can work on the SRU bits.  (I'll be glad when people stop filing bugs just because they have something else listening on Port 80 already and try to install NGINX...)
<teward> ~lp1782226.8 pushed up to that PPA, now we let it build :P
<blackflow> sdeziel: I just replicated with --no-header and a filter with no mathces. eg.    ss --no-header 'dport = 123456'   => segfault
<sdeziel> blackflow: thanks, the LP was also confirmed by others (you?)
<blackflow> yah
<blackflow> kinda makes sense. no header + no output + something_something = segfault
<dpb1> rbasak: we are trying to have standup early, can you make it?
<ahasenack> kstenerud: so have you cloned a package repo with git ubuntu yet?
<kstenerud> test
<kstenerud> cool
<ahasenack> hi
<kstenerud> ok, so I have git ubuntu installed
<ahasenack> ok
<ahasenack> try cloning a package
<ahasenack> git ubuntu clone <sourcepackagename>
<ahasenack> postfix, or strongswan
<ahasenack> or both
<ahasenack> it may prompt you to configure ~/.gitconfig
<kstenerud> fatal: could not read Username for 'https://git.launchpad.net': terminal prompts disabled
<ahasenack> add a [gitubuntu] section to ~/.gitconfig
<ahasenack> here is mine
<ahasenack> [gitubuntu]
<ahasenack> 	lpuser = ahasenack
<kstenerud> already there
<kstenerud> 	lpuser = kstenerud
<ahasenack> did it download stuff before that message?
<kstenerud> yeah
<ahasenack> ah, ok, then it's just because you haven't pushed anything yet
<nacc> the fatal message is nothing
<nacc> well, it's a known issue
<nacc> one sec, let me find the bug
<nacc> it has no impact
<ahasenack> kstenerud: do you also have a [user] section with full name and email?
<kstenerud> yup
<ahasenack> canonical email?
<kstenerud> ah, no it's my gmail account
<nacc> LP: #1761821
<ubottu> Launchpad bug 1761821 in usd-importer "fatal: could not read Username for 'https://git.launchpad.net': terminal prompts disabled" [Undecided,New] https://launchpad.net/bugs/1761821
<nacc> the user seciton shouldn't matter to git-ubuntu, fwiw
<kstenerud> hmm so that means I'll have to switch accounts in .gitconfig when managing my github stuff?
<nacc> sorry, what's the symptom here?
<ahasenack> I don't know how that can be controlled
<ahasenack> nacc: nothing, I was just going over my ~/.gitconfig
<nacc> ahasenack: ah ok :)
<ahasenack> to get him started
<nacc> no, you don't need per-remote git user
<nacc> kstenerud: were you able to clone with git-ubuntu?
<kstenerud> yup it did clone
<ahasenack> kstenerud: ok, go over this blog post now: https://blog.ubuntu.com/2017/08/09/git-ubuntu-clone
<nacc> kstenerud: the only thing i can imagine you running into, which has not much to do with git-ubuntu itself, is who you want to commit as when using the git-ubuntu repositories
<nacc> the email should match your lp email
<nacc> (afaik, so that lp will do the right linkage)
<ahasenack> that sounds important :)
<ahasenack> kstenerud: what I would like you to know is the different branches that are available for the packages
<ahasenack> kstenerud: i.e., pkg/ubuntu/devel meaning the current ubuntu development package
<ahasenack> pkg/ubuntu/xenial-devel being the current xenial package
<ahasenack> and so on
<ahasenack> and the several tags for package versions, representing each package version as it was imported at that version
<kstenerud> there are 233 branches for postfix
<kstenerud> under applied
<ahasenack> applied means the branch has the patches from debian/patches applied
<ahasenack> we tend to work with the ubuntu/ ones, which have the patches unapplied
<nacc> kstenerud: each applied/ubuntu branch has the corresponding ubuntu/ branch as an ancestro (it's the result of doing `quilt push` iteratively on the unapplied until no patches are left to apply)
<ahasenack> kstenerud: you can ignore applied/ for now
<kstenerud> ok
<nacc> kstenerud: it's mostly an implementation detail for you :)
<ahasenack> kstenerud: so to fix https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1753470, we want to inspect pkg/ubuntu/devel (git-ubuntu should have landed you in ubuntu/devel after the clone)
<ubottu> Launchpad bug 1753470 in postfix (Ubuntu Bionic) "Postconf segfaults every 5 minutes" [Low,Triaged]
<ahasenack> to see what the fix was
<ahasenack> and then we want that fix in bionic, so for bionic you could create a local branch based on pkg/ubuntu/bionic-devel
<teward> sdeziel: i just got around to testing the ss-powered packages for that NGINX bug, and it seems to work.  Feel free to test if you want.  I intend to wait until I hear anything bad about it, or confirmation that it works as intended before I start prepping for its inclusion in Cosmic
<teward> roaksoax: anything to note about the daemon-only NGINX package as well?
<teward> since i'm gearing up to patch things and then push to Cosmic
<sdeziel> teward: alright, I'll give it a try and report in the bug
<teward> yep no rush
<kstenerud> ahasenack: ok so: git checkout -b pkg/ubuntu/bionic-devel remotes/pkg/ubuntu/bionic-devel
<ahasenack> I suggest:
<teward> sdeziel: because i won't be getting around to pushing it out until, what, Saturday?  (tomorrow's a day filled with busy busy work and meetings, while the rest of today is network maintenance on site here and I'll be busy reconfiguring switches heh)
<ahasenack> git checkout -b bionic-postconf-segfault-1753470 pkg/ubuntu/bionic-devel
<ahasenack> how you name it is up to you, of course. As a matter of preference, I like to include the ubuntu release, package/issue and bug number
<rbasak> I have my ~/.gitconfig configured to personal email, and try to remember to change it to my Canonical email when doing stuff sponsored by Canonical (ie. when I'm "at work")
<ahasenack> because I tend to acumulate a lot
 * sdeziel is happy to watch the git-ubuntu walk-through!
<ahasenack> sdeziel: \o/
<ahasenack> kstenerud: git-ubuntu should have set up a default remote of "pkg"
<kstenerud> ok I have my local branch
<ahasenack> cosmic or bionic?
<ahasenack> create both
<kstenerud> ok done
<ahasenack> switch to the cosmic one, and take a look at git log
<ahasenack> I suggest this in ~/.gitconfig
<ahasenack> [log]
<ahasenack>     decorate = short
<sdeziel> no need to have the local cosmic branch. On the bionic branch: git log -p -b pkg/ubuntu/cosmic-devel
<ahasenack> works too
<sdeziel> this save the branch switching
<sdeziel> (just found out about -b)
<ahasenack> what is -b for?
<nacc> i don't thjink you need -b
<nacc> git-log should understand the argument as ref, which the remote-tracking branch is
<sdeziel> nacc: you are right
<nacc> techincally, you never need to switch branches with git anymore :)
<nacc> use working trees and go crazy
<kstenerud> nifty!
<ahasenack> kstenerud: ok, so the cosmic log
<kstenerud> last entry is from git-ubuntu import
<sdeziel> -b was not even unneeded, it was wrong as it changes how diffs are displayed
<ahasenack> kstenerud: ah, another command for you: rmadison
<ahasenack> kstenerud: that will show you the current versions of a package in each release
<nacc> sdeziel: yeah, i was looking in the manpage for what it does, as i've never used it :)
<ahasenack> kstenerud: anyway, the tip of cosmic, shows the import of 3.3.0-1ubuntu1
<ahasenack> and all the accompaining tags
<ahasenack> and branches
<ahasenack> ag: pkg/import/3.3.0-1ubuntu1, tag: import/3.3.0-1ubuntu1, pkg/ubuntu/devel, pkg/ubuntu/cosmic-proposed, pkg/ubuntu/cosmic-devel, pkg/ubuntu/cosmic, ubuntu/devel
<ahasenack> a bit down you will see the previous cosmic package
<ahasenack> pkg/import/3.3.0-1,
<ahasenack> between the two, two commits from me
<ahasenack> one with the fix
<ahasenack> another one saying "changelog"
<ahasenack> if you do git log -p you will see what was done in each
<ahasenack> our standard workflow is to commit a change, then commit the corresponding debian/changelog entry
<ahasenack> using the same as the commit message
<kstenerud> so in the changelog commit your message is simply "changelog"
<ahasenack> right
<ahasenack> but the contents, i.e., what was committed, is identical to the change I introduced in the previous commit
<ahasenack> we just say "changelog" so they are easily recognized later on when dealing with merges from debian, a topic for another time
<ahasenack> I've seen people saying "changelog: <actual change description>"
<ahasenack> but don't worry about that now, you will get your preference as time goes by
<nacc> it's mostly convention what the commit messages say at this point
<ahasenack> kstenerud: how familiar are you with the debian/patches structure?
<nacc> there are no hard and fast "requirements"
<kstenerud> ahasenack: not at all
<ahasenack> kstenerud: ok, so take a look at the debian/patches directory in that branch
<ahasenack> you will see one file called "series", and then a bunch of other files
<ahasenack> kstenerud: the series file contains a list of patches that will be applied before the binary build starts, and in that order
<kstenerud> OK. Is there a reason for the numbering?
<ahasenack> convention by some people
<ahasenack> it's free-form
<nacc> debian is stricter about it than ubuntu, imo
<nacc> well, 'stricter' :)
<ahasenack> ideally one should follow the established pattern in the package
<ahasenack> I don't remember why I didn't do it here
<ahasenack> probably because I wanted to avoid a possible future conflict with a patch from debian that started with the same number
<nacc> yeah, and it's also less required once it's in Git (at least for this team) IMO
<sdeziel> tls_version.diff broke the uniformity before you did
<ahasenack> yeah
<nacc> heh
<ahasenack> and that was added by debian
<ahasenack> so meh :)
<ahasenack> kstenerud: you should setup quilt, have you heard of that before?
<kstenerud> nope
<ahasenack> let me fetch you some config files
<ahasenack> kstenerud: create these two files in your home: https://pastebin.ubuntu.com/p/bxQr552PGY/
<ahasenack> kstenerud: and add this bash alias somewhere: alias dquilt="quilt --quiltrc=${HOME}/.quiltrc-dpkg"
<ahasenack> (assuming you use bash :)
<ahasenack> if you use ksh or something else, you are on your own :)
<dpb1> ksh
<dpb1> wow
<ahasenack> kstenerud: once you have that done, and the alias sources, try "dquilt push -a" and afterwards "dquilt pop -a" inside the package branch directory
<ahasenack> push -a means apply all patches, and pop -a means deapply
<ahasenack> all of them
<ahasenack> you can push up to an individual patch by giving its name
<Ussat> ewww.....just had a request to install Mate GUI on a server...
<Ussat> I feel all sullied now
<ahasenack> Ussat: go over to #ubuntu-desktop :D
<ahasenack> j/k :)
<kstenerud> Damn that's cool!
<Ussat> OH no.....anything but that.........
<ahasenack> Ussat: :)
<sdeziel> ahasenack: both ~/.quiltrc and ~/.quiltrc-dpkg are identical, expected?
<ahasenack> sdeziel: oh man, I set that up so long ago
<sdeziel> ahasenack: tabs vs spaces diff only
<ahasenack> hah :)
<ahasenack> dquilt (the alias) uses the -dpkg one
<ahasenack> for raisins
<ahasenack> oh well
<sdeziel> quilt uses ~/.quiltrc by default
<ahasenack> yes
<ahasenack> maybe at some point I wanted separate configs, who knows. I don't remember
<sdeziel> sorry for nitpicking, just trying to follow
<ahasenack> no, it's helpful
<ahasenack> keep the picks coming
<sdeziel> hehe
<ahasenack> kstenerud: how are you doing?
<nacc> quilt uses --quiltrc option, then ~/.quiltrc, then /etc/quilt.quiltrc
<nacc> (iirc)
<kstenerud> I'm taking down notes on all of this so be as pedantic as possible :)
<ahasenack> kstenerud: so you can see that d4cb4562480496f8a1b25ddc397cef45dd45d855 then adds the quilt patch, and adds its name to the series file
<ahasenack> but does not touch the actual source code from postfix
<ahasenack> so we are adding a patch with git
<ahasenack> kstenerud: two things about the patch
<nacc> actual source code = upstream part of the packaging
<ahasenack> kstenerud: a) we want to mention in the commit message which files we are touching
<ahasenack> kstenerud: that's why you see the commit message prefixed with debian/patches/fix-postconf-segfault.diff:
<ahasenack> (we don't mention d/p/series because that's "obvious")
<ahasenack> kstenerud: and b) the patch we added to debian/patches/ has quite the verbose header
<ahasenack> kstenerud: we call that header DEP3
<ahasenack> kstenerud: there's a whole spec about that
<ahasenack> (and I just misplaced the url to it, and google is failing me)
<ahasenack> kstenerud: here is a summary: https://pastebin.ubuntu.com/p/X3KnfftthK/
<ahasenack> or template, if you will
<nacc> https://dep-team.pages.debian.net/deps/dep3/
<ahasenack> thanks nacc
<nacc> all the DEP are there, iirc
<nacc> DEP14 being the other relevant one to g-u
<ahasenack> oh, and it's in the header template I pasted even
<nacc> yeah, i thought `dpkg-source --commit` added a link :)
<ahasenack> you can also use dquilt to add this header: dquilt header -e --dep3 <patchname>
<ahasenack> to an existing patch, that is
<sdeziel> wow, that's nice ^
<ahasenack> kstenerud: we really want all patches we are adding to have a dep3 header, it helps soooo much when doing package maintenance later on
<ahasenack> not all existing patches have it, though, but we enforce it for new patches
<ahasenack> in our team, that is
<ahasenack> kstenerud: with me still? :)
<kstenerud> yup :)
<sdeziel> ahasenack: is there a tool that you use when merging that uses the "Applied-Upstream" field to know if a given patch should be dropped?
<ahasenack> sdeziel: not that I know of
<sdeziel> I'm asking cause that specific bug was fixed by upstream in 3.3.1
<sdeziel> OK, thanks
<ahasenack> it wasn't applied yet when the patch was made
<ahasenack> kstenerud: ok, so we need to apply that fix to the bionic version
<ahasenack> kstenerud: this might be as easy as cherry-picking the cosmic fix
<sdeziel> yeah, was just asking how much manual work was required for merges
<nacc> sdeziel: i'd file a bug against git-ubuntu for that feature :)
 * sdeziel obliges
<ahasenack> kstenerud: now, of course the cherry-pick itself will probably apply
<ahasenack> but that doesn't mean the patch might apply in the bionic version
<ahasenack> hence cherry-pick, and then try "dquilt push -a" to see if it applies
<kstenerud> ok so cherry-pick d4cb45?
<ahasenack> kstenerud: you can also run "rmadison postfix" to see which versions of postfix were released into each uuntu release
<ahasenack> kstenerud: yep
<ahasenack> in this case, bionic has the same major version as cosmic, so it should be fine
<sdeziel> nacc: LP: #1787455
<ubottu> Launchpad bug 1787455 in usd-importer "[wishlist] create a tool that process dep3 "Applied-Upstream" field" [Undecided,New] https://launchpad.net/bugs/1787455
<kstenerud> ok which branch am I cherry-picking on to?
<ahasenack> the bionic one you created before
<ahasenack> based on pkg/ubuntu/bionic-devel
<ahasenack> pro-tip: compare the version at the top of debian/changelog with what is actually released in bionic
<nacc> sdeziel: thx
<ahasenack> sometimes the git-ubuntu importer failed and wasn't restarted, and it could be lagging behind
<kstenerud> er.. but d4cb45 is already in that branch
<ahasenack> nope
<ahasenack> are you sure you are not on the cosmic one still
<ahasenack> or that you created the bionic branch based on cosmic, instead of bionic?
<kstenerud> oh wait wrong branch :P
<ahasenack> ah, I use a PS1 change to always have the branch name in my prompt
<ahasenack> you may want to do something similar, if you haven't already got something like it
<ahasenack> annoying drawback is that the prompt gets confused when typing a long line, because of the colors :/
<kstenerud> yeah I have it on one of my machines somewhere.. This is a fresh install
<kstenerud> Now at patch fix-postconf-segfault.diff
<ahasenack> try applying it with quilt
<ahasenack> see if it applies cleanly
<kstenerud> yup it did
<ahasenack> cool
<ahasenack> revert that then
<ahasenack> get back to a clean branch
<kstenerud> or at least it didn't complain :P
<ahasenack> git status should only show .pc
<kstenerud> yup
<ahasenack> .pc is the control directory for the quilt patches
<ahasenack> you can rm -rf it to get a clean state, once you have unapplied all patches
<ahasenack> ok, now changelog
<ahasenack> sometimes the hardest part, heh
<nacc> ahasenack: fwiw, `git clean` can do it as well
<nacc> (-fdx, iirc)
<ahasenack> nacc: yeah, I do git clean -f -x -d
<dpb1> there is a social aspect to the changelog. :)
<ahasenack> and a version part
<ahasenack> kstenerud: bookmark this, you will refer to it often: https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation
<ahasenack> (I do)
<ahasenack> specifically, go to https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging
<ahasenack> and look at that table of version examples
<ahasenack> the version in bionic is 3.3.0-1
<ahasenack> the version in cosmic is, as of this moment, 3.3.0-1ubuntu1
<nacc> dpb1: definitely, it's a large social engineering project in some sense. It's the 'shared' bit
<ahasenack> kstenerud: we need a version that is higher than 3.3.0-1, but lower than 3.3.0-1ubuntu1
<dpb1> hehe.
<dpb1> it's true
<kstenerud> why lower than ubuntu1?
<ahasenack> because that is in cosmic already, and we want a release upgrade from bionic to cosmic to upgrade to the cosmic package
<ahasenack> instead of leaving the bionic package installed
<kstenerud> ok, so ubuntu0.1?
<ahasenack> 1ubuntu0.1
<kstenerud> Or some other scheme in case we're putting this fix in multiple releases?
<ahasenack> the "1" before ubuntu means it's based on debian's -1 release
<sdeziel> 1ubuntu0.18.04.1 ?
<ahasenack> just 1ubuntu0.1 in this case
<ahasenack> but it's a good question whether the bug happens in other releases
<ahasenack> that's something that the bug triager should have checked, but you can check too
<ahasenack> this is where lxd containers help a lot
<kstenerud> so if the bug did trigger in earlier versions as well, would that affect the naming scheme?
<ahasenack> or, if you just want to check code, you can checkout the branches for each past ubuntu release
<ahasenack> kstenerud: depends on what version is in the other releases
<ahasenack> if they all had 3.3.0-1, they perhaps
<ahasenack> hence, check "rmadison postfix"
<ahasenack> s/they/then/
<dpb1> versions are only slightly less hard than the changelog
<ahasenack> kstenerud: so we have a version, here is another tip to reconstruct the changelog
<ahasenack> kstenerud: following the pattern of using the same text for the commit message and the d/changelog entry, there is a script that can do this for us
<ahasenack> part of the git-ubuntu snap
<ahasenack> git-ubuntu.reconstruct-changelog
<ahasenack> give it a base, and it will populate d/changelog with the commit messages from base to head
<ahasenack> in this case, the base could be pkg/ubuntu/bionic-devel for example
<ahasenack> just prior to your cherry-pick
<ahasenack> it will try to guess the version number to use, and it does that correctly most of the time for uploads to the devel release, but not for SRUs
<ahasenack> so you will have to adjust that bit, and the ubuntu release (it will say UNRELEASED by default)
<sdeziel> shouldn't "git-ubuntu.reconstruct-changelog" assume the base to be the currently checkout branch if not specified as "$1" ?
<nacc> sdeziel: it's never 'wrong' to use the full numeric release, IMO. rbasak and i have gone back and forth on it, as it's not strictly necessary in some cases.
<nacc> it won't know what to do if not given an option
<nacc> it needs to start somewhere *before* current branch
<nacc> and reconstruct d/changelog entries from there to HEAD
<sdeziel> nacc: OK, I was trying to find edge cases of using the full numeric release but couldn't
<nacc> sdeziel: right, it's the 'safer' option, but isn't necessary in some well-defined case (but using it can break future cases, etc. :)
<nacc> err, not using it can break future cases
<ahasenack> kstenerud: let me know when you have a d/changelog ready to commit, and commit it
<ahasenack> I'll grab some coffee, brb
<kstenerud> hmm
<kstenerud> karl@karl-tp:~/work/postfix$ git-ubuntu.reconstruct-changelog
<kstenerud> karl@karl-tp:~/work/postfix$ git diff
<kstenerud> diff --git a/debian/changelog b/debian/changelog
<kstenerud> index 6d9e6754..44046d9e 100644
<kstenerud> --- a/debian/changelog
<kstenerud> +++ b/debian/changelog
<kstenerud> @@ -1,3 +1,8 @@
<kstenerud> +postfix (3.3.0-1ubuntu1) UNRELEASED; urgency=medium
<kstenerud> +
<nacc> kstenerud: use a pastebin :)
<kstenerud> +
<kstenerud> + -- Karl <karl@karl-tp>  Thu, 16 Aug 2018 11:19:05 -0700
<powersj> lol
<kstenerud> +
<powersj> https://paste.ubuntu.com/
<dpb1> there is a thing
<dpb1> !pastebin | kstenerud
<ubottu> kstenerud: For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<dpb1> there you go!
<nacc> and/or | nc termbin.com 9999
<sdeziel> nacc: I don't understand why git-ubuntu.reconstruct-changelog could assume the currently checked out branch to be like passing it as $1
<kstenerud> https://pastebin.ubuntu.com/p/qnbPByFKpb/
<sdeziel> s/could/could not/
<sdeziel> kstenerud: git-ubuntu.reconstruct-changelog pkg/ubuntu/bionic-devel
<ahasenack> kstenerud: back
<nacc> sdeziel: wait, that's not your current branch, that's the branch you are based off of
<nacc> sdeziel: sorry, i'm otp right now, so i need more context
<nacc> sdeziel: in general, if you're checkout to a branch, `git-ubuntu.reconstruct-changelog <current branhc name>` is a no-op
<nacc> as HEAD=<current branch name> and there are no commits betweeen them
<ahasenack> kstenerud: you didn't give it a committish where to start
<sdeziel> nacc: err, sorry my bad
<nacc> sdeziel: does that make sense?
<kstenerud> ok so https://pastebin.ubuntu.com/p/Gtgx4QFKFk/
<sdeziel> nacc: yes, absolutely, I was not making sense ;)
<ahasenack> kstenerud: do git log, and use the commitish just before the cherry pick, or any of its tags
<ahasenack> kstenerud: that's better
<ahasenack> kstenerud: but you need to fix your email :)
<ahasenack> and full name
<nacc> sdeziel: we would love to be able to detect it perfect automatically, it's just not easy to always do right
<kstenerud> er how do I do that?
<ahasenack> kstenerud: your ~/.gitconfig is correct in that regard?
<dpb1> DEBEMAIL?
<ahasenack> hm, maybe it's using that
<ahasenack> yeah
<dpb1> and DEBFULLNAME
<ahasenack> $ env|grep DEB
<ahasenack> DEBFULLNAME=Andreas Hasenack
<ahasenack> DEBEMAIL=andreas@canonical.com
<ahasenack> I assumed it used ~/.gitconfig
<kstenerud> I don't have any DEB envs. .gitconfig has my full name and gmail address
<ahasenack> but I also had those vars set
<ahasenack> ok, then set those vars in some .bashrc file for later, and now just export them
<ahasenack> trash the changes, and run the script again
<sdeziel> nacc: how about looking at the branch's ancestor by default then?
<sdeziel> that's assuming that one always does `git checkout -b bionic-postconf-segfault-1753470 pkg/ubuntu/bionic-devel` prior to cherry picking
<nacc> sdeziel: right, which i think i thought was fragile :)
<kstenerud> https://pastebin.ubuntu.com/p/XQFrwPts4m/
<sdeziel> nacc: alright. reconstruct-changelog is pretty cool even if we have to provide that commitish arg
<dpb1> what about UNRELEASED ahasenack ?
<ahasenack> kstenerud: better
<ahasenack> kstenerud: now we need to fix the version number, as discussed before, and the ubuntu release, which is what dpb1 just asked about
<ahasenack> unreleased should be replaced with "bionic"
<nacc> sdeziel: yeah :)
<kstenerud> ok so the bionic change, and then 1ubuntu0.1?
<ahasenack> yes
<kstenerud> https://pastebin.ubuntu.com/p/Dq9bGVgMcr/
<ahasenack> +1
<ahasenack> one more thing about the changelog entry: the "(LP: #1753470)" string is special
<ubottu> Launchpad bug 1753470 in postfix (Ubuntu Bionic) "Postconf segfaults every 5 minutes" [Low,Triaged] https://launchpad.net/bugs/1753470
<ahasenack> it will auto-close that bug once the package is published to updates
<ahasenack> if you open the bug url, you will see it has an open "bionic" task
<ahasenack> kstenerud: feel free to assign that task to yourself, and switch "status" to "in progress"
<kstenerud> where is the task link?
<ahasenack> it's the row that starts with "bionic"
<ahasenack> next to each name in each collumn should be a small yellow pencil icon
<ahasenack> and the "assigned to" column has the entry "unassigned"
<ahasenack> can you click on that pencil, or you don't have it?
<ahasenack> might be a permissions problem
<kstenerud> ok got it
<ahasenack> each one of those rows we call "tasks", because one bug can affect multiple projects
<dpb1> specifically, launchpad calls them tasks
<kstenerud> ok
<dpb1> (and doesn't expose that they are called tasks very well)
<dpb1> :)
<ahasenack> lots of tricks there
<dpb1> tasks, bug tasks
<ahasenack> kstenerud: can you change status as well?
<kstenerud> to fix committed?
<ahasenack> no, to "in progress"
<ahasenack> that task, the bionic update, is in progress now, since you are working on it
<ahasenack> it's not yet in the archive, nor uploaded, so fix committed or released are incorrect at the moment
<ahasenack> ok, so where do we stand
<ahasenack> you have a local branch with a proposed fix
<ahasenack> you need to test it
<ahasenack> there are a few ways to do it
<ahasenack> I like two, and it depends on the package
<ahasenack> a) build it locally and test
<ahasenack> b) build it in a ppa, and then test
<ahasenack> it depends if the package takes a while to build, how fast your computer is, etc
<ahasenack> we can try both
<ahasenack> sometimes ppas are slow, if we are approaching a release, for example
<ahasenack> then the builders are busy
<ahasenack> let's try a ppa first, to expose you to them
<ahasenack> cool?
<kstenerud> yup let's do it
<ahasenack> ok, so another versioning trick we will need
<ahasenack> we are proposing 3.3.0-1ubuntu0.1 for ibonic
<ahasenack> bionic
<ahasenack> if it works, that's the version that will land in bionic
<ahasenack> for the ppa, we will want to use a version that's lower than 3.3.0-1ubuntu0.1, because if somebody installed the package from the ppa, and the release happens, we will want that person to uprade to the official package from the archive
<ahasenack> so the trick is to append ~ppaN
<ahasenack> for example, 3.3.0-1ubuntu0.1~ppa1
<ahasenack> that is higher than the current version of postfix in bionic (3.3.0-1), is lower than the version we want to propose as a fix (3.3.0-1ubuntu0.1)
<ahasenack> so go ahead and add ~ppa1 to the verison in d/changelog, and make a simple commit. for example, "git commit debian/changelog -m ppa1"
<ahasenack> we need to commit because of the step that comes next
<kstenerud> ok so the previous changelog change should be commited before I do this?
<ahasenack> but we would not push that to a remote git repo
<ahasenack> yes please
<ahasenack> kstenerud: let's do it like this then:
<kstenerud> with the message "changelog"?
<ahasenack> yes
<ahasenack> commit that, without the ~ppa1 suffix
<ahasenack> then push that to launchpad
<ahasenack> and then commit the ppa1
<ahasenack> to push, use your launchpad name as a remote
<ahasenack> like this
<ahasenack> git push kstenerud/<branchname>
<ahasenack> (assuming I didn't mispell your name)
<ahasenack> sorry
<ahasenack> it's git push kstenerud <branch>
<dpb1> git ubuntu push?
<ahasenack> no, just push
<dpb1> and there is a remote called kstenerud?
<kstenerud> ok so I'm going to call: git push kstenerud bionic-postconf-segfault-1753470
<ahasenack> yes
<kstenerud>  * [new branch]        bionic-postconf-segfault-1753470 -> bionic-postconf-segfault-1753470
<ahasenack> dpb1: git ubuntu clone set that up beforehand iirc
<dpb1> oic
<ahasenack> the remote as lp username
<ahasenack> kstenerud: cool: http://code.launchpad.net/~kstenerud/+git
<ahasenack> kstenerud: now add the ~ppa1 suffix to the version in d/changelog, commit that (but do not push)
<kstenerud> +postfix (3.3.0-1ubuntu0.1~ppa1) bionic; urgency=medium
<kstenerud> like that?
<ahasenack> +1
<kstenerud> ok what commit msg should I use?
<ahasenack> a dummy one, just so you can keep track yourself
<ahasenack> that will never be published
<ahasenack> I use -m ppa1
<kstenerud> ok done
<ahasenack> ok, now we will build a source package that we can upload to a ppa
<ahasenack> kstenerud: git-ubuntu has a nice feature that works *most* of the time ;)
<ahasenack> kstenerud: git ubuntu build-source
<ahasenack> kstenerud: the parameters I would use are:
<ahasenack> git ubuntu build-source -v --lxd-image <bionic-lxd-image-name> --sign
<ahasenack> -v for verbose, --sign to sign the upload (otherwise the ppa won't accept it)
<ahasenack> and --lxd-image needs the name of your ubuntu bionic lxd image
<ahasenack> lxc image list and get it from there
<ahasenack> can be an alias or fingerprint
<ahasenack> build-source needs a clean branch to work, that's why we had to commit the ppa1 change
<sdeziel> ahasenack: omitting the --lxd-image arg seems to pick something that worked for me in the past, what's the added benefit of providing it?
<ahasenack> sdeziel: it will try to guess the name of the image
<ahasenack> I think it assumes the name is the ubuntu release name
<ahasenack> my images happen to have a different name
<sdeziel> OK
<ahasenack> for historical reasons: juju wanted a particular name that was not just "bionic"
<dpb1> and you are still doing that?
<ahasenack> I type fast
<ahasenack> I also have images for debian, centos, etc
<ahasenack> so prefixing the names with ubuntu- sounded fine
<kstenerud> lxd image or lxc image?
<dpb1> ko
<ahasenack> kstenerud: "yes" :)
<ahasenack> it's all lxd
<ahasenack> but the command line is lxc
<dpb1> unless you are using 'lxc-command' names
<dpb1> that's the *old* lxc
<dpb1> you shouldn't use anymore
<kstenerud> $ sudo lxd image
<kstenerud> EROR[08-16|12:00:39] Failed to start the daemon: LXD is already running
<kstenerud> Error: LXD is already running
<ahasenack> take it up to management :P
<dpb1> (not for this type of work anyway)
<ahasenack> it's "lxc image list"
<kstenerud> ok so I'll be calling: git ubuntu build-source -v --lxd-image bbb592c417b6 --sign
<ahasenack> yes,
<ahasenack> but let's check something else first
<ahasenack> to not waste time if it fails later
<ahasenack> the --sign step
<ahasenack> it will call debsign on the resulting .changes file
<ahasenack> do you have your gpg key with the same email as DEBEMAIL
<ahasenack> ?
<kstenerud> umm not sure actually
<ahasenack> do a gpg --list-secret-key
<kstenerud> it's using my gmail account
<ahasenack> you should add another email to it
<ahasenack> do a gpg --edit-key <email>
<kstenerud> ok
<ahasenack> then "adduid" at the prompt
<ahasenack> answer the questions
<ahasenack> exit with save, when back at the prompt
<ahasenack> and push the key to the keyserver again like we did yesterday (gpg --keyserver keyserver.ubuntu.com --send-keys <email>)
<kstenerud> which email do I use?
<ahasenack> the same as DEBEMAIL
<ahasenack> the canonical one
<ahasenack> it's how you will sign your source package
<kstenerud> gpg: "karl.stenerud@canonical.com" not a key ID: skipping
<ahasenack> is that what you used with adduid?
<kstenerud> yeah
<ahasenack> does the @canonical email show up in gpg --list-keys now, alongside your gmail one?
<kstenerud> [ultimate] (1)  Karl Stenerud <kstenerud@gmail.com>
<kstenerud> [ unknown] (2). Karl Stenerud <karl.stenerud@canonical.com>
<ahasenack> use the keyid then
<ahasenack> the hex-md5-like string just above that
<kstenerud> ok that worked
<ahasenack> what is it? let me fetch your key as well
<kstenerud> 7C177302572849D84A5048349E9C224744EF2A5A
<ahasenack> gpg: key 9E9C224744EF2A5A: public key "Karl Stenerud <karl.stenerud@canonical.com>" imported
<ahasenack> cool, got it
<ahasenack> ok
<ahasenack> back to the build-source command, go ahead and run it
<kstenerud> 08/16/2018 12:11:32 - ERROR:Failed to run apt-get in ephemeral build container (attempt 2/6)
<ahasenack> it tries apt-get before the network is up
<ahasenack> so it keeps trying
<kstenerud> ah ok. Yeah I had to put 5s delays in my containers for that
<ahasenack> afaik there is no standard/clean way to determine that from the outside
<ahasenack> it will install build tools, then the build dependencies of the package, and then build the source package
<ahasenack> and pull the files out of the container and place them in ../
<kstenerud> ok, build completed
<ahasenack> did it sign it as well? Did you get a prompt for your gpg passphrase?
<ahasenack> check the changes file in ../, it should have gpg markers inside it
<ahasenack> kstenerud: oh, do you need a break for lunch?
<ahasenack> we like to respect local time :)
<kstenerud> yeah, but let's get this part done first
<kstenerud> I didn't get prompted to sign
<ahasenack> but is it signed?
<kstenerud> 08/16/2018 12:14:06 - INFO:Signing changes file ../postfix_3.3.0-1ubuntu0.1~ppa1_source.changes
<ahasenack> so either it was cached, from a previous usage, or you didn't set a passphrase
<ahasenack> you can check later
<ahasenack> cat you paste that file please?
<kstenerud> Oh I got prompted when I added the new email
<ahasenack> ok
<ahasenack> so leave that terminal for a moment, you now have to create a ppa in the launchpad gui
<ahasenack> go to https://code.launchpad.net/~kstenerud
<ahasenack> er
<ahasenack> I mean https://launchpad.net/~kstenerud
<kstenerud> https://pastebin.ubuntu.com/p/fXV3YtMBjb/
<ahasenack> looks good
<ahasenack> in that lp page, look for the "personal package archives"
<ahasenack> and "create a new ppa"
<ahasenack> click on that
<kstenerud> ok
<ahasenack> first field in the form, url, use a name that will help you later. I suggest "postfix-postconf-segfault-1753470"
<ahasenack> or something like that, but at least keep the bug number
<ahasenack> it's free form, you may decide you like other naming schemes better, up to you
<ahasenack> use the same name in the next field
<ahasenack> "display name"
<ahasenack> description you can leave empty
<ahasenack> then "activate"
 * sdeziel wish git-ubuntu could support uploading to a PPA
<ahasenack> you can change these later, except the url bit I think
<kstenerud> ok done
<ahasenack> ok, see it
<ahasenack> now let's upload
<ahasenack> first, let's configure dput
<ahasenack> create this file: https://pastebin.ubuntu.com/p/XMkkRdmYbr/
<ahasenack> and leave the unspecified bit there as is
<ahasenack> I'll explain it later
<kstenerud> ok
<ahasenack> now the command:
<ahasenack> dput ppa:kstenerud/postfix-postconf-segfault-1753470 ../postfix_3.3.0-1ubuntu0.1~ppa1_source.changes
<ahasenack> it's dput <target> <changes-file>
<kstenerud> done
<ahasenack> you should get an email shortly
<ahasenack> telling you if it was accepted or not
<ahasenack> looks like it was accepted
<ahasenack> https://launchpad.net/~kstenerud/+archive/ubuntu/postfix-postconf-segfault-1753470/+packages is listing your build
<kstenerud> yup
<ahasenack> ok, wanna have lunch now?
<kstenerud> yeah, then we do the local build approach after?
<ahasenack> I'll be around for 2h more
<ahasenack> yes
<kstenerud> ok cool
<ahasenack> good job!
<kstenerud> I'll get it eventually :P
<ahasenack> ping when ready to continue
<kstenerud> ahasenack: ready when you are
<ahasenack> ok
<ahasenack> kstenerud: the local way,
<ahasenack> kstenerud: the command is simimlar
<ahasenack> git ubuntu build -v --lxd-image <image>
<ahasenack> no --sign needed, and it's build instead of build-source
<ahasenack> it will do the same, create a container, but this time build the binaries
<ahasenack> and pull them out, and then shutdown the container it use
<ahasenack> used
<kstenerud> ok built
<ahasenack> next step would be to test it
<ahasenack> you should bring up a cosmic container,
<ahasenack> install the normal cosmic version, reproduce the bug
<ahasenack> then install the updated package, confirm the bug is gone
<ahasenack> it also helps to write down the steps you take, because you will need them later on when preparing the bug for the update. It needs test steps;
<ahasenack> you can install the updated version from these binaries you just build, or the ppa that we used previously
<ahasenack> the ppa is always good to have, because at some point you will submit this change for review, and it helps reviewers if there is a ppa already with the fix, so they don't have to build it themselves
<kstenerud> ok so I'm in the cosmic container
<sdeziel> s/cosmic/bionic/ ^ ?
<keithzg> Welll great, those hardware lockups on the internal-facing ethernet adapter that I was experiencing on the router at work are happening again now.
<ahasenack> sorry, bionic
<ahasenack> sdeziel: thanks
<kstenerud> ok hang on
<kstenerud> ok so first off just apt install postfix?
<dpb1> keithzg: hrm
<ahasenack> yeah
<ahasenack> that will get you the one that is currently the latest in bionic, and has the bu
<ahasenack> bug*
<dpb1> keithzg: can  you remove the hardware and see if the lock ups persist?  or is it not that kind of equipment
<keithzg> dpb1: Alas it's a built-in adapter (two, in fact, although the external-facing built-in NIC on the motherboard isn't showing any issues)
<kstenerud> hmm I'm not getting a crash when I call postconf virtual_alias_map
<ahasenack> it has to be as a user who cannot read the map file
<keithzg> Hrmm wait, I bet the patched and recompiled network driver got overwritten by the latest kernel update!
<ahasenack> and it has to be a db map
<kstenerud> ok how do I set up a db map?
<ahasenack> I think there is an example in the bug
<kstenerud> what I get is /usr/sbin/postconf: fatal: open /etc/postfix/main.cf: No such file or directory
<ahasenack> add this to /etc/postfix/main.cf (the file should exist already):
<ahasenack> virtual_alias_maps = pgsql:/etc/postfix/valiases.cf
<ahasenack> then greate /etc/postfix/valiases.cf with any content
<ahasenack> and chmod 0600 /etc/postfix/valiases.cf
<ahasenack> then run postconf as a non-root user
<ahasenack> that would be one way to trigger the bug
<ahasenack> that was comment #8 in the bug, more or less
<ahasenack> and comment #9
<kstenerud> ah ok got the crash
<ahasenack> now leave config files as they are, add the ppa, and dist-upgrade to the new packages you prepared
<ahasenack> https://launchpad.net/~kstenerud/+archive/ubuntu/postfix-postconf-segfault-1753470/ has instructions on how to add the ppa
<ahasenack> basically sudo add-apt-repository ppa:kstenerud/postfix-postconf-segfault-1753470
<kstenerud> then apt upgrade?
<ahasenack> yes
<ahasenack> sometimes dist-upgrade, shouldn't make a difference in this case
<ahasenack> you may get other updates, not coming from the ppa
<ahasenack> as good practice I always dist-upgrade the container right after it started
<kstenerud> ok the fix works :)
<ahasenack> nice
<ahasenack> I guess now we can make a merge proposal
<ahasenack> and tomorrow we can run the dep8 tests, since postfix has some in debian/tests
<kstenerud> so if I weren't using the ppa, is it still possible to test?
<ahasenack> this test you just made?
<kstenerud> yeah. We pulled from ppa this time
<ahasenack> yes, you would copy the ../*.deb files that were produced by git ubuntu build previously
<ahasenack> into the test container
<ahasenack> there you would then just "sudo dpkg -i *.deb"
<ahasenack> or, instead of *.deb, check which postfix pcakages you have, and dpkg -i just those
<kstenerud> ok, but it didn't produce a .deb file. only a tar.xz file
<nacc> did you build or build-source?
<ahasenack> that was the build-source one
<ahasenack> didn't you run "build" before, without the --sign?
<ahasenack> that produces debs
<kstenerud> yeah that's what I did
<ahasenack> if that worked, the parent dir (../) should have deb files
<kstenerud> oh wait no
<kstenerud> I did builld-source :P
<ahasenack> you repeated the previous one?
<kstenerud> So when signing, I use build-source, and when building locally I use build?
<ahasenack> the signing is about uploading to the ppa
<ahasenack> the remote server only accepts signed uploads
<ahasenack> it's the authentication
<kstenerud> So the original I did was:
<kstenerud> git ubuntu build-source -v --lxd-image bbb592c417b6 --sign
<ahasenack> only you can upload packages to that ppa
<ahasenack> and ppas only take source uploads
<kstenerud> ok
<ahasenack> that builds the source, signs it, and you can upload that to a ppa, or even to the ubuntu archive once you have upload permission
<kstenerud> and then for just building the deb locally, I use:
<ahasenack> the same command with just "build" instead of build-source will produce binary debs
<kstenerud> git ubuntu build -v --lxd-image bbb592c417b6
<ahasenack> which can also be signed, but won't matter in this case
<ahasenack> since you won't upload binary deps anywhere
<ahasenack> correct
<kstenerud> ok, so next a merge proposal?
<ahasenack> yes
<ahasenack> go to the launchpad url for your branch
<ahasenack> https://code.launchpad.net/~kstenerud/+git lists all your git repositories
<ahasenack> click your way through until you are viewing your branch
<kstenerud> ok
<ahasenack> are you there?
<kstenerud> yup
<ahasenack> you should have landed at https://code.launchpad.net/~kstenerud/ubuntu/+source/postfix/+git/postfix/+ref/bionic-postconf-segfault-1753470
<ahasenack> right?
<kstenerud> yup. I see the commit msgs
<keithzg> Hmm. If reinstalling the patched kernel module works, then that definitely implies that that was *previously* working, which is odd since initially when I installed that, the problem persisted for a few hours after a reboot, so I was just assuming it hadn't helped.
<ahasenack> ok, click on "propose for merge"
<kstenerud> ok
<ahasenack> kstenerud: target repository should be correct already
<ahasenack>  lp:ubuntu/+source/postfix
<kstenerud> yup
<ahasenack> kstenerud: target branch now, we have to fill in
<ahasenack> kstenerud: since this is for a bionic update, the branch is ubuntu/bionic-devel
<ahasenack> that's where you branched from even
<ahasenack> kstenerud: commit message leave empty
 * keithzg wonders what's up with the Intel e1000e driver then, particularly considering the long silence in https://sourceforge.net/p/e1000/bugs/_discuss/thread/9048ab8e/
<ahasenack> kstenerud: description you have to fill in (we will get back to this)
<ahasenack> kstenerud: for reviewer, type canonical-server
<ahasenack> kstenerud: good so far? Then lets get back to the description. We will also add a second reviewer later on
<kstenerud> ok
<ahasenack> kstenerud: ok, in the description, which is free form, you basically say what you did
<ahasenack> kstenerud: you should mention that you grabbed the fix that is in cosmic already,
<ahasenack> kstenerud: also that you tested it and how, so others can try repeating your testing steps
<ahasenack> kstenerud: also mention the ppa that has test packages built
<ahasenack> kstenerud: you can also say you will run dep8 tests still. You can start reading up on that today if you still have time, but we will get to that tomorrow
<ahasenack> it needs a bit of infra setup on your machine
<ahasenack> then click "propose merge" at the bottom
<ahasenack> this description text you can change after proposing, that's fine
<kstenerud> OK so something like this?
<kstenerud> https://pastebin.ubuntu.com/p/7zFNP4NFG9/
<ahasenack> kstenerud: the test user won't exist by default, will, it?
<ahasenack> I suggest to use ubuntu, which is the default user
<kstenerud> no, there's a "useradd test" command
<kstenerud> oh ok
<ahasenack> ah, I missed that
<ahasenack> ok
<ahasenack> yeah, that's fine
<kstenerud> OK, so putting that in the description field
<ahasenack> yes
<kstenerud> then propose?
<ahasenack> yes
<kstenerud> https://code.launchpad.net/~kstenerud/ubuntu/+source/postfix/+git/postfix/+merge/353267
<ahasenack> nice
<ahasenack> now add another reviewr
<ahasenack> reviewer
<ahasenack> there are three options
<ahasenack> depending on what type of package it is
<ahasenack> if it's a universe package, the reviewer is canonical-server-motu-reviewers
<ahasenack> if it's a server package, then we use canonical-server-packageset-reviewers
<ahasenack> the rest, which is core/main, we use canonical-server-core-reviewers
<ahasenack> postfix is in main, so that leaves motu out
<ahasenack> (you can see with rmadison postfix, or apt-cache policy postfix)
<ahasenack> to see if it's core or server-packageset, I use "ubuntu-upload-permission -a postfix"
<ahasenack> that will list who can upload postifx
<ahasenack> it only lists core
<ahasenack> so the extra reviewer slot is canonical-server-core-reviewers
<ahasenack> hopefully this will be automatic someday
<ahasenack> but we are not there yet
<kstenerud> ok so how do I add an extra reviewer?
<ahasenack> you should see a button/link just below the existing reviewer
<kstenerud> All I see is "claim review"
<ahasenack> "request another review" on the right?
<ahasenack> green link
<kstenerud> ah ok
<kstenerud> done
<ahasenack> good
<ahasenack> the mp part is done
<ahasenack> bookmark this link: https://code.launchpad.net/~canonical-server/+activereviews
<ahasenack> that shows all reviews
<ahasenack> or rather, all mps
<ahasenack> now we need to touch the bug again, since this is an update for a stable release (bionic)
<ahasenack> kstenerud: https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template
<ahasenack> the bug description needs to be filled out with that information
<kstenerud> ok
<ahasenack> what I do is edit the bug description (click on the pencil icon), write "[Original Description]" at the very top, so that the existing description is below it,
<ahasenack> and paste the template above it all
<ahasenack> so you will have something like
<ahasenack> sru template
<ahasenack> [original descrption]
<ahasenack> (here goes on what the original description was)
<ahasenack> and then you have to really fill out that template. Think about how this is affecting users
<ahasenack> how the fix was done
<ahasenack> why the fix is safe (committed upstream?)
<ahasenack> add testing steps (in this case, omit the ppa, bceause if the sru is accepted, your package will be uploaded to a special proposed pocket). Just assume people know how to get it
<ahasenack> that page with the sru template has links to existing sru bugs where you can see some examples
<ahasenack> https://bugs.launchpad.net/bugs/1583324 is a recent one I worked on
<ubottu> Launchpad bug 1583324 in samba (Ubuntu Xenial) "Samba won't start when an include statement in smb.conf has a variable substitution " [Undecided,In progress]
<ahasenack> kstenerud: ah, and if you go back to the postfix bug, you'll see your branch and merge proposal attached to it: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1753470
<ubottu> Launchpad bug 1753470 in postfix (Ubuntu Bionic) "Postconf segfaults every 5 minutes" [Low,In progress]
<ahasenack> that's because of the special (LP: #xxxx) in the changelog entry
<ahasenack> kstenerud: I have to go now, shoot me an email if you have any questions, and we will continue tomorrow
<kstenerud> ok sounds good. Thanks! Lots to digest here :)
<ahasenack> cheers :)
<keithzg> Well I just spent a long long time trying to get systemd ethernet renaming to work, I swear that's how I have things currently named "external0" and "internal0", but changing the entries in /etc/systemd/network doesn't change anything, and I can't find where else I could have set those . . .
<sarnold> the usual place is /etc/udev/rules.d/70-persistent-net.rules
<keithzg> sarnold: Yeah that's the classic, udev (rather than systemd) place, but I have no files there at all.
<sarnold> oh. hrm.
<keithzg> Like, the entire /etc/udev/rules.d directory is empty.
<keithzg> This all was to try to make the spare PCIe adapter I've shoved in now be "internal0" so that I wouldn't have to change anything else, but I eventually gave up and just changed the /etc/network/interfaces and iptables rules to refer to "enp1s0" (the autogenerated name for the PCIe NIC) instead. Which has generally worked, although somehow OpenVPN clients seeing our internal network now, which is . . . bad :(
<keithzg> (And that also doesn't make sense really, since the OpenVPN conf only specifies routing rules, not specific adapters, although maybe I need to re-do the tun bridge? Yeah that's probably it.)
<keithzg> (Hmm no, that's just created by the OpenVPN service. Hrmmm.)
<sdeziel> tun bridge is a weird combo ... tap+bridge maybe?
<keithzg> sdeziel: I think I was just mistakenly presuming it was a bridge, since that would explain why changing adapters would break it. But it's definitely tun0 that's being brought up and theoretically used by OpenVPN.
<sdeziel> keithzg: gotcha
<keithzg> I wonder if this is the problem: "Thu Aug 16 17:16:00 2018 us=759598 /sbin/ip route del 10.1.190.0/24 | RTNETLINK answers: Operation not permitted | Thu Aug 16 17:16:00 2018 us=760404 ERROR: Linux route delete command failed: external program exited with error status: 2"
<sdeziel> keithzg: usually harmless
<sdeziel> keithzg: that's openvpn trying to cleanup something that's cleaned automatically afterwards anyways
<keithzg> sdeziel: Fair enough, although *something* is making the VPN entirely fail to work, and with multiple people who work only remotely this is a problem I really gotta figure out!
<sdeziel> keithzg: could you pastebin the journalctl output of the openvpn service?
<keithzg> sdeziel: Oh that's not gonna help any, haha, it just says "Starting OpenVPN service..." whenever I start it and "Stopped OpenVPN service." "Started OpenVPN service." when I stop it ;) I'll grab an excerpt of the actual log though . . .
<sdeziel> keithzg: would that be "journalctl -u openvpn" by any chance?
<sdeziel> keithzg: the real deal is in "journalctl -u openvpn@$INSTANCE" where instance is /etc/openvpn/$INSTANCE.conf
<keithzg> sdeziel: That's true, but the config file is just openvpn.conf and `journalctl -u openvpn@openvpn only differs in that it gives some errors from last week when the troubles that led me to now changing physical adapters started. Nothing other than logging the starting and stopping today.
<sdeziel> keithzg: maybe you have a very low "verb" param in that conf
<keithzg> However, it //is// logged to a file and here's the output from the most recent start of the service and while some clients connected and failed to get anything: https://paste.kde.org/pwd9kfb5y
<keithzg> (As of this moment no more has been written to the log)
<sdeziel> keithzg: do you have IP forwarding enabled?
<sdeziel> keithzg: now that your internal0 NIC is named differently, have you updated your firewall FORWARD rules?
<sdeziel> (if you use -i/-o in those rules)
<keithzg> sdeziel: Yes, I changed the iptables rules accordingly. To be clear, the internal0 NIC is still named the same (mysteriously), I changed the rules and the /etc/network/interfaces entry to refer to enp1s0 rather than internal0.
<sdeziel> keithzg: OK, cause that android client seems to have successfully connected
<keithzg> sdeziel: Indeed, the clients seem to connect successfully, but now cannot access anything on our internal network.
<sdeziel> keithzg: have you tried tcpdump'ing while the client tries to connect to the internal net?
<keithzg> sdeziel: Hmm. Well, `tcpdump -i tun0` doesn't show much, https://paste.kde.org/p9n8wz4wu
<keithzg> And I do see stuff like "17:38:43.586600 IP 10.1.190.10 > boots: ICMP echo request, id 13, seq 3, length 64" when dumping enp1s0
<keithzg> So in theory the ping requests are being forwarded, although they (and any other form of traffic) certainly don't seem to be making it back to the clients.
<sdeziel> keithzg: try with tcpdump -ni any icmp
<sdeziel> err: tcpdump -nei any icmp
<sdeziel> keithzg: do you mind sharing iptables-save?
<sdeziel> keithzg: I have to go, sorry. Good luck though!
<keithzg> sdeziel: https://paste.kde.org/pbt8yxxyo is the ICMP dump
<keithzg> sdeziel: Fair enough, thanks for the help!
<sdeziel> keithzg: looks like systemd-resolved is not running but that's not related ;)
<sdeziel> keithzg: I'd check on 10.1.186.32 and see if you get the ICMP packets
<sdeziel> keithzg: if you do get them, check how it tries to respond to them with "ip route get 10.1.190.10". It should send packets toward the VPN server
<keithzg> sdeziel: Yeah on the receiving end I'm seeing "17:50:18.190642  In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 128: 10.1.186.32 > 10.1.186.32: ICMP host 10.1.190.10 unreachable, length 92"
<keithzg> (`ip route get` returns the adapter I'd expect it to be using to reply)
<sdeziel> keithzg: the interesting part of ip route get is the gateway/via used
<keithzg> sdeziel: Hrmm, it doesn't say anything more than "10.1.190.10 dev br0  src 10.1.186.32" and then "cache" on the next line.
<sdeziel> keithzg: hmm, that's wrong
<sdeziel> it means it thinks that 10.1.190.10 is in the same LAN as the VPN client
<sdeziel> but they are not as you have a router (the VPN server) between the 2
<keithzg> sdeziel: Hmm? 10.1.190.10 *is* the VPN client, though?
 * keithzg is very tempted to just try the udev method for adapter renaming and hope that magically fixes everything, heh
<sdeziel> keithzg: 10.1.186.32 thinks that 10.1.190.10 is in the same LAN
<sdeziel> keithzg: didn't you say the NIC was renamed somehow though?
<keithzg> sdeziel: Yeah I suppose that's not true, although they *do* have the same gateway.
<sdeziel> keithzg: please pastebin: "cat /etc/network/interfaces; ip link; ip ro; iptables-save" from the VPN server
<keithzg> sdeziel: The exact situation is, the internal adapter is called "internal0" . . . somehow. I know that was me, but the only settings I have for that are in /etc/systemd/network, and changing those and rebooting changes nothing. The 'internal0' adapter is experiencing hardware lockups, so I put in a PCIe adapter to use instead.
<keithzg> sdeziel: Here ya go, from our router (which is also the VPN server): https://paste.kde.org/pi4tooz7a
#ubuntu-server 2018-08-17
<sdeziel> keithzg: I don't think that /etc/network/interfaces (used by ifupdown) works well in conjunction with systemd-networkd
<sdeziel> keithzg: OK, I think I see what's wrong
<sdeziel> keithzg: your MASQUERADE rules only apply when "-o internal0"
<sdeziel> keithzg: but your internal leg is not internal0 but enp1s0 so that "-o" criteria doesn't match
<keithzg> sdeziel: Aha
<sdeziel> keithzg: a quick and dirty fix would be to: iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o enp1s0 -j MASQUERADE; iptables -t nat -A POSTROUTING -s 10.1.190.0/24 -o enp1s0 -j MASQUERADE
<sdeziel> keithzg: it seems that you distro upgraded from 16.04 to 18.04, which would explain why you have /etc/network/interfaces
<keithzg> sdeziel: Yeah I did that in the vain hope that newer drivers would fix the Intel NIC lockups (it didn't)
<keithzg> And yeah that fix worked, now to figure out why the iptables file I have isn't being read in, heh
<sdeziel> keithzg: re iptables, maybe you have the rulesets in /etc/iptables?
<sdeziel> keithzg: next time you need to try newer driver, you can pull the next LTS backported kernel (see https://wiki.ubuntu.com/Kernel/LTSEnablementStack)
<keithzg> sdeziel: Well in fairness it was about time for the 18.04 upgrade anyways, heh. And yeah /etc/iptables/rules.v4 exists, but oddly it misses some of the rules that're applied each boot so there's at least one missing piece of *that* puzzle still
<keithzg> sdeziel: Anyways, that seems like a job for tomorrow, now that everything's working for now. Many, many thanks!
<sdeziel> keithzg: great!
 * keithzg figures it's beer time, calls it a day :D
<cpaelzer> good morning
<dbe> I'm running a server with openiscsi. Yesterday, it failed to boot because openiscsi failed to mount one of it's partitions. The problem is that it was stuck on "waiting for a iscsi job" or something like that forever. How can I make sure I'm not locked out of the system like that again? i.e. I want openssh to start even if iscsi does not.
<boritek> hi. after adding hardware manually in maas with IPMI, it shows a green power button as it can see it is powered on, however maas cannot commission any machine
<boritek> logs say: Failed to query node's BMC - (inew) - No rack controllers can access the BMC of node
<rbasak> dbe: you can override service dependencies
<rbasak> I'm not sure if the iscsi stuff is systemd-enabled
<rbasak> If so, see systemd.unit(5) for drop-in directories (/etc/systemd/system/foo.service.d/) for local overrides
<rbasak> If not, you can safely edit any file in /etc/init.d/
<ahasenack> good morning
<ahasenack> boritek: take a look at /var/log/maas/maas.log (and other log files in there) to get more details about that failure
<ahasenack> you might also want to join #maas
<boxrick> Good afternoon folks, I have a headless Ubuntu Server. I wish to install a lightweight desktop on top of that install with just a web browser. Lubuntu-desktop still has an amount cruft. Is there a way to tell it to do a completely minimal install. IE no pidgin transmission etc?
<rbasak> boxrick: I don't think you'll get much help on this channel, sorry. We don't consider GUIs on server to be servers.
<rbasak> boxrick: perhaps try #ubuntu or askubuntu.com
<boxrick> Well, depends on your use case I guess. A dumb headless box with a web browser window outputting to a monitor I would say is closer to a server.
<boxrick> Perhaps there is a better way of achieving this, I literally want a server deploy with a browser output to show build status' and monitoring screens from grafana and such
<boxrick> Like a simple X session autoloading into a single piece of software perhaps.
<rbasak> It's certainly possible. I'm sure I could arrange that, but it'd take me quite a bit of fiddling and reading docs to recall exactly how to do it. What you need for that is expertise in X, display managers, and so on. This is the least likely place to find that expertise. I'm not going to get into an argument about semantics. I'm just saying that you're less likely to find people who can help you
<rbasak> here.
<boxrick> That is fair enough, as you say the semantics are pointless. I appreciate the guidance :)
<dpb1> hello all
<kneeki> I have this small script that should check if apache2 is running and if not start it. It doesn't seem to be working (apache sometimes shuts down with no errors) and i'm not getting any errors. Any idea? https://pastebin.com/c0jMNprh
<RoyK> kneeki: systemd should be able to do that for you
<RoyK> kneeki: which ubuntu version is this?
<boxrick> Yea, this feels like an odd use case. Systemd is quite powerful these days, and even previously Upstart could do that.
<Helenah> Hi, for some reason, on my Ubuntu fresh install, cron doesn't seem to be scheduling crontab -e entries...
<dpb1> Helenah: 18.04?
<Helenah> dpb1: Yeah
<dpb1> dpkg -l |grep cron shows what?
<Helenah> dpb1: It shows that cron is installed.
<Helenah> And the service is running.
<Helenah> However, it's not scheduling, atleast not user-specific cron entries.
<sdeziel> Helenah: do you have any of those files? /etc/cron.{allow,deny}
<Helenah> sdeziel: No.
<tobias-urdin> jamespage: The following packages have unmet dependencies: nova-common : Breaks: glance-api (< 2:18.0.0~b2-0ubuntu3~) but 2:17.0.0~rc1-0ubuntu1~cloud0 is to be installed
<jamespage> tobias-urdin: context?
<jamespage> I may have to hand back to coreycb otp right now
<Helenah> Have I missed something out?
<coreycb> tobias-urdin: jamespage: yes i'll look at that
<sdeziel> Helenah: grep CRON /var/log/auth.log | grep $USER  # USER == the user you with the crontab entry
<coreycb> tobias-urdin: jamespage: but first i have another question for tobias-urdin
<tobias-urdin> for log ref: http://logs.openstack.org/28/593028/1/check/puppet-openstack-integration-5-scenario001-tempest-ubuntu-bionic-mimic/bb1ad47/logs/puppet.txt.gz#_2018-08-17_12_07_15
<Helenah> sdeziel: It's just showing opened and closed sessions for the user. The only is just used for a SupyBot, and nothing more.
<Helenah> s/only/user
<coreycb> tobias-urdin: we'd like to switch to py3 by default in rocky. we'll still have py2 packages but you'll need to install one or two alternative dependencies first prior to installing a core openstack package. ie. you'd have to install python-nova prior to nova-api to get the py2 version. otherwise if you just installed nova-api it would use the python3-nova dependency.
<sdeziel> Helenah: those opened/closed message seem to imply the crontab items are being processed
<sdeziel> Helenah: could you pastebin the 'crontab -l' output?
<coreycb> tobias-urdin: how painful would that be for you? the issue is that in cosmic python2.7 is proposed to be dropped from main which means no security support from canonical.
<Helenah> */1 * * * * supybot-botchk --botdir=/home/h31337/ --pidfile=/home/h31337/bot.pid --conffile=/home/h31337/bot.conf
<coreycb> tobias-urdin: looking into that nova issue now
<Helenah> I run the command on the shell, and it works as expected.
<sdeziel> Helenah: `which supybot-botchk`
<tobias-urdin> coreycb: thanks :)
<sdeziel> Helenah: */1 == * in crontab
<Helenah> Does cron ignore the /usr/local/bin/ path?
<Helenah> Rly?
<sdeziel> */1 means every 1 minutes
<sdeziel> same like *
<RoyK> Helenah: add it to cron's path
<RoyK> Helenah: I don't think it's in it by default
<sdeziel> Helenah: crontab's default path is: /usr/bin:/bin
<Helenah> I could just use the absolute path in crontab which is better.
<sdeziel> yup
<RoyK> should work well
<Helenah> I'm gonna implement that solution then. Thanks, great help!
<Helenah> Helped me brainstorm this issue
<RoyK> Helenah: we've all been there :)
<sdeziel> Helenah: you may also want to move supybot to a real service manager like systemd this way it could be automatically revived when needed
<sdeziel> Helenah: that's assuming the botchk think is a liveness check of some kind
<RoyK> systemd is quite good at those things
<Helenah> I set the absolute path, crontab -l confirms the change, however still not scheduling the botchk command.
<Helenah> */1 * * * * /usr/local/bin/supybot-botchk --botdir=/home/h31337/ --pidfile=/home/h31337/bot.pid --conffile=/home/h31337/bot.conf
<Helenah> Oh, forgot to change the prefix.
 * Helenah waits...
<Helenah> sdeziel: I wanted to use a scheduler for this particular case.
<coreycb> tobias-urdin: the nova issue was a copy/paste fail on my end. i have a new package version on it's way and should be available in a few hours.
<Helenah> sdeziel: */1 definately == *?
<Helenah> What supybot-botchk does is, it checks to see if the supybot PID is running, if not it starts supybot as a daemon.
<Helenah> I tested it all at the shell, it is confirmed to work.
<sdeziel> Helenah: I'll confirm in a minute once this fired: (crontab -l; echo '* * * * * echo test-star'; echo '*/1 * * * * echo test-slash') | crontab -i -
<tobias-urdin> coreycb: cool, thanks for looking into it!
<sdeziel> Helenah: so yes, both are equivalent
<coreycb> tobias-urdin: np, sorry about that.
<Helenah> Then for some reason cron isn't scheduling correctly.
<Helenah> and I don't know how to diagnose cron.
<Helenah> I only ever had to use it a few times in my entire long time using Linux.
<sdeziel> Helenah: is supy-botchk a shell script? If yes, maybe it requires path to be set before hand ... see RoyK's advise on setting it in crontab
<Helenah> I'll check that out, however the supybot guide which has been confirmed to work states to do this. Even though, it might not have been "cron" they were using but some other scheduler with slightly different syntax.
<Helenah> Python
<Helenah> /usr/local/bin/supybot-botchk: Python script, ASCII text executable
<sdeziel> yeah, sorry I asked for a script specifically but that's not relevant, anything can depend on PATH
<Helenah> hmm
<Helenah> No need
<Helenah> We all make mistakes in our speech and things
<sdeziel> heh
<Helenah> hmm
<Helenah> Lemme test that command in the shell just one more time to confirm it's giving the same expected result.
<Helenah> And so it is... o.o
<Helenah> I'm gonna try and restart cron, see if something fluked out along the way.
<sdeziel> Helenah: have you added PATH=... to the crontab?
<kneeki> RoyK: Sorry, wife took me away. It's ubuntu 17.10
<Helenah> sdeziel: I thought that wasn't needed when specifying absolute paths?
<sdeziel> Helenah: well it depends if the python script then tries to exec/launch some commands and rely on $PATH to find those commands
<RoyK> kneeki: better upgrade that to 18.04.1
<Helenah> What would be the best way of changing the PATH= variable in crontab?
<RoyK> Helenah: PATH=blabla in the header
<Helenah> On a new line in crontab -e? I didn't know that could be done. I thought that file was just for schedule entries.
<RoyK> Helenah: something like PATH="/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin"
<RoyK> it's not
<Helenah> Aaaah, you learn something new everyday, thanks for confirming that the crontab files can be used for more than scheduling entries.
<RoyK> Helenah: man 5 crontab
<RoyK> :)
<Helenah> Aaaah, thanks
<Helenah> Thank you all who helped me solve this puzzle, for your support and patience.
<dpb1> Helenah: probably one you wont forget. :)  everytime I edit cron I think about PATH now. :)
<Helenah> dpb1: Heh, agreed! I'll adopt it as a practice.
<kneeki> RoyK, okay - upgrading now
<Helenah> Hi, how do I get Oidentd to work? I checked netstat and it is running on 0.0.0.0:113...
<Helenah> I seem to still have a tidle at the beginning of my ident.
<ahasenack> kstenerud: so, dep8 tests. Did you install autopkgtest?
<kstenerud> ahasenack yup
<ahasenack> kstenerud: ok, let's build lxd and kvm images suitable for autopkgtest
<ahasenack> kstenerud: autopkgtest-buildvm-ubuntu-cloud for qemu images
<ahasenack> qemu/kvm, that is
<ahasenack> kstenerud: call it like this
<ahasenack> autopkgtest-buildvm-ubuntu-cloud -r bionic -v --cloud-image-url http://cloud-images.ubuntu.com/daily/server
<ahasenack> -r: release (bionic is what we want to test now)
<ahasenack> -v verbose
<ahasenack> the url is so we pick the daily images, instead of release, as they are more up-to-date
<ahasenack> you can also add: -m <mirror>, like -m http://us.archive.ubuntu.com/ubuntu
<ahasenack> and -p for a proxy url if you have a proxy/cache locally
<ahasenack> that will output an image in the current directory
<kstenerud> do I need to run this as root? Or is there a group I can add myself to?
<ahasenack> normal user
<ahasenack> but a user that is able to spawn vms, like run kvm
<kstenerud> ERROR: no permission to write /dev/kvm
<dpb1> kvm
<dpb1> and libvirt
<ahasenack> yeah, make yourself part of the kvm group
<ahasenack> autopkgtest doesn't use libvirt
<dpb1> k
<ahasenack> I keep my autopkgtest vms in /var/lib/adt-images
<ahasenack> adt is short for autopkgtest (somehow)
<dpb1> apt....
<ahasenack> but the place doesn't matter
<ahasenack> it will spawn up a vm using that image it downloaded and make some modifications to it
<kstenerud> damn is there a way to reload my groups without rebooting?
<ahasenack> newgrp kvm
<ahasenack> then confirm with "id"
<ahasenack> it will be valid for that session only, not your whole desktop
<ahasenack> it's like a new shell
<ahasenack> is the download fast for you at least?
<ahasenack> cloud-images.u.c is so slow for me, too far away
<ahasenack> I get 140kbytes/s at most
<kstenerud> not sure what bps I'm getting. 80mb downloaded so far
<ahasenack> kstenerud: what's the percentage?
<ahasenack> I think it prints that
<kstenerud> it's downloaded and doing cloud-init atm
<ahasenack> ok
<kstenerud> Is this something I'll be doing often? Maybe there's a way to cache this step?
<ahasenack> just once
<kstenerud> ok I have an img file now
<dpb1> yes, there is a cron job that you will want to run to get all your dailies in sync, etc
<ahasenack> it's the usual tradeoff. The test run will call apt upgrade
<ahasenack> so the older your image is, the longer that apt upgrade step will take
 * dpb1 nods
<ahasenack> so to run, some options
<ahasenack> normally, autopkgtest will build the source again, and run the tests against what it just built
<ahasenack> we will do that too
<ahasenack> the other way, since we have a ppa already, is to use the binaries available in that ppa, so no rebuilding time
<ahasenack> let's see
<ahasenack> kstenerud: autopkgtest -U -s -o dep8-postfix postfix/ -- qemu /var/lib/adt-images/autopkgtest-bionic-amd64.img
<ahasenack> let's break it down
<ahasenack> -U: run apt-get upgrade
<ahasenack> -s: stop and give you a shell if there is a failure. Good to debug
<ahasenack> -o dep8-postfix: write output report to the directory dep8-postfix
<ahasenack> postfix/ <-- important bit
<ahasenack> just "postfix" means autopkgtest will just fetch the postfix package from the archive
<ahasenack> "postfix/", if you have a postfix/ directory in your current working directory, means it will consider that an extracted source package and build the binaries from it, and also run the tests within it
<ahasenack> so I ran that just now in the parent directory of where the postfix/ git repo was extracted
<ahasenack> after -- is how to run the tests, which virtualization technique
<ahasenack> qemu is shorthand for autopkgtest-virt-qemu
<ahasenack> and it takes the parameters described in the autopkgtest-virt-qemu manpage
<ahasenack> usually just the image file name you just created
<ahasenack> which in my case is in /var/lib/adt-images
<ahasenack> there is a way to run all this remotely on a server provided by ubuntu, via a ticketing system
<ahasenack> but only core devs can use it fully
<ahasenack> so we have to climb the ladder of privileges until we can use that
<dpb1> oh, i didn't know that
<ahasenack> and do things manually
<ahasenack> https://bileto.ubuntu.com/
<dpb1> ah, that is bileto
<dpb1> christian was using bileto before he was a core dev
<dpb1> just a subset of it or something?
<ahasenack> I can use it for a few packages
<dpb1> ahh
<ahasenack> but others I have to ask a core dev to click "approve"
<dpb1> server packages right?
<ahasenack> it's not clear
<ahasenack> sil2100 would know, but I think he is on holidays
<dpb1> yes, he was in the same boat when I joined
<dpb1> he had server upload rights but not core dev
<ahasenack> kstenerud: how is it going? My test run just finished
<kstenerud> postfix              PASS
<kstenerud> qemu-system-x86_64: terminating on signal 15 from pid 24506 (/usr/bin/python3)
<ahasenack> good
<ahasenack> that, and more details, should be in that dep8-postfix directory that the test run created
<ahasenack> now let's try again but using the ppa. That will skip the build part
<kstenerud> ok
<ahasenack> this is a mouthful
<ahasenack> autopkgtest -U -s -o dep8-postfix-ppa --setup-commands="sudo add-apt-repository -y -u -s ppa:kstenerud/postfix-postconf-segfault-1753470" -B postfix -- qemu /var/lib/adt-images/autopkgtest-bionic-amd64.img
<ahasenack> differences:
<ahasenack> setup-commands: that adds the ppa. -y is for yes, please add it
<ahasenack> -u is for "please also run apt-update"
<ahasenack> -s: please add the source line as well
<ahasenack> the dep8 tests are only in the source package, so we need deb-src lines in sources.list
<ahasenack> then -B: please don't build
<ahasenack> and "postfix", without a "/", so it's considered a package name, not a local directory
<ahasenack> note that a dep8 test can explicitly request that a build is needed, so that wins iirc
<kstenerud> ok
<ahasenack> this should be faster
<ahasenack> my previous run started at [14:19:55] and ended at [14:28:04]
<ahasenack> so about 8min
<ahasenack> note that just specifying the ppa isn't enough strictly speaking to get the package from there
<ahasenack> it has to be of a higher version than what is in the bionic archive
<ahasenack> because autopkgtest will just do "apt-get install postfix"
<kstenerud> ok tests finished
<ahasenack> good
<ahasenack> we can do the same with lxd
<ahasenack> the debian/tests/control file specifies the requirements for each test
<ahasenack> some tests specifically ask for avm
<ahasenack> a vm
<dpb1> he left
<ahasenack> ah, right
<ahasenack> welcome back
<kstenerud> back. had a network hiccup
<ahasenack> kstenerud: the debian/tests/control file has a Restrictions field that specifies special requirements for a test
<ahasenack> there are many flags that can go in there
<ahasenack> that's also where it's specified if the test requires a vm or a container, or if it doesn't matter
<ahasenack> like
<ahasenack> Restrictions: isolation-container, needs-root, allow-stderr
<ahasenack> and so on
<ahasenack> it's all in the dep8 spec
<ahasenack> let's try to create a lxd image for autopkgtest
<ahasenack> we use another autopkgtest-build command, it's autopkgtest-build-lxd
<ahasenack> this one takes as a parameter the base image
<ahasenack> so you can just give it an image you already have, or use that ubuntu:bionic "url"
<ahasenack> like autopkgtest-build-lxd ubuntu-daily:bionic/amd64
<kstenerud> If I specify ubuntu:bionic, but already have it downloaded, will it just use that or download again?
<ahasenack> I think it will download again, because of the "ubuntu:" prefix
<ahasenack> that's a "remote"
<ahasenack> you can give it any image from your "lxc image list" output essentially
<teward> ahasenack: i thought LXD had a caching mechanism based on the remote metadata to determine whether it needs to redownload the image or not
<kstenerud> ok. I'll need to be careful while in Canada because I have a 500g limit
<teward> because in a brand new LXD I've launched ubuntu:bionic and it's only downloaded once for that day or so
<teward> at least until the remote updated
<ahasenack> teward: could be
<ahasenack> ther eis also an auto-refresh
<ahasenack> it might have kicked in without you realizing
<teward> but that could be a local caching thing in LXD.  I just keep a local mirror now with the images I need on autorefresh
<teward> (i don't think it downloads each and every time, I'd need to test but tis irrelevant to the question at hand)
<teward> *returns to the quiet realms*
<kstenerud> ahasenack: I did autopkgtest-build-lxd ubuntu-daily:bionic
<ahasenack> kstenerud: check with "lxc image list" if it created another image, one for autopkgtests
<kstenerud> no new image
<ahasenack> what did it do? Any errors?
<kstenerud> no errors
<kstenerud> Container published with fingerprint: baa396c0ef0d3252321275d540a505c6ede0e7a75cd0b6413297f443ba6b066c
<ahasenack> are you sure there is no new image?
<kstenerud> oh wait duh I typed lxc list :P
<ahasenack> that's for running containers :)
<kstenerud> yes ther's a new image
<sdeziel> the ubuntu: remote is refreshed only so often (https://paste.ubuntu.com/p/PNg76k4c9j/) while ubuntu-daily: is well daily :)
<ahasenack> kstenerud: ok, so to use that, the bit before "--" in the autopkgtest command line stays the same
<ahasenack> after --, you would use "lxd <imagename>"
<ahasenack> and it will then use lxd and that image to run the tests
<kstenerud> so I'd use the fingerprint?
<ahasenack> yes, you can later use lxc image edit, or lxc image alias, to manage those and use friendlier names
<kstenerud> or the alias?
<ahasenack> doesn't matter how it's referred to
<ahasenack> it's whatever works with "lxc launch <name>"
<ahasenack> fingerprint, alias, etc
<kstenerud> ok so for this one:
<kstenerud> autopkgtest -U -s -o dep8-postfix-ppa --setup-commands="sudo add-apt-repository -y -u -s ppa:kstenerud/postfix-postconf-segfault-1753470" -B postfix -- lxd autopkgtest/ubuntu/bionic/amd64
<ahasenack> yeah
<ahasenack> sounds right
<kstenerud> so is there any particular reason to favor lxd or kvm?
<ahasenack> lxd is faster
<ahasenack> you can amend the postfix MP with the dep8 results now
<ahasenack> I usually push the output directory to people.ubuntu.com
<ahasenack> I don't know if you have that access yet, try "sftp <lpid>@people.ubuntu.com"
<ahasenack> if we had full bileto access, we would just paste the bileto ticket
<kstenerud> no access
<ahasenack> ah, might be the ubuntu developer thing
<ahasenack> kstenerud: for now you can just paste the last bits of the dep8 run in the MP. Nothing large, just the bits from the "results" line and below
<ahasenack> I need to reboot, brb
<kstenerud> ahasenack: Do I append that as a comment on the MP?
<ahasenack> kstenerud: back
<ahasenack> kstenerud: since there are no comments yet, you can edit the description
<kstenerud> ok done
<ahasenack> kstenerud: ok
<ahasenack> kstenerud: now, in terms of our team's workflow, you should create a card in the trelo board
<ahasenack> for the bug
<ahasenack> and put it in the "review" column
<ahasenack> it's free-form, but you can look at the other cards in there to get an idea
<ahasenack> it should have links to the bug and/or the mp
<ahasenack> and be assigned to you
<ahasenack> we should have done this yesterday, but I forgot
<ahasenack> yesterday the card would have been in the "doing" column
<ahasenack> then you would just drag it to "review" once the mp was up
<ahasenack> kstenerud: I see the card, just add yourself to it now
<ahasenack> kstenerud: and you can use the "attachment" button to link to the bug and the mp
<ahasenack> kstenerud: to add yourself, click on "members", or just press the spacebar when viewing the card
<kstenerud> ok done
<ahasenack> cool
<ahasenack> let me check the sru template
<ahasenack> kstenerud: put the [original description] section at the bottom/end, start with [Impact]
<kstenerud> ok
<ahasenack> kstenerud: in the test case, or any other set of instructions, it's common to be clear when root is used and when not
<ahasenack> kstenerud: you can do that via a prompt ("$" vs "#"), or by using sudo when root is required
<ahasenack> you should also make it clear at the postconf step that this is where it segfaults, and where the fixed package does not segfault
<ahasenack> kstenerud: and, suggestion, since the bug is about not being able to read the file, I think its contents don't matter. It could be an empty file (untested). If true, that would make the testing instructions simpler and easier to follow
<kstenerud> ok updated. I also changed the user to ubuntu, and ran through it to make sure it still crashes
<ahasenack> cool
<ahasenack> the non-root user prompt is $, not #, though
<ahasenack> nitpicking, we haz it :)
<ahasenack> (in the postconf final call)
<ahasenack> and you missed sudo in the apt calls, touch, chmod
<ahasenack> and that echo won't work as a regular user
<kstenerud> oh hah got it backwards
<kstenerud> ok fixed
<ahasenack> +1
<ahasenack> good
<ahasenack> kstenerud: ready for another, or do you want to collect your notes?
<ahasenack> the next one would be for cosmic, aka, the development release, so no sru
<ahasenack> (I think)
<kstenerud> I need to collect my notes for a bit
<ahasenack> ok, np
<ahasenack> ping if you need anything
<kstenerud> ok
<ahasenack> and lunch, don't forget that :)
<sdeziel> this + lunch == lots to digest ;)
<ahasenack> haha
<kstenerud> lol yeah my head's spinning :)
<sdeziel> I must admit I never suspected how much work was behind a SRU
<sdeziel> I'll try to think of the server team before asking the next SRU ;)
<ahasenack> and there is more
<ahasenack> we didn't talk about migation yet
<ahasenack> migration*
<sdeziel> not sure I understand migration in this context?
<ahasenack> it's what happens when a package migrates from the proposed pocket to the updates one (in the case of an sru) or the release one (in the case of an upload to the development release)
<ahasenack> there are a bunch of tests and checks that happen there
<ahasenack> in the case of the development release, they are blocking checks: if something fails, the migration doesn't happen
<ahasenack> in the case of an sru, it's advisory
<sdeziel> oh, I always assumed there was only a backing period + someone needed to release it
<ahasenack> http://people.canonical.com/~ubuntu-archive/proposed-migration/xenial/update_excuses.html is the current list for xenial, for example
<ahasenack> sdeziel: that too
<ahasenack> for srus, it's manual
<ahasenack> but the sru team member who is considering whether the package can be released or not, will take many things into consideration
<ahasenack> and the migration tests is one of them
<sdeziel> that's a impressive workflow
<sdeziel> It seems like git-ubuntu helped a lot to automate part of this workflow but do you have other tools in the pipeline to automate further?
<sdeziel> or maybe extensions to git-ubuntu?
<ahasenack> git (ubuntu) helps keeping our sanity
<ahasenack> there are many tools out there that I don't know about, I'm sure
<ahasenack> many in the ubuntu-dev-tools package
<teward> ahasenack: some of us are just plain old insane even with git-ubuntu :P
<rbasak> kstenerud: FWIW, I have a monthly 200G limit, and manage to fit within it even with Sam's Netflix usage.
<rbasak> I use a local proxy cache, and try to do everything through there.
<rbasak> autopkgtests and things I run on an internal Canonical machine we could give you access to.
<nacc> rbasak: i like that you attribute your b/w to Sam :)
<rbasak> :)
<rbasak> We had to add some traffic control to the PS3 to stop Amazon Instant video from using all our bandwidth allowance on super duper HD or whatever.
<rbasak> I limited it to 2 Mibit and quality is OK for us
<nacc> lol
#ubuntu-server 2018-08-18
<Jgalt> How can i get my wifi card to configure itself and how can I switch between wifi networks at will?
<Jgalt> yes this is for a server... its a mirror of what i have running at work for our vm host but running on my laptop
<sarnold> if you can tolerate installing network manager on the thing, nmcli makes swapping wireless networks pretty easy
<tomreyn> have you considered network-manager?
<Jgalt> yes, Id probably prefer network manager..... but ubuntu 18 decided to go its own way and use netplan
<sarnold> for servers, yes
<sarnold> desktops still use network-manager
<sarnold> feel free to swap it in if it works for you
<Jgalt> sarnold: why the split within the same distro?
<sarnold> Jgalt: because admins would kill us if we put network manager on servers by default
<sarnold> Jgalt: and users would say ubuntu is hard to use if we had them use netplan for their wifi :)
<Jgalt> so what was it before all this?  as an admin I tend to like to kill anyone that goes off on their own way with no one else following.  this includes snap, netplan, and likely a few others im not thinking of right now
<sarnold> on debian it was /etc/network/interfaces
<sarnold> that was the way it worked on ubuntu server for ages
<sarnold> I *think* ubuntu was born after network manager and likely always included it
<sarnold> /etc/network/interfaces wasn't great fun with wifi
<sarnold> I did it
<sarnold> but I think I'm willing to begrudgingly admit that today I'd rather use nm than manage my wifi card via /etc/network/interfaces :)
<sarnold> red hat had some system-configure-network python script or similar
<sarnold> suse had yast
<Jgalt> that said just before I came on to my current work assignment they chose ubuntu for a couple core servers so I get to manage those until our next upgrade cycle
<Jgalt> I liked /etc/network/interfaces
<sarnold> yeah, it *was* simple
<Jgalt> ah well, Try and learn netplan i guess
<sarnold> a bit too simple.. people expected it to maintain some kind of state
<sarnold> so they'd edit the file to make it look the way they'd want, run ifdown.. and it wouldn't tear down the old thing, because it just runs shell scripts.
<sarnold> but it *looked* like it was more than shell scripts.
<blackflow> sarnold: just a nitpicky correction, netplan is used both on servers and desktops, as it's just a configuration abstraction/wrapper. the difference is in the backend it uses, on desktop it's NM and on servers it's networkd.
<blackflow> and it's just default, nothing prevents users to flip that around or not use it at all.
<foo> I still have a production server on Ubuntu 14.04.5 LTS. Has anyone done the upgrade path to Ubuntu 18.04 LTS?
<foo> Or rather, does that seem scary, and filled with several possible errors? Or is it relatively straightfroward and seamless?
<foo> If you're reading in-between the lines: this is a big to do list item and I'm wanting to plan appropriately. :)
<foo> It's a digital ocean droplet right now
<foo> I guess I could easily snapshot stuff and just go for it... worst case, re-write old snapshot
<RoyK> foo: it should be rather straight forward - make a backup or snapshot, upgrade to 16.04, test a bit, backup/snapshot again, upgrade to 18.04
<RoyK> if you have a lot of custom packages and stuff like that, it probably won't be that easy
<tomreyn> it may be wroth considering to do a fresh installation, though, especially if you use OS configuration deployment.
<tomreyn> much has changed
<foo> RoyK: no deb's I've built. Mostly websites, all python/postgres
<foo> tomreyn: yes, that's the other option... spin up new droplet on 18.04... and slowly migrate stuff over. I'm open to that too, considering this droplet is many years old. And, well, of course it just "feels better" - ha.
<foo> Would require changing IPs and cleaning house on a lot of projects... which actually is a bit attractive.
<RoyK> should be fairly straight orward, but as tomreyn says - a fresh install and ansible or something to set it up might be a good idea
<RoyK> foo: what sort of services do you have on this thing?
<foo> I'd love some feedback on this: I have a good friend who opened my eyes to docker. I was thinking, instead of one nginx system and various python scripts running, of using docker for every project. Right now I use git locally and push up locally. Difference would be to use docker locally and push up docker containers (still have a lot to learn)... it's a fundamentally different approach, and it sounds a lot cleaner, and security benefits too, and ...
<foo> ... possibly easier to upgrade OS-level stuff too. Do you suggest A) one nginx web server, one web database, various python scripts (eg. as I have now) or do you suggest B) one fairly vanilla system, various docker instances?
<foo> RoyK: thank you for asking and digging, I've been wanting to think through this for a while. I have had many things... php + mysql for many many years, I recently shut down all that stuff and only use python + postgres + various python scripts (eg. one python script powers a chatbot)
<foo> That's mostly it. /me scratches head
<foo> nginx + gunicorn + django sites and a few static sites
<foo> Various cron jobs, often calling python scripts
<RoyK> sounds like a pretty normal webserver to me
<foo> Yup
 * foo curious if anyone here is a fan of option A or B, too - if familiar with docker setup like this
<RoyK> foo: I guess setting up a new one may streamline installation a bit - I mean - get a new vm with u1804, setup ssh keys, use ansible (or whatever you prefer) for everything else
<RoyK> so that next time you need a reinstall, it's done in record time
<foo> RoyK: yeah, I'm leaning towards that. Not familiar with ansible, if I did that, I'd likely rsync some stuff over
 * foo googles ansible
<RoyK> foo: just keep the old server running until the new one seems good - then switch - keep the old one for a week or so in case you need to go back
<foo> Looks like this system is 4 years old (granted, I've been actively updating it)
<foo> RoyK: thanks, I like it! I also had a very old PHP drupal site on here, with mysql, which was likely very vulnerable... so re-installing is also attractive for this reason
<RoyK> sounds like it
<foo> RoyK: happen to have any thoughts on new system being A) one nginx instance, one postgres database, everything connects to it (like I currently have it) or B) a bunch of docker instances?
<RoyK> drupal is rather well known for its bugs
<RoyK> isolation is good, although I'm not really into docker - still using kvm
<foo> RoyK: aha, thanks! yeah, I left drupal and php a few years ago... python has been fun. :)
 * RoyK also thinks it's a good idea to use postgres over mysql/mariadb, but it seems we already agree on that
<foo> RoyK: :) Really appreciate you sharing your thoughts, thank you!
<RoyK> np :)
<foo> RoyK: also looks like EOF on 14.04.5 LTS is April 2019, so I technically still have some time. I thought it was last month for some reason
<RoyK> 5 years for LTS
<RoyK> and 14.04 was released - guess! in 2014-04
<foo> :)
<foo> thanks!
<RoyK> foo: there are several systems like ansible (chef, puppet, cfengine etc etc etc), but I somehow like ansible - it's not perfect, but it doesn't require a client/agent, it all runs over ssh, which is convenient
<foo> RoyK: ohhh, ansible falls in the chef category. I haven't ever had a need for that level of automation, but I hear it's awesome when you're wanting to command an army of systems. Got it!
<RoyK> then migrating a webserver to a new one would be a nice way to learn one of those tools :)
<foo> RoyK: do those tools, even ansible, make sense for 1 server - though?
<RoyK> foo: with ansible it really doesn't matter if it's one or a thouosand - you just give it a playbook, referincing a hostfile and there you go
<foo> RoyK: aha, I see
<RoyK> so when the server dies or you want to host it somewhere else, just setup a new one with the playbook, move relevant data and you're go
<foo> RoyK: I suspect playbook is "run these scripts, install these packages, set these configs" - etc?
<RoyK> yes
<RoyK> there are fairly good documentation on https://www.ansible.com/
<foo> RoyK: thank you! I might just give this a look. It would be nice to have a failover system one day and it sounds like this could help with that
<foo> actually, with digital ocean, I could probably take a snapshot and clone the system and move it to another zone or something... maybe. :) And even if not, having a local dev environment set up same as production... that could be another good use case
<RoyK> yep
<RoyK> just write a good playbook, then deploying the machine somewhere else is easy
<foo> RoyK: thank you!
<foo> RoyK: making a note of this and planning this out on calendar
<Checkmate> hello guys its possible to use ufw or iptables to block limit of request per ip at a script file script.sh ?
<blackflow> Checkmate: what kind of request?
<Checkmate> blackflow http requests
<blackflow> Checkmate: no, iptables have no concept of a http request. you can only limit at packet level, eg. new connections by limiting SYN packets
<blackflow> but the web server should be able to do that. nginx and apache can, at least
<Checkmate> blackflow and fail2ban?
<blackflow> Checkmate: no, the only thing that understands the concept of a "http request" in order to throttle it, is the web server
<blackflow> Checkmate: perhaps avoid the XY problem and state what exactly are you trying to solve?
<Checkmate> i want block bots
<blackflow> Checkmate: that's a game of whack-a-mole which you can never win.
<blackflow> you can also throttle "good" bots with robots.txt
<Checkmate> you're right i can never win only by cloudflare mode i'm under attack
<Checkmate> blackflow iptable or ufw can be used for a specified script.sh ??
<blackflow> Checkmate: I have no idea what "specific script.sh" is
<blackflow> *specified
<blackflow> btw not sure even cloud flare can help with bots. what problem are you having? excessive traffic?
#ubuntu-server 2018-08-19
<hallyn> no more dovecot in bionic?
<tomreyn> hallyn: https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/1783129
<ubottu> Launchpad bug 1783129 in livecd-rootfs (Ubuntu) "Only "main" component enabled after install" [High,In progress]
<tomreyn> hallyn: in other words: you are probably missing the 'universe' section in /etc/apt/sources.list
<hallyn> tomreyn: thanks - no i guess i hadn't updated the pkg archive corectly, i wasn't finding dovecot at all.  thought maybe it had been replaced :)  thx.
<hallyn> no i did have it,
<tomreyn> ok
<hallyn> i dunno.  misread something.  haven't installed it since 14.04 so "it's been removed" seemed the logica conclusion :)
<tomreyn> you can always check on https://packages.ubuntu.com
<hallyn> though i don't see dovecot-postfix
<hallyn> but that's ok i'm not there yet
<tomreyn> i dont know what dovecot-postfix is
<tomreyn> no such packages seems to exist (nor do i remember it existing in the past)
<hallyn> it's installed on my oler mailserver,
<hallyn> i assumed it was needed to support '-o smtpd_sasl_type=dovecot' in postfix, myabe not
<tomreyn> therE's definitely an integration between the two, i forgot the details., but i think it's provided by one of the dovecot packages.
<hallyn> yeah i'll figure it out - probably changelog should be helpful.  thanks
<hallyn> i guess i'm supposed to use mail-stack-delivery
<hallyn> this has the fingerprints of rbasak all over it doesn't it :)
<hallyn> "Configuring postfix for mail-stack-delivery integration:"   oh good i love me some magic
<hallyn> overwrote my ssl key info, but why?
<micha234> hi
<micha234> trying configure a serial-port connection to my linux server. so far i enabled serial in bios, enabled it in grub, dmesg|grep tty shows me the serial devices, also does stty/setserial, systemd spawned agetty process for ttyS0 via auto-configured serial-getty@ttyS0.service but every time i connect via serial cable no login prompt is visible. "outbound" serial connections to e.g. a switch work fine on the same system. do you ha
<micha234> hey, anyone set up a serial-console setup to connect to his ubuntu server?
<Helenah> Hi, I've got a custom setup on an Ubuntu Server 18.04 consisting of i3wm, mate-session-manager, zsh, tmux, there is /usr/bin/automux, a custom /etc/adduser.conf, etc
<Helenah> It's in a qemu img, however I'm wanting to incorporate into a netinstall.
<leftyfb> why do you need a GUI on a server?
<Helenah> It's not a server
<Helenah> It's intended to be a client install
<Helenah> But, Ubuntu Desktop forces Unity and a load of other crappy fancies
<leftyfb> Ubuntu 18.04 not longer installs Unity by default
<Helenah> Rly?
<Helenah> Nice
<leftyfb> Helenah: regardless, you'll want to look into preseed
<andol> Helenah: If you want something custom to be setup during a netinstall I think the easiest would be to have it applied by way of a configuration management tool.
<leftyfb> or that
<leftyfb> like ansible
<andol> Probably both, with pressed handing over to the config mgmt otol.
<Helenah> Okay, but there is something else I'm not happy with... mate-session-manager seems to depend on things like ubuntu-mate-default-settings
<Helenah> I don't want any of this
<Helenah> I don't it's not a requirement.
<Helenah> It just seems when install things with APT, I get non-required bloatware on top claiming it's required.
<andol> Helenah: Configured apt to not install Recommends by default? No idea if it helps in the mate case, but in general it cuts down the number of automated installed packages quite a lot.
<andol> APT::Install-Recommends "false";
<Helenah> Okay thanks
<Helenah> andol: One guide recommends to combine kickseed and preseed to get the best of two worlds.
<Helenah> andol, leftyfb, Btw, I am really sorry if asking about this in a server channel is inappropriate. With me using server images, I intend to use for clients, not servers, I really didn't know where to ask... o.o
<Helenah> I got the idea, that this channel is more appropriate based on the fact I'm using server images.
<andol> Helenah: Mostly work with virtual infra these days, so I really don't have much of a qualifed opinion when it comes to kickstart, kickseed or pressed.
<Helenah> pressed?
<andol> s/pressed/pressed/
<andol> Bah
<Helenah> Aaah I know what you mean
<andol> s/pressed/preseed/
<Helenah> preseed
<Helenah> Okay, so I got 3 options, I'll give em a whirl
<Helenah> Thanks once again for your support
<Helenah> andol: I do a like of virtual infrastructure too.
<Helenah> s/like/lot
<Helenah> I'm sure you knew what I meant too, but just incase... heh
<Helenah> and I'm thinking, these options would be good for deploying VMs and physical servers, too, not just clients.
<andol> For VMs I'd just prebuild the basics using something like Packer, and possibly hand over the customization to the config mgmt tool.
<micha234> hey there, i am failing to get a terminal prompt with agetty/mgetty via serial port. any ideas for troubleshooting?
<rypervenche> Could someone test something for me? I'm not able to hear audio on forvo.com for some reason in qutebrowser. I'm trying to figure out if it's on my end or in qutebrowser. Could someone go to https://forvo.com/search/egipto/ and click on one of the triangles to see if it plays audio or if it just hangs?
<rypervenche> Oops, sorry wrong channel.
<teward> rbasak: powersj: sarnold: cpaelzer: I'm going to push NGINX Mainline plus the fix for https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1782226 into Cosmic, we'll track NGINX mainline at least for 18.10 and 19.04 until the 1.16.x release of NGINX Stable in April, and then switch to that in 19.10 before LTS.  At that time we can determine whether we need to trakc Mainline or Stable for
<teward> 20.04 LTS (depending on when NGINX Stable releases in 2020.
<ubottu> Launchpad bug 1782226 in nginx (Ubuntu Cosmic) "Allow NGINX to install but not start during postinst if another process is bound to port 80" [Wishlist,In progress]
<teward> trying to get this in before FeatureFreeze, becasue that port 80 issue has opened up too many bugs in the past and it's annoying me (and probably other triagers to some extent)
<teward> since i heard no complaints from anyone about that proposal i made over a week ago.
<teward> that way though we can guarantee we'll be on a 'stable' branch by next LTS.
<teward> FYI for the server team: NGINX 1.15.2-0ubuntu1 has been uploaded, it contains the NGINX Mainline latest version and the fix for the port 80 in use detection
<Hackwar> hi folks, I updated a headless server to 18.04 and now my SimpleXML for PHP 7.2 is missing. It is listed in the apache2/ config folder, but it is not present in the loaded modules. What do I have to do? apt-get install php-xml doesn't work
<Hackwar> (I removed the package and installed it again and it didn't change the situation)
<lotuspsychje> Hackwar: please idle a bit here ok, volunteers are worldwide here on different timezones ok
<blackflow> Hackwar: does php -m list it?
<teward> Hackerpcs: did you restart the Apache server to make sure it picks it up?
<teward> I'm assuming you did but
<Hackerpcs> heh
<Hackerpcs> wrong tab :P
<teward> oops
<teward> they left
<teward> sorry :)
<Hackerpcs> nvm
<teward> *goes back to kicking around packages for the repository)
#ubuntu-server 2019-08-12
<CyberFingers> Hi I'm migrating Wordpress to a new server and encounter the following error, " AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: " any suggestions how to resolve this? thanks
<tds> CyberFingers: can you pastebin your httpd configuration?
<tds> and any htaccess files in use
<CyberFingers> Hi tds - https://pastebin.com/Kp4hWRk0
<CyberFingers> I'm trying to set-up as a virtual host.
<tds> that all looks quite standard, anything extra in your htaccess file?
<CyberFingers> It worked fine in a directory cyberfigners.net/wordpress, but when I tried setting up as a virtual host encountered the error
<CyberFingers> no .htaccess file
<CyberFingers> Hi tds any other suggestions?
<tds> CyberFingers: from what I see here, the main page works fine, it's just short URLs that are causing problems - that rather suggests something's rewriting the URLs, which I'd really suspect to be a htaccess issue
<CyberFingers> I've tried a standard .htaccess file but still had issues, can you suggest what I should use? thanks
<leftyfb> CyberFingers: do you have the mod_rewrite module installed for apache?
<CyberFingers> rewrite_module (shared)
<CyberFingers> yes
<Martin00b> Moin moin, could a knowledgable person concerning BTRFS PM me for some assist on adding drives to the correct mount point and creating subvolume structure correctly?
<xibalba> is there info i can lookup on a specific apt packaage? like "tacacs+". like a central website that gives info on the ubuntu packages
<xibalba> n/m found it, had a tard moment
<sarnold> Martin00b: why not ask your question in the channel? you might have already had a response had you asked. someone else might have suggested something different. someone new might have learned.
#ubuntu-server 2019-08-13
<calcmandan-tab> i have an severely out of date server on 15.04 and looking for directions of updating severely eol ersions. can someone kindly send me a url?
<lotuspsychje> calcmandan-tab: is that a test server or production?
<calcmandan-tab> foud it
<calcmandan-tab> found it
<calcmandan-tab> fingers crossed i don't hose my server
<lotuspsychje> calcmandan-tab: a lot of security flaws have been released since 15.04 are you sure you take the risk of eolupgrade?
<calcmandan-tab> lotuspsychje: not sure what the risk is
<lotuspsychje> calcmandan-tab: were your servers connected to internet or offline use?
<calcmandan-tab> both
<calcmandan-tab> but not critical
<lotuspsychje> !usn | calcmandan-tab security risks
<ubottu> calcmandan-tab security risks: Please see https://usn.ubuntu.com/ for information about recent Ubuntu security updates.
<lotuspsychje> calcmandan-tab: if its for production use, id really reccomend fresh install to be sure your server isnt compromized
<lotuspsychje> maybe its not, but why take the risk right?
<calcmandan-tab> i did a major scan of the server and i have strong egress rules on the firewall
<calcmandan-tab> i also reviewed its logs
<calcmandan-tab> firewall and proxy logs
<lotuspsychje> calcmandan-tab: ok then if you know what youre doing :p
<cpaelzer> jamespage: did your issue with OVS 2.12 resolve?
<Aison> hello, can I disable the network-manager.service, when I do not use the /etc/network/interfaces facility? is it enough to keep just systemd-networkd.service enabled?
<lordievader> Aison:  You mention three different methods of configuring network interfaces here. What do you actually use?
<calcmandan-tab> lotuspsychje: thanks for your help earlier.
<lotuspsychje> calcmandan-tab: welcome mate
<calcmandan-tab> lotuspsychje: i'm taking your advice as it'll be much quicker to go fresh
<calcmandan-tab> lotuspsychje: and cleaner
<lotuspsychje> +1 nice choice calcmandan-tab
<calcmandan-tab> night
<calcmandan-tab> take care
<Aison> lordievader, i'm only using the systemd facility
<lordievader> In that case NetworkManager and ifupdown (`/etc/network/interfaces`) can safely be disabled.
<Aison> so I placed config files into /etc/systemd/network
<lordievader> Do make sure the `systemd-networkd` service is enabled and running.
<lordievader> If you are able to, reboot at least once to check if the configuration is reboot-proof.
<Aison> ok
<Aison> I just wonder, why networkmanager replaced my reslov.conf by an empty file (except containing # Generated by NetworkManager)
<lordievader> Because it likes to control it with information either from DHCP or manually supplied.
<lordievader> If you are doing this remote, make sure you have some backup method of access (IPMI).
<Aison> the funny thing is, altough resolv.conf has no nameserver defined, nslookup, dig, etc... is still working.
<Aison> is automatically the localhost used if there is no nameserver defined? because i'm running bind on this machine
<lordievader> The DNS was designed this way.
<lordievader> As a way to push over people to the DNS (instead of the hosts file) the fall-back default would be localhost.
<Aison> lordievader, ok, thx :-) /etc/network/interfaces is read by the network-manager.service or are these two different facilities?
<lordievader> NetworkManager only reads that file to figure out which interfaces are managed by ifupdown, furthermore it does its own thing. NetworkManager is not configured through `/etc/network/interfaces`.
<Aison> brb, reboot server :-D
<Aison> lordievader, ok, everything works fine without network-manager.service ^^
<lordievader> Good to hear
<Aison> argh, why is mariadb logging everything...  just deleted a 500gb log file
<Aison> oh, somehow general-log was enabled....
<hallyn> cpaelzer: yeah, so qemu supported virtio-scsi-blk, but the eoan server livecd couldn't find the disk :(
<hallyn> i'm being lazy - haven't looked at the available kernel modules yet
<hallyn> jamespage: cpaelzer mentioned that rharper had suggested you switch to virtio-scsi, did you do so, and did you have any troubles?
<hallyn> oh you know what - never mind,
<hallyn> i using the $(*&^&(*#&$(*#&$(* "improved" qemu command line wrong
<hallyn> man i hate the -device crap.  and now, apparently, you have to use *3* pairs of arguments for one stinking drive.  lovely
<hallyn> but, it's working :)  now to test discard
<cpaelzer> IMHO the cmdline no more is meant to be a human interface
<cpaelzer> more for machine generated strings
<cpaelzer> I happen to use the most outdated (but easy to remember) arguments as well every now and then
<hallyn> yeah...
<hallyn> i bet there's a front-end out there that parses easier to remember cmdline to qemu cmdline :)  maybe i'll turn my 'kvm' script into one
<hallyn> "-virtio-scsi-drive x.qcow2" -> if=none,id=hd,file=x.qcow2,format=qcow2 -device virtio-scsi-pci,id=scsi --enable-kvm -device scsi-hd,drive=hd
<hallyn> meh
<rharper> hallyn: just wait till you start allocating io-threads to each of your devices =)
<hallyn> rharper: i've always assumed this was all jsut an attempt to force us to use libvirt :)
<rharper> hallyn: heh, no, that was when they stopped allowing folks to query features via the cli; wanted folks to use qmp to "discover" features;
<rharper> https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1716028
<ubottu> Launchpad bug 1716028 in libvirt (Ubuntu) "qemu 2.10 locks images with no feature flag" [Medium,Fix released]
<hallyn> half-lol :)
<hallyn> rharper: so - all that, and discard is not working for me!  hm.
<hallyn> ok, so i see - it doesn't shrink the file of hte qcow file, but it re-uses the discarded space (so create 1G, rm 1G, create 1g  doesn't take up 2 G)
<hallyn> "could be worse"
<sarnold> it could also be better.. if those bits on disk really aren't needed it'd be nice to zero em out for rebalancing :(
<lordcirth> sarnold, as a one-off, you can use qemu-img convert to produce a shrunk file
<sarnold> lordcirth: yeah.. bummer that it takes that kind of effort though :( if the vm actually went to the effort to issue a discard call, that information is already sitting there..
<rharper> hallyn: what's your cli look like ?
<hallyn> kvm -drive if=none,id=hd,file=x.qcow2,format=qcow2 -device virtio-scsi-pci,id=scsi --enable-kvm -device scsi-hd,drive=hd  -m 4096 -drive if=none,id=hd2,file=y.qcow2,format=qcow2 -device scsi-hd,drive=hd2
<hallyn> rharper: ^
<compdoc> I started using raw
<rharper>  you need:  -drive if=none,id-hd,file=x.qcow2,format=qcow2,discard=unmap,detect-zeroes=unmap
<rharper> and you're running fstrim in guest and checking on host afterward ?
<rharper> well, at least the discard=unmap; I've not yet tested the detect-zeroes either, but I suspect that may be helpful for guests which zero block space
<hallyn> i thought about detect-zeroes, but my reading of the manpages suggested that all of that would default to what i wanted
<hallyn> oh, maybe not - maybe htat was seen as too much perf impact?
<hallyn> yeah, running fstrim in guest then checking host
<rharper> hallyn: which version of qemu ?
<rharper> hallyn: I would try being explicit; I see some references to enabling discard by default, but the man pages don't indicate the default discard mode on -blockdev or -drive, or if the defaults are the same;  =(
<hallyn> rharper: QEMU emulator version 4.0.0 (Debian 1:4.0+dfsg-0ubuntu5)
<hallyn> i added the discard and zeroing options, same behavior
<hallyn> maybe i needed to wait longer? :)  that would make sense
<hallyn> i assume detecting zeroes takes some time
<rharper> hallyn: I don't think so;  it should be immediate, fstrim in guest to host should result in a  punchole syscall to the file on the host ;  have to tried raw vs qcow2?
<hallyn> no
<hallyn> i suppose this could be qcow2 bogosity
 * rharper tries it out locally 
<hallyn> rharper: yes!  raw works
<hallyn> at least, with simple ext4, lemme try lvm now
<hallyn> rharper: yeah, even lvm thinpools shrink that way.
<hallyn> whodathunk raw format works better for shrinking size than qcow2 :)
<hallyn> (we all know - you would :)
<rharper> hallyn: it's working for me (xenial qemu 2.x) on both qcow2 and raw;
<hallyn> thanks rharper
<hallyn> hm
<rharper> ext4 on both filesystems
<rharper> lemme repeat on qemu 4.x
<hallyn> qcow2 doesn't work for me, but that's probably ok
<rharper> how is your qcow2 built ? base image or layered with a backing file ?
<hallyn> just a base qemu-img create -f qcow2 x.qcow2 10G
<rharper> yeah
<rharper> same here in my tests
<rharper> hallyn: so, on qemu 4.0 I see almost *no* trim in the qcow2;  so I suspect there's some additional flags that need set  on the qcow2 -drive parameter
<rharper> so that confirms what you see
<hallyn> in some circles that would be called a regression :)
<keithzg[m]> Hmm, one VM at work (running on KVM) now fails to boot with 4.15.0-58-generic. Still fine with 4.15.0-38-generic, and even more weirdly, other 32-bit VMs using 4.15.0-58-generic boot just fine on the same host.
#ubuntu-server 2019-08-14
<Benl90> hello. I have problem. I done something stupid, really stupid, I do chown -R root:root .* on /root and it change all permission on the OS, now I can't start mysql service and other things. Is there anyway to fix it? Thanks
<sarnold> Benl90: /root or / ?
<Benl90> on folder root, but it impact the /var/lib/ also
<Benl90> I need to make sure mysql server back online, but now I can't
<sarnold> Benl90: if you mean / then you are indeed in trouble
<Benl90> sarnold, I did it on /root and /var/lib only
<Benl90> Any suggestion?
<sarnold> Benl90: you can ignore /root because everything in there should be root:root
<Benl90> nah how about /var/lib?
<sarnold> Benl90: http://paste.ubuntu.com/p/23K6XQ4ZMr/  http://paste.ubuntu.com/p/WTTnfP5BQF/  -- this is two machines I've got easy access to
<Benl90> I've fix the whole permission but still mysql won't run. also there's error on journalctl -xe like this https://paste.ubuntu.com/p/3k9yJ4bpFc/
<sarnold> try restarting rsyslog and see if you get error messages there
<Benl90> sarnold, I tried, and nothing error log help https://paste.ubuntu.com/p/dr2J9qTyN6/. Any suggestion?
<sarnold> Benl90: are there more detailed logs in a /var/log/mysql* or /var/log/syslog?
<Benl90> no help from mysql/error.log, but some clue maybe on syslog https://paste.ubuntu.com/p/86hcKfVggV/
<Benl90> apparmor denied operation open
<sarnold> Benl90: [ERROR] Could not open file '/var/log/mysql/error.log' for error logging: Permission denied
<sarnold> Benl90: you'll have to fix this one first
<Benl90> sarnold, how to fix it? Ehmm..
<sarnold> the apparmor denial is on name="/sys/devices/system/node/" -- which is probably just mysql trying to figure out what NUMA nodes the system has
<sarnold> Benl90: ls -l /var/log/mysql/error.log /var/log/mysql/ /var/log/ /var/  -- and make sure those are correct
<Benl90> sarnold, to mysql user?
<sarnold> Benl90: probably
<sarnold> double-check against a good mysql install somewhere
<Benl90> sarnold, Ah it's running now. Thank God. Thank you sarnold. But I still worry about the rest of the permission. chmod -R is really dangerous :'(
<Benl90> I can't think more :'(.
<sarnold> Benl90: indeed, there's probably a lot more wrong on this system if you've not yet fixed up the permissions on subdirectories and subsubdirectories etc
<Benl90> sarnold, Then I must recheck it one by one?
<sarnold> Benl90: yup
<Benl90> sarnold, :'(
<Benl90> sarnold, Do you ever handle ms sql server on ubuntu?
<Benl90> The ms sql server also down. maybe with the same reason
<sarnold> Benl90: not often, someone seems to ask about it every six months or so..
<sarnold> Benl90: do the same thing -- find its logs. if it's not logging, find out why. fix that. iterate. :)
<Benl90> The log for database 'master' is not available. Check the operating system error log for related error messages. Resolve any errors and restart the database. I can't guess the permission of the ms sql log. Ugh
<Benl90> sarnold, Thank you. It's running now. Seems the problem really only because of permission. Thank god!
<sarnold> Benl90: good news :)
<Benl90> sarnold, Anyway, is there anyway to fix the permission automatically?
<sarnold> Benl90: no; you can try something like a loop over all pacakges and apt install --reinstall -- but I'd like to make clear that I don't know how well that will work out
<sarnold> Benl90: that won't fix anything that's created at runtime by programs; it can only fix up whatever might be packaged
<Benl90> oh so the reinstall is a parameter on the command. Seems the sudo also affected. I really curious. When I did "chown -R root:root .*" on folder /root, why it recursively done to the whole system?
<sarnold> /root/../
<sarnold> it climbed back up and kept going..
<Benl90> sarnold, ouch..
<sarnold> yeah. everyone learns this one the hard way.
<sarnold> yours is probably more frustrating than most
<Benl90> sarnold, anyway why if I use  "chown -R root:root *", it won't touch .git directory or hidden folder I mean.
<Benl90> sarnold, Does it mean I need to reinstall the OS?
<sarnold> /root/.???* is the usual fixz
<Benl90> sarnold, what's .???*
<sarnold> Benl90: depends upon how much was changed.. a reinstall might be the easiest way forward, but if you were able to ^C it very quickly, maybe it's more work..
<Benl90> sarnold, I left it there, at least the OS run for now.
<sarnold> hthat limits the expanded files and directories to starting with a period, several chars, and then any number of other chars; it ought to match all the dot files and directories excepting . and ..
<Benl90> oh the ?? mean minimum character?
<sarnold> .a or .b or whatever won't match that
<sarnold> sortof.. try echo /etc/rc?.d to get a quick idea..
<sarnold> or echo /etc/sub?id*
<Benl90> ah. I see. echo /b??, shows bin
<Benl90> learn the hard way :'(
<sarnold> yup. like I said, everyone does this one sooner or later.
<sarnold> you're lukcy if you do it early on a system that doesn't matter to anyone else..
<sarnold> unlucky if your job depends onthe correct working of the machine
<Benl90> sarnold, The 2nd one :'(
<sarnold> :(
<Benl90> Because for long time on /var/www/* It never done something harm, and just stop on the /var/www
<Benl90> at least my boss can present the app to client for now.
<Benl90> sarnold, does "action 'action 0' resumed (module 'builtin:omfile')" is also an error?
<sarnold> Benl90: almost certainly that's rsyslog doing its best to report an error
<lordievader> Good morning
<miu5> hi, where can i find out what kernel ubuntu-16.04.4-server-amd64.iso ships with by default?
<Benl90> 4.14should be
<dreugeworst> Hi all, I have a machine with Ubuntu Server 18.04 installed, and am trying to replace systemd-resolved. I've installed resolvconf, network-manager and dnsmasq. It seems to delegate to dnsmasq just fine, and it seems in turn to call to resolvconf, but resolvconf doesn't work. systemd-resolved found the network dns server fine, but resolvconf only works if I add, say, 8.8.8.8 to resolv.conf.d/head. anyone know what
<dreugeworst> might be up?
<Ussat> I would first ask, why ?
<dreugeworst> I've had systemd-resolved crash and then it gets in a loop trying to restart but unable to.
<tomreyn> that's bad, and i've never heard of it. did you report a bug?
<dreugeworst> did not report one, no, was too preoccupied trying to get the server working again
<tomreyn> was your system fully updated when it happened? is this amd64?
<dreugeworst> I updated it a couple of times hoping it would fix the error, it's amd64 yes
<tomreyn> the crash log should still be present in /var/crash
<tomreyn> hmm, i just looked at previously reported crashes of systemd-resolve on 18.04, and there are none. maybe it's something specific to your system?
<dreugeworst> no, it seems to be empty. I do have an old syslog with me, it wasn't quite a crash. It starts with 'systemd-resolved.service: watchdog timeout (limit 3min)!
<dreugeworst> then it starts killing systemd-resolve processes with signal SIGABRT
<tomreyn> these looks more like follow-up issues
<dreugeworst> then the same happens with systemd-networkd
<dreugeworst> the only other problems I see in the log are with snapd
<tomreyn> is this bare metal or a VM?
<dreugeworst> bare metal
<tomreyn> was this system upgraded from earlier ubuntu releases?
<dreugeworst> no, new install
<tomreyn> can you share a full journalctl -b ?
<dreugeworst> hmm
<tomreyn> (ideally of a fresh boot, if you'll do.)
<tomreyn> it's not strictly neccessary, just wondering
<dreugeworst> I'll have a look if it's an option
<tomreyn> interestingly i find only a single hit for "systemd-resolved.service: watchdog timeout" on the web.
<tomreyn> maybe there's an issue with the network environment which triggers this.
<Ussat> I have never had something like that happen
<tomreyn> actually google has more hits on this search.
<dreugeworst> there's a lot of ssh login attempts happening, looks like a dictionary attack
<tomreyn> welcome to the internet
<dreugeworst> yeah, I installed sshguard, didn't think it would be the issue
<krintax56> Guys, I'm installing Ubuntu 18.04 LTS on HP DL380 G6 using ethernet. During setup when I go to Network connections and configure to use DHCP it says timed out. Now I configured DHCP IPv4 to be manual but I can only "Continue without network". Help! https://imgur.com/a/RoWKQdl https://imgur.com/a/3tCUYGW
<dreugeworst> well, I'll continue with a manually configured dns server for now
<tomreyn> dreugeworst: maybe just look at     dmesg --level=err,warn    and see if you have any serious issues which occur before it.
<tomreyn> krintax56: which ubuntu 18.04 server edition (the default, or alternative) and which exact version (18.04(.0), 18.04.0.1, 18.04.1, 18.04.2, 18.04.3) are you installing?
<krintax56> ubuntu-18.04.3-live-server-amd64
<tomreyn> krintax56: can you select the enp2s0f0 device and select "info"?
<krintax56> https://imgur.com/a/hc1Nb18
<krintax56> Sorry for the bad quality picture.
<tomreyn> works for me.
<tomreyn> so somehow it failed to configure, i guess. are you able to configure it properly if you reboot and then don't try dhcp but immediately configure it statically=?
<tomreyn> also can you say which values you entered during static configuration?
<tomreyn> krintax56: i assume you have verified this NIC actuall yhas a link?
<krintax56> What is NIC? Noob to linux and server stuff?
<tomreyn> network interface card
<krintax56> Ah yes it has. I actually installed CentOS 7 and it worked fine. Now I need Ubuntu and I get this.
<tomreyn> actually "network interface controller"
<krintax56> Yes it has.
<tomreyn> please consider the other approaches i discussed above, too:
<tomreyn> <tomreyn> so somehow it failed to configure, i guess. are you able to configure it properly if you reboot and then don't try dhcp but immediately configure it statically=?
<tomreyn> <tomreyn> also can you say which values you entered during static configuration?
<krintax56> https://imgur.com/a/3tCUYGW here is the static config: https://imgur.com/a/3tCUYGW
<krintax56> i actually haven't setup the IPv4 because I don't know what values to use.
<krintax56> I mean IPv6*
<tomreyn> krintax56: okay, i don't think you made any mistakes there, or none that i can see.
<tomreyn> krintax56: i suggest you try rebooting and reconfiguring it.
<tomreyn> in the meantime i'll see if i can reproduce
<krintax56> I just did that, still I can only see the Continue without network button.
<krintax56> Maybe I should setup the IPv6 too?
<tomreyn> it should not be neccessary, i think
<tomreyn> if you have another network interface connected, maybe try configuring that instead.
<krintax56> I don't have.
<tomreyn> then i'm afraid i can only suggest you try the alternative server installer at this time.
<tomreyn> or install offline
<krintax56> What is install offline, like continue without network then try to connect?
<tomreyn> you would then need to configure dhcp in your environment, or configure the ip address statically on the server after reboot.
<krintax56> Okay, I will continue without network from here.
<tomreyn> alternate server installer https://ubuntu.com/download/alternative-downloads#alternate-ubuntu-server-installer
<tomreyn> krintax56: i'm trying to reproduce this here (in a VM), but am not having much luck. once i finish manual configuration of the network interface the "continue without network" option on the bottom of the screen always switches to "done", i.e. network configuration succeeded. but, differently to yours, my 'info' screen also has all the details i entered. yours is basically empty, suggesting network interface configuration did not succeed.
<tomreyn> it'd be great if you could report this as a bug (run "ubuntu-bug subiquity" after installation, from the rebooted system, after configuring the network manually).
<tomreyn> bug reporting requires a one-time registration with the ubuntu SSO which also enables you to use the ubuntu kernel livepatch and other services.
<tomreyn> reporting a bug guides you through this rather quick process
#ubuntu-server 2019-08-15
<lordievader> Good morning
<Greyztar> hello,is there a way to run a local program over ssh on remote ?Say if i dont have tar installed on remote i could use the local machine tar ?Or is sshfs the way to go and then run local tar on that mount?
<lordievader> The other way around is a lot easier, running remote programs 'locally'. I think sshfs is the easiest in this case. You could do some piping magic with ssh, but that is a lot more complex.
<Greyztar> probaly yes thanks for help ill try fiddle around with it some more
<_KaszpiR_> Greyztar what's your problem exackly  because it sound like a typical XY issue
<Greyztar> _KaszpiR_: heya,im just fiddling with my phone now to be honest,but i had another use case aswell some time ago on my server and always wonders about the possibilities,sometimes theres not an possibility to add apps either so would be nice to use local apps instead,as of now i want to use adb shell through ssh to backup some apps only on my phone,was just curious though if it was possibel thorugh normal means like a switch or so nothing big 
<mmercer> wanshey folks -- whats the normal way to set net.ifnames=0 during *install time* so that you dont have to go reconfigure the system after the fact?  have not found any decent configuration on doing this on ubuntu via preseed
<mmercer> nvm, finally found it
<catbadger> morning all
<Greyztar> o/
<catbadger> \o
<ncuxo> Hello I have a question in regards of my home network
<ncuxo> i'm wondering if I should get managed lvl3 or lvl 2 switch
<mmercer> ncuxo: depends on what youre doing and whats going to handle your l3
<ncuxo> I have a ubuntu server with a couple of vms
<ncuxo> one of them is pfsense
<ncuxo> which is managing my network
<mmercer> ok, if youre using pfsense as your outer, then you only need l2
<ncuxo> I need the switch to install poe cameras
<ncuxo> and 3 workstations
<mmercer> most l2 switches wont do poe
<ncuxo> thats the whole point for the switch
<ncuxo> so I need to go with l3 then ?
<ncuxo> also is it okay to use a switch that is no longer supported ?
<ncuxo> I can get a cheap Cisco Catalyst 3750G-48PS Switch
<ncuxo> but they are discontinued and no longer supported
<mmercer>  'ok'... sort of... if its an isolated device....  but if youre putting it on the net running dated ios, etc... youre just asking for trouble
<mmercer> why dont you look at the ubnt gear ?
<mmercer> you could get the es8 and have 4 poe ports with vlan support
<mmercer> for ~$110
<ncuxo> I have 18 cameras so I need at least a 24 switch
<mmercer> ...
<ncuxo> big house ...
<ncuxo> plus I'll need some ports for routers to expand my network around the house
<mmercer> without knowing your cameras and things, id steer clear of the 3750 unless youre using it specifically to study for your cc* -- id look at something like:  GS724TPv2
<ncuxo> https://www.abus.com/eng/Home-Security/Video-Surveillance/Surveillance-cameras/WLAN-network-cameras/WLAN-outdoor-cameras/ABUS-Smart-Security-World-Wi-Fi-Pan-Tilt-Outdoor-Camera
<ncuxo> this is the link for the cameras
<ncuxo> the think with the cameras is that I dont need any fancy ports like fiber just plain rj45s
<mmercer> im going to back out of this one.  good luck :)
<ncuxo> thx tho :)
<bryce> cpaelzer, 2nd upload of exim4 went through.  no idea what happened to the 1st.
<bryce> draft of FFe for php 7.3 transition, feedback welcome --  https://bugs.launchpad.net/ubuntu/+source/php-defaults/+bug/1840330
<ubottu> Launchpad bug 1840330 in php-defaults (Ubuntu) "[FFe] PHP 7.3 transition" [Undecided,New]
<sdeziel> bryce: that plan looks good to me. I'm looking forward to having PHP 7.3 in 20.04/19.10 !
<bryce> sdeziel, thanks
<bryce> final ffe bug, submitted - https://bugs.launchpad.net/ubuntu/+source/php-defaults/+bug/1840334
<ubottu> Launchpad bug 1840334 in php-defaults (Ubuntu) "[FFe] PHP 7.3 transition" [Undecided,New]
#ubuntu-server 2019-08-16
<neildugan> to monitor ecc errors I have read that the edac module needs to be loaded... I have install edac-utils but it doesn't seem to be working... I expect there should be something in lsmod.. but I don't
<sarnold> neildugan: I've got sb_edac loaded on my machine with ecc
<sarnold> neildugan: I think the rasdaemon package ought to be able to help; I'm less sure about edac-utils, this is the first I'm hearing it :)
<neildugan> sarnold, the edac is meant to be trace ecc memory errors.
<neildugan> to monitor ecc errors I have read that the edac module needs to be loaded... I have install edac-utils but it doesn't seem to be working... the command 'dmesg |grep -i EDAC' returns just one line '[    0.146691] EDAC MC: Ver: 3.0.0' nothing for the any hardware
<neildugan> to monitor ecc errors I have read that the edac module needs to be loaded... I have install edac-utils but it doesn't seem to be working... the command 'dmesg |grep -i EDAC' returns just one line '[    0.146691] EDAC MC: Ver: 3.0.0' nothing for any hardware ... I have a 'i3-6100 CPU' ... is there a special package for this processor?
<sarnold> neildugan: have you had any luck installing the rasdaemon package?
<neildugan> sarnold, yes I have it runing in the foreground atm
<sarnold> neildugan: what's the output of ras-mc-ctl --status ; ras-mc-ctl --summary   ?
<neildugan> sarnold, "ras-mc-ctl: drivers not loaded." "No Memory errors." "No PCIe AER errors." "No Extlog errors." "No MCE errors."
<sarnold> neildugan: darn :( I was really hoping that having rasdaemon running would be enough to load all the necessary drivers. I don't get it. :(
<neildugan> sarnold, I just double checked the processor does support ecc memory, and the memory is listed at 72bit wide.
<lordievader> Good morning
<axisys> is there a site where I can see all the improvement made on 18.04 over 14.04 (eol) ?
<axisys> for server
<sarnold> axisys: https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes and https://wiki.ubuntu.com/XenialXerus/ReleaseNotes aren't a bad starting point
<ahasenack> ...and a new haproxy is out
<ahasenack> they certainly like their point releases
<axisys> sarnold: thanks
<lastebill1> I'm running ubuntu server 18 lts, and I just can't find where the owncloud stores it files.  According to google and even the config file it should be in var/www/owncloud/data, but it just isn't there.  I should have about 60 gigabytes of data there. I'm able to access them through the owncloud app or whatever, but even seaching the root, It only r
<lastebill1> eports like 16 gigas being used.  Are the files hidden or something?
<ncuxo> Hello everybody
<ncuxo> I'm trying to install ubuntu on my server but it doesn't recognize my drives?
<ncuxo> the LEDs on the front are all and the drives are new
<ncuxo> *all on
<sarnold> lastebill1: how did you install owncloud?
<lastebill1> sarnold unfortunately I don't quite remember.  It was like a year ago, and apart from using it I haven't really messed with it.  It landed me an outdated version of owncloud though.   So short answear is I don't really remember :(
<lastebill1> I think it might be under var/www/html/owncloud
<lastebill1> but I need root access to access it
<sarnold> lastebill1: it's quite likely you would need root privs, yet
<sarnold> yes
<lastebill1> sarnold I'd prefear using grapical tools, is there an easy way to use the file browser as root?
<sarnold> n o
<sarnold> no, sorry
<sarnold> I moved my keyboard halves around and now I can't type
<lastebill1> sarnold ok, thank you
<sarnold> I think one or another of the file managers may have some polkit integration to let you perform some operations as root
<sarnold> but actually running the thing entirely as root is way more trouble than it's worth
<circ-user-PrMIS> ACPI BIOS Warning (bug): 32/64X length mismatch in FADT/Gpe0Block
<circ-user-PrMIS> I cannot boot my server after a reboot
<circ-user-PrMIS> How do I fix this shit lol.
<circ-user-PrMIS> Hp proliant G7 N54L
<circ-user-PrMIS> nvm
<circ-user-PrMIS> got it
<compdoc> yw
<sarnold> what was it? :)
#ubuntu-server 2019-08-17
<SuperLag> When I'm doing a full-upgrade, I get a pink screen that asks me to confirm whether or not I want to allow services to be restarted. Is there a way to make apt/apt-get/dpkg assume that's a "yes", so my setup can be totally non-interactive?
<_KaszpiR_> SuperLag https://askubuntu.com/questions/972516/debian-frontend-environment-variable
<SuperLag> thank you!
<ncuxo> Hello everybody I'm trying to install Ubuntu on my server but it doesn't recognize my drives? the LED's on the front are all on and still non of them are found
<ncuxo> I've asked my question last night but when my PC went asleep it disconnected me from the chat so even if somebody have reply I haven't seen it :/
#ubuntu-server 2019-08-18
<lotuspsychje> blogten: wich chipset is that
<blogten> the nvidia you mean?  or the motherboard?
<lotuspsychje> yea your graphics
<blogten> nvidia gtx 660
<blogten> (it's a server *other* than the one we talked about a while ago)
<lotuspsychje> blogten: check: sudo lshw -C video please
<blogten> indeed, a GTX 660
<lotuspsychje> blogten: what does driver say at bottom driver=
<blogten> LOL nothing
<lotuspsychje> blogten: does card say 'unclaimed' ontop?
<blogten> ah sorry, not in a line of its own
<blogten> grep shows "driver=nvidia"
<lotuspsychje> blogten: ok, check nvidia-smi
<blogten> I had been looking at that a bit ago, what would you like to know?
<lotuspsychje> blogten: wich driver version is active
<blogten> 430.40
<lotuspsychje> blogten: does ubuntu-drivers list show other versions?
<blogten> ubuntu-drivers?... is that a cli program?... there's no which ubuntu-drivers
<lotuspsychje> blogten: ah never tested on server, its a built in command normally: ubuntu-drivers list
<blogten> apt suggests installing ubuntu-drivers-common
<lotuspsychje> hmm
<blogten> it's installing
<lotuspsychje> blogten: apt-cache policy nvidia-driver-390
<blogten> (fyi the only access I have to the box right now is via SSH)
<lotuspsychje> kk
<blogten> ok, ubuntu-drivers list is thinking
<lotuspsychje> hehe
<blogten> 6 driver suggestions: 430, 415, 410, 390, 340, and 304
<blogten> interesting
<lotuspsychje> lets try something less high for server
<lotuspsychje> 390 or 410
<blogten> 16.04 used to work with nvidia-driver-418, which is not listed here, and 418 right now points to 430...
<blogten> sure, hang on
<blogten> ... purging 430...
<blogten> and autoremoved the 430 remnants too
<lotuspsychje> cool
<blogten> do you want a reboot before installing a lower driver?
<lotuspsychje> blogten: no you can install the new one then reboot after
<blogten> ok, let's see
<blogten> how about 410...
<lotuspsychje> sure
<blogten> aptitude is meditating on the subject now...
<lotuspsychje> lol
<lotuspsychje> good boy apt
<blogten> blah blah compiling driver blah blah update-initramfs...
<blogten> ok, done
<blogten> reboot?
<lotuspsychje> yes
<blogten> ok, I'll go to the other room and see what the console does
<blogten> back.  after the machine BIOS boots, the blinking cursor advances one or two lines very quickly from the top, then the screen goes blank, and stays blank.  nothing happens.  I can see the box is responsive because e.g. num lock changes as I swap TTYs, but nothing shows on the monitor.  the box never had the desktop components installed, and it's no
<blogten> t mean to.
<lotus|i5> hmm
<lotus|i5> blogten: try another reboot
<lotus|i5> if that doesnt solve, try the 390
<blogten> soft, or hard reboot?
<blogten> hard as in -h, rather than -r
<lotus|i5> doesnt matter i think
<blogten> down the box goes again... brb
<lotuspsychje> ill be bbl for a while
<blogten> back.  same exact behavior.  also, I (think I) set grub to show the menu before the kernel boots, and not even that shows up in the monitor.  nothing at all.  before that, the BIOS shows, and I can see the GTX as well as the RAID card announcing themselves and all that...
<lotuspsychje> ok try 390
<blogten> in dmesg there's a note about the driver asking for multiple BARs, but that happens way after the kernel boots (and obviously after grub should have shown up but didn't)
<blogten> also, nvidia-smi says whether the adapter is on or off is N/A... that is really odd
<lotuspsychje> yeah means something went wrong with driver load
<blogten> another bit I looked into is the kernel module bbswitch... although it was installed in the kernel, the relevant files didn't show up in /proc/acpi...
<blogten> apt is nixing the 410 driver...
<blogten> now aptitude is meditating about the 390 driver...
<lotuspsychje> lol make sure apt doesnt spit out errors while installing
<lotuspsychje> some cases dkms conflicts
<blogten> there's "Not creating home directory `/nonexistent'.", but I think that's because right before it adds the user nvidia-persistenced
<blogten> there were some errors in the log files before, but that's because the very very very old 304 driver which I uninstalled a long time ago left broken symlinks, I deleted those
<lotuspsychje> kk reboot after install
<blogten> I do not see errors from the install
<lotuspsychje> allrighty
<lotuspsychje> bbl
<blogten> same thing
<blogten> I see something about a request the NVIDIA driver makes, i.e. this:
<blogten> requesting [mem 0x000c0000-0x000fffff], which spans more than PCI Bus 0000:00 [mem 0x000c0000-0x000dffff window]
<blogten> right after that, there's a note that the NVIDIA requested multiple BARs
<blogten> and still, even grub didn't show up
<blogten> why would that not work, even without the nvidia drivers installed?
<blogten> that is, even without the nvidia drivers, I still get a blank screen
<blogten> now that's interesting, the vesafb is "mapped to 0x        (ptrval)" as per the log, shouldn't that be 0xSOMEDEADBEEF?
<blogten> ok, fixed some of the breakage
<blogten> went to BIOS, disabled decoding PCI above 4gb => now I have video
<blogten> two problems remain: 1) slow because the console is in graphical mode rather than text (so slow that makes boot slower!), 2) needs newer drivers....
<blogten> newer drivers in, now the text mode...
<mmercer> does apt-get not support http authenticaiton ?
<tomreyn> apt_auth.conf(5)
<mmercer> tomreyn: tyvm.  i was hoping it used netrc format, i just wasnt sure where to look
<mmercer> issue fixed, woot woot
#ubuntu-server 2020-08-10
<ozcrn> Hi All, i am having some issues trying to integrate an Ubuntu Server 20.04 machine with Active directory, however when I attempt to log in via SSH i receive an "denied by PAM account configuration". paste shows that the pam_sss is actually giving me an authentication success. Kerberos seems to be working as expected as if i do an 'id user@domain' i am returned uid and gid. https://paste.ubuntu.com/p/bnKm2tY4d3/ Any pointers
<ozcrn>  appreciated as I have been googling and playing around with this for a few hours with no success.
<bewees> how do I disable netplan in ubuntu 20.04 server? i tried uninstalling cloud-init and adding netcfg/do_not_use_netplan=true to default/grub, but im not sure that helped.
<bewees> even though i configured a static IP in systemd-networkd it still picks up a dhcpv4 address
<RoyK> bewees: the easies way is to learn to use netplan. the same thing happens every time someone comes up with new ideas, like systemd some years back. personally, I don't like netplan, but then, I generally stick to debian on servers and on desktops, it's usually autoconf anyway
<bewees> RoyK: yeah I used netplan in this case now. I think netplan has some limitations, because it wraps around networking engines it may lack features - that's why i wanted to use systemd-networkd directly
<RoyK> ubuntu is always a bit triggerhappy on new features
<RoyK> which is probably nice for a snappy desktop where a few bugs won't matter, but then, on a server, you generally want something less shiny, but more solid
<ren0v0> Hi, server is giving me this issue on failed update to 20.04, any ideas?
<ren0v0> E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem.
<ren0v0> So, I run the above DPKG command and it gives me this:
<ren0v0> dpkg: error: unable to sync new file '/var/lib/dpkg/status-new': Input/output error
<pymagic>  My machine wont boot - I tried boot-repair - gives me an error.  The boot drive just kicks back the machine into BIOS - X570 mb. any ideas on how to fix/debug this - I am in UEFI mode
<RoyK> pymagic: do you get to grub?
<pymagic> RoyK, Nope. When the machine boots to that device, it just goes back to the BIOS
<pymagic> not even - OS not found or any error
<RoyK> try booting on a live iso, choose rescue
<RoyK> pymagic: what happened before this error? did the machine/install work previously?
<pymagic> RoyK, boot repair gives me this: http://paste.ubuntu.com/p/d6qyFx9mY2/ -- I am trying to boot from nvme0n1p2
<pymagic> RoyK, it was working. I changed GRUB_TIMEOUT=0 to 2, and then ran update-grub. That was the end of it.
<RoyK> sorry, dunno
<littlebit> hi people, I have a question about installing gitea using snap, and I get wierd error logs
<littlebit> modules/task/task.go:51:handle() [E] Run task failed: Migration failed: Clone: exit status 128 - warning: templates not found /usr/share/git-core/templates
<littlebit>         fatal: Unable to find remote helper for 'https'
<littlebit> maybe someone can point me to the right direction
<sarnold> littlebit: check dmesg, are there any DENIED messages that look related?
<littlebit> sarnold: you where right there is a log that relates to gitea: [   33.797340] audit: type=1400 audit(1597097056.808:52): apparmor="DENIED" operation="ptrace" profile="snap.docker.dockerd" pid=1245 comm="ps" requested_mask="read" denied_mask="read" peer="snap.gitea.web"
<sarnold> littlebit: it's hard to know if that's directly related to the problem or not
<sarnold> littlebit: check snap connections --all   or snap connections <snapname>  to see if there are interfaces that need connecting
<sarnold> https://snapcraft.io/docs/interface-management
<littlebit> sarnold: home            gitea:home          :home                            -
<littlebit> sarnold: ^
<sarnold> littlebit: hrm :( I was hoping something would look obviously missing :( I guess try reporting a bug to whoever packged it?
<sarnold> 'ubuntu-bug gitea' may do something
<littlebit> sarnold: the sad thing about it is that there is noone in the snap page to turn to but here. I will report it but first I'll reinstall girtea from source rather than the help of snap
<littlebit> sarnold: thx btw
#ubuntu-server 2020-08-11
<sarnold> pymagic: what are you seeing?
<pymagic> sarnold, boot repair gives me this: http://paste.ubuntu.com/p/d6qyFx9mY2/ -- I am trying to boot from nvme0n1p2
<pymagic> Booting just boots me into bios
<sarnold> bummer :( this probably would have been a few seconds to fix before the reboot but at this point will require booting to rescue media to fix
<amurray> pymagic: I think you need to set the boot order to specify Ubuntu
<pymagic> sarnold, I've rescue media
<pymagic> I booted into kubunt and can mount the drive
<pymagic> I tried boot-repair - no use
<sarnold> pymagic: start with these "physical machine" instructions to get into a rescue environment, chrooted to your install: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass#Physical_machine
<pymagic> I can try those commands
<sarnold> pymagic: yeah, I don't think anyone's taught boot-repair how to fix incorrectly configured debconf settings -- once you're in the rescue environment, chroot'ed to your installation, sudo dpkg-reconfigure grub-efi-amd64
<pymagic> k - trying
<pymagic> booting into kubuntu - will take some time, thanks
<pymagic> sarnold, what will be ROOT_PARTITION value?
<sarnold> pymagic: it'll be the largest partition on your nvme drive; that might be nvme0n1p2 but check gdisk -l /dev/nvme0n1 to double-check
<pymagic> yes, it is that
<pymagic> sarnold, grub-efi-amd64 is not installed
<pymagic> I could do those steps in prepare the chroot
<sarnold> pymagic: are you sure you're inside the chroot? line 12 of your paste:
<sarnold> The default repair of the Boot-Repair utility will reinstall the grub-efi-amd64-signed of
<sarnold> .. so I certainly expected it to be installed :)
<pymagic> The paste I did came out of boot-repair utility - maybe they installed it? uninstalled it?
<pymagic> not sure
<pymagic> All the steps in chroot - went through cleanly for me
<pymagic> last command was mount /boot/efi
<sarnold> try an apt install grub-efi-amd64   perhaps? see what that does?
<pymagic> sarnold, if i do dpkg --list | grep nvidia - I do see driver-440 - which is what was installed on my machine
<pymagic> I also see other packages that I installed that are not on kubuntu
<sarnold> pymagic: aha, good idea
<pymagic> I do have grub-gfxpayload-liss and grub-pc installed
<pymagic> they are going to be removed if i install grub-efi-amd64 - ok
<sarnold> grub-pc? that's for BIOS machines, not EFI machines
<pymagic> I've not clue how it was working so far
<sarnold> me neither
<pymagic> I had selected UEFI in the bios and could boot
<pymagic> it says EFI Variables are not supported on this system.../sys/firmware/efi/efivars not found, aborting
<pymagic> grub-probe : error: cannot find a GRUB drive for /dev/sdc1 - check your device.map
<pymagic> not sure why sdc1 is even a candidate  for grub
<sarnold> curious and curiouser.. try getting another terminal, and check the /sys/firmware/efi/efivars directory from outside the chroot
<pymagic> nothing else
<sarnold> man this is confusing
<sarnold> efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
<sarnold> that's what I've got on mine..
<pymagic> I dont
<pymagic> I have /sys/firmware/ -> acpi dmi and memmap
<pymagic> This is a new Ryzen 3900X X570 machine. AORUS bios
<sarnold> maybe try a mount -tefivars efivars /sys/firmware/efi/efivars/    ... I don't know if the --bind means it's got to be done from outside the chroot, or if it can go from inside the chroot ..
<sarnold> and if that works, then apt install -f  ?
<pymagic> could it be that i booted using "Legacy" instead of UEFI into kubuntu
<pymagic> could that do it?
<sarnold> yeah, that'll cause chaos :)
<pymagic> reboot and try again?
<sarnold> if you *want* to keep the legacy thing, then reinstall that grub-pc! if you want to switch to uefi, then, yeah, reboot, flip the switch..
<pymagic> Let me uefi - rebootin
<pymagic> bios is uefi :( csm support = on, storage boot = uefi , other pci device = uefi
<pymagic> In kubuntu, there is an option in grub which says "UEFI firmware settings" - when i clicked it, it took me to bios...where uefi settings were
<sarnold> pymagic: aha, turn off csm and try again :)
<sarnold> csm == legacy
<pymagic> I thought csm = uefi option?
<sarnold> csm is some cursed thing :)
<pymagic> k - disabling it and trying again
<pymagic> sarnold, Intramfs -unpacking failed - decoding...its trying to boot now
<pymagic> sarnold, but /sys/firmware now has efi :)
<pymagic> sarnold, now it says grub-efi-amd64-signed is already newest version
<pymagic> update-grub?
<pymagic> or perhaps update-grub2? not sure
<pymagic> I reinstalled that package using --reinstall
<pymagic> will try to reboot and see if that wrks
<sarnold> pymagic: so, next up is dpkg-reconfigure grub-efi-amd64  and make sure it thinks to install it in the correct place
<pymagic> ah - k - i'll have to get back into chroot again. I rebooted after i --reinstalled it
<pymagic> its now in a black screen - nothing on there
<pymagic> rebooting into kubuntu
<pymagic> sarnold, the reconfigure is askin me for Linux Command Line
<sarnold> pymagic: whatever it's got is probably fine
<pymagic> I think it had a legacy line or it was empty - it did not show me anything
<sarnold> you pastebin shows empty
<pymagic> leave it empty?
<sarnold> yeah
<pymagic> linux default command line: quiet splash -ok
<pymagic> update nvram variables to automatically boot into debian? !
<pymagic> yes or no
<pymagic> sarnold, ?
<sarnold> pymagic: default sounds good, and yes, if you want to keep booting into ubuntu by default
<pymagic> sarnold, its now asking grub efi partition
<pymagic> and the only option it gives me is /dev/nvme0n1p1 - and not p2?
<pymagic> 536 Mb /boot/efi
<pymagic> say ok and select that - since i dont have a choice?
<sarnold> pymagic: yeah
<sarnold> pymagic: this is the EFI boot partiion, a smallish fat32 filesystem shared by all operating systems and uefi firmware on the system
<pymagic> now - reboot?
<sarnold> pymagic: if you're all done, yeah, give it a shot and lets see how it goes :)
<pymagic> sarnold, back to the bios screen
<pymagic> sarnold, :(
<sarnold> pymagic: oh no :( I had really hoped that dpkg-reconfigure was going to solve it all
<pymagic> sarnold, in my bios it only shows ubuntu 4.0 - 2TB - so it does not show the 512MB partition to boot from
<pymagic> isnt that an issue?
<sarnold> pymagic: that's probably fine
<pymagic> is there a way to chroot and see dmesg perhaps? - I am not even sure if the bios even tried to boot grub - it just hops back into the bios
<sarnold> pymagic: probably not.. try the rescue media again, and try efibootmgr -v -- here's my output https://paste.ubuntu.com/p/7bCc8qqWHr/
<sarnold> pymagic: note that I've got windows listed here even though wiping windows was the first thing I did. the bootorder line describes which entries to try in which order.. and it takes the first 'working' one..
<pymagic> sarnold, Trying
<pymagic> sarnold, with or without chroot?
<sarnold> pymagic: shouldn't matter, this one reads from the firmware settings
<pymagic> thanks - trying to boot into kubuntu
<pymagic> sarnold, http://paste.ubuntu.com/p/2KxWpWY6Ft/
<pymagic> sarnold, not sure how i got ubuntu/grub to work with legacy mode so far - but it did work. The only thing that broke the system was - in some grub setting i changed GRUB_TIMEOUT=2 from 0, and ran update-grub - and that broke the system. Not sure if that helps
<sarnold> pymagic: well, I'm pretty well confused :( the order suggests using 1, 0, 2
<sarnold> pymagic: 1 is labeled "flash drive" but has both "cdrom" and "usb" in the string
<sarnold> pymagic: 0 looks like the thing you want to boot..
<pymagic> when i try 0 it goes back to bios after trying to boot - no grub screen
<sarnold> pymagic: try: efibootmgr -o 0,1,2  ?
<pymagic> k it set that
<pymagic> 0 = ubuntu
<pymagic> the problem is "ubuntu" = 0 - when i set it up from bios - tries to boot - then comes back to bios
<pymagic> I can reboot and try agian
<pymagic> efibootmgr -o 0,1,2 worked fine
<sarnold> pymagic: alright, I'm running very out of ideas, and it's time to run :(
<pymagic> I fired a reboot
<pymagic> Thanks for the help sarnold
<sarnold> pymagic: my last thought -- try getting back in to the rescue chroot, and from there, apt install --reinstall grub-efi-amd64 grub-efi-amd64-bin grub-efi-amd64-signed grub-common
<pymagic> k - will give it a try- thanks
<sarnold> https://paste.ubuntu.com/p/DhYyvj2gQ6/
<sarnold> turns out I've also got a grub2-common package installed. no idea why there's several.
<pymagic> sarnold, 0 = ubuntu - did not boot - same problem
<sarnold> :(
<pymagic> ubuntu 20.04lts?
<sarnold> pymagic: good luck, I hope you can sort this thing out :) I'm cautiously optimistic with the --reinstall approach.. I hope it's not too much trouble ;)
<pymagic> thanks
<pymagic> sarnold, got it :)
<pymagic> Thanks for all the help.
<kre10> hey guys, how are you? Can you please help me with something. By my mistake, I added 2 eth0 address on my ubuntu 64 server(raspberry pi 4). And now I have 2 eth0 addresses which is very confusing.
<sdeziel> kre10: how did you add them?
<kre1073> sdeziel hey there
<kre1073>  sudo dhclient -r
<kre1073> and sudo dhclient
<sdeziel> kre10: a simple trick would probably be to reboot, if you can
<kre10> yep, I rebooted a few times
<sdeziel> kre10: after rebooting, if you don't run those manual dhclient commands, do you still have the extraneous IPs?
<kre10> yes
<sdeziel> could you pastebin the output of 'ip a'
<kedar_apte> kre10: xenial or bionic or focal?
<kre10> focal
<kedar_apte> can you see anything in the netplan?
<kedar_apte> in the folder /etc/netplan/
<kedar_apte> there will be a yaml file
<kre10> just a second
<kedar_apte> are u able to see two interfaces in the file?
<kre10> eth0:
<kedar_apte> only one interface?
<kre10> no, actually
<kre10> yes
<kedar_apte> can you paste bin what u see?
<kre10> Uploaded file: https://uploads.kiwiirc.com/files/e001cd861f42b0206e066e3601058174/pasted.txt
<kedar_apte> what is shown when u type .......... ip r
<kedar_apte> can u screen shot that and imgur it
<kre10> OK
<kre10> https://www.screenpresso.com/=qv43f
<kedar_apte> are you running bridged networks?
<kedar_apte> like for containers?
<kedar_apte> lxc / lxd / docker?
<kre10> yes, I'm using docker
<kedar_apte> are u on the physicall server or ssh into the server?
<kedar_apte> can u exit and ssh again.... on the top you will see the disk usage and network details
<kedar_apte> can u screenshot that
<kre10> ssh
<kre10> ok
<kre10> https://www.screenpresso.com/=NI5Zf
<kedar_apte> how many yaml files are you seeing in /etc/netplan/ ?
<kre10> 1
<kre10> -rw-r--r-- 1 root root 416 Apr  1 20:23 50-cloud-init.yaml
<kedar_apte> have you tried doing this? ....... ip addr flush eth0
<kedar_apte> also try doing this: ip link set dev eth0 down
<kedar_apte> u might loose connection with the server
<kedar_apte> do only if you have the ability to reboot or be on the server console
<kre10> so after this command, I won't be able to login in the Pi?
<kedar_apte> not sure... wait a second.....just finding something usefl
<kre10> ok
<kedar_apte> try this.... sudo ip addr del <ip address you want to remove> /24 dev eth0
<kre10> sudo ip addr del 192.168.0.109 /24 dev eth0
<kre10> ?
<kedar_apte> do not delete the ip adress with which you have ssh'd in the server
<kre10> OK
<kre10> now ?
<kedar_apte> have u run the command?
<kedar_apte> what was the output?
<kre10> no output, still 2 IP's
<kre10> should I reboot the system?
<kedar_apte> I doubt that will help... but no harm trying
<kre10> I doubt too :(
<kedar_apte> no harm in trying
<kre10> ok
<kedar_apte> if it has restaryed.... can u run this and tell me what it is ....... ps aux | grep dhc
<kre10> zzlatev@playstation:~$ ps aux | grep dhc
<kre10> root         243  0.0  0.0      0     0 ?        I<   17:26   0:00 [sdhci]
<kre10> root        1271  0.0  0.0   3172  2376 ?        Ss   17:26   0:00 /usr/sbin/dhcpcd
<kre10> zzlatev     3898  0.0  0.0   7684   660 pts/0    S+   17:31   0:00 grep --color=auto dhc
<kre10> sorry about that
<kre10> kedar_apte still 2 IP's :(
<kedar_apte> systemctl disable dhcpcd.service
<kedar_apte> systemctl stop dhcpcd.service
<kedar_apte> and reboot
<kre10> I think that 2 users are using eth0? because I ran this command with the new user - zzlatev which I created
<kre10> OK
<kedar_apte> wait
<kedar_apte> wait
<kre10> OK
<kedar_apte> both of the ip addresses are dhcp?
<kre10> I think so, yes
<kre10> both are from the router
<kedar_apte> ae both the ips reachable?
<kre10> but I have to say that I have pihole which IP is the second one 192.168.0.109
<kre10> 192.168.0.111 is registred as reserved dhcp client in the router
<kedar_apte> also is the mac ip same for both or it is shwoing different? you can check that mac ip in the router dhcp list
<kre10> ok
<kre10> there's isn't a client with 192.168.0.109
<kedar_apte> have you made any chage to /etc/network/interfaces?
<kre10> nope
<kedar_apte> are all your containers using the same NIC?
<kre10> sorry, NIC?
<kedar_apte> what is the default gateway for all containers?
<kedar_apte> NIC - network card
<kre10> in /etc/network I have 4 folders - if-down.d , if-post-down.d , if pre-up.d, if-up.d
<kedar_apte> is there just one nic card?
<kre10> I have one network card
<kedar_apte> what is the default gateway for all all containers?
<kedar_apte> what ip is being used as default gateway for all containers?>
<kedar_apte> 109 or 111
<kre10> 111
<kedar_apte> and which IP is reserved on the router?
<kre10> but I have access to the docker portainer with both IP's
<kre10> 111 is reserved on the router
<kedar_apte> Honestly...I dont know... I have used up all my KB ð¤ï¸
<kre10> here's all networks in docker
<kre10> https://www.screenpresso.com/=reNlc
<kedar_apte> someone else could help
<kre10> OK, thank you for trying! I appreciate it!
<kedar_apte> sure
<kre10> hm, ifconfig -a shows only one eth0
<RoyK> kre10: just learn to use the ip command and forget about ifconfig
<kre10> Can you help me with it?
<kre10> ip -s -s a f to 192.168.0.109/24
<kre10> should I try this?
<Slashman> hello, is there a way to skip the media integrity check for ubuntu server?
<Slashman> (20.04.1)
<lotuspsychje> Slashman: press the key combo it suggests
<lotuspsychje> ctrl + C it was?
<Slashman> didn't see that on ubuntu server media
<lotuspsychje> didnt test myself on server, but i assume the integrity checks are on all ubuntu 20.04 iso's
<Slashman> lotuspsychje: https://ibb.co/5rX9mkD
<Slashman> nothing I can do
<Slashman> super fun when installing from idrac where any read is from the network and ultra slow on a media that was already verified
<lotuspsychje> Slashman: you need to early press the combo
<lotuspsychje> Slashman: there used to be a bug on that, but it should be resolved by now
<Slashman> lotuspsychje: I should do a video, but there is no time
<Slashman> no message, nothing
<Slashman> I select expert mode, then it immediately goes to check integrity
<lotuspsychje> Ubuntu now defaults to checking the integrity of the medium in use when booting into live sessions. This can be skipped by hitting Ctrl-C, but due to a bug the message that tells you to hit this key is not shown in some flavours
<lotuspsychje> https://bugs.launchpad.net/ubuntu/+source/casper/+bug/1870018
<ubottu> Launchpad bug 1870018 in xubuntu-artwork (Ubuntu Focal) "Option (Ctrl-C) not shown to disable ISO verification" [Undecided,New]
<lotuspsychje> Slashman: wich iso did you use please?
<Slashman> lotuspsychje: http://www.releases.ubuntu.com/20.04/ubuntu-20.04.1-live-server-amd64.iso
<lotuspsychje> ok tnx Slashman lemme poke some ppl
<Slashman> lotuspsychje: thanks
<lotuspsychje> Slashman: did you wait long enough till the test is skipped, it might take some time on older machines/media
<fretegi> howdy guys
<fretegi> quick question, have a running ubuntu server, bought a replacement.. both intel chipsets, dif gen tho.  will the new board in theory boot the old drive?
<fretegi> to the point of being able to SSH in, from there i can obviously do what i need to do
<fretegi> server is running 16.04 if that helps
<RoyK> fretegi: should work unless the chipset is too new for the kernel to support it
<RoyK> fretegi: usually that'll be ethernet or wifi drivers
<RoyK> fretegi: you might want to try a usb live boot with the same distro version on the new motherboard first, just in case
<fretegi> royk, i was hoping for that!  should be good i would think, current server is skylake, new one is haswell, intel nics in both cases
<RoyK> fretegi: or - well - just replace it and if the nics don't get online, make sure you have a console handy
<fretegi> well catch is.... i dont have a vga input monitor ha
<RoyK> heh
<fretegi> exactly lol
<fretegi> so hoping this thing boots my current install as i can ssh in and do what i need
<fretegi> just need a running environment
<RoyK> what sort of boot disk or disks do you have on the old system?
<fretegi> so i have 1 drive that the complete OS and then a raid array of data drives
<fretegi> data already backed up etc.  so gonna build a new array on the new machine
<RoyK> ok, so perhaps put the new mobo on some non-conducting surface (a table cloth?) and connect the bootdisk and let it start up and check for results
<RoyK> should be a quick test
<fretegi> thats a thought, just never tried to boot one OS drive in another machine before
<RoyK> it usually works fine
<fretegi> Ubuntu installs pretty much all kernel modules right? loading whats needed at boot?
<RoyK> it's not like old windoze shite where everything is hardwired to whatever chipset you have
<shibboleth> it has separate module packages, -modules and -modules-extra
<fretegi> so unless u have hardware so new that proper support doesnt exist on  your installed kernel, should be good
<RoyK> fretegi: the kernel will autoload whatever it finds needed according to the pci IDs. Those change sometimes with newer hardware, so it usually works, but not always
<shibboleth> the latter typically don't get installed if you choose a virt/minimal baseline
<fretegi> RoyK, fortunately for me, actually in a sense downgrading haha.  going to older, but yet more capable gear
<RoyK> then it will probably work just fine :)
<fretegi> shibboleth, honestly dont recall, pretty sure i did a standard ubuntu server install
<shibboleth> dpkg -l | grep linux-modules
<fretegi> may even be the same nic chips, checking now and for modules
<fretegi> shibboleth, yup exactly, remoting in now
<RoyK> fretegi: really, if going to an older intel board, I don't see a problem here
<fretegi> shibboleth, yea got both linux-modules && linux-modules-extra should be solid!
<fretegi> RoyK, yea me neither.  Perfect well thanks for confirming im not totally nuts guys
<fretegi> well at least with this anyhow
<shibboleth> also: later kernels (hwe) might enable support for more hw
<fretegi> shibboleth, yea good point
<fretegi> thanks guys, wish me luck, gonna fiddle with it this weekend if not sooner
<RoyK> shibboleth: if it's older hardware, I doubt that'll be a problem
<kre10> hey guys, how are you? Can you please help me with something. By my mistake, I added 2 eth0 address on my ubuntu 64 server(raspberry pi 4). And now I have 2 eth0 addresses which is very confusing.
#ubuntu-server 2020-08-12
<ruben23> hi guys anyone can suggest a good hosting company for baremetal or dedicated server not pricey and can install custom OS.? anyone have idea.?
<Woet> ruben23: https://www.serverhunter.com/
<Aison0> hello, is there a way to mark all dependencies of ubuntu-minimal or ubuntu-standard as automatic installed?
<icey> coreycb: did you have any thoughts on the neutron Breaks/Replaces change, and which other packages we might want to take a similar approach to?
<coreycb> icey: I'll take a look at your changes. I think we only need to do the core packages, dependencies generally are not affected.
<icey> coreycb: so, 'core packages' as: what we do point releases for?
<coreycb> icey: yes those first and basically anything we do snapshots for
<coreycb> icey: most won't be affected I think
<icey> coreycb: I'll start looking through them, and add them to the original bug if they're got relevant bits
<coreycb> icey: +1
<coreycb> icey: neutron looks good, merging with a few minor changes to changelog (remove whitespace, and move LP: # on same line)
<icey> coreycb: heh, vim moved it because of line length :-P
<coreycb> icey: :)
<FastZ> Anyone do-release-upgrade from 18.04.4 LTS to 20.04.1 LTS yet? Still not available for me.
<lotuspsychje> FastZ: upgrade path still not open
<FastZ> roger that
<smoser> falcojr: fwiw do-release-upgrade -d
 * smoser did that yesterday on a system.
<Aison> has anybody an idea why ISC-DHCP tries to access LDAP? audit: type=1400 audit(1597263011.458:21807): apparmor="DENIED" operation="connect" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/dhcpd" name="run/slapd-inetserv.socket" pid=764426 comm="isc-worker0000" requested_mask="wr" denied_mask="wr" fsuid=110 ouid=0
<scott1> I'm looking to use ubuntu as a desktop however I want to have a bare minimum install because I have means to provision it myself. It seems like the server edition might be what I'm looking for but I'm not sure
<scott1> It also seemed like perhaps the minimalcd would be appropriate but perhaps not. Also seemed like it might be deprecated
<littlebit> hi people, I have installed gitea on ubuntu-server and wanted to start the service, yet it stops. looking at 'journalctl -u gitea' I get the following: https://dpaste.org/zhob
<littlebit> what is meant with 'Failed to determine group credentials'
<RoyK> scott1: iirc you can just "apt install ubuntu-desktop" and wait while it does its things and then perhaps give it a reboot
<littlebit> hi people, I have installed gitea on ubuntu-server and wanted to start the service, yet it stops. looking at 'journalctl -u gitea' I get the following: https://dpaste.org/zhob
<geosmile> is timescaledb good for storing/querying logs?
#ubuntu-server 2020-08-13
<kre10> hey guys, how are you  Can you please help me with something? I'm searching for TVHeadend for ubuntu focal(raspberry 4, ubuntu 64).
<lotuspsychje> !info kodi-pvr-hts | kre10 this ?
<ubottu> kre10 this ?: kodi-pvr-hts (source: kodi-pvr-hts): Kodi PVR Addon TvHeadend Hts. In component universe, is extra. Version 4.4.20-1 (focal), package size 198 kB, installed size 955 kB
<kre10> hey lotuspsychje :)  no, it's the server
<lotuspsychje> kre10: there's a #hts channel if you like
<kre10> yeah, I know, but they never asnwer it. I'm not complaing..just saying
<kre10> thank you anyway lotuspsychje
<kre10> :)
<lotuspsychje> kre10: we can only support for the official ubuntu repos/packages so you might wanna contact the maintainer
<lotuspsychje> kre10: unless you use snap on your server, there seems to be also a snap
<lotuspsychje> tvheadend  4.2.8    diddledan  -      TV streaming server supporting DVB, ATSC, IPTV, and SAT>IP
<kre10> so there's tvheadend in snap?
<kre10> lotuspsychje where snap will install the tvheadend server? in which directory?
<lotuspsychje> kre10: /snap
<kre10> ok
<CuChulaind> Hello. I have a fresh install of Server 20.04.1, Upon initial boot after the install it hangs at Reached target Cloud-init target. This is for an old HP Proliant  ml350 G6
<Aison0> how do I allow this operation: apparmor="DENIED" operation="connect" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/dhcpd" name="run/slapd-inetserv.socket" pid=1108701 comm="isc-worker0000" requested_mask="wr" denied_mask="wr" fsuid=110 ouid=0
<Aison0> in apparmor.d
<sdeziel> Aison0: you should be able to put a rule in /etc/apparmor.d/local.usr.sbin.dhcpd
<sdeziel> err, that would be in /etc/apparmor.d/local/usr.sbin.dhcpd
<sdeziel> but the "disconnected path" might require you also add "flags=(attach_disconnected)" to the main profile file (/etc/apparmor.d/usr.sbin.dhcpd)
<sdeziel> Aison0: you brought that issue up some time ago if I'm not mistaken. If you have a way to reproduce this problem, it would be bug-worthy IMHO.
<Aison0> sdeziel, thx, i'm working on it
<Aison0> sdeziel, still no idea what's causing the problem
<sdeziel> Aison0: wild guess: do you have some dynamic DNS registration hook?
<Aison0> sdeziel, yes
<sdeziel> Aison0: what's your /etc/nsswitch.conf like again?
<Aison0> https://paste.ubuntu.com/p/Wn92Fs2QHx/
<sdeziel> Aison0: I'm not too familiar with dynamic DNS registration but can you share the config (minus the TSIG key ;) )
<sdeziel> Aison0: I'm suspecting that when dhcpd assigns a lease, it wants to then register the hostname to the dynamic zone and for some reason, it does a host lookup (DNS A/AAAA) which causes it to hit LDAP for hostname resolution
<sdeziel> I'm hoping to find a DNS name in your dhcpd dynamic DNS hook ;)
<Aison0> that's the zone/subnet: https://paste.ubuntu.com/p/rPhqyBGjcg/
<Aison0> that's the main config: https://paste.ubuntu.com/p/B7kB9qrr2T/
<Aison0> why should there be an ldap lookup for the hostname? because of hosts:          files dns ldap?
<sdeziel> Aison0: I think those resolution are due to "get-lease-hostnames"
<Aison> hmm
<sarnold> Aison: Thu 13 19:26:09 < sdeziel> Aison0: I think those resolution are due to "get-lease-hostnames"
<sdeziel> Aison: if I understand "get-lease-hostnames" description properly, it would imply that dhcpd does a A lookups for each address in the lease pool
<sdeziel> I'm not clear as to when that/those lookup(s) happen though. Right before the assignment would make sense but I don't know for sure. strace'ing that worker would probably tell you what it is trying to do
<Aison> sdeziel, yes, I think strace would be a good option
<sdeziel> Aison: I'm about to go offline but if you do open a LP bug, please subscribe me (same username as here)
<Aison> sdeziel, ok, thx for help :)
<sdeziel> np
#ubuntu-server 2020-08-14
<zyga-mbp> hello, I'm having issues resolving archive URLs in Ubuntu 20.10 in GCE
<zyga-mbp> http://us-east1.gce.archive.ubuntu.com/ubuntu groovy/main amd64 libthai-data returns temporary DNS failures
<zyga-mbp> it started earlier today
<zyga-mbp> but dose not affect 20.04 or other releases
<Aison`> my postfix server always hangs for a few second when acception an mail on the submission port.
<Aison`> https://paste.ubuntu.com/p/NCvrmHwkJj/
<Aison`> it looks like there is some kind of dns lookup and the answer times out
<Aison`> the strange thing is, that nslookup <foobar> 127.0.0.53 is very fast
<sdeziel> Aison': could you share the (main.cf and master.cf) sections of config for that submission instance?
<Aison`> main.cf: https://paste.ubuntu.com/p/cVNMNKQq8S/
<Aison`> master.cf: https://paste.ubuntu.com/p/xwT2ZfnSwV/
<Aison`> sadly there is quite some virtual stuff
<Aison`> but this "TIMEOUT" is very new, I suddenly started a few days ago
<Aison`> the mailserver works now several years
<Aison`> maybe it is somehow related to systemd-resolved?
<ahasenack> I'd suspect an ipv6 dns resolution
<ahasenack> I see the same with sudo on many ubuntu boxes
<ahasenack> https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1765477
<ubottu> Launchpad bug 1765477 in systemd (Ubuntu) "5s delay in AAAA dns resolving; artful and earlier is quick" [Undecided,Confirmed]
<ahasenack> I started seeing it in bionic
<sdeziel> Aison`: the reject_unknown_sender_domain and reject_unknown_recipient_domain can be responsible for those DNS resolutions
<sdeziel> Aison`: I'd advise to switch the reject_non_fqdn_sender and reject_unknown_sender_domain in  mua_sender_restrictions. The reason being that reject_non_fqdn doesn't require a DNS resolution
<Aison`> sdeziel, ok, going to try that later ;) but anyway, it is quite strange that it fails
<Aison`> I mean the dns resolution timeout
<Aison`> ahasenack, I guess here its since upgrade to focal
<sdeziel> Aison': I never ran into this as we run our mail server with a local unbound, worked well for us
<tomreyn> zyga-mbp: 20.10 is unreleased, there's channel #ubuntu+1 for it. someone reported problems with systemd after a recent update there yesterday, *maybe* this is related (resolver not working due to bad service management?)
<zyga-mbp> it is
<zyga-mbp> systemd-networkd goes down during the upgrade to 246
<zyga-mbp> a systemctl reset-failed + restart fixes everything
<zyga-mbp> just unfortunate, there are also bugs in systemd-logind upgrade
<tomreyn> :-/ still seems like a topic for +1 rather
<zyga-mbp> is +1 a channel?
<zyga-mbp> ubuntu+1?
<tomreyn> "there's channel #ubuntu+1 for it"
<zyga-mbp> ha
<tomreyn> so yes
<zyga-mbp> joining
#ubuntu-server 2020-08-15
<locknet> Hi guys!, is there any chance that a cifs mount makes hang a Windows Server?
<locknet> i mount 5 shared folders (36GB total) in a debian system to backup the data, today the server (Windows Server 2012) gets frezzed (after almost a complete day to be mounted)
<locknet> frozen*
<samba35> how to i clam unclaimed devices (why usb and display are showing uncalaim ?)
<tomreyn> yes
<samba35> -communication:0 UNCLAIME also
<samba35> how to fix  ?
<samba35> after google it say device drivers but i am confued
<samba35> confused
<tomreyn> you're also not going to length to provide needed info, as always :-/
<tomreyn> what's the command you're running, the command that created this output? what's the full output, on a pastebin? what's not working as expected? are there any error messages? which ubuntu release are you running?
<samba35> ok
<samba35> Linux version 4.15.0-108-generic (buildd@lcy01-amd64-013) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #109-Ubuntu SMP Fri Jun 19 11:33:10 UTC 2020
<samba35> DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"
<samba35> tomreyn, what will be best command to get full idea of this kind of error
<samba35> i run lshw but it does not show any erros
<tomreyn> samba35: what's the error you're encountering?
<samba35> i am not able to get sound ,not proper display ,some usb devices not working
<tomreyn> did this start recently, or has it always been this way?
<samba35> recently
<tomreyn> so you've been running ubuntu 18.04 on this system for a while already?
<samba35> i hold kernel .109 and unhold it after weeks .but after that i work 1/2 days but after that problem started
<samba35> and now i update and upgrade
<tomreyn> why did you set the kernel image to be held?
<samba35> apt-mark unhold and apt-make showhold dont show any package still i am not able to update to kernel  4.15.0-109
<samba35> there was some problem long time back
<tomreyn> the #109 kernel image is from june 19, that's not a long time ago.
<tomreyn> was "some problem" about sound, about display, or about usb devices not working?
<samba35> may be problem start that time and then i hold and now unhold
<samba35> sound card show dummy output
<samba35>  after reinstall new kernel grub not able to get new kernel
<tomreyn> rmadison linux-image-generic
<tomreyn> ^ ignore this
<samba35> should i install this package?
<tomreyn> you should install all the pending updates, ensure you undo the changes which caused your kernel to be held at an old version, then reboot
<samba35> ok
<samba35> btw with 18.04.5 what is current version of kernel ?
<tomreyn> ubuntu server will prompt you as to whether you want the vanilla kernel you have, or the !LTSE kernel.
<samba35> ok i will get back to u later ,will update system
<samba35> Thanks
<tomreyn> always do this first of all, when you run into errors or unexpected behaviour.
<samba35> always do what ? please
<tomreyn> always install any pending updates first of all
<tomreyn> !uptodate
<ubottu> To ensure you have all the latest known patches and security updates for your ubuntu installation, please update with the following command: `sudo apt update && sudo apt upgrade`. See also !upgrades and !security; you may also need to run `apt full-upgrade`.
<samba35> ok
<samba35> Thanks
<samba35> bye for now
<kre10> hey guys, can you help me to install tvheadend on ubuntu 20.X(focal)(raspberry 4)?
<tomreyn> !crosspost | kre10
<ubottu> kre10: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.
<kre10> So sorry!
#ubuntu-server 2020-08-16
<geosmile> anyone here using grafana?
<geosmile> 1.19.1-1~bionic -> with-http_geoip_module - how do i get this on ubuntu nginx installs?
<ggmatth> geosmile: I think the http_geo_module is already installed, check the output of nginx -V and check if --with-http_geoip_module= is included as an option
<ggmatth> then you're ready to go
<FaTaL_G> sometimes when my ubuntu box starts up, the bridge does not come up correctly, and I have isc-dhcp-server bound to br0. When this happens, dhcp fails to start. Can I delay it, or make it depend on br0, or even make it come up even if br0 doesn't?
<RoyK> FaTaL_G: I'd try to find out why the bridge doesn't come up correctly first
<FaTaL_G> RoyK, it says my gateway is incorrect but thats not true
<FaTaL_G> I dont have to change anything, I just ifdown -a ifup -a, and it works fine.
<FaTaL_G> reading numerous posts from others online for years, Im not the only one with this issue. People have been hacking interfaces, load init scripts, etc... for a damned long time. even in 18.04 and 20.04
<FaTaL_G> I recently put bridgewait to 30 to see what happens/
<RoyK> it might be something specific to ubuntu, then, not sure. I don't use ubuntu on servers anymore. But - a friend of mine does and I helped him setup his 18.04 with a bridge like this http://paste.ubuntu.com/p/6jrsq95NJm/
<RoyK> no hacks, just simple interfaces
<FaTaL_G> agree
<FaTaL_G> the only thing I see you did that I once did and undid based on some advices I read, was that I **do not** iface the adapters ahead of time. bridge_utils says not to.
<RoyK> it's been some years since I pieced together this config and it's worked for a long time, so really, I don't care
<FaTaL_G> :)
<RoyK> at least two friends of mine have the same running on ubuntu and debian
<RoyK> so I won't "fix" it
<FaTaL_G> I was not suggesting you should
<FaTaL_G> I wass just noting the only difference we have.
<RoyK> then at least we agree :)
<FaTaL_G> Imean, I dont use x.y.z for ips, and my adapters are like 6 to your 1 (well 2).... but thats obvious
<RoyK> x.y.z are just replacement for those octets
<FaTaL_G> The fact that it is functional sometimes and not others, seems to agree with the thoughts numerous people have posted about race conditions
<FaTaL_G> I know
<RoyK> can you pastebin your config?
<FaTaL_G> and ifup and down being enought to make it work is even more ironic
<FaTaL_G> sure
<FaTaL_G> https://paste.ubuntu.com/p/JwV4yChptx/
<FaTaL_G> eno1 is the internet facing. wireless is finicky and not being used right now.
<RoyK> try to up the interfaces before using them as bridge ports, like I do
<RoyK> btw, how are you planning to use four interfaces for a single bridge?
<FaTaL_G> RoyK, not sure what your question is - it works perfectly
<FaTaL_G> The answer would be, just as you see it there now
<FaTaL_G> With wireless, I actually use 6, I use 5 without wireless
<FaTaL_G> The machine is the router on the network. So these adapters jobs are to be a bridge, and allow dhcp and packet routing through them
<FaTaL_G> Im hoping the bridge_maxwait will make a difference. Mine may have issues because I have to wait for so much hardware. And I didn't see a default bridgewait time on the bridgeutils page. So apparently that means it doesn't wait.
<RoyK> FaTaL_G: I'd use nic bonding/teaming for that, given the switch supports it
<RoyK> FaTaL_G: is the idea to add redundancy or just bandwidth?
<FaTaL_G> neither
<FaTaL_G> Do you have a home router?
<RoyK> obviously, but it's a pile of shite
<FaTaL_G> well, mine is this box
<FaTaL_G> so each ethernet port is a port serving data to (for example) 6 machines
<RoyK> how is this wired?
<FaTaL_G> each ethernet port is part of the same network, but each port does not require an ip
<FaTaL_G> I explained above
<RoyK> do you monitor the traffic over each of the NICs?
<FaTaL_G> eno1 is the internet facing port. The other ports, all on br0, are serving firewalled internet to the rest of the houses switches, routers, tv's, desktops, etc
<RoyK> sure, but do you monitor nic traffic?
<RoyK> because I somewhat doubt that arp will be able to handle four MAC addresses and balance the load across them
<FaTaL_G> I explained that this works
<RoyK> well, do you monitor the NIC traffic?
<FaTaL_G> sure.
<RoyK> how?
<FaTaL_G> I've been using numerous methods and experimenting with the tools available. I recently removed pf_ring (and nbox etc) since the license expired, before paying for it again Im going to use the free version.
<RoyK> munin is simple and free if you just want basic monitoring and somewhat nice graphs
<FaTaL_G> I'll check that out
<FaTaL_G> there are soooooo many
<RoyK> I know
<FaTaL_G> and there is no simple pfsense for ubuntu ;)
<RoyK> I stick to zabbix, but it takes a while to getting to know it. munin installation is a mere apt install away
<FaTaL_G> I was annoyed at the discontinuity between pf_ring and nbox/ntop builds, updating nightly, and pf_ring was tainting the kernel. Figured I'd clear that our and add again with something differnt
<FaTaL_G> I have FIOS. It would be neat if I could bond/team to the fiber... 10GbE anyone?
<FaTaL_G> I've had 984/984 but with adding and removing monitoring and doing tweaks, I've seen it go all over the place
<RoyK> as expected, that's only one link
<FaTaL_G> but significantly better than the home soho, r7000 r8000 r8500 etc
<FaTaL_G> 1998 cell phone processor, or intel i5?
<RoyK> lack o LACP?
<RoyK> you don't get bonding for "free" - you need to configure it
<FaTaL_G> havent heard of it/ what is it?
<FaTaL_G> well Im not doing bonding on anything
<FaTaL_G> the bridge isnt there to do bonding
<RoyK> https://en.wikipedia.org/wiki/Link_aggregation#Link_Aggregation_Control_Protocol
<FaTaL_G> and the fios only has one ehternet port
<RoyK> Please try to understand here. The ethernet traffic is sent to the MAC address of whatever's in the ARP cache and one IP can only have one MAC address.
<FaTaL_G> I don't see any reason to bond anything in my setup
<FaTaL_G> I think I do understand.
<RoyK> so read up a bit, because I can't walk you through the theory here. Briefly, what you do is setup bond0 or whatever you call it and allow that to bond two or more ethernet interfaces and then configure the bridge to use the bond. The switch must support the type of bonding used, and one of the most used modes is LACP
<FaTaL_G> I literally have nothing to bond
<FaTaL_G> there is nothing in my network that i can put two cables on to bond them and get more bandwidth or throughput
<FaTaL_G> well, I could, but theres no reason to. The network cards you see on the br0, are all serving different machines.
<RoyK> linux supports LACP. A lot of switches do as well. What sort of switch?
<FaTaL_G> spoke and hub
<FaTaL_G> theres no neet to bond anything
<RoyK> oh well - good luck
<FaTaL_G> I don't know what I'm failing to explain, but I know what bonding is, however I don't see any purpose in establishing a bond from any port to another port, when the ports on the machine we are talking about are serving traffic each over one port to some OTHER device.  I do not have two ethernet ports on this box going to two ethernet ports on another box
<RoyK> well, you're on your own, then
<FaTaL_G> RoyK, have you a thought on what db to use with zabbix? I have been curious about it for some time and might want to learn it.
<RoyK> just start by installing it in a vm or something and add somehosts. I first found the config a bit hard to grasp, but it sticks after a while
<FaTaL_G> you didn't suggest a db, and I can use many. You seems to be performance minded from the discussion above, do you have a preference?
<RoyK> I use postgresql for everything, really, unless there's a specific need to use something else (as in with wordpress or similar stuff where a lot is hardcoded to mysql/mariadb syntax)
<RoyK> or ezpublish, where one of the core developers at least can spell postgresql without a major headache, but apart from that, everything is designed to match up with mariadb
<FaTaL_G> thanks
<RoyK> This is obviously subjective, but based on my knowledge and experience. Other people will probably disagree, but then, that's how it is to be a nerd ;)
<FaTaL_G> RoyK, finding a montioring solution that is pleasant to use, and look at the data, that has easy to use controls/filters, and graphs, while not crushing a systems resources is a challenge, finding it for a price that a home user can swallow is another battle in itself, and of course, finding a db that is fast and trustworthy can be the same challenge, I get it.
